[Pkg-freeipa-devel] [Git][freeipa-team/tomcatjss][master] 24 commits: Drop F31, add F32
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Mon Sep 6 09:49:08 BST 2021
Timo Aaltonen pushed to branch master at FreeIPA packaging / tomcatjss
Commits:
0ce6ea96 by Alexander Scheel at 2020-11-17T13:54:27-05:00
Drop F31, add F32
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
27a8161f by Endi S. Dewata at 2021-01-06T13:58:31-06:00
Fix exception handling in TomcatJSS.login()
The TomcatJSS.login() has been modified to throw the exception
instead of ignoring it if it's unable to find the token. This
will help troubleshooting NSS/JSS issues.
- - - - -
623f5959 by Alexander Scheel at 2021-02-11T12:43:21-05:00
Sync Tomcatjss spec with Fedora
Signed-off-by: Alexander Scheel <ascheel at redhat.com>
- - - - -
75634dd5 by Endi S. Dewata at 2021-05-03T11:59:22-05:00
Reorganize sources
TomcatJSS sources have been moved into core and tomcat-9.0
folders. All references have been updated accordingly.
- - - - -
cc74c7e8 by Chris Kelley at 2021-05-13T16:29:27+01:00
Make GitHub workflow use F33, drop EOL F32
- - - - -
778928da by Chris Kelley at 2021-05-17T21:49:54+01:00
Remove unused imports and tidy ones that remain
- - - - -
7a64944b by Endi S. Dewata at 2021-05-26T16:39:04-05:00
Drop git dependency
- - - - -
d568677f by Endi S. Dewata at 2021-06-03T13:24:05-05:00
Clean up Java dependency
The spec file has been modified to explicitly require Java 11.
- - - - -
c4a78c0d by Endi S. Dewata at 2021-06-03T22:08:21-05:00
Fix JAVA_HOME
- - - - -
4c269fcd by Endi S. Dewata at 2021-06-03T22:56:30-05:00
Update version number to 7.7.0-alpha1
- - - - -
df598f55 by Endi S. Dewata at 2021-06-10T20:20:11-05:00
Update JSS references
- - - - -
e0f7f75b by Endi S. Dewata at 2021-06-11T23:52:42-05:00
Update Java dependency
The spec file has been modified to use Java 1.8.0 for
Fedora 32 and RHEL 8, and Java 11 for other platforms.
- - - - -
02b94c63 by Endi S. Dewata at 2021-06-18T20:47:03-05:00
Add configurable test matrix
The test workflow have been modified to load the test
matrix from MATRIX secret variable. If the secret is
not defined, it will use the latest Fedora version
and the previous version.
- - - - -
32cf3e02 by Endi S. Dewata at 2021-06-18T20:49:13-05:00
Add Dockerfile
- - - - -
5bf079b5 by Endi S. Dewata at 2021-06-18T20:49:13-05:00
Add test tools
- - - - -
967c6fb5 by Endi S. Dewata at 2021-06-18T20:49:13-05:00
Add PKI tests
- - - - -
43ecb8aa by Endi S. Dewata at 2021-07-13T12:28:18-05:00
Update JSS dependency
- - - - -
20462363 by Endi S. Dewata at 2021-07-16T18:02:03-05:00
Add GitLab synchronization job
The .gitlab-ci.yml has been added to define a job to
synchronize a branch from an upstream repository to a
GitLab repository.
- - - - -
587c7a58 by Endi S. Dewata at 2021-07-20T13:57:51-05:00
Update version number to 7.7.0
- - - - -
54a21f43 by Timo Aaltonen at 2021-09-06T11:37:19+03:00
Merge branch 'upstream'
- - - - -
980c4098 by Timo Aaltonen at 2021-09-06T11:37:42+03:00
bump version
- - - - -
82dbf054 by Timo Aaltonen at 2021-09-06T11:45:49+03:00
rules: Fix source dir path.
- - - - -
7d20e63c by Timo Aaltonen at 2021-09-06T11:48:15+03:00
control: Bump libjss-java dependency.
