6 files changed, 115 insertions, 94 deletions
diff --git a/pki/dogtag/ca/pki-ca.spec b/pki/dogtag/ca/pki-ca.spec
index 7268e955..20a93d03 100644
--- a/pki/dogtag/ca/pki-ca.spec
+++ b/pki/dogtag/ca/pki-ca.spec
@@ -1,6 +1,6 @@
 Name:           pki-ca
 Version:        1.3.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Dogtag Certificate System - Certificate Authority
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -75,12 +75,12 @@ rm -rf %{buildroot}
 
 %post
 # This adds the proper /etc/rc*.d links for the script
-/sbin/chkconfig --add pki-cad
+/sbin/chkconfig --add pki-cad || :
 
 %preun
 if [ $1 = 0 ] ; then
-    /sbin/service pki-cad stop >/dev/null 2>&1 || :
-    /sbin/chkconfig --del pki-cad
+    /sbin/service pki-cad stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-cad || :
 fi
 
 %postun
@@ -98,6 +98,9 @@ fi
 %{_localstatedir}/run/*
 
 %changelog
+* Tue Jan 12 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-7
+- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
+
 * Mon Dec 7 2009 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6
 - Bugzilla Bug #522210 - Packaging for Fedora Dogtag
 - Bugzilla Bug #529070 -  rpm packaging problems (cannot reinstall correctly) 
diff --git a/pki/dogtag/kra/pki-kra.spec b/pki/dogtag/kra/pki-kra.spec
index ca418c44..c21f0c37 100644
--- a/pki/dogtag/kra/pki-kra.spec
+++ b/pki/dogtag/kra/pki-kra.spec
@@ -1,6 +1,6 @@
 Name:           pki-kra
 Version:        1.3.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Dogtag Certificate System - Data Recovery Manager
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -23,6 +23,11 @@ Requires:       java >= 1:1.6.0
 Requires:       pki-common
 Requires:       pki-kra-ui
 Requires:       pki-selinux
+Requires:       pki-silent
+Requires(post):    chkconfig
+Requires(preun):   chkconfig
+Requires(preun):   initscripts
+Requires(postun):  initscripts
 
 Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
 
@@ -52,6 +57,7 @@ properties of signing keys.
 
 %build
 ant \
+    -Dinit.d="rc.d/init.d" \
     -Dproduct.ui.flavor.prefix="" \
     -Dproduct.prefix="pki" \
     -Dproduct="kra" \
@@ -67,49 +73,45 @@ cd dist/binary
 unzip %{name}-%{version}.zip -d %{buildroot}
 sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/kra/conf/CS.cfg
 sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/kra/conf/CS.cfg
-cd %{buildroot}%{_javadir}/pki/kra
+mkdir -p %{buildroot}%{_localstatedir}/lock/pki/kra
+mkdir -p %{buildroot}%{_localstatedir}/run/pki/kra
+cd %{buildroot}%{_javadir}
 mv kra.jar kra-%{version}.jar
 ln -s kra-%{version}.jar kra.jar
 
 %clean
 rm -rf %{buildroot}
 
-%pre
-if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then
-        echo "Adding default PKI group \"pkiuser\" to /etc/group."
-        groupadd pkiuser
-fi
-if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then
-        echo "Adding default PKI user \"pkiuser\" to /etc/passwd."
-        useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser
-fi
-
 %post
-%{_datadir}/pki/kra/setup/postinstall pki kra %{version} %{release}
-echo ""
-echo "Install finished."
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-krad || :
 
 %preun
-if [ -d /var/lib/pki-kra ] ; then
-        echo "WARNING:  The default instance \"/var/lib/pki-kra\" was NOT removed!"
-        echo ""
-        echo "NOTE:  This means that the data in the default instance called"
-        echo "       \"/var/lib/pki-kra\" will NOT be overwritten once the"
-        echo "       \"%{name}\" package is re-installed."
-        echo ""
-        echo "Shutting down the default instance \"/var/lib/pki-kra\""
-        echo "PRIOR to uninstalling the \"%{name}\" package:"
-        echo ""
-        /etc/init.d/pki-kra stop
+if [ $1 = 0 ] ; then
+    /sbin/service pki-krad stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-krad || :
+fi
+
+%postun
+if [ "$1" -ge "1" ] ; then
+    /sbin/service pki-krad condrestart >/dev/null 2>&1 || :
 fi
 
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
-%{_javadir}/pki/kra/*
-%{_datadir}/pki/kra/*
+%{_initrddir}/*
+%{_javadir}/*
+%{_datadir}/pki/
+%{_localstatedir}/lock/*
+%{_localstatedir}/run/*
 
