rpms/ipa
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream 4.4.1 release

Browse Source
This commit is contained in:
Alexander Bokovoy 2016-09-01 16:47:48 +03:00
parent 6b7ae28924
commit 47a0c67ac7
1 changed files with 75 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
freeipa.spec
View File

@ -1,4 +1,4 @@
# Define ONLY_CLIENT to only make the ipa-admintools, ipa-client and ipa-python # Define ONLY_CLIENT to only make the ipa-client and ipa-python
# subpackages # subpackages
%{!?ONLY_CLIENT:%global ONLY_CLIENT 0} %{!?ONLY_CLIENT:%global ONLY_CLIENT 0}
@ -13,10 +13,12 @@
%global samba_version 4.0.5-1 %global samba_version 4.0.5-1
%global samba_build_version %{samba_version} %global samba_build_version %{samba_version}
%global selinux_policy_version 3.12.1-153 %global selinux_policy_version 3.12.1-153
%global slapi_nis_version 0.56.0-4
%else %else
%global samba_version 2:4.3.1-1 %global samba_version 2:4.3.1-1
%global samba_build_version 2:4.2.1 %global samba_build_version 2:4.2.1
%global selinux_policy_version 3.13.1-158.4 %global selinux_policy_version 3.13.1-158.4
%global slapi_nis_version 0.56.1
%endif %endif
%define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+') %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
@ -30,13 +32,13 @@
%global platform_module fedora %global platform_module fedora
%endif %endif
%global VERSION 4.3.2 %global VERSION 4.4.1
%define _hardened_build 1 %define _hardened_build 1
Name: freeipa Name: freeipa
Version: %{VERSION} Version: %{VERSION}
Release: 2%{?dist} Release: 1%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
Group: System Environment/Base Group: System Environment/Base
@ -46,18 +48,14 @@ Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
Patch0002: 0002-DNS-server-upgrade-do-not-fail-when-DNS-server-did-n.patch
Patch0003: 0003-cert-revoke-fix-permission-check-bypass-CVE-2016-540.patch
Patch0004: 0004-ipa-kdb-Allow-to-build-with-samba-4.5.patch
%if ! %{ONLY_CLIENT} %if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.5 BuildRequires: 389-ds-base-devel >= 1.3.5.6
BuildRequires: svrcore-devel BuildRequires: svrcore-devel
BuildRequires: policycoreutils >= 2.1.12-5 BuildRequires: policycoreutils >= 2.1.12-5
BuildRequires: systemd-units BuildRequires: systemd-units
BuildRequires: samba-devel >= %{samba_build_version} BuildRequires: samba-devel >= %{samba_build_version}
BuildRequires: samba-python BuildRequires: samba-python
BuildRequires: libwbclient-devel
BuildRequires: libtalloc-devel BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel BuildRequires: libtevent-devel
%endif # ONLY_CLIENT %endif # ONLY_CLIENT
@ -87,7 +85,8 @@ BuildRequires: python-gssapi >= 1.1.2
BuildRequires: python-rhsm BuildRequires: python-rhsm
BuildRequires: pyOpenSSL BuildRequires: pyOpenSSL
BuildRequires: pylint >= 1.0 BuildRequires: pylint >= 1.0
BuildRequires: python-polib # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
BuildRequires: python2-polib
BuildRequires: python-libipa_hbac BuildRequires: python-libipa_hbac
BuildRequires: python-memcached BuildRequires: python-memcached
BuildRequires: python-lxml BuildRequires: python-lxml
@ -95,8 +94,9 @@ BuildRequires: python-pyasn1 >= 0.0.9a
BuildRequires: python-qrcode-core >= 5.0.0 BuildRequires: python-qrcode-core >= 5.0.0
BuildRequires: python-dns >= 1.11.1 BuildRequires: python-dns >= 1.11.1
BuildRequires: libsss_idmap-devel BuildRequires: libsss_idmap-devel
BuildRequires: libsss_nss_idmap-devel >= 1.12.2 BuildRequires: libsss_nss_idmap-devel >= 1.14.0
BuildRequires: java-headless BuildRequires: java-headless
BuildRequires: jsl
BuildRequires: rhino BuildRequires: rhino
BuildRequires: libverto-devel BuildRequires: libverto-devel
BuildRequires: systemd BuildRequires: systemd
@ -104,7 +104,7 @@ BuildRequires: libunistring-devel
