[pki-core/f18] Resolves Dogtag Trac Ticket 282 - Create official f18 build for dogtag 10
Ade Lee
vakwetu at fedoraproject.org
Fri Sep 14 19:50:13 UTC 2012
commit 8b79e5d8d838dd60fd7fe14a93a741e1cbbc2995
Author: Ade Lee <alee at redhat.com>
Date: Fri Sep 14 15:47:58 2012 -0400
Resolves Dogtag Trac Ticket 282 - Create official f18 build for dogtag 10
.gitignore | 1 +
...ogtag-9-f16.patch => pki-core-selinux-f16.patch | 4 +-
...g-9-f17-1.patch => pki-core-selinux-f17-1.patch | 4 +-
pki-core.spec | 1119 +++++++++++++++-----
sources | 2 +-
5 files changed, 872 insertions(+), 258 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 109a9a0..ac2db0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@
/pki-core-9.0.19.tar.gz
/pki-core-9.0.20.tar.gz
/pki-core-9.0.21.tar.gz
+/pki-core-10.0.0.a1.tar.gz
diff --git a/pki-core-selinux-Dogtag-9-f16.patch b/pki-core-selinux-f16.patch
similarity index 93%
rename from pki-core-selinux-Dogtag-9-f16.patch
rename to pki-core-selinux-f16.patch
index 03e38be..6866033 100644
--- a/pki-core-selinux-Dogtag-9-f16.patch
+++ b/pki-core-selinux-f16.patch
@@ -16,8 +16,8 @@ index 7f6e657..dab02d4 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
--policy_module(pki,9.0.2)
-+policy_module(pki,9.0.3)
+-policy_module(pki,10.0.2)
++policy_module(pki,10.0.3)
attribute pki_ca_config;
attribute pki_ca_executable;
diff --git a/pki-core-selinux-Dogtag-9-f17-1.patch b/pki-core-selinux-f17-1.patch
similarity index 95%
rename from pki-core-selinux-Dogtag-9-f17-1.patch
rename to pki-core-selinux-f17-1.patch
index 7a012ec..3ee1064 100644
--- a/pki-core-selinux-Dogtag-9-f17-1.patch
+++ b/pki-core-selinux-f17-1.patch
@@ -29,8 +29,8 @@ index 7f6e657..dab02d4 100644
--- a/pki/base/selinux/src/pki.te
+++ b/pki/base/selinux/src/pki.te
@@ -1,4 +1,4 @@
--policy_module(pki,9.0.2)
-+policy_module(pki,9.0.4)
+-policy_module(pki,10.0.2)
++policy_module(pki,10.0.4)
attribute pki_ca_config;
attribute pki_ca_executable;
diff --git a/pki-core.spec b/pki-core.spec
index 4b305b0..158e14e 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -1,6 +1,20 @@
+# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
+# also remove the space between % and global - this space is needed because
+# fedpkg verrel stupidly ignores comment lines
+%global prerel .a1
+# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
+%global relprefix 0.
+
+%if ! (0%{?fedora} > 12 || 0%{?rhel} > 5)
+%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from
+distutils.sysconfig import get_python_lib; print(get_python_lib())")}
+%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from
+distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
+%endif
+
Name: pki-core
-Version: 9.0.21
-Release: 1%{?dist}
+Version: 10.0.0
+Release: %{?relprefix}33%{?prerel}%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -15,8 +29,11 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
# tomcatjss requires versioning since version 2.0.0 requires tomcat6
BuildRequires: cmake
+BuildRequires: zip
BuildRequires: java-devel >= 1:1.6.0
+BuildRequires: redhat-rpm-config
BuildRequires: ldapjdk
+BuildRequires: apache-commons-codec
BuildRequires: nspr-devel
BuildRequires: nss-devel
BuildRequires: openldap-devel
@@ -26,30 +43,43 @@ BuildRequires: selinux-policy-devel
BuildRequires: velocity
BuildRequires: xalan-j2
BuildRequires: xerces-j2
+%if 0%{?fedora} >= 17
+BuildRequires: resteasy >= 2.3.2-1
+BuildRequires: junit
+# NOTE: The following requirement is for nightly 'mock' builds ONLY since
+# Dogtag 10 will NEVER be officially released on Fedora 17!
