rpms/dogtag-pki
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to PKI 11.5.0

Browse Source 
Resolves: RHEL-34248
This commit is contained in:
Endi S. Dewata 2024-04-25 11:53:12 -05:00
parent be01d7397a
commit c54aea055e
12 changed files with 468 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.gitignore vendored
View File

@ -24,10 +24,23 @@
/pki-11.0.0-alpha2.tar.gz
/pki-11.0.0-beta1.tar.gz
/pki-11.0.0.tar.gz
/pki-11.0.1.tar.gz
/pki-11.0.3.tar.gz
/pki-11.1.0-alpha2.tar.gz
/pki-11.1.0.tar.gz
/pki-11.2.0-beta1.tar.gz
/pki-11.2.0-beta2.tar.gz
/pki-11.2.0-beta3.tar.gz
/pki-11.2.0.tar.gz
/pki-11.2.1.tar.gz
/pki-11.3.0-beta1.tar.gz
/pki-11.3.0.tar.gz
/pki-11.3.1.tar.gz
/pki-11.4.2.tar.gz
/pki-11.4.3.tar.gz
/pki-11.5.0-alpha4.tar.gz
/pki-11.5.0-alpha5.tar.gz
/pki-11.5.0-alpha6.tar.gz
/pki-11.5.0-alpha7.tar.gz
/pki-11.5.0-alpha8.tar.gz
/pki-11.5.0.tar.gz

45
0001-Handle-removal-of-ConfigParser.readfp-in-Python-3.12.patch
View File

@ -1,45 +0,0 @@
From 584e9f2c07b6e23e92c09a34b0a3cb8107d696da Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 4 Jul 2023 16:02:41 -0700
Subject: [PATCH] Handle removal of ConfigParser.readfp() in Python 3.12
Per https://docs.python.org/3.12/whatsnew/3.12.html#removed ,
configparser.ConfigParser.readfp() is removed in Python 3.12.
Assuming we still want to keep Python 2 compatibility, since
there are still a bunch of uses of six in the codebase, I've
changed this to do it the same way as it's done in freeipa
ipaserver/install/certs.py, using readfp on Python 2 and
read_file on Python 3.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
base/server/python/pki/server/deployment/pkiparser.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 25322cbf4..d8143237f 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -29,6 +29,7 @@ import logging
import os
import string
+import six
from six.moves import input # pylint: disable=W0622,F0401
from six.moves import configparser # pylint: disable=F0401
from six.moves.urllib.parse import urlparse # pylint: disable=F0401,E0611
@@ -342,7 +343,10 @@ class PKIConfigParser:
self.deployer.user_config.optionxform = str
with open(config.default_deployment_cfg, encoding='utf-8') as f:
- self.deployer.main_config.readfp(f)
+ if six.PY2:
+ self.deployer.main_config.readfp(f)
+ else:
+ self.deployer.main_config.read_file(f)
self.deployer.flatten_master_dict()
--
2.41.0

3
dogtag-pki.rpmlintrc
View File

@ -1 +1,4 @@
addFilter('W: spelling-error')
addFilter('W: dangling-symlink')
addFilter('W: no-manual-page-for-binary')
addFilter('W: log-files-without-logrotate')

