diff options
Diffstat (limited to 'pki')
-rw-r--r-- | pki/CMakeLists.txt | 16 | ||||
-rwxr-xr-x | pki/scripts/compose_dogtag_pki_theme_packages | 2 | ||||
-rwxr-xr-x | pki/scripts/compose_pki_console_packages | 2 | ||||
-rwxr-xr-x | pki/scripts/compose_pki_core_packages | 2 | ||||
-rwxr-xr-x | pki/scripts/compose_pki_kra_packages | 2 | ||||
-rwxr-xr-x | pki/scripts/compose_pki_ocsp_packages | 2 | ||||
-rwxr-xr-x | pki/scripts/compose_pki_ra_packages | 2 | ||||
-rwxr-xr-x | pki/scripts/compose_pki_tks_packages | 2 | ||||
-rwxr-xr-x | pki/scripts/compose_pki_tps_packages | 2 | ||||
-rw-r--r-- | pki/specs/dogtag-pki-theme.spec | 16 | ||||
-rw-r--r-- | pki/specs/dogtag-pki.spec | 26 | ||||
-rw-r--r-- | pki/specs/pki-console.spec | 23 | ||||
-rw-r--r-- | pki/specs/pki-core.spec | 167 | ||||
-rw-r--r-- | pki/specs/pki-kra.spec | 70 | ||||
-rw-r--r-- | pki/specs/pki-ocsp.spec | 71 | ||||
-rw-r--r-- | pki/specs/pki-ra.spec | 8 | ||||
-rw-r--r-- | pki/specs/pki-tks.spec | 72 | ||||
-rw-r--r-- | pki/specs/pki-tps.spec | 13 |
18 files changed, 326 insertions, 172 deletions
diff --git a/pki/CMakeLists.txt b/pki/CMakeLists.txt index c753d841..43a25b5b 100644 --- a/pki/CMakeLists.txt +++ b/pki/CMakeLists.txt @@ -17,34 +17,34 @@ if (BUILD_IPA_PKI_THEME) elseif (BUILD_DOGTAG_PKI_THEME) set(APPLICATION_FLAVOR_DOGTAG_PKI_THEME TRUE) # override APPLICATION VERSION - set(APPLICATION_VERSION_PATCH "8") + set(APPLICATION_VERSION_PATCH "9") elseif (BUILD_REDHAT_PKI_THEME) set(APPLICATION_FLAVOR_REDHAT_PKI_THEME TRUE) elseif (BUILD_PKI_CORE) set(APPLICATION_FLAVOR_PKI_CORE TRUE) # override APPLICATION VERSION - set(APPLICATION_VERSION_PATCH "14") + set(APPLICATION_VERSION_PATCH "15") elseif (BUILD_PKI_KRA) set(APPLICATION_FLAVOR_PKI_KRA TRUE) # override APPLICATION VERSION - set(APPLICATION_VERSION_PATCH "7") + set(APPLICATION_VERSION_PATCH "8") elseif (BUILD_PKI_OCSP) set(APPLICATION_FLAVOR_PKI_OCSP TRUE) - set(APPLICATION_VERSION_PATCH "6") + set(APPLICATION_VERSION_PATCH "7") elseif (BUILD_PKI_RA) set(APPLICATION_FLAVOR_PKI_RA TRUE) - set(APPLICATION_VERSION_PATCH "3") + set(APPLICATION_VERSION_PATCH "4") elseif (BUILD_PKI_TKS) set(APPLICATION_FLAVOR_PKI_TKS TRUE) - set(APPLICATION_VERSION_PATCH "6") + set(APPLICATION_VERSION_PATCH "7") elseif (BUILD_PKI_TPS) set(APPLICATION_FLAVOR_PKI_TPS TRUE) # override APPLICATION VERSION - set(APPLICATION_VERSION_PATCH "6") + set(APPLICATION_VERSION_PATCH "7") elseif (BUILD_PKI_CONSOLE) set(APPLICATION_FLAVOR_PKI_CONSOLE TRUE) # override APPLICATION VERSION - set(APPLICATION_VERSION_PATCH "4") + set(APPLICATION_VERSION_PATCH "5") elseif (BUILD_PKI_MIGRATE) set(APPLICATION_FLAVOR_PKI_MIGRATE TRUE) # override APPLICATION VERSION diff --git a/pki/scripts/compose_dogtag_pki_theme_packages b/pki/scripts/compose_dogtag_pki_theme_packages index 2de40562..9d81b67b 100755 --- a/pki/scripts/compose_dogtag_pki_theme_packages +++ b/pki/scripts/compose_dogtag_pki_theme_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## DOGTAG_PKI_THEME="dogtag-pki-theme" -DOGTAG_PKI_THEME_VERSION="9.0.8" +DOGTAG_PKI_THEME_VERSION="9.0.9" ## diff --git a/pki/scripts/compose_pki_console_packages b/pki/scripts/compose_pki_console_packages index e4b4868d..dab649b7 100755 --- a/pki/scripts/compose_pki_console_packages +++ b/pki/scripts/compose_pki_console_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_CONSOLE="pki-console" -PKI_CONSOLE_VERSION="9.0.4" +PKI_CONSOLE_VERSION="9.0.5" ## diff --git a/pki/scripts/compose_pki_core_packages b/pki/scripts/compose_pki_core_packages index 24ef03c5..44a5a67e 100755 --- a/pki/scripts/compose_pki_core_packages +++ b/pki/scripts/compose_pki_core_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_CORE="pki-core" -PKI_CORE_VERSION="9.0.14" +PKI_CORE_VERSION="9.0.15" ## diff --git a/pki/scripts/compose_pki_kra_packages b/pki/scripts/compose_pki_kra_packages index 10af8f8e..79760d58 100755 --- a/pki/scripts/compose_pki_kra_packages +++ b/pki/scripts/compose_pki_kra_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_KRA="pki-kra" -PKI_KRA_VERSION="9.0.7" +PKI_KRA_VERSION="9.0.8" ## diff --git a/pki/scripts/compose_pki_ocsp_packages b/pki/scripts/compose_pki_ocsp_packages index 21cdd1dc..44d0e417 100755 --- a/pki/scripts/compose_pki_ocsp_packages +++ b/pki/scripts/compose_pki_ocsp_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_OCSP="pki-ocsp" -PKI_OCSP_VERSION="9.0.6" +PKI_OCSP_VERSION="9.0.7" ## diff --git a/pki/scripts/compose_pki_ra_packages b/pki/scripts/compose_pki_ra_packages index 6d58e637..a9aa446a 100755 --- a/pki/scripts/compose_pki_ra_packages +++ b/pki/scripts/compose_pki_ra_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_RA="pki-ra" -PKI_RA_VERSION="9.0.3" +PKI_RA_VERSION="9.0.4" ## diff --git a/pki/scripts/compose_pki_tks_packages b/pki/scripts/compose_pki_tks_packages index 44c59383..3f2bca4e 100755 --- a/pki/scripts/compose_pki_tks_packages +++ b/pki/scripts/compose_pki_tks_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_TKS="pki-tks" -PKI_TKS_VERSION="9.0.6" +PKI_TKS_VERSION="9.0.7" ## diff --git a/pki/scripts/compose_pki_tps_packages b/pki/scripts/compose_pki_tps_packages index 89419123..c5e3507d 100755 --- a/pki/scripts/compose_pki_tps_packages +++ b/pki/scripts/compose_pki_tps_packages @@ -31,7 +31,7 @@ PKI_PWD=`pwd` ## PKI_TPS="pki-tps" -PKI_TPS_VERSION="9.0.6" +PKI_TPS_VERSION="9.0.7" ## diff --git a/pki/specs/dogtag-pki-theme.spec b/pki/specs/dogtag-pki-theme.spec index 0d658062..0ace718d 100644 --- a/pki/specs/dogtag-pki-theme.spec +++ b/pki/specs/dogtag-pki-theme.spec @@ -1,5 +1,5 @@ Name: dogtag-pki-theme -Version: 9.0.8 +Version: 9.0.9 Release: 1%{?dist} Summary: Certificate System - Dogtag PKI Theme Components URL: http://pki.fedoraproject.org/ @@ -350,6 +350,20 @@ chmod 755 %{buildroot}%{_datadir}/pki/tps-ui/cgi-bin/sow/cfg.pl %changelog +* Thu Sep 22 2011 Andrew Wnuk <awnuk@redhat.com> 9.0.9-1 +- 'dogtag-pki-ca-theme' +- Bugzilla Bug #737423 - Ability to view migrated policy requests + is very limited. (awnuk) +- 'dogtag-pki-common-theme' +- 'dogtag-pki-console-theme' +- 'dogtag-pki-kra-theme' +- 'dogtag-pki-ocsp-theme' +- 'dogtag-pki-ra-theme' +- 'dogtag-pki-tks-theme' +- 'dogtag-pki-tps-theme' +- Bugzilla Bug #737184 - TPS UI display admin user name as + "undefined TUS Administrator". (awnuk) + * Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1 - 'dogtag-pki-ca-theme' - 'dogtag-pki-common-theme' diff --git a/pki/specs/dogtag-pki.spec b/pki/specs/dogtag-pki.spec index b5a86331..78c2c551 100644 --- a/pki/specs/dogtag-pki.spec +++ b/pki/specs/dogtag-pki.spec @@ -1,7 +1,7 @@ Summary: Dogtag Public Key Infrastructure (PKI) Suite Name: dogtag-pki Version: 9.0.0 -Release: 6%{?dist} +Release: 7%{?dist} # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPLv2 and LGPLv2 URL: http://pki.fedoraproject.org/ @@ -11,18 +11,18 @@ BuildArch: noarch # Establish MINIMUM package versions based upon platform %if 0%{?fedora} >= 16 -%define dogtag_pki_theme_version 9.0.4 +%define dogtag_pki_theme_version 9.0.9 %define esc_version 1.1.0 %define jss_version 4.2.6-19.1 -%define osutil_version 2.0.1 -%define pki_core_version 9.0.14 -%define pki_kra_version 9.0.7 -%define pki_ocsp_version 9.0.6 -%define pki_ra_version 9.0.0 -%define pki_tks_version 9.0.6 -%define pki_tps_version 9.0.0 -%define pki_console_version 9.0.4 -%define tomcatjss_version 6.0.1 +%define osutil_version 2.0.2 +%define pki_core_version 9.0.15 +%define pki_kra_version 9.0.8 +%define