Update to upstream 4.7.0

- New BuildRequires for nodejs and uglify-js - New Requires for 389-ds-base-legacy-tools in server (RHBZ#1606541) - Do not build python2-ipaserver and python2-ipatests for Fedora 29 and up - Do not build any python2 packages for Fedora 30 - Added ipatest man pages to python3-ipatests packages also - Added ipatest bindir links to python3-ipatests for Fedora up to 28 - Dropped explicit copy of freeipa.template, install is doing this now - Added upstream fix: (f3faecb) Fix $-style format string in ipa_ldap_init - Added upstream fix: (4b592fe,1a7baa2) Added reason to raise of errors.NotFound
2018-07-26 13:37:30 +02:00 · 2018-07-26 13:37:30 +02:00 · f6a1c1b62c
commit f6a1c1b62c
parent d895dd1288
5 changed files with 180 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@ -66,3 +66,5 @@
 /freeipa-4.6.90.pre1.tar.gz.asc
 /freeipa-4.6.90.pre2.tar.gz
 /freeipa-4.6.90.pre2.tar.gz.asc
+/freeipa-4.7.0.tar.gz
+/freeipa-4.7.0.tar.gz.asc
--- a/0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch
+++ b/0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch
@ -0,0 +1,29 @@
+From f3faecbbb49704c182b310fb43cec9171c08ccf7 Mon Sep 17 00:00:00 2001
+From: Thomas Woerner <twoerner@redhat.com>
+Date: Fri, 20 Jul 2018 14:57:26 +0200
+Subject: [PATCH] Fix $-style format string in ipa_ldap_init
+ (util/ipa_ldap.c)
+
+The second argument was not used, but the first one was used twice.
+
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ util/ipa_ldap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/ipa_ldap.c b/util/ipa_ldap.c
+index 789ea0d8c..859eaf1bc 100644
+--- a/util/ipa_ldap.c
+++ b/util/ipa_ldap.c
+@@ -39,7 +39,7 @@ int ipa_ldap_init(LDAP **ld, const char *ldap_uri)
+     if (ret != LDAP_SUCCESS) {
+         fprintf(
+             stderr,
+-            _("Unable to initialize connection to ldap server %1$s: %1$s\n"),
+            _("Unable to initialize connection to ldap server %1$s: %2$s\n"),
+             ldap_uri,
+             ldap_err2string(ret)
+         );
+-- 
+2.17.1
+
--- a/0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch
+++ b/0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch
@ -0,0 +1,57 @@
+From 4b592fee24bf0180c84036b0db3abccc101b46c3 Mon Sep 17 00:00:00 2001
+From: Thomas Woerner <twoerner@redhat.com>
+Date: Tue, 24 Jul 2018 17:18:17 +0200
+Subject: [PATCH 1/2] ipaserver/plugins/cert.py: Added reason to raise of
+ errors.NotFound
+
+In the case that enabledService is not found ipaConfigString kdc entry, a
+NotFound error was raised without setting the reason. This resulted in a
+traceback.
+---
+ ipaserver/plugins/cert.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
+index 8d43b9f46..a698991b5 100644
+--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
+@@ -301,7 +301,7 @@ def ca_kdc_check(api_instance, hostname):
+         ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']}
+ 
+         if 'enabledservice' not in ipaconfigstring:
+-            raise errors.NotFound()
+            raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry")
+ 
+     except errors.NotFound:
+         raise errors.ACIError(
+-- 
+2.17.1
+
+From 1a7baa2543cae6f3da1b9d674dbaeefdfc83c37a Mon Sep 17 00:00:00 2001
+From: Thomas Woerner <twoerner@redhat.com>
+Date: Wed, 25 Jul 2018 10:22:59 +0200
+Subject: [PATCH 2/2] ipaserver/plugins/cert.py: Make the new reason for
+ errors.NotFound translatable
+
+Related to: 5545b7f6172b87b0539234a64ea1eaf61c9ee517
+---
+ ipaserver/plugins/cert.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
+index a698991b5..ffe51597e 100644
+--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
+@@ -301,7 +301,8 @@ def ca_kdc_check(api_instance, hostname):
+         ipaconfigstring = {val.lower() for val in kdc_entry['ipaConfigString']}
+ 
+         if 'enabledservice' not in ipaconfigstring:
+-            raise errors.NotFound(reason="enabledService not in ipaConfigString kdc entry")
+            raise errors.NotFound(
+                reason=_("enabledService not in ipaConfigString kdc entry"))
+ 
+     except errors.NotFound:
+         raise errors.ACIError(
+-- 
+2.17.1
+
--- a/freeipa.spec
+++ b/freeipa.spec
@ -33,6 +33,12 @@
 %endif
 %endif

