IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

patches: Replace bits of platform.diff and other patches with ones sent upstream. Refresh others.

Browse Source
This commit is contained in:
Timo Aaltonen
2015-10-22 16:16:17 +03:00
parent cda09c3084
commit 1be19095a8
15 changed files with 402 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@@ -7,6 +7,8 @@ freeipa (4.2.2-1) UNRELEASED; urgency=medium
* control: Add python-cryptography to build-deps and python-freeipa * control: Add python-cryptography to build-deps and python-freeipa
deps. deps.
* control: Add libp11-kit-dev to build-deps, p11-kit to server deps. * control: Add libp11-kit-dev to build-deps, p11-kit to server deps.
* patches: Replace bits of platform.diff and other patches with ones
sent upstream. Refresh others.
-- Timo Aaltonen <tjaalton@debian.org> Sat, 03 Oct 2015 08:56:31 +0300 -- Timo Aaltonen <tjaalton@debian.org> Sat, 03 Oct 2015 08:56:31 +0300

154
debian/patches/add-debian-platform.diff vendored
View File

@@ -372,7 +372,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
"ipaplatform.rhel"], "ipaplatform.rhel"],
--- a/ipaserver/install/ntpinstance.py --- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py +++ b/ipaserver/install/ntpinstance.py
@@ -46,6 +46,8 @@ class NTPInstance(service.Service): @@ -50,6 +50,8 @@ class NTPInstance(service.Service):
os = "fedora" os = "fedora"
elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE): elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
os = "rhel" os = "rhel"
@@ -381,34 +381,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
srv_vals = [] srv_vals = []
srv_vals.append("0.%s.pool.ntp.org" % os) srv_vals.append("0.%s.pool.ntp.org" % os)
@@ -106,9 +108,9 @@ class NTPInstance(service.Service):
fd.close()
for line in lines:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
for opt in needopts:
if sline.find(opt['val']) != -1:
opt['need'] = False
@@ -124,12 +126,12 @@ class NTPInstance(service.Service):
for line in lines:
if not done:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
fd.write(line)
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
(variable, opts) = sline.split('=', 1)
- fd.write('OPTIONS="%s %s"\n' % (opts, ' '.join(newopts)))
+ fd.write('NTPD_OPTS="%s %s"\n' % (opts, ' '.join(newopts)))
done = True
else:
fd.write(line)
--- a/ipaserver/install/ldapupdate.py --- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py
@@ -328,9 +328,9 @@ class LDAPUpdate: @@ -328,9 +328,9 @@ class LDAPUpdate:
@@ -425,55 +397,15 @@ Date: Fri Mar 1 12:21:00 2013 +0200
try: try:
--- a/ipaserver/install/httpinstance.py --- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py
@@ -140,6 +140,7 @@ class HTTPInstance(service.Service): @@ -159,6 +159,7 @@ class HTTPInstance(service.Service):
if not self.is_kdcproxy_configured(): self.step("create KDC proxy user", create_kdcproxy_user)
self.step("create KDC proxy config", self.create_kdcproxy_conf) self.step("create KDC proxy config", self.create_kdcproxy_conf)
self.step("enable KDC proxy", self.enable_kdcproxy) self.step("enable KDC proxy", self.enable_kdcproxy)
+ ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True) + ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True)
self.step("restarting httpd", self.__start) self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable) self.step("configuring httpd to start on boot", self.__enable)
@@ -170,14 +171,14 @@ class HTTPInstance(service.Service): @@ -470,6 +471,8 @@ class HTTPInstance(service.Service):
self.move_service(self.principal)
self.add_cert_to_service()
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
def remove_httpd_ccache(self):
# Clean up existing ccache
# Make sure that empty env is passed to avoid passing KRB5CCNAME from
# current env
- ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+ ipautil.run(['kdestroy', '-A'], runas='www-data', raiseonerr=False, env={})
