diff --git a/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch b/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch new file mode 100644 index 0000000000000000000000000000000000000000..ef430f03f907b3c51486fc844a931b5ce3d2a81b --- /dev/null +++ b/0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch @@ -0,0 +1,42 @@ +From d57b32e2b4e0f7aa43f8f38e7ce539da6e0e93d7 Mon Sep 17 00:00:00 2001 +From: Dinesh Prasanth M K +Date: Wed, 14 Aug 2019 17:36:38 -0400 +Subject: [PATCH] Fix URL redirection for KRA and OCSP web UI (#241) + +Fixes changes introduced via commit: 2210c2a + +Signed-off-by: Dinesh Prasanth M K +--- + base/kra/shared/webapps/kra/services.template | 2 +- + base/ocsp/shared/webapps/ocsp/services.template | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/base/kra/shared/webapps/kra/services.template b/base/kra/shared/webapps/kra/services.template +index 941fb5277..930b41345 100644 +--- a/base/kra/shared/webapps/kra/services.template ++++ b/base/kra/shared/webapps/kra/services.template +@@ -106,7 +106,7 @@ Certificate System DRM Services Page + + + +-
  • SSL End Users Services ++
  • Agent Services + + + +diff --git a/base/ocsp/shared/webapps/ocsp/services.template b/base/ocsp/shared/webapps/ocsp/services.template +index c1c2839bb..5cc662845 100644 +--- a/base/ocsp/shared/webapps/ocsp/services.template ++++ b/base/ocsp/shared/webapps/ocsp/services.template +@@ -106,7 +106,7 @@ Certificate System OCSP Services Page + + + +-
  • SSL End Users Services ++
  • Agent Services + + + +-- +2.21.0 + diff --git a/pki-10.7.3.tar.gz b/pki-10.7.3.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7981c4e2d49f2640a5bad425c555c8666aa3c821 Binary files /dev/null and b/pki-10.7.3.tar.gz differ diff --git a/pki-core.spec b/pki-core.spec new file mode 100644 index 0000000000000000000000000000000000000000..9ccea97ea36517d3ff72e6145acc7ba47909243c --- /dev/null +++ b/pki-core.spec @@ -0,0 +1,433 @@ +%define package_option() %bcond_with %1 +%define debug_package %{nil} +%define _unpackaged_files_terminate_build 0 + +Name: pki-core +Version: 10.7.3 +Release: 1 +Summary: The PKI Core Package +License: GPLv2 and LGPLv2 +URL: http://www.dogtagpki.org/ +Source0: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{version}.tar.gz +Source1: https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz +Patch1: 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch +BuildRequires: git make cmake >= 2.8.9-1 gcc-c++ zip java-1.8.0-openjdk-devel +BuildRequires: ldapjdk >= 4.21.0 apache-commons-cli apache-commons-codec apache-commons-io +BuildRequires: apache-commons-lang jakarta-commons-httpclient glassfish-jaxb-api slf4j +BuildRequires: slf4j-jdk14 nspr-devel nss-devel >= 3.36.1 python3-lxml python3-sphinx +BuildRequires: velocity xalan-j2 xerces-j2 resteasy-jackson2-provider >= 3.0.17-1 +BuildRequires: jboss-annotations-1.2-api jboss-jaxrs-2.0-api jboss-logging +BuildRequires: resteasy-atom-provider >= 3.0.17-1 resteasy-client >= 3.0.17-1 +BuildRequires: resteasy-jaxb-provider >= 3.0.17-1 resteasy-core >= 3.0.17-1 +BuildRequires: python3 python3-devel python3-cryptography python3-ldap python3-libselinux +BuildRequires: python3-nss python3-requests >= 2.6.0 python3-six python3-libselinux +BuildRequires: python3-policycoreutils python3-ldap policycoreutils-python-utils +BuildRequires: python3 python3-devel python3-cryptography python3-lxml python3-six +BuildRequires: python3-nss python3-requests >= 2.6.0 systemd-units tomcat >= 1:9.0.7 +BuildRequires: junit jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 tomcatjss >= 7.4.1 +BuildRequires: apr-devel apr-util-devel cyrus-sasl-devel httpd-devel >= 2.4.2 pcre-devel +BuildRequires: systemd zlib