IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into master-exp

Browse Source
This commit is contained in:
Timo Aaltonen 2014-06-17 09:15:14 +03:00
commit 4c03c081e6
35 changed files with 1101 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/autoreconf vendored Normal file
View File

@ -0,0 +1,3 @@
ipa-client
daemons
install

56
debian/changelog vendored Normal file
View File

@ -0,0 +1,56 @@
freeipa (3.3.4-1) UNRELEASED; urgency=low
[ Michele Baldessari ]
* Initial release (Closes: #734703)
* New upstream
* Dropped 10_ipa_kpasswd patch, applied upstream
[ Timo Aaltonen ]
* New upstream release.
* Remove radius subpackages.
* Migrate to source format 3.0 (quilt).
* Migrate to dh.
* Fix dependencies.
* Add no-testcert.patch to not fail make-testcert.
* Bump compat and debhelper build-depends to 9.
* Add missing files to freeipa.install.
* Add --fail-missing for dh_install.
* copyright: Updated, with OpenSSL exception.
* control: Add python-libipa-hbac to build-depends.
* control: Add ${shlibs:Depends} to python-freeipa depends.
* rules: Strip the executable bit from translation files.
* Use dh_python2.
* Add DEP-3 compliant headers to the patches.
* control: client; Move libpam-krb5 to Suggests.
* control: Update the maintainer address and repo location.
* control: Fix package descriptions.
* control: Add python-krbv, python-dnspython, keyutils to client depends.
* Add no-test-lang.diff, test_lang is gone.
* correct-python-path.diff: Fallback on the correct path if rpm query
fails.
* dont-search-platform-path.diff: Don't use Python.h from the
platform specific path.
* fix-install-layout.diff: Pass an option to setup-client.py to
install the python bits to the correct path.
* fix-ntpdate-opts.diff: Drop -U from nptdate opts, we don't have
that.
* Add support for Debian platform.
* port-ipa-client-automount.diff: Patch i-c-a so it works on Debian.
* rules: Don't run tests on server either, would never work during package
build.
[ Nick Hatch ]
* Added three patches
- fix-symlink-exclusion.diff: Don't exclude symlinks when loading
plugins
- fix-ldap-conf-path.diff: Patch client installer to use correct LDAP
conf path.
- check-dbus-before-starting.diff: Check to see if dbus is running
before attempting to start it
[ Timo Aaltonen ]
* use-new-nssdb.diff: Use sqlite-based nssdb's instead of old.
* control: Add python-dnspython and python-ldap to python-freeipa
Depends.
-- Timo Aaltonen <tjaalton@ubuntu.com> Tue, 01 Nov 2011 10:52:25 -0400

1
debian/compat vendored Normal file
View File

@ -0,0 +1 @@
9

187
debian/control vendored Normal file
View File

@ -0,0 +1,187 @@
Source: freeipa
Section: net
Priority: extra
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton@ubuntu.com>
Build-Depends: quilt, debhelper (>= 9), dh-autoreconf,
# client
gettext,
krb5-user,
libcurl4-nss-dev,
libkrb5-dev (>= 1.12),
libldap2-dev,
libnss3-dev,
libnspr4-dev,
libpopt-dev,
libsasl2-dev,
libssl-dev,
libtalloc-dev,
libxmlrpc-core-c3-dev,
python-all-dev,
python-dnspython,
python-kerberos,
python-krbv,
python-ldap,
python-libipa-hbac,
python-memcache,
python-netaddr,
python-nss,
python-openssl,
python-polib,
python-setuptools,
python-sss (>= 1.8.0),
python-support,
# server
389-ds-base-dev (>= 1.1.3),
libkrad-dev,
libsss-idmap-dev,
libsss-nss-idmap-dev,
libsvrcore-dev,
libtevent-dev,
libunistring-dev,
libverto-dev,
rhino,
samba-dev,
selinux-policy-dev,
uuid-dev,
# tests
check,
libcmocka-dev,
python-lxml,
python-nose,
Standards-Version: 3.9.3
Vcs-Git: git://git.debian.org/git/pkg-freeipa/freeipa.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-freeipa/freeipa.git
Homepage: http://www.freeipa.org
Package: freeipa-server
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends},
freeipa-client (= ${binary:Version}),
freeipa-admintools (= ${binary:Version}),
python-freeipa (= ${binary:Version}),
389-ds-base,
acl,
apache2,
dogtag-pki-common-theme,
dogtag-pki-ca-theme,
krb5-kdc,
krb5-kdc-ldap,
krb5-pkinit,
ldap-utils,
libnss3-tools,
libsasl2-modules-gssapi-mit,
libapache2-mod-wsgi,
libapache2-mod-auth-kerb,
libapache2-mod-nss,
ntp,
pki-ca,
pki-setup,
pki-silent,
python-ldap,
python-krbv,
python-pyasn1,
Description: FreeIPA centralized identity framework -- server
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This is the server package.
Package: freeipa-server-trust-ad
Architecture: any
Depends: ${misc:Depends}, ${python:Depends},
freeipa-server (= ${binary:Version}),
python-libsss-nss-idmap,
python-m2crypto,
python-samba,
samba,
winbind,
Description: FreeIPA centralized identity framework -- AD trust installer
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
dependencies at once.
Package: freeipa-client
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends},
python-freeipa (= ${binary:Version}),
bind9utils,
certmonger,
krb5-user,
libcurl3 (>= 7.22.0),
libnss3-tools,
libsasl2-modules-gssapi-mit,
libxmlrpc-core-c3 (>= 1.16.33-3.1ubuntu5),
ntp,
python-dnspython,
python-ldap,
python-krbv,
sssd (>= 1.9.2),
wget,
Suggests:
libpam-krb5,
Description: FreeIPA centralized identity framework -- client
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This is the client package.
Package: freeipa-admintools
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends},
freeipa-client (= ${binary:Version}),
python-freeipa (= ${binary:Version}),
python-krbv,
python-ldap,
Description: FreeIPA centralized identity framework -- admintools
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package contains some tools for administrators.
Package: freeipa-tests
Architecture: any
Depends: ${misc:Depends}, ${python:Depends},
tar,
xz,
Description: FreeIPA centralized identity framework -- tests
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package contains tests that verify IPA functionality.
Package: python-freeipa
Architecture: any
Section: python
Depends: ${shlibs:Depends}, ${python:Depends}, ${misc:Depends},
gnupg,
iproute,
keyutils,
python-dnspython,
python-kerberos,
python-ldap,
python-libipa-hbac,
python-lxml,
python-netaddr,
python-nss,
python-openssl,
Description: FreeIPA centralized identity framework -- python modules
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This Python module is used by other FreeIPA packages.

51
debian/copyright vendored Normal file
View File

@ -0,0 +1,51 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-name: freeipa
Source: http://freeipa.org/downloads/src/
Files: *
Copyright: 1999-2011 Red Hat, Inc.
License: GPL-3+
Files: daemons/ipa-slapi-plugins/*/*.c
daemons/ipa-slapi-plugins/*/*.h
Copyright: 2005-2010 Red Hat, Inc.
License: GPL-3+ with OpenSSL exception
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
Additional permission under GPLv3 section 7:
.
In the following paragraph, "GPL" means the GNU General Public
License, version 3 or any later version, and "Non-GPL Code" means
code that is governed neither by the GPL nor a license
compatible with the GPL.
.
You may link the code of this Program with Non-GPL Code and convey
linked combinations including the two, provided that such Non-GPL
Code only links to the code of this Program through those well
defined interfaces identified in the file named EXCEPTION found in
the source code files (the "Approved Interfaces"). The files of
Non-GPL Code may instantiate templates or use macros or inline
functions from the Approved Interfaces without causing the resulting
work to be covered by the GPL. Only the copyright holders of this
Program may make changes or additions to the list of Approved
Interfaces.
Files: debian/*
Copyright: Michele Baldessari michele@pupazzo.org>
Timo Aaltonen <tjaalton@ubuntu.com>
License: GPL-3+
License: GPL-3+
On Debian machines the full text of the GNU General Public License
can be found in the file /usr/share/common-licenses/GPL-3.

3
debian/freeipa-admintools.install vendored Normal file
View File

@ -0,0 +1,3 @@
etc/bash_completion.d/ipa
usr/bin/ipa
usr/share/man/man1/ipa.1

2
debian/freeipa-client.dirs vendored Normal file
View File

@ -0,0 +1,2 @@
etc/ipa
var/lib/ipa-client/sysrestore

14
debian/freeipa-client.install vendored Normal file
View File

@ -0,0 +1,14 @@
usr/sbin/ipa-client-automount
usr/sbin/ipa-client-install
usr/sbin/ipa-getkeytab
usr/sbin/ipa-rmkeytab
usr/sbin/ipa-join
usr/share/ipa/ipaclient/ipa.cfg
usr/share/ipa/ipaclient/ipa.js
usr/lib/python*/dist-packages/ipaclient/*.py
usr/share/man/man1/ipa-client-automount.1.gz
usr/share/man/man1/ipa-client-install.1.gz
usr/share/man/man1/ipa-getkeytab.1.gz
usr/share/man/man1/ipa-rmkeytab.1.gz
usr/share/man/man1/ipa-join.1.gz
usr/share/man/man5/default.conf.5.gz

9
debian/freeipa-server-trust-ad.install vendored Normal file
View File

@ -0,0 +1,9 @@
usr/sbin/ipa-adtrust-install
usr/lib/*/dirsrv/plugins/libipa_extdom_extop.so
usr/lib/*/dirsrv/plugins/libipa_sidgen.so
usr/lib/*/dirsrv/plugins/libipa_sidgen_task.so
usr/lib/*/samba/pdb/ipasam.so
usr/lib/python*/dist-packages/ipaserver/dcerpc
usr/lib/python*/dist-packages/ipaserver/install/adtrustinstance*
usr/share/ipa/smb.conf.empty
usr/share/man/man1/ipa-adtrust-install.1

1
debian/freeipa-server.docs vendored Normal file
View File

@ -0,0 +1 @@
README

70
debian/freeipa-server.install vendored Normal file
View File

@ -0,0 +1,70 @@
etc/ipa/html/*
lib/systemd/system/ipa-otpd@.service
lib/systemd/system/ipa-otpd.socket
usr/lib/*/dirsrv/plugins/libipa_cldap.so
usr/lib/*/dirsrv/plugins/libipa_dns.so
usr/lib/*/dirsrv/plugins/libipa_enrollment_extop.so
usr/lib/*/dirsrv/plugins/libipa_lockout.so
usr/lib/*/dirsrv/plugins/libipa_modrdn.so
usr/lib/*/dirsrv/plugins/libipa_pwd_extop.so
usr/lib/*/dirsrv/plugins/libipa_range_check.so
usr/lib/*/dirsrv/plugins/libipa_repl_version.so
usr/lib/*/dirsrv/plugins/libipa_uuid.so
usr/lib/*/dirsrv/plugins/libipa_winsync.so
usr/lib/*/ipa/certmonger/*
usr/lib/*/ipa-otpd
usr/lib/*/krb5/plugins/kdb/*.so
usr/lib/python*/dist-packages/ipaserver/*
usr/sbin/ipa-advise
usr/sbin/ipa-backup
usr/sbin/ipa-ca-install
usr/sbin/ipa-compat-manage
usr/sbin/ipa-csreplica-manage
usr/sbin/ipa-dns-install
usr/sbin/ipa-ldap-updater
usr/sbin/ipa-managed-entries
usr/sbin/ipa-nis-manage
usr/sbin/ipa-replica-conncheck
usr/sbin/ipa-replica-install
usr/sbin/ipa-replica-manage
usr/sbin/ipa-replica-prepare
usr/sbin/ipa-restore
usr/sbin/ipa-server-certinstall
usr/sbin/ipa-server-install
usr/sbin/ipa-upgradeconfig
usr/sbin/ipactl
usr/share/ipa/advise/legacy/*.template
usr/share/ipa/copy-schema-to-ca.py
usr/share/ipa/ca_renewal
usr/share/ipa/ffextension/*
usr/share/ipa/ipa.conf
usr/share/ipa/ipa-pki-proxy.conf
usr/share/ipa/ipa-rewrite.conf
usr/share/ipa/*.ldif
usr/share/ipa/migration/*
usr/share/ipa/*.template
usr/share/ipa/ui/*
usr/share/ipa/*.uldif
usr/share/ipa/updates/*
usr/share/ipa/wsgi.py
usr/share/ipa/wsgi/*
usr/share/man/man1/ipa-advise.1
usr/share/man/man1/ipa-backup.1.gz
usr/share/man/man1/ipa-ca-install.1.gz
usr/share/man/man1/ipa-compat-manage.1.gz
usr/share/man/man1/ipa-csreplica-manage.1.gz
usr/share/man/man1/ipa-dns-install.1.gz
usr/share/man/man1/ipa-ldap-updater.1.gz
usr/share/man/man1/ipa-managed-entries.1.gz
usr/share/man/man1/ipa-nis-manage.1.gz
usr/share/man/man1/ipa-replica-conncheck.1.gz
usr/share/man/man1/ipa-replica-install.1.gz
usr/share/man/man1/ipa-replica-manage.1.gz
usr/share/man/man1/ipa-replica-prepare.1.gz
usr/share/man/man1/ipa-restore.1.gz
usr/share/man/man1/ipa-server-certinstall.1.gz
usr/share/man/man1/ipa-server-install.1.gz
usr/share/man/man8/ipactl.8.gz
usr/share/man/man8/ipa-upgradeconfig.8.gz
var/lib/ipa/sysrestore

3
debian/freeipa-server.links vendored Normal file
View File

@ -0,0 +1,3 @@
/usr/share/javascript/prototype/prototype.js /usr/share/ipa/ipagui/static/javascript/prototype.js
/usr/share/javascript/scriptaculous/scriptaculous.js /usr/share/ipa/ipagui/static/javascript/scriptaculous.js
/usr/share/javascript/scriptaculous/effects.js /usr/share/ipa/ipagui/static/javascript/effects.js

7
debian/freeipa-tests.install vendored Normal file
View File

@ -0,0 +1,7 @@
usr/bin/ipa-run-tests
usr/bin/ipa-test-config
usr/bin/ipa-test-task
usr/lib/python*/ipatests/*
usr/share/man/man1/ipa-run-tests.1
usr/share/man/man1/ipa-test-config.1
usr/share/man/man1/ipa-test-task.1

208
debian/patches/add-debian-platform.diff vendored Normal file
View File

@ -0,0 +1,208 @@
commit b076743f2cdd3a3cb9e8d0e8be7be8c90160fc21
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Fri Mar 1 12:21:00 2013 +0200
add debian platform support
--- /dev/null
+++ b/ipapython/platform/debian/__init__.py
@@ -0,0 +1,43 @@
+import os
+
+from ipapython.platform import base, redhat, fedora18
+from ipapython.platform.debian.auth import DebianAuthConfig
+from ipapython.platform.debian.service import debian_service, DebianServices
+
+# All what we allow exporting directly from this module
+# Everything else is made available through these symbols when they are
+# directly imported into ipapython.services:
+#
+# authconfig -- class reference for platform-specific implementation of
+# authconfig(8)
+# service -- class reference for platform-specific implementation of a
+# PlatformService class
+# knownservices -- factory instance to access named services IPA cares about,
+# names are ipapython.services.wellknownservices
+# backup_and_replace_hostname -- platform-specific way to set hostname and
+# make it persistent over reboots
+# restore_network_configuration -- platform-specific way of restoring network
+# configuration (e.g. static hostname)
+# restore_context -- platform-sepcific way to restore security context, if
+# applicable
+# check_selinux_status -- platform-specific way to see if SELinux is enabled
+# and restorecon is installed.
+__all__ = ['authconfig', 'service', 'knownservices',
+ 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status',
+ 'restore_network_configuration', 'timedate_services']
+
+# Just copy a referential list of timedate services
+timedate_services = list(base.timedate_services)
+
+def restore_network_configuration(fstore, statestore):
+ filepath = '/etc/hostname'
+ if fstore.has_file(filepath):
+ fstore.restore_file(filepath)
+ hostname_was_configured = True
+
+authconfig = DebianAuthConfig
+service = debian_service
+knownservices = DebianServices()
+backup_and_replace_hostname = fedora18.backup_and_replace_hostname
+restore_context = redhat.restore_context
+check_selinux_status = redhat.check_selinux_status
--- /dev/null
+++ b/ipapython/platform/debian/auth.py
@@ -0,0 +1,33 @@
+from ipapython import ipautil
+from ipapython.platform import base
+
+class DebianAuthConfig(base.AuthConfig):
+ """
+ Debian implementation of the AuthConfig class.
+
+ Debian doesn't provide a single application for changing both
+ nss and pam configuration. PAM can be configured using debconf but there
+ is currently no such solution for updating NSS database and every package
+ does it by itself.
+
+ We'll have to play a catch-up game with the rest of the FreeIPA project
+ filtering out .enable() and .disable() calls that are useless for us,
+ and making the best out of the rest of them.
+ """
+
+ def __build_args(self):
+ args = ['--force', '--package']
+ for (option, value) in self.parameters.items():
+ if option == "sssdauth":
+ option = "sss"
+ if type(value) is bool and not value:
+ if not any("remove" in s for s in args):
+ args.append("--remove")
+ args.append("%s" % (option))
+ return args
+
+ def execute(self):
+ env = {"DEBCONF_FRONTEND" : "noninteractive"}
+ args = self.__build_args()
+ ipautil.run(["/usr/sbin/pam-auth-update"] + args, env = env)
+
--- /dev/null
+++ b/ipapython/platform/debian/service.py
@@ -0,0 +1,107 @@
+import time
+
+from ipapython import ipautil
+from ipapython.ipa_log_manager import root_logger
+from ipapython.platform import base
+from ipalib import api
+
+class DebianService(base.PlatformService):
+ def __wait_for_open_ports(self, instance_name=""):
+ """
+ If this is a service we need to wait for do so.
+ """
+ ports = None
+ if instance_name in base.wellknownports:
+ ports = base.wellknownports[instance_name]
+ else:
+ if self.service_name in base.wellknownports:
+ ports = base.wellknownports[self.service_name]
+ if ports:
+ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
+ def stop(self, instance_name='', capture_output=True):
+ ipautil.run(["/usr/sbin/service", self.service_name, "stop",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ super(DebianService, self).stop(instance_name)
+
+ def start(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run(["/usr/sbin/service", self.service_name, "start",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+ super(DebianService, self).start(instance_name)
+
+ def restart(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run(["/usr/sbin/service", self.service_name, "restart",
+ instance_name], capture_output=capture_output)
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+
+ def is_running(self, instance_name=""):
+ ret = True
+ try:
+ (sout, serr, rcode) = ipautil.run(["/usr/sbin/service",
+ self.service_name, "status",
+ instance_name])
+ if sout.find("NOT running") >= 0:
+ ret = False
+ if sout.find("stop") >= 0:
+ ret = False
+ except ipautil.CalledProcessError:
+ ret = False
+ return ret
+
+ def is_installed(self):
+ installed = True
+ try:
+ ipautil.run(["/usr/sbin/service", self.service_name, "status"])
+ except ipautil.CalledProcessError, e:
+ if e.returncode == 1:
+ # service is not installed or there is other serious issue
+ installed = False
+ return installed
+
+ def is_enabled(self, instance_name=""):
+ # Services are always assumed to be enabled when installed
+ return True
+
+ def enable(self):
+ return True
+
+ def disable(self):
+ return True
+
+ def install(self):
+ return True
+
+ def remove(self):
+ return True
+
+class DebianSSHService(DebianService):
+ def get_config_dir(self, instance_name=""):
+ return '/etc/ssh'
+
+def debian_service(name):
+ if name == 'sshd':
+ return DebianSSHService(name)
+ return DebianService(name)
+
+class DebianServices(base.KnownServices):
+ def __init__(self):
+ services = dict()
+ for s in base.wellknownservices:
+ if s == "messagebus":
+ services[s] = debian_service("dbus")
+ elif s == "ntpd":
+ services[s] = debian_service("ntp")
+ else:
+ services[s] = debian_service(s)
+ # Call base class constructor. This will lock services to read-only
+ super(DebianServices, self).__init__(services)
--- a/ipapython/setup.py.in
+++ b/ipapython/setup.py.in
@@ -68,6 +68,7 @@ def setup_package():
packages = [ "ipapython",
"ipapython.platform",
"ipapython.platform.base",
+ "ipapython.platform.debian",
"ipapython.platform.fedora16",
"ipapython.platform.fedora18",
"ipapython.platform.redhat" ],

34
debian/patches/check-dbus-before-starting.diff vendored Normal file
View File

@ -0,0 +1,34 @@
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -372,10 +372,11 @@ def uninstall(options, env):
# Always start certmonger. We can't untrack something if it isn't
# running
messagebus = ipaservices.knownservices.messagebus
- try:
- messagebus.start()
- except Exception, e:
- log_service_error(messagebus.service_name, 'start', e)
+ if not messagebus.is_running():
+ try:
+ messagebus.start()
+ except Exception, e:
+ log_service_error(messagebus.service_name, 'start', e)
cmonger = ipaservices.knownservices.certmonger
try:
@@ -970,10 +971,11 @@ def configure_certmonger(fstore, subject
principal = 'host/%s@%s' % (hostname, cli_realm)
messagebus = ipaservices.knownservices.messagebus
- try:
- messagebus.start()
- except Exception, e:
- log_service_error(messagebus.service_name, 'start', e)
+ if not messagebus.is_running():
+ try:
+ messagebus.start()
+ except Exception, e:
+ log_service_error(messagebus.service_name, 'start', e)
# Ensure that certmonger has been started at least once to generate the
# cas files in /var/lib/certmonger/cas.

11
debian/patches/correct-python-path.diff vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/Makefile
+++ b/Makefile
@@ -50,7 +50,7 @@ ifneq ($(DEVELOPER_MODE),0)
LINT_OPTIONS=--no-fail
endif
-PYTHON ?= $(shell rpm -E %__python)
+PYTHON ?= $(shell rpm -E %__python || echo /usr/bin/python)
# Uncomment to increase Java stack size for Web UI build in case it fails
# because of stack overflow exception. Default should be OK for most platforms.

15
debian/patches/dont-check-for-systemd-pc.diff vendored Normal file
View File

@ -0,0 +1,15 @@
avoid build-dependency on systemd, which doesn't exist on ubuntu
diff --git a/daemons/configure.ac b/daemons/configure.ac
index e57dad2..9ca5198 100644
--- a/daemons/configure.ac
+++ b/daemons/configure.ac
@@ -232,7 +232,7 @@ PKG_CHECK_MODULES([SSSNSSIDMAP], [sss_nss_idmap])
dnl ---------------------------------------------------------------------------
dnl - Check for systemd unit directory
dnl ---------------------------------------------------------------------------
-PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])])
+dnl PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])])
AC_ARG_WITH([systemdsystemunitdir],
AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
[], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)])

11
debian/patches/dont-search-platform-path.diff vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/ipapython/py_default_encoding/setup.py
+++ b/ipapython/py_default_encoding/setup.py
@@ -22,7 +22,7 @@ from distutils.sysconfig import get_pyth
import sys
import os
-python_header = os.path.join(get_python_inc(plat_specific=1), 'Python.h')
+python_header = os.path.join(get_python_inc(plat_specific=0), 'Python.h')
if not os.path.exists(python_header):
sys.exit("Cannot find Python development packages that provide Python.h")

14
debian/patches/fix-install-layout.diff vendored Normal file
View File

@ -0,0 +1,14 @@
--- a/Makefile
+++ b/Makefile
@@ -82,9 +82,9 @@ client-install: client client-dirs
done
cd install/po && $(MAKE) install || exit 1;
if [ "$(DESTDIR)" = "" ]; then \
- $(PYTHON) setup-client.py install; \
+ $(PYTHON) setup-client.py install --install-layout=deb; \
else \
- $(PYTHON) setup-client.py install --root $(DESTDIR); \
+ $(PYTHON) setup-client.py install --install-layout=deb --root $(DESTDIR); \
fi
client-dirs:

