[freeipa] Update to upstream 4.1.0
Petr Vobornik
pvoborni at fedoraproject.org
Tue Oct 21 17:11:16 UTC 2014
commit 7ccb103e8eba0e91ac25e3eb8f8b703a87d67ec8
Author: Petr Vobornik <pvoborni at redhat.com>
Date: Tue Oct 21 16:35:27 2014 +0200
Update to upstream 4.1.0
see http://www.freeipa.org/page/Releases/4.1.0
.gitignore | 1 +
freeipa.spec | 164 ++++++++++++++++++++++++++++++++++++++++++++-------------
sources | 2 +-
3 files changed, 128 insertions(+), 39 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index fc5de3d..c8829a6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,4 @@
/freeipa-4.0.1.tar.gz
/freeipa-4.0.2.tar.gz
/freeipa-4.0.3.tar.gz
+/freeipa-4.1.0.tar.gz
diff --git a/freeipa.spec b/freeipa.spec
index b4cc8bc..5e8e064 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -1,10 +1,25 @@
-# Define ONLY_CLIENT to only make the ipa-client and ipa-python subpackages
+# Define ONLY_CLIENT to only make the ipa-admintools, ipa-client and ipa-python
+# subpackages
%{!?ONLY_CLIENT:%global ONLY_CLIENT 0}
+%global alt_name ipa
+%if 0%{?rhel}
+%global samba_version 4.0.5-1
+%global selinux_policy_version 3.12.1-153
+%else
+%global samba_version 2:4.0.5-1
+%global selinux_policy_version 3.12.1-179
+%endif
+
%global plugin_dir %{_libdir}/dirsrv/plugins
-%global POLICYCOREUTILSVER 2.1.14-37
%global gettext_domain ipa
-%global VERSION 4.0.3
+%if 0%{?rhel}
+%global platform_module rhel
+%else
+%global platform_module fedora
+%endif
+
+%global VERSION 4.1.0
%define _hardened_build 1
@@ -20,11 +35,11 @@ Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if ! %{ONLY_CLIENT}
-BuildRequires: 389-ds-base-devel >= 1.3.3.2
+BuildRequires: 389-ds-base-devel >= 1.3.3.5
BuildRequires: svrcore-devel
-BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
+BuildRequires: policycoreutils >= 2.1.12-5
BuildRequires: systemd-units
-BuildRequires: samba-devel >= 2:4.0.5-1
+BuildRequires: samba-devel >= %{samba_version}
BuildRequires: samba-python
BuildRequires: libwbclient-devel
BuildRequires: libtalloc-devel
@@ -62,11 +77,11 @@ BuildRequires: sssd >= 1.9.2
BuildRequires: python-lxml
BuildRequires: python-pyasn1 >= 0.0.9a
BuildRequires: python-qrcode-core >= 5.0.0
-BuildRequires: python-dns
+BuildRequires: python-dns >= 1.11.1
BuildRequires: m2crypto
BuildRequires: check
BuildRequires: libsss_idmap-devel
-BuildRequires: libsss_nss_idmap-devel
+BuildRequires: libsss_nss_idmap-devel >= 1.12.2
BuildRequires: java-headless
BuildRequires: rhino
BuildRequires: libverto-devel
@@ -76,6 +91,9 @@ BuildRequires: rhino
BuildRequires: python-lesscpy
BuildRequires: python-yubico
BuildRequires: python-backports-ssl_match_hostname
+BuildRequires: softhsm-devel >= 2.0.0b1-3
+BuildRequires: openssl-devel
+BuildRequires: p11-kit-devel
%description
IPA is an integrated solution to provide centrally managed Identity (machine,
@@ -90,7 +108,7 @@ Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
-Requires: 389-ds-base >= 1.3.3.2
+Requires: 389-ds-base >= 1.3.3.5
Requires: openldap-clients > 2.4.35-4
Requires: nss >= 3.14.3-12.0
Requires: nss-tools >= 3.14.3-12.0
@@ -102,7 +120,7 @@ Requires: httpd >= 2.4.6-6
Requires: mod_wsgi
Requires: mod_auth_kerb >= 5.4-16
Requires: mod_nss >= 1.0.8-26
-Requires: python-ldap
+Requires: python-ldap >= 2.4.15