+%if 0%{?fedora} <= 29
+%global with_python2 1
+%else
+%global with_python2 0
+%endif
+
 %if 0%{?with_python3}
 %global python %{__python3}
 %else
@ -113,13 +119,13 @@
 %global etc_systemd_dir %{_sysconfdir}/systemd/system
 %global gettext_domain ipa

-%global VERSION 4.6.90.pre2
+%global VERSION 4.7.0

 %define _hardened_build 1

 Name:           freeipa
 Version:        %{VERSION}
-Release:        11%{?dist}
+Release:        1%{?dist}
 Summary:        The Identity, Policy and Audit system

 Group:          System Environment/Base
@ -128,8 +134,8 @@ URL:            https://www.freeipa.org/
 Source0:        https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz
 Source1:        https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.asc

-Patch0001:      0001-Fedora-29-renamed-fedora-domainname.service.patch
-Patch0002:      0002-Use-python3-lesscpy-0.13.0.patch
+Patch0001:      0001-Fix-style-format-string-in-ipa_ldap_init-util-ipa_ld.patch
+Patch0002:      0002-ipaserver-plugins-cert.py-Added-reason-to-raise-of-e.patch

 # For the timestamp trick in patch application
 BuildRequires:  diffstat
@ -154,8 +160,10 @@ BuildRequires:  automake
 BuildRequires:  libtool
 BuildRequires:  gettext
 BuildRequires:  gettext-devel
+%if 0%{?with_python2}
 BuildRequires:  python2-devel
 BuildRequires:  python2-setuptools
+%endif # with_python2
 %if 0%{?with_python3}
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
@ -179,6 +187,8 @@ BuildRequires:  libsss_idmap-devel
 BuildRequires:  libsss_certmap-devel
 # 1.15.3: sss_nss_getlistbycert (https://pagure.io/SSSD/sssd/issue/3050)
 BuildRequires:  libsss_nss_idmap-devel >= 1.15.3
+BuildRequires:  nodejs
+BuildRequires:  uglify-js
 BuildRequires:  rhino
 BuildRequires:  libverto-devel
 BuildRequires:  libunistring-devel
@ -189,6 +199,7 @@ BuildRequires:  python3-lesscpy >= 0.13.0-2
 # Build dependencies for makeapi/makeaci
 # makeapi/makeaci is using Python 2 only for now
 #
+%if 0%{?with_python2}
 BuildRequires:  python2-ldap >= %{python2_ldap_version}
 BuildRequires:  python2-netaddr
 BuildRequires:  python2-pyasn1
@ -197,6 +208,7 @@ BuildRequires:  python2-dns
 BuildRequires:  python2-six
 BuildRequires:  python2-libsss_nss_idmap
 BuildRequires:  python2-cffi
+%endif  # with_python2

 #
 # Build dependencies for wheel packaging and PyPI upload
@ -204,25 +216,30 @@ BuildRequires:  python2-cffi
 %if 0%{?with_wheels}
 BuildRequires:  dbus-glib-devel
 BuildRequires:  libffi-devel
+%if 0%{?with_python2}
 BuildRequires:  python2-tox
 BuildRequires:  python2-twine
 BuildRequires:  python2-wheel
+%endif  # with_python2
 %if 0%{?with_python3}
 BuildRequires:  python3-tox
 BuildRequires:  python3-twine
 BuildRequires:  python3-wheel
-%endif
+%endif  # with_python3
 %endif # with_wheels

