From 77fae8c48bbe0f4499f4d8ed91b268568c64cd7c Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Thu, 11 Jun 2020 11:17:25 +0200 Subject: [PATCH] Move ipa-epn systemd files and run RPM hooks The init/systemd directory is for server only and not part of CLIENT_ONLY builds. It's necesary to run pre/post installation hooks to make systemd aware of new files. Fixes: https://pagure.io/freeipa/issue/8367 Signed-off-by: Christian Heimes Reviewed-By: Rob Crittenden Reviewed-By: Francois Cami --- .gitignore | 4 +-- client/Makefile.am | 1 + client/share/Makefile.am | 5 ++++ {install => client}/share/expire_msg.template | 0 client/systemd/Makefile.am | 27 +++++++++++++++++++ {init => client}/systemd/ipa-epn.service.in | 0 {init => client}/systemd/ipa-epn.timer.in | 0 configure.ac | 24 +++++++++++++++-- freeipa.spec.in | 15 +++++++++++ init/systemd/Makefile.am | 8 +++--- install/share/Makefile.am | 5 ---- server.m4 | 19 ------------- 12 files changed, 76 insertions(+), 32 deletions(-) rename {install => client}/share/expire_msg.template (100%) create mode 100644 client/systemd/Makefile.am rename {init => client}/systemd/ipa-epn.service.in (100%) rename {init => client}/systemd/ipa-epn.timer.in (100%) #diff --git a/.gitignore b/.gitignore #index 6584c3b4f..4cedb1ff2 100644 #--- a/.gitignore #+++ b/.gitignore #@@ -94,8 +94,6 @@ freeipa2-dev-doc # /init/ipa_memcached # /init/systemd/ipa-custodia.service # /init/systemd/ipa.service #-/init/systemd/ipa-epn.service #-/init/systemd/ipa-epn.timer # /init/tmpfilesd/ipa.conf # # !/install/ui/doc/Makefile.in #@@ -116,6 +114,8 @@ freeipa2-dev-doc # /client/ipa-getkeytab # /client/ipa-join # /client/ipa-rmkeytab #+/client/systemd/ipa-epn.service #+/client/systemd/ipa-epn.timer # # /ipaplatform/override.py # /ipapython/version.py diff --git a/client/Makefile.am b/client/Makefile.am index 858a9369e..87da87fcd 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -95,6 +95,7 @@ SUBDIRS = \ share \ man \ sysconfig \ + systemd \ $(NULL) # init diff --git a/client/share/Makefile.am b/client/share/Makefile.am index 6d4a62d5e..1402a3a9d 100644 --- a/client/share/Makefile.am +++ b/client/share/Makefile.am @@ -4,3 +4,8 @@ appdir = $(IPA_DATA_DIR)/client dist_app_DATA = \ freeipa.template \ $(NULL) + +epnconfdir = $(IPA_SYSCONF_DIR)/epn +dist_epnconf_DATA = \ + expire_msg.template \ + $(NULL) diff --git a/install/share/expire_msg.template b/client/share/expire_msg.template similarity index 100% rename from install/share/expire_msg.template rename to client/share/expire_msg.template diff --git a/client/systemd/Makefile.am b/client/systemd/Makefile.am new file mode 100644 index 000000000..1f591be83 --- /dev/null +++ b/client/systemd/Makefile.am @@ -0,0 +1,27 @@ +# This file will be processed with automake-1.7 to create Makefile.in +# +AUTOMAKE_OPTIONS = 1.7 + +NULL = + +dist_noinst_DATA = \ + ipa-epn.service.in \ + ipa-epn.timer.in \ + $(NULL) + +systemdsystemunit_DATA = \ + ipa-epn.service \ + ipa-epn.timer \ + $(NULL) + +CLEANFILES = $(systemdsystemunit_DATA) + +%: %.in Makefile + sed \ + -e 's|@bindir[@]|$(bindir)|g' \ + -e 's|@IPA_SYSCONF_DIR[@]|$(IPA_SYSCONF_DIR)|g' \ + -e 's|@localstatedir[@]|$(localstatedir)|g' \ + -e 's|@sbindir[@]|$(sbindir)|g' \ + -e 's|@libexecdir[@]|$(libexecdir)|g' \ + -e 's|@sysconfenvdir[@]|$(sysconfenvdir)|g' \ + '$(srcdir)/$@.in' >$@ diff --git a/init/systemd/ipa-epn.service.in b/client/systemd/ipa-epn.service.in similarity index 100% rename from init/systemd/ipa-epn.service.in rename to client/systemd/ipa-epn.service.in diff --git a/init/systemd/ipa-epn.timer.in b/client/systemd/ipa-epn.timer.in similarity index 100% rename from init/systemd/ipa-epn.timer.in rename to client/systemd/ipa-epn.timer.in diff --git a/configure.ac b/configure.ac index 5ec529088..586b2532a 100644 --- a/configure.ac +++ b/configure.ac @@ -220,6 +220,25 @@ AC_ARG_WITH([runstatedir], [runstatedir="/run"]) AC_SUBST([runstatedir]) +dnl --------------------------------------------------------------------------- +dnl - Check for systemd directories +dnl --------------------------------------------------------------------------- + +PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])]) +AC_ARG_WITH([systemdsystemunitdir], + AS_HELP_STRING([--with-systemdsystemunitdir=DIR], + [Directory for systemd service files]), + [systemdsystemunitdir=$with_systemdsystemunitdir], + [systemdsystemunitdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=systemdsystemunitdir systemd)]) +AC_SUBST([systemdsystemunitdir]) + +AC_ARG_WITH([systemdtmpfilesdir], + AS_HELP_STRING([--with-systemdtmpfilesdir=DIR], + [Directory for systemd-tmpfiles configuration files]), + [systemdtmpfilesdir=$with_systemdtmpfilesdir], + [systemdtmpfilesdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=tmpfilesdir systemd)]) +AC_SUBST([systemdtmpfilesdir]) + dnl --------------------------------------------------------------------------- dnl - Server-only configuration dnl --------------------------------------------------------------------------- @@ -544,6 +563,7 @@ AC_CONFIG_FILES([ client/share/Makefile client/man/Makefile client/sysconfig/Makefile + client/systemd/Makefile contrib/completion/Makefile contrib/Makefile daemons/dnssec/Makefile @@ -637,13 +657,13 @@ echo " jslint: ${JSLINT} LDAP libs: ${LDAP_LIBS} OpenSSL crypto libs: ${CRYPTO_LIBS} - KRB5 libs: ${KRB5_LIBS}" + KRB5 libs: ${KRB5_LIBS} + systemdsystemunitdir: ${systemdsystemunitdir}" AM_COND_IF([ENABLE_SERVER], [ echo "\ KRAD libs: ${KRAD_LIBS} krb5rundir: ${krb5rundir} - systemdsystemunitdir: ${systemdsystemunitdir} systemdtmpfilesdir: ${systemdtmpfilesdir} build mode: server & client" ], [ diff --git a/freeipa.spec.in b/freeipa.spec.in index cec57e64e..1d8f4e6aa 100755 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -586,6 +586,10 @@ on the machine enrolled into a FreeIPA environment %package client-epn Summary: Tools to configure Expiring Password Notification in IPA Group: System Environment/Base +Requires: systemd-units +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units Requires: %{name}-client = %{version}-%{release} %description client-epn @@ -1003,6 +1007,17 @@ fi # ONLY_CLIENT %endif +%preun client-epn +%systemd_preun ipa-epn.service +%systemd_preun ipa-epn.timer + +%postun client-epn +%systemd_postun ipa-epn.service +%systemd_postun ipa-epn.timer + +%post client-epn +%systemd_post ipa-epn.service +%systemd_post ipa-epn.timer %post client if [ $1 -gt 1 ] ; then diff --git a/init/systemd/Makefile.am b/init/systemd/Makefile.am index 5053dbff6..175178787 100644 --- a/init/systemd/Makefile.am +++ b/init/systemd/Makefile.am @@ -2,17 +2,17 @@ # AUTOMAKE_OPTIONS = 1.7 +NULL = + dist_noinst_DATA = \ ipa-custodia.service.in \ ipa.service.in \ - ipa-epn.service.in \ - ipa-epn.timer.in + $(NULL) systemdsystemunit_DATA = \ ipa-custodia.service \ ipa.service \ - ipa-epn.service \ - ipa-epn.timer + $(NULL) CLEANFILES = $(systemdsystemunit_DATA) diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 496e81288..e95796dfb 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -106,8 +106,3 @@ dist_app_DATA = \ kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy dist_kdcproxyconf_DATA = \ kdcproxy.conf - -epnconfdir = $(IPA_SYSCONF_DIR)/epn -dist_epnconf_DATA = \ - expire_msg.template \ - $(NULL) diff --git a/server.m4 b/server.m4 index d35823e80..842d599d2 100644 --- a/server.m4 +++ b/server.m4 @@ -153,22 +153,3 @@ dnl Check for libverto dnl --------------------------------------------------------------------------- PKG_CHECK_MODULES([LIBVERTO], [libverto]) - -dnl --------------------------------------------------------------------------- -dnl - Check for