diff --git a/.gitignore b/.gitignore
index 117673b..6bf87cf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@
/pki-10.10.2.tar.gz
/pki-10.10.3.tar.gz
/pki-10.10.5.tar.gz
+/pki-10.11.0-alpha1.tar.gz
diff --git a/0001-remove-jakarta-commons-httpclient.patch b/0001-remove-jakarta-commons-httpclient.patch
deleted file mode 100644
index eb1e6c1..0000000
--- a/0001-remove-jakarta-commons-httpclient.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-diff --git a/.classpath b/.classpath
-index 010483ca2..b7324e612 100644
---- a/.classpath
-+++ b/.classpath
-@@ -30,7 +30,6 @@
-
-
-
--
-
-
-
-diff --git a/base/common/src/main/java/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/main/java/com/netscape/certsrv/client/PKIConnection.java
-index 769a640cd..4f5d4f97c 100644
---- a/base/common/src/main/java/com/netscape/certsrv/client/PKIConnection.java
-+++ b/base/common/src/main/java/com/netscape/certsrv/client/PKIConnection.java
-@@ -33,7 +33,6 @@ import java.util.List;
-
- import javax.ws.rs.client.WebTarget;
-
--import org.apache.commons.httpclient.ConnectTimeoutException;
- import org.apache.http.Header;
- import org.apache.http.HttpEntity;
- import org.apache.http.HttpEntityEnclosingRequest;
-@@ -288,8 +287,7 @@ public class PKIConnection {
- InetSocketAddress localAddress,
- HttpParams params)
- throws IOException,
-- UnknownHostException,
-- ConnectTimeoutException {
-+ UnknownHostException {
-
- // Make sure certificate database is already initialized,
- // otherwise SSLSocket will throw UnsatisfiedLinkError.
-diff --git a/pki.spec b/pki.spec
-index 50484a71d..542b5b101 100644
---- a/pki.spec
-+++ b/pki.spec
-@@ -172,7 +172,6 @@ BuildRequires: apache-commons-codec
- BuildRequires: apache-commons-io
- BuildRequires: apache-commons-lang3 >= 3.2
- BuildRequires: apache-commons-net
--BuildRequires: jakarta-commons-httpclient
- BuildRequires: glassfish-jaxb-api
- BuildRequires: slf4j
- BuildRequires: slf4j-jdk14
-@@ -421,7 +420,6 @@ Requires: apache-commons-io
- Requires: apache-commons-lang3 >= 3.2
- Requires: apache-commons-logging
- Requires: apache-commons-net
--Requires: jakarta-commons-httpclient
- Requires: glassfish-jaxb-api
- Requires: slf4j
- Requires: slf4j-jdk14
-diff --git a/scripts/compose_pki_test_package b/scripts/compose_pki_test_package
-index 9a43baefe..1e4ac1a8f 100755
---- a/scripts/compose_pki_test_package
-+++ b/scripts/compose_pki_test_package
-@@ -116,7 +116,6 @@ CLASSPATH=$CLASSPATH:/usr/share/java/commons-httpclient.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/idm-console-base-1.1.7.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/idm-console-mcc.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/idm-console-nmclf.jar
--CLASSPATH=$CLASSPATH:/usr/share/java/jakarta-commons-httpclient.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/jaxb-api.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/jaxb/jaxb-impl.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/jakarta-activation/jakarta.activation.jar
-diff --git a/tests/dogtag/dev_java_tests/run_junit_tests.sh b/tests/dogtag/dev_java_tests/run_junit_tests.sh
-index 86fe71864..55df6c391 100644
---- a/tests/dogtag/dev_java_tests/run_junit_tests.sh
-+++ b/tests/dogtag/dev_java_tests/run_junit_tests.sh
-@@ -52,7 +52,6 @@ run_dev_junit_tests() {
- CLASSPATH=$CLASSPATH:/usr/share/java/idm-console-base-1.1.7.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/idm-console-mcc.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/idm-console-nmclf.jar
-- CLASSPATH=$CLASSPATH:/usr/share/java/jakarta-commons-httpclient.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/jaxb-api.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/jakarta-activation/jakarta.activation.jar
