4.6.0-1: rebase to upstream 4.6.0

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
2017-09-04 12:01:19 +02:00 · 2017-09-04 12:01:19 +02:00 · 4403f2b6fc
commit 4403f2b6fc
parent a8d1e96588
4 changed files with 182 additions and 80 deletions
--- a/.gitignore
+++ b/.gitignore
@ -55,3 +55,5 @@
 /freeipa-4.5.2.tar.gz.asc
 /freeipa-4.5.3.tar.gz
 /freeipa-4.5.3.tar.gz.asc
+/freeipa-4.6.0.tar.gz
+/freeipa-4.6.0.tar.gz.asc
--- a/0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
+++ b/0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
@ -1,6 +1,6 @@
-From 3c106c400b9946405289fc5f6b57a76d08667b50 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Thu, 1 Sep 2016 17:04:06 +0300
+From 18692deb9a1ceffe5b4bc5c1b470f7c3e6159a9d Mon Sep 17 00:00:00 2001
+From: Tomas Krizek <tkrizek@redhat.com>
+Date: Mon, 4 Sep 2017 13:46:47 +0200
 Subject: [PATCH] Workarounds for SELinux execmem violations in cryptography

 pki.client no longer tries to use PyOpenSSL instead of Python's ssl
@ -17,18 +17,20 @@ code from urllib3's contrib directory. The import of PyOpenSSL is
 enough to trigger the SELinux denial.

 A hack in wsgi.py prevents the import by raising an ImportError.
+
+Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 ---
- install/share/wsgi.py | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
+ install/share/wsgi.py | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)

 diff --git a/install/share/wsgi.py b/install/share/wsgi.py
-index ee9311e..bb201fa 100644
+index e263b8117fe7e6817cb0b6d87c6e6b0c34a9f5e8..fed11572308b9dbefdf1fa2e7f72395230e9dff8 100644
 --- a/install/share/wsgi.py
 +++ b/install/share/wsgi.py
-@@ -23,6 +23,20 @@
- """
- WSGI appliction for IPA server.
+@@ -25,6 +25,19 @@ WSGI appliction for IPA server.
 """
+ import logging
+ import os
 +import sys
 +
 +# Some dependencies like Dogtag's pki.client library and custodia use
@ -42,10 +44,9 @@ index ee9311e..bb201fa 100644
 +# This hack prevents the import by raising an ImportError.
 +
 +sys.modules['requests.packages.urllib3.contrib.pyopenssl'] = None
-+
+ 
 from ipaplatform.paths import paths
 from ipalib import api
- from ipalib.config import Env
 -- 
-2.7.4
+2.13.3

--- a/freeipa.spec
+++ b/freeipa.spec
@ -17,11 +17,13 @@
    %global with_ipatests_option --without-ipatests
 %endif

+%if 0%{!?with_python3:1}
 %if 0%{?rhel}
 %global with_python3 0
 %else
 %global with_python3 1
 %endif
+%endif

 # lint is not executed during rpmbuild
 # %%global with_lint 1
@ -31,9 +33,6 @@
    %global linter_options --disable-pylint --without-jslint
 %endif

-# Python wheel support and PyPI packages
-%global with_wheels 0
-
 %global alt_name ipa
 %if 0%{?rhel}
 # 1.15.1-7: certauth (http://krbdev.mit.edu/rt/Ticket/Display.html?id=8561)
@ -63,13 +62,13 @@
 %global etc_systemd_dir %{_sysconfdir}/systemd/system
 %global gettext_domain ipa

-%global VERSION 4.5.3
+%global VERSION 4.6.0

 %define _hardened_build 1

 Name:           freeipa
 Version:        %{VERSION}
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        The Identity, Policy and Audit system

