[freeipa] Updated to upstream 3.1.0 GA
rcritten
rcritten at fedoraproject.org
Mon Dec 10 20:53:17 UTC 2012
commit 5e038ec7501800c124e6292ac738e8478e0eb31d
Author: Rob Crittenden <rcritten at redhat.com>
Date: Mon Dec 10 15:52:46 2012 -0500
Updated to upstream 3.1.0 GA
- Set minimum for sssd to 1.9.2
- Set minimum for pki-ca to 10.0.0-1
- Set minimum for 389-ds-base to 1.3.0
- Set minimum for selinux-policy to 3.11.1-60
- Remove unneeded dogtag package requires
.gitignore | 1 +
freeipa.spec | 68 +++++++++++++++++++++++++++++++++++++--------------------
sources | 2 +-
3 files changed, 46 insertions(+), 25 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 95af362..faf6de8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@
/freeipa-3.0.0.rc1.tar.gz
/freeipa-3.0.0.rc2.tar.gz
/freeipa-3.0.0.tar.gz
+/freeipa-3.1.0.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index d1fe1ec..67bfb8a 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -11,11 +11,11 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif
%global POLICYCOREUTILSVER 2.1.12-5
%global gettext_domain ipa
-%global VERSION 3.0.0
+%global VERSION 3.1.0
Name: freeipa
-Version: 3.0.0
-Release: 3%{?dist}
+Version: 3.1.0
+Release: 1%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -24,10 +24,8 @@ URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Patch1: 0001-Use-TLS-for-CA-replication.patch
-
%if ! %{ONLY_CLIENT}
-BuildRequires: 389-ds-base-devel >= 1.2.11.14
+BuildRequires: 389-ds-base-devel >= 1.3.0
BuildRequires: svrcore-devel
BuildRequires: /usr/share/selinux/devel/Makefile
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
@@ -66,11 +64,11 @@ BuildRequires: pylint
BuildRequires: python-polib
BuildRequires: libipa_hbac-python
BuildRequires: python-memcached
-BuildRequires: sssd >= 1.9.0
+BuildRequires: sssd >= 1.9.2
BuildRequires: python-lxml
BuildRequires: python-pyasn1 >= 0.0.9a
BuildRequires: python-dns
-BuildRequires: python-crypto
+BuildRequires: m2crypto
BuildRequires: check >= 0.9.5
BuildRequires: libsss_idmap-devel
@@ -88,7 +86,7 @@ Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires: %{name}-server-selinux = %{version}-%{release}
