[Pkg-freeipa-devel] freeipa: Changes to 'master-next'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Mar 10 09:27:47 UTC 2016
.gitignore | 11
ACI.txt | 2
Makefile | 53
client/Makefile.am | 126
client/config.c | 174
client/configure.ac | 244
client/ipa-certupdate | 23
client/ipa-client-automount | 505 +
client/ipa-client-common.c | 48
client/ipa-client-common.h | 33
client/ipa-client-install | 3110 +++++++++
client/ipa-getkeytab.c | 913 ++
client/ipa-join.c | 1161 +++
client/ipa-rmkeytab.c | 268
client/man/Makefile.am | 24
client/man/default.conf.5 | 246
client/man/ipa-certupdate.1 | 39
client/man/ipa-client-automount.1 | 89
client/man/ipa-client-install.1 | 286
client/man/ipa-getkeytab.1 | 147
client/man/ipa-join.1 | 142
client/man/ipa-rmkeytab.1 | 89
client/version.m4.in | 1
contrib/RHEL4/Makefile.am | 13
contrib/RHEL4/configure.ac | 55
contrib/RHEL4/ipa-client-setup | 356 -
contrib/RHEL4/ipa-client.spec | 54
contrib/RHEL4/ipa.conf | 3
contrib/RHEL4/ipachangeconf.py | 458 -
contrib/RHEL4/setup.py | 75
contrib/nssciphersuite/README.txt | 36
contrib/nssciphersuite/nssciphersuite.py | 147
daemons/dnssec/ipa-ods-exporter | 233
daemons/ipa-kdb/ipa_kdb_common.c | 29
daemons/ipa-kdb/ipa_kdb_mspac.c | 108
daemons/ipa-sam/Makefile.am | 3
daemons/ipa-sam/ipa_sam.c | 87
daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c | 14
daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c | 23
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 3
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h | 1
daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 2
daemons/ipa-slapi-plugins/topology/topology.h | 1
daemons/ipa-slapi-plugins/topology/topology_init.c | 2
daemons/ipa-slapi-plugins/topology/topology_pre.c | 53
debian/autoreconf | 3
debian/changelog | 10
debian/control | 2
debian/patches/add-debian-platform.diff | 13
debian/patches/fix-certmonger-script-install.diff | 60
debian/patches/fix-replicainstall.diff | 2
debian/patches/ipaplatform-Move-remaining-user-group-constants-to-i.patch | 16
debian/patches/no-test-lang.diff | 11
debian/patches/prefix.patch | 52
debian/patches/series | 3
debian/patches/use-httpd-user.diff | 28
debian/patches/work-around-apache-fail.diff | 14
debian/python-ipaclient.install | 1
debian/python-ipalib.install | 4
debian/rules | 10
doc/examples/python-api.py | 1
doc/guide/guide.org | 4
doc/guide/wsgi.py.txt | 2
freeipa.spec.in | 111
install/migration/migration.py | 1
install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf | 2
install/po/Makefile.in | 8
install/restart_scripts/Makefile.am | 2
install/restart_scripts/renew_ca_cert | 28
install/share/Makefile.am | 1
install/share/delegation.ldif | 9
install/share/kerberos.ldif | 2
install/share/nis-update.uldif | 38
install/share/replica-acis.ldif | 5
install/tools/ipa-adtrust-install | 6
install/tools/ipa-ca-install | 6
install/tools/ipa-csreplica-manage | 2
install/tools/ipa-dns-install | 6
install/tools/ipa-replica-manage | 204
install/tools/ipactl | 4
install/tools/man/ipa-replica-manage.1 | 3
install/ui/src/freeipa/certificate.js | 2
install/ui/src/freeipa/facet.js | 12
install/ui/src/freeipa/ipa.js | 8
install/ui/src/freeipa/policy.js | 5
install/ui/src/freeipa/topology.js | 1
install/ui/src/freeipa/widgets/LoginScreen.js | 8
install/ui/src/webui.profile.js | 3
install/ui/test/data/ipa_init.json | 8
install/updates/20-aci.update | 14
install/updates/20-syncrepl.update | 1
install/updates/50-externalmembers.update | 3
install/updates/50-nis.update | 58
install/updates/60-trusts.update | 1
install/updates/90-post_upgrade_plugins.update | 3
install/updates/Makefile.am | 1
ipa-client/Makefile.am | 130
ipa-client/README | 24
ipa-client/config.c | 174
ipa-client/configure.ac | 259
ipa-client/ipa-client-common.c | 48
ipa-client/ipa-client-common.h | 33
ipa-client/ipa-client.spec.in | 86
ipa-client/ipa-getkeytab.c | 913 --
ipa-client/ipa-install/Makefile.am | 15
ipa-client/ipa-install/ipa-certupdate | 23
ipa-client/ipa-install/ipa-client-automount | 505 -
ipa-client/ipa-install/ipa-client-install | 3140 ----------
ipa-client/ipa-join.c | 1161 ---
ipa-client/ipa-rmkeytab.c | 268
ipa-client/ipaclient/Makefile.am | 17
ipa-client/ipaclient/__init__.py | 18
ipa-client/ipaclient/ipa_certupdate.py | 183
ipa-client/ipaclient/ipachangeconf.py | 565 -
ipa-client/ipaclient/ipadiscovery.py | 506 -
