diff --git a/.gitignore b/.gitignore index 338e412..5895c3c 100644 --- a/.gitignore +++ b/.gitignore @@ -65,3 +65,4 @@ /pki-10.6.5.tar.gz /pki-10.6.6.tar.gz /pki-10.6.7.tar.gz +/pki-10.6.8.tar.gz diff --git a/0001-Fixed-default-token-normalization-in-initialization..patch b/0001-Fixed-default-token-normalization-in-initialization..patch deleted file mode 100644 index b79af16..0000000 --- a/0001-Fixed-default-token-normalization-in-initialization..patch +++ /dev/null @@ -1,55 +0,0 @@ -From 54edd1a7dd4e7e49bff4ef4fde15fc4d97802b00 Mon Sep 17 00:00:00 2001 -From: "Endi S. Dewata" -Date: Fri, 26 Oct 2018 04:29:20 -0400 -Subject: [PATCH] Fixed default token normalization in initialization.py (#83) - -Previously the initialization.py did not normalize the default -token name in pki_self_signed_token which was blank. This caused -an error when installing an additional subsystem into the same -instance since the code could not find the existing internal -token password from the first subsystem installation. - -The code has been modified to normalize the default token name -into 'internal' such that it can find the existing internal token -password. - -https://pagure.io/dogtagpki/issue/3073 ---- - .../python/pki/server/deployment/scriptlets/initialization.py | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py b/base/server/python/pki/server/deployment/scriptlets/initialization.py -index 112c2e8e9..a75592736 100644 ---- a/base/server/python/pki/server/deployment/scriptlets/initialization.py -+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py -@@ -46,21 +46,26 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): - instance.load() - - internal_token = deployer.mdict['pki_self_signed_token'] -+ if not pki.nssdb.normalize_token(internal_token): -+ internal_token = pki.nssdb.INTERNAL_TOKEN_NAME - - # if instance already exists and has password, reuse the password - if internal_token in instance.passwords: -+ logger.info('Reusing server NSS database password') - deployer.mdict['pki_server_database_password'] = instance.passwords.get(internal_token) - - # otherwise, use user-provided password if specified - elif deployer.mdict['pki_server_database_password']: -- pass -+ logger.info('Using specified server NSS database password') - - # otherwise, use user-provided pin if specified - elif deployer.mdict['pki_pin']: -+ logger.info('Using specified PIN as server NSS database password') - deployer.mdict['pki_server_database_password'] = deployer.mdict['pki_pin'] - - # otherwise, generate a random password - else: -+ logger.info('Generating random server NSS database password') - deployer.mdict['pki_server_database_password'] = pki.generate_password() - - # generate random password for client database if not specified --- -2.14.4 - diff --git a/pki-core.spec b/pki-core.spec index 6bf3573..009729f 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -7,16 +7,8 @@ URL: http://www.dogtagpki.org/ # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 -%if 0%{?rhel} && 0%{?rhel} <= 7 -# no arch exclusion -%else -# Exclude 's390' and 's390x' architectures since -# 'esc' does not exist on these two platforms -ExcludeArch: s390 s390x -%endif - -Version: 10.6.7 -Release: 3%{?_timestamp}%{?_commit_id}%{?dist} +Version: 10.6.8 +Release: 1%{?_timestamp}%{?_commit_id}%{?dist} # global _phase -a1 # To create a tarball from a version tag: @@ -34,11 +26,6 @@ Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver # > pki-VERSION-RELEASE.patch # Patch: pki-VERSION-RELEASE.patch -# TODO: The following patches have landed in master and are necessary to fix -# FreeIPA integration. Please remove next time PKI is released. -Patch1: tiran-fix-certutil-token.patch -Patch2: 0001-Fixed-default-token-normalization-in-initialization..patch - ################################################################################ # NSS ################################################################################ @@ -206,6 +193,7 @@ BuildRequires: apache-commons-codec BuildRequires: apache-commons-io BuildRequires: apache-commons-lang BuildRequires: jakarta-commons-httpclient +BuildRequires: glassfish-jaxb-api BuildRequires: slf4j %if 0%{?rhel} && 0%{?rhel} <= 7 # no slf4j-jdk14 @@ -260,11 +248,11 @@ BuildRequires: resteasy-atom-provider >= 3.0.17-1 BuildRequires: resteasy-client >= 3.0.17-1 BuildRequires: resteasy-jaxb-provider >= 3.0.17-1 BuildRequires: resteasy-core >= 3.0.17-1 -BuildRequires: resteasy-jackson-provider >= 3.0.17-1 +BuildRequires: resteasy-jackson2-provider >= 3.0.17-1 %endif %if 0%{?with_python2} -%if 0%{?rhel} && 0%{?rhel} <= 7 +%if 0%{?rhel} # no pylint %else BuildRequires: pylint @@ -279,7 +267,7 @@ BuildRequires: python2-pyflakes >= 1.2.3 %endif # with_python2 %if 0%{?with_python3} -%if 0%{?rhel} && 0%{?rhel} <= 7 +%if 0%{?rhel} # no pylint %else BuildRequires: python3-pylint @@ -554,6 +542,7 @@ Requires: apache-commons-io Requires: apache-commons-lang Requires: apache-commons-logging Requires: jakarta-commons-httpclient +Requires: glassfish-jaxb-api Requires: slf4j %if 0%{?rhel} && 0%{?rhel} <= 7 # no slf4j-jdk14 @@ -585,7 +574,7 @@ Requires: resteasy-atom-provider >= 3.0.17-1 Requires: resteasy-client >= 3.0.17-1 Requires: resteasy-jaxb-provider >= 3.0.17-1 Requires: resteasy-core >= 3.0.17-1 -Requires: resteasy-jackson-provider >= 3.0.17-1 +Requires: resteasy-jackson2-provider >= 3.0.17-1 %endif Requires: xalan-j2 @@ -698,6 +687,9 @@ Requires: tomcatjss >= 7.2.1-4 Requires: tomcatjss >= 7.3.6 %endif +# https://pagure.io/freeipa/issue/7742 +Conflicts: freeipa-server < 4.7.1 + %description -n pki-server The PKI Server Package contains libraries and utilities needed by the following PKI subsystems: @@ -902,12 +894,6 @@ Requires: pki-console-theme >= %{version} %description -n pki-console The PKI Console is a Java application used to administer PKI server. -For deployment purposes, a PKI Console requires ONE AND ONLY ONE of the -following "Mutually-Exclusive" PKI Theme packages: - - * dogtag-pki-console-theme (Dogtag Certificate System deployments) - * redhat-pki-console-theme (Red Hat Certificate System deployments) - %endif # with console %if %{with theme} @@ -977,6 +963,7 @@ cd build %if 0%{?with_python3_default} -DWITH_PYTHON3_DEFAULT:BOOL=ON \ %endif + -DPYTHON_EXECUTABLE=%{__python3} \ -DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \ %if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with ocsp} && ! %{with tks} && ! %{with tps} -DWITH_SERVER:BOOL=OFF \ @@ -1102,7 +1089,7 @@ fi rm -f %{buildroot}%{_datadir}/pki/server/lib/slf4j-jdk14.jar %endif -%if 0%{?rhel} && 0%{?rhel} <= 7 +%if 0%{?rhel} # no pylint %else @@ -1581,6 +1568,7 @@ fi %doc themes/%{brand}/common-ui/LICENSE %dir %{_datadir}/pki +%{_datadir}/pki/CS_SERVER_VERSION %{_datadir}/pki/common-ui/ %{_datadir}/pki/server/webapps/pki/ca %{_datadir}/pki/server/webapps/pki/css @@ -1603,6 +1591,9 @@ fi ################################################################################ %changelog +* Fri Nov 30 2018 Dogtag PKI Team - 10.6.8-1 +- Rebased to PKI 10.6.8 + * Fri Oct 26 2018 Dogtag PKI Team - 10.6.7-3 - Fixed default token normalization in initialization.py diff --git a/sources b/sources index f61a50c..e8b3d53 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (pki-10.6.7.tar.gz) = 06174ade48cf458469e7bda106aabb0d0c580b7e6e14a6fbf1c068a92fb2b9c53653d2d67c5401292ad398a5413bf3febe2d09b5d3a463a1f17416fc7a906510 +SHA512 (pki-10.6.8.tar.gz) = 112f5290857477736a810f14058fbc27d9add3299da359a8818b1068f388e1a1ca6662a13ac745778cc66777d073caa23a2a46215155f77f30d3771a654b215d diff --git a/tiran-fix-certutil-token.patch b/tiran-fix-certutil-token.patch deleted file mode 100644 index 31cddae..0000000 --- a/tiran-fix-certutil-token.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0fba3c2710ee14f2d4ddb2bd401ed6d592f3f2b8 Mon Sep 17 00:00:00 2001 -From: Christian Heimes -Date: Thu, 25 Oct 2018 15:10:06 +0200 -Subject: [PATCH] No missing token in verify_certificate_exists - -Remove the missing token check from verify_certificate_exists. It was -the one place that was not adopted to use blank token as default. - -Change-Id: Ic192e0699ff32af474976039af08e1503925dfd1 -See: 17677ae4d2cda456b64ec67e2b25ba63f4a58a70 -Fixes: https://pagure.io/dogtagpki/issue/3073 -Signed-off-by: Christian Heimes ---- - base/server/python/pki/server/deployment/pkihelper.py | 5 ----- - base/server/python/pki/server/deployment/pkimessages.py | 1 - - 2 files changed, 6 deletions(-) - -diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py -index 0346559da..3c7dbab7a 100644 ---- a/base/server/python/pki/server/deployment/pkihelper.py -+++ b/base/server/python/pki/server/deployment/pkihelper.py -@@ -2436,11 +2436,6 @@ def verify_certificate_exists(self, path, token, nickname, - # Specify the 'token' - if token: - command.extend(["-h", token]) -- else: -- config.pki_log.error( -- log.PKIHELPER_CERTUTIL_MISSING_TOKEN, -- extra=config.PKI_INDENTATION_LEVEL_2) -- raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN) - # Specify the nickname of this self-signed certificate - if nickname: - command.extend(["-n", nickname]) -diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py -index a2723b04d..d6597e28d 100644 ---- a/base/server/python/pki/server/deployment/pkimessages.py -+++ b/base/server/python/pki/server/deployment/pkimessages.py -@@ -188,7 +188,6 @@ - PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER = \ - "certutil: Missing '-m serial-number' option!" - PKIHELPER_CERTUTIL_MISSING_SUBJECT = "certutil: Missing '-s subject' option!" --PKIHELPER_CERTUTIL_MISSING_TOKEN = "certutil: Missing '-h token' option!" - PKIHELPER_CERTUTIL_MISSING_TRUSTARGS = \ - "certutil: Missing '-t trustargs' option!" - PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD = \