[Pkg-freeipa-devel] dogtag-pki: Changes to 'master-next'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Apr 9 12:42:38 UTC 2015
New branch 'master-next' available with the following commits:
commit 320872a6ee019553566750f178b3e7289b1119fc
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 7 10:32:03 2015 +0300
pki-server.install: Add sbin/pki-server.
commit 59ed408a39647cb1d29896fe1a6f310993ae7f4e
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Apr 7 10:31:33 2015 +0300
fix-jackson-paths.diff: Dropped, obsolete. Refresh other patches to drop unused jackson includes.
commit d9d30e7a241a9863d95f285ad52a6a28b4f2d235
Merge: 1ebd8d1 babd6e2
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 17:12:49 2015 +0300
Merge tag 'DOGTAG_10_2_2_FEDORA_22_20150318' into master-next
Build for 10.2.2-1 for Fedora 22
commit 1ebd8d1241dc5b6e2bf7bfa4bcb5d9205406ae82
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 17:12:16 2015 +0300
control: Add python-sphinx to build-depends.
commit b209c68fe7b3895f72f38d4b7d261f308ab6bfda
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 17:11:51 2015 +0300
pki-tools.install: Add pki-ca-profile manpage.
commit 64eb7c4319182d896f5821a7b8b97c253e742c35
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 16:22:28 2015 +0300
control: Drop libcrypt-ssleay-perl and libxml-perl from depends.
commit cf5950c6e4ef3e8841ae25f1f0644df731b7559d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 16:21:27 2015 +0300
update changelog, refresh patches and drop upstream ones
commit e18a73da109246469aeaaf2164c4f5fd9a5134d3
Merge: e8c9fc7 1676336
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Apr 2 15:31:06 2015 +0300
Merge branch 'experimental' into master-next
commit babd6e2bc75d89a5f7e5400b11751c5a52bfb1d1
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Wed Mar 18 09:35:28 2015 -0600
Fix for pylint 1.3 --> 1.4
Placing 'ldap' on the whitelist was insufficient for the Fedora 22
i686 platform, therefore, ldap was added to 'ignored-modules'.
commit fa260ee8023c37936d432e52e69ade02a43cecee
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Tue Mar 17 23:43:03 2015 -0600
Fix for pylint 1.3 --> 1.4 (e1101 - no member on all C extension)
- Reference: http://stackoverflow.com/questions/28437071/pylint-1-4-reports-e1101no-member-on-all-c-extensions
commit 0e118a4888caafccdd0a9268c958015d43db19d4
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Tue Mar 17 19:50:46 2015 -0600
Removed problematic header file from CMakeLists.txt file that prevented
compilation on Fedora 22.
commit a097ce0437449c4ef9d580a2f7fc3e94d5c26a8d
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Tue Mar 17 14:56:06 2015 -0600
Fixed development script.
commit 67b24a0d3bd8fb11b359c0ebf5106544495fbe72
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Tue Mar 17 14:39:32 2015 -0600
Update release number for release build (10.2.2)
commit 87ffc7a341860f3f1ece434e90e4bc33a02b8155
Author: Jack Magne <jmagne at localhost.localdomain>
Date: Thu Mar 12 19:08:41 2015 -0700
NISTSP8000 feature.
Implementation of the nistSP800 dervication feature.
Works for both supported scp01 cards and scp02 cards.
During the various session key and key upgrade functions, the nist dervication code is being called.
Review comments addressed
Cleanup of some input validation on the TKS.
Added some sanity checking on the TPS side for key versions and token cuid's and kdd's.
Final review comments.
Fixed issue with extracting the kdd from the AppletInfo class.
Fixed issue with sending the KDD to the encryptData TKS servlet.
Added requested entries to the CS.cfg .
commit f98e599b1e95572a589b8813bc6cb0c2e70fdd0b
Author: Fraser Tweedale <frase at frase.id.au>
Date: Mon Mar 16 02:15:39 2015 -0400
Store groups on AuthToken and update group evaluator
Update the UidPwdDirAuthentication plugin to retrieve all the user's
groups from a directory and store them on the AuthToken.
Also update the group evaluator to match against all the groups
stored in the AuthToken. The "gid" and "groups" are merged into a
single collection, if the ACL operation is "=" the collection is
checked under disjunction, and if the operation is "!=", then
conjunction.