- CLASSPATH=$CLASSPATH:/usr/share/java/ldapjdk.jar
diff --git a/dogtag-pki.spec b/dogtag-pki.spec
index 0e7695f..dbf62b1 100644
--- a/dogtag-pki.spec
+++ b/dogtag-pki.spec
@@ -12,9 +12,9 @@ License: GPLv2 and LGPLv2
# For development (i.e. unsupported) releases, use x.y.z-0.n..
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
-Version: 10.10.5
-Release: 3%{?_timestamp}%{?_commit_id}%{?dist}
-#global _phase -beta1
+Version: 10.11.0
+Release: 0.1.alpha1%{?_timestamp}%{?_commit_id}%{?dist}
+%global _phase -alpha1
# To create a tarball from a version tag:
# $ git archive \
@@ -30,7 +30,14 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
# \
# > pki-VERSION-RELEASE.patch
# Patch: pki-VERSION-RELEASE.patch
-Patch1: 0001-remove-jakarta-commons-httpclient.patch
+
+# md2man isn't available on i686. Additionally, we aren't generally multi-lib
+# compatible (https://fedoraproject.org/wiki/Packaging:Java)
+# so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems
+# safest.
+%if ! 0%{?rhel} || 0%{?rhel} > 8
+ExcludeArch: i686
+%endif
################################################################################
# NSS
@@ -42,7 +49,7 @@ Patch1: 0001-remove-jakarta-commons-httpclient.patch
# Python
################################################################################
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} <= 8
%global python_executable /usr/libexec/platform-python
%else
%global python_executable /usr/bin/python3
@@ -55,7 +62,7 @@ Patch1: 0001-remove-jakarta-commons-httpclient.patch
%define java_devel java-devel
%define java_headless java-headless
-%if 0%{?fedora} && 0%{?fedora} >= 33
+%if 0%{?fedora} >= 33 || 0%{?rhel} > 8
%define min_java_version 1:11
%define java_home /usr/lib/jvm/java-11-openjdk
%else
@@ -101,26 +108,32 @@ Patch1: 0001-remove-jakarta-commons-httpclient.patch
# Define --with or --without options depending on
# package selection method.
-%global without_base 1
-%global without_server 1
-%global without_ca 1
-%global without_kra 1
-%global without_ocsp 1
-%global without_tks 1
-%global without_tps 1
-%global without_javadoc 1
-%global without_console 1
+# package_option base
+# package_option server
+# package_option acme
+# package_option ca
+# package_option kra
+# package_option ocsp
+%global with_ocsp 1
+# package_option tks
+%global with_tks 1
+# package_option tps
+%global with_tps 1
+# package_option javadoc
+%global with_javadoc 1
+# package_option console
+%global with_console 1
+# package_option theme
%global with_theme 1
+# package_option meta
%global with_meta 1
-%global with_tests 1
-%global without_debug 1
+# package_option tests
+# package_option debug
%if ! %{with debug}
%define debug_package %{nil}
%endif
-%bcond_without sdnotify
-
# ignore unpackaged files from native 'tpsclient'
# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app
%define _unpackaged_files_terminate_build 0
@@ -187,17 +200,15 @@ BuildRequires: policycoreutils
BuildRequires: python3-lxml
BuildRequires: python3-sphinx
-BuildRequires: velocity
BuildRequires: xalan-j2
BuildRequires: xerces-j2
-%if 0%{?rhel}
+%if 0%{?rhel} && ! 0%{?eln}
BuildRequires: resteasy >= 3.0.26
%else
BuildRequires: jboss-annotations-1.2-api
BuildRequires: jboss-jaxrs-2.0-api
BuildRequires: jboss-logging
-BuildRequires: resteasy-atom-provider >= 3.0.17-1
BuildRequires: resteasy-client >= 3.0.17-1
BuildRequires: resteasy-jaxb-provider >= 3.0.17-1
BuildRequires: resteasy-core >= 3.0.17-1
@@ -211,25 +222,14 @@ BuildRequires: python3-cryptography
