Difference between revisions of "PKI Open Source History 2014"

From Dogtag
Jump to: navigation, search
m (Dogtag Certificate Server 10.2.0       [09/06/2014])
(Dogtag Certificate Server 10.1.2       [09/22/2014])
Line 282: Line 282:
  
 
<font size="+1"><b>Detailed Changes since Dogtag 10.1.1</b></font>
 
<font size="+1"><b>Detailed Changes since Dogtag 10.1.1</b></font>
 +
* alee (3)
 +
** 781 - Fix typo in CS.cfg for ca.profiles.defaultSigningAlgsAllowed
 +
** 1142 - Check for null values in GetConfigEntries
 +
** Fix migration script for 10.1.1
 +
* cfu (6)
 +
** 1110 - pkispawn (configuration) does not provide CA extensions in subordinate certificate signing requests (CSR)
 +
** 1198 - TLS support: provide proper TLS default values and ciphers in server.xml and upgrade
 +
** 1206 - (java console) TLS range support: code change needed for cs when acting as client
 +
** BZ 1158410 - add TLS range support to server.xml
 +
** BZ 871171 - (client-side code) Provide Tomcat support for TLS v1.1 and TLS v1.2
 +
** BZ 1151147 - issuerDN encoding correction
 +
* edewata (2)
 +
** 499 - Moved web application context file.
 +
** Fixed template deployment.
 +
* mharmsen (9)
 +
** 1211 - New release overwrites old source tarball
 +
** BZ 1165351 - Errata TPS test fails due to dependent packages not found
 +
** BZ 1108303 - Rebase pki-core to 10.1 (RHEL)
 +
** BZ 1117073 - pki-core ppc64le is missing from ExcludeArch line of spec file (RHEL)
 +
** Changed buildtime requirement from 'resteasy-base-jackson-provider >= 3.0.6-1 to 'resteasy-base-jettison-provider >= 3.0.6-1' (RHEL)
 +
** Add missing 'jakarta-commons-httpclient' build and runtime requirement
 +
** Exclude the 'ppcle' and 'ppc64le' platforms from being built (RHEL)
 +
** Update 'resteasy-base' requirements on RHEL platforms
 +
** Suppress pylint on RHEL platforms
  
 
<font size="+1"><b>Server Platforms:</b></font>
 
<font size="+1"><b>Server Platforms:</b></font>

Revision as of 01:53, 10 January 2015

Open Source History (2014)

Dogtag Certificate Server 10.0.7       [04/01/2014]

Dogtag Certificate System 10.0.7 represents the seventh errata build for Dogtag 10.0.0.

Project Name:

  • Dogtag Certificate System 10.0.7

Releases:

  • [04/01/2014] Dogtag Certificate Server 10.0.7 [32-bit & 64-bit Fedora 19]

Packages (Revised)

  • dogtag-pki-10.0.7-1
  • dogtag-pki-theme-10.0.7-1
  • pki-console-10.0.7-1
  • pki-core-10.0.7-1
  • pki-ra-10.0.7-1
  • pki-tps-10.0.7-1

Upgrade Notes:

Simply use yum to update existing packages.

Highlights since Dogtag 10.0.6

  • This errata fixes three bugs found in Dogtag 10.0.6:
    • PKI TRAC Ticket #803 - avc generated for useradd in pkispawn scripts
      • Fixed so that useradd does not generate an AVC by closing file descriptors prior to invoking useradd.
    • PKI TRAC Ticket #868 - REST API get certs links missing segment
      • Fixed links to generate proper URLs (attempted to future-proof this to avoid any issues that might be caused by future re-factoring).
    • PKI TRAC Ticket #869 - f19 ipa-server-install fails at step 6/22 of cert sys install - systemctl start pki-tomcatd.target fails
      • Fixed problem by adding a 'daemon-reload' method and calling it prior to starting the 'pki-tomcatd' target.

