From c3d08f1176fff93322c26452edf636eb1813e5c5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 5 Oct 2018 15:51:43 -0400 Subject: [PATCH] Update to upstream 4.7.1 --- .gitignore | 2 + ...-string-in-ipa_ldap_init-util-ipa_ld.patch | 29 -- ...s-cert.py-Added-reason-to-raise-of-e.patch | 57 --- ...reeipa-4.7.0-restore_SELinux_context.patch | 63 --- ....0-389-ds-base-legacy-tools-requires.patch | 23 - ...-os-release-and-platform-information.patch | 454 ------------------ ....7.0-Don-t-check-for-systemd-service.patch | 42 -- freeipa.spec | 49 +- sources | 4 +- 9 files changed, 25 insertions(+), 698 deletions(-) delete mode 100644 0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch delete mode 100644 0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch delete mode 100644 0003-freeipa-4.7.0-restore_SELinux_context.patch delete mode 100644 0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch delete mode 100644 0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch delete mode 100644 0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch diff --git a/.gitignore b/.gitignore index bab9048..f2e22ff 100644 --- a/.gitignore +++ b/.gitignore @@ -68,3 +68,5 @@ /freeipa-4.6.90.pre2.tar.gz.asc /freeipa-4.7.0.tar.gz /freeipa-4.7.0.tar.gz.asc +/freeipa-4.7.1.tar.gz +/freeipa-4.7.1.tar.gz.asc diff --git a/0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch b/0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch deleted file mode 100644 index 7476139..0000000 --- a/0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f3faecbbb49704c182b310fb43cec9171c08ccf7 Mon Sep 17 00:00:00 2001 -From: Thomas Woerner -Date: Fri, 20 Jul 2018 14:57:26 +0200 -Subject: [PATCH] Fix $-style format string in ipa_ldap_init - (util/ipa_ldap.c) - -The second argument was not used, but the first one was used twice. - -Reviewed-By: Rob Crittenden ---- - util/ipa_ldap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/ipa_ldap.c b/util/ipa_ldap.c -index 789ea0d8c..859eaf1bc 100644 ---- a/util/ipa_ldap.c -+++ b/util/ipa_ldap.c -@@ -39,7 +39,7 @@ int ipa_ldap_init(LDAP **ld, const char *ldap_uri) - if (ret != LDAP_SUCCESS) { - fprintf( - stderr, -- _("Unable to initialize connection to ldap server %1$s: %1$s\n"), -+ _("Unable to initialize connection to ldap server %1$s: %2$s\n"), - ldap_uri, - ldap_err2string(ret) - ); --- -2.17.1 - diff --git a/0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch b/0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch deleted file mode 100644 index 37b49c5..0000000 --- a/0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 4b592fee24bf0180c84036b0db3abccc101b46c3 Mon Sep 17 00:00:00 2001 -From: Thomas Woerner -Date: Tue, 24 Jul 2018 17:18:17 +0200 -Subject: [PATCH 1/2] ipaserver/plugins/cert.py: Added reason to raise of - errors.NotFound - -In the case that enabledService is not found ipaConfigString kdc entry, a -NotFound error was raised without setting the reason. This resulted in a -traceback. ---- - ipaserver/plugins/cert.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py -index 8d43b9f46..a698991b5 100644 ---- a/ipaserver/plugins/cert.py -+++ b/ipaserver/plugins/cert.py -@@ -301,7 +301,7 @@ def ca_kdc_check(api_instance, hostname): - ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']} - - if 'enabledservice' not in ipaconfigstring: -- raise errors.NotFound() -+ raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry") - - except errors.NotFound: - raise errors.ACIError( --- -2.17.1 - -From 1a7baa2543cae6f3da1b9d674dbaeefdfc83c37a Mon Sep 17 00:00:00 2001 -From: Thomas Woerner -Date: Wed, 25 Jul 2018 10:22:59 +0200 -Subject: [PATCH 2/2] ipaserver/plugins/cert.py: Make the new reason for - errors.NotFound translatable - -Related to: 5545b7f6172b87b0539234a64ea1eaf61c9ee517 ---- - ipaserver/plugins/cert.