- - - - -
a23e20bc by Timo Aaltonen at 2021-09-06T11:48:22+03:00
releasing package tomcatjss version 7.7.0-1
- - - - -
25 changed files:
- .classpath
- + .github/workflows/pki-tests.yml
- − .github/workflows/required.yml
- .gitignore
- + .gitlab-ci.yml
- + Dockerfile
- build.xml
- src/org/apache/tomcat/util/net/jss/IPasswordStore.java → core/src/main/java/org/apache/tomcat/util/net/jss/IPasswordStore.java
- src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java → core/src/main/java/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
- src/org/apache/tomcat/util/net/jss/TomcatJSS.java → core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
- src/org/dogtagpki/tomcat/Http11NioProtocol.java → core/src/main/java/org/dogtagpki/tomcat/Http11NioProtocol.java
- src/org/dogtagpki/tomcat/JSSListener.java → core/src/main/java/org/dogtagpki/tomcat/JSSListener.java
- debian/changelog
- debian/control
- debian/rules
- + docs/development/Synchronizing-GitLab-Branch.adoc
- + tests/bin/ds-artifacts-save.sh
- + tests/bin/ds-create.sh
- + tests/bin/ds-remove.sh
- + tests/bin/pki-artifacts-save.sh
- + tests/bin/runner-init.sh
- tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java → tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
- tomcat-8.5/src/org/dogtagpki/tomcat/JSSImplementation.java → tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSImplementation.java
- tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java → tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSUtil.java
- tomcatjss.spec
Changes:
=====================================
.classpath
=====================================
@@ -1,16 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="src"/>
- <classpathentry kind="src" path="tomcat-8.5/src"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="src" path="core/src/main/java"/>
+ <classpathentry kind="src" path="tomcat-9.0/src/main/java"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-lang3.jar"/>
<classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/>
- <classpathentry kind="lib" path="/usr/lib/java/jss4.jar"/>
+ <classpathentry kind="lib" path="/usr/lib/java/jss.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-coyote.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-juli.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-util.jar"/>
<classpathentry kind="lib" path="/usr/share/java/slf4j/slf4j-api.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/catalina.jar"/>
<classpathentry kind="lib" path="/usr/share/java/tomcat/tomcat-api.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
+ <attributes>
+ <attribute name="module" value="true"/>
+ </attributes>
+ </classpathentry>
<classpathentry kind="output" path="bin"/>
</classpath>
=====================================
.github/workflows/pki-tests.yml
=====================================
@@ -0,0 +1,127 @@
+name: PKI Tests
+
+on: [push, pull_request]
+
+jobs:
+ init:
+ name: Initializing Workflow
+ runs-on: ubuntu-latest
+ container: fedora:latest
+ outputs:
+ matrix: ${{ steps.set-matrix.outputs.matrix }}
+ steps:
+ - name: Set up test matrix
+ id: set-matrix
+ run: |
+ export latest=$(cat /etc/fedora-release | awk '{ print $3 }')
+ export previous=$(cat /etc/fedora-release | awk '{ print $3 - 1 }')
+ echo "Running CI against Fedora $previous and $latest"
+ if [ "${{ secrets.MATRIX }}" == "" ]
+ then
+ echo "::set-output name=matrix::{\"os\":[\"$previous\", \"$latest\"]}"
+ else
+ echo "::set-output name=matrix::${{ secrets.MATRIX }}"
+ fi
+
+ build:
+ name: Building TomcatJSS
+ needs: init
+ runs-on: ubuntu-latest
+ env:
+ COPR_REPO: "@pki/10.11"
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action at v1
+
+ - name: Build runner image
+ uses: docker/build-push-action at v2
+ with:
+ context: .
