From ftweedal at redhat.com Mon Mar 2 00:48:37 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Mon, 2 Mar 2015 10:48:37 +1000 Subject: [Pki-devel] [PATCH] 556 Fixed systemd errors/warnings after upgrade. In-Reply-To: <54F0A36C.9040600@redhat.com> References: <54F0A36C.9040600@redhat.com> Message-ID: <20150302004837.GE7251@dhcp-40-8.bne.redhat.com> On Sat, Feb 28, 2015 at 12:03:40AM +0700, Endi Sukma Dewata wrote: > The spec file has been modified to reload systemd daemon after > upgrade to avoid errors/warnings when executing systemd commands. > > https://fedorahosted.org/pki/ticket/1255 > > -- > Endi S. Dewata ACK > From f37cca197b016d60bb2997805473410eba73f254 Mon Sep 17 00:00:00 2001 > From: "Endi S. Dewata" > Date: Fri, 27 Feb 2015 09:35:11 -0500 > Subject: [PATCH] Fixed systemd errors/warnings after upgrade. > > The spec file has been modified to reload systemd daemon after > upgrade to avoid errors/warnings when executing systemd commands. > > https://fedorahosted.org/pki/ticket/1255 > --- > specs/pki-core.spec | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/specs/pki-core.spec b/specs/pki-core.spec > index a9d9db6d208642bdd5e88025e15e8f4e4553215c..29ee2c1d083201bb931036e2f13dfa6bf77725fb 100644 > --- a/specs/pki-core.spec > +++ b/specs/pki-core.spec > @@ -704,6 +704,7 @@ echo "Upgrading server at `/bin/date`." >> /var/log/pki/pki-server-upgrade-%{ver > /sbin/pki-server-upgrade --silent >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 > echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 > > +systemctl daemon-reload > > ## %preun -n pki-server > ## NOTE: At this time, NO attempt has been made to update ANY PKI subsystem > -- > 1.8.4.2 > > _______________________________________________ > Pki-devel mailing list > Pki-devel at redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel From edewata at redhat.com Mon Mar 2 04:18:01 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Mon, 02 Mar 2015 11:18:01 +0700 Subject: [Pki-devel] [PATCH] 556 Fixed systemd errors/warnings after upgrade. In-Reply-To: <20150302004837.GE7251@dhcp-40-8.bne.redhat.com> References: <54F0A36C.9040600@redhat.com> <20150302004837.GE7251@dhcp-40-8.bne.redhat.com> Message-ID: <54F3E479.4050501@redhat.com> On 3/2/2015 7:48 AM, Fraser Tweedale wrote: > On Sat, Feb 28, 2015 at 12:03:40AM +0700, Endi Sukma Dewata wrote: >> The spec file has been modified to reload systemd daemon after >> upgrade to avoid errors/warnings when executing systemd commands. >> >> https://fedorahosted.org/pki/ticket/1255 > > ACK Thanks. ACKed by Matt too. Pushed to master. -- Endi S. Dewata From edewata at redhat.com Tue Mar 3 20:58:19 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Wed, 04 Mar 2015 03:58:19 +0700 Subject: [Pki-devel] [PATCH] 557 Fixed CMake issues on F22. Message-ID: <54F6206B.2090804@redhat.com> Some CMake scripts have been updated to work on both F21 and F22. https://fedorahosted.org/pki/ticket/1281 -- Endi S. Dewata -------------- next part -------------- From 3aebd9897b0ea628d8ddf86a95d1c8cef45fa5db Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 24 Feb 2015 21:02:13 -0500 Subject: [PATCH] Fixed CMake issues on F22. Some CMake scripts have been updated to work on both F21 and F22. https://fedorahosted.org/pki/ticket/1281 --- CMakeLists.txt | 2 +- base/javadoc/CMakeLists.txt | 2 +- base/server/test/CMakeLists.txt | 2 +- base/util/test/CMakeLists.txt | 2 +- specs/pki-core.spec | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 18faf8d723331c3ce71bb7d7538ae238ff3d7a22..6702ac07d5ea983225741442726a3e259dbdfc47 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -55,7 +55,7 @@ file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/dist) # required for all PKI components include(JUnit) -add_custom_target(test) +add_custom_target(unit-test) # search for libraries diff --git a/base/javadoc/CMakeLists.txt b/base/javadoc/CMakeLists.txt index 9423a8a91fa9f4b224b71d32a02a66555f08bf80..8e892ee866f8faa3832bf12150f0fa8eef8693f5 100644 --- a/base/javadoc/CMakeLists.txt +++ b/base/javadoc/CMakeLists.txt @@ -35,7 +35,7 @@ javadoc(pki-javadoc ) install( - FILES + DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/javadoc/pki-${APPLICATION_VERSION} DESTINATION ${CMAKE_INSTALL_PREFIX}/share/javadoc diff --git a/base/server/test/CMakeLists.txt b/base/server/test/CMakeLists.txt index ff359b2a8027cee706c0aa5bd37c939fc8f3cad4..5abd264095004960f8928d307109958bef587bf1 100644 --- a/base/server/test/CMakeLists.txt +++ b/base/server/test/CMakeLists.txt @@ -72,4 +72,4 @@ add_junit_test(test-pki-server ) # include test into the main test -add_dependencies(test test-pki-server) +add_dependencies(unit-test test-pki-server) diff --git a/base/util/test/CMakeLists.txt b/base/util/test/CMakeLists.txt index 2cf7b50aa8817183a4d3506a8acab3cf8d891fc2..ec487400f0ac7131493822f1740f1d93e6252237 100644 --- a/base/util/test/CMakeLists.txt +++ b/base/util/test/CMakeLists.txt @@ -40,4 +40,4 @@ add_junit_test(test-pki-util ) # include test into the main test -add_dependencies(test test-pki-util) +add_dependencies(unit-test test-pki-util) diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 29ee2c1d083201bb931036e2f13dfa6bf77725fb..aac5b196778bbf9eff129985a78839dae9196093 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -607,7 +607,7 @@ cd build %endif .. %{__make} VERBOSE=1 %{?_smp_mflags} all -# %{__make} VERBOSE=1 %{?_smp_mflags} test +# %{__make} VERBOSE=1 %{?