IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Update to current ipa-4-3

Browse Source 
refresh patches
drop upstreamed & obsolete ones
etc
This commit is contained in:
Timo Aaltonen
2016-03-08 21:08:45 +02:00
parent da455e21fd
commit 77e0d8aaf0
11 changed files with 37 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
debian/changelog vendored
View File

@@ -1,6 +1,8 @@
freeipa (4.3.0-1) UNRELEASED; urgency=medium freeipa (4.3.0+git20160302-1) UNRELEASED; urgency=medium
* New upstream release. * New upstream snapshot.
- refresh patches
- drop no-test-lang.diff, obsolete
* fix-match-hostname.diff, control: Drop the patch and python-openssl * fix-match-hostname.diff, control: Drop the patch and python-openssl
deps, not needed anymore deps, not needed anymore
* *.install: Updated. * *.install: Updated.
@@ -53,11 +55,8 @@ freeipa (4.3.0-1) UNRELEASED; urgency=medium
multiarch path to avoid hacking the code too much. multiarch path to avoid hacking the code too much.
* fix-ipa-otpd-install.diff, rules, server.install: Put ipa-otpd in * fix-ipa-otpd-install.diff, rules, server.install: Put ipa-otpd in
/usr/lib/ipa instead of directly under multiarch lib path. /usr/lib/ipa instead of directly under multiarch lib path.
* fix-certmonger-script-install.diff: Install certmonger scripts under
/usr/lib/ipa instead of multiarch path.
* control, server*.install: Move dirsrv plugins from server-trust-ad * control, server*.install: Move dirsrv plugins from server-trust-ad
to server, needed on upgrades even if trust-ad isn't set up. to server, needed on upgrades even if trust-ad isn't set up.
* user-httpd-user.diff: Patch dogtaginstance.py to use HTTPD_USER.
* control: Add pki-tools to python-ipaserver deps. * control: Add pki-tools to python-ipaserver deps.
* server: Enable mod_proxy_ajp and mod_proxy_http on postinst, disable * server: Enable mod_proxy_ajp and mod_proxy_http on postinst, disable
on postrm. on postrm.

6
debian/patches/add-debian-platform.diff vendored
View File

@@ -657,7 +657,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
srv_vals.append("0.%s.pool.ntp.org" % os) srv_vals.append("0.%s.pool.ntp.org" % os)
--- a/ipaserver/install/ldapupdate.py --- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py
@@ -332,9 +332,9 @@ class LDAPUpdate: @@ -335,9 +335,9 @@ class LDAPUpdate:
bits = platform.architecture()[0] bits = platform.architecture()[0]
if bits == "64bit": if bits == "64bit":
@@ -671,7 +671,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
try: try:
--- a/ipaserver/install/httpinstance.py --- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py
@@ -168,6 +168,7 @@ class HTTPInstance(service.Service): @@ -183,6 +183,7 @@ class HTTPInstance(service.Service):
self.step("create KDC proxy user", create_kdcproxy_user) self.step("create KDC proxy user", create_kdcproxy_user)
self.step("create KDC proxy config", self.create_kdcproxy_conf) self.step("create KDC proxy config", self.create_kdcproxy_conf)
self.step("enable KDC proxy", self.enable_kdcproxy) self.step("enable KDC proxy", self.enable_kdcproxy)
@@ -679,7 +679,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
self.step("restarting httpd", self.__start) self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable) self.step("configuring httpd to start on boot", self.__enable)
self.step("enabling oddjobd", self.enable_and_start_oddjobd) self.step("enabling oddjobd", self.enable_and_start_oddjobd)
@@ -483,6 +484,8 @@ class HTTPInstance(service.Service): @@ -502,6 +503,8 @@ class HTTPInstance(service.Service):
except Exception: except Exception:
pass pass

60
debian/patches/fix-certmonger-script-install.diff vendored
View File

@@ -1,60 +0,0 @@
--- a/install/restart_scripts/Makefile.am
+++ b/install/restart_scripts/Makefile.am
@@ -1,6 +1,6 @@
NULL =
-appdir = $(libdir)/ipa/certmonger
+appdir = $(libexecdir)/ipa/certmonger
app_DATA = \
restart_dirsrv \
restart_httpd \
--- a/ipapython/certmonger.py
+++ b/ipapython/certmonger.py
@@ -492,19 +492,11 @@ def dogtag_start_tracking(ca, nickname,
params['KEY_PIN_FILE'] = os.path.abspath(pinfile)
if pre_command:
if not os.path.isabs(pre_command):
- if sys.maxsize > 2**32:
- libpath = 'lib64'
- else:
- libpath = 'lib'
- pre_command = certmonger_cmd_template % (libpath, pre_command)
+ pre_command = certmonger_cmd_template % (pre_command)
params['cert-presave-command'] = pre_command
if post_command:
if not os.path.isabs(post_command):
- if sys.maxsize > 2**32:
- libpath = 'lib64'
- else:
- libpath = 'lib'
- post_command = certmonger_cmd_template % (libpath, post_command)
+ post_command = certmonger_cmd_template % (post_command)
params['cert-postsave-command'] = post_command
if profile:
params['ca-profile'] = profile
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -149,7 +149,7 @@ class BasePathNamespace(object):
TMP_CA_P12 = "/tmp/ca.p12"
TMP_KRB5CC = "/tmp/krb5cc_%d"
USR_DIR = "/usr"
- CERTMONGER_COMMAND_TEMPLATE = "/usr/%s/ipa/certmonger/%s"
+ CERTMONGER_COMMAND_TEMPLATE = "/usr/libexec/ipa/certmonger/%s"
PKCS12EXPORT = "/usr/bin/PKCS12Export"
CERTUTIL = "/usr/bin/certutil"
CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -297,11 +297,7 @@ class CertDB(object):
/usr/lib[64]/ipa/certmonger.
"""
if command is not None and not os.path.isabs(command):
- if sys.maxsize > 2**32:
- libpath = 'lib64'
- else:
- libpath = 'lib'
- command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, command)
+ command = paths.CERTMONGER_COMMAND_TEMPLATE % (command)
try:
request_id = certmonger.start_tracking(nickname, self.secdir, password_file, command)
except RuntimeError as e:

2
debian/patches/fix-replicainstall.diff vendored
View File

@@ -1,6 +1,6 @@
--- a/ipaserver/install/server/replicainstall.py --- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py
@@ -990,7 +990,7 @@ def promote_check(installer): @@ -1073,7 +1073,7 @@ def promote_check(installer):
raise RuntimeError("CA cert file is not available! Please reinstall" raise RuntimeError("CA cert file is not available! Please reinstall"
"the client and try again.") "the client and try again.")

16
debian/patches/ipaplatform-Move-remaining-user-group-constants-to-i.patch vendored
View File

@@ -177,7 +177,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{') named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{')
named_conf_section_options_start_re = re.compile('\s*options\s+{') named_conf_section_options_start_re = re.compile('\s*options\s+{')
@@ -607,7 +608,7 @@ class BindInstance(service.Service): @@ -611,7 +612,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix') suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp, def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
@@ -186,7 +186,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
ca_configured=None, no_dnssec_validation=False): ca_configured=None, no_dnssec_validation=False):
self.named_user = named_user self.named_user = named_user
self.fqdn = fqdn self.fqdn = fqdn
@@ -1258,4 +1259,4 @@ class BindInstance(service.Service): @@ -1262,4 +1263,4 @@ class BindInstance(service.Service):
self.named_regular.start() self.named_regular.start()
installutils.remove_keytab(paths.NAMED_KEYTAB) installutils.remove_keytab(paths.NAMED_KEYTAB)
@@ -212,7 +212,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
def check_port(): def check_port():
""" """
@@ -918,7 +920,7 @@ class CAInstance(DogtagInstance): @@ -921,7 +923,7 @@ class CAInstance(DogtagInstance):
os.chmod(self.ra_agent_db + "/key3.db", 0o640) os.chmod(self.ra_agent_db + "/key3.db", 0o640)
os.chmod(self.ra_agent_db + "/secmod.db", 0o640) os.chmod(self.ra_agent_db + "/secmod.db", 0o640)
@@ -231,7 +231,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
def get_cert_nickname(cert): def get_cert_nickname(cert):
""" """
@@ -513,7 +514,7 @@ class CertDB(object): @@ -512,7 +513,7 @@ class CertDB(object):
f.write(pwdfile.read()) f.write(pwdfile.read())
f.close() f.close()
pwdfile.close() pwdfile.close()
@@ -251,7 +251,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
def _find_dnssec_enabled_zones(conn): def _find_dnssec_enabled_zones(conn):
search_kw = {'idnssecinlinesigning': True} search_kw = {'idnssecinlinesigning': True}
@@ -239,8 +241,8 @@ def install_check(standalone, replica, o @@ -231,8 +233,8 @@ def install_check(standalone, api, repli
dnskeysyncd.stop() dnskeysyncd.stop()
try: try:
ipautil.run(cmd, env=environment, ipautil.run(cmd, env=environment,
@@ -387,8 +387,8 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
HTTPD_USER = constants.HTTPD_USER HTTPD_USER = constants.HTTPD_USER
+KDCPROXY_USER = constants.KDCPROXY_USER +KDCPROXY_USER = constants.KDCPROXY_USER
def httpd_443_configured(): # See contrib/nsscipersuite/nssciphersuite.py
""" NSS_CIPHER_SUITE = [
--- a/ipaserver/install/ipa_backup.py --- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py
@@ -24,8 +24,9 @@ import tempfile @@ -24,8 +24,9 @@ import tempfile
@@ -661,7 +661,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
class KpasswdInstance(service.SimpleServiceInstance): class KpasswdInstance(service.SimpleServiceInstance):
def __init__(self): def __init__(self):
@@ -929,7 +931,7 @@ def copy_crl_file(old_path, new_path=Non @@ -945,7 +947,7 @@ def copy_crl_file(old_path, new_path=Non
os.symlink(realpath, new_path) os.symlink(realpath, new_path)
else: else:
shutil.copy2(old_path, new_path) shutil.copy2(old_path, new_path)

11
debian/patches/no-test-lang.diff vendored
View File

@@ -1,11 +0,0 @@
--- a/Makefile
+++ b/Makefile
@@ -125,7 +125,7 @@ client-dirs:
lint: bootstrap-autogen
./make-lint $(LINT_OPTIONS)
- $(MAKE) -C install/po validate-src-strings
+# $(MAKE) -C install/po validate-src-strings
test:

48
debian/patches/prefix.patch vendored
View File

@@ -5,23 +5,19 @@ use the debian layout when installing python modules
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -107,11 +107,11 @@ client-install: client client-dirs @@ -113,9 +113,9 @@ client-install: client client-dirs
done
cd install/po && $(MAKE) install || exit 1; cd install/po && $(MAKE) install || exit 1;
@for subdir in $(CLIENTPYDIRS); do \
if [ "$(DESTDIR)" = "" ]; then \ if [ "$(DESTDIR)" = "" ]; then \
- $(PYTHON) setup-client.py install; \ - (cd $$subdir && $(PYTHON) setup.py install); \
- (cd ipaplatform && $(PYTHON) setup.py install); \ + (cd $$subdir && $(PYTHON) setup.py install --install-layout=deb); \
+ $(PYTHON) setup-client.py install --install-layout=deb; \
+ (cd ipaplatform && $(PYTHON) setup.py install --install-layout=deb); \
else \ else \
- $(PYTHON) setup-client.py install --root $(DESTDIR); \ - (cd $$subdir && $(PYTHON) setup.py install --root $(DESTDIR)); \
- (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR)); \ + (cd $$subdir && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \
+ $(PYTHON) setup-client.py install --root $(DESTDIR) --install-layout=deb; \ fi \
+ (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \ done
fi
client-dirs: @@ -198,11 +198,11 @@ server: version-update
@@ -187,11 +187,11 @@ server: version-update
server-install: server server-install: server
if [ "$(DESTDIR)" = "" ]; then \ if [ "$(DESTDIR)" = "" ]; then \
@@ -37,7 +33,7 @@ use the debian layout when installing python modules
fi fi
tests: version-update tests-man-autogen tests: version-update tests-man-autogen
@@ -202,7 +202,7 @@ tests-install: tests @@ -213,7 +213,7 @@ tests-install: tests
if [ "$(DESTDIR)" = "" ]; then \ if [ "$(DESTDIR)" = "" ]; then \
cd ipatests; $(PYTHON) setup.py install; \ cd ipatests; $(PYTHON) setup.py install; \
else \ else \
@@ -48,7 +44,7 @@ use the debian layout when installing python modules
--- a/ipapython/Makefile --- a/ipapython/Makefile
+++ b/ipapython/Makefile +++ b/ipapython/Makefile
@@ -15,7 +15,7 @@ install: @@ -13,7 +13,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \ if [ "$(DESTDIR)" = "" ]; then \
$(PYTHON) setup.py install; \ $(PYTHON) setup.py install; \
else \ else \
@@ -57,28 +53,6 @@ use the debian layout when installing python modules
fi fi
@for subdir in $(SUBDIRS); do \ @for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \ (cd $$subdir && $(MAKE) $@) || exit 1; \
--- a/ipapython/py_default_encoding/Makefile
+++ b/ipapython/py_default_encoding/Makefile
@@ -13,7 +13,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
python2 setup.py install; \
else \
- python2 setup.py install --root $(DESTDIR); \
+ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \
fi; \
fi
--- a/ipapython/ipap11helper/Makefile
+++ b/ipapython/ipap11helper/Makefile
@@ -8,7 +8,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
$(PYTHON) setup.py install; \
else \
- $(PYTHON) setup.py install --root $(DESTDIR); \
+ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
clean:
--- a/ipalib/Makefile --- a/ipalib/Makefile
+++ b/ipalib/Makefile +++ b/ipalib/Makefile
@@ -12,7 +12,7 @@ install: @@ -12,7 +12,7 @@ install:

