Update to 2.2.0 beta1, fix shell escaping to work with dogtag 9.0.18.

- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
- Add Conflicts on mod_ssl
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
- Update minimum n-v-r of sssd to 1.8.0
- Update minimum n-v-r of slapi-nis to 0.38
- Update minimum n-v-r of pki-* to 9.0.18
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
- Update conflicts on bind to < 9.9.0-1
- Drop requires on krb5-server-ldap
- Add patch to remove escaping arguments to pkisilent
This commit is contained in:
Rob Crittenden 2012-03-19 14:30:56 -04:00
parent c3929a4ff3
commit 18a9ea07cd
4 changed files with 86 additions and 21 deletions

1
.gitignore vendored
View File

@ -12,3 +12,4 @@
/freeipa-2.1.3-wait_for_socket.patch.gz
/freeipa-2.1.4.tar.gz
/freeipa-2.1.90.pre1.tar.gz
/freeipa-2.1.90.rc1.tar.gz

View File

@ -0,0 +1,33 @@
From 3bce02b17edfbdf90ecdac2f9643e28eb20a170a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 13 Mar 2012 21:53:06 -0400
Subject: [PATCH] No longer shell escape the DM password when calling
pkisilent.
pkisilent was modified to handle escaping characters itself in
BZ https://bugzilla.redhat.com/show_bug.cgi?id=769388
This removes the workaround from ticket 1636.
https://fedorahosted.org/freeipa/ticket/2529
---
ipaserver/install/cainstance.py | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 6012ae1c7a00a87522fc0778f2cb355a3924d805..894e1951fa0c6f1a0f235cce0520c275724f227d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -659,9 +659,6 @@ class CAInstance(service.Service):
args.append("-clone")
args.append("false")
- # pkisilent does not escape the arguments before passing them to shell
- args[2:] = [ipautil.shell_quote(i) for i in args[2:]]
-
# Define the things we don't want logged
nolog = (self.admin_password, self.dm_password,)
--
1.7.6