+ build-args: |
+ OS_VERSION=${{ matrix.os }}
+ COPR_REPO=${{ env.COPR_REPO }}
+ BUILD_OPTS=--with-timestamp --with-commit-id
+ tags: tomcatjss-runner
+ target: tomcatjss-runner
+ outputs: type=docker,dest=/tmp/tomcatjss-runner.tar
+
+ - name: Upload runner image
+ uses: actions/upload-artifact at v2
+ with:
+ name: tomcatjss-runner-${{ matrix.os }}
+ path: /tmp/tomcatjss-runner.tar
+
+ ca-test:
+ name: Installing CA
+ needs: [init, build]
+ runs-on: ubuntu-latest
+ env:
+ SHARED: /tmp/workdir/tomcatjss
+ COPR_REPO: "@pki/10.11"
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Download runner image
+ uses: actions/download-artifact at v2
+ with:
+ name: tomcatjss-runner-${{ matrix.os }}
+ path: /tmp
+
+ - name: Load runner image
+ run: docker load --input /tmp/tomcatjss-runner.tar
+
+ - name: Run container
+ run: |
+ IMAGE=tomcatjss-runner \
+ NAME=pki \
+ HOSTNAME=pki.example.com \
+ tests/bin/runner-init.sh
+
+ - name: Install DS and PKI packages
+ run: docker exec pki dnf install -y 389-ds-base pki-ca
+
+ - name: Install DS
+ run: docker exec pki ${SHARED}/tests/bin/ds-create.sh
+
+ - name: Install CA
+ run: docker exec pki pkispawn -f /usr/share/pki/server/examples/installation/ca.cfg -s CA -v
+
+ - name: Run PKI healthcheck
+ run: docker exec pki pki-healthcheck --debug
+
+ - name: Verify CA admin
+ run: |
+ docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
+ docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
+ docker exec pki pki client-cert-import \
+ --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
+ --pkcs12-password-file /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
+ docker exec pki pki -n caadmin ca-user-show caadmin
+
+ - name: Gather artifacts
+ if: always()
+ run: |
+ tests/bin/ds-artifacts-save.sh pki
+ tests/bin/pki-artifacts-save.sh pki
+
+ - name: Remove CA
+ run: docker exec pki pkidestroy -i pki-tomcat -s CA -v
+
+ - name: Remove DS
+ run: docker exec pki ${SHARED}/tests/bin/ds-remove.sh
+
+ - name: Upload artifacts
+ if: always()
+ uses: actions/upload-artifact at v2
+ with:
+ name: ca-${{ matrix.os }}
+ path: |
+ /tmp/artifacts/pki
=====================================
.github/workflows/required.yml deleted
=====================================
@@ -1,20 +0,0 @@
-name: Required Tests
-
-on: [push, pull_request]
-
-jobs:
- test:
- runs-on: ubuntu-latest
- container: ${{ matrix.image }}
- strategy:
- matrix:
- image: ['fedora:31', 'fedora:latest']
- steps:
- - run: dnf install -y dnf-plugins-core gcc make rpm-build git
- - name: Clone the repository
- uses: actions/checkout at v2
- - run: dnf copr -y enable ${TOMCATJSS_7_4_REPO:- at pki/master}
- - run: dnf builddep -y --spec tomcatjss.spec
- - run: dnf remove -y tomcat-native
- - run: ./build.sh --with-timestamp --with-commit-id --work-dir=../packages rpm
- - run: rpm -Uvh ../packages/RPMS/*
=====================================
.gitignore
=====================================
@@ -1,3 +1,4 @@
-bin
+/bin
build
dist
+target/
=====================================
.gitlab-ci.yml
=====================================
@@ -0,0 +1,22 @@
+image: fedora
+
+sync:
+
+ script:
+ - echo "Synchronizing $CI_COMMIT_BRANCH branch from $UPSTREAM_URL to $CI_PROJECT_URL"
+ - dnf install -y git
+ - git remote set-url origin https://sync:$ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git
+ - git remote remove upstream || true
+ - git remote add upstream $UPSTREAM_URL
+ - git remote -v
+ - git fetch upstream $CI_COMMIT_BRANCH
+ - git checkout upstream/$CI_COMMIT_BRANCH
+ - git log origin/$CI_COMMIT_BRANCH..upstream/$CI_COMMIT_BRANCH --oneline
+ - GIT_SSL_NO_VERIFY=true git push origin HEAD:$CI_COMMIT_BRANCH
+
+ rules:
+ - if: $SYNC == "true"
+
+ tags:
+ # Use shared runners.
