diff --git a/.gitignore b/.gitignore index 57ded77..f5bd067 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,4 @@ /pki-10.9.1.tar.gz /pki-10.9.2.tar.gz /pki-10.9.4.tar.gz +/pki-10.10.0-b1.tar.gz diff --git a/0001-Add-dependencies-in-Java11-specific-libraries.patch b/0001-Add-dependencies-in-Java11-specific-libraries.patch deleted file mode 100644 index 556c18d..0000000 --- a/0001-Add-dependencies-in-Java11-specific-libraries.patch +++ /dev/null @@ -1,40 +0,0 @@ -From f35d270b5551ae35e699163d78d451e5b7c247da Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Mon, 14 Sep 2020 16:51:08 -0400 -Subject: [PATCH 1/3] Add dependencies in Java11-specific libraries - -This ensures lib/ gets created prior to any Java11-specific symlinks. - -Signed-off-by: Alexander Scheel ---- - base/common/CMakeLists.txt | 1 + - base/server/CMakeLists.txt | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/base/common/CMakeLists.txt b/base/common/CMakeLists.txt -index c58393e01..26431bac0 100644 ---- a/base/common/CMakeLists.txt -+++ b/base/common/CMakeLists.txt -@@ -48,6 +48,7 @@ add_custom_command( - - if(JAVA_VERSION GREATER 10) - add_custom_target(pki-java11plus-lib ALL -+ DEPENDS pki-lib - COMMENT "Creating links for library required in Java 11+") - - add_custom_command( -diff --git a/base/server/CMakeLists.txt b/base/server/CMakeLists.txt -index 599642277..62a5b68bd 100644 ---- a/base/server/CMakeLists.txt -+++ b/base/server/CMakeLists.txt -@@ -118,6 +118,7 @@ add_custom_command( - - if(JAVA_VERSION GREATER 10) - add_custom_target(pki-server-java11plus-lib ALL -+ DEPENDS pki-server-common-lib - COMMENT "Creating links for server library required in Java 11+") - - add_custom_command( --- -2.26.2 - diff --git a/0002-Make-PKI_JAVA_PATH-respect-PKI_JAVA_PATH.patch b/0002-Make-PKI_JAVA_PATH-respect-PKI_JAVA_PATH.patch deleted file mode 100644 index e0cbe36..0000000 --- a/0002-Make-PKI_JAVA_PATH-respect-PKI_JAVA_PATH.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 54de035b3a16144a888d807c636d05b15c806572 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Tue, 15 Sep 2020 10:49:48 -0400 -Subject: [PATCH 2/3] Make PKI_JAVA_PATH respect PKI_JAVA_PATH - -Signed-off-by: Alexander Scheel ---- - base/common/share/etc/pki.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/base/common/share/etc/pki.conf b/base/common/share/etc/pki.conf -index 0671f7ab7..5bbde3830 100644 ---- a/base/common/share/etc/pki.conf -+++ b/base/common/share/etc/pki.conf -@@ -11,7 +11,7 @@ JAVA_HOME=${JAVA_HOME} - export JAVA_HOME - - # Java interpreter --PKI_JAVA_PATH=${Java_JAVA_EXECUTABLE} -+PKI_JAVA_PATH=${PKI_JAVA_PATH} - export PKI_JAVA_PATH - - # JNI jar file location --- -2.26.2 - diff --git a/0003-Fix-java_version-java_version.patch b/0003-Fix-java_version-java_version.patch deleted file mode 100644 index 7e16ead..0000000 --- a/0003-Fix-java_version-java_version.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 8c6af8d9c5482ae95c2912ba8553474e9e8e6435 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Wed, 16 Sep 2020 15:49:00 -0400 -Subject: [PATCH 3/3] Fix %{java_version} -> ${java_version} - -Because java_version isn't a RPM spec file attribute (and is instead an -inline shell variable), we have to use $ instead of % to reference it. - -Signed-off-by: Alexander Scheel ---- - pki.