import pki-core-11.3.0-1.el9

This commit is contained in:
CentOS Sources 2023-03-28 11:36:20 +00:00 committed by Stepan Oksanichenko
parent 1ba14c7b25
commit e2fd62759c
3 changed files with 136 additions and 109 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/pki-11.2.1.tar.gz SOURCES/pki-11.3.0.tar.gz

View File

@ -1 +1 @@
b38832fe7b4778f70a8622d203e754ff931c85c5 SOURCES/pki-11.2.1.tar.gz b1c586a9698fa27521222d7c384e2181fddcda80 SOURCES/pki-11.3.0.tar.gz

View File

@ -8,8 +8,8 @@ Name: pki-core
# Upstream version number: # Upstream version number:
%global major_version 11 %global major_version 11
%global minor_version 2 %global minor_version 3
%global update_version 1 %global update_version 0
# Downstream release number: # Downstream release number:
# - development/stabilization (unsupported): 0.<n> where n >= 1 # - development/stabilization (unsupported): 0.<n> where n >= 1
@ -20,7 +20,7 @@ Name: pki-core
# - development (unsupported): alpha<n> where n >= 1 # - development (unsupported): alpha<n> where n >= 1
# - stabilization (unsupported): beta<n> where n >= 1 # - stabilization (unsupported): beta<n> where n >= 1
# - GA/update (supported): <none> # - GA/update (supported): <none>
%undefine phase #global phase
%undefine timestamp %undefine timestamp
%undefine commit_id %undefine commit_id
@ -47,14 +47,17 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?phase:-}%{?phase}
# > pki-VERSION-RELEASE.patch # > pki-VERSION-RELEASE.patch
# Patch: pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch
# Java 17 and md2man are not available on i686 %if 0%{?fedora} && 0%{?fedora} > 35
ExclusiveArch: %{java_arches}
%else
ExcludeArch: i686 ExcludeArch: i686
%endif
################################################################################ ################################################################################
# NSS # PKCS #11 Kit Trust
################################################################################ ################################################################################
%global nss_default_db_type sql %global p11_kit_trust /usr/lib64/pkcs11/p11-kit-trust.so
################################################################################ ################################################################################
# Python # Python
@ -66,9 +69,15 @@ ExcludeArch: i686
# Java # Java
################################################################################ ################################################################################
%define java_devel java-17-openjdk-devel %global java_devel java-17-openjdk-devel
%define java_headless java-17-openjdk-headless %global java_headless java-17-openjdk-headless
%define java_home %{_jvmdir}/jre-17-openjdk %global java_home %{_jvmdir}/jre-17-openjdk
################################################################################
# Application Server
################################################################################
%global app_server tomcat-9.0
################################################################################ ################################################################################
