[Pkg-freeipa-devel] [Git][freeipa-team/tomcatjss][master] 11 commits: Getting version number from installed Tomcat
Timo Aaltonen
gitlab at salsa.debian.org
Wed Aug 15 22:04:16 BST 2018
Timo Aaltonen pushed to branch master at FreeIPA packaging / tomcatjss
Commits:
78773e32 by Endi S. Dewata at 2018-07-31T21:05:54Z
Getting version number from installed Tomcat
The spec template has been modified to get the Tomcat version
from the installed Tomcat instead of pre-defined constant. This
allows TomcatJSS to be built with non-standard Tomcat package.
Change-Id: Icfb512558d5918eba960e27f5a74ea4f4035bd61
- - - - -
2f12b726 by Alexander Bokovoy at 2018-08-04T09:44:17Z
Add TLS 1.3 support
- - - - -
cf2a4a21 by Alexander Bokovoy at 2018-08-06T14:20:41Z
Use boundSSLVersionRange()
- - - - -
1484e650 by Fraser Tweedale at 2018-08-06T16:51:59Z
depend on jss >= 4.5.1
jss-4.5.1 introduced SSLSocket.boundSSLVersionRange which clamps a
TLS version range configuration to the system crypto policy.
tomcatjss has been updated to use this routine. Update the spec
file accordingly.
- - - - -
045c54f0 by Fraser Tweedale at 2018-08-06T17:24:49Z
Revert "depend on jss >= 4.5.1"
This reverts commit 1484e650fb7d719b475bd18fabd60773fe9e8084.
jss 4.5.0 was not released yet. Let alone 4.5.1! So we will
put the new jss symbol back into 4.5.0 and revert the dependency
bump in tomcatjss.
- - - - -
913d9bb1 by Endi S. Dewata at 2018-08-07T17:53:28Z
Added TOMCATJSS_7_3_REPO parameter
A new TOMCATJSS_7_3_REPO parameter has been added to specify the
repository that provides TomcatJSS 7.3 dependencies. By default
it will use @pki/10.6.
Change-Id: I85bae1605bfc60d858b232d2d6b7d5049ff3d76c
- - - - -
f51f08b5 by Endi S. Dewata at 2018-08-07T21:27:43Z
Updated version number to 7.3.4
The TomcatJSS class has been modified to use the new SSLVersion
enum in JSS which supports TLS 1.3.
Change-Id: I7940a2be9cf3675baeea082c60292a4e70d7d6a7
- - - - -
00f6b6a4 by Timo Aaltonen at 2018-08-15T13:08:53Z
Merge branch 'upstream'
- - - - -
59bbb43c by Timo Aaltonen at 2018-08-15T13:09:15Z
bump version
- - - - -
8d0633db by Timo Aaltonen at 2018-08-15T14:04:23Z
control: Bump dep on libjss-java.
- - - - -
04cbeaf0 by Timo Aaltonen at 2018-08-15T14:04:38Z
releasing package tomcatjss version 7.3.4-1
- - - - -
6 changed files:
- .classpath
- .travis.yml
- debian/changelog
- debian/control
- src/org/apache/tomcat/util/net/jss/TomcatJSS.java
- tomcatjss.spec.in
Changes:
=====================================
.classpath
=====================================
--- a/.classpath
+++ b/.classpath
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
- <classpathentry kind="src" path="tomcat-8.0/src"/>
+ <classpathentry kind="src" path="tomcat-8.5/src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-lang.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
=====================================
.travis.yml
=====================================
--- a/.travis.yml
+++ b/.travis.yml
@@ -19,7 +19,7 @@ install:
-v $(pwd):/root/tomcatjss
registry.fedoraproject.org/fedora:$FEDORA
- docker exec container dnf install -y dnf-plugins-core gcc make rpm-build
- - docker exec container dnf copr -y enable @pki/10.6
+ - docker exec container dnf copr -y enable ${TOMCATJSS_7_3_REPO:- at pki/10.6}
- docker exec container dnf builddep -y --spec /root/tomcatjss/tomcatjss.spec.in
- docker exec container dnf remove -y tomcat-native
- docker exec container /root/tomcatjss/build.sh --with-timestamp --with-commit-id rpm
=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+tomcatjss (7.3.4-1) unstable; urgency=medium
+
+ * New upstream release.
