rpms/ipa/F-9 freeipa-dnsquery.patch, NONE, 1.1 freeipa-nssperms.patch, NONE, 1.1 ipa.spec, 1.8, 1.9

Robert Crittenden (rcritten) fedora-extras-commits at redhat.com
Mon Apr 28 20:27:16 UTC 2008 

Author: rcritten

Update of /cvs/extras/rpms/ipa/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18223

Modified Files:
	ipa.spec 
Added Files:
	freeipa-dnsquery.patch freeipa-nssperms.patch 
Log Message:
- Added patch to fix permissions problems with the Apache NSS database.
- Added patch to fix problem with DNS querying where the query could be
  returned as the answer.
- Fix spec error where patch1 was in the wrong section


freeipa-dnsquery.patch:

--- NEW FILE freeipa-dnsquery.patch ---
--- a/ipa-python/dnsclient.py
+++ b/ipa-python/dnsclient.py
@@ -365,22 +365,22 @@ def dnsParseResults(results):
 		if not rest:
 			return []
 		
-		rr = DNSResult()
+		qq = DNSResult()
 
 		(rest, label) = dnsParseLabel(rest, results)
 		if label is None:
 			return []
 
-		if len(rest) < rr.qsize():
+		if len(rest) < qq.qsize():
 			return []
 		
-		rr.qunpack(rest)
+		qq.qunpack(rest)
 		
-		rest = rest[rr.qsize():]
+		rest = rest[qq.qsize():]
 
 		if DEBUG_DNSCLIENT:
 			print "Queried for '%s', class = %d, type = %d." % (label,
-				rr.dns_class, rr.dns_type)
+				qq.dns_class, qq.dns_type)
 
 	for i in xrange(header.dns_ancount + header.dns_nscount + header.dns_arcount):
 		(rest, label) = dnsParseLabel(rest, results)
@@ -424,8 +424,6 @@ def dnsParseResults(results):
 		rest = rest[rr.dns_rlength:]
 		rrlist += [rr]
 
-	if not rrlist:
-		rrlist = [rr]
 	return rrlist
 
 def query(query, qclass, qtype):

freeipa-nssperms.patch:

--- NEW FILE freeipa-nssperms.patch ---
--- a/ipa-server/ipaserver/httpinstance.py
+++ b/ipa-server/ipaserver/httpinstance.py
@@ -160,6 +160,16 @@ class HTTPInstance(service.Service):
             ca.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca)
             ca.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ds_ca)
 
+        # Fix the database permissions
+        os.chmod(NSS_DIR + "/cert8.db", 0640)
+        os.chmod(NSS_DIR + "/key3.db", 0640)
+        os.chmod(NSS_DIR + "/secmod.db", 0640)
+
+        pent = pwd.getpwnam("apache")
+        os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid )
+        os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid )
+        os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid )
+
     def __setup_autoconfig(self):
         prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict)
         prefs_fd = open("/usr/share/ipa/html/preferences.html", "w")


Index: ipa.spec
===================================================================
RCS file: /cvs/extras/rpms/ipa/F-9/ipa.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ipa.spec	25 Apr 2008 18:53:13 -0000	1.8
+++ ipa.spec	28 Apr 2008 20:26:39 -0000	1.9
@@ -6,7 +6,7 @@
 
 Name:           ipa
 Version:        1.0.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 Group:          System Environment/Base
@@ -16,6 +16,8 @@
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Patch1:         freeipa-default-keytype.patch
+Patch2:         freeipa-nssperms.patch
+Patch3:         freeipa-dnsquery.patch
 
 BuildRequires:  fedora-ds-base-devel >= 1.1
 BuildRequires:  mozldap-devel
@@ -176,9 +178,11 @@
 administering radius authentication settings in IPA.
 
 
-%patch1 -p1 -b default-keytype
 %prep
 %setup -n freeipa-%{version} -q
+%patch1 -p1 -b .default-keytype
+%patch2 -p1 -b .nssperms
+%patch3 -p1 -b .dnsquery
 
 %build
 cd ipa-server; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
@@ -424,6 +428,12 @@
 %{_sbindir}/ipa-modradiusprofile
 
 %changelog
+* Mon Apr 28 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.0-3
+- Added patch to fix permissions problems with the Apache NSS database.
+- Added patch to fix problem with DNS querying where the query could be
+  returned as the answer.
+- Fix spec error where patch1 was in the wrong section
+
 * Fri Apr 25 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.0-2
 - Added patch to fix problem reported by ldapmodify
 - Fix Requires for krb5-server that was missing for Fedora versions > 9

More information about the scm-commits mailing list