From 1a7895e56c5e365c7c6e85381e379dd589829e1e Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Wed, 17 May 2017 17:52:32 +0200 Subject: [PATCH] 4.4.4-2 bugfixes - Fixes #1448049 Subpackage freeipa-server-common has unmet dependencies on Rawhide - Fixes #1430247 FreeIPA server deployment runs ipa-custodia on Python 3, should use Python 2 - Fixes #1446744 python2-ipaclient subpackage does not own %{python_sitelib}/ipaclient/plugins - Fixes #1440525 surplus 'the' in output of `ipa-adtrust-install` - Fixes #1411810 ipa-replica-install fails with 406 Client Error - Fixes #1405814 ipa plugins: ERROR an internal error occured --- ...ch => 0002-bind-dyndb-ldap-DNS-fixes.patch | 0 0003-Run-ipa-custodia-under-Python-2.patch | 106 ++++++++++++++++++ ...the-in-output-of-ipa-adtrust-install.patch | 30 +++++ 0005-Add-fix-for-ipa-plugins-command.patch | 49 ++++++++ freeipa.spec | 29 ++++- 5 files changed, 208 insertions(+), 6 deletions(-) rename 0003-bind-dyndb-ldap-DNS-fixes.patch => 0002-bind-dyndb-ldap-DNS-fixes.patch (100%) create mode 100644 0003-Run-ipa-custodia-under-Python-2.patch create mode 100644 0004-Remove-surplus-the-in-output-of-ipa-adtrust-install.patch create mode 100644 0005-Add-fix-for-ipa-plugins-command.patch diff --git a/0003-bind-dyndb-ldap-DNS-fixes.patch b/0002-bind-dyndb-ldap-DNS-fixes.patch similarity index 100% rename from 0003-bind-dyndb-ldap-DNS-fixes.patch rename to 0002-bind-dyndb-ldap-DNS-fixes.patch diff --git a/0003-Run-ipa-custodia-under-Python-2.patch b/0003-Run-ipa-custodia-under-Python-2.patch new file mode 100644 index 0000000..804fa1e --- /dev/null +++ b/0003-Run-ipa-custodia-under-Python-2.patch @@ -0,0 +1,106 @@ +From 307c4bd62609c9ac58633e3ccc61d85e2caacbcc Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Wed, 3 May 2017 16:38:21 +0200 +Subject: [PATCH] Run ipa-custodia under Python 2 + +Closes: https://pagure.io/freeipa/issue/6926 +Signed-off-by: Christian Heimes +Reviewed-By: Stanislav Laznicka +--- + freeipa.spec.in | 10 ++++++---- + init/systemd/ipa-custodia.service | 3 +-- + install/tools/Makefile.am | 1 + + install/tools/ipa-custodia | 6 ++++++ + 4 files changed, 14 insertions(+), 6 deletions(-) + create mode 100755 install/tools/ipa-custodia + +diff --git a/freeipa.spec.in b/freeipa.spec.in +index e0f1df2..21f2416 100644 +--- a/freeipa.spec.in ++++ b/freeipa.spec.in +@@ -112,7 +112,8 @@ BuildRequires: python-pytest-sourceorder + BuildRequires: python-kdcproxy >= 0.3 + BuildRequires: python-six + BuildRequires: python-jwcrypto +-BuildRequires: custodia ++# install/tools/ipa-custodia needs custodia 0.2+ ++BuildRequires: custodia >= 0.2 + BuildRequires: libini_config-devel >= 1.2.0 + BuildRequires: dbus-python + BuildRequires: python-netifaces >= 0.10.4 +@@ -246,7 +247,7 @@ BuildArch: noarch + Requires: %{name}-client-common = %{version}-%{release} + Requires: httpd >= 2.4.6-31 + Requires: systemd-units >= 38 +-Requires: custodia ++Requires: custodia >= 0.2 + + Provides: %{alt_name}-server-common = %{version} + Conflicts: %{alt_name}-server-common +@@ -498,7 +499,7 @@ Requires: python-jwcrypto + Requires: python-cffi + Requires: python-ldap >= 2.4.15 + Requires: python-requests +-Requires: python-custodia ++Requires: python-custodia >= 0.2 + Requires: python-dns >= 1.13 + Requires: python-netifaces >= 0.10.4 + Requires: pyusb +@@ -546,7 +547,7 @@ Requires: python3-six + Requires: python3-jwcrypto + Requires: python3-cffi + Requires: python3-pyldap >= 2.4.15 +-Requires: python3-custodia ++Requires: python3-custodia >= 0.2 + Requires: python3-requests + Requires: python3-dns >= 1.11.1 + Requires: python3-netifaces >= 0.10.4 +@@ -1069,6 +1070,7 @@ fi + %{_libexecdir}/certmonger/ipa-server-guard + %{_libexecdir}/ipa-otpd + %dir %{_libexecdir}/ipa ++%{_libexecdir}/ipa/ipa-custodia + %{_libexecdir}/ipa/ipa-dnskeysyncd + %{_libexecdir}/ipa/ipa-dnskeysync-replica + %{_libexecdir}/ipa/ipa-ods-exporter +diff --git a/init/systemd/ipa-custodia.service b/init/systemd/ipa-custodia.service +index ff930fb..63246c4 