From 1346ff447af12c1102a24d7e2e8c232df59db1be Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 18 Apr 2022 17:24:36 -0500 Subject: [PATCH] Rebase to PKI 11.2.0-beta1 Resolves: #2075154 --- .gitignore | 1 + pki-core.spec | 144 ++++++++++++++++++-------------------------------- sources | 2 +- 3 files changed, 52 insertions(+), 95 deletions(-) diff --git a/.gitignore b/.gitignore index b456e3b..4baeee6 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,4 @@ /pki-11.0.0.tar.gz /pki-11.0.1.tar.gz /pki-11.0.3.tar.gz +/pki-11.2.0-beta1.tar.gz diff --git a/pki-core.spec b/pki-core.spec index 098dc12..8f0d16f 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -15,9 +15,9 @@ License: GPLv2 and LGPLv2 # For development (i.e. unsupported) releases, use x.y.z-0.n.. # For official (i.e. supported) releases, use x.y.z-r where r >=1. -Version: 11.0.3 -Release: 1%{?_timestamp}%{?_commit_id}%{?dist} -#global _phase -alpha1 +Version: 11.2.0 +Release: 0.2.beta1%{?_timestamp}%{?_commit_id}%{?dist} +%global _phase -beta1 # To create a tarball from a version tag: # $ git archive \ @@ -62,16 +62,9 @@ ExcludeArch: i686 # Java ################################################################################ -%define java_devel java-11-openjdk-devel -%define java_headless java-11-openjdk-headless -%define java_home %{_jvmdir}/jre-11-openjdk - -################################################################################ -# RESTEasy -################################################################################ - -%define jaxrs_api_jar /usr/share/java/jboss-jaxrs-2.0-api.jar -%define resteasy_lib /usr/share/java/resteasy +%define java_devel java-17-openjdk-devel +%define java_headless java-17-openjdk-headless +%define java_home %{_jvmdir}/jre-17-openjdk ################################################################################ # PKI @@ -185,12 +178,9 @@ BuildRequires: policycoreutils BuildRequires: python3-lxml BuildRequires: python3-sphinx -BuildRequires: xalan-j2 -BuildRequires: xerces-j2 - BuildRequires: resteasy >= 3.0.26 -BuildRequires: python3 >= 3.5 +BuildRequires: python3 >= 3.9 BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-cryptography @@ -202,16 +192,16 @@ BuildRequires: python3-six BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 -BuildRequires: jss >= 5.0.0 -BuildRequires: tomcatjss >= 8.0.0 -BuildRequires: ldapjdk >= 5.0.0 +BuildRequires: jss >= 5.2.0 +BuildRequires: tomcatjss >= 8.2.0 +BuildRequires: ldapjdk >= 5.2.0 BuildRequires: systemd-units %if 0%{?rhel} && ! 0%{?eln} -BuildRequires: pki-servlet-engine +BuildRequires: pki-servlet-engine >= 9.0.31 %else -BuildRequires: tomcat >= 1:9.0.7 +BuildRequires: tomcat >= 1:9.0.31 %endif # additional build requirements needed to build native 'tpsclient' @@ -270,13 +260,15 @@ to manage enterprise Public Key Infrastructure deployments. Summary: %{product_name} Package %endif +Obsoletes: pki-symkey < %{version} +Obsoletes: %{product_id}-pki-symkey < %{version} Obsoletes: pki-console < %{version} Obsoletes: pki-console-theme < %{version} Obsoletes: idm-console-framework < 2.0 # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI theme packages -Requires: %{product_id}-server-theme = %{version}-%{release} +Requires: %{product_id}-theme = %{version}-%{release} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages @@ -318,28 +310,6 @@ to manage enterprise Public Key Infrastructure deployments. %endif %if %{with base} -################################################################################ -%package -n %{product_id}-symkey -################################################################################ - -Summary: %{product_name} Symmetric Key Package - -Obsoletes: pki-symkey < %{version}-%{release} -Provides: pki-symkey = %{version}-%{release} - -Requires: %{java_headless} -Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 5.0.0 -Requires: nss >= 3.38.0 - -# Ensure we end up with a useful installation -Conflicts: pki-symkey < %{version} -Conflicts: pki-javadoc < %{version} -Conflicts: pki-server-theme < %{version} - -%description -n %{product_id}-symkey -This package provides library for symmetric key operations. - ################################################################################ %package -n %{product_id}-base ################################################################################ @@ -356,9 +326,9 @@ Requires: python3-pki = %{version}-%{release} Requires(post): python3-pki = %{version}-%{release} # Ensure we end up with a useful installation -Conflicts: pki-symkey < %{version} Conflicts: pki-javadoc < %{version} Conflicts: pki-server-theme < %{version} +Conflicts: %{product_id}-theme < %{version} %description -n %{product_id}-base This package provides default configuration files for %{product_name} client. @@ -381,7 +351,7 @@ Provides: pki-base-python3 = %{version}-%{release} %endif Requires: %{product_id}-base = %{version}-%{release} -Requires: python3 >= 3.5 +Requires: python3 >= 3.9 Requires: python3-cryptography Requires: python3-ldap Requires: python3-lxml @@ -392,7 +362,7 @@ Requires: python3-six This package provides common and client library for Python 3. ################################################################################ -%package -n %{product_id}-base-java +%package -n %{product_id}-java ################################################################################ Summary: %{product_name} Base Java Package @@ -401,6 +371,9 @@ BuildArch: noarch Obsoletes: pki-base-java < %{version}-%{release} Provides: pki-base-java = %{version}-%{release} +Obsoletes: %{product_id}-base-java < %{version}-%{release} +Provides: %{product_id}-base-java = %{version}-%{release} + Requires: %{java_headless} Requires: apache-commons-cli Requires: apache-commons-codec @@ -411,8 +384,8 @@ Requires: apache-commons-net Requires: slf4j Requires: slf4j-jdk14 Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 5.0.0 -Requires: ldapjdk >= 5.0.0 +Requires: jss >= 5.2.0 +Requires: ldapjdk >= 5.2.0 Requires: %{product_id}-base = %{version}-%{release} %if 0%{?rhel} && 0%{?rhel} <= 8 @@ -423,11 +396,7 @@ Requires: resteasy-core >= 3.0.17-1 Requires: resteasy-jackson2-provider >= 3.0.17-1 %endif -Requires: xalan-j2 -Requires: xerces-j2 -Requires: xml-commons-resolver - -%description -n %{product_id}-base-java +%description -n %{product_id}-java This package provides common and client libraries for Java. ################################################################################ @@ -441,7 +410,7 @@ Provides: pki-tools = %{version}-%{release} Requires: openldap-clients Requires: nss-tools >= 3.36.1 -Requires: %{product_id}-base-java = %{version}-%{release} +Requires: %{product_id}-java = %{version}-%{release} Requires: p11-kit-trust # PKICertImport depends on certutil and openssl @@ -452,6 +421,9 @@ Requires: openssl This package provides tools that can be used to help make %{product_name} into a more complete and robust PKI solution. +The utility "tpsclient" is a test tool that interacts with TPS. +This tool is useful to test TPS server without risking an actual smart card. + # with base %endif @@ -472,7 +444,6 @@ Requires: policycoreutils Requires: procps-ng Requires: openldap-clients Requires: openssl -Requires: %{product_id}-symkey = %{version}-%{release} Requires: %{product_id}-tools = %{version}-%{release} Requires: keyutils @@ -486,16 +457,16 @@ Requires: python3-policycoreutils Requires: selinux-policy-targeted >= 3.13.1-159 %if 0%{?rhel} && ! 0%{?eln} -Requires: pki-servlet-engine +Requires: pki-servlet-engine >= 9.0.31 %else -Requires: tomcat >= 1:9.0.7 +Requires: tomcat >= 1:9.0.31 %endif Requires: systemd Requires(post): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils -Requires: tomcatjss >= 8.0.0 +Requires: tomcatjss >= 8.2.0 # pki-healthcheck depends on the following library %if 0%{?rhel} @@ -684,6 +655,7 @@ behind the firewall with restricted access. ################################################################################ Summary: %{product_name} TPS Package +BuildArch: noarch Obsoletes: pki-tps < %{version}-%{release} Provides: pki-tps = %{version}-%{release} @@ -714,10 +686,6 @@ Token Key Service (TKS)) to fulfill the user's requests. TPS also interacts with the token database, an LDAP server that stores information about individual tokens. -The utility "tpsclient" is a test tool that interacts with TPS. This -tool is useful to test TPS server configs without risking an actual -smart card. - # with tps %endif @@ -734,8 +702,8 @@ Provides: pki-javadoc = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-base < %{version} -Conflicts: pki-symkey < %{version} Conflicts: pki-server-theme < %{version} +Conflicts: %{product_id}-theme < %{version} %description -n %{product_id}-javadoc This package provides %{product_name} API documentation. @@ -757,7 +725,7 @@ Obsoletes: pki-console < %{version}-%{release} Provides: pki-console = %{version}-%{release} Requires: idm-console-framework >= 2.0 -Requires: %{product_id}-base-java = %{version}-%{release} +Requires: %{product_id}-java = %{version}-%{release} Requires: %{product_id}-console-theme = %{version}-%{release} %description -n %{product_id}-console @@ -768,7 +736,7 @@ Requires: %{product_id}-console-theme = %{version}-%{release} %if %{with theme} ################################################################################ -%package -n %{product_id}-server-theme +%package -n %{product_id}-theme ################################################################################ Summary: %{product_name} Server Theme Package @@ -777,13 +745,15 @@ BuildArch: noarch Obsoletes: pki-server-theme < %{version}-%{release} Provides: pki-server-theme = %{version}-%{release} +Obsoletes: %{product_id}-server-theme < %{version}-%{release} +Provides: %{product_id}-server-theme = %{version}-%{release} + # Ensure we end up with a useful installation Conflicts: pki-base < %{version} -Conflicts: pki-symkey < %{version} Conflicts: pki-javadoc < %{version} -%description -n %{product_id}-server-theme -This package provides theme files for %{product_name} Server. +%description -n %{product_id}-theme +This package provides theme files for %{product_name}. %if %{with console} ################################################################################ @@ -798,9 +768,9 @@ Provides: pki-console-theme = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-base < %{version} -Conflicts: pki-symkey < %{version} Conflicts: pki-server-theme < %{version} Conflicts: pki-javadoc < %{version} +Conflicts: %{product_id}-theme < %{version} %description -n %{product_id}-console-theme This package provides theme files for %{product_name} Console. @@ -863,12 +833,9 @@ cd build -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ -DJAVA_VERSION=${java_version} \ -DJAVA_HOME=%{java_home} \ - -DPKI_JAVA_PATH=%{java_home}/bin/java \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -DAPP_SERVER=$app_server \ - -DJAXRS_API_JAR=%{jaxrs_api_jar} \ - -DRESTEASY_LIB=%{resteasy_lib} \ -DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \ -DBUILD_PKI_CORE:BOOL=ON \ -DPYTHON_EXECUTABLE=%{python_executable} \ @@ -948,7 +915,6 @@ ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroo %if %{with server} # Customize server common library links in /usr/share/pki/server/common/lib -ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar %if 0%{?fedora} && 0%{?fedora} <= 34 ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar @@ -1029,14 +995,6 @@ fi %endif %if %{with base} -################################################################################ -%files -n %{product_id}-symkey -################################################################################ - -%license base/symkey/LICENSE -%{_jnidir}/symkey.jar -%{_libdir}/symkey/ - ################################################################################ %files -n %{product_id}-base ################################################################################ @@ -1064,7 +1022,7 @@ fi %{_mandir}/man8/pki-upgrade.8.gz ################################################################################ -%files -n %{product_id}-base-java +%files -n %{product_id}-java ################################################################################ %license base/common/LICENSE @@ -1092,14 +1050,15 @@ fi %license base/tools/LICENSE %doc base/tools/doc/README -%{_bindir}/p7tool %{_bindir}/p12tool +%{_bindir}/p7tool %{_bindir}/pistool %{_bindir}/pki %{_bindir}/revoker %{_bindir}/setpin %{_bindir}/sslget %{_bindir}/tkstool +%{_bindir}/tpsclient %{_bindir}/AtoB %{_bindir}/AuditVerify %{_bindir}/BtoA @@ -1126,6 +1085,7 @@ fi %{_javadir}/pki/pki-tools.jar %{_datadir}/pki/tools/ %{_datadir}/pki/lib/p11-kit-trust.so +%{_libdir}/tps/libtps.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz %{_mandir}/man1/BtoA.1.gz @@ -1156,6 +1116,7 @@ fi %{_mandir}/man1/pki-user-membership.1.gz %{_mandir}/man1/PKCS10Client.1.gz %{_mandir}/man1/PKICertImport.1.gz +%{_mandir}/man1/tpsclient.1.gz # with base %endif @@ -1290,14 +1251,6 @@ fi %{_datadir}/pki/tps/ %{_mandir}/man5/pki-tps-connector.5.gz %{_mandir}/man5/pki-tps-profile.5.gz -%{_mandir}/man1/tpsclient.1.gz - -# files for native 'tpsclient' -# REMINDER: Remove this comment once 'tpsclient' is rewritten as a Java app - -%{_bindir}/tpsclient -%{_libdir}/tps/libtps.so -%{_libdir}/tps/libtokendb.so # with tps %endif @@ -1326,7 +1279,7 @@ fi %if %{with theme} ################################################################################ -%files -n %{product_id}-server-theme +%files -n %{product_id}-theme ################################################################################ %license themes/%{theme}/common-ui/LICENSE @@ -1369,6 +1322,9 @@ fi ################################################################################ %changelog +* Mon Apr 18 2022 Red Hat PKI Team - 11.2.0-0.2.beta1 +- Rebase to PKI 11.2.0-beta1 + * Wed Jan 19 2022 Red Hat PKI Team - 11.0.3-1 - Bug #2033109 Invalid certificates with creation of subCA (pkispawn single step)[rhel-9.0.0] - Bug #2013141 kra-key-retrieve failed to accept xml input format to generate .p12 key through cli diff --git a/sources b/sources index 3c7c674..4e3115b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-11.0.3.tar.gz) = 20eb3e8c977df499140cda8f2238595fc89e8f0516147726712b1068b9ef915d074bcf9419dbf1fd2a60b8a706cc4fde8e53a4a3c6b9ca62b888a23acd5af170 +SHA512 (pki-11.2.0-beta1.tar.gz) = f7178276b5c465fb5adb13539dfe1eb8feae31aa8b46cd18d8b7f1036c283493a46aead186f5d2c5f0f5d24931b3fc4c7f6b33bc5c573fe41f657d840cf97330