<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Timo Aaltonen pushed to branch master

at <a href="https://salsa.debian.org/freeipa-team/dogtag-pki">FreeIPA packaging / dogtag-pki</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/54715f2eec6e66273fcb6e837e63c2d0ab10d72c">54715f2e</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-21T10:39:20-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make JDK dependency dynamic

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/10e9741aa178037d93ff88253832adf19e0288b0">10e9741a</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-21T10:39:20-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add server dependency on jaxb-api

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f909302ac6ac02a8720e76603aa68386a27158cb">f909302a</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-21T10:39:20-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JAXB Implementation dependency for JDK11+

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ac264424a8a040113fbbc206ec5985dd528320e6">ac264424</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-21T10:39:20-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add Jakarta Activation dependency for JDK11+

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1753780b47c6935816d5419dafcea667fb01fed4">1753780b</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-21T11:14:11-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix permissions when installing clone

When pkispawn runs, it executes as root. However, rarely is PKI

installed as root. The resulting permissions on ca.crt are 600,

preventing later pki-server migrate command from running, as it

runs as pkiuser, who doesn't have access to ca.crt. Fix the

permissions when we initially create ca.crt to be owned by pkiuser.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/12c5a338d63cfac827d5c0ca82975eb5b801c935">12c5a338</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-08-25T07:48:20+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">control: Fix pki-base-java openjdk depends, bump it to 11.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c6381d1df3a85a9e5d07135ebd3e6745ec773eda">c6381d1d</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-31T12:05:00-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update javax-activation paths for Debian

As reported by Timo on IRC.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9f9ef6301b67c9e0b917db80c686831462d9236a">9f9ef630</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-31T12:05:00-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Migrate JAVA_HOME in instance configuration

When we upgrade from F32 to F33, we need to be able to upgrade JAVA_HOME

to set it to the new value. This value will also change on F32 (from a

JDK8-specific path to a generic path). This requires migration to happen

on subsystem start.

This means that the recommended way to configure JAVA_HOME to a value

OTHER then what's shipped in /usr/.../pki.conf becomes to set it in

/etc/.../pki.conf, and means that /etc/sysconfig/tomcat.conf gets

rewritten each time.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a4c9fbe5004091c9a4d846acba530b9baf3ef9bc">a4c9fbe5</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-08-31T12:05:00-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enforce JDK 8 source and bytecode everywhere

This will ensure that, as F33 and later releases happen, we'll continue

developing code compatible with RHEL 8 and F32.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0a08549167b78241342d6d9570fc245d72d42156">0a085491</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-09-02T09:43:34-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move COPR to v10.9

Because v10.9 has been branched from master and a new COPR repo has been

created, we should use it instead of the v10.10/master branch COPR repo.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1fd3016c39e1c0aadd4f892051417011786a0f8f">1fd3016c</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-09-03T11:57:44-05:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Keep JAVA_HOME in tomcat.conf

Despite the name tomcat.conf, this is also the main configuration file

loaded by instances. Instances (especially pkispawn) expect config to be

only the Tomcat configuration, despite loading configuration from the

environment as well. Eventually, we should migrate all of this to use

the global configuration rather than the per-instance configuration.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dc495b0abbf37db917aaad6ed15d403a95d85d8f">dc495b0a</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-09-11T12:57:12-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove SSL configuration; rely on crypto-policies

When TLSv1.3 support landed in Fedora and RHEL, crypto-policies enabled

it everywhere including in FIPS mode. However, because we bounded the

range above by TLSv1.2, we wouldn't negotiate TLSv1.3 when communicating

with CA instances. crypto-policies should be the single source of truth

for these values, and we shouldn't limit ourselves artificially.