_smp_mflags} unit-test %install -- 1.9.3 From mharmsen at redhat.com Tue Mar 3 21:12:08 2015 From: mharmsen at redhat.com (Matthew Harmsen) Date: Tue, 03 Mar 2015 14:12:08 -0700 Subject: [Pki-devel] [PATCH] Patch for /tmp/file vulnerabilities Message-ID: <54F623A8.4030008@redhat.com> Please review the attached patch which addresses the following: * Bugzilla Bug #1183176 - (CVE-2015-0234) CVE-2015-0234 pki-core 10.x: multiple /tmp/ file vulnerabilities * Bugzilla Bug #1183178 - CVE-2015-0234 pki-core: pki-core 10.x: multiple /tmp/ file vulnerabilities [fedora-all] The attached patch was tested using the Dogtag 10.2.2 source code on the 'master' branch as of 02/27/2015. It was successfully tested for a shared instance CA, KRA, OCSP, TKS, and TPS including successfully running the 'tpsclient' tool. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 20150227-Fix-for-tmpfile-vulnerabilities.patch Type: text/x-patch Size: 26238 bytes Desc: not available URL: From mharmsen at redhat.com Tue Mar 3 22:26:33 2015 From: mharmsen at redhat.com (Matthew Harmsen) Date: Tue, 03 Mar 2015 15:26:33 -0700 Subject: [Pki-devel] [PATCH] pkispawn URL redirect issue Message-ID: <54F63519.2030104@redhat.com> Please review the attached patch which implements the simple fix documented in the following issue: * PKI TRAC Ticket #1284 - pkispawn URL redirect issue This patch was tested on an x86_64 machine running Fedora 21. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 20150303-PKI-TRAC-Ticket-1284-pkispawn-URL-redirect-issue.patch Type: text/x-patch Size: 2086 bytes Desc: not available URL: From edewata at redhat.com Thu Mar 5 07:12:38 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 05 Mar 2015 14:12:38 +0700 Subject: [Pki-devel] [PATCH] 558 Added support for Tomcat 8. Message-ID: <54F801E6.4080900@redhat.com> The Dogtag code has been modified to support both Tomcat 7 and 8. All files depending on a specific Tomcat version are now stored in separate folders. The build scripts have been modified to use the proper folder for the target platform. The tomcatjss dependency has been updated as well. The upgrade script will be added in a separate patch. https://fedorahosted.org/pki/ticket/1264 -- Endi S. Dewata -------------- next part -------------- From dce40f4d9d5f1d5f9ab7e20ee864d506fe7688ae Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 24 Feb 2015 21:02:13 -0500 Subject: [PATCH] Added support for Tomcat 8. The Dogtag code has been modified to support both Tomcat 7 and 8. All files depending on a specific Tomcat version are now stored in separate folders. The build scripts have been modified to use the proper folder for the target platform. The tomcatjss dependency has been updated as well. The upgrade script will be added in a separate patch. https://fedorahosted.org/pki/ticket/1264 --- .classpath | 2 +- CMakeLists.txt | 4 +- base/ca/CMakeLists.txt | 8 ++ base/ca/tomcat7/CMakeLists.txt | 6 + .../conf/Catalina/localhost/ca.xml | 0 base/ca/tomcat8/CMakeLists.txt | 6 + .../conf/Catalina/localhost/ca.xml | 4 +- base/kra/CMakeLists.txt | 8 ++ base/kra/tomcat7/CMakeLists.txt | 6 + .../conf/Catalina/localhost/kra.xml | 0 base/kra/tomcat8/CMakeLists.txt | 6 + .../conf/Catalina/localhost/kra.xml | 4 +- base/ocsp/CMakeLists.txt | 8 ++ base/ocsp/tomcat7/CMakeLists.txt | 6 + .../conf/Catalina/localhost/ocsp.xml | 0 base/ocsp/tomcat8/CMakeLists.txt | 6 + .../conf/Catalina/localhost/ocsp.xml | 4 +- base/server/CMakeLists.txt | 9 +- .../netscape/cms/servlet/common/CMSTemplate.java | 25 +--- base/server/tomcat/CMakeLists.txt | 3 - base/server/tomcat7/CMakeLists.txt | 10 ++ .../conf/Catalina/localhost/ROOT.xml | 0 .../conf/Catalina/localhost/pki.xml | 0 base/server/{share => tomcat7}/conf/server.xml | 0 base/server/{tomcat => tomcat7}/src/CMakeLists.txt | 6 +- .../src/com/netscape/cms/tomcat/ProxyRealm.java | 0 .../cms/tomcat/SSLAuthenticatorWithFallback.java | 0 base/server/{tomcat => tomcat7}/src/pki-tomcat.mf | 0 base/server/tomcat8/CMakeLists.txt | 10 ++ .../conf/Catalina/localhost/ROOT.xml | 4 +- .../conf/Catalina/localhost/pki.xml | 4 +- base/server/{share => tomcat8}/conf/server.xml | 137 +++++++++------------ base/server/{tomcat => tomcat8}/src/CMakeLists.txt | 6 +- .../src/com/netscape/cms/tomcat/ProxyRealm.java | 18 ++- .../cms/tomcat/SSLAuthenticatorWithFallback.java | 18 ++- base/server/{tomcat => tomcat8}/src/pki-tomcat.mf | 0 base/tks/CMakeLists.txt | 8 ++ base/tks/tomcat7/CMakeLists.txt | 6 + .../conf/Catalina/localhost/tks.xml | 0 base/tks/tomcat8/CMakeLists.txt | 6 + .../conf/Catalina/localhost/tks.xml | 4 +- base/tps/CMakeLists.txt | 8 ++ base/tps/tomcat7/CMakeLists.txt | 6 + .../conf/Catalina/localhost/tps.xml | 0 base/tps/tomcat8/CMakeLists.txt | 6 + .../conf/Catalina/localhost/tps.xml | 4 +- specs/dogtag-pki.spec | 3 +- specs/pki-core.spec | 62 +++++++--- 48 files changed, 288 insertions(+), 153 deletions(-) create mode 100644 base/ca/tomcat7/CMakeLists.txt copy base/ca/{shared => tomcat7}/conf/Catalina/localhost/ca.xml (100%) create mode 100644 base/ca/tomcat8/CMakeLists.txt rename base/ca/{shared => tomcat8}/conf/Catalina/localhost/ca.xml (95%) create mode 100644 base/kra/tomcat7/CMakeLists.txt copy base/kra/{shared => tomcat7}/conf/Catalina/localhost/kra.xml (100%) create mode 100644 base/kra/tomcat8/CMakeLists.txt rename base/kra/{shared => tomcat8}/conf/Catalina/localhost/kra.xml (95%) create mode 100644 base/ocsp/tomcat7/CMakeLists.txt copy base/ocsp/{shared => tomcat7}/conf/Catalina/localhost/ocsp.xml (100%) create mode 100644 base/ocsp/tomcat8/CMakeLists.txt rename base/ocsp/{shared => tomcat8}/conf/Catalina/localhost/ocsp.xml (95%) delete mode 100644 base/server/tomcat/CMakeLists.txt create mode 100644 base/server/tomcat7/CMakeLists.txt copy base/server/{share => tomcat7}/conf/Catalina/localhost/ROOT.xml (100%) copy base/server/{share => tomcat7}/conf/Catalina/localhost/pki.xml (100%) copy base/server/{share => tomcat7}/conf/server.xml (100%) copy base/server/{tomcat => tomcat7}/src/CMakeLists.txt (95%) copy base/server/{tomcat => tomcat7}/src/com/netscape/cms/tomcat/ProxyRealm.java (100%) copy base/server/{tomcat => tomcat7}/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java (100%) copy base/server/{tomcat => tomcat7}/src/pki-tomcat.mf (100%) create mode 100644 base/server/tomcat8/CMakeLists.txt rename base/server/{share => tomcat8}/conf/Catalina/localhost/ROOT.xml (94%) rename base/server/{share => tomcat8}/conf/Catalina/localhost/pki.xml (94%) rename base/server/{share => tomcat8}/conf/server.xml (73%) rename base/server/{tomcat => tomcat8}/src/CMakeLists.txt (95%) rename base/server/{tomcat => tomcat8}/src/com/netscape/cms/tomcat/ProxyRealm.java (91%) rename base/server/{tomcat => tomcat8}/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java (94%) rename base/server/{tomcat => tomcat8}/src/pki-tomcat.mf (100%) create mode 100644 base/tks/tomcat7/CMakeLists.txt copy base/tks/{shared => tomcat7}/conf/Catalina/localhost/tks.xml (100%) create mode 100644 base/tks/tomcat8/CMakeLists.txt rename base/tks/{shared => tomcat8}/conf/Catalina/localhost/tks.xml (95%) create mode 100644 base/tps/tomcat7/CMakeLists.txt copy base/tps/{shared => tomcat7}/conf/Catalina/localhost/tps.xml (100%) create mode 100644 base/tps/tomcat8/CMakeLists.txt rename base/tps/{shared => tomcat8}/conf/Catalina/localhost/tps.xml (96%) diff --git a/.classpath b/.classpath index 9886a5236a6a88398efe123efdc7688391a88279..9befab0fe0430ca7725de7ae4523c85f0b94df58 100644 --- a/.classpath +++ b/.classpath @@ -8,7 +8,7 @@ - + diff --git a/CMakeLists.txt b/CMakeLists.txt index 6702ac07d5ea983225741442726a3e259dbdfc47..12a7493b376d0925744399277314d9e8aa78a059 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,8 +14,10 @@ string(REGEX REPLACE "^([0-9]+).*" "\\1" APPLICATION_VERSION_MAJOR ${VERSION}) string(REGEX REPLACE "^[0-9]+\\.([0-9]+).*" "\\1" APPLICATION_VERSION_MINOR ${VERSION}) string(REGEX REPLACE "^[0-9]+\\.[0-9]+\\.([0-9]+).*" "\\1" APPLICATION_VERSION_PATCH ${VERSION}) -option(WITH_JAVADOC "Build Javadoc" ON) +option(WITH_TOMCAT7 "Build Tomcat 7" ON) +option(WITH_TOMCAT8 "Build Tomcat 8" ON) option(WITH_SERVER "Build Server" ON) +option(WITH_JAVADOC "Build Javadoc" ON) if (BUILD_DOGTAG_PKI_THEME) set(APPLICATION_FLAVOR_DOGTAG_PKI_THEME TRUE) diff --git a/base/ca/CMakeLists.txt b/base/ca/CMakeLists.txt index 025f7a1327208ca022a2c302a23e790550f4dc1b..63e77195a5ba21251b0039407ccc180873f48828 100644 --- a/base/ca/CMakeLists.txt +++ b/base/ca/CMakeLists.txt @@ -4,6 +4,14 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +if(WITH_TOMCAT7) + add_subdirectory(tomcat7) +endif(WITH_TOMCAT7) + +if(WITH_TOMCAT8) + add_subdirectory(tomcat8) +endif(WITH_TOMCAT8) + # install directories install( DIRECTORY diff --git a/base/ca/tomcat7/CMakeLists.txt b/base/ca/tomcat7/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/ca/tomcat7/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/ca/shared/conf/Catalina/localhost/ca.xml b/base/ca/tomcat7/conf/Catalina/localhost/ca.xml similarity index 100% copy from base/ca/shared/conf/Catalina/localhost/ca.xml copy to base/ca/tomcat7/conf/Catalina/localhost/ca.xml diff --git a/base/ca/tomcat8/CMakeLists.txt b/base/ca/tomcat8/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/ca/tomcat8/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/ca/shared/conf/Catalina/localhost/ca.xml b/base/ca/tomcat8/conf/Catalina/localhost/ca.xml similarity index 95% rename from base/ca/shared/conf/Catalina/localhost/ca.xml rename to base/ca/tomcat8/conf/Catalina/localhost/ca.xml index e838503a64e5442e114cf4e18f616fdffe39b647..2c045dec7beedf3ac5502ed26916d10ca42ade4c 100644 --- a/base/ca/shared/conf/Catalina/localhost/ca.xml +++ b/base/ca/tomcat8/conf/Catalina/localhost/ca.xml @@ -22,7 +22,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + @@ -34,4 +34,6 @@ + + diff --git a/base/kra/CMakeLists.txt b/base/kra/CMakeLists.txt index 02bacd132c5af796cf27e05de699296f7e555dd3..0197075ba5f0bef2c7159537f275e78abf225eac 100644 --- a/base/kra/CMakeLists.txt +++ b/base/kra/CMakeLists.txt @@ -4,6 +4,14 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +if(WITH_TOMCAT7) + add_subdirectory(tomcat7) +endif(WITH_TOMCAT7) + +if(WITH_TOMCAT8) + add_subdirectory(tomcat8) +endif(WITH_TOMCAT8) + # install directories install( DIRECTORY diff --git a/base/kra/tomcat7/CMakeLists.txt b/base/kra/tomcat7/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/kra/tomcat7/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/kra/shared/conf/Catalina/localhost/kra.xml b/base/kra/tomcat7/conf/Catalina/localhost/kra.xml similarity index 100% copy from base/kra/shared/conf/Catalina/localhost/kra.xml copy to base/kra/tomcat7/conf/Catalina/localhost/kra.xml diff --git a/base/kra/tomcat8/CMakeLists.txt b/base/kra/tomcat8/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/kra/tomcat8/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/kra/shared/conf/Catalina/localhost/kra.xml b/base/kra/tomcat8/conf/Catalina/localhost/kra.xml similarity index 95% rename from base/kra/shared/conf/Catalina/localhost/kra.xml rename to base/kra/tomcat8/conf/Catalina/localhost/kra.xml index e838503a64e5442e114cf4e18f616fdffe39b647..2c045dec7beedf3ac5502ed26916d10ca42ade4c 100644 --- a/base/kra/shared/conf/Catalina/localhost/kra.xml +++ b/base/kra/tomcat8/conf/Catalina/localhost/kra.xml @@ -22,7 +22,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + @@ -34,4 +34,6 @@ + + diff --git a/base/ocsp/CMakeLists.txt