diff --git a/.gitignore b/.gitignore
index f7374d7..e26dc56 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@
/freeipa-2.1.3.tar.gz
/freeipa-2.1.3-wait_for_socket.patch.gz
/freeipa-2.1.4.tar.gz
+/freeipa-2.1.90.pre1.tar.gz
diff --git a/freeipa-2.1.4-connection-failure-recovery.patch b/freeipa-2.1.4-connection-failure-recovery.patch
deleted file mode 100644
index 98c7d95..0000000
--- a/freeipa-2.1.4-connection-failure-recovery.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From 859d28ce9d4b0f356122b576eab397ed7a066745 Mon Sep 17 00:00:00 2001
-From: Martin Kosek <mkosek@redhat.com>
-Date: Thu, 8 Dec 2011 14:52:49 +0100
-Subject: [PATCH 4/6] Add connection failure recovery to IPAdmin
-
-Recover from connection failures in IPAdmin LDAP bind functions and
-rather try reconnect in scope of a given timeout instead of giving
-up after the first failed connection.
-
-The recovery fixes ipa-ldap-updater on F-16 which always failed
-because of a missing dirsrv socket.
-
-https://fedorahosted.org/freeipa/ticket/2175
----
- ipaserver/ipaldap.py | 35 +++++++++++++++++++++++++++++------
- 1 files changed, 29 insertions(+), 6 deletions(-)
-
-diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
-index 74cfbfda911facbf6f3bddf5972b3f035a9cfde0..1820e690b10c820efcd3217801bde6b685bbf20b 100644
---- a/ipaserver/ipaldap.py
-+++ b/ipaserver/ipaldap.py
-@@ -30,14 +30,17 @@ import cStringIO
- import time
- import struct
- import ldap.sasl
-+import ldapurl
- from ldap.controls import LDAPControl,DecodeControlTuples,EncodeControlTuples
- from ldap.ldapobject import SimpleLDAPObject
- from ipaserver import ipautil
-+from ipaserver.install import installutils
- from ipalib import errors
- from ipapython.ipautil import format_netloc
-
- # Global variable to define SASL auth
- SASL_AUTH = ldap.sasl.sasl({},'GSSAPI')
-+DEFAULT_TIMEOUT = 10
-
- class Entry:
- """
-@@ -330,6 +333,26 @@ class IPAdmin(SimpleLDAPObject):
- except ldap.LDAPError, e:
- raise errors.DatabaseError(desc=desc,info=info)
-
-+ def __wait_for_connection(self, timeout):
-+ lurl = ldapurl.LDAPUrl(self._uri)
-+ if lurl.urlscheme == 'ldapi':
-+ installutils.wait_for_open_socket(lurl.hostport, timeout)
-+ else:
-+ (host,port) = lurl.hostport.split(':')
-+ installutils.wait_for_open_ports(host, int(port), timeout)
-+
-+ def __bind_with_wait(self, bind_func, timeout, *args, **kwargs):
-+ try:
-+ bind_func(*args, **kwargs)
-+ except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e:
-+ if not timeout:
-+ raise e
-+ try:
-+ self.__wait_for_connection(timeout)
-+ except:
-+ raise e
-+ bind_func(*args, **kwargs)
-+
- def toLDAPURL(self):
- return "ldap://%s/" % format_netloc(self.host, self.port)
-
-@@ -346,19 +369,19 @@ class IPAdmin(SimpleLDAPObject):
- except ldap.LDAPError, e:
- self.__handle_errors(e, **{})
-
-- def do_simple_bind(self, binddn="cn=directory manager", bindpw=""):
-+ def do_simple_bind(self, binddn="cn=directory manager", bindpw="", timeout=DEFAULT_TIMEOUT):
- self.binddn = binddn
- self.bindpwd = bindpw
-- self.simple_bind_s(binddn, bindpw)
-+ self.__bind_with_wait(self.simple_bind_s, timeout, binddn, bindpw)
- self.__lateinit()
-
-- def do_sasl_gssapi_bind(self):
-- self.sasl_interactive_bind_s('', SASL_AUTH)
-+ def do_sasl_gssapi_bind(self, timeout=DEFAULT_TIMEOUT):
-+ self.__bind_with_wait(self.sasl_interactive_bind_s, timeout, '', SASL_AUTH)
- self.__lateinit()
-
-- def do_external_bind(self, user_name=None):
-+ def do_external_bind(self, user_name=None, timeout=DEFAULT_TIMEOUT):
- auth_tokens = ldap.sasl.external(user_name)
-- self.sasl_interactive_bind_s("", auth_tokens)
-+ self.__bind_with_wait(self.sasl_interactive_bind_s, timeout, '', auth_tokens)
- self.__lateinit()
-
- def getEntry(self,*args):
---
-1.7.7.4
-
diff --git a/freeipa-2.1.4-fix-pylint-f16.patch b/freeipa-2.1.4-fix-pylint-f16.patch
deleted file mode 100644
index 06d24c6..0000000
--- a/freeipa-2.1.4-fix-pylint-f16.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From d27b23d4315d24e62d83ddf0012b347ffad36e9c Mon Sep 17 00:00:00 2001
-From: Rob Crittenden <rcritten@redhat.com>
-Date: Thu, 8 Dec 2011 16:11:22 -0500
-Subject: [PATCH 6/6] Fix some pylint issues found in F-16
-
-* Using default_attributes rather than what would be defined in output
- is the preferred mechanism for determining what attributes to
- retrieve.
