diff --git a/debian/autoreconf b/debian/autoreconf new file mode 100644 index 000000000..722537cc3 --- /dev/null +++ b/debian/autoreconf @@ -0,0 +1,3 @@ +ipa-client +daemons +install diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..a526889fb --- /dev/null +++ b/debian/changelog @@ -0,0 +1,56 @@ +freeipa (3.3.4-1) UNRELEASED; urgency=low + + [ Michele Baldessari ] + * Initial release (Closes: #734703) + * New upstream + * Dropped 10_ipa_kpasswd patch, applied upstream + + [ Timo Aaltonen ] + * New upstream release. + * Remove radius subpackages. + * Migrate to source format 3.0 (quilt). + * Migrate to dh. + * Fix dependencies. + * Add no-testcert.patch to not fail make-testcert. + * Bump compat and debhelper build-depends to 9. + * Add missing files to freeipa.install. + * Add --fail-missing for dh_install. + * copyright: Updated, with OpenSSL exception. + * control: Add python-libipa-hbac to build-depends. + * control: Add ${shlibs:Depends} to python-freeipa depends. + * rules: Strip the executable bit from translation files. + * Use dh_python2. + * Add DEP-3 compliant headers to the patches. + * control: client; Move libpam-krb5 to Suggests. + * control: Update the maintainer address and repo location. + * control: Fix package descriptions. + * control: Add python-krbv, python-dnspython, keyutils to client depends. + * Add no-test-lang.diff, test_lang is gone. + * correct-python-path.diff: Fallback on the correct path if rpm query + fails. + * dont-search-platform-path.diff: Don't use Python.h from the + platform specific path. + * fix-install-layout.diff: Pass an option to setup-client.py to + install the python bits to the correct path. + * fix-ntpdate-opts.diff: Drop -U from nptdate opts, we don't have + that. + * Add support for Debian platform. + * port-ipa-client-automount.diff: Patch i-c-a so it works on Debian. + * rules: Don't run tests on server either, would never work during package + build. + + [ Nick Hatch ] + * Added three patches + - fix-symlink-exclusion.diff: Don't exclude symlinks when loading + plugins + - fix-ldap-conf-path.diff: Patch client installer to use correct LDAP + conf path. + - check-dbus-before-starting.diff: Check to see if dbus is running + before attempting to start it + + [ Timo Aaltonen ] + * use-new-nssdb.diff: Use sqlite-based nssdb's instead of old. + * control: Add python-dnspython and python-ldap to python-freeipa + Depends. + + -- Timo Aaltonen Tue, 01 Nov 2011 10:52:25 -0400 diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000..ec635144f --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..cf3b68f00 --- /dev/null +++ b/debian/control @@ -0,0 +1,187 @@ +Source: freeipa +Section: net +Priority: extra +Maintainer: Debian FreeIPA Team +Uploaders: Timo Aaltonen +Build-Depends: quilt, debhelper (>= 9), dh-autoreconf, +# client + gettext, + krb5-user, + libcurl4-nss-dev, + libkrb5-dev (>= 1.12), + libldap2-dev, + libnss3-dev, + libnspr4-dev, + libpopt-dev, + libsasl2-dev, + libssl-dev, + libtalloc-dev, + libxmlrpc-core-c3-dev, + python-all-dev, + python-dnspython, + python-kerberos, + python-krbv, + python-ldap, + python-libipa-hbac, + python-memcache, + python-netaddr, + python-nss, + python-openssl, + python-polib, + python-setuptools, + python-sss (>= 1.8.0), + python-support, +# server + 389-ds-base-dev (>= 1.1.3), + libkrad-dev, + libsss-idmap-dev, + libsss-nss-idmap-dev, + libsvrcore-dev, + libtevent-dev, + libunistring-dev, + libverto-dev, + rhino, + samba-dev, + selinux-policy-dev, + uuid-dev, +# tests + check, + libcmocka-dev, + python-lxml, + python-nose, +Standards-Version: 3.9.3 +Vcs-Git: git://git.debian.org/git/pkg-freeipa/freeipa.git +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-freeipa/freeipa.git +Homepage: http://www.freeipa.org + +Package: freeipa-server +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, + freeipa-client (= ${binary:Version}), + freeipa-admintools (= ${binary:Version}), + python-freeipa (= ${binary:Version}), + 389-ds-base, + acl, + apache2, + dogtag-pki-common-theme, + dogtag-pki-ca-theme, + krb5-kdc, + krb5-kdc-ldap, + krb5-pkinit, + ldap-utils, + libnss3-tools, + libsasl2-modules-gssapi-mit, + libapache2-mod-wsgi, + libapache2-mod-auth-kerb, + libapache2-mod-nss, + ntp, + pki-ca, + pki-setup, + pki-silent, + python-ldap, + python-krbv, + python-pyasn1, +Description: FreeIPA centralized identity framework -- server + FreeIPA is an integrated solution to provide centrally managed Identity + (machine, user, virtual machines, groups, authentication credentials), Policy + (configuration settings, access control information) and Audit (events, + logs, analysis thereof). + . + This is the server package. + +Package: freeipa-server-trust-ad +Architecture: any +Depends: ${misc:Depends}, ${python:Depends}, + freeipa-server (= ${binary:Version}), + python-libsss-nss-idmap, + python-m2crypto, + python-samba, + samba, + winbind, +Description: FreeIPA centralized identity framework -- AD trust installer + FreeIPA is an integrated solution to provide centrally managed Identity + (machine, user, virtual machines, groups, authentication credentials), Policy + (configuration settings, access control information) and Audit (events, + logs, analysis