commit b9a06cdc2c4d40ee86d5bf339be3395b35b380f0 Author: James Antill Date: Mon Aug 8 13:56:22 2022 -0400 Import rpm: 4403c5590caf33848b96f43bb37d9572f9b693c2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b210af9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/tomcatjss-7.7.1.tar.gz diff --git a/copr-build.sh b/copr-build.sh new file mode 100755 index 0000000..156c705 --- /dev/null +++ b/copr-build.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +REPO=$1 + +if [ "$REPO" == "" ]; then + REPO="pki-10.6" +fi + +fedpkg copr-build --nowait $REPO diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..388958f --- /dev/null +++ b/gating.yaml @@ -0,0 +1,7 @@ +# recipients: rhcs-team +--- !Policy +product_versions: + - rhel-9 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/sources b/sources new file mode 100644 index 0000000..e5e2eb7 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA1 (tomcatjss-7.7.1.tar.gz) = a57bb5294890c2ddb5e62eb1e9c316d5deb95794 diff --git a/sources-update.sh b/sources-update.sh new file mode 100755 index 0000000..96129ca --- /dev/null +++ b/sources-update.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +SOURCE=$1 +TARGET=`basename $1` + +cp $SOURCE $TARGET +sha512sum --tag $TARGET > sources diff --git a/tests/roles/Test_Setup/files/ca.cfg b/tests/roles/Test_Setup/files/ca.cfg new file mode 100644 index 0000000..158c1d5 --- /dev/null +++ b/tests/roles/Test_Setup/files/ca.cfg @@ -0,0 +1,25 @@ +[DEFAULT] +pki_server_database_password=Secret.123 + +[CA] +pki_admin_email=caadmin@example.com +pki_admin_name=caadmin +pki_admin_nickname=caadmin +pki_admin_password=Secret.123 +pki_admin_uid=caadmin + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com +pki_ds_database=ca +pki_ds_password=Secret.123 + +pki_security_domain_name=EXAMPLE + +pki_ca_signing_nickname=ca_signing +pki_ocsp_signing_nickname=ca_ocsp_signing +pki_audit_signing_nickname=ca_audit_signing +pki_sslserver_nickname=sslserver +pki_subsystem_nickname=subsystem diff --git a/tests/roles/Test_Setup/files/ds-create.sh b/tests/roles/Test_Setup/files/ds-create.sh new file mode 100644 index 0000000..825d83f --- /dev/null +++ b/tests/roles/Test_Setup/files/ds-create.sh @@ -0,0 +1,24 @@ +#!/bin/bash -ex + +# This command needs to be executed as it pulls the machine name +# dynamically. +dscreate create-template /tmp/test_dir/ds.inf + +sed -i \ + -e "s/;instance_name = .*/instance_name = localhost/g" \ + -e "s/;root_password = .*/root_password = Secret.123/g" \ + -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \ + -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \ + /tmp/test_dir/ds.inf + +dscreate from-file /tmp/test_dir/ds.inf + +ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF +dn: dc=example,dc=com +objectClass: domain +dc: example + +dn: dc=pki,dc=example,dc=com +objectClass: domain +dc: pki +EOF diff --git a/tests/roles/Test_Setup/files/kra.cfg b/tests/roles/Test_Setup/files/kra.cfg new file mode 100644 index 0000000..d93f4bb --- /dev/null +++ b/tests/roles/Test_Setup/files/kra.cfg @@ -0,0 +1,27 @@ +[DEFAULT] +pki_server_database_password=Secret.123 + +[KRA] +pki_admin_email=kraadmin@example.com +pki_admin_name=kraadmin +pki_admin_nickname=kraadmin +pki_admin_password=Secret.123 +pki_admin_uid=kraadmin + +pki_client_database_password=Secret.123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret.123 + +pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com +pki_ds_database=kra +pki_ds_password=Secret.123 + +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_security_domain_password=Secret.123 + +pki_storage_nickname=kra_storage +pki_transport_nickname=kra_transport +pki_audit_signing_nickname=kra_audit_signing +pki_sslserver_nickname=sslserver +pki_subsystem_nickname=subsystem diff --git a/tests/roles/Test_Setup/tasks/main.yml b/tests/roles/Test_Setup/tasks/main.yml new file mode 100644 