[Pkg-freeipa-devel] freeipa: Changes to 'master-next'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Wed Mar 30 13:31:48 UTC 2016
debian/changelog | 2
debian/control | 11
debian/freeipa-server-trust-ad.install | 2
debian/freeipa-server.install | 1
debian/patches/add-debian-platform.diff | 2
debian/patches/configure-apache-from-installer.diff | 58 -
debian/patches/fix-kdcproxy-paths.diff | 12
debian/patches/fix-oddjobs.diff | 58 +
debian/patches/purge-firefox-extension.diff | 682 ++++++++++++++++++++
debian/patches/series | 2
debian/python-ipaserver.install | 34
debian/rules | 11
12 files changed, 817 insertions(+), 58 deletions(-)
New commits:
commit 8605c7b6e2d560bbe2dacb3cf31d1c161cba98a8
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Mar 30 06:49:02 2016 +0300
rules: Don't enable systemd units on install.
diff --git a/debian/rules b/debian/rules
index 3721bcf..2647fe7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -108,6 +108,13 @@ endif
override_dh_install:
dh_install --fail-missing
+override_dh_systemd_enable:
+ dh_systemd_enable -pfreeipa-server --no-enable ipa.service
+ dh_systemd_enable -pfreeipa-server --no-enable ipa_memcached.service
+ dh_systemd_enable -pfreeipa-server --no-enable ipa-dnskeysyncd.service
+ dh_systemd_enable -pfreeipa-server --no-enable ipa-custodia.service
+ dh_systemd_enable -pfreeipa-server --no-enable ipa-ods-exporter.service
+
override_dh_fixperms:
dh_fixperms
chmod 0700 $(CURDIR)/debian/freeipa-server/etc/ipa/custodia
commit b6186dd3aef59f455df8ee001341bb14f5fc24da
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Wed Mar 30 06:48:18 2016 +0300
purge-firefox-extension.diff: Clean obsolete kerberosauth.xpi
diff --git a/debian/freeipa-server.install b/debian/freeipa-server.install
index 9acd28c..8ef3ff1 100644
--- a/debian/freeipa-server.install
+++ b/debian/freeipa-server.install
@@ -59,7 +59,6 @@ usr/share/ipa/*.template
usr/share/ipa/*.uldif
usr/share/ipa/advise/legacy/*.template
usr/share/ipa/copy-schema-to-ca.py
-usr/share/ipa/ffextension/*
usr/share/ipa/html/*
usr/share/ipa/ipa-pki-proxy.conf
usr/share/ipa/ipa-rewrite.conf
diff --git a/debian/patches/purge-firefox-extension.diff b/debian/patches/purge-firefox-extension.diff
new file mode 100644
index 0000000..2339516
--- /dev/null
+++ b/debian/patches/purge-firefox-extension.diff
@@ -0,0 +1,682 @@
+commit 5d6e79b8f03198056103a31acc20536f8323756d
+Author: Timo Aaltonen <tjaalton at debian.org>
+Date: Tue Mar 29 21:33:15 2016 +0300
+
+ Purge firefox extension
+
+diff --git a/freeipa.spec.in b/freeipa.spec.in
+index b0861d8..67152f6 100644
+--- a/freeipa.spec.in
++++ b/freeipa.spec.in
+@@ -158,7 +158,6 @@ Requires: pki-ca >= 10.2.6-13
+ Requires: pki-kra >= 10.2.6-13
+ Requires(preun): python systemd-units
+ Requires(postun): python systemd-units
+-Requires: zip
+ Requires: policycoreutils >= 2.1.12-5
+ Requires: tar
+ Requires(pre): certmonger >= 0.78
+diff --git a/install/Makefile.am b/install/Makefile.am
+index ac52ad3..d13ecb7 100644
+--- a/install/Makefile.am
++++ b/install/Makefile.am
+@@ -7,7 +7,6 @@ NULL =
+ SUBDIRS = \
+ certmonger \
+ conf \
+- ffextension \
+ html \
+ migration \
+ share \
+diff --git a/install/ffextension/Makefile.am b/install/ffextension/Makefile.am
+deleted file mode 100644
+index 7a72205..0000000
+--- a/install/ffextension/Makefile.am
++++ /dev/null
+@@ -1,23 +0,0 @@
+-AUTOMAKE_OPTIONS = 1.7
+-
+-NULL =
+-
+-SUBDIRS = \
+- chrome \
+- locale \
+- $(NULL)
+-
+-appdir = $(IPA_DATA_DIR)/ffextension
+-app_DATA = \
+- bootstrap.js \
+- chrome.manifest \
+- install.rdf \
+- $(NULL)
+-
+-EXTRA_DIST = \
+- $(app_DATA) \
+- $(NULL)
+-
+-MAINTAINERCLEANFILES = \
+- *~ \
+- Makefile.in
+diff --git a/install/ffextension/bootstrap.js b/install/ffextension/bootstrap.js
+deleted file mode 100644
+index 7e2ae57..0000000
+--- a/install/ffextension/bootstrap.js
++++ /dev/null
+@@ -1,88 +0,0 @@
+-// Heavily inspired by Dave Townsend's post:
+-// Playing with windows in restartless (bootstrapped) extensions
+-// http://www.oxymoronical.com/blog/2011/01/Playing-with-windows-in-restartless-bootstrapped-extensions
+-
+-const Cc = Components.classes;
+-const Ci = Components.interfaces;
+-const Cu = Components.utils;
+-
+-var WindowListener = {
+-
+- setupBrowserUI: function(domWindow) {
+- var doc = domWindow.document;
