import pki-core-10.11.2-4.module+el8.5.0+13827+5b1d191d
This commit is contained in:
parent
2e7f456c68
commit
5e63d40a69
|
@ -0,0 +1,217 @@
|
|||
From 8a8fc41a10ffb20e9e4902a9e9f74b2f05948b7a Mon Sep 17 00:00:00 2001
|
||||
From: "Endi S. Dewata" <edewata@redhat.com>
|
||||
Date: Wed, 3 Nov 2021 20:46:46 -0500
|
||||
Subject: [PATCH] Fix AJP connector migration
|
||||
|
||||
In commit e70373ab131aba810f318c1d917896392b49ff4b the AJP
|
||||
connector migration code for Tomcat 9.0.31 in pki-server
|
||||
migrate CLI was converted into an upgrade script that would
|
||||
run regardless of the Tomcat version, and this was causing
|
||||
a problem on platforms that only has older Tomcat versions.
|
||||
|
||||
To fix the problem, the upgrade script has been converted back
|
||||
into pki-server migrate, and it will check the Tomcat version
|
||||
before performing the migration. The server.xml has also been
|
||||
reverted to have the old AJP connectors by default.
|
||||
|
||||
Whenever the server is restarted the pki-server migrate will
|
||||
run so it can migrate the AJP connectors automatically in
|
||||
case Tomcat is upgraded to a newer version.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2029023
|
||||
---
|
||||
base/server/python/pki/server/cli/migrate.py | 61 +++++++++++++++++
|
||||
.../upgrade/10.11.0/04-UpdateAJPConnectors.py | 67 -------------------
|
||||
...lowLinking.py => 04-UpdateAllowLinking.py} | 0
|
||||
...UpdateJavaHome.py => 05-UpdateJavaHome.py} | 0
|
||||
base/tomcat-9.0/conf/server.xml | 4 +-
|
||||
5 files changed, 63 insertions(+), 69 deletions(-)
|
||||
delete mode 100644 base/server/upgrade/10.11.0/04-UpdateAJPConnectors.py
|
||||
rename base/server/upgrade/10.11.0/{05-UpdateAllowLinking.py => 04-UpdateAllowLinking.py} (100%)
|
||||
rename base/server/upgrade/10.11.0/{06-UpdateJavaHome.py => 05-UpdateJavaHome.py} (100%)
|
||||
|
||||
diff --git a/base/server/python/pki/server/cli/migrate.py b/base/server/python/pki/server/cli/migrate.py
|
||||
index 256b83c845..2005004c4e 100644
|
||||
--- a/base/server/python/pki/server/cli/migrate.py
|
||||
+++ b/base/server/python/pki/server/cli/migrate.py
|
||||
@@ -23,6 +23,7 @@ from __future__ import print_function
|
||||
|
||||
import getopt
|
||||
import logging
|
||||
+import re
|
||||
import sys
|
||||
|
||||
from lxml import etree
|
||||
@@ -96,9 +97,69 @@ class MigrateCLI(pki.cli.CLI):
|
||||
|
||||
instance.load()
|
||||
instance.init()
|
||||
+ instances = [instance]
|
||||
|
||||
else:
|
||||
instances = pki.server.instance.PKIInstance.instances()
|
||||
|
||||
for instance in instances:
|
||||
instance.init()
|
||||
+
|
||||
+ # update AJP connectors for Tomcat 9.0.31 or later
|
||||
+
|
||||
+ tomcat_version = pki.server.Tomcat.get_version()
|
||||
+ if tomcat_version >= pki.util.Version('9.0.31'):
|
||||
+
|
||||
+ for instance in instances:
|
||||
+ self.update_ajp_connectors(instance)
|
||||
+
|
||||
+ def update_ajp_connectors(self, instance):
|
||||
+
|
||||
+ logger.info('Updating AJP connectors in %s', instance.server_xml)
|
||||
+
|
||||
+ document = etree.parse(instance.server_xml, self.parser)
|
||||
+ server = document.getroot()
|
||||
+
|
||||
+ # replace 'requiredSecret' with 'secret' in comments
