diff --git a/.gitignore b/.gitignore index d03de8e..afa8c77 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,4 @@ /pki-core-10.6.0.tar.gz /pki-10.6.0.tar.gz /pki-10.6.0-beta2.tar.gz +/pki-10.6.1.tar.gz diff --git a/pki-core.spec b/pki-core.spec index f90d2fe..bbed9b5 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -7,14 +7,27 @@ URL: http://www.dogtagpki.org/ License: GPLv2 %if 0%{?rhel} -Version: 10.6.0 -Release: 1%{?_timestamp}%{?_commit}%{?dist} +Version: 10.6.1 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} %else -Version: 10.6.0 -Release: 1%{?_timestamp}%{?_commit}%{?dist} +Version: 10.6.1 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} %endif -Source: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{version}.tar.gz +# To create a tarball from a version tag: +# $ git archive \ +# --format=tar.gz \ +# --prefix pki-/ \ +# -o pki-.tar.gz \ +# +Source: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{version}.tar.gz + +# To create a patch for all changes since a version tag: +# $ git format-patch \ +# --stdout \ +# \ +# > pki-VERSION-RELEASE.patch +# Patch: pki-VERSION-RELEASE.patch ################################################################################ # Python @@ -45,7 +58,7 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{ver # Java ################################################################################ -%define java_home /usr/lib/jvm/jre-1.8.0-openjdk +%define java_home %{_usr}/lib/jvm/jre-1.8.0-openjdk ################################################################################ # Tomcat @@ -77,9 +90,9 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{ver # PKI ################################################################################ +%bcond_without test %bcond_without server %bcond_without javadoc -%bcond_without test # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app @@ -97,6 +110,9 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{ver # Build Dependencies ################################################################################ +# autosetup +BuildRequires: git + BuildRequires: cmake >= 2.8.9-1 BuildRequires: gcc-c++ BuildRequires: zip @@ -113,7 +129,7 @@ BuildRequires: slf4j BuildRequires: slf4j-jdk14 %endif BuildRequires: nspr-devel -BuildRequires: nss-devel >= 3.28.3 +BuildRequires: nss-devel >= 3.36.1 %if 0%{?rhel} && 0%{?rhel} <= 7 BuildRequires: nuxwdog-client-java >= 1.0.3-7 @@ -211,7 +227,10 @@ BuildRequires: tomcatjss >= 7.3.0 %endif BuildRequires: systemd-units -%if 0%{?fedora} >= 27 || 0%{?rhel} > 7 +%if 0%{?fedora} >= 29 || 0%{?rhel} > 7 +BuildRequires: tomcat >= 1:9.0.7 +%else +%if 0%{?fedora} >= 27 BuildRequires: tomcat >= 1:8.5.23 %else %if 0%{?fedora} @@ -220,6 +239,7 @@ BuildRequires: tomcat >= 8.0.49 BuildRequires: tomcat >= 7.0.69 %endif %endif +%endif %if 0%{?with_python3} BuildRequires: python3 @@ -287,7 +307,7 @@ Requires: jss >= 4.4.0-11 %else Requires: jss >= 4.4.2-9 %endif -Requires: nss >= 3.28.3 +Requires: nss >= 3.36.1 Provides: symkey = %{version}-%{release} @@ -329,7 +349,7 @@ Obsoletes: pki-util < %{version}-%{release} Conflicts: freeipa-server < 3.0.0 -Requires: nss >= 3.28.3 +Requires: nss >= 3.36.1 %if 0%{?with_python3_default} Requires: python3-pki = %{version}-%{release} Requires(post): python3-pki = %{version}-%{release} @@ -351,11 +371,11 @@ written in Python. Summary: PKI Python 2 Package BuildArch: noarch -Obsoletes: pki-base-python2 < 10.6 +Obsoletes: pki-base-python2 < %{version} Provides: pki-base-python2 = %{version}-%{release} %{?python_provide:%python_provide python2-pki} -Requires: pki-base = %{version}-%{release} +Requires: pki-base >= %{version}-%{release} Requires: python2-cryptography %if 0%{?fedora} >= 28 || 0%{?rhel} > 7 Requires: python2-nss @@ -398,7 +418,7 @@ Requires: jss >= 4.4.0-11 Requires: jss >= 4.4.2-9 %endif Requires: ldapjdk >= 4.19-5 -Requires: pki-base = %{version}-%{release} +Requires: pki-base >= %{version}-%{release} %if 0%{?rhel} && 0%{?rhel} <= 7 # 'resteasy-base' is a subset of the complete set of @@ -436,11 +456,11 @@ written in Java. Summary: PKI Python 3 Package BuildArch: noarch -Obsoletes: pki-base-python3 < 10.6 +Obsoletes: pki-base-python3 < %{version} Provides: pki-base-python3 = %{version}-%{release} %{?python_provide:%python_provide python3-pki} -Requires: pki-base = %{version}-%{release} +Requires: pki-base >= %{version}-%{release} Requires: python3-cryptography Requires: python3-lxml Requires: python3-nss @@ -465,10 +485,10 @@ Obsoletes: pki-native-tools < %{version}-%{release} Obsoletes: pki-java-tools < %{version}-%{release} Requires: openldap-clients -Requires: nss-tools >= 3.28.3 +Requires: nss-tools >= 3.36.1 Requires: java-1.8.0-openjdk-headless -Requires: pki-base = %{version}-%{release} -Requires: pki-base-java = %{version}-%{release} +Requires: pki-base >= %{version}-%{release} +Requires: pki-base-java >= %{version}-%{release} Requires: jpackage-utils >= 0:1.7.5-10 %if 0%{?fedora} || 0%{?rhel} > 7 Requires: tomcat-servlet-3.1-api @@ -479,7 +499,6 @@ This package contains PKI executables that can be used to help make Certificate System into a more complete and robust PKI solution. %if %{with server} - ################################################################################ %package -n pki-server ################################################################################ @@ -501,9 +520,9 @@ Requires: hostname Requires: net-tools %if 0%{?rhel} && 0%{?rhel} <= 7 -Requires: nuxwdog-client-java >= 1.0.3-7 +Requires: nuxwdog-client-java >= 1.0.3-7 %else -Requires: nuxwdog-client-java >= 1.0.3-13 +Requires: nuxwdog-client-java >= 1.0.3-13 %endif Requires: policycoreutils @@ -514,9 +533,10 @@ Requires: openssl >= 1.0.2k-11 %else Requires: openssl %endif -Requires: pki-base = %{version}-%{release} -Requires: pki-base-java = %{version}-%{release} -Requires: pki-tools = %{version}-%{release} +Requires: pki-symkey >= %{version}-%{release} +Requires: pki-base >= %{version}-%{release} +Requires: pki-base-java >= %{version}-%{release} +Requires: pki-tools >= %{version}-%{release} %if 0%{?fedora} || 0%{?rhel} > 7 Requires: policycoreutils-python-utils %endif @@ -544,9 +564,12 @@ Requires: policycoreutils-python %endif # with_python3_default Requires: selinux-policy-targeted >= 3.13.1-159 -Obsoletes: pki-selinux +Obsoletes: pki-selinux < %{version}-%{release} -%if 0%{?fedora} >= 27 || 0%{?rhel} > 7 +%if 0%{?fedora} >= 29 || 0%{?rhel} > 7 +Requires: tomcat >= 1:9.0.7 +%else +%if 0%{?fedora} >= 27 Requires: tomcat >= 1:8.5.23 %else %if 0%{?fedora} @@ -555,6 +578,7 @@ Requires: tomcat >= 8.0.49 Requires: tomcat >= 7.0.69 %endif %endif +%endif Requires: velocity Requires(post): systemd-units @@ -601,7 +625,7 @@ Summary: PKI CA Package BuildArch: noarch Requires: java-1.8.0-openjdk-headless -Requires: pki-server = %{version}-%{release} +Requires: pki-server >= %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -623,7 +647,7 @@ Summary: PKI KRA Package BuildArch: noarch Requires: java-1.8.0-openjdk-headless -Requires: pki-server = %{version}-%{release} +Requires: pki-server >= %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -687,7 +711,6 @@ BuildArch: noarch Requires: java-1.8.0-openjdk-headless