Requires: python-krbV
Requires: acl
Requires: python-pyasn1
@@ -112,24 +130,30 @@ Requires: dbus-python
Requires: systemd-units >= 38
Requires(pre): systemd-units
Requires(post): systemd-units
-Requires: selinux-policy >= 3.12.1-176
+Requires: selinux-policy >= %{selinux_policy_version}
Requires(post): selinux-policy-base
-Requires: slapi-nis >= 0.47.7
-Requires: pki-ca >= 10.1.1
-Requires: dogtag-pki-server-theme
+Requires: slapi-nis >= 0.54-1
+Requires: pki-ca >= 10.2.0-3
%if 0%{?rhel}
Requires: subscription-manager
%endif
Requires(preun): python systemd-units
Requires(postun): python systemd-units
-Requires: python-dns
+Requires: python-dns >= 1.11.1
Requires: zip
-Requires: policycoreutils >= %{POLICYCOREUTILSVER}
+Requires: policycoreutils >= 2.1.12-5
Requires: tar
Requires(pre): certmonger >= 0.75.13
-Requires(pre): 389-ds-base >= 1.3.3.2
+Requires(pre): 389-ds-base >= 1.3.3.5
Requires: fontawesome-fonts
Requires: open-sans-fonts
+Requires: openssl
+Requires: softhsm >= 2.0.0b1-3
+Requires: p11-kit
+Requires: systemd-python
+
+Conflicts: %{alt_name}-server
+Obsoletes: %{alt_name}-server < %{version}
# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
# entire SELinux policy is stored in the system policy
@@ -138,15 +162,15 @@ Obsoletes: freeipa-server-selinux < 3.3.0
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
# that work for us.
-Conflicts: bind-dyndb-ldap < 5.0
-Conflicts: bind < 9.8.2-0.4.rc2
+Conflicts: bind-dyndb-ldap < 6.0-4
+Conflicts: bind < 9.9.6-2
+# DNSSEC
+Conflicts: opendnssec < 1.4.6-4
# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
# member.
Conflicts: nss-pam-ldapd < 0.8.4
-Obsoletes: ipa-server >= 1.0
-
%description server
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
@@ -162,7 +186,7 @@ Group: System Environment/Base
Requires: %{name}-server = %version-%release
Requires: m2crypto
Requires: samba-python
-Requires: samba >= 2:4.0.5-1
+Requires: samba >= %{samba_version}
Requires: samba-winbind
Requires: libsss_idmap
Requires: libsss_nss_idmap-python
@@ -175,6 +199,9 @@ Requires(post): python
Requires(postun): %{_sbindir}/update-alternatives
Requires(preun): %{_sbindir}/update-alternatives
+Conflicts: %{alt_name}-server-trust-ad
+Obsoletes: %{alt_name}-server-trust-ad < %{version}
+
%description server-trust-ad
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
@@ -196,13 +223,13 @@ Requires: pam_krb5
Requires: wget
Requires: libcurl >= 7.21.7-2
Requires: xmlrpc-c >= 1.27.4
-Requires: sssd >= 1.11.1
-Requires: certmonger >= 0.65
+Requires: sssd >= 1.12.2
+Requires: certmonger >= 0.75.6
Requires: nss-tools
Requires: bind-utils
Requires: oddjob-mkhomedir
Requires: python-krbV
-Requires: python-dns
+Requires: python-dns >= 1.11.1
Requires: libsss_autofs
Requires: autofs
Requires: libnfsidmap
@@ -210,7 +237,8 @@ Requires: nfs-utils
Requires: python-backports-ssl_match_hostname
Requires(post): policycoreutils
-Obsoletes: ipa-client >= 1.0
+Conflicts: %{alt_name}-client
+Obsoletes: %{alt_name}-client < %{version}
%description client
IPA is an integrated solution to provide centrally managed Identity (machine,
@@ -220,7 +248,6 @@ logs, analysis thereof). If your network uses IPA for authentication,
this package should be installed on every client machine.
