rpms/ipa
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream 4.7.1

Browse Source
This commit is contained in:
Rob Crittenden 2018-10-05 15:51:43 -04:00
parent eb63032682
commit c3d08f1176
9 changed files with 25 additions and 698 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -68,3 +68,5 @@
/freeipa-4.6.90.pre2.tar.gz.asc
/freeipa-4.7.0.tar.gz
/freeipa-4.7.0.tar.gz.asc
/freeipa-4.7.1.tar.gz
/freeipa-4.7.1.tar.gz.asc

29
0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch
View File

@ -1,29 +0,0 @@
From f3faecbbb49704c182b310fb43cec9171c08ccf7 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 20 Jul 2018 14:57:26 +0200
Subject: [PATCH] Fix $-style format string in ipa_ldap_init
(util/ipa_ldap.c)
The second argument was not used, but the first one was used twice.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
util/ipa_ldap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/ipa_ldap.c b/util/ipa_ldap.c
index 789ea0d8c..859eaf1bc 100644
--- a/util/ipa_ldap.c
+++ b/util/ipa_ldap.c
@@ -39,7 +39,7 @@ int ipa_ldap_init(LDAP **ld, const char *ldap_uri)
if (ret != LDAP_SUCCESS) {
fprintf(
stderr,
- _("Unable to initialize connection to ldap server %1$s: %1$s\n"),
+ _("Unable to initialize connection to ldap server %1$s: %2$s\n"),
ldap_uri,
ldap_err2string(ret)
);
--
2.17.1

57
0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch
View File

@ -1,57 +0,0 @@
From 4b592fee24bf0180c84036b0db3abccc101b46c3 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 24 Jul 2018 17:18:17 +0200
Subject: [PATCH 1/2] ipaserver/plugins/cert.py: Added reason to raise of
errors.NotFound
In the case that enabledService is not found ipaConfigString kdc entry, a
NotFound error was raised without setting the reason. This resulted in a
traceback.
---
ipaserver/plugins/cert.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 8d43b9f46..a698991b5 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -301,7 +301,7 @@ def ca_kdc_check(api_instance, hostname):
ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']}
if 'enabledservice' not in ipaconfigstring:
- raise errors.NotFound()
+ raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry")
except errors.NotFound:
raise errors.ACIError(
--
2.17.1
From 1a7baa2543cae6f3da1b9d674dbaeefdfc83c37a Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 25 Jul 2018 10:22:59 +0200
Subject: [PATCH 2/2] ipaserver/plugins/cert.py: Make the new reason for
errors.NotFound translatable
Related to: 5545b7f6172b87b0539234a64ea1eaf61c9ee517
---
ipaserver/plugins/cert.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index a698991b5..ffe51597e 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -301,7 +301,8 @@ def ca_kdc_check(api_instance, hostname):
ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']}
if 'enabledservice' not in ipaconfigstring:
- raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry")
+ raise errors.NotFound(
+ reason=_("enabledService not in ipaConfigString kdc entry"))
except errors.NotFound:
raise errors.ACIError(
--
2.17.1

63
0003-freeipa-4.7.0-restore_SELinux_context.patch
View File

@ -1,63 +0,0 @@
commit f7516979241ed80a48250784051a82457e2df7aa
Author: Thomas Woerner <twoerner@redhat.com>
Date: Thu Aug 2 11:22:55 2018 +0200
httpinstance: Restore SELinux context of session_dir /etc/httpd/alias
The session directory /etc/httpd/alias/ could be created with the wrong
SELinux context. Therefore httpd was not able to write to this directory.
Fixes: https://pagure.io/freeipa/issue/7662
Related-to: 49b4a057f1b0459331bcec2c8d760627d00e4571 (Create missing
/etc/httpd/alias for ipasession.key)
Reviewed-By: Christian Heimes <cheimes@redhat.com>
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 62b563fb2..1b1e7a03d 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -183,6 +183,9 @@ class HTTPInstance(service.Service):
os.makedirs(session_dir)
# Must be world-readable / executable
os.chmod(session_dir, 0o755)
+ # Restore SELinux context of session_dir /etc/httpd/alias, see
+ # https://pagure.io/freeipa/issue/7662
+ tasks.restore_context(session_dir)
target_fname = paths.HTTPD_IPA_CONF
http_txt = ipautil.template_file(
commit 354d7297e8e0d97da22c0469ab96f30fdfc4a1ea
Author: Thomas Woerner <twoerner@redhat.com>
Date: Thu Aug 2 11:32:05 2018 +0200
ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X
The template directory /var/log/dirsrv/slapd-X could be created with the
wrong SELinux context.
Related to: https://pagure.io/freeipa/issue/7662
Reviewed-By: Christian Heimes <cheimes@redhat.com>
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 48b95ed18..1916d3063 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -607,10 +607,13 @@ class Restore(admintool.AdminTool):
logger.info("Waiting for LDIF to finish")
wait_for_task(conn, dn)
else:
+ template_dir = paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance
try:
- os.makedirs(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance)
+ os.makedirs(template_dir)
except OSError as e:
pass
+ # Restore SELinux context of template_dir
+ tasks.restore_context(template_dir)
args = [paths.LDIF2DB,
'-Z', instance,

