[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][master] 176 commits: Moved install docs into /docs

Timo Aaltonen gitlab at salsa.debian.org
Wed Dec 5 20:24:51 GMT 2018 

Timo Aaltonen pushed to branch master at FreeIPA packaging / dogtag-pki


Commits:
192ed9c1 by Endi S. Dewata at 2018-10-05T02:19:04Z
Moved install docs into /docs

- - - - -
c13cdd05 by Timo Aaltonen at 2018-10-16T13:59:54Z
control: Bump depends on nuxwdog and tomcatjss.

- - - - -
eb1e5b75 by Dinesh Prasanth M K at 2018-10-16T14:56:38Z
Refactoring `seltest` module (#64)

Refactoring `selftest` module to make it compatible for future `cert-fix` module

This is a breakdown of PR: #56

Signed-off-by: Dinesh Prasanth M K dmoluguw at redhat.com
- - - - -
cbfb6b8d by Alexander Scheel at 2018-10-16T14:58:10Z
Fix doctag in RequestStatusAdapter

Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>

- - - - -
97bdf5e0 by Dinesh Prasanth M K at 2018-10-16T16:33:27Z
Refactoring `cert-del` module and generalizing split of `cert_id` field (#66)

- `cert-del` module is refactored to accomodate the future `cert-fix` module
- Different modules split `cert_id` to identify `cert_tag` and corresponding
  `subsystem`. A generalized method is added for code reusability

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`

- - - - -
56d0a3e5 by Endi S. Dewata at 2018-10-17T12:53:10Z
Added SystemConfigService.setupDatabase()

The code that sets up the LDAP database during installation
has been moved from SystemConfigService.configure() and into
setupDatabase().

- - - - -
85daba7d by Dinesh Prasanth M K at 2018-10-17T14:45:15Z
Refactor `cert-import` and `cert-update` module (#67)

- The 2 modules have been refactored to accommodate the future
  `cert-fix` module
- Changed `cert_import_nssdb` to `nssdb_import_cert`

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
4811c815 by Alexander Scheel at 2018-10-17T15:00:31Z
Check for missing FQDNs during pkispawn

When installing via pkispawn on a system with no hostname set,
or hostname not correctly set in /etc/hosts, raise an exception
early in the install process. This prevents deploys where the
certificates are assigned to localhost.localdomain; in this
scenario, creating a clone from this CA will fail as the clone
cannot validate the certificates of the CA master.

This adds a new command line option, --strict-hostname, to pkispawn
to enforce strict hostname checking.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
7631635b by Endi S. Dewata at 2018-10-17T16:25:26Z
Updated log messages in DBRegistry

- - - - -
45d53745 by Endi S. Dewata at 2018-10-17T17:45:15Z
Updated log mesages in LogFile

- - - - -
8e424219 by Endi S. Dewata at 2018-10-17T17:49:13Z
Added name field for CMSEngine

- - - - -
4109a93f by Endi S. Dewata at 2018-10-17T17:49:31Z
Added chaining constructor for ESelfTestException

- - - - -
202ce10f by Dinesh Prasanth M K at 2018-10-17T20:51:14Z
Refactoring `split_cert_id` for code reusability (#71)

Breakdown of patch #70 to accommodate `cert-fix` module


`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
42bae7cd by Endi S. Dewata at 2018-10-17T21:09:13Z
Updated log messages in SelfTestSubsystem

- - - - -
f700f7d1 by Endi S. Dewata at 2018-10-17T22:08:34Z
Updated log messages in CMSAdminServlet

- - - - -
acf8b52b by Fraser Tweedale at 2018-10-18T00:59:46Z
ci: add test_ca_plugin.py to IPA tests

- - - - -
baf22bd6 by Fraser Tweedale at 2018-10-18T01:01:13Z
Use Jackson 2 instead of Jackson

Jackson 1 is no longer maintained (the last release was v1.9.13 in
2013).  Update Dogtag to use Jackson 2.

Update scripts and changes for Debian (if required) will be provided
in later commits.

Part of: https://pagure.io/dogtagpki/issue/3069

- - - - -
ec6b06af by Endi S. Dewata at 2018-10-18T01:01:13Z
Updated Jackson dependency

The spec template has been modified to depend on Jackson 2.

Part of: https://pagure.io/dogtagpki/issue/3069

- - - - -
0ce48906 by Fraser Tweedale at 2018-10-18T01:01:13Z
Fix Python KeyClient KeyRequestResponse parsing

The Resteasy Jackson 2 provider handles null fields differently from
the Jackson 1 provider: null fields are included in the serialised
JSON with a 'null' value, instead of being omitted.  Update the
KeyRequestResponse processing to handle both schemas.

Fixes: https://pagure.io/dogtagpki/issue/3069

- - - - -
dd0d7f98 by Dinesh Prasanth M K at 2018-10-18T01:48:48Z
Refactoring `temp cert creation` (#72)

The temp cert creation method is refactored to ensure reusability
of code by cert-fix module

This patch is a breakdown of PR #70

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
707fe9ba by Endi S. Dewata at 2018-10-18T02:00:35Z
Added CMSEngine.disableSubsystem()

The code that calls pki-server subsystem-disable in
SelfTestSubsystem has been moved into CMSEngine.disableSubsystem().

https://pagure.io/dogtagpki/issue/3070

- - - - -
e4ae1407 by Endi S. Dewata at 2018-10-18T02:00:43Z
Fixed subsystem shutdown on selftest failures

The code that handles selftest failures have been modified
to call CMSEngine.disableSubsystem() to undeploy the web
application. Once undeployed, the web application will no
longer accept client requests, then Tomcat will execute
CMSStartServlet.destroy() which will eventually shutdown
the subsystem.

https://pagure.io/dogtagpki/issue/3070

- - - - -
c4309f4e by Dinesh Prasanth M K at 2018-10-18T16:26:57Z
Refactoring of `setup_authentication` (#73)

- Secured connection to PKI server can be made to any subsystem
- `setup_authentication` method in `cert_create` modules is refactored
  to accommodate the future `cert_fix` module
- This is a break down of PR #70

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`

- - - - -
364d7b30 by Endi S. Dewata at 2018-10-18T16:55:28Z
Updated Eclipse classpath

