diff --git a/0001-Patch-ECAdminCertProfile-upgrade-script.patch b/0001-Patch-ECAdminCertProfile-upgrade-script.patch new file mode 100644 index 0000000..8c77561 --- /dev/null +++ b/0001-Patch-ECAdminCertProfile-upgrade-script.patch @@ -0,0 +1,134 @@ +From dc00a5c3aaf84f8fb2a3c0473e31646b9d57badc Mon Sep 17 00:00:00 2001 +From: Dinesh Prasanth M K +Date: Wed, 25 Mar 2020 16:02:15 -0400 +Subject: [PATCH] Patch ECAdminCertProfile upgrade script + +Backport of PR #355 + +The caECAdminCert profile was added 2 years ago but was never patched +to be added to the CS.cfg. Hence, when a user tries to upgrade, the path +did not exist and so, the upgrade failed. This patch adds the missing +attribute to ensure smooth upgradation process + +Move 10.8.2 upgrade script to 10.8.3 + +Resolves: BZ#1814242 +Upstream: https://pagure.io/dogtagpki/issue/3168 + +Signed-off-by: Dinesh Prasanth M K +--- + .../10.8.2/01-FixECAdminCertProfile.py | 39 ------------- + .../10.8.3/01-FixECAdminCertProfile.py | 55 +++++++++++++++++++ + 2 files changed, 55 insertions(+), 39 deletions(-) + delete mode 100644 base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py + create mode 100644 base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py + +diff --git a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py +deleted file mode 100644 +index ebdb98304..000000000 +--- a/base/server/upgrade/10.8.2/01-FixECAdminCertProfile.py ++++ /dev/null +@@ -1,39 +0,0 @@ +-# Authors: +-# Endi S. Dewata +-# +-# Copyright Red Hat, Inc. +-# +-# SPDX-License-Identifier: GPL-2.0-or-later +- +-from __future__ import absolute_import +-import logging +-import os +- +-import pki +- +-logger = logging.getLogger(__name__) +- +- +-class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet): +- +- def __init__(self): +- super(FixECAdminCertProfile, self).__init__() +- self.message = 'Fix EC admin certificate profile' +- +- def upgrade_subsystem(self, instance, subsystem): +- +- if subsystem.name != 'ca': +- return +- +- self.backup(subsystem.cs_conf) +- +- path = subsystem.config.get('profile.caECAdminCert.config') +- logger.info('Current path: %s', path) +- +- dirname = os.path.dirname(path) +- +- path = os.path.join(dirname, 'caECAdminCert.cfg') +- logger.info('New path: %s', path) +- +- subsystem.config['profile.caECAdminCert.config'] = path +- subsystem.save() +diff --git a/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py +new file mode 100644 +index 000000000..92664d292 +--- /dev/null ++++ b/base/server/upgrade/10.8.3/01-FixECAdminCertProfile.py +@@ -0,0 +1,55 @@ ++# Authors: ++# Endi S. Dewata ++# ++# Copyright Red Hat, Inc. ++# ++# SPDX-License-Identifier: GPL-2.0-or-later ++ ++from __future__ import absolute_import ++import logging ++import os ++ ++import pki ++ ++logger = logging.getLogger(__name__) ++ ++ ++class FixECAdminCertProfile(pki.server.upgrade.PKIServerUpgradeScriptlet): ++ ++ def __init__(self): ++ super(FixECAdminCertProfile, self).__init__() ++ self.message = 'Fix EC admin certificate profile' ++ ++ def upgrade_subsystem(self, instance, subsystem): ++ ++ if subsystem.name != 'ca': ++ return ++ ++ self.backup(subsystem.cs_conf) ++ ++ path = subsystem.config.get('profile.caECAdminCert.config') ++ if path is None: ++ # Add missing path ++ logger.info('Missing profile.caECAdminCert.config') ++ ++ path = "{0}/profiles/{1}/caECAdminCert.cfg".format( ++ subsystem.base_dir, subsystem.name) ++ ++ else: ++ # Fix existing path ++ logger.info("Fixing profile.caECAdminCert.config") ++ dirname = os.path.dirname(path) ++ path = os.path.join(dirname, 'caECAdminCert.cfg') ++ ++ logger.info('New path: %s', path) ++ subsystem.config['profile.caECAdminCert.config'] = path ++ ++ subsystem.config['profile.caECAdminCert.class_id'] = 'caEnrollImpl' ++ ++ # check if caECAdminCert is part of profile.list ++ profile_list = subsystem.config['profile.list'].split(',') ++ if 'caECAdminCert' not in profile_list: ++ profile_list.append('caECAdminCert') ++ subsystem.config['profile.list'] = ','.join(profile_list) ++ ++ subsystem.save() +-- +2.25.4 + diff --git a/pki-core.spec b/pki-core.spec index d97db0a..8cec371 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -8,7 +8,7 @@ URL: http://www.dogtagpki.org/ License: GPLv2 and LGPLv2 Version: 10.8.3 -Release: 1%{?_timestamp}%{?_commit_id}%{?dist} +Release: 2%{?_timestamp}%{?_commit_id}%{?dist} # global _phase -a1 # To create a tarball from a version tag: @@ -25,6 +25,7 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # \ # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch +Patch1: 0001-Patch-ECAdminCertProfile-upgrade-script.patch ################################################################################ # NSS @@ -1312,6 +1313,9 @@ fi ################################################################################ %changelog +* Mon Apr 27 2020 Dinesh Prasanth M K - 10.8.3-2 +- Fix bz#1814242 / dogtag issue #3168: Fix EC admin certificate profile upgrade + * Thu Mar 05 2020 Dinesh Prasanth M K - 10.8.3-1 - Rebase to latest upstream version - Spec cleanup to match with upstream spec