import pki-core-10.11.0-2.module+el8.5.0+12220+9cc212a8
This commit is contained in:
parent
58a736a6e9
commit
dcef74eaef
|
@ -1 +1 @@
|
||||||
SOURCES/pki-10.10.4.tar.gz
|
SOURCES/pki-10.11.0.tar.gz
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
d50ec310c6584bd0eb1448b6d40614954827a73d SOURCES/pki-10.10.4.tar.gz
|
f125333c7e88d7aae11f51527681018319bba19c SOURCES/pki-10.11.0.tar.gz
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
From 63cf2895f5d5a37bb09f3e889b8584b0bb0dce06 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christina Fu <cfu@redhat.com>
|
||||||
|
Date: Wed, 11 Aug 2021 09:19:59 -0700
|
||||||
|
Subject: [PATCH] Bug 1992337 - Double issuance of non-CA subsystem certs at
|
||||||
|
installation
|
||||||
|
|
||||||
|
This patch removes an extra profile.submit() call that was accidentally left
|
||||||
|
off during manual cherry-picking of another bug (1905374):
|
||||||
|
commit 8e78a2b912e7c3bd015e4da1f1630d0f35145104 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH)
|
||||||
|
|
||||||
|
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1905374
|
||||||
|
---
|
||||||
|
.../main/java/com/netscape/cms/servlet/cert/CertProcessor.java | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
|
||||||
|
index a5626d032..849d6b368 100644
|
||||||
|
--- a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
|
||||||
|
+++ b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
|
||||||
|
@@ -250,7 +250,6 @@ public class CertProcessor extends CAProcessor {
|
||||||
|
|
||||||
|
logger.info("CertProcessor: Submitting certificate request to " + profile.getId() + " profile");
|
||||||
|
|
||||||
|
- profile.submit(authToken, req);
|
||||||
|
profile.submit(authToken, req, explicitApprovalRequired);
|
||||||
|
|
||||||
|
req.setRequestStatus(RequestStatus.COMPLETE);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
From ab8b87af09b26c3c7ec257e0fb8e5ae931153120 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Endi S. Dewata" <edewata@redhat.com>
|
|
||||||
Date: Sat, 8 Feb 2020 21:56:41 -0600
|
|
||||||
Subject: [PATCH] Removed dependency on pytest-runner
|
|
||||||
|
|
||||||
---
|
|
||||||
base/server/healthcheck/setup.py | 1 -
|
|
||||||
1 file changed, 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/base/server/healthcheck/setup.py b/base/server/healthcheck/setup.py