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py -index a698991b5..ffe51597e 100644 ---- a/ipaserver/plugins/cert.py -+++ b/ipaserver/plugins/cert.py -@@ -301,7 +301,8 @@ def ca_kdc_check(api_instance, hostname): - ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']} - - if 'enabledservice' not in ipaconfigstring: -- raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry") -+ raise errors.NotFound( -+ reason=_("enabledService not in ipaConfigString kdc entry")) - - except errors.NotFound: - raise errors.ACIError( --- -2.17.1 - diff --git a/0003-freeipa-4.7.0-restore_SELinux_context.patch b/0003-freeipa-4.7.0-restore_SELinux_context.patch deleted file mode 100644 index 6a44a21..0000000 --- a/0003-freeipa-4.7.0-restore_SELinux_context.patch +++ /dev/null @@ -1,63 +0,0 @@ -commit f7516979241ed80a48250784051a82457e2df7aa -Author: Thomas Woerner -Date: Thu Aug 2 11:22:55 2018 +0200 - - httpinstance: Restore SELinux context of session_dir /etc/httpd/alias - - The session directory /etc/httpd/alias/ could be created with the wrong - SELinux context. Therefore httpd was not able to write to this directory. - - Fixes: https://pagure.io/freeipa/issue/7662 - - Related-to: 49b4a057f1b0459331bcec2c8d760627d00e4571 (Create missing - /etc/httpd/alias for ipasession.key) - - Reviewed-By: Christian Heimes - -diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py -index 62b563fb2..1b1e7a03d 100644 ---- a/ipaserver/install/httpinstance.py -+++ b/ipaserver/install/httpinstance.py -@@ -183,6 +183,9 @@ class HTTPInstance(service.Service): - os.makedirs(session_dir) - # Must be world-readable / executable - os.chmod(session_dir, 0o755) -+ # Restore SELinux context of session_dir /etc/httpd/alias, see -+ # https://pagure.io/freeipa/issue/7662 -+ tasks.restore_context(session_dir) - - target_fname = paths.HTTPD_IPA_CONF - http_txt = ipautil.template_file( - -commit 354d7297e8e0d97da22c0469ab96f30fdfc4a1ea -Author: Thomas Woerner -Date: Thu Aug 2 11:32:05 2018 +0200 - - ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X - - The template directory /var/log/dirsrv/slapd-X could be created with the - wrong SELinux context. - - Related to: https://pagure.io/freeipa/issue/7662 - - Reviewed-By: Christian Heimes - -diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py -index 48b95ed18..1916d3063 100644 ---- a/ipaserver/install/ipa_restore.py -+++ b/ipaserver/install/ipa_restore.py -@@ -607,10 +607,13 @@ class Restore(admintool.AdminTool): - logger.info("Waiting for LDIF to finish") - wait_for_task(conn, dn) - else: -+ template_dir = paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance - try: -- os.makedirs(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance) -+ os.makedirs(template_dir) - except OSError as e: - pass -+ # Restore SELinux context of template_dir -+ tasks.restore_context(template_dir) - - args = [paths.LDIF2DB, - '-Z', instance, diff --git a/0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch b/0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch deleted file mode 100644 index cfc1a29..0000000 --- a/0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit 90203fb044f4e51f341781cf64a9b30c1337d2a9 -Author: Michal Reznik -Date: Fri Aug 31 09:49:15 2018 +0200 - - Add "389-ds-base-legacy-tools" to requires. - - "389-ds-base-legacy-tools" needs to be added to requires until - the switch to python