thereof). + . + Cross-realm trusts with Active Directory in IPA require working Samba 4 + installation. This package is provided for convenience to install all required + dependencies at once. + +Package: freeipa-client +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, + python-freeipa (= ${binary:Version}), + bind9utils, + certmonger, + krb5-user, + libcurl3 (>= 7.22.0), + libnss3-tools, + libsasl2-modules-gssapi-mit, + libxmlrpc-core-c3 (>= 1.16.33-3.1ubuntu5), + ntp, + python-dnspython, + python-ldap, + python-krbv, + sssd (>= 1.9.2), + wget, +Suggests: + libpam-krb5, +Description: FreeIPA centralized identity framework -- client + FreeIPA is an integrated solution to provide centrally managed Identity + (machine, user, virtual machines, groups, authentication credentials), Policy + (configuration settings, access control information) and Audit (events, + logs, analysis thereof). + . + This is the client package. + +Package: freeipa-admintools +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, + freeipa-client (= ${binary:Version}), + python-freeipa (= ${binary:Version}), + python-krbv, + python-ldap, +Description: FreeIPA centralized identity framework -- admintools + FreeIPA is an integrated solution to provide centrally managed Identity + (machine, user, virtual machines, groups, authentication credentials), Policy + (configuration settings, access control information) and Audit (events, + logs, analysis thereof). + . + This package contains some tools for administrators. + +Package: freeipa-tests +Architecture: any +Depends: ${misc:Depends}, ${python:Depends}, + tar, + xz, +Description: FreeIPA centralized identity framework -- tests + FreeIPA is an integrated solution to provide centrally managed Identity + (machine, user, virtual machines, groups, authentication credentials), Policy + (configuration settings, access control information) and Audit (events, + logs, analysis thereof). + . + This package contains tests that verify IPA functionality. + +Package: python-freeipa +Architecture: any +Section: python +Depends: ${shlibs:Depends}, ${python:Depends}, ${misc:Depends}, + gnupg, + iproute, + keyutils, + python-dnspython, + python-kerberos, + python-ldap, + python-libipa-hbac, + python-lxml, + python-netaddr, + python-nss, + python-openssl, +Description: FreeIPA centralized identity framework -- python modules + FreeIPA is an integrated solution to provide centrally managed Identity + (machine, user, virtual machines, groups, authentication credentials), Policy + (configuration settings, access control information) and Audit (events, + logs, analysis thereof). + . + This Python module is used by other FreeIPA packages. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..a09a02c40 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,51 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-name: freeipa +Source: http://freeipa.org/downloads/src/ + +Files: * +Copyright: 1999-2011 Red Hat, Inc. +License: GPL-3+ + +Files: daemons/ipa-slapi-plugins/*/*.c + daemons/ipa-slapi-plugins/*/*.h +Copyright: 2005-2010 Red Hat, Inc. +License: GPL-3+ with OpenSSL exception + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + Additional permission under GPLv3 section 7: + . + In the following paragraph, "GPL" means the GNU General Public + License, version 3 or any later version, and "Non-GPL Code" means + code that is governed neither by the GPL nor a license + compatible with the GPL. + . + You may link the code of this Program with Non-GPL Code and convey + linked combinations including the two, provided that such Non-GPL + Code only links to the code of this Program through those well + defined interfaces identified in the file named EXCEPTION found in + the source code files (the "Approved Interfaces"). The files of + Non-GPL Code may instantiate templates or use macros or inline + functions from the Approved Interfaces without causing the resulting + work to be covered by the GPL. Only the copyright holders of this + Program may make changes or additions to the list of Approved + Interfaces. + +Files: debian/* +Copyright: Michele Baldessari michele@pupazzo.org> + Timo Aaltonen +License: GPL-3+ + +License: GPL-3+ + On Debian machines the full text of the GNU General Public License + can be found in the file /usr/share/common-licenses/GPL-3. diff --git a/debian/freeipa-admintools.install b/debian/freeipa-admintools.install new file mode 100644 index 000000000..308103e09 --- /dev/null +++ b/debian/freeipa-admintools.install @@ -0,0 +1,3 @@ +etc/bash_completion.d/ipa +usr/bin/ipa +usr/share/man/man1/ipa.1 diff --git a/debian/freeipa-client.dirs b/debian/freeipa-client.dirs new file mode 100644 index 000000000..fb10645c4 --- /dev/null +++ b/debian/freeipa-client.dirs @@ -0,0 +1,2 @@ +etc/ipa +var/lib/ipa-client/sysrestore diff --git a/debian/freeipa-client.install b/debian/freeipa-client.install new file mode 100644 index 000000000..03aac67b4 --- /dev/null +++ b/debian/freeipa-client.install @@ -0,0 +1,14 @@ +usr/sbin/ipa-client-automount +usr/sbin/ipa-client-install +usr/sbin/ipa-getkeytab +usr/sbin/ipa-rmkeytab +usr/sbin/ipa-join +usr/share/ipa/ipaclient/ipa.cfg +usr/share/ipa/ipaclient/ipa.js +usr/lib/python*/dist-packages/ipaclient/*.py +usr/share/man/man1/ipa-client-automount.1.gz +usr/share/man/man1/ipa-client-install.1.gz +usr/share/man/man1/ipa-getkeytab.1.gz +usr/share/man/man1/ipa-rmkeytab.1.gz +usr/share/man/man1/ipa-join.1.gz +usr/share/man/man5/default.conf.5.gz diff --git a/debian/freeipa-server-trust-ad.install b/debian/freeipa-server-trust-ad.install new file mode 100644 index 000000000..83d517000 --- /dev/null +++ b/debian/freeipa-server-trust-ad.install @@ -0,0 +1,9 @@ +usr/sbin/ipa-adtrust-install +usr/lib/*/dirsrv/plugins/libipa_extdom_extop.so +usr/lib/*/dirsrv/plugins/libipa_sidgen.so +usr/lib/*/dirsrv/plugins/libipa_sidgen_task.so +usr/lib/*/samba/pdb/ipasam.so +usr/lib/python*/dist-packages/ipaserver/dcerpc +usr/lib/python*/dist-packages/ipaserver/install/adtrustinstance* +usr/share/ipa/smb.conf.empty +usr/share/man/man1/ipa-adtrust-install.1 diff --git a/debian/freeipa-server.docs b/debian/freeipa-server.docs new file mode 100644 index 000000000..e845566c0 --- /dev/null +++ b/debian/freeipa-server.docs @@ -0,0 +1 @@ +README diff --git a/debian/freeipa-server.install b/debian/freeipa-server.install new file mode 100644 index 000000000..811869406 --- /dev/null +++ b/debian/freeipa-server.install @@ -0,0 +1,70 @@ +etc/ipa/html/* +lib/systemd/system/ipa-otpd@.service +lib/systemd/system/ipa-otpd.socket +usr/lib/*/dirsrv/plugins/libipa_cldap.so +usr/lib/*/dirsrv/plugins/libipa_dns.so +usr/lib/*/dirsrv/plugins/libipa_enrollment_extop.so +usr/lib/*/dirsrv/plugins/libipa_lockout.so +usr/lib/*/dirsrv/plugins/libipa_modrdn.so +usr/lib/*/dirsrv/plugins/libipa_pwd_extop.so +usr/lib/*/dirsrv/plugins/libipa_range_check.so +usr/lib/*/dirsrv/plugins/libipa_repl_version.so +usr/lib/*/dirsrv/plugins/libipa_uuid.so +usr/lib/*/dirsrv/plugins/libipa_winsync.so +usr/lib/*/ipa/certmonger/* +usr/lib/*/ipa-otpd +usr/lib/*/krb5/plugins/kdb/*.so +usr/lib/python*/dist-packages/ipaserver/* + +usr/sbin/ipa-advise +usr/sbin/ipa-backup +usr/sbin/ipa-ca-install +usr/sbin/ipa-compat-manage +usr/sbin/ipa-csreplica-manage +usr/sbin/ipa-dns-install +usr/sbin/ipa-ldap-updater +usr/sbin/ipa-managed-entries +usr/sbin/ipa-nis-manage +usr/sbin/ipa-replica-conncheck +usr/sbin/ipa-replica-install +usr/sbin/ipa-replica-manage +usr/sbin/ipa-replica-prepare +usr/sbin/ipa-restore +usr/sbin/ipa-server-certinstall +usr/sbin/ipa-server-install +usr/sbin/ipa-upgradeconfig +usr/sbin/ipactl +usr/share/ipa/advise/legacy/*.template +usr/share/ipa/copy-schema-to-ca.py +usr/share/ipa/ca_renewal +usr/share/ipa/ffextension/* +usr/share/ipa/ipa.conf +usr/share/ipa/ipa-pki-proxy.conf +usr/share/ipa/ipa-rewrite.conf +usr/share/ipa/*.ldif +usr/share/ipa/migration/* +usr/share/ipa/*.template +usr/share/ipa/ui/* +usr/share/ipa/*.uldif +usr/share/ipa/updates/* +usr/share/ipa/wsgi.py +usr/share/ipa/wsgi/* +usr/share/man/man1/ipa-advise.1 +usr/share/man/man1/ipa-backup.1.gz +usr/share/man/man1/ipa-ca-install.1.gz +usr/share/man/man1/ipa-compat-manage.1.gz +usr/share/man/man1/ipa-csreplica-manage.1.gz +usr/share/man/man1/ipa-dns-install.1.gz +usr/share/man/man1/ipa-ldap-updater.1.gz +usr/share/man/man1/ipa-managed-entries.1.gz +usr/share/man/man1/ipa-nis-manage.1.gz +usr/share/man/man1/ipa-replica-conncheck.1.gz +usr/share/man/man1/ipa-replica-install.1.gz +usr/share/man/man1/ipa-replica-manage.1.gz +usr/share/man/man1/ipa-replica-prepare.1.gz +usr/share/man/man1/ipa-restore.1.gz +usr/share/man/man1/ipa-server-certinstall.1.gz +usr/share/man/man1/ipa-server-install.1.gz +usr/share/man/man8/ipactl.8.gz +usr/share/man/man8/ipa-upgradeconfig.8.gz +var/lib/ipa/sysrestore diff --git a/debian/freeipa-server.links b/debian/freeipa-server.links new file mode 100644 index 000000000..cb9939b60 --- /dev/null +++ b/debian/freeipa-server.links @@ -0,0 +1,3 @@ +/usr/share/javascript/prototype/prototype.js /usr/share/ipa/ipagui/static/javascript/prototype.js +/usr/share/javascript/scriptaculous/scriptaculous.js /usr/share/ipa/ipagui/static/javascript/scriptaculous.js +/usr/share/javascript/scriptaculous/effects.js /usr/share/ipa/ipagui/static/javascript/effects.js diff --git a/debian/freeipa-tests.install b/debian/freeipa-tests.install new file mode 100644 index 000000000..b3a3d6935 --- /dev/null +++ b/debian/freeipa-tests.install @@ -0,0 +1,7 @@ +usr/bin/ipa-run-tests +usr/bin/ipa-test-config +usr/bin/ipa-test-task +usr/lib/python*/ipatests/* +usr/share/man/man1/ipa-run-tests.1 +usr/share/man/man1/ipa-test-config.1 +usr/share/man/man1/ipa-test-task.1 diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff new file mode 100644 index 000000000..1fde55b43 --- /dev/null +++ b/debian/patches/add-debian-platform.diff @@ -0,0 +1,208 @@ +commit b076743f2cdd3a3cb9e8d0e8be7be8c90160fc21 +Author: Timo Aaltonen +Date: Fri Mar 1 12:21:00 2013 +0200 + + add debian platform support + +--- /dev/null ++++ b/ipapython/platform/debian/__init__.py +@@ -0,0 +1,43 @@ ++import os ++ ++from ipapython.platform import base, redhat, fedora18 ++from ipapython.platform.debian.auth import DebianAuthConfig ++from ipapython.platform.debian.service import debian_service, DebianServices ++ ++# All what we allow exporting directly from this module ++# Everything else is made available through these symbols when they are ++# directly imported into