import pki-core-11.3.0-1.el9
This commit is contained in:
parent
1ba14c7b25
commit
e2fd62759c
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/pki-11.2.1.tar.gz
|
SOURCES/pki-11.3.0.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
b38832fe7b4778f70a8622d203e754ff931c85c5 SOURCES/pki-11.2.1.tar.gz
|
b1c586a9698fa27521222d7c384e2181fddcda80 SOURCES/pki-11.3.0.tar.gz
|
||||||
|
@ -8,8 +8,8 @@ Name: pki-core
|
|||||||
|
|
||||||
# Upstream version number:
|
# Upstream version number:
|
||||||
%global major_version 11
|
%global major_version 11
|
||||||
%global minor_version 2
|
%global minor_version 3
|
||||||
%global update_version 1
|
%global update_version 0
|
||||||
|
|
||||||
# Downstream release number:
|
# Downstream release number:
|
||||||
# - development/stabilization (unsupported): 0.<n> where n >= 1
|
# - development/stabilization (unsupported): 0.<n> where n >= 1
|
||||||
@ -20,7 +20,7 @@ Name: pki-core
|
|||||||
# - development (unsupported): alpha<n> where n >= 1
|
# - development (unsupported): alpha<n> where n >= 1
|
||||||
# - stabilization (unsupported): beta<n> where n >= 1
|
# - stabilization (unsupported): beta<n> where n >= 1
|
||||||
# - GA/update (supported): <none>
|
# - GA/update (supported): <none>
|
||||||
%undefine phase
|
#global phase
|
||||||
|
|
||||||
%undefine timestamp
|
%undefine timestamp
|
||||||
%undefine commit_id
|
%undefine commit_id
|
||||||
@ -47,14 +47,17 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?phase:-}%{?phase}
