summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--pki/CMakeLists.txt17
-rw-r--r--pki/base/CMakeLists.txt12
-rwxr-xr-xpki/scripts/build_dogtag_pki40
-rwxr-xr-xpki/scripts/compose_pki_core_packages2
-rwxr-xr-xpki/scripts/compose_pki_kra_packages180
-rwxr-xr-xpki/scripts/compose_pki_ocsp_packages180
-rwxr-xr-xpki/scripts/compose_pki_tks_packages180
-rw-r--r--pki/specs/pki-core.spec526
-rw-r--r--pki/specs/pki-kra.spec442
-rw-r--r--pki/specs/pki-ocsp.spec435
-rw-r--r--pki/specs/pki-tks.spec421
11 files changed, 513 insertions, 1922 deletions
diff --git a/pki/CMakeLists.txt b/pki/CMakeLists.txt
index d707abdba..86b914ab9 100644
--- a/pki/CMakeLists.txt
+++ b/pki/CMakeLists.txt
@@ -24,18 +24,9 @@ elseif (BUILD_PKI_CORE)
set(APPLICATION_FLAVOR_PKI_CORE TRUE)
# override APPLICATION VERSION
set(APPLICATION_VERSION_PATCH "0")
-elseif (BUILD_PKI_KRA)
- set(APPLICATION_FLAVOR_PKI_KRA TRUE)
- # override APPLICATION VERSION
- set(APPLICATION_VERSION_PATCH "0")
-elseif (BUILD_PKI_OCSP)
- set(APPLICATION_FLAVOR_PKI_OCSP TRUE)
- set(APPLICATION_VERSION_PATCH "0")
elseif (BUILD_PKI_RA)
set(APPLICATION_FLAVOR_PKI_RA TRUE)
- set(APPLICATION_VERSION_PATCH "0")
-elseif (BUILD_PKI_TKS)
- set(APPLICATION_FLAVOR_PKI_TKS TRUE)
+ # override APPLICATION VERSION
set(APPLICATION_VERSION_PATCH "0")
elseif (BUILD_PKI_TPS)
set(APPLICATION_FLAVOR_PKI_TPS TRUE)
@@ -89,9 +80,6 @@ endif ()
# ONLY required for Java-based PKI components
if (APPLICATION_FLAVOR_PKI_CORE OR
- APPLICATION_FLAVOR_PKI_KRA OR
- APPLICATION_FLAVOR_PKI_OCSP OR
- APPLICATION_FLAVOR_PKI_TKS OR
APPLICATION_FLAVOR_PKI_CONSOLE OR
APPLICATION_FLAVOR_PKI_MIGRATE)
find_package(Java REQUIRED)
@@ -132,10 +120,7 @@ add_custom_target(uninstall
# check subdirectories
if (APPLICATION_FLAVOR_PKI_CORE OR
- APPLICATION_FLAVOR_PKI_KRA OR
- APPLICATION_FLAVOR_PKI_OCSP OR
APPLICATION_FLAVOR_PKI_RA OR
- APPLICATION_FLAVOR_PKI_TKS OR
APPLICATION_FLAVOR_PKI_TPS OR
APPLICATION_FLAVOR_PKI_CONSOLE OR
APPLICATION_FLAVOR_PKI_MIGRATE)
diff --git a/pki/base/CMakeLists.txt b/pki/base/CMakeLists.txt
index 6230f5688..cd58e3037 100644
--- a/pki/base/CMakeLists.txt
+++ b/pki/base/CMakeLists.txt
@@ -12,20 +12,14 @@ if (APPLICATION_FLAVOR_PKI_CORE)
add_subdirectory(common)
add_subdirectory(selinux)
add_subdirectory(ca)
- add_subdirectory(silent)
-endif (APPLICATION_FLAVOR_PKI_CORE)
-if (APPLICATION_FLAVOR_PKI_KRA)
add_subdirectory(kra)
-endif (APPLICATION_FLAVOR_PKI_KRA)
-if (APPLICATION_FLAVOR_PKI_OCSP)
add_subdirectory(ocsp)
-endif (APPLICATION_FLAVOR_PKI_OCSP)
+ add_subdirectory(tks)
+ add_subdirectory(silent)
+endif (APPLICATION_FLAVOR_PKI_CORE)
if (APPLICATION_FLAVOR_PKI_RA)
add_subdirectory(ra)
endif (APPLICATION_FLAVOR_PKI_RA)
-if (APPLICATION_FLAVOR_PKI_TKS)
- add_subdirectory(tks)
-endif (APPLICATION_FLAVOR_PKI_TKS)
if (APPLICATION_FLAVOR_PKI_TPS)
add_subdirectory(tps)
endif (APPLICATION_FLAVOR_PKI_TPS)
diff --git a/pki/scripts/build_dogtag_pki b/pki/scripts/build_dogtag_pki
index c79eeb714..7e0de05fc 100755
--- a/pki/scripts/build_dogtag_pki
+++ b/pki/scripts/build_dogtag_pki
@@ -104,10 +104,7 @@ fi
PKI_COMPOSE_SCRIPTS_DIR="${PKI_PWD}/${PKI_DIR}/${PKI_SCRIPTS_DIR}"
COMPOSE_DOGTAG_PKI_THEME_PACKAGES="compose_dogtag_pki_theme_packages"
COMPOSE_PKI_CORE_PACKAGES="compose_pki_core_packages"
-COMPOSE_PKI_KRA_PACKAGES="compose_pki_kra_packages"
-COMPOSE_PKI_OCSP_PACKAGES="compose_pki_ocsp_packages"
COMPOSE_PKI_RA_PACKAGES="compose_pki_ra_packages"
-COMPOSE_PKI_TKS_PACKAGES="compose_pki_tks_packages"
COMPOSE_PKI_TPS_PACKAGES="compose_pki_tps_packages"
COMPOSE_PKI_CONSOLE_PACKAGES="compose_pki_console_packages"
@@ -115,10 +112,7 @@ COMPOSE_PKI_CONSOLE_PACKAGES="compose_pki_console_packages"
PKI_PACKAGES_DIR="${PKI_PWD}/packages"
PKI_DOGTAG_THEME_PACKAGES_DIR="${PKI_PWD}/packages.dogtag_theme"
PKI_CORE_PACKAGES_DIR="${PKI_PWD}/packages.core"
-PKI_KRA_PACKAGES_DIR="${PKI_PWD}/packages.kra"
-PKI_OCSP_PACKAGES_DIR="${PKI_PWD}/packages.ocsp"
PKI_RA_PACKAGES_DIR="${PKI_PWD}/packages.ra"
-PKI_TKS_PACKAGES_DIR="${PKI_PWD}/packages.tks"
PKI_TPS_PACKAGES_DIR="${PKI_PWD}/packages.tps"
PKI_CONSOLE_PACKAGES_DIR="${PKI_PWD}/packages.console"
@@ -144,20 +138,14 @@ PKI_COMMON=pki-common${RPM_EXT}
PKI_COMMON_JAVADOC=pki-common-javadoc${RPM_EXT}
PKI_SELINUX=pki-selinux${RPM_EXT}
PKI_CA=pki-ca${RPM_EXT}
-PKI_SILENT=pki-silent${RPM_EXT}
-
-# Establish PKI kra package names
PKI_KRA=pki-kra${RPM_EXT}
-
-# Establish PKI ocsp package names
PKI_OCSP=pki-ocsp${RPM_EXT}
+PKI_TKS=pki-tks${RPM_EXT}
+PKI_SILENT=pki-silent${RPM_EXT}
# Establish PKI ra package names
PKI_RA=pki-ra${RPM_EXT}
-# Establish PKI tks package names
-PKI_TKS=pki-tks${RPM_EXT}
-
# Establish PKI tps package names
PKI_TPS=pki-tps${RPM_EXT}
@@ -168,10 +156,7 @@ PKI_CONSOLE=pki-console${RPM_EXT}
rm -rf ${PKI_PACKAGES_DIR}
rm -rf ${PKI_DOGTAG_THEME_PACKAGES_DIR}
rm -rf ${PKI_CORE_PACKAGES_DIR}
-rm -rf ${PKI_KRA_PACKAGES_DIR}
-rm -rf ${PKI_OCSP_PACKAGES_DIR}
rm -rf ${PKI_RA_PACKAGES_DIR}
-rm -rf ${PKI_TKS_PACKAGES_DIR}
rm -rf ${PKI_TPS_PACKAGES_DIR}
rm -rf ${PKI_CONSOLE_PACKAGES_DIR}
@@ -192,20 +177,6 @@ cp -p ${NOARCH}/*.rpm ${PKI_ARCH}/*.rpm ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR}/${CO
cd ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR}/${COMBINED}
${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_SETUP} ${PKI_SYMKEY} ${PKI_NATIVE_TOOLS} ${PKI_UTIL} ${PKI_UTIL_JAVADOC} ${PKI_JAVA_TOOLS} ${PKI_JAVA_TOOLS_JAVADOC} ${PKI_COMMON} ${PKI_COMMON_JAVADOC} ${PKI_SELINUX} ${PKI_CA} ${PKI_SILENT}
-# Compose and install 'pki-kra' packages
-cd ${PKI_PWD}
-${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_KRA_PACKAGES} rpms
-mv ${PKI_PACKAGES_DIR} ${PKI_KRA_PACKAGES_DIR}
-cd ${PKI_KRA_PACKAGES_DIR}/${RPM_DIR}/${NOARCH}
-${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_KRA}
-
-# Compose and install 'pki-ocsp' packages
-cd ${PKI_PWD}
-${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_OCSP_PACKAGES} rpms
-mv ${PKI_PACKAGES_DIR} ${PKI_OCSP_PACKAGES_DIR}
-cd ${PKI_OCSP_PACKAGES_DIR}/${RPM_DIR}/${NOARCH}
-${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_OCSP}
-
# Compose and install 'pki-ra' packages
cd ${PKI_PWD}
${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_RA_PACKAGES} rpms
@@ -213,13 +184,6 @@ mv ${PKI_PACKAGES_DIR} ${PKI_RA_PACKAGES_DIR}
cd ${PKI_RA_PACKAGES_DIR}/${RPM_DIR}/${NOARCH}
${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_RA}
-# Compose and install 'pki-tks' packages
-cd ${PKI_PWD}
-${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_TKS_PACKAGES} rpms
-mv ${PKI_PACKAGES_DIR} ${PKI_TKS_PACKAGES_DIR}
-cd ${PKI_TKS_PACKAGES_DIR}/${RPM_DIR}/${NOARCH}
-${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_TKS}
-
# Compose and install 'pki-tps' packages
cd ${PKI_PWD}
${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_TPS_PACKAGES} rpms
diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages
index d84d41da7..2af796054 100755
--- a/pki/scripts/compose_pki_core_packages
+++ b/pki/scripts/compose_pki_core_packages
@@ -39,7 +39,7 @@ PKI_CORE_VERSION="10.0.0.a1"
##
PKI_SPECS_FILE="${PKI_DIR}/specs/${PKI_CORE}.spec"
-PKI_COMPONENT_LIST="test setup symkey native-tools util java-tools common selinux ca silent"
+PKI_COMPONENT_LIST="test setup symkey native-tools util java-tools common selinux ca kra ocsp tks silent"
##
diff --git a/pki/scripts/compose_pki_kra_packages b/pki/scripts/compose_pki_kra_packages
deleted file mode 100755
index dc4ad1919..000000000
--- a/pki/scripts/compose_pki_kra_packages
+++ /dev/null
@@ -1,180 +0,0 @@
-#!/bin/bash
-# BEGIN COPYRIGHT BLOCK
-# (C) 2010 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-
-##
-## Include common 'compose' functions
-##
-
-COMPOSE_PWD=`dirname $0`
-source ${COMPOSE_PWD}/compose_functions
-
-
-## Always switch into the base directory three levels
-## above this shell script prior to executing it so
-## that all of its output is written to this directory
-
-cd `dirname $0`/../..
