From c918703d7a4e09324ba7e776c8df923a5f32624f Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Tue, 18 Aug 2020 14:15:21 -0400 Subject: [PATCH] Revert JDK11 support, rebuild on Rawhide Signed-off-by: Alexander Scheel --- .gitignore | 1 + 0001-Support-FIPS-HSMs.patch | 404 +++++++++++++++++++++++++++++++++++ dogtag-pki.spec | 141 ++++++------ sources | 2 +- 4 files changed, 484 insertions(+), 64 deletions(-) create mode 100644 0001-Support-FIPS-HSMs.patch diff --git a/.gitignore b/.gitignore index 9208556..8c07534 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /pki-10.8.3.tar.gz /pki-10.9.0-a2.tar.gz /pki-10.9.0-b2.tar.gz +/pki-10.9.1.tar.gz diff --git a/0001-Support-FIPS-HSMs.patch b/0001-Support-FIPS-HSMs.patch new file mode 100644 index 0000000..df94470 --- /dev/null +++ b/0001-Support-FIPS-HSMs.patch @@ -0,0 +1,404 @@ +From a5d1c9dab35030c839e3a2b506bd3dfcf631ccdb Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Tue, 11 Aug 2020 11:56:27 -0500 +Subject: [PATCH 1/5] Disabled AIA and cert policy extensions in ACME examples + +The ACME NSS issuer has been modified to disable the AIA and +certificate policy extensions by default since they contain +non-functional URLs that might cause certbot to generate +error messages. + +https://bugzilla.redhat.com/show_bug.cgi?id=1868233 +--- + base/acme/issuer/nss/ca_signing.conf | 9 +++++---- + base/acme/issuer/nss/sslserver.conf | 9 +++++---- + 2 files changed, 10 insertions(+), 8 deletions(-) + +diff --git a/base/acme/issuer/nss/ca_signing.conf b/base/acme/issuer/nss/ca_signing.conf +index aedcd4b0e..b9a82a2d1 100644 +--- a/base/acme/issuer/nss/ca_signing.conf ++++ b/base/acme/issuer/nss/ca_signing.conf +@@ -1,8 +1,9 @@ + basicConstraints = critical, CA:TRUE + subjectKeyIdentifier = hash +-authorityInfoAccess = OCSP;URI:http://ocsp.example.com, caIssuers;URI:http://cert.example.com + keyUsage = critical, digitalSignature, keyCertSign, cRLSign +-certificatePolicies = 2.23.140.1.2.1, @cps_policy + +-cps_policy.id = 1.3.6.1.4.1.44947.1.1.1 +-cps_policy.CPS.1 = http://cps.example.com ++# authorityInfoAccess = OCSP;URI:http://ocsp.example.com, caIssuers;URI:http://cert.example.com ++ ++# certificatePolicies = 2.23.140.1.2.1, @cps_policy ++# cps_policy.id = 1.3.6.1.4.1.44947.1.1.1 ++# cps_policy.CPS.1 = http://cps.example.com +diff --git a/base/acme/issuer/nss/sslserver.conf b/base/acme/issuer/nss/sslserver.conf +index f9e04902b..e153c223e 100644 +--- a/base/acme/issuer/nss/sslserver.conf ++++ b/base/acme/issuer/nss/sslserver.conf +@@ -1,10 +1,11 @@ + basicConstraints = critical, CA:FALSE + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always +-authorityInfoAccess = OCSP;URI:http://ocsp.example.com, caIssuers;URI:http://cert.example.com + keyUsage = critical, digitalSignature, keyEncipherment + extendedKeyUsage = serverAuth, clientAuth +-certificatePolicies = 2.23.140.1.2.1, @cps_policy + +-cps_policy.id = 1.3.6.1.4.1.44947.1.1.1 +-cps_policy.CPS.1 = http://cps.example.com ++# authorityInfoAccess = OCSP;URI:http://ocsp.example.com, caIssuers;URI:http://cert.example.com ++ ++# certificatePolicies = 2.23.140.1.2.1, @cps_policy ++# cps_policy.id = 1.3.6.1.4.1.44947.1.1.1 ++# cps_policy.CPS.1 = http://cps.example.com +-- +2.26.2 + + +From a48e731d0faab11929fd9bf3d54a0638bbf40a16 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Tue, 11 Aug 2020 14:41:16 -0400 +Subject: [PATCH 2/5] Start NSSCertExportCLI + +Can be tested with pki nss-cert-export + +Signed-off-by: Alexander Scheel +--- + .../com/netscape/cmstools/nss/NSSCertCLI.java | 3 +- + .../cmstools/nss/NSSCertExportCLI.java | 128 ++++++++++++++++++ + 2 files changed, 130 insertions(+), 1 deletion(-) + create mode 100644 base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java + +diff --git a/base/java-tools/src/com/netscape/cmstools/nss/NSSCertCLI.java b/base/java-tools/src/com/netscape/cmstools/nss/NSSCertCLI.java +index 0313ffae5..2f1f8cac5 100644 +--- a/base/java-tools/src/com/netscape/cmstools/nss/NSSCertCLI.java ++++ b/base/java-tools/src/com/netscape/cmstools/nss/NSSCertCLI.java +@@ -12,8 +12,9 @@ public class NSSCertCLI extends CLI { + public NSSCertCLI(NSSCLI nssCLI) { + super("cert", "NSS certificate management commands", nssCLI); + ++ addModule(new NSSCertExportCLI(this)); + addModule(new NSSCertImportCLI(this)); +- addModule(new NSSCertRequestCLI(this)); + addModule(new NSSCertIssueCLI(this)); ++ addModule(new NSSCertRequestCLI(this)); + } + } +diff --git a/base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java b/base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java +new file mode 100644 +index 000000000..06150fe41 +--- /dev/null ++++ b/base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java +@@ -0,0 +1,128 @@ ++// ++// Copyright Red Hat, Inc. ++// ++// SPDX-License-Identifier: GPL-2.0-or-later ++// ++package com.netscape.cmstools.nss; ++ ++import java.io.FileOutputStream; ++import java.nio.file.Files; ++import java.nio.file.Paths; ++import javax.net.ssl.KeyManagerFactory; ++import java.security.cert.X509Certificate; ++ ++import org.apache.commons.cli.CommandLine; ++import org.apache.commons.cli.Option; ++import org.apache.commons.io.IOUtils; ++import org.dogtagpki.cli.CommandCLI; ++import org.dogtagpki.nss.NSSDatabase; ++import org.mozilla.jss.pkcs11.PK11Cert; ++import org.mozilla.jss.netscape.security.util.Cert; ++import org.mozilla.jss.netscape.security.util.Utils; ++import org.mozilla.jss.netscape.security.x509.X509CertImpl; ++import org.mozilla.jss.provider.javax.crypto.JSSKeyManager; ++ ++import com.netscape.certsrv.client.ClientConfig; ++import com.netscape.cmstools.cli.MainCLI; ++ ++public class NSSCertExportCLI extends CommandCLI { ++ ++ public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(NSSCertExportCLI.class); ++ ++ public NSSCertExportCLI(NSSCertCLI nssCertCLI) { ++ super("export", "Export certificate", nssCertCLI); ++ } ++ ++ public void printHelp() { ++ formatter.printHelp(getFullName() + " [OPTIONS...] nickname [path]", options); ++ } ++ ++ public void createOptions() { ++ Option option = new Option(null, "format", true, "Certificate format: PEM (default), DER, RAW"); ++ option.setArgName("format"); ++ options.addOption(option); ++ ++ option = new Option(null, "with-chain", false, "Export with certificate chain from NSS DB"); ++ option.setArgName("with-chain"); ++ options.addOption(option); ++ } ++ ++ public void execute(CommandLine cmd) throws Exception { ++ ++ String[] cmdArgs = cmd.getArgs(); ++ String nickname = null; ++ String path = null; ++ ++ if (cmdArgs.length < 1) { ++ throw new Exception("Missing required positional argument: nickname"); ++ } ++ nickname = cmdArgs[0]; ++ ++ if (cmdArgs.length >= 2) { ++ path = cmdArgs[1]; ++ } ++ ++ String format = cmd.getOptionValue("format", "PEM").toUpperCase(); ++ boolean chain = cmd.hasOption("with-chain"); ++ ++ if (!format.equals("PEM") && !format.equals("DER") && !format.equals("RAW")) { ++ throw new Exception("Unknown type of output format: " + format); ++ } ++ ++ if (chain && format.equals("DER")) { ++ throw new Exception("Unable to write chain of DER-encoded certificates; use PEM instead."); ++ } ++ ++ MainCLI mainCLI = (MainCLI) getRoot(); ++ mainCLI.init(); ++ ++ X509Certificate[] certs; ++ ++ KeyManagerFactory kmf = KeyManagerFactory.getInstance("NssX509", "Mozilla-JSS"); ++ JSSKeyManager km = (JSSKeyManager) kmf.getKeyManagers()[0]; ++ ++ if (chain) { ++ certs = km.getCertificateChain(nickname); ++ } else { ++ certs = new X509Certificate[] { ++ (PK11Cert) km.getCertificate(nickname) ++ }; ++ } ++ ++ byte[] output = null; ++ ++ if (format.equals("RAW")) { ++ StringBuffer buffer = new StringBuffer(); ++ for (X509Certificate cert : certs) { ++ buffer.append(cert.toString()); ++ } ++ ++ output = buffer.toString().getBytes(); ++ } else if (format.equals("PEM")) { ++ StringBuffer buffer = new StringBuffer(); ++ ++ for (X509Certificate cert : certs) { ++ byte[] encoded = cert.getEncoded(); ++ buffer.append(Cert.HEADER); ++ buffer.append("\r\n"); ++ buffer.append(Utils.base64encodeMultiLine(encoded)); ++ buffer.append(Cert.FOOTER); ++ buffer.append("\r\n\r\n"); ++ } ++ ++ output = buffer.toString().getBytes(); ++ } else if (format.equals("DER")) { ++ for (X509Certificate cert : certs) { ++ output = cert.getEncoded(); ++ } ++ } ++ ++ if (path == null) { ++ System.out.println(new String(output)); ++ } else { ++ try (FileOutputStream fos = new FileOutputStream(path)) { ++ fos.write(output); ++ } ++ } ++ } ++} +-- +2.26.2 + + +From 0c6b6e916420faa583a25a12621100a35bba1b57 Mon Sep 17 00:00:00 2001 +From: Alexander Scheel +Date: Tue, 11 Aug 2020 15:16:01 -0400 +Subject: [PATCH 3/5] Fix export on FIPS-enabled HSMs + +Signed-off-by: Alexander Scheel +--- + base/common/python/pki/nssdb.py | 70 +++++++++++++++++---------------- + 1 file changed, 37 insertions(+), 33 deletions(-) + +diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py +index 599cd9895..ff2af4a40 100644 +--- a/base/common/python/pki/nssdb.py ++++ b/base/common/python/pki/nssdb.py +@@ -1351,6 +1351,38 @@ class NSSDatabase(object): + epoch = datetime.datetime.utcfromtimestamp(0) + return (date - epoch).total_seconds() * 1000 + ++ def export_cert_from_db(self, ++ nickname, ++ output_file, ++ include_chain=False, ++ output_format=None): ++ cmd = [ ++ 'pki', ++ '-d', self.directory ++ ] ++ ++ if self.password_file: ++ cmd.extend(['-C', self.password_file]) ++ ++ if self.token: ++ cmd.extend(['--token', self.token]) ++ full_name = self.token + ':' + nickname ++ else: ++ full_name = nickname ++ ++ cmd.extend(['nss-cert-export']) ++ ++ if include_chain: ++ cmd.extend(['--with-chain']) ++ ++ if output_format: ++ cmd.extend(['--format', output_format]) ++ ++ cmd.extend([full_name, output_file]) ++ ++ logger.debug('Command: %s', ' '.join(map(str, cmd))) ++ subprocess.check_call(cmd) ++ + def export_cert(self, + nickname, + pkcs12_file, +@@ -1752,39 +1784,11 @@ class NSSDatabase(object): + shutil.rmtree(tmpdir) + + def extract_ca_cert(self, ca_path, nickname): +- tmpdir = tempfile.mkdtemp() +- +- try: +- p12_file = os.path.join(tmpdir, "sslserver.p12") +- password = pki.generate_password() +- +- # Build a chain containing the certificate we're trying to +- # export. OpenSSL gets confused if we don't have a key for +- # the end certificate: rh-bz#1246371 +- self.export_pkcs12(p12_file, pkcs12_password=password, +- nicknames=[nickname], include_key=False, +- include_chain=True) +- +- # This command is similar to the one from server/__init__.py. +- # However, to work during the initial startup, we do not +- # specify the cacerts option! This ensures we always get +- cmd_export_ca = [ +- 'openssl', 'pkcs12', +- '-in', p12_file, +- '-out', ca_path, +- '-nodes', '-nokeys', +- '-passin', 