|
||||
+
|
||||
+ services = server.findall('Service')
|
||||
+ for service in services:
|
||||
+
|
||||
+ children = list(service)
|
||||
+ for child in children:
|
||||
+
|
||||
+ if not isinstance(child, etree._Comment): # pylint: disable=protected-access
|
||||
+ # not a comment -> skip
|
||||
+ continue
|
||||
+
|
||||
+ if 'protocol="AJP/1.3"' not in child.text:
|
||||
+ # not an AJP connector -> skip
|
||||
+ continue
|
||||
+
|
||||
+ child.text = re.sub(r'requiredSecret=',
|
||||
+ r'secret=',
|
||||
+ child.text,
|
||||
+ flags=re.MULTILINE)
|
||||
+
|
||||
+ # replace 'requiredSecret' with 'secret' in Connectors
|
||||
+
|
||||
+ connectors = server.findall('Service/Connector')
|
||||
+ for connector in connectors:
|
||||
+
|
||||
+ if connector.get('protocol') != 'AJP/1.3':
|
||||
+ # not an AJP connector -> skip
|
||||
+ continue
|
||||
+
|
||||
+ if connector.get('secret'):
|
||||
+ # already has a 'secret' -> skip
|
||||
+ continue
|
||||
+
|
||||
+ if connector.get('requiredSecret') is None:
|
||||
+ # does not have a 'requiredSecret' -> skip
|
||||
+ continue
|
||||
+
|
||||
+ value = connector.attrib.pop('requiredSecret')
|
||||
+ connector.set('secret', value)
|
||||
+
|
||||
+ with open(instance.server_xml, 'wb') as f:
|
||||
+ document.write(f, pretty_print=True, encoding='utf-8')
|
||||
diff --git a/base/server/upgrade/10.11.0/04-UpdateAJPConnectors.py b/base/server/upgrade/10.11.0/04-UpdateAJPConnectors.py
|
||||
deleted file mode 100644
|
||||
index 6e7bbdae24..0000000000
|
||||
--- a/base/server/upgrade/10.11.0/04-UpdateAJPConnectors.py
|
||||
+++ /dev/null
|
||||
@@ -1,67 +0,0 @@
|
||||
-#
|
||||
-# Copyright Red Hat, Inc.
|
||||
-#
|
||||
-# SPDX-License-Identifier: GPL-2.0-or-later
|
||||
-#
|
||||
-from __future__ import absolute_import
|
||||
-import logging
|
||||
-from lxml import etree
|
||||
-import re
|
||||
-
|
||||
-import pki
|
||||
-
|
||||
-logger = logging.getLogger(__name__)
|
||||
-
|
||||
-
|
||||
-class UpdateAJPConnectors(pki.server.upgrade.PKIServerUpgradeScriptlet):
|
||||
-
|
||||
- def __init__(self):
|
||||
- super(UpdateAJPConnectors, self).__init__()
|
||||
- self.message = 'Update AJP connectors in server.xml'
|
||||
-
|
||||
- self.parser = etree.XMLParser(remove_blank_text=True)
|
||||
-
|
||||
- def upgrade_instance(self, instance):
|
||||
-
|
||||
- logger.info('Updating %s', instance.server_xml)
|
||||
- self.backup(instance.server_xml)
|
||||
-
|
||||
- document = etree.parse(instance.server_xml, self.parser)
|
||||
- server = document.getroot()
|
||||
-
|
||||
- logger.info('Renaming requiredSecret to secret')
|
||||
-
|
||||
- services = server.findall('Service')
|
||||
- for service in services:
|
||||
-
|
||||
- children = list(service)
|
||||
- for child in children:
|
||||
-
|
||||
- if isinstance(child, etree._Comment): # pylint: disable=protected-access
|
||||
- if 'protocol="AJP/1.3"' in child.text:
|
||||
- child.text = re.sub(r'requiredSecret=',
|
||||
- r'secret=',
|
||||
- child.text,
|
||||
- flags=re.MULTILINE)
|
||||
-
|
||||
- connectors = server.findall('Service/Connector')
|
||||
- for connector in connectors:
|
||||
-
|
||||
- if connector.get('protocol') != 'AJP/1.3':
|
||||
- # Only modify AJP connectors.