23
0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch
View File

@ -1,23 +0,0 @@
commit 90203fb044f4e51f341781cf64a9b30c1337d2a9
Author: Michal Reznik <mreznik@redhat.com>
Date: Fri Aug 31 09:49:15 2018 +0200
Add "389-ds-base-legacy-tools" to requires.
"389-ds-base-legacy-tools" needs to be added to requires until
the switch to python installer is completed.
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 02881b494..cffbccd72 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -329,6 +329,7 @@ Requires: python2-ipaserver = %{version}-%{release}
Requires: python2-ldap >= %{python_ldap_version}
%endif
Requires: 389-ds-base >= %{ds_version}
+Requires: 389-ds-base-legacy-tools >= %{ds_version}
Requires: openldap-clients > 2.4.35-4
Requires: nss >= %{nss_version}
Requires: nss-tools >= %{nss_version}

454
0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch
View File

@ -1,454 +0,0 @@
commit b8528da5a8e8cf4fdeabb77022cb511043544e9f
Author: Christian Heimes <cheimes@redhat.com>
Date: Wed Aug 29 12:43:03 2018 +0200
Refactor os-release and platform information
Move the /etc/os-release parser and platform detection code out of the
private _importhook module. The ipaplatform module now contains an
osinfo module that provides distribution, os, and vendor information.
See: https://www.freedesktop.org/software/systemd/man/os-release.html
See: https://pagure.io/freeipa/issue/7661
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
diff --git a/ipaplatform/__init__.py b/ipaplatform/__init__.py
index 06397fda1..1c22346b0 100644
--- a/ipaplatform/__init__.py
+++ b/ipaplatform/__init__.py
@@ -8,4 +8,4 @@ ignore.
"""
__import__('pkg_resources').declare_namespace(__name__)
-NAME = None # initialized by IpaMetaImporter
+NAME = None # initialized by ipaplatform.osinfo
diff --git a/ipaplatform/_importhook.py b/ipaplatform/_importhook.py
index 77c4e0d87..3f84e81fd 100644
--- a/ipaplatform/_importhook.py
+++ b/ipaplatform/_importhook.py
@@ -3,46 +3,14 @@
#
from __future__ import absolute_import
-"""Meta import hook for ipaplatform.
-
-Known Linux distros with /etc/os-release
-----------------------------------------
-
-- alpine
-- centos (like rhel, fedora)
-- debian
-- fedora
-- rhel
-- ubuntu (like debian)
-"""
import importlib
-import io
-import re
import sys
-import warnings
-
-
-import ipaplatform
-try:
- from ipaplatform.override import OVERRIDE
-except ImportError:
- OVERRIDE = None
-
-_osrelease_line = re.compile(
- u"^(?!#)(?P<name>[a-zA-Z0-9_]+)="
- u"(?P<quote>[\"\']?)(?P<value>.+)(?P=quote)$"
-)
+from ipaplatform.osinfo import osinfo
class IpaMetaImporter(object):
- """Meta import hook and platform detector.
-
- The meta import hook uses /etc/os-release to auto-detects the best
- matching ipaplatform provider. It is compatible with external namespace
- packages, too.
- """
modules = {
'ipaplatform.constants',
'ipaplatform.paths',
@@ -50,80 +18,8 @@ class IpaMetaImporter(object):
'ipaplatform.tasks'
}
- bsd_family = (
- 'freebsd',
- 'openbsd',
- 'netbsd',
- 'dragonfly',
- 'gnukfreebsd'
- )
-
- def __init__(self, override=OVERRIDE):
- self.override = override
- self.platform_ids = self._get_platform_ids(self.override)
- self.platform = self._get_platform(self.platform_ids)
-
- def _get_platform_ids(self, override):
- platforms = []
- # allow RPM and Debian packages to override platform
- if override is not None:
- platforms.append(override)
-
- if sys.platform.startswith('linux'):
- # Linux, get distribution from /etc/os-release
- try:
- platforms.extend(self._parse_platform())
- except Exception as e:
- warnings.warn("Failed to read /etc/os-release: {}".format(e))
- elif sys.platform == 'win32':
- # Windows 32 or 64bit platform
- platforms.append('win32')
- elif sys.platform == 'darwin':
- # macOS
- platforms.append('macos')
- elif sys.platform.startswith(self.bsd_family):
- # BSD family, look for e.g. ['freebsd10', 'freebsd']
- platforms.append(sys.platform)
- simple = sys.platform.rstrip('0123456789')
- if simple != sys.platform:
- platforms.append(simple)
-
- if not platforms:
- raise ValueError("Unsupported platform: {}".format(sys.platform))
-
- return platforms
-
