import pki-core-10.11.0-2.module+el8.5.0+12220+9cc212a8
This commit is contained in:
parent
58a736a6e9
commit
dcef74eaef
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/pki-10.10.4.tar.gz
|
||||
SOURCES/pki-10.11.0.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
d50ec310c6584bd0eb1448b6d40614954827a73d SOURCES/pki-10.10.4.tar.gz
|
||||
f125333c7e88d7aae11f51527681018319bba19c SOURCES/pki-10.11.0.tar.gz
|
||||
|
@ -0,0 +1,30 @@
|
||||
From 63cf2895f5d5a37bb09f3e889b8584b0bb0dce06 Mon Sep 17 00:00:00 2001
|
||||
From: Christina Fu <cfu@redhat.com>
|
||||
Date: Wed, 11 Aug 2021 09:19:59 -0700
|
||||
Subject: [PATCH] Bug 1992337 - Double issuance of non-CA subsystem certs at
|
||||
installation
|
||||
|
||||
This patch removes an extra profile.submit() call that was accidentally left
|
||||
off during manual cherry-picking of another bug (1905374):
|
||||
commit 8e78a2b912e7c3bd015e4da1f1630d0f35145104 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH)
|
||||
|
||||
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1905374
|
||||
---
|
||||
.../main/java/com/netscape/cms/servlet/cert/CertProcessor.java | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
|
||||
index a5626d032..849d6b368 100644
|
||||
--- a/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
|
||||
+++ b/base/ca/src/main/java/com/netscape/cms/servlet/cert/CertProcessor.java
|
||||
@@ -250,7 +250,6 @@ public class CertProcessor extends CAProcessor {
|
||||
|
||||
logger.info("CertProcessor: Submitting certificate request to " + profile.getId() + " profile");
|
||||
|
||||
- profile.submit(authToken, req);
|
||||
profile.submit(authToken, req, explicitApprovalRequired);
|
||||
|
||||
req.setRequestStatus(RequestStatus.COMPLETE);
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,23 +0,0 @@
|
||||
From ab8b87af09b26c3c7ec257e0fb8e5ae931153120 Mon Sep 17 00:00:00 2001
|
||||
From: "Endi S. Dewata" <edewata@redhat.com>
|
||||
Date: Sat, 8 Feb 2020 21:56:41 -0600
|
||||
Subject: [PATCH] Removed dependency on pytest-runner
|
||||
|
||||
---
|
||||
base/server/healthcheck/setup.py | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/base/server/healthcheck/setup.py b/base/server/healthcheck/setup.py
|
||||
index 22db8bd0f..c629e34c0 100644
|
||||
--- a/base/server/healthcheck/setup.py
|
||||
+++ b/base/server/healthcheck/setup.py
|
||||
@@ -32,6 +32,5 @@ setup(
|
||||
'Programming Language :: Python :: 3.6',
|
||||
],
|
||||
python_requires='!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*',
|
||||
- setup_requires=['pytest-runner'],
|
||||
tests_require=['pytest'],
|
||||
)
