|
 |
7ccb103 |
# Define ONLY_CLIENT to only make the ipa-admintools, ipa-client and ipa-python
|
|
|
7ccb103 |
# subpackages
|
|
 |
ce15e9e |
%{!?ONLY_CLIENT:%global ONLY_CLIENT 0}
|
|
|
ce15e9e |
|
|
|
00828c7 |
%if 0%{?rhel}
|
|
|
00828c7 |
%global with_python3 0
|
|
|
00828c7 |
%else
|
|
|
00828c7 |
%global with_python3 1
|
|
|
00828c7 |
%endif
|
|
|
00828c7 |
|
|
|
7ccb103 |
%global alt_name ipa
|
|
|
7ccb103 |
%if 0%{?rhel}
|
|
|
7ccb103 |
%global samba_version 4.0.5-1
|
|
 |
9e1a9ca |
%global samba_build_version %{samba_version}
|
|
|
7ccb103 |
%global selinux_policy_version 3.12.1-153
|
|
|
7ccb103 |
%else
|
|
|
08336be |
%global samba_version 2:4.3.1-1
|
|
|
9e1a9ca |
%global samba_build_version 2:4.2.1
|
|
|
21c82e0 |
%global selinux_policy_version 3.13.1-158.4
|
|
|
7ccb103 |
%endif
|
|
|
7ccb103 |
|
|
|
ece84f7 |
%define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
|
|
|
ece84f7 |
|
|
|
ce15e9e |
%global plugin_dir %{_libdir}/dirsrv/plugins
|
|
|
ece84f7 |
%global etc_systemd_dir %{_sysconfdir}/systemd/system
|
|
|
ce15e9e |
%global gettext_domain ipa
|
|
|
7ccb103 |
%if 0%{?rhel}
|
|
|
7ccb103 |
%global platform_module rhel
|
|
|
7ccb103 |
%else
|
|
|
7ccb103 |
%global platform_module fedora
|
|
|
7ccb103 |
%endif
|
|
|
7ccb103 |
|
|
|
f92f8b8 |
%global VERSION 4.3.2
|
|
|
ce15e9e |
|
|
 |
5b79ddb |
%define _hardened_build 1
|
|
|
5b79ddb |
|
|
|
ce15e9e |
Name: freeipa
|
|
|
f08947f |
Version: %{VERSION}
|
|
Pavel Vomacka |
1175a51 |
Release: 3%{?dist}
|
|
|
ce15e9e |
Summary: The Identity, Policy and Audit system
|
|
|
ce15e9e |
|
|
|
ce15e9e |
Group: System Environment/Base
|
|
|
ce15e9e |
License: GPLv3+
|
|
|
ce15e9e |
URL: http://www.freeipa.org/
|
|
|
a0ca5be |
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
|
|
|
b191f14 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
ce15e9e |
|
|
|
b2442d5 |
Patch0001: 0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch
|
|
|
55496aa |
Patch0002: 0002-DNS-server-upgrade-do-not-fail-when-DNS-server-did-n.patch
|
|
|
55496aa |
Patch0003: 0003-cert-revoke-fix-permission-check-bypass-CVE-2016-540.patch
|
|
|
55496aa |
Patch0004: 0004-ipa-kdb-Allow-to-build-with-samba-4.5.patch
|
|
Pavel Vomacka |
1175a51 |
Patch0005: 0005-certprofile-mod-correctly-authorise-config-update.patch
|
|
Pavel Vomacka |
1175a51 |
Patch0006: 0006-password-policy-Add-explicit-default-password-policy.patch
|
|
|
b2442d5 |
|
|
|
ce15e9e |
%if ! %{ONLY_CLIENT}
|
|
|
f92f8b8 |
BuildRequires: 389-ds-base-devel >= 1.3.5
|
|
|
ce15e9e |
BuildRequires: svrcore-devel
|
|
|
7ccb103 |
BuildRequires: policycoreutils >= 2.1.12-5
|
|
|
70948cc |
BuildRequires: systemd-units
|
|
|
9e1a9ca |
BuildRequires: samba-devel >= %{samba_build_version}
|
|
|
53622bb |
BuildRequires: samba-python
|
|
|
53622bb |
BuildRequires: libwbclient-devel
|
|
|
23157c3 |
BuildRequires: libtalloc-devel
|
|
|
23157c3 |
BuildRequires: libtevent-devel
|
|
 |
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
BuildRequires: nspr-devel
|
|
|
c6cab8a |
BuildRequires: nss-devel
|
|
|
ce15e9e |
BuildRequires: openssl-devel
|
|
|
ce15e9e |
BuildRequires: openldap-devel
|
|
|
ece84f7 |
BuildRequires: krb5-devel >= 1.13
|
|
|
c6cab8a |
BuildRequires: krb5-workstation
|
|
|
c6cab8a |
BuildRequires: libuuid-devel
|
|
|
45d13fb |
BuildRequires: libcurl-devel >= 7.21.7-2
|
|
|
45d13fb |
BuildRequires: xmlrpc-c-devel >= 1.27.4
|
|
|
c6cab8a |
BuildRequires: popt-devel
|
|
|
ce15e9e |
BuildRequires: autoconf
|
|
|
ce15e9e |
BuildRequires: automake
|
|
|
ce15e9e |
BuildRequires: m4
|
|
|
c6cab8a |
BuildRequires: libtool
|
|
|
c6cab8a |
BuildRequires: gettext
|
|
|
c6cab8a |
BuildRequires: python-devel
|
|
|
c6cab8a |
BuildRequires: python-ldap
|
|
|
ce15e9e |
BuildRequires: python-setuptools
|
|
|
ce15e9e |
BuildRequires: python-nss
|
|
|
f644c94 |
BuildRequires: python-cryptography >= 0.9
|
|
|
b2442d5 |
BuildRequires: m2crypto
|
|
|
a0ca5be |
BuildRequires: python-netaddr
|
|
|
00828c7 |
BuildRequires: python-gssapi >= 1.1.2
|
|
|
92a3878 |
BuildRequires: python-rhsm
|
|
|
68ba56c |
BuildRequires: pyOpenSSL
|
|
|
ece84f7 |
BuildRequires: pylint >= 1.0
|
|
|
23bbd3f |
BuildRequires: python-polib
|
|
|
ece84f7 |
BuildRequires: python-libipa_hbac
|
|
|
18a9ea0 |
BuildRequires: python-memcached
|
|
|
a0ca5be |
BuildRequires: python-lxml
|
|
|
a0ca5be |
BuildRequires: python-pyasn1 >= 0.0.9a
|
|
|
743ef01 |
BuildRequires: python-qrcode-core >= 5.0.0
|
|
|
7ccb103 |
BuildRequires: python-dns >= 1.11.1
|
|
|
a0ca5be |
BuildRequires: libsss_idmap-devel
|
|
|
7ccb103 |
BuildRequires: libsss_nss_idmap-devel >= 1.12.2
|
|
|
694ce21 |
BuildRequires: java-headless
|
|
|
92ad420 |
BuildRequires: rhino
|
|
|
12216fc |
BuildRequires: libverto-devel
|
|
|
12216fc |
BuildRequires: systemd
|
|
|
8a7e6ad |
BuildRequires: libunistring-devel
|
|
|
92ad420 |
BuildRequires: python-lesscpy
|
|
|
ece84f7 |
BuildRequires: python-yubico >= 1.2.3
|
|
|
7ccb103 |
BuildRequires: openssl-devel
|
|
|
ece84f7 |
BuildRequires: pki-base >= 10.2.6
|
|
|
ece84f7 |
BuildRequires: python-pytest-multihost >= 0.5
|
|
|
ece84f7 |
BuildRequires: python-pytest-sourceorder
|
|
|
ece84f7 |
BuildRequires: python-kdcproxy >= 0.3
|
|
|
00828c7 |
BuildRequires: python-six
|
|
|
00828c7 |
BuildRequires: python-jwcrypto
|
|
|
00828c7 |
BuildRequires: custodia
|
|
|
00828c7 |
BuildRequires: libini_config-devel >= 1.2.0
|
|
|
00828c7 |
BuildRequires: dbus-python
|
|
|
00828c7 |
|
|
|
00828c7 |
# Build dependencies for unit tests
|
|
|
00828c7 |
BuildRequires: libcmocka-devel
|
|
|
00828c7 |
BuildRequires: nss_wrapper
|
|
|
55496aa |
# Required by ipa_kdb_tests
|
|
|
55496aa |
BuildRequires: %{_libdir}/krb5/plugins/kdb/db2.so
|
|
|
00828c7 |
|
|
|
00828c7 |
%if 0%{?with_python3}
|
|
|
00828c7 |
BuildRequires: python3-devel
|
|
|
00828c7 |
%endif # with_python3
|
|
|
5e12d2d |
|
|
|
ce15e9e |
%description
|
|
|
e26c3e5 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
e26c3e5 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
e26c3e5 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
e26c3e5 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
e26c3e5 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%if ! %{ONLY_CLIENT}
|
|
|
00828c7 |
|
|
|
ce15e9e |
%package server
|
|
|
ce15e9e |
Summary: The IPA authentication server
|
|
|
ce15e9e |
Group: System Environment/Base
|
|
|
00828c7 |
Requires: %{name}-server-common = %{version}-%{release}
|
|
|
ce15e9e |
Requires: %{name}-client = %{version}-%{release}
|
|
|
ce15e9e |
Requires: %{name}-admintools = %{version}-%{release}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: python2-ipaserver = %{version}-%{release}
|
|
|
f92f8b8 |
Requires: 389-ds-base >= 1.3.5
|
|
|
5e12d2d |
Requires: openldap-clients > 2.4.35-4
|
|
|
5e12d2d |
Requires: nss >= 3.14.3-12.0
|
|
|
5e12d2d |
Requires: nss-tools >= 3.14.3-12.0
|
|
|
ece84f7 |
Requires(post): krb5-server >= %{krb5_base_version}, krb5-server < %{krb5_base_version}.100
|
|
|
ce15e9e |
Requires: krb5-pkinit-openssl
|
|
|
92a3878 |
Requires: cyrus-sasl-gssapi%{?_isa}
|
|
|
ce15e9e |
Requires: ntp
|
|
|
9d21232 |
Requires: httpd >= 2.4.6-6
|
|
|
ce15e9e |
Requires: mod_wsgi
|
|
|
f92f8b8 |
Requires: mod_auth_gssapi >= 1.4.0
|
|
|
9d21232 |
Requires: mod_nss >= 1.0.8-26
|
|
|
7ccb103 |
Requires: python-ldap >= 2.4.15
|
|
|
00828c7 |
Requires: python-gssapi >= 1.1.2
|
|
|
ce15e9e |
Requires: acl
|
|
|
18a9ea0 |
Requires: memcached
|
|
|
18a9ea0 |
Requires: python-memcached
|
|
|
45d13fb |
Requires: systemd-units >= 38
|
|
|
ece84f7 |
Requires(pre): shadow-utils
|
|
|
70948cc |
Requires(pre): systemd-units
|
|
|
70948cc |
Requires(post): systemd-units
|
|
|
7ccb103 |
Requires: selinux-policy >= %{selinux_policy_version}
|
|
|
ece84f7 |
Requires(post): selinux-policy-base >= %{selinux_policy_version}
|
|
|
f644c94 |
Requires: slapi-nis >= 0.55-1
|
|
|
f92f8b8 |
Requires: pki-ca >= 10.2.6-19
|
|
|
f92f8b8 |
Requires: pki-kra >= 10.2.6-19
|
|
|
70948cc |
Requires(preun): python systemd-units
|
|
|
70948cc |
Requires(postun): python systemd-units
|
|
|
4de47b3 |
Requires: zip
|
|
|
7ccb103 |
Requires: policycoreutils >= 2.1.12-5
|
|
|
5e038ec |
Requires: tar
|
|
|
ece84f7 |
Requires(pre): certmonger >= 0.78
|
|
|
f92f8b8 |
Requires(pre): 389-ds-base >= 1.3.5
|
|
|
92ad420 |
Requires: fontawesome-fonts
|
|
|
92ad420 |
Requires: open-sans-fonts
|
|
|
7ccb103 |
Requires: openssl
|
|
|
ece84f7 |
Requires: softhsm >= 2.0.0rc1-1
|
|
|
7ccb103 |
Requires: p11-kit
|
|
|
7ccb103 |
Requires: systemd-python
|
|
|
ece84f7 |
Requires: %{etc_systemd_dir}
|
|
|
e26c3e5 |
Requires: gzip
|
|
|
00828c7 |
Requires: oddjob
|
|
|
7ccb103 |
|
|
|
00828c7 |
Provides: %{alt_name}-server = %{version}
|
|
|
7ccb103 |
Conflicts: %{alt_name}-server
|
|
|
7ccb103 |
Obsoletes: %{alt_name}-server < %{version}
|
|
|
9f95811 |
|
|
|
8a7e6ad |
# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
|
|
|
9f95811 |
# entire SELinux policy is stored in the system policy
|
|
|
8a7e6ad |
Obsoletes: freeipa-server-selinux < 3.3.0
|
|
|
70948cc |
|
|
|
ece84f7 |
# upgrade path from monolithic -server to -server + -server-dns
|
|
|
00828c7 |
Obsoletes: %{name}-server <= 4.2.0
|
|
|
18a9ea0 |
|
|
|
5e12d2d |
# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
|
|
|
5e12d2d |
# member.
|
|
|
5e12d2d |
Conflicts: nss-pam-ldapd < 0.8.4
|
|
|
5e12d2d |
|
|
|
ce15e9e |
%description server
|
|
|
e26c3e5 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
e26c3e5 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
e26c3e5 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
e26c3e5 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
e26c3e5 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
e26c3e5 |
If you are installing an IPA server, you need to install this package.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
|
|
|
00828c7 |
%package -n python2-ipaserver
|
|
|
00828c7 |
Summary: Python libraries used by IPA server
|
|
|
00828c7 |
Group: System Environment/Libraries
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
%{?python_provide:%python_provide python2-ipaserver}
|
|
|
00828c7 |
Requires: %{name}-server-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: python2-ipaclient = %{version}-%{release}
|
|
|
00828c7 |
Requires: python-ldap >= 2.4.15
|
|
|
00828c7 |
Requires: python-gssapi >= 1.1.2
|
|
|
00828c7 |
Requires: python-sssdconfig
|
|
|
00828c7 |
Requires: python-pyasn1
|
|
|
00828c7 |
Requires: dbus-python
|
|
|
00828c7 |
Requires: python-dns >= 1.11.1
|
|
|
00828c7 |
Requires: python-kdcproxy >= 0.3
|
|
|
f644c94 |
Requires: rpm-libs
|
|
|
00828c7 |
|
|
|
00828c7 |
%description -n python2-ipaserver
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
If you are installing an IPA server, you need to install this package.
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%package server-common
|
|
|
00828c7 |
Summary: Common files used by IPA server
|
|
|
00828c7 |
Group: System Environment/Base
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: httpd >= 2.4.6-6
|
|
|
00828c7 |
Requires: systemd-units >= 38
|
|
|
00828c7 |
Requires: custodia
|
|
|
00828c7 |
|
|
|
00828c7 |
Provides: %{alt_name}-server-common = %{version}
|
|
|
00828c7 |
Conflicts: %{alt_name}-server-common
|
|
|
00828c7 |
Obsoletes: %{alt_name}-server-common < %{version}
|
|
|
00828c7 |
|
|
|
00828c7 |
%description server-common
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
If you are installing an IPA server, you need to install this package.
