abb5bc8
################################################################################
d2b3079
Name:             pki-core
abb5bc8
################################################################################
abb5bc8
Alexander Scheel deb0f05
%global           vendor_id dogtag
Alexander Scheel deb0f05
%global           brand Dogtag
Alexander Scheel deb0f05
Alexander Scheel deb0f05
Summary:          %{brand} PKI Core Package
abb5bc8
URL:              http://www.dogtagpki.org/
f8324ca
# The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
f8324ca
License:          GPLv2 and LGPLv2
abb5bc8
Alexander Scheel d2b085c
# For development (unsupported) releases, use x.y.z-0.n.unstable with alpha/beta phase.
Alexander Scheel d2b085c
# For official (supported) releases, use x.y.z-r where r >=1 without alpha/beta phase.
Alexander Scheel f5dda78
Version:          10.9.4
Alexander Scheel f5dda78
Release:          1%{?_timestamp}%{?_commit_id}%{?dist}
Alexander Scheel deb0f05
#global           _phase -a1
f8324ca
a0a6406
# To create a tarball from a version tag:
a0a6406
# $ git archive \
a0a6406
#     --format=tar.gz \
a0a6406
#     --prefix pki-<version>/ \
a0a6406
#     -o pki-<version>.tar.gz \
a0a6406
#     <version tag>
f8324ca
Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{version}%{?_phase}.tar.gz
a0a6406
a0a6406
# To create a patch for all changes since a version tag:
a0a6406
# $ git format-patch \
a0a6406
#     --stdout \
a0a6406
#     <version tag> \
a0a6406
#     > pki-VERSION-RELEASE.patch
f1ad55b
# Patch: pki-VERSION-RELEASE.patch
Alexander Scheel d2b085c
7b33405
abb5bc8
################################################################################
b5bc3f7
# NSS
b5bc3f7
################################################################################
b5bc3f7
f8324ca
%global nss_default_db_type sql
b5bc3f7
b5bc3f7
################################################################################
abb5bc8
# Python
abb5bc8
################################################################################
abb5bc8
b237001
%if 0%{?rhel}
b237001
%global python_executable /usr/libexec/platform-python
f1ad55b
%else
b237001
%global python_executable /usr/bin/python3
1a87eed
%endif
94ffff9
abb5bc8
################################################################################
Matthew Harmsen 1b89462
# Java
abb5bc8
################################################################################
abb5bc8
Alexander Scheel 29e9dc6
%define java_home /usr/lib/jvm/jre-openjdk
Alexander Scheel d2b085c
%define java_devel java-devel
Alexander Scheel d2b085c
%define java_headless java-headless
Alexander Scheel 29e9dc6
Alexander Scheel 29e9dc6
%if 0%{?fedora} && 0%{?fedora} >= 33
Alexander Scheel d2b085c
%define min_java_version 1:11
Alexander Scheel 29e9dc6
%else
Alexander Scheel 29e9dc6
%define min_java_version 1:1.8.0
Alexander Scheel 29e9dc6
%endif
Matthew Harmsen 1b89462
abb5bc8
################################################################################
af0980e
# RESTEasy
abb5bc8
################################################################################
abb5bc8
Matthew Harmsen 8900ff7
%define jaxrs_api_jar /usr/share/java/jboss-jaxrs-2.0-api.jar
Matthew Harmsen 8900ff7
%define resteasy_lib /usr/share/java/resteasy
Kevin Wright 4885a56
abb5bc8
################################################################################
abb5bc8
# PKI
abb5bc8
################################################################################
abb5bc8
5520795
# By default the build will execute unit tests unless --without test
5520795
# option is specified.
5520795
5520795
# bcond_without test
5520795
%global with_test 1
5520795
5520795
# By default all packages will be built except the ones specified with
5520795
# --without <package> option (exclusion method).
5520795
5520795
# If --with pkgs option is specified, only packages specified with
5520795
# --with <package> will be built (inclusion method).
5520795
5520795
# bcond_with pkgs
5520795
%global with_pkgs 1
5520795
5520795
# Define package_option macro to wrap bcond_with or bcond_without macro
5520795
# depending on package selection method.
5520795
5520795
%if %{with pkgs}
5520795
%define package_option() %bcond_with %1
5520795
%else
5520795
%define package_option() %bcond_without %1
b237001
%endif
5520795
5520795
# Define --with <package> or --without <package> options depending on
5520795
# package selection method.
5520795
Alexander Scheel ba2d827
%global with_base 1
Alexander Scheel ba2d827
%global with_server 1
Alexander Scheel ba2d827
%global with_ca 1
Alexander Scheel ba2d827
%global with_kra 1
Alexander Scheel ba2d827
%global with_ocsp 1
Alexander Scheel ba2d827
%global with_tks 1
Alexander Scheel ba2d827
%global with_tps 1
Alexander Scheel ba2d827
%global with_javadoc 1
Alexander Scheel ba2d827
%global with_console 1
Alexander Scheel ba2d827
%global without_theme 1
Alexander Scheel ba2d827
%global without_meta 1
Alexander Scheel ba2d827
%global without_tests 1
Alexander Scheel ba2d827
%global with_debug 1
5520795
5520795
%if ! %{with debug}
5520795
%define debug_package %{nil}
b237001
%endif
af0980e
6885d7c
# ignore unpackaged files from native 'tpsclient'
6885d7c
# REMINDER:  Remove this '%%define' once 'tpsclient' is rewritten as a Java app
6885d7c
%define _unpackaged_files_terminate_build 0
098ddda
b237001
# The PKI UID and GID are preallocated, see:
b237001
# https://bugzilla.redhat.com/show_bug.cgi?id=476316
b237001
# https://bugzilla.redhat.com/show_bug.cgi?id=476782
b237001
# https://pagure.io/setup/blob/master/f/uidgid
b237001
# /usr/share/doc/setup/uidgid
Matthew Harmsen b1b4653
%define pki_username pkiuser
Matthew Harmsen b1b4653
%define pki_uid 17
Matthew Harmsen b1b4653
%define pki_groupname pkiuser
Matthew Harmsen b1b4653
%define pki_gid 17
Matthew Harmsen b1b4653
%define pki_homedir /usr/share/pki
af0980e
5520795
%global saveFileContext() \
5520795
if [ -s /etc/selinux/config ]; then \
5520795
     . %{_sysconfdir}/selinux/config; \
5520795
     FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
5520795
     if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \
5520795
          cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \
5520795
     fi \
5520795
fi;
5520795
5520795
%global relabel() \
5520795
. %{_sysconfdir}/selinux/config; \
5520795
FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
5520795
selinuxenabled; \
5520795
if [ $? == 0  -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \
5520795
     fixfiles -C ${FILE_CONTEXT}.%{name} restore; \
5520795
     rm -f ${FILE_CONTEXT}.%name; \
5520795
fi;
5520795
abb5bc8
################################################################################
abb5bc8
# Build Dependencies
abb5bc8
################################################################################
abb5bc8
a0a6406
# autosetup
a0a6406
BuildRequires:    git
27803e8
BuildRequires:    make
a0a6406
0ef3759
BuildRequires:    cmake >= 3.0.2
Matthew Harmsen 0f27bed
BuildRequires:    gcc-c++
94ffff9
BuildRequires:    zip
Alexander Scheel deb0f05
BuildRequires:    %java_devel >= %{min_java_version}
Alexander Scheel 29e9dc6
BuildRequires:    javapackages-tools
94ffff9
BuildRequires:    redhat-rpm-config
0ef3759
BuildRequires:    ldapjdk >= 4.22.0
5b0e173
BuildRequires:    apache-commons-cli
94ffff9
BuildRequires:    apache-commons-codec
5b0e173