|
|
||||||
index 22db8bd0f..c629e34c0 100644
|
|
||||||
--- a/base/server/healthcheck/setup.py
|
|
||||||
+++ b/base/server/healthcheck/setup.py
|
|
||||||
@@ -32,6 +32,5 @@ setup(
|
|
||||||
'Programming Language :: Python :: 3.6',
|
|
||||||
],
|
|
||||||
python_requires='!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*',
|
|
||||||
- setup_requires=['pytest-runner'],
|
|
||||||
tests_require=['pytest'],
|
|
||||||
)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
|
@ -12,9 +12,9 @@ License: GPLv2 and LGPLv2
|
||||||
|
|
||||||
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
|
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
|
||||||
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
|
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
|
||||||
Version: 10.10.4
|
Version: 10.11.0
|
||||||
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
|
Release: 2%{?_timestamp}%{?_commit_id}%{?dist}
|
||||||
#global _phase -beta1
|
#global _phase -alpha1
|
||||||
|
|
||||||
# To create a tarball from a version tag:
|
# To create a tarball from a version tag:
|
||||||
# $ git archive \
|
# $ git archive \
|
||||||
|
@ -30,12 +30,15 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
|
||||||
# <version tag> \
|
# <version tag> \
|
||||||
# > pki-VERSION-RELEASE.patch
|
# > pki-VERSION-RELEASE.patch
|
||||||
# Patch: pki-VERSION-RELEASE.patch
|
# Patch: pki-VERSION-RELEASE.patch
|
||||||
|
Patch1: 0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
|
||||||
|
|
||||||
# Do not remove this!! pytest-runner isn't available on RHEL. Removing this
|
# md2man isn't available on i686. Additionally, we aren't generally multi-lib
|
||||||
# patch will break RHEL builds. The error message is:
|
# compatible (https://fedoraproject.org/wiki/Packaging:Java)
|
||||||
# BUILDSTDERR: Download error on https://pypi.org/simple/pytest-runner/:
|
# so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems
|
||||||
# [Errno 111] Connection refused -- Some packages may not be found!
|
# safest.
|
||||||
Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
%if ! 0%{?rhel} || 0%{?rhel} > 8
|
||||||
|
ExcludeArch: i686
|
||||||
|
%endif
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# NSS
|
# NSS
|
||||||
|
@ -47,7 +50,7 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||||
# Python
|
# Python
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
%global python_executable /usr/libexec/platform-python
|
%global python_executable /usr/libexec/platform-python
|
||||||
%else
|
%else
|
||||||
%global python_executable /usr/bin/python3
|
%global python_executable /usr/bin/python3
|
||||||
|
@ -57,15 +60,14 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||||
# Java
|
# Java
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
%define java_devel java-devel
|
%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
%define java_headless java-headless
|
%define java_devel java-1.8.0-openjdk-devel
|
||||||
|
%define java_headless java-1.8.0-openjdk-headless
|
||||||
%if 0%{?fedora} && 0%{?fedora} >= 33
|
%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
|
||||||
%define min_java_version 1:11
|
|
||||||
%define java_home /usr/lib/jvm/java-11-openjdk
|
|
||||||
%else
|
%else
|
||||||
%define min_java_version 1:1.8.0
|
%define java_devel java-11-openjdk-devel
|
||||||
%define java_home /usr/lib/jvm/java-1.8.0-openjdk
|
%define java_headless java-11-openjdk-headless
|
||||||
|
%define java_home /usr/lib/jvm/jre-11-openjdk
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
|
@ -82,8 +84,7 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||||
# By default the build will execute unit tests unless --without test
|
# By default the build will execute unit tests unless --without test
|
||||||
# option is specified.
|
# option is specified.
|
||||||
|
|
||||||
# bcond_without test
|
%bcond_without test
|
||||||
%global with_test 1
|
|
||||||
|
|
||||||
# By default all packages will be built except the ones specified with
|
# By default all packages will be built except the ones specified with
|
||||||
# --without <package> option (exclusion method).
|
# --without <package> option (exclusion method).
|
||||||
|
@ -131,8 +132,6 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||||
%define debug_package %{nil}
|
%define debug_package %{nil}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%bcond_without sdnotify
|
|
||||||
|
|
||||||