- def parse_osrelease(self, filename='/etc/os-release'):
- release = {}
- with io.open(filename, encoding='utf-8') as f:
- for line in f:
- mo = _osrelease_line.match(line)
- if mo is not None:
- release[mo.group('name')] = mo.group('value')
- return release
-
- def _parse_platform(self, filename='/etc/os-release'):
- release = self.parse_osrelease(filename)
- platforms = [
- release['ID'],
- ]
- if "ID_LIKE" in release:
- platforms.extend(
- v.strip() for v in release['ID_LIKE'].split(' ') if v.strip()
- )
-
- return platforms
-
- def _get_platform(self, platform_ids):
- for platform in platform_ids:
- try:
- importlib.import_module('ipaplatform.{}'.format(platform))
- except ImportError:
- pass
- else:
- return platform
- raise ImportError('No ipaplatform available for "{}"'.format(
- ', '.join(platform_ids)))
+ def __init__(self, platform):
+ self.platform = platform
def find_module(self, fullname, path=None):
"""Meta importer hook"""
@@ -148,8 +44,7 @@ class IpaMetaImporter(object):
return platform_mod
-metaimporter = IpaMetaImporter()
+metaimporter = IpaMetaImporter(osinfo.platform)
sys.meta_path.insert(0, metaimporter)
fixup_module = metaimporter.load_module
-ipaplatform.NAME = metaimporter.platform
diff --git a/ipaplatform/osinfo.py b/ipaplatform/osinfo.py
new file mode 100644
index 000000000..a38165d01
--- /dev/null
+++ b/ipaplatform/osinfo.py
@@ -0,0 +1,214 @@
+#
+# Copyright (C) 2018 FreeIPA Contributors see COPYING for license
+#
+"""Distribution information
+
+Known Linux distros with /etc/os-release
+----------------------------------------
+
+- alpine
+- centos (like rhel, fedora)
+- debian
+- fedora
+- rhel
+- ubuntu (like debian)
+"""
+from __future__ import absolute_import
+
+import importlib
+import io
+import re
+import sys
+import warnings
+
+import six
+
+import ipaplatform
+try:
+ from ipaplatform.override import OVERRIDE
+except ImportError:
+ OVERRIDE = None
+
+
+# pylint: disable=no-name-in-module, import-error
+if six.PY3:
+ from collections.abc import Mapping
+else:
+ from collections import Mapping
+# pylint: enable=no-name-in-module, import-error
+
+_osrelease_line = re.compile(
+ u"^(?!#)(?P<name>[a-zA-Z0-9_]+)="
+ u"(?P<quote>[\"\']?)(?P<value>.+)(?P=quote)$"
+)
+
+
+def _parse_osrelease(filename='/etc/os-release'):
+ """Parser for /etc/os-release for Linux distributions
+
+ https://www.freedesktop.org/software/systemd/man/os-release.html
+ """
+ release = {}
+ with io.open(filename, encoding='utf-8') as f:
+ for line in f:
+ mo = _osrelease_line.match(line)
+ if mo is not None:
+ release[mo.group('name')] = mo.group('value')
+ if 'ID_LIKE' in release:
+ release['ID_LIKE'] = tuple(
+ v.strip()
+ for v in release['ID_LIKE'].split(' ')
+ if v.strip()
+ )
+ else:
+ release["ID_LIKE"] = ()
+ # defaults
+ release.setdefault('NAME', 'Linux')
+ release.setdefault('ID', 'linux')
+ release.setdefault('VERSION', '')
+ release.setdefault('VERSION_ID', '')
+ return release
+
+
+class OSInfo(Mapping):
+ __slots__ = ('_info', '_platform')
+
+ bsd_family = (
+ 'freebsd',
+ 'openbsd',
+ 'netbsd',
+ 'dragonfly',
+ 'gnukfreebsd'
+ )
+
+ def __init__(self):
+ if sys.platform.startswith('linux'):
+ # Linux, get distribution from /etc/os-release
+ info = self._handle_linux()
+ elif sys.platform == 'win32':
+ info = self._handle_win32()
+ elif sys.platform == 'darwin':
+ info = self._handle_darwin()
+ elif sys.platform.startswith(self.bsd_family):
+ info = self._handle_bsd()
+ else:
+ raise ValueError("Unsupported platform: {}".format(sys.platform))
+ self._info = info
+ self._platform = None
+
+ def _handle_linux(self):
+ """Detect Linux distribution from /etc/os-release
+ """
+ try:
+ return _parse_osrelease()
+ except Exception as e:
+ warnings.warn("Failed to read /etc/os-release: {}".format(e))
+ return {
+ 'NAME': 'Linux',
+ 'ID': 'linux',
+ }
+
+ def _handle_win32(self):
+ """Windows 32 or 64bit platform
+ """
+ return {
+ 'NAME': 'Windows',
+ 'ID': 'win32',
+ }
+
+ def _handle_darwin(self):
+ """Handle macOS / Darwin platform
+ """
+ return {
+ 'NAME': 'macOS',
+ 'ID': 'macos',
+ }
+
+ def _handle_bsd(self):
+ """Handle BSD-like platforms
+ """
+ platform = sys.platform
