Update to upstream 4.7.1

.gitignore

@@ -68,3 +68,5 @@
 /freeipa-4.6.90.pre2.tar.gz.asc
 /freeipa-4.7.0.tar.gz
 /freeipa-4.7.0.tar.gz.asc
+/freeipa-4.7.1.tar.gz
+/freeipa-4.7.1.tar.gz.asc

0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch

@@ -1,29 +0,0 @@
-From f3faecbbb49704c182b310fb43cec9171c08ccf7 Mon Sep 17 00:00:00 2001
-From: Thomas Woerner <twoerner@redhat.com>
-Date: Fri, 20 Jul 2018 14:57:26 +0200
-Subject: [PATCH] Fix $-style format string in ipa_ldap_init
- (util/ipa_ldap.c)
-
-The second argument was not used, but the first one was used twice.
-
-Reviewed-By: Rob Crittenden <rcritten@redhat.com>
----
- util/ipa_ldap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/ipa_ldap.c b/util/ipa_ldap.c
-index 789ea0d8c..859eaf1bc 100644
---- a/util/ipa_ldap.c
-+++ b/util/ipa_ldap.c
-@@ -39,7 +39,7 @@ int ipa_ldap_init(LDAP **ld, const char *ldap_uri)
-     if (ret != LDAP_SUCCESS) {
-         fprintf(
-             stderr,
--            _("Unable to initialize connection to ldap server %1$s: %1$s\n"),
-+            _("Unable to initialize connection to ldap server %1$s: %2$s\n"),
-             ldap_uri,
-             ldap_err2string(ret)
-         );
--- 
-2.17.1
-

0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch

@@ -1,57 +0,0 @@
-From 4b592fee24bf0180c84036b0db3abccc101b46c3 Mon Sep 17 00:00:00 2001
-From: Thomas Woerner <twoerner@redhat.com>
-Date: Tue, 24 Jul 2018 17:18:17 +0200
-Subject: [PATCH 1/2] ipaserver/plugins/cert.py: Added reason to raise of
- errors.NotFound
-
-In the case that enabledService is not found ipaConfigString kdc entry, a
-NotFound error was raised without setting the reason. This resulted in a
-traceback.
----
- ipaserver/plugins/cert.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
-index 8d43b9f46..a698991b5 100644
---- a/ipaserver/plugins/cert.py
-+++ b/ipaserver/plugins/cert.py
-@@ -301,7 +301,7 @@ def ca_kdc_check(api_instance, hostname):
-         ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']}
- 
-         if 'enabledservice' not in ipaconfigstring:
--            raise errors.NotFound()
-+            raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry")
- 
-     except errors.NotFound:
-         raise errors.ACIError(
--- 
-2.17.1
-
-From 1a7baa2543cae6f3da1b9d674dbaeefdfc83c37a Mon Sep 17 00:00:00 2001
-From: Thomas Woerner <twoerner@redhat.com>
-Date: Wed, 25 Jul 2018 10:22:59 +0200
-Subject: [PATCH 2/2] ipaserver/plugins/cert.py: Make the new reason for
- errors.NotFound translatable
-
-Related to: 5545b7f6172b87b0539234a64ea1eaf61c9ee517
----
- ipaserver/plugins/cert.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
-index a698991b5..ffe51597e 100644
---- a/ipaserver/plugins/cert.py
-+++ b/ipaserver/plugins/cert.py
-@@ -301,7 +301,8 @@ def ca_kdc_check(api_instance, hostname):
-         ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']}
- 
-         if 'enabledservice' not in ipaconfigstring:
--            raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry")
-+            raise errors.NotFound(
-+                reason=_("enabledService not in ipaConfigString kdc entry"))
- 
-     except errors.NotFound:
-         raise errors.ACIError(
--- 
-2.17.1
-

