[pki-core] Initial F20 import
Ade Lee
vakwetu at fedoraproject.org
Wed Sep 18 20:58:18 UTC 2013
commit 553626be028c49faf4706cc842c241b600306ad0
Author: Ade Lee <alee at redhat.com>
Date: Wed Sep 18 16:58:08 2013 -0400
Initial F20 import
.gitignore | 1 +
pki-core.spec | 212 +++++++++++++++++++++++++++++++-------------------------
sources | 2 +-
3 files changed, 119 insertions(+), 96 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index ed1769b..d76e4bf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,4 @@
/pki-core-10.0.3.tar.gz
/pki-core-10.0.4.tar.gz
/pki-core-10.0.5.tar.gz
+/pki-core-10.1.0.tar.gz
diff --git a/pki-core.spec b/pki-core.spec
index 96e8d02..a6fceb4 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -4,8 +4,8 @@ distutils.sysconfig import get_python_lib; print(get_python_lib())")}
distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: pki-core
-Version: 10.0.5
-Release: 1%{?dist}
+Version: 10.1.0
+Release: 0.10%{?dist}
Summary: Certificate System - PKI Core Components
URL: http://pki.fedoraproject.org/
License: GPLv2
@@ -15,7 +15,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: cmake >= 2.8.9-1
BuildRequires: zip
-BuildRequires: java-devel >= 1:1.6.0
+BuildRequires: java-devel >= 1:1.7.0
BuildRequires: redhat-rpm-config
BuildRequires: ldapjdk
BuildRequires: apache-commons-cli
@@ -40,6 +40,11 @@ BuildRequires: resteasy-base-jettison-provider
BuildRequires: resteasy >= 2.3.2-1
%endif
+BuildRequires: pylint
+BuildRequires: python-requests
+BuildRequires: libselinux-python
+BuildRequires: policycoreutils-python
+BuildRequires: python-ldap
BuildRequires: junit
BuildRequires: jpackage-utils >= 0:1.7.5-10
%if 0%{?rhel} || 0%{?fedora} >= 19
@@ -99,17 +104,19 @@ PKI Core contains ALL top-level java-based Tomcat PKI components: \
* pki-selinux (f17 only) \
* pki-server \
* pki-ca \
- * pki-kra (fedora only) \
- * pki-ocsp (fedora only) \
- * pki-tks (fedora only) \
+ * pki-kra \
+ * pki-ocsp \
+ * pki-tks \
+ * pki-tps-tomcat \
* pki-javadoc \
\
which comprise the following corresponding PKI subsystems: \
\
* Certificate Authority (CA) \
- * Data Recovery Manager (DRM) (fedora only) \
- * Online Certificate Status Protocol (OCSP) Manager (fedora only) \
- * Token Key Service (TKS) (fedora only) \
+ * Data Recovery Manager (DRM) \
+ * Online Certificate Status Protocol (OCSP) Manager \
+ * Token Key Service (TKS) \
+ * Token Processing Service (TPS) \
\
For deployment purposes, PKI Core contains fundamental packages \
required by BOTH native-based Apache AND java-based Tomcat \
@@ -155,7 +162,7 @@ least one PKI Theme package: \
Summary: Symmetric Key JNI Package
Group: System Environment/Libraries
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: nss
Requires: jpackage-utils >= 0:1.7.5-10
%if 0%{?rhel} || 0%{?fedora} >= 19
@@ -195,7 +202,7 @@ Requires: apache-commons-codec
Requires: apache-commons-io
Requires: apache-commons-lang
Requires: apache-commons-logging
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: javassist
Requires: jettison
Requires: jpackage-utils >= 0:1.7.5-10
@@ -242,7 +249,7 @@ Obsoletes: pki-java-tools < %{version}-%{release}
Requires: openldap-clients
Requires: nss
Requires: nss-tools
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: pki-base = %{version}-%{release}
Requires: jpackage-utils >= 0:1.7.5-10
@@ -269,7 +276,7 @@ Obsoletes: pki-deploy < %{version}-%{release}
Obsoletes: pki-setup < %{version}-%{release}
Obsoletes: pki-silent < %{version}-%{release}
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: java-atk-wrapper
Requires: net-tools
Requires: perl(File::Slurp)
@@ -278,7 +285,6 @@ Requires: perl-Crypt-SSLeay
Requires: policycoreutils
Requires: openldap-clients
Requires: pki-base = %{version}-%{release}
-Requires: pki-symkey = %{version}-%{release}
Requires: pki-tools = %{version}-%{release}
%if ! 0%{?rhel} && 0%{?fedora} <= 17
@@ -309,8 +315,9 @@ The PKI Server Framework is required by the following four PKI subsystems:
the Certificate Authority (CA),
the Data Recovery Manager (DRM),
- the Online Certificate Status Protocol (OCSP) Manager, and
- the Token Key Service (TKS).
