IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

a bunch of changes

Browse Source 
* update platform code
* refresh patches
* bump dependencies
* create /run/ipa, /run/ipa_memcached on postinst so installer
  works OOTB
* split tmpfiles.d conf for client and server
* clean up cruft on purge
* add new files to install
* rename ipa-memcached to ipa_memcached to match upstream
* link customizable web files to /etc/ipa/html
* fix apache module enabling and disabling in postinst/prerm
* fix apache ipa.conf paths
* don't bother installing any apache configs, installer creates and
  removes them
This commit is contained in:
Timo Aaltonen 2014-10-21 00:02:15 +03:00
parent 2480ff9cdb
commit a80e971bab
15 changed files with 201 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
debian/control vendored
View File

@ -4,7 +4,7 @@ Priority: extra
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org> Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton@ubuntu.com> Uploaders: Timo Aaltonen <tjaalton@ubuntu.com>
Build-Depends: Build-Depends:
389-ds-base-dev (>= 1.1.3), 389-ds-base-dev (>= 1.3.3.2),
check, check,
debhelper (>= 9), debhelper (>= 9),
dh-autoreconf, dh-autoreconf,
@ -32,7 +32,7 @@ Build-Depends:
libverto-dev, libverto-dev,
libxmlrpc-core-c3-dev (>= 1.33.14), libxmlrpc-core-c3-dev (>= 1.33.14),
python-all-dev, python-all-dev,
python-dnspython, python-dnspython (>= 1.11.1),
python-kerberos, python-kerberos,
python-krbv, python-krbv,
python-ldap, python-ldap,
@ -46,7 +46,7 @@ Build-Depends:
python-openssl, python-openssl,
python-polib, python-polib,
python-pyasn1, python-pyasn1,
python-qrcode, python-qrcode (>= 5.0.0),
python-setuptools, python-setuptools,
python-sss (>= 1.8.0), python-sss (>= 1.8.0),
python-yubico, python-yubico,
@ -62,11 +62,12 @@ Homepage: http://www.freeipa.org
Package: freeipa-server Package: freeipa-server
Architecture: any Architecture: any
Depends: Depends:
389-ds-base, 389-ds-base (>= 1.3.3.2),
acl, acl,
apache2, apache2,
bind9, bind9,
bind9-dyndb-ldap, bind9-dyndb-ldap,
certmonger (>= 0.75.14),
dogtag-pki-server-theme, dogtag-pki-server-theme,
freeipa-admintools (= ${binary:Version}), freeipa-admintools (= ${binary:Version}),
freeipa-client (= ${binary:Version}), freeipa-client (= ${binary:Version}),
@ -89,7 +90,7 @@ Depends:
python-krbv, python-krbv,
python-ldap, python-ldap,
python-pyasn1, python-pyasn1,
slapi-nis, slapi-nis (>= 0.54),
${misc:Depends}, ${misc:Depends},
${python:Depends}, ${python:Depends},
${shlibs:Depends} ${shlibs:Depends}
@ -139,7 +140,7 @@ Depends:
python-freeipa (= ${binary:Version}), python-freeipa (= ${binary:Version}),
python-krbv, python-krbv,
python-ldap, python-ldap,
sssd (>= 1.9.2), sssd (>= 1.11.1),
wget, wget,
${misc:Depends}, ${misc:Depends},
${python:Depends}, ${python:Depends},

1
debian/freeipa-client.install vendored
View File

@ -1,4 +1,5 @@
usr/lib/python*/dist-packages/ipaclient/*.py usr/lib/python*/dist-packages/ipaclient/*.py
usr/lib/tmpfiles.d/freeipa-client.conf
usr/sbin/ipa-client-automount usr/sbin/ipa-client-automount
usr/sbin/ipa-client-install usr/sbin/ipa-client-install
usr/sbin/ipa-getkeytab usr/sbin/ipa-getkeytab

8
debian/freeipa-client.postinst vendored Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -e
if [ ! -e /run/ipa ]; then
mkdir -m 0700 /run/ipa
fi
#DEBHELPER#