+ simple = platform.rstrip('0123456789')
+ id_like = []
+ if simple != platform:
+ id_like.append(simple)
+ return {
+ 'NAME': platform,
+ 'ID': platform,
+ 'ID_LIKE': tuple(id_like),
+ }
+
+ def __getitem__(self, item):
+ return self._info[item]
+
+ def __iter__(self):
+ return iter(self._info)
+
+ def __len__(self):
+ return len(self._info)
+
+ @property
+ def name(self):
+ """OS name (user)
+ """
+ return self._info['NAME']
+
+ @property
+ def id(self):
+ """Lower case OS identifier
+ """
+ return self._info['ID']
+
+ @property
+ def id_like(self):
+ """Related / similar OS
+ """
+ return self._info.get('ID_LIKE', ())
+
+ @property
+ def version(self):
+ """Version number and name of OS (for user)
+ """
+ return self._info.get('VERSION')
+
+ @property
+ def version_id(self):
+ """Version identifier
+ """
+ return self._info.get('VERSION_ID')
+
+ @property
+ def platform_ids(self):
+ """Ordered tuple of detected platforms (including override)
+ """
+ platforms = []
+ if OVERRIDE is not None:
+ # allow RPM and Debian packages to override platform
+ platforms.append(OVERRIDE)
+ if OVERRIDE != self.id:
+ platforms.append(self.id)
+ platforms.extend(self.id_like)
+ return tuple(platforms)
+
+ @property
+ def platform(self):
+ if self._platform is not None:
+ return self._platform
+ for platform in self.platform_ids:
+ try:
+ importlib.import_module('ipaplatform.{}'.format(platform))
+ except ImportError:
+ pass
+ else:
+ self._platform = platform
+ return platform
+ raise ImportError('No ipaplatform available for "{}"'.format(
+ ', '.join(self.platform_ids)))
+
+
+osinfo = OSInfo()
+ipaplatform.NAME = osinfo.platform
+
+if __name__ == '__main__':
+ import pprint
+ pprint.pprint(dict(osinfo))
diff --git a/ipatests/test_ipaplatform/test_importhook.py b/ipatests/test_ipaplatform/test_importhook.py
index c7d2626d6..eeb351ba7 100644
--- a/ipatests/test_ipaplatform/test_importhook.py
+++ b/ipatests/test_ipaplatform/test_importhook.py
@@ -13,6 +13,7 @@ import ipaplatform.paths
import ipaplatform.services
import ipaplatform.tasks
from ipaplatform._importhook import metaimporter
+from ipaplatform.osinfo import osinfo, _parse_osrelease
try:
from ipaplatform.override import OVERRIDE
except ImportError:
@@ -26,8 +27,8 @@ DATA = os.path.join(HERE, 'data')
@pytest.mark.skipif(OVERRIDE is None,
reason='test requires override')
def test_override():
- assert OVERRIDE == metaimporter.platform_ids[0]
- assert OVERRIDE == metaimporter.platform
+ assert OVERRIDE == osinfo.platform_ids[0]
+ assert OVERRIDE == osinfo.platform
@pytest.mark.parametrize('mod, name', [
@@ -46,11 +47,12 @@ def test_importhook(mod, name):
assert mod.__dict__ == sys.modules[override].__dict__
-@pytest.mark.parametrize('filename, expected_platforms', [
- (os.path.join(DATA, 'os-release-centos'), ['centos', 'rhel', 'fedora']),
- (os.path.join(DATA, 'os-release-fedora'), ['fedora']),
- (os.path.join(DATA, 'os-release-ubuntu'), ['ubuntu', 'debian']),
+@pytest.mark.parametrize('filename, id_, id_like', [
+ (os.path.join(DATA, 'os-release-centos'), 'centos', ('rhel', 'fedora')),
+ (os.path.join(DATA, 'os-release-fedora'), 'fedora', ()),
+ (os.path.join(DATA, 'os-release-ubuntu'), 'ubuntu', ('debian',)),
])
-def test_parse_os_release(filename, expected_platforms):
- parsed = metaimporter._parse_platform(filename)
- assert parsed == expected_platforms
+def test_parse_os_release(filename, id_, id_like):
+ parsed = _parse_osrelease(filename)
+ assert parsed['ID'] == id_
+ assert parsed['ID_LIKE'] == id_like
diff --git a/ipatests/test_ipapython/test_certdb.py b/ipatests/test_ipapython/test_certdb.py
index 42edfb5a9..42d48d51a 100644
--- a/ipatests/test_ipapython/test_certdb.py
+++ b/ipatests/test_ipapython/test_certdb.py
@@ -5,13 +5,12 @@ import os
import pytest
from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
-from ipaplatform._importhook import metaimporter
+from ipaplatform.osinfo import osinfo
-OSRELEASE = metaimporter.parse_osrelease()
CERTNICK = 'testcert'
-if OSRELEASE['ID'] == 'fedora':
- if int(OSRELEASE['VERSION_ID']) >= 28:
+if osinfo.id == 'fedora':
+ if int(osinfo.version_id) >= 28:
NSS_DEFAULT = 'sql'
else:
NSS_DEFAULT = 'dbm'