-
-
-##
-## Retrieve the name of this base directory
-##
-
-PKI_PWD=`pwd`
-
-
-##
-## Establish the 'pki-kra' name and version information
-##
-
-PKI_KRA="pki-kra"
-PKI_KRA_VERSION="10.0.0.a1"
-
-
-##
-## Establish the SOURCE files/directories of the 'pki-kra' source directory
-##
-
-PKI_SPECS_FILE="${PKI_DIR}/specs/${PKI_KRA}.spec"
-PKI_COMPONENT_LIST="test kra"
-
-
-##
-## Establish the TARGET files/directories of the 'pki-kra' source/spec files
-##
-
-PKI_PACKAGES="${PKI_PWD}/packages"
-PKI_KRA_BUILD_DIR="${PKI_PACKAGES}/BUILD"
-PKI_KRA_RPMS_DIR="${PKI_PACKAGES}/RPMS"
-PKI_KRA_SOURCES_DIR="${PKI_PACKAGES}/SOURCES"
-PKI_KRA_SPECS_DIR="${PKI_PACKAGES}/SPECS"
-PKI_KRA_SRPMS_DIR="${PKI_PACKAGES}/SRPMS"
-
-PKI_KRA_TARBALL="${PKI_KRA}-${PKI_KRA_VERSION}.tar.gz"
-PKI_KRA_SPEC_FILE="${PKI_KRA_SPECS_DIR}/${PKI_KRA}.spec"
-PKI_KRA_PACKAGE_SCRIPT="${PKI_PACKAGES}/package_${PKI_KRA}"
-PKI_KRA_PACKAGE_COMMAND="${RPMBUILD_CMD} SPECS/${PKI_KRA}.spec"
-
-PKI_KRA_STAGING_DIR="${PKI_PACKAGES}/staging"
-PKI_KRA_DIR="${PKI_KRA_STAGING_DIR}/${PKI_KRA}-${PKI_KRA_VERSION}"
-PKI_KRA_BASE_DIR="${PKI_KRA_DIR}/base"
-
-
-##
-## Always create a top-level 'packages' directory
-##
-
-mkdir -p ${PKI_PACKAGES}
-
-
-##
-## Always create 'pki-kra' package directories
-##
-
-mkdir -p ${PKI_KRA_BUILD_DIR}
-mkdir -p ${PKI_KRA_RPMS_DIR}
-mkdir -p ${PKI_KRA_SOURCES_DIR}
-mkdir -p ${PKI_KRA_SPECS_DIR}
-mkdir -p ${PKI_KRA_SRPMS_DIR}
-
-
-##
-## Always start with new 'pki-kra' package files
-##
-
-rm -rf ${PKI_KRA_BUILD_DIR}/${PKI_KRA}-${PKI_KRA_VERSION}
-rm -f ${PKI_KRA_RPMS_DIR}/${PKI_KRA}-${PKI_KRA_VERSION}*.rpm
-rm -f ${PKI_KRA_SOURCES_DIR}/${PKI_KRA_TARBALL}
-rm -f ${PKI_KRA_SPEC_FILE}
-rm -f ${PKI_KRA_SRPMS_DIR}/${PKI_KRA}-${PKI_KRA_VERSION}*.rpm
-
-
-##
-## Copy a new 'pki-kra' spec file from the
-## current contents of the PKI working repository
-##
-
-cp -p ${PKI_SPECS_FILE} ${PKI_KRA_SPECS_DIR}
-
-
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
- Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_KRA_SOURCES_DIR}
-else
- ##
- ## Always start with a new 'pki-kra' staging directory
- ##
-
- rm -rf ${PKI_KRA_STAGING_DIR}
-
-
- ##
- ## To generate the 'pki-kra' tarball, construct a staging area
- ## consisting of the 'pki-kra' source components from the
- ## current contents of the PKI working repository
- ##
-
- mkdir -p ${PKI_KRA_DIR}
- cd ${PKI_DIR}
- for file in "${PKI_FILE_LIST}" ;
- do
- cp -p ${file} ${PKI_KRA_DIR}
- done
- find ${PKI_CMAKE_DIR} \
- -name .svn -prune -o \
- -name *.swp -prune -o \
- -print | cpio -pdum ${PKI_KRA_DIR} > /dev/null 2>&1
- cd - > /dev/null 2>&1
-
- mkdir -p ${PKI_KRA_BASE_DIR}
- cd ${PKI_BASE_DIR}
- cp -p ${PKI_BASE_MANIFEST} ${PKI_KRA_BASE_DIR}
- for component in "${PKI_COMPONENT_LIST}" ;
- do
- find ${component} \
- -name .svn -prune -o \
- -name *.swp -prune -o \
- -print | cpio -pdum ${PKI_KRA_BASE_DIR} > /dev/null 2>&1
- done
- cd - > /dev/null 2>&1
-
-
- ##
- ## Create the 'pki-kra' tarball
- ##
-
- mkdir -p ${PKI_KRA_SOURCES_DIR}
- cd ${PKI_KRA_STAGING_DIR}
- gtar -zcvf ${PKI_KRA_TARBALL} \
- "${PKI_KRA}-${PKI_KRA_VERSION}" > /dev/null 2>&1
- mv ${PKI_KRA_TARBALL} ${PKI_KRA_SOURCES_DIR}
- cd - > /dev/null 2>&1
-
-
- ##
- ## Always remove the PKI staging area
- ##
-
- rm -rf ${PKI_KRA_STAGING_DIR}
-fi
-
-
-##
-## Always generate a fresh 'pki-kra' package script
-##
-
-rm -rf ${PKI_KRA_PACKAGE_SCRIPT}
-printf "#!/bin/bash\n\n" > ${PKI_KRA_PACKAGE_SCRIPT}
-printf "${PKI_KRA_PACKAGE_COMMAND}\n\n" >> ${PKI_KRA_PACKAGE_SCRIPT}
-chmod 775 ${PKI_KRA_PACKAGE_SCRIPT}
-
-
-##
-## Automatically invoke RPM/SRPM creation
-##
-
-cd ${PKI_PACKAGES} ;
-bash ./package_${PKI_KRA} | tee package_${PKI_KRA}.log 2>&1
-
diff --git a/pki/scripts/compose_pki_ocsp_packages b/pki/scripts/compose_pki_ocsp_packages
deleted file mode 100755
index 257578f9f..000000000
--- a/pki/scripts/compose_pki_ocsp_packages
+++ /dev/null
@@ -1,180 +0,0 @@
-#!/bin/bash
-# BEGIN COPYRIGHT BLOCK
-# (C) 2010 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-
-##
-## Include common 'compose' functions
-##
-
-COMPOSE_PWD=`dirname $0`
-source ${COMPOSE_PWD}/compose_functions
-
-
-## Always switch into the base directory three levels
-## above this shell script prior to executing it so
-## that all of its output is written to this directory
-
-cd `dirname $0`/../..
-
-
-##
-## Retrieve the name of this base directory
-##
-
-PKI_PWD=`pwd`
-
-
-##
-## Establish the 'pki-ocsp' name and version information
-##
-
-PKI_OCSP="pki-ocsp"
-PKI_OCSP_VERSION="10.0.0.a1"
-
-
-##
-## Establish the SOURCE files/directories of the 'pki-ocsp' source directory
-##
-
-PKI_SPECS_FILE="${PKI_DIR}/specs/${PKI_OCSP}.spec"
-PKI_COMPONENT_LIST="test ocsp"
-
-
-##
-## Establish the TARGET files/directories of the 'pki-ocsp' source/spec files
-##
-
-PKI_PACKAGES="${PKI_PWD}/packages"
-PKI_OCSP_BUILD_DIR="${PKI_PACKAGES}/BUILD"
-PKI_OCSP_RPMS_DIR="${PKI_PACKAGES}/RPMS"
-PKI_OCSP_SOURCES_DIR="${PKI_PACKAGES}/SOURCES"
-PKI_OCSP_SPECS_DIR="${PKI_PACKAGES}/SPECS"
-PKI_OCSP_SRPMS_DIR="${PKI_PACKAGES}/SRPMS"
-
-PKI_OCSP_TARBALL="${PKI_OCSP}-${PKI_OCSP_VERSION}.tar.gz"
-PKI_OCSP_SPEC_FILE="${PKI_OCSP_SPECS_DIR}/${PKI_OCSP}.spec"
-PKI_OCSP_PACKAGE_SCRIPT="${PKI_PACKAGES}/package_${PKI_OCSP}"
-PKI_OCSP_PACKAGE_COMMAND="${RPMBUILD_CMD} SPECS/${PKI_OCSP}.spec"
-
-PKI_OCSP_STAGING_DIR="${PKI_PACKAGES}/staging"
-PKI_OCSP_DIR="${PKI_OCSP_STAGING_DIR}/${PKI_OCSP}-${PKI_OCSP_VERSION}"
-PKI_OCSP_BASE_DIR="${PKI_OCSP_DIR}/base"
-
-
-##
-## Always create a top-level 'packages' directory
-##
-
-mkdir -p ${PKI_PACKAGES}
-
-
-##
-## Always create 'pki-ocsp' package directories
-##
-
-mkdir -p ${PKI_OCSP_BUILD_DIR}
-mkdir -p ${PKI_OCSP_RPMS_DIR}
-mkdir -p ${PKI_OCSP_SOURCES_DIR}
-mkdir -p ${PKI_OCSP_SPECS_DIR}
-mkdir -p ${PKI_OCSP_SRPMS_DIR}
-
-
-##
-## Always start with new 'pki-ocsp' package files
-##
-
-rm -rf ${PKI_OCSP_BUILD_DIR}/${PKI_OCSP}-${PKI_OCSP_VERSION}
-rm -f ${PKI_OCSP_RPMS_DIR}/${PKI_OCSP}-${PKI_OCSP_VERSION}*.rpm
-rm -f ${PKI_OCSP_SOURCES_DIR}/${PKI_OCSP_TARBALL}
-rm -f ${PKI_OCSP_SPEC_FILE}
-rm -f ${PKI_OCSP_SRPMS_DIR}/${PKI_OCSP}-${PKI_OCSP_VERSION}*.rpm
-
-
-##
-## Copy a new 'pki-ocsp' spec file from the
-## current contents of the PKI working repository
-##
-
-cp -p ${PKI_SPECS_FILE} ${PKI_OCSP_SPECS_DIR}
-
-
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
- Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_OCSP_SOURCES_DIR}
-else
- ##
- ## Always start with a new 'pki-ocsp' staging directory
- ##
-
- rm -rf ${PKI_OCSP_STAGING_DIR}
-
-
- ##
- ## To generate the 'pki-ocsp' tarball, construct a staging area
- ## consisting of the 'pki-ocsp' source components from the
- ## current contents of the PKI working repository
- ##
-
- mkdir -p ${PKI_OCSP_DIR}
- cd ${PKI_DIR}
- for file in "${PKI_FILE_LIST}" ;
- do
- cp -p ${file} ${PKI_OCSP_DIR}
- done
- find ${PKI_CMAKE_DIR} \
- -name .svn -prune -o \
- -name *.swp -prune -o \
- -print | cpio -pdum ${PKI_OCSP_DIR} > /dev/null 2>&1
- cd - > /dev/null 2>&1
-
- mkdir -p ${PKI_OCSP_BASE_DIR}
- cd ${PKI_BASE_DIR}
- cp -p ${PKI_BASE_MANIFEST} ${PKI_OCSP_BASE_DIR}
- for component in "${PKI_COMPONENT_LIST}" ;
- do
- find ${component} \
- -name .svn -prune -o \
- -name *.swp -prune -o \
- -print | cpio -pdum ${PKI_OCSP_BASE_DIR} > /dev/null 2>&1
- done
- cd - > /dev/null 2>&1
-
-
- ##
- ## Create the 'pki-ocsp' tarball
- ##
-
- mkdir -p ${PKI_OCSP_SOURCES_DIR}
- cd ${PKI_OCSP_STAGING_DIR}
- gtar -zcvf ${PKI_OCSP_TARBALL} \
- "${PKI_OCSP}-${PKI_OCSP_VERSION}" > /dev/null 2>&1
- mv ${PKI_OCSP_TARBALL} ${PKI_OCSP_SOURCES_DIR}
- cd - > /dev/null 2>&1
-
-
- ##
- ## Always remove the PKI staging area
- ##
-
- rm -rf ${PKI_OCSP_STAGING_DIR}
-fi
-
-
-##
-## Always generate a fresh 'pki-ocsp' package script
-##
-
-rm -rf ${PKI_OCSP_PACKAGE_SCRIPT}
-printf "#!/bin/bash\n\n" > ${PKI_OCSP_PACKAGE_SCRIPT}
-printf "${PKI_OCSP_PACKAGE_COMMAND}\n\n" >> ${PKI_OCSP_PACKAGE_SCRIPT}
-chmod 775 ${PKI_OCSP_PACKAGE_SCRIPT}
-
-
-##
-## Automatically invoke RPM/SRPM creation
-##
-
-cd ${PKI_PACKAGES} ;
-bash ./package_${PKI_OCSP} | tee package_${PKI_OCSP}.log 2>&1
-
diff --git a/pki/scripts/compose_pki_tks_packages b/pki/scripts/compose_pki_tks_packages
deleted file mode 100755
index 001774e94..000000000
--- a/pki/scripts/compose_pki_tks_packages
+++ /dev/null
@@ -1,180 +0,0 @@
-#!/bin/bash
-# BEGIN COPYRIGHT BLOCK
-# (C) 2010 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-
-##
-## Include common 'compose' functions
-##
-
-COMPOSE_PWD=`dirname $0`
-source ${COMPOSE_PWD}/compose_functions
-
-
-## Always switch into the base directory three levels
-## above this shell script prior to executing it so
-## that all of its output is written to this directory
-
-cd `dirname $0`/../..
-
-
-##
-## Retrieve the name of this base directory
-##
-
-PKI_PWD=`pwd`
-
-
-##
-## Establish the 'pki-tks' name and version information
-##
-
-PKI_TKS="pki-tks"
-PKI_TKS_VERSION="10.0.0.a1"
-
-
-##
-## Establish the SOURCE files/directories of the 'pki-tks' source directory
-##
-
-PKI_SPECS_FILE="${PKI_DIR}/specs/${PKI_TKS}.spec"
-PKI_COMPONENT_LIST="test tks"
-
-
-##
-## Establish the TARGET files/directories of the 'pki-tks' source/spec files
-##
-
-PKI_PACKAGES="${PKI_PWD}/packages"
-PKI_TKS_BUILD_DIR="${PKI_PACKAGES}/BUILD"
-PKI_TKS_RPMS_DIR="${PKI_PACKAGES}/RPMS"
-PKI_TKS_SOURCES_DIR="${PKI_PACKAGES}/SOURCES"
-PKI_TKS_SPECS_DIR="${PKI_PACKAGES}/SPECS"
-PKI_TKS_SRPMS_DIR="${PKI_PACKAGES}/SRPMS"
-
-PKI_TKS_TARBALL="${PKI_TKS}-${PKI_TKS_VERSION}.tar.gz"
-PKI_TKS_SPEC_FILE="${PKI_TKS_SPECS_DIR}/${PKI_TKS}.spec"
-PKI_TKS_PACKAGE_SCRIPT="${PKI_PACKAGES}/package_${PKI_TKS}"
-PKI_TKS_PACKAGE_COMMAND="${RPMBUILD_CMD} SPECS/${PKI_TKS}.spec"
-
-PKI_TKS_STAGING_DIR="${PKI_PACKAGES}/staging"
-PKI_TKS_DIR="${PKI_TKS_STAGING_DIR}/${PKI_TKS}-${PKI_TKS_VERSION}"
-PKI_TKS_BASE_DIR="${PKI_TKS_DIR}/base"
-
-
-##
-## Always create a top-level 'packages' directory
-##
-
-mkdir -p ${PKI_PACKAGES}
-
-
-##
-## Always create 'pki-tks' package directories
-##
-
-mkdir -p ${PKI_TKS_BUILD_DIR}
-mkdir -p ${PKI_TKS_RPMS_DIR}
-mkdir -p ${PKI_TKS_SOURCES_DIR}
-mkdir -p ${PKI_TKS_SPECS_DIR}
-mkdir -p ${PKI_TKS_SRPMS_DIR}
-
-
-##
-## Always start with new 'pki-tks' package files
-##
-
-rm -rf ${PKI_TKS_BUILD_DIR}/${PKI_TKS}-${PKI_TKS_VERSION}
-rm -f ${PKI_TKS_RPMS_DIR}/${PKI_TKS}-${PKI_TKS_VERSION}*.rpm
-rm -f ${PKI_TKS_SOURCES_DIR}/${PKI_TKS_TARBALL}
-rm -f ${PKI_TKS_SPEC_FILE}
-rm -f ${PKI_TKS_SRPMS_DIR}/${PKI_TKS}-${PKI_TKS_VERSION}*.rpm
-
-
-##
-## Copy a new 'pki-tks' spec file from the
-## current contents of the PKI working repository
-##
-
-cp -p ${PKI_SPECS_FILE} ${PKI_TKS_SPECS_DIR}
-
-
-if [ ${USE_PATCH_FILES} -eq 1 ] ; then
- Retrieve_Source_Tarball_and_Patches ${PKI_SPECS_FILE} ${PKI_PATCHES_DIR} ${PKI_TKS_SOURCES_DIR}
-else
- ##
- ## Always start with a new 'pki-tks' staging directory
- ##
-
- rm -rf ${PKI_TKS_STAGING_DIR}
-
-
- ##
- ## To generate the 'pki-tks' tarball, construct a staging area
- ## consisting of the 'pki-tks' source components from the
- ## current contents of the PKI working repository
- ##
-
- mkdir -p ${PKI_TKS_DIR}
- cd ${PKI_DIR}
- for file in "${PKI_FILE_LIST}" ;
- do
- cp -p ${file} ${PKI_TKS_DIR}
- done
- find ${PKI_CMAKE_DIR} \
- -name .svn -prune -o \
- -name *.swp -prune -o \
- -print | cpio -pdum ${PKI_TKS_DIR} > /dev/null 2>&1
- cd - > /dev/null 2>&1
-
- mkdir -p ${PKI_TKS_BASE_DIR}
- cd ${PKI_BASE_DIR}
- cp -p ${PKI_BASE_MANIFEST} ${PKI_TKS_BASE_DIR}
- for component in "${PKI_COMPONENT_LIST}" ;
- do
- find ${component} \
- -name .svn -prune -o \
- -name *.swp -prune -o \
- -print | cpio -pdum ${PKI_TKS_BASE_DIR} > /dev/null 2>&1
- done
- cd - > /dev/null 2>&1
-
-
- ##
- ## Create the 'pki-tks' tarball
- ##
-
- mkdir -p ${PKI_TKS_SOURCES_DIR}
- cd ${PKI_TKS_STAGING_DIR}
- gtar -zcvf ${PKI_TKS_TARBALL} \
- "${PKI_TKS}-${PKI_TKS_VERSION}" > /dev/null 2>&1
- mv ${PKI_TKS_TARBALL} ${PKI_TKS_SOURCES_DIR}
- cd - > /dev/null 2>&1
-
-
- ##
- ## Always remove the PKI staging area
- ##
-
- rm -rf ${PKI_TKS_STAGING_DIR}
-fi
-
-
-##
-## Always generate a fresh 'pki-tks' package script
-##
-
-rm -rf ${PKI_TKS_PACKAGE_SCRIPT}
-printf "#!/bin/bash\n\n" > ${PKI_TKS_PACKAGE_SCRIPT}
-printf "${PKI_TKS_PACKAGE_COMMAND}\n\n" >> ${PKI_TKS_PACKAGE_SCRIPT}
-chmod 775 ${PKI_TKS_PACKAGE_SCRIPT}
-
-
-##
-## Automatically invoke RPM/SRPM creation
-##
-
-cd ${PKI_PACKAGES} ;
-bash ./package_${PKI_TKS} | tee package_${PKI_TKS}.log 2>&1