 Group:          System Environment/Base
@ -135,23 +134,26 @@ BuildRequires:  python-lesscpy
 # makeapi/makeaci is using Python 2 only for now
 #
 BuildRequires:  python-ldap
-BuildRequires:  python-nss
 BuildRequires:  m2crypto
 BuildRequires:  python-netaddr
-BuildRequires:  python-pyasn1
-BuildRequires:  python-pyasn1-modules
-BuildRequires:  python-dns
+BuildRequires:  python2-pyasn1
+BuildRequires:  python2-pyasn1-modules
+BuildRequires:  python2-dns
 BuildRequires:  python-six
-BuildRequires:  python-libsss_nss_idmap
-BuildRequires:  python-cffi
+BuildRequires:  python2-libsss_nss_idmap
+BuildRequires:  python2-cffi

 #
 # Build dependencies for wheel packaging and PyPI upload
 #
-%if 0%{with_wheels}
+%if 0%{?with_wheels}
+BuildRequires:  dbus-glib-devel
+BuildRequires:  libffi-devel
+BuildRequires:  python2-tox
 BuildRequires:  python2-twine
 BuildRequires:  python2-wheel
 %if 0%{?with_python3}
+BuildRequires:  python3-tox
 BuildRequires:  python3-twine
 BuildRequires:  python3-wheel
 %endif
@ -162,45 +164,50 @@ BuildRequires:  python3-wheel
 #
 %if 0%{?with_lint}
 BuildRequires:  samba-python
-# 1.4: the version where Certificate.serial changed to .serial_number
-BuildRequires:  python2-cryptography >= 1.4
+# 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
+BuildRequires:  python2-cryptography >= 1.6
 BuildRequires:  python-gssapi >= 1.2.0-5
+%if 0%{?fedora} >= 26
+BuildRequires:  python2-pylint
+%else
 BuildRequires:  pylint >= 1.6
+%endif
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
 BuildRequires:  python2-polib
-BuildRequires:  python-libipa_hbac
-BuildRequires:  python-lxml
+BuildRequires:  python2-libipa_hbac
+BuildRequires:  python2-lxml
 # 5.0.0: QRCode.print_ascii
 BuildRequires:  python-qrcode-core >= 5.0.0
 # 1.15: python-dns changed return type in to_text() method in PY3
-BuildRequires:  python-dns >= 1.15
+BuildRequires:  python2-dns >= 1.15
 BuildRequires:  jsl
-BuildRequires:  python-yubico
+BuildRequires:  python2-yubico
 # pki Python package
 BuildRequires:  pki-base-python2
 BuildRequires:  python-pytest-multihost
 BuildRequires:  python-pytest-sourceorder
-BuildRequires:  python-jwcrypto
+# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
+BuildRequires:  python-jwcrypto >= 0.4.2
 # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
 BuildRequires:  python2-custodia >= 0.3.1
 BuildRequires:  dbus-python
-BuildRequires:  python-dateutil
+BuildRequires:  python2-dateutil
 BuildRequires:  python-enum34
 BuildRequires:  python-netifaces
-BuildRequires:  python-sss
-BuildRequires:  python-sss-murmur
-BuildRequires:  python-sssdconfig
-BuildRequires:  python-nose
-BuildRequires:  python-paste
+BuildRequires:  python2-sss
+BuildRequires:  python2-sss-murmur
+BuildRequires:  python2-sssdconfig
+BuildRequires:  python2-nose
+BuildRequires:  python2-paste
 BuildRequires:  systemd-python
 BuildRequires:  python2-jinja2
-BuildRequires:  python-augeas
+BuildRequires:  python2-augeas