42
0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch
View File

@ -1,42 +0,0 @@
commit 1c03181e78b8f43e7bfd32e52c5b9d161c326fd6
Author: Christian Heimes <cheimes@redhat.com>
Date: Wed Aug 29 12:58:12 2018 +0200
Don't check for systemd service
ipaplatform no longer checks for the presence of a systemd service file
to detect the name of the domainname service. Instead it uses osinfo's
version to use the old name on Fedora 28 and the new name on Fedora 29.
This fixes a SELinux violation that prevented httpd from listing systemd
service files.
Fixes: https://pagure.io/freeipa/issue/7661
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py
index 09ba2e826..5ff64f1cd 100644
--- a/ipaplatform/fedora/services.py
+++ b/ipaplatform/fedora/services.py
@@ -24,8 +24,7 @@ Contains Fedora-specific service class implementations.
from __future__ import absolute_import
-import os
-
+from ipaplatform.osinfo import osinfo
from ipaplatform.redhat import services as redhat_services
# Mappings from service names as FreeIPA code references to these services
@@ -35,9 +34,7 @@ fedora_system_units = redhat_services.redhat_system_units.copy()
# Fedora 28 and earlier have fedora-domainname.service. Starting from
# Fedora 29, the service is called nis-domainname.service as defined in
# ipaplatform.redhat.services.
-HAS_FEDORA_DOMAINNAME_SERVICE = os.path.isfile(
- "/usr/lib/systemd/system/fedora-domainname.service"
-)
+HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28
if HAS_FEDORA_DOMAINNAME_SERVICE:
fedora_system_units['domainname'] = 'fedora-domainname.service'

