IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Get merged tree into an installalble state.

Browse Source 
I have only tested the all, rpms and *clean targets directly.
install may work but the rpm moves a lot of things around for us.

The Apache configuration file isn't in its final state but it works
with the new mod_python configuration.
This commit is contained in:
Rob Crittenden 2009-02-02 13:50:53 -05:00
parent 3274577cd6
commit 2d7e0de5ea
21 changed files with 1392 additions and 230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
Makefile
View File

@ -1,6 +1,6 @@
include VERSION
SUBDIRS=ipa-server ipa-admintools ipa-python ipa-client ipa-radius-server ipa-radius-admintools
SUBDIRS=daemons install ipa-python ipa-client ipa-radius-server ipa-radius-admintools
PRJ_PREFIX=ipa
@ -29,47 +29,31 @@ endif # rc
endif # pre
endif # ipa_version
SERV_TARBALL_PREFIX=$(PRJ_PREFIX)-server-$(IPA_VERSION)
SERV_TARBALL=$(SERV_TARBALL_PREFIX).tgz
ADMIN_TARBALL_PREFIX=$(PRJ_PREFIX)-admintools-$(IPA_VERSION)
ADMIN_TARBALL=$(ADMIN_TARBALL_PREFIX).tgz
PYTHON_TARBALL_PREFIX=$(PRJ_PREFIX)-python-$(IPA_VERSION)
PYTHON_TARBALL=$(PYTHON_TARBALL_PREFIX).tgz
CLI_TARBALL_PREFIX=$(PRJ_PREFIX)-client-$(IPA_VERSION)
CLI_TARBALL=$(CLI_TARBALL_PREFIX).tgz
RADIUS_SERVER_TARBALL_PREFIX=$(PRJ_PREFIX)-radius-server-$(IPA_VERSION)
RADIUS_SERVER_TARBALL=$(RADIUS_SERVER_TARBALL_PREFIX).tgz
RADIUS_ADMINTOOLS_TARBALL_PREFIX=$(PRJ_PREFIX)-radius-admintools-$(IPA_VERSION)
RADIUS_ADMINTOOLS_TARBALL=$(RADIUS_ADMINTOOLS_TARBALL_PREFIX).tgz
SERV_SELINUX_TARBALL_PREFIX=$(PRJ_PREFIX)-server-selinux-$(IPA_VERSION)
SERV_SELINUX_TARBALL=$(SERV_SELINUX_TARBALL_PREFIX).tgz
TARBALL_PREFIX=freeipa-$(IPA_VERSION)
TARBALL=$(TARBALL_PREFIX).tar.gz
IPA_RPM_RELEASE=$(shell cat RELEASE)
LIBDIR ?= /usr/lib
all: bootstrap-autogen
all: bootstrap-autogen server
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
bootstrap-autogen: version-update
@echo "Building IPA $(IPA_VERSION)"
cd ipa-server; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi
cd daemons; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi
cd install; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi
cd ipa-client; if [ ! -e Makefile ]; then ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi
autogen: version-update
@echo "Building IPA $(IPA_VERSION)"
cd ipa-server; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR)
cd daemons; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi
cd install; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); fi
cd ipa-client; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR)
install: all
install: all server-install
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
@ -84,32 +68,9 @@ release-update:
version-update: release-update
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-server/ipa-server.spec.in > ipa-server/ipa-server.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-server/version.m4.in \
> ipa-server/version.m4
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-admintools/ipa-admintools.spec.in > ipa-admintools/ipa-admintools.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-python/ipa-python.spec.in > ipa-python/ipa-python.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-client/ipa-client.spec.in > ipa-client/ipa-client.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-client/version.m4.in \
> ipa-client/version.m4
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-radius-server/ipa-radius-server.spec.in \
> ipa-radius-server/ipa-radius-server.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-radius-admintools/ipa-radius-admintools.spec.in \
> ipa-radius-admintools/ipa-radius-admintools.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-server/selinux/ipa-server-selinux.spec.in \
> ipa-server/selinux/ipa-server-selinux.spec
ipa.spec.in > ipa.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ version.m4.in \
> version.m4
sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-python/setup.py.in \
> ipa-python/setup.py
@ -117,63 +78,40 @@ version-update: release-update
> ipa-python/version.py
perl -pi -e "s:__NUM_VERSION__:$(IPA_VERSION_MAJOR)$(IPA_VERSION_MINOR)$(IPA_VERSION_RELEASE):" ipa-python/version.py
sed -e s/__VERSION__/$(IPA_VERSION)/ -e s/__RELEASE__/$(IPA_RPM_RELEASE)/ \
ipa-client/ipa-client.spec.in > ipa-client/ipa-client.spec
sed -e s/__VERSION__/$(IPA_VERSION)/ ipa-client/version.m4.in \
> ipa-client/version.m4
server:
python setup.py build
server-install: server
if [ "$(DESTDIR)" = "" ]; then \
python setup.py install; \
else \
python setup.py install --root $(DESTDIR); \
fi
archive:
-mkdir -p dist
git archive --format=tar --prefix=ipa/ $(TARGET) | (cd dist && tar xf -)
local-archive:
-mkdir -p dist/ipa
@for subdir in $(SUBDIRS); do \
cp -pr $$subdir dist/ipa/.; \
done
-mkdir -p dist/$(TARBALL_PREFIX)
rsync -a --exclude=dist --exclude=.git --exclude=build --exclude=rpmbuild . dist/$(TARBALL_PREFIX)
archive-cleanup:
rm -fr dist/ipa
rm -fr dist/freeipa
tarballs:
tarballs: local-archive
-mkdir -p dist/sources
# ipa-server
mv dist/ipa/ipa-server dist/$(SERV_TARBALL_PREFIX)
rm -f dist/sources/$(SERV_TARBALL)
cd dist/$(SERV_TARBALL_PREFIX); ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean
cd dist; tar cfz sources/$(SERV_TARBALL) $(SERV_TARBALL_PREFIX)
rm -fr dist/$(SERV_TARBALL_PREFIX)
# ipa-admintools
mv dist/ipa/ipa-admintools dist/$(ADMIN_TARBALL_PREFIX)
rm -f dist/sources/$(ADMIN_TARBALL)
cd dist; tar cfz sources/$(ADMIN_TARBALL) $(ADMIN_TARBALL_PREFIX)
rm -fr dist/$(ADMIN_TARBALL_PREFIX)
# ipa-python
mv dist/ipa/ipa-python dist/$(PYTHON_TARBALL_PREFIX)
rm -f dist/sources/$(PYTHON_TARBALL)
cd dist; tar cfz sources/$(PYTHON_TARBALL) $(PYTHON_TARBALL_PREFIX)
rm -fr dist/$(PYTHON_TARBALL_PREFIX)
# ipa-client
mv dist/ipa/ipa-client dist/$(CLI_TARBALL_PREFIX)
rm -f dist/sources/$(CLI_TARBALL)
cd dist/$(CLI_TARBALL_PREFIX); ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean
cd dist; tar cfz sources/$(CLI_TARBALL) $(CLI_TARBALL_PREFIX)
rm -fr dist/$(CLI_TARBALL_PREFIX)
# ipa-radius-server
mv dist/ipa/ipa-radius-server dist/$(RADIUS_SERVER_TARBALL_PREFIX)
rm -f dist/sources/$(RADIUS_SERVER_TARBALL)
cd dist; tar cfz sources/$(RADIUS_SERVER_TARBALL) $(RADIUS_SERVER_TARBALL_PREFIX)
rm -fr dist/$(RADIUS_SERVER_TARBALL_PREFIX)
# ipa-radius-admintools
mv dist/ipa/ipa-radius-admintools dist/$(RADIUS_ADMINTOOLS_TARBALL_PREFIX)
rm -f dist/sources/$(RADIUS_ADMINTOOLS_TARBALL)
cd dist; tar cfz sources/$(RADIUS_ADMINTOOLS_TARBALL) $(RADIUS_ADMINTOOLS_TARBALL_PREFIX)
rm -fr dist/$(RADIUS_ADMINTOOLS_TARBALL_PREFIX)
# ipa-server/selinux
cp dist/sources/$(SERV_TARBALL) dist/sources/$(SERV_SELINUX_TARBALL)
# tar up clean sources
cd dist/$(TARBALL_PREFIX)/ipa-client; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean
cd dist/$(TARBALL_PREFIX)/daemons; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean
cd dist/$(TARBALL_PREFIX)/install; ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=$(LIBDIR); make distclean
cd dist; tar cfz sources/$(TARBALL) $(TARBALL_PREFIX)
rm -rf dist/$(TARBALL_PREFIX)
rpmroot:
mkdir -p $(RPMBUILD)/BUILD
@ -186,49 +124,11 @@ rpmdistdir:
mkdir -p dist/rpms
mkdir -p dist/srpms
rpm-ipa-server:
cp dist/sources/$(SERV_TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-server/ipa-server.spec
cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-server-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-server-$(IPA_VERSION)-*.src.rpm dist/srpms/
rpm-ipa-admin:
cp dist/sources/$(ADMIN_TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-admintools/ipa-admintools.spec
cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-admintools-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-admintools-$(IPA_VERSION)-*.src.rpm dist/srpms/
rpm-ipa-python:
cp dist/sources/$(PYTHON_TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-python/ipa-python.spec
cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-python-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-python-$(IPA_VERSION)-*.src.rpm dist/srpms/
rpm-ipa-client:
cp dist/sources/$(CLI_TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-client/ipa-client.spec
cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-client-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-client-$(IPA_VERSION)-*.src.rpm dist/srpms/
rpm-ipa-radius-server:
cp dist/sources/$(RADIUS_SERVER_TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-radius-server/ipa-radius-server.spec
cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-radius-server-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-radius-server-$(IPA_VERSION)-*.src.rpm dist/srpms/
rpm-ipa-radius-admintools:
cp dist/sources/$(RADIUS_ADMINTOOLS_TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-radius-admintools/ipa-radius-admintools.spec
cp rpmbuild/RPMS/noarch/$(PRJ_PREFIX)-radius-admintools-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-radius-admintools-$(IPA_VERSION)-*.src.rpm dist/srpms/
rpm-ipa-server-selinux:
cp dist/sources/$(SERV_SELINUX_TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa-server/selinux/ipa-server-selinux.spec
cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-server-selinux-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-server-selinux-$(IPA_VERSION)-*.src.rpm dist/srpms/
rpms: rpmroot rpmdistdir rpm-ipa-server rpm-ipa-admin rpm-ipa-python rpm-ipa-client rpm-ipa-radius-server rpm-ipa-radius-admintools rpm-ipa-server-selinux
rpms: rpmroot rpmdistdir version-update tarballs
cp dist/sources/$(TARBALL) $(RPMBUILD)/SOURCES/.
rpmbuild --define "_topdir $(RPMBUILD)" -ba ipa.spec
cp rpmbuild/RPMS/*/$(PRJ_PREFIX)-*-$(IPA_VERSION)-*.rpm dist/rpms/
cp rpmbuild/SRPMS/$(PRJ_PREFIX)-$(IPA_VERSION)-*.src.rpm dist/srpms/
repodata:
-createrepo -p dist
@ -248,14 +148,16 @@ distclean: version-update
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
rm -fr rpmbuild dist
rm -fr rpmbuild dist build
maintainer-clean: clean
rm -fr rpmbuild dist
cd ipa-server/selinux && $(MAKE) maintainer-clean
cd ipa-server && $(MAKE) maintainer-clean
rm -fr rpmbuild dist build
cd selinux && $(MAKE) maintainer-clean
cd daemons && $(MAKE) maintainer-clean
cd install && $(MAKE) maintainer-clean
cd ipa-client && $(MAKE) maintainer-clean
cd ipa-python && $(MAKE) maintainer-clean
cd ipa-admintools && $(MAKE) maintainer-clean
cd ipa-radius-admintools && $(MAKE) maintainer-clean
cd ipa-radius-server && $(MAKE) maintainer-clean
rm -f version.m4
rm -f ipa.spec