+BuildRequires: tomcatjss >= 7.0.0
+%else
+BuildRequires: junit4
+%endif
+%if 0%{?fedora} >= 18
+BuildRequires: jpackage-utils >= 0:1.7.5-10
+BuildRequires: jss >= 4.2.6-24
+BuildRequires: systemd-units
+BuildRequires: tomcatjss >= 7.0.0
+%else
%if 0%{?fedora} >= 16
BuildRequires: jpackage-utils >= 0:1.7.5-10
BuildRequires: jss >= 4.2.6-24
-BuildRequires: osutil >= 2.0.2
BuildRequires: systemd-units
BuildRequires: tomcatjss >= 6.0.2
%else
%if 0%{?fedora} >= 15
BuildRequires: jpackage-utils
BuildRequires: jss >= 4.2.6-24
-BuildRequires: osutil >= 2.0.1
BuildRequires: tomcatjss >= 6.0.0
%else
BuildRequires: jpackage-utils
BuildRequires: jss >= 4.2.6-17
-BuildRequires: osutil
BuildRequires: tomcatjss >= 2.0.0
%endif
%endif
+%endif
-Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz
-Patch0: %{name}-selinux-Dogtag-9-f16.patch
-Patch1: %{name}-selinux-Dogtag-9-f17-1.patch
+Patch0: %{name}-selinux-f16.patch
+Patch1: %{name}-selinux-f17-1.patch
%if 0%{?rhel}
ExcludeArch: ppc ppc64 s390 s390x
@@ -81,31 +111,53 @@ fi;
Certificate System (CS) is an enterprise software system designed \
to manage enterprise Public Key Infrastructure (PKI) deployments. \
\
-PKI Core contains fundamental packages required by Certificate System, \
-and consists of the following components: \
+PKI Core contains ALL top-level java-based Tomcat PKI components: \
\
* pki-setup \
* pki-symkey \
- * pki-native-tools \
- * pki-util \
- * pki-util-javadoc \
- * pki-java-tools \
- * pki-java-tools-javadoc \
- * pki-common \
- * pki-common-javadoc \
+ * pki-base \
+ * pki-tools \
* pki-selinux \
+ * pki-server \
* pki-ca \
- * pki-silent \
+ * pki-kra \
+ * pki-ocsp \
+ * pki-tks \
+ * pki-javadoc \
\
-which comprise the following PKI subsystems: \
+which comprise the following corresponding PKI subsystems: \
\
* Certificate Authority (CA) \
+ * Data Recovery Manager (DRM) \
+ * Online Certificate Status Protocol (OCSP) Manager \
+ * Token Key Service (TKS) \
\
-For deployment purposes, Certificate System requires ONE AND ONLY ONE \
-of the following "Mutually-Exclusive" PKI Theme packages: \
+For deployment purposes, PKI Core contains fundamental packages \
+required by BOTH native-based Apache AND java-based Tomcat \
+Certificate System instances consisting of the following components: \
+ \
+ * pki-tools \
+ * pki-selinux \
+ * pki-setup \
+ * pki-silent (required for IPA deployments; optional otherwise) \
+ \
+Additionally, PKI Core contains the following fundamental packages \
+required ONLY by ALL java-based Tomcat Certificate System instances: \
+ \
+ * pki-symkey \
+ * pki-base \
+ * pki-tools \
+ * pki-server \
+ \
+PKI Core also includes the following components: \
+ \
+ * pki-javadoc \
+ \
+Finally, for deployment purposes, Certificate System requires ONE AND \
+ONLY ONE of the following "Mutually-Exclusive" PKI Theme packages: \
\
- * ipa-pki-theme (IPA deployments) \
* dogtag-pki-theme (Dogtag Certificate System deployments) \
+ * ipa-pki-theme (IPA deployments) \
* redhat-pki-theme (Red Hat Certificate System deployments) \
\
%{nil}
@@ -141,10 +193,10 @@ Requires: java >= 1:1.6.0
Requires: nss
%if 0%{?fedora} >= 16
Requires: jpackage-utils >= 0:1.7.5-10
-Requires: jss >= 4.2.6-19.1
+Requires: jss >= 4.2.6-24
%else
Requires: jpackage-utils
-Requires: jss >= 4.2.6-17
+Requires: jss >= 4.2.6-24
%endif
Provides: symkey = %{version}-%{release}
@@ -160,94 +212,81 @@ This package is a part of the PKI Core used by the Certificate System.
%{overview}
-%package -n pki-native-tools
-Summary: Certificate System - Native Tools
-Group: System Environment/Base
-
-Requires: openldap-clients
-Requires: nss
-Requires: nss-tools
-
-%description -n pki-native-tools
-These platform-dependent PKI executables are used to help make
-Certificate System into a more complete and robust PKI solution.
-
-This package is a part of the PKI Core used by the Certificate System.
-
-%{overview}
-
-
-%package -n pki-util
-Summary: Certificate System - PKI Utility Framework
+%package -n pki-base
+Summary: Certificate System - PKI Framework
Group: System Environment/Base
BuildArch: noarch
+Obsoletes: pki-common < %{version}-%{release}
+Obsoletes: pki-util < %{version}-%{release}
+
+Conflicts: freeipa-server < 3.0.0
+Requires: apache-commons-codec
+Requires: apache-commons-lang
+Requires: apache-commons-logging
Requires: java >= 1:1.6.0
+Requires: javassist
+Requires: jettison
Requires: ldapjdk
+Requires: %{_javadir}/xalan-j2.jar
+Requires: %{_javadir}/xalan-j2-serializer.jar
+Requires: %{_javadir}/xerces-j2.jar
+Requires: %{_javadir}/xml-commons-apis.jar
+Requires: %{_javadir}/xml-commons-resolver.jar
+%if 0%{?fedora} >= 17
+Requires: resteasy >= 2.3.2-1
+%endif
+%if 0%{?fedora} >= 18
+Requires: jpackage-utils >= 0:1.7.5-10
+Requires: jss >= 4.2.6-24
+%else
%if 0%{?fedora} >= 16
Requires: jpackage-utils >= 0:1.7.5-10
-Requires: jss >= 4.2.6-19.1
-Requires: osutil >= 2.0.2
+Requires: jss >= 4.2.6-24
%else
%if 0%{?fedora} >= 15
Requires: jpackage-utils
+Requires: jss >= 4.2.6-24
+%else
+%if 0%{?fedora} >= 14
+Requires: jpackage-utils
Requires: jss >= 4.2.6-17
-Requires: osutil >= 2.0.1
%else
Requires: jpackage-utils
Requires: jss >= 4.2.6-17
-Requires: osutil
+%endif
+%endif
%endif
%endif
-%description -n pki-util
-The PKI Utility Framework is required by the following four PKI subsystems:
-
- the Certificate Authority (CA),
- the Data Recovery Manager (DRM),
- the Online Certificate Status Protocol (OCSP) Manager, and
- the Token Key Service (TKS).
-
-This package is a part of the PKI Core used by the Certificate System.
-
-%{overview}
-
-
-%package -n pki-util-javadoc
-Summary: Certificate System - PKI Utility Framework Javadocs
-Group: Documentation
-
-BuildArch: noarch
-
-Requires: pki-util = %{version}-%{release}
-
-%description -n pki-util-javadoc
-This documentation pertains exclusively to version %{version} of
-the PKI Utility Framework.
-
+%description -n pki-base
+The PKI Framework contains the common and client libraries and utilities.
This package is a part of the PKI Core used by the Certificate System.
