From 5e038ec7501800c124e6292ac738e8478e0eb31d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 10 Dec 2012 15:52:46 -0500
Subject: [PATCH] Updated to upstream 3.1.0 GA

- Set minimum for sssd to 1.9.2
- Set minimum for pki-ca to 10.0.0-1
- Set minimum for 389-ds-base to 1.3.0
- Set minimum for selinux-policy to 3.11.1-60
- Remove unneeded dogtag package requires
---
 .gitignore   |  1 +
 freeipa.spec | 68 +++++++++++++++++++++++++++++++++-------------------
 sources      |  2 +-
 3 files changed, 46 insertions(+), 25 deletions(-)

diff --git a/.gitignore b/.gitignore
index 95af362..faf6de8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@
 /freeipa-3.0.0.rc1.tar.gz
 /freeipa-3.0.0.rc2.tar.gz
 /freeipa-3.0.0.tar.gz
+/freeipa-3.1.0.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index d1fe1ec..67bfb8a 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -11,11 +11,11 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 %endif
 %global POLICYCOREUTILSVER 2.1.12-5
 %global gettext_domain ipa
-%global VERSION 3.0.0
+%global VERSION 3.1.0
 
 Name:           freeipa
-Version:        3.0.0
-Release:        3%{?dist}
+Version:        3.1.0
+Release:        1%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 Group:          System Environment/Base
@@ -24,10 +24,8 @@ URL:            http://www.freeipa.org/
 Source0:        http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-Patch1:         0001-Use-TLS-for-CA-replication.patch
-
 %if ! %{ONLY_CLIENT}
-BuildRequires:  389-ds-base-devel >= 1.2.11.14
+BuildRequires:  389-ds-base-devel >= 1.3.0
 BuildRequires:  svrcore-devel
 BuildRequires:  /usr/share/selinux/devel/Makefile
 BuildRequires:  policycoreutils >= %{POLICYCOREUTILSVER}
@@ -66,11 +64,11 @@ BuildRequires:  pylint
 BuildRequires:  python-polib
 BuildRequires:  libipa_hbac-python
 BuildRequires:  python-memcached
-BuildRequires:  sssd >= 1.9.0
+BuildRequires:  sssd >= 1.9.2
 BuildRequires:  python-lxml
 BuildRequires:  python-pyasn1 >= 0.0.9a
 BuildRequires:  python-dns
-BuildRequires:  python-crypto
+BuildRequires:  m2crypto
 BuildRequires:  check >= 0.9.5
 BuildRequires:  libsss_idmap-devel
 
@@ -88,7 +86,7 @@ Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
 Requires: %{name}-server-selinux = %{version}-%{release}
-Requires(pre): 389-ds-base >= 1.3.0
+Requires: 389-ds-base >= 1.3.0
 Requires: openldap-clients
 Requires: nss
 Requires: nss-tools
@@ -110,17 +108,11 @@ Requires: python-memcached
 Requires: systemd-units >= 36-3
 Requires(pre): systemd-units
 Requires(post): systemd-units
-Requires: selinux-policy >= 3.11.1-33
+Requires: selinux-policy >= 3.11.1-60
 Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.40
-Requires: pki-ca >= pki-ca-10.0.0-0.43.b1
-Requires: pki-silent >= 10.0.0-0.43.b1
-Requires: pki-setup >= 10.0.0-0.43.b1
-# Temporary until dogtag adds their own requires: 09/21/12
-Requires: pki-symkey >= 10.0.0-0.43.a1
-Requires: tomcat >= 7.0.29
-Requires: dogtag-pki-common-theme
-Requires: dogtag-pki-ca-theme
+Requires: slapi-nis >= 0.44
+Requires: pki-ca >= 10.0.0-1
+Requires: dogtag-pki-server-theme
 %if 0%{?rhel}
 Requires: subscription-manager
 %endif
@@ -129,11 +121,13 @@ Requires(postun): python systemd-units
 Requires: python-dns
 Requires: keyutils
 Requires: zip
+Requires: policycoreutils >= %{POLICYCOREUTILSVER}
+Requires: tar
 