b/base/ocsp/CMakeLists.txt index 4a7259b90fb94cf0121d0d8978c42ab2a996ed42..de781f8c3687ed3f5dd948858d128043a16c7534 100644 --- a/base/ocsp/CMakeLists.txt +++ b/base/ocsp/CMakeLists.txt @@ -4,6 +4,14 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +if(WITH_TOMCAT7) + add_subdirectory(tomcat7) +endif(WITH_TOMCAT7) + +if(WITH_TOMCAT8) + add_subdirectory(tomcat8) +endif(WITH_TOMCAT8) + # install directories install( DIRECTORY diff --git a/base/ocsp/tomcat7/CMakeLists.txt b/base/ocsp/tomcat7/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/ocsp/tomcat7/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/ocsp/shared/conf/Catalina/localhost/ocsp.xml b/base/ocsp/tomcat7/conf/Catalina/localhost/ocsp.xml similarity index 100% copy from base/ocsp/shared/conf/Catalina/localhost/ocsp.xml copy to base/ocsp/tomcat7/conf/Catalina/localhost/ocsp.xml diff --git a/base/ocsp/tomcat8/CMakeLists.txt b/base/ocsp/tomcat8/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/ocsp/tomcat8/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/ocsp/shared/conf/Catalina/localhost/ocsp.xml b/base/ocsp/tomcat8/conf/Catalina/localhost/ocsp.xml similarity index 95% rename from base/ocsp/shared/conf/Catalina/localhost/ocsp.xml rename to base/ocsp/tomcat8/conf/Catalina/localhost/ocsp.xml index e838503a64e5442e114cf4e18f616fdffe39b647..2c045dec7beedf3ac5502ed26916d10ca42ade4c 100644 --- a/base/ocsp/shared/conf/Catalina/localhost/ocsp.xml +++ b/base/ocsp/tomcat8/conf/Catalina/localhost/ocsp.xml @@ -22,7 +22,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + @@ -34,4 +34,6 @@ + + diff --git a/base/server/CMakeLists.txt b/base/server/CMakeLists.txt index 01a194a3dc894dcc831393623f84a725c5c0fafd..b429c4e80f34c18e1b0213563a7db8306530406c 100644 --- a/base/server/CMakeLists.txt +++ b/base/server/CMakeLists.txt @@ -140,7 +140,14 @@ install( install(CODE "file(MAKE_DIRECTORY \$ENV{DESTDIR}${VAR_INSTALL_DIR}/lock/pki)") install(CODE "file(MAKE_DIRECTORY \$ENV{DESTDIR}${VAR_INSTALL_DIR}/run/pki)") -add_subdirectory(tomcat) +if(WITH_TOMCAT7) + add_subdirectory(tomcat7) +endif(WITH_TOMCAT7) + +if(WITH_TOMCAT8) + add_subdirectory(tomcat8) +endif(WITH_TOMCAT8) + add_subdirectory(cms) add_subdirectory(cmsbundle) add_subdirectory(cmscore) diff --git a/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java b/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java index 336032dd39c3c92380cd5b39d531b3c0f17048cb..dc8cef68fb6c975c04ad950427b4312e95ea462c 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java +++ b/base/server/cms/src/com/netscape/cms/servlet/common/CMSTemplate.java @@ -18,6 +18,7 @@ package com.netscape.cms.servlet.common; import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -25,13 +26,10 @@ import java.io.InputStreamReader; import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.PrintWriter; -import java.io.StringWriter; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.util.Enumeration; -import javax.servlet.ServletOutputStream; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IArgBlock; @@ -531,8 +529,7 @@ public class CMSTemplate extends CMSFile { */ public String getOutput(CMSTemplateParams input) throws IOException { - debugOutputStream out = new debugOutputStream(); - + ByteArrayOutputStream out = new ByteArrayOutputStream(); renderOutput(out, input); return out.toString(); } @@ -572,22 +569,4 @@ public class CMSTemplate extends CMSFile { } } - - private static class debugOutputStream extends ServletOutputStream { - private StringWriter mStringWriter = new StringWriter(); - - public debugOutputStream() { - super(); - } - - public void write(int b) throws IOException { - mStringWriter.write(b); - } - - public String toString() { - return mStringWriter.toString(); - } - - } - } diff --git a/base/server/tomcat/CMakeLists.txt b/base/server/tomcat/CMakeLists.txt deleted file mode 100644 index 555a9329dae47e5c38f072dce009078db17c819e..0000000000000000000000000000000000000000 --- a/base/server/tomcat/CMakeLists.txt +++ /dev/null @@ -1,3 +0,0 @@ -project(tomcat) - -add_subdirectory(src) diff --git a/base/server/tomcat7/CMakeLists.txt b/base/server/tomcat7/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..ba02af18dd571660e84030e03227a47bc87f76d4 --- /dev/null +++ b/base/server/tomcat7/CMakeLists.txt @@ -0,0 +1,10 @@ +project(server-tomcat7) + +add_subdirectory(src) + +install( + DIRECTORY + conf/ + DESTINATION + ${DATA_INSTALL_DIR}/server/conf/ +) diff --git a/base/server/share/conf/Catalina/localhost/ROOT.xml b/base/server/tomcat7/conf/Catalina/localhost/ROOT.xml similarity index 100% copy from base/server/share/conf/Catalina/localhost/ROOT.xml copy to base/server/tomcat7/conf/Catalina/localhost/ROOT.xml diff --git a/base/server/share/conf/Catalina/localhost/pki.xml b/base/server/tomcat7/conf/Catalina/localhost/pki.xml similarity index 100% copy from base/server/share/conf/Catalina/localhost/pki.xml copy to base/server/tomcat7/conf/Catalina/localhost/pki.xml diff --git a/base/server/share/conf/server.xml b/base/server/tomcat7/conf/server.xml similarity index 100% copy from base/server/share/conf/server.xml copy to base/server/tomcat7/conf/server.xml diff --git a/base/server/tomcat/src/CMakeLists.txt b/base/server/tomcat7/src/CMakeLists.txt similarity index 95% copy from base/server/tomcat/src/CMakeLists.txt copy to base/server/tomcat7/src/CMakeLists.txt index d9808a8033e2c43a4653652f74e6e9b687be8e62..102dec7824d621637749a4b9138ef0fb69462209 100644 --- a/base/server/tomcat/src/CMakeLists.txt +++ b/base/server/tomcat7/src/CMakeLists.txt @@ -44,9 +44,9 @@ find_file(TOMCAT_CATALINA_JAR /usr/share/java/tomcat ) -find_file(TOMCAT_UTIL_JAR +find_file(TOMCAT_UTIL_SCAN_JAR NAMES - tomcat-util.jar + tomcat-util-scan.jar PATHS /usr/share/java/tomcat ) @@ -123,7 +123,7 @@ javac(pki-tomcat-classes SOURCES com/netscape/cms/tomcat/*.java CLASSPATH - ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} + ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_SCAN_JAR} OUTPUT_DIR ${CMAKE_BINARY_DIR}/classes ) diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java similarity index 100% copy from base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java copy to base/server/tomcat7/src/com/netscape/cms/tomcat/ProxyRealm.java diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/server/tomcat7/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java similarity index 100% copy from base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java copy to base/server/tomcat7/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java diff --git a/base/server/tomcat/src/pki-tomcat.mf b/base/server/tomcat7/src/pki-tomcat.mf similarity index 100% copy from base/server/tomcat/src/pki-tomcat.mf copy to base/server/tomcat7/src/pki-tomcat.mf diff --git a/base/server/tomcat8/CMakeLists.txt b/base/server/tomcat8/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..b5f8d7c223a3b3164d3973656559917454688efb --- /dev/null +++ b/base/server/tomcat8/CMakeLists.txt @@ -0,0 +1,10 @@ +project(server-tomcat8) + +add_subdirectory(src) + +install( + DIRECTORY + conf/ + DESTINATION + ${DATA_INSTALL_DIR}/server/conf/ +) diff --git a/base/server/share/conf/Catalina/localhost/ROOT.xml b/base/server/tomcat8/conf/Catalina/localhost/ROOT.xml similarity index 94% rename from base/server/share/conf/Catalina/localhost/ROOT.xml rename to base/server/tomcat8/conf/Catalina/localhost/ROOT.xml index ce98bfa4ec98502b1f45aef4ce048c26de3f1f70..e70dd20558a1f72bd82625396dd9e8d43a45fbe4 100644 --- a/base/server/share/conf/Catalina/localhost/ROOT.xml +++ b/base/server/tomcat8/conf/Catalina/localhost/ROOT.xml @@ -22,9 +22,11 @@ See the License for the specific language governing permissions and limitations under the License. --> - + + + diff --git a/base/server/share/conf/Catalina/localhost/pki.xml b/base/server/tomcat8/conf/Catalina/localhost/pki.xml similarity index 94% rename from base/server/share/conf/Catalina/localhost/pki.xml rename to base/server/tomcat8/conf/Catalina/localhost/pki.xml index ce98bfa4ec98502b1f45aef4ce048c26de3f1f70..e70dd20558a1f72bd82625396dd9e8d43a45fbe4 100644 --- a/base/server/share/conf/Catalina/localhost/pki.xml +++ b/base/server/tomcat8/conf/Catalina/localhost/pki.xml @@ -22,9 +22,11 @@ See the License for the specific language governing permissions and limitations under the License. --> - + + + diff --git a/base/server/share/conf/server.xml b/base/server/tomcat8/conf/server.xml similarity index 73% rename from base/server/share/conf/server.xml rename to base/server/tomcat8/conf/server.xml index b9e8860b2179e1432ebef7d06ff9f2c70985c1b5..ce8fc57dcec0193b01ac7c0b25c7fb90eee25c0b 100644 --- a/base/server/share/conf/server.xml +++ b/base/server/tomcat8/conf/server.xml @@ -23,7 +23,7 @@ + --> @@ -66,19 +66,20 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) - + + - - - - - - + + + + + --> @@ -113,17 +114,36 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html - Define a non-SSL HTTP/1.1 Connector on port 8080 + Define a non-SSL/TLS HTTP/1.1 Connector on port [PKI_UNSECURE_PORT] --> [PKI_UNSECURE_PORT_SERVER_COMMENT] - - + + + + [PKI_SECURE_PORT_SERVER_COMMENT] - [PKI_OPEN_AJP_PORT_COMMENT] - + [PKI_CLOSE_AJP_PORT_COMMENT] @@ -227,68 +256,23 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> - + - - - - - + - - - - + @@ -297,10 +281,11 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> [PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT] - [PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT] diff --git a/base/server/tomcat/src/CMakeLists.txt b/base/server/tomcat8/src/CMakeLists.txt similarity index 95% rename from base/server/tomcat/src/CMakeLists.txt rename to base/server/tomcat8/src/CMakeLists.txt index d9808a8033e2c43a4653652f74e6e9b687be8e62..102dec7824d621637749a4b9138ef0fb69462209 100644 --- a/base/server/tomcat/src/CMakeLists.txt +++ b/base/server/tomcat8/src/CMakeLists.txt @@ -44,9 +44,9 @@ find_file(TOMCAT_CATALINA_JAR /usr/share/java/tomcat ) -find_file(TOMCAT_UTIL_JAR +find_file(TOMCAT_UTIL_SCAN_JAR NAMES - tomcat-util.jar + tomcat-util-scan.jar PATHS /usr/share/java/tomcat ) @@ -123,7 +123,7 @@ javac(pki-tomcat-classes SOURCES com/netscape/cms/tomcat/*.java CLASSPATH - ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} + ${SERVLET_JAR} ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_SCAN_JAR} OUTPUT_DIR ${CMAKE_BINARY_DIR}/classes ) diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java b/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java similarity index 91% rename from base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java rename to base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java index 094c0561f49f4e79d910b1d9a30c13b10d04a297..044563233e11b0cb11f094fd5f4600a38cd229d7 100644 --- a/base/server/tomcat/src/com/netscape/cms/tomcat/ProxyRealm.java +++ b/base/server/tomcat8/src/com/netscape/cms/tomcat/ProxyRealm.java @@ -9,11 +9,12 @@ import java.util.Map; import org.apache.catalina.Container; import org.apache.catalina.Context; +import org.apache.catalina.CredentialHandler; import org.apache.catalina.Realm; import org.apache.catalina.Wrapper; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; -import org.apache.catalina.deploy.SecurityConstraint; +import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.ietf.jgss.GSSContext; /** @@ -99,11 +100,6 @@ public class ProxyRealm implements Realm { } @Override - public String getInfo() { - return realm.getInfo(); - } - - @Override public void backgroundProcess() { realm.backgroundProcess(); } @@ -136,4 +132,14 @@ public class ProxyRealm implements Realm { public void removePropertyChangeListener(PropertyChangeListener listener) { realm.removePropertyChangeListener(listener); } + + @Override + public CredentialHandler getCredentialHandler() { + return realm.getCredentialHandler(); + } + + @Override + public void setCredentialHandler(CredentialHandler handler) { + realm.setCredentialHandler(handler); + } } diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java b/base/server/tomcat8/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java similarity index 94% rename from base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java rename to base/server/tomcat8/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java index 20bf85d221bac3f5dbd1cac73aa9b8252a1cc6e8..3678791b927a9d6bca523d6a79a5fbfff1b675cf 100644 --- a/base/server/tomcat/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java +++ b/base/server/tomcat8/src/com/netscape/cms/tomcat/SSLAuthenticatorWithFallback.java @@ -33,7 +33,6 @@ import org.apache.catalina.authenticator.BasicAuthenticator; import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.authenticator.SSLAuthenticator; import org.apache.catalina.connector.Request; -import org.apache.catalina.deploy.LoginConfig; /** * @author Endi S. Dewata @@ -52,11 +51,6 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase { log("Creating SSL authenticator with fallback"); } - @Override - public String getInfo() { - return "SSL authenticator with "+fallbackMethod+" fallback."; - } - public String getFallbackMethod() { return fallbackMethod; } @@ -75,7 +69,7 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase { } @Override - public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException { + public boolean authenticate(Request request, HttpServletResponse response) throws IOException { X509Certificate certs[] = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR); boolean result; @@ -90,7 +84,7 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase { log("SSL auth return code: "+code); } }; - result = sslAuthenticator.authenticate(request, wrapper, config); + result = sslAuthenticator.authenticate(request, wrapper); } else { log("Authenticating with "+fallbackMethod+" authentication"); @@ -102,20 +96,22 @@ public class SSLAuthenticatorWithFallback extends AuthenticatorBase { log("Fallback auth return code: "+code); } }; - result = fallbackAuthenticator.authenticate(request, wrapper, config); + result = fallbackAuthenticator.authenticate(request, wrapper); } if (result) return true; log("Result: "+result); + String realmName = AuthenticatorBase.getRealmName(request.getContext()); + StringBuilder value = new StringBuilder(16); value.append("Basic realm=\""); - if (config.getRealmName() == null) { + if (realmName != null) { value.append(REALM_NAME); } else { - value.append(config.getRealmName()); + value.append(realmName); } value.append('\"'); response.setHeader(AUTH_HEADER_NAME, value.toString()); diff --git a/base/server/tomcat/src/pki-tomcat.mf b/base/server/tomcat8/src/pki-tomcat.mf similarity index 100% rename from base/server/tomcat/src/pki-tomcat.mf rename to base/server/tomcat8/src/pki-tomcat.mf diff --git a/base/tks/CMakeLists.txt b/base/tks/CMakeLists.txt index 4b17ca0c889dc6228bcf8ca52587bb6341d0ed00..8bdf2258e9b6016ea0e4df99e91d5cbc4f29c3da 100644 --- a/base/tks/CMakeLists.txt +++ b/base/tks/CMakeLists.txt @@ -4,6 +4,14 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +if(WITH_TOMCAT7) + add_subdirectory(tomcat7) +endif(WITH_TOMCAT7) + +if(WITH_TOMCAT8) + add_subdirectory(tomcat8) +endif(WITH_TOMCAT8) + # install directories install( DIRECTORY diff --git a/base/tks/tomcat7/CMakeLists.txt b/base/tks/tomcat7/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/tks/tomcat7/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/tks/shared/conf/Catalina/localhost/tks.xml b/base/tks/tomcat7/conf/Catalina/localhost/tks.xml similarity index 100% copy from base/tks/shared/conf/Catalina/localhost/tks.xml copy to base/tks/tomcat7/conf/Catalina/localhost/tks.xml diff --git a/base/tks/tomcat8/CMakeLists.txt b/base/tks/tomcat8/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/tks/tomcat8/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/tks/shared/conf/Catalina/localhost/tks.xml b/base/tks/tomcat8/conf/Catalina/localhost/tks.xml similarity index 95% rename from base/tks/shared/conf/Catalina/localhost/tks.xml rename to base/tks/tomcat8/conf/Catalina/localhost/tks.xml index e838503a64e5442e114cf4e18f616fdffe39b647..2c045dec7beedf3ac5502ed26916d10ca42ade4c 100644 --- a/base/tks/shared/conf/Catalina/localhost/tks.xml +++ b/base/tks/tomcat8/conf/Catalina/localhost/tks.xml @@ -22,7 +22,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + @@ -34,4 +34,6 @@ + + diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt index dac32876c8e3c25ca3be11591a5eac65e18eb9c1..516d4264024a7b9b9a34cc33efa3f8eeaf590704 100644 --- a/base/tps/CMakeLists.txt +++ b/base/tps/CMakeLists.txt @@ -6,6 +6,14 @@ add_subdirectory(src) add_subdirectory(setup) add_subdirectory(shared/conf) +if(WITH_TOMCAT7) + add_subdirectory(tomcat7) +endif(WITH_TOMCAT7) + +if(WITH_TOMCAT8) + add_subdirectory(tomcat8) +endif(WITH_TOMCAT8) + # install manual pages install( DIRECTORY diff --git a/base/tps/tomcat7/CMakeLists.txt b/base/tps/tomcat7/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/tps/tomcat7/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/tps/shared/conf/Catalina/localhost/tps.xml