From 420305068e966703b3a56139c79b0107a60295e8 Mon Sep 17 00:00:00 2001 From: Dinesh Prasanth M K Date: Thu, 5 Mar 2020 21:07:23 +0530 Subject: [PATCH] Rebased to match upstream PKI 10.8.3 Match upstream released version PKI 10.8.3 Signed-off-by: Dinesh Prasanth M K --- .gitignore | 1 + ...irection-for-KRA-and-OCSP-web-UI-241.patch | 42 -- dogtag-pki.spec | 540 +++++------------- sources | 2 +- 4 files changed, 158 insertions(+), 427 deletions(-) delete mode 100644 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch diff --git a/.gitignore b/.gitignore index 582db53..3f0c868 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /pki-10.6.9.tar.gz /pki-10.7.0.tar.gz /pki-10.7.3.tar.gz +/pki-10.8.3.tar.gz diff --git a/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch b/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch deleted file mode 100644 index ef430f0..0000000 --- a/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d57b32e2b4e0f7aa43f8f38e7ce539da6e0e93d7 Mon Sep 17 00:00:00 2001 -From: Dinesh Prasanth M K -Date: Wed, 14 Aug 2019 17:36:38 -0400 -Subject: [PATCH] Fix URL redirection for KRA and OCSP web UI (#241) - -Fixes changes introduced via commit: 2210c2a - -Signed-off-by: Dinesh Prasanth M K ---- - base/kra/shared/webapps/kra/services.template | 2 +- - base/ocsp/shared/webapps/ocsp/services.template | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/base/kra/shared/webapps/kra/services.template b/base/kra/shared/webapps/kra/services.template -index 941fb5277..930b41345 100644 ---- a/base/kra/shared/webapps/kra/services.template -+++ b/base/kra/shared/webapps/kra/services.template -@@ -106,7 +106,7 @@ Certificate System DRM Services Page - - - --
  • SSL End Users Services -+
  • Agent Services - - - -diff --git a/base/ocsp/shared/webapps/ocsp/services.template b/base/ocsp/shared/webapps/ocsp/services.template -index c1c2839bb..5cc662845 100644 ---- a/base/ocsp/shared/webapps/ocsp/services.template -+++ b/base/ocsp/shared/webapps/ocsp/services.template -@@ -106,7 +106,7 @@ Certificate System OCSP Services Page - - - --
  • SSL End Users Services -+
  • Agent Services - - - --- -2.21.0 - diff --git a/dogtag-pki.spec b/dogtag-pki.spec index 2ccb582..8146f0e 100644 --- a/dogtag-pki.spec +++ b/dogtag-pki.spec @@ -7,9 +7,9 @@ URL: http://www.dogtagpki.org/ # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -Version: 10.7.3 -Release: 4%{?_timestamp}%{?_commit_id}%{?dist} -# global _phase -a1 +Version: 10.8.3 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} +# global _phase -a1 # To create a tarball from a version tag: # $ git archive \ @@ -26,47 +26,20 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch -Patch1: 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch - ################################################################################ # NSS ################################################################################ -%if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 27 -%global nss_default_db_type dbm -%else %global nss_default_db_type sql -%endif ################################################################################ # Python ################################################################################ -# Python 2 packages -%if 0%{!?with_python2:1} -%if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 28 -%global with_python2 1 +%if 0%{?rhel} +%global python_executable /usr/libexec/platform-python %else -# no python2 -%endif -%endif - -# Python 3 packages -%if 0%{!?with_python3:1} -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no python3 -%else -%global with_python3 1 -%endif -%endif - -# Use Python 3 for all commands? -%if 0%{!?with_python3_default:1} -%if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 27 -%global with_python3_default 0 -%else -%global with_python3_default 1 -%endif +%global python_executable /usr/bin/python3 %endif ################################################################################ @@ -79,13 +52,8 @@ Patch1: 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch # RESTEasy ################################################################################ -%if 0%{?rhel} && 0%{?rhel} <= 7 -%define jaxrs_api_jar /usr/share/java/resteasy-base/jaxrs-api.jar -%define resteasy_lib /usr/share/java/resteasy-base -%else %define jaxrs_api_jar /usr/share/java/jboss-jaxrs-2.0-api.jar %define resteasy_lib /usr/share/java/resteasy -%endif ################################################################################ # PKI @@ -113,7 +81,7 @@ Patch1: 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch %define package_option() %bcond_with %1 %else %define package_option() %bcond_without %1 -%endif # with pkgs +%endif # Define --with or --without options depending on # package selection method. @@ -136,14 +104,17 @@ Patch1: 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch %if ! %{with debug} %define debug_package %{nil} -%endif # with debug +%endif # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app %define _unpackaged_files_terminate_build 0 -# pkiuser and group. The uid and gid are preallocated -# see /usr/share/doc/setup/uidgid +# The PKI UID and GID are preallocated, see: +# https://bugzilla.redhat.com/show_bug.cgi?id=476316 +# https://bugzilla.redhat.com/show_bug.cgi?id=476782 +# https://pagure.io/setup/blob/master/f/uidgid +# /usr/share/doc/setup/uidgid %define pki_username pkiuser %define pki_uid 17 %define pki_groupname pkiuser @@ -191,11 +162,7 @@ BuildRequires: apache-commons-lang BuildRequires: jakarta-commons-httpclient BuildRequires: glassfish-jaxb-api BuildRequires: slf4j -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no slf4j-jdk14 -%else BuildRequires: slf4j-jdk14 -%endif BuildRequires: nspr-devel BuildRequires: nss-devel >= 3.36.1 @@ -203,33 +170,15 @@ BuildRequires: openldap-devel BuildRequires: pkgconfig BuildRequires: policycoreutils -%if 0%{?rhel} && 0%{?rhel} <= 7 -BuildRequires: python-lxml -BuildRequires: python-sphinx -%else -%if 0%{?fedora} && 0%{?fedora} <= 28 -BuildRequires: python2-lxml -BuildRequires: python2-sphinx -%else BuildRequires: python3-lxml BuildRequires: python3-sphinx -%endif -%endif BuildRequires: velocity BuildRequires: xalan-j2 BuildRequires: xerces-j2 -%if 0%{?rhel} && 0%{?rhel} <= 7 -# 'resteasy-base' is a subset of the complete set of -# 'resteasy' packages and consists of what is needed to -# support the PKI Restful interface on certain RHEL platforms -BuildRequires: resteasy-base-atom-provider >= 3.0.6-1 -BuildRequires: resteasy-base-client >= 3.0.6-1 -BuildRequires: resteasy-base-jaxb-provider >= 3.0.6-1 -BuildRequires: resteasy-base-jaxrs >= 3.0.6-1 -BuildRequires: resteasy-base-jaxrs-api >= 3.0.6-1 -BuildRequires: resteasy-base-jackson-provider >= 3.0.6-1 +%if 0%{?rhel} +BuildRequires: resteasy >= 3.0.26 %else BuildRequires: jboss-annotations-1.2-api BuildRequires: jboss-jaxrs-2.0-api @@ -241,62 +190,38 @@ BuildRequires: resteasy-core >= 3.0.17-1 BuildRequires: resteasy-jackson2-provider >= 3.0.17-1 %endif -%if 0%{?with_python2} -BuildRequires: python2 -BuildRequires: python2-devel -BuildRequires: python2-cryptography -%if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 27 -BuildRequires: python-nss -BuildRequires: python-requests >= 2.6.0 -BuildRequires: python-six -BuildRequires: libselinux-python -BuildRequires: policycoreutils-python -BuildRequires: python-ldap +%if 0%{?rhel} +# no pylint %else -BuildRequires: python2-nss -BuildRequires: python2-requests >= 2.6.0 -BuildRequires: python2-six -BuildRequires: python2-libselinux -BuildRequires: python2-policycoreutils -BuildRequires: python2-ldap +BuildRequires: python3-pylint +BuildRequires: python3-flake8 >= 2.5.4 +BuildRequires: python3-pyflakes >= 1.2.3 %endif -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no policycoreutils-python-utils -%else -BuildRequires: policycoreutils-python-utils -%endif -%endif # with_python2 -%if 0%{?with_python3} -BuildRequires: python3 +BuildRequires: python3 >= 3.5 BuildRequires: python3-devel BuildRequires: python3-cryptography BuildRequires: python3-lxml -%if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 27 -BuildRequires: python3-pyldap -# no python3-libselinux -%else BuildRequires: python3-ldap BuildRequires: python3-libselinux -%endif BuildRequires: python3-nss BuildRequires: python3-requests >= 2.6.0 BuildRequires: python3-six -%endif # with_python3 + +%if 0%{?rhel} +# no python3-pytest-runner +%else +BuildRequires: python3-pytest-runner +%endif BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 -%if 0%{?rhel} && 0%{?rhel} <= 7 -BuildRequires: jss >= 4.4.0-11 -BuildRequires: tomcatjss >= 7.2.1-4 -%else BuildRequires: jss >= 4.6.0 BuildRequires: tomcatjss >= 7.4.1 -%endif BuildRequires: systemd-units -%if 0%{?rhel} && 0%{?rhel} <= 7 -BuildRequires: tomcat >= 7.0.69 +%if 0%{?rhel} +BuildRequires: pki-servlet-engine %else BuildRequires: tomcat >= 1:9.0.7 %endif @@ -319,6 +244,13 @@ BuildRequires: go-md2man BuildRequires: golang-github-cpuguy83-md2man %endif +# pki-healthcheck depends on the following library +%if 0%{?rhel} +BuildRequires: ipa-healthcheck-core +%else +BuildRequires: freeipa-healthcheck-core +%endif + # PKICertImport depends on certutil and openssl BuildRequires: nss-tools BuildRequires: openssl @@ -356,12 +288,6 @@ Requires: %{brand}-pki-console-theme >= %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages -Requires: pki-base-java = %{version} -%if 0%{?with_python3} -Requires: pki-base-python3 = %{version} -%endif -Requires: pki-tools = %{version} -Requires: pki-server = %{version} Requires: pki-ca = %{version} Requires: pki-kra = %{version} Requires: pki-ocsp = %{version} @@ -375,11 +301,7 @@ Requires: pki-javadoc = %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI clients -%if 0%{?rhel} && 0%{?rhel} <= 7 -Requires: esc >= 1.1.0 -%else Requires: esc >= 1.1.1 -%endif # description for top-level package (unless there is a separate meta package) %if "%{name}" == "%{brand}-pki" @@ -399,7 +321,8 @@ PKI consists of the following components: * Token Key Service (TKS) * Token Processing Service (TPS) -%endif # with meta +# with meta +%endif %if %{with base} ################################################################################ @@ -410,11 +333,7 @@ Summary: PKI Symmetric Key Package Requires: java-1.8.0-openjdk-headless Requires: jpackage-utils >= 0:1.7.5-10 -%if 0%{?rhel} && 0%{?rhel} <= 7 -Requires: jss >= 4.4.0-11 -%else Requires: jss >= 4.6.0 -%endif Requires: nss >= 3.38.0 # Ensure we end up with a useful installation @@ -435,13 +354,9 @@ Summary: PKI Base Package BuildArch: noarch Requires: nss >= 3.36.1 -%if 0%{?with_python3_default} + Requires: python3-pki = %{version} Requires(post): python3-pki = %{version} -%else -Requires: python2-pki = %{version} -Requires(post): python2-pki = %{version} -%endif # with_python3_default # Ensure we end up with a useful installation Conflicts: pki-symkey < %{version} @@ -453,38 +368,6 @@ Conflicts: pki-console-theme < %{version} The PKI Base Package contains the common and client libraries and utilities written in Python. -%if 0%{?with_python2} -################################################################################ -%package -n python2-pki -################################################################################ - -Summary: PKI Python 2 Package -BuildArch: noarch - -Obsoletes: pki-base-python2 < %{version} -Provides: pki-base-python2 = %{version} -%if 0%{?fedora} -%{?python_provide:%python_provide python2-pki} -%endif - -Requires: pki-base = %{version} -Requires: python2-cryptography -%if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 27 -Requires: python-nss -Requires: python-requests >= 2.6.0 -Requires: python-six -%else -Requires: python2-nss -Requires: python2-requests >= 2.6.0 -Requires: python2-six -%endif - -%description -n python2-pki -This package contains PKI client library for Python 2. - -%endif # with_python2 - -%if 0%{?with_python3} ################################################################################ %package -n python3-pki ################################################################################ @@ -499,6 +382,7 @@ Provides: pki-base-python3 = %{version} %endif Requires: pki-base = %{version} +Requires: python3 >= 3.5 Requires: python3-cryptography Requires: python3-lxml Requires: python3-nss @@ -508,8 +392,6 @@ Requires: python3-six %description -n python3-pki This package contains PKI client library for Python 3. -%endif # with_python3 for python3-pki - ################################################################################ %package -n pki-base-java ################################################################################ @@ -526,30 +408,14 @@ Requires: apache-commons-logging Requires: jakarta-commons-httpclient Requires: glassfish-jaxb-api Requires: slf4j -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no slf4j-jdk14 -%else Requires: slf4j-jdk14 -%endif Requires: jpackage-utils >= 0:1.7.5-10 -%if 0%{?rhel} && 0%{?rhel} <= 7 -Requires: jss >= 4.4.0-11 -%else Requires: jss >= 4.6.0 -%endif Requires: ldapjdk >= 4.21.0 Requires: pki-base = %{version} -%if 0%{?rhel} && 0%{?rhel} <= 7 -# 'resteasy-base' is a subset of the complete set of -# 'resteasy' packages and consists of what is needed to -# support the PKI Restful interface on certain RHEL platforms -Requires: resteasy-base-atom-provider >= 3.0.6-1 -Requires: resteasy-base-client >= 3.0.6-1 -Requires: resteasy-base-jaxb-provider >= 3.0.6-1 -Requires: resteasy-base-jaxrs >= 3.0.6-1 -Requires: resteasy-base-jaxrs-api >= 3.0.6-1 -Requires: resteasy-base-jackson-provider >= 3.0.6-1 +%if 0%{?rhel} +Requires: resteasy >= 3.0.26 %else Requires: resteasy-atom-provider >= 3.0.17-1 Requires: resteasy-client >= 3.0.17-1 @@ -576,6 +442,7 @@ Summary: PKI Tools Package Requires: openldap-clients Requires: nss-tools >= 3.36.1 Requires: pki-base-java = %{version} +Requires: p11-kit-trust # PKICertImport depends on certutil and openssl Requires: nss-tools @@ -585,7 +452,8 @@ Requires: openssl This package contains PKI executables that can be used to help make Certificate System into a more complete and robust PKI solution. -%endif # with base +# with base +%endif %if %{with server} ################################################################################ @@ -601,74 +469,47 @@ Requires: net-tools Requires: policycoreutils Requires: procps-ng Requires: openldap-clients -%if 0%{?rhel} && 0%{?rhel} <= 7 -Requires: openssl >= 1.0.2k-11 -%else Requires: openssl -%endif Requires: pki-symkey = %{version} Requires: pki-tools = %{version} Requires: keyutils -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no policycoreutils-python-utils -%else Requires: policycoreutils-python-utils -%endif -%if 0%{?with_python3_default} -%if 0%{?fedora} && 0%{?fedora} <= 27 -Requires: python3-pyldap -%else Requires: python3-ldap -%endif Requires: python3-lxml Requires: python3-libselinux Requires: python3-policycoreutils -%else -%if 0%{?rhel} && 0%{?rhel} <= 7 || 0%{?fedora} && 0%{?fedora} <= 27 -Requires: python-ldap -Requires: python-lxml -Requires: libselinux-python -Requires: policycoreutils-python -%else -Requires: python2-ldap -Requires: python2-lxml -Requires: python2-libselinux -Requires: python2-policycoreutils -%endif -%endif # with_python3_default Requires: selinux-policy-targeted >= 3.13.1-159 -%if 0%{?rhel} && 0%{?rhel} <= 7 -Requires: tomcat >= 7.0.69 -%else -%if 0%{?fedora} && 0%{?fedora} <= 27 -Requires: tomcat >= 8.0.49 -%else -%if 0%{?fedora} && 0%{?fedora} <= 28 -Requires: tomcat >= 1:8.5.23 +%if 0%{?rhel} +Requires: pki-servlet-engine >= 1:9.0.7 %else Requires: tomcat >= 1:9.0.7 %endif -%endif -%endif Requires: velocity Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils -%if 0%{?rhel} && 0%{?rhel} <= 7 -Requires: tomcatjss >= 7.2.1-4 -%else Requires: tomcatjss >= 7.4.1 + +# pki-healthcheck depends on the following library +%if 0%{?rhel} +Requires: ipa-healthcheck-core +%else +Requires: freeipa-healthcheck-core %endif # https://pagure.io/freeipa/issue/7742 +%if 0%{?rhel} +Conflicts: ipa-server < 4.7.1 +%else Conflicts: freeipa-server < 4.7.1 +%endif %description -n pki-server The PKI Server Package contains libraries and utilities needed by the @@ -680,7 +521,8 @@ following PKI subsystems: the Token Key Service (TKS), and the Token Processing Service (TPS). -%endif # with server +# with server +%endif %if %{with ca} ################################################################################ @@ -704,7 +546,8 @@ The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. -%endif # with ca +# with ca +%endif %if %{with kra} ################################################################################ @@ -734,7 +577,8 @@ protection of the public encryption keys for the users in the PKI deployment. Note that the KRA archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys. -%endif # with kra +# with kra +%endif %if %{with