'pass:' + password +- ] +- +- # Remove CA.crt prior to starting; openssl gets annoyed otherwise. +- if os.path.exists(ca_path): +- os.remove(ca_path) +- +- res_ca = subprocess.check_output(cmd_export_ca, +- stderr=subprocess.STDOUT).decode('utf-8') +- logger.debug('Result of CA cert export: %s', res_ca) +- finally: +- shutil.rmtree(tmpdir) ++ # Build a chain containing the certificate we're trying to ++ # export. OpenSSL gets confused if we don't have a key for ++ # the end certificate: rh-bz#1246371 ++ self.export_cert_from_db(nickname, ca_path, include_chain=True, ++ output_format="PEM") + + @staticmethod + def __generate_key_args(key_type=None, key_size=None, curve=None): +-- +2.26.2 + + +From 2df13c4195e8e6b184294888b2c6376043047e33 Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Tue, 11 Aug 2020 19:39:39 -0500 +Subject: [PATCH 4/5] Fixed cert nickname in NSSDatabase.export_cert_from_db() + +The NSSDatabase.export_cert_from_db() has been modified to +no longer prepend the token name to the cert nickname since +the cert nickname obtained from serverCertNick.conf already +contains the token name. +--- + base/common/python/pki/nssdb.py | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py +index ff2af4a40..c7ce89336 100644 +--- a/base/common/python/pki/nssdb.py ++++ b/base/common/python/pki/nssdb.py +@@ -1366,9 +1366,6 @@ class NSSDatabase(object): + + if self.token: + cmd.extend(['--token', self.token]) +- full_name = self.token + ':' + nickname +- else: +- full_name = nickname + + cmd.extend(['nss-cert-export']) + +@@ -1378,7 +1375,7 @@ class NSSDatabase(object): + if output_format: + cmd.extend(['--format', output_format]) + +- cmd.extend([full_name, output_file]) ++ cmd.extend([nickname, output_file]) + + logger.debug('Command: %s', ' '.join(map(str, cmd))) + subprocess.check_call(cmd) +-- +2.26.2 + + +From eb28b09fb030fe5df2b6b4cfa16338ddd0325b30 Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Tue, 11 Aug 2020 20:07:56 -0500 +Subject: [PATCH 5/5] Removed blank lines in pki nss-cert-export output + +The pki nss-cert-export has been modified to remove the extra +blank lines between certs and at the end of the output. +--- + .../src/com/netscape/cmstools/nss/NSSCertExportCLI.java | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java b/base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java +index 06150fe41..9aaf83a30 100644 +--- a/base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java ++++ b/base/java-tools/src/com/netscape/cmstools/nss/NSSCertExportCLI.java +@@ -107,7 +107,7 @@ public class NSSCertExportCLI extends CommandCLI { + buffer.append("\r\n"); + buffer.append(Utils.base64encodeMultiLine(encoded)); + buffer.append(Cert.FOOTER); +- buffer.append("\r\n\r\n"); ++ buffer.append("\r\n"); + } + + output = buffer.toString().getBytes(); +@@ -118,7 +118,8 @@ public class NSSCertExportCLI extends CommandCLI { + } + + if (path == null) { +- System.out.println(new String(output)); ++ System.out.print(new String(output)); ++ System.out.flush(); + } else { + try (FileOutputStream fos = new FileOutputStream(path)) { + fos.write(output); +-- +2.26.2 + diff --git a/dogtag-pki.spec b/dogtag-pki.spec index 7565b1a..ec1e18f 100644 --- a/dogtag-pki.spec +++ b/dogtag-pki.spec @@ -1,17 +1,18 @@ -%undefine __cmake_in_source_build - ################################################################################ Name: dogtag-pki ################################################################################ -Summary: Dogtag PKI Package +%global vendor_id dogtag +%global brand Dogtag + +Summary: %{brand} PKI Package URL: http://www.dogtagpki.org/ # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -Version: 10.9.0 -Release: 0.6%{?