-
diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec
index 48ef1f3e3..01409c22a 100644
--- a/pki/specs/pki-core.spec
+++ b/pki/specs/pki-core.spec
@@ -7,7 +7,7 @@
Name: pki-core
Version: 10.0.0
-Release: %{?relprefix}1%{?prerel}%{?dist}
+Release: %{?relprefix}2%{?prerel}%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -34,9 +34,13 @@ BuildRequires: velocity
BuildRequires: xalan-j2
BuildRequires: xerces-j2
BuildRequires: candlepin-deps >= 0.0.21-1
+%if 0%{?fedora} >= 17
+BuildRequires: junit
+%else
%if 0%{?fedora} >= 16
BuildRequires: jpackage-utils >= 0:1.7.5-10
BuildRequires: jss >= 4.2.6-19.1
+BuildRequires: junit4
BuildRequires: osutil >= 2.0.2
BuildRequires: systemd-units
BuildRequires: tomcatjss >= 6.0.2
@@ -44,15 +48,18 @@ BuildRequires: tomcatjss >= 6.0.2
%if 0%{?fedora} >= 15
BuildRequires: jpackage-utils
BuildRequires: jss >= 4.2.6-17
+BuildRequires: junit4
BuildRequires: osutil >= 2.0.1
BuildRequires: tomcatjss >= 6.0.0
%else
BuildRequires: jpackage-utils
BuildRequires: jss >= 4.2.6-17
+BuildRequires: junit4
BuildRequires: osutil
BuildRequires: tomcatjss >= 2.0.0
%endif
%endif
+%endif
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz
@@ -86,31 +93,48 @@ fi;
Certificate System (CS) is an enterprise software system designed \
to manage enterprise Public Key Infrastructure (PKI) deployments. \
\
-PKI Core contains fundamental packages required by Certificate System, \
-and consists of the following components: \
+PKI Core contains ALL top-level java-based Tomcat PKI components: \
\
- * pki-setup \
- * pki-symkey \
- * pki-native-tools \
- * pki-util \
- * pki-util-javadoc \
- * pki-java-tools \
- * pki-java-tools-javadoc \
- * pki-common \
- * pki-common-javadoc \
- * pki-selinux \
* pki-ca \
- * pki-silent \
+ * pki-kra \
+ * pki-ocsp \
+ * pki-tks \
\
-which comprise the following PKI subsystems: \
+which comprise the following corresponding PKI subsystems: \
\
* Certificate Authority (CA) \
+ * Data Recovery Manager (DRM) \
+ * Online Certificate Status Protocol (OCSP) Manager \
+ * Token Key Service (TKS) \
\
-For deployment purposes, Certificate System requires ONE AND ONLY ONE \
-of the following "Mutually-Exclusive" PKI Theme packages: \
+For deployment purposes, PKI Core contains fundamental packages \
+required by BOTH native-based Apache AND java-based Tomcat \
+Certificate System instances consisting of the following components: \
+ \
+ * pki-native-tools \
+ * pki-selinux \
+ * pki-setup \
+ * pki-silent (required for IPA deployments; optional otherwise) \
+ \
+Additionally, PKI Core contains the following fundamental packages \
+required ONLY by ALL java-based Tomcat Certificate System instances: \
+ \
+ * pki-common \
+ * pki-java-tools \
+ * pki-symkey (ONLY required for TKS subsystems) \
+ * pki-util \
+ \
+PKI Core also includes the following components: \
+ \
+ * pki-common-javadoc \
+ * pki-java-tools-javadoc \
+ * pki-util-javadoc \
+ \
+Finally, for deployment purposes, Certificate System requires ONE AND \
+ONLY ONE of the following "Mutually-Exclusive" PKI Theme packages: \
\
- * ipa-pki-theme (IPA deployments) \
* dogtag-pki-theme (Dogtag Certificate System deployments) \
+ * ipa-pki-theme (IPA deployments) \
* redhat-pki-theme (Red Hat Certificate System deployments) \
\
%{nil}
@@ -288,7 +312,6 @@ Requires: jettison
Requires: pki-common-theme >= 9.0.0
Requires: pki-java-tools = %{version}-%{release}
Requires: pki-setup = %{version}-%{release}
-Requires: pki-symkey = %{version}-%{release}
Requires: %{_javadir}/ldapjdk.jar
Requires: %{_javadir}/velocity.jar
Requires: %{_javadir}/xalan-j2.jar
@@ -413,7 +436,182 @@ The Certificate Authority can be configured as a self-signing Certificate
Authority, where it is the root CA, or it can act as a subordinate CA,
where it obtains its own signing certificate from a public CA.
-This package is a part of the PKI Core used by the Certificate System.
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
+
+%{overview}
+
+
+%package -n pki-kra
+Summary: Certificate System - Data Recovery Manager
+Group: System Environment/Daemons
+
+BuildArch: noarch
+
+Requires: java >= 1:1.6.0
+Requires: pki-kra-theme >= 9.0.0
+Requires: pki-common = %{version}-%{release}
+Requires: pki-selinux = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
+%endif
+
+%description -n pki-kra
+The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
+as a Key Recovery Authority (KRA). When configured in conjunction with the
+Certificate Authority (CA), the DRM stores private encryption keys as part of
+the certificate enrollment process. The key archival mechanism is triggered
+when a user enrolls in the PKI and creates the certificate request. Using the
+Certificate Request Message Format (CRMF) request format, a request is
+generated for the user's private encryption key. This key is then stored in
+the DRM which is configured to store keys in an encrypted format that can only
+be decrypted by several agents requesting the key at one time, providing for
+protection of the public encryption keys for the users in the PKI deployment.
+
+Note that the DRM archives encryption keys; it does NOT archive signing keys,
+since such archival would undermine non-repudiation properties of signing keys.
+
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
+
+%{overview}
+
+
+%package -n pki-ocsp
+Summary: Certificate System - Online Certificate Status Protocol Manager
+Group: System Environment/Daemons
+
+BuildArch: noarch
+
+Requires: java >= 1:1.6.0
+Requires: pki-ocsp-theme >= 9.0.0
+Requires: pki-common = %{version}-%{release}
+Requires: pki-selinux = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
+%endif
+
+%description -n pki-ocsp
+The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
+subsystem that can act as a stand-alone OCSP service. The OCSP Manager
+performs the task of an online certificate validation authority by enabling
+OCSP-compliant clients to do real-time verification of certificates. Note
+that an online certificate-validation authority is often referred to as an
+OCSP Responder.
+
+Although the Certificate Authority (CA) is already configured with an
+internal OCSP service. An external OCSP Responder is offered as a separate
+subsystem in case the user wants the OCSP service provided outside of a
+firewall while the CA resides inside of a firewall, or to take the load of
+requests off of the CA.
+
+The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
+multiple CA servers, and clients can query the OCSP Manager for the
+revocation status of certificates issued by all of these CA servers.
+
+When an instance of OCSP Manager is set up with an instance of CA, and
+publishing is set up to this OCSP Manager, CRLs are published to it
+whenever they are issued or updated.
+
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
+
+%{overview}
+
+
+%package -n pki-tks
+Summary: Certificate System - Token Key Service
+Group: System Environment/Daemons
+
+BuildArch: noarch
+
+Requires: java >= 1:1.6.0
+Requires: pki-tks-theme >= 9.0.0
+Requires: pki-common = %{version}-%{release}
+Requires: pki-selinux = %{version}-%{release}
+Requires: pki-symkey = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
+%endif
+
+%description -n pki-tks
+The Token Key Service (TKS) is an optional PKI subsystem that manages the
+master key(s) and the transport key(s) required to generate and distribute
+keys for hardware tokens. TKS provides the security between tokens and an
+instance of Token Processing System (TPS), where the security relies upon the
+relationship between the master key and the token keys. A TPS communicates
+with a TKS over SSL using client authentication.
+
+TKS helps establish a secure channel (signed and encrypted) between the token
+and the TPS, provides proof of presence of the security token during
+enrollment, and supports key changeover when the master key changes on the
+TKS. Tokens with older keys will get new token keys.
+
+Because of the sensitivity of the data that TKS manages, TKS should be set up
+behind the firewall with restricted access.