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
ece84f7 |
%package server-dns
|
|
|
ece84f7 |
Summary: IPA integrated DNS server with support for automatic DNSSEC signing
|
|
|
ece84f7 |
Group: System Environment/Base
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
ece84f7 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
ece84f7 |
Requires: bind-dyndb-ldap >= 6.0-4
|
|
|
ece84f7 |
%if 0%{?fedora} >= 21
|
|
|
ece84f7 |
Requires: bind >= 9.9.6-3
|
|
|
ece84f7 |
Requires: bind-utils >= 9.9.6-3
|
|
|
ece84f7 |
Requires: bind-pkcs11 >= 9.9.6-3
|
|
|
ece84f7 |
Requires: bind-pkcs11-utils >= 9.9.6-3
|
|
|
ece84f7 |
%else
|
|
|
ece84f7 |
Requires: bind >= 9.9.4-21
|
|
|
ece84f7 |
Requires: bind-utils >= 9.9.4-21
|
|
|
ece84f7 |
Requires: bind-pkcs11 >= 9.9.4-21
|
|
|
ece84f7 |
Requires: bind-pkcs11-utils >= 9.9.4-21
|
|
|
ece84f7 |
%endif
|
|
|
ece84f7 |
Requires: opendnssec >= 1.4.6-4
|
|
|
ece84f7 |
|
|
|
00828c7 |
Provides: %{alt_name}-server-dns = %{version}
|
|
|
ece84f7 |
Conflicts: %{alt_name}-server-dns
|
|
|
ece84f7 |
Obsoletes: %{alt_name}-server-dns < %{version}
|
|
|
ece84f7 |
|
|
|
ece84f7 |
# upgrade path from monolithic -server to -server + -server-dns
|
|
|
00828c7 |
Obsoletes: %{name}-server <= 4.2.0
|
|
|
ece84f7 |
|
|
|
f644c94 |
# FreeIPA does not support running integrated BIND in chroot jail
|
|
|
f644c94 |
Conflicts: bind-chroot
|
|
|
f644c94 |
|
|
|
ece84f7 |
%description server-dns
|
|
|
ece84f7 |
IPA integrated DNS server with support for automatic DNSSEC signing.
|
|
|
ece84f7 |
Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
|
|
|
ece84f7 |
|
|
|
ece84f7 |
|
|
|
a0ca5be |
%package server-trust-ad
|
|
|
a0ca5be |
Summary: Virtual package to install packages required for Active Directory trusts
|
|
|
a0ca5be |
Group: System Environment/Base
|
|
|
00828c7 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
53622bb |
Requires: samba-python
|
|
|
7ccb103 |
Requires: samba >= %{samba_version}
|
|
|
53622bb |
Requires: samba-winbind
|
|
|
a0ca5be |
Requires: libsss_idmap
|
|
|
ece84f7 |
Requires: python-libsss_nss_idmap
|
|
|
b0ad0e0 |
Requires: python-sss
|
|
|
4de47b3 |
# We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5
|
|
|
45d13fb |
# on the installes where server-trust-ad subpackage is installed because
|
|
|
4de47b3 |
# IPA AD trusts cannot be used at the same time with the locator plugin
|
|
|
4de47b3 |
# since Winbindd will be configured in a different mode
|
|
|
4de47b3 |
Requires(post): %{_sbindir}/update-alternatives
|
|
|
c6c1e1d |
Requires(post): python
|
|
|
4de47b3 |
Requires(postun): %{_sbindir}/update-alternatives
|
|
|
4de47b3 |
Requires(preun): %{_sbindir}/update-alternatives
|
|
|
a0ca5be |
|
|
|
00828c7 |
Provides: %{alt_name}-server-trust-ad = %{version}
|
|
|
7ccb103 |
Conflicts: %{alt_name}-server-trust-ad
|
|
|
7ccb103 |
Obsoletes: %{alt_name}-server-trust-ad < %{version}
|
|
|
7ccb103 |
|
|
|
a0ca5be |
%description server-trust-ad
|
|
|
3ee1e7d |
Cross-realm trusts with Active Directory in IPA require working Samba 4
|
|
|
3ee1e7d |
installation. This package is provided for convenience to install all required
|
|
|
3ee1e7d |
dependencies at once.
|
|
|
a0ca5be |
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
|
|
|
ce15e9e |
|
|
|
ce15e9e |
%package client
|
|
|
ce15e9e |
Summary: IPA authentication for use on clients
|
|
|
ce15e9e |
Group: System Environment/Base
|
|
|
00828c7 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: python2-ipaclient = %{version}-%{release}
|
|
|
ce15e9e |
Requires: python-ldap
|
|
|
92a3878 |
Requires: cyrus-sasl-gssapi%{?_isa}
|
|
|
ce15e9e |
Requires: ntp
|
|
|
ce15e9e |
Requires: krb5-workstation
|
|
|
ce15e9e |
Requires: authconfig
|
|
|
ce15e9e |
Requires: pam_krb5
|
|
|
00828c7 |
Requires: curl
|
|
|
45d13fb |
Requires: libcurl >= 7.21.7-2
|
|
|
45d13fb |
Requires: xmlrpc-c >= 1.27.4
|
|
|
f644c94 |
Requires: sssd >= 1.13.3-5
|
|
|
b0ad0e0 |
Requires: python-sssdconfig
|
|
|
ece84f7 |
Requires: certmonger >= 0.78
|
|
|
ce15e9e |
Requires: nss-tools
|
|
|
c6cab8a |
Requires: bind-utils
|
|
|
b191f14 |
Requires: oddjob-mkhomedir
|
|
|
00828c7 |
Requires: python-gssapi >= 1.1.2
|
|
|
a0ca5be |
Requires: libsss_autofs
|
|
|
a0ca5be |
Requires: autofs
|
|
|
a0ca5be |
Requires: libnfsidmap
|
|
|
a0ca5be |
Requires: nfs-utils
|
|
|
c6c1e1d |
Requires(post): policycoreutils
|
|
|
ce15e9e |
|
|
|
00828c7 |
Provides: %{alt_name}-client = %{version}
|
|
|
7ccb103 |
Conflicts: %{alt_name}-client
|
|
|
7ccb103 |
Obsoletes: %{alt_name}-client < %{version}
|
|
|
ce15e9e |
|
|
|
ce15e9e |
%description client
|
|
|
e26c3e5 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
e26c3e5 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
e26c3e5 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
e26c3e5 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
e26c3e5 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
e26c3e5 |
If your network uses IPA for authentication, this package should be
|
|
|
e26c3e5 |
installed on every client machine.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
|
|
|
00828c7 |
%package -n python2-ipaclient
|
|
|
00828c7 |
Summary: Python libraries used by IPA client
|
|
|
00828c7 |
Group: System Environment/Libraries
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
%{?python_provide:%python_provide python2-ipaclient}
|
|
|
00828c7 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
f433140 |
Requires: python2-ipalib = %{version}-%{release}
|
|
|
00828c7 |
Requires: python-dns >= 1.11.1
|
|
|
f92f8b8 |
Requires: pyusb
|
|
|
00828c7 |
|
|
|
00828c7 |
%description -n python2-ipaclient
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
If your network uses IPA for authentication, this package should be
|
|
|
00828c7 |
installed on every client machine.
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
f644c94 |
%if 0%{?with_python3}
|
|
|
f644c94 |
|
|
|
f644c94 |
%package -n python3-ipaclient
|
|
|
f644c94 |
Summary: Python libraries used by IPA client
|
|
|
f644c94 |
Group: System Environment/Libraries
|
|
|
f644c94 |
BuildArch: noarch
|
|
|
f644c94 |
%{?python_provide:%python_provide python3-ipaclient}
|
|
|
f644c94 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
f644c94 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
f644c94 |
Requires: python3-ipalib = %{version}-%{release}
|
|
|
f644c94 |
Requires: python3-dns >= 1.11.1
|
|
|
f92f8b8 |
Requires: python3-pyusb
|
|
|
f644c94 |
|
|
|
f644c94 |
%description -n python3-ipaclient
|
|
|
f644c94 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
f644c94 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
f644c94 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
f644c94 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
f644c94 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
f644c94 |
If your network uses IPA for authentication, this package should be
|
|
|
f644c94 |
installed on every client machine.
|
|
|
f644c94 |
|
|
|
f644c94 |
%endif # with_python3
|
|
|
f644c94 |
|
|
|
f644c94 |
|
|
|
00828c7 |
%package client-common
|
|
|
00828c7 |
Summary: Common files used by IPA client
|
|
|
00828c7 |
Group: System Environment/Base
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
|
|
|
00828c7 |
Provides: %{alt_name}-client-common = %{version}
|
|
|
00828c7 |
Conflicts: %{alt_name}-client-common
|
|
|
00828c7 |
Obsoletes: %{alt_name}-client-common < %{version}
|
|
|
00828c7 |
|
|
|
00828c7 |
%description client-common
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
If your network uses IPA for authentication, this package should be
|
|
|
00828c7 |
installed on every client machine.
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%package admintools
|
|
|
ce15e9e |
Summary: IPA administrative tools
|
|
|
ce15e9e |
Group: System Environment/Base
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
f433140 |
Requires: python2-ipalib = %{version}-%{release}
|
|
|
ce15e9e |
Requires: python-ldap
|
|
|
ce15e9e |
|
|
|
00828c7 |
Provides: %{alt_name}-admintools = %{version}
|
|
|
7ccb103 |
Conflicts: %{alt_name}-admintools
|
|
|
7ccb103 |
Obsoletes: %{alt_name}-admintools < %{version}
|
|
|
ce15e9e |
|
|
|
ce15e9e |
%description admintools
|
|
|
e26c3e5 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
e26c3e5 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
e26c3e5 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
e26c3e5 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
e26c3e5 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
e26c3e5 |
This package provides command-line tools for IPA administrators.
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
00828c7 |
%package python-compat
|
|
|
00828c7 |
Summary: Compatiblity package for Python libraries used by IPA
|
|
|
00828c7 |
Group: System Environment/Libraries
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
Obsoletes: %{name}-python < 4.2.91
|
|
|
00828c7 |
Provides: %{name}-python = %{version}-%{release}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
f433140 |
Requires: python2-ipalib = %{version}-%{release}
|
|
|
00828c7 |
|
|
|
00828c7 |
Provides: %{alt_name}-python-compat = %{version}
|
|
|
00828c7 |
Conflicts: %{alt_name}-python-compat
|
|
|
00828c7 |
Obsoletes: %{alt_name}-python-compat < %{version}
|
|
|
00828c7 |
|
|
|
00828c7 |
Obsoletes: %{alt_name}-python < 4.2.91
|
|
|
00828c7 |
Provides: %{alt_name}-python = %{version}
|
|
|
00828c7 |
|
|
|
00828c7 |
%description python-compat
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
This is a compatibility package to accommodate %{name}-python split into
|
|
|
00828c7 |
python2-ipalib and %{name}-common. Packages still depending on
|
|
|
00828c7 |
%{name}-python should be fixed to depend on python2-ipaclient or
|
|
|
00828c7 |
%{name}-common instead.
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%package -n python2-ipalib
|
|
|
ce15e9e |
Summary: Python libraries used by IPA
|
|
|
ce15e9e |
Group: System Environment/Libraries
|
|
|
f644c94 |
BuildArch: noarch
|
|
|
00828c7 |
Conflicts: %{name}-python < %{version}-%{release}
|
|
|
00828c7 |
%{?python_provide:%python_provide python2-ipalib}
|
|
|
00828c7 |
Provides: python2-ipapython = %{version}-%{release}
|
|
|
00828c7 |
%{?python_provide:%python_provide python2-ipapython}
|
|
|
00828c7 |
Provides: python2-ipaplatform = %{version}-%{release}
|
|
|
00828c7 |
%{?python_provide:%python_provide python2-ipaplatform}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: python-gssapi >= 1.1.2
|
|
|
ce15e9e |
Requires: gnupg
|
|
|
92a3878 |
Requires: iproute
|
|
|
8a7e6ad |
Requires: keyutils
|
|
|
ce15e9e |
Requires: pyOpenSSL
|
|
|
81defae |
Requires: python-nss >= 0.16
|
|
|
f644c94 |
Requires: python-cryptography >= 0.9
|
|
|
b2442d5 |
Requires: m2crypto
|
|
|
ce15e9e |
Requires: python-lxml
|
|
|
a0ca5be |
Requires: python-netaddr
|
|
|
ece84f7 |
Requires: python-libipa_hbac
|
|
|
743ef01 |
Requires: python-qrcode-core >= 5.0.0
|
|
|
92ad420 |
Requires: python-pyasn1
|
|
|
fd86e26 |
Requires: python-dateutil
|
|
|
ece84f7 |
Requires: python-yubico >= 1.2.3
|
|
|
b0ad0e0 |
Requires: python-sss-murmur
|
|
|
00828c7 |
Requires: curl
|
|
|
fd86e26 |
Requires: dbus-python
|
|
|
ece84f7 |
Requires: python-setuptools
|
|
|
00828c7 |
Requires: python-six
|
|
|
00828c7 |
Requires: python-jwcrypto
|
|
|
f644c94 |
Requires: python-cffi
|
|
|
00828c7 |
|
|
|
00828c7 |
Conflicts: %{alt_name}-python < %{version}
|
|
|
00828c7 |
|
|
|
00828c7 |
%description -n python2-ipalib
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
If you are using IPA, you need to install this package.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
|
|
|
00828c7 |
%if 0%{?with_python3}
|
|
|
00828c7 |
|
|
|
00828c7 |
%package -n python3-ipalib
|
|
|
00828c7 |
Summary: Python3 libraries used by IPA
|
|
|
00828c7 |
Group: System Environment/Libraries
|
|
|
f644c94 |
BuildArch: noarch
|
|
|
00828c7 |
%{?python_provide:%python_provide python3-ipalib}
|
|
|
00828c7 |
Provides: python3-ipapython = %{version}-%{release}
|
|
|
00828c7 |
%{?python_provide:%python_provide python3-ipapython}
|
|
|
00828c7 |
Provides: python3-ipaplatform = %{version}-%{release}
|
|
|
00828c7 |
%{?python_provide:%python_provide python3-ipaplatform}
|
|
|
00828c7 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
00828c7 |
Requires: python3-gssapi >= 1.1.2
|
|
|
00828c7 |
Requires: gnupg
|
|
|
00828c7 |
Requires: iproute
|
|
|
00828c7 |
Requires: keyutils
|
|
|
00828c7 |
Requires: python3-pyOpenSSL
|
|
|
00828c7 |
Requires: python3-nss >= 0.16
|
|
|
00828c7 |
Requires: python3-cryptography
|
|
|
00828c7 |
Requires: python3-lxml
|
|
|
00828c7 |
Requires: python3-netaddr
|
|
|
00828c7 |
Requires: python3-libipa_hbac
|
|
|
00828c7 |
Requires: python3-qrcode-core >= 5.0.0
|
|
|
00828c7 |
Requires: python3-pyasn1
|
|
|
00828c7 |
Requires: python3-dateutil
|
|
|
00828c7 |
Requires: python3-yubico >= 1.2.3
|
|
|
00828c7 |
Requires: python3-sss-murmur
|
|
|
00828c7 |
Requires: curl
|
|
|
00828c7 |
Requires: python3-dbus
|
|
|
00828c7 |
Requires: python3-setuptools
|
|
|
00828c7 |
Requires: python3-six
|
|
|
00828c7 |
Requires: python3-jwcrypto
|
|
|
f644c94 |
Requires: python3-cffi
|
|
|
00828c7 |
|
|
|
00828c7 |
%description -n python3-ipalib
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
If you are using IPA with Python 3, you need to install this package.
|
|
|
00828c7 |
|
|
|
00828c7 |
%endif # with_python3
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%package common
|
|
|
00828c7 |
Summary: Common files used by IPA
|
|
|
00828c7 |
Group: System Environment/Libraries
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
Conflicts: %{name}-python < %{version}-%{release}
|
|
|
00828c7 |
|
|
|
00828c7 |
Provides: %{alt_name}-common = %{version}
|
|
|
00828c7 |
Conflicts: %{alt_name}-common
|
|
|
00828c7 |
Obsoletes: %{alt_name}-common < %{version}
|
|
|
00828c7 |
|
|
|
00828c7 |
Conflicts: %{alt_name}-python < %{version}
|
|
|
00828c7 |
|
|
|
00828c7 |
%description common
|
|
|
e26c3e5 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
e26c3e5 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
e26c3e5 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
e26c3e5 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
e26c3e5 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
e26c3e5 |
If you are using IPA, you need to install this package.
