diff options
| author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-10-24 01:49:45 +0000 |
|---|---|---|
| committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-10-24 01:49:45 +0000 |
| commit | d00c6c2187bb7cfc8111b5e97a59011b40111b54 (patch) | |
| tree | 8d3f105c62fbd4923c3aa3a51c49ad7d99f5d6da | |
| parent | ec2fc6225c80f296472af430cfb54871ec303e93 (diff) | |
| download | pki-d00c6c2187bb7cfc8111b5e97a59011b40111b54.tar.gz pki-d00c6c2187bb7cfc8111b5e97a59011b40111b54.tar.xz pki-d00c6c2187bb7cfc8111b5e97a59011b40111b54.zip | |
Build changes required to integrate Dogtag into Fedora.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@805 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
61 files changed, 2434 insertions, 7693 deletions
diff --git a/pki/dogtag/ca-ui/build.xml b/pki/dogtag/ca-ui/build.xml index b1001562f..1b3bcf91d 100644 --- a/pki/dogtag/ca-ui/build.xml +++ b/pki/dogtag/ca-ui/build.xml @@ -137,12 +137,12 @@ <echo message="${begin.binary.zip.log.message}"/> <zip destfile="${dist.base.binaries}/${dist.name}.zip"> <zipfileset dir="./shared" - filemode="755" + filemode="644" prefix="usr/share/${product.prefix}/${product}"> <include name="**"/> </zipfileset> <zipfileset dir="." - filemode="755" + filemode="644" prefix="usr/share/doc/${dist.name}"> <include name="LICENSE"/> </zipfileset> @@ -153,12 +153,12 @@ <tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar"> <tarfileset dir="./shared" - mode="755" + mode="644" prefix="${dist.name}/usr/share/${product.prefix}/${product}"> <include name="**"/> </tarfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${dist.name}"> <include name="LICENSE"/> </tarfileset> @@ -200,7 +200,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> @@ -217,7 +217,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> diff --git a/pki/dogtag/ca-ui/build_dogtag b/pki/dogtag/ca-ui/build_dogtag index e80d8a3cd..8b16b371d 100755 --- a/pki/dogtag/ca-ui/build_dogtag +++ b/pki/dogtag/ca-ui/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-ca-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="ca-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec b/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec index 1e016ef1c..a38d7a515 100644 --- a/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec +++ b/pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec @@ -1,298 +1,56 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product Certificate Authority User Interface -%define base_component ca-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 3 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-ca-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Certificate Authority User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## Without Requires something, rpmbuild will abort! -Requires: bash >= 3.0 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} +BuildRequires: ant +Requires: bash -## This package is non-relocatable! -#Prefix: +Provides: pki-ca-ui = %{version}-%{release} -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-ca-ui < %{version}-%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{pki_ca}. - - +The Dogtag Certificate Authority User Interface contains the graphical +user interface for the Dogtag Certificate Authority. -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="ca-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/* %changelog -* Tue Aug 4 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-3 -- Bugzilla Bug #514093 - UI ignores higher revocation reasons -* Thu Jul 30 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-2 -- Bugzilla Bug #514094 - enable ECC enrollment for FF through key constraints -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jul 8 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-15 -- Bugzilla Bug #510165 - request search displays 'undefined' page size -* Mon Jul 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-14 -- Bugzilla Bug #492952 - handling 2K keys with MBCP -* Thu Jul 2 2009 Christina Fu <cfu@redhat.com> 1.1.0-13 -- Bugzilla Bug #508332 - Clean up EE page certificate profiles -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-12 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Fri Jun 12 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-10 -- Bugzilla Bug #502694 - adding random nonces -* Sat May 30 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-9 -- Bugzilla Bug #482935 - Adding search limits -* Wed May 20 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-8 -- Bugzilla Bug #491185 - added new revocation reasons to comply with RFC 5280 -* Wed May 13 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-7 -- Bugzilla Bug #490551 - Use profile key constraints to control enrollment key sizes on IE -* Wed May 13 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Tue May 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #500489 - CA installation wizard doesn't prompt to - download/install CA chain on Firefox 3 -* Sun May 10 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-4 -- Bugzilla Bug #490551 - Use profile key constraints to control enrollment key sizes -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Fri Apr 10 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 31 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-13 -- Bugzilla Bug #490551 - 1024-bit and 2048-bit issuance configuration -* Mon Mar 30 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-12 -- Bugzilla Bug #492952 - better handling of enrollment objects for IE -* Fri Mar 27 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-11 -- Bugzilla Bug #224827 - new default cryptographic provider -* Tue Mar 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-10 -- Bugzilla Bug #488388 - copyright notices - remove from UI -- Bugzilla Bug #440543 - CA's web-services page needs improvements -* Fri Jan 30 2009 Ade Lee <alee@redhat.com> 1.0.0-9 -- Bugzilla Bug #460582 - add UTF-8 support -* Wed Jan 28 2009 Christina Fu <cfu@redhat.com> 1.0.0-8 -- Bugzilla Bug #482733 - make outputXML available via profiles; add request id in response for deferred -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Nov 18 2008 Christina Fu <cfu@redhat.com> 1.0.0-5 -- Bugzilla Bug #471622 - Need Renewal feature via enrollment profile Framework (phase 1) -* Wed Oct 15 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-4 -- Fix for Bug 466064: Search filters built by CA servlets are not always correct -* Wed Oct 8 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 -- Bugzilla bug #405451, Vista client support. -* Tue Oct 7 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-2 -- Bugzilla bug #445436 - Bad search filter is reported by Revoke Certificates in Agent Interface -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #522208 - Packaging for Fedora Dogtag diff --git a/pki/dogtag/ca/build_dogtag b/pki/dogtag/ca/build_dogtag index aa2ab5d1c..576e4b566 100755 --- a/pki/dogtag/ca/build_dogtag +++ b/pki/dogtag/ca/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-ca.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="ca" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/ca/pki-ca.spec b/pki/dogtag/ca/pki-ca.spec index e1311c2a7..abb2599cd 100644 --- a/pki/dogtag/ca/pki-ca.spec +++ b/pki/dogtag/ca/pki-ca.spec @@ -1,450 +1,110 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Certificate Authority -%define base_component ca -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 4 -%define base_group System Environment/Daemons -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Pre & Post Install/Uninstall Scripts Definitions -%define base_user pkiuser -%define base_instance /var/lib/%{base_name} - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## For PKI version information, ALWAYS refer to the version of the -## Dogtag UI package dependency associated with this Dogtag spec file! -%define pki_version %(echo `rpm -q --queryformat '%{VERSION}' %{base_flavor}-%{base_name}-ui`) -%define pki_major_version %(echo `echo %{pki_version} | awk -F. '{ print $1 }'`) -%define pki_minor_version %(echo `echo %{pki_version} | awk -F. '{ print $2 }'`) -%define pki_patch_version %(echo `echo %{pki_version} | awk -F. '{ print $3 }'`) - -## Disallow an initial login shell -## NOTE: SELinux policy requires a shell of /sbin/nologin -%define base_login_shell /sbin/nologin - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-ca +Version: 1.3.0 +Release: 3%{?dist} +Summary: Dogtag Certificate System - Certificate Authority +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Daemons BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{base_prefix}-common >= 1.0.0, %{base_prefix}-util >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.6, tomcatjss >= 1.1.0 - -## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, %{base_prefix}-common >= 1.0.0, %{base_prefix}-selinux >= 1.0.0 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## This package is non-relocatable! -#Prefix: +BuildRequires: ant +BuildRequires: dogtag-pki-ca-ui +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: pki-common +BuildRequires: pki-util +BuildRequires: tomcatjss -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Requires: pki-ca-ui +Requires: pki-common +Requires: pki-selinux +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{pki_ca} is a required PKI subsystem which issues, +The Dogtag Certificate Authority is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). -The %{pki_ca} can be configured as a self-signing +The Dogtag Certificate Authority can be configured as a self-signing Certificate Authority (CA), where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="ca" \ + -Dversion="%{version}" %install -cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -sed -i 's/^preop.product.version=.*$/preop.product.version=%{pki_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -sed -i 's/^cms.version=.*$/cms.version=%{pki_major_version}.%{pki_minor_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix}/%{base_component} -mv %{base_component}.jar %{base_component}-%{version}.jar -ln -s %{base_component}-%{version}.jar %{base_component}.jar - - +%define major_version %(echo `echo %{version} | awk -F. '{ print $1 }'`) +%define minor_version %(echo `echo %{version} | awk -F. '{ print $2 }'`) +%define patch_version %(echo `echo %{version} | awk -F. '{ print $3 }'`) -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +rm -rf %{buildroot} +cd dist/binary +unzip %{name}-%{version}.zip -d %{buildroot} +sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ca/conf/CS.cfg +sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/ca/conf/CS.cfg +cd %{buildroot}%{_datadir}/java/pki/ca +mv ca.jar ca-%{version}.jar +ln -s ca-%{version}.jar ca.jar %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### +rm -rf %{buildroot} %pre -if [ `grep -c %{base_user} /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"%{base_user}\" to /etc/group." - groupadd %{base_user} +if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then + echo "Adding default PKI group \"pkiuser\" to /etc/group." + groupadd pkiuser fi -if [ `grep -c %{base_user} /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"%{base_user}\" to /etc/passwd." - useradd -g %{base_user} -d %{_datadir}/%{base_prefix} -s %{base_login_shell} -c "%{base_pki}" -m %{base_user} +if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then + echo "Adding default PKI user \"pkiuser\" to /etc/passwd." + useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser fi - %post -chmod 00755 %{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall -%{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall %{base_prefix} %{base_component} %{base_version} %{base_release} +%{_datadir}/pki/ca/setup/postinstall pki ca %{version} %{release} echo "" echo "Install finished." - %preun -if [ -d %{base_instance} ] ; then - echo "WARNING: The default instance \"%{base_instance}\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"%{base_instance}\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"%{base_instance}\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/%{base_name} stop +if [ -d /var/lib/pki-ca ] ; then + echo "WARNING: The default instance \"/var/lib/pki-ca\" was NOT removed!" + echo "" + echo "NOTE: This means that the data in the default instance called" + echo " \"/var/lib/pki-ca\" will NOT be overwritten once the" + echo " \"%{name}\" package is re-installed." + echo "" + echo "Shutting down the default instance \"/var/lib/pki-ca\"" + echo "PRIOR to uninstalling the \"%{name}\" package:" + echo "" + /etc/init.d/pki-ca stop fi - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### - %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix}/%{base_component} -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/acl -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/alias -%attr(00660,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/CS.cfg -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/[a-z]* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/emails -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/etc -%attr(00770,root,root) %{_datadir}/%{base_prefix}/%{base_component}/logs/signedAudit -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/profiles -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/setup -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/shared -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/temp -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/webapps -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/work - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/java/pki/ca/* +%{_datadir}/pki/ca/* %changelog -* Tue Aug 25 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-4 -- Bugzilla Bug #519259 - Change "[ -x /etc/init.d/functions]" to - "[ -f /etc/init.d/functions]" . . . -* Tue Aug 25 2009 Christina Fu <cfu@redhat.com> 1.2.0-3 -- Bugzilla Bug #465507 - Enhancement: Support SHA2 + EC signature algorithms -* Wed Aug 12 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-2 -- Bugzilla Bug #513450 - adding configuration for AIA CRL extension -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jul 2 2009 Christina Fu <cfu@redhat.com> 1.1.0-25 -- Bugzilla Bug #508332 - Clean up EE page certificate profiles -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-24 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-23 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Fri Jun 12 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-22 -- Bugzilla Bug #502694 - adding random nonces -* Sat Jun 6 2009 Christina Fu <cfu@redhat.com> 1.1.0-21 -- Bugzilla Bug #503045 - CMC Revocation cannot be completed in EE page - fails with NullPointerException -* Fri Jun 5 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-20 -- Bugzilla Bug #471318 - adding triple DES and SHA1, SHA256, SHA512 -* Thu Jun 5 2009 Jack Magne <jmagne@redhat.com> 1.1.0-19 -- Bugzilla Bug #498123 - Unable to formated token with tks clone. -* Wed Jun 3 2009 Christina Fu <cfu@redhat.com> 1.1.0-18 -- Bugzilla Bug #455305 - CA ECC signing Key Failure - Bugzilla Bug #223279 - ECC: Ca: unable to perform agent auth on a machine with - nCipher ECC HSM -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-17 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Sat May 30 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-16 -- Bugzilla Bug #482935 - Adding search limits -* Fri May 29 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-15 -- Bugzilla Bug #500733 - Subordinate CA - administrator certificate import - fails (install wizard) -* Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-14 -- Bugzilla Bug #502267 - Allow CA, DRM, OCSP, and TKS to be started using - the Security Manager -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-13 -- Bugzilla Bug #495157 - SELinux prevents CA from using nethsm pkcs11 module -* Tue May 19 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-12 -- Bugzilla Bug #491185 - added Authority Info Access extension to comply with RFC 5280 -* Thu May 14 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-11 -- Bugzilla Bug #491185 - removed Hold Instruction Code extension to comply with RFC 5280 -* Wed May 13 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-10 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Tue May 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9 -- Bugzilla Bug #500489 - CA installation wizard doesn't prompt to - download/install CA chain on Firefox 3 -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-7 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Wed Apr 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -* Tue Apr 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Mon Apr 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #496679 - Use instance-specific paths rather than - redirected paths in Execution Management Scripts -* Fri Apr 17 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-3 -- Bugzilla Bug #443120 - administrator cannot remove imported CA certificate -* Tue Apr 14 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-2 -- Bugzilla Bug #490224 - Monitor regression -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Fri Apr 3 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-39 -- Bugzilla Bug #491944 - Revoking certificates from the End Entities pages fails -* Tue Mar 31 2009 Christina Fu <cfu@redhat.com> 1.0.0-38 -- Bugzilla Bug: 488291 - Missing renewal feature for smart cards in TMS - new renewal profiles for smart cards and update for allow grace period -* Fri Mar 27 2009 Ade Lee <alee@redhat.com> 1.0.0-37 -- Bugzilla Bug: 472916 - Renewal: certs created during post-installation can not be renewed via profile framework -* Thu Mar 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-36 -- Bugzilla Bug #470175 - RFE: Directory Listing Enabled -* Fri Mar 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-35 -- Bugzilla Bug #490489 - Configuration modifications are not replicated - between admins, agents, and end entities -- Bugzilla Bug #490483 - Unable to configure CA using "Shared Ports" -* Fri Mar 20 2009 Christina Fu <cfu@redhat.com> 1.0.0-34 -- Bugzilla Bug #472916 - Renewal: certs created during post-installation can not be renewed via profile framework. PHASE 1 ONLY. -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-33 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-32 -- Bugzilla Bug #489404 - fixed non-secure port -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-31 -- Bugzilla Bug #440350 - Removed use of "rhgb-console" from "httpd" -* Fri Mar 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-30 -- Bugzilla Bug #440350 - Dogtag stop/start scripts should be chkconfig aware -* Fri Mar 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-29 -- Bugzilla Bug #334253 - Revoked certs must appear on one CRL after expiration -* Tue Mar 3 2009 Ade Lee <alee@redhat.com> 1.0.0-28 -- Bugzilla Bug #487739 - Unable to setup cloning -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-27 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Tue Feb 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-26 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Mon Feb 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-25 -- Bugzilla Bug #485790 - Need changes made to spec files in various - packages to be able to build in koji/brew -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-24 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-23 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Wed Feb 11 2009 Ade Lee <alee@redhat.com> 1.0.0-22 -- Bugzilla Bug 443413 - Email response template contains wrong link -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-21 -- Bugzilla Bug 480679 - Integrate selinux into framework -* Thu Jan 22 2009 Christina Fu <cfu@redhat.com> 1.0.0-20 -- Bugzilla Bug 481237 - Audit Log signing framework -* Mon Jan 5 2009 Ade Lee <alee@redhat.com> 1.0.0-19 -- Bugzilla Bug #472006, 472007 - Serial number management -* Wed Dec 10 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-18 -- Bugzilla Bug #475895 - Parameterize the initial login shell -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-17 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Mon Nov 24 2008 Ade Lee <alee@redhat.com> 1.0.0-16 -- Bugzilla Bug #237727 - selinux changes to init script -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-15 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Nov 18 2008 Christina Fu <cfu@redhat.com> 1.0.0-14 -- Bugzilla Bug #471622 - Need Renewal feature via enrollment profile Framework (phase 1) -* Fri Oct 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-13 -- Fix for port separation bug #466188. -* Fri Oct 9 2008 Ade Lee <alee@redhat.com> 1.0.0-12 -- Fix for Bug 223361. Security Domains in LDAP. -* Fri Aug 8 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-11 -- Fix for Bug 453834. -* Thu Aug 7 2008 Jack Magne <jmagne@redhat.com> 1.0.0-10 -- Fix for Bug #458337. -* Thu Aug 7 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-9 -- Fix for Bug 453834. -* Fri Jul 11 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-8 -- Fix for bug #243804. -* Wed Jun 25 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-7 -- Fix for bug #443687. -* Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #450345: Port Dogtag 1.0.0 to - Fedora 9 (32-bit i386 & 64-bit x86_64). -* Fri May 16 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-5 -- Fix for bug #445470. -* Tue May 7 2008 Jack Magne <jmagne@redhat.com> 1.0.0-4 -- Fix for Bug #440079. -* Tue May 6 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-3 -- Provided CRL page size as configurable parameter - bug #445400. -* Thu Apr 17 2008 Christina Fu <cfu@redhat.com> 1.0.0-2 -- Implemented bug #442800 - support UUID in Subject Alternative Name extension. Version 4 only, for now. -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Tue Oct 13 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Bugzilla Bug #522210 - Packaging for Fedora Dogtag +* Fri Sep 18 2009 Ade Lee <alee@redhat.com> 1.3.0-2 +- Bugzilla Bug 522210 - addtional changes for packaging for Fedora Dogtag + remove unused defines, unneeded attr defs, unneeded comments, autoreqprov +* Wed Sep 9 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug 522210 - Packaging for Fedora Dogtag diff --git a/pki/dogtag/common-ui/build.xml b/pki/dogtag/common-ui/build.xml index 8b981a7db..416754f35 100644 --- a/pki/dogtag/common-ui/build.xml +++ b/pki/dogtag/common-ui/build.xml @@ -137,12 +137,12 @@ <echo message="${begin.binary.zip.log.message}"/> <zip destfile="${dist.base.binaries}/${dist.name}.zip"> <zipfileset dir="./shared" - filemode="755" + filemode="644" prefix="usr/share/${product.prefix}/${product}"> <include name="**"/> </zipfileset> <zipfileset dir="." - filemode="755" + filemode="644" prefix="usr/share/doc/${dist.name}"> <include name="LICENSE"/> </zipfileset> @@ -153,12 +153,12 @@ <tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar"> <tarfileset dir="./shared" - mode="755" + mode="644" prefix="${dist.name}/usr/share/${product.prefix}/${product}"> <include name="**"/> </tarfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${dist.name}"> <include name="LICENSE"/> </tarfileset> @@ -200,7 +200,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> @@ -217,7 +217,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> diff --git a/pki/dogtag/common-ui/build_dogtag b/pki/dogtag/common-ui/build_dogtag index bab53f9c4..f49448c58 100755 --- a/pki/dogtag/common-ui/build_dogtag +++ b/pki/dogtag/common-ui/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-common-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="common-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/common-ui/dogtag-pki-common-ui.spec b/pki/dogtag/common-ui/dogtag-pki-common-ui.spec index d48aea306..d8473716d 100644 --- a/pki/dogtag/common-ui/dogtag-pki-common-ui.spec +++ b/pki/dogtag/common-ui/dogtag-pki-common-ui.spec @@ -1,273 +1,56 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Common Framework User Interface -%define base_component common-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-common-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Common Framework User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRequires: ant -## Without Requires something, rpmbuild will abort! Requires: bash >= 3.0 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} - -## This package is non-relocatable! -#Prefix: +Provides: pki-common-ui = %{version}.%{release} -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-common-ui < %{version}.%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{base_entity} PKI Common Framework. - - +The Dogtag PKI Common Framework User Interface contains the graphical +user interface for the Dogtag PKI Common Framework. -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="common-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Wed May 13 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-12 -- Bugzilla Bug #488388 - copyright notices - remove from UI -- Bugzilla Bug #440543 - CA's web-services page needs improvements -* Wed Mar 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-11 -- Bugzilla Bug #440344 - Installation page should tell admins to use - "service", not "/etc/init.d" on Linux -* Fri Feb 27 2009 Ade Lee <alee@redhat.com> 1.0.0-10 -- Bugzilla 224835 and 367171: Allow cert nicknames to be edited and sizepanel fixes -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-7 -- Bugzilla Bug #482738 - selinux changes needed for cloning -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Mon Oct 27 2008 alee <alee@redhat.com> 1.0.0-4 -- Fix for Bug# 223324. -* Wed Sep 24 2008 alee <alee@redhat.com> 1.0.0-3 -- Fix for Bug# 223367 and 224902. -* Fri May 03 2008 jmagne <jmagne@redhat.com> 1.0.0-2 -- Fix for Bug# 440079. -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #522204 - Packaging for Fedora Dogtag PKI diff --git a/pki/dogtag/common/build_dogtag b/pki/dogtag/common/build_dogtag index bb2d6dfee..cee2b7fe4 100755 --- a/pki/dogtag/common/build_dogtag +++ b/pki/dogtag/common/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-common.