ipa-client/ipaclient/ntpconf.py | 233
ipa-client/man/Makefile.am | 24
ipa-client/man/default.conf.5 | 246
ipa-client/man/ipa-certupdate.1 | 39
ipa-client/man/ipa-client-automount.1 | 89
ipa-client/man/ipa-client-install.1 | 288
ipa-client/man/ipa-getkeytab.1 | 147
ipa-client/man/ipa-join.1 | 142
ipa-client/man/ipa-rmkeytab.1 | 89
ipa-client/version.m4.in | 1
ipaclient/__init__.py | 18
ipaclient/ipa_certupdate.py | 171
ipaclient/ipachangeconf.py | 565 +
ipaclient/ipadiscovery.py | 553 +
ipaclient/ntpconf.py | 233
ipaclient/setup.py.in | 71
ipalib/backend.py | 20
ipalib/cli.py | 58
ipalib/frontend.py | 3
ipalib/krb_utils.py | 3
ipalib/messages.py | 11
ipalib/plugins/baseldap.py | 2
ipalib/plugins/batch.py | 9
ipalib/plugins/dns.py | 19
ipalib/plugins/internal.py | 2
ipalib/plugins/pwpolicy.py | 4
ipalib/plugins/server.py | 5
ipalib/plugins/trust.py | 50
ipalib/plugins/vault.py | 8
ipalib/rpc.py | 14
ipalib/util.py | 6
ipalib/x509.py | 4
ipaplatform/base/paths.py | 3
ipaplatform/base/services.py | 2
ipaplatform/redhat/tasks.py | 33
ipapython/Makefile | 2
ipapython/certdb.py | 29
ipapython/certmonger.py | 27
ipapython/cookie.py | 3
ipapython/dnssec/abshsm.py | 2
ipapython/dnssec/bindmgr.py | 22
ipapython/dnssec/keysyncer.py | 24
ipapython/dnssec/ldapkeydb.py | 140
ipapython/dnssec/localhsm.py | 4
ipapython/dnssec/odsmgr.py | 6
ipapython/dnsutil.py | 4
ipapython/dogtag.py | 23
ipapython/install/core.py | 25
ipapython/ipaldap.py | 16
ipapython/ipap11helper/Makefile | 19
ipapython/ipap11helper/library.c | 87
ipapython/ipap11helper/library.h | 48
ipapython/ipap11helper/p11helper.c | 2268 -------
ipapython/ipap11helper/setup.py | 43
ipapython/ipautil.py | 49
ipapython/kernel_keyring.py | 6
ipapython/nsslib.py | 7
ipapython/p11helper.py | 1745 +++++
ipapython/py_default_encoding/Makefile | 25
ipapython/py_default_encoding/default_encoding_utf8.c | 57
ipapython/py_default_encoding/setup.py | 45
ipapython/sysrestore.py | 16
ipaserver/advise/plugins/legacy_clients.py | 4
ipaserver/install/adtrustinstance.py | 32
ipaserver/install/bindinstance.py | 10
ipaserver/install/cainstance.py | 11
ipaserver/install/certs.py | 13
ipaserver/install/dns.py | 24
ipaserver/install/dnskeysyncinstance.py | 2
ipaserver/install/dogtaginstance.py | 11
ipaserver/install/dsinstance.py | 131
ipaserver/install/httpinstance.py | 24
ipaserver/install/installutils.py | 26
ipaserver/install/ipa_backup.py | 3
ipaserver/install/ipa_cacert_manage.py | 7
ipaserver/install/ipa_otptoken_import.py | 9
ipaserver/install/ipa_replica_prepare.py | 5
ipaserver/install/ipa_restore.py | 21
ipaserver/install/ipa_winsync_migrate.py | 6
ipaserver/install/krainstance.py | 2
ipaserver/install/ldapupdate.py | 12
ipaserver/install/opendnssecinstance.py | 8
ipaserver/install/plugins/adtrust.py | 152
ipaserver/install/plugins/update_managed_permissions.py | 133
ipaserver/install/plugins/update_nis.py | 86
ipaserver/install/replication.py | 24
ipaserver/install/server/common.py | 42
ipaserver/install/server/install.py | 68
ipaserver/install/server/replicainstall.py | 156
ipaserver/install/server/upgrade.py | 114
ipaserver/install/service.py | 3
ipaserver/plugins/dogtag.py | 44
ipatests/i18n.py | 4
ipatests/pytest.ini | 3
ipatests/test_cmdline/test_ipagetkeytab.py | 13
ipatests/test_integration/tasks.py | 316 -
ipatests/test_integration/test_advise.py | 7
ipatests/test_integration/test_caless.py | 17
ipatests/test_integration/test_customized_ds_config_install.py | 23
ipatests/test_integration/test_dnssec.py | 33
ipatests/test_integration/test_external_ca.py | 4
ipatests/test_integration/test_forced_client_reenrollment.py | 1
ipatests/test_integration/test_replication_layouts.py | 36
ipatests/test_integration/test_sudo.py | 27
ipatests/test_integration/test_topologies.py | 83
ipatests/test_integration/test_topology.py | 3
ipatests/test_integration/test_vault.py | 2
ipatests/test_integration/util.py | 2
ipatests/test_ipalib/test_backend.py | 16
ipatests/test_ipalib/test_parameters.py | 3
ipatests/test_ipapython/test_cookie.py | 16
ipatests/test_ipapython/test_ipap11helper.py | 2
ipatests/test_ipapython/test_ipautil.py | 4
ipatests/test_ipaserver/test_version_comparison.py | 51
ipatests/test_util.py | 12
ipatests/test_xmlrpc/test_attr.py | 669 --
ipatests/test_xmlrpc/test_automount_plugin.py | 2