0003-freeipa-4.7.0-restore_SELinux_context.patch

@@ -1,63 +0,0 @@
-commit f7516979241ed80a48250784051a82457e2df7aa
-Author: Thomas Woerner <twoerner@redhat.com>
-Date:   Thu Aug 2 11:22:55 2018 +0200
-
-    httpinstance: Restore SELinux context of session_dir /etc/httpd/alias
-    
-    The session directory /etc/httpd/alias/ could be created with the wrong
-    SELinux context. Therefore httpd was not able to write to this directory.
-    
-    Fixes: https://pagure.io/freeipa/issue/7662
-    
-    Related-to: 49b4a057f1b0459331bcec2c8d760627d00e4571 (Create missing
-                /etc/httpd/alias for ipasession.key)
-    
-    Reviewed-By: Christian Heimes <cheimes@redhat.com>
-
-diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
-index 62b563fb2..1b1e7a03d 100644
---- a/ipaserver/install/httpinstance.py
-+++ b/ipaserver/install/httpinstance.py
-@@ -183,6 +183,9 @@ class HTTPInstance(service.Service):
-             os.makedirs(session_dir)
-         # Must be world-readable / executable
-         os.chmod(session_dir, 0o755)
-+        # Restore SELinux context of session_dir /etc/httpd/alias, see
-+        # https://pagure.io/freeipa/issue/7662
-+        tasks.restore_context(session_dir)
- 
-         target_fname = paths.HTTPD_IPA_CONF
-         http_txt = ipautil.template_file(
-
-commit 354d7297e8e0d97da22c0469ab96f30fdfc4a1ea
-Author: Thomas Woerner <twoerner@redhat.com>
-Date:   Thu Aug 2 11:32:05 2018 +0200
-
-    ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X
-    
-    The template directory /var/log/dirsrv/slapd-X could be created with the
-    wrong SELinux context.
-    
-    Related to: https://pagure.io/freeipa/issue/7662
-    
-    Reviewed-By: Christian Heimes <cheimes@redhat.com>
-
-diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
-index 48b95ed18..1916d3063 100644
---- a/ipaserver/install/ipa_restore.py
-+++ b/ipaserver/install/ipa_restore.py
-@@ -607,10 +607,13 @@ class Restore(admintool.AdminTool):
-             logger.info("Waiting for LDIF to finish")
-             wait_for_task(conn, dn)
-         else:
-+            template_dir = paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance
-             try:
--                os.makedirs(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance)
-+                os.makedirs(template_dir)
-             except OSError as e:
-                 pass
-+            # Restore SELinux context of template_dir
-+            tasks.restore_context(template_dir)
- 
-             args = [paths.LDIF2DB,
-                     '-Z', instance,

0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch

@@ -1,23 +0,0 @@
-commit 90203fb044f4e51f341781cf64a9b30c1337d2a9
-Author: Michal Reznik <mreznik@redhat.com>
-Date:   Fri Aug 31 09:49:15 2018 +0200
-
-    Add "389-ds-base-legacy-tools" to requires.
-    
-    "389-ds-base-legacy-tools" needs to be added to requires until
-    the switch to python installer is completed.
-    
-    Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
-
-diff --git a/freeipa.spec.in b/freeipa.spec.in
-index 02881b494..cffbccd72 100644
---- a/freeipa.spec.in
-+++ b/freeipa.spec.in
-@@ -329,6 +329,7 @@ Requires: python2-ipaserver = %{version}-%{release}
- Requires: python2-ldap >= %{python_ldap_version}
- %endif
- Requires: 389-ds-base >= %{ds_version}
-+Requires: 389-ds-base-legacy-tools >= %{ds_version}
- Requires: openldap-clients > 2.4.35-4
- Requires: nss >= %{nss_version}
- Requires: nss-tools >= %{nss_version}