+- domWindow.kerberosauth_listener = kerberosauth_listener(domWindow);
+- doc.addEventListener('kerberos-auth-config', domWindow.kerberosauth_listener, false, true);
+- },
+-
+- tearDownBrowserUI: function(domWindow) {
+-
+- var doc = domWindow.document;
+- doc.removeEventListener('kerberos-auth-config', domWindow.kerberosauth_listener);
+- delete domWindow.kerberosauth_listener;
+- },
+-
+- // nsIWindowMediatorListener functions
+- onOpenWindow: function(xulWindow) {
+- // A new window has opened
+- var domWindow = xulWindow.QueryInterface(Ci.nsIInterfaceRequestor).
+- getInterface(Ci.nsIDOMWindowInternal);
+-
+- // Wait for it to finish loading
+- domWindow.addEventListener("load", function listener() {
+- domWindow.removeEventListener("load", listener, false);
+-
+- // If this is a browser window then setup its UI
+- if (domWindow.document.documentElement.getAttribute("windowtype") === "navigator:browser") {
+- WindowListener.setupBrowserUI(domWindow);
+- }
+- }, false);
+- },
+-
+- onCloseWindow: function(xulWindow) {
+- },
+-
+- onWindowTitleChange: function(xulWindow, newTitle) {
+- }
+-};
+-
+-function startup(data, reason) {
+- var wm = Cc["@mozilla.org/appshell/window-mediator;1"].getService(Ci.nsIWindowMediator);
+-
+- Cu['import']("chrome://kerberosauth/content/kerberosauth.js");
+-
+- // Get the list of browser windows already open
+- var windows = wm.getEnumerator("navigator:browser");
+- while (windows.hasMoreElements()) {
+- var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow);
+-
+- WindowListener.setupBrowserUI(domWindow);
+- }
+-
+- // Wait for any new browser windows to open
+- wm.addListener(WindowListener);
+-}
+-
+-function shutdown(data, reason) {
+- // When the application is shutting down we normally don't have to clean
+- // up any UI changes made
+- if (reason == APP_SHUTDOWN)
+- return;
+-
+- var wm = Cc["@mozilla.org/appshell/window-mediator;1"].
+- getService(Ci.nsIWindowMediator);
+-
+- // Get the list of browser windows already open
+- var windows = wm.getEnumerator("navigator:browser");
+- while (windows.hasMoreElements()) {
+- var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow);
+- WindowListener.tearDownBrowserUI(domWindow);
+- }
+-
+- // Stop listening for any new browser windows to open
+- wm.removeListener(WindowListener);
+-
+- Cu.unload("chrome://kerberosauth/content/kerberosauth.js");
+-}
+-
+-function install() {}
+-function uninstall() {}
+\ No newline at end of file
+diff --git a/install/ffextension/chrome.manifest b/install/ffextension/chrome.manifest
+deleted file mode 100644
+index 775d3a3..0000000
+--- a/install/ffextension/chrome.manifest
++++ /dev/null
+@@ -1,4 +0,0 @@
+-content kerberosauth chrome/content/
+-resource kerberosauth chrome/content/
+-overlay chrome://browser/content/browser.xul resource://kerberosauth/kerberosauth_overlay.xul
+-locale kerberosauth en-US locale/en-US/
+\ No newline at end of file
+diff --git a/install/ffextension/chrome/Makefile.am b/install/ffextension/chrome/Makefile.am
+deleted file mode 100644
+index 10d23a7..0000000
+--- a/install/ffextension/chrome/Makefile.am
++++ /dev/null
+@@ -1,19 +0,0 @@
+-AUTOMAKE_OPTIONS = 1.7
+-
+-NULL =
+-
+-SUBDIRS = \
+- content \
+- $(NULL)
+-
+-appdir = $(IPA_DATA_DIR)/ffextension/chrome
+-app_DATA = \
+- $(NULL)
+-
+-EXTRA_DIST = \
+- $(app_DATA) \
+- $(NULL)
+-
+-MAINTAINERCLEANFILES = \
+- *~ \
+- Makefile.in
+diff --git a/install/ffextension/chrome/content/Makefile.am b/install/ffextension/chrome/content/Makefile.am
+deleted file mode 100644
+index 7ff81e5..0000000
+--- a/install/ffextension/chrome/content/Makefile.am
++++ /dev/null
+@@ -1,17 +0,0 @@
+-AUTOMAKE_OPTIONS = 1.7
+-
+-NULL =
+-
+-appdir = $(IPA_DATA_DIR)/ffextension/chrome/content
+-app_DATA = \
+- kerberosauth_overlay.xul \
+- kerberosauth.js \
+- $(NULL)
+-
+-EXTRA_DIST = \
+- $(app_DATA) \
+- $(NULL)
+-
+-MAINTAINERCLEANFILES = \
+- *~ \
+- Makefile.in
+diff --git a/install/ffextension/chrome/content/kerberosauth.js b/install/ffextension/chrome/content/kerberosauth.js
+deleted file mode 100644
+index c5afde9..0000000
+--- a/install/ffextension/chrome/content/kerberosauth.js
++++ /dev/null
+@@ -1,197 +0,0 @@
+-/* Authors:
+- * Petr Vobornik <pvoborni at redhat.com>
+- *
+- * Copyright (C) 2012 Red Hat
+- * see file 'COPYING' for use and warranty information