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
8a7e6ad |
%if ! %{ONLY_CLIENT}
|
|
|
00828c7 |
|
|
|
00828c7 |
%package -n python2-ipatests
|
|
|
8a7e6ad |
Summary: IPA tests and test tools
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
Obsoletes: %{name}-tests < 4.2.91
|
|
|
f433140 |
Provides: %{name}-tests = %{version}-%{release}
|
|
|
00828c7 |
%{?python_provide:%python_provide python2-ipatests}
|
|
|
00828c7 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
f433140 |
Requires: python2-ipalib = %{version}-%{release}
|
|
|
8a7e6ad |
Requires: tar
|
|
|
8a7e6ad |
Requires: xz
|
|
|
8a7e6ad |
Requires: python-nose
|
|
|
ece84f7 |
Requires: pytest >= 2.6
|
|
|
8a7e6ad |
Requires: python-paste
|
|
|
8a7e6ad |
Requires: python-coverage
|
|
|
8a7e6ad |
Requires: python-polib
|
|
|
ece84f7 |
Requires: python-pytest-multihost >= 0.5
|
|
|
ece84f7 |
Requires: python-pytest-sourceorder
|
|
|
f644c94 |
Requires: ldns-utils
|
|
|
f92f8b8 |
Requires: python-sssdconfig
|
|
|
8a7e6ad |
|
|
|
f433140 |
Provides: %{alt_name}-tests = %{version}
|
|
|
7ccb103 |
Conflicts: %{alt_name}-tests
|
|
|
7ccb103 |
Obsoletes: %{alt_name}-tests < %{version}
|
|
|
7ccb103 |
|
|
|
00828c7 |
%description -n python2-ipatests
|
|
|
e26c3e5 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
e26c3e5 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
e26c3e5 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
e26c3e5 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
e26c3e5 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
8a7e6ad |
This package contains tests that verify IPA functionality.
|
|
|
8a7e6ad |
|
|
|
00828c7 |
|
|
|
00828c7 |
%if 0%{?with_python3}
|
|
|
00828c7 |
|
|
|
00828c7 |
%package -n python3-ipatests
|
|
|
00828c7 |
Summary: IPA tests and test tools
|
|
|
00828c7 |
BuildArch: noarch
|
|
|
00828c7 |
%{?python_provide:%python_provide python3-ipatests}
|
|
|
00828c7 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
f433140 |
Requires: python3-ipalib = %{version}-%{release}
|
|
|
00828c7 |
Requires: tar
|
|
|
00828c7 |
Requires: xz
|
|
|
00828c7 |
Requires: python3-nose
|
|
|
00828c7 |
Requires: python3-pytest >= 2.6
|
|
|
00828c7 |
Requires: python3-coverage
|
|
|
00828c7 |
Requires: python3-polib
|
|
|
00828c7 |
Requires: python3-pytest-multihost >= 0.5
|
|
|
00828c7 |
Requires: python3-pytest-sourceorder
|
|
|
f644c94 |
Requires: ldns-utils
|
|
|
f92f8b8 |
Requires: python3-sssdconfig
|
|
|
00828c7 |
|
|
|
00828c7 |
%description -n python3-ipatests
|
|
|
00828c7 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
00828c7 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
00828c7 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
00828c7 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
00828c7 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
00828c7 |
This package contains tests that verify IPA functionality under Python 3.
|
|
|
00828c7 |
|
|
|
00828c7 |
%endif # with_python3
|
|
|
00828c7 |
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
8a7e6ad |
|
|
|
8a7e6ad |
|
|
|
ce15e9e |
%prep
|
|
|
21c82e0 |
# Fedora spec file only: START
|
|
|
21c82e0 |
# Update timestamps on the files touched by a patch, to avoid non-equal
|
|
|
21c82e0 |
# .pyc/.pyo files across the multilib peers within a build, where "Level"
|
|
|
21c82e0 |
# is the patch prefix option (e.g. -p1)
|
|
|
21c82e0 |
# Taken from specfile for sssd and python-simplejson
|
|
|
21c82e0 |
UpdateTimestamps() {
|
|
|
21c82e0 |
Level=$1
|
|
|
21c82e0 |
PatchFile=$2
|
|
|
21c82e0 |
|
|
|
21c82e0 |
# Locate the affected files:
|
|
|
21c82e0 |
for f in $(diffstat $Level -l $PatchFile); do
|
|
|
21c82e0 |
# Set the files to have the same timestamp as that of the patch:
|
|
|
21c82e0 |
touch -r $PatchFile $f
|
|
|
21c82e0 |
done
|
|
|
21c82e0 |
}
|
|
|
21c82e0 |
|
|
|
21c82e0 |
%setup -n freeipa-%{VERSION} -q
|
|
|
21c82e0 |
|
|
|
21c82e0 |
for p in %patches ; do
|
|
|
21c82e0 |
%__patch -p1 -i $p
|
|
|
21c82e0 |
UpdateTimestamps -p1 $p
|
|
|
21c82e0 |
done
|
|
|
21c82e0 |
# Fedora spec file only: END
|
|
|
00828c7 |
|
|
|
23157c3 |
|
|
|
ce15e9e |
%build
|
|
|
3242eea |
# UI compilation segfaulted on some arches when the stack was lower (#1040576)
|
|
|
2071255 |
export JAVA_STACK_SIZE="8m"
|
|
|
c8a68df |
|
|
|
92ad420 |
export CFLAGS="%{optflags} $CFLAGS"
|
|
|
78bfe56 |
export LDFLAGS="%{__global_ldflags} $LDFLAGS"
|
|
|
7ccb103 |
export SUPPORTED_PLATFORM=%{platform_module}
|
|
|
7ccb103 |
|
|
|
70948cc |
# Force re-generate of platform support
|
|
|
92ad420 |
export IPA_VENDOR_VERSION_SUFFIX=-%{release}
|
|
|
92ad420 |
rm -f ipapython/version.py
|
|
|
92ad420 |
rm -f ipaplatform/services.py
|
|
|
92ad420 |
rm -f ipaplatform/tasks.py
|
|
|
92ad420 |
rm -f ipaplatform/paths.py
|
|
|
ece84f7 |
rm -f ipaplatform/constants.py
|
|
|
ce15e9e |
make version-update
|
|
|
f644c94 |
cd client; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
|
|
|
ce15e9e |
%if ! %{ONLY_CLIENT}
|
|
|
ce15e9e |
cd daemons; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir} --with-openldap; cd ..
|
|
|
ce15e9e |
cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
|
|
|
ce15e9e |
%if ! %{ONLY_CLIENT}
|
|
|
92a3878 |
make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all
|
|
|
ce15e9e |
%else
|
|
|
92a3878 |
make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
00828c7 |
%check
|
|
|
f92f8b8 |
%if ! %{ONLY_CLIENT}
|
|
|
00828c7 |
make %{?_smp_mflags} check VERBOSE=yes
|
|
|
f92f8b8 |
%else
|
|
|
f92f8b8 |
make %{?_smp_mflags} client-check VERBOSE=yes
|
|
|
f92f8b8 |
%endif # ONLY_CLIENT
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%install
|
|
|
ce15e9e |
rm -rf %{buildroot}
|
|
|
7ccb103 |
export SUPPORTED_PLATFORM=%{platform_module}
|
|
|
70948cc |
# Force re-generate of platform support
|
|
|
92ad420 |
export IPA_VENDOR_VERSION_SUFFIX=-%{release}
|
|
|
92ad420 |
rm -f ipapython/version.py
|
|
|
92ad420 |
rm -f ipaplatform/services.py
|
|
|
92ad420 |
rm -f ipaplatform/tasks.py
|
|
|
92ad420 |
rm -f ipaplatform/paths.py
|
|
|
ece84f7 |
rm -f ipaplatform/constants.py
|
|
|
92ad420 |
make version-update
|
|
|
45d13fb |
%if ! %{ONLY_CLIENT}
|
|
|
ce15e9e |
make install DESTDIR=%{buildroot}
|
|
|
00828c7 |
|
|
|
00828c7 |
mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python2_version}
|
|
|
00828c7 |
mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python2_version}
|
|
|
00828c7 |
mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python2_version}
|
|
|
00828c7 |
|
|
|
00828c7 |
%if 0%{?with_python3}
|
|
|
00828c7 |
(cd ipatests && %{__python3} setup.py install --root %{buildroot})
|
|
|
00828c7 |
mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version}
|
|
|
00828c7 |
mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version}
|
|
|
00828c7 |
mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version}
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
|
|
|
00828c7 |
%endif # with_python3
|
|
|
00828c7 |
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests-2
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config-2
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task-2
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-run-tests-%{python2_version} %{buildroot}%{_bindir}/ipa-run-tests
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-test-config-%{python2_version} %{buildroot}%{_bindir}/ipa-test-config
|
|
|
00828c7 |
ln -s %{_bindir}/ipa-test-task-%{python2_version} %{buildroot}%{_bindir}/ipa-test-task
|
|
|
00828c7 |
|
|
|
ce15e9e |
%else
|
|
|
ce15e9e |
make client-install DESTDIR=%{buildroot}
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
|
|
|
00828c7 |
%if 0%{?with_python3}
|
|
|
00828c7 |
(cd ipalib && make PYTHON=%{__python3} IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} DESTDIR=%{buildroot} install)
|
|
|
00828c7 |
(cd ipapython && make PYTHON=%{__python3} IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} DESTDIR=%{buildroot} install)
|
|
|
00828c7 |
(cd ipaplatform && %{__python3} setup.py install --root %{buildroot})
|
|
|
f644c94 |
(cd ipaclient && %{__python3} setup.py install --root %{buildroot})
|
|
|
00828c7 |
%endif # with_python3
|
|
|
00828c7 |
|
|
|
f92f8b8 |
# Switch shebang of /usr/bin/ipa
|
|
|
f92f8b8 |
# XXX: ipa cli is not stable enough for enabling py3 support, keep it in py2
|
|
|
f92f8b8 |
# in any case
|
|
|
f92f8b8 |
sed -i -e'1s/python\(3\|$\)/python2/' %{buildroot}%{_bindir}/ipa
|
|
|
f92f8b8 |
|
|
|
00828c7 |
%find_lang %{gettext_domain}
|
|
|
ce15e9e |
|
|
|
7ccb103 |
mkdir -p %{buildroot}%{_usr}/share/ipa
|
|
|
7ccb103 |
|
|
|
ce15e9e |
%if ! %{ONLY_CLIENT}
|
|
|
ce15e9e |
# Remove .la files from libtool - we don't want to package
|
|
|
ce15e9e |
# these files
|
|
|
ce15e9e |
rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la
|
|
|
ce15e9e |
rm %{buildroot}/%{plugin_dir}/libipa_enrollment_extop.la
|
|
|
ce15e9e |
rm %{buildroot}/%{plugin_dir}/libipa_winsync.la
|
|
|
ce15e9e |
rm %{buildroot}/%{plugin_dir}/libipa_repl_version.la
|
|
|
ce15e9e |
rm %{buildroot}/%{plugin_dir}/libipa_uuid.la
|
|
|
ce15e9e |
rm %{buildroot}/%{plugin_dir}/libipa_modrdn.la
|
|
|
ce15e9e |
rm %{buildroot}/%{plugin_dir}/libipa_lockout.la
|
|
|
a0ca5be |
rm %{buildroot}/%{plugin_dir}/libipa_cldap.la
|
|
|
45d13fb |
rm %{buildroot}/%{plugin_dir}/libipa_dns.la
|
|
|
a0ca5be |
rm %{buildroot}/%{plugin_dir}/libipa_sidgen.la
|
|
|
a0ca5be |
rm %{buildroot}/%{plugin_dir}/libipa_sidgen_task.la
|
|
|
a0ca5be |
rm %{buildroot}/%{plugin_dir}/libipa_extdom_extop.la
|
|
|
a0ca5be |
rm %{buildroot}/%{plugin_dir}/libipa_range_check.la
|
|
|
7ccb103 |
rm %{buildroot}/%{plugin_dir}/libipa_otp_counter.la
|
|
|
92ad420 |
rm %{buildroot}/%{plugin_dir}/libipa_otp_lasttoken.la
|
|
|
ece84f7 |
rm %{buildroot}/%{plugin_dir}/libtopology.la
|
|
|
c3929a4 |
rm %{buildroot}/%{_libdir}/krb5/plugins/kdb/ipadb.la
|
|
|
a0ca5be |
rm %{buildroot}/%{_libdir}/samba/pdb/ipasam.la
|
|
|
ce15e9e |
|
|
|
ce15e9e |
# Some user-modifiable HTML files are provided. Move these to /etc
|
|
|
ce15e9e |
# and link back.
|
|
|
ce15e9e |
mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html
|
|
|
ce15e9e |
mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysrestore
|
|
|
a0ca5be |
mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysupgrade
|
|
|
ce15e9e |
mkdir %{buildroot}%{_usr}/share/ipa/html/
|
|
|
8a8da0b |
ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig.js \
|
|
|
8a8da0b |
%{buildroot}%{_usr}/share/ipa/html/ffconfig.js
|
|
|
8a8da0b |
ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig_page.js \
|
|
|
8a8da0b |
%{buildroot}%{_usr}/share/ipa/html/ffconfig_page.js
|
|
|
ce15e9e |
ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
|
|
|
ce15e9e |
%{buildroot}%{_usr}/share/ipa/html/ssbrowser.html
|
|
|
ce15e9e |
ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
|
|
|
ce15e9e |
%{buildroot}%{_usr}/share/ipa/html/unauthorized.html
|
|
|
ce15e9e |
ln -s ../../../..%{_sysconfdir}/ipa/html/browserconfig.html \
|
|
|
ce15e9e |
%{buildroot}%{_usr}/share/ipa/html/browserconfig.html
|
|
|
ce15e9e |
|
|
|
ce15e9e |
# So we can own our Apache configuration
|
|
|
ce15e9e |
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
|
|
|
ce15e9e |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf
|
|
|
ece84f7 |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
|
|
70948cc |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
|
|
ce15e9e |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
|
|
c3929a4 |
mkdir -p %{buildroot}%{_usr}/share/ipa/html/
|
|
|
c3929a4 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt
|
|
|
8a8da0b |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/kerberosauth.xpi
|
|
|
c3929a4 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con
|
|
|
8a8da0b |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.js
|
|
|
c3929a4 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini
|
|
|
c3929a4 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con
|
|
|
c3929a4 |
mkdir -p %{buildroot}%{_initrddir}
|
|
|
18a9ea0 |
mkdir %{buildroot}%{_sysconfdir}/sysconfig/
|
|
|
18a9ea0 |
install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
|
|
|
7ccb103 |
install -m 644 init/ipa-dnskeysyncd.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-dnskeysyncd
|
|
|
7ccb103 |
install -m 644 init/ipa-ods-exporter.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-ods-exporter
|
|
|
7ccb103 |
install -m 644 daemons/dnssec/ipa-ods-exporter.socket %{buildroot}%{_unitdir}/ipa-ods-exporter.socket
|
|
|
7ccb103 |
install -m 644 daemons/dnssec/ipa-ods-exporter.service %{buildroot}%{_unitdir}/ipa-ods-exporter.service
|
|
|
7ccb103 |
install -m 644 daemons/dnssec/ipa-dnskeysyncd.service %{buildroot}%{_unitdir}/ipa-dnskeysyncd.service
|
|
|
7ccb103 |
|
|
|
7ccb103 |
# dnssec daemons
|
|
|
7ccb103 |
mkdir -p %{buildroot}%{_libexecdir}/ipa/
|
|
|
7ccb103 |
install daemons/dnssec/ipa-dnskeysyncd %{buildroot}%{_libexecdir}/ipa/ipa-dnskeysyncd
|
|
|
7ccb103 |
install daemons/dnssec/ipa-dnskeysync-replica %{buildroot}%{_libexecdir}/ipa/ipa-dnskeysync-replica
|
|
|
7ccb103 |
install daemons/dnssec/ipa-ods-exporter %{buildroot}%{_libexecdir}/ipa/ipa-ods-exporter
|
|
|
45d13fb |
|
|
|
5e12d2d |
# Web UI plugin dir
|
|
|
5e12d2d |
mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins
|
|
|
5e12d2d |
|
|
|
00828c7 |
# DNSSEC config
|
|
|
00828c7 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/dnssec
|
|
|
00828c7 |
|
|
|
ece84f7 |
# KDC proxy config (Apache config sets KDCPROXY_CONFIG to load this file)
|
|
|
ece84f7 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/kdcproxy/
|
|
|
ece84f7 |
install -m 644 install/share/kdcproxy.conf %{buildroot}%{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
|
|
|
ece84f7 |
|
|
|
45d13fb |
# NOTE: systemd specific section
|
|
|
7ccb103 |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
7ccb103 |
install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
|
|
45d13fb |
# END
|
|
|
45d13fb |
|
|
|
18a9ea0 |
mkdir -p %{buildroot}%{_localstatedir}/run/
|
|
|
18a9ea0 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
|
|
|
5e038ec |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa/
|
|
|
ece84f7 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/httpd/ipa
|
|
|
ece84f7 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/httpd/ipa/clientcaches
|
|
|
ece84f7 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/httpd/ipa/krbcache
|
|
|
18a9ea0 |
|
|
|
4de47b3 |
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
|
|
|
4de47b3 |
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|
|
4de47b3 |
|
|
|
45d13fb |
# NOTE: systemd specific section
|
|
|
45d13fb |
mkdir -p %{buildroot}%{_unitdir}
|
|
|
ece84f7 |
mkdir -p %{buildroot}%{etc_systemd_dir}
|
|
|
45d13fb |
install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
|
|
|
45d13fb |
install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
|
|
|
ece84f7 |
install -m 644 init/systemd/httpd.service %{buildroot}%{etc_systemd_dir}/httpd.service
|
|
|
00828c7 |
install -m 644 init/systemd/ipa-custodia.service %{buildroot}%{_unitdir}/ipa-custodia.service
|
|
|
45d13fb |
# END
|
|
|
5e12d2d |
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
|
|
|
ce15e9e |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/
|
|
|
ce15e9e |
/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf
|
|
|
c3929a4 |
/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt
|
|
|
7ccb103 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/nssdb
|
|
|
ce15e9e |
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
|
|
|
ce15e9e |
mkdir -p %{buildroot}%{_sysconfdir}/bash_completion.d
|
|
|
ce15e9e |
install -pm 644 contrib/completion/ipa.bash_completion %{buildroot}%{_sysconfdir}/bash_completion.d/ipa
|
|
|
7ccb103 |
|
|
|
7ccb103 |
%if ! %{ONLY_CLIENT}
|
|
|
2bb258d |
mkdir -p %{buildroot}%{_sysconfdir}/cron.d
|
|
|
ce15e9e |
|
|
|
a0ca5be |
(cd %{buildroot}/%{python_sitelib}/ipaserver && find . -type f | \
|
|
|
3ee1e7d |
sed -e 's,\.py.*$,.*,g' | sort -u | \
|
|
|
3ee1e7d |
sed -e 's,\./,%%{python_sitelib}/ipaserver/,g' ) >server-python.list
|
|
|
8a7e6ad |
|
|
|
8a7e6ad |
(cd %{buildroot}/%{python_sitelib}/ipatests && find . -type f | \
|
|
|
8a7e6ad |
sed -e 's,\.py.*$,.*,g' | sort -u | \
|
|
|
8a7e6ad |
sed -e 's,\./,%%{python_sitelib}/ipatests/,g' ) >tests-python.list
|
|
|
00828c7 |
|
|
|
00828c7 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/custodia
|
|
|
00828c7 |
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
a0ca5be |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%clean
|
|
|
ce15e9e |
rm -rf %{buildroot}
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%if ! %{ONLY_CLIENT}
|
|
|
00828c7 |
|
|
|
ce15e9e |
%post server
|
|
|
45d13fb |
# NOTE: systemd specific section
|
|
|
70948cc |
/bin/systemctl --system daemon-reload 2>&1 || :
|
|
|
45d13fb |
# END
|
|
|
f218625 |
if [ $1 -gt 1 ] ; then
|
|
|
45d13fb |
/bin/systemctl condrestart certmonger.service 2>&1 || :