-%if ! %{ONLY_CLIENT}
%package admintools
Summary: IPA administrative tools
Group: System Environment/Base
@@ -229,7 +256,8 @@ Requires: %{name}-client = %{version}-%{release}
Requires: python-krbV
Requires: python-ldap
-Obsoletes: ipa-admintools >= 1.0
+Conflicts: %{alt_name}-admintools
+Obsoletes: %{alt_name}-admintools < %{version}
%description admintools
IPA is an integrated solution to provide centrally managed Identity (machine,
@@ -237,7 +265,6 @@ user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This package provides command-line tools for
IPA administrators.
-%endif # ONLY_CLIENT
%package python
Summary: Python libraries used by IPA
@@ -256,7 +283,8 @@ Requires: python-pyasn1
Requires: python-dateutil
Requires: python-yubico
-Obsoletes: ipa-python >= 1.0
+Conflicts: %{alt_name}-python
+Obsoletes: %{alt_name}-python < %{version}
%description python
IPA is an integrated solution to provide centrally managed Identity (machine,
@@ -278,6 +306,9 @@ Requires: python-coverage
Requires: python-polib
Requires: python-paramiko >= 1.7.7
+Conflicts: %{alt_name}-tests
+Obsoletes: %{alt_name}-tests < %{version}
+
%description tests
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
@@ -320,6 +351,8 @@ export JAVA_STACK_SIZE="8m"
%endif
export CFLAGS="%{optflags} $CFLAGS"
export LDFLAGS="%{__global_ldflags} $LDFLAGS"
+export SUPPORTED_PLATFORM=%{platform_module}
+
# Force re-generate of platform support
export IPA_VENDOR_VERSION_SUFFIX=-%{release}
rm -f ipapython/version.py
@@ -341,6 +374,7 @@ make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client
%install
rm -rf %{buildroot}
+export SUPPORTED_PLATFORM=%{platform_module}
# Force re-generate of platform support
export IPA_VENDOR_VERSION_SUFFIX=-%{release}
rm -f ipapython/version.py
@@ -356,6 +390,8 @@ make client-install DESTDIR=%{buildroot}
%find_lang %{gettext_domain}
+mkdir -p %{buildroot}%{_usr}/share/ipa
+
%if ! %{ONLY_CLIENT}
# Remove .la files from libtool - we don't want to package
# these files
@@ -372,6 +408,7 @@ rm %{buildroot}/%{plugin_dir}/libipa_sidgen.la
rm %{buildroot}/%{plugin_dir}/libipa_sidgen_task.la
rm %{buildroot}/%{plugin_dir}/libipa_extdom_extop.la
rm %{buildroot}/%{plugin_dir}/libipa_range_check.la
+rm %{buildroot}/%{plugin_dir}/libipa_otp_counter.la
rm %{buildroot}/%{plugin_dir}/libipa_otp_lasttoken.la
rm %{buildroot}/%{_libdir}/krb5/plugins/kdb/ipadb.la
rm %{buildroot}/%{_libdir}/samba/pdb/ipasam.la
@@ -410,13 +447,24 @@ mkdir -p %{buildroot}%{_usr}/share/ipa/html/
mkdir -p %{buildroot}%{_initrddir}
mkdir %{buildroot}%{_sysconfdir}/sysconfig/
install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
+install -m 644 init/ipa-dnskeysyncd.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-dnskeysyncd
+install -m 644 init/ipa-ods-exporter.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-ods-exporter
+install -m 644 daemons/dnssec/ipa-ods-exporter.socket %{buildroot}%{_unitdir}/ipa-ods-exporter.socket
+install -m 644 daemons/dnssec/ipa-ods-exporter.service %{buildroot}%{_unitdir}/ipa-ods-exporter.service
+install -m 644 daemons/dnssec/ipa-dnskeysyncd.service %{buildroot}%{_unitdir}/ipa-dnskeysyncd.service
+
+# dnssec daemons
