Removed unnecessary pki folder.

Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131

1 files changed, 466 insertions, 0 deletions

diff --git a/specs/pki-tps.spec b/specs/pki-tps.spec
new file mode 100644
index 000000000..f3bff7ae7
--- /dev/null
+++ b/specs/pki-tps.spec
@@ -0,0 +1,466 @@
+# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
+# also remove the space between % and global - this space is needed because
+# fedpkg verrel stupidly ignores comment lines
+%global prerel .a1
+# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
+%global relprefix 0.
+
+Name:             pki-tps
+Version:          10.0.0
+Release:          %{?relprefix}1%{?prerel}%{?dist}
+Summary:          Certificate System - Token Processing System
+URL:              http://pki.fedoraproject.org/
+License:          LGPLv2
+Group:            System Environment/Daemons
+
+BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:    cmake
+BuildRequires:    apr-devel
+BuildRequires:    apr-util-devel
+BuildRequires:    cyrus-sasl-devel
+BuildRequires:    httpd-devel
+BuildRequires:    openldap-devel
+BuildRequires:    nspr-devel
+BuildRequires:    nss-devel
+BuildRequires:    pcre-devel
+BuildRequires:    svrcore-devel
+BuildRequires:    zlib
+BuildRequires:    zlib-devel
+
+Requires:         mod_nss
+Requires:         mod_perl
+Requires:         mod_revocator
+Requires:         openldap-clients
+Requires:         perl-Mozilla-LDAP
+Requires:         pki-native-tools
+Requires:         pki-selinux
+Requires:         pki-setup
+Requires:         pki-tps-theme >= 9.0.0
+Requires(post):   chkconfig
+Requires(preun):  chkconfig
+Requires(preun):  initscripts
+Requires(postun): initscripts
+%if 0%{?fedora} >= 15
+# Details:
+#
+#     * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+#     * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires:         initscripts
+%endif
+
+Source0:          http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz
+
+%global overview                                                          \
+Certificate System (CS) is an enterprise software system designed         \
+to manage enterprise Public Key Infrastructure (PKI) deployments.         \
+                                                                          \
+The Token Processing System (TPS) is an optional PKI subsystem that acts  \
+as a Registration Authority (RA) for authenticating and processing        \
+enrollment requests, PIN reset requests, and formatting requests from     \
+the Enterprise Security Client (ESC).                                     \
+                                                                          \
+TPS is designed to communicate with tokens that conform to                \
+Global Platform's Open Platform Specification.                            \
+                                                                          \
+TPS communicates over SSL with various PKI backend subsystems (including  \
+the Certificate Authority (CA), the Data Recovery Manager (DRM), and the  \
+Token Key Service (TKS)) to fulfill the user's requests.                  \
+                                                                          \
+TPS also interacts with the token database, an LDAP server that stores    \
+information about individual tokens.                                      \
+                                                                          \
+For deployment purposes, a TPS requires the following components from the \
+PKI Core package:                                                         \
+                                                                          \
+  * pki-setup                                                             \
+  * pki-native-tools                                                      \
+  * pki-selinux                                                           \
+                                                                          \
+and can also make use of the following optional components from the       \
+PKI CORE package:                                                         \
+                                                                          \
+  * pki-silent                                                            \
+                                                                          \
+Additionally, Certificate System requires ONE AND ONLY ONE of the         \
+following "Mutually-Exclusive" PKI Theme packages:                        \
+                                                                          \
+  * dogtag-pki-theme (Dogtag Certificate System deployments)              \
+  * redhat-pki-theme (Red Hat Certificate System deployments)             \
+                                                                          \
+%{nil}
+
+%description %{overview}
+
+
+==================================
+||  ABOUT "CERTIFICATE SYSTEM"  ||
+================================== 
+${overview}
+
+
+%prep
+
+
+%setup -q -n %{name}-%{version}%{?prerel}
+
+cat << \EOF > %{name}-prov
+#!/bin/sh
+%{__perl_provides} $* |\
+sed -e '/perl(PKI.*)/d' -e '/perl(Template.*)/d'
+EOF
+
+%global __perl_provides %{_builddir}/%{name}-%{version}%{?prerel}/%{name}-prov
+chmod +x %{__perl_provides}
+
+cat << \EOF > %{name}-req
+#!/bin/sh
+%{__perl_requires} $* |\
+sed -e '/perl(PKI.*)/d' -e '/perl(Template.*)/d'
+EOF
+
+%global __perl_requires %{_builddir}/%{name}-%{version}%{?prerel}/%{name}-req
+chmod +x %{__perl_requires}
+
+
+%clean
+%{__rm} -rf %{buildroot}
+
+
+%build
+%{__mkdir_p} build
+cd build
+%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TPS:BOOL=ON ..
