rpms
/
pki-core
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to PKI 11.0.0-alpha1 

Resolves: #1975905
This commit is contained in:
Endi S. Dewata 2021-06-25 19:26:18 -05:00
parent 25ef15b937
commit c52edc300e
3 changed files with 61 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -81,3 +81,4 @@
/pki-10.10.3.tar.gz
/pki-10.10.5.tar.gz
/pki-10.11.0-alpha1.tar.gz
/pki-11.0.0-alpha1.tar.gz

244
pki-core.spec
View File

@ -12,8 +12,8 @@ License: GPLv2 and LGPLv2
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
Version: 10.11.0
Release: 0.2.alpha1%{?_timestamp}%{?_commit_id}%{?dist}
Version: 11.0.0
Release: 0.1.alpha1%{?_timestamp}%{?_commit_id}%{?dist}
%global _phase -alpha1
# To create a tarball from a version tag:
@ -59,16 +59,9 @@ ExcludeArch: i686
# Java
################################################################################
%define java_devel java-devel
%define java_headless java-headless
%if 0%{?fedora} >= 33 || 0%{?rhel} > 8
%define min_java_version 1:11
%define java_home /usr/lib/jvm/java-11-openjdk
%else
%define min_java_version 1:1.8.0
%define java_home /usr/lib/jvm/java-1.8.0-openjdk
%endif
%define java_devel java-11-openjdk-devel
%define java_headless java-11-openjdk-headless
%define java_home /usr/lib/jvm/jre-11-openjdk
################################################################################
# RESTEasy
@ -81,11 +74,11 @@ ExcludeArch: i686
# PKI
################################################################################
# By default the build will execute unit tests unless --without test
# option is specified.
# Execute unit tests unless --without test is specified.
%bcond_without test
# bcond_without test
%global with_test 1
# Don't build console unless --with console is specified.
%bcond_with console
# By default all packages will be built except the ones specified with
# --without <package> option (exclusion method).
@ -122,12 +115,11 @@ ExcludeArch: i686
# package_option tks
# package_option tps
# package_option javadoc
# package_option console
# package_option theme
# package_option meta
# package_option tests
%global with_tests 1
# package_option debug
%global with_debug 1
%if ! %{with debug}
%define debug_package %{nil}
@ -170,21 +162,18 @@ fi;
# Build Dependencies
################################################################################
# autosetup
BuildRequires: git
BuildRequires: make
BuildRequires: cmake >= 3.0.2
BuildRequires: gcc-c++
BuildRequires: zip
BuildRequires: %java_devel >= %{min_java_version}
BuildRequires: %{java_devel}
BuildRequires: javapackages-tools
BuildRequires: redhat-rpm-config
BuildRequires: ldapjdk >= 4.22.0
BuildRequires: apache-commons-cli
BuildRequires: apache-commons-codec
BuildRequires: apache-commons-io
BuildRequires: apache-commons-lang3 >= 3.2
BuildRequires: apache-commons-logging
BuildRequires: apache-commons-net
BuildRequires: glassfish-jaxb-api
BuildRequires: slf4j
@ -202,17 +191,7 @@ BuildRequires: python3-sphinx
BuildRequires: xalan-j2
BuildRequires: xerces-j2
%if 0%{?rhel} && ! 0%{?eln}
BuildRequires: resteasy >= 3.0.26
%else
BuildRequires: jboss-annotations-1.2-api
BuildRequires: jboss-jaxrs-2.0-api
BuildRequires: jboss-logging
BuildRequires: resteasy-client >= 3.0.17-1
BuildRequires: resteasy-jaxb-provider >= 3.0.17-1
BuildRequires: resteasy-core >= 3.0.17-1
BuildRequires: resteasy-jackson2-provider >= 3.0.17-1
%endif
BuildRequires: python3 >= 3.5
BuildRequires: python3-devel
@ -226,8 +205,9 @@ BuildRequires: python3-six
BuildRequires: junit
BuildRequires: jpackage-utils >= 0:1.7.5-10
