diff --git a/0003-freeipa-4.7.0-restore_SELinux_context.patch b/0003-freeipa-4.7.0-restore_SELinux_context.patch
new file mode 100644
index 0000000..6a44a21
--- /dev/null
+++ b/0003-freeipa-4.7.0-restore_SELinux_context.patch
@@ -0,0 +1,63 @@
+commit f7516979241ed80a48250784051a82457e2df7aa
+Author: Thomas Woerner <twoerner@redhat.com>
+Date: Thu Aug 2 11:22:55 2018 +0200
+
+ httpinstance: Restore SELinux context of session_dir /etc/httpd/alias
+
+ The session directory /etc/httpd/alias/ could be created with the wrong
+ SELinux context. Therefore httpd was not able to write to this directory.
+
+ Fixes: https://pagure.io/freeipa/issue/7662
+
+ Related-to: 49b4a057f1b0459331bcec2c8d760627d00e4571 (Create missing
+ /etc/httpd/alias for ipasession.key)
+
+ Reviewed-By: Christian Heimes <cheimes@redhat.com>
+
+diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
+index 62b563fb2..1b1e7a03d 100644
+--- a/ipaserver/install/httpinstance.py
++++ b/ipaserver/install/httpinstance.py
+@@ -183,6 +183,9 @@ class HTTPInstance(service.Service):
+ os.makedirs(session_dir)
+ # Must be world-readable / executable
+ os.chmod(session_dir, 0o755)
++ # Restore SELinux context of session_dir /etc/httpd/alias, see
++ # https://pagure.io/freeipa/issue/7662
++ tasks.restore_context(session_dir)
+
+ target_fname = paths.HTTPD_IPA_CONF
+ http_txt = ipautil.template_file(
+
+commit 354d7297e8e0d97da22c0469ab96f30fdfc4a1ea
+Author: Thomas Woerner <twoerner@redhat.com>
+Date: Thu Aug 2 11:32:05 2018 +0200
+
+ ipa_restore: Restore SELinux context of template_dir /var/log/dirsrv/slapd-X
+
+ The template directory /var/log/dirsrv/slapd-X could be created with the
+ wrong SELinux context.
+
+ Related to: https://pagure.io/freeipa/issue/7662
+
+ Reviewed-By: Christian Heimes <cheimes@redhat.com>
+
+diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
+index 48b95ed18..1916d3063 100644
+--- a/ipaserver/install/ipa_restore.py
++++ b/ipaserver/install/ipa_restore.py
+@@ -607,10 +607,13 @@ class Restore(admintool.AdminTool):
+ logger.info("Waiting for LDIF to finish")
+ wait_for_task(conn, dn)
+ else:
++ template_dir = paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance
+ try:
+- os.makedirs(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % instance)
++ os.makedirs(template_dir)
+ except OSError as e:
+ pass
++ # Restore SELinux context of template_dir
++ tasks.restore_context(template_dir)
+
+ args = [paths.LDIF2DB,
+ '-Z', instance,
diff --git a/0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch b/0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch
new file mode 100644
index 0000000..cfc1a29
--- /dev/null
+++ b/0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch
@@ -0,0 +1,23 @@
+commit 90203fb044f4e51f341781cf64a9b30c1337d2a9
+Author: Michal Reznik <mreznik@redhat.com>
+Date: Fri Aug 31 09:49:15 2018 +0200
+
+ Add "389-ds-base-legacy-tools" to requires.
+
+ "389-ds-base-legacy-tools" needs to be added to requires until
+ the switch to python installer is completed.
+
+ Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
+
+diff --git a/freeipa.spec.in b/freeipa.spec.in
+index 02881b494..cffbccd72 100644
+--- a/freeipa.spec.in
++++ b/freeipa.spec.in
+@@ -329,6 +329,7 @@ Requires: python2-ipaserver = %{version}-%{release}
+ Requires: python2-ldap >= %{python_ldap_version}
+ %endif
+ Requires: 389-ds-base >= %{ds_version}
++Requires: 389-ds-base-legacy-tools >= %{ds_version}
+ Requires: openldap-clients > 2.4.35-4
+ Requires: nss >= %{nss_version}
+ Requires: nss-tools >= %{nss_version}
diff --git a/0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch b/0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch
new file mode 100644
index 0000000..27a9e2b
--- /dev/null
+++ b/0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch
@@ -0,0 +1,454 @@
+commit b8528da5a8e8cf4fdeabb77022cb511043544e9f
+Author: Christian Heimes <cheimes@redhat.com>
+Date: Wed Aug 29 12:43:03 2018 +0200
+
+ Refactor os-release and platform information
+
+ Move the /etc/os-release parser and platform detection code out of the
+ private _importhook module. The ipaplatform module now contains an
+ osinfo module that provides distribution, os, and vendor information.
+
+ See: https://www.freedesktop.org/software/systemd/man/os-release.html
+ See: https://pagure.io/freeipa/issue/7661
+ Signed-off-by: Christian Heimes <cheimes@redhat.com>
+ Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+
+diff --git a/ipaplatform/__init__.py b/ipaplatform/__init__.py
+index 06397fda1..1c22346b0 100644
+--- a/ipaplatform/__init__.py
++++ b/ipaplatform/__init__.py
+@@ -8,4 +8,4 @@ ignore.
+ """
+ __import__('pkg_resources').declare_namespace(__name__)
+
+-NAME = None # initialized by IpaMetaImporter
++NAME = None # initialized by ipaplatform.osinfo
+diff --git a/ipaplatform/_importhook.py b/ipaplatform/_importhook.py
+index 77c4e0d87..3f84e81fd 100644
+--- a/ipaplatform/_importhook.py
++++ b/ipaplatform/_importhook.py
+@@ -3,46 +3,14 @@
+ #
+ from __future__ import absolute_import
+
+-"""Meta import hook for ipaplatform.
+-
+-Known Linux distros with /etc/os-release
+-----------------------------------------
+-
+-- alpine
+-- centos (like rhel, fedora)
+-- debian
+-- fedora
+-- rhel
+-- ubuntu (like debian)
+-"""
+
+ import importlib
+-import io
+-import re
+ import sys
+-import warnings
+-
+-
+-import ipaplatform
+-try:
+- from ipaplatform.override import OVERRIDE
+-except ImportError:
+- OVERRIDE = None
+
+-
+-_osrelease_line = re.compile(
+- u"^(?!#)(?P<name>[a-zA-Z0-9_]+)="
+- u"(?P<quote>[\"\']?)(?P<value>.+)(?P=quote)$"
+-)
++from ipaplatform.osinfo import osinfo
+
+
+ class IpaMetaImporter(object):
+- """Meta import hook and platform detector.
+-
+- The meta import hook uses /etc/os-release to auto-detects the best
+- matching ipaplatform provider. It is compatible with external namespace
+- packages, too.
