diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-01-12 22:49:36 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-01-12 22:49:36 +0000 |
commit | 3f2466897b5dea702959b23868077df3e5ebdee8 (patch) | |
tree | bb3a9b6d4c02641d27429d28aa05b1129dd2fe34 /pki | |
parent | 7d1532ecb8310c037f54d96364dfdcd54e8e7cc0 (diff) | |
download | pki-3f2466897b5dea702959b23868077df3e5ebdee8.tar.gz pki-3f2466897b5dea702959b23868077df3e5ebdee8.tar.xz pki-3f2466897b5dea702959b23868077df3e5ebdee8.zip |
Bugzilla Bug #475895 - Disallow creation of an initial login shell
Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into pkicreate . . .
Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . .
Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . .
Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . .
Corrected "|| :" scriptlet logic
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@909 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
-rw-r--r-- | pki/dogtag/ca/pki-ca.spec | 11 | ||||
-rw-r--r-- | pki/dogtag/kra/pki-kra.spec | 58 | ||||
-rw-r--r-- | pki/dogtag/ocsp/pki-ocsp.spec | 58 | ||||
-rw-r--r-- | pki/dogtag/selinux/pki-selinux.spec | 10 | ||||
-rw-r--r-- | pki/dogtag/setup/pki-setup.spec | 12 | ||||
-rw-r--r-- | pki/dogtag/tks/pki-tks.spec | 60 |
6 files changed, 115 insertions, 94 deletions
diff --git a/pki/dogtag/ca/pki-ca.spec b/pki/dogtag/ca/pki-ca.spec index 7268e955..20a93d03 100644 --- a/pki/dogtag/ca/pki-ca.spec +++ b/pki/dogtag/ca/pki-ca.spec @@ -1,6 +1,6 @@ Name: pki-ca Version: 1.3.0 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Dogtag Certificate System - Certificate Authority URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -75,12 +75,12 @@ rm -rf %{buildroot} %post # This adds the proper /etc/rc*.d links for the script -/sbin/chkconfig --add pki-cad +/sbin/chkconfig --add pki-cad || : %preun if [ $1 = 0 ] ; then - /sbin/service pki-cad stop >/dev/null 2>&1 || : - /sbin/chkconfig --del pki-cad + /sbin/service pki-cad stop >/dev/null 2>&1 + /sbin/chkconfig --del pki-cad || : fi %postun @@ -98,6 +98,9 @@ fi %{_localstatedir}/run/* %changelog +* Tue Jan 12 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-7 +- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895) + * Mon Dec 7 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6 - Bugzilla Bug #522210 - Packaging for Fedora Dogtag - Bugzilla Bug #529070 - rpm packaging problems (cannot reinstall correctly) diff --git a/pki/dogtag/kra/pki-kra.spec b/pki/dogtag/kra/pki-kra.spec index ca418c44..c21f0c37 100644 --- a/pki/dogtag/kra/pki-kra.spec +++ b/pki/dogtag/kra/pki-kra.spec @@ -1,6 +1,6 @@ Name: pki-kra Version: 1.3.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Dogtag Certificate System - Data Recovery Manager URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -23,6 +23,11 @@ Requires: java >= 1:1.6.0 Requires: pki-common Requires: pki-kra-ui Requires: pki-selinux +Requires: pki-silent +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -52,6 +57,7 @@ properties of signing keys. %build ant \ + -Dinit.d="rc.d/init.d" \ -Dproduct.ui.flavor.prefix="" \ -Dproduct.prefix="pki" \ -Dproduct="kra" \ @@ -67,49 +73,45 @@ cd dist/binary unzip %{name}-%{version}.zip -d %{buildroot} sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/kra/conf/CS.cfg sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/kra/conf/CS.cfg -cd %{buildroot}%{_javadir}/pki/kra +mkdir -p %{buildroot}%{_localstatedir}/lock/pki/kra +mkdir -p %{buildroot}%{_localstatedir}/run/pki/kra +cd %{buildroot}%{_javadir} mv kra.jar kra-%{version}.jar ln -s kra-%{version}.jar kra.jar %clean rm -rf %{buildroot} -%pre -if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"pkiuser\" to /etc/group." - groupadd pkiuser -fi -if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"pkiuser\" to /etc/passwd." - useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser -fi - %post -%{_datadir}/pki/kra/setup/postinstall pki kra %{version} %{release} -echo "" -echo "Install finished." +# This adds the proper /etc/rc*.d links for the script +/sbin/chkconfig --add pki-krad || : %preun -if [ -d /var/lib/pki-kra ] ; then - echo "WARNING: The default instance \"/var/lib/pki-kra\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"/var/lib/pki-kra\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"/var/lib/pki-kra\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/pki-kra stop +if [ $1 = 0 ] ; then + /sbin/service pki-krad stop >/dev/null 2>&1 + /sbin/chkconfig --del pki-krad || : +fi + +%postun +if [ "$1" -ge "1" ] ; then + /sbin/service pki-krad condrestart >/dev/null 2>&1 || : fi %files %defattr(-,root,root,-) %doc LICENSE -%{_javadir}/pki/kra/* -%{_datadir}/pki/kra/* +%{_initrddir}/* +%{_javadir}/* +%{_datadir}/pki/ +%{_localstatedir}/lock/* +%{_localstatedir}/run/* %changelog +* Fri Jan 8 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895) +- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . . +- Bugzilla Bug #553842 - New Package for Dogtag PKI: pki-kra + * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 - Removed 'with exceptions' from License diff --git a/pki/dogtag/ocsp/pki-ocsp.spec b/pki/dogtag/ocsp/pki-ocsp.spec index a58384d6..e79c6ed7 100644 --- a/pki/dogtag/ocsp/pki-ocsp.spec +++ b/pki/dogtag/ocsp/pki-ocsp.spec @@ -1,6 +1,6 @@ Name: pki-ocsp Version: 1.3.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Dogtag Certificate System - Online Certificate Status Protocol Manager URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -23,6 +23,11 @@ Requires: java >= 1:1.6.0 Requires: pki-common Requires: pki-ocsp-ui Requires: pki-selinux +Requires: pki-silent +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -61,6 +66,7 @@ CRLs are published to it whenever they are issued or updated. %build ant \ + -Dinit.d="rc.d/init.d" \ -Dproduct.ui.flavor.prefix="" \ -Dproduct.prefix="pki" \ -Dproduct="ocsp" \ @@ -76,49 +82,45 @@ cd dist/binary unzip %{name}-%{version}.zip -d %{buildroot} sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg -cd %{buildroot}%{_javadir}/pki/ocsp +mkdir -p %{buildroot}%{_localstatedir}/lock/pki/ocsp +mkdir -p %{buildroot}%{_localstatedir}/run/pki/ocsp +cd %{buildroot}%{_javadir} mv ocsp.jar ocsp-%{version}.jar ln -s ocsp-%{version}.jar ocsp.jar %clean rm -rf %{buildroot} -%pre -if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"pkiuser\" to /etc/group." - groupadd pkiuser -fi -if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"pkiuser\" to /etc/passwd." - useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser -fi - %post -%{_datadir}/pki/ocsp/setup/postinstall pki ocsp %{version} %{release} -echo "" -echo "Install finished." +# This adds the proper /etc/rc*.d links for the script +/sbin/chkconfig --add pki-ocspd || : %preun -if [ -d /var/lib/pki-ocsp ] ; then - echo "WARNING: The default instance \"/var/lib/pki-ocsp\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"/var/lib/pki-ocsp\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"/var/lib/pki-ocsp\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/pki-ocsp stop +if [ $1 = 0 ] ; then + /sbin/service pki-ocspd stop >/dev/null 2>&1 + /sbin/chkconfig --del pki-ocspd || : +fi + +%postun +if [ "$1" -ge "1" ] ; then + /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || : fi %files %defattr(-,root,root,-) %doc LICENSE -%{_javadir}/pki/ocsp/* -%{_datadir}/pki/ocsp/* +%{_initrddir}/* +%{_javadir}/* +%{_datadir}/pki/ +%{_localstatedir}/lock/* +%{_localstatedir}/run/* %changelog +* Fri Jan 8 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895) +- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . . +- Bugzilla Bug #553844 - New Package for Dogtag PKI: pki-ocsp + * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 - Removed 'with exceptions' from License diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec index 7a5c16b6..d4303879 100644 --- a/pki/dogtag/selinux/pki-selinux.spec +++ b/pki/dogtag/selinux/pki-selinux.spec @@ -1,6 +1,6 @@ Name: pki-selinux -Version: 1.3.0 -Release: 5%{?dist} +Version: 1.3.1 +Release: 1%{?dist} Summary: Dogtag Certificate System - PKI Selinux Policies URL: https://pki.fedoraproject.org/ License: GPLv2 @@ -82,6 +82,12 @@ fi %{_datadir}/selinux/modules/pki.pp %changelog +* Mon Jan 11 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model +- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . . +- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . . +- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . . + * Fri