|
||||
- continue
|
||||
-
|
||||
- if connector.get('secret'):
|
||||
- # Nothing to migrate because the secret attribute already
|
||||
- # exists.
|
||||
- continue
|
||||
-
|
||||
- if connector.get('requiredSecret') is None:
|
||||
- # No requiredSecret field either; nothing to do.
|
||||
- continue
|
||||
-
|
||||
- connector.set('secret', connector.get('requiredSecret'))
|
||||
- connector.attrib.pop('requiredSecret', None)
|
||||
-
|
||||
- with open(instance.server_xml, 'wb') as f:
|
||||
- document.write(f, pretty_print=True, encoding='utf-8')
|
||||
diff --git a/base/server/upgrade/10.11.0/05-UpdateAllowLinking.py b/base/server/upgrade/10.11.0/04-UpdateAllowLinking.py
|
||||
similarity index 100%
|
||||
rename from base/server/upgrade/10.11.0/05-UpdateAllowLinking.py
|
||||
rename to base/server/upgrade/10.11.0/04-UpdateAllowLinking.py
|
||||
diff --git a/base/server/upgrade/10.11.0/06-UpdateJavaHome.py b/base/server/upgrade/10.11.0/05-UpdateJavaHome.py
|
||||
similarity index 100%
|
||||
rename from base/server/upgrade/10.11.0/06-UpdateJavaHome.py
|
||||
rename to base/server/upgrade/10.11.0/05-UpdateJavaHome.py
|
||||
diff --git a/base/tomcat-9.0/conf/server.xml b/base/tomcat-9.0/conf/server.xml
|
||||
index 528300fd27..d6f3bb7ff0 100644
|
||||
--- a/base/tomcat-9.0/conf/server.xml
|
||||
+++ b/base/tomcat-9.0/conf/server.xml
|
||||
@@ -190,12 +190,12 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
|
||||
protocol="AJP/1.3"
|
||||
redirectPort="[PKI_AJP_REDIRECT_PORT]"
|
||||
address="[PKI_AJP_HOST_IPv4]"
|
||||
- secret="[PKI_AJP_SECRET]" />
|
||||
+ requiredSecret="[PKI_AJP_SECRET]" />
|
||||
<Connector port="[PKI_AJP_PORT]"
|
||||
protocol="AJP/1.3"
|
||||
redirectPort="[PKI_AJP_REDIRECT_PORT]"
|
||||
address="[PKI_AJP_HOST_IPv6]"
|
||||
- secret="[PKI_AJP_SECRET]" />
|
||||
+ requiredSecret="[PKI_AJP_SECRET]" />
|
||||
[PKI_CLOSE_AJP_PORT_COMMENT]
|
||||
|
||||
|
||||
--
|
||||
2.33.1
|
||||
|
|
@ -0,0 +1,289 @@
|
|||
From 5d377f31292da71f6ec4a29b13a66a9bea967102 Mon Sep 17 00:00:00 2001
|
||||
From: "Endi S. Dewata" <edewata@redhat.com>
|
||||
Date: Tue, 2 Nov 2021 14:46:02 -0500
|
||||
Subject: [PATCH] Fix replica reinstallation
|
||||
|
||||
The pkispawn and pkidestroy have been modified to ignore
|
||||
failures caused by adding an entry or attribute that is
|
||||
already exists and to check whether a file exists before
|
||||
removing it during replica removal and reinstallation.
|
||||
|
||||
One of the CA clone tests has been modified to test
|
||||
removing and reinstalling a replica.