index 0000000..54a3f49 --- /dev/null +++ b/tests/roles/Test_Setup/tasks/main.yml @@ -0,0 +1,26 @@ +--- + +- name: Install tomcatjss + dnf: + name: > + tomcatjss + +- name: Install required packages + dnf: + name: > + 389-ds-base, pki-ca, pki-kra + +- name: Creates directory + file: path=/tmp/test_files state=directory + +- name: Copying templates to /tmp folder + copy : src=. dest=/tmp/test_dir + +- name: Setup DS Service + shell: sh /tmp/test_dir/ds-create.sh + +- name: Install CA subsystem + shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v + +- name: Install KRA subsystem + shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..fb7a4eb --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,30 @@ +- hosts: localhost + remote_user: root + tags: + - classic + roles: + - role: Test_Setup + - role: standard-test-basic + tests: + - verify_spawn_ca: + dir: . + run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep 'running'" + - verify_spawn_kra: + dir: . + run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'running'" + - destroy_kra: + dir: . + run: "pkidestroy -i pki-tomcat -s KRA && sleep 5" + - verify_destroy_kra: + dir: . + run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'" + - destroy_ca: + dir: . + run: "pkidestroy -i pki-tomcat -s CA" + - verify_destroy_ca: + dir: . + run: "curl http://localhost:8080/ca/admin/ca/getStatus &> testfile.log || true && grep 'Connection refused' testfile.log" + required_packages: + - tomcatjss + - pki-ca + - pki-kra diff --git a/tomcatjss.spec b/tomcatjss.spec new file mode 100644 index 0000000..d6f89a5 --- /dev/null +++ b/tomcatjss.spec @@ -0,0 +1,212 @@ +################################################################################ +Name: tomcatjss +################################################################################ + +Summary: JSS Connector for Apache Tomcat +URL: http://www.dogtagpki.org/wiki/TomcatJSS +License: LGPLv2+ +BuildArch: noarch + +# For development (i.e. unsupported) releases, use x.y.z-0.n.. +# For official (i.e. supported) releases, use x.y.z-r where r >=1. +Version: 7.7.1 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} +#global _phase -alpha1 + +# To generate the source tarball: +# $ git clone https://github.com/dogtagpki/tomcatjss.git +# $ cd tomcatjss +# $ git archive \ +# --format=tar.gz \ +# --prefix tomcatjss-VERSION/ \ +# -o tomcatjss-VERSION.tar.gz \ +# +Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_phase}/tomcatjss-%{version}%{?_phase}.tar.gz + +# To create a patch for all changes since a version tag: +# $ git format-patch \ +# --stdout \ +# \ +# > tomcatjss-VERSION-RELEASE.patch +# Patch: tomcatjss-VERSION-RELEASE.patch + +################################################################################ +# Java +################################################################################ + +%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8 +%define java_devel java-1.8.0-openjdk-devel +%define java_headless java-1.8.0-openjdk-headless +%define java_home /usr/lib/jvm/jre-1.8.0-openjdk +%else +%define java_devel java-11-openjdk-devel +%define java_headless java-11-openjdk-headless +%define java_home /usr/lib/jvm/jre-11-openjdk +%endif + +################################################################################ +# Build Dependencies +################################################################################ + +# jpackage-utils requires versioning to meet both build and runtime requirements +# jss requires versioning to meet both build and runtime requirements +# tomcat requires versioning to meet both build and runtime requirements + +# Java +BuildRequires: ant +BuildRequires: apache-commons-lang3 +BuildRequires: %{java_devel} +BuildRequires: jpackage-utils >= 0:1.7.5-15 + +# SLF4J +BuildRequires: slf4j +BuildRequires: slf4j-jdk14 + +# JSS +BuildRequires: jss >= 4.9.0, jss < 5.0.0 + +# Tomcat +%if 0%{?rhel} && ! 