Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into pkicreate . . .

Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@934 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-01-21 23:26:21 +0000
committer: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-01-21 23:26:21 +0000
commit: 2fabf12357855e4b9b21c68384d61e5f1067f20e (patch)
tree: 7bc3528c7fbe3f6f69807fc68fbbb3b27bc1880a /pki/dogtag
parent: 67ee705eafd9fb655f61732ba3c8ec2c869a409e (diff)
download: pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.tar.gz
pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.tar.xz
pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.zip
6 files changed, 173 insertions, 64 deletions
diff --git a/pki/dogtag/ra/pki-ra.spec b/pki/dogtag/ra/pki-ra.spec
index fe0b1dcb1..da50d2dab 100644
--- a/pki/dogtag/ra/pki-ra.spec
+++ b/pki/dogtag/ra/pki-ra.spec
@@ -1,6 +1,6 @@
 Name:           pki-ra
 Version:        1.3.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Dogtag Certificate System - Registration Authority
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -11,7 +11,6 @@ BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  ant
-BuildRequires:  dogtag-pki-ra-ui
 
 Requires:       mod_nss >= 1.0.7
 Requires:       mod_perl >= 1.99_16
@@ -28,8 +27,13 @@ Requires:       perl-XML-Simple
 Requires:       pki-ra-ui
 Requires:       pki-selinux
 Requires:       pki-setup
+Requires:       pki-silent
 Requires:       sendmail
 Requires:       sqlite
+Requires(post):    chkconfig
+Requires(preun):   chkconfig
+Requires(preun):   initscripts
+Requires(postun):  initscripts
 
 Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
 
@@ -50,6 +54,7 @@ Dogtag Certificate Authority to fulfill the user's requests.
 
 %build
 ant \
+    -Dinit.d="rc.d/init.d" \
     -Dproduct.ui.flavor.prefix="" \
     -Dproduct.prefix="pki" \
     -Dproduct="ra" \
@@ -60,45 +65,44 @@ rm -rf %{buildroot}
 cd dist/binary
 unzip %{name}-%{version}.zip -d %{buildroot}
 sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ra/conf/CS.cfg
+mkdir -p %{buildroot}%{_localstatedir}/lock/pki/ra
+mkdir -p %{buildroot}%{_localstatedir}/run/pki/ra
 
 %clean
 rm -rf %{buildroot}
 
-%pre
-if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then
-        echo "Adding default PKI group \"pkiuser\" to /etc/group."
-        groupadd pkiuser
-fi
-if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then
-        echo "Adding default PKI user \"pkiuser\" to /etc/passwd."
-        useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser
-fi
-
 %post
-%{_datadir}/pki/ra/setup/postinstall pki ra %{version} %{release}
-echo ""
-echo "Install finished."
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-rad || :
 
 %preun
-if [ -d /var/lib/pki-ra ] ; then
-        echo "WARNING:  The default instance \"/var/lib/pki-ra\" was NOT removed!"
-        echo ""
-        echo "NOTE:  This means that the data in the default instance called"
-        echo "       \"/var/lib/pki-ra\" will NOT be overwritten once the"
-        echo "       \"%{name}\" package is re-installed."
-        echo ""
-        echo "Shutting down the default instance \"/var/lib/pki-ra\""
-        echo "PRIOR to uninstalling the \"%{name}\" package:"
-        echo ""
-        /etc/init.d/pki-ra stop
+if [ $1 = 0 ] ; then
+    /sbin/service pki-rad stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-rad || :
+fi
+
+%postun
+if [ "$1" -ge "1" ] ; then
+    /sbin/service pki-rad condrestart >/dev/null 2>&1 || :
 fi
 
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
-%{_datadir}/pki/ra/*
+%{_initrddir}/*
+%{_datadir}/pki/
+%{_localstatedir}/lock/*
+%{_localstatedir}/run/*
 
 %changelog
+* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
+  pkicreate . . .
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority
+
 * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
 - Removed 'with exceptions' from License
 
diff --git a/pki/dogtag/selinux/build_dogtag b/pki/dogtag/selinux/build_dogtag
index 6c92dcd7a..ee83ba4d0 100755
--- a/pki/dogtag/selinux/build_dogtag
+++ b/pki/dogtag/selinux/build_dogtag
@@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki"
 export PKI_PRODUCT_PREFIX
 PKI_PRODUCT="selinux"
 export PKI_PRODUCT
-PKI_VERSION="1.3.1"
+PKI_VERSION="1.3.2"
 export PKI_VERSION
 