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/pki.spec b/pki.spec -index 4446d657d..a461f10e8 100644 ---- a/pki.spec -+++ b/pki.spec -@@ -855,7 +855,7 @@ cd build - -DVERSION=%{version}-%{release} \ - -DVAR_INSTALL_DIR:PATH=/var \ - -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ -- -DJAVA_VERSION=%{java_version} \ -+ -DJAVA_VERSION=${java_version} \ - -DJAVA_HOME=%java_home \ - -DPKI_JAVA_PATH=%java \ - -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ --- -2.26.2 - diff --git a/pki-core.spec b/pki-core.spec index ef98897..40325ef 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -6,15 +6,15 @@ Name: pki-core %global brand Dogtag Summary: %{brand} PKI Core Package -URL: http://www.dogtagpki.org/ +URL: https://www.dogtagpki.org # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -# For development (unsupported) releases, use x.y.z-0.n.unstable with alpha/beta phase. -# For official (supported) releases, use x.y.z-r where r >=1 without alpha/beta phase. -Version: 10.9.4 -Release: 3%{?_timestamp}%{?_commit_id}%{?dist} -#global _phase -a1 +# For development (i.e. unsupported) releases, use x.y.z-0.n.. +# For official (i.e. supported) releases, use x.y.z-r where r >=1. +Version: 10.10.0 +Release: 0.2.b1%{?_timestamp}%{?_commit_id}%{?dist} +%global _phase -b1 # To create a tarball from a version tag: # $ git archive \ @@ -30,9 +30,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # \ # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch -Patch1: 0001-Add-dependencies-in-Java11-specific-libraries.patch -Patch2: 0002-Make-PKI_JAVA_PATH-respect-PKI_JAVA_PATH.patch -Patch3: 0003-Fix-java_version-java_version.patch ################################################################################ # NSS @@ -54,14 +51,15 @@ Patch3: 0003-Fix-java_version-java_version.patch # Java ################################################################################ -%define java_home /usr/lib/jvm/jre-openjdk %define java_devel java-devel %define java_headless java-headless %if 0%{?fedora} && 0%{?fedora} >= 33 %define min_java_version 1:11 +%define java_home /usr/lib/jvm/java-11-openjdk %else %define min_java_version 1:1.8.0 +%define java_home /usr/lib/jvm/java-1.8.0-openjdk %endif ################################################################################ @@ -120,6 +118,8 @@ Patch3: 0003-Fix-java_version-java_version.patch %define debug_package %{nil} %endif +%bcond_without sdnotify + # ignore unpackaged files from native 'tpsclient' # REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app %define _unpackaged_files_terminate_build 0 @@ -171,7 +171,7 @@ BuildRequires: ldapjdk >= 4.22.0 BuildRequires: apache-commons-cli BuildRequires: apache-commons-codec BuildRequires: apache-commons-io -BuildRequires: apache-commons-lang +BuildRequires: apache-commons-lang3 >= 3.2 BuildRequires: apache-commons-net BuildRequires: jakarta-commons-httpclient BuildRequires: glassfish-jaxb-api @@ -223,8 +223,8 @@ BuildRequires: python3-pytest-runner BuildRequires: junit BuildRequires: jpackage-utils >= 0:1.7.5-10 -BuildRequires: jss >= 4.7.3 -BuildRequires: tomcatjss >= 7.5.0 +BuildRequires: jss >= 4.8.0 +BuildRequires: tomcatjss >= 7.6.0 BuildRequires: systemd-units %if 0%{?rhel} @@ -271,6 +271,7 @@ to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: + * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager @@ -295,6 +296,7 @@ Requires: %{vendor_id}-pki-console-theme = %{version} # Make certain that this 'meta' package requires the latest version(s) # of ALL PKI core packages +Requires: pki-acme = %{version} Requires: pki-ca = %{version} Requires: pki-kra = %{version} Requires: pki-ocsp = %{version} @@ -322,6 +324,7 @@ to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: + * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager @@ -340,7 +343,7 @@ Summary: PKI Symmetric Key Package Requires: %java_headless >= %{min_java_version} Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.7.3 +Requires: jss >= 4.8.0 Requires: nss >= 3.38.0 # Ensure we end up with a useful installation @@ -410,7 +413,7 @@ Requires: %java_headless >= %{min_java_version} Requires: apache-commons-cli Requires: apache-commons-codec Requires: apache-commons-io -Requires: apache-commons-lang +Requires: apache-commons-lang3 >= 3.2 Requires: apache-commons-logging Requires: apache-commons-net Requires: jakarta-commons-httpclient @@ -418,7 +421,7 @@ Requires: glassfish-jaxb-api Requires: slf4j Requires: slf4j-jdk14 Requires: jpackage-utils >= 0:1.7.5-10 -Requires: jss >= 4.7.3 +Requires: jss >= 4.7.0 Requires: ldapjdk >= 4.22.0 Requires: pki-base = %{version}-%{release} @@ -477,7 +480,6 @@ Summary: PKI Server Package BuildArch: noarch Requires: hostname -Requires: net-tools Requires: policycoreutils Requires: procps-ng @@ -510,7 +512,13 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units Requires(pre): shadow-utils -Requires: tomcatjss >= 7.5.0 +Requires: tomcatjss >= 7.6.0 + +# JNA is used to bind to libsystemd +%if %{with sdnotify} +BuildRequires: jna +Requires: jna +%endif # pki-healthcheck depends on the following library %if 0%{?rhel} @@ -534,18 +542,29 @@ Provides: bundled(js-patternfly) = 3.59.2 Provides: bundled(js-underscore) = 1.9.2 %description -n pki-server -The PKI Server Package contains libraries and utilities needed by the -following PKI subsystems: - - the Certificate Authority (CA), - the Key Recovery Authority (KRA), - the Online Certificate Status Protocol (OCSP) Manager, - the Token Key Service (TKS), and - the Token Processing Service (TPS). +The PKI Server Package contains libraries and utilities needed by other +PKI subsystems. # with server %endif +%if %{with acme} +################################################################################ +%package -n pki-acme +################################################################################ + +Summary: PKI ACME Package +BuildArch: noarch + +Requires: pki-server = %{version}-%{release} + +%description -n pki-acme +The PKI ACME responder is a service that provides an automatic certificate +management via ACME v2 protocol defined in RFC 8555. + +# with acme +%endif + %if %{with ca} ################################################################################ %package -n pki-ca @@ -847,7 +866,7 @@ cd build -DP11_KIT_TRUST=/etc/alternatives/libnssckbi.so.%{_arch} \ -DJAVA_VERSION=${java_version} \ -DJAVA_HOME=%java_home \ - -DPKI_JAVA_PATH=%java \ + -DPKI_JAVA_PATH=%java_home/bin/java \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -DAPP_SERVER=$app_server \ @@ -857,9 +876,10 @@ cd build -DBUILD_PKI_CORE:BOOL=ON \ -DPYTHON_EXECUTABLE=%{python_executable} \ -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \ -%if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} +%if ! %{with server} && ! %{with acme} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} -DWITH_SERVER:BOOL=OFF \ %endif + -DWITH_SYSTEMD_NOTIFICATION:BOOL=%{?with_sdnotify:ON}%{!?with_sdnotify:OFF} \ -DWITH_JAVADOC:BOOL=%{?with_javadoc:ON}%{!?with_javadoc:OFF} \ -DBUILD_PKI_CONSOLE:BOOL=%{?with_console:ON}%{!?with_console:OFF} \ -DTHEME=%{?with_theme:%{vendor_id}} \ @@ -1071,8 +1091,8 @@ fi %files -n pki-tools ################################################################################ -%license base/native-tools/LICENSE -%doc base/native-tools/doc/README +%license base/tools/LICENSE +%doc base/tools/doc/README %{_bindir}/p7tool %{_bindir}/pistool %{_bindir}/pki @@ -1080,7 +1100,6 @@ fi %{_bindir}/setpin %{_bindir}/sslget %{_bindir}/tkstool -%{_datadir}/pki/native-tools/ %{_bindir}/AtoB %{_bindir}/AuditVerify %{_bindir}/BtoA @@ -1105,7 +1124,7 @@ fi %{_bindir}/PrettyPrintCrl %{_bindir}/TokenInfo %{_javadir}/pki/pki-tools.jar -%{_datadir}/pki/java-tools/ +%{_datadir}/pki/tools/ %{_datadir}/pki/lib/p11-kit-trust.