[pki-core/f15] Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) Bugzilla Bug #699809 -
kwright
kwright at fedoraproject.org
Fri Oct 7 01:26:09 UTC 2011
commit 4b493503dd8bac394814656e4676c75faae46e38
Author: Kevin Wright <kwright at redhat.com>
Date: Thu Oct 6 18:26:08 2011 -0700
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
Bugzilla Bug #699809 - Convert CS to use systemd (alee)
'pki-setup'
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
'pki-symkey'
Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
'pki-native-tools'
Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
'pki-util'
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
'pki-java-tools'
'pki-common'
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
Bugzilla Bug #737218 - Incorrect request attribute name matching
ignores request attributes during request parsing. (awnuk)
Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
'pki-selinux'
Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
'pki-ca'
Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
mode (cfu)
'pki-silent'
Bugzilla Bug #739201 - pkisilent does not take arch into account
as Java packages migrated to arch-dependent directories (mharmsen)
.gitignore | 1 +
clog | 34 +++++---
pki-core.spec | 249 +++++++++++++++++++++++++++++++++++++++++++++++++--------
sources | 2 +-
4 files changed, 240 insertions(+), 46 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 42687b3..730b5dc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@
/pki-core-9.0.10.tar.gz
/pki-core-9.0.11.tar.gz
/pki-core-9.0.12.tar.gz
+/pki-core-9.0.15.tar.gz
diff --git a/clog b/clog
index a8f741f..056b158 100644
--- a/clog
+++ b/clog
@@ -1,24 +1,34 @@
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
+Bugzilla Bug #699809 - Convert CS to use systemd (alee)
'pki-setup'
-Bugzilla Bug #712931 - CS requires too many ports
-to be open in the FW (alee)
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
+Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
'pki-symkey'
+Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+(hsm+NSS). (jmagne)
'pki-native-tools'
-Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
-issues (awnuk)
Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
'pki-util'
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
'pki-java-tools'
'pki-common'
-Bugzilla Bug #700522 - pki tomcat6 instances currently running
-unconfined, allow server to come up when selinux disabled (alee)
-Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
-correctly when subsystem cloned (using hsm) (alee)
-Bugzilla Bug #712931 - CS requires too many ports
-to be open in the FW (alee)
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
+Bugzilla Bug #737218 - Incorrect request attribute name matching
+ignores request attributes during request parsing. (awnuk)
+Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+(hsm+NSS). (jmagne)
'pki-selinux'
-Bugzilla Bug #712931 - CS requires too many ports
-to be open in the FW (alee)
+Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
'pki-ca'
Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW (alee)
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+mode (cfu)
'pki-silent'
+Bugzilla Bug #739201 - pkisilent does not take arch into account
+as Java packages migrated to arch-dependent directories (mharmsen)
diff --git a/pki-core.spec b/pki-core.spec
index 3547e8a..37e0f59 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -1,5 +1,5 @@
Name: pki-core
-Version: 9.0.12
+Version: 9.0.15
Release: 1%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
@@ -8,30 +8,43 @@ Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-# jss requires versioning to meet both build and runtime requirements
+# specify '_unitdir' macro for platforms that don't use 'systemd'
+%if 0%{?rhel} || 0%{?fedora} < 16
+%define _unitdir /lib/systemd/system
+%endif
+
# tomcatjss requires versioning since version 2.0.0 requires tomcat6
-# pki-common-theme requires versioning to meet runtime requirements
-# pki-ca-theme requires versioning to meet runtime requirements
BuildRequires: cmake
BuildRequires: java-devel >= 1:1.6.0
-BuildRequires: jpackage-utils
-BuildRequires: jss >= 4.2.6-17
BuildRequires: ldapjdk
BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: openldap-devel
-BuildRequires: osutil