%{overview}
-%package -n pki-java-tools
-Summary: Certificate System - PKI Java-Based Tools
+%package -n pki-tools
+Summary: Certificate System - PKI Tools
Group: System Environment/Base
-BuildArch: noarch
+Obsoletes: pki-native-tools < %{version}-%{release}
+Obsoletes: pki-java-tools < %{version}-%{release}
+Requires: openldap-clients
+Requires: nss
+Requires: nss-tools
Requires: java >= 1:1.6.0
-Requires: pki-native-tools = %{version}-%{release}
-Requires: pki-util = %{version}-%{release}
+Requires: pki-base = %{version}-%{release}
%if 0%{?fedora} >= 16
Requires: jpackage-utils >= 0:1.7.5-10
%else
Requires: jpackage-utils
%endif
-%description -n pki-java-tools
-These platform-independent PKI executables are used to help make
+%description -n pki-tools
+This package contains PKI executables that can be used to help make
Certificate System into a more complete and robust PKI solution.
This package is a part of the PKI Core used by the Certificate System.
@@ -255,70 +294,56 @@ This package is a part of the PKI Core used by the Certificate System.
%{overview}
-%package -n pki-java-tools-javadoc
-Summary: Certificate System - PKI Java-Based Tools Javadocs
-Group: Documentation
-
-BuildArch: noarch
-
-Requires: pki-java-tools = %{version}-%{release}
-
-%description -n pki-java-tools-javadoc
-This documentation pertains exclusively to version %{version} of
-the PKI Java-Based Tools.
-
-This package is a part of the PKI Core used by the Certificate System.
-
-%{overview}
-
-
-%package -n pki-common
-Summary: Certificate System - PKI Common Framework
+%package -n pki-server
+Summary: Certificate System - PKI Server Framework
Group: System Environment/Base
BuildArch: noarch
-Requires: java >= 1:1.6.0
-Requires: pki-common-theme >= 9.0.0
-Requires: pki-java-tools = %{version}-%{release}
-Requires: pki-setup = %{version}-%{release}
-Requires: pki-symkey = %{version}-%{release}
-Requires: %{_javadir}/ldapjdk.jar
-Requires: %{_javadir}/velocity.jar
-Requires: %{_javadir}/xalan-j2.jar
-Requires: %{_javadir}/xalan-j2-serializer.jar
-Requires: %{_javadir}/xerces-j2.jar
-Requires: %{_javadir}/xml-commons-apis.jar
-Requires: %{_javadir}/xml-commons-resolver.jar
+Obsoletes: pki-deploy < %{version}-%{release}
+
+Requires: jython >= 2.2.1
+Requires: pki-common-theme >= 10.0.0
+Requires: pki-base = %{version}-%{release}
+Requires: pki-tools = %{version}-%{release}
+Requires: pki-selinux = %{version}-%{release}
Requires: velocity
+%if 0%{?fedora} >= 17
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+Requires: tomcatjss >= 7.0.0
+%else
%if 0%{?fedora} >= 16
-Requires: apache-commons-lang
-Requires: apache-commons-logging
-Requires: jss >= 4.2.6-19.1
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
Requires: tomcatjss >= 6.0.2
%else
%if 0%{?fedora} >= 15
-Requires: apache-commons-lang
-Requires: apache-commons-logging
-Requires: jss >= 4.2.6-17
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires: initscripts
Requires: tomcatjss >= 6.0.0
%else
%if 0%{?fedora} >= 14
-Requires: apache-commons-lang
-Requires: apache-commons-logging
-Requires: jss >= 4.2.6-17
Requires: tomcatjss >= 2.0.0
%else
-Requires: jakarta-commons-lang
-Requires: jakarta-commons-logging
-Requires: jss >= 4.2.6-17
Requires: tomcatjss >= 2.0.0
%endif
%endif
%endif
+%endif
-%description -n pki-common
-The PKI Common Framework is required by the following four PKI subsystems:
+%description -n pki-server
+The PKI Server Framework is required by the following four PKI subsystems:
the Certificate Authority (CA),
the Data Recovery Manager (DRM),
@@ -326,23 +351,7 @@ The PKI Common Framework is required by the following four PKI subsystems:
the Token Key Service (TKS).
This package is a part of the PKI Core used by the Certificate System.
-
-%{overview}
-
-
-%package -n pki-common-javadoc
-Summary: Certificate System - PKI Common Framework Javadocs
-Group: Documentation
-
-BuildArch: noarch
-
-Requires: pki-common = %{version}-%{release}
-
-%description -n pki-common-javadoc
-This documentation pertains exclusively to version %{version} of
-the PKI Common Framework.
-
-This package is a part of the PKI Core used by the Certificate System.
+The package contains scripts to create and remove PKI subsystems.
%{overview}
@@ -371,9 +380,8 @@ Group: System Environment/Daemons
BuildArch: noarch
Requires: java >= 1:1.6.0
-Requires: pki-ca-theme >= 9.0.0
-Requires: pki-common = %{version}-%{release}
-Requires: pki-selinux = %{version}-%{release}
+Requires: pki-ca-theme >= 10.0.0
+Requires: pki-server = %{version}-%{release}
%if 0%{?fedora} >= 16
Requires(post): systemd-units
Requires(preun): systemd-units
@@ -407,7 +415,179 @@ The Certificate Authority can be configured as a self-signing Certificate
Authority, where it is the root CA, or it can act as a subordinate CA,
where it obtains its own signing certificate from a public CA.
-This package is a part of the PKI Core used by the Certificate System.