installer is completed. - - Reviewed-By: Tibor Dudlak - -diff --git a/freeipa.spec.in b/freeipa.spec.in -index 02881b494..cffbccd72 100644 ---- a/freeipa.spec.in -+++ b/freeipa.spec.in -@@ -329,6 +329,7 @@ Requires: python2-ipaserver = %{version}-%{release} - Requires: python2-ldap >= %{python_ldap_version} - %endif - Requires: 389-ds-base >= %{ds_version} -+Requires: 389-ds-base-legacy-tools >= %{ds_version} - Requires: openldap-clients > 2.4.35-4 - Requires: nss >= %{nss_version} - Requires: nss-tools >= %{nss_version} diff --git a/0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch b/0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch deleted file mode 100644 index 27a9e2b..0000000 --- a/0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch +++ /dev/null @@ -1,454 +0,0 @@ -commit b8528da5a8e8cf4fdeabb77022cb511043544e9f -Author: Christian Heimes -Date: Wed Aug 29 12:43:03 2018 +0200 - - Refactor os-release and platform information - - Move the /etc/os-release parser and platform detection code out of the - private _importhook module. The ipaplatform module now contains an - osinfo module that provides distribution, os, and vendor information. - - See: https://www.freedesktop.org/software/systemd/man/os-release.html - See: https://pagure.io/freeipa/issue/7661 - Signed-off-by: Christian Heimes - Reviewed-By: Rob Crittenden - -diff --git a/ipaplatform/__init__.py b/ipaplatform/__init__.py -index 06397fda1..1c22346b0 100644 ---- a/ipaplatform/__init__.py -+++ b/ipaplatform/__init__.py -@@ -8,4 +8,4 @@ ignore. - """ - __import__('pkg_resources').declare_namespace(__name__) - --NAME = None # initialized by IpaMetaImporter -+NAME = None # initialized by ipaplatform.osinfo -diff --git a/ipaplatform/_importhook.py b/ipaplatform/_importhook.py -index 77c4e0d87..3f84e81fd 100644 ---- a/ipaplatform/_importhook.py -+++ b/ipaplatform/_importhook.py -@@ -3,46 +3,14 @@ - # - from __future__ import absolute_import - --"""Meta import hook for ipaplatform. -- --Known Linux distros with /etc/os-release ------------------------------------------ -- --- alpine --- centos (like rhel, fedora) --- debian --- fedora --- rhel --- ubuntu (like debian) --""" - - import importlib --import io --import re - import sys --import warnings -- -- --import ipaplatform --try: -- from ipaplatform.override import OVERRIDE --except ImportError: -- OVERRIDE = None - -- --_osrelease_line = re.compile( -- u"^(?!#)(?P[a-zA-Z0-9_]+)=" -- u"(?P[\"\']?)(?P.+)(?P=quote)$" --) -+from ipaplatform.osinfo import osinfo - - - class IpaMetaImporter(object): -- """Meta import hook and platform detector. -- -- The meta import hook uses /etc/os-release to auto-detects the best -- matching ipaplatform provider. It is compatible with external namespace -- packages, too. -- """ - modules = { - 'ipaplatform.constants', - 'ipaplatform.paths', -@@ -50,80 +18,8 @@ class IpaMetaImporter(object): - 'ipaplatform.tasks' - } - -- bsd_family = ( -- 'freebsd', -- 'openbsd', -- 'netbsd', -- 'dragonfly', -- 'gnukfreebsd' -- ) -- -- def __init__(self, override=OVERRIDE): -- self.override = override -- self.platform_ids = self._get_platform_ids(self.override) -- self.platform = self._get_platform(self.platform_ids) -- -- def _get_platform_ids(self, override): -- platforms = [] -- # allow RPM and Debian packages to override platform -- if override is not None: -- platforms.append(override) -- -- if sys.platform.startswith('linux'): -- # Linux, get distribution from /etc/os-release -- try: -- platforms.extend(self._parse_platform()) -- except Exception as e: -- warnings.warn("Failed to read /etc/os-release: {}".format(e)) -- elif sys.platform == 'win32': -- # Windows 32 or 64bit platform -- platforms.append('win32') -- elif sys.platform == 'darwin': -- # macOS -- platforms.append('macos') -- elif sys.platform.startswith(self.bsd_family): -- # BSD family, look for e.g. ['freebsd10', 'freebsd'] -- platforms.append(sys.platform) -- simple = sys.platform.rstrip('0123456789') -- if simple != sys.platform: -- platforms.append(simple) -- -- if not platforms: -- raise ValueError("Unsupported platform: {}".format(sys.platform)) -- -- return platforms -- -- def parse_osrelease(self, filename='/etc/os-release'): -- release = {} -- with io.open(filename, encoding='utf-8') as f: -- for line in f: -- mo = _osrelease_line.match(line) -- if mo is not None: -- release[mo.group('name')] = mo.group('value') -- return release -- -- def _parse_platform(self, filename='/etc/os-release'): -- release = self.parse_osrelease(filename) -- platforms = [ -- release['ID'], -- ] -- if "ID_LIKE" in release: -- platforms.extend( -- v.strip() for v in release['ID_LIKE'].split(' ') if v.strip() -- ) -- -- return platforms -- -- def _get_platform(self, platform_ids): -- for platform in platform_ids: -- try: -- importlib.import_module('ipaplatform.{}'.format(platform)) -- except ImportError: -- pass -- else: -- return platform -- raise ImportError('No ipaplatform available for "{}"'.format( -- ', '.join(platform_ids))) -+ def __init__(self, platform): -+ self.platform = platform - - def find_module(self, fullname, path=None): - """Meta importer hook""" -@@ -148,8 +44,7 @@ class IpaMetaImporter(object): - return platform_mod - - --metaimporter = IpaMetaImporter() -+metaimporter = IpaMetaImporter(osinfo.platform) - sys.meta_path.insert(0, metaimporter) - - fixup_module = metaimporter.load_module --ipaplatform.NAME = metaimporter.platform -diff --git a/ipaplatform/osinfo.py b/ipaplatform/osinfo.py -new file mode 100644 -index 000000000..a38165d01 ---- /dev/null -+++ b/ipaplatform/osinfo.py -@@ -0,0 +1,214 @@ -+# -+# Copyright (C) 2018 FreeIPA Contributors see COPYING for license -+# -+"""Distribution information -+ -+Known Linux distros with /etc/os-release -+---------------------------------------- -+ -+- alpine -+- centos (like rhel, fedora) -+- debian -+- fedora -+- rhel -+- ubuntu (like debian) -+""" -+from __future__ import absolute_import -+ -+import importlib -+import io -+import re -+import sys -+import warnings -+ -+import six -+ -+import ipaplatform -+try: -+ from ipaplatform.override import OVERRIDE -+except ImportError: -+ OVERRIDE = None -+ -+ -+# pylint: disable=no-name-in-module, import-error -+if six.PY3: -+ from collections.abc import Mapping -+else: -+ from collections import Mapping -+# pylint: enable=no-name-in-module, import-error -+ -+_osrelease_line = re.compile( -+ u"^(?!#)(?P[a-zA-Z0-9_]+)=" -+ u"(?P[\"\']?)(?P.+)(?P=quote)$" -+) -+ -+ -+def _parse_osrelease(filename='/etc/os-release'): -+ """Parser for /etc/os-release for Linux distributions -+ -+ https://www.freedesktop.org/software/systemd/man/os-release.html -+ """ -+ release = {} -+ with io.open(filename, encoding='utf-8') as f: -+ for line in f: -+ mo = _osrelease_line.match(line) -+ if mo is not None: -+ release[mo.group('name')] = mo.group('value') -+ if 'ID_LIKE' in release: -+ release['ID_LIKE'] = tuple( -+ v.strip() -+ for v in release['ID_LIKE'].split(' ') -+ if v.strip() -+ ) -+ else: -+ release["ID_LIKE"] = () -+ # defaults -+ release.setdefault('NAME', 'Linux') -+ release.setdefault('ID', 'linux') -+ release.setdefault('VERSION', '') -+ release.setdefault('VERSION_ID', '') -+ return release -+ -+ -+class OSInfo(Mapping): -+ __slots__ = ('_info', '_platform') -+ -+ bsd_family = ( -+ 'freebsd', -+ 'openbsd', -+ 'netbsd', -+ 'dragonfly', -+ 'gnukfreebsd' -+ ) -+ -+ def __init__(self): -+ if sys.platform.startswith('linux'): -+ # Linux, get distribution from /etc/os-release -+ info = self._handle_linux() -+ elif sys.platform == 'win32': -+ info = self._handle_win32() -+ elif sys.platform == 'darwin': -+ info = self._handle_darwin() -+ elif sys.platform.startswith(self.bsd_family): -+ info = self._handle_bsd() -+ else: -+ raise ValueError("Unsupported platform: {}".format(sys.platform)) -+ self._info = info -+ self._platform = None -+ -+ def _handle_linux(self): -+ """Detect Linux distribution from /etc/os-release -+ """ -+ try: -+ return _parse_osrelease() -+ except Exception as e: -+ warnings.warn("Failed to read /etc/os-release: {}".format(e)) -+ return { -+ 'NAME': 'Linux', -+ 'ID': 'linux', -+ } -+ -+ def _handle_win32(self): -+ """Windows 32 or 64bit platform -+ """ -+ return { -+ 'NAME': 'Windows', -+ 'ID': 'win32', -+ } -+ -+ def _handle_darwin(self): -+ """Handle macOS / Darwin platform -+ """ -+ return { -+ 'NAME': 'macOS', -+ 'ID': 'macos', -+ } -+ -+ def _handle_bsd(self): -+ """Handle BSD-like platforms -+ """ -+ platform = sys.platform -+ simple = platform.rstrip('0123456789') -+ id_like = [] -+ if simple != platform: -+ id_like.append(simple) -+ return { -+ 'NAME': platform, -+ 'ID': platform, -+ 'ID_LIKE': tuple(id_like), -+ } -+ -+ def __getitem__(self, item): -+ return self._info[item] -+ -+ def __iter__(self): -+ return iter(self._info) -+ -+ def __len__(self): -+ return len(self._info) -+ -+ @property -+ def name(self): -+ """OS name (user) -+ """ -+ return self._info['NAME'] -+ -+ @property -+ def id(self): -+ """Lower case OS identifier -+ """ -+ return self._info['ID'] -+ -+ @property -+ def id_like(self): -+ """Related / similar OS -+ """ -+ return self._info.get('ID_LIKE', ()) -+ -+ @property -+ def version(self): -+ """Version number and name of OS (for user) -+ """ -+ return self._info.get('VERSION') -+ -+ @property -+ def version_id(self): -+ """Version identifier -+ """ -+ return self._info.get('VERSION_ID') -+ -+ @property -+ def platform_ids(self): -+ """Ordered tuple of detected platforms (including override) -+ """ -+ platforms = [] -+ if OVERRIDE is not None: -+ # allow RPM and Debian packages to override platform -+ platforms.append(OVERRIDE) -+ if OVERRIDE != self.id: -+ platforms.append(self.id) -+ platforms.extend(self.id_like) -+ return tuple(platforms) -+ -+ @property -+ def platform(self): -+ if self._platform is not None: -+ return self._platform -+ for platform in self.platform_ids: -+ try: -+ importlib.import_module('ipaplatform.{}'.format(platform)) -+ except ImportError: -+ pass -+ else: -+ self._platform = platform -+ return platform -+ raise ImportError('No ipaplatform available for "{}"'.format( -+ ', '.join(self.platform_ids))) -+ -+ -+osinfo = OSInfo() -+ipaplatform.NAME = osinfo.platform -+ -+if __name__ == '__main__': -+ import pprint -+ pprint.pprint(dict(osinfo)) -diff --git a/ipatests/test_ipaplatform/test_importhook.py b/ipatests/test_ipaplatform/test_importhook.py -index c7d2626d6..eeb351ba7 100644 ---- a/ipatests/test_ipaplatform/test_importhook.py -+++ b/ipatests/test_ipaplatform/test_importhook.py -@@ -13,6 +13,7 @@ import ipaplatform.paths - import ipaplatform.services - import ipaplatform.tasks - from ipaplatform._importhook import metaimporter -+from ipaplatform.osinfo import osinfo, _parse_osrelease - try: - from ipaplatform.override import OVERRIDE - except ImportError: -@@ -26,8 +27,8 @@ DATA = os.path.join(HERE, 'data') - @pytest.mark.skipif(OVERRIDE is None, - reason='test requires override') - def test_override(): -- assert OVERRIDE == metaimporter.platform_ids[0] -- assert OVERRIDE == metaimporter.platform -+ assert OVERRIDE == osinfo.platform_ids[0] -+ assert OVERRIDE == osinfo.platform - - - @pytest.mark.parametrize('mod, name', [ -@@ -46,11 +47,12 @@ def test_importhook(mod, name): - assert mod.