3
debian/patches/series vendored
View File

@@ -3,15 +3,12 @@
# not upstreamable # not upstreamable
work-around-apache-fail.diff work-around-apache-fail.diff
prefix.patch prefix.patch
no-test-lang.diff
# send upstream # send upstream
add-debian-platform.diff add-debian-platform.diff
fix-ipa-conf.diff fix-ipa-conf.diff
fix-kdcproxy-paths.diff fix-kdcproxy-paths.diff
fix-ipa-otpd-install.diff fix-ipa-otpd-install.diff
fix-certmonger-script-install.diff
use-httpd-user.diff
fix-custodia-conf.diff fix-custodia-conf.diff
fix-replicainstall.diff fix-replicainstall.diff
ipaplatform-Move-remaining-user-group-constants-to-i.patch ipaplatform-Move-remaining-user-group-constants-to-i.patch

28
debian/patches/use-httpd-user.diff vendored
View File

@@ -1,28 +0,0 @@
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -34,6 +34,7 @@ from ipalib import errors
from ipaplatform import services
from ipaplatform.paths import paths
+from ipaplatform.constants import constants
from ipapython import certmonger
from ipapython import ipaldap
from ipapython import ipautil
@@ -45,7 +46,7 @@ from ipaserver.install.installutils impo
from ipapython.ipa_log_manager import log_mgr
PKI_USER = "pkiuser"
-
+HTTPD_USER = constants.HTTPD_USER
def get_security_domain():
"""
@@ -87,7 +88,7 @@ def export_kra_agent_pem():
"--client-cert", filename]
ipautil.run(args)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam(HTTPD_USER)
os.chown(filename, 0, pent.pw_gid)
os.chmod(filename, 0o440)

14
debian/patches/work-around-apache-fail.diff vendored
View File

@@ -1,7 +1,7 @@
Description: service apache2 restart fails on sid, so don't do that Description: service apache2 restart fails on sid, so don't do that
--- a/ipaserver/install/httpinstance.py --- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py
@@ -176,7 +176,8 @@ class HTTPInstance(service.Service): @@ -191,7 +191,8 @@ class HTTPInstance(service.Service):
def __start(self): def __start(self):
self.backup_state("running", self.is_running()) self.backup_state("running", self.is_running())
@@ -21,11 +21,11 @@ Description: service apache2 restart fails on sid, so don't do that
+ http.stop() + http.stop()
+ http.start() + http.start()
return 0 # execute ipactl to refresh services status
ipautil.run(['ipactl', 'start', '--ignore-service-failures'],
--- a/ipaserver/install/server/install.py --- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py
@@ -967,7 +967,8 @@ def install(installer): @@ -999,7 +999,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration # Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server") service.print_msg("Restarting the web server")
@@ -33,11 +33,11 @@ Description: service apache2 restart fails on sid, so don't do that
+ http.stop() + http.stop()
+ http.start() + http.start()
if setup_kra: # update DNA shared config entry is done as far as possible
kra.install(api, None, options) # from restart to avoid waiting for its creation
--- a/ipaserver/install/server/replicainstall.py --- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py
@@ -777,7 +777,8 @@ def install(installer): @@ -856,7 +856,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration # Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server") service.print_msg("Restarting the web server")

2
debian/rules vendored
View File

@@ -16,7 +16,7 @@ export JAVA_STACK_SIZE
SOURCE = freeipa SOURCE = freeipa
gentarball: UV=$(shell dpkg-parsechangelog|awk '/^Version:/ {print $$2}'|sed 's/-.*$$//') gentarball: UV=$(shell dpkg-parsechangelog|awk '/^Version:/ {print $$2}'|sed 's/-.*$$//')
gentarball: gentarball:
git archive --format=tar upstream --prefix=$(SOURCE)-$(UV)/ | xz --best > ../$(SOURCE)_$(UV).orig.tar.xz git archive --format=tar experimental --prefix=$(SOURCE)-$(UV)/ | xz --best > ../$(SOURCE)_$(UV).orig.tar.xz
override_dh_auto_clean: override_dh_auto_clean:
for i in daemons install ipapython ipaserver ipa-client; do \ for i in daemons install ipapython ipaserver ipa-client; do \