-
-* Replace some add_s() calls with addEntry()
----
- doc/examples/examples.py | 9 +++++++--
- ipaserver/install/krbinstance.py | 4 ++--
- ipaserver/install/service.py | 2 +-
- 3 files changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/doc/examples/examples.py b/doc/examples/examples.py
-index a969c898bcf8a6829b83898bd2d68400ae939ff3..7053e589a1a058d7742b51cbceaf683971555621 100644
---- a/doc/examples/examples.py
-+++ b/doc/examples/examples.py
-@@ -314,6 +314,11 @@ class exuser(Object):
- ),
- )
-
-+ # You may not want to return all attributes in the entry by default.
-+ # Use default_attributes to limit the list of returned values. The
-+ # caller can set all to True to return all attributes.
-+ default_attributes = ['uid', 'givenname', 'sn']
-+
- # register the object, uncomment this line if you want to try it out
- #api.register(exuser)
-
-@@ -352,7 +357,7 @@ class exuser_show(Method):
- if options.get('all', False):
- attrs_list = ['*']
- else:
-- attrs_list = [p.name for p in self.output_params()]
-+ attrs_list = self.obj.default_attributes
-
- (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
- entry_attrs['dn'] = dn
-@@ -398,7 +403,7 @@ class exuser_find(Method):
- if options.get('all', False):
- attrs_list = ['*']
- else:
-- attrs_list = [p.name for p in self.output_params()]
-+ attrs_list = self.obj.default_attributes
-
- # perform the search
- (entries, truncated) = ldap.find_entries(
-diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
-index ce70c231dfb7e7b6b59c0496721cced0d09f1604..df6fc5a6ea6fbc4d9c207122dbb3c1ce1f5b4f50 100644
---- a/ipaserver/install/krbinstance.py
-+++ b/ipaserver/install/krbinstance.py
-@@ -284,7 +284,7 @@ class KrbInstance(service.Service):
- entry.setValues("nsSaslMapFilterTemplate", '(krbPrincipalName=\\1@\\2)')
-
- try:
-- self.admin_conn.add_s(entry)
-+ self.admin_conn.addEntry(entry)
- except ldap.ALREADY_EXISTS:
- logging.critical("failed to add Full Principal Sasl mapping")
- raise e
-@@ -297,7 +297,7 @@ class KrbInstance(service.Service):
- entry.setValues("nsSaslMapFilterTemplate", '(krbPrincipalName=&@%s)' % self.realm)
-
- try:
-- self.admin_conn.add_s(entry)
-+ self.admin_conn.addEntry(entry)
- except ldap.ALREADY_EXISTS:
- logging.critical("failed to add Name Only Sasl mapping")
- raise e
-diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
-index 2fd15d8f8010114914549871fc5d0a228561fe1c..9fcc095b64f1abc121f1960d7c7ec15dbe53821f 100644
---- a/ipaserver/install/service.py
-+++ b/ipaserver/install/service.py
-@@ -287,7 +287,7 @@ class Service(object):
- "enabledService", "startOrder " + str(order))
-
- try:
-- conn.add_s(entry)
-+ conn.addEntry(entry)
- except ldap.ALREADY_EXISTS, e:
- logging.critical("failed to add %s Service startup entry" % name)
- raise e
---
-1.7.7.4
-
diff --git a/freeipa-2.1.4-logging.patch b/freeipa-2.1.4-logging.patch
deleted file mode 100644
index f9f7fb3..0000000
--- a/freeipa-2.1.4-logging.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-From 402867038f8664e88e2d9ca42f2c77a46a0be7ae Mon Sep 17 00:00:00 2001
-From: Martin Kosek <mkosek@redhat.com>
-Date: Mon, 2 Jan 2012 16:49:59 +0100
-Subject: [PATCH 1/3] Make sure that install tools log
-
-When any log message is emitted before IPA install tools logging is
-configured, it may break and leave install tools log empty. This
-happens for example when
-
-ipa-server-install --ip-address=$IP_ADDRESS
-
-is run.