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
+
+%{overview}
+
+
+%package -n pki-kra
+Summary: Certificate System - Data Recovery Manager
+Group: System Environment/Daemons
+
+BuildArch: noarch
+
+Requires: java >= 1:1.6.0
+Requires: pki-kra-theme >= 10.0.0
+Requires: pki-server = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
+%endif
+
+%description -n pki-kra
+The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
+as a Key Recovery Authority (KRA). When configured in conjunction with the
+Certificate Authority (CA), the DRM stores private encryption keys as part of
+the certificate enrollment process. The key archival mechanism is triggered
+when a user enrolls in the PKI and creates the certificate request. Using the
+Certificate Request Message Format (CRMF) request format, a request is
+generated for the user's private encryption key. This key is then stored in
+the DRM which is configured to store keys in an encrypted format that can only
+be decrypted by several agents requesting the key at one time, providing for
+protection of the public encryption keys for the users in the PKI deployment.
+
+Note that the DRM archives encryption keys; it does NOT archive signing keys,
+since such archival would undermine non-repudiation properties of signing keys.
+
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
+
+%{overview}
+
+
+%package -n pki-ocsp
+Summary: Certificate System - Online Certificate Status Protocol Manager
+Group: System Environment/Daemons
+
+BuildArch: noarch
+
+Requires: java >= 1:1.6.0
+Requires: pki-ocsp-theme >= 10.0.0
+Requires: pki-server = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
+%endif
+
+%description -n pki-ocsp
+The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
+subsystem that can act as a stand-alone OCSP service. The OCSP Manager
+performs the task of an online certificate validation authority by enabling
+OCSP-compliant clients to do real-time verification of certificates. Note
+that an online certificate-validation authority is often referred to as an
+OCSP Responder.
+
+Although the Certificate Authority (CA) is already configured with an
+internal OCSP service. An external OCSP Responder is offered as a separate
+subsystem in case the user wants the OCSP service provided outside of a
+firewall while the CA resides inside of a firewall, or to take the load of
+requests off of the CA.
+
+The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
+multiple CA servers, and clients can query the OCSP Manager for the
+revocation status of certificates issued by all of these CA servers.
+
+When an instance of OCSP Manager is set up with an instance of CA, and
+publishing is set up to this OCSP Manager, CRLs are published to it
+whenever they are issued or updated.
+
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
+
+%{overview}
+
+
+%package -n pki-tks
+Summary: Certificate System - Token Key Service
+Group: System Environment/Daemons
+
+BuildArch: noarch
+
+Requires: java >= 1:1.6.0
+Requires: pki-tks-theme >= 10.0.0
+Requires: pki-server = %{version}-%{release}
+Requires: pki-symkey = %{version}-%{release}
+%if 0%{?fedora} >= 16
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+%if 0%{?fedora} >= 15
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+Requires: initscripts
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+Requires(preun): initscripts
+Requires(postun): initscripts
+%endif
+%endif
+
+%description -n pki-tks
+The Token Key Service (TKS) is an optional PKI subsystem that manages the
+master key(s) and the transport key(s) required to generate and distribute
+keys for hardware tokens. TKS provides the security between tokens and an
+instance of Token Processing System (TPS), where the security relies upon the
+relationship between the master key and the token keys. A TPS communicates
+with a TKS over SSL using client authentication.
+
+TKS helps establish a secure channel (signed and encrypted) between the token
+and the TPS, provides proof of presence of the security token during
+enrollment, and supports key changeover when the master key changes on the
+TKS. Tokens with older keys will get new token keys.
+
+Because of the sensitivity of the data that TKS manages, TKS should be set up
+behind the firewall with restricted access.
+
+This package is one of the top-level java-based Tomcat PKI subsystems
+provided by the PKI Core used by the Certificate System.
%{overview}
@@ -419,7 +599,7 @@ Group: System Environment/Base
BuildArch: noarch
Requires: java >= 1:1.6.0
-Requires: pki-common = %{version}-%{release}
+Requires: pki-server = %{version}-%{release}
%description -n pki-silent
The PKI Silent Installer may be used to "automatically" configure
@@ -438,21 +618,38 @@ This package is a part of the PKI Core used by the Certificate System.
%{overview}
-%prep
+%package -n pki-javadoc
+Summary: Certificate System - PKI Framework Javadocs
+Group: Documentation
+BuildArch: noarch
+
+Obsoletes: pki-util-javadoc < %{version}-%{release}
+Obsoletes: pki-java-tools-javadoc < %{version}-%{release}
+Obsoletes: pki-common-javadoc < %{version}-%{release}
+
+%description -n pki-javadoc
+This documentation pertains exclusively to version %{version} of
+the PKI Framework and Tools.
-%setup -q
+This package is a part of the PKI Core used by the Certificate System.
+
+%{overview}
+%prep
+
+
+%setup -q -n %{name}-%{version}%{?prerel}
+
%if 0%{?fedora} >= 17
-%patch1 -p2 -b .f17
+# %patch1 -p2 -b .f17
%else
%if 0%{?fedora} >= 16
%patch0 -p2 -b .f16
%endif
%endif
-
%clean
%{__rm} -rf %{buildroot}
@@ -460,8 +657,14 @@ This package is a part of the PKI Core used by the Certificate System.
%build
%{__mkdir_p} build
cd build
-%cmake -DVAR_INSTALL_DIR:PATH=/var -DBUILD_PKI_CORE:BOOL=ON -DJAVA_LIB_INSTALL_DIR=%{_jnidir} -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} ..
-%{__make} VERBOSE=1 %{?_smp_mflags}
+%cmake -DVAR_INSTALL_DIR:PATH=/var \
+ -DBUILD_PKI_CORE:BOOL=ON \
+ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
+ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
+ %{?_without_javadoc:-DWITH_JAVADOC:BOOL=OFF} \
+ ..