Fixes https://fedorahosted.org/pki/ticket/1174
commit a44ccf872262b1289cd2577a6ba55071066a5209
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Fri Mar 13 16:53:52 2015 -0600
Allow use of secure LDAPS connection
- PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
commit a54e29d5be1b38158cc44a8bdeda5dcb96fd4096
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Thu Mar 12 17:35:40 2015 +0530
Update pki-qe-tools.jar file
Add generateDualCRMFRequest.java and Certificate_Record.java
commit a1b68d34a82d0a27e2c5eccdcb8d4e866ddfd602
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Thu Mar 12 17:35:03 2015 +0530
Port legacy clone drm tests to beaker
commit 22ab9648aa88af7d75f5bdd4490ce9444ee6dd67
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Mar 9 17:02:40 2015 +0530
Adding legacy ipa-tests and ca-clone tests
commit 84610884fa52ad47599d2e78eaecb339f081b1ee
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Tue Mar 3 15:18:39 2015 -0700
PKI TRAC Ticket #1284 - pkispawn URL redirect issue (simple fix)
commit 69640a184ab10d78d57d5c3cd235eefc752bb859
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Thu Mar 5 11:09:47 2015 -0700
Update compose_functions development script to account for remote tarballs
and patches
PKI TRAC Ticket #1211 - New release overwrites old source tarball
commit 9bccfa9fcf2ea8361f1a32ea89ec69d37a4e43a8
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Feb 24 21:02:13 2015 -0500
Fixed CMake issues on F22.
Some CMake scripts have been updated to work on both F21 and F22.
https://fedorahosted.org/pki/ticket/1281
commit f39e3387f8a671ef97a08d1c0c3e4b2b6fd65ad3
Author: Jack Magne <jmagne at redhat.com>
Date: Mon Oct 13 13:40:59 2014 -0700
Ticket: TPS Rewrite: Implement Secure Channel Protocol 02 (#883).
First cut of gp211 and scp protocol 02 for tokens.
Allow token operations using a GP211 token over secure channel protocol 02.
This patch supports the following:
1. Token operations with a GP211 card and SCP02 protocol, implementation 15.
2. Token still supports GP201 cards with SCP01.
3. SCP02 tested with SC650 gp211/scp02 card.
Things still to do:
1. Right now the SCP02 support has been tested with the current gp201 applet and
enrollment and formatting works just fine. We need to modify and compile the applet
against the GP211 spec and retest to see if any further changes are needed.
2. The nistSP800 key derivation stuff is not completed for the SCP02 protocol. Some
of the routines are self contained vs similar SCP01 ones. We have another ticket to
complete the nistSP800 support from end to end. This work will be done for that ticket.
3. One of the new scp02 deriviation functions can make use of a new NSS derive mechanism.
As of now this work is done by simple encryption, this can be done later.
4. The security APDU level of "RMAC" is not supported because the card does not support it.
It could have been done to the spec, but it having the card to test is more convenient and there
were more crucial issues to this point.
commit 7b1d897ba4cf9de1459d2aad37e969ce9a93a05a
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Feb 27 09:35:11 2015 -0500
Fixed systemd errors/warnings after upgrade.
The spec file has been modified to reload systemd daemon after
upgrade to avoid errors/warnings when executing systemd commands.
https://fedorahosted.org/pki/ticket/1255
commit 5aafc086ce6467b652b5a7c26a494a921b980833
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Thu Feb 26 23:55:47 2015 -0700
Fix for developer script on Fedora 21.
commit 538e71e1c90ec536fc984c7db0c33a8f29920ebc
Author: Endi S. Dewata <edewata at redhat.com>
Date: Thu Jan 29 03:08:25 2015 -0500
Updated CRMFPopClient parameter handling.
The CRMFPopClient has been modified to use Apache Commons CLI
library to handle the parameters. The help message has been
rewritten to make it more readable. The submitRequest() will
now display the error reason.
The options in ClientCertRequestCLI have been simplified. A new
option was added to generate CRMF request without POP.
https://fedorahosted.org/pki/ticket/1074
commit 705084a0021e161f1b4cea25dbaf622cfe68c47e
Author: Ade Lee <alee at redhat.com>
Date: Wed Feb 11 16:28:50 2015 -0500
Add granularity to token termination in TPS
BZ 1163987. Added revocation checks to optionally revoke
expired certs, and handle cases where certs are shared on multiple
tokens.
commit 3b6664da6c762a592573d5fa05043ecca20bf7a7
Author: Ade Lee <alee at redhat.com>
Date: Thu Feb 5 11:48:27 2015 -0500
Bugzilla 1134405 - CRL publishing fails after Java heap out of memory error
Added fix from hot fix.
commit 9e2be082c37d55fc0b487ba2fe89341f48c48647
Author: Asha Akkiangady <aakkiang at redhat.com>
Date: Tue Feb 24 11:54:12 2015 -0500
CA and SUBCA scep tests using sscep.
commit e5f4b484c518cc507bd314a2b654a049023a46ae
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Tue Feb 24 10:38:31 2015 +0530
Port TKS legacy tests to beaker
commit 57e90f62dd46ba26d855a19208ee426340184d3b
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Feb 23 20:10:42 2015 +0530
Update rhcs-shared.sh with more shared functions
Add functions related to creating directory user
and functions related tps
commit 88c44e8ea7c9583a552340141f2c4df07f5dab7b
Author: Asha Akkiangady <aakkiang at redhat.com>
Date: Mon Feb 16 18:53:29 2015 -0500
CA renewal manual, directory authenticated and
sslclient self renewal tests.
Subca usergroup tests and new tests added to
ca's usergroup.
commit 6d278c63f41ae998feedc2885e95fcfaa38ee46a
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Feb 16 20:44:52 2015 +0530
Port OCSP legacy tests beaker framewokr
Some minor fixes to CA EE tests
commit 944372f857cd631c2cfc51ed7d090912fc2516ff
Author: Endi S. Dewata <edewata at redhat.com>
Date: Thu Jan 29 21:50:46 2015 -0500
Refactored OCSPClient.
The OCSPClient CLI has been refactored into an OCSPProcessor
utility class such that the functionality can be reused.
https://fedorahosted.org/pki/ticket/1202
commit 98b2407eef642cd95296c972393b0c0db46230be
Author: Christina Fu <cfu at redhat.com>
Date: Wed Feb 11 11:56:29 2015 -0800
ticket#822 creates root CA subject DN when renewing with empty params.name in orig profile
commit cdad249ce00305a165d272d86f100d05edf97db2
Author: Endi S. Dewata <edewata at redhat.com>
Date: Wed Feb 11 13:57:44 2015 -0500
Refactored LDAPDatabase.createFilter().
The createFilter() method in LDAPDatabase has been changed to
construct an LDAP filter based on a keyword and a set of
attributes with their values. This will allow searching the
database based on specific attribute values. The subclasses of
LDAPDatabase have been updated accordingly.
https://fedorahosted.org/pki/ticket/1164
commit 91c77390474d67cfd0c15b8b3377997b3f0cd38a
Author: Christina Fu <cfu at redhat.com>
Date: Fri Jan 30 10:36:45 2015 -0800
Ticket#1028 Phase1:TPS rewrite: provide externalReg functionality
commit 44ffed301e9b4267718f3f8e9f3fcc5f666d8e5c
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Feb 6 13:08:16 2015 -0500
Fixed additional pylint warnings.
The pki CLI has been modified to remove additional pylint warnings
that appear on Fedora 22.
https://fedorahosted.org/pki/ticket/703
commit 2d33053b87a225dc9887a735108bb62269eafe60
Author: Endi S. Dewata <edewata at redhat.com>
Date: Wed Jan 14 10:36:37 2015 -0500
Fixed problem cloning Dogtag 10.1.x to 10.2.x.
The JSON format of security domain info has changed between Dogtag
10.1.x and 10.2.x, so the Python client library has been changed
to accommodate both formats.
https://fedorahosted.org/pki/ticket/1235
commit dfe55982eb50750fc1e65bce312d884b1604f0b4
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Jan 30 15:49:27 2015 -0500
Fixed pylint report.
Previously pylint report was saved it into a file which may not be
accessible on a build system. The pylint-build-scan.sh has been
changed to display the report so it will appear in the build log.