- - - - -
36a74dfd by Endi S. Dewata at 2018-10-18T16:55:35Z
Removed unused imports

- - - - -
7851c5e8 by Endi S. Dewata at 2018-10-18T19:32:26Z
Removed redundant find_file()

- - - - -
bda2b791 by Endi S. Dewata at 2018-10-18T19:32:39Z
Updated log messages in AsymKeyGenService

- - - - -
2984509c by Endi S. Dewata at 2018-10-18T23:55:25Z
Removed unused methods in CMSEngine

- - - - -
43e1600b by Endi S. Dewata at 2018-10-18T23:55:38Z
Updated log messages in LogFile

- - - - -
7ec12660 by Endi S. Dewata at 2018-10-19T14:23:02Z
Updated log messages in SymKeyGenService

- - - - -
945db930 by Endi S. Dewata at 2018-10-19T18:33:54Z
Updated log messages in CertInfoProfile

- - - - -
a233b499 by Endi S. Dewata at 2018-10-19T19:24:48Z
Fixed signed audit logging failure handling

The code that handles signed audit logging failures has been
modified to call CMSEngine.disableSubsystem() to undeploy the
web application. Once undeployed, the web application will no
longer accept client requests, then Tomcat will execute
CMSStartServlet.destroy() which will eventually shutdown the
subsystem.

https://pagure.io/dogtagpki/issue/3070

- - - - -
22e405c2 by Endi S. Dewata at 2018-10-23T13:59:29Z
Fixed password prompt in pki CLI

The pki CLI has been modified not to throw an exception when the
user specifies a username without any password. The CLI will then
prompt for a password.

https://pagure.io/dogtagpki/issue/2840

- - - - -
f88365fa by Matthew Harmsen at 2018-10-23T18:58:46Z
dogtagpki Pagure Issue #3071 - Identify product version of CA, KRA, OCSP, TKS, and TPS using browser

- - - - -
a76550e5 by Matthew Harmsen at 2018-10-23T18:58:53Z
dogtagpki Pagure Issue #3071 - Identify product version of CA, KRA, OCSP, TKS, and TPS using browser (spec file template)

- - - - -
769392e4 by John Magne at 2018-10-23T18:59:01Z
dogtagpki Pagure Issue #3071 - Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely.

- - - - -
711c6c0a by Endi S. Dewata at 2018-10-23T21:35:14Z
Added subsystem config management CLI commands

New pki-server <subsystem>-config commands have been added to
simplify managing PKI subsystem configuration parameters in CS.cfg.

- - - - -
47057c9c by Endi S. Dewata at 2018-10-24T03:00:59Z
Updated exception handling in LogFile and LogSubsystem

The exception handling code in LogFile and LogSubsystem has been
modified to help troubleshooting.

- - - - -
a2db470e by Endi S. Dewata at 2018-10-24T03:02:46Z
Updated AbstractProfileSubsystem initialization

The AbstractProfileSubsystem has been modified to initialize
mProfiles and mProfileClassIds such that they are never null.

- - - - -
8fe7d8b8 by Endi S. Dewata at 2018-10-24T03:09:15Z
Updated CertificateAuthority initialization

The CertificateAuthority has been modified to initialize
dbFactory such that it is never null.

- - - - -
0fba3c27 by Christian Heimes at 2018-10-25T13:39:16Z
No missing token in verify_certificate_exists

Remove the missing token check from verify_certificate_exists. It was
the one place that was not adopted to use blank token as default.

Change-Id: Ic192e0699ff32af474976039af08e1503925dfd1
See: 17677ae4d2cda456b64ec67e2b25ba63f4a58a70
Fixes: https://pagure.io/dogtagpki/issue/3073
Signed-off-by: Christian Heimes <cheimes at redhat.com>

- - - - -
eda1351f by Endi S. Dewata at 2018-10-25T16:54:11Z
Replaced CMS.getLdapBoundConnFactory()

Calls to CMS.getLdapBoundConnFactory() have been replaced with
direct calls to LdapBoundConnFactory constructor.

- - - - -
c84b743c by Endi S. Dewata at 2018-10-25T16:54:11Z
Replaced CMS.getLdapAnonConnFactory()

Calls to CMS.getLdapAnonConnFactory() have been replaced with
direct calls to LdapAnonConnFactory constructor.

- - - - -
f0ab5525 by Endi S. Dewata at 2018-10-25T16:54:12Z
Replaced CMS.getLdapJssSSLSocketFactory()

Calls to CMS.CMS.getLdapJssSSLSocketFactory() have been replaced
with direct calls to PKIServerFactory constructor.

- - - - -
2d90310e by Endi S. Dewata at 2018-10-25T16:54:13Z
Updated log messages in LdapBoundConnFactory

- - - - -
1b7cab4c by Alexander Scheel at 2018-10-25T20:16:15Z
Improve logging around LDAP connection errors

Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>

- - - - -
16e9efae by Alexander Scheel at 2018-10-25T20:16:15Z
Expand documentation around installing CA

Focuses on hostname and firewall prereqs for CA and clones

Signed-off-by: Alexander Scheel <alexander.m.scheel at gmail.com>

- - - - -
f037107a by Endi S. Dewata at 2018-10-25T22:31:32Z
Refactored PKISubsystem.get_subsystem_cert() (part 1)

The code that retrieves additional cert info from NSS database
has been moved from PKISubsystem.get_subsystem_cert() to
get_nssdb_cert_info().

https://pagure.io/dogtagpki/issue/3001

- - - - -
f83163ee by Endi S. Dewata at 2018-10-25T22:31:32Z
Refactored PKISubsystem.get_subsystem_cert() (part 2)

The code that retrieves cert attributes from CS.cfg
has been moved from PKISubsystem.get_subsystem_cert()
to get_cert_info().

https://pagure.io/dogtagpki/issue/3001

- - - - -
bc84b70d by Endi S. Dewata at 2018-10-25T22:31:32Z
Added PKISubsystem.get_cert_infos()

A new PKISubsystem.get_cert_infos() has been added to eventually
replace PKISubsystem.find_system_certs() which will return a
list of cert infos from CS.cfg only instead of a generator that
returns cert infos from both CS.cfg and NSS database.