Notes on Fedora 19:

Fedora 19 does not provide tomcat 6. Dogtag 9 style instances will therefore no longer work on Fedora 19. These instances need to be migrated to Dogtag 10.

To prevent inadvertently disabling Dogtag instances, code has been added to prevent upgrades to Fedora 19 if Dogtag 9 instances exist. Details on how to upgrade Dogtag 9 instances and workarounds can be found at: Migrating Dogtag 9 Instances to Dogtag 10

Detailed Changes since Dogtag 10.0.6

  • alee (2):
    • 743 Fixed useradd in pkispawn to not generate AVC
    • 868 REST API get certs links missing segment
  • mharmsen(1):
    • 869 Added 'daemon-reload' method

Server Platforms:

Platform 10.0.7
32-bit Fedora 19 (i686)
X
64-bit Fedora 19 (x86_64)
X

Dogtag Certificate Server 10.1.1       [04/01/2014]

Dogtag Certificate System 10.1.1 represents the first errata build for Dogtag 10.1.0.

NOTE:   Due to changes in the way tomcat is started in Fedora 20, and the corresponding changes in the Dogtag init scripts, Dogtag 10.1 will only be delivered from Fedora 20 upwards. Dogtag 10.0 will continue to be delivered and supported for Fedora 19.

Project Name:

  • Dogtag Certificate System 10.1.1

Releases:

  • [04/01/2014] Dogtag Certificate Server 10.1.1 [32-bit & 64-bit Fedora 20]

Packages (Revised)

  • dogtag-pki-10.1.1-1
  • dogtag-pki-theme-10.1.1-1
  • pki-console-10.1.1-1
  • pki-core-10.1.1-1
  • pki-ra-10.1.1-1
  • pki-tps-10.1.1-1

Upgrade Notes:

Simply use yum to update existing packages.

Highlights since Dogtag 10.1.0

  • This errata fixes four bugs found in Dogtag 10.1.0:
    • PKI TRAC Ticket #840 - pkispawn requires policycoreutils-python
      Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
      • Added this runtime dependency to the pki-core package.
    • PKI TRAC Ticket #868 - REST API get certs links missing segment
      • Fixed links to generate proper URLs (attempted to future-proof this to avoid any issues that might be caused by future re-factoring).
    • PKI TRAC Ticket #869 - f19 ipa-server-install fails at step 6/22 of cert sys install - systemctl start pki-tomcatd.target fails
      • Fixed problem by adding a 'daemon-reload' method and calling it prior to starting the 'pki-tomcatd' target.
    • PKI TRAC Ticket #816 - pki-tomcat cannot be started after installation of ipa replica with ca
      • IPA replica installation was failing due to encoding errors when generating the SSL server certificate. To avoid these errors, Dogtag CA clones were fixed by requiring that their SSL server certificates mustalways be signed by the associated Dogtag CA master.

Detailed Changes since Dogtag 10.1.0

  • alee(1):
    • 868 REST API get certs links missing segment
  • cfu(1):
    • 816 Sign CA clone sslserver certificate using CA master
  • mharmsen(2):
    • 840 pkispawn requires policycoreutils-python
    • 869 Added 'daemon-reload' method

Server Platforms:

Platform 10.1.1
32-bit Fedora 20 (i686)
X
64-bit Fedora 20 (x86_64)
X

Dogtag Certificate Server 10.2.0       [09/06/2014]

Dogtag Certificate System 10.2.0 represents the first phase of Dogtag 10.2, and is associated with Fedora 21.

NOTE:   Due to the size, scope, and complexity of Dogtag 10.2, separate revisions of Dogtag 10.2 which incorporate a portion of the features will be released in phases over time. Each phase will likely correspond to a specific version of Fedora.

