[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][master] 23 commits: Update COPR repo

Tue Mar 15 11:22:35 GMT 2022

Timo Aaltonen pushed to branch master at FreeIPA packaging / dogtag-pki

Commits:
09b2d251 by Endi S. Dewata at 2021-10-08T17:27:01-05:00
Update COPR repo

- - - - -
9d5cd47c by Timo Aaltonen at 2021-10-20T09:34:08+03:00
control: Drop 389-ds-base-dev from build-depends, not used anymore.

- - - - -
04c59b58 by Timo Aaltonen at 2021-10-20T09:36:38+03:00
control: Bump libresteasy-java, libtomcatjss-java depends so we get the classpath fixes.

- - - - -
6748b681 by Endi S. Dewata at 2021-11-02T17:22:58-05:00
Fix replica reinstallation

The pkispawn and pkidestroy have been modified to ignore
failures caused by adding an entry or attribute that is
already exists and to check whether a file exists before
removing it during replica removal and reinstallation.

One of the CA clone tests has been modified to test
removing and reinstalling a replica.

Resolves: https://github.com/dogtagpki/pki/issues/3544

- - - - -
2b64641f by Chris Kelley at 2021-11-09T10:37:45+00:00
Deprecated all SHA-1 constants, classes and enum entries.

* Bump version to 11.0.1

- - - - -
d3e7e807 by Endi S. Dewata at 2021-11-11T08:52:55-06:00
Generate warnings for deprecated algorithms on server startup

The PKI server has been modified to generate warnings for
deprecated algorithms in the config files and cert profiles
when the server is started.

- - - - -
2bf3d4a7 by Chris Kelley at 2021-11-11T17:38:03+00:00
Remove SHA-1 from signingAlgsAllowed in configuration files

- - - - -
a699cc56 by Endi S. Dewata at 2021-11-12T17:15:00+00:00
Add acme-wait.sh

The acme-wait.sh has been added to wait for the ACME server
to start before running the tests.

- - - - -
69c0757f by Chris Kelley at 2021-11-15T16:47:30+00:00
Provide user friendly error message when trying to parse invalid JSON

Original JsonParseException is logged, and a new PKIException is thrown
with a user-friendly message.
- - - - -
de932750 by Timo Aaltonen at 2021-11-18T16:44:48+02:00
control: Drop libatk-wrapper-java from server depends, unused since 2014.

- - - - -
0821e7d0 by Endi S. Dewata at 2021-12-08T11:55:01+00:00
Update version number to 11.0.2

- - - - -
92835fbb by Timo Aaltonen at 2021-12-16T16:24:56+02:00
Merge branch 'upstream'

- - - - -
49878e99 by Timo Aaltonen at 2021-12-16T16:26:15+02:00
bump the version

- - - - -
bc5165ed by Timo Aaltonen at 2021-12-16T16:28:26+02:00
watch: Update url.

- - - - -
291f825b by Chris Kelley at 2021-12-16T18:15:26+00:00
Remove KRA CLI XML options

* Only allow JSON
* Provide JSON templates

- - - - -
92447552 by Christina Fu at 2021-12-16T13:53:43-08:00
Bug2033109-Invalid-subCA-certs-pkispawn-single

This patch takes care of the issue reported in the following bug
Bug 2033109 - Invalid certificates with creation of subCA (pkispawn single step)
where the subject DN of a certificate could be unintentionally recoded.

In addition, I found the CA enrollment profile caInstallCACert.cfg to have
only 2 year validity; Also the signingAlgsAllowed list is outdated.
This is also addressed.

fixes https://bugzilla.redhat.com/show_bug.cgi?id=2033109

- - - - -
13f9ede6 by Timo Aaltonen at 2021-12-17T10:27:51+02:00
rules: Drop dh_apache2, not used.

- - - - -
2e3f18dd by Chris Kelley at 2022-01-19T15:42:04+00:00
Update version number to 11.0.3

- - - - -
57cb27bd by Timo Aaltonen at 2022-01-20T07:28:15+02:00
Merge branch 'upstream'

- - - - -
bab0fb3b by Timo Aaltonen at 2022-01-20T07:28:28+02:00
version bump

- - - - -
9160e972 by Timo Aaltonen at 2022-03-15T13:16:53+02:00
defauilt-webapp-timeout.diff: Force default webapp start timeout to 120 seconds. (Closes: #1001801)

- - - - -
6f60edf4 by Timo Aaltonen at 2022-03-15T13:21:54+02:00
tests: Dump selftests.log if pkispawn fails, and also drop dumping pkispawn log since we have --debug now.

- - - - -
9fe18823 by Timo Aaltonen at 2022-03-15T13:22:16+02:00
releasing package dogtag-pki version 11.0.3-1

- - - - -

30 changed files:

- .github/workflows/acme-tests.yml
- .github/workflows/ca-tests.yml
- Dockerfile
- README.md
- base/acme/Dockerfile
- base/ca/shared/profiles/ca/AdminCert.cfg
- base/ca/shared/profiles/ca/caAgentFileSigning.cfg
- base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
- base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
- base/ca/shared/profiles/ca/caDirPinUserCert.cfg
- base/ca/shared/profiles/ca/caDirUserCert.cfg
- base/ca/shared/profiles/ca/caDualCert.cfg
- base/ca/shared/profiles/ca/caDualRAuserCert.cfg
- base/ca/shared/profiles/ca/caECDualCert.cfg
- base/ca/shared/profiles/ca/caEncUserCert.cfg
- base/ca/shared/profiles/ca/caIPAserviceCert.cfg
- base/ca/shared/profiles/ca/caInstallCACert.cfg
- base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg
- base/ca/shared/profiles/ca/caJarSigningCert.cfg
- base/ca/shared/profiles/ca/caOtherCert.cfg
- base/ca/shared/profiles/ca/caRACert.cfg
- base/ca/shared/profiles/ca/caRARouterCert.cfg
- base/ca/shared/profiles/ca/caRAagentCert.cfg
- base/ca/shared/profiles/ca/caRAserverCert.cfg
- base/ca/shared/profiles/ca/caRouterCert.cfg
- base/ca/shared/profiles/ca/caServerKeygen_DirUserCert.cfg
- base/ca/shared/profiles/ca/caServerKeygen_UserCert.cfg
- base/ca/shared/profiles/ca/caSigningUserCert.cfg
- base/ca/shared/profiles/ca/caTPSCert.cfg
- base/ca/shared/profiles/ca/caUUIDdeviceCert.cfg

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/9f1e316431a96391e5613a4a844868a14b0a3bcf...9fe18823a35e71157ce2abb00bb415c8cd2c5042

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/9f1e316431a96391e5613a4a844868a14b0a3bcf...9fe18823a35e71157ce2abb00bb415c8cd2c5042
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20220315/12c50aca/attachment-0001.htm>