11
debian/patches/fix-ldap-conf-path.diff vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -854,7 +854,7 @@ def configure_openldap_conf(fstore, cli_
{'action':'addifnotset', 'name':'TLS_CACERT', 'type':'option',
'value':CACERT},]
- target_fname = '/etc/openldap/ldap.conf'
+ target_fname = '/etc/ldap/ldap.conf'
fstore.backup_file(target_fname)
error_msg = "Configuring {path} failed with: {err}"

13
debian/patches/fix-ntpdate-opts.diff vendored Normal file
View File

@ -0,0 +1,13 @@
Our ntp isn't patched to drop privileges.
--- a/ipa-client/ipaclient/ntpconf.py
+++ b/ipa-client/ipaclient/ntpconf.py
@@ -147,7 +147,7 @@ def synconce_ntp(server_fqdn):
if os.path.exists(ntpdate):
# retry several times -- logic follows /etc/init.d/ntpdate
# implementation
- cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", server_fqdn]
+ cmd = [ntpdate, "-s", "-b", "-v", server_fqdn]
for retry in range(0, 3):
try:
ipautil.run(cmd)

74
debian/patches/fix-portability-of-nss.diff vendored Normal file
View File

@ -0,0 +1,74 @@
From 2d9e290970e71d373b91cd0cd1db52b991636889 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 28 Nov 2013 15:32:07 +0100
Subject: [PATCH] BUILD: Fix portability of NSS in file ipa_pwd.c
---
daemons/ipa-kdb/Makefile.am | 4 +++-
daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am | 1 +
util/ipa_pwd.c | 8 ++++----
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am
index dc543dd..b3d6a1b 100644
--- a/daemons/ipa-kdb/Makefile.am
+++ b/daemons/ipa-kdb/Makefile.am
@@ -21,6 +21,7 @@ AM_CPPFLAGS = \
$(KRB5_CFLAGS) \
$(WARN_CFLAGS) \
$(NDRPAC_CFLAGS) \
+ $(NSS_CFLAGS) \
$(NULL)
plugindir = $(libdir)/krb5/plugins/kdb
@@ -51,6 +52,7 @@ ipadb_la_LIBADD = \
$(LDAP_LIBS) \
$(NDRPAC_LIBS) \
$(UNISTRING_LIBS) \
+ $(NSS_LIBS) \
$(NULL)
if HAVE_CHECK
@@ -77,7 +79,7 @@ ipa_kdb_tests_LDADD = \
$(KRB5_LIBS) \
$(LDAP_LIBS) \
$(NDRPAC_LIBS) \
- -lnss3 \
+ $(NSS_LIBS) \
-lkdb5 \
-lsss_idmap \
$(NULL)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
index b53b2e1..3323d72 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
@@ -22,6 +22,7 @@ AM_CPPFLAGS = \
$(LDAP_CFLAGS) \
$(KRB5_CFLAGS) \
$(SSL_CFLAGS) \
+ $(NSS_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
diff --git a/util/ipa_pwd.c b/util/ipa_pwd.c
index 761d1ef..f6564c8 100644
--- a/util/ipa_pwd.c
+++ b/util/ipa_pwd.c
@@ -27,10 +27,10 @@
#include <stdio.h>
#include <time.h>
#include <ctype.h>
-#include <nss3/nss.h>
-#include <nss3/nssb64.h>
-#include <nss3/hasht.h>
-#include <nss3/pk11pub.h>
+#include <nss.h>
+#include <nssb64.h>
+#include <hasht.h>
+#include <pk11pub.h>
#include <errno.h>
#include "ipa_pwd.h"
--
1.8.4.2

11
debian/patches/fix-pykerberos-api.diff vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -380,7 +380,7 @@ class KerbTransport(SSLTransport):
service = "HTTP@" + host.split(':')[0]
try:
- (rc, vc) = kerberos.authGSSClientInit(service, self.flags)
+ (rc, vc) = kerberos.authGSSClientInit(service, gssflags=self.flags)
except kerberos.GSSError, e:
self._handle_exception(e)

22
debian/patches/fix-symlink-exclusion.diff vendored Normal file
View File

@ -0,0 +1,22 @@
Description: Don't exclude symlinks when loading plugins
FreeIPA uses custom helpers to enumerate and load plugins. These plugins,
provided by the ipalib module, are excluded due to being symlinked in from
/usr/lib/pyshared as part of the dh_python2 installation process.
.
This change can probably be submitted upstream, but I have no idea why the
original author would exclude symlinks in the first place, nor why a custom
loader is being used.
Author: Nick Hatch <nicholas.hatch@gmail.com>
Last-Update: 2013-03-20
--- freeipa.orig/ipalib/util.py
+++ freeipa/ipalib/util.py
@@ -81,7 +81,7 @@
if not name.endswith(suffix):
continue
pyfile = os.path.join(src_dir, name)
- if os.path.islink(pyfile) or not os.path.isfile(pyfile):
+ if not os.path.isfile(pyfile):
continue
module = name[:-len(suffix)]
if module == '__init__':

