diff --git a/.gitignore b/.gitignore index 1b8e223..b6d9ec8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/pki-11.0.0-beta1.tar.gz +SOURCES/pki-11.0.0.tar.gz diff --git a/.pki-core.metadata b/.pki-core.metadata index a53d336..28ba387 100644 --- a/.pki-core.metadata +++ b/.pki-core.metadata @@ -1 +1 @@ -16b25f34cfa3690f5f2601a0be841586ca410b75 SOURCES/pki-11.0.0-beta1.tar.gz +03cef69c6bd54977770ecdd0f95e693a2e635601 SOURCES/pki-11.0.0.tar.gz diff --git a/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch b/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch deleted file mode 100644 index 18f5af4..0000000 --- a/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 1a7e9b493fc3cfbbd74ab9009fa840c5dcb55c8c Mon Sep 17 00:00:00 2001 -From: jmagne -Date: Thu, 16 Sep 2021 15:48:37 -0700 -Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server - in FIPS mode (RHEL-8.5) (#3742) - -It looks like this is an issue in FIPS mode because when we restart the subsystem, there is a pki command -that runs before the server runs. In order for this command to succeed, we must alter the python script that -runs pki commands to add the following switch to turn off fips mode in java: "-Dcom.redhat.fips=false". - -This allows the JSS proivder to be selected instead of a differnt one which doesn't work for us, when we are in -fips mode. ---- - base/common/python/pki/cli/main.py | 11 ++++++++++- - base/common/share/etc/pki.conf | 10 ++++++++++ - 2 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/base/common/python/pki/cli/main.py b/base/common/python/pki/cli/main.py -index b0ae6c6fc..bc215aaa4 100644 ---- a/base/common/python/pki/cli/main.py -+++ b/base/common/python/pki/cli/main.py -@@ -98,6 +98,7 @@ class PKICLI(pki.cli.CLI): - - java_path = os.getenv('PKI_JAVA_PATH') - java_home = os.getenv('JAVA_HOME') -+ java_fips_cmd = os.getenv('JAVA_FIPS_ENABLED') - pki_lib = os.getenv('PKI_LIB') - logging_config = os.getenv('PKI_LOGGING_CONFIG') - -@@ -113,7 +114,15 @@ class PKICLI(pki.cli.CLI): - cmd.extend(['/usr/bin/env', 'java']) - - cmd.extend([ -- '-cp', pki_lib + '/*', -+ '-cp', pki_lib + '/*' -+ ]) -+ -+ if java_fips_cmd is not None: -+ cmd.extend([ -+ java_fips_cmd -+ ]) -+ -+ cmd.extend([ - '-Djava.util.logging.config.file=' + logging_config, - 'com.netscape.cmstools.cli.MainCLI' - ]) -diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf -index 17615b042..fd40ece3b 100644 ---- a/base/common/share/etc/pki.conf -+++ b/base/common/share/etc/pki.conf -@@ -14,6 +14,16 @@ export JAVA_HOME - PKI_JAVA_PATH=${PKI_JAVA_PATH} - export PKI_JAVA_PATH - -+# JVM options -+# -+# Command switch we want to tell java to observer fips mode -+# For the moment we want this to be false even if we really are -+# in fips mode, because we want the jss prover instead of the sun -+# fips provider to be selected. -+JAVA_FIPS_ENABLED="-Dcom.redhat.fips=false" # Disable FIPS mode -+ -+export JAVA_FIPS_ENABLED -+ - # JNI jar file location - JNI_JAR_DIR=/usr/lib/java - export JNI_JAR_DIR --- -2.31.1 - diff --git a/SOURCES/0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch b/SOURCES/0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch deleted file mode 100644 index 6c6b05f..0000000 --- a/SOURCES/0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 115778bf20812b271c81f19806332f14151dcb7d Mon Sep 17 00:00:00 2001 -From: Jack Magne -Date: Thu, 23 Sep 2021 13:50:41 -0400 -Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server - in FIPS mode (RHEL-8.5). Additional fix to this issue to account for our - standalone java tools. - ---- - base/tools/templates/pki_java_command_wrapper.