BuildRequires:    apache-commons-io
af0980e
BuildRequires:    apache-commons-lang
0ef3759
BuildRequires:    apache-commons-net
6634b9e
BuildRequires:    jakarta-commons-httpclient
4022991
BuildRequires:    glassfish-jaxb-api
b2f9ecc
BuildRequires:    slf4j
99bd601
BuildRequires:    slf4j-jdk14
Kevin Wright 4885a56
BuildRequires:    nspr-devel
a0a6406
BuildRequires:    nss-devel >= 3.36.1
d0bfd54
Kevin Wright 4885a56
BuildRequires:    openldap-devel
Kevin Wright 4885a56
BuildRequires:    pkgconfig
Kevin Wright 4885a56
BuildRequires:    policycoreutils
f1ad55b
f1ad55b
BuildRequires:    python3-lxml
f1ad55b
BuildRequires:    python3-sphinx
f1ad55b
Kevin Wright 4885a56
BuildRequires:    velocity
Kevin Wright 4885a56
BuildRequires:    xalan-j2
Kevin Wright 4885a56
BuildRequires:    xerces-j2
c488bd7
b237001
%if 0%{?rhel}
b237001
BuildRequires:    resteasy >= 3.0.26
94ffff9
%else
Matthew Harmsen 8900ff7
BuildRequires:    jboss-annotations-1.2-api
Matthew Harmsen 8900ff7
BuildRequires:    jboss-jaxrs-2.0-api
Matthew Harmsen 8900ff7
BuildRequires:    jboss-logging
Matthew Harmsen bec500a
BuildRequires:    resteasy-atom-provider >= 3.0.17-1
Matthew Harmsen bec500a
BuildRequires:    resteasy-client >= 3.0.17-1
Matthew Harmsen bec500a
BuildRequires:    resteasy-jaxb-provider >= 3.0.17-1
Matthew Harmsen bec500a
BuildRequires:    resteasy-core >= 3.0.17-1
4022991
BuildRequires:    resteasy-jackson2-provider >= 3.0.17-1
Matthew Harmsen bec500a
%endif
c488bd7
b237001
BuildRequires:    python3 >= 3.5
f1ad55b
BuildRequires:    python3-devel
7b33405
BuildRequires:    python3-setuptools
f1ad55b
BuildRequires:    python3-cryptography
f1ad55b
BuildRequires:    python3-lxml
27803e8
BuildRequires:    python3-ldap
f1ad55b
BuildRequires:    python3-libselinux
f1ad55b
BuildRequires:    python3-nss
f1ad55b
BuildRequires:    python3-requests >= 2.6.0
f1ad55b
BuildRequires:    python3-six
b237001
b237001
%if 0%{?rhel}
b237001
# no python3-pytest-runner
b237001
%else
b237001
BuildRequires:    python3-pytest-runner
b237001
%endif
f1ad55b
c488bd7
BuildRequires:    junit
94ffff9
BuildRequires:    jpackage-utils >= 0:1.7.5-10
0ef3759
BuildRequires:    jss >= 4.7.0
0ef3759
BuildRequires:    tomcatjss >= 7.5.0
3ec7844
BuildRequires:    systemd-units
d0bfd54
b237001
%if 0%{?rhel}
b237001
BuildRequires:    pki-servlet-engine
1a87eed
%else
f1ad55b
BuildRequires:    tomcat >= 1:9.0.7
1a87eed
%endif
1a87eed
6885d7c
# additional build requirements needed to build native 'tpsclient'
6885d7c
# REMINDER:  Revisit these once 'tpsclient' is rewritten as a Java app
6885d7c
BuildRequires:    apr-devel
6885d7c
BuildRequires:    apr-util-devel
6885d7c
BuildRequires:    cyrus-sasl-devel
6885d7c
BuildRequires:    httpd-devel >= 2.4.2
6885d7c
BuildRequires:    pcre-devel
6885d7c
BuildRequires:    systemd
6885d7c
BuildRequires:    zlib
6885d7c
BuildRequires:    zlib-devel
6885d7c
b2dea93
# build dependency to build man pages
998e00c
%if 0%{?fedora} && 0%{?fedora} <= 30 || 0%{?rhel}
b2dea93
BuildRequires:    go-md2man
998e00c
%else
998e00c
BuildRequires:    golang-github-cpuguy83-md2man
998e00c
%endif
b2dea93
0ef3759
# pki-healthcheck depends on the following library
0ef3759
%if 0%{?rhel}
0ef3759
BuildRequires:    ipa-healthcheck-core
0ef3759
%else
0ef3759
BuildRequires:    freeipa-healthcheck-core
0ef3759
%endif
0ef3759
b2dea93
# PKICertImport depends on certutil and openssl
b2dea93
BuildRequires:    nss-tools
b2dea93
BuildRequires:    openssl
b2dea93
bcc4aa1
# description for top-level package (if there is a separate meta package)
Alexander Scheel deb0f05
%if "%{name}" != "%{vendor_id}-pki"
bcc4aa1
%description
bcc4aa1
Alexander Scheel deb0f05
%{brand} PKI is an enterprise software system designed
bcc4aa1
to manage enterprise Public Key Infrastructure deployments.
bcc4aa1
bcc4aa1
PKI consists of the following components:
bcc4aa1
bcc4aa1
  * Certificate Authority (CA)
bcc4aa1
  * Key Recovery Authority (KRA)
bcc4aa1
  * Online Certificate Status Protocol (OCSP) Manager
bcc4aa1
  * Token Key Service (TKS)
bcc4aa1
  * Token Processing Service (TPS)
bcc4aa1
bcc4aa1
%endif
bcc4aa1
5520795
%if %{with meta}
Alexander Scheel deb0f05
%if "%{name}" != "%{vendor_id}-pki"
bcc4aa1
################################################################################
Alexander Scheel deb0f05
%package -n       %{vendor_id}-pki
bcc4aa1
################################################################################
bcc4aa1
Alexander Scheel deb0f05
Summary:          %{brand} PKI Package
bcc4aa1
%endif
Kevin Wright 4885a56
5520795
# Make certain that this 'meta' package requires the latest version(s)
5520795
# of ALL PKI theme packages
Alexander Scheel deb0f05
Requires:         %{vendor_id}-pki-server-theme = %{version}
Alexander Scheel deb0f05
Requires:         %{vendor_id}-pki-console-theme = %{version}
5520795
5520795
# Make certain that this 'meta' package requires the latest version(s)
5520795
# of ALL PKI core packages
b2dea93
Requires:         pki-ca = %{version}
b2dea93
Requires:         pki-kra = %{version}
b2dea93
Requires:         pki-ocsp = %{version}
b2dea93
Requires:         pki-tks = %{version}
b2dea93
Requires:         pki-tps = %{version}
5520795
5520795
# Make certain that this 'meta' package requires the latest version(s)
5520795
# of PKI console
b2dea93
Requires:         pki-console = %{version}
b2dea93
Requires:         pki-javadoc = %{version}
5520795
5520795
# Make certain that this 'meta' package requires the latest version(s)
5520795
# of ALL PKI clients
5520795
Requires:         esc >= 1.1.1
5520795
bcc4aa1
# description for top-level package (unless there is a separate meta package)
Alexander Scheel deb0f05
%if "%{name}" == "%{vendor_id}-pki"
d7417f5
%description
bcc4aa1
%else
Alexander Scheel deb0f05
%description -n   %{vendor_id}-pki
bcc4aa1
%endif
Kevin Wright 4885a56
Alexander Scheel deb0f05
%{brand} PKI is an enterprise software system designed
d7417f5
to manage enterprise Public Key Infrastructure deployments.
d7417f5
d7417f5
PKI consists of the following components:
d7417f5
d7417f5
  * Certificate Authority (CA)
d7417f5
  * Key Recovery Authority (KRA)
d7417f5
  * Online Certificate Status Protocol (OCSP) Manager
d7417f5
  * Token Key Service (TKS)
d7417f5
  * Token Processing Service (TPS)
Kevin Wright 4885a56
b237001
# with meta
b237001
%endif
bcc4aa1
5520795
%if %{with base}
abb5bc8
################################################################################
Kevin Wright 4885a56
%package -n       pki-symkey
abb5bc8
################################################################################
abb5bc8
abb5bc8
Summary:          PKI Symmetric Key Package
Kevin Wright 4885a56
Alexander Scheel deb0f05
Requires:         %java_headless >= %{min_java_version}
Kevin Wright 5a5e1cd
Requires:         jpackage-utils >= 0:1.7.5-10
0ef3759
Requires:         jss >= 4.7.0
27803e8
Requires:         nss >= 3.38.0
Alexander Scheel 0318d15
b2dea93
# Ensure we end up with a useful installation
b2dea93
Conflicts:        pki-symkey < %{version}
b2dea93
Conflicts:        pki-javadoc < %{version}
b2dea93
Conflicts:        pki-server-theme < %{version}
b2dea93
Conflicts:        pki-console-theme < %{version}
b2dea93
Kevin Wright 4885a56
%description -n   pki-symkey
abb5bc8
The PKI Symmetric Key Java Package supplies various native
Kevin Wright 4885a56
symmetric key operations to Java programs.