|
|
|
f218625 |
fi
|
|
|
00828c7 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
00828c7 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
00828c7 |
|
|
|
ce15e9e |
|
|
|
c3929a4 |
%posttrans server
|
|
|
f644c94 |
# don't execute upgrade and restart of IPA when server is not installed
|
|
|
92ad420 |
python2 -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1
|
|
|
f644c94 |
|
|
|
9f95811 |
if [ $? -eq 0 ]; then
|
|
|
f644c94 |
# This must be run in posttrans so that updates from previous
|
|
|
f644c94 |
# execution that may no longer be shipped are not applied.
|
|
|
f644c94 |
/usr/sbin/ipa-server-upgrade --quiet >/dev/null || :
|
|
|
f644c94 |
|
|
|
f644c94 |
# Restart IPA processes. This must be also run in postrans so that plugins
|
|
|
f644c94 |
# and software is in consistent state
|
|
|
f644c94 |
# NOTE: systemd specific section
|
|
|
f644c94 |
|
|
|
92ad420 |
/bin/systemctl is-enabled ipa.service >/dev/null 2>&1
|
|
|
92ad420 |
if [ $? -eq 0 ]; then
|
|
|
92ad420 |
/bin/systemctl restart ipa.service >/dev/null 2>&1 || :
|
|
|
92ad420 |
fi
|
|
|
9f95811 |
fi
|
|
|
9f95811 |
# END
|
|
|
c3929a4 |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%preun server
|
|
|
ce15e9e |
if [ $1 = 0 ]; then
|
|
|
45d13fb |
# NOTE: systemd specific section
|
|
|
70948cc |
/bin/systemctl --quiet stop ipa.service || :
|
|
|
70948cc |
/bin/systemctl --quiet disable ipa.service || :
|
|
|
00828c7 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
00828c7 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
45d13fb |
# END
|
|
|
ce15e9e |
fi
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
45d13fb |
%pre server
|
|
|
45d13fb |
# Stop ipa_kpasswd if it exists before upgrading so we don't have a
|
|
|
45d13fb |
# zombie process when we're done.
|
|
|
45d13fb |
if [ -e /usr/sbin/ipa_kpasswd ]; then
|
|
|
45d13fb |
# NOTE: systemd specific section
|
|
|
45d13fb |
/bin/systemctl stop ipa_kpasswd.service >/dev/null 2>&1 || :
|
|
|
45d13fb |
# END
|
|
|
ce15e9e |
fi
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
4de47b3 |
%postun server-trust-ad
|
|
|
4de47b3 |
if [ "$1" -ge "1" ]; then
|
|
|
3ee1e7d |
if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then
|
|
|
3ee1e7d |
%{_sbindir}/alternatives --set winbind_krb5_locator.so /dev/null
|
|
|
3ee1e7d |
fi
|
|
|
4de47b3 |
fi
|
|
|
4de47b3 |
|
|
|
00828c7 |
|
|
|
4de47b3 |
%post server-trust-ad
|
|
|
4de47b3 |
%{_sbindir}/update-alternatives --install %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \
|
|
|
3ee1e7d |
winbind_krb5_locator.so /dev/null 90
|
|
|
ece84f7 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
ece84f7 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
9f95811 |
|
|
|
00828c7 |
|
|
|
9f95811 |
%posttrans server-trust-ad
|
|
|
92ad420 |
python2 -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1
|
|
|
c6c1e1d |
if [ $? -eq 0 ]; then
|
|
|
45d13fb |
# NOTE: systemd specific section
|
|
|
c6c1e1d |
/bin/systemctl try-restart httpd.service >/dev/null 2>&1 || :
|
|
|
45d13fb |
# END
|
|
|
c6c1e1d |
fi
|
|
|
4de47b3 |
|
|
|
00828c7 |
|
|
|
4de47b3 |
%preun server-trust-ad
|
|
|
4de47b3 |
if [ $1 -eq 0 ]; then
|
|
|
3ee1e7d |
%{_sbindir}/update-alternatives --remove winbind_krb5_locator.so /dev/null
|
|
|
ece84f7 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
ece84f7 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
4de47b3 |
fi
|
|
|
92ad420 |
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
5e038ec |
%post client
|
|
|
5e038ec |
if [ $1 -gt 1 ] ; then
|
|
|
5e038ec |
# Has the client been configured?
|
|
|
5e038ec |
restore=0
|
|
|
5e038ec |
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
|
|
5e038ec |
|
|
|
5e038ec |
if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
|
|
|
3ee1e7d |
if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
|
|
|
5e038ec |
echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
|
|
|
5e038ec |
cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
|
|
|
ece84f7 |
mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
|
|
|
5e038ec |
fi
|
|
|
5e038ec |
fi
|
|
|
9d21232 |
|
|
|
9d21232 |
if [ -f '/etc/sysconfig/ntpd' -a $restore -ge 2 ]; then
|
|
|
9d21232 |
if grep -E -q 'OPTIONS=.*-u ntp:ntp' /etc/sysconfig/ntpd 2>/dev/null; then
|
|
|
9d21232 |
sed -r '/OPTIONS=/ { s/\s+-u ntp:ntp\s+/ /; s/\s*-u ntp:ntp\s*// }' /etc/sysconfig/ntpd >/etc/sysconfig/ntpd.ipanew
|
|
|
ece84f7 |
mv -Z /etc/sysconfig/ntpd.ipanew /etc/sysconfig/ntpd
|
|
|
9d21232 |
|
|
|
9d21232 |
/bin/systemctl condrestart ntpd.service 2>&1 || :
|
|
|
9d21232 |
fi
|
|
|
9d21232 |
fi
|
|
|
7ccb103 |
|
|
|
f644c94 |
if [ $restore -ge 2 ]; then
|
|
|
f644c94 |
python2 -c 'from ipapython.certdb import update_ipa_nssdb; update_ipa_nssdb()' >/var/log/ipaupgrade.log 2>&1
|
|
|
7ccb103 |
fi
|
|
|
5e038ec |
fi
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
00828c7 |
%triggerin client -- openssh-server
|
|
|
5e12d2d |
# Has the client been configured?
|
|
|
5e12d2d |
restore=0
|
|
|
5e12d2d |
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
|
|
5e12d2d |
|
|
|
5e12d2d |
if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
|
|
|
3ee1e7d |
if grep -E -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then
|
|
|
5e12d2d |
sed -r '
|
|
|
5e12d2d |
/^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
|
|
|
5e12d2d |
' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew
|
|
|
5e12d2d |
|
|
|
5e12d2d |
if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then
|
|
|
5e12d2d |
sed -ri '
|
|
|
5e12d2d |
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
|
|
|
5e12d2d |
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
|
|
|
5e12d2d |
' /etc/ssh/sshd_config.ipanew
|
|
|
5e12d2d |
elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then
|
|
|
5e12d2d |
sed -ri '
|
|
|
5e12d2d |
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
|
|
|
5e12d2d |
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
|
|
|
5e12d2d |
' /etc/ssh/sshd_config.ipanew
|
|
|
5e12d2d |
elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then
|
|
|
5e12d2d |
sed -ri '
|
|
|
5e12d2d |
s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/
|
|
|
5e12d2d |
s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
|
|
|
5e12d2d |
' /etc/ssh/sshd_config.ipanew
|
|
|
5e12d2d |
fi
|
|
|
5e12d2d |
|
|
|
ece84f7 |
mv -Z /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
|
|
|
5e12d2d |
chmod 600 /etc/ssh/sshd_config
|
|
|
5e12d2d |
|
|
|
5e12d2d |
/bin/systemctl condrestart sshd.service 2>&1 || :
|
|
|
5e12d2d |
fi
|
|
|
5e12d2d |
fi
|
|
|
5e12d2d |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%if ! %{ONLY_CLIENT}
|
|
|
00828c7 |
|
|
|
00828c7 |
%files server
|
|
|
ce15e9e |
%defattr(-,root,root,-)
|
|
|
ece84f7 |
%doc README Contributors.txt
|
|
|
ece84f7 |
%license COPYING
|
|
|
5e12d2d |
%{_sbindir}/ipa-backup
|
|
|
5e12d2d |
%{_sbindir}/ipa-restore
|
|
|
92a3878 |
%{_sbindir}/ipa-ca-install
|
|
|
ece84f7 |
%{_sbindir}/ipa-kra-install
|
|
|
ce15e9e |
%{_sbindir}/ipa-server-install
|
|
|
92a3878 |
%{_sbindir}/ipa-replica-conncheck
|
|
|
ce15e9e |
%{_sbindir}/ipa-replica-install
|
|
|
ce15e9e |
%{_sbindir}/ipa-replica-prepare
|
|
|
ce15e9e |
%{_sbindir}/ipa-replica-manage
|
|
|
92a3878 |
%{_sbindir}/ipa-csreplica-manage
|
|
|
ce15e9e |
%{_sbindir}/ipa-server-certinstall
|
|
|
ece84f7 |
%{_sbindir}/ipa-server-upgrade
|
|
|
68ba56c |
%{_sbindir}/ipa-ldap-updater
|
|
|
92ad420 |
%{_sbindir}/ipa-otptoken-import
|
|
|
68ba56c |
%{_sbindir}/ipa-compat-manage
|
|
|
68ba56c |
%{_sbindir}/ipa-nis-manage
|
|
|
70948cc |
%{_sbindir}/ipa-managed-entries
|
|
|
ce15e9e |
%{_sbindir}/ipactl
|
|
|
ce15e9e |
%{_sbindir}/ipa-upgradeconfig
|
|
|
8a7e6ad |
%{_sbindir}/ipa-advise
|
|
|
7ccb103 |
%{_sbindir}/ipa-cacert-manage
|
|
|
ece84f7 |
%{_sbindir}/ipa-winsync-migrate
|
|
|
92ad420 |
%{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
fd86e26 |
%{_libexecdir}/certmonger/ipa-server-guard
|
|
|
12216fc |
%{_libexecdir}/ipa-otpd
|
|
|
7ccb103 |
%dir %{_libexecdir}/ipa
|
|
|
7ccb103 |
%{_libexecdir}/ipa/ipa-dnskeysyncd
|
|
|
7ccb103 |
%{_libexecdir}/ipa/ipa-dnskeysync-replica
|
|
|
7ccb103 |
%{_libexecdir}/ipa/ipa-ods-exporter
|
|
|
ece84f7 |
%{_libexecdir}/ipa/ipa-httpd-kdcproxy
|
|
|
00828c7 |
%dir %{_libexecdir}/ipa/oddjob
|
|
|
00828c7 |
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck
|
|
|
00828c7 |
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf
|
|
|
00828c7 |
%config(noreplace) %{_sysconfdir}/oddjobd.conf.d/ipa-server.conf
|
|
|
f644c94 |
%dir %{_libexecdir}/ipa/certmonger
|
|
|
f644c94 |
%attr(755,root,root) %{_libexecdir}/ipa/certmonger/*
|
|
|
00828c7 |
# NOTE: systemd specific section
|
|
|
00828c7 |
%attr(644,root,root) %{_unitdir}/ipa.service
|
|
|
00828c7 |
%attr(644,root,root) %{_unitdir}/ipa-otpd.socket
|
|
|
00828c7 |
%attr(644,root,root) %{_unitdir}/ipa-otpd@.service
|
|
|
00828c7 |
%attr(644,root,root) %{_unitdir}/ipa-dnskeysyncd.service
|
|
|
00828c7 |
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.socket
|
|
|
00828c7 |
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.service
|
|
|
00828c7 |
# END
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_winsync.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_repl_version.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_uuid.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_lockout.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_cldap.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_dns.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_range_check.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_otp_counter.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_otp_lasttoken.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libtopology.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_sidgen.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_sidgen_task.so
|
|
|
00828c7 |
%attr(755,root,root) %{plugin_dir}/libipa_extdom_extop.so
|
|
|
00828c7 |
%attr(755,root,root) %{_libdir}/krb5/plugins/kdb/ipadb.so
|
|
|
00828c7 |
%{_mandir}/man1/ipa-replica-conncheck.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-replica-install.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-replica-manage.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-csreplica-manage.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-replica-prepare.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-server-certinstall.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-server-install.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-server-upgrade.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-ca-install.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-kra-install.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-compat-manage.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-nis-manage.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-managed-entries.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-ldap-updater.1.gz
|
|
|
00828c7 |
%{_mandir}/man8/ipactl.8.gz
|
|
|
00828c7 |
%{_mandir}/man8/ipa-upgradeconfig.8.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-backup.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-restore.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-advise.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-otptoken-import.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-cacert-manage.1.gz
|
|
|
00828c7 |
%{_mandir}/man1/ipa-winsync-migrate.1.gz
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%files -n python2-ipaserver -f server-python.list
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
f92f8b8 |
%{python_sitelib}/freeipa-*.egg-info
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaserver
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaserver/install
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaserver/install/plugins
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaserver/install/server
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaserver/advise
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaserver/advise/plugins
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaserver/plugins
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%files server-common
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
e26c3e5 |
%ghost %verify(not owner group) %dir %{_sharedstatedir}/kdcproxy
|
|
|
ece84f7 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/kdcproxy
|
|
|
18a9ea0 |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
|
|
|
7ccb103 |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
|
|
|
7ccb103 |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
|
|
|
ece84f7 |
%config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
|
|
|
18a9ea0 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
|
|
|
5e038ec |
%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
|
|
|
ece84f7 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/httpd/ipa/
|
|
|
ece84f7 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/httpd/ipa/clientcaches/