def __configure_http(self):
target_fname = paths.HTTPD_IPA_CONF
@@ -226,11 +227,11 @@ class HTTPInstance(service.Service):
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
def __set_mod_nss_passwordfile(self):
- installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
+ installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:' + paths.HTTPD_PASSWORD_CONF)
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
- if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
+ if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf-available/ipa-rewrite.conf\n</VirtualHost>') != 0:
print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
def configure_certmonger_renewal_guard(self):
@@ -306,7 +307,7 @@ class HTTPInstance(service.Service):
os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -451,6 +452,8 @@ class HTTPInstance(service.Service):
enabled = self.restore_state("enabled") enabled = self.restore_state("enabled")
@@ -482,39 +414,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
self.stop_tracking_certificates() self.stop_tracking_certificates()
helper = self.restore_state('certmonger_ipa_helper') helper = self.restore_state('certmonger_ipa_helper')
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -151,7 +151,7 @@ class ServerCertInstall(admintool.AdminT
os.chmod(os.path.join(dirname, 'key3.db'), 0640)
os.chmod(os.path.join(dirname, 'secmod.db'), 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1094,7 +1094,7 @@ class CAInstance(DogtagInstance):
os.chmod(self.ra_agent_db + "/key3.db", 0640)
os.chmod(self.ra_agent_db + "/secmod.db", 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -519,7 +519,7 @@ class CertDB(object):
f.close()
pwdfile.close()
# TODO: replace explicit uid by a platform-specific one
- self.set_perms(self.pwd_conf, uid="apache")
+ self.set_perms(self.pwd_conf, uid="www-data")
def find_root_cert(self, nickname):
"""
--- a/init/ipa_memcached.conf --- a/init/ipa_memcached.conf
+++ b/init/ipa_memcached.conf +++ b/init/ipa_memcached.conf
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@@ -524,26 +423,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
MAXCONN=1024 MAXCONN=1024
CACHESIZE=64 CACHESIZE=64
OPTIONS= OPTIONS=
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -572,7 +572,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
- reverse_zones, named_user="named", zonemgr=None,
+ reverse_zones, named_user="bind", zonemgr=None,
ca_configured=None, no_dnssec_validation=False):
self.named_user = named_user
self.fqdn = fqdn
@@ -1013,7 +1013,7 @@ class BindInstance(service.Service):
def __generate_rndc_key(self):
installutils.check_entropy()
- ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+ ipautil.run(paths.GENERATE_RNDC_KEY)
def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
reverse_zones, ntp=False, ca_configured=None):
--- a/init/systemd/ipa_memcached.service --- a/init/systemd/ipa_memcached.service
+++ b/init/systemd/ipa_memcached.service +++ b/init/systemd/ipa_memcached.service
@@ -4,7 +4,7 @@ After=network.target @@ -4,7 +4,7 @@ After=network.target
@@ -568,3 +447,28 @@ Date: Fri Mar 1 12:21:00 2013 +0200
include "$RFC1912_ZONES"; include "$RFC1912_ZONES";
include "$ROOT_KEY"; include "$ROOT_KEY";
--- /dev/null
+++ b/ipaplatform/debian/constants.py
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+'''
+This Debian family platform module exports platform dependant constants.
+'''
+
+# Fallback to default path definitions
+from ipaplatform.base.constants import BaseConstantsNamespace
+
+
+class DebianConstantsNamespace(BaseConstantsNamespace):
+ HTTPD_USER = "www-data"
+ NAMED_USER = "bind"
+ # ntpd init variable used for daemon options
+ NTPD_OPTS_VAR = "NTPD_OPTS"
+ # quote used for daemon options
+ NTPD_OPTS_QUOTE = "\'"
+ SECURE_NFS_VAR = "NEED_GSSD"
+
+constants = DebianConstantsNamespace()