# ignore unpackaged files from native 'tpsclient'
|
# ignore unpackaged files from native 'tpsclient'
|
||||||
# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app
|
# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app
|
||||||
%define _unpackaged_files_terminate_build 0
|
%define _unpackaged_files_terminate_build 0
|
||||||
|
@ -170,23 +169,20 @@ fi;
|
||||||
# Build Dependencies
|
# Build Dependencies
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
# autosetup
|
|
||||||
BuildRequires: git
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
|
|
||||||
BuildRequires: cmake >= 3.0.2
|
BuildRequires: cmake >= 3.0.2
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: zip
|
BuildRequires: zip
|
||||||
BuildRequires: %java_devel >= %{min_java_version}
|
BuildRequires: %{java_devel}
|
||||||
BuildRequires: javapackages-tools
|
BuildRequires: javapackages-tools
|
||||||
BuildRequires: redhat-rpm-config
|
BuildRequires: redhat-rpm-config
|
||||||
BuildRequires: ldapjdk >= 4.22.0
|
BuildRequires: ldapjdk >= 4.23.0, ldapjdk < 5.0.0
|
||||||
BuildRequires: apache-commons-cli
|
BuildRequires: apache-commons-cli
|
||||||
BuildRequires: apache-commons-codec
|
BuildRequires: apache-commons-codec
|
||||||
BuildRequires: apache-commons-io
|
BuildRequires: apache-commons-io
|
||||||
BuildRequires: apache-commons-lang3 >= 3.2
|
BuildRequires: apache-commons-lang3 >= 3.2
|
||||||
|
BuildRequires: apache-commons-logging
|
||||||
BuildRequires: apache-commons-net
|
BuildRequires: apache-commons-net
|
||||||
BuildRequires: jakarta-commons-httpclient
|
|
||||||
BuildRequires: glassfish-jaxb-api
|
BuildRequires: glassfish-jaxb-api
|
||||||
BuildRequires: slf4j
|
BuildRequires: slf4j
|
||||||
BuildRequires: slf4j-jdk14
|
BuildRequires: slf4j-jdk14
|
||||||
|
@ -200,22 +196,10 @@ BuildRequires: policycoreutils
|
||||||
BuildRequires: python3-lxml
|
BuildRequires: python3-lxml
|
||||||
BuildRequires: python3-sphinx
|
BuildRequires: python3-sphinx
|
||||||
|
|
||||||
BuildRequires: velocity
|
|
||||||
BuildRequires: xalan-j2
|
BuildRequires: xalan-j2
|
||||||
BuildRequires: xerces-j2
|
BuildRequires: xerces-j2
|
||||||
|
|
||||||
%if 0%{?rhel}
|
|
||||||
BuildRequires: resteasy >= 3.0.26
|
BuildRequires: resteasy >= 3.0.26
|
||||||
%else
|
|
||||||
BuildRequires: jboss-annotations-1.2-api
|
|
||||||
BuildRequires: jboss-jaxrs-2.0-api
|
|
||||||
BuildRequires: jboss-logging
|
|
||||||
BuildRequires: resteasy-atom-provider >= 3.0.17-1
|
|
||||||
BuildRequires: resteasy-client >= 3.0.17-1
|
|
||||||
BuildRequires: resteasy-jaxb-provider >= 3.0.17-1
|
|
||||||
BuildRequires: resteasy-core >= 3.0.17-1
|
|
||||||
BuildRequires: resteasy-jackson2-provider >= 3.0.17-1
|
|
||||||
%endif
|
|
||||||
|
|
||||||
BuildRequires: python3 >= 3.5
|
BuildRequires: python3 >= 3.5
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
|
@ -224,28 +208,17 @@ BuildRequires: python3-cryptography
|
||||||
BuildRequires: python3-lxml
|
BuildRequires: python3-lxml
|
||||||
BuildRequires: python3-ldap
|
BuildRequires: python3-ldap
|
||||||
BuildRequires: python3-libselinux
|
BuildRequires: python3-libselinux
|
||||||
BuildRequires: python3-nss
|
|
||||||
BuildRequires: python3-requests >= 2.6.0
|
BuildRequires: python3-requests >= 2.6.0
|
||||||
BuildRequires: python3-six
|
BuildRequires: python3-six
|
||||||
|
|
||||||
%if 0%{?rhel}
|
|
||||||
# no python3-pytest-runner
|
|
||||||
%else
|
|
||||||
BuildRequires: python3-pytest-runner
|
|
||||||
%endif
|
|
||||||
|
|
||||||
BuildRequires: junit
|
BuildRequires: junit
|
||||||
BuildRequires: jpackage-utils >= 0:1.7.5-10
|
BuildRequires: jpackage-utils >= 0:1.7.5-10
|
||||||
BuildRequires: jss >= 4.8.1
|
BuildRequires: jss >= 4.9.0, jss < 5.0.0
|
||||||
BuildRequires: tomcatjss >= 7.6.1
|
BuildRequires: tomcatjss >= 7.7.0, tomcatjss < 8.0.0
|
||||||
|
|
||||||
# JNA is used to bind to libsystemd
|
|
||||||
%if %{with sdnotify}
|
|
||||||
BuildRequires: jna
|
|
||||||
%endif
|
|
||||||
BuildRequires: systemd-units
|
BuildRequires: systemd-units
|
||||||
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel} && ! 0%{?eln}
|
||||||
BuildRequires: pki-servlet-engine
|
BuildRequires: pki-servlet-engine
|
||||||
%else
|
%else
|
||||||
BuildRequires: tomcat >= 1:9.0.7
|
BuildRequires: tomcat >= 1:9.0.7
|
||||||
|
@ -263,7 +236,7 @@ BuildRequires: zlib
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
|
|
||||||
# build dependency to build man pages
|
