rpms/dogtag-pki
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to PKI 11.5.3

Browse Source 
Bundle RESTEasy and Jackson libraries

Resolves: RHEL-34248
This commit is contained in:
Endi S. Dewata 2024-07-12 19:43:00 +00:00
parent dc706bd194
commit a4f4cf4616
6 changed files with 385 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
.gitignore vendored
View File

@ -1,47 +1,3 @@
/pki-10.6.3.tar.gz
/pki-10.6.4.tar.gz
/pki-10.6.5.tar.gz
/pki-10.6.6.tar.gz
/pki-10.6.7.tar.gz
/pki-10.6.8.tar.gz
/pki-10.6.9.tar.gz
/pki-10.7.0.tar.gz
/pki-10.7.3.tar.gz
/pki-10.8.3.tar.gz
/pki-10.9.0-a2.tar.gz
/pki-10.9.0-b2.tar.gz
/pki-10.9.1.tar.gz
/pki-10.9.2.tar.gz
/pki-10.9.4.tar.gz
/pki-10.10.0-b1.tar.gz
/pki-10.10.0.tar.gz
/pki-10.10.2.tar.gz
/pki-10.10.3.tar.gz
/pki-10.10.5.tar.gz
/pki-10.11.0-alpha1.tar.gz
/pki-10.11.0-alpha2.tar.gz
/pki-11.0.0-alpha1.tar.gz
/pki-11.0.0-alpha2.tar.gz
/pki-11.0.0-beta1.tar.gz
/pki-11.0.0.tar.gz
/pki-11.0.1.tar.gz
/pki-11.0.3.tar.gz
/pki-11.1.0-alpha2.tar.gz
/pki-11.1.0.tar.gz
/pki-11.2.0-beta1.tar.gz
/pki-11.2.0-beta2.tar.gz
/pki-11.2.0-beta3.tar.gz
/pki-11.2.0.tar.gz
/pki-11.2.1.tar.gz
/pki-11.3.0-beta1.tar.gz
/pki-11.3.0.tar.gz
/pki-11.3.1.tar.gz
/pki-11.4.2.tar.gz
/pki-11.4.3.tar.gz
/pki-11.5.0-alpha4.tar.gz
/pki-11.5.0-alpha5.tar.gz
/pki-11.5.0-alpha6.tar.gz
/pki-11.5.0-alpha7.tar.gz
/pki-11.5.0-alpha8.tar.gz
/pki-11.5.0.tar.gz
/pki-11.5.2.tar.gz
/pki-*.tar.gz
/pki-*/
/*.jar

373
dogtag-pki.spec
View File

@ -2,14 +2,14 @@
Name: dogtag-pki
################################################################################
%global product_name IDM PKI
%global product_name IdM PKI
%global product_id idm-pki
%undefine theme
# Upstream version number:
%global major_version 11
%global minor_version 5
%global update_version 2
%global update_version 3
# Downstream release number:
# - development/stabilization (unsupported): 0.<n> where n >= 1
@ -40,6 +40,19 @@ Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timesta
# <version tag>
Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?phase:-}%{?phase}/pki-%{version}%{?phase:-}%{?phase}.tar.gz
