From 553626be028c49faf4706cc842c241b600306ad0 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Sep 18 2013 20:58:08 +0000 Subject: Initial F20 import --- diff --git a/.gitignore b/.gitignore index ed1769b..d76e4bf 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /pki-core-10.0.3.tar.gz /pki-core-10.0.4.tar.gz /pki-core-10.0.5.tar.gz +/pki-core-10.1.0.tar.gz diff --git a/pki-core.spec b/pki-core.spec index 96e8d02..a6fceb4 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -4,8 +4,8 @@ distutils.sysconfig import get_python_lib; print(get_python_lib())")} distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} Name: pki-core -Version: 10.0.5 -Release: 1%{?dist} +Version: 10.1.0 +Release: 0.10%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -15,7 +15,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: cmake >= 2.8.9-1 BuildRequires: zip -BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: java-devel >= 1:1.7.0 BuildRequires: redhat-rpm-config BuildRequires: ldapjdk BuildRequires: apache-commons-cli @@ -40,6 +40,11 @@ BuildRequires: resteasy-base-jettison-provider BuildRequires: resteasy >= 2.3.2-1 %endif +BuildRequires: pylint +BuildRequires: python-requests +BuildRequires: libselinux-python +BuildRequires: policycoreutils-python +BuildRequires: python-ldap BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 %if 0%{?rhel} || 0%{?fedora} >= 19 @@ -99,17 +104,19 @@ PKI Core contains ALL top-level java-based Tomcat PKI components: \ * pki-selinux (f17 only) \ * pki-server \ * pki-ca \ - * pki-kra (fedora only) \ - * pki-ocsp (fedora only) \ - * pki-tks (fedora only) \ + * pki-kra \ + * pki-ocsp \ + * pki-tks \ + * pki-tps-tomcat \ * pki-javadoc \ \ which comprise the following corresponding PKI subsystems: \ \ * Certificate Authority (CA) \ - * Data Recovery Manager (DRM) (fedora only) \ - * Online Certificate Status Protocol (OCSP) Manager (fedora only) \ - * Token Key Service (TKS) (fedora only) \ + * Data Recovery Manager (DRM) \ + * Online Certificate Status Protocol (OCSP) Manager \ + * Token Key Service (TKS) \ + * Token Processing Service (TPS) \ \ For deployment purposes, PKI Core contains fundamental packages \ required by BOTH native-based Apache AND java-based Tomcat \ @@ -155,7 +162,7 @@ least one PKI Theme package: \ Summary: Symmetric Key JNI Package Group: System Environment/Libraries -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: nss Requires: jpackage-utils >= 0:1.7.5-10 %if 0%{?rhel} || 0%{?fedora} >= 19 @@ -195,7 +202,7 @@ Requires: apache-commons-codec Requires: apache-commons-io Requires: apache-commons-lang Requires: apache-commons-logging -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: javassist Requires: jettison Requires: jpackage-utils >= 0:1.7.5-10 @@ -242,7 +249,7 @@ Obsoletes: pki-java-tools < %{version}-%{release} Requires: openldap-clients Requires: nss Requires: nss-tools -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: pki-base = %{version}-%{release} Requires: jpackage-utils >= 0:1.7.5-10 @@ -269,7 +276,7 @@ Obsoletes: pki-deploy < %{version}-%{release} Obsoletes: pki-setup < %{version}-%{release} Obsoletes: pki-silent < %{version}-%{release} -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: java-atk-wrapper Requires: net-tools Requires: perl(File::Slurp) @@ -278,7 +285,6 @@ Requires: perl-Crypt-SSLeay Requires: policycoreutils Requires: openldap-clients Requires: pki-base = %{version}-%{release} -Requires: pki-symkey = %{version}-%{release} Requires: pki-tools = %{version}-%{release} %if ! 