# build dependency to build man pages
|
||||||
%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel}
|
%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
BuildRequires: go-md2man
|
BuildRequires: go-md2man
|
||||||
%else
|
%else
|
||||||
BuildRequires: golang-github-cpuguy83-md2man
|
BuildRequires: golang-github-cpuguy83-md2man
|
||||||
|
@ -309,26 +282,28 @@ Summary: %{brand} PKI Package
|
||||||
|
|
||||||
# Make certain that this 'meta' package requires the latest version(s)
|
# Make certain that this 'meta' package requires the latest version(s)
|
||||||
# of ALL PKI theme packages
|
# of ALL PKI theme packages
|
||||||
Requires: %{vendor_id}-pki-server-theme = %{version}
|
Requires: %{vendor_id}-pki-server-theme = %{version}-%{release}
|
||||||
Requires: %{vendor_id}-pki-console-theme = %{version}
|
Requires: %{vendor_id}-pki-console-theme = %{version}-%{release}
|
||||||
|
|
||||||
# Make certain that this 'meta' package requires the latest version(s)
|
# Make certain that this 'meta' package requires the latest version(s)
|
||||||
# of ALL PKI core packages
|
# of ALL PKI core packages
|
||||||
Requires: pki-acme = %{version}
|
Requires: pki-acme = %{version}-%{release}
|
||||||
Requires: pki-ca = %{version}
|
Requires: pki-ca = %{version}-%{release}
|
||||||
Requires: pki-kra = %{version}
|
Requires: pki-kra = %{version}-%{release}
|
||||||
Requires: pki-ocsp = %{version}
|
Requires: pki-ocsp = %{version}-%{release}
|
||||||
Requires: pki-tks = %{version}
|
Requires: pki-tks = %{version}-%{release}
|
||||||
Requires: pki-tps = %{version}
|
Requires: pki-tps = %{version}-%{release}
|
||||||
|
|
||||||
# Make certain that this 'meta' package requires the latest version(s)
|
# Make certain that this 'meta' package requires the latest version(s)
|
||||||
# of PKI console
|
# of PKI console
|
||||||
Requires: pki-console = %{version}
|
Requires: pki-console = %{version}-%{release}
|
||||||
Requires: pki-javadoc = %{version}
|
Requires: pki-javadoc = %{version}-%{release}
|
||||||
|
|
||||||
# Make certain that this 'meta' package requires the latest version(s)
|
# Make certain that this 'meta' package requires the latest version(s)
|
||||||
# of ALL PKI clients
|
# of ALL PKI clients -- except for s390/s390x where 'esc' is not built
|
||||||
|
%ifnarch s390 s390x
|
||||||
Requires: esc >= 1.1.1
|
Requires: esc >= 1.1.1
|
||||||
|
%endif
|
||||||
|
|
||||||
# description for top-level package (unless there is a separate meta package)
|
# description for top-level package (unless there is a separate meta package)
|
||||||
%if "%{name}" == "%{vendor_id}-pki"
|
%if "%{name}" == "%{vendor_id}-pki"
|
||||||
|
@ -359,9 +334,9 @@ PKI consists of the following components:
|
||||||
|
|
||||||
Summary: PKI Symmetric Key Package
|
Summary: PKI Symmetric Key Package
|
||||||
|
|
||||||
Requires: %java_headless >= %{min_java_version}
|
Requires: %{java_headless}
|
||||||
Requires: jpackage-utils >= 0:1.7.5-10
|
Requires: jpackage-utils >= 0:1.7.5-10
|
||||||
Requires: jss >= 4.8.0
|
Requires: jss >= 4.9.0, jss < 5.0.0
|
||||||
Requires: nss >= 3.38.0
|
Requires: nss >= 3.38.0
|
||||||
|
|
||||||
# Ensure we end up with a useful installation
|
# Ensure we end up with a useful installation
|
||||||
|
@ -404,8 +379,8 @@ Summary: PKI Python 3 Package
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Obsoletes: pki-base-python3 < %{version}
|
Obsoletes: pki-base-python3 < %{version}
|
||||||
Provides: pki-base-python3 = %{version}
|
Provides: pki-base-python3 = %{version}-%{release}
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora} || 0%{?rhel} > 8
|
||||||
%{?python_provide:%python_provide python3-pki}
|
%{?python_provide:%python_provide python3-pki}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
@ -414,9 +389,11 @@ Requires: python3 >= 3.5
|
||||||
Requires: python3-cryptography
|
Requires: python3-cryptography
|
||||||
Requires: python3-ldap
|
Requires: python3-ldap
|
||||||
Requires: python3-lxml
|
Requires: python3-lxml
|
||||||
Requires: python3-nss
|
|
||||||
Requires: python3-requests >= 2.6.0
|
Requires: python3-requests >= 2.6.0
|
||||||
Requires: python3-six
|
Requires: python3-six
|
||||||
|
%if 0%{?rhel} < 9 || 0%{?fedora} < 34
|
||||||
|
Recommends: python3-nss
|
||||||
|
%endif
|
||||||
|
|
||||||
%description -n python3-pki
|
%description -n python3-pki
|
||||||
This package contains PKI client library for Python 3.