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="common" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/common/pki-common.spec b/pki/dogtag/common/pki-common.spec index a3246bc8c..249831b3a 100644 --- a/pki/dogtag/common/pki-common.spec +++ b/pki/dogtag/common/pki-common.spec @@ -1,217 +1,89 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Common Framework -%define base_component common -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 7 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Subpackage Header Definitions -%define javadoc_summary %{base_summary} Javadocs -%define javadoc_group Development/Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -%define pki_jre java >= 1:1.6.0 -# Override the default 'pki_jdk' and 'pki_jre' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%{?fc8:%define pki_jre java >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-common +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Common Framework +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: ant +BuildRequires: dogtag-pki-common-ui +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: ldapjdk +BuildRequires: osutil +BuildRequires: pki-util +BuildRequires: symkey +BuildRequires: velocity +BuildRequires: xalan-j2 +Buildrequires: xerces-j2 + +Requires: java >= 1:1.6.0 +Requires: jss >= 4.2.6 +Requires: osutil +Requires: pki-common-ui +Requires: pki-java-tools +Requires: pki-setup +Requires: rhgb +Requires: symkey +Requires: tomcatjss +Requires: %{_datadir}/java/ldapjdk.jar +Requires: %{_datadir}/java/pki/cmsutil.jar +Requires: %{_datadir}/java/pki/nsutil.jar +Requires: %{_datadir}/java/velocity.jar +Requires: %{_datadir}/java/xalan-j2.jar +Requires: %{_datadir}/java/xerces-j2.jar +Requires: velocity -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_prefix}-util >= 1.0.0, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.6-5, ldapjdk >= 4.17, osutil >= 1.0.0, symkey >= 1.0.0, velocity >= 1.4, xalan-j2, xerces-j2 - -## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, %{base_prefix}-java-tools >= 1.0.0, %{base_prefix}-setup >= 1.0.0, %{pki_jre}, osutil >= 1.0.0, rhgb >= 0.14.1, symkey >= 1.0.0, tomcatjss >= 1.1.0, velocity >= 1.4, jss >= 4.2.6-5 - - -## This package conflicts with the following packages! Conflicts: tomcat-native - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: - +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} is required by the following four -%{base_entity} PKI subsystems: - - the %{pki_ca}, - the %{pki_drm}, - the %{pki_ocsp}, and - the %{pki_tks}. +The Dogtag PKI Common Framework is required by the following four +Dogtag PKI subsystems: - - -############################################################################### -### S U B P A C K A G E H E A D E R ### -############################################################################### + the Dogtag Certificate Authority, + the Dogtag Data Recovery Manager, + the Dogtag Online Certificate Status Protocol Manager, and + the Dogtag Token Key Service. %package javadoc -Summary: %{javadoc_summary} -Group: %{javadoc_group} - - -## Subpackages should always use package = version-release -Requires: %{base_name} = %{version}-%{release} +Summary: Dogtag Certificate System - PKI Common Framework Javadocs +Group: Documentation +Requires: pki-common = %{version}-%{release} %description javadoc -%{javadoc_summary} +Dogtag Certificate System - PKI Common Framework Javadocs This documentation pertains exclusively to version %{version} of -the %{base_entity} %{base_product}. - - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### +the Dogtag PKI Common Framework. -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="common" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix} +unzip %{name}-%{version}.zip -d %{buildroot} +cd %{buildroot}%{_datadir}/java/pki mv certsrv.jar certsrv-%{version}.jar ln -s certsrv-%{version}.jar certsrv.jar mv cms.jar cms-%{version}.jar @@ -220,317 +92,33 @@ mv cmsbundle.jar cmsbundle-%{version}.jar ln -s cmsbundle-%{version}.jar cmsbundle.jar mv cmscore.jar cmscore-%{version}.jar ln -s cmscore-%{version}.jar cmscore.jar -mkdir -p ${RPM_BUILD_ROOT}/var/lib/tomcat5/common/lib -cd ${RPM_BUILD_ROOT}/var/lib/tomcat5/common/lib -ln -s /usr/share/java/ldapjdk.jar ldapjdk.jar -ln -s /usr/share/java/velocity.jar velocity.jar -ln -s /usr/share/java/xalan-j2.jar xalan-j2.jar -ln -s /usr/share/java/xerces-j2.jar xerces-j2.jar -ln -s /usr/share/java/%{base_prefix}/cmsutil.jar cmsutil.jar -ln -s /usr/share/java/%{base_prefix}/nsutil.jar nsutil.jar - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +mkdir -p %{buildroot}%{_sharedstatedir}/tomcat5/common/lib +cd %{buildroot}%{_sharedstatedir}/tomcat5/common/lib +ln -s %{_datadir}/java/ldapjdk.jar ldapjdk.jar +ln -s %{_datadir}/java/pki/cmsutil.jar cmsutil.jar +ln -s %{_datadir}/java/pki/nsutil.jar nsutil.jar +ln -s %{_datadir}/java/velocity.jar velocity.jar +ln -s %{_datadir}/java/xalan-j2.jar xalan-j2.jar +ln -s %{_datadir}/java/xerces-j2.jar xerces-j2.jar %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - +rm -rf %{buildroot} %post -chmod 00755 %{_datadir}/%{base_prefix}/setup/postinstall -%{_datadir}/%{base_prefix}/setup/postinstall %{base_prefix} - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +%{_datadir}/pki/setup/postinstall pki %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix} -%attr(-,root,root) %{_datadir}/%{base_prefix}/* -%attr(-,root,root) %{_var}/lib/tomcat5/common/lib/* - +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/java/pki +%{_datadir}/pki/* +%{_sharedstatedir}/tomcat5/common/lib/* %files javadoc %defattr(0644,root,root,0755) %dir %{_javadocdir}/%{name}-%{version} %{_javadocdir}/%{name}-%{version}/* - - -############################################################################### -### C H A N G E L O G ### -############################################################################### - %changelog -* Tue Aug 25 2009 Christina Fu <cfu@redhat.com> 1.2.0-7 -- Bugzilla Bug #465507 - Enhancement: Support SHA2 + EC signature algorithms -* Thu Aug 20 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-6 -- Bugzilla Bug #518431 - CA chain import -* Mon Aug 17 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-5 -- Bugzilla Bug #517609 - improved validation for validity constraints -* Wed Aug 12 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-4 -- Bugzilla Bug #513450 - adding configuration for AIA CRL extension -* Fri Aug 7 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-3 -- Bugzilla Bug #514270 - OCSM should not accept delta CRLs as full CRLs. -* Tue Aug 4 2009 Ade Lee <alee@redhat.com> 1.2.0-2 -- Bugzilla Bug #224688 - Support ECC POP on the server - -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Fri Jul 10 2009 Ade Lee <alee@redhat.com> 1.1.0-42 -- Bugzilla Bug #510163 - KRA clone throws null pointer exception when searching for requests -* Tue Jul 7 2009 Ade lee <alee@redhat.com> 1.1.0-41 -- Bugzilla Bug #510232 - clone ca server cert - wizard ignores SubjectName and Nickname customization -* Tue Jul 7 2009 Ade lee <alee@redhat.com> 1.1.0-40 -- Bugzilla Bug #509797 - attempt to backup clone-CA subsystem keys and certificates fail with ObjectNotFoundException -* Mon Jul 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-39 -- Bugzilla Bug #509833 - cleaning debug log -* Wed Jul 1 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-38 -- Bugzilla Bug #508378 - LDAP publishing over SSL -* Wed Jul 1 2009 Ade lee <alee@redhat.com> 1.1.0-37 -- Bugzilla Bug #508219 - configuring a CA instance created with pkicreate fails at import admin cert panel with null pointer exception -* Wed Jul 1 2009 Ade Lee <alee@redhat.com> 1.1.0-36 -- Bugzilla Bug #224864 - pkiremove to remove entry from security domain - more issues from port separation changes -* Tue Jun 30 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-35 -- Bugzilla Bug #508375 - LDAP publishing predicate inoperative -* Thu Jun 25 2009 Ade Lee <alee@redhat.com> 1.1.0-34 -- Bugzilla Bug #507438 - Unable to do key recovery through KRA clone -* Tue Jun 23 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-33 -- Bugzilla Bug #357581 - grace period for for user supplied validity -* Wed Jun 17 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-32 -- Bugzilla Bug #506305 - allow RA to revoke -* Wed Jun 17 2009 Ade Lee <alee@redhat.com> 1.1.0-31 -- Bugzilla Bug #503783 - Certificate Request in Queue notification is sent with previous requests e-mail address -* Fri Jun 12 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-30 -- Bugzilla Bug #502694 - adding random nonces -* Wed Jun 10 2009 Christina Fu <cfu@redhat.com> 1.1.0-29 -- Bugzilla Bug #480255 - User Certificate gets renewed when cert is not in grace period. -* Sat Jun 6 2009 Christina Fu <cfu@redhat.com> 1.1.0-28 -- Bugzilla Bug #503045 - CMC Revocation cannot be completed in EE page - fails with NullPointerException. Authorization not applied correctly. -* Fri Jun 5 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-27 -- Bugzilla Bug #471318 - adding triple DES and SHA1, SHA256, SHA512 -* Fri Jun 5 2009 Jack Magne <jmagne@redhat.com> 1.1.0-26 -- Bugzilla Bug #498123 - Unable to format a token with tks clone. -* Thu Jun 4 2009 Christina Fu <cfu@redhat.com> 1.1.0-25 -- Bugzilla Bug#502861 - "Signed CMC-Authenticated User Certificate Enrollment" fails with Authorization -* Wed Jun 3 2009 Christina Fu <cfu@redhat.com> 1.1.0-24 -- Bugzilla Bug #455305 - CA ECC signing Key Failure - Bugzilla Bug #223279 - ECC: Ca: unable to perform agent auth on a machine with - nCipher ECC HSM -* Tue Jun 2 2009 Christina Fu <cfu@redhat.com> 1.1.0-23 -- Buzilla Bug # 500738 - (nethsm2k): KRA/TKS : Installation wizard fails -* Sat May 30 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-22 -- Bugzilla Bug #482935 - Adding search limits -* Sat May 30 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-21 -- Bugzilla Bug #503289 - Improvement of default signing algorithm selection -* Fri May 29 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-20 -- Bugzilla Bug #500733 - Subordinate CA - administrator certificate import - fails (install wizard) -* Fri May 29 2009 Ade Lee <alee@redhat.com> 1.1.0-19 -- Bugzilla Bug #480714 and #481659 - renewal fixes for expired_revoked certs and prevent key archival for renewals -* Thu May 28 2009 Ade Lee <alee@redhat.com> 1.1.0-18 -- Bugzilla Bug #502257 - KRA cloning: during configuration throws "Clone is not ready" error message -* Fri May 22 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-17 -- Bugzilla Bug #488303 -* Wed May 20 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-16 -- Bugzilla Bug #491185 - added new revocation reasons to comply with RFC 5280 -* Tue May 19 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-15 -- Bugzilla Bug #491185 - added Authority Info Access extension to comply with RFC 5280 -* Mon May 18 2009 Ade Lee <alee@redhat.com> 1.1.0-14 -- Bugzilla Bug #500736 - \n characters are being incorrectly escaped on profile review form -* Wed May 13 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-13 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Sun May 10 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-12 -- Bugzilla Bug #490551 - Use profile key constraints to control enrollment key sizes -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-10 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Fri May 1 2009 Ade Lee <alee@redhat.com> 1.1.0-9 -- Bugzilla Bug #454032 - clone ca with ssl slapd has incorrect mmr agreements from configuration wizard -* Tue Apr 28 2009 Ade Lee <alee@redhat.com> 1.1.0-8 -- Bugzilla Bug #496334 - Renewal: Missing information in the first 6 requests in the CA request queue. -* Sat Apr 18 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-7 -- Bugzilla Bug #496409 - Display missing "Security Domain" information on - Security Domain Login Panel -* Fri Apr 17 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-6 -- Bugzilla Bug #443120 - administrator cannot remove imported CA certificate -* Tue Apr 14 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-5 -- Bugzilla Bug #490224 - Monitor regression -* Mon Apr 13 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-4 -- Bugzilla Bug #476318 - CA console throws Java exceptions when editing user supplied extension defaults -* Fri Apr 10 2009 Ade Lee <alee@redhat.com> 1.1.0-3 -- Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped -* Tue Apr 7 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-2 -- Bugzilla Bug #493758 - policy editor corrupts profile -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 31 2009 Ade Lee <alee@redhat.com> 1.0.0-60 -- Bugzilla Bug: 481659 - Renewal: Manual user signing and encryption certificate after renewal responds with two request ids. -* Mon Mar 30 2009 Ade Lee <alee@redhat.com> 1.0.0-59 -- Bugzilla Bug: 472916 - Renewal: certs created during post-installation can not be renewed via profile framework -* Mon Mar 30 2009 Ade Lee <alee@redhat.com> 1.0.0-58 -- Bugzilla Bug 475566 - cannot tell renewals from enrollment requests -* Thu Mar 26 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-57 -- Bugzilla Bug: 445052 - HTTP 1.1 support when fetching CRLs - adding compression -* Tue Mar 24 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-56 -- Bugzilla Bug: 478909 - possible connection leaks to CA internal DB -* Fri Mar 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-55 -- Bugzilla Bug #490489 - Configuration modifications are not replicated - between admins, agents, and end entities -- Bugzilla Bug #490483 - Unable to configure CA using "Shared Ports" -* Fri Mar 20 2009 Christina Fu <cfu@redhat.com> 1.0.0-54 -- Bugzilla Bug #472916 - Renewal: certs created during post-installation can not be renewed via profile framework. PHASE 1 ONLY. -* Tue Mar 17 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-53 -- Bugzilla Bug #490461 - Certificate file based publishing fails -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-52 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-51 -- Bugzilla Bug #489404 - fixed non-secure port -* Fri Mar 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-50 -- Bugzilla Bug #334253 - Revoked certs must appear on one CRL after expiration -* Wed Mar 4 2009 Ade Lee <alee@redhat.com> 1.0.0-49 -- Bugzilla Bug 487871, 488561 - pkiremove cleanup and remove all selinux ports -* Wed Mar 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-48 -- Bugzilla Bug #440344 - Installation page should tell admins to use - "service", not "/etc/init.d" on Linux -* Tue Mar 3 2009 Ade Lee <alee@redhat.com> 1.0.0-47 -- Bugzilla Bug #487739 - Unable to setup cloning -* Fri Feb 27 2009 Ade Lee <alee@redhat.com> 1.0.0-46 -- Bugzilla 224835 and 367171: Allow cert nicknames to be edited and sizepanel fixes -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-45 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Wed Feb 25 2009 Christina Fu <cfu@redhat.com> 1.0.0-44 -- Bugzilla Bugs: 487592 - nsTokenUserKeySubjectNameDefault does not fill in - attributes retrieved from ldap - 481790 - SubjectAltNameExtDefault: Handling Of Non-UUID OtherName Is Broken -* Wed Feb 25 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-43 -- Bugzilla Bug: 480804 - to save general settings -* Tue Feb 24 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-42 -- Bugzilla Bug: 449857 - publishing enhancement -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-41 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Fri Feb 13 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-40 -- Bugzilla Bug #485522 - Need rpm spec file to require xerces-j2 -- required to build javadocs -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-39 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-38 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -- cleaned up some javadoc warnings -* Wed Feb 11 2009 Ade Lee <alee@redhat.com> 1.0.0-37 -- Bugzilla Bug: 443417 - requestor email does not make it to mail -* Mon Feb 2 2009 Ade Lee <alee@redhat.com> 1.0.0-36 -- Bugzilla Bug: 482761 - additional changes to get cloning working -* Fri Jan 30 2009 Ade Lee <alee@redhat.com> 1.0.0-35 -- Bugzilla Bug #460582 - add UTF-8 support -* Wed Jan 28 2009 Christina Fu <cfu@redhat.com> 1.0.0-34 -- Bugzilla Bug #482733 - make outputXML available via profiles; add request id i -n response for deferred -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-33 -- Bugzilla Bugs: 482738 and 482761 -* Mon Jan 26 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-32 -- Bugzilla Bugs: 480825, 481177, and 481688 -* Thu Jan 22 2009 Christina Fu <cfu@redhat.com> 1.0.0-31 -- Bugzilla Bug 481237 - Audit Log signing framework -* Mon Jan 5 2009 Ade Lee <alee@redhat.com> 1.0.0-30 -- Bugzilla Bug 472006, 472007 - serial number management -* Fri Dec 5 2008 Christina Fu <cfu@redhat.com> 1.0.0-29 -- Buzilla Bug 474659 - moved public key challenge generation from TPS to TKS -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-28 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-27 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Nov 18 2008 Christina Fu <cfu@redhat.com> 1.0.0-26 -- Bugzilla Bug #471622 - Need Renewal feature via enrollment profile Framework (Phase 1) -* Mon Oct 27 2008 Ade Lee <alee@redhat.com> 1.0.0-25 -- Fix for Bugs: 223324, 430745, 224765, 223309 -* Fri Oct 17 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-24 -- Fix for Bug 335111: pkiconsole exception on wrong uniqueMember syntax -* Wed Oct 15 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-23 -- Fix for Bug 466064: Search filters built by CA servlets are not always correct -* Fri Oct 10 2008 Ade Lee <alee@redhat.com> 1.0.0-22 -- Fix for Bug 223361. Security Domains in LDAP. -* Thu Oct 9 2008 Ade Lee <alee@redhat.com> 1.0.0-21 -- Fix for bug 462035 (pkisilent). -* Thu Oct 9 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-20 -- Fix for Bug 465997: getBySerial servlet causing Java exception. -* Wed Sep 24 2008 Ade Lee <alee@redhat.com> 1.0.0-19 -- Fix for bug 223367 and 224902. -* Tue Sep 16 2008 Christina Fu <cfu@redhat.com> 1.0.0-18 -- Fix for bug #462488: IPAddress in SubjAltNameExt incorrectly padded with extra bytes in cert -* Wed Aug 13 2008 Ade Lee <alee@redhat.com> 1.0.0-17 -- Fix for Bug 458499: UniqueSubjectName plugin for plugins does not account for revoked certs -* Fri Aug 8 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-16 -- Fix for Bug 453834. -* Thu Aug 7 2008 Jack Magne <jmagne@redhat.com> 1.0.0-15 -- Fix for Bug #458337. -* Thu Aug 7 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-14 -- Fix for Bug 453834. -* Mon Jul 21 2008 Ade Lee <alee@redhat.com> 1.0.0-13 -- Fix for Bug 455331. -* Fri Jul 11 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-12 -- Fix for bug #243804. -* Wed Jul 9 2008 Christina Fu <cfu@redhat.com> 1.0.0-11 -- Fix for Bugzilla Bug #446685: LDAP publisher doesn't store the bind password properly -* Tue Jul 8 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-10 -- Fix for Bugzilla Bug #454559: OCSP returns a nullpointer exception - if the request is not provided as a parameter in the GET operation -* Wed Jun 25 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-9 -- Fix for bug #443687. -* Fri May 16 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-8 -- Fix for bug #445470. -* Tue May 7 2008 Jack Magne <jmagne@redhat.com> 1.0.0-7 -- Fix for Bug#440079. -* Tue May 6 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-6 -- Provided CRL page size as configurable parameter - bug #445400. -- Fixed typo - bugzilla bug #304668 -* Fri Apr 18 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Fixed bug #441974 - Added "Conflicts: tomcat-native" statement to spec file. -* Thu Apr 17 2008 Christina Fu <cfu@redhat.com> 1.0.0-4 -- Implemented bug #442800 - support UUID in Subject Alternative Name extension. Version 4 only, for now. -* Fri Apr 4 2008 Christina Fu <cfu@redhat.com> 1.0.0-3 -- Fixed bug #440989 - [SECURITY] CMC authorization check not done by default -* Fri Apr 4 2008 Christina Fu <cfu@redhat.com> 1.0.0-2 -- Fixed bug #439052 - CMC CRMF requests cause exception in logging: Unmatched braces in the pattern -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #522207 - packaging for Fedora Dogtag diff --git a/pki/dogtag/config-ext/build_dogtag_pki b/pki/dogtag/config-ext/build_dogtag_pki index ecb0fa492..318ae485c 100755 --- a/pki/dogtag/config-ext/build_dogtag_pki +++ b/pki/dogtag/config-ext/build_dogtag_pki @@ -61,12 +61,9 @@ fi # Compute remaining variables by assigning their values from the specfile PKI_SOURCE_CODE_URL="https://pki.fedoraproject.org/svn/pki/trunk/${PKI_DIR}/${PKI_SRC_DIR}/${DOGTAG_COMPONENT}" -PKI_PRODUCT_UI_PREFIX=`grep " base_ui_prefix" ${DOGTAG_SPECFILE} | awk '{ print $3; }'` -PKI_PRODUCT_PREFIX=`grep " base_prefix" ${DOGTAG_SPECFILE} | awk '{ print $3; }'` -PKI_PRODUCT=`grep " base_component" ${DOGTAG_SPECFILE} | awk '{ print $3; }'` -if [ "${PKI_PRODUCT_UI_PREFIX}" != "" ]; then +if [ "${PKI_PRODUCT_UI_FLAVOR_PREFIX}" != "" ]; then PKI_PRODUCT_BUILD_XML="${PKI_BUILD_XML}" - PKI_PRODUCT_NAME="${PKI_PRODUCT_UI_PREFIX}-${PKI_PRODUCT_PREFIX}-${PKI_PRODUCT}" + PKI_PRODUCT_NAME="${PKI_PRODUCT_UI_FLAVOR_PREFIX}-${PKI_PRODUCT_PREFIX}-${PKI_PRODUCT}" PKI_PRODUCT_SOURCE_PATH="${PKI_DIR}/${PKI_DOGTAG_DIR}/${DOGTAG_COMPONENT}" elif [ "${PKI_PRODUCT_PREFIX}" != "" ]; then PKI_PRODUCT_BUILD_XML="${PKI_BASEDIR}/${PKI_DIR}/${PKI_SRC_DIR}/${DOGTAG_COMPONENT}/${PKI_BUILD_XML}" @@ -146,6 +143,7 @@ usage() { echo " where [target] is one of the optional values:" echo echo " help --> display '${PKI_PRODUCT_NAME}' usage statement" + echo " refresh --> fetch latest '${PKI_PRODUCT_NAME}.spec' file" awk "$display_targets" ${PKI_PRODUCT_BUILD_XML} echo exit 255 @@ -308,7 +306,7 @@ if [ "\${OS}" != "Linux" ]; then exit 255 fi -ant -f config/release.xml -Dbasedir=. -Dspecfile=\${SPECFILE} -Dtarget=\${BUILD_TARGET} \${RELEASE_TARGET} +ant -f config/release.xml -Dproduct.ui.flavor.prefix=\${PKI_PRODUCT_UI_FLAVOR_PREFIX} -Dproduct.prefix=\${PKI_PRODUCT_PREFIX} -Dproduct=\${PKI_PRODUCT} -Dversion=\${PKI_VERSION} -Dbasedir=. -Dspecfile=\${SPECFILE} -Dtarget=\${BUILD_TARGET} \${RELEASE_TARGET} END_OF_SCRIPT chmod 00755 ${PKI_RELEASE_ROOT}/${PKI_RELEASE_SCRIPT} diff --git a/pki/dogtag/console-ui/build.xml b/pki/dogtag/console-ui/build.xml index 2e3f8d7b1..aa008beef 100644 --- a/pki/dogtag/console-ui/build.xml +++ b/pki/dogtag/console-ui/build.xml @@ -159,7 +159,7 @@ <include name="**"/> </zipfileset> <zipfileset dir="." - filemode="755" + filemode="644" prefix="usr/share/doc/${product.name}-${version}"> <include name="LICENSE"/> </zipfileset> @@ -175,7 +175,7 @@ <include name="**"/> </tarfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${product.name}-${version}"> <include name="LICENSE"/> </tarfileset> @@ -217,7 +217,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${product.name}.spec"/> <include name="LICENSE"/> @@ -235,7 +235,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${product.name}.spec"/> <include name="LICENSE"/> diff --git a/pki/dogtag/console-ui/build_dogtag b/pki/dogtag/console-ui/build_dogtag index 92f2e8dbe..46126c2d1 100755 --- a/pki/dogtag/console-ui/build_dogtag +++ b/pki/dogtag/console-ui/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-console-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="console-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/console-ui/dogtag-pki-console-ui.spec b/pki/dogtag/console-ui/dogtag-pki-console-ui.spec index 64edd5b73..5c6acf93c 100644 --- a/pki/dogtag/console-ui/dogtag-pki-console-ui.spec +++ b/pki/dogtag/console-ui/dogtag-pki-console-ui.spec @@ -1,252 +1,64 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Console User Interface -%define base_component console-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-console-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Console User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5, ldapjdk >= 4.17 +BuildRequires: ant +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: ldapjdk -## Without Requires something, rpmbuild will abort! -Requires: jss >= 4.2.5, ldapjdk >= 4.17 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} +Requires: java >= 1:1.6.0 +Requires: jss >= 4.2.6 +Requires: ldapjdk +Provides: pki-console-ui = %{version}-%{release} -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-console-ui < %{version}-%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{base_entity} PKI Console. - - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### +The Dogtag PKI Console User Interface contains the graphical +user interface for the Dogtag PKI Console. -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="console-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix} +unzip %{name}-%{version}.zip -d %{buildroot} +cd %{buildroot}%{_datadir}/java/pki ln -s cms-theme-%{version}_en.jar cms-theme_en.jar - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### - %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix} - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/java/pki %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Fri Mar 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-6 -- Bugzilla Bug #334253 - Revoked certs must appear on one CRL after expiration -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Wed Oct 14 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/console/build_dogtag b/pki/dogtag/console/build_dogtag index d86f0b84f..0621cb5ca 100755 --- a/pki/dogtag/console/build_dogtag +++ b/pki/dogtag/console/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-console.