|
|
|
ece84f7 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/httpd/ipa/krbcache/
|
|
|
45d13fb |
# NOTE: systemd specific section
|
|
|
7ccb103 |
%{_tmpfilesdir}/%{name}.conf
|
|
|
18a9ea0 |
%attr(644,root,root) %{_unitdir}/ipa_memcached.service
|
|
|
00828c7 |
%attr(644,root,root) %{_unitdir}/ipa-custodia.service
|
|
|
ece84f7 |
%attr(644,root,root) %{etc_systemd_dir}/httpd.service
|
|
|
3ee1e7d |
# END
|
|
|
ce15e9e |
%dir %{_usr}/share/ipa
|
|
|
ce15e9e |
%{_usr}/share/ipa/wsgi.py*
|
|
|
5e038ec |
%{_usr}/share/ipa/copy-schema-to-ca.py*
|
|
|
ce15e9e |
%{_usr}/share/ipa/*.ldif
|
|
|
ce15e9e |
%{_usr}/share/ipa/*.uldif
|
|
|
ce15e9e |
%{_usr}/share/ipa/*.template
|
|
|
8a7e6ad |
%dir %{_usr}/share/ipa/advise
|
|
|
8a7e6ad |
%dir %{_usr}/share/ipa/advise/legacy
|
|
|
8a7e6ad |
%{_usr}/share/ipa/advise/legacy/*.template
|
|
|
ece84f7 |
%dir %{_usr}/share/ipa/profiles
|
|
|
ece84f7 |
%{_usr}/share/ipa/profiles/*.cfg
|
|
|
8a8da0b |
%dir %{_usr}/share/ipa/ffextension
|
|
|
8a8da0b |
%{_usr}/share/ipa/ffextension/bootstrap.js
|
|
|
8a8da0b |
%{_usr}/share/ipa/ffextension/install.rdf
|
|
|
8a8da0b |
%{_usr}/share/ipa/ffextension/chrome.manifest
|
|
|
8a8da0b |
%dir %{_usr}/share/ipa/ffextension/chrome
|
|
|
8a8da0b |
%dir %{_usr}/share/ipa/ffextension/chrome/content
|
|
|
8a8da0b |
%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth.js
|
|
|
8a8da0b |
%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth_overlay.xul
|
|
|
8a8da0b |
%dir %{_usr}/share/ipa/ffextension/locale
|
|
|
8a8da0b |
%dir %{_usr}/share/ipa/ffextension/locale/en-US
|
|
|
8a8da0b |
%{_usr}/share/ipa/ffextension/locale/en-US/kerberosauth.properties
|
|
|
ce15e9e |
%dir %{_usr}/share/ipa/html
|
|
|
8a8da0b |
%{_usr}/share/ipa/html/ffconfig.js
|
|
|
8a8da0b |
%{_usr}/share/ipa/html/ffconfig_page.js
|
|
|
ce15e9e |
%{_usr}/share/ipa/html/ssbrowser.html
|
|
|
ce15e9e |
%{_usr}/share/ipa/html/browserconfig.html
|
|
|
ce15e9e |
%{_usr}/share/ipa/html/unauthorized.html
|
|
|
ce15e9e |
%dir %{_usr}/share/ipa/migration
|
|
|
ce15e9e |
%{_usr}/share/ipa/migration/error.html
|
|
|
ce15e9e |
%{_usr}/share/ipa/migration/index.html
|
|
|
ce15e9e |
%{_usr}/share/ipa/migration/invalid.html
|
|
|
ce15e9e |
%{_usr}/share/ipa/migration/migration.py*
|
|
|
ce15e9e |
%dir %{_usr}/share/ipa/ui
|
|
|
ce15e9e |
%{_usr}/share/ipa/ui/index.html
|
|
|
a0ca5be |
%{_usr}/share/ipa/ui/reset_password.html
|
|
|
92ad420 |
%{_usr}/share/ipa/ui/sync_otp.html
|
|
|
92a3878 |
%{_usr}/share/ipa/ui/*.ico
|
|
|
ce15e9e |
%{_usr}/share/ipa/ui/*.css
|
|
|
ce15e9e |
%{_usr}/share/ipa/ui/*.js
|
|
|
92ad420 |
%dir %{_usr}/share/ipa/ui/css
|
|
|
92ad420 |
%{_usr}/share/ipa/ui/css/*.css
|
|
|
9d21232 |
%dir %{_usr}/share/ipa/ui/js
|
|
|
45d13fb |
%dir %{_usr}/share/ipa/ui/js/dojo
|
|
|
45d13fb |
%{_usr}/share/ipa/ui/js/dojo/dojo.js
|
|
|
45d13fb |
%dir %{_usr}/share/ipa/ui/js/libs
|
|
|
45d13fb |
%{_usr}/share/ipa/ui/js/libs/*.js
|
|
|
45d13fb |
%dir %{_usr}/share/ipa/ui/js/freeipa
|
|
|
45d13fb |
%{_usr}/share/ipa/ui/js/freeipa/app.js
|
|
|
92ad420 |
%{_usr}/share/ipa/ui/js/freeipa/core.js
|
|
|
5e12d2d |
%dir %{_usr}/share/ipa/ui/js/plugins
|
|
|
c3929a4 |
%dir %{_usr}/share/ipa/ui/images
|
|
|
92ad420 |
%{_usr}/share/ipa/ui/images/*.jpg
|
|
|
c3929a4 |
%{_usr}/share/ipa/ui/images/*.png
|
|
|
5e12d2d |
%dir %{_usr}/share/ipa/wsgi
|
|
|
5e12d2d |
%{_usr}/share/ipa/wsgi/plugins.py*
|
|
|
ce15e9e |
%dir %{_sysconfdir}/ipa
|
|
|
ce15e9e |
%dir %{_sysconfdir}/ipa/html
|
|
|
4de47b3 |
%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js
|
|
|
4de47b3 |
%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js
|
|
|
ce15e9e |
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
|
|
|
ce15e9e |
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
|
|
|
ce15e9e |
%config(noreplace) %{_sysconfdir}/ipa/html/browserconfig.html
|
|
|
ce15e9e |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
|
|
ce15e9e |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
|
|
|
ece84f7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
|
|
70948cc |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
|
|
ece84f7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/ipa-kdc-proxy.conf
|
|
|
00828c7 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/dnssec
|
|
|
ce15e9e |
%{_usr}/share/ipa/ipa.conf
|
|
|
ce15e9e |
%{_usr}/share/ipa/ipa-rewrite.conf
|
|
|
70948cc |
%{_usr}/share/ipa/ipa-pki-proxy.conf
|
|
|
ece84f7 |
%{_usr}/share/ipa/kdcproxy.conf
|
|
|
c3929a4 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
|
|
|
8a8da0b |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/kerberosauth.xpi
|
|
|
c3929a4 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
|
|
|
8a8da0b |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.js
|
|
|
c3929a4 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini
|
|
|
c3929a4 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con
|
|
|
ce15e9e |
%dir %{_usr}/share/ipa/updates/
|
|
|
ce15e9e |
%{_usr}/share/ipa/updates/*
|
|
|
ce15e9e |
%dir %{_localstatedir}/lib/ipa
|
|
|
5e12d2d |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/backup
|
|
|
ce15e9e |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
|
|
|
a0ca5be |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysupgrade
|
|
|
4de47b3 |
%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/pki-ca
|
|
|
9f95811 |
%ghost %{_localstatedir}/lib/ipa/pki-ca/publish
|
|
Simo Sorce |
da888bc |
%ghost %{_localstatedir}/named/dyndb-ldap/ipa
|
|
|
00828c7 |
%dir %attr(0700,root,root) %{_sysconfdir}/ipa/custodia
|
|
|
00828c7 |
|
|
|
ece84f7 |
|
|
|
ece84f7 |
%files server-dns
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
ece84f7 |
%{_sbindir}/ipa-dns-install
|
|
|
ece84f7 |
%{_mandir}/man1/ipa-dns-install.1.gz
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
a0ca5be |
%files server-trust-ad
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
a0ca5be |
%{_sbindir}/ipa-adtrust-install
|
|
|
a0ca5be |
%{_usr}/share/ipa/smb.conf.empty
|
|
|
a0ca5be |
%attr(755,root,root) %{_libdir}/samba/pdb/ipasam.so
|
|
|
a0ca5be |
%{_mandir}/man1/ipa-adtrust-install.1.gz
|
|
|
4de47b3 |
%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|
|
ece84f7 |
%{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf
|
|
|
ece84f7 |
%{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf
|
|
|
21c82e0 |
%%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains
|
|
|
1aec1ac |
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%files client
|
|
|
ce15e9e |
%defattr(-,root,root,-)
|
|
|
ece84f7 |
%doc README Contributors.txt
|
|
|
ece84f7 |
%license COPYING
|
|
|
ce15e9e |
%{_sbindir}/ipa-client-install
|
|
|
a0ca5be |
%{_sbindir}/ipa-client-automount
|
|
|
7ccb103 |
%{_sbindir}/ipa-certupdate
|
|
|
ce15e9e |
%{_sbindir}/ipa-getkeytab
|
|
|
ce15e9e |
%{_sbindir}/ipa-rmkeytab
|
|
|
ce15e9e |
%{_sbindir}/ipa-join
|
|
|
ce15e9e |
%{_mandir}/man1/ipa-getkeytab.1.gz
|
|
|
ce15e9e |
%{_mandir}/man1/ipa-rmkeytab.1.gz
|
|
|
ce15e9e |
%{_mandir}/man1/ipa-client-install.1.gz
|
|
|
a0ca5be |
%{_mandir}/man1/ipa-client-automount.1.gz
|
|
|
7ccb103 |
%{_mandir}/man1/ipa-certupdate.1.gz
|
|
|
ce15e9e |
%{_mandir}/man1/ipa-join.1.gz
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%files -n python2-ipaclient
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
00828c7 |
%dir %{python_sitelib}/ipaclient
|
|
|
00828c7 |
%{python_sitelib}/ipaclient/*.py*
|
|
|
f644c94 |
%{python_sitelib}/ipaclient-*.egg-info
|
|
|
f644c94 |
|
|
|
f644c94 |
|
|
|
f644c94 |
%if 0%{?with_python3}
|
|
|
f644c94 |
|
|
|
f644c94 |
%files -n python3-ipaclient
|
|
|
f644c94 |
%defattr(-,root,root,-)
|
|
|
f644c94 |
%doc README Contributors.txt
|
|
|
f644c94 |
%license COPYING
|
|
|
f644c94 |
%dir %{python3_sitelib}/ipaclient
|
|
|
f644c94 |
%{python3_sitelib}/ipaclient/*.py
|
|
|
f644c94 |
%{python3_sitelib}/ipaclient/__pycache__/*.py*
|
|
|
f644c94 |
%{python3_sitelib}/ipaclient-*.egg-info
|
|
|
f644c94 |
|
|
|
f644c94 |
%endif # with_python3
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%files client-common
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
00828c7 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
|
|
|
00828c7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
|
|
|
00828c7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
|
|
|
00828c7 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb
|
|
|
00828c7 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db
|
|
|
00828c7 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db
|
|
|
00828c7 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
|
|
|
00828c7 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
|
|
|
00828c7 |
%ghost %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
|
|
|
00828c7 |
%dir %{_usr}/share/ipa
|
|
|
00828c7 |
%dir %{_localstatedir}/lib/ipa-client
|
|
|
00828c7 |
%dir %{_localstatedir}/lib/ipa-client/sysrestore
|
|
|
c6cab8a |
%{_mandir}/man5/default.conf.5.gz
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
ce15e9e |
%files admintools
|
|
|
ce15e9e |
%defattr(-,root,root,-)
|
|
|
ece84f7 |
%doc README Contributors.txt
|
|
|
ece84f7 |
%license COPYING
|
|
|
ce15e9e |
%{_bindir}/ipa
|
|
|
ce15e9e |
%config %{_sysconfdir}/bash_completion.d
|
|
|
ce15e9e |
%{_mandir}/man1/ipa.1.gz
|
|
|
ce15e9e |
|
|
|
00828c7 |
|
|
|
00828c7 |
%files python-compat
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%files -n python2-ipalib
|
|
|
ce15e9e |
%defattr(-,root,root,-)
|
|
|
ece84f7 |
%doc README Contributors.txt
|
|
|
ece84f7 |
%license COPYING
|
|
|
ce15e9e |
%dir %{python_sitelib}/ipapython
|
|
|
ce15e9e |
%{python_sitelib}/ipapython/*.py*
|
|
|
7ccb103 |
%dir %{python_sitelib}/ipapython/dnssec
|
|
|
7ccb103 |
%{python_sitelib}/ipapython/dnssec/*.py*
|
|
|
ece84f7 |
%dir %{python_sitelib}/ipapython/install
|
|
|
ece84f7 |
%{python_sitelib}/ipapython/install/*.py*
|
|
|
00828c7 |
%dir %{python_sitelib}/ipapython/secrets
|
|
|
00828c7 |
%{python_sitelib}/ipapython/secrets/*.py*
|
|
|
ce15e9e |
%dir %{python_sitelib}/ipalib
|
|
|
ce15e9e |
%{python_sitelib}/ipalib/*
|
|
|
92ad420 |
%dir %{python_sitelib}/ipaplatform
|
|
|
92ad420 |
%{python_sitelib}/ipaplatform/*
|
|
|
ce15e9e |
%{python_sitelib}/ipapython-*.egg-info
|
|
|
00828c7 |
%{python_sitelib}/ipalib-*.egg-info
|
|
|
7ccb103 |
%{python_sitelib}/ipaplatform-*.egg-info
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%files common -f %{gettext_domain}.lang
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
00828c7 |
|
|
|
00828c7 |
|
|
|
00828c7 |
%if 0%{?with_python3}
|
|
|
00828c7 |
|
|
|
00828c7 |
%files -n python3-ipalib
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
00828c7 |
|
|
|
00828c7 |
%{python3_sitelib}/ipapython/
|
|
|
00828c7 |
%{python3_sitelib}/ipalib/
|
|
|
00828c7 |
%{python3_sitelib}/ipaplatform/
|
|
|
00828c7 |
%{python3_sitelib}/ipapython-*.egg-info
|
|
|
00828c7 |
%{python3_sitelib}/ipalib-*.egg-info
|
|
|
00828c7 |
%{python3_sitelib}/ipaplatform-*.egg-info
|
|
|
00828c7 |
|
|
|
00828c7 |
%endif # with_python3
|
|
|
00828c7 |
|
|
|
ce15e9e |
|
|
|
8a7e6ad |
%if ! %{ONLY_CLIENT}
|
|
|
00828c7 |
|
|
|
00828c7 |
%files -n python2-ipatests -f tests-python.list
|
|
|
8a7e6ad |
%defattr(-,root,root,-)
|
|
|
ece84f7 |
%doc README Contributors.txt
|
|
|
ece84f7 |
%license COPYING
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_cmdline
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_install
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_ipalib
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_ipapython
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_ipaserver
|
|
|
92ad420 |
%dir %{python_sitelib}/ipatests/test_ipaserver/test_install
|
|
|
92ad420 |
%dir %{python_sitelib}/ipatests/test_ipaserver/data
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_pkcs10
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_webui
|
|
|
8a7e6ad |
%dir %{python_sitelib}/ipatests/test_xmlrpc
|
|
|
8a7e6ad |
%{_bindir}/ipa-run-tests
|
|
|
8a7e6ad |
%{_bindir}/ipa-test-config
|
|
|
8a7e6ad |
%{_bindir}/ipa-test-task
|
|
|
00828c7 |
%{_bindir}/ipa-run-tests-2
|
|
|
00828c7 |
%{_bindir}/ipa-test-config-2
|
|
|
00828c7 |
%{_bindir}/ipa-test-task-2
|
|
|
00828c7 |
%{_bindir}/ipa-run-tests-%{python2_version}
|
|
|
00828c7 |
%{_bindir}/ipa-test-config-%{python2_version}
|
|
|
00828c7 |
%{_bindir}/ipa-test-task-%{python2_version}
|
|
|
8a7e6ad |
%{python_sitelib}/ipatests-*.egg-info
|
|
|
3ee1e7d |
%{_mandir}/man1/ipa-run-tests.1.gz
|
|
|
3ee1e7d |
%{_mandir}/man1/ipa-test-config.1.gz
|
|
|
3ee1e7d |
%{_mandir}/man1/ipa-test-task.1.gz
|
|
|
00828c7 |
|
|
|
00828c7 |
%if 0%{?with_python3}
|
|
|
00828c7 |
|
|
|
00828c7 |
%files -n python3-ipatests
|
|
|
00828c7 |
%defattr(-,root,root,-)
|
|
|
00828c7 |
%doc README Contributors.txt
|
|
|
00828c7 |
%license COPYING
|
|
|
00828c7 |
|
|
|
00828c7 |
%{python3_sitelib}/ipatests/
|
|
|
00828c7 |
%{_bindir}/ipa-run-tests-3
|
|
|
00828c7 |
%{_bindir}/ipa-test-config-3
|
|
|
00828c7 |
%{_bindir}/ipa-test-task-3
|