Source1: jackson-annotations-2.16.1.jar
Source2: jackson-core-2.16.1.jar
Source3: jackson-databind-2.16.1.jar
Source4: jackson-module-jaxb-annotations-2.16.1.jar
Source5: jackson-jaxrs-base-2.16.1.jar
Source6: jackson-jaxrs-json-provider-2.16.1.jar
Source7: jboss-jaxrs-2.0-api-1.0.0.Final.jar
Source8: jboss-logging-3.5.3.Final.jar
Source9: resteasy-jaxrs-3.0.26.Final.jar
Source10: resteasy-client-3.0.26.Final.jar
Source11: resteasy-jackson2-provider-3.0.26.Final.jar
Source12: resteasy-servlet-initializer-3.0.26.Final.jar
# To create a patch for all changes since a version tag:
# $ git format-patch \
# --stdout \
@ -53,9 +66,6 @@ ExclusiveArch: %{java_arches}
ExcludeArch: i686
%endif
# Bundle dependencies unless --without deps is specified.
%bcond_without deps
################################################################################
# PKCS #11 Kit Trust
################################################################################
@ -98,17 +108,27 @@ ExcludeArch: i686
# PKI
################################################################################
# Use bundled build dependencies unless --with build_deps is specified.
%bcond_with build_deps
# Use bundled runtime dependencies unless --with runtime_deps is specified.
%bcond_with runtime_deps
# Don't build with Maven unless --with maven is specified.
%bcond_with maven
# Execute unit tests unless --without test is specified.
%bcond_without test
# Build the package unless --without <package> is specified.
# For idm-pki do not build the following packages:
# est, ocsp, tks, tps, javadoc, theme, tests, debug
# esc, est, ocsp, tks, tps, javadoc, theme, tests, debug
%bcond_without base
%bcond_without server
%bcond_without acme
%bcond_without ca
%bcond_with esc
%bcond_with est
%bcond_without kra
%bcond_with ocsp
@ -184,18 +204,18 @@ BuildRequires: xmvn-tools
%endif
BuildRequires: javapackages-tools
%if %{with deps}
%if %{without runtime_deps}
BuildRequires: xmlstarlet
%endif
BuildRequires: mvn(commons-cli:commons-cli)
BuildRequires: mvn(commons-codec:commons-codec)
BuildRequires: mvn(commons-io:commons-io)
BuildRequires: mvn(org.apache.commons:commons-lang3)
BuildRequires: mvn(commons-logging:commons-logging)
BuildRequires: mvn(commons-net:commons-net)
BuildRequires: mvn(org.slf4j:slf4j-api)
BuildRequires: mvn(org.apache.commons:commons-lang3)
BuildRequires: mvn(org.apache.httpcomponents:httpclient)
BuildRequires: mvn(org.slf4j:slf4j-api)
BuildRequires: mvn(xml-apis:xml-apis)
BuildRequires: mvn(xml-resolver:xml-resolver)
BuildRequires: mvn(org.junit.jupiter:junit-jupiter-api)
@ -203,18 +223,22 @@ BuildRequires: mvn(org.junit.jupiter:junit-jupiter-api)
BuildRequires: mvn(jakarta.activation:jakarta.activation-api)
BuildRequires: mvn(jakarta.xml.bind:jakarta.xml.bind-api)
%if %{with build_deps}
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-annotations)
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-core)
BuildRequires: mvn(com.fasterxml.jackson.core:jackson-databind)
BuildRequires: mvn(com.fasterxml.jackson.module:jackson-module-jaxb-annotations)
BuildRequires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base)
BuildRequires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider)
BuildRequires: mvn(org.jboss.logging:jboss-logging)
BuildRequires: mvn(org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.0_spec)
BuildRequires: mvn(org.jboss.logging:jboss-logging)
BuildRequires: mvn(org.jboss.resteasy:resteasy-jaxrs)
BuildRequires: mvn(org.jboss.resteasy:resteasy-client)
BuildRequires: mvn(org.jboss.resteasy:resteasy-jackson2-provider)
BuildRequires: mvn(org.jboss.resteasy:resteasy-jaxrs)
BuildRequires: mvn(org.jboss.resteasy:resteasy-servlet-initializer)
%endif
BuildRequires: mvn(org.apache.tomcat:tomcat-catalina) >= 9.0.62
BuildRequires: mvn(org.apache.tomcat:tomcat-servlet-api) >= 9.0.62
@ -310,38 +334,92 @@ Requires: %{product_id}-server = %{version}-%{release}
%if %{with acme}
Requires: %{product_id}-acme = %{version}-%{release}
%else
Obsoletes: pki-acme < %{version}
Conflicts: pki-acme < %{version}
Obsoletes: %{product_id}-acme < %{version}
Conflicts: %{product_id}-acme < %{version}
%endif
%if %{with ca}
Requires: %{product_id}-ca = %{version}-%{release}
%else
Obsoletes: pki-ca < %{version}
Conflicts: pki-ca < %{version}
Obsoletes: %{product_id}-ca < %{version}
Conflicts: %{product_id}-ca < %{version}
%endif
%if %{with est}
Requires: %{product_id}-est = %{version}-%{release}
%else
Obsoletes: pki-est < %{version}
Conflicts: pki-est < %{version}
Obsoletes: %{product_id}-est < %{version}
Conflicts: %{product_id}-est < %{version}
%endif
%if %{with kra}
Requires: %{product_id}-kra = %{version}-%{release}
%else
Obsoletes: pki-kra < %{version}
Conflicts: pki-kra < %{version}
Obsoletes: %{product_id}-kra < %{version}