21
debian/patches/include-ldflags-otpd.diff vendored Normal file
View File

@ -0,0 +1,21 @@
commit 75dadc1d8ffc3ac84c4b1988c266ef60de1a6cfe
Author: Jan Cholasta <jcholast@redhat.com>
Date: Wed Dec 4 18:39:44 2013 +0100
Include LDFLAGS provided by rpmbuild in global LDFLAGS in the spec file.
Remove explicitly specified hardening flags from LDFLAGS in ipa-otpd.
https://fedorahosted.org/freeipa/ticket/3896
diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
index f0b7528..ed99c3e 100644
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -1,5 +1,5 @@
AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@
-AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ -pie -Wl,-z,relro -Wl,-z,now
+AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@
noinst_HEADERS = internal.h
libexec_PROGRAMS = ipa-otpd

11
debian/patches/no-test-lang.diff vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/Makefile
+++ b/Makefile
@@ -98,7 +98,7 @@ client-dirs:
lint: bootstrap-autogen
./make-lint $(LINT_OPTIONS)
- $(MAKE) -C install/po validate-src-strings
+# $(MAKE) -C install/po validate-src-strings
test:

18
debian/patches/no-testcert.patch vendored Normal file
View File

@ -0,0 +1,18 @@
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Tue Nov 1 11:48:27 2011 -0400
Add no-testcert.patch to not fail make-testcert.
they need a working certificate server running
--- a/Makefile
+++ b/Makefile
@@ -102,7 +102,7 @@ lint: bootstrap-autogen
test:
- ./make-testcert
+# ./make-testcert
./make-test
release-update:

26
debian/patches/port-ipa-client-automount.diff vendored Normal file
View File

@ -0,0 +1,26 @@
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount
index 3952642..e7b843e 100755
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -39,10 +39,10 @@ from ipapython.ipa_log_manager import *
from ipapython.dn import DN
from ipapython import services as ipaservices
-AUTOFS_CONF = '/etc/sysconfig/autofs'
+AUTOFS_CONF = '/etc/default/autofs'
NSSWITCH_CONF = '/etc/nsswitch.conf'
AUTOFS_LDAP_AUTH = '/etc/autofs_ldap_auth.conf'
-NFS_CONF = '/etc/sysconfig/nfs'
+NFS_CONF = '/etc/default/nfs-common'
IDMAPD_CONF = '/etc/idmapd.conf'
def parse_options():
@@ -309,7 +309,7 @@ def configure_nfs(fstore, statestore):
Configure secure NFS
"""
replacevars = {
- 'SECURE_NFS': 'yes',
+ 'NEED_GSSD': 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
NFS_CONF, replacevars=replacevars)

38
debian/patches/prefix.patch vendored Normal file
View File

@ -0,0 +1,38 @@
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Mon Jan 2 16:09:40 2012 +0200
use the debian layout when installing python modules
--- a/Makefile
+++ b/Makefile
@@ -153,7 +153,7 @@ server-install: server
if [ "$(DESTDIR)" = "" ]; then \
$(PYTHON) setup.py install; \
else \
- $(PYTHON) setup.py install --root $(DESTDIR); \
+ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
tests: version-update tests-man-autogen
--- a/ipapython/Makefile
+++ b/ipapython/Makefile
@@ -14,7 +14,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
python setup.py install; \
else \
- python setup.py install --root $(DESTDIR); \
+ python setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
--- a/ipapython/py_default_encoding/Makefile
+++ b/ipapython/py_default_encoding/Makefile
@@ -9,7 +9,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
python setup.py install; \
else \
- python setup.py install --root $(DESTDIR); \
+ python setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
clean:

21
debian/patches/series vendored Normal file
View File

@ -0,0 +1,21 @@
# not upstreamable
no-testcert.patch
prefix.patch
no-test-lang.diff
fix-install-layout.diff
fix-ntpdate-opts.diff
fix-ldap-conf-path.diff
port-ipa-client-automount.diff
dont-check-for-systemd-pc.diff
fix-portability-of-nss.diff
# send upstream
correct-python-path.diff
dont-search-platform-path.diff
fix-symlink-exclusion.diff
check-dbus-before-starting.diff
add-debian-platform.diff
use-new-nssdb.diff
include-ldflags-otpd.diff
fix-pykerberos-api.diff