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz @@ -1179,6 +1198,7 @@ fi %dir %{_sharedstatedir}/pki %{_mandir}/man1/pkidaemon.1.gz %{_mandir}/man5/pki_default.cfg.5.gz +%{_mandir}/man5/pki_healthcheck.conf.5.gz %{_mandir}/man5/pki-server-logging.5.gz %{_mandir}/man8/pki-server-upgrade.8.gz %{_mandir}/man8/pkidestroy.8.gz @@ -1198,12 +1218,26 @@ fi %{_mandir}/man8/pki-healthcheck.8.gz %{_datadir}/pki/setup/ %{_datadir}/pki/server/ -%{_datadir}/pki/acme/ -%{_javadir}/pki/pki-acme.jar + +%if %{with sdnotify} +%{_javadir}/pki/pki-systemd.jar +%endif # with server %endif +%if %{with acme} +################################################################################ +%files -n pki-acme +################################################################################ + +%{_javadir}/pki/pki-acme.jar +%dir %{_datadir}/pki/acme +%{_datadir}/pki/acme/ + +# with acme +%endif + %if %{with ca} ################################################################################ %files -n pki-ca @@ -1212,11 +1246,7 @@ fi %license base/ca/LICENSE %{_javadir}/pki/pki-ca.jar %dir %{_datadir}/pki/ca -%{_datadir}/pki/ca/conf/ -%{_datadir}/pki/ca/emails/ -%{_datadir}/pki/ca/profiles/ -%{_datadir}/pki/ca/setup/ -%{_datadir}/pki/ca/webapps/ +%{_datadir}/pki/ca/ # with ca %endif @@ -1229,9 +1259,7 @@ fi %license base/kra/LICENSE %{_javadir}/pki/pki-kra.jar %dir %{_datadir}/pki/kra -%{_datadir}/pki/kra/conf/ -%{_datadir}/pki/kra/setup/ -%{_datadir}/pki/kra/webapps/ +%{_datadir}/pki/kra/ # with kra %endif @@ -1244,9 +1272,7 @@ fi %license base/ocsp/LICENSE %{_javadir}/pki/pki-ocsp.jar %dir %{_datadir}/pki/ocsp -%{_datadir}/pki/ocsp/conf/ -%{_datadir}/pki/ocsp/setup/ -%{_datadir}/pki/ocsp/webapps/ +%{_datadir}/pki/ocsp/ # with ocsp %endif @@ -1259,9 +1285,7 @@ fi %license base/tks/LICENSE %{_javadir}/pki/pki-tks.jar %dir %{_datadir}/pki/tks -%{_datadir}/pki/tks/conf/ -%{_datadir}/pki/tks/setup/ -%{_datadir}/pki/tks/webapps/ +%{_datadir}/pki/tks/ # with tks %endif @@ -1274,10 +1298,7 @@ fi %license base/tps/LICENSE %{_javadir}/pki/pki-tps.jar %dir %{_datadir}/pki/tps -%{_datadir}/pki/tps/applets/ -%{_datadir}/pki/tps/conf/ -%{_datadir}/pki/tps/setup/ -%{_datadir}/pki/tps/webapps/ +%{_datadir}/pki/tps/ %{_mandir}/man5/pki-tps-connector.5.gz %{_mandir}/man5/pki-tps-profile.5.gz %{_mandir}/man1/tpsclient.1.gz @@ -1355,6 +1376,9 @@ fi ################################################################################ %changelog +* Thu Oct 22 2020 Dogtag PKI Team - 10.10.0-0.2 +- Rebase to upstream beta v10.10.0-b2 release + * Fri Sep 18 2020 Dogtag PKI Team - 10.9.4-3 - Fix issue with JAXB JAR linking -- update .spec file diff --git a/sources b/sources index 59ad840..7b144c8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.9.4.tar.gz) = a2e572b1e2625cfbd432ccc11f6aefb77801f4e9f6a49e00c8fcf98fedd09e9ec806c5caa42a1bd48f8d6eff4c794e28a3dca86ee5720e348415c8bd3e9e4882 +SHA512 (pki-10.10.0-b1.tar.gz) = 1820ca78ef452f5abfd0bb5d85b1576b7f4edbd6a0f804351c49161ddf2b743fbf59994a9068e2cf84e19dd0d40bee1d240b41d84c53abe5f3192954b86cd431