 %changelog
+* Fri Jan 8 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
+- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . .
+- Bugzilla Bug #553842 - New Package for Dogtag PKI: pki-kra
+
 * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
 - Removed 'with exceptions' from License
 
diff --git a/pki/dogtag/ocsp/pki-ocsp.spec b/pki/dogtag/ocsp/pki-ocsp.spec
index a58384d6..e79c6ed7 100644
--- a/pki/dogtag/ocsp/pki-ocsp.spec
+++ b/pki/dogtag/ocsp/pki-ocsp.spec
@@ -1,6 +1,6 @@
 Name:           pki-ocsp
 Version:        1.3.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Dogtag Certificate System - Online Certificate Status Protocol Manager
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -23,6 +23,11 @@ Requires:       java >= 1:1.6.0
 Requires:       pki-common
 Requires:       pki-ocsp-ui
 Requires:       pki-selinux
+Requires:       pki-silent
+Requires(post):    chkconfig
+Requires(preun):   chkconfig
+Requires(preun):   initscripts
+Requires(postun):  initscripts
 
 Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
 
@@ -61,6 +66,7 @@ CRLs are published to it whenever they are issued or updated.
 
 %build
 ant \
+    -Dinit.d="rc.d/init.d" \
     -Dproduct.ui.flavor.prefix="" \
     -Dproduct.prefix="pki" \
     -Dproduct="ocsp" \
@@ -76,49 +82,45 @@ cd dist/binary
 unzip %{name}-%{version}.zip -d %{buildroot}
 sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg
 sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/ocsp/conf/CS.cfg
-cd %{buildroot}%{_javadir}/pki/ocsp
+mkdir -p %{buildroot}%{_localstatedir}/lock/pki/ocsp
+mkdir -p %{buildroot}%{_localstatedir}/run/pki/ocsp
+cd %{buildroot}%{_javadir}
 mv ocsp.jar ocsp-%{version}.jar
 ln -s ocsp-%{version}.jar ocsp.jar
 
 %clean
 rm -rf %{buildroot}
 
-%pre
-if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then
-        echo "Adding default PKI group \"pkiuser\" to /etc/group."
-        groupadd pkiuser
-fi
-if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then
-        echo "Adding default PKI user \"pkiuser\" to /etc/passwd."
-        useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser
-fi
-
 %post
-%{_datadir}/pki/ocsp/setup/postinstall pki ocsp %{version} %{release}
-echo ""
-echo "Install finished."
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-ocspd || :
 
 %preun
-if [ -d /var/lib/pki-ocsp ] ; then
-        echo "WARNING:  The default instance \"/var/lib/pki-ocsp\" was NOT removed!"
-        echo ""
-        echo "NOTE:  This means that the data in the default instance called"
-        echo "       \"/var/lib/pki-ocsp\" will NOT be overwritten once the"
-        echo "       \"%{name}\" package is re-installed."
-        echo ""
-        echo "Shutting down the default instance \"/var/lib/pki-ocsp\""
-        echo "PRIOR to uninstalling the \"%{name}\" package:"
-        echo ""
-        /etc/init.d/pki-ocsp stop
+if [ $1 = 0 ] ; then
+    /sbin/service pki-ocspd stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-ocspd || :
+fi
+
+%postun
+if [ "$1" -ge "1" ] ; then
+    /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || :
 fi
 
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
-%{_javadir}/pki/ocsp/*
-%{_datadir}/pki/ocsp/*
+%{_initrddir}/*
+%{_javadir}/*
+%{_datadir}/pki/
+%{_localstatedir}/lock/*
+%{_localstatedir}/run/*
 
 %changelog
+* Fri Jan 8 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
+- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . .
+- Bugzilla Bug #553844 - New Package for Dogtag PKI: pki-ocsp
+
 * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
 - Removed 'with exceptions' from License
 
diff --git a/pki/dogtag/selinux/pki-selinux.spec b/pki/dogtag/selinux/pki-selinux.spec
index 7a5c16b6..d4303879 100644
--- a/pki/dogtag/selinux/pki-selinux.spec
+++ b/pki/dogtag/selinux/pki-selinux.spec
@@ -1,6 +1,6 @@
 Name:           pki-selinux
-Version:        1.3.0
-Release:        5%{?dist}
+Version:        1.3.1
+Release:        1%{?dist}
 Summary:        Dogtag Certificate System - PKI Selinux Policies
 URL:            https://pki.fedoraproject.org/
 License:        GPLv2
@@ -82,6 +82,12 @@ fi
 %{_datadir}/selinux/modules/pki.pp
 
 %changelog
+* Mon Jan 11 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model
+- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . .
+- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . .
+- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . .
+
 * Fri Jan 8 2010 Kevin Wright <kwright@redhat.com> 1.3.0-5
 - Removed fc10 and fc11-specific Requires and Build Requires
 
diff --git a/pki/dogtag/setup/pki-setup.spec b/pki/dogtag/setup/pki-setup.spec
index 9487dde7..6f3e99ca 100644
--- a/pki/dogtag/setup/pki-setup.spec
+++ b/pki/dogtag/setup/pki-setup.spec
@@ -1,6 +1,6 @@
 Name:           pki-setup
-Version:        1.3.0
-Release:        6%{?dist}
+Version:        1.3.1
+Release:        1%{?dist}
 Summary:        Dogtag Certificate system - PKI Instance Creation and Removal Scripts
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -51,6 +51,14 @@ rm -rf %{buildroot}
 %{_datadir}/pki/
 
