diff --git a/.gitignore b/.gitignore index e26dc56..ce998d8 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ /freeipa-2.1.3-wait_for_socket.patch.gz /freeipa-2.1.4.tar.gz /freeipa-2.1.90.pre1.tar.gz +/freeipa-2.1.90.rc1.tar.gz diff --git a/freeipa-2.1.90-shellescape.patch b/freeipa-2.1.90-shellescape.patch new file mode 100644 index 0000000..6077ca0 --- /dev/null +++ b/freeipa-2.1.90-shellescape.patch @@ -0,0 +1,33 @@ +From 3bce02b17edfbdf90ecdac2f9643e28eb20a170a Mon Sep 17 00:00:00 2001 +From: Rob Crittenden +Date: Tue, 13 Mar 2012 21:53:06 -0400 +Subject: [PATCH] No longer shell escape the DM password when calling + pkisilent. + +pkisilent was modified to handle escaping characters itself in +BZ https://bugzilla.redhat.com/show_bug.cgi?id=769388 + +This removes the workaround from ticket 1636. + +https://fedorahosted.org/freeipa/ticket/2529 +--- + ipaserver/install/cainstance.py | 3 --- + 1 files changed, 0 insertions(+), 3 deletions(-) + +diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py +index 6012ae1c7a00a87522fc0778f2cb355a3924d805..894e1951fa0c6f1a0f235cce0520c275724f227d 100644 +--- a/ipaserver/install/cainstance.py ++++ b/ipaserver/install/cainstance.py +@@ -659,9 +659,6 @@ class CAInstance(service.Service): + args.append("-clone") + args.append("false") + +- # pkisilent does not escape the arguments before passing them to shell +- args[2:] = [ipautil.shell_quote(i) for i in args[2:]] +- + # Define the things we don't want logged + nolog = (self.admin_password, self.dm_password,) + +-- +1.7.6 + diff --git a/freeipa.spec b/freeipa.spec index 6d23c3b..0c95feb 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -11,24 +11,22 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %endif %global POLICYCOREUTILSVER 1.33.12-1 %global gettext_domain ipa -%global VERSION 2.1.90.pre1 +%global VERSION 2.1.90.rc1 Name: freeipa Version: 2.1.90 -Release: 0.1%{?dist} +Release: 0.2%{?dist} Summary: The Identity, Policy and Audit system Group: System Environment/Base License: GPLv3+ URL: http://www.freeipa.org/ -Source0: freeipa-%{VERSION}.tar.gz -Patch7: freeipa-2.1.4-inifiles-support.patch -Patch8: freeipa-2.1.4-python-ldap-2.4.6-support.patch -Patch9: freeipa-2.1.4-upgrade-systemd.patch +Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz +Patch10: freeipa-2.1.90-shellescape.patch BuildRoot: %{_tmppath}/%{name}-%{VERSION}-%{release}-root-%(%{__id_u} -n) %if ! %{ONLY_CLIENT} -BuildRequires: 389-ds-base-devel >= 1.2.10-0.6.a6 +BuildRequires: 389-ds-base-devel >= 1.2.10.4 BuildRequires: svrcore-devel BuildRequires: /usr/share/selinux/devel/Makefile BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER} @@ -61,6 +59,8 @@ BuildRequires: python-rhsm BuildRequires: pyOpenSSL BuildRequires: pylint BuildRequires: libipa_hbac-python +BuildRequires: python-memcached +BuildRequires: sssd >= 1.8.0 %description IPA is an integrated solution to provide centrally managed Identity (machine, @@ -76,31 +76,32 @@ Requires: %{name}-python = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release} Requires: %{name}-server-selinux = %{version}-%{release} -Requires(pre): 389-ds-base >= 1.2.10-0.8.a7 +Requires(pre): 389-ds-base >= 1.2.10.4 Requires: openldap-clients Requires: nss Requires: nss-tools Requires: krb5-server >= 1.10-2 -Requires: krb5-server-ldap Requires: krb5-pkinit-openssl Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp Requires: httpd Requires: mod_wsgi -Requires: mod_auth_kerb +Requires: mod_auth_kerb >= 5.4-9 Requires: mod_nss >= 1.0.8-10 Requires: python-ldap Requires: python-krbV Requires: acl Requires: python-pyasn1 >= 0.0.9a +Requires: memcached +Requires: python-memcached Requires: systemd-units >= 36-3 Requires(pre): systemd-units Requires(post): systemd-units Requires: selinux-policy >= 3.10.0-82 Requires(post): selinux-policy-base -Requires: slapi-nis >= 0.36 -Requires: pki-ca >= 9.0.17 -Requires: pki-silent >= 9.0.17 +Requires: slapi-nis >= 0.38 +Requires: pki-ca >= 9.0.18 +Requires: pki-silent >= 9.0.18 # Only tomcat6 greater than this version provides proper systemd support Requires: tomcat6 >= 6.0.32-17 Requires: dogtag-pki-common-theme @@ -114,8 +115,12 @@ Requires(postun): python systemd-units # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions # that work for us. -Conflicts: bind-dyndb-ldap < 1.0.0-0.1.b1 -Conflicts: bind < 9.8.1-1 +Conflicts: bind-dyndb-ldap < 1.1.0-0.9.b1 +Conflicts: bind < 9.9.0-1 + +# mod_proxy provides a single API to communicate over SSL. If mod_ssl +# is even loaded into Apache then it grabs this interface. +Conflicts: mod_ssl Obsoletes: ipa-server >= 1.0 @@ -159,7 +164,7 @@ Requires: pam_krb5 Requires: wget Requires: libcurl >= 7.21.7-2 Requires: xmlrpc-c >= 1.27.4 -Requires: sssd >= 1.6.2 +Requires: sssd >= 1.8.0 Requires: certmonger >= 0.26 Requires: nss-tools Requires: bind-utils @@ -218,9 +223,7 @@ package. %prep %setup -n freeipa-%{VERSION} -q -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 +%patch10 -p1 %build export CFLAGS="$CFLAGS %{optflags}" @@ -303,7 +306,17 @@ mkdir -p %{buildroot}%{_initrddir} mkdir -p %{buildroot}%{_unitdir} install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service mkdir -p %{buildroot}%{_libexecdir} +install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service install -m 755 init/systemd/freeipa-systemd-upgrade %{buildroot}%{_libexecdir}/freeipa-systemd-upgrade + +mkdir -p %{buildroot}%{_initrddir} +mkdir %{buildroot}%{_sysconfdir}/sysconfig/ +install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached +mkdir -p %{buildroot}%{_localstatedir}/run/ +install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/ + +mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ +install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf %endif mkdir -p %{buildroot}%{_sysconfdir}/ipa/ @@ -419,8 +432,12 @@ fi %{_sbindir}/ipa-upgradeconfig %{_sbindir}/ipa-compliance %{_sysconfdir}/cron.d/ipa-compliance +%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached +%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/ +%config %{_sysconfdir}/tmpfiles.d/ipa.conf # Use systemd scheme %attr(644,root,root) %{_unitdir}/ipa.service +%attr(644,root,root) %{_unitdir}/ipa_memcached.service %{_libexecdir}/freeipa-systemd-upgrade %dir %{python_sitelib}/ipaserver %{python_sitelib}/ipaserver/* @@ -438,10 +455,11 @@ fi %{_usr}/share/ipa/migration/error.html %{_usr}/share/ipa/migration/index.html %{_usr}/share/ipa/migration/invalid.html -%{_usr}/share/ipa/migration/ipa_migration.css %{_usr}/share/ipa/migration/migration.py* %dir %{_usr}/share/ipa/ui %{_usr}/share/ipa/ui/index.html +%{_usr}/share/ipa/ui/login.html +%{_usr}/share/ipa/ui/logout.html %{_usr}/share/ipa/ui/*.ico %{_usr}/share/ipa/ui/*.css %{_usr}/share/ipa/ui/*.js @@ -556,6 +574,19 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Mon Mar 19 2012 Rob Crittenden - 2.1.90-0.2 +- Update to upstream 2.2.0 beta 1 (2.1.90.rc1) +- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18. +- Add Conflicts on mod_ssl +- Update minimum n-v-r of 389-ds-base to 1.2.10.4 +- Update minimum n-v-r of sssd to 1.8.0 +- Update minimum n-v-r of slapi-nis to 0.38 +- Update minimum n-v-r of pki-* to 9.0.18 +- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1 +- Update conflicts on bind to < 9.9.0-1 +- Drop requires on krb5-server-ldap +- Add patch to remove escaping arguments to pkisilent + * Mon Feb 06 2012 Rob Crittenden - 2.1.90-0.1 - Update to upstream 2.2.0 alpha 1 (2.1.90.pre1) diff --git a/sources b/sources index 664d51b..ba551e2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c0d9c3bbc2ba603d14f97098fe11057d freeipa-2.1.90.pre1.tar.gz +cca14e87c51ea081564dda7e15775d46 freeipa-2.1.90.rc1.tar.gz