492
dogtag-pki.spec
View File

@ -2,19 +2,19 @@
Name: dogtag-pki
################################################################################
%global product_name Dogtag PKI
%global product_id dogtag-pki
%global theme dogtag
%global product_name IDM PKI
%global product_id idm-pki
%undefine theme
# Upstream version number:
%global major_version 11
%global minor_version 4
%global update_version 3
%global minor_version 5
%global update_version 0
# Downstream release number:
# - development/stabilization (unsupported): 0.<n> where n >= 1
# - GA/update (supported): <n> where n >= 1
%global release_number 2
%global release_number 1
# Development phase:
# - development (unsupported): alpha<n> where n >= 1
@ -30,7 +30,7 @@ URL: https://www.dogtagpki.org
# The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
License: GPL-2.0-only and LGPL-2.0-only
Version: %{major_version}.%{minor_version}.%{update_version}
Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.4
Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
# To create a tarball from a version tag:
# $ git archive \
@ -47,11 +47,7 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?phase:-}%{?phase}
# > pki-VERSION-RELEASE.patch
# Patch: pki-VERSION-RELEASE.patch
# https://github.com/dogtagpki/pki/pull/4494
# Fix pkiparser.py to work with Python 3.12
Patch0: 0001-Handle-removal-of-ConfigParser.readfp-in-Python-3.12.patch
%if 0%{?fedora} > 35 || 0%{?rhel} > 9
%if 0%{?java_arches:1}
ExclusiveArch: %{java_arches}
%else
ExcludeArch: i686
@ -63,12 +59,6 @@ ExcludeArch: i686
%global p11_kit_trust /usr/lib64/pkcs11/p11-kit-trust.so
################################################################################
# Python
################################################################################
%global python_executable /usr/bin/python3
################################################################################
# Java
################################################################################
@ -91,6 +81,8 @@ ExcludeArch: i686
%bcond_without test
# Build the package unless --without <package> is specified.
# For idm-pki do not build the following packages:
# ocsp, tks, tps, javadoc, theme, tests, debug
%bcond_without base
%bcond_without server
@ -98,25 +90,14 @@ ExcludeArch: i686
%bcond_without ca
%bcond_without est
%bcond_without kra
%if 0%{?rhel}
%bcond_with ocsp
%bcond_with tks
%bcond_with tps
%bcond_with javadoc
%bcond_with theme
%bcond_with meta
%bcond_with tests
%bcond_with debug
%else
%bcond_without ocsp
%bcond_without tks
%bcond_without tps
%bcond_without javadoc
%bcond_without theme
%bcond_without meta
%bcond_without tests
%bcond_with tests
%bcond_without debug
%endif
# Don't build console unless --with console is specified.
%bcond_with console
@ -188,17 +169,23 @@ BuildRequires: mvn(org.apache.commons:commons-lang3)
BuildRequires: mvn(commons-logging:commons-logging)
BuildRequires: mvn(commons-net:commons-net)
BuildRequires: mvn(org.slf4j:slf4j-api)
BuildRequires: mvn(org.slf4j:slf4j-jdk14)
BuildRequires: mvn(junit:junit)
BuildRequires: pki-resteasy >= 3.0.26
BuildRequires: jss = 5.4
BuildRequires: tomcatjss = 8.4
BuildRequires: ldapjdk = 5.4
BuildRequires: tomcat >= 1:9.0.31
BuildRequires: mvn(xml-apis:xml-apis)
BuildRequires: mvn(xml-resolver:xml-resolver)
BuildRequires: mvn(org.junit.jupiter:junit-jupiter-api)
BuildRequires: mvn(org.jboss.resteasy:resteasy-client)
BuildRequires: mvn(org.jboss.resteasy:resteasy-jackson2-provider)
BuildRequires: mvn(org.jboss.resteasy:resteasy-jaxrs)
BuildRequires: mvn(org.jboss.resteasy:resteasy-servlet-initializer)
BuildRequires: mvn(org.apache.tomcat:tomcat-catalina) >= 9.0.62
BuildRequires: mvn(org.apache.tomcat:tomcat-servlet-api) >= 9.0.62
BuildRequires: mvn(org.apache.tomcat:tomcat-jaspic-api) >= 9.0.62
BuildRequires: mvn(org.apache.tomcat:tomcat-util-scan) >= 9.0.62
BuildRequires: mvn(org.dogtagpki.jss:jss-base) >= 5.5.0
BuildRequires: mvn(org.dogtagpki.jss:jss-tomcat) >= 5.5.0
BuildRequires: mvn(org.dogtagpki.ldap-sdk:ldapjdk) >= 5.5.0
# Python build dependencies
BuildRequires: python3 >= 3.9
BuildRequires: python3 >= 3.6
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-cryptography
@ -235,8 +222,8 @@ BuildRequires: freeipa-healthcheck-core
BuildRequires: nss-tools
