The package rpms/pki-core.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/pki-core.git/commit/?id=533124542....
Change:
-ExcludeArch: s390 s390x
Thanks.
Full change:
============
commit 533124542213eba8edce02c7ea53ff0602b84a20
Author: Dinesh Prasanth M K <dmoluguw(a)redhat.com>
Date: Fri Nov 30 13:32:39 2018 -0500
Rebased to 10.6.8
diff --git a/.gitignore b/.gitignore
index 338e412..5895c3c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -65,3 +65,4 @@
/pki-10.6.5.tar.gz
/pki-10.6.6.tar.gz
/pki-10.6.7.tar.gz
+/pki-10.6.8.tar.gz
diff --git a/0001-Fixed-default-token-normalization-in-initialization..patch
b/0001-Fixed-default-token-normalization-in-initialization..patch
deleted file mode 100644
index b79af16..0000000
--- a/0001-Fixed-default-token-normalization-in-initialization..patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 54edd1a7dd4e7e49bff4ef4fde15fc4d97802b00 Mon Sep 17 00:00:00 2001
-From: "Endi S. Dewata" <edewata(a)redhat.com>
-Date: Fri, 26 Oct 2018 04:29:20 -0400
-Subject: [PATCH] Fixed default token normalization in initialization.py (#83)
-
-Previously the initialization.py did not normalize the default
-token name in pki_self_signed_token which was blank. This caused
-an error when installing an additional subsystem into the same
-instance since the code could not find the existing internal
-token password from the first subsystem installation.
-
-The code has been modified to normalize the default token name
-into 'internal' such that it can find the existing internal token
-password.
-
-https://pagure.io/dogtagpki/issue/3073
----
- .../python/pki/server/deployment/scriptlets/initialization.py | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/base/server/python/pki/server/deployment/scriptlets/initialization.py
b/base/server/python/pki/server/deployment/scriptlets/initialization.py
-index 112c2e8e9..a75592736 100644
---- a/base/server/python/pki/server/deployment/scriptlets/initialization.py
-+++ b/base/server/python/pki/server/deployment/scriptlets/initialization.py
-@@ -46,21 +46,26 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
- instance.load()
-
- internal_token = deployer.mdict['pki_self_signed_token']
-+ if not pki.nssdb.normalize_token(internal_token):
-+ internal_token = pki.nssdb.INTERNAL_TOKEN_NAME
-
- # if instance already exists and has password, reuse the password
- if internal_token in instance.passwords:
-+ logger.info('Reusing server NSS database password')
- deployer.mdict['pki_server_database_password'] =
instance.passwords.get(internal_token)
-
- # otherwise, use user-provided password if specified
- elif deployer.mdict['pki_server_database_password']:
-- pass
-+ logger.info('Using specified server NSS database password')
-
- # otherwise, use user-provided pin if specified
- elif deployer.mdict['pki_pin']:
-+ logger.info('Using specified PIN as server NSS database password')
- deployer.mdict['pki_server_database_password'] =
deployer.mdict['pki_pin']
-
- # otherwise, generate a random password
- else:
-+ logger.info('Generating random server NSS database password')
- deployer.mdict['pki_server_database_password'] =
pki.generate_password()
-
- # generate random password for client database if not specified
---
-2.14.4
-
diff --git a/pki-core.spec b/pki-core.spec
index 6bf3573..009729f 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -7,16 +7,8 @@ URL:
http://www.dogtagpki.org/
# The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2
License: GPLv2 and LGPLv2
-%if 0%{?rhel} && 0%{?rhel} <= 7
-# no arch exclusion
-%else
-# Exclude 's390' and 's390x' architectures since
-# 'esc' does not exist on these two platforms
-ExcludeArch: s390 s390x
-%endif
-
-Version: 10.6.7
-Release: 3%{?_timestamp}%{?_commit_id}%{?dist}
+Version: 10.6.8
+Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
# global _phase -a1
# To create a tarball from a version tag:
@@ -34,11 +26,6 @@ Source:
https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{ver
# > pki-VERSION-RELEASE.patch
# Patch: pki-VERSION-RELEASE.patch
-# TODO: The following patches have landed in master and are necessary to fix
-# FreeIPA integration. Please remove next time PKI is released.
-Patch1: tiran-fix-certutil-token.patch
-Patch2: 0001-Fixed-default-token-normalization-in-initialization..patch
-
################################################################################
# NSS
################################################################################
@@ -206,6 +193,7 @@ BuildRequires: apache-commons-codec
BuildRequires: apache-commons-io
BuildRequires: apache-commons-lang
BuildRequires: jakarta-commons-httpclient
+BuildRequires: glassfish-jaxb-api
BuildRequires: slf4j
%if 0%{?rhel} && 0%{?rhel} <= 7
# no slf4j-jdk14
@@ -260,11 +248,11 @@ BuildRequires: resteasy-atom-provider >= 3.0.17-1
BuildRequires: resteasy-client >= 3.0.17-1
BuildRequires: resteasy-jaxb-provider >= 3.0.17-1
BuildRequires: resteasy-core >= 3.0.17-1
-BuildRequires: resteasy-jackson-provider >= 3.0.17-1
+BuildRequires: resteasy-jackson2-provider >= 3.0.17-1
%endif
%if 0%{?with_python2}
-%if 0%{?rhel} && 0%{?rhel} <= 7
+%if 0%{?rhel}
# no pylint
%else
BuildRequires: pylint
@@ -279,7 +267,7 @@ BuildRequires: python2-pyflakes >= 1.2.3
%endif # with_python2
%if 0%{?with_python3}
-%if 0%{?rhel} && 0%{?rhel} <= 7
+%if 0%{?rhel}
# no pylint
%else
BuildRequires: python3-pylint
@@ -554,6 +542,7 @@ Requires: apache-commons-io
Requires: apache-commons-lang
Requires: apache-commons-logging
Requires: jakarta-commons-httpclient
+Requires: glassfish-jaxb-api
Requires: slf4j
%if 0%{?rhel} && 0%{?rhel} <= 7
# no slf4j-jdk14
@@ -585,7 +574,7 @@ Requires: resteasy-atom-provider >= 3.0.17-1
Requires: resteasy-client >= 3.0.17-1
Requires: resteasy-jaxb-provider >= 3.0.17-1
Requires: resteasy-core >= 3.0.17-1
-Requires: resteasy-jackson-provider >= 3.0.17-1
+Requires: resteasy-jackson2-provider >= 3.0.17-1
%endif
Requires: xalan-j2
@@ -698,6 +687,9 @@ Requires: tomcatjss >= 7.2.1-4
Requires: tomcatjss >= 7.3.6
%endif
+#
https://pagure.io/freeipa/issue/7742
+Conflicts: freeipa-server < 4.7.1
+
%description -n pki-server
The PKI Server Package contains libraries and utilities needed by the
following PKI subsystems:
@@ -902,12 +894,6 @@ Requires: pki-console-theme >= %{version}
%description -n pki-console
The PKI Console is a Java application used to administer PKI server.