39
debian/patches/fix-hyphen-used-as-minus-sign.patch vendored
View File

@@ -1,11 +1,23 @@
Description: Fix hyphen-used-as-minus-sign warning (found by Lintian). From 9fc6a372c37d5fa0c514de49d262d26130b6bb5c Mon Sep 17 00:00:00 2001
See https://lintian.debian.org/tags/hyphen-used-as-minus-sign.html for From: Benjamin Drung <benjamin.drung@profitbricks.com>
an explanation. Date: Mon, 5 Oct 2015 15:41:30 +0300
Author: Benjamin Drung <benjamin.drung@profitbricks.com> Subject: [PATCH] Fix hyphen-used-as-minus-sign warning (found by lintian)
See https://lintian.debian.org/tags/hyphen-used-as-minus-sign.html for
an explanation.
---
install/tools/man/ipa-adtrust-install.1 | 2 +-
install/tools/man/ipa-replica-conncheck.1 | 6 +++---
install/tools/man/ipa-server-install.1 | 2 +-
ipatests/man/ipa-test-config.1 | 4 ++--
ipatests/man/ipa-test-task.1 | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1
index 2658f1957d1161963bf6af75e5a086a01b95c52f..06378b5983e55bb6c34971b0f5129246f9f14fd3 100644
--- a/install/tools/man/ipa-adtrust-install.1 --- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1
@@ -117,7 +117,7 @@ The name of the user with administrative @@ -117,7 +117,7 @@ The name of the user with administrative privileges for this IPA server. Default
\fB\-a\fR, \fB\-\-admin\-password\fR=\fIpassword\fR \fB\-a\fR, \fB\-\-admin\-password\fR=\fIpassword\fR
The password of the user with administrative privileges for this IPA server. Will be asked interactively if \fB\-U\fR is not specified. The password of the user with administrative privileges for this IPA server. Will be asked interactively if \fB\-U\fR is not specified.
.TP .TP
@@ -14,6 +26,8 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.TP .TP
\fB\-\-enable\-compat\fR \fB\-\-enable\-compat\fR
Enables support for trusted domains users for old clients through Schema Compatibility plugin. Enables support for trusted domains users for old clients through Schema Compatibility plugin.
diff --git a/install/tools/man/ipa-replica-conncheck.1 b/install/tools/man/ipa-replica-conncheck.1
index 566322cf035bbb51d1ba8b14166a1b61375015da..e948d7919c772305ef2f0b5b7b50de2b908ff9e0 100644
--- a/install/tools/man/ipa-replica-conncheck.1 --- a/install/tools/man/ipa-replica-conncheck.1
+++ b/install/tools/man/ipa-replica-conncheck.1 +++ b/install/tools/man/ipa-replica-conncheck.1
@@ -70,13 +70,13 @@ Output only errors @@ -70,13 +70,13 @@ Output only errors
@@ -33,9 +47,11 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
Run a replica\-master connection check. In case of a success switch to listening mode, automatically log to \fImaster.example.com\fR in a realm \fIEXAMPLE.COM\fR with a password \fIpassword\fR and run the second part of the connection check. Run a replica\-master connection check. In case of a success switch to listening mode, automatically log to \fImaster.example.com\fR in a realm \fIEXAMPLE.COM\fR with a password \fIpassword\fR and run the second part of the connection check.
.SH "EXIT STATUS" .SH "EXIT STATUS"
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 2e0ff803c1b185d699f6f15dfb487e455404932e..d5d75cf6ec4ad051a690553bef0639f48a67dae1 100644
--- a/install/tools/man/ipa-server-install.1 --- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1
@@ -46,7 +46,7 @@ Create home directories for users on the @@ -46,7 +46,7 @@ Create home directories for users on their first login
The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures. The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures.
.TP .TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
@@ -44,9 +60,11 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
This this option can be used multiple times to specify more IP addresses of the server (e.g. multihomed and/or dualstacked server). This this option can be used multiple times to specify more IP addresses of the server (e.g. multihomed and/or dualstacked server).
.TP .TP
\fB\-N\fR, \fB\-\-no\-ntp\fR \fB\-N\fR, \fB\-\-no\-ntp\fR
diff --git a/ipatests/man/ipa-test-config.1 b/ipatests/man/ipa-test-config.1
index 320d1fe1fb22ee676da51b866870a39d7ccbbc06..e687fb194d83537b90ca73042718c5143a6d8378 100644
--- a/ipatests/man/ipa-test-config.1 --- a/ipatests/man/ipa-test-config.1
+++ b/ipatests/man/ipa-test-config.1 +++ b/ipatests/man/ipa-test-config.1
@@ -22,7 +22,7 @@ ipa\-test\-config \- Generate FreeIPA te @@ -22,7 +22,7 @@ ipa\-test\-config \- Generate FreeIPA test configuration for use in Bash scripts
.SH "SYNOPSIS" .SH "SYNOPSIS"
ipa\-test\-config [options] ipa\-test\-config [options]
.br .br
@@ -55,7 +73,7 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.br .br
ipa\-test\-config [options] hostname ipa\-test\-config [options] hostname
.SH "DESCRIPTION" .SH "DESCRIPTION"
@@ -37,7 +37,7 @@ If run without arguments, it prints out @@ -37,7 +37,7 @@ If run without arguments, it prints out configuration specific to the local
host. host.
Another host may be specified as an argument, or via the \-\-master, Another host may be specified as an argument, or via the \-\-master,
\-\-replica, and \-\-client options. \-\-replica, and \-\-client options.
@@ -64,6 +82,8 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
any host. any host.
.SH "OPTIONS" .SH "OPTIONS"
diff --git a/ipatests/man/ipa-test-task.1 b/ipatests/man/ipa-test-task.1
index 4b855b54f545f14c3d33d2de4451c830c749a1d7..70024385d390e13f6101f0e699474de70713c164 100644
--- a/ipatests/man/ipa-test-task.1 --- a/ipatests/man/ipa-test-task.1
+++ b/ipatests/man/ipa-test-task.1 +++ b/ipatests/man/ipa-test-task.1
@@ -20,7 +20,7 @@ @@ -20,7 +20,7 @@
@@ -75,3 +95,6 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.br .br
ipa\-test\-task [global-options] TASK [task-options] ipa\-test\-task [global-options] TASK [task-options]
.SH "DESCRIPTION" .SH "DESCRIPTION"
--
2.5.0

