From 0ef3759e9bb0d9b0741418169ba1ddc608b5ae31 Mon Sep 17 00:00:00 2001 From: Dinesh Prasanth M K Date: Jun 10 2020 22:12:28 +0000 Subject: Rebase to match upstream alpha version 10.9.0-a2 Signed-off-by: Dinesh Prasanth M K --- diff --git a/.gitignore b/.gitignore index eb59f3d..f5b2781 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,4 @@ /pki-10.7.0.tar.gz /pki-10.7.3.tar.gz /pki-10.8.3.tar.gz +/pki-10.9.0-a2.tar.gz diff --git a/0001-Patch-ECAdminCertProfile-upgrade-script.patch b/0001-Patch-ECAdminCertProfile-upgrade-script.patch deleted file mode 100644 index 8c77561..0000000 --- a/0001-Patch-ECAdminCertProfile-upgrade-script.patch +++ /dev/null @@ -1,134 +0,0 @@ -From dc00a5c3aaf84f8fb2a3c0473e31646b9d57badc Mon Sep 17 00:00:00 2001 -From: Dinesh Prasanth M K -Date: Wed, 25 Mar 2020 16:02:15 -0400 -Subject: [PATCH] Patch ECAdminCertProfile upgrade script - -Backport of PR #355 - -The caECAdminCert profile was added 2 years ago but was never patched -to be added to the CS.cfg. Hence, when a user tries to upgrade, the path -did not exist and so, the upgrade failed. This patch adds the missing -attribute to ensure smooth upgradation process - -Move 10.8.2 upgrade script to 10.8.3 - -Resolves: BZ#1814242 -Upstream: https://pagure.io/dogtagpki/issue/3168 - -Signed-off-by: Dinesh Prasanth M K ---- - .../10.8.2/01-FixECAdminCertProfile.py | 39 ------------- - .../10.8.3/01-FixECAdminCertProfile.py | 55 +++++++++++++++++++ - 2 files changed, 55 insertions(+), 39 deletions(-) - delete mode 100644 base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py - create mode 100644 base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py - -diff --git a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py -deleted file mode 100644 -index ebdb98304..000000000 ---- a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py -+++ /dev/null -@@ -1,39 +0,0 @@ --# Authors: --# Endi S. Dewata --# --# Copyright Red Hat, Inc. --# --# SPDX-License-Identifier: GPL-2.0-or-later -- --from __future__ import absolute_import --import logging --import os -- --import pki -- --logger = logging.getLogger(__name__) -- -- --class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet): -- -- def __init__(self): -- super(FixECAdminCertProfile, self).__init__() -- self.message = 'Fix EC admin certificate profile' -- -- def upgrade_subsystem(self, instance, subsystem): -- -- if subsystem.name != 'ca': -- return -- -- self.backup(subsystem.cs_conf) -- -- path = subsystem.config.get('profile.caECAdminCert.config') -- logger.info('Current path: %s', path) -- -- dirname = os.path.dirname(path) -- -- path = os.path.join(dirname, 'caECAdminCert.cfg') -- logger.info('New path: %s', path) -- -- subsystem.config['profile.caECAdminCert.config'] = path -- subsystem.save() -diff --git a/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py -new file mode 100644 -index 000000000..92664d292 ---- /dev/null -+++ b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py -@@ -0,0 +1,55 @@ -+# Authors: -+# Endi S. Dewata -+# -+# Copyright Red Hat, Inc. -+# -+# SPDX-License-Identifier: GPL-2.0-or-later -+ -+from __future__ import absolute_import -+import logging -+import os -+ -+import pki -+ -+logger = logging.getLogger(__name__) -+ -+ -+class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet): -+ -+ def __init__(self): -+ super(FixECAdminCertProfile, self).