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="console" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/console/pki-console.spec b/pki/dogtag/console/pki-console.spec index d838e151c..088eb140a 100644 --- a/pki/dogtag/console/pki-console.spec +++ b/pki/dogtag/console/pki-console.spec @@ -1,281 +1,67 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Console -%define base_component console -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## Bugzilla Bug #246173: The following section is necessary due to -## Bugzilla Bug #232224 and is related to using the IBM JDK with a -## specific version of glibc on specific platforms on specific architectures -#%ifarch x86_64 -#export LD_PRELOAD=/usr/lib/jvm/java-1.5.0-ibm-1.5.0.3.x86_64/jre/bin/libj9vm23.so:/usr/lib/jvm/java-1.5.0-ibm-1.5.0.3.x86_64/jre/bin/libj9thr23.so:/usr/lib/jvm/java-1.5.0-ibm-1.5.0.3.x86_64/jre/bin/libjsig.so -#%endif - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-console +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Console +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_prefix}-util >= 1.0.0, %{base_flavor}-%{base_name}-ui >= 1.0.0, idm-console-framework >= 1.0.3, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5, ldapjdk >= 4.17 -## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, idm-console-framework >= 1.0.3, jss >= 4.2.5, ldapjdk >= 4.17 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: ant +BuildRequires: dogtag-pki-console-ui +BuildRequires: idm-console-framework +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: ldapjdk +BuildRequires: pki-util -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: idm-console-framework +Requires: java >= 1:1.6.0 +Requires: jss >= 4.2.6 +Requires: ldapjdk +Requires: pki-console-ui +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_product} is a java application used to administer -%{base_pki}. - +The PKI Console is a java application used to administer +Dogtag Certificate System. - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="console" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix} -ln -s console-cms-%{base_version}.jar console-cms.jar -ln -s console-cms-%{base_version}_en.jar console-cms_en.jar - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} +cd %{buildroot}%{_datadir}/java/pki +ln -s console-cms-%{version}.jar console-cms.jar +ln -s console-cms-%{version}_en.jar console-cms_en.jar %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(00755,root,root) %{_bindir}/pkiconsole -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix} - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_bindir}/pkiconsole +%{_datadir}/java/pki %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 17 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-15 -- Bugzilla Bug #224892 - corrected pkiconsole usage -* Fri Mar 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-14 -- Bugzilla Bug #334253 - Revoked certs must appear on one CRL after expiration -* Wed Feb 25 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-13 -- Bugzilla Bug #487403 - CA console incorrectly validates disabled notification -* Mon Feb 16 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-12 -- Bugzilla Bugs #443657 and #442387 - CA console freezes -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-11 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-10 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Mon Oct 13 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-7 -- Bugzilla bug #466781 - Starting console without subsystem type is causing StringIndexOutOfBoundsException -- Bugzilla bug #440546 - Console CLI crashes when not prefixed with "https://" -* Thu Oct 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla bug #465536 - pki-console rpm is missing gif files. -* Fri Oct 3 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-5 -- Bugzilla bug #442239 - Entry fields not visible in CRL Issuing Pointer Editor -* Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #450345: Port Dogtag 1.0.0 to - Fedora 9 (32-bit i386 & 64-bit x86_64). -* Thu Apr 17 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-3 -- Bugzilla bug #439027 - Corrected issue with adding CA certificates through console UI -- Bugzilla bug #441896 - Corrected console freeze after deleting user certificate -- Bugzilla bug #441901 - Corrected alignment of displayed certificates by console -* Wed Apr 16 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-2 -- Bugzilla bug #439033 - Corrected window importing certificate -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/java-tools/build_dogtag b/pki/dogtag/java-tools/build_dogtag index b7c6e9ea9..dd6c033f7 100755 --- a/pki/dogtag/java-tools/build_dogtag +++ b/pki/dogtag/java-tools/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-java-tools.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="java-tools" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/java-tools/pki-java-tools.spec b/pki/dogtag/java-tools/pki-java-tools.spec index adec3db4c..b4e25d122 100644 --- a/pki/dogtag/java-tools/pki-java-tools.spec +++ b/pki/dogtag/java-tools/pki-java-tools.spec @@ -1,302 +1,85 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Java-Based Tools -%define base_component java-tools -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Subpackage Header Definitions -%define javadoc_summary %{base_summary} Javadocs -%define javadoc_group Development/Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -%define pki_jre java >= 1:1.6.0 -# Override the default 'pki_jdk' and 'pki_jre' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%{?fc8:%define pki_jre java >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-java-tools +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Java-Based Tools +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_prefix}-util >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5, osutil >= 1.0.0 +BuildRequires: ant +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: osutil +BuildRequires: pki-util -## Without Requires something, rpmbuild will abort! -Requires: %{base_prefix}-native-tools >= 1.0.0, %{base_prefix}-util >= 1.0.0, %{pki_jre} - - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Requires: pki-native-tools +Requires: pki-util +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. These platform-independent PKI executables are used to help make -%{base_pki} into a more complete and robust PKI solution. - - - -############################################################################### -### S U B P A C K A G E H E A D E R ### -############################################################################### +Dogtag Certificate System into a more complete and robust PKI solution. %package javadoc -Summary: %{javadoc_summary} -Group: %{javadoc_group} - - -## Subpackages should always use package = version-release -Requires: %{base_name} = %{version}-%{release} +Summary: Dogtag Certificate System - PKI Java-Based Tools Javadocs +Group: Documentation +Requires: %{name} = %{version}-%{release} %description javadoc -%{javadoc_summary} +Dogtag Certificate System - PKI Java-Based Tools Javadocs This documentation pertains exclusively to version %{version} of -the %{base_entity} %{base_product}. - - +the Dogtag PKI Java-Based Tools. -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="java-tools" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix} +unzip %{name}-%{version}.zip -d %{buildroot} +cd %{buildroot}%{_datadir}/java/pki mv cstools.jar cstools-%{version}.jar ln -s cstools-%{version}.jar cstools.jar -cd ${RPM_BUILD_ROOT}/usr/share/pki -mkdir templates -mv pki_java_command_wrapper templates -mv pretty_print_cert_command_wrapper templates -mv pretty_print_crl_command_wrapper templates - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +cd %{buildroot}%{_datadir}/pki +rm pki_java_command_wrapper +rm pretty_print_cert_command_wrapper +rm pretty_print_crl_command_wrapper %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(00755,root,root) %{_bindir}/* -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix} -%attr(-,root,root) %{_datadir}/%{base_prefix} - +%defattr(-,root,root,-) +%doc LICENSE +%{_bindir}/* +%{_datadir}/java/pki +%{_datadir}/pki %files javadoc %defattr(0644,root,root,0755) %dir %{_javadocdir}/%{name}-%{version} %{_javadocdir}/%{name}-%{version}/* - - -############################################################################### -### C H A N G E L O G ### -############################################################################### - %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jun 3 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Fixed packaging issue. -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Fri Apr 3 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-10 -- Bugzilla Bug #491990 - PrettyPrintCrl fails to decode - issuing distribution point extension -* Thu Mar 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- Bugzilla Bug #490947 - PrettyPrintCrl throws exceptions -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #485522 - Need rpm spec file to require osutil -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -- cleaned up some javadoc warnings -* Thu Jan 22 2009 Christina Fu <cfu@redhat.com> 1.0.0-4 -- Bugzilla Bug 481237 - Audit Log signing framework -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #521995 - Packaging for Fedora Dogtag PKI diff --git a/pki/dogtag/kra-ui/build.xml b/pki/dogtag/kra-ui/build.xml index f16c171c3..7826cc485 100644 --- a/pki/dogtag/kra-ui/build.xml +++ b/pki/dogtag/kra-ui/build.xml @@ -137,12 +137,12 @@ <echo message="${begin.binary.zip.log.message}"/> <zip destfile="${dist.base.binaries}/${dist.name}.zip"> <zipfileset dir="./shared" - filemode="755" + filemode="644" prefix="usr/share/${product.prefix}/${product}"> <include name="**"/> </zipfileset> <zipfileset dir="." - filemode="755" + filemode="644" prefix="usr/share/doc/${dist.name}"> <include name="LICENSE"/> </zipfileset> @@ -153,12 +153,12 @@ <tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar"> <tarfileset dir="./shared" - mode="755" + mode="644" prefix="${dist.name}/usr/share/${product.prefix}/${product}"> <include name="**"/> </tarfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${dist.name}"> <include name="LICENSE"/> </tarfileset> @@ -200,7 +200,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> @@ -217,7 +217,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> diff --git a/pki/dogtag/kra-ui/build_dogtag b/pki/dogtag/kra-ui/build_dogtag index bd01cb440..73a27db7e 100755 --- a/pki/dogtag/kra-ui/build_dogtag +++ b/pki/dogtag/kra-ui/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-kra-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="kra-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/kra-ui/dogtag-pki-kra-ui.spec b/pki/dogtag/kra-ui/dogtag-pki-kra-ui.spec index a83f39391..8ce0bda5c 100644 --- a/pki/dogtag/kra-ui/dogtag-pki-kra-ui.spec +++ b/pki/dogtag/kra-ui/dogtag-pki-kra-ui.spec @@ -1,255 +1,56 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product Data Recovery Authority User Interface -%define base_component kra-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 2 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-kra-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Data Recovery Authority User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRequires: ant -## Without Requires something, rpmbuild will abort! -Requires: bash >= 3.0 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} +Requires: bash +Provides: pki-kra-ui = %{version}-%{release} -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-kra-ui < %{version}-%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{pki_drm}. - - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### +The Dogtag Data Recovery Authority User Interface contains the graphical +user interface for the Dogtag Data Recovery Manager. -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="kra-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/* %changelog -* Thu Aug 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-2 -- Bugzilla Bug #512828 - 'Starting request identifier' in 'List requests' -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jun 25 2009 Ade Lee <alee@redhat.com> 1.1.0-4 -- Bugzilla Bug #507487 - DRM: click on the recovery request id throws http 404 -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #488388 - copyright notices - remove from UI -- Bugzilla Bug #440543 - CA's web-services page needs improvements -* Fri Jan 30 2009 Ade Lee <alee@redhat.com> 1.0.0-5 -- Bugzilla Bug #460582 - add UTF-8 support -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue May 6 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Fixed typo - bugzilla bug #304668 -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/kra/build_dogtag b/pki/dogtag/kra/build_dogtag index 26dcfc699..f7f5bb9de 100755 --- a/pki/dogtag/kra/build_dogtag +++ b/pki/dogtag/kra/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-kra.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="kra" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/kra/pki-kra.spec b/pki/dogtag/kra/pki-kra.spec index c49cde4a8..a868a1071 100644 --- a/pki/dogtag/kra/pki-kra.spec +++ b/pki/dogtag/kra/pki-kra.spec @@ -1,394 +1,114 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Data Recovery Manager -%define base_component kra -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 2 -%define base_group System Environment/Daemons -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Pre & Post Install/Uninstall Scripts Definitions -%define base_user pkiuser -%define base_instance /var/lib/%{base_name} - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## For PKI version information, ALWAYS refer to the version of the -## Dogtag UI package dependency associated with this Dogtag spec file! -%define pki_version %(echo `rpm -q --queryformat '%{VERSION}' %{base_flavor}-%{base_name}-ui`) -%define pki_major_version %(echo `echo %{pki_version} | awk -F. '{ print $1 }'`) -%define pki_minor_version %(echo `echo %{pki_version} | awk -F. '{ print $2 }'`) -%define pki_patch_version %(echo `echo %{pki_version} | awk -F. '{ print $3 }'`) - -## Disallow an initial login shell -## NOTE: SELinux policy requires a shell of /sbin/nologin -%define base_login_shell /sbin/nologin - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-kra +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Data Recovery Manager +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Daemons BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{base_prefix}-common >= 1.0.0, %{base_prefix}-util >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5, tomcatjss >= 1.1.0 - -## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, %{base_prefix}-common >= 1.0.0, %{base_prefix}-selinux >= 1.0.0 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## This package is non-relocatable! -#Prefix: +BuildRequires: ant +BuildRequires: dogtag-pki-kra-ui +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: pki-common +BuildRequires: pki-util +BuildRequires: tomcatjss -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Requires: pki-common +Requires: pki-kra-ui +Requires: pki-selinux +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{pki_drm} is an optional PKI subsystem that can act +The Dogtag Data Recovery Manager is an optional PKI subsystem that can act as a Key Recovery Authority (KRA). When configured in conjunction with the -%{pki_ca}, the %{pki_drm} stores +Dogtag Certificate Authority, the Dogtag Data Recovery Manager stores private encryption keys as part of the certificate enrollment process. The key archival mechanism is triggered when a user enrolls in the PKI and creates the certificate request. Using the Certificate Request Message Format (CRMF) request format, a request is generated for the user's private encryption key. -This key is then stored in the %{pki_drm} which is +This key is then stored in the Dogtag Data Recovery Manager which is configured to store keys in an encrypted format that can only be decrypted by several agents requesting the key at one time, providing for protection of the public encryption keys for the users in the PKI deployment. -Note that the %{pki_drm} archives encryption keys; it does +Note that the Dogtag Data Recovery Manager archives encryption keys; it does not archive signing keys, since such archival would undermine nonrepudiation properties of signing keys. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="kra" \ + -Dversion="%{version}" %install -cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -sed -i 's/^preop.product.version=.*$/preop.product.version=%{pki_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -sed -i 's/^cms.version=.*$/cms.version=%{pki_major_version}.%{pki_minor_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix}/%{base_component} -mv %{base_component}.jar %{base_component}-%{version}.jar -ln -s %{base_component}-%{version}.jar %{base_component}.jar - - +%define major_version %(echo `echo %{version} | awk -F. '{ print $1 }'`) +%define minor_version %(echo `echo %{version} | awk -F. '{ print $2 }'`) +%define patch_version %(echo `echo %{version} | awk -F. '{ print $3 }'`) -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +rm -rf %{buildroot} +cd dist/binary +unzip %{name}-%{version}.zip -d %{buildroot} +sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/kra/conf/CS.cfg +sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/kra/conf/CS.cfg +cd %{buildroot}%{_datadir}/java/pki/kra +mv kra.jar kra-%{version}.jar +ln -s kra-%{version}.jar kra.jar %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### +rm -rf %{buildroot} %pre -if [ `grep -c %{base_user} /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"%{base_user}\" to /etc/group." - groupadd %{base_user} +if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then + echo "Adding default PKI group \"pkiuser\" to /etc/group." + groupadd pkiuser fi -if [ `grep -c %{base_user} /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"%{base_user}\" to /etc/passwd." - useradd -g %{base_user} -d %{_datadir}/%{base_prefix} -s %{base_login_shell} -c "%{base_pki}" -m %{base_user} +if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then + echo "Adding default PKI user \"pkiuser\" to /etc/passwd." + useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser fi - %post -chmod 00755 %{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall -%{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall %{base_prefix} %{base_component} %{base_version} %{base_release} +%{_datadir}/pki/kra/setup/postinstall pki kra %{version} %{release} echo "" echo "Install finished." - %preun -if [ -d %{base_instance} ] ; then - echo "WARNING: The default instance \"%{base_instance}\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"%{base_instance}\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"%{base_instance}\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/%{base_name} stop +if [ -d /var/lib/pki-kra ] ; then + echo "WARNING: The default instance \"/var/lib/pki-kra\" was NOT removed!" + echo "" + echo "NOTE: This means that the data in the default instance called" + echo " \"/var/lib/pki-kra\" will NOT be overwritten once the" + echo " \"%{name}\" package is re-installed." + echo "" + echo "Shutting down the default instance \"/var/lib/pki-kra\"" + echo "PRIOR to uninstalling the \"%{name}\" package:" + echo "" + /etc/init.d/pki-kra stop fi - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### - %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix}/%{base_component} -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/acl -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/alias -%attr(00660,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/CS.cfg -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/[a-z]* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/etc -%attr(00770,root,root) %{_datadir}/%{base_prefix}/%{base_component}/logs/signedAudit -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/setup -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/shared -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/temp -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/webapps -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/work - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/java/pki/kra/* +%{_datadir}/pki/kra/* %changelog -* Tue Aug 25 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-2 -- Bugzilla Bug #519259 - Change "[ -x /etc/init.d/functions]" to - "[ -f /etc/init.d/functions]" . . . -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jun 24 2009 Christina Fu <cfu@redhat.com> 1.1.0-13 -- Bugzilla Bug #233394 - Use depreciated field in PKIArchiveOption -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-12 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Thu Jun 5 2009 Jack Magne <jmagne@redhat.com> 1.1.0-10 -- Bugzilla Bug #498123 - Unable to formated token with tks clone. -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #502267 - Allow CA, DRM, OCSP, and TKS to be started using - the Security Manager -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-7 -- Bugzilla Bug #495157 - SELinux prevents CA from using nethsm pkcs11 module -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Wed Apr 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -* Tue Apr 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Mon Apr 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #496679 - Use instance-specific paths rather than - redirected paths in Execution Management Scripts -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Sat Mar 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-24 -- Bugzilla Bug #490489 - Configuration modifications are not replicated - between admins, agents, and end entities -* Thu Mar 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-23 -- Bugzilla Bug #470175 - RFE: Directory Listing Enabled -* Fri Mar 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-22 -- Bugzilla Bug #490489 - Configuration modifications are not replicated - between admins, agents, and end entities -- Bugzilla Bug #490483 - Unable to configure CA using "Shared Ports" -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-21 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-20 -- Bugzilla Bug #489404 - fixed non-secure port -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-19 -- Bugzilla Bug #440350 - Removed use of "rhgb-console" from "httpd" -* Fri Mar 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-18 -- Bugzilla Bug #440350 - Dogtag stop/start scripts should be chkconfig aware -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-17 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Tue Feb 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-16 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Mon Feb 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-15 -- Bugzilla Bug #485790 - Need changes made to spec files in various - packages to be able to build in koji/brew -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-14 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-13 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-12 -- Bugzilla Bug 480679 - Integrate selinux into framework -* Thu Jan 22 2009 Christina Fu <cfu@redhat.com> 1.0.0-11 -- Bugzilla Bug 481237 - Audit Log signing framework -* Mon Jan 5 2009 Ade Lee <alee@redhat.com> 1.0.0-10 -- Bugzilla Bug #472006 - serial number management -* Wed Dec 10 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- Bugzilla Bug #475895 - Parameterize the initial login shell -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Mon Nov 24 2008 Ade Lee <alee@redhat.com> 1.0.0-7 -- Bugzilla Bug #237727 - selinux changes to init script -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Fri Oct 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-5 -- Fix for port separation bug #466188. -* Mon Sep 22 2008 Christina Fu <cfu@redhat.com> 1.0.0-4 -- Fix for #463343 - Server-side key generation failed on DRM with nethsm -* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 -- Fix for bug #458337. -* Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #450345: Port Dogtag 1.0.0 to - Fedora 9 (32-bit i386 & 64-bit x86_64). -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/manage/build_dogtag b/pki/dogtag/manage/build_dogtag index ea33450f3..a5db45199 100755 --- a/pki/dogtag/manage/build_dogtag +++ b/pki/dogtag/manage/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-manage.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="manage" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/manage/pki-manage.spec b/pki/dogtag/manage/pki-manage.spec index b53673056..de1d6d9fd 100644 --- a/pki/dogtag/manage/pki-manage.spec +++ b/pki/dogtag/manage/pki-manage.spec @@ -1,245 +1,59 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Uninstall Scripts -%define base_component manage -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-manage +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Uninstall Scripts +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRequires: ant -## Without Requires something, rpmbuild will abort! Requires: perl >= 5.8.0 - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: - +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -%{base_entity} %{base_product} are required to remove -%{base_entity} PKI subsystems including: - - the %{pki_ca}, - the %{pki_drm}, - the %{pki_ocsp}, - the %{pki_ra}, - the %{pki_tks}, and/or - the %{pki_tps}. +Dogtag PKI Uninstall Scripts are required to remove +Dogtag PKI subsystems including: + the Dogtag Certificate Authority, + the Dogtag Data Recovery Manager, + the Dogtag Online Certificate Status Protocol Manager, + the Dogtag Registration Authority, + the Dogtag Token Key Service, and/or + the Dogtag Token Processing System. - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="manage" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(00755,root,root) %{_bindir}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_bindir}/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jun 18 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #505674 - Deprecate 'pki-manage' rpm on Linux -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI diff --git a/pki/dogtag/migrate/build_dogtag b/pki/dogtag/migrate/build_dogtag index 3bc50f48d..ec510bfc1 100755 --- a/pki/dogtag/migrate/build_dogtag +++ b/pki/dogtag/migrate/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-migrate.