IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

patches: Replace bits of platform.diff and other patches with ones sent upstream. Refresh others.

Browse Source
This commit is contained in:
Timo Aaltonen
2015-10-22 16:16:17 +03:00
parent cda09c3084
commit 1be19095a8
15 changed files with 402 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@@ -7,6 +7,8 @@ freeipa (4.2.2-1) UNRELEASED; urgency=medium
* control: Add python-cryptography to build-deps and python-freeipa
deps.
* control: Add libp11-kit-dev to build-deps, p11-kit to server deps.
* patches: Replace bits of platform.diff and other patches with ones
sent upstream. Refresh others.
-- Timo Aaltonen <tjaalton@debian.org> Sat, 03 Oct 2015 08:56:31 +0300

154
debian/patches/add-debian-platform.diff vendored
View File

@@ -372,7 +372,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
"ipaplatform.rhel"],
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -46,6 +46,8 @@ class NTPInstance(service.Service):
@@ -50,6 +50,8 @@ class NTPInstance(service.Service):
os = "fedora"
elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
os = "rhel"
@@ -381,34 +381,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
srv_vals = []
srv_vals.append("0.%s.pool.ntp.org" % os)
@@ -106,9 +108,9 @@ class NTPInstance(service.Service):
fd.close()
for line in lines:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
for opt in needopts:
if sline.find(opt['val']) != -1:
opt['need'] = False
@@ -124,12 +126,12 @@ class NTPInstance(service.Service):
for line in lines:
if not done:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
fd.write(line)
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
(variable, opts) = sline.split('=', 1)
- fd.write('OPTIONS="%s %s"\n' % (opts, ' '.join(newopts)))
+ fd.write('NTPD_OPTS="%s %s"\n' % (opts, ' '.join(newopts)))
done = True
else:
fd.write(line)
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -328,9 +328,9 @@ class LDAPUpdate:
@@ -425,55 +397,15 @@ Date: Fri Mar 1 12:21:00 2013 +0200
try:
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -140,6 +140,7 @@ class HTTPInstance(service.Service):
if not self.is_kdcproxy_configured():
@@ -159,6 +159,7 @@ class HTTPInstance(service.Service):
self.step("create KDC proxy user", create_kdcproxy_user)
self.step("create KDC proxy config", self.create_kdcproxy_conf)
self.step("enable KDC proxy", self.enable_kdcproxy)
+ ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True)
self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable)
@@ -170,14 +171,14 @@ class HTTPInstance(service.Service):
self.move_service(self.principal)
self.add_cert_to_service()
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
def remove_httpd_ccache(self):
# Clean up existing ccache
# Make sure that empty env is passed to avoid passing KRB5CCNAME from
# current env
- ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+ ipautil.run(['kdestroy', '-A'], runas='www-data', raiseonerr=False, env={})
def __configure_http(self):
target_fname = paths.HTTPD_IPA_CONF
@@ -226,11 +227,11 @@ class HTTPInstance(service.Service):
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
def __set_mod_nss_passwordfile(self):
- installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
+ installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:' + paths.HTTPD_PASSWORD_CONF)
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
- if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
+ if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf-available/ipa-rewrite.conf\n</VirtualHost>') != 0:
print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
def configure_certmonger_renewal_guard(self):
@@ -306,7 +307,7 @@ class HTTPInstance(service.Service):
os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -451,6 +452,8 @@ class HTTPInstance(service.Service):
@@ -470,6 +471,8 @@ class HTTPInstance(service.Service):
enabled = self.restore_state("enabled")
@@ -482,39 +414,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
self.stop_tracking_certificates()
helper = self.restore_state('certmonger_ipa_helper')
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -151,7 +151,7 @@ class ServerCertInstall(admintool.AdminT
os.chmod(os.path.join(dirname, 'key3.db'), 0640)
os.chmod(os.path.join(dirname, 'secmod.db'), 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1094,7 +1094,7 @@ class CAInstance(DogtagInstance):
os.chmod(self.ra_agent_db + "/key3.db", 0640)
os.chmod(self.ra_agent_db + "/secmod.db", 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -519,7 +519,7 @@ class CertDB(object):
f.close()
pwdfile.close()
# TODO: replace explicit uid by a platform-specific one
- self.set_perms(self.pwd_conf, uid="apache")
+ self.set_perms(self.pwd_conf, uid="www-data")
def find_root_cert(self, nickname):
"""
--- a/init/ipa_memcached.conf
+++ b/init/ipa_memcached.conf
@@ -1,5 +1,5 @@
@@ -524,26 +423,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
MAXCONN=1024
CACHESIZE=64
OPTIONS=
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -572,7 +572,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
- reverse_zones, named_user="named", zonemgr=None,
+ reverse_zones, named_user="bind", zonemgr=None,
ca_configured=None, no_dnssec_validation=False):
self.named_user = named_user
self.fqdn = fqdn
@@ -1013,7 +1013,7 @@ class BindInstance(service.Service):
def __generate_rndc_key(self):
installutils.check_entropy()
- ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+ ipautil.run(paths.GENERATE_RNDC_KEY)
def add_master_dns_records(self, fqdn, ip_addresses, realm_name, domain_name,
reverse_zones, ntp=False, ca_configured=None):
--- a/init/systemd/ipa_memcached.service
+++ b/init/systemd/ipa_memcached.service
@@ -4,7 +4,7 @@ After=network.target
@@ -568,3 +447,28 @@ Date: Fri Mar 1 12:21:00 2013 +0200
include "$RFC1912_ZONES";
include "$ROOT_KEY";
--- /dev/null
+++ b/ipaplatform/debian/constants.py
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+'''
+This Debian family platform module exports platform dependant constants.
+'''
+
+# Fallback to default path definitions
+from ipaplatform.base.constants import BaseConstantsNamespace
+
+
+class DebianConstantsNamespace(BaseConstantsNamespace):
+ HTTPD_USER = "www-data"
+ NAMED_USER = "bind"
+ # ntpd init variable used for daemon options
+ NTPD_OPTS_VAR = "NTPD_OPTS"
+ # quote used for daemon options
+ NTPD_OPTS_QUOTE = "\'"
+ SECURE_NFS_VAR = "NEED_GSSD"
+
+constants = DebianConstantsNamespace()

