rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to current upstream state of 3.0.0 beta 2 development

Browse Source
This commit is contained in:
Martin Kosek 2012-08-06 16:54:59 +02:00
parent 10af3ccf36
commit 23157c3804
10 changed files with 125 additions and 451 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
freeipa-2.1.4-inifiles-support.patch
View File

@ -1,139 +0,0 @@
From 16d3d30130215d74295e89ba5a51522eed45e180 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 1 Feb 2012 14:20:53 +0200
Subject: [PATCH 1/3] Add management of inifiles to allow manipulation of
systemd units
inifile_replace_variables() works similar to config_replace_variables() but
allows to apply changes to specific section of an inifile. Inifiles are
commonly used by freedesktop.org software and particularly used by systemd.
When modifying inifile, all changes will be applied to specific section.
Also fixes corner case in config_replace_variables() which would dublicate
variables when adding them.
---
ipapython/ipautil.py | 100 +++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 99 insertions(+), 1 deletions(-)
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 718f209b32649df23177dcab7d5105d01c0cd7bc..e141e00171cb86bec58a6be0b3e7d1f51a24faf1 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -1245,7 +1245,7 @@ $)''', re.VERBOSE)
new_vars = replacevars.copy()
new_vars.update(appendvars)
newvars_view = set(new_vars.keys()) - set(old_values.keys())
- append_view = (set(appendvars.keys()) - set(replacevars.keys())) - set(old_values.keys())
+ append_view = (set(appendvars.keys()) - newvars_view)
for item in newvars_view:
new_config.write("%s=%s\n" % (item,new_vars[item]))
for item in append_view:
@@ -1262,6 +1262,104 @@ $)''', re.VERBOSE)
return old_values
+def inifile_replace_variables(filepath, section, replacevars=dict(), appendvars=dict()):
+ """
+ Take a section-structured key=value based configuration file, and write new version
+ with certain values replaced or appended within the section
+
+ All (key,value) pairs from replacevars and appendvars that were not found
+ in the configuration file, will be added there.
+
+ It is responsibility of a caller to ensure that replacevars and
+ appendvars do not overlap.
+
+ It is responsibility of a caller to back up file.
+
+ returns dictionary of affected keys and their previous values
+
+ One have to run restore_context(filepath) afterwards or
+ security context of the file will not be correct after modification
+ """
+ pattern = re.compile('''
+(^
+ \[
+ (?P<section> .+) \]
+ (\s+((\#|;).*)?)?
+$)|(^
+ \s*
+ (?P<option> [^\#;]+?)
+ (\s*=\s*)
+ (?P<value> .+?)?
+ (\s*((\#|;).*)?)?
+$)''', re.VERBOSE)
+ def add_options(config, replacevars, appendvars, oldvars):
+ # add all options from replacevars and appendvars that were not found in the file
+ new_vars = replacevars.copy()
+ new_vars.update(appendvars)
+ newvars_view = set(new_vars.keys()) - set(oldvars.keys())
+ append_view = (set(appendvars.keys()) - newvars_view)
+ for item in newvars_view:
+ config.write("%s=%s\n" % (item,new_vars[item]))
+ for item in append_view:
+ config.write("%s=%s\n" % (item,appendvars[item]))
+
+ orig_stat = os.stat(filepath)
+ old_values = dict()
+ temp_filename = None
+ with tempfile.NamedTemporaryFile(delete=False) as new_config:
+ temp_filename = new_config.name
+ with open(filepath, 'r') as f:
+ in_section = False
+ finished = False
+ line_idx = 1
+ for line in f:
+ line_idx = line_idx + 1
+ new_line = line
+ m = pattern.match(line)
+ if m:
+ sect, option, value = m.group('section', 'option', 'value')
+ if in_section and sect is not None:
+ # End of the searched section, add remaining options
+ add_options(new_config, replacevars, appendvars, old_values)
+ finished = True
+ if sect is not None:
+ # New section is found, check whether it is the one we are looking for
+ in_section = (str(sect).lower() == str(section).lower())
+ if option is not None and in_section:
+ # Great, this is an option from the section we are loking for
+ if replacevars and option in replacevars:
+ # replace value completely
+ new_line = u"%s=%s\n" % (option, replacevars[option])
+ old_values[option] = value
+ if appendvars and option in appendvars:
+ # append a new value unless it is already existing in the original one
+ if not value:
+ new_line = u"%s=%s\n" % (option, appendvars[option])
+ elif value.find(appendvars[option]) == -1:
+ new_line = u"%s=%s %s\n" % (option, value, appendvars[option])
+ old_values[option] = value
+ new_config.write(new_line)
+ # We have finished parsing the original file.
+ # There are two remaining cases:
+ # 1. Section we were looking for was not found, we need to add it.
+ if not (in_section or finished):
+ new_config.write("[%s]\n" % (section))
+ # 2. The section is the last one but some options were not found, add them.
+ if in_section or not finished:
+ add_options(new_config, replacevars, appendvars, old_values)
+
+ new_config.flush()
+ # Make sure the resulting file is readable by others before installing it
+ os.fchmod(new_config.fileno(), orig_stat.st_mode)
+ os.fchown(new_config.fileno(), orig_stat.st_uid, orig_stat.st_gid)
+
+ # At this point new_config is closed but not removed due to 'delete=False' above
+ # Now, install the temporary file as configuration and ensure old version is available as .orig
+ # While .orig file is not used during uninstall, it is left there for administrator.
+ install_file(temp_filename, filepath)
+
+ return old_values
+
def backup_config_and_replace_variables(fstore, filepath, replacevars=dict(), appendvars=dict()):
"""
Take a key=value based configuration file, back up it, and
--
1.7.8.3