b/base/tps/tomcat7/conf/Catalina/localhost/tps.xml similarity index 100% copy from base/tps/shared/conf/Catalina/localhost/tps.xml copy to base/tps/tomcat7/conf/Catalina/localhost/tps.xml diff --git a/base/tps/tomcat8/CMakeLists.txt b/base/tps/tomcat8/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c324e441fd2b17054cd8b5accb05510048d489a --- /dev/null +++ b/base/tps/tomcat8/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + DIRECTORY + conf/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf/ +) diff --git a/base/tps/shared/conf/Catalina/localhost/tps.xml b/base/tps/tomcat8/conf/Catalina/localhost/tps.xml similarity index 96% rename from base/tps/shared/conf/Catalina/localhost/tps.xml rename to base/tps/tomcat8/conf/Catalina/localhost/tps.xml index d80c1296dbd6a88a9263c50b351a31516682a59a..def403c2255674d94361eb970cb3f5f2fe8b7a2b 100644 --- a/base/tps/shared/conf/Catalina/localhost/tps.xml +++ b/base/tps/tomcat8/conf/Catalina/localhost/tps.xml @@ -22,7 +22,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + @@ -34,4 +34,6 @@ + + diff --git a/specs/dogtag-pki.spec b/specs/dogtag-pki.spec index e2ec0e0a790de608f7cdfbcd9bc03187dfe138d8..194d8e3cd279aef2c997414d985a80a47d32f985 100644 --- a/specs/dogtag-pki.spec +++ b/specs/dogtag-pki.spec @@ -22,7 +22,7 @@ ExcludeArch: ppc ppc64 ppcle ppc64le s390 s390x %if 0%{?rhel} %define tomcatjss_version 7.1.0-5 %else -%define tomcatjss_version 7.1.1 +%define tomcatjss_version 7.1.2 %endif Requires: apache-commons-codec @@ -118,6 +118,7 @@ rm -rf %{buildroot} %changelog * Thu Jan 8 2015 Dogtag Team 10.2.2-0.1 - Updated version number to 10.2.2-0.1 +- Added support for Tomcat 8. * Thu Jan 8 2015 Dogtag Team 10.2.1-1 - Update release number for release build diff --git a/specs/pki-core.spec b/specs/pki-core.spec index aac5b196778bbf9eff129985a78839dae9196093..1baa10cccf0ef1df8f760955cd5229cecd36af86 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -1,8 +1,36 @@ +# Python %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} +# Tomcat +%if 0%{?fedora} >= 23 +%define with_tomcat7 0 +%define with_tomcat8 1 +%else +# 0%{?rhel} || 0%{?fedora} <= 22 +%define with_tomcat7 1 +%define with_tomcat8 0 +%endif + +# RESTEasy +%if 0%{?rhel} +%define resteasy_lib /usr/share/java/resteasy-base +%else +# 0%{?fedora} +%define resteasy_lib /usr/share/java/resteasy +%endif + +# Dogtag +%bcond_without server +%bcond_without javadoc + +# ignore unpackaged files from native 'tpsclient' +# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app +%define _unpackaged_files_terminate_build 0 + + Name: pki-core Version: 10.2.2 Release: 0.1%{?dist} @@ -11,12 +39,6 @@ URL: http://pki.fedoraproject.org/ License: GPLv2 Group: System Environment/Daemons -%bcond_without server -%bcond_without javadoc -# ignore unpackaged files from native 'tpsclient' -# REMINDER: Remove this '%%define' once 'tpsclient' is rewritten as a Java app -%define _unpackaged_files_terminate_build 0 - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: cmake >= 2.8.9-1 @@ -39,7 +61,7 @@ BuildRequires: velocity BuildRequires: xalan-j2 BuildRequires: xerces-j2 -%if 0%{?rhel} +%if 0%{?rhel} # 'resteasy-base' is a subset of the complete set of # 'resteasy' packages and consists of what is needed to # support the PKI Restful interface on RHEL platforms @@ -50,7 +72,7 @@ BuildRequires: resteasy-base-jaxrs >= 3.0.6-1 BuildRequires: resteasy-base-jaxrs-api >= 3.0.6-1 BuildRequires: resteasy-base-jackson-provider >= 3.0.6-1 %else -%if 0%{?fedora} >= 22 +%if 0%{?fedora} >= 22 # Starting from Fedora 22, resteasy packages were split into # subpackages. BuildRequires: resteasy-atom-provider >= 3.0.6-7 @@ -80,7 +102,7 @@ BuildRequires: systemd-units %if 0%{?rhel} BuildRequires: tomcatjss >= 7.1.0-5 %else -BuildRequires: tomcatjss >= 7.1.1 +BuildRequires: tomcatjss >= 7.1.2 %endif # additional build requirements needed to build native 'tpsclient' @@ -245,7 +267,7 @@ Requires: python-ldap Requires: python-lxml Requires: python-requests >= 1.1.0-3 -%if 0%{?rhel} +%if 0%{?rhel} # 'resteasy-base' is a subset of the complete set of # 'resteasy' packages and consists of what is needed to # support the PKI Restful interface on RHEL platforms @@ -256,7 +278,7 @@ Requires: resteasy-base-jaxrs >= 3.0.6-1 Requires: resteasy-base-jaxrs-api >= 3.0.6-1 Requires: resteasy-base-jackson-provider >= 3.0.6-1 %else -%if 0%{?fedora} >= 22 +%if 0%{?fedora} >= 22 # Starting from Fedora 22, resteasy packages were split into # subpackages. Requires: resteasy-atom-provider >= 3.0.6-7 @@ -333,7 +355,7 @@ Requires: pki-base = %{version}-%{release} Requires: pki-tools = %{version}-%{release} Requires: policycoreutils-python -%if 0%{?fedora} >= 21 +%if 0%{?fedora} >= 21 Requires: selinux-policy-targeted >= 3.13.1-9 %else # 0%{?rhel} || 0%{?fedora} < 21 @@ -355,7 +377,7 @@ Requires(postun): systemd-units %if 0%{?rhel} Requires: tomcatjss >= 7.1.0-5 %else -Requires: tomcatjss >= 7.1.1 +Requires: tomcatjss >= 7.1.2 %endif %description -n pki-server @@ -594,10 +616,15 @@ cd build -DBUILD_PKI_CORE:BOOL=ON \ -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \ -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ -%if 0%{?rhel} - -DRESTEASY_LIB=/usr/share/java/resteasy-base \ -%else - -DRESTEASY_LIB=/usr/share/java/resteasy \ +%if ! %{with_tomcat7} + -DWITH_TOMCAT7:BOOL=OFF \ +%endif +%if ! %{with_tomcat8} + -DWITH_TOMCAT8:BOOL=OFF \ +%endif + -DRESTEASY_LIB=%{resteasy_lib} \ +%if ! %{with server} + -DWITH_SERVER:BOOL=OFF \ %endif %if ! %{with server} -DWITH_SERVER:BOOL=OFF \ @@ -901,6 +928,7 @@ systemctl