Conflicts: %{product_id}-kra < %{version}
%endif
%if %{with ocsp}
Requires: %{product_id}-ocsp = %{version}-%{release}
%else
Obsoletes: pki-ocsp < %{version}
Conflicts: pki-ocsp < %{version}
Obsoletes: %{product_id}-ocsp < %{version}
Conflicts: %{product_id}-ocsp < %{version}
%endif
%if %{with tks}
Requires: %{product_id}-tks = %{version}-%{release}
%else
Obsoletes: pki-tks < %{version}
Conflicts: pki-tks < %{version}
Obsoletes: %{product_id}-tks < %{version}
Conflicts: %{product_id}-tks < %{version}
%endif
%if %{with tps}
Requires: %{product_id}-tps = %{version}-%{release}
%else
Obsoletes: pki-tps < %{version}
Conflicts: pki-tps < %{version}
Obsoletes: %{product_id}-tps < %{version}
Conflicts: %{product_id}-tps < %{version}
%endif
%if %{with javadoc}
Requires: %{product_id}-javadoc = %{version}-%{release}
%else
Obsoletes: pki-javadoc < %{version}
Conflicts: pki-javadoc < %{version}
Obsoletes: %{product_id}-javadoc < %{version}
Conflicts: %{product_id}-javadoc < %{version}
%endif
%if %{with console}
Requires: %{product_id}-console = %{version}-%{release}
%else
Obsoletes: pki-console < %{version}
Conflicts: pki-console < %{version}
Obsoletes: %{product_id}-console < %{version}
Conflicts: %{product_id}-console < %{version}
%endif
%if %{with theme}
@ -349,17 +427,33 @@ Requires: %{product_id}-theme = %{version}-%{release}
%if %{with console}
Requires: %{product_id}-console-theme = %{version}-%{release}
%endif
%else
Obsoletes: pki-theme < %{version}
Conflicts: pki-theme < %{version}
Obsoletes: %{product_id}-theme < %{version}
Conflicts: %{product_id}-theme < %{version}
Obsoletes: pki-console-theme < %{version}
Conflicts: pki-console-theme < %{version}
Obsoletes: %{product_id}-console-theme < %{version}
Conflicts: %{product_id}-console-theme < %{version}
%endif
%if %{with tests}
Requires: %{product_id}-tests = %{version}-%{release}
%endif
%if %{with esc}
# Make certain that this 'meta' package requires the latest version(s)
# of ALL PKI clients -- except for s390/s390x where 'esc' is not built
# and for idm-pki.
%ifnarch s390 s390x
#Requires: esc >= 1.1.1
Requires: esc >= 1.1.2
%endif
%else
Obsoletes: esc <= 1.1.2
Conflicts: esc <= 1.1.2
%endif
# description for top-level package (unless there is a separate meta package)
@ -452,22 +546,41 @@ Requires: %{java_headless}
Requires: mvn(commons-cli:commons-cli)
Requires: mvn(commons-codec:commons-codec)
Requires: mvn(commons-io:commons-io)
Requires: mvn(org.apache.commons:commons-lang3)
Requires: mvn(commons-logging:commons-logging)
Requires: mvn(commons-net:commons-net)
Requires: mvn(org.apache.commons:commons-lang3)
Requires: mvn(org.apache.httpcomponents:httpclient)
Requires: mvn(org.slf4j:slf4j-api)
Requires: mvn(org.slf4j:slf4j-jdk14)
Requires: mvn(jakarta.annotation:jakarta.annotation-api)
Requires: mvn(jakarta.xml.bind:jakarta.xml.bind-api)
%if %{without deps}
%if %{with runtime_deps}
Requires: mvn(com.fasterxml.jackson.core:jackson-annotations)
Requires: mvn(com.fasterxml.jackson.core:jackson-core)
Requires: mvn(com.fasterxml.jackson.core:jackson-databind)
Requires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-base)
Requires: mvn(com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider)
Requires: mvn(org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.0_spec)
Requires: mvn(org.jboss.logging:jboss-logging)
Requires: mvn(org.jboss.resteasy:resteasy-jaxrs)
Requires: mvn(org.jboss.resteasy:resteasy-client)
Requires: mvn(org.jboss.resteasy:resteasy-jackson2-provider)
Requires: mvn(org.jboss.resteasy:resteasy-jaxrs)
%else
Provides: bundled(jackson-annotations) = 2.16.1
Provides: bundled(jackson-core) = 2.16.1
Provides: bundled(jackson-databind) = 2.16.1
Provides: bundled(jackson-modules-base) = 2.16.1
Provides: bundled(jackson-jaxrs-providers) = 2.16.1
Provides: bundled(jboss-jaxrs-2.0-api) = 1.0.0
Provides: bundled(jboss-logging) = 3.5.3
Provides: bundled(resteasy-jaxrs) = 3.0.26
Provides: bundled(resteasy-client) = 3.0.26
Provides: bundled(resteasy-jackson2-provider) = 3.0.26
%endif
Requires: mvn(org.dogtagpki.jss:jss-base) >= 5.5.0
@ -536,8 +649,10 @@ Requires: python3-policycoreutils
Requires: selinux-policy-targeted >= 3.13.1-159
%if %{without deps}
%if %{with runtime_deps}
Requires: mvn(org.jboss.resteasy:resteasy-servlet-initializer)
%else
Provides: bundled(resteasy-servlet-initializer) = 3.0.26
%endif
Requires: tomcat >= 1:9.0.62
@ -848,7 +963,7 @@ Provides: pki-server-theme = %{version}-%{release}
Obsoletes: %{product_id}-server-theme < %{version}-%{release}
Provides: %{product_id}-server-theme = %{version}-%{release}
%if 0%{?fedora} > 38
%if 0%{?fedora} > 38 || 0%{?rhel} > 9
BuildRequires: fontawesome4-fonts-web
Requires: fontawesome4-fonts-web
%else
@ -915,52 +1030,104 @@ This package provides test suite for %{product_name}.