BuildRequires: python-lesscpy BuildRequires: python-lesscpy
BuildRequires: python-yubico >= 1.2.3 BuildRequires: python-yubico >= 1.2.3
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: pki-base >= 10.2.6 BuildRequires: pki-base >= 10.3.3-3
BuildRequires: python-pytest-multihost >= 0.5 BuildRequires: python-pytest-multihost >= 0.5
BuildRequires: python-pytest-sourceorder BuildRequires: python-pytest-sourceorder
BuildRequires: python-kdcproxy >= 0.3 BuildRequires: python-kdcproxy >= 0.3
@ -113,6 +113,9 @@ BuildRequires: python-jwcrypto
BuildRequires: custodia BuildRequires: custodia
BuildRequires: libini_config-devel >= 1.2.0 BuildRequires: libini_config-devel >= 1.2.0
BuildRequires: dbus-python BuildRequires: dbus-python
BuildRequires: python-netifaces >= 0.10.4
BuildRequires: python-libsss_nss_idmap
BuildRequires: python-sss
# Build dependencies for unit tests # Build dependencies for unit tests
BuildRequires: libcmocka-devel BuildRequires: libcmocka-devel
@ -139,10 +142,9 @@ Summary: The IPA authentication server
Group: System Environment/Base Group: System Environment/Base
Requires: %{name}-server-common = %{version}-%{release} Requires: %{name}-server-common = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release} Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release}
Requires: python2-ipaserver = %{version}-%{release} Requires: python2-ipaserver = %{version}-%{release}
Requires: 389-ds-base >= 1.3.5 Requires: 389-ds-base >= 1.3.5.6
Requires: openldap-clients > 2.4.35-4 Requires: openldap-clients > 2.4.35-4
Requires: nss >= 3.14.3-12.0 Requires: nss >= 3.14.3-12.0
Requires: nss-tools >= 3.14.3-12.0 Requires: nss-tools >= 3.14.3-12.0
@ -150,7 +152,7 @@ Requires(post): krb5-server >= %{krb5_base_version}, krb5-server < %{krb5_base_v
Requires: krb5-pkinit-openssl Requires: krb5-pkinit-openssl
Requires: cyrus-sasl-gssapi%{?_isa} Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp Requires: ntp
Requires: httpd >= 2.4.6-6 Requires: httpd >= 2.4.6-31
Requires: mod_wsgi Requires: mod_wsgi
Requires: mod_auth_gssapi >= 1.4.0 Requires: mod_auth_gssapi >= 1.4.0
Requires: mod_nss >= 1.0.8-26 Requires: mod_nss >= 1.0.8-26
@ -165,16 +167,16 @@ Requires(pre): systemd-units
Requires(post): systemd-units Requires(post): systemd-units
Requires: selinux-policy >= %{selinux_policy_version} Requires: selinux-policy >= %{selinux_policy_version}
Requires(post): selinux-policy-base >= %{selinux_policy_version} Requires(post): selinux-policy-base >= %{selinux_policy_version}
Requires: slapi-nis >= 0.55-1 Requires: slapi-nis >= %{slapi_nis_version}
Requires: pki-ca >= 10.2.6-19 Requires: pki-ca >= 10.3.3-3
Requires: pki-kra >= 10.2.6-19 Requires: pki-kra >= 10.3.3-3
Requires(preun): python systemd-units Requires(preun): python systemd-units
Requires(postun): python systemd-units Requires(postun): python systemd-units
Requires: zip Requires: zip
Requires: policycoreutils >= 2.1.12-5 Requires: policycoreutils >= 2.1.12-5
Requires: tar Requires: tar
Requires(pre): certmonger >= 0.78 Requires(pre): certmonger >= 0.78
Requires(pre): 389-ds-base >= 1.3.5 Requires(pre): 389-ds-base >= 1.3.5.6
Requires: fontawesome-fonts Requires: fontawesome-fonts
Requires: open-sans-fonts Requires: open-sans-fonts
Requires: openssl Requires: openssl
@ -240,7 +242,7 @@ Summary: Common files used by IPA server
Group: System Environment/Base Group: System Environment/Base
BuildArch: noarch BuildArch: noarch
Requires: %{name}-client-common = %{version}-%{release} Requires: %{name}-client-common = %{version}-%{release}
Requires: httpd >= 2.4.6-6 Requires: httpd >= 2.4.6-31
Requires: systemd-units >= 38 Requires: systemd-units >= 38
Requires: custodia Requires: custodia
@ -262,7 +264,7 @@ Summary: IPA integrated DNS server with support for automatic DNSSEC signing