daemon-reload - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency. +- Added support for Tomcat 8. * Thu Jan 8 2015 Dogtag Team 10.2.1-1 - Update release number for release build -- 1.9.3 From edewata at redhat.com Thu Mar 5 16:39:20 2015 From: edewata at redhat.com (Endi Sukma Dewata) Date: Thu, 05 Mar 2015 23:39:20 +0700 Subject: [Pki-devel] [PATCH] 557 Fixed CMake issues on F22. In-Reply-To: <54F6206B.2090804@redhat.com> References: <54F6206B.2090804@redhat.com> Message-ID: <54F886B8.2040408@redhat.com> On 3/4/2015 3:58 AM, Endi Sukma Dewata wrote: > Some CMake scripts have been updated to work on both F21 and F22. > > https://fedorahosted.org/pki/ticket/1281 ACKed by Ade. Pushed to master. -- Endi S. Dewata From mharmsen at redhat.com Thu Mar 5 23:22:10 2015 From: mharmsen at redhat.com (Matthew Harmsen) Date: Thu, 05 Mar 2015 16:22:10 -0700 Subject: [Pki-devel] Karma request for Dogtag 10.2.1 PKI packages in Fedora 21 . . . Message-ID: <54F8E522.5020204@redhat.com> Everyone, Per the following ticket, it was determined that we would backport Dogtag 10.2.1 (previously only available in Fedora 22) back to Fedora 21: * *PKI TRAC Ticket #1287 - Consider backporting Dogtag 10.2.1 to Fedora 21 * Please provide Karma for the following packages: * *Fedora 21:* o *dogtag-pki-theme-10.2.1-1.fc21 * o *pki-core-10.2.1-1.fc21 * o *pki-console-10.2.1-1.fc21 * o *dogtag-pki-10.2.1-1.fc21 * Enjoy, -- Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From ftweedal at redhat.com Fri Mar 6 08:16:29 2015 From: ftweedal at redhat.com (Fraser Tweedale) Date: Fri, 6 Mar 2015 18:16:29 +1000 Subject: [Pki-devel] [PATCH] 0026 Add lightweight sub-CA support Message-ID: <20150306081628.GL7251@dhcp-40-8.bne.redhat.com> G'day, The first major patch for lightweight sub-CAs is attached for review. Some important features are not yet implemented in this patch: - Sub-CA creation - Caching of sub-CA instances - Signing key replication for clones - CRLs (the OCSP servlet works for sub-CAs, however) - Sub-CA support is possibly missing from some web servlets / templates. Let me know if you hit any. Because sub-CA creation is not implemented, if you want to test this patch you will need to: 1. Use the top-level CA to sign a sub-CA certificate and manually install it in the NSSDB with the nickname: "${TOPLEVEL_CA_NICKNAME} ${SUB_CA_HANDLE}" 2. Create the sub-CA certificate repository OU: "ou=${SUB_CA_HANDLE},ou=certificateRepository,ou=ca,o=pki-tomcat-CA" 3. When submitting requests or other queries via HTTP, edit the initial link target or form action to include the query parameter: "?caRef=${SUB_CA_HANDLE}" (Subsequent pages should not require this intervention.) I have also updated the design proposal with some refinements and details of the implementation so far: http://pki.fedoraproject.org/wiki/Lightweight_sub-CAs Looking forward to your feedback / bug reports! Fraser -------------- next part -------------- >From 711a0601073068ce89e76ce7093d3665a5022ccc Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Wed, 28 Jan 2015 02:41:10 -0500 Subject: [PATCH] Add lightweight sub-CA support --- .../shared/webapps/ca/agent/ca/queryCert.template | 9 ++- .../webapps/ca/agent/ca/reasonToRevoke.template | 2 + .../shared/webapps/ca/agent/ca/srchCert.template | 2 + base/ca/shared/webapps/ca/ee/ca/queryCert.template | 6 +- .../webapps/ca/ee/ca/reasonToRevoke.template | 2 + .../src/com/netscape/ca/CertificateAuthority.java | 90 ++++++++++++++++++++-- base/ca/src/com/netscape/ca/SigningUnit.java | 10 ++- .../netscape/certsrv/ca/ICertificateAuthority.java | 17 ++++ .../netscape/certsrv/profile/IEnrollProfile.java | 5 ++ .../cms/profile/common/CAEnrollProfile.java | 7 +- .../netscape/cms/profile/common/EnrollProfile.java | 3 + .../cms/profile/def/AuthInfoAccessExtDefault.java | 8 +- .../def/AuthorityKeyIdentifierExtDefault.java | 17 +++- .../netscape/cms/profile/def/CAEnrollDefault.java | 4 +- .../netscape/cms/servlet/cert/DisplayBySerial.java | 31 ++++---- .../com/netscape/cms/servlet/cert/DoRevoke.java | 15 ++-- .../cms/servlet/cert/EnrollmentProcessor.java | 7 ++ .../com/netscape/cms/servlet/cert/ListCerts.java | 23 +++--- .../netscape/cms/servlet/cert/ReasonToRevoke.java | 13 ++-- .../com/netscape/cms/servlet/cert/SrchCerts.java | 24 +++--- .../com/netscape/cms/servlet/ocsp/OCSPServlet.java | 5 +- 21 files changed, 227 insertions(+), 73 deletions(-) diff --git a/base/ca/shared/webapps/ca/agent/ca/queryCert.template b/base/ca/shared/webapps/ca/agent/ca/queryCert.template index 40ee64b0c0b62a0ff409f2617b956647b8779b59..39f933bcd9cd777a22e1baf4fdc4d8e33e5295bc 100644 --- a/base/ca/shared/webapps/ca/agent/ca/queryCert.template +++ b/base/ca/shared/webapps/ca/agent/ca/queryCert.template @@ -321,8 +321,10 @@ function displayCertificateRecord(i, cert) ""+ " \n"+ " "+ ""+ @@ -419,6 +421,7 @@ function doNext(element) var form = element.form; // form.action = "/"+result.header.op; form.action = "/ca/agent/ca/listCerts"; + form.caRef.value = result.header.caRef || ""; form.op.value = result.header.op; form.queryCertFilter.value = result.header.queryCertFilter; form.direction.value= "down"; @@ -472,6 +475,8 @@ document.write( "\n"+ "\n"+ +"\n"+ "\n"+ ""+ " \n"+ " "+ ""+ diff --git a/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template b/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template index 2a608438b1f46b7695a8692ed857ce7de6e07d42..4a6abb830cde161223164e49039b68a4b2b891d3 100644 --- a/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template +++ b/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template @@ -448,6 +448,8 @@ function revokeCert(serialNumber)