Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1IPA_v2_RHEL_6_2_20111003

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

2 files changed, 204 insertions, 0 deletions

diff --git a/pki/dogtag/ocsp/build_dogtag b/pki/dogtag/ocsp/build_dogtag
new file mode 100755
index 000000000..f736c15ae
--- /dev/null
+++ b/pki/dogtag/ocsp/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="pki-ocsp.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX=""
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="ocsp"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/pki/dogtag/ocsp/pki-ocsp.spec b/pki/dogtag/ocsp/pki-ocsp.spec
new file mode 100644
index 000000000..eacd28196
--- /dev/null
+++ b/pki/dogtag/ocsp/pki-ocsp.spec
@@ -0,0 +1,122 @@
+Name:           pki-ocsp
+Version:        9.0.0
+Release:        1%{?dist}
+Summary:        Dogtag Certificate System - Online Certificate Status Protocol Manager
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2
+Group:          System Environment/Daemons
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+BuildRequires:  java-devel >= 1:1.6.0
+BuildRequires:  jpackage-utils
+BuildRequires:  jss >= 4.2.6
+BuildRequires:  pki-common
+BuildRequires:  pki-util
+BuildRequires:  tomcatjss
+
+Requires:       java >= 1:1.6.0
+Requires:       pki-common
+Requires:       pki-ocsp-ui
+Requires:       pki-selinux
+Requires(post):    chkconfig
+Requires(preun):   chkconfig
+Requires(preun):   initscripts
+Requires(postun):  initscripts
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag Online Certificate Status Protocol Manager is an optional
+PKI subsystem that can act as a stand-alone Online Certificate
+Status Protocol (OCSP) service.
+The Dogtag Online Certificate Status Protocol Manager performs the task of an
+online certificate validation authority by enabling OCSP-compliant clients to
+do real-time verification of certificates.  Note that an online
+certificate-validation authority is often referred to as an OCSP Responder.
+
+Although the Dogtag Certificate Authority is already configured with an
+internal OCSP service.  An external OCSP Responder is offered as a separate
+subsystem in case the user wants the OCSP service provided outside of a
+firewall while the Dogtag Certificate Authority resides inside of a firewall,
+or to take the load of requests off of the Dogtag Certificate Authority.
+
+The Dogtag Online Certificate Status Protocol Manager can receive Certificate
+Revocation Lists (CRLs) from multiple Dogtag Certificate Authority servers,
+and clients can query the Dogtag Online Certificate Status Protocol Manager
+for the revocation status of certificates issued by all of these
+Dogtag Certificate Authority servers.
+
+When an instance of Dogtag Online Certificate Status Protocol Manager is
+set up with an instance of Dogtag Certificate Authority, and publishing
+is set up to this Dogtag Online Certificate Status Protocol Manager,
+CRLs are published to it whenever they are issued or updated.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dinit.d="rc.d/init.d" \
+    -Dproduct.ui.flavor.prefix="" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="ocsp" \
+    -Dversion="%{version}"
+
+%install
+%define major_version %(echo `echo %{version} | awk -F. '{ print $1 }'`)
+%define minor_version %(echo `echo %{version} | awk -F. '{ print $2 }'`)
+%define patch_version %(echo `echo %{version} | awk -F. '{ print $3 }'`)
+
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+cd %{buildroot}%{_datadir}/pki/ocsp/conf
+mv CS.cfg.in CS.cfg
+sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg
+sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg
+mkdir -p %{buildroot}%{_localstatedir}/lock/pki/ocsp
+mkdir -p %{buildroot}%{_localstatedir}/run/pki/ocsp
+cd %{buildroot}%{_datadir}/pki/ocsp/setup
+mv config.desktop.in config.desktop
+cd %{buildroot}%{_javadir}/pki
+mv pki-ocsp.jar pki-ocsp-%{version}.jar
+ln -s pki-ocsp-%{version}.jar pki-ocsp.jar
+
+%clean
+rm -rf %{buildroot}
+
+%post
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-ocspd || :
+
+%preun
+if [ $1 = 0 ] ; then
+    /sbin/service pki-ocspd stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-ocspd || :
+fi
+
+%postun
+if [ "$1" -ge "1" ] ; then
+    /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || :
+fi
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_initrddir}/*
+%{_javadir}/pki/
+%{_datadir}/pki/
+%{_localstatedir}/lock/*
+%{_localstatedir}/run/*
+
+%changelog
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.