FreeIPA 4.8.5
This commit is contained in:
parent
98704e21f0
commit
6d5d5ab36b
193
freeipa.spec
193
freeipa.spec
@ -52,6 +52,13 @@
|
||||
%global linter_options --disable-pylint --without-jslint
|
||||
%endif
|
||||
|
||||
# Include SELinux subpackage
|
||||
%if 0%{?fedora} >= 30 || 0%{?rhel} > 8
|
||||
%global with_selinux 1
|
||||
%global selinuxtype targeted
|
||||
%global modulename ipa
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel}
|
||||
%global package_name ipa
|
||||
%global alt_name freeipa
|
||||
@ -85,7 +92,14 @@
|
||||
%global samba_version 2:4.12
|
||||
# SELinux context for /etc/named directory, RHBZ#1759495
|
||||
%global selinux_policy_version 3.14.3-52
|
||||
%global slapi_nis_version 0.56.1
|
||||
%global slapi_nis_version 0.56.4
|
||||
|
||||
# krb5 can only provide one KDB at a time
|
||||
%if 0%{?fedora} >= 32
|
||||
%global krb5_kdb_version 8.0
|
||||
%else
|
||||
%global krb5_kdb_version 7.0
|
||||
%endif
|
||||
|
||||
# fix for segfault in python3-ldap, https://pagure.io/freeipa/issue/7324
|
||||
%global python_ldap_version 3.1.0-1
|
||||
@ -105,7 +119,8 @@
|
||||
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/
|
||||
%{?python_disable_dependency_generator}
|
||||
|
||||
%endif # Fedora
|
||||
# Fedora
|
||||
%endif
|
||||
|
||||
# 10.7.3 supports LWCA key replication using AES
|
||||
# https://pagure.io/freeipa/issue/8020
|
||||
@ -134,7 +149,7 @@
|
||||
|
||||
# Work-around fact that RPM SPEC parser does not accept
|
||||
# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
|
||||
%define IPA_VERSION 4.8.4
|
||||
%define IPA_VERSION 4.8.5
|
||||
%define AT_SIGN @
|
||||
# redefine IPA_VERSION only if its value matches the Autoconf placeholder
|
||||
%if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"
|
||||
@ -143,7 +158,7 @@
|
||||
|
||||
Name: %{package_name}
|
||||
Version: %{IPA_VERSION}
|
||||
Release: 8%{?dist}
|
||||
Release: 1%{?dist}
|
||||
Summary: The Identity, Policy and Audit system
|
||||
|
||||
License: GPLv3+
|
||||
@ -151,15 +166,6 @@ URL: http://www.freeipa.org/
|
||||
Source0: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
|
||||
Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc
|
||||
|
||||
# https://github.com/freeipa/freeipa/pull/4045
|
||||
# Fix bugs in the overlapping DNS zone check
|
||||
Patch0: 4045.patch
|
||||
Patch1: krb5-kdb-fixes.patch
|
||||
Patch2: krb5-1.18-support.patch
|
||||
Patch3: krb5-1.18-support-constraint-delegation.patch
|
||||
Patch4: krb5-pg8200.patch
|
||||
Patch5: freeipa-4.8-opendnssec-2.1-support.patch
|
||||
|
||||
# For the timestamp trick in patch application
|
||||
BuildRequires: diffstat
|
||||
|
||||
@ -206,7 +212,8 @@ BuildRequires: libunistring-devel
|
||||
# 0.13.0: https://bugzilla.redhat.com/show_bug.cgi?id=1584773
|
||||
# 0.13.0-2: fix for missing dependency on python-six
|
||||
BuildRequires: python3-lesscpy >= 0.13.0-2
|
||||
%endif # ONLY_CLIENT
|
||||
# ONLY_CLIENT
|
||||
%endif
|
||||
|
||||
#
|
||||
# Build dependencies for makeapi/makeaci
|
||||
@ -233,7 +240,8 @@ BuildRequires: python3-twine
|
||||
BuildRequires: twine
|
||||
%endif
|
||||
