Rebase to upstream beta release v10.10.0-b1

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
2020-10-22 11:19:14 -04:00 · 2020-10-22 11:19:14 -04:00 · 569df63e94
commit 569df63e94
parent 7142f8d195
3 changed files with 78 additions and 51 deletions
--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,4 @@
 /pki-10.9.1.tar.gz
 /pki-10.9.2.tar.gz
 /pki-10.9.4.tar.gz
+/pki-10.10.0-b1.tar.gz
--- a/dogtag-pki.spec
+++ b/dogtag-pki.spec
@ -6,15 +6,15 @@ Name:             dogtag-pki
 %global           brand Dogtag

 Summary:          %{brand} PKI Package
-URL:              http://www.dogtagpki.org/
+URL:              https://www.dogtagpki.org
 # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
 License:          GPLv2 and LGPLv2

-# For development (unsupported) releases, use x.y.z-0.n.unstable with alpha/beta phase.
-# For official (supported) releases, use x.y.z-r where r >=1 without alpha/beta phase.
-Version:          10.9.4
-Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
-#global           _phase -a1
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
+Version:          10.10.0
+Release:          0.2.b1%{?_timestamp}%{?_commit_id}%{?dist}
+%global           _phase -b1

 # To create a tarball from a version tag:
 # $ git archive \
@ -31,7 +31,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 #     > pki-VERSION-RELEASE.patch
 # Patch: pki-VERSION-RELEASE.patch

-
 ################################################################################
 # NSS
 ################################################################################
@ -52,14 +51,15 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 # Java
 ################################################################################

-%define java_home /usr/lib/jvm/jre-openjdk
 %define java_devel java-devel
 %define java_headless java-headless

 %if 0%{?fedora} && 0%{?fedora} >= 33
 %define min_java_version 1:11
+%define java_home /usr/lib/jvm/java-11-openjdk
 %else
 %define min_java_version 1:1.8.0
+%define java_home /usr/lib/jvm/java-1.8.0-openjdk
 %endif

 ################################################################################
@ -118,6 +118,8 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 %define debug_package %{nil}
 %endif

+%bcond_without sdnotify
+
 # ignore unpackaged files from native 'tpsclient'
 # REMINDER:  Remove this '%%define' once 'tpsclient' is rewritten as a Java app
 %define _unpackaged_files_terminate_build 0
@ -169,7 +171,7 @@ BuildRequires:    ldapjdk >= 4.22.0
 BuildRequires:    apache-commons-cli
 BuildRequires:    apache-commons-codec
 BuildRequires:    apache-commons-io
-BuildRequires:    apache-commons-lang
+BuildRequires:    apache-commons-lang3 >= 3.2
 BuildRequires:    apache-commons-net
 BuildRequires:    jakarta-commons-httpclient
 BuildRequires:    glassfish-jaxb-api
@ -221,8 +223,8 @@ BuildRequires:    python3-pytest-runner

 BuildRequires:    junit
 BuildRequires:    jpackage-utils >= 0:1.7.5-10
-BuildRequires:    jss >= 4.7.0
-BuildRequires:    tomcatjss >= 7.5.0
+BuildRequires:    jss >= 4.8.0
+BuildRequires:    tomcatjss >= 7.6.0
 BuildRequires:    systemd-units

 %if 0%{?rhel}
@ -269,6 +271,7 @@ to manage enterprise Public Key Infrastructure deployments.

 PKI consists of the following components:

+  * Automatic Certificate Management Environment (ACME) Responder
  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
@ -293,6 +296,7 @@ Requires:         %{vendor_id}-pki-console-theme = %{version}

 # Make certain that this 'meta' package requires the latest version(s)
 # of ALL PKI core packages
+Requires:         pki-acme = %{version}
 Requires:         pki-ca = %{version}
 Requires:         pki-kra = %{version}
 Requires:         pki-ocsp = %{version}
@ -320,6 +324,7 @@ to manage enterprise Public Key Infrastructure deployments.