+- """
+ modules = {
+ 'ipaplatform.constants',
+ 'ipaplatform.paths',
+@@ -50,80 +18,8 @@ class IpaMetaImporter(object):
+ 'ipaplatform.tasks'
+ }
+
+- bsd_family = (
+- 'freebsd',
+- 'openbsd',
+- 'netbsd',
+- 'dragonfly',
+- 'gnukfreebsd'
+- )
+-
+- def __init__(self, override=OVERRIDE):
+- self.override = override
+- self.platform_ids = self._get_platform_ids(self.override)
+- self.platform = self._get_platform(self.platform_ids)
+-
+- def _get_platform_ids(self, override):
+- platforms = []
+- # allow RPM and Debian packages to override platform
+- if override is not None:
+- platforms.append(override)
+-
+- if sys.platform.startswith('linux'):
+- # Linux, get distribution from /etc/os-release
+- try:
+- platforms.extend(self._parse_platform())
+- except Exception as e:
+- warnings.warn("Failed to read /etc/os-release: {}".format(e))
+- elif sys.platform == 'win32':
+- # Windows 32 or 64bit platform
+- platforms.append('win32')
+- elif sys.platform == 'darwin':
+- # macOS
+- platforms.append('macos')
+- elif sys.platform.startswith(self.bsd_family):
+- # BSD family, look for e.g. ['freebsd10', 'freebsd']
+- platforms.append(sys.platform)
+- simple = sys.platform.rstrip('0123456789')
+- if simple != sys.platform:
+- platforms.append(simple)
+-
+- if not platforms:
+- raise ValueError("Unsupported platform: {}".format(sys.platform))
+-
+- return platforms
+-
+- def parse_osrelease(self, filename='/etc/os-release'):
+- release = {}
+- with io.open(filename, encoding='utf-8') as f:
+- for line in f:
+- mo = _osrelease_line.match(line)
+- if mo is not None:
+- release[mo.group('name')] = mo.group('value')
+- return release
+-
+- def _parse_platform(self, filename='/etc/os-release'):
+- release = self.parse_osrelease(filename)
+- platforms = [
+- release['ID'],
+- ]
+- if "ID_LIKE" in release:
+- platforms.extend(
+- v.strip() for v in release['ID_LIKE'].split(' ') if v.strip()
+- )
+-
+- return platforms
+-
+- def _get_platform(self, platform_ids):
+- for platform in platform_ids:
+- try:
+- importlib.import_module('ipaplatform.{}'.format(platform))
+- except ImportError:
+- pass
+- else:
+- return platform
+- raise ImportError('No ipaplatform available for "{}"'.format(
+- ', '.join(platform_ids)))
++ def __init__(self, platform):
++ self.platform = platform
+
+ def find_module(self, fullname, path=None):
+ """Meta importer hook"""
+@@ -148,8 +44,7 @@ class IpaMetaImporter(object):
+ return platform_mod
+
+
+-metaimporter = IpaMetaImporter()
++metaimporter = IpaMetaImporter(osinfo.platform)
+ sys.meta_path.insert(0, metaimporter)
+
+ fixup_module = metaimporter.load_module
+-ipaplatform.NAME = metaimporter.platform
+diff --git a/ipaplatform/osinfo.py b/ipaplatform/osinfo.py
+new file mode 100644
+index 000000000..a38165d01
+--- /dev/null
++++ b/ipaplatform/osinfo.py
+@@ -0,0 +1,214 @@
++#
++# Copyright (C) 2018 FreeIPA Contributors see COPYING for license
++#
++"""Distribution information
++
++Known Linux distros with /etc/os-release
++----------------------------------------
++
++- alpine
++- centos (like rhel, fedora)
++- debian
++- fedora
++- rhel
++- ubuntu (like debian)
++"""
++from __future__ import absolute_import
++
++import importlib
++import io
++import re
++import sys
++import warnings
++
++import six
++
++import ipaplatform
++try:
++ from ipaplatform.override import OVERRIDE
++except ImportError:
++ OVERRIDE = None
++
++
++# pylint: disable=no-name-in-module, import-error
++if six.PY3:
++ from collections.abc import Mapping
++else:
++ from collections import Mapping
++# pylint: enable=no-name-in-module, import-error
++
++_osrelease_line = re.compile(
++ u"^(?!#)(?P<name>[a-zA-Z0-9_]+)="
++ u"(?P<quote>[\"\']?)(?P<value>.+)(?P=quote)$"
++)
++
++
++def _parse_osrelease(filename='/etc/os-release'):
++ """Parser for /etc/os-release for Linux distributions
++
++ https://www.freedesktop.org/software/systemd/man/os-release.html
++ """
++ release = {}
++ with io.open(filename, encoding='utf-8') as f:
++ for line in f:
++ mo = _osrelease_line.match(line)
++ if mo is not None:
++ release[mo.group('name')] = mo.group('value')
++ if 'ID_LIKE' in release:
++ release['ID_LIKE'] = tuple(
++ v.strip()
++ for v in release['ID_LIKE'].split(' ')
++ if v.strip()
++ )
++ else:
++ release["ID_LIKE"] = ()
++ # defaults
++ release.setdefault('NAME', 'Linux')
++ release.setdefault('ID', 'linux')
++ release.setdefault('VERSION', '')
++ release.setdefault('VERSION_ID', '')
++ return release
++
++
++class OSInfo(Mapping):
++ __slots__ = ('_info', '_platform')
++
++ bsd_family = (
++ 'freebsd',
++ 'openbsd',
++ 'netbsd',
++ 'dragonfly',
++ 'gnukfreebsd'
++ )
++
++ def __init__(self):
++ if sys.platform.startswith('linux'):
++ # Linux, get distribution from /etc/os-release
++ info = self._handle_linux()
++ elif sys.platform == 'win32':
++ info = self._handle_win32()
++ elif sys.platform == 'darwin':
++ info = self._handle_darwin()
++ elif sys.platform.startswith(self.bsd_family):
++ info = self._handle_bsd()
++ else:
++ raise ValueError("Unsupported platform: {}".format(sys.platform))
++ self._info = info
++ self._platform = None
++
++ def _handle_linux(self):
++ """Detect Linux distribution from /etc/os-release
++ """
++ try:
++ return _parse_osrelease()
++ except Exception as e:
++ warnings.warn("Failed to read /etc/os-release: {}".format(e))
++ return {
++ 'NAME': 'Linux',
++ 'ID': 'linux',
++ }
++
++ def _handle_win32(self):
++ """Windows 32 or 64bit platform
++ """
++ return {
++ 'NAME': 'Windows',
++ 'ID': 'win32',
++ }
++
++ def _handle_darwin(self):
++ """Handle macOS / Darwin platform
++ """
++ return {
++ 'NAME': 'macOS',
++ 'ID': 'macos',
++ }
++
++ def _handle_bsd(self):
++ """Handle BSD-like platforms
++ """
++ platform = sys.platform
++ simple = platform.rstrip('0123456789')
++ id_like = []
++ if simple != platform:
++ id_like.append(simple)
++ return {
++ 'NAME': platform,
++ 'ID': platform,
++ 'ID_LIKE': tuple(id_like),
++ }
++
++ def __getitem__(self, item):
++ return self._info[item]
++
++ def __iter__(self):
++ return iter(self._info)
++
++ def __len__(self):
++ return len(self._info)
++
++ @property
++ def name(self):
++ """OS name (user)
++ """
++ return self._info['NAME']
++
++ @property
++ def id(self):
++ """Lower case OS identifier
++ """
++ return self._info['ID']
++
++ @property
++ def id_like(self):
++ """Related / similar OS
++ """
++ return self._info.get('ID_LIKE', ())
++
++ @property
++ def version(self):
++ """Version number and name of OS (for user)
++ """
++ return self._info.get('VERSION')
++
++ @property
++ def version_id(self):
++ """Version identifier
++ """
++ return self._info.get('VERSION_ID')
++
++ @property
++ def platform_ids(self):
++ """Ordered tuple of detected platforms (including override)
++ """
++ platforms = []
++ if OVERRIDE is not None:
++ # allow RPM and Debian packages to override platform
++ platforms.append(OVERRIDE)
++ if OVERRIDE != self.id:
++ platforms.append(self.id)
++ platforms.extend(self.id_like)
++ return tuple(platforms)
++
++ @property
++ def platform(self):
++ if self._platform is not None:
++ return self._platform
++ for platform in self.platform_ids:
++ try:
++ importlib.import_module('ipaplatform.{}'.format(platform))
++ except ImportError:
++ pass
++ else:
++ self._platform = platform
++ return platform
++ raise ImportError('No ipaplatform available for "{}"'.format(
++ ', '.join(self.platform_ids)))
++
++
++osinfo = OSInfo()
++ipaplatform.NAME = osinfo.platform
++
++if __name__ == '__main__':
++ import pprint
++ pprint.pprint(dict(osinfo))
+diff --git a/ipatests/test_ipaplatform/test_importhook.py b/ipatests/test_ipaplatform/test_importhook.py
+index c7d2626d6..eeb351ba7 100644
+--- a/ipatests/test_ipaplatform/test_importhook.py
++++ b/ipatests/test_ipaplatform/test_importhook.py
+@@ -13,6 +13,7 @@ import ipaplatform.paths
+ import ipaplatform.services
+ import ipaplatform.tasks
+ from ipaplatform._importhook import metaimporter
++from ipaplatform.osinfo import osinfo, _parse_osrelease
+ try:
+ from ipaplatform.override import OVERRIDE
+ except ImportError:
+@@ -26,8 +27,8 @@ DATA = os.path.join(HERE, 'data')
+ @pytest.mark.skipif(OVERRIDE is None,
+ reason='test requires override')
+ def test_override():
+- assert OVERRIDE == metaimporter.platform_ids[0]
+- assert OVERRIDE == metaimporter.platform
++ assert OVERRIDE == osinfo.platform_ids[0]
++ assert OVERRIDE == osinfo.platform
+
+
+ @pytest.mark.parametrize('mod, name', [
+@@ -46,11 +47,12 @@ def test_importhook(mod, name):
+ assert mod.__dict__ == sys.modules[override].__dict__
+
+
+-@pytest.mark.parametrize('filename, expected_platforms', [
+- (os.path.join(DATA, 'os-release-centos'), ['centos', 'rhel', 'fedora']),
+- (os.path.join(DATA, 'os-release-fedora'), ['fedora']),
+- (os.path.join(DATA, 'os-release-ubuntu'), ['ubuntu', 'debian']),
++@pytest.mark.parametrize('filename, id_, id_like', [
++ (os.path.join(DATA, 'os-release-centos'), 'centos', ('rhel', 'fedora')),
++ (os.path.join(DATA, 'os-release-fedora'), 'fedora', ()),
++ (os.path.join(DATA, 'os-release-ubuntu'), 'ubuntu', ('debian',)),
+ ])
+-def test_parse_os_release(filename, expected_platforms):
+- parsed = metaimporter._parse_platform(filename)
+- assert parsed == expected_platforms
++def test_parse_os_release(filename, id_, id_like):
++ parsed = _parse_osrelease(filename)
++ assert parsed['ID'] == id_
++ assert parsed['ID_LIKE'] == id_like
+diff --git a/ipatests/test_ipapython/test_certdb.py b/ipatests/test_ipapython/test_certdb.py
+index 42edfb5a9..42d48d51a 100644
+--- a/ipatests/test_ipapython/test_certdb.py
++++ b/ipatests/test_ipapython/test_certdb.py
+@@ -5,13 +5,12 @@ import os
+ import pytest
+
+ from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
+-from ipaplatform._importhook import metaimporter
++from ipaplatform.osinfo import osinfo
+
+-OSRELEASE = metaimporter.parse_osrelease()
+ CERTNICK = 'testcert'
+
+-if OSRELEASE['ID'] == 'fedora':
+- if int(OSRELEASE['VERSION_ID']) >= 28:
++if osinfo.id == 'fedora':
++ if int(osinfo.version_id) >= 28:
+ NSS_DEFAULT = 'sql'
+ else:
+ NSS_DEFAULT = 'dbm'
diff --git a/0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch b/0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch
new file mode 100644
index 0000000..7369d9d
--- /dev/null
+++ b/0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch
@@ -0,0 +1,42 @@
+commit 1c03181e78b8f43e7bfd32e52c5b9d161c326fd6
+Author: Christian Heimes <cheimes@redhat.com>
+Date: Wed Aug 29 12:58:12 2018 +0200
+
+ Don't check for systemd service
+
+ ipaplatform no longer checks for the presence of a systemd service file
+ to detect the name of the domainname service. Instead it uses osinfo's
+ version to use the old name on Fedora 28 and the new name on Fedora 29.
