[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][upstream] 11 commits: Update COPR repo

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Tue Mar 15 11:22:37 GMT 2022



Timo Aaltonen pushed to branch upstream at FreeIPA packaging / dogtag-pki


Commits:
09b2d251 by Endi S. Dewata at 2021-10-08T17:27:01-05:00
Update COPR repo

- - - - -
6748b681 by Endi S. Dewata at 2021-11-02T17:22:58-05:00
Fix replica reinstallation

The pkispawn and pkidestroy have been modified to ignore
failures caused by adding an entry or attribute that is
already exists and to check whether a file exists before
removing it during replica removal and reinstallation.

One of the CA clone tests has been modified to test
removing and reinstalling a replica.

Resolves: https://github.com/dogtagpki/pki/issues/3544

- - - - -
2b64641f by Chris Kelley at 2021-11-09T10:37:45+00:00
Deprecated all SHA-1 constants, classes and enum entries.

* Bump version to 11.0.1

- - - - -
d3e7e807 by Endi S. Dewata at 2021-11-11T08:52:55-06:00
Generate warnings for deprecated algorithms on server startup

The PKI server has been modified to generate warnings for
deprecated algorithms in the config files and cert profiles
when the server is started.

- - - - -
2bf3d4a7 by Chris Kelley at 2021-11-11T17:38:03+00:00
Remove SHA-1 from signingAlgsAllowed in configuration files

- - - - -
a699cc56 by Endi S. Dewata at 2021-11-12T17:15:00+00:00
Add acme-wait.sh

The acme-wait.sh has been added to wait for the ACME server
to start before running the tests.

- - - - -
69c0757f by Chris Kelley at 2021-11-15T16:47:30+00:00
Provide user friendly error message when trying to parse invalid JSON

Original JsonParseException is logged, and a new PKIException is thrown
with a user-friendly message.
- - - - -
0821e7d0 by Endi S. Dewata at 2021-12-08T11:55:01+00:00
Update version number to 11.0.2

- - - - -
291f825b by Chris Kelley at 2021-12-16T18:15:26+00:00
Remove KRA CLI XML options

* Only allow JSON
* Provide JSON templates

- - - - -
92447552 by Christina Fu at 2021-12-16T13:53:43-08:00
Bug2033109-Invalid-subCA-certs-pkispawn-single

This patch takes care of the issue reported in the following bug
Bug 2033109 - Invalid certificates with creation of subCA (pkispawn single step)
where the subject DN of a certificate could be unintentionally recoded.

In addition, I found the CA enrollment profile caInstallCACert.cfg to have
only 2 year validity; Also the signingAlgsAllowed list is outdated.
This is also addressed.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=2033109

- - - - -
2e3f18dd by Chris Kelley at 2022-01-19T15:42:04+00:00
Update version number to 11.0.3

- - - - -


30 changed files:

- .github/workflows/acme-tests.yml
- .github/workflows/ca-tests.yml
- Dockerfile
- README.md
- base/acme/Dockerfile
- base/ca/shared/profiles/ca/AdminCert.cfg
- base/ca/shared/profiles/ca/caAgentFileSigning.cfg
- base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
- base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
- base/ca/shared/profiles/ca/caDirPinUserCert.cfg
- base/ca/shared/profiles/ca/caDirUserCert.cfg
- base/ca/shared/profiles/ca/caDualCert.cfg
- base/ca/shared/profiles/ca/caDualRAuserCert.cfg
- base/ca/shared/profiles/ca/caECDualCert.cfg
- base/ca/shared/profiles/ca/caEncUserCert.cfg
- base/ca/shared/profiles/ca/caIPAserviceCert.cfg
- base/ca/shared/profiles/ca/caInstallCACert.cfg
- base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
- base/ca/shared/profiles/ca/caJarSigningCert.cfg
- base/ca/shared/profiles/ca/caOtherCert.cfg
- base/ca/shared/profiles/ca/caRACert.cfg
- base/ca/shared/profiles/ca/caRARouterCert.cfg
- base/ca/shared/profiles/ca/caRAagentCert.cfg
- base/ca/shared/profiles/ca/caRAserverCert.cfg
- base/ca/shared/profiles/ca/caRouterCert.cfg
- base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg
- base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg
- base/ca/shared/profiles/ca/caSigningUserCert.cfg
- base/ca/shared/profiles/ca/caTPSCert.cfg
- base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/e8660ffea9a73d81a0627387691f255a20f585a7...2e3f18dd2807ccfdf7098cc85c3512e2fd46c105

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/e8660ffea9a73d81a0627387691f255a20f585a7...2e3f18dd2807ccfdf7098cc85c3512e2fd46c105
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20220315/c23313f0/attachment.htm>


More information about the Pkg-freeipa-devel mailing list