[Pkg-freeipa-devel] [Git][freeipa-team/certmonger][master] 48 commits: Rename DBus service and conf files to match canonical name

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Tue Feb 4 09:27:09 GMT 2025 


Timo Aaltonen pushed to branch master at FreeIPA packaging / certmonger


Commits:
caa4026b by Rob Crittenden at 2022-12-06T14:17:37-05:00
Rename DBus service and conf files to match canonical name

See also https://gitlab.freedesktop.org/dbus/dbus/-/issues/168

BZ 2151243

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
486458c5 by Rob Crittenden at 2023-01-25T13:32:44-05:00
Add missing .TP tags in getcert-resubmit man page

They were missing around the owner and perms options.

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
34f46c93 by Rob Crittenden at 2023-02-23T10:13:34-05:00
migrated to SPDX license

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
b13abef3 by Rob Crittenden at 2023-03-23T16:04:34-04:00
Include owner and perms in getcert list output

Fixes: https://pagure.io/certmonger/issue/249

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
e326d705 by Rob Crittenden at 2023-03-23T17:10:29-04:00
Don't require an NSS database in cm_certread_n_parse

If CM_DEFAULT_CERT_STORAGE_LOCATION points to a non-existant
NSS database then parsing certificates will fail. This is
noticable during IPA install when the CA certificates
are tracked and the database doesn't exist.

If the NSS Init fails then certmonger thinks there is no
cert at all and tries to obtain a new one, only to fail again
and again because of the failed parsing.

This function only loads the certificate to parse out
attributes from the certificate. It already initialized with
NSS_INIT_NOCERTDB, NSS_INIT_READONLY and NSS_INIT_NOROOTINIT
which basically says only initialize the volatile certdb,
read-only and don't load root certificates. So not far from
NSS_NoDB_Init.

Adding the NSS_INIT_NOMODDB causes it to not open the
security module database and only initialize its own softoken.

This is sufficient to load a certificate from PEM and parse it.

Fixes: https://pagure.io/certmonger/issue/256

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
a31209b5 by Rob Crittenden at 2023-04-04T16:13:43-04:00
Add new certs to internal token, try harder to remove on renewal

When using a hardware token the certificate will appear twice:
- on the hardware token
- on the internal token as a placeholder for trust

When renewing a certificate be sure to put a copy of the new
certificate onto the internal token to store that trust.

Similarly when a new certificate is added ensure that any old
certificates with the same nickname are removed. This needs to
span all tokens.

SEC_DeletePermCertificate() will not necessarily remove the
certificate on the token it is in so do multiple passes of
"find the certificate" to ensure all copies are removed.

Fixes: https://pagure.io/certmonger/issue/258

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
9a7ce1be by Rob Crittenden at 2023-04-05T11:54:35-04:00
Tag 0.79.18

- - - - -
15bb67ba by Rob Crittenden at 2023-04-06T15:11:13-04:00
Don't restrict tokens to CKM_RSA_X_509

This mechanism is raw RSA and too specific for other tokens.

Instead return all tokens and let the user determine whether it
is fit for purpose.

Fixes: https://pagure.io/certmonger/issue/260

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
9837eb80 by Kenyon Ralph at 2023-08-04T10:16:39-07:00
getcert: add-scep-ca: fix help for --ca-cert and --ra-cert

The actual options are --ca-cert and --ra-cert, as defined in the popts
struct.

Signed-off-by: Kenyon Ralph <kenyon at kenyonralph.com>

- - - - -
57a935c1 by Timo Aaltonen at 2023-08-10T11:44:47+03:00
Merge branch 'upstream'

- - - - -
0efb268f by Timo Aaltonen at 2023-08-10T11:46:45+03:00
vesion bump

- - - - -
ea4f202f by Timo Aaltonen at 2023-08-10T11:47:18+03:00
control: Remove unnecessary constraints.

- - - - -
deb7d868 by Sergey Kazorin at 2023-09-16T14:22:17-03:00
Translated using Weblate (Russian)

Currently translated at 100.0% (473 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ru/

- - - - -
5902ad2f by Andika Triwidada at 2023-09-16T14:22:19-03:00
Translated using Weblate (Indonesian)

Currently translated at 6.3% (30 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/id/

- - - - -
0fc6b86f by Eliska Oplistilova at 2023-09-16T14:22:19-03:00
Translated using Weblate (Czech)

Currently translated at 2.3% (11 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/cs/

- - - - -
9beaef7a by Dankaházi (ifj.) István at 2023-09-16T14:22:19-03:00
Translated using Weblate (Hungarian)

Currently translated at 41.8% (198 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/hu/

- - - - -
b4efba08 by Dankaházi (ifj.) István at 2023-09-16T14:22:19-03:00
Translated using Weblate (Hungarian)

Currently translated at 41.8% (198 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/hu/

- - - - -
6484ce38 by Rikke Sønderlind at 2023-09-16T14:22:19-03:00
Translated using Weblate (Danish)

Currently translated at 33.4% (158 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/da/

- - - - -
516b1d0a by Temuri Doghonadze at 2023-09-16T14:22:19-03:00
Translated using Weblate (Georgian)

Currently translated at 24.7% (117 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ka/

- - - - -
b35922a6 by 김인수 at 2023-09-16T14:22:19-03:00
Translated using Weblate (Korean)

Currently translated at 100.0% (473 of 473 strings)

Translation: certmonger/master
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ko/

- - - - -
0b3c2cb0 by Timo Aaltonen at 2023-09-25T17:16:49+03:00
Do not FTBFS when systemd.pc changes systemdsystemunitdir. (Closes: #1052633)

- - - - -
63cd761b by Rob Crittenden at 2023-10-10T14:25:29-04:00
Tag 0.79.19

- - - - -
5f8811cb by Timo Aaltonen at 2023-10-17T13:57:52+03:00
Merge branch 'upstream'

- - - - -
78f379d2 by Timo Aaltonen at 2023-10-17T13:58:05+03:00
version bump

- - - - -
f28fc5b7 by Timo Aaltonen at 2023-10-17T13:59:26+03:00
dont-require-an-nss-database.diff: Dropped, upstream.

- - - - -
a0ddebde by Timo Aaltonen at 2023-10-17T14:18:39+03:00
watch: Updated.

- - - - -
d4878c82 by Timo Aaltonen at 2023-10-17T14:18:47+03:00
releasing package certmonger version 0.79.19-1

- - - - -
bba83217 by Otto Hollmann at 2023-12-13T13:57:07+01:00
Update tests to be compatible with OpenSSL 3.2

In test 003-csrgen-ec OpenSSL 3.2 shows warning when reading from stdin, so
specify an input file to get rid of this warning.
In test 038-ms-v2-template openssl asn1parse shows ':Microsoft certificate
template' instead of ':1.3.6.1.4.1.311.21.7' so we have to check both versions.
See https://github.com/openssl/openssl/pull/20986

- - - - -
a144529c by Florian Weimer at 2023-12-22T10:54:38+01:00
Fix type error in cm_tdbusm_get_vn

This fixes an out-of-bounds stack write on 32-bit architectures
because dbus_message_iter_get_basic tries to write 64-bit integer
into a 32-bit pointer variable.

- - - - -
b7fc1ae3 by Florian Weimer at 2023-12-22T10:55:21+01:00
Adjust parameter type for util_EVP_PKEY_id

The function pointer needs to match the prototype for i2d_PublicKey
and i2d_PrivateKey, otherwise a compilation error may result.

- - - - -
ffb0d668 by Jingge Chen at 2024-01-04T04:38:22+01:00
Translated using Weblate (Chinese (Simplified) (zh_CN))

Currently translated at 59.8% (283 of 473 strings)

Co-authored-by: Jingge Chen <mariocanfly at hotmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/zh_CN/
Translation: certmonger/master

- - - - -
22ffdaf1 by Weblate Translation Memory at 2024-01-04T04:38:22+01:00
Translated using Weblate (Georgian)

Currently translated at 24.9% (118 of 473 strings)

Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory at weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ka/
Translation: certmonger/master

- - - - -
5a9341f7 by stanislav levin at 2024-01-04T04:38:22+01:00
Translated using Weblate (Russian)

Currently translated at 100.0% (473 of 473 strings)

Co-authored-by: stanislav levin <slev at basealt.ru>
Translate-URL: https://translate.fedoraproject.org/projects/certmonger/master/ru/
Translation: certmonger/master

- - - - -
fec0ade8 by Rob Crittenden at 2024-01-05T10:33:25-05:00
Tag 0.79.19

- - - - -
f93feb9c by Rob Crittenden at 2024-01-05T10:33:59-05:00
Switch BR from /usr/include/popt.h to popt-devel

The BuildRequires was setup to use a file because for some older
distributions popt.h was included in popt itself.

- - - - -
4ef80a83 by Rob Crittenden at 2024-01-22T10:10:27-05:00
getcert: return 2 when trying to create a duplicate entry

This affects the add-ca, request and start-tracking commands.

Returning a unique return code will make scripting easier.

Fixes: https://www.pagure.io/certmonger/issue/269

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
d9a773f7 by Rob Crittenden at 2024-01-30T09:06:53-05:00
getcert: add NULL check to duplicate string compare

Fixes: https://www.pagure.io/certmonger/issue/269

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
2f07040b by Sam Morris at 2024-03-15T19:05:12+00:00
Use correct object path for 'ca' property of request objects in D-Bus API

Fixes: https://issues.redhat.com/browse/RHEL-29246
Signed-off-by: Sam Morris <sam at robots.org.uk>

- - - - -
1d73bab0 by Santeri Pikarinen at 2024-05-17T00:08:20+03:00
Move shell_escape function to util.c

This allows for the shell escaping functionality to be used to improve security
with environment variable handling in other parts of the codebase aswell.

Signed-off-by: Santeri Pikarinen <santeri.pikarinen at gmail.com>

- - - - -
3e23022d by Santeri Pikarinen at 2024-06-09T17:30:02+03:00
Add more environment variables to be passed on to the notification command

The notification command is now called with two new environment variables
storing the notification type and the nickname of the related request
in addition to the environment variable containing the notification message.

Signed-off-by: Santeri Pikarinen <santeri.pikarinen at gmail.com>

- - - - -
4499215d by Rob Crittenden at 2024-06-10T16:57:23-04:00
Tag 0.79.20

- - - - -
0271f1a2 by Timo Aaltonen at 2024-09-13T10:17:56+03:00
Merge tag '0.79.19' into m

tag 0.79.19

- - - - -
2bf719d4 by Timo Aaltonen at 2024-09-13T10:17:59+03:00
Merge branch 'master' into m

- - - - -
c2769d0e by Timo Aaltonen at 2024-09-13T10:18:24+03:00
version bump

- - - - -
1cf2d602 by Timo Aaltonen at 2025-02-04T11:20:10+02:00
rules: Migrate to pkgconf.

- - - - -
e2ebd590 by Timo Aaltonen at 2025-02-04T11:20:32+02:00
control, rules: Migrate to pkgconf.

- - - - -
f685ae80 by Timo Aaltonen at 2025-02-04T11:23:13+02:00
rules: Update clean target.

- - - - -
c9fefaf6 by Timo Aaltonen at 2025-02-04T11:26:14+02:00
releasing package certmonger version 0.79.20-1

- - - - -


30 changed files:

- .gitignore
- certmonger.spec
- configure.ac
- dbus/Makefile.am
- dbus/certmonger.conf.in → dbus/org.fedorahosted.certmonger.conf.in
- dbus/certmonger.service.in → dbus/org.fedorahosted.certmonger.service.in
- debian/certmonger.install
- debian/changelog
- debian/control
- − debian/patches/dont-require-an-nss-database.diff
- debian/patches/series
- debian/rules
- debian/watch
- po/cs_CZ.po
- po/da.po
- po/hu.po
- po/id.po
- po/ka.po
- po/ko.po
- po/ru.po
- po/zh_CN.po
- src/certmonger.conf.5.in
- src/certread-n.c
- src/certsave-n.c
- src/getcert-add-scep-ca.1.in
- src/getcert-resubmit.1.in
- src/getcert.1.in
- src/getcert.c
- src/keygen-n.c
- src/keyiread-n.c


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/freeipa-team/certmonger/-/compare/f7b29c14538187bc2267dd3e620e3efa4463e239...c9fefaf6f830ea0c68cb3cd7eef3df82e9c51076

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/certmonger/-/compare/f7b29c14538187bc2267dd3e620e3efa4463e239...c9fefaf6f830ea0c68cb3cd7eef3df82e9c51076
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20250204/fe447cc3/attachment-0001.htm>

More information about the Pkg-freeipa-devel mailing list