|
||||
--
|
||||
2.21.0
|
||||
|
@ -12,9 +12,9 @@ License: GPLv2 and LGPLv2
|
||||
|
||||
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
|
||||
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
|
||||
Version: 10.10.4
|
||||
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
#global _phase -beta1
|
||||
Version: 10.11.0
|
||||
Release: 2%{?_timestamp}%{?_commit_id}%{?dist}
|
||||
#global _phase -alpha1
|
||||
|
||||
# To create a tarball from a version tag:
|
||||
# $ git archive \
|
||||
@ -30,12 +30,15 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
|
||||
# <version tag> \
|
||||
# > pki-VERSION-RELEASE.patch
|
||||
# Patch: pki-VERSION-RELEASE.patch
|
||||
Patch1: 0001-Bug-1992337-Double-issuance-of-non-CA-subsystem-cert.patch
|
||||
|
||||
# Do not remove this!! pytest-runner isn't available on RHEL. Removing this
|
||||
# patch will break RHEL builds. The error message is:
|
||||
# BUILDSTDERR: Download error on https://pypi.org/simple/pytest-runner/:
|
||||
# [Errno 111] Connection refused -- Some packages may not be found!
|
||||
Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||
# md2man isn't available on i686. Additionally, we aren't generally multi-lib
|
||||
# compatible (https://fedoraproject.org/wiki/Packaging:Java)
|
||||
# so dropping i686 everywhere but RHEL-8 (which we've already shipped) seems
|
||||
# safest.
|
||||
%if ! 0%{?rhel} || 0%{?rhel} > 8
|
||||
ExcludeArch: i686
|
||||
%endif
|
||||
|
||||
################################################################################
|
||||
# NSS
|
||||
@ -47,7 +50,7 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||
# Python
|
||||
################################################################################
|
||||
|
||||
%if 0%{?rhel}
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||
%global python_executable /usr/libexec/platform-python
|
||||
%else
|
||||
%global python_executable /usr/bin/python3
|
||||
@ -57,15 +60,14 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||
# Java
|
||||
################################################################################
|
||||
|
||||
%define java_devel java-devel
|
||||
%define java_headless java-headless
|
||||
|
||||
%if 0%{?fedora} && 0%{?fedora} >= 33
|
||||
%define min_java_version 1:11
|
||||
%define java_home /usr/lib/jvm/java-11-openjdk
|
||||
%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||
%define java_devel java-1.8.0-openjdk-devel
|
||||
%define java_headless java-1.8.0-openjdk-headless
|
||||
%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
|
||||
%else
|
||||
%define min_java_version 1:1.8.0
|
||||
%define java_home /usr/lib/jvm/java-1.8.0-openjdk
|
||||
%define java_devel java-11-openjdk-devel
|
||||
%define java_headless java-11-openjdk-headless
|
||||
%define java_home /usr/lib/jvm/jre-11-openjdk
|
||||
%endif
|
||||
|
||||
################################################################################
|
||||
@ -82,8 +84,7 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||
# By default the build will execute unit tests unless --without test
|
||||
# option is specified.
|
||||
|
||||
# bcond_without test
|
||||
%global with_test 1
|
||||
%bcond_without test
|
||||
|
||||
# By default all packages will be built except the ones specified with
|
||||
# --without <package> option (exclusion method).
|
||||
@ -131,8 +132,6 @@ Patch1: 0001-Removed-dependency-on-pytest-runner.patch
|
||||
%define debug_package %{nil}
|
||||
%endif
|
||||
|
||||
%bcond_without sdnotify
|
||||
|
||||
# ignore unpackaged files from native 'tpsclient'
|