0%{?rhel} && 0%{?fedora} <= 17 @@ -309,8 +315,9 @@ The PKI Server Framework is required by the following four PKI subsystems: the Certificate Authority (CA), the Data Recovery Manager (DRM), - the Online Certificate Status Protocol (OCSP) Manager, and - the Token Key Service (TKS). + the Online Certificate Status Protocol (OCSP) Manager, + the Token Key Service (TKS), and + the Token Processing Service (TPS). This package is a part of the PKI Core used by the Certificate System. The package contains scripts to create and remove PKI subsystems. @@ -343,7 +350,7 @@ Group: System Environment/Daemons BuildArch: noarch -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units @@ -364,14 +371,13 @@ provided by the PKI Core used by the Certificate System. %{overview} -%if ! 0%{?rhel} %package -n pki-kra Summary: Certificate System - Data Recovery Manager Group: System Environment/Daemons BuildArch: noarch -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units @@ -396,17 +402,15 @@ This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. %{overview} -%endif -%if ! 0%{?rhel} %package -n pki-ocsp Summary: Certificate System - Online Certificate Status Protocol Manager Group: System Environment/Daemons BuildArch: noarch -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: pki-server = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units @@ -438,18 +442,17 @@ This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. %{overview} -%endif -%if ! 0%{?rhel} %package -n pki-tks Summary: Certificate System - Token Key Service Group: System Environment/Daemons BuildArch: noarch -Requires: java >= 1:1.6.0 +Requires: java >= 1:1.7.0 Requires: pki-server = %{version}-%{release} +Requires: pki-symkey = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -474,7 +477,38 @@ This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. %{overview} -%endif + + +%package -n pki-tps-tomcat +Summary: Certificate System - Token Processing Service +Group: System Environment/Daemons + +BuildArch: noarch + +Provides: pki-tps +Requires: java >= 1:1.7.0 +Requires: pki-server = %{version}-%{release} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +%description -n pki-tps-tomcat +The Token Processing System (TPS) is an optional PKI subsystem that acts +as a Registration Authority (RA) for authenticating and processing +enrollment requests, PIN reset requests, and formatting requests from +the Enterprise Security Client (ESC). + +TPS is designed to communicate with tokens that conform to +Global Platform's Open Platform Specification. + +TPS communicates over SSL with various PKI backend subsystems (including +the Certificate Authority (CA), the Data Recovery Manager (DRM), and the +Token Key Service (TKS)) to fulfill the user's requests. + +TPS also interacts with the token database, an LDAP server that stores +information about individual tokens. + +%{overview} %package -n pki-javadoc @@ -522,11 +556,6 @@ cd build %if ! 0%{?rhel} && 0%{?fedora} <= 17 -DBUILD_PKI_SELINUX:BOOL=ON \ %endif -%if 0%{?rhel} - -DBUILD_PKI_KRA:BOOL=OFF \ - -DBUILD_PKI_OCSP:BOOL=OFF \ - -DBUILD_PKI_TKS:BOOL=OFF \ -%endif .. %{__make} VERBOSE=1 %{?_smp_mflags} all # %{__make} VERBOSE=1 %{?_smp_mflags} test @@ -537,6 +566,12 @@ cd build cd build %{__make} install DESTDIR=%{buildroot} INSTALL="install -p" +# Scanning the python code with pylint. A return value of 0 represents there are no +# errors or warnings reported by pylint. +sh ../pylint-build-scan.sh %{buildroot} `pwd` +if [ $? -eq 1 ]; then + exit 1 +fi # Fedora 18 and 17: Substitute 'tomcat7jss.jar' for 'tomcatjss.jar' %if ! 0%{?rhel} && 0%{?fedora} <= 18 sed -i -e 's/grant codeBase "file:\/usr\/share\/java\/tomcatjss.jar" {/grant codeBase "file:\/usr\/share\/java\/tomcat7jss.jar" {/' %{buildroot}%{_datadir}/pki/server/conf/pki.policy @@ -555,43 +590,37 @@ echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfile echo "D /var/lock/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf -%if ! 