|
|
00828c7 |
%{_bindir}/ipa-run-tests-%{python3_version}
|
|
|
00828c7 |
%{_bindir}/ipa-test-config-%{python3_version}
|
|
|
00828c7 |
%{_bindir}/ipa-test-task-%{python3_version}
|
|
|
00828c7 |
%{python3_sitelib}/ipatests-*.egg-info
|
|
|
00828c7 |
|
|
|
00828c7 |
%endif # with_python3
|
|
|
00828c7 |
|
|
|
3ee1e7d |
%endif # ONLY_CLIENT
|
|
|
8a7e6ad |
|
|
|
e93bd13 |
%changelog
|
|
Pavel Vomacka |
1175a51 |
* Wed Dec 14 2016 Pavel Vomacka <pvomacka@redhat.com> - 4.3.2-3
|
|
Pavel Vomacka |
1175a51 |
- Fixes 1395311 - CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod
|
|
Pavel Vomacka |
1175a51 |
- Fixes 1370493 - CVE-2016-7030 ipa: DoS attack against kerberized services
|
|
Pavel Vomacka |
1175a51 |
by abusing password policy
|
|
Pavel Vomacka |
1175a51 |
|
|
|
55496aa |
* Fri Aug 19 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.2-2
|
|
|
55496aa |
- Fixes 1365669 - The ipa-server-upgrade command failed when named-pkcs11 does
|
|
|
55496aa |
not happen to run during dnf upgrade
|
|
|
55496aa |
- Fixes 1367883 - CVE-2016-5404 freeipa: ipa: Insufficient privileges check
|
|
|
55496aa |
in certificate revocation
|
|
|
55496aa |
- Fixes 1364338 - Freeipa cannot be build on fedora 25
|
|
|
55496aa |
|
|
|
f92f8b8 |
* Fri Jul 22 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.2-1
|
|
|
f92f8b8 |
- Update to upstream 4.3.2 - see http://www.freeipa.org/page/Releases/4.3.2
|
|
|
f92f8b8 |
|
|
|
f644c94 |
* Thu Mar 24 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.1-1
|
|
|
f644c94 |
- Update to upstream 4.3.1 - see http://www.freeipa.org/page/Releases/4.3.1
|
|
|
f644c94 |
|
|
|
21c82e0 |
* Thu Feb 04 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.0-3
|
|
|
21c82e0 |
- Fix build with Samba 4.4
|
|
|
21c82e0 |
- Update SELinux requires to fix connection check during installation
|
|
|
21c82e0 |
|
|
 |
101663a |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-2
|
|
|
101663a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
101663a |
|
|
|
00828c7 |
* Fri Dec 18 2015 Petr Vobornik <pvoborni@redhat.com> - 4.3.0-1
|
|
|
00828c7 |
- Update to upstream 4.3.0 - see http://www.freeipa.org/page/Releases/4.3.0
|
|
|
00828c7 |
|
|
|
a33b200 |
* Mon Dec 07 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.3-2
|
|
|
a33b200 |
- Workarounds for SELinux execmem violations in cryptography
|
|
|
a33b200 |
|
|
|
efcb307 |
* Mon Nov 02 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.3-1
|
|
|
efcb307 |
- Update to upstream 4.2.3 - see http://www.freeipa.org/page/Releases/4.2.3
|
|
|
efcb307 |
- fix #1274905
|
|
|
efcb307 |
|
|
|
08336be |
* Wed Oct 21 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.2-2
|
|
|
08336be |
- Depend on samba-common-tools for the trust-ad subpackage after
|
|
|
08336be |
samba package split
|
|
|
5e5a1f4 |
- Rebuild against krb5 1.14 to fix bug #1273957
|
|
|
08336be |
|
|
|
e26c3e5 |
* Thu Oct 8 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.2-1
|
|
|
e26c3e5 |
- Update to upstream 4.2.2 - see http://www.freeipa.org/page/Releases/4.2.2
|
|
|
e26c3e5 |
|
|
|
ece84f7 |
* Mon Sep 7 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.1-1
|
|
|
ece84f7 |
- Update to upstream 4.2.1 - see http://www.freeipa.org/page/Releases/4.2.1
|
|
|
ece84f7 |
|
|
|
a944f13 |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.1.4-5
|
|
|
a944f13 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
a944f13 |
|
|
|
54c544a |
* Tue May 12 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.4-4
|
|
|
54c544a |
- Fix typo in the patch to fix bug #1219834
|
|
|
54c544a |
|
|
|
3291aa4 |
* Mon May 11 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.4-3
|
|
|
3291aa4 |
- Fix FreeIPA trusts to AD feature with Samba 4.2 (#1219834)
|
|
|
3291aa4 |
|
|
|
5e8ed97 |
* Mon Mar 30 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.4-2
|
|
|
5e8ed97 |
- Replace mod_auth_kerb usage with mod_auth_gssapi
|
|
|
5e8ed97 |
|
|
|
32b772b |
* Thu Mar 26 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.4-1
|
|
|
32b772b |
- Update to upstream 4.1.4 - see http://www.freeipa.org/page/Releases/4.1.4
|
|
|
32b772b |
- fix CVE-2015-1827 (#1206047)
|
|
|
32b772b |
- Require slapi-nis 0.54.2 and newer for CVE-2015-0283 fixes
|
|
|
32b772b |
|
|
|
37a047a |
* Tue Mar 17 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.3-3
|
|
|
37a047a |
- Timeout ipa-client install if ntp server is unreachable #4842
|
|
|
37a047a |
- Skip time sync during client install when using --no-ntp #4842
|
|
|
37a047a |
|
|
|
b0ad0e0 |
* Wed Mar 04 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.3-2
|
|
|
b0ad0e0 |
- Add missing sssd python dependencies
|
|
|
b0ad0e0 |
- https://bugzilla.redhat.com/show_bug.cgi?id=1197218
|
|
|
b0ad0e0 |
|
|
|
fd86e26 |
* Wed Feb 18 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.3-1
|
|
|
fd86e26 |
- Update to upstream 4.1.3 - see http://www.freeipa.org/page/Releases/4.1.3
|
|
|
fd86e26 |
|
|
|
a69b40e |
* Mon Jan 19 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.2-2
|
|
|
c504f90 |
- Fix broken build after Samba ABI change and rename of libpdb to libsamba-passdb
|
|
|
c504f90 |
- Use python-dateutil15 until we validate python-dateutil 2.x
|
|
|
c504f90 |
|
|
|
81defae |
* Tue Nov 25 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.2-1
|
|
|
81defae |
- Update to upstream 4.1.2 - see http://www.freeipa.org/page/Releases/4.1.2
|
|
|
81defae |
- fix CVE-2014-7850
|
|
|
81defae |
|
|
Simo Sorce |
da888bc |
* Thu Nov 20 2014 Simo Sorce <simo@redhat.com> - 4.1.1-2
|
|
Simo Sorce |
da888bc |
- Patch blokers and feature freze exceptions
|
|
Simo Sorce |
da888bc |
- Resolves: bz1165674
|
|
Simo Sorce |
da888bc |
- Resolves: bz1165856 (CVE-2014-7850)
|
|
Simo Sorce |
da888bc |
- Fixes DNS install issue that prevents the server from working
|
|
Simo Sorce |
da888bc |
|
|
|
00870e3 |
* Thu Nov 06 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.1-1
|
|
|
00870e3 |
- Update to upstream 4.1.1 - see http://www.freeipa.org/page/Releases/4.1.1
|
|
|
00870e3 |
- fix CVE-2014-7828
|
|
|
00870e3 |
|
|
|
c8a68df |
* Wed Oct 22 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.0-2
|
|
|
c8a68df |
- fix armv7hl stack oversize build failure
|
|
|
c8a68df |
- fix https://fedorahosted.org/freeipa/ticket/4660
|
|
|
c8a68df |
|
|
|
7ccb103 |
* Tue Oct 21 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.0-1
|
|
|
7ccb103 |
- Update to upstream 4.1.0 - see http://www.freeipa.org/page/Releases/4.1.0
|
|
|
7ccb103 |
|
|
|
743ef01 |
* Fri Sep 12 2014 Petr Viktorin <pviktori@redhat.com> - 4.0.3-1
|
|
|
743ef01 |
- Update to upstream 4.0.3 - see http://www.freeipa.org/page/Releases/4.0.3
|
|
|
743ef01 |
|
|
|
694ce21 |
* Fri Sep 05 2014 Petr Viktorin <pviktori@redhat.com> - 4.0.2-1
|
|
|
694ce21 |
- Update to upstream 4.0.1 - see http://www.freeipa.org/page/Releases/4.0.2
|
|
|
694ce21 |
|
|
 |
cf4ceb3 |
* Tue Sep 02 2014 Pádraig Brady <pbrady@redhat.com> - 4.0.1-3
|
|
|
cf4ceb3 |
- rebuild for libunistring soname bump
|
|
|
cf4ceb3 |
|
|
 |
21b496f |
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.1-2
|
|
|
21b496f |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
21b496f |
|
|
|
f08947f |
* Fri Jul 25 2014 Martin Kosek <mkosek@redhat.com> 4.0.1-1
|
|
|
f08947f |
- Update to upstream 4.0.1
|
|
|
f08947f |
|
|
|
92ad420 |
* Mon Jul 07 2014 Petr Viktorin <pviktori@redhat.com> 4.0.0-1
|
|
|
92ad420 |
- Update to upstream 4.0.0
|
|
|
92ad420 |
- Remove the server-strict package
|
|
|
92ad420 |
|
|
|
da4983b |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.5-4
|
|
|
da4983b |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
da4983b |
|
|
|
a291203 |
* Wed May 21 2014 Petr Vobornik <pvoborni@redhat.com> 3.3.5-3
|
|
|
a291203 |
- Increase Java stack size for Web UI build on aarch64
|
|
|
a291203 |
|
|
|
a14925c |
* Wed Apr 16 2014 Peter Robinson <pbrobinson@fedoraproject.org> 3.3.5-2
|
|
|
a14925c |
- Add rhino as dependency to fix FTBFS
|
|
|
a14925c |
|
|
|
78bfe56 |
* Fri Mar 28 2014 Martin Kosek <mkosek@redhat.com> - 3.3.5-1
|
|
|
78bfe56 |
- Update to upstream 3.3.5
|
|
|
78bfe56 |
|
|
|
9ea7eb2 |
* Tue Feb 11 2014 Martin Kosek <mkosek@redhat.com> - 3.3.4-3
|
|
|
9ea7eb2 |
- Move ipa-otpd socket directory to /var/run/krb5kdc
|
|
|
9ea7eb2 |
- Require krb5-server 1.11.5-3 supporting the new directory
|
|
|
9ea7eb2 |
- ipa_lockout plugin did not work with users's without krbPwdPolicyReference
|
|
|
9ea7eb2 |
|
|
|
5b79ddb |
* Wed Jan 29 2014 Martin Kosek <mkosek@redhat.com> - 3.3.4-2
|
|
|
5b79ddb |
- Fix hardened build
|
|
|
5b79ddb |
|
|
|
9d21232 |
* Tue Jan 28 2014 Martin Kosek <mkosek@redhat.com> - 3.3.4-1
|
|
|
9d21232 |
- Update to upstream 3.3.4
|
|
|
9d21232 |
- Install CA anchor into standard location (#928478)
|
|
|
9d21232 |
- ipa-client-install part of ipa-server-install fails on reinstall (#1044994)
|
|
|
9d21232 |
- Remove mod_ssl workaround (RHEL bug #1029046)
|
|
|
9d21232 |
- Enable syncrepl plugin to support bind-dyndb-ldap 4.0
|
|
|
9d21232 |
|
|
|
3242eea |
* Fri Jan 3 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-5
|
|
|
3242eea |
- Build crashed with rhino exception on s390 architectures (#1040576)
|
|
|
3242eea |
|
|
|
2071255 |
* Thu Dec 12 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-4
|
|
|
2071255 |
- Build crashed with rhino exception on PPC architectures (#1040576)
|
|
|
2071255 |
|
|
|
e17b01f |
* Tue Dec 3 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-3
|
|
|
e17b01f |
- Fix -Werror=format-security errors (#1037070)
|
|
|
e17b01f |
|
|
|
e17b01f |
* Mon Nov 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-2
|
|
|
e17b01f |
- ipa-server-install crashed when freeipa-server-trust-ad subpackage was not
|
|
|
e17b01f |
installed
|
|
|
e17b01f |
|
|
|
e17b01f |
* Fri Nov 1 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-1
|
|
|
e17b01f |
- Update to upstream 3.3.3
|
|
|
e17b01f |
|
|
|
e17b01f |
* Fri Oct 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1
|
|
|
e17b01f |
- Update to upstream 3.3.2
|
|
|
e17b01f |
|
|
|
1aec1ac |
* Thu Aug 29 2013 Petr Viktorin <pviktori@redhat.com> - 3.3.1-1
|
|
|
1aec1ac |
- Bring back Fedora-only changes
|
|
|
1aec1ac |
|
|
|
3ee1e7d |
* Thu Aug 29 2013 Petr Viktorin <pviktori@redhat.com> - 3.3.1-0
|
|
|
3ee1e7d |
- Update to upstream 3.3.1
|
|
|
3ee1e7d |
|
|
|
2e52378 |
* Wed Aug 14 2013 Alexander Bokovoy <abokovoy@redhat.com> - 3.3.0-2
|
|
|
2e52378 |
- Remove freeipa-systemd-upgrade as non-systemd installs are not supported
|
|
|
2e52378 |
anymore by Fedora project
|
|
|
2e52378 |
|
|
|
8a7e6ad |
* Wed Aug 7 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-1
|
|
|
8a7e6ad |
- Update to upstream 3.3.0
|
|
|
8a7e6ad |
|
|
|
7fbdddd |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.2-2
|
|
|
7fbdddd |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
7fbdddd |
|
|
|
9f95811 |
* Wed Jul 17 2013 Martin Kosek <mkosek@redhat.com> - 3.2.2-1
|
|
|
9f95811 |
- Update to upstream 3.2.2
|
|
|
9f95811 |
- Drop freeipa-server-selinux subpackage
|
|
|
9f95811 |
- Drop redundant directory /var/cache/ipa/sessions
|
|
|
9f95811 |
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
|
|
|
9f95811 |
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
|
|
|
9f95811 |
issues when there are still old parts of software (like entitlements plugin)
|
|
|
9f95811 |
|
|
|
9f95811 |
* Fri Jun 7 2013 Martin Kosek <mkosek@redhat.com> - 3.2.1-1
|
|
|
9f95811 |
- Update to upstream 3.2.1
|
|
|
9f95811 |
|
|
|
12216fc |
* Tue May 14 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-2
|
|
|
12216fc |
- Add OTP patches
|
|
|
12216fc |
- Add patch to set KRB5CCNAME for 389-ds-base
|
|
|
12216fc |
|
|
|
5e12d2d |
* Fri May 10 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-1
|
|
|
5e12d2d |
- Update to upstream 3.2.0 GA
|
|
|
5e12d2d |
- ipa-client-install fails if /etc/ipa does not exist (#961483)
|
|
|
5e12d2d |
- Certificate status is not visible in Service and Host page (#956718)
|
|
|
5e12d2d |
- ipa-client-install removes needed options from ldap.conf (#953991)
|
|
|
5e12d2d |
- Handle socket.gethostbyaddr() exceptions when verifying hostnames (#953957)
|
|
|
5e12d2d |
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
|
|
|
5e12d2d |
- Require nss 3.14.3-12.0 to address certutil certificate import
|
|
|
5e12d2d |
errors (#953485)
|
|
|
5e12d2d |
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
|
|
|
5e12d2d |
environments. (#953464)
|
|
|
5e12d2d |
- ipa-client-install removes 'sss' from /etc/nsswitch.conf (#953453)
|
|
|
5e12d2d |
- ipa-server-install --uninstall doesn't stop dirsrv instances (#953432)
|
|
|
5e12d2d |
- Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON behavior for
|
|
|
5e12d2d |
socket based connections (#960222)
|
|
|
5e12d2d |
- Require libsss_nss_idmap-python
|
|
|
5e12d2d |
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember to
|
|
|
5e12d2d |
member is now done automatically and having it in the config file raises
|
|
|
5e12d2d |
an error.