10
debian/freeipa-client.postrm vendored Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
set -e
if [ "$1" = purge ]; then
rm -rf /var/lib/ipa-client
rm -f /etc/ipa/default.conf
fi
#DEBHELPER#

5
debian/freeipa-server.install vendored
View File

@ -1,5 +1,4 @@
etc/apache2/conf-available/* etc/default/ipa_memcached
etc/default/ipa-memcached
etc/ipa/html/* etc/ipa/html/*
lib/systemd/system/* lib/systemd/system/*
usr/lib/*/certmonger/dogtag-ipa-ca-renew-agent-submit usr/lib/*/certmonger/dogtag-ipa-ca-renew-agent-submit
@ -40,7 +39,7 @@ usr/lib/python*/dist-packages/ipaserver/install/sysupgrade.py
usr/lib/python*/dist-packages/ipaserver/install/upgradeinstance.py usr/lib/python*/dist-packages/ipaserver/install/upgradeinstance.py
usr/lib/python*/dist-packages/ipaserver/plugins/* usr/lib/python*/dist-packages/ipaserver/plugins/*
usr/lib/python*/dist-packages/ipaserver/rpcserver* usr/lib/python*/dist-packages/ipaserver/rpcserver*
usr/lib/tmpfiles.d/freeipa.conf usr/lib/tmpfiles.d/freeipa-server.conf
usr/sbin/ipa-advise usr/sbin/ipa-advise
usr/sbin/ipa-backup usr/sbin/ipa-backup
usr/sbin/ipa-ca-install usr/sbin/ipa-ca-install

8
debian/freeipa-server.ipa-memcached.init → debian/freeipa-server.ipa_memcached.init vendored
View File

@ -11,8 +11,8 @@ MAXCONN=1024
CACHESIZE=64 CACHESIZE=64
OPTIONS="" OPTIONS=""
if [ -f /etc/default/ipa-memcached ];then if [ -f /etc/default/ipa_memcached ];then
. /etc/default/ipa-memcached . /etc/default/ipa_memcached
fi fi
prog="ipa_memcached" prog="ipa_memcached"
@ -40,7 +40,7 @@ do_stop () {
# See how we were called. # See how we were called.
case "$1" in case "$1" in
start) start)
log_daemon_msg "Starting ipa-memcached" log_daemon_msg "Starting ipa_memcached"
do_start do_start
case "$?" in case "$?" in
0) log_end_msg 0 ;; 0) log_end_msg 0 ;;
@ -50,7 +50,7 @@ case "$1" in
esac esac
;; ;;
stop) stop)
log_daemon_msg "Stopping ipa-memcached" log_daemon_msg "Stopping ipa_memcached"
do_stop do_stop
case "$?" in case "$?" in
0) log_end_msg 0 ;; 0) log_end_msg 0 ;;

5
debian/freeipa-server.links vendored
View File

@ -1,3 +1,8 @@
/etc/ipa/html/ffconfig.js usr/share/ipa/html/ffconfig.js
/etc/ipa/html/ffconfig_page.js usr/share/ipa/html/ffconfig_page.js
/etc/ipa/html/ssbrowser.html usr/share/ipa/html/ssbrowser.html
/etc/ipa/html/unauthorized.html usr/share/ipa/html/unauthorized.html
/etc/ipa/html/browserconfig.html usr/share/ipa/html/browserconfig.html
/usr/share/javascript/prototype/prototype.js /usr/share/ipa/ipagui/static/javascript/prototype.js /usr/share/javascript/prototype/prototype.js /usr/share/ipa/ipagui/static/javascript/prototype.js
/usr/share/javascript/scriptaculous/scriptaculous.js /usr/share/ipa/ipagui/static/javascript/scriptaculous.js /usr/share/javascript/scriptaculous/scriptaculous.js /usr/share/ipa/ipagui/static/javascript/scriptaculous.js
/usr/share/javascript/scriptaculous/effects.js /usr/share/ipa/ipagui/static/javascript/effects.js /usr/share/javascript/scriptaculous/effects.js /usr/share/ipa/ipagui/static/javascript/effects.js