|
This package contains PKI client library for Python 3.
|
||||||
|
@ -428,33 +405,31 @@ This package contains PKI client library for Python 3.
|
||||||
Summary: PKI Base Java Package
|
Summary: PKI Base Java Package
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Requires: %java_headless >= %{min_java_version}
|
Requires: %{java_headless}
|
||||||
Requires: apache-commons-cli
|
Requires: apache-commons-cli
|
||||||
Requires: apache-commons-codec
|
Requires: apache-commons-codec
|
||||||
Requires: apache-commons-io
|
Requires: apache-commons-io
|
||||||
Requires: apache-commons-lang3 >= 3.2
|
Requires: apache-commons-lang3 >= 3.2
|
||||||
Requires: apache-commons-logging
|
Requires: apache-commons-logging
|
||||||
Requires: apache-commons-net
|
Requires: apache-commons-net
|
||||||
Requires: jakarta-commons-httpclient
|
|
||||||
Requires: glassfish-jaxb-api
|
Requires: glassfish-jaxb-api
|
||||||
Requires: slf4j
|
Requires: slf4j
|
||||||
Requires: slf4j-jdk14
|
Requires: slf4j-jdk14
|
||||||
Requires: jpackage-utils >= 0:1.7.5-10
|
Requires: jpackage-utils >= 0:1.7.5-10
|
||||||
Requires: jss >= 4.7.0
|
Requires: jss >= 4.9.0, jss < 5.0.0
|
||||||
Requires: ldapjdk >= 4.22.0
|
Requires: ldapjdk >= 4.23.0, ldapjdk < 5.0.0
|
||||||
Requires: pki-base = %{version}-%{release}
|
Requires: pki-base = %{version}-%{release}
|
||||||
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
Requires: resteasy >= 3.0.26
|
Requires: resteasy >= 3.0.26
|
||||||
%else
|
%else
|
||||||
Requires: resteasy-atom-provider >= 3.0.17-1
|
|
||||||
Requires: resteasy-client >= 3.0.17-1
|
Requires: resteasy-client >= 3.0.17-1
|
||||||
Requires: resteasy-jaxb-provider >= 3.0.17-1
|
Requires: resteasy-jaxb-provider >= 3.0.17-1
|
||||||
Requires: resteasy-core >= 3.0.17-1
|
Requires: resteasy-core >= 3.0.17-1
|
||||||
Requires: resteasy-jackson2-provider >= 3.0.17-1
|
Requires: resteasy-jackson2-provider >= 3.0.17-1
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if 0%{?fedora} && 0%{?fedora} >= 33
|
%if 0%{?fedora} >= 33 || 0%{?rhel} > 8
|
||||||
Requires: jaxb-impl >= 2.3.3
|
Requires: jaxb-impl >= 2.3.3
|
||||||
Requires: jakarta-activation >= 1.2.2
|
Requires: jakarta-activation >= 1.2.2
|
||||||
%endif
|
%endif
|
||||||
|
@ -517,25 +492,19 @@ Requires: python3-policycoreutils
|
||||||
|
|
||||||
Requires: selinux-policy-targeted >= 3.13.1-159
|
Requires: selinux-policy-targeted >= 3.13.1-159
|
||||||
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel} && ! 0%{?eln}
|
||||||
Requires: pki-servlet-engine >= 1:9.0.7
|
Requires: pki-servlet-engine
|
||||||
%else
|
%else
|
||||||
Requires: tomcat >= 1:9.0.7
|
Requires: tomcat >= 1:9.0.7
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Requires: velocity
|
|
||||||
Requires: sudo
|
Requires: sudo
|
||||||
Requires: systemd
|
Requires: systemd
|
||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(preun): systemd-units
|
Requires(preun): systemd-units
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires: tomcatjss >= 7.6.1
|
Requires: tomcatjss >= 7.7.0, tomcatjss < 8.0.0
|
||||||
|
|
||||||
# JNA is used to bind to libsystemd
|
|
||||||
%if %{with sdnotify}
|
|
||||||
Requires: jna
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# pki-healthcheck depends on the following library
|
# pki-healthcheck depends on the following library
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
|
@ -646,7 +615,7 @@ since such archival would undermine non-repudiation properties of signing keys.
|
||||||
Summary: PKI OCSP Package
|
Summary: PKI OCSP Package
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Requires: pki-server = %{version}
|
Requires: pki-server = %{version}-%{release}
|
||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(preun): systemd-units
|
Requires(preun): systemd-units
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
|
@ -684,7 +653,7 @@ whenever they are issued or updated.