The pylint configuration has also been modified to disable C and R
messages by default. This way when other errors or warnings occur
the build will fail without having to check for specific codes.
Some Python codes have been modified to reduce the number of pylint
warnings.
https://fedorahosted.org/pki/ticket/703
commit 8fc5acb72ac9fdbc70b8a6e7242890f9dbeccf56
Author: Endi S. Dewata <edewata at redhat.com>
Date: Mon Feb 2 14:43:16 2015 -0500
Added missing python-lxml build dependency.
The python-lxml is actually needed to avoid pylint failures during
build so it has been added as a build dependency.
https://fedorahosted.org/pki/ticket/1252
commit fb77f0de6d3ae097f71434ed547f3490bfc48dd2
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Jan 30 15:49:27 2015 -0500
Updated Resteasy and Jackson dependencies
In Fedora 22 the Resteasy package has been split into several
subpackages. The pki-core.spec has been modified to depend on
more specific Resteasy packages which depend only on Jackson
1.x. The classpaths and various scripts have been modified to
remove unused references to Jackson 2.x.
https://fedorahosted.org/pki/ticket/1254
commit c416878297b365f018983e4d62ba9bcb9404f218
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Tue Feb 3 17:51:49 2015 +0530
Add Legacy drm-logs and some subca tests
Sub CA cert-enrollment, profiles and logs are added
DRM logs are added
Signed-off-by: Niranjan Mallapadi <mrniranjan at redhat.com>
commit 73cd00cf53815b523b114d108abd077cdb97094e
Author: Roshni Pattath <rpattath at redhat.com>
Date: Mon Feb 2 13:10:36 2015 -0500
Modified test-ids
commit 6d46be4ebf4cbbe3114f3b39394f4e8ac2d701ad
Author: Roshni Pattath <rpattath at redhat.com>
Date: Mon Feb 2 11:30:38 2015 -0500
Subca legacy tests
Related changes to Makefile, runtest, rhcs-shared and create role users
commit ffdea31833332a5ed853700fac2186bfa37638a7
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Thu Jan 29 18:10:40 2015 +0530
Add legacy drm tests
commit 1d23b03170ba615003d4b7d5d42bbc5de6d12f0d
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Thu Jan 29 17:20:40 2015 +0530
Add legacy CA logs tests
commit 64441cd0333ffd19ddbf5b0d22711650541fabbb
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Thu Jan 29 17:16:15 2015 +0530
Add legacy cert-enrollment tests
commit 7f742c4968b22bde4b2464df65dec88d23463788
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Thu Jan 29 17:06:48 2015 +0530
Add CA Profiles legacy tests
commit 7de81fedeba1a3904c127dc612a937903e622d81
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Jan 27 00:35:59 2015 -0500
Refactored CRMFPopClient.
The CRMFPopClient has been refactored such that it is easier
to understand and reuse. The code has been fixed such that it
can read a normal PEM transport certificate. It also has been
fixed to parse the request submission result properly.
The client-cert-request CLI command was modified to support CRMF
requests.
The MainCLI and ClientConfig were modified to accept a security
token name.
The pki_java_command_wrapper.in was modified to include the Apache
Commons IO library.
https://fedorahosted.org/pki/ticket/1074
commit 22ff1fbd2de37395e219a7e7362722517a3f4dc3
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Jan 23 13:23:53 2015 -0500
Disabling subsystem on selftest failure.
The SelfTestSubsystem has been modified such that if the selftest
fails it will invoke the pki-server CLI to undeploy and disable the
failing subsystem. The Tomcat instance and other subsystems not
depending on this subsystem will continue to run. Once the problem
is fixed, the admin can enable the subsystem again with the
pki-server CLI.
https://fedorahosted.org/pki/ticket/745
commit 3294ac64d9e71f76309d2cc12a2c256838fe8666
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Jan 20 22:11:50 2015 -0500
Added server management CLI.
A new pki-server CLI has been added to manage the instances and
subsystems using the server management library. This CLI manages
the system files directly, so it can only be run locally on the
server by the system administrator.
The autoDeploy setting in server.xml has been enabled by default.
