[pki-core] 'pki-setup' Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . 'pki-symkey' Bugzilla
kwright
kwright at fedoraproject.org
Tue Sep 13 08:45:49 UTC 2011
commit 5a5e1cdb256017f32d0a2f2262bf1c9a68132384
Author: Kevin Wright <kwright at redhat.com>
Date: Tue Sep 13 01:45:37 2011 -0700
'pki-setup'
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-symkey'
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-native-tools'
'pki-util'
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-java-tools'
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-common'
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-selinux'
'pki-ca'
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
Bugzilla Bug #699809 - Convert CS to use systemd (alee)
'pki-silent'
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
.gitignore | 1 +
clog | 89 ++----------------------
pki-core.spec | 208 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
sources | 2 +-
4 files changed, 211 insertions(+), 89 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index a43df5f..dd37490 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
/pki-core-9.0.6.tar.gz
/pki-core-9.0.7.tar.gz
/pki-core-9.0.9.tar.gz
+/pki-core-9.0.14.tar.gz
diff --git a/clog b/clog
index 904107c..32cef3d 100644
--- a/clog
+++ b/clog
@@ -1,90 +1,17 @@
-Updated release of 'jss'
-Updated release of 'tomcatjss' for Fedora 15
'pki-setup'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
-(jdennis)
-Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-symkey'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-native-tools'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #717765 - TPS configuration: logging into security domain
-from tps does not work with clientauth=want. (alee)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
'pki-util'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-java-tools'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
-Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
-processing) (mharmsen)
-Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-common'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #695403 - Editing signedaudit or transaction, system
-logs throws 'Invalid protocol' for OCSP subsystems (alee)
-Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
-Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
-populated in the CA signedAudit messages (alee)
-Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
-Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
-populated in the CA signedAudit messages (jmagne)
-Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
-Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
-SubjectID=$Unidentified$ fails audit evaluation (jmagne)
-Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
-subsequent SCEP requests. (awnuk)
-Bugzilla Bug #661142 - Verification should fail when a revoked
-certificate is added. (jmagne)
-Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
-for modify/add (alee)
-Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
-Bugzilla Bug #707607 - Published certificate summary has list of
-non-published certificates with succeeded status (jmagne)
-Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
-for tps and ca on server shutdown (jmagne)
-Bugzilla Bug #697939 - DRM signed audit log message - operation should
-be read instead of modify (jmagne)
-Bugzilla Bug #718427 - When audit log is full, server continue to
-function. (alee)
-Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
-CA's signedaudit log when a directory based user enrollment is
-performed (jmagne)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-selinux'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #720503 - RA and TPS require additional SELinux
-permissions to run in "Enforcing" mode (alee)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
'pki-ca'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
-(jdennis)
-Bugzilla Bug #699837 - service command is not fully backwards
-compatible with Dogtag pki subsystems (mharmsen)
-Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
-administrator group. (jmagne)
-Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
-for modify/add (alee)
-Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
-pages (alee)
-Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
-for a revocation invoked by EE user (awnuk)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+Bugzilla Bug #699809 - Convert CS to use systemd (alee)
'pki-silent'
-Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
-(mharmsen)
-Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
diff --git a/pki-core.spec b/pki-core.spec
index 86d34a3..4ec05d9 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -1,5 +1,5 @@
Name: pki-core
-Version: 9.0.9
+Version: 9.0.14
Release: 1%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
@@ -14,7 +14,11 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
# pki-ca-theme requires versioning to meet runtime requirements
BuildRequires: cmake
BuildRequires: java-devel >= 1:1.6.0
+%if 0%{?fedora} >= 16
+BuildRequires: jpackage-utils >= 0:1.7.5-10
+%else
BuildRequires: jpackage-utils
+%endif
BuildRequires: jss >= 4.2.6-17
BuildRequires: ldapjdk
BuildRequires: nspr-devel
@@ -32,6 +36,9 @@ BuildRequires: tomcatjss >= 2.0.0
BuildRequires: velocity
BuildRequires: xalan-j2
BuildRequires: xerces-j2
+%if 0%{?fedora} >= 16
+BuildRequires: systemd-units
+%endif
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
@@ -120,7 +127,11 @@ Summary: Symmetric Key JNI Package
Group: System Environment/Libraries
Requires: java >= 1:1.6.0
+%if 0%{?fedora} >= 16
+Requires: jpackage-utils >= 0:1.7.5-10
+%else
Requires: jpackage-utils
+%endif
Requires: jss >= 4.2.6-17
Requires: nss
@@ -161,7 +172,11 @@ Group: System Environment/Base
BuildArch: noarch
Requires: java >= 1:1.6.0
+%if 0%{?fedora} >= 16
+Requires: jpackage-utils >= 0:1.7.5-10
+%else
Requires: jpackage-utils
+%endif
Requires: jss >= 4.2.6-17
Requires: ldapjdk
Requires: osutil
@@ -203,6 +218,11 @@ Group: System Environment/Base
BuildArch: noarch
Requires: java >= 1:1.6.0
+%if 0%{?fedora} >= 16
+Requires: jpackage-utils >= 0:1.7.5-10
+%else
+Requires: jpackage-utils
+%endif
Requires: pki-native-tools = %{version}-%{release}
Requires: pki-util = %{version}-%{release}
@@ -323,10 +343,17 @@ Requires: java >= 1:1.6.0
Requires: pki-ca-theme >= 9.0.0
Requires: pki-common = %{version}-%{release}
Requires: pki-selinux = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
+%endif
+
%if 0%{?fedora} >= 15
# Details:
#
@@ -389,7 +416,7 @@ This package is a part of the PKI Core used by the Certificate System.
