[pki-core/f16] Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) Bugzilla Bug #699809 -
kwright
kwright at fedoraproject.org
Fri Oct 7 01:24:52 UTC 2011
commit 951fbce5d133fa0fcf62aaf30dd22b0a244cb81e
Author: Kevin Wright <kwright at redhat.com>
Date: Thu Oct 6 18:24:51 2011 -0700
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
Bugzilla Bug #699809 - Convert CS to use systemd (alee)
'pki-setup'
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
'pki-symkey'
Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
'pki-native-tools'
Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
'pki-util'
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
'pki-java-tools'
'pki-common'
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
Bugzilla Bug #737218 - Incorrect request attribute name matching
ignores request attributes during request parsing. (awnuk)
Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
'pki-selinux'
Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
'pki-ca'
Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
'pki-silent'
Bugzilla Bug #739201 - pkisilent does not take arch into account
as Java packages migrated to arch-dependent directories (mharmsen)
.gitignore | 1 +
clog | 33 ++++++++---
pki-core.spec | 184 +++++++++++++++++++++++++++++++++++++++-----------------
sources | 2 +-
4 files changed, 155 insertions(+), 65 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index dd37490..49580f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@
/pki-core-9.0.7.tar.gz
/pki-core-9.0.9.tar.gz
/pki-core-9.0.14.tar.gz
+/pki-core-9.0.15.tar.gz
diff --git a/clog b/clog
index 32cef3d..056b158 100644
--- a/clog
+++ b/clog
@@ -1,17 +1,34 @@
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
+Bugzilla Bug #699809 - Convert CS to use systemd (alee)
'pki-setup'
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
+Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
'pki-symkey'
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+(hsm+NSS). (jmagne)
'pki-native-tools'
+Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
'pki-util'
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
'pki-java-tools'
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
'pki-common'
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
+Bugzilla Bug #737218 - Incorrect request attribute name matching
+ignores request attributes during request parsing. (awnuk)
+Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+(hsm+NSS). (jmagne)
'pki-selinux'
+Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
'pki-ca'
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
-Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+Bugzilla Bug #712931 - CS requires too many ports
+to be open in the FW (alee)
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
'pki-silent'
-Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+Bugzilla Bug #739201 - pkisilent does not take arch into account
+as Java packages migrated to arch-dependent directories (mharmsen)
diff --git a/pki-core.spec b/pki-core.spec
index 4ec05d9..37e0f59 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -1,5 +1,5 @@
Name: pki-core
-Version: 9.0.14
+Version: 9.0.15
Release: 1%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
@@ -8,36 +8,42 @@ Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-# jss requires versioning to meet both build and runtime requirements
+# specify '_unitdir' macro for platforms that don't use 'systemd'
+%if 0%{?rhel} || 0%{?fedora} < 16
+%define _unitdir /lib/systemd/system
+%endif
+
# tomcatjss requires versioning since version 2.0.0 requires tomcat6
-# pki-common-theme requires versioning to meet runtime requirements
-# pki-ca-theme requires versioning to meet runtime requirements
BuildRequires: cmake
BuildRequires: java-devel >= 1:1.6.0
-%if 0%{?fedora} >= 16
-BuildRequires: jpackage-utils >= 0:1.7.5-10