30
debian/patches/fix-manpage-has-errors-from-man.patch vendored
View File

@@ -1,13 +1,22 @@
Description: Fix manpage-has-errors-from-man warning (found by Lintian). From 33751c9a644cc071222f00c44ec7baf0fe05ffc8 Mon Sep 17 00:00:00 2001
See https://lintian.debian.org/tags/manpage-has-errors-from-man.html for From: Benjamin Drung <benjamin.drung@profitbricks.com>
an explanation. Issues found were Date: Mon, 5 Oct 2015 15:43:06 +0300
ipa-client-install.1.gz 208: warning [p 5, 4.0i]: cannot adjust line Subject: [PATCH] Fix manpage-has-errors-from-man warning (found by Lintian)
default.conf.5.gz 50: warning: macro `np' not defined
Author: Benjamin Drung <benjamin.drung@profitbricks.com>
See https://lintian.debian.org/tags/manpage-has-errors-from-man.html for
an explanation. Issues found were
ipa-client-install.1.gz 208: warning [p 5, 4.0i]: cannot adjust line
default.conf.5.gz 50: warning: macro `np' not defined
---
ipa-client/man/default.conf.5 | 4 +--
ipa-client/man/ipa-client-install.1 | 49 +++++++++++++++++++++++--------------
2 files changed, 33 insertions(+), 20 deletions(-)
diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5
index 75b9f86bcf4fe065c65f0a1b115976fc1cec13bd..d5cef5b36f55c719287d636a18ebbb52079310ca 100644
--- a/ipa-client/man/default.conf.5 --- a/ipa-client/man/default.conf.5
+++ b/ipa-client/man/default.conf.5 +++ b/ipa-client/man/default.conf.5
@@ -47,14 +47,14 @@ Valid lines consist of an option name, a @@ -47,14 +47,14 @@ Valid lines consist of an option name, an equals sign and a value. Spaces surrou
Values should not be quoted, the quotes will not be stripped. Values should not be quoted, the quotes will not be stripped.
@@ -24,9 +33,11 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
Options must appear in the section named [global]. There are no other sections defined or used currently. Options must appear in the section named [global]. There are no other sections defined or used currently.
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 0fafd8a3f2ee24b400b1cbeada4ddf7cea9493b0..cdcc56fee6ce82e0fe00048d52b13d27e8fe3450 100644
--- a/ipa-client/man/ipa-client-install.1 --- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1
@@ -216,36 +216,49 @@ Unattended uninstallation. The user will @@ -222,36 +222,49 @@ Unattended uninstallation. The user will not be prompted.
.TP .TP
Files that will be replaced if SSSD is configured (default): Files that will be replaced if SSSD is configured (default):
@@ -94,3 +105,6 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.SH "EXIT STATUS" .SH "EXIT STATUS"
0 if the installation was successful 0 if the installation was successful
--
2.5.0