+mkdir -p %{buildroot}%{_libexecdir}/ipa/
+install daemons/dnssec/ipa-dnskeysyncd %{buildroot}%{_libexecdir}/ipa/ipa-dnskeysyncd
+install daemons/dnssec/ipa-dnskeysync-replica %{buildroot}%{_libexecdir}/ipa/ipa-dnskeysync-replica
+install daemons/dnssec/ipa-ods-exporter %{buildroot}%{_libexecdir}/ipa/ipa-ods-exporter
# Web UI plugin dir
mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins
# NOTE: systemd specific section
-mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d
-install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf
# END
mkdir -p %{buildroot}%{_localstatedir}/run/
@@ -437,11 +485,13 @@ mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup
mkdir -p %{buildroot}%{_sysconfdir}/ipa/
/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf
/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt
+mkdir -p %{buildroot}%{_sysconfdir}/ipa/dnssec
+mkdir -p %{buildroot}%{_sysconfdir}/ipa/nssdb
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
-
-%if ! %{ONLY_CLIENT}
mkdir -p %{buildroot}%{_sysconfdir}/bash_completion.d
install -pm 644 contrib/completion/ipa.bash_completion %{buildroot}%{_sysconfdir}/bash_completion.d/ipa
+
+%if ! %{ONLY_CLIENT}
mkdir -p %{buildroot}%{_sysconfdir}/cron.d
(cd %{buildroot}/%{python_sitelib}/ipaserver && find . -type f | \
@@ -551,9 +601,20 @@ if [ $1 -gt 1 ] ; then
/bin/systemctl condrestart ntpd.service 2>&1 || :
fi
fi
+
+ if [ ! -f '/etc/ipa/nssdb/cert8.db' -a $restore -ge 2 ]; then
+ python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1
+ tempfile=$(mktemp)
+ if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tempfile" 2>/var/log/ipaupgrade.log; then
+ certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tempfile" >/var/log/ipaupgrade.log 2>&1
+ elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tempfile" 2>/var/log/ipaupgrade.log; then
+ certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tempfile" >/var/log/ipaupgrade.log 2>&1
+ fi
+ rm -f "$tempfile"
+ fi
fi
-%triggerin -n freeipa-client -- openssh-server
+%triggerin -n %{name}-client -- openssh-server
# Has the client been configured?
restore=0
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
@@ -612,17 +673,27 @@ fi
%{_sbindir}/ipactl
%{_sbindir}/ipa-upgradeconfig
%{_sbindir}/ipa-advise
+%{_sbindir}/ipa-cacert-manage
%{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
%{_libexecdir}/ipa-otpd
+%dir %{_libexecdir}/ipa
+%{_libexecdir}/ipa/ipa-dnskeysyncd
+%{_libexecdir}/ipa/ipa-dnskeysync-replica
+%{_libexecdir}/ipa/ipa-ods-exporter
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
+%config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
+%config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
# NOTE: systemd specific section
-%{_prefix}/lib/tmpfiles.d/%{name}.conf
+%{_tmpfilesdir}/%{name}.conf
%attr(644,root,root) %{_unitdir}/ipa.service
%attr(644,root,root) %{_unitdir}/ipa_memcached.service
%attr(644,root,root) %{_unitdir}/ipa-otpd.socket
%attr(644,root,root) %{_unitdir}/ipa-otpd at .service
+%attr(644,root,root) %{_unitdir}/ipa-dnskeysyncd.service
+%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.socket
+%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.service