+- *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation, either version 3 of the License, or
+- * (at your option) any later version.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with this program. If not, see <http://www.gnu.org/licenses/>.
+- */
+-
+-var EXPORTED_SYMBOLS = ["kerberosauth", "kerberosauth_listener"];
+-
+-var Cc = Components.classes;
+-var Ci = Components.interfaces;
+-
+-var kerberosauth = {
+-
+- // Dictionary of configuration options this extension can configure.
+- // An alias (key) is set for each options. Using a set of aliases limits
+- // configuration pages from supplying potential malicious options.
+- config_options: {
+- referer: ['network.http.sendRefererHeader', 'int'],
+- native_gss_lib: ['network.negotiate-auth.using-native-gsslib', 'bool'],
+- trusted_uris: ['network.negotiate-auth.trusted-uris', 'str'],
+- allow_proxies: ['network.negotiate-auth.allow-proxies', 'bool']
+- },
+-
+- // Some preconfigurations to make things easier. Can be good if UI is added
+- // (mostly for future usage).
+- predefined_configurations: {
+- ipa: {
+- referer: '2',
+- native_gss_lib: 'true',
+- trusted_uris: '',
+- allow_proxies: 'true',
+- append: ['trusted_uris']
+- }
+- },
+-
+- page_listener: function(event, dom_window) {
+-
+- var self = this;
+-
+- var conf = {
+- event: event,
+- window: dom_window || window,
+- element: event.target
+- };
+-
+- if (!conf.element.hasAttribute('method')) return;
+-
+- var method = conf.element.getAttribute('method');
+-
+- if (method === 'configure') self.configure(conf);
+- if (method === 'can_configure') self.send_response(conf.element, { answer: 'true' });
+- },
+-
+- send_response: function(element, options) {
+-
+- options = options || {};
+-
+- var doc = element.ownerDocument;
+-
+- for (var opt in options) {
+- element.setAttribute(opt, options[opt]);
+- }
+-
+- var answer_event = doc.createEvent("HTMLEvents");
+- answer_event.initEvent("kerberos-auth-answer", true, false);
+- element.dispatchEvent(answer_event);
+- },
+-
+- notify_installed: function(window) {
+- var doc = window.document;
+- var event = doc.createEvent("HTMLEvents");
+- event.initEvent("kerberos-auth-installed", true, false);
+- doc.dispatchEvent(event);
+- },
+-
+- configure: function(conf) {
+- var self = this;
+-
+- var options = {}; // options to be configured
+- var opt;
+-
+- // use predefined configuration if supplied
+- if (conf.element.hasAttribute('predefined')) {
+- var predefined = conf.element.getAttribute('predefined');
+-
+- var pconfig = self.predefined_configurations[predefined];
+- if (pconfig) {
+- for (opt in pconfig) {
+- options[opt] = pconfig[opt];
+- }
+- }
+- }
+-
+- // overwrite predefined with supplied and only supported options
+- for (var i=0; i < conf.element.attributes.length; i++) {
+- var attr = conf.element.attributes[i].name;
+- if (attr in self.config_options) {
+- options[attr] = conf.element.getAttribute(attr);
+- }
+- }
+-
+- if (self.prompt(conf, options)) {
+- self.configure_core(conf, options);
+- self.send_response(conf.element, { answer: 'configured' });
+- } else {
+- self.send_response(conf.element, { answer: 'aborted' });
+- }
+- },
+-
+- configure_core: function(conf, options) {
+-
+- var self = this;
+-
+- var prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
+- var append_opts = options.append || [];
+-
+- for (var opt in options) {
+-
+- if (!self.config_options[opt]) continue;
+-
+- var name = self.config_options[opt][0];
+- var type = self.config_options[opt][1];
+- var value = options[opt];
+-
+- if (type === 'str') {
+- if (value && append_opts.indexOf(opt) > -1) {
+- var current = prefs.getCharPref(name) || '';
+- if (this.str_contains(current, value)) {
+- continue;
+- } else if (current) {
+- value = current + ', ' + value;
+- }
+- }
+- prefs.setCharPref(name, value);
+- } else if (type ==='int') {
+- prefs.setIntPref(name, Number(value));
+- } else if (type === 'bool') {
+- prefs.setBoolPref(name, value === 'true');
+- }
+- }
+- },
+-
+- str_contains: function(str, value) {
+-
+- if (!str) return false;
+- var vals = str.split(',');
+- for (var i=0, l=vals.length; i<l; i++) {
+- if (vals[i].trim() === value) return true;
+- }
+- return false;
+- },
+-
+- prompt: function(conf, options) {
+- var strs = Cc["@mozilla.org/intl/stringbundle;1"].
+- getService(Ci.nsIStringBundleService).
+- createBundle("chrome://kerberosauth/locale/kerberosauth.properties");
+-
+- var prompts = Cc["@mozilla.org/embedcomp/prompt-service;1"].
+- getService(Ci.nsIPromptService);
+-
+- var title = strs.GetStringFromName('prompt_title');
+- var text = strs.GetStringFromName('prompt_topic');
+-
+- if (options.trusted_uris) {
+- text += strs.GetStringFromName('prompt_domain').replace('${domain}', options.trusted_uris);
+- }
+- text += strs.GetStringFromName('prompt_question');
+-
+- var flags = prompts.STD_YES_NO_BUTTONS;
+-
+- var confirmed = prompts.confirmEx(conf.window, title, text, flags, "","","",
+- null,{value: false}) === 0;
+- return confirmed;
+- }
+-};
+-
+-var kerberosauth_listener = function(window) {
+-
+- return function(event) {
+-
+- kerberosauth.page_listener(event, window);
+- };
+-};
+\ No newline at end of file
+diff --git a/install/ffextension/chrome/content/kerberosauth_overlay.xul b/install/ffextension/chrome/content/kerberosauth_overlay.xul
+deleted file mode 100644
+index acad079..0000000
+--- a/install/ffextension/chrome/content/kerberosauth_overlay.xul
++++ /dev/null
+@@ -1,9 +0,0 @@
+-<?xml version="1.0"?>
+-
+-<overlay id="kerberosauthOverlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+-
+- <script type="application/x-javascript">
+- Components.utils['import']("resource://kerberosauth/kerberosauth.js");
+- window.addEventListener('kerberos-auth-config', kerberosauth_listener(window), false, true);
+- </script>
+-</overlay>
+\ No newline at end of file
+diff --git a/install/ffextension/install.rdf b/install/ffextension/install.rdf
+deleted file mode 100644
+index d931f19..0000000
+--- a/install/ffextension/install.rdf
++++ /dev/null
+@@ -1,26 +0,0 @@
+-<?xml version="1.0"?>
+-<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
+-
+- <Description about="urn:mozilla:install-manifest">
+-
+- <em:id>kerberosauth at redhat.com</em:id>
+- <em:name>Kerberos Configuration</em:name>
+- <em:version>0.1</em:version>
+- <em:description>Configures browser to use negotiate authentication</em:description>
+- <em:type>2</em:type>
+- <em:creator>Red Hat, Inc.</em:creator>
+- <em:developer>Petr Vobornik</em:developer>
+- <em:homepageURL>http://www.redhat.com/</em:homepageURL>
+- <em:bootstrap>true</em:bootstrap>
+-
+- <!-- Firefox -->
+- <em:targetApplication>
+- <Description>
+- <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
+- <em:minVersion>10.0</em:minVersion>
+- <em:maxVersion>15.0.*</em:maxVersion>
+- </Description>
+- </em:targetApplication>
+- </Description>
+-</RDF>
+\ No newline at end of file
+diff --git a/install/ffextension/locale/Makefile.am b/install/ffextension/locale/Makefile.am
+deleted file mode 100644
+index 7e64536..0000000
+--- a/install/ffextension/locale/Makefile.am
++++ /dev/null
+@@ -1,19 +0,0 @@
+-AUTOMAKE_OPTIONS = 1.7
+-
+-NULL =
+-
+-SUBDIRS = \
+- en-US \
+- $(NULL)
+-
+-appdir = $(IPA_DATA_DIR)/ffextension/locale
+-app_DATA = \
+- $(NULL)
+-
+-EXTRA_DIST = \
+- $(app_DATA) \
+- $(NULL)
+-
+-MAINTAINERCLEANFILES = \
+- *~ \
+- Makefile.in
+diff --git a/install/ffextension/locale/en-US/Makefile.am b/install/ffextension/locale/en-US/Makefile.am
+deleted file mode 100644
+index d19e8c7..0000000
+--- a/install/ffextension/locale/en-US/Makefile.am
++++ /dev/null
+@@ -1,16 +0,0 @@
+-AUTOMAKE_OPTIONS = 1.7
+-
+-NULL =
+-
+-appdir = $(IPA_DATA_DIR)/ffextension/locale/en-US
+-app_DATA = \
+- kerberosauth.properties \
+- $(NULL)
+-
+-EXTRA_DIST = \
+- $(app_DATA) \
+- $(NULL)
+-
+-MAINTAINERCLEANFILES = \
+- *~ \
+- Makefile.in