 %if 0%{?with_python3}
 # FIXME: this depedency is missing - server will not work
 #BuildRequires:  python3-samba
-# 1.4: the version where Certificate.serial changed to .serial_number
-BuildRequires:  python3-cryptography >= 1.4
+# 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
+BuildRequires:  python3-cryptography >= 1.6
 BuildRequires:  python3-gssapi >= 1.2.0
 BuildRequires:  python3-pylint >= 1.6
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
@ -217,7 +224,8 @@ BuildRequires:  python3-yubico
 BuildRequires:  pki-base-python3
 BuildRequires:  python3-pytest-multihost
 BuildRequires:  python3-pytest-sourceorder
-BuildRequires:  python3-jwcrypto
+# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
+BuildRequires:  python3-jwcrypto >= 0.4.2
 # 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
 BuildRequires:  python3-custodia >= 0.3.1
 BuildRequires:  python3-dbus
@ -233,6 +241,10 @@ BuildRequires:  python3-paste
 BuildRequires:  python3-systemd
 BuildRequires:  python3-jinja2
 BuildRequires:  python3-augeas
+BuildRequires:  python3-netaddr
+BuildRequires:  python3-pyasn1
+BuildRequires:  python3-pyasn1-modules
+BuildRequires:  python3-pyldap
 %endif # with_python3
 %endif # with_lint

@ -262,7 +274,11 @@ Group: System Environment/Base
 Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
+%if 0%{?with_python3}
+Requires: python3-ipaserver = %{version}-%{release}
+%else
 Requires: python2-ipaserver = %{version}-%{release}
+%endif
 Requires: 389-ds-base >= 1.3.5.14
 Requires: openldap-clients > 2.4.35-4
 Requires: nss >= 3.14.3-12.0
@ -273,7 +289,11 @@ Requires: krb5-pkinit-openssl >= %{krb5_version}
 Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: ntp
 Requires: httpd >= 2.4.6-31
+%if 0%{with_python3}
+Requires: python3-mod_wsgi
+%else
 Requires: mod_wsgi
+%endif
 Requires: mod_auth_gssapi >= 1.5.0
 # 1.0.14-3: https://bugzilla.redhat.com/show_bug.cgi?id=1431206
 Requires: mod_nss >= 1.0.14-3
@ -296,7 +316,8 @@ Requires(preun): python systemd-units
 Requires(postun): python systemd-units
 Requires: policycoreutils >= 2.1.12-5
 Requires: tar
-Requires(pre): certmonger >= 0.78
+# certmonger-0.79.4-2 fixes newlines in PEM files
+Requires(pre): certmonger >= 0.79.4-2
 Requires(pre): 389-ds-base >= 1.3.5.14
 Requires: fontawesome-fonts
 Requires: open-sans-fonts
@ -347,16 +368,16 @@ Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipaclient = %{version}-%{release}
 Requires: python2-custodia >= 0.3.1
 Requires: python-ldap >= 2.4.15
-Requires: python-lxml
+Requires: python2-lxml
 Requires: python-gssapi >= 1.2.0-5
-Requires: python-sssdconfig
-Requires: python-pyasn1
+Requires: python2-sssdconfig
+Requires: python2-pyasn1
 Requires: dbus-python
-Requires: python-dns >= 1.15
+Requires: python2-dns >= 1.15
 Requires: python-kdcproxy >= 0.3
 Requires: rpm-libs
 Requires: pki-base-python2
-Requires: python-augeas
+Requires: python2-augeas

 %description -n python2-ipaserver
 IPA is an integrated solution to provide centrally managed Identity (users,
@ -378,7 +399,8 @@ Requires: %{name}-server-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python3-ipaclient = %{version}-%{release}
 Requires: python3-custodia >= 0.3.1
-Requires: python3-pyldap >= 2.4.15
+# we need pre-requires since earlier versions may break upgrade
+Requires(pre): python3-pyldap >= 2.4.35.1-2
 Requires: python3-lxml
 Requires: python3-gssapi >= 1.2.0
 Requires: python3-sssdconfig
@ -434,6 +456,10 @@ Requires: bind-utils >= 9.11.0-6.P2
 Requires: bind-pkcs11 >= 9.11.0-6.P2
 Requires: bind-pkcs11-utils >= 9.11.0-6.P2
 Requires: opendnssec >= 1.4.6-4
+# Keep python2 dependencies until DNSSEC daemons are ported to Python 3
+Requires: python2
+Requires: python2-ipalib
+Requires: python2-ipaserver

