diff --git a/debian/changelog b/debian/changelog index a526889fb..14c322d97 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +freeipa (3.4~git20140617-1) UNRELEASED; urgency=medium + + * git snapshot. + - drop a bunch of patches, update others. + + -- Timo Aaltonen Tue, 17 Jun 2014 16:09:16 +0300 + freeipa (3.3.4-1) UNRELEASED; urgency=low [ Michele Baldessari ] diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff index 1fde55b43..15e98a041 100644 --- a/debian/patches/add-debian-platform.diff +++ b/debian/patches/add-debian-platform.diff @@ -196,13 +196,331 @@ Date: Fri Mar 1 12:21:00 2013 +0200 + services[s] = debian_service(s) + # Call base class constructor. This will lock services to read-only + super(DebianServices, self).__init__(services) ---- a/ipapython/setup.py.in -+++ b/ipapython/setup.py.in -@@ -68,6 +68,7 @@ def setup_package(): - packages = [ "ipapython", - "ipapython.platform", - "ipapython.platform.base", -+ "ipapython.platform.debian", - "ipapython.platform.fedora16", - "ipapython.platform.fedora18", - "ipapython.platform.redhat" ], +--- /dev/null ++++ b/ipaplatform/debian/__init__.py +@@ -0,0 +1,22 @@ ++# Authors: ++# Timo Aaltonen ++# ++# Copyright (C) 2014 Timo Aaltonen ++# see file 'COPYING' for use and warranty information ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++""" ++This module contains Debian specific platform files. ++""" +--- /dev/null ++++ b/ipaplatform/debian/authconfig.py +@@ -0,0 +1,51 @@ ++# Authors: ++# Timo Aaltonen ++# ++# Copyright (C) 2014 Timo Aaltonen ++# see file 'COPYING' for use and warranty information ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++from ipapython import ipautil ++from ipaplatform.base.authconfig import AuthConfig ++ ++class DebianAuthConfig(base.AuthConfig): ++ """ ++ Debian implementation of the AuthConfig class. ++ ++ Debian doesn't provide a single application for changing both ++ nss and pam configuration. PAM can be configured using debconf but ++ there is currently no such solution for updating NSS database and ++ every package does it by itself. ++ ++ We'll have to play a catch-up game with the rest of the FreeIPA ++ project filtering out .enable() and .disable() calls that are ++ useless for us, and making the best out of the rest of them. ++ """ ++ ++ def __build_args(self): ++ args = ['--force', '--package'] ++ for (option, value) in self.parameters.items(): ++ if option == "sssdauth": ++ option = "sss" ++ if type(value) is bool and not value: ++ if not any("remove" in s for s in args): ++ args.append("--remove") ++ args.append("%s" % (option)) ++ return args ++ ++ def execute(self): ++ env = {"DEBCONF_FRONTEND" : "noninteractive"} ++ args = self.__build_args() ++ ipautil.run(["/usr/sbin/pam-auth-update"] + args, env = env) +--- /dev/null ++++ b/ipaplatform/debian/paths.py +@@ -0,0 +1,33 @@ ++# Authors: ++# Timo Aaltonen ++# ++# Copyright (C) 2014 Timo Aaltonen ++# see file 'COPYING' for use and warranty information ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++""" ++This Debian base platform module exports default filesystem paths as common ++in Debian-based systems. ++""" ++ ++# Fallback to default path definitions ++from ipaplatform.base.paths import BasePathNamespace ++ ++ ++class DebianPathNamespace(BasePathNamespace): ++ ETC_DEBIAN_VERSION = "/etc/debian_version" ++ SBIN_SERVICE = "/usr/sbin/service" ++ ++paths = DebianPathNamespace() +--- /dev/null ++++ b/ipaplatform/debian/services.py +@@ -0,0 +1,149 @@ ++# Authors: ++# Timo Aaltonen ++# ++# Copyright (C) 2014 Timo Aaltonen ++# see file 'COPYING' for use and warranty information ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++""" ++Contains Debian-specific service class implementations. ++""" ++ ++import time ++ ++from ipaplatform.tasks import tasks ++from ipaplatform.base import services as base_services ++ ++from ipapython import ipautil ++from ipapython.ipa_log_manager import root_logger ++from ipalib import api ++from ipaplatform.paths import paths ++ ++# Service classes that implement Debian-specific behaviour ++ ++class DebianService(base_services.PlatformService): ++ def __wait_for_open_ports(self, instance_name=""): ++ """ ++ If this is a service we need to wait for do so. ++ """ ++ ports = None ++ if instance_name in base.wellknownports: ++ ports = base.wellknownports[instance_name] ++ else: ++ if self.service_name in base.wellknownports: ++ ports = base.wellknownports[self.service_name] ++ if ports: ++ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout) ++ def stop(self, instance_name='', capture_output=True): ++ ipautil.run([paths.SBIN_SERVICE, self.service_name, "stop", ++ instance_name], capture_output=capture_output) ++ if 'context' in api.env and api.env.context in ['ipactl', 'installer']: ++ update_service_list = True ++ else: ++ update_service_list = False ++ super(DebianService, self).stop(instance_name) ++ ++ def start(self, instance_name='', capture_output=True, wait=True): ++ ipautil.run([paths.SBIN_SERVICE, self.service_name, "start", ++ instance_name], capture_output=capture_output) ++ if 'context' in api.env and api.env.context in ['ipactl', 'installer']: ++ update_service_list = True ++ else: ++ update_service_list = False ++ if wait and self.is_running(instance_name): ++ self.__wait_for_open_ports(instance_name) ++ super(DebianService, self).start(instance_name) ++ ++ def restart(self, instance_name='', capture_output=True, wait=True): ++ ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart", ++ instance_name], capture_output=capture_output) ++ if wait and self.is_running(instance_name): ++ self.__wait_for_open_ports(instance_name) ++ ++ def is_running(self, instance_name=""): ++ ret = True ++ try: ++ (sout, serr, rcode) = ipautil.run([paths.SBIN_SERVICE, ++ self.service_name, "status", ++ instance_name]) ++ if sout.find("NOT running") >= 0: ++ ret = False ++ if sout.find("stop") >= 0: ++ ret = False ++ except ipautil.CalledProcessError: ++ ret = False ++ return ret ++ ++ def is_installed(self): ++ installed = True ++ try: ++ ipautil.run([paths.SBIN_SERVICE, self.service_name, "status"]) ++ except ipautil.CalledProcessError, e: ++ if e.returncode == 1: ++ # service is not installed or there is other serious issue ++ installed = False ++ return installed ++ ++ def is_enabled(self, instance_name=""): ++ # Services are always assumed to be enabled when installed ++ return True ++ ++ def enable(self): ++ return True ++ ++ def disable(self): ++ return True ++ ++ def install(self): ++ return True ++ ++ def remove(self): ++ return True ++ ++ ++class DebianSSHService(DebianService): ++ def get_config_dir(self, instance_name=""): ++ return '/etc/ssh' ++ ++# Function that constructs proper Debian-specific server classes for services ++# of specified name ++ ++def debian_service_class_factory(name): ++ if name == 'sshd': ++ return DebianSSHService(name) ++ return DebianService(name) ++ ++ ++# Magicdict containing DebianService instances. ++ ++class DebianServices(base_services.KnownServices): ++ def __init__(self): ++ services = dict() ++ for s in base_services.wellknownservices: ++ if s == "messagebus": ++ services[s] = debian_service_class_factory("dbus") ++ elif s == "ntpd": ++ services[s] = debian_service("ntp") ++ else: ++ services[s] = debian_service_class_factory(s) ++ # Call base class constructor. This will lock services to read-only ++ super(DebianServices, self).__init__(services) ++ ++ ++# Objects below are expected to be exported by platform module ++ ++from ipaplatform.base.services import timedate_services ++service = debian_service_class_factory ++knownservices = DebianServices() +--- /dev/null ++++ b/ipaplatform/debian/tasks.py +@@ -0,0 +1,36 @@ ++# Authors: ++# Timo Aaltonen ++# ++# Copyright (C) 2014 Timo Aaltonen ++# see file 'COPYING' for use and warranty information ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++""" ++This module contains default Debian-specific implementations of system tasks. ++""" ++ ++from ipaplatform.paths import paths ++from ipaplatform.base.tasks import * ++ ++class DebianTaskNamespace(BaseTaskNamespace): ++ ++ def restore_network_configuration(self, fstore, statestore): ++ filepath = paths.ETC_HOSTNAME ++ if fstore.has_file(filepath): ++ fstore.restore_file(filepath) ++ hostname_was_configured = True ++ ++ ++tasks = DebianTaskNamespace() +\ No newline at end of file +--- a/ipaplatform/setup.py.in ++++ b/ipaplatform/setup.py.in +@@ -67,6 +67,7 @@ def setup_package(): + package_dir = {'ipaplatform': ''}, + packages = ["ipaplatform", + "ipaplatform.base", ++ "ipaplatform.debian", + "ipaplatform.fedora"], + ) + finally: +--- a/ipaserver/install/ntpinstance.py ++++ b/ipaserver/install/ntpinstance.py +@@ -46,6 +46,8 @@ class NTPInstance(service.Service): + os = "fedora" + elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE): + os = "rhel" ++ elif ipautil.file_exists(paths.ETC_DEBIAN_VERSION): ++ os = "debian" + + srv_vals = [] + srv_vals.append("0.%s.pool.ntp.org" % os) diff --git a/debian/patches/check-dbus-before-starting.diff b/debian/patches/check-dbus-before-starting.diff index 1ef2811f8..9e1fecbe2 100644 --- a/debian/patches/check-dbus-before-starting.diff +++ b/debian/patches/check-dbus-before-starting.diff @@ -1,9 +1,9 @@ --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install -@@ -372,10 +372,11 @@ def uninstall(options, env): +@@ -495,10 +495,11 @@ def uninstall(options, env): # Always start certmonger. We can't untrack something if it isn't # running - messagebus = ipaservices.knownservices.messagebus + messagebus = services.knownservices.messagebus - try: - messagebus.start() - except Exception, e: @@ -14,12 +14,12 @@ + except Exception, e: + log_service_error(messagebus.service_name, 'start', e) - cmonger = ipaservices.knownservices.certmonger + cmonger = services.knownservices.certmonger try: -@@ -970,10 +971,11 @@ def configure_certmonger(fstore, subject +@@ -1070,10 +1071,11 @@ def configure_certmonger(fstore, subject principal = 'host/%s@%s' % (hostname, cli_realm) - messagebus = ipaservices.knownservices.messagebus + messagebus = services.knownservices.messagebus - try: - messagebus.start() - except Exception, e: diff --git a/debian/patches/correct-python-path.diff b/debian/patches/correct-python-path.diff deleted file mode 100644 index c28a53476..000000000 --- a/debian/patches/correct-python-path.