39
debian/patches/fix-hyphen-used-as-minus-sign.patch vendored
View File

@@ -1,11 +1,23 @@
Description: Fix hyphen-used-as-minus-sign warning (found by Lintian).
See https://lintian.debian.org/tags/hyphen-used-as-minus-sign.html for
an explanation.
Author: Benjamin Drung <benjamin.drung@profitbricks.com>
From 9fc6a372c37d5fa0c514de49d262d26130b6bb5c Mon Sep 17 00:00:00 2001
From: Benjamin Drung <benjamin.drung@profitbricks.com>
Date: Mon, 5 Oct 2015 15:41:30 +0300
Subject: [PATCH] Fix hyphen-used-as-minus-sign warning (found by lintian)
See https://lintian.debian.org/tags/hyphen-used-as-minus-sign.html for
an explanation.
---
install/tools/man/ipa-adtrust-install.1 | 2 +-
install/tools/man/ipa-replica-conncheck.1 | 6 +++---
install/tools/man/ipa-server-install.1 | 2 +-
ipatests/man/ipa-test-config.1 | 4 ++--
ipatests/man/ipa-test-task.1 | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1
index 2658f1957d1161963bf6af75e5a086a01b95c52f..06378b5983e55bb6c34971b0f5129246f9f14fd3 100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -117,7 +117,7 @@ The name of the user with administrative
@@ -117,7 +117,7 @@ The name of the user with administrative privileges for this IPA server. Default
\fB\-a\fR, \fB\-\-admin\-password\fR=\fIpassword\fR
The password of the user with administrative privileges for this IPA server. Will be asked interactively if \fB\-U\fR is not specified.
.TP
@@ -14,6 +26,8 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.TP
\fB\-\-enable\-compat\fR
Enables support for trusted domains users for old clients through Schema Compatibility plugin.
diff --git a/install/tools/man/ipa-replica-conncheck.1 b/install/tools/man/ipa-replica-conncheck.1
index 566322cf035bbb51d1ba8b14166a1b61375015da..e948d7919c772305ef2f0b5b7b50de2b908ff9e0 100644
--- a/install/tools/man/ipa-replica-conncheck.1
+++ b/install/tools/man/ipa-replica-conncheck.1
@@ -70,13 +70,13 @@ Output only errors
@@ -33,9 +47,11 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
Run a replica\-master connection check. In case of a success switch to listening mode, automatically log to \fImaster.example.com\fR in a realm \fIEXAMPLE.COM\fR with a password \fIpassword\fR and run the second part of the connection check.
.SH "EXIT STATUS"
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 2e0ff803c1b185d699f6f15dfb487e455404932e..d5d75cf6ec4ad051a690553bef0639f48a67dae1 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -46,7 +46,7 @@ Create home directories for users on the
@@ -46,7 +46,7 @@ Create home directories for users on their first login
The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures.
.TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
@@ -44,9 +60,11 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
This this option can be used multiple times to specify more IP addresses of the server (e.g. multihomed and/or dualstacked server).
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
diff --git a/ipatests/man/ipa-test-config.1 b/ipatests/man/ipa-test-config.1
index 320d1fe1fb22ee676da51b866870a39d7ccbbc06..e687fb194d83537b90ca73042718c5143a6d8378 100644
--- a/ipatests/man/ipa-test-config.1
+++ b/ipatests/man/ipa-test-config.1
@@ -22,7 +22,7 @@ ipa\-test\-config \- Generate FreeIPA te
@@ -22,7 +22,7 @@ ipa\-test\-config \- Generate FreeIPA test configuration for use in Bash scripts
.SH "SYNOPSIS"
ipa\-test\-config [options]
.br
@@ -55,7 +73,7 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.br
ipa\-test\-config [options] hostname
.SH "DESCRIPTION"
@@ -37,7 +37,7 @@ If run without arguments, it prints out
@@ -37,7 +37,7 @@ If run without arguments, it prints out configuration specific to the local
host.
Another host may be specified as an argument, or via the \-\-master,
\-\-replica, and \-\-client options.
@@ -64,6 +82,8 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
any host.
.SH "OPTIONS"
diff --git a/ipatests/man/ipa-test-task.1 b/ipatests/man/ipa-test-task.1
index 4b855b54f545f14c3d33d2de4451c830c749a1d7..70024385d390e13f6101f0e699474de70713c164 100644
--- a/ipatests/man/ipa-test-task.1
+++ b/ipatests/man/ipa-test-task.1
@@ -20,7 +20,7 @@
@@ -75,3 +95,6 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.br
ipa\-test\-task [global-options] TASK [task-options]
.SH "DESCRIPTION"
--
2.5.0