26
freeipa-2.1.4-python-ldap-2.4.6-support.patch
View File

@ -1,26 +0,0 @@
From a639ff31c65b6fabfa916e0ea9256fad9e90d3cf Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 1 Feb 2012 14:25:46 +0200
Subject: [PATCH 2/3] Adopt to python-ldap 2.4.6 by removing unused references
which are not available in python-ldap anymore
---
ipaserver/ipaldap.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index 1820e690b10c820efcd3217801bde6b685bbf20b..89c031290acb5c041e0fa5e9412bbc85eb0288ec 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -31,7 +31,7 @@ import time
import struct
import ldap.sasl
import ldapurl
-from ldap.controls import LDAPControl,DecodeControlTuples,EncodeControlTuples
+from ldap.controls import LDAPControl
from ldap.ldapobject import SimpleLDAPObject
from ipaserver import ipautil
from ipaserver.install import installutils
--
1.7.8.3

214
freeipa-2.1.4-upgrade-systemd.patch
View File

@ -1,214 +0,0 @@
From a9c0a0bc8d3fcf27bb16a92002d944c2a71f7ce7 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 1 Feb 2012 17:51:24 +0200
Subject: [PATCH 3/3] Handle upgrade issues with systemd in Fedora 16 and
above
Since 389-ds-base-1.2.10-0.8.a7 Directory Server's systemd settings are
configured via /etc/sysconfig/dirsrv.systemd. It means logic change in
systemd/fedora16 platform of FreeIPA.
Additionally, existing installs need to be handled during upgrade.
Fixes:
https://fedorahosted.org/freeipa/ticket/2117
https://fedorahosted.org/freeipa/ticket/2300
---
init/systemd/freeipa-systemd-upgrade | 96 ++++++++++++++++++++++++++++++++++
ipapython/platform/fedora16.py | 22 ++++----
ipapython/platform/systemd.py | 16 ++----
3 files changed, 113 insertions(+), 21 deletions(-)
create mode 100755 init/systemd/freeipa-systemd-upgrade
diff --git a/init/systemd/freeipa-systemd-upgrade b/init/systemd/freeipa-systemd-upgrade
new file mode 100755
index 0000000000000000000000000000000000000000..572d69df64b335e1a06b358fc9a0f2132807d6a6
--- /dev/null
+++ b/init/systemd/freeipa-systemd-upgrade
@@ -0,0 +1,96 @@
+#! /usr/bin/python -E
+from ipaserver.install.krbinstance import update_key_val_in_file
+from ipapython import ipautil, config
+from ipapython import services as ipaservices
+import os, platform
+
+def convert_java_link(foo, topdir, filepaths):
+ cwd = os.getcwd()
+ os.chdir(topdir)
+ for filepath in filepaths:
+ # All this shouldn't happen because java system upgrade should properly
+ # move files and symlinks but if this is a broken link
+ if os.path.islink(filepath):
+ print " Checking %s ... " % (filepath),
+ if not os.path.exists(filepath):
+ rpath = os.path.realpath(filepath)
+ # .. and it points to jss in /usr/lib
+ if rpath.find('/usr/lib/') != -1 and rpath.find('jss') != -1:
+ base = os.path.basename(rpath)
+ bitness = platform.architecture()[0][:2]
+ # rewrite it to /usr/lib64 for x86_64 platform
+ if bitness == '64':
+ npath = "/usr/lib%s/jss/%s" % (bitness, base)
+ os.unlink(filepath)
+ os.symlink(npath, filepath)
+ print "%s -> %s" % (filepath, npath)
+ else:
+ print "Ok"
+ else:
+ print "Ok"
+ else:
+ print "Ok"
+ os.chdir(cwd)
+
+# 0. Init config
+try:
+ config.init_config()
+except IPAConfigError, e:
+ # No configured IPA install, no need to upgrade anything
+ exit(0)
+
+# 1. Convert broken symlinks, if any, in /var/lib/pki-ca
+if os.path.exists('/var/lib/pki-ca/common/lib'):
+ print "Analyzing symlinks in PKI-CA install"
+ os.path.walk('/var/lib/pki-ca/common/lib', convert_java_link, None)
+
+try:
+ print "Found IPA server for domain %s" % (config.config.default_realm)