+ * control: Bump dep on libjss-java.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Wed, 15 Aug 2018 17:04:25 +0300
+
tomcatjss (7.3.3-1) unstable; urgency=medium
* New upstream release.
=====================================
debian/control
=====================================
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends:
javahelper,
libcommons-lang-java,
libcommons-logging-java,
- libjss-java (>= 4.5.0~a4),
+ libjss-java (>= 4.5.0),
libslf4j-java,
libtomcat8-java,
Standards-Version: 4.1.4
@@ -22,7 +22,7 @@ Package: libtomcatjss-java
Architecture: all
Depends: libtomcat8-java, ${java:Depends}, ${misc:Depends},
libcommons-lang-java,
- libjss-java (>= 4.5.0~a4),
+ libjss-java (>= 4.5.0),
libslf4j-java,
Conflicts: libtcnative-1
Breaks: pki-server (<< 10.3.5-2)
=====================================
src/org/apache/tomcat/util/net/jss/TomcatJSS.java
=====================================
--- a/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
+++ b/src/org/apache/tomcat/util/net/jss/TomcatJSS.java
@@ -37,11 +37,12 @@ import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.ssl.SSLAlertEvent;
import org.mozilla.jss.ssl.SSLCipher;
import org.mozilla.jss.ssl.SSLHandshakeCompletedEvent;
+import org.mozilla.jss.ssl.SSLProtocolVariant;
import org.mozilla.jss.ssl.SSLServerSocket;
import org.mozilla.jss.ssl.SSLSocket;
-import org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant;
-import org.mozilla.jss.ssl.SSLSocket.SSLVersionRange;
import org.mozilla.jss.ssl.SSLSocketListener;
+import org.mozilla.jss.ssl.SSLVersion;
+import org.mozilla.jss.ssl.SSLVersionRange;
import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.Password;
import org.slf4j.Logger;
@@ -562,8 +563,9 @@ public class TomcatJSS implements SSLSocketListener {
* or "datagram".
*
* @param sslVersionRange_s takes on the form of "min:max" where min/max
- * values can be "ssl3, tls1_0, tls1_1, or tls1_2". ssl2 is not supported for
- * tomcatjss via this interface. The format is "sslVersionRange=min:max".
+ * values can be "ssl3, tls1_0, tls1_1, tls1_2, tls1_3". ssl2 is not
+ * supported for tomcatjss via this interface. The format is
+ * "sslVersionRange=min:max".