__init__() -+ self.message = 'Fix EC admin certificate profile' -+ -+ def upgrade_subsystem(self, instance, subsystem): -+ -+ if subsystem.name != 'ca': -+ return -+ -+ self.backup(subsystem.cs_conf) -+ -+ path = subsystem.config.get('profile.caECAdminCert.config') -+ if path is None: -+ # Add missing path -+ logger.info('Missing profile.caECAdminCert.config') -+ -+ path = "{0}/profiles/{1}/caECAdminCert.cfg".format( -+ subsystem.base_dir, subsystem.name) -+ -+ else: -+ # Fix existing path -+ logger.info("Fixing profile.caECAdminCert.config") -+ dirname = os.path.dirname(path) -+ path = os.path.join(dirname, 'caECAdminCert.cfg') -+ -+ logger.info('New path: %s', path) -+ subsystem.config['profile.caECAdminCert.config'] = path -+ -+ subsystem.config['profile.caECAdminCert.class_id'] = 'caEnrollImpl' -+ -+ # check if caECAdminCert is part of profile.list -+ profile_list = subsystem.config['profile.list'].split(',') -+ if 'caECAdminCert' not in profile_list: -+ profile_list.append('caECAdminCert') -+ subsystem.config['profile.list'] = ','.join(profile_list) -+ -+ subsystem.save() --- -2.25.4 - diff --git a/pki-core.spec b/pki-core.spec index c063882..24fad5c 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -7,9 +7,9 @@ URL: http://www.dogtagpki.org/ # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -Version: 10.8.3 -Release: 3%{?_timestamp}%{?_commit_id}%{?dist} -# global _phase -a1 +Version: 10.9.0 +Release: 0.2%{?_timestamp}%{?_commit_id}%{?dist} +%global _phase -a2 # To create a tarball from a version tag: # $ git archive \ @@ -25,7 +25,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # \ # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch -Patch1: 0001-Patch-ECAdminCertProfile-upgrade-script.patch ################################################################################ # NSS @@ -157,16 +156,17 @@ fi; BuildRequires: git BuildRequires: make -BuildRequires: cmake >= 2.8.9-1 +BuildRequires: cmake >= 3.0.2 BuildRequires: gcc-c++ BuildRequires: zip BuildRequires: java-1.8.0-openjdk-devel BuildRequires: redhat-rpm-config -BuildRequires: ldapjdk >= 4.21.0 +BuildRequires: ldapjdk >= 4.22.0 BuildRequires: apache-commons-cli BuildRequires: apache-commons-codec BuildRequires: apache-commons-io BuildRequires: apache-commons-lang +BuildRequires: apache-commons-net BuildRequires: jakarta-commons-httpclient BuildRequires: glassfish-jaxb-api BuildRequires: slf4j @@ -198,13 +198,6 @@ BuildRequires: resteasy-core >= 3.0.17-1 BuildRequires: resteasy-jackson2-provider >= 3.0.17-1 %endif -# no pylint -%if 0 -BuildRequires: python3-pylint -BuildRequires: python3-flake8 >= 2.5.4 -BuildRequires: python3-pyflakes >= 1.2.3 -%endif - BuildRequires: python3 >= 3.5 BuildRequires: python3-devel BuildRequires: python3-cryptography @@ -223,8 +216,8 @@ BuildRequires: python3-pytest-runner BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 -BuildRequires: jss >= 4.6.0 -BuildRequires: tomcatjss >= 7.4.1 +BuildRequires: jss >= 4.7.0 +BuildRequires: tomcatjss >= 7.5.0 BuildRequires: systemd-units %if 0%{?rhel} @@ -251,6 +244,13 @@ BuildRequires: go-md2man BuildRequires: golang-github-cpuguy83-md2man %endif +# pki-healthcheck depends on the following library +%if 0%{?rhel} +BuildRequires: ipa-healthcheck-core +%else +BuildRequires: freeipa-healthcheck-core +%endif + # PKICertImport depends on certutil and openssl BuildRequires: nss-tools BuildRequires: openssl @@ -333,7 +333,7 @@ Summary: PKI Symmetric Key Package Requires: java-1.8.0-openjdk-headless Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.6.0 +Requires: jss >= 4.7.0 Requires: nss >= 3.38.0 # Ensure we end up with a useful installation @@ -355,8 +355,8 @@ BuildArch: noarch Requires: nss >= 3.36.1 -Requires: python3-pki = %{version} -Requires(post): python3-pki = %{version} +Requires: python3-pki = %{version}-%{release} +Requires(post): python3-pki = %{version}-%{release} # Ensure we end up with a useful installation Conflicts: pki-symkey < %{version} @@ -381,7 +381,7 @@ Provides: pki-base-python3 = %{version} %{?python_provide:%python_provide python3-pki} %endif -Requires: pki-base = %{version} +Requires: pki-base = %{version}-%{release} Requires: python3 >= 3.5 Requires: python3-cryptography Requires: python3-lxml @@ -405,14 +405,15 @@ Requires: apache-commons-codec Requires: apache-commons-io Requires: apache-commons-lang Requires: apache-commons-logging +Requires: apache-commons-net Requires: jakarta-commons-httpclient Requires: glassfish-jaxb-api Requires: slf4j Requires: slf4j-jdk14 Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.6.0 -Requires: ldapjdk >= 4.21.0 -Requires: pki-base = %{version} +Requires: jss >= 4.7.0 +Requires: ldapjdk >= 4.22.0 +Requires: pki-base = %{version}-%{release} %if 0%{?rhel} Requires: resteasy >= 3.0.26 @@ -441,7 +442,7 @@ Summary: PKI Tools Package Requires: openldap-clients Requires: nss-tools >= 3.36.1 -Requires: pki-base-java = %{version} +Requires: pki-base-java = %{version}-%{release} Requires: p11-kit-trust # PKICertImport depends on certutil and openssl @@ -470,8 +471,8 @@ Requires: policycoreutils Requires: procps-ng Requires: openldap-clients Requires: openssl -Requires: pki-symkey = %{version} -Requires: pki-tools = %{version} +Requires: pki-symkey = %{version}-%{release} +Requires: pki-tools = %{version}-%{release} Requires: keyutils @@ -495,7 +496,7 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils -Requires: tomcatjss >= 7.4.1 +Requires: tomcatjss >= 7.5.0 # pki-healthcheck depends on the following library %if 0%{?rhel} @@ -511,6 +512,13 @@ Conflicts: ipa-server < 4.7.1 Conflicts: freeipa-server < 4.7.1 %endif +Provides: bundled(js-backbone) = 1.4.0 +Provides: bundled(js-bootstrap) = 3.4.1 +Provides: bundled(js-jquery) = 3.5.1 +Provides: bundled(js-jquery-i18n-properties) = 1.2.7 +Provides: bundled(js-patternfly) = 3.59.2 +Provides: bundled(js-underscore) = 1.9.2 + %description -n pki-server The PKI Server Package contains libraries and utilities needed by the following PKI subsystems: @@ -532,7 +540,7 @@ following PKI subsystems: Summary: PKI CA Package BuildArch: noarch -Requires: pki-server = %{version} +Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -557,7 +565,7 @@ where it obtains its own signing certificate from a public CA. Summary: PKI KRA Package BuildArch: noarch -Requires: pki-server = %{version} +Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -772,6 +780,20 @@ Dogtag textual and graphical user interface for PKI Console. # with theme %endif +%if %{with tests} +################################################################################ +%package -n pki-tests +################################################################################ + +Summary: PKI Tests +BuildArch: noarch + +%description -n pki-tests +This package contains PKI test suite. + +# with tests +%endif + ################################################################################ %prep ################################################################################ @@ -816,20 +838,28 @@ cd build -DTHEME=%{?with_theme:%{brand}} \ .. +# Do not use _smp_mflags to preserve build order +%{__make} \ + VERBOSE=%{?_verbose} \ + CMAKE_NO_VERBOSE=1 \ + DESTDIR=%{buildroot} \ + INSTALL="install -p" \ + --no-print-directory \ + all + ################################################################################ %install ################################################################################ cd build -# Do not use _smp_mflags to preserve build order %{__make} \ VERBOSE=%{?