|
||||||
Summary: PKI TKS Package
|
Summary: PKI TKS Package
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Requires: pki-server = %{version}
|
Requires: pki-server = %{version}-%{release}
|
||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(preun): systemd-units
|
Requires(preun): systemd-units
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
|
@ -715,7 +684,7 @@ behind the firewall with restricted access.
|
||||||
|
|
||||||
Summary: PKI TPS Package
|
Summary: PKI TPS Package
|
||||||
|
|
||||||
Requires: pki-server = %{version}
|
Requires: pki-server = %{version}-%{release}
|
||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(preun): systemd-units
|
Requires(preun): systemd-units
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
|
@ -780,8 +749,8 @@ BuildArch: noarch
|
||||||
BuildRequires: idm-console-framework >= 1.2.0
|
BuildRequires: idm-console-framework >= 1.2.0
|
||||||
|
|
||||||
Requires: idm-console-framework >= 1.2.0
|
Requires: idm-console-framework >= 1.2.0
|
||||||
Requires: pki-base-java = %{version}
|
Requires: pki-base-java = %{version}-%{release}
|
||||||
Requires: pki-console-theme = %{version}
|
Requires: pki-console-theme = %{version}-%{release}
|
||||||
|
|
||||||
%description -n pki-console
|
%description -n pki-console
|
||||||
The PKI Console is a Java application used to administer PKI server.
|
The PKI Console is a Java application used to administer PKI server.
|
||||||
|
@ -797,7 +766,7 @@ The PKI Console is a Java application used to administer PKI server.
|
||||||
Summary: %{brand} PKI Server Theme Package
|
Summary: %{brand} PKI Server Theme Package
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Provides: pki-server-theme = %{version}
|
Provides: pki-server-theme = %{version}-%{release}
|
||||||
|
|
||||||
# Ensure we end up with a useful installation
|
# Ensure we end up with a useful installation
|
||||||
Conflicts: pki-base < %{version}
|
Conflicts: pki-base < %{version}
|
||||||
|
@ -816,7 +785,7 @@ This PKI Server Theme Package contains
|
||||||
Summary: %{brand} PKI Console Theme Package
|
Summary: %{brand} PKI Console Theme Package
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
Provides: pki-console-theme = %{version}
|
Provides: pki-console-theme = %{version}-%{release}
|
||||||
|
|
||||||
# Ensure we end up with a useful installation
|
# Ensure we end up with a useful installation
|
||||||
Conflicts: pki-base < %{version}
|
Conflicts: pki-base < %{version}
|
||||||
|
@ -849,7 +818,7 @@ This package contains PKI test suite.
|
||||||
%prep
|
%prep
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
%autosetup -n pki-%{version}%{?_phase} -p 1 -S git
|
%autosetup -n pki-%{version}%{?_phase} -p 1
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
%build
|
%build
|
||||||
|
@ -862,16 +831,10 @@ java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | se
|
||||||
# otherwise get <major> version number
|
# otherwise get <major> version number
|
||||||
java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'`
|
java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'`
|
||||||
|
|
||||||
# get Tomcat <major>.<minor> version number
|
# assume tomcat app_server
|
||||||
tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
|
app_server=tomcat-9.0
|
||||||
|
|
||||||
if [ $tomcat_version == "9.0" ]; then
|
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
app_server=tomcat-8.5
|
|
||||||
else
|
|
||||||
app_server=tomcat-$tomcat_version
|
|
||||||
fi
|
|
||||||
|
|
||||||
%if 0%{?rhel}
|
|
||||||
%{__mkdir_p} build
|
%{__mkdir_p} build
|
||||||
cd build
|
cd build
|
||||||
%endif
|
%endif
|
||||||
|
@ -882,8 +845,8 @@ cd build
|
||||||
-DVAR_INSTALL_DIR:PATH=/var \
|
-DVAR_INSTALL_DIR:PATH=/var \
|
||||||
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
|
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
|
||||||
-DJAVA_VERSION=${java_version} \
|
-DJAVA_VERSION=${java_version} \
|
||||||
-DJAVA_HOME=%java_home \
|
-DJAVA_HOME=%{java_home} \
|
||||||
-DPKI_JAVA_PATH=%java_home/bin/java \
|
-DPKI_JAVA_PATH=%{java_home}/bin/java \
|
||||||
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
|
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
|
||||||
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
|
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
|
||||||
-DAPP_SERVER=$app_server \
|
-DAPP_SERVER=$app_server \
|
||||||
|
@ -901,18 +864,17 @@ cd build
|
||||||
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
|
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
|
||||||
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
|
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
|
||||||
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
|
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
|
||||||
-DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \
|
|
||||||
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
|
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
|
||||||
-DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
|
-DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
|
||||||
-DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
|
-DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
|
||||||
-DTHEME=%{?with_theme:%{vendor_id}} \
|
-DTHEME=%{?with_theme:%{vendor_id}} \
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
..
