diff --git a/.gitignore b/.gitignore index be6f1f5..77a73f1 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /pki-10.9.1.tar.gz /pki-10.9.2.tar.gz /pki-10.9.4.tar.gz +/pki-10.10.0-b1.tar.gz diff --git a/dogtag-pki.spec b/dogtag-pki.spec index 2e54cef..17cc8fc 100644 --- a/dogtag-pki.spec +++ b/dogtag-pki.spec @@ -6,15 +6,15 @@ Name: dogtag-pki %global brand Dogtag Summary: %{brand} PKI Package -URL: http://www.dogtagpki.org/ +URL: https://www.dogtagpki.org # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -# For development (unsupported) releases, use x.y.z-0.n.unstable with alpha/beta phase. -# For official (supported) releases, use x.y.z-r where r >=1 without alpha/beta phase. -Version: 10.9.4 -Release: 1%{?_timestamp}%{?_commit_id}%{?dist} -#global _phase -a1 +# For development (i.e. unsupported) releases, use x.y.z-0.n.. +# For official (i.e. supported) releases, use x.y.z-r where r >=1. +Version: 10.10.0 +Release: 0.2.b1%{?_timestamp}%{?_commit_id}%{?dist} +%global _phase -b1 # To create a tarball from a version tag: # $ git archive \ @@ -31,7 +31,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch - ################################################################################ # NSS ################################################################################ @@ -52,14 +51,15 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # Java ################################################################################ -%define java_home /usr/lib/jvm/jre-openjdk %define java_devel java-devel %define java_headless java-headless %if 0%{?fedora} && 0%{?fedora} >= 33 %define min_java_version 1:11 +%define java_home /usr/lib/jvm/java-11-openjdk %else %define min_java_version 1:1.8.0 +%define java_home /usr/lib/jvm/java-1.8.0-openjdk %endif ################################################################################ @@ -118,6 +118,8 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver %define debug_package %{nil} %endif +%bcond_without sdnotify + # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app %define _unpackaged_files_terminate_build 0 @@ -169,7 +171,7 @@ BuildRequires: ldapjdk >= 4.22.0 BuildRequires: apache-commons-cli BuildRequires: apache-commons-codec BuildRequires: apache-commons-io -BuildRequires: apache-commons-lang +BuildRequires: apache-commons-lang3 >= 3.2 BuildRequires: apache-commons-net BuildRequires: jakarta-commons-httpclient BuildRequires: glassfish-jaxb-api @@ -221,8 +223,8 @@ BuildRequires: python3-pytest-runner BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 -BuildRequires: jss >= 4.7.0 -BuildRequires: tomcatjss >= 7.5.0 +BuildRequires: jss >= 4.8.0 +BuildRequires: tomcatjss >= 7.6.0 BuildRequires: systemd-units %if 0%{?rhel} @@ -269,6 +271,7 @@ to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: + * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager @@ -293,6 +296,7 @@ Requires: %{vendor_id}-pki-console-theme = %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages +Requires: pki-acme = %{version} Requires: pki-ca = %{version} Requires: pki-kra = %{version} Requires: pki-ocsp = %{version} @@ -320,6 +324,7 @@ to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: + * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager @@ -338,7 +343,7 @@ Summary: PKI Symmetric Key Package Requires: %java_headless >= %{min_java_version} Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.7.0 +Requires: jss >= 4.8.0 Requires: nss >= 3.38.0 # Ensure we end up with a useful installation @@ -408,7 +413,7 @@ Requires: %java_headless >= %{min_java_version} Requires: apache-commons-cli Requires: apache-commons-codec Requires: apache-commons-io -Requires: apache-commons-lang +Requires: apache-commons-lang3 >= 3.2 Requires: apache-commons-logging Requires: apache-commons-net Requires: jakarta-commons-httpclient @@ -475,7 +480,6 @@ Summary: PKI Server Package BuildArch: noarch Requires: hostname -Requires: net-tools Requires: policycoreutils Requires: procps-ng @@ -508,7 +512,13 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils -Requires: tomcatjss >= 7.5.0 +Requires: tomcatjss >= 7.6.0 + +# JNA is used to bind to libsystemd +%if %{with sdnotify} +BuildRequires: jna +Requires: jna +%endif # pki-healthcheck depends on the following library %if 0%{?rhel} @@ -532,18 +542,29 @@ Provides: bundled(js-patternfly) = 3.59.2 Provides: bundled(js-underscore) = 1.9.2 %description -n pki-server -The PKI Server Package contains libraries and utilities needed by the -following PKI subsystems: - - the Certificate Authority (CA), - the Key Recovery Authority (KRA), - the Online Certificate Status Protocol (OCSP) Manager, - the Token Key Service (TKS), and - the Token Processing Service (TPS). +The PKI Server Package contains libraries and utilities needed by other +PKI subsystems. # with server %endif +%if %{with acme} +################################################################################ +%package -n pki-acme +################################################################################ + +Summary: PKI ACME Package +BuildArch: noarch + +Requires: pki-server = %{version}-%{release} + +%description -n pki-acme +The PKI ACME responder is a service that provides an automatic certificate +management via ACME v2 protocol defined in RFC 8555. + +# with acme +%endif + %if %{with ca} ################################################################################ %package -n pki-ca @@ -843,9 +864,9 @@ cd build -DVERSION=%{version}-%{release} \ -DVAR_INSTALL_DIR:PATH=/var \ -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ - -DJAVA_VERSION=%{java_version} \ + -DJAVA_VERSION=${java_version} \ -DJAVA_HOME=%java_home \ - -DPKI_JAVA_PATH=%java \ + -DPKI_JAVA_PATH=%java_home/bin/java \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -DAPP_SERVER=$app_server \ @@ -855,9 +876,10 @@ cd build -DBUILD_PKI_CORE:BOOL=ON \ -DPYTHON_EXECUTABLE=%{python_executable} \ -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \ -%if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} +%if ! %{with server} && ! %{with acme} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} -DWITH_SERVER:BOOL=OFF \ %endif + -DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \ -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \ -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \ -DTHEME=%{?with_theme:%{vendor_id}} \ @@ -1069,8 +1091,8 @@ fi %files -n pki-tools ################################################################################ -%license base/native-tools/LICENSE -%doc base/native-tools/doc/README +%license base/tools/LICENSE +%doc base/tools/doc/README %{_bindir}/p7tool %{_bindir}/pistool %{_bindir}/pki @@ -1078,7 +1100,6 @@ fi %{_bindir}/setpin %{_bindir}/sslget %{_bindir}/tkstool -%{_datadir}/pki/native-tools/ %{_bindir}/AtoB %{_bindir}/AuditVerify %{_bindir}/BtoA @@ -1103,7 +1124,7 @@ fi %{_bindir}/PrettyPrintCrl %{_bindir}/TokenInfo %{_javadir}/pki/pki-tools.jar -%{_datadir}/pki/java-tools/ +%{_datadir}/pki/tools/ %{_datadir}/pki/lib/p11-kit-trust.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz @@ -1177,6 +1198,7 @@ fi %dir %{_sharedstatedir}/pki %{_mandir}/man1/pkidaemon.1.gz %{_mandir}/man5/pki_default.cfg.5.gz +%{_mandir}/man5/pki_healthcheck.conf.5.gz %{_mandir}/man5/pki-server-logging.5.gz %{_mandir}/man8/pki-server-upgrade.8.gz %{_mandir}/man8/pkidestroy.8.gz @@ -1196,12 +1218,26 @@ fi %{_mandir}/man8/pki-healthcheck.8.gz %{_datadir}/pki/setup/ %{_datadir}/pki/server/ -%{_datadir}/pki/acme/ -%{_javadir}/pki/pki-acme.jar + +%if %{with sdnotify} +%{_javadir}/pki/pki-systemd.jar +%endif # with server %endif +%if %{with acme} +################################################################################ +%files -n pki-acme +################################################################################ + +%{_javadir}/pki/pki-acme.jar +%dir %{_datadir}/pki/acme +%{_datadir}/pki/acme/ + +# with acme +%endif + %if %{with ca} ################################################################################ %files -n pki-ca @@ -1210,11 +1246,7 @@ fi %license base/ca/LICENSE %{_javadir}/pki/pki-ca.jar %dir %{_datadir}/pki/ca -%{_datadir}/pki/ca/conf/ -%{_datadir}/pki/ca/emails/ -%{_datadir}/pki/ca/profiles/ -%{_datadir}/pki/ca/setup/ -%{_datadir}/pki/ca/webapps/ +%{_datadir}/pki/ca/ # with ca %endif @@ -1227,9 +1259,7 @@ fi %license base/kra/LICENSE %{_javadir}/pki/pki-kra.jar %dir %{_datadir}/pki/kra -%{_datadir}/pki/kra/conf/ -%{_datadir}/pki/kra/setup/ -%{_datadir}/pki/kra/webapps/ +%{_datadir}/pki/kra/ # with kra %endif @@ -1242,9 +1272,7 @@ fi %license base/ocsp/LICENSE %{_javadir}/pki/pki-ocsp.jar %dir %{_datadir}/pki/ocsp -%{_datadir}/pki/ocsp/conf/ -%{_datadir}/pki/ocsp/setup/ -%{_datadir}/pki/ocsp/webapps/ +%{_datadir}/pki/ocsp/ # with ocsp %endif @@ -1257,9 +1285,7 @@ fi %license base/tks/LICENSE %{_javadir}/pki/pki-tks.jar %dir %{_datadir}/pki/tks -%{_datadir}/pki/tks/conf/ -%{_datadir}/pki/tks/setup/ -%{_datadir}/pki/tks/webapps/ +%{_datadir}/pki/tks/ # with tks %endif @@ -1272,10 +1298,7 @@ fi %license base/tps/LICENSE %{_javadir}/pki/pki-tps.jar %dir %{_datadir}/pki/tps -%{_datadir}/pki/tps/applets/ -%{_datadir}/pki/tps/conf/ -%{_datadir}/pki/tps/setup/ -%{_datadir}/pki/tps/webapps/ +%{_datadir}/pki/tps/ %{_mandir}/man5/pki-tps-connector.5.gz %{_mandir}/man5/pki-tps-profile.5.gz %{_mandir}/man1/tpsclient.1.gz @@ -1353,6 +1376,9 @@ fi ################################################################################ %changelog +* Thu Oct 22 2020 Dogtag PKI Team - 10.10.0-0.2 +- Rebase to upstream beta v10.10.0-b2 release + * Fri Sep 11 2020 Dogtag PKI Team - 10.9.4-1 - Rebase to stable upstream v10.9.4 release diff --git a/sources b/sources index 59ad840..7b144c8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.9.4.tar.gz) = a2e572b1e2625cfbd432ccc11f6aefb77801f4e9f6a49e00c8fcf98fedd09e9ec806c5caa42a1bd48f8d6eff4c794e28a3dca86ee5720e348415c8bd3e9e4882 +SHA512 (pki-10.10.0-b1.tar.gz) = 1820ca78ef452f5abfd0bb5d85b1576b7f4edbd6a0f804351c49161ddf2b743fbf59994a9068e2cf84e19dd0d40bee1d240b41d84c53abe5f3192954b86cd431