+ # 1. Make sure Dogtag instance (if exists) has proper OIDs for IPA CA
+ ipa_ca_cfg = "/var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg"
+ if os.path.exists(ipa_ca_cfg):
+ print "Make sure PKI-CA has Extended Key Usage OIDs for the certificates (Server and Client Authentication)",
+ key = 'policyset.serverCertSet.7.default.params.exKeyUsageOIDs'
+ value = '1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2'
+ replacevars = {key:value}
+ appendvars = {}
+ old_values = ipautil.config_replace_variables(ipa_ca_cfg, replacevars=replacevars, appendvars=appendvars)
+ ipaservices.restore_context(ipa_ca_cfg)
+ if key in old_values and old_values[key] != value:
+ print
+ print " WARNING: Previously issued certificate didn't have both Server and Client Authentication usage"
+ print " Old usage OID(s): %(oids)s" % (old_values[key])
+ print " Please make sure to revoke old certificates and re-issue them again to add both usages when needed"
+ ipaservices.service('pki-cad').restart()
+ else:
+ print "... ok"
+ print "Converting services setup to systemd"
+ # 2. Upgrade /etc/sysconfig/dirsrv for systemd
+ print " Upgrade /etc/sysconfig/dirsrv"
+ update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
+ update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
+ # 3. Upgrade /etc/sysconfig/krb5kdc for systemd
+ print " Upgrade /etc/sysconfig/krb5kdc"
+ replacevars = {'KRB5REALM':config.config.default_realm}
+ appendvars = {}
+ ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",
+ replacevars=replacevars, appendvars=appendvars)
+ ipaservices.restore_context("/etc/sysconfig/krb5kdc")
+ # 4. Enable DS instances:
+ # when enabling DS instances we'll also do configure /etc/sysconfig/dirsrv.systemd
+ # which comes with 389-ds-base-1.2.10-0.8.a7 on F-16 and later. This is handled in
+ # fedora16 platform code
+ realm = config.config.default_realm.upper().replace('.','-')
+ print " Re-enable Directory server instances PKI-IPA and %s " % (realm)
+ if os.path.exists('/etc/systemd/system/dirsrv@.service'):
+ os.unlink('/etc/systemd/system/dirsrv@.service')
+ ipaservices.knownservices.dirsrv.enable(realm)
+ ipaservices.knownservices.dirsrv.enable("PKI-IPA")
+ # 4. Enable FreeIPA
+ print " Re-enable IPA service"
+ ipaservices.knownservices.ipa.enable()
+except:
+ pass
+
+finally:
+ print "Finished."
diff --git a/ipapython/platform/fedora16.py b/ipapython/platform/fedora16.py
index 0e476928e45be69e4aa09c5183070924a00b1269..369a1778b512fea6119e8e0f600ffda26739eb30 100644
--- a/ipapython/platform/fedora16.py
+++ b/ipapython/platform/fedora16.py
@@ -59,24 +59,24 @@ class Fedora16Service(systemd.SystemdService):
super(Fedora16Service, self).__init__(service_name)
# Special handling of directory server service
-# LimitNOFILE needs to be increased or any value set in the directory for this value will fail
-# Read /lib/systemd/system/dirsrv@.service for details.
-# We do modification of LimitNOFILE on service.enable() but we also need to explicitly enable instances
-# to install proper symlinks as dirsrv.target.wants/ dependencies. Unfortunately, ipa-server-install
-# does not do explicit dirsrv.enable() because the service startup is handled by ipactl.
+#
+# We need to explicitly enable instances to install proper symlinks as dirsrv.target.wants/
+# dependencies. Standard systemd service class does it on #enable() method call. Unfortunately,
+# ipa-server-install does not do explicit dirsrv.enable() because the service startup is handled by ipactl.
