diff --git a/.dogtag-pki.metadata b/.dogtag-pki.metadata index b9597e5..32ab5f3 100644 --- a/.dogtag-pki.metadata +++ b/.dogtag-pki.metadata @@ -9,7 +9,7 @@ e8f606a75b61c5cec01f527239d6d9bd211567aa SOURCES/jackson-module-jaxb-annotations b671664492af30a494c1aeed3e0dc537d9c8678c SOURCES/jakarta.xml.bind-api-4.0.1.jar ccdb2cbad8e86e8a5d19d61562ab3637bed40aad SOURCES/jboss-jaxrs-2.0-api-1.0.0.Final.jar 3d0dce7eb38c9bac6df5b21857affe5e4758af59 SOURCES/jboss-logging-3.5.3.Final.jar -71f1ba20212182f8f028d5ef7dbcddc1a5003382 SOURCES/pki-11.5.4.tar.gz +e8159bfa4ae06f51597c6b49ee76a190a55b45b3 SOURCES/pki-11.6.0-alpha2.tar.gz 2d701d5495c788b92e80ea451f8ddcde191e82a1 SOURCES/resteasy-client-3.0.26.Final.jar 543d6c2652af2305864a92b4ceec105165698ca7 SOURCES/resteasy-jackson2-provider-3.0.26.Final.jar 86480a4557835ebd9f69c497a0a8c542d0a7d945 SOURCES/resteasy-jaxrs-3.0.26.Final.jar diff --git a/.gitignore b/.gitignore index e01cb20..a1a48fb 100644 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,7 @@ SOURCES/jakarta.annotation-api-1.3.5.jar SOURCES/jakarta.xml.bind-api-4.0.1.jar SOURCES/jboss-jaxrs-2.0-api-1.0.0.Final.jar SOURCES/jboss-logging-3.5.3.Final.jar -SOURCES/pki-11.5.4.tar.gz +SOURCES/pki-11.6.0-alpha2.tar.gz SOURCES/resteasy-client-3.0.26.Final.jar SOURCES/resteasy-jackson2-provider-3.0.26.Final.jar SOURCES/resteasy-jaxrs-3.0.26.Final.jar diff --git a/SPECS/dogtag-pki.spec b/SPECS/dogtag-pki.spec index 54bf232..26ea542 100644 --- a/SPECS/dogtag-pki.spec +++ b/SPECS/dogtag-pki.spec @@ -8,19 +8,19 @@ Name: dogtag-pki # Upstream version number: %global major_version 11 -%global minor_version 5 -%global update_version 4 +%global minor_version 6 +%global update_version 0 # Downstream release number: # - development/stabilization (unsupported): 0. where n >= 1 # - GA/update (supported): where n >= 1 -%global release_number 3 +%global release_number 0.2 # Development phase: # - development (unsupported): alpha where n >= 1 # - stabilization (unsupported): beta where n >= 1 # - GA/update (supported): -#global phase +%global phase alpha2 %undefine timestamp %undefine commit_id @@ -30,7 +30,7 @@ URL: https://www.dogtagpki.org # The entire source code is GPLv2 except for 'pki-tps' which is LGPLv2 License: GPL-2.0-only AND LGPL-2.0-only Version: %{major_version}.%{minor_version}.%{update_version} -Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.1 +Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist} # To create a tarball from a version tag: # $ git archive \ @@ -153,7 +153,7 @@ ExcludeArch: i686 %define pki_uid 17 %define pki_groupname pkiuser %define pki_gid 17 -%define pki_homedir /usr/share/pki +%define pki_homedir /home/%{pki_username} %global saveFileContext() \ if [ -s /etc/selinux/config ]; then \ @@ -604,6 +604,7 @@ Requires: openldap-clients Requires: nss-tools >= 3.36.1 Requires: %{product_id}-java = %{version}-%{release} Requires: p11-kit-trust +Requires: file # PKICertImport depends on certutil and openssl Requires: nss-tools @@ -935,15 +936,17 @@ This package provides %{product_name} API documentation. Summary: %{product_name} Console Package BuildArch: noarch -BuildRequires: mvn(org.dogtagpki.console-framework:console-framework) >= 2.1.0 - Obsoletes: pki-console < %{version}-%{release} Provides: pki-console = %{version}-%{release} -Requires: mvn(org.dogtagpki.console-framework:console-framework) >= 2.1.0 Requires: %{product_id}-java = %{version}-%{release} Requires: %{product_id}-console-theme = %{version}-%{release} +# IDM Console Framework has been merged into PKI Console. +# This will remove installed IDM Console Framework packages. +Obsoletes: idm-console-framework <= 2.1 +Conflicts: idm-console-framework <= 2.1 + %description -n %{product_id}-console %{product_name} Console is a Java application used to administer %{product_name} Server. @@ -1322,8 +1325,10 @@ CXX_FLAGS="$CXX_FLAGS -g -fPIE -pie" # https://sourceware.org/annobin/annobin.html/Test-gaps.html C_FLAGS="$C_FLAGS -fplugin=annobin" +%ifarch x86_64 # https://sourceware.org/annobin/annobin.html/Test-cf-protection.html C_FLAGS="$C_FLAGS -fcf-protection=full" +%endif # https://sourceware.org/annobin/annobin.html/Test-optimization.html C_FLAGS="$C_FLAGS -O2" @@ -1587,10 +1592,23 @@ xmlstarlet edit --inplace \ %if %{with server} %pre -n %{product_id}-server + +# create PKI group if it doesn't exist getent group %{pki_groupname} >/dev/null || groupadd -f -g %{pki_gid} -r %{pki_groupname} + +# create PKI user if it doesn't exist if ! getent passwd %{pki_username} >/dev/null ; then useradd -r -u %{pki_uid} -g %{pki_groupname} -d %{pki_homedir} -s /sbin/nologin -c "Certificate System" %{pki_username} fi + +# create PKI home directory if it doesn't exist +if [ ! -d %{pki_homedir} ] ; then + cp -ar /etc/skel %{pki_homedir} + chown -R %{pki_username}:%{pki_groupname} %{pki_homedir} + chmod 700 %{pki_homedir} + usermod -d %{pki_homedir} %{pki_username} +fi + exit 0 # with server @@ -1730,13 +1748,10 @@ fi %license base/tools/LICENSE %doc base/tools/doc/README -%{_bindir}/p12tool -%{_bindir}/p7tool %{_bindir}/pistool %{_bindir}/pki %{_bindir}/revoker %{_bindir}/setpin -%{_bindir}/sslget %{_bindir}/tkstool %{_bindir}/tpsclient %{_bindir}/AtoB @@ -1814,7 +1829,6 @@ fi %{_sbindir}/pkispawn %{_sbindir}/pkidestroy %{_sbindir}/pki-server -%{_sbindir}/pki-server-upgrade %{_sbindir}/pki-healthcheck %{python3_sitelib}/pki/server/ %{python3_sitelib}/pkihealthcheck-*.egg-info/ @@ -2047,9 +2061,8 @@ fi ################################################################################ %changelog -* Tue Oct 29 2024 Troy Dawson - 11.5.4-3.1 -- Bump release for October 2024 mass rebuild: - Resolves: RHEL-64018 +* Mon Dec 09 2024 Red Hat PKI Team - 11.6.0-alpha2 +- Rebase to PKI 11.6.0-alpha2 * Thu Aug 22 2024 Red Hat PKI Team - 11.5.4-3 - Fix JAXB library filename