0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch

@@ -1,454 +0,0 @@
-commit b8528da5a8e8cf4fdeabb77022cb511043544e9f
-Author: Christian Heimes <cheimes@redhat.com>
-Date:   Wed Aug 29 12:43:03 2018 +0200
-
-    Refactor os-release and platform information
-    
-    Move the /etc/os-release parser and platform detection code out of the
-    private _importhook module. The ipaplatform module now contains an
-    osinfo module that provides distribution, os, and vendor information.
-    
-    See: https://www.freedesktop.org/software/systemd/man/os-release.html
-    See: https://pagure.io/freeipa/issue/7661
-    Signed-off-by: Christian Heimes <cheimes@redhat.com>
-    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
-
-diff --git a/ipaplatform/__init__.py b/ipaplatform/__init__.py
-index 06397fda1..1c22346b0 100644
---- a/ipaplatform/__init__.py
-+++ b/ipaplatform/__init__.py
-@@ -8,4 +8,4 @@ ignore.
- """
- __import__('pkg_resources').declare_namespace(__name__)
- 
--NAME = None  # initialized by IpaMetaImporter
-+NAME = None  # initialized by ipaplatform.osinfo
-diff --git a/ipaplatform/_importhook.py b/ipaplatform/_importhook.py
-index 77c4e0d87..3f84e81fd 100644
---- a/ipaplatform/_importhook.py
-+++ b/ipaplatform/_importhook.py
-@@ -3,46 +3,14 @@
- #
- from __future__ import absolute_import
- 
--"""Meta import hook for ipaplatform.
--
--Known Linux distros with /etc/os-release
------------------------------------------
--
--- alpine
--- centos (like rhel, fedora)
--- debian
--- fedora
--- rhel
--- ubuntu (like debian)
--"""
- 
- import importlib
--import io
--import re
- import sys
--import warnings
--
--
--import ipaplatform
--try:
--    from ipaplatform.override import OVERRIDE
--except ImportError:
--    OVERRIDE = None
- 
--
--_osrelease_line = re.compile(
--    u"^(?!#)(?P<name>[a-zA-Z0-9_]+)="
--    u"(?P<quote>[\"\']?)(?P<value>.+)(?P=quote)$"
--)
-+from ipaplatform.osinfo import osinfo
- 
- 
- class IpaMetaImporter(object):
--    """Meta import hook and platform detector.
--
--    The meta import hook uses /etc/os-release to auto-detects the best
--    matching ipaplatform provider. It is compatible with external namespace
--    packages, too.
--    """
-     modules = {
-         'ipaplatform.constants',
-         'ipaplatform.paths',
-@@ -50,80 +18,8 @@ class IpaMetaImporter(object):
-         'ipaplatform.tasks'
-     }
- 
--    bsd_family = (
--        'freebsd',
--        'openbsd',
--        'netbsd',
--        'dragonfly',
--        'gnukfreebsd'
--    )
--
--    def __init__(self, override=OVERRIDE):
--        self.override = override
--        self.platform_ids = self._get_platform_ids(self.override)
--        self.platform = self._get_platform(self.platform_ids)
--
--    def _get_platform_ids(self, override):
--        platforms = []
--        # allow RPM and Debian packages to override platform
--        if override is not None:
--            platforms.append(override)
--
--        if sys.platform.startswith('linux'):
--            # Linux, get distribution from /etc/os-release
--            try:
--                platforms.extend(self._parse_platform())
--            except Exception as e:
--                warnings.warn("Failed to read /etc/os-release: {}".format(e))
--        elif sys.platform == 'win32':
--            # Windows 32 or 64bit platform
--            platforms.append('win32')
--        elif sys.platform == 'darwin':
--            # macOS
--            platforms.append('macos')
--        elif sys.platform.startswith(self.bsd_family):
--            # BSD family, look for e.g. ['freebsd10', 'freebsd']
--            platforms.append(sys.platform)
--            simple = sys.platform.rstrip('0123456789')
--            if simple != sys.platform:
--                platforms.append(simple)
--
--        if not platforms:
--            raise ValueError("Unsupported platform: {}".format(sys.platform))
--
--        return platforms
--
--    def parse_osrelease(self, filename='/etc/os-release'):
--        release = {}
--        with io.open(filename, encoding='utf-8') as f:
--            for line in f:
--                mo = _osrelease_line.match(line)
--                if mo is not None:
--                    release[mo.group('name')] = mo.group('value')
--        return release
--
--    def _parse_platform(self, filename='/etc/os-release'):
--        release = self.parse_osrelease(filename)
--        platforms = [
--            release['ID'],
--        ]
--        if "ID_LIKE" in release:
--            platforms.extend(
--                v.strip() for v in release['ID_LIKE'].split(' ') if v.strip()
--            )
--
--        return platforms
--
--    def _get_platform(self, platform_ids):
