dogtag-pki (10.8.3-1ubuntu1) focal; urgency=medium * control: Add python3-pytest-runner to build-depends. -- Timo Aaltonen Tue, 24 Mar 2020 16:21:58 +0200 dogtag-pki (10.8.3-1) unstable; urgency=medium * New upstream release. * patches: Refreshed. * control: Add python3-setuptools to build-depends. * fix-healthcheck-install.diff: Use debian layout when installing the healthcheck stuff. * install: Updated. * Add debian/gitlab-ci.yml. * gbp.conf: Update for the experimental branch. * tests: Add sudo to Depends. -- Timo Aaltonen Wed, 18 Mar 2020 00:41:13 +0200 dogtag-pki (10.7.4-2) unstable; urgency=medium * Use pybuild. -- Timo Aaltonen Sat, 08 Feb 2020 17:35:13 +0200 dogtag-pki (10.7.4-1) unstable; urgency=medium * New upstream release. * tests: Ignore pkidestroy failures. * Use debhelper-compat 12. -- Timo Aaltonen Thu, 06 Feb 2020 21:13:33 +0200 dogtag-pki (10.7.3-4) unstable; urgency=medium * tomcat-start.sh: Dropped everything we don't need from the original copy from tomcat9. * debian-support.diff: Drop the hunk about disabling pki_security_manager, it works fine with defaults. * control: Bump pki-base-java dep on libjss-java. * fix-tomcat-paths.diff: Cleanups. * tests: Redirect dscreate stderr to stdout. * control: Drop dependency on pki-base from python3-pki-base. (Closes: #940287) -- Timo Aaltonen Tue, 17 Sep 2019 18:22:15 +0300 dogtag-pki (10.7.3-3) unstable; urgency=medium * fix-tomcat-paths.diff: We have /etc/default/tomcat9 instead of tomcat.conf. * pki-tomcatd@.service: Updated to match the upstream version. * hardcode-tomcat-version.diff: Dropped, instead pass --tomcat for pki-server migrate in the service file. -- Timo Aaltonen Sat, 14 Sep 2019 00:06:00 +0300 dogtag-pki (10.7.3-2) unstable; urgency=medium * Switch to python3. (Closes: #918538, #936435, #935606) * tests: Migrate to dscreate, bump 389-ds-base dependency. -- Timo Aaltonen Wed, 11 Sep 2019 23:40:05 +0300 dogtag-pki (10.7.3-1) experimental; urgency=medium * New upstream release. * rules: Fix arch:all build. * patches: Refreshed, use-new-pkcs11-interface.diff dropped. * fix-hamcrest-jar.diff: Fix path to hamcrest jar. * pki-tools.install: Updated. * rules: Disable Junit tests for now. * control: Add go-md2man to build-depends. * control: Bump dependency on libldap-java. * control: Bump dependency on libjss-java. * control: Bump dependency on libtomcatjss-java. * server.postinst: Use 'pki-server migrate'. * control, rules: Drop obsolete dependencies libjavassist-java, libjaxrs-api-java. * control: Add keyutils to pki-server depends. -- Timo Aaltonen Fri, 09 Aug 2019 23:30:54 +0300 dogtag-pki (10.6.10-2) unstable; urgency=medium * rules: Fix arch:all build. -- Timo Aaltonen Mon, 29 Jul 2019 14:09:25 +0300 dogtag-pki (10.6.10-1) unstable; urgency=medium * Upload to unstable. -- Timo Aaltonen Fri, 19 Jul 2019 10:09:06 +0300 dogtag-pki (10.6.10-0ubuntu2) eoan; urgency=medium * tests: Don't test TPS, pkispawn fails for unknown reasons. -- Timo Aaltonen Thu, 09 May 2019 09:27:41 +0300 dogtag-pki (10.6.10-0ubuntu1) eoan; urgency=medium * New upstream release. - debian-support.diff: Updated - run-pki-server-migrate-on-start.diff: Dropped, obsolete * hardcode-tomcat-version.diff: Use a real version, not a wildcard. * debian-support.diff: Fix a typo with deployment_root. * Remove the initscript, add a proper systemd service. * control: Drop libnuxwdog-java from depends, nuxwdog merged to dogtag. * pki-server.install: Update pki-server-nuxwdog install path. * control, rules: Use JDK8 again. * pki-tools.install: Updated. * control: Bump build-dep on libjss-java. * control: Bump dependencies on libtomcatjss-java. -- Timo Aaltonen Fri, 26 Apr 2019 13:33:51 +0300 dogtag-pki (10.6.8-2) unstable; urgency=medium * control: Replace libsrvcore-dev build-dep with 389-ds-base-dev. * Migrate to tomcat9. -- Timo Aaltonen Fri, 07 Dec 2018 10:55:22 +0200 dogtag-pki (10.6.8-1) unstable; urgency=medium * New upstream release. * control: Bump depends on nuxwdog and tomcatjss. * control, use-new-pkcs11-interface.diff: Bump libjss-java depends to 4.5.1, fix build against jdk9+. (Closes: #893142) * patches: Refreshed. * control: Add libjackson2-core-java, -databind-java to build-depends. * dogtag-pki-server-theme.install: Updated. * control, rules: Build-depend on default-jdk again, set JAVA_HOME to match. * tests: Force C locale so that error messages from python can be shown. * control: Bump libresteasy3.0-java dependency for jackson2 provider. * control, rules: Replace libjboss-annotations-1.2-api-java with libgeronimo-annotation-1.3-spec-java. Drop dependency on libscannotation-java. -- Timo Aaltonen Wed, 05 Dec 2018 22:21:50 +0200 dogtag-pki (10.6.7-1) unstable; urgency=medium * New upstream release. * server.postinst: Server migration has been moved to the systemd unit/initfile, drop it from here. -- Timo Aaltonen Tue, 09 Oct 2018 22:26:07 +0300 dogtag-pki (10.6.6-2) unstable; urgency=medium * hardcode-tomcat-version.diff: Our tomcat doesn't have a script to query the version, so hardcode it here so that 'pki-server migrate' works. * run-pki-server-migrate-on-start.diff: Run 'pki-server migrate' on startup to match what the systemd service does. -- Timo Aaltonen Mon, 27 Aug 2018 20:30:44 +0300 dogtag-pki (10.6.6-1) unstable; urgency=medium * New upstream release. * tests: Fix the test loop. * control, rules: Add libjboss-annotations-1.2-api-java to pki-server depends, add links to lib directories. * watch: Updated. * copyright: Update excluded files. * debian-support.diff: Refreshed. * pki-*.install: Updated. * rules: Updated cmake variables for default nssdb and theme. * control: Bump {build-}depends on libjss-java, libldap-java, libtomcatjss-java and libidm-console-framework-java. * rules: Remove tomcat/ on clean. -- Timo Aaltonen Thu, 23 Aug 2018 09:12:47 +0300 dogtag-pki (10.6.1-1) experimental; urgency=medium * New upstream release. - drop cve fix, applied upstream * control: Add conflicts on libtomcat7-java to pki-server. * rules: Replace setting DEB_BUILD_ARCH with including architecture.mk. * control: Update maintainer address. * Bump debhelper to 11. * control: Bump policy to 4.1.4. * control: Update dogtag-pki description to mention that it's a metapackage. * control: Add pki-tools to pki-base-java depends. (Closes: #891370) * tests: Improve logging, fail properly. -- Timo Aaltonen Sun, 20 May 2018 14:47:13 +0300 dogtag-pki (10.6.0-2) experimental; urgency=medium * rules: Build everything in one pass. * Fix ACL evaluation in allow,deny mode. (Closes: #893690) - CVE-2018-1080 -- Timo Aaltonen Wed, 18 Apr 2018 15:07:20 +0300 dogtag-pki (10.6.0-1) experimental; urgency=medium * New upstream release. * control: Update VCS urls. -- Timo Aaltonen Wed, 18 Apr 2018 00:22:25 +0300 dogtag-pki (10.6.0~beta2-3) experimental; urgency=medium * rules: Fix JAVA_HOME, create a symlink to the native jvm dir and ship it with pki-server. * pki-base.postinst: Modify JAVA_HOME for installed instances on upgrade. * debian-support.diff: Revert start delay to 5s, use systemctl enable/disable. -- Timo Aaltonen Tue, 10 Apr 2018 13:20:34 +0300 dogtag-pki (10.6.0~beta2-2) experimental; urgency=medium * pki-tools: Add new manpages. * debian-support.diff: Fix keystore permissions. * debian-support.diff: Skip systemctl enable/disable. * control: Add openjdk-8-jre-headless to pki-base-java depends. -- Timo Aaltonen Fri, 06 Apr 2018 16:11:04 +0300 dogtag-pki (10.6.0~beta2-1) experimental; urgency=medium * New upstream prerelease. * patches: Refreshed. * control, rules: Build using tomcat 8.5, adjust dependencies to match. * fix-jar-search.diff: Dropped, upstream * rules: Use sql nssdb's by default. * debian-support.diff: Bump the delay after starting the instance to 10s. * fix-symkey-path.diff: Move symkey.jar handling here from fix-jar- search.diff. * fix-tomcat-paths.diff: Use tomcat paths provided by Debian, merge fix-cli-migrate.diff here. * tools: DRMTool links are handled by cmake now, drop .links. * rules: Don't clean usr/share/pki/server/lib before dh_install, it's jar symlinks now. * base.install: Updated. * control, rules: Build using JDK8. * control: Add python3-distutils to build-depends. * rename-logging-config.diff: Dropped, upstream. * use-bindsto.diff: Dropped, upstream. * fix-cve-2016-1240.diff: Dropped, upstream. * debian-support.diff: Tomcat setup upstreamed. -- Timo Aaltonen Fri, 30 Mar 2018 09:18:41 +0300 dogtag-pki (10.5.5-1) unstable; urgency=medium * New upstream release. * tests: Add some debugging info, and force the hostname if it isn't set. * patches: Refreshed. * tools.install: Updated. * tests: Remove installed instances. -- Timo Aaltonen Fri, 09 Feb 2018 16:29:06 +0200 dogtag-pki (10.5.3-4) unstable; urgency=medium * rules: Remove resteasy-jandex-jaxrs.jar symlink, it looks unused anyway. (Closes: #857150) * tests: Sleep for 10 seconds between spawning instances, it seems racy otherwise. -- Timo Aaltonen Fri, 05 Jan 2018 10:36:19 +0200 dogtag-pki (10.5.3-3) unstable; urgency=medium * control: Add libhttpclient-java, libhttpcore-java, libjaxrs-api-java to pki-base-java Depends. * rename-logging-config.diff: Rename LOGGING_CONFIG to PKI_LOGGING_CONFIG, otherwise catalina startup would fail. * fix-jar-search.diff: Fix search for commons-collections3.jar and symkey.jar. * rules: Link jboss-logging.jar under server/common/lib too. -- Timo Aaltonen Fri, 22 Dec 2017 14:32:32 +0200 dogtag-pki (10.5.3-2) unstable; urgency=medium * control: Add python{,3}-cryptography to pki-base, pki-server and python3-pki-base Depends. -- Timo Aaltonen Fri, 22 Dec 2017 00:52:21 +0200 dogtag-pki (10.5.3-1) unstable; urgency=medium * New upstream release. * watch: Updated, upstream provides proper tags now. * copyright: Add Files-Excluded for tarball rebuild. * patches: Drop fix-CVE-2017-7537.diff, refresh others. * use-usr-bin.diff: Replace with an upstreamed patch. * Drop fix-junit-jar.diff, add fix-jar-search.diff and modify debian- support.diff and rules to not hardcode distro-specific jar names. * control: Add libslf4j-java, libhttpclient-java, libhttpcore-java to build-depends/depends. * control: Bump dependency on libjss-java. * rules: Use dh_missing, and drop creating links under subsys dirs as that is handled by CMake now. * *install: Added new files to -base, -server and -tools. * control: Bump dependency on libldap-java. * use-bindsto.diff: Fix pki-tpsd.service to use BindsTo instead of BindTo. (Closes: #857186) -- Timo Aaltonen Thu, 21 Dec 2017 18:11:15 +0200 dogtag-pki (10.3.5+12-6) unstable; urgency=medium * Fix autopkgtest to be robust in the face of changed iproute2 output. -- Timo Aaltonen Thu, 21 Dec 2017 10:59:59 +0200 dogtag-pki (10.3.5+12-5) unstable; urgency=medium * rules: Add a link to jboss-logging.jar. * pki-base, pki-server: Fix postinst, strip cruft from the version string. * control: Use tomcat8.0. (Closes: #823332, #846714) * control: Add libcommons-httpclient-java to build-depends, and pki-base-java depends. * control: Use resteasy3.0. * fix-CVE-2017-7537.diff: Change defaults for cmc plugin. (Closes: #869261) * control: Bump dependency on libtomcajss-java to verify we have the correct build. -- Timo Aaltonen Sat, 21 Oct 2017 11:58:04 +0300 dogtag-pki (10.3.5+12-4) unstable; urgency=medium * pki-tomcatd.init: If no instance is configured, the initscript machinery would return error value 5 or 6. This messes up systemd, so just use 'exit 1' on every non-zero return value. (LP: #1664453) * pki-server.postinst: Clarify pki-tomcatd initial start failure message a bit. * Depend libresteasy-java << 3.1.0, because the new on doesn't work even after fixing the build. * pki-tools.links: Fix the convenience links DRMTool -> KRATool. (Closes: #857148) * pki-base.postinst: Force recreating pki.version if upgrading from older than 10.3.5-1. (LP: #1691655) -- Timo Aaltonen Thu, 18 May 2017 09:10:17 +0300 dogtag-pki (10.3.5+12-3) unstable; urgency=medium * server.postrm: Remove /etc/default/pki-tomcat on purge. * create-target-wants.diff: Create target.wants-directories in the python deployment scriptlet too. -- Timo Aaltonen Thu, 16 Feb 2017 11:09:38 +0200 dogtag-pki (10.3.5+12-2) unstable; urgency=medium * base, server, tools: Add new manpages. * use-resteasy-legacy.diff: Fix javadoc build. -- Timo Aaltonen Wed, 15 Feb 2017 13:24:15 +0200 dogtag-pki (10.3.5+12-1) unstable; urgency=medium * New upstream snapshot. Version number is derived from the Fedora release, 10.3.5+12 maps to pki-core 10.3.5-12 on Fedora. * sync-rpm-10.3.5-7.diff: Dropped. * use-resteasy-legacy.diff, control: Port to resteasy 3.1.0-2 which ships resteasy-legacy.jar. (LP: #1664457) -- Timo Aaltonen Wed, 15 Feb 2017 11:06:47 +0200 dogtag-pki (10.3.5-7) unstable; urgency=medium * debian-support: Fix an upgrade script to use /etc/default instead of /etc/sysconfig. * debian-support: Fix nuxwdog to use /etc/default in each case. * create-target-wants.diff: Create the systemd target.wants directories on demand. * pki-server.dirs: Drop target.wants-directories, they'd just get deleted by systemd helpers and are now created on demand anyway. -- Timo Aaltonen Wed, 18 Jan 2017 04:20:42 +0200 dogtag-pki (10.3.5-6) unstable; urgency=medium * sync-rpm-10.3.5-7.diff: Pull changes from upstream branch needed by newer freeipa. * tools.install: Add CMCEnroll manpage. -- Timo Aaltonen Thu, 01 Dec 2016 10:08:50 +0200 dogtag-pki (10.3.5-5) unstable; urgency=medium * server: Add /etc/dogtag to dirs, clean up stuff created by pkispawn on purge. * control: Add libscannotation-java to server depends. * use-bash.diff: Revert some of 4708983b8 to use bash instead of sh in some places where checkbashisms reported warnings. * fix-cve-2016-1240.diff: Fix CVE-2016-1240 in scripts/operations which has code copied from the tomcat initscript. * pki-{ca,kra,ocsp,tks,tps}.postrm: Remove logfiles on purge. -- Timo Aaltonen Thu, 27 Oct 2016 17:31:23 +0300 dogtag-pki (10.3.5-4) unstable; urgency=medium * tests: Add simple autopkgtest that runs setup-ds and pkispawn. * server.postinst: Tell pki-server migrate to migrate to tomcat8. * debian-support.diff: Fix some jar symlinks, and drop extra / from config dirs. * control: Add libcommons-collections3-java, libcommons-dbcp-java, libcommons-pool-java, libjboss-logging-java, libsymkey-java to pki- server Depends. -- Timo Aaltonen Mon, 03 Oct 2016 19:30:15 +0300 dogtag-pki (10.3.5-3) unstable; urgency=medium * rules: Fix path to tomcat8 catalina and util jars, add api and util-scan jars. -- Timo Aaltonen Fri, 30 Sep 2016 18:06:36 +0300 dogtag-pki (10.3.5-2) unstable; urgency=medium * Migrate to tomcat8. * server.postinst: Run pki-migrate for tomcat migration. * fix-cli-migrate.diff: Replace tomcat path hardcoding with ours. * rules: Set JAVA_HOME as a confflag so that it's added to pki.conf. * copyright: Updated. -- Timo Aaltonen Fri, 30 Sep 2016 15:42:40 +0300 dogtag-pki (10.3.5-1) unstable; urgency=medium * New upstream release. - support-only-tomcat.diff, use-dot-instead-of-source.diff: dropped, upstream - fix-debian-paths-for-pki-cli.diff dropped, unnecessary - refresh patches * pki-tools: Add more manpages to install, DRMTool got renamed to KRATool so add convenience links. * control: - bump libjss-java build-dep - add python-nss, python-requests and python-urllib3 to build-depends - add python-nss and python-urllib3 to pki-base depends - add libjaxrs-api-java to build-depends - move python-ldap and python-lxml depends from pki-base to pki-server * rules: Fix jackson/jaxrs jar names so build finds them. * Split pki-base-java from -base, add python3-pki-base. * server.install: Simplify a bit. * debian-support.diff: Force bash in base/server/scripts/operations. * copyright: Updated. * {base,server}.postinst: Lintian fixes, don't use full path for binaries. * patches: Merge fix-default-settings.diff into debian-support.diff, and modify d-s a bit more for upstream inclusion. -- Timo Aaltonen Thu, 22 Sep 2016 16:07:26 +0300 dogtag-pki (10.2.6+git20160317-2) unstable; urgency=medium * pki-{ca,kra,ocsp,tks,tps}.dirs: Deleted, the obsolete targets are long gone anyway. * control: Drop selinux-policy-dev from build-depends. (Closes: #821810) * pki-base.postinst: Strip extra cruft from version number for pki- upgrade, only the upstream base version matters. (Closes: #821909) -- Timo Aaltonen Wed, 18 May 2016 10:48:27 +0300 dogtag-pki (10.2.6+git20160317-1) unstable; urgency=medium * update to current 10_2_6_BRANCH. - refresh patches - add pki-user-membership.1 to pki-tools - tomcat7-build-fix.diff: Dropped, upstream. * rules: Mark systemd units disabled by default. * use-usr-bin.diff: Updated. * use-root-homedir.diff: Force home_dir to be /root, so that ipa works right. * control: Add conflicts on strongswan-pki. * pki-server: Remove default.cfg, logs on purge. (Closes: #814636) * pki-base: Remove pki.conf on purge. (Closes: #804312) -- Timo Aaltonen Tue, 05 Apr 2016 19:37:03 +0300 dogtag-pki (10.2.6-3) unstable; urgency=medium * pki-base.postrm: Remove upgrade logs on purge. (Closes: #801139) * use-usr-bin.diff: Fix paths to binaries to use /usr/bin instead of /bin. -- Timo Aaltonen Fri, 08 Jan 2016 02:18:17 +0200 dogtag-pki (10.2.6-2) unstable; urgency=medium * pki-server.dirs: Add pki-tomcatd-nuxwdog.target.wants. * base.postrm: No need to remove /etc/pki here. * debian-support.diff: Drop /etc/default/tomcat8, was a leftover from t8 testing. (Closes: #800558) * debian-support.diff: Import /lib/lsb/init-functions in scripts/operations. (Closes: #800559) -- Timo Aaltonen Thu, 01 Oct 2015 08:14:52 +0300 dogtag-pki (10.2.6-1) unstable; urgency=medium * New upstream release based on DOGTAG_10_2_6_FEDORA_22_23_20150718 tag. * Refresh patches, drop upstreamed ones. * control: Drop libcrypt-ssleay-perl and libxml-perl from depends. * pki-tools.install: Add pki-ca-profile manpage. * control: Add python-sphinx to build-depends. * fix-jackson-paths.diff: Dropped, obsolete. Refresh other patches to drop unused jackson includes. * pki-server.install: Add sbin/pki-server. * control: strongswan-starter didn't rename it's 'pki' as planned, so add an unversioned Conflicts to pki-tools. (Closes: #767561) * control: Update vcs-git location (-> dogtag-pki.git). * Update patches. * control, pki-server.install: Clean up perl stuff, drop pki-setup- proxy which is gone. * control: Add libnuxwdog-java to build-depends, and pki-server depends. * install: Added new manpages, nuxwdog support, html docs to pki-base. * debian-support.diff: Fix nuxwdog paths. * debian-support.diff: Don't try to manage rc3.d/* symlinks. * rules: Symlink jars under subsystem WEB-INF. * pki-server.postinst, pki-base.post{inst,rm}: Add pki-upgrade/pki- server-upgrade snippets. * rules, patches: Explicitly build using tomcat7, and add a dummy method. (Closes: #789138) * use-dot-instead-of-source.diff: Fix bashisms. * debian-support.diff: Fix JNI_JAR_DIR. -- Timo Aaltonen Wed, 23 Sep 2015 18:29:12 +0300 dogtag-pki (10.2.0-4) unstable; urgency=medium * control: Add python-selinux to pki-server depends. -- Timo Aaltonen Fri, 07 Nov 2014 11:08:29 +0200 dogtag-pki (10.2.0-3) unstable; urgency=medium * control: Add Breaks/Replaces on strongswan-starter to pki-tools. (Closes: #767561) -- Timo Aaltonen Wed, 05 Nov 2014 00:40:10 +0200 dogtag-pki (10.2.0-2) unstable; urgency=medium * patches: Fix servlet jar name, and paths to jss4.jar and symkey.jar. -- Timo Aaltonen Fri, 24 Oct 2014 20:39:24 +0300 dogtag-pki (10.2.0-1) unstable; urgency=low * Initial release (Closes: #653606) -- Timo Aaltonen Fri, 10 Oct 2014 14:40:12 +0300