An upgrade script has been added to enable the autoDeploy setting
in existing instances.
https://fedorahosted.org/pki/ticket/1183
commit a578cf649c0c41676677cf0a6ede03ea8d6fedb7
Author: Endi S. Dewata <edewata at redhat.com>
Date: Sat Oct 11 13:18:45 2014 -0400
Added server management library.
The PKISubsystem and PKIInstance classes used by the upgrade
framework have been converted into a server management library.
They have been enhanced to provide the following functionalities:
* starting and stopping instances
* enabling and disabling subsystems
* checking instance and subsystem statuses
The validate() invocation has been moved out of the constructors
into the upgrade framework such that these objects can be created
to represent subsystems and instances that do not exist yet.
https://fedorahosted.org/pki/ticket/1183
commit 2d574090ba49eec9647b78b44d841a6d6026dccf
Author: Endi S. Dewata <edewata at redhat.com>
Date: Sun Oct 12 00:16:55 2014 -0400
Moved web application deployment locations.
Currently web applications are deployed into Host's appBase (i.e.
<instance>/webapps). To allow better control of individual
subsystem deployments, the web applications have to be moved out
of the appBase so that the autoDeploy can work properly later.
This patch moves the common web applications to <instance>/
common/webapps and subsystem web applications to <instance>/
<subsystem>/webapps. An upgrade script has been added to update
existing deployments.
https://fedorahosted.org/pki/ticket/1183
commit 8bafe7988740ce078eac8624121459b5357a7501
Author: Roshni Pattath <rpattath at redhat.com>
Date: Thu Jan 22 17:10:51 2015 -0500
CA EE OCSP and related java files
commit 98315fc0fb56030b5b99616f52e16a1cbbd5056c
Author: Roshni Pattath <rpattath at redhat.com>
Date: Wed Jan 21 16:06:27 2015 -0500
crlissuingpoint dir was spelled wrong in Makefile and runtest.sh
commit b1fa2b492c5d7710297c102aaad30ae1d7d14405
Author: Roshni Pattath <rpattath at redhat.com>
Date: Wed Jan 21 15:55:49 2015 -0500
Fixed some typos in Makefile and runtest.sh
commit 08562edc81e9631a6d4a2c7afe70c6c661f19bd9
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Jan 20 14:47:59 2015 -0500
Fixed exception chains in ConfigurationUtils.
The ConfigurationUtils has been modified such that if an exception
is triggered by another exception the exceptions will be chained.
https://fedorahosted.org/pki/ticket/915
commit 802f7471d5ee65e3c4d99b528bb6d8526c277185
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Jan 20 09:25:32 2015 -0500
Added support for exception chains in EBaseException.
The EBaseException has been modified to provide constructors that
can be used to chain the cause of the exception. This way the root
cause of the exception can be traced back to help troubleshooting.
Some codes have been modified to utilize the proper exception
chaining as examples.
https://fedorahosted.org/pki/ticket/915
commit deb188bffd38f82396c47411381a875020ca748b
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Jan 20 09:25:32 2015 -0500
Removed unnecessary EBaseException constructor.
The EBaseException(String msgFormat, String param) constructor has
been removed because it's only used once and can be substituted
with another constructor. All subclasses of EBaseException have
been updated accordingly.
https://fedorahosted.org/pki/ticket/915
commit 82e0e34e350929b2139f7c0a20c0c3a00d7fcf92
Author: Roshni Pattath <rpattath at redhat.com>
Date: Tue Jan 20 16:33:31 2015 -0500
CA Admin Porting tests
Internaldb, authplugin, acl, crlissuing point, agent-crl, publishing
commit b54b03f461b6e0657270c0affa64a00cef1b3f37
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Mon Jan 19 16:36:59 2015 -0700
Synced spec files with DOGTAG_10_2_RHEL_BRANCH
commit 8edbdcb5dc369c430c5b1fdd8831152e5706d17e
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Thu Jan 8 16:59:52 2015 -0700
Updated version number to 10.2.2-0.1
commit 1d9e4e14f996380ec81d905e8f69435986648e26
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Thu Jan 8 15:35:16 2015 -0700
Updated version number to 10.2.2-0.1
commit 16763369a9358d30419dff86c293313a25ee6bf9
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Thu Jan 8 14:54:33 2015 -0700
Update release number for release build (10.2.1-1)
commit 0b6cfad8f1c566bc296ee8bd8be8b84e14b31ae6
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Wed Jan 7 16:04:45 2015 -0700
Fixed bash syntax error
- Bugzilla Bug #1147924 - dogtag: syntax errors in
/usr/share/pki/scripts/operations
commit 9e8c5189ab6cce6ded77316439b9fee92e27487c
Author: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu Oct 30 01:58:15 2014 -0400
Enable Authority Key Identifier CRL extension by default
RFC 5280 states:
Conforming CRL issuers are REQUIRED to include the authority key
identifier (Section 5.2.1) and the CRL number (Section 5.2.3)
extensions in all CRLs issued.