+diff --git a/install/ffextension/locale/en-US/kerberosauth.properties b/install/ffextension/locale/en-US/kerberosauth.properties
+deleted file mode 100644
+index b822535..0000000
+--- a/install/ffextension/locale/en-US/kerberosauth.properties
++++ /dev/null
+@@ -1,4 +0,0 @@
+-prompt_title=Kerberos configuration confirmation
+-prompt_topic=The page you are visiting is trying to configure Firefox for Kerberos authentication.
+-prompt_domain=\n\nDomain: ${domain}
+-prompt_question=\n\nDo you want to configure the browser?
+\ No newline at end of file
+diff --git a/install/share/Makefile.am b/install/share/Makefile.am
+index b4cb831..b666bb2 100644
+--- a/install/share/Makefile.am
++++ b/install/share/Makefile.am
+@@ -51,7 +51,6 @@ app_DATA = \
+ krb5.conf.template \
+ krb5.ini.template \
+ krb.con.template \
+- krb.js.template \
+ krbrealm.con.template \
+ smb.conf.template \
+ smb.conf.empty \
+diff --git a/install/share/krb.js.template b/install/share/krb.js.template
+deleted file mode 100644
+index e7ea055..0000000
+--- a/install/share/krb.js.template
++++ /dev/null
+@@ -1,2 +0,0 @@
+-var IPA_REALM = "$REALM";
+-var IPA_DOMAIN = "$DOMAIN";
+\ No newline at end of file
+diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
+index 1b79015..19dffb0 100644
+--- a/ipaplatform/base/paths.py
++++ b/ipaplatform/base/paths.py
+@@ -180,7 +180,6 @@ class BasePathNamespace(object):
+ BIN_TIMEOUT = "/usr/bin/timeout"
+ UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
+ BIN_CURL = "/usr/bin/curl"
+- ZIP = "/usr/bin/zip"
+ BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
+ BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
+ BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
+@@ -223,12 +222,9 @@ class BasePathNamespace(object):
+ USERADD = "/usr/sbin/useradd"
+ USR_SHARE_IPA_DIR = "/usr/share/ipa/"
+ CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
+- FFEXTENSION = "/usr/share/ipa/ffextension"
+ IPA_HTML_DIR = "/usr/share/ipa/html"
+ CA_CRT = "/usr/share/ipa/html/ca.crt"
+- KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
+ KRB_CON = "/usr/share/ipa/html/krb.con"
+- KRB_JS = "/usr/share/ipa/html/krb.js"
+ HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
+ HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
+ NIS_ULDIF = "/usr/share/ipa/nis.uldif"
+diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
+index b0fbe69..8b2d2ea 100644
+--- a/ipaserver/install/httpinstance.py
++++ b/ipaserver/install/httpinstance.py
+@@ -130,7 +130,7 @@ class HTTPInstance(service.Service):
+ subject_base = ipautil.dn_attribute_property('_subject_base')
+
+ def create_instance(self, realm, fqdn, domain_name, dm_password=None,
+- autoconfig=True, pkcs12_info=None,
++ pkcs12_info=None,
+ subject_base=None, auto_redirect=True, ca_file=None,
+ ca_is_configured=None, promote=False):
+ self.fqdn = fqdn
+@@ -173,8 +173,6 @@ class HTTPInstance(service.Service):
+ self.step("setting up httpd keytab", self.__create_http_keytab)
+ self.step("setting up ssl", self.__setup_ssl)
+ self.step("importing CA certificates from LDAP", self.__import_ca_certs)
+- if autoconfig:
+- self.step("setting up browser autoconfig", self.__setup_autoconfig)
+ if not self.promote:
+ self.step("publish CA cert", self.__publish_ca_cert)
+ self.step("clean up any existing httpd ccache", self.remove_httpd_ccache)
+@@ -371,42 +369,6 @@ class HTTPInstance(service.Service):
+ db = certs.CertDB(self.realm, subject_base=self.subject_base)
+ self.import_ca_certs(db, self.ca_is_configured)
+
+- def __setup_autoconfig(self):
+- self.setup_firefox_extension(self.realm, self.domain)
+-
+- def setup_firefox_extension(self, realm, domain):