Kevin Wright 4885a56
abb5bc8
################################################################################
94ffff9
%package -n       pki-base
abb5bc8
################################################################################
Kevin Wright 4885a56
abb5bc8
Summary:          PKI Base Package
Kevin Wright 4885a56
BuildArch:        noarch
Kevin Wright 4885a56
a0a6406
Requires:         nss >= 3.36.1
b237001
0ef3759
Requires:         python3-pki = %{version}-%{release}
0ef3759
Requires(post):   python3-pki = %{version}-%{release}
Matthew Harmsen 9fcd51b
b2dea93
# Ensure we end up with a useful installation
b2dea93
Conflicts:        pki-symkey < %{version}
b2dea93
Conflicts:        pki-javadoc < %{version}
b2dea93
Conflicts:        pki-server-theme < %{version}
b2dea93
Conflicts:        pki-console-theme < %{version}
b2dea93
Matthew Harmsen 9fcd51b
%description -n   pki-base
abb5bc8
The PKI Base Package contains the common and client libraries and utilities
d7417f5
written in Python.
Matthew Harmsen 9fcd51b
f1ad55b
################################################################################
f1ad55b
%package -n       python3-pki
f1ad55b
################################################################################
f1ad55b
f1ad55b
Summary:          PKI Python 3 Package
f1ad55b
BuildArch:        noarch
f1ad55b
f1ad55b
Obsoletes:        pki-base-python3 < %{version}
b2dea93
Provides:         pki-base-python3 = %{version}
f8324ca
%if 0%{?fedora}
f1ad55b
%{?python_provide:%python_provide python3-pki}
f8324ca
%endif
f1ad55b
0ef3759
Requires:         pki-base = %{version}-%{release}
b237001
Requires:         python3 >= 3.5
f1ad55b
Requires:         python3-cryptography
f1ad55b
Requires:         python3-lxml
f1ad55b
Requires:         python3-nss
f1ad55b
Requires:         python3-requests >= 2.6.0
f1ad55b
Requires:         python3-six
f1ad55b
f1ad55b
%description -n   python3-pki
f1ad55b
This package contains PKI client library for Python 3.
f1ad55b
abb5bc8
################################################################################
Matthew Harmsen 9fcd51b
%package -n       pki-base-java
abb5bc8
################################################################################
abb5bc8
abb5bc8
Summary:          PKI Base Java Package
Matthew Harmsen 9fcd51b
BuildArch:        noarch
Matthew Harmsen 9fcd51b
Alexander Scheel deb0f05
Requires:         %java_headless >= %{min_java_version}
5b0e173
Requires:         apache-commons-cli
94ffff9
Requires:         apache-commons-codec
9a05dd2
Requires:         apache-commons-io
94ffff9
Requires:         apache-commons-lang
94ffff9
Requires:         apache-commons-logging
0ef3759
Requires:         apache-commons-net
6634b9e
Requires:         jakarta-commons-httpclient
4022991
Requires:         glassfish-jaxb-api
b2f9ecc
Requires:         slf4j
b2f9ecc
Requires:         slf4j-jdk14
Kevin Wright 5a5e1cd
Requires:         jpackage-utils >= 0:1.7.5-10
0ef3759
Requires:         jss >= 4.7.0
0ef3759
Requires:         ldapjdk >= 4.22.0
0ef3759
Requires:         pki-base = %{version}-%{release}
08b9a1c
b237001
%if 0%{?rhel}
b237001
Requires:         resteasy >= 3.0.26
Kevin Wright e77a8e8
%else
abb5bc8
Requires:         resteasy-atom-provider >= 3.0.17-1
abb5bc8
Requires:         resteasy-client >= 3.0.17-1
abb5bc8
Requires:         resteasy-jaxb-provider >= 3.0.17-1
abb5bc8
Requires:         resteasy-core >= 3.0.17-1
4022991
Requires:         resteasy-jackson2-provider >= 3.0.17-1
Matthew Harmsen bec500a
%endif
08b9a1c
Alexander Scheel d2b085c
%if 0%{?fedora} && 0%{?fedora} >= 33
Alexander Scheel d2b085c
Requires:         jaxb-impl >= 2.3.3
Alexander Scheel d2b085c
Requires:         jakarta-activation >= 1.2.2
Alexander Scheel d2b085c
%endif
Alexander Scheel d2b085c
9a05dd2
Requires:         xalan-j2
9a05dd2
Requires:         xerces-j2
9a05dd2
Requires:         xml-commons-apis
9a05dd2
Requires:         xml-commons-resolver
Kevin Wright 4885a56
Matthew Harmsen 9fcd51b
%description -n   pki-base-java
abb5bc8
The PKI Base Java Package contains the common and client libraries and utilities
d7417f5
written in Java.
Matthew Harmsen 9fcd51b
abb5bc8
################################################################################
94ffff9
%package -n       pki-tools
abb5bc8
################################################################################
abb5bc8
abb5bc8
Summary:          PKI Tools Package
Kevin Wright 4885a56
94ffff9
Requires:         openldap-clients
a0a6406
Requires:         nss-tools >= 3.36.1
0ef3759
Requires:         pki-base-java = %{version}-%{release}
b237001
Requires:         p11-kit-trust
b2dea93
b2dea93
# PKICertImport depends on certutil and openssl
b2dea93
Requires:         nss-tools
b2dea93
Requires:         openssl
Kevin Wright 4885a56
94ffff9
%description -n   pki-tools
94ffff9
This package contains PKI executables that can be used to help make
Kevin Wright 4885a56
Certificate System into a more complete and robust PKI solution.
Kevin Wright 4885a56
b237001
# with base
b237001
%endif
5520795
098ddda
%if %{with server}
abb5bc8
################################################################################
94ffff9
%package -n       pki-server
abb5bc8
################################################################################
abb5bc8
abb5bc8
Summary:          PKI Server Package
Kevin Wright 4885a56
BuildArch:        noarch
Kevin Wright 4885a56
Matthew Harmsen 8900ff7
Requires:         hostname
e0d9ec4
Requires:         net-tools
d0bfd54
cc4e6ee
Requires:         policycoreutils
8214470
Requires:         procps-ng
cc4e6ee
Requires:         openldap-clients
0b99ba4
Requires:         openssl
0ef3759
Requires:         pki-symkey = %{version}-%{release}
0ef3759
Requires:         pki-tools = %{version}-%{release}
b2dea93
b2dea93
Requires:         keyutils
f1ad55b
1a87eed
Requires:         policycoreutils-python-utils
f1ad55b
f1ad55b
Requires:         python3-ldap
1a87eed
Requires:         python3-lxml
7d2bfe8
Requires:         python3-libselinux
f1ad55b
Requires:         python3-policycoreutils
77fa976
99bd601
Requires:         selinux-policy-targeted >= 3.13.1-159
1b35f54
b237001
%if 0%{?rhel}
b237001
Requires:         pki-servlet-engine >= 1:9.0.7
f1ad55b
%else
f1ad55b
Requires:         tomcat >= 1:9.0.7
1a87eed
%endif
77fa976
Kevin Wright 4885a56
Requires:         velocity
Alexander Scheel deb0f05
Requires:         sudo
Alexander Scheel deb0f05
Requires:         systemd
94ffff9
Requires(post):   systemd-units
94ffff9
Requires(preun):  systemd-units
94ffff9
Requires(postun): systemd-units
Matthew Harmsen b1b4653
Requires(pre):    shadow-utils
0ef3759
Requires:         tomcatjss >= 7.5.0
b237001
b237001
# pki-healthcheck depends on the following library
b237001
%if 0%{?rhel}
b237001
Requires:         ipa-healthcheck-core
b237001
%else
b237001
Requires:         freeipa-healthcheck-core
Matthew Harmsen 5c52b73
%endif
Matthew Harmsen 5c52b73
4022991
# https://pagure.io/freeipa/issue/7742
b237001
%if 0%{?rhel}
b237001
Conflicts:        ipa-server < 4.7.1
b237001
%else
4022991
Conflicts:        freeipa-server < 4.7.1
b237001
%endif
4022991
0ef3759
Provides:         bundled(js-backbone) = 1.4.0
0ef3759
Provides:         bundled(js-bootstrap) = 3.4.1
0ef3759
Provides:         bundled(js-jquery) = 3.5.1
0ef3759
Provides:         bundled(js-jquery-i18n-properties) = 1.2.7
0ef3759
Provides:         bundled(js-patternfly) = 3.59.2
0ef3759
Provides:         bundled(js-underscore) = 1.9.2
0ef3759
94ffff9
%description -n   pki-server
7d2bfe8
The PKI Server Package contains libraries and utilities needed by the
7d2bfe8
following PKI subsystems:
Kevin Wright 4885a56
Kevin Wright 4885a56
    the Certificate Authority (CA),
Matthew Harmsen 9fcd51b
    the Key Recovery Authority (KRA),
553626b
    the Online Certificate Status Protocol (OCSP) Manager,
553626b
    the Token Key Service (TKS), and
553626b
    the Token Processing Service (TPS).
