[Pki-users] Announcing the release of Dogtag 10.0.2

Moyer, Thomas - 0558 - MITLL thomas.moyer at ll.mit.edu
Fri May 3 18:26:08 UTC 2013 

That is what I needed. Thanks!

-Tom

--
Thomas Moyer, Ph.D.
58: Cyber Systems and Technology
http://www.ll.mit.edu/CST
244 Wood St, Lexington, MA 02420
(781) 981-1374    Office: C-385H












On 5/3/13 12:57 PM, "Ade Lee" <alee at redhat.com> wrote:

>Hi, 
>
>We're working on some more substantial documentation, and maybe some
>javadocs.  In the meantime, there is some information on a wiki page:
>
>http://pki.fedoraproject.org/wiki/REST
>
>In particular, there is a section called "Current Implementation", which
>has links to the relevant files in the code.  If you look at the
>resource files, you'll see exactly which calls and URLs have been
>implemented.
>
>http://pki.fedoraproject.org/wiki/RESTEasy has more details on how to
>interpret the files.
>
>The java client framework is - by definition - complete, because
>Resteasy provides a client framework.
>
>The Python client framework will be expanded to include all operations
>very soon.  For now, it just covers initial deployment operations.
>
>FreeIPA has implemented some python code to do things like listing and
>querying certs and requests though in Python.
>
>On Fri, 2013-05-03 at 09:57 -0400, Moyer, Thomas - 0558 - MITLL wrote:
>> Is there documentation on the REST interface that I can look at? I've
>> found some examples, but nothing that outlines everything.
>> 
>> Also, does the Python client framework support querying for
>>certificates,
>> or is it just for the initial deployment?
>> 
>> Thanks!
>> 
>> -Tom
>> 
>> On 5/2/13 10:09 PM, "Ade Lee" <alee at redhat.com> wrote:
>> 
>> >The Dogtag team is proud to announce the second errata build for
>> >Dogtag v10.0.0.
>> >
>> >Builds are available for Fedora 18 and Fedora 19 in the updates-testing
>> >repo.  Please try it out and provide karma to move them to the F18 and
>> >F19 stable repos.
>> >
>> >Daily developer builds for Fedora 17, 18 and 19 are available at
>> >http://nkinder.fedorapeople.org/dogtag-devel/fedora/
>> >
>> >== Build Versions ==
>> >pki-core-10.0.2-2
>> >pki-ra-10.0.2-2
>> >pki-tps-10.0.2-2
>> >dogtag-pki-10.0.2-1
>> >dogtag-pki-theme-10.0.2-1
>> >pki-console-10.0.2-2
>> >
>> >== Highlights since Dogtag v. 10.0.1 ==
>> >* A new Python client framework has been written to connect to the
>> >restful interface on the java subsystems.  This interface was used
>> >for some installation functionality and will continue to be expanded.
>> >
>> >* pkispawn and pkidestroy were modified to use the new Python client
>> >framework and the dependency on jython was eliminated.
>> >
>> >* The installation interfaces were changed so that most of the
>> >installation interactions take place over the admin interface.
>> >
>> >* New command line parameters have been added to pkidestroy to provide
>> >the username and password of the security domain administrator to
>>update
>> >the security domain.  Formerly, no credentials were required because we
>> >used the subsystem certificate of the subsystem for authentication.
>>The
>> >new method provides better auditing as to exactly who is de-registering
>> >and removing a subsystem.  As such, use of the new options is
>> >recommended, and will be made mandatory in a future release.
>> >
>> >* Although it is possible to run Dogtag 9 style instances on Dogtag 10,
>> >these instances do not have the required configuration to expose the
>> >RESTful interface.  A new servlet has been added to return 501 (Not
>> >implemented) on these instances when the REST URLs are accessed.  This
>> >is only applicable on Fedora 18 (See Fedora 19 note below).
>> >
>> >* A new interactive mode has been added to pkispawn and pkidestroy.  In
>> >this mode, users are prompted for details in order to set up the most