BuildRequires: python3-wheel
|
||||
%endif # with_wheels
|
||||
# with_wheels
|
||||
%endif
|
||||
|
||||
#
|
||||
# Build dependencies for lint and fastcheck
|
||||
@ -250,6 +258,7 @@ BuildRequires: python3-custodia >= 0.3.1
|
||||
BuildRequires: python3-dateutil
|
||||
BuildRequires: python3-dbus
|
||||
BuildRequires: python3-dns >= 1.15
|
||||
BuildRequires: python3-docker
|
||||
BuildRequires: python3-gssapi >= 1.2.0
|
||||
BuildRequires: python3-jinja2
|
||||
BuildRequires: python3-jwcrypto >= 0.4.2
|
||||
@ -283,7 +292,8 @@ BuildRequires: python3-sss-murmur
|
||||
BuildRequires: python3-sssdconfig >= %{sssd_version}
|
||||
BuildRequires: python3-systemd
|
||||
BuildRequires: python3-yubico
|
||||
%endif # with_lint
|
||||
# with_lint
|
||||
%endif
|
||||
|
||||
#
|
||||
# Build dependencies for unit tests
|
||||
@ -292,7 +302,15 @@ BuildRequires: python3-yubico
|
||||
BuildRequires: libcmocka-devel
|
||||
# Required by ipa_kdb_tests
|
||||
BuildRequires: krb5-server >= %{krb5_version}
|
||||
%endif # ONLY_CLIENT
|
||||
# ONLY_CLIENT
|
||||
%endif
|
||||
|
||||
#
|
||||
# Build dependencies for SELinux policy
|
||||
#
|
||||
%if 0%{?with_selinux}
|
||||
BuildRequires: selinux-policy-devel
|
||||
%endif
|
||||
|
||||
%description
|
||||
IPA is an integrated solution to provide centrally managed Identity (users,
|
||||
@ -359,6 +377,11 @@ Requires: oddjob
|
||||
# 0.7.0-2: https://pagure.io/gssproxy/pull-request/172
|
||||
Requires: gssproxy >= 0.7.0-2
|
||||
Requires: sssd-dbus >= %{sssd_version}
|
||||
%if 0%{?with_selinux}
|
||||
# This ensures that the *-selinux package and all it’s dependencies are not pulled
|
||||
# into containers and other systems that do not use SELinux
|
||||
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
|
||||
%endif
|
||||
|
||||
Provides: %{alt_name}-server = %{version}
|
||||
Conflicts: %{alt_name}-server
|
||||
@ -497,7 +520,8 @@ Cross-realm trusts with Active Directory in IPA require working Samba 4
|
||||
installation. This package is provided for convenience to install all required
|
||||
dependencies at once.
|
||||
|
||||
%endif # ONLY_CLIENT
|
||||
# ONLY_CLIENT
|
||||
%endif
|
||||
|
||||
|
||||
%package client
|
||||
@ -727,7 +751,22 @@ features for further integration with Linux based clients (SUDO, automount)
|
||||
and integration with Active Directory based infrastructures (Trusts).
|
||||
This package contains tests that verify IPA functionality under Python 3.
|
||||
|
||||
%endif # with_ipatests
|
||||
# with_ipatests
|
||||
%endif
|
||||
|
||||
%if 0%{?with_selinux}
|
||||
# SELinux subpackage
|
||||
%package selinux
|
||||
Summary: FreeIPA SELinux policy
|
||||
BuildArch: noarch
|
||||
Requires: selinux-policy-%{selinuxtype}
|
||||
Requires(post): selinux-policy-%{selinuxtype}
|
||||
%{?selinux_requires}
|
||||
|
||||
%description selinux
|
||||
Custom SELinux policy module for FreeIPA
|
||||
# with_selinux
|
||||
%endif
|
||||
|
||||
|
||||
%prep
|
||||
@ -789,6 +828,19 @@ make %{?_smp_mflags} check VERBOSE=yes LIBDIR=%{_libdir}
|
||||
|
||||
%{__make} python_install DESTDIR=%{?buildroot} INSTALL="%{__install} -p"