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="migrate" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/migrate/pki-migrate.spec b/pki/dogtag/migrate/pki-migrate.spec index b02cdfa4c..6a46e863a 100644 --- a/pki/dogtag/migrate/pki-migrate.spec +++ b/pki/dogtag/migrate/pki-migrate.spec @@ -1,345 +1,72 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Migration Scripts -%define base_component migrate -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install +Name: pki-migrate +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Migration Scripts +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells + +# Suppress automatic 'requires' and 'provisions' of multi-platform 'binaries' AutoReqProv: no BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, java-devel, jpackage-utils >= 1.6.0 - -## Without Requires something, rpmbuild will abort! -Requires: java - -## This package is non-relocatable! -#Prefix: +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Source0: %{base_name}-%{base_version}.tar.gz +BuildRequires: ant +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -%{base_entity} PKI Migration Scripts are used to export data from previous +Dogtag PKI Migration Scripts are used to export data from previous versions of Netscape Certificate Management Systems, iPlanet Certificate -Management Systems, and %{base_entity} Certificate Systems into a flat-file -which may then be imported into this release of %{base_pki}. +Management Systems, and Dogtag Certificate Systems into a flat-file +which may then be imported into this release of Dogtag Certificate System. Note that since this utility is platform-independent, it is generally possible to migrate data from previous PKI deployments originally stored on other hardware platforms as well as earlier versions of this operating system. +%global _binaries_in_noarch_packages_terminate_build 0 - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="migrate" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -rm -rf ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/*/src - +unzip %{name}-%{version}.zip -d %{buildroot} - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +# remove unwanted files +rm -rf %{buildroot}%{_datadir}/pki/migrate/*/src +rm -rf %{buildroot}%{_datadir}/pki/migrate/80/*.java +rm -rf %{buildroot}%{_datadir}/pki/migrate/TpsTo80/*.java +rm -rf %{buildroot}%{_datadir}/pki/migrate/TpsTo80/Makefile +rm -rf %{buildroot}%{_datadir}/pki/migrate/TpsTo80/*.c %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/41ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/41ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/41ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/42SP2ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/42SP2ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/42SP2ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/42ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/42ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/42ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/45ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/45ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/45ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/47ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/47ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/47ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/60ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/60ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/60ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/61ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/61ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/61ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/62ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/62ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/62ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/63ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/63ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/63ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/70ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/70ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/70ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/71ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/71ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/71ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/72ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/72ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/72ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/73ToTxt/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/73ToTxt/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/73ToTxt/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo60/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo60/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo60/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo61/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo61/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo61/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo62/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo62/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo62/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo70/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo70/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo70/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo71/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo71/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo71/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo72/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo72/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo72/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo73/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo73/run.bat -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo73/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo80/classes/* -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TxtTo80/run.sh -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/80/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/TpsTo80/* - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/migrate/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jul 2 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #508191 - Migration: CS 8.0 KRA agent unable to show - migrated data from 7.3. -* Tue Jun 9 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #504420 - Make certain that Array Types are processed prior - to non-Array types . . . -- Bugzilla Bug #483519 - rhcs73 migration tool misses iplanet case ERROR - type - iplanet.security.x509.X509CertImpl[1,0] -- Bugzilla Bug #483373 - rhpki-migrate-7.3.0-9.el4 - TxtTo73/run.sh - CLASSPATH uses TxtTo72 classes path -- Bugzilla Bug #451304 - 42ToTxt - Need to add i18n.jar to classpath for - KRA LDIF conversion -- Bugzilla Bug #225031 - migrate/47ToTxt/run.sh against this sample ldif - gives AuthToken=certSerialNo:[Ljava.math.BigInteger.... error. -- Bugzilla Bug #224972 - Migration / Upgrade script problems.... -- Bugzilla Bug #224801 - Upgrade script needs to change to drop those cert - request which were created by old jars (iplanet) files -- Bugzilla Bug #224800 - txt to cms 62 upgrade script fails on some of the - request. -- Bugzilla Bug #224763 - Migration scripts do not currently handle array - of strings properly -- Bugzilla Bug #223360 - Upgrade tools does not currently handle some of - the parameters. - -* Tue May 12 2009 Ade Lee <alee@redhat.com> 1.1.0-3 -- Bugzilla Bug #493717 - Migration scripts needed for TPS groups -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Feb 17 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #485790 - Need changes made to spec files in various packages - to be able to build in koji/brew -* Fri Jan 30 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #253615 - RFE: migration tool needs to be written for the - serialization changes -- Allowed 63ToTxt binaries to be published -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Fri Oct 10 2008 Ade Lee <alee@redhat.com> 1.0.0-2 -- Migration scripts for 8.0 Security Domain #223361 -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI diff --git a/pki/dogtag/native-tools/build_dogtag b/pki/dogtag/native-tools/build_dogtag index 722efbf81..c7b843758 100755 --- a/pki/dogtag/native-tools/build_dogtag +++ b/pki/dogtag/native-tools/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-native-tools.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="native-tools" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/native-tools/pki-native-tools.spec b/pki/dogtag/native-tools/pki-native-tools.spec index 04f131385..c3e97b3c7 100644 --- a/pki/dogtag/native-tools/pki-native-tools.spec +++ b/pki/dogtag/native-tools/pki-native-tools.spec @@ -1,284 +1,68 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Native Tools -%define base_component native-tools -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 2 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Build Definitions -%define base_build_dir blds -%define base_staging_dir STAGING - -## Installation Definitions -%define base_install_dir /opt/%{base_component} -%define setup_package setup_package - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## 32-bit Definitions -%ifarch i386 i486 i586 i686 -%define architecture intel -%define configure_cmd ../configure -%endif - -## 64-bit Definitions -%ifarch x86_64 -%define architecture intel -%define configure_cmd ../configure --enable-64bit --libdir=%{base_install_dir}/lib64 -%endif - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no - -BuildRoot: %{_builddir}/%{name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: bash >= 3.0, cyrus-sasl-devel >= 2.1.19, mozldap-devel >= 6.0.2, nspr-devel >= 4.6.99, nss-devel >= 3.12.3.99, svrcore-devel >= 4.0.3.01 - -## Without Requires something, rpmbuild will abort! -Requires: mozldap-tools >= 6.0.2, nss >= 3.12.3.99, nss-tools >= 3.12.3.99, perl >= 5.8.0 - - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: - +Name: pki-native-tools +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Native Tools +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: bash +BuildRequires: cyrus-sasl-devel +BuildRequires: mozldap-devel +BuildRequires: nspr-devel >= 4.6.99 +BuildRequires: nss-devel >= 3.12.3.99 +BuildRequires: svrcore-devel + +Requires: mozldap-tools +Requires: nss >= 3.12.3.99 +Requires: nss-tools >= 3.12.3.99 +Requires: perl >= 5.8.0 + +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. These platform-dependent PKI executables are used to help make -%{base_pki} into a more complete and robust PKI solution. +Dogtag Certificate System into a more complete and robust PKI solution. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - -%setup -q -n %{base_name}-%{base_version} - - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### +%setup -q -n %{name}-%{version} %build -%{?pkg_config_cmd} -mkdir %{base_build_dir} -cd %{base_build_dir} -mkdir %{base_staging_dir} -%{configure_cmd} +%configure \ +%ifarch ppc64 s390x sparc64 x86_64 + --enable-64bit \ +%endif + --libdir=%{_libdir} make - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### - %install -%{?pkg_config_cmd} -rm -rf ${RPM_BUILD_ROOT} -cd %{base_build_dir} -make install DESTDIR="`pwd`/%{base_staging_dir}" +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} ## rearrange files to be in the desired native packaging layout -../%{setup_package} ${RPM_BUILD_ROOT} %{base_prefix} %{base_component} %{version} %{base_release} %{architecture} `pwd`/%{base_staging_dir}/%{base_install_dir} - +setup_package %{buildroot} pki native-tools %{version} %{release} %{buildroot}/opt - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +## remove unwanted files +rm -rf %{buildroot}/opt +rm -rf %{buildroot}/usr/libexec +rm -rf %{buildroot}%{_datadir}/pki/templates %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(00755,root,root) %{_bindir}/* -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_libdir}/%{base_prefix} -%attr(-,root,root) %{_datadir}/%{base_prefix} - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE doc/README +%{_bindir}/* +%{_libdir}/pki +%{_datadir}/pki %changelog -* Fri Aug 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-2 -- Bugzilla Bug #518736 - Port Dogtag 1.2.0 to 32-bit and 64-bit Fedora 11 . . . -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jul 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #512134 - strip symbols from libraries, modules, - and executables -* Mon Jul 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- bugzilla Bug #509183 - update nss dependency >= 3.12.3.99 -* Wed Jun 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #507746 - Configure TPS/RA to listen on Ipv4 and Ipv6 - on Ipv4 and Ipv6 -* Wed Jun 24 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug 505788 - RA agent list certificates and view a user certificate throws 500 internal server error -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Wed Feb 11 2009 Ade Lee <alee@redhat.com> 1.0.0-5 -- Bugzilla # 484826 -selinux policy required for TPS and RA subsystems -* Thu Dec 4 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #474369 - Remove NSS dependency on "pkcs11-devel" and - upgrade NSS/NSPR version dependencies -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Mon Oct 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1 +- Bugzilla Bug #522895 - New Package for Dogtag PKI: native-tools diff --git a/pki/dogtag/ocsp-ui/build.xml b/pki/dogtag/ocsp-ui/build.xml index 42a303182..babdbcae6 100644 --- a/pki/dogtag/ocsp-ui/build.xml +++ b/pki/dogtag/ocsp-ui/build.xml @@ -137,12 +137,12 @@ <echo message="${begin.binary.zip.log.message}"/> <zip destfile="${dist.base.binaries}/${dist.name}.zip"> <zipfileset dir="./shared" - filemode="755" + filemode="644" prefix="usr/share/${product.prefix}/${product}"> <include name="**"/> </zipfileset> <zipfileset dir="." - filemode="755" + filemode="644" prefix="usr/share/doc/${dist.name}"> <include name="LICENSE"/> </zipfileset> @@ -153,12 +153,12 @@ <tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar"> <tarfileset dir="./shared" - mode="755" + mode="644" prefix="${dist.name}/usr/share/${product.prefix}/${product}"> <include name="**"/> </tarfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${dist.name}"> <include name="LICENSE"/> </tarfileset> @@ -200,7 +200,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> @@ -217,7 +217,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> diff --git a/pki/dogtag/ocsp-ui/build_dogtag b/pki/dogtag/ocsp-ui/build_dogtag index 1c91be0a9..cecfd76d6 100755 --- a/pki/dogtag/ocsp-ui/build_dogtag +++ b/pki/dogtag/ocsp-ui/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-ocsp-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="ocsp-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec b/pki/dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec index ebeb8bb82..5c4d417df 100644 --- a/pki/dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec +++ b/pki/dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec @@ -1,249 +1,57 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product Online Certificate Status Protocol User Interface -%define base_component ocsp-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-ocsp-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Online Certificate Status Protocol User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRequires: ant -## Without Requires something, rpmbuild will abort! -Requires: bash >= 3.0 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} +Requires: bash +Provides: pki-ocsp-ui = %{version}-%{release} -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-ocsp-ui < %{version}-%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{pki_ocsp}. - - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### +The Dogtag Online Certificate Status Protocol User Interface contains the +graphical user interface for the +Dogtag Online Certificate Status Protocol Manager. -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="ocsp-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #488388 - copyright notices - remove from UI -- Bugzilla Bug #440543 - CA's web-services page needs improvements -* Fri Jan 30 2009 Ade Lee <alee@redhat.com> 1.0.0-4 -- Bugzilla Bug #460582 - add UTF-8 support -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/ocsp/build_dogtag b/pki/dogtag/ocsp/build_dogtag index e62c5c980..cfa64b1a6 100755 --- a/pki/dogtag/ocsp/build_dogtag +++ b/pki/dogtag/ocsp/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-ocsp.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="ocsp" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/ocsp/pki-ocsp.spec b/pki/dogtag/ocsp/pki-ocsp.spec index 5817365aa..828aca6a2 100644 --- a/pki/dogtag/ocsp/pki-ocsp.spec +++ b/pki/dogtag/ocsp/pki-ocsp.spec @@ -1,398 +1,123 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Online Certificate Status Protocol Manager -%define base_component ocsp -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 3 -%define base_group System Environment/Daemons -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Pre & Post Install/Uninstall Scripts Definitions -%define base_user pkiuser -%define base_instance /var/lib/%{base_name} - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## For PKI version information, ALWAYS refer to the version of the -## Dogtag UI package dependency associated with this Dogtag spec file! -%define pki_version %(echo `rpm -q --queryformat '%{VERSION}' %{base_flavor}-%{base_name}-ui`) -%define pki_major_version %(echo `echo %{pki_version} | awk -F. '{ print $1 }'`) -%define pki_minor_version %(echo `echo %{pki_version} | awk -F. '{ print $2 }'`) -%define pki_patch_version %(echo `echo %{pki_version} | awk -F. '{ print $3 }'`) - -## Disallow an initial login shell -## NOTE: SELinux policy requires a shell of /sbin/nologin -%define base_login_shell /sbin/nologin - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-ocsp +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Online Certificate Status Protocol Manager +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Daemons BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{base_prefix}-common >= 1.0.0, %{base_prefix}-util >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5, tomcatjss >= 1.1.0 - -## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, %{base_prefix}-common >= 1.0.0, %{base_prefix}-selinux >= 1.0.0 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## This package is non-relocatable! -#Prefix: +BuildRequires: ant +BuildRequires: dogtag-pki-ocsp-ui +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: pki-common +BuildRequires: pki-util +BuildRequires: tomcatjss -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Requires: pki-common +Requires: pki-ocsp-ui +Requires: pki-selinux +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{pki_ocsp} is an optional +The Dogtag Online Certificate Status Protocol Manager is an optional PKI subsystem that can act as a stand-alone Online Certificate Status Protocol (OCSP) service. -The %{pki_ocsp} performs the task of an +The Dogtag Online Certificate Status Protocol Manager performs the task of an online certificate validation authority by enabling OCSP-compliant clients to do real-time verification of certificates. Note that an online certificate-validation authority is often referred to as an OCSP Responder. -Although the %{pki_ca} is already configured with an +Although the Dogtag Certificate Authority is already configured with an internal OCSP service. An external OCSP Responder is offered as a separate subsystem in case the user wants the OCSP service provided outside of a -firewall while the %{pki_ca} resides inside of a firewall, -or to take the load of requests off of the %{pki_ca}. +firewall while the Dogtag Certificate Authority resides inside of a firewall, +or to take the load of requests off of the Dogtag Certificate Authority. -The %{pki_ocsp} can receive Certificate -Revocation Lists (CRLs) from multiple %{pki_ca} servers, -and clients can query the %{pki_ocsp} +The Dogtag Online Certificate Status Protocol Manager can receive Certificate +Revocation Lists (CRLs) from multiple Dogtag Certificate Authority servers, +and clients can query the Dogtag Online Certificate Status Protocol Manager for the revocation status of certificates issued by all of these -%{pki_ca} servers. +Dogtag Certificate Authority servers. -When an instance of %{pki_ocsp} is -set up with an instance of %{pki_ca}, and publishing -is set up to this %{pki_ocsp}, +When an instance of Dogtag Online Certificate Status Protocol Manager is +set up with an instance of Dogtag Certificate Authority, and publishing +is set up to this Dogtag Online Certificate Status Protocol Manager, CRLs are published to it whenever they are issued or updated. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="ocsp" \ + -Dversion="%{version}" %install -cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -sed -i 's/^preop.product.version=.*$/preop.product.version=%{pki_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -sed -i 's/^cms.version=.*$/cms.version=%{pki_major_version}.%{pki_minor_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix}/%{base_component} -mv %{base_component}.jar %{base_component}-%{version}.jar -ln -s %{base_component}-%{version}.jar %{base_component}.jar - - +%define major_version %(echo `echo %{version} | awk -F. '{ print $1 }'`) +%define minor_version %(echo `echo %{version} | awk -F. '{ print $2 }'`) +%define patch_version %(echo `echo %{version} | awk -F. '{ print $3 }'`) -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +rm -rf %{buildroot} +cd dist/binary +unzip %{name}-%{version}.zip -d %{buildroot} +sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg +sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg +cd %{buildroot}%{_datadir}/java/pki/ocsp +mv ocsp.jar ocsp-%{version}.jar +ln -s ocsp-%{version}.jar ocsp.jar %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### +rm -rf %{buildroot} %pre -if [ `grep -c %{base_user} /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"%{base_user}\" to /etc/group." - groupadd %{base_user} +if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then + echo "Adding default PKI group \"pkiuser\" to /etc/group." + groupadd pkiuser fi -if [ `grep -c %{base_user} /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"%{base_user}\" to /etc/passwd." - useradd -g %{base_user} -d %{_datadir}/%{base_prefix} -s %{base_login_shell} -c "%{base_pki}" -m %{base_user} +if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then + echo "Adding default PKI user \"pkiuser\" to /etc/passwd." + useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser fi - %post -chmod 00755 %{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall -%{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall %{base_prefix} %{base_component} %{base_version} %{base_release} +%{_datadir}/pki/ocsp/setup/postinstall pki ocsp %{version} %{release} echo "" echo "Install finished." - %preun -if [ -d %{base_instance} ] ; then - echo "WARNING: The default instance \"%{base_instance}\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"%{base_instance}\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"%{base_instance}\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/%{base_name} stop +if [ -d /var/lib/pki-ocsp ] ; then + echo "WARNING: The default instance \"/var/lib/pki-ocsp\" was NOT removed!" + echo "" + echo "NOTE: This means that the data in the default instance called" + echo " \"/var/lib/pki-ocsp\" will NOT be overwritten once the" + echo " \"%{name}\" package is re-installed." + echo "" + echo "Shutting down the default instance \"/var/lib/pki-ocsp\"" + echo "PRIOR to uninstalling the \"%{name}\" package:" + echo "" + /etc/init.d/pki-ocsp stop fi - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### - %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix}/%{base_component} -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/acl -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/alias -%attr(00660,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/CS.cfg -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/[a-z]* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/etc -%attr(00770,root,root) %{_datadir}/%{base_prefix}/%{base_component}/logs/signedAudit -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/setup -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/shared -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/temp -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/webapps -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/work - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/java/pki/ocsp/* +%{_datadir}/pki/ocsp/* %changelog -* Tue Aug 25 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-3 -- Bugzilla Bug #519259 - Change "[ -x /etc/init.d/functions]" to - "[ -f /etc/init.d/functions]" . . . -* Tue Aug 25 2009 Christina Fu <cfu@redhat.com> 1.2.0-2 -- Bugzilla Bug #465507 - Enhancement: Support SHA2 + EC signature algorithms -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-12 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Thu Jun 5 2009 Jack Magne <jmagne@redhat.com> 1.1.0-10 -- Bugzilla Bug #498123 - Unable to formated token with tks clone. -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #502267 - Allow CA, DRM, OCSP, and TKS to be started using - the Security Manager -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-7 -- Bugzilla Bug #495157 - SELinux prevents CA from using nethsm pkcs11 module -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Wed Apr 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -* Tue Apr 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Mon Apr 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #496679 - Use instance-specific paths rather than - redirected paths in Execution Management Scripts -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Thu Mar 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-22 -- Bugzilla Bug #470175 - RFE: Directory Listing Enabled -* Fri Mar 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-21 -- Bugzilla Bug #490489 - Configuration modifications are not replicated - between admins, agents, and end entities -- Bugzilla Bug #490483 - Unable to configure CA using "Shared Ports" -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-20 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-19 -- Bugzilla Bug #489404 - fixed non-secure port -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-18 -- Bugzilla Bug #440350 - Removed use of "rhgb-console" from "httpd" -* Fri Mar 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-17 -- Bugzilla Bug #440350 - Dogtag stop/start scripts should be chkconfig aware -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-16 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Tue Feb 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-15 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Mon Feb 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-14 -- Bugzilla Bug #485790 - Need changes made to spec files in various - packages to be able to build in koji/brew -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-13 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-12 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-11 -- Bugzilla Bug 480679 - Integrate selinux into framework -* Thu Jan 22 2009 Christina Fu <cfu@redhat.com> 1.0.0-10 -- Bugzilla Bug 481237 - Audit Log signing framework -* Mon Jan 5 2009 Ade Lee <alee@redhat.com> 1.0.0-9 -- Bugzilla Bug #472006, 472007 - Serial number management -* Wed Dec 10 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #475895 - Parameterize the initial login shell -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Mon Nov 24 2008 Ade Lee <alee@redhat.com> 1.0.0-6 -- Bugzilla Bug #237727 - selinux changes to init script -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Thu Oct 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-4 -- Fix for port separation bug #466188. -* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 -- Fix for bug #458337. -* Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #450345: Port Dogtag 1.0.0 to - Fedora 9 (32-bit i386 & 64-bit x86_64). -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/osutil/build_dogtag b/pki/dogtag/osutil/build_dogtag index 80eacc438..611e921a7 100755 --- a/pki/dogtag/osutil/build_dogtag +++ b/pki/dogtag/osutil/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="osutil.