pki_ocsp_version 9.0.7 +%define pki_ra_version 9.0.4 +%define pki_tks_version 9.0.7 +%define pki_tps_version 9.0.7 +%define pki_console_version 9.0.5 +%define tomcatjss_version 6.0.2 %elseif 0%{?fedora} >= 15 %define dogtag_pki_theme_version 9.0.0 %define esc_version 1.1.0 @@ -177,6 +177,10 @@ rm -rf %{buildroot} %doc README %changelog +* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1 +- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) + * Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-6 - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Established MINIMUM package versions based upon platform diff --git a/pki/specs/pki-console.spec b/pki/specs/pki-console.spec index ef59bac6..b2251740 100644 --- a/pki/specs/pki-console.spec +++ b/pki/specs/pki-console.spec @@ -1,5 +1,5 @@ Name: pki-console -Version: 9.0.4 +Version: 9.0.5 Release: 1%{?dist} Summary: Certificate System - PKI Console URL: http://pki.fedoraproject.org/ @@ -13,27 +13,30 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: cmake BuildRequires: idm-console-framework BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: ldapjdk +BuildRequires: nspr-devel +BuildRequires: nss-devel %if 0%{?fedora} >= 16 BuildRequires: jpackage-utils >= 1.7.5-10 +BuildRequires: jss >= 4.2.6-19.1 +BuildRequires: pki-util >= 9.0.15 %else BuildRequires: jpackage-utils -%endif BuildRequires: jss >= 4.2.6-17 -BuildRequires: ldapjdk -BuildRequires: nspr-devel -BuildRequires: nss-devel BuildRequires: pki-util +%endif Requires: idm-console-framework Requires: java >= 1:1.6.0 +Requires: ldapjdk +Requires: pki-console-theme >= 9.0.0 %if 0%{?fedora} >= 16 Requires: jpackage-utils >= 1.7.5-10 +Requires: jss >= 4.2.6-19.1 %else Requires: jpackage-utils -%endif Requires: jss >= 4.2.6-17 -Requires: ldapjdk -Requires: pki-console-theme +%endif Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -81,6 +84,10 @@ cd build %changelog +* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-1 +- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) + * Wed Aug 31 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.4-1 - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . diff --git a/pki/specs/pki-core.spec b/pki/specs/pki-core.spec index 4ec05d96..e21d02b0 100644 --- a/pki/specs/pki-core.spec +++ b/pki/specs/pki-core.spec @@ -1,5 +1,5 @@ Name: pki-core -Version: 9.0.14 +Version: 9.0.15 Release: 1%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ @@ -8,36 +8,35 @@ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -# jss requires versioning to meet both build and runtime requirements # tomcatjss requires versioning since version 2.0.0 requires tomcat6 -# pki-common-theme requires versioning to meet runtime requirements -# pki-ca-theme requires versioning to meet runtime requirements BuildRequires: cmake BuildRequires: java-devel >= 1:1.6.0 -%if 0%{?fedora} >= 16 -BuildRequires: jpackage-utils >= 0:1.7.5-10 -%else -BuildRequires: jpackage-utils -%endif -BuildRequires: jss >= 4.2.6-17 BuildRequires: ldapjdk BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: openldap-devel -BuildRequires: osutil BuildRequires: pkgconfig BuildRequires: policycoreutils BuildRequires: selinux-policy-devel -%if 0%{?fedora} >= 15 -BuildRequires: tomcatjss >= 6.0.0 -%else -BuildRequires: tomcatjss >= 2.0.0 -%endif BuildRequires: velocity BuildRequires: xalan-j2 BuildRequires: xerces-j2 %if 0%{?fedora} >= 16 +BuildRequires: jpackage-utils >= 0:1.7.5-10 +BuildRequires: jss >= 4.2.6-19.1 +BuildRequires: osutil >= 2.0.2 BuildRequires: systemd-units +BuildRequires: tomcatjss >= 6.0.2 +%elseif 0%{?fedora} >= 15 +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6-17 +BuildRequires: osutil >= 2.0.1 +BuildRequires: tomcatjss >= 6.0.0 +%else +BuildRequires: jpackage-utils +BuildRequires: jss >= 4.2.6-17 +BuildRequires: osutil +BuildRequires: tomcatjss >= 2.0.0 %endif Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -127,13 +126,14 @@ Summary: Symmetric Key JNI Package Group: System Environment/Libraries Requires: java >= 1:1.6.0 +Requires: nss %if 0%{?fedora} >= 16 Requires: jpackage-utils >= 0:1.7.5-10 +Requires: jss >= 4.2.6-19.1 %else Requires: jpackage-utils -%endif Requires: jss >= 4.2.6-17 -Requires: nss +%endif Provides: symkey = %{version}-%{release} @@ -172,14 +172,20 @@ Group: System Environment/Base BuildArch: noarch Requires: java >= 1:1.6.0 +Requires: ldapjdk %if 0%{?fedora} >= 16 Requires: jpackage-utils >= 0:1.7.5-10 +Requires: jss >= 4.2.6-19.1 +Requires: osutil >= 2.0.2 +%elseif 0%{?fedora} >= 15 +Requires: jpackage-utils +Requires: jss >= 4.2.6-17 +Requires: osutil >= 2.0.1 %else Requires: jpackage-utils -%endif Requires: jss >= 4.2.6-17 -Requires: ldapjdk Requires: osutil +%endif %description -n pki-util The PKI Utility Framework is required by the following four PKI subsystems: @@ -218,13 +224,13 @@ Group: System Environment/Base BuildArch: noarch Requires: java >= 1:1.6.0 +Requires: pki-native-tools = %{version}-%{release} +Requires: pki-util = %{version}-%{release} %if 0%{?fedora} >= 16 Requires: jpackage-utils >= 0:1.7.5-10 %else Requires: jpackage-utils %endif -Requires: pki-native-tools = %{version}-%{release} -Requires: pki-util = %{version}-%{release} %description -n pki-java-tools These platform-independent PKI executables are used to help make @@ -258,25 +264,11 @@ Group: System Environment/Base BuildArch: noarch -%if 0%{?fedora} >= 14 -Requires: apache-commons-lang -Requires: apache-commons-logging -%endif -%if 0%{?rhel} || 0%{?fedora} < 14 -Requires: jakarta-commons-lang -Requires: jakarta-commons-logging -%endif Requires: java >= 1:1.6.0 -Requires: jss >= 4.2.6-17 Requires: pki-common-theme >= 9.0.0 Requires: pki-java-tools = %{version}-%{release} Requires: pki-setup = %{version}-%{release} Requires: pki-symkey = %{version}-%{release} -%if 0%{?fedora} >= 15 -Requires: tomcatjss >= 6.0.0 -%else -Requires: tomcatjss >= 2.0.0 -%endif Requires: %{_javadir}/ldapjdk.jar Requires: %{_javadir}/velocity.jar Requires: %{_javadir}/xalan-j2.jar @@ -285,6 +277,27 @@ Requires: %{_javadir}/xerces-j2.jar Requires: %{_javadir}/xml-commons-apis.jar Requires: %{_javadir}/xml-commons-resolver.jar Requires: velocity +%if 0%{?fedora} >= 16 +Requires: apache-commons-lang +Requires: apache-commons-logging +Requires: jss >= 4.2.6-19.1 +Requires: tomcatjss >= 6.0.2 +%elseif 0%{?fedora} >= 15 +Requires: apache-commons-lang +Requires: apache-commons-logging +Requires: jss >= 4.2.6-17 +Requires: tomcatjss >= 6.0.0 +%elseif 0%{?fedora} >= 14 +Requires: apache-commons-lang +Requires: apache-commons-logging +Requires: jss >= 4.2.6-17 +Requires: tomcatjss >= 2.0.0 +%else +Requires: jakarta-commons-lang +Requires: jakarta-commons-logging +Requires: jss >= 4.2.6-17 +Requires: tomcatjss >= 2.0.0 +%endif %description -n pki-common The PKI Common Framework is required by the following four PKI subsystems: @@ -347,20 +360,22 @@ Requires: pki-selinux = %{version}-%{release} Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -%else +%elseif 0%{?fedora} >= 15 Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%endif - -%if 0%{?fedora} >= 15 # Details: # # * https://fedoraproject.org/wiki/Features/var-run-tmpfs # * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft # Requires: initscripts +%else +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts %endif %description -n pki-ca @@ -425,10 +440,6 @@ cd build cd build %{__make} install DESTDIR=%{buildroot} INSTALL="install -p" -%if 