Enable krb5 snippet updates on client update

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>

freeipa.spec.in

@@ -956,6 +956,8 @@ if [ $1 -gt 1 ] ; then
             cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/kdc-ca-bundle.pem
             cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/ca-bundle.pem
         fi
+
+        %{__python3} -c 'from ipaclient.install.client import configure_krb5_snippet; configure_krb5_snippet()' >>/var/log/ipaupgrade.log 2>&1
     fi
 
     if [ $restore -ge 2 ]; then

ipaclient/install/client.py

@@ -597,13 +597,9 @@ def hardcode_ldap_server(cli_server):
         "hardcoded server name: %s", cli_server[0])
 
 
-def configure_krb5_conf(
-        cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
-        filename, client_domain, client_hostname, force=False,
-        configure_sssd=True):
-
-    # First, write a snippet to krb5.conf.d.  Currently this doesn't support
-    # templating, but that could be changed in the future.
+# Currently this doesn't support templating, but that could be changed in the
+# future.  Note that this function is also called from %post.
+def configure_krb5_snippet():
     template = os.path.join(
         paths.USR_SHARE_IPA_CLIENT_DIR,
         os.path.basename(paths.KRB5_FREEIPA) + ".template"
@@ -611,6 +607,16 @@ def configure_krb5_conf(
     shutil.copy(template, paths.KRB5_FREEIPA)
     os.chmod(paths.KRB5_FREEIPA, 0o644)
 
+    tasks.restore_context(paths.KRB5_FREEIPA)
+
+
+def configure_krb5_conf(
+        cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
+        filename, client_domain, client_hostname, force=False,
+        configure_sssd=True):
+    # First, write a snippet to krb5.conf.d.
+    configure_krb5_snippet()
+
     # Then, perform the rest of our configuration into krb5.conf itself.
     krbconf = IPAChangeConf("IPA Installer")
     krbconf.setOptionAssignment((" = ", " "))