-%else
-BuildRequires: jpackage-utils
-%endif
-BuildRequires: jss >= 4.2.6-17
BuildRequires: ldapjdk
BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: openldap-devel
-BuildRequires: osutil
BuildRequires: pkgconfig
BuildRequires: policycoreutils
BuildRequires: selinux-policy-devel
-%if 0%{?fedora} >= 15
-BuildRequires: tomcatjss >= 6.0.0
-%else
-BuildRequires: tomcatjss >= 2.0.0
-%endif
BuildRequires: velocity
BuildRequires: xalan-j2
BuildRequires: xerces-j2
%if 0%{?fedora} >= 16
+BuildRequires: jpackage-utils >= 0:1.7.5-10
+BuildRequires: jss >= 4.2.6-19.1
+BuildRequires: osutil >= 2.0.2
BuildRequires: systemd-units
+BuildRequires: tomcatjss >= 6.0.2
+%else
+%if 0%{?fedora} >= 15
+BuildRequires: jpackage-utils
+BuildRequires: jss >= 4.2.6-17
+BuildRequires: osutil >= 2.0.1
+BuildRequires: tomcatjss >= 6.0.0
+%else
+BuildRequires: jpackage-utils
+BuildRequires: jss >= 4.2.6-17
+BuildRequires: osutil
+BuildRequires: tomcatjss >= 2.0.0
+%endif
%endif
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
@@ -127,13 +133,14 @@ Summary: Symmetric Key JNI Package
Group: System Environment/Libraries
Requires: java >= 1:1.6.0
+Requires: nss
%if 0%{?fedora} >= 16
Requires: jpackage-utils >= 0:1.7.5-10
+Requires: jss >= 4.2.6-19.1
%else
Requires: jpackage-utils
-%endif
Requires: jss >= 4.2.6-17
-Requires: nss
+%endif
Provides: symkey = %{version}-%{release}
@@ -172,14 +179,22 @@ Group: System Environment/Base
BuildArch: noarch
Requires: java >= 1:1.6.0
+Requires: ldapjdk
%if 0%{?fedora} >= 16
Requires: jpackage-utils >= 0:1.7.5-10
+Requires: jss >= 4.2.6-19.1
+Requires: osutil >= 2.0.2
+%else
+%if 0%{?fedora} >= 15
+Requires: jpackage-utils
+Requires: jss >= 4.2.6-17
+Requires: osutil >= 2.0.1
%else
Requires: jpackage-utils
-%endif
Requires: jss >= 4.2.6-17
-Requires: ldapjdk
Requires: osutil
+%endif
+%endif
%description -n pki-util
The PKI Utility Framework is required by the following four PKI subsystems:
@@ -218,13 +233,13 @@ Group: System Environment/Base
BuildArch: noarch
Requires: java >= 1:1.6.0
+Requires: pki-native-tools = %{version}-%{release}
+Requires: pki-util = %{version}-%{release}
%if 0%{?fedora} >= 16
Requires: jpackage-utils >= 0:1.7.5-10
%else
Requires: jpackage-utils
%endif
-Requires: pki-native-tools = %{version}-%{release}
-Requires: pki-util = %{version}-%{release}
%description -n pki-java-tools
These platform-independent PKI executables are used to help make
@@ -258,25 +273,11 @@ Group: System Environment/Base
BuildArch: noarch
-%if 0%{?fedora} >= 14
-Requires: apache-commons-lang
-Requires: apache-commons-logging
-%endif
-%if 0%{?rhel} || 0%{?fedora} < 14
-Requires: jakarta-commons-lang
-Requires: jakarta-commons-logging
-%endif
Requires: java >= 1:1.6.0
-Requires: jss >= 4.2.6-17
Requires: pki-common-theme >= 9.0.0
Requires: pki-java-tools = %{version}-%{release}
Requires: pki-setup = %{version}-%{release}
Requires: pki-symkey = %{version}-%{release}
-%if 0%{?fedora} >= 15
-Requires: tomcatjss >= 6.0.0
-%else
-Requires: tomcatjss >= 2.0.0
-%endif
Requires: %{_javadir}/ldapjdk.jar
Requires: %{_javadir}/velocity.jar
Requires: %{_javadir}/xalan-j2.jar
@@ -285,6 +286,31 @@ Requires: %{_javadir}/xerces-j2.jar
Requires: %{_javadir}/xml-commons-apis.jar
Requires: %{_javadir}/xml-commons-resolver.jar
Requires: velocity
+%if 0%{?fedora} >= 16
+Requires: apache-commons-lang
+Requires: apache-commons-logging
+Requires: jss >= 4.2.6-19.1
+Requires: tomcatjss >= 6.0.2
+%else
+%if 0%{?fedora} >= 15
+Requires: apache-commons-lang
+Requires: apache-commons-logging
+Requires: jss >= 4.2.6-17
+Requires: tomcatjss >= 6.0.0
+%else
+%if 0%{?fedora} >= 14
+Requires: apache-commons-lang
+Requires: apache-commons-logging
+Requires: jss >= 4.2.6-17
+Requires: tomcatjss >= 2.0.0
+%else
+Requires: jakarta-commons-lang
+Requires: jakarta-commons-logging
+Requires: jss >= 4.2.6-17