+ - shared
=====================================
Dockerfile
=====================================
@@ -0,0 +1,47 @@
+#
+# Copyright Red Hat, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+ARG OS_VERSION="latest"
+ARG COPR_REPO="@pki/10.11"
+
+################################################################################
+FROM registry.fedoraproject.org/fedora:$OS_VERSION AS tomcatjss-builder
+
+ARG COPR_REPO
+ARG BUILD_OPTS
+
+# Enable COPR repo if specified
+RUN if [ -n "$COPR_REPO" ]; then dnf install -y dnf-plugins-core; dnf copr enable -y $COPR_REPO; fi
+
+# Import source
+COPY . /tmp/tomcatjss/
+WORKDIR /tmp/tomcatjss
+
+# Build packages
+RUN dnf install -y git rpm-build
+RUN dnf builddep -y --spec tomcatjss.spec
+RUN ./build.sh $BUILD_OPTS --work-dir=build rpm
+
+################################################################################
+FROM registry.fedoraproject.org/fedora:$OS_VERSION AS tomcatjss-runner
+
+ARG COPR_REPO
+
+EXPOSE 389 8080 8443
+
+# Enable COPR repo if specified
+RUN if [ -n "$COPR_REPO" ]; then dnf install -y dnf-plugins-core; dnf copr enable -y $COPR_REPO; fi
+
+# Import packages
+COPY --from=tomcatjss-builder /tmp/tomcatjss/build/RPMS /tmp/RPMS/
+
+# Install packages
+RUN dnf localinstall -y /tmp/RPMS/*; rm -rf /tmp/RPMS
+
+# Install systemd to run the container
+RUN dnf install -y systemd
+
+CMD [ "/usr/sbin/init" ]
=====================================
build.xml
=====================================
@@ -58,7 +58,7 @@
Set the properties related to the source tree
-->
<exec executable="pwd" failonerror="true" outputproperty="cwd"/>
- <property name="src.dir" value="tomcat-8.5"/>
+ <property name="src.dir" value="tomcat-9.0"/>
<property name="lib.dir" value="lib"/>
<property name="docs.dir" value="docs"/>
@@ -110,7 +110,7 @@
<property name="jss.home" value="${jnidir}" />
<!-- This property is set to '/dirsec' when built on rhel4 -->
<property name="dirsec" value="" />
- <property name="jss.jar" value="${jss.home}${dirsec}/jss4.jar" />
+ <property name="jss.jar" value="${jss.home}${dirsec}/jss.jar" />
<property name="commons-lang3.jar" value="${jar.home}/commons-lang3.jar" />
<!--
@@ -173,7 +173,7 @@
<include name="README"/>
<include name="LICENSE"/>
<include name="build.xml"/>
- <include name="src/**"/>
+ <include name="core/src/**"/>
<include name="${src.dir}/**"/>
</zipfileset>
</zip>
@@ -182,7 +182,7 @@
<include name="README"/>
<include name="LICENSE"/>
<include name="build.xml"/>
- <include name="src/**"/>
+ <include name="core/src/**"/>
<include name="${src.dir}/**"/>
</tarfileset>
</tar>
@@ -218,8 +218,8 @@
<!-- Compile the java code from ${src} into ${build} -->
<mkdir dir="${build.classes}"/>
<javac debug="on" destdir="${build.classes}" source="1.8" target="1.8">
- <src path="src"/>
- <src path="${src.dir}"/>
+ <src path="core/src/main/java"/>
+ <src path="${src.dir}/src/main/java"/>
<classpath refid="classpath"/>
</javac>
</target>
=====================================
src/org/apache/tomcat/util/net/jss/IPasswordStore.java → core/src/main/java/org/apache/tomcat/util/net/jss/IPasswordStore.java
=====================================
=====================================
src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java → core/src/main/java/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
=====================================
=====================================
src/org/apache/tomcat/util/net/jss/TomcatJSS.java → core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
=====================================
@@ -37,7 +37,6 @@ import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang3.StringUtils;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.InitializationValues;
-import org.mozilla.jss.NoSuchTokenException;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.ssl.SSLAlertEvent;
@@ -471,13 +470,7 @@ public class TomcatJSS implements SSLSocketListener {
public void login(String tag) throws Exception {
- CryptoToken token;
- try {
- token = getToken(tag);
- } catch (NoSuchTokenException e) {
- logger.warn("TomcatJSS: token for " + tag + " not found");
- return;
- }
+ CryptoToken token = getToken(tag);
if (token.isLoggedIn()) {
logger.debug("TomcatJSS: already logged into " + tag);
=====================================
src/org/dogtagpki/tomcat/Http11NioProtocol.java → core/src/main/java/org/dogtagpki/tomcat/Http11NioProtocol.java
=====================================
=====================================
src/org/dogtagpki/tomcat/JSSListener.java → core/src/main/java/org/dogtagpki/tomcat/JSSListener.java
=====================================
=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+tomcatjss (7.7.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ * rules: Fix source dir path.