+
+ This fixes a SELinux violation that prevented httpd from listing systemd
+ service files.
+
+ Fixes: https://pagure.io/freeipa/issue/7661
+ Signed-off-by: Christian Heimes <cheimes@redhat.com>
+ Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+
+diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py
+index 09ba2e826..5ff64f1cd 100644
+--- a/ipaplatform/fedora/services.py
++++ b/ipaplatform/fedora/services.py
+@@ -24,8 +24,7 @@ Contains Fedora-specific service class implementations.
+
+ from __future__ import absolute_import
+
+-import os
+-
++from ipaplatform.osinfo import osinfo
+ from ipaplatform.redhat import services as redhat_services
+
+ # Mappings from service names as FreeIPA code references to these services
+@@ -35,9 +34,7 @@ fedora_system_units = redhat_services.redhat_system_units.copy()
+ # Fedora 28 and earlier have fedora-domainname.service. Starting from
+ # Fedora 29, the service is called nis-domainname.service as defined in
+ # ipaplatform.redhat.services.
+-HAS_FEDORA_DOMAINNAME_SERVICE = os.path.isfile(
+- "/usr/lib/systemd/system/fedora-domainname.service"
+-)
++HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28
+
+ if HAS_FEDORA_DOMAINNAME_SERVICE:
+ fedora_system_units['domainname'] = 'fedora-domainname.service'
diff --git a/freeipa.spec b/freeipa.spec
index 02253f7..52b03de 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -1,10 +1,8 @@
# 389-ds-base 1.4 no longer supports i686 platform, build only client
# packages, https://bugzilla.redhat.com/show_bug.cgi?id=1544386
-%if 0%{?fedora} >= 28 || 0%{?rhel} > 7
%ifarch %{ix86}
%{!?ONLY_CLIENT:%global ONLY_CLIENT 1}
%endif
-%endif
# Define ONLY_CLIENT to only make the ipa-client and ipa-python
# subpackages
@@ -15,9 +13,12 @@
%global enable_server_option --enable-server
%endif
-# Build with ipatests
+# Build ipatests
+%if 0%{?rhel}
+ %global with_ipatests 0
+%endif
%if ! %{ONLY_CLIENT}
- %global with_ipatests 1
+ %{!?with_ipatests:%global with_ipatests 1}
%endif
%if 0%{?with_ipatests}
%global with_ipatests_option --with-ipatests
@@ -25,24 +26,29 @@
%global with_ipatests_option --without-ipatests
%endif
-%if 0%{!?with_python3:1}
-%if 0%{?rhel}
-%global with_python3 0
-%else
-%global with_python3 1
-%endif
+# Python 2/3 packages and default Python interpreter
+%if 0%{?rhel} > 7
+ %global with_default_python 3
+ %global with_python2 0
%endif
-%if 0%{?fedora} <= 29
-%global with_python2 1
-%else
-%global with_python2 0
+%if 0%{?fedora} >= 29
+ # F29 only supports Python 3 as default Python
+ %global with_default_python 3
+ %if 0%{?fedora} >= 30
+ %global with_python2 0
+ %endif
%endif
-%if 0%{?with_python3}
-%global python %{__python3}
+%{!?with_default_python:%global with_default_python 3}
+%{!?with_python2:%global with_python2 1}
+
+%if %{with_default_python} == 3
+ %global with_python3 1
+ %global python %{__python3}
%else
-%global python %{__python2}
+ %global with_python2 1
+ %global python %{__python2}
%endif
# lint is not executed during rpmbuild
@@ -53,55 +59,41 @@
%global linter_options --disable-pylint --without-jslint
%endif
-%global alt_name ipa
%if 0%{?rhel}
-# 1.15.1-7: certauth (http://krbdev.mit.edu/rt/Ticket/Display.html?id=8561)
-%global krb5_version 1.15.1-4
+%global package_name ipa
+%global alt_name freeipa
+%global krb5_version 1.16.1
+%global krb5_kdb_version 7.0
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
-%global python_netaddr_version 0.7.5-8
+%global python_netaddr_version 0.7.16
# Require 4.7.0 which brings Python 3 bindings
%global samba_version 4.7.0
-%global samba_build_version %{samba_version}
-%global selinux_policy_version 3.12.1-153
-%global slapi_nis_version 0.56.0-4
-%global python2_ldap_version 2.4.15
-%global ds_version 1.3.7.9-1
+%global selinux_policy_version 3.14.1-14
+%global slapi_nis_version 0.56.1-4
+%global python_ldap_version 3.1.0-1
+%global ds_version 1.4.0.8-1
%else
-# 1.15.1-7: certauth (http://krbdev.mit.edu/rt/Ticket/Display.html?id=8561)
-%global krb5_version 1.15.1-7
+# Fedora
+%global package_name freeipa
+%global alt_name ipa
+%global krb5_version 1.16.1
+%global krb5_kdb_version 7.0
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
%global python_netaddr_version 0.7.16
# Require 4.7.0 which brings Python 3 bindings
%global samba_version 2:4.7.0
-%global samba_build_version 2:4.2.1
# DNSSEC AVC violation, RHBZ#1537971
%global selinux_policy_version 3.13.1-283.24
-%global slapi_nis_version 0.56.2-6
+%global slapi_nis_version 0.56.1
-# Use python3-pyldap to be compatible with old python3-pyldap 2.x and new
-# python3-ldap 3.0. The python3-ldap package also provides python3-pyldap.