*/
public void setSSLVersionRangeDefault(
String type,
@@ -583,42 +585,18 @@ public class TomcatJSS implements SSLSocketListener {
logger.debug("* min: " + min_s);
logger.debug("* max: " + max_s);
- int min = getSSLVersionRangeEnum(min_s);
- int max = getSSLVersionRangeEnum(max_s);
+ SSLVersion minVersion = SSLVersion.findByAlias(min_s);
+ SSLVersion maxVersion = SSLVersion.findByAlias(max_s);
- if (min == -1 || max == -1) {
- throw new SocketException("SSL version range format error: " + sslVersionRange_s);
- }
+ SSLVersionRange range = new SSLVersionRange(minVersion, maxVersion);
+ range = SSLSocket.boundSSLVersionRange(SSLProtocolVariant.STREAM, range);
- SSLVersionRange range = new SSLVersionRange(min, max);
+ logger.debug("Actual SSL version range for " + type + " after system policy correction:");
+ logger.debug("* min: " + range.getMinVersion());
+ logger.debug("* max: " + range.getMaxVersion());
SSLSocket.setSSLVersionRangeDefault(protoVariant, range);
}
- int getSSLVersionRangeEnum(String range) {
-
- if (range == null) {
- return -1;
- }
-
- if (range.equals("ssl3")) {
- return SSLVersionRange.ssl3;
- }
-
- if (range.equals("tls1_0")) {
- return SSLVersionRange.tls1_0;
- }
-
- if (range.equals("tls1_1")) {
- return SSLVersionRange.tls1_1;
- }
-
- if (range.equals("tls1_2")) {
- return SSLVersionRange.tls1_2;
- }
-
- return -1;
- }
-
public void setSSLCiphers(String attr, String ciphers) throws SocketException, IOException {
if (StringUtils.isEmpty(ciphers)) {
=====================================
tomcatjss.spec.in
=====================================
--- a/tomcatjss.spec.in
+++ b/tomcatjss.spec.in
@@ -7,7 +7,7 @@ URL: http://www.dogtagpki.org/wiki/TomcatJSS
License: LGPLv2+
BuildArch: noarch
-Version: 7.3.3
+Version: 7.3.4
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
# global _phase -a1
@@ -29,20 +29,6 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
# Patch: tomcatjss-VERSION-RELEASE.patch
################################################################################
-# Tomcat
-################################################################################
-
-%if 0%{?rhel} && 0%{?rhel} <= 7
-%global app_server tomcat-7.0
-%else
-%if 0%{?fedora} && 0%{?fedora} <= 27
-%global app_server tomcat-8.0
-%else
-%global app_server tomcat-8.5
-%endif
-%endif
-
-################################################################################
# Build Dependencies
################################################################################
@@ -71,7 +57,7 @@ BuildRequires: slf4j-jdk14
%if 0%{?rhel} && 0%{?rhel} <= 7
BuildRequires: jss >= 4.4.0-7
%else
-BuildRequires: jss >= 4.5.0-0.4
+BuildRequires: jss >= 4.5.0-0.6
%endif
# Tomcat
@@ -114,7 +100,7 @@ Requires: slf4j-jdk14
%if 0%{?rhel} && 0%{?rhel} <= 7
Requires: jss >= 4.4.0-7
%else
-Requires: jss >= 4.5.0-0.4
+Requires: jss >= 4.5.0-0.6
%endif
# Tomcat
@@ -123,7 +109,6 @@ Requires: tomcat >= 7.0.69
%else
%if 0%{?fedora} && 0%{?fedora} <= 27
Requires: tomcat >= 8.0.49
-Conflicts: tomcat >= 1:8.5
%else
%if 0%{?fedora} && 0%{?fedora} <= 28
Requires: tomcat >= 1:8.5.23
@@ -140,7 +125,7 @@ Requires: tomcat >= 1:9.0.7
Conflicts: tomcat-native
# PKI
-Conflicts: pki-base < 10.6.3
+Conflicts: pki-base < 10.6.5
%if 0%{?rhel}
@@ -168,9 +153,18 @@ NOTE: The 'tomcatjss' package conflicts with the 'tomcat-native' package
%install
################################################################################
+# get Tomcat <major>.<minor> version number
+tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
+
+if [ $tomcat_version == "9.0" ]; then
+ app_server=tomcat-8.5
+else
+ app_server=tomcat-$tomcat_version
+fi
+
ant -f build.xml \
-Dversion=%{version} \
- -Dsrc.dir=%{app_server} \
+ -Dsrc.dir=$app_server \
-Djnidir=%{_jnidir} \
-Dinstall.doc.dir=%{buildroot}%{_docdir}/%{name} \
-Dinstall.jar.dir=%{buildroot}%{_javadir} \
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/compare/df2ca6abf6cf6bdee847e8454db40ae484bcb983...04cbeaf04a9f283e81b4ea18955e4345bc443a58
--
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/compare/df2ca6abf6cf6bdee847e8454db40ae484bcb983...04cbeaf04a9f283e81b4ea18955e4345bc443a58
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20180815/91f751f0/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list