+ * control: Bump libjss-java dependency.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Mon, 06 Sep 2021 11:48:16 +0300
+
tomcatjss (7.6.1-1) unstable; urgency=medium
* New upstream release.
=====================================
debian/control
=====================================
@@ -9,7 +9,7 @@ Build-Depends:
default-jdk,
javahelper,
libcommons-lang3-java,
- libjss-java (>= 4.8.0~),
+ libjss-java (>= 4.9.1~),
libslf4j-java,
libtomcat9-java (>= 9.0.37-2~),
Standards-Version: 4.5.0
@@ -21,7 +21,7 @@ Package: libtomcatjss-java
Architecture: all
Depends: libtomcat9-java, ${java:Depends}, ${misc:Depends},
libcommons-lang3-java,
- libjss-java (>= 4.8.0~),
+ libjss-java (>= 4.9.1~),
libslf4j-java,
Conflicts: libtcnative-1
Breaks: pki-server (<< 10.3.5-2)
=====================================
debian/rules
=====================================
@@ -9,7 +9,7 @@ export CLASSPATH=/usr/share/java/jss.jar:/usr/share/java/tomcat-coyote.jar
override_dh_auto_build:
ant \
-Dant.build.javac.source=1.8 -Dant.build.javac.target=1.8 \
- -Dsrc.dir=tomcat-8.5 \
+ -Dsrc.dir=tomcat-9.0 \
-Dcatalina.jar=/usr/share/java/tomcat9-catalina.jar \
-Dtomcat-api.jar=/usr/share/java/tomcat9-api.jar \
-Dtomcat-coyote.jar=/usr/share/java/tomcat9-coyote.jar \
=====================================
docs/development/Synchronizing-GitLab-Branch.adoc
=====================================
@@ -0,0 +1,48 @@
+= Synchronizing GitLab Branch =
+
+== Overview ==
+
+This page describes the procedure to synchronize a branch from an upstream repository
+to a GitLab repository.
+
+== Creating Access Token ==
+
+In the GitLab repository create a project access token with a **write_repository** permission.
+
+See link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#creating-a-project-access-token[Creating a project access token].
+
+== Configuring Synchronization ==
+
+In the GitLab repository create the following variables:
+
+* `UPSTREAM_URL`: The URL of the upstream repository.
+** Unselect **Protect variable** to synchronize unprotected branches.
+* `ACCESS_TOKEN`: The value of the access token.
+** Unselect **Protect variable** to synchronize unprotected branches.
+** Select **Mask variable** to keep the access token hidden.
+
+See link:https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project[Add a CI/CD variable to a project].
+
+== Running Synchronization Manually ==
+
+In the GitLab repository run a pipeline with the following parameters:
+
+* **Run for branch name or tag**: The branch to be synchronized.
+* **Variables**:
+** `SYNC`: `true`
+
+See link:https://docs.gitlab.com/ee/ci/pipelines/#run-a-pipeline-manually[Run a pipeline manually].
+
+== Scheduling Automatic Synchronization ==
+
+In the GitLab repository create a schedule with the following parameters:
+
+* **Interval Pattern**: The frequency of synchronization.
+** To synchronize every hour, enter: `0 * * * *`
+* **Target Branch**: The branch to be synchronized.
+* **Variables**:
+** `SYNC`: `true`
+
+Additional schedules can be created for synchronizing other branches.
+
+See link:https://docs.gitlab.com/ee/ci/pipelines/schedules.html#configuring-pipeline-schedules[Configuring pipeline schedules].