-%if 0%{?fedora} >= 28
-# https://pagure.io/freeipa/issue/7257 DNSSEC daemons on Python 3
-%global python2_ldap_version 3.0.0-0.4.b4
-%global python3_ldap_version 3.0.0-0.4.b4
-%else
-# syncrepl fix, https://pagure.io/freeipa/issue/7240
-%global python2_ldap_version 2.4.25-9
-%global python3_ldap_version 2.4.35.1-2
-%endif
+# fix for segfault in python3-ldap, https://pagure.io/freeipa/issue/7324
+%global python_ldap_version 3.1.0-1
-%if 0%{?fedora} >= 28
# Fix for "Crash when failing to read from SASL connection"
# https://pagure.io/389-ds-base/issue/49639
%global ds_version 1.4.0.8-1
-%else
-# 1.3.7.9-1: https://bugzilla.redhat.com/show_bug.cgi?id=1459946
-# https://bugzilla.redhat.com/show_bug.cgi?id=1511462
-# https://bugzilla.redhat.com/show_bug.cgi?id=1514033
-%global ds_version 1.3.7.9-1
-%endif
-%endif
+%endif # Fedora
# Require Dogtag PKI 10.6.1 with Python 3 and SQL NSSDB fixes for external
# CA support, https://bugzilla.redhat.com/show_bug.cgi?id=1573094
@@ -110,8 +102,6 @@
# NSS release with fix for CKA_LABEL import bug in shared SQL database.
# https://bugzilla.redhat.com/show_bug.cgi?id=1568271
%global nss_version 3.36.1-1.1
-# Require Dogtag PKI 10.6.0 with Python 3 and SQL NSSDB fixes
-%global pki_version 10.6.0-0.2
%define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
@@ -119,42 +109,49 @@
%global etc_systemd_dir %{_sysconfdir}/systemd/system
%global gettext_domain ipa
-%global VERSION 4.7.0
-
%define _hardened_build 1
-Name: freeipa
-Version: %{VERSION}
-Release: 1%{?dist}
+# Work-around fact that RPM SPEC parser does not accept
+# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
+%define IPA_VERSION 4.7.0
+%define AT_SIGN @
+# redefine IPA_VERSION only if its value matches the Autoconf placeholder
+%if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"
+ %define IPA_VERSION nonsense.to.please.RPM.SPEC.parser
+%endif
+
+Name: %{package_name}
+Version: %{IPA_VERSION}
+Release: 2%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
License: GPLv3+
-URL: https://www.freeipa.org/
-Source0: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz
-Source1: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.asc
-
+URL: http://www.freeipa.org/
+Source0: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
+Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc
Patch0001: 0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch
Patch0002: 0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch
-
-# For the timestamp trick in patch application
-BuildRequires: diffstat
+-# For the timestamp trick in patch application
+-BuildRequires: diffstat
+Patch0003: 0003-freeipa-4.7.0-restore_SELinux_context.patch
+Patch0004: 0004-freeipa-4.7.0-389-ds-base-legacy-tools-requires.patch
+Patch0005: 0005-freeipa-4.7.0-Refactor-os-release-and-platform-information.patch
+Patch0006: 0006-freeipa-4.7.0-Don-t-check-for-systemd-service.patch
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openldap-devel
# For KDB DAL version, make explicit dependency so that increase of version
# will cause the build to fail due to unsatisfied dependencies.
# DAL version change may cause code crash or memory leaks, it is better to fail early.
-%if 0%{?fedora} > 27
-BuildRequires: krb5-kdb-version = 7.0
-%else
-%if 0%{?fedora} > 25
-BuildRequires: krb5-kdb-version = 7.0
-%endif
-%endif
+BuildRequires: krb5-kdb-version = %{krb5_kdb_version}
BuildRequires: krb5-devel >= %{krb5_version}
# 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation
BuildRequires: xmlrpc-c-devel >= 1.27.4
BuildRequires: popt-devel
+BuildRequires: gcc
+BuildRequires: make
+BuildRequires: pkgconfig
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -164,10 +161,8 @@ BuildRequires: gettext-devel
BuildRequires: python2-devel
BuildRequires: python2-setuptools
%endif # with_python2
-%if 0%{?with_python3}
BuildRequires: python3-devel
BuildRequires: python3-setuptools
-%endif # with_python3
BuildRequires: systemd
# systemd-tmpfiles which is executed from make install requires apache user
BuildRequires: httpd
@@ -178,8 +173,7 @@ BuildRequires: libini_config-devel
BuildRequires: cyrus-sasl-devel
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= %{ds_version}
-BuildRequires: svrcore-devel
-BuildRequires: samba-devel >= %{samba_build_version}
+BuildRequires: samba-devel >= %{samba_version}
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libuuid-devel
@@ -189,26 +183,35 @@ BuildRequires: libsss_certmap-devel
BuildRequires: libsss_nss_idmap-devel >= 1.15.3
BuildRequires: nodejs
BuildRequires: uglify-js
-BuildRequires: rhino
BuildRequires: libverto-devel
BuildRequires: libunistring-devel
+# 0.13.0: https://bugzilla.redhat.com/show_bug.cgi?id=1584773
+# 0.13.0-2: fix for missing dependency on python-six
BuildRequires: python3-lesscpy >= 0.13.0-2
%endif # ONLY_CLIENT
#
# Build dependencies for makeapi/makeaci
-# makeapi/makeaci is using Python 2 only for now
#
-%if 0%{?with_python2}
-BuildRequires: python2-ldap >= %{python2_ldap_version}
-BuildRequires: python2-netaddr
+%if %{with_default_python} == 3
+BuildRequires: python3-cffi
+BuildRequires: python3-dns
+BuildRequires: python3-ldap >= %{python_ldap_version}
+BuildRequires: python3-libsss_nss_idmap
+BuildRequires: python3-netaddr >= %{python_netaddr_version}
+BuildRequires: python3-pyasn1
+BuildRequires: python3-pyasn1-modules
+BuildRequires: python3-six
+%else
+BuildRequires: python2-cffi
+BuildRequires: python2-dns
+BuildRequires: python2-ldap >= %{python_ldap_version}
+BuildRequires: python2-libsss_nss_idmap
+BuildRequires: python2-netaddr >= %{python_netaddr_version}
BuildRequires: python2-pyasn1
BuildRequires: python2-pyasn1-modules
-BuildRequires: python2-dns
BuildRequires: python2-six
-BuildRequires: python2-libsss_nss_idmap
-BuildRequires: python2-cffi
-%endif # with_python2
+%endif
#
# Build dependencies for wheel packaging and PyPI upload
@@ -216,16 +219,9 @@ BuildRequires: python2-cffi
%if 0%{?with_wheels}
BuildRequires: dbus-glib-devel
BuildRequires: libffi-devel
-%if 0%{?with_python2}
-BuildRequires: python2-tox
-BuildRequires: python2-twine
-BuildRequires: python2-wheel
-%endif # with_python2
-%if 0%{?with_python3}
BuildRequires: python3-tox
BuildRequires: python3-twine
BuildRequires: python3-wheel
-%endif # with_python3
%endif # with_wheels
#
@@ -236,93 +232,80 @@ BuildRequires: jsl
BuildRequires: softhsm
%if 0%{?with_python2}
-BuildRequires: python2-samba
-# 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
+BuildRequires: python2-augeas
+BuildRequires: python2-cffi
BuildRequires: python2-cryptography >= 1.6
-BuildRequires: python2-gssapi >= 1.2.0-5
-%if 0%{?fedora} >= 26
-BuildRequires: python2-pylint
-%else
-BuildRequires: pylint >= 1.7
-%endif
-BuildRequires: python2-pycodestyle
-# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
-BuildRequires: python2-polib
-BuildRequires: python2-libipa_hbac
-BuildRequires: python2-lxml
-# 5.0.0: QRCode.print_ascii
-BuildRequires: python-qrcode-core >= 5.0.0
-# 1.15: python-dns changed return type in to_text() method in PY3
+BuildRequires: python2-custodia >= 0.3.1
+BuildRequires: python2-dateutil
+BuildRequires: python2-dbus
+BuildRequires: python2-dns
BuildRequires: python2-dns >= 1.15
-BuildRequires: jsl
-BuildRequires: python2-yubico
-# pki Python package
+BuildRequires: python2-enum34
+BuildRequires: python2-gssapi >= 1.2.0-5
+BuildRequires: python2-jinja2
+BuildRequires: python2-jwcrypto >= 0.4.2
+BuildRequires: python2-ldap >= %{python_ldap_version}
+BuildRequires: python2-libipa_hbac
+BuildRequires: python2-libsss_nss_idmap
+BuildRequires: python2-lxml
+BuildRequires: python2-netaddr >= %{python_netaddr_version}
+BuildRequires: python2-netifaces
+BuildRequires: python2-paste
+%if 0%{?fedora} < 29
+# Fedora 29 workaround: Dogtag no longer packages Python 2
BuildRequires: python2-pki >= %{pki_version}
+%endif
+BuildRequires: python2-polib
+BuildRequires: python2-pyasn1
+BuildRequires: python2-pyasn1-modules
+BuildRequires: python2-pycodestyle
+BuildRequires: python2-pylint
BuildRequires: python2-pytest-multihost
BuildRequires: python2-pytest-sourceorder
-# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
-BuildRequires: python2-jwcrypto >= 0.4.2
-# 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
-BuildRequires: python2-custodia >= 0.3.1
-%if 0%{?fedora} >= 28
-BuildRequires: python2-dbus
-%else
-BuildRequires: dbus-python
-%endif
-BuildRequires: python2-dateutil
-BuildRequires: python2-enum34
-BuildRequires: python2-netifaces
+BuildRequires: python2-qrcode-core >= 5.0.0
+BuildRequires: python2-samba
+BuildRequires: python2-six
BuildRequires: python2-sss
BuildRequires: python2-sss-murmur
BuildRequires: python2-sssdconfig
-BuildRequires: python2-paste
BuildRequires: python2-systemd
