[freeipa/f18] Updated to upstream 3.0.0 GA
rcritten
rcritten at fedoraproject.org
Fri Oct 12 16:12:09 UTC 2012
commit 130cdfe7a85b2298a86a2f820b208438156eef62
Author: Rob Crittenden <rcritten at redhat.com>
Date: Fri Oct 12 11:46:47 2012 -0400
Updated to upstream 3.0.0 GA
- Set minimum for samba to 4.0.0-153.
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
plugin to /dev/null since they cannot be used when trusts are configured
- Restrict krb5-server to 1.10.
- Set minimum for 389-ds-base to 1.3.0
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
- Add Requires on zip for generating FF browser extension
.gitignore | 1 +
freeipa.spec | 60 +++++++++++++++++++++++++++++++++++++++++++++++++--------
sources | 2 +-
3 files changed, 53 insertions(+), 10 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 3eee980..95af362 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@
/freeipa-3.0.0.pre2.tar.gz
/freeipa-3.0.0.rc1.tar.gz
/freeipa-3.0.0.rc2.tar.gz
+/freeipa-3.0.0.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index f39110a..7057573 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -11,11 +11,11 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif
%global POLICYCOREUTILSVER 2.1.12-5
%global gettext_domain ipa
-%global VERSION 3.0.0.rc2
+%global VERSION 3.0.0
Name: freeipa
Version: 3.0.0
-Release: 0.8%{?dist}
+Release: 1%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -30,7 +30,7 @@ BuildRequires: svrcore-devel
BuildRequires: /usr/share/selinux/devel/Makefile
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
BuildRequires: systemd-units
-BuildRequires: samba-devel >= 4.0.0-150
+BuildRequires: samba-devel >= 4.0.0-153
BuildRequires: samba-python
BuildRequires: libwbclient-devel
BuildRequires: libtalloc-devel
@@ -86,11 +86,12 @@ Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires: %{name}-server-selinux = %{version}-%{release}
-Requires(pre): 389-ds-base >= 1.2.11.14-1
+Requires(pre): 389-ds-base >= 1.3.0
Requires: openldap-clients
Requires: nss
Requires: nss-tools
Requires: krb5-server >= 1.10
+Requires: krb5-server < 1.11
Requires: krb5-pkinit-openssl
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp
@@ -114,7 +115,7 @@ Requires: pki-ca >= pki-ca-10.0.0-0.43.b1
Requires: pki-silent >= 10.0.0-0.43.b1
Requires: pki-setup >= 10.0.0-0.43.b1
# Temporary until dogtag adds their own requires: 09/21/12
-Requires: pki-symkey >= 10.0.0-0.33.a1
+Requires: pki-symkey >= 10.0.0-0.43.a1
Requires: tomcat >= 7.0.29
Requires: dogtag-pki-common-theme
Requires: dogtag-pki-ca-theme
@@ -125,6 +126,7 @@ Requires(preun): python systemd-units
Requires(postun): python systemd-units
Requires: python-dns
Requires: keyutils
+Requires: zip
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
@@ -169,9 +171,16 @@ Group: System Environment/Base
Requires: %{name}-server = %version-%release
Requires: python-crypto
Requires: samba-python
-Requires: samba
+Requires: samba >= 4.0.0-153
Requires: samba-winbind
Requires: libsss_idmap
+# We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5
+# on the installs where server-trust-ad subpackage is installed because
+# IPA AD trusts cannot be used at the same time with the locator plugin
+# since Winbindd will be configured in a different mode
+Requires(post): %{_sbindir}/update-alternatives
+Requires(postun): %{_sbindir}/update-alternatives
+Requires(preun): %{_sbindir}/update-alternatives
%description server-trust-ad
Cross-realm trusts with Active Directory in IPA require working Samba 4 installation.
@@ -184,7 +193,7 @@ Requires(post): %{name}-server = %{version}-%{release}
Requires(postun): %{name}-server = %{version}-%{release}
# Specific requires
-Requires(pre): 389-ds-base = 1.2.11.15
+Requires(pre): 389-ds-base = 1.3.0
Requires: krb5-server = 1.10.3
Requires: pki-ca = 10.0.0
@@ -359,6 +368,7 @@ rm %{buildroot}/%{_libdir}/samba/pdb/ipasam.la
mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html
mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysrestore
mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysupgrade
+mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/pki-ca/publish
mkdir %{buildroot}%{_usr}/share/ipa/html/
ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig.js \
%{buildroot}%{_usr}/share/ipa/html/ffconfig.js
@@ -401,6 +411,9 @@ install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_
mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
+mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
+touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
+
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_sysconfdir}/tmpfiles.d/ipa.conf
%endif
@@ -499,6 +512,22 @@ if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; t
rm -f ${FILE_CONTEXT}.%name
fi
fi
+
+%postun server-trust-ad
+if [ "$1" -ge "1" ]; then
+ if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then
+ %{_sbindir}/alternatives --set winbind_krb5_locator.so /dev/null
+ fi
+fi
+
+%post server-trust-ad
+%{_sbindir}/update-alternatives --install %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \
+ winbind_krb5_locator.so /dev/null 90
+
+%preun server-trust-ad
+if [ $1 -eq 0 ]; then
+ %{_sbindir}/update-alternatives --remove winbind_krb5_locator.so /dev/null
+fi
%endif
@@ -556,8 +585,6 @@ fi
%dir %{_usr}/share/ipa/html
%{_usr}/share/ipa/html/ffconfig.js
%{_usr}/share/ipa/html/ffconfig_page.js
-%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js
-%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js
%{_usr}/share/ipa/html/ssbrowser.html
%{_usr}/share/ipa/html/browserconfig.html
%{_usr}/share/ipa/html/unauthorized.html
@@ -586,6 +613,8 @@ fi
%{_usr}/share/ipa/ui/images/*.gif
%dir %{_sysconfdir}/ipa
%dir %{_sysconfdir}/ipa/html
+%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js
+%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
%config(noreplace) %{_sysconfdir}/ipa/html/ipa_error.css
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
@@ -619,6 +648,8 @@ fi
%dir %{_localstatedir}/lib/ipa
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysupgrade
+%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/pki-ca
+%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/pki-ca/publish
%dir %{_localstatedir}/cache/ipa
%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
%attr(755,root,root) %{_libdir}/krb5/plugins/kdb/ipadb.so
@@ -655,6 +686,7 @@ fi
%{_mandir}/man1/ipa-adtrust-install.1.gz
%{python_sitelib}/ipaserver/dcerpc*
%{python_sitelib}/ipaserver/install/adtrustinstance*
+%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
%files server-strict
%defattr(-,root,root,-)
@@ -710,6 +742,16 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Fri Oct 12 2012 Rob Crittenden <rcritten at redhat.com> - 3.0.0-1
+- Updated to upstream 3.0.0 GA
+- Set minimum for samba to 4.0.0-153.
+- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
+ plugin to /dev/null since they cannot be used when trusts are configured
+- Restrict krb5-server to 1.10.
+- Update BR for 389-ds-base to 1.3.0
+- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
+- Add Requires on zip for generating FF browser extension
+
* Fri Oct 5 2012 Rob Crittenden <rcritten at redhat.com> - 3.0.0-0.8
- Updated to upstream 3.0.0 rc 2
- Include new FF configuration extension
diff --git a/sources b/sources
index 201f702..aaa6393 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-59038fa8371d2a0163e52fdd0daaf73e freeipa-3.0.0.rc2.tar.gz
+d80d320f13fa5944eda5112b085cfb51 freeipa-3.0.0.tar.gz
More information about the scm-commits
mailing list