BuildRequires: openssl
# description for top-level package (if there is no separate meta package)
%if %{without meta}
# description for top-level package (if there is a separate meta package)
%if "%{name}" != "%{product_id}"
%description
%{product_name} is an enterprise software system designed
@ -252,8 +239,9 @@ to manage enterprise Public Key Infrastructure deployments.
* Automatic Certificate Management Environment (ACME) Responder
* Enrollment over Secure Transport (EST) Responder
%else
%endif
%if %{with meta}
%if "%{name}" != "%{product_id}"
################################################################################
%package -n %{product_id}
@ -268,26 +256,69 @@ Obsoletes: pki-console < %{version}
Obsoletes: pki-console-theme < %{version}
Obsoletes: idm-console-framework < 2.0
# Make certain that this 'meta' package requires the latest version(s)
# of ALL PKI theme packages
Requires: %{product_id}-theme = %{version}-%{release}
%if %{with base}
Requires: %{product_id}-base = %{version}-%{release}
Requires: python3-%{product_id} = %{version}-%{release}
Requires: %{product_id}-java = %{version}-%{release}
Requires: %{product_id}-tools = %{version}-%{release}
%endif
# Make certain that this 'meta' package requires the latest version(s)
# of ALL PKI core packages
%if %{with server}
Requires: %{product_id}-server = %{version}-%{release}
%endif
%if %{with acme}
Requires: %{product_id}-acme = %{version}-%{release}
Requires: %{product_id}-ca = %{version}-%{release}
Requires: %{product_id}-est = %{version}-%{release}
Requires: %{product_id}-kra = %{version}-%{release}
Requires: %{product_id}-ocsp = %{version}-%{release}
Requires: %{product_id}-tks = %{version}-%{release}
Requires: %{product_id}-tps = %{version}-%{release}
%endif
%if %{with ca}
Requires: %{product_id}-ca = %{version}-%{release}
%endif
%if %{with est}
Requires: %{product_id}-est = %{version}-%{release}
%endif
%if %{with kra}
Requires: %{product_id}-kra = %{version}-%{release}
%endif
%if %{with ocsp}
Requires: %{product_id}-ocsp = %{version}-%{release}
%endif
%if %{with tks}
Requires: %{product_id}-tks = %{version}-%{release}
%endif
%if %{with tps}
Requires: %{product_id}-tps = %{version}-%{release}
%endif
%if %{with javadoc}
Requires: %{product_id}-javadoc = %{version}-%{release}
%endif
%if %{with console}
Requires: %{product_id}-console = %{version}-%{release}
%endif
%if %{with theme}
Requires: %{product_id}-theme = %{version}-%{release}
%if %{with console}
Requires: %{product_id}-console-theme = %{version}-%{release}
%endif
%endif
%if %{with tests}
Requires: %{product_id}-tests = %{version}-%{release}
%endif
# Make certain that this 'meta' package requires the latest version(s)
# of ALL PKI clients -- except for s390/s390x where 'esc' is not built
# and for idm-pki.
%ifnarch s390 s390x
Requires: esc >= 1.1.1
#Requires: esc >= 1.1.1
%endif
# description for top-level package (unless there is a separate meta package)
@ -353,7 +384,7 @@ Provides: pki-base-python3 = %{version}-%{release}
%{?python_provide:%python_provide python3-pki}
Requires: %{product_id}-base = %{version}-%{release}
Requires: python3 >= 3.9
Requires: python3 >= 3.6
Requires: python3-cryptography
Requires: python3-ldap
Requires: python3-lxml
@ -385,10 +416,12 @@ Requires: mvn(commons-logging:commons-logging)
Requires: mvn(commons-net:commons-net)
Requires: mvn(org.slf4j:slf4j-api)
Requires: mvn(org.slf4j:slf4j-jdk14)
Requires: jss = 5.4
Requires: ldapjdk = 5.4
Requires: mvn(org.jboss.resteasy:resteasy-client)
Requires: mvn(org.jboss.resteasy:resteasy-jackson2-provider)
Requires: mvn(org.jboss.resteasy:resteasy-jaxrs)
Requires: mvn(org.dogtagpki.jss:jss-base) >= 5.5.0
Requires: mvn(org.dogtagpki.ldap-sdk:ldapjdk) >= 5.5.0
Requires: %{product_id}-base = %{version}-%{release}
Requires: pki-resteasy >= 3.0.26
%description -n %{product_id}-java
This package provides common and client libraries for Java.
@ -440,6 +473,8 @@ Requires: openldap-clients
Requires: openssl
Requires: %{product_id}-tools = %{version}-%{release}
Requires: %{java_devel}
Requires: keyutils
Requires: policycoreutils-python-utils
@ -450,13 +485,14 @@ Requires: python3-policycoreutils
Requires: selinux-policy-targeted >= 3.13.1-159
Requires: tomcat >= 1:9.0.31
Requires: mvn(org.jboss.resteasy:resteasy-servlet-initializer)
