[Pkg-freeipa-devel] freeipa: Changes to 'master-next'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Sun Mar 27 22:23:41 UTC 2016
debian/changelog | 2
debian/freeipa-server-dns.dirs | 2
debian/freeipa-server-dns.postinst | 9 ---
debian/freeipa-server.install | 1
debian/generate-rndc-key.sh | 19 -------
debian/patches/add-debian-platform.diff | 59 +-----------------------
debian/patches/enable-mod-nss-during-setup.diff | 20 ++++++++
debian/patches/fix-memcached.diff | 20 ++++++++
debian/patches/fix-named-conf-template.diff | 13 +++++
debian/patches/hack-libarch.diff | 15 ++++++
debian/patches/series | 3 +
debian/rules | 1
12 files changed, 74 insertions(+), 90 deletions(-)
New commits:
commit e45ef7acb9a50ddefe5801e64160f224bbd90a1e
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Mar 28 01:04:03 2016 +0300
don't ship /var/cache/bind/data, fix named.conf a bit.
diff --git a/debian/changelog b/debian/changelog
index 8e24659..1e0d360 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -72,8 +72,6 @@ freeipa (4.3.1-1) UNRELEASED; urgency=medium
daemons, until opendnssec itself is fixed.
* control: Bump dep on bind9-dyndb-ldap.
* rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean.
- * server-dns: Package is arch:all, so chmod the data dir on postinst
- instead of during build.
* control: Add opendnssec to freeipa-server-dns depends.
* control: Add python-cffi to python-ipalib depends.
diff --git a/debian/freeipa-server-dns.dirs b/debian/freeipa-server-dns.dirs
deleted file mode 100644
index a1768b0..0000000
--- a/debian/freeipa-server-dns.dirs
+++ /dev/null
@@ -1,2 +0,0 @@
-var/cache/bind/data
-
diff --git a/debian/freeipa-server-dns.postinst b/debian/freeipa-server-dns.postinst
deleted file mode 100644
index acad854..0000000
--- a/debian/freeipa-server-dns.postinst
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-set -e
-
-if [ "$1" = configure ]; then
- chmod 0770 /var/cache/bind/data
- chown root:bind /var/cache/bind/data
-fi
-
-#DEBHELPER#
diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff
index 6306eb1..cd8c6e6 100644
--- a/debian/patches/add-debian-platform.diff
+++ b/debian/patches/add-debian-platform.diff
@@ -117,7 +117,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ NAMED_KEYTAB = "/etc/bind/named.keytab"
+ NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+ NAMED_ROOT_KEY = "/etc/bind/bind.keys"
-+ NAMED_BINDKEYS_FILE = "/etc/bind/named.iscdlv.key"
++ NAMED_BINDKEYS_FILE = "/etc/bind/bind.keys"
+ NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
+# NSLCD_CONF = "/etc/nslcd.conf"
+# NSS_LDAP_CONF = "/etc/nss_ldap.conf"
@@ -363,7 +363,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+# TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"
+# TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"
+# LOG_SECURE = "/var/log/secure"
-+ NAMED_RUN = "/var/cache/bind/data/named.run"
++ NAMED_RUN = "/var/cache/bind/named.run"
+ VAR_OPENDNSSEC_DIR = "/var/lib/opendnssec"
+ OPENDNSSEC_KASP_DB = "/var/lib/opendnssec/db/kasp.db"
+ IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache"
diff --git a/debian/patches/fix-named-conf-template.diff b/debian/patches/fix-named-conf-template.diff
index eb8a202..fd13622 100644
--- a/debian/patches/fix-named-conf-template.diff
+++ b/debian/patches/fix-named-conf-template.diff
@@ -5,6 +5,19 @@ Description: fix named.conf template
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
+@@ -4,9 +4,9 @@ options {
+
+ // Put files that named is allowed to write in the data/ directory:
+ directory "$NAMED_VAR_DIR"; // the default
+- dump-file "data/cache_dump.db";
+- statistics-file "data/named_stats.txt";
+- memstatistics-file "data/named_mem_stats.txt";
++ dump-file "cache_dump.db";
++ statistics-file "named_stats.txt";
++ memstatistics-file "named_mem_stats.txt";
+
+ forward first;
+ forwarders {$FORWARDERS};
@@ -30,18 +30,14 @@ options {
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
commit c171947a9de02bc25c5138cd083c7aca962c7825
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Mar 28 00:35:43 2016 +0300
