import pki-core-11.0.0-1.el9
This commit is contained in:
parent
6eb1a207af
commit
07726438f8
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/pki-11.0.0-beta1.tar.gz
|
SOURCES/pki-11.0.0.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
16b25f34cfa3690f5f2601a0be841586ca410b75 SOURCES/pki-11.0.0-beta1.tar.gz
|
03cef69c6bd54977770ecdd0f95e693a2e635601 SOURCES/pki-11.0.0.tar.gz
|
||||||
|
@ -1,70 +0,0 @@
|
|||||||
From 1a7e9b493fc3cfbbd74ab9009fa840c5dcb55c8c Mon Sep 17 00:00:00 2001
|
|
||||||
From: jmagne <jmagne@redhat.com>
|
|
||||||
Date: Thu, 16 Sep 2021 15:48:37 -0700
|
|
||||||
Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server
|
|
||||||
in FIPS mode (RHEL-8.5) (#3742)
|
|
||||||
|
|
||||||
It looks like this is an issue in FIPS mode because when we restart the subsystem, there is a pki command
|
|
||||||
that runs before the server runs. In order for this command to succeed, we must alter the python script that
|
|
||||||
runs pki commands to add the following switch to turn off fips mode in java: "-Dcom.redhat.fips=false".
|
|
||||||
|
|
||||||
This allows the JSS proivder to be selected instead of a differnt one which doesn't work for us, when we are in
|
|
||||||
fips mode.
|
|
||||||
---
|
|
||||||
base/common/python/pki/cli/main.py | 11 ++++++++++-
|
|
||||||
base/common/share/etc/pki.conf | 10 ++++++++++
|
|
||||||
2 files changed, 20 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/base/common/python/pki/cli/main.py b/base/common/python/pki/cli/main.py
|
|
||||||
index b0ae6c6fc..bc215aaa4 100644
|
|
||||||
--- a/base/common/python/pki/cli/main.py
|
|
||||||
+++ b/base/common/python/pki/cli/main.py
|
|
||||||
@@ -98,6 +98,7 @@ class PKICLI(pki.cli.CLI):
|
|
||||||
|
|
||||||
java_path = os.getenv('PKI_JAVA_PATH')
|
|
||||||
java_home = os.getenv('JAVA_HOME')
|
|
||||||
+ java_fips_cmd = os.getenv('JAVA_FIPS_ENABLED')
|
|
||||||
pki_lib = os.getenv('PKI_LIB')
|
|
||||||
logging_config = os.getenv('PKI_LOGGING_CONFIG')
|
|
||||||
|
|
||||||
@@ -113,7 +114,15 @@ class PKICLI(pki.cli.CLI):
|
|
||||||
cmd.extend(['/usr/bin/env', 'java'])
|
|
||||||
|
|
||||||
cmd.extend([
|
|
||||||
- '-cp', pki_lib + '/*',
|
|
||||||
+ '-cp', pki_lib + '/*'
|
|
||||||
+ ])
|
|
||||||
+
|
|
||||||
+ if java_fips_cmd is not None:
|
|
||||||
+ cmd.extend([
|
|
||||||
+ java_fips_cmd
|
|
||||||
+ ])
|
|
||||||
+
|
|
||||||
+ cmd.extend([
|
|
||||||
'-Djava.util.logging.config.file=' + logging_config,
|
|
||||||
'com.netscape.cmstools.cli.MainCLI'
|
|
||||||
])
|
|
||||||
diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
|
|
||||||
index 17615b042..fd40ece3b 100644
|
|
||||||
--- a/base/common/share/etc/pki.conf
|
|
||||||
+++ b/base/common/share/etc/pki.conf
|
|
||||||
@@ -14,6 +14,16 @@ export JAVA_HOME
|
|
||||||
PKI_JAVA_PATH=${PKI_JAVA_PATH}
|
|
||||||
export PKI_JAVA_PATH
|
|
||||||
|
|
||||||
+# JVM options
|
|
||||||
+#
|
|
||||||
+# Command switch we want to tell java to observer fips mode
|
|
||||||
+# For the moment we want this to be false even if we really are
|
|
||||||
+# in fips mode, because we want the jss prover instead of the sun
|
|
||||||
+# fips provider to be selected.
|
|
||||||
+JAVA_FIPS_ENABLED="-Dcom.redhat.fips=false" # Disable FIPS mode
|
|
||||||
+
|
|
||||||
+export JAVA_FIPS_ENABLED
|
|
||||||
+
|
|
||||||
# JNI jar file location
|
|
||||||
JNI_JAR_DIR=/usr/lib/java
|
|
||||||
export JNI_JAR_DIR
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From 115778bf20812b271c81f19806332f14151dcb7d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jack Magne <jmagne@redhat.com>
|
|
||||||
Date: Thu, 23 Sep 2021 13:50:41 -0400
|
|
||||||
Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server
|
|
||||||
in FIPS mode (RHEL-8.5). Additional fix to this issue to account for our
|
|
||||||
standalone java tools.
