diff --git a/dogtag-pki.spec b/dogtag-pki.spec index 54bf232..26ea542 100644 --- a/dogtag-pki.spec +++ b/dogtag-pki.spec @@ -8,19 +8,19 @@ Name: dogtag-pki # Upstream version number: %global major_version 11 -%global minor_version 5 -%global update_version 4 +%global minor_version 6 +%global update_version 0 # Downstream release number: # - development/stabilization (unsupported): 0. where n >= 1 # - GA/update (supported): where n >= 1 -%global release_number 3 +%global release_number 0.2 # Development phase: # - development (unsupported): alpha where n >= 1 # - stabilization (unsupported): beta where n >= 1 # - GA/update (supported): -#global phase +%global phase alpha2 %undefine timestamp %undefine commit_id @@ -30,7 +30,7 @@ URL: https://www.dogtagpki.org # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPL-2.0-only AND LGPL-2.0-only Version: %{major_version}.%{minor_version}.%{update_version} -Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.1 +Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist} # To create a tarball from a version tag: # $ git archive \ @@ -153,7 +153,7 @@ ExcludeArch: i686 %define pki_uid 17 %define pki_groupname pkiuser %define pki_gid 17 -%define pki_homedir /usr/share/pki +%define pki_homedir /home/%{pki_username} %global saveFileContext() \ if [ -s /etc/selinux/config ]; then \ @@ -604,6 +604,7 @@ Requires: openldap-clients Requires: nss-tools >= 3.36.1 Requires: %{product_id}-java = %{version}-%{release} Requires: p11-kit-trust +Requires: file # PKICertImport depends on certutil and openssl Requires: nss-tools @@ -935,15 +936,17 @@ This package provides %{product_name} API documentation. Summary: %{product_name} Console Package BuildArch: noarch -BuildRequires: mvn(org.dogtagpki.console-framework:console-framework) >= 2.1.0 - Obsoletes: pki-console < %{version}-%{release} Provides: pki-console = %{version}-%{release} -Requires: mvn(org.dogtagpki.console-framework:console-framework) >= 2.1.0 Requires: %{product_id}-java = %{version}-%{release} Requires: %{product_id}-console-theme = %{version}-%{release} +# IDM Console Framework has been merged into PKI Console. +# This will remove installed IDM Console Framework packages. +Obsoletes: idm-console-framework <= 2.1 +Conflicts: idm-console-framework <= 2.1 + %description -n %{product_id}-console %{product_name} Console is a Java application used to administer %{product_name} Server. @@ -1322,8 +1325,10 @@ CXX_FLAGS="$CXX_FLAGS -g -fPIE -pie" # https://sourceware.org/annobin/annobin.html/Test-gaps.html C_FLAGS="$C_FLAGS -fplugin=annobin" +%ifarch x86_64 # https://sourceware.org/annobin/annobin.html/Test-cf-protection.html C_FLAGS="$C_FLAGS -fcf-protection=full" +%endif # https://sourceware.org/annobin/annobin.html/Test-optimization.html C_FLAGS="$C_FLAGS -O2" @@ -1587,10 +1592,23 @@ xmlstarlet edit --inplace \ %if %{with server} %pre -n %{product_id}-server + +# create PKI group if it doesn't exist getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname} + +# create PKI user if it doesn't exist if ! getent passwd %{pki_username} >/dev/null ; then useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} fi + +# create PKI home directory if it doesn't exist +if [ ! -d %{pki_homedir} ] ; then + cp -ar /etc/skel %{pki_homedir} + chown -R %{pki_username}:%{pki_groupname} %{pki_homedir} + chmod 700 %{pki_homedir} + usermod -d %{pki_homedir} %{pki_username} +fi + exit 0 # with server @@ -1730,13 +1748,10 @@ fi %license base/tools/LICENSE %doc base/tools/doc/README -%{_bindir}/p12tool -%{_bindir}/p7tool %{_bindir}/pistool %{_bindir}/pki %{_bindir}/revoker %{_bindir}/setpin -%{_bindir}/sslget %{_bindir}/tkstool %{_bindir}/tpsclient %{_bindir}/AtoB @@ -1814,7 +1829,6 @@ fi %{_sbindir}/pkispawn %{_sbindir}/pkidestroy %{_sbindir}/pki-server -%{_sbindir}/pki-server-upgrade %{_sbindir}/pki-healthcheck %{python3_sitelib}/pki/server/ %{python3_sitelib}/pkihealthcheck-*.egg-info/ @@ -2047,9 +2061,8 @@ fi ################################################################################ %changelog -* Tue Oct 29 2024 Troy Dawson - 11.5.4-3.1 -- Bump release for October 2024 mass rebuild: - Resolves: RHEL-64018 +* Mon Dec 09 2024 Red Hat PKI Team - 11.6.0-alpha2 +- Rebase to PKI 11.6.0-alpha2 * Thu Aug 22 2024 Red Hat PKI Team - 11.5.4-3 - Fix JAXB library filename diff --git a/sources b/sources index bd0df69..fd2c8a6 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (pki-11.5.4.tar.gz) = 0283667d87713dff335fadd15b4cebbca54ed376ec932bf20fd36b6803636d51287b93aa9666714c4a1db70233782bec68c4097b535669e3a45aefa17de1ce23 +SHA512 (pki-11.6.0-alpha2.tar.gz) = d617a4463cf3736c093ea4876ec74e7c8b116bbc9393bb7d197020f4c4bc2f3cb2c57251a24c8fdda36976f0633c736abebba4600572b0db55905b98e19dd58e SHA512 (jackson-annotations-2.16.1.jar) = b5f05c0aeb994c8f694cf080ffb1f8cbd3baff34f52479a618fef6c91b82c8a1cb09801ab24c898b9db698863ea7da615d8991c8741172d21d540345156a200a SHA512 (jackson-core-2.16.1.jar) = 3abac44446ae99aa89c4c7bb50e4a07eb297f4c8d76931e330da6830ffcd9ea94520a7dda1b8d9b00fce64e3838cc7ecf8e490eb478276155d8c286b80f5586c SHA512 (jackson-databind-2.16.1.jar) = adbdcfae96dcfc56669c811a6c8e99a711d372cd1950e39122fe785dfec043a62c92c4a8cf495589db10424ce10517607808cbd4d1ec184ce41c20bb96cc476c