[freeipa/f18] Update to upstream 3.1.4

Martin Kosek mkosek at fedoraproject.org
Tue May 7 11:34:08 UTC 2013 

commit 89d3195472c11836cc245686b8b59455d5522044
Author: Martin Kosek <mkosek at redhat.com>
Date:   Tue May 7 13:32:42 2013 +0200

    Update to upstream 3.1.4

 .gitignore                                         |    1 +
 ...s-when-connecting-with-a-missing-username.patch |   70 --------------------
 freeipa.spec                                       |   59 ++++++++++++++---
 sources                                            |    2 +-
 4 files changed, 52 insertions(+), 80 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 7c838ca..8ac4062 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@
 /freeipa-3.1.0.tar.gz
 /freeipa-3.1.2.tar.gz
 /freeipa-3.1.3.tar.gz
+/freeipa-3.1.4.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index c6b4958..47b8525 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -11,11 +11,11 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 %endif
 %global POLICYCOREUTILSVER 2.1.12-5
 %global gettext_domain ipa
-%global VERSION 3.1.3
+%global VERSION 3.1.4
 
 Name:           freeipa
-Version:        3.1.3
-Release:        5%{?dist}
+Version:        3.1.4
+Release:        1%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 Group:          System Environment/Base
@@ -24,8 +24,6 @@ URL:            http://www.freeipa.org/
 Source0:        http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-Patch0001:      0001-bz928387-dos-when-connecting-with-a-missing-username.patch
-
 %if ! %{ONLY_CLIENT}
 BuildRequires:  389-ds-base-devel >= 1.3.0
 BuildRequires:  svrcore-devel
@@ -115,7 +113,7 @@ Requires(post): systemd-units
 Requires: selinux-policy >= 3.11.1-86
 Requires(post): selinux-policy-base
 Requires: slapi-nis >= 0.44
-Requires: pki-ca >= 10.0.0-1
+Requires: pki-ca >= 10.0.2
 Requires: dogtag-pki-server-theme
 %if 0%{?rhel}
 Requires: subscription-manager
@@ -136,6 +134,10 @@ Requires(pre): 389-ds-base >= 1.3.0.5
 Conflicts: bind-dyndb-ldap < 2.3-2
 Conflicts: bind < 9.9.1-10.P3
 
+# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
+# member.
+Conflicts: nss-pam-ldapd < 0.8.4
+
 # mod_proxy provides a single API to communicate over SSL. If mod_ssl
 # is even loaded into Apache then it grabs this interface.
 Conflicts: mod_ssl
@@ -196,9 +198,9 @@ Requires(post): %{name}-server = %{version}-%{release}
 Requires(postun): %{name}-server = %{version}-%{release}
 
 # Specific requires
-Requires: 389-ds-base = 1.3.0.5
+Requires: 389-ds-base = 1.3.0.6
 Requires: krb5-server = 1.10.3
-Requires: pki-ca = 10.0.1
+Requires: pki-ca = 10.0.2
 
 %description server-strict
 IPA is an integrated solution to provide centrally managed Identity (machine,
@@ -557,6 +559,42 @@ if [ $1 -gt 1 ] ; then
     fi
 fi
 
+%triggerin -n freeipa-client -- openssh-server
+# Has the client been configured?
+restore=0
+test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
+
+if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
+    if egrep -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then
+        sed -r '
+            /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
+        ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew
+
+        if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then
+            sed -ri '
+                s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
+                s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
+            ' /etc/ssh/sshd_config.ipanew
+        elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then
+            sed -ri '
+                s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
+                s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
+            ' /etc/ssh/sshd_config.ipanew
+        elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then
+            sed -ri '
+                s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/
+                s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
+            ' /etc/ssh/sshd_config.ipanew
+        fi
+
+        mv /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
+        /sbin/restorecon /etc/ssh/sshd_config
+        chmod 600 /etc/ssh/sshd_config
+
+        /bin/systemctl condrestart sshd.service 2>&1 || :
+    fi
+fi
+
 %if ! %{ONLY_CLIENT}
 %files server -f server-python.list
 %defattr(-,root,root,-)
@@ -645,7 +683,6 @@ fi
 %dir %{_usr}/share/ipa/ui/images
 %{_usr}/share/ipa/ui/images/*.png
 %{_usr}/share/ipa/ui/images/*.gif
-%dir %{_sysconfdir}/ipa
 %dir %{_sysconfdir}/ipa/html
 %config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js
 %config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js
@@ -773,10 +810,14 @@ fi
 %{python_sitelib}/ipapython-*.egg-info
 %{python_sitelib}/freeipa-*.egg-info
 %{python_sitearch}/python_default_encoding-*.egg-info
+%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Tue May  7 2013 Martin Kosek <mkosek at redhat.com> - 3.1.4-1
+- Update to upstream 3.1.4
+
 * Mon Apr 15 2013 Martin Kosek <mkosek at redhat.com> - 3.1.3-5
 - Rebuild against samba 4.0.5 (API changed)
 
diff --git a/sources b/sources
index e1e48e3..80b9c0a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-dbcc4cd3440372965d9f77162de2a7e6  freeipa-3.1.3.tar.gz
+dd6e57f7c09c4d766e7031e443ea3ad4  freeipa-3.1.4.tar.gz

More information about the scm-commits mailing list