Instead, users should change crypto-policies to the correct policy for

their needs.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/24985cb8ddd7a40b05b7ab9e9d6a24d1d965cd08">24985cb8</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-09-11T12:57:12-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enable PHA in legacy SSLSocket

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/70f7b2b55950083ea75607b65f313bdc55c9c651">70f7b2b5</a></strong>

<div>

<span>by Endi S. Dewata</span>

<i>at 2020-09-11T16:39:37-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.3

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62123c49312c84c438fed9054392968258a9b965">62123c49</a></strong>

<div>

<span>by Endi S. Dewata</span>

<i>at 2020-09-11T16:39:37-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add JAVA_VERSION for CMake

The RPM spec and CMake files have been modified to detect the

actual Java version used to build PKI and add the appropriate

libraries for that version.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/12e21c54bb6ae745f504773cfc32b23d4e023550">12e21c54</a></strong>

<div>

<span>by Endi S. Dewata</span>

<i>at 2020-09-11T16:39:37-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed missing sslserver and subsystem certs

When installing an additional subsystem into an instance,

the deployment scriptlet has been modified to copy the

cert and request data for sslserver and subsystem certs

from the existing subsystem.

https://bugzilla.redhat.com/show_bug.cgi?id=1869893

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e4a3205176764578dbf4ed915affe75052993fa2">e4a32051</a></strong>

<div>

<span>by Endi S. Dewata</span>

<i>at 2020-09-11T16:39:37-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added upgrade script to fix missing cert/request data

An upgrade script has been added to fix the missing sslserver

and subsystem cert/request data by copying it from another

subsystem.

https://bugzilla.redhat.com/show_bug.cgi?id=1869893

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/29b7d32146a7bafa2fbcafe5630e140a359f98d2">29b7d321</a></strong>

<div>

<span>by Alexander Scheel</span>

<i>at 2020-09-11T16:39:37-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update version number to v10.9.4

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b02cb7390f8212d0a7658d9261eb4be784e2442a">b02cb739</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-09-14T14:49:46+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rules: Set P11_KIT_TRUST.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fdc06d60e718269501eb876d1948d80155c49516">fdc06d60</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-09-14T16:21:56+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream'

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4ae1e57b8f37f9a4245327ff3e3aae5a75f58afe">4ae1e57b</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-09-14T16:24:06+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1b728ae8239fbdfeecb2ed9b439f75000b38b35c">1b728ae8</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-09-14T20:56:17+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">add-more-deps.diff: Dropped, upstream.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8e539fc5cb72e47c5b6e34e6d19c2a16db402d04">8e539fc5</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-09-15T15:13:02+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-java11-dependencies.diff: Make sure the necessary directories are created before adding symlinks to jars.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c92092b6c2a786d886f7f047f7954148716fbc4d">c92092b6</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-09-15T15:15:48+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rules: Add more cruft to remove on dh_auto_clean.

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d2424243d77b68578e41ebf3b459ceb748ff7fce">d2424243</a></strong>

<div>

<span>by Timo Aaltonen</span>

<i>at 2020-09-15T15:18:04+03:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">revert-support-jdk8-jdk11-rpm-builds.diff: Dropped, fix PKI_JAVA_PATH instead.