+- """Set up the signed browser configuration extension
+- """
+-
+- target_fname = paths.KRB_JS
+- sub_dict = dict(REALM=realm, DOMAIN=domain)
+- db = certs.CertDB(realm)
+- with open(db.passwd_fname) as pwdfile:
+- pwd = pwdfile.read()
+-
+- ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template",
+- target_fname, sub_dict)
+- os.chmod(target_fname, 0o644)
+-
+- # Setup extension
+- tmpdir = tempfile.mkdtemp(prefix="tmp-")
+- extdir = tmpdir + "/ext"
+- target_fname = paths.KERBEROSAUTH_XPI
+- shutil.copytree(paths.FFEXTENSION, extdir)
+- if db.has_nickname('Signing-Cert'):
+- db.run_signtool(["-k", "Signing-Cert",
+- "-p", pwd,
+- "-X", "-Z", target_fname,
+- extdir])
+- else:
+- root_logger.warning('Object-signing certificate was not found. '
+- 'Creating unsigned Firefox configuration extension.')
+- filenames = os.listdir(extdir)
+- ipautil.run([paths.ZIP, '-r', target_fname] + filenames,
+- cwd=extdir)
+- shutil.rmtree(tmpdir)
+- os.chmod(target_fname, 0o644)
+-
+ def __publish_ca_cert(self):
+ ca_db = certs.CertDB(self.realm)
+ ca_db.publish_ca_cert(paths.CA_CRT)
+diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
+index e3052c1..6d7ccde 100644
+--- a/ipaserver/install/server/replicainstall.py
++++ b/ipaserver/install/server/replicainstall.py
+@@ -180,12 +180,10 @@ def install_http(config, auto_redirect, ca_is_configured, promote=False,
+ http = httpinstance.HTTPInstance()
+ http.create_instance(
+ config.realm_name, config.host_name, config.domain_name,
+- config.dirman_password, False, pkcs12_info,
++ config.dirman_password, pkcs12_info,
+ auto_redirect=auto_redirect, ca_file=ca_file,
+ ca_is_configured=ca_is_configured, promote=promote)
+
+- http.setup_firefox_extension(config.realm_name, config.domain_name)
+-
+ return http
+
+
+diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
+index 3e60cfd..622f5f1 100644
+--- a/ipaserver/install/server/upgrade.py
++++ b/ipaserver/install/server/upgrade.py
+@@ -282,16 +282,6 @@ def cleanup_adtrust(fstore):
+ root_logger.debug('Removing %s from backup', backed_up_file)
+
+
+-def setup_firefox_extension(fstore):
+- """Set up the Firefox configuration extension, if it's not set up yet
+- """
+- root_logger.info('[Setting up Firefox extension]')
+- http = httpinstance.HTTPInstance(fstore)
+- realm = api.env.realm
+- domain = api.env.domain
+- http.setup_firefox_extension(realm, domain)
+-
+-
+ def ca_configure_profiles_acl(ca):
+ root_logger.info('[Authorizing RA Agent to modify profiles]')
+
+@@ -1600,7 +1590,6 @@ def upgrade_configuration():
+
+ cleanup_kdc(fstore)
+ cleanup_adtrust(fstore)
+- setup_firefox_extension(fstore)
+ add_ca_dns_records()
+
+ # Any of the following functions returns True iff the named.conf file
diff --git a/debian/patches/series b/debian/patches/series
index cf841b9..ae18109 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,4 @@ create-sysconfig-ods.diff
fix-named-conf-template.diff
fix-memcached.diff
fix-oddjobs.diff
+purge-firefox-extension.diff
commit 1b7456884624b3cd7256fb3325677dca808ee77a
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Mar 29 19:20:15 2016 +0300
fix-oddjobs.diff: Fix paths and uids in oddjob configs.
diff --git a/debian/changelog b/debian/changelog
index 1e0d360..a1963cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -34,7 +34,6 @@ freeipa (4.3.1-1) UNRELEASED; urgency=medium
* control, server: Migrate to mod-auth-gssapi.
* Split freeipa-server-dns from server.
* admintools: Use the new location for bash completions.
- * rules: Fix paths in oddjob configs.
* control, rules, fix-ipa-conf.diff: Add support for custodia.