__dict__ == sys.modules[override].__dict__ - - --@pytest.mark.parametrize('filename, expected_platforms', [ -- (os.path.join(DATA, 'os-release-centos'), ['centos', 'rhel', 'fedora']), -- (os.path.join(DATA, 'os-release-fedora'), ['fedora']), -- (os.path.join(DATA, 'os-release-ubuntu'), ['ubuntu', 'debian']), -+@pytest.mark.parametrize('filename, id_, id_like', [ -+ (os.path.join(DATA, 'os-release-centos'), 'centos', ('rhel', 'fedora')), -+ (os.path.join(DATA, 'os-release-fedora'), 'fedora', ()), -+ (os.path.join(DATA, 'os-release-ubuntu'), 'ubuntu', ('debian',)), - ]) --def test_parse_os_release(filename, expected_platforms): -- parsed = metaimporter._parse_platform(filename) -- assert parsed == expected_platforms -+def test_parse_os_release(filename, id_, id_like): -+ parsed = _parse_osrelease(filename) -+ assert parsed['ID'] == id_ -+ assert parsed['ID_LIKE'] == id_like -diff --git a/ipatests/test_ipapython/test_certdb.py b/ipatests/test_ipapython/test_certdb.py -index 42edfb5a9..42d48d51a 100644 ---- a/ipatests/test_ipapython/test_certdb.py -+++ b/ipatests/test_ipapython/test_certdb.py -@@ -5,13 +5,12 @@ import os - import pytest - - from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS --from ipaplatform._importhook import metaimporter -+from ipaplatform.osinfo import osinfo - --OSRELEASE = metaimporter.parse_osrelease() - CERTNICK = 'testcert' - --if OSRELEASE['ID'] == 'fedora': -- if int(OSRELEASE['VERSION_ID']) >= 28: -+if osinfo.id == 'fedora': -+ if int(osinfo.version_id) >= 28: - NSS_DEFAULT = 'sql' - else: - NSS_DEFAULT = 'dbm' diff --git a/0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch b/0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch deleted file mode 100644 index 7369d9d..0000000 --- a/0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch +++ /dev/null @@ -1,42 +0,0 @@ -commit 1c03181e78b8f43e7bfd32e52c5b9d161c326fd6 -Author: Christian Heimes -Date: Wed Aug 29 12:58:12 2018 +0200 - - Don't check for systemd service - - ipaplatform no longer checks for the presence of a systemd service file - to detect the name of the domainname service. Instead it uses osinfo's - version to use the old name on Fedora 28 and the new name on Fedora 29. - - This fixes a SELinux violation that prevented httpd from listing systemd - service files. - - Fixes: https://pagure.io/freeipa/issue/7661 - Signed-off-by: Christian Heimes - Reviewed-By: Rob Crittenden - -diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py -index 09ba2e826..5ff64f1cd 100644 ---- a/ipaplatform/fedora/services.py -+++ b/ipaplatform/fedora/services.py -@@ -24,8 +24,7 @@ Contains Fedora-specific service class implementations. - - from __future__ import absolute_import - --import os -- -+from ipaplatform.osinfo import osinfo - from ipaplatform.redhat import services as redhat_services - - # Mappings from service names as FreeIPA code references to these services -@@ -35,9 +34,7 @@ fedora_system_units = redhat_services.redhat_system_units.copy() - # Fedora 28 and earlier have fedora-domainname.service. Starting from - # Fedora 29, the service is called nis-domainname.service as defined