rpms/dogtag-pki
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to PKI 11.3.1

Browse Source
This commit is contained in:
Endi S. Dewata 2023-02-07 15:25:53 -06:00
parent 5f78fe60f9
commit ce7a3d0d5d
5 changed files with 127 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -29,3 +29,4 @@
/pki-11.2.0-beta1.tar.gz
/pki-11.2.0-beta2.tar.gz
/pki-11.2.0.tar.gz
/pki-11.3.1.tar.gz

33
0001-Don-t-use-deprecated-python-ldap-options-4082.patch
View File

@ -1,33 +0,0 @@
From f5e0b815e65b06b1ed86ae265adce0d91ed0efce Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Fri, 29 Jul 2022 11:18:11 +0200
Subject: [PATCH] Don't use deprecated python-ldap options (#4082)
- `OPT_X_TLS` is deprecated since python-ldap 3.3.0 and was removed in
3.4.2.
- `OPT_X_TLS_DEMAND` is not a valid option key.
`ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)` is
sufficient to enforce cert validation.
Closes: #4081
---
base/server/python/pki/server/deployment/__init__.py | 2 --
1 file changed, 2 deletions(-)
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
index 5359d6b0d..213588cac 100644
--- a/base/server/python/pki/server/deployment/__init__.py
+++ b/base/server/python/pki/server/deployment/__init__.py
@@ -188,8 +188,6 @@ class PKIDeployer:
ds_protocol = 'ldaps'
ds_port = self.mdict['pki_ds_ldaps_port']
# ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
- ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
- ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
self.mdict['pki_ds_secure_connection_ca_pem_file'])
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
--
2.37.1

50
0002-Resolve-jar-paths-using-xmvn.patch
View File

@ -1,50 +0,0 @@
From 10b9e50cde070774118b6d9361c9d3c2ff686573 Mon Sep 17 00:00:00 2001
From: Marian Koncek <mkoncek@redhat.com>
Date: Fri, 20 Jan 2023 12:59:49 +0100
Subject: [PATCH] Resolve jar paths using xmvn
---
base/CMakeLists.txt | 25 ++++++++-----------------
1 file changed, 8 insertions(+), 17 deletions(-)
diff --git a/base/CMakeLists.txt b/base/CMakeLists.txt
index c315be0..8cabd7f 100644
--- a/base/CMakeLists.txt
+++ b/base/CMakeLists.txt
@@ -151,25 +151,16 @@ find_file(JACKSON2_JAXB_ANNOTATIONS_JAR
/usr/share/java
)
-find_file(JAXB_API_JAR
- NAMES
- jaxb-api.jar
- PATHS
- /usr/share/java
+execute_process(
+ COMMAND xmvn-resolve jakarta.xml.bind:jakarta.xml.bind-api
+ OUTPUT_VARIABLE JAXB_API_JAR
+ OUTPUT_STRIP_TRAILING_WHITESPACE
)
-find_file(JAVAX_ACTIVATION_JAR
- NAMES
- jakarta.activation.jar
- jakarta-activation.jar
- javax.activation.jar
- javax-activation.jar
- PATHS
- /usr/share/java/jakarta-activation
- /usr/share/java/jakarta
- /usr/share/java/javax-activation
- /usr/share/java/javax
- /usr/share/java
+execute_process(
+ COMMAND xmvn-resolve jakarta.activation:jakarta.activation-api
+ OUTPUT_VARIABLE JAVAX_ACTIVATION_JAR
+ OUTPUT_STRIP_TRAILING_WHITESPACE
)
find_file(JAVAX_ANNOTATIONS_API_JAR
--
2.39.0