49
freeipa.spec
View File

@ -100,14 +100,18 @@
%endif # Fedora
# Require Dogtag PKI 10.6.1 with Python 3 and SQL NSSDB fixes for external
# CA support, https://bugzilla.redhat.com/show_bug.cgi?id=1573094
%global pki_version 10.6.1
# Require Dogtag PKI 10.6.6 to detect when fips is available,
# https://pagure.io/freeipa/issue/7608
%global pki_version 10.6.6
# NSS release with fix for CKA_LABEL import bug in shared SQL database.
# https://bugzilla.redhat.com/show_bug.cgi?id=1568271
%global nss_version 3.36.1-1.1
# One-Way Trust authenticated by trust secret
# https://bugzilla.redhat.com/show_bug.cgi?id=1345975#c20
%global sssd_version 1.16.3-2
%define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
%global plugin_dir %{_libdir}/dirsrv/plugins
@ -118,7 +122,7 @@
# Work-around fact that RPM SPEC parser does not accept
# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
%define IPA_VERSION 4.7.0
%define IPA_VERSION 4.7.1
%define AT_SIGN @
# redefine IPA_VERSION only if its value matches the Autoconf placeholder
%if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"
@ -127,7 +131,7 @@
Name: %{package_name}
Version: %{IPA_VERSION}
Release: 5%{?dist}
Release: 1%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@ -135,14 +139,8 @@ License: GPLv3+
URL: http://www.freeipa.org/
Source0: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc
Patch0001: 0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch
Patch0002: 0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch
# For the timestamp trick in patch application
BuildRequires: diffstat
Patch0003: 0003-freeipa-4.7.0-restore_SELinux_context.patch
Patch0004: 0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch
Patch0005: 0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch
Patch0006: 0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openldap-devel
@ -184,8 +182,7 @@ BuildRequires: libtevent-devel
BuildRequires: libuuid-devel
BuildRequires: libsss_idmap-devel
BuildRequires: libsss_certmap-devel
# 1.15.3: sss_nss_getlistbycert (https://pagure.io/SSSD/sssd/issue/3050)
BuildRequires: libsss_nss_idmap-devel >= 1.15.3
BuildRequires: libsss_nss_idmap-devel >= %{sssd_version}
BuildRequires: nodejs
BuildRequires: uglify-js
BuildRequires: libverto-devel
@ -308,7 +305,7 @@ BuildRequires: python3-samba
BuildRequires: python3-six
BuildRequires: python3-sss
BuildRequires: python3-sss-murmur
BuildRequires: python3-sssdconfig
BuildRequires: python3-sssdconfig >= %{sssd_version}
BuildRequires: python3-systemd
BuildRequires: python3-yubico
%endif # with_lint
@ -404,8 +401,7 @@ Requires: gzip
Requires: oddjob
# 0.7.0-2: https://pagure.io/gssproxy/pull-request/172
Requires: gssproxy >= 0.7.0-2
# 1.15.2: FindByNameAndCertificate (https://pagure.io/SSSD/sssd/issue/3050)
Requires: sssd-dbus >= 1.15.2
Requires: sssd-dbus >= %{sssd_version}
Provides: %{alt_name}-server = %{version}
Conflicts: %{alt_name}-server
@ -488,7 +484,7 @@ Requires: python3-kdcproxy >= 0.3
Requires: python3-lxml
Requires: python3-pki >= %{pki_version}
Requires: python3-pyasn1 >= 0.3.2-2
Requires: python3-sssdconfig
Requires: python3-sssdconfig >= %{sssd_version}
Requires: rpm-libs
%description -n python3-ipaserver
@ -598,7 +594,7 @@ Requires: %{name}-common = %{version}-%{release}
Requires: python3-gssapi >= 1.2.0-5
Requires: python3-ipaclient = %{version}-%{release}