ipatests/test_xmlrpc/test_caacl_plugin.py | 12
ipatests/test_xmlrpc/test_caacl_profile_enforcement.py | 5
ipatests/test_xmlrpc/test_certprofile_plugin.py | 3
ipatests/test_xmlrpc/test_dns_plugin.py | 32
ipatests/test_xmlrpc/test_old_permission_plugin.py | 14
ipatests/test_xmlrpc/test_permission_plugin.py | 18
ipatests/test_xmlrpc/test_replace.py | 174
ipatests/test_xmlrpc/test_user_plugin.py | 2377 ++-----
ipatests/test_xmlrpc/tracker/certprofile_plugin.py | 4
ipatests/test_xmlrpc/tracker/user_plugin.py | 174
ipatests/test_xmlrpc/xmlrpc_test.py | 4
make-lint | 280
pylint_plugins.py | 246
pylintrc | 111
setup-client.py | 40
247 files changed, 15783 insertions(+), 16510 deletions(-)
New commits:
commit 070c76ccb9c78c594b5de29082b17407b96ad1f5
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu Mar 10 11:27:18 2016 +0200
port packaging to current git
diff --git a/debian/autoreconf b/debian/autoreconf
index 722537c..34a6a89 100644
--- a/debian/autoreconf
+++ b/debian/autoreconf
@@ -1,3 +1,4 @@
-ipa-client
+asn1
+client
daemons
install
diff --git a/debian/control b/debian/control
index 4fd2fcb..6e34083 100644
--- a/debian/control
+++ b/debian/control
@@ -20,11 +20,9 @@ Build-Depends:
libldap2-dev,
libnspr4-dev,
libnss3-dev,
- libp11-kit-dev,
libpopt-dev,
librhino-java,
libsasl2-dev,
- libsofthsm2-dev,
libssl-dev,
libsss-idmap-dev,
libsss-nss-idmap-dev (>= 1.13.1),
diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff
index 7fc7a2d..519591b 100644
--- a/debian/patches/add-debian-platform.diff
+++ b/debian/patches/add-debian-platform.diff
@@ -586,7 +586,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+knownservices = DebianServices()
--- /dev/null
+++ b/ipaplatform/debian/tasks.py
-@@ -0,0 +1,47 @@
+@@ -0,0 +1,52 @@
+# Authors:
+# Timo Aaltonen <tjaalton at ubuntu.com>
+#
@@ -614,6 +614,8 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+from ipaplatform.base.tasks import *
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
++BaseTask = BaseTaskNameSpace()
++
+class DebianTaskNamespace(RedHatTaskNamespace):
+
+ def restore_pre_ipa_client_configuration(self, fstore, statestore,
@@ -633,6 +635,9 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+ def restore_network_configuration(self, fstore, statestore):
+ return True
+
++ def parse_ipa_version(self, version):
++ return BaseTask.parse_ipa_version(version)
++
+tasks = DebianTaskNamespace()
--- a/ipaplatform/setup.py.in
+++ b/ipaplatform/setup.py.in
diff --git a/debian/python-ipaclient.install b/debian/python-ipaclient.install
index 35941d0..a6f5cd2 100644
--- a/debian/python-ipaclient.install
+++ b/debian/python-ipaclient.install
@@ -1 +1,2 @@
+usr/lib/python*/dist-packages/ipaclient-*.egg-info
usr/lib/python*/dist-packages/ipaclient/*.py
diff --git a/debian/python-ipalib.install b/debian/python-ipalib.install
index 4c98562..4cfe44c 100644
--- a/debian/python-ipalib.install
+++ b/debian/python-ipalib.install
@@ -1,6 +1,3 @@
-usr/lib/python*/dist-packages/_ipap11helper.so
-usr/lib/python*/dist-packages/_ipap11helper-*.egg-info
-usr/lib/python*/dist-packages/default_encoding_utf8.so
usr/lib/python*/dist-packages/freeipa-*.egg-info
usr/lib/python*/dist-packages/ipalib-*.egg-info
usr/lib/python*/dist-packages/ipalib/*
@@ -8,4 +5,3 @@ usr/lib/python*/dist-packages/ipaplatform-*.egg-info
usr/lib/python*/dist-packages/ipaplatform/*
usr/lib/python*/dist-packages/ipapython-*.egg-info
usr/lib/python*/dist-packages/ipapython/*
-usr/lib/python*/dist-packages/python_default_encoding-*.egg-info
diff --git a/debian/rules b/debian/rules
index 839df8c..27c3bf1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,6 +9,7 @@ ONLY_CLIENT=0
DESTDIR=$(CURDIR)/debian/tmp
export SKIP_API_VERSION_CHECK="yes"
+export SUPPORTED_PLATFORM=debian
PLATFORM="SUPPORTED_PLATFORM=debian"
JAVA_STACK_SIZE ?= 8m
export JAVA_STACK_SIZE
@@ -27,7 +28,7 @@ override_dh_auto_clean:
find . -name "*.pyo" -o -name "*.pyc" -type f -exec rm -f "{}" \;
find . -name "ltmain.sh" -exec rm -f "{}" \;
find . -name "configure" -exec rm -f "{}" \;
- rm -rf daemons/ipa-version.h freeipa.spec freeipa.egg-info ipa-client/ipa-client.spec version.m4
+ rm -rf daemons/ipa-version.h freeipa.spec freeipa.egg-info version.m4
rm -rf ipapython/build RELEASE build
override_dh_autoreconf:
@@ -35,7 +36,7 @@ override_dh_autoreconf:
dh_autoreconf; cd ..