%build
%{__mkdir_p} build
cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_CORE:BOOL=ON ..
+%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_CORE:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} ..
%{__make} VERBOSE=1 %{?_smp_mflags}
@@ -398,13 +425,24 @@ cd build
cd build
%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
+%if 0%{?rhel} || 0%{?fedora} < 16
+%{__rm} %{buildroot}%{_bindir}/pkicontrol
+%endif
+
cd %{buildroot}%{_libdir}/symkey
%{__rm} symkey.jar
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_jnidir}/symkey.jar
+%{__mv} symkey-%{version}.jar %{buildroot}%{_jnidir}/symkey.jar
+%else
%{__ln_s} symkey-%{version}.jar symkey.jar
+%endif
+%if 0%{?rhel} || 0%{?fedora} < 16
cd %{buildroot}%{_jnidir}
%{__rm} symkey.jar
%{__ln_s} %{_libdir}/symkey/symkey.jar symkey.jar
+%endif
%if 0%{?fedora} >= 15
# Details:
@@ -420,6 +458,13 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile
echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-cad
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+
%pre -n pki-selinux
%saveFileContext targeted
@@ -442,8 +487,8 @@ if [ $1 = 0 ]; then
%relabel targeted
fi
-
-%post -n pki-ca
+%if 0%{?rhel} || 0%{?fedora} < 16
+%post -n pki-ca
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-cad || :
@@ -460,6 +505,37 @@ if [ "$1" -ge "1" ] ; then
/sbin/service pki-cad condrestart >/dev/null 2>&1 || :
fi
+%else
+%post -n pki-ca
+# Attempt to update ALL old "CA" instances to "systemd"
+#for inst in `ls /etc/sysconfig/pki/ca`; do
+# if [ ! -e "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" ]; then
+# ln -s "/lib/systemd/system/pki-cad at .service" "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service"
+# [ -e /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+# ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+# echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> /var/lib/${inst}/conf/CS.cfg
+# fi
+#done
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+# Attempt to restart ALL updated "CA" instances
+#if [ $1 = 2 ] ; then
+# /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
+#fi
+
+%preun -n pki-ca
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-cad.target > /dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ca
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
+fi
+%endif
+
%files -n pki-setup
%defattr(-,root,root,-)
@@ -469,8 +545,13 @@ fi
%dir %{_datadir}/pki
%dir %{_datadir}/pki/scripts
%{_datadir}/pki/scripts/pkicommon.pm
+%{_datadir}/pki/scripts/functions
+%{_datadir}/pki/scripts/pki_apache_initscript
%dir %{_localstatedir}/lock/pki
%dir %{_localstatedir}/run/pki
+%if 0%{?fedora} >= 16
+%{_bindir}/pkicontrol
+%endif
%files -n pki-symkey
@@ -479,7 +560,6 @@ fi
%{_jnidir}/symkey.jar
%{_libdir}/symkey/
-
%files -n pki-native-tools
%defattr(-,root,root,-)
%doc base/native-tools/LICENSE base/native-tools/doc/README
@@ -549,8 +629,6 @@ fi
%{_javadir}/pki/pki-cmsbundle.jar
%{_javadir}/pki/pki-cmscore-%{version}.jar
%{_javadir}/pki/pki-cmscore.jar
-%{_datadir}/pki/scripts/functions
-%{_datadir}/pki/scripts/pki_apache_initscript
%{_datadir}/pki/setup/
%files -n pki-common-javadoc
@@ -567,7 +645,13 @@ fi
%files -n pki-ca
%defattr(-,root,root,-)
%doc base/ca/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{_unitdir}/pki-cad at .service
+%{_unitdir}/pki-cad.target
+%else
%{_initrddir}/pki-cad
+%endif
%{_javadir}/pki/pki-ca-%{version}.jar
%{_javadir}/pki/pki-ca.jar
%dir %{_datadir}/pki/ca
@@ -599,6 +683,116 @@ fi
%changelog
+* Fri Sep 9 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.14-1
+- 'pki-setup'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-symkey'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-native-tools'
+- 'pki-util'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-java-tools'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-common'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-selinux'