0%{?rhel} || 0%{?fedora} < 16 -%{__rm} %{buildroot}%{_bindir}/pkicontrol -%endif - cd %{buildroot}%{_libdir}/symkey %{__rm} symkey.jar %if 0%{?fedora} >= 16 @@ -461,6 +472,7 @@ echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile %if 0%{?fedora} >= 16 %{__rm} %{buildroot}%{_initrddir}/pki-cad %else +%{__rm} %{buildroot}%{_bindir}/pkicontrol %{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants %{__rm} -rf %{buildroot}%{_unitdir} %endif @@ -508,19 +520,27 @@ fi %else %post -n pki-ca # Attempt to update ALL old "CA" instances to "systemd" -#for inst in `ls /etc/sysconfig/pki/ca`; do -# if [ ! -e "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" ]; then -# ln -s "/lib/systemd/system/pki-cad@.service" "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" -# [ -e /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} -# ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} -# echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> /var/lib/${inst}/conf/CS.cfg -# fi -#done +for inst in `ls /etc/sysconfig/pki/ca`; do + if [ ! -e "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-cad@.service" \ + "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" + [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} + ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-cad@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi +done /bin/systemctl daemon-reload >/dev/null 2>&1 || : -# Attempt to restart ALL updated "CA" instances -#if [ $1 = 2 ] ; then -# /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || : -#fi %preun -n pki-ca if [ $1 = 0 ] ; then @@ -683,6 +703,41 @@ fi %changelog +* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.15-1 +- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) +- 'pki-setup' +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS + mode (cfu) +- 'pki-symkey' +- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode + (hsm+NSS). (jmagne) +- 'pki-native-tools' +- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS + mode (cfu) +- 'pki-util' +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS + mode (cfu) +- 'pki-java-tools' +- 'pki-common' +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS + mode (cfu) +- Bugzilla Bug #737218 - Incorrect request attribute name matching + ignores request attributes during request parsing. (awnuk) +- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode + (hsm+NSS). (jmagne) +- 'pki-selinux' +- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) +- 'pki-ca' +- Bugzilla Bug #712931 - CS requires too many ports + to be open in the FW (alee) +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS + mode (cfu) +- 'pki-silent' +- Bugzilla Bug #739201 - pkisilent does not take arch into account + as Java packages migrated to arch-dependent directories (mharmsen) + * Fri Sep 9 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.14-1 - 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . diff --git a/pki/specs/pki-kra.spec b/pki/specs/pki-kra.spec index b0a0aa9d..41c02e76 100644 --- a/pki/specs/pki-kra.spec +++ b/pki/specs/pki-kra.spec @@ -1,5 +1,5 @@ Name: pki-kra -Version: 9.0.7 +Version: 9.0.8 Release: 1%{?dist} Summary: Certificate System - Data Recovery Manager URL: http://pki.fedoraproject.org/ @@ -12,42 +12,49 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: cmake BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: nspr-devel +BuildRequires: nss-devel %if 0%{?fedora} >= 16 BuildRequires: jpackage-utils >= 0:1.7.5-10 +BuildRequires: jss >= 4.2.6-19.1 +BuildRequires: pki-common >= 9.0.15 +BuildRequires: pki-util >= 9.0.15 +BuildRequires: systemd-units %else BuildRequires: jpackage-utils -%endif BuildRequires: jss >= 4.2.6-17 -BuildRequires: nspr-devel -BuildRequires: nss-devel BuildRequires: pki-common BuildRequires: pki-util -%if 0%{?fedora} >= 16 -BuildRequires: systemd-units %endif Requires: java >= 1:1.6.0 -Requires: pki-common -Requires: pki-kra-theme -Requires: pki-selinux +Requires: pki-kra-theme >= 9.0.0 %if 0%{?fedora} >= 16 +Requires: pki-common >= 9.0.15 +Requires: pki-selinux >= 9.0.15 Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -%else +%elseif 0%{?fedora} >= 15 +Requires: pki-common +Requires: pki-selinux Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%endif - -%if 0%{?fedora} >= 15 # Details: # # * https://fedoraproject.org/wiki/Features/var-run-tmpfs # * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft # Requires: initscripts +%else +Requires: pki-common +Requires: pki-selinux +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts %endif Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -158,19 +165,27 @@ fi %else %post # Attempt to update ALL old "KRA" instances to "systemd" -#for inst in `ls /etc/sysconfig/pki/kra`; do -# if [ ! -e "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service" ]; then -# ln -s "/lib/systemd/system/pki-krad@.service" "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service" -# [ -e /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} -# ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} -# echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> /var/lib/${inst}/conf/CS.cfg -# fi -#done +for inst in `ls /etc/sysconfig/pki/kra`; do + if [ ! -e "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-krad@.service" \ + "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service" + [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} + ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-krad@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi +done /bin/systemctl daemon-reload >/dev/null 2>&1 || : -# Attempt to restart ALL updated "KRA" instances -#if [ $1 = 2 ] ; then -# /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || : -#fi %preun if [ $1 = 0 ] ; then @@ -214,6 +229,11 @@ fi %changelog +* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1 +- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) + * Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1 - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) diff --git a/pki/specs/pki-ocsp.spec b/pki/specs/pki-ocsp.spec index 9693a780..b2f24450 100644 --- a/pki/specs/pki-ocsp.spec +++ b/pki/specs/pki-ocsp.spec @@ -1,5 +1,5 @@ Name: pki-ocsp -Version: 9.0.6 +Version: 9.0.7 Release: 1%{?dist} Summary: Certificate System - Online Certificate Status Protocol Manager URL: http://pki.fedoraproject.org/ @@ -12,43 +12,49 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: cmake BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: nspr-devel +BuildRequires: nss-devel %if 0%{?fedora} >= 16 BuildRequires: jpackage-utils >= 0:1.7.5-10 +BuildRequires: jss >= 4.2.6-19.1 +BuildRequires: pki-common >= 9.0.15 +BuildRequires: pki-util >= 9.0.15 +BuildRequires: systemd-units %else BuildRequires: jpackage-utils -%endif BuildRequires: jss >= 4.2.6-17 -BuildRequires: nspr-devel -BuildRequires: nss-devel BuildRequires: pki-common BuildRequires: pki-util -%if 0%{?fedora} >= 16 -BuildRequires: systemd-units %endif Requires: java >= 1:1.6.0 -Requires: pki-common -Requires: pki-ocsp-theme -Requires: pki-selinux - +Requires: pki-ocsp-theme >= 9.0.0 %if 0%{?fedora} >= 16 +Requires: pki-common >= 9.0.15 +Requires: pki-selinux >= 9.0.15 Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -%else +%elseif 0%{?fedora} >= 15 +Requires: pki-common +Requires: pki-selinux Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%endif - -%if 0%{?fedora} >= 15 # Details: # # * https://fedoraproject.org/wiki/Features/var-run-tmpfs # * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft # Requires: initscripts +%else +Requires: pki-common +Requires: pki-selinux +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts %endif Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -167,19 +173,27 @@ fi %else %post # Attempt to update ALL old "OCSP" instances to "systemd" -#for inst in `ls /etc/sysconfig/pki/ocsp`; do -# if [ ! -e "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service" ]; then -# ln -s "/lib/systemd/system/pki-ocspd@.service" "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service" -# [ -e /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} -# ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} -# echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> /var/lib/${inst}/conf/CS.cfg -# fi -#done +for inst in `ls /etc/sysconfig/pki/ocsp`; do + if [ ! -e "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-ocspd@.service" \ + "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service" + [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} + ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-ocspd@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi +done /bin/systemctl daemon-reload >/dev/null 2>&1 || : -# Attempt to restart ALL updated "OCSP" instances -#if [ $1 = 2 ] ; then -# /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || : -#fi %preun if [ $1 = 0 ] ; then @@ -225,6 +239,11 @@ fi %changelog +* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1 +- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) + * Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-1 - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) diff --git a/pki/specs/pki-ra.spec b/pki/specs/pki-ra.spec index b1cb13b6..bcc33560 100644 --- a/pki/specs/pki-ra.spec +++ b/pki/specs/pki-ra.spec @@ -1,5 +1,5 @@ Name: pki-ra -Version: 9.0.3 +Version: 9.0.4 Release: 1%{?dist} Summary: Certificate System - Registration Authority URL: http://pki.fedoraproject.org/ @@ -18,7 +18,7 @@ Requires: mod_nss >= 1.0.8 Requires: mod_perl >= 1.99_16 Requires: mod_revocator >= 1.0.3 Requires: pki-native-tools -Requires: pki-ra-theme +Requires: pki-ra-theme >= 9.0.0 Requires: pki-selinux Requires: pki-setup Requires: perl-DBD-SQLite @@ -181,6 +181,10 @@ fi %changelog +* Thu Sep 22 2011 Ade Lee <alee@redhat.com> 9.0.4-1 +- Bugzilla Bug #733065 - User enrollment with RA -- this fails with + CA Connection Error + * Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1 - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #699364 - PKI-RA instance not created successfully (alee) diff --git a/pki/specs/pki-tks.spec b/pki/specs/pki-tks.spec index 7c151bce..eb099928 100644 --- a/pki/specs/pki-tks.spec +++ b/pki/specs/pki-tks.spec @@ -1,5 +1,5 @@ Name: pki-tks -Version: 9.0.6 +Version: 9.0.7 Release: 1%{?dist} Summary: Certificate System - Token Key Service URL: http://pki.fedoraproject.org/ @@ -12,42 +12,49 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: cmake BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: nspr-devel +BuildRequires: nss-devel %if 0%{?fedora} >= 16 BuildRequires: jpackage-utils >= 0:1.7.5-10 +BuildRequires: jss >= 4.2.6-19.1 +BuildRequires: pki-common >= 9.0.15 +BuildRequires: pki-util >= 9.0.15 +BuildRequires: systemd-units %else BuildRequires: jpackage-utils -%endif BuildRequires: jss >= 4.2.6-17 -BuildRequires: nspr-devel -BuildRequires: nss-devel BuildRequires: pki-common BuildRequires: pki-util -%if 0%{?fedora} >= 16 -BuildRequires: systemd-units %endif Requires: java >= 1:1.6.0 -Requires: pki-common -Requires: pki-selinux -Requires: pki-tks-theme +Requires: pki-tks-theme >= 9.0.0 %if 0%{?fedora} >= 16 +Requires: pki-common >= 9.0.15 +Requires: pki-selinux >= 9.0.15 Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -%else +%elseif 0%{?fedora} >= 15 +Requires: pki-common +Requires: pki-selinux Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts Requires(postun): initscripts -%endif - -%if 0%{?fedora} >= 15 # Details: # # * https://fedoraproject.org/wiki/Features/var-run-tmpfs # * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft # Requires: initscripts +%else +Requires: pki-common +Requires: pki-selinux +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts %endif Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz @@ -157,19 +164,27 @@ fi %else %post # Attempt to update ALL old "TKS" instances to "systemd" -#for inst in `ls /etc/sysconfig/pki/tks`; do -# if [ ! -e "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" ]; then -# ln -s "/lib/systemd/system/pki-tksd@.service" "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" -# [ -e /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} -# ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} -# echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> /var/lib/${inst}/conf/CS.cfg -# fi -#done +for inst in `ls /etc/sysconfig/pki/tks`; do + if [ ! -e "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" ]; then + ln -s "/lib/systemd/system/pki-tksd@.service" \ + "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" + [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} + ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} + + if [ -e /var/run/${inst}.pid ]; then + kill -9 `cat /var/run/${inst}.pid` || : + rm -f /var/run/${inst}.pid + echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl restart pki-tksd@${inst}.service || : + else + echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \ + /var/lib/${inst}/conf/CS.cfg || : + fi + fi +done /bin/systemctl daemon-reload >/dev/null 2>&1 || : -# Attempt to restart ALL updated "TKS" instances -#if [ $1 = 2 ] ; then -# /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || : -#fi %preun if [ $1 = 0 ] ; then @@ -214,6 +229,13 @@ fi %changelog +* Thu Sep 22 2011 Jack Magne <jmagne@redhat.com> 9.0.7-1 +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) +- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode + (hsm+NSS). (jmagne) +- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) +- Bugzilla Bug #699809 - Convert CS to use systemd (alee) + * Mon Sep 12 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-1 - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) diff --git a/pki/specs/pki-tps.spec b/pki/specs/pki-tps.spec index bd91f1b3..ac704526 100644 --- a/pki/specs/pki-tps.spec +++ b/pki/specs/pki-tps.spec @@ -1,5 +1,5 @@ Name: pki-tps -Version: 9.0.6 +Version: 9.0.7 Release: 1%{?dist} Summary: Certificate System - Token Processing System URL: http://pki.fedoraproject.org/ @@ -29,7 +29,7 @@ Requires: perl-Mozilla-LDAP Requires: pki-native-tools Requires: pki-selinux Requires: pki-setup -Requires: pki-tps-theme +Requires: pki-tps-theme >= 9.0.0 Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts @@ -215,6 +215,15 @@ fi %changelog +* Thu Sep 22 2011 Jack Magne <jmagne@redhat.com> 9.0.7-1 +- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) +- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode + (hsm+NSS). (jmagne) +- Bugzilla Bug #737184 - TPS UI display admin user name as + "undefined TUS Administrator". (awnuk) +- Bugzilla Bug #735191 - in ou=tokens, token_type not getting updated if a + card is changed from one type to another (awnuk) + * Wed Aug 10 2011 Jack Magne <jmagne@redhat.com> 9.0.6-1 - Bugzilla Bug #725572 - Starting TPS subsystem with no pre-existing audit log file does not write audit messages. |