ipapython.services: ++# ++# authconfig -- class reference for platform-specific implementation of ++# authconfig(8) ++# service -- class reference for platform-specific implementation of a ++# PlatformService class ++# knownservices -- factory instance to access named services IPA cares about, ++# names are ipapython.services.wellknownservices ++# backup_and_replace_hostname -- platform-specific way to set hostname and ++# make it persistent over reboots ++# restore_network_configuration -- platform-specific way of restoring network ++# configuration (e.g. static hostname) ++# restore_context -- platform-sepcific way to restore security context, if ++# applicable ++# check_selinux_status -- platform-specific way to see if SELinux is enabled ++# and restorecon is installed. ++__all__ = ['authconfig', 'service', 'knownservices', ++ 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', ++ 'restore_network_configuration', 'timedate_services'] ++ ++# Just copy a referential list of timedate services ++timedate_services = list(base.timedate_services) ++ ++def restore_network_configuration(fstore, statestore): ++ filepath = '/etc/hostname' ++ if fstore.has_file(filepath): ++ fstore.restore_file(filepath) ++ hostname_was_configured = True ++ ++authconfig = DebianAuthConfig ++service = debian_service ++knownservices = DebianServices() ++backup_and_replace_hostname = fedora18.backup_and_replace_hostname ++restore_context = redhat.restore_context ++check_selinux_status = redhat.check_selinux_status +--- /dev/null ++++ b/ipapython/platform/debian/auth.py +@@ -0,0 +1,33 @@ ++from ipapython import ipautil ++from ipapython.platform import base ++ ++class DebianAuthConfig(base.AuthConfig): ++ """ ++ Debian implementation of the AuthConfig class. ++ ++ Debian doesn't provide a single application for changing both ++ nss and pam configuration. PAM can be configured using debconf but there ++ is currently no such solution for updating NSS database and every package ++ does it by itself. ++ ++ We'll have to play a catch-up game with the rest of the FreeIPA project ++ filtering out .enable() and .disable() calls that are useless for us, ++ and making the best out of the rest of them. ++ """ ++ ++ def __build_args(self): ++ args = ['--force', '--package'] ++ for (option, value) in self.parameters.items(): ++ if option == "sssdauth": ++ option = "sss" ++ if type(value) is bool and not value: ++ if not any("remove" in s for s in args): ++ args.append("--remove") ++ args.append("%s" % (option)) ++ return args ++ ++ def execute(self): ++ env = {"DEBCONF_FRONTEND" : "noninteractive"} ++ args = self.__build_args() ++ ipautil.run(["/usr/sbin/pam-auth-update"] + args, env = env) ++ +--- /dev/null ++++ b/ipapython/platform/debian/service.py +@@ -0,0 +1,107 @@ ++import time ++ ++from ipapython import ipautil ++from ipapython.ipa_log_manager import root_logger ++from ipapython.platform import base ++from ipalib import api ++ ++class DebianService(base.PlatformService): ++ def __wait_for_open_ports(self, instance_name=""): ++ """ ++ If this is a service we need to wait for do so. ++ """ ++ ports = None ++ if instance_name in base.wellknownports: ++ ports = base.wellknownports[instance_name] ++ else: ++ if self.service_name in base.wellknownports: ++ ports = base.wellknownports[self.service_name] ++ if ports: ++ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout) ++ def stop(self, instance_name='', capture_output=True): ++ ipautil.run(["/usr/sbin/service", self.service_name, "stop", ++ instance_name], capture_output=capture_output) ++ if 'context' in api.env and api.env.context in ['ipactl', 'installer']: ++ update_service_list = True ++ else: ++ update_service_list = False ++ super(DebianService, self).stop(instance_name) ++ ++ def start(self, instance_name='', capture_output=True, wait=True): ++ ipautil.run(["/usr/sbin/service", self.service_name, "start", ++ instance_name], capture_output=capture_output) ++ if 'context' in api.env and api.env.context in ['ipactl', 'installer']: ++ update_service_list = True ++ else: ++ update_service_list = False ++ if wait and self.is_running(instance_name): ++ self.__wait_for_open_ports(instance_name) ++ super(DebianService, self).start(instance_name) ++ ++ def restart(self, instance_name='', capture_output=True, wait=True): ++ ipautil.run(["/usr/sbin/service", self.service_name, "restart", ++ instance_name], capture_output=capture_output) ++ if wait and self.is_running(instance_name): ++ self.