 # We have a soft-requires on bind. It is an optional part of
 # IPA but if it is configured we need a way to require versions
 # that work for us.
-Conflicts: bind-dyndb-ldap < 1.1.0-0.16.rc1
+Conflicts: bind-dyndb-ldap < 2.3-2
 Conflicts: bind < 9.9.1-10.P3
 
 # mod_proxy provides a single API to communicate over SSL. If mod_ssl
@@ -223,7 +217,7 @@ Requires: pam_krb5
 Requires: wget
 Requires: libcurl
 Requires: xmlrpc-c
-Requires: sssd >= 1.9.0
+Requires: sssd >= 1.9.2
 Requires: certmonger >= 0.60
 Requires: nss-tools
 Requires: bind-utils
@@ -312,7 +306,7 @@ done
 %build
 export CFLAGS="$CFLAGS %{optflags}"
 export CPPFLAGS="$CPPFLAGS %{optflags}"
-export SUPPORTED_PLATFORM=fedora16
+export SUPPORTED_PLATFORM=fedora18
 # Force re-generate of platform support
 rm -f ipapython/services.py
 make version-update
@@ -334,7 +328,7 @@ make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client
 %install
 rm -rf %{buildroot}
 %if ! %{ONLY_CLIENT}
-export SUPPORTED_PLATFORM=fedora16
+export SUPPORTED_PLATFORM=fedora18
 # Force re-generate of platform support
 rm -f ipapython/services.py
 make install DESTDIR=%{buildroot}
@@ -412,6 +406,7 @@ mkdir %{buildroot}%{_sysconfdir}/sysconfig/
 install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
 mkdir -p %{buildroot}%{_localstatedir}/run/
 install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
+install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa/
 
 mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
 touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
@@ -451,7 +446,7 @@ if [ $1 -gt 1 ] ; then
     # Note also it is now safe to run this script against working FreeIPA install
     # after it has been migrated to systemd setup
     /usr/libexec/freeipa-systemd-upgrade || :
-    /usr/sbin/ipa-upgradeconfig >/dev/null 2>&1|| :
+    /usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
 fi
 
 %posttrans server
@@ -532,6 +527,21 @@ if [ $1 -eq 0 ]; then
 fi
 %endif
 
+%post client
+if [ $1 -gt 1 ] ; then
+    # Has the client been configured?
+    restore=0
+    test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
+
+    if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
+        if ! egrep -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf  2>/dev/null ; then
+            echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
+            cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
+            mv /etc/krb5.conf.ipanew /etc/krb5.conf
+            /sbin/restorecon /etc/krb5.conf
+        fi
+    fi
+fi
 
 %if ! %{ONLY_CLIENT}
 %files server -f server-python.list
@@ -557,6 +567,7 @@ fi
 %{_sysconfdir}/cron.d/ipa-compliance
 %config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
 %dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
+%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
 %config %{_sysconfdir}/tmpfiles.d/ipa.conf
 # Use systemd scheme
 %attr(644,root,root) %{_unitdir}/ipa.service
@@ -570,6 +581,7 @@ fi
 %attr(755,root,root) %{_libdir}/ipa/certmonger/*
 %dir %{_usr}/share/ipa
 %{_usr}/share/ipa/wsgi.py*
+%{_usr}/share/ipa/copy-schema-to-ca.py*
 %{_usr}/share/ipa/*.ldif
 %{_usr}/share/ipa/*.uldif
 %{_usr}/share/ipa/*.template
@@ -744,6 +756,14 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Mon Dec 10 2012 Rob Crittenden <rcritten@redhat.com> - 3.1.0-1
+- Updated to upstream 3.1.0 GA
+- Set minimum for sssd to 1.9.2
+- Set minimum for pki-ca to 10.0.0-1
+- Set minimum for 389-ds-base to 1.3.0
+- Set minimum for selinux-policy to 3.11.1-60
+- Remove unneeded dogtag package requires
+
 * Fri Oct 23 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-3
 - Update Requires on krb5-server to 1.11
 
diff --git a/sources b/sources
index aaa6393..49a65f5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d80d320f13fa5944eda5112b085cfb51  freeipa-3.0.0.tar.gz
+0277193d850c28ecfddacfa66e9afa03  freeipa-3.1.0.tar.gz