 # Set Dogtag helper variables
diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec
index d4303879e..a76eb5224 100644
--- a/pki/dogtag/selinux/pki-selinux.spec
+++ b/pki/dogtag/selinux/pki-selinux.spec
@@ -1,5 +1,5 @@
 Name:           pki-selinux
-Version:        1.3.1
+Version:        1.3.2
 Release:        1%{?dist}
 Summary:        Dogtag Certificate System - PKI Selinux Policies
 URL:            https://pki.fedoraproject.org/
@@ -82,6 +82,13 @@ fi
 %{_datadir}/selinux/modules/pki.pp
 
 %changelog
+* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-1
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
+  pkicreate . . .
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+
 * Mon Jan 11 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
 - Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
 - Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . .
diff --git a/pki/dogtag/setup/build_dogtag b/pki/dogtag/setup/build_dogtag
index 2dba56ab3..0849a74bc 100755
--- a/pki/dogtag/setup/build_dogtag
+++ b/pki/dogtag/setup/build_dogtag
@@ -40,7 +40,7 @@ PKI_PRODUCT_PREFIX="pki"
 export PKI_PRODUCT_PREFIX
 PKI_PRODUCT="setup"
 export PKI_PRODUCT
-PKI_VERSION="1.3.1"
+PKI_VERSION="1.3.2"
 export PKI_VERSION
 
 # Set Dogtag helper variables
diff --git a/pki/dogtag/setup/pki-setup.spec b/pki/dogtag/setup/pki-setup.spec
index 6f3e99ca4..79bfa62f9 100644
--- a/pki/dogtag/setup/pki-setup.spec
+++ b/pki/dogtag/setup/pki-setup.spec
@@ -1,5 +1,5 @@
 Name:           pki-setup
-Version:        1.3.1
+Version:        1.3.2
 Release:        1%{?dist}
 Summary:        Dogtag Certificate system - PKI Instance Creation and Removal Scripts
 URL:            http://pki.fedoraproject.org/
@@ -51,6 +51,13 @@ rm -rf %{buildroot}
 %{_datadir}/pki/
 
 %changelog
+* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-1
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
+  pkicreate . . .
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+
 * Thu Jan 7 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
 - Bugzilla Bug #475895 - Disallow creation of an initial login shell
 - Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
diff --git a/pki/dogtag/tps/pki-tps.spec b/pki/dogtag/tps/pki-tps.spec
index 1b684a8d0..d7f01cbe4 100644
--- a/pki/dogtag/tps/pki-tps.spec
+++ b/pki/dogtag/tps/pki-tps.spec
@@ -1,6 +1,6 @@
 Name:           pki-tps
 Version:        1.3.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Dogtag Certificate System - Token Processing System
 URL:            http://pki.fedoraproject.org/
 License:        LGPLv2
@@ -14,7 +14,6 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  apr-devel
 BuildRequires:  apr-util-devel
 BuildRequires:  cyrus-sasl-devel
-BuildRequires:  dogtag-pki-tps-ui
 BuildRequires:  httpd-devel >= 2.2.3
 BuildRequires:  mozldap-devel
 BuildRequires:  nspr-devel >= 4.6.99
@@ -36,7 +35,12 @@ Requires:       perl-XML-Parser
 Requires:       perl-XML-Simple
 Requires:       pki-selinux
 Requires:       pki-setup
+Requires:       pki-silent
 Requires:       pki-tps-ui
+Requires(post):    chkconfig
+Requires(preun):   chkconfig
+Requires(preun):   initscripts
+Requires(postun):  initscripts
 
 Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
 
@@ -60,6 +64,16 @@ fulfill the user's requests.
 Dogtag Token Processing System also interacts with the token database,
 an LDAP server that stores information about individual tokens.
 