-
-This patch makes sure that logging is right in these cases.
-
-https://fedorahosted.org/freeipa/ticket/2214
----
- install/tools/ipa-ca-install | 1 +
- install/tools/ipa-dns-install | 1 +
- install/tools/ipa-replica-install | 1 +
- install/tools/ipa-server-install | 2 +
- ipaserver/install/installutils.py | 43 +++++++++++++++++++++++++++++++++++++
- 5 files changed, 48 insertions(+), 0 deletions(-)
-
-diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
-index 445b0621419b7aa5b4616e154d9f8193a5d517fb..c813659f34f4471132b83fd4159b69b76f5ce487 100755
---- a/install/tools/ipa-ca-install
-+++ b/install/tools/ipa-ca-install
-@@ -70,6 +70,7 @@ def get_dirman_password():
- return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False)
-
- def main():
-+ installutils.bootstrap_logging()
- safe_options, options, filename = parse_options()
- installutils.standard_logging_setup("/var/log/ipareplica-ca-install.log", options.debug)
- logging.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
-diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
-index d81b6a2e804a815d5bece8426a286e3190f6dee3..25c1bb0cac251d098e3744afd7b7eeab32a3fe6b 100755
---- a/install/tools/ipa-dns-install
-+++ b/install/tools/ipa-dns-install
-@@ -82,6 +82,7 @@ def parse_options():
- return safe_options, options
-
- def main():
-+ bootstrap_logging()
- safe_options, options = parse_options()
-
- if os.getegid() != 0:
-diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
-index dbc736764f38489df15900c4540a381764d0c261..7310d286292f571ef25b57b29d2a213f4bd855a1 100755
---- a/install/tools/ipa-replica-install
-+++ b/install/tools/ipa-replica-install
-@@ -286,6 +286,7 @@ def check_bind():
- sys.exit(1)
-
- def main():
-+ installutils.bootstrap_logging()
- safe_options, options, filename = parse_options()
- installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug)
- logging.debug('%s was invoked with argument "%s" and options: %s' % (sys.argv[0], filename, safe_options))
-diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
-index 8f156e8dde7fbc4cfde00a0f6a2fc8e23403cc73..755f2772780010c62fdc642125107843bef61668 100755
---- a/install/tools/ipa-server-install
-+++ b/install/tools/ipa-server-install
-@@ -562,6 +562,8 @@ def main():
- global installation_cleanup
- ds = None
-
-+ bootstrap_logging()
-+
- safe_options, options = parse_options()
-
- if os.getegid() != 0:
-diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
-index 0a36c354e1d2f901bfdef51c151d035ba8ee64ca..d0f611c611847d02f3d264d669a2e90689f5a87b 100644
---- a/ipaserver/install/installutils.py
-+++ b/ipaserver/install/installutils.py
-@@ -314,7 +314,47 @@ def port_available(port):
-
- return rv
-
-+class BufferingHandler(logging.Handler):
-+ log_queue = []
-+
-+ def __init__(self):
-+ logging.Handler.__init__(self)
-+ self.level = logging.DEBUG
-+
-+ def emit(self, record):
-+ self.log_queue.append(record)
-+
-+ def flush(self):
-+ pass
-+
-+def bootstrap_logging():
-+ """
-+ Bootstrap logging and create special handler which will buffer any log
-+ emitted before standard_logging_setup is called. These will be later
-+ processed when the logging is set up.
-+ """
-+ root_logger = logging.getLogger()
-+ root_logger.setLevel(logging.DEBUG)
-+ root_logger.addHandler(BufferingHandler())
-+
- def standard_logging_setup(log_filename, debug=False, filemode='w'):
-+ """
-+ Set up logging. bootstrap_logging() should be called earlier if there
-+ is a chance that a log is emitted before this setup.
-+ """
-+ root_logger = logging.getLogger()
-+ log_queue = []
-+
-+ if root_logger.handlers:
-+ # Remove any handlers that may have been set and which may cause
-+ # problems with logging in install utils
-+ handler_list = list(logging.getLogger().handlers)
-+
-+ for handler in handler_list:
-+ if isinstance(handler, BufferingHandler):
-+ log_queue.extend(handler.log_queue)
-+ root_logger.removeHandler(handler)
-+
- old_umask = os.umask(077)
- # Always log everything (i.e., DEBUG) to the log
- # file.
