import pki-core-11.0.0-1.el9

2021-12-07 13:13:40 -05:00 · 2021-12-07 13:13:40 -05:00 · 07726438f8
commit 07726438f8
parent 6eb1a207af
5 changed files with 15 additions and 111 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/pki-11.0.0-beta1.tar.gz
+SOURCES/pki-11.0.0.tar.gz
--- a/.pki-core.metadata
+++ b/.pki-core.metadata
@ -1 +1 @@
-16b25f34cfa3690f5f2601a0be841586ca410b75 SOURCES/pki-11.0.0-beta1.tar.gz
+03cef69c6bd54977770ecdd0f95e693a2e635601 SOURCES/pki-11.0.0.tar.gz
--- a/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
+++ b/SOURCES/0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
@ -1,70 +0,0 @@
 From 1a7e9b493fc3cfbbd74ab9009fa840c5dcb55c8c Mon Sep 17 00:00:00 2001
 From: jmagne <jmagne@redhat.com>
 Date: Thu, 16 Sep 2021 15:48:37 -0700
 Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server
 in FIPS mode (RHEL-8.5) (#3742)
 It looks like this is an issue in FIPS mode because when we restart the subsystem, there is a pki command
 that runs before the server runs. In order for this command to succeed, we must alter the python script that
 runs pki commands to add the following switch to turn off fips mode in java: "-Dcom.redhat.fips=false".
 This allows the JSS proivder to be selected instead of a differnt one which doesn't work for us, when we are in
 fips mode.
 ---
 base/common/python/pki/cli/main.py | 11 ++++++++++-
 base/common/share/etc/pki.conf     | 10 ++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 diff --git a/base/common/python/pki/cli/main.py b/base/common/python/pki/cli/main.py
 index b0ae6c6fc..bc215aaa4 100644
 --- a/base/common/python/pki/cli/main.py
 +++ b/base/common/python/pki/cli/main.py
@@ -98,6 +98,7 @@ class PKICLI(pki.cli.CLI):
         java_path = os.getenv('PKI_JAVA_PATH')
         java_home = os.getenv('JAVA_HOME')
 +        java_fips_cmd = os.getenv('JAVA_FIPS_ENABLED')
         pki_lib = os.getenv('PKI_LIB')
         logging_config = os.getenv('PKI_LOGGING_CONFIG')
@@ -113,7 +114,15 @@ class PKICLI(pki.cli.CLI):
             cmd.extend(['/usr/bin/env', 'java'])
         cmd.extend([
 -            '-cp', pki_lib + '/*',
 +            '-cp', pki_lib + '/*'
 +        ])
 +
 +        if java_fips_cmd is not None:
 +            cmd.extend([
 +                java_fips_cmd
 +            ])
 +
 +        cmd.extend([
             '-Djava.util.logging.config.file=' + logging_config,
             'com.netscape.cmstools.cli.MainCLI'
         ])
 diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
 index 17615b042..fd40ece3b 100644
 --- a/base/common/share/etc/pki.conf
 +++ b/base/common/share/etc/pki.conf
@@ -14,6 +14,16 @@ export JAVA_HOME
 PKI_JAVA_PATH=${PKI_JAVA_PATH}
 export PKI_JAVA_PATH
 +# JVM options
 +#
 +# Command switch we want to tell java to observer fips mode
 +# For the moment we want this to be false even if we really are
 +# in fips mode, because we want the jss prover instead of the sun
 +# fips provider to be selected.
 +JAVA_FIPS_ENABLED="-Dcom.redhat.fips=false" # Disable FIPS mode
 +
 +export JAVA_FIPS_ENABLED
 +
 # JNI jar file location
 JNI_JAR_DIR=/usr/lib/java
 export JNI_JAR_DIR
 -- 
 2.31.1
--- a/SOURCES/0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
+++ b/SOURCES/0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
@ -1,26 +0,0 @@
 From 115778bf20812b271c81f19806332f14151dcb7d Mon Sep 17 00:00:00 2001
 From: Jack Magne <jmagne@redhat.com>
 Date: Thu, 23 Sep 2021 13:50:41 -0400
 Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server
 in FIPS mode (RHEL-8.5). Additional fix to this issue to account for our
 standalone java tools.