+#
# If we wouldn't do this, our instances will not be started as systemd would not have any clue
# about instances (PKI-IPA and the domain we serve) at all. Thus, hook into dirsrv.restart().
class Fedora16DirectoryService(Fedora16Service):
def enable(self, instance_name=""):
super(Fedora16DirectoryService, self).enable(instance_name)
- srv_etc = os.path.join(self.SYSTEMD_ETC_PATH, self.service_name)
- if os.path.exists(srv_etc):
+ dirsrv_systemd = "/etc/sysconfig/dirsrv.systemd"
+ if os.path.exists(dirsrv_systemd):
# We need to enable LimitNOFILE=8192 in the dirsrv@.service
- # We rely on the fact that [Service] section is the last one
- # and if variable is not there, it will be added as the last line
+ # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the service parameters is performed
+ # via /etc/sysconfig/dirsrv.systemd file which is imported by systemd into dirsrv@.service unit
replacevars = {'LimitNOFILE':'8192'}
- ipautil.config_replace_variables(srv_etc, replacevars=replacevars)
- redhat.restore_context(srv_etc)
+ ipautil.inifile_replace_variables(dirsrv_systemd, 'service', replacevars=replacevars)
+ redhat.restore_context(dirsrv_systemd)
ipautil.run(["/bin/systemctl", "--system", "daemon-reload"],raiseonerr=False)
def restart(self, instance_name="", capture_output=True):
diff --git a/ipapython/platform/systemd.py b/ipapython/platform/systemd.py
index 3f1fe730ebab4c0636f8c9d8d83d956da307b92b..ae06c0227aa59a46b2d4df024fc87577b8bbab29 100644
--- a/ipapython/platform/systemd.py
+++ b/ipapython/platform/systemd.py
@@ -137,16 +137,12 @@ class SystemdService(base.PlatformService):
if len(instance_name) > 0 and l > 1:
# New instance, we need to do following:
- # 1. Copy <service>@.service to /etc/systemd/system/ if it is not there
- # 2. Make /etc/systemd/system/<service>.target.wants/ if it is not there
- # 3. Link /etc/systemd/system/<service>.target.wants/<service>@<instance_name>.service to
- # /etc/systemd/system/<service>@.service
- srv_etc = os.path.join(self.SYSTEMD_ETC_PATH, self.service_name)
+ # 1. Make /etc/systemd/system/<service>.target.wants/ if it is not there
+ # 2. Link /etc/systemd/system/<service>.target.wants/<service>@<instance_name>.service to
+ # /lib/systemd/system/<service>@.service
srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0]))
srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name))
try:
- if not ipautil.file_exists(srv_etc):
- shutil.copy(self.lib_path, srv_etc)
if not ipautil.dir_exists(srv_tgt):
os.mkdir(srv_tgt)
if os.path.exists(srv_lnk):
@@ -156,11 +152,11 @@ class SystemdService(base.PlatformService):
# object does not exist _or_ is a broken link
if not os.path.islink(srv_lnk):
# if it truly does not exist, make a link
- os.symlink(srv_etc, srv_lnk)
+ os.symlink(self.lib_path, srv_lnk)
else:
# Link exists and it is broken, make new one
os.unlink(srv_lnk)
- os.symlink(srv_etc, srv_lnk)
+ os.symlink(self.lib_path, srv_lnk)
ipautil.run(["/bin/systemctl", "--system", "daemon-reload"])
except:
pass
@@ -172,7 +168,7 @@ class SystemdService(base.PlatformService):
if instance_name != "" and len(elements) > 1:
# Remove instance, we need to do following:
# Remove link from /etc/systemd/system/<service>.target.wants/<service>@<instance_name>.service
- # to /etc/systemd/system/<service>@.service
+ # to /lib/systemd/system/<service>@.service
srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0]))
srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name))
try:
--
1.7.8.3