+ the Online Certificate Status Protocol (OCSP) Manager,
+ the Token Key Service (TKS), and
+ the Token Processing Service (TPS).
This package is a part of the PKI Core used by the Certificate System.
The package contains scripts to create and remove PKI subsystems.
@@ -343,7 +350,7 @@ Group: System Environment/Daemons
BuildArch: noarch
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: pki-server = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
@@ -364,14 +371,13 @@ provided by the PKI Core used by the Certificate System.
%{overview}
-%if ! 0%{?rhel}
%package -n pki-kra
Summary: Certificate System - Data Recovery Manager
Group: System Environment/Daemons
BuildArch: noarch
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: pki-server = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
@@ -396,17 +402,15 @@ This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
%{overview}
-%endif
-%if ! 0%{?rhel}
%package -n pki-ocsp
Summary: Certificate System - Online Certificate Status Protocol Manager
Group: System Environment/Daemons
BuildArch: noarch
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: pki-server = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
@@ -438,18 +442,17 @@ This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
%{overview}
-%endif
-%if ! 0%{?rhel}
%package -n pki-tks
Summary: Certificate System - Token Key Service
Group: System Environment/Daemons
BuildArch: noarch
-Requires: java >= 1:1.6.0
+Requires: java >= 1:1.7.0
Requires: pki-server = %{version}-%{release}
+Requires: pki-symkey = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
@@ -474,7 +477,38 @@ This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
%{overview}
-%endif
+
+
+%package -n pki-tps-tomcat
+Summary: Certificate System - Token Processing Service
+Group: System Environment/Daemons
+
+BuildArch: noarch
+
+Provides: pki-tps
+Requires: java >= 1:1.7.0
+Requires: pki-server = %{version}-%{release}
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+
+%description -n pki-tps-tomcat
+The Token Processing System (TPS) is an optional PKI subsystem that acts
+as a Registration Authority (RA) for authenticating and processing
+enrollment requests, PIN reset requests, and formatting requests from
+the Enterprise Security Client (ESC).
+
+TPS is designed to communicate with tokens that conform to
+Global Platform's Open Platform Specification.
+
+TPS communicates over SSL with various PKI backend subsystems (including
+the Certificate Authority (CA), the Data Recovery Manager (DRM), and the
+Token Key Service (TKS)) to fulfill the user's requests.
+
+TPS also interacts with the token database, an LDAP server that stores
+information about individual tokens.
+
+%{overview}
%package -n pki-javadoc
@@ -522,11 +556,6 @@ cd build
%if ! 0%{?rhel} && 0%{?fedora} <= 17
-DBUILD_PKI_SELINUX:BOOL=ON \
%endif
-%if 0%{?rhel}
- -DBUILD_PKI_KRA:BOOL=OFF \
- -DBUILD_PKI_OCSP:BOOL=OFF \
- -DBUILD_PKI_TKS:BOOL=OFF \
-%endif
..
%{__make} VERBOSE=1 %{?_smp_mflags} all
# %{__make} VERBOSE=1 %{?_smp_mflags} test
@@ -537,6 +566,12 @@ cd build
cd build
%{__make} install DESTDIR=%{buildroot} INSTALL="install -p"
+# Scanning the python code with pylint. A return value of 0 represents there are no
+# errors or warnings reported by pylint.
+sh ../pylint-build-scan.sh %{buildroot} `pwd`
+if [ $? -eq 1 ]; then
+ exit 1
+fi
# Fedora 18 and 17: Substitute 'tomcat7jss.jar' for 'tomcatjss.jar'
%if ! 0%{?rhel} && 0%{?fedora} <= 18
sed -i -e 's/grant codeBase "file:\/usr\/share\/java\/tomcatjss.jar" {/grant codeBase "file:\/usr\/share\/java\/tomcat7jss.jar" {/' %{buildroot}%{_datadir}/pki/server/conf/pki.policy
@@ -555,43 +590,37 @@ echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfile
echo "D /var/lock/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
echo "D /var/run/pki/ca 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ca.conf
-%if ! 0%{?rhel}
# generate 'pki-kra.conf' under the 'tmpfiles.d' directory
echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
echo "D /var/lock/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
echo "D /var/run/pki/kra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-kra.conf
-%endif
-%if ! 0%{?rhel}
# generate 'pki-ocsp.conf' under the 'tmpfiles.d' directory
echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
echo "D /var/lock/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
echo "D /var/run/pki/ocsp 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
-%endif
# generate 'pki-tomcat.conf' under the 'tmpfiles.d' directory
echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
echo "D /var/lock/pki/tomcat 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
echo "D /var/run/pki/tomcat 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tomcat.conf
-%if ! 0%{?rhel}
# generate 'pki-tks.conf' under the 'tmpfiles.d' directory
echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