35
daemons/Makefile.am Normal file
View File

@ -0,0 +1,35 @@
# This file will be processed with automake-1.7 to create Makefile.in
#
AUTOMAKE_OPTIONS = 1.7
NULL =
SUBDIRS = \
ipa-kpasswd \
ipa-slapi-plugins \
$(NULL)
DISTCLEANFILES = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
intltool-*.in \
compile \
configure \
COPYING \
INSTALL \
install-sh \
missing \
mkinstalldirs \
config.guess \
ltmain.sh \
config.sub \
depcomp \
Makefile.in \
config.h.* \
aclocal.m4 \
version.m4 \
ipa-client.spec \
py-compile \
$(NULL)

6
autogen.sh → daemons/autogen.sh
View File

@ -179,6 +179,9 @@ do_cmd() {
$@
}
# I don't want autotools dictating what files I have
touch NEWS README AUTHORS ChangeLog
do_cmd $LIBTOOLIZE $LIBTOOLIZE_FLAGS
do_cmd $ACLOCAL $ACLOCAL_FLAGS
@ -189,6 +192,9 @@ do_cmd $AUTOMAKE $AUTOMAKE_FLAGS
do_cmd $AUTOCONF
# I don't want autotools dictating what files I have
touch NEWS README AUTHORS ChangeLog
cd $ORIGDIR || exit 1
rm -f config.cache