Kevin Wright 4885a56
b237001
# with server
b237001
%endif
5520795
5520795
%if %{with ca}
abb5bc8
################################################################################
Kevin Wright 4885a56
%package -n       pki-ca
abb5bc8
################################################################################
Kevin Wright 4885a56
abb5bc8
Summary:          PKI CA Package
Kevin Wright 4885a56
BuildArch:        noarch
Kevin Wright 4885a56
0ef3759
Requires:         pki-server = %{version}-%{release}
Kevin Wright 5a5e1cd
Requires(post):   systemd-units
Kevin Wright 5a5e1cd
Requires(preun):  systemd-units
Kevin Wright 5a5e1cd
Requires(postun): systemd-units
Kevin Wright 4885a56
Kevin Wright 4885a56
%description -n   pki-ca
Kevin Wright 4885a56
The Certificate Authority (CA) is a required PKI subsystem which issues,
Kevin Wright 4885a56
renews, revokes, and publishes certificates as well as compiling and
Kevin Wright 4885a56
publishing Certificate Revocation Lists (CRLs).
Kevin Wright 4885a56
Kevin Wright 4885a56
The Certificate Authority can be configured as a self-signing Certificate
Kevin Wright 4885a56
Authority, where it is the root CA, or it can act as a subordinate CA,
Kevin Wright 4885a56
where it obtains its own signing certificate from a public CA.
Kevin Wright 4885a56
b237001
# with ca
b237001
%endif
5520795
5520795
%if %{with kra}
abb5bc8
################################################################################
94ffff9
%package -n       pki-kra
abb5bc8
################################################################################
94ffff9
abb5bc8
Summary:          PKI KRA Package
94ffff9
BuildArch:        noarch
94ffff9
0ef3759
Requires:         pki-server = %{version}-%{release}
94ffff9
Requires(post):   systemd-units
94ffff9
Requires(preun):  systemd-units
94ffff9
Requires(postun): systemd-units
94ffff9
94ffff9
%description -n   pki-kra
Matthew Harmsen 9fcd51b
The Key Recovery Authority (KRA) is an optional PKI subsystem that can act
Matthew Harmsen 9fcd51b
as a key archival facility.  When configured in conjunction with the
Matthew Harmsen 9fcd51b
Certificate Authority (CA), the KRA stores private encryption keys as part of
94ffff9
the certificate enrollment process.  The key archival mechanism is triggered
94ffff9
when a user enrolls in the PKI and creates the certificate request.  Using the
94ffff9
Certificate Request Message Format (CRMF) request format, a request is
94ffff9
generated for the user's private encryption key.  This key is then stored in
Matthew Harmsen 9fcd51b
the KRA which is configured to store keys in an encrypted format that can only
94ffff9
be decrypted by several agents requesting the key at one time, providing for
94ffff9
protection of the public encryption keys for the users in the PKI deployment.
94ffff9
Matthew Harmsen 9fcd51b
Note that the KRA archives encryption keys; it does NOT archive signing keys,
94ffff9
since such archival would undermine non-repudiation properties of signing keys.
94ffff9
b237001
# with kra
b237001
%endif
5520795
5520795
%if %{with ocsp}
abb5bc8
################################################################################
94ffff9
%package -n       pki-ocsp
abb5bc8
################################################################################
94ffff9
abb5bc8
Summary:          PKI OCSP Package
94ffff9
BuildArch:        noarch
94ffff9
b2dea93
Requires:         pki-server = %{version}
94ffff9
Requires(post):   systemd-units
94ffff9
Requires(preun):  systemd-units
94ffff9
Requires(postun): systemd-units
94ffff9
94ffff9
%description -n   pki-ocsp
94ffff9
The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
94ffff9
subsystem that can act as a stand-alone OCSP service.  The OCSP Manager
94ffff9
performs the task of an online certificate validation authority by enabling
94ffff9
OCSP-compliant clients to do real-time verification of certificates.  Note
94ffff9
that an online certificate-validation authority is often referred to as an
94ffff9
OCSP Responder.
94ffff9
94ffff9
Although the Certificate Authority (CA) is already configured with an
94ffff9
internal OCSP service.  An external OCSP Responder is offered as a separate
94ffff9
subsystem in case the user wants the OCSP service provided outside of a
94ffff9
firewall while the CA resides inside of a firewall, or to take the load of
94ffff9
requests off of the CA.
94ffff9
94ffff9
The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
94ffff9
multiple CA servers, and clients can query the OCSP Manager for the
94ffff9
revocation status of certificates issued by all of these CA servers.
94ffff9
94ffff9
When an instance of OCSP Manager is set up with an instance of CA, and
94ffff9
publishing is set up to this OCSP Manager, CRLs are published to it
94ffff9
whenever they are issued or updated.
94ffff9
b237001
# with ocsp
b237001
%endif
5520795
5520795
%if %{with tks}
abb5bc8
################################################################################
94ffff9
%package -n       pki-tks
abb5bc8
################################################################################
94ffff9
abb5bc8
Summary:          PKI TKS Package
94ffff9
BuildArch:        noarch
94ffff9
b2dea93
Requires:         pki-server = %{version}
94ffff9
Requires(post):   systemd-units
94ffff9
Requires(preun):  systemd-units
94ffff9
Requires(postun): systemd-units
94ffff9
94ffff9
%description -n   pki-tks
94ffff9
The Token Key Service (TKS) is an optional PKI subsystem that manages the
94ffff9
master key(s) and the transport key(s) required to generate and distribute
94ffff9
keys for hardware tokens.  TKS provides the security between tokens and an
94ffff9
instance of Token Processing System (TPS), where the security relies upon the
94ffff9
relationship between the master key and the token keys.  A TPS communicates
94ffff9
with a TKS over SSL using client authentication.
94ffff9
94ffff9
TKS helps establish a secure channel (signed and encrypted) between the token
94ffff9
and the TPS, provides proof of presence of the security token during
94ffff9
enrollment, and supports key changeover when the master key changes on the
94ffff9
TKS.  Tokens with older keys will get new token keys.
94ffff9
94ffff9
Because of the sensitivity of the data that TKS manages, TKS should be set up
94ffff9
behind the firewall with restricted access.
94ffff9
b237001
# with tks
b237001
%endif
5520795
5520795
%if %{with tps}
abb5bc8
################################################################################
6885d7c
%package -n       pki-tps
abb5bc8
################################################################################
abb5bc8
abb5bc8
Summary:          PKI TPS Package
553626b
b2dea93
Requires:         pki-server = %{version}
553626b
Requires(post):   systemd-units
553626b
Requires(preun):  systemd-units
553626b
Requires(postun): systemd-units
553626b
6885d7c
# additional runtime requirements needed to run native 'tpsclient'
6885d7c
# REMINDER:  Revisit these once 'tpsclient' is rewritten as a Java app
a78c289
a0a6406
Requires:         nss-tools >= 3.36.1
6885d7c
Requires:         openldap-clients
6885d7c
6885d7c
%description -n   pki-tps
553626b
The Token Processing System (TPS) is an optional PKI subsystem that acts
553626b
as a Registration Authority (RA) for authenticating and processing
553626b
enrollment requests, PIN reset requests, and formatting requests from
553626b
the Enterprise Security Client (ESC).
553626b
553626b
TPS is designed to communicate with tokens that conform to
553626b
Global Platform's Open Platform Specification.
553626b
553626b
TPS communicates over SSL with various PKI backend subsystems (including
Matthew Harmsen 9fcd51b
the Certificate Authority (CA), the Key Recovery Authority (KRA), and the
553626b
Token Key Service (TKS)) to fulfill the user's requests.
553626b
553626b
TPS also interacts with the token database, an LDAP server that stores
553626b
information about individual tokens.