</pre>

</li>

</ul>

<h4>30 changed files:</h4>

<ul>

<li class="file-stats">

<a href="#354079a72b91a4280407c16a36f47d1986fd85a5">

.classpath

</a>

</li>

<li class="file-stats">

<a href="#4b905b3ce8db4f70f4829d47fb4b4f852ff810a2">

.github/workflows/required-tests.yml

</a>

</li>

<li class="file-stats">

<a href="#9a2aa4db38d3115ed60da621e012c0efc0172aae">

CMakeLists.txt

</a>

</li>

<li class="file-stats">

<a href="#d0f22e8bdff03f4e5a1fd1bf9ce97db437323959">

base/CMakeLists.txt

</a>

</li>

<li class="file-stats">

<a href="#e502cdb2bfa4f66d84929371f23f1685e762a62f">

base/common/CMakeLists.txt

</a>

</li>

<li class="file-stats">

<a href="#ee6eea617413f293fc87930b8ffae297f8717100">

base/common/share/etc/pki.conf

</a>

</li>

<li class="file-stats">

<a href="#5ab535b41471bb4f50ea0cce4d10a8c15d9f8580">

base/console/src/com/netscape/admin/certsrv/connection/JSSConnection.java

</a>

</li>

<li class="file-stats">

<a href="#4e348edd37c4f5bcefc437a55b2ca3b262939f2d">

base/java-tools/src/com/netscape/cmstools/HttpClient.java

</a>

</li>

<li class="file-stats">

<a href="#8f5a10bbe046de776f7d1f1b0b5dcc6b51e33e9b">

base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java

</a>

</li>

<li class="file-stats">

<a href="#d3188af33f626497aa80ec3ce2cb4a3258878383">

base/server/CMakeLists.txt

</a>

</li>

<li class="file-stats">

<a href="#0234ba93fe1e75f6abb99520f7e66e9f89690cba">

base/server/python/pki/server/cli/migrate.py

</a>

</li>

<li class="file-stats">

<a href="#5e99ce7a97f8222c34161f5b8c4cefea88c047ec">

base/server/python/pki/server/deployment/scriptlets/configuration.py

</a>

</li>

<li class="file-stats">

<a href="#f9156742f265ceda809cfbd76a605be52cb500a2">

base/server/python/pki/server/deployment/scriptlets/security_databases.py

</a>

</li>

<li class="file-stats">

<a href="#648d25b07c7bc2f74a33f3fd9f701aad03d83a83">

base/server/share/conf/pki.policy

</a>

</li>

<li class="file-stats">

<a href="#876f26c43e415e563a76beebf278943e3a42f103">

base/server/share/lib/systemd/system/pki-tomcatd-nuxwdog@.service

</a>

</li>

<li class="file-stats">

<a href="#205bfd69bde61e97f92d46cb6cc6a094397b261d">

base/server/share/lib/systemd/system/pki-tomcatd@.service

</a>

</li>

<li class="file-stats">

<a href="#3cd0ebced45274639429ad3904990361324e873a">

<span class="new-file">

+

base/server/upgrade/10.9.3/01-FixMissingCertAndRequestData.py

</span>

</a>

</li>

<li class="file-stats">

<a href="#13b10cc98064f78a5d6b0c593bf1aa0fbd5749c0">

cmake/Modules/Java.cmake

</a>

</li>

<li class="file-stats">

<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">

debian/changelog

</a>

</li>

<li class="file-stats">

<a href="#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2">

debian/control

</a>

</li>

<li class="file-stats">

<a href="#26ec858e974d85e06dc46cc4de0088cc3c3d4347">

<span class="deleted-file">

−

debian/patches/add-more-deps.diff

</span>

</a>

</li>

<li class="file-stats">

<a href="#923121f42b0ad180240555c6031b6bee76a92af3">

<span class="new-file">

+

debian/patches/fix-java11-dependencies.diff

</span>

</a>

</li>

<li class="file-stats">

<a href="#3860a3d309cfe67ceae99ac08985a99283411757">

<span class="new-file">

+

debian/patches/fix-pki-java-path.diff

</span>

</a>

</li>

<li class="file-stats">

<a href="#7b6852d211bb052c17bbc4cb44bf90da533298c4">

<span class="deleted-file">

−

debian/patches/revert-support-jdk8-jdk11-rpm-builds.diff

</span>

</a>

</li>

<li class="file-stats">

<a href="#bc34014ab4b9a49dd7a27bdd8d352912607c3a96">

debian/patches/series

</a>

</li>

<li class="file-stats">

<a href="#8756c63497c8dc39f7773438edf53b220c773f67">

debian/rules

</a>

</li>

<li class="file-stats">

<a href="#62cca7e310fbc871f9497911d2164958c5f3d4a5">

pki.spec

</a>

</li>

<li class="file-stats">

<a href="#442292b8a7efeabbe4cc176709b833b1792140ec">

pom.xml

</a>

</li>

<li class="file-stats">

<a href="#e48713a8024e2f4f651352bb3fdfa510dbfc5d9a">

scripts/compose_pki_test_package

</a>

</li>

<li class="file-stats">

<a href="#08ea960debf6238b8d3a9c0f02a0baf2b3788eaa">

tests/dogtag/dev_java_tests/run_junit_tests.sh

</a>

</li>

</ul>

<h5>The diff was not included because it is too large.</h5>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/07d31730a1644ed314b5a132d9cae247ce2c4e54...d2424243d77b68578e41ebf3b459ceb748ff7fce">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>