+Requires: tomcatjss >= 2.0.0
+%endif
+%endif
+%endif
%description -n pki-common
The PKI Common Framework is required by the following four PKI subsystems:
@@ -347,20 +373,24 @@ Requires: pki-selinux = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
-%else
+%else
+%if 0%{?fedora} >= 15
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
-%endif
-
-%if 0%{?fedora} >= 15
# Details:
#
# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
#
Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
%endif
%description -n pki-ca
@@ -425,10 +455,6 @@ cd build
cd build
%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
-%if 0%{?rhel} || 0%{?fedora} < 16
-%{__rm} %{buildroot}%{_bindir}/pkicontrol
-%endif
-
cd %{buildroot}%{_libdir}/symkey
%{__rm} symkey.jar
%if 0%{?fedora} >= 16
@@ -461,6 +487,7 @@ echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile
%if 0%{?fedora} >= 16
%{__rm} %{buildroot}%{_initrddir}/pki-cad
%else
+%{__rm} %{buildroot}%{_bindir}/pkicontrol
%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants
%{__rm} -rf %{buildroot}%{_unitdir}
%endif
@@ -508,19 +535,27 @@ fi
%else
%post -n pki-ca
# Attempt to update ALL old "CA" instances to "systemd"
-#for inst in `ls /etc/sysconfig/pki/ca`; do
-# if [ ! -e "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" ]; then
-# ln -s "/lib/systemd/system/pki-cad at .service" "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service"
-# [ -e /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
-# ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
-# echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> /var/lib/${inst}/conf/CS.cfg
-# fi
-#done
+for inst in `ls /etc/sysconfig/pki/ca`; do
+ if [ ! -e "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-cad at .service" \
+ "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-cad@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+done
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-# Attempt to restart ALL updated "CA" instances
-#if [ $1 = 2 ] ; then
-# /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
-#fi
%preun -n pki-ca
if [ $1 = 0 ] ; then
@@ -542,6 +577,7 @@ fi
%doc base/setup/LICENSE
%{_bindir}/pkicreate
%{_bindir}/pkiremove
+%{_bindir}/pki-setup-proxy
%dir %{_datadir}/pki
%dir %{_datadir}/pki/scripts
%{_datadir}/pki/scripts/pkicommon.pm
@@ -683,6 +719,42 @@ fi
%changelog
+* Thu Sep 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.15-1
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-setup'
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
+- 'pki-symkey'
+- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+ (hsm+NSS). (jmagne)
+- 'pki-native-tools'
+- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- 'pki-util'
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- 'pki-java-tools'
+- 'pki-common'
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- Bugzilla Bug #737218 - Incorrect request attribute name matching
+ ignores request attributes during request parsing. (awnuk)
+- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+ (hsm+NSS). (jmagne)
+- 'pki-selinux'
+- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
+- 'pki-ca'
+- Bugzilla Bug #712931 - CS requires too many ports
+ to be open in the FW (alee)
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- 'pki-silent'
+- Bugzilla Bug #739201 - pkisilent does not take arch into account
+ as Java packages migrated to arch-dependent directories (mharmsen)
+
* Fri Sep 9 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.14-1
- 'pki-setup'
- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
diff --git a/sources b/sources
index 2ec93f6..1fce21c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-aa7d10d26dead8df388e6c3a447b3243 pki-core-9.0.14.tar.gz
+6da9f68121a45aa40730fc92813d4aa6 pki-core-9.0.15.tar.gz
More information about the scm-commits
mailing list