+%{__make} VERBOSE=1 %{?_smp_mflags}
+
+
+%install
+%{__rm} -rf %{buildroot}
+cd build
+%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
+
+chmod 755 %{buildroot}%{_datadir}/pki/tps/cgi-bin/demo/*.cgi
+chmod 755 %{buildroot}%{_datadir}/pki/tps/cgi-bin/home/*.cgi
+chmod 755 %{buildroot}%{_datadir}/pki/tps/cgi-bin/so/*.cgi
+chmod 755 %{buildroot}%{_datadir}/pki/tps/cgi-bin/sow/*.cgi
+chmod 755 %{buildroot}%{_datadir}/pki/tps/cgi-bin/sow/cfg.pl
+
+# This should be done in CMAKE
+cd %{buildroot}/%{_datadir}/pki/tps/docroot
+%{__ln_s} tokendb tus
+
+# Internal libraries for 'tps' are present in:
+#
+#     * '/usr/lib/tps'    (i386)
+#     * '/usr/lib64/tps'  (x86_64)
+#
+mkdir %{buildroot}%{_sysconfdir}/ld.so.conf.d
+echo %{_libdir}/tps > %{buildroot}%{_sysconfdir}/ld.so.conf.d/tps-%{_arch}.conf
+
+%if 0%{?fedora} >= 15
+# Details:
+#
+#     * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+#     * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%{__mkdir_p} %{buildroot}%{_sysconfdir}/tmpfiles.d
+# generate 'pki-tps.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -"     >  %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
+echo "D /var/lock/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
+echo "D /var/run/pki 0755 root root -"      >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
+echo "D /var/run/pki/tps 0755 root root -"  >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
+%endif
+
+
+%post
+/sbin/ldconfig
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-tpsd || :
+
+
+%preun
+if [ $1 = 0 ] ; then
+    /sbin/service pki-tpsd stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-tpsd || :
+fi
+
+
+%postun
+if [ "$1" -ge "1" ] ; then
+    /sbin/service pki-tpsd condrestart >/dev/null 2>&1 || :
+fi
+
+
+%files
+%defattr(-,root,root,-)
+%doc base/tps/LICENSE
+%{_initrddir}/pki-tpsd
+%config(noreplace) %{_sysconfdir}/ld.so.conf.d/tps-%{_arch}.conf
+%{_bindir}/tpsclient
+%{_libdir}/httpd/modules/*
+%{_libdir}/tps/
+%dir %{_datadir}/pki/tps
+%{_datadir}/pki/tps/applets/
+%{_datadir}/pki/tps/cgi-bin/
+%{_datadir}/pki/tps/conf/
+%{_datadir}/pki/tps/docroot/
+%{_datadir}/pki/tps/lib/
+%{_datadir}/pki/tps/samples/
+%{_datadir}/pki/tps/scripts/
+%{_datadir}/pki/tps/setup/
+%dir %{_localstatedir}/lock/pki/tps
+%dir %{_localstatedir}/run/pki/tps
+%if 0%{?fedora} >= 15
+# Details:
+#
+#     * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+#     * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tps.conf
+%endif
+
+
+%changelog
+* Wed Feb  1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
+- Updated package version number
+
+* Thu Sep 22 2011 Jack Magne <jmagne@redhat.com> 9.0.7-1
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu)
+- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+  (hsm+NSS).  (jmagne)
+- Bugzilla Bug #737184 - TPS UI display admin user name as
+  "undefined TUS Administrator". (awnuk)
+- Bugzilla Bug #735191 - in ou=tokens, token_type not getting updated if a
+  card is changed from one type to another (awnuk)
+
+* Wed Aug 10 2011 Jack Magne <jmagne@redhat.com> 9.0.6-1
+- Bugzilla Bug #725572 - Starting TPS subsystem with no pre-existing audit
+  log file does not write audit messages.
+
+* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-1
+- Bugzilla Bug #697035 - TPS database schema not populated correctly
+  (alee)
+- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
+- Bugzilla Bug #696851 - TPS crashes that cause AuditVerify on TPS audit
+  logs - some of the signatures are failing. (jmagne)
+- Bugzilla Bug #699837 - service command is not fully backwards
+  compatible with Dogtag pki subsystems (mharmsen)
+- Bugzilla Bug #696443 - ESC display Smartcard renewal operation success
+  for a failed renewal operation. (jmagne)
+- Bugzilla Bug #707095 - tps delete user operation should check for roles
+  (not have them passed in) (alee)
+- Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
+  for tps and ca on server shutdown (alee)
+- Bugzilla Bug #717765 - TPS configuration: logging into security domain
+  from tps does not work with clientauth=want. (alee)
+- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+
+* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.4-1
+- Bugzilla Bug #697035 - TPS database schema not populated correctly
+- Bugzilla Bug #694569 - parameter used by pkiremove not updated
+- Bugzilla Bug #696851 - TPS crashes that cause AuditVerify on
+  TPS audit logs - some of the signatures are failing.