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="osutil" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/osutil/osutil.spec b/pki/dogtag/osutil/osutil.spec index 8b4b71942..f817d4ee8 100644 --- a/pki/dogtag/osutil/osutil.spec +++ b/pki/dogtag/osutil/osutil.spec @@ -1,271 +1,72 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Product Definitions -%define base_product Operating System Utilities JNI Package -%define base_component osutil - -## Package Header Definitions -%define base_name %{base_component} -%define base_version 1.2.0 -%define base_release 2 -%define base_group System Environment/Libraries -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} - -## Build Definitions -%define base_build_dir blds -%define base_staging_dir STAGING - -## Installation Definitions -%define base_install_dir /opt/%{base_component} -%define setup_package setup_package - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## 32-bit Definitions -%ifarch i386 i486 i586 i686 -%define ant_cmd ant -Dspecfile=%{base_name}.spec -%define architecture intel -%define configure_cmd ../configure -%endif - -## 64-bit Definitions -%ifarch x86_64 -%define ant_cmd ant -Dspecfile=%{base_name}.spec -%define architecture intel -%define configure_cmd ../configure --enable-64bit --libdir=%{base_install_dir}/lib64 -%endif - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no - -BuildRoot: %{_builddir}/%{name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, bash >= 3.0, %{pki_jdk}, jpackage-utils >= 1.6.0, nspr-devel >= 4.6.99, nss-devel >= 3.12.3.99, pkgconfig - -## Without Requires something, rpmbuild will abort! -Requires: jpackage-utils >= 1.6.0, nss >= 3.12.3.99 - - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: - +Name: osutil +Version: 1.3.0 +Release: 1%{?dist} +Summary: Operating System Utilities JNI Package +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Libraries + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: ant +BuildRequires: bash +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: nspr-devel >= 4.6.99 +BuildRequires: nss-devel >= 3.12.3.99 +BuildRequires: pkgconfig + +Requires: java >= 1:1.6.0 +Requires: jpackage-utils +Requires: nss >= 3.12.3.99 + +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description The Operating System Utilities Java Native Interface (JNI) package supplies various native operating system operations to Java programs. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - -%setup -q -n %{base_name}-%{base_version} - - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### +%setup -q -n %{name}-%{version} %build -%{?pkg_config_cmd} -%{ant_cmd} -mkdir %{base_build_dir} -cd %{base_build_dir} -mkdir %{base_staging_dir} -%{configure_cmd} +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="" \ + -Dproduct="%{name}" \ + -Dversion="%{version}" +%configure \ +%ifarch ppc64 s390x sparc64 x86_64 + --enable-64bit \ +%endif + --libdir=%{_libdir} make - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### - %install -%{?pkg_config_cmd} -rm -rf ${RPM_BUILD_ROOT} -cd %{base_build_dir} -make install DESTDIR="`pwd`/%{base_staging_dir}" +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} ## rearrange files to be in the desired native packaging layout -../%{setup_package} ${RPM_BUILD_ROOT} %{version} %{base_release} %{architecture} `pwd`/%{base_staging_dir}/%{base_install_dir} - +mkdir -p %{buildroot}%{_datadir}/doc/%{name}-%{version}/ +mv %{buildroot}/opt/doc/LICENSE %{buildroot}%{_datadir}/doc/%{name}-%{version}/ +mkdir -p %{buildroot}%{_jnidir}/ +mv %{buildroot}/opt/java/%{name}.jar %{buildroot}%{_jnidir}/%{name}-%{version}.jar +cd %{buildroot}%{_jnidir} ; ln -s %{name}-%{version}.jar %{name}.jar - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +## remove unwanted files +rm -rf %{buildroot}/opt +rm -rf %{buildroot}%{_libdir}/lib%{name}.la %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_jnidir}/* -%attr(-,root,root) %{_libdir}/lib* -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_jnidir}/* +%{_libdir}/lib* %changelog -* Fri Aug 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-2 -- Bugzilla Bug #518736 - Port Dogtag 1.2.0 to 32-bit and 64-bit Fedora 11 . . . -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jul 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #512134 - strip symbols from libraries, modules, - and executables -* Mon Jul 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- bugzilla Bug #509183 - update nss dependency >= 3.12.3.99 -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Mon Feb 2 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #483698 - unable to build osutil without pkgconfig -* Thu Dec 4 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #474369 - Remove NSS dependency on "pkcs11-devel" and - upgrade NSS/NSPR version dependencies -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Thu Oct 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1 +- Bugzilla Bug #521983 - New package for Dogtag PKI: osutil diff --git a/pki/dogtag/ra-ui/build.xml b/pki/dogtag/ra-ui/build.xml index bdaaf6781..512a622f8 100644 --- a/pki/dogtag/ra-ui/build.xml +++ b/pki/dogtag/ra-ui/build.xml @@ -137,12 +137,12 @@ <echo message="${begin.binary.zip.log.message}"/> <zip destfile="${dist.base.binaries}/${dist.name}.zip"> <zipfileset dir="./shared" - filemode="755" + filemode="644" prefix="usr/share/${product.prefix}/${product}"> <include name="**"/> </zipfileset> <zipfileset dir="." - filemode="755" + filemode="644" prefix="usr/share/doc/${dist.name}"> <include name="LICENSE"/> </zipfileset> @@ -153,12 +153,12 @@ <tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar"> <tarfileset dir="./shared" - mode="755" + mode="644" prefix="${dist.name}/usr/share/${product.prefix}/${product}"> <include name="**"/> </tarfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${dist.name}"> <include name="LICENSE"/> </tarfileset> @@ -200,7 +200,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> @@ -217,7 +217,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> diff --git a/pki/dogtag/ra-ui/build_dogtag b/pki/dogtag/ra-ui/build_dogtag index 540380724..255d88912 100755 --- a/pki/dogtag/ra-ui/build_dogtag +++ b/pki/dogtag/ra-ui/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-ra-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="ra-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/ra-ui/dogtag-pki-ra-ui.spec b/pki/dogtag/ra-ui/dogtag-pki-ra-ui.spec index 0fb2c0508..878e663ad 100644 --- a/pki/dogtag/ra-ui/dogtag-pki-ra-ui.spec +++ b/pki/dogtag/ra-ui/dogtag-pki-ra-ui.spec @@ -1,276 +1,56 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product Registration Authority User Interface -%define base_component ra-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-ra-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Registration Authority User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## Without Requires something, rpmbuild will abort! -Requires: bash >= 3.0 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} +BuildRequires: ant +Requires: bash -## This package is non-relocatable! -#Prefix: +Provides: pki-ra-ui = %{version}-%{release} -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-ra-ui < %{version}-%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{pki_ra}. - - +The Dogtag Registration Authority User Interface contains the graphical +user interface for the Dogtag Registration Authority. -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="ra-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Tue Jun 23 2009 Ade Lee <alee@redhat.com> 1.1.0-9 -- Bugzilla Bug #483302 - UTF-8 enrollments not working when initiated from RA -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-7 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Mon Jun 8 2009 Ade Lee <alee@redhat.com> 1.1.0-6 -- Bugzilla Bug #501699 - Renewal request in RA throws error - certificate not found in database -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Thu May 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- Bugzilla Bug #488388 - copyright notices - remove from UI -- Bugzilla Bug #440543 - CA's web-services page needs improvements -* Wed Mar 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #440344 - Installation page should tell admins to use - "service", not "/etc/init.d" on Linux -* Fri Feb 27 2009 Ade Lee <alee@redhat.com> 1.0.0-7 -- Bugzilla 224835 and 367171: Allow cert nicknames to be edited and sizepanel fixes -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Thu Oct 02 2008 Jack Magne <jmagne@redhat.com> 1.0.0-2 -- Fix for Vista support, #405451 -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Fedora Packaging Changes diff --git a/pki/dogtag/ra/build_dogtag b/pki/dogtag/ra/build_dogtag index 7ad952859..175873f50 100755 --- a/pki/dogtag/ra/build_dogtag +++ b/pki/dogtag/ra/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-ra.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="ra" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/ra/pki-ra.spec b/pki/dogtag/ra/pki-ra.spec index 0677a8765..d7e300bc5 100644 --- a/pki/dogtag/ra/pki-ra.spec +++ b/pki/dogtag/ra/pki-ra.spec @@ -1,412 +1,103 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Registration Authority -%define base_component ra -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 2 -%define base_group System Environment/Daemons -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Pre & Post Install/Uninstall Scripts Definitions -%define base_user pkiuser -%define base_instance /var/lib/%{base_name} - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## Disallow an initial login shell -## NOTE: SELinux policy requires a shell of /sbin/nologin -%define base_login_shell /sbin/nologin - -## For PKI version information, ALWAYS refer to the version of the -## Dogtag UI package dependency associated with this Dogtag spec file! -%define pki_version %(echo `rpm -q --queryformat '%{VERSION}' %{base_flavor}-%{base_name}-ui`) - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-ra +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Registration Authority +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Daemons BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_flavor}-%{base_name}-ui >= 1.0.0 - -## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, %{base_prefix}-setup >= 1.0.0, mod_nss >= 1.0.7, mod_perl >= 1.99_16, mozldap >= 6.0.2, perl-DBD-SQLite >= 1.11, perl-DBI >= 1.52, perl-HTML-Parser >= 3.35, perl-HTML-Tagset >= 3.03, perl-Parse-RecDescent >= 1.94, perl-URI >= 1.30, perl-XML-NamespaceSupport >= 1.08, perl-XML-Parser >= 2.34, sendmail >= 8.13.1, sqlite >= 3.3.3, %{base_prefix}-selinux >= 1.0.0, perl-XML-Simple - - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: ant +BuildRequires: dogtag-pki-ra-ui + +Requires: mod_nss >= 1.0.7 +Requires: mod_perl >= 1.99_16 +Requires: mozldap >= 6.0.2 +Requires: perl-DBD-SQLite +Requires: perl-DBI +Requires: perl-HTML-Parser +Requires: perl-HTML-Tagset +Requires: perl-Parse-RecDescent +Requires: perl-URI +Requires: perl-XML-NamespaceSupport +Requires: perl-XML-Parser +Requires: perl-XML-Simple +Requires: pki-ra-ui +Requires: pki-selinux +Requires: pki-setup +Requires: sendmail +Requires: sqlite + +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{pki_ra} is an optional PKI subsystem that +The Dogtag Registration Authority is an optional PKI subsystem that acts as a front-end for authenticating and processing enrollment requests, PIN reset requests, and formatting requests. -%{pki_ra} communicates over SSL with the -%{pki_ca} to fulfill the user's requests. - - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### +Dogtag Registration Authority communicates over SSL with the +Dogtag Certificate Authority to fulfill the user's requests. -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="ra" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -sed -i 's/^preop.product.version=.*$/preop.product.version=%{pki_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} +sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ra/conf/CS.cfg %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### +rm -rf %{buildroot} %pre -if [ `grep -c %{base_user} /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"%{base_user}\" to /etc/group." - groupadd %{base_user} +if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then + echo "Adding default PKI group \"pkiuser\" to /etc/group." + groupadd pkiuser fi -if [ `grep -c %{base_user} /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"%{base_user}\" to /etc/passwd." - useradd -g %{base_user} -d %{_datadir}/%{base_prefix} -s %{base_login_shell} -c "%{base_pki}" -m %{base_user} +if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then + echo "Adding default PKI user \"pkiuser\" to /etc/passwd." + useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser fi - %post -chmod 00755 %{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall -%{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall %{base_prefix} %{base_component} %{base_version} %{base_release} +%{_datadir}/pki/ra/setup/postinstall pki ra %{version} %{release} echo "" echo "Install finished." - %preun -if [ -d %{base_instance} ] ; then - echo "WARNING: The default instance \"%{base_instance}\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"%{base_instance}\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"%{base_instance}\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/%{base_name} stop +if [ -d /var/lib/pki-ra ] ; then + echo "WARNING: The default instance \"/var/lib/pki-ra\" was NOT removed!" + echo "" + echo "NOTE: This means that the data in the default instance called" + echo " \"/var/lib/pki-ra\" will NOT be overwritten once the" + echo " \"%{name}\" package is re-installed." + echo "" + echo "Shutting down the default instance \"/var/lib/pki-ra\"" + echo "PRIOR to uninstalling the \"%{name}\" package:" + echo "" + /etc/init.d/pki-ra stop fi - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### - %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/alias -%attr(00660,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/CS.cfg -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/[a-z]* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/docroot -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/etc -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/lib -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/logs -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/scripts -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/setup - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/ra/* %changelog -* Tue Aug 25 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-2 -- Bugzilla Bug #519259 - Change "[ -x /etc/init.d/functions]" to - "[ -f /etc/init.d/functions]" . . . -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Tue Jul 14 2009 Ade Lee <alee@redhat.com> 1.1.0-27 -- Bugzilla Bug #511337 - sscep getca fails with define CA identifier -* Mon Jul 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-26 -- Bugzilla Bug #509833 - cleaning debug log -* Wed Jun 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-25 -- Bugzilla Bug #507746 - Configure TPS/RA to listen on Ipv4 and Ipv6 -* Wed Jun 24 2009 Ade Lee <alee@redhat.com> 1.1.0-24 -- Bugzilla Bug #505788 - RA agent list certificates and view a user certificate throws 500 internal server error -* Tue Jun 23 2009 Ade Lee <alee@redhat.com> 1.1.0-23 -- Bugzilla Bug #483302 - UTF-8 enrollments not working when initiated from RA -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-22 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Tue Jun 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-21 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Tue Jun 16 2009 Ade Lee <alee@redhat.com> 1.1.0-20 -- Bugzilla Bug #504240 RA (nethsm) : unable to approve server cert -* Tue Jun 16 2009 Ade Lee <alee@redhat.com> 1.1.0-19 -- Bugzilla Bug #505784 and 505791 - RA cert notifications incorrect -* Wed Jun 10 2009 Ade Lee <alee@redhat.com> 1.1.0-18 -- Bugzilla Bug #471916 - RA: input validation -* Wed Jun 10 2009 Ade Lee <alee@redhat.com> 1.1.0-17 -- Bugzilla Bug #504898 - RA: agent unable to revoke a cert -* Mon Jun 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-16 -- Bugzilla Bug #501081 - remove mod_revocator rpm as a dependency -* Mon Jun 8 2009 Ade Lee <alee@redhat.com> 1.1.0-15 -- Bugzilla Bug #501699 - Renewal request in RA throws error - certificate not found in database -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-14 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-13 -- Bugzilla Bug #502398 - Restore Configuration Logging Capabilities to - RA and TPS -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-12 -- Bugzilla Bug #495157 - SELinux prevents CA from using nethsm pkcs11 module -* Thu May 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Mon May 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-10 -- Bugzilla Bug #499025 - pki-tps and pki-ra startup script needs to loop - on pid file availability -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Thu Apr 30 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-7 -- Bugzilla Bug #498528 - Disable mod_revocator on RHEL since it will no - longer work with the updated mod_nss which is required for HSMs -* Mon Apr 27 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #497585 - rhcs80beta tps init script - restarting - shows incorrect output -* Wed Apr 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -* Mon Apr 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #496679 - Use instance-specific paths rather than - redirected paths in Execution Management Scripts -* Thu Apr 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #493122 - Proper invocation and use of mod_revocator -- Bugzilla Bug #495959 - pkiremove requires "perl-XML-SAX" as a runtime - dependency -* Tue Apr 7 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug #484828 - op.cgi allows RA agents to approve requests not assigned to their agent groups -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Sat Mar 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-26 -- Bugzilla Bug #492180 - Security officer: token recovery for a security - officer throws error 28 'connection to server lost'. -- Bugzilla Bug #492503 - Integrate "mod_revocator" as a runtime dependency - for RA and TPS -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-25 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Wed Mar 11 2009 Ade Lee <alee@redhat.com> 1.0.0-24 - Bugzilla Bug #489712 RA and TPS need perl-XML-Simple as prereq -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-23 -- Bugzilla Bug #440350 - Removed use of "rhgb-console" from "httpd" -* Fri Mar 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-22 -- Bugzilla Bug #440350 - Dogtag stop/start scripts should be chkconfig aware -* Fri Mar 6 2009 Ade Lee <alee@redhat.com> 1.0.0-21 -- Bugzilla Bug 472308 - web installer display wrong product version in first Welcome panel -* Wed Mar 4 2009 Ade Lee <alee@redhat.com> 1.0.0-20 -- Bugzilla Bug 487871, 488561 - pkiremove cleanup and remove all selinux ports -* Wed Mar 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-19 -- Bugzilla Bug #440344 - Installation page should tell admins to use - "service", not "/etc/init.d" on Linux -* Fri Feb 27 2009 Ade Lee <alee@redhat.com> 1.0.0-18 -- Bugzilla 224835 and 367171: Allow cert nicknames to be edited and sizepanel fixes -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-17 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Tue Feb 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-16 -- Bugzilla Bug #485859 - port separation for RA and TPS -* Mon Feb 23 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-15 -- Bugzilla Bug #486435 - clicking on configuration URL results in error -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-14 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-13 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -* Wed Feb 11 2009 Ade Lee <alee@redhat.com> 1.0.0-12 -- Bugzilla # 484826 -selinux policy required for TPS and RA subsystems -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-11 -- Bugzilla Bug 480679 - Integrate selinux into framework -* Thu Jan 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-10 -- Bugzilla Bug #480952 - moved "perl-XML-Simple" and "perl-libwww-perl" - runtime dependencies to pki-setup -- Bugzilla Bug #480515 - lowered "perl-DBI" version runtime dependency -* Sat Jan 17 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- Bugzilla Bug #480515 - RA configuraiton wizard url fails to start -* Wed Dec 10 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #475895 - Parameterize the initial login shell -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sun Nov 23 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #446662 - /usr/share/fpki/ra/conf path referred - to in CS.cfg doesn't exist -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #450345 - Port Dogtag 1.0.0 to Fedora 9 - (32-bit i386 & 64-bit x86_64) -- Bugzilla Bug #453504 - RA perl scripts won't compile on Fedora 9 -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Aug 5 2008 Ade Lee <alee@redhat.com> 1.0.0-3 -- Fix for bug#454565 - Broken Installation Wizard for TPS and RA with latest modutil. -* Tue Apr 1 2008 Jack Magne <jmagne@redhat.com> 1.0.0-2 -- Fix for bug#440084 - Subsystem Installation Error Message Needs Improvement. -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Fedora Packaging Changes diff --git a/pki/dogtag/selinux/build_dogtag b/pki/dogtag/selinux/build_dogtag index 8786efbda..a0a1b79ab 100755 --- a/pki/dogtag/selinux/build_dogtag +++ b/pki/dogtag/selinux/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-selinux.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="selinux" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec index f4a5ed9a0..85d11962e 100644 --- a/pki/dogtag/selinux/pki-selinux.spec +++ b/pki/dogtag/selinux/pki-selinux.spec @@ -1,210 +1,60 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Selinux Policies -%define base_component selinux -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 3 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-selinux +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Selinux Policies +URL: https://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, m4, make, policycoreutils, selinux-policy-devel -# While 'selinux-policy-devel' is always required on Fedora 12 or later, -# certain earlier Fedora distributions require at least a minimum version -%{?fc8:BuildRequires: selinux-policy-devel >= 3.0.8-127} +BuildRequires: ant +BuildRequires: m4 +BuildRequires: make +BuildRequires: policycoreutils +BuildRequires: selinux-policy-devel %{?fc9:BuildRequires: selinux-policy-devel >= 3.3.1-118} %{?fc10:BuildRequires: selinux-policy-devel >= 3.5.13-41} %{?fc11:BuildRequires: selinux-policy-devel >= 3.6.3-10} -Requires: policycoreutils, libsemanage, selinux-policy-targeted -# While 'selinux-policy-targeted' is always required on Fedora 12 or later, -# certain earlier Fedora distributions require at least a minimum version -%{?fc8:Requires: selinux-policy-targeted >= 3.0.8-127} +Requires: policycoreutils +Requires: selinux-policy-targeted %{?fc9:Requires: selinux-policy-targeted >= 3.3.1-118} %{?fc10:Requires: selinux-policy-targeted >= 3.5.13-41} %{?fc11:Requires: selinux-policy-targeted >= 3.6.3-10} - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: - +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description Selinux policies for the Pubic Key Infrastructure (PKI) components. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - -%setup -q -n %{base_name}-%{base_version} - - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### +%setup -q -n %{name}-%{version} %build cd src make - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### - %install -rm -rf ${RPM_BUILD_ROOT} -mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/doc/%{base_name}-%{base_version} -cp -p LICENSE ${RPM_BUILD_ROOT}%{_datadir}/doc/%{base_name}-%{base_version} -mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/selinux/modules -cp -p src/pki.pp ${RPM_BUILD_ROOT}%{_datadir}/selinux/modules - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +rm -rf %{buildroot} +mkdir -p %{buildroot}%{_datadir}/doc/%{name}-%{version} +cp -p LICENSE %{buildroot}%{_datadir}/doc/%{name}-%{version} +mkdir -p %{buildroot}%{_datadir}/selinux/modules +cp -p src/pki.pp %{buildroot}%{_datadir}/selinux/modules %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### +rm -rf %{buildroot} %define saveFileContext() \ if [ -s /etc/selinux/config ]; then \ - . %{_sysconfdir}/selinux/config; \ - FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ - if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \ - cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \ - fi \ + . %{_sysconfdir}/selinux/config; \ + FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ + if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \ + cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}; \ + fi \ fi; %define relabel() \ @@ -212,84 +62,33 @@ fi; FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \ selinuxenabled; \ if [ $? == 0 -a "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT}.%{name} ]; then \ - fixfiles -C ${FILE_CONTEXT}.%{name} restore; \ - rm -f ${FILE_CONTEXT}.%name; \ + fixfiles -C ${FILE_CONTEXT}.%{name} restore; \ + rm -f ${FILE_CONTEXT}.%name; \ fi; %pre %saveFileContext targeted %post -semodule -s targeted -i /usr/share/selinux/modules/pki.pp +semodule -s targeted -i %{_datadir}/selinux/modules/pki.pp %relabel targeted %preun if [ $1 = 0 ]; then -%saveFileContext targeted + %saveFileContext targeted fi %postun if [ $1 = 0 ]; then -semodule -s targeted -r pki -%relabel targeted + semodule -s targeted -r pki + %relabel targeted fi -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### - %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/selinux/modules/pki.pp - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/selinux/modules/pki.pp %changelog -* Wed Sep 16 2009 Ade Lee <alee@redhat.com> 1.2.0-3 -- Bugzilla Bug 524068 - rules needed for pki-tps and pki-ra startup on fc11 -* Mon Aug 24 2009 Ade Lee <alee@redhat.com> 1.2.0-2 -- Bugzilla Bug 514520 - Build of pki-selinux 1.2.0 component fails on fc11 -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jul 6 2009 Ade Lee <alee@redhat.com> 1.1.0-10 -- Bugzilla Bug 509917 - RA fails to start with SElinux enforcing (lunasa) -* Wed Jun 17 2009 Ade Lee <alee@redhat.com> 1.1.0-9 -- Bugzilla Bug 506387 and 506133 - ECC and messages for tps -* Mon Jun 15 2009 Ade Lee <alee@redhat.com> 1.1.0-8 -- Bugzilla Bug 504765 - more selinux messages when restarting RA -* Tue Jun 9 2009 Ade Lee <alee@redhat.com> 1.1.0-7 -- Bugzilla Bug 504765 - selinux messages when restarting RA -* Fri May 29 2009 Ade Lee <alee@redhat.com> 1.1.0-6 -- Bugzilla Bug 495212 - selinux messages from startup/ install -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-5 -- Bugzilla Bug 499242 - selinux policy updates needed to ensure that CS works with lunasa hsm -* Fri May 1 2009 Ade Lee <alee@redhat.com> 1.1.0-4 -- Bugzilla Bug 495157 - SELinux prevents CA from using nethsm pkcs11 module -* Fri Apr 24 2009 Ade Lee <alee@redhat.com> 1.1.0-3 -- Bugzilla Bug 496175 - pkiremove of tps instance throws error message when - tps log location is changed. -* Wed Apr 15 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug #492799 - MasterCRL.bin file is not published to the specified directory -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Wed Feb 11 2009 Ade Lee <alee@redhat.com> 1.0.0-7 -- Bugzilla # 484826 -selinux policy required for TPS and RA subsystems -* Mon Feb 9 2009 Ade Lee <alee@redhat.com> 1.0.0.6 -- Bugzilla Bug #483742 - add version check to spec file for fedora -* Thu Feb 5 2009 Ade Lee <alee@redhat.com> 1.0.0.5 -- Bugzilla Bug #483716: changes for TKS installation -* Thu Jan 29 2009 Ade Lee <alee@redhat.com> 1.0.0.4 -- Bugzilla Bug #483134 Moved selinux to /usr/share/selinux/modules -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-3 -- Bugzilla Bug #482738 - selinux changes required for cloning -* Tue Jan 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #480679 - integrate latest selinux code with the rest - of the build infrastructure - -* Mon Jan 19 2009 Ade Lee <alee@redhat.com> 1.0.0-1 -- Initial release - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #521255 - Packaging for Fedora Dogtag PKI diff --git a/pki/dogtag/setup/build_dogtag b/pki/dogtag/setup/build_dogtag index 8a55624af..86b0ded24 100755 --- a/pki/dogtag/setup/build_dogtag +++ b/pki/dogtag/setup/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-setup.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="setup" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/setup/pki-setup.spec b/pki/dogtag/setup/pki-setup.spec index 2c281532c..ceeab05bd 100644 --- a/pki/dogtag/setup/pki-setup.spec +++ b/pki/dogtag/setup/pki-setup.spec @@ -1,318 +1,56 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Instance Creation and Removal Scripts -%define base_component setup -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-setup +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate system - PKI Instance Creation and Removal Scripts +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 - -## Without Requires something, rpmbuild will abort! -Requires: %{base_prefix}-native-tools >= 1.0.0, perl >= 5.8.0, perl-XML-LibXML, perl-libwww-perl >= 5.8.0, policycoreutils, perl-Crypt-SSLeay, perl-XML-SAX >= 0.12 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## This package is non-relocatable! -#Prefix: +BuildRequires: ant -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: perl >= 5.8.0 +Requires: perl-Crypt-SSLeay +Requires: perl-XML-LibXML +Requires: perl-XML-SAX +Requires: perl-libwww-perl +Requires: pki-native-tools +Requires: policycoreutils +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description Public Key Infrastructure (PKI) setup scripts used to create and remove -instances from %{base_entity} PKI deployments. - - +instances from Dogtag PKI deployments. -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="setup" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(00755,root,root) %{_bindir}/* -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/scripts/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_bindir}/* +%{_datadir}/pki/scripts/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jul 1 2009 Ade Lee <alee@redhat.com> 1.1.0-12 -- Bugzilla Bug #224864 - pkiremove to remove entry from security domain - more issues from port separation changes -* Wed Jun 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #507506 - Make pkicreate observe an environment variable - for the hostname (IPv6 only) -* Wed Jun 24 2009 Ade Lee <alee@redhat.com> 1.1.0-10 -- Bugzilla Bug #224864 - pkiremove to remove entry from security domain - fixed issues from port separation changes -* Mon Jun 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9 -- Bugzilla Bug #501081 - remove mod_revocator rpm as a dependency -* Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #502398 - Restore Configuration Logging Capabilities to - RA and TPS -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-7 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Fri Apr 24 2009 Ade Lee <alee@redhat.com> 1.1.0-5 -- Bugzilla Bug #496332 pkicreate tps instance with -user, -group and - -pki_instance_root throws error -- Bugzilla Bug #496175 pkiremove of tps instance throws error message - when tps log location is changed. -* Wed Apr 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -* Mon Apr 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #472832 - pkicreate/ pkiremove have incorrect path - for Perl for Solaris. -* Thu Apr 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #495959 - pkiremove requires "perl-XML-SAX" as a runtime - dependency -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Sat Mar 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-21 -- Bugzilla Bug #492180 - Security officer: token recovery for a security - officer throws error 28 'connection to server lost'. -- Bugzilla Bug #492503 - Integrate "mod_revocator" as a runtime dependency - for RA and TPS -* Fri Mar 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-20 -- Bugzilla Bug #490489 - Configuration modifications are not replicated - between admins, agents, and end entities -- Bugzilla Bug #490483 - Unable to configure CA using "Shared Ports" -* Wed Mar 18 2009 Christina Fu <cfu@redhat.com> 1.0.0-19 -- Bugzilla Bug # 485166 - Signed Audit Feature for TPS -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-18 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-17 -- Bugzilla Bug #489404 - fixed non-secure port -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-16 -- Bugzilla Bug #440350 - Removed unnecessary creation/deletion of kill scripts -* Fri Mar 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-15 -- Bugzilla Bug #440350 - Dogtag stop/start scripts should be chkconfig aware -- Bugzilla Bug #488162 - Fix permissions on "pwcache.conf" file . . . -* Wed Mar 4 2009 Ade Lee <alee@redhat.com> 1.0.0-14 -- Bugzilla Bug 487871, 488561 - pkiremove cleanup and remove all selinux ports -* Wed Mar 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-13 -- Bugzilla Bug #440344 - Installation page should tell admins to use - "service", not "/etc/init.d" on Linux -* Tue Feb 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-12 -- Bugzilla Bug #485859 - port separation for RA and TPS -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-11 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -* Mon Feb 9 2009 Ade Lee <alee@redhat.com> 1.0.0-10 -- Bugzilla Bugs #480418, 480419, 479891 -* Thu Jan 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- Bugzilla Bug #480952 - added "perl-XML-Simple" and "perl-libwww-perl" - runtime dependencies -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Mon Nov 24 2008 Ade Lee <alee@redhat.com> 1.0.0-7 -- Add selinux changes bugzilla #237727. -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Thu Oct 9 2008 Jack Magne <jmagne@redhat.com> 1.0.0-5 -- Fix for port separation bug #466188. -* Fri Oct 9 2008 Ade Lee <alee@redhat.com> 1.0.0-4 -- Fix for bug #223361 and #224864. Security Domain in ldap. -* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 -- Fix for bug #458337. -* Tue Apr 1 2008 Jack Magne <jmagne@redhat.com> 1.0.0-2 -- Fix for Bug# 440084 - Installation Error Messages Need Improvement. -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #521993 - packaging for Fedora Dogtag diff --git a/pki/dogtag/silent/build_dogtag b/pki/dogtag/silent/build_dogtag index cbf75b65a..f3e1a71de 100755 --- a/pki/dogtag/silent/build_dogtag +++ b/pki/dogtag/silent/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-silent.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="silent" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/silent/pki-silent.spec b/pki/dogtag/silent/pki-silent.spec index e8d3f7365..b9143fcc3 100644 --- a/pki/dogtag/silent/pki-silent.spec +++ b/pki/dogtag/silent/pki-silent.spec @@ -1,290 +1,71 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Silent Installer -%define base_component silent -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Shells -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-silent +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Silent Installer +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Shells BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_prefix}-common >= 1.0.0, %{base_prefix}-util >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5 -## Without Requires something, rpmbuild will abort! -Requires: %{base_prefix}-common >= 1.0.0 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: ant +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: pki-common +BuildRequires: pki-util -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Requires: pki-common +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} may be used to "automatically" configure -the following %{base_entity} PKI subsystems in a non-graphical (batch) fashion +The Dogtag Silent Installer may be used to "automatically" configure +the following Dogtag PKI subsystems in a non-graphical (batch) fashion including: - the %{pki_ca}, - the %{pki_drm}, - the %{pki_ocsp}, - the %{pki_ra}, - the %{pki_tks}, and/or - the %{pki_tps}. - + the Dogtag Certificate Authority, + the Dogtag Data Recovery Manager, + the Dogtag Online Certificate Status Protocol Manager, + the Dogtag Registration Authority, + the Dogtag Token Key Service, and/or + the Dogtag Token Processing System. - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="silent" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -cd ${RPM_BUILD_ROOT}/usr/share/java -mv %{base_component}.jar %{base_component}-%{base_version}.jar -ln -s %{base_component}-%{base_version}.jar %{base_component}.jar - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} +cd %{buildroot}%{_datadir}/java +mv silent.jar silent-%{version}.jar +ln -s silent-%{version}.jar silent.jar %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(00755,root,root) %{_bindir}/* -%attr(-,root,root) %{_datadir}/java -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/* - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_bindir}/* +%{_datadir}/java +%{_datadir}/pki/silent/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jul 8 2009 Ade Lee <alee@redhat.com> 1.1.0-8 -- Bugzilla Bug #510175 - add template files to pkisilent rpm -* Fri Jun 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-7 -- Bugzilla Bug #503829 - pkisilent ConfigureSubca fails to import admin cert -* Fri May 29 2009 Ade Lee <alee@redhat.com> 1.1.0-6 -- Bugzilla Bug #502947 - pkisilent using wrong parameter name for clone CA PKCS#12 file -* Wed May 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #491517 - pkisilent Configure RA and TPS fail -* Sat May 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #491517 - pkisilent Configure RA and TPS fail - (port separation changes only) -- Bugzilla Bug #495676 - pkisilent ConfigureCA failure on AdminCertImportPanel -- Bugzilla Bug #500748 - pki-silent : issues due to port separation changes - (only addressed CA, KRA, OCSP, and TKS) -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Tue Apr 28 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug #493418 silent install -save_p12 option creates file mode 644 -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Fri Apr 3 2009 Ade Lee <alee@redhat.com> 1.0.0-11 -- Bugzilla Bug #491517 and #492648 - subca and TPS fail to configure - audit signing -* Tue Mar 17 2009 Ade Lee <alee@redhat.com> 1.0.0-10 -- Bugzilla Bug #490645 - DRM fails to configure -* Tue Mar 10 2009 Ade Lee <alee@redhat.com> 1.0.0-9 -- Bugzilla Bug #489057 - Add audit_signing cert to drm, ocsp, tks -* Fri Feb 20 2009 Ade Lee <alee@redhat.com> 1.0.0-8 -- Bugzilla Bug #486028 - Add audit_signing cert -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Tue Dec 16 2008 Ade Lee <alee@redhat.com> 1.0.0-5 -- Add support for installing cloned CA - bz 472006 -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Thu Oct 9 2008 Ade Lee <alee@redhat.com> 1.0.0-2 -- Fix for 462035 -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #521996 - Packaging for Fedora Dogtag PKI diff --git a/pki/dogtag/symkey/build_dogtag b/pki/dogtag/symkey/build_dogtag index a2ad5fbce..0f3b9a2a9 100755 --- a/pki/dogtag/symkey/build_dogtag +++ b/pki/dogtag/symkey/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="symkey.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="symkey" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/symkey/symkey.spec b/pki/dogtag/symkey/symkey.spec index 5cdd8acb9..629684b07 100644 --- a/pki/dogtag/symkey/symkey.spec +++ b/pki/dogtag/symkey/symkey.spec @@ -1,279 +1,74 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Product Definitions -%define base_product Symmetric Key JNI Package -%define base_component symkey - -## Package Header Definitions -%define base_name %{base_component} -%define base_version 1.2.0 -%define base_release 2 -%define base_group System Environment/Libraries -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} - -## Build Definitions -%define base_build_dir blds -%define base_staging_dir STAGING - -## Installation Definitions -%define base_install_dir /opt/%{base_component} -%define setup_package setup_package - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## 32-bit Definitions -%ifarch i386 i486 i586 i686 -%define ant_cmd ant -Dspecfile=%{base_name}.spec -%define architecture intel -%define configure_cmd ../configure -%endif - -## 64-bit Definitions -%ifarch x86_64 -%define ant_cmd ant -Dspecfile=%{base_name}.spec -%define architecture intel -%define configure_cmd ../configure --enable-64bit --libdir=%{base_install_dir}/lib64 -%endif - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no - -BuildRoot: %{_builddir}/%{name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, bash >= 3.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5, nspr-devel >= 4.6.99, nss-devel >= 3.12.3.99, pkgconfig - -## Without Requires something, rpmbuild will abort! -Requires: jpackage-utils >= 1.6.0, jss >= 4.2.5, nss >= 3.12.3.99 - - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: - +Name: symkey +Version: 1.3.0 +Release: 1%{?dist} +Summary: Symmetric Key JNI Package +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Libraries + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: ant +BuildRequires: bash +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: nspr-devel >= 4.6.99 +BuildRequires: nss-devel >= 3.12.3.99 +BuildRequires: pkgconfig + +Requires: java >= 1:1.6.0 +Requires: jpackage-utils +Requires: jss >= 4.2.6 +Requires: nss >= 3.12.3.99 + +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description The Symmetric Key Java Native Interface (JNI) package supplies various native symmetric key operations to Java programs. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - -%setup -q -n %{base_name}-%{base_version} - - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### +%setup -q -n %{name}-%{version} %build -%{?pkg_config_cmd} -%{ant_cmd} -mkdir %{base_build_dir} -cd %{base_build_dir} -mkdir %{base_staging_dir} -%{configure_cmd} +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="" \ + -Dproduct="%{name}" \ + -Dversion="%{version}" +%configure \ +%ifarch ppc64 s390x sparc64 x86_64 + --enable-64bit \ +%endif + --libdir=%{_libdir} make - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### - %install -%{?pkg_config_cmd} -rm -rf ${RPM_BUILD_ROOT} -cd %{base_build_dir} -make install DESTDIR="`pwd`/%{base_staging_dir}" +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} ## rearrange files to be in the desired native packaging layout -../%{setup_package} ${RPM_BUILD_ROOT} %{version} %{base_release} %{architecture} `pwd`/%{base_staging_dir}/%{base_install_dir} - +mkdir -p %{buildroot}%{_datadir}/doc/%{name}-%{version}/ +mv %{buildroot}/opt/doc/LICENSE %{buildroot}%{_datadir}/doc/%{name}-%{version}/ +mkdir -p %{buildroot}%{_jnidir}/ +mv %{buildroot}/opt/java/%{name}.jar %{buildroot}%{_jnidir}/%{name}-%{version}.jar +cd %{buildroot}%{_jnidir} ; ln -s %{name}-%{version}.jar %{name}.jar - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +## remove unwanted files +rm -rf %{buildroot}/opt +rm -rf %{buildroot}%{_libdir}/lib%{name}.la %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_jnidir}/* -%attr(-,root,root) %{_libdir}/lib* -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_jnidir}/* +%{_libdir}/lib* %changelog -* Fri Aug 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-2 -- Bugzilla Bug #518736 - Port Dogtag 1.2.0 to 32-bit and 64-bit Fedora 11 . . . -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jul 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #512134 - strip symbols from libraries, modules, - and executables -* Mon Jul 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- bugzilla Bug #509183 - update nss dependency >= 3.12.3.99 -* Thu Jun 18 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug 500698 - TPS/CA/TKS : segmentation fault after many(30000) enrollments -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Thu Mar 12 2009 Jack Magne <jmagne@redhat.com> 1.0.0-6 -- Bugilla Bug #48901 - Safenet 300J support key changeover. -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -- Bugzilla Bug #483698 - unable to build osutil without pkgconfig -* Thu Jan 22 2009 Jack Magne <jmagne@redhat.com> 1.0.0-5 -- Bugzilla Bug #459538 - TKS support for Safenet 330J. -* Thu Dec 4 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #474369 - Remove NSS dependency on "pkcs11-devel" and - upgrade NSS/NSPR version dependencies -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Mon Oct 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1 +- Bugzilla Bug #522272 - New Package for Dogtag PKI: symkey diff --git a/pki/dogtag/tks-ui/build.xml b/pki/dogtag/tks-ui/build.xml index b4ffd1c92..26d16c67b 100644 --- a/pki/dogtag/tks-ui/build.xml +++ b/pki/dogtag/tks-ui/build.xml @@ -137,12 +137,12 @@ <echo message="${begin.binary.zip.log.message}"/> <zip destfile="${dist.base.binaries}/${dist.name}.zip"> <zipfileset dir="./shared" - filemode="755" + filemode="644" prefix="usr/share/${product.prefix}/${product}"> <include name="**"/> </zipfileset> <zipfileset dir="." - filemode="755" + filemode="644" prefix="usr/share/doc/${dist.name}"> <include name="LICENSE"/> </zipfileset> @@ -153,12 +153,12 @@ <tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar"> <tarfileset dir="./shared" - mode="755" + mode="644" prefix="${dist.name}/usr/share/${product.prefix}/${product}"> <include name="**"/> </tarfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${dist.name}"> <include name="LICENSE"/> </tarfileset> @@ -200,7 +200,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> @@ -217,7 +217,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> diff --git a/pki/dogtag/tks-ui/build_dogtag b/pki/dogtag/tks-ui/build_dogtag index b9e1ca334..e8f600f57 100755 --- a/pki/dogtag/tks-ui/build_dogtag +++ b/pki/dogtag/tks-ui/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-tks-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="tks-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/tks-ui/dogtag-pki-tks-ui.spec b/pki/dogtag/tks-ui/dogtag-pki-tks-ui.spec index 07ae2501c..8e8be0427 100644 --- a/pki/dogtag/tks-ui/dogtag-pki-tks-ui.spec +++ b/pki/dogtag/tks-ui/dogtag-pki-tks-ui.spec @@ -1,247 +1,56 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product Token Key Service User Interface -%define base_component tks-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-tks-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Token Key Service User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRequires: ant -## Without Requires something, rpmbuild will abort! -Requires: bash >= 3.0 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} +Requires: bash +Provides: pki-tks-ui = %{version}-%{release} -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-tks-ui < %{version}-%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{pki_tks}. - - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### +The Dogtag Token Key Service User Interface contains the graphical +user interface for the Dogtag Token Key Service. -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="tks-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #488388 - copyright notices - remove from UI -- Bugzilla Bug #440543 - CA's web-services page needs improvements -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/tks/build_dogtag b/pki/dogtag/tks/build_dogtag index e70d9a725..9ef5f5a6d 100755 --- a/pki/dogtag/tks/build_dogtag +++ b/pki/dogtag/tks/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-tks.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="tks" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/tks/pki-tks.spec b/pki/dogtag/tks/pki-tks.spec index c4bc1f7af..3cda14a8c 100644 --- a/pki/dogtag/tks/pki-tks.spec +++ b/pki/dogtag/tks/pki-tks.spec @@ -1,389 +1,118 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Token Key Service -%define base_component tks -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 2 -%define base_group System Environment/Daemons -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Pre & Post Install/Uninstall Scripts Definitions -%define base_user pkiuser -%define base_instance /var/lib/%{base_name} - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## For PKI version information, ALWAYS refer to the version of the -## Dogtag UI package dependency associated with this Dogtag spec file! -%define pki_version %(echo `rpm -q --queryformat '%{VERSION}' %{base_flavor}-%{base_name}-ui`) -%define pki_major_version %(echo `echo %{pki_version} | awk -F. '{ print $1 }'`) -%define pki_minor_version %(echo `echo %{pki_version} | awk -F. '{ print $2 }'`) -%define pki_patch_version %(echo `echo %{pki_version} | awk -F. '{ print $3 }'`) - -## Disallow an initial login shell -## NOTE: SELinux policy requires a shell of /sbin/nologin -%define base_login_shell /sbin/nologin - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-tks +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Token Key Service +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Daemons BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{base_flavor}-%{base_name}-ui >= 1.0.0, %{base_prefix}-common >= 1.0.0, %{base_prefix}-util >= 1.0.0, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.5, tomcatjss >= 1.1.0 -## Without Requires something, rpmbuild will abort! -Requires: %{base_name}-ui, %{base_prefix}-common >= 1.0.0, %{base_prefix}-selinux >= 1.0.0 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: ant +BuildRequires: dogtag-pki-tks-ui +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: pki-common +BuildRequires: pki-util +BuildRequires: tomcatjss -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Requires: pki-tks-ui +Requires: pki-common +Requires: pki-selinux +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{pki_tks} is an optional PKI subsystem that +The Dogtag Token Key Service is an optional PKI subsystem that manages the master key(s) and the transport key(s) required to generate and -distribute keys for hardware tokens. %{pki_tks} provides -the security between tokens and an instance of %{pki_tps}, +distribute keys for hardware tokens. Dogtag Token Key Service provides +the security between tokens and an instance of Dogtag Token Processing System, where the security relies upon the relationship between the master key -and the token keys. A %{pki_tps} communicates with a -%{pki_tks} over SSL using client authentication. +and the token keys. A Dogtag Token Processing System communicates with a +Dogtag Token Key Service over SSL using client authentication. -%{pki_tks} helps establish a secure channel (signed and -encrypted) between the token and the %{pki_tps}, +Dogtag Token Key Service helps establish a secure channel (signed and +encrypted) between the token and the Dogtag Token Processing System, provides proof of presence of the security token during enrollment, and supports key changeover when the master key changes on the -%{pki_tks}. Tokens with older keys will get new token keys. +Dogtag Token Key Service. Tokens with older keys will get new token keys. -Because of the sensitivity of the data that %{pki_tks} manages, -%{pki_tks} should be set up behind the firewall with +Because of the sensitivity of the data that Dogtag Token Key Service manages, +Dogtag Token Key Service should be set up behind the firewall with restricted access. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="tks" \ + -Dversion="%{version}" %install -cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -sed -i 's/^preop.product.version=.*$/preop.product.version=%{pki_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -sed -i 's/^cms.version=.*$/cms.version=%{pki_major_version}.%{pki_minor_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix}/%{base_component} -mv %{base_component}.jar %{base_component}-%{version}.jar -ln -s %{base_component}-%{version}.jar %{base_component}.jar +%define major_version %(echo `echo %{version} | awk -F. '{ print $1 }'`) +%define minor_version %(echo `echo %{version} | awk -F. '{ print $2 }'`) +%define patch_version %(echo `echo %{version} | awk -F. '{ print $3 }'`) - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +rm -rf %{buildroot} +cd dist/binary +unzip %{name}-%{version}.zip -d %{buildroot} +sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/tks/conf/CS.cfg +sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/tks/conf/CS.cfg +cd %{buildroot}%{_datadir}/java/pki/tks +mv tks.jar tks-%{version}.jar +ln -s tks-%{version}.jar tks.jar %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### +rm -rf %{buildroot} %pre -if [ `grep -c %{base_user} /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"%{base_user}\" to /etc/group." - groupadd %{base_user} +if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then + echo "Adding default PKI group \"pkiuser\" to /etc/group." + groupadd pkiuser fi -if [ `grep -c %{base_user} /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"%{base_user}\" to /etc/passwd." - useradd -g %{base_user} -d %{_datadir}/%{base_prefix} -s %{base_login_shell} -c "%{base_pki}" -m %{base_user} +if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then + echo "Adding default PKI user \"pkiuser\" to /etc/passwd." + useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser fi %post -chmod 00755 %{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall -%{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall %{base_prefix} %{base_component} %{base_version} %{base_release} +%{_datadir}/pki/tks/setup/postinstall pki tks %{version} %{release} echo "" echo "Install finished." %preun -if [ -d %{base_instance} ] ; then - echo "WARNING: The default instance \"%{base_instance}\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"%{base_instance}\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"%{base_instance}\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/%{base_name} stop +if [ -d /var/lib/pki-tks ] ; then + echo "WARNING: The default instance \"/var/lib/pki-tks\" was NOT removed!" + echo "" + echo "NOTE: This means that the data in the default instance called" + echo " \"/var/lib/pki-tks\" will NOT be overwritten once the" + echo " \"%{name}\" package is re-installed." + echo "" + echo "Shutting down the default instance \"/var/lib/pki-tks\"" + echo "PRIOR to uninstalling the \"%{name}\" package:" + echo "" + /etc/init.d/pki-tks stop fi - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### - %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix}/%{base_component} -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/acl -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/alias -%attr(00660,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/CS.cfg -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/[a-z]* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/etc -%attr(00770,root,root) %{_datadir}/%{base_prefix}/%{base_component}/logs/signedAudit -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/setup -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/shared -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/temp -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/webapps -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/work - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/java/pki/tks/* +%{_datadir}/pki/tks/* %changelog -* Tue Aug 25 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-2 -- Bugzilla Bug #519259 - Change "[ -x /etc/init.d/functions]" to - "[ -f /etc/init.d/functions]" . . . -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-12 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Thu Jun 5 2009 Jack Magne <jmagne@redhat.com> 1.1.0-10 -- Bugzilla Bug #498123 - Unable to formated token with tks clone. -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #502267 - Allow CA, DRM, OCSP, and TKS to be started using - the Security Manager -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-7 -- Bugzilla Bug #495157 - SELinux prevents CA from using nethsm pkcs11 module -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Wed Apr 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -* Tue Apr 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Mon Apr 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-2 -- Bugzilla Bug #496679 - Use instance-specific paths rather than - redirected paths in Execution Management Scripts -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Thu Mar 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-22 -- Bugzilla Bug #470175 - RFE: Directory Listing Enabled -* Fri Mar 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-21 -- Bugzilla Bug #490489 - Configuration modifications are not replicated - between admins, agents, and end entities -- Bugzilla Bug #490483 - Unable to configure CA using "Shared Ports" -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-20 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-19 -- Bugzilla Bug #489404 - fixed non-secure port -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-18 -- Bugzilla Bug #440350 - Removed use of "rhgb-console" from "httpd" -* Fri Mar 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-17 -- Bugzilla Bug #440350 - Dogtag stop/start scripts should be chkconfig aware -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-16 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Tue Feb 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-15 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Mon Feb 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-14 -- Bugzilla Bug #485790 - Need changes made to spec files in various - packages to be able to build in koji/brew -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-13 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-12 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-11 -- Bugzilla Bug 480679 - Integrate selinux into framework -* Thu Jan 22 2009 Christina Fu <cfu@redhat.com> 1.0.0-10 -- Bugzilla Bug 481237 - Audit Log signing framework -* Mon Jan 5 2009 Ade Lee <alee@redhat.com> 1.0.0-9 -- Bugzilla Bug #472006, 472007 - Serial number management -* Wed Dec 10 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #475895 - Parameterize the initial login shell -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Mon Nov 24 2008 Ade Lee <alee@redhat.com> 1.0.0-6 -- Bugzilla Bug #237727 - selinux changes to init script -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Fri Oct 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-4 -- Fix for port separation bug #466188. -* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 -- Fix for bug #458337. -* Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #450345: Port Dogtag 1.0.0 to - Fedora 9 (32-bit i386 & 64-bit x86_64). -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag diff --git a/pki/dogtag/tps-ui/build.xml b/pki/dogtag/tps-ui/build.xml index c61d2dc98..bc06864c0 100644 --- a/pki/dogtag/tps-ui/build.xml +++ b/pki/dogtag/tps-ui/build.xml @@ -138,12 +138,18 @@ <echo message="${begin.binary.zip.log.message}"/> <zip destfile="${dist.base.binaries}/${dist.name}.zip"> <zipfileset dir="./shared" - filemode="755" + filemode="644" prefix="usr/share/${product.prefix}/${product}"> <include name="**"/> + <exclude name="cgi-bin/sow/cfg.pl"/> </zipfileset> - <zipfileset dir="." + <zipfileset dir="./shared" filemode="755" + prefix="usr/share/${product.prefix}/${product}"> + <include name="cgi-bin/sow/cfg.pl"/> + </zipfileset> + <zipfileset dir="." + filemode="644" prefix="usr/share/doc/${dist.name}"> <include name="LICENSE"/> </zipfileset> @@ -154,12 +160,18 @@ <tar longfile="gnu" destfile="${dist.base.binaries}/${dist.name}.tar"> <tarfileset dir="./shared" - mode="755" + mode="644" prefix="${dist.name}/usr/share/${product.prefix}/${product}"> <include name="**"/> + <exclude name="cgi-bin/sow/cfg.pl"/> </tarfileset> + <zipfileset dir="./shared" + filemode="755" + prefix="usr/share/${product.prefix}/${product}"> + <include name="cgi-bin/sow/cfg.pl"/> + </zipfileset> <tarfileset dir="." - mode="755" + mode="644" prefix="${dist.name}/usr/share/doc/${dist.name}"> <include name="LICENSE"/> </tarfileset> @@ -201,7 +213,7 @@ <echo message="${begin.source.zip.log.message}"/> <zip destfile="${dist.base.source}/${src.dist.name}.zip"> <zipfileset dir="." - filemode="755" + filemode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> @@ -218,7 +230,7 @@ <tar longfile="gnu" destfile="${dist.base.source}/${src.dist.name}.tar"> <tarfileset dir="." - mode="755" + mode="644" prefix="${src.dist.name}"> <include name="${specfile}"/> <include name="LICENSE"/> diff --git a/pki/dogtag/tps-ui/build_dogtag b/pki/dogtag/tps-ui/build_dogtag index c2448dc85..d14f24886 100755 --- a/pki/dogtag/tps-ui/build_dogtag +++ b/pki/dogtag/tps-ui/build_dogtag @@ -34,6 +34,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="dogtag-pki-tps-ui.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="tps-ui" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/tps-ui/dogtag-pki-tps-ui.spec b/pki/dogtag/tps-ui/dogtag-pki-tps-ui.spec index d3269c1c0..ed9acadd7 100644 --- a/pki/dogtag/tps-ui/dogtag-pki-tps-ui.spec +++ b/pki/dogtag/tps-ui/dogtag-pki-tps-ui.spec @@ -1,298 +1,56 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki -%define base_ui_prefix dogtag - -## Product Definitions -%define base_system Certificate System -%define base_product Token Processing System User Interface -%define base_component tps-ui -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_ui_prefix}-%{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 1 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: dogtag-pki-tps-ui +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Token Processing System User Interface +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## Without Requires something, rpmbuild will abort! -Requires: bash >= 3.0 -Provides: %{base_prefix}-%{base_component} -Obsoletes: %{base_prefix}-%{base_component} +BuildRequires: ant +Requires: bash -## This package is non-relocatable! -#Prefix: +Provides: pki-tps-ui = %{version}-%{release} -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Obsoletes: pki-tps-ui < %{version}-%{release} +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} contains the graphical -user interface for the %{pki_tps}. - - +The Dogtag Token Processing System User Interface contains the graphical +user interface for the Dogtag Token Processing System. -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="dogtag" \ + -Dproduct.prefix="pki" \ + -Dproduct="tps-ui" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} - - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +unzip %{name}-%{version}.zip -d %{buildroot} %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/* - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/pki/* %changelog -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jul 1 2009 Ade Lee <alee@redhat.com> 1.1.0-13 -- Bugzilla Bug #508421 - Remove Token/Cert/ Activity List pages -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-12 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Mon Jun 15 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Sat Jun 13 2009 Jack Magne <jmagne@redhat.com> 1.1.0-10 -- Bugzilla Bug #491019 - Security Officer: Format Card operation to format a user card - also formats a security officer card. -* Sun Jun 7 2009 Ade Lee <alee@redhat.com> 1.1.0-9 -* Bugzilla Bug #504042 - unable to list users that where created with a space in the name -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-8 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Wed May 20 2009 Ade Lee <alee@redhat.com> 1.1.0-7 -- Bugzilla Bug #497583 - web wizard tps - menu highlight and label typo -* Sat May 16 2009 Jack Magne <jmagne@redhat.com> 1.1.0-6 -- Bugzilla Bug #491019 - Security Officer token can get formatted with - user format page. -* Thu May 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-5 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Tue Apr 21 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug #496687 - TPS admin page doesn't list users added to the roles -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Sat Mar 28 2009 Jack Magne <jmagne@redhat.com> 1.0.0-15 -- Bugzilla Bug #491227 - Reg user can get to Security Officer pages. -* Tue Mar 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-14 -- Bugzilla Bug #488388 - copyright notices - remove from UI -- Bugzilla Bug #440543 - CA's web-services page needs improvements -* Tue Mar 24 2009 Ade Lee <alee@redhat.com> 1.0.0-13 -- Bugzilla 490452 support for signed audit in UI -* Tue Mar 17 2009 Ade Lee <alee@redhat.com> 1.0.0-12 -- Bugzilla 489318 TPS does not list more than 20 activities -* Wed Mar 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-11 -- Bugzilla Bug #440344 - Installation page should tell admins to use - "service", not "/etc/init.d" on Linux -* Fri Feb 27 2009 Ade Lee <alee@redhat.com> 1.0.0-10 -- Bugzilla 224835 and 367171: Allow cert nicknames to be edited and sizepanel fixes -* Thu Feb 26 2009 Ade Lee <alee@redhat.com> 1.0.0-9 -- Bugzilla Bug 484275 and 483304: TPS roles defined and correcting error templates -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Wed Feb 25 2009 Jack Magne <jmagne@redhat.com> 1.0.0-7 -- Bugzilla Bug #445274 - Make esc security officer mode work. -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-5 -- Bugzilla Bug #479092 TPS roles enhancements -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-3 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Thu Apr 3 2008 Jack Magne <jmagne@redhat.com> 1.0.0-2 -- Get default external Enrollment UI working. Bug#440960. -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Fedora Packaging Changes diff --git a/pki/dogtag/tps/build_dogtag b/pki/dogtag/tps/build_dogtag index 412b9a588..6702691f5 100755 --- a/pki/dogtag/tps/build_dogtag +++ b/pki/dogtag/tps/build_dogtag @@ -34,6 +34,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-tps.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="tps" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/tps/pki-tps.spec b/pki/dogtag/tps/pki-tps.spec index 09bf75e5a..731c40184 100644 --- a/pki/dogtag/tps/pki-tps.spec +++ b/pki/dogtag/tps/pki-tps.spec @@ -1,537 +1,134 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_flavor dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product Token Processing System -%define base_component tps -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 3 -%define base_group System Environment/Daemons -%define base_vendor Red Hat, Inc. -%define base_license LGPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Legacy Definitions -%define legacy_tokendb tus - -## Build Definitions -%define base_build_dir blds -%define base_staging_dir STAGING - -## Installation Definitions -%define base_install_dir /opt/%{base_component} -%define setup_package setup_package - -## Pre & Post Install/Uninstall Scripts Definitions -%define base_user pkiuser -%define base_instance /var/lib/%{base_name} - -## Helper Definitions -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## 32-bit Definitions -%ifarch i386 i486 i586 i686 -%define architecture intel -%define configure_cmd ../configure -%endif - -## 64-bit Definitions -%ifarch x86_64 -%define architecture intel -%define configure_cmd ../configure --enable-64bit --libdir=%{base_install_dir}/lib64 -%endif - -## Disallow an initial login shell -## NOTE: SELinux policy requires a shell of /sbin/nologin -%define base_login_shell /sbin/nologin - -## For PKI version information, ALWAYS refer to the version of the -## Dogtag UI package dependency associated with this Dogtag spec file! -%define pki_version %(echo `rpm -q --queryformat '%{VERSION}' %{base_flavor}-%{base_name}-ui`) - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install +Name: pki-tps +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - Token Processing System +URL: http://pki.fedoraproject.org/ +License: LGPLv2 with exceptions +Group: System Environment/Daemons + +# Suppress '/usr/lib/rpm/perl.req' and '/usr/lib/rpm/perl.prov' AutoReqProv: no -BuildRoot: %{_builddir}/%{name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: apr-devel >= 0.9.4, apr-util-devel >= 0.9.4, %{base_flavor}-%{base_name}-ui >= 1.0.0, bash >= 3.0, cyrus-sasl-devel >= 2.1.19, httpd-devel >= 2.0.52, mozldap-devel >= 6.0.2, nspr-devel >= 4.6.99, nss-devel >= 3.12.3.99, pcre-devel >= 6.6, svrcore-devel >= 4.0.3.01, zlib >= 1.2.3, zlib-devel >= 1.2.3 - -## Without Requires something, rpmbuild will abort! -Requires: %{base_prefix}-setup >= 1.0.0, %{base_name}-ui, mod_nss >= 1.0.7, mod_perl >= 1.99_16, mozldap >= 6.0.2, perl-HTML-Parser >= 3.35, perl-HTML-Tagset >= 3.03, perl-Parse-RecDescent >= 1.94, perl-URI >= 1.30, perl-XML-NamespaceSupport >= 1.08, perl-XML-Parser >= 2.34, %{base_prefix}-selinux >= 1.0.0, perl-XML-Simple - - -## This package is non-relocatable! -#Prefix: - -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: - +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: apr-devel +BuildRequires: apr-util-devel +BuildRequires: bash +BuildRequires: cyrus-sasl-devel +BuildRequires: dogtag-pki-tps-ui +BuildRequires: httpd-devel >= 2.2.3 +BuildRequires: mozldap-devel +BuildRequires: nspr-devel >= 4.6.99 +BuildRequires: nss-devel >= 3.12.3.99 +BuildRequires: pcre-devel +BuildRequires: svrcore-devel +BuildRequires: zlib +BuildRequires: zlib-devel + +Requires: mod_nss >= 1.0.7 +Requires: mod_perl +Requires: mozldap +Requires: perl-HTML-Parser +Requires: perl-HTML-Tagset +Requires: perl-Parse-RecDescent +Requires: perl-URI +Requires: perl-XML-NamespaceSupport +Requires: perl-XML-Parser +Requires: perl-XML-Simple +Requires: pki-selinux +Requires: pki-setup +Requires: pki-tps-ui + +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{pki_tps} is an optional PKI subsystem +The Dogtag Token Processing System is an optional PKI subsystem that acts as a Registration Authority (RA) for authenticating and processing enrollment requests, PIN reset requests, and formatting requests from the Enterprise Security Client (ESC). -%{pki_tps} is designed to communicate with tokens that +Dogtag Token Processing System is designed to communicate with tokens that conform to Global Platform's Open Platform Specification. -%{pki_tps} communicates over SSL with various -PKI backend subsystems (including the %{pki_ca}, -the %{pki_drm}, and the %{pki_tks}) to +Dogtag Token Processing System communicates over SSL with various +PKI backend subsystems (including the Dogtag Certificate Authority, +the Dogtag Data Recovery Manager, and the Dogtag Token Key Service) to fulfill the user's requests. -%{pki_tps} also interacts with the token database, +Dogtag Token Processing System also interacts with the token database, an LDAP server that stores information about individual tokens. - - -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - -%setup -q -n %{base_name}-%{base_version} - - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### +%setup -q -n %{name}-%{version} %build -%{?pkg_config_cmd} -mkdir %{base_build_dir} -cd %{base_build_dir} -mkdir %{base_staging_dir} -%{configure_cmd} +%configure \ +%ifarch ppc64 s390x sparc64 x86_64 + --enable-64bit \ +%endif + --libdir=%{_libdir} make - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### - %install -%{?pkg_config_cmd} -rm -rf ${RPM_BUILD_ROOT} -cd %{base_build_dir} -make install DESTDIR="`pwd`/%{base_staging_dir}" +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} ## rearrange files to be in the desired native packaging layout -../%{setup_package} ${RPM_BUILD_ROOT} %{base_prefix} %{base_component} %{version} %{base_release} %{architecture} `pwd`/%{base_staging_dir}/%{base_install_dir} -sed -i 's/^preop.product.version=.*$/preop.product.version=%{pki_version}/' ${RPM_BUILD_ROOT}/usr/share/%{base_prefix}/%{base_component}/conf/CS.cfg - +setup_package %{buildroot} pki tps %{version} %{release} %{buildroot}/opt +sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/tps/conf/CS.cfg -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### +## remove unwanted files +rm -rf %{buildroot}/opt/ +rm -rf %{buildroot}%{_libdir}/debug/ +rm -rf %{buildroot}/usr/libexec/ +rm -rf %{buildroot}/etc/init.d/ +rm -rf %{buildroot}%{_libdir}/lib*.la %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### +rm -rf %{buildroot} %pre -if [ `grep -c %{base_user} /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"%{base_user}\" to /etc/group." - groupadd %{base_user} +if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then + echo "Adding default PKI group \"pkiuser\" to /etc/group." + groupadd pkiuser fi -if [ `grep -c %{base_user} /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"%{base_user}\" to /etc/passwd." - useradd -g %{base_user} -d %{_datadir}/%{base_prefix} -s %{base_login_shell} -c "%{base_pki}" -m %{base_user} +if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then + echo "Adding default PKI user \"pkiuser\" to /etc/passwd." + useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser fi - %post -chmod 00755 %{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall -%{_datadir}/%{base_prefix}/%{base_component}/setup/postinstall %{base_prefix} %{base_component} %{base_version} %{base_release} +chmod 00755 %{_datadir}/pki/tps/setup/postinstall +%{_datadir}/pki/tps/setup/postinstall pki tps %{version} %{release} echo "" echo "Install finished." - %preun -if [ -d %{base_instance} ] ; then - echo "WARNING: The default instance \"%{base_instance}\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"%{base_instance}\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"%{base_instance}\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/%{base_name} stop +if [ -d /var/lib/pki-tps ] ; then + echo "WARNING: The default instance \"/var/lib/pki-tps\" was NOT removed!" + echo "" + echo "NOTE: This means that the data in the default instance called" + echo " \"/var/lib/pki-tps\" will NOT be overwritten once the" + echo " \"%{name}\" package is re-installed." + echo "" + echo "Shutting down the default instance \"/var/lib/pki-tps\"" + echo "PRIOR to uninstalling the \"%{name}\" package:" + echo "" + /etc/init.d/pki-tps stop fi - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### - %files -%attr(-,root,root) /etc/httpd/modules/* -%attr(00755,root,root) %{_bindir}/* -%attr(-,root,root) %{_libdir}/* -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/alias -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/applets -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/cgi-bin -%attr(00660,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/CS.cfg -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/conf/[a-z]* -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/docroot -%attr(00755,root,root) %{_datadir}/%{base_prefix}/%{base_component}/docroot/index.cgi -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/etc -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/lib -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/logs -%attr(00770,root,root) %{_datadir}/%{base_prefix}/%{base_component}/logs/signedAudit -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/samples -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/scripts -%attr(-,root,root) %{_datadir}/%{base_prefix}/%{base_component}/setup - - - -############################################################################### -### C H A N G E L O G ### -############################################################################### +%defattr(-,root,root,-) +%doc LICENSE +/etc/httpd/modules/* +%{_bindir}/* +%{_libdir}/* +%{_datadir}/pki/tps/* %changelog -* Tue Aug 25 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-3 -- Bugzilla Bug #519259 - Change "[ -x /etc/init.d/functions]" to - "[ -f /etc/init.d/functions]" . . . -* Fri Aug 21 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-2 -- Bugzilla Bug #518736 - Port Dogtag 1.2.0 to 32-bit and 64-bit Fedora 11 . . . -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Thu Jul 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-43 -- Bugzilla Bug #512134 - strip symbols from libraries, modules, - and executables -* Tue Jul 7 2009 Jack Magne <jmagne@redhat.com> 1.1.0-42 -- Bugzilla Bug #309941 - TPS LDAP auth with bind dn broken. -* Mon Jul 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-41 -- Bugzilla Bug #509833 - cleaning debug log -* Mon Jul 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-40 -- bugzilla Bug #509183 - update nss dependency >= 3.12.3.99 -* Wed Jul 1 2009 Ade Lee <alee@redhat.com> 1.1.0-39 -- Bugzilla Bug #499493 - Run TPS under valgrind -* Wed