240
dogtag-pki.spec
View File

@ -8,19 +8,19 @@ Name: dogtag-pki
# Upstream version number:
%global major_version 11
%global minor_version 2
%global update_version 0
%global minor_version 3
%global update_version 1
# Downstream release number:
# - development/stabilization (unsupported): 0.<n> where n >= 1
# - GA/update (supported): <n> where n >= 1
%global release_number 3
%global release_number 1
# Development phase:
# - development (unsupported): alpha<n> where n >= 1
# - stabilization (unsupported): beta<n> where n >= 1
# - GA/update (supported): <none>
%undefine phase
#global phase
%undefine timestamp
%undefine commit_id
@ -30,7 +30,7 @@ URL: https://www.dogtagpki.org
# The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
License: GPL-2.0-only and LGPL-2.0-only
Version: %{major_version}.%{minor_version}.%{update_version}
Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.1
Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
# To create a tarball from a version tag:
# $ git archive \
@ -39,14 +39,6 @@ Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timesta
# -o pki-<version>.tar.gz \
# <version tag>
Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?phase:-}%{?phase}/pki-%{version}%{?phase:-}%{?phase}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=2112243
# https://github.com/dogtagpki/pki/issues/4081
# https://github.com/dogtagpki/pki/pull/4082
# Fix with python-ldap 3.4.2
Patch0: 0001-Don-t-use-deprecated-python-ldap-options-4082.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2158907
Patch1: 0002-Resolve-jar-paths-using-xmvn.patch
# To create a patch for all changes since a version tag:
# $ git format-patch \
@ -55,14 +47,17 @@ Patch1: 0002-Resolve-jar-paths-using-xmvn.patch
# > pki-VERSION-RELEASE.patch
# Patch: pki-VERSION-RELEASE.patch
# Java 17 and md2man are not available on i686
%if 0%{?fedora} && 0%{?fedora} > 35
ExclusiveArch: %{java_arches}
%else
ExcludeArch: i686
%endif
################################################################################
# NSS
# PKCS #11 Kit Trust
################################################################################
%global nss_default_db_type sql
%global p11_kit_trust /usr/lib64/pkcs11/p11-kit-trust.so
################################################################################
# Python
@ -74,9 +69,15 @@ ExcludeArch: i686
# Java
################################################################################
%define java_devel java-17-openjdk-devel
%define java_headless java-17-openjdk-headless
%define java_home %{_jvmdir}/jre-17-openjdk
%global java_devel java-17-openjdk-devel
%global java_headless java-17-openjdk-headless
%global java_home %{_jvmdir}/jre-17-openjdk
################################################################################
# Application Server
################################################################################
%global app_server tomcat-9.0
################################################################################
# PKI
@ -85,43 +86,26 @@ ExcludeArch: i686
# Execute unit tests unless --without test is specified.
%bcond_without test
# Build the package unless --without <package> is specified.
%bcond_without base
%bcond_without server
%bcond_without acme
%bcond_without ca
%bcond_without est
%bcond_without kra
%bcond_without ocsp
%bcond_without tks
%bcond_without tps
%bcond_without javadoc
%bcond_without theme
%bcond_without meta
%bcond_without tests
%bcond_without debug
# Don't build console unless --with console is specified.
%bcond_with console
# By default all packages will be built except the ones specified with
# --without <package> option (exclusion method).
# If --with pkgs option is specified, only packages specified with
# --with <package> will be built (inclusion method).
%bcond_with pkgs
# Define package_option macro to wrap bcond_with or bcond_without macro
# depending on package selection method.
%if %{with pkgs}
%define package_option() %bcond_with %1
%else
%define package_option() %bcond_without %1
%endif
# Define --with <package> or --without <package> options depending on
# package selection method.
%package_option base