33
freeipa-2.1.90-shellescape.patch
View File

@ -1,33 +0,0 @@
From 3bce02b17edfbdf90ecdac2f9643e28eb20a170a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 13 Mar 2012 21:53:06 -0400
Subject: [PATCH] No longer shell escape the DM password when calling
pkisilent.
pkisilent was modified to handle escaping characters itself in
BZ https://bugzilla.redhat.com/show_bug.cgi?id=769388
This removes the workaround from ticket 1636.
https://fedorahosted.org/freeipa/ticket/2529
---
ipaserver/install/cainstance.py | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 6012ae1c7a00a87522fc0778f2cb355a3924d805..894e1951fa0c6f1a0f235cce0520c275724f227d 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -659,9 +659,6 @@ class CAInstance(service.Service):
args.append("-clone")
args.append("false")
- # pkisilent does not escape the arguments before passing them to shell
- args[2:] = [ipautil.shell_quote(i) for i in args[2:]]
-
# Define the things we don't want logged
nolog = (self.admin_password, self.dm_password,)
--
1.7.6

33
freeipa-2.9.90-samba4-beta4.patch
View File

@ -1,33 +0,0 @@
commit 61b2f0a5d066a14e22033ff9815a712716f12a96
Author: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed Jul 18 15:52:33 2012 +0300
Follow change in samba4 beta4 for sid_check_is_domain to sid_check_is_our_sam
With c43505b621725c9a754f0ee98318d451b093f2ed in samba git master
the function sid_check_is_domain() was renamed to sid_check_is_our_sam().
https://fedorahosted.org/freeipa/ticket/2929
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 86ed3fb..ab4b116 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -83,6 +83,8 @@ enum ndr_err_code ndr_pull_trustAuthInOutBlob(struct ndr_pull *ndr, int ndr_flag
bool fetch_ldap_pw(char **dn, char** pw); /* available in libpdb.so */
void nt_lm_owf_gen(const char *pwd, uint8_t nt_p16[16], uint8_t p16[16]); /* available in libcliauth.so */
bool sid_check_is_builtin(const struct dom_sid *sid); /* available in libpdb.so */
+/* available in libpdb.so, renamed from sid_check_is_domain() in c43505b621725c9a754f0ee98318d451b093f2ed */
+bool sid_check_is_our_sam(const struct dom_sid *sid);
void strlower_m(char *s); /* available in libutil_str.so */
char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...); /* available in libutil_str.so */
void sid_copy(struct dom_sid *dst, const struct dom_sid *src); /* available in libsecurity.so */
@@ -300,7 +302,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
}
if (!sid_check_is_builtin(domain_sid) &&
- !sid_check_is_domain(domain_sid)) {
+ !sid_check_is_our_sam(domain_sid)) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
}

