diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-01-21 23:26:21 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-01-21 23:26:21 +0000 |
commit | 2fabf12357855e4b9b21c68384d61e5f1067f20e (patch) | |
tree | 7bc3528c7fbe3f6f69807fc68fbbb3b27bc1880a /pki/dogtag | |
parent | 67ee705eafd9fb655f61732ba3c8ec2c869a409e (diff) | |
download | pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.tar.gz pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.tar.xz pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.zip |
Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into pkicreate . . .
Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@934 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/dogtag')
-rw-r--r-- | pki/dogtag/ra/pki-ra.spec | 58 | ||||
-rwxr-xr-x | pki/dogtag/selinux/build_dogtag | 2 | ||||
-rw-r--r-- | pki/dogtag/selinux/pki-selinux.spec | 9 | ||||
-rwxr-xr-x | pki/dogtag/setup/build_dogtag | 2 | ||||
-rw-r--r-- | pki/dogtag/setup/pki-setup.spec | 9 | ||||
-rw-r--r-- | pki/dogtag/tps/pki-tps.spec | 157 |
6 files changed, 173 insertions, 64 deletions
diff --git a/pki/dogtag/ra/pki-ra.spec b/pki/dogtag/ra/pki-ra.spec index fe0b1dcb1..da50d2dab 100644 --- a/pki/dogtag/ra/pki-ra.spec +++ b/pki/dogtag/ra/pki-ra.spec @@ -1,6 +1,6 @@ Name: pki-ra Version: 1.3.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Dogtag Certificate System - Registration Authority URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -11,7 +11,6 @@ BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: ant -BuildRequires: dogtag-pki-ra-ui Requires: mod_nss >= 1.0.7 Requires: mod_perl >= 1.99_16 @@ -28,8 +27,13 @@ Requires: perl-XML-Simple Requires: pki-ra-ui Requires: pki-selinux Requires: pki-setup +Requires: pki-silent Requires: sendmail Requires: sqlite +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -50,6 +54,7 @@ Dogtag Certificate Authority to fulfill the user's requests. %build ant \ + -Dinit.d="rc.d/init.d" \ -Dproduct.ui.flavor.prefix="" \ -Dproduct.prefix="pki" \ -Dproduct="ra" \ @@ -60,45 +65,44 @@ rm -rf %{buildroot} cd dist/binary unzip %{name}-%{version}.zip -d %{buildroot} sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ra/conf/CS.cfg +mkdir -p %{buildroot}%{_localstatedir}/lock/pki/ra +mkdir -p %{buildroot}%{_localstatedir}/run/pki/ra %clean rm -rf %{buildroot} -%pre -if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"pkiuser\" to /etc/group." - groupadd pkiuser -fi -if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"pkiuser\" to /etc/passwd." - useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser -fi - %post -%{_datadir}/pki/ra/setup/postinstall pki ra %{version} %{release} -echo "" -echo "Install finished." +# This adds the proper /etc/rc*.d links for the script +/sbin/chkconfig --add pki-rad || : %preun -if [ -d /var/lib/pki-ra ] ; then - echo "WARNING: The default instance \"/var/lib/pki-ra\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"/var/lib/pki-ra\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"/var/lib/pki-ra\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/pki-ra stop +if [ $1 = 0 ] ; then + /sbin/service pki-rad stop >/dev/null 2>&1 + /sbin/chkconfig --del pki-rad || : +fi + +%postun +if [ "$1" -ge "1" ] ; then + /sbin/service pki-rad condrestart >/dev/null 2>&1 || : fi %files %defattr(-,root,root,-) %doc LICENSE -%{_datadir}/pki/ra/* +%{_initrddir}/* +%{_datadir}/pki/ +%{_localstatedir}/lock/* +%{_localstatedir}/run/* %changelog +* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into + pkicreate . . . +- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model +- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . +- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority + * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 - Removed 'with exceptions' from License diff --git a/pki/dogtag/selinux/build_dogtag b/pki/dogtag/selinux/build_dogtag index 6c92dcd7a..ee83ba4d0 100755 --- a/pki/dogtag/selinux/build_dogtag +++ b/pki/dogtag/selinux/build_dogtag @@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki" export PKI_PRODUCT_PREFIX PKI_PRODUCT="selinux" export PKI_PRODUCT -PKI_VERSION="1.3.1" +PKI_VERSION="1.3.2" export PKI_VERSION # Set Dogtag helper variables diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec index d4303879e..a76eb5224 100644 --- a/pki/dogtag/selinux/pki-selinux.spec +++ b/pki/dogtag/selinux/pki-selinux.spec @@ -1,5 +1,5 @@ Name: pki-selinux -Version: 1.3.1 +Version: 1.3.2 Release: 1%{?dist} Summary: Dogtag Certificate System - PKI Selinux Policies URL: https://pki.fedoraproject.org/ @@ -82,6 +82,13 @@ fi %{_datadir}/selinux/modules/pki.pp %changelog +* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-1 +- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into + pkicreate . . . +- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model +- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . + * Mon Jan 11 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 - Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model - Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . . diff --git a/pki/dogtag/setup/build_dogtag b/pki/dogtag/setup/build_dogtag index 2dba56ab3..0849a74bc 100755 --- a/pki/dogtag/setup/build_dogtag +++ b/pki/dogtag/setup/build_dogtag @@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki" export PKI_PRODUCT_PREFIX PKI_PRODUCT="setup" export PKI_PRODUCT -PKI_VERSION="1.3.1" +PKI_VERSION="1.3.2" export PKI_VERSION # Set Dogtag helper variables diff --git a/pki/dogtag/setup/pki-setup.spec b/pki/dogtag/setup/pki-setup.spec index 6f3e99ca4..79bfa62f9 100644 --- a/pki/dogtag/setup/pki-setup.spec +++ b/pki/dogtag/setup/pki-setup.spec @@ -1,5 +1,5 @@ Name: pki-setup -Version: 1.3.1 +Version: 1.3.2 Release: 1%{?dist} Summary: Dogtag Certificate system - PKI Instance Creation and Removal Scripts URL: http://pki.fedoraproject.org/ @@ -51,6 +51,13 @@ rm -rf %{buildroot} %{_datadir}/pki/ %changelog +* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-1 +- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into + pkicreate . . . +- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model +- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . + * Thu Jan 7 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 - Bugzilla Bug #475895 - Disallow creation of an initial login shell - Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into diff --git a/pki/dogtag/tps/pki-tps.spec b/pki/dogtag/tps/pki-tps.spec index 1b684a8d0..d7f01cbe4 100644 --- a/pki/dogtag/tps/pki-tps.spec +++ b/pki/dogtag/tps/pki-tps.spec @@ -1,6 +1,6 @@ Name: pki-tps Version: 1.3.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Dogtag Certificate System - Token Processing System URL: http://pki.fedoraproject.org/ License: LGPLv2 @@ -14,7 +14,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: apr-devel BuildRequires: apr-util-devel BuildRequires: cyrus-sasl-devel -BuildRequires: dogtag-pki-tps-ui BuildRequires: httpd-devel >= 2.2.3 BuildRequires: mozldap-devel BuildRequires: nspr-devel >= 4.6.99 @@ -36,7 +35,12 @@ Requires: perl-XML-Parser Requires: perl-XML-Simple Requires: pki-selinux Requires: pki-setup +Requires: pki-silent Requires: pki-tps-ui +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -60,6 +64,16 @@ fulfill the user's requests. Dogtag Token Processing System also interacts with the token database, an LDAP server that stores information about individual tokens. +%package devel +Group: Development/Libraries +Summary: Dogtag Certificate System - Token Processing System Library Symlinks + +Requires: %{name} = %{version}-%{release} + +%description devel +This package contains symlinks to the Dogtag Certificate System Token +Processing System library files required to link executables. + %prep %setup -q -n %{name}-%{version} @@ -74,61 +88,138 @@ make %install rm -rf %{buildroot} -make install DESTDIR=%{buildroot} +make install DESTDIR=%{buildroot} INSTALL="install -p" ## rearrange files to be in the desired native packaging layout -./setup_package %{buildroot} pki tps %{version} %{release} %{buildroot}/opt +# create the appropriate subdirectories +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_libdir}/httpd/modules +mkdir -p %{buildroot}%{_libdir}/pki/tps +mkdir -p %{buildroot}%{_datadir}/pki/tps/docroot +mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Base +mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Service +mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/TPS +mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/Template +mkdir -p %{buildroot}%{_localstatedir}/lock/pki/tps +mkdir -p %{buildroot}%{_localstatedir}/run/pki/tps + +# unpack the package contents to the appropriate subdirectories +cp -p %{buildroot}/opt/apache/modules/*.so %{buildroot}%{_libdir}/httpd/modules +cp -rp %{buildroot}/opt/alias* %{buildroot}%{_datadir}/pki/tps +cp -rp %{buildroot}/opt/applets* %{buildroot}%{_datadir}/pki/tps +cp -rp %{buildroot}/opt/cgi-bin* %{buildroot}%{_datadir}/pki/tps +cp -rp %{buildroot}/opt/conf* %{buildroot}%{_datadir}/pki/tps +cp -p %{buildroot}/opt/docroot/index.cgi %{buildroot}%{_datadir}/pki/tps/docroot +chmod 00755 %{buildroot}%{_datadir}/pki/tps/docroot/index.cgi +cp -p %{buildroot}/opt/docroot/index.html %{buildroot}%{_datadir}/pki/tps/docroot +cp -rp %{buildroot}/opt/docroot/demo* %{buildroot}%{_datadir}/pki/tps/docroot +cp -rp %{buildroot}/opt/docroot/home* %{buildroot}%{_datadir}/pki/tps/docroot +cp -rp %{buildroot}/opt/docroot/so* %{buildroot}%{_datadir}/pki/tps/docroot +cp -rp %{buildroot}/opt/docroot/sow* %{buildroot}%{_datadir}/pki/tps/docroot +cp -rp %{buildroot}/opt/docroot/tokendb* %{buildroot}%{_datadir}/pki/tps/docroot +cp -rp %{buildroot}/opt/docroot/tps* %{buildroot}%{_datadir}/pki/tps/docroot +cp -rp %{buildroot}/opt/logs* %{buildroot}%{_datadir}/pki/tps +cp -rp %{buildroot}/opt/perl/base/* %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Base +chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Base/*.pm +cp -rp %{buildroot}/opt/perl/modules/* %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/TPS +chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/TPS/*.pm +cp -rp %{buildroot}/opt/perl/service/* %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Service +chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Service/*.pm +cp -rp %{buildroot}/opt/perl/templates/* %{buildroot}%{_datadir}/pki/tps/lib/perl/Template +chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/Template/*.pm +cp -rp %{buildroot}/opt/samples* %{buildroot}%{_datadir}/pki/tps +cp -rp %{buildroot}/opt/scripts* %{buildroot}%{_datadir}/pki/tps +cp -rp %{buildroot}/opt/setup* %{buildroot}%{_datadir}/pki/tps +cp -rp %{buildroot}/opt/templates* %{buildroot}%{_datadir}/pki/tps +cp -p %{buildroot}%{_libexecdir}/apachectl* %{buildroot}%{_libdir}/pki/tps +cp -p %{buildroot}%{_libexecdir}/tpsclient* %{buildroot}%{_libdir}/pki/tps + +# strip symbolic information +cd %{buildroot}%{_libdir} ; +%{__strip} libldapauth.so ; +%{__strip} libtokendb.so ; +%{__strip} libtps.so +cd %{buildroot}%{_libdir}/httpd/modules ; +%{__strip} mod_tokendb.so ; +%{__strip} mod_tps.so +cd %{buildroot}%{_libdir}/pki/tps ; +%{__strip} tpsclient + +# create wrappers +for wrapper in tpsclient +do + sed -e "s|\[PKI_PRODUCT\]|pki|g" \ + -e "s|\[PKI_SUBSYSTEM\]|tps|g" \ + -e "s|\[PKI_COMMAND\]|${wrapper}|g" \ + %{buildroot}/opt/templates/pki_subsystem_command_wrapper > %{buildroot}%{_bindir}/${wrapper} ; +done + +# create useful symbolic links as appropriate +cd %{buildroot}%{_datadir}/pki/tps/docroot +ln -s tokendb tus + +# fix version information in primary configuration file sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/tps/conf/CS.cfg ## remove unwanted files rm -rf %{buildroot}/opt/ rm -rf %{buildroot}%{_libdir}/debug/ -rm -rf %{buildroot}/usr/libexec/ -rm -rf %{buildroot}/etc/init.d/ rm -rf %{buildroot}%{_libdir}/lib*.la +rm -rf %{buildroot}%{_libexecdir} +rm -rf %{buildroot}%{_datadir}/pki/tps/templates/ %clean rm -rf %{buildroot} -%pre -if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"pkiuser\" to /etc/group." - groupadd pkiuser -fi -if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"pkiuser\" to /etc/passwd." - useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser -fi %post -chmod 00755 %{_datadir}/pki/tps/setup/postinstall -%{_datadir}/pki/tps/setup/postinstall pki tps %{version} %{release} -echo "" -echo "Install finished." +/sbin/ldconfig +# This adds the proper /etc/rc*.d links for the script +/sbin/chkconfig --add pki-tpsd || : %preun -if [ -d /var/lib/pki-tps ] ; then - echo "WARNING: The default instance \"/var/lib/pki-tps\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"/var/lib/pki-tps\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"/var/lib/pki-tps\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/pki-tps stop +if [ $1 = 0 ] ; then + /sbin/service pki-tpsd stop >/dev/null 2>&1 + /sbin/chkconfig --del pki-tpsd || : +fi + + +%postun +/sbin/ldconfig +if [ "$1" -ge "1" ] ; then + /sbin/service pki-tpsd condrestart >/dev/null 2>&1 || : fi %files %defattr(-,root,root,-) %doc LICENSE -/etc/httpd/modules/* +%{_initrddir}/* %{_bindir}/* -%{_libdir}/* -%{_datadir}/pki/tps/ +%{_libdir}/httpd/modules/* +%{_libdir}/libldapauth.so.* +%{_libdir}/libtokendb.so.* +%{_libdir}/libtps.so.* +%{_libdir}/pki/ +%{_datadir}/pki/ +%{_localstatedir}/lock/* +%{_localstatedir}/run/* + +%files devel +%defattr(-,root,root,-) +%{_libdir}/libldapauth.so +%{_libdir}/libtokendb.so +%{_libdir}/libtps.so %changelog +* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4 +- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into + pkicreate . . . +- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model +- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . +- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . +- Bugzilla Bug #553852 - Review Request: pki-tps - Dogtag Certificate System + Token Processing System + * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-3 - Removed BuildRequires bash - Removed 'with exceptions' from License |