17
debian/patches/fix-typo.patch vendored
View File

@@ -1,9 +1,17 @@
Description: Fix typo From 9d9dad56a74a35aee30669bc7477035e5c794b9f Mon Sep 17 00:00:00 2001
Author: Benjamin Drung <benjamin.drung@profitbricks.com> From: Benjamin Drung <benjamin.drung@profitbricks.com>
Date: Mon, 5 Oct 2015 15:44:04 +0300
Subject: [PATCH] default.conf.5: Fix a typo
---
ipa-client/man/default.conf.5 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5
index d5cef5b36f55c719287d636a18ebbb52079310ca..c7790c82346deb9f87cbf23c0fa583dc151aff1c 100644
--- a/ipa-client/man/default.conf.5 --- a/ipa-client/man/default.conf.5
+++ b/ipa-client/man/default.conf.5 +++ b/ipa-client/man/default.conf.5
@@ -140,7 +140,7 @@ @@ -140,7 +140,7 @@ Note: logger names are a dot ('.') separated list forming a path
in the logger tree. The dot character is also a regular in the logger tree. The dot character is also a regular
expression metacharacter (matches any character) therefore you expression metacharacter (matches any character) therefore you
will usually need to escape the dot in the logger names by will usually need to escape the dot in the logger names by
@@ -12,3 +20,6 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.TP .TP
.B mode <mode> .B mode <mode>
Specifies the mode the server is running in. The currently support values are \fBproduction\fR and \fBdevelopment\fR. When running in production mode some self\-tests are skipped to improve performance. Specifies the mode the server is running in. The currently support values are \fBproduction\fR and \fBdevelopment\fR. When running in production mode some self\-tests are skipped to improve performance.
--
2.5.0

125
debian/patches/freeipa-tjaalton-0006-2-ipaplatform-Add-HTTPD_USER-to-constants-and-use-it.patch vendored Normal file
View File