30
debian/patches/fix-manpage-has-errors-from-man.patch vendored
View File

@@ -1,13 +1,22 @@
Description: Fix manpage-has-errors-from-man warning (found by Lintian).
See https://lintian.debian.org/tags/manpage-has-errors-from-man.html for
an explanation. Issues found were
ipa-client-install.1.gz 208: warning [p 5, 4.0i]: cannot adjust line
default.conf.5.gz 50: warning: macro `np' not defined
Author: Benjamin Drung <benjamin.drung@profitbricks.com>
From 33751c9a644cc071222f00c44ec7baf0fe05ffc8 Mon Sep 17 00:00:00 2001
From: Benjamin Drung <benjamin.drung@profitbricks.com>
Date: Mon, 5 Oct 2015 15:43:06 +0300
Subject: [PATCH] Fix manpage-has-errors-from-man warning (found by Lintian)
See https://lintian.debian.org/tags/manpage-has-errors-from-man.html for
an explanation. Issues found were
ipa-client-install.1.gz 208: warning [p 5, 4.0i]: cannot adjust line
default.conf.5.gz 50: warning: macro `np' not defined
---
ipa-client/man/default.conf.5 | 4 +--
ipa-client/man/ipa-client-install.1 | 49 +++++++++++++++++++++++--------------
2 files changed, 33 insertions(+), 20 deletions(-)
diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5
index 75b9f86bcf4fe065c65f0a1b115976fc1cec13bd..d5cef5b36f55c719287d636a18ebbb52079310ca 100644
--- a/ipa-client/man/default.conf.5
+++ b/ipa-client/man/default.conf.5
@@ -47,14 +47,14 @@ Valid lines consist of an option name, a
@@ -47,14 +47,14 @@ Valid lines consist of an option name, an equals sign and a value. Spaces surrou
Values should not be quoted, the quotes will not be stripped.
@@ -24,9 +33,11 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
Options must appear in the section named [global]. There are no other sections defined or used currently.
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 0fafd8a3f2ee24b400b1cbeada4ddf7cea9493b0..cdcc56fee6ce82e0fe00048d52b13d27e8fe3450 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -216,36 +216,49 @@ Unattended uninstallation. The user will
@@ -222,36 +222,49 @@ Unattended uninstallation. The user will not be prompted.
.TP
Files that will be replaced if SSSD is configured (default):
@@ -94,3 +105,6 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.SH "EXIT STATUS"
0 if the installation was successful
--
2.5.0

17
debian/patches/fix-typo.patch vendored
View File

@@ -1,9 +1,17 @@
Description: Fix typo
Author: Benjamin Drung <benjamin.drung@profitbricks.com>
From 9d9dad56a74a35aee30669bc7477035e5c794b9f Mon Sep 17 00:00:00 2001
From: Benjamin Drung <benjamin.drung@profitbricks.com>
Date: Mon, 5 Oct 2015 15:44:04 +0300
Subject: [PATCH] default.conf.5: Fix a typo
---
ipa-client/man/default.conf.5 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5
index d5cef5b36f55c719287d636a18ebbb52079310ca..c7790c82346deb9f87cbf23c0fa583dc151aff1c 100644
--- a/ipa-client/man/default.conf.5
+++ b/ipa-client/man/default.conf.5
@@ -140,7 +140,7 @@
@@ -140,7 +140,7 @@ Note: logger names are a dot ('.') separated list forming a path
in the logger tree. The dot character is also a regular
expression metacharacter (matches any character) therefore you
will usually need to escape the dot in the logger names by
@@ -12,3 +20,6 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.TP
.B mode <mode>
Specifies the mode the server is running in. The currently support values are \fBproduction\fR and \fBdevelopment\fR. When running in production mode some self\-tests are skipped to improve performance.
--
2.5.0

125
debian/patches/freeipa-tjaalton-0006-2-ipaplatform-Add-HTTPD_USER-to-constants-and-use-it.patch vendored Normal file
View File