The pki-server subsystem-cert-find has been modified to call
PKISubsystem.get_nssdb_cert_info() to get the info from NSS
database for each certificate.

https://pagure.io/dogtagpki/issue/3001

- - - - -
00414541 by Endi S. Dewata at 2018-10-25T22:31:32Z
Fixed pki-server subsystem-cert-* output

The pki-server subsystem-cert-* commands have been modified to
show 'Internal Key Storage Token' when the token is unset.

https://pagure.io/dogtagpki/issue/3001

- - - - -
609bb425 by Endi S. Dewata at 2018-10-25T22:40:04Z
Fixed pki-server cert-* output

The pki-server cert-* commands have been modified not to show
the token when it is unset.

- - - - -
e865b068 by Endi S. Dewata at 2018-10-25T22:42:11Z
Added doc on signed audit logging failures

https://pagure.io/dogtagpki/issue/3070

- - - - -
41212b52 by Endi S. Dewata at 2018-10-26T00:24:53Z
Updated log messages in LdapAnonConnFactory

- - - - -
9f749a20 by Endi S. Dewata at 2018-10-26T03:16:32Z
Updated log messages in pkispawn

- - - - -
54edd1a7 by Endi S. Dewata at 2018-10-26T08:29:20Z
Fixed default token normalization in initialization.py (#83)

Previously the initialization.py did not normalize the default
token name in pki_self_signed_token which was blank. This caused
an error when installing an additional subsystem into the same
instance since the code could not find the existing internal
token password from the first subsystem installation.

The code has been modified to normalize the default token name
into 'internal' such that it can find the existing internal token
password.

https://pagure.io/dogtagpki/issue/3073
- - - - -
b5ab4d58 by Endi S. Dewata at 2018-10-27T01:10:01Z
Replaced CMS.getHttpConnection()

Calls to CMS.getHttpConnection() have been replaced
with direct calls to HttpConnection constructor.

- - - - -
85bb7695 by Endi S. Dewata at 2018-10-27T01:18:54Z
Replaced CMS.getHttpPKIMessage()

Calls to CMS.getHttpPKIMessage() have been replaced
with direct calls to HttpPKIMessage constructor.

- - - - -
e28eaac1 by Endi S. Dewata at 2018-10-27T01:23:36Z
Replaced CMS.getHttpRequestEncoder()

Calls to CMS.getHttpRequestEncoder() have been replaced
with direct calls to HttpRequestEncoder constructor.

- - - - -
e14113f5 by Endi S. Dewata at 2018-10-27T01:31:08Z
Replaced CMS.getLdapConnInfo()

Calls to CMS.getLdapConnInfo() have been replaced
with direct calls to LdapConnInfo constructor.

- - - - -
a2174146 by Endi S. Dewata at 2018-10-27T01:35:01Z
Replaced CMS.getLdapAuthInfo()

Calls to CMS.getLdapAuthInfo() have been replaced
with direct calls to LdapAuthInfo constructor.

- - - - -
3da9698f by Endi S. Dewata at 2018-10-27T02:22:53Z
Replaced CMS.getCommandQueue()

Calls to CMS.getCommandQueue() have been replaced
with direct calls to CommandQueue constructor.

- - - - -
b946120b by Endi S. Dewata at 2018-10-27T02:32:53Z
Replaced CMS.getDefaultX509CertInfo()

Calls to CMS.getDefaultX509CertInfo() have been replaced
with direct calls to CertInfo constructor.

- - - - -
3e384984 by Endi S. Dewata at 2018-10-27T02:39:45Z
Replaced CMS.getEmailResolverKeys()

Calls to CMS.getEmailResolverKeys() have been replaced
with direct EmailResolverKeys creation.

- - - - -
35c92bfb by Endi S. Dewata at 2018-10-27T02:49:30Z
Replaced CMS.getReqCertSANameEmailResolver()

Calls to CMS.getReqCertSANameEmailResolver() have been replaced
with direct ReqCertSANameEmailResolver creation.

- - - - -
feb616f3 by Endi S. Dewata at 2018-10-27T02:58:30Z
Replaced CMS.getEmailFormProcessor()

Calls to CMS.getEmailFormProcessor() have been replaced
with direct EmailFormProcessor creation.

- - - - -
ebb31ca0 by Endi S. Dewata at 2018-10-27T03:06:51Z
Replaced CMS.getEmailTemplate()

Calls to CMS.getEmailTemplate() have been replaced
with direct EmailTemplate creations.

- - - - -
3278e9aa by Endi S. Dewata at 2018-10-27T03:15:26Z
Replaced CMS.getPrettyPrintFormat()

Calls to CMS.getPrettyPrintFormat() have been replaced
with direct PrettyPrintFormat creations.

- - - - -
30ebccf0 by Endi S. Dewata at 2018-10-27T03:21:53Z
Replaced CMS.getExtPrettyPrint()

Calls to CMS.getExtPrettyPrint() have been replaced
with direct ExtPrettyPrint creations.

- - - - -
387cf29e by Endi S. Dewata at 2018-10-27T03:29:46Z
Replaced CMS.getCertPrettyPrint()

Calls to CMS.getCertPrettyPrint() have been replaced
with direct CertPrettyPrint creations.

- - - - -
06b340c7 by Endi S. Dewata at 2018-10-27T03:38:26Z
Replaced CMS.getCRLPrettyPrint()

Calls to CMS.getCRLPrettyPrint() have been replaced
with direct CrlPrettyPrint creations.

- - - - -
723783a1 by Endi S. Dewata at 2018-10-27T03:42:04Z
Replaced CMS.getCRLCachePrettyPrint()

Calls to CMS.getCRLCachePrettyPrint() have been replaced
with direct CrlCachePrettyPrint creations.

- - - - -
169cba49 by Dinesh Prasanth M K at 2018-10-29T16:36:27Z
Adding `--force` option to pki-destroy to force uninstallation

* Fixes bz-1372056 and bz-1458010
* `pki-destroy` and `pki-spawn` logs are now owned by `root`
  rather than the configured pkiuser
* Use `os.path.join` to construct file paths

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
f8e729e7 by Dinesh Prasanth M K at 2018-10-29T16:36:27Z
Add `--remove-logs` to remove logs

This commit prevents removing logs by default to give an option
to the admin to retrieve logs. The admin can user `--remove-logs` to
clean the log slate.