-For deployment purposes, a PKI Console requires ONE AND ONLY ONE of the
-following "Mutually-Exclusive" PKI Theme packages:
-
- * dogtag-pki-console-theme (Dogtag Certificate System deployments)
- * redhat-pki-console-theme (Red Hat Certificate System deployments)
-
%endif # with console
%if %{with theme}
@@ -977,6 +963,7 @@ cd build
%if 0%{?with_python3_default}
-DWITH_PYTHON3_DEFAULT:BOOL=ON \
%endif
+ -DPYTHON_EXECUTABLE=%{__python3} \
-DWITH_TEST:BOOL=%{?with_test:ON}%{!?with_test:OFF} \
%if ! %{with server} && ! %{with ca} && ! %{with kra} && ! %{with
ocsp} && ! %{with tks} && ! %{with tps}
-DWITH_SERVER:BOOL=OFF \
@@ -1102,7 +1089,7 @@ fi
rm -f %{buildroot}%{_datadir}/pki/server/lib/slf4j-jdk14.jar
%endif
-%if 0%{?rhel} && 0%{?rhel} <= 7
+%if 0%{?rhel}
# no pylint
%else
@@ -1581,6 +1568,7 @@ fi
%doc themes/%{brand}/common-ui/LICENSE
%dir %{_datadir}/pki
+%{_datadir}/pki/CS_SERVER_VERSION
%{_datadir}/pki/common-ui/
%{_datadir}/pki/server/webapps/pki/ca
%{_datadir}/pki/server/webapps/pki/css
@@ -1603,6 +1591,9 @@ fi
################################################################################
%changelog
+* Fri Nov 30 2018 Dogtag PKI Team <pki-devel(a)redhat.com> - 10.6.8-1
+- Rebased to PKI 10.6.8
+
* Fri Oct 26 2018 Dogtag PKI Team <pki-devel(a)redhat.com> - 10.6.7-3
- Fixed default token normalization in initialization.py
diff --git a/sources b/sources
index f61a50c..e8b3d53 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (pki-10.6.7.tar.gz) =
06174ade48cf458469e7bda106aabb0d0c580b7e6e14a6fbf1c068a92fb2b9c53653d2d67c5401292ad398a5413bf3febe2d09b5d3a463a1f17416fc7a906510
+SHA512 (pki-10.6.8.tar.gz) =
112f5290857477736a810f14058fbc27d9add3299da359a8818b1068f388e1a1ca6662a13ac745778cc66777d073caa23a2a46215155f77f30d3771a654b215d
diff --git a/tiran-fix-certutil-token.patch b/tiran-fix-certutil-token.patch
deleted file mode 100644
index 31cddae..0000000
--- a/tiran-fix-certutil-token.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 0fba3c2710ee14f2d4ddb2bd401ed6d592f3f2b8 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <cheimes(a)redhat.com>
-Date: Thu, 25 Oct 2018 15:10:06 +0200
-Subject: [PATCH] No missing token in verify_certificate_exists
-
-Remove the missing token check from verify_certificate_exists. It was
-the one place that was not adopted to use blank token as default.
-
-Change-Id: Ic192e0699ff32af474976039af08e1503925dfd1
-See: 17677ae4d2cda456b64ec67e2b25ba63f4a58a70
-Fixes:
https://pagure.io/dogtagpki/issue/3073
-Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
----
- base/server/python/pki/server/deployment/pkihelper.py | 5 -----
- base/server/python/pki/server/deployment/pkimessages.py | 1 -
- 2 files changed, 6 deletions(-)
-
-diff --git a/base/server/python/pki/server/deployment/pkihelper.py
b/base/server/python/pki/server/deployment/pkihelper.py
-index 0346559da..3c7dbab7a 100644
---- a/base/server/python/pki/server/deployment/pkihelper.py
-+++ b/base/server/python/pki/server/deployment/pkihelper.py
-@@ -2436,11 +2436,6 @@ def verify_certificate_exists(self, path, token, nickname,
- # Specify the 'token'
- if token:
- command.extend(["-h", token])
-- else:
-- config.pki_log.error(
-- log.PKIHELPER_CERTUTIL_MISSING_TOKEN,
-- extra=config.PKI_INDENTATION_LEVEL_2)
-- raise Exception(log.PKIHELPER_CERTUTIL_MISSING_TOKEN)
- # Specify the nickname of this self-signed certificate
- if nickname:
- command.extend(["-n", nickname])
-diff --git a/base/server/python/pki/server/deployment/pkimessages.py
b/base/server/python/pki/server/deployment/pkimessages.py
-index a2723b04d..d6597e28d 100644
---- a/base/server/python/pki/server/deployment/pkimessages.py
-+++ b/base/server/python/pki/server/deployment/pkimessages.py
-@@ -188,7 +188,6 @@
- PKIHELPER_CERTUTIL_MISSING_SERIAL_NUMBER = \
- "certutil: Missing '-m serial-number' option!"
- PKIHELPER_CERTUTIL_MISSING_SUBJECT = "certutil: Missing '-s subject'
option!"
--PKIHELPER_CERTUTIL_MISSING_TOKEN = "certutil: Missing '-h token'
option!"
- PKIHELPER_CERTUTIL_MISSING_TRUSTARGS = \
- "certutil: Missing '-t trustargs' option!"
- PKIHELPER_CERTUTIL_MISSING_VALIDITY_PERIOD = \