|
|||||||
# > pki-VERSION-RELEASE.patch
|
# > pki-VERSION-RELEASE.patch
|
||||||
# Patch: pki-VERSION-RELEASE.patch
|
# Patch: pki-VERSION-RELEASE.patch
|
||||||
|
|
||||||
# Java 17 and md2man are not available on i686
|
%if 0%{?fedora} && 0%{?fedora} > 35
|
||||||
|
ExclusiveArch: %{java_arches}
|
||||||
|
%else
|
||||||
ExcludeArch: i686
|
ExcludeArch: i686
|
||||||
|
%endif
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# NSS
|
# PKCS #11 Kit Trust
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
%global nss_default_db_type sql
|
%global p11_kit_trust /usr/lib64/pkcs11/p11-kit-trust.so
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Python
|
# Python
|
||||||
@ -66,9 +69,15 @@ ExcludeArch: i686
|
|||||||
# Java
|
# Java
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
%define java_devel java-17-openjdk-devel
|
%global java_devel java-17-openjdk-devel
|
||||||
%define java_headless java-17-openjdk-headless
|
%global java_headless java-17-openjdk-headless
|
||||||
%define java_home %{_jvmdir}/jre-17-openjdk
|
%global java_home %{_jvmdir}/jre-17-openjdk
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
# Application Server
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
%global app_server tomcat-9.0
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# PKI
|
# PKI
|
||||||
@ -77,44 +86,26 @@ ExcludeArch: i686
|
|||||||
# Execute unit tests unless --without test is specified.
|
# Execute unit tests unless --without test is specified.
|
||||||
%bcond_without test
|
%bcond_without test
|
||||||
|
|
||||||
# Don't build console unless --with console is specified.
|
# Build the package unless --without <package> is specified.
|
||||||
|
|
||||||
|
%bcond_without base
|
||||||
|
%bcond_without server
|
||||||
|
%bcond_without acme
|
||||||
|
%bcond_without ca
|
||||||
|
%bcond_without est
|
||||||
|
%bcond_without kra
|
||||||
|
|
||||||
|
# Do not build the following packages for pki-core.
|
||||||
|
|
||||||
%bcond_with console
|
%bcond_with console
|
||||||
|
%bcond_with ocsp
|
||||||
# By default all packages will be built except the ones specified with
|
%bcond_with tks
|
||||||
# --without <package> option (exclusion method).
|
%bcond_with tps
|
||||||
|
%bcond_with javadoc
|
||||||
# If --with pkgs option is specified, only packages specified with
|
%bcond_with theme
|
||||||
# --with <package> will be built (inclusion method).
|
%bcond_with meta
|
||||||
|
%bcond_with tests
|
||||||
%bcond_with pkgs
|
%bcond_with debug
|
||||||
|
|
||||||
# Define package_option macro to wrap bcond_with or bcond_without macro
|
|
||||||
# depending on package selection method.
|
|
||||||
|
|
||||||
%if %{with pkgs}
|
|
||||||
%define package_option() %bcond_with %1
|
|
||||||
%else
|
|
||||||
%define package_option() %bcond_without %1
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Define --with <package> or --without <package> options depending on
|
|
||||||
# package selection method.
|
|
||||||
|
|
||||||
%package_option base
|
|
||||||
%package_option server
|
|
||||||
%package_option acme
|
|
||||||
%package_option ca
|
|
||||||
%package_option kra
|
|
||||||
|
|
||||||
# NOTE: Do not build the following packages for pki-core
|
|
||||||
# package_option ocsp
|
|
||||||
# package_option tks
|
|
||||||
# package_option tps
|
|
||||||
# package_option javadoc
|
|
||||||
# package_option theme
|
|
||||||
# package_option meta
|
|
||||||
# package_option tests
|
|
||||||
# package_option debug
|
|
||||||
|
|
||||||
%if ! %{with debug}
|
%if ! %{with debug}
|
||||||
%define debug_package %{nil}
|
%define debug_package %{nil}
|
||||||
@ -163,7 +154,7 @@ BuildRequires: gcc-c++
|
|||||||
BuildRequires: zip
|
BuildRequires: zip
|
||||||
BuildRequires: %{java_devel}
|
BuildRequires: %{java_devel}
|
||||||
BuildRequires: javapackages-tools
|
BuildRequires: javapackages-tools
|
||||||
BuildRequires: redhat-rpm-config
|
|
||||||
BuildRequires: apache-commons-cli
|
BuildRequires: apache-commons-cli
|
||||||
BuildRequires: apache-commons-codec
|
BuildRequires: apache-commons-codec
|
||||||
BuildRequires: apache-commons-io
|
BuildRequires: apache-commons-io
|
||||||
@ -196,9 +187,9 @@ BuildRequires: python3-six
|
|||||||
|
|
||||||
BuildRequires: junit
|
BuildRequires: junit
|
||||||
BuildRequires: jpackage-utils >= 0:1.7.5-10
|
BuildRequires: jpackage-utils >= 0:1.7.5-10