Accordingly, update CS.cfg so that the Authority Key Identifier
extension is enabled by default.
commit 422c1392992b28d41d8e4fe037acb6b1117345da
Author: Asha Akkiangady <aakkiang at redhat.com>
Date: Tue Jan 6 15:21:04 2015 -0500
Installer tests for CA, KRA, OCSP and TKS.
commit 4efce3c2a3bfb69068208ca0e06ea8235befdbb8
Author: Roshni Pattath <rpattath at redhat.com>
Date: Mon Jan 5 12:40:39 2015 -0500
Minor changes relating to CI modifications
commit 4c910296a6c6c8bf74fbdace740680db2f1fecab
Author: Christina Fu <cfu at redhat.com>
Date: Tue Dec 2 14:38:08 2014 -0800
Ticket #864 866 (part 1 symkey, common) NIST SP800-108 KDF
- this patch does not include TPS side of changes:
(#865 needs to be rewritten in Java)
commit 00b1c33272900613687448ccab7809ba794679f6
Author: Matthew Harmsen <mharmsen at pki.usersys.redhat.com>
Date: Tue Dec 16 15:55:20 2014 -0700
Update dependencies
- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2
- PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.
- Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime
dependencies
commit 21d831010a7e0fe8d21e1ee286eb654bad6a21e3
Author: Jack Magne <jmagne at localhost.localdomain>
Date: Thu Dec 11 20:20:40 2014 -0800
Fix-for-Bug-1170867-TPS-Installation-Failed
Fix now includes last review comments where we decided to consolidate 3 of the
ldif files: schema.ldif,database.ldif, and manager.ldif.
Each one of these 3 files contains the data needed for any subsystem for that file.
The subsystem specific files for these 3 go away in the source tree.
The first iteration of this fix was copying these 3 files into an undesirable directory.
This is no longer the case.
Extra code in the python installer allows one to establish a "file exclusion" callback to
keep a set of desired files from being copied when the installer does a directory copy.
All subsystems have been tested, including TPS with a brand new DS (which was the original reason for this fix),
and they appear to work fine.
Addressed further review comments:
1. Removed trailing whitespace instances from schema.ldif which had some.
2. Used pycharm to remove the few PEP violations I had previously added to the Python code.
3. Changed the format of the schema.ldif file to make all the entries use the same style.
Previously the TPS entries was using an all in one syntax. No more since now each entry is separate.
4. Changed the name of an argument in one of the new Python methods to get rid of a camelCase instance.
5. Tested everything to work as before, including basic TPS operations such as Format.
Fixed a method comment string and fixed some typos.
commit 4083b0d6fd3af89cf638224d0081d9dd76eb1192
Author: Christina Fu <cfu at redhat.com>
Date: Tue Dec 16 16:58:11 2014 -0800
Ticket 1180 RFE: show link to request record from cert display
commit 6c0b6628e51bec01884174001f34dfce5e28c75d
Author: Christina Fu <cfu at redhat.com>
Date: Tue Dec 16 15:39:41 2014 -0800
Ticket 1173 Directory-based renewal evaluator fails authorization
commit cdebcd5a05544dfde1b904c3fc99ce97fa68fb98
Author: Fraser Tweedale <frase at frase.id.au>
Date: Thu Dec 4 02:01:38 2014 -0500
Decode challengePassword attribute as DirectoryString
The PKCS #9 challengePassword attribute has DirectoryString syntax.
Dogtag currently attempts only to decode it as a PrintableString,
causing failures when the attribute is encoded as a UTF8String.