%autosetup -n pki-%{version}%{?phase:-}%{?phase} -p 1
%if %{with deps}
if [ ! -d lib ]
%if %{without build_deps}
# import common libraries from dist-git
mkdir -p base/common/lib
pushd base/common/lib
cp %{SOURCE1} .
cp %{SOURCE2} .
cp %{SOURCE3} .
cp %{SOURCE4} .
cp %{SOURCE5} .
cp %{SOURCE6} .
cp %{SOURCE7} .
cp %{SOURCE8} .
cp %{SOURCE9} .
cp %{SOURCE10} .
cp %{SOURCE11} .
ls -l
popd
# import server libraries from dist-git
mkdir -p base/server/lib
pushd base/server/lib
cp %{SOURCE12} .
ls -l
popd
%endif
%if %{without runtime_deps}
if [ ! -d base/common/lib ]
then
mkdir lib
# import common libraries from RPMs
mkdir -p base/common/lib
pushd base/common/lib
JACKSON_VERSION=$(rpm -q jackson-annotations | sed -n 's/^jackson-annotations-\([^-]*\)-.*$/\1/p')
echo "Importing Jackson $JACKSON_VERSION from RPM"
echo "JACKSON_VERSION: $JACKSON_VERSION"
cp /usr/share/java/jackson-annotations.jar \
lib/jackson-annotations-$JACKSON_VERSION.jar
jackson-annotations-$JACKSON_VERSION.jar
cp /usr/share/java/jackson-core.jar \
lib/jackson-core-$JACKSON_VERSION.jar
jackson-core-$JACKSON_VERSION.jar
cp /usr/share/java/jackson-databind.jar \
lib/jackson-databind-$JACKSON_VERSION.jar
jackson-databind-$JACKSON_VERSION.jar
cp /usr/share/java/jackson-jaxrs-providers/jackson-jaxrs-base.jar \
lib/jackson-jaxrs-base-$JACKSON_VERSION.jar
jackson-jaxrs-base-$JACKSON_VERSION.jar
cp /usr/share/java/jackson-jaxrs-providers/jackson-jaxrs-json-provider.jar \
lib/jackson-jaxrs-json-provider-$JACKSON_VERSION.jar
jackson-jaxrs-json-provider-$JACKSON_VERSION.jar
cp /usr/share/java/jackson-modules/jackson-module-jaxb-annotations.jar \
lib/jackson-module-jaxb-annotations-$JACKSON_VERSION.jar
jackson-module-jaxb-annotations-$JACKSON_VERSION.jar
JAXRS_VERSION=$(rpm -q jboss-jaxrs-2.0-api | sed -n 's/^jboss-jaxrs-2.0-api-\([^-]*\)-.*$/\1.Final/p')
echo "Importing JAX-RS 2.0 API $JAXRS_VERSION from RPM"
echo "JAXRS_VERSION: $JAXRS_VERSION"
cp /usr/share/java/jboss-jaxrs-2.0-api.jar \
lib/jboss-jaxrs-2.0-api-$JAXRS_VERSION.jar
jboss-jaxrs-2.0-api-$JAXRS_VERSION.jar
JBOSS_LOGGING_VERSION=$(rpm -q jboss-logging | sed -n 's/^jboss-logging-\([^-]*\)-.*$/\1.Final/p')
echo "Importing JBoss Logging $JBOSS_LOGGING_VERSION from RPM"
echo "JBOSS_LOGGING_VERSION: $JBOSS_LOGGING_VERSION"
cp /usr/share/java/jboss-logging/jboss-logging.jar \
lib/jboss-logging-$JBOSS_LOGGING_VERSION.jar
jboss-logging-$JBOSS_LOGGING_VERSION.jar
RESTEASY_VERSION=$(rpm -q pki-resteasy-core | sed -n 's/^pki-resteasy-core-\([^-]*\)-.*$/\1.Final/p')
echo "Importing RESTEasy $RESTEASY_VERSION from RPM"
echo "RESTEASY_VERSION: $RESTEASY_VERSION"
cp /usr/share/java/resteasy/resteasy-jaxrs.jar \
lib/resteasy-jaxrs-$RESTEASY_VERSION.jar
resteasy-jaxrs-$RESTEASY_VERSION.jar
cp /usr/share/java/resteasy/resteasy-client.jar \
lib/resteasy-client-$RESTEASY_VERSION.jar
resteasy-client-$RESTEASY_VERSION.jar
cp /usr/share/java/resteasy/resteasy-jackson2-provider.jar \
lib/resteasy-jackson2-provider-$RESTEASY_VERSION.jar
cp /usr/share/java/resteasy/resteasy-servlet-initializer.jar \
lib/resteasy-servlet-initializer-$RESTEASY_VERSION.jar
resteasy-jackson2-provider-$RESTEASY_VERSION.jar
ls -la lib
ls -l
popd
fi
if [ ! -d base/server/lib ]
then
# import server libraries from RPMs
mkdir -p base/server/lib
pushd base/server/lib
RESTEASY_VERSION=$(rpm -q pki-servlet-initializer | sed -n 's/^pki-servlet-initializer-\([^-]*\)-.*$/\1.Final/p')
echo "RESTEASY_VERSION: $RESTEASY_VERSION"
cp /usr/share/java/resteasy/resteasy-servlet-initializer.jar \