Group: System Environment/Base Group: System Environment/Base
BuildArch: noarch BuildArch: noarch
Requires: %{name}-server = %{version}-%{release} Requires: %{name}-server = %{version}-%{release}
Requires: bind-dyndb-ldap >= 6.0-4 Requires: bind-dyndb-ldap >= 10.0
%if 0%{?fedora} >= 21 %if 0%{?fedora} >= 21
Requires: bind >= 9.9.6-3 Requires: bind >= 9.9.6-3
Requires: bind-utils >= 9.9.6-3 Requires: bind-utils >= 9.9.6-3
@ -283,9 +285,6 @@ Obsoletes: %{alt_name}-server-dns < %{version}
# upgrade path from monolithic -server to -server + -server-dns # upgrade path from monolithic -server to -server + -server-dns
Obsoletes: %{name}-server <= 4.2.0 Obsoletes: %{name}-server <= 4.2.0
# FreeIPA does not support running integrated BIND in chroot jail
Conflicts: bind-chroot
%description server-dns %description server-dns
IPA integrated DNS server with support for automatic DNSSEC signing. IPA integrated DNS server with support for automatic DNSSEC signing.
Integrated DNS server is BIND 9. OpenDNSSEC provides key management. Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
@ -336,9 +335,11 @@ Requires: krb5-workstation
Requires: authconfig Requires: authconfig
Requires: pam_krb5 Requires: pam_krb5
Requires: curl Requires: curl
# NIS domain name config: /usr/lib/systemd/system/*-domainname.service
Requires: initscripts
Requires: libcurl >= 7.21.7-2 Requires: libcurl >= 7.21.7-2
Requires: xmlrpc-c >= 1.27.4 Requires: xmlrpc-c >= 1.27.4
Requires: sssd >= 1.13.3-5 Requires: sssd >= 1.14.0
Requires: python-sssdconfig Requires: python-sssdconfig
Requires: certmonger >= 0.78 Requires: certmonger >= 0.78
Requires: nss-tools Requires: nss-tools
@ -355,6 +356,13 @@ Provides: %{alt_name}-client = %{version}
Conflicts: %{alt_name}-client Conflicts: %{alt_name}-client
Obsoletes: %{alt_name}-client < %{version} Obsoletes: %{alt_name}-client < %{version}
Provides: %{alt_name}-admintools = %{version}
Conflicts: %{alt_name}-admintools
Obsoletes: %{alt_name}-admintools < 4.4.1
Obsoletes: %{name}-admintools < 4.4.1
Provides: %{name}-admintools = %{version}-%{release}
%description client %description client
IPA is an integrated solution to provide centrally managed Identity (users, IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization hosts, services), Authentication (SSO, 2FA), and Authorization
@ -363,6 +371,7 @@ features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts). and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be If your network uses IPA for authentication, this package should be
installed on every client machine. installed on every client machine.
This package provides command-line tools for IPA administrators.
%package -n python2-ipaclient %package -n python2-ipaclient
@ -374,7 +383,6 @@ Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release}
Requires: python2-ipalib = %{version}-%{release} Requires: python2-ipalib = %{version}-%{release}
Requires: python-dns >= 1.11.1 Requires: python-dns >= 1.11.1
Requires: pyusb
%description -n python2-ipaclient %description -n python2-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users, IPA is an integrated solution to provide centrally managed Identity (users,
@ -397,7 +405,6 @@ Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release}
Requires: python3-ipalib = %{version}-%{release} Requires: python3-ipalib = %{version}-%{release}
Requires: python3-dns >= 1.11.1 Requires: python3-dns >= 1.11.1
Requires: python3-pyusb
%description -n python3-ipaclient %description -n python3-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users, IPA is an integrated solution to provide centrally managed Identity (users,
@ -430,27 +437,6 @@ If your network uses IPA for authentication, this package should be
installed on every client machine. installed on every client machine.