ocsp} ################################################################################ @@ -771,7 +615,8 @@ When an instance of OCSP Manager is set up with an instance of CA, and publishing is set up to this OCSP Manager, CRLs are published to it whenever they are issued or updated. -%endif # with ocsp +# with ocsp +%endif %if %{with tks} ################################################################################ @@ -802,7 +647,8 @@ TKS. Tokens with older keys will get new token keys. Because of the sensitivity of the data that TKS manages, TKS should be set up behind the firewall with restricted access. -%endif # with tks +# with tks +%endif %if %{with tps} ################################################################################ @@ -842,7 +688,8 @@ The utility "tpsclient" is a test tool that interacts with TPS. This tool is useful to test TPS server configs without risking an actual smart card. -%endif # with tps +# with tps +%endif %if %{with javadoc} ################################################################################ @@ -861,7 +708,8 @@ Conflicts: pki-console-theme < %{version} %description -n pki-javadoc This package contains PKI API documentation. -%endif # with javadoc +# with javadoc +%endif %if %{with console} ################################################################################ @@ -886,7 +734,8 @@ following "Mutually-Exclusive" PKI Theme packages: * dogtag-pki-console-theme (Dogtag Certificate System deployments) * redhat-pki-console-theme (Red Hat Certificate System deployments) -%endif # with console +%endif +# with console %if %{with theme} ################################################################################ @@ -927,7 +776,8 @@ Conflicts: pki-javadoc < %{version} This PKI Console Theme Package contains Dogtag textual and graphical user interface for PKI Console. -%endif # with theme +# with theme +%endif ################################################################################ %prep @@ -954,6 +804,7 @@ cd build --no-warn-unused-cli \ -DVERSION=%{version}-%{release} \ -DVAR_INSTALL_DIR:PATH=/var \ + -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ -DJAVA_HOME=%{java_home} \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ @@ -962,12 +813,7 @@ cd build -DRESTEASY_LIB=%{resteasy_lib} \ -DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \ -DBUILD_PKI_CORE:BOOL=ON \ - -DWITH_PYTHON2:BOOL=%{?with_python2:ON}%{!?with_python2:OFF} \ - -DWITH_PYTHON3:BOOL=%{?with_python3:ON}%{!?with_python3:OFF} \ -%if 0%{?with_python3_default} - -DWITH_PYTHON3_DEFAULT:BOOL=ON \ -%endif - -DPYTHON_EXECUTABLE=%{__python3} \ + -DPYTHON_EXECUTABLE=%{python_executable} \ -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \ %if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} -DWITH_SERVER:BOOL=OFF \ @@ -992,6 +838,10 @@ cd build --no-print-directory \ all install +%if %{with_test} +ctest --output-on-failure +%endif + %if %{with meta} %{__mkdir_p} %{buildroot}%{_datadir}/doc/pki @@ -999,146 +849,61 @@ cat > %{buildroot}%{_datadir}/doc/pki/README << EOF This package is a "meta-package" whose dependencies pull in all of the packages comprising the Dogtag Public Key Infrastructure (PKI) Suite. EOF -%endif # with meta -# Customize system upgrade scripts in /usr/share/pki/upgrade -%if 0%{?rhel} && 0%{?rhel} <= 7 - -# merge newer upgrade scripts into 10.3.3 for RHEL -/bin/rm -rf %{buildroot}%{_datadir}/pki/upgrade/10.3.4 -/bin/rm -rf %{buildroot}%{_datadir}/pki/upgrade/10.3.5 - -# merge newer upgrade scripts into 10.4.1 for RHEL -/bin/rm -rf %{buildroot}%{_datadir}/pki/upgrade/10.4.2 -/bin/rm -rf %{buildroot}%{_datadir}/pki/upgrade/10.4.3 -/bin/rm -rf %{buildroot}%{_datadir}/pki/upgrade/10.4.4 -/bin/rm -rf %{buildroot}%{_datadir}/pki/upgrade/10.4.5 -/bin/rm -rf %{buildroot}%{_datadir}/pki/upgrade/10.4.6 +# with meta %endif # Customize client library links in /usr/share/pki/lib -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no link customization -%else - ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar - ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar -%endif +ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar +ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar %if %{with server} -# Customize server upgrade