--        for platform in platform_ids:
--            try:
--                importlib.import_module('ipaplatform.{}'.format(platform))
--            except ImportError:
--                pass
--            else:
--                return platform
--        raise ImportError('No ipaplatform available for "{}"'.format(
--                          ', '.join(platform_ids)))
-+    def __init__(self, platform):
-+        self.platform = platform
- 
-     def find_module(self, fullname, path=None):
-         """Meta importer hook"""
-@@ -148,8 +44,7 @@ class IpaMetaImporter(object):
-         return platform_mod
- 
- 
--metaimporter = IpaMetaImporter()
-+metaimporter = IpaMetaImporter(osinfo.platform)
- sys.meta_path.insert(0, metaimporter)
- 
- fixup_module = metaimporter.load_module
--ipaplatform.NAME = metaimporter.platform
-diff --git a/ipaplatform/osinfo.py b/ipaplatform/osinfo.py
-new file mode 100644
-index 000000000..a38165d01
---- /dev/null
-+++ b/ipaplatform/osinfo.py
-@@ -0,0 +1,214 @@
-+#
-+# Copyright (C) 2018  FreeIPA Contributors see COPYING for license
-+#
-+"""Distribution information
-+
-+Known Linux distros with /etc/os-release
-+----------------------------------------
-+
-+- alpine
-+- centos (like rhel, fedora)
-+- debian
-+- fedora
-+- rhel
-+- ubuntu (like debian)
-+"""
-+from __future__ import absolute_import
-+
-+import importlib
-+import io
-+import re
-+import sys
-+import warnings
-+
-+import six
-+
-+import ipaplatform
-+try:
-+    from ipaplatform.override import OVERRIDE
-+except ImportError:
-+    OVERRIDE = None
-+
-+
-+# pylint: disable=no-name-in-module, import-error
-+if six.PY3:
-+    from collections.abc import Mapping
-+else:
-+    from collections import Mapping
-+# pylint: enable=no-name-in-module, import-error
-+
-+_osrelease_line = re.compile(
-+    u"^(?!#)(?P<name>[a-zA-Z0-9_]+)="
-+    u"(?P<quote>[\"\']?)(?P<value>.+)(?P=quote)$"
-+)
-+
-+
-+def _parse_osrelease(filename='/etc/os-release'):
-+    """Parser for /etc/os-release for Linux distributions
-+
-+    https://www.freedesktop.org/software/systemd/man/os-release.html
-+    """
-+    release = {}
-+    with io.open(filename, encoding='utf-8') as f:
-+        for line in f:
-+            mo = _osrelease_line.match(line)
-+            if mo is not None:
-+                release[mo.group('name')] = mo.group('value')
-+    if 'ID_LIKE' in release:
-+        release['ID_LIKE'] = tuple(
-+            v.strip()
-+            for v in release['ID_LIKE'].split(' ')
-+            if v.strip()
-+        )
-+    else:
-+        release["ID_LIKE"] = ()
-+    # defaults
-+    release.setdefault('NAME', 'Linux')
-+    release.setdefault('ID', 'linux')
-+    release.setdefault('VERSION', '')
-+    release.setdefault('VERSION_ID', '')
-+    return release
-+
-+
-+class OSInfo(Mapping):
-+    __slots__ = ('_info', '_platform')
-+
-+    bsd_family = (
-+        'freebsd',
-+        'openbsd',
-+        'netbsd',
-+        'dragonfly',
-+        'gnukfreebsd'
-+    )
-+
-+    def __init__(self):
-+        if sys.platform.startswith('linux'):
-+            # Linux, get distribution from /etc/os-release
-+            info = self._handle_linux()
-+        elif sys.platform == 'win32':
-+            info = self._handle_win32()
-+        elif sys.platform == 'darwin':
-+            info = self._handle_darwin()
-+        elif sys.platform.startswith(self.bsd_family):
-+            info = self._handle_bsd()
-+        else:
-+            raise ValueError("Unsupported platform: {}".format(sys.platform))
-+        self._info = info
-+        self._platform = None
-+
-+    def _handle_linux(self):
-+        """Detect Linux distribution from /etc/os-release
-+        """
-+        try:
-+            return _parse_osrelease()
-+        except Exception as e:
-+            warnings.warn("Failed to read /etc/os-release: {}".format(e))
-+            return {
-+                'NAME': 'Linux',
-+                'ID': 'linux',
-+            }
-+
-+    def _handle_win32(self):
-+        """Windows 32 or 64bit platform
-+        """
-+        return {
-+            'NAME': 'Windows',
-+            'ID': 'win32',
-+        }
-+
-+    def _handle_darwin(self):
-+        """Handle macOS / Darwin platform
-+        """
-+        return {
-+            'NAME': 'macOS',
-+            'ID': 'macos',
-+        }
-+
-+    def _handle_bsd(self):
-+        """Handle BSD-like platforms
-+        """
-+        platform = sys.platform
-+        simple = platform.rstrip('0123456789')
-+        id_like = []
-+        if simple != platform:
-+            id_like.append(simple)
-+        return {
-+            'NAME': platform,
-+            'ID': platform,
