diff --git a/debian/changelog b/debian/changelog index 1d28364f4..82699a81b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ freeipa (4.4.4-2) UNRELEASED; urgency=medium * control: Add a dependency on fonts-open-sans. (LP: #1656236) + * fix-opendnssec-install.diff: Updated for opendnssec 2.1.x. (LP: + #1703836) -- Timo Aaltonen Mon, 09 Oct 2017 10:07:36 +0300 diff --git a/debian/patches/fix-opendnssec-setup.diff b/debian/patches/fix-opendnssec-setup.diff index b0d1f1cf4..1493e9f90 100644 --- a/debian/patches/fix-opendnssec-setup.diff +++ b/debian/patches/fix-opendnssec-setup.diff @@ -1,44 +1,81 @@ Description: Fix ODS setup with 2.0.x --- a/install/share/opendnssec_conf.template +++ b/install/share/opendnssec_conf.template -@@ -8,7 +8,6 @@ +@@ -8,7 +8,7 @@ $SOFTHSM_LIB $TOKEN_LABEL $PIN - ++ --- a/ipaserver/install/opendnssecinstance.py +++ b/ipaserver/install/opendnssecinstance.py -@@ -304,7 +304,7 @@ class OpenDNSSECInstance(service.Service +@@ -291,20 +291,15 @@ class OpenDNSSECInstance(service.Service + + # regenerate zonelist.xml + ods_enforcerd = services.knownservices.ods_enforcerd +- cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export'] ++ cmd = [paths.ODS_ENFORCER, 'zonelist', 'export'] + result = ipautil.run(cmd, + runas=constants.ODS_USER, + capture_output=True) +- with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf: +- zonelistf.write(result.output) +- os.chown(paths.OPENDNSSEC_ZONELIST_FILE, +- self.ods_uid, self.ods_gid) +- os.chmod(paths.OPENDNSSEC_ZONELIST_FILE, 0o660) + else: # initialize new kasp.db command = [ - paths.ODS_KSMUTIL, -+ '/usr/sbin/ods-enforcer-db-setup', ++ paths.ODS_ENFORCER_SETUP, 'setup' ] --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py -@@ -171,7 +171,7 @@ class BasePathNamespace(object): +@@ -171,7 +171,8 @@ class BasePathNamespace(object): NET = "/usr/bin/net" BIN_NISDOMAINNAME = "/usr/bin/nisdomainname" NSUPDATE = "/usr/bin/nsupdate" - ODS_KSMUTIL = "/usr/bin/ods-ksmutil" -+ ODS_KSMUTIL = "/usr/bin/ods-enforcer" ++ ODS_ENFORCER = "/usr/bin/ods-enforcer" ++ ODS_ENFORCER_SETUP = "/usr/bin/ods-enforcer-db-setup" ODS_SIGNER = "/usr/sbin/ods-signer" OPENSSL = "/usr/bin/openssl" PK12UTIL = "/usr/bin/pk12util" --- a/ipapython/dnssec/odsmgr.py +++ b/ipapython/dnssec/odsmgr.py -@@ -125,7 +125,7 @@ class ODSMgr(object): +@@ -7,6 +7,7 @@ from lxml import etree + import dns.name + + from ipapython import ipa_log_manager, ipautil ++from ipaplatform.paths import paths + + # hack: zone object UUID is stored as path to imaginary zone file + ENTRYUUID_PREFIX = "/var/lib/ipa/dns/zone/entryUUID/" +@@ -121,17 +122,18 @@ class ODSMgr(object): + self.zl_ldap = LDAPZoneListReader() + + def ksmutil(self, params): +- """Call ods-ksmutil with given parameters and return stdout. ++ """Call ods-enforcer with given parameters and return stdout. Raises CalledProcessError if returncode != 0. """ - cmd = ['ods-ksmutil'] + params -+ cmd = ['ods-enforcer'] + params ++ cmd = [paths.ODS_ENFORCER] + params result = ipautil.run(cmd, capture_output=True) return result.output + def get_ods_zonelist(self): + stdout = self.ksmutil(['zonelist', 'export']) +- reader = ODSZoneListReader(stdout) ++ with open(paths.OPENDNSSEC_ZONELIST_FILE) as f ++ reader = ODSZoneListReader(f.read()) + return reader + + def add_ods_zone(self, uuid, name):