131
freeipa.spec
View File

@ -15,14 +15,97 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
Name: freeipa
Version: 3.0.0
Release: 0.2%{?dist}
Release: 0.3%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
License: GPLv3+
URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
Patch0: freeipa-2.9.90-samba4-beta4.patch
Source1: ui-bg_flat_8_225314_40x100.png
Source2: ui-bg_glass_40_5e5e5e_1x400.png
Source3: ui-icons_ededed_256x240.png
Source4: ui-icons_ffcf29_256x240.png
Patch0: freeipa-3.0.0.pre1-000-centralize-timeout-for-waiting-for-servers-to-start.patch
Patch1: freeipa-3.0.0.pre1-001-ipasam-improve-sasl-bind-callback.patch
Patch2: freeipa-3.0.0.pre1-002-allow-silent-build-if-available.patch
Patch3: freeipa-3.0.0.pre1-003-ipasam-fixes-for-clang-warnings.patch
Patch4: freeipa-3.0.0.pre1-004-ipasam-replace-testing-code.patch
Patch5: freeipa-3.0.0.pre1-005-use-smb.conf-dedicated-keytab-file-parameter-instead.patch
Patch6: freeipa-3.0.0.pre1-006-reduce-redundant-checks-in-ldapsam_search_users-to-a.patch
Patch7: freeipa-3.0.0.pre1-007-moved-configuration-to-last-position-in-navigation.patch
Patch8: freeipa-3.0.0.pre1-008-fix-wrong-check-after-allocation.patch
Patch9: freeipa-3.0.0.pre1-009-fix-typo.patch
Patch10: freeipa-3.0.0.pre1-010-do-not-change-ldapobject-objectclass-list.patch
Patch11: freeipa-3.0.0.pre1-011-make-client-server-option-multi-valued-allow-disabli.patch
Patch12: freeipa-3.0.0.pre1-012-display-loginas-information-only-after-login.patch
Patch13: freeipa-3.0.0.pre1-013-password-policy-measurement-units.patch
Patch14: freeipa-3.0.0.pre1-014-web-ui-kerberos-ticket-policy-measurement-units.patch
Patch15: freeipa-3.0.0.pre1-015-indirect-roles-in-webui.patch
Patch16: freeipa-3.0.0.pre1-016-fix-batch-command-error-reporting.patch
Patch17: freeipa-3.0.0.pre1-017-fix-wrong-option-name-in-ipa-managed-entries-man-pag.patch
Patch18: freeipa-3.0.0.pre1-018-add-and-remove-dns-per-domain-permission-in-web-ui.patch
Patch19: freeipa-3.0.0.pre1-019-add-automount-map-key-update-permissions.patch
Patch20: freeipa-3.0.0.pre1-020-adding-exit-status-3-4-to-ipa-client-install-man-pag.patch
Patch21: freeipa-3.0.0.pre1-021-fix-ipa-managed-entries-man-page-typo.patch
Patch22: freeipa-3.0.0.pre1-022-improve-address-family-handling-in-sockets.patch
Patch23: freeipa-3.0.0.pre1-023-enable-soa-serial-autoincrement.patch
Patch24: freeipa-3.0.0.pre1-024-add-range-mod-command.patch
Patch25: freeipa-3.0.0.pre1-025-warn-user-if-an-id-range-with-incorrect-size-was-cre.patch
Patch26: freeipa-3.0.0.pre1-026-print-ipa-ldap-updater-errors-during-rpm-upgrade.patch
Patch27: freeipa-3.0.0.pre1-027-enforce-cname-constrains-for-dns-commands.patch
Patch28: freeipa-3.0.0.pre1-028-differentiation-of-widget-type-and-text_widget-input.patch
Patch29: freeipa-3.0.0.pre1-029-fixed-display-of-attributes_widget-in-ie9.patch
Patch30: freeipa-3.0.0.pre1-030-bigger-textarea-for-permission-type-subtree.patch
Patch31: freeipa-3.0.0.pre1-031-ipalib-plugins-trust.py-validationerror-takes-error-.patch
Patch32: freeipa-3.0.0.pre1-032-handle-various-forms-of-admin-accounts-when-establis.patch
Patch33: freeipa-3.0.0.pre1-033-follow-change-in-samba4-beta4-for-sid_check_is_domai.patch
Patch34: freeipa-3.0.0.pre1-034-don-t-hardcode-serial_autoincrement-to-true.patch
Patch35: freeipa-3.0.0.pre1-035-fix-safety-checks-to-prevent-orphaning-replicas.patch