systemd directories -dnl --------------------------------------------------------------------------- - -PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])]) -AC_ARG_WITH([systemdsystemunitdir], - AS_HELP_STRING([--with-systemdsystemunitdir=DIR], - [Directory for systemd service files]), - [systemdsystemunitdir=$with_systemdsystemunitdir], - [systemdsystemunitdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=systemdsystemunitdir systemd)]) -AC_SUBST([systemdsystemunitdir]) - -AC_ARG_WITH([systemdtmpfilesdir], - AS_HELP_STRING([--with-systemdtmpfilesdir=DIR], - [Directory for systemd-tmpfiles configuration files]), - [systemdtmpfilesdir=$with_systemdtmpfilesdir], - [systemdtmpfilesdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=tmpfilesdir systemd)]) -AC_SUBST([systemdtmpfilesdir]) -- 2.26.2 From 23e2935e5c5cb402dd4f6f44eaa4b013e6a8188a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Mon, 22 Jun 2020 16:39:02 +0200 Subject: [PATCH] EPN: ship the configuration file. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ship and install /etc/ipa/epn.conf. Minor fixes to the associated man page. Fixes: https://pagure.io/freeipa/issue/8374 Signed-off-by: François Cami Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden --- client/man/epn.conf.5 | 5 ++-- client/share/Makefile.am | 7 +++++- client/share/epn.conf | 54 ++++++++++++++++++++++++++++++++++++++++ freeipa.spec.in | 4 ++- 4 files changed, 65 insertions(+), 5 deletions(-) create mode 100644 client/share/epn.conf diff --git a/client/man/epn.conf.5 b/client/man/epn.conf.5 index 38e99e25d..14f5dbb75 100644 --- a/client/man/epn.conf.5 +++ b/client/man/epn.conf.5 @@ -71,11 +71,10 @@ Specifies the From e-mail address value in the e-mails sent. The default is root@localhost. Bounces will be sent here. .TP .B smtp_delay -Time to wait, in milliseconds, between each e-mail sent to try to avoid overloading the mail queue. +Time to wait, in milliseconds, between each e-mail sent to try to avoid overloading the mail queue. The default is 0. .TP .B mail_from
-Specifies the From: e-mal address value in the e-mails sent. The default is -noreply@ipadefaultemaildomain. This value can be found by running +Specifies the From: e-mail address value in the e-mails sent. The default is noreply@ipadefaultemaildomain. This value can be found by running .I ipa config-show .TP .B notify_ttls diff --git a/client/share/Makefile.am b/client/share/Makefile.am index 1402a3a9d..472242e62 100644 --- a/client/share/Makefile.am +++ b/client/share/Makefile.am @@ -5,7 +5,12 @@ dist_app_DATA = \ freeipa.template \ $(NULL) -epnconfdir = $(IPA_SYSCONF_DIR)/epn +epnconfdir = $(IPA_SYSCONF_DIR) dist_epnconf_DATA = \ + epn.conf \ + $(NULL) + +epntemplatedir = $(IPA_SYSCONF_DIR)/epn +dist_epntemplate_DATA = \ expire_msg.template \ $(NULL) diff --git a/client/share/epn.conf b/client/share/epn.conf new file mode 100644 index 000000000..0e590dfc3 --- /dev/null +++ b/client/share/epn.conf @@ -0,0 +1,54 @@ +# Global IPA-EPN [0] configuration file. +# For a complete explanation of each parameter, see the epn.conf(5) +# manual page. +# For best results, change no more than a single parameter at a time, +# and test if ipa-epn(1) still works as intended, using --dry-run when +# it makes sense. +# +# [0] https://github.com/freeipa/freeipa/blob/master/doc/designs/expiring-password-notification.md + +[global] + +# Specifies the SMTP server to use. +smtp_server = localhost + +# Specifies the SMTP port. +smtp_port = 25 + +# Specifies the id of the user to authenticate with the SMTP server. +# Default None (empty value). +# smtp_user = + +# Specifies the password for the authorized user. +# Default None (empty value). +# smtp_password = + +# pecifies the number of seconds to wait for SMTP to respond. +smtp_timeout = 60 + +# Specifies the type