BuildRequires: jss >= 4.9.0
BuildRequires: tomcatjss >= 7.6.1
BuildRequires: jss >= 5.0.0
BuildRequires: tomcatjss >= 8.0.0
BuildRequires: ldapjdk >= 5.0.0
BuildRequires: systemd-units
@ -296,7 +276,9 @@ Summary: %{brand} PKI Package
# Make certain that this 'meta' package requires the latest version(s)
# of ALL PKI theme packages
Requires: %{vendor_id}-pki-server-theme = %{version}
%if %{with console}
Requires: %{vendor_id}-pki-console-theme = %{version}
%endif
# Make certain that this 'meta' package requires the latest version(s)
# of ALL PKI core packages
@ -309,7 +291,9 @@ Requires: pki-tps = %{version}
# Make certain that this 'meta' package requires the latest version(s)
# of PKI console
%if %{with console}
Requires: pki-console = %{version}
%endif
Requires: pki-javadoc = %{version}
# Make certain that this 'meta' package requires the latest version(s)
@ -347,16 +331,18 @@ PKI consists of the following components:
Summary: PKI Symmetric Key Package
Requires: %java_headless >= %{min_java_version}
Requires: %{java_headless}
Requires: jpackage-utils >= 0:1.7.5-10
Requires: jss >= 4.9.0
Requires: jss >= 5.0.0
Requires: nss >= 3.38.0
# Ensure we end up with a useful installation
Conflicts: pki-symkey < %{version}
Conflicts: pki-javadoc < %{version}
Conflicts: pki-server-theme < %{version}
%if %{with console}
Conflicts: pki-console-theme < %{version}
%endif
%description -n pki-symkey
The PKI Symmetric Key Java Package supplies various native
@ -378,7 +364,9 @@ Requires(post): python3-pki = %{version}-%{release}
Conflicts: pki-symkey < %{version}
Conflicts: pki-javadoc < %{version}
Conflicts: pki-server-theme < %{version}
%if %{with console}
Conflicts: pki-console-theme < %{version}
%endif
%description -n pki-base
The PKI Base Package contains the common and client libraries and utilities
@ -415,7 +403,7 @@ This package contains PKI client library for Python 3.
Summary: PKI Base Java Package
BuildArch: noarch
Requires: %java_headless >= %{min_java_version}
Requires: %{java_headless}
Requires: apache-commons-cli
Requires: apache-commons-codec
Requires: apache-commons-io
@ -426,8 +414,8 @@ Requires: glassfish-jaxb-api
Requires: slf4j
Requires: slf4j-jdk14
Requires: jpackage-utils >= 0:1.7.5-10
Requires: jss >= 4.9.0
Requires: ldapjdk >= 4.22.0
Requires: jss >= 5.0.0
Requires: ldapjdk >= 5.0.0
Requires: pki-base = %{version}-%{release}
%if 0%{?rhel} && 0%{?rhel} <= 8
@ -441,7 +429,6 @@ Requires: resteasy-jackson2-provider >= 3.0.17-1
%if 0%{?fedora} >= 33 || 0%{?rhel} > 8
Requires: jaxb-impl >= 2.3.3
Requires: jakarta-activation >= 1.2.2
%endif
Requires: xalan-j2
@ -513,7 +500,7 @@ Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(pre): shadow-utils
Requires: tomcatjss >= 7.6.1
Requires: tomcatjss >= 8.0.0
# pki-healthcheck depends on the following library
%if 0%{?rhel}
@ -739,7 +726,9 @@ BuildArch: noarch
Conflicts: pki-base < %{version}
Conflicts: pki-symkey < %{version}
Conflicts: pki-server-theme < %{version}
%if %{with console}
Conflicts: pki-console-theme < %{version}
%endif
%description -n pki-javadoc
This package contains PKI API documentation.
@ -780,13 +769,16 @@ Provides: pki-server-theme = %{version}
# Ensure we end up with a useful installation
Conflicts: pki-base < %{version}
Conflicts: pki-symkey < %{version}
%if %{with console}
Conflicts: pki-console-theme < %{version}
%endif
Conflicts: pki-javadoc < %{version}
%description -n %{vendor_id}-pki-server-theme
This PKI Server Theme Package contains
%{brand} textual and graphical user interface for PKI Server.