 %changelog
+* Thu Jan 7 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1
+- Bugzilla Bug #475895 - Disallow creation of an initial login shell
+- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into
+  pkicreate . . .
+- Bugzilla Bug #553072 - Apply "registry" logic to pki-kra . . .
+- Bugzilla Bug #553074 - Apply "registry" logic to pki-ocsp . . .
+- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . .
+
 * Wed Dec 23 2009 Kevin Wright <kwright@redhat.com> 1.3.0-6
 - Bugzilla Bug #521993 - packaging for Fedora Dogtag
 - Removed Requires for all perl packages
diff --git a/pki/dogtag/tks/pki-tks.spec b/pki/dogtag/tks/pki-tks.spec
index 01cb6de8..f821f975 100644
--- a/pki/dogtag/tks/pki-tks.spec
+++ b/pki/dogtag/tks/pki-tks.spec
@@ -1,6 +1,6 @@
 Name:           pki-tks
 Version:        1.3.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Dogtag Certificate System - Token Key Service
 URL:            http://pki.fedoraproject.org/
 License:        GPLv2
@@ -23,6 +23,11 @@ Requires:       java >= 1:1.6.0
 Requires:       pki-tks-ui
 Requires:       pki-common
 Requires:       pki-selinux
+Requires:       pki-silent
+Requires(post):    chkconfig
+Requires(preun):   chkconfig
+Requires(preun):   initscripts
+Requires(postun):  initscripts
 
 Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
 
@@ -54,6 +59,7 @@ restricted access.
 
 %build
 ant \
+    -Dinit.d="rc.d/init.d" \
     -Dproduct.ui.flavor.prefix="" \
     -Dproduct.prefix="pki" \
     -Dproduct="tks" \
@@ -69,51 +75,45 @@ cd dist/binary
 unzip %{name}-%{version}.zip -d %{buildroot}
 sed -i 's/^preop.product.version=.*$/preop.product.version=%{version}/' %{buildroot}%{_datadir}/pki/tks/conf/CS.cfg
 sed -i 's/^cms.version=.*$/cms.version=%{major_version}.%{minor_version}/' %{buildroot}%{_datadir}/pki/tks/conf/CS.cfg
-cd %{buildroot}%{_javadir}/pki/tks
+mkdir -p %{buildroot}%{_localstatedir}/lock/pki/tks
+mkdir -p %{buildroot}%{_localstatedir}/run/pki/tks
+cd %{buildroot}%{_javadir}
 mv tks.jar tks-%{version}.jar
 ln -s tks-%{version}.jar tks.jar
 
 %clean
 rm -rf %{buildroot}
 
-%pre
-if [ `grep -c pkiuser /etc/group` -eq 0 ] ; then
-        echo "Adding default PKI group \"pkiuser\" to /etc/group."
-        groupadd pkiuser
-fi
-if [ `grep -c pkiuser /etc/passwd` -eq 0 ] ; then
-        echo "Adding default PKI user \"pkiuser\" to /etc/passwd."
-        useradd -g pkiuser -d %{_datadir}/pki -s /sbin/nologin -c "Dogtag Certificate System" -m pkiuser
-fi
-
-
 %post
-%{_datadir}/pki/tks/setup/postinstall pki tks %{version} %{release}
-echo ""
-echo "Install finished."
-
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-tksd || :
 
 %preun
-if [ -d /var/lib/pki-tks ] ; then
-        echo "WARNING:  The default instance \"/var/lib/pki-tks\" was NOT removed!"
-        echo ""
-        echo "NOTE:  This means that the data in the default instance called"
-        echo "       \"/var/lib/pki-tks\" will NOT be overwritten once the"
-        echo "       \"%{name}\" package is re-installed."
-        echo ""
-        echo "Shutting down the default instance \"/var/lib/pki-tks\""
-        echo "PRIOR to uninstalling the \"%{name}\" package:"
-        echo ""
-        /etc/init.d/pki-tks stop
+if [ $1 = 0 ] ; then
+    /sbin/service pki-tksd stop >/dev/null 2>&1
+    /sbin/chkconfig --del pki-tksd || :
+fi
+
+%postun
+if [ "$1" -ge "1" ] ; then
+    /sbin/service pki-tksd condrestart >/dev/null 2>&1 || :
 fi
 
 %files
 %defattr(-,root,root,-)
 %doc LICENSE
-%{_javadir}/pki/tks/*
-%{_datadir}/pki/tks/*
+%{_initrddir}/*
+%{_javadir}/*
+%{_datadir}/pki/
+%{_localstatedir}/lock/*
+%{_localstatedir}/run/*
 
 %changelog
+* Fri Jan 8 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3
+- Corrected "|| :" scriptlet logic (see Bugzilla Bug #475895)
+- Bugzilla Bug #553075 - Apply "registry" logic to pki-tks . . .
+- Bugzilla Bug #553847 - New Package for Dogtag PKI: pki-tks
+
 * Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2
 - Removed 'with exceptions' from License