|
||||||
BuildRequires: jss >= 5.2.0
|
BuildRequires: jss = 5.3
|
||||||
BuildRequires: tomcatjss >= 8.2.0
|
BuildRequires: tomcatjss = 8.3
|
||||||
BuildRequires: ldapjdk >= 5.2.0
|
BuildRequires: ldapjdk = 5.3
|
||||||
|
|
||||||
BuildRequires: systemd-units
|
BuildRequires: systemd-units
|
||||||
|
|
||||||
@ -214,7 +205,6 @@ BuildRequires: apr-devel
|
|||||||
BuildRequires: apr-util-devel
|
BuildRequires: apr-util-devel
|
||||||
BuildRequires: cyrus-sasl-devel
|
BuildRequires: cyrus-sasl-devel
|
||||||
BuildRequires: httpd-devel >= 2.4.2
|
BuildRequires: httpd-devel >= 2.4.2
|
||||||
BuildRequires: pcre-devel
|
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
BuildRequires: zlib
|
BuildRequires: zlib
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
@ -261,7 +251,7 @@ Summary: %{product_name} Package
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Obsoletes: pki-symkey < %{version}
|
Obsoletes: pki-symkey < %{version}
|
||||||
Obsoletes: %{product_id}-pki-symkey < %{version}
|
Obsoletes: %{product_id}-symkey < %{version}
|
||||||
Obsoletes: pki-console < %{version}
|
Obsoletes: pki-console < %{version}
|
||||||
Obsoletes: pki-console-theme < %{version}
|
Obsoletes: pki-console-theme < %{version}
|
||||||
Obsoletes: idm-console-framework < 2.0
|
Obsoletes: idm-console-framework < 2.0
|
||||||
@ -274,6 +264,7 @@ Requires: %{product_id}-theme = %{version}-%{release}
|
|||||||
# of ALL PKI core packages
|
# of ALL PKI core packages
|
||||||
Requires: %{product_id}-acme = %{version}-%{release}
|
Requires: %{product_id}-acme = %{version}-%{release}
|
||||||
Requires: %{product_id}-ca = %{version}-%{release}
|
Requires: %{product_id}-ca = %{version}-%{release}
|
||||||
|
Requires: %{product_id}-est = %{version}-%{release}
|
||||||
Requires: %{product_id}-kra = %{version}-%{release}
|
Requires: %{product_id}-kra = %{version}-%{release}
|
||||||
Requires: %{product_id}-ocsp = %{version}-%{release}
|
Requires: %{product_id}-ocsp = %{version}-%{release}
|
||||||
Requires: %{product_id}-tks = %{version}-%{release}
|
Requires: %{product_id}-tks = %{version}-%{release}
|
||||||
@ -382,8 +373,8 @@ Requires: apache-commons-net
|
|||||||
Requires: slf4j
|
Requires: slf4j
|
||||||
Requires: slf4j-jdk14
|
Requires: slf4j-jdk14
|
||||||
Requires: jpackage-utils >= 0:1.7.5-10
|
Requires: jpackage-utils >= 0:1.7.5-10
|
||||||
Requires: jss >= 5.2.0
|
Requires: jss = 5.3
|
||||||
Requires: ldapjdk >= 5.2.0
|
Requires: ldapjdk = 5.3
|
||||||
Requires: %{product_id}-base = %{version}-%{release}
|
Requires: %{product_id}-base = %{version}-%{release}
|
||||||
Requires: resteasy-client >= 3.0.17-1
|
Requires: resteasy-client >= 3.0.17-1
|
||||||
Requires: resteasy-core >= 3.0.17-1
|
Requires: resteasy-core >= 3.0.17-1
|
||||||
@ -459,7 +450,7 @@ Requires: systemd
|
|||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires: tomcatjss >= 8.2.0
|
Requires: tomcatjss = 8.3
|
||||||
|
|
||||||
# pki-healthcheck depends on the following library
|
# pki-healthcheck depends on the following library
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
@ -535,6 +526,26 @@ where it obtains its own signing certificate from a public CA.
|
|||||||
# with ca
|
# with ca
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{with est}
|
||||||
|
################################################################################
|
||||||
|
%package -n %{product_id}-est
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
Summary: %{product_name} EST Package
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
Obsoletes: pki-est < %{version}-%{release}
|
||||||
|
Provides: pki-est = %{version}-%{release}
|
||||||
|
|
||||||
|
Requires: %{product_id}-server = %{version}-%{release}
|
||||||
|
|
||||||
|
%description -n %{product_id}-est
|
||||||
|
%{product_name} EST subsystem provides an Enrollment over
|
||||||
|
Secure Transport (RFC 7030) service.
|
||||||
|
|
||||||
|
# with est
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with kra}
|
%if %{with kra}
|
||||||
################################################################################
|
################################################################################
|
||||||
%package -n %{product_id}-kra
|
%package -n %{product_id}-kra
|
||||||
@ -804,65 +815,58 @@ This package provides test suite for %{product_name}.