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
d54dcede by Dinesh Prasanth M K at 2018-10-29T19:44:27Z
Remove check against PKI_SIGNED_AUDIT_SUBSYSTEMS (#85)

- Remove check against PKI_SIGNED_AUDIT_SUBSYSTEMS
- Remove obsolete PKI_TOMCAT_SUBSYSTEMS
- RA is no longer part of PKI_SUBSYSTEMS

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`

- - - - -
879bca12 by Endi S. Dewata at 2018-10-29T22:52:42Z
Replaced CMS.getPasswordCallback()

Calls to CMS.getPasswordCallback() have been replaced
with direct PWCBsdr creations.

- - - - -
6b0885b9 by Endi S. Dewata at 2018-10-29T22:52:42Z
Replaced cert verification methods in CMS

Cert verification methods in CMS have been replaced with
direct calls to CertUtils methods.

- - - - -
d203f755 by Endi S. Dewata at 2018-10-29T22:52:43Z
Replaced CMS.isSigningCert()

CMS.isSigningCert() has been replaced with direct calls to
CertUtils.isSigningCert().

- - - - -
205af6a2 by Endi S. Dewata at 2018-10-29T22:52:44Z
Replaced CMS.isEncryptionCert()

CMS.isEncryptionCert() has been replaced with direct calls to
CertUtils.isEncryptionCert().

- - - - -
4777755f by Endi S. Dewata at 2018-10-30T14:45:25Z
Updated log messages in TPSInstallerService

- - - - -
940dd701 by Endi S. Dewata at 2018-10-30T15:30:46Z
Replaced fingerprint methods in CMS

Fingerprint methods in CMS have been replaced with direct
calls to the corresponding methods in CertUtils.

- - - - -
980e8bb2 by Endi S. Dewata at 2018-10-30T16:20:12Z
Replaced CMS.checkOID()

CMS.checkOID() has been replaced with direct call to
CertUtils.checkOID().

- - - - -
b563d59d by Alexander Scheel at 2018-10-30T21:18:50Z
Use javac to compile JNI headers for JDK9+

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
20f95b9a by Alexander Scheel at 2018-10-31T19:34:20Z
Add JAXB as a build and rumtime dependency to PKI

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
2e57a39b by Alexander Scheel at 2018-10-31T19:34:20Z
Use JAXB dependency to support JDK9+

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
b8abfae1 by Alexander Scheel at 2018-10-31T19:34:38Z
Clarify the return type of node.children()

When calling CMSResourceObject.children(), the return type is
Enumeration<TreeNode>, not Enumeration<CMSResourceObject>.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
6bdd4eb5 by Dinesh Prasanth M K at 2018-10-31T19:50:52Z
Reuse same instance log dirs (if exists) (#92)

- `pkidestroy` behaviour was changed in #79 which preserves the log
  by default. When `pkispawn` was run, it threw a name space collision
  error.
- This patch reuses the log dir and appends logs to the same log dir
  structure (if exists) and logs it accordingly.

Ticket: https://pagure.io/dogtagpki/issue/3077

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
8758b7d7 by bhavikbhavsar at 2018-11-01T09:12:53Z
added mapping for 127.0.0.1 to master hostname for 389-ds create (#78)

Signed-off-by: Bhavik Bhavsar <bbhavsar at redhat.com>
- - - - -
55b1ecf3 by Endi S. Dewata at 2018-11-01T22:47:50Z
Updated pki-server <subsystem>-audit-event-find

The pki-server <subsystem>-audit-event-find has been modified
to support searching all events, enabled events, and disabled
events.

https://pagure.io/dogtagpki/issue/2686

- - - - -
6c327c8e by Endi S. Dewata at 2018-11-02T01:19:59Z
Updated pki-server <subsystem>-audit-event-update

The pki-server <subsystem>-audit-event-update has been modified
to support removing event filter by specifying an empty filter.

https://pagure.io/dogtagpki/issue/2686

- - - - -
ab436b54 by Endi S. Dewata at 2018-11-02T14:37:00Z
Updated pki-server <subsystem>>-audit-config-mod

The pki-server <subsystem>-audit-config-mod has been modified
to update a parameter only if it is specified and to show the
values after modification.

https://pagure.io/dogtagpki/issue/2686

- - - - -
5b731c58 by Endi S. Dewata at 2018-11-02T23:20:35Z
Replaced PKI_VERSION variable for CI

The PKI_VERSION variable for CI has been replaced with
COPR_REPO which contains the full repository name.

- - - - -
84b79055 by Endi S. Dewata at 2018-11-02T23:47:04Z
Added pki.get_info()

The code that retrieves package info has been moved into
pki.get_info() method. The pki.implementation_version()
has been modified to call that method. A similar
pki.specification_version() has been added as well.

- - - - -
7779b677 by Endi S. Dewata at 2018-11-03T02:12:44Z
Updated VERSION file

The Specification-Version and Implementation-Version
in the VERSION file have been modified to match JAR
manifests. The code that uses this file has been
updated accordingly.

- - - - -
06a67d12 by Endi S. Dewata at 2018-11-06T15:15:19Z
Added pki-server <subsystem>-audit-config-show

A new pki-server <subsystem>-audit-config-show has been added
to display the audit configuration.

The pki-server <subsystem>-audit-config-mod has been modified
to provide additional configuration parameters.

https://pagure.io/dogtagpki/issue/2686

- - - - -
93d7e9da by Endi S. Dewata at 2018-11-06T17:44:27Z
Updated pki-server <subsystem>-audit-event-enable/disable

The pki-server <subsystem>-audit-event-enable/disable commands
have been modified to sort the event list before saving the
changes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
0dde4307 by Endi S. Dewata at 2018-11-07T02:17:17Z
Cleaned up audit event methods in PKISubsystem

The code in PKISubsystem.get_enabled_audit_events() has been
simplified for clarity.