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile -+++ b/Makefile -@@ -50,7 +50,7 @@ ifneq ($(DEVELOPER_MODE),0) - LINT_OPTIONS=--no-fail - endif - --PYTHON ?= $(shell rpm -E %__python) -+PYTHON ?= $(shell rpm -E %__python || echo /usr/bin/python) - - # Uncomment to increase Java stack size for Web UI build in case it fails - # because of stack overflow exception. Default should be OK for most platforms. diff --git a/debian/patches/dont-search-platform-path.diff b/debian/patches/dont-search-platform-path.diff deleted file mode 100644 index e5aa0cf5c..000000000 --- a/debian/patches/dont-search-platform-path.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- a/ipapython/py_default_encoding/setup.py -+++ b/ipapython/py_default_encoding/setup.py -@@ -22,7 +22,7 @@ from distutils.sysconfig import get_pyth - import sys - import os - --python_header = os.path.join(get_python_inc(plat_specific=1), 'Python.h') -+python_header = os.path.join(get_python_inc(plat_specific=0), 'Python.h') - if not os.path.exists(python_header): - sys.exit("Cannot find Python development packages that provide Python.h") - diff --git a/debian/patches/fix-install-layout.diff b/debian/patches/fix-install-layout.diff deleted file mode 100644 index 293fe7d38..000000000 --- a/debian/patches/fix-install-layout.diff +++ /dev/null @@ -1,14 +0,0 @@ ---- a/Makefile -+++ b/Makefile -@@ -82,9 +82,9 @@ client-install: client client-dirs - done - cd install/po && $(MAKE) install || exit 1; - if [ "$(DESTDIR)" = "" ]; then \ -- $(PYTHON) setup-client.py install; \ -+ $(PYTHON) setup-client.py install --install-layout=deb; \ - else \ -- $(PYTHON) setup-client.py install --root $(DESTDIR); \ -+ $(PYTHON) setup-client.py install --install-layout=deb --root $(DESTDIR); \ - fi - - client-dirs: diff --git a/debian/patches/fix-ldap-conf-path.diff b/debian/patches/fix-ldap-conf-path.diff index 90c08c48e..9a9495452 100644 --- a/debian/patches/fix-ldap-conf-path.diff +++ b/debian/patches/fix-ldap-conf-path.diff @@ -1,6 +1,6 @@ --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install -@@ -854,7 +854,7 @@ def configure_openldap_conf(fstore, cli_ +@@ -948,7 +948,7 @@ def configure_openldap_conf(fstore, cli_ {'action':'addifnotset', 'name':'TLS_CACERT', 'type':'option', 'value':CACERT},] diff --git a/debian/patches/fix-ntpdate-opts.diff b/debian/patches/fix-ntpdate-opts.diff deleted file mode 100644 index 954483917..000000000 --- a/debian/patches/fix-ntpdate-opts.diff +++ /dev/null @@ -1,13 +0,0 @@ -Our ntp isn't patched to drop privileges. - ---- a/ipa-client/ipaclient/ntpconf.py -+++ b/ipa-client/ipaclient/ntpconf.py -@@ -147,7 +147,7 @@ def synconce_ntp(server_fqdn): - if os.path.exists(ntpdate): - # retry several times -- logic follows /etc/init.d/ntpdate - # implementation -- cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", server_fqdn] -+ cmd = [ntpdate, "-s", "-b", "-v", server_fqdn] - for retry in range(0, 3): - try: - ipautil.run(cmd) diff --git a/debian/patches/fix-portability-of-nss.diff b/debian/patches/fix-portability-of-nss.diff deleted file mode 100644 index 42ab5e268..000000000 --- a/debian/patches/fix-portability-of-nss.diff +++ /dev/null @@ -1,74 +0,0 @@ -From 2d9e290970e71d373b91cd0cd1db52b991636889 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Thu, 28 Nov 2013 15:32:07 +0100 -Subject: [PATCH] BUILD: Fix portability of NSS in file ipa_pwd.c - ---- - daemons/ipa-kdb/Makefile.am | 4 +++- - daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am | 1 + - util/ipa_pwd.c | 8 ++++---- - 3 files changed, 8 insertions(+), 5 deletions(-) - -diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am -index dc543dd..b3d6a1b 100644 ---- a/daemons/ipa-kdb/Makefile.am -+++ b/daemons/ipa-kdb/Makefile.am -@@ -21,6 +21,7 @@ AM_CPPFLAGS = \ - $(KRB5_CFLAGS) \ - $(WARN_CFLAGS) \ - $(NDRPAC_CFLAGS) \ -+ $(NSS_CFLAGS) \ - $(NULL) - - plugindir = $(libdir)/krb5/plugins/kdb -@@ -51,6 +52,7 @@ ipadb_la_LIBADD = \ - $(LDAP_LIBS) \ - $(NDRPAC_LIBS) \ - $(UNISTRING_LIBS) \ -+ $(NSS_LIBS) \ - $(NULL) - - if HAVE_CHECK -@@ -77,7 +79,7 @@ ipa_kdb_tests_LDADD = \ - $(KRB5_LIBS) \ - $(LDAP_LIBS) \ - $(NDRPAC_LIBS) \ -- -lnss3 \ -+ $(NSS_LIBS) \ - -lkdb5 \ - -lsss_idmap \ - $(NULL) -diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -index b53b2e1..3323d72 100644 ---- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -@@ -22,6 +22,7 @@ AM_CPPFLAGS = \ - $(LDAP_CFLAGS) \ - $(KRB5_CFLAGS) \ - $(SSL_CFLAGS) \ -+ $(NSS_CFLAGS) \ - $(WARN_CFLAGS) \ - $(NULL) - -diff --git a/util/ipa_pwd.c b/util/ipa_pwd.c -index 761d1ef..f6564c8 100644 ---- a/util/ipa_pwd.c -+++ b/util/ipa_pwd.c -@@ -27,10 +27,10 @@ - #include - #include - #include --#include --#include --#include --#include -+#include -+#include -+#include -+#include - #include - #include "ipa_pwd.h" - --- -1.8.4.2 - diff --git a/debian/patches/fix-pykerberos-api.diff b/debian/patches/fix-pykerberos-api.diff index 4ca01a94b..f6e1351ad 100644 --- a/debian/patches/fix-pykerberos-api.diff +++ b/debian/patches/fix-pykerberos-api.diff @@ -1,6 +1,6 @@ --- a/ipalib/rpc.py +++ b/ipalib/rpc.py -@@ -380,7 +380,7 @@ class KerbTransport(SSLTransport): +@@ -541,7 +541,7 @@ class KerbTransport(SSLTransport): service = "HTTP@" + host.split(':')[0] try: diff --git a/debian/patches/fix-symlink-exclusion.diff b/debian/patches/fix-symlink-exclusion.diff deleted file mode 100644 index c04f13350..000000000 --- a/debian/patches/fix-symlink-exclusion.diff +++ /dev/null @@ -1,22 +0,0 @@ -Description: Don't exclude symlinks when loading plugins - FreeIPA uses custom helpers to enumerate and load plugins. These plugins, - provided by the ipalib module, are excluded due to being symlinked in from - /usr/lib/pyshared as part of the dh_python2 installation process. - . - This change can probably be submitted upstream, but I have no idea why the - original author would exclude symlinks in the first place, nor why a custom - loader is being used. -Author: Nick Hatch -Last-Update: 2013-03-20 - ---- freeipa.orig/ipalib/util.py -+++ freeipa/ipalib/util.py -@@ -81,7 +81,7 @@ - if not name.endswith(suffix): - continue - pyfile = os.path.join(src_dir, name) -- if os.path.islink(pyfile) or not os.path.isfile(pyfile): -+ if not os.path.isfile(pyfile): - continue - module = name[:-len(suffix)] - if module == '__init__': diff --git a/debian/patches/include-ldflags-otpd.diff b/debian/patches/include-ldflags-otpd.diff deleted file mode 100644 index c9215775a..000000000 --- a/debian/patches/include-ldflags-otpd.diff +++ /dev/null @@ -1,21 +0,0 @@ -commit 75dadc1d8ffc3ac84c4b1988c266ef60de1a6cfe -Author: Jan Cholasta -Date: Wed Dec 4 18:39:44 2013 +0100 - - Include LDFLAGS provided by rpmbuild in global LDFLAGS in the spec file. - - Remove explicitly specified