override_dh_auto_configure:
- dh_auto_configure -Dipa-client
+ dh_auto_configure -Dclient
ifneq ($(ONLY_CLIENT), 1)
dh_auto_configure -Ddaemons -- \
--libexecdir=/usr/lib \
commit eb017da36e365f628de62e6ce5abe032d220be52
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Mar 9 00:21:44 2016 +0200
rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean.
diff --git a/debian/changelog b/debian/changelog
index 09ef164..6dc16ec 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -74,6 +74,7 @@ freeipa (4.3.0+git20160302-1) UNRELEASED; urgency=medium
* create-sysconfig-ods.diff: Create an empty file for opendnssec
daemons, until opendnssec itself is fixed.
* control: Bump dep on bind9-dyndb-ldap.
+ * rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean.
-- Timo Aaltonen <tjaalton at debian.org> Sat, 03 Oct 2015 08:56:31 +0300
diff --git a/debian/rules b/debian/rules
index f7c04f1..839df8c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,7 @@ DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
ONLY_CLIENT=0
DESTDIR=$(CURDIR)/debian/tmp
+export SKIP_API_VERSION_CHECK="yes"
PLATFORM="SUPPORTED_PLATFORM=debian"
JAVA_STACK_SIZE ?= 8m
export JAVA_STACK_SIZE
@@ -19,7 +20,7 @@ gentarball:
git archive --format=tar experimental --prefix=$(SOURCE)-$(UV)/ | xz --best > ../$(SOURCE)_$(UV).orig.tar.xz
override_dh_auto_clean:
- for i in daemons install ipapython ipaserver ipa-client; do \
+ for i in asn1 daemons install ipalib ipapython; do \
(cd $$i && [ ! -f Makefile ] || $(MAKE) distclean); \
(cd $$i && rm -f COPYING INSTALL depcomp install-sh missing py-compile config.guess config.sub aclocal.m4 config.h.in version.m4); \
done
commit 77e0d8aaf0c6e884da7b0e771ff0a77d405de41a
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Mar 8 21:08:45 2016 +0200
Update to current ipa-4-3
refresh patches
drop upstreamed & obsolete ones
etc
diff --git a/debian/changelog b/debian/changelog
index 09dcdc4..09ef164 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
-freeipa (4.3.0-1) UNRELEASED; urgency=medium
+freeipa (4.3.0+git20160302-1) UNRELEASED; urgency=medium
- * New upstream release.
+ * New upstream snapshot.
+ - refresh patches
+ - drop no-test-lang.diff, obsolete
* fix-match-hostname.diff, control: Drop the patch and python-openssl
deps, not needed anymore
* *.install: Updated.
@@ -53,11 +55,8 @@ freeipa (4.3.0-1) UNRELEASED; urgency=medium
multiarch path to avoid hacking the code too much.
* fix-ipa-otpd-install.diff, rules, server.install: Put ipa-otpd in
/usr/lib/ipa instead of directly under multiarch lib path.
- * fix-certmonger-script-install.diff: Install certmonger scripts under
- /usr/lib/ipa instead of multiarch path.
* control, server*.install: Move dirsrv plugins from server-trust-ad
to server, needed on upgrades even if trust-ad isn't set up.
- * user-httpd-user.diff: Patch dogtaginstance.py to use HTTPD_USER.
* control: Add pki-tools to python-ipaserver deps.
* server: Enable mod_proxy_ajp and mod_proxy_http on postinst, disable
on postrm.
diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff
index 51054d0..7fc7a2d 100644
--- a/debian/patches/add-debian-platform.diff
+++ b/debian/patches/add-debian-platform.diff
@@ -657,7 +657,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
srv_vals.append("0.%s.pool.ntp.org" % os)
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
-@@ -332,9 +332,9 @@ class LDAPUpdate:
+@@ -335,9 +335,9 @@ class LDAPUpdate:
bits = platform.architecture()[0]
if bits == "64bit":
@@ -671,7 +671,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
try:
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
-@@ -168,6 +168,7 @@ class HTTPInstance(service.Service):
+@@ -183,6 +183,7 @@ class HTTPInstance(service.Service):
self.step("create KDC proxy user", create_kdcproxy_user)
self.step("create KDC proxy config", self.create_kdcproxy_conf)
self.step("enable KDC proxy", self.enable_kdcproxy)
@@ -679,7 +679,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable)
self.step("enabling oddjobd", self.enable_and_start_oddjobd)
-@@ -483,6 +484,8 @@ class HTTPInstance(service.Service):
+@@ -502,6 +503,8 @@ class HTTPInstance(service.Service):
except Exception:
pass
diff --git a/debian/patches/fix-certmonger-script-install.diff b/debian/patches/fix-certmonger-script-install.diff
deleted file mode 100644
index 5c28df1..0000000
--- a/debian/patches/fix-certmonger-script-install.diff
+++ /dev/null
@@ -1,60 +0,0 @@
---- a/install/restart_scripts/Makefile.am
-+++ b/install/restart_scripts/Makefile.am
-@@ -1,6 +1,6 @@
- NULL =
-
--appdir = $(libdir)/ipa/certmonger
-+appdir = $(libexecdir)/ipa/certmonger
- app_DATA = \
- restart_dirsrv \
- restart_httpd \
---- a/ipapython/certmonger.py
-+++ b/ipapython/certmonger.py
-@@ -492,19 +492,11 @@ def dogtag_start_tracking(ca, nickname,
- params['KEY_PIN_FILE'] = os.path.abspath(pinfile)
- if pre_command:
- if not os.path.isabs(pre_command):
-- if sys.maxsize > 2**32:
-- libpath = 'lib64'
-- else:
-- libpath = 'lib'
-- pre_command = certmonger_cmd_template % (libpath, pre_command)
-+ pre_command = certmonger_cmd_template % (pre_command)
- params['cert-presave-command'] = pre_command
- if post_command:
- if not os.path.isabs(post_command):
-- if sys.maxsize > 2**32:
-- libpath = 'lib64'
-- else:
-- libpath = 'lib'
-- post_command = certmonger_cmd_template % (libpath, post_command)
-+ post_command = certmonger_cmd_template % (post_command)
- params['cert-postsave-command'] = post_command
- if profile:
- params['ca-profile'] = profile
---- a/ipaplatform/base/paths.py
-+++ b/ipaplatform/base/paths.py
-@@ -149,7 +149,7 @@ class BasePathNamespace(object):
- TMP_CA_P12 = "/tmp/ca.p12"
- TMP_KRB5CC = "/tmp/krb5cc_%d"
- USR_DIR = "/usr"
-- CERTMONGER_COMMAND_TEMPLATE = "/usr/%s/ipa/certmonger/%s"
-+ CERTMONGER_COMMAND_TEMPLATE = "/usr/libexec/ipa/certmonger/%s"
- PKCS12EXPORT = "/usr/bin/PKCS12Export"
- CERTUTIL = "/usr/bin/certutil"
- CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
---- a/ipaserver/install/certs.py
-+++ b/ipaserver/install/certs.py
-@@ -297,11 +297,7 @@ class CertDB(object):
- /usr/lib[64]/ipa/certmonger.
- """
- if command is not None and not os.path.isabs(command):
-- if sys.maxsize > 2**32:
-- libpath = 'lib64'
-- else:
-- libpath = 'lib'
-- command = paths.CERTMONGER_COMMAND_TEMPLATE % (libpath, command)
-+ command = paths.CERTMONGER_COMMAND_TEMPLATE % (command)
- try:
- request_id = certmonger.start_tracking(nickname, self.secdir, password_file, command)
- except RuntimeError as e:
diff --git a/debian/patches/fix-replicainstall.diff b/debian/patches/fix-replicainstall.diff
index ba6425d..c84ff67 100644
--- a/debian/patches/fix-replicainstall.diff
+++ b/debian/patches/fix-replicainstall.diff
@@ -1,6 +1,6 @@
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
-@@ -990,7 +990,7 @@ def promote_check(installer):
+@@ -1073,7 +1073,7 @@ def promote_check(installer):
raise RuntimeError("CA cert file is not available! Please reinstall"
"the client and try again.")