BuildRequires: pkgconfig
BuildRequires: policycoreutils
BuildRequires: selinux-policy-devel
+BuildRequires: velocity
+BuildRequires: xalan-j2
+BuildRequires: xerces-j2
+%if 0%{?fedora} >= 16
+BuildRequires: jpackage-utils >= 0:1.7.5-10
+BuildRequires: jss >= 4.2.6-19.1
+BuildRequires: osutil >= 2.0.2
+BuildRequires: systemd-units
+BuildRequires: tomcatjss >= 6.0.2
+%else
%if 0%{?fedora} >= 15
+BuildRequires: jpackage-utils
+BuildRequires: jss >= 4.2.6-17
+BuildRequires: osutil >= 2.0.1
BuildRequires: tomcatjss >= 6.0.0
%else
+BuildRequires: jpackage-utils
+BuildRequires: jss >= 4.2.6-17
+BuildRequires: osutil
BuildRequires: tomcatjss >= 2.0.0
%endif
-BuildRequires: velocity
-BuildRequires: xalan-j2
-BuildRequires: xerces-j2
+%endif
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
@@ -120,9 +133,14 @@ Summary: Symmetric Key JNI Package
Group: System Environment/Libraries
Requires: java >= 1:1.6.0
+Requires: nss
+%if 0%{?fedora} >= 16
+Requires: jpackage-utils >= 0:1.7.5-10
+Requires: jss >= 4.2.6-19.1
+%else
Requires: jpackage-utils
Requires: jss >= 4.2.6-17
-Requires: nss
+%endif
Provides: symkey = %{version}-%{release}
@@ -161,10 +179,22 @@ Group: System Environment/Base
BuildArch: noarch
Requires: java >= 1:1.6.0
+Requires: ldapjdk
+%if 0%{?fedora} >= 16
+Requires: jpackage-utils >= 0:1.7.5-10
+Requires: jss >= 4.2.6-19.1
+Requires: osutil >= 2.0.2
+%else
+%if 0%{?fedora} >= 15
+Requires: jpackage-utils
+Requires: jss >= 4.2.6-17
+Requires: osutil >= 2.0.1
+%else
Requires: jpackage-utils
Requires: jss >= 4.2.6-17
-Requires: ldapjdk
Requires: osutil
+%endif
+%endif
%description -n pki-util
The PKI Utility Framework is required by the following four PKI subsystems:
@@ -205,6 +235,11 @@ BuildArch: noarch
Requires: java >= 1:1.6.0
Requires: pki-native-tools = %{version}-%{release}
Requires: pki-util = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires: jpackage-utils >= 0:1.7.5-10
+%else
+Requires: jpackage-utils
+%endif
%description -n pki-java-tools
These platform-independent PKI executables are used to help make
@@ -238,25 +273,11 @@ Group: System Environment/Base
BuildArch: noarch
-%if 0%{?fedora} >= 14
-Requires: apache-commons-lang
-Requires: apache-commons-logging
-%endif
-%if 0%{?rhel} || 0%{?fedora} < 14
-Requires: jakarta-commons-lang
-Requires: jakarta-commons-logging
-%endif
Requires: java >= 1:1.6.0
-Requires: jss >= 4.2.6-17
Requires: pki-common-theme >= 9.0.0
Requires: pki-java-tools = %{version}-%{release}
Requires: pki-setup = %{version}-%{release}
Requires: pki-symkey = %{version}-%{release}
-%if 0%{?fedora} >= 15
-Requires: tomcatjss >= 6.0.0
-%else
-Requires: tomcatjss >= 2.0.0
-%endif
Requires: %{_javadir}/ldapjdk.jar
Requires: %{_javadir}/velocity.jar
Requires: %{_javadir}/xalan-j2.jar
@@ -265,6 +286,31 @@ Requires: %{_javadir}/xerces-j2.jar
Requires: %{_javadir}/xml-commons-apis.jar
Requires: %{_javadir}/xml-commons-resolver.jar
Requires: velocity
+%if 0%{?fedora} >= 16
+Requires: apache-commons-lang
+Requires: apache-commons-logging
+Requires: jss >= 4.2.6-19.1
+Requires: tomcatjss >= 6.0.2
+%else
+%if 0%{?fedora} >= 15
+Requires: apache-commons-lang
+Requires: apache-commons-logging
+Requires: jss >= 4.2.6-17
+Requires: tomcatjss >= 6.0.0
+%else
+%if 0%{?fedora} >= 14
+Requires: apache-commons-lang
+Requires: apache-commons-logging
+Requires: jss >= 4.2.6-17
+Requires: tomcatjss >= 2.0.0
+%else
+Requires: jakarta-commons-lang
+Requires: jakarta-commons-logging
+Requires: jss >= 4.2.6-17
+Requires: tomcatjss >= 2.0.0
+%endif
+%endif
+%endif
%description -n pki-common
The PKI Common Framework is required by the following four PKI subsystems:
@@ -323,17 +369,28 @@ Requires: java >= 1:1.6.0
Requires: pki-ca-theme >= 9.0.0
Requires: pki-common = %{version}-%{release}
Requires: pki-selinux = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
-%if 0%{?fedora} >= 15
# Details:
#
# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
#
Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
%endif
%description -n pki-ca
@@ -389,7 +446,7 @@ This package is a part of the PKI Core used by the Certificate System.
%build
%{__mkdir_p} build
cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_CORE:BOOL=ON ..
+%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_CORE:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} ..