-@@ -335,6 +375,9 @@ def standard_logging_setup(log_filename, debug=False, filemode='w'):
- console.setFormatter(formatter)
- logging.getLogger('').addHandler(console)
-
-+ for log_record in log_queue:
-+ root_logger.handle(log_record)
-+
- def get_password(prompt):
- if os.isatty(sys.stdin.fileno()):
- return getpass.getpass(prompt)
---
-1.7.7.5
-
diff --git a/freeipa-2.1.4-replica-install-services.patch b/freeipa-2.1.4-replica-install-services.patch
deleted file mode 100644
index a00895a..0000000
--- a/freeipa-2.1.4-replica-install-services.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From a018ba4013ad18eb75bdfd50887ef12ad2d77972 Mon Sep 17 00:00:00 2001
-From: Martin Kosek <mkosek@redhat.com>
-Date: Wed, 11 Jan 2012 10:07:03 +0100
-Subject: [PATCH 3/3] Prevent service restart failures in ipa-replica-install
-
-Call restart() methods of appropriate services instead of calling
-the system service restart command directly as service() method
-has a capability to wait until the service is fully up. Without
-this patch ipa-replica-install crashed on F-16 because krb5kdc
-service was started before dirsrv service was fully up.
-
-https://fedorahosted.org/freeipa/ticket/2139
----
- install/tools/ipa-replica-install | 21 ++++++++++++++++-----
- 1 files changed, 16 insertions(+), 5 deletions(-)
-
-diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
-index 7310d286292f571ef25b57b29d2a213f4bd855a1..9c637202917fc67da68cea61ebc1b41169bbf2db 100755
---- a/install/tools/ipa-replica-install
-+++ b/install/tools/ipa-replica-install
-@@ -155,6 +155,8 @@ def install_krb(config, setup_pkinit=False):
- ldappwd_filename, kpasswd_filename,
- setup_pkinit, pkcs12_info)
-
-+ return krb
-+
- def install_ca_cert(config):
- cafile = config.dir + "/ca.crt"
- if not ipautil.file_exists(cafile):
-@@ -188,6 +190,8 @@ def install_http(config, auto_redirect):
- print "error copying files: " + str(e)
- sys.exit(1)
-
-+ return http
-+
- def install_bind(config, options):
- api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
- bind_pw=config.dirman_password)
-@@ -442,8 +446,8 @@ def main():
- cs.add_simple_service('dogtagldap/%s@%s' % (config.host_name, config.realm_name))
- cs.add_cert_to_service()
-
-- install_krb(config, setup_pkinit=options.setup_pkinit)
-- install_http(config, auto_redirect=options.ui_redirect)
-+ krb = install_krb(config, setup_pkinit=options.setup_pkinit)
-+ http = install_http(config, auto_redirect=options.ui_redirect)
- if CA:
- CA.import_ra_cert(dir + "/ra.p12")
- CA.fix_ra_perms()
-@@ -457,9 +461,16 @@ def main():
- service.print_msg("Applying LDAP updates")
- ds.apply_updates()
-
-- ipaservices.knownservices.dirsrv.restart()
-- ipaservices.knownservices.krb5kdc.restart()
-- ipaservices.knownservices.httpd.restart()
-+ # Restart ds and krb after configurations have been changed
-+ service.print_msg("Restarting the directory server")
-+ ds.restart()
-+
-+ service.print_msg("Restarting the KDC")
-+ krb.restart()
-+
-+ # Restart httpd to pick up the new IPA configuration
-+ service.print_msg("Restarting the web server")
-+ http.restart()
-
- if options.setup_dns:
- install_bind(config, options)
---
-1.7.7.5
-
diff --git a/freeipa-2.1.4-replication-addentry.patch b/freeipa-2.1.4-replication-addentry.patch
deleted file mode 100644
index 1b89234..0000000
--- a/freeipa-2.1.4-replication-addentry.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From e14b13000890ff13cb9c062e6a32e1e127587bc7 Mon Sep 17 00:00:00 2001
-From: Martin Kosek <mkosek@redhat.com>
-Date: Wed, 11 Jan 2012 10:06:39 +0100
-Subject: [PATCH 2/3] Fix LDAP add calls in replication module
-
-Replace conn.add_s(entry) with conn.addEntry(entry) to avoid
-function calls with an invalid number of parameters.