_timestamp}%{?_commit_id}%{?dist} -%global _phase -b2 +Version: 10.9.1 +Release: 2%{?_timestamp}%{?_commit_id}%{?dist} +#global _phase -a1 # To create a tarball from a version tag: # $ git archive \ @@ -28,6 +29,8 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch +Patch1: 0001-Support-FIPS-HSMs.patch + ################################################################################ # NSS ################################################################################ @@ -48,7 +51,17 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # Java ################################################################################ -%define java_home %{_usr}/lib/jvm/jre-1.8.0-openjdk +%define java_home /usr/lib/jvm/jre-openjdk + +%if 0%{?fedora} && 0%{?fedora} >= 33 +%define min_java_version 1:1.8.0 +%define java_devel java-1.8.0-openjdk-devel +%define java_headless java-1.8.0-openjdk-headless +%else +%define min_java_version 1:1.8.0 +%define java_devel java-devel +%define java_headless java-headless +%endif ################################################################################ # RESTEasy @@ -88,21 +101,19 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # Define --with or --without options depending on # package selection method. -# package_option base -# package_option server -# package_option ca -# package_option kra -# package_option ocsp -# package_option tks -# package_option tps -# package_option javadoc -# package_option console -# package_option theme +%global without_base 1 +%global without_server 1 +%global without_ca 1 +%global without_kra 1 +%global without_ocsp 1 +%global without_tks 1 +%global without_tps 1 +%global without_javadoc 1 +%global without_console 1 %global with_theme 1 -# package_option meta %global with_meta 1 -# package_option debug -%global with_debug 1 +%global with_tests 1 +%global without_debug 1 %if ! %{with debug} %define debug_package %{nil} @@ -123,8 +134,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver %define pki_gid 17 %define pki_homedir /usr/share/pki -%global brand dogtag - %global saveFileContext() \ if [ -s /etc/selinux/config ]; then \ . %{_sysconfdir}/selinux/config; \ @@ -154,7 +163,8 @@ BuildRequires: make BuildRequires: cmake >= 3.0.2 BuildRequires: gcc-c++ BuildRequires: zip -BuildRequires: java-1.8.0-openjdk-devel +BuildRequires: %java_devel >= %{min_java_version} +BuildRequires: javapackages-tools BuildRequires: redhat-rpm-config BuildRequires: ldapjdk >= 4.22.0 BuildRequires: apache-commons-cli @@ -252,10 +262,10 @@ BuildRequires: nss-tools BuildRequires: openssl # description for top-level package (if there is a separate meta package) -%if "%{name}" != "%{brand}-pki" +%if "%{name}" != "%{vendor_id}-pki" %description -Dogtag PKI is an enterprise software system designed +%{brand} PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: @@ -269,18 +279,18 @@ PKI consists of the following components: %endif %if %{with meta} -%if "%{name}" != "%{brand}-pki" +%if "%{name}" != "%{vendor_id}-pki" ################################################################################ -%package -n %{brand}-pki +%package -n %{vendor_id}-pki ################################################################################ -Summary: Dogtag PKI Package +Summary: %{brand} PKI Package %endif # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI theme packages -Requires: %{brand}-pki-server-theme = %{version} -Requires: %{brand}-pki-console-theme = %{version} +Requires: %{vendor_id}-pki-server-theme = %{version} +Requires: %{vendor_id}-pki-console-theme = %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages @@ -300,13 +310,13 @@ Requires: pki-javadoc = %{version} Requires: esc >= 1.1.1 # description for top-level package (unless there is a separate meta package) -%if "%{name}" == "%{brand}-pki" +%if "%{name}" == "%{vendor_id}-pki" %description %else -%description -n %{brand}-pki +%description -n %{vendor_id}-pki %endif -Dogtag PKI is an enterprise software system designed +%{brand} PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: @@ -327,7 +337,7 @@ PKI consists of the following components: Summary: PKI Symmetric Key Package -Requires: java-1.8.0-openjdk-headless +Requires: %java_headless >= %{min_java_version} Requires: jpackage-utils >= 0:1.7.5-10 Requires: jss >= 4.7.0 Requires: nss >= 3.38.0 @@ -395,7 +405,7 @@ This package contains PKI client library for Python 3. Summary: PKI Base Java Package BuildArch: noarch -Requires: java-1.8.0-openjdk-headless +Requires: %java_headless >= %{min_java_version} Requires: apache-commons-cli Requires: apache-commons-codec Requires: apache-commons-io @@ -488,6 +498,8 @@ Requires: tomcat >= 1:9.0.7 %endif Requires: velocity +Requires: sudo +Requires: systemd Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -732,21 +744,15 @@ Requires: pki-console-theme = %{version} %description -n pki-console The PKI Console is a Java application used to administer PKI server. -For deployment purposes, a PKI Console requires ONE AND ONLY ONE of the -following "Mutually-Exclusive" PKI Theme packages: - - * dogtag-pki-console-theme (Dogtag Certificate System deployments) - * redhat-pki-console-theme (Red Hat Certificate System deployments) - -%endif # with console +%endif %if %{with theme} ################################################################################ -%package -n %{brand}-pki-server-theme +%package -n %{vendor_id}-pki-server-theme ################################################################################ -Summary: Dogtag PKI Server Theme Package +Summary: %{brand} PKI Server Theme Package BuildArch: noarch Provides: pki-server-theme = %{version} @@ -757,15 +763,15 @@ Conflicts: pki-symkey < %{version} Conflicts: pki-console-theme < %{version} Conflicts: pki-javadoc < %{version} -%description -n %{brand}-pki-server-theme +%description -n %{vendor_id}-pki-server-theme This PKI Server Theme Package contains -Dogtag textual and graphical user interface for PKI Server. +%{brand} textual and graphical user interface for PKI Server. ################################################################################ -%package -n %{brand}-pki-console-theme +%package -n %{vendor_id}-pki-console-theme ################################################################################ -Summary: Dogtag PKI Console Theme Package +Summary: %{brand} PKI Console Theme Package BuildArch: noarch Provides: pki-console-theme = %{version} @@ -776,9 +782,9 @@ Conflicts: pki-symkey < %{version} Conflicts: pki-server-theme < %{version} Conflicts: pki-javadoc < %{version} -%description -n %{brand}-pki-console-theme +%description -n %{vendor_id}-pki-console-theme This PKI Console Theme Package contains -Dogtag textual and graphical user interface for PKI Console. +%{brand} textual and graphical user interface for PKI Console. # with theme %endif @@ -821,7 +827,8 @@ fi -DVERSION=%{version}-%{release} \ -DVAR_INSTALL_DIR:PATH=/var \ -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ - -DJAVA_HOME=%{java_home} \ + -DJAVA_HOME=%java_home \ + -DPKI_JAVA_PATH=%java \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -DAPP_SERVER=$app_server \ @@ -836,11 +843,13 @@ fi %endif -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \ -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \ - -DTHEME=%{?with_theme:%{brand}} \ - %{nil} + -DTHEME=%{?with_theme:%{vendor_id}} \ + -B %{_vpath_builddir} + +cd %{_vpath_builddir} # Do not use _smp_mflags to preserve build order -make -C %{_vpath_builddir} \ +%{__make} \ VERBOSE=%{?_verbose} \ CMAKE_NO_VERBOSE=1 \ DESTDIR=%{buildroot} \ @@ -852,7 +861,9 @@ make -C %{_vpath_builddir} \ %install ################################################################################ -make -C %{_vpath_builddir} \ +cd %{_vpath_builddir} + +%{__make} \ VERBOSE=%{?_verbose} \ CMAKE_NO_VERBOSE=1 \ DESTDIR=%{buildroot} \ @@ -861,7 +872,7 @@ make -C %{_vpath_builddir} \ install %if %{with_test} -%ctest +ctest --output-on-failure %endif %if %{with meta} @@ -869,7 +880,7 @@ make -C %{_vpath_builddir} \ cat > %{buildroot}%{_datadir}/doc/pki/README << EOF This package is a "meta-package" whose dependencies pull in all of the -packages comprising the Dogtag Public Key Infrastructure (PKI) Suite. +packages comprising the %{brand} Public Key Infrastructure (PKI) Suite. EOF # with meta @@ -956,9 +967,9 @@ fi %endif %if %{with meta} -%if "%{name}" != "%{brand}-pki" +%if "%{name}" != "%{vendor_id}-pki" ################################################################################ -%files -n %{brand}-pki +%files -n %{vendor_id}-pki ################################################################################ %else %files @@ -1276,10 +1287,10 @@ fi %if %{with theme} ################################################################################ -%files -n %{brand}-pki-server-theme +%files -n %{vendor_id}-pki-server-theme ################################################################################ -%license themes/%{brand}/common-ui/LICENSE +%license themes/%{vendor_id}/common-ui/LICENSE %dir %{_datadir}/pki %{_datadir}/pki/CS_SERVER_VERSION %{_datadir}/pki/common-ui/ @@ -1294,10 +1305,10 @@ fi %{_datadir}/pki/server/webapps/pki/tks ################################################################################ -%files -n %{brand}-pki-console-theme +%files -n %{vendor_id}-pki-console-theme ################################################################################ -%license themes/%{brand}/console-ui/LICENSE +%license themes/%{vendor_id}/console-ui/LICENSE %{_javadir}/pki/pki-console-theme.jar # with theme @@ -1307,6 +1318,7 @@ fi ################################################################################ %files -n pki-tests ################################################################################ + %{_datadir}/pki/tests/ # with tests @@ -1314,6 +1326,9 @@ fi ################################################################################ %changelog +* Tue Aug 18 2020 Dogtag PKI Team - 10.9.1-2 +- Rebuilt to fix packaging issues introduced upstream + * Sat Aug 01 2020 Fedora Release Engineering - 10.9.0-0.6 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index 0e1c6d7..2946ba0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.9.0-b2.tar.gz) = 49f817d17a1442bcbec86c4f2717a2489d2655329f9d2d5ea97e73aaffb4924f2855898952568717c821188e8e05dfb05ee7afee9918c27a218e8f199a24777e +SHA512 (pki-10.9.1.tar.gz) = afe814aee95e778afd84243903d9fcd05e31cb038d4289607115f9cc90ec666aaf4aab3b7f93dc54366762c96f54c8bbd9b60b486daef84280072041667d9b6a