echo "D /var/lock/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf
-%endif
+# generate 'pki-tps.conf' under the 'tmpfiles.d' directory
+echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
+echo "D /var/lock/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
+echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
+echo "D /var/run/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf
%{__rm} %{buildroot}%{_initrddir}/pki-cad
-%if ! 0%{?rhel}
%{__rm} %{buildroot}%{_initrddir}/pki-krad
-%endif
-%if ! 0%{?rhel}
%{__rm} %{buildroot}%{_initrddir}/pki-ocspd
-%endif
-%if ! 0%{?rhel}
%{__rm} %{buildroot}%{_initrddir}/pki-tksd
-%endif
+%{__rm} %{buildroot}%{_initrddir}/pki-tpsd
%{__rm} -rf %{buildroot}%{_datadir}/pki/server/lib
@@ -722,7 +751,6 @@ fi
%fix_tomcat_log ca
-%if ! 0%{?rhel}
%post -n pki-kra
# Attempt to update ALL old "KRA" instances to "systemd"
if [ -d /etc/sysconfig/pki/kra ]; then
@@ -752,10 +780,8 @@ if [ -d /etc/sysconfig/pki/kra ]; then
fi
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%fix_tomcat_log kra
-%endif
-%if ! 0%{?rhel}
%post -n pki-ocsp
# Attempt to update ALL old "OCSP" instances to "systemd"
if [ -d /etc/sysconfig/pki/ocsp ]; then
@@ -785,10 +811,8 @@ if [ -d /etc/sysconfig/pki/ocsp ]; then
fi
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%fix_tomcat_log ocsp
-%endif
-%if ! 0%{?rhel}
%post -n pki-tks
# Attempt to update ALL old "TKS" instances to "systemd"
if [ -d /etc/sysconfig/pki/tks ]; then
@@ -818,7 +842,6 @@ if [ -d /etc/sysconfig/pki/tks ]; then
fi
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%fix_tomcat_log tks
-%endif
%post -n pki-server
@@ -838,31 +861,25 @@ if [ $1 = 0 ] ; then
fi
-%if ! 0%{?rhel}
%preun -n pki-kra
if [ $1 = 0 ] ; then
/bin/systemctl --no-reload disable pki-krad.target > /dev/null 2>&1 || :
/bin/systemctl stop pki-krad.target > /dev/null 2>&1 || :
fi
-%endif
-%if ! 0%{?rhel}
%preun -n pki-ocsp
if [ $1 = 0 ] ; then
/bin/systemctl --no-reload disable pki-ocspd.target > /dev/null 2>&1 || :
/bin/systemctl stop pki-ocspd.target > /dev/null 2>&1 || :
fi
-%endif
-%if ! 0%{?rhel}
%preun -n pki-tks
if [ $1 = 0 ] ; then
/bin/systemctl --no-reload disable pki-tksd.target > /dev/null 2>&1 || :
/bin/systemctl stop pki-tksd.target > /dev/null 2>&1 || :
fi
-%endif
## %preun -n pki-server
@@ -878,31 +895,25 @@ if [ "$1" -ge "1" ] ; then
fi
-%if ! 0%{?rhel}
%postun -n pki-kra
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
/bin/systemctl try-restart pki-krad.target >/dev/null 2>&1 || :
fi
-%endif
-%if ! 0%{?rhel}
%postun -n pki-ocsp
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
/bin/systemctl try-restart pki-ocspd.target >/dev/null 2>&1 || :
fi
-%endif
-%if ! 0%{?rhel}
%postun -n pki-tks
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ] ; then
/bin/systemctl try-restart pki-tksd.target >/dev/null 2>&1 || :
fi
-%endif
## %postun -n pki-server
@@ -982,7 +993,6 @@ fi
%{_sbindir}/pkidestroy
%{_sbindir}/pki-server-upgrade
#%{_bindir}/pki-setup-proxy
-%{python_sitelib}/pki/deployment/
%{python_sitelib}/pki/server/
%dir %{_datadir}/pki/deployment
%{_datadir}/pki/deployment/config/
@@ -1057,7 +1067,6 @@ fi
%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ca.conf
-%if ! 0%{?rhel}
%files -n pki-kra
%defattr(-,root,root,-)
%doc base/kra/LICENSE
@@ -1077,10 +1086,8 @@ fi
# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
#
%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-kra.conf
-%endif
-%if ! 0%{?rhel}
%files -n pki-ocsp
%defattr(-,root,root,-)
%doc base/ocsp/LICENSE
@@ -1100,10 +1107,8 @@ fi
# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
#
%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ocsp.conf
-%endif
-%if ! 0%{?rhel}
%files -n pki-tks
%defattr(-,root,root,-)
%doc base/tks/LICENSE
@@ -1123,7 +1128,27 @@ fi
# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
#
%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tks.conf
-%endif
+
+
+%files -n pki-tps-tomcat
+%defattr(-,root,root,-)
+%doc base/tps/LICENSE
+%dir %{_sysconfdir}/systemd/system/pki-tpsd.target.wants
+%{_unitdir}/pki-tpsd at .service
+%{_unitdir}/pki-tpsd.target
+%{_javadir}/pki/pki-tps.jar
+%dir %{_datadir}/pki/tps
+%{_datadir}/pki/tps/conf/
+%{_datadir}/pki/tps/setup/
+%{_datadir}/pki/tps/webapps/
+%dir %{_localstatedir}/lock/pki/tps
+%dir %{_localstatedir}/run/pki/tps
+# Details:
+#
+# * https://fedoraproject.org/wiki/Features/var-run-tmpfs
+# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft
+#
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tps.conf
%if %{?_without_javadoc:0}%{!?_without_javadoc:1}
@@ -1134,44 +1159,41 @@ fi
%changelog
-* Fri Sep 6 2013 Ade Lee <alee at redhat.com> 10.0.5-1
-- Roll release to next version
-
-* Fri Aug 2 2013 Ade Lee <alee at redhat.com> 10.0.4-2
-- Trac Ticket 699 - on upgrade to F19, CA fails to start.