||||
# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app
|
||||
%define _unpackaged_files_terminate_build 0
|
||||
@ -170,23 +169,20 @@ fi;
|
||||
# Build Dependencies
|
||||
################################################################################
|
||||
|
||||
# autosetup
|
||||
BuildRequires: git
|
||||
BuildRequires: make
|
||||
|
||||
BuildRequires: cmake >= 3.0.2
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: zip
|
||||
BuildRequires: %java_devel >= %{min_java_version}
|
||||
BuildRequires: %{java_devel}
|
||||
BuildRequires: javapackages-tools
|
||||
BuildRequires: redhat-rpm-config
|
||||
BuildRequires: ldapjdk >= 4.22.0
|
||||
BuildRequires: ldapjdk >= 4.23.0, ldapjdk < 5.0.0
|
||||
BuildRequires: apache-commons-cli
|
||||
BuildRequires: apache-commons-codec
|
||||
BuildRequires: apache-commons-io
|
||||
BuildRequires: apache-commons-lang3 >= 3.2
|
||||
BuildRequires: apache-commons-logging
|
||||
BuildRequires: apache-commons-net
|
||||
BuildRequires: jakarta-commons-httpclient
|
||||
BuildRequires: glassfish-jaxb-api
|
||||
BuildRequires: slf4j
|
||||
BuildRequires: slf4j-jdk14
|
||||
@ -200,22 +196,10 @@ BuildRequires: policycoreutils
|
||||
BuildRequires: python3-lxml
|
||||
BuildRequires: python3-sphinx
|
||||
|
||||
BuildRequires: velocity
|
||||
BuildRequires: xalan-j2
|
||||
BuildRequires: xerces-j2
|
||||
|
||||
%if 0%{?rhel}
|
||||
BuildRequires: resteasy >= 3.0.26
|
||||
%else
|
||||
BuildRequires: jboss-annotations-1.2-api
|
||||
BuildRequires: jboss-jaxrs-2.0-api
|
||||
BuildRequires: jboss-logging
|
||||
BuildRequires: resteasy-atom-provider >= 3.0.17-1
|
||||
BuildRequires: resteasy-client >= 3.0.17-1
|
||||
BuildRequires: resteasy-jaxb-provider >= 3.0.17-1
|
||||
BuildRequires: resteasy-core >= 3.0.17-1
|
||||
BuildRequires: resteasy-jackson2-provider >= 3.0.17-1
|
||||
%endif
|
||||
|
||||
BuildRequires: python3 >= 3.5
|
||||
BuildRequires: python3-devel
|
||||
@ -224,28 +208,17 @@ BuildRequires: python3-cryptography
|
||||
BuildRequires: python3-lxml
|
||||
BuildRequires: python3-ldap
|
||||
BuildRequires: python3-libselinux
|
||||
BuildRequires: python3-nss
|
||||
BuildRequires: python3-requests >= 2.6.0
|
||||
BuildRequires: python3-six
|
||||
|
||||
%if 0%{?rhel}
|
||||
# no python3-pytest-runner
|
||||
%else
|
||||
BuildRequires: python3-pytest-runner
|
||||
%endif
|
||||
|
||||
BuildRequires: junit
|
||||
BuildRequires: jpackage-utils >= 0:1.7.5-10
|
||||
BuildRequires: jss >= 4.8.1
|
||||
BuildRequires: tomcatjss >= 7.6.1
|
||||
BuildRequires: jss >= 4.9.0, jss < 5.0.0
|
||||
BuildRequires: tomcatjss >= 7.7.0, tomcatjss < 8.0.0
|
||||
|
||||
# JNA is used to bind to libsystemd
|
||||
%if %{with sdnotify}
|
||||
BuildRequires: jna
|
||||
%endif
|
||||
BuildRequires: systemd-units
|
||||
|
||||
%if 0%{?rhel}
|
||||
%if 0%{?rhel} && ! 0%{?eln}
|
||||
BuildRequires: pki-servlet-engine
|
||||
%else
|
||||
BuildRequires: tomcat >= 1:9.0.7
|
||||
@ -263,7 +236,7 @@ BuildRequires: zlib
|
||||
BuildRequires: zlib-devel
|
||||
|
||||
# build dependency to build man pages
|
||||
%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel}
|
||||
%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||
BuildRequires: go-md2man
|
||||
%else
|
||||
BuildRequires: golang-github-cpuguy83-md2man
|
||||
@ -309,26 +282,28 @@ Summary: %{brand} PKI Package
|
||||
|
||||
# Make certain that this 'meta' package requires the latest version(s)
|
||||
# of ALL PKI theme packages
|
||||
Requires: %{vendor_id}-pki-server-theme = %{version}
|
||||