|
||||
|
||||
Resolves: https://github.com/dogtagpki/pki/issues/3544
|
||||
---
|
||||
.github/workflows/ca-tests.yml | 11 ++
|
||||
.../python/pki/server/deployment/__init__.py | 39 +++++--
|
||||
.../scriptlets/webapp_deployment.py | 19 +--
|
||||
.../cms/servlet/csadmin/LDAPConfigurator.java | 110 +++++++++++-------
|
||||
4 files changed, 116 insertions(+), 63 deletions(-)
|
||||
|
||||
diff --git a/.github/workflows/ca-tests.yml b/.github/workflows/ca-tests.yml
|
||||
index 4832e73c65..fffcb9c3e4 100644
|
||||
--- a/.github/workflows/ca-tests.yml
|
||||
+++ b/.github/workflows/ca-tests.yml
|
||||
@@ -1137,6 +1137,17 @@ jobs:
|
||||
--pkcs12-password-file ${PKIDIR}/pkcs12_password.conf
|
||||
docker exec secondary pki -n caadmin ca-user-show caadmin
|
||||
|
||||
+ - name: Remove CA from secondary PKI container
|
||||
+ run: |
|
||||
+ docker exec secondary pkidestroy -i pki-tomcat -s CA -v
|
||||
+
|
||||
+ - name: Re-install CA in secondary PKI container
|
||||
+ run: |
|
||||
+ docker exec secondary pkispawn \
|
||||
+ -f /usr/share/pki/server/examples/installation/ca-secure-ds-secondary.cfg \
|
||||
+ -s CA \
|
||||
+ -v
|
||||
+
|
||||
- name: Gather artifacts from primary container
|
||||
if: always()
|
||||
run: |
|
||||
diff --git a/base/server/python/pki/server/deployment/__init__.py b/base/server/python/pki/server/deployment/__init__.py
|
||||
index 6eb5b0a78a..d179718dd6 100644
|
||||
--- a/base/server/python/pki/server/deployment/__init__.py
|
||||
+++ b/base/server/python/pki/server/deployment/__init__.py
|
||||
@@ -1074,26 +1074,41 @@ class PKIDeployer:
|
||||
secure_port = server_config.get_secure_port()
|
||||
|
||||
uid = 'CA-%s-%s' % (self.mdict['pki_hostname'], secure_port)
|
||||
-
|
||||
logger.info('Adding %s', uid)
|
||||
- subsystem.add_user(
|
||||
- uid,
|
||||
- full_name=uid,
|
||||
- user_type='agentType',
|
||||
- state='1')
|
||||
|
||||
- logger.info('Adding subsystem certificate into %s', uid)
|
||||
+ try:
|
||||
+ subsystem.add_user(
|
||||
+ uid,
|
||||
+ full_name=uid,
|
||||
+ user_type='agentType',
|
||||
+ state='1')
|
||||
+ except Exception: # pylint: disable=W0703
|
||||
+ logger.warning('Unable to add %s', uid)
|
||||
+ # TODO: ignore error only if user already exists
|
||||
+
|
||||
cert_data = pki.nssdb.convert_cert(
|
||||
cert['data'],
|
||||
'base64',
|
||||
'pem')
|
||||
- subsystem.add_user_cert(
|
||||
- uid,
|
||||
- cert_data=cert_data.encode(),
|
||||
- cert_format='PEM')
|
||||
+
|
||||
+ logger.info('Adding certificate for %s', uid)
|
||||
+
|
||||
+ try:
|
||||
+ subsystem.add_user_cert(
|
||||
+ uid,
|
||||
+ cert_data=cert_data.encode(),
|
||||
+ cert_format='PEM')
|
||||
+ except Exception: # pylint: disable=W0703
|
||||
+ logger.warning('Unable to add certificate for %s', uid)
|
||||
+ # TODO: ignore error only if user cert already exists
|
||||
|
||||
logger.info('Adding %s into Subsystem Group', uid)
|
||||
- subsystem.add_group_member('Subsystem Group', uid)
|
||||
+
|
||||
+ try:
|
||||
+ subsystem.add_group_member('Subsystem Group', uid)
|
||||
+ except Exception: # pylint: disable=W0703
|
||||
+ logger.warning('Unable to add %s into Subsystem Group', uid)
|
||||
+ # TODO: ignore error only if user already exists in the group
|
||||
|
||||
def backup_keys(self, instance, subsystem):
|
||||
|
||||
diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py
|
||||
index 342477028a..f9e73fd069 100644
|
||||
--- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py
|
||||
+++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py