553626b
6885d7c
The utility "tpsclient" is a test tool that interacts with TPS.  This
6885d7c
tool is useful to test TPS server configs without risking an actual
6885d7c
smart card.
6885d7c
b237001
# with tps
b237001
%endif
a0a6406
a0a6406
%if %{with javadoc}
abb5bc8
################################################################################
94ffff9
%package -n       pki-javadoc
abb5bc8
################################################################################
abb5bc8
abb5bc8
Summary:          PKI Javadoc Package
94ffff9
BuildArch:        noarch
94ffff9
b2dea93
# Ensure we end up with a useful installation
b2dea93
Conflicts:        pki-base < %{version}
b2dea93
Conflicts:        pki-symkey < %{version}
b2dea93
Conflicts:        pki-server-theme < %{version}
b2dea93
Conflicts:        pki-console-theme < %{version}
b2dea93
94ffff9
%description -n   pki-javadoc
abb5bc8
This package contains PKI API documentation.
94ffff9
b237001
# with javadoc
b237001
%endif
098ddda
5520795
%if %{with console}
5520795
################################################################################
5520795
%package -n       pki-console
5520795
################################################################################
5520795
5520795
Summary:          PKI Console Package
5520795
BuildArch:        noarch
5520795
bcc4aa1
BuildRequires:    idm-console-framework >= 1.2.0
5520795
bcc4aa1
Requires:         idm-console-framework >= 1.2.0
b2dea93
Requires:         pki-base-java = %{version}
b2dea93
Requires:         pki-console-theme = %{version}
5520795
5520795
%description -n   pki-console
5520795
The PKI Console is a Java application used to administer PKI server.
5520795
b237001
# with console
b237001
%endif
5520795
5520795
%if %{with theme}
5520795
################################################################################
Alexander Scheel deb0f05
%package -n       %{vendor_id}-pki-server-theme
5520795
################################################################################
5520795
Alexander Scheel deb0f05
Summary:          %{brand} PKI Server Theme Package
5520795
BuildArch:        noarch
5520795
b2dea93
Provides:         pki-server-theme = %{version}
bcc4aa1
b237001
# Ensure we end up with a useful installation
b237001
Conflicts:        pki-base < %{version}
b237001
Conflicts:        pki-symkey < %{version}
b237001
Conflicts:        pki-console-theme < %{version}
b237001
Conflicts:        pki-javadoc < %{version}
Alexander Scheel deb0f05
Alexander Scheel deb0f05
%description -n   %{vendor_id}-pki-server-theme
5520795
This PKI Server Theme Package contains
Alexander Scheel deb0f05
%{brand} textual and graphical user interface for PKI Server.
5520795
5520795
################################################################################
Alexander Scheel deb0f05
%package -n       %{vendor_id}-pki-console-theme
5520795
################################################################################
5520795
Alexander Scheel deb0f05
Summary:          %{brand} PKI Console Theme Package
5520795
BuildArch:        noarch
5520795
b2dea93
Provides:         pki-console-theme = %{version}
5520795
b237001
# Ensure we end up with a useful installation
b237001
Conflicts:        pki-base < %{version}
b237001
Conflicts:        pki-symkey < %{version}
b237001
Conflicts:        pki-server-theme < %{version}
b237001
Conflicts:        pki-javadoc < %{version}
b237001
Alexander Scheel deb0f05
%description -n   %{vendor_id}-pki-console-theme
5520795
This PKI Console Theme Package contains
Alexander Scheel deb0f05
%{brand} textual and graphical user interface for PKI Console.
5520795
b237001
# with theme
b237001
%endif
5520795
0ef3759
%if %{with tests}
0ef3759
################################################################################
0ef3759
%package -n       pki-tests
0ef3759
################################################################################
0ef3759
0ef3759
Summary:          PKI Tests
0ef3759
BuildArch:        noarch
0ef3759
0ef3759
%description -n   pki-tests
0ef3759
This package contains PKI test suite.
0ef3759
0ef3759
# with tests
0ef3759
%endif
0ef3759
abb5bc8
################################################################################
94ffff9
%prep
abb5bc8
################################################################################
abb5bc8
f8324ca
%autosetup -n pki-%{version}%{?_phase} -p 1 -S git
f12d16b
abb5bc8
################################################################################
Kevin Wright 4885a56
%build
abb5bc8
################################################################################
abb5bc8
Alexander Scheel f5dda78
# get Java <major>.<minor> version number
Alexander Scheel f5dda78
java_version=`%{java_home}/bin/java -XshowSettings:properties -version 2>&1 | sed -n 's/ *java.version *= *\([0-9]\+\.[0-9]\+\).*/\1/p'`
Alexander Scheel f5dda78
Alexander Scheel f5dda78
# if <major> == 1, get <minor> version number
Alexander Scheel f5dda78
# otherwise get <major> version number
Alexander Scheel f5dda78
java_version=`echo $java_version | sed -e 's/^1\.//' -e 's/\..*$//'`
Alexander Scheel f5dda78
49a4cc3
# get Tomcat <major>.<minor> version number
49a4cc3
tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
49a4cc3
49a4cc3
if [ $tomcat_version == "9.0" ]; then
49a4cc3
    app_server=tomcat-8.5
49a4cc3
else
49a4cc3
    app_server=tomcat-$tomcat_version
49a4cc3
fi
49a4cc3
Alexander Scheel f5dda78
%if 0%{?rhel}
Alexander Scheel f5dda78
%{__mkdir_p} build
Alexander Scheel f5dda78
cd build
Alexander Scheel f5dda78
%endif
Alexander Scheel f5dda78
abb5bc8
%cmake \
a0a6406
    --no-warn-unused-cli \
abb5bc8
    -DVERSION=%{version}-%{release} \
abb5bc8
    -DVAR_INSTALL_DIR:PATH=/var \
b237001
    -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \
Alexander Scheel f5dda78
    -DJAVA_VERSION=%{java_version} \
Alexander Scheel 29e9dc6
    -DJAVA_HOME=%java_home \
Alexander Scheel 29e9dc6
    -DPKI_JAVA_PATH=%java \
abb5bc8
    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
abb5bc8
    -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
49a4cc3
    -DAPP_SERVER=$app_server \
abb5bc8
    -DJAXRS_API_JAR=%{jaxrs_api_jar} \
abb5bc8
    -DRESTEASY_LIB=%{resteasy_lib} \
f1ad55b
    -DNSS_DEFAULT_DB_TYPE=%{nss_default_db_type} \
abb5bc8
    -DBUILD_PKI_CORE:BOOL=ON \
b237001
    -DPYTHON_EXECUTABLE=%{python_executable} \
b5bc3f7
    -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
5520795
%if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps}
5520795
    -DWITH_SERVER:BOOL=OFF \
5520795
%endif
b5bc3f7
    -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \
5520795
    -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \
Alexander Scheel deb0f05
    -DTHEME=%{?with_theme:%{vendor_id}} \
Alexander Scheel f5dda78
%if 0%{?rhel}
Alexander Scheel f5dda78
    ..
Alexander Scheel f5dda78
%else
Alexander Scheel 29e9dc6
    -B %{_vpath_builddir}
Alexander Scheel f5dda78
%endif
Alexander Scheel da5c686
Alexander Scheel f5dda78
%if 0%{?fedora}
Alexander Scheel da5c686
cd %{_vpath_builddir}
Alexander Scheel f5dda78
%endif
Kevin Wright 4885a56
0ef3759
# Do not use _smp_mflags to preserve build order
0ef3759
%{__make} \
0ef3759
    VERBOSE=%{?_verbose} \
0ef3759
    CMAKE_NO_VERBOSE=1 \
0ef3759
    DESTDIR=%{buildroot} \
0ef3759
    INSTALL="install -p" \
0ef3759
    --no-print-directory \
0ef3759
    all
0ef3759
abb5bc8
################################################################################
Kevin Wright 4885a56
%install
abb5bc8
################################################################################
abb5bc8
Alexander Scheel f5dda78
%if 0%{?rhel}
Alexander Scheel f5dda78
cd build
Alexander Scheel f5dda78
%else
Alexander Scheel da5c686
cd %{_vpath_builddir}
Alexander Scheel f5dda78
%endif
abb5bc8
abb5bc8
%{__make} \
abb5bc8
    VERBOSE=%{?_verbose} \
7d2bfe8
    CMAKE_NO_VERBOSE=1 \
abb5bc8
    DESTDIR=%{buildroot} \
abb5bc8
    INSTALL="install -p" \
a0a6406
    --no-print-directory \
0ef3759
    install
Matthew Harmsen 8900ff7
b237001
%if %{with_test}
b237001
ctest --output-on-failure
b237001
%endif
b237001
5520795
%if %{with meta}
5520795
%{__mkdir_p} %{buildroot}%{_datadir}/doc/pki
5520795
5520795
cat > %{buildroot}%{_datadir}/doc/pki/README << EOF
bcc4aa1
This package is a "meta-package" whose dependencies pull in all of the
Alexander Scheel deb0f05
packages comprising the %{brand} Public Key Infrastructure (PKI) Suite.