|
|
|
5e12d2d |
- Add backup and restore tools, directory.
|
|
|
5e12d2d |
- require at least systemd 38 which provides the journal (we no longer
|
|
|
5e12d2d |
need to require syslog.target)
|
|
|
5e12d2d |
- Update Requires on policycoreutils to 2.1.14-37
|
|
|
5e12d2d |
- Update Requires on selinux-policy to 3.12.1-42
|
|
|
5e12d2d |
- Update Requires on 389-ds-base to 1.3.1.0
|
|
|
9f95811 |
- Remove a Requires for java-atk-wrapper
|
|
|
9f95811 |
|
|
|
9f95811 |
* Tue Apr 23 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.4.beta1
|
|
|
9f95811 |
- Remove release from krb5-server in strict sub-package to allow for rebuilds.
|
|
|
9f95811 |
|
|
|
9f95811 |
* Mon Apr 22 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.3.beta1
|
|
|
9f95811 |
- Add a Requires for java-atk-wrapper until we can determine which package
|
|
|
9f95811 |
should be pulling it in, dogtag or tomcat.
|
|
|
9f95811 |
|
|
|
9f95811 |
* Tue Apr 16 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.2.beta1
|
|
|
9f95811 |
- Update to upstream 3.2.0 Beta 1
|
|
|
5e12d2d |
|
|
|
45d13fb |
* Tue Apr 2 2013 Martin Kosek <mkosek@redhat.com> - 3.2.0-0.1.pre1
|
|
|
45d13fb |
- Update to upstream 3.2.0 Prerelease 1
|
|
|
45d13fb |
- Use upstream reference spec file as a base for Fedora spec file
|
|
|
45d13fb |
|
|
 |
c7811c4 |
* Sat Mar 30 2013 Kevin Fenzi <kevin@scrye.com> 3.1.2-4
|
|
|
c7811c4 |
- Rebuild for broken deps
|
|
|
c7811c4 |
- Fix 389-ds-base strict dep to be 1.3.0.5 and krb5-server 1.11.1
|
|
|
c7811c4 |
|
|
|
e432b01 |
* Sat Feb 23 2013 Kevin Fenzi <kevin@scrye.com> - 3.1.2-3
|
|
|
e432b01 |
- Rebuild for broken deps in rawhide
|
|
|
e432b01 |
- Fix 389-ds-base strict dep to be 1.3.0.3
|
|
|
e432b01 |
|
|
|
e3032bd |
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.2-2
|
|
|
e3032bd |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
e3032bd |
|
|
|
3d64806 |
* Wed Jan 23 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.2-1
|
|
|
3d64806 |
- Update to upstream 3.1.2
|
|
|
3d64806 |
- CVE-2012-4546: Incorrect CRLs publishing
|
|
|
3d64806 |
- CVE-2012-5484: MITM Attack during Join process
|
|
|
3d64806 |
- CVE-2013-0199: Cross-Realm Trust key leak
|
|
|
ab5b274 |
- Updated strict dependencies to 389-ds-base = 1.3.0.2 and
|
|
|
ab5b274 |
pki-ca = 10.0.1
|
|
|
3d64806 |
|
|
|
c6c1e1d |
* Thu Dec 20 2012 Martin Kosek <mkosek@redhat.com> - 3.1.0-2
|
|
|
c6c1e1d |
- Remove redundat Requires versions that are already in Fedora 17
|
|
|
c6c1e1d |
- Replace python-crypto Requires with m2crypto
|
|
|
c6c1e1d |
- Add missing Requires(post) for client and server-trust-ad subpackages
|
|
|
c6c1e1d |
- Restart httpd service when server-trust-ad subpackage is installed
|
|
|
c6c1e1d |
- Bump selinux-policy Requires to pick up PKI/LDAP port labeling fixes
|
|
|
c6c1e1d |
|
|
|
5e038ec |
* Mon Dec 10 2012 Rob Crittenden <rcritten@redhat.com> - 3.1.0-1
|
|
|
5e038ec |
- Updated to upstream 3.1.0 GA
|
|
|
5e038ec |
- Set minimum for sssd to 1.9.2
|
|
|
5e038ec |
- Set minimum for pki-ca to 10.0.0-1
|
|
|
5e038ec |
- Set minimum for 389-ds-base to 1.3.0
|
|
|
5e038ec |
- Set minimum for selinux-policy to 3.11.1-60
|
|
|
5e038ec |
- Remove unneeded dogtag package requires
|
|
|
5e038ec |
|
|
|
45d13fb |
* Tue Oct 23 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-3
|
|
|
0348a32 |
- Update Requires on krb5-server to 1.11
|
|
|
0348a32 |
|
|
|
e93bd13 |
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-2
|
|
|
e93bd13 |
- Configure CA replication to use TLS instead of SSL
|
|
|
e93bd13 |
|
|
|
4de47b3 |
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-1
|
|
|
4de47b3 |
- Updated to upstream 3.0.0 GA
|
|
|
4de47b3 |
- Set minimum for samba to 4.0.0-153.
|
|
|
4de47b3 |
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
|
|
|
4de47b3 |
plugin to /dev/null since they cannot be used when trusts are configured
|
|
|
4de47b3 |
- Restrict krb5-server to 1.10.
|
|
|
4de47b3 |
- Update BR for 389-ds-base to 1.3.0
|
|
|
4de47b3 |
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
|
|
|
4de47b3 |
- Add Requires on zip for generating FF browser extension
|
|
|
4de47b3 |
|
|
|
8a8da0b |
* Fri Oct 5 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.10
|
|
|
8a8da0b |
- Updated to upstream 3.0.0 rc 2
|
|
|
8a8da0b |
- Include new FF configuration extension
|
|
|
8a8da0b |
- Set minimum Requires of selinux-policy to 3.11.1-33
|
|
|
8a8da0b |
- Set minimum Requires dogtag to 10.0.0-0.43.b1
|
|
|
8a8da0b |
- Add new optional strict sub-package to allow users to limit other
|
|
|
8a8da0b |
package upgrades.
|
|
|
8a8da0b |
|
|
|
53622bb |
* Tue Oct 2 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-0.9
|
|
|
53622bb |
- Require samba packages instead of obsoleted samba4 packages
|
|
|
53622bb |
|
|
|
23bbd3f |
* Fri Sep 21 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.8
|
|
|
23bbd3f |
- Updated to upstream 3.0.0 rc 1
|
|
|
23bbd3f |
- Update BR for 389-ds-base to 1.2.11.14
|
|
|
23bbd3f |
- Update BR for krb5 to 1.10
|
|
|
23bbd3f |
- Update BR for samba4-devel to 4.0.0-139 (rc1)
|
|
|
23bbd3f |
- Add BR for python-polib
|
|
|
23bbd3f |
- Update BR and Requires on sssd to 1.9.0
|
|
|
23bbd3f |
- Update Requires on policycoreutils to 2.1.12-5
|
|
|
23bbd3f |
- Update Requires on 389-ds-base to 1.2.11.14
|
|
|
23bbd3f |
- Update Requires on selinux-policy to 3.11.1-21
|
|
|
23bbd3f |
- Update Requires on dogtag to 10.0.0-0.33.a1
|
|
|
23bbd3f |
- Update Requires on certmonger to 0.60
|
|
|
23bbd3f |
- Update Requires on tomcat to 7.0.29
|
|
|
23bbd3f |
- Update minimum version of bind to 9.9.1-10.P3
|
|
|
23bbd3f |
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.16.rc1
|
|
|
23bbd3f |
- Remove Requires on authconfig from python sub-package
|
|
|
23bbd3f |
|
|
|
2d22c71 |
* Wed Sep 5 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.7
|
|
|
2d22c71 |
- Rebuild against samba4 beta8
|
|
|
2d22c71 |
|
|
|
7caae3a |
* Fri Aug 31 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.6
|
|
|
7caae3a |
- Rebuild against samba4 beta7
|
|
|
7caae3a |
|
|
|
5c0f47e |
* Wed Aug 22 2012 Alexander Bokovoy <abokovoy@redhat.com> - 3.0.0-0.5
|
|
|
5c0f47e |
- Adopt to samba4 beta6 (libsecurity -> libsamba-security)
|
|
|
5c0f47e |
- Add dependency to samba4-winbind
|
|
|
5c0f47e |
|
|
|
3c1392b |
* Fri Aug 17 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.4
|
|
|
3c1392b |
- Updated to upstream 3.0.0 beta 2
|
|
|
3c1392b |
|
|
|
23157c3 |
* Mon Aug 6 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-0.3
|
|
|
23157c3 |
- Updated to current upstream state of 3.0.0 beta 2 development
|
|
|
23157c3 |
|
|
|
10af3cc |
* Mon Jul 23 2012 Alexander Bokovoy <abokovy@redhat.com> - 3.0.0-0.2
|
|
|
10af3cc |
- Rebuild against samba4 beta4
|
|
|
10af3cc |
|
|
|
a0ca5be |
* Mon Jul 2 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.1
|
|
|
a0ca5be |
- Updated to upstream 3.0.0 beta 1
|
|
|
a0ca5be |
|
|
|
b191f14 |
* Thu May 3 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-1
|
|
|
b191f14 |
- Updated to upstream 2.2.0 GA
|
|
|
b191f14 |
- Update minimum n-v-r of certmonger to 0.53
|
|
|
b191f14 |
- Update minimum n-v-r of slapi-nis to 0.40
|
|
|
b191f14 |
- Add Requires in client to oddjob-mkhomedir and python-krbV
|
|
|
b191f14 |
- Update minimum selinux-policy to 3.10.0-110
|
|
|
b191f14 |
|
|
|
18a9ea0 |
* Mon Mar 19 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.2
|
|
|
18a9ea0 |
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
|
|
|
18a9ea0 |
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
|
|
|
18a9ea0 |
- Add Conflicts on mod_ssl
|
|
|
18a9ea0 |
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
|
|
|
18a9ea0 |
- Update minimum n-v-r of sssd to 1.8.0
|
|
|
18a9ea0 |
- Update minimum n-v-r of slapi-nis to 0.38
|
|
|
18a9ea0 |
- Update minimum n-v-r of pki-* to 9.0.18
|
|
|
18a9ea0 |
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
|
|
|
18a9ea0 |
- Update conflicts on bind to < 9.9.0-1
|
|
|
18a9ea0 |
- Drop requires on krb5-server-ldap
|
|
|
18a9ea0 |
- Add patch to remove escaping arguments to pkisilent
|
|
|
18a9ea0 |
|
|
|
c3929a4 |
* Mon Feb 06 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.1
|
|
|
c3929a4 |
- Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
|
|
|
c3929a4 |
|
|
|
fd3bdca |
* Wed Feb 01 2012 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-5
|
|
|
fd3bdca |
- Force to use 389-ds 1.2.10-0.8.a7 or above
|
|
|
fd3bdca |
- Improve upgrade script to handle systemd 389-ds change
|
|
|
fd3bdca |
- Fix freeipa to work with python-ldap 2.4.6
|
|
|
fd3bdca |
|
|
|
3d6f0d2 |
* Wed Jan 11 2012 Martin Kosek <mkosek@redhat.com> - 2.1.4-4
|
|
|
3d6f0d2 |
- Fix ipa-replica-install crashes
|
|
|
3d6f0d2 |
- Fix ipa-server-install and ipa-dns-install logging
|
|
|
3d6f0d2 |
- Set minimum version of pki-ca to 9.0.17 to fix sslget problem
|
|
|
3d6f0d2 |
caused by FEDORA-2011-17400 update (#771357)
|
|
|
3d6f0d2 |
|
|
|
0c5ab64 |
* Wed Dec 21 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-3
|
|
|
0c5ab64 |
- Allow Web-based migration to work with tightened SE Linux policy (#769440)
|
|
|
0c5ab64 |
- Rebuild slapi plugins against re-enterant version of libldap
|
|
|
0c5ab64 |
|
|
|
e32f1a7 |
* Sun Dec 11 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-2
|
|
|
e32f1a7 |
- Allow longer dirsrv startup with systemd:
|
|
|
e32f1a7 |
- IPAdmin class will wait until dirsrv instance is available up to 10 seconds
|
|
|
e32f1a7 |
- Helps with restarts during upgrade for ipa-ldap-updater
|
|
|
e32f1a7 |
- Fix pylint warnings from F16 and Rawhide
|
|
|
e32f1a7 |
|
|
|
9cc2d9f |
* Tue Dec 6 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.4-1
|
|
|
9cc2d9f |
- Update to upstream 2.1.4 (CVE-2011-3636)
|
|
|
9cc2d9f |
|
|
|
4456040 |
* Mon Dec 5 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-8
|
|
|
4456040 |
- Update SELinux policy to allow ipa_kpasswd to connect ldap and
|
|
|
4456040 |
read /dev/urandom. (#759679)
|
|
|
4456040 |
|
|
|
ce4a139 |
* Wed Nov 30 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-7
|
|
|
ce4a139 |
- Fix wrong path in packaging freeipa-systemd-upgrade
|
|
|
ce4a139 |
|
|
|
e95356d |
* Wed Nov 30 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-6
|
|
|
e95356d |
- Introduce upgrade script to recover existing configuration after systemd migration
|
|
|
e95356d |
as user has no means to recover FreeIPA from systemd migration
|
|
|
e95356d |
- Upgrade script:
|
|
|
e95356d |
- recovers symlinks in Dogtag instance install
|
|
|
e95356d |
- recovers systemd configuration for FreeIPA's directory server instances
|
|
|
e95356d |
- recovers freeipa.service
|
|
|
e95356d |
- migrates directory server and KDC configs to use proper keytabs for systemd services
|
|
|
e95356d |
|
|
|
3bfb4b3 |
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-5
|
|
|
3bfb4b3 |
- Rebuilt for glibc bug#747377
|
|
|
3bfb4b3 |
|
|
|
70948cc |
* Wed Oct 19 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-4
|
|
|
a291203 |
- clean up spec
|
|
|
70948cc |
- Depend on sssd >= 1.6.2 for better user experience
|
|
|
70948cc |
|
|
|
70948cc |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-3
|
|
|
70948cc |
- Fix Fedora package changelog after merging systemd changes
|
|
|
70948cc |
|
|
|
70948cc |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-2
|
|
|
70948cc |
- Fix postin scriplet for F-15/F-16
|
|
|
70948cc |
|
|
|
70948cc |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-1
|
|
|
70948cc |
- 2.1.3
|
|
|
70948cc |
|
|
|
70948cc |
* Mon Oct 17 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.2-1
|
|
|
70948cc |
- Default to systemd for Fedora 16 and onwards
|
|
|
70948cc |
|
|
|
45d13fb |
* Tue Aug 16 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.0-1
|
|
|
92a3878 |
- Update to upstream 2.1.0
|
|
|
92a3878 |
|
|
 |
e3b0a56 |
* Fri May 6 2011 Simo Sorce <ssorce@redhat.com> - 2.0.1-2
|
|
|
e3b0a56 |
- Fix bug #702633
|
|
|
e3b0a56 |
|
|
|
eed5243 |
* Mon May 2 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.1-1
|
|
|
eed5243 |
- Update minimum selinux-policy to 3.9.16-18
|
|
|
eed5243 |
- Update minimum pki-ca and pki-selinux to 9.0.7
|
|
|
eed5243 |
- Update minimum 389-ds-base to 1.2.8.0-1
|
|
|
eed5243 |
- Update to upstream 2.0.1
|
|
|
eed5243 |
|
|
|
f218625 |
* Thu Mar 24 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-1
|
|
|
f218625 |
- Update to upstream GA release
|
|
|
f218625 |
- Automatically apply updates when the package is upgraded
|
|
|
f218625 |
|
|
|
c6cab8a |
* Fri Feb 25 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.4.rc2
|
|
|
c6cab8a |
- Update to upstream freeipa-2.0.0.rc2
|
|
|
c6cab8a |
- Set minimum version of python-nss to 0.11 to make sure IPv6 support is in
|
|
|
c6cab8a |
- Set minimum version of sssd to 1.5.1
|
|
|
c6cab8a |
- Patch to include SuiteSpotGroup when setting up 389-ds instances
|
|
|
c6cab8a |
- Move a lot of BuildRequires so this will build with ONLY_CLIENT enabled
|
|
|
c6cab8a |
|
|
|
1127f36 |
* Tue Feb 15 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.3.rc1
|
|
|
1127f36 |
- Set the N-V-R so rc1 is an update to beta2.