|
||||
|
||||
%if 0%{?with_ipatests}
|
||||
mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version}
|
||||
mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version}
|
||||
mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version}
|
||||
ln -rs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
|
||||
ln -rs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
|
||||
ln -rs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
|
||||
ln -frs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests
|
||||
ln -frs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config
|
||||
ln -frs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task
|
||||
# with_ipatests
|
||||
%endif
|
||||
|
||||
# default installation
|
||||
# This installs all Python packages twice and overrides the ipa-test
|
||||
# commands. We'll fix the command links later with ln --force.
|
||||
@ -835,14 +887,16 @@ mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
|
||||
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
|
||||
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
||||
|
||||
%endif # ONLY_CLIENT
|
||||
# ONLY_CLIENT
|
||||
%endif
|
||||
|
||||
/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf
|
||||
/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt
|
||||
|
||||
%if ! %{ONLY_CLIENT}
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/cron.d
|
||||
%endif # ONLY_CLIENT
|
||||
# ONLY_CLIENT
|
||||
%endif
|
||||
|
||||
|
||||
%if ! %{ONLY_CLIENT}
|
||||
@ -955,7 +1009,8 @@ if [ $1 -eq 0 ]; then
|
||||
/bin/systemctl reload-or-try-restart oddjobd
|
||||
fi
|
||||
|
||||
%endif # ONLY_CLIENT
|
||||
# ONLY_CLIENT
|
||||
%endif
|
||||
|
||||
|
||||
%post client
|
||||
@ -993,6 +1048,26 @@ if [ $1 -gt 1 ] ; then
|
||||
fi
|
||||
|
||||
|
||||
%if 0%{?with_selinux}
|
||||
# SELinux contexts are saved so that only affected files can be
|
||||
# relabeled after the policy module installation
|
||||
%pre selinux
|
||||
%selinux_relabel_pre -s %{selinuxtype}
|
||||
|
||||
%post selinux
|
||||
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
|
||||
|
||||
%postun selinux
|
||||
if [ $1 -eq 0 ]; then
|
||||
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
|
||||
fi
|
||||
|
||||
%posttrans selinux
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
# with_selinux
|
||||
%endif
|
||||
|
||||
|
||||
%triggerin client -- openssh-server
|
||||
# Has the client been configured?
|
||||
restore=0
|
||||
@ -1059,10 +1134,6 @@ fi
|
||||
%{_sbindir}/ipa-cert-fix
|
||||
%{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
|
||||
%{_libexecdir}/certmonger/ipa-server-guard
|
||||
%{_libexecdir}/ipa/custodia/ipa-custodia-dmldap
|
||||
%{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat
|
||||
%{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat-wrapped
|
||||
%{_libexecdir}/ipa/custodia/ipa-custodia-ra-agent
|
||||
%dir %{_libexecdir}/ipa
|
||||
%{_libexecdir}/ipa/ipa-custodia
|
||||
%{_libexecdir}/ipa/ipa-custodia-check
|
||||
@ -1071,8 +1142,14 @@ fi
|
||||
%{_libexecdir}/ipa/ipa-pki-retrieve-key
|
||||
%{_libexecdir}/ipa/ipa-pki-wait-running
|
||||
%{_libexecdir}/ipa/ipa-otpd
|
||||
%dir %{_libexecdir}/ipa/custodia
|
||||
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-dmldap
|
||||
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat
|
||||
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat-wrapped
|
||||
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-ra-agent
|
||||
%dir %{_libexecdir}/ipa/oddjob
|
||||
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck
|
||||
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.trust-enable-agent
|
||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf
|
||||
%config(noreplace) %{_sysconfdir}/oddjobd.conf.d/ipa-server.conf
|
||||
%dir %{_libexecdir}/ipa/certmonger
|
||||
@ -1187,16 +1264,16 @@ fi
|
||||
%dir %{_sysconfdir}/ipa/html
|
||||
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
|
||||
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/ipa-kdc-proxy.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
|
||||
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
||||
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
|
||||
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
||||
%ghost %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
||||
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/ipa-kdc-proxy.conf
|
||||
%ghost %attr(0644,root,root) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
|
||||
