diff --git a/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch b/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch deleted file mode 100644 index ef430f0..0000000 --- a/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d57b32e2b4e0f7aa43f8f38e7ce539da6e0e93d7 Mon Sep 17 00:00:00 2001 -From: Dinesh Prasanth M K -Date: Wed, 14 Aug 2019 17:36:38 -0400 -Subject: [PATCH] Fix URL redirection for KRA and OCSP web UI (#241) - -Fixes changes introduced via commit: 2210c2a - -Signed-off-by: Dinesh Prasanth M K ---- - base/kra/shared/webapps/kra/services.template | 2 +- - base/ocsp/shared/webapps/ocsp/services.template | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/base/kra/shared/webapps/kra/services.template b/base/kra/shared/webapps/kra/services.template -index 941fb5277..930b41345 100644 ---- a/base/kra/shared/webapps/kra/services.template -+++ b/base/kra/shared/webapps/kra/services.template -@@ -106,7 +106,7 @@ Certificate System DRM Services Page - - - --
  • SSL End Users Services -+
  • Agent Services - - - -diff --git a/base/ocsp/shared/webapps/ocsp/services.template b/base/ocsp/shared/webapps/ocsp/services.template -index c1c2839bb..5cc662845 100644 ---- a/base/ocsp/shared/webapps/ocsp/services.template -+++ b/base/ocsp/shared/webapps/ocsp/services.template -@@ -106,7 +106,7 @@ Certificate System OCSP Services Page - - - --
  • SSL End Users Services -+
  • Agent Services - - - --- -2.21.0 - diff --git a/pki-10.7.3.tar.gz b/pki-10.7.3.tar.gz deleted file mode 100644 index 7981c4e..0000000 Binary files a/pki-10.7.3.tar.gz and /dev/null differ diff --git a/pki-core.spec b/pki-core.spec index 1025b38..8553839 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -2,24 +2,24 @@ %define debug_package %{nil} %define _unpackaged_files_terminate_build 0 +%define java_devel java-18-openjdk-devel +%define java_headless java-18-openjdk-headless +%define java_home /usr/lib/jvm/jre-18-openjdk + Name: pki-core -Version: 10.7.3 -Release: 4 +Version: 11.0.0 +Release: 1 Summary: The PKI Core Package License: GPLv2 and LGPLv2 URL: http://www.dogtagpki.org/ -Source0: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{version}.tar.gz +Source0: https://github.com/dogtagpki/pki/archive/v%{version}/pki-v%{version}.tar.gz Source1: https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz -Patch1: 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch -Patch2: remove-sslget-V-option.patch -Patch3: remove-revoker-V-option.patch - -BuildRequires: git make cmake >= 2.8.9-1 gcc-c++ zip java-1.8.0-openjdk-devel +BuildRequires: git make cmake >= 2.8.9-1 gcc-c++ zip java-latest-openjdk-devel java-latest-openjdk-headless BuildRequires: ldapjdk >= 4.21.0 apache-commons-cli apache-commons-codec apache-commons-io BuildRequires: apache-commons-lang jakarta-commons-httpclient glassfish-jaxb-api slf4j BuildRequires: slf4j-jdk14 nspr-devel nss-devel >= 3.36.1 python3-lxml python3-sphinx BuildRequires: velocity xalan-j2 xerces-j2 resteasy-jackson2-provider >= 3.0.17-1 -BuildRequires: jboss-annotations-1.2-api jboss-jaxrs-2.0-api jboss-logging +BuildRequires: jboss-annotations-1.2-api jboss-jaxrs-2.0-api jboss-logging apache-commons-net BuildRequires: resteasy-atom-provider >= 3.0.17-1 resteasy-client >= 3.0.17-1 BuildRequires: resteasy-jaxb-provider >= 3.0.17-1 resteasy-core >= 3.0.17-1 BuildRequires: python3 python3-devel python3-cryptography python3-ldap python3-libselinux @@ -38,7 +38,7 @@ manage enterprise Public Key Infrastructure deployments. %package -n pki-symkey Summary: The PKI Symmetric Key Package -Requires: java-1.8.0-openjdk-headless jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 +Requires: java-latest-openjdk-headless jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 Requires: nss >= 3.38.0 Conflicts: pki-symkey < %{version} pki-javadoc < %{version} Conflicts: pki-server-theme < %{version} pki-console-theme < %{version} @@ -71,7 +71,7 @@ This package is included in the Python 3 PKI client library . %package -n pki-base-java Summary: The PKI Base Java Package BuildArch: noarch -Requires: java-1.8.0-openjdk-headless apache-commons-cli