@@ -0,0 +1,125 @@
commit 8fd0109b13eb87db2cfd22fe412e3adc4c0db9c3
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 16:02:37 2015 +0300
ipaplatform: Add HTTPD_USER to constants, and use it.
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -8,4 +8,5 @@ This base platform module exports platfo
class BaseConstantsNamespace(object):
+ HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -46,6 +46,7 @@ from ipalib import pkcs10, x509
from ipalib import errors
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
@@ -1107,7 +1108,7 @@ class CAInstance(DogtagInstance):
os.chmod(self.ra_agent_db + "/key3.db", 0640)
os.chmod(self.ra_agent_db + "/secmod.db", 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(constants.HTTPD_USER)
os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -42,6 +42,7 @@ from ipalib import pkcs10, x509, api
from ipalib.errors import CertificateOperationError
from ipalib.text import _
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
# Apache needs access to this database so we need to create it
@@ -518,8 +519,7 @@ class CertDB(object):
f.write(pwdfile.read())
f.close()
pwdfile.close()
- # TODO: replace explicit uid by a platform-specific one
- self.set_perms(self.pwd_conf, uid="apache")
+ self.set_perms(self.pwd_conf, uid=constants.HTTPD_USER)
def find_root_cert(self, nickname):
"""
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -39,6 +39,7 @@ import ipapython.errors
from ipaserver.install import sysupgrade
from ipalib import api
from ipalib import errors
+from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
from ipaplatform import services
@@ -51,6 +52,7 @@ SELINUX_BOOLEAN_SETTINGS = dict(
KDCPROXY_USER = 'kdcproxy'
+HTTPD_USER = constants.HTTPD_USER
def httpd_443_configured():
"""
@@ -186,14 +188,14 @@ class HTTPInstance(service.Service):
self.move_service(self.principal)
self.add_cert_to_service()
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(HTTPD_USER)
os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
def remove_httpd_ccache(self):
# Clean up existing ccache
# Make sure that empty env is passed to avoid passing KRB5CCNAME from
# current env
- ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+ ipautil.run(['kdestroy', '-A'], runas=HTTPD_USER, raiseonerr=False, env={})
def __configure_http(self):
target_fname = paths.HTTPD_IPA_CONF
@@ -322,7 +324,7 @@ class HTTPInstance(service.Service):
os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(HTTPD_USER)
os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -491,7 +493,7 @@ class HTTPInstance(service.Service):
pass
# Remove the ccache file for the HTTPD service
- ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas='apache',
+ ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas=HTTPD_USER,
raiseonerr=False)
# Remove the configuration files we create
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -24,6 +24,7 @@ import os.path
import pwd
import optparse
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython import admintool
from ipapython.dn import DN
@@ -151,7 +152,7 @@ class ServerCertInstall(admintool.AdminT
os.chmod(os.path.join(dirname, 'key3.db'), 0640)
os.chmod(os.path.join(dirname, 'secmod.db'), 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(constants.HTTPD_USER)
os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)

37
debian/patches/freeipa-tjaalton-0007-ipaplatform-Add-NAMED_USER-and-user-it.patch vendored Normal file
View File

@@ -0,0 +1,37 @@
From 77be9a8b67a49ca263e82dde5bf87d432ca64922 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen <tjaalton@debian.org>
Date: Tue, 6 Oct 2015 16:27:21 +0300
Subject: [PATCH 2/2] ipaplatform: Add NAMED_USER to constants
https://fedorahosted.org/freeipa/ticket/5343
---
ipaplatform/base/constants.py | 1 +
ipaserver/install/bindinstance.py | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -10,3 +10,4 @@ This base platform module exports platfo
class BaseConstantsNamespace(object):
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
+ NAMED_USER = "named"
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -36,6 +36,7 @@ from ipapython.dn import DN
import ipalib
from ipalib import api, errors
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
from ipalib.util import (validate_zonemgr_str, normalize_zonemgr,
@@ -555,7 +556,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
- reverse_zones, named_user="named", zonemgr=None,
+ reverse_zones, named_user=constants.NAMED_USER, zonemgr=None,
ca_configured=None, no_dnssec_validation=False):
self.named_user = named_user
self.fqdn = fqdn

17
debian/patches/freeipa-tjaalton-0008-2-httpinstance-Use-full-path-via-HTTPD_IPA_REWRITE_CONF.patch vendored Normal file
View File

@@ -0,0 +1,17 @@
commit 1d5f8d46ff718fc294d9e66e2fa72200b2be7795
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 16:43:09 2015 +0300
httpinstance: Use full path via HTTPD_IPA_REWRITE_CONF for Include.
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -248,7 +248,7 @@ class HTTPInstance(service.Service):
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
- if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
+ if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include {path}\n</VirtualHost>'.format(path=paths.HTTPD_IPA_REWRITE_CONF)) != 0:
print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
def configure_certmonger_renewal_guard(self):

33
debian/patches/freeipa-tjaalton-0009-2-ipaplatform-Add-SECURE_NFS_VAR-to-constants.patch vendored Normal file
View File