Requires: %{vendor_id}-pki-console-theme = %{version}
|
||||
Requires: %{vendor_id}-pki-server-theme = %{version}-%{release}
|
||||
Requires: %{vendor_id}-pki-console-theme = %{version}-%{release}
|
||||
|
||||
# Make certain that this 'meta' package requires the latest version(s)
|
||||
# of ALL PKI core packages
|
||||
Requires: pki-acme = %{version}
|
||||
Requires: pki-ca = %{version}
|
||||
Requires: pki-kra = %{version}
|
||||
Requires: pki-ocsp = %{version}
|
||||
Requires: pki-tks = %{version}
|
||||
Requires: pki-tps = %{version}
|
||||
Requires: pki-acme = %{version}-%{release}
|
||||
Requires: pki-ca = %{version}-%{release}
|
||||
Requires: pki-kra = %{version}-%{release}
|
||||
Requires: pki-ocsp = %{version}-%{release}
|
||||
Requires: pki-tks = %{version}-%{release}
|
||||
Requires: pki-tps = %{version}-%{release}
|
||||
|
||||
# Make certain that this 'meta' package requires the latest version(s)
|
||||
# of PKI console
|
||||
Requires: pki-console = %{version}
|
||||
Requires: pki-javadoc = %{version}
|
||||
Requires: pki-console = %{version}-%{release}
|
||||
Requires: pki-javadoc = %{version}-%{release}
|
||||
|
||||
# Make certain that this 'meta' package requires the latest version(s)
|
||||
# of ALL PKI clients
|
||||
# of ALL PKI clients -- except for s390/s390x where 'esc' is not built
|
||||
%ifnarch s390 s390x
|
||||
Requires: esc >= 1.1.1
|
||||
%endif
|
||||
|
||||
# description for top-level package (unless there is a separate meta package)
|
||||
%if "%{name}" == "%{vendor_id}-pki"
|
||||
@ -359,9 +334,9 @@ PKI consists of the following components:
|
||||
|
||||
Summary: PKI Symmetric Key Package
|
||||
|
||||
Requires: %java_headless >= %{min_java_version}
|
||||
Requires: %{java_headless}
|
||||
Requires: jpackage-utils >= 0:1.7.5-10
|
||||
Requires: jss >= 4.8.0
|
||||
Requires: jss >= 4.9.0, jss < 5.0.0
|
||||
Requires: nss >= 3.38.0
|
||||
|
||||
# Ensure we end up with a useful installation
|
||||
@ -404,8 +379,8 @@ Summary: PKI Python 3 Package
|
||||
BuildArch: noarch
|
||||
|
||||
Obsoletes: pki-base-python3 < %{version}
|
||||
Provides: pki-base-python3 = %{version}
|
||||
%if 0%{?fedora}
|
||||
Provides: pki-base-python3 = %{version}-%{release}
|
||||
%if 0%{?fedora} || 0%{?rhel} > 8
|
||||
%{?python_provide:%python_provide python3-pki}
|
||||
%endif
|
||||
|
||||
@ -414,9 +389,11 @@ Requires: python3 >= 3.5
|
||||
Requires: python3-cryptography
|
||||
Requires: python3-ldap
|
||||
Requires: python3-lxml
|
||||
Requires: python3-nss
|
||||
Requires: python3-requests >= 2.6.0
|
||||
Requires: python3-six
|
||||
%if 0%{?rhel} < 9 || 0%{?fedora} < 34
|
||||
Recommends: python3-nss
|
||||
%endif
|
||||
|
||||
%description -n python3-pki
|
||||
This package contains PKI client library for Python 3.
|
||||
@ -428,33 +405,31 @@ This package contains PKI client library for Python 3.
|
||||
Summary: PKI Base Java Package
|
||||
BuildArch: noarch
|
||||
|
||||
Requires: %java_headless >= %{min_java_version}
|
||||
Requires: %{java_headless}
|
||||
Requires: apache-commons-cli
|
||||
Requires: apache-commons-codec
|
||||
Requires: apache-commons-io
|
||||
Requires: apache-commons-lang3 >= 3.2
|
||||
Requires: apache-commons-logging
|
||||
Requires: apache-commons-net
|
||||
Requires: jakarta-commons-httpclient
|
||||
Requires: glassfish-jaxb-api
|
||||
Requires: slf4j
|
||||
Requires: slf4j-jdk14
|
||||
Requires: jpackage-utils >= 0:1.7.5-10
|
||||
Requires: jss >= 4.7.0
|
||||
Requires: ldapjdk >= 4.22.0
|
||||
Requires: jss >= 4.9.0, jss < 5.0.0
|
||||