resteasy-servlet-initializer-$RESTEASY_VERSION.jar
ls -l
popd
fi
%endif
@ -1008,8 +1175,10 @@ fi
%pom_disable_module console base
%endif
# flatten-maven-plugin is not available in RPM
# remove plugins not needed to build RPM
%pom_remove_plugin org.codehaus.mojo:flatten-maven-plugin
%pom_remove_plugin org.apache.maven.plugins:maven-deploy-plugin
%pom_remove_plugin com.github.github:site-maven-plugin
# specify Maven artifact locations
%mvn_file org.dogtagpki.pki:pki-common pki/pki-common
@ -1059,6 +1228,7 @@ fi
export JAVA_HOME=%{java_home}
%if %{with maven}
# build Java binaries and run unit tests with Maven
%mvn_build %{!?with_test:-f} -j
@ -1112,6 +1282,9 @@ ln -sf ../../base/console/target/pki-console.jar
popd
# with maven
%endif
# Remove all symbol table and relocation information from the executable.
C_FLAGS="-s"
CXX_FLAGS="$CXX_FLAGS -g -fPIE -pie"
@ -1181,7 +1354,7 @@ pkgs=base\
--unit-dir=%{_unitdir} \
--python=%{python3} \
--python-dir=%{python3_sitelib} \
--without-java \
%{?with_maven:--without-java} \
--with-pkgs=$pkgs \
%{?with_console:--with-console} \
--without-test \
@ -1191,8 +1364,10 @@ pkgs=base\
%install
################################################################################
%if %{with maven}
# install Java binaries
%mvn_install
%endif
# install PKI console, Javadoc, and native binaries
./build.sh \
@ -1201,7 +1376,21 @@ pkgs=base\
--install-dir=%{buildroot} \
install
%if %{with deps}
%if %{without runtime_deps}
%if %{with base}
echo "Installing common libraries into %{buildroot}%{_datadir}/pki/lib"
cp base/common/lib/* %{buildroot}%{_datadir}/pki/lib
ls -l %{buildroot}%{_datadir}/pki/lib
%endif
%if %{with server}
echo "Installing server libraries into %{buildroot}%{_datadir}/pki/server/common/lib"
cp base/server/lib/* %{buildroot}%{_datadir}/pki/server/common/lib
ls -l %{buildroot}%{_datadir}/pki/server/common/lib
%endif
%if %{with maven}
%if %{with meta}
echo "Removing RPM deps from %{buildroot}%{_datadir}/maven-metadata/pki.xml"
@ -1216,20 +1405,6 @@ xmlstarlet edit --inplace \
%endif
%if %{with base}
echo "Installing JAR deps into %{buildroot}%{_datadir}/pki/lib"
cp lib/jackson-annotations-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/jackson-core-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/jackson-databind-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/jackson-jaxrs-base-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/jackson-jaxrs-json-provider-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/jackson-module-jaxb-annotations-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/jboss-jaxrs-2.0-api-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/jboss-logging-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/resteasy-jaxrs-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/resteasy-client-*.jar %{buildroot}%{_datadir}/pki/lib
cp lib/resteasy-jackson2-provider-*.jar %{buildroot}%{_datadir}/pki/lib
ls -l %{buildroot}%{_datadir}/pki/lib
echo "Removing RPM deps from %{buildroot}%{_datadir}/maven-metadata/pki-pki-java.xml"
xmlstarlet edit --inplace \
-d "//_:dependency[_:groupId='com.fasterxml.jackson.core']" \
@ -1252,10 +1427,6 @@ xmlstarlet edit --inplace \
%endif
%if %{with server}
echo "Installing JAR deps into %{buildroot}%{_datadir}/pki/server/common/lib"
cp lib/resteasy-servlet-initializer-*.jar %{buildroot}%{_datadir}/pki/server/common/lib
ls -l %{buildroot}%{_datadir}/pki/server/common/lib
echo "Removing RPM deps from %{buildroot}%{_datadir}/maven-metadata/pki-pki-server.xml"