100644 +--- a/init/systemd/ipa-custodia.service ++++ b/init/systemd/ipa-custodia.service +@@ -3,8 +3,7 @@ Description=IPA Custodia Service + + [Service] + Type=simple +- +-ExecStart=/usr/sbin/custodia /etc/ipa/custodia/custodia.conf ++ExecStart=/usr/libexec/ipa/ipa-custodia /etc/ipa/custodia/custodia.conf + PrivateTmp=yes + Restart=on-failure + RestartSec=60s +diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am +index 2866a30..66ee9e3 100644 +--- a/install/tools/Makefile.am ++++ b/install/tools/Makefile.am +@@ -38,6 +38,7 @@ EXTRA_DIST = \ + + appdir = $(libexecdir)/ipa/ + app_SCRIPTS = \ ++ ipa-custodia \ + ipa-httpd-kdcproxy \ + ipa-pki-retrieve-key \ + $(NULL) +diff --git a/install/tools/ipa-custodia b/install/tools/ipa-custodia +new file mode 100755 +index 0000000..2086a9c +--- /dev/null ++++ b/install/tools/ipa-custodia +@@ -0,0 +1,6 @@ ++#!/usr/bin/python2 ++# Copyright (C) 2017 IPA Project Contributors, see COPYING for license ++from custodia.server import main ++ ++if __name__ == '__main__': ++ main() +-- +2.9.3 + diff --git a/0004-Remove-surplus-the-in-output-of-ipa-adtrust-install.patch b/0004-Remove-surplus-the-in-output-of-ipa-adtrust-install.patch new file mode 100644 index 0000000..2dc207c --- /dev/null +++ b/0004-Remove-surplus-the-in-output-of-ipa-adtrust-install.patch @@ -0,0 +1,30 @@ +From 9d5a719a2436d5afca74ce78ae1b14ccdcfbbf0e Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Wed, 17 May 2017 09:33:42 +0200 +Subject: [PATCH] Remove surplus 'the' in output of ipa-adtrust-install + +Fixing the typo + +https://pagure.io/freeipa/issue/6864 + +Reviewed-By: Stanislav Laznicka +--- + install/tools/ipa-adtrust-install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install +index d738cc6..0f61075 100755 +--- a/install/tools/ipa-adtrust-install ++++ b/install/tools/ipa-adtrust-install +@@ -370,7 +370,7 @@ def main(): + print("WARNING: %d existing users or groups do not have a SID identifier assigned." \ + % len(entries)) + print("Installer can run a task to have ipa-sidgen Directory Server plugin generate") +- print("the SID identifier for all these users. Please note, the in case of a high") ++ print("the SID identifier for all these users. Please note, in case of a high") + print("number of users and groups, the operation might lead to high replication") + print("traffic and performance degradation. Refer to ipa-adtrust-install(1) man page") + print("for details.") +-- +2.9.3 + diff --git a/0005-Add-fix-for-ipa-plugins-command.patch b/0005-Add-fix-for-ipa-plugins-command.patch new file mode 100644 index 0000000..3f2b904 --- /dev/null +++ b/0005-Add-fix-for-ipa-plugins-command.patch @@ -0,0 +1,49 @@ +From 5536b06c0f289f1408d5ca5525a53494a08337a5 Mon Sep 17 00:00:00 2001 +From: Abhijeet Kasurde +Date: Thu, 12 Jan 2017 18:38:37 +0530 +Subject: [PATCH] Add fix for ipa plugins command + +Fix adds count of plugins loaded to return dict + +Fixes https://fedorahosted.org/freeipa/ticket/6513 + +Signed-off-by: Abhijeet Kasurde +Reviewed-By: Martin Basti +Reviewed-By: Martin Babinsky +--- + ipaserver/plugins/misc.py | 3 ++- + ipatests/test_cmdline/test_cli.py | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/ipaserver/plugins/misc.py b/ipaserver/plugins/misc.py +index 7618e23..fa8224f 100644 +--- a/ipaserver/plugins/misc.py ++++ b/ipaserver/plugins/misc.py +@@ -138,8 +138,9 @@ class plugins(LocalOrRemote): + for plugin in self.api[namespace](): + cls = type(plugin) + key = '{}.{}'.format(cls.__module__, cls.