291
daemons/configure.ac Normal file
View File

@ -0,0 +1,291 @@
AC_PREREQ(2.59)
m4_include(../version.m4)
AC_INIT([ipa-server],
IPA_VERSION,
[https://hosted.fedoraproject.org/projects/freeipa/newticket])
#AC_CONFIG_SRCDIR([ipaserver/ipaldap.py])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE
AM_MAINTAINER_MODE
AC_PROG_CC
AC_STDC_HEADERS
AC_DISABLE_STATIC
AC_PROG_LIBTOOL
AC_HEADER_STDC
AC_SUBST(VERSION)
dnl ---------------------------------------------------------------------------
dnl - Check for NSPR
dnl ---------------------------------------------------------------------------
AC_CHECK_HEADER(nspr4/nspr.h)
if test "x$ac_cv_header_nspr4_nspr_h" = "xno" ; then
AC_MSG_ERROR([Required NSPR header not available (nspr-devel)])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for NSS
dnl ---------------------------------------------------------------------------
SAVE_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I/usr/include/nspr4"
AC_CHECK_HEADER(nss3/nss.h)
CPPFLAGS=$SAVE_CPPFLAGS
if test "x$ac_cv_header_nss3_nss_h" = "xno" ; then
AC_MSG_ERROR([Required NSS header not available (nss-devel)])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for DS slapi plugin
dnl ---------------------------------------------------------------------------
# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h
SAVE_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I/usr/include/nspr4"
AC_CHECK_HEADER(dirsrv/slapi-plugin.h)
CPPFLAGS=$SAVE_CPPFLAGS
if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then
AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)])
fi
dnl ---------------------------------------------------------------------------
dnl - Check for KRB5
dnl ---------------------------------------------------------------------------
KRB5_LIBS=
AC_CHECK_HEADER(krb5.h)
krb5_impl=mit
if test "x$ac_cv_header_krb5_h" = "xyes" ; then
dnl lazy check for Heimdal Kerberos
AC_CHECK_HEADERS(heim_err.h)
if test $ac_cv_header_heim_err_h = yes ; then
krb5_impl=heimdal
else
krb5_impl=mit
fi
if test "x$krb5_impl" = "xmit"; then
AC_CHECK_LIB(k5crypto, main,
[krb5crypto=k5crypto],
[krb5crypto=crypto])
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"],
[have_krb5=no],
[-l$krb5crypto -lcom_err])
elif test "x$krb5_impl" = "xheimdal"; then
AC_CHECK_LIB(des, main,
[krb5crypto=des],
[krb5crypto=crypto])
AC_CHECK_LIB(krb5, main,
[have_krb5=yes
KRB5_LIBS="-lkrb5 -l$krb5crypto -lasn1 -lroken -lcom_err"],
[have_krb5=no],
[-l$krb5crypto -lasn1 -lroken -lcom_err])
AC_DEFINE(HAVE_HEIMDAL_KERBEROS, 1,
[define if you have HEIMDAL Kerberos])
else
have_krb5=no
AC_MSG_WARN([Unrecognized Kerberos5 Implementation])
fi
if test "x$have_krb5" = "xyes" ; then
ol_link_krb5=yes
AC_DEFINE(HAVE_KRB5, 1,
[define if you have Kerberos V])
else
AC_MSG_ERROR([Required Kerberos 5 support not available])
fi
fi
AC_SUBST(KRB5_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for Mozilla LDAP or OpenLDAP SDK
dnl ---------------------------------------------------------------------------
AC_ARG_WITH(openldap, [ --with-openldap Use OpenLDAP])
dnl The mozldap libraries are always needed because ipa-slapi-plugins/dna/
dnl will not build against OpenLDAP.
SAVE_CPPFLAGS=$CPPFLAGS
CPPFLAGS="-I/usr/include/nspr4 -I/usr/include/nss3"
AC_CHECK_HEADER(svrcore.h)
if test "x$ac_cv_header_svrcore_h" = "xno" ; then
AC_MSG_ERROR([Required svrcore header not available (svrcore-devel)])
fi
CPPFLAGS=$SAVE_CPPFLAGS
AC_CHECK_HEADER(mozldap/ldap.h)
if test "x$ac_cv_header_mozldap_ldap_h" = "xno" ; then
AC_MSG_ERROR([Required MOZLDAP header not available (mozldap-devel)])
fi
PKG_CHECK_MODULES(MOZLDAP, mozldap > 6)
if test x$with_openldap = xyes; then
AC_CHECK_LIB(ldap, ldap_search, with_ldap=yes)
dnl Check for other libraries we need to link with to get the main routines.
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
dnl Recently, we need -lber even though the main routines are elsewhere,
dnl because otherwise be get link errors w.r.t. ber_pvt_opt_on. So just
dnl check for that (it's a variable not a fun but that doesn't seem to
dnl matter in these checks) and stick in -lber if so. Can't hurt (even to
dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
dnl #### understands LDAP needs to fix this properly.
test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
if test "$with_ldap" = "yes"; then
if test "$with_ldap_des" = "yes" ; then
LDAP_LIBS="${LDAP_LIBS} -ldes"
fi
if test "$with_ldap_krb" = "yes" ; then
LDAP_LIBS="${LDAP_LIBS} -lkrb"
fi
if test "$with_ldap_lber" = "yes" ; then
LDAP_LIBS="${LDAP_LIBS} -llber"
fi
LDAP_LIBS="${LDAP_LIBS} -lldap"
else
AC_MSG_ERROR([OpenLDAP not found])
fi
AC_SUBST(LDAP_LIBS)
LDAP_CFLAGS="${LDAP_CFLAGS} -DWITH_OPENLDAP"
AC_SUBST(LDAP_CFLAGS)
else
LDAP_LIBS="${MOZLDAP_LIBS}"
AC_SUBST(LDAP_LIBS)
LDAP_CFLAGS="${LDAP_CFLAGS} -DWITH_MOZLDAP"
AC_SUBST(LDAP_CFLAGS)
fi
dnl ---------------------------------------------------------------------------
dnl - Check for OpenSSL Crypto library
dnl ---------------------------------------------------------------------------
dnl This is a very simple check, we should probably check also for MD4_Init and
dnl probably also the version we are using is recent enough
SSL_LIBS=
AC_CHECK_LIB(crypto, DES_set_key_unchecked, [SSL_LIBS="-lcrypto"])
AC_SUBST(SSL_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Check for Python
dnl ---------------------------------------------------------------------------
AC_MSG_NOTICE([Checking for Python])
have_python=no
AM_PATH_PYTHON(2.3)
if test "x$PYTHON" = "x" ; then
AC_MSG_ERROR([Python not found])
fi
dnl ---------------------------------------------------------------------------
dnl - Set the data install directory since we don't use pkgdatadir
dnl ---------------------------------------------------------------------------
IPA_DATA_DIR="$datadir/ipa"
AC_SUBST(IPA_DATA_DIR)
dnl ---------------------------------------------------------------------------
dnl Finish
dnl ---------------------------------------------------------------------------
# Turn on the additional warnings last, so -Werror doesn't affect other tests.
AC_ARG_ENABLE(more-warnings,
[AC_HELP_STRING([--enable-more-warnings],
[Maximum compiler warnings])],
set_more_warnings="$enableval",[
if test -d $srcdir/../.hg; then
set_more_warnings=yes
else
set_more_warnings=no
fi
])
AC_MSG_CHECKING(for more warnings)
if test "$GCC" = "yes" -a "$set_more_warnings" != "no"; then
AC_MSG_RESULT(yes)
CFLAGS="\
-Wall \
-Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes \
-Wnested-externs -Wpointer-arith \
-Wcast-align -Wsign-compare \
$CFLAGS"
for option in -Wno-strict-aliasing -Wno-sign-compare; do
SAVE_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $option"
AC_MSG_CHECKING([whether gcc understands $option])
AC_TRY_COMPILE([], [],
has_option=yes,
has_option=no,)
if test $has_option = no; then
CFLAGS="$SAVE_CFLAGS"
fi
AC_MSG_RESULT($has_option)
unset has_option
unset SAVE_CFLAGS
done
unset option
else
AC_MSG_RESULT(no)
fi
# Flags
AC_SUBST(CFLAGS)
AC_SUBST(CPPFLAGS)
AC_SUBST(LDFLAGS)
# Files
AC_CONFIG_FILES([
Makefile
ipa-kpasswd/Makefile
ipa-slapi-plugins/Makefile
ipa-slapi-plugins/dna/Makefile
ipa-slapi-plugins/ipa-memberof/Makefile
ipa-slapi-plugins/ipa-pwd-extop/Makefile
ipa-slapi-plugins/ipa-winsync/Makefile
])
AC_OUTPUT
echo "
IPA Server $VERSION
========================
prefix: ${prefix}
exec_prefix: ${exec_prefix}
libdir: ${libdir}
bindir: ${bindir}
sbindir: ${sbindir}
sysconfdir: ${sysconfdir}
localstatedir: ${localstatedir}
datadir: ${datadir}
source code location: ${srcdir}
compiler: ${CC}
cflags: ${CFLAGS}
LDAP libs: ${LDAP_LIBS}
KRB5 libs: ${KRB5_LIBS}
OpenSSL libs: ${SSL_LIBS}
Maintainer mode: ${USE_MAINTAINER_MODE}
"

50
install/Makefile.am Normal file
View File

@ -0,0 +1,50 @@
# This file will be processed with automake-1.7 to create Makefile.in
#
AUTOMAKE_OPTIONS = 1.7
NULL =
SUBDIRS = \
conf \
html \
share \
tools \
updates \
$(NULL)
install-exec-local:
mkdir -p $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/sessions
chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/sessions
uninstall-local:
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
-rmdir $(DESTDIR)$(localstatedir)/lib/ipa
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa/sessions
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa
DISTCLEANFILES = \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
intltool-*.in \
compile \
configure \
COPYING \
INSTALL \
install-sh \
missing \
mkinstalldirs \
config.guess \
ltmain.sh \
config.sub \
depcomp \
Makefile.in \
config.h.* \
aclocal.m4 \
version.m4 \
ipa-client.spec \
py-compile \
$(NULL)

202
install/autogen.sh Executable file
View File

@ -0,0 +1,202 @@
#!/bin/sh
# Run this to generate all the initial makefiles, etc.
set -e
PACKAGE=freeipa-server
LIBTOOLIZE=${LIBTOOLIZE-libtoolize}
LIBTOOLIZE_FLAGS="--copy --force"
AUTOHEADER=${AUTOHEADER-autoheader}
AUTOMAKE_FLAGS="--add-missing --gnu"
AUTOCONF=${AUTOCONF-autoconf}
# automake 1.8 requires autoconf 2.58
# automake 1.7 requires autoconf 2.54
automake_min_vers=1.7
aclocal_min_vers=$automake_min_vers
autoconf_min_vers=2.54
libtoolize_min_vers=1.4
# The awk-based string->number conversion we use needs a C locale to work
# as expected. Setting LC_ALL overrides whether the user set LC_ALL,
# LC_NUMERIC, or LANG.
LC_ALL=C
ARGV0=$0
# Allow invocation from a separate build directory; in that case, we change
# to the source directory to run the auto*, then change back before running configure
srcdir=`dirname $ARGV0`
test -z "$srcdir" && srcdir=.
ORIGDIR=`pwd`
cd $srcdir
# Usage:
# compare_versions MIN_VERSION ACTUAL_VERSION
# returns true if ACTUAL_VERSION >= MIN_VERSION
compare_versions() {
ch_min_version=$1
ch_actual_version=$2
ch_status=0
IFS="${IFS= }"; ch_save_IFS="$IFS"; IFS="."
set $ch_actual_version
for ch_min in $ch_min_version; do
ch_cur=`echo $1 | sed 's/[^0-9].*$//'`; shift # remove letter suffixes
if [ -z "$ch_min" ]; then break; fi
if [ -z "$ch_cur" ]; then ch_status=1; break; fi
if [ $ch_cur -gt $ch_min ]; then break; fi
if [ $ch_cur -lt $ch_min ]; then ch_status=1; break; fi
done
IFS="$ch_save_IFS"
return $ch_status
}
if ($AUTOCONF --version) < /dev/null > /dev/null 2>&1 ; then
if ($AUTOCONF --version | head -n 1 | awk 'NR==1 { if( $(NF) >= '$autoconf_min_vers') \
exit 1; exit 0; }');
then
echo "$ARGV0: ERROR: \`$AUTOCONF' is too old."
$AUTOCONF --version
echo " (version $autoconf_min_vers or newer is required)"
DIE="yes"
fi
else
echo $AUTOCONF: command not found
echo
echo "$ARGV0: ERROR: You must have \`autoconf' installed to compile $PACKAGE."
echo " (version $autoconf_min_vers or newer is required)"
DIE="yes"
fi
#
# Hunt for an appropriate version of automake and aclocal; we can't
# assume that 'automake' is necessarily the most recent installed version
#
# We check automake first to allow it to be a newer version than we know about.
#
if test x"$AUTOMAKE" = x || test x"$ACLOCAL" = x ; then
am_ver=""
for ver in "" "-1.9" "-1.8" "-1.7" ; do
am="automake$ver"
if ($am --version) < /dev/null > /dev/null 2>&1 ; then
if ($am --version | head -n 1 | awk 'NR==1 { if( $(NF) >= '$automake_min_vers') \
exit 1; exit 0; }'); then : ; else
am_ver=$ver
break;
fi
fi
done
AUTOMAKE=${AUTOMAKE-automake$am_ver}
ACLOCAL=${ACLOCAL-aclocal$am_ver}
fi
#
# Now repeat the tests with the copies we decided upon and error out if they
# aren't sufficiently new.
#
if ($AUTOMAKE --version) < /dev/null > /dev/null 2>&1 ; then
automake_actual_version=`$AUTOMAKE --version | head -n 1 | \
sed 's/^.*[ ]\([0-9.]*[a-z]*\).*$/\1/'`
if ! compare_versions $automake_min_vers $automake_actual_version; then
echo "$ARGV0: ERROR: \`$AUTOMAKE' is too old."
$AUTOMAKE --version
echo " (version $automake_min_vers or newer is required)"
DIE="yes"
fi
if ($ACLOCAL --version) < /dev/null > /dev/null 2>&1; then
aclocal_actual_version=`$ACLOCAL --version | head -n 1 | \
sed 's/^.*[ ]\([0-9.]*[a-z]*\).*$/\1/'`
if ! compare_versions $aclocal_min_vers $aclocal_actual_version; then
echo "$ARGV0: ERROR: \`$ACLOCAL' is too old."
$ACLOCAL --version
echo " (version $aclocal_min_vers or newer is required)"
DIE="yes"
fi
else
echo $ACLOCAL: command not found
echo
echo "$ARGV0: ERROR: Missing \`$ACLOCAL'"
echo " The version of $AUTOMAKE installed doesn't appear recent enough."
DIE="yes"
fi
else
echo $AUTOMAKE: command not found
echo
echo "$ARGV0: ERROR: You must have \`automake' installed to compile $PACKAGE."
echo " (version $automake_min_vers or newer is required)"
DIE="yes"
fi
if ($LIBTOOLIZE --version) < /dev/null > /dev/null 2>&1 ; then
if ($LIBTOOLIZE --version | awk 'NR==1 { if( $4 >= '$libtoolize_min_vers') \
exit 1; exit 0; }');
then
echo "$ARGV0: ERROR: \`$LIBTOOLIZE' is too old."
echo " (version $libtoolize_min_vers or newer is required)"
DIE="yes"
fi
else
echo $LIBTOOLIZE: command not found
echo
echo "$ARGV0: ERROR: You must have \`libtoolize' installed to compile $PACKAGE."
echo " (version $libtoolize_min_vers or newer is required)"
DIE="yes"
fi
if test -z "$ACLOCAL_FLAGS"; then
acdir=`$ACLOCAL --print-ac-dir`
if [ ! -f $acdir/pkg.m4 ]; then
echo "$ARGV0: Error: Could not find pkg-config macros."
echo " (Looked in $acdir/pkg.m4)"
echo " If pkg.m4 is available in /another/directory, please set"
echo " ACLOCAL_FLAGS=\"-I /another/directory\""
echo " Otherwise, please install pkg-config."
echo ""
echo "pkg-config is available from:"
echo "http://www.freedesktop.org/software/pkgconfig/"
DIE=yes
fi
fi
if test "X$DIE" != X; then
exit 1
fi
if test -z "$*"; then
echo "$ARGV0: Note: \`./configure' will be run with no arguments."
echo " If you wish to pass any to it, please specify them on the"
echo " \`$0' command line."
echo
fi
do_cmd() {
echo "$ARGV0: running \`$@'"
$@
}
# I don't want autotools dictating what files I have
touch NEWS README AUTHORS ChangeLog
do_cmd $LIBTOOLIZE $LIBTOOLIZE_FLAGS
do_cmd $ACLOCAL $ACLOCAL_FLAGS
do_cmd $AUTOHEADER
do_cmd $AUTOMAKE $AUTOMAKE_FLAGS
do_cmd $AUTOCONF
# I don't want autotools dictating what files I have
touch NEWS README AUTHORS ChangeLog
cd $ORIGDIR || exit 1
rm -f config.cache
do_cmd $srcdir/configure --cache-file=config.cache --disable-static --enable-maintainer-mode --enable-gtk-doc ${1+"$@"} && echo "Now type \`make' to compile" || exit 1

15
install/conf/Makefile.am Normal file
View File

@ -0,0 +1,15 @@
NULL =
appdir = $(IPA_DATA_DIR)
app_DATA = \
ipa.conf \
ipa-rewrite.conf \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

15
install/conf/ipa.conf
View File

@ -4,6 +4,7 @@
# LoadModule auth_kerb_module modules/mod_auth_kerb.so
ProxyRequests Off
PythonImport ipaserver main_interpreter
# ipa-rewrite.conf is loaded separately
@ -34,16 +35,13 @@ AddType application/java-archive jar
ProxyPass /ipa/ui http://localhost:8080/ipa/ui
ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui
# Configure the XML-RPC service
Alias /ipa/xml "/usr/share/ipa/ipaserver/XMLRPC"
# This is where we redirect on failed auth
Alias /ipa/errors "/usr/share/ipa/html"
# For the MIT Windows config files
Alias /ipa/config "/usr/share/ipa/html"
<Directory "/usr/share/ipa/ipaserver">
<Location "/ipa/xml">
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
@ -55,16 +53,17 @@ Alias /ipa/config "/usr/share/ipa/html"
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html
SetHandler mod_python
PythonHandler ipaxmlrpc
SetHandler python-program
PythonInterpreter main_interpreter
PythonHandler ipaserver::xmlrpc
PythonDebug Off
PythonOption IPADebug Off
# this is pointless to use since it would just reload ipaxmlrpc.py
PythonAutoReload Off
</Directory>
</Location>
# Do no authentication on the directory that contains error messages
<Directory "/usr/share/ipa/html">

43
install/configure.ac Normal file
View File

@ -0,0 +1,43 @@
AC_PREREQ(2.59)
m4_include(../version.m4)
AC_INIT([ipa-server],
IPA_VERSION,
[https://hosted.fedoraproject.org/projects/freeipa/newticket])
#AC_CONFIG_SRCDIR([ipaserver/ipaldap.py])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE
AM_MAINTAINER_MODE
#AC_PROG_CC
#AC_STDC_HEADERS
#AC_DISABLE_STATIC
#AC_PROG_LIBTOOL
#AC_HEADER_STDC
AC_SUBST(VERSION)
dnl ---------------------------------------------------------------------------
dnl - Set the data install directory since we don't use pkgdatadir
dnl ---------------------------------------------------------------------------
IPA_DATA_DIR="$datadir/ipa"
IPA_SYSCONF_DIR="$sysconfdir/ipa"
AC_SUBST(IPA_DATA_DIR)
AC_SUBST(IPA_SYSCONF_DIR)
# Files
AC_CONFIG_FILES([
Makefile
conf/Makefile
html/Makefile
share/Makefile
tools/Makefile
tools/man/Makefile
updates/Makefile
])
AC_OUTPUT

15
install/html/Makefile.am Normal file
View File

@ -0,0 +1,15 @@
NULL =
appdir = $(IPA_SYSCONF_DIR)/html
app_DATA = \
ssbrowser.html \
unauthorized.html \
$(NULL)
EXTRA_DIST = \
$(app_DATA) \
$(NULL)
MAINTAINERCLEANFILES = \
*~ \
Makefile.in

11
install/tools/Makefile.am
View File

@ -1,9 +1,8 @@
NULL =
SUBDIRS = \
share \
updates \
$(NULL)
SUBDIRS = \
man \
$(NULL)
sbin_SCRIPTS = \
ipa-server-install \
@ -12,6 +11,10 @@ sbin_SCRIPTS = \
ipa-replica-manage \
ipa-server-certinstall \
ipactl \
ipa-compat-manage \
ipa-fix-CVE-2008-3274 \
ipa-ldap-updater \
ipa-upgradeconfig \
$(NULL)
EXTRA_DIST = \

51
install/tools/ipa-server-install Normal file → Executable file
View File

@ -37,15 +37,15 @@ import glob
import traceback
from optparse import OptionParser
import ipaserver.dsinstance
import ipaserver.krbinstance
import ipaserver.bindinstance
import ipaserver.httpinstance
import ipaserver.ntpinstance
from ipaserver.install import dsinstance
from ipaserver.install import krbinstance
from ipaserver.install import bindinstance
from ipaserver.install import httpinstance
from ipaserver.install import ntpinstance
from ipaserver import service
from ipaserver.install import service
from ipa import version
from ipaserver.installutils import *
from ipaserver.install.installutils import *
from ipa import sysrestore
from ipa.ipautil import *
@ -119,7 +119,7 @@ def signal_handler(signum, frame):
print "Removing configuration for %s instance" % ds.serverid
ds.stop()
if ds.serverid:
ipaserver.dsinstance.erase_ds_instance_data (ds.serverid)
dsinstance.erase_ds_instance_data (ds.serverid)
sys.exit(1)
def read_host_name(host_default,no_host_dns=False):
@ -269,7 +269,7 @@ def read_admin_password():
return admin_password
def check_dirsrv(unattended):
serverids = ipaserver.dsinstance.check_existing_installation()
serverids = dsinstance.check_existing_installation()
if serverids:
print ""
print "An existing Directory Server has been detected."
@ -285,9 +285,9 @@ def check_dirsrv(unattended):
pass
for serverid in serverids:
ipaserver.dsinstance.erase_ds_instance_data(serverid)
dsinstance.erase_ds_instance_data(serverid)
(ds_unsecure, ds_secure) = ipaserver.dsinstance.check_ports()
(ds_unsecure, ds_secure) = dsinstance.check_ports()
if not ds_unsecure or not ds_secure:
print "IPA requires ports 389 and 636 for the Directory Server."
print "These are currently in use:"
@ -305,12 +305,11 @@ def uninstall():
print "ipa-client-install returned: " + str(e)
pass
ipaserver.ntpinstance.NTPInstance(fstore).uninstall()
ipaserver.bindinstance.BindInstance(fstore).uninstall()
ipaserver.httpinstance.WebGuiInstance().uninstall()
ipaserver.httpinstance.HTTPInstance(fstore).uninstall()
ipaserver.krbinstance.KrbInstance(fstore).uninstall()
ipaserver.dsinstance.DsInstance().uninstall()
ntpinstance.NTPInstance(fstore).uninstall()
bindinstance.BindInstance(fstore).uninstall()
httpinstance.HTTPInstance(fstore).uninstall()
krbinstance.KrbInstance(fstore).uninstall()
dsinstance.DsInstance().uninstall()
fstore.restore_all_files()
return 0
@ -487,7 +486,7 @@ def main():
# Configure ntpd
if options.conf_ntp:
ntp = ipaserver.ntpinstance.NTPInstance(fstore)
ntp = ntpinstance.NTPInstance(fstore)
ntp.create_instance()
if options.dirsrv_pin:
@ -496,7 +495,7 @@ def main():
os.close(pw_fd)
# Create a directory server instance
ds = ipaserver.dsinstance.DsInstance()
ds = dsinstance.DsInstance()
if options.dirsrv_pkcs12:
pkcs12_info = (options.dirsrv_pkcs12, pw_name)
ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info)
@ -505,7 +504,7 @@ def main():
ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)
# Create a kerberos instance
krb = ipaserver.krbinstance.KrbInstance(fstore)
krb = krbinstance.KrbInstance(fstore)
krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)
# Create a HTTP instance
@ -515,7 +514,7 @@ def main():
os.write(pw_fd, options.http_pin)
os.close(pw_fd)
http = ipaserver.httpinstance.HTTPInstance(fstore)
http = httpinstance.HTTPInstance(fstore)
if options.http_pkcs12:
pkcs12_info = (options.http_pkcs12, pw_name)
http.create_instance(realm_name, host_name, domain_name, autoconfig=False, pkcs12_info=pkcs12_info)
@ -532,11 +531,7 @@ def main():
fd.write("domain=" + domain_name + "\n")
fd.close()
# Create a Web Gui instance
webgui = ipaserver.httpinstance.WebGuiInstance()
webgui.create_instance()
bind = ipaserver.bindinstance.BindInstance(fstore)
bind = bindinstance.BindInstance(fstore)
bind.setup(host_name, ip_address, realm_name, domain_name)
if options.setup_bind:
bind.create_instance()
@ -594,8 +589,8 @@ def main():
print ""
if not options.dirsrv_pkcs12:
print "Be sure to back up the CA certificate stored in " + ipaserver.dsinstance.config_dirname(ds.serverid) + "cacert.p12"
print "The password for this file is in " + ipaserver.dsinstance.config_dirname(ds.serverid) + "pwdfile.txt"
print "Be sure to back up the CA certificate stored in " + dsinstance.config_dirname(ds.serverid) + "cacert.p12"
print "The password for this file is in " + dsinstance.config_dirname(ds.serverid) + "pwdfile.txt"
else:
print "In order for Firefox autoconfiguration to work you will need to"
print "use a SSL signing certificate. See the IPA documentation for more details."

2
install/tools/man/Makefile.am
View File

@ -16,7 +16,7 @@ man1_MANS = \
man8_MANS = \
ipactl.8 \
ipa_kpasswd.8 \
ipa_webgui.8
$(NULL)
install-data-hook:
@for i in $(man1_MANS) ; do gzip -f $(DESTDIR)$(man1dir)/$$i ; done

37
install/tools/man/ipa_webgui.8
View File

@ -1,37 +0,0 @@
.\" A man page for ipa_webgui
.\" Copyright (C) 2008 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa_webgui" "8" "Mar 14 2008" "freeipa" ""
.SH "NAME"
ipa_webgui \- Start the IPA Web User Interface
.SH "SYNOPSIS"
ipa_webgui [\fIOPTION\fR]...
.SH "DESCRIPTION"
Used to start the TurboGears web user interface for IPA
.SH "OPTIONS"
.TP
\fB\-f\fR, \fB\-\-foreground\fR
Remain in the foreground instead of becoming a daemon.
.TP
\fB\-d\fR, \fB\-\-debug\fR
.TP
Increase the amount of logging and print it to stdout instead of logging to /var/log/ipa_error.log
.SH "EXIT STATUS"
1 if an error occurred

637
ipa.spec.in Normal file
View File

@ -0,0 +1,637 @@
%define httpd_conf /etc/httpd/conf.d
%define plugin_dir %{_libdir}/dirsrv/plugins
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
%define POLICYCOREUTILSVER 1.33.12-1
Name: ipa
Version: __VERSION__
Release: __RELEASE__%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
License: GPLv2
URL: http://www.freeipa.org/
Source0: freeipa-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: fedora-ds-base-devel >= 1.1.3
BuildRequires: mozldap-devel
BuildRequires: svrcore-devel
BuildRequires: nspr-devel
BuildRequires: openssl-devel
BuildRequires: openldap-devel
BuildRequires: e2fsprogs-devel
BuildRequires: krb5-devel
BuildRequires: nss-devel
BuildRequires: libcap-devel
BuildRequires: python-devel
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: popt-devel
BuildRequires: /usr/share/selinux/devel/Makefile
BuildRequires: m4
BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
BuildRequires: TurboGears
%description
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
%package server
Summary: The IPA authentication server
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires(post): %{name}-server-selinux = %{version}-%{release}
Requires: fedora-ds-base >= 1.1.3
Requires: openldap-clients
Requires: nss
Requires: nss-tools
%{?fc8:Requires: krb5-server >= 1.6.2-11}
%if 0%{?fedora} >= 9
Requires: krb5-server
%endif
Requires: krb5-server-ldap
Requires: cyrus-sasl-gssapi
Requires: ntp
Requires: httpd
Requires: mod_python
Requires: mod_auth_kerb
%{?fc8:Requires: mod_nss >= 1.0.7-2}
%{?fc9:Requires: mod_nss >= 1.0.7-5}
%{?fc10:Requires: mod_nss >= 1.0.7-4}
%if 0%{?fedora} >= 10
Requires: mod_nss
%endif
Requires: python-ldap
Requires: python-krbV
Requires: TurboGears
Requires: python-tgexpandingformwidget
Requires: acl
Requires: python-pyasn1
Requires: libcap
%{?fc8:Requires: selinux-policy >= 3.0.8-117}
%{?fc9:Requires: selinux-policy >= 3.3.1-99}
%{?fc10:Requires: selinux-policy >= 3.5.13-11}
%if 0%{?fedora} >= 10
Requires: selinux-policy
%endif
Requires(post): selinux-policy-base
Requires: slapi-nis
Conflicts: mod_ssl
%description server
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are installing an IPA server you need
to install this package (in other words, most people should NOT install
this package).
%package server-selinux
Summary: SELinux rules for ipa-server daemons
Group: System Environment/Base
Requires: %{name}-server = %{version}-%{release}
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage
%description server-selinux
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This package provides SELinux rules for the
daemons included in ipa-server
%package client
Summary: IPA authentication for use on clients
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: python-ldap
Requires: python-krbV
Requires: cyrus-sasl-gssapi
Requires: ntp
Requires: krb5-workstation
Requires: krb5-libs
Requires: authconfig
Requires: pam_krb5
Requires: nss_ldap
%description client
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If your network uses IPA for authentication,
this package should be installed on every client machine.
%package admintools
Summary: IPA administrative tools
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: python-krbV
Requires: python-ldap
Requires: python-configobj
%description admintools
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This package provides command-line tools for
IPA administrators.
%package python
Summary: Python libraries used by IPA
Group: System Environment/Libraries
%{?fc8:Requires: python-kerberos >= 1.0}
%if 0%{?fedora} >= 9
Requires: python-kerberos >= 1.1-3
%endif
Requires: authconfig
Requires: gnupg
%description python
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are using IPA you need to install this
package.
%package radius-server
Summary: IPA authentication server - radius plugin
Group: System Environment/Base
Requires: freeradius
Requires: freeradius-ldap
Requires: %{name}-python = %{version}-%{release}
%description radius-server
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This plugin enables radius support.
%package radius-admintools
Summary: IPA authentication server - radius administration tools
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires: python-krbV
%description radius-admintools
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This package provides command-line tools for
administering radius authentication settings in IPA.
%prep
%setup -n freeipa-%{version} -q
%build
export CFLAGS="$CFLAGS %{optflags}"
export CPPFLAGS="$CPPFLAGS %{optflags}"
make version-update
cd ipa-client; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
cd daemons; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
cd install; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} version-update all
cd selinux
# This isn't multi-process make capable yet
make all
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
cd selinux
make install DESTDIR=%{buildroot}
# Remove .la files from libtool - we don't want to package
# these files
rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la
rm %{buildroot}/%{plugin_dir}/libipa-memberof-plugin.la
rm %{buildroot}/%{plugin_dir}/libipa-dna-plugin.la
rm %{buildroot}/%{plugin_dir}/libipa_winsync.la
# Some user-modifiable HTML files are provided. Move these to /etc
# and link back.
mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html
mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysrestore
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
#mv %{buildroot}/%{_usr}/share/ipa/html/ssbrowser.html %{buildroot}/%{_sysconfdir}/ipa/html
#mv %{buildroot}/%{_usr}/share/ipa/html/unauthorized.html %{buildroot}/%{_sysconfdir}/ipa/html
mkdir %{buildroot}%{_usr}/share/ipa/html/
ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
%{buildroot}%{_usr}/share/ipa/html/ssbrowser.html
ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
%{buildroot}%{_usr}/share/ipa/html/unauthorized.html
ln -s ../../../..%{python_sitelib}/ipaserver/mod_python_xmlrpc.py \
%{buildroot}%{_usr}/share/ipa/ipaserver/mod_python_xmlrpc.py
%clean
rm -rf %{buildroot}
%post server
if [ $1 = 1 ]; then
/sbin/chkconfig --add ipa_kpasswd
fi
if [ -e /usr/share/ipa/serial ]; then
mv /usr/share/ipa/serial /var/lib/ipa/ca_serialno
fi
/bin/touch /var/log/ipa_error.log
/bin/chown apache /var/log/ipa_error.log
/bin/chmod 600 /var/log/ipa_error.log
restorecon /var/log/ipa_error.log
/usr/sbin/ipa-upgradeconfig || :
if [ -e /etc/httpd/conf.d/ipa.conf ]; then
echo ""
echo "Run /usr/sbin/ipa-ldap-updater to complete the upgrade process."
echo ""
fi
%preun server
if [ $1 = 0 ]; then
/sbin/chkconfig --del ipa_kpasswd
/sbin/service ipa_kpasswd stop >/dev/null 2>&1 || :
fi
%postun server
if [ "$1" -ge "1" ]; then
/sbin/service ipa_kpasswd condrestart >/dev/null 2>&1 || :
/sbin/service httpd condrestart >/dev/null 2>&1 || :
/sbin/service dirsrv condrestart >/dev/null 2>&1 || :
fi
%pre server-selinux
if [ -s /etc/selinux/config ]; then
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
fi
fi
%post server-selinux
semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp /usr/share/selinux/targeted/ipa_kpasswd.pp
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
selinuxenabled
if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
fixfiles -C ${FILE_CONTEXT}.%{name} restore
rm -f ${FILE_CONTEXT}.%name
fi
%preun server-selinux
if [ $1 = 0 ]; then
if [ -s /etc/selinux/config ]; then
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
fi
fi
fi
%postun server-selinux
if [ $1 = 0 ]; then
semodule -s targeted -r ipa_webgui ipa_kpasswd
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
selinuxenabled
if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
fixfiles -C ${FILE_CONTEXT}.%{name} restore
rm -f ${FILE_CONTEXT}.%name
fi
fi
%files server
%doc LICENSE README
%defattr(-,root,root,-)
%{_sbindir}/ipa-server-install
%{_sbindir}/ipa-replica-install
%{_sbindir}/ipa-replica-prepare
%{_sbindir}/ipa-replica-manage
%{_sbindir}/ipa-server-certinstall
%{_sbindir}/ipa_kpasswd
%{_sbindir}/ipactl
%{_sbindir}/ipa-upgradeconfig
%attr(755,root,root) %{_initrddir}/ipa_kpasswd
%{_bindir}/ipa
%{python_sitelib}/ipalib/*
%{python_sitelib}/ipaserver/*
%{python_sitelib}/ipawebui/*
%{python_sitelib}/*.egg-info
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/*.ldif
%{_usr}/share/ipa/*.uldif
%{_usr}/share/ipa/*.template
%dir %{_usr}/share/ipa/html
%{_usr}/share/ipa/html/ssbrowser.html
%{_usr}/share/ipa/html/unauthorized.html
%dir %{_sysconfdir}/ipa
%dir %{_sysconfdir}/ipa/html
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
%{_usr}/share/ipa/ipa.conf
%{_usr}/share/ipa/ipa-rewrite.conf
%dir %{_usr}/share/ipa/ipaserver
%{_usr}/share/ipa/ipaserver/*
%dir %{_usr}/share/ipa/updates/
%{_usr}/share/ipa/updates/*
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
%attr(755,root,root) %{plugin_dir}/libipa-memberof-plugin.so
%attr(755,root,root) %{plugin_dir}/libipa-dna-plugin.so
%attr(755,root,root) %{plugin_dir}/libipa_winsync.so
%dir %{_localstatedir}/lib/ipa
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
%dir %{_localstatedir}/cache/ipa
%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
%{_mandir}/man1/ipa-replica-install.1.gz
%{_mandir}/man1/ipa-replica-manage.1.gz
%{_mandir}/man1/ipa-replica-prepare.1.gz
%{_mandir}/man1/ipa-server-certinstall.1.gz
%{_mandir}/man1/ipa-server-install.1.gz
%{_mandir}/man8/ipa_kpasswd.8.gz
%{_mandir}/man8/ipactl.8.gz
%{_mandir}/man1/ipa-compat-manage.1.gz
%{_mandir}/man1/ipa-ldap-updater.1.gz
%files server-selinux
%{_usr}/share/selinux/targeted/ipa_webgui.pp
%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
%files client
%doc LICENSE README
%{_sbindir}/ipa-client-install
%{_sbindir}/ipa-getkeytab
%dir %{_usr}/share/ipa
%dir %{_usr}/share/ipa/ipaclient
%dir %{_localstatedir}/lib/ipa-client
%dir %{_localstatedir}/lib/ipa-client/sysrestore
%{_usr}/share/ipa/ipaclient/ipa.cfg
%{_usr}/share/ipa/ipaclient/ipa.js
%dir %{python_sitelib}/ipaclient
%{python_sitelib}/ipaclient/*.py*
%{_mandir}/man1/ipa-getkeytab.1.gz
%{_mandir}/man1/ipa-client-install.1.gz
%files admintools
%doc LICENSE README
%defattr(-,root,root,-)
#%{_sbindir}/ipa-adddelegation
#%{_sbindir}/ipa-addgroup
#%{_sbindir}/ipa-addservice
#%{_sbindir}/ipa-adduser
#%{_sbindir}/ipa-defaultoptions
#%{_sbindir}/ipa-deldelegation
#%{_sbindir}/ipa-delgroup
#%{_sbindir}/ipa-delservice
#%{_sbindir}/ipa-deluser
#%{_sbindir}/ipa-findgroup
#%{_sbindir}/ipa-findservice
#%{_sbindir}/ipa-finduser
#%{_sbindir}/ipa-listdelegation
#%{_sbindir}/ipa-lockuser
#%{_sbindir}/ipa-modgroup
#%{_sbindir}/ipa-moddelegation
#%{_sbindir}/ipa-passwd
#%{_sbindir}/ipa-moduser
#%{_sbindir}/ipa-pwpolicy
#%{_sbindir}/ipa-change-master-key
%{_sbindir}/ipa-fix-CVE-2008-3274
%{_sbindir}/ipa-ldap-updater
%{_sbindir}/ipa-compat-manage
#%{_mandir}/man1/ipa-adddelegation.1.gz
#%{_mandir}/man1/ipa-addgroup.1.gz
#%{_mandir}/man1/ipa-addservice.1.gz
#%{_mandir}/man1/ipa-adduser.1.gz
#%{_mandir}/man1/ipa-defaultoptions.1.gz
#%{_mandir}/man1/ipa-deldelegation.1.gz
#%{_mandir}/man1/ipa-delgroup.1.gz
#%{_mandir}/man1/ipa-delservice.1.gz
#%{_mandir}/man1/ipa-deluser.1.gz
#%{_mandir}/man1/ipa-findgroup.1.gz
#%{_mandir}/man1/ipa-findservice.1.gz
#%{_mandir}/man1/ipa-finduser.1.gz
#%{_mandir}/man1/ipa-modgroup.1.gz
#%{_mandir}/man1/ipa-listdelegation.1.gz
#%{_mandir}/man1/ipa-lockuser.1.gz
#%{_mandir}/man1/ipa-moddelegation.1.gz
#%{_mandir}/man1/ipa-passwd.1.gz
#%{_mandir}/man1/ipa-moduser.1.gz
#%{_mandir}/man1/ipa-pwpolicy.1.gz
#%{_mandir}/man1/ipa-ldap-updater.1.gz
#%{_mandir}/man1/ipa-compat-manage.1.gz
%files python
%doc LICENSE README
%defattr(-,root,root,-)
%dir %{python_sitelib}/ipa
%{python_sitelib}/ipa/*.py*
%if 0%{?fedora} >= 9
%{python_sitelib}/ipa-*.egg-info
%endif
%config(noreplace) %{_sysconfdir}/ipa/ipa.conf
%files radius-server
%doc LICENSE README
%{_sbindir}/ipa-radius-install
%{_usr}/share/ipa/ipaserver/plugins/*
%dir %{_usr}/share/ipa/plugins
%{_usr}/share/ipa/plugins/radius.radiusd.conf.template
%files radius-admintools
%doc LICENSE README
%{_sbindir}/ipa-addradiusclient
%{_sbindir}/ipa-addradiusprofile
%{_sbindir}/ipa-delradiusclient
%{_sbindir}/ipa-delradiusprofile
%{_sbindir}/ipa-findradiusclient
%{_sbindir}/ipa-findradiusprofile
%{_sbindir}/ipa-modradiusclient
%{_sbindir}/ipa-modradiusprofile
%changelog
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.1-3
- rebuild with new openssl
* Fri Dec 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.2.1-2
- Fix SELinux code
* Mon Dec 15 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-1
- Fix breakage caused by python-kerberos update to 1.1
* Fri Dec 5 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-0
- New upstream release 1.2.1
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.0-4
- Rebuild for Python 2.6
* Fri Nov 14 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-3
- Respin after the tarball has been re-released upstream
New hash is 506c9c92dcaf9f227cba5030e999f177
* Thu Nov 13 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-2
- Conditionally restart also dirsrv and httpd when upgrading
* Wed Oct 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.2.0-1
- Update to upstream version 1.2.0
- Set fedora-ds-base minimum version to 1.1.3 for winsync header
- Set the minimum version for SELinux policy
- Remove references to Fedora 7
* Wed Jul 23 2008 Simo Sorce <ssorce@redhat.com> - 1.1.0-3
- Fix for CVE-2008-3274
- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface
- Add fix for bug #453185
- Rebuild against openldap libraries, mozldap ones do not work properly
- TurboGears is currently broken in rawhide. Added patch to not build
the UI locales and removed them from the ipa-server files section.
* Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-2
- Add call to /usr/sbin/upgradeconfig to post install
* Wed Jun 11 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-1
- Update to upstream version 1.1.0
- Patch for indexing memberof attribute
- Patch for indexing uidnumber and gidnumber
- Patch to change DNA default values for replicas
- Patch to fix uninitialized variable in ipa-getkeytab
* Fri May 16 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-5
- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum
version to 1.0.7-4 so we pick up the NSS fixes.
- Add selinux-policy-base(post) to Requires (446496)
* Tue Apr 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-4
- Add missing entry for /var/cache/ipa/kpasswd (444624)
- Added patch to fix permissions problems with the Apache NSS database.
- Added patch to fix problem with DNS querying where the query could be
returned as the answer.
- Fix spec error where patch1 was in the wrong section
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3
- Added patch to fix problem reported by ldapmodify
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
- Fix Requires for krb5-server that was missing for Fedora versions > 9
- Remove quotes around test for fedora version to package egg-info
* Fri Apr 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
- Update to upstream version 1.0.0
* Tue Mar 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-12
- Pull upstream changelog 722
- Add Conflicts mod_ssl (435360)
* Thu Feb 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-11
- Pull upstream changelog 698
- Fix ownership of /var/log/ipa_error.log during install (435119)
- Add pwpolicy command and man page
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-10
- Pull upstream changelog 678
- Add new subpackage, ipa-server-selinux
- Add Requires: authconfig to ipa-python (bz #433747)
- Package i18n files
* Mon Feb 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-9
- Pull upstream changelog 641
- Require minimum version of krb5-server on F-7 and F-8
- Package some new files
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> 0.99-8
- Marked with wrong license. IPA is GPLv2.
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-7
- Ensure that /etc/ipa exists before moving user-modifiable html files there
- Put html files into /etc/ipa/html instead of /etc/ipa
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-6
- Pull upstream changelog 608 which renamed several files
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-5
- package the sessions dir /var/cache/ipa/sessions
- Pull upstream changelog 597
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-4
- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
UI to not start.
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-3
- Included LICENSE and README in all packages for documentation
- Move user-modifiable content to /etc/ipa and linked back to
/usr/share/ipa/html
- Changed some references to /usr to the {_usr} macro and /etc
to {_sysconfdir}
- Added popt-devel to BuildRequires for Fedora 8 and higher and
popt for Fedora 7
- Package the egg-info for Fedora 9 and higher for ipa-python
* Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> 0.99-2
- Added auto* BuildRequires
* Mon Jan 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-1
- Unified spec file
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
- Fixed License in specfile
- Include files from /usr/lib/python*/site-packages/ipaserver
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
- Version bump for release
* Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1
- Preverse mode on ipa-keytab-util
- Version bump for relase and rpm name change
* Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2
- Broke invididual Requires and BuildRequires onto separate lines and
reordered them
- Added python-tgexpandingformwidget as a dependency
- Require at least fedora-ds-base 1.1
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
- Version bump for release
* Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6
- Add dep for freeipa-admintools and acl
* Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5
- Add dependency for python-krbV
* Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4
- Require mod_nss-1.0.7-2 for mod_proxy fixes
* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3
- Convert to autotools-based build
* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
- Added support for libipa-dna-plugin
* Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1
- Added support for ipa_kpasswd and ipa_pwd_extop
* Mon Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
- Abstracted client class to work directly or over RPC
* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
- Remove references to admin server in ipa-server-setupssl
- Generate a client certificate for the XML-RPC server to connect to LDAP with
- Create a keytab for Apache
- Create an ldif with a test user
- Provide a certmap.conf for doing SSL client authentication
* Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1
- Initial rpm version

