[CentOS] Certificate system

John R Pierce pierce at hogranch.com
Fri Aug 7 01:33:38 UTC 2009 

John R Pierce wrote:
> a few months ago, Barry Brimer wrote...
>   
>> The Fedora version of RHCS is called Dogtag
>>
>> <http://pki.fedoraproject.org/wiki/PKI_Main_Page>
>>
>> You might have to modify/rebuild their SRPMS.
>>   
>>     
>
> has anyone rebuilt this for CentOS5 yet?
>
> its quite a few packages, and I'd hate to dive nito trying to rebuild it 
> all myself and sort out the differences if this has already been done 
> and is parked on a repository.
>   

I spent pretty much all afternoon and think I've got it built correctly 
from the RHCS sources on ftp.redhat.com using CentOS 5.3 x86_64...

in a nutshell.

1) yum install the following prerequisites...
        yum install nss-devel pcsc-lite-devel
        yum install fontconfig-devel freetype-devel glib2-devel 
libIDL-devel atk-devel gtk2-devel libjpeg-devel pango-devel libpng-devel
        yum install autoconf213 libX11-devel libXt-devel xulrunner-devel 
coolkey-devel libnotify-devel dbus-devel
        yum install java-devel java-devel-openjdk httpd-devel arp-devel 
arp-util-devel
        yum install ant sqlite-devel mozldap-devel svrcore-devel 
selinux-policy-devel pcre-devel
        yum install ldapjdk xerces-j2 perl-XML-LibXML perl-Crypt-SSLeay 
perl-XML-SAX mozldap-tools
        yum install eclipse-ecj tomcat5 velocity idm-console-framework
        yum install rhgb perl-XML-Parser perl-XML-Simple

2) download and install all these .src.rpm's from 
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHCERT/SRPMS/
(32 of them...)
    coolkey-1.1.0-9.el5.src.rpm
    esc-1.1.0-9.el5.src.rpm
    jss-4.2.6-4.el5idm.src.rpm
    mod_nss-1.0.8-1.el5idm.src.rpm
    osutil-1.1.0-30.el5pki.src.rpm
    perl-DBD-SQLite-1.12-6.el5idm.src.rpm
    perl-Parse-RecDescent-1.94-5.3.el5idm.src.rpm
    pki-ca-8.0.0-21.el5pki.src.rpm
    pki-common-8.0.0-16.el5pki.src.rpm
    pki-console-8.0.0-13.el5pki.src.rpm
    pki-java-tools-8.0.0-17.el5pki.src.rpm
    pki-kra-8.0.0-20.el5pki.src.rpm
    pki-migrate-8.0.0-17.el5pki.src.rpm
    pki-native-tools-8.0.0-17.el5pki.src.rpm
    pki-ocsp-8.0.0-20.el5pki.src.rpm
    pki-ra-8.0.0-26.el5pki.src.rpm
    pki-selinux-8.0.0-10.el5pki.src.rpm
    pki-setup-8.0.0-18.el5pki.src.rpm
    pki-silent-8.0.0-13.el5pki.src.rpm
    pki-tks-8.0.0-20.el5pki.src.rpm
    pki-tps-8.0.0-29.el5pki.src.rpm
    pki-util-8.0.0-16.el5pki.src.rpm
    redhat-pki-ca-ui-8.0.0-30.el5pki.src.rpm
    redhat-pki-common-ui-8.0.0-21.el5pki.src.rpm
    redhat-pki-console-ui-8.0.0-14.el5pki.src.rpm
    redhat-pki-kra-ui-8.0.0-15.el5pki.src.rpm
    redhat-pki-ocsp-ui-8.0.0-14.el5pki.src.rpm
    redhat-pki-ra-ui-8.0.0-23.el5pki.src.rpm
    redhat-pki-tks-ui-8.0.0-13.el5pki.src.rpm
    redhat-pki-tps-ui-8.0.0-33.el5pki.src.rpm
    symkey-1.1.0-26.el5pki.src.rpm
    tomcatjss-1.1.0-15.el5idm.src.rpm

I used rpmmacros to force these to install to a user $HOME/rpm
    $ cat ~/.rpmmacros
    %_topdir /home/pierce/rpm
    %dist .el5
    %packager John R Pierce <pierce at hogranch.com>

3) now, the fun begins.  you have to build, then install these in batches. 

3.a.1) batch 1. cd ~/rpms/SPECS, then for each of these,   rpmbuild -bb $1
    coolkey.spec
    esc.spec
    jss.spec
    mod_nss.spec
    osutil.spec
    perl-DBD-SQLite.spec
    perl-Parse-RecDescent.spec
    pki-migrate.spec
    pki-native-tools.spec
    pki-selinux.spec
    pki-setup.spec
    redhat-pki-ca-ui.spec
    redhat-pki-common-ui.spec

3.a.2) install the first batch.
    cd ../RPMS
    rpm -Uvh noarch/redhat-pki-common-ui-8.0.0-21.el5.noarch.rpm 
noarch/pki-migrate-8.0.0-17.el5.noarch.rpm \
        noarch/pki-selinux-8.0.0-10.el5.noarch.rpm 
noarch/perl-Parse-RecDescent-1.94-5.3.el5.noarch.rpm \
        noarch/redhat-pki-ca-ui-8.0.0-30.el5.noarch.rpm 
noarch/pki-setup-8.0.0-18.el5.noarch.rpm \
        x86_64/mod_nss-1.0.8-1.el5.x86_64.rpm 
x86_64/mod_nss-debuginfo-1.0.8-1.el5.x86_64.rpm \
        x86_64/coolkey-1.1.0-9.el5.x86_64.rpm 
x86_64/jss-4.2.6-4.el5.x86_64.rpm \
        x86_64/esc-debuginfo-1.1.0-9.el5.x86_64.rpm 
x86_64/jss-debuginfo-4.2.6-4.el5.x86_64.rpm \
        x86_64/esc-1.1.0-9.el5.x86_64.rpm 
x86_64/osutil-1.1.0-30.el5.x86_64.rpm \
        x86_64/jss-javadoc-4.2.6-4.el5.x86_64.rpm 
x86_64/pki-native-tools-8.0.0-17.el5.x86_64.rpm \
        x86_64/coolkey-devel-1.1.0-9.el5.x86_64.rpm 
x86_64/coolkey-debuginfo-1.1.0-9.el5.x86_64.rpm

3.b) same as above, for the following specs...
        redhat-pki-console-ui.spec
        redhat-pki-kra-ui.spec
        redhat-pki-ocsp-ui.spec
        redhat-pki-ra-ui.spec
        redhat-pki-tks-ui.spec
        redhat-pki-tps-ui.spec
        symkey.spec
        tomcatjss.spec
        pki-util.spec

3.c) same as above agani, for these...
        pki-common.spec
        pki-console.spec
        pki-java-tools.spec

3.d) finally, same as above, one more time.   this time, watch the rpm 
install output carefully, these are launching services that need to be 
initialized per the URL's in the output.
        pki-silent.spec
        pki-ca.spec
        pki-ra.spec
        pki-tps.spec
        pki-tks.spec
        pki-kra.spec
        pki-ocsp.spec


now comes the fun part.  this thing is a bigass complex monster, and I 
know you need to configure each of the (ca, ra, tps, tks, kra, and ocsp) 
but I have yet to even figure this out, or verify if any of it is 
actually working.

someone might consider wikifying this information, I dunno.   It took me 
just about all day to sort out that build/install/build/install order 
due to all the various dependencies.

More information about the CentOS mailing list