+%{__make} VERBOSE=1 %{?_smp_mflags} all
+%{__make} VERBOSE=1 %{?_smp_mflags} test
%install
@@ -496,16 +699,46 @@ echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfile
echo "D /var/lock/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
+# generate 'pki-kra.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+echo "D /var/lock/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+echo "D /var/run/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
+# generate 'pki-ocsp.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+echo "D /var/lock/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+echo "D /var/run/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+# generate 'pki-tomcat.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
+echo "D /var/lock/pki/tomcat 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
+echo "D /var/run/pki/tomcat 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
+# generate 'pki-tks.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
+echo "D /var/lock/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
+echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
%endif
%if 0%{?fedora} >= 16
%{__rm} %{buildroot}%{_initrddir}/pki-cad
+%{__rm} %{buildroot}%{_initrddir}/pki-krad
+%{__rm} %{buildroot}%{_initrddir}/pki-ocspd
+%{__rm} %{buildroot}%{_initrddir}/pki-tksd
%else
%{__rm} %{buildroot}%{_bindir}/pkicontrol
+%{__rm} %{buildroot}%{_bindir}/pkidaemon
%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-cad.target.wants
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{__rm} -rf %{buildroot}%{_sysconfdir}/systemd/system/pki-tomcatd.target.wants
%{__rm} -rf %{buildroot}%{_unitdir}
%endif
+%{__rm} -rf %{buildroot}%{_datadir}/pki/shared/lib
+
# tomcat6 has changed how TOMCAT_LOG is used.
# Need to adjust accordingly
# This macro will be executed in the postinstall scripts
@@ -547,6 +780,22 @@ fi
/sbin/chkconfig --add pki-cad || :
%fix_tomcat_log ca
+%post -n pki-kra
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-krad || :
+%fix_tomcat_log kra
+
+%post -n pki-ocsp
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-ocspd || :
+%fix_tomcat_log ocsp
+
+%post -n pki-tks
+# This adds the proper /etc/rc*.d links for the script
+/sbin/chkconfig --add pki-tksd || :
+%fix_tomcat_log tks
+
+
%preun -n pki-ca
if [ $1 = 0 ] ; then
/sbin/service pki-cad stop >/dev/null 2>&1
@@ -554,11 +803,49 @@ if [ $1 = 0 ] ; then
fi
+%preun -n pki-kra
+if [ $1 = 0 ] ; then
+ /sbin/service pki-krad stop >/dev/null 2>&1
+ /sbin/chkconfig --del pki-krad || :
+fi
+
+
+%preun -n pki-ocsp
+if [ $1 = 0 ] ; then
+ /sbin/service pki-ocspd stop >/dev/null 2>&1
+ /sbin/chkconfig --del pki-ocspd || :
+fi
+
+
+%preun -n pki-tks
+if [ $1 = 0 ] ; then
+ /sbin/service pki-tksd stop >/dev/null 2>&1
+ /sbin/chkconfig --del pki-tksd || :
+fi
+
+
%postun -n pki-ca
if [ "$1" -ge "1" ] ; then
/sbin/service pki-cad condrestart >/dev/null 2>&1 || :
fi
+
+%postun -n pki-kra
+if [ "$1" -ge "1" ] ; then
+ /sbin/service pki-krad condrestart >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ocsp
+if [ "$1" -ge "1" ] ; then
+ /sbin/service pki-ocspd condrestart >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-tks
+if [ "$1" -ge "1" ] ; then
+ /sbin/service pki-tksd condrestart >/dev/null 2>&1 || :
+fi
%else
%post -n pki-ca
# Attempt to update ALL old "CA" instances to "systemd"
@@ -581,12 +868,115 @@ if [ -d /etc/sysconfig/pki/ca ]; then
echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \
/var/lib/${inst}/conf/CS.cfg || :
fi
+ else
+ # Conditionally restart this Dogtag 9 instance
+ /bin/systemctl condrestart pki-cad@${inst}.service
fi
done
fi
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%fix_tomcat_log ca
+
+%post -n pki-kra
+# Attempt to update ALL old "KRA" instances to "systemd"
+if [ -d /etc/sysconfig/pki/kra ]; then
+ for inst in `ls /etc/sysconfig/pki/kra`; do
+ if [ ! -e "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-krad at .service" \
+ "/etc/systemd/system/pki-krad.target.wants/pki-krad@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-krad@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-krad@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ else
+ # Conditionally restart this Dogtag 9 instance
+ /bin/systemctl condrestart pki-krad@${inst}.service
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+%fix_tomcat_log kra
+
+
+%post -n pki-ocsp
+# Attempt to update ALL old "OCSP" instances to "systemd"
+if [ -d /etc/sysconfig/pki/ocsp ]; then
+ for inst in `ls /etc/sysconfig/pki/ocsp`; do
+ if [ ! -e "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-ocspd at .service" \
+ "/etc/systemd/system/pki-ocspd.target.wants/pki-ocspd@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-ocspd@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-ocspd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ else
+ # Conditionally restart this Dogtag 9 instance
+ /bin/systemctl condrestart pki-ocspd@${inst}.service
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+%fix_tomcat_log ocsp
+
+
+%post -n pki-tks
+# Attempt to update ALL old "TKS" instances to "systemd"
+if [ -d /etc/sysconfig/pki/tks ]; then
+ for inst in `ls /etc/sysconfig/pki/tks`; do
+ if [ ! -e "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service" ]; then
+ ln -s "/lib/systemd/system/pki-tksd at .service" \