* rules: Remove obsolete configure.jar, preferences.html.
* platform: Fix ipautil.run stdout handling, add support for systemd.
@@ -74,6 +73,7 @@ freeipa (4.3.1-1) UNRELEASED; urgency=medium
* rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean.
* control: Add opendnssec to freeipa-server-dns depends.
* control: Add python-cffi to python-ipalib depends.
+ * fix-oddjobs.diff: Fix paths and uids in oddjob configs.
-- Timo Aaltonen <tjaalton at debian.org> Sat, 03 Oct 2015 08:56:31 +0300
diff --git a/debian/patches/fix-oddjobs.diff b/debian/patches/fix-oddjobs.diff
new file mode 100644
index 0000000..215005c
--- /dev/null
+++ b/debian/patches/fix-oddjobs.diff
@@ -0,0 +1,58 @@
+--- a/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
++++ b/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
+@@ -30,7 +30,7 @@
+ send_member="Get"/>
+ </policy>
+
+- <policy user="apache">
++ <policy user="www-data">
+ <allow send_destination="com.redhat.idm.trust"
+ send_path="/"
+ send_interface="com.redhat.idm.trust"
+--- a/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
++++ b/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
+@@ -10,7 +10,7 @@
+ <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+ </policy>
+
+- <policy user="apache">
++ <policy user="www-data">
+ <allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
+ </policy>
+
+--- a/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
++++ b/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
+@@ -2,11 +2,11 @@
+ <oddjobconfig>
+ <service name="org.freeipa.server">
+ <allow user="root"/>
+- <allow user="apache"/>
++ <allow user="www-data"/>
+ <object name="/">
+ <interface name="org.freeipa.server">
+ <method name="conncheck">
+- <helper exec="/usr/libexec/ipa/oddjob/org.freeipa.server.conncheck"
++ <helper exec="/usr/lib/ipa/oddjob/org.freeipa.server.conncheck"
+ arguments="1"
+ prepend_user_name="no"
+ argument_passing_method="cmdline"/>
+--- a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
++++ b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
+@@ -2,7 +2,7 @@
+ <oddjobconfig>
+ <service name="com.redhat.idm.trust">
+ <allow user="root"/>
+- <allow user="apache"/>
++ <allow user="www-data"/>
+ <object name="/">
+ <interface name="org.freedesktop.DBus.Introspectable">
+ <allow min_uid="0" max_uid="0"/>
+@@ -10,7 +10,7 @@
+ </interface>
+ <interface name="com.redhat.idm.trust">
+ <method name="fetch_domains">
+- <helper exec="/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains"
++ <helper exec="/usr/lib/ipa/oddjob/com.redhat.idm.trust-fetch-domains"
+ arguments="1"
+ argument_passing_method="cmdline"
+ prepend_user_name="no"/>
diff --git a/debian/patches/series b/debian/patches/series
index b3314ad..cf841b9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,3 +17,4 @@ fix-dnssec-services.diff
create-sysconfig-ods.diff
fix-named-conf-template.diff
fix-memcached.diff
+fix-oddjobs.diff
diff --git a/debian/rules b/debian/rules
index 4791dd9..3721bcf 100755
--- a/debian/rules
+++ b/debian/rules
@@ -94,10 +94,6 @@ ifneq ($(ONLY_CLIENT), 1)
install -m 0644 init/systemd/ipa-custodia.service $(DESTDIR)/lib/systemd/system
install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/usr/share/bash-completion/completions/ipa
- for i in $(DESTDIR)/etc/oddjobd.conf.d/ipa-server.conf \
- $(DESTDIR)/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf; do \
- sed -i -e"s/libexec.*\//lib\/ipa\/oddjob\//" $$i ; \
- done
else
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client-install DESTDIR=$(DESTDIR)
endif
commit 2692a1592f204140b05fd2c6037115c8b13aadc1
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Mar 29 12:23:19 2016 +0300
nss.conf imports HTTPD_IPA_REWRITE_CONF, so put it back in conf-available so it's not imported twice
diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff
index cd8c6e6..19aa825 100644
--- a/debian/patches/add-debian-platform.diff
+++ b/debian/patches/add-debian-platform.diff
@@ -89,7 +89,7 @@ Date: Fri Mar 1 12:21:00 2013 +0200
+# HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
+ HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf"
+ HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
-+ HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-enabled/ipa-rewrite.conf"
++ HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf"
+ HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+ HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
+# HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf"
commit d981db40661300332a2462c24ec6012ba801da82
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Mar 28 23:01:08 2016 +0300