%ghost %attr(0640,root,named) %config(noreplace) %{_sysconfdir}/named/ipa-ext.conf
|
||||
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
|
||||
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini
|
||||
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con
|
||||
%ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krb.con
|
||||
%ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krb5.ini
|
||||
%ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krbrealm.con
|
||||
%dir %{_usr}/share/ipa/updates/
|
||||
%{_usr}/share/ipa/updates/*
|
||||
%dir %{_localstatedir}/lib/ipa
|
||||
@ -1208,8 +1285,8 @@ fi
|
||||
%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/certs
|
||||
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/private
|
||||
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/passwds
|
||||
%ghost %{_localstatedir}/lib/ipa/pki-ca/publish
|
||||
%ghost %{_localstatedir}/named/dyndb-ldap/ipa
|
||||
%ghost %attr(775,root,pkiuser) %{_localstatedir}/lib/ipa/pki-ca/publish
|
||||
%ghost %attr(770,named,named) %{_localstatedir}/named/dyndb-ldap/ipa
|
||||
%dir %attr(0700,root,root) %{_sysconfdir}/ipa/custodia
|
||||
%dir %{_usr}/share/ipa/schema.d
|
||||
%attr(0644,root,root) %{_usr}/share/ipa/schema.d/README
|
||||
@ -1241,9 +1318,10 @@ fi
|
||||
%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
||||
%{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf
|
||||
%{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf
|
||||
%%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains
|
||||
%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains
|
||||
|
||||
%endif # ONLY_CLIENT
|
||||
# ONLY_CLIENT
|
||||
%endif
|
||||
|
||||
|
||||
%files client
|
||||
@ -1304,19 +1382,19 @@ fi
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
|
||||
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/default.conf
|
||||
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
|
||||
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb
|
||||
# old dbm format
|
||||
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db
|
||||
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db
|
||||
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
|
||||
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db
|
||||
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db
|
||||
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
|
||||
# new sql format
|
||||
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert9.db
|
||||
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key4.db
|
||||
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pkcs11.txt
|
||||
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
|
||||
%ghost %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
|
||||
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert9.db
|
||||
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/key4.db
|
||||
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/pkcs11.txt
|
||||
%ghost %attr(600,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
|
||||
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
|
||||
%dir %{_localstatedir}/lib/ipa-client
|
||||
%dir %{_localstatedir}/lib/ipa-client/pki
|
||||
%dir %{_localstatedir}/lib/ipa-client/sysrestore
|
||||
@ -1329,6 +1407,7 @@ fi
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
|
||||
|
||||
%files common -f %{gettext_domain}.lang
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
@ -1355,14 +1434,28 @@ fi
|
||||
%license COPYING
|
||||
%{python3_sitelib}/ipatests
|
||||
%{python3_sitelib}/ipatests-*.egg-info
|
||||
%{_bindir}/ipa-run-tests-3
|
||||
%{_bindir}/ipa-test-config-3
|
||||
%{_bindir}/ipa-test-task-3
|
||||
%{_bindir}/ipa-run-tests-%{python3_version}
|
||||
%{_bindir}/ipa-test-config-%{python3_version}
|
||||
%{_bindir}/ipa-test-task-%{python3_version}
|
||||
%{_bindir}/ipa-run-tests
|
||||
%{_bindir}/ipa-test-config
|
||||
%{_bindir}/ipa-test-task
|
||||
%{_mandir}/man1/ipa-run-tests.1*
|
||||
%{_mandir}/man1/ipa-test-config.1*
|
||||
%{_mandir}/man1/ipa-test-task.1*
|
||||
%endif # with_ipatests
|
||||
|
||||
# with_ipatests
|
||||
%endif
|
||||
|
||||
%if 0%{?with_selinux}
|
||||
%files selinux
|
||||
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
|
||||
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||
# with_selinux
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Mar 03 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-8
|
||||
|
Loading…
Reference in New Issue
Block a user