+ "/etc/systemd/system/pki-tksd.target.wants/pki-tksd@${inst}.service"
+ [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst}
+ ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst}
+
+ if [ -e /var/run/${inst}.pid ]; then
+ kill -9 `cat /var/run/${inst}.pid` || :
+ rm -f /var/run/${inst}.pid
+ echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl restart pki-tksd@${inst}.service || :
+ else
+ echo "pkicreate.systemd.servicename=pki-tksd@${inst}.service" >> \
+ /var/lib/${inst}/conf/CS.cfg || :
+ fi
+ else
+ # Conditionally restart this Dogtag 9 instance
+ /bin/systemctl condrestart pki-tksd@${inst}.service
+ fi
+ done
+fi
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+%fix_tomcat_log tks
+
+
+## %post -n pki-server
+## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem
+## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
+## PKI deployment process
+
+
%preun -n pki-ca
if [ $1 = 0 ] ; then
/bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || :
@@ -594,14 +984,67 @@ if [ $1 = 0 ] ; then
fi
+%preun -n pki-kra
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-krad.target > /dev/null 2>&1 || :
+fi
+
+
+%preun -n pki-ocsp
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || :
+fi
+
+
+%preun -n pki-tks
+if [ $1 = 0 ] ; then
+ /bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || :
+ /bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || :
+fi
+
+
+## %preun -n pki-server
+## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem
+## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
+## PKI deployment process
+
+
%postun -n pki-ca
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
/bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || :
fi
-%endif
+%postun -n pki-kra
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-ocsp
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || :
+fi
+
+
+%postun -n pki-tks
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ "$1" -ge "1" ] ; then
+ /bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || :
+fi
+
+
+## %postun -n pki-server
+## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem
+## from EITHER 'sysVinit' OR previous 'systemd' processes to the new
+## PKI deployment process
+%endif
+
%files -n pki-setup
%defattr(-,root,root,-)
%doc base/setup/LICENSE
@@ -626,35 +1069,29 @@ fi
%{_jnidir}/symkey.jar
%{_libdir}/symkey/
-%files -n pki-native-tools
-%defattr(-,root,root,-)
-%doc base/native-tools/LICENSE base/native-tools/doc/README
-%{_bindir}/p7tool
-%{_bindir}/revoker
-%{_bindir}/setpin
-%{_bindir}/sslget
-%{_bindir}/tkstool
-%dir %{_datadir}/pki
-%{_datadir}/pki/native-tools/
-
-%files -n pki-util
+%files -n pki-base
%defattr(-,root,root,-)
-%doc base/util/LICENSE
+%doc base/common/LICENSE
%dir %{_javadir}/pki
%{_javadir}/pki/pki-cmsutil-%{version}.jar
%{_javadir}/pki/pki-cmsutil.jar
%{_javadir}/pki/pki-nsutil-%{version}.jar
%{_javadir}/pki/pki-nsutil.jar
+%{_javadir}/pki/pki-certsrv-%{version}.jar
+%{_javadir}/pki/pki-certsrv.jar
-%files -n pki-util-javadoc
-%defattr(-,root,root,-)
-%{_javadocdir}/pki-util-%{version}/
-
-
-%files -n pki-java-tools
+%files -n pki-tools
%defattr(-,root,root,-)
-%doc base/java-tools/LICENSE
+%doc base/native-tools/LICENSE base/native-tools/doc/README
+%{_bindir}/pki
+%{_bindir}/p7tool
+%{_bindir}/revoker
+%{_bindir}/setpin
+%{_bindir}/sslget
+%{_bindir}/tkstool
+%dir %{_datadir}/pki
+%{_datadir}/pki/native-tools/
%{_bindir}/AtoB
%{_bindir}/AuditVerify
%{_bindir}/BtoA
@@ -679,27 +1116,68 @@ fi
%{_javadir}/pki/pki-tools.jar
%{_datadir}/pki/java-tools/
-%files -n pki-java-tools-javadoc
-%defattr(-,root,root,-)
-%{_javadocdir}/pki-java-tools-%{version}/
-
-%files -n pki-common
+%files -n pki-server
%defattr(-,root,root,-)
-%doc base/common/LICENSE
-%{_javadir}/pki/pki-certsrv-%{version}.jar
-%{_javadir}/pki/pki-certsrv.jar
+%doc base/deploy/LICENSE
+%{_sbindir}/pkispawn
+%{_sbindir}/pkidestroy
+#%{_bindir}/pki-setup-proxy
+%dir %{python_sitelib}/pki
+%{python_sitelib}/pki/_*
+%{python_sitelib}/pki/deployment/
+%dir %{_datadir}/pki
+%dir %{_datadir}/pki/deployment
+%{_datadir}/pki/deployment/config/
+%dir %{_datadir}/pki/deployment/spawn
+%{_datadir}/pki/deployment/spawn/ca/
+%{_datadir}/pki/deployment/spawn/kra/
+%{_datadir}/pki/deployment/spawn/ocsp/
+%{_datadir}/pki/deployment/spawn/ra/
+%{_datadir}/pki/deployment/spawn/tks/
+%{_datadir}/pki/deployment/spawn/tps/
+%dir %{_datadir}/pki/deployment/destroy
+%{_datadir}/pki/deployment/destroy/ca/
+%{_datadir}/pki/deployment/destroy/kra/
+%{_datadir}/pki/deployment/destroy/ocsp/
+%{_datadir}/pki/deployment/destroy/ra/
+%{_datadir}/pki/deployment/destroy/tks/
+%{_datadir}/pki/deployment/destroy/tps/
+%dir %{_datadir}/pki/scripts
+%{_datadir}/pki/scripts/operations
+%dir %{_localstatedir}/lock/pki
+%dir %{_localstatedir}/run/pki
+%if 0%{?fedora} >= 16
+%{_bindir}/pkidaemon
+%endif
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants
+%{_unitdir}/pki-tomcatd at .service
+%{_unitdir}/pki-tomcatd.target
+%endif
%{_javadir}/pki/pki-cms-%{version}.jar
%{_javadir}/pki/pki-cms.jar
%{_javadir}/pki/pki-cmsbundle-%{version}.jar
%{_javadir}/pki/pki-cmsbundle.jar
%{_javadir}/pki/pki-cmscore-%{version}.jar
%{_javadir}/pki/pki-cmscore.jar
-%{_datadir}/pki/setup/
+%{_javadir}/pki/pki-tomcat-%{version}.jar
+%{_javadir}/pki/pki-tomcat.jar
+%dir %{_localstatedir}/lock/pki/tomcat