zlib-devel nss-tools openssl golang +%description +Dogtag PKI is a designed enterprise software system +manage enterprise Public Key Infrastructure deployments. + +%package -n pki-symkey +Summary: The PKI Symmetric Key Package +Requires: java-1.8.0-openjdk-headless jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 +Requires: nss >= 3.38.0 +Conflicts: pki-symkey < %{version} pki-javadoc < %{version} +Conflicts: pki-server-theme < %{version} pki-console-theme < %{version} +%description -n pki-symkey +The PKI Symmetric Key Java software Package provides various native +symmetric key operations of Java programs. + +%package -n pki-base +Summary: The PKI Base Package +BuildArch: noarch +Requires: nss >= 3.36.1 python3-pki = %{version} +Requires(post): python3-pki = %{version} +Conflicts: pki-symkey < %{version} pki-javadoc < %{version} +Conflicts: pki-server-theme < %{version} pki-console-theme < %{version} +%description -n pki-base +The PKI Base software Package contains public and client libraries +and utilities written in Python. + +%package -n python3-pki +Summary: The PKI Python 3 Package +BuildArch: noarch +Obsoletes: pki-base-python3 < %{version} +Provides: pki-base-python3 = %{version} +%{?python_provide:%python_provide python3-pki} +Requires: pki-base = %{version} python3-cryptography python3-lxml +Requires: python3-requests >= 2.6.0 python3-six python3-nss +%description -n python3-pki +This package is included in the Python 3 PKI client library . + +%package -n pki-base-java +Summary: The PKI Base Java Package +BuildArch: noarch +Requires: java-1.8.0-openjdk-headless apache-commons-cli apache-commons-codec +Requires: apache-commons-io apache-commons-lang apache-commons-logging +Requires: jakarta-commons-httpclient glassfish-jaxb-api slf4j slf4j-jdk14 +Requires: jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 pki-base = %{version} +Requires: resteasy-atom-provider >= 3.0.17-1 resteasy-client >= 3.0.17-1 +Requires: resteasy-jaxb-provider >= 3.0.17-1 resteasy-core >= 3.0.17-1 +Requires: resteasy-jackson2-provider >= 3.0.17-1 ldapjdk >= 4.21.0 +Requires: xalan-j2 xerces-j2 xml-commons-apis xml-commons-resolver +%description -n pki-base-java +The PKI Base Java software Package contains public and client +libraries and utilities written in Java. + +%package -n pki-tools +Summary: The PKI Tools Package +Requires: openldap-clients nss-tools >= 3.36.1 pki-base-java = %{version} +Requires: nss-tools openssl +%description -n pki-tools +This package contains PKI executable files that can be used to help make +convert the certificate System into a more complete and powerful PKI solution. + +%package -n pki-server +Summary: The PKI Server Package +BuildArch: noarch +Requires: hostname net-tools policycoreutils procps-ng openldap-clients openssl +Requires: pki-symkey = %{version} pki-tools = %{version} keyutils +Requires: policycoreutils-python-utils python3-ldap +Requires: python3-lxml python3-libselinux python3-policycoreutils +Requires: selinux-policy-targeted >= 3.13.1-159 tomcat >= 1:9.0.7 velocity +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Requires(pre): shadow-utils +Requires: tomcatjss >= 7.4.1 +Conflicts: freeipa-server < 4.7.1 +%description -n pki-server +The PKI Server software Package contains the libraries and utilities required +by the PKI Server. + +%package -n pki-ca +Summary: The PKI CA Package +BuildArch: noarch +Requires: pki-server = %{version} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%description -n pki-ca +Certificate authority (CA) is a required PKI subsystem, responsible for issuing, +Renew, revoke and publish certificates and compile and +Publish a certificate revocation list (CRLs). +Certificate