5520795
EOF
5520795
b237001
# with meta
Matthew Harmsen 8900ff7
%endif
Matthew Harmsen 8900ff7
Matthew Harmsen 8900ff7
# Customize client library links in /usr/share/pki/lib
b237001
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar
b237001
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar
Matthew Harmsen 9fcd51b
098ddda
%if %{with server}
098ddda
e84d9ce
# Customize server common library links in /usr/share/pki/server/common/lib
b237001
ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar
b237001
ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar
b237001
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
Matthew Harmsen 8900ff7
b237001
# with server
b237001
%endif
5520795
Matthew Harmsen 8900ff7
%if %{with server}
Matthew Harmsen 8900ff7
Matthew Harmsen b1b4653
%pre -n pki-server
Matthew Harmsen b1b4653
getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname}
Matthew Harmsen b1b4653
if ! getent passwd %{pki_username} >/dev/null ; then
b237001
    useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username}
Matthew Harmsen b1b4653
fi
Matthew Harmsen b1b4653
exit 0
Matthew Harmsen b1b4653
b237001
# with server
b237001
%endif
Matthew Harmsen 8900ff7
5520795
%if %{with base}
5520795
9a05dd2
%post -n pki-base
6072979
025351f
if [ $1 -eq 1 ]
025351f
then
025351f
    # On RPM installation create system upgrade tracker
025351f
    echo "Configuration-Version: %{version}" > %{_sysconfdir}/pki/pki.version
9a05dd2
025351f
else
025351f
    # On RPM upgrade run system upgrade
0ef3759
    echo "Upgrading PKI system configuration at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log
0ef3759
    /sbin/pki-upgrade 2>&1 | tee -a /var/log/pki/pki-upgrade-%{version}.log
0ef3759
    echo >> /var/log/pki/pki-upgrade-%{version}.log
025351f
fi
025351f
025351f
%postun -n pki-base
025351f
025351f
if [ $1 -eq 0 ]
025351f
then
025351f
    # On RPM uninstallation remove system upgrade tracker
025351f
    rm -f %{_sysconfdir}/pki/pki.version
025351f
fi
Kevin Wright 4885a56
b237001
# with base
b237001
%endif
5520795
098ddda
%if %{with server}
098ddda
9a05dd2
%post -n pki-server
94ffff9
## NOTE:  At this time, NO attempt has been made to update ANY PKI subsystem
94ffff9
##        from EITHER 'sysVinit' OR previous 'systemd' processes to the new
94ffff9
##        PKI deployment process
94ffff9
2db9410
# Reload systemd daemons on upgrade only
2db9410
if [ "$1" == "2" ]
2db9410
then
2db9410
    systemctl daemon-reload
2db9410
fi
94ffff9
a0a6406
## preun -n pki-server
94ffff9
## NOTE:  At this time, NO attempt has been made to update ANY PKI subsystem
94ffff9
##        from EITHER 'sysVinit' OR previous 'systemd' processes to the new
94ffff9
##        PKI deployment process
94ffff9
94ffff9
a0a6406
## postun -n pki-server
94ffff9
## NOTE:  At this time, NO attempt has been made to update ANY PKI subsystem
94ffff9
##        from EITHER 'sysVinit' OR previous 'systemd' processes to the new
94ffff9
##        PKI deployment process
94ffff9
b237001
# with server
b237001
%endif
098ddda
5520795
%if %{with meta}
Alexander Scheel deb0f05
%if "%{name}" != "%{vendor_id}-pki"
5520795
################################################################################
Alexander Scheel deb0f05
%files -n %{vendor_id}-pki
5520795
################################################################################
bcc4aa1
%else
bcc4aa1
%files
bcc4aa1
%endif
5520795
5520795
%doc %{_datadir}/doc/pki/README
5520795
b237001
# with meta
b237001
%endif
5520795
5520795
%if %{with base}
abb5bc8
################################################################################
Kevin Wright 4885a56
%files -n pki-symkey
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/symkey/LICENSE
Kevin Wright 4885a56
%{_jnidir}/symkey.jar
Kevin Wright 4885a56
%{_libdir}/symkey/
Kevin Wright 4885a56
abb5bc8
################################################################################
94ffff9
%files -n pki-base
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/common/LICENSE
0ef3759
%license base/common/LICENSE.LESSER
fec8e4c
%doc %{_datadir}/doc/pki-base/html
cc4e6ee
%dir %{_datadir}/pki
cc4e6ee
%{_datadir}/pki/VERSION
b237001
%{_datadir}/pki/pom.xml
1a87eed
%dir %{_datadir}/pki/etc
1a87eed
%{_datadir}/pki/etc/pki.conf
1a87eed
%{_datadir}/pki/etc/logging.properties
b237001
%dir %{_datadir}/pki/lib
1a87eed
%dir %{_datadir}/pki/scripts
1a87eed
%{_datadir}/pki/scripts/config
025351f
%{_datadir}/pki/upgrade/
f0fe629
%{_datadir}/pki/key/templates
9a05dd2
%dir %{_sysconfdir}/pki
9a05dd2
%config(noreplace) %{_sysconfdir}/pki/pki.conf
9a05dd2
%dir %{_localstatedir}/log/pki
9a05dd2
%{_sbindir}/pki-upgrade
27299cd
%{_mandir}/man1/pki-python-client.1.gz
a78c289
%{_mandir}/man5/pki-logging.5.gz
a78c289
%{_mandir}/man8/pki-upgrade.8.gz
Kevin Wright 4885a56
abb5bc8
################################################################################
Matthew Harmsen 9fcd51b
%files -n pki-base-java
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/common/LICENSE
0ef3759
%license base/common/LICENSE.LESSER
b2f9ecc
%{_datadir}/pki/examples/java/
b237001
%{_datadir}/pki/lib/*.jar
Matthew Harmsen 9fcd51b
%dir %{_javadir}/pki
Matthew Harmsen 9fcd51b
%{_javadir}/pki/pki-cmsutil.jar
Matthew Harmsen 9fcd51b
%{_javadir}/pki/pki-certsrv.jar
Matthew Harmsen 9fcd51b
abb5bc8
################################################################################
1a87eed
%files -n python3-pki
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/common/LICENSE
0ef3759
%license base/common/LICENSE.LESSER
b237001
%if %{with server}
Matthew Harmsen 8900ff7
%exclude %{python3_sitelib}/pki/server
a0a6406
%endif
Matthew Harmsen 9fcd51b
%{python3_sitelib}/pki
Matthew Harmsen 9fcd51b
abb5bc8
################################################################################
94ffff9
%files -n pki-tools
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/native-tools/LICENSE
0ef3759
%doc base/native-tools/doc/README
94ffff9
%{_bindir}/p7tool
b237001
%{_bindir}/pistool
b237001
%{_bindir}/pki
94ffff9
%{_bindir}/revoker
94ffff9
%{_bindir}/setpin
94ffff9
%{_bindir}/sslget
94ffff9
%{_bindir}/tkstool
94ffff9
%{_datadir}/pki/native-tools/
Kevin Wright 4885a56
%{_bindir}/AtoB
Kevin Wright 4885a56
%{_bindir}/AuditVerify
Kevin Wright 4885a56
%{_bindir}/BtoA
Kevin Wright 4885a56
%{_bindir}/CMCEnroll
Kevin Wright 4885a56
%{_bindir}/CMCRequest
Kevin Wright 4885a56
%{_bindir}/CMCResponse
Kevin Wright 4885a56
%{_bindir}/CMCRevoke
82ea454
%{_bindir}/CMCSharedToken
Kevin Wright 4885a56
%{_bindir}/CRMFPopClient
Kevin Wright 8329cb5
%{_bindir}/DRMTool
Kevin Wright 4885a56
%{_bindir}/ExtJoiner
Kevin Wright 4885a56
%{_bindir}/GenExtKeyUsage
Kevin Wright 4885a56
%{_bindir}/GenIssuerAltNameExt
Kevin Wright 4885a56
%{_bindir}/GenSubjectAltNameExt
Kevin Wright 4885a56
%{_bindir}/HttpClient
Matthew Harmsen 9fcd51b
%{_bindir}/KRATool
Kevin Wright 4885a56
%{_bindir}/OCSPClient
Kevin Wright 4885a56
%{_bindir}/PKCS10Client