__name__) +- result.setdefault(key, []).append(namespace) ++ result.setdefault(key, []).append(namespace.decode('utf-8')) + + return dict( + result=result, ++ count=len(result), + ) +diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py +index 07bab23..4585126 100644 +--- a/ipatests/test_cmdline/test_cli.py ++++ b/ipatests/test_cmdline/test_cli.py +@@ -51,6 +51,9 @@ class TestCLIParsing(object): + def test_ping(self): + self.check_command('ping', 'ping') + ++ def test_plugins(self): ++ self.check_command('plugins', 'plugins') ++ + def test_user_show(self): + self.check_command('user-show admin', 'user_show', uid=u'admin') + +-- +2.9.3 + diff --git a/freeipa.spec b/freeipa.spec index e88b55e..1502641 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -38,7 +38,7 @@ Name: freeipa Version: %{VERSION} -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Identity, Policy and Audit system Group: System Environment/Base @@ -49,7 +49,10 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.as BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch -Patch0002: 0003-bind-dyndb-ldap-DNS-fixes.patch +Patch0002: 0002-bind-dyndb-ldap-DNS-fixes.patch +Patch0003: 0003-Run-ipa-custodia-under-Python-2.patch +Patch0004: 0004-Remove-surplus-the-in-output-of-ipa-adtrust-install.patch +Patch0005: 0005-Add-fix-for-ipa-plugins-command.patch %if ! %{ONLY_CLIENT} BuildRequires: 389-ds-base-devel >= 1.3.5.6 @@ -121,7 +124,8 @@ BuildRequires: python-pytest-sourceorder BuildRequires: python-kdcproxy >= 0.3 BuildRequires: python-six BuildRequires: python-jwcrypto -BuildRequires: custodia +# 0.3: sd_notify (https://pagure.io/freeipa/issue/5825) +BuildRequires: custodia >= 0.3.1 BuildRequires: libini_config-devel >= 1.2.0 BuildRequires: dbus-python BuildRequires: python-netifaces >= 0.10.4 @@ -255,7 +259,7 @@ BuildArch: noarch Requires: %{name}-client-common = %{version}-%{release} Requires: httpd >= 2.4.6-31 Requires: systemd-units >= 38 -Requires: custodia +Requires: custodia >= 0.3.1 Provides: %{alt_name}-server-common = %{version} Conflicts: %{alt_name}-server-common @@ -501,7 +505,7 @@ Requires: python-jwcrypto Requires: python-cffi Requires: python-ldap >= 2.4.15 Requires: python-requests -Requires: python-custodia +Requires: python-custodia >= 0.3.1 Requires: python-dns >= 1.13 Requires: python-netifaces >= 0.10.4 Requires: pyusb @@ -549,7 +553,7 @@ Requires: python3-six Requires: python3-jwcrypto Requires: python3-cffi Requires: python3-pyldap >= 2.4.15 -Requires: python3-custodia +Requires: python3-custodia >= 0.3.1 Requires: python3-requests Requires: python3-dns >= 1.11.1 Requires: python3-netifaces >= 0.10.4 @@ -1098,6 +1102,7 @@ fi %{_libexecdir}/certmonger/ipa-server-guard %{_libexecdir}/ipa-otpd %dir %{_libexecdir}/ipa +%{_libexecdir}/ipa/ipa-custodia %{_libexecdir}/ipa/ipa-dnskeysyncd %{_libexecdir}/ipa/ipa-dnskeysync-replica %{_libexecdir}/ipa/ipa-ods-exporter @@ -1336,7 +1341,9 @@ fi %license COPYING %dir %{python_sitelib}/ipaclient %{python_sitelib}/ipaclient/*.py* +%dir %{python_sitelib}/ipaclient/plugins %{python_sitelib}/ipaclient/plugins/*.py* +%dir %{python_sitelib}/ipaclient/remote_plugins %{python_sitelib}/ipaclient/remote_plugins/*.py* %{python_sitelib}/ipaclient/remote_plugins/2_*/*.py* %{python_sitelib}/ipaclient-*.egg-info @@ -1351,8 +1358,10 @@ fi %dir %{python3_sitelib}/ipaclient %{python3_sitelib}/ipaclient/*.py %{python3_sitelib}/ipaclient/__pycache__/*.py* +%dir %{python3_sitelib}/ipaclient/plugins %{python3_sitelib}/ipaclient/plugins/*.py %{python3_sitelib}/ipaclient/plugins/__pycache__/*.py* +%dir %{python3_sitelib}/ipaclient/remote_plugins %{python3_sitelib}/ipaclient/remote_plugins/*.py %{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py* %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py @@ -1483,6 +1492,14 @@ fi %endif # ONLY_CLIENT %changelog +* Tue May 23 2017 Tomas Krizek - 4.4.4-2 +- Fixes #1448049 Subpackage freeipa-server-common has unmet dependencies on Rawhide +- Fixes #1430247 FreeIPA server deployment runs ipa-custodia on Python 3, should use Python 2 +- Fixes #1446744 python2-ipaclient subpackage does not own %{python_sitelib}/ipaclient/plugins +- Fixes #1440525 surplus 'the' in output of `ipa-adtrust-install` +- Fixes #1411810 ipa-replica-install fails with 406 Client Error +- Fixes #1405814 ipa plugins: ERROR an internal error occured + * Fri Mar 24 2017 Tomas Krizek - 4.4.4-1 - Update to upstream 4.4.4 - see https://www.freeipa.org/page/Releases/4.4.4 - Add upstream signature file for tarball