diff --git a/fedora-30-nfs-utils-fixes.patch b/fedora-30-nfs-utils-fixes.patch new file mode 100644 index 0000000..702be40 --- /dev/null +++ b/fedora-30-nfs-utils-fixes.patch @@ -0,0 +1,189 @@ +From 2ee160d189042a356c1ba9bb91214f2a495cc10d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= +Date: Tue, 26 Feb 2019 13:59:06 +0100 +Subject: [PATCH] ipa-client-automount: handle NFS configuration file changes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +nfs-utils in Fedora 30 and later switched its configuration +file from /etc/sysconfig/nfs to /etc/nfs.conf, providing a +conversion service (nfs-convert.service) for upgrades. +However, for new installs the original configuration file +is missing. This change: +* adds a tuple-based osinfo.version_number method to handle + more kinds of OS versioning schemes +* detects RHEL and Fedora versions with the the new nfs-utils + behavior +* avoids backing up the new NFS configuration file as we do + not have to modify it. + +See: https://bugzilla.redhat.com/show_bug.cgi?id=1676981 + +Fixes: https://pagure.io/freeipa/issue/7868 +Signed-off-by: François Cami +Reviewed-By: Alexander Bokovoy +Reviewed-By: Christian Heimes +Reviewed-By: Rob Crittenden +--- + client/ipa-client-automount.in | 18 ++++++++++-------- + ipaplatform/fedora/constants.py | 9 ++++++++- + ipaplatform/fedora/paths.py | 3 +++ + ipaplatform/fedora/services.py | 2 +- + ipaplatform/osinfo.py | 9 +++++++++ + ipaplatform/rhel/constants.py | 7 +++++++ + ipaplatform/rhel/paths.py | 4 +++- + 7 files changed, 41 insertions(+), 11 deletions(-) + +diff --git a/client/ipa-client-automount.in b/client/ipa-client-automount.in +index 15926bd02..f9eda9c7f 100755 +--- a/client/ipa-client-automount.in ++++ b/client/ipa-client-automount.in +@@ -335,14 +335,16 @@ def configure_nfs(fstore, statestore): + """ + Configure secure NFS + """ +- replacevars = { +- constants.SECURE_NFS_VAR: 'yes', +- } +- ipautil.backup_config_and_replace_variables(fstore, +- paths.SYSCONFIG_NFS, replacevars=replacevars) +- tasks.restore_context(paths.SYSCONFIG_NFS) +- +- print("Configured %s" % paths.SYSCONFIG_NFS) ++ # Newer Fedora releases ship /etc/nfs.conf instead of /etc/sysconfig/nfs ++ # and do not require changes there. On these, SECURE_NFS_VAR == None ++ if constants.SECURE_NFS_VAR: ++ replacevars = { ++ constants.SECURE_NFS_VAR: 'yes', ++ } ++ ipautil.backup_config_and_replace_variables(fstore, ++ paths.SYSCONFIG_NFS, replacevars=replacevars) ++ tasks.restore_context(paths.SYSCONFIG_NFS) ++ print("Configured %s" % paths.SYSCONFIG_NFS) + + # Prepare the changes + # We need to use IPAChangeConf as simple regexp substitution +diff --git a/ipaplatform/fedora/constants.py b/ipaplatform/fedora/constants.py +index d48696e0f..744b30aa0 100644 +--- a/ipaplatform/fedora/constants.py ++++ b/ipaplatform/fedora/constants.py +@@ -10,6 +10,12 @@ This Fedora base platform module exports platform related constants. + from __future__ import absolute_import + + from ipaplatform.redhat.constants import RedHatConstantsNamespace ++from ipaplatform.osinfo import osinfo ++ ++# Fedora 28 and earlier use /etc/sysconfig/nfs ++# Fedora 30 and later use /etc/nfs.conf ++# Fedora 29 has both ++HAS_NFS_CONF = osinfo.version_number >= (30,) + + + class FedoraConstantsNamespace(RedHatConstantsNamespace): +@@ -22,6 +28,7 @@ class FedoraConstantsNamespace(RedHatConstantsNamespace): + # secure remote password, and DSA cert authentication. + # see https://fedoraproject.org/wiki/Changes/CryptoPolicy + TLS_HIGH_CIPHERS = "PROFILE=SYSTEM:!3DES:!PSK:!SRP:!aDSS" +- ++ if HAS_NFS_CONF: ++ SECURE_NFS_VAR = None + + constants = FedoraConstantsNamespace() +diff --git a/ipaplatform/fedora/paths.py b/ipaplatform/fedora/paths.py +index a9bdedfe8..4e993c063 100644 +--- a/ipaplatform/fedora/paths.py ++++ b/ipaplatform/fedora/paths.py +@@ -26,6 +26,7 @@ in Fedora-based systems. + from __future__ import absolute_import + + from ipaplatform.redhat.paths import RedHatPathNamespace ++from ipaplatform.fedora.constants import HAS_NFS_CONF + + + class FedoraPathNamespace(RedHatPathNamespace): +@@ -33,6 +34,8 @@ class FedoraPathNamespace(RedHatPathNamespace): + "/etc/httpd/conf.modules.d/02-ipa-wsgi.conf" + ) + NAMED_CRYPTO_POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config" ++ if HAS_NFS_CONF: ++ SYSCONFIG_NFS = '/etc/nfs.conf' + + + paths = FedoraPathNamespace() +diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py +index 5ff64f1cd..543cb1b7d 100644 +--- a/ipaplatform/fedora/services.py ++++ b/ipaplatform/fedora/services.py +@@ -34,7 +34,7 @@ fedora_system_units = redhat_services.redhat_system_units.copy() + # Fedora 28 and earlier have fedora-domainname.service. Starting from + # Fedora 29, the service is called nis-domainname.service as defined in + # ipaplatform.redhat.services. +-HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28 ++HAS_FEDORA_DOMAINNAME_SERVICE = osinfo.version_number <= (28,) + + if HAS_FEDORA_DOMAINNAME_SERVICE: + fedora_system_units['domainname'] = 'fedora-domainname.service' +diff --git a/ipaplatform/osinfo.py b/ipaplatform/osinfo.py +index a38165d01..35b024e16 100644 +--- a/ipaplatform/osinfo.py ++++ b/ipaplatform/osinfo.py +@@ -177,6 +177,15 @@ class OSInfo(Mapping): + """ + return self._info.get('VERSION_ID') + ++ @property ++ def version_number(self): ++ """Version number tuple based on version_id ++ """ ++ version_id = self._info.get('VERSION_ID') ++ if not version_id: ++ return () ++ return tuple(int(p) for p in version_id.split('.')) ++ + @property + def platform_ids(self): + """Ordered tuple of detected platforms (including override) +diff --git a/ipaplatform/rhel/constants.py b/ipaplatform/rhel/constants.py +index 72335ac68..073e33281 100644 +--- a/ipaplatform/rhel/constants.py ++++ b/ipaplatform/rhel/constants.py +@@ -10,10 +10,17 @@ This RHEL base platform module exports platform related constants. + from __future__ import absolute_import + + from ipaplatform.redhat.constants import RedHatConstantsNamespace ++from ipaplatform.osinfo import osinfo ++ ++# RHEL 7 and earlier use /etc/sysconfig/nfs ++# RHEL 8 uses /etc/nfs.conf ++HAS_NFS_CONF = osinfo.version_number >= (8,) + + + class RHELConstantsNamespace(RedHatConstantsNamespace): + IPA_ADTRUST_PACKAGE_NAME = "ipa-server-trust-ad" + IPA_DNS_PACKAGE_NAME = "ipa-server-dns" ++ if HAS_NFS_CONF: ++ SECURE_NFS_VAR = None + + constants = RHELConstantsNamespace() +diff --git a/ipaplatform/rhel/paths.py b/ipaplatform/rhel/paths.py +index d8b64abde..c081ada32 100644 +--- a/ipaplatform/rhel/paths.py ++++ b/ipaplatform/rhel/paths.py +@@ -26,10 +26,12 @@ in RHEL-based systems. + from __future__ import absolute_import + + from ipaplatform.redhat.paths import RedHatPathNamespace ++from ipaplatform.rhel.constants import HAS_NFS_CONF + + + class RHELPathNamespace(RedHatPathNamespace): +- pass ++ if HAS_NFS_CONF: ++ SYSCONFIG_NFS = '/etc/nfs.conf' + + + paths = RHELPathNamespace() +-- +2.20.1 + diff --git a/freeipa.spec b/freeipa.spec index 3527fe7..49e1995 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -142,7 +142,7 @@ Name: %{package_name} Version: %{IPA_VERSION} -Release: 5%{?dist} +Release: 6%{?dist} Summary: The Identity, Policy and Audit system License: GPLv3+ @@ -152,6 +152,7 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.as Patch0001: freeipa-git-master-build-fixes.patch Patch0002: fedora-30-fs.protected_regular.patch Patch0003: fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch +Patch0004: fedora-30-nfs-utils-fixes.patch # For the timestamp trick in patch application BuildRequires: diffstat @@ -1737,6 +1738,10 @@ fi %changelog +* Thu Feb 28 2019 Alexander Bokovoy - 4.7.2-6 +- Support new nfs-utils behavior (#1668836) +- ipa-client-automount now works without /etc/sysconfig/nfs + * Tue Feb 19 2019 François Cami - 4.7.2-5 - Fix FTBS due to Samba having removed talloc_strackframe.h and memory.h (#1678670)