-+            'ID_LIKE': tuple(id_like),
-+        }
-+
-+    def __getitem__(self, item):
-+        return self._info[item]
-+
-+    def __iter__(self):
-+        return iter(self._info)
-+
-+    def __len__(self):
-+        return len(self._info)
-+
-+    @property
-+    def name(self):
-+        """OS name (user)
-+        """
-+        return self._info['NAME']
-+
-+    @property
-+    def id(self):
-+        """Lower case OS identifier
-+        """
-+        return self._info['ID']
-+
-+    @property
-+    def id_like(self):
-+        """Related / similar OS
-+        """
-+        return self._info.get('ID_LIKE', ())
-+
-+    @property
-+    def version(self):
-+        """Version number and name of OS (for user)
-+        """
-+        return self._info.get('VERSION')
-+
-+    @property
-+    def version_id(self):
-+        """Version identifier
-+        """
-+        return self._info.get('VERSION_ID')
-+
-+    @property
-+    def platform_ids(self):
-+        """Ordered tuple of detected platforms (including override)
-+        """
-+        platforms = []
-+        if OVERRIDE is not None:
-+            # allow RPM and Debian packages to override platform
-+            platforms.append(OVERRIDE)
-+        if OVERRIDE != self.id:
-+            platforms.append(self.id)
-+        platforms.extend(self.id_like)
-+        return tuple(platforms)
-+
-+    @property
-+    def platform(self):
-+        if self._platform is not None:
-+            return self._platform
-+        for platform in self.platform_ids:
-+            try:
-+                importlib.import_module('ipaplatform.{}'.format(platform))
-+            except ImportError:
-+                pass
-+            else:
-+                self._platform = platform
-+                return platform
-+        raise ImportError('No ipaplatform available for "{}"'.format(
-+                          ', '.join(self.platform_ids)))
-+
-+
-+osinfo = OSInfo()
-+ipaplatform.NAME = osinfo.platform
-+
-+if __name__ == '__main__':
-+    import pprint
-+    pprint.pprint(dict(osinfo))
-diff --git a/ipatests/test_ipaplatform/test_importhook.py b/ipatests/test_ipaplatform/test_importhook.py
-index c7d2626d6..eeb351ba7 100644
---- a/ipatests/test_ipaplatform/test_importhook.py
-+++ b/ipatests/test_ipaplatform/test_importhook.py
-@@ -13,6 +13,7 @@ import ipaplatform.paths
- import ipaplatform.services
- import ipaplatform.tasks
- from ipaplatform._importhook import metaimporter
-+from ipaplatform.osinfo import osinfo, _parse_osrelease
- try:
-     from ipaplatform.override import OVERRIDE
- except ImportError:
-@@ -26,8 +27,8 @@ DATA = os.path.join(HERE, 'data')
- @pytest.mark.skipif(OVERRIDE is None,
-                     reason='test requires override')
- def test_override():
--    assert OVERRIDE == metaimporter.platform_ids[0]
--    assert OVERRIDE == metaimporter.platform
-+    assert OVERRIDE == osinfo.platform_ids[0]
-+    assert OVERRIDE == osinfo.platform
- 
- 
- @pytest.mark.parametrize('mod, name', [
-@@ -46,11 +47,12 @@ def test_importhook(mod, name):
-     assert mod.__dict__ == sys.modules[override].__dict__
- 
- 
--@pytest.mark.parametrize('filename, expected_platforms', [
--    (os.path.join(DATA, 'os-release-centos'), ['centos', 'rhel', 'fedora']),
--    (os.path.join(DATA, 'os-release-fedora'), ['fedora']),
--    (os.path.join(DATA, 'os-release-ubuntu'), ['ubuntu', 'debian']),
-+@pytest.mark.parametrize('filename, id_, id_like', [
-+    (os.path.join(DATA, 'os-release-centos'), 'centos', ('rhel', 'fedora')),
-+    (os.path.join(DATA, 'os-release-fedora'), 'fedora', ()),
-+    (os.path.join(DATA, 'os-release-ubuntu'), 'ubuntu', ('debian',)),
- ])
--def test_parse_os_release(filename, expected_platforms):
--    parsed = metaimporter._parse_platform(filename)
--    assert parsed == expected_platforms
-+def test_parse_os_release(filename, id_, id_like):
-+    parsed = _parse_osrelease(filename)
-+    assert parsed['ID'] == id_
-+    assert parsed['ID_LIKE'] == id_like
-diff --git a/ipatests/test_ipapython/test_certdb.py b/ipatests/test_ipapython/test_certdb.py
-index 42edfb5a9..42d48d51a 100644
---- a/ipatests/test_ipapython/test_certdb.py
-+++ b/ipatests/test_ipapython/test_certdb.py
-@@ -5,13 +5,12 @@ import os
- import pytest
- 
- from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
--from ipaplatform._importhook import metaimporter
-+from ipaplatform.osinfo import osinfo
- 
--OSRELEASE = metaimporter.parse_osrelease()
- CERTNICK = 'testcert'
- 
--if OSRELEASE['ID'] == 'fedora':
--    if int(OSRELEASE['VERSION_ID']) >= 28:
-+if osinfo.id == 'fedora':
-+    if int(osinfo.version_id) >= 28:
-         NSS_DEFAULT = 'sql'
-     else:
-         NSS_DEFAULT = 'dbm'