hardening flags from LDFLAGS in ipa-otpd. - - https://fedorahosted.org/freeipa/ticket/3896 - -diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am -index f0b7528..ed99c3e 100644 ---- a/daemons/ipa-otpd/Makefile.am -+++ b/daemons/ipa-otpd/Makefile.am -@@ -1,5 +1,5 @@ - AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ --AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ -pie -Wl,-z,relro -Wl,-z,now -+AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ - - noinst_HEADERS = internal.h - libexec_PROGRAMS = ipa-otpd diff --git a/debian/patches/no-test-lang.diff b/debian/patches/no-test-lang.diff index d5f5619f9..5346a1471 100644 --- a/debian/patches/no-test-lang.diff +++ b/debian/patches/no-test-lang.diff @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -98,7 +98,7 @@ client-dirs: +@@ -112,7 +112,7 @@ client-dirs: lint: bootstrap-autogen ./make-lint $(LINT_OPTIONS) diff --git a/debian/patches/no-testcert.patch b/debian/patches/no-testcert.patch deleted file mode 100644 index 70a6704b1..000000000 --- a/debian/patches/no-testcert.patch +++ /dev/null @@ -1,18 +0,0 @@ -Author: Timo Aaltonen -Date: Tue Nov 1 11:48:27 2011 -0400 - - Add no-testcert.patch to not fail make-testcert. - -they need a working certificate server running - ---- a/Makefile -+++ b/Makefile -@@ -102,7 +102,7 @@ lint: bootstrap-autogen - - - test: -- ./make-testcert -+# ./make-testcert - ./make-test - - release-update: diff --git a/debian/patches/port-ipa-client-automount.diff b/debian/patches/port-ipa-client-automount.diff index e4ca2f913..e8892c105 100644 --- a/debian/patches/port-ipa-client-automount.diff +++ b/debian/patches/port-ipa-client-automount.diff @@ -1,10 +1,8 @@ -diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount -index 3952642..e7b843e 100755 --- a/ipa-client/ipa-install/ipa-client-automount +++ b/ipa-client/ipa-install/ipa-client-automount -@@ -39,10 +39,10 @@ from ipapython.ipa_log_manager import * - from ipapython.dn import DN - from ipapython import services as ipaservices +@@ -40,10 +40,10 @@ from ipapython.dn import DN + from ipaplatform.tasks import tasks + from ipaplatform import services -AUTOFS_CONF = '/etc/sysconfig/autofs' +AUTOFS_CONF = '/etc/default/autofs' @@ -15,7 +13,7 @@ index 3952642..e7b843e 100755 IDMAPD_CONF = '/etc/idmapd.conf' def parse_options(): -@@ -309,7 +309,7 @@ def configure_nfs(fstore, statestore): +@@ -310,7 +310,7 @@ def configure_nfs(fstore, statestore): Configure secure NFS """ replacevars = { diff --git a/debian/patches/prefix.patch b/debian/patches/prefix.patch index 2b94d56fb..e8cc5146b 100644 --- a/debian/patches/prefix.patch +++ b/debian/patches/prefix.patch @@ -5,7 +5,19 @@ use the debian layout when installing python modules --- a/Makefile +++ b/Makefile -@@ -153,7 +153,7 @@ server-install: server +@@ -96,9 +96,9 @@ client-install: client client-dirs + done + cd install/po && $(MAKE) install || exit 1; + if [ "$(DESTDIR)" = "" ]; then \ +- $(PYTHON) setup-client.py install; \ ++ $(PYTHON) setup-client.py install --install-layout=deb; \ + else \ +- $(PYTHON) setup-client.py install --root $(DESTDIR); \ ++ $(PYTHON) setup-client.py install --root $(DESTDIR) --install-layout=deb; \ + fi + + client-dirs: +@@ -169,7 +169,7 @@ server-install: server if [ "$(DESTDIR)" = "" ]; then \ $(PYTHON) setup.py install; \ else \ @@ -18,10 +30,10 @@ use the debian layout when installing python modules +++ b/ipapython/Makefile @@ -14,7 +14,7 @@ install: if [ "$(DESTDIR)" = "" ]; then \ - python setup.py install; \ + python2 setup.py install; \ else \ -- python setup.py install --root $(DESTDIR); \ -+ python setup.py install --root $(DESTDIR) --install-layout=deb; \ +- python2 setup.py install --root $(DESTDIR); \ ++ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \ fi @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ @@ -29,10 +41,10 @@ use the debian layout when installing python modules +++ b/ipapython/py_default_encoding/Makefile @@ -9,7 +9,7 @@ install: if [ "$(DESTDIR)" = "" ]; then \ - python setup.py install; \ + python2 setup.py install; \ else \ -- python setup.py install --root $(DESTDIR); \ -+ python setup.py install --root $(DESTDIR) --install-layout=deb; \ +- python2 setup.py install --root $(DESTDIR); \ ++ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \ fi clean: diff --git a/debian/patches/series b/debian/patches/series index 79b978338..bc5a4d61e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,21 +1,13 @@ # not upstreamable -no-testcert.patch prefix.patch no-test-lang.diff -fix-install-layout.diff -fix-ntpdate-opts.diff fix-ldap-conf-path.diff port-ipa-client-automount.diff dont-check-for-systemd-pc.diff -fix-portability-of-nss.diff # send upstream -correct-python-path.diff -dont-search-platform-path.diff -fix-symlink-exclusion.diff check-dbus-before-starting.diff add-debian-platform.diff use-new-nssdb.diff -include-ldflags-otpd.diff fix-pykerberos-api.diff diff --git a/debian/patches/use-new-nssdb.diff b/debian/patches/use-new-nssdb.diff index de688f02f..124fb3b75 100644 --- a/debian/patches/use-new-nssdb.diff +++ b/debian/patches/use-new-nssdb.diff @@ -1,6 +1,6 @@ --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install -@@ -201,7 +201,7 @@ def log_service_error(name, action, erro +@@ -228,7 +228,7 @@ def log_service_error(name, action, erro root_logger.error("%s failed to %s: %s", name, action, str(error)) def nickname_exists(nickname): @@ -9,7 +9,7 @@ if returncode == 0: return True -@@ -365,7 +365,7 @@ def uninstall(options, env): +@@ -487,7 +487,7 @@ def uninstall(options, env): # Remove our host cert and CA cert if nickname_exists("IPA CA"): try: @@ -18,7 +18,7 @@ except Exception, e: root_logger.error( "Failed to remove IPA CA from /etc/pki/nssdb: %s", str(e)) -@@ -393,7 +393,7 @@ def uninstall(options, env): +@@ -515,7 +515,7 @@ def uninstall(options, env): if nickname_exists(client_nss_nickname): try: @@ -27,23 +27,3 @@ except Exception, e: root_logger.error("Failed to remove %s from /etc/pki/nssdb: %s", client_nss_nickname, str(e)) -@@ -2297,7 +2297,7 @@ def install(options, env, fstore, states - - # Add the CA to the default NSS database and trust it - try: -- run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", CACERT]) -+ run(["/usr/bin/certutil", "-A", "-d", "sql:/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", CACERT]) - except CalledProcessError, e: - root_logger.info("Failed to add CA to the default NSS database.") - return CLIENT_INSTALL_ERROR ---- a/ipalib/rpc.py -+++ b/ipalib/rpc.py -@@ -322,7 +322,7 @@ class SSLTransport(LanguageAwareTranspor - if self._connection and host == self._connection[0]: - return self._connection[1] - -- dbdir = '/etc/pki/nssdb' -+ dbdir = 'sql:/etc/pki/nssdb' - no_init = self.__nss_initialized(dbdir) - if sys.version_info < (2, 7): - conn = NSSHTTPS(host, 443, dbdir=dbdir, no_init=no_init)