2
debian/freeipa-server.lintian-overrides vendored
View File

@ -1,2 +1,4 @@
# lintian is lying # lintian is lying
python-script-but-no-python-dep python-script-but-no-python-dep
# we really need apache2
web-application-should-not-depend-unconditionally-on-apache2

23
debian/freeipa-server.postinst vendored
View File

@ -2,10 +2,29 @@
set -e set -e
if [ "$1" = configure ]; then if [ "$1" = configure ]; then
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
. /usr/share/apache2/apache2-maintscript-helper . /usr/share/apache2/apache2-maintscript-helper
apache2_invoke enmod auth_kerb expires headers proxy rewrite || exit $? if [ ! -e /etc/apache2/mods-enabled/auth_kerb.load ]; then
apache2_invoke enmod auth_kerb || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/expires.load ]; then
apache2_invoke enmod expires || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/headers.load ]; then
apache2_invoke enmod headers || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/proxy.load ]; then
apache2_invoke enmod proxy || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/rewrite.load ]; then
apache2_invoke enmod rewrite || exit $?
fi
fi fi
fi fi
if [ ! -e /run/ipa_memcached ]; then
mkdir -m 0700 /run/ipa_memcached
chown www-data:www-data /run/ipa_memcached
fi
#DEBHELPER# #DEBHELPER#

23
debian/freeipa-server.prerm vendored Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
set -e
if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
. /usr/share/apache2/apache2-maintscript-helper
if [ -e /etc/apache2/mods-enabled/auth_kerb ]; then
apache2_invoke dismod auth_kerb || exit $?
fi
if [ -e /etc/apache2/mods-enabled/expires ]; then
apache2_invoke dismod expires || exit $?
fi
if [ -e /etc/apache2/mods-enabled/headers ]; then
apache2_invoke dismod headers || exit $?
fi
if [ -e /etc/apache2/mods-enabled/proxy ]; then
apache2_invoke dismod proxy || exit $?
fi
if [ -e /etc/apache2/mods-enabled/rewrite ]; then
apache2_invoke dismod rewrite || exit $?
fi
fi
#DEBHELPER#