|
..
|
||||||
%else
|
%else
|
||||||
-B %{_vpath_builddir}
|
-B %{_vpath_builddir}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora} || 0%{?rhel} > 8
|
||||||
cd %{_vpath_builddir}
|
cd %{_vpath_builddir}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
@ -929,7 +891,7 @@ cd %{_vpath_builddir}
|
||||||
%install
|
%install
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
cd build
|
cd build
|
||||||
%else
|
%else
|
||||||
cd %{_vpath_builddir}
|
cd %{_vpath_builddir}
|
||||||
|
@ -943,7 +905,7 @@ cd %{_vpath_builddir}
|
||||||
--no-print-directory \
|
--no-print-directory \
|
||||||
install
|
install
|
||||||
|
|
||||||
%if %{with_test}
|
%if %{with test}
|
||||||
ctest --output-on-failure
|
ctest --output-on-failure
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
@ -960,14 +922,22 @@ EOF
|
||||||
|
|
||||||
# Customize client library links in /usr/share/pki/lib
|
# Customize client library links in /usr/share/pki/lib
|
||||||
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar
|
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar
|
||||||
|
%if 0%{?fedora} && 0%{?fedora} <= 34 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar
|
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar
|
||||||
|
%else
|
||||||
|
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/lib/jakarta.annotation-api.jar
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with server}
|
%if %{with server}
|
||||||
|
|
||||||
# Customize server common library links in /usr/share/pki/server/common/lib
|
# Customize server common library links in /usr/share/pki/server/common/lib
|
||||||
ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar
|
ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar
|
||||||
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar
|
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar
|
||||||
|
%if 0%{?fedora} && 0%{?fedora} <= 34 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||||
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
|
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
|
||||||
|
%else
|
||||||
|
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/server/common/lib/jakarta.annotation-api.jar
|
||||||
|
%endif
|
||||||
|
|
||||||
# with server
|
# with server
|
||||||
%endif
|
%endif
|
||||||
|
@ -1018,6 +988,10 @@ fi
|
||||||
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
|
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
|
||||||
## PKI deployment process
|
## PKI deployment process
|
||||||
|
|
||||||
|
# CVE-2021-3551
|
||||||
|
# Remove world access from existing installation logs
|
||||||
|
find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
|
||||||
|
|
||||||
# Reload systemd daemons on upgrade only
|
# Reload systemd daemons on upgrade only
|
||||||
if [ "$1" == "2" ]
|
if [ "$1" == "2" ]
|
||||||
then
|
then
|
||||||
|
@ -1197,9 +1171,8 @@ fi
|
||||||
%{_sbindir}/pkidestroy
|
%{_sbindir}/pkidestroy
|
||||||
%{_sbindir}/pki-server
|
%{_sbindir}/pki-server
|
||||||
%{_sbindir}/pki-server-upgrade
|
%{_sbindir}/pki-server-upgrade
|
||||||
%{python3_sitelib}/pki/server/
|
|
||||||
%{_sbindir}/pki-healthcheck
|
%{_sbindir}/pki-healthcheck
|
||||||
%{python3_sitelib}/pki/server/healthcheck/
|
%{python3_sitelib}/pki/server/
|
||||||
%{python3_sitelib}/pkihealthcheck-*.egg-info/
|
%{python3_sitelib}/pkihealthcheck-*.egg-info/
|
||||||
%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf
|
%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf
|
||||||
|
|
||||||
|
@ -1242,10 +1215,6 @@ fi
|
||||||
%{_datadir}/pki/setup/
|
%{_datadir}/pki/setup/
|
||||||
%{_datadir}/pki/server/
|
%{_datadir}/pki/server/
|
||||||
|
|
||||||
%if %{with sdnotify}
|
|
||||||
%{_javadir}/pki/pki-systemd.jar
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# with server
|
# with server
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
@ -1255,7 +1224,6 @@ fi
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
%{_javadir}/pki/pki-acme.jar
|
%{_javadir}/pki/pki-acme.jar
|
||||||
%dir %{_datadir}/pki/acme
|
|
||||||
%{_datadir}/pki/acme/
|
%{_datadir}/pki/acme/
|
||||||
|
|
||||||
# with acme
|
# with acme
|
||||||
|
@ -1268,7 +1236,6 @@ fi
|
||||||
|
|
||||||
%license base/ca/LICENSE
|
%license base/ca/LICENSE
|
||||||
%{_javadir}/pki/pki-ca.jar
|
%{_javadir}/pki/pki-ca.jar
|
||||||
%dir %{_datadir}/pki/ca
|
|
||||||
%{_datadir}/pki/ca/
|
%{_datadir}/pki/ca/
|
||||||
|
|
||||||
# with ca
|
# with ca
|
||||||
|
@ -1281,7 +1248,6 @@ fi
|
||||||
|
|
||||||
%license base/kra/LICENSE
|
%license base/kra/LICENSE
|
||||||
%{_javadir}/pki/pki-kra.jar
|
%{_javadir}/pki/pki-kra.jar
|
||||||
%dir %{_datadir}/pki/kra
|
|
||||||
%{_datadir}/pki/kra/
|
%{_datadir}/pki/kra/
|
||||||
|
|
||||||
# with kra
|
# with kra
|
||||||
|
@ -1294,7 +1260,6 @@ fi
|
||||||
|
|
||||||
%license base/ocsp/LICENSE
|
%license base/ocsp/LICENSE
|
||||||
%{_javadir}/pki/pki-ocsp.jar
|
%{_javadir}/pki/pki-ocsp.jar
|
||||||
%dir %{_datadir}/pki/ocsp
|
|
||||||
%{_datadir}/pki/ocsp/
|
%{_datadir}/pki/ocsp/
|
||||||
|
|
||||||
# with ocsp
|
# with ocsp
|
||||||
|
@ -1307,7 +1272,6 @@ fi
|
||||||
|
|
||||||
%license base/tks/LICENSE
|
%license base/tks/LICENSE
|
||||||
%{_javadir}/pki/pki-tks.jar
|
%{_javadir}/pki/pki-tks.jar
|
||||||
%dir %{_datadir}/pki/tks
|
|
||||||
%{_datadir}/pki/tks/
|
%{_datadir}/pki/tks/
|
||||||
|
|
||||||
# with tks
|
# with tks
|
||||||
|
@ -1320,7 +1284,6 @@ fi
|
||||||
|
|
||||||
%license base/tps/LICENSE
|
%license base/tps/LICENSE
|
||||||
%{_javadir}/pki/pki-tps.jar
|
%{_javadir}/pki/pki-tps.jar
|
||||||
%dir %{_datadir}/pki/tps
|
|
||||||
%{_datadir}/pki/tps/
|
%{_datadir}/pki/tps/
|
||||||
%{_mandir}/man5/pki-tps-connector.5.gz
|
%{_mandir}/man5/pki-tps-connector.5.gz
|
||||||
%{_mandir}/man5/pki-tps-profile.5.gz
|
%{_mandir}/man5/pki-tps-profile.5.gz
|
||||||
|
@ -1399,6 +1362,21 @@ fi
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 12 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-2
|
||||||
|
- Bug 1992337 - Double issuance of non-CA subsystem certs at installation
|
||||||
|
|
||||||
|
* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-1
|
||||||
|
- Rebase to PKI 10.11.0
|
||||||
|
|
||||||
|
* Mon Jun 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.3
|
||||||
|
- Rebase to PKI 10.11.0-alpha3
|
||||||
|
|
||||||
|
* Thu Jun 03 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.2
|
||||||
|
- Fix JAVA_HOME
|
||||||
|
|
||||||
|
* Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.1
|
||||||
|
- Rebase to PKI 10.11.0-alpha2
|
||||||
|
|
||||||
* Mon Feb 08 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.4-1
|
* Mon Feb 08 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.4-1
|
||||||
- Rebase to PKI 10.10.4
|
- Rebase to PKI 10.10.4
|
||||||
- Bug 1664435 - Error instantiating class for challenge_password with SCEP request
|
- Bug 1664435 - Error instantiating class for challenge_password with SCEP request
|
||||||
|
|
Loading…
Reference in New Issue