[freeipa/f17] 2.2.2-2

[Martin Kosek]

commit 8ed10eacb424fdeab75997f00ea720f51660adf9
Author: Martin Kosek <mkosek at redhat.com>
Date:   Wed Jun 26 11:54:15 2013 +0200

    2.2.2-2
    
    Fix CA installation issue with pki-ca 9.0.26 introducing new required
    option client_token_name (#976788)

 0001-pkisilent-in-pki-ca-9.0.26.patch |   27 +++++++++++++++++++++++++++
 freeipa.spec                          |   14 ++++++++++----
 2 files changed, 37 insertions(+), 4 deletions(-)
---
diff --git a/0001-pkisilent-in-pki-ca-9.0.26.patch b/0001-pkisilent-in-pki-ca-9.0.26.patch
new file mode 100644
index 0000000..d9d3492
--- /dev/null
+++ b/0001-pkisilent-in-pki-ca-9.0.26.patch
@@ -0,0 +1,27 @@
+From 353fa6d72c9c341d9e8a028c1c9a0fefae64cc26 Mon Sep 17 00:00:00 2001
+From: Martin Kosek <mkosek at redhat.com>
+Date: Wed, 26 Jun 2013 10:54:48 +0200
+Subject: [PATCH] Add missing pkisilent option required in pki-ca 9.0.26
+
+https://bugzilla.redhat.com/show_bug.cgi?id=976788
+---
+ ipaserver/install/cainstance.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
+index 56b84fcd8f628685ddb5cdc813fcfc3d365be2a6..5577d4127342823c5911484e01c78a38f75adcbc 100644
+--- a/ipaserver/install/cainstance.py
++++ b/ipaserver/install/cainstance.py
+@@ -602,6 +602,9 @@ def __configure_instance(self):
+                     "-key_size", "2048",
+                     "-key_type", "rsa",
+                     "-key_algorithm", "SHA256withRSA",
++                    # Add temporary workaround for required -client_token_name option
++                    #   https://bugzilla.redhat.com/show_bug.cgi?id=976788
++                    "-client_token_name", "internal",
+                     "-save_p12", "true",
+                     "-backup_pwd", self.admin_password,
+                     "-subsystem_name", self.service_name,
+-- 
+1.8.1.4
+
diff --git a/freeipa.spec b/freeipa.spec
index 705cbdc..e6469b3 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -14,7 +14,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 
 Name:           freeipa
 Version:        2.2.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 Group:          System Environment/Base
@@ -23,6 +23,8 @@ URL:            http://www.freeipa.org/
 Source0:        http://www.freeipa.org/downloads/src/freeipa-%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+Patch0001:      0001-pkisilent-in-pki-ca-9.0.26.patch
+
 %if ! %{ONLY_CLIENT}
 BuildRequires:  389-ds-base-devel >= 1.2.10.4
 BuildRequires:  svrcore-devel
@@ -98,9 +100,9 @@ Requires(post): systemd-units
 Requires: selinux-policy >= 3.10.0-110
 Requires(post): selinux-policy-base
 Requires: slapi-nis >= 0.40
-Requires: pki-ca >= 9.0.18
-Requires: pki-silent >= 9.0.18
-Requires: pki-setup  >= 9.0.18
+Requires: pki-ca >= 9.0.26
+Requires: pki-silent >= 9.0.26
+Requires: pki-setup  >= 9.0.26
 # Only tomcat6 greater than this version provides proper systemd support
 Requires: tomcat6 >= 6.0.32-17
 Requires: dogtag-pki-common-theme
@@ -622,6 +624,10 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Wed Jun 26 2013 Martin Kosek <mkosek at redhat.com> - 2.2.2-2
+- Fix CA installation issue with pki-ca 9.0.26 introducing new required
+  option client_token_name (#976788)
+
 * Wed Feb 13 2013 Martin Kosek <mkosek at redhat.com> - 2.2.2-1
 - Updated to upstream 2.2.2 GA