Project Name:

  • Dogtag Certificate System 10.2.0

Releases:

  • [12/06/2014] Dogtag Certificate Server 10.2.0 [32-bit & 64-bit Fedora 21] (Release 5)
  • [10/07/2014] Dogtag Certificate Server 10.2.0 [32-bit & 64-bit Fedora 21] (Release 3)
  • [09/08/2014] Dogtag Certificate Server 10.2.0 [32-bit & 64-bit Fedora 21] (Release 2)
  • [09/06/2014] Dogtag Certificate Server 10.2.0 [32-bit & 64-bit Fedora 21] (Release 1)

Packages (Revised)

  • Release 5:
    • pki-core-10.2.0-5.fc21 [2014-12-03]
    • dogtag-pki-10.2.0-5.fc21 [2014-12-04]
    • dogtag-pki-theme-10.2.0-5.fc21 [2014-12-06]
    • pki-console-10.2.0-5.fc21 [2014-12-04]
  • Release 3:
    • pki-core-10.2.0-3.fc21 [2014-10-07
  • Release 2
    • dogtag-pki-10.2.0-2.fc21 [2014-09-08]
  • Release 1:
    • pki-core-10.2.0-1.fc21 [2014-09-06]
    • dogtag-pki-10.2.0-1.fc21 [2014-09-06]
    • dogtag-pki-theme-10.2.0-1.fc21 [2014-09-05]
    • pki-console-10.2.0-1.fc21 [2014-09-06]

Upgrade Notes:

After running fedup, simply use yum (as necessary) to update existing packages.

Highlights since Dogtag 10.1.1

The primary purpose of Dogtag 10.2 was to perform a re-write of the TPS system from a native Apache-based plug-in process to a java Tomcat-based process which utilizes the same framework utilized by the other Dogtag java-based Tomcat processes.

The numerous tickets fixed during this particular phase can be found in the specified milestones of the PKI TRAC Ticket Instance:

  • 10.2 - 11/13 (November) - page 9 (1 ticket)
  • 10.2 - 12/13 (December) - page 9 (4 tickets)
  • 10.2 - 01/14 (January) - page 10 (2 tickets)
  • 10.2 - 03/14 (March) - page 10 (7 tickets)
  • 10.2 - 04/14 (April) - pages 9-10 (26 tickets)
  • 10.2 - 05/14 (May) - page 9 (16 tickets)
  • 10.2 - 06/14 (June) - page 9 (16 tickets)
  • 10.2 - 07/14 (July) - page 9 (17 tickets)
  • 10.2 - 08/14 (August) - page 9 (36 tickets)
  • 10.2 Backlog - pages 8-9 (17 tickets)

Additionally, specific releases addressed the following issues:

  • Release 5:
    • Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade
    • Bugzilla Bug #1165351 - Errata TPS test fails due to dependent packages not found
    • PKI Trac Ticket #1211 - New release overwrites old source tarball
    • Bugzilla Bug #1151147 - issuerDN encoding correction
    • Make dependencies comply with TLS changes
  • Release 3:
    • PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec
    • Disable pylint dependency for RHEL builds
    • Added jakarta-commons-httpclient requirements
    • Added tomcat version for RHEL build
    • Added resteasy-base-client for RHEL build
  • Release 2:
    • Revised dependencies
    • Removed RA references
    • Changed Apache TPS references to Tomcat TPS references
  • Release 1:
    • Added option to build without server packages.
    • Replaced Jettison with Jackson.
    • Added python-nss build requirement
    • Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
    • TRAC Ticket #840 - pkispawn requires policycoreutils-python
    • Updated requirements for resteasy
    • Added template files for archive, retrieve and generate key requests to the client package.
    • PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
    • Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires
    • drop dependency on java-atk-wrapper
    • Removed 'java-atk-wrapper' dependency from 'pki-server'
    • Respin to include the applet files with the rpm install. No change to spec file needed.
    • PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .
    • Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package.
    • Original tps libararies must be built to support this native utility.
    • Modified tps package from 'noarch' into 'architecture-specific' package
    • PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps

Detailed Changes since Dogtag 10.1.1

Server Platforms:

Platform 10.2.0
32-bit Fedora 21 (i686)
X
64-bit Fedora 21 (x86_64)
X

Dogtag Certificate Server 10.1.2       [09/22/2014]

Dogtag Certificate System 10.1.2 represents the second errata build for Dogtag 10.1.0.