0%{?eln} +BuildRequires: pki-servlet-engine >= 1:9.0.7 +%else +BuildRequires: tomcat >= 1:9.0.7 +%endif + +################################################################################ +# Runtime Dependencies +################################################################################ + +# Java +Requires: apache-commons-lang3 +Requires: %{java_headless} +Requires: jpackage-utils >= 0:1.7.5-15 + +# SLF4J +Requires: slf4j +Requires: slf4j-jdk14 + +# JSS +Requires: jss >= 4.9.0, jss < 5.0.0 + +# Tomcat +%if 0%{?rhel} && ! 0%{?eln} +Requires: pki-servlet-engine >= 1:9.0.7 +%else +Requires: tomcat >= 1:9.0.7 +%endif + +# PKI +Conflicts: pki-base < 10.10.0 + + +%if 0%{?rhel} +# For EPEL, override the '_sharedstatedir' macro on RHEL +%define _sharedstatedir /var/lib +%endif + +%description +JSS Connector for Apache Tomcat, installed via the tomcatjss package, +is a Java Secure Socket Extension (JSSE) module for Apache Tomcat that +uses Java Security Services (JSS), a Java interface to Network Security +Services (NSS). + +################################################################################ +%prep +################################################################################ + +%autosetup -n tomcatjss-%{version}%{?_phase} -p 1 + +################################################################################ +%install +################################################################################ + +# get Tomcat . version number +tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'` +app_server=tomcat-$tomcat_version + +ant -f build.xml \ + -Dversion=%{version} \ + -Dsrc.dir=$app_server \ + -Djnidir=%{_jnidir} \ + -Dinstall.doc.dir=%{buildroot}%{_docdir}/%{name} \ + -Dinstall.jar.dir=%{buildroot}%{_javadir} \ + install + +################################################################################ +%files +################################################################################ + +%license LICENSE + +%defattr(-,root,root) +%doc README +%doc LICENSE +%{_javadir}/* + +################################################################################ +%changelog +* Mon Nov 15 2021 Red Hat PKI Team 7.7.1-1 +- Rebase to TomcatJSS 7.7.1 + +* Mon Jul 26 2021 Red Hat PKI Team 7.7.0-1 +- Rebase to TomcatJSS 7.7.0 + +* Fri Jun 11 2021 Red Hat PKI Team 7.7.0-0.1 +- Rebase to TomcatJSS 7.7.0-alpha1 + +* Tue Nov 17 2020 Red Hat PKI Team 7.6.1-1 +- Rebase to TomcatJSS 7.6.1 + +* Wed Oct 28 2020 Red Hat PKI Team 7.6.0-2 +- Bump dependency to JSS 4.8.0 +- Remove unsupported platforms + +* Tue Oct 20 2020 Red Hat PKI Team 7.6.0-1 +- Rebase to TomcatJSS 7.6.0 + +* Thu Jul 09 2020 Red Hat PKI Team 7.5.0-1 +- Rebase to TomcatJSS 7.5.0 + +* Thu Jun 25 2020 Red Hat PKI Team 7.5.0-0.2 +- Rebase to TomcatJSS 7.5.0-a2 + +* Tue May 26 2020 Red Hat PKI Team 7.5.0-0.1 +- Rebase to TomcatJSS 7.5.0-a1 + +* Thu Oct 31 2019 Red Hat PKI Team 7.4.1-2 +- Bump dependency to JSS 4.6.0 + +* Wed Jun 12 2019 Red Hat PKI Team 7.4.1-1 +- Rebase to TomcatJSS 7.4.1 + +* Wed Apr 24 2019 Red Hat PKI Team 7.4.0-1 +- Rebase to TomcatJSS 7.4.0 + +* Fri Oct 05 2018 Red Hat PKI Team 7.3.6-1 +- Rebase to TomcatJSS 7.3.6 + +* Mon Aug 13 2018 Red Hat PKI Team 7.3.5-1 +- Rebase to TomcatJSS 7.3.5 + +* Tue Aug 07 2018 Red Hat PKI Team 7.3.4-1 +- Rebase to TomcatJSS 7.3.4 + +* Tue Aug 07 2018 Red Hat PKI Team 7.3.3-2 +- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3) + +* Fri Jul 20 2018 Red Hat PKI Team 7.3.3-1 +- Rebase to TomcatJSS 7.3.3 + +* Thu Jul 05 2018 Red Hat PKI Team 7.3.2-1 +- Rebase to TomcatJSS 7.3.2 + +* Fri Jun 15 2018 Red Hat PKI Team 7.3.1-1 +- Fix Tomcat dependencies +- Rebase to TomcatJSS 7.3.1 + +* Thu Apr 12 2018 Red Hat PKI Team 7.3.0-1 +- Clean up spec file +- Rebase to TomcatJSS 7.3.0 final + +* Thu Mar 15 2018 Red Hat PKI Team 7.3.0-0.2 +- Rebase to TomcatJSS 7.3.0 beta