%if %{with console}
################################################################################
%package -n %{vendor_id}-pki-console-theme
################################################################################
@ -806,6 +798,9 @@ Conflicts: pki-javadoc < %{version}
This PKI Console Theme Package contains
%{brand} textual and graphical user interface for PKI Console.
# with console
%endif
# with theme
%endif
@ -827,7 +822,7 @@ This package contains PKI test suite.
%prep
################################################################################
%autosetup -n pki-%{version}%{?_phase} -p 1 -S git
%autosetup -n pki-%{version}%{?_phase} -p 1
################################################################################
%build
@ -854,8 +849,8 @@ cd build
-DVAR_INSTALL_DIR:PATH=/var \
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
-DJAVA_VERSION=${java_version} \
-DJAVA_HOME=%java_home \
-DPKI_JAVA_PATH=%java_home/bin/java \
-DJAVA_HOME=%{java_home} \
-DPKI_JAVA_PATH=%{java_home}/bin/java \
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
-DAPP_SERVER=$app_server \
@ -914,7 +909,7 @@ cd %{_vpath_builddir}
--no-print-directory \
install
%if %{with_test}
%if %{with test}
ctest --output-on-failure
%endif
@ -931,14 +926,22 @@ EOF
# Customize client library links in /usr/share/pki/lib
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar
%if 0%{?fedora} && 0%{?fedora} <= 34
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar
%else
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/lib/jakarta.annotation-api.jar
%endif
%if %{with server}
# Customize server common library links in /usr/share/pki/server/common/lib
ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar
%if 0%{?fedora} && 0%{?fedora} <= 34
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
%else
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/server/common/lib/jakarta.annotation-api.jar
%endif
# with server
%endif
@ -989,6 +992,10 @@ fi
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
## PKI deployment process
# CVE-2021-3551
# Remove world access from existing installation logs
find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
# Reload systemd daemons on upgrade only
if [ "$1" == "2" ]
then
@ -1337,6 +1344,7 @@ fi
%{_datadir}/pki/server/webapps/pki/pki.properties
%{_datadir}/pki/server/webapps/pki/tks
%if %{with console}
################################################################################
%files -n %{vendor_id}-pki-console-theme
################################################################################
@ -1344,6 +1352,9 @@ fi
%license themes/%{vendor_id}/console-ui/LICENSE
%{_javadir}/pki/pki-console-theme.jar
# with console
%endif
# with theme
%endif
@ -1359,142 +1370,5 @@ fi
################################################################################
%changelog
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 10.11.0-0.2.alpha1
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue May 18 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.1
- Rebase to PKI 10.11.0-alpha1
* Thu Apr 29 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.5-9
- Disable non-core packages
* Wed Apr 28 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.5-8
- Add DT_RPATH waiver
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> 10.10.5-7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Mar 12 2021 Dogtag PKI Team <pki-devel@redhat.com> 10.10.5-6
- Drop i686 due to lack of md2man and multilib Java
* Fri Mar 12 2021 Dogtag PKI Team <pki-devel@redhat.com> 10.10.5-5
- Fix renewal profile approval process
Resolves: CVE-2021-20179
* Thu Mar 11 2021 Dogtag PKI Team <pki-devel@redhat.com> 10.10.5-4
- Use JDK 11 for ELN and RHEL 9 builds
* Wed Mar 10 2021 Dogtag PKI Team <pki-devel@redhat.com> 10.10.5-3
- Drop dependency on esc for s390(x) architectures
* Wed Mar 10 2021 Dogtag PKI Team <pki-devel@redhat.com> 10.10.5-2
- Use tomcat instead of pki-servlet-engine in ELN
* Thu Feb 25 2021 Alexander Scheel <ascheel@redhat.com> 10.10.5-1
- Update to latest stable release 10.10.5
Resolves: rh-bz#1929940