|
||||
@@ -60,12 +60,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
|
||||
|
||||
logger.info('Undeploying /%s web application', deployer.mdict['pki_subsystem'].lower())
|
||||
|
||||
- # Delete <instance>/Catalina/localhost/<subsystem>.xml
|
||||
- pki.util.remove(
|
||||
- path=os.path.join(
|
||||
- deployer.mdict['pki_instance_configuration_path'],
|
||||
- "Catalina",
|
||||
- "localhost",
|
||||
- deployer.mdict['pki_subsystem'].lower() + ".xml"),
|
||||
- force=deployer.mdict['pki_force_destroy']
|
||||
- )
|
||||
+ # Delete <instance>/Catalina/localhost/<subsystem>.xml if exists
|
||||
+
|
||||
+ context_xml = os.path.join(
|
||||
+ deployer.mdict['pki_instance_configuration_path'],
|
||||
+ 'Catalina',
|
||||
+ 'localhost',
|
||||
+ deployer.mdict['pki_subsystem'].lower() + '.xml')
|
||||
+
|
||||
+ if os.path.exists(context_xml):
|
||||
+ pki.util.remove(context_xml)
|
||||
diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java
|
||||
index 651d166321..1e0364cfea 100644
|
||||
--- a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java
|
||||
+++ b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/LDAPConfigurator.java
|
||||
@@ -661,26 +661,35 @@ public class LDAPConfigurator {
|
||||
|
||||
try {
|
||||
connection.add(entry);
|
||||
+ // replication manager added -> done
|
||||
+ return;
|
||||
|
||||
} catch (LDAPException e) {
|
||||
- if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
|
||||
- logger.warn("Entry already exists: " + dn);
|
||||
+ if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
|
||||
+ logger.error("Unable to add " + dn + ": " + e.getMessage(), e);
|
||||
+ throw e;
|
||||
+ }
|
||||
+ logger.warn("Replication manager already exists: " + dn);
|
||||
+ }
|
||||
|
||||
- try {
|
||||
- logger.info("Deleting " + dn);
|
||||
- connection.delete(dn);
|
||||
+ logger.warn("Deleting existing replication manager: " + dn);
|
||||
|
||||
- logger.info("Re-adding " + dn);
|
||||
- connection.add(entry);
|
||||
+ try {
|
||||
+ connection.delete(dn);
|
||||
|
||||
- } catch (LDAPException ee) {
|
||||
- logger.warn("Unable to recreate " + dn + ": " + ee.getMessage());
|
||||
- }
|
||||
+ } catch (LDAPException e) {
|
||||
+ logger.error("Unable to delete " + dn + ": " + e.getMessage());
|
||||
+ throw e;
|
||||
+ }
|
||||
|
||||
- } else {
|
||||
- logger.error("Unable to add " + dn + ": " + e.getMessage(), e);
|
||||
- throw e;
|
||||
- }
|
||||
+ logger.warn("Adding new replication manager: " + dn);
|
||||
+
|
||||
+ try {
|
||||
+ connection.add(entry);
|
||||
+
|
||||
+ } catch (LDAPException e) {
|
||||
+ logger.error("Unable to add " + dn + ": " + e.getMessage());
|
||||
+ throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -799,28 +808,41 @@ public class LDAPConfigurator {
|
||||
|
||||
try {
|
||||
connection.add(entry);
|
||||
+ // replica object added -> done
|
||||
+ return true;
|
||||
|
||||
} catch (LDAPException e) {
|
||||
-
|
||||
if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
|
||||
+ logger.error("Unable to add " + replicaDN + ": " + e.getMessage(), e);
|
||||
throw e;
|
||||
}
|
||||
+ logger.warn("Replica object already exists: " + replicaDN);
|
||||
+ }
|
||||
+
|
||||
+ logger.info("Adding replica bind DN");
|
||||
|
||||
- // BZ 470918: We can't just add the new dn.
|
||||
- // We need to do a replace until the bug is fixed.
|
||||
- logger.warn("Entry already exists, adding bind DN");
|
||||
+ // BZ 470918: We can't just add the new dn.
|
||||
+ // We need to do a replace until the bug is fixed.