0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch

@@ -1,42 +0,0 @@
-commit 1c03181e78b8f43e7bfd32e52c5b9d161c326fd6
-Author: Christian Heimes <cheimes@redhat.com>
-Date:   Wed Aug 29 12:58:12 2018 +0200
-
-    Don't check for systemd service
-    
-    ipaplatform no longer checks for the presence of a systemd service file
-    to detect the name of the domainname service. Instead it uses osinfo's
-    version to use the old name on Fedora 28 and the new name on Fedora 29.
-    
-    This fixes a SELinux violation that prevented httpd from listing systemd
-    service files.
-    
-    Fixes: https://pagure.io/freeipa/issue/7661
-    Signed-off-by: Christian Heimes <cheimes@redhat.com>
-    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
-
-diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py
-index 09ba2e826..5ff64f1cd 100644
---- a/ipaplatform/fedora/services.py
-+++ b/ipaplatform/fedora/services.py
-@@ -24,8 +24,7 @@ Contains Fedora-specific service class implementations.
- 
- from __future__ import absolute_import
- 
--import os
--
-+from ipaplatform.osinfo import osinfo
- from ipaplatform.redhat import services as redhat_services
- 
- # Mappings from service names as FreeIPA code references to these services
-@@ -35,9 +34,7 @@ fedora_system_units = redhat_services.redhat_system_units.copy()
- # Fedora 28 and earlier have fedora-domainname.service. Starting from
- # Fedora 29, the service is called nis-domainname.service as defined in
- # ipaplatform.redhat.services.
--HAS_FEDORA_DOMAINNAME_SERVICE = os.path.isfile(
--    "/usr/lib/systemd/system/fedora-domainname.service"
--)
-+HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28
- 
- if HAS_FEDORA_DOMAINNAME_SERVICE:
-     fedora_system_units['domainname'] = 'fedora-domainname.service'

freeipa.spec

@@ -100,14 +100,18 @@
 
 %endif  # Fedora
 
-# Require Dogtag PKI 10.6.1 with Python 3 and SQL NSSDB fixes for external
+# Require Dogtag PKI 10.6.6 to detect when fips is available,
-# CA support, https://bugzilla.redhat.com/show_bug.cgi?id=1573094
+# https://pagure.io/freeipa/issue/7608
-%global pki_version 10.6.1
+%global pki_version 10.6.6
 
 # NSS release with fix for CKA_LABEL import bug in shared SQL database.
 # https://bugzilla.redhat.com/show_bug.cgi?id=1568271
 %global nss_version 3.36.1-1.1
 