+- Bugzilla Bug #699837 - service command is not fully backwards compatible
+  with Dogtag pki subsystems
+
+* Tue Apr 5 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1
+- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
+- Bugzilla Bug #691867 - add ldaps support through perLDAP
+
+* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1
+- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
+- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
+- Bugzilla Bug #689956 - TPS Configuration with nethsm: audit signing
+  certificate location is not configured to nethsm in CS.cfg
+
+* Thu Mar 17 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1
+- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)
+- Bugzilla Bug #676421 - CC: Remove unused TPS interface calls and add
+  audit logging
+- Bugzilla Bug #676678 - Missing audit log messages for Secure Channel
+  Generation.
+- Bugzilla Bug #606944 - Convert TPS to use ldap utilities and API from
+  OpenLDAP instead of the Mozldap
+- Bugzilla Bug #676152 - Token enrollment with symmetric key change over
+  fails.
+- Bugzilla Bug #674396 - TPS: some audit signatures failed to verify
+- Bugzilla Bug #680567 - CC doc: remove update.applet.directory audit
+  message from TPS doc.
+- Bugzilla Bug #681066 - TPS authentication crash when exercising audit
+  log message.
+- Bugzilla Bug #684259 - incorrect group used for tps operators
+
+* Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
+- Bugzilla Bug #620863 - saved CS.cfg files should be moved to a subdirectory
+  to avoid cluttering
+- Bugzilla Bug #607373 - add self test framework to TPS subsytem
+- Bugzilla Bug #607374 - add self test to TPS self test framework
+- Bugzilla Bug #624847 - Installed TPS cannot be started to be configured.
+- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
+  in the java subsystems
+- Bugzilla Bug #547507 - Token renewal: certs on the token is deleted when
+  one of the certs on the token is outside renewal grace period.
+- Bugzilla Bug #622535 - 64 bit host zlib uncompress operation fails when
+  reading data from token.
+- Bugzilla Bug #497931 - CS 8.0 -- Have to download and stall the trust chain
+  through ESC even if it was already installed in the browser.
+- Bugzilla Bug #579790 - errors in ESC communications can leave unusable
+  tokens and inconsistent data in TPS
+- Bugzilla Bug #631474 - Token enrollment with TPS Client fails with error
+  'Applet memory exceeded when writing out final token data'
+- Bugzilla Bug #488762 - Found HTTP TRACE method enabled on TPS
+- Bugzilla Bug #633405 - Tps client unable to perform token enrollment when
+  tried to load certificates with 2048 bit keys
+- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
+  generated on TKS instead of TPS.
+- Bugzilla Bug #574942 - TPS database has performance problems with a large
+  number of tokens
+- Bugzilla Bug #637982 - some selftest parameters are not properly substituted
+- Bugzilla Bug #637824 - TPS UI: Profile state in CS.cfg is Pending Approval
+  after agent approve and Enable
+- Bugzilla Bug #223313 - should do random generated IV param
+  for symmetric keys
+- Bugzilla Bug #628995 - TPS CC requirement: Unused predicates for revocation
+  controls for TPS enrollment profiles should be removed.
+- Bugzilla Bug #642084 - CC feature: Key Management -provide signature
+  verification functions (TPS subsystem)
+- Bugzilla Bug #646545 - TPS Agent tab: displays approve list parameter with
+  last character chopped.
+- Bugzilla Bug #532724 - Feature: ESC Security officer work station should
+  display % of operation complete for format SO card
+- Bugzilla Bug #647364 - CC: audit signing certs for JAVA subsystems fail
+  CIMC cert verification (expose updated cert verification function in JSS)
+- Bugzilla Bug #651087 - TPS UI Admin tab display 'null' string in the
+  General configuration
+- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
+  to talk to CA and complete configuration in DonePanel
+- Bugzilla Bug #632425 - Port to tomcat6
+- Bugzilla Bug #638377 - Generate PKI UI components which exclude
+  a GUI interface
+- Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel
+  up to before Security Domain Panel
+- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
+  validity
+- Bugzilla Bug #643206 - New CMake based build system for Dogtag
+- Bugzilla Bug #499494 - change CA defaults to SHA2
+- Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs
+  in TPS
+- Bugzilla Bug #223314 - AOL: Better activities logs
+- Bugzilla Bug #651001 - TPS does not create a password for entries in ldap.