%package admintools
Summary: IPA administrative tools
Group: System Environment/Base
BuildArch: noarch
Requires: %{name}-client-common = %{version}-%{release}
Requires: python2-ipalib = %{version}-%{release}
Requires: python-ldap
Provides: %{alt_name}-admintools = %{version}
Conflicts: %{alt_name}-admintools
Obsoletes: %{alt_name}-admintools < %{version}
%description admintools
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
This package provides command-line tools for IPA administrators.
%package python-compat %package python-compat
Summary: Compatiblity package for Python libraries used by IPA Summary: Compatiblity package for Python libraries used by IPA
Group: System Environment/Libraries Group: System Environment/Libraries
@ -483,7 +469,7 @@ python2-ipalib and %{name}-common. Packages still depending on
Summary: Python libraries used by IPA Summary: Python libraries used by IPA
Group: System Environment/Libraries Group: System Environment/Libraries
BuildArch: noarch BuildArch: noarch
Conflicts: %{name}-python < %{version}-%{release} Conflicts: %{name}-python < 4.2.91
%{?python_provide:%python_provide python2-ipalib} %{?python_provide:%python_provide python2-ipalib}
Provides: python2-ipapython = %{version}-%{release} Provides: python2-ipapython = %{version}-%{release}
%{?python_provide:%python_provide python2-ipapython} %{?python_provide:%python_provide python2-ipapython}
@ -492,7 +478,6 @@ Provides: python2-ipaplatform = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release}
Requires: python-gssapi >= 1.1.2 Requires: python-gssapi >= 1.1.2
Requires: gnupg Requires: gnupg
Requires: iproute
Requires: keyutils Requires: keyutils
Requires: pyOpenSSL Requires: pyOpenSSL
Requires: python-nss >= 0.16 Requires: python-nss >= 0.16
@ -506,12 +491,17 @@ Requires: python-pyasn1
Requires: python-dateutil Requires: python-dateutil
Requires: python-yubico >= 1.2.3 Requires: python-yubico >= 1.2.3
Requires: python-sss-murmur Requires: python-sss-murmur
Requires: curl
Requires: dbus-python Requires: dbus-python
Requires: python-setuptools Requires: python-setuptools
Requires: python-six Requires: python-six
Requires: python-jwcrypto Requires: python-jwcrypto
Requires: python-cffi Requires: python-cffi
Requires: python-ldap >= 2.4.15
Requires: python-requests
Requires: python-custodia
Requires: python-dns >= 1.11.1
Requires: python-netifaces >= 0.10.4
Requires: pyusb
Conflicts: %{alt_name}-python < %{version} Conflicts: %{alt_name}-python < %{version}
@ -538,7 +528,6 @@ Provides: python3-ipaplatform = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release} Requires: %{name}-common = %{version}-%{release}
Requires: python3-gssapi >= 1.1.2 Requires: python3-gssapi >= 1.1.2
Requires: gnupg Requires: gnupg
Requires: iproute
Requires: keyutils Requires: keyutils
Requires: python3-pyOpenSSL Requires: python3-pyOpenSSL
Requires: python3-nss >= 0.16 Requires: python3-nss >= 0.16
@ -551,12 +540,17 @@ Requires: python3-pyasn1
Requires: python3-dateutil Requires: python3-dateutil
Requires: python3-yubico >= 1.2.3 Requires: python3-yubico >= 1.2.3
Requires: python3-sss-murmur Requires: python3-sss-murmur
Requires: curl
Requires: python3-dbus Requires: python3-dbus
Requires: python3-setuptools Requires: python3-setuptools
Requires: python3-six Requires: python3-six
Requires: python3-jwcrypto Requires: python3-jwcrypto
Requires: python3-cffi Requires: python3-cffi
Requires: python3-pyldap >= 2.4.15
Requires: python3-custodia
Requires: python3-requests
Requires: python3-dns >= 1.11.1
Requires: python3-netifaces >= 0.10.4
Requires: python3-pyusb
%description -n python3-ipalib %description -n python3-ipalib
IPA is an integrated solution to provide centrally managed Identity (users, IPA is an integrated solution to provide centrally managed Identity (users,
@ -573,7 +567,7 @@ If you are using IPA with Python 3, you need to install this package.