move adtrust python stuff back to freeipa-server-trust-ad
diff --git a/debian/control b/debian/control
index a2ca0a3..c881d94 100644
--- a/debian/control
+++ b/debian/control
@@ -300,8 +300,8 @@ Description: FreeIPA centralized identity framework -- shared Python modules
Package: python-ipaserver
Architecture: all
Section: python
-Breaks: freeipa-server (<< 4.3.0-1), freeipa-server-trust-ad (<< 4.3.0-1)
-Replaces: freeipa-server (<< 4.3.0-1), freeipa-server-trust-ad (<< 4.3.0-1)
+Breaks: freeipa-server (<< 4.3.0-1)
+Replaces: freeipa-server (<< 4.3.0-1)
Depends:
freeipa-common (= ${binary:Version}),
pki-tools (>= 10.2.6-3),
diff --git a/debian/freeipa-server-trust-ad.install b/debian/freeipa-server-trust-ad.install
index 5a5a68d..5745212 100644
--- a/debian/freeipa-server-trust-ad.install
+++ b/debian/freeipa-server-trust-ad.install
@@ -1,6 +1,8 @@
etc/dbus-1/system.d/oddjob-ipa-trust.conf
etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
usr/lib/*/samba/pdb/ipasam.so
+usr/lib/python*/dist-packages/ipaserver/dcerpc.py
+usr/lib/python*/dist-packages/ipaserver/install/adtrustinstance*
usr/lib/ipa/oddjob/com.redhat.idm.trust-fetch-domains
usr/sbin/ipa-adtrust-install
usr/share/ipa/smb.conf.empty
diff --git a/debian/python-ipaserver.install b/debian/python-ipaserver.install
index bebc4a5..a91d314 100644
--- a/debian/python-ipaserver.install
+++ b/debian/python-ipaserver.install
@@ -1 +1,33 @@
-usr/lib/python*/dist-packages/ipaserver/
+usr/lib/python*/dist-packages/ipaserver/__init__*
+usr/lib/python*/dist-packages/ipaserver/advise/*
+usr/lib/python*/dist-packages/ipaserver/install/__init__.py
+usr/lib/python*/dist-packages/ipaserver/install/bindinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/ca.py
+usr/lib/python*/dist-packages/ipaserver/install/cainstance.py
+usr/lib/python*/dist-packages/ipaserver/install/certs.py
+usr/lib/python*/dist-packages/ipaserver/install/custodiainstance.py
+usr/lib/python*/dist-packages/ipaserver/install/dns.py
+usr/lib/python*/dist-packages/ipaserver/install/dnskeysyncinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/dogtaginstance.py
+usr/lib/python*/dist-packages/ipaserver/install/dsinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/httpinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/installutils.py
+usr/lib/python*/dist-packages/ipaserver/install/ipa_*.py
+usr/lib/python*/dist-packages/ipaserver/install/kra.py
+usr/lib/python*/dist-packages/ipaserver/install/krainstance.py
+usr/lib/python*/dist-packages/ipaserver/install/krbinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/ldapupdate.py
+usr/lib/python*/dist-packages/ipaserver/install/memcacheinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/ntpinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/odsexporterinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/opendnssecinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/otpdinstance.py
+usr/lib/python*/dist-packages/ipaserver/install/plugins
+usr/lib/python*/dist-packages/ipaserver/install/replication.py
+usr/lib/python*/dist-packages/ipaserver/install/schemaupdate.py
+usr/lib/python*/dist-packages/ipaserver/install/server/*
+usr/lib/python*/dist-packages/ipaserver/install/service.py
+usr/lib/python*/dist-packages/ipaserver/install/sysupgrade.py
+usr/lib/python*/dist-packages/ipaserver/install/upgradeinstance.py
+usr/lib/python*/dist-packages/ipaserver/plugins/*
+usr/lib/python*/dist-packages/ipaserver/rpcserver*
commit f066718caa9396bf947c2ac22389fbda92af0b7b
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Mar 28 09:16:40 2016 +0300
use https for vcs urs, and cgit
diff --git a/debian/control b/debian/control
index 6e83d8b..a2ca0a3 100644
--- a/debian/control
+++ b/debian/control
@@ -60,8 +60,8 @@ Build-Depends:
systemd,
uuid-dev
Standards-Version: 3.9.6
-Vcs-Git: git://anonscm.debian.org/pkg-freeipa/freeipa.git
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-freeipa/freeipa.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-freeipa/freeipa.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/freeipa.git
Homepage: http://www.freeipa.org
Package: freeipa-server
commit d153147fa238fccfacbb3f5f43515a427d161a24
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Mar 28 09:15:04 2016 +0300
add test dependencies
diff --git a/debian/control b/debian/control
index cad40d2..6e83d8b 100644
--- a/debian/control
+++ b/debian/control
@@ -226,6 +226,7 @@ Depends:
freeipa-client (>= ${source:Version}),
python-ipalib (>= ${source:Version}),
More information about the Pkg-freeipa-devel
mailing list