%package_option server
%package_option acme
%package_option ca
%package_option kra
%package_option ocsp
%package_option tks
%package_option tps
%package_option javadoc
%package_option theme
%package_option meta
%package_option tests
%package_option debug
%if ! %{with debug}
%define debug_package %{nil}
%endif
@ -168,8 +152,9 @@ BuildRequires: cmake >= 3.0.2
BuildRequires: gcc-c++
BuildRequires: zip
BuildRequires: %{java_devel}
BuildRequires: maven-local
BuildRequires: javapackages-tools
BuildRequires: redhat-rpm-config
BuildRequires: apache-commons-cli
BuildRequires: apache-commons-codec
BuildRequires: apache-commons-io
@ -202,9 +187,9 @@ BuildRequires: python3-six
BuildRequires: junit
BuildRequires: jpackage-utils >= 0:1.7.5-10
BuildRequires: jss >= 5.2.0
BuildRequires: tomcatjss >= 8.2.0
BuildRequires: ldapjdk >= 5.2.0
BuildRequires: jss = 5.3
BuildRequires: tomcatjss = 8.3
BuildRequires: ldapjdk = 5.3
BuildRequires: systemd-units
@ -220,7 +205,6 @@ BuildRequires: apr-devel
BuildRequires: apr-util-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: httpd-devel >= 2.4.2
BuildRequires: pcre-devel
BuildRequires: systemd
BuildRequires: zlib
BuildRequires: zlib-devel
@ -238,7 +222,6 @@ BuildRequires: freeipa-healthcheck-core
# PKICertImport depends on certutil and openssl
BuildRequires: nss-tools
BuildRequires: openssl
BuildRequires: maven-local
# description for top-level package (if there is a separate meta package)
%if "%{name}" != "%{product_id}"
@ -268,7 +251,7 @@ Summary: %{product_name} Package
%endif
Obsoletes: pki-symkey < %{version}
Obsoletes: %{product_id}-pki-symkey < %{version}
Obsoletes: %{product_id}-symkey < %{version}
Obsoletes: pki-console < %{version}
Obsoletes: pki-console-theme < %{version}
Obsoletes: idm-console-framework < 2.0
@ -281,6 +264,7 @@ Requires: %{product_id}-theme = %{version}-%{release}
# of ALL PKI core packages
Requires: %{product_id}-acme = %{version}-%{release}
Requires: %{product_id}-ca = %{version}-%{release}
Requires: %{product_id}-est = %{version}-%{release}
Requires: %{product_id}-kra = %{version}-%{release}
Requires: %{product_id}-ocsp = %{version}-%{release}
Requires: %{product_id}-tks = %{version}-%{release}
@ -389,8 +373,8 @@ Requires: apache-commons-net
Requires: slf4j
Requires: slf4j-jdk14
Requires: jpackage-utils >= 0:1.7.5-10
Requires: jss >= 5.2.0
Requires: ldapjdk >= 5.2.0
Requires: jss = 5.3
Requires: ldapjdk = 5.3
Requires: %{product_id}-base = %{version}-%{release}
Requires: resteasy-client >= 3.0.17-1
Requires: resteasy-core >= 3.0.17-1
@ -466,7 +450,7 @@ Requires: systemd
Requires(post): systemd-units
Requires(postun): systemd-units
Requires(pre): shadow-utils
Requires: tomcatjss >= 8.2.0
Requires: tomcatjss = 8.3
# pki-healthcheck depends on the following library
%if 0%{?rhel}
@ -542,6 +526,26 @@ where it obtains its own signing certificate from a public CA.
# with ca
%endif
%if %{with est}
################################################################################
%package -n %{product_id}-est
################################################################################
Summary: %{product_name} EST Package
BuildArch: noarch
Obsoletes: pki-est < %{version}-%{release}
Provides: pki-est = %{version}-%{release}
Requires: %{product_id}-server = %{version}-%{release}
%description -n %{product_id}-est
%{product_name} EST subsystem provides an Enrollment over
Secure Transport (RFC 7030) service.
# with est
%endif
%if %{with kra}
################################################################################
%package -n %{product_id}-kra
@ -811,65 +815,58 @@ This package provides test suite for %{product_name}.
%build
################################################################################
# assume tomcat app_server
app_server=tomcat-9.0
# Set build flags for CMake
# (see /usr/lib/rpm/macros.d/macros.cmake)
%set_build_flags
%cmake \
--no-warn-unused-cli \
-DPRODUCT_NAME="%{product_name}" \
-DVERSION=%{version}-%{release} \
-DVAR_INSTALL_DIR:PATH=/var \
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
-DJAVA_HOME=%{java_home} \