49
debian/patches/use-new-nssdb.diff vendored Normal file
View File

@ -0,0 +1,49 @@
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -201,7 +201,7 @@ def log_service_error(name, action, erro
root_logger.error("%s failed to %s: %s", name, action, str(error))
def nickname_exists(nickname):
- (sout, serr, returncode) = run(["/usr/bin/certutil", "-L", "-d", "/etc/pki/nssdb", "-n", nickname], raiseonerr=False)
+ (sout, serr, returncode) = run(["/usr/bin/certutil", "-L", "-d", "sql:/etc/pki/nssdb", "-n", nickname], raiseonerr=False)
if returncode == 0:
return True
@@ -365,7 +365,7 @@ def uninstall(options, env):
# Remove our host cert and CA cert
if nickname_exists("IPA CA"):
try:
- run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", "IPA CA"])
+ run(["/usr/bin/certutil", "-D", "-d", "sql:/etc/pki/nssdb", "-n", "IPA CA"])
except Exception, e:
root_logger.error(
"Failed to remove IPA CA from /etc/pki/nssdb: %s", str(e))
@@ -393,7 +393,7 @@ def uninstall(options, env):
if nickname_exists(client_nss_nickname):
try:
- run(["/usr/bin/certutil", "-D", "-d", "/etc/pki/nssdb", "-n", client_nss_nickname])
+ run(["/usr/bin/certutil", "-D", "-d", "sql:/etc/pki/nssdb", "-n", client_nss_nickname])
except Exception, e:
root_logger.error("Failed to remove %s from /etc/pki/nssdb: %s",
client_nss_nickname, str(e))
@@ -2297,7 +2297,7 @@ def install(options, env, fstore, states
# Add the CA to the default NSS database and trust it
try:
- run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", CACERT])
+ run(["/usr/bin/certutil", "-A", "-d", "sql:/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", CACERT])
except CalledProcessError, e:
root_logger.info("Failed to add CA to the default NSS database.")
return CLIENT_INSTALL_ERROR
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -322,7 +322,7 @@ class SSLTransport(LanguageAwareTranspor
if self._connection and host == self._connection[0]:
return self._connection[1]
- dbdir = '/etc/pki/nssdb'
+ dbdir = 'sql:/etc/pki/nssdb'
no_init = self.__nss_initialized(dbdir)
if sys.version_info < (2, 7):
conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init)

9
debian/python-freeipa.install vendored Normal file
View File

@ -0,0 +1,9 @@
usr/lib/python*/dist-packages/ipalib/*
usr/lib/python*/dist-packages/ipapython/*.py
usr/lib/python*/dist-packages/ipapython/platform/*.py
usr/lib/python*/dist-packages/ipapython/platform/*/*.py
usr/lib/python*/dist-packages/default_encoding_utf8.so
usr/lib/python*/dist-packages/freeipa-*.egg-info
usr/lib/python*/dist-packages/ipapython-*.egg-info
usr/lib/python*/dist-packages/python_default_encoding-*.egg-info
usr/share/locale

73
debian/rules vendored Executable file
View File

@ -0,0 +1,73 @@
#!/usr/bin/make -f
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
ONLY_CLIENT=0
DESTDIR=$(CURDIR)/debian/tmp
PLATFORM="SUPPORTED_PLATFORM=debian"
override_dh_auto_clean:
for i in daemons install ipapython ipaserver ipa-client; do \
(cd $$i && [ ! -f Makefile ] || $(MAKE) distclean); \
(cd $$i && rm -f COPYING INSTALL depcomp install-sh missing py-compile config.guess config.sub aclocal.m4 config.h.in version.m4); \
done
find . -name "*.pyo" -o -name "*.pyc" -type f -exec rm -f "{}" \;
find . -name "ltmain.sh" -exec rm -f "{}" \;
find . -name "configure" -exec rm -f "{}" \;
rm -rf daemons/ipa-version.h freeipa.spec freeipa.egg-info ipa-client/ipa-client.spec version.m4
rm -rf ipapython/build RELEASE build
dh_clean
rm -rf $(DESTDIR)
override_dh_autoreconf:
make IPA_VERSION_IS_GIT_SNAPSHOT=no version-update
dh_autoreconf; cd ..
override_dh_auto_configure:
dh_auto_configure -Dipa-client
ifneq ($(ONLY_CLIENT), 1)
dh_auto_configure -Ddaemons -- \
--with-openldap \
--with-systemdsystemunitdir=/lib/systemd/system
dh_auto_configure -Dinstall
endif
override_dh_auto_build:
ifneq ($(ONLY_CLIENT), 1)
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no all
# cd selinux ; make all
else
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client
endif
# tests would just fail, they need a proper environment with 389 running et al
override_dh_auto_test:
override_dh_auto_install:
ifneq ($(ONLY_CLIENT), 1)
# Force re-generate of platform support
rm -f ipapython/services.py
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR)
# cd selinux
# make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR)
cd ..
install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/etc/bash_completion.d/ipa
else
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client-install DESTDIR=$(DESTDIR)
endif
# purge .la files
find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \;
# purge precompiled .pyc/.pyo files
find $(CURDIR)/debian/tmp -name '*.py[c,o]' -exec rm '{}' ';'
# fix permissions
find $(CURDIR)/debian/tmp -name "*.mo" -type f -exec chmod -x "{}" \;
dh_install --list-missing
%:
dh $@ --with quilt,autoreconf,python2

2
debian/source/format vendored Normal file
View File

@ -0,0 +1,2 @@
3.0 (quilt)

2
debian/watch vendored Normal file
View File

@ -0,0 +1,2 @@
version=3
http://freeipa.org/page/Downloads http://freeipa.org/downloads/src/freeipa-(.+).tar.gz