scripts in /usr/share/pki/server/upgrade -%if 0%{?rhel} && 0%{?rhel} <= 7 - -# merge newer upgrade scripts into 10.3.3 for RHEL -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/01-FixServerLibrary \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/02-FixServerLibrary -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5/02-FixDeploymentDescriptor \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.3.3/03-FixDeploymentDescriptor -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.3.4 -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.3.5 - -# merge newer upgrade scripts into 10.4.1 for RHEL -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/01-AddSessionAuthenticationPlugin \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/01-AddSessionAuthenticationPlugin -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2/02-AddKRAWrappingParams \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/02-AddKRAWrappingParams -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6/01-UpdateKeepAliveTimeout \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.4.1/03-UpdateKeepAliveTimeout -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.2 -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.3 -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.4 -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.5 -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.4.6 - -# merge newer upgrade script into 10.5.1 for RHEL -mv %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5/01-AddTPSExternalRegISEtokenParams \ - %{buildroot}%{_datadir}/pki/server/upgrade/10.5.1/01-AddTPSExternalRegISEtokenParams - -/bin/rm -rf %{buildroot}%{_datadir}/pki/server/upgrade/10.5.5 - -%endif - # Customize server common library links in /usr/share/pki/server/common/lib -%if 0%{?fedora} || 0%{?rhel} > 7 - ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar - ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar - ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar +ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar +ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar +ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar +%if 0%{?rhel} +# no pylint %else -if [ -f /etc/debian_version ]; then - ln -sf /usr/share/java/commons-collections3.jar %{buildroot}%{_datadir}/pki/server/common/lib/commons-collections.jar - ln -sf /usr/share/java/httpclient.jar %{buildroot}%{_datadir}/pki/server/common/lib/httpclient.jar - ln -sf /usr/share/java/httpcore.jar %{buildroot}%{_datadir}/pki/server/common/lib/httpcore.jar - ln -sf /usr/share/java/jackson-core-asl.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-core-asl.jar - ln -sf /usr/share/java/jackson-jaxrs.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-jaxrs.jar - ln -sf /usr/share/java/jackson-mapper-asl.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-mapper-asl.jar - ln -sf /usr/share/java/jackson-mrbean.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-mrbean.jar - ln -sf /usr/share/java/jackson-smile.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-smile.jar - ln -sf /usr/share/java/jackson-xc.jar %{buildroot}%{_datadir}/pki/server/common/lib/jackson-xc.jar - ln -sf /usr/share/java/jss4.jar %{buildroot}%{_datadir}/pki/server/common/lib/jss4.jar - ln -sf /usr/share/java/symkey.jar %{buildroot}%{_datadir}/pki/server/common/lib/symkey.jar - ln -sf /usr/share/java/xercesImpl.jar %{buildroot}%{_datadir}/pki/server/common/lib/xerces-j2.jar - ln -sf /usr/share/java/xml-apis.jar %{buildroot}%{_datadir}/pki/server/common/lib/xml-commons-apis.jar - ln -sf /usr/share/java/xml-resolver.jar %{buildroot}%{_datadir}/pki/server/common/lib/xml-commons-resolver.jar +################################################################################ +echo "Scanning Python code with pylint" +################################################################################ + +%{python_executable} -I ../tools/pylint-build-scan.py rpm --prefix %{buildroot} +if [ $? -ne 0 ]; then + echo "pylint for Python 3 failed. RC: $?" + exit 1 +fi + +################################################################################ +echo "Scanning Python code with flake8" +################################################################################ + +python3-flake8 --config ../tox.ini %{buildroot} +if [ $? -ne 0 ]; then + echo "flake8 for Python 3 failed. RC: $?" + exit 1 fi %endif -# Customize server library links in /usr/share/pki/server/lib -%if 0%{?rhel} && 0%{?rhel} <= 7 - rm -f %{buildroot}%{_datadir}/pki/server/lib/slf4j-jdk14.jar +# with server %endif -%endif # with server - -%if %{with base} - -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no upgrade check -%else -%pretrans -n pki-base -p -function test(a) - if posix.stat(a) then - for f in posix.files(a) do - if f~=".." and f~="." then - return true - end - end - end - return false -end - -if (test("/etc/sysconfig/pki/ca") or - test("/etc/sysconfig/pki/kra") or - test("/etc/sysconfig/pki/ocsp") or - test("/etc/sysconfig/pki/tks")) then - msg = "Unable to upgrade to Fedora 20. There are PKI 9 instances\n" .. - "that will no longer work since they require Tomcat 6, and \n" .. - "Tomcat 6 is no longer available in Fedora 20.\n\n" .. - "Please follow these instructions to migrate the instances to \n" .. - "PKI 10:\n\n" .. - "http://www.dogtagpki.org/wiki/Migrating_PKI_9_Instances_to_PKI_10" - error(msg) -end -%endif - -%endif # with base - %if %{with server} %pre -n pki-server getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname} if ! getent passwd %{pki_username} >/dev/null ; then - if ! getent passwd %{pki_uid} >/dev/null ; then - useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} - else - useradd -r -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} - fi + useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} fi exit 0 -%endif # with server +# with server +%endif %if %{with base} @@ -1164,7 +929,8 @@ then rm -f %{_sysconfdir}/pki/pki.version fi -%endif # with base +# with base +%endif %if %{with server} @@ -1194,7 +960,8 @@ fi ## from EITHER 'sysVinit' OR previous 'systemd' processes to the new ## PKI deployment process -%endif # with server +# with server +%endif %if %{with meta} %if "%{name}" != "%{brand}-pki" @@ -1207,7 +974,8 @@ fi %doc %{_datadir}/doc/pki/README -%endif # with meta +# with meta +%endif %if %{with base} ################################################################################ @@ -1227,9 +995,11 @@ fi %doc %{_datadir}/doc/pki-base/html %dir %{_datadir}/pki %{_datadir}/pki/VERSION +%{_datadir}/pki/pom.xml %dir %{_datadir}/pki/etc %{_datadir}/pki/etc/pki.conf %{_datadir}/pki/etc/logging.properties +%dir %{_datadir}/pki/lib %dir %{_datadir}/pki/scripts %{_datadir}/pki/scripts/config %{_datadir}/pki/upgrade/ @@ -1242,19 +1012,6 @@ fi %{_mandir}/man5/pki-logging.5.gz %{_mandir}/man8/pki-upgrade.8.gz -%if 0%{?with_python2} -################################################################################ -%files -n python2-pki -################################################################################ - -%doc base/common/LICENSE -%doc base/common/LICENSE.LESSER -%if %{with server} && ! %{?with_python3_default} -%exclude %{python2_sitelib}/pki/server -%endif -%{python2_sitelib}/pki -%endif # with_python2 - ################################################################################ %files -n pki-base-java ################################################################################ @@ -1262,32 +1019,31 @@ fi %doc base/common/LICENSE %doc base/common/LICENSE.LESSER %{_datadir}/pki/examples/java/ -%{_datadir}/pki/lib/ +%{_datadir}/pki/lib/*.jar %dir %{_javadir}/pki %{_javadir}/pki/pki-cmsutil.jar %{_javadir}/pki/pki-nsutil.jar %{_javadir}/pki/pki-certsrv.jar -%if 0%{?with_python3} ################################################################################ %files -n python3-pki ################################################################################ %doc base/common/LICENSE %doc base/common/LICENSE.LESSER -%if %{with server} && %{?with_python3_default} +%if %{with server} %exclude %{python3_sitelib}/pki/server %endif %{python3_sitelib}/pki -%endif # with_python3 ################################################################################ %files -n pki-tools ################################################################################ %doc base/native-tools/LICENSE base/native-tools/doc/README -%{_bindir}/pki %{_bindir}/p7tool +%{_bindir}/pistool +%{_bindir}/pki %{_bindir}/revoker %{_bindir}/setpin %{_bindir}/sslget @@ -1318,6 +1074,7 @@ fi %{_bindir}/TokenInfo %{_javadir}/pki/pki-tools.jar %{_datadir}/pki/java-tools/ +%{_datadir}/pki/lib/p11-kit-trust.