Summary: Common files used by IPA Summary: Common files used by IPA
Group: System Environment/Libraries Group: System Environment/Libraries
BuildArch: noarch BuildArch: noarch
Conflicts: %{name}-python < %{version}-%{release} Conflicts: %{name}-python < 4.2.91
Provides: %{alt_name}-common = %{version} Provides: %{alt_name}-common = %{version}
Conflicts: %{alt_name}-common Conflicts: %{alt_name}-common
@ -598,15 +592,16 @@ BuildArch: noarch
Obsoletes: %{name}-tests < 4.2.91 Obsoletes: %{name}-tests < 4.2.91
Provides: %{name}-tests = %{version}-%{release} Provides: %{name}-tests = %{version}-%{release}
%{?python_provide:%python_provide python2-ipatests} %{?python_provide:%python_provide python2-ipatests}
Requires: %{name}-client-common = %{version}-%{release} Requires: python2-ipaclient = %{version}-%{release}
Requires: python2-ipalib = %{version}-%{release} Requires: python2-ipaserver = %{version}-%{release}
Requires: tar Requires: tar
Requires: xz Requires: xz
Requires: python-nose Requires: python-nose
Requires: pytest >= 2.6 Requires: pytest >= 2.6
Requires: python-paste Requires: python-paste
Requires: python-coverage Requires: python-coverage
Requires: python-polib # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
Requires: python2-polib
Requires: python-pytest-multihost >= 0.5 Requires: python-pytest-multihost >= 0.5
Requires: python-pytest-sourceorder Requires: python-pytest-sourceorder
Requires: ldns-utils Requires: ldns-utils
@ -631,8 +626,9 @@ This package contains tests that verify IPA functionality.
Summary: IPA tests and test tools Summary: IPA tests and test tools
BuildArch: noarch BuildArch: noarch
%{?python_provide:%python_provide python3-ipatests} %{?python_provide:%python_provide python3-ipatests}
Requires: %{name}-client-common = %{version}-%{release} Requires: python3-ipaclient = %{version}-%{release}
Requires: python3-ipalib = %{version}-%{release} # FIXME: uncomment once there's python3-ipaserver
#Requires: python3-ipaserver = %{version}-%{release}
Requires: tar Requires: tar
Requires: xz Requires: xz
Requires: python3-nose Requires: python3-nose
@ -872,7 +868,6 @@ mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{etc_systemd_dir} mkdir -p %{buildroot}%{etc_systemd_dir}
install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
install -m 644 init/systemd/httpd.service %{buildroot}%{etc_systemd_dir}/httpd.service
install -m 644 init/systemd/ipa-custodia.service %{buildroot}%{_unitdir}/ipa-custodia.service install -m 644 init/systemd/ipa-custodia.service %{buildroot}%{_unitdir}/ipa-custodia.service
# END # END
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup
@ -899,6 +894,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/cron.d
mkdir -p %{buildroot}%{_sysconfdir}/ipa/custodia mkdir -p %{buildroot}%{_sysconfdir}/ipa/custodia
mkdir -p %{buildroot}%{_usr}/share/ipa/schema.d
%endif # ONLY_CLIENT %endif # ONLY_CLIENT
@ -1035,17 +1032,17 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
/^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew
if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody' 2>/dev/null; then
sed -ri ' sed -ri '
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
' /etc/ssh/sshd_config.ipanew ' /etc/ssh/sshd_config.ipanew
elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody' 2>/dev/null; then
sed -ri ' sed -ri '
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
' /etc/ssh/sshd_config.ipanew ' /etc/ssh/sshd_config.ipanew
elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody' 2>/dev/null; then
sed -ri ' sed -ri '