=====================================
tests/bin/ds-artifacts-save.sh
=====================================
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+CONTAINER=$1
+INSTANCE=$2
+
+if [ "$INSTANCE" == "" ]
+then
+ INSTANCE=localhost
+fi
+
+ARTIFACTS=/tmp/artifacts/$CONTAINER
+
+mkdir -p $ARTIFACTS/etc
+mkdir -p $ARTIFACTS/var/log
+
+docker exec $CONTAINER ls -la /etc/dirsrv
+docker cp $CONTAINER:/etc/dirsrv $ARTIFACTS/etc
+
+docker exec $CONTAINER ls -la /var/log/dirsrv
+docker cp $CONTAINER:/var/log/dirsrv $ARTIFACTS/var/log
+docker exec $CONTAINER journalctl -u dirsrv@$INSTANCE.service > $ARTIFACTS/var/log/dirsrv/slapd-$INSTANCE/systemd.log
=====================================
tests/bin/ds-create.sh
=====================================
@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+# This command needs to be executed as it pulls the machine name
+# dynamically.
+dscreate create-template ds.inf
+
+sed -i \
+ -e "s/;instance_name = .*/instance_name = localhost/g" \
+ -e "s/;root_password = .*/root_password = Secret.123/g" \
+ -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
+ -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
+ ds.inf
+
+dscreate from-file ds.inf
+
+ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: dc=example,dc=com
+objectClass: domain
+dc: example
+
+dn: dc=pki,dc=example,dc=com
+objectClass: domain
+dc: pki
+EOF
=====================================
tests/bin/ds-remove.sh
=====================================
@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+dsctl slapd-localhost remove --do-it
=====================================
tests/bin/pki-artifacts-save.sh
=====================================
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+CONTAINER=$1
+INSTANCE=$2
+
+if [ "$INSTANCE" == "" ]
+then
+ INSTANCE=pki-tomcat
+fi
+
+ARTIFACTS=/tmp/artifacts/$CONTAINER
+
+mkdir -p $ARTIFACTS/etc/pki
+mkdir -p $ARTIFACTS/var/log
+
+docker exec $CONTAINER ls -la /etc/pki
+docker cp $CONTAINER:/etc/pki/pki.conf $ARTIFACTS/etc/pki
+docker cp $CONTAINER:/etc/pki/$INSTANCE $ARTIFACTS/etc/pki
+
+docker exec $CONTAINER ls -la /var/log/pki
+docker cp $CONTAINER:/var/log/pki $ARTIFACTS/var/log
+docker exec $CONTAINER journalctl -u pki-tomcatd@$INSTANCE.service > $ARTIFACTS/var/log/pki/$INSTANCE/systemd.log
=====================================
tests/bin/runner-init.sh
=====================================
@@ -0,0 +1,19 @@
+#!/bin/bash -ex
+
+docker run \
+ --name=${NAME} \
+ --hostname=${HOSTNAME} \
+ --detach \
+ --privileged \
+ --tmpfs /tmp \
+ --tmpfs /run \
+ -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
+ -v ${GITHUB_WORKSPACE}:${SHARED} \
+ -i \
+ ${IMAGE}
+
+# Pause 5 seconds to let the container start up.
+# The container uses /usr/sbin/init as its entrypoint which requires few seconds
+# to startup. This avoids the following error:
+# [Errno 2] No such file or directory: '/var/cache/dnf/metadata_lock.pid'
+sleep 5
=====================================
tomcat-8.5/src/org/dogtagpki/tomcat/JSSContext.java → tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
=====================================
@@ -1,24 +1,17 @@
package org.dogtagpki.tomcat;
-import java.security.Provider;
import java.security.KeyManagementException;
import java.security.SecureRandom;
-import java.security.Security;
-import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-import org.apache.tomcat.util.net.SSLContext;
-
import org.mozilla.jss.JSSProvider;
import org.mozilla.jss.provider.javax.crypto.JSSKeyManager;
import org.mozilla.jss.provider.javax.crypto.JSSTrustManager;
import org.mozilla.jss.ssl.javax.JSSEngine;
-import org.mozilla.jss.ssl.javax.JSSParameters;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
=====================================
tomcat-8.5/src/org/dogtagpki/tomcat/JSSImplementation.java → tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSImplementation.java
=====================================
=====================================
tomcat-8.5/src/org/dogtagpki/tomcat/JSSUtil.java → tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSUtil.java
=====================================
@@ -21,29 +21,23 @@ package org.dogtagpki.tomcat;
import java.util.Arrays;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
import java.util.Set;