@@ -0,0 +1,125 @@
commit 8fd0109b13eb87db2cfd22fe412e3adc4c0db9c3
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 16:02:37 2015 +0300
ipaplatform: Add HTTPD_USER to constants, and use it.
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -8,4 +8,5 @@ This base platform module exports platfo
class BaseConstantsNamespace(object):
+ HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -46,6 +46,7 @@ from ipalib import pkcs10, x509
from ipalib import errors
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
@@ -1107,7 +1108,7 @@ class CAInstance(DogtagInstance):
os.chmod(self.ra_agent_db + "/key3.db", 0640)
os.chmod(self.ra_agent_db + "/secmod.db", 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(constants.HTTPD_USER)
os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -42,6 +42,7 @@ from ipalib import pkcs10, x509, api
from ipalib.errors import CertificateOperationError
from ipalib.text import _
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
# Apache needs access to this database so we need to create it
@@ -518,8 +519,7 @@ class CertDB(object):
f.write(pwdfile.read())
f.close()
pwdfile.close()
- # TODO: replace explicit uid by a platform-specific one
- self.set_perms(self.pwd_conf, uid="apache")
+ self.set_perms(self.pwd_conf, uid=constants.HTTPD_USER)
def find_root_cert(self, nickname):
"""
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -39,6 +39,7 @@ import ipapython.errors
from ipaserver.install import sysupgrade
from ipalib import api
from ipalib import errors
+from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
from ipaplatform import services
@@ -51,6 +52,7 @@ SELINUX_BOOLEAN_SETTINGS = dict(
KDCPROXY_USER = 'kdcproxy'
+HTTPD_USER = constants.HTTPD_USER
def httpd_443_configured():
"""
@@ -186,14 +188,14 @@ class HTTPInstance(service.Service):
self.move_service(self.principal)
self.add_cert_to_service()
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(HTTPD_USER)
os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
def remove_httpd_ccache(self):
# Clean up existing ccache
# Make sure that empty env is passed to avoid passing KRB5CCNAME from
# current env
- ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+ ipautil.run(['kdestroy', '-A'], runas=HTTPD_USER, raiseonerr=False, env={})
def __configure_http(self):
target_fname = paths.HTTPD_IPA_CONF
@@ -322,7 +324,7 @@ class HTTPInstance(service.Service):
os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(HTTPD_USER)
os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -491,7 +493,7 @@ class HTTPInstance(service.Service):
pass
# Remove the ccache file for the HTTPD service
- ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas='apache',
+ ipautil.run([paths.KDESTROY, '-c', paths.KRB5CC_HTTPD], runas=HTTPD_USER,
raiseonerr=False)
# Remove the configuration files we create
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -24,6 +24,7 @@ import os.path
import pwd
import optparse
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython import admintool
from ipapython.dn import DN
@@ -151,7 +152,7 @@ class ServerCertInstall(admintool.AdminT
os.chmod(os.path.join(dirname, 'key3.db'), 0640)
os.chmod(os.path.join(dirname, 'secmod.db'), 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(constants.HTTPD_USER)
os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)

37
debian/patches/freeipa-tjaalton-0007-ipaplatform-Add-NAMED_USER-and-user-it.patch vendored Normal file
View File

@@ -0,0 +1,37 @@
From 77be9a8b67a49ca263e82dde5bf87d432ca64922 Mon Sep 17 00:00:00 2001
From: Timo Aaltonen <tjaalton@debian.org>
Date: Tue, 6 Oct 2015 16:27:21 +0300
Subject: [PATCH 2/2] ipaplatform: Add NAMED_USER to constants
https://fedorahosted.org/freeipa/ticket/5343
---
ipaplatform/base/constants.py | 1 +
ipaserver/install/bindinstance.py | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -10,3 +10,4 @@ This base platform module exports platfo
class BaseConstantsNamespace(object):
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
+ NAMED_USER = "named"
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -36,6 +36,7 @@ from ipapython.dn import DN
import ipalib
from ipalib import api, errors
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
from ipalib.util import (validate_zonemgr_str, normalize_zonemgr,
@@ -555,7 +556,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
- reverse_zones, named_user="named", zonemgr=None,
+ reverse_zones, named_user=constants.NAMED_USER, zonemgr=None,
ca_configured=None, no_dnssec_validation=False):
self.named_user = named_user
self.fqdn = fqdn

17
debian/patches/freeipa-tjaalton-0008-2-httpinstance-Use-full-path-via-HTTPD_IPA_REWRITE_CONF.patch vendored Normal file
View File

