Sync from SUSE:SLFO:Main certmonger revision 24861fb84184640ea6383f64b4e4fa40

This commit is contained in:
Adrian Schröter 2024-05-03 11:33:24 +02:00
commit 5d321bf272
5 changed files with 302 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

View File

@ -0,0 +1,42 @@
From cccc01f7c3dbc3e9b30e50b86eeaaa7f1500fc94 Mon Sep 17 00:00:00 2001
From: Otto Hollmann <otto.hollmann@suse.com>
Date: Wed, 13 Dec 2023 10:23:39 +0100
Subject: [PATCH] Update tests to be compatible with OpenSSL 3.2
---
tests/003-csrgen-ec/run.sh | 4 ++--
tests/038-ms-v2-template/extract-extdata.py | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/tests/003-csrgen-ec/run.sh b/tests/003-csrgen-ec/run.sh
index cd9f9422..196b6d02 100755
--- a/tests/003-csrgen-ec/run.sh
+++ b/tests/003-csrgen-ec/run.sh
@@ -42,8 +42,8 @@ grep ^minicert= entry.nss.$size | sed s,^minicert=,, | base64 -d > minicert.nss.
openssl x509 -out minicert.nss.$size.pem -in minicert.nss.$size -inform der
# The RSA tests already verify the contents of the requests, so we really only
# need to care about the signatures passing verification.
-openssl req -verify -noout < csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
-openssl req -verify -noout < csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
+openssl req -verify -noout -in csr.nss.$size 2>&1 | sed 's/Certificate request self-signature //'
+openssl req -verify -noout -in csr.openssl.$size 2>&1 | sed 's/Certificate request self-signature //'
openssl spkac -verify -noout < spkac.nss.$size 2>&1
openssl spkac -verify -noout < spkac.openssl.$size 2>&1
openssl verify -CAfile minicert.openssl.$size.pem minicert.openssl.$size.pem 2>&1
diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
index 8b6b14ff..e2f84a10 100755
--- a/tests/038-ms-v2-template/extract-extdata.py
+++ b/tests/038-ms-v2-template/extract-extdata.py
@@ -13,7 +13,8 @@ STATE_SEARCH, STATE_FOUND, STATE_DONE = range(3)
state = STATE_SEARCH
for line in sys.stdin:
- if state == STATE_SEARCH and ':1.3.6.1.4.1.311.21.7' in line:
+ if state == STATE_SEARCH and (':Microsoft certificate template' in line
+ or ':1.3.6.1.4.1.311.21.7' in line):
state = STATE_FOUND
continue
--
2.42.0

BIN
certmonger-0.79.19.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

100
certmonger.changes Normal file
View File

@ -0,0 +1,100 @@
-------------------------------------------------------------------
Wed Dec 13 08:48:02 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to 0.79.19
* getcert: add-scep-ca: fix help for --ca-cert and --ra-cert
* Don't restrict tokens to CKM_RSA_X_509
* Updated translations from Weblate
- Update to 0.79.18
* Rename DBus service and conf files to match canonical name
* Add missing .TP tags in getcert-resubmit man page
* migrated to SPDX license
* Include owner and perms in getcert list output
* Don't require an NSS database in cm_certread_n_parse
* Add new certs to internal token, try harder to remove on renewal
- Update to 0.79.17
* Respect LDFLAGS settings defined by user
* Switch to CA user when saving NSS certificates
* Translated using Weblate (German)
* Translated using Weblate (Georgian)
- Update to 0.79.16
* Add a PEM validity checker and validate SCEP CA files
* Fix implicit declaration of function PEM_read_bio_X509
* Don't include "NEW" in certificate signing requests
* Verify that the AES-128 is used for encrypting the local CA
* Replace DER-encoded test file with a base64-encoded one
* Correct a bad date in the spec changelog
* Switch to https URLs for Sources, etc.
* Remove dependency on SHA-1
* tests: Test that the CA constraint DER encoding is correct
* Disable DSA in the RPM spec
* Manually build the srpm for the copr CI
* Require jansson >= 2.12
* Mark the current directory as a safe git directory
* Fix usage of PKCS#7 ASN1 attribute retrieval for SCEP keygen
* Translated using Weblate (Chinese (Simplified) (zh_CN))
* Translated using Weblate (Georgian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Chinese (Simplified) (zh_CN))
* Translated using Weblate (Hungarian)
- Removed 0001-Disable-DSA-in-the-RPM-spec.patch
- Added 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
-------------------------------------------------------------------
Wed Oct 11 07:03:37 UTC 2023 - Simon Lees <sflees@suse.de>
- dbus-daemon is now split out into a separate package.
-------------------------------------------------------------------
Fri Jun 17 19:47:46 UTC 2022 - Matthew Davis <novell@virtual.drop.net>
- Added 0001-Disable-DSA-in-the-RPM-spec.patch
- Removed 0002-certmonger-return-type.patch.
-------------------------------------------------------------------
Fri Jun 17 19:31:56 UTC 2022 - Matthew Davis <novell@virtual.drop.net>
- Updated to version 0.79.15
- Added minimum libjansson version requirement.
-------------------------------------------------------------------
Mon Jul 26 10:05:33 UTC 2021 - Neal Gompa <ngompa13@gmail.com>
- Use "pkgconfig(systemd)" for the BR to allow hacksaw systemd-mini
package to satisfy dependencies in the openSUSE Build Service.
-------------------------------------------------------------------
Mon Jul 26 03:48:04 UTC 2021 - William Brown <william.brown@suse.com>
- Add buildrequires on systemd which is required for correct installation
of the .service file.
-------------------------------------------------------------------
Sun Feb 28 12:28:48 UTC 2021 - Sasi Olin <hel@lcp.world>
- Update to 0.79.13
-------------------------------------------------------------------
Mon Aug 31 10:30:11 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 0.79.11:
- Fix crash bug when generating thumbprints
- dogtag: use POST for profileProcess requests
- Improve logging in SCEP helper
- Add verbose option to SCEP CA if requested in add-scep-ca
- Re-order the way the SCEP signing and CA certs are collected
- Add new option to allow overriding the detected SCEP CA chain
- template_profile, issuer and MS certificate template are single-value
- Ensure that files read in have a trailing new-line
- Adapt to the new behavior of disconnect in dbus-broker
- Add long command-line options to CLI and man pages
- Include &message=CA-IDENT with GetCACaps and GetCACert requests
- Address issues uncovered by clang and Coverity
- Handle an uninitialized token when adding CA certs to an NSS db
- tests: Parametrize 025-casave with NSS db types
-------------------------------------------------------------------
Sun Apr 12 18:01:28 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc>
- Initial package

134
certmonger.spec Normal file
View File

@ -0,0 +1,134 @@
#
# spec file for package certmonger
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2020 Stasiek Michalski <stasiek@michalski.cc>.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: certmonger
Version: 0.79.19
Release: 0
Summary: Certificate status monitor and PKI enrollment client
License: GPL-3.0-or-later
URL: https://pagure.io/certmonger/
Source0: https://pagure.io/certmonger/archive/%{version}/certmonger-%{version}.tar.gz
Patch0001: 0001-Update-tests-to-be-compatible-with-OpenSSL-3.2.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: dbus-1
BuildRequires: dbus-1-daemon
BuildRequires: dbus-1-devel
BuildRequires: diffutils
BuildRequires: dos2unix
BuildRequires: expect
BuildRequires: gcc
BuildRequires: gettext-devel
BuildRequires: krb5-devel
BuildRequires: libcurl-devel
BuildRequires: libfreebl3-hmac
BuildRequires: libidn2-devel
BuildRequires: libjansson-devel >= 2.12
BuildRequires: libsoftokn3-hmac
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libuuid-devel
BuildRequires: libxml2-devel
BuildRequires: mozilla-nspr-devel
BuildRequires: mozilla-nss-devel
BuildRequires: mozilla-nss-sysinit
BuildRequires: mozilla-nss-tools
BuildRequires: openldap2-devel
BuildRequires: openssl
BuildRequires: openssl-devel
BuildRequires: popt-devel
BuildRequires: python3-dbus-python
# Note - this is required for /usr/share/pkgconfig/systemd.pc, which is used by
# --enable-systemd to discover the unitfile location. There is no way to inject
# this location via the configure call either.
## Note: using pkgconfig(systemd) BR to allow hacksaw systemd-mini package to
## satisfy in the openSUSE Build Service
BuildRequires: pkgconfig(systemd)
BuildRequires: which
BuildRequires: xmlrpc-c-devel
Requires: dbus-1
Requires(post): dbus-1
Requires(preun):dbus-1
Requires(preun):sed
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
%description
Certmonger is a service which is primarily concerned with getting your
system enrolled with a certificate authority (CA) and keeping it enrolled.
%prep
%autosetup -p1
%build
autoreconf -i -f
%configure \
--enable-systemd \
--enable-tmpfiles \
--disable-dsa \
--with-homedir=/run/certmonger \
--with-tmpdir=/run/certmonger --enable-pie --enable-now
%make_build
%install
%make_install
mkdir -p %{buildroot}/%{_localstatedir}/lib/certmonger/{cas,requests}
%{find_lang} %{name}
%check
make check
%pre
%service_add_pre certmonger.service
%post
if test $1 -eq 1 ; then
%{_bindir}/dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig 2>&1 || :
fi
%service_add_post certmonger.service
%tmpfiles_create certmonger.conf
%preun
%service_del_preun certmonger.service
%postun
%service_del_postun certmonger.service
%files -f %{name}.lang
%doc README.md LICENSE STATUS doc/*.txt
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/*
%{_datadir}/dbus-1/services/*
%dir %{_sysconfdir}/certmonger
%config(noreplace) %{_sysconfdir}/certmonger/certmonger.conf
%ghost /run/certmonger
%{_bindir}/*
%{_sbindir}/certmonger
%{_mandir}/man*/*
%{_libexecdir}/%{name}
%{_localstatedir}/lib/certmonger
%{_unitdir}/certmonger.service
%{_tmpfilesdir}/certmonger.conf
%{_datadir}/dbus-1/system-services/*
%changelog