Requires: tomcat >= 1:9.0.62
Requires: mvn(org.dogtagpki.jss:jss-tomcat) >= 5.5.0
Requires: systemd
Requires(post): systemd-units
Requires(postun): systemd-units
Requires(pre): shadow-utils
Requires: tomcatjss = 8.4
# pki-healthcheck depends on the following library
%if 0%{?rhel}
@ -729,12 +765,12 @@ This package provides %{product_name} API documentation.
Summary: %{product_name} Console Package
BuildArch: noarch
BuildRequires: idm-console-framework >= 2.0
BuildRequires: mvn(org.dogtagpki.console-framework:console-framework) >= 2.1.0
Obsoletes: pki-console < %{version}-%{release}
Provides: pki-console = %{version}-%{release}
Requires: idm-console-framework >= 2.0
Requires: mvn(org.dogtagpki.console-framework:console-framework) >= 2.1.0
Requires: %{product_id}-java = %{version}-%{release}
Requires: %{product_id}-console-theme = %{version}-%{release}
@ -758,9 +794,11 @@ Provides: pki-server-theme = %{version}-%{release}
Obsoletes: %{product_id}-server-theme < %{version}-%{release}
Provides: %{product_id}-server-theme = %{version}-%{release}
%if 0%{?fedora} > 38 || 0%{?rhel} > 9
%if 0%{?fedora} > 38
BuildRequires: fontawesome4-fonts-web
Requires: fontawesome4-fonts-web
%else
BuildRequires: fontawesome-fonts-web
Requires: fontawesome-fonts-web
%endif
@ -823,6 +861,91 @@ This package provides test suite for %{product_name}.
%autosetup -n pki-%{version}%{?phase:-}%{?phase} -p 1
%if ! %{with base}
%pom_disable_module common base
%pom_disable_module tools base
%endif
%if ! %{with server}
%pom_disable_module tomcat base
%pom_disable_module tomcat-9.0 base
%pom_disable_module server base
%pom_disable_module server-webapp base
%endif
%if ! %{with ca}
%pom_disable_module ca base
%endif
%if ! %{with kra}
%pom_disable_module kra base
%endif
%if ! %{with ocsp}
%pom_disable_module ocsp base
%endif
%if ! %{with tks}
%pom_disable_module tks base
%endif
%if ! %{with tps}
%pom_disable_module tps base
%endif
%if ! %{with acme}
%pom_disable_module acme base
%endif
%if ! %{with est}
%pom_disable_module est base
%endif
%if ! %{with console}
%pom_disable_module console base
%endif
# flatten-maven-plugin is not available in RPM
%pom_remove_plugin org.codehaus.mojo:flatten-maven-plugin
# specify Maven artifact locations
%mvn_file org.dogtagpki.pki:pki-common pki/pki-common
%mvn_file org.dogtagpki.pki:pki-tools pki/pki-tools
%mvn_file org.dogtagpki.pki:pki-server pki/pki-server
%mvn_file org.dogtagpki.pki:pki-server-webapp pki/pki-server-webapp
%mvn_file org.dogtagpki.pki:pki-tomcat pki/pki-tomcat
%mvn_file org.dogtagpki.pki:pki-tomcat-9.0 pki/pki-tomcat-9.0
%mvn_file org.dogtagpki.pki:pki-ca pki/pki-ca
%mvn_file org.dogtagpki.pki:pki-kra pki/pki-kra
%mvn_file org.dogtagpki.pki:pki-ocsp pki/pki-ocsp
%mvn_file org.dogtagpki.pki:pki-tks pki/pki-tks
%mvn_file org.dogtagpki.pki:pki-tps pki/pki-tps
%mvn_file org.dogtagpki.pki:pki-acme pki/pki-acme
%mvn_file org.dogtagpki.pki:pki-est pki/pki-est
%if %{with console}
%mvn_file org.dogtagpki.pki:pki-console pki/pki-console
%endif
# specify Maven artifact packages
%mvn_package org.dogtagpki.pki:pki-common pki-java
%mvn_package org.dogtagpki.pki:pki-tools pki-tools
%mvn_package org.dogtagpki.pki:pki-server pki-server
%mvn_package org.dogtagpki.pki:pki-server-webapp pki-server
%mvn_package org.dogtagpki.pki:pki-tomcat pki-server
%mvn_package org.dogtagpki.pki:pki-tomcat-9.0 pki-server
%mvn_package org.dogtagpki.pki:pki-ca pki-ca
%mvn_package org.dogtagpki.pki:pki-kra pki-kra
%mvn_package org.dogtagpki.pki:pki-ocsp pki-ocsp
%mvn_package org.dogtagpki.pki:pki-tks pki-tks
%mvn_package org.dogtagpki.pki:pki-tps pki-tps
%mvn_package org.dogtagpki.pki:pki-acme pki-acme
%mvn_package org.dogtagpki.pki:pki-est pki-est
%if %{with console}
%mvn_package org.dogtagpki.pki:pki-console pki-console
%endif
################################################################################
%build
################################################################################
@ -831,6 +954,81 @@ This package provides test suite for %{product_name}.
# (see /usr/lib/rpm/macros.d/macros.cmake)
%set_build_flags
export JAVA_HOME=%{java_home}
# build Java binaries and run unit tests with Maven
%mvn_build %{!?with_test:-f} -j
# create links to Maven-built JAR files for CMake
mkdir -p %{_vpath_builddir}/dist