@@ -0,0 +1,17 @@
commit 1d5f8d46ff718fc294d9e66e2fa72200b2be7795
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 16:43:09 2015 +0300
httpinstance: Use full path via HTTPD_IPA_REWRITE_CONF for Include.
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -248,7 +248,7 @@ class HTTPInstance(service.Service):
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
- if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
+ if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include {path}\n</VirtualHost>'.format(path=paths.HTTPD_IPA_REWRITE_CONF)) != 0:
print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
def configure_certmonger_renewal_guard(self):

33
debian/patches/freeipa-tjaalton-0009-2-ipaplatform-Add-SECURE_NFS_VAR-to-constants.patch vendored Normal file
View File

@@ -0,0 +1,33 @@
commit 4e9af2078fa4cdc69f97892b1055ac4a1558845c
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 16:35:24 2015 +0300
ipaplatform: Add SECURE_NFS_VAR to constants
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -38,6 +38,7 @@ from ipaclient import ipadiscovery
from ipaclient import ipachangeconf
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
+from ipaplatform.constants import constants
from ipaplatform.tasks import tasks
from ipaplatform import services
from ipaplatform.paths import paths
@@ -307,7 +308,7 @@ def configure_nfs(fstore, statestore):
Configure secure NFS
"""
replacevars = {
- 'SECURE_NFS': 'yes',
+ constants.SECURE_NFS_VAR: 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_NFS, replacevars=replacevars)
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -11,3 +11,5 @@ class BaseConstantsNamespace(object):
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
NAMED_USER = "named"
+ # nfsd init variable used to enable kerberized NFS
+ SECURE_NFS_VAR = "SECURE_NFS"

62
debian/patches/freeipa-tjaalton-0010-2-ipaplatform-Add-NTPD_OPTS_VAR-and-NTPD_OPTS_QUOTE-to.patch vendored Normal file
View File

@@ -0,0 +1,62 @@
commit 69a26e0f5bd8286758579cff2264bfd9522a6e86
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Oct 6 18:46:00 2015 +0300
ipaplatform: Add NTPD_OPTS_VAR and NTPD_OPTS_QUOTE to constants
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -11,5 +11,9 @@ class BaseConstantsNamespace(object):
HTTPD_USER = "apache"
IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
NAMED_USER = "named"
+ # ntpd init variable used for daemon options
+ NTPD_OPTS_VAR = "OPTIONS"
+ # quote used for daemon options
+ NTPD_OPTS_QUOTE = "\""
# nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS"
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -21,9 +21,13 @@
import service
from ipapython import sysrestore
from ipapython import ipautil
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipapython.ipa_log_manager import *
+NTPD_OPTS_VAR = constants.NTPD_OPTS_VAR
+NTPD_OPTS_QUOTE = constants.NTPD_OPTS_QUOTE
+
class NTPInstance(service.Service):
def __init__(self, fstore=None):
service.Service.__init__(self, "ntpd", service_desc="NTP daemon")
@@ -106,9 +110,9 @@ class NTPInstance(service.Service):
fd.close()
for line in lines:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith(NTPD_OPTS_VAR):
continue
- sline = sline.replace('"', '')
+ sline = sline.replace(NTPD_OPTS_QUOTE, '')
for opt in needopts:
if sline.find(opt['val']) != -1:
opt['need'] = False
@@ -124,12 +128,12 @@ class NTPInstance(service.Service):
for line in lines:
if not done:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith(NTPD_OPTS_VAR):
fd.write(line)
continue
- sline = sline.replace('"', '')
+ sline = sline.replace(NTPD_OPTS_QUOTE, '')
(variable, opts) = sline.split('=', 1)
- fd.write('OPTIONS="%s %s"\n' % (opts, ' '.join(newopts)))
+ fd.write(NTPD_OPTS_VAR + '="%s %s"\n' % (opts, ' '.join(newopts)))
done = True
else:
fd.write(line)