-
-https://fedorahosted.org/freeipa/ticket/2139
----
- ipaserver/install/replication.py | 22 +++++++++++-----------
- 1 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
-index a6bd7af37bb7c6761841d68ff733276045a7ddab..8f0f226dbacc0ee3b84357c059c91936af034fed 100644
---- a/ipaserver/install/replication.py
-+++ b/ipaserver/install/replication.py
-@@ -225,8 +225,8 @@ class ReplicationManager(object):
- ent.setValues("sn", "replication manager pseudo user")
-
- try:
-- conn.add_s(ent)
-- except ldap.ALREADY_EXISTS:
-+ conn.addEntry(ent)
-+ except errors.DuplicateEntry:
- conn.modify_s(dn, [(ldap.MOD_REPLACE, "userpassword", pw)])
- pass
-
-@@ -275,7 +275,7 @@ class ReplicationManager(object):
- entry.setValues('nsds5replicabinddn', [replica_binddn])
- entry.setValues('nsds5replicalegacyconsumer', "off")
-
-- conn.add_s(entry)
-+ conn.addEntry(entry)
-
- def setup_changelog(self, conn):
- dn = "cn=changelog5, cn=config"
-@@ -285,8 +285,8 @@ class ReplicationManager(object):
- entry.setValues('cn', "changelog5")
- entry.setValues('nsslapd-changelogdir', dirpath)
- try:
-- conn.add_s(entry)
-- except ldap.ALREADY_EXISTS:
-+ conn.addEntry(entry)
-+ except errors.DuplicateEntry:
- return
-
- def setup_chaining_backend(self, conn):
-@@ -308,11 +308,11 @@ class ReplicationManager(object):
- entry.setValues('nsmultiplexorbinddn', self.repl_man_dn)
- entry.setValues('nsmultiplexorcredentials', self.repl_man_passwd)
-
-- self.conn.add_s(entry)
-+ self.conn.addEntry(entry)
- done = True
-- except ldap.ALREADY_EXISTS:
-+ except errors.DuplicateEntry:
- benum += 1
-- except ldap.LDAPError, e:
-+ except errors.ExecutionError, e:
- print "Could not add backend entry " + dn, e
- raise
-
-@@ -376,7 +376,7 @@ class ReplicationManager(object):
- entry.setValues("objectclass", ["account", "simplesecurityobject"])
- entry.setValues("uid", "passsync")
- entry.setValues("userPassword", password)
-- conn.add_s(entry)
-+ conn.addEntry(entry)
-
- # Add it to the list of users allowed to bypass password policy
- extop_dn = "cn=ipa_pwd_extop,cn=plugins,cn=config"
-@@ -470,7 +470,7 @@ class ReplicationManager(object):
- if iswinsync:
- self.setup_winsync_agmt(entry, win_subtree)
-
-- a_conn.add_s(entry)
-+ a_conn.addEntry(entry)
-
- entry = a_conn.waitForEntry(entry)
-
-@@ -746,7 +746,7 @@ class ReplicationManager(object):
- entry.setValues("ipaConfigString", "winsync:%s" % self.hostname)
-
- try:
-- self.conn.add_s(entry)
-+ self.conn.addEntry(entry)
- except Exception, e:
- logging.info("Failed to create public entry for winsync replica")
-
---
-1.7.7.5
-
diff --git a/freeipa-2.1.4-selinux-web-migration-policy.patch b/freeipa-2.1.4-selinux-web-migration-policy.patch
deleted file mode 100644
index 4795631..0000000
--- a/freeipa-2.1.4-selinux-web-migration-policy.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From d214ba7547fdda279fa3fd38129a600979d6213b Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Wed, 21 Dec 2011 14:44:06 +0200
-Subject: [PATCH] Re-enable web password migration on Fedora 16 after SE Linux
- policy restrictions
-
-Web password migration tool uses connection to the LDAPI socket.
-Enable access to the ns-slapd socket.
