[pki-tks/f15] Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) Bugzilla Bug #730162
kwright
kwright at fedoraproject.org
Fri Oct 7 02:45:47 UTC 2011
commit 461e0ba6799b36f9221f310dcb85e605daf6dbb9
Author: Kevin Wright <kwright at redhat.com>
Date: Thu Oct 6 19:45:46 2011 -0700
Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu)
Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
(hsm+NSS). (jmagne)
Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
Bugzilla Bug #699809 - Convert CS to use systemd (alee)
.gitignore | 1 +
clog | 7 +++-
pki-tks.spec | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++----
sources | 2 +-
4 files changed, 105 insertions(+), 11 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 9993dd6..d113f96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ pki-tks-1.3.3.tar.gz
/pki-tks-9.0.2.tar.gz
/pki-tks-9.0.3.tar.gz
/pki-tks-9.0.4.tar.gz
+/pki-tks-9.0.7.tar.gz
diff --git a/clog b/clog
index 1e402f7..9b99f52 100644
--- a/clog
+++ b/clog
@@ -1,2 +1,5 @@
-Bugzilla Bug #712931 - CS requires too many ports
-to be open in the FW
+Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu)
+Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+(hsm+NSS). (jmagne)
+Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
+Bugzilla Bug #699809 - Convert CS to use systemd (alee)
diff --git a/pki-tks.spec b/pki-tks.spec
index b5eb11c..e03c31b 100644
--- a/pki-tks.spec
+++ b/pki-tks.spec
@@ -1,5 +1,5 @@
Name: pki-tks
-Version: 9.0.4
+Version: 9.0.7
Release: 1%{?dist}
Summary: Certificate System - Token Key Service
URL: http://pki.fedoraproject.org/
@@ -10,30 +10,58 @@ BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# specify '_unitdir' macro for platforms that don't use 'systemd'
+%if 0%{?rhel} || 0%{?fedora} < 16
+%define _unitdir /lib/systemd/system
+%endif
+
BuildRequires: cmake
BuildRequires: java-devel >= 1:1.6.0
-BuildRequires: jpackage-utils
-BuildRequires: jss >= 4.2.6-17
BuildRequires: nspr-devel
BuildRequires: nss-devel
+%if 0%{?fedora} >= 16
+BuildRequires: jpackage-utils >= 0:1.7.5-10
+BuildRequires: jss >= 4.2.6-19.1
+BuildRequires: pki-common >= 9.0.15
+BuildRequires: pki-util >= 9.0.15
+BuildRequires: systemd-units
+%else
+BuildRequires: jpackage-utils
+BuildRequires: jss >= 4.2.6-17
BuildRequires: pki-common
BuildRequires: pki-util
+%endif
Requires: java >= 1:1.6.0
+Requires: pki-tks-theme >= 9.0.0
+%if 0%{?fedora} >= 16
+Requires: pki-common >= 9.0.15
+Requires: pki-selinux >= 9.0.15
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
Requires: pki-common
Requires: pki-selinux
-Requires: pki-tks-theme
Requires(post): chkconfig
Requires(preun): chkconfig
Requires(preun): initscripts
Requires(postun): initscripts
-%if 0%{?fedora} >= 15
# Details:
#
# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
#
Requires: initscripts
+%else
+Requires: pki-common
+Requires: pki-selinux
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
%endif
Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
@@ -95,7 +123,7 @@ Additionally, Certificate System requires ONE AND ONLY ONE of the following
%build
%{__mkdir_p} build
cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TKS:BOOL=ON ..
+%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_TKS:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} ..
%{__make} VERBOSE=1 %{?_smp_mflags}
@@ -118,29 +146,77 @@ echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfil
echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
%endif
+%if 0%{?fedora} >= 16
+%{__rm} %{buildroot}%{_initrddir}/pki-tksd
+%else
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{__rm} -rf %{buildroot}%{_unitdir}
+%endif
+%if 0%{?rhel} || 0%{?fedora} < 16
%post
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add pki-tksd || :
-
%preun
if [ $1 = 0 ] ; then
/sbin/service pki-tksd stop >/dev/null 2>&1
/sbin/chkconfig --del pki-tksd || :
fi
-
%postun
if [ "$1" -ge "1" ] ; then
/sbin/service pki-tksd condrestart >/dev/null 2>&1 || :
fi
+%else
+%post
+# Attempt to update ALL old "TKS" instances to "systemd"
+for inst in `ls /etc/sysconfig/pki/tks`; do
+ if [ ! -e "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-tksd at .service" \
+ "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-tksd@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ fi
+done
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+%preun
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || :
+fi
+%endif
%files
%defattr(-,root,root,-)
%doc base/tks/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{_unitdir}/pki-tksd at .service
+%{_unitdir}/pki-tksd.target
+%else
%{_initrddir}/pki-tksd
+%endif
%{_javadir}/pki/pki-tks-%{version}.jar
%{_javadir}/pki/pki-tks.jar
%dir %{_datadir}/pki/tks
@@ -160,6 +236,20 @@ fi
%changelog
+* Thu Sep 22 2011 Jack Magne <jmagne at redhat.com> 9.0.7-1
+- Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu)
+- Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
+ (hsm+NSS). (jmagne)
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
+* Mon Sep 12 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.6-1
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+- Bugzilla Bug #699809 - Convert CS to use systemd (alee)
+
+* Tue Sep 6 2011 Ade Lee <alee at redhat.com> 9.0.5-1
+- Bugzilla Bug #699809 - Convert CS to use systemd
+
* Tue Aug 23 2011 Ade Lee <alee at redhat.com> 9.0.4-1
- Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW
diff --git a/sources b/sources
index a68eee1..e053c4f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a9248510b798c63af0fb814b7b6cf55e pki-tks-9.0.4.tar.gz
+54af2eecc39942ba9d2e6a483e9356a2 pki-tks-9.0.7.tar.gz
More information about the scm-commits
mailing list