# PKI # PKI
@ -77,44 +86,26 @@ ExcludeArch: i686
# Execute unit tests unless --without test is specified. # Execute unit tests unless --without test is specified.
%bcond_without test %bcond_without test
# Don't build console unless --with console is specified. # Build the package unless --without <package> is specified.
%bcond_without base
%bcond_without server
%bcond_without acme
%bcond_without ca
%bcond_without est
%bcond_without kra
# Do not build the following packages for pki-core.
%bcond_with console %bcond_with console
%bcond_with ocsp
# By default all packages will be built except the ones specified with %bcond_with tks
# --without <package> option (exclusion method). %bcond_with tps
%bcond_with javadoc
# If --with pkgs option is specified, only packages specified with %bcond_with theme
# --with <package> will be built (inclusion method). %bcond_with meta
%bcond_with tests
%bcond_with pkgs %bcond_with debug
# Define package_option macro to wrap bcond_with or bcond_without macro
# depending on package selection method.
%if %{with pkgs}
%define package_option() %bcond_with %1
%else
%define package_option() %bcond_without %1
%endif
# Define --with <package> or --without <package> options depending on
# package selection method.
%package_option base
%package_option server
%package_option acme
%package_option ca
%package_option kra
# NOTE: Do not build the following packages for pki-core
# package_option ocsp
# package_option tks
# package_option tps
# package_option javadoc
# package_option theme
# package_option meta
# package_option tests
# package_option debug
%if ! %{with debug} %if ! %{with debug}
%define debug_package %{nil} %define debug_package %{nil}
@ -163,7 +154,7 @@ BuildRequires: gcc-c++
BuildRequires: zip BuildRequires: zip
BuildRequires: %{java_devel} BuildRequires: %{java_devel}
BuildRequires: javapackages-tools BuildRequires: javapackages-tools
BuildRequires: redhat-rpm-config
BuildRequires: apache-commons-cli BuildRequires: apache-commons-cli
BuildRequires: apache-commons-codec BuildRequires: apache-commons-codec
BuildRequires: apache-commons-io BuildRequires: apache-commons-io
@ -196,9 +187,9 @@ BuildRequires: python3-six
BuildRequires: junit BuildRequires: junit
BuildRequires: jpackage-utils >= 0:1.7.5-10 BuildRequires: jpackage-utils >= 0:1.7.5-10
BuildRequires: jss >= 5.2.0 BuildRequires: jss = 5.3
BuildRequires: tomcatjss >= 8.2.0 BuildRequires: tomcatjss = 8.3
BuildRequires: ldapjdk >= 5.2.0 BuildRequires: ldapjdk = 5.3
BuildRequires: systemd-units BuildRequires: systemd-units
@ -214,7 +205,6 @@ BuildRequires: apr-devel
BuildRequires: apr-util-devel BuildRequires: apr-util-devel
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
BuildRequires: httpd-devel >= 2.4.2 BuildRequires: httpd-devel >= 2.4.2
BuildRequires: pcre-devel
BuildRequires: systemd BuildRequires: systemd
BuildRequires: zlib BuildRequires: zlib
BuildRequires: zlib-devel BuildRequires: zlib-devel
@ -261,7 +251,7 @@ Summary: %{product_name} Package
%endif %endif
Obsoletes: pki-symkey < %{version} Obsoletes: pki-symkey < %{version}
Obsoletes: %{product_id}-pki-symkey < %{version} Obsoletes: %{product_id}-symkey < %{version}
Obsoletes: pki-console < %{version} Obsoletes: pki-console < %{version}
Obsoletes: pki-console-theme < %{version} Obsoletes: pki-console-theme < %{version}
Obsoletes: idm-console-framework < 2.0 Obsoletes: idm-console-framework < 2.0
@ -274,6 +264,7 @@ Requires: %{product_id}-theme = %{version}-%{release}
# of ALL PKI core packages # of ALL PKI core packages
Requires: %{product_id}-acme = %{version}-%{release} Requires: %{product_id}-acme = %{version}-%{release}
Requires: %{product_id}-ca = %{version}-%{release} Requires: %{product_id}-ca = %{version}-%{release}
Requires: %{product_id}-est = %{version}-%{release}
Requires: %{product_id}-kra = %{version}-%{release} Requires: %{product_id}-kra = %{version}-%{release}
Requires: %{product_id}-ocsp = %{version}-%{release} Requires: %{product_id}-ocsp = %{version}-%{release}
Requires: %{product_id}-tks = %{version}-%{release} Requires: %{product_id}-tks = %{version}-%{release}
@ -382,8 +373,8 @@ Requires: apache-commons-net
Requires: slf4j Requires: slf4j
Requires: slf4j-jdk14 Requires: slf4j-jdk14
Requires: jpackage-utils >= 0:1.7.5-10 Requires: jpackage-utils >= 0:1.7.5-10
Requires: jss >= 5.2.0 Requires: jss = 5.3
Requires: ldapjdk >= 5.2.0 Requires: ldapjdk = 5.3
Requires: %{product_id}-base = %{version}-%{release} Requires: %{product_id}-base = %{version}-%{release}
Requires: resteasy-client >= 3.0.17-1 Requires: resteasy-client >= 3.0.17-1
Requires: resteasy-core >= 3.0.17-1 Requires: resteasy-core >= 3.0.17-1
@ -459,7 +450,7 @@ Requires: systemd
Requires(post): systemd-units Requires(post): systemd-units
Requires(postun): systemd-units Requires(postun): systemd-units
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires: tomcatjss >= 8.2.0 Requires: tomcatjss = 8.3
# pki-healthcheck depends on the following library # pki-healthcheck depends on the following library
%if 0%{?rhel} %if 0%{?rhel}
@ -535,6 +526,26 @@ where it obtains its own signing certificate from a public CA.