-import java.util.HashSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.SSLEngine;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.net.SSLHostConfigCertificate;
-import org.apache.tomcat.util.net.jsse.JSSEKeyManager;
import org.apache.tomcat.util.net.SSLContext;
-import org.apache.tomcat.util.net.SSLUtil;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtilBase;
-
import org.mozilla.jss.JSSProvider;
-import org.mozilla.jss.crypto.Policy;
import org.mozilla.jss.provider.javax.crypto.JSSNativeTrustManager;
-import org.mozilla.jss.ssl.SSLCipher;
-import org.mozilla.jss.ssl.SSLVersion;
public class JSSUtil extends SSLUtilBase {
public static Log logger = LogFactory.getLog(JSSUtil.class);
=====================================
tomcatjss.spec
=====================================
@@ -7,9 +7,11 @@ URL: http://www.dogtagpki.org/wiki/TomcatJSS
License: LGPLv2+
BuildArch: noarch
-Version: 7.6.1
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
+Version: 7.7.0
Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
-#global _phase -a1
+#global _phase -alpha1
# To generate the source tarball:
# $ git clone https://github.com/dogtagpki/tomcatjss.git
@@ -28,6 +30,20 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
# > tomcatjss-VERSION-RELEASE.patch
# Patch: tomcatjss-VERSION-RELEASE.patch
+################################################################################
+# Java
+################################################################################
+
+%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
+%define java_devel java-1.8.0-openjdk-devel
+%define java_headless java-1.8.0-openjdk-headless
+%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
+%else
+%define java_devel java-11-openjdk-devel
+%define java_headless java-11-openjdk-headless
+%define java_home /usr/lib/jvm/jre-11-openjdk
+%endif
+
################################################################################
# Build Dependencies
################################################################################
@@ -36,13 +52,10 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
# jss requires versioning to meet both build and runtime requirements
# tomcat requires versioning to meet both build and runtime requirements
-# autosetup
-BuildRequires: git
-
# Java
BuildRequires: ant
BuildRequires: apache-commons-lang3
-BuildRequires: java-devel
+BuildRequires: %{java_devel}
BuildRequires: jpackage-utils >= 0:1.7.5-15
# SLF4J
@@ -50,10 +63,10 @@ BuildRequires: slf4j
BuildRequires: slf4j-jdk14
# JSS
-BuildRequires: jss >= 4.8.0
+BuildRequires: jss >= 4.9.0, jss < 5.0.0
# Tomcat
-%if 0%{?rhel}
+%if 0%{?rhel} && ! 0%{?eln}
BuildRequires: pki-servlet-engine >= 1:9.0.7
%else
BuildRequires: tomcat >= 1:9.0.7
@@ -65,11 +78,7 @@ BuildRequires: tomcat >= 1:9.0.7
# Java
Requires: apache-commons-lang3
-%if 0%{?fedora} >= 21
-Requires: java-headless
-%else
-Requires: java
-%endif
+Requires: %{java_headless}
Requires: jpackage-utils >= 0:1.7.5-15
# SLF4J
@@ -77,10 +86,10 @@ Requires: slf4j
Requires: slf4j-jdk14
# JSS
-Requires: jss >= 4.8.0
+Requires: jss >= 4.9.0, jss < 5.0.0
# Tomcat
-%if 0%{?rhel}
+%if 0%{?rhel} && ! 0%{?eln}
Requires: pki-servlet-engine >= 1:9.0.7
%else
Requires: tomcat >= 1:9.0.7
@@ -105,7 +114,7 @@ Services (NSS).
%prep
################################################################################
-%autosetup -n tomcatjss-%{version}%{?_phase} -p 1 -S git
+%autosetup -n tomcatjss-%{version}%{?_phase} -p 1
################################################################################
%install
@@ -113,12 +122,7 @@ Services (NSS).
# get Tomcat <major>.<minor> version number
tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
-
-if [ $tomcat_version == "9.0" ]; then
- app_server=tomcat-8.5
-else
- app_server=tomcat-$tomcat_version
-fi
+app_server=tomcat-$tomcat_version
ant -f build.xml \
-Dversion=%{version} \
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/ff1d3c3558673337ed77fdb1899a41770bd8461e...a23e20bcef103816b3b8d4ca32f215e0c9046f1f
--
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/ff1d3c3558673337ed77fdb1899a41770bd8461e...a23e20bcef103816b3b8d4ca32f215e0c9046f1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20210906/f36997c4/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list