Jul 1 2009 Ade Lee <alee@redhat.com> 1.1.0-38 -- Bugzilla Bug #508421 - Remove Token/Cert/ Activity List page -* Thu Jun 25 2009 Christina Fu <cfu@redhat.com> 1.1.0-37 -- Bugzilla Bug #497573 - Failover to multiple ldap servers for authentication does not work -* Wed Jun 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-36 -- Bugzilla Bug #507746 - Configure TPS/RA to listen on Ipv4 and Ipv6 -* Tue Jun 23 2009 Christina Fu <cfu@redhat.com> 1.1.0-35 -- Bugzilla Bug #504896 - TPS crash: renewal outside of grace period -* Mon Jun 22 2009 Jack Magne <jmagne@redhat.com> 1.1.0-34 -- Bugzilla Bug #476734 - Make TPS httpClient IPv6 enabled. -* Sat Jun 20 2009 Jack Magne <jmagne@redhat.com> 1.1.0-33 -- Bugzilla Bug #476734 - Make TPS httpClient IPv6 enabled. -* Fri Jun 19 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-32 -- Bugzilla Bug #506867 - Provide custom error page for HTTP STATUS 500 -* Tue Jun 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-31 -- Bugzilla Bug #502908 - Current page not found handling is a Cat 2 finding - with the Tomcat STIG -* Tue Jun 16 2009 Ade Lee <alee@redhat.com> 1.1.0-30 -- Bugzilla Bug #484275 - TPS Role Definition - fix typo on adding token -* Fri Jun 12 2009 Ade Lee <alee@redhat.com> 1.1.0-29 -- Bugzilla Bug #489318 - TPS List Activites - does not list activities after 20 entries - fix pagination -* Wed Jun 10 2009 Ade Lee <alee@redhat.com> 1.1.0-28 -- Bugzilla Bug #504898 - RA: agent unable to revoke a cert -* Tue Jun 9 2009 Ade Lee <alee@redhat.com> 1.1.0-27 -- Bugzilla Bug #504042 - unable to list users that where created with a space in the name -* Mon Jun 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-26 -- Bugzilla Bug #501081 - remove mod_revocator rpm as a dependency -* Wed Jun 3 2009 Jack Magne <jmagne@redhat.com> 1.1.0-25 -- Bugzilla Bug #504058 - Fix Format crash when revoking a cert. -* Mon Jun 1 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-24 -- Bugzilla Bug #503255 - Fix confusing "Security Domain" message when using - "status" -* Wed May 27 2009 Ade Lee <alee@redhat.com> 1.1.0-23 -- Bugzilla Bug #499493 - run tps under valgrind -* Tue May 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-22 -- Bugzilla Bug #502398 - Restore Configuration Logging Capabilities to - RA and TPS -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-21 -- Bugzilla Bug #499439 - Show certificates in the tps agent page does not show all the certs -* Mon May 25 2009 Ade Lee <alee@redhat.com> 1.1.0-20 -- Bugzilla Bug #495157 - SELinux prevents CA from using nethsm pkcs11 module -* Sun May 24 2009 Ade Lee <alee@redhat.com> 1.1.0-19 -- Bugzilla Bug #502105 - Restart tps server or check for the status is not showing the tps ports -* Wed May 20 2009 Ade Lee <alee@redhat.com> 1.1.0-18 -- Bugzilla Bug #497583 - web wizard tps - menu highlight and label typo -* Sat May 16 2009 Jack Magne <jmagne@redhat.com> 1.1.0-17 -- Bugzilla Bug #491019 - Security Officer token can get formatted with - user format page. -* Thu May 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-16 -- Bugzilla Bug #500498 - CA installation wizard doesn't install - administrator cert into browser on Firefox 3 -* Mon May 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-15 -- Bugzilla Bug #499025 - pki-tps and pki-ra startup script needs to loop - on pid file availability -* Fri May 8 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-14 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -* Tue May 5 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-13 -- Bugzilla Bug #492735 - Configuration wizard stores certain incorrect - port values within TPS "CS.cfg" . . . -- Bugzilla Bug #495597 - Unable to access Agent page using a configured - CA/KRA containing an HSM -* Fri May 1 2009 Jack Magne <jmagne@redhat.com> 1.1.0-12 -- Bugzilla Bug #494983 - Can't re-enroll if policy is set to no. -* Thu Apr 30 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-11 -- Bugzilla Bug #498528 - Disable mod_revocator on RHEL since it will no - longer work with the updated mod_nss which is required for HSMs -* Tue Apr 28 2009 Ade Lee <alee@redhat.com> 1.1.0-10 -- Bugzilla Bug #493183 - tps-audit.log file is not getting updated -* Mon Apr 27 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9 -- Bugzilla Bug #497585 - rhcs80beta tps init script - restarting - shows incorrect output -* Thu Apr 23 2009 Ade Lee <alee@redhat.com> 1.1.0-8 -- Bugzilla Bug 497212 - unable to enroll a tps operator/ agent/ admin using a token user -* Wed Apr 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-7 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -* Mon Apr 20 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-6 -- Bugzilla Bug #496679 - Use instance-specific paths rather than - redirected paths in Execution Management Scripts -* Sat Apr 18 2009 Christina Fu <cfu@redhat.com> 1.1.0-5 -- Bugzilla Bug #496416 - TPS smart card renewal clean-up needed -* Fri Apr 17 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-4 -- Bugzilla Bug #489063 - Smart card formatting/enrollment spits user password - to the debug log -* Thu Apr 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-3 -- Bugzilla Bug #493122 - Proper invocation and use of mod_revocator -- Bugzilla Bug #495959 - pkiremove requires "perl-XML-SAX" as a runtime - dependency -* Fri Apr 10 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Tue Mar 31 2009 Christina Fu <cfu@redhat.com> 1.0.0-45 -- Bugzilla Bug #488291 - Missing renewal feature for smart cards in TMS -* Sat Mar 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-44 -- Bugzilla Bug #492180 - Security officer: token recovery for a security - officer throws error 28 'connection to server lost'. -- Bugzilla Bug #492503 - Integrate "mod_revocator" as a runtime dependency - for RA and TPS -* Sat Mar 28 2009 Jack Magne <jmagne@redhat.com> 1.0.0-43 -- Bugzilla #492361 - Better error message for formatting token not onwed by user. -* Wed Mar 25 2009 Jack Magne <jmagne@redhat.com> 1.0.0-42 -- Bugzilla 492210 TPS Http Client fix. -* Wed Mar 25 2009 Jack Magne <jmagne@redhat.com> 1.0.0-41 -- Bugzilla 491994 Key recovery into the token issue. -* Tue Mar 24 2009 Ade Lee <alee@redhat.com> 1.0.0-40 -- Bugzilla 490452 support for signed audit in UI -* Fri Mar 20 2009 Ade Lee <alee@redhat.com> 1.0.0-39 -- Bugzilla 489318 TPS does not list more than 20 activities -* Wed Mar 18 2009 Christina Fu <cfu@redhat.com> 1.0.0-38 -- Bugzilla Bug # 485166 - Signed Audit Feature for TPS -* Thu Mar 12 2009 Jack Magne <jmagne@redhat.com> 1.0.0-37 -- Bugilla Bug #48901 - Safenet 300J support key changeover. -* Wed Mar 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-36 -- Bugzilla Bug #488338 - start/stop scripts should list all the - available port numbers with their functionality -- Bugzilla Bug #440164 - Dogtag subsystems should show up in - Fedora8 administrator Services window -* Wed Mar 11 2009 Ade Lee <alee@redhat.com> 1.0.0-35 - Bugzilla Bug #489712 RA and TPS need perl-XML-Simple as prereq -* Tue Mar 10 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-34 -- Bugzilla Bug #440350 - Removed use of "rhgb-console" from "httpd" -* Fri Mar 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-33 -- Bugzilla Bug #440350 - Dogtag stop/start scripts should be chkconfig aware -* Fri Mar 6 2009 Ade Lee <alee@redhat.com> 1.0.0-32 -- Bugzilla Bug 472308 - web installer display wrong product version in first Welcome panel -* Wed Mar 4 2009 Ade Lee <alee@redhat.com> 1.0.0-31 -- Bugzilla Bug 487871, 488561 - pkiremove cleanup and remove all selinux ports -* Wed Mar 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-30 -- Bugzilla Bug #440344 - Installation page should tell admins to use - "service", not "/etc/init.d" on Linux -* Fri Feb 27 2009 Jack Magne <jmagne@redhat.com> 1.0.0-29 -- Bugzilla #485829 - Support for 2048 bit safenet keys. -* Fri Feb 27 2009 Ade Lee <alee@redhat.com> 1.0.0-28 -- Bugzilla 224835 and 367171: Allow cert nicknames to be edited and sizepanel fixes -* Thu Feb 26 2009 Ade Lee <alee@redhat.com> 1.0.0-27 -- Bugzilla Bug 484275 and 483304: TPS roles defined and correcting error templates -* Thu Feb 26 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-26 -- Bugzilla Bug #458337 - Provide separate listening ports for CS -* Wed Feb 25 2009 Jack Magne <jmagne@redhat.com> 1.0.0-25 -- Bugzillw Bug #445274 - Make esc security officer mode work. -* Tue Feb 24 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-24 -- Bugzilla Bug #485859 - port separation for RA and TPS -* Mon Feb 23 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-23 -- Bugzilla Bug #486435 - clicking on configuration URL results in error -* Tue Feb 17 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-22 -- Bugzilla Bug #485790 - Need changes made to spec files in various packages - to be able to build in koji/brew -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-21 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-20 -- Bugzilla Bug #467155 - Change "renameTo" to "cp -p " -* Wed Feb 11 2009 Ade Lee <alee@redhat.com> 1.0.0-19 -- Bugzilla # 484826 -selinux policy required for TPS and RA subsystems -* Fri Feb 6 2009 Christina Fu <cfu@redhat.com> 1.0.0-18 -- Bugzilla# 484420 - TPS public key challenge proof verification error -* Thu Feb 5 2009 Ade Lee <alee@redhat.com> 1.0.0-17 -- Bugzilla Bugs: 484268, 224889, 431158, 481670, 483303, 484077 -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-16 -- Bugzilla Bug 479092 - TPS roles enhancements -* Tue Jan 27 2009 Ade Lee <alee@redhat.com> 1.0.0-15 -- Bugzilla Bug 480679 - Integrate selinux into framework -* Thu Jan 23 2009 Jack Magne <jmagne@redhat.com> 1.0.0-14 -- Bugzilla Bug #459539 - Support safenet 330J token. -* Thu Jan 22 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-13 -- Bugzilla Bug #480952 - moved "perl-XML-Simple" and "perl-libwww-perl" - runtime dependencies to pki-setup -* Wed Dec 10 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-12 -- Bugzilla Bug #475895 - Parameterize the initial login shell -* Mon Dec 8 2008 Ade Lee <alee@edhat.com> 1.0.0-11 -- Bugzilla Bug #453508 - Changes to acvcomodate new NSS, apache changes -* Fri Dec 5 2008 Christina Fu <cfu@redhat.com> 1.0.0-10 -- Buzilla Bug 474659 - moved public key challenge generation from TPS to TKS - - fix for missed bytes in preEncryptedData -* Fri Dec 5 2008 Christina Fu <cfu@redhat.com> 1.0.0-9 -- Buzilla Bug 474659 - moved public key challenge generation from TPS to TKS -* Thu Dec 4 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #474369 - Remove NSS dependency on "pkcs11-devel" and - upgrade NSS/NSPR version dependencies -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sun Nov 23 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 -- Bugzilla Bug #446662 - /usr/share/fpki/ra/conf path referred - to in CS.cfg doesn't exist -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-5 -- Bugzilla Bug #450345 - Port Dogtag 1.0.0 to Fedora 9 - (32-bit i386 & 64-bit x86_64) -- Bugzilla Bug #453504 - RA perl scripts won't compile on Fedora 9 -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-4 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Tue Aug 5 2008 Ade Lee <alee@redhat.com> 1.0.0-3 -- Fix for bug#454565 - Broken Installation Wizard for TPS and RA with latest modutil. -* Tue Apr 1 2008 Jack Magne <jmagne@redhat.com> 1.0.0-2 -- Fix for bug#440084 - Subsystem Installation Error Message Needs Improvement. -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Fri Oct 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1 +- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI diff --git a/pki/dogtag/util/build_dogtag b/pki/dogtag/util/build_dogtag index 1fc2bd951..c2cf4573c 100755 --- a/pki/dogtag/util/build_dogtag +++ b/pki/dogtag/util/build_dogtag @@ -33,6 +33,50 @@ export DOGTAG_COMPONENT DOGTAG_SPECFILE="pki-util.spec" export DOGTAG_SPECFILE +# Set PKI 'ant' environment variables (originally obtained from specfile) +PKI_PRODUCT_UI_FLAVOR_PREFIX="" +export PKI_PRODUCT_UI_FLAVOR_PREFIX +PKI_PRODUCT_PREFIX="pki" +export PKI_PRODUCT_PREFIX +PKI_PRODUCT="util" +export PKI_PRODUCT +PKI_VERSION="1.3.0" +export PKI_VERSION + +# Set Dogtag helper variables +DOGTAG_COMPONENT_NAME=${PKI_PRODUCT} +export DOGTAG_COMPONENT_NAME +DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc +export DOGTAG_WGET_URL + +# Obtain '${DOGTAG_SPECFILE}' as necessary +if [ "$1" = "refresh" ]; then + if [ -f "${DOGTAG_SPECFILE}" ]; then + printf "Removing '${DOGTAG_SPECFILE}' . . . " + rm -rf ${DOGTAG_SPECFILE} + printf "done.\n" + fi + shift +fi +if [ ! -f "${DOGTAG_SPECFILE}" ]; then + # Check for Fedora Operating System + if [ ! -f /etc/fedora-release ]; then + printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n" + exit 255 + fi + # Obtain Fedora Operating System Version + FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`" + export FEDORA_VERSION + # Retrieve '${DOGTAG_SPECFILE}' from Koji + printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n" + wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co + if [ ! -s "${DOGTAG_SPECFILE}" ]; then + printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n" + rm -rf ${DOGTAG_SPECFILE} + exit 255 + fi +fi + # Invoke the shared Dogtag PKI build script config-ext/build_dogtag_pki $@ diff --git a/pki/dogtag/util/pki-util.spec b/pki/dogtag/util/pki-util.spec index 511657c8a..4925e8717 100644 --- a/pki/dogtag/util/pki-util.spec +++ b/pki/dogtag/util/pki-util.spec @@ -1,328 +1,88 @@ -# BEGIN COPYRIGHT BLOCK -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -############################################################################### -### D E F I N I T I O N S ### -############################################################################### - -## Entity Definitions -%define base_entity Dogtag -%define base_prefix pki - -## Product Definitions -%define base_system Certificate System -%define base_product PKI Utility Framework -%define base_component util -%define base_pki %{base_entity} %{base_system} - -## Package Header Definitions -%define base_name %{base_prefix}-%{base_component} -%define base_version 1.2.0 -%define base_release 3 -%define base_group System Environment/Base -%define base_vendor Red Hat, Inc. -%define base_license GPLv2 with exceptions -%define base_packager %{base_vendor} <http://bugzilla.redhat.com/bugzilla> -%define base_summary %{base_pki} - %{base_product} -%define base_url http://pki.fedoraproject.org/wiki/PKI_Documentation - -## Subpackage Header Definitions -%define javadoc_summary %{base_summary} Javadocs -%define javadoc_group Development/Documentation - -## Helper Definitions -%define pki_jdk java-devel >= 1:1.6.0 -# Override the default 'pki_jdk' on Fedora 8 platforms -%{?fc8:%define pki_jdk java-devel >= 1.7.0} -%define pki_ca %{base_entity} Certificate Authority -%define pki_drm %{base_entity} Data Recovery Manager -%define pki_ds Fedora Directory Server -%define pki_ocsp %{base_entity} Online Certificate Status Protocol Manager -%define pki_ra %{base_entity} Registration Authority -%define pki_tks %{base_entity} Token Key Service -%define pki_tps %{base_entity} Token Processing System - -## Don't build the debug packages -%define debug_package %{nil} - - -##===================## -## Linux Definitions ## -##===================## -%ifos Linux -## Bugzilla Bug #246173: The following section is necessary due to -## Bugzilla Bug #232224 and is related to using the IBM JDK with a -## specific version of glibc on specific platforms on specific architectures -#%ifarch x86_64 -#export LD_PRELOAD=/usr/lib/jvm/java-1.5.0-ibm-1.5.0.3.x86_64/jre/bin/libj9vm23.so:/usr/lib/jvm/java-1.5.0-ibm-1.5.0.3.x86_64/jre/bin/libj9thr23.so:/usr/lib/jvm/java-1.5.0-ibm-1.5.0.3.x86_64/jre/bin/libjsig.so -#%endif - -## A distribution model is required on certain Linux operating systems! -## -## check for a pre-defined distribution model -%define undefined_distro %(test "%{dist}" = "" && echo 1 || echo 0) -%if %{undefined_distro} -%define is_fedora %(test -e /etc/fedora-release && echo 1 || echo 0) -%if %{is_fedora} -## define a default distribution model on Fedora Linux -%define dist_prefix .fc -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/fedora-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%else -%define is_redhat %(test -e /etc/redhat-release && echo 1 || echo 0) -%if %{is_redhat} -## define a default distribution model on Red Hat Linux -%define dist_prefix .el -%define dist_version %(echo `rpm -qf --qf='%{VERSION}' /etc/redhat-release` | tr -d [A-Za-z]) -%define dist %{dist_prefix}%{dist_version} -%endif -%endif -%endif -%endif - - - -############################################################################### -### P A C K A G E H E A D E R ### -############################################################################### - -Name: %{base_name} -Version: %{base_version} -Release: %{base_release}%{?dist} -Summary: %{base_summary} -Vendor: %{base_vendor} -URL: %{base_url} -License: %{base_license} -Packager: %{base_packager} -Group: %{base_group} - - -## Without AutoReqProv: no, rpmbuild finds all sorts of crazy -## dependencies that we don't care about, and refuses to install -AutoReqProv: no +Name: pki-util +Version: 1.3.0 +Release: 1%{?dist} +Summary: Dogtag Certificate System - PKI Utility Framework +URL: http://pki.fedoraproject.org/ +License: GPLv2 with exceptions +Group: System Environment/Base BuildArch: noarch -BuildRoot: %{_builddir}/%{base_name}-root - - -## NOTE: This spec file may require a specific JDK, "gcc", and/or "gcc-c++" -## packages as well as the "rpm" and "rpm-build" packages. -## -## Technically, "ant" should not need to be in "BuildRequires" since -## it is the Java equivalent of "make" (and/or "Autotools"). -## -BuildRequires: ant >= 1.6.2, %{pki_jdk}, jpackage-utils >= 1.6.0, jss >= 4.2.6, ldapjdk >= 4.17, osutil >= 1.0.0, xerces-j2 - -## Without Requires something, rpmbuild will abort! -Requires: jpackage-utils >= 1.6.0, jss >= 4.2.6, ldapjdk >= 4.17 +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -## This package is non-relocatable! -#Prefix: +BuildRequires: ant +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6 +BuildRequires: ldapjdk +BuildRequires: osutil +BuildRequires: xerces-j2 -Source0: %{base_name}-%{base_version}.tar.gz - -## This package currently contains no patches! -#Patch0: +Requires: java >= 1:1.6.0 +Requires: jpackage-utils +Requires: jss >= 4.2.6 +Requires: ldapjdk +Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz %description -%{base_pki} is an enterprise software system designed +Dogtag Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. -The %{base_entity} %{base_product} is required by the following four -%{base_entity} PKI subsystems: - - the %{pki_ca}, - the %{pki_drm}, - the %{pki_ocsp}, and - the %{pki_tks}. - - +The Dogtag PKI Utility Framework is required by the following four +Dogtag PKI subsystems: -############################################################################### -### S U B P A C K A G E H E A D E R ### -############################################################################### + the Dogtag Certificate Authority, + the Dogtag Data Recovery Manager, + the Dogtag Online Certificate Status Protocol Manager, and + the Dogtag Token Key Service. %package javadoc -Summary: %{javadoc_summary} -Group: %{javadoc_group} - - -## Subpackages should always use package = version-release -Requires: %{base_name} = %{version}-%{release} +Summary: Dogtag Certificate System - PKI Utility Framework Javadocs +Group: Documentation +Requires: %{name} = %{version}-%{release} %description javadoc -%{javadoc_summary} +Dogtag Certificate System - PKI Utility Framework Javadocs This documentation pertains exclusively to version %{version} of -the %{base_entity} %{base_product}. - - +the Dogtag PKI Utility Framework. -############################################################################### -### P R E P A R A T I O N & S E T U P ### -############################################################################### - -## On Linux systems, prep and setup expect there to be a Source file -## in the /usr/src/redhat/SOURCES directory - it will be unpacked -## in the _builddir (not BuildRoot) %prep - %setup -q - -## This package currently contains no patches! -#%patch0 -# patches - - - -############################################################################### -### B U I L D P R O C E S S ### -############################################################################### - %build -ant -Dspecfile=%{base_name}.spec - - - -############################################################################### -### I N S T A L L A T I O N P R O C E S S ### -############################################################################### +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="pki" \ + -Dproduct="util" \ + -Dversion="%{version}" %install +rm -rf %{buildroot} cd dist/binary -unzip %{name}-%{version}.zip -d ${RPM_BUILD_ROOT} -cd ${RPM_BUILD_ROOT}/usr/share/java/%{base_prefix} +unzip %{name}-%{version}.zip -d %{buildroot} +cd %{buildroot}%{_datadir}/java/pki mv cmsutil.jar cmsutil-%{version}.jar -mv nsutil.jar nsutil-%{version}.jar ln -s cmsutil-%{version}.jar cmsutil.jar +mv nsutil.jar nsutil-%{version}.jar ln -s nsutil-%{version}.jar nsutil.jar - - -############################################################################### -### C L E A N U P P R O C E S S ### -############################################################################### - %clean -rm -rf ${RPM_BUILD_ROOT} - - - -############################################################################### -### P R E & P O S T I N S T A L L / U N I N S T A L L S C R I P T S ### -############################################################################### - -## This package currently contains no pre-installation process! -#%pre - - -## This package currently contains no post-installation process! -#%post - - -## This package currently contains no pre-uninstallation process! -#%preun - - -## This package currently contains no post-uninstallation process! -#%postun - - - -############################################################################### -### I N V E N T O R Y O F F I L E S A N D D I R E C T O R I E S ### -############################################################################### +rm -rf %{buildroot} %files -%attr(-,root,root) %{_datadir}/doc/%{base_name}-%{base_version}/* -%attr(-,root,root) %{_datadir}/java/%{base_prefix} - +%defattr(-,root,root,-) +%doc LICENSE +%{_datadir}/java/pki %files javadoc %defattr(0644,root,root,0755) %dir %{_javadocdir}/%{name}-%{version} %{_javadocdir}/%{name}-%{version}/* - - -############################################################################### -### C H A N G E L O G ### -############################################################################### - %changelog -* Thu Sep 3 2009 Andrew Wnuk <awnuk@redhat.com> 1.2.0-3 -- Bugzilla Bug #514270 - improved skipping sequence for quick CRL parsing -* Tue Aug 25 2009 Christina Fu <cfu@redhat.com> 1.2.0-2 -- Bugzilla Bug #465507 - Enhancement: Support SHA2 + EC signature algorithms -* Tue Jul 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.2.0-1 -- Version update to Dogtag 1.2.0. -* Wed Jul 8 2009 Christina Fu <cfu@redhat.com> 1.1.0-7 -- Bugzilla Bug #467200 - (ECC Certicom) added mapping of SHA1withEC -* Fri Jun 5 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-6 -- Bugzilla Bug #471318 - adding triple DES and SHA1, SHA256, SHA512 -* Wed Jun 3 2009 Christina Fu <cfu@redhat.com> 1.1.0-5 -- Bugzilla Bug #455305 - CA ECC signing Key Failure - Bugzilla Bug #223279 - ECC: Ca: unable to perform agent auth on a machine with nCipher ECC HSM -* Wed May 20 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-4 -- Bugzilla Bug #491185 - added new revocation reasons to comply with RFC 5280 -* Tue May 19 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-3 -- Bugzilla Bug #491185 - added Authority Info Access extension to CRLs to comply with RFC 5280 -* Fri Apr 10 2009 Ade Lee <alee@redhat.com> 1.1.0-2 -- Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped -* Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 -- Version update to Dogtag 1.1.0. -* Thu Mar 26 2009 Andrew Wnuk <awnuk@redhat.com> 1.0.0-13 -- Bugzilla Bug #445052 - HTTP 1.1 support when fetching CRLs -* Sat Feb 14 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-12 -- Bugzilla Bug #250874 -Change spec file dependencies to rely on latest - versions of components (NSPR, NSS, JSS, MOD_NSS) -* Fri Feb 13 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-11 -- Bugzilla Bug #485522 - Need rpm spec file to require xerces-j2 -- required to build javadocs -* Thu Feb 12 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-10 -- Bugzilla Bug #483699 - problem with the epoch in the spec file causes - build to fail -* Wed Feb 11 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-9 -- cleaned up some javadoc warnings -* Fri Nov 28 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-8 -- Bugzilla Bug #445402 - changed "linux"/"fedora" to "dogtag"; changed - "pki-svn.fedora.redhat.com" to "pki.fedoraproject.org" -* Sat Nov 22 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-7 -- Bugzilla Bug #472305 - "equality" tests in all spec files need to be fixed -- Bumped "java" and "java-devel" 1.4.2 and 1.5.0 dependencies to 1.6.0 -- Changed "java-sdk" to "java-devel" for consistency -* Fri Oct 9 2008 Ade Lee <alee@redhat.com> 1.0.0-6 -- Fix for bug #223361: Security Domain in LDAP -* Tue Sep 16 2008 Christina Fu <cfu@redhat.com> 1.0.0-5 -- Fix for bug #462488: IPAddress in SubjAltNameExt incorrectly padded with extra bytes in cert -* Wed Aug 13 2008 Ade Lee <alee@redhat.com> 1.0.0-4 -- Fix for bug #458317: certitificate policy extensions not displayed in PrettyPrintCert -* Wed Jun 25 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-3 -- Fix for bug #443687. -* Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 -- Bugzilla Bug #450345: Port Dogtag 1.0.0 to - Fedora 9 (32-bit i386 & 64-bit x86_64). -* Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 -- Initial open source version based upon proprietary - Red Hat Certificate System (RHCS) 7.3. - +* Tue Oct 13 2009 Ade Lee <alee@redhat.com> 1.3.0-1 +- Bugzilla Bug #521989 - packaging for Fedora Dogtag |