Project Name:

  • Dogtag Certificate System 10.1.2

Releases:

  • [12/04/2014] Dogtag Certificate Server 10.1.2 [32-bit & 64-bit Fedora 20] (Release 7)
  • [12/02/2014] Dogtag Certificate Server 10.1.2 [32-bit & 64-bit Fedora 20] (Release 5)
  • [11/18/2014] Dogtag Certificate Server 10.1.2 [32-bit & 64-bit Fedora 20] (Release 4)
  • [09/22/2014] Dogtag Certificate Server 10.1.2 [32-bit & 64-bit Fedora 20] (Release 2)

Packages (Revised)

  • Release 7:
    • pki-core-10.1.2-7.fc20 [2014-12-01]
    • dogtag-pki-10.1.2-7.fc20 [2014-12-04]
    • pki-console-10.1.2-7.fc20 [2014-12-04]
  • Release 5:
    • pki-core-10.1.2-5.fc20 [2014-11-26]
    • dogtag-pki-10.1.2-5.fc20 [2014-12-02]
    • pki-console-10.1.2-5.fc20 [2014-12-02]
  • Release 4:
    • pki-core-10.1.2-4.fc20 [2014-11-18]
  • Release 2:
    • pki-core-10.1.2-2.fc20 [2014-09-22]

Upgrade Notes:

Simply use yum to update existing packages.

Highlights since Dogtag 10.1.1

This release addressed the following issues:

  • Release 7:
    • Bugzilla Bug #1165351 - Errata TPS test fails due to dependent packages not found
    • Make dependencies comply with TLS changes
  • Release 5:
    • Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade
    • PKI Trac Ticket #1211 - New release overwrites old source tarball
    • updated various version dependencies
  • Release 4:
    • Bugzilla Bug #1151147 - issuerDN encoding correction
  • Release 2:
    • addressed numerous issues in RHEL

Detailed Changes since Dogtag 10.1.1

  • alee (3)
    • 781 - Fix typo in CS.cfg for ca.profiles.defaultSigningAlgsAllowed
    • 1142 - Check for null values in GetConfigEntries
    • Fix migration script for 10.1.1
  • cfu (6)
    • 1110 - pkispawn (configuration) does not provide CA extensions in subordinate certificate signing requests (CSR)
    • 1198 - TLS support: provide proper TLS default values and ciphers in server.xml and upgrade
    • 1206 - (java console) TLS range support: code change needed for cs when acting as client
    • BZ 1158410 - add TLS range support to server.xml
    • BZ 871171 - (client-side code) Provide Tomcat support for TLS v1.1 and TLS v1.2
    • BZ 1151147 - issuerDN encoding correction
  • edewata (2)
    • 499 - Moved web application context file.
    • Fixed template deployment.
  • mharmsen (9)
    • 1211 - New release overwrites old source tarball
    • BZ 1165351 - Errata TPS test fails due to dependent packages not found
    • BZ 1108303 - Rebase pki-core to 10.1 (RHEL)
    • BZ 1117073 - pki-core ppc64le is missing from ExcludeArch line of spec file (RHEL)
    • Changed buildtime requirement from 'resteasy-base-jackson-provider >= 3.0.6-1 to 'resteasy-base-jettison-provider >= 3.0.6-1' (RHEL)
    • Add missing 'jakarta-commons-httpclient' build and runtime requirement
    • Exclude the 'ppcle' and 'ppc64le' platforms from being built (RHEL)
    • Update 'resteasy-base' requirements on RHEL platforms
    • Suppress pylint on RHEL platforms

Server Platforms:

Platform 10.1.2
32-bit Fedora 20 (i686)
X
64-bit Fedora 20 (x86_64)
X