# with ca # with ca
%endif %endif
%if %{with est}
################################################################################
%package -n %{product_id}-est
################################################################################
Summary: %{product_name} EST Package
BuildArch: noarch
Obsoletes: pki-est < %{version}-%{release}
Provides: pki-est = %{version}-%{release}
Requires: %{product_id}-server = %{version}-%{release}
%description -n %{product_id}-est
%{product_name} EST subsystem provides an Enrollment over
Secure Transport (RFC 7030) service.
# with est
%endif
%if %{with kra} %if %{with kra}
################################################################################ ################################################################################
%package -n %{product_id}-kra %package -n %{product_id}-kra
@ -804,65 +815,58 @@ This package provides test suite for %{product_name}.
%build %build
################################################################################ ################################################################################
# assume tomcat app_server # Set build flags for CMake
app_server=tomcat-9.0 # (see /usr/lib/rpm/macros.d/macros.cmake)
%set_build_flags
%cmake \ pkgs=base\
--no-warn-unused-cli \ %{?with_server:,server}\
-DPRODUCT_NAME="%{product_name}" \ %{?with_ca:,ca}\
-DVERSION=%{version}-%{release} \ %{?with_est:,est}\
-DVAR_INSTALL_DIR:PATH=/var \ %{?with_kra:,kra}\
-DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ %{?with_ocsp:,ocsp}\
-DJAVA_HOME=%{java_home} \ %{?with_tks:,tks}\
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ %{?with_tps:,tps}\
-DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ %{?with_acme:,acme}\
-DAPP_SERVER=$app_server \ %{?with_javadoc:,javadoc}\
-DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \ %{?with_theme:,theme}\
-DPYTHON_EXECUTABLE=%{python_executable} \ %{?with_meta:,meta}\
-DWITH_SERVER:BOOL=%{?with_server:ON}%{!?with_server:OFF} \ %{?with_tests:,tests}\
-DWITH_CA:BOOL=%{?with_ca:ON}%{!?with_ca:OFF} \ %{?with_debug:,debug}
-DWITH_KRA:BOOL=%{?with_kra:ON}%{!?with_kra:OFF} \
-DWITH_OCSP:BOOL=%{?with_ocsp:ON}%{!?with_ocsp:OFF} \
-DWITH_TKS:BOOL=%{?with_tks:ON}%{!?with_tks:OFF} \
-DWITH_TPS:BOOL=%{?with_tps:ON}%{!?with_tps:OFF} \
-DWITH_ACME:BOOL=%{?with_acme:ON}%{!?with_acme:OFF} \
-DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
-DWITH_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
-DWITH_TESTS:BOOL=%{?with_tests:ON}%{!?with_tests:OFF} \
-DWITH_META:BOOL=%{?with_meta:ON}%{!?with_meta:OFF} \
-DTHEME=%{?with_theme:%{theme}} \
-DRUN_TESTS:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
-B %{_vpath_builddir}
cd %{_vpath_builddir} ./build.sh \
%{?_verbose:-v} \
# Do not use _smp_mflags to preserve build order --product-name="%{product_name}" \
%{__make} \ --product-id=%{product_id} \
VERBOSE=%{?_verbose} \ %if %{with theme}
CMAKE_NO_VERBOSE=1 \ --theme=%{theme} \
DESTDIR=%{buildroot} \ %endif
INSTALL="install -p" \ --work-dir=%{_vpath_builddir} \
--no-print-directory \ --prefix-dir=%{_prefix} \
all --include-dir=%{_includedir} \
--lib-dir=%{_libdir} \
--sysconf-dir=%{_sysconfdir} \
--share-dir=%{_datadir} \
--cmake=%{__cmake} \
--java-home=%{java_home} \
--jni-dir=%{_jnidir} \
--unit-dir=%{_unitdir} \
--python=%{python_executable} \
--with-pkgs=$pkgs \
%{?with_console:--with-console} \
%{!?with_test:--without-test} \
dist
################################################################################ ################################################################################
%install %install
