diff --git a/.gitignore b/.gitignore
index 5116b4d..663c66e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,3 +39,4 @@
/freeipa-4.1.3.tar.gz
/freeipa-4.1.4.tar.gz
/freeipa-4.2.1.tar.gz
+/freeipa-4.2.2.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index 4e63044..90e6683 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -24,14 +24,10 @@
%global platform_module fedora
%endif
-%global VERSION 4.2.1
+%global VERSION 4.2.2
%define _hardened_build 1
-%define kdcproxy_user kdcproxy
-%define kdcproxy_group kdcproxy
-%define kdcproxy_home %{_sharedstatedir}/kdcproxy
-
Name: freeipa
Version: %{VERSION}
Release: 1%{?dist}
@@ -109,10 +105,11 @@ BuildRequires: python-pytest-sourceorder
BuildRequires: python-kdcproxy >= 0.3
%description
-IPA is an integrated solution to provide centrally managed Identity (machine,
-user, virtual machines, groups, authentication credentials), Policy
-(configuration settings, access control information) and Audit (events,
-logs, analysis thereof).
+IPA is an integrated solution to provide centrally managed Identity (users,
+hosts, services), Authentication (SSO, 2FA), and Authorization
+(host access control, SELinux user roles, services). The solution provides
+features for further integration with Linux based clients (SUDO, automount)
+and integration with Active Directory based infrastructures (Trusts).
%if ! %{ONLY_CLIENT}
%package server
@@ -166,6 +163,7 @@ Requires: softhsm >= 2.0.0rc1-1
Requires: p11-kit
Requires: systemd-python
Requires: %{etc_systemd_dir}
+Requires: gzip
Conflicts: %{alt_name}-server
Obsoletes: %{alt_name}-server < %{version}
@@ -182,12 +180,12 @@ Obsoletes: %{name}-server <= 4.2.0.0
Conflicts: nss-pam-ldapd < 0.8.4
%description server
-IPA is an integrated solution to provide centrally managed Identity (machine,
-user, virtual machines, groups, authentication credentials), Policy
-(configuration settings, access control information) and Audit (events,
-logs, analysis thereof). If you are installing an IPA server you need
-to install this package (in other words, most people should NOT install
-this package).
+IPA is an integrated solution to provide centrally managed Identity (users,
+hosts, services), Authentication (SSO, 2FA), and Authorization
+(host access control, SELinux user roles, services). The solution provides
+features for further integration with Linux based clients (SUDO, automount)
+and integration with Active Directory based infrastructures (Trusts).
+If you are installing an IPA server, you need to install this package.
%package server-dns
@@ -282,11 +280,13 @@ Conflicts: %{alt_name}-client
Obsoletes: %{alt_name}-client < %{version}
%description client
-IPA is an integrated solution to provide centrally managed Identity (machine,
-user, virtual machines, groups, authentication credentials), Policy
-(configuration settings, access control information) and Audit (events,
-logs, analysis thereof). If your network uses IPA for authentication,
-this package should be installed on every client machine.
+IPA is an integrated solution to provide centrally managed Identity (users,
+hosts, services), Authentication (SSO, 2FA), and Authorization
+(host access control, SELinux user roles, services). The solution provides
+features for further integration with Linux based clients (SUDO, automount)
+and integration with Active Directory based infrastructures (Trusts).
+If your network uses IPA for authentication, this package should be
+installed on every client machine.
%package admintools
@@ -301,11 +301,12 @@ Conflicts: %{alt_name}-admintools
Obsoletes: %{alt_name}-admintools < %{version}
%description admintools
-IPA is an integrated solution to provide centrally managed Identity (machine,
-user, virtual machines, groups, authentication credentials), Policy
-(configuration settings, access control information) and Audit (events,
-logs, analysis thereof). This package provides command-line tools for
-IPA administrators.
+IPA is an integrated solution to provide centrally managed Identity (users,
+hosts, services), Authentication (SSO, 2FA), and Authorization
+(host access control, SELinux user roles, services). The solution provides
+features for further integration with Linux based clients (SUDO, automount)
+and integration with Active Directory based infrastructures (Trusts).
+This package provides command-line tools for IPA administrators.
