import pki-core-11.0.0-0.6.beta1.el9_b
This commit is contained in:
commit
6eb1a207af
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/pki-11.0.0-beta1.tar.gz
|
1
.pki-core.metadata
Normal file
1
.pki-core.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
16b25f34cfa3690f5f2601a0be841586ca410b75 SOURCES/pki-11.0.0-beta1.tar.gz
|
@ -0,0 +1,70 @@
|
|||||||
|
From 1a7e9b493fc3cfbbd74ab9009fa840c5dcb55c8c Mon Sep 17 00:00:00 2001
|
||||||
|
From: jmagne <jmagne@redhat.com>
|
||||||
|
Date: Thu, 16 Sep 2021 15:48:37 -0700
|
||||||
|
Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server
|
||||||
|
in FIPS mode (RHEL-8.5) (#3742)
|
||||||
|
|
||||||
|
It looks like this is an issue in FIPS mode because when we restart the subsystem, there is a pki command
|
||||||
|
that runs before the server runs. In order for this command to succeed, we must alter the python script that
|
||||||
|
runs pki commands to add the following switch to turn off fips mode in java: "-Dcom.redhat.fips=false".
|
||||||
|
|
||||||
|
This allows the JSS proivder to be selected instead of a differnt one which doesn't work for us, when we are in
|
||||||
|
fips mode.
|
||||||
|
---
|
||||||
|
base/common/python/pki/cli/main.py | 11 ++++++++++-
|
||||||
|
base/common/share/etc/pki.conf | 10 ++++++++++
|
||||||
|
2 files changed, 20 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/base/common/python/pki/cli/main.py b/base/common/python/pki/cli/main.py
|
||||||
|
index b0ae6c6fc..bc215aaa4 100644
|
||||||
|
--- a/base/common/python/pki/cli/main.py
|
||||||
|
+++ b/base/common/python/pki/cli/main.py
|
||||||
|
@@ -98,6 +98,7 @@ class PKICLI(pki.cli.CLI):
|
||||||
|
|
||||||
|
java_path = os.getenv('PKI_JAVA_PATH')
|
||||||
|
java_home = os.getenv('JAVA_HOME')
|
||||||
|
+ java_fips_cmd = os.getenv('JAVA_FIPS_ENABLED')
|
||||||
|
pki_lib = os.getenv('PKI_LIB')
|
||||||
|
logging_config = os.getenv('PKI_LOGGING_CONFIG')
|
||||||
|
|
||||||
|
@@ -113,7 +114,15 @@ class PKICLI(pki.cli.CLI):
|
||||||
|
cmd.extend(['/usr/bin/env', 'java'])
|
||||||
|
|
||||||
|
cmd.extend([
|
||||||
|
- '-cp', pki_lib + '/*',
|
||||||
|
+ '-cp', pki_lib + '/*'
|
||||||
|
+ ])
|
||||||
|
+
|
||||||
|
+ if java_fips_cmd is not None:
|
||||||
|
+ cmd.extend([
|
||||||
|
+ java_fips_cmd
|
||||||
|
+ ])
|
||||||
|
+
|
||||||
|
+ cmd.extend([
|
||||||
|
'-Djava.util.logging.config.file=' + logging_config,
|
||||||
|
'com.netscape.cmstools.cli.MainCLI'
|
||||||
|
])
|
||||||
|
diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf
|
||||||
|
index 17615b042..fd40ece3b 100644
|
||||||
|
--- a/base/common/share/etc/pki.conf
|
||||||
|
+++ b/base/common/share/etc/pki.conf
|
||||||
|
@@ -14,6 +14,16 @@ export JAVA_HOME
|
||||||
|
PKI_JAVA_PATH=${PKI_JAVA_PATH}
|
||||||
|
export PKI_JAVA_PATH
|
||||||
|
|
||||||
|
+# JVM options
|
||||||
|
+#
|
||||||
|
+# Command switch we want to tell java to observer fips mode
|
||||||
|
+# For the moment we want this to be false even if we really are
|
||||||
|
+# in fips mode, because we want the jss prover instead of the sun
|
||||||
|
+# fips provider to be selected.
|
||||||
|
+JAVA_FIPS_ENABLED="-Dcom.redhat.fips=false" # Disable FIPS mode
|
||||||
|
+
|
||||||
|
+export JAVA_FIPS_ENABLED
|
||||||
|
+
|
||||||
|
# JNI jar file location
|
||||||
|
JNI_JAR_DIR=/usr/lib/java
|
||||||
|
export JNI_JAR_DIR
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
From 115778bf20812b271c81f19806332f14151dcb7d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jack Magne <jmagne@redhat.com>
|
||||||
|
Date: Thu, 23 Sep 2021 13:50:41 -0400
|
||||||
|
Subject: [PATCH] Fix Bug 2001576 - pki instance creation fails for IPA server
|
||||||
|
in FIPS mode (RHEL-8.5). Additional fix to this issue to account for our
|
||||||
|
standalone java tools.
|
||||||
|
|
||||||
|
---
|
||||||
|
base/tools/templates/pki_java_command_wrapper.in | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/base/tools/templates/pki_java_command_wrapper.in b/base/tools/templates/pki_java_command_wrapper.in
|
||||||
|
index 05650630d4..d68ed93a30 100644
|
||||||
|
--- a/base/tools/templates/pki_java_command_wrapper.in
|
||||||
|
+++ b/base/tools/templates/pki_java_command_wrapper.in
|
||||||
|
@@ -90,6 +90,7 @@ JAVA_OPTIONS=""
|
||||||
|
|
||||||
|
${JAVA} ${JAVA_OPTIONS} \
|
||||||
|
-cp "${PKI_LIB}/*" \
|
||||||
|
+ -Dcom.redhat.fips=false \
|
||||||
|
-Djava.util.logging.config.file=${PKI_LOGGING_CONFIG} \
|
||||||
|
com.netscape.cmstools.${COMMAND} "$@"
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
1397
SPECS/pki-core.spec
Normal file
1397
SPECS/pki-core.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user