Patch36: freeipa-3.0.0.pre1-036-fix-detection-of-deleted-masters.patch
Patch37: freeipa-3.0.0.pre1-037-support-per-principal-sessions-and-handle-session-up.patch
Patch38: freeipa-3.0.0.pre1-038-fix-updating-minimum_connections-in-ipa-upgradeconfi.patch
Patch39: freeipa-3.0.0.pre1-039-default-to-no-when-trying-trying-to-install-a-replic.patch
Patch40: freeipa-3.0.0.pre1-040-framework-for-admin-install-tools-with-ipa-ldap-upda.patch
Patch41: freeipa-3.0.0.pre1-041-add-libtalloc-devel-as-spec-file-buildrequire.patch
Patch42: freeipa-3.0.0.pre1-042-ids-and-names-for-dialogs.patch
Patch43: freeipa-3.0.0.pre1-043-fix-autoscroll-to-top-in-tables-in-ie.patch
Patch44: freeipa-3.0.0.pre1-044-rework-task-naming-in-ldap-updates-to-avoid-conflict.patch
Patch45: freeipa-3.0.0.pre1-045-arrange-stripping-.po-files.patch
Patch46: freeipa-3.0.0.pre1-046-add-all-external-samba-libraries-to-buildrequires.patch
Patch47: freeipa-3.0.0.pre1-047-do-not-check-for-dna-magic-values.patch
Patch48: freeipa-3.0.0.pre1-048-fix-validator-for-selinux-user-map-settings-in-confi.patch
Patch49: freeipa-3.0.0.pre1-049-use-certmonger-to-renew-ca-subsystem-certificates.patch
Patch50: freeipa-3.0.0.pre1-050-move-code-into-common-krb5-utils.patch
Patch51: freeipa-3.0.0.pre1-051-improve-loops-around-slapi-mods.patch
Patch52: freeipa-3.0.0.pre1-052-add-special-modify-op-to-regen-ipanthash.patch
Patch53: freeipa-3.0.0.pre1-053-when-ipanthash-is-missing-ask-ipa-to-generate-it-fro.patch
Patch54: freeipa-3.0.0.pre1-054-update-translations.patch
Patch55: freeipa-3.0.0.pre1-055-ensure-ipa-adtrust-install-is-run-with-kerberos-tick.patch
Patch56: freeipa-3.0.0.pre1-056-fixed-unable-to-select-option-in-combobox-in-ie-and-.patch
Patch57: freeipa-3.0.0.pre1-057-fixed-combobox-stacking-in-service-adder-dialog.patch
Patch58: freeipa-3.0.0.pre1-058-add-per-service-option-to-store-the-types-of-pac-it-.patch
Patch59: freeipa-3.0.0.pre1-059-pac-type-options-for-services-in-web-ui.patch
Patch60: freeipa-3.0.0.pre1-060-update-to-jquery.1.7.2.min.patch
Patch61: freeipa-3.0.0.pre1-061-update-to-jquery-ui-1.8.21.custom.patch
Patch62: freeipa-3.0.0.pre1-062-fix-for-incorrect-event-handler-definition.patch
Patch63: freeipa-3.0.0.pre1-063-removal-of-unnecessary-overrides-of-jquery-ui-styles.patch
Patch64: freeipa-3.0.0.pre1-064-unified-buttons.patch
Patch65: freeipa-3.0.0.pre1-065-web-ui-tests-fix.patch
Patch66: freeipa-3.0.0.pre1-066-fixed-incorrect-use-of-jquery.attr-for-setting-disab.patch
Patch67: freeipa-3.0.0.pre1-067-replace-use-of-attr-with-prop-for-booleans.patch
Patch68: freeipa-3.0.0.pre1-068-avoid-redundant-info-message-during-rpm-update.patch
Patch69: freeipa-3.0.0.pre1-069-bump-bind-dyndb-ldap-version-for-f18.patch
Patch70: freeipa-3.0.0.pre1-070-move-mspac-structure-to-be-a-private-pointer.patch
Patch71: freeipa-3.0.0.pre1-071-load-list-of-trusted-domain-on-connecting-to-ldap.patch
Patch72: freeipa-3.0.0.pre1-072-properly-name-function-to-add-ipa-external-groups.patch
Patch73: freeipa-3.0.0.pre1-073-split-out-manipulation-of-logon_info-blob.patch
Patch74: freeipa-3.0.0.pre1-074-add-pac-filtering.patch
Patch75: freeipa-3.0.0.pre1-075-add-set-add-del-attr-options-to-commands-which-are-m.patch
Patch76: freeipa-3.0.0.pre1-076-handle-exceptions-when-establishing-trusts.patch
Patch77: freeipa-3.0.0.pre1-077-create-etc-sysconfig-network-if-it-doesn-t-exist.patch
Patch78: freeipa-3.0.0.pre1-078-make-set-add-del-attr-more-robust.patch