The PKISubsystem.find_audit_events() has been renamed into
find_audit_event_infos() for clarity.

https://pagure.io/dogtagpki/issue/2686

- - - - -
7dbdd7dc by Dinesh Prasanth M K at 2018-11-07T14:54:37Z
Refactoring `cert_create` module to accommodate `cert-fix` (#96)

Changeset for this commit:

- `renew_certificate` method is refactored
- A generic `cert_create` method replaces `create_<subsys>_cert` methods
- This PR is the final (4th) split of PR #70 
- `c_*` variables have been expanded as `client_*` variables to avoid cryptic
  variable names

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`

- - - - -
19942ab4 by Endi S. Dewata at 2018-11-07T20:25:40Z
Added pki-server <subsystem>-audit-event-show

A new pki-server <subsystem>-audit-event-show command has been
added to show a specific audit event configuration.

https://pagure.io/dogtagpki/issue/2686

- - - - -
49c22c27 by Endi S. Dewata at 2018-11-08T21:12:51Z
Updated pki.util.load_properties()

The pki.util.load_properties() has been modified to support
multi-line property value.

https://pagure.io/dogtagpki/issue/2686

- - - - -
200aab5d by Dinesh Prasanth M K at 2018-11-08T21:36:57Z
Refactoring cert_del method to PKI Instance (#101)

This is to accommodate the PR #98 

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
12e989de by Endi S. Dewata at 2018-11-08T23:16:00Z
Added event name validation in PKISubsystem

Some audit event methods in PKISubsystem have been updated to
validate the event name parameters.

https://pagure.io/dogtagpki/issue/2686

- - - - -
936983fb by Dinesh Prasanth M K at 2018-11-08T23:35:44Z
Adding F29 and removing F27 (#100)

This commit introduces the following changes:
- F27 matrix is removed (since it reaches EOL on 30 Nov 2018)
- F29 matrix is added since it went GA (30 Oct 2018)
- Cleaned Travis scripts (add reusability across matrix)
- `sphinx-build-3` name is added to cmake module since it uses
  python3-sphinx in F29+

TODO: Add util methods to add colors to the success/failed cmds

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`

- - - - -
c7b87711 by jmagne at 2018-11-09T01:07:40Z
Resolve: Bug 1641119 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true. (#87)

The approach taken by this patch is quite simple. The SystemCertsVerification self test has been modified to
optionally act differently when verifying the system certs of both ca and ocsp instances.

Previously, the test would do a full cert verification , which results in an ocsp check being done at the nss level, if ocsp has been enabled in the server.xml. The past result was to have the server hang on startup , due to the fact that an ocsp check of a given cert would loop back to the ca or ocsp server itself to do the work. In the case of the self test /startup scenario, the server will not be sufficiently ready to field such a request, thus resulting in a hang situation.

This fix modifies the cert checks for ca and ocsp to ONLY do a validity test for each cert.

The code has created an optional parameter than can force our of this behaviour if the admin absolutely wants to:

selftests.plugin.SystemCertsVerification.FullCAandOCSPVerify= true

IF, the admin wants the test to behave as it did before. This may be the case where we know ocsp is not configured for the ca or ocsp itself.

The value, is false by default and is false if the line is not present.

The simple validity test is all that gets done at this point but could be modified to do more in the future.
We already have a validity test for just the CA singing and OCSP signing certs. I felt it was cleaner to just leave those in place unchanged, safely leaving the original wiring in place.
- - - - -
f698a85c by Dinesh Prasanth M K at 2018-11-09T14:56:29Z
Fixing minor bug in CI to fix nightly tests

- Added double quotes when starting docker image in order to ensure
  text with spaces are passed to the running container.

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
653ebeba by Endi S. Dewata at 2018-11-09T16:29:30Z
Updated audit event commands output

The pki-server <subsystem>-audit-event-* commands have been
modified to show the result after update.

https://pagure.io/dogtagpki/issue/2686

- - - - -
ac275598 by Dinesh Prasanth M K at 2018-11-09T19:38:52Z
Refactoring cert-import module (#102)

- Refactoring nssdb_import_cert to accommodate cert-fix
- Adding new cert_import() in PKIInstance which
  automatically will update all subsystem's CS.cfg

`Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>`
- - - - -
25b4f176 by Dinesh Prasanth M K at 2018-11-09T22:10:14Z
Adding `cert-fix` module for automated Offline Cert Renewal Tool (#98)

- This PR adds a new module `cert-fix` to enable sysadmins to
  renew expired certs
- A minor bug fix to `nssdb_import_cert` to import correct cert_id certs
- PKI server now is brought up using temp SSL cert only if the SSL cert
  is expired.

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
9d617a7d by Endi S. Dewata at 2018-11-10T03:54:49Z
Updated server startup log messages

- - - - -
26c310fc by Endi S. Dewata at 2018-11-10T04:16:08Z
Updated PKI UI framework

The Collection class has been modified to accept urlRoot option
without including it in the query. The TableItem class has been
modified to display null value as blank.

https://pagure.io/dogtagpki/issue/530

- - - - -
59c12d97 by Endi S. Dewata at 2018-11-10T04:39:52Z
Refactored TPS group classes

The TPS group classes have been modified to accept the urlRoot
option defined in the main page.

https://pagure.io/dogtagpki/issue/530

- - - - -
55fc92ac by Endi S. Dewata at 2018-11-10T04:51:20Z
Reorganized TPS group JS and UI files

TPS group JS and UI files have been moved into /pki/js and /pki/ui
folders such that they can be reused by other subsystems.

https://pagure.io/dogtagpki/issue/530

- - - - -
625fc5d5 by Endi S. Dewata at 2018-11-12T16:22:27Z
Refactored TPS user classes (part 1)

The TPS user classes have been modified to accept the urlRoot
option defined in the main page.

https://pagure.io/dogtagpki/issue/530

- - - - -
e77cd276 by Endi S. Dewata at 2018-11-12T16:22:32Z
Refactored TPS user classes (part 2)

Common user classes have been moved from /tps/js/user.js into
/pki/js/pki-user.js. TPS-specific user classes have been renamed
with TPS prefix.

https://pagure.io/dogtagpki/issue/530

- - - - -
5a092716 by Endi S. Dewata at 2018-11-12T16:25:14Z
Refactored TPS user UI files