authority can be configured as a self-signed certificate +Authorization, it is the root CA, can also act as a subordinate CA, +It obtains its own signed certificate from a public CA. + +%package -n pki-kra +Summary: The PKI KRA Package +BuildArch: noarch +Requires: pki-server = %{version} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%description -n pki-kra +The Key Recovery Authority (KRA) is an optional PKI subsystem that can act as +As an important archive facility. When Certificate Authority (CA), KRA stores +the private encryption key as Certificate registration process. The key file +mechanism is triggered When a user registers a PKI and creates a certificate +request. use Certificate Request Message Format (CRMF) request format, the +request is Generated for the user's private encryption key. + +%package -n pki-ocsp +Summary: The PKI OCSP Package +BuildArch: noarch +Requires: pki-server = %{version} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%description -n pki-ocsp +Online Certificate Status Protocol (OCSP) manager is optional PKI +Can serve as a subsystem of independent OCSP services. OCSP manager +Activate to perform the tasks of an online certification authority +OCSP-compliant clients can verify certificates in real time. note +Online certificate verification agencies are often referred to as +OCSP responder. + +%package -n pki-tks +Summary: The PKI TKS Package +BuildArch: noarch +Requires: pki-server = %{version} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +%description -n pki-tks +Token Key Service (TKS) is an optional PKI subsystem for management +Generate and distribute master and transmission keys +The key of the hardware token. TKS provides token-to-token security +An example of a token processing system (TPS), where security depends on +The relationship between the master key and the token key. TPS Communication +Use client authentication to perform TKS processing over SSL. + +%package -n pki-tps +Summary: The PKI TPS Package +Requires: pki-server = %{version} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Requires: nss-tools >= 3.36.1 openldap-clients +%description -n pki-tps +Token Processing System (TPS) is an optional PKI subsystem, its role is +Identity verification and processing as a registration authority (RA) +Registration request, PIN reset request and format request +Enterprise Security Client (ESC). + +%package -n pki-help +Summary: Documentation for KPI +BuildArch: noarch +Provides: pki-javadoc = %{version}-%{release} +Obsoletes: pki-javadoc < %{version}-%{release} +Conflicts: pki-base < %{version} pki-symkey < %{version} +Conflicts: pki-server-theme < %{version} pki-console-theme < %{version} +%description -n pki-help +Documentation for KPI. + +%package -n pki-console +Summary: The PKI Console Package +BuildArch: noarch +BuildRequires: idm-console-framework >= 1.2.0 +Requires: idm-console-framework >= 1.2.0 pki-base-java = %{version} +Requires: pki-console-theme = %{version} +%description -n pki-console +The PKI console is a Java application used to manage the PKI server. + +%prep +%autosetup -n pki-%{version} -p1 -S git +tar -xf %{SOURCE1} + +%build +tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'` +if [ $tomcat_version == "9.0" ]; then + app_server=tomcat-8.5 +else + app_server=tomcat-$tomcat_version +fi +# generate go-md2man +mkdir -p /home/abuild/rpmbuild/bin/ +cd go-md2man-* +go build -mod=vendor -o /home/abuild/rpmbuild/bin/ +cd - +mkdir -p build +cd build + +%cmake \ + --no-warn-unused-cli -DVERSION=%{version}-%{release} \ + -DVAR_INSTALL_DIR:PATH=/var -DJAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk \ + -DJAVA_LIB_INSTALL_DIR=%{_jnidir} -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ + -DAPP_SERVER=$app_server \ + -DJAXRS_API_JAR=/usr/share/java/jboss-jaxrs-2.0-api.jar \ + -DRESTEASY_LIB=/usr/share/java/resteasy \ + -DNSS_DEFAULT_DB_TYPE=sql -DBUILD_PKI_CORE:BOOL=ON \ + -DWITH_PYTHON2:BOOL=OFF -DWITH_PYTHON3:BOOL=ON \ + -DWITH_PYTHON3_DEFAULT:BOOL=ON -DPYTHON_EXECUTABLE=%{__python3} \ + -DWITH_TEST:BOOL=ON -DWITH_JAVADOC:BOOL=ON \ + -DBUILD_PKI_CONSOLE:BOOL=ON -DTHEME= \ + .. + +%install +export PATH=$PATH:/home/abuild/rpmbuild/bin/ +cd build +%make_build \ + VERBOSE=%{?