[freeipa/f18] Update to upstream 3.1.4
Martin Kosek
mkosek at fedoraproject.org
Tue May 7 11:34:08 UTC 2013
commit 89d3195472c11836cc245686b8b59455d5522044
Author: Martin Kosek <mkosek at redhat.com>
Date: Tue May 7 13:32:42 2013 +0200
Update to upstream 3.1.4
.gitignore | 1 +
...s-when-connecting-with-a-missing-username.patch | 70 --------------------
freeipa.spec | 59 ++++++++++++++---
sources | 2 +-
4 files changed, 52 insertions(+), 80 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 7c838ca..8ac4062 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@
/freeipa-3.1.0.tar.gz
/freeipa-3.1.2.tar.gz
/freeipa-3.1.3.tar.gz
+/freeipa-3.1.4.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index c6b4958..47b8525 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -11,11 +11,11 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif
%global POLICYCOREUTILSVER 2.1.12-5
%global gettext_domain ipa
-%global VERSION 3.1.3
+%global VERSION 3.1.4
Name: freeipa
-Version: 3.1.3
-Release: 5%{?dist}
+Version: 3.1.4
+Release: 1%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -24,8 +24,6 @@ URL: http://www.freeipa.org/
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Patch0001: 0001-bz928387-dos-when-connecting-with-a-missing-username.patch
-
%if ! %{ONLY_CLIENT}
BuildRequires: 389-ds-base-devel >= 1.3.0
BuildRequires: svrcore-devel
@@ -115,7 +113,7 @@ Requires(post): systemd-units
Requires: selinux-policy >= 3.11.1-86
Requires(post): selinux-policy-base
Requires: slapi-nis >= 0.44
-Requires: pki-ca >= 10.0.0-1
+Requires: pki-ca >= 10.0.2
Requires: dogtag-pki-server-theme
%if 0%{?rhel}
Requires: subscription-manager
@@ -136,6 +134,10 @@ Requires(pre): 389-ds-base >= 1.3.0.5
Conflicts: bind-dyndb-ldap < 2.3-2
Conflicts: bind < 9.9.1-10.P3
+# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
+# member.
+Conflicts: nss-pam-ldapd < 0.8.4
+
# mod_proxy provides a single API to communicate over SSL. If mod_ssl
# is even loaded into Apache then it grabs this interface.
Conflicts: mod_ssl
@@ -196,9 +198,9 @@ Requires(post): %{name}-server = %{version}-%{release}
Requires(postun): %{name}-server = %{version}-%{release}
# Specific requires
-Requires: 389-ds-base = 1.3.0.5
+Requires: 389-ds-base = 1.3.0.6
Requires: krb5-server = 1.10.3
-Requires: pki-ca = 10.0.1
+Requires: pki-ca = 10.0.2
%description server-strict
IPA is an integrated solution to provide centrally managed Identity (machine,
@@ -557,6 +559,42 @@ if [ $1 -gt 1 ] ; then
fi
fi
+%triggerin -n freeipa-client -- openssh-server
+# Has the client been configured?
+restore=0
+test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
+
+if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
+ if egrep -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then
+ sed -r '
+ /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
+ ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew
+
+ if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then
+ sed -ri '
+ s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
+ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
+ ' /etc/ssh/sshd_config.ipanew
+ elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then
+ sed -ri '
+ s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
+ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
+ ' /etc/ssh/sshd_config.ipanew
+ elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then
+ sed -ri '
+ s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/
+ s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
+ ' /etc/ssh/sshd_config.ipanew
+ fi
+
+ mv /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
+ /sbin/restorecon /etc/ssh/sshd_config
+ chmod 600 /etc/ssh/sshd_config
+
+ /bin/systemctl condrestart sshd.service 2>&1 || :
+ fi
+fi
+
%if ! %{ONLY_CLIENT}
%files server -f server-python.list
%defattr(-,root,root,-)
@@ -645,7 +683,6 @@ fi
%dir %{_usr}/share/ipa/ui/images
%{_usr}/share/ipa/ui/images/*.png
%{_usr}/share/ipa/ui/images/*.gif
-%dir %{_sysconfdir}/ipa
%dir %{_sysconfdir}/ipa/html
%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js
%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js
@@ -773,10 +810,14 @@ fi
%{python_sitelib}/ipapython-*.egg-info
%{python_sitelib}/freeipa-*.egg-info
%{python_sitearch}/python_default_encoding-*.egg-info
+%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Tue May 7 2013 Martin Kosek <mkosek at redhat.com> - 3.1.4-1
+- Update to upstream 3.1.4
+
* Mon Apr 15 2013 Martin Kosek <mkosek at redhat.com> - 3.1.3-5
- Rebuild against samba 4.0.5 (API changed)
diff --git a/sources b/sources
index e1e48e3..80b9c0a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-dbcc4cd3440372965d9f77162de2a7e6 freeipa-3.1.3.tar.gz
+dd6e57f7c09c4d766e7031e443ea3ad4 freeipa-3.1.4.tar.gz
More information about the scm-commits
mailing list