@@ -0,0 +1,33 @@
commit 4e9af2078fa4cdc69f97892b1055ac4a1558845c
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 16:35:24 2015 +0300
ipaplatform: Add SECURE_NFS_VAR to constants
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -38,6 +38,7 @@ from ipaclient import ipadiscovery
from ipaclient import ipachangeconf
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
+from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
@@ -307,7 +308,7 @@ def configure_nfs(fstore, statestore):
Configure secure NFS
"""
replacevars = {
- 'SECURE_NFS': 'yes',
+ constants.SECURE_NFS_VAR: 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_NFS, replacevars=replacevars)
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -11,3 +11,5 @@ class BaseConstantsNamespace(object):
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
NAMED_USER = "named"
+ # nfsd init variable used to enable kerberized NFS
+ SECURE_NFS_VAR = "SECURE_NFS"

62
debian/patches/freeipa-tjaalton-0010-2-ipaplatform-Add-NTPD_OPTS_VAR-and-NTPD_OPTS_QUOTE-to.patch vendored Normal file
View File

@@ -0,0 +1,62 @@
commit 69a26e0f5bd8286758579cff2264bfd9522a6e86
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 18:46:00 2015 +0300
ipaplatform: Add NTPD_OPTS_VAR and NTPD_OPTS_QUOTE to constants
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -11,5 +11,9 @@ class BaseConstantsNamespace(object):
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
NAMED_USER = "named"
+ # ntpd init variable used for daemon options
+ NTPD_OPTS_VAR = "OPTIONS"
+ # quote used for daemon options
+ NTPD_OPTS_QUOTE = "\""
# nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS"
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -21,9 +21,13 @@
import service
from ipapython import sysrestore
from ipapython import ipautil
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
+NTPD_OPTS_VAR = constants.NTPD_OPTS_VAR
+NTPD_OPTS_QUOTE = constants.NTPD_OPTS_QUOTE
+
class NTPInstance(service.Service):
def __init__(self, fstore=None):
service.Service.__init__(self, "ntpd", service_desc="NTP daemon")
@@ -106,9 +110,9 @@ class NTPInstance(service.Service):
fd.close()
for line in lines:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith(NTPD_OPTS_VAR):
continue
- sline = sline.replace('"', '')
+ sline = sline.replace(NTPD_OPTS_QUOTE, '')
for opt in needopts:
if sline.find(opt['val']) != -1:
opt['need'] = False
@@ -124,12 +128,12 @@ class NTPInstance(service.Service):
for line in lines:
if not done:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith(NTPD_OPTS_VAR):
fd.write(line)
continue
- sline = sline.replace('"', '')
+ sline = sline.replace(NTPD_OPTS_QUOTE, '')
(variable, opts) = sline.split('=', 1)
- fd.write('OPTIONS="%s %s"\n' % (opts, ' '.join(newopts)))
+ fd.write(NTPD_OPTS_VAR + '="%s %s"\n' % (opts, ' '.join(newopts)))
done = True
else:
fd.write(line)

11
debian/patches/port-ipa-client-automount.diff vendored
View File

@@ -1,11 +0,0 @@
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -307,7 +307,7 @@ def configure_nfs(fstore, statestore):
Configure secure NFS
"""
replacevars = {
- 'SECURE_NFS': 'yes',
+ 'NEED_GSSD': 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_NFS, replacevars=replacevars)