 PKI consists of the following components:

+  * Automatic Certificate Management Environment (ACME) Responder
  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
@ -338,7 +343,7 @@ Summary:          PKI Symmetric Key Package

 Requires:         %java_headless >= %{min_java_version}
 Requires:         jpackage-utils >= 0:1.7.5-10
-Requires:         jss >= 4.7.0
+Requires:         jss >= 4.8.0
 Requires:         nss >= 3.38.0

 # Ensure we end up with a useful installation
@ -408,7 +413,7 @@ Requires:         %java_headless >= %{min_java_version}
 Requires:         apache-commons-cli
 Requires:         apache-commons-codec
 Requires:         apache-commons-io
-Requires:         apache-commons-lang
+Requires:         apache-commons-lang3 >= 3.2
 Requires:         apache-commons-logging
 Requires:         apache-commons-net
 Requires:         jakarta-commons-httpclient
@ -475,7 +480,6 @@ Summary:          PKI Server Package
 BuildArch:        noarch

 Requires:         hostname
-Requires:         net-tools

 Requires:         policycoreutils
 Requires:         procps-ng
@ -508,7 +512,13 @@ Requires(post):   systemd-units
 Requires(preun):  systemd-units
 Requires(postun): systemd-units
 Requires(pre):    shadow-utils
-Requires:         tomcatjss >= 7.5.0
+Requires:         tomcatjss >= 7.6.0
+
+# JNA is used to bind to libsystemd
+%if %{with sdnotify}
+BuildRequires:    jna
+Requires:         jna
+%endif

 # pki-healthcheck depends on the following library
 %if 0%{?rhel}
@ -532,18 +542,29 @@ Provides:         bundled(js-patternfly) = 3.59.2
 Provides:         bundled(js-underscore) = 1.9.2

 %description -n   pki-server
-The PKI Server Package contains libraries and utilities needed by the
-following PKI subsystems:
-
-    the Certificate Authority (CA),
-    the Key Recovery Authority (KRA),
-    the Online Certificate Status Protocol (OCSP) Manager,
-    the Token Key Service (TKS), and
-    the Token Processing Service (TPS).
+The PKI Server Package contains libraries and utilities needed by other
+PKI subsystems.

 # with server
 %endif

+%if %{with acme}
+################################################################################
+%package -n       pki-acme
+################################################################################
+
+Summary:          PKI ACME Package
+BuildArch:        noarch
+
+Requires:         pki-server = %{version}-%{release}
+
+%description -n   pki-acme
+The PKI ACME responder is a service that provides an automatic certificate
+management via ACME v2 protocol defined in RFC 8555.
+
+# with acme
+%endif
+
 %if %{with ca}
 ################################################################################
 %package -n       pki-ca
@ -843,9 +864,9 @@ cd build
    -DVERSION=%{version}-%{release} \
    -DVAR_INSTALL_DIR:PATH=/var \
    -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
-    -DJAVA_VERSION=%{java_version} \
+    -DJAVA_VERSION=${java_version} \
    -DJAVA_HOME=%java_home \
-    -DPKI_JAVA_PATH=%java \
+    -DPKI_JAVA_PATH=%java_home/bin/java \
    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
    -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
    -DAPP_SERVER=$app_server \
@ -855,9 +876,10 @@ cd build
    -DBUILD_PKI_CORE:BOOL=ON \
    -DPYTHON_EXECUTABLE=%{python_executable} \
    -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
-%if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps}
+%if ! %{with server} && ! %{with acme} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps}
    -DWITH_SERVER:BOOL=OFF \
 %endif
+    -DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \
    -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
    -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
    -DTHEME=%{?with_theme:%{vendor_id}} \
@ -1069,8 +1091,8 @@ fi
 %files -n pki-tools
 ################################################################################

-%license base/native-tools/LICENSE
-%doc base/native-tools/doc/README
+%license base/tools/LICENSE
+%doc base/tools/doc/README
 %{_bindir}/p7tool
 %{_bindir}/pistool
 %{_bindir}/pki
@ -1078,7 +1100,6 @@ fi
 %{_bindir}/setpin
 %{_bindir}/sslget
 %{_bindir}/tkstool
-%{_datadir}/pki/native-tools/
 %{_bindir}/AtoB
 %{_bindir}/AuditVerify
 %{_bindir}/BtoA
@ -1103,7 +1124,7 @@ fi
 %{_bindir}/PrettyPrintCrl
 %{_bindir}/TokenInfo
 %{_javadir}/pki/pki-tools.jar
-%{_datadir}/pki/java-tools/
+%{_datadir}/pki/tools/
 %{_datadir}/pki/lib/p11-kit-trust.so
 %{_mandir}/man1/AtoB.1.gz
 %{_mandir}/man1/AuditVerify.1.gz
@ -1177,6 +1198,7 @@ fi
 %dir %{_sharedstatedir}/pki
 %{_mandir}/man1/pkidaemon.1.gz
 %{_mandir}/man5/pki_default.cfg.5.gz
+%{_mandir}/man5/pki_healthcheck.conf.5.gz
 %{_mandir}/man5/pki-server-logging.5.gz
 %{_mandir}/man8/pki-server-upgrade.8.gz
 %{_mandir}/man8/pkidestroy.8.gz
@ -1196,12 +1218,26 @@ fi
 %{_mandir}/man8/pki-healthcheck.8.gz
 %{_datadir}/pki/setup/
 %{_datadir}/pki/server/
-%{_datadir}/pki/acme/
-%{_javadir}/pki/pki-acme.jar
+
+%if %{with sdnotify}
+%{_javadir}/pki/pki-systemd.jar
+%endif