-BuildRequires: python2-jinja2
-BuildRequires: python2-augeas
+BuildRequires: python2-yubico
%endif # with_python2
-%if 0%{?with_python3}
-BuildRequires: python3-samba
-# 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
+BuildRequires: python3-augeas
+BuildRequires: python3-cffi
BuildRequires: python3-cryptography >= 1.6
-BuildRequires: python3-gssapi >= 1.2.0
-BuildRequires: python3-pylint >= 1.7
-BuildRequires: python3-pycodestyle
-# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
-BuildRequires: python3-polib
-BuildRequires: python3-libipa_hbac
-BuildRequires: python3-memcached
-BuildRequires: python3-lxml
-# 5.0.0: QRCode.print_ascii
-BuildRequires: python3-qrcode-core >= 5.0.0
-# 1.15: python-dns changed return type in to_text() method in PY3
+BuildRequires: python3-custodia >= 0.3.1
+BuildRequires: python3-dateutil
+BuildRequires: python3-dbus
BuildRequires: python3-dns >= 1.15
-BuildRequires: python3-yubico
-# pki Python package
+BuildRequires: python3-gssapi >= 1.2.0
+BuildRequires: python3-jinja2
+BuildRequires: python3-jwcrypto >= 0.4.2
+BuildRequires: python3-ldap >= %{python_ldap_version}
+BuildRequires: python3-ldap >= %{python_ldap_version}
+BuildRequires: python3-libipa_hbac
+BuildRequires: python3-libsss_nss_idmap
+BuildRequires: python3-lxml
+BuildRequires: python3-netaddr >= %{python_netaddr_version}
+BuildRequires: python3-netifaces
+BuildRequires: python3-paste
BuildRequires: python3-pki >= %{pki_version}
+BuildRequires: python3-polib
+BuildRequires: python3-pyasn1
+BuildRequires: python3-pyasn1-modules
+BuildRequires: python3-pycodestyle
+BuildRequires: python3-pylint >= 1.7
BuildRequires: python3-pytest-multihost
BuildRequires: python3-pytest-sourceorder
-# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
-BuildRequires: python3-jwcrypto >= 0.4.2
-# 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
-BuildRequires: python3-custodia >= 0.3.1
-BuildRequires: python3-dbus
-BuildRequires: python3-dateutil
-BuildRequires: python3-enum34
-BuildRequires: python3-netifaces
+BuildRequires: python3-qrcode-core >= 5.0.0
+BuildRequires: python3-samba
+BuildRequires: python3-six
BuildRequires: python3-sss
BuildRequires: python3-sss-murmur
BuildRequires: python3-sssdconfig
-BuildRequires: python3-libsss_nss_idmap
-BuildRequires: python3-paste
BuildRequires: python3-systemd
-BuildRequires: python3-jinja2
-BuildRequires: python3-augeas
-BuildRequires: python3-netaddr
-BuildRequires: python3-pyasn1
-BuildRequires: python3-pyasn1-modules
-BuildRequires: python3-pyldap >= %{python3_ldap_version}
-%endif # with_python3
+BuildRequires: python3-yubico
%endif # with_lint
#
@@ -350,12 +333,12 @@ Group: System Environment/Base
Requires: %{name}-server-common = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
-%if 0%{?with_python3}
+%if %{with_default_python} == 3
Requires: python3-ipaserver = %{version}-%{release}
-Requires: python3-pyldap >= %{python3_ldap_version}
+Requires: python3-ldap >= %{python_ldap_version}
%else
Requires: python2-ipaserver = %{version}-%{release}
-Requires: python2-ldap >= %{python2_ldap_version}
+Requires: python2-ldap >= %{python_ldap_version}
%endif
Requires: 389-ds-base >= %{ds_version}
Requires: 389-ds-base-legacy-tools >= %{ds_version}
@@ -368,7 +351,7 @@ Requires: krb5-pkinit-openssl >= %{krb5_version}
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: chrony
Requires: httpd >= 2.4.6-31
-%if 0%{with_python3}
+%if %{with_default_python} == 3
Requires(preun): python3
Requires(postun): python3
Requires: python3-gssapi >= 1.2.0-5
@@ -394,9 +377,12 @@ Requires(post): systemd-units
Requires: selinux-policy >= %{selinux_policy_version}
Requires(post): selinux-policy-base >= %{selinux_policy_version}
Requires: slapi-nis >= %{slapi_nis_version}
+# jss is an indirect dependency. 4.4.5 fixes sub CA replication bug,
+# see https://pagure.io/freeipa/issue/7536
+# see https://pagure.io/freeipa/issue/7590
+Requires: jss >= 4.4.5-1
Requires: pki-ca >= %{pki_version}
Requires: pki-kra >= %{pki_version}
-Requires: pki-symkey >= %{pki_version}
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires: policycoreutils >= 2.1.12-5
@@ -440,8 +426,8 @@ and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.
-%if 0%{?with_python2} && 0%{?fedora} <= 28
-
+%if 0%{?with_python2} && 0%{?fedora} < 29
+# Fedora 29 workaround: don't build python2-ipaserver, python2-pki is n/a
%package -n python2-ipaserver
Summary: Python libraries used by IPA server
Group: System Environment/Libraries
@@ -450,23 +436,19 @@ BuildArch: noarch
%{!?python_provide:Provides: python-ipaserver = %{version}-%{release}}
Requires: %{name}-server-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
-Requires: python2-ipaclient = %{version}-%{release}
-Requires: python2-custodia >= 0.3.1
-Requires: python2-ldap >= %{python2_ldap_version}
-Requires: python2-lxml
-Requires: python2-gssapi >= 1.2.0-5
-Requires: python2-sssdconfig
-Requires: python2-pyasn1 >= 0.3.2-2
-%if 0%{?fedora} >= 28
-BuildRequires: python2-dbus
-%else
-BuildRequires: dbus-python
-%endif
-Requires: python2-dns >= 1.15
-Requires: python2-kdcproxy >= 0.3
-Requires: rpm-libs
-Requires: python2-pki >= %{pki_version}
Requires: python2-augeas
+Requires: python2-custodia >= 0.3.1
+Requires: python2-dbus
+Requires: python2-dns >= 1.15
+Requires: python2-gssapi >= 1.2.0-5
+Requires: python2-ipaclient = %{version}-%{release}
+Requires: python2-kdcproxy >= 0.3
+Requires: python2-ldap >= %{python_ldap_version}
+Requires: python2-lxml
+Requires: python2-pki >= %{pki_version}
+Requires: python2-pyasn1 >= 0.3.2-2
+Requires: python2-sssdconfig
+Requires: rpm-libs
%description -n python2-ipaserver
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -476,9 +458,7 @@ features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.
-%endif # with_python2 && fedora <= 28
-
-%if 0%{?with_python3}
+%endif # with_python2 and Fedora < 29
%package -n python3-ipaserver
Summary: Python libraries used by IPA server
@@ -487,20 +467,24 @@ BuildArch: noarch
%{?python_provide:%python_provide python3-ipaserver}
Requires: %{name}-server-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
-Requires: python3-ipaclient = %{version}-%{release}
-Requires: python3-custodia >= 0.3.1
+%if 0%{?fedora} >= 29
+Conflicts: python2-ipaserver
+Obsoletes: python2-ipaserver < %{version}
+%endif
# we need pre-requires since earlier versions may break upgrade
-Requires(pre): python3-pyldap >= %{python3_ldap_version}
-Requires: python3-lxml
-Requires: python3-gssapi >= 1.2.0
-Requires: python3-sssdconfig
-Requires: python3-pyasn1 >= 0.3.2-2
+Requires(pre): python3-ldap >= %{python_ldap_version}
+Requires: python3-augeas
+Requires: python3-custodia >= 0.3.1
Requires: python3-dbus
Requires: python3-dns >= 1.15
+Requires: python3-gssapi >= 1.2.0
+Requires: python3-ipaclient = %{version}-%{release}
Requires: python3-kdcproxy >= 0.3
-Requires: python3-augeas
-Requires: rpm-libs
+Requires: python3-lxml
Requires: python3-pki >= %{pki_version}
+Requires: python3-pyasn1 >= 0.3.2-2
+Requires: python3-sssdconfig
+Requires: rpm-libs
%description -n python3-ipaserver
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -510,8 +494,6 @@ features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.
-%endif # with_python3
-
%package server-common
Summary: Common files used by IPA server
@@ -570,7 +552,7 @@ Requires: samba >= %{samba_version}
Requires: samba-winbind
Requires: libsss_idmap
-%if 0%{?with_python3}
+%if %{with_default_python} == 3
Requires(post): python3
Requires: python3-samba
Requires: python3-libsss_nss_idmap
@@ -580,7 +562,7 @@ Requires(post): python2
Requires: python2-samba
Requires: python2-libsss_nss_idmap
Requires: python2-sss
-%endif # with_python3
+%endif # with_default_python
# We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5
# on the installes where server-trust-ad subpackage is installed because
@@ -607,17 +589,15 @@ Summary: IPA authentication for use on clients
Group: System Environment/Base
Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
-%if 0%{?with_python3}
+%if %{with_default_python} == 3
Requires: python3-gssapi >= 1.2.0-5
Requires: python3-ipaclient = %{version}-%{release}
-Requires: python3-pyldap >= %{python3_ldap_version}
-Requires: python3-sssdconfig
+Requires: python3-ldap >= %{python_ldap_version}
Requires: python3-sssdconfig
%else
Requires: python2-gssapi >= 1.2.0-5
Requires: python2-ipaclient = %{version}-%{release}
-Requires: python2-ldap >= %{python2_ldap_version}
-Requires: python2-sssdconfig
+Requires: python2-ldap >= %{python_ldap_version}
Requires: python2-sssdconfig
%endif
Requires: cyrus-sasl-gssapi%{?_isa}
@@ -666,7 +646,7 @@ If your network uses IPA for authentication, this package should be
installed on every client machine.