xmlstarlet edit --inplace \
-d "//_:dependency[_:groupId='com.fasterxml.jackson.core']" \
@ -1351,7 +1522,10 @@ xmlstarlet edit --inplace \
%{buildroot}%{_datadir}/maven-metadata/%{name}-pki-est.xml
%endif
# with deps
# with maven
%endif
# without runtime_deps
%endif
%if %{with server}
@ -1432,10 +1606,10 @@ fi
%if %{with meta}
%if "%{name}" != "%{product_id}"
################################################################################
%files -n %{product_id} -f .mfiles
%files -n %{product_id} %{?with_maven:-f .mfiles}
################################################################################
%else
%files -f .mfiles
%files %{?with_maven:-f .mfiles}
%endif
%doc %{_datadir}/doc/pki/README
@ -1471,7 +1645,7 @@ fi
%{_mandir}/man8/pki-upgrade.8.gz
################################################################################
%files -n %{product_id}-java -f .mfiles-pki-java
%files -n %{product_id}-java %{?with_maven:-f .mfiles-pki-java}
################################################################################
%license base/common/LICENSE
@ -1479,6 +1653,10 @@ fi
%{_datadir}/pki/examples/java/
%{_datadir}/pki/lib/*.jar
%if %{without maven}
%{_datadir}/java/pki/pki-common.jar
%endif
################################################################################
%files -n python3-%{product_id}
################################################################################
@ -1491,7 +1669,7 @@ fi
%{python3_sitelib}/pki
################################################################################
%files -n %{product_id}-tools -f .mfiles-pki-tools
%files -n %{product_id}-tools %{?with_maven:-f .mfiles-pki-tools}
################################################################################
%license base/tools/LICENSE
@ -1560,12 +1738,16 @@ fi
%{_mandir}/man1/PKICertImport.1.gz
%{_mandir}/man1/tpsclient.1.gz
%if %{without maven}
%{_datadir}/java/pki/pki-tools.jar
%endif
# with base
%endif
%if %{with server}
################################################################################
%files -n %{product_id}-server -f .mfiles-pki-server
%files -n %{product_id}-server %{?with_maven:-f .mfiles-pki-server}
################################################################################
%license base/common/THIRD_PARTY_LICENSES
@ -1619,76 +1801,107 @@ fi
%{_datadir}/pki/setup/
%{_datadir}/pki/server/
%if %{without maven}
%{_datadir}/java/pki/pki-server.jar
%{_datadir}/java/pki/pki-server-webapp.jar
%{_datadir}/java/pki/pki-tomcat.jar
%{_datadir}/java/pki/pki-tomcat-9.0.jar
%endif
# with server
%endif
%if %{with acme}
################################################################################
%files -n %{product_id}-acme -f .mfiles-pki-acme
%files -n %{product_id}-acme %{?with_maven:-f .mfiles-pki-acme}
################################################################################
%{_datadir}/pki/acme/
%if %{without maven}
%{_datadir}/java/pki/pki-acme.jar
%endif
# with acme
%endif
%if %{with ca}
################################################################################
%files -n %{product_id}-ca -f .mfiles-pki-ca
%files -n %{product_id}-ca %{?with_maven:-f .mfiles-pki-ca}
################################################################################
%license base/ca/LICENSE
%{_datadir}/pki/ca/
%if %{without maven}
%{_datadir}/java/pki/pki-ca.jar
%endif
# with ca
%endif
%if %{with est}
################################################################################
%files -n %{product_id}-est -f .mfiles-pki-est
