Update to 2.2.0 beta1, fix shell escaping to work with dogtag 9.0.18.
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1) - Set minimum n-v-r for pki-ca and pki-silent to 9.0.18. - Add Conflicts on mod_ssl - Update minimum n-v-r of 389-ds-base to 1.2.10.4 - Update minimum n-v-r of sssd to 1.8.0 - Update minimum n-v-r of slapi-nis to 0.38 - Update minimum n-v-r of pki-* to 9.0.18 - Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1 - Update conflicts on bind to < 9.9.0-1 - Drop requires on krb5-server-ldap - Add patch to remove escaping arguments to pkisilent
This commit is contained in:
parent
c3929a4ff3
commit
18a9ea07cd
1
.gitignore
vendored
1
.gitignore
vendored
@ -12,3 +12,4 @@
|
||||
/freeipa-2.1.3-wait_for_socket.patch.gz
|
||||
/freeipa-2.1.4.tar.gz
|
||||
/freeipa-2.1.90.pre1.tar.gz
|
||||
/freeipa-2.1.90.rc1.tar.gz
|
||||
|
33
freeipa-2.1.90-shellescape.patch
Normal file
33
freeipa-2.1.90-shellescape.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 3bce02b17edfbdf90ecdac2f9643e28eb20a170a Mon Sep 17 00:00:00 2001
|
||||
From: Rob Crittenden <rcritten@redhat.com>
|
||||
Date: Tue, 13 Mar 2012 21:53:06 -0400
|
||||
Subject: [PATCH] No longer shell escape the DM password when calling
|
||||
pkisilent.
|
||||
|
||||
pkisilent was modified to handle escaping characters itself in
|
||||
BZ https://bugzilla.redhat.com/show_bug.cgi?id=769388
|
||||
|
||||
This removes the workaround from ticket 1636.
|
||||
|
||||
https://fedorahosted.org/freeipa/ticket/2529
|
||||
---
|
||||
ipaserver/install/cainstance.py | 3 ---
|
||||
1 files changed, 0 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
|
||||
index 6012ae1c7a00a87522fc0778f2cb355a3924d805..894e1951fa0c6f1a0f235cce0520c275724f227d 100644
|
||||
--- a/ipaserver/install/cainstance.py
|
||||
+++ b/ipaserver/install/cainstance.py
|
||||
@@ -659,9 +659,6 @@ class CAInstance(service.Service):
|
||||
args.append("-clone")
|
||||
args.append("false")
|
||||
|
||||
- # pkisilent does not escape the arguments before passing them to shell
|
||||
- args[2:] = [ipautil.shell_quote(i) for i in args[2:]]
|
||||
-
|
||||
# Define the things we don't want logged
|
||||
nolog = (self.admin_password, self.dm_password,)
|
||||
|
||||
--
|
||||
1.7.6
|
||||
|
71
freeipa.spec
71
freeipa.spec
@ -11,24 +11,22 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
|
||||
%endif
|
||||
%global POLICYCOREUTILSVER 1.33.12-1
|
||||
%global gettext_domain ipa
|
||||
%global VERSION 2.1.90.pre1
|
||||
%global VERSION 2.1.90.rc1
|
||||
|
||||
Name: freeipa
|
||||
Version: 2.1.90
|
||||
Release: 0.1%{?dist}
|
||||
Release: 0.2%{?dist}
|
||||
Summary: The Identity, Policy and Audit system
|
||||
|
||||
Group: System Environment/Base
|
||||
License: GPLv3+
|
||||
URL: http://www.freeipa.org/
|
||||
Source0: freeipa-%{VERSION}.tar.gz
|
||||
Patch7: freeipa-2.1.4-inifiles-support.patch
|
||||
Patch8: freeipa-2.1.4-python-ldap-2.4.6-support.patch
|
||||
Patch9: freeipa-2.1.4-upgrade-systemd.patch
|
||||
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
|
||||
Patch10: freeipa-2.1.90-shellescape.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{VERSION}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