This package provides command-line tools for IPA administrators.
-%if 0%{?with_python2} && 0%{?fedora} <= 29
+%if 0%{?with_python2}
%package -n python2-ipaclient
Summary: Python libraries used by IPA client
@@ -677,9 +657,9 @@ BuildArch: noarch
Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
Requires: python2-ipalib = %{version}-%{release}
+Requires: python2-augeas
Requires: python2-dns >= 1.15
Requires: python2-jinja2
-Requires: python2-augeas
%description -n python2-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -690,9 +670,7 @@ and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.
-%endif # with_python2 && fedora <= 29
-
-%if 0%{?with_python3}
+%endif # with_python2
%package -n python3-ipaclient
Summary: Python libraries used by IPA client
@@ -702,9 +680,9 @@ BuildArch: noarch
Requires: %{name}-client-common = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
Requires: python3-ipalib = %{version}-%{release}
+Requires: python3-augeas
Requires: python3-dns >= 1.15
Requires: python3-jinja2
-Requires: python3-augeas
%description -n python3-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -715,8 +693,6 @@ and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.
-%endif # with_python3
-
%package client-common
Summary: Common files used by IPA client
@@ -744,7 +720,7 @@ BuildArch: noarch
Obsoletes: %{name}-python < 4.2.91
Provides: %{name}-python = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
-%if 0%{?with_python3}
+%if %{with_default_python} == 3
Requires: python3-ipalib = %{version}-%{release}
%else
Requires: python2-ipalib = %{version}-%{release}
@@ -768,8 +744,7 @@ python2-ipalib and %{name}-common. Packages still depending on
%{name}-python should be fixed to depend on python2-ipaclient or
%{name}-common instead.
-
-%if 0%{?with_python2} && 0%{?fedora} <= 29
+%if 0%{?with_python2}
%package -n python2-ipalib
Summary: Python libraries used by IPA
@@ -785,35 +760,30 @@ Provides: python2-ipaplatform = %{version}-%{release}
%{?python_provide:%python_provide python2-ipaplatform}
%{!?python_provide:Provides: python-ipaplatform = %{version}-%{release}}
Requires: %{name}-common = %{version}-%{release}
-Requires: python2-gssapi >= 1.2.0-5
-Requires: gnupg
+Requires: gnupg2
Requires: keyutils
Requires: python2 >= 2.7.9
-Requires: python2-cryptography >= 1.6
-Requires: python2-netaddr >= %{python_netaddr_version}
-Requires: python2-libipa_hbac
-Requires: python-qrcode-core >= 5.0.0
-Requires: python2-pyasn1 >= 0.3.2-2
-Requires: python2-pyasn1-modules >= 0.3.2-2
-Requires: python2-dateutil
-Requires: python2-yubico >= 1.2.3
-Requires: python2-sss-murmur
-%if 0%{?fedora} >= 28
-BuildRequires: python2-dbus
-%else
-BuildRequires: dbus-python
-%endif
-Requires: python2-setuptools
-Requires: python2-six
-# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
-Requires: python2-jwcrypto >= 0.4.2
Requires: python2-cffi
-Requires: python2-ldap >= %{python2_ldap_version}
-Requires: python2-requests
+Requires: python2-cryptography >= 1.6
+Requires: python2-dateutil
+Requires: python2-dbus
Requires: python2-dns >= 1.15
Requires: python2-enum34
+Requires: python2-gssapi >= 1.2.0-5
+Requires: python2-jwcrypto >= 0.4.2
+Requires: python2-ldap >= %{python_ldap_version}
+Requires: python2-libipa_hbac
+Requires: python2-netaddr >= %{python_netaddr_version}
Requires: python2-netifaces >= 0.10.4
-Requires: pyusb
+Requires: python2-pyasn1 >= 0.3.2-2
+Requires: python2-pyasn1-modules >= 0.3.2-2
+Requires: python2-pyusb
+Requires: python2-qrcode-core >= 5.0.0
+Requires: python2-requests
+Requires: python2-setuptools
+Requires: python2-six
+Requires: python2-sss-murmur
+Requires: python2-yubico >= 1.2.3
Conflicts: %{alt_name}-python < %{version}
@@ -825,9 +795,7 @@ features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are using IPA, you need to install this package.
-%endif # with_python2 && fedora <= 29
-
-%if 0%{?with_python3}
+%endif # with_python2
%package -n python3-ipalib
Summary: Python3 libraries used by IPA
@@ -839,31 +807,29 @@ Provides: python3-ipapython = %{version}-%{release}
Provides: python3-ipaplatform = %{version}-%{release}
%{?python_provide:%python_provide python3-ipaplatform}
Requires: %{name}-common = %{version}-%{release}
-Requires: python3-gssapi >= 1.2.0
-Requires: gnupg
+# we need pre-requires since earlier versions may break upgrade
+Requires(pre): python3-ldap >= %{python_ldap_version}
+Requires: gnupg2
Requires: keyutils
+Requires: python3-cffi
Requires: python3-cryptography >= 1.6
-Requires: python3-netaddr >= %{python_netaddr_version}
+Requires: python3-dateutil
+Requires: python3-dbus
+Requires: python3-dns >= 1.15
+Requires: python3-gssapi >= 1.2.0
+Requires: python3-jwcrypto >= 0.4.2
Requires: python3-libipa_hbac
-Requires: python3-qrcode-core >= 5.0.0
+Requires: python3-netaddr >= %{python_netaddr_version}
+Requires: python3-netifaces >= 0.10.4
Requires: python3-pyasn1 >= 0.3.2-2
Requires: python3-pyasn1-modules >= 0.3.2-2
-Requires: python3-dateutil
-# fixes searching for yubikeys in python3
-Requires: python3-yubico >= 1.3.2-7
-Requires: python3-sss-murmur
-Requires: python3-dbus
+Requires: python3-pyusb
+Requires: python3-qrcode-core >= 5.0.0
+Requires: python3-requests
Requires: python3-setuptools
Requires: python3-six
-# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
-Requires: python3-jwcrypto >= 0.4.2
-Requires: python3-cffi
-# we need pre-requires since earlier versions may break upgrade
-Requires(pre): python3-pyldap >= %{python3_ldap_version}
-Requires: python3-requests
-Requires: python3-dns >= 1.15
-Requires: python3-netifaces >= 0.10.4
-Requires: python3-pyusb
+Requires: python3-sss-murmur
+Requires: python3-yubico >= 1.3.2-7
%description -n python3-ipalib
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -873,8 +839,6 @@ features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are using IPA with Python 3, you need to install this package.
-%endif # with_python3
-
%package common
Summary: Common files used by IPA
@@ -899,8 +863,8 @@ If you are using IPA, you need to install this package.
%if 0%{?with_ipatests}
-%if 0%{?with_python2} && 0%{?fedora} <= 28
-
+%if 0%{?with_python2} && 0%{?fedora} < 29
+# Fedora 29 workaround: don't build python2-ipaserver, depends on ipaserver
%package -n python2-ipatests
Summary: IPA tests and test tools
BuildArch: noarch
@@ -910,24 +874,19 @@ Provides: %{name}-tests = %{version}-%{release}
%{!?python_provide:Provides: python-ipatests = %{version}-%{release}}
Requires: python2-ipaclient = %{version}-%{release}
Requires: python2-ipaserver = %{version}-%{release}
-Requires: tar
-Requires: xz
-Requires: pytest >= 2.6
-Requires: python2-paste
+Requires: iptables
+Requires: ldns-utils
Requires: python2-coverage
-# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
+Requires: python2-cryptography >= 1.6
+Requires: python2-mock
+Requires: python2-paste
Requires: python2-polib
+Requires: python2-pytest >= 2.6
Requires: python2-pytest-multihost >= 0.5
Requires: python2-pytest-sourceorder
-Requires: ldns-utils
-Requires: python2-cryptography >= 1.6
-Requires: iptables
-Requires: python2-mock
-%if 0%{?fedora} == 27
-# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1564527
-# Tests are failing because ntpd restarts segfaults on some CPU archs.
-Requires: glibc >= 2.26-24
-%endif
+Requires: python2-sssdconfig
+Requires: tar
+Requires: xz
Provides: %{alt_name}-tests = %{version}
Conflicts: %{alt_name}-tests
@@ -941,9 +900,7 @@ features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
This package contains tests that verify IPA functionality.