pushd %{_vpath_builddir}/dist
%if %{with base}
ln -sf ../../base/common/target/pki-common.jar
ln -sf ../../base/tools/target/pki-tools.jar
%endif
%if %{with server}
ln -sf ../../base/tomcat/target/pki-tomcat.jar
ln -sf ../../base/tomcat-9.0/target/pki-tomcat-9.0.jar
ln -sf ../../base/server/target/pki-server.jar
ln -sf ../../base/server-webapp/target/pki-server-webapp.jar
%endif
%if %{with ca}
ln -sf ../../base/ca/target/pki-ca.jar
%endif
%if %{with kra}
ln -sf ../../base/kra/target/pki-kra.jar
%endif
%if %{with ocsp}
ln -sf ../../base/ocsp/target/pki-ocsp.jar
%endif
%if %{with tks}
ln -sf ../../base/tks/target/pki-tks.jar
%endif
%if %{with tps}
ln -sf ../../base/tps/target/pki-tps.jar
%endif
%if %{with acme}
ln -sf ../../base/acme/target/pki-acme.jar
%endif
%if %{with est}
ln -sf ../../base/est/target/pki-est.jar
%endif
%if %{with console}
ln -sf ../../base/console/target/pki-console.jar
%endif
popd
# Remove all symbol table and relocation information from the executable.
C_FLAGS="-s"
%if 0%{?fedora}
# https://sourceware.org/annobin/annobin.html/Test-gaps.html
C_FLAGS="$C_FLAGS -fplugin=annobin"
# https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
C_FLAGS="$C_FLAGS -fcf-protection=full"
# https://sourceware.org/annobin/annobin.html/Test-optimization.html
C_FLAGS="$C_FLAGS -O2"
# https://sourceware.org/annobin/annobin.html/Test-glibcxx-assertions.html
C_FLAGS="$C_FLAGS -D_GLIBCXX_ASSERTIONS"
# https://sourceware.org/annobin/annobin.html/Test-lto.html
C_FLAGS="$C_FLAGS -fno-lto"
%endif
pkgs=base\
%{?with_server:,server}\
%{?with_ca:,ca}\
@ -846,6 +1044,7 @@ pkgs=base\
%{?with_tests:,tests}\
%{?with_debug:,debug}
# build PKI console, Javadoc, and native binaries with CMake
./build.sh \
%{?_verbose:-v} \
--product-name="%{product_name}" \
@ -860,36 +1059,32 @@ pkgs=base\
--sysconf-dir=%{_sysconfdir} \
--share-dir=%{_datadir} \
--cmake=%{__cmake} \
--c-flags="$C_FLAGS" \
--java-home=%{java_home} \
--jni-dir=%{_jnidir} \
--unit-dir=%{_unitdir} \
--python=%{python3} \
--python-dir=%{python3_sitelib} \
--without-java \
--with-pkgs=$pkgs \
%{?with_console:--with-console} \
%{!?with_test:--without-test} \
--without-test \
dist
################################################################################
%install
################################################################################
# install Java binaries
%mvn_install
# install PKI console, Javadoc, and native binaries
./build.sh \
%{?_verbose:-v} \
--work-dir=%{_vpath_builddir} \
--install-dir=%{buildroot} \
install
# Unbundle the FontAwesome fonts
rm %{buildroot}%{_datadir}/pki/common-ui/fonts/fontawesome-webfont.woff
%if 0%{?fedora} > 38 || 0%{?rhel} > 9
ln -s ../../../fonts/fontawesome4/fontawesome-webfont.woff \
%{buildroot}%{_datadir}/pki/common-ui/fonts/fontawesome-webfont.woff
%else
ln -s ../../../fonts/fontawesome/fontawesome-webfont.woff \
%{buildroot}%{_datadir}/pki/common-ui/fonts/fontawesome-webfont.woff
%endif
%if %{with server}
%pre -n %{product_id}-server
@ -942,16 +1137,36 @@ then
systemctl daemon-reload
fi
# Update the fapolicy rules for each PKI server instance
for instance in $(ls /var/lib/pki)
do
target="/etc/fapolicyd/rules.d/61-pki-$instance.rules"
sed -e "s/\[WORK_DIR\]/\/var\/lib\/pki\/$instance\/work/g" \
/usr/share/pki/server/etc/fapolicy.rules \
> $target
chown root:fapolicyd $target
chmod 644 $target
done
# Restart fapolicy daemon if it's active
status=$(systemctl is-active fapolicyd)
if [ "$status" = "active" ]
then
systemctl restart fapolicyd
fi
# with server
%endif
%if %{with meta}
%if "%{name}" != "%{product_id}"
################################################################################
%files -n %{product_id}
%files -n %{product_id} -f .mfiles
################################################################################
%else
%files
%files -f .mfiles
%endif
%doc %{_datadir}/doc/pki/README
@ -987,15 +1202,13 @@ fi
%{_mandir}/man8/pki-upgrade.8.gz
################################################################################
%files -n %{product_id}-java
%files -n %{product_id}-java -f .mfiles-pki-java
################################################################################
%license base/common/LICENSE
%license base/common/LICENSE.LESSER