11
debian/patches/port-ipa-client-automount.diff vendored
View File

@@ -1,11 +0,0 @@
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -307,7 +307,7 @@ def configure_nfs(fstore, statestore):
Configure secure NFS
"""
replacevars = {
- 'SECURE_NFS': 'yes',
+ 'NEED_GSSD': 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
paths.SYSCONFIG_NFS, replacevars=replacevars)

18
debian/patches/prefix.patch vendored
View File

@@ -21,7 +21,7 @@ use the debian layout when installing python modules
fi
client-dirs:
@@ -176,11 +176,11 @@ server: version-update
@@ -177,11 +177,11 @@ server: version-update
server-install: server
if [ "$(DESTDIR)" = "" ]; then \
@@ -37,7 +37,7 @@ use the debian layout when installing python modules
fi
tests: version-update tests-man-autogen
@@ -191,7 +191,7 @@ tests-install: tests
@@ -192,7 +192,7 @@ tests-install: tests
if [ "$(DESTDIR)" = "" ]; then \
cd ipatests; $(PYTHON) setup.py install; \
else \
@@ -68,3 +68,17 @@ use the debian layout when installing python modules
fi
clean:
--- a/ipapython/ipap11helper/Makefile
+++ b/ipapython/ipap11helper/Makefile
@@ -7,9 +7,9 @@ all:
install:
if [ "$(DESTDIR)" = "" ]; then \
- python2 setup.py install; \
+ python2 setup.py install --install-layout=deb; \
else \
- python2 setup.py install --root $(DESTDIR); \
+ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
clean:

2
debian/patches/revert-pykerberos-api-change.diff vendored
View File

@@ -1,7 +1,7 @@
Description: so we don't need to patch pykerberos
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -61,15 +61,12 @@ def json_serialize(obj):
@@ -63,15 +63,12 @@ def json_serialize(obj):
def get_current_principal():
try:

14
debian/patches/series vendored
View File

@@ -1,14 +1,20 @@
# upstreamed
freeipa-tjaalton-0006-2-ipaplatform-Add-HTTPD_USER-to-constants-and-use-it.patch
freeipa-tjaalton-0007-ipaplatform-Add-NAMED_USER-and-user-it.patch
freeipa-tjaalton-0008-2-httpinstance-Use-full-path-via-HTTPD_IPA_REWRITE_CONF.patch
freeipa-tjaalton-0009-2-ipaplatform-Add-SECURE_NFS_VAR-to-constants.patch
freeipa-tjaalton-0010-2-ipaplatform-Add-NTPD_OPTS_VAR-and-NTPD_OPTS_QUOTE-to.patch
fix-hyphen-used-as-minus-sign.patch
fix-manpage-has-errors-from-man.patch
fix-typo.patch
# not upstreamable
work-around-apache-fail.diff
prefix.patch
no-test-lang.diff
port-ipa-client-automount.diff
# send upstream
add-debian-platform.diff
fix-hyphen-used-as-minus-sign.patch
fix-manpage-has-errors-from-man.patch
fix-typo.patch
fix-ipa-conf.diff
revert-pykerberos-api-change.diff

6
debian/patches/work-around-apache-fail.diff vendored
View File

@@ -1,7 +1,7 @@
Description: service apache2 restart fails on sid, so don't do that
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -147,7 +147,8 @@ class HTTPInstance(service.Service):
@@ -164,7 +164,8 @@ class HTTPInstance(service.Service):
def __start(self):
self.backup_state("running", self.is_running())
@@ -25,7 +25,7 @@ Description: service apache2 restart fails on sid, so don't do that
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -857,7 +857,8 @@ def install(installer):
@@ -860,7 +860,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
@@ -37,7 +37,7 @@ Description: service apache2 restart fails on sid, so don't do that
kra.install(api, None, options)
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -609,7 +609,8 @@ def install(installer):
@@ -621,7 +621,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")