|
||||
|
||||
- entry = connection.read(replicaDN);
|
||||
- LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
|
||||
- attr.addValue(bindDN);
|
||||
+ entry = connection.read(replicaDN);
|
||||
+ LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
|
||||
+ attr.addValue(bindDN);
|
||||
|
||||
- LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
|
||||
+ LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
|
||||
+
|
||||
+ try {
|
||||
connection.modify(replicaDN, mod);
|
||||
+ // replica bind DN added -> done
|
||||
|
||||
- return false;
|
||||
+ } catch (LDAPException e) {
|
||||
+ if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
|
||||
+ logger.error("Unable to add " + bindDN + ": " + e.getMessage(), e);
|
||||
+ throw e;
|
||||
+ }
|
||||
+ logger.warn("Replica bind DN already exists: " + bindDN);
|
||||
}
|
||||
|
||||
- return true;
|
||||
+ return false;
|
||||
}
|
||||
|
||||
public void createReplicationAgreement(
|
||||
@@ -864,29 +886,33 @@ public class LDAPConfigurator {
|
||||
|
||||
try {
|
||||
connection.add(entry);
|
||||
+ // replication agreement added -> done
|
||||
+ return;
|
||||
|
||||
} catch (LDAPException e) {
|
||||
- if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
|
||||
- logger.warn("Entry already exists: " + dn);
|
||||
-
|
||||
- try {
|
||||
- connection.delete(dn);
|
||||
- } catch (LDAPException ee) {
|
||||
- logger.error("Unable to delete " + dn + ": " + ee.getMessage(), ee);
|
||||
- throw ee;
|
||||
- }
|
||||
-
|
||||
- try {
|
||||
- connection.add(entry);
|
||||
- } catch (LDAPException ee) {
|
||||
- logger.error("Unable to add " + dn + ": " + ee.getMessage(), ee);
|
||||
- throw ee;
|
||||
- }
|
||||
-
|
||||
- } else {
|
||||
+ if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
|
||||
logger.error("Unable to add " + dn + ": " + e.getMessage(), e);
|
||||
throw e;
|
||||
}
|
||||
+ logger.warn("Replication agreement already exists: " + dn);
|
||||
+ }
|
||||
+
|
||||
+ logger.warn("Removing existing replication agreement: " + dn);
|
||||
+
|
||||
+ try {
|
||||
+ connection.delete(dn);
|
||||
+ } catch (LDAPException e) {
|
||||
+ logger.error("Unable to delete " + dn + ": " + e.getMessage(), e);
|
||||
+ throw e;
|
||||
+ }
|
||||
+
|
||||
+ logger.warn("Adding new replication agreement: " + dn);
|
||||
+
|
||||
+ try {
|
||||
+ connection.add(entry);
|
||||
+ } catch (LDAPException e) {
|
||||
+ logger.error("Unable to add " + dn + ": " + e.getMessage(), e);
|
||||
+ throw e;
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -13,7 +13,7 @@ License: GPLv2 and LGPLv2
|
|||
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
|
||||
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
|
||||
Version: 10.11.2
|
||||
Release: 2%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
Release: 4%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
#global _phase -alpha1
|
||||
|
||||
# To create a tarball from a version tag:
|
||||
|
@ -31,6 +31,8 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
|
|||
# > pki-VERSION-RELEASE.patch
|
||||
# Patch: pki-VERSION-RELEASE.patch
|
||||
Patch1: 0001-Fix-Bug-2001576-pki-instance-creation-fails-for-IPA-.patch
|
||||
Patch2: 0001-Fix-replica-reinstallation.patch
|
||||
Patch3: 0001-Fix-AJP-connector-migration.patch
|
||||
|
||||
# md2man isn't available on i686. Additionally, we aren't generally multi-lib
|
||||
# compatible (https://fedoraproject.org/wiki/Packaging:Java)
|
||||
|
@ -1363,6 +1365,12 @@ fi
|
|||
|
||||
################################################################################
|
||||
%changelog
|
||||
* Tue Jan 04 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.2-4
|
||||
- Bug 2029023 - Fix AJP connector migration
|
||||
|
||||
* Tue Dec 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.2-3
|
||||
- Bug 2024676 - Unable to reinstall PKI clone
|
||||
|
||||
* Fri Sep 24 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.2-2
|
||||
- Bug 2001576 - pki instance creation fails for IPA in FIPS mode
|
||||
|
||||
|
|
Loading…
Reference in New Issue