diff --git a/debian/patches/ipaplatform-Move-remaining-user-group-constants-to-i.patch b/debian/patches/ipaplatform-Move-remaining-user-group-constants-to-i.patch
index 5aaa737..575956e 100644
--- a/debian/patches/ipaplatform-Move-remaining-user-group-constants-to-i.patch
+++ b/debian/patches/ipaplatform-Move-remaining-user-group-constants-to-i.patch
@@ -177,7 +177,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
named_conf_section_ipa_start_re = re.compile('\s*dynamic-db\s+"ipa"\s+{')
named_conf_section_options_start_re = re.compile('\s*options\s+{')
-@@ -607,7 +608,7 @@ class BindInstance(service.Service):
+@@ -611,7 +612,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_addresses, realm_name, domain_name, forwarders, ntp,
@@ -186,7 +186,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
ca_configured=None, no_dnssec_validation=False):
self.named_user = named_user
self.fqdn = fqdn
-@@ -1258,4 +1259,4 @@ class BindInstance(service.Service):
+@@ -1262,4 +1263,4 @@ class BindInstance(service.Service):
self.named_regular.start()
installutils.remove_keytab(paths.NAMED_KEYTAB)
@@ -212,7 +212,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
def check_port():
"""
-@@ -918,7 +920,7 @@ class CAInstance(DogtagInstance):
+@@ -921,7 +923,7 @@ class CAInstance(DogtagInstance):
os.chmod(self.ra_agent_db + "/key3.db", 0o640)
os.chmod(self.ra_agent_db + "/secmod.db", 0o640)
@@ -231,7 +231,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
def get_cert_nickname(cert):
"""
-@@ -513,7 +514,7 @@ class CertDB(object):
+@@ -512,7 +513,7 @@ class CertDB(object):
f.write(pwdfile.read())
f.close()
pwdfile.close()
@@ -251,7 +251,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
def _find_dnssec_enabled_zones(conn):
search_kw = {'idnssecinlinesigning': True}
-@@ -239,8 +241,8 @@ def install_check(standalone, replica, o
+@@ -231,8 +233,8 @@ def install_check(standalone, api, repli
dnskeysyncd.stop()
try:
ipautil.run(cmd, env=environment,
@@ -387,8 +387,8 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
HTTPD_USER = constants.HTTPD_USER
+KDCPROXY_USER = constants.KDCPROXY_USER
- def httpd_443_configured():
- """
+ # See contrib/nsscipersuite/nssciphersuite.py
+ NSS_CIPHER_SUITE = [
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -24,8 +24,9 @@ import tempfile
@@ -661,7 +661,7 @@ some platform specific things, and remove hopefully last remnants of hardcoded u
class KpasswdInstance(service.SimpleServiceInstance):
def __init__(self):
-@@ -929,7 +931,7 @@ def copy_crl_file(old_path, new_path=Non
+@@ -945,7 +947,7 @@ def copy_crl_file(old_path, new_path=Non
os.symlink(realpath, new_path)
else:
shutil.copy2(old_path, new_path)
diff --git a/debian/patches/no-test-lang.diff b/debian/patches/no-test-lang.diff
deleted file mode 100644
index 11fee0f..0000000
--- a/debian/patches/no-test-lang.diff
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/Makefile
-+++ b/Makefile
-@@ -125,7 +125,7 @@ client-dirs:
-
- lint: bootstrap-autogen
- ./make-lint $(LINT_OPTIONS)
-- $(MAKE) -C install/po validate-src-strings
-+# $(MAKE) -C install/po validate-src-strings
-
-
- test:
diff --git a/debian/patches/prefix.patch b/debian/patches/prefix.patch
index e6af7b6..a3ed703 100644
--- a/debian/patches/prefix.patch
+++ b/debian/patches/prefix.patch
@@ -5,23 +5,19 @@ use the debian layout when installing python modules
--- a/Makefile
+++ b/Makefile
-@@ -107,11 +107,11 @@ client-install: client client-dirs
- done
+@@ -113,9 +113,9 @@ client-install: client client-dirs
cd install/po && $(MAKE) install || exit 1;
- if [ "$(DESTDIR)" = "" ]; then \
-- $(PYTHON) setup-client.py install; \
-- (cd ipaplatform && $(PYTHON) setup.py install); \
-+ $(PYTHON) setup-client.py install --install-layout=deb; \
-+ (cd ipaplatform && $(PYTHON) setup.py install --install-layout=deb); \
- else \
-- $(PYTHON) setup-client.py install --root $(DESTDIR); \
-- (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR)); \
-+ $(PYTHON) setup-client.py install --root $(DESTDIR) --install-layout=deb; \
-+ (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \
- fi
+ @for subdir in $(CLIENTPYDIRS); do \
+ if [ "$(DESTDIR)" = "" ]; then \
+- (cd $$subdir && $(PYTHON) setup.py install); \
++ (cd $$subdir && $(PYTHON) setup.py install --install-layout=deb); \
+ else \
+- (cd $$subdir && $(PYTHON) setup.py install --root $(DESTDIR)); \
++ (cd $$subdir && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \
+ fi \
+ done
- client-dirs:
-@@ -187,11 +187,11 @@ server: version-update
+@@ -198,11 +198,11 @@ server: version-update
server-install: server
if [ "$(DESTDIR)" = "" ]; then \
@@ -37,7 +33,7 @@ use the debian layout when installing python modules
fi
tests: version-update tests-man-autogen
-@@ -202,7 +202,7 @@ tests-install: tests
+@@ -213,7 +213,7 @@ tests-install: tests
if [ "$(DESTDIR)" = "" ]; then \