----
- selinux/ipa_httpd/ipa_httpd.te | 2 ++
- 1 files changed, 2 insertions(+), 0 deletions(-)
-
-diff --git a/selinux/ipa_httpd/ipa_httpd.te b/selinux/ipa_httpd/ipa_httpd.te
-index 65b161fe58cbe64c476fc6abb17b68d741d5d321..64525ba99ad2c455941a937d77ea5cc1af6c68d0 100644
---- a/selinux/ipa_httpd/ipa_httpd.te
-+++ b/selinux/ipa_httpd/ipa_httpd.te
-@@ -7,6 +7,7 @@ require {
- type var_run_t;
- type krb5kdc_t;
- type cert_t;
-+ type dirsrv_t;
- class sock_file write;
- class unix_stream_socket connectto;
- class file write;
-@@ -15,6 +16,7 @@ require {
- # Let Apache, bind and the KDC talk to DS over ldapi
- allow httpd_t var_run_t:sock_file write;
- allow httpd_t initrc_t:unix_stream_socket connectto;
-+allow httpd_t dirsrv_t:unix_stream_socket connectto;
- allow krb5kdc_t var_run_t:sock_file write;
- allow krb5kdc_t initrc_t:unix_stream_socket connectto;
- allow named_t var_run_t:sock_file write;
---
-1.7.8
-
diff --git a/freeipa-2.1.4-slapi-plugins-use-thread-safe-ldap-library.patch b/freeipa-2.1.4-slapi-plugins-use-thread-safe-ldap-library.patch
deleted file mode 100644
index 2e51e09..0000000
--- a/freeipa-2.1.4-slapi-plugins-use-thread-safe-ldap-library.patch
+++ /dev/null
@@ -1,39 +0,0 @@
->From e744b07fe589d36257590f31adf7a5dae3a51f55 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <ssorce@redhat.com>
-Date: Tue, 20 Dec 2011 12:39:34 -0500
-Subject: [PATCH] slapi-plugins: use thread-safe ldap library
-
----
- daemons/configure.ac | 2 +-
- freeipa.spec.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/daemons/configure.ac b/daemons/configure.ac
-index d15a5c70c000a9d83f9ccb6d05851f1400ae4627..9ff858a6b360b011be95ff9aac729a0e837356c2 100644
---- a/daemons/configure.ac
-+++ b/daemons/configure.ac
-@@ -174,7 +174,7 @@ if test "$with_ldap" = "yes"; then
- if test "$with_ldap_lber" = "yes" ; then
- OPENLDAP_LIBS="${OPENLDAP_LIBS} -llber"
- fi
-- OPENLDAP_LIBS="${OPENLDAP_LIBS} -lldap"
-+ OPENLDAP_LIBS="${OPENLDAP_LIBS} -lldap_r"
- else
- AC_MSG_ERROR([OpenLDAP not found])
- fi
-diff --git a/freeipa.spec.in b/freeipa.spec.in
-index 3305fda55a30523d0b86a0fb79ee74f60a544b92..36b68795eec02d11176c2369b50ec6c732925ad1 100644
---- a/freeipa.spec.in
-+++ b/freeipa.spec.in
-@@ -24,7 +24,7 @@ Source0: freeipa-%{version}.tar.gz
- BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
- %if ! %{ONLY_CLIENT}
--BuildRequires: 389-ds-base-devel >= 1.2.9
-+BuildRequires: 389-ds-base-devel >= 1.2.10-0.6.a6
- BuildRequires: svrcore-devel
- BuildRequires: /usr/share/selinux/devel/Makefile
- BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
---
-1.7.7.4
-
diff --git a/freeipa.spec b/freeipa.spec
index 0fb8cbb..6d23c3b 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -11,27 +11,21 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif
%global POLICYCOREUTILSVER 1.33.12-1
%global gettext_domain ipa
+%global VERSION 2.1.90.pre1
Name: freeipa
-Version: 2.1.4
-Release: 5%{?dist}
+Version: 2.1.90
+Release: 0.1%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
License: GPLv3+
URL: http://www.freeipa.org/
-Source0: freeipa-%{version}.tar.gz
-Patch0: freeipa-2.1.4-connection-failure-recovery.patch
-Patch1: freeipa-2.1.4-fix-pylint-f16.patch
-Patch2: freeipa-2.1.4-slapi-plugins-use-thread-safe-ldap-library.patch
-Patch3: freeipa-2.1.4-selinux-web-migration-policy.patch
-Patch4: freeipa-2.1.4-logging.patch
-Patch5: freeipa-2.1.4-replication-addentry.patch
-Patch6: freeipa-2.1.4-replica-install-services.patch
+Source0: freeipa-%{VERSION}.tar.gz
Patch7: freeipa-2.1.4-inifiles-support.patch
Patch8: freeipa-2.1.4-python-ldap-2.4.6-support.patch
Patch9: freeipa-2.1.4-upgrade-systemd.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRoot: %{_tmppath}/%{name}-%{VERSION}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.2.10-0.6.a6
@@ -86,7 +80,7 @@ Requires(pre): 389-ds-base >= 1.2.10-0.8.a7
Requires: openldap-clients
Requires: nss
Requires: nss-tools
-Requires: krb5-server >= 1.9.1-15
+Requires: krb5-server >= 1.10-2
Requires: krb5-server-ldap
Requires: krb5-pkinit-openssl
Requires: cyrus-sasl-gssapi%{?_isa}
@@ -102,9 +96,9 @@ Requires: python-pyasn1 >= 0.0.9a
Requires: systemd-units >= 36-3
Requires(pre): systemd-units
Requires(post): systemd-units
-Requires: selinux-policy >= 3.10.0-31
+Requires: selinux-policy >= 3.10.0-82
Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.21
+Requires: slapi-nis >= 0.36
Requires: pki-ca >= 9.0.17
Requires: pki-silent >= 9.0.17
# Only tomcat6 greater than this version provides proper systemd support
@@ -163,8 +157,8 @@ Requires: krb5-workstation
Requires: authconfig
Requires: pam_krb5
Requires: wget
-Requires: libcurl >= 7.21.7-2
-Requires: xmlrpc-c >= 1.27.4
+Requires: libcurl >= 7.21.7-2
+Requires: xmlrpc-c >= 1.27.4
Requires: sssd >= 1.6.2
Requires: certmonger >= 0.26
Requires: nss-tools
@@ -223,14 +217,7 @@ package.