%if ! %{ONLY_CLIENT}
|
||||
BuildRequires: 389-ds-base-devel >= 1.2.10-0.6.a6
|
||||
BuildRequires: 389-ds-base-devel >= 1.2.10.4
|
||||
BuildRequires: svrcore-devel
|
||||
BuildRequires: /usr/share/selinux/devel/Makefile
|
||||
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
|
||||
@ -61,6 +59,8 @@ BuildRequires: python-rhsm
|
||||
BuildRequires: pyOpenSSL
|
||||
BuildRequires: pylint
|
||||
BuildRequires: libipa_hbac-python
|
||||
BuildRequires: python-memcached
|
||||
BuildRequires: sssd >= 1.8.0
|
||||
|
||||
%description
|
||||
IPA is an integrated solution to provide centrally managed Identity (machine,
|
||||
@ -76,31 +76,32 @@ Requires: %{name}-python = %{version}-%{release}
|
||||
Requires: %{name}-client = %{version}-%{release}
|
||||
Requires: %{name}-admintools = %{version}-%{release}
|
||||
Requires: %{name}-server-selinux = %{version}-%{release}
|
||||
Requires(pre): 389-ds-base >= 1.2.10-0.8.a7
|
||||
Requires(pre): 389-ds-base >= 1.2.10.4
|
||||
Requires: openldap-clients
|
||||
Requires: nss
|
||||
Requires: nss-tools
|
||||
Requires: krb5-server >= 1.10-2
|
||||
Requires: krb5-server-ldap
|
||||
Requires: krb5-pkinit-openssl
|
||||
Requires: cyrus-sasl-gssapi%{?_isa}
|
||||
Requires: ntp
|
||||
Requires: httpd
|
||||
Requires: mod_wsgi
|
||||
Requires: mod_auth_kerb
|
||||
Requires: mod_auth_kerb >= 5.4-9
|
||||
Requires: mod_nss >= 1.0.8-10
|
||||
Requires: python-ldap
|
||||
Requires: python-krbV
|
||||
Requires: acl
|
||||
Requires: python-pyasn1 >= 0.0.9a
|
||||
Requires: memcached
|
||||
Requires: python-memcached
|
||||
Requires: systemd-units >= 36-3
|
||||
Requires(pre): systemd-units
|
||||
Requires(post): systemd-units
|
||||
Requires: selinux-policy >= 3.10.0-82
|
||||
Requires(post): selinux-policy-base
|
||||
Requires: slapi-nis >= 0.36
|
||||
Requires: pki-ca >= 9.0.17
|
||||
Requires: pki-silent >= 9.0.17
|
||||
Requires: slapi-nis >= 0.38
|
||||
Requires: pki-ca >= 9.0.18
|
||||
Requires: pki-silent >= 9.0.18
|
||||
# Only tomcat6 greater than this version provides proper systemd support
|
||||
Requires: tomcat6 >= 6.0.32-17
|
||||
Requires: dogtag-pki-common-theme
|
||||
@ -114,8 +115,12 @@ Requires(postun): python systemd-units
|
||||
# We have a soft-requires on bind. It is an optional part of
|
||||
# IPA but if it is configured we need a way to require versions
|
||||
# that work for us.
|
||||
Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1
|
||||
Conflicts: bind < 9.8.1-1
|
||||
Conflicts: bind-dyndb-ldap < 1.1.0-0.9.b1
|
||||
Conflicts: bind < 9.9.0-1
|
||||
|
||||
# mod_proxy provides a single API to communicate over SSL. If mod_ssl
|
||||
# is even loaded into Apache then it grabs this interface.
|
||||
Conflicts: mod_ssl
|
||||
|
||||
Obsoletes: ipa-server >= 1.0
|
||||
|
||||
@ -159,7 +164,7 @@ Requires: pam_krb5
|
||||
Requires: wget
|
||||
Requires: libcurl >= 7.21.7-2
|
||||
Requires: xmlrpc-c >= 1.27.4
|
||||
Requires: sssd >= 1.6.2
|
||||
Requires: sssd >= 1.8.0
|
||||
Requires: certmonger >= 0.26
|
||||
Requires: nss-tools
|
||||
Requires: bind-utils
|
||||
@ -218,9 +223,7 @@ package.
|
||||
|
||||
%prep
|
||||
%setup -n freeipa-%{VERSION} -q
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
|
||||
%build
|
||||
export CFLAGS="$CFLAGS %{optflags}"
|
||||
@ -303,7 +306,17 @@ mkdir -p %{buildroot}%{_initrddir}
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
|
||||
mkdir -p %{buildroot}%{_libexecdir}
|
||||
install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
|
||||
install -m 755 init/systemd/freeipa-systemd-upgrade %{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
|
||||
|
||||
mkdir -p %{buildroot}%{_initrddir}
|
||||
mkdir %{buildroot}%{_sysconfdir}/sysconfig/
|
||||
install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
|
||||
mkdir -p %{buildroot}%{_localstatedir}/run/
|
||||
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
|
||||
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
|
||||
install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf
|
||||
%endif
|
||||
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/ipa/
|
||||
@ -419,8 +432,12 @@ fi
|
||||
%{_sbindir}/ipa-upgradeconfig
|
||||
%{_sbindir}/ipa-compliance
|
||||
%{_sysconfdir}/cron.d/ipa-compliance
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
|
||||
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
|
||||
%config %{_sysconfdir}/tmpfiles.d/ipa.conf
|
||||
# Use systemd scheme
|
||||
%attr(644,root,root) %{_unitdir}/ipa.service
|
||||
%attr(644,root,root) %{_unitdir}/ipa_memcached.service
|
||||
%{_libexecdir}/freeipa-systemd-upgrade
|
||||
%dir %{python_sitelib}/ipaserver
|
||||
%{python_sitelib}/ipaserver/*
|
||||
@ -438,10 +455,11 @@ fi
|
||||
%{_usr}/share/ipa/migration/error.html
|
||||
%{_usr}/share/ipa/migration/index.html
|
||||
%{_usr}/share/ipa/migration/invalid.html
|
||||
%{_usr}/share/ipa/migration/ipa_migration.css
|
||||
%{_usr}/share/ipa/migration/migration.py*
|
||||
%dir %{_usr}/share/ipa/ui
|
||||
%{_usr}/share/ipa/ui/index.html
|
||||
%{_usr}/share/ipa/ui/login.html
|
||||
%{_usr}/share/ipa/ui/logout.html
|
||||
%{_usr}/share/ipa/ui/*.ico
|
||||
%{_usr}/share/ipa/ui/*.css
|
||||
%{_usr}/share/ipa/ui/*.js
|
||||
@ -556,6 +574,19 @@ fi
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
|
||||
|
||||
%changelog
|
||||
* Mon Mar 19 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.2
|
||||
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
|
||||
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
|
||||
- Add Conflicts on mod_ssl
|
||||
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
|
||||
- Update minimum n-v-r of sssd to 1.8.0
|
||||
- Update minimum n-v-r of slapi-nis to 0.38
|
||||
- Update minimum n-v-r of pki-* to 9.0.18
|
||||
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
|
||||
- Update conflicts on bind to < 9.9.0-1
|
||||
- Drop requires on krb5-server-ldap
|
||||
- Add patch to remove escaping arguments to pkisilent
|
||||
|
||||
* Mon Feb 06 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.1
|
||||
- Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user