rpms / certmonger

Clone
Source Code
GIT

Blame SOURCES/0013-Disable-DSA-in-the-RPM-spec.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   cebf485c5e70b41d314ca9c695e88dc93463e919
  2.   SOURCES
  3.   0013-Disable-DSA-in-the-RPM-spec.patch
Blob History Raw
cebf48 
From bdf93378eca9d28d5b49c8170c849d2c2e6f1991 Mon Sep 17 00:00:00 2001
cebf48 
From: Rob Crittenden <rcritten@redhat.com>
cebf48 
Date: Thu, 7 Apr 2022 16:30:40 -0400
cebf48 
Subject: [PATCH] Disable DSA in the RPM spec
cebf48
cebf48 
DSA has been disabled in default crypto policy since Fedora 30
cebf48 
and will cause crashes if used in FIPS mode.
cebf48
cebf48 
Refresh the 028-dbus no-DSA expected output. It was out-of-sync
cebf48 
from previous changes.
cebf48
cebf48 
https://bugzilla.redhat.com/show_bug.cgi?id=2066439
cebf48
cebf48 
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
cebf48 
---
cebf48 
 certmonger.spec                   |   6 +-
cebf48 
 tests/028-dbus/expected.out.nodsa | 135 +++---------------------------
cebf48 
 2 files changed, 15 insertions(+), 126 deletions(-)
cebf48
cebf48 
diff --git a/certmonger.spec b/certmonger.spec
cebf48 
index 6715d83..9c01438 100644
cebf48 
--- a/certmonger.spec
cebf48 
+++ b/certmonger.spec
cebf48 
@@ -28,7 +28,7 @@
cebf48
cebf48 
 Name:		certmonger
cebf48 
 Version:	0.79.14
cebf48 
-Release:	1%{?dist}
cebf48 
+Release:	2%{?dist}
cebf48 
 Summary:	Certificate status monitor and PKI enrollment client
cebf48
cebf48 
 Group:		System Environment/Daemons
cebf48 
@@ -143,6 +143,7 @@ autoreconf -i -f
cebf48 
 %if %{with xmlrpc}
cebf48 
 	--with-xmlrpc \
cebf48 
 %endif
cebf48 
+	--disable-dsa \
cebf48 
 	--with-tmpdir=/run/certmonger --enable-pie --enable-now
cebf48 
 %if %{with xmlrpc}
cebf48 
 # For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just
cebf48 
@@ -264,6 +265,9 @@ exit 0
cebf48 
 %endif
cebf48
cebf48 
 %changelog
cebf48 
+* Mon Mar 28 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.15-2
cebf48 
+- Disable DSA. It is not allowed by default crypto policy (#2066439)
cebf48 
+
cebf48 
 * Tue Jun 14 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.14-1
cebf48 
 - update to 0.79.14
cebf48 
   -  Fix local CA to work under FIPS
cebf48 
diff --git a/tests/028-dbus/expected.out.nodsa b/tests/028-dbus/expected.out.nodsa
cebf48 
index 20499bf..0e1b977 100644
cebf48 
--- a/tests/028-dbus/expected.out.nodsa
cebf48 
+++ b/tests/028-dbus/expected.out.nodsa
cebf48 
@@ -11,12 +11,14 @@ Request ID 'Buddy':
cebf48 
 	CA: local
cebf48 
 	issuer: CN=$UUID,CN=Local Signing Authority
cebf48 
 	subject: CN=localhost
cebf48 
+	issued: sometime
cebf48 
 	expires: sometime
cebf48 
 	dns: localhost
cebf48 
 	principal name: host/localhost@LOCALHOST
cebf48 
 	key usage: digitalSignature,dataEncipherment
cebf48 
 	eku: id-kp-serverAuth
cebf48 
 	certificate template/profile: SomeProfileName
cebf48 
+	profile: SomeProfileName
cebf48 
 	pre-save command: echo Pre
cebf48 
 	post-save command: echo Post
cebf48 
 	track: yes
cebf48 
@@ -33,10 +35,6 @@ CA 'IPA':
cebf48 
 	is-default: no
cebf48 
 	ca-type: EXTERNAL
cebf48 
 	helper-location: $libexecdir/ipa-submit
cebf48 
-CA 'certmaster':
cebf48 
-	is-default: no
cebf48 
-	ca-type: EXTERNAL
cebf48 
-	helper-location: $libexecdir/certmaster-submit
cebf48 
 CA 'dogtag-ipa-renew-agent':
cebf48 
 	is-default: no
cebf48 
 	ca-type: EXTERNAL
cebf48 
@@ -44,8 +42,8 @@ CA 'dogtag-ipa-renew-agent':
cebf48
cebf48 
 [[ API ]]
cebf48 
 [ simpleprop.py ]
cebf48 
-/org/fedorahosted/certmonger/cas/CA6
cebf48 
-/org/fedorahosted/certmonger/cas/CA6
cebf48 
+/org/fedorahosted/certmonger/cas/CA5
cebf48 
+/org/fedorahosted/certmonger/cas/CA5
cebf48 
 : -> : -k admin@localhost -> :
cebf48 
 0 -> 1 -> 0
cebf48 
 [ walk.py ]
cebf48 
@@ -181,7 +179,7 @@ OK
cebf48 
 OK
cebf48
cebf48 
 [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ]
cebf48 
-dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA5')], signature=dbus.Signature('o'))