__wait_for_open_ports(instance_name) ++ ++ def is_running(self, instance_name=""): ++ ret = True ++ try: ++ (sout, serr, rcode) = ipautil.run(["/usr/sbin/service", ++ self.service_name, "status", ++ instance_name]) ++ if sout.find("NOT running") >= 0: ++ ret = False ++ if sout.find("stop") >= 0: ++ ret = False ++ except ipautil.CalledProcessError: ++ ret = False ++ return ret ++ ++ def is_installed(self): ++ installed = True ++ try: ++ ipautil.run(["/usr/sbin/service", self.service_name, "status"]) ++ except ipautil.CalledProcessError, e: ++ if e.returncode == 1: ++ # service is not installed or there is other serious issue ++ installed = False ++ return installed ++ ++ def is_enabled(self, instance_name=""): ++ # Services are always assumed to be enabled when installed ++ return True ++ ++ def enable(self): ++ return True ++ ++ def disable(self): ++ return True ++ ++ def install(self): ++ return True ++ ++ def remove(self): ++ return True ++ ++class DebianSSHService(DebianService): ++ def get_config_dir(self, instance_name=""): ++ return '/etc/ssh' ++ ++def debian_service(name): ++ if name == 'sshd': ++ return DebianSSHService(name) ++ return DebianService(name) ++ ++class DebianServices(base.KnownServices): ++ def __init__(self): ++ services = dict() ++ for s in base.wellknownservices: ++ if s == "messagebus": ++ services[s] = debian_service("dbus") ++ elif s == "ntpd": ++ services[s] = debian_service("ntp") ++ else: ++ services[s] = debian_service(s) ++ # Call base class constructor. This will lock services to read-only ++ super(DebianServices, self).__init__(services) +--- a/ipapython/setup.py.in ++++ b/ipapython/setup.py.in +@@ -68,6 +68,7 @@ def setup_package(): + packages = [ "ipapython", + "ipapython.platform", + "ipapython.platform.base", ++ "ipapython.platform.debian", + "ipapython.platform.fedora16", + "ipapython.platform.fedora18", + "ipapython.platform.redhat" ], diff --git a/debian/patches/check-dbus-before-starting.diff b/debian/patches/check-dbus-before-starting.diff new file mode 100644 index 000000000..1ef2811f8 --- /dev/null +++ b/debian/patches/check-dbus-before-starting.diff @@ -0,0 +1,34 @@ +--- a/ipa-client/ipa-install/ipa-client-install ++++ b/ipa-client/ipa-install/ipa-client-install +@@ -372,10 +372,11 @@ def uninstall(options, env): + # Always start certmonger. We can't untrack something if it isn't + # running + messagebus = ipaservices.knownservices.messagebus +- try: +- messagebus.start() +- except Exception, e: +- log_service_error(messagebus.service_name, 'start', e) ++ if not messagebus.is_running(): ++ try: ++ messagebus.start() ++ except Exception, e: ++ log_service_error(messagebus.service_name, 'start', e) + + cmonger = ipaservices.knownservices.certmonger + try: +@@ -970,10 +971,11 @@ def configure_certmonger(fstore, subject + principal = 'host/%s@%s' % (hostname, cli_realm) + + messagebus = ipaservices.knownservices.messagebus +- try: +- messagebus.start() +- except Exception, e: +- log_service_error(messagebus.service_name, 'start', e) ++ if not messagebus.is_running(): ++ try: ++ messagebus.start() ++ except Exception, e: ++ log_service_error(messagebus.service_name, 'start', e) + + # Ensure that certmonger has been started at least once to generate the + # cas files in /var/lib/certmonger/cas. diff --git a/debian/patches/correct-python-path.diff b/debian/patches/correct-python-path.diff new file mode 100644 index 000000000..c28a53476 --- /dev/null +++ b/debian/patches/correct-python-path.diff @@ -0,0 +1,11 @@ +--- a/Makefile ++++ b/Makefile +@@ -50,7 +50,7 @@ ifneq ($(DEVELOPER_MODE),0) + LINT_OPTIONS=--no-fail + endif + +-PYTHON ?= $(shell rpm -E %__python) ++PYTHON ?= $(shell rpm -E %__python || echo /usr/bin/python) + + # Uncomment to increase Java stack size for Web UI build in case it fails + # because of stack overflow exception. Default should be OK for most platforms. diff --git a/debian/patches/dont-check-for-systemd-pc.diff b/debian/patches/dont-check-for-systemd-pc.diff new file mode 100644 index 000000000..43a32bfba --- /dev/null +++ b/debian/patches/dont-check-for-systemd-pc.diff @@ -0,0 +1,15 @@ +avoid build-dependency on systemd, which doesn't exist on ubuntu + +diff --git a/daemons/configure.ac b/daemons/configure.ac +index e57dad2..9ca5198 100644 +--- a/daemons/configure.ac ++++ b/daemons/configure.ac +@@ -232,7 +232,7 @@ PKG_CHECK_MODULES([SSSNSSIDMAP], [sss_nss_idmap]) + dnl --------------------------------------------------------------------------- + dnl - Check for systemd unit directory + dnl --------------------------------------------------------------------------- +-PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])]) ++dnl PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])]) + AC_ARG_WITH([systemdsystemunitdir], + AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), + [], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) diff --git a/debian/patches/dont-search-platform-path.diff b/debian/patches/dont-search-platform-path.diff new file mode 100644 index 000000000..e5aa0cf5c --- /dev/null +++ b/debian/patches/dont-search-platform-path.diff @@ -0,0 +1,11 @@ +--- a/ipapython/py_default_encoding/setup.py ++++ b/ipapython/py_default_encoding/setup.py +@@ -22,7 +22,7 @@ from distutils.sysconfig import get_pyth + import sys + import os + +-python_header = os.path.join(get_python_inc(plat_specific=1), 'Python.h') ++python_header = os.path.join(get_python_inc(plat_specific=0), 'Python.h') + if not os.path.exists(python_header): + sys.exit("Cannot find Python development packages that provide Python.h") + diff --git a/debian/patches/fix-install-layout.diff b/debian/patches/fix-install-layout.diff new file mode 100644 index 000000000..293fe7d38 --- /dev/null +++ b/debian/patches/fix-install-layout.diff @@ -0,0 +1,14 @@ +--- a/Makefile ++++ b/Makefile +@@ -82,9 +82,9 @@ client-install: client client-dirs + done + cd install/po && $(MAKE) install || exit 1; + if [ "$(DESTDIR)" = "" ]; then \ +- $(PYTHON) setup-client.py install; \ ++ $(PYTHON) setup-client.py install --install-layout=deb; \ + else \ +- $(PYTHON) setup-client.py install --root $(DESTDIR); \ ++ $(PYTHON) setup-client.py install --install-layout=deb --root $(DESTDIR); \ + fi + + client-dirs: diff --git a/debian/patches/fix-ldap-conf-path.diff b/debian/patches/fix-ldap-conf-path.diff new file mode 100644 index 000000000..90c08c48e --- /dev/null +++ b/debian/patches/fix-ldap-conf-path.diff @@ -0,0 +1,11 @@ +--- a/ipa-client/ipa-install/ipa-client-install ++++ b/ipa-client/ipa-install/ipa-client-install +@@ -854,7 +854,7 @@ def configure_openldap_conf(fstore, cli_ + {'action':'addifnotset', 'name':'TLS_CACERT', 'type':'option', + 'value':CACERT},] + +- target_fname = '/etc/openldap/ldap.conf' ++ target_fname = '/etc/ldap/ldap.conf' + fstore.backup_file(target_fname) + + error_msg = "Configuring {path} failed with: {err}" diff --git a/debian/patches/fix-ntpdate-opts.diff b/debian/patches/fix-ntpdate-opts.diff new file mode 100644 index 000000000..954483917 --- /dev/null +++ b/debian/patches/fix-ntpdate-opts.diff @@ -0,0 +1,13 @@ +Our ntp isn't patched to drop privileges. + +--- a/ipa-client/ipaclient/ntpconf.py ++++ b/ipa-client/ipaclient/ntpconf.py +@@ -147,7 +147,7 @@ def synconce_ntp(server_fqdn): + if os.path.exists(ntpdate): + # retry several times -- logic follows /etc/init.d/ntpdate + # implementation +- cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", server_fqdn] ++ cmd = [ntpdate, "-s", "-b", "-v", server_fqdn] + for retry in range(0, 3): + try: + ipautil.run(cmd) diff --git a/debian/patches/fix-portability-of-nss.diff b/debian/patches/fix-portability-of-nss.diff new file mode 100644 index 000000000..42ab5e268 --- /dev/null +++ b/debian/patches/fix-portability-of-nss.diff @@ -0,0 +1,74 @@ +From 2d9e290970e71d373b91cd0cd1db52b991636889 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Thu, 28 Nov 2013 15:32:07 +0100 +Subject: [PATCH] BUILD: Fix portability of NSS in file ipa_pwd.c + +--- + daemons/ipa-kdb/Makefile.am | 4 +++- + daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am | 1 + + util/ipa_pwd.c | 8 ++++---- + 3 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am +index dc543dd..b3d6a1b 100644 +--- a/daemons/ipa-kdb/Makefile.am ++++ b/daemons/ipa-kdb/Makefile.am +@@ -21,6 +21,7 @@ AM_CPPFLAGS = \ + $(KRB5_CFLAGS) \ + $(WARN_CFLAGS) \ + $(NDRPAC_CFLAGS) \ ++ $(NSS_CFLAGS) \ + $(NULL) + + plugindir = $(libdir)/krb5/plugins/kdb +@@ -51,6 +52,7 @@ ipadb_la_LIBADD = \ + $(LDAP_LIBS) \ + $(NDRPAC_LIBS) \ + $(UNISTRING_LIBS) \ ++ $(NSS_LIBS) \ + $(NULL) + + if HAVE_CHECK +@@ -77,7 +79,7 @@ ipa_kdb_tests_LDADD = \ + $(KRB5_LIBS) \ + $(LDAP_LIBS) \ + $(NDRPAC_LIBS) \ +- -lnss3 \ ++ $(NSS_LIBS) \ + -lkdb5 \ + -lsss_idmap \ + $(NULL) +diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am +index b53b2e1..3323d72 100644 +--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am ++++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am +@@ -22,6 +22,7 @@ AM_CPPFLAGS = \ + $(LDAP_CFLAGS) \ + $(KRB5_CFLAGS) \ + $(SSL_CFLAGS) \ ++ $(NSS_CFLAGS) \ + $(WARN_CFLAGS) \ + $(NULL) + +diff --git a/util/ipa_pwd.c b/util/ipa_pwd.c +index 761d1ef..f6564c8 100644 +--- a/util/ipa_pwd.c ++++ b/util/ipa_pwd.c +@@ -27,10 +27,10 @@ + #include + #include + #include +-#include +-#include +-#include +-#include ++#include ++#include ++#include ++#include + #include + #include "ipa_pwd.h" + +-- +1.8.4.2 + diff --git a/debian/patches/fix-pykerberos-api.diff b/debian/patches/fix-pykerberos-api.diff new file mode 100644 index 000000000..4ca01a94b --- /dev/null +++ b/debian/patches/fix-pykerberos-api.diff @@ -0,0 +1,11 @@ +--- a/ipalib/rpc.py ++++ b/ipalib/rpc.py +@@ -380,7 +380,7 @@ class KerbTransport(SSLTransport): + service = "HTTP@" + host.split(':')[0] + + try: +- (rc, vc) = kerberos.authGSSClientInit(service, self.flags) ++ (rc, vc) = kerberos.authGSSClientInit(service, gssflags=self.flags) + except kerberos.GSSError, e: + self._handle_exception(e) + diff --git a/debian/patches/fix-symlink-exclusion.diff b/debian/patches/fix-symlink-exclusion.diff new file mode 100644 index 000000000..c04f13350 --- /dev/null +++ b/debian/patches/fix-symlink-exclusion.diff @@ -0,0 +1,22 @@ +Description: Don't exclude symlinks when loading plugins + FreeIPA uses custom helpers to enumerate and load plugins. These plugins, + provided by the ipalib module, are excluded due to being symlinked in from + /usr/lib/pyshared as part of the dh_python2 installation process. + . + This change can probably be submitted upstream, but I have no idea why the + original author would exclude symlinks in the first place, nor why a custom + loader is being used. +Author: Nick Hatch +Last-Update: 2013-03-20 + +--- freeipa.orig/ipalib/util.py ++++ freeipa/ipalib/util.py +@@ -81,7 +81,7 @@ + if not name.endswith(suffix): + continue + pyfile = os.path.join(src_dir, name) +- if os.path.islink(pyfile) or not os.path.isfile(pyfile): ++ if not os.path.isfile(pyfile): + continue + module = name[:-len(suffix)] + if module == '__init__': diff --git a/debian/patches/include-ldflags-otpd.diff b/debian/patches/include-ldflags-otpd.diff new file mode 100644 index 000000000..c9215775a --- /dev/null +++ b/debian/patches/include-ldflags-otpd.diff @@ -0,0 +1,21 @@ +commit 75dadc1d8ffc3ac84c4b1988c266ef60de1a6cfe +Author: Jan Cholasta +Date: Wed Dec 4 18:39:44 2013 +0100 + + Include LDFLAGS provided by rpmbuild in global LDFLAGS in the spec file. + + Remove explicitly specified hardening flags from LDFLAGS in ipa-otpd. + + https://fedorahosted.org/freeipa/ticket/3896 + +diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am +index f0b7528..ed99c3e 100644 +--- a/daemons/ipa-otpd/Makefile.am ++++ b/daemons/ipa-otpd/Makefile.am +@@ -1,5 +1,5 @@ + AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ +-AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ -pie -Wl,-z,relro -Wl,-z,now ++AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ + + noinst_HEADERS = internal.h + libexec_PROGRAMS = ipa-otpd diff --git a/debian/patches/no-test-lang.diff b/debian/patches/no-test-lang.diff new file mode 100644 index 000000000..d5f5619f9 --- /dev/null +++ b/debian/patches/no-test-lang.diff @@ -0,0 +1,11 @@ +--- a/Makefile ++++ b/Makefile +@@ -98,7 +98,7 @@ client-dirs: + + lint: bootstrap-autogen + ./make-lint $(LINT_OPTIONS) +- $(MAKE) -C install/po validate-src-strings ++# $(MAKE) -C install/po validate-src-strings + + + test: diff --git a/debian/patches/no-testcert.patch b/debian/patches/no-testcert.patch new file mode 100644 index 000000000..70a6704b1 --- /dev/null +++ b/debian/patches/no-testcert.patch @@ -0,0 +1,18 @@ +Author: Timo Aaltonen +Date: Tue Nov 1 11:48:27 2011 -0400 + + Add no-testcert.patch to not fail make-testcert. + +they need a working certificate server running + +--- a/Makefile ++++ b/Makefile +@@ -102,7 +102,7 @@ lint: bootstrap-autogen + + + test: +- ./make-testcert ++# ./make-testcert + ./make-test + + release-update: diff --git a/debian/patches/port-ipa-client-automount.diff b/debian/patches/port-ipa-client-automount.diff new file mode 100644 index 000000000..e4ca2f913 --- /dev/null +++ b/debian/patches/port-ipa-client-automount.diff @@ -0,0 +1,26 @@ +diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount +index 3952642..e7b843e 100755 +--- a/ipa-client/ipa-install/ipa-client-automount ++++ b/ipa-client/ipa-install/ipa-client-automount +@@ -39,10 +39,10 @@ from ipapython.ipa_log_manager import * + from ipapython.dn import DN + from ipapython import services as ipaservices + +-AUTOFS_CONF = '/etc/sysconfig/autofs' ++AUTOFS_CONF = '/etc/default/autofs' + NSSWITCH_CONF = '/etc/nsswitch.conf' + AUTOFS_LDAP_AUTH = '/etc/autofs_ldap_auth.conf' +-NFS_CONF = '/etc/sysconfig/nfs' ++NFS_CONF = '/etc/default/nfs-common' + IDMAPD_CONF = '/etc/idmapd.conf' + + def parse_options(): +@@ -309,7 +309,7 @@ def configure_nfs(fstore, statestore): + Configure secure NFS + """ + replacevars = { +- 'SECURE_NFS': 'yes', ++ 'NEED_GSSD': 'yes', + } + ipautil.backup_config_and_replace_variables(fstore, + NFS_CONF, replacevars=replacevars) diff --git a/debian/patches/prefix.patch b/debian/patches/prefix.patch new file mode 100644 index 000000000..2b94d56fb --- /dev/null +++ b/debian/patches/prefix.patch @@ -0,0 +1,38 @@ +Author: Timo Aaltonen +Date: Mon Jan 2 16:09:40 2012 +0200 + +use the debian layout when installing python modules + +--- a/Makefile ++++ b/Makefile +@@ -153,7 +153,7 @@ server-install: server + if [ "$(DESTDIR)" = "" ]; then \ + $(PYTHON) setup.py install; \ + else \ +- $(PYTHON) setup.py install --root $(DESTDIR); \ ++ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \ + fi + + tests: version-update tests-man-autogen +--- a/ipapython/Makefile ++++ b/ipapython/Makefile +@@ -14,7 +14,7 @@ install: + if [ "$(DESTDIR)" = "" ]; then \ + python setup.py install; \ + else \ +- python setup.py install --root $(DESTDIR); \ ++ python setup.py install --root $(DESTDIR) --install-layout=deb; \ + fi + @for subdir in $(SUBDIRS); do \ + (cd $$subdir && $(MAKE) $@) || exit 1; \ +--- a/ipapython/py_default_encoding/Makefile ++++ b/ipapython/py_default_encoding/Makefile +@@ -9,7 +9,7 @@ install: + if [ "$(DESTDIR)" = "" ]; then \ + python setup.py install; \ + else \ +- python setup.py install --root $(DESTDIR); \ ++ python setup.py install --root $(DESTDIR) --install-layout=deb; \ + fi + + clean: diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..79b978338 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,21 @@ +# not upstreamable +no-testcert.patch +prefix.patch +no-test-lang.diff +fix-install-layout.diff +fix-ntpdate-opts.diff +fix-ldap-conf-path.diff +port-ipa-client-automount.diff +dont-check-for-systemd-pc.diff +fix-portability-of-nss.diff + +# send upstream +correct-python-path.diff +dont-search-platform-path.diff +fix-symlink-exclusion.diff +check-dbus-before-starting.diff +add-debian-platform.diff +use-new-nssdb.diff + +include-ldflags-otpd.diff +fix-pykerberos-api.diff diff --git a/debian/patches/use-new-nssdb.diff b/debian/patches/use-new-nssdb.diff new file mode 100644 index 000000000..de688f02f --- /dev/null +++ b/debian/patches/use-new-nssdb.diff @@ -0,0 +1,49 @@ +--- a/ipa-client/ipa-install/ipa-client-install ++++ b/ipa-client/ipa-install/ipa-client-install +@@ -201,7 +201,7 @@ def log_service_error(name, action, erro + root_logger.error("%s failed to %s: %s", name, action, str(error)) + + def