%files -n %{product_id}-est %{?with_maven:-f .mfiles-pki-est}
################################################################################
%{_datadir}/pki/est/
%if %{without maven}
%{_datadir}/java/pki/pki-est.jar
%endif
# with est
%endif
%if %{with kra}
################################################################################
%files -n %{product_id}-kra -f .mfiles-pki-kra
%files -n %{product_id}-kra %{?with_maven:-f .mfiles-pki-kra}
################################################################################
%license base/kra/LICENSE
%{_datadir}/pki/kra/
%if %{without maven}
%{_datadir}/java/pki/pki-kra.jar
%endif
# with kra
%endif
%if %{with ocsp}
################################################################################
%files -n %{product_id}-ocsp -f .mfiles-pki-ocsp
%files -n %{product_id}-ocsp %{?with_maven:-f .mfiles-pki-ocsp}
################################################################################
%license base/ocsp/LICENSE
%{_datadir}/pki/ocsp/
%if %{without maven}
%{_datadir}/java/pki/pki-ocsp.jar
%endif
# with ocsp
%endif
%if %{with tks}
################################################################################
%files -n %{product_id}-tks -f .mfiles-pki-tks
%files -n %{product_id}-tks %{?with_maven:-f .mfiles-pki-tks}
################################################################################
%license base/tks/LICENSE
%{_datadir}/pki/tks/
%if %{without maven}
%{_datadir}/java/pki/pki-tks.jar
%endif
# with tks
%endif
%if %{with tps}
################################################################################
%files -n %{product_id}-tps -f .mfiles-pki-tps
%files -n %{product_id}-tps %{?with_maven:-f .mfiles-pki-tps}
################################################################################
%license base/tps/LICENSE
@ -1696,6 +1909,10 @@ fi
%{_mandir}/man5/pki-tps-connector.5.gz
%{_mandir}/man5/pki-tps-profile.5.gz
%if %{without maven}
%{_datadir}/java/pki/pki-tps.jar
%endif
# with tps
%endif
@ -1711,12 +1928,16 @@ fi
%if %{with console}
################################################################################
%files -n %{product_id}-console -f .mfiles-pki-console
%files -n %{product_id}-console %{?with_maven:-f .mfiles-pki-console}
################################################################################
%license base/console/LICENSE
%{_bindir}/pkiconsole
%if %{without maven}
%{_datadir}/java/pki/pki-console.jar
%endif
# with console
%endif
@ -1770,6 +1991,10 @@ fi
################################################################################
%changelog
* Tue Jul 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.5.3-1
- Rebase to PKI 11.5.3
- Bundle RESTEasy and Jackson libraries
* Wed Jul 03 2024 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.5.2-1
- Rebase to PKI 11.5.2
- CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability

14
sources
View File

@ -1 +1,13 @@
SHA512 (pki-11.5.2.tar.gz) = 206d957c5a8508130e83464af0bece5d79113844b65af5bf82c342508f858987cd7d5eccb69014dfbfefb5b802a51ade6aed761af80a0ea920e6deba1a9e2ad1
SHA512 (pki-11.5.3.tar.gz) = 2572102467b2efb168ee84549d3c7ce210b159d0d30806e999c17af359ca3156401dc44dd2ec1135df590ad28315519b868d8c113c240680e3a2365d3f92edc0
SHA512 (jackson-annotations-2.16.1.jar) = b5f05c0aeb994c8f694cf080ffb1f8cbd3baff34f52479a618fef6c91b82c8a1cb09801ab24c898b9db698863ea7da615d8991c8741172d21d540345156a200a
SHA512 (jackson-core-2.16.1.jar) = 3abac44446ae99aa89c4c7bb50e4a07eb297f4c8d76931e330da6830ffcd9ea94520a7dda1b8d9b00fce64e3838cc7ecf8e490eb478276155d8c286b80f5586c