Kevin Wright 4885a56
%{_bindir}/PKCS12Export
b2dea93
%{_bindir}/PKICertImport
Kevin Wright 4885a56
%{_bindir}/PrettyPrintCert
Kevin Wright 4885a56
%{_bindir}/PrettyPrintCrl
Kevin Wright 4885a56
%{_bindir}/TokenInfo
Kevin Wright 4885a56
%{_javadir}/pki/pki-tools.jar
Kevin Wright 8329cb5
%{_datadir}/pki/java-tools/
b237001
%{_datadir}/pki/lib/p11-kit-trust.so
Matthew Harmsen 8900ff7
%{_mandir}/man1/AtoB.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/AuditVerify.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/BtoA.1.gz
Matthew Harmsen 5c52b73
%{_mandir}/man1/CMCEnroll.1.gz
d2b3079
%{_mandir}/man1/CMCRequest.1.gz
d2b3079
%{_mandir}/man1/CMCSharedToken.1.gz
d2b3079
%{_mandir}/man1/CMCResponse.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/DRMTool.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/KRATool.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/PrettyPrintCert.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/PrettyPrintCrl.1.gz
5b0e173
%{_mandir}/man1/pki.1.gz
Matthew Harmsen b1b4653
%{_mandir}/man1/pki-audit.1.gz
b2dea93
%{_mandir}/man1/pki-ca-cert.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/pki-ca-kraconnector.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/pki-ca-profile.1.gz
f0fe629
%{_mandir}/man1/pki-client.1.gz
f0fe629
%{_mandir}/man1/pki-group.1.gz
a42c5d1
%{_mandir}/man1/pki-group-member.1.gz
b2dea93
%{_mandir}/man1/pki-kra-key.1.gz
a78c289
%{_mandir}/man1/pki-pkcs12-cert.1.gz
a78c289
%{_mandir}/man1/pki-pkcs12-key.1.gz
a78c289
%{_mandir}/man1/pki-pkcs12.1.gz
f0fe629
%{_mandir}/man1/pki-securitydomain.1.gz
Matthew Harmsen 8900ff7
%{_mandir}/man1/pki-tps-profile.1.gz
f0fe629
%{_mandir}/man1/pki-user.1.gz
a42c5d1
%{_mandir}/man1/pki-user-cert.1.gz
Matthew Harmsen fbd659d
%{_mandir}/man1/pki-user-membership.1.gz
7879375
%{_mandir}/man1/PKCS10Client.1.gz
b2dea93
%{_mandir}/man1/PKICertImport.1.gz
Kevin Wright 4885a56
b237001
# with base
b237001
%endif
5520795
098ddda
%if %{with server}
abb5bc8
################################################################################
94ffff9
%files -n pki-server
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/common/THIRD_PARTY_LICENSES
0ef3759
%license base/server/LICENSE
f0fe629
%doc base/server/README
7879375
%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki
7879375
%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat
94ffff9
%{_sbindir}/pkispawn
94ffff9
%{_sbindir}/pkidestroy
af0980e
%{_sbindir}/pki-server
9a05dd2
%{_sbindir}/pki-server-upgrade
1a87eed
%{python3_sitelib}/pki/server/
b237001
%{_sbindir}/pki-healthcheck
b237001
%{python3_sitelib}/pki/server/healthcheck/
b237001
%{python3_sitelib}/pkihealthcheck-*.egg-info/
b237001
%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf
1a87eed
1a87eed
%{_datadir}/pki/etc/tomcat.conf
94ffff9
%dir %{_datadir}/pki/deployment
94ffff9
%{_datadir}/pki/deployment/config/
94ffff9
%{_datadir}/pki/scripts/operations
94ffff9
%{_bindir}/pkidaemon
27803e8
%{_bindir}/pki-server-nuxwdog
94ffff9
%dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants
Matthew Harmsen 9fcd51b
%attr(644,-,-) %{_unitdir}/pki-tomcatd@.service
Matthew Harmsen 9fcd51b
%attr(644,-,-) %{_unitdir}/pki-tomcatd.target
d0bfd54
%dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants
Matthew Harmsen 9fcd51b
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service
Matthew Harmsen 9fcd51b
%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target
Kevin Wright 4885a56
%{_javadir}/pki/pki-cms.jar
Kevin Wright 4885a56
%{_javadir}/pki/pki-cmsbundle.jar
94ffff9
%{_javadir}/pki/pki-tomcat.jar
9a05dd2
%dir %{_sharedstatedir}/pki
Matthew Harmsen b1b4653
%{_mandir}/man1/pkidaemon.1.gz
5b0e173
%{_mandir}/man5/pki_default.cfg.5.gz
a78c289
%{_mandir}/man5/pki-server-logging.5.gz
5b0e173
%{_mandir}/man8/pki-server-upgrade.8.gz
5b0e173
%{_mandir}/man8/pkidestroy.8.gz
5b0e173
%{_mandir}/man8/pkispawn.8.gz
Matthew Harmsen b1b4653
%{_mandir}/man8/pki-server.8.gz
0ef3759
%{_mandir}/man8/pki-server-acme.8.gz
Matthew Harmsen b1b4653
%{_mandir}/man8/pki-server-instance.8.gz
Matthew Harmsen b1b4653
%{_mandir}/man8/pki-server-subsystem.8.gz
Matthew Harmsen b1b4653
%{_mandir}/man8/pki-server-nuxwdog.8.gz
Matthew Harmsen b1b4653
%{_mandir}/man8/pki-server-migrate.8.gz
82ea454
%{_mandir}/man8/pki-server-cert.8.gz
5520795
%{_mandir}/man8/pki-server-ca.8.gz
5520795
%{_mandir}/man8/pki-server-kra.8.gz
5520795
%{_mandir}/man8/pki-server-ocsp.8.gz
5520795
%{_mandir}/man8/pki-server-tks.8.gz
5520795
%{_mandir}/man8/pki-server-tps.8.gz
b237001
%{_mandir}/man8/pki-healthcheck.8.gz
94ffff9
%{_datadir}/pki/setup/
1f14c5e
%{_datadir}/pki/server/
b237001
%{_datadir}/pki/acme/
b237001
%{_javadir}/pki/pki-acme.jar
Kevin Wright 4885a56
b237001
# with server
b237001
%endif
5520795
5520795
%if %{with ca}
abb5bc8
################################################################################
Kevin Wright 4885a56
%files -n pki-ca
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/ca/LICENSE
Kevin Wright 4885a56
%{_javadir}/pki/pki-ca.jar
Kevin Wright 4885a56
%dir %{_datadir}/pki/ca
Kevin Wright 4885a56
%{_datadir}/pki/ca/conf/
Kevin Wright 4885a56
%{_datadir}/pki/ca/emails/
b237001
%{_datadir}/pki/ca/profiles/
Kevin Wright 4885a56
%{_datadir}/pki/ca/setup/
94ffff9
%{_datadir}/pki/ca/webapps/
Kevin Wright 4885a56
b237001
# with ca
b237001
%endif
5520795
5520795
%if %{with kra}
abb5bc8
################################################################################
94ffff9
%files -n pki-kra
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/kra/LICENSE
94ffff9
%{_javadir}/pki/pki-kra.jar
94ffff9
%dir %{_datadir}/pki/kra
94ffff9
%{_datadir}/pki/kra/conf/
94ffff9
%{_datadir}/pki/kra/setup/
94ffff9
%{_datadir}/pki/kra/webapps/
94ffff9
b237001
# with kra
b237001
%endif
5520795
5520795
%if %{with ocsp}
abb5bc8
################################################################################
94ffff9
%files -n pki-ocsp
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/ocsp/LICENSE
94ffff9
%{_javadir}/pki/pki-ocsp.jar
94ffff9
%dir %{_datadir}/pki/ocsp
94ffff9
%{_datadir}/pki/ocsp/conf/
94ffff9
%{_datadir}/pki/ocsp/setup/
94ffff9
%{_datadir}/pki/ocsp/webapps/
94ffff9
b237001
# with ocsp
b237001
%endif
5520795
5520795
%if %{with tks}
abb5bc8
################################################################################
94ffff9
%files -n pki-tks
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/tks/LICENSE
94ffff9
%{_javadir}/pki/pki-tks.jar
94ffff9
%dir %{_datadir}/pki/tks
94ffff9
%{_datadir}/pki/tks/conf/
94ffff9
%{_datadir}/pki/tks/setup/
94ffff9
%{_datadir}/pki/tks/webapps/
553626b
b237001
# with tks
b237001
%endif
5520795
5520795
%if %{with tps}
abb5bc8
################################################################################
6885d7c
%files -n pki-tps
abb5bc8
################################################################################
abb5bc8
0ef3759
%license base/tps/LICENSE
553626b