 #
 # Build dependencies for lint and fastcheck
 #
 %if 0%{?with_lint}
+BuildRequires:  jsl
+BuildRequires:  softhsm
+
+%if 0%{?with_python2}
 BuildRequires:  python2-samba
 # 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
 BuildRequires:  python2-cryptography >= 1.6
 BuildRequires:  python2-gssapi >= 1.2.0-5
-BuildRequires:  softhsm
 %if 0%{?fedora} >= 26
 BuildRequires:  python2-pylint
 %else
@ -262,6 +279,7 @@ BuildRequires:  python2-paste
 BuildRequires:  python2-systemd
 BuildRequires:  python2-jinja2
 BuildRequires:  python2-augeas
+%endif # with_python2

 %if 0%{?with_python3}
 BuildRequires:  python3-samba
@ -340,6 +358,7 @@ Requires: python2-ipaserver = %{version}-%{release}
 Requires: python2-ldap >= %{python2_ldap_version}
 %endif
 Requires: 389-ds-base >= %{ds_version}
+Requires: 389-ds-base-legacy-tools >= %{ds_version}
 Requires: openldap-clients > 2.4.35-4
 Requires: nss >= %{nss_version}
 Requires: nss-tools >= %{nss_version}
@ -421,6 +440,8 @@ and integration with Active Directory based infrastructures (Trusts).
 If you are installing an IPA server, you need to install this package.


+%if 0%{?with_python2} && 0%{?fedora} <= 28
+
 %package -n python2-ipaserver
 Summary: Python libraries used by IPA server
 Group: System Environment/Libraries
@ -455,6 +476,7 @@ features for further integration with Linux based clients (SUDO, automount)
 and integration with Active Directory based infrastructures (Trusts).
 If you are installing an IPA server, you need to install this package.

+%endif  # with_python2 && fedora <= 28

 %if 0%{?with_python3}

@ -644,6 +666,7 @@ If your network uses IPA for authentication, this package should be
 installed on every client machine.
 This package provides command-line tools for IPA administrators.

+%if 0%{?with_python2} && 0%{?fedora} <= 29

 %package -n python2-ipaclient
 Summary: Python libraries used by IPA client
@ -667,6 +690,7 @@ and integration with Active Directory based infrastructures (Trusts).
 If your network uses IPA for authentication, this package should be
 installed on every client machine.

+%endif  # with_python2 && fedora <= 29

 %if 0%{?with_python3}

@ -745,6 +769,8 @@ python2-ipalib and %{name}-common. Packages still depending on
 %{name}-common instead.


+%if 0%{?with_python2} && 0%{?fedora} <= 29
+
 %package -n python2-ipalib
 Summary: Python libraries used by IPA
 Group: System Environment/Libraries
@ -799,6 +825,7 @@ features for further integration with Linux based clients (SUDO, automount)
 and integration with Active Directory based infrastructures (Trusts).
 If you are using IPA, you need to install this package.

+%endif # with_python2 && fedora <= 29

 %if 0%{?with_python3}

@ -872,6 +899,8 @@ If you are using IPA, you need to install this package.

 %if 0%{?with_ipatests}

+%if 0%{?with_python2} && 0%{?fedora} <= 28
+
 %package -n python2-ipatests
 Summary: IPA tests and test tools
 BuildArch: noarch
@ -912,6 +941,7 @@ features for further integration with Linux based clients (SUDO, automount)
 and integration with Active Directory based infrastructures (Trusts).
 This package contains tests that verify IPA functionality.