+
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
%{overview}
@@ -494,13 +692,34 @@ echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfile
echo "D /var/lock/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
+# generate 'pki-kra.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+echo "D /var/lock/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+echo "D /var/run/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+# generate 'pki-ocsp.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+echo "D /var/lock/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+echo "D /var/run/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+# generate 'pki-tks.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
+echo "D /var/lock/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
+echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
%endif
%if 0%{?fedora} >= 16
%{__rm} %{buildroot}%{_initrddir}/pki-cad
+%{__rm} %{buildroot}%{_initrddir}/pki-krad
+%{__rm} %{buildroot}%{_initrddir}/pki-ocspd
+%{__rm} %{buildroot}%{_initrddir}/pki-tksd
%else
%{__rm} %{buildroot}%{_bindir}/pkicontrol
%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tksd.target.wants
%{__rm} -rf %{buildroot}%{_unitdir}
%endif
@@ -532,6 +751,21 @@ fi
/sbin/chkconfig --add pki-cad || :
+%post -n pki-kra
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-krad || :
+
+
+%post -n pki-ocsp
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-ocspd || :
+
+
+%post -n pki-tks
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-tksd || :
+
+
%preun -n pki-ca
if [ $1 = 0 ] ; then
/sbin/service pki-cad stop >/dev/null 2>&1
@@ -539,11 +773,49 @@ if [ $1 = 0 ] ; then
fi
+%preun -n pki-kra
+if [ $1 = 0 ] ; then
+ /sbin/service pki-krad stop >/dev/null 2>&1
+ /sbin/chkconfig --del pki-krad || :
+fi
+
+
+%preun -n pki-ocsp
+if [ $1 = 0 ] ; then
+ /sbin/service pki-ocspd stop >/dev/null 2>&1
+ /sbin/chkconfig --del pki-ocspd || :
+fi
+
+
+%preun -n pki-tks
+if [ $1 = 0 ] ; then
+ /sbin/service pki-tksd stop >/dev/null 2>&1
+ /sbin/chkconfig --del pki-tksd || :
+fi
+
+
%postun -n pki-ca
if [ "$1" -ge "1" ] ; then
/sbin/service pki-cad condrestart >/dev/null 2>&1 || :
fi
+
+%postun -n pki-kra
+if [ "$1" -ge "1" ] ; then
+ /sbin/service pki-krad condrestart >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ocsp
+if [ "$1" -ge "1" ] ; then
+ /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-tks
+if [ "$1" -ge "1" ] ; then
+ /sbin/service pki-tksd condrestart >/dev/null 2>&1 || :
+fi
%else
%post -n pki-ca
# Attempt to update ALL old "CA" instances to "systemd"
@@ -571,6 +843,88 @@ if [ -d /etc/sysconfig/pki/ca ]; then
fi
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%post -n pki-kra
+# Attempt to update ALL old "KRA" instances to "systemd"
+if [ -d /etc/sysconfig/pki/kra ]; then
+ for inst in `ls /etc/sysconfig/pki/kra`; do
+ if [ ! -e "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-krad@.service" \
+ "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-krad@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+
+%post -n pki-ocsp
+# Attempt to update ALL old "OCSP" instances to "systemd"
+if [ -d /etc/sysconfig/pki/ocsp ]; then
+ for inst in `ls /etc/sysconfig/pki/ocsp`; do
+ if [ ! -e "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-ocspd@.service" \
+ "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-ocspd@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+
+%post -n pki-tks
+# Attempt to update ALL old "TKS" instances to "systemd"
+if [ -d /etc/sysconfig/pki/tks ]; then
+ for inst in `ls /etc/sysconfig/pki/tks`; do
+ if [ ! -e "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-tksd@.service" \
+ "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-tksd@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+
%preun -n pki-ca
if [ $1 = 0 ] ; then
/bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || :
@@ -578,11 +932,53 @@ if [ $1 = 0 ] ; then
fi
+%preun -n pki-kra
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-krad.target > /dev/null 2>&1 || :
+fi
+
+
+%preun -n pki-ocsp
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || :
+fi
+
+
+%preun -n pki-tks
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || :
+fi
+
+
%postun -n pki-ca
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
/bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
fi
+
+
+%postun -n pki-kra
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ocsp
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-tks
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || :
+fi
%endif
@@ -724,6 +1120,90 @@ fi
%endif
+%files -n pki-kra
+%defattr(-,root,root,-)
+%doc base/kra/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{_unitdir}/pki-krad@.service
+%{_unitdir}/pki-krad.target
+%else
+%{_initrddir}/pki-krad
+%endif
+%{_javadir}/pki/pki-kra-%{version}.jar
+%{_javadir}/pki/pki-kra.jar
+%dir %{_datadir}/pki/kra
+%{_datadir}/pki/kra/conf/
+%{_datadir}/pki/kra/setup/
+%{_datadir}/pki/kra/webapps/
+%dir %{_localstatedir}/lock/pki/kra
+%dir %{_localstatedir}/run/pki/kra
+%if 0%{?fedora} >= 15
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-kra.conf
+%endif
+
+
+%files -n pki-ocsp
+%defattr(-,root,root,-)
+%doc base/ocsp/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{_unitdir}/pki-ocspd@.service
+%{_unitdir}/pki-ocspd.target
+%else
+%{_initrddir}/pki-ocspd
+%endif
+%{_javadir}/pki/pki-ocsp-%{version}.jar
+%{_javadir}/pki/pki-ocsp.jar
+%dir %{_datadir}/pki/ocsp
+%{_datadir}/pki/ocsp/conf/
+%{_datadir}/pki/ocsp/setup/
+%{_datadir}/pki/ocsp/webapps/
+%dir %{_localstatedir}/lock/pki/ocsp
+%dir %{_localstatedir}/run/pki/ocsp
+%if 0%{?fedora} >= 15
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+%endif
+
+
+%files -n pki-tks
+%defattr(-,root,root,-)
+%doc base/tks/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{_unitdir}/pki-tksd@.service
+%{_unitdir}/pki-tksd.target
+%else
+%{_initrddir}/pki-tksd
+%endif
+%{_javadir}/pki/pki-tks-%{version}.jar
+%{_javadir}/pki/pki-tks.jar
+%dir %{_datadir}/pki/tks
+%{_datadir}/pki/tks/conf/
+%{_datadir}/pki/tks/setup/
+%{_datadir}/pki/tks/webapps/
+%dir %{_localstatedir}/lock/pki/tks
+%dir %{_localstatedir}/run/pki/tks
+%if 0%{?fedora} >= 15
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tks.conf
+%endif
+
+
%files -n pki-silent
%defattr(-,root,root,-)
%doc base/silent/LICENSE
@@ -734,6 +1214,12 @@ fi
%changelog
+* Mon Feb 20 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.2.a1
+- Integrated 'pki-kra' into 'pki-core'
+- Integrated 'pki-ocsp' into 'pki-core'
+- Integrated 'pki-tks' into 'pki-core'
+- Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements
+
* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
- Updated package version number
diff --git a/pki/specs/pki-kra.spec b/pki/specs/pki-kra.spec
deleted file mode 100644
index 6e6f3572b..000000000
--- a/pki/specs/pki-kra.spec
+++ /dev/null
@@ -1,442 +0,0 @@
-# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
-# also remove the space between % and global - this space is needed because
-# fedpkg verrel stupidly ignores comment lines
-%global prerel .a1
-# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
-%global relprefix 0.
-
-Name: pki-kra
-Version: 10.0.0
-Release: %{?relprefix}1%{?prerel}%{?dist}
-Summary: Certificate System - Data Recovery Manager
-URL: http://pki.fedoraproject.org/
-License: GPLv2
-Group: System Environment/Daemons
-
-BuildArch: noarch
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
-# specify '_unitdir' macro for platforms that don't use 'systemd'
-%if 0%{?rhel} || 0%{?fedora} < 16
-%define _unitdir /lib/systemd/system
-%endif
-
-BuildRequires: cmake
-BuildRequires: java-devel >= 1:1.6.0
-BuildRequires: nspr-devel
-BuildRequires: nss-devel
-%if 0%{?fedora} >= 16
-BuildRequires: jpackage-utils >= 0:1.7.5-10
-BuildRequires: jss >= 4.2.6-19.1
-BuildRequires: pki-common >= 9.0.15
-BuildRequires: pki-util >= 9.0.15
-BuildRequires: systemd-units
-%else
-BuildRequires: jpackage-utils
-BuildRequires: jss >= 4.2.6-17
-BuildRequires: pki-common
-BuildRequires: pki-util
-%endif
-
-Requires: java >= 1:1.6.0
-Requires: pki-kra-theme >= 9.0.0
-%if 0%{?fedora} >= 16
-Requires: pki-common >= 9.0.15
-Requires: pki-selinux >= 9.0.15
-Requires(post): systemd-units
-Requires(preun): systemd-units
-Requires(postun): systemd-units
-%else
-%if 0%{?fedora} >= 15
-Requires: pki-common
-Requires: pki-selinux
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
-Requires(postun): initscripts
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-Requires: initscripts
-%else
-Requires: pki-common
-Requires: pki-selinux
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
-Requires(postun): initscripts
-%endif
-%endif
-
-Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz
-
-%description
-Certificate System (CS) is an enterprise software system designed
-to manage enterprise Public Key Infrastructure (PKI) deployments.
-
-The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
-as a Key Recovery Authority (KRA). When configured in conjunction with the
-Certificate Authority (CA), the DRM stores private encryption keys as part of
-the certificate enrollment process. The key archival mechanism is triggered
-when a user enrolls in the PKI and creates the certificate request. Using the
-Certificate Request Message Format (CRMF) request format, a request is
-generated for the user's private encryption key. This key is then stored in
-the DRM which is configured to store keys in an encrypted format that can only
-be decrypted by several agents requesting the key at one time, providing for
-protection of the public encryption keys for the users in the PKI deployment.
-
-Note that the DRM archives encryption keys; it does NOT archive signing keys,
-since such archival would undermine non-repudiation properties of signing keys.
-
-For deployment purposes, a DRM requires the following components from the PKI
-Core package:
-
- * pki-setup
- * pki-native-tools
- * pki-util
- * pki-java-tools
- * pki-common
- * pki-selinux
-
-and can also make use of the following optional components from the PKI Core
-package:
-
- * pki-util-javadoc
- * pki-java-tools-javadoc
- * pki-common-javadoc
- * pki-silent
-
-Additionally, Certificate System requires ONE AND ONLY ONE of the following
-"Mutually-Exclusive" PKI Theme packages:
-
- * dogtag-pki-theme (Dogtag Certificate System deployments)
- * redhat-pki-theme (Red Hat Certificate System deployments)
-
-
-%prep
-
-
-%setup -q -n %{name}-%{version}%{?prerel}
-
-
-%clean
-%{__rm} -rf %{buildroot}
-
-
-%build
-%{__mkdir_p} build
-cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_KRA:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} ..