%{_datadir}/pki/examples/java/
%{_datadir}/pki/lib/*.jar
%dir %{_javadir}/pki
%{_javadir}/pki/pki-common.jar
################################################################################
%files -n python3-%{product_id}
@ -1009,7 +1222,7 @@ fi
%{python3_sitelib}/pki
################################################################################
%files -n %{product_id}-tools
%files -n %{product_id}-tools -f .mfiles-pki-tools
################################################################################
%license base/tools/LICENSE
@ -1032,7 +1245,6 @@ fi
%{_bindir}/CMCRevoke
%{_bindir}/CMCSharedToken
%{_bindir}/CRMFPopClient
%{_bindir}/DRMTool
%{_bindir}/ExtJoiner
%{_bindir}/GenExtKeyUsage
%{_bindir}/GenIssuerAltNameExt
@ -1046,10 +1258,8 @@ fi
%{_bindir}/PrettyPrintCert
%{_bindir}/PrettyPrintCrl
%{_bindir}/TokenInfo
%{_javadir}/pki/pki-tools.jar
%{_datadir}/pki/tools/
%{_datadir}/pki/lib/p11-kit-trust.so
%{_libdir}/tps/libtps.so
%{_mandir}/man1/AtoB.1.gz
%{_mandir}/man1/AuditVerify.1.gz
%{_mandir}/man1/BtoA.1.gz
@ -1057,7 +1267,6 @@ fi
%{_mandir}/man1/CMCRequest.1.gz
%{_mandir}/man1/CMCSharedToken.1.gz
%{_mandir}/man1/CMCResponse.1.gz
%{_mandir}/man1/DRMTool.1.gz
%{_mandir}/man1/KRATool.1.gz
%{_mandir}/man1/PrettyPrintCert.1.gz
%{_mandir}/man1/PrettyPrintCrl.1.gz
@ -1087,7 +1296,7 @@ fi
%if %{with server}
################################################################################
%files -n %{product_id}-server
%files -n %{product_id}-server -f .mfiles-pki-server
################################################################################
%license base/common/THIRD_PARTY_LICENSES
@ -1116,8 +1325,6 @@ fi
%dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
%{_javadir}/pki/pki-server.jar
%{_javadir}/pki/pki-tomcat.jar
%dir %{_sharedstatedir}/pki
%{_mandir}/man1/pkidaemon.1.gz
%{_mandir}/man5/pki_default.cfg.5.gz
@ -1142,20 +1349,15 @@ fi
%{_mandir}/man8/pki-healthcheck.8.gz
%{_datadir}/pki/setup/
%{_datadir}/pki/server/
%if %{without theme}
%exclude %{_datadir}/pki/CS_SERVER_VERSION
%exclude %{_datadir}/pki/common-ui/
%endif
# with server
%endif
%if %{with acme}
################################################################################
%files -n %{product_id}-acme
%files -n %{product_id}-acme -f .mfiles-pki-acme
################################################################################
%{_javadir}/pki/pki-acme.jar
%{_datadir}/pki/acme/
# with acme
@ -1163,11 +1365,10 @@ fi
%if %{with ca}
################################################################################
%files -n %{product_id}-ca
%files -n %{product_id}-ca -f .mfiles-pki-ca
################################################################################
%license base/ca/LICENSE
%{_javadir}/pki/pki-ca.jar
%{_datadir}/pki/ca/
# with ca
@ -1175,10 +1376,9 @@ fi
%if %{with est}
################################################################################
%files -n %{product_id}-est
%files -n %{product_id}-est -f .mfiles-pki-est
################################################################################
%{_javadir}/pki/pki-est.jar
%{_datadir}/pki/est/
# with est
@ -1186,11 +1386,10 @@ fi
%if %{with kra}
################################################################################
%files -n %{product_id}-kra
%files -n %{product_id}-kra -f .mfiles-pki-kra
################################################################################
%license base/kra/LICENSE
%{_javadir}/pki/pki-kra.jar
%{_datadir}/pki/kra/
# with kra
@ -1198,11 +1397,10 @@ fi
%if %{with ocsp}
################################################################################
%files -n %{product_id}-ocsp
%files -n %{product_id}-ocsp -f .mfiles-pki-ocsp
################################################################################
%license base/ocsp/LICENSE
%{_javadir}/pki/pki-ocsp.jar
%{_datadir}/pki/ocsp/
# with ocsp
@ -1210,11 +1408,10 @@ fi
%if %{with tks}
################################################################################
%files -n %{product_id}-tks
%files -n %{product_id}-tks -f .mfiles-pki-tks
################################################################################
%license base/tks/LICENSE
%{_javadir}/pki/pki-tks.jar
%{_datadir}/pki/tks/
# with tks
@ -1222,11 +1419,10 @@ fi
%if %{with tps}