Patch79: freeipa-3.0.0.pre1-079-adds-check-for-ipa-join.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT}
@ -33,6 +116,8 @@ BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
BuildRequires: systemd-units
BuildRequires: samba4-devel >= 4.0.0-128
BuildRequires: samba4-python
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
%endif
BuildRequires: nspr-devel
BuildRequires: nss-devel
@ -125,7 +210,7 @@ Requires: keyutils
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
# that work for us.
Conflicts: bind-dyndb-ldap < 1.1.0-0.12.rc1
Conflicts: bind-dyndb-ldap < 1.1.0-0.15.rc1
Conflicts: bind < 9.9.1-2.P1
# mod_proxy provides a single API to communicate over SSL. If mod_ssl
@ -189,7 +274,7 @@ Requires: wget
Requires: libcurl
Requires: xmlrpc-c
Requires: sssd >= 1.8.0
Requires: certmonger >= 0.53
Requires: certmonger >= 0.58
Requires: nss-tools
Requires: bind-utils
Requires: oddjob-mkhomedir
@ -253,8 +338,37 @@ package.
%prep
# Update timestamps on the files touched by a patch, to avoid non-equal
# .pyc/.pyo files across the multilib peers within a build, where "Level"
# is the patch prefix option (e.g. -p1)
# Taken from specfile for sssd and python-simplejson
UpdateTimestamps() {
Level=$1
PatchFile=$2
# Locate the affected files:
for f in $(diffstat $Level -l $PatchFile); do
# Set the files to have the same timestamp as that of the patch:
touch -r $PatchFile $f
done
}
%setup -n freeipa-%{VERSION} -q
%patch0 -p1
for p in %patches ; do
%__patch -p1 -i $p
UpdateTimestamps -p1 $p
done
#FIXME: patch program does not seem to handle binary files in patch
# freeipa-3.0.0.pre1-061-update-to-jquery-ui-1.8.21.custom.patch
# well. Apply them manually
cp %{SOURCE1} install/ui/images
cp %{SOURCE2} install/ui/images
cp %{SOURCE3} install/ui/images
cp %{SOURCE4} install/ui/images
rm install/ui/images/ui-bg_glass_40_111111_1x400.png
rm install/ui/images/ui-bg_loop_8_333333_21x21.png
%build
export CFLAGS="$CFLAGS %{optflags}"
@ -394,7 +508,7 @@ fi
%posttrans server
# This must be run in posttrans so that updates from previous
# execution that may no longer be shipped are not applied.
/usr/sbin/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
/usr/sbin/ipa-ldap-updater --upgrade >/dev/null || :
%preun server
if [ $1 = 0 ]; then
@ -474,6 +588,7 @@ fi
%{_sbindir}/ipactl
%{_sbindir}/ipa-upgradeconfig
%{_sbindir}/ipa-compliance
%{_libexecdir}/certmonger/dogtag-ipa-retrieve-agent-submit
%{_sysconfdir}/cron.d/ipa-compliance
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
@ -529,6 +644,7 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
%{_usr}/share/ipa/ca_renewal
%{_usr}/share/ipa/ipa.conf
%{_usr}/share/ipa/ipa-rewrite.conf
%{_usr}/share/ipa/ipa-pki-proxy.conf
@ -639,6 +755,9 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
* Mon Aug 6 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-0.3
- Updated to current upstream state of 3.0.0 beta 2 development
* Mon Jul 23 2012 Alexander Bokovoy <abokovy@redhat.com> - 3.0.0-0.2
- Rebuild against samba4 beta4

BIN
ui-bg_flat_8_225314_40x100.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 214 B

BIN
ui-bg_glass_40_5e5e5e_1x400.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 115 B

BIN
ui-icons_ededed_256x240.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB

BIN
ui-icons_ffcf29_256x240.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.2 KiB