s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/ s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/
s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/ s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
@ -1096,6 +1093,7 @@ fi
%{_libexecdir}/ipa/ipa-dnskeysync-replica %{_libexecdir}/ipa/ipa-dnskeysync-replica
%{_libexecdir}/ipa/ipa-ods-exporter %{_libexecdir}/ipa/ipa-ods-exporter
%{_libexecdir}/ipa/ipa-httpd-kdcproxy %{_libexecdir}/ipa/ipa-httpd-kdcproxy
%{_libexecdir}/ipa/ipa-pki-retrieve-key
%dir %{_libexecdir}/ipa/oddjob %dir %{_libexecdir}/ipa/oddjob
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck %attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf
@ -1184,7 +1182,7 @@ fi
%{_tmpfilesdir}/%{name}.conf %{_tmpfilesdir}/%{name}.conf
%attr(644,root,root) %{_unitdir}/ipa_memcached.service %attr(644,root,root) %{_unitdir}/ipa_memcached.service
%attr(644,root,root) %{_unitdir}/ipa-custodia.service %attr(644,root,root) %{_unitdir}/ipa-custodia.service
%attr(644,root,root) %{etc_systemd_dir}/httpd.service %ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf
# END # END
%dir %{_usr}/share/ipa %dir %{_usr}/share/ipa
%{_usr}/share/ipa/wsgi.py* %{_usr}/share/ipa/wsgi.py*
@ -1275,7 +1273,8 @@ fi
%ghost %{_localstatedir}/lib/ipa/pki-ca/publish %ghost %{_localstatedir}/lib/ipa/pki-ca/publish
%ghost %{_localstatedir}/named/dyndb-ldap/ipa %ghost %{_localstatedir}/named/dyndb-ldap/ipa
%dir %attr(0700,root,root) %{_sysconfdir}/ipa/custodia %dir %attr(0700,root,root) %{_sysconfdir}/ipa/custodia
%dir %{_usr}/share/ipa/schema.d
%attr(0644,root,root) %{_usr}/share/ipa/schema.d/README
%files server-dns %files server-dns
%defattr(-,root,root,-) %defattr(-,root,root,-)
@ -1311,6 +1310,9 @@ fi
%{_sbindir}/ipa-getkeytab %{_sbindir}/ipa-getkeytab
%{_sbindir}/ipa-rmkeytab %{_sbindir}/ipa-rmkeytab
%{_sbindir}/ipa-join %{_sbindir}/ipa-join
%{_bindir}/ipa
%config %{_sysconfdir}/bash_completion.d
%{_mandir}/man1/ipa.1.gz
%{_mandir}/man1/ipa-getkeytab.1.gz %{_mandir}/man1/ipa-getkeytab.1.gz
%{_mandir}/man1/ipa-rmkeytab.1.gz %{_mandir}/man1/ipa-rmkeytab.1.gz
%{_mandir}/man1/ipa-client-install.1.gz %{_mandir}/man1/ipa-client-install.1.gz
@ -1325,6 +1327,9 @@ fi
%license COPYING %license COPYING
%dir %{python_sitelib}/ipaclient %dir %{python_sitelib}/ipaclient
%{python_sitelib}/ipaclient/*.py* %{python_sitelib}/ipaclient/*.py*
%{python_sitelib}/ipaclient/plugins/*.py*
%{python_sitelib}/ipaclient/remote_plugins/*.py*
%{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
%{python_sitelib}/ipaclient-*.egg-info %{python_sitelib}/ipaclient-*.egg-info
@ -1337,6 +1342,12 @@ fi
%dir %{python3_sitelib}/ipaclient %dir %{python3_sitelib}/ipaclient
%{python3_sitelib}/ipaclient/*.py %{python3_sitelib}/ipaclient/*.py
%{python3_sitelib}/ipaclient/__pycache__/*.py* %{python3_sitelib}/ipaclient/__pycache__/*.py*
%{python3_sitelib}/ipaclient/plugins/*.py
%{python3_sitelib}/ipaclient/plugins/__pycache__/*.py*
%{python3_sitelib}/ipaclient/remote_plugins/*.py
%{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
%{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
%{python3_sitelib}/ipaclient-*.egg-info %{python3_sitelib}/ipaclient-*.egg-info
%endif # with_python3 %endif # with_python3
@ -1361,15 +1372,6 @@ fi
%{_mandir}/man5/default.conf.5.gz %{_mandir}/man5/default.conf.5.gz
%files admintools
%defattr(-,root,root,-)
%doc README Contributors.txt
%license COPYING
%{_bindir}/ipa
%config %{_sysconfdir}/bash_completion.d
%{_mandir}/man1/ipa.1.gz
%files python-compat %files python-compat
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc README Contributors.txt %doc README Contributors.txt