0%{?rhel} # generate 'pki-kra.conf' under the 'tmpfiles.d' directory echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf echo "D /var/lock/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf echo "D /var/run/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf -%endif -%if ! 0%{?rhel} # generate 'pki-ocsp.conf' under the 'tmpfiles.d' directory echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf echo "D /var/lock/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf echo "D /var/run/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf -%endif # generate 'pki-tomcat.conf' under the 'tmpfiles.d' directory echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf echo "D /var/lock/pki/tomcat 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf echo "D /var/run/pki/tomcat 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf -%if ! 0%{?rhel} # generate 'pki-tks.conf' under the 'tmpfiles.d' directory echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf echo "D /var/lock/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf -%endif +# generate 'pki-tps.conf' under the 'tmpfiles.d' directory +echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf +echo "D /var/lock/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf +echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf +echo "D /var/run/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf %{__rm} %{buildroot}%{_initrddir}/pki-cad -%if ! 0%{?rhel} %{__rm} %{buildroot}%{_initrddir}/pki-krad -%endif -%if ! 0%{?rhel} %{__rm} %{buildroot}%{_initrddir}/pki-ocspd -%endif -%if ! 0%{?rhel} %{__rm} %{buildroot}%{_initrddir}/pki-tksd -%endif +%{__rm} %{buildroot}%{_initrddir}/pki-tpsd %{__rm} -rf %{buildroot}%{_datadir}/pki/server/lib @@ -722,7 +751,6 @@ fi %fix_tomcat_log ca -%if ! 0%{?rhel} %post -n pki-kra # Attempt to update ALL old "KRA" instances to "systemd" if [ -d /etc/sysconfig/pki/kra ]; then @@ -752,10 +780,8 @@ if [ -d /etc/sysconfig/pki/kra ]; then fi /bin/systemctl daemon-reload >/dev/null 2>&1 || : %fix_tomcat_log kra -%endif -%if ! 0%{?rhel} %post -n pki-ocsp # Attempt to update ALL old "OCSP" instances to "systemd" if [ -d /etc/sysconfig/pki/ocsp ]; then @@ -785,10 +811,8 @@ if [ -d /etc/sysconfig/pki/ocsp ]; then fi /bin/systemctl daemon-reload >/dev/null 2>&1 || : %fix_tomcat_log ocsp -%endif -%if ! 0%{?rhel} %post -n pki-tks # Attempt to update ALL old "TKS" instances to "systemd" if [ -d /etc/sysconfig/pki/tks ]; then @@ -818,7 +842,6 @@ if [ -d /etc/sysconfig/pki/tks ]; then fi /bin/systemctl daemon-reload >/dev/null 2>&1 || : %fix_tomcat_log tks -%endif %post -n pki-server @@ -838,31 +861,25 @@ if [ $1 = 0 ] ; then fi -%if ! 0%{?rhel} %preun -n pki-kra if [ $1 = 0 ] ; then /bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || : /bin/systemctl stop pki-krad.target > /dev/null 2>&1 || : fi -%endif -%if ! 0%{?rhel} %preun -n pki-ocsp if [ $1 = 0 ] ; then /bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || : /bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || : fi -%endif -%if ! 0%{?rhel} %preun -n pki-tks if [ $1 = 0 ] ; then /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || : /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || : fi -%endif ## %preun -n pki-server @@ -878,31 +895,25 @@ if [ "$1" -ge "1" ] ; then fi -%if ! 0%{?rhel} %postun -n pki-kra /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || : fi -%endif -%if ! 0%{?rhel} %postun -n pki-ocsp /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || : fi -%endif -%if ! 0%{?rhel} %postun -n pki-tks /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || : fi -%endif ## %postun -n pki-server @@ -982,7 +993,6 @@ fi %{_sbindir}/pkidestroy %{_sbindir}/pki-server-upgrade #%{_bindir}/pki-setup-proxy -%{python_sitelib}/pki/deployment/ %{python_sitelib}/pki/server/ %dir %{_datadir}/pki/deployment %{_datadir}/pki/deployment/config/ @@ -1057,7 +1067,6 @@ fi %config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ca.conf -%if ! 