-Requires(pre): 389-ds-base >= 1.3.0
+Requires: 389-ds-base >= 1.3.0
Requires: openldap-clients
Requires: nss
Requires: nss-tools
@@ -110,17 +108,11 @@ Requires: python-memcached
Requires: systemd-units >= 36-3
Requires(pre): systemd-units
Requires(post): systemd-units
-Requires: selinux-policy >= 3.11.1-33
+Requires: selinux-policy >= 3.11.1-60
Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.40
-Requires: pki-ca >= pki-ca-10.0.0-0.43.b1
-Requires: pki-silent >= 10.0.0-0.43.b1
-Requires: pki-setup >= 10.0.0-0.43.b1
-# Temporary until dogtag adds their own requires: 09/21/12
-Requires: pki-symkey >= 10.0.0-0.43.a1
-Requires: tomcat >= 7.0.29
-Requires: dogtag-pki-common-theme
-Requires: dogtag-pki-ca-theme
+Requires: slapi-nis >= 0.44
+Requires: pki-ca >= 10.0.0-1
+Requires: dogtag-pki-server-theme
%if 0%{?rhel}
Requires: subscription-manager
%endif
@@ -129,11 +121,13 @@ Requires(postun): python systemd-units
Requires: python-dns
Requires: keyutils
Requires: zip
+Requires: policycoreutils >= %{POLICYCOREUTILSVER}
+Requires: tar
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
# that work for us.
-Conflicts: bind-dyndb-ldap < 1.1.0-0.16.rc1
+Conflicts: bind-dyndb-ldap < 2.3-2
Conflicts: bind < 9.9.1-10.P3
# mod_proxy provides a single API to communicate over SSL. If mod_ssl
@@ -223,7 +217,7 @@ Requires: pam_krb5
Requires: wget
Requires: libcurl
Requires: xmlrpc-c
-Requires: sssd >= 1.9.0
+Requires: sssd >= 1.9.2
Requires: certmonger >= 0.60
Requires: nss-tools
Requires: bind-utils
@@ -312,7 +306,7 @@ done
%build
export CFLAGS="$CFLAGS %{optflags}"
export CPPFLAGS="$CPPFLAGS %{optflags}"
-export SUPPORTED_PLATFORM=fedora16
+export SUPPORTED_PLATFORM=fedora18
# Force re-generate of platform support
rm -f ipapython/services.py
make version-update
@@ -334,7 +328,7 @@ make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client
%install
rm -rf %{buildroot}
%if ! %{ONLY_CLIENT}
-export SUPPORTED_PLATFORM=fedora16
+export SUPPORTED_PLATFORM=fedora18
# Force re-generate of platform support
rm -f ipapython/services.py
make install DESTDIR=%{buildroot}
@@ -412,6 +406,7 @@ mkdir %{buildroot}%{_sysconfdir}/sysconfig/
install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
+install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa/
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
@@ -451,7 +446,7 @@ if [ $1 -gt 1 ] ; then
# Note also it is now safe to run this script against working FreeIPA install
# after it has been migrated to systemd setup
/usr/libexec/freeipa-systemd-upgrade || :
- /usr/sbin/ipa-upgradeconfig >/dev/null 2>&1|| :
+ /usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
fi
%posttrans server
@@ -532,6 +527,21 @@ if [ $1 -eq 0 ]; then
fi
%endif
+%post client
+if [ $1 -gt 1 ] ; then
+ # Has the client been configured?
+ restore=0
+ test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
+
+ if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
+ if ! egrep -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
+ echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
+ cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
+ mv /etc/krb5.conf.ipanew /etc/krb5.conf
+ /sbin/restorecon /etc/krb5.conf
+ fi
+ fi
+fi
%if ! %{ONLY_CLIENT}
%files server -f server-python.list
@@ -557,6 +567,7 @@ fi
%{_sysconfdir}/cron.d/ipa-compliance
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
+%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
%config %{_sysconfdir}/tmpfiles.d/ipa.conf
# Use systemd scheme
%attr(644,root,root) %{_unitdir}/ipa.service
@@ -570,6 +581,7 @@ fi
%attr(755,root,root) %{_libdir}/ipa/certmonger/*
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/wsgi.py*
+%{_usr}/share/ipa/copy-schema-to-ca.py*
%{_usr}/share/ipa/*.ldif
%{_usr}/share/ipa/*.uldif
%{_usr}/share/ipa/*.template
@@ -744,6 +756,14 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Mon Dec 10 2012 Rob Crittenden <rcritten at redhat.com> - 3.1.0-1
+- Updated to upstream 3.1.0 GA
+- Set minimum for sssd to 1.9.2
+- Set minimum for pki-ca to 10.0.0-1
+- Set minimum for 389-ds-base to 1.3.0
+- Set minimum for selinux-policy to 3.11.1-60
+- Remove unneeded dogtag package requires
+
* Fri Oct 23 2012 Martin Kosek <mkosek at redhat.com> - 3.0.0-3
- Update Requires on krb5-server to 1.11
diff --git a/sources b/sources
index aaa6393..49a65f5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d80d320f13fa5944eda5112b085cfb51 freeipa-3.0.0.tar.gz
+0277193d850c28ecfddacfa66e9afa03 freeipa-3.1.0.tar.gz
More information about the scm-commits
mailing list