|
|
||||||
|
|
||||||
---
|
|
||||||
base/tools/templates/pki_java_command_wrapper.in | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/base/tools/templates/pki_java_command_wrapper.in b/base/tools/templates/pki_java_command_wrapper.in
|
|
||||||
index 05650630d4..d68ed93a30 100644
|
|
||||||
--- a/base/tools/templates/pki_java_command_wrapper.in
|
|
||||||
+++ b/base/tools/templates/pki_java_command_wrapper.in
|
|
||||||
@@ -90,6 +90,7 @@ JAVA_OPTIONS=""
|
|
||||||
|
|
||||||
${JAVA} ${JAVA_OPTIONS} \
|
|
||||||
-cp "${PKI_LIB}/*" \
|
|
||||||
+ -Dcom.redhat.fips=false \
|
|
||||||
-Djava.util.logging.config.file=${PKI_LOGGING_CONFIG} \
|
|
||||||
com.netscape.cmstools.${COMMAND} "$@"
|
|
||||||
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -16,8 +16,8 @@ License: GPLv2 and LGPLv2
|
|||||||
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
|
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
|
||||||
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
|
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
|
||||||
Version: 11.0.0
|
Version: 11.0.0
|
||||||
Release: 0.6.beta1%{?_timestamp}%{?_commit_id}%{?dist}
|
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
|
||||||
%global _phase -beta1
|
#global _phase -alpha1
|
||||||
|
|
||||||
# To create a tarball from a version tag:
|
# To create a tarball from a version tag:
|
||||||
# $ git archive \
|
# $ git archive \
|
||||||
@ -34,9 +34,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
|
|||||||
# > pki-VERSION-RELEASE.patch
|
# > pki-VERSION-RELEASE.patch
|
||||||
# Patch: pki-VERSION-RELEASE.patch
|
# Patch: pki-VERSION-RELEASE.patch
|
||||||
|
|
||||||
Patch1: 0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
|
|
||||||
Patch2: 0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
|
|
||||||
|
|
||||||
# md2man isn't available on i686. Additionally, we aren't generally multi-lib
|
# md2man isn't available on i686. Additionally, we aren't generally multi-lib
|
||||||
# compatible (https://fedoraproject.org/wiki/Packaging:Java)
|
# compatible (https://fedoraproject.org/wiki/Packaging:Java)
|
||||||
# so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems
|
# so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems
|
||||||
@ -176,7 +173,6 @@ BuildRequires: apache-commons-io
|
|||||||
BuildRequires: apache-commons-lang3 >= 3.2
|
BuildRequires: apache-commons-lang3 >= 3.2
|
||||||
BuildRequires: apache-commons-logging
|
BuildRequires: apache-commons-logging
|
||||||
BuildRequires: apache-commons-net
|
BuildRequires: apache-commons-net
|
||||||
BuildRequires: glassfish-jaxb-api
|
|
||||||
BuildRequires: slf4j
|
BuildRequires: slf4j
|
||||||
BuildRequires: slf4j-jdk14
|
BuildRequires: slf4j-jdk14
|
||||||
BuildRequires: nspr-devel
|
BuildRequires: nspr-devel
|
||||||
@ -391,9 +387,6 @@ Requires: python3-ldap
|
|||||||
Requires: python3-lxml
|
Requires: python3-lxml
|
||||||
Requires: python3-requests >= 2.6.0
|
Requires: python3-requests >= 2.6.0
|
||||||
Requires: python3-six
|
Requires: python3-six
|
||||||
%if 0%{?rhel} < 9 || 0%{?fedora} < 34
|
|
||||||
Recommends: python3-nss
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description -n python3-%{product_id}
|
%description -n python3-%{product_id}
|
||||||
This package provides common and client library for Python 3.
|
This package provides common and client library for Python 3.
|
||||||
@ -415,7 +408,6 @@ Requires: apache-commons-io
|
|||||||
Requires: apache-commons-lang3 >= 3.2
|
Requires: apache-commons-lang3 >= 3.2
|
||||||
Requires: apache-commons-logging
|
Requires: apache-commons-logging
|
||||||
Requires: apache-commons-net
|
Requires: apache-commons-net
|
||||||
Requires: glassfish-jaxb-api
|
|
||||||
Requires: slf4j
|
Requires: slf4j
|
||||||
Requires: slf4j-jdk14
|
Requires: slf4j-jdk14
|
||||||
Requires: jpackage-utils >= 0:1.7.5-10
|
Requires: jpackage-utils >= 0:1.7.5-10
|
||||||
@ -1377,16 +1369,24 @@ fi
|
|||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Sep 24 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.6.beta1
|
* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-1
|
||||||
|
- Rebase to PKI 11.0.0
|
||||||
|
|
||||||
|
* Thu Sep 30 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.6.beta1
|
||||||
|
- Rebase to PKI 11.0.0-beta1
|
||||||
- Bug #1999052 - pki instance creation fails for IPA server
|
- Bug #1999052 - pki instance creation fails for IPA server
|
||||||
|
|
||||||
* Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.5.beta1
|
* Thu Sep 09 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.5.alpha1
|
||||||
- Rebase to PKI 11.0.0-beta1
|
- Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl
|
||||||
|
Resolves #2002594
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.0.0-0.4.alpha1
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.0.0-0.4.alpha1
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
|
||||||
|
* Tue May 18 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.1
|
||||||
|
- Rebase to PKI 10.11.0-alpha1
|
||||||
|
|
||||||
* Thu Jul 1 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.3
|
* Thu Jul 1 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.3
|
||||||
- Drop sudo dependency
|
- Drop sudo dependency
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user