cd ipatests; $(PYTHON) setup.py install; \
else \
@@ -48,7 +44,7 @@ use the debian layout when installing python modules
--- a/ipapython/Makefile
+++ b/ipapython/Makefile
-@@ -15,7 +15,7 @@ install:
+@@ -13,7 +13,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
$(PYTHON) setup.py install; \
else \
@@ -57,28 +53,6 @@ use the debian layout when installing python modules
fi
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
---- a/ipapython/py_default_encoding/Makefile
-+++ b/ipapython/py_default_encoding/Makefile
-@@ -13,7 +13,7 @@ install:
- if [ "$(DESTDIR)" = "" ]; then \
- python2 setup.py install; \
- else \
-- python2 setup.py install --root $(DESTDIR); \
-+ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \
- fi; \
- fi
-
---- a/ipapython/ipap11helper/Makefile
-+++ b/ipapython/ipap11helper/Makefile
-@@ -8,7 +8,7 @@ install:
- if [ "$(DESTDIR)" = "" ]; then \
- $(PYTHON) setup.py install; \
- else \
-- $(PYTHON) setup.py install --root $(DESTDIR); \
-+ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
- fi
-
- clean:
--- a/ipalib/Makefile
+++ b/ipalib/Makefile
@@ -12,7 +12,7 @@ install:
diff --git a/debian/patches/series b/debian/patches/series
index d0a09d3..f66c96a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,15 +3,12 @@
# not upstreamable
work-around-apache-fail.diff
prefix.patch
-no-test-lang.diff
# send upstream
add-debian-platform.diff
fix-ipa-conf.diff
fix-kdcproxy-paths.diff
fix-ipa-otpd-install.diff
-fix-certmonger-script-install.diff
-use-httpd-user.diff
fix-custodia-conf.diff
fix-replicainstall.diff
ipaplatform-Move-remaining-user-group-constants-to-i.patch
diff --git a/debian/patches/use-httpd-user.diff b/debian/patches/use-httpd-user.diff
deleted file mode 100644
index 76babbf..0000000
--- a/debian/patches/use-httpd-user.diff
+++ /dev/null
@@ -1,28 +0,0 @@
---- a/ipaserver/install/dogtaginstance.py
-+++ b/ipaserver/install/dogtaginstance.py
-@@ -34,6 +34,7 @@ from ipalib import errors
-
- from ipaplatform import services
- from ipaplatform.paths import paths
-+from ipaplatform.constants import constants
- from ipapython import certmonger
- from ipapython import ipaldap
- from ipapython import ipautil
-@@ -45,7 +46,7 @@ from ipaserver.install.installutils impo
- from ipapython.ipa_log_manager import log_mgr
-
- PKI_USER = "pkiuser"
--
-+HTTPD_USER = constants.HTTPD_USER
-
- def get_security_domain():
- """
-@@ -87,7 +88,7 @@ def export_kra_agent_pem():
- "--client-cert", filename]
- ipautil.run(args)
-
-- pent = pwd.getpwnam("apache")
-+ pent = pwd.getpwnam(HTTPD_USER)
- os.chown(filename, 0, pent.pw_gid)
- os.chmod(filename, 0o440)
-
diff --git a/debian/patches/work-around-apache-fail.diff b/debian/patches/work-around-apache-fail.diff
index 578c76a..91bb700 100644
--- a/debian/patches/work-around-apache-fail.diff
+++ b/debian/patches/work-around-apache-fail.diff
@@ -1,7 +1,7 @@
Description: service apache2 restart fails on sid, so don't do that
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
-@@ -176,7 +176,8 @@ class HTTPInstance(service.Service):
+@@ -191,7 +191,8 @@ class HTTPInstance(service.Service):
def __start(self):
self.backup_state("running", self.is_running())
@@ -21,11 +21,11 @@ Description: service apache2 restart fails on sid, so don't do that
+ http.stop()
+ http.start()
- return 0
-
+ # execute ipactl to refresh services status
+ ipautil.run(['ipactl', 'start', '--ignore-service-failures'],
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
-@@ -967,7 +967,8 @@ def install(installer):
+@@ -999,7 +999,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
@@ -33,11 +33,11 @@ Description: service apache2 restart fails on sid, so don't do that
+ http.stop()
+ http.start()
- if setup_kra:
- kra.install(api, None, options)
+ # update DNA shared config entry is done as far as possible
+ # from restart to avoid waiting for its creation
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
-@@ -777,7 +777,8 @@ def install(installer):
+@@ -856,7 +856,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
diff --git a/debian/rules b/debian/rules
index 2a65dd6..f7c04f1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -16,7 +16,7 @@ export JAVA_STACK_SIZE
SOURCE = freeipa
gentarball: UV=$(shell dpkg-parsechangelog|awk '/^Version:/ {print $$2}'|sed 's/-.*$$//')
gentarball:
- git archive --format=tar upstream --prefix=$(SOURCE)-$(UV)/ | xz --best > ../$(SOURCE)_$(UV).orig.tar.xz
+ git archive --format=tar experimental --prefix=$(SOURCE)-$(UV)/ | xz --best > ../$(SOURCE)_$(UV).orig.tar.xz
override_dh_auto_clean:
for i in daemons install ipapython ipaserver ipa-client; do \
commit 367a1cbd1e01cf758414f97606028571768fb459
Author: Martin Basti <mbasti at redhat.com>
Date: Wed Mar 2 17:13:27 2016 +0100
fix suspicious except statements
The "except ValueError as UnicodeDecodeError" looks very suspicious.
Commit change except to catch both exceptions.