 # with server
 %endif

+%if %{with acme}
+################################################################################
+%files -n pki-acme
+################################################################################
+
+%{_javadir}/pki/pki-acme.jar
+%dir %{_datadir}/pki/acme
+%{_datadir}/pki/acme/
+
+# with acme
+%endif
+
 %if %{with ca}
 ################################################################################
 %files -n pki-ca
@ -1210,11 +1246,7 @@ fi
 %license base/ca/LICENSE
 %{_javadir}/pki/pki-ca.jar
 %dir %{_datadir}/pki/ca
-%{_datadir}/pki/ca/conf/
-%{_datadir}/pki/ca/emails/
-%{_datadir}/pki/ca/profiles/
-%{_datadir}/pki/ca/setup/
-%{_datadir}/pki/ca/webapps/
+%{_datadir}/pki/ca/

 # with ca
 %endif
@ -1227,9 +1259,7 @@ fi
 %license base/kra/LICENSE
 %{_javadir}/pki/pki-kra.jar
 %dir %{_datadir}/pki/kra
-%{_datadir}/pki/kra/conf/
-%{_datadir}/pki/kra/setup/
-%{_datadir}/pki/kra/webapps/
+%{_datadir}/pki/kra/

 # with kra
 %endif
@ -1242,9 +1272,7 @@ fi
 %license base/ocsp/LICENSE
 %{_javadir}/pki/pki-ocsp.jar
 %dir %{_datadir}/pki/ocsp
-%{_datadir}/pki/ocsp/conf/
-%{_datadir}/pki/ocsp/setup/
-%{_datadir}/pki/ocsp/webapps/
+%{_datadir}/pki/ocsp/

 # with ocsp
 %endif
@ -1257,9 +1285,7 @@ fi
 %license base/tks/LICENSE
 %{_javadir}/pki/pki-tks.jar
 %dir %{_datadir}/pki/tks
-%{_datadir}/pki/tks/conf/
-%{_datadir}/pki/tks/setup/
-%{_datadir}/pki/tks/webapps/
+%{_datadir}/pki/tks/

 # with tks
 %endif
@ -1272,10 +1298,7 @@ fi
 %license base/tps/LICENSE
 %{_javadir}/pki/pki-tps.jar
 %dir %{_datadir}/pki/tps
-%{_datadir}/pki/tps/applets/
-%{_datadir}/pki/tps/conf/
-%{_datadir}/pki/tps/setup/
-%{_datadir}/pki/tps/webapps/
+%{_datadir}/pki/tps/
 %{_mandir}/man5/pki-tps-connector.5.gz
 %{_mandir}/man5/pki-tps-profile.5.gz
 %{_mandir}/man1/tpsclient.1.gz
@ -1353,6 +1376,9 @@ fi

 ################################################################################
 %changelog
+* Thu Oct 22 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.10.0-0.2
+- Rebase to upstream beta v10.10.0-b2 release
+
 * Fri Sep 11 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.4-1
 - Rebase to stable upstream v10.9.4 release

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (pki-10.9.4.tar.gz) = a2e572b1e2625cfbd432ccc11f6aefb77801f4e9f6a49e00c8fcf98fedd09e9ec806c5caa42a1bd48f8d6eff4c794e28a3dca86ee5720e348415c8bd3e9e4882
+SHA512 (pki-10.10.0-b1.tar.gz) = 1820ca78ef452f5abfd0bb5d85b1576b7f4edbd6a0f804351c49161ddf2b743fbf59994a9068e2cf84e19dd0d40bee1d240b41d84c53abe5f3192954b86cd431