IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

client: Fix kerberos support for Java by dropping a duplicate includedir from ipa-client-setup we already get from sssd. (Closes: #1034659)

Browse Source
This commit is contained in:
Timo Aaltonen
2023-04-27 17:23:13 +03:00
parent a72d0004f1
commit 1a99d94098
4 changed files with 114 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
debian/changelog vendored
View File

@@ -1,3 +1,11 @@
freeipa (4.9.11-2) UNRELEASED; urgency=medium
* client: Fix kerberos support for Java by dropping a duplicate
includedir from ipa-client-setup we already get from sssd. (Closes:
#1034659)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 27 Apr 2023 17:00:43 +0300
freeipa (4.9.11-1) unstable; urgency=medium freeipa (4.9.11-1) unstable; urgency=medium
* New upstream release. (Closes: #1029070) * New upstream release. (Closes: #1029070)

21
debian/freeipa-client.postinst vendored Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
set -e
case "$1" in
configure)
# drop duplicate include
if grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
sed -i '\;includedir /var/lib/sss/pubconf/krb5.include.d;d' /etc/krb5.conf
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#

84
debian/patches/drop-duplicate-includedir-from-krb5.conf.patch vendored Normal file
View File

@@ -0,0 +1,84 @@
From a83ae63578124a6cf101d3609213bedb9a66813d Mon Sep 17 00:00:00 2001
From: Timo Aaltonen <tjaalton@debian.org>
Date: Fri, 21 Apr 2023 11:30:20 +0300
Subject: [PATCH] Drop duplicate includedir from krb5.conf
SSSD already provides a config snippet which includes
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR, and having both breaks Java.
Add also a dependency on sssd-krb5 for freeipa-client.
https://pagure.io/freeipa/issue/9267
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
freeipa.spec.in | 7 +++----
install/share/krb5.conf.template | 1 -
ipaclient/install/client.py | 13 -------------
3 files changed, 3 insertions(+), 18 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 40ca377bf..8e14c5f55 100755
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -702,6 +702,7 @@ Requires: jansson
%endif
Requires: sssd-ipa >= %{sssd_version}
Requires: sssd-idp >= %{sssd_version}
+Requires: sssd-krb5 >= %{sssd_version}
Requires: certmonger >= %{certmonger_version}
Requires: nss-tools >= %{nss_version}
Requires: bind-utils
@@ -1253,10 +1254,8 @@ if [ $1 -gt 1 ] ; then
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
- if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
- echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
- cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
- mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
+ if grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
+ sed -i '\;includedir /var/lib/sss/pubconf/krb5.include.d;d' /etc/krb5.conf
fi
fi
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template
index 4d417416a..37ec8a4c1 100644
--- a/install/share/krb5.conf.template
+++ b/install/share/krb5.conf.template
@@ -1,5 +1,4 @@
$INCLUDES
-includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 6e7f17d5b..ef29a2c8a 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -699,19 +699,6 @@ def configure_krb5_conf(
}
])
- # SSSD include dir
- if configure_sssd:
- if not os.path.exists(paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR):
- os.makedirs(paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR, mode=0o755)
- opts.extend([
- {
- 'name': 'includedir',
- 'type': 'option',
- 'value': paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR,
- 'delim': ' '
- },
- krbconf.emptyLine()])
-
# [libdefaults]
libopts = [
krbconf.setOption('default_realm', cli_realm)
--
2.39.2

1
debian/patches/series vendored
View File

@@ -1,4 +1,5 @@
# upstreamed # upstreamed
drop-duplicate-includedir-from-krb5.conf.patch
# not upstreamable # not upstreamable
dnssec-race-wa.diff dnssec-race-wa.diff