Requires: ldapjdk >= 4.23.0, ldapjdk < 5.0.0
|
||||
Requires: pki-base = %{version}-%{release}
|
||||
|
||||
%if 0%{?rhel}
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||
Requires: resteasy >= 3.0.26
|
||||
%else
|
||||
Requires: resteasy-atom-provider >= 3.0.17-1
|
||||
Requires: resteasy-client >= 3.0.17-1
|
||||
Requires: resteasy-jaxb-provider >= 3.0.17-1
|
||||
Requires: resteasy-core >= 3.0.17-1
|
||||
Requires: resteasy-jackson2-provider >= 3.0.17-1
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} && 0%{?fedora} >= 33
|
||||
%if 0%{?fedora} >= 33 || 0%{?rhel} > 8
|
||||
Requires: jaxb-impl >= 2.3.3
|
||||
Requires: jakarta-activation >= 1.2.2
|
||||
%endif
|
||||
@ -517,25 +492,19 @@ Requires: python3-policycoreutils
|
||||
|
||||
Requires: selinux-policy-targeted >= 3.13.1-159
|
||||
|
||||
%if 0%{?rhel}
|
||||
Requires: pki-servlet-engine >= 1:9.0.7
|
||||
%if 0%{?rhel} && ! 0%{?eln}
|
||||
Requires: pki-servlet-engine
|
||||
%else
|
||||
Requires: tomcat >= 1:9.0.7
|
||||
%endif
|
||||
|
||||
Requires: velocity
|
||||
Requires: sudo
|
||||
Requires: systemd
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
Requires(pre): shadow-utils
|
||||
Requires: tomcatjss >= 7.6.1
|
||||
|
||||
# JNA is used to bind to libsystemd
|
||||
%if %{with sdnotify}
|
||||
Requires: jna
|
||||
%endif
|
||||
Requires: tomcatjss >= 7.7.0, tomcatjss < 8.0.0
|
||||
|
||||
# pki-healthcheck depends on the following library
|
||||
%if 0%{?rhel}
|
||||
@ -646,7 +615,7 @@ since such archival would undermine non-repudiation properties of signing keys.
|
||||
Summary: PKI OCSP Package
|
||||
BuildArch: noarch
|
||||
|
||||
Requires: pki-server = %{version}
|
||||
Requires: pki-server = %{version}-%{release}
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
@ -684,7 +653,7 @@ whenever they are issued or updated.
|
||||
Summary: PKI TKS Package
|
||||
BuildArch: noarch
|
||||
|
||||
Requires: pki-server = %{version}
|
||||
Requires: pki-server = %{version}-%{release}
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
@ -715,7 +684,7 @@ behind the firewall with restricted access.
|
||||
|
||||
Summary: PKI TPS Package
|
||||
|
||||
Requires: pki-server = %{version}
|
||||
Requires: pki-server = %{version}-%{release}
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
@ -780,8 +749,8 @@ BuildArch: noarch
|
||||
BuildRequires: idm-console-framework >= 1.2.0
|
||||
|
||||
Requires: idm-console-framework >= 1.2.0
|
||||
Requires: pki-base-java = %{version}
|
||||
Requires: pki-console-theme = %{version}
|
||||
Requires: pki-base-java = %{version}-%{release}
|
||||
Requires: pki-console-theme = %{version}-%{release}
|
||||
|
||||
%description -n pki-console
|
||||
The PKI Console is a Java application used to administer PKI server.
|
||||
@ -797,7 +766,7 @@ The PKI Console is a Java application used to administer PKI server.
|
||||
Summary: %{brand} PKI Server Theme Package
|
||||
BuildArch: noarch
|
||||
|
||||
Provides: pki-server-theme = %{version}
|
||||
Provides: pki-server-theme = %{version}-%{release}
|
||||
|
||||
# Ensure we end up with a useful installation
|
||||
Conflicts: pki-base < %{version}
|
||||
@ -816,7 +785,7 @@ This PKI Server Theme Package contains
|
||||
Summary: %{brand} PKI Console Theme Package
|
||||
BuildArch: noarch
|
||||
|
||||
Provides: pki-console-theme = %{version}
|
||||
Provides: pki-console-theme = %{version}-%{release}
|
||||
|
||||
# Ensure we end up with a useful installation
|
||||
Conflicts: pki-base < %{version}
|
||||
@ -849,7 +818,7 @@ This package contains PKI test suite.
