Fix compatibility with Fedora 18.

We need a Requires on openssl, the mod_rewrite syntax has changed so
we can dump some unused configuration and we need a newer version of
mod_auth_kerb to pick up the new location of delegated ccache.

https://fedorahosted.org/freeipa/ticket/2839

freeipa.spec.in

@@ -112,7 +112,11 @@ Requires: cyrus-sasl-gssapi%{?_isa}
 Requires: ntp
 Requires: httpd
 Requires: mod_wsgi
+%if 0%{?fedora} >= 18
+Requires: mod_auth_kerb >= 5.4-16
+%else
 Requires: mod_auth_kerb >= 5.4-8
+%endif
 Requires: mod_nss >= 1.0.8-10
 Requires: python-ldap
 Requires: python-krbV
@@ -145,10 +149,14 @@ Requires: pki-silent >= 9.0.18
 Requires: pki-setup  >= 9.0.18
 Requires: dogtag-pki-common-theme
 Requires: dogtag-pki-ca-theme
+%if 0%{?fedora} >= 18
+Requires: tomcat6 >= 6.0.35-4
+%else
 %if 0%{?fedora} >= 16
 # Only tomcat6 greater than this version provides proper systemd support
 Requires: tomcat6 >= 6.0.32-17
 %endif
+%endif
 %if 0%{?rhel}
 Requires: subscription-manager
 %endif
@@ -735,6 +743,11 @@ fi
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
 
 %changelog
+* Fri Jun 29 2012 Rob Crittenden <rcritten@redhat.com> - 2.99.0-37
+- Add Requires on openssl
+- Set minimum tomcat6 to 6.0.35-4 in F-18
+- Set minimum mod_auth_kerb to 5.4-16 in F-18
+
 * Fri Jun 21 2012 Sumit Bose <sbose@redhat.com> - 2.99.0-36
 - Add extdom extop plugin
 

install/conf/ipa-rewrite.conf

@@ -1,9 +1,6 @@
-# VERSION 2 - DO NOT REMOVE THIS LINE
+# VERSION 3 - DO NOT REMOVE THIS LINE
 
 RewriteEngine on
-RewriteLog /var/log/httpd/rewrite.log
-RewriteLogLevel 0
-
 
 # By default forward all requests to /ipa. If you don't want IPA
 # to be the default on your web server comment this line out.

install/tools/ipa-upgradeconfig

@@ -125,6 +125,26 @@ def find_hostname():
 
     raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename)
 
+def find_autoredirect(fqdn):
+    """
+    When upgrading ipa-rewrite.conf we need to see if the automatic redirect
+    was disabled during install time (or afterward). So sift through the
+    configuration file and see if we can determine the status.
+
+    Returns True if autoredirect is enabled, False otherwise
+    """
+    filename = '/etc/httpd/conf.d/ipa-rewrite.conf'
+    if os.path.exists(filename):
+        pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn
+        p = re.compile(pattern)
+        for line in fileinput.input(filename):
+            if p.search(line):
+                fileinput.close()
+                return True
+        fileinput.close()
+        return False
+    return True
+
 def find_version(filename):
     """Find the version of a configuration file"""
     if os.path.exists(filename):
@@ -386,7 +406,8 @@ def main():
 
     check_certs()
 
-    sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn }
+    auto_redirect = find_autoredirect(fqdn)
+    sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect else '#'}
 
     upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
     upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")