+%dir %{_localstatedir}/run/pki/tomcat
-%files -n pki-common-javadoc
-%defattr(-,root,root,-)
-%{_javadocdir}/pki-common-%{version}/
+%if 0%{?fedora} >= 15
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
+%endif
+
+%{_datadir}/pki/setup/
+%dir %{_datadir}/pki/shared
+%{_datadir}/pki/shared/
%files -n pki-selinux
@@ -725,8 +1203,8 @@ fi
%{_datadir}/pki/ca/emails/
%dir %{_datadir}/pki/ca/profiles
%{_datadir}/pki/ca/profiles/ca/
-%{_datadir}/pki/ca/webapps/
%{_datadir}/pki/ca/setup/
+%{_datadir}/pki/ca/webapps/
%dir %{_localstatedir}/lock/pki/ca
%dir %{_localstatedir}/run/pki/ca
%if 0%{?fedora} >= 15
@@ -739,6 +1217,90 @@ fi
%endif
+%files -n pki-kra
+%defattr(-,root,root,-)
+%doc base/kra/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-krad.target.wants
+%{_unitdir}/pki-krad at .service
+%{_unitdir}/pki-krad.target
+%else
+%{_initrddir}/pki-krad
+%endif
+%{_javadir}/pki/pki-kra-%{version}.jar
+%{_javadir}/pki/pki-kra.jar
+%dir %{_datadir}/pki/kra
+%{_datadir}/pki/kra/conf/
+%{_datadir}/pki/kra/setup/
+%{_datadir}/pki/kra/webapps/
+%dir %{_localstatedir}/lock/pki/kra
+%dir %{_localstatedir}/run/pki/kra
+%if 0%{?fedora} >= 15
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-kra.conf
+%endif
+
+
+%files -n pki-ocsp
+%defattr(-,root,root,-)
+%doc base/ocsp/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-ocspd.target.wants
+%{_unitdir}/pki-ocspd at .service
+%{_unitdir}/pki-ocspd.target
+%else
+%{_initrddir}/pki-ocspd
+%endif
+%{_javadir}/pki/pki-ocsp-%{version}.jar
+%{_javadir}/pki/pki-ocsp.jar
+%dir %{_datadir}/pki/ocsp
+%{_datadir}/pki/ocsp/conf/
+%{_datadir}/pki/ocsp/setup/
+%{_datadir}/pki/ocsp/webapps/
+%dir %{_localstatedir}/lock/pki/ocsp
+%dir %{_localstatedir}/run/pki/ocsp
+%if 0%{?fedora} >= 15
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
+%endif
+
+
+%files -n pki-tks
+%defattr(-,root,root,-)
+%doc base/tks/LICENSE
+%if 0%{?fedora} >= 16
+%dir %{_sysconfdir}/systemd/system/pki-tksd.target.wants
+%{_unitdir}/pki-tksd at .service
+%{_unitdir}/pki-tksd.target
+%else
+%{_initrddir}/pki-tksd
+%endif
+%{_javadir}/pki/pki-tks-%{version}.jar
+%{_javadir}/pki/pki-tks.jar
+%dir %{_datadir}/pki/tks
+%{_datadir}/pki/tks/conf/
+%{_datadir}/pki/tks/setup/
+%{_datadir}/pki/tks/webapps/
+%dir %{_localstatedir}/lock/pki/tks
+%dir %{_localstatedir}/run/pki/tks
+%if 0%{?fedora} >= 15
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tks.conf
+%endif
+
+
%files -n pki-silent
%defattr(-,root,root,-)
%doc base/silent/LICENSE
@@ -748,69 +1310,128 @@ fi
%{_datadir}/pki/silent/
+%if %{?_without_javadoc:0}%{!?_without_javadoc:1}
+%files -n pki-javadoc
+%defattr(-,root,root,-)
+%{_javadocdir}/pki-%{version}/
+%endif
+
+
%changelog
-* Fri Jul 20 2012 Ade Lee <alee at redhat.com> 9.0.21-1
-- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
+* Thu Sep 13 2012 Ade Lee <alee at redhat.com> 10.0.0-0.33.a1
+- Added Conflicts for IPA 2.X
+- Added build requires for zip to work around mock problem
+
+* Wed Sep 12 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.32.a1
+- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances
+ upon RPM "update" . . .
+- TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy"
+ from /usr/bin to /usr/sbin . . .
+
+* Wed Sep 12 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.31.a1
+- Fixed pki-server to include everything in shared dir.
+
+* Tue Sep 11 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.30.a1
+- Added build dependency on redhat-rpm-config.
+
+* Thu Aug 30 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.29.a1
+- Merged Javadoc packages.
+
+* Thu Aug 30 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.28.a1
+- Added pki-tomcat.jar.
+
+* Thu Aug 30 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.27.a1
+- Moved webapp creation code into pkispawn.
+
+* Mon Aug 20 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.26.a1
+- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.
+
+* Mon Aug 20 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.25.a1
+- Merged pki-native-tools and pki-java-tools into pki-tools.
+- Modified pki-server to depend on pki-tools.
+
+* Mon Aug 20 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.24.a1
+- Split pki-common into pki-base and pki-server.
+- Merged pki-util into pki-base.
+- Merged pki-deploy into pki-server.
+
+* Thu Aug 16 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.23.a1
+- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17
+- Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy'
+- Altered PKI Package Dependency Chain (top-to-bottom):
+ pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common
-* Mon May 7 2012 Andrew Wnuk <awnuk at redhat.com> 9.0.20-1
-- New official build
+* Mon Aug 13 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.22.a1
+- Added pki-client.jar.
-* Mon May 7 2012 Ade Lee <alee at redhat.com> 9.0.19-4
-- Bugzilla Bug #819111 - non-existent container breaks replication
+* Fri Jul 27 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.21.a1
+- Merged pki-jndi-realm.jar into pki-cmscore.jar.
-* Mon Apr 16 2012 Ade Lee <alee at redhat.com> 9.0.19-3
-- Bugzilla Bug #813075 - selinux denial for file size access
+* Tue Jul 24 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.20.a1
+- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully
+ via mock on Fedora 17 . . .
-* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.19-2
-- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
+* Wed Jul 11 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.19.a1
+- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)
-* Fri Mar 16 2012 Ade Lee <alee at redhat.com> 9.0.19-1
+* Thu Jun 14 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.18.a1
+- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18
+
+* Mon May 29 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.17.a1
+- Added CLI for REST services
+
+* Fri May 18 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.16.a1
+- Integration of Tomcat 7
+- Addition of centralized 'pki-tomcatd' systemd functionality to the
+ PKI Deployment strategy
+- Removal of 'pki_flavor' attribute
+
+* Mon Apr 16 2012 Ade Lee <alee at redhat.com> 10.0.0-0.15.a1
+- BZ 813075 - selinux denial for file size access
+
+* Thu Apr 5 2012 Christina Fu <cfu at redhat.com> 10.0.0-0.14.a1
+- Bug 745278 - [RFE] ECC encryption keys cannot be archived
+
+* Fri Mar 27 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.13.a1
+- Replaced candlepin-deps with resteasy
+
+* Fri Mar 23 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.12.a1
+- Added option to build without Javadoc
+
+* Fri Mar 16 2012 Ade Lee <alee at redhat.com> 10.0.0-0.11.a1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
- Corrected patch selected for selinux f17 rules
-* Fri Mar 9 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.18-1
-- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
- with DOGTAG_9_BRANCH SVN repository . . .
-- 'pki-setup'
-- 'pki-symkey'
-- 'pki-native-tools'
-- 'pki-util'
-- Bugzilla Bug #784387 - Configuration wizard does not provide option
- to issue ECC credentials for admin during ECC CA configuration.
-- 'pki-java-tools'
-- 'pki-common'
-- Bugzilla Bug #768138 - Make sure that paging works correctly in CA
- and DRM
-- Bugzilla Bug #771768 - "Agent-Authenticated File Signing" alters
- file digest for "logo_header.gif"
-- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
- problem for handling non-dual ECC
-- Bugzilla Bug #223358 - new profile for ECC key generation
-- Bugzilla Bug #787806 - RSA should be default selection for transport
- key till "ECC phase 4" is implemented
-- 'pki-selinux'
-- 'pki-ca'
-- Bugzilla Bug #703608 - Enrollment Profile template Javascript code
- problem for handling non-dual ECC
-- Bugzilla Bug #223358 - new profile for ECC key generation
-- Bugzilla Bug #787806 - RSA should be default selection for transport
- key till "ECC phase 4" is implemented
-- 'pki-silent'
-- Bugzilla Bug #801840 - pki_silent.template missing opening brace for
- ca_external variable
+* Wed Mar 14 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.10.a1
+- Corrected 'junit' dependency check
-* Fri Mar 2 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-4
+* Mon Mar 12 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.9.a1
+- Initial attempt at PKI deployment framework described in
+ 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.
+
+* Fri Mar 09 2012 Jack Magne <jmagne at redhat.com> 10.0.0-0.8.a1
+- Added support for pki-jndi-realm in tomcat6 in pki-common
+ and pki-kra.
+- Ticket #69.
+
+* Fri Mar 2 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.7.a1
- For 'mock' purposes, removed platform-specific logic from around
the 'patch' files so that ALL 'patch' files will be included in
the SRPM.
-* Tue Feb 28 2012 Ade Lee <alee at redhat.com> 9.0.17-3
+* Wed Feb 29 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.6.a1
+- Removed dependency on OSUtil.
+
+* Tue Feb 28 2012 Ade Lee <alee at redhat.com> 10.0.0-0.5.a1
- 'pki-selinux'
- Added platform-dependent patches for SELinux component
- Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
-* Wed Feb 22 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-2
+* Wed Feb 23 2012 Endi S. Dewata <edewata at redhat.com> 10.0.0-0.4.a1
+- Added dependency on Apache Commons Codec.
+
+* Wed Feb 22 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.3.a1
- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
in fundamental path structure in Fedora 17
- 'pki-setup'
@@ -820,29 +1441,21 @@ fi
- 'pki-selinux'
- Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
-* Thu Jan 5 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.17-1
-- 'pki-setup'
-- 'pki-symkey'
-- 'pki-native-tools'
-- Bugzilla Bug #771357 - sslget does not work after FEDORA-2011-17400
- update, breaking FreeIPA install
-- 'pki-util'
-- 'pki-java-tools'
-- Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the
- middle of an ldif entry.
-- 'pki-common'
-- Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays
- issuedcerts and cert_Info params as base 64 blobs.
-- Bugzilla Bug #756133 - Some DRM components are not referring properly
- to DRM's request and key records.
-- Bugzilla Bug #758505 - DRM's request list breaks after migration of
- request records with big IDs.
-- Bugzilla Bug #768138 - Make sure that paging works correctly in CA and
- DRM
-- 'pki-selinux'
-- 'pki-ca'
-- 'pki-silent'
+* Mon Feb 20 2012 Matthew Harmsen <mharmsen at redhat.com> 10.0.0-0.2.a1
+- Integrated 'pki-kra' into 'pki-core'
+- Integrated 'pki-ocsp' into 'pki-core'
+- Integrated 'pki-tks' into 'pki-core'
+- Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements
+
+* Wed Feb 1 2012 Nathan Kinder <nkinder at redhat.com> 10.0.0-0.1.a1
+- Updated package version number
+
+* Mon Jan 16 2012 Ade Lee <alee at redhat.com> 9.0.16-3
+- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup
+* Mon Nov 28 2011 Endi S. Dewata <edewata at redhat.com> 9.0.16-2
+- Added JUnit tests
+
* Fri Oct 28 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.16-1
- 'pki-setup'
- 'pki-symkey'
diff --git a/sources b/sources
index f3de0b5..fb773db 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a29de360d042d1cf8094c763d0993783 pki-core-9.0.21.tar.gz
+489d93c7c92e6c5187dac1ab277f535a pki-core-10.0.0.a1.tar.gz
More information about the scm-commits
mailing list