fix-oddjobs.diff: Fix paths and uids in oddjob configs.

debian/changelog

@@ -34,7 +34,6 @@ freeipa (4.3.1-1) UNRELEASED; urgency=medium
   * control, server: Migrate to mod-auth-gssapi.
   * Split freeipa-server-dns from server.
   * admintools: Use the new location for bash completions.
-  * rules: Fix paths in oddjob configs.
   * control, rules, fix-ipa-conf.diff: Add support for custodia.
   * rules: Remove obsolete configure.jar, preferences.html.
   * platform: Fix ipautil.run stdout handling, add support for systemd.
@@ -74,6 +73,7 @@ freeipa (4.3.1-1) UNRELEASED; urgency=medium
   * rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean.
   * control: Add opendnssec to freeipa-server-dns depends.
   * control: Add python-cffi to python-ipalib depends.
+  * fix-oddjobs.diff: Fix paths and uids in oddjob configs.
 
  -- Timo Aaltonen <tjaalton@debian.org>  Sat, 03 Oct 2015 08:56:31 +0300
 

debian/patches/fix-oddjobs.diff

@@ -0,0 +1,58 @@
+--- a/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
++++ b/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
+@@ -30,7 +30,7 @@
+            send_member="Get"/>
+   </policy>
+ 
+-  <policy user="apache">
++  <policy user="www-data">
+     <allow send_destination="com.redhat.idm.trust"
+            send_path="/"
+            send_interface="com.redhat.idm.trust"
+--- a/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
++++ b/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
+@@ -10,7 +10,7 @@
+     <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+   </policy>
+ 
+-  <policy user="apache">
++  <policy user="www-data">
+     <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+   </policy>
+ 
+--- a/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
++++ b/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
+@@ -2,11 +2,11 @@
+ <oddjobconfig>
+   <service name="org.freeipa.server">
+     <allow user="root"/>
+-    <allow user="apache"/>
++    <allow user="www-data"/>
+     <object name="/">
+       <interface name="org.freeipa.server">
+         <method name="conncheck">
+-          <helper exec="/usr/libexec/ipa/oddjob/org.freeipa.server.conncheck"
++          <helper exec="/usr/lib/ipa/oddjob/org.freeipa.server.conncheck"
+                   arguments="1"
+                   prepend_user_name="no"
+                   argument_passing_method="cmdline"/>
+--- a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
++++ b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
+@@ -2,7 +2,7 @@
+ <oddjobconfig>
+   <service name="com.redhat.idm.trust">
+     <allow user="root"/>
+-    <allow user="apache"/>
++    <allow user="www-data"/>
+     <object name="/">
+       <interface name="org.freedesktop.DBus.Introspectable">
+         <allow min_uid="0" max_uid="0"/>
+@@ -10,7 +10,7 @@
+       </interface>
+       <interface name="com.redhat.idm.trust">
+         <method name="fetch_domains">
+-          <helper exec="/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains"
++          <helper exec="/usr/lib/ipa/oddjob/com.redhat.idm.trust-fetch-domains"
+ 		  arguments="1"
+                   argument_passing_method="cmdline"
+ 		  prepend_user_name="no"/>

debian/patches/series

@@ -17,3 +17,4 @@ fix-dnssec-services.diff
 create-sysconfig-ods.diff
 fix-named-conf-template.diff
 fix-memcached.diff
+fix-oddjobs.diff

debian/rules

@@ -94,10 +94,6 @@ ifneq ($(ONLY_CLIENT), 1)
 	install -m 0644 init/systemd/ipa-custodia.service $(DESTDIR)/lib/systemd/system
 	install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/usr/share/bash-completion/completions/ipa
 
-	for i in $(DESTDIR)/etc/oddjobd.conf.d/ipa-server.conf \
-		$(DESTDIR)/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf; do \
-		sed -i -e"s/libexec.*\//lib\/ipa\/oddjob\//" $$i ; \
-	done
 else
 	make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client-install DESTDIR=$(DESTDIR)
 endif