Add method DerValue.getDirectoryString() to decode any of the valid
DirectoryString encodings and update ChallengePassword to use it.
https://fedorahosted.org/pki/ticket/1221
commit 8f06f412bedc992ea030ec6d548f35de966b0ff5
Author: Ade Lee <alee at redhat.com>
Date: Fri Dec 12 15:27:09 2014 -0500
Require resteasy sub modules for F22+
commit 5d82ad42001875e28a48ba374d4a467c9ec91f5c
Author: Endi S. Dewata <edewata at redhat.com>
Date: Tue Dec 2 17:25:55 2014 -0500
Added rangeUnit property to certificate profiles.
A new optional property has been added to certificate profiles to
specify the range unit. The default range unit is 'day'. The code
has been modified to use the Calendar API to calculate the end of
validity range based on the range unit.
https://fedorahosted.org/pki/ticket/1226
commit aab703ab457ff02d8623933a15574a556dae5e99
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Fri Dec 12 14:51:02 2014 -0700
Modified RHEL Source URL to prevent potential collisions with Fedora releases
- PKI TRAC #1211 - New release overwrites old source tarball
commit bd411710a735f49147fa085fda000857a5370627
Author: Endi S. Dewata <edewata at redhat.com>
Date: Wed Nov 26 03:19:35 2014 -0500
Cleaned up clone installation code.
The code in ConfigurationUtils has been cleaned up and reformatted
to improve readability.
commit 78371f0ecd801ccfb1a637ba8dd95a7f4dd051b9
Author: Endi S. Dewata <edewata at redhat.com>
Date: Wed Nov 26 03:19:35 2014 -0500
Fixed problem importing renewed system certificate.
Previously during clone installation if the PKCS12 file contains
both expired and renewed certificates the code might incorrectly
import the expired certificate instead of the renewed one, thus
failing the installation.
The code has been fixed to validate the certificates in the PKCS12
file such that only the valid ones will be imported into the clone.
https://fedorahosted.org/pki/ticket/1093
commit 96f61e1c7e73c91400c2364009dfb1742b509ced
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Dec 8 22:01:44 2014 +0530
comment lines which add cer to TEMP NSS DB
Modify generate_new_cert function to comment out
the lines which add the CA signing cert and user/server
cert to Temp NSS DB
commit 492180494f5db82ded637c9a12666e4df4a4bda1
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Dec 8 19:24:57 2014 +0530
Add CA Legacy profile tests
commit 713f1840695c684a63898e29524946c01f1d55a0
Author: Asha Akkiangady <aakkiang at redhat.com>
Date: Sat Dec 6 08:13:56 2014 -0500
CLI user-add and ca-user-add tests modified
to have random strings generated with openssl
rand and $RANDOM.
commit 7ed1c2e78f7531821c7e5a998b97ee1b7fb6b5a8
Author: Roshni Pattath <rpattath at redhat.com>
Date: Fri Dec 5 12:19:51 2014 -0500
Some updates to the script for certutil
commit 335046c3a66f1eaad159ab60b6731a81ad67946a
Author: Roshni Pattath <rpattath at redhat.com>
Date: Fri Dec 5 12:15:55 2014 -0500
Changed the CA Host parameter
commit f955714b64a41026915ce328484181d76e456318
Author: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu Sep 25 01:39:40 2014 -0400
Fix BasicConstraints min/max path length check
The BasicConstraintsExtConstraint min/max path length validity check
ensures that the max length is greater than the min length, however,
when a negative value is used to represent "no max", the check
fails.
Only compare the min and max length if the max length is
non-negative.