|
||||
%prep
|
||||
################################################################################
|
||||
|
||||
%autosetup -n pki-%{version}%{?_phase} -p 1 -S git
|
||||
%autosetup -n pki-%{version}%{?_phase} -p 1
|
||||
|
||||
################################################################################
|
||||
%build
|
||||
@ -862,16 +831,10 @@ java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | se
|
||||
# otherwise get <major> version number
|
||||
java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'`
|
||||
|
||||
# get Tomcat <major>.<minor> version number
|
||||
tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
|
||||
# assume tomcat app_server
|
||||
app_server=tomcat-9.0
|
||||
|
||||
if [ $tomcat_version == "9.0" ]; then
|
||||
app_server=tomcat-8.5
|
||||
else
|
||||
app_server=tomcat-$tomcat_version
|
||||
fi
|
||||
|
||||
%if 0%{?rhel}
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||
%{__mkdir_p} build
|
||||
cd build
|
||||
%endif
|
||||
@ -882,8 +845,8 @@ cd build
|
||||
-DVAR_INSTALL_DIR:PATH=/var \
|
||||
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
|
||||
-DJAVA_VERSION=${java_version} \
|
||||
-DJAVA_HOME=%java_home \
|
||||
-DPKI_JAVA_PATH=%java_home/bin/java \
|
||||
-DJAVA_HOME=%{java_home} \
|
||||
-DPKI_JAVA_PATH=%{java_home}/bin/java \
|
||||
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
|
||||
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
|
||||
-DAPP_SERVER=$app_server \
|
||||
@ -901,18 +864,17 @@ cd build
|
||||
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
|
||||
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
|
||||
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
|
||||
-DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \
|
||||
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
|
||||
-DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
|
||||
-DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
|
||||
-DTHEME=%{?with_theme:%{vendor_id}} \
|
||||
%if 0%{?rhel}
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||
..
|
||||
%else
|
||||
-B %{_vpath_builddir}
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora}
|
||||
%if 0%{?fedora} || 0%{?rhel} > 8
|
||||
cd %{_vpath_builddir}
|
||||
%endif
|
||||
|
||||
@ -929,7 +891,7 @@ cd %{_vpath_builddir}
|
||||
%install
|
||||
################################################################################
|
||||
|
||||
%if 0%{?rhel}
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||
cd build
|
||||
%else
|
||||
cd %{_vpath_builddir}
|
||||
@ -943,7 +905,7 @@ cd %{_vpath_builddir}
|
||||
--no-print-directory \
|
||||
install
|
||||
|
||||
%if %{with_test}
|
||||
%if %{with test}
|
||||
ctest --output-on-failure
|
||||
%endif
|
||||
|
||||
@ -960,14 +922,22 @@ EOF
|
||||
|
||||
# Customize client library links in /usr/share/pki/lib
|
||||
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar
|
||||
%if 0%{?fedora} && 0%{?fedora} <= 34 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar
|
||||
%else
|
||||
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/lib/jakarta.annotation-api.jar
|
||||
%endif
|
||||
|
||||
%if %{with server}
|
||||
|
||||
# Customize server common library links in /usr/share/pki/server/common/lib
|
||||
ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar
|
||||
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar
|
||||
%if 0%{?fedora} && 0%{?fedora} <= 34 || 0%{?rhel} && 0%{?rhel} <= 8
|
||||
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