_verbose} \ CMAKE_NO_VERBOSE=1 \ DESTDIR=%{buildroot} \ INSTALL="install -p" \ --no-print-directory \ - all install + install %if %{with_test} ctest --output-on-failure @@ -857,31 +887,6 @@ ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxr ln -sf /usr/share/java/jboss-logging/jboss-logging.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar -# no pylint -%if 0 - -################################################################################ -echo "Scanning Python code with pylint" -################################################################################ - -%{python_executable} -I ../tools/pylint-build-scan.py rpm --prefix %{buildroot} -if [ $? -ne 0 ]; then - echo "pylint for Python 3 failed. RC: $?" - exit 1 -fi - -################################################################################ -echo "Scanning Python code with flake8" -################################################################################ - -python3-flake8 --config ../tox.ini %{buildroot} -if [ $? -ne 0 ]; then - echo "flake8 for Python 3 failed. RC: $?" - exit 1 -fi - -%endif - # with server %endif @@ -908,9 +913,9 @@ then else # On RPM upgrade run system upgrade - echo "Upgrading PKI system configuration at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log 2>&1 - /sbin/pki-upgrade --silent >> /var/log/pki/pki-upgrade-%{version}.log 2>&1 - echo >> /var/log/pki/pki-upgrade-%{version}.log 2>&1 + echo "Upgrading PKI system configuration at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log + /sbin/pki-upgrade 2>&1 | tee -a /var/log/pki/pki-upgrade-%{version}.log + echo >> /var/log/pki/pki-upgrade-%{version}.log fi %postun -n pki-base @@ -931,10 +936,6 @@ fi ## from EITHER 'sysVinit' OR previous 'systemd' processes to the new ## PKI deployment process -echo "Upgrading PKI server configuration on `/bin/date`." >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 -/sbin/pki-server upgrade --silent >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 -echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 - # Reload systemd daemons on upgrade only if [ "$1" == "2" ] then @@ -974,7 +975,7 @@ fi %files -n pki-symkey ################################################################################ -%doc base/symkey/LICENSE +%license base/symkey/LICENSE %{_jnidir}/symkey.jar %{_libdir}/symkey/ @@ -982,8 +983,8 @@ fi %files -n pki-base ################################################################################ -%doc base/common/LICENSE -%doc base/common/LICENSE.LESSER +%license base/common/LICENSE +%license base/common/LICENSE.LESSER %doc %{_datadir}/doc/pki-base/html %dir %{_datadir}/pki %{_datadir}/pki/VERSION @@ -1008,21 +1009,20 @@ fi %files -n pki-base-java ################################################################################ -%doc base/common/LICENSE -%doc base/common/LICENSE.LESSER +%license base/common/LICENSE +%license base/common/LICENSE.LESSER %{_datadir}/pki/examples/java/ %{_datadir}/pki/lib/*.jar %dir %{_javadir}/pki %{_javadir}/pki/pki-cmsutil.jar -%{_javadir}/pki/pki-nsutil.jar %{_javadir}/pki/pki-certsrv.jar ################################################################################ %files -n python3-pki ################################################################################ -%doc base/common/LICENSE -%doc base/common/LICENSE.LESSER +%license base/common/LICENSE +%license base/common/LICENSE.LESSER %if %{with server} %exclude %{python3_sitelib}/pki/server %endif @@ -1032,7 +1032,8 @@ fi %files -n pki-tools ################################################################################ -%doc base/native-tools/LICENSE base/native-tools/doc/README +%license base/native-tools/LICENSE +%doc base/native-tools/doc/README %{_bindir}/p7tool %{_bindir}/pistool %{_bindir}/pki @@ -1106,8 +1107,8 @@ fi %files -n pki-server ################################################################################ -%doc base/common/THIRD_PARTY_LICENSES -%doc base/server/LICENSE +%license base/common/THIRD_PARTY_LICENSES +%license base/server/LICENSE %doc base/server/README %attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki %attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat @@ -1144,6 +1145,7 @@ fi %{_mandir}/man8/pkidestroy.8.gz %{_mandir}/man8/pkispawn.8.gz %{_mandir}/man8/pki-server.8.gz +%{_mandir}/man8/pki-server-acme.8.gz %{_mandir}/man8/pki-server-instance.8.gz %{_mandir}/man8/pki-server-subsystem.8.gz %{_mandir}/man8/pki-server-nuxwdog.8.gz @@ -1168,7 +1170,7 @@ fi %files -n pki-ca ################################################################################ -%doc base/ca/LICENSE +%license base/ca/LICENSE %{_javadir}/pki/pki-ca.jar %dir %{_datadir}/pki/ca %{_datadir}/pki/ca/conf/ @@ -1185,7 +1187,7 @@ fi %files -n pki-kra ################################################################################ -%doc base/kra/LICENSE +%license base/kra/LICENSE %{_javadir}/pki/pki-kra.jar %dir %{_datadir}/pki/kra %{_datadir}/pki/kra/conf/ @@ -1200,7 +1202,7 @@ fi %files -n pki-ocsp ################################################################################ -%doc base/ocsp/LICENSE +%license base/ocsp/LICENSE %{_javadir}/pki/pki-ocsp.jar %dir %{_datadir}/pki/ocsp %{_datadir}/pki/ocsp/conf/ @@ -1215,7 +1217,7 @@ fi %files -n pki-tks ################################################################################ -%doc base/tks/LICENSE +%license base/tks/LICENSE %{_javadir}/pki/pki-tks.jar %dir %{_datadir}/pki/tks %{_datadir}/pki/tks/conf/ @@ -1230,7 +1232,7 @@ fi %files -n pki-tps ################################################################################ -%doc base/tps/LICENSE +%license base/tps/LICENSE %{_javadir}/pki/pki-tps.jar %dir %{_datadir}/pki/tps %{_datadir}/pki/tps/applets/ @@ -1266,7 +1268,7 @@ fi %files -n pki-console ################################################################################ -%doc base/console/LICENSE +%license base/console/LICENSE %{_bindir}/pkiconsole %{_javadir}/pki/pki-console.jar @@ -1278,7 +1280,7 @@ fi %files -n %{brand}-pki-server-theme ################################################################################ -%doc themes/%{brand}/common-ui/LICENSE +%license themes/%{brand}/common-ui/LICENSE %dir %{_datadir}/pki %{_datadir}/pki/CS_SERVER_VERSION %{_datadir}/pki/common-ui/ @@ -1296,14 +1298,27 @@ fi %files -n %{brand}-pki-console-theme ################################################################################ -%doc themes/%{brand}/console-ui/LICENSE +%license themes/%{brand}/console-ui/LICENSE %{_javadir}/pki/pki-console-theme.jar # with theme %endif +%if %{with tests} +################################################################################ +%files -n pki-tests +################################################################################ + +%{_datadir}/pki/tests/ + +# with tests +%endif + ################################################################################ %changelog +* Wed Jun 10 2020 Dogtag PKI Team - 10.9.0-0.2 +- Rebase to match upstream alpha version 10.9.0-a2 + * Tue May 26 2020 Miro HronĨok - 10.8.3-3 - Rebuilt for Python 3.9 diff --git a/sources b/sources index 5fab16d..7dea355 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.8.3.tar.gz) = 7b771481a8eeb77f89f6ea2d2f406add9183ac5c9f592a65d3f537af764e74ecd958e37cfbbf7196980bcb960e4750122a5498a5c573152bd94a7805292f7a55 +SHA512 (pki-10.9.0-a2.tar.gz) = 1e82038cd1107d76a5d7a49bf9088fbf36c6835d62dbb650f3e933b94e5438749ad0f39d61b2c8df7fdcd9327b70d496041e390c60ccaa1cdf253c69a5a691af