0%{?rhel} %files -n pki-kra %defattr(-,root,root,-) %doc base/kra/LICENSE @@ -1077,10 +1086,8 @@ fi # * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft # %config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-kra.conf -%endif -%if ! 0%{?rhel} %files -n pki-ocsp %defattr(-,root,root,-) %doc base/ocsp/LICENSE @@ -1100,10 +1107,8 @@ fi # * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft # %config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ocsp.conf -%endif -%if ! 0%{?rhel} %files -n pki-tks %defattr(-,root,root,-) %doc base/tks/LICENSE @@ -1123,7 +1128,27 @@ fi # * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft # %config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tks.conf -%endif + + +%files -n pki-tps-tomcat +%defattr(-,root,root,-) +%doc base/tps/LICENSE +%dir %{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{_unitdir}/pki-tpsd@.service +%{_unitdir}/pki-tpsd.target +%{_javadir}/pki/pki-tps.jar +%dir %{_datadir}/pki/tps +%{_datadir}/pki/tps/conf/ +%{_datadir}/pki/tps/setup/ +%{_datadir}/pki/tps/webapps/ +%dir %{_localstatedir}/lock/pki/tps +%dir %{_localstatedir}/run/pki/tps +# Details: +# +# * https://fedoraproject.org/wiki/Features/var-run-tmpfs +# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft +# +%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tps.conf %if %{?_without_javadoc:0}%{!?_without_javadoc:1} @@ -1134,44 +1159,41 @@ fi %changelog -* Fri Sep 6 2013 Ade Lee 10.0.5-1 -- Roll release to next version - -* Fri Aug 2 2013 Ade Lee 10.0.4-2 -- Trac Ticket 699 - on upgrade to F19, CA fails to start. +* Wed Aug 14 2013 Endi S. Dewata 10.1.0-0.10 +- Moved Tomcat-based TPS into pki-core. -* Thu Jul 25 2013 Ade Lee 10.0.4-1 -- Change release number for official release +* Wed Aug 14 2013 Abhishek Koneru 10.1.0.0.9 +- Listed new packages required during build, due to issues reported + by pylint. +- Packages added: python-requests, python-ldap, libselinux-python, + policycoreutils-python -* Wed Jul 24 2013 Matthew Harmsen 10.0.4-0.4 -- Bugzilla Bug #986506 - Need to determine RPM packages to be excluded - from compose . . . (exclude pki-kra, pki-ocsp, and pki-tks from rhel 7) - -* Wed Jul 17 2013 Endi S. Dewata 10.0.4-0.3 +* Fri Aug 09 2013 Abhishek Koneru 10.1.0.0.8 +- Added pylint scan to the build process. + +* Mon Jul 22 2013 Endi S. Dewata 10.1.0-0.7 - Added man pages for upgrade tools. + +* Wed Jul 17 2013 Endi S. Dewata 10.1.0-0.6 - Cleaned up the code to install man pages. -* Tue Jul 9 2013 Ade Lee 10.0.4-0.2 +* Tue Jul 16 2013 Endi S. Dewata 10.1.0-0.5 +- Reorganized deployment tools. + +* Tue Jul 9 2013 Ade Lee 10.1.0-0.4 - Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies -* Wed Jun 26 2013 Ade Lee 10.0.4-0.1 -- Roll release to next version - -* Mon Jun 10 2013 Ade Lee 10.0.3-2 -- TRAC Ticket 646 - PKCS12Export fails on F19 -- Bugzilla Bug 961522 - allows key to be exported - -* Thu Jun 6 2013 Ade Lee 10.0.3-1 -- Change release number for official release. +* Fri Jun 14 2013 Endi S. Dewata 10.1.0-0.3 +- Updated dependencies to Java 1.7. -* Wed Jun 5 2013 Matthew Harmsen 10.0.3-0.2 +* Wed Jun 5 2013 Matthew Harmsen 10.1.0-0.2 - TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory -* Tue May 7 2013 Ade Lee 10.0.3-0.1 -- Roll release to next version. +* Tue May 7 2013 Ade Lee 10.1.0-0.1 +- Change release number for 10.1 development * Mon May 6 2013 Endi S. Dewata 10.0.2-5 - Fixed incorrect JNI_JAR_DIR. diff --git a/sources b/sources index 4bb55a5..94fd2ad 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -004bd74d7df6e862e6b4db69ee881868 pki-core-10.0.5.tar.gz +784439d17c982491dd959588a0450006 pki-core-10.1.0.tar.gz