Jan 8 2010 Kevin Wright <kwright@redhat.com> 1.3.0-5 - Removed fc10 and fc11-specific Requires and Build Requires diff --git a/pki/dogtag/setup/pki-setup.spec b/pki/dogtag/setup/pki-setup.spec index 9487dde7..6f3e99ca 100644 --- a/pki/dogtag/setup/pki-setup.spec +++ b/pki/dogtag/setup/pki-setup.spec @@ -1,6 +1,6 @@ Name: pki-setup -Version: 1.3.0 -Release: 6%{?dist} +Version: 1.3.1 +Release: 1%{?dist} Summary: Dogtag Certificate system - PKI Instance Creation and Removal Scripts URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -51,6 +51,14 @@ rm -rf %{buildroot} %{_datadir}/pki/ %changelog +* Thu Jan 7 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 +- Bugzilla Bug #475895 - Disallow creation of an initial login shell +- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into + pkicreate . . . +- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . . +- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . . +- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . . + * Wed Dec 23 2009 Kevin Wright <kwright@redhat.com> 1.3.0-6 - Bugzilla Bug #521993 - packaging for Fedora Dogtag - Removed Requires for all perl packages diff --git a/pki/dogtag/tks/pki-tks.spec b/pki/dogtag/tks/pki-tks.spec index 01cb6de8..f821f975 100644 --- a/pki/dogtag/tks/pki-tks.spec +++ b/pki/dogtag/tks/pki-tks.spec @@ -1,6 +1,6 @@ Name: pki-tks Version: 1.3.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Dogtag Certificate System - Token Key Service URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -23,6 +23,11 @@ Requires: java >= 1:1.6.0 Requires: pki-tks-ui Requires: pki-common Requires: pki-selinux +Requires: pki-silent +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -54,6 +59,7 @@ restricted access. %build ant \ + -Dinit.d="rc.d/init.d" \ -Dproduct.ui.flavor.prefix="" \ -Dproduct.prefix="pki" \ -Dproduct="tks" \ @@ -69,51 +75,45 @@ cd dist/binary unzip %{name}-%{version}.zip -d %{buildroot} sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/tks/conf/CS.cfg sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/tks/conf/CS.cfg -cd %{buildroot}%{_javadir}/pki/tks +mkdir -p %{buildroot}%{_localstatedir}/lock/pki/tks +mkdir -p %{buildroot}%{_localstatedir}/run/pki/tks +cd %{buildroot}%{_javadir} mv tks.jar tks-%{version}.jar ln -s tks-%{version}.jar tks.jar %clean rm -rf %{buildroot} -%pre -if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then - echo "Adding default PKI group \"pkiuser\" to /etc/group." - groupadd pkiuser -fi -if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then - echo "Adding default PKI user \"pkiuser\" to /etc/passwd." - useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser -fi - - %post -%{_datadir}/pki/tks/setup/postinstall pki tks %{version} %{release} -echo "" -echo "Install finished." - +# This adds the proper /etc/rc*.d links for the script +/sbin/chkconfig --add pki-tksd || : %preun -if [ -d /var/lib/pki-tks ] ; then - echo "WARNING: The default instance \"/var/lib/pki-tks\" was NOT removed!" - echo "" - echo "NOTE: This means that the data in the default instance called" - echo " \"/var/lib/pki-tks\" will NOT be overwritten once the" - echo " \"%{name}\" package is re-installed." - echo "" - echo "Shutting down the default instance \"/var/lib/pki-tks\"" - echo "PRIOR to uninstalling the \"%{name}\" package:" - echo "" - /etc/init.d/pki-tks stop +if [ $1 = 0 ] ; then + /sbin/service pki-tksd stop >/dev/null 2>&1 + /sbin/chkconfig --del pki-tksd || : +fi + +%postun +if [ "$1" -ge "1" ] ; then + /sbin/service pki-tksd condrestart >/dev/null 2>&1 || : fi %files %defattr(-,root,root,-) %doc LICENSE -%{_javadir}/pki/tks/* -%{_datadir}/pki/tks/* +%{_initrddir}/* +%{_javadir}/* +%{_datadir}/pki/ +%{_localstatedir}/lock/* +%{_localstatedir}/run/* %changelog +* Fri Jan 8 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 +- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895) +- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . . +- Bugzilla Bug #553847 - New Package for Dogtag PKI: pki-tks + * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 - Removed 'with exceptions' from License |