rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

ipa-4.12.0-3

Browse Source 
- Related: RHEL-34809
temporarily revert a commit that depends on newer version of python-jwcrypto

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2024-06-05 15:07:32 +02:00
parent 86ca9218d9
commit 3e4c75a7b3
2 changed files with 97 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
0002-Revert-custodia-do-not-use-deprecated-jwcrypto-wrapp.patch Normal file
View File

@ -0,0 +1,91 @@
From bf6653418aa772b47e53f1af092382df5810661c Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Wed, 5 Jun 2024 15:03:54 +0200
Subject: [PATCH] Revert "custodia: do not use deprecated jwcrypto wrappers"
This reverts commit 536812080502baa51818d9a33ea6533675800b30.
---
install/tools/ipa-custodia-check.in | 4 ++--
ipaserver/custodia/message/kem.py | 14 +++++++-------
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/install/tools/ipa-custodia-check.in b/install/tools/ipa-custodia-check.in
index f3bbf8e7f0eca6e35080fb6770c9d4b1887384ea..4f526b433f872fa7d94e827df0bb206b78a9b58d 100644
--- a/install/tools/ipa-custodia-check.in
+++ b/install/tools/ipa-custodia-check.in
@@ -192,10 +192,10 @@ class IPACustodiaTester:
usage, IPA_CUSTODIA_KEYFILE
))
- if pkey.get('kid') != self.host_spn:
+ if pkey.key_id != self.host_spn:
raise self.error( # pylint: disable=raising-bad-type, #4772
"KID '{}' != host service principal name '{}' "
- "(usage: {})".format(pkey.get('kid'), self.host_spn, usage),
+ "(usage: {})".format(pkey.key_id, self.host_spn, usage),
fatal=True
)
else:
diff --git a/ipaserver/custodia/message/kem.py b/ipaserver/custodia/message/kem.py
index c2996bc921aeac0241111d95194977f9aa630cae..fbbc3fe46f60d25fe1754af70b18bb769c127fa2 100644
--- a/ipaserver/custodia/message/kem.py
+++ b/ipaserver/custodia/message/kem.py
@@ -85,7 +85,7 @@ class KEMKeysStore(SimplePathAuthz):
if self._alg is None:
alg = self.config.get('signing_algorithm', None)
if alg is None:
- ktype = self.server_keys[KEY_USAGE_SIG]['kty']
+ ktype = self.server_keys[KEY_USAGE_SIG].key_type
if ktype == 'RSA':
alg = 'RS256'
elif ktype == 'EC':
@@ -125,9 +125,9 @@ class KEMHandler(MessageHandler):
if 'kid' not in header:
raise InvalidMessage("Missing key identifier")
- key = self.kkstore.find_key(header.get('kid'), usage)
+ key = self.kkstore.find_key(header['kid'], usage)
if key is None:
- raise UnknownPublicKey('Key found [kid:%s]' % header.get('kid'))
+ raise UnknownPublicKey('Key found [kid:%s]' % header['kid'])
return json_decode(key)
def parse(self, msg, name):
@@ -179,14 +179,14 @@ class KEMHandler(MessageHandler):
self.msg_type = 'kem'
return {'type': self.msg_type,
- 'value': {'kid': self.client_keys[KEY_USAGE_ENC].get('kid'),
+ 'value': {'kid': self.client_keys[KEY_USAGE_ENC].key_id,
'claims': claims}}
def reply(self, output):
if self.client_keys is None:
raise UnknownPublicKey("Peer key not defined")
- ktype = self.client_keys[KEY_USAGE_ENC]['kty']
+ ktype = self.client_keys[KEY_USAGE_ENC].key_type
if ktype == 'RSA':
enc = ('RSA-OAEP', 'A256CBC-HS512')
else:
@@ -224,7 +224,7 @@ class KEMClient:
def make_sig_kem(name, value, key, alg):
- header = {'kid': key.get('kid'), 'alg': alg}
+ header = {'kid': key.key_id, 'alg': alg}
claims = {'sub': name, 'exp': int(time.time() + (5 * 60))}
if value is not None:
claims['value'] = value
@@ -235,7 +235,7 @@ def make_sig_kem(name, value, key, alg):
def make_enc_kem(name, value, sig_key, alg, enc_key, enc):
plaintext = make_sig_kem(name, value, sig_key, alg)
- eprot = {'kid': enc_key.get('kid'), 'alg': enc[0], 'enc': enc[1]}
+ eprot = {'kid': enc_key.key_id, 'alg': enc[0], 'enc': enc[1]}
jwe = JWE(plaintext, json_encode(eprot))
jwe.add_recipient(enc_key)
return jwe.serialize(compact=True)
--
2.45.1

7
freeipa.spec
View File

@ -224,7 +224,7 @@
Name: %{package_name} Name: %{package_name}
Version: %{IPA_VERSION} Version: %{IPA_VERSION}
Release: 2%{?rc_version:.%rc_version}%{?dist} Release: 3%{?rc_version:.%rc_version}%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
License: GPL-3.0-or-later License: GPL-3.0-or-later
@ -249,6 +249,7 @@ Patch1002: 1002-Revert-freeipa.spec-depend-on-bind-dnssec-utils.patch
%endif %endif
%if 0%{?rhel} == 9 %if 0%{?rhel} == 9
Patch0001: 0001-Revert-Replace-netifaces-with-ifaddr.patch Patch0001: 0001-Revert-Replace-netifaces-with-ifaddr.patch
Patch0002: 0002-Revert-custodia-do-not-use-deprecated-jwcrypto-wrapp.patch
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
%endif %endif
%endif %endif
@ -1859,6 +1860,10 @@ fi
%endif %endif
%changelog %changelog
* Wed Jun 05 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-3
- Related: RHEL-34809
temporarily revert a commit that depends on newer version of python-jwcrypto
* Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-2 * Tue Jun 04 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.12.0-2
- Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency - Resolves: RHEL-39950 ipa-client can't be installed because of a missing dependency