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
-DAPP_SERVER=$app_server \
-DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \
-DPYTHON_EXECUTABLE=%{python_executable} \
-DWITH_SERVER:BOOL=%{?with_server:ON}%{!?with_server:OFF} \
-DWITH_CA:BOOL=%{?with_ca:ON}%{!?with_ca:OFF} \
-DWITH_KRA:BOOL=%{?with_kra:ON}%{!?with_kra:OFF} \
-DWITH_OCSP:BOOL=%{?with_ocsp:ON}%{!?with_ocsp:OFF} \
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
-DWITH_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
-DWITH_TESTS:BOOL=%{?with_tests:ON}%{!?with_tests:OFF} \
-DWITH_META:BOOL=%{?with_meta:ON}%{!?with_meta:OFF} \
-DTHEME=%{?with_theme:%{theme}} \
-DRUN_TESTS:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
-B %{_vpath_builddir}
pkgs=base\
%{?with_server:,server}\
%{?with_ca:,ca}\
%{?with_est:,est}\
%{?with_kra:,kra}\
%{?with_ocsp:,ocsp}\
%{?with_tks:,tks}\
%{?with_tps:,tps}\
%{?with_acme:,acme}\
%{?with_javadoc:,javadoc}\
%{?with_theme:,theme}\
%{?with_meta:,meta}\
%{?with_tests:,tests}\
%{?with_debug:,debug}
cd %{_vpath_builddir}
# Do not use _smp_mflags to preserve build order
%{__make} \
VERBOSE=%{?_verbose} \
CMAKE_NO_VERBOSE=1 \
DESTDIR=%{buildroot} \
INSTALL="install -p" \
--no-print-directory \
all
./build.sh \
%{?_verbose:-v} \
--product-name="%{product_name}" \
--product-id=%{product_id} \
%if %{with theme}
--theme=%{theme} \
%endif
--work-dir=%{_vpath_builddir} \
--prefix-dir=%{_prefix} \
--include-dir=%{_includedir} \
--lib-dir=%{_libdir} \
--sysconf-dir=%{_sysconfdir} \
--share-dir=%{_datadir} \
--cmake=%{__cmake} \
--java-home=%{java_home} \
--jni-dir=%{_jnidir} \
--unit-dir=%{_unitdir} \
--python=%{python_executable} \
--with-pkgs=$pkgs \
%{?with_console:--with-console} \
%{!?with_test:--without-test} \
dist
################################################################################
%install
################################################################################
cd %{_vpath_builddir}
%{__make} \
VERBOSE=%{?_verbose} \
CMAKE_NO_VERBOSE=1 \
DESTDIR=%{buildroot} \
INSTALL="install -p" \
--no-print-directory \
./build.sh \
%{?_verbose:-v} \
--work-dir=%{_vpath_builddir} \
--install-dir=%{buildroot} \
install
%if %{with tests}
ctest --output-on-failure
%endif
%if %{with server}
%pre -n %{product_id}-server
@ -975,7 +972,6 @@ fi
%{_datadir}/pki/examples/java/
%{_datadir}/pki/lib/*.jar
%dir %{_javadir}/pki
%{_javadir}/pki/pki-cmsutil.jar
%{_javadir}/pki/pki-certsrv.jar
################################################################################
@ -1098,7 +1094,6 @@ fi
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
%{_javadir}/pki/pki-cms.jar
%{_javadir}/pki/pki-cmsbundle.jar
%{_javadir}/pki/pki-tomcat.jar
%dir %{_sharedstatedir}/pki
%{_mandir}/man1/pkidaemon.1.gz
@ -1110,6 +1105,7 @@ fi
%{_mandir}/man8/pkispawn.8.gz
%{_mandir}/man8/pki-server.8.gz
%{_mandir}/man8/pki-server-acme.8.gz
%{_mandir}/man8/pki-server-est.8.gz
%{_mandir}/man8/pki-server-instance.8.gz
%{_mandir}/man8/pki-server-subsystem.8.gz
%{_mandir}/man8/pki-server-nuxwdog.8.gz
@ -1150,6 +1146,17 @@ fi
# with ca
%endif
%if %{with est}
################################################################################
%files -n %{product_id}-est
################################################################################
%{_javadir}/pki/pki-est.jar
%{_datadir}/pki/est/
# with est
%endif
%if %{with kra}
################################################################################
%files -n %{product_id}-kra
@ -1267,6 +1274,9 @@ fi
################################################################################
%changelog
* Tue Feb 07 2023 Dogtag PKI Team <devel@lists.dogtagpki.org> - 11.3.1-1
- Rebase to PKI 11.3.1
* Fri Jan 20 2023 Marian Koncek <mkoncek@redhat.com> - 11.2.0-3
- Resolve jar paths using xmvn

2
sources
View File

@ -1 +1 @@
SHA512 (pki-11.2.0.tar.gz) = ea38e3b7b2ae5d543dfd97d134241744117499b34b28f463c937dc27793717b238514ceb99944ab311887a9df37eb52dac28f7510891f24c813469d5da73101c
SHA512 (pki-11.3.1.tar.gz) = 160a3da0c3640a50ffb273c61a0562c5e0259f6b1ff9b09ead409533b18e6940fa91535826d17c5b57166f7394a8e2020cfdd7756acc76c268decc3fc59652df