SHA512 (jackson-databind-2.16.1.jar) = adbdcfae96dcfc56669c811a6c8e99a711d372cd1950e39122fe785dfec043a62c92c4a8cf495589db10424ce10517607808cbd4d1ec184ce41c20bb96cc476c
SHA512 (jackson-jaxrs-base-2.16.1.jar) = ed33efbd356366099807321f00a6c6b0a63492c2ccceaab47c01a5431606e2235e5063a5e03127da0667ae336159d4bef1b041edb8af8fe6842c6db2c4051b8a
SHA512 (jackson-jaxrs-json-provider-2.16.1.jar) = 159858d45522a41573a9e2317376bb99bc536b6cc18aa0666e2364d1a8653615ced5f7381eb09c90a610ffb47f04978705138f11abe4a211ded855093ac05953
SHA512 (jackson-module-jaxb-annotations-2.16.1.jar) = ab298afa23a4a99935d960581735d005a83dcea7a516c14263c692717b789ff8445ea7b4144d200fc58853ad705a1b947113f06df141526e194e388b9b3f9420
SHA512 (jboss-jaxrs-2.0-api-1.0.0.Final.jar) = 39a29f9259e7ceb9018447c49d4a18be31aa88775ed7999eff20b2a8f1d8daa25da520c09d0a1c53bf7f417106a64cb2d4f374038ae44511cb60dac1db714495
SHA512 (jboss-logging-3.5.3.Final.jar) = 2f604d0318a9f10b5c867dbff4ac7a3a608a41a9383cb3fc2ef6364f28396144ead96a0526ae3dea4336109042ead81b9b9318b13e9964b2c57a26794981f5cb
SHA512 (resteasy-client-3.0.26.Final.jar) = 9f3ea65f9cb045cc2e6f4c06f9b63f8d1f78b36ae419ca8367ce11cdd82e6fe35a2d5847634d71a306e0f6d8e3a69db5930c179cf635f105a8f064becb14f2a2
SHA512 (resteasy-jackson2-provider-3.0.26.Final.jar) = 11e76fc901f4299dacfb67f4784988511933ef170d05d2dce3cbceb5d7857827faec0f4fc7618dea0ba51267bc0ea5bc185e41a5a539e35c688b8e4d433b1792
SHA512 (resteasy-jaxrs-3.0.26.Final.jar) = 7beb8391d7fcfb96be8ffab674613167001f99a3fb3c4661c037949a52f2658db8028d8a2f3319df06dd3f2deb8152f4cad5f681d401a8deeea9b19ad5aba266
SHA512 (resteasy-servlet-initializer-3.0.26.Final.jar) = 47a57c0137263d45628d53cceb4a9a6a87209150aaa559b56c5085e6b7b40be8f488c8fcc8ecf8f3882fc981c6d25ba2c750db7254eebea9b2faa5087a72453c

51
sources-download.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh -e
download() {
PKG_NAME=$1
SUFFIX=$2
ssh "${OPTIONS[@]}" $SOURCE dnf install -y $PKG_NAME
VERSION=$(ssh "${OPTIONS[@]}" $SOURCE rpm -q $PKG_NAME | sed -n "s/^$PKG_NAME-\\([^-]*\\)-.*$/\\1/p")
if [ "$VERSION" == "" ]
then
echo "$PKG_NAME not found"
exit 1
fi
echo "Downloading $PKG_NAME-$VERSION"
FILES=$(ssh "${OPTIONS[@]}" $SOURCE rpm -ql $PKG_NAME | sed -n -e "/^\/usr\/share\/java\/.*\.jar$/p")
for FILE in $FILES
do
echo Downloading $FILE
FILENAME=$(basename $FILE)
NAME=$(echo $FILENAME | sed 's/\.jar$//')
scp "${OPTIONS[@]}" $SOURCE:$FILE $NAME-$VERSION$SUFFIX.jar
done
}
SOURCE=$1
if [ "$SOURCE" == "" ]
then
echo "Usage: source-download.sh <username>@<hostname>"
exit 0
fi
OPTIONS=(-i /usr/share/qa-tools/1minutetip/1minutetip)
download jackson-annotations
download jackson-core
download jackson-databind
download jackson-module-jaxb-annotations
download jackson-jaxrs-providers
download jackson-jaxrs-json-provider
download jboss-jaxrs-2.0-api .Final
download jboss-logging .Final
download pki-resteasy-core .Final
download pki-resteasy-client .Final
download pki-resteasy-jackson2-provider .Final
download pki-resteasy-servlet-initializer .Final

14
sources-import.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
COMMAND=$1
if [ "$COMMAND" == "" ]
then
echo "Usage: source-import.sh <command>"
exit 0
fi
FILES=$(ls *.tar.gz)
FILES+=($(ls *.jar))
$COMMAND new-sources "${FILES[@]}"

5
sources-update.sh
View File

@ -5,3 +5,8 @@ TARGET=`basename $1`
cp $SOURCE $TARGET
sha512sum --tag $TARGET > sources
for FILENAME in $(ls *.jar)
do
sha512sum --tag $FILENAME >> sources
done