 Provides: %{alt_name}-server-dns = %{version}
 Conflicts: %{alt_name}-server-dns
@ -484,7 +510,11 @@ Summary: IPA authentication for use on clients
 Group: System Environment/Base
 Requires: %{name}-client-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
+%if 0%{?with_python3}
+Requires: python3-ipaclient = %{version}-%{release}
+%else
 Requires: python2-ipaclient = %{version}-%{release}
+%endif
 Requires: python-ldap
 Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: ntp
@ -497,7 +527,8 @@ Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
 Requires: sssd >= 1.14.0
 Requires: python-sssdconfig
-Requires: certmonger >= 0.78
+# certmonger-0.79.4-2 fixes newlines in PEM files
+Requires: certmonger >= 0.79.4-2
 Requires: nss-tools
 Requires: bind-utils
 Requires: oddjob-mkhomedir
@ -539,7 +570,7 @@ BuildArch: noarch
 Requires: %{name}-client-common = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
 Requires: python2-ipalib = %{version}-%{release}
-Requires: python-dns >= 1.15
+Requires: python2-dns >= 1.15
 Requires: python2-jinja2

 %description -n python2-ipaclient
@ -603,7 +634,11 @@ BuildArch: noarch
 Obsoletes: %{name}-python < 4.2.91
 Provides: %{name}-python = %{version}-%{release}
 Requires: %{name}-common = %{version}-%{release}
+%if 0%{?with_python3}
+Requires: python3-ipalib = %{version}-%{release}
+%else
 Requires: python2-ipalib = %{version}-%{release}
+%endif

 Provides: %{alt_name}-python-compat = %{version}
 Conflicts: %{alt_name}-python-compat
@ -643,25 +678,25 @@ Requires: gnupg
 Requires: keyutils
 Requires: pyOpenSSL
 Requires: python >= 2.7.9
-Requires: python-nss >= 0.16
 Requires: m2crypto
-Requires: python2-cryptography >= 1.4
+Requires: python2-cryptography >= 1.6
 Requires: python-netaddr >= %{python_netaddr_version}
-Requires: python-libipa_hbac
+Requires: python2-libipa_hbac
 Requires: python-qrcode-core >= 5.0.0
-Requires: python-pyasn1
-Requires: python-pyasn1-modules
-Requires: python-dateutil
-Requires: python-yubico >= 1.2.3
-Requires: python-sss-murmur
+Requires: python2-pyasn1
+Requires: python2-pyasn1-modules
+Requires: python2-dateutil
+Requires: python2-yubico >= 1.2.3
+Requires: python2-sss-murmur
 Requires: dbus-python
-Requires: python-setuptools
+Requires: python2-setuptools
 Requires: python-six
-Requires: python-jwcrypto
-Requires: python-cffi
+# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
+Requires: python-jwcrypto >= 0.4.2
+Requires: python2-cffi
 Requires: python-ldap >= 2.4.15
-Requires: python-requests
-Requires: python-dns >= 1.15
+Requires: python2-requests
+Requires: python2-dns >= 1.15
 Requires: python-enum34
 Requires: python-netifaces >= 0.10.4
 Requires: pyusb
@ -693,22 +728,24 @@ Requires: python3-gssapi >= 1.2.0
 Requires: gnupg
 Requires: keyutils
 Requires: python3-pyOpenSSL
-Requires: python3-nss >= 0.16
-Requires: python3-cryptography >= 1.4
+Requires: python3-cryptography >= 1.6
 Requires: python3-netaddr >= %{python_netaddr_version}
 Requires: python3-libipa_hbac
 Requires: python3-qrcode-core >= 5.0.0
 Requires: python3-pyasn1
 Requires: python3-pyasn1-modules
 Requires: python3-dateutil
-Requires: python3-yubico >= 1.2.3
+# fixes searching for yubikeys in python3
+Requires: python3-yubico >= 1.3.2-7
 Requires: python3-sss-murmur
 Requires: python3-dbus
 Requires: python3-setuptools
 Requires: python3-six
-Requires: python3-jwcrypto
+# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
+Requires: python3-jwcrypto >= 0.4.2
 Requires: python3-cffi
-Requires: python3-pyldap >= 2.4.15
+# we need pre-requires since earlier versions may break upgrade
+Requires(pre): python3-pyldap >= 2.4.35.1-2
 Requires: python3-requests
 Requires: python3-dns >= 1.15
 Requires: python3-netifaces >= 0.10.4
@ -759,17 +796,18 @@ Requires: python2-ipaclient = %{version}-%{release}
 Requires: python2-ipaserver = %{version}-%{release}
 Requires: tar
 Requires: xz
-Requires: python-nose
+Requires: python2-nose
 Requires: pytest >= 2.6
-Requires: python-paste
-Requires: python-coverage
+Requires: python2-paste
+Requires: python2-coverage
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
 Requires: python2-polib
 Requires: python-pytest-multihost >= 0.5
 Requires: python-pytest-sourceorder
 Requires: ldns-utils
-Requires: python-sssdconfig
-Requires: python2-cryptography >= 1.4
+Requires: python2-sssdconfig
+Requires: python2-cryptography >= 1.6
+Requires: iptables

