diff --git a/Revert-certmonger-nss-fix.patch b/Revert-certmonger-nss-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..08768c266274c8ea73aed69aceb237a67729a254 --- /dev/null +++ b/Revert-certmonger-nss-fix.patch @@ -0,0 +1,33 @@ +diff --git a/tests/007-certsave-sql/expected.out b/tests/007-certsave-sql/expected.out +index 236c74d..428a8f9 100644 +--- a/tests/007-certsave-sql/expected.out ++++ b/tests/007-certsave-sql/expected.out +@@ -31,9 +31,9 @@ Testing setting trust to CT,C,: + right nickname, right subject: cert CT,C, + wrong nickname, right subject: cert ,, + wrong subject, right nickname: cert ,, +-Testing setting trust to C,,p: +- baseline: cert C,,p +- right nickname, right subject: cert C,,p ++Testing setting trust to C,c,p: ++ baseline: cert C,c,p ++ right nickname, right subject: cert C,c,p + wrong nickname, right subject: cert ,, + wrong subject, right nickname: cert ,, + Skipping rosubdir test. +diff --git a/tests/007-certsave/run.sh b/tests/007-certsave/run.sh +index 1ad1a91..29b0215 100644 +--- a/tests/007-certsave/run.sh ++++ b/tests/007-certsave/run.sh +@@ -135,10 +135,7 @@ $toolsdir/certsave entry.openssl || true + # Now tweak the trust settings on the NSS certificate. The "u" flag seems to + # be tied to whether or not we have a matching private key, so we can't mess + # with it. +-# +-# Oct 1, 2025: Replace C,c,p with C,,p because the valid CA flag is not +-# working as expected in NSS 3.115. +-for trust in ,, P,, ,P, CT,C, C,,p ; do ++for trust in ,, P,, ,P, CT,C, C,c,p ; do + echo Testing setting trust to "$trust": + # Save the right certificate to NSS's database and read it back. + initnssdb $scheme:$tmpdir diff --git a/certmonger-0.79.20.tar.gz b/certmonger-0.79.20.tar.gz deleted file mode 100644 index e8b0183162e579dc191cd4f4f3a95726ffb8f840..0000000000000000000000000000000000000000 Binary files a/certmonger-0.79.20.tar.gz and /dev/null differ diff --git a/certmonger-0.79.21.tar.gz b/certmonger-0.79.21.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1745f8b88b0affc72baf189e51c4606a4eca8d62 Binary files /dev/null and b/certmonger-0.79.21.tar.gz differ diff --git a/certmonger.spec b/certmonger.spec index 8684823ce55ddeee61cef27468423497413a827c..02844566f924368bca1c927bf284dbe196072e22 100644 --- a/certmonger.spec +++ b/certmonger.spec @@ -1,33 +1,65 @@ -Name: certmonger -Version: 0.79.20 -Release: 1 -Summary: Certificate status monitor and PKI enrollment client -License: GPLv3+ -URL: http://pagure.io/certmonger/ -Source0: https://pagure.io/certmonger/archive/certmonger-%{version}/certmonger-%{version}.tar.gz - -BuildRequires: autoconf automake gettext-devel gcc openldap-devel krb5-devel -BuildRequires: libidn2-devel dbus-devel nspr-devel nss-devel openssl-devel -BuildRequires: libuuid-devel libtalloc-devel libtevent-devel libcurl-devel -BuildRequires: libxml2-devel xmlrpc-c-devel systemd-units diffutils expect -BuildRequires: nss-tools openssl /usr/bin/dbus-launch /usr/bin/dos2unix -BuildRequires: /usr/bin/unix2dos /usr/bin/which python3-dbus popt-devel -BuildRequires: jansson jansson-devel -Requires: dbus -Requires(post): %{_bindir}/dbus-send systemd-units -Requires(preun): systemd-units dbus sed -Requires(postun): systemd-units -Conflicts: libtevent < 0.9.13 +Name: certmonger +Version: 0.79.21 +Release: 1 +Summary: Certificate status monitor and PKI enrollment client +License: GPL-3.0-or-later +URL: https://pagure.io/certmonger/ +Source0: https://pagure.io/certmonger/archive/certmonger-%{version}/certmonger-%{version}.tar.gz +# https://pagure.io/certmonger/c/357fde9cee9eeead50b6b985f1d9792eba2db401 +# Revert workaround for nss >= 1.115 +Patch0: Revert-certmonger-nss-fix.patch + +BuildRequires: gcc make +BuildRequires: autoconf automake libtool gettext-devel +BuildRequires: pkgconfig(dbus-1) >= 1.0 +BuildRequires: pkgconfig(jansson) +BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(libidn2) +BuildRequires: pkgconfig(libssl) +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(talloc) +BuildRequires: pkgconfig(tevent) +BuildRequires: pkgconfig(uuid) +BuildRequires: gmp-devel +BuildRequires: krb5-devel +BuildRequires: openldap-devel +BuildRequires: popt-devel +BuildRequires: xmlrpc-c-devel +# for test +BuildRequires: /usr/bin/autoconf +BuildRequires: /usr/bin/automake +BuildRequires: /usr/bin/autopoint +BuildRequires: /usr/bin/certutil +BuildRequires: /usr/bin/cmp +BuildRequires: /usr/bin/cmsutil +BuildRequires: /usr/bin/dbus-launch +BuildRequires: /usr/bin/diff +BuildRequires: /usr/bin/dos2unix +BuildRequires: /usr/bin/expect +BuildRequires: /usr/bin/gawk +BuildRequires: /usr/bin/gcc +BuildRequires: /usr/bin/git +BuildRequires: /usr/bin/libtool +BuildRequires: /usr/bin/make +BuildRequires: /usr/bin/mktemp +BuildRequires: /usr/bin/openssl +BuildRequires: /usr/bin/pk12util +BuildRequires: /usr/bin/python +BuildRequires: /usr/bin/unix2dos +BuildRequires: /usr/bin/which +Requires: dbus +Requires(post): %{_bindir}/dbus-send +Requires(preun): dbus sed +%systemd_requires +Conflicts: libtevent < 0.9.13 %description Certmonger is a service which is primarily concerned with getting your system enrolled with a certificate authority (CA) and keeping it enrolled. -%package help -Summary: Documentation for help using certmonger - -%description help -This package provides docs for user of certmonger. +%package_help %prep %autosetup -n certmonger-%{version} -p1 @@ -38,34 +70,33 @@ This package provides docs for user of certmonger. %endif autoreconf -i -f %configure \ - --enable-systemd --enable-tmpfiles --with-homedir=/var/run/certmonger \ - --with-tmpdir=/var/run/certmonger --enable-pie --enable-now -%make_build XMLRPC_LIBS="-lxmlrpc_client -lxmlrpc_util -lxmlrpc" + --enable-systemd --enable-tmpfiles --with-homedir=/run/certmonger \ + --with-tmpdir=/run/certmonger --enable-pie --enable-now +%make_build %install %make_install install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/certmonger/{cas,requests} -install -m755 -d $RPM_BUILD_ROOT/var/run/certmonger +install -m755 -d $RPM_BUILD_ROOT/run/certmonger %{find_lang} %{name} %check -make check +%make_build check %post if test $1 -eq 1 ; then %{_bindir}/dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig 2>&1 || : fi -if test $1 -eq 1 ; then - /bin/systemctl daemon-reload >/dev/null 2>&1 || : -fi +%systemd_post certmonger.service + %triggerin -- certmonger < 0.58 if test $1 -gt 1 ; then objpath=`dbus-send --system --reply-timeout=10000 --dest=org.openeulerhosted.certmonger \ - --print-reply=o /org/openeulerhosted/certmonger org.openeulerhosted.certmonger.find_ca_by_nickname \ - string:dogtag-ipa-renew-agent 2> /dev/null | sed -r 's,^ +,,g' || true` + --print-reply=o /org/openeulerhosted/certmonger org.openeulerhosted.certmonger.find_ca_by_nickname \ + string:dogtag-ipa-renew-agent 2> /dev/null | sed -r 's,^ +,,g' || true` if test -n "$objpath" ; then dbus-send --system --dest=org.openeulerhosted.certmonger --print-reply /org/openeulerhosted/certmonger \ - org.openeulerhosted.certmonger.remove_known_ca objpath:"$objpath" >/dev/null 2> /dev/null + org.openeulerhosted.certmonger.remove_known_ca objpath:"$objpath" >/dev/null 2> /dev/null fi for cafile in %{_localstatedir}/lib/certmonger/cas/* ; do if grep -q '^id=dogtag-ipa-renew-agent$' "$cafile" ; then @@ -75,28 +106,23 @@ if test $1 -gt 1 ; then fi %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ] ; then - /bin/systemctl try-restart certmonger.service >/dev/null 2>&1 || : -fi +%systemd_postun certmonger.service %preun -if test $1 -eq 0 ; then - /bin/systemctl --no-reload disable certmonger.service > /dev/null 2>&1 || : - /bin/systemctl stop certmonger.service > /dev/null 2>&1 || : -fi +%systemd_preun certmonger.service %triggerun -- certmonger < 0.43 /sbin/chkconfig --del certmonger >/dev/null 2>&1 || : /bin/systemctl try-restart certmonger.service >/dev/null 2>&1 || : %files -f %{name}.lang -%doc README.md LICENSE STATUS doc/*.txt +%license LICENSE +%doc README.md STATUS doc/*.txt %config(noreplace) %{_sysconfdir}/dbus-1/system.d/* %{_datadir}/dbus-1/services/* %dir %{_sysconfdir}/certmonger %config(noreplace) %{_sysconfdir}/certmonger/certmonger.conf -%dir /var/run/certmonger +%dir /run/certmonger %{_bindir}/* %{_sbindir}/certmonger %{_libexecdir}/%{name} @@ -106,10 +132,13 @@ fi %{_datadir}/dbus-1/system-services/* %files help -%doc LICENSE doc/*.txt +%doc doc/*.txt %{_mandir}/man*/* %changelog +* Mon Oct 06 2025 Funda Wang - 0.79.21-1 +- update to 0.79.21 + * Mon Nov 04 2024 fu-shanqing - 0.79.20-1 - update to 0.79.20