%prep
-%setup -n freeipa-%{version} -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
+%setup -n freeipa-%{VERSION} -q
%patch7 -p1
%patch8 -p1
%patch9 -p1
@@ -283,6 +270,7 @@ rm %{buildroot}/%{plugin_dir}/libipa_repl_version.la
rm %{buildroot}/%{plugin_dir}/libipa_uuid.la
rm %{buildroot}/%{plugin_dir}/libipa_modrdn.la
rm %{buildroot}/%{plugin_dir}/libipa_lockout.la
+rm %{buildroot}/%{_libdir}/krb5/plugins/kdb/ipadb.la
# Some user-modifiable HTML files are provided. Move these to /etc
# and link back.
@@ -295,8 +283,6 @@ ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
%{buildroot}%{_usr}/share/ipa/html/unauthorized.html
ln -s ../../../..%{_sysconfdir}/ipa/html/browserconfig.html \
%{buildroot}%{_usr}/share/ipa/html/browserconfig.html
-ln -s ../../../..%{_sysconfdir}/ipa/html/hbac-deny-remove.html \
- %{buildroot}%{_usr}/share/ipa/html/hbac-deny-remove.html
ln -s ../../../..%{_sysconfdir}/ipa/html/ipa_error.css \
%{buildroot}%{_usr}/share/ipa/html/ipa_error.css
@@ -305,18 +291,24 @@ mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
+mkdir -p %{buildroot}%{_usr}/share/ipa/html/
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/configure.jar
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/preferences.html
+mkdir -p %{buildroot}%{_initrddir}
# Default to systemd initscripts for F16 and above
mkdir -p %{buildroot}%{_unitdir}
-for i in ipa.service ipa_kpasswd.service ; do
- install -m 644 init/systemd/$i %{buildroot}%{_unitdir}/$i
-done
+install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
mkdir -p %{buildroot}%{_libexecdir}
install -m 755 init/systemd/freeipa-systemd-upgrade %{buildroot}%{_libexecdir}/freeipa-systemd-upgrade
-rm -f %{buildroot}%{_initrddir}/ipa_kpasswd
%endif
mkdir -p %{buildroot}%{_sysconfdir}/ipa/
/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf
+/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
%if ! %{ONLY_CLIENT}
@@ -341,9 +333,13 @@ if [ $1 -gt 1 ] ; then
# after it has been migrated to systemd setup
/usr/libexec/freeipa-systemd-upgrade || :
/usr/sbin/ipa-upgradeconfig || :
- /usr/sbin/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
fi
+%posttrans server
+# This must be run in posttrans so that updates from previous
+# execution that may no longer be shipped are not applied.