18
debian/patches/prefix.patch vendored
View File

@@ -21,7 +21,7 @@ use the debian layout when installing python modules
fi fi
client-dirs: client-dirs:
@@ -176,11 +176,11 @@ server: version-update @@ -177,11 +177,11 @@ server: version-update
server-install: server server-install: server
if [ "$(DESTDIR)" = "" ]; then \ if [ "$(DESTDIR)" = "" ]; then \
@@ -37,7 +37,7 @@ use the debian layout when installing python modules
fi fi
tests: version-update tests-man-autogen tests: version-update tests-man-autogen
@@ -191,7 +191,7 @@ tests-install: tests @@ -192,7 +192,7 @@ tests-install: tests
if [ "$(DESTDIR)" = "" ]; then \ if [ "$(DESTDIR)" = "" ]; then \
cd ipatests; $(PYTHON) setup.py install; \ cd ipatests; $(PYTHON) setup.py install; \
else \ else \
@@ -68,3 +68,17 @@ use the debian layout when installing python modules
fi fi
clean: clean:
--- a/ipapython/ipap11helper/Makefile
+++ b/ipapython/ipap11helper/Makefile
@@ -7,9 +7,9 @@ all:
install:
if [ "$(DESTDIR)" = "" ]; then \
- python2 setup.py install; \
+ python2 setup.py install --install-layout=deb; \
else \
- python2 setup.py install --root $(DESTDIR); \
+ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
clean:

2
debian/patches/revert-pykerberos-api-change.diff vendored
View File

@@ -1,7 +1,7 @@
Description: so we don't need to patch pykerberos Description: so we don't need to patch pykerberos
--- a/ipalib/util.py --- a/ipalib/util.py
+++ b/ipalib/util.py +++ b/ipalib/util.py
@@ -61,15 +61,12 @@ def json_serialize(obj): @@ -63,15 +63,12 @@ def json_serialize(obj):
def get_current_principal(): def get_current_principal():
try: try:

14
debian/patches/series vendored
View File

@@ -1,14 +1,20 @@
# upstreamed
freeipa-tjaalton-0006-2-ipaplatform-Add-HTTPD_USER-to-constants-and-use-it.patch
freeipa-tjaalton-0007-ipaplatform-Add-NAMED_USER-and-user-it.patch
freeipa-tjaalton-0008-2-httpinstance-Use-full-path-via-HTTPD_IPA_REWRITE_CONF.patch
freeipa-tjaalton-0009-2-ipaplatform-Add-SECURE_NFS_VAR-to-constants.patch
freeipa-tjaalton-0010-2-ipaplatform-Add-NTPD_OPTS_VAR-and-NTPD_OPTS_QUOTE-to.patch
fix-hyphen-used-as-minus-sign.patch
fix-manpage-has-errors-from-man.patch
fix-typo.patch
# not upstreamable # not upstreamable
work-around-apache-fail.diff work-around-apache-fail.diff
prefix.patch prefix.patch
no-test-lang.diff no-test-lang.diff
port-ipa-client-automount.diff
# send upstream # send upstream
add-debian-platform.diff add-debian-platform.diff
fix-hyphen-used-as-minus-sign.patch
fix-manpage-has-errors-from-man.patch
fix-typo.patch
fix-ipa-conf.diff fix-ipa-conf.diff
revert-pykerberos-api-change.diff revert-pykerberos-api-change.diff

6
debian/patches/work-around-apache-fail.diff vendored
View File

@@ -1,7 +1,7 @@
Description: service apache2 restart fails on sid, so don't do that Description: service apache2 restart fails on sid, so don't do that
--- a/ipaserver/install/httpinstance.py --- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py
@@ -147,7 +147,8 @@ class HTTPInstance(service.Service): @@ -164,7 +164,8 @@ class HTTPInstance(service.Service):
def __start(self): def __start(self):
self.backup_state("running", self.is_running()) self.backup_state("running", self.is_running())
@@ -25,7 +25,7 @@ Description: service apache2 restart fails on sid, so don't do that
--- a/ipaserver/install/server/install.py --- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py
@@ -857,7 +857,8 @@ def install(installer): @@ -860,7 +860,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration # Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server") service.print_msg("Restarting the web server")
@@ -37,7 +37,7 @@ Description: service apache2 restart fails on sid, so don't do that
kra.install(api, None, options) kra.install(api, None, options)
--- a/ipaserver/install/server/replicainstall.py --- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py
@@ -609,7 +609,8 @@ def install(installer): @@ -621,7 +621,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration # Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server") service.print_msg("Restarting the web server")