Ticket #1035
commit d9e1069c748b06ccd1261bebdebfb748df7344a2
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Thu Dec 4 14:29:43 2014 -0700
Spec file changes to support the following issues:
- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml
by default (cfu)
- PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen)
- TLS Compliance
commit e8d1af05925ca06d568e49f89cf107d97baeb36d
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Thu Dec 4 11:21:09 2014 -0700
Fix spec file to address the following ticket:
- PKI Trac Ticket #1211 - New release overwrites old source tarball
commit cc8e2ebf392468831428601403f6e0ca7507c11a
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Mon Dec 1 12:49:10 2014 -0700
Remove legacy multilib JNI_JAR_DIR logic
* Bugzilla Bug #1165351 - Errata TPS test fails due to dependent packages not
found
(cherry picked from commit d7a0807b7493fc3d86900ee4aaf8199efd824907)
Conflicts:
base/java-tools/templates/pki_java_command_wrapper.in
base/java-tools/templates/pretty_print_cert_command_wrapper.in
base/java-tools/templates/pretty_print_crl_command_wrapper.in
base/server/python/pki/server/deployment/pkiparser.py
base/server/scripts/operations
(cherry picked from commit c8d73ade2c651fd5ca01226c89d5d19828bfc9b7)
commit 7eb362d4955a12835479d2bfaa7d364ea4cd7e1f
Author: Roshni Pattath <rpattath at redhat.com>
Date: Thu Dec 4 11:55:08 2014 -0500
Removed reference to files that are not added to git
commit 5503f04f3e06e69ec9de837ff83d50a6db9a6ddc
Author: Roshni Pattath <rpattath at redhat.com>
Date: Thu Dec 4 01:27:12 2014 -0500
KRA group test scripts and CI changes
commit d92c531cf02c900bf952e654b6b9bb753acfe3b1
Author: Roshni Pattath <rpattath at redhat.com>
Date: Wed Dec 3 22:30:52 2014 -0500
Changes to Makefile and runtest.sh
Included files relating to bug verification
commit ea3e179baf473b159942cdc0246226c4561fb754
Author: Roshni Pattath <rpattath at redhat.com>
Date: Wed Dec 3 22:22:02 2014 -0500
RHEL 7.1 bug verification automation
commit cda03aebb5245701f95ca5c929dc2e9b626eacbf
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Dec 1 19:45:47 2014 +0530
Minor changes to pki-ca-cert-cli-release & revoke
commit 85d77cfea7d52baecac73d09940cd8aee1c9e224
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Dec 1 16:42:52 2014 +0530
Add minor fixes to cert-release-hold and revoke
In pki cert-revoke, comment the SUBCA test, because
when jobs are ran in parallel, this can go for a very
big loop.
commit 4c27c392f634a86f25909c53e48f1dfb9e34a9e1
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Dec 1 15:25:36 2014 +0530
Minor fixes to pki-cert.sh
commit e5a9fd0427bd4546fe53f0f63569d6fbe9e27af3
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Dec 1 15:24:52 2014 +0530
Minor fixes to pki-cert-cli-lib.sh
commit 1e9024758746b879a013099a3873a68d9d9fb9d0
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Mon Dec 1 15:24:22 2014 +0530
Modify ca profile cli's tests with minor changes
commit 4ca08a3c42352b4baf7b99e7bc4a03240ebebcca
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Wed Nov 26 21:24:25 2014 +0530
emove /dev/urandom from kra-key-cli
commit 6b1d5758fd906e7f2b5a4b64a5318647af9d3836
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Wed Nov 26 21:19:55 2014 +0530
Remove /dev/urandom from key-cli
commit 3b7a8fcc533a212af06fa7a8b00dda01b57cc66a
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Wed Nov 26 18:03:49 2014 +0530
Remove /dev/urandom from ca-cert-cli
Replace /dev/urandom for junk characters with openssl rand
and user $RANDOM for random integer values
commit e1b4f5b01e2632e24e6d13ce6f7381c5f7e9b293
Author: Niranjan Mallapadi <mrniranjan at redhat.com>
Date: Wed Nov 26 17:40:05 2014 +0530
Replace /dev/urandom with openssl rand
commit cfeb77bb5d79f0e131948e864a1dcba2451758f6
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Nov 21 18:45:08 2014 -0500
Improvements for KeyClient.archive_encrypted_data().
The archive_encrypted_data() in KeyClient has been modified to have
a default value for the algorithm OID and to take a nonce IV object
instead of the base-64 encoded value.
https://fedorahosted.org/pki/ticket/1155
https://fedorahosted.org/pki/ticket/1156
commit 93a8a1f66b401d6a8f46a14d1143feb1ade21de9
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Nov 21 16:16:33 2014 -0500
Removed profile input/output IDs from CLI output.
More information about the Pkg-freeipa-devel
mailing list