in - # ipaplatform.redhat.services. --HAS_FEDORA_DOMAINNAME_SERVICE = os.path.isfile( -- "/usr/lib/systemd/system/fedora-domainname.service" --) -+HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28 - - if HAS_FEDORA_DOMAINNAME_SERVICE: - fedora_system_units['domainname'] = 'fedora-domainname.service' diff --git a/freeipa.spec b/freeipa.spec index 6d68cc3..2d12304 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -100,14 +100,18 @@ %endif # Fedora -# Require Dogtag PKI 10.6.1 with Python 3 and SQL NSSDB fixes for external -# CA support, https://bugzilla.redhat.com/show_bug.cgi?id=1573094 -%global pki_version 10.6.1 +# Require Dogtag PKI 10.6.6 to detect when fips is available, +# https://pagure.io/freeipa/issue/7608 +%global pki_version 10.6.6 # NSS release with fix for CKA_LABEL import bug in shared SQL database. # https://bugzilla.redhat.com/show_bug.cgi?id=1568271 %global nss_version 3.36.1-1.1 +# One-Way Trust authenticated by trust secret +# https://bugzilla.redhat.com/show_bug.cgi?id=1345975#c20 +%global sssd_version 1.16.3-2 + %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+') %global plugin_dir %{_libdir}/dirsrv/plugins @@ -118,7 +122,7 @@ # Work-around fact that RPM SPEC parser does not accept # "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement -%define IPA_VERSION 4.7.0 +%define IPA_VERSION 4.7.1 %define AT_SIGN @ # redefine IPA_VERSION only if its value matches the Autoconf placeholder %if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}" @@ -127,7 +131,7 @@ Name: %{package_name} Version: %{IPA_VERSION} -Release: 5%{?dist} +Release: 1%{?dist} Summary: The Identity, Policy and Audit system Group: System Environment/Base @@ -135,14 +139,8 @@ License: GPLv3+ URL: http://www.freeipa.org/ Source0: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc -Patch0001: 0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch -Patch0002: 0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch # For the timestamp trick in patch application BuildRequires: diffstat -Patch0003: 0003-freeipa-4.7.0-restore_SELinux_context.patch -Patch0004: 0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch -Patch0005: 0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch -Patch0006: 0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openldap-devel @@ -184,8 +182,7 @@ BuildRequires: libtevent-devel BuildRequires: libuuid-devel BuildRequires: libsss_idmap-devel BuildRequires: libsss_certmap-devel -# 1.15.3: sss_nss_getlistbycert (https://pagure.io/SSSD/sssd/issue/3050) -BuildRequires: libsss_nss_idmap-devel >= 1.15.3 +BuildRequires: libsss_nss_idmap-devel >= %{sssd_version} BuildRequires: nodejs BuildRequires: uglify-js BuildRequires: libverto-devel @@ -308,7 +305,7 @@ BuildRequires: python3-samba BuildRequires: python3-six BuildRequires: python3-sss BuildRequires: python3-sss-murmur -BuildRequires: python3-sssdconfig +BuildRequires: python3-sssdconfig >= %{sssd_version} BuildRequires: python3-systemd BuildRequires: python3-yubico %endif # with_lint @@ -404,8 +401,7 @@ Requires: gzip Requires: oddjob # 0.7.0-2: https://pagure.io/gssproxy/pull-request/172 Requires: gssproxy >= 0.7.0-2 -# 1.15.2: FindByNameAndCertificate (https://pagure.io/SSSD/sssd/issue/3050) -Requires: sssd-dbus >= 1.15.2 +Requires: sssd-dbus >= %{sssd_version} Provides: %{alt_name}-server = %{version} Conflicts: %{alt_name}-server @@ -488,7 +484,7 @@ Requires: python3-kdcproxy >= 0.3 Requires: python3-lxml Requires: python3-pki >= %{pki_version} Requires: python3-pyasn1 >= 0.3.2-2 -Requires: python3-sssdconfig +Requires: python3-sssdconfig >= %{sssd_version} Requires: rpm-libs %description -n python3-ipaserver @@ -598,7 +594,7 @@ Requires: %{name}-common = %{version}-%{release} Requires: python3-gssapi >= 1.2.0-5 Requires: python3-ipaclient = %{version}-%{release} Requires: python3-ldap >= %{python_ldap_version} -Requires: python3-sssdconfig +Requires: python3-sssdconfig >= %{sssd_version} %else Requires: python2-gssapi >= 1.2.0-5 Requires: python2-ipaclient = %{version}-%{release} @@ -618,7 +614,7 @@ Requires: initscripts %endif Requires: libcurl >= 7.21.7-2 Requires: xmlrpc-c >= 1.27.4 -Requires: sssd >= 1.14.0 +Requires: sssd-ipa >= %{sssd_version} Requires: certmonger >= 0.79.5-1 Requires: nss-tools >= %{nss_version} Requires: bind-utils @@ -627,7 +623,7 @@ Requires: libsss_autofs Requires: autofs Requires: libnfsidmap Requires: nfs-utils -Requires: sssd-tools +Requires: sssd-tools >= %{sssd_version} Requires(post): policycoreutils Provides: %{alt_name}-client = %{version} @@ -925,7 +921,7 @@ Requires: python3-polib Requires: python3-pytest >= 2.6 Requires: python3-pytest-multihost >= 0.5 Requires: python3-pytest-sourceorder -Requires: python3-sssdconfig +Requires: python3-sssdconfig >= %{sssd_version} Requires: tar Requires: xz @@ -1001,8 +997,7 @@ find \ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \; -aclocal --force -autoconf --force +autoreconf -ivf %configure --with-vendor-suffix=-%{release} \ %{enable_server_option} \ %{with_ipatests_option} \ @@ -1342,7 +1337,6 @@ fi %{_sbindir}/ipa-server-install %{_sbindir}/ipa-replica-conncheck %{_sbindir}/ipa-replica-install -%{_sbindir}/ipa-replica-prepare %{_sbindir}/ipa-replica-manage %{_sbindir}/ipa-csreplica-manage %{_sbindir}/ipa-server-certinstall @@ -1398,7 +1392,6 @@ fi %{_mandir}/man1/ipa-replica-install.1* %{_mandir}/man1/ipa-replica-manage.1* %{_mandir}/man1/ipa-csreplica-manage.1* -%{_mandir}/man1/ipa-replica-prepare.1* %{_mandir}/man1/ipa-server-certinstall.1* %{_mandir}/man1/ipa-server-install.1* %{_mandir}/man1/ipa-server-upgrade.1* @@ -1460,9 +1453,7 @@ fi %{_usr}/share/ipa/html/ssbrowser.html %{_usr}/share/ipa/html/unauthorized.html %dir %{_usr}/share/ipa/migration -%{_usr}/share/ipa/migration/error.html %{_usr}/share/ipa/migration/index.html -%{_usr}/share/ipa/migration/invalid.html %{_usr}/share/ipa/migration/migration.py* %dir %{_usr}/share/ipa/ui %{_usr}/share/ipa/ui/index.html @@ -1470,7 +1461,6 @@ fi %{_usr}/share/ipa/ui/sync_otp.html %{_usr}/share/ipa/ui/*.ico %{_usr}/share/ipa/ui/*.css -%{_usr}/share/ipa/ui/*.js %dir %{_usr}/share/ipa/ui/css %{_usr}/share/ipa/ui/css/*.css %dir %{_usr}/share/ipa/ui/js @@ -1742,6 +1732,9 @@ fi %changelog +* Fri Oct 5 2018 Rob Crittenden - 4.7.1-1 +- Update to upstream 4.7.1 + * Tue Sep 25 2018 Christian Heimes - 4.7.0-5 - Remove Python 2 support from Fedora 30 - https://fedoraproject.org/wiki/Changes/FreeIPA_Python_2_Removal diff --git a/sources b/sources index 0b20b1e..43b2696 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (freeipa-4.7.0.tar.gz) = 1c564fca34339e6991edf29f731633467a4aa3f8dd0e763fa2f87fe5992e0697bb9f5686a455b778ce7722487278c4040e8a83be7078a2f6724a45c0761b9b5d -SHA512 (freeipa-4.7.0.tar.gz.asc) = 7d6a224cc564bd96fa5bd4b89e4996b3b761348424d8719e2aea422371c53a5151c045666a7333d3ef081a3384a5c649096c1555f69312b66a38f14722b69725 +SHA512 (freeipa-4.7.1.tar.gz) = 6fab1f1ad7e110e4edbca0a7cfda63e650b0cceb345d9c5c1bc5a0ba235bb242ecf4060b28daa77ac15d1298a6d61c465ea790ba2668162ce1c2ed64077e09c9 +SHA512 (freeipa-4.7.1.tar.gz.asc) = 88c71297dcf4cf1bd7df8b6e3194297ebdf8a3e92bc982a27c7e517cd41fec02c9d7a97d5cc9d6b659ca7311a659e98c8d12ded1e7cdc023c38ad1494595c3e6