Bug 1557880

cherry-picked:

commit f188db9cc3c9775621755bcb37cc8de5832a3560 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH, ticket-2940-manCMC_10_5)
Author: Christina Fu <cfu>
Date:   Mon Mar 19 14:05:14 2018 -0700

    Ticket #2940 pki-core.spec change only.
    
    Change-Id: Id95f94e40f8d258eda7ded6fb17e88d6c3ae22c3

commit 08ac412c0a724b88817038e89563f928cc522357 (gerrit/DOGTAG_10_5_BRANCH)
Author: Christina Fu <cfu>
Date:   Mon Feb 26 13:16:01 2018 -0800

    Ticket #2940 [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken, and CMCRevoke
    
    This patch adds man pages for CMCRequest, CMCResponse, and CMCSharedToken.
    In addition, the usage in CMCResponse has been enhanced to include a
    verbose mode which will output certs in Base64 encoding individually.
    A "note" has been added to CMCRevoke --help to direct users to CMCRequest
    for better usability. The man page for CMCRevoke is intentionaly left out
    for this reason.
    
    The URL in CMCRequest.1 is a placeholder for the follow-up patch.  It will
    be replaced once the examples are complete.
    
    This patch addresses https://pagure.io/dogtagpki/issue/2940
    
    Change-Id: Id1df31a29207a0d12d50b7a3b959a3abcd9748d0
    (cherry picked from commit 1597b5bc09b39f7ee248e9f7ef5da55c8846a1c0)

commit 08c6684dfbabb53ab9301e33e2b40389b93f18bc
Author: Christina Fu <cfu>
Date:   Mon Mar 26 10:09:42 2018 -0700

    reflect dogtagpki url change in CMCRequest man page.
    
    Change-Id: I8eb5884a26850b87f378c4417939c873c27fd409
    (cherry picked from commit 3ce3ae9bd73a906beb0254a7488b15e11ddcf905)

commit fbd5122bd3e7ffe3632406f006630e2ddbc41907
Author: Christina Fu <cfu>
Date:   Mon Mar 26 10:09:42 2018 -0700

    reflect dogtagpki url change in CMCRequest man page.
    
    Change-Id: I8eb5884a26850b87f378c4417939c873c27fd409
    (cherry picked from commit 3ce3ae9bd73a906beb0254a7488b15e11ddcf905)
    (cherry picked from commit 08c6684dfbabb53ab9301e33e2b40389b93f18bc)

*** Bug 1567888 has been marked as a duplicate of this bug. ***

Typo found:

The man page of CMCSharedToken says in the "Options" section:

> -p <password>
>    Security token password.
>
> -p <passphrase>
>    CMC enrollment passphrase (shared secret) (put in "" if containing spaces)

According to the example in the man page, the second "-p" (for the CMC enrollment passphrase) needs to be changed into "-s".

Moving Bug state back to ASSIGNED.

This check-in fixes the typos found by mmuehlfe in https://bugzilla.redhat.com/show_bug.cgi?id=1567888
---

commit 7ed0b12aa3bc9a04acd417fc0757500d585c57e8 (HEAD -> DOGTAG_10_5_BRANCH, origin/DOGTAG_10_5_BRANCH)
Author: Christina Fu <cfu>
Date:   Mon Apr 16 14:28:39 2018 -0700

    Ticket #2940 post-ticket simple typo fix.
    
    Change-Id: I98558f607cb611981bcafd42d6500fd26a9664be
    (cherry picked from commit 2e299050016094c4ab9b739bc68a27787d8aadb4)

Moving back bug from MODIFIED to POST, as packages have not yet been rebuilt to obtain this patch.

(In reply to Christina Fu from comment #8)
> This check-in fixes the typos found by mmuehlfe in
> https://bugzilla.redhat.com/show_bug.cgi?id=1567888
> ---
> 
> commit 7ed0b12aa3bc9a04acd417fc0757500d585c57e8 (HEAD -> DOGTAG_10_5_BRANCH,
> origin/DOGTAG_10_5_BRANCH)
> Author: Christina Fu <cfu>
> Date:   Mon Apr 16 14:28:39 2018 -0700
> 
>     Ticket #2940 post-ticket simple typo fix.
>     
>     Change-Id: I98558f607cb611981bcafd42d6500fd26a9664be
>     (cherry picked from commit 2e299050016094c4ab9b739bc68a27787d8aadb4)

After speaking with QE, it was determined that this fix would not be included until RHEL 7.5.z Batch Update 2, and thus the original RHEL 7.6 bug that this RHEL 7.5.z bug was cloned from (https://bugzilla.redhat.com/show_bug.cgi?id=1545388) was itself cloned to https://bugzilla.redhat.com/show_bug.cgi?id=1570916.

There could be some changes needed in terms of ECC in the man pages.Working on ECC setup's right now.

There is no support for ecc in CMCSharedToken. So ecc is never included in man page and is never tested.

CMCResponse:

Man page suggest : 

-d <path>
              Path of directory to the NSS database. This option is required.

But without specifying "-d" in cli , it shows the cert.So i think "-d" can be treated as optional.

# CMCResponse  -i cmc.sys_subca_pkcs10.resp
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x5D0C698
            Signature Algorithm: SHA384withEC - 1.2.840.10045.4.3.3
            Issuer: CN=CA Signing Certificate,OU=gkapoor_RHCS75_update2_ecc,O=Example-rhcs92-CA-ecc
            Validity: 
                Not Before: Friday, May 25, 2018 6:33:27 AM EDT America/New_York
                Not  After: Tuesday, May 25, 2038 6:33:27 AM EDT America/New_York
            Subject: CN=CA Signing Certificate,OU=gkapoor_RHCS75_update2_ecc,O=Example-rhcs92-CA-ecc
            Subject Public Key Info: 
                Algorithm: EC - 1.2.840.10045.2.1

Closing this bug as "verified".raised another bug for behavior observed in comment#12.

https://bugzilla.redhat.com/show_bug.cgi?id=1590942

Test Procedure:

Verify man pages are correct.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1979

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days