BuildRequires: python3-lxml
BuildRequires: python3-ldap
BuildRequires: python3-libselinux
-BuildRequires: python3-nss
BuildRequires: python3-requests >= 2.6.0
BuildRequires: python3-six
-%if 0%{?rhel}
-# no python3-pytest-runner
-%else
-BuildRequires: python3-pytest-runner
-%endif
-
BuildRequires: junit
BuildRequires: jpackage-utils >= 0:1.7.5-10
-BuildRequires: jss >= 4.8.1
+BuildRequires: jss >= 4.9.0
BuildRequires: tomcatjss >= 7.6.1
-# JNA is used to bind to libsystemd
-%if %{with sdnotify}
-BuildRequires: jna
-%endif
BuildRequires: systemd-units
%if 0%{?rhel} && ! 0%{?eln}
@@ -250,7 +250,7 @@ BuildRequires: zlib
BuildRequires: zlib-devel
# build dependency to build man pages
-%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel}
+%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel} && 0%{?rhel} <= 8
BuildRequires: go-md2man
%else
BuildRequires: golang-github-cpuguy83-md2man
@@ -350,7 +350,7 @@ Summary: PKI Symmetric Key Package
Requires: %java_headless >= %{min_java_version}
Requires: jpackage-utils >= 0:1.7.5-10
-Requires: jss >= 4.8.0
+Requires: jss >= 4.9.0
Requires: nss >= 3.38.0
# Ensure we end up with a useful installation
@@ -394,7 +394,7 @@ BuildArch: noarch
Obsoletes: pki-base-python3 < %{version}
Provides: pki-base-python3 = %{version}
-%if 0%{?fedora}
+%if 0%{?fedora} || 0%{?rhel} > 8
%{?python_provide:%python_provide python3-pki}
%endif
@@ -403,7 +403,6 @@ Requires: python3 >= 3.5
Requires: python3-cryptography
Requires: python3-ldap
Requires: python3-lxml
-Requires: python3-nss
Requires: python3-requests >= 2.6.0
Requires: python3-six
@@ -428,28 +427,26 @@ Requires: glassfish-jaxb-api
Requires: slf4j
Requires: slf4j-jdk14
Requires: jpackage-utils >= 0:1.7.5-10
-Requires: jss >= 4.7.0
+Requires: jss >= 4.9.0
Requires: ldapjdk >= 4.22.0
Requires: pki-base = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} <= 8
Requires: resteasy >= 3.0.26
%else
-Requires: resteasy-atom-provider >= 3.0.17-1
Requires: resteasy-client >= 3.0.17-1
Requires: resteasy-jaxb-provider >= 3.0.17-1
Requires: resteasy-core >= 3.0.17-1
Requires: resteasy-jackson2-provider >= 3.0.17-1
%endif
-%if 0%{?fedora} && 0%{?fedora} >= 33
+%if 0%{?fedora} >= 33 || 0%{?rhel} > 8
Requires: jaxb-impl >= 2.3.3
Requires: jakarta-activation >= 1.2.2
%endif
Requires: xalan-j2
Requires: xerces-j2
-Requires: xml-commons-apis
Requires: xml-commons-resolver
%description -n pki-base-java
@@ -511,7 +508,6 @@ Requires: pki-servlet-engine
Requires: tomcat >= 1:9.0.7
%endif
-Requires: velocity
Requires: sudo
Requires: systemd
Requires(post): systemd-units
@@ -520,11 +516,6 @@ Requires(postun): systemd-units
Requires(pre): shadow-utils
Requires: tomcatjss >= 7.6.1
-# JNA is used to bind to libsystemd
-%if %{with sdnotify}
-Requires: jna
-%endif
-
# pki-healthcheck depends on the following library
%if 0%{?rhel}
Requires: ipa-healthcheck-core
@@ -851,9 +842,9 @@ java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | se
java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'`
# assume tomcat app_server
-app_server=tomcat-8.5
+app_server=tomcat-9.0
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} <= 8
%{__mkdir_p} build
cd build
%endif
@@ -883,18 +874,17 @@ cd build
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
- -DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
-DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
-DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
-DTHEME=%{?with_theme:%{vendor_id}} \
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} <= 8
..
%else
-B %{_vpath_builddir}
%endif
-%if 0%{?fedora}
+%if 0%{?fedora} || 0%{?rhel} > 8
cd %{_vpath_builddir}
%endif
@@ -911,7 +901,7 @@ cd %{_vpath_builddir}
%install
################################################################################
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} <= 8
cd build
%else
cd %{_vpath_builddir}
@@ -1179,9 +1169,8 @@ fi
%{_sbindir}/pkidestroy
%{_sbindir}/pki-server
%{_sbindir}/pki-server-upgrade
-%{python3_sitelib}/pki/server/
%{_sbindir}/pki-healthcheck
-%{python3_sitelib}/pki/server/healthcheck/
+%{python3_sitelib}/pki/server/
%{python3_sitelib}/pkihealthcheck-*.egg-info/
%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf
@@ -1224,10 +1213,6 @@ fi
%{_datadir}/pki/setup/
%{_datadir}/pki/server/
-%if %{with sdnotify}
-%{_javadir}/pki/pki-systemd.jar
-%endif
-
# with server
%endif
@@ -1237,7 +1222,6 @@ fi
################################################################################
%{_javadir}/pki/pki-acme.jar
-%dir %{_datadir}/pki/acme
%{_datadir}/pki/acme/
# with acme
@@ -1250,7 +1234,6 @@ fi
%license base/ca/LICENSE
%{_javadir}/pki/pki-ca.jar
-%dir %{_datadir}/pki/ca
%{_datadir}/pki/ca/
# with ca
@@ -1263,7 +1246,6 @@ fi
%license base/kra/LICENSE
%{_javadir}/pki/pki-kra.jar
-%dir %{_datadir}/pki/kra
%{_datadir}/pki/kra/
# with kra
@@ -1276,7 +1258,6 @@ fi
%license base/ocsp/LICENSE
%{_javadir}/pki/pki-ocsp.jar
-%dir %{_datadir}/pki/ocsp
%{_datadir}/pki/ocsp/
# with ocsp
@@ -1289,7 +1270,6 @@ fi
%license base/tks/LICENSE
%{_javadir}/pki/pki-tks.jar
-%dir %{_datadir}/pki/tks
%{_datadir}/pki/tks/
# with tks
@@ -1302,7 +1282,6 @@ fi
%license base/tps/LICENSE
%{_javadir}/pki/pki-tps.jar
-%dir %{_datadir}/pki/tps
%{_datadir}/pki/tps/
%{_mandir}/man5/pki-tps-connector.5.gz
%{_mandir}/man5/pki-tps-profile.5.gz
@@ -1381,6 +1360,9 @@ fi
################################################################################
%changelog
+* Tue May 18 2021 Dogtag PKI Team - 10.10.5-3
- Use tomcat instead of pki-servlet-engine in ELN
diff --git a/sources b/sources
index 0750a4b..2fdc29f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (pki-10.10.5.tar.gz) = 2a70a4dc152e10eb27be7620e876db8237b97af0d3c1d56f840e68ea6035c01f5801318f371ec65d3aa24f505db373b77e6635ba8ed1a95d20a9fc657e9977d5
+SHA512 (pki-10.11.0-alpha1.tar.gz) = 4f4c9b29dc9126c91de9258063f370a05591447cbae76109e6841bdb2ea502994e945a4dd9d00ee85d3b783021b25a7bb243acc060b88901eb4e6b4c01c4f7db