+* Wed Aug 14 2013 Endi S. Dewata <edewata at redhat.com> 10.1.0-0.10
+- Moved Tomcat-based TPS into pki-core.
-* Thu Jul 25 2013 Ade Lee <alee at redhat.com> 10.0.4-1
-- Change release number for official release
+* Wed Aug 14 2013 Abhishek Koneru <akoneru at redhat.com> 10.1.0.0.9
+- Listed new packages required during build, due to issues reported
+ by pylint.
+- Packages added: python-requests, python-ldap, libselinux-python,
+ policycoreutils-python
-* Wed Jul 24 2013 Matthew Harmsen <mharmsen at redhat.com> 10.0.4-0.4
-- Bugzilla Bug #986506 - Need to determine RPM packages to be excluded
- from compose . . . (exclude pki-kra, pki-ocsp, and pki-tks from rhel 7)
-
-* Wed Jul 17 2013 Endi S. Dewata <edewata at redhat.com> 10.0.4-0.3
+* Fri Aug 09 2013 Abhishek Koneru <akoneru at redhat.com> 10.1.0.0.8
+- Added pylint scan to the build process.
+
+* Mon Jul 22 2013 Endi S. Dewata <edewata at redhat.com> 10.1.0-0.7
- Added man pages for upgrade tools.
+
+* Wed Jul 17 2013 Endi S. Dewata <edewata at redhat.com> 10.1.0-0.6
- Cleaned up the code to install man pages.
-* Tue Jul 9 2013 Ade Lee <alee at redhat.com> 10.0.4-0.2
+* Tue Jul 16 2013 Endi S. Dewata <edewata at redhat.com> 10.1.0-0.5
+- Reorganized deployment tools.
+
+* Tue Jul 9 2013 Ade Lee <alee at redhat.com> 10.1.0-0.4
- Bugzilla Bug 973224 - resteasy-base must be split into subpackages
to simplify dependencies
-* Wed Jun 26 2013 Ade Lee <alee at redhat.com> 10.0.4-0.1
-- Roll release to next version
-
-* Mon Jun 10 2013 Ade Lee <alee at redhat.com> 10.0.3-2
-- TRAC Ticket 646 - PKCS12Export fails on F19
-- Bugzilla Bug 961522 - allows key to be exported
-
-* Thu Jun 6 2013 Ade Lee <alee at redhat.com> 10.0.3-1
-- Change release number for official release.
+* Fri Jun 14 2013 Endi S. Dewata <edewata at redhat.com> 10.1.0-0.3
+- Updated dependencies to Java 1.7.
-* Wed Jun 5 2013 Matthew Harmsen <mharmsen at redhat.com> 10.0.3-0.2
+* Wed Jun 5 2013 Matthew Harmsen <mharmsen at redhat.com> 10.1.0-0.2
- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page
- TRAC Ticket 610 - Document limitation in using GUI install
- TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory
-* Tue May 7 2013 Ade Lee <alee at redhat.com> 10.0.3-0.1
-- Roll release to next version.
+* Tue May 7 2013 Ade Lee <alee at redhat.com> 10.1.0-0.1
+- Change release number for 10.1 development
* Mon May 6 2013 Endi S. Dewata <edewata at redhat.com> 10.0.2-5
- Fixed incorrect JNI_JAR_DIR.
diff --git a/sources b/sources
index 4bb55a5..94fd2ad 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-004bd74d7df6e862e6b4db69ee881868 pki-core-10.0.5.tar.gz
+784439d17c982491dd959588a0450006 pki-core-10.1.0.tar.gz
More information about the scm-commits
mailing list