|
||||
%else
|
||||
ln -sf /usr/share/java/jakarta-annotations/jakarta.annotation-api.jar %{buildroot}%{_datadir}/pki/server/common/lib/jakarta.annotation-api.jar
|
||||
%endif
|
||||
|
||||
# with server
|
||||
%endif
|
||||
@ -1018,6 +988,10 @@ fi
|
||||
## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
|
||||
## PKI deployment process
|
||||
|
||||
# CVE-2021-3551
|
||||
# Remove world access from existing installation logs
|
||||
find /var/log/pki -maxdepth 1 -type f -exec chmod o-rwx {} \;
|
||||
|
||||
# Reload systemd daemons on upgrade only
|
||||
if [ "$1" == "2" ]
|
||||
then
|
||||
@ -1197,9 +1171,8 @@ fi
|
||||
%{_sbindir}/pkidestroy
|
||||
%{_sbindir}/pki-server
|
||||
%{_sbindir}/pki-server-upgrade
|
||||
%{python3_sitelib}/pki/server/
|
||||
%{_sbindir}/pki-healthcheck
|
||||
%{python3_sitelib}/pki/server/healthcheck/
|
||||
%{python3_sitelib}/pki/server/
|
||||
%{python3_sitelib}/pkihealthcheck-*.egg-info/
|
||||
%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf
|
||||
|
||||
@ -1242,10 +1215,6 @@ fi
|
||||
%{_datadir}/pki/setup/
|
||||
%{_datadir}/pki/server/
|
||||
|
||||
%if %{with sdnotify}
|
||||
%{_javadir}/pki/pki-systemd.jar
|
||||
%endif
|
||||
|
||||
# with server
|
||||
%endif
|
||||
|
||||
@ -1255,7 +1224,6 @@ fi
|
||||
################################################################################
|
||||
|
||||
%{_javadir}/pki/pki-acme.jar
|
||||
%dir %{_datadir}/pki/acme
|
||||
%{_datadir}/pki/acme/
|
||||
|
||||
# with acme
|
||||
@ -1268,7 +1236,6 @@ fi
|
||||
|
||||
%license base/ca/LICENSE
|
||||
%{_javadir}/pki/pki-ca.jar
|
||||
%dir %{_datadir}/pki/ca
|
||||
%{_datadir}/pki/ca/
|
||||
|
||||
# with ca
|
||||
@ -1281,7 +1248,6 @@ fi
|
||||
|
||||
%license base/kra/LICENSE
|
||||
%{_javadir}/pki/pki-kra.jar
|
||||
%dir %{_datadir}/pki/kra
|
||||
%{_datadir}/pki/kra/
|
||||
|
||||
# with kra
|
||||
@ -1294,7 +1260,6 @@ fi
|
||||
|
||||
%license base/ocsp/LICENSE
|
||||
%{_javadir}/pki/pki-ocsp.jar
|
||||
%dir %{_datadir}/pki/ocsp
|
||||
%{_datadir}/pki/ocsp/
|
||||
|
||||
# with ocsp
|
||||
@ -1307,7 +1272,6 @@ fi
|
||||
|
||||
%license base/tks/LICENSE
|
||||
%{_javadir}/pki/pki-tks.jar
|
||||
%dir %{_datadir}/pki/tks
|
||||
%{_datadir}/pki/tks/
|
||||
|
||||
# with tks
|
||||
@ -1320,7 +1284,6 @@ fi
|
||||
|
||||
%license base/tps/LICENSE
|
||||
%{_javadir}/pki/pki-tps.jar
|
||||
%dir %{_datadir}/pki/tps
|
||||
%{_datadir}/pki/tps/
|
||||
%{_mandir}/man5/pki-tps-connector.5.gz
|
||||
%{_mandir}/man5/pki-tps-profile.5.gz
|
||||
@ -1399,6 +1362,21 @@ fi
|
||||
|
||||
################################################################################
|
||||
%changelog
|
||||
* Thu Aug 12 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-2
|
||||
- Bug 1992337 - Double issuance of non-CA subsystem certs at installation
|
||||
|
||||
* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-1
|
||||
- Rebase to PKI 10.11.0
|
||||
|
||||
* Mon Jun 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.3
|
||||
- Rebase to PKI 10.11.0-alpha3
|
||||
|
||||
* Thu Jun 03 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.2
|
||||
- Fix JAVA_HOME
|
||||
|
||||
* Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.11.0-0.1
|
||||
- Rebase to PKI 10.11.0-alpha2
|
||||
|
||||
* Mon Feb 08 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.4-1
|
||||
- Rebase to PKI 10.10.4
|
||||
- Bug 1664435 - Error instantiating class for challenge_password with SCEP request
|
||||
|
Loading…
Reference in New Issue
Block a user