Requires: python3-ldap >= %{python_ldap_version}
Requires: python3-sssdconfig
Requires: python3-sssdconfig >= %{sssd_version}
%else
Requires: python2-gssapi >= 1.2.0-5
Requires: python2-ipaclient = %{version}-%{release}
@ -618,7 +614,7 @@ Requires: initscripts
%endif
Requires: libcurl >= 7.21.7-2
Requires: xmlrpc-c >= 1.27.4
Requires: sssd >= 1.14.0
Requires: sssd-ipa >= %{sssd_version}
Requires: certmonger >= 0.79.5-1
Requires: nss-tools >= %{nss_version}
Requires: bind-utils
@ -627,7 +623,7 @@ Requires: libsss_autofs
Requires: autofs
Requires: libnfsidmap
Requires: nfs-utils
Requires: sssd-tools
Requires: sssd-tools >= %{sssd_version}
Requires(post): policycoreutils
Provides: %{alt_name}-client = %{version}
@ -925,7 +921,7 @@ Requires: python3-polib
Requires: python3-pytest >= 2.6
Requires: python3-pytest-multihost >= 0.5
Requires: python3-pytest-sourceorder
Requires: python3-sssdconfig
Requires: python3-sssdconfig >= %{sssd_version}
Requires: tar
Requires: xz
@ -1001,8 +997,7 @@ find \
-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
aclocal --force
autoconf --force
autoreconf -ivf
%configure --with-vendor-suffix=-%{release} \
%{enable_server_option} \
%{with_ipatests_option} \
@ -1342,7 +1337,6 @@ fi
%{_sbindir}/ipa-server-install
%{_sbindir}/ipa-replica-conncheck
%{_sbindir}/ipa-replica-install
%{_sbindir}/ipa-replica-prepare
%{_sbindir}/ipa-replica-manage
%{_sbindir}/ipa-csreplica-manage
%{_sbindir}/ipa-server-certinstall
@ -1398,7 +1392,6 @@ fi
%{_mandir}/man1/ipa-replica-install.1*
%{_mandir}/man1/ipa-replica-manage.1*
%{_mandir}/man1/ipa-csreplica-manage.1*
%{_mandir}/man1/ipa-replica-prepare.1*
%{_mandir}/man1/ipa-server-certinstall.1*
%{_mandir}/man1/ipa-server-install.1*
%{_mandir}/man1/ipa-server-upgrade.1*
@ -1460,9 +1453,7 @@ fi
%{_usr}/share/ipa/html/ssbrowser.html
%{_usr}/share/ipa/html/unauthorized.html
%dir %{_usr}/share/ipa/migration
%{_usr}/share/ipa/migration/error.html
%{_usr}/share/ipa/migration/index.html
%{_usr}/share/ipa/migration/invalid.html
%{_usr}/share/ipa/migration/migration.py*
%dir %{_usr}/share/ipa/ui
%{_usr}/share/ipa/ui/index.html
@ -1470,7 +1461,6 @@ fi
%{_usr}/share/ipa/ui/sync_otp.html
%{_usr}/share/ipa/ui/*.ico
%{_usr}/share/ipa/ui/*.css
%{_usr}/share/ipa/ui/*.js
%dir %{_usr}/share/ipa/ui/css
%{_usr}/share/ipa/ui/css/*.css
%dir %{_usr}/share/ipa/ui/js
@ -1742,6 +1732,9 @@ fi
%changelog
* Fri Oct 5 2018 Rob Crittenden <rcritten@redhat.com> - 4.7.1-1
- Update to upstream 4.7.1
* Tue Sep 25 2018 Christian Heimes <cheimes@redhat.com> - 4.7.0-5
- Remove Python 2 support from Fedora 30
- https://fedoraproject.org/wiki/Changes/FreeIPA_Python_2_Removal

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (freeipa-4.7.0.tar.gz) = 1c564fca34339e6991edf29f731633467a4aa3f8dd0e763fa2f87fe5992e0697bb9f5686a455b778ce7722487278c4040e8a83be7078a2f6724a45c0761b9b5d
SHA512 (freeipa-4.7.0.tar.gz.asc) = 7d6a224cc564bd96fa5bd4b89e4996b3b761348424d8719e2aea422371c53a5151c045666a7333d3ef081a3384a5c649096c1555f69312b66a38f14722b69725
SHA512 (freeipa-4.7.1.tar.gz) = 6fab1f1ad7e110e4edbca0a7cfda63e650b0cceb345d9c5c1bc5a0ba235bb242ecf4060b28daa77ac15d1298a6d61c465ea790ba2668162ce1c2ed64077e09c9
SHA512 (freeipa-4.7.1.tar.gz.asc) = 88c71297dcf4cf1bd7df8b6e3194297ebdf8a3e92bc982a27c7e517cd41fec02c9d7a97d5cc9d6b659ca7311a659e98c8d12ded1e7cdc023c38ad1494595c3e6