 Provides: %{alt_name}-tests = %{version}
 Conflicts: %{alt_name}-tests
@ -791,8 +829,7 @@ Summary: IPA tests and test tools
 BuildArch: noarch
 %{?python_provide:%python_provide python3-ipatests}
 Requires: python3-ipaclient = %{version}-%{release}
-# FIXME: uncomment once there's python3-ipaserver
-#Requires: python3-ipaserver = %{version}-%{release}
+Requires: python3-ipaserver = %{version}-%{release}
 Requires: tar
 Requires: xz
 Requires: python3-nose
@ -803,7 +840,8 @@ Requires: python3-pytest-multihost >= 0.5
 Requires: python3-pytest-sourceorder
 Requires: ldns-utils
 Requires: python3-sssdconfig
-Requires: python3-cryptography >= 1.4
+Requires: python3-cryptography >= 1.6
+Requires: iptables

 %description -n python3-ipatests
 IPA is an integrated solution to provide centrally managed Identity (users,
@ -864,6 +902,61 @@ find \
   ! -name '*.pyo' -a \
   -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
   -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
+
+%if 0%{?with_python3}
+# TODO: temporary solution until all scripts are ported to python3,
+# TODO: workaround: some scripts are copied over, so the are always py2.
+# We have to explicitly set python3 here for ported files here
+PY3_SUBST_PATHS='
+client/ipa-certupdate
+client/ipa-client-automount
+client/ipa-client-install
+daemons/ipa-otpd/test.py
+install/certmonger/ipa-server-guard
+install/certmonger/dogtag-ipa-ca-renew-agent-submit
+install/oddjob/com.redhat.idm.trust-fetch-domains
+install/restart_scripts/renew_ra_cert_pre
+install/restart_scripts/renew_ca_cert
+install/restart_scripts/renew_ra_cert
+install/restart_scripts/restart_httpd
+install/restart_scripts/renew_kdc_cert
+install/restart_scripts/stop_pkicad
+install/restart_scripts/restart_dirsrv
+install/tools/ipa-advise
+install/tools/ipa-adtrust-install
+install/tools/ipa-backup
+install/tools/ipa-ca-install
+install/tools/ipa-cacert-manage
+install/tools/ipa-compat-manage
+install/tools/ipa-csreplica-manage
+install/tools/ipa-custodia
+install/tools/ipa-dns-install
+install/tools/ipa-httpd-kdcproxy
+install/tools/ipa-kra-install
+install/tools/ipa-ldap-updater
+install/tools/ipa-managed-entries
+install/tools/ipa-nis-manage
+install/tools/ipa-otptoken-import
+install/tools/ipa-pkinit-manage
+install/tools/ipa-pki-retrieve-key
+install/tools/ipa-replica-conncheck
+install/tools/ipa-replica-install
+install/tools/ipa-replica-manage
+install/tools/ipa-replica-prepare
+install/tools/ipa-restore
+install/tools/ipa-server-certinstall
+install/tools/ipa-server-install
+install/tools/ipa-server-upgrade
+install/tools/ipa-winsync-migrate
+install/tools/ipactl
+ipa
+'
+for P in $PY3_SUBST_PATHS; do
+    sed -i -e '1 s|^#!\s\?.*\bpython[0-9]*|#!%{__python3}|' $P
+done;
+
+%endif # with_python3
+
 %configure --with-vendor-suffix=-%{release} \
           %{enable_server_option} \
           %{with_ipatests_option} \
@ -1030,6 +1123,7 @@ fi
 /bin/systemctl reload-or-try-restart dbus
 /bin/systemctl reload-or-try-restart oddjobd