cebf48 
+dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA2'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA3'), dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA4')], signature=dbus.Signature('o'))
cebf48
cebf48 
 [ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ]
cebf48 
 dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
cebf48 
@@ -272,6 +270,7 @@ OK
cebf48 
    <arg name="principal_names" type="as" direction="out"/>
cebf48 
    <arg name="key_usage" type="x" direction="out"/>
cebf48 
    <arg name="extended_key_usage" type="as" direction="out"/>
cebf48 
+   <arg name="not_before" type="x" direction="out"/>
cebf48 
   </method>
cebf48 
   <property name="issuer" type="s" access="read"/>
cebf48 
   <property name="serial" type="s" access="read"/>
cebf48 
@@ -433,7 +432,7 @@ Buddy
cebf48
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]
cebf48 
-(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
cebf48 
+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')), dbus.Int64(recently))
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]
cebf48 
 recently
cebf48 
@@ -507,7 +506,6 @@ After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.Stri
cebf48 
  <node name="CA2"/>
cebf48 
  <node name="CA3"/>
cebf48 
  <node name="CA4"/>
cebf48 
- <node name="CA5"/>
cebf48 
 </node>
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ]
cebf48 
@@ -941,10 +939,10 @@ dbus.Array([], signature=dbus.Signature('s'))
cebf48 
 </node>
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
cebf48 
-$tmpdir/cas/20180327134236-2
cebf48 
+$tmpdir/cas/20180327134236-3
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ]
cebf48 
-certmaster
cebf48 
+dogtag-ipa-renew-agent
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ]
cebf48 
 0
cebf48 
@@ -956,7 +954,7 @@ EXTERNAL
cebf48 
 None
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ]
cebf48 
-$libexecdir/certmaster-submit
cebf48 
+$libexecdir/dogtag-ipa-renew-agent-submit
cebf48
cebf48 
 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ]
cebf48 
 dbus.Array([], signature=dbus.Signature('s'))
cebf48 
@@ -964,116 +962,3 @@ dbus.Array([], signature=dbus.Signature('s'))
cebf48 
 [ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ]
cebf48 
 1
cebf48
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.freedesktop.DBus.Introspectable.Introspect ]
cebf48 
-
cebf48 
-"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
cebf48 
-
cebf48 
-<node name="/org/fedorahosted/certmonger/cas/CA5">
cebf48 
- <interface name="org.freedesktop.DBus.Introspectable">
cebf48 
-  <method name="Introspect">
cebf48 
-   <arg name="xml_data" type="s" direction="out"/>
cebf48 
-  </method>
cebf48 
- </interface>
cebf48 
- <interface name="org.freedesktop.DBus.Properties">
cebf48 
-  <method name="Get">
cebf48 
-   <arg name="interface_name" type="s" direction="in"/>
cebf48 
-   <arg name="property_name" type="s" direction="in"/>
cebf48 
-   <arg name="value" type="v" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <method name="Set">
cebf48 
-   <arg name="interface_name" type="s" direction="in"/>
cebf48 
-   <arg name="property_name" type="s" direction="in"/>
cebf48 
-   <arg name="value" type="v" direction="in"/>
cebf48 
-  </method>
cebf48 
-  <method name="GetAll">
cebf48 
-   <arg name="interface_name" type="s" direction="in"/>
cebf48 
-   <arg name="props" type="a{sv}" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <signal name="PropertiesChanged">
cebf48 
-   <arg name="interface_name" type="s"/>
cebf48 
-   <arg name="changed_properties" type="a{sv}"/>
cebf48 
-   <arg name="invalidated_properties" type="as"/>
cebf48 
-  </signal>
cebf48 
- </interface>
cebf48 
- <interface name="org.fedorahosted.certmonger.ca">
cebf48 
-  <method name="get_config_file_path">
cebf48 