 ---
 base/tools/templates/pki_java_command_wrapper.in | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/base/tools/templates/pki_java_command_wrapper.in b/base/tools/templates/pki_java_command_wrapper.in
 index 05650630d4..d68ed93a30 100644
 --- a/base/tools/templates/pki_java_command_wrapper.in
 +++ b/base/tools/templates/pki_java_command_wrapper.in
@@ -90,6 +90,7 @@ JAVA_OPTIONS=""
 ${JAVA} ${JAVA_OPTIONS} \
   -cp "${PKI_LIB}/*" \
 +  -Dcom.redhat.fips=false \
   -Djava.util.logging.config.file=${PKI_LOGGING_CONFIG} \
   com.netscape.cmstools.${COMMAND} "$@"
 -- 
 2.31.1
--- a/SPECS/pki-core.spec
+++ b/SPECS/pki-core.spec
@ -16,8 +16,8 @@ License:          GPLv2 and LGPLv2
 # For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
 Version:          11.0.0
-Release:          0.6.beta1%{?_timestamp}%{?_commit_id}%{?dist}
+Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
-%global           _phase -beta1
+#global           _phase -alpha1
 # To create a tarball from a version tag:
 # $ git archive \
@ -34,9 +34,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
 #     > pki-VERSION-RELEASE.patch
 # Patch: pki-VERSION-RELEASE.patch
 Patch1: 0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
 Patch2: 0002-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
 # md2man isn't available on i686. Additionally, we aren't generally multi-lib
 # compatible (https://fedoraproject.org/wiki/Packaging:Java)
 # so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems
@ -176,7 +173,6 @@ BuildRequires:    apache-commons-io
 BuildRequires:    apache-commons-lang3 >= 3.2
 BuildRequires:    apache-commons-logging
 BuildRequires:    apache-commons-net
 BuildRequires:    glassfish-jaxb-api
 BuildRequires:    slf4j
 BuildRequires:    slf4j-jdk14
 BuildRequires:    nspr-devel
@ -391,9 +387,6 @@ Requires:         python3-ldap
 Requires:         python3-lxml
 Requires:         python3-requests >= 2.6.0
 Requires:         python3-six
 %if 0%{?rhel} < 9 || 0%{?fedora} < 34
 Recommends:       python3-nss
 %endif
 %description -n   python3-%{product_id}
 This package provides common and client library for Python 3.
@ -415,7 +408,6 @@ Requires:         apache-commons-io
 Requires:         apache-commons-lang3 >= 3.2
 Requires:         apache-commons-logging
 Requires:         apache-commons-net
 Requires:         glassfish-jaxb-api
 Requires:         slf4j
 Requires:         slf4j-jdk14
 Requires:         jpackage-utils >= 0:1.7.5-10
@ -1377,16 +1369,24 @@ fi
 ################################################################################
 %changelog
-* Fri Sep 24 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.6.beta1
+* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-1
 - Rebase to PKI 11.0.0
 * Thu Sep 30 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.6.beta1
 - Rebase to PKI 11.0.0-beta1
 - Bug #1999052 - pki instance creation fails for IPA server
-* Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.5.beta1
+* Thu Sep 09 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.5.alpha1
- Rebase to PKI 11.0.0-beta1
+- Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl
  Resolves #2002594
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.0.0-0.4.alpha1
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Tue May 18 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.1
 - Rebase to PKI 10.11.0-alpha1
 * Thu Jul  1 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.3
 - Drop sudo dependency
`@ -1 +1 @@`
	`SOURCES/pki-11.0.0-beta1.tar.gz`	`SOURCES/pki-11.0.0.tar.gz`
`@ -1 +1 @@`
	`16b25f34cfa3690f5f2601a0be841586ca410b75 SOURCES/pki-11.0.0-beta1.tar.gz`	`03cef69c6bd54977770ecdd0f95e693a2e635601 SOURCES/pki-11.0.0.tar.gz`