|
|
|
1127f36 |
|
|
|
68ba56c |
* Mon Feb 14 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.rc1
|
|
|
68ba56c |
- Set minimum version of sssd to 1.5.1
|
|
|
68ba56c |
- Update to upstream freeipa-2.0.0.rc1
|
|
|
68ba56c |
- Move server-only binaries from admintools subpackage to server
|
|
|
68ba56c |
|
|
|
34c9a74 |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.0-0.2.beta2
|
|
|
34c9a74 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
34c9a74 |
|
|
|
2bb258d |
* Thu Feb 3 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.beta2
|
|
|
2bb258d |
- Set min version of 389-ds-base to 1.2.8
|
|
|
2bb258d |
- Set min version of mod_nss 1.0.8-10
|
|
|
2bb258d |
- Set min version of selinux-policy to 3.9.7-27
|
|
|
2bb258d |
- Add dogtag themes to Requires
|
|
|
2bb258d |
- Update to upstream freeipa-2.0.0.pre2
|
|
|
2bb258d |
|
|
|
ce15e9e |
* Thu Jan 27 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.2.beta.git80e87e7
|
|
|
ce15e9e |
- Remove unnecessary moving of v1 CA serial number file in post script
|
|
|
ce15e9e |
- Add Obsoletes for server-selinxu subpackage
|
|
|
ce15e9e |
- Using git snapshot 442d6ad30ce1156914e6245aa7502499e50ec0da
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Jan 26 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.beta.git80e87e7
|
|
|
ce15e9e |
- Prepare spec file for release
|
|
|
ce15e9e |
- Using git snapshot 80e87e75bd6ab56e3e20c49ece55bd4d52f1a503
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Jan 25 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-41
|
|
|
ce15e9e |
- Re-arrange doc and defattr to clean up rpmlint warnings
|
|
|
ce15e9e |
- Remove conditionals on older releases
|
|
|
ce15e9e |
- Move some man pages into admintools subpackage
|
|
|
ce15e9e |
- Remove some explicit Requires in client that aren't needed
|
|
|
ce15e9e |
- Consistent use of buildroot vs RPM_BUILD_ROOT
|
|
|
ce15e9e |
|
|
|
45d13fb |
* Wed Jan 19 2011 Adam Young <ayoung@redhat.com> - 1.99-40
|
|
|
ce15e9e |
- Moved directory install/static to install/ui
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 13 2011 Simo Sorce <ssorce@redhat.com> - 1.99-39
|
|
|
ce15e9e |
- Remove dependency on nss_ldap/nss-pam-ldapd
|
|
|
ce15e9e |
- The official client is sssd and that's what we use by default.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 13 2011 Simo Sorce <ssorce@redhat.com> - 1.99-38
|
|
|
ce15e9e |
- Remove radius subpackages
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 13 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-37
|
|
|
ce15e9e |
- Set minimum pki-ca and pki-silent versions to 9.0.0
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-36
|
|
|
ce15e9e |
- Drop BuildRequires on mozldap-devel
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Dec 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-35
|
|
|
ce15e9e |
- Add Requires on krb5-pkinit-openssl
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Dec 10 2010 Jr Aquino <jr.aquino@citrix.com> - 1.99-34
|
|
|
ce15e9e |
- Add ipa-host-net-manage script
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Dec 7 2010 Simo Sorce <ssorce@redhat.com> - 1.99-33
|
|
|
ce15e9e |
- Add ipa init script
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Nov 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-32
|
|
|
ce15e9e |
- Set minimum level of 389-ds-base to 1.2.7 for enhanced memberof plugin
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Nov 3 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-31
|
|
|
ce15e9e |
- remove ipa-fix-CVE-2008-3274
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Oct 6 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-30
|
|
|
ce15e9e |
- Remove duplicate %%files entries on share/ipa/static
|
|
|
ce15e9e |
- Add python default encoding shared library
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Sep 20 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-29
|
|
|
ce15e9e |
- Drop requires on python-configobj (not used any more)
|
|
|
ce15e9e |
- Drop ipa-ldap-updater message, upgrades are done differently now
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Sep 8 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-28
|
|
|
ce15e9e |
- Drop conflicts on mod_nss
|
|
|
ce15e9e |
- Require nss-pam-ldapd on F-14 or higher instead of nss_ldap (#606847)
|
|
|
ce15e9e |
- Drop a slew of conditionals on older Fedora releases (< 12)
|
|
|
ce15e9e |
- Add a few conditionals against RHEL 6
|
|
|
ce15e9e |
- Add Requires of nss-tools on ipa-client
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Aug 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-27
|
|
|
ce15e9e |
- Set minimum version of certmonger to 0.26 (to pck up #621670)
|
|
|
ce15e9e |
- Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm)
|
|
|
ce15e9e |
- Set minimum version of pki-ca to 1.3.6
|
|
|
ce15e9e |
- Set minimum version of sssd to 1.2.1
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Aug 10 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-26
|
|
|
ce15e9e |
- Add BuildRequires for authconfig
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Jul 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-25
|
|
|
ce15e9e |
- Bump up minimum version of python-nss to pick up nss_is_initialize() API
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jun 24 2010 Adam Young <ayoung@redhat.com> - 1.99-24
|
|
|
ce15e9e |
- Removed python-asset based webui
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jun 24 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-23
|
|
|
ce15e9e |
- Change Requires from fedora-ds-base to 389-ds-base
|
|
|
ce15e9e |
- Set minimum level of 389-ds-base to 1.2.6 for the replication
|
|
|
ce15e9e |
version plugin.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Jun 1 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-22
|
|
|
ce15e9e |
- Drop Requires of python-krbV on ipa-client
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon May 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-21
|
|
|
ce15e9e |
- Load ipa_dogtag.pp in post install
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Apr 26 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-20
|
|
|
ce15e9e |
- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Mar 4 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-19
|
|
|
ce15e9e |
- No need to create /var/log/ipa_error.log since we aren't using
|
|
|
ce15e9e |
TurboGears any more.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Mar 1 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-18
|
|
|
ce15e9e |
- Fixed share/ipa/wsgi.py so .pyc, .pyo files are included
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Feb 24 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-17
|
|
|
ce15e9e |
- Added Require mod_wsgi, added share/ipa/wsgi.py
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Feb 11 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-16
|
|
|
ce15e9e |
- Require python-wehjit >= 0.2.2
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Feb 3 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-15
|
|
|
ce15e9e |
- Add sssd and certmonger as a Requires on ipa-client
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Jan 27 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-14
|
|
|
ce15e9e |
- Require python-wehjit >= 0.2.0
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Dec 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-13
|
|
|
ce15e9e |
- Add ipa-rmkeytab tool
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Dec 1 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-12
|
|
|
ce15e9e |
- Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1
|
|
|
ce15e9e |
Any type
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Nov 25 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-11
|
|
|
ce15e9e |
- Remove v1-style /etc/ipa/ipa.conf, replacing with /etc/ipa/default.conf
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Nov 13 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-10
|
|
|
ce15e9e |
- Add bash completion script and own /etc/bash_completion.d in case it
|
|
|
ce15e9e |
doesn't already exist
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Nov 3 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-9
|
|
|
ce15e9e |
- Remove ipa_webgui, its functions rolled into ipa_httpd
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Oct 12 2009 Jason Gerard DeRose <jderose@redhat.com> - 1.99-8
|
|
|
ce15e9e |
- Removed python-cherrypy from BuildRequires and Requires
|
|
|
ce15e9e |
- Added Requires python-assets, python-wehjit
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Aug 24 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-7
|
|
|
ce15e9e |
- Added httpd SELinux policy so CRLs can be read
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu May 21 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-6
|
|
|
ce15e9e |
- Move ipalib to ipa-python subpackage
|
|
|
ce15e9e |
- Bump minimum version of slapi-nis to 0.15
|
|
|
ce15e9e |
|
|
|
45d13fb |
* Wed May 6 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-5
|
|
|
ce15e9e |
- Set 0.14 as minimum version for slapi-nis
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Apr 22 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-4
|
|
|
ce15e9e |
- Add Requires: python-nss to ipa-python sub-package
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Mar 5 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-3
|
|
|
ce15e9e |
- Remove the IPA DNA plugin, use the DS one
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Mar 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-2
|
|
|
ce15e9e |
- Build radius separately
|
|
|
ce15e9e |
- Fix a few minor issues
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Feb 3 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-1
|
|
|
ce15e9e |
- Replace TurboGears requirement with python-cherrypy
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.1-3
|
|
|
ce15e9e |
- rebuild with new openssl
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Dec 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.2.1-2
|
|
|
ce15e9e |
- Fix SELinux code
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Dec 15 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-1
|
|
|
ce15e9e |
- Fix breakage caused by python-kerberos update to 1.1
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Dec 5 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-0
|
|
|
ce15e9e |
- New upstream release 1.2.1
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.0-4
|
|
|
ce15e9e |
- Rebuild for Python 2.6
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Nov 14 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-3
|
|
|
ce15e9e |
- Respin after the tarball has been re-released upstream
|
|
|
ce15e9e |
New hash is 506c9c92dcaf9f227cba5030e999f177
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Nov 13 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-2
|
|
|
ce15e9e |
- Conditionally restart also dirsrv and httpd when upgrading
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Oct 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.2.0-1
|
|
|
ce15e9e |
- Update to upstream version 1.2.0
|
|
|
ce15e9e |
- Set fedora-ds-base minimum version to 1.1.3 for winsync header
|
|
|
ce15e9e |
- Set the minimum version for SELinux policy
|
|
|
ce15e9e |
- Remove references to Fedora 7
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Jul 23 2008 Simo Sorce <ssorce@redhat.com> - 1.1.0-3
|
|
|
ce15e9e |
- Fix for CVE-2008-3274
|
|
|
ce15e9e |
- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface
|
|
|
ce15e9e |
- Add fix for bug #453185
|
|
|
ce15e9e |
- Rebuild against openldap libraries, mozldap ones do not work properly
|
|
|
ce15e9e |
- TurboGears is currently broken in rawhide. Added patch to not build
|
|
|
ce15e9e |
the UI locales and removed them from the ipa-server files section.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-2
|
|
|
ce15e9e |
- Add call to /usr/sbin/upgradeconfig to post install
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Jun 11 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-1
|
|
|
ce15e9e |
- Update to upstream version 1.1.0
|
|
|
ce15e9e |
- Patch for indexing memberof attribute
|
|
|
ce15e9e |
- Patch for indexing uidnumber and gidnumber
|
|
|
ce15e9e |
- Patch to change DNA default values for replicas
|
|
|
ce15e9e |
- Patch to fix uninitialized variable in ipa-getkeytab
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri May 16 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-5
|
|
|
ce15e9e |
- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum
|
|
|
ce15e9e |
version to 1.0.7-4 so we pick up the NSS fixes.
|
|
|
ce15e9e |
- Add selinux-policy-base(post) to Requires (446496)
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Apr 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-4
|
|
|
ce15e9e |
- Add missing entry for /var/cache/ipa/kpasswd (444624)
|
|
|
ce15e9e |
- Added patch to fix permissions problems with the Apache NSS database.
|
|
|
ce15e9e |
- Added patch to fix problem with DNS querying where the query could be
|
|
|
ce15e9e |
returned as the answer.
|
|
|
ce15e9e |
- Fix spec error where patch1 was in the wrong section
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3
|
|
|
ce15e9e |
- Added patch to fix problem reported by ldapmodify
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
|
|
|
ce15e9e |
- Fix Requires for krb5-server that was missing for Fedora versions > 9
|
|
|
ce15e9e |
- Remove quotes around test for fedora version to package egg-info
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Apr 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
|
|
|
ce15e9e |
- Update to upstream version 1.0.0
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Mar 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-12
|
|
|
ce15e9e |
- Pull upstream changelog 722
|
|
|
ce15e9e |
- Add Conflicts mod_ssl (435360)
|
|
|
ce15e9e |
|
|
|
45d13fb |
* Fri Feb 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-11
|
|
|
ce15e9e |
- Pull upstream changelog 698
|
|
|
ce15e9e |
- Fix ownership of /var/log/ipa_error.log during install (435119)
|
|
|
ce15e9e |
- Add pwpolicy command and man page
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-10
|
|
|
ce15e9e |
- Pull upstream changelog 678
|
|
|
ce15e9e |
- Add new subpackage, ipa-server-selinux
|
|
|
ce15e9e |
- Add Requires: authconfig to ipa-python (bz #433747)
|
|
|
ce15e9e |
- Package i18n files
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Feb 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-9
|
|
|
ce15e9e |
- Pull upstream changelog 641
|
|
|
ce15e9e |
- Require minimum version of krb5-server on F-7 and F-8
|
|
|
ce15e9e |
- Package some new files
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> 0.99-8
|
|
|
ce15e9e |
- Marked with wrong license. IPA is GPLv2.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-7
|
|
|
ce15e9e |
- Ensure that /etc/ipa exists before moving user-modifiable html files there
|
|
|
ce15e9e |
- Put html files into /etc/ipa/html instead of /etc/ipa
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-6
|
|
|
ce15e9e |
- Pull upstream changelog 608 which renamed several files
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-5
|
|
|
ce15e9e |
- package the sessions dir /var/cache/ipa/sessions
|
|
|
ce15e9e |
- Pull upstream changelog 597
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-4
|
|
|
ce15e9e |
- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
|
|
|
ce15e9e |
UI to not start.
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-3
|
|
|
ce15e9e |
- Included LICENSE and README in all packages for documentation
|
|
|
ce15e9e |
- Move user-modifiable content to /etc/ipa and linked back to
|
|
|
ce15e9e |
/usr/share/ipa/html
|
|
|
ce15e9e |
- Changed some references to /usr to the {_usr} macro and /etc
|
|
|
ce15e9e |
to {_sysconfdir}
|
|
|
ce15e9e |
- Added popt-devel to BuildRequires for Fedora 8 and higher and
|
|
|
ce15e9e |
popt for Fedora 7
|
|
|
ce15e9e |
- Package the egg-info for Fedora 9 and higher for ipa-python
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> 0.99-2
|
|
|
ce15e9e |
- Added auto* BuildRequires
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Mon Jan 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-1
|
|
|
ce15e9e |
- Unified spec file
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
|
|
|
ce15e9e |
- Fixed License in specfile
|
|
|
ce15e9e |
- Include files from /usr/lib/python*/site-packages/ipaserver
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
|
|
|
ce15e9e |
- Version bump for release
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1
|
|
|
ce15e9e |
- Preverse mode on ipa-keytab-util
|
|
|
ce15e9e |
- Version bump for relase and rpm name change
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2
|
|
|
ce15e9e |
- Broke invididual Requires and BuildRequires onto separate lines and
|
|
|
ce15e9e |
reordered them
|
|
|
ce15e9e |
- Added python-tgexpandingformwidget as a dependency
|
|
|
ce15e9e |
- Require at least fedora-ds-base 1.1
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
|
|
|
ce15e9e |
- Version bump for release
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6
|
|
|
ce15e9e |
- Add dep for freeipa-admintools and acl
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5
|
|
|
ce15e9e |
- Add dependency for python-krbV
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4
|
|
|
ce15e9e |
- Require mod_nss-1.0.7-2 for mod_proxy fixes
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3
|
|
|
ce15e9e |
- Convert to autotools-based build
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
|
|
|
ce15e9e |
- Added support for libipa-dna-plugin
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1
|
|
|
ce15e9e |
- Added support for ipa_kpasswd and ipa_pwd_extop
|
|
|
ce15e9e |
|
|
|
45d13fb |
* Sun Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
|
|
|
ce15e9e |
- Abstracted client class to work directly or over RPC
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2
|
|
|
ce15e9e |
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
|
|
|
ce15e9e |
- Remove references to admin server in ipa-server-setupssl
|
|
|
ce15e9e |
- Generate a client certificate for the XML-RPC server to connect to LDAP with
|
|
|
ce15e9e |
- Create a keytab for Apache
|
|
|
ce15e9e |
- Create an ldif with a test user
|
|
|
ce15e9e |
- Provide a certmap.conf for doing SSL client authentication
|
|
|
ce15e9e |
|
|
|
ce15e9e |
* Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1
|
|
|
ce15e9e |
- Initial rpm version
|