%{__make} VERBOSE=1 %{?_smp_mflags}
@@ -400,11 +457,18 @@ cd build
cd %{buildroot}%{_libdir}/symkey
%{__rm} symkey.jar
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_jnidir}/symkey.jar
+%{__mv} symkey-%{version}.jar %{buildroot}%{_jnidir}/symkey.jar
+%else
%{__ln_s} symkey-%{version}.jar symkey.jar
+%endif
+%if 0%{?rhel} || 0%{?fedora} < 16
cd %{buildroot}%{_jnidir}
%{__rm} symkey.jar
%{__ln_s} %{_libdir}/symkey/symkey.jar symkey.jar
+%endif
%if 0%{?fedora} >= 15
# Details:
@@ -420,6 +484,14 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfile
echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-cad
+%else
+%{__rm} %{buildroot}%{_bindir}/pkicontrol
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+
%pre -n pki-selinux
%saveFileContext targeted
@@ -442,8 +514,8 @@ if [ $1 = 0 ]; then
%relabel targeted
fi
-
-%post -n pki-ca
+%if 0%{?rhel} || 0%{?fedora} < 16
+%post -n pki-ca
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-cad || :
@@ -460,17 +532,62 @@ if [ "$1" -ge "1" ] ; then
/sbin/service pki-cad condrestart >/dev/null 2>&1 || :
fi
+%else
+%post -n pki-ca
+# Attempt to update ALL old "CA" instances to "systemd"
+for inst in `ls /etc/sysconfig/pki/ca`; do
+ if [ ! -e "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-cad at .service" \
+ "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-cad@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+done
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun -n pki-ca
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-cad.target > /dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ca
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
+fi
+%endif
+
%files -n pki-setup
%defattr(-,root,root,-)
%doc base/setup/LICENSE
%{_bindir}/pkicreate
%{_bindir}/pkiremove
+%{_bindir}/pki-setup-proxy
%dir %{_datadir}/pki
%dir %{_datadir}/pki/scripts
%{_datadir}/pki/scripts/pkicommon.pm
+%{_datadir}/pki/scripts/functions
+%{_datadir}/pki/scripts/pki_apache_initscript
%dir %{_localstatedir}/lock/pki
%dir %{_localstatedir}/run/pki
+%if 0%{?fedora} >= 16
+%{_bindir}/pkicontrol
+%endif
%files -n pki-symkey
@@ -479,7 +596,6 @@ fi
%{_jnidir}/symkey.jar
%{_libdir}/symkey/
-
%files -n pki-native-tools
%defattr(-,root,root,-)
%doc base/native-tools/LICENSE base/native-tools/doc/README
@@ -549,8 +665,6 @@ fi
%{_javadir}/pki/pki-cmsbundle.jar
%{_javadir}/pki/pki-cmscore-%{version}.jar
%{_javadir}/pki/pki-cmscore.jar
-%{_datadir}/pki/scripts/functions
-%{_datadir}/pki/scripts/pki_apache_initscript
%{_datadir}/pki/setup/
%files -n pki-common-javadoc
@@ -567,7 +681,13 @@ fi
%files -n pki-ca
%defattr(-,root,root,-)
%doc base/ca/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{_unitdir}/pki-cad at .service
+%{_unitdir}/pki-cad.target
+%else
%{_initrddir}/pki-cad
+%endif
%{_javadir}/pki/pki-ca-%{version}.jar
%{_javadir}/pki/pki-ca.jar
%dir %{_datadir}/pki/ca
@@ -599,6 +719,69 @@ fi
%changelog
+* Thu Sep 22 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.15-1
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-setup'
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
+- 'pki-symkey'
+- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+ (hsm+NSS). (jmagne)
+- 'pki-native-tools'
+- Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- 'pki-util'
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- 'pki-java-tools'
+- 'pki-common'
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- Bugzilla Bug #737218 - Incorrect request attribute name matching
+ ignores request attributes during request parsing. (awnuk)
+- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+ (hsm+NSS). (jmagne)
+- 'pki-selinux'
+- Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
+- 'pki-ca'
+- Bugzilla Bug #712931 - CS requires too many ports
+ to be open in the FW (alee)
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
+ mode (cfu)
+- 'pki-silent'
+- Bugzilla Bug #739201 - pkisilent does not take arch into account
+ as Java packages migrated to arch-dependent directories (mharmsen)
+
+* Fri Sep 9 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.14-1
+- 'pki-setup'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-symkey'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-native-tools'
+- 'pki-util'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-java-tools'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-common'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- 'pki-selinux'
+- 'pki-ca'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-silent'
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+
+* Tue Sep 6 2011 Ade Lee <alee at redhat.com> 9.0.13-1
+- 'pki-setup'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-ca'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+- 'pki-common'
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
* Tue Aug 23 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.12-1
- 'pki-setup'
- Bugzilla Bug #712931 - CS requires too many ports
diff --git a/sources b/sources
index fb1c108..1fce21c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-82748002979453812ca71051b0a53fe7 pki-core-9.0.12.tar.gz
+6da9f68121a45aa40730fc92813d4aa6 pki-core-9.0.15.tar.gz
More information about the scm-commits
mailing list