https://fedorahosted.org/freeipa/ticket/5718
Reviewed-By: Tomas Babej <tbabej at redhat.com>
diff --git a/client/ipa-client-install b/client/ipa-client-install
index 881efc1..a24ac29 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -1794,7 +1794,7 @@ def update_ssh_keys(server, hostname, ssh_dir, create_sshfp):
continue
try:
pubkey = SSHPublicKey(line)
- except ValueError as UnicodeDecodeError:
+ except (ValueError, UnicodeDecodeError):
continue
root_logger.info("Adding SSH public key from %s", filename)
pubkeys.append(pubkey)
diff --git a/ipalib/util.py b/ipalib/util.py
index c9a0237..df22699 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -280,13 +280,13 @@ def normalize_sshpubkey(value):
def validate_sshpubkey(ugettext, value):
try:
SSHPublicKey(value)
- except ValueError as UnicodeDecodeError:
+ except (ValueError, UnicodeDecodeError):
return _('invalid SSH public key')
def validate_sshpubkey_no_options(ugettext, value):
try:
pubkey = SSHPublicKey(value)
- except ValueError as UnicodeDecodeError:
+ except (ValueError, UnicodeDecodeError):
return _('invalid SSH public key')
if pubkey.has_options():
@@ -306,7 +306,7 @@ def convert_sshpubkey_post(ldap, dn, entry_attrs):
for pubkey in pubkeys:
try:
pubkey = SSHPublicKey(pubkey)
- except ValueError as UnicodeDecodeError:
+ except (ValueError, UnicodeDecodeError):
continue
fp = pubkey.fingerprint_hex_md5()
commit b6bd8742ee036902546a495822c76e97831295e4
Author: Martin Basti <mbasti at redhat.com>
Date: Wed Feb 24 17:45:55 2016 +0100
CI: allow customized DS install test to work with domain levels
Test will use tasks methods instead of custom commands to be able work
with domain levels.
https://fedorahosted.org/freeipa/ticket/5606
Reviewed-By: Milan Kubik <mkubik at redhat.com>
diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py
index ad2eab2..cb96201 100644
--- a/ipatests/test_integration/tasks.py
+++ b/ipatests/test_integration/tasks.py
@@ -224,7 +224,7 @@ def enable_replication_debugging(host):
stdin_text=logging_ldif)
-def install_master(host, setup_dns=True, setup_kra=False):
+def install_master(host, setup_dns=True, setup_kra=False, extra_args=()):
host.collect_log(paths.IPASERVER_INSTALL_LOG)
host.collect_log(paths.IPACLIENT_INSTALL_LOG)
inst = host.domain.realm.replace('.', '-')
@@ -250,6 +250,8 @@ def install_master(host, setup_dns=True, setup_kra=False):
'--auto-reverse'
])
+ args.extend(extra_args)
+
host.run_command(args)
enable_replication_debugging(host)
setup_sssd_debugging(host)
@@ -307,7 +309,7 @@ def replica_prepare(master, replica):
def install_replica(master, replica, setup_ca=True, setup_dns=False,
- setup_kra=False):
+ setup_kra=False, extra_args=()):
replica.collect_log(paths.IPAREPLICA_INSTALL_LOG)
replica.collect_log(paths.IPAREPLICA_CONNCHECK_LOG)
allow_sync_ptr(master)
@@ -325,6 +327,9 @@ def install_replica(master, replica, setup_ca=True, setup_dns=False,
])
if master_authoritative_for_client_domain(master, replica):
args.extend(['--ip-address', replica.ip])
+
+ args.extend(extra_args)
+
if domainlevel(master) == DOMAIN_LEVEL_0:
# prepare the replica file on master and put it to replica, AKA "old way"
replica_prepare(master, replica)
diff --git a/ipatests/test_integration/test_customized_ds_config_install.py b/ipatests/test_integration/test_customized_ds_config_install.py
index 0d8c836..b0ee8f7 100644
--- a/ipatests/test_integration/test_customized_ds_config_install.py
+++ b/ipatests/test_integration/test_customized_ds_config_install.py
@@ -59,14 +59,9 @@ class TestCustomInstallMaster(IntegrationTest):
cls.master.put_file_contents(CONFIG_LDIF_PATH, DIRSRV_CONFIG_MODS)
def test_customized_ds_install_master(self):
- args = [
- 'ipa-server-install', '-U',
- '-r', self.master.domain.name,
- '-p', self.master.config.dirman_password,
- '-a', self.master.config.admin_password,
- '--dirsrv-config-file', CONFIG_LDIF_PATH,
- ]
- self.master.run_command(args)
+ tasks.install_master(self.master, setup_dns=False, extra_args=[
+ '--dirsrv-config-file', CONFIG_LDIF_PATH
+ ])
class TestCustomInstallReplica(IntegrationTest):
@@ -83,12 +78,6 @@ class TestCustomInstallReplica(IntegrationTest):
tasks.install_master(cls.master)
def test_customized_ds_install_replica(self):
- tasks.replica_prepare(self.master, self.replicas[0])
- replica_filename = tasks.get_replica_filename(self.replicas[0])
- args = ['ipa-replica-install', '-U',
- '-p', self.replicas[0].config.dirman_password,
- '-w', self.replicas[0].config.admin_password,
- '--ip-address', self.replicas[0].ip,
- '--dirsrv-config-file', CONFIG_LDIF_PATH,
- replica_filename]
- self.replicas[0].run_command(args)
+ tasks.install_replica(
+ self.master, self.replicas[0], setup_ca=False,
+ extra_args=['--dirsrv-config-file', CONFIG_LDIF_PATH])
commit c1323f6b9d6a32f1cb51d42c1a502f9a32b3eb93
Author: Tomas Babej <tbabej at redhat.com>
Date: Fri Feb 26 14:28:26 2016 +0100
adtrustinstance: Make sure smb.conf exists
The 'net' command fails unless smb.conf exists. Touch
the file prior to any 'net' call to make sure we do not crash
for this very reason.
https://fedorahosted.org/freeipa/ticket/5687
Reviewed-By: Martin Basti <mbasti at redhat.com>
More information about the Pkg-freeipa-devel
mailing list