|
|||||||
%build
|
%build
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
# assume tomcat app_server
|
# Set build flags for CMake
|
||||||
app_server=tomcat-9.0
|
# (see /usr/lib/rpm/macros.d/macros.cmake)
|
||||||
|
%set_build_flags
|
||||||
|
|
||||||
%cmake \
|
pkgs=base\
|
||||||
--no-warn-unused-cli \
|
%{?with_server:,server}\
|
||||||
-DPRODUCT_NAME="%{product_name}" \
|
%{?with_ca:,ca}\
|
||||||
-DVERSION=%{version}-%{release} \
|
%{?with_est:,est}\
|
||||||
-DVAR_INSTALL_DIR:PATH=/var \
|
%{?with_kra:,kra}\
|
||||||
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
|
%{?with_ocsp:,ocsp}\
|
||||||
-DJAVA_HOME=%{java_home} \
|
%{?with_tks:,tks}\
|
||||||
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
|
%{?with_tps:,tps}\
|
||||||
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
|
%{?with_acme:,acme}\
|
||||||
-DAPP_SERVER=$app_server \
|
%{?with_javadoc:,javadoc}\
|
||||||
-DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \
|
%{?with_theme:,theme}\
|
||||||
-DPYTHON_EXECUTABLE=%{python_executable} \
|
%{?with_meta:,meta}\
|
||||||
-DWITH_SERVER:BOOL=%{?with_server:ON}%{!?with_server:OFF} \
|
%{?with_tests:,tests}\
|
||||||
-DWITH_CA:BOOL=%{?with_ca:ON}%{!?with_ca:OFF} \
|
%{?with_debug:,debug}
|
||||||
-DWITH_KRA:BOOL=%{?with_kra:ON}%{!?with_kra:OFF} \
|
|
||||||
-DWITH_OCSP:BOOL=%{?with_ocsp:ON}%{!?with_ocsp:OFF} \
|
|
||||||
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
|
|
||||||
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
|
|
||||||
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
|
|
||||||
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
|
|
||||||
-DWITH_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
|
|
||||||
-DWITH_TESTS:BOOL=%{?with_tests:ON}%{!?with_tests:OFF} \
|
|
||||||
-DWITH_META:BOOL=%{?with_meta:ON}%{!?with_meta:OFF} \
|
|
||||||
-DTHEME=%{?with_theme:%{theme}} \
|
|
||||||
-DRUN_TESTS:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
|
|
||||||
-B %{_vpath_builddir}
|
|
||||||
|
|
||||||
cd %{_vpath_builddir}
|
./build.sh \
|
||||||
|
%{?_verbose:-v} \
|
||||||
# Do not use _smp_mflags to preserve build order
|
--product-name="%{product_name}" \
|
||||||
%{__make} \
|
--product-id=%{product_id} \
|
||||||
VERBOSE=%{?_verbose} \
|
%if %{with theme}
|
||||||
CMAKE_NO_VERBOSE=1 \
|
--theme=%{theme} \
|
||||||
DESTDIR=%{buildroot} \
|
%endif
|
||||||
INSTALL="install -p" \
|
--work-dir=%{_vpath_builddir} \
|
||||||
--no-print-directory \
|
--prefix-dir=%{_prefix} \
|
||||||
all
|
--include-dir=%{_includedir} \
|
||||||
|
--lib-dir=%{_libdir} \
|
||||||
|
--sysconf-dir=%{_sysconfdir} \
|
||||||
|
--share-dir=%{_datadir} \
|
||||||
|
--cmake=%{__cmake} \
|
||||||
|
--java-home=%{java_home} \
|
||||||
|
--jni-dir=%{_jnidir} \
|
||||||
|
--unit-dir=%{_unitdir} \
|
||||||
|
--python=%{python_executable} \
|
||||||
|
--with-pkgs=$pkgs \
|
||||||
|
%{?with_console:--with-console} \
|
||||||
|
%{!?with_test:--without-test} \
|
||||||
|
dist
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
%install
|
%install
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
cd %{_vpath_builddir}
|
./build.sh \
|
||||||
|
%{?_verbose:-v} \
|
||||||
%{__make} \
|
--work-dir=%{_vpath_builddir} \
|
||||||
VERBOSE=%{?_verbose} \
|
--install-dir=%{buildroot} \
|
||||||
CMAKE_NO_VERBOSE=1 \
|
|
||||||
DESTDIR=%{buildroot} \
|
|
||||||
INSTALL="install -p" \
|
|
||||||
--no-print-directory \
|
|
||||||
install
|
install
|
||||||
|
|
||||||
%if %{with tests}
|
|
||||||
ctest --output-on-failure
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with server}
|
%if %{with server}
|
||||||
|
|
||||||