+- 'pki-ca'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-silent'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+
+* Tue Sep 6 2011 Ade Lee <alee at redhat.com> 9.0.13-1
+- 'pki-setup'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-ca'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-common'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
+* Tue Aug 23 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.12-1
+- 'pki-setup'
+- Bugzilla Bug #712931 - CS requires too many ports
+ to be open in the FW (alee)
+- 'pki-symkey'
+- 'pki-native-tools'
+- Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
+ issues (awnuk)
+- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
+- 'pki-util'
+- 'pki-java-tools'
+- 'pki-common'
+- Bugzilla Bug #700522 - pki tomcat6 instances currently running
+ unconfined, allow server to come up when selinux disabled (alee)
+- Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
+ correctly when subsystem cloned (using hsm) (alee)
+- Bugzilla Bug #712931 - CS requires too many ports
+ to be open in the FW (alee)
+- 'pki-selinux'
+- Bugzilla Bug #712931 - CS requires too many ports
+ to be open in the FW (alee)
+- 'pki-ca'
+- Bugzilla Bug #712931 - CS requires too many ports
+ to be open in the FW (alee)
+- 'pki-silent'
+
+* Wed Aug 10 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.11-1
+- 'pki-setup'
+- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
+ time - remove the inefficient sleeps (alee)
+- 'pki-symkey'
+- 'pki-native-tools'
+- 'pki-util'
+- 'pki-java-tools'
+- Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by
+ renumbering "cn=<value>" (mharmsen)
+- 'pki-common'
+- Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
+ (jmagne, awnuk)
+- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
+ time - remove the inefficient sleeps (alee)
+- Bugzilla Bug #708075 - Clone installation does not work over NAT
+ (alee)
+- Bugzilla Bug #726785 - If replication fails while setting up a clone
+ it will wait forever (alee)
+- Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
+- Bugzilla Bug #700505 - pki tomcat6 instances currently running
+ unconfined (alee)
+- 'pki-selinux'
+- Bugzilla Bug #700505 - pki tomcat6 instances currently running
+ unconfined (alee)
+- 'pki-ca'
+- Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
+ in IPA profile (awnuk)
+- 'pki-silent'
+- Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
+ time - remove the inefficient sleeps (alee)
+
+* Fri Jul 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.10-1
+- 'pki-setup'
+- 'pki-symkey'
+- 'pki-native-tools'
+- 'pki-util'
+- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
+ using an ECC CA to generate ECC certs from CRMF. (jmagne)
+- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
+ for any component value which is equal to its default value (alee)
+- 'pki-java-tools'
+- 'pki-common'
+- Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
+ throws Token not found error. (jmagne)
+- Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
+ using an ECC CA to generate ECC certs from CRMF. (jmagne)
+- Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
+ for any component value which is equal to its default value (alee)
+- Bugzilla Bug #722989 - Registering an agent when a subsystem is
+ created - does not log AUTHZ_SUCCESS event. (alee)
+- 'pki-selinux'
+- 'pki-ca'
+- Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
+ (awnuk)
+- 'pki-silent'
+
* Thu Jul 14 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.9-1
- Updated release of 'jss'
- Updated release of 'tomcatjss' for Fedora 15
diff --git a/sources b/sources
index 71d07cd..2ec93f6 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-107e7adf622c7772a541c2e11f5d1de5 pki-core-9.0.9.tar.gz
+aa7d10d26dead8df388e6c3a447b3243 pki-core-9.0.14.tar.gz
More information about the scm-commits
mailing list