+%package devel
+Group:      Development/Libraries
+Summary:    Dogtag Certificate System - Token Processing System Library Symlinks
+
+Requires:   %{name} = %{version}-%{release}
+
+%description devel
+This package contains symlinks to the Dogtag Certificate System Token
+Processing System library files required to link executables.
+
 %prep
 
 %setup -q -n %{name}-%{version}
@@ -74,61 +88,138 @@ make
 
 %install
 rm -rf %{buildroot}
-make install DESTDIR=%{buildroot}
+make install DESTDIR=%{buildroot} INSTALL="install -p"
 
 ## rearrange files to be in the desired native packaging layout
-./setup_package %{buildroot} pki tps %{version} %{release} %{buildroot}/opt
+# create the appropriate subdirectories
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_libdir}/httpd/modules
+mkdir -p %{buildroot}%{_libdir}/pki/tps
+mkdir -p %{buildroot}%{_datadir}/pki/tps/docroot
+mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Base
+mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Service
+mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/TPS
+mkdir -p %{buildroot}%{_datadir}/pki/tps/lib/perl/Template
+mkdir -p %{buildroot}%{_localstatedir}/lock/pki/tps
+mkdir -p %{buildroot}%{_localstatedir}/run/pki/tps
+
+# unpack the package contents to the appropriate subdirectories
+cp -p  %{buildroot}/opt/apache/modules/*.so  %{buildroot}%{_libdir}/httpd/modules
+cp -rp %{buildroot}/opt/alias*               %{buildroot}%{_datadir}/pki/tps
+cp -rp %{buildroot}/opt/applets*             %{buildroot}%{_datadir}/pki/tps
+cp -rp %{buildroot}/opt/cgi-bin*             %{buildroot}%{_datadir}/pki/tps
+cp -rp %{buildroot}/opt/conf*                %{buildroot}%{_datadir}/pki/tps
+cp -p  %{buildroot}/opt/docroot/index.cgi    %{buildroot}%{_datadir}/pki/tps/docroot
+chmod 00755 %{buildroot}%{_datadir}/pki/tps/docroot/index.cgi
+cp -p  %{buildroot}/opt/docroot/index.html   %{buildroot}%{_datadir}/pki/tps/docroot
+cp -rp %{buildroot}/opt/docroot/demo*        %{buildroot}%{_datadir}/pki/tps/docroot
+cp -rp %{buildroot}/opt/docroot/home*        %{buildroot}%{_datadir}/pki/tps/docroot
+cp -rp %{buildroot}/opt/docroot/so*          %{buildroot}%{_datadir}/pki/tps/docroot
+cp -rp %{buildroot}/opt/docroot/sow*         %{buildroot}%{_datadir}/pki/tps/docroot
+cp -rp %{buildroot}/opt/docroot/tokendb*     %{buildroot}%{_datadir}/pki/tps/docroot
+cp -rp %{buildroot}/opt/docroot/tps*         %{buildroot}%{_datadir}/pki/tps/docroot
+cp -rp %{buildroot}/opt/logs*                %{buildroot}%{_datadir}/pki/tps
+cp -rp %{buildroot}/opt/perl/base/*          %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Base
+chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Base/*.pm
+cp -rp %{buildroot}/opt/perl/modules/*       %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/TPS
+chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/TPS/*.pm
+cp -rp %{buildroot}/opt/perl/service/*       %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Service
+chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/PKI/Service/*.pm
+cp -rp %{buildroot}/opt/perl/templates/*     %{buildroot}%{_datadir}/pki/tps/lib/perl/Template
+chmod 00644 %{buildroot}%{_datadir}/pki/tps/lib/perl/Template/*.pm
+cp -rp %{buildroot}/opt/samples*             %{buildroot}%{_datadir}/pki/tps
+cp -rp %{buildroot}/opt/scripts*             %{buildroot}%{_datadir}/pki/tps
+cp -rp %{buildroot}/opt/setup*               %{buildroot}%{_datadir}/pki/tps
+cp -rp %{buildroot}/opt/templates*           %{buildroot}%{_datadir}/pki/tps
+cp -p  %{buildroot}%{_libexecdir}/apachectl* %{buildroot}%{_libdir}/pki/tps
+cp -p  %{buildroot}%{_libexecdir}/tpsclient* %{buildroot}%{_libdir}/pki/tps
+
+# strip symbolic information 
+cd %{buildroot}%{_libdir} ;
+%{__strip} libldapauth.so   ;
+%{__strip} libtokendb.so    ;
+%{__strip} libtps.so
+cd %{buildroot}%{_libdir}/httpd/modules ;
+%{__strip} mod_tokendb.so ;
+%{__strip} mod_tps.so
+cd %{buildroot}%{_libdir}/pki/tps ;
+%{__strip} tpsclient
+
+# create wrappers
+for wrapper in tpsclient
+do
+    sed -e "s|\[PKI_PRODUCT\]|pki|g"        \
+        -e "s|\[PKI_SUBSYSTEM\]|tps|g"      \
+        -e "s|\[PKI_COMMAND\]|${wrapper}|g" \
+        %{buildroot}/opt/templates/pki_subsystem_command_wrapper > %{buildroot}%{_bindir}/${wrapper} ;
+done
+
+# create useful symbolic links as appropriate
+cd %{buildroot}%{_datadir}/pki/tps/docroot
+ln -s tokendb tus
+
+# fix version information in primary configuration file
 sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/tps/conf/CS.cfg
 