################################################################################
%files -n %{product_id}-tps
%files -n %{product_id}-tps -f .mfiles-pki-tps
################################################################################
%license base/tps/LICENSE
%{_javadir}/pki/pki-tps.jar
%{_datadir}/pki/tps/
%{_mandir}/man5/pki-tps-connector.5.gz
%{_mandir}/man5/pki-tps-profile.5.gz
@ -1246,12 +1442,11 @@ fi
%if %{with console}
################################################################################
%files -n %{product_id}-console
%files -n %{product_id}-console -f .mfiles-pki-console
################################################################################
%license base/console/LICENSE
%{_bindir}/pkiconsole
%{_javadir}/pki/pki-console.jar
# with console
%endif
@ -1263,6 +1458,8 @@ fi
%license themes/%{theme}/common-ui/LICENSE
%dir %{_datadir}/pki
%if %{with server}
%{_datadir}/pki/CS_SERVER_VERSION
%{_datadir}/pki/common-ui/
%{_datadir}/pki/server/webapps/pki/ca
@ -1275,6 +1472,9 @@ fi
%{_datadir}/pki/server/webapps/pki/pki.properties
%{_datadir}/pki/server/webapps/pki/tks
# with server
%endif
%if %{with console}
################################################################################
%files -n %{product_id}-console-theme
@ -1301,79 +1501,5 @@ fi
################################################################################
%changelog
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 11.4.3-2.4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 11.4.3-2.3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Nov 29 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 11.4.3-2.2
- Disable unwanted components in RHEL builds
- Update conditionals for RHEL 10
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 11.4.3-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 04 2023 Adam Williamson <awilliam@redhat.com> - 11.4.3-2.fc39
- Backport PR #4494 to fix pkiparser.py with Python 3.12
* Wed Jun 28 2023 Python Maint <python-maint@redhat.com> - 11.4.3-1.fc39.1
- Rebuilt for Python 3.12
* Mon Feb 27 2023 Jerry James <loganjerry@gmail.com> - 11.3.1-2
- Unbundle the FontAwesome font
* Tue Feb 07 2023 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.3.1-1
- Rebase to PKI 11.3.1
* Fri Jan 20 2023 Marian Koncek <mkoncek@redhat.com> - 11.2.0-3
- Resolve jar paths using xmvn
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 11.2.0-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 29 2022 Adam Williamson <awilliam@redhat.com> - 11.2.0-2
- Backport fix to work with python-ldap 3.4.2 (#2112243)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 11.2.0-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 01 2022 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.2.0-1
- Rebase to PKI 11.2.0
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 11.2.0-0.3.beta2.1
- Rebuilt for Python 3.11
* Mon May 02 2022 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.2.0-0.3.beta2
- Rebase to PKI 11.2.0-beta2
* Tue Apr 12 2022 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.2.0-0.2.beta1
- Rebase to PKI 11.2.0-beta1
* Mon Feb 14 2022 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.1.0-1
- Rebase to PKI 11.1.0
* Sat Feb 05 2022 Jiri Vanek <jvanek@redhat.com> - 11.1.0-0.3.alpha2
- Rebuilt for java-17-openjdk as system jdk
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 11.1.0-0.2.alpha2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Nov 26 2021 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.1.0-0.1.alpha2
- Rebase to PKI 11.1.0-alpha2
* Thu Sep 30 2021 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.0.0-1
- Rebase to PKI 11.0.0
- Bug #1999052 - pki instance creation fails for IPA server
* Fri Sep 03 2021 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.0.0-0.4.beta1
- Rebase to PKI 11.0.0-beta1
* Thu Aug 12 2021 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.0.0-0.3.alpha2
- Rebase to PKI 11.0.0-alpha2
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 11.0.0-0.2.alpha1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jun 22 2021 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.0.0-0.1.alpha1
- Rebase to PKI 11.0.0-alpha1
* Thu Apr 25 2024 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.5.0-1
- Rebase to PKI 11.5.0