Requires: pki-server >= %{version}-%{release} -Requires: pki-symkey >= %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units @@ -714,11 +737,11 @@ behind the firewall with restricted access. Summary: PKI TPS Package -Provides: pki-tps-tomcat -Provides: pki-tps-client +Provides: pki-tps-tomcat = %{version}-%{release} +Provides: pki-tps-client = %{version}-%{release} -Obsoletes: pki-tps-tomcat -Obsoletes: pki-tps-client +Obsoletes: pki-tps-tomcat < %{version}-%{release} +Obsoletes: pki-tps-client < %{version}-%{release} Requires: java-1.8.0-openjdk-headless Requires: pki-server >= %{version}-%{release} @@ -729,9 +752,8 @@ Requires(postun): systemd-units # additional runtime requirements needed to run native 'tpsclient' # REMINDER: Revisit these once 'tpsclient' is rewritten as a Java app -Requires: nss-tools >= 3.28.3 +Requires: nss-tools >= 3.36.1 Requires: openldap-clients -Requires: pki-symkey >= %{version}-%{release} %description -n pki-tps The Token Processing System (TPS) is an optional PKI subsystem that acts @@ -753,6 +775,9 @@ The utility "tpsclient" is a test tool that interacts with TPS. This tool is useful to test TPS server configs without risking an actual smart card. +%endif # with server + +%if %{with javadoc} ################################################################################ %package -n pki-javadoc ################################################################################ @@ -772,13 +797,13 @@ Obsoletes: pki-common-javadoc < %{version}-%{release} %description -n pki-javadoc This package contains PKI API documentation. -%endif # %{with server} +%endif # with javadoc ################################################################################ %prep ################################################################################ -%autosetup -n pki-%{version} -p 1 +%autosetup -n pki-%{version} -p 1 -S git ################################################################################ %build @@ -787,6 +812,7 @@ This package contains PKI API documentation. %{__mkdir_p} build cd build %cmake \ + --no-warn-unused-cli \ -DVERSION=%{version}-%{release} \ -DVAR_INSTALL_DIR:PATH=/var \ -DJAVA_HOME=%{java_home} \ @@ -796,6 +822,9 @@ cd build -DJAXRS_API_JAR=%{jaxrs_api_jar} \ -DRESTEASY_LIB=%{resteasy_lib} \ -DBUILD_PKI_CORE:BOOL=ON \ +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 + -DPKI_NSS_DB_TYPE=sql \ +%endif %if ! %{?with_python3} -DWITH_PYTHON3:BOOL=OFF \ %endif @@ -805,18 +834,15 @@ cd build %if %{?with_python3_default} -DWITH_PYTHON3_DEFAULT:BOOL=ON \ %endif +%if ! %{with test} + -DWITH_TEST:BOOL=OFF \ +%endif %if ! %{with server} -DWITH_SERVER:BOOL=OFF \ %endif %if ! %{with javadoc} -DWITH_JAVADOC:BOOL=OFF \ %endif -%if ! %{with test} - -DWITH_TEST:BOOL=OFF \ -%endif -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 - -DPKI_NSS_DB_TYPE=sql \ -%endif .. ################################################################################ @@ -830,6 +856,7 @@ cd build VERBOSE=%{?_verbose} \ DESTDIR=%{buildroot} \ INSTALL="install -p" \ + --no-print-directory \ all install # Customize system upgrade scripts in /usr/share/pki/upgrade @@ -921,15 +948,17 @@ fi %if 0%{?fedora} || 0%{?rhel} > 7 +################################################################################ +echo "Scanning Python code with pylint" +################################################################################ + %if 0%{?with_python3_default} -# Scanning the python code with pylint. %{__python3} ../tools/pylint-build-scan.py rpm --prefix %{buildroot} if [ $? -ne 0 ]; then echo "pylint for Python 3 failed. RC: $?" exit 1 fi %else -# Scanning the python code with pylint. %{__python2} ../tools/pylint-build-scan.py rpm --prefix %{buildroot} if [ $? -ne 0 ]; then echo "pylint for Python 2 failed. RC: $?" @@ -943,6 +972,10 @@ if [ $? -ne 0 ]; then fi %endif # with_python3_default +################################################################################ +echo "Scanning Python code with flake8" +################################################################################ + %if 0%{?with_python2} flake8 --config ../tox.ini %{buildroot} if [ $? -ne 0 ]; then @@ -961,10 +994,7 @@ fi %endif # Fedora / RHEL > 7 -%endif # %{with server} - -%{__mkdir_p} %{buildroot}%{_localstatedir}/log/pki -%{__mkdir_p} %{buildroot}%{_sharedstatedir}/pki +%endif # with server %if 0%{?fedora} || 0%{?rhel} > 7 %pretrans -n pki-base -p @@ -1006,7 +1036,7 @@ if ! getent passwd %{pki_username} >/dev/null ; then fi exit 0 -%endif # %{with server} +%endif # with server %post -n pki-base @@ -1047,18 +1077,18 @@ then systemctl daemon-reload fi -## %preun -n pki-server +## preun -n pki-server ## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem ## from EITHER 'sysVinit' OR previous 'systemd' processes to the new ## PKI deployment process -## %postun -n pki-server +## postun -n pki-server ## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem ## from EITHER 'sysVinit' OR previous 'systemd' processes to the new ## PKI deployment process -%endif # %{with server} +%endif # with server ################################################################################ %files -n pki-symkey @@ -1102,7 +1132,9 @@ fi %defattr(-,root,root,-) %doc base/common/LICENSE %doc base/common/LICENSE.LESSER +%if %{with server} && ! %{?with_python3_default} %exclude %{python2_sitelib}/pki/server +%endif %{python2_sitelib}/pki %endif # with_python2 @@ -1125,7 +1157,9 @@ fi %defattr(-,root,root,-) %doc base/common/LICENSE %doc base/common/LICENSE.LESSER +%if %{with server} && %{?with_python3_default} %exclude %{python3_sitelib}/pki/server +%endif %{python3_sitelib}/pki %endif # with_python3 @@ -1197,7 +1231,6 @@ fi %{_mandir}/man1/PKCS10Client.1.gz %if %{with server} - ################################################################################ %files -n pki-server ################################################################################ @@ -1325,6 +1358,8 @@ fi %{_libdir}/tps/libtps.so %{_libdir}/tps/libtokendb.so +%endif # with server + %if %{with javadoc} ################################################################################ %files -n pki-javadoc @@ -1332,14 +1367,18 @@ fi %defattr(-,root,root,-) %{_javadocdir}/pki-%{version}/ -%endif -%endif # %{with server} +%endif # with javadoc ################################################################################ %changelog ################################################################################ +* Thu May 3 2018 Dogtag PKI Team - 10.6.1-1 +- Rebased to PKI 10.6.1 +- Bugzilla #1574711: pki-tools cannot be installed on current Rawhide +- Bugzilla #1559047: pki-core misses a dependency to pki-symkey + * Wed Apr 11 2018 Dogtag PKI Team - 10.6.0-1 - Updated project URL and package descriptions - Cleaned up spec file diff --git a/sources b/sources index f5bcdd5..d7e5ed6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.6.0.tar.gz) = a1f26954f4a35d350675766d1091fc92fa9a92a89685485526fa57cd6b50e8a0085e146ce2388103a254f50addc2b218038b1da00e037f7d3c6e2c7423e4bdca +SHA512 (pki-10.6.1.tar.gz) = 3babc6d52a4de986d3508cd76ee5da092f1a1de3cbb8acf6fb59ed76e7c65a4190aa67c41012192cc6100d90ee0e8e6f850035a5003f1c186cf8f8da7b0f9334