-%{__make} VERBOSE=1 %{?_smp_mflags}
-
-
-%install
-%{__rm} -rf %{buildroot}
-cd build
-%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
-
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-%{__mkdir_p} %{buildroot}%{_sysconfdir}/tmpfiles.d
-# generate 'pki-kra.conf' under the 'tmpfiles.d' directory
-echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
-echo "D /var/lock/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
-echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
-echo "D /var/run/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
-%endif
-
-%if 0%{?fedora} >= 16
-%{__rm} %{buildroot}%{_initrddir}/pki-krad
-%else
-%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-krad.target.wants
-%{__rm} -rf %{buildroot}%{_unitdir}
-%endif
-
-%if 0%{?rhel} || 0%{?fedora} < 16
-%post
-# This adds the proper /etc/rc*.d links for the script
-/sbin/chkconfig --add pki-krad || :
-
-
-%preun
-if [ $1 = 0 ] ; then
- /sbin/service pki-krad stop >/dev/null 2>&1
- /sbin/chkconfig --del pki-krad || :
-fi
-
-
-%postun
-if [ "$1" -ge "1" ] ; then
- /sbin/service pki-krad condrestart >/dev/null 2>&1 || :
-fi
-%else
-%post
-# Attempt to update ALL old "KRA" instances to "systemd"
-if [ -d /etc/sysconfig/pki/kra ]; then
- for inst in `ls /etc/sysconfig/pki/kra`; do
- if [ ! -e "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service" ]; then
- ln -s "/lib/systemd/system/pki-krad@.service" \
- "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service"
- [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
- ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
-
- if [ -e /var/run/${inst}.pid ]; then
- kill -9 `cat /var/run/${inst}.pid` || :
- rm -f /var/run/${inst}.pid
- echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \
- /var/lib/${inst}/conf/CS.cfg || :
- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
- /bin/systemctl restart pki-krad@${inst}.service || :
- else
- echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \
- /var/lib/${inst}/conf/CS.cfg || :
- fi
- fi
- done
-fi
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-
-%preun
-if [ $1 = 0 ] ; then
- /bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || :
- /bin/systemctl stop pki-krad.target > /dev/null 2>&1 || :
-fi
-
-%postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ "$1" -ge "1" ] ; then
- /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || :
-fi
-%endif
-
-%files
-%defattr(-,root,root,-)
-%doc base/kra/LICENSE
-%if 0%{?fedora} >= 16
-%dir %{_sysconfdir}/systemd/system/pki-krad.target.wants
-%{_unitdir}/pki-krad@.service
-%{_unitdir}/pki-krad.target
-%else
-%{_initrddir}/pki-krad
-%endif
-%{_javadir}/pki/pki-kra-%{version}.jar
-%{_javadir}/pki/pki-kra.jar
-%dir %{_datadir}/pki/kra
-%{_datadir}/pki/kra/conf/
-%{_datadir}/pki/kra/setup/
-%{_datadir}/pki/kra/webapps/
-%dir %{_localstatedir}/lock/pki/kra
-%dir %{_localstatedir}/run/pki/kra
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-kra.conf
-%endif
-
-
-%changelog
-* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
-- Updated package version number
-
-* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.9-1
-- Bugzilla Bug #737122 - DRM: during archiving and recovering,
- wrapping unwrapping keys should be done in the token (cfu)
-- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
- the in-place upgrade( CS 8.0->8.1) (cfu)
-- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
- OCSP, and TKS package installation . . . (mharmsen)
-
-* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1
-- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu)
-
-* Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1
-- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-
-* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.6-1
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-
-* Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.5-1
-- Bugzilla Bug #712931 - CS requires too many ports
- to be open in the FW
-
-* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.4-1
-- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- (jdennis)
-- Bugzilla Bug #699837 - service command is not fully backwards
- compatible with Dogtag pki subsystems (mharmsen)
-- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
- administrator group. (jmagne)
-- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
- for modify/add (alee)
-- Bugzilla Bug #714068 - KRA: remove monitor servlet from kra (alee)
-- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
-- Updated release of 'jss'
-
-* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1
-- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
-- Bugzilla Bug #699837 - service command is not fully backwards compatible
- with Dogtag pki subsystems
-
-* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1
-- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
-- Bugzilla Bug #683581 - CA configuration with ECC(Default
- EC curve-nistp521) CA fails with 'signing operation failed'
-- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
-- Require "jss >= 4.2.6-15" as a build and runtime requirement
-
-* Thu Mar 17 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1
-- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)
-- Bugzilla Bug #673638 - Installation within IPA hangs
-
-* Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
-- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
- in the java subsystems
-- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
- as part of CC interface review
-- Bugzilla Bug #583823 - CC: Auditing issues found as result of
- CC - interface review
-- Bugzilla Bug #607380 - CC: Make sure Java Console can configure
- all security relevant config items
-- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
- generated on TKS instead of TPS.
-- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable
- a CA that it serves
-- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1
-- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
- verification functions (JAVA subsystems)
-- Bugzilla Bug #223313 - should do random generated IV param
- for symmetric keys
-- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and
- port fowarding for agent services
-- Bugzilla Bug #631179 - Administrator is not allowed to remove
- ocsp signing certificate using console
-- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of
- signature algorithm; and for ECC curves
-- Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
- e.c. support
-- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release --
- DRM and TKS do not seem to have CRL checking enabled
-- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
- correctly set up CC environment
-- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
- to talk to CA and complete configuration in DonePanel
-- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
-- Bugzilla Bug #489385 - references to rhpki
-- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
- an administrator group.
-- Bugzilla Bug #632425 - Port to tomcat6
-- Bugzilla Bug #638377 - Generate PKI UI components which exclude
- a GUI interface
-- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
- as expected
-- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
- validity
-- Bugzilla Bug #643206 - New CMake based build system for Dogtag
-- Bugzilla Bug #499494 - change CA defaults to SHA2
-- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
-- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
- pkiCA, obsolete 2252 and 2256
-- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
- repository
-- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
- in the console
-- Bugzilla Bug #656733 - Standardize jar install location and jar names
-- Bugzilla Bug #661142 - Verification should fail when
- a revoked certificate is added
-- Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage
-- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
- interface is no longer available through console
-- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During
- CRL Generation
-
-* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.4-1
-- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls
-- Bugzilla Bug #527593 - More robust signature digest alg,
- like SHA256 instead of SHA1 for ECC
-- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
- algorithm
-- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
-- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn per
- RFC 2616
-- Bugzilla Bug #498299 - Should not be able to change the status manually
- on a token marked as permanently lost or destroyed
-- Bugzilla Bug #554892 - configurable frequency signed audit
-- Bugzilla Bug #500700 - tps log rotation
-- Bugzilla Bug #562893 - tps shutdown if audit logs full
-- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
-- Bugzilla Bug #556152 - ACL changes to CA and OCSP
-- Bugzilla Bug #556167 - ACL changes to CA and OCSP
-- Bugzilla Bug #581004 - add more audit logging to the TPS
-- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move
- to a client-auth port
-- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
-- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes
- tps crash
-- Bugzilla Bug #581004 - add more audit logs
-- Bugzilla Bug #595871 - CC: TKS needed audit message changes
-- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
-- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
-- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
- on the token.
-- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
- to do both GenerateNewKey and RecoverLast operation for encryption key.
-- Bugzilla Bug #498299 - fix case where no transitions available
-- Bugzilla Bug #595391 - session domain table to be moved to ldap
-- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups)
-- Bugzilla Bug #472597 - Disable policy code,UI
-- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description
- References Fedora
-- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
- information
-- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
- as part of CC interface review
-- Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by
- 'netscape.security.provider' package
-- Bugzilla Bug #656662 - Please Update Spec File to use 'ghost' on files
- in /var/run and /var/lock
-- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem
- instances
-
-* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.3-1
-- Bugzilla Bug 584917- Can not access CA Configuration Web UI after
- CA installation
-
-* Mon Mar 22 2010 Christina Fu <cfu@redhat.com> 1.3.2-1
-- Bugzilla Bug #522343 Add asynchronous key recovery mode
-
-* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2
-- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency
- for CA, KRA, OCSP, and TKS . . .
-
-* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
-- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards
- compatibility (rename jar files as appropriate)
-
-* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4
-- Removed BuildRequires: dogtag-pki-kra-ui
-
-* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
-- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
-- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . .
-- Bugzilla Bug #553842 - New Package for Dogtag PKI: pki-kra
-
-* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
-- Removed 'with exceptions' from License
-
-* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1
-- Bugzilla Bug #X - Packaging for Fedora Dogtag
-
diff --git a/pki/specs/pki-ocsp.spec b/pki/specs/pki-ocsp.spec
deleted file mode 100644
index 813ddc37e..000000000
--- a/pki/specs/pki-ocsp.spec
+++ /dev/null
@@ -1,435 +0,0 @@
-# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
-# also remove the space between % and global - this space is needed because
-# fedpkg verrel stupidly ignores comment lines
-%global prerel .a1
-# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
-%global relprefix 0.
-
-Name: pki-ocsp
-Version: 10.0.0
-Release: %{?relprefix}1%{?prerel}%{?dist}
-Summary: Certificate System - Online Certificate Status Protocol Manager
-URL: http://pki.fedoraproject.org/
-License: GPLv2
-Group: System Environment/Daemons
-
-BuildArch: noarch
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
-# specify '_unitdir' macro for platforms that don't use 'systemd'
-%if 0%{?rhel} || 0%{?fedora} < 16
-%define _unitdir /lib/systemd/system
-%endif
-
-BuildRequires: cmake
-BuildRequires: java-devel >= 1:1.6.0
-BuildRequires: nspr-devel
-BuildRequires: nss-devel
-%if 0%{?fedora} >= 16
-BuildRequires: jpackage-utils >= 0:1.7.5-10
-BuildRequires: jss >= 4.2.6-19.1
-BuildRequires: pki-common >= 9.0.15
-BuildRequires: pki-util >= 9.0.15
-BuildRequires: systemd-units
-%else
-BuildRequires: jpackage-utils
-BuildRequires: jss >= 4.2.6-17
-BuildRequires: pki-common
-BuildRequires: pki-util
-%endif
-
-Requires: java >= 1:1.6.0
-Requires: pki-ocsp-theme >= 9.0.0
-%if 0%{?fedora} >= 16
-Requires: pki-common >= 9.0.15
-Requires: pki-selinux >= 9.0.15
-Requires(post): systemd-units
-Requires(preun): systemd-units
-Requires(postun): systemd-units
-%else
-%if 0%{?fedora} >= 15
-Requires: pki-common
-Requires: pki-selinux
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
-Requires(postun): initscripts
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-Requires: initscripts
-%else
-Requires: pki-common
-Requires: pki-selinux
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
-Requires(postun): initscripts
-%endif
-%endif
-
-Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz
-
-%description
-Certificate System (CS) is an enterprise software system designed
-to manage enterprise Public Key Infrastructure (PKI) deployments.
-
-The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
-subsystem that can act as a stand-alone OCSP service. The OCSP Manager
-performs the task of an online certificate validation authority by enabling
-OCSP-compliant clients to do real-time verification of certificates. Note
-that an online certificate-validation authority is often referred to as an
-OCSP Responder.
-
-Although the Certificate Authority (CA) is already configured with an
-internal OCSP service. An external OCSP Responder is offered as a separate
-subsystem in case the user wants the OCSP service provided outside of a
-firewall while the CA resides inside of a firewall, or to take the load of
-requests off of the CA.
-
-The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
-multiple CA servers, and clients can query the OCSP Manager for the
-revocation status of certificates issued by all of these CA servers.
-
-When an instance of OCSP Manager is set up with an instance of CA, and
-publishing is set up to this OCSP Manager, CRLs are published to it
-whenever they are issued or updated.
