mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
client: Fix kerberos support for Java by dropping a duplicate includedir from ipa-client-setup we already get from sssd. (Closes: #1034659)
This commit is contained in:
Timo Aaltonen
8
debian/changelog
vendored
8
debian/changelog
vendored
@@ -1,3 +1,11 @@
|
||||
freeipa (4.9.11-2) UNRELEASED; urgency=medium
|
||||
|
||||
* client: Fix kerberos support for Java by dropping a duplicate
|
||||
includedir from ipa-client-setup we already get from sssd. (Closes:
|
||||
#1034659)
|
||||
|
||||
-- Timo Aaltonen <tjaalton@debian.org> Thu, 27 Apr 2023 17:00:43 +0300
|
||||
|
||||
freeipa (4.9.11-1) unstable; urgency=medium
|
||||
|
||||
* New upstream release. (Closes: #1029070)
|
||||
|
||||
21
debian/freeipa-client.postinst
vendored
Normal file
21
debian/freeipa-client.postinst
vendored
Normal file
@@ -0,0 +1,21 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
# drop duplicate include
|
||||
if grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
|
||||
sed -i '\;includedir /var/lib/sss/pubconf/krb5.include.d;d' /etc/krb5.conf
|
||||
fi
|
||||
;;
|
||||
|
||||
abort-upgrade|abort-remove|abort-deconfigure)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "postinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
#DEBHELPER#
|
||||
84
debian/patches/drop-duplicate-includedir-from-krb5.conf.patch
vendored
Normal file
84
debian/patches/drop-duplicate-includedir-from-krb5.conf.patch
vendored
Normal file
@@ -0,0 +1,84 @@
|
||||
From a83ae63578124a6cf101d3609213bedb9a66813d Mon Sep 17 00:00:00 2001
|
||||
From: Timo Aaltonen <tjaalton@debian.org>
|
||||
Date: Fri, 21 Apr 2023 11:30:20 +0300
|
||||
Subject: [PATCH] Drop duplicate includedir from krb5.conf
|
||||
|
||||
SSSD already provides a config snippet which includes
|
||||
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR, and having both breaks Java.
|
||||
|
||||
Add also a dependency on sssd-krb5 for freeipa-client.
|
||||
|
||||
https://pagure.io/freeipa/issue/9267
|
||||
|
||||
Signed-off-by: Timo Aaltonen <tjaalton@debian.org>
|
||||
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
||||
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
||||
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
||||
---
|
||||
freeipa.spec.in | 7 +++----
|
||||
install/share/krb5.conf.template | 1 -
|
||||
ipaclient/install/client.py | 13 -------------
|
||||
3 files changed, 3 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/freeipa.spec.in b/freeipa.spec.in
|
||||
index 40ca377bf..8e14c5f55 100755
|
||||
--- a/freeipa.spec.in
|
||||
+++ b/freeipa.spec.in
|
||||
@@ -702,6 +702,7 @@ Requires: jansson
|
||||
%endif
|
||||
Requires: sssd-ipa >= %{sssd_version}
|
||||
Requires: sssd-idp >= %{sssd_version}
|
||||
+Requires: sssd-krb5 >= %{sssd_version}
|
||||
Requires: certmonger >= %{certmonger_version}
|
||||
Requires: nss-tools >= %{nss_version}
|
||||
Requires: bind-utils
|
||||
@@ -1253,10 +1254,8 @@ if [ $1 -gt 1 ] ; then
|
||||
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
||||
|
||||
if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
|
||||
- if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
|
||||
- echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
|
||||
- cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
|
||||
- mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
|
||||
+ if grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
|
||||
+ sed -i '\;includedir /var/lib/sss/pubconf/krb5.include.d;d' /etc/krb5.conf
|
||||
fi
|
||||
fi
|
||||
|
||||
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template
|
||||
index 4d417416a..37ec8a4c1 100644
|
||||
--- a/install/share/krb5.conf.template
|
||||
+++ b/install/share/krb5.conf.template
|
||||
@@ -1,5 +1,4 @@
|
||||
$INCLUDES
|
||||
-includedir /var/lib/sss/pubconf/krb5.include.d/
|
||||
|
||||
[logging]
|
||||
default = FILE:/var/log/krb5libs.log
|
||||
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
|
||||
index 6e7f17d5b..ef29a2c8a 100644
|
||||
--- a/ipaclient/install/client.py
|
||||
+++ b/ipaclient/install/client.py
|
||||
@@ -699,19 +699,6 @@ def configure_krb5_conf(
|
||||
}
|
||||
])
|
||||
|
||||
- # SSSD include dir
|
||||
- if configure_sssd:
|
||||
- if not os.path.exists(paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR):
|
||||
- os.makedirs(paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR, mode=0o755)
|
||||
- opts.extend([
|
||||
- {
|
||||
- 'name': 'includedir',
|
||||
- 'type': 'option',
|
||||
- 'value': paths.SSSD_PUBCONF_KRB5_INCLUDE_D_DIR,
|
||||
- 'delim': ' '
|
||||
- },
|
||||
- krbconf.emptyLine()])
|
||||
-
|
||||
# [libdefaults]
|
||||
libopts = [
|
||||
krbconf.setOption('default_realm', cli_realm)
|
||||
--
|
||||
2.39.2
|
||||
|
||||
1
debian/patches/series
vendored
1
debian/patches/series
vendored
@@ -1,4 +1,5 @@
|
||||
# upstreamed
|
||||
drop-duplicate-includedir-from-krb5.conf.patch
|
||||
|
||||
# not upstreamable
|
||||
dnssec-race-wa.diff
|
||||
|
||||
Reference in New Issue
Block a user