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz %{_mandir}/man1/BtoA.1.gz @@ -1349,7 +1106,8 @@ fi %{_mandir}/man1/PKCS10Client.1.gz %{_mandir}/man1/PKICertImport.1.gz -%endif # with base +# with base +%endif %if %{with server} ################################################################################ @@ -1365,11 +1123,11 @@ fi %{_sbindir}/pkidestroy %{_sbindir}/pki-server %{_sbindir}/pki-server-upgrade -%if 0%{?with_python3_default} %{python3_sitelib}/pki/server/ -%else -%{python2_sitelib}/pki/server/ -%endif # with_python3_default +%{_sbindir}/pki-healthcheck +%{python3_sitelib}/pki/server/healthcheck/ +%{python3_sitelib}/pkihealthcheck-*.egg-info/ +%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf %{_datadir}/pki/etc/tomcat.conf %dir %{_datadir}/pki/deployment @@ -1385,7 +1143,6 @@ fi %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target %{_javadir}/pki/pki-cms.jar %{_javadir}/pki/pki-cmsbundle.jar -%{_javadir}/pki/pki-cmscore.jar %{_javadir}/pki/pki-tomcat.jar %dir %{_sharedstatedir}/pki %{_mandir}/man1/pkidaemon.1.gz @@ -1405,10 +1162,14 @@ fi %{_mandir}/man8/pki-server-ocsp.8.gz %{_mandir}/man8/pki-server-tks.8.gz %{_mandir}/man8/pki-server-tps.8.gz +%{_mandir}/man8/pki-healthcheck.8.gz %{_datadir}/pki/setup/ %{_datadir}/pki/server/ +%{_datadir}/pki/acme/ +%{_javadir}/pki/pki-acme.jar -%endif # with server +# with server +%endif %if %{with ca} ################################################################################ @@ -1420,12 +1181,12 @@ fi %dir %{_datadir}/pki/ca %{_datadir}/pki/ca/conf/ %{_datadir}/pki/ca/emails/ -%dir %{_datadir}/pki/ca/profiles -%{_datadir}/pki/ca/profiles/ca/ +%{_datadir}/pki/ca/profiles/ %{_datadir}/pki/ca/setup/ %{_datadir}/pki/ca/webapps/ -%endif # with ca +# with ca +%endif %if %{with kra} ################################################################################ @@ -1439,7 +1200,8 @@ fi %{_datadir}/pki/kra/setup/ %{_datadir}/pki/kra/webapps/ -%endif # with kra +# with kra +%endif %if %{with ocsp} ################################################################################ @@ -1453,7 +1215,8 @@ fi %{_datadir}/pki/ocsp/setup/ %{_datadir}/pki/ocsp/webapps/ -%endif # with ocsp +# with ocsp +%endif %if %{with tks} ################################################################################ @@ -1467,7 +1230,8 @@ fi %{_datadir}/pki/tks/setup/ %{_datadir}/pki/tks/webapps/ -%endif # with tks +# with tks +%endif %if %{with tps} ################################################################################ @@ -1492,7 +1256,8 @@ fi %{_libdir}/tps/libtps.so %{_libdir}/tps/libtokendb.so -%endif # with tps +# with tps +%endif %if %{with javadoc} ################################################################################ @@ -1501,7 +1266,8 @@ fi %{_javadocdir}/pki-%{version}/ -%endif # with javadoc +# with javadoc +%endif %if %{with console} ################################################################################ @@ -1512,7 +1278,8 @@ fi %{_bindir}/pkiconsole %{_javadir}/pki/pki-console.jar -%endif # with console +# with console +%endif %if %{with theme} ################################################################################ @@ -1540,10 +1307,15 @@ fi %doc themes/%{brand}/console-ui/LICENSE %{_javadir}/pki/pki-console-theme.jar -%endif # with theme +# with theme +%endif ################################################################################ %changelog +* Thu Mar 05 2020 Dogtag PKI Team - 10.8.3-1 +- Rebase to latest upstream version +- Spec cleanup to match with upstream spec + * Tue Jan 28 2020 Fedora Release Engineering - 10.7.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index 0aa1262..5fab16d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.7.3.tar.gz) = 72df85af4b8a0e2b13e7789441d9a195f331fcdf154f1eed10bd27d83385d387cc40f2d85927157b3bcfcd666a690d6e0513b9aea09fc14068db1c83835de50b +SHA512 (pki-10.8.3.tar.gz) = 7b771481a8eeb77f89f6ea2d2f406add9183ac5c9f592a65d3f537af764e74ecd958e37cfbbf7196980bcb960e4750122a5498a5c573152bd94a7805292f7a55