-   <arg name="path" type="s" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <method name="get_nickname">
cebf48 
-   <arg name="nickname" type="s" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <property name="nickname" type="s" access="read"/>
cebf48 
-  <property name="aka" type="s" access="read"/>
cebf48 
-  <method name="get_is_default">
cebf48 
-   <arg name="default" type="b" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <property name="is-default" type="b" access="readwrite"/>
cebf48 
-  <method name="get_type">
cebf48 
-   <arg name="type" type="s" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <method name="get_serial">
cebf48 
-   <arg name="serial_hex" type="s" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <method name="get_location">
cebf48 
-   <arg name="path" type="s" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <property name="external-helper" type="s" access="readwrite"/>
cebf48 
-  <method name="get_issuer_names">
cebf48 
-   <arg name="names" type="as" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <method name="refresh">
cebf48 
-   <arg name="working" type="b" direction="out"/>
cebf48 
-  </method>
cebf48 
-  <property name="ca-error" type="s" access="read"/>
cebf48 
-  <property name="issuer-names" type="as" access="read"/>
cebf48 
-  <property name="root-certs" type="a(ss)" access="read"/>
cebf48 
-  <property name="root-other-certs" type="a(ss)" access="read"/>
cebf48 
-  <property name="other-certs" type="a(ss)" access="read"/>
cebf48 
-  <property name="required-enroll-attributes" type="as" access="read"/>
cebf48 
-  <property name="required-renew-attributes" type="as" access="read"/>
cebf48 
-  <property name="supported-profiles" type="as" access="read"/>
cebf48 
-  <property name="default-profile" type="s" access="read"/>
cebf48 
-  <property name="root-cert-files" type="as" access="readwrite"/>
cebf48 
-  <property name="root-other-cert-files" type="as" access="readwrite"/>
cebf48 
-  <property name="other-cert-files" type="as" access="readwrite"/>
cebf48 
-  <property name="root-cert-nssdbs" type="as" access="readwrite"/>
cebf48 
-  <property name="root-other-cert-nssdbs" type="as" access="readwrite"/>
cebf48 
-  <property name="other-cert-nssdbs" type="as" access="readwrite"/>
cebf48 
-  <property name="ca-presave-command" type="s" access="read"/>
cebf48 
-  <property name="ca-presave-uid" type="s" access="read"/>
cebf48 
-  <property name="ca-postsave-command" type="s" access="read"/>
cebf48 
-  <property name="ca-postsave-uid" type="s" access="read"/>
cebf48 
-  <property name="scep-cipher" type="s" access="readwrite"/>
cebf48 
-  <property name="scep-digest" type="s" access="readwrite"/>
cebf48 
-  <property name="scep-ca-identifier" type="s" access="readwrite"/>
cebf48 
-  <property name="scep-ca-capabilities" type="as" access="read"/>
cebf48 
-  <property name="scep-ra-cert" type="s" access="read"/>
cebf48 
-  <property name="scep-ca-cert" type="s" access="read"/>
cebf48 
-  <property name="scep-other-certs" type="s" access="read"/>
cebf48 
- </interface>
cebf48 
-</node>
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ]
cebf48 
-$tmpdir/cas/20180327134236-3
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ]
cebf48 
-dogtag-ipa-renew-agent
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_is_default ]
cebf48 
-0
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_type ]
cebf48 
-EXTERNAL
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_serial ]
cebf48 
-None
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_location ]
cebf48 
-$libexecdir/dogtag-ipa-renew-agent-submit
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_issuer_names ]
cebf48 
-dbus.Array([], signature=dbus.Signature('s'))
cebf48 
-
cebf48 
-[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.refresh ]
cebf48 
-1
cebf48 
-
cebf48 
--
cebf48 
2.31.1
cebf48

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation