Make certmonger a (pre) requires on server, restart it before upgrading

certmonger may provide new CAs, as in the case from upgrading IPA 2.2
to 3.x. We need these new CAs available during the upgrade process.

The certmonger package does its own condrestart as part of %postun
which runs after the %post script of freeipa-server, so we need to
restart it ourselves before upgrading.

https://fedorahosted.org/freeipa/ticket/3378

freeipa.spec.in

@@ -127,6 +127,7 @@ Requires: keyutils
 Requires: zip
 Requires: policycoreutils >= %{POLICYCOREUTILSVER}
 Requires: tar
+Requires(pre): certmonger >= 0.65
 
 # We have a soft-requires on bind. It is an optional part of
 # IPA but if it is configured we need a way to require versions
@@ -214,7 +215,7 @@ Requires: wget
 Requires: libcurl >= 7.21.7-2
 Requires: xmlrpc-c >= 1.27.4
 Requires: sssd >= 1.8.0
-Requires: certmonger >= 0.60
+Requires: certmonger >= 0.65
 Requires: nss-tools
 Requires: bind-utils
 Requires: oddjob-mkhomedir
@@ -430,6 +431,7 @@ rm -rf %{buildroot}
     /bin/systemctl --system daemon-reload 2>&1 || :
 # END
 if [ $1 -gt 1 ] ; then
+    /bin/systemctl condrestart certmonger.service 2>&1 || :
     /usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
 fi
 
@@ -767,6 +769,10 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Thu Jan 24 2013 Rob Crittenden <rcritten@redhat.com> - 3.0.99-12
+- Add certmonger condrestart to server post scriptlet
+- Make certmonger a (pre) Requires on the server subpackage
+
 * Fri Jan 22 2013 Petr Vobornik <pvoborni@redhat.com> - 3.0.99-11
 - dependency fix
 - Add BuildRequires: java-1.7.0-openjdk.