85
debian/patches/add-debian-platform.diff vendored
View File

@ -31,7 +31,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+""" +"""
--- /dev/null --- /dev/null
+++ b/ipaplatform/debian/paths.py +++ b/ipaplatform/debian/paths.py
@@ -0,0 +1,65 @@ @@ -0,0 +1,66 @@
+# Authors: +# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com> +# Timo Aaltonen <tjaalton@ubuntu.com>
+# +#
@ -68,14 +68,15 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ HTTPD_ALIAS_DIR = "/etc/apache2/nssdb" + HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
+ ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc" + ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
+ ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt" + ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
+ HTTPD_CONF_D_DIR = "/etc/apache2/conf-available/" + HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
+ HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-available/ipa-pki-proxy.conf" + HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
+ HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf" + HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-enabled/ipa-rewrite.conf"
+ HTTPD_IPA_CONF = "/etc/apache2/conf-available/ipa.conf" + HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+ HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf" + HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
+ HTTPD_SSL_CONF = "/etc/apache2/conf-available/ssl.conf" + HTTPD_SSL_CONF = "/etc/apache2/conf-enabled/ssl.conf"
+ IPA_KEYTAB = "/etc/apache2/ipa.keytab" + IPA_KEYTAB = "/etc/apache2/ipa.keytab"
+ HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf" + HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
+ ETC_SYSCONFIG_DIR = "/etc/default"
+ SYSCONFIG_PKI = "/etc/dogtag/" + SYSCONFIG_PKI = "/etc/dogtag/"
+ SYSCONFIG_PKI_TOMCAT = "/etc/default/pki-tomcat" + SYSCONFIG_PKI_TOMCAT = "/etc/default/pki-tomcat"
+ SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/dogtag/tomcat/pki-tomcat" + SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/dogtag/tomcat/pki-tomcat"
@ -99,7 +100,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+paths = DebianPathNamespace() +paths = DebianPathNamespace()
--- /dev/null --- /dev/null
+++ b/ipaplatform/debian/services.py +++ b/ipaplatform/debian/services.py
@@ -0,0 +1,161 @@ @@ -0,0 +1,174 @@
+# Authors: +# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com> +# Timo Aaltonen <tjaalton@ubuntu.com>
+# +#
@ -127,15 +128,26 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ +
+from ipaplatform.tasks import tasks +from ipaplatform.tasks import tasks
+from ipaplatform.base import services as base_services +from ipaplatform.base import services as base_services
+ +from ipaplatform.redhat import services as redhat_services
+from ipapython import ipautil +from ipapython import ipautil
+from ipapython.ipa_log_manager import root_logger +from ipapython.ipa_log_manager import root_logger
+from ipalib import api +from ipalib import api
+from ipaplatform.paths import paths +from ipaplatform.paths import paths
+ +
+# Mappings from service names as FreeIPA code references to these services
+# to their actual systemd service names
+debian_system_units = redhat_services.redhat_system_units
+
+debian_system_units['pki-tomcatd'] = 'pki-tomcatd.service'
+debian_system_units['pki_tomcatd'] = debian_system_units['pki-tomcatd']
+
+# Service classes that implement Debian-specific behaviour +# Service classes that implement Debian-specific behaviour
+ +
+class DebianService(base_services.PlatformService): +class DebianService(redhat_services.RedHatService):
+ system_units = debian_system_units
+
+
+class DebianSysvService(base_services.PlatformService):
+ def __wait_for_open_ports(self, instance_name=""): + def __wait_for_open_ports(self, instance_name=""):
+ """ + """
+ If this is a service we need to wait for do so. + If this is a service we need to wait for do so.
@ -155,7 +167,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ update_service_list = True + update_service_list = True
+ else: + else:
+ update_service_list = False + update_service_list = False
+ super(DebianService, self).stop(instance_name) + super(DebianSysvService, self).stop(instance_name)
+ +
+ def start(self, instance_name='', capture_output=True, wait=True): + def start(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "start", + ipautil.run([paths.SBIN_SERVICE, self.service_name, "start",
@ -166,7 +178,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ update_service_list = False + update_service_list = False
+ if wait and self.is_running(instance_name): + if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name) + self.__wait_for_open_ports(instance_name)
+ super(DebianService, self).start(instance_name) + super(DebianSysvService, self).start(instance_name)
+ +
+ def restart(self, instance_name='', capture_output=True, wait=True): + def restart(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart", + ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart",
@ -218,7 +230,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ return True + return True
+ +
+ +
+class DebianSSHService(DebianService): +class DebianSSHService(DebianSysvService):
+ def get_config_dir(self, instance_name=""): + def get_config_dir(self, instance_name=""):
+ return '/etc/ssh' + return '/etc/ssh'
+ +
@ -226,20 +238,22 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+# of specified name +# of specified name
+ +
+def debian_service_class_factory(name): +def debian_service_class_factory(name):
+ if name == 'dirsrv':
+ return redhat_services.RedHatDirectoryService(name)
+ if name == 'ipa':
+ return redhat_services.RedHatIPAService(name)
+ if name == 'httpd': + if name == 'httpd':
+ return DebianService("apache2") + return DebianSysvService("apache2")
+ if name == 'ipa_memcached':
+ return DebianService("ipa-memcached")
+ if name == 'kadmin': + if name == 'kadmin':
+ return DebianService("krb5-admin-server") + return DebianSysvService("krb5-admin-server")
+ if name == 'krb5kdc': + if name == 'krb5kdc':
+ return DebianService("krb5-kdc") + return DebianSysvService("krb5-kdc")
+ if name == 'messagebus': + if name == 'messagebus':
+ return DebianService("dbus") + return DebianSysvService("dbus")
+ if name == 'named': + if name == 'named':
+ return DebianService("bind9") + return DebianSysvService("bind9")
+ if name == 'ntpd': + if name == 'ntpd':
+ return DebianService("ntp") + return DebianSysvService("ntp")
+ if name == 'sshd': + if name == 'sshd':
+ return DebianSSHService(name) + return DebianSSHService(name)
+ return DebianService(name) + return DebianService(name)
@ -263,7 +277,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+knownservices = DebianServices() +knownservices = DebianServices()
--- /dev/null --- /dev/null
+++ b/ipaplatform/debian/tasks.py +++ b/ipaplatform/debian/tasks.py
@@ -0,0 +1,40 @@ @@ -0,0 +1,53 @@
+# Authors: +# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com> +# Timo Aaltonen <tjaalton@ubuntu.com>
+# +#
@ -293,15 +307,28 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ +
+class DebianTaskNamespace(RedHatTaskNamespace): +class DebianTaskNamespace(RedHatTaskNamespace):
+ +
+ def restore_network_configuration(self, fstore, statestore): + def restore_pre_ipa_client_configuration(self, fstore, statestore,
+ filepath = paths.ETC_HOSTNAME + was_sssd_installed,
+ if fstore.has_file(filepath): + was_sssd_configured):
+ fstore.restore_file(filepath)
+ hostname_was_configured = True
+
+ def insert_ca_cert_into_systemwide_ca_store(self, cacert_path):
+ return True + return True
+ +
+ def set_nisdomain(self, nisdomain):
+ return True
+
+ def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
+ return True
+
+ def modify_pam_to_use_krb5(self, statestore):
+ return True
+
+ def insert_ca_cert_into_systemwide_ca_store(self, ca_certs):
+ return True
+
+ def remove_ca_certs_from_systemwide_ca_store(self):
+ return True
+
+ def restore_network_configuration(self, fstore, statestore):
+ return True
+ +
+tasks = DebianTaskNamespace() +tasks = DebianTaskNamespace()
--- a/ipaplatform/setup.py.in --- a/ipaplatform/setup.py.in
@ -479,7 +506,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
[Service] [Service]
Type=forking Type=forking
-EnvironmentFile=/etc/sysconfig/ipa_memcached -EnvironmentFile=/etc/sysconfig/ipa_memcached
+EnvironmentFile=/etc/default/ipa-memcached +EnvironmentFile=/etc/default/ipa_memcached
PIDFile=/var/run/ipa_memcached/ipa_memcached.pid PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS

19
debian/patches/fix-hyphen-used-as-minus-sign.patch vendored
View File

@ -5,7 +5,7 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
--- a/install/tools/man/ipa-adtrust-install.1 --- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1
@@ -107,7 +107,7 @@ @@ -107,7 +107,7 @@ The name of the user with administrative
\fB\-a\fR, \fB\-\-admin\-password\fR=\fIpassword\fR \fB\-a\fR, \fB\-\-admin\-password\fR=\fIpassword\fR
The password of the user with administrative privileges for this IPA server. Will be asked interactively if \fB\-U\fR is not specified. The password of the user with administrative privileges for this IPA server. Will be asked interactively if \fB\-U\fR is not specified.
.TP .TP
@ -16,7 +16,7 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
Enables support for trusted domains users for old clients through Schema Compatibility plugin. Enables support for trusted domains users for old clients through Schema Compatibility plugin.
--- a/install/tools/man/ipa-replica-conncheck.1 --- a/install/tools/man/ipa-replica-conncheck.1
+++ b/install/tools/man/ipa-replica-conncheck.1 +++ b/install/tools/man/ipa-replica-conncheck.1
@@ -70,13 +70,13 @@ @@ -70,13 +70,13 @@ Output only errors
.SH "EXAMPLES" .SH "EXAMPLES"
.TP .TP
@ -35,7 +35,7 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.SH "EXIT STATUS" .SH "EXIT STATUS"
--- a/install/tools/man/ipa-server-install.1 --- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1
@@ -49,7 +49,7 @@ @@ -49,7 +49,7 @@ Create home directories for users on the
The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures. The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures.
.TP .TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
@ -44,18 +44,9 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.TP .TP
\fB\-N\fR, \fB\-\-no\-ntp\fR \fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure NTP Do not configure NTP
@@ -95,7 +95,7 @@
If the CA certificate chain is in PKCS#7 format you can convert it to PEM using:
- openssl pkcs7 -in PKCS7_FILE -print_certs -out PEM_FILE
+ openssl pkcs7 \-in PKCS7_FILE \-print_certs \-out PEM_FILE
.TP
\fB\-\-no\-pkinit\fR
Disables pkinit setup steps
--- a/ipatests/man/ipa-test-config.1 --- a/ipatests/man/ipa-test-config.1
+++ b/ipatests/man/ipa-test-config.1 +++ b/ipatests/man/ipa-test-config.1
@@ -22,7 +22,7 @@ @@ -22,7 +22,7 @@ ipa\-test\-config \- Generate FreeIPA te
.SH "SYNOPSIS" .SH "SYNOPSIS"
ipa\-test\-config [options] ipa\-test\-config [options]
.br .br
@ -64,7 +55,7 @@ Author: Benjamin Drung <benjamin.drung@profitbricks.com>
.br .br
ipa\-test\-config [options] hostname ipa\-test\-config [options] hostname
.SH "DESCRIPTION" .SH "DESCRIPTION"
@@ -37,7 +37,7 @@ @@ -37,7 +37,7 @@ If run without arguments, it prints out
host. host.
Another host may be specified as an argument, or via the \-\-master, Another host may be specified as an argument, or via the \-\-master,
\-\-replica, and \-\-client options. \-\-replica, and \-\-client options.