8
gating.yaml Normal file
View File

@ -0,0 +1,8 @@
# recipients: rhcs-team
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}

8
rpminspect.yaml Normal file
View File

@ -0,0 +1,8 @@
---
specname:
match: suffix
runpath:
allowed_paths:
- /usr/lib64/tps
inspections:
javabytecode: off

2
sources
View File

@ -1 +1 @@
SHA512 (pki-11.4.3.tar.gz) = 0d078ba1021c845bc73e31a50b55d43ab9d82bbbcd9a22663dee04c8fa643eb1ee36dacbafe9da2d58dd91114600d1ea70a3375443e90f1598d3fec2fab1f401
SHA512 (pki-11.5.0.tar.gz) = 28b4099abd59b6fb5c510fff39fe7b2258f663f3fc21c973243a9615f5f601a18b763722ee6ea033afe76a094464d4fdce5cd0af45f9126566badf89e3a69923

25
tests/roles/Test_Setup/files/ca.cfg Normal file
View File

@ -0,0 +1,25 @@
[DEFAULT]
pki_server_database_password=Secret.123
[CA]
pki_admin_email=caadmin@example.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret.123
pki_admin_uid=caadmin
pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123
pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret.123
pki_security_domain_name=EXAMPLE
pki_ca_signing_nickname=ca_signing
pki_ocsp_signing_nickname=ca_ocsp_signing
pki_audit_signing_nickname=ca_audit_signing
pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem

24
tests/roles/Test_Setup/files/ds-create.sh Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash -ex
# This command needs to be executed as it pulls the machine name
# dynamically.
dscreate create-template /tmp/test_dir/ds.inf
sed -i \
-e "s/;instance_name = .*/instance_name = localhost/g" \
-e "s/;root_password = .*/root_password = Secret.123/g" \
-e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
-e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
/tmp/test_dir/ds.inf
dscreate from-file /tmp/test_dir/ds.inf
ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: dc=example,dc=com
objectClass: domain
dc: example
dn: dc=pki,dc=example,dc=com
objectClass: domain
dc: pki
EOF

27
tests/roles/Test_Setup/files/kra.cfg Normal file
View File

@ -0,0 +1,27 @@
[DEFAULT]
pki_server_database_password=Secret.123
[KRA]
pki_admin_email=kraadmin@example.com
pki_admin_name=kraadmin
pki_admin_nickname=kraadmin
pki_admin_password=Secret.123
pki_admin_uid=kraadmin
pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123
pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
pki_ds_database=kra
pki_ds_password=Secret.123
pki_security_domain_name=EXAMPLE
pki_security_domain_user=caadmin
pki_security_domain_password=Secret.123
pki_storage_nickname=kra_storage
pki_transport_nickname=kra_transport
pki_audit_signing_nickname=kra_audit_signing
pki_sslserver_nickname=sslserver
pki_subsystem_nickname=subsystem

21
tests/roles/Test_Setup/tasks/main.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: Install required packages
dnf:
name: >
389-ds-base, pki-ca, pki-kra
- name: Creates directory
file: path=/tmp/test_files state=directory
- name: Copying templates to /tmp folder
copy : src=. dest=/tmp/test_dir
- name: Setup DS Service
shell: sh /tmp/test_dir/ds-create.sh
- name: Install CA subsystem
shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
- name: Install KRA subsystem
shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v

29
tests/tests.yml Normal file
View File

@ -0,0 +1,29 @@
- hosts: localhost
remote_user: root
tags:
- classic
roles:
- role: Test_Setup
- role: standard-test-basic
tests:
- verify_spawn_ca:
dir: .
run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '\"Status\" : \"running\"'"
- verify_spawn_kra:
dir: .
run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '\"Status\" : \"running\"'"
- destroy_kra:
dir: .
run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
- verify_destroy_kra:
dir: .
run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
- destroy_ca:
dir: .
run: "pkidestroy -i pki-tomcat -s CA"
- verify_destroy_ca:
dir: .
run: "curl http://localhost:8080/ca/admin/ca/getStatus &> testfile.log || true && grep 'Connection refused' testfile.log"
required_packages:
- pki-ca
- pki-kra