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/base/tools/templates/pki_java_command_wrapper.in b/base/tools/templates/pki_java_command_wrapper.in -index 05650630d4..d68ed93a30 100644 ---- a/base/tools/templates/pki_java_command_wrapper.in -+++ b/base/tools/templates/pki_java_command_wrapper.in -@@ -90,6 +90,7 @@ JAVA_OPTIONS="" - - ${JAVA} ${JAVA_OPTIONS} \ - -cp "${PKI_LIB}/*" \ -+ -Dcom.redhat.fips=false \ - -Djava.util.logging.config.file=${PKI_LOGGING_CONFIG} \ - com.netscape.cmstools.${COMMAND} "$@" - --- -2.31.1 - diff --git a/SPECS/pki-core.spec b/SPECS/pki-core.spec index 73de0e2..4ab1a51 100644 --- a/SPECS/pki-core.spec +++ b/SPECS/pki-core.spec @@ -16,8 +16,8 @@ License: GPLv2 and LGPLv2 # For development (i.e. unsupported) releases, use x.y.z-0.n.. # For official (i.e. supported) releases, use x.y.z-r where r >=1. Version: 11.0.0 -Release: 0.6.beta1%{?_timestamp}%{?_commit_id}%{?dist} -%global _phase -beta1 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} +#global _phase -alpha1 # To create a tarball from a version tag: # $ git archive \ @@ -34,9 +34,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch -Patch1: 0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch -Patch2: 0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch - # md2man isn't available on i686. Additionally, we aren't generally multi-lib # compatible (https://fedoraproject.org/wiki/Packaging:Java) # so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems @@ -176,7 +173,6 @@ BuildRequires: apache-commons-io BuildRequires: apache-commons-lang3 >= 3.2 BuildRequires: apache-commons-logging BuildRequires: apache-commons-net -BuildRequires: glassfish-jaxb-api BuildRequires: slf4j BuildRequires: slf4j-jdk14 BuildRequires: nspr-devel @@ -391,9 +387,6 @@ Requires: python3-ldap Requires: python3-lxml Requires: python3-requests >= 2.6.0 Requires: python3-six -%if 0%{?rhel} < 9 || 0%{?fedora} < 34 -Recommends: python3-nss -%endif %description -n python3-%{product_id} This package provides common and client library for Python 3. @@ -415,7 +408,6 @@ Requires: apache-commons-io Requires: apache-commons-lang3 >= 3.2 Requires: apache-commons-logging Requires: apache-commons-net -Requires: glassfish-jaxb-api Requires: slf4j Requires: slf4j-jdk14 Requires: jpackage-utils >= 0:1.7.5-10 @@ -1377,16 +1369,24 @@ fi ################################################################################ %changelog -* Fri Sep 24 2021 Red Hat PKI Team - 11.0.0-0.6.beta1 +* Tue Oct 05 2021 Red Hat PKI Team - 11.0.0-1 +- Rebase to PKI 11.0.0 + +* Thu Sep 30 2021 Red Hat PKI Team - 11.0.0-0.6.beta1 +- Rebase to PKI 11.0.0-beta1 - Bug #1999052 - pki instance creation fails for IPA server -* Tue Sep 21 2021 Red Hat PKI Team - 11.0.0-0.5.beta1 -- Rebase to PKI 11.0.0-beta1 +* Thu Sep 09 2021 Red Hat PKI Team - 11.0.0-0.5.alpha1 +- Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl + Resolves #2002594 * Mon Aug 09 2021 Mohan Boddu - 11.0.0-0.4.alpha1 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 +* Tue May 18 2021 Red Hat PKI Team 10.11.0-0.1 +- Rebase to PKI 10.11.0-alpha1 + * Thu Jul 1 2021 Red Hat PKI Team - 11.0.0-0.3 - Drop sudo dependency