+/usr/sbin/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
+
%preun server
if [ $1 = 0 ]; then
# Use systemd scheme
@@ -368,7 +364,7 @@ if [ -s /etc/selinux/config ]; then
fi
%post server-selinux
-semodule -s targeted -i /usr/share/selinux/targeted/ipa_kpasswd.pp /usr/share/selinux/targeted/ipa_httpd.pp /usr/share/selinux/targeted/ipa_dogtag.pp
+semodule -s targeted -i /usr/share/selinux/targeted/ipa_httpd.pp /usr/share/selinux/targeted/ipa_dogtag.pp
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
selinuxenabled
@@ -390,7 +386,7 @@ fi
%postun server-selinux
if [ $1 = 0 ]; then
-semodule -s targeted -r ipa_kpasswd ipa_httpd ipa_dogtag
+semodule -s targeted -r ipa_httpd ipa_dogtag
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
selinuxenabled
@@ -419,14 +415,12 @@ fi
%{_sbindir}/ipa-compat-manage
%{_sbindir}/ipa-nis-manage
%{_sbindir}/ipa-managed-entries
-%{_sbindir}/ipa_kpasswd
%{_sbindir}/ipactl
%{_sbindir}/ipa-upgradeconfig
%{_sbindir}/ipa-compliance
%{_sysconfdir}/cron.d/ipa-compliance
# Use systemd scheme
%attr(644,root,root) %{_unitdir}/ipa.service
-%attr(644,root,root) %{_unitdir}/ipa_kpasswd.service
%{_libexecdir}/freeipa-systemd-upgrade
%dir %{python_sitelib}/ipaserver
%{python_sitelib}/ipaserver/*
@@ -439,7 +433,6 @@ fi
%{_usr}/share/ipa/html/ssbrowser.html
%{_usr}/share/ipa/html/browserconfig.html
%{_usr}/share/ipa/html/unauthorized.html
-%{_usr}/share/ipa/html/hbac-deny-remove.html
%{_usr}/share/ipa/html/ipa_error.css
%dir %{_usr}/share/ipa/migration
%{_usr}/share/ipa/migration/error.html
@@ -449,8 +442,6 @@ fi
%{_usr}/share/ipa/migration/migration.py*
%dir %{_usr}/share/ipa/ui
%{_usr}/share/ipa/ui/index.html
-%{_usr}/share/ipa/ui/*.png
-%{_usr}/share/ipa/ui/*.gif
%{_usr}/share/ipa/ui/*.ico
%{_usr}/share/ipa/ui/*.css
%{_usr}/share/ipa/ui/*.js
@@ -458,19 +449,28 @@ fi
%{_usr}/share/ipa/ui/*.svg
%{_usr}/share/ipa/ui/*.ttf
%{_usr}/share/ipa/ui/*.woff
+%config(noreplace) %{_usr}/share/ipa/ui/extension.js
+%dir %{_usr}/share/ipa/ui/images
+%{_usr}/share/ipa/ui/images/*.png
+%{_usr}/share/ipa/ui/images/*.gif
%dir %{_sysconfdir}/ipa
%dir %{_sysconfdir}/ipa/html
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
%config(noreplace) %{_sysconfdir}/ipa/html/ipa_error.css
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
%config(noreplace) %{_sysconfdir}/ipa/html/browserconfig.html
-%config(noreplace) %{_sysconfdir}/ipa/html/hbac-deny-remove.html
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
%{_usr}/share/ipa/ipa.conf
%{_usr}/share/ipa/ipa-rewrite.conf
%{_usr}/share/ipa/ipa-pki-proxy.conf
+%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/configure.jar
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/preferences.html
%dir %{_usr}/share/ipa/updates/
%{_usr}/share/ipa/updates/*
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
@@ -484,7 +484,7 @@ fi
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
%dir %{_localstatedir}/cache/ipa
%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
-%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
+%attr(755,root,root) %{_libdir}/krb5/plugins/kdb/ipadb.so
%{_mandir}/man1/ipa-replica-conncheck.1.gz
%{_mandir}/man1/ipa-replica-install.1.gz
%{_mandir}/man1/ipa-replica-manage.1.gz
@@ -498,14 +498,13 @@ fi
%{_mandir}/man1/ipa-nis-manage.1.gz
%{_mandir}/man1/ipa-managed-entries.1.gz
%{_mandir}/man1/ipa-ldap-updater.1.gz
-%{_mandir}/man8/ipa_kpasswd.8.gz
%{_mandir}/man8/ipactl.8.gz
+%{_mandir}/man8/ipa-upgradeconfig.8.gz
%{_mandir}/man1/ipa-compliance.1.gz
%files server-selinux
%defattr(-,root,root,-)
%doc COPYING README Contributors.txt
-%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
%{_usr}/share/selinux/targeted/ipa_httpd.pp
%{_usr}/share/selinux/targeted/ipa_dogtag.pp
%endif
@@ -554,8 +553,12 @@ fi
%{python_sitelib}/freeipa-*.egg-info
%{python_sitearch}/python_default_encoding-*.egg-info
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
+%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Mon Feb 06 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.1
+- Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
+
* Wed Feb 01 2012 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-5
- Force to use 389-ds 1.2.10-0.8.a7 or above
- Improve upgrade script to handle systemd 389-ds change
diff --git a/sources b/sources
index 983450e..664d51b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-213047f62f3dfa5d6088fe916356c298 freeipa-2.1.4.tar.gz
+c0d9c3bbc2ba603d14f97098fe11057d freeipa-2.1.90.pre1.tar.gz