>> >basic servers.  Any customizations would still need to be done through
>> >configuration files.   Interactive mode is an excellent way for users
>>to
>> >set up a server and become familiar with Dogtag.
>> >
>> >* Support has been added for the random generation of serial numbers
>>for
>> >certificates issued.  More details about this feature and how to enable
>> >it can be found here:
>> >http://pki.fedoraproject.org/wiki/Random_Certificate_Serial_Numbers
>> >
>> >
>> >* Nonces are used in Dogtag to prevent cross-site request forgery and
>> >replay attack, but they were stored in a global list.  To prevent
>> >possible collisions with other user's nonces, they are now stored in
>> >each user's session.
>> >
>> >* Previously, session IDs were generated using /dev/random, which may
>> >block under certain circumstances, making server startup slow. To avoid
>> >this, the server configuration has been changed to use PKCS11PRNG
>> >provided by JSS.
>> >
>> >* A new upgrade framework has been added to allow instances to be
>> >automatically upgraded when new packages are installed.  This framework
>> >will be used to eventually remove the need for migrations between
>> >releases.  The upgrade scripts are invoked by postinstall scriptlets in
>> >the pki-base and pki-server packages.  On completing an upgrade, users
>> >should check the upgrade logs in /var/log/pki/pki-upgrade-*.log
>> >and /var/log/pki/pki-server-upgrade-*.log for any errors.  The upgrade
>> >scripts (pki-upgrade and pki-server-upgrade) can also be run manually.
>> >Additional troubleshooting information can be found at:
>> >http://pki.fedoraproject.org/wiki/Upgrade
>> >
>> >* New CLI has been added to simplify client certificate management
>> >including importing and trusting CA certificates.
>> >
>> >* Previously, the pki CLI tool used the same parameter (-w) to specify
>> >both user and client certificate database passwords.  The CLI has been
>> >modified to use a new parameter (-c) for the database password, and -w
>> >for the user password.
>> >
>> >* Multiple additional fixes to pkispawn, pkidestroy, pki and their man
>> >pages.
>> >
>> >== Notes on Fedora 19 ==
>> >Fedora 19 does not provide tomcat 6.  Dogtag 9 style instances will
>> >therefore no longer work on Fedora 19.  These instances need to be
>> >migrated to Dogtag 10.
>> >
>> >To prevent inadvertently disabling Dogtag instances, code has been
>>added
>> >to prevent upgrades to Fedora 19 if Dogtag 9 instances exist.  Details
>> >on how to upgrade Dogtag 9 instances and workarounds can be found at:
>> 
>>>http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag
>>>_1
>> >0
>> >
>> >== Detailed Changes since Dogtag v. 10.0.1 ==
>> >
>> >akoneru (23):
>> >#191 Map REST exceptions to HTTP status codes
>> >#217 CLI should display message on operations that complete with error
>> >#290 Add hints to option descriptions for cert-find cli command
>> >#383 Extend coverity tests to scan other subsystems (TPS, etc.)
>> >#452 Dogtag 10: Fix minor RA and TPS Configuration Wizard Panel issues
>> >#465 Verify 'pki_backup_keys=True' if 'pki_backup_password'is set
>> >#470 Prevent concurrent execution of pkispawn/pkidestroy
>> >#471 Update man pages for interactive pkispawn/pkidestroy
>> >#493 interpolation in pkispawn scripts should not apply to passwords
>> >#502 Change pkidestroy "-w" option to require a password file
>> >#507 Mark pki.conf as configuration file in RPM spec
>> >#509 man page for pkispawn should be modified to specify
>> >     pki_ca_signing_subject_dn when setting up subordinate CA
>> >#514 Clean up pkispawn output
>> >#521 Separate python deployment engine from python deployment
>> >     scriptlets source code
>> >#525 Incorrect info in pkispawn man page
>> >#536 Catch keyboard interrupt
>> >#542 Remove all "respawn()" logic from "pkispawn"