+  This violates STIG requirements
+- Bugzilla Bug #512248 - Status mismatch for the encryption cert in tps agent
+  and CA when a temporary smart card is issued.
+- Bugzilla Bug #666902 - TPS needs to call CERT_VerifyCertificate() correctly
+- Bugzilla Bug #223319 - Certificate Status inconsistency between token db
+  and CA
+- Bugzilla Bug #669055 - TPS server does not re-start when signedAudit
+  logging is turned ON
+- Bugzilla Bug #606944 - Convert TPS to use ldap utilities and API from
+  OpenLDAP instead of the Mozldap
+- Bugzilla Bug #606944 - Convert TPS to use ldap utilities and API from
+  OpenLDAP instead of the Mozldap
+- Bugzilla Bug #614639 - 64k gemalto usb token no longer works properly
+  after a "logout" request is issued
+- Bugzilla Bug #671522 - TPS AuditVerify fails.
+- Bugzilla Bug #669804 - on active token re-enroll, TPS does not revoke and
+  remove existing certs.
+- Bugzilla Bug #656666 - Please Update Spec File to use 'ghost' on files
+  in /var/run and /var/lock
+
+* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.2-1
+- Bugzilla Bug #601299 - tps installation does not update security domain
+- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256
+  instead of SHA1 for ECC
+- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
+  algorithm
+- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
+- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn
+  per RFC 2616
+- Bugzilla Bug #498299 - Should not be able to change the status manually
+  on a token marked as permanently lost or destroyed
+- Bugzilla Bug #554892 - configurable frequency signed audit
+- Bugzilla Bug #500700 - tps log rotation
+- Bugzilla Bug #562893 - tps shutdown if audit logs full
+- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
+- Bugzilla Bug #556152 - ACL changes to CA and OCSP
+- Bugzilla Bug #556167 - ACL changes to CA and OCSP
+- Bugzilla Bug #581004 - add more audit logging to the TPS
+- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing,
+  and move to a client-auth port
+- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
+- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps
+  crash
+- Bugzilla Bug #581004 - add more audit logs
+- Bugzilla Bug #595871 - CC: TKS needed audit message changes
+- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
+- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
+- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
+  on the token.
+- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
+  to do both GenerateNewKey and RecoverLast operation for encryption key.
+- Bugzilla Bug #498299 - fix case where no transitions available
+- Bugzilla Bug #604186 - Common Criteria: TPS: Key Recovery needs
+  to meet CC requirements
+- Bugzilla Bug #604178 - Common Criteria: TPS: cert registration needs
+  to meet CC requirements
+- Bugzilla Bug #600968 - Common Criteria: TPS: cert registration needs
+  to meet CC requirements
+- Bugzilla Bug #607381 - Common Criteria: TPS: cert registration needs
+  to meet CC requirements
+
+* Thu Apr 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #564131 - Config wizard : all subsystems - done panel text
+  needs correction
+
+* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-8
+- Bugzilla Bug #566060 - Add 'pki-native-tools' as a runtime dependency
+  for RA, and TPS . . .
+
+* Fri Jan 29 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-7
+- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System
+  Token Processing System
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Applied filters for unwanted perl provides and requires
+- Applied %{?_smp_mflags} option to 'make'
+- Removed manual 'strip' commands
+
+* Thu Jan 28 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System
+  Token Processing System
+
+* Wed Jan 27 2010 Kevin Wright <kwright@redhat.com> 1.3.0-5
+- Bugzilla Bug #553852 - Review Request: pki-tps - The Dogtag PKI System
+  Token Processing System
+- Per direction from the Fedora community,
+  removed the following explicit "Requires":
+      perl-HTML-Parser
+      perl-HTML-Tagset
+      perl-Parse-RecDescent
+      perl-URI
+      perl-XML-NamespaceSupport
+      perl-XML-Parser
+      perl-XML-Simple
+
+* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
+  pkicreate . . .
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . .
+- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . .
+- Bugzilla Bug #553852 - Review Request: pki-tps - Dogtag Certificate System
+  Token Processing System
+
+* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-3
+- Removed BuildRequires bash - Removed 'with exceptions' from License
+
+* Mon Nov 02 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-2
+- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI
+- Prepended directory path in front of setup_package
+- Take ownership of pki tps directory.
+
+* Fri Oct 16 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-1
+- Bugzilla Bug #X - Packaging for Fedora Dogtag PKI
+