+%endif # with_python2 && fedora <= 28

 %if 0%{?with_python3}

@ -1060,18 +1090,31 @@ ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-tes

 %endif # with_python3

+%if 0%{?with_python2}
+
 # Python 2 installation
 %make_install

 %if 0%{?with_ipatests}
+
+%if 0%{?fedora} <= 28
 mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version}
 mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python2_version}
 mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python2_version}
 ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2
 ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2
 ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2
+%else
+# Remove python2 specific files for Fedora-29 and newer
+rm %{buildroot}%{_bindir}/ipa-run-tests
+rm %{buildroot}%{_bindir}/ipa-test-config
+rm %{buildroot}%{_bindir}/ipa-test-task
+%endif # fedora <= 28
+
 %endif # with_ipatests

+%endif # with_python2
+
 # Decide which Python (2 or 3) should be used as default for tests
 %if 0%{?with_ipatests}
 %if 0%{?with_python3}
@ -1080,10 +1123,12 @@ ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run
 ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config
 ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task
 %else
+%if 0%{?fedora} <= 28
 # Building python2 only => make it default for tests
 ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
 ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
 ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
+%endif # fedora <= 28
 %endif # with_python3
 %endif # with_ipatests

@ -1099,6 +1144,13 @@ mv %{buildroot}%{_bindir}/ipa-py2 %{buildroot}%{_bindir}/ipa
 # remove files which are useful only for make uninstall
 find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;

+%if 0%{?with_ipatests} && 0%{?fedora} > 28
+# Remove python2 specific files for Fedora-29 and newer
+rm -rf %{buildroot}%{python2_sitelib}/ipaserver*
+rm -rf %{buildroot}%{python2_sitelib}/ipatests*
+%endif # with_ipatests && fedora <= 28
+
+
 %find_lang %{gettext_domain}

 %if ! %{ONLY_CLIENT}
@ -1146,12 +1198,6 @@ touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
 mkdir -p %{buildroot}%{_sysconfdir}/cron.d
 %endif # ONLY_CLIENT

-%if %{ONLY_CLIENT}
-# Even client build must have /usr/share/ipa
-mkdir -p %{buildroot}%{_usr}/share/ipa
-%__install install/share/freeipa.template %{buildroot}%{_usr}/share/ipa
-%endif # ONLY_CLIENT
-
 # Collect templates and filter out non-server ones
 find %{buildroot}%{_usr}/share/ipa -maxdepth 1 -name '*.template' -a ! -name 'freeipa.template' -fprintf server-templates '%{_usr}/share/ipa/%f\n'

@ -1420,6 +1466,7 @@ fi
 %{_mandir}/man1/ipa-winsync-migrate.1*
 %{_mandir}/man1/ipa-pkinit-manage.1*

+%if 0%{?with_python2} && 0%{?fedora} <= 28

 %files -n python2-ipaserver
 %doc README.md Contributors.txt
@ -1427,6 +1474,7 @@ fi
 %{python2_sitelib}/ipaserver
 %{python2_sitelib}/ipaserver-*.egg-info

+%endif # with_python2 && fedora <= 28

 %if 0%{?with_python3}

@ -1573,6 +1621,8 @@ fi
 %{_mandir}/man1/ipa-join.1*


+%if 0%{?with_python2} && 0%{?fedora} <= 29
+
 %files -n python2-ipaclient
 %doc README.md Contributors.txt
 %license COPYING
@ -1595,6 +1645,7 @@ fi
 %{python2_sitelib}/ipaclient/csrgen/templates/*.tmpl
 %{python2_sitelib}/ipaclient-*.egg-info

+%endif  # with_python && fedora <= 29

 %if 0%{?with_python3}

@ -1649,13 +1700,14 @@ fi
 %dir %{_localstatedir}/lib/ipa-client/pki
 %dir %{_localstatedir}/lib/ipa-client/sysrestore
 %{_mandir}/man5/default.conf.5*
-%{_usr}/share/ipa/freeipa.template
+%{_usr}/share/ipa/client/freeipa.template