>> >#543 Incorrect user-show usage.
>> >#549 PKCS10Client tool throws java exception NoClassDefFoundError
>> >#563 Use timeout in configuration script
>> >#566 Mask sensitive parameters in archived config
>> >#592 pkispawn not reporting the error message when exceptions are
>>thrown
>> >#593 Error caused by JSON Configuration result decoding when installing
>> >     CA clone
>> >
>> >alee (9):
>> >#232 add python binding for pkispawn/ pkidestroy
>> >#419 REST interface for cert requests
>> >#532 refactor pkispawn to use new python client
>> >#546 Upgrade script for clone installation
>> >#564 Rename base/deploy to base/server
>> >#589 dependency needed for java-atk-wrapper in f19
>> >#578 Rest API does not work on d9 -> d10 upgrade instances
>> >#590 pki-base needs to deliver /var/log/pki
>> >#597 Create 10.0.2 builds
>> >
>> >awnuk (7):
>> >#569 Port support for random certificate serial numbers to Dogtag 10
>> >#570 Port patch allowing to support random certificate serial numbers
>> >     for system certificates to Dogtag 10
>> >#579 Port patch allowing to clone CA with random serial number enabled.
>> >#580 Port patch allowing to restart CA clone during configuration
>> >     change to random serial numbers.
>> >#584 Port patch including system certificates with random serial
>> >     numbers in the certificate counter.
>> >BZ 955784 - Correct Javascript inability to handle big numbers
>> >BZ 951501 - Coorects key IDs miscalculated by Javascript
>> >
>> >
>> >cfu (6):
>> >BZ 929043 - serverCert.profile with SAN results in
>> >SubjectAltNameException
>> >BZ 927545 - Transport Cert signing Algorithm doesn't show ECC Signing
>> >Algorithm
>> >BZ 904289 - Add ECC Support to Certificate Profiles
>> >BZ 902952 - RFE: Revocation routing with TPS and multiple non-cloned
>>CAs
>> >BZ 903401 - TMS: RSA token enrollment failed : public key decode error
>> >#362 CMC ECC 
>> >
>> >edewata (24)
>> >#190 REST interface for user-group membership.
>> >#291 Fix forma of validityUnit option in cert-find command
>> >#380 default install: part 2
>> >#472 pkispawn should test DS info
>> >#473 pkispawn should test security domain info
>> >#474 Session-based nonces
>> >#476 Limit username & password authentication
>> >#477 Annotation for authentication methods
>> >#491 Prompt CLI user on certificate warnings.
>> >#497 Date format for cert-find
>> >#498 [RFE] Add dates to cert-find output
>> >#500 validityCount option returns 500 error
>> >#501 Add cert status option to cert-find
>> >#503 Dogtag 10: Security Domain Issues
>> >#511 Add cert-request-show command.
>> >#520 CLI returns 0 on error
>> >#523 Add CLI option to capture HTTP data
>> >#524 Tomcat blocks during startup
>> >#535 python-requests compatibility problem
>> >#541 Use FQDN instead of localhost in CLI
>> >#544 Implement upgrade framework
>> >#545 Upgrade script for random number generator
>> >#553 pki.conf needs to be delivered by pki-base
>> >#598 Upgrade script for JNI_JAR_DIR
>> >
>> >jmagne (1):
>> >#587 ipa-server-install crashes due to sslget error
>> >
>> >mharmsen (7):
>> >#409 Add pkispawn option to not copy the UI pieces (gifs, templates).
>> >#488 Dogtag 10: Fix cli 'cert-find' clientAuth issue
>> >#517 Clean up theme dependencies
>> >#518 Remove UI dependencies from pkispawn
>> >#602 pkiconsole cannot find 'jss4.jar' on Fedora 19
>> >BZ 947524 - Clone installation does not work over NAT
>> >BZ 919476 - pkispawn crashes due to dangling symlink to jss4.jar
>> >
>> >
>> >_______________________________________________
>> >Pki-users mailing list
>> >Pki-users at redhat.com
>> >https://www.redhat.com/mailman/listinfo/pki-users
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5142 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20130503/adb86444/attachment.p7s>

More information about the Pki-users mailing list