 ## remove unwanted files
 rm -rf %{buildroot}/opt/
 rm -rf %{buildroot}%{_libdir}/debug/
-rm -rf %{buildroot}/usr/libexec/
-rm -rf %{buildroot}/etc/init.d/
 rm -rf %{buildroot}%{_libdir}/lib*.la
+rm -rf %{buildroot}%{_libexecdir}
+rm -rf %{buildroot}%{_datadir}/pki/tps/templates/
 
 %clean
 rm -rf %{buildroot}
 
-%pre
-if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then
-    echo "Adding default PKI group \"pkiuser\" to /etc/group."
-    groupadd pkiuser
-fi
-if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then
-    echo "Adding default PKI user \"pkiuser\" to /etc/passwd."
-    useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser
-fi
 
 %post
-chmod 00755 %{_datadir}/pki/tps/setup/postinstall
-%{_datadir}/pki/tps/setup/postinstall pki tps %{version} %{release}
-echo ""
-echo "Install finished."
+/sbin/ldconfig
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-tpsd || :
 
 %preun
-if [ -d /var/lib/pki-tps ] ; then
-    echo "WARNING:  The default instance \"/var/lib/pki-tps\" was NOT removed!"
-    echo ""
-    echo "NOTE:  This means that the data in the default instance called"
-    echo "       \"/var/lib/pki-tps\" will NOT be overwritten once the"
-    echo "       \"%{name}\" package is re-installed."
-    echo ""
-    echo "Shutting down the default instance \"/var/lib/pki-tps\""
-    echo "PRIOR to uninstalling the \"%{name}\" package:"
-    echo ""
-    /etc/init.d/pki-tps stop
+if [ $1 = 0 ] ; then
+    /sbin/service pki-tpsd stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-tpsd || :
+fi
+
+
+%postun
+/sbin/ldconfig
+if [ "$1" -ge "1" ] ; then
+    /sbin/service pki-tpsd condrestart >/dev/null 2>&1 || :
 fi
 
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
-/etc/httpd/modules/*
+%{_initrddir}/*
 %{_bindir}/*
-%{_libdir}/*
-%{_datadir}/pki/tps/
+%{_libdir}/httpd/modules/*
+%{_libdir}/libldapauth.so.*
+%{_libdir}/libtokendb.so.*
+%{_libdir}/libtps.so.*
+%{_libdir}/pki/
+%{_datadir}/pki/
+%{_localstatedir}/lock/*
+%{_localstatedir}/run/*
+
+%files devel
+%defattr(-,root,root,-)
+%{_libdir}/libldapauth.so
+%{_libdir}/libtokendb.so
+%{_libdir}/libtps.so
 
 %changelog
+* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
+  pkicreate . . .
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Bugzilla Bug #553852 - Review Request: pki-tps - Dogtag Certificate System
+  Token Processing System
+
 * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-3
 - Removed BuildRequires bash
 - Removed 'with exceptions' from License
author	mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-01-21 23:26:21 +0000
committer	mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-01-21 23:26:21 +0000
commit	2fabf12357855e4b9b21c68384d61e5f1067f20e (patch)
tree	7bc3528c7fbe3f6f69807fc68fbbb3b27bc1880a /pki/dogtag
parent	67ee705eafd9fb655f61732ba3c8ec2c869a409e (diff)
download	pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.tar.gz pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.tar.xz pki-2fabf12357855e4b9b21c68384d61e5f1067f20e.zip