+%tmpfiles_create ipa.conf

 %posttrans server
 # don't execute upgrade and restart of IPA when server is not installed
@ -1236,7 +1330,6 @@ fi
 %attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf
 %config(noreplace) %{_sysconfdir}/oddjobd.conf.d/ipa-server.conf
-%config(noreplace) %{_sysconfdir}/krb5.conf.d/ipa-certauth
 %dir %{_libexecdir}/ipa/certmonger
 %attr(755,root,root) %{_libexecdir}/ipa/certmonger/*
 # NOTE: systemd specific section
@ -1317,19 +1410,22 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
 %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
+# NOTE: systemd specific section
+%{_tmpfilesdir}/ipa.conf
 %attr(644,root,root) %{_unitdir}/ipa-custodia.service
 %ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf
 # END
 %dir %{_usr}/share/ipa
 %{_usr}/share/ipa/wsgi.py*
+%{_usr}/share/ipa/kdcproxy.wsgi
 %{_usr}/share/ipa/*.ldif
 %{_usr}/share/ipa/*.uldif
 %{_usr}/share/ipa/*.template
-%{_usr}/share/ipa/ipa.conf.tmpfiles
 %dir %{_usr}/share/ipa/advise
 %dir %{_usr}/share/ipa/advise/legacy
 %{_usr}/share/ipa/advise/legacy/*.template
 %dir %{_usr}/share/ipa/profiles
+%{_usr}/share/ipa/profiles/README
 %{_usr}/share/ipa/profiles/*.cfg
 %dir %{_usr}/share/ipa/html
 %{_usr}/share/ipa/html/ffconfig.js
@ -1614,6 +1710,9 @@ fi
 %endif # with_ipatests

 %changelog
+* Mon Sep 04 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.0-1
+- Rebase to upstream 4.6.0
+
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (freeipa-4.5.3.tar.gz) = 649b42a721b1bde6e8ebd5387bff171e9ea700005e3b2670129a25a6a5d1d81f6c6005375fb136d973706c0337f048c10fdd9913967035fa7f6ba766828dae42
-SHA512 (freeipa-4.5.3.tar.gz.asc) = 8eef3c911cc04c2d9fd15c840b71391a556ac6cd32d092af3424db303e2b933fc74db4600a4d491a14f636cd180975fd9157ece0e46f1502f0cdf81d097ef7e2
+SHA512 (freeipa-4.6.0.tar.gz) = 4719fb821b74b76b8159cf9866c386a265e7d821cec70f008c9cf4ad9df9ee9362ca058a59a323e1151660a29938c9c6eb928b922a355bdc49c8b72f33a5dd8f
+SHA512 (freeipa-4.6.0.tar.gz.asc) = 4bf540a36a8c667d1b130bfe6de54eed8d7fdc860089762c91f823af878af1e53acd2032f6fd1518c76e56ac39ca740875c85e81cf4bd41919498ce15333b26e