%{_javadir}/pki/pki-tps.jar
553626b
%dir %{_datadir}/pki/tps
6885d7c
%{_datadir}/pki/tps/applets/
553626b
%{_datadir}/pki/tps/conf/
553626b
%{_datadir}/pki/tps/setup/
553626b
%{_datadir}/pki/tps/webapps/
f0fe629
%{_mandir}/man5/pki-tps-connector.5.gz
f0fe629
%{_mandir}/man5/pki-tps-profile.5.gz
Matthew Harmsen b1b4653
%{_mandir}/man1/tpsclient.1.gz
abb5bc8
6885d7c
# files for native 'tpsclient'
6885d7c
# REMINDER:  Remove this comment once 'tpsclient' is rewritten as a Java app
abb5bc8
6885d7c
%{_bindir}/tpsclient
6885d7c
%{_libdir}/tps/libtps.so
6885d7c
%{_libdir}/tps/libtokendb.so
94ffff9
b237001
# with tps
b237001
%endif
a0a6406
098ddda
%if %{with javadoc}
abb5bc8
################################################################################
94ffff9
%files -n pki-javadoc
abb5bc8
################################################################################
abb5bc8
94ffff9
%{_javadocdir}/pki-%{version}/
94ffff9
b237001
# with javadoc
b237001
%endif
94ffff9
5520795
%if %{with console}
5520795
################################################################################
5520795
%files -n pki-console
5520795
################################################################################
5520795
0ef3759
%license base/console/LICENSE
5520795
%{_bindir}/pkiconsole
5520795
%{_javadir}/pki/pki-console.jar
5520795
b237001
# with console
b237001
%endif
5520795
5520795
%if %{with theme}
5520795
################################################################################
Alexander Scheel deb0f05
%files -n %{vendor_id}-pki-server-theme
5520795
################################################################################
5520795
Alexander Scheel deb0f05
%license themes/%{vendor_id}/common-ui/LICENSE
5520795
%dir %{_datadir}/pki
4022991
%{_datadir}/pki/CS_SERVER_VERSION
5520795
%{_datadir}/pki/common-ui/
5520795
%{_datadir}/pki/server/webapps/pki/ca
5520795
%{_datadir}/pki/server/webapps/pki/css
5520795
%{_datadir}/pki/server/webapps/pki/esc
5520795
%{_datadir}/pki/server/webapps/pki/fonts
5520795
%{_datadir}/pki/server/webapps/pki/images
5520795
%{_datadir}/pki/server/webapps/pki/kra
5520795
%{_datadir}/pki/server/webapps/pki/ocsp
5520795
%{_datadir}/pki/server/webapps/pki/pki.properties
5520795
%{_datadir}/pki/server/webapps/pki/tks
5520795
5520795
################################################################################
Alexander Scheel deb0f05
%files -n %{vendor_id}-pki-console-theme
5520795
################################################################################
5520795
Alexander Scheel deb0f05
%license themes/%{vendor_id}/console-ui/LICENSE
5520795
%{_javadir}/pki/pki-console-theme.jar
5520795
b237001
# with theme
b237001
%endif
5520795
0ef3759
%if %{with tests}
0ef3759
################################################################################
0ef3759
%files -n pki-tests
0ef3759
################################################################################
0ef3759
0ef3759
%{_datadir}/pki/tests/
0ef3759
0ef3759
# with tests
0ef3759
%endif
0ef3759
abb5bc8
################################################################################
Kevin Wright 4885a56
%changelog
Alexander Scheel f5dda78
* Fri Sep 11 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.4-1
Alexander Scheel f5dda78
- Rebase to stable upstream v10.9.4 release
Alexander Scheel f5dda78
Alexander Scheel 02f7435
* Tue Sep 08 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.2-3
Alexander Scheel 02f7435
- Fix Fedora 31/32 to Fedora 33/rawhide upgrade path
Alexander Scheel 02f7435
  Resolves: rh-bz#1871990
Alexander Scheel 02f7435
Alexander Scheel 6d17374
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.2-2
Alexander Scheel 6d17374
- Fix permission issue during clone installation; reported by FreeIPA
Alexander Scheel 6d17374
Alexander Scheel d2b085c
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.2-1
Alexander Scheel d2b085c
- Second attempt at JDK11 Support
Alexander Scheel d2b085c
Alexander Scheel d2b085c
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.1-3
Alexander Scheel d2b085c
- Force JDK8 at runtime as well
Alexander Scheel d2b085c
Alexander Scheel ba2d827
* Tue Aug 18 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.1-2
Alexander Scheel ba2d827
- Rebuilt to fix packaging issues introduced upstream
Alexander Scheel ba2d827
Alexander Scheel deb0f05
* Mon Aug 17 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.1-1
Alexander Scheel deb0f05
- Rebuilt with v10.9.1 and patches to fix JDK11 build issues
Alexander Scheel deb0f05
a07ec91
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 10.9.0-0.7
a07ec91
- Second attempt - Rebuilt for
a07ec91
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
a07ec91
d58847a
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 10.9.0-0.6
d58847a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
d58847a
Alexander Scheel 29e9dc6
* Mon Jul 20 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.0-0.5
Alexander Scheel 29e9dc6
- Rebuild -b2 with Java 11 changes
Alexander Scheel 29e9dc6
7b33405
* Tue Jun 30 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.0-0.4
7b33405
- Rebase to match upstream beta version v10.9.0-b2
7b33405
- pki password fix for FIPS
7b33405
0ef3759
* Wed Jun 10 2020 Dogtag PKI Team <pki-devel@redhat.com> - 10.9.0-0.2
0ef3759
- Rebase to match upstream alpha version 10.9.0-a2
0ef3759
1d2a124
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 10.8.3-3
1d2a124
- Rebuilt for Python 3.9
1d2a124
Alexander Scheel 80f007c
* Mon Apr 27 2020 Dinesh Prasanth M K <dmoluguw@redhat.com> - 10.8.3-2
Alexander Scheel 80f007c
- Fix bz#1814242 / dogtag issue #3168: Fix EC admin certificate profile upgrade
Alexander Scheel 80f007c
b237001
* Thu Mar 05 2020 Dinesh Prasanth M K <dmoluguw@redhat.com> - 10.8.3-1
b237001
- Rebase to latest upstream version
b237001
- Spec cleanup to match with upstream spec
b237001
b237001
c6f0fc5
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 10.7.3-6
c6f0fc5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
c6f0fc5
84b72bb
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 10.7.3-5
84b72bb
- Rebuilt for Python 3.8.0rc1 (#1748018)
84b72bb
4457f98
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 10.7.3-4
4457f98
- Rebuilt for Python 3.8
4457f98
9449fad
* Wed Aug 14 2019 Dogtag PKI Team <pki-devel@redhat.com> - 10.7.3-3
9449fad
- Rebuild with patches applied
9449fad
599ade5
* Wed Aug 14 2019 Dogtag PKI Team <pki-devel@redhat.com> - 10.7.3-2
599ade5
- Fix URL redirection for KRA and OCSP web UI
599ade5
998e00c
* Thu Aug 08 2019 Dogtag PKI Team <pki-devel@redhat.com> - 10.7.3-1
998e00c
- Rebased to PKI 10.7.3
998e00c
0409d9f
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 10.7.0-2
0409d9f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
0409d9f
b2dea93
* Mon May 06 2019 Dogtag PKI Team <pki-devel@redhat.com> - 10.7.0-1
b2dea93
- Rebased to PKI 10.7.0
42a0ee2
Kevin Wright 4885a56