%pre -n %{product_id}-server
|
%pre -n %{product_id}-server
|
||||||
@ -968,7 +972,6 @@ fi
|
|||||||
%{_datadir}/pki/examples/java/
|
%{_datadir}/pki/examples/java/
|
||||||
%{_datadir}/pki/lib/*.jar
|
%{_datadir}/pki/lib/*.jar
|
||||||
%dir %{_javadir}/pki
|
%dir %{_javadir}/pki
|
||||||
%{_javadir}/pki/pki-cmsutil.jar
|
|
||||||
%{_javadir}/pki/pki-certsrv.jar
|
%{_javadir}/pki/pki-certsrv.jar
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
@ -1091,7 +1094,6 @@ fi
|
|||||||
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
|
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
|
||||||
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
|
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
|
||||||
%{_javadir}/pki/pki-cms.jar
|
%{_javadir}/pki/pki-cms.jar
|
||||||
%{_javadir}/pki/pki-cmsbundle.jar
|
|
||||||
%{_javadir}/pki/pki-tomcat.jar
|
%{_javadir}/pki/pki-tomcat.jar
|
||||||
%dir %{_sharedstatedir}/pki
|
%dir %{_sharedstatedir}/pki
|
||||||
%{_mandir}/man1/pkidaemon.1.gz
|
%{_mandir}/man1/pkidaemon.1.gz
|
||||||
@ -1103,6 +1105,7 @@ fi
|
|||||||
%{_mandir}/man8/pkispawn.8.gz
|
%{_mandir}/man8/pkispawn.8.gz
|
||||||
%{_mandir}/man8/pki-server.8.gz
|
%{_mandir}/man8/pki-server.8.gz
|
||||||
%{_mandir}/man8/pki-server-acme.8.gz
|
%{_mandir}/man8/pki-server-acme.8.gz
|
||||||
|
%{_mandir}/man8/pki-server-est.8.gz
|
||||||
%{_mandir}/man8/pki-server-instance.8.gz
|
%{_mandir}/man8/pki-server-instance.8.gz
|
||||||
%{_mandir}/man8/pki-server-subsystem.8.gz
|
%{_mandir}/man8/pki-server-subsystem.8.gz
|
||||||
%{_mandir}/man8/pki-server-nuxwdog.8.gz
|
%{_mandir}/man8/pki-server-nuxwdog.8.gz
|
||||||
@ -1143,6 +1146,17 @@ fi
|
|||||||
# with ca
|
# with ca
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{with est}
|
||||||
|
################################################################################
|
||||||
|
%files -n %{product_id}-est
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
%{_javadir}/pki/pki-est.jar
|
||||||
|
%{_datadir}/pki/est/
|
||||||
|
|
||||||
|
# with est
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{with kra}
|
%if %{with kra}
|
||||||
################################################################################
|
################################################################################
|
||||||
%files -n %{product_id}-kra
|
%files -n %{product_id}-kra
|
||||||
@ -1260,6 +1274,19 @@ fi
|
|||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 30 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.3.0-1
|
||||||
|
- Rebase to PKI 11.3.0
|
||||||
|
- Bug #2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied
|
||||||
|
- Bug #2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
|
||||||
|
|
||||||
|
* Wed Nov 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.3.0-0.2.beta1
|
||||||
|
- Rebase to PKI 11.3.0-beta1
|
||||||
|
- Bug #1849834 - [RFE] Provide EST Responder (RFC 7030)
|
||||||
|
- Bug #1883477 - [RFE] Automatic expired certificate purging
|
||||||
|
- Bug #2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision
|
||||||
|
- Bug #2106452 - softhsm2: Unable to create cert: Private key not found
|
||||||
|
- Bug #2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygen_DirUserCert profile
|
||||||
|
|
||||||
* Thu Aug 04 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.2.1-1
|
* Thu Aug 04 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.2.1-1
|
||||||
- Rebase to PKI 11.2.1
|
- Rebase to PKI 11.2.1
|
||||||
- Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0]
|
- Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0]
|
||||||
|
Loading…
Reference in New Issue
Block a user