The users.html, user-roles.html, and user-certs.html have been
moved from /tps/ui into /pki/ui folder. The user.html has been
copied and cleaned up. This way these files can be used by other
subsystems.

https://pagure.io/dogtagpki/issue/530

- - - - -
989d72da by Endi S. Dewata at 2018-11-12T16:25:23Z
Refactored TPS account class

TPS account class has been moved into /pki/js such that it can
be reused by other subsystems.

https://pagure.io/dogtagpki/issue/530

- - - - -
f85f8e9d by Endi S. Dewata at 2018-11-12T19:47:41Z
Refactored TPS user object

The tps.user object has been converted into PKI.user. The value
is now set in the Account.login() and logout() methods.

https://pagure.io/dogtagpki/issue/530

- - - - -
720c8995 by Endi S. Dewata at 2018-11-12T21:13:32Z
Refactored TPS UI getAttribute()

The getAttribute() in TPS UI has been moved into pki.js.

https://pagure.io/dogtagpki/issue/530

- - - - -
c8f4fbc5 by Endi S. Dewata at 2018-11-12T21:14:05Z
Refactored TPS UI getElementName()

The getElementName() in TPS UI has been moved into tps.js.

https://pagure.io/dogtagpki/issue/530

- - - - -
a02b8524 by Endi S. Dewata at 2018-11-12T21:15:30Z
Refactored TPS HomePage class

The common code in TPS HomePage class has been moved into
pki-ui.js. The TPS-specific code will remain in TPSHomePage
class.

https://pagure.io/dogtagpki/issue/530

- - - - -
cc8be960 by Endi S. Dewata at 2018-11-12T22:29:03Z
Enabled TPS home page

The TPS UI has been modified to show a home page which contains
links to various pages. The TPSHomePage.update() has been modified
to display the links based on the authorization.

https://pagure.io/dogtagpki/issue/530

- - - - -
3cca9563 by Endi S. Dewata at 2018-11-12T23:52:39Z
Added basic CA UI

A basic CA UI has been added which provides user and group
management interface.

https://pagure.io/dogtagpki/issue/530

- - - - -
47b730e4 by Endi S. Dewata at 2018-11-12T23:52:39Z
Added basic KRA UI

A basic KRA UI has been added which provides user and group
management interface.

https://pagure.io/dogtagpki/issue/530

- - - - -
dfa218a1 by Endi S. Dewata at 2018-11-12T23:52:40Z
Added basic OCSP UI

A basic OCSP UI has been added which provides user and group
management interface.

https://pagure.io/dogtagpki/issue/530

- - - - -
8ebb8140 by Endi S. Dewata at 2018-11-12T23:52:40Z
Added basic TKS UI

A basic TKS UI has been added which provides user and group
management interface.

https://pagure.io/dogtagpki/issue/530

- - - - -
bc7d4811 by Endi S. Dewata at 2018-11-14T02:16:40Z
Added cert pages in CA UI

New CA UI pages have been added to list certs and view cert
details.

https://pagure.io/dogtagpki/issue/530

- - - - -
0b04a5bd by Endi S. Dewata at 2018-11-14T18:49:01Z
Added key pages in KRA UI

New KRA UI pages have been added to list keys and view key
details.

https://pagure.io/dogtagpki/issue/530

- - - - -
85c5c4ac by Endi S. Dewata at 2018-11-16T19:54:01Z
Merged TOKEN_AUTH events

TOKEN_AUTH_FAILURE and TOKEN_AUTH_SUCCESS events have been
merged into a single TOKEN_AUTH event with different outcomes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
f572acf7 by Endi S. Dewata at 2018-11-16T19:58:13Z
Refactored TPS UI audit classes

Some TPS UI audit classes have been modified such that the
service URL can defined in the main page.

https://pagure.io/dogtagpki/issue/530

- - - - -
94d68ab0 by Endi S. Dewata at 2018-11-16T20:07:20Z
Reorganized TPS UI audit files

The audit.js and audit.html have been moved into /pki/js and
/pki/ui folders, respectively.

https://pagure.io/dogtagpki/issue/530

- - - - -
8f6fd67f by Jack Magne at 2018-11-16T23:47:36Z
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1602659 , Please review important issues found by covscan in "pki-core-10.6.2-3.el8+7" package.

Trivial one line fix to sslget.c to fix a problem at the very end of the program.

Change-Id: Idb681d0a3c5a44e1694d00e58fdf50129da197d2

- - - - -
4de10e3e by Endi S. Dewata at 2018-11-19T17:18:12Z
Merged ENCRYPT_DATA_REQUEST_PROCESSED events

ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE and
ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS have been merged
into a single ENCRYPT_DATA_REQUEST_PROCESSED event with
different outcomes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
9f198a0a by Endi S. Dewata at 2018-11-19T17:18:33Z
Merged TOKEN_FORMAT events

TOKEN_FORMAT_FAILURE and TOKEN_FORMAT_SUCCESS events have been
merged into a single TOKEN_FORMAT event with different outcomes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
482a74ae by Dinesh Prasanth M K at 2018-11-19T21:26:54Z
Allow log upload to transfer.sh fail (#109)

- PKI build process isn't dependent on uploading logs to
  transfer.sh and so, shouldn't fail if the infrastructure is down

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>
- - - - -
9ee61907 by Endi S. Dewata at 2018-11-20T15:46:25Z
Added basic cert request pages in CA UI

The CA UI has been modified to provide an interface to
view certificate requests.

https://pagure.io/dogtagpki/issue/530

- - - - -
474080a9 by Alexander Scheel at 2018-11-20T19:01:09Z
Sync FindNSPR and FindNSS with JSS changes

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
4880fa69 by Endi S. Dewata at 2018-11-20T20:21:09Z
Merged TOKEN_PIN_RESET events

TOKEN_PIN_RESET_FAILURE and TOKEN_PIN_RESET_SUCCESS events have
been merged into a single TOKEN_PIN_RESET event with different
outcomes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
f3c974eb by Endi S. Dewata at 2018-11-20T20:21:16Z
Merged DIVERSIFY_KEY_REQUEST_PROCESSED events

DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE and
DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS have been merged
into a single DIVERSIFY_KEY_REQUEST_PROCESSED event with
different outcomes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
10571485 by Endi S. Dewata at 2018-11-21T16:00:28Z
Added basic cert profile pages in CA UI

The CA UI has been modified to provide an interface to
view certificate profiles.

https://pagure.io/dogtagpki/issue/530

- - - - -
3137d206 by Endi S. Dewata at 2018-11-21T17:02:19Z
Added basic key request pages in KRA UI

The KRA UI has been modified to provide an interface to
view key requests.

https://pagure.io/dogtagpki/issue/530

- - - - -
3550aaa7 by Endi S. Dewata at 2018-11-21T19:39:52Z
Merged COMPUTE_SESSION_KEY_REQUEST_PROCESSED events

COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE and
COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS have been merged
into a single COMPUTE_SESSION_KEY_REQUEST_PROCESSED event with
different outcomes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
376d7bb0 by Endi S. Dewata at 2018-11-21T20:29:45Z
Replaced CMS.form_GeneralNameAsConstraints()

CMS.form_GeneralNameAsConstraints() has been replaced with direct
calls to GeneralNameUtil.form_GeneralNameAsConstraints().

- - - - -
20b2eed0 by Endi S. Dewata at 2018-11-21T20:34:03Z
Replaced CMS.form_GeneralName()

CMS.form_GeneralName() has been replaced with direct calls to
GeneralNameUtil.form_GeneralName().

- - - - -
5a3ce1c8 by Endi S. Dewata at 2018-11-21T20:42:07Z
Replaced CMS.getSubjAltNameConfigDefaultParams()

CMS.getSubjAltNameConfigDefaultParams() has been replaced with
direct calls to GeneralNameUtil.SubjAltNameGN.getDefaultParams().

- - - - -
b219b3ca by Endi S. Dewata at 2018-11-21T20:44:39Z
Replaced CMS.getSubjAltNameConfigExtendedPluginInfo()

CMS.getSubjAltNameConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.SubjAltNameGN.getExtendedPluginInfo().

- - - - -
83940093 by Endi S. Dewata at 2018-11-21T20:49:49Z
Replaced CMS.createSubjAltNameConfig()

CMS.createSubjAltNameConfig() has been replaced with direct calls
to GeneralNameUtil.SubjAltNameGN constructor.

- - - - -
bcb2b65a by Endi S. Dewata at 2018-11-21T20:53:52Z
Replaced CMS.getGeneralNameConfigDefaultParams()

CMS.getGeneralNameConfigDefaultParams() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameConfig.getDefaultParams().

- - - - -
5a402de5 by Endi S. Dewata at 2018-11-21T20:57:11Z
Replaced CMS.getGeneralNamesConfigDefaultParams()

CMS.getGeneralNamesConfigDefaultParams() has
been replaced with direct calls to
GeneralNameUtil.GeneralNamesConfig.getDefaultParams().

- - - - -
ad44b0dc by Endi S. Dewata at 2018-11-21T21:01:09Z
Replaced CMS.getGeneralNameConfigExtendedPluginInfo()

CMS.getGeneralNameConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameConfig.getExtendedPluginInfo().

- - - - -
bcd85448 by Endi S. Dewata at 2018-11-21T21:04:22Z
Replaced CMS.getGeneralNamesConfigExtendedPluginInfo()

CMS.getGeneralNamesConfigExtendedPluginInfo() has
been replaced with direct calls to
GeneralNameUtil.GeneralNamesConfig.getExtendedPluginInfo().

- - - - -
de792728 by Endi S. Dewata at 2018-11-21T21:07:47Z
Replaced CMS.createGeneralNamesConfig()

CMS.createGeneralNamesConfig() has been replaced with direct calls
to GeneralNameUtil.GeneralNamesConfig constructor.

- - - - -
35e87448 by Endi S. Dewata at 2018-11-21T21:11:42Z
Replaced CMS.createGeneralNameAsConstraintsConfig()

CMS.createGeneralNameAsConstraintsConfig() has
been replaced with direct calls to
GeneralNameUtil.GeneralNameAsConstraintsConfig constructor.

- - - - -
2069948d by Endi S. Dewata at 2018-11-21T21:14:59Z
Removed unused CMS.createGeneralNamesAsConstraintsConfig()

- - - - -
5f7390c8 by Fraser Tweedale at 2018-11-22T03:17:55Z
Fix DerValue.getOctetString for empty octet strings

When reading a DerValue as an OCTET STRING via getOctetString(),
if the length of the OCTET STRING is zero an exception is thrown:

    java.io.IOException: short read on DerValue buffer

The following program reproduces the issue:

    import java.io.IOException;
    import netscape.security.util.DerValue;

    class DerTest {
        public static void main(String[] args) {
            byte[] bytes = { 0x04, 0x00 };
            try {
                DerValue derVal = new DerValue(bytes);
                System.out.println(derVal.getOctetString());
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

The issue arises because ByteArrayInputStream.read() returns -1 when
the stream has no more data, even if we are asking to read 0 bytes.
This seems to violate the contract of InputStream.read() which says
that if the requested read length is 0, the return value is 0.
Avoid throwing the exception when this condition occurs.

Fixes: https://pagure.io/dogtagpki/issue/3079

- - - - -
85d93a23 by Alexander Scheel at 2018-11-26T20:12:57Z
Correctly handle JDK9+ Javadoc versions

In JDK 9+, the java major version that was previously in the minor
version field is now in the major version field. That is, JDK 8 was
reported as 1.8.x, whereas JDK 9+ is now reported as 9.x.y. This
adds the Javadoc flag on JDK8+ systems.

Signed-off-by: Alexander Scheel <ascheel at redhat.com>

- - - - -
d6967000 by Endi S. Dewata at 2018-11-26T21:18:57Z
Replaced CMS.getAuditor()

CMS.getAuditor() has been replaced with direct calls to
Auditor.getAuditor().

- - - - -
3427c443 by Endi S. Dewata at 2018-11-26T21:19:19Z
Replaced CMS.getLogger() (part 1)

Some references to CMS.getLogger() have been replaced with
direct calls to Logger.getLogger().

- - - - -
f211914c by Endi S. Dewata at 2018-11-26T21:19:48Z
Replaced CMS.getLogger() (part 2)

The remaining references to CMS.getLogger() have been replaced
with direct calls to Logger.getLogger().

- - - - -
2e9b4521 by Endi S. Dewata at 2018-11-26T22:07:24Z
Merged COMPUTE_RANDOM_DATA_REQUEST_PROCESSED events

COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE and
COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS have been merged
into a single COMPUTE_RANDOM_DATA_REQUEST_PROCESSED event with
different outcomes.

https://pagure.io/dogtagpki/issue/2686

- - - - -
7b37e503 by Endi S. Dewata at 2018-11-27T16:22:49Z
Cleaned up ConfigurationUtils.importCertChain() (part 1)

The code in ConfigurationUtils.importCertChain() that checks
the server response has been modified to reduce code indentation.

- - - - -
80eab246 by Endi S. Dewata at 2018-11-27T16:22:49Z
Cleaned up ConfigurationUtils.importCertChain() (part 2)

The code in ConfigurationUtils.importCertChain() that checks
the cert chain has been modified to reduce code indentation.

- - - - -
3855a3fc by Endi S. Dewata at 2018-11-27T16:22:49Z
Refactored ConfigurationUtils.importCertChain()

The code that retrieves the cert chain has been moved from
ConfigurationUtils.importCertChain() into getCertChain().

- - - - -
14e29129 by Fraser Tweedale at 2018-11-29T20:45:27Z
pkispawn: log certutil output when cert creation fails

When pkispawn fails due to certutil failure to create self-signed
certificate, the command output is suppressed and there is no
information (other than certutil process exit status) about what
went wrong.

Capture the command output and include it in the error message.

Part of: https://pagure.io/dogtagpki/issue/3081

- - - - -
df237f60 by Endi S. Dewata at 2018-11-29T22:19:43Z
Updated version number to PKI 10.6.8

The pki.spec has been modified to define a conflict between
pki-server package and freeipa-server < 4.7.1 due to IPA
ticket #7742.

The ipa-init.sh has been modified to enable IPA 4.7 COPR repo
in order to get freeipa-server 4.7.1 for F28 and F29.

- - - - -
108ce6b3 by Endi S. Dewata at 2018-11-30T01:09:52Z
Removed arch exclusion in pki.spec

The pki.spec has been modified to remove unnecessary arch
exclusion and for some other cleanups.

- - - - -
de88eac2 by Timo Aaltonen at 2018-12-03T16:35:33Z
Merge branch 'upstream'

- - - - -
c137868d by Timo Aaltonen at 2018-12-03T16:36:38Z
bump the version

- - - - -
07d26710 by Timo Aaltonen at 2018-12-03T16:42:06Z
control, use-new-pkcs11-interface.diff: Bump libjss-java depends to 4.5.1, fix build against jdk9+. (Closes: #893142)

- - - - -
ac5cf62a by Timo Aaltonen at 2018-12-03T16:43:26Z
patches: Refreshed.

- - - - -
c0b30d05 by Timo Aaltonen at 2018-12-03T16:58:50Z
control: Add libjackson2-core-java, -databind-java to build-depends.

- - - - -
461130b0 by Timo Aaltonen at 2018-12-03T16:59:13Z
dogtag-pki-server-theme.install: Updated.

- - - - -
10b17c10 by Timo Aaltonen at 2018-12-03T17:14:41Z
control, rules: Build-depend on default-jdk again, set JAVA_HOME to match.

- - - - -
aee891a1 by Timo Aaltonen at 2018-12-03T17:18:52Z
tests: Force C locale so that error messages from python can be shown.

- - - - -
901f1b11 by Timo Aaltonen at 2018-12-05T20:03:59Z
control: Bump libresteasy3.0-java dependency for jackson2 provider.

- - - - -
b5e14c51 by Timo Aaltonen at 2018-12-05T20:10:05Z
control, rules: Replace libjboss-annotations-1.2-api-java with libgeronimo-annotation-1.3-spec-java. Drop dependency on libscannotation-java.

- - - - -
ab923e42 by Timo Aaltonen at 2018-12-05T20:23:53Z
releasing package dogtag-pki version 10.6.8-1

- - - - -


30 changed files:

- .classpath
- .travis.yml
- base/CMakeLists.txt
- base/VERSION
- base/ca/shared/profiles/ca/caCMCECUserCert.cfg
- + base/ca/shared/webapps/ca/js/cert.js
- + base/ca/shared/webapps/ca/js/certrequest.js
- + base/ca/shared/webapps/ca/js/profile.js
- + base/ca/shared/webapps/ca/ui/cert.html
- + base/ca/shared/webapps/ca/ui/certrequest.html
- + base/ca/shared/webapps/ca/ui/certrequests.html
- + base/ca/shared/webapps/ca/ui/certs.html
- + base/ca/shared/webapps/ca/ui/home.html
- + base/ca/shared/webapps/ca/ui/index.jsp
- + base/ca/shared/webapps/ca/ui/profile.html
- + base/ca/shared/webapps/ca/ui/profiles.html
- base/ca/src/CMakeLists.txt
- base/ca/src/com/netscape/ca/CertificateAuthority.java
- base/ca/src/com/netscape/ca/ExternalProcessKeyRetriever.java
- base/ca/src/org/dogtagpki/server/ca/CAEngine.java
- base/ca/src/org/dogtagpki/server/ca/rest/CAInstallerService.java
- base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
- base/common/CMakeLists.txt
- base/common/python/pki/__init__.py
- base/common/python/pki/key.py
- base/common/python/pki/system.py
- base/common/python/pki/upgrade.py
- base/common/python/pki/util.py
- base/common/src/CMakeLists.txt
- base/common/src/com/netscape/certsrv/apps/CMS.java


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/compare/88d2d85d616a9fa1c9ec5e8aef30badca80a183e...ab923e423c3c8f08f175662efcf7c42fbf43b62e

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/compare/88d2d85d616a9fa1c9ec5e8aef30badca80a183e...ab923e423c3c8f08f175662efcf7c42fbf43b62e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20181205/6b1f7a9c/attachment-0001.html>

More information about the Pkg-freeipa-devel mailing list