%package python
Summary: Python libraries used by IPA
@@ -334,11 +335,12 @@ Conflicts: %{alt_name}-python
Obsoletes: %{alt_name}-python < %{version}
%description python
-IPA is an integrated solution to provide centrally managed Identity (machine,
-user, virtual machines, groups, authentication credentials), Policy
-(configuration settings, access control information) and Audit (events,
-logs, analysis thereof). If you are using IPA you need to install this
-package.
+IPA is an integrated solution to provide centrally managed Identity (users,
+hosts, services), Authentication (SSO, 2FA), and Authorization
+(host access control, SELinux user roles, services). The solution provides
+features for further integration with Linux based clients (SUDO, automount)
+and integration with Active Directory based infrastructures (Trusts).
+If you are using IPA, you need to install this package.
%if ! %{ONLY_CLIENT}
%package tests
@@ -359,10 +361,11 @@ Conflicts: %{alt_name}-tests
Obsoletes: %{alt_name}-tests < %{version}
%description tests
-IPA is an integrated solution to provide centrally managed Identity (machine,
-user, virtual machines, groups, authentication credentials), Policy
-(configuration settings, access control information) and Audit (events,
-logs, analysis thereof).
+IPA is an integrated solution to provide centrally managed Identity (users,
+hosts, services), Authentication (SSO, 2FA), and Authorization
+(host access control, SELinux user roles, services). The solution provides
+features for further integration with Linux based clients (SUDO, automount)
+and integration with Active Directory based infrastructures (Trusts).
This package contains tests that verify IPA functionality.
%endif # ONLY_CLIENT
@@ -515,7 +518,6 @@ install daemons/dnssec/ipa-ods-exporter %{buildroot}%{_libexecdir}/ipa/ipa-ods-e
mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins
# KDC proxy config (Apache config sets KDCPROXY_CONFIG to load this file)
-mkdir -p %{buildroot}%{kdcproxy_home}
mkdir -p %{buildroot}%{_sysconfdir}/ipa/kdcproxy/
install -m 644 install/share/kdcproxy.conf %{buildroot}%{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
@@ -612,13 +614,6 @@ if [ -e /usr/sbin/ipa_kpasswd ]; then
# END
fi
-# create kdcproxy user
-getent group %{kdcproxy_group} >/dev/null || groupadd -r %{kdcproxy_group}
-getent passwd %{kdcproxy_user} >/dev/null || \
- /usr/sbin/useradd -r -c "IPA KDC Proxy User" -s /sbin/nologin \
- -g %{kdcproxy_group} -d %{kdcproxy_home} %{kdcproxy_user}
-exit 0
-
%postun server-trust-ad
if [ "$1" -ge "1" ]; then
if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then
@@ -754,8 +749,8 @@ fi
%{_libexecdir}/ipa/ipa-dnskeysync-replica
%{_libexecdir}/ipa/ipa-ods-exporter
%{_libexecdir}/ipa/ipa-httpd-kdcproxy
+%ghost %verify(not owner group) %dir %{_sharedstatedir}/kdcproxy
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/kdcproxy
-%dir %attr(0700,%{kdcproxy_user},%{kdcproxy_group}) %{kdcproxy_home}
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
@@ -790,7 +785,6 @@ fi
%{_usr}/share/ipa/copy-schema-to-ca.py*
%{_usr}/share/ipa/*.ldif
%{_usr}/share/ipa/*.uldif
-%{_usr}/share/ipa/*.update
%{_usr}/share/ipa/*.template
%dir %{_usr}/share/ipa/advise
%dir %{_usr}/share/ipa/advise/legacy
@@ -1022,6 +1016,9 @@ fi
%endif # ONLY_CLIENT
%changelog
+* Thu Oct 8 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.2-1
+- Update to upstream 4.2.2 - see http://www.freeipa.org/page/Releases/4.2.2
+
* Mon Sep 7 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.1-1
- Update to upstream 4.2.1 - see http://www.freeipa.org/page/Releases/4.2.1
diff --git a/sources b/sources
index f855c52..4fb040c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-7fe8b04fc855cf5a4df892c7e5ba1674 freeipa-4.2.1.tar.gz
+6507212f35ffc22aa11f4c155c094a4e freeipa-4.2.2.tar.gz