+# One-Way Trust authenticated by trust secret
+# https://bugzilla.redhat.com/show_bug.cgi?id=1345975#c20
+%global sssd_version 1.16.3-2
+
 %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
 
 %global plugin_dir %{_libdir}/dirsrv/plugins
@@ -118,7 +122,7 @@
 
 # Work-around fact that RPM SPEC parser does not accept
 # "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
-%define IPA_VERSION 4.7.0
+%define IPA_VERSION 4.7.1
 %define AT_SIGN @
 # redefine IPA_VERSION only if its value matches the Autoconf placeholder
 %if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"
@@ -127,7 +131,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        5%{?dist}
+Release:        1%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 Group:          System Environment/Base
@@ -135,14 +139,8 @@ License:        GPLv3+
 URL:            http://www.freeipa.org/
 Source0:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
 Source1:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc
-Patch0001:      0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch
-Patch0002:      0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch
 # For the timestamp trick in patch application
 BuildRequires:  diffstat
-Patch0003:      0003-freeipa-4.7.0-restore_SELinux_context.patch
-Patch0004:      0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch
-Patch0005:      0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch
-Patch0006:      0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  openldap-devel
@@ -184,8 +182,7 @@ BuildRequires:  libtevent-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  libsss_idmap-devel
 BuildRequires:  libsss_certmap-devel
-# 1.15.3: sss_nss_getlistbycert (https://pagure.io/SSSD/sssd/issue/3050)
+BuildRequires:  libsss_nss_idmap-devel >=  %{sssd_version}
-BuildRequires:  libsss_nss_idmap-devel >= 1.15.3
 BuildRequires:  nodejs
 BuildRequires:  uglify-js
 BuildRequires:  libverto-devel
@@ -308,7 +305,7 @@ BuildRequires:  python3-samba
 BuildRequires:  python3-six
 BuildRequires:  python3-sss
 BuildRequires:  python3-sss-murmur
-BuildRequires:  python3-sssdconfig
+BuildRequires:  python3-sssdconfig >= %{sssd_version}
 BuildRequires:  python3-systemd
 BuildRequires:  python3-yubico
 %endif # with_lint
@@ -404,8 +401,7 @@ Requires: gzip
 Requires: oddjob
 # 0.7.0-2: https://pagure.io/gssproxy/pull-request/172
 Requires: gssproxy >= 0.7.0-2
-# 1.15.2: FindByNameAndCertificate (https://pagure.io/SSSD/sssd/issue/3050)
+Requires: sssd-dbus >= %{sssd_version}
-Requires: sssd-dbus >= 1.15.2
 
 Provides: %{alt_name}-server = %{version}
 Conflicts: %{alt_name}-server
@@ -488,7 +484,7 @@ Requires: python3-kdcproxy >= 0.3
 Requires: python3-lxml
 Requires: python3-pki >= %{pki_version}
 Requires: python3-pyasn1 >= 0.3.2-2
-Requires: python3-sssdconfig
+Requires: python3-sssdconfig >= %{sssd_version}
 Requires: rpm-libs
 
 %description -n python3-ipaserver
@@ -598,7 +594,7 @@ Requires: %{name}-common = %{version}-%{release}
 Requires: python3-gssapi >= 1.2.0-5
 Requires: python3-ipaclient = %{version}-%{release}
 Requires: python3-ldap >= %{python_ldap_version}
-Requires: python3-sssdconfig
+Requires: python3-sssdconfig >= %{sssd_version}
 %else
 Requires: python2-gssapi >= 1.2.0-5
 Requires: python2-ipaclient = %{version}-%{release}
@@ -618,7 +614,7 @@ Requires: initscripts
 %endif
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
-Requires: sssd >= 1.14.0
+Requires: sssd-ipa >= %{sssd_version}
 Requires: certmonger >= 0.79.5-1
 Requires: nss-tools >= %{nss_version}
 Requires: bind-utils
@@ -627,7 +623,7 @@ Requires: libsss_autofs
 Requires: autofs
 Requires: libnfsidmap
 Requires: nfs-utils
-Requires: sssd-tools
+Requires: sssd-tools >= %{sssd_version}
 Requires(post): policycoreutils
 