_verbose} CMAKE_NO_VERBOSE=1 \ + DESTDIR=%{buildroot} INSTALL="install -p" \ + --no-print-directory \ + all install + ln -sf /usr/share/java/jboss-logging/jboss-logging.jar\ + %{buildroot}%{_datadir}/pki/lib/jboss-logging.jar + ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar\ + %{buildroot}%{_datadir}/pki/lib/jboss-annotations-api_1.2_spec.jar + ln -sf %{jaxrs_api_jar} %{buildroot}%{_datadir}/pki/server/common/lib/jboss-jaxrs-2.0-api.jar + ln -sf /usr/share/java/jboss-logging/jboss-logging.jar\ + %{buildroot}%{_datadir}/pki/server/common/lib/jboss-logging.jar + ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar\ + %{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar + +%pretrans -n pki-base -p +function test(a) + if posix.stat(a) then + for f in posix.files(a) do + if f~=".." and f~="." then + return true + end + end + end + return false +end +if (test("/etc/sysconfig/pki/ca") or + test("/etc/sysconfig/pki/kra") or + test("/etc/sysconfig/pki/ocsp") or + test("/etc/sysconfig/pki/tks")) then + msg = "Unable to upgrade to Fedora 20. There are PKI 9 instances\n" .. + "that will no longer work since they require Tomcat 6, and \n" .. + "Tomcat 6 is no longer available in Fedora 20.\n\n" .. + "Please follow these instructions to migrate the instances to \n" .. + "PKI 10:\n\n" .. + "http://www.dogtagpki.org/wiki/Migrating_PKI_9_Instances_to_PKI_10" + error(msg) +end + +%pre -n pki-server +getent group pkiuser >/dev/null || groupadd -f -g 17 -r pkiuser +if ! getent passwd pkiuser >/dev/null ; then + if ! getent passwd 17 >/dev/null ; then + useradd -r -u 17 -g pkiuser -d /usr/share/pki -s /sbin/nologin -c "Certificate System" pkiuser + else + useradd -r -g pkiuser -d /usr/share/pki -s /sbin/nologin -c "Certificate System" pkiuser + fi +fi +exit 0 + +%post -n pki-base +if [ $1 -eq 1 ] +then + echo "Configuration-Version: %{version}" > %{_sysconfdir}/pki/pki.version +else + echo "Upgrading PKI system configuration at `/bin/date`." >> /var/log/pki/pki-upgrade-%{version}.log 2>&1 + /sbin/pki-upgrade --silent >> /var/log/pki/pki-upgrade-%{version}.log 2>&1 + echo >> /var/log/pki/pki-upgrade-%{version}.log 2>&1 +fi + +%postun -n pki-base +if [ $1 -eq 0 ] +then + rm -f %{_sysconfdir}/pki/pki.version +fi + +%post -n pki-server +echo "Upgrading PKI server configuration on `/bin/date`." >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 +/sbin/pki-server upgrade --silent >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 +echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 +if [ "$1" == "2" ] +then + systemctl daemon-reload +fi + +%files -n pki-symkey +%doc base/symkey/LICENSE +%{_jnidir}/symkey.jar +%{_libdir}/symkey/ +%exclude %{buildroot}%{_datadir}/pki/lib/scannotation.jar + +%files -n pki-base +%doc base/common/LICENSE +%doc base/common/LICENSE.LESSER +%doc %{_datadir}/doc/pki-base/html +%dir %{_datadir}/pki +%{_datadir}/pki/VERSION +%dir %{_datadir}/pki/etc +%{_datadir}/pki/etc/{logging.properties,pki.conf} +%dir %{_datadir}/pki/scripts +%{_datadir}/pki/{scripts/config,upgrade/,key/templates} +%dir %{_sysconfdir}/pki +%config(noreplace) %{_sysconfdir}/pki/pki.conf +%dir %{_localstatedir}/log/pki +%{_sbindir}/pki-upgrade + +%files -n pki-base-java +%doc base/common/LICENSE +%doc base/common/LICENSE.LESSER +%{_datadir}/pki/examples/java/ +%{_datadir}/pki/lib/ +%dir %{_javadir}/pki +%{_javadir}/pki/{pki-cmsutil.jar,pki-nsutil.jar,pki-certsrv.jar} + +%files -n python3-pki +%doc base/common/LICENSE +%doc base/common/LICENSE.LESSER +%exclude %{python3_sitelib}/pki/server +%{python3_sitelib}/pki + +%files -n pki-tools +%doc base/native-tools/LICENSE base/native-tools/doc/README +%{_bindir}/{pki,p7tool,revoker,setpin} +%{_bindir}/{sslget,tkstool,AtoB,AuditVerify} +%{_datadir}/pki/native-tools/ +%{_bindir}/{BtoA,CMCEnroll,CMCRequest} +%{_bindir}/{CMCResponse,CMCRevoke} +%{_bindir}/{CMCSharedToken,CRMFPopClient} +%{_bindir}/DRMTool +%{_bindir}/ExtJoiner +%{_bindir}/{GenExtKeyUsage,GenIssuerAltNameExt} +%{_bindir}/{GenSubjectAltNameExt,HttpClient} +%{_bindir}/{KRATool,OCSPClient,PKCS10Client} +%{_bindir}/{PKCS12Export,PKICertImport} +%{_bindir}/{PrettyPrintCert,PrettyPrintCrl,TokenInfo} +%{_javadir}/pki/pki-tools.jar +%{_datadir}/pki/java-tools/ + +%files -n pki-server +%doc base/common/THIRD_PARTY_LICENSES +%doc base/server/{LICENSE,README} +%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki +%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat +%{_sbindir}/{pkispawn,pkidestroy,pki-server,pki-server-upgrade} +%{python3_sitelib}/pki/server/ +%{_datadir}/pki/etc/tomcat.conf +%dir %{_datadir}/pki/deployment +%{_datadir}/pki/deployment/config/ +%{_datadir}/pki/scripts/operations +%{_bindir}/{pkidaemon,pki-server-nuxwdog} +%dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants +%attr(644,-,-) %{_unitdir}/pki-tomcatd@.service +%attr(644,-,-) %{_unitdir}/pki-tomcatd.target +%dir %{_sysconfdir}/systemd/system/pki-tomcatd-nuxwdog.target.wants +%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog@.service +%attr(644,-,-) %{_unitdir}/pki-tomcatd-nuxwdog.target +%{_javadir}/pki/{pki-cms.jar,pki-cmsbundle.jar} +%{_javadir}/pki/{pki-cmscore.jar,pki-tomcat.jar} +%dir %{_sharedstatedir}/pki +%{_datadir}/pki/{setup/,server/} + +%files -n pki-ca +%doc base/ca/LICENSE +%{_javadir}/pki/pki-ca.jar +%dir %{_datadir}/pki/ca +%{_datadir}/pki/ca/{conf/,emails/,setup/,webapps/} +%dir %{_datadir}/pki/ca/profiles +%{_datadir}/pki/ca/profiles/ca/ + +%files -n pki-kra +%doc base/kra/LICENSE +%{_javadir}/pki/pki-kra.jar +%dir %{_datadir}/pki/kra +%{_datadir}/pki/kra/{conf/,setup/,webapps/} + +%files -n pki-ocsp +%doc base/ocsp/LICENSE +%{_javadir}/pki/pki-ocsp.jar +%dir %{_datadir}/pki/ocsp +%{_datadir}/pki/ocsp/{conf/,setup/,webapps/} + +%files -n pki-tks +%doc base/tks/LICENSE +%{_javadir}/pki/pki-tks.jar +%dir %{_datadir}/pki/tks +%{_datadir}/pki/tks/{conf/,setup/,webapps/} + +%files -n pki-tps +%doc base/tps/LICENSE +%{_javadir}/pki/pki-tps.jar +%dir %{_datadir}/pki/tps +%{_datadir}/pki/tps/{applets/,conf/,setup/,webapps/} +%{_bindir}/tpsclient +%{_libdir}/tps/{libtps.so,libtokendb.so} + +%files -n pki-help +%{_javadocdir}/pki-%{version}/ +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man8/* + +%files -n pki-console +%doc base/console/LICENSE +%{_bindir}/pkiconsole +%{_javadir}/pki/pki-console.jar + +%changelog +* Mon Sep 13 2021 wutao - 10.7.3-1 +- Package init diff --git a/pki-core.yaml b/pki-core.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7530db1fe0512b12d4c1f9ee2b513a63d5b11fcf --- /dev/null +++ b/pki-core.yaml @@ -0,0 +1,5 @@ +git_url: https://github.com/dogtagpki/pki.git +version_control: github +src_repo: dogtagpki/pki +tag_prefix: "^v" +separator: "." diff --git a/v1.0.10.tar.gz b/v1.0.10.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..c6b658ca85114774c8b6b3d80ff9c210e863564d Binary files /dev/null and b/v1.0.10.tar.gz differ