drop generate-rndc-key.sh, bind generates the keyfile already
diff --git a/debian/freeipa-server.install b/debian/freeipa-server.install
index d44dc58..9acd28c 100644
--- a/debian/freeipa-server.install
+++ b/debian/freeipa-server.install
@@ -26,7 +26,6 @@ usr/lib/*/krb5/plugins/kdb/*.so
usr/lib/certmonger/dogtag-ipa-ca-renew-agent-submit
usr/lib/certmonger/ipa-server-guard
usr/lib/ipa/certmonger/*
-usr/lib/ipa/generate-rndc-key.sh
usr/lib/ipa/ipa-dnskeysync-replica
usr/lib/ipa/ipa-dnskeysyncd
usr/lib/ipa/ipa-httpd-kdcproxy
diff --git a/debian/generate-rndc-key.sh b/debian/generate-rndc-key.sh
deleted file mode 100755
index b710f6c..0000000
--- a/debian/generate-rndc-key.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-. /lib/lsb/init-functions
-
-# This script generates /etc/bind/rndc.key if doesn't exist AND if there is no rndc.conf
-
-if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
- echo -n $"Generating /etc/bind/rndc.key:"
- if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then
- chmod 640 /etc/bind/rndc.key
- chown root.bind /etc/bind/rndc.key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/bind/rndc.key
- log_success_msg "/etc/bind/rndc.key generation"
- echo
- else
- log_failure_msg $"/etc/bind/rndc.key generation"
- echo
- fi
-fi
diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff
index d500d04..6306eb1 100644
--- a/debian/patches/add-debian-platform.diff
+++ b/debian/patches/add-debian-platform.diff
@@ -238,7 +238,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-ca-renew-agent-submit"
+ DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-renew-agent-submit"
+ IPA_SERVER_GUARD = "/usr/lib/certmonger/ipa-server-guard"
-+ GENERATE_RNDC_KEY = "/usr/lib/ipa/generate-rndc-key.sh"
++ GENERATE_RNDC_KEY = "/bin/true"
+ IPA_DNSKEYSYNCD_REPLICA = "/usr/lib/ipa/ipa-dnskeysync-replica"
+ IPA_DNSKEYSYNCD = "/usr/lib/ipa/ipa-dnskeysyncd"
+ IPA_ODS_EXPORTER = "/usr/lib/ipa/ipa-ods-exporter"
diff --git a/debian/rules b/debian/rules
index fb143c7..4791dd9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -93,7 +93,6 @@ ifneq ($(ONLY_CLIENT), 1)
install -m 0644 init/systemd/ipa.service $(DESTDIR)/lib/systemd/system
install -m 0644 init/systemd/ipa-custodia.service $(DESTDIR)/lib/systemd/system
install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/usr/share/bash-completion/completions/ipa
- install -m 0755 debian/generate-rndc-key.sh $(DESTDIR)/usr/lib/ipa
for i in $(DESTDIR)/etc/oddjobd.conf.d/ipa-server.conf \
$(DESTDIR)/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf; do \
commit 0bae0fe6a0f3fdb401613395c650e3b620a8be33
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Mar 28 00:10:31 2016 +0300
fix bind datadir permissions
diff --git a/debian/freeipa-server-dns.postinst b/debian/freeipa-server-dns.postinst
index 51651f4..acad854 100644
--- a/debian/freeipa-server-dns.postinst
+++ b/debian/freeipa-server-dns.postinst
@@ -2,7 +2,7 @@
set -e
if [ "$1" = configure ]; then
- chmod 0700 /var/cache/bind/data
+ chmod 0770 /var/cache/bind/data
chown root:bind /var/cache/bind/data
fi
commit 4cf088458fdf89cbe5e4b0a3092448290b634d6c
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Mar 28 00:10:01 2016 +0300
split patches from platform support
diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff
index 7da3b5c..d500d04 100644
--- a/debian/patches/add-debian-platform.diff
+++ b/debian/patches/add-debian-platform.diff
@@ -671,59 +671,6 @@ Date: Fri Mar 1 12:21:00 2013 +0200
srv_vals = []
srv_vals.append("0.%s.pool.ntp.org" % os)
---- a/ipaserver/install/ldapupdate.py
-+++ b/ipaserver/install/ldapupdate.py
-@@ -335,9 +335,9 @@ class LDAPUpdate:
- bits = platform.architecture()[0]
-
- if bits == "64bit":
-- return "64"
-+ return "/x86_64-linux-gnu"
- else:
-- return ""
-+ return "/i386-linux-gnu"
-
- def _template_str(self, s):
- try:
---- a/ipaserver/install/httpinstance.py
-+++ b/ipaserver/install/httpinstance.py
-@@ -183,6 +183,7 @@ class HTTPInstance(service.Service):
- self.step("create KDC proxy user", create_kdcproxy_user)