 Provides: %{alt_name}-client = %{version}
@@ -925,7 +921,7 @@ Requires: python3-polib
 Requires: python3-pytest >= 2.6
 Requires: python3-pytest-multihost >= 0.5
 Requires: python3-pytest-sourceorder
-Requires: python3-sssdconfig
+Requires: python3-sssdconfig >= %{sssd_version}
 Requires: tar
 Requires: xz
 
@@ -1001,8 +997,7 @@ find \
 	-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
 	-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
 
-aclocal --force
+autoreconf -ivf
-autoconf --force
 %configure --with-vendor-suffix=-%{release} \
            %{enable_server_option} \
            %{with_ipatests_option} \
@@ -1342,7 +1337,6 @@ fi
 %{_sbindir}/ipa-server-install
 %{_sbindir}/ipa-replica-conncheck
 %{_sbindir}/ipa-replica-install
-%{_sbindir}/ipa-replica-prepare
 %{_sbindir}/ipa-replica-manage
 %{_sbindir}/ipa-csreplica-manage
 %{_sbindir}/ipa-server-certinstall
@@ -1398,7 +1392,6 @@ fi
 %{_mandir}/man1/ipa-replica-install.1*
 %{_mandir}/man1/ipa-replica-manage.1*
 %{_mandir}/man1/ipa-csreplica-manage.1*
-%{_mandir}/man1/ipa-replica-prepare.1*
 %{_mandir}/man1/ipa-server-certinstall.1*
 %{_mandir}/man1/ipa-server-install.1*
 %{_mandir}/man1/ipa-server-upgrade.1*
@@ -1460,9 +1453,7 @@ fi
 %{_usr}/share/ipa/html/ssbrowser.html
 %{_usr}/share/ipa/html/unauthorized.html
 %dir %{_usr}/share/ipa/migration
-%{_usr}/share/ipa/migration/error.html
 %{_usr}/share/ipa/migration/index.html
-%{_usr}/share/ipa/migration/invalid.html
 %{_usr}/share/ipa/migration/migration.py*
 %dir %{_usr}/share/ipa/ui
 %{_usr}/share/ipa/ui/index.html
@@ -1470,7 +1461,6 @@ fi
 %{_usr}/share/ipa/ui/sync_otp.html
 %{_usr}/share/ipa/ui/*.ico
 %{_usr}/share/ipa/ui/*.css
-%{_usr}/share/ipa/ui/*.js
 %dir %{_usr}/share/ipa/ui/css
 %{_usr}/share/ipa/ui/css/*.css
 %dir %{_usr}/share/ipa/ui/js
@@ -1742,6 +1732,9 @@ fi
 
 
 %changelog
+* Fri Oct  5 2018 Rob Crittenden <rcritten@redhat.com> - 4.7.1-1
+- Update to upstream 4.7.1
+
 * Tue Sep 25 2018 Christian Heimes <cheimes@redhat.com> - 4.7.0-5
 - Remove Python 2 support from Fedora 30
 - https://fedoraproject.org/wiki/Changes/FreeIPA_Python_2_Removal

sources

@@ -1,2 +1,2 @@
-SHA512 (freeipa-4.7.0.tar.gz) = 1c564fca34339e6991edf29f731633467a4aa3f8dd0e763fa2f87fe5992e0697bb9f5686a455b778ce7722487278c4040e8a83be7078a2f6724a45c0761b9b5d
+SHA512 (freeipa-4.7.1.tar.gz) = 6fab1f1ad7e110e4edbca0a7cfda63e650b0cceb345d9c5c1bc5a0ba235bb242ecf4060b28daa77ac15d1298a6d61c465ea790ba2668162ce1c2ed64077e09c9
-SHA512 (freeipa-4.7.0.tar.gz.asc) = 7d6a224cc564bd96fa5bd4b89e4996b3b761348424d8719e2aea422371c53a5151c045666a7333d3ef081a3384a5c649096c1555f69312b66a38f14722b69725
+SHA512 (freeipa-4.7.1.tar.gz.asc) = 88c71297dcf4cf1bd7df8b6e3194297ebdf8a3e92bc982a27c7e517cd41fec02c9d7a97d5cc9d6b659ca7311a659e98c8d12ded1e7cdc023c38ad1494595c3e6