-%endif # with_python2 && fedora <= 28
-
-%if 0%{?with_python3}
+%endif # with_python2 and Fedora < 29
%package -n python3-ipatests
Summary: IPA tests and test tools
@@ -951,22 +908,21 @@ BuildArch: noarch
%{?python_provide:%python_provide python3-ipatests}
Requires: python3-ipaclient = %{version}-%{release}
Requires: python3-ipaserver = %{version}-%{release}
-Requires: tar
-Requires: xz
-Requires: python3-pytest >= 2.6
+%if 0%{?fedora} >= 29
+Conflicts: python2-ipatests
+Obsoletes: python2-ipatests < %{version}
+%endif
+Requires: iptables
+Requires: ldns-utils
Requires: python3-coverage
+Requires: python3-cryptography >= 1.6
Requires: python3-polib
+Requires: python3-pytest >= 2.6
Requires: python3-pytest-multihost >= 0.5
Requires: python3-pytest-sourceorder
-Requires: ldns-utils
Requires: python3-sssdconfig
-Requires: python3-cryptography >= 1.6
-Requires: iptables
-%if 0%{?fedora} == 27
-# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1564527
-# Tests are failing because ntpd restarts segfaults on some CPU archs.
-Requires: glibc >= 2.26-24
-%endif
+Requires: tar
+Requires: xz
%description -n python3-ipatests
IPA is an integrated solution to provide centrally managed Identity (users,
@@ -976,82 +932,65 @@ features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
This package contains tests that verify IPA functionality under Python 3.
-%endif # with_python3
-
%endif # with_ipatests
%prep
-# Fedora spec file only: START
-# Update timestamps on the files touched by a patch, to avoid non-equal
-# .pyc/.pyo files across the multilib peers within a build, where "Level"
-# is the patch prefix option (e.g. -p1)
-# Taken from specfile for sssd and python-simplejson
-UpdateTimestamps() {
- Level=$1
- PatchFile=$2
-
- # Locate the affected files:
- for f in $(diffstat $Level -l $PatchFile); do
- # Set the files to have the same timestamp as that of the patch:
- touch -r $PatchFile $f
- done
-}
-
-%setup -n freeipa-%{VERSION} -q
-
-for p in %patches ; do
- %__patch -p1 -i $p
- UpdateTimestamps -p1 $p
-done
-# Fedora spec file only: END
-
-%if 0%{?with_python3}
+%setup -n freeipa-%{version} -q
# Workaround: We want to build Python things twice. To be sure we do not mess
# up something, do two separate builds in separate directories.
-cp -r %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python3
-%endif # with_python3
+# freeipa-$VER-python3 for Python 3 build
+# freeipa-$VER-python2 for Python 2 build
+# freeipa-$VER is a symlink to default Python version
+%if %{with_default_python} == 3
+%if 0%{?with_python2}
+cp -r %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python2
+%endif
+mv %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python3
+ln -sr %{_builddir}/freeipa-%{version}-python3 %{_builddir}/freeipa-%{version}
+%else
+# Python 2 default
+cp -r %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python3
+mv %{_builddir}/freeipa-%{version} %{_builddir}/freeipa-%{version}-python2
+ln -sr %{_builddir}/freeipa-%{version}-python2 %{_builddir}/freeipa-%{version}
+%endif
%build
-# UI compilation segfaulted on some arches when the stack was lower (#1040576)
-export JAVA_STACK_SIZE="16m"
# PATH is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1005235
export PATH=/usr/bin:/usr/sbin:$PATH
-export PYTHON=%{__python2}
-%if ! 0%{?with_python3}
+
+%if 0%{?with_python2}
+export PYTHON=%{__python2}
+pushd %{_builddir}/freeipa-%{version}-python2
# Workaround: make sure all shebangs are pointing to Python 2
# This should be solved properly using setuptools
# and this hack should be removed.
find \
- ! -name '*.pyc' -a \
- ! -name '*.pyo' -a \
- -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
- -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
-%endif # ! with_python3
+ ! -name '*.pyc' -a \
+ ! -name '*.pyo' -a \
+ -type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
+ -exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%{__python2}|' {} \;
-aclocal --force
-autoconf --force
-%configure --with-vendor-suffix=-%{release} \
- %{enable_server_option} \
- %{with_ipatests_option} \
- %{linter_options}
-
-# -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
-%make_build -Onone
-
-%if 0%{?with_python3}
-export PYTHON=%{__python3}
-pushd %{_builddir}/freeipa-%{version}-python3
-aclocal --force
-autoconf --force
%configure --with-vendor-suffix=-%{release} \
%{enable_server_option} \
%{with_ipatests_option} \
%{linter_options}
popd
-%endif # with_python3
+%endif # ! with_python2
+
+export PYTHON=%{__python3}
+pushd %{_builddir}/freeipa-%{version}-python3
+%configure --with-vendor-suffix=-%{release} \
+ %{enable_server_option} \
+ %{with_ipatests_option} \
+ %{linter_options}
+popd
+
+# run build in default dir
+# -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
+%make_build -Onone
%check
@@ -1071,85 +1010,63 @@ make %{?_smp_mflags} check VERBOSE=yes LIBDIR=%{_libdir}
# Exception to this rule are test programs which where want to install
# Python2/3 versions at the same time so we need to rename them. Yuck.
-%if 0%{?with_python3}
-# Python 3 installation needs to be done first. Subsequent Python 2 install
-# will overwrite /usr/bin/ipa and other scripts with variants using
-# python2 shebang.
+# Python 3 packages and commands
pushd %{_builddir}/freeipa-%{version}-python3
%{__make} python_install DESTDIR=%{?buildroot} INSTALL="%{__install} -p"
popd
-
%if 0%{?with_ipatests}
mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version}
mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version}
mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version}
-ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
-ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
-ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
+ln -rs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
+ln -rs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
+ln -rs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
%endif # with_ipatests
-%endif # with_python3
-
+# Python 2 packages and commands
%if 0%{?with_python2}
-
-# Python 2 installation
-%make_install
-
-%if 0%{?with_ipatests}
-
-%if 0%{?fedora} <= 28
+pushd %{_builddir}/freeipa-%{version}-python2
+%{__make} python_install DESTDIR=%{?buildroot} INSTALL="%{__install} -p"
+popd
+%if 0%{?with_python2} && 0%{?fedora} < 29
+# Fedora 29 workaround: don't ship ipatests binaries
mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version}
mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python2_version}
mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python2_version}
-ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2
-ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2
-ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2
-%else
-# Remove python2 specific files for Fedora-29 and newer
-rm %{buildroot}%{_bindir}/ipa-run-tests
-rm %{buildroot}%{_bindir}/ipa-test-config
-rm %{buildroot}%{_bindir}/ipa-test-task
-%endif # fedora <= 28
-
-%endif # with_ipatests
-
+ln -rs %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2
+ln -rs %{buildroot}%{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2
+ln -rs %{buildroot}%{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2
+%endif # with_ipatests and Fedora < 29
%endif # with_python2
+# default installation
+# This installs all Python packages twice and overrides the ipa-test
+# commands. We'll fix the command links later with ln --force.