 %files python-compat
 %doc README.md Contributors.txt
 %license COPYING

+%if 0%{?with_python2} && 0%{?fedora} <= 29

 %files -n python2-ipalib
 %doc README.md Contributors.txt
@ -1675,6 +1727,7 @@ fi
 %{python2_sitelib}/ipaplatform-*.egg-info
 %{python2_sitelib}/ipaplatform-*-nspkg.pth

+%endif # with_python2 && fedora <= 29

 %files common -f %{gettext_domain}.lang
 %doc README.md Contributors.txt
@ -1701,6 +1754,8 @@ fi

 %if 0%{?with_ipatests}

+%if 0%{?with_python2} && 0%{?fedora} <= 28
+
 %files -n python2-ipatests
 %doc README.md Contributors.txt
 %license COPYING
@ -1719,6 +1774,8 @@ fi
 %{_mandir}/man1/ipa-test-config.1*
 %{_mandir}/man1/ipa-test-task.1*

+%endif # with_python2 && fedora <= 28
+
 %if 0%{?with_python3}

 %files -n python3-ipatests
@ -1727,18 +1784,38 @@ fi

 %{python3_sitelib}/ipatests
 %{python3_sitelib}/ipatests-*.egg-info
+%if ! (0%{?with_python2} && 0%{?fedora} <= 28)
+%{_bindir}/ipa-run-tests
+%{_bindir}/ipa-test-config
+%{_bindir}/ipa-test-task
+%endif # ! (with_python2 && fedora <= 28)
 %{_bindir}/ipa-run-tests-3
 %{_bindir}/ipa-test-config-3
 %{_bindir}/ipa-test-task-3
 %{_bindir}/ipa-run-tests-%{python3_version}
 %{_bindir}/ipa-test-config-%{python3_version}
 %{_bindir}/ipa-test-task-%{python3_version}
+%{_mandir}/man1/ipa-run-tests.1*
+%{_mandir}/man1/ipa-test-config.1*
+%{_mandir}/man1/ipa-test-task.1*

 %endif # with_python3

 %endif # with_ipatests

 %changelog
+* Thu Jul 26 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-0
+- Update to upstream 4.7.0
+- New BuildRequires for nodejs and uglify-js
+- New Requires for 389-ds-base-legacy-tools in server (RHBZ#1606541)
+- Do not build python2-ipaserver and python2-ipatests for Fedora 29 and up
+- Do not build any python2 packages for Fedora 30
+- Added ipatest man pages to python3-ipatests packages also
+- Added ipatest bindir links to python3-ipatests for Fedora up to 28
+- Dropped explicit copy of freeipa.template, install is doing this now
+- Added upstream fix: (f3faecb) Fix $-style format string in ipa_ldap_init
+- Added upstream fix: (4b592fe,1a7baa2) Added reason to raise of errors.NotFound
+
 * Mon Jul 16 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre2-11
 - Use version-aware macros for Python

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (freeipa-4.6.90.pre2.tar.gz) = 3ee250fa4b0bfc3db5890c93563f993ed623de20ad9b32fd1498ca74c328c6da29fa5893f9b44ea65b5c3aa08a18461363b5c04ffda0d1cada8ea69d6f664b3b
-SHA512 (freeipa-4.6.90.pre2.tar.gz.asc) = 9e96906f6e9d5a30cb2a5fec88e5e6b8e597c2506fa3cfb9afdd21bc545fb08c1be728e659a77bc19960d335023d7923718208ecf5f3348001be30cbaed1ff8c
+SHA512 (freeipa-4.7.0.tar.gz) = 1c564fca34339e6991edf29f731633467a4aa3f8dd0e763fa2f87fe5992e0697bb9f5686a455b778ce7722487278c4040e8a83be7078a2f6724a45c0761b9b5d
+SHA512 (freeipa-4.7.0.tar.gz.asc) = 7d6a224cc564bd96fa5bd4b89e4996b3b761348424d8719e2aea422371c53a5151c045666a7333d3ef081a3384a5c649096c1555f69312b66a38f14722b69725