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> 10.10.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 19 2021 Alexander Scheel <ascheel@redhat.com> 10.10.3-3
- Sync spec between upstream and Fedora
* Tue Jan 19 2021 Alexander Scheel <ascheel@redhat.com> 10.10.3-2
- Remove dependency on jakarta-commons-httpclient
* Thu Jan 14 2021 Dogtag PKI Team <pki-devel@redhat.com> 10.10.3-1
- Rebase to upstream stable v10.10.3-1 release
* Thu Nov 05 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.10.0-2
- Add missing pki-acme package
- Add workaround for missing capture_output in Python 3.6
- Fix JSS initialization in pki-server <subsystem>-user-cert-add
- Fix NPE in UGSubsystem.findUsersByKeyword()
* Wed Oct 28 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.10.0-1
- Rebase to upstream stable v10.10.0-1 release
* Thu Oct 22 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.10.0-0.2
- Rebase to upstream beta v10.10.0-b2 release
* Fri Sep 18 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.4-3
- Fix issue with JAXB JAR linking -- update .spec file
* Fri Sep 18 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.4-2
- Fix issue with JAXB JAR linking
* Fri Sep 11 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.4-1
- Rebase to stable upstream v10.9.4 release
* Tue Sep 08 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.2-3
- Fix Fedora 31/32 to Fedora 33/rawhide upgrade path
Resolves: rh-bz#1871990
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.2-2
- Fix permission issue during clone installation; reported by FreeIPA
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.2-1
- Second attempt at JDK11 Support
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.1-3
- Force JDK8 at runtime as well
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.1-2
- Rebuilt to fix packaging issues introduced upstream
* Mon Aug 17 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.1-1
- Rebuilt with v10.9.1 and patches to fix JDK11 build issues
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> 10.9.0-0.7
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> 10.9.0-0.6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 20 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.0-0.5
- Rebuild -b2 with Java 11 changes
* Tue Jun 30 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.0-0.4
- Rebase to match upstream beta version v10.9.0-b2
- pki password fix for FIPS
* Wed Jun 10 2020 Dogtag PKI Team <pki-devel@redhat.com> 10.9.0-0.2
- Rebase to match upstream alpha version 10.9.0-a2
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> 10.8.3-3
- Rebuilt for Python 3.9
* Mon Apr 27 2020 Dinesh Prasanth M K <dmoluguw@redhat.com> 10.8.3-2
- Fix bz#1814242 / dogtag issue #3168: Fix EC admin certificate profile upgrade
* Thu Mar 05 2020 Dinesh Prasanth M K <dmoluguw@redhat.com> 10.8.3-1
- Rebase to latest upstream version
- Spec cleanup to match with upstream spec
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> 10.7.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> 10.7.3-5
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> 10.7.3-4
- Rebuilt for Python 3.8
* Wed Aug 14 2019 Dogtag PKI Team <pki-devel@redhat.com> 10.7.3-3
- Rebuild with patches applied
* Wed Aug 14 2019 Dogtag PKI Team <pki-devel@redhat.com> 10.7.3-2
- Fix URL redirection for KRA and OCSP web UI
* Thu Aug 08 2019 Dogtag PKI Team <pki-devel@redhat.com> 10.7.3-1
- Rebased to PKI 10.7.3
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> 10.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon May 06 2019 Dogtag PKI Team <pki-devel@redhat.com> 10.7.0-1
- Rebased to PKI 10.7.0
* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.0-0.1
- Rebase to PKI 11.0.0-alpha1

2
sources
View File

@ -1 +1 @@
SHA512 (pki-10.11.0-alpha1.tar.gz) = 4f4c9b29dc9126c91de9258063f370a05591447cbae76109e6841bdb2ea502994e945a4dd9d00ee85d3b783021b25a7bb243acc060b88901eb4e6b4c01c4f7db
SHA512 (pki-11.0.0-alpha1.tar.gz) = 7dd458897d63a2aaba7e8cf62f74537cc7ba7798b5a5f6df5b6b3bee15ff00e1f6397540a23556eb25e86da3562d9723f66a14c619c25014e542a664023769d5