+%make_install
+
# Decide which Python (2 or 3) should be used as default for tests
%if 0%{?with_ipatests}
-%if 0%{?with_python3}
-# Building with python3 => make it default for tests
-ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests
-ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config
-ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task
+%if %{with_default_python} == 3
+ln -frs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests
+ln -frs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config
+ln -frs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task
%else
-%if 0%{?fedora} <= 28
-# Building python2 only => make it default for tests
-ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
-ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
-ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
-%endif # fedora <= 28
-%endif # with_python3
+ln -frs %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
+ln -frs %{buildroot}%{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
+ln -frs %{buildroot}%{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
+%endif # with_default_python
%endif # with_ipatests
-# Move /usr/bin/ipa out of the way
-# XXX: ipa cli is not stable enough for enabling py3 support, keep it in py2
-# in any case
-mv %{buildroot}%{_bindir}/ipa %{buildroot}%{_bindir}/ipa-py2
-
-# Use Python 2 version of /usr/bin/ipa
-# XXX: see comment above
-mv %{buildroot}%{_bindir}/ipa-py2 %{buildroot}%{_bindir}/ipa
-
# remove files which are useful only for make uninstall
find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;
-%if 0%{?with_ipatests} && 0%{?fedora} > 28
-# Remove python2 specific files for Fedora-29 and newer
-rm -rf %{buildroot}%{python2_sitelib}/ipaserver*
-rm -rf %{buildroot}%{python2_sitelib}/ipatests*
-%endif # with_ipatests && fedora <= 28
-
+%if 0%{?with_ipatests} && 0%{?with_python2} && 0%{?fedora} >= 29
+# Fedora 29 workaround: Remove Python 2 ipaserver and ipatests
+rm -rf %{buildroot}%{python2_sitelib}/ipaserver
+rm -rf %{buildroot}%{python2_sitelib}/ipaserver-*.egg-info
+rm -rf %{buildroot}%{python2_sitelib}/ipatests
+rm -rf %{buildroot}%{python2_sitelib}/ipatests-*.egg-info
+%endif # with python2 ipatests and Fedora >= 29
%find_lang %{gettext_domain}
@@ -1198,8 +1115,10 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
mkdir -p %{buildroot}%{_sysconfdir}/cron.d
%endif # ONLY_CLIENT
-# Collect templates and filter out non-server ones
-find %{buildroot}%{_usr}/share/ipa -maxdepth 1 -name '*.template' -a ! -name 'freeipa.template' -fprintf server-templates '%{_usr}/share/ipa/%f\n'
+
+%clean
+rm -rf %{buildroot}
+
%if ! %{ONLY_CLIENT}
@@ -1466,17 +1385,15 @@ fi
%{_mandir}/man1/ipa-winsync-migrate.1*
%{_mandir}/man1/ipa-pkinit-manage.1*
-%if 0%{?with_python2} && 0%{?fedora} <= 28
-
+%if 0%{?with_python2} && 0%{?fedora} < 29
+# Fedora 29 workaround: don't build python2-ipaserver, python2-pki is n/a
%files -n python2-ipaserver
%doc README.md Contributors.txt
%license COPYING
%{python2_sitelib}/ipaserver
%{python2_sitelib}/ipaserver-*.egg-info
-%endif # with_python2 && fedora <= 28
-
-%if 0%{?with_python3}
+%endif # with_python2 and Fedora < 29
%files -n python3-ipaserver
%doc README.md Contributors.txt
@@ -1484,10 +1401,8 @@ fi
%{python3_sitelib}/ipaserver
%{python3_sitelib}/ipaserver-*.egg-info
-%endif # with_python3
-
-%files server-common -f server-templates
+%files server-common
%doc README.md Contributors.txt
%license COPYING
%ghost %verify(not owner group) %dir %{_sharedstatedir}/kdcproxy
@@ -1502,6 +1417,7 @@ fi
%{_usr}/share/ipa/kdcproxy.wsgi
%{_usr}/share/ipa/*.ldif
%{_usr}/share/ipa/*.uldif
+%{_usr}/share/ipa/*.template
%dir %{_usr}/share/ipa/advise
%dir %{_usr}/share/ipa/advise/legacy
%{_usr}/share/ipa/advise/legacy/*.template
@@ -1620,8 +1536,7 @@ fi
%{_mandir}/man1/ipa-certupdate.1*
%{_mandir}/man1/ipa-join.1*
-
-%if 0%{?with_python2} && 0%{?fedora} <= 29
+%if 0%{?with_python2}
%files -n python2-ipaclient
%doc README.md Contributors.txt
@@ -1645,28 +1560,26 @@ fi
%{python2_sitelib}/ipaclient/csrgen/templates/*.tmpl
%{python2_sitelib}/ipaclient-*.egg-info
-%endif # with_python && fedora <= 29
-
-%if 0%{?with_python3}
+%endif # with_python2
%files -n python3-ipaclient
%doc README.md Contributors.txt
%license COPYING
%dir %{python3_sitelib}/ipaclient
%{python3_sitelib}/ipaclient/*.py
-%{python3_sitelib}/ipaclient/__pycache__
+%{python3_sitelib}/ipaclient/__pycache__/*.py*
%dir %{python3_sitelib}/ipaclient/install
%{python3_sitelib}/ipaclient/install/*.py
-%{python3_sitelib}/ipaclient/install/__pycache__
+%{python3_sitelib}/ipaclient/install/__pycache__/*.py*
%dir %{python3_sitelib}/ipaclient/plugins
%{python3_sitelib}/ipaclient/plugins/*.py
-%{python3_sitelib}/ipaclient/plugins/__pycache__
+%{python3_sitelib}/ipaclient/plugins/__pycache__/*.py*
%dir %{python3_sitelib}/ipaclient/remote_plugins
%{python3_sitelib}/ipaclient/remote_plugins/*.py
-%{python3_sitelib}/ipaclient/remote_plugins/__pycache__
+%{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
%dir %{python3_sitelib}/ipaclient/remote_plugins/2_*
%{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
-%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__
+%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
%dir %{python3_sitelib}/ipaclient/csrgen
%dir %{python3_sitelib}/ipaclient/csrgen/profiles
%{python3_sitelib}/ipaclient/csrgen/profiles/*.json
@@ -1676,8 +1589,6 @@ fi
%{python3_sitelib}/ipaclient/csrgen/templates/*.tmpl
%{python3_sitelib}/ipaclient-*.egg-info
-%endif # with_python3
-
%files client-common
%doc README.md Contributors.txt
@@ -1700,14 +1611,15 @@ fi
%dir %{_localstatedir}/lib/ipa-client/pki
%dir %{_localstatedir}/lib/ipa-client/sysrestore
%{_mandir}/man5/default.conf.5*
-%{_usr}/share/ipa/client/freeipa.template
+%dir %{_usr}/share/ipa/client
+%{_usr}/share/ipa/client/*.template
%files python-compat
%doc README.md Contributors.txt
%license COPYING
-%if 0%{?with_python2} && 0%{?fedora} <= 29
+%if 0%{?with_python2}
%files -n python2-ipalib
%doc README.md Contributors.txt
@@ -1727,7 +1639,7 @@ fi
%{python2_sitelib}/ipaplatform-*.egg-info
%{python2_sitelib}/ipaplatform-*-nspkg.pth
-%endif # with_python2 && fedora <= 29
+%endif # with_python2
%files common -f %{gettext_domain}.lang
%doc README.md Contributors.txt
@@ -1735,8 +1647,6 @@ fi
%dir %{_usr}/share/ipa
-%if 0%{?with_python3}
-
%files -n python3-ipalib
%doc README.md Contributors.txt
%license COPYING
@@ -1749,62 +1659,66 @@ fi
%{python3_sitelib}/ipaplatform-*.egg-info
%{python3_sitelib}/ipaplatform-*-nspkg.pth
-%endif # with_python3
-
%if 0%{?with_ipatests}
-%if 0%{?with_python2} && 0%{?fedora} <= 28
-
+%if 0%{?with_python2} && 0%{?fedora} < 29
+# Fedora 29 workaround: don't build python2-ipatests, depends on ipaserver
%files -n python2-ipatests
%doc README.md Contributors.txt
%license COPYING
%{python2_sitelib}/ipatests
%{python2_sitelib}/ipatests-*.egg-info
-%{_bindir}/ipa-run-tests
-%{_bindir}/ipa-test-config
-%{_bindir}/ipa-test-task
%{_bindir}/ipa-run-tests-2
%{_bindir}/ipa-test-config-2
%{_bindir}/ipa-test-task-2
%{_bindir}/ipa-run-tests-%{python2_version}
%{_bindir}/ipa-test-config-%{python2_version}
%{_bindir}/ipa-test-task-%{python2_version}
+%if %{with_default_python} != 3
+%{_bindir}/ipa-run-tests
+%{_bindir}/ipa-test-config
+%{_bindir}/ipa-test-task
%{_mandir}/man1/ipa-run-tests.1*
%{_mandir}/man1/ipa-test-config.1*
%{_mandir}/man1/ipa-test-task.1*
+%endif
-%endif # with_python2 && fedora <= 28
-
-%if 0%{?with_python3}
+%endif # with_python2 and Fedora < 29
%files -n python3-ipatests
%doc README.md Contributors.txt
%license COPYING
-
%{python3_sitelib}/ipatests
%{python3_sitelib}/ipatests-*.egg-info
-%if ! (0%{?with_python2} && 0%{?fedora} <= 28)
-%{_bindir}/ipa-run-tests
-%{_bindir}/ipa-test-config
-%{_bindir}/ipa-test-task
-%endif # ! (with_python2 && fedora <= 28)
%{_bindir}/ipa-run-tests-3
%{_bindir}/ipa-test-config-3
%{_bindir}/ipa-test-task-3
%{_bindir}/ipa-run-tests-%{python3_version}
%{_bindir}/ipa-test-config-%{python3_version}
%{_bindir}/ipa-test-task-%{python3_version}
+%if %{with_default_python} == 3
+%{_bindir}/ipa-run-tests
+%{_bindir}/ipa-test-config
+%{_bindir}/ipa-test-task
%{_mandir}/man1/ipa-run-tests.1*
%{_mandir}/man1/ipa-test-config.1*
%{_mandir}/man1/ipa-test-task.1*
-
-%endif # with_python3
+%endif
%endif # with_ipatests
+
%changelog
-* Thu Jul 26 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-0
+* Mon Sep 3 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-2
+- Restore SELinux context of session_dir /etc/httpd/alias (pagure#7662)
+- Restore SELinux context of template_dir /var/log/dirsrv/slapd-X (pagure#7662)
+- Add "389-ds-base-legacy-tools" to requires
+- Refactor os-release and platform information (#1609475)
+- Don't check for systemd service (#1609475)
+- Switched to upstream spec file with small adaptions
+
+* Thu Jul 26 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-1
- Update to upstream 4.7.0
- New BuildRequires for nodejs and uglify-js
- New Requires for 389-ds-base-legacy-tools in server (RHBZ#1606541)