5
ipalib/plugins/b_xmlrpc.py
View File

@ -86,7 +86,10 @@ class KerbTransport(xmlrpclib.SafeTransport):
service = "HTTP@" + hostinfo[0]
try:
rc, vc = kerberos.authGSSClientInit(service);
rc, vc = kerberos.authGSSClientInit(service,
kerberos.GSS_C_DELEG_FLAG |
kerberos.GSS_C_MUTUAL_FLAG |
kerberos.GSS_C_SEQUENCE_FLAG)
except kerberos.GSSError, e:
raise kerberos.GSSError(e)

5
ipalib/rpc.py
View File

@ -187,7 +187,10 @@ class KerbTransport(SafeTransport):
service = "HTTP@" + host.split(':')[0]
try:
(rc, vc) = kerberos.authGSSClientInit(service)
(rc, vc) = kerberos.authGSSClientInit(service,
kerberos.GSS_C_DELEG_FLAG |
kerberos.GSS_C_MUTUAL_FLAG |
kerberos.GSS_C_SEQUENCE_FLAG)
except kerberos.GSSError, e:
raise e # FIXME: raise a PublicError

2
ipaserver/install/dsinstance.py
View File

@ -35,7 +35,7 @@ import service
import installutils
import certs
import ipaldap, ldap
from ipaserver import ldapupdate
from ipaserver.install import ldapupdate
SERVER_ROOT_64 = "/usr/lib64/dirsrv"
SERVER_ROOT_32 = "/usr/lib/dirsrv"

2
ipaserver/install/ldapupdate.py Executable file → Normal file
View File

@ -25,7 +25,7 @@
UPDATES_DIR="/usr/share/ipa/updates/"
import sys
from ipaserver import ipaldap, installutils
from ipaserver.install import ipaldap, installutils
from ipa import entity, ipaerror, ipautil
import ldap
import logging

1
ipaserver/mod_python_xmlrpc.py
View File

@ -46,7 +46,6 @@ try:
except ImportError:
pass
# Global list of available functions
gfunctions = {}

1
setup.py
View File

@ -36,6 +36,7 @@ setup(
'ipalib.plugins',
'ipaserver',
'ipaserver.plugins',
'ipaserver.install',
'ipawebui',
'ipawebui.templates',
],