nickname_exists(nickname): +- (sout, serr, returncode) = run(["/usr/bin/certutil", "-L", "-d", "/etc/pki/nssdb", "-n", nickname], raiseonerr=False) ++ (sout, serr, returncode) = run(["/usr/bin/certutil", "-L", "-d", "sql:/etc/pki/nssdb", "-n", nickname], raiseonerr=False) + + if returncode == 0: + return True +@@ -365,7 +365,7 @@ def uninstall(options, env): + # Remove our host cert and CA cert + if nickname_exists("IPA CA"): + try: +- run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", "IPA CA"]) ++ run(["/usr/bin/certutil", "-D", "-d", "sql:/etc/pki/nssdb", "-n", "IPA CA"]) + except Exception, e: + root_logger.error( + "Failed to remove IPA CA from /etc/pki/nssdb: %s", str(e)) +@@ -393,7 +393,7 @@ def uninstall(options, env): + + if nickname_exists(client_nss_nickname): + try: +- run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", client_nss_nickname]) ++ run(["/usr/bin/certutil", "-D", "-d", "sql:/etc/pki/nssdb", "-n", client_nss_nickname]) + except Exception, e: + root_logger.error("Failed to remove %s from /etc/pki/nssdb: %s", + client_nss_nickname, str(e)) +@@ -2297,7 +2297,7 @@ def install(options, env, fstore, states + + # Add the CA to the default NSS database and trust it + try: +- run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", CACERT]) ++ run(["/usr/bin/certutil", "-A", "-d", "sql:/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", CACERT]) + except CalledProcessError, e: + root_logger.info("Failed to add CA to the default NSS database.") + return CLIENT_INSTALL_ERROR +--- a/ipalib/rpc.py ++++ b/ipalib/rpc.py +@@ -322,7 +322,7 @@ class SSLTransport(LanguageAwareTranspor + if self._connection and host == self._connection[0]: + return self._connection[1] + +- dbdir = '/etc/pki/nssdb' ++ dbdir = 'sql:/etc/pki/nssdb' + no_init = self.__nss_initialized(dbdir) + if sys.version_info < (2, 7): + conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init) diff --git a/debian/python-freeipa.install b/debian/python-freeipa.install new file mode 100644 index 000000000..4cf58f564 --- /dev/null +++ b/debian/python-freeipa.install @@ -0,0 +1,9 @@ +usr/lib/python*/dist-packages/ipalib/* +usr/lib/python*/dist-packages/ipapython/*.py +usr/lib/python*/dist-packages/ipapython/platform/*.py +usr/lib/python*/dist-packages/ipapython/platform/*/*.py +usr/lib/python*/dist-packages/default_encoding_utf8.so +usr/lib/python*/dist-packages/freeipa-*.egg-info +usr/lib/python*/dist-packages/ipapython-*.egg-info +usr/lib/python*/dist-packages/python_default_encoding-*.egg-info +usr/share/locale diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..2cfab3b38 --- /dev/null +++ b/debian/rules @@ -0,0 +1,73 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +ONLY_CLIENT=0 +DESTDIR=$(CURDIR)/debian/tmp + +PLATFORM="SUPPORTED_PLATFORM=debian" + +override_dh_auto_clean: + for i in daemons install ipapython ipaserver ipa-client; do \ + (cd $$i && [ ! -f Makefile ] || $(MAKE) distclean); \ + (cd $$i && rm -f COPYING INSTALL depcomp install-sh missing py-compile config.guess config.sub aclocal.m4 config.h.in version.m4); \ + done + find . -name "*.pyo" -o -name "*.pyc" -type f -exec rm -f "{}" \; + find . -name "ltmain.sh" -exec rm -f "{}" \; + find . -name "configure" -exec rm -f "{}" \; + rm -rf daemons/ipa-version.h freeipa.spec freeipa.egg-info ipa-client/ipa-client.spec version.m4 + rm -rf ipapython/build RELEASE build + dh_clean + rm -rf $(DESTDIR) + +override_dh_autoreconf: + make IPA_VERSION_IS_GIT_SNAPSHOT=no version-update + dh_autoreconf; cd .. + +override_dh_auto_configure: + dh_auto_configure -Dipa-client +ifneq ($(ONLY_CLIENT), 1) + dh_auto_configure -Ddaemons -- \ + --with-openldap \ + --with-systemdsystemunitdir=/lib/systemd/system + + dh_auto_configure -Dinstall +endif + +override_dh_auto_build: +ifneq ($(ONLY_CLIENT), 1) + make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no all +# cd selinux ; make all +else + make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client +endif + +# tests would just fail, they need a proper environment with 389 running et al +override_dh_auto_test: + +override_dh_auto_install: +ifneq ($(ONLY_CLIENT), 1) + # Force re-generate of platform support + rm -f ipapython/services.py + make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR) +# cd selinux +# make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR) + cd .. + + install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/etc/bash_completion.d/ipa +else + make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client-install DESTDIR=$(DESTDIR) +endif + + # purge .la files + find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \; + # purge precompiled .pyc/.pyo files + find $(CURDIR)/debian/tmp -name '*.py[c,o]' -exec rm '{}' ';' + # fix permissions + find $(CURDIR)/debian/tmp -name "*.mo" -type f -exec chmod -x "{}" \; + + dh_install --list-missing + +%: + dh $@ --with quilt,autoreconf,python2 diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000..c3d9f2407 --- /dev/null +++ b/debian/source/format @@ -0,0 +1,2 @@ +3.0 (quilt) + diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..a1cb50d25 --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://freeipa.org/page/Downloads http://freeipa.org/downloads/src/freeipa-(.+).tar.gz