- self.step("create KDC proxy config", self.create_kdcproxy_conf)
- self.step("enable KDC proxy", self.enable_kdcproxy)
-+ ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True)
- self.step("restarting httpd", self.__start)
- self.step("configuring httpd to start on boot", self.__enable)
- self.step("enabling oddjobd", self.enable_and_start_oddjobd)
-@@ -507,6 +508,8 @@ class HTTPInstance(service.Service):
- except Exception:
- pass
-
-+ ipautil.run(["/usr/sbin/a2dismod", "nss"], capture_output=True)
-+
- self.stop_tracking_certificates()
-
- helper = self.restore_state('certmonger_ipa_helper')
---- a/init/ipa_memcached.conf
-+++ b/init/ipa_memcached.conf
-@@ -1,5 +1,5 @@
- SOCKET_PATH=/var/run/ipa_memcached/ipa_memcached
--USER=apache
-+USER=www-data
- MAXCONN=1024
- CACHESIZE=64
- OPTIONS=
---- a/init/systemd/ipa_memcached.service
-+++ b/init/systemd/ipa_memcached.service
-@@ -4,7 +4,7 @@ After=network.target
-
- [Service]
- Type=forking
--EnvironmentFile=/etc/sysconfig/ipa_memcached
-+EnvironmentFile=/etc/default/ipa_memcached
- PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
- ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS
-
--- /dev/null
+++ b/ipaplatform/debian/constants.py
@@ -0,0 +1,31 @@
diff --git a/debian/patches/enable-mod-nss-during-setup.diff b/debian/patches/enable-mod-nss-during-setup.diff
new file mode 100644
index 0000000..555472b
--- /dev/null
+++ b/debian/patches/enable-mod-nss-during-setup.diff
@@ -0,0 +1,20 @@
+--- a/ipaserver/install/httpinstance.py
++++ b/ipaserver/install/httpinstance.py
+@@ -183,6 +183,7 @@ class HTTPInstance(service.Service):
+ self.step("create KDC proxy user", create_kdcproxy_user)
+ self.step("create KDC proxy config", self.create_kdcproxy_conf)
+ self.step("enable KDC proxy", self.enable_kdcproxy)
++ ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True)
+ self.step("restarting httpd", self.__start)
+ self.step("configuring httpd to start on boot", self.__enable)
+ self.step("enabling oddjobd", self.enable_and_start_oddjobd)
+@@ -507,6 +508,8 @@ class HTTPInstance(service.Service):
+ except Exception:
+ pass
+
++ ipautil.run(["/usr/sbin/a2dismod", "nss"], capture_output=True)
++
+ self.stop_tracking_certificates()
+
+ helper = self.restore_state('certmonger_ipa_helper')
+
diff --git a/debian/patches/fix-memcached.diff b/debian/patches/fix-memcached.diff
new file mode 100644
index 0000000..6cfd3d6
--- /dev/null
+++ b/debian/patches/fix-memcached.diff
@@ -0,0 +1,20 @@
+--- a/init/ipa_memcached.conf
++++ b/init/ipa_memcached.conf
+@@ -1,5 +1,5 @@
+ SOCKET_PATH=/var/run/ipa_memcached/ipa_memcached
+-USER=apache
++USER=www-data
+ MAXCONN=1024
+ CACHESIZE=64
+ OPTIONS=
+--- a/init/systemd/ipa_memcached.service
++++ b/init/systemd/ipa_memcached.service
+@@ -4,7 +4,7 @@ After=network.target
+
+ [Service]
+ Type=forking
+-EnvironmentFile=/etc/sysconfig/ipa_memcached
++EnvironmentFile=/etc/default/ipa_memcached
+ PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
+ ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS
+
diff --git a/debian/patches/hack-libarch.diff b/debian/patches/hack-libarch.diff
new file mode 100644
index 0000000..067fcb8
--- /dev/null
+++ b/debian/patches/hack-libarch.diff
@@ -0,0 +1,15 @@
+--- a/ipaserver/install/ldapupdate.py
++++ b/ipaserver/install/ldapupdate.py
+@@ -335,9 +335,9 @@ class LDAPUpdate:
+ bits = platform.architecture()[0]
+
+ if bits == "64bit":
+- return "64"
++ return "/x86_64-linux-gnu"
+ else:
+- return ""
++ return "/i386-linux-gnu"
+
+ def _template_str(self, s):
+ try:
+
diff --git a/debian/patches/series b/debian/patches/series
index fb20185..b3314ad 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,6 +4,8 @@ configure-apache-from-installer.diff
# not upstreamable
work-around-apache-fail.diff
prefix.patch
+hack-libarch.diff
+enable-mod-nss-during-setup.diff
# send upstream
add-debian-platform.diff
@@ -14,3 +16,4 @@ fix-replicainstall.diff
fix-dnssec-services.diff
create-sysconfig-ods.diff
fix-named-conf-template.diff
+fix-memcached.diff
More information about the Pkg-freeipa-devel
mailing list