apache-commons-codec +Requires: java-latest-openjdk-headless apache-commons-cli apache-commons-codec Requires: apache-commons-io apache-commons-lang apache-commons-logging Requires: jakarta-commons-httpclient glassfish-jaxb-api slf4j slf4j-jdk14 Requires: jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 pki-base = %{version} @@ -210,7 +210,7 @@ tar -xf %{SOURCE1} %build tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'` if [ $tomcat_version == "9.0" ]; then - app_server=tomcat-8.5 + app_server=tomcat-9.0 else app_server=tomcat-$tomcat_version fi @@ -224,7 +224,7 @@ cd build %cmake \ --no-warn-unused-cli -DVERSION=%{version}-%{release} \ - -DVAR_INSTALL_DIR:PATH=/var -DJAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk \ + -DVAR_INSTALL_DIR:PATH=/var -DJAVA_HOME=%{java_home} \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -DAPP_SERVER=$app_server \ -DJAXRS_API_JAR=/usr/share/java/jboss-jaxrs-2.0-api.jar \ @@ -318,7 +318,6 @@ fi %doc base/symkey/LICENSE %{_jnidir}/symkey.jar %{_libdir}/symkey/ -%exclude %{buildroot}%{_datadir}/pki/lib/scannotation.jar %files -n pki-base %doc base/common/LICENSE @@ -326,8 +325,10 @@ fi %doc %{_datadir}/doc/pki-base/html %dir %{_datadir}/pki %{_datadir}/pki/VERSION +%{_datadir}/pki/pom.xml %dir %{_datadir}/pki/etc %{_datadir}/pki/etc/{logging.properties,pki.conf} +%dir %{_datadir}/pki/lib %dir %{_datadir}/pki/scripts %{_datadir}/pki/{scripts/config,upgrade/,key/templates} %dir %{_sysconfdir}/pki @@ -350,13 +351,12 @@ fi %{python3_sitelib}/pki %files -n pki-tools -%doc base/native-tools/LICENSE base/native-tools/doc/README +%doc base/tools/LICENSE base/tools/doc/README %{_bindir}/{pki,p7tool,revoker,setpin} -%{_bindir}/{sslget,tkstool,AtoB,AuditVerify} -%{_datadir}/pki/native-tools/ +%{_bindir}/{sslget,tkstool,AtoB,AuditVerify} %{_bindir}/{BtoA,CMCEnroll,CMCRequest} -%{_bindir}/{CMCResponse,CMCRevoke} -%{_bindir}/{CMCSharedToken,CRMFPopClient} +%{_bindir}/{CMCResponse,CMCRevoke,p12tool} +%{_bindir}/{CMCSharedToken,CRMFPopClient,pistool} %{_bindir}/DRMTool %{_bindir}/ExtJoiner %{_bindir}/{GenExtKeyUsage,GenIssuerAltNameExt} @@ -365,15 +365,18 @@ fi %{_bindir}/{PKCS12Export,PKICertImport} %{_bindir}/{PrettyPrintCert,PrettyPrintCrl,TokenInfo} %{_javadir}/pki/pki-tools.jar -%{_datadir}/pki/java-tools/ +%{_datadir}/pki/tools/ +%{_datadir}/pki/lib/p11-kit-trust.so %files -n pki-server %doc base/common/THIRD_PARTY_LICENSES %doc base/server/{LICENSE,README} %attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki %attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat -%{_sbindir}/{pkispawn,pkidestroy,pki-server,pki-server-upgrade} +%{_sbindir}/{pkispawn,pkidestroy,pki-server,pki-server-upgrade,pki-healthcheck} %{python3_sitelib}/pki/server/ +%{python3_sitelib}/pkihealthcheck-*.egg-info/ +%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf %{_datadir}/pki/etc/tomcat.conf %dir %{_datadir}/pki/deployment %{_datadir}/pki/deployment/config/ @@ -425,7 +428,7 @@ fi %{_libdir}/tps/{libtps.so,libtokendb.so} %files -n pki-help -%{_javadocdir}/pki-%{version}/ +%{_javadocdir}/pki/ %{_mandir}/man1/* %{_mandir}/man5/* %{_mandir}/man8/* @@ -438,6 +441,9 @@ fi %endif %changelog +* Thu Jun 16 2022 liyanan - 11.0.0-1 +- Update to 11.0.0 + * Mon Oct 11 2021 wangyue - 10.7.3-4 - remove sslget and revoker -V option diff --git a/pki-v11.0.0.tar.gz b/pki-v11.0.0.tar.gz new file mode 100644 index 0000000..b746018 Binary files /dev/null and b/pki-v11.0.0.tar.gz differ diff --git a/remove-revoker-V-option.patch b/remove-revoker-V-option.patch deleted file mode 100644 index fdf4902..0000000 --- a/remove-revoker-V-option.patch +++ /dev/null @@ -1,78 +0,0 @@ -From d39e6a872df75ca34d6960f0f1294f84e1290ea4 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 11 Oct 2021 15:42:09 +0800 -Subject: [PATCH] 2 - ---- - base/native-tools/src/revoker/revoker.c | 39 ++++++++++--------------- - 1 file changed, 15 insertions(+), 24 deletions(-) - -diff --git a/base/native-tools/src/revoker/revoker.c b/base/native-tools/src/revoker/revoker.c -index b7ff4ea..89ad2ad 100644 ---- a/base/native-tools/src/revoker/revoker.c -+++ b/base/native-tools/src/revoker/revoker.c -@@ -94,8 +94,6 @@ int getopt(int ac, char * const av[], const char * opts); - #endif /* XP_PC */ - /*end secopt.h*/ - --#define VERSIONSTRING "$Revision$ ($Date$)" -- - #ifndef PORT_Sprintf - #define PORT_Sprintf sprintf - #endif -@@ -137,21 +135,20 @@ static void - Usage(const char *progName) - { - fprintf(stderr, -- "Usage: %s -s serialNum -n rsa_nickname [-p password | -w pwfile ] [-d dbdir] \n" -- " [-v] [-V] [-u] [-r reasoncode] [-i numberOfHours] hostname[:port]\n" -- " serialNum: List of serial numbers to revoke, in hex, e.g. '0x31' or '0x44,0x643,0x22'\n" -- " reasoncode: integer from 0 to 6, as follows\n" -- " 0 = Unspecified (default)\n" -- " 1 = Key compromised\n" -- " 2 = CA key compromised\n" -- " 3 = Affiliation changed\n" -- " 4 = Certificate superseded\n" -- " 5 = Cessation of operation\n" -- " 6 = Certificate is on hold\n" -- " -u : unrevoke (take off hold)\n" -- " -v : verbose\n" -- " -V : report version information\n", -- progName); -+ "Usage: %s -s serialNum -n rsa_nickname [-p password | -w pwfile ] [-d dbdir] \n" -+ " [-v] [-u] [-r reasoncode] [-i numberOfHours] hostname[:port]\n" -+ " serialNum: List of serial numbers to revoke, in hex, e.g. '0x31' or '0x44,0x643,0x22'\n" -+ " reasoncode: integer from 0 to 6, as follows\n" -+ " 0 = Unspecified (default)\n" -+ " 1 = Key compromised\n" -+ " 2 = CA key compromised\n" -+ " 3 = Affiliation changed\n" -+ " 4 = Certificate superseded\n" -+ " 5 = Cessation of operation\n" -+ " 6 = Certificate is on hold\n" -+ " -u : unrevoke (take off hold)\n" -+ " -v : verbose\n", -+ progName); - exit(1); - } - -@@ -745,15 +742,9 @@ main(int argc, char **argv) - progName = progName ? progName + 1 : tmp; - - -- while ((optchar = getopt(argc, argv, "Vd:n:p:s:r:i:w:uv")) != -1) { -+ while ((optchar = getopt(argc, argv, "d:n:p:s:r:i:w:uv")) != -1) { - switch(optchar) { - --/* Version */ -- case 'V': -- printf("%s\n",VERSIONSTRING); -- PR_Cleanup(); -- return 0; -- - /* Directory which holds NSS database */ - case 'd': - dir = optarg; --- -2.23.0 - diff --git a/remove-sslget-V-option.patch b/remove-sslget-V-option.patch deleted file mode 100644 index 6416db1..0000000 --- a/remove-sslget-V-option.patch +++ /dev/null @@ -1,62 +0,0 @@ -From bf0fc39a800136fc25c4dca488c6058178bd74ab Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Tue, 18 Feb 2020 15:59:12 -0500 -Subject: [PATCH] Remove sslget -V option - -Since we haven't used SVN in a while, $Revision$ and $Date$ -no longer update. Remove the -V option instead of passing in -a valid version number. - -Signed-off-by: Alexander Scheel ---- - base/native-tools/src/sslget/sslget.c | 21 ++++++--------------- - 1 file changed, 6 insertions(+), 15 deletions(-) - -diff --git a/base/native-tools/src/sslget/sslget.c b/base/native-tools/src/sslget/sslget.c -index 4f3ebc4500..f115b21347 100644 ---- a/base/native-tools/src/sslget/sslget.c -+++ b/base/native-tools/src/sslget/sslget.c -@@ -96,8 +96,6 @@ int getopt(int ac, char * const av[], const char * opts); - #endif /* XP_PC */ - /*end secopt.h*/ - --#define VERSIONSTRING "$Revision$ ($Date$)" -- - #ifndef PORT_Sprintf - #define PORT_Sprintf sprintf - #endif -@@ -140,12 +138,11 @@ static void - Usage(const char *progName) - { - fprintf(stderr, -- "Usage: %s [-n nickname] [-p password | -w pwfile ] [-d dbdir] \n" -- " [-e post] [-v] [-V] -r url hostname[:port]\n" -- " -n : nickname or hsm:nickname\n" -- " -v : verbose\n" -- " -V : report version information\n", -- progName); -+ "Usage: %s [-n nickname] [-p password | -w pwfile ] [-d dbdir] \n" -+ " [-e post] [-v] -r url hostname[:port]\n" -+ " -n : nickname or hsm:nickname\n" -+ " -v : verbose\n", -+ progName); - exit(1); - } - -@@ -823,15 +820,9 @@ main(int argc, char **argv) - progName = progName ? progName + 1 : tmp; - - -- while ((optchar = getopt(argc, argv, "Vd:e:n:p:r:w:v")) != -1) { -+ while ((optchar = getopt(argc, argv, "d:e:n:p:r:w:v")) != -1) { - switch(optchar) { - --/* Version */ -- case 'V': -- printf("%s\n",VERSIONSTRING); -- PR_Cleanup(); -- return 0; -- - /* Directory which holds NSS database */ - case 'd': - dir = optarg;