# END
%dir %{python_sitelib}/ipaserver
%dir %{python_sitelib}/ipaserver/install
@@ -719,6 +790,7 @@ fi
%attr(755,root,root) %{plugin_dir}/libipa_cldap.so
%attr(755,root,root) %{plugin_dir}/libipa_dns.so
%attr(755,root,root) %{plugin_dir}/libipa_range_check.so
+%attr(755,root,root) %{plugin_dir}/libipa_otp_counter.so
%attr(755,root,root) %{plugin_dir}/libipa_otp_lasttoken.so
%dir %{_localstatedir}/lib/ipa
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/backup
@@ -746,6 +818,7 @@ fi
%{_mandir}/man1/ipa-restore.1.gz
%{_mandir}/man1/ipa-advise.1.gz
%{_mandir}/man1/ipa-otptoken-import.1.gz
+%{_mandir}/man1/ipa-cacert-manage.1.gz
%files server-trust-ad
%{_sbindir}/ipa-adtrust-install
@@ -766,6 +839,7 @@ fi
%doc COPYING README Contributors.txt
%{_sbindir}/ipa-client-install
%{_sbindir}/ipa-client-automount
+%{_sbindir}/ipa-certupdate
%{_sbindir}/ipa-getkeytab
%{_sbindir}/ipa-rmkeytab
%{_sbindir}/ipa-join
@@ -778,34 +852,45 @@ fi
%{_mandir}/man1/ipa-rmkeytab.1.gz
%{_mandir}/man1/ipa-client-install.1.gz
%{_mandir}/man1/ipa-client-automount.1.gz
+%{_mandir}/man1/ipa-certupdate.1.gz
%{_mandir}/man1/ipa-join.1.gz
%{_mandir}/man5/default.conf.5.gz
-%if ! %{ONLY_CLIENT}
%files admintools
%defattr(-,root,root,-)
%doc COPYING README Contributors.txt
%{_bindir}/ipa
%config %{_sysconfdir}/bash_completion.d
%{_mandir}/man1/ipa.1.gz
-%endif # ONLY_CLIENT
%files python -f %{gettext_domain}.lang
%defattr(-,root,root,-)
%doc COPYING README Contributors.txt
%dir %{python_sitelib}/ipapython
%{python_sitelib}/ipapython/*.py*
+%dir %{python_sitelib}/ipapython/dnssec
+%{python_sitelib}/ipapython/dnssec/*.py*
%dir %{python_sitelib}/ipalib
%{python_sitelib}/ipalib/*
%dir %{python_sitelib}/ipaplatform
%{python_sitelib}/ipaplatform/*
%attr(0644,root,root) %{python_sitearch}/default_encoding_utf8.so
+%attr(0644,root,root) %{python_sitearch}/_ipap11helper.so
%{python_sitelib}/ipapython-*.egg-info
%{python_sitelib}/freeipa-*.egg-info
+%{python_sitelib}/ipaplatform-*.egg-info
%{python_sitearch}/python_default_encoding-*.egg-info
+%{python_sitearch}/_ipap11helper-*.egg-info
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
+%dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb
+%dir %attr(0755,root,root) %{_sysconfdir}/ipa/dnssec
+%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db
+%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db
+%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
+%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
+%ghost %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
%if ! %{ONLY_CLIENT}
%files tests -f tests-python.list
@@ -832,6 +917,9 @@ fi
%endif # ONLY_CLIENT
%changelog
+* Tue Oct 21 2014 Petr Vobornik <pvoborni at redhat.com> - 4.1.0-1
+- Update to upstream 4.1.0 - see http://www.freeipa.org/page/Releases/4.1.0
+
* Fri Sep 12 2014 Petr Viktorin <pviktori at redhat.com> - 4.0.3-1
- Update to upstream 4.0.3 - see http://www.freeipa.org/page/Releases/4.0.3
diff --git a/sources b/sources
index 0ca45b2..65d41bd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ad166bfed1ba9fc9241206c17d04a334 freeipa-4.0.3.tar.gz
+15d4914499ff928a1f90b3c4d15998f8 freeipa-4.1.0.tar.gz
More information about the scm-commits
mailing list