37
debian/patches/fix-ipa-conf.diff vendored Normal file
View File

@ -0,0 +1,37 @@
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -38,7 +38,7 @@ FileETag None
# FIXME: WSGISocketPrefix is a server-scope directive. The mod_wsgi package
# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf:
-WSGISocketPrefix /run/httpd/wsgi
+WSGISocketPrefix /run/apache2/wsgi
# Configure mod_wsgi handler for /ipa
@@ -71,7 +71,7 @@ KrbConstrainedDelegationLock ipa
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms $REALM
- Krb5KeyTab /etc/httpd/conf/ipa.keytab
+ Krb5KeyTab /etc/apache2/ipa.keytab
KrbSaveCredentials on
KrbConstrainedDelegation on
Require valid-user
@@ -175,14 +175,14 @@ Alias /ipa/wsgi "/usr/share/ipa/wsgi"
</Directory>
# Protect our CGIs
-<Directory /var/www/cgi-bin>
+<Directory /usr/lib/cgi-bin>
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms $REALM
- Krb5KeyTab /etc/httpd/conf/ipa.keytab
+ Krb5KeyTab /etc/apache/ipa.keytab
KrbSaveCredentials on
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html

1
debian/patches/series vendored
View File

@ -10,3 +10,4 @@ add-debian-platform.diff
fix-hyphen-used-as-minus-sign.patch fix-hyphen-used-as-minus-sign.patch
fix-manpage-has-errors-from-man.patch fix-manpage-has-errors-from-man.patch
fix-typo.patch fix-typo.patch
fix-ipa-conf.diff