################################################################################ ################################################################################
cd %{_vpath_builddir} ./build.sh \
%{?_verbose:-v} \
%{__make} \ --work-dir=%{_vpath_builddir} \
VERBOSE=%{?_verbose} \ --install-dir=%{buildroot} \
CMAKE_NO_VERBOSE=1 \
DESTDIR=%{buildroot} \
INSTALL="install -p" \
--no-print-directory \
install install
%if %{with tests}
ctest --output-on-failure
%endif
%if %{with server} %if %{with server}
%pre -n %{product_id}-server %pre -n %{product_id}-server
@ -968,7 +972,6 @@ fi
%{_datadir}/pki/examples/java/ %{_datadir}/pki/examples/java/
%{_datadir}/pki/lib/*.jar %{_datadir}/pki/lib/*.jar
%dir %{_javadir}/pki %dir %{_javadir}/pki
%{_javadir}/pki/pki-cmsutil.jar
%{_javadir}/pki/pki-certsrv.jar %{_javadir}/pki/pki-certsrv.jar
################################################################################ ################################################################################
@ -1091,7 +1094,6 @@ fi
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target %attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
%{_javadir}/pki/pki-cms.jar %{_javadir}/pki/pki-cms.jar
%{_javadir}/pki/pki-cmsbundle.jar
%{_javadir}/pki/pki-tomcat.jar %{_javadir}/pki/pki-tomcat.jar
%dir %{_sharedstatedir}/pki %dir %{_sharedstatedir}/pki
%{_mandir}/man1/pkidaemon.1.gz %{_mandir}/man1/pkidaemon.1.gz
@ -1103,6 +1105,7 @@ fi
%{_mandir}/man8/pkispawn.8.gz %{_mandir}/man8/pkispawn.8.gz
%{_mandir}/man8/pki-server.8.gz %{_mandir}/man8/pki-server.8.gz
%{_mandir}/man8/pki-server-acme.8.gz %{_mandir}/man8/pki-server-acme.8.gz
%{_mandir}/man8/pki-server-est.8.gz
%{_mandir}/man8/pki-server-instance.8.gz %{_mandir}/man8/pki-server-instance.8.gz
%{_mandir}/man8/pki-server-subsystem.8.gz %{_mandir}/man8/pki-server-subsystem.8.gz
%{_mandir}/man8/pki-server-nuxwdog.8.gz %{_mandir}/man8/pki-server-nuxwdog.8.gz
@ -1143,6 +1146,17 @@ fi
# with ca # with ca
%endif %endif
%if %{with est}
################################################################################
%files -n %{product_id}-est
################################################################################
%{_javadir}/pki/pki-est.jar
%{_datadir}/pki/est/
# with est
%endif
%if %{with kra} %if %{with kra}
################################################################################ ################################################################################
%files -n %{product_id}-kra %files -n %{product_id}-kra
@ -1260,6 +1274,19 @@ fi
################################################################################ ################################################################################
%changelog %changelog
* Mon Jan 30 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.3.0-1
- Rebase to PKI 11.3.0
- Bug #2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied
- Bug #2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
* Wed Nov 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.3.0-0.2.beta1
- Rebase to PKI 11.3.0-beta1
- Bug #1849834 - [RFE] Provide EST Responder (RFC 7030)
- Bug #1883477 - [RFE] Automatic expired certificate purging
- Bug #2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision
- Bug #2106452 - softhsm2: Unable to create cert: Private key not found
- Bug #2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygen_DirUserCert profile
* Thu Aug 04 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.2.1-1 * Thu Aug 04 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.2.1-1
- Rebase to PKI 11.2.1 - Rebase to PKI 11.2.1
- Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0] - Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0]