of secure connection to make. Options are: none, +# starttls and ssl. +smtp_security = none + +# Specifies the From e-mail address value in the e-mails sent. Bounces will +# be sent here. +smtp_admin = root@localhost + +# Time to wait, in milliseconds, between each e-mail sent to try to avoid +# overloading the mail queue. +smtp_delay = 0 + +# Specifies the From: e-mail address value in the e-mails sent. +# The default when unset is noreply@ipadefaultemaildomain. +# This value can be found by running ipa config-show. +# mail_from = + +# The list of days before a password expiration when ipa-epn should notify +# a user that their password will soon require a reset. +notify_ttls = 28, 14, 7, 3, 1 + +# Set the character set of the message. +msg_charset = utf8 + +# Set the message's MIME sub-content type. +msg_subtype = plain diff --git a/freeipa.spec.in b/freeipa.spec.in index 5bce6f118..8cca99697 100755 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1387,13 +1387,15 @@ fi %files client-epn %doc README.md Contributors.txt +%dir %{_sysconfdir}/ipa/epn %license COPYING %{_sbindir}/ipa-epn %{_mandir}/man1/ipa-epn.1* %{_mandir}/man5/epn.conf.5* %attr(644,root,root) %{_unitdir}/ipa-epn.service %attr(644,root,root) %{_unitdir}/ipa-epn.timer -%attr(644,root,root) %{_sysconfdir}/ipa/epn/expire_msg.template +%attr(600,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn.conf +%attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn/expire_msg.template %files -n python3-ipaclient %doc README.md Contributors.txt -- 2.26.2 From 3b43950d35f78b28d4edde4fda475b5aa84f4587 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Tue, 23 Jun 2020 09:39:02 +0200 Subject: [PATCH] man pages: fix epn.conf.5 and ipa-epn.1 formatting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix formatting issues found with mandoc. Signed-off-by: François Cami Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden --- client/man/epn.conf.5 | 2 +- client/man/ipa-epn.1 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/client/man/epn.conf.5 b/client/man/epn.conf.5 index 14f5dbb75..df1f0156c 100644 --- a/client/man/epn.conf.5 +++ b/client/man/epn.conf.5 @@ -16,7 +16,7 @@ .\" .\" Author: Rob Crittenden .\" -.TH "epn.conf" "5" "Apr 28 2020" "FreeIPA" "FreeIPA Manual Pages" +.TH "EPN.CONF" "5" "April 28, 2020" "FreeIPA" "FreeIPA Manual Pages" .SH "NAME" epn.conf \- Expiring Password Notification configuration file .SH "SYNOPSIS" diff --git a/client/man/ipa-epn.1 b/client/man/ipa-epn.1 index 9999ea8ca..124fd4536 100644 --- a/client/man/ipa-epn.1 +++ b/client/man/ipa-epn.1 @@ -15,14 +15,14 @@ .\" along with this program. If not, see . .\" .\" -.TH "ipa-epn" "1" "Apr 24 2020" "FreeIPA" "FreeIPA Manual Pages" +.TH "IPA-EPN" "1" "April 24, 2020" "FreeIPA" "FreeIPA Manual Pages" .SH "NAME" ipa\-epn \- Send expiring password nofications .SH "SYNOPSIS" -ipa\-epn \[options\] +ipa\-epn \fR[options\fR] .SH "DESCRIPTION" -ipa\-epn provides a method to warn users via email that their IPA account password is about to expire. +ipa\-epn provides a method to warn users via email that their IPA account password is about to expire. It can be used in dry\-run mode which is recommmended during setup. The output is always JSON in this case. @@ -38,7 +38,7 @@ The \-\-to\-nbdays CLI option can be used to determine the number of notificatio If \fB\-\-from\-nbdays\fR is not specified, ipa\-epn will look within a 24\-hour long time range in days. -if \fB\-\-from\-nbdays\fR is specified, the date range starts at \fB\-\-from\-nbdays\fR days in the future and ends at \fB\-\-to\-nbdays\fR in the future. +if \fB\-\-from\-nbdays\fR is specified, the date range starts at \fB\-\-from\-nbdays\fR days in the future and ends at \fB\-\-to\-nbdays\fR in the future. Together, these two CLI options can be used to determine how many emails would be sent in a specific time in the future. -- 2.26.2 From 2648c218467792e907435eaa5267a0f3457f634f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Tue, 23 Jun 2020 13:50:02 +0200 Subject: [PATCH] ipatests: check that EPN's configuration file is installed. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: https://pagure.io/freeipa/issue/8374 Signed-off-by: François Cami Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden --- ipatests/test_integration/test_epn.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ipatests/test_integration/test_epn.py b/ipatests/test_integration/test_epn.py index 7f56d4bc0..409d588d5 100644 --- a/ipatests/test_integration/test_epn.py +++ b/ipatests/test_integration/test_epn.py @@ -209,6 +209,20 @@ class TestEPN(IntegrationTest): cls.master.run_command(r'rm -f /etc/pki/tls/private/postfix.key') cls.master.run_command(r'rm -f /etc/pki/tls/certs/postfix.pem') + @pytest.mark.xfail(reason='pr-ci issue 378', strict=True) + def test_EPN_config_file(self): + """Check that the EPN configuration file is installed. + https://pagure.io/freeipa/issue/8374 + """ + epn_conf = "/etc/ipa/epn.conf" + epn_template = "/etc/ipa/epn/expire_msg.template" + cmd1 = self.master.run_command(["rpm", "-qc", "freeipa-client-epn"]) + assert epn_conf in cmd1.stdout_text + assert epn_template in cmd1.stdout_text + cmd2 = self.master.run_command(["sha256sum", epn_conf]) + ck = "4c207b5c9c760c36db0d3b2b93da50ea49edcc4002d6d1e7383601f0ec30b957" + assert cmd2.stdout_text.find(ck) == 0 + def test_EPN_smoketest_1(self): """No users except admin. Check --dry-run output. With the default configuration, the result should be an empty list. -- 2.26.2 From 06accac8906f66ebbb31849d6528b39ae006b124 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Wed, 24 Jun 2020 23:24:36 +0200 Subject: [PATCH] ipatests: ipa_epn: uninstall/reinstall ipa-client-epn MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Due to https://github.com/freeipa/freeipa-pr-ci/issues/378 the installed version of freeipa-client-epn is not the built one. Temporarily force uninstall/reinstall of this package before running the test. Fixes: https://pagure.io/freeipa/issue/8374 Signed-off-by: François Cami Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden --- ipatests/test_integration/test_epn.py | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/ipatests/test_integration/test_epn.py b/ipatests/test_integration/test_epn.py index 409d588d5..9a9fb17b9 100644 --- a/ipatests/test_integration/test_epn.py +++ b/ipatests/test_integration/test_epn.py @@ -209,11 +209,29 @@ class TestEPN(IntegrationTest): cls.master.run_command(r'rm -f /etc/pki/tls/private/postfix.key') cls.master.run_command(r'rm -f /etc/pki/tls/certs/postfix.pem') - @pytest.mark.xfail(reason='pr-ci issue 378', strict=True) + @pytest.mark.skip_if_platform( + "debian", reason="Cannot check installed packages using RPM" + ) def test_EPN_config_file(self): """Check that the EPN configuration file is installed. https://pagure.io/freeipa/issue/8374 """ + # workaround for https://github.com/freeipa/freeipa-pr-ci/issues/378 + rpm_q_cmds = [ + ["rpm", "-qi", "freeipa-client"], + ["rpm", "-qi", "freeipa-client-epn"], + ["rpm", "-qc", "freeipa-client-epn"], + ["rpm", "-V", "freeipa-client-epn"], + ["rpm", "-qvc", "freeipa-client-epn"], + ["ls", "-l", "/etc/ipa", "/etc/ipa/epn"], + ] + for cmd in rpm_q_cmds: + self.master.run_command(cmd, raiseonerr=False) + tasks.uninstall_packages(self.master, ["*ipa-client-epn"]) + tasks.install_packages(self.master, ["*ipa-client-epn"]) + for cmd in rpm_q_cmds: + self.master.run_command(cmd, raiseonerr=False) + # end workaround epn_conf = "/etc/ipa/epn.conf" epn_template = "/etc/ipa/epn/expire_msg.template" cmd1 = self.master.run_command(["rpm", "-qc", "freeipa-client-epn"]) -- 2.26.2