32
debian/rules vendored
View File

@ -51,12 +51,17 @@ endif
override_dh_auto_test: override_dh_auto_test:
override_dh_auto_install: override_dh_auto_install:
# tmpfiles.d
mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d
echo "d /var/run/ipa 0700 root root" > \
$(DESTDIR)/usr/lib/tmpfiles.d/freeipa-client.conf
ifneq ($(ONLY_CLIENT), 1) ifneq ($(ONLY_CLIENT), 1)
echo "d /var/run/ipa_memcached 0700 www-data www-data" > \
$(DESTDIR)/usr/lib/tmpfiles.d/freeipa-server.conf
# Force re-generate of platform support # Force re-generate of platform support
rm -f ipapython/services.py rm -f ipapython/services.py
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR) make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR)
# cd selinux
# make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR)
cd .. cd ..
chmod 755 $(DESTDIR)/usr/lib/*/ipa/certmonger/* chmod 755 $(DESTDIR)/usr/lib/*/ipa/certmonger/*
@ -66,18 +71,23 @@ ifneq ($(ONLY_CLIENT), 1)
ln -s /usr/share/javascript/dojo/dojo.js $(DESTDIR)/usr/share/ipa/ui/js/dojo/dojo.js ln -s /usr/share/javascript/dojo/dojo.js $(DESTDIR)/usr/share/ipa/ui/js/dojo/dojo.js
ln -s /usr/share/javascript/jquery/jquery.js $(DESTDIR)/usr/share/ipa/ui/js/libs/jquery.js ln -s /usr/share/javascript/jquery/jquery.js $(DESTDIR)/usr/share/ipa/ui/js/libs/jquery.js
mkdir -m 700 $(DESTDIR)/var/lib/ipa/backup mkdir -p -m 700 $(DESTDIR)/var/lib/ipa/backup
mkdir -p $(DESTDIR)/etc/apache2/conf-available \ mkdir -p $(DESTDIR)/etc/bash_completion.d \
$(DESTDIR)/etc/bash_completion.d \
$(DESTDIR)/etc/default \ $(DESTDIR)/etc/default \
$(DESTDIR)/usr/share/ipa/html $(DESTDIR)/usr/share/ipa/html
touch $(DESTDIR)/etc/apache2/conf-available/ipa.conf
touch $(DESTDIR)/etc/apache2/conf-available/ipa-pki-proxy.conf touch $(DESTDIR)/usr/share/ipa/html/ca.crt
touch $(DESTDIR)/etc/apache2/conf-available/ipa-rewrite.conf touch $(DESTDIR)/usr/share/ipa/html/configure.jar
touch $(DESTDIR)/usr/share/ipa/html/kerberosauth.xpi
touch $(DESTDIR)/usr/share/ipa/html/krb.con
touch $(DESTDIR)/usr/share/ipa/html/krb.js
touch $(DESTDIR)/usr/share/ipa/html/krb5.ini touch $(DESTDIR)/usr/share/ipa/html/krb5.ini
touch $(DESTDIR)/usr/share/ipa/html/krbrealm.con
touch $(DESTDIR)/usr/share/ipa/html/preferences.html
install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/etc/bash_completion.d/ipa install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/etc/bash_completion.d/ipa
install -m 0644 init/ipa_memcached.conf $(DESTDIR)/etc/default/ipa-memcached install -m 0644 init/ipa_memcached.conf $(DESTDIR)/etc/default/ipa_memcached
install -m 0644 init/systemd/ipa_memcached.service $(DESTDIR)/lib/systemd/system install -m 0644 init/systemd/ipa_memcached.service $(DESTDIR)/lib/systemd/system
install -m 0644 init/systemd/ipa.service $(DESTDIR)/lib/systemd/system install -m 0644 init/systemd/ipa.service $(DESTDIR)/lib/systemd/system
install -m 0755 debian/generate-rndc-key.sh $(DESTDIR)/usr/share/ipa install -m 0755 debian/generate-rndc-key.sh $(DESTDIR)/usr/share/ipa
@ -91,10 +101,6 @@ endif
find $(CURDIR)/debian/tmp -name '*.py[c,o]' -exec rm '{}' ';' find $(CURDIR)/debian/tmp -name '*.py[c,o]' -exec rm '{}' ';'
# fix permissions # fix permissions
find $(CURDIR)/debian/tmp -name "*.mo" -type f -exec chmod -x "{}" \; find $(CURDIR)/debian/tmp -name "*.mo" -type f -exec chmod -x "{}" \;
# tmpfiles.d
mkdir -p $(CURDIR)/debian/tmp/usr/lib/tmpfiles.d
install -m 0644 $(CURDIR)/init/systemd/ipa.conf.tmpfiles \
$(CURDIR)/debian/tmp/usr/lib/tmpfiles.d/freeipa.conf
override_dh_install: override_dh_install:
dh_install --fail-missing dh_install --fail-missing