View File

@ -11,24 +11,22 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif
%global POLICYCOREUTILSVER 1.33.12-1
%global gettext_domain ipa
%global VERSION 2.1.90.pre1
%global VERSION 2.1.90.rc1
Name: freeipa
Version: 2.1.90
Release: 0.1%{?dist}
Release: 0.2%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
License: GPLv3+
URL: http://www.freeipa.org/
Source0: freeipa-%{VERSION}.tar.gz
Patch7: freeipa-2.1.4-inifiles-support.patch
Patch8: freeipa-2.1.4-python-ldap-2.4.6-support.patch
Patch9: freeipa-2.1.4-upgrade-systemd.patch
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
Patch10: freeipa-2.1.90-shellescape.patch
BuildRoot: %{_tmppath}/%{name}-%{VERSION}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.2.10-0.6.a6
BuildRequires: 389-ds-base-devel >= 1.2.10.4
BuildRequires: svrcore-devel
BuildRequires: /usr/share/selinux/devel/Makefile
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
@ -61,6 +59,8 @@ BuildRequires: python-rhsm
BuildRequires: pyOpenSSL
BuildRequires: pylint
BuildRequires: libipa_hbac-python
BuildRequires: python-memcached
BuildRequires: sssd >= 1.8.0
%description
IPA is an integrated solution to provide centrally managed Identity (machine,
@ -76,31 +76,32 @@ Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires: %{name}-server-selinux = %{version}-%{release}
Requires(pre): 389-ds-base >= 1.2.10-0.8.a7
Requires(pre): 389-ds-base >= 1.2.10.4
Requires: openldap-clients
Requires: nss
Requires: nss-tools
Requires: krb5-server >= 1.10-2
Requires: krb5-server-ldap
Requires: krb5-pkinit-openssl
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp
Requires: httpd
Requires: mod_wsgi
Requires: mod_auth_kerb
Requires: mod_auth_kerb >= 5.4-9
Requires: mod_nss >= 1.0.8-10
Requires: python-ldap
Requires: python-krbV
Requires: acl
Requires: python-pyasn1 >= 0.0.9a
Requires: memcached
Requires: python-memcached
Requires: systemd-units >= 36-3
Requires(pre): systemd-units
Requires(post): systemd-units
Requires: selinux-policy >= 3.10.0-82
Requires(post): selinux-policy-base
Requires: slapi-nis >= 0.36
Requires: pki-ca >= 9.0.17
Requires: pki-silent >= 9.0.17
Requires: slapi-nis >= 0.38
Requires: pki-ca >= 9.0.18
Requires: pki-silent >= 9.0.18
# Only tomcat6 greater than this version provides proper systemd support
Requires: tomcat6 >= 6.0.32-17
Requires: dogtag-pki-common-theme
@ -114,8 +115,12 @@ Requires(postun): python systemd-units
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
# that work for us.
Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1
Conflicts: bind < 9.8.1-1
Conflicts: bind-dyndb-ldap < 1.1.0-0.9.b1
Conflicts: bind < 9.9.0-1
# mod_proxy provides a single API to communicate over SSL. If mod_ssl
# is even loaded into Apache then it grabs this interface.
Conflicts: mod_ssl
Obsoletes: ipa-server >= 1.0
@ -159,7 +164,7 @@ Requires: pam_krb5
Requires: wget
Requires: libcurl >= 7.21.7-2
Requires: xmlrpc-c >= 1.27.4
Requires: sssd >= 1.6.2
Requires: sssd >= 1.8.0
Requires: certmonger >= 0.26
Requires: nss-tools
Requires: bind-utils
@ -218,9 +223,7 @@ package.
%prep
%setup -n freeipa-%{VERSION} -q
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build
export CFLAGS="$CFLAGS %{optflags}"
@ -303,7 +306,17 @@ mkdir -p %{buildroot}%{_initrddir}
mkdir -p %{buildroot}%{_unitdir}
install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
mkdir -p %{buildroot}%{_libexecdir}
install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
install -m 755 init/systemd/freeipa-systemd-upgrade %{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
mkdir -p %{buildroot}%{_initrddir}
mkdir %{buildroot}%{_sysconfdir}/sysconfig/
install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf
%endif
mkdir -p %{buildroot}%{_sysconfdir}/ipa/
@ -419,8 +432,12 @@ fi
%{_sbindir}/ipa-upgradeconfig
%{_sbindir}/ipa-compliance
%{_sysconfdir}/cron.d/ipa-compliance
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
%config %{_sysconfdir}/tmpfiles.d/ipa.conf
# Use systemd scheme
%attr(644,root,root) %{_unitdir}/ipa.service
%attr(644,root,root) %{_unitdir}/ipa_memcached.service
%{_libexecdir}/freeipa-systemd-upgrade
%dir %{python_sitelib}/ipaserver
%{python_sitelib}/ipaserver/*
@ -438,10 +455,11 @@ fi
%{_usr}/share/ipa/migration/error.html
%{_usr}/share/ipa/migration/index.html
%{_usr}/share/ipa/migration/invalid.html
%{_usr}/share/ipa/migration/ipa_migration.css
%{_usr}/share/ipa/migration/migration.py*
%dir %{_usr}/share/ipa/ui
%{_usr}/share/ipa/ui/index.html
%{_usr}/share/ipa/ui/login.html
%{_usr}/share/ipa/ui/logout.html
%{_usr}/share/ipa/ui/*.ico
%{_usr}/share/ipa/ui/*.css
%{_usr}/share/ipa/ui/*.js
@ -556,6 +574,19 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
* Mon Mar 19 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.2
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
- Add Conflicts on mod_ssl
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
- Update minimum n-v-r of sssd to 1.8.0
- Update minimum n-v-r of slapi-nis to 0.38
- Update minimum n-v-r of pki-* to 9.0.18
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
- Update conflicts on bind to < 9.9.0-1
- Drop requires on krb5-server-ldap
- Add patch to remove escaping arguments to pkisilent
* Mon Feb 06 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.1
- Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)

View File

@ -1 +1 @@
c0d9c3bbc2ba603d14f97098fe11057d freeipa-2.1.90.pre1.tar.gz
cca14e87c51ea081564dda7e15775d46 freeipa-2.1.90.rc1.tar.gz