-
-For deployment purposes, an OCSP Manager requires the following components
-from the PKI Core package:
-
- * pki-setup
- * pki-native-tools
- * pki-util
- * pki-java-tools
- * pki-common
- * pki-selinux
-
-and can also make use of the following optional components from the PKI Core
-package:
-
- * pki-util-javadoc
- * pki-java-tools-javadoc
- * pki-common-javadoc
- * pki-silent
-
-Additionally, Certificate System requires ONE AND ONLY ONE of the following
-"Mutually-Exclusive" PKI Theme packages:
-
- * dogtag-pki-theme (Dogtag Certificate System deployments)
- * redhat-pki-theme (Red Hat Certificate System deployments)
-
-
-%prep
-
-
-%setup -q -n %{name}-%{version}%{?prerel}
-
-
-%clean
-%{__rm} -rf %{buildroot}
-
-
-%build
-%{__mkdir_p} build
-cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_OCSP:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} ..
-%{__make} VERBOSE=1 %{?_smp_mflags}
-
-
-%install
-%{__rm} -rf %{buildroot}
-cd build
-%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
-
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-%{__mkdir_p} %{buildroot}%{_sysconfdir}/tmpfiles.d
-# generate 'pki-ocsp.conf' under the 'tmpfiles.d' directory
-echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
-echo "D /var/lock/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
-echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
-echo "D /var/run/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
-%endif
-
-%if 0%{?fedora} >= 16
-%{__rm} %{buildroot}%{_initrddir}/pki-ocspd
-%else
-%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-ocspd.target.wants
-%{__rm} -rf %{buildroot}%{_unitdir}
-%endif
-
-%if 0%{?rhel} || 0%{?fedora} < 16
-%post
-# This adds the proper /etc/rc*.d links for the script
-/sbin/chkconfig --add pki-ocspd || :
-
-
-%preun
-if [ $1 = 0 ] ; then
- /sbin/service pki-ocspd stop >/dev/null 2>&1
- /sbin/chkconfig --del pki-ocspd || :
-fi
-
-
-%postun
-if [ "$1" -ge "1" ] ; then
- /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || :
-fi
-
-%else
-%post
-# Attempt to update ALL old "OCSP" instances to "systemd"
-if [ -d /etc/sysconfig/pki/ocsp ]; then
- for inst in `ls /etc/sysconfig/pki/ocsp`; do
- if [ ! -e "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service" ]; then
- ln -s "/lib/systemd/system/pki-ocspd@.service" \
- "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service"
- [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
- ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
-
- if [ -e /var/run/${inst}.pid ]; then
- kill -9 `cat /var/run/${inst}.pid` || :
- rm -f /var/run/${inst}.pid
- echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \
- /var/lib/${inst}/conf/CS.cfg || :
- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
- /bin/systemctl restart pki-ocspd@${inst}.service || :
- else
- echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \
- /var/lib/${inst}/conf/CS.cfg || :
- fi
- fi
- done
-fi
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-
-%preun
-if [ $1 = 0 ] ; then
- /bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || :
- /bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || :
-fi
-
-
-%postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ "$1" -ge "1" ] ; then
- /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || :
-fi
-%endif
-
-
-%files
-%defattr(-,root,root,-)
-%doc base/ocsp/LICENSE
-%if 0%{?fedora} >= 16
-%dir %{_sysconfdir}/systemd/system/pki-ocspd.target.wants
-%{_unitdir}/pki-ocspd@.service
-%{_unitdir}/pki-ocspd.target
-%else
-%{_initrddir}/pki-ocspd
-%endif
-%{_javadir}/pki/pki-ocsp-%{version}.jar
-%{_javadir}/pki/pki-ocsp.jar
-%dir %{_datadir}/pki/ocsp
-%{_datadir}/pki/ocsp/conf/
-%{_datadir}/pki/ocsp/setup/
-%{_datadir}/pki/ocsp/webapps/
-%dir %{_localstatedir}/lock/pki/ocsp
-%dir %{_localstatedir}/run/pki/ocsp
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
-%endif
-
-
-%changelog
-* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
-- Updated package version number
-
-* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1
-- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
- OCSP, and TKS package installation . . .
-
-* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1
-- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu)
-
-* Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-1
-- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-
-* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.5-1
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-
-* Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.4-1
-- Bugzilla Bug #712931 - CS requires too many ports
- to be open in the FW
-
-* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1
-- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- (jdennis)
-- Bugzilla Bug #699837 - service command is not fully backwards
- compatible with Dogtag pki subsystems (mharmsen)
-- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
- administrator group. (jmagne)
-- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
-- Updated release of 'jss'
-
-* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1
-- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
-- Bugzilla Bug #699837 - service command is not fully backwards compatible
- with Dogtag pki subsystems
-
-* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1
-- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
-- Bugzilla Bug #683581 - CA configuration with ECC(Default
- EC curve-nistp521) CA fails with 'signing operation failed'
-- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
-- Require "jss >= 4.2.6-15" as a build and runtime requirement
-
-* Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
-- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
- in the java subsystems
-- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
- as part of CC interface review
-- Bugzilla Bug #583823 - CC: Auditing issues found as result of
- CC - interface review
-- Bugzilla Bug #586700 - OCSP Server throws fatal error while using
- OCSP console for renewing SSL Server certificate.
-- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
- generated on TKS instead of TPS.
-- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable
- a CA that it serves
-- Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
-- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1
-- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
- verification functions (JAVA subsystems)
-- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and
- port fowarding for agent services
-- Bugzilla Bug #631179 - Administrator is not allowed to remove
- ocsp signing certificate using console
-- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of
- signature algorithm; and for ECC curves
-- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release --
- DRM and TKS do not seem to have CRL checking enabled
-- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
- correctly set up CC environment
-- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
- to talk to CA and complete configuration in DonePanel
-- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
-- Bugzilla Bug #489385 - references to rhpki
-- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
- an administrator group.
-- Bugzilla Bug #632425 - Port to tomcat6
-- Bugzilla Bug #638377 - Generate PKI UI components which exclude
- a GUI interface
-- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
- as expected
-- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
- validity
-- Bugzilla Bug #643206 - New CMake based build system for Dogtag
-- Bugzilla Bug #499494 - change CA defaults to SHA2
-- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
-- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
- pkiCA, obsolete 2252 and 2256
-- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
- repository
-- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
- in the console
-- Bugzilla Bug #656733 - Standardize jar install location and jar names
-- Bugzilla Bug #661142 - Verification should fail when
- a revoked certificate is added
-- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
- interface is no longer available through console
-- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During
- CRL Generation
-- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
- information
-- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
- as part of the CC interface review
-- Bugzilla Bug #656663 - Please Update Spec File to use 'ghost' on files
- in /var/run and /var/lock
-- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem
- instances
-
-* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.3-1
-- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls
-- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256
- instead of SHA1 for ECC
-- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
- algorithm
-- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
-- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn
- per RFC 2616
-- Bugzilla Bug #498299 - Should not be able to change the status manually
- on a token marked as permanently lost or destroyed
-- Bugzilla Bug #554892 - configurable frequency signed audit
-- Bugzilla Bug #500700 - tps log rotation
-- Bugzilla Bug #562893 - tps shutdown if audit logs full
-- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
-- Bugzilla Bug #556152 - ACL changes to CA and OCSP
-- Bugzilla Bug #556167 - ACL changes to CA and OCSP
-- Bugzilla Bug #581004 - add more audit logging to the TPS
-- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move
- to a client-auth port
-- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
-- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps
- crash
-- Bugzilla Bug #581004 - add more audit logs
-- Bugzilla Bug #595871 - CC: TKS needed audit message changes
-- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
-- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
-- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
- on the token.
-- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
- to do both GenerateNewKey and RecoverLast operation for encryption key.
-- Bugzilla Bug #498299 - fix case where no transitions available
-- Bugzilla Bug #595391 - session domain table to be moved to ldap
-- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups)
-- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description
- References Fedora
-
-* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.2-2
-- Bugzilla Bug 584917- Can not access CA Configuration Web UI
- after CA installation
-
-* Wed Apr 21 2010 Andrew Wnuk <awnuk@redhat.com> 1.3.2-1
-- Bugzilla Bug #493765 - console renewal fix for ca, ocsp, and ssl
- certificates
-
-* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2
-- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency
- for CA, KRA, OCSP, and TKS . . .
-
-* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
-- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards
- compatibility (rename jar files as appropriate)
-
-* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4
-- BuildRequires: dogtag-pki-ocsp-ui
-
-* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
-- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
-- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . .
-- Bugzilla Bug #553844 - New Package for Dogtag PKI: pki-ocsp
-
-* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
-- Removed 'with exceptions' from License
-
-* Thu Oct 15 2009 Ade Lee <alee@redhat.com> 1.3.0-1 - Bugzilla Bug #X
-- Packaging for Fedora Dogtag
-
diff --git a/pki/specs/pki-tks.spec b/pki/specs/pki-tks.spec
deleted file mode 100644
index 43956de7f..000000000
--- a/pki/specs/pki-tks.spec
+++ /dev/null
@@ -1,421 +0,0 @@
-# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
-# also remove the space between % and global - this space is needed because
-# fedpkg verrel stupidly ignores comment lines
-%global prerel .a1
-# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
-%global relprefix 0.
-
-Name: pki-tks
-Version: 10.0.0
-Release: %{?relprefix}1%{?prerel}%{?dist}
-Summary: Certificate System - Token Key Service
-URL: http://pki.fedoraproject.org/
-License: GPLv2
-Group: System Environment/Daemons
-
-BuildArch: noarch
-
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
-# specify '_unitdir' macro for platforms that don't use 'systemd'
-%if 0%{?rhel} || 0%{?fedora} < 16
-%define _unitdir /lib/systemd/system
-%endif
-
-BuildRequires: cmake
-BuildRequires: java-devel >= 1:1.6.0
-BuildRequires: nspr-devel
-BuildRequires: nss-devel
-%if 0%{?fedora} >= 16
-BuildRequires: jpackage-utils >= 0:1.7.5-10
-BuildRequires: jss >= 4.2.6-19.1
-BuildRequires: pki-common >= 9.0.15
-BuildRequires: pki-util >= 9.0.15
-BuildRequires: systemd-units
-%else
-BuildRequires: jpackage-utils
-BuildRequires: jss >= 4.2.6-17
-BuildRequires: pki-common
-BuildRequires: pki-util
-%endif
-
-Requires: java >= 1:1.6.0
-Requires: pki-tks-theme >= 9.0.0
-%if 0%{?fedora} >= 16
-Requires: pki-common >= 9.0.15
-Requires: pki-selinux >= 9.0.15
-Requires(post): systemd-units
-Requires(preun): systemd-units
-Requires(postun): systemd-units
-%else
-%if 0%{?fedora} >= 15
-Requires: pki-common
-Requires: pki-selinux
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
-Requires(postun): initscripts
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-Requires: initscripts
-%else
-Requires: pki-common
-Requires: pki-selinux
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
-Requires(postun): initscripts
-%endif
-%endif
-
-Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz
-
-%description
-Certificate System (CS) is an enterprise software system designed
-to manage enterprise Public Key Infrastructure (PKI) deployments.
-
-The Token Key Service (TKS) is an optional PKI subsystem that manages the
-master key(s) and the transport key(s) required to generate and distribute
-keys for hardware tokens. TKS provides the security between tokens and an
-instance of Token Processing System (TPS), where the security relies upon the
-relationship between the master key and the token keys. A TPS communicates
-with a TKS over SSL using client authentication.
-
-TKS helps establish a secure channel (signed and encrypted) between the token
-and the TPS, provides proof of presence of the security token during
-enrollment, and supports key changeover when the master key changes on the
-TKS. Tokens with older keys will get new token keys.
-
-Because of the sensitivity of the data that TKS manages, TKS should be set up
-behind the firewall with restricted access.
-
-For deployment purposes, a TKS requires the following components from the PKI
-Core package:
-
- * pki-setup
- * pki-native-tools
- * pki-util
- * pki-java-tools
- * pki-common
- * pki-selinux
-
-and can also make use of the following optional components from the PKI Core
-package:
-
- * pki-util-javadoc
- * pki-java-tools-javadoc
- * pki-common-javadoc
- * pki-silent
-
-Additionally, Certificate System requires ONE AND ONLY ONE of the following
-"Mutually-Exclusive" PKI Theme packages:
-
- * dogtag-pki-theme (Dogtag Certificate System deployments)
- * redhat-pki-theme (Red Hat Certificate System deployments)
-
-
-%prep
-
-
-%setup -q -n %{name}-%{version}%{?prerel}
-
-
-%clean
-%{__rm} -rf %{buildroot}
-
-
-%build
-%{__mkdir_p} build
-cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TKS:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} ..
-%{__make} VERBOSE=1 %{?_smp_mflags}
-
-
-%install
-%{__rm} -rf %{buildroot}
-cd build
-%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
-
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-%{__mkdir_p} %{buildroot}%{_sysconfdir}/tmpfiles.d
-# generate 'pki-tks.conf' under the 'tmpfiles.d' directory
-echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
-echo "D /var/lock/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
-echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
-echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
-%endif
-
-%if 0%{?fedora} >= 16
-%{__rm} %{buildroot}%{_initrddir}/pki-tksd
-%else
-%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tksd.target.wants
-%{__rm} -rf %{buildroot}%{_unitdir}
-%endif
-
-%if 0%{?rhel} || 0%{?fedora} < 16
-%post
-# This adds the proper /etc/rc*.d links for the script
-/sbin/chkconfig --add pki-tksd || :
-
-%preun
-if [ $1 = 0 ] ; then
- /sbin/service pki-tksd stop >/dev/null 2>&1
- /sbin/chkconfig --del pki-tksd || :
-fi
-
-%postun
-if [ "$1" -ge "1" ] ; then
- /sbin/service pki-tksd condrestart >/dev/null 2>&1 || :
-fi
-%else
-%post
-# Attempt to update ALL old "TKS" instances to "systemd"
-if [ -d /etc/sysconfig/pki/tks ]; then
- for inst in `ls /etc/sysconfig/pki/tks`; do
- if [ ! -e "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" ]; then
- ln -s "/lib/systemd/system/pki-tksd@.service" \
- "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service"
- [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
- ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
-
- if [ -e /var/run/${inst}.pid ]; then
- kill -9 `cat /var/run/${inst}.pid` || :
- rm -f /var/run/${inst}.pid
- echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
- /var/lib/${inst}/conf/CS.cfg || :
- /bin/systemctl daemon-reload >/dev/null 2>&1 || :
- /bin/systemctl restart pki-tksd@${inst}.service || :
- else
- echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
- /var/lib/${inst}/conf/CS.cfg || :
- fi
- fi
- done
-fi
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-
-%preun
-if [ $1 = 0 ] ; then
- /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || :
- /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || :
-fi
-
-%postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ "$1" -ge "1" ] ; then
- /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || :
-fi
-%endif
-
-
-%files
-%defattr(-,root,root,-)
-%doc base/tks/LICENSE
-%if 0%{?fedora} >= 16
-%dir %{_sysconfdir}/systemd/system/pki-tksd.target.wants
-%{_unitdir}/pki-tksd@.service
-%{_unitdir}/pki-tksd.target
-%else
-%{_initrddir}/pki-tksd
-%endif
-%{_javadir}/pki/pki-tks-%{version}.jar
-%{_javadir}/pki/pki-tks.jar
-%dir %{_datadir}/pki/tks
-%{_datadir}/pki/tks/conf/
-%{_datadir}/pki/tks/setup/
-%{_datadir}/pki/tks/webapps/
-%dir %{_localstatedir}/lock/pki/tks
-%dir %{_localstatedir}/run/pki/tks
-%if 0%{?fedora} >= 15
-# Details:
-#
-# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
-# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
-#
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tks.conf
-%endif
-
-
-%changelog
-* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
-- Updated package version number
-
-* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1
-- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
- OCSP, and TKS package installation . . .
-
-* Thu Sep 22 2011 Jack Magne <jmagne@redhat.com> 9.0.7-1
-- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu)
-- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
- (hsm+NSS). (jmagne)
-- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-
-* Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-1
-- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
-- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
-
-* Tue Sep 6 2011 Ade Lee <alee@redhat.com> 9.0.5-1
-- Bugzilla Bug #699809 - Convert CS to use systemd
-
-* Tue Aug 23 2011 Ade Lee <alee@redhat.com> 9.0.4-1
-- Bugzilla Bug #712931 - CS requires too many ports
- to be open in the FW
-
-* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1
-- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- (jdennis)
-- Bugzilla Bug #699837 - service command is not fully backwards
- compatible with Dogtag pki subsystems (mharmsen)
-- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
- administrator group. (jmagne)
-- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
-- Updated release of 'jss'
-
-* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1
-- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
-- Bugzilla Bug #699837 - service command is not fully backwards compatible
- with Dogtag pki subsystems
-
-* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1
-- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
-- Bugzilla Bug #683581 - CA configuration with ECC(Default
- EC curve-nistp521) CA fails with 'signing operation failed'
-- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
-- Require "jss >= 4.2.6-15" as a build and runtime requirement
-
-* Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
-- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0
-- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs
- in the java subsystems
-- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
- as part of CC interface review
-- Bugzilla Bug #583823 - CC: Auditing issues found as result of
- CC - interface review
-- Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
- generated on TKS instead of TPS.
-- Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable
- a CA that it serves
-- Bugzilla Bug #504061 - ECC: unable to install subsystems - phase 1
-- Bugzilla Bug #637330 - CC feature: Key Management - provide signature
- verification functions (JAVA subsystems)
-- Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and
- port fowarding for agent services
-- Bugzilla Bug #631179 - Administrator is not allowed to remove
- ocsp signing certificate using console
-- Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of
- signature algorithm; and for ECC curves
-- Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release --
- DRM and TKS do not seem to have CRL checking enabled
-- Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
- correctly set up CC environment
-- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
- to talk to CA and complete configuration in DonePanel
-- Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
-- Bugzilla Bug #489385 - references to rhpki
-- Bugzilla Bug #649910 - Console: an auditor or agent can be added to
- an administrator group.
-- Bugzilla Bug #632425 - Port to tomcat6
-- Bugzilla Bug #638377 - Generate PKI UI components which exclude
- a GUI interface
-- Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
- as expected
-- Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
- validity
-- Bugzilla Bug #643206 - New CMake based build system for Dogtag
-- Bugzilla Bug #499494 - change CA defaults to SHA2
-- Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
-- Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
- pkiCA, obsolete 2252 and 2256
-- Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
- repository
-- Bugzilla Bug #663546 - Disable the functionalities that are not exposed
- in the console
-- Bugzilla Bug #656733 - Standardize jar install location and jar names
-- Bugzilla Bug #661142 - Verification should fail when
- a revoked certificate is added
-- Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
- interface is no longer available through console
-- Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During
- CRL Generation
-- Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
- information
-- Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
- as part of the CC interface review
-- Bugzilla Bug #656665 - Please Update Spec File to use 'ghost' on files
- in /var/run and /var/lock
-- Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem
- instances
-
-* Wed Aug 04 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.3-1
-- Bugzilla Bug #606556 - Add known session key test to TKS self test set
-- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls
-- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256
- instead of SHA1 for ECC
-- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
- algorithm
-- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
-- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn
- per RFC 2616
-- Bugzilla Bug #498299 - Should not be able to change the status manually
- on a token marked as permanently lost or destroyed
-- Bugzilla Bug #554892 - configurable frequency signed audit
-- Bugzilla Bug #500700 - tps log rotation
-- Bugzilla Bug #562893 - tps shutdown if audit logs full
-- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
-- Bugzilla Bug #556152 - ACL changes to CA and OCSP
-- Bugzilla Bug #556167 - ACL changes to CA and OCSP
-- Bugzilla Bug #581004 - add more audit logging to the TPS
-- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move
- to a client-auth port
-- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
-- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps
- crash
-- Bugzilla Bug #581004 - add more audit logs
-- Bugzilla Bug #595871 - CC: TKS needed audit message changes
-- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
-- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
-- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
- on the token.
-- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
- to do both GenerateNewKey and RecoverLast operation for encryption key.
-- Bugzilla Bug #498299 - fix case where no transitions available
-- Bugzilla Bug #595391 - session domain table to be moved to ldap
-- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups)
-- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description
- References Fedora
-
-* Mon Apr 26 2010 Ade Lee <alee@redhat.com> 1.3.2-1
-- Bugzilla Bug 584917- Can not access CA Configuration Web UI
- after CA installation
-
-* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-2
-- Bugzilla Bug #566059 - Add 'pki-console' as a runtime dependency
- for CA, KRA, OCSP, and TKS . . .
-
-* Mon Feb 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
-- Bugzilla Bug #562986 - Supply convenience symlink(s) for backwards
- compatibility (rename jar files as appropriate)
-
-* Fri Jan 15 2010 Kevin Wright <kwright@redhat.com> 1.3.0-4
-- Removed BuildRequires: dogtag-pki-tks-ui
-
-* Fri Jan 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
-- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
-- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . .
-- Bugzilla Bug #553847 - New Package for Dogtag PKI: pki-tks
-
-* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
-- Removed 'with exceptions' from License
-
-* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1
-- Bugzilla Bug #X - Packaging for Fedora Dogtag
-