[Pkg-freeipa-devel] freeipa: Changes to 'master-next'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Jan 5 07:43:46 UTC 2018
debian/changelog | 12 ++++++++++++
debian/control | 13 +++++++------
debian/freeipa-client.tmpfile | 2 +-
debian/freeipa-server.install | 1 +
debian/freeipa-server.postinst | 21 +++++++++++++++++++++
debian/freeipa-server.postrm | 3 +++
debian/freeipa-server.tmpfile | 3 ---
debian/python-ipalib.install | 1 +
debian/python-ipaserver.install | 3 +++
debian/rules | 4 ++--
10 files changed, 51 insertions(+), 12 deletions(-)
New commits:
commit 8e8de8fb481615fee60d08258c1d3c87adf98b9f
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Sat Dec 23 10:35:04 2017 +0200
control: Depend on newer custodia, move dep on python-custodia to python-ipaserver.
diff --git a/debian/changelog b/debian/changelog
index 4eebe51..bf97194 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -37,6 +37,8 @@ freeipa (4.6.2-1) UNRELEASED; urgency=medium
* control: Bump dependency on bind9 and bind9-dyndb-ldap.
* control: add libapache2-mod-lookup-identity to server dependencies,
enable/disable it in postinst/postrm.
+ * control: Depend on newer custodia, move dep on python-custodia to
+ python-ipaserver.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 14 Mar 2017 16:55:45 +0200
diff --git a/debian/control b/debian/control
index 1dcef08..8ca924d 100644
--- a/debian/control
+++ b/debian/control
@@ -74,7 +74,7 @@ Depends:
acl,
apache2,
certmonger (>= 0.78.6-3),
- custodia,
+ custodia (>= 0.5.0),
fonts-font-awesome,
fonts-open-sans,
freeipa-admintools (= ${source:Version}),
@@ -281,7 +281,6 @@ Depends:
keyutils,
python-cffi,
python-cryptography,
- python-custodia,
python-dbus,
python-dnspython,
python-gssapi,
@@ -320,6 +319,7 @@ Replaces: freeipa-server (<< 4.3.0-1),
Depends:
freeipa-common (= ${binary:Version}),
pki-tools (>= 10.2.6-3),
+ python-custodia (>= 0.5.0),
python-dbus,
python-dnspython,
python-gssapi,
commit e2fb2aa85195834064c42da3e1ba6d1f9eb7f99d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Dec 22 19:24:12 2017 +0200
control: add libapache2-mod-lookup-identity to server dependencies, enable/disable it in postinst/postrm.
diff --git a/debian/changelog b/debian/changelog
index 424357c..4eebe51 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -35,6 +35,8 @@ freeipa (4.6.2-1) UNRELEASED; urgency=medium
* control: Drop libcurl4-nss-dev from build-depends, bump libkrb5-dev
build-dependency.
* control: Bump dependency on bind9 and bind9-dyndb-ldap.
+ * control: add libapache2-mod-lookup-identity to server dependencies,
+ enable/disable it in postinst/postrm.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 14 Mar 2017 16:55:45 +0200
diff --git a/debian/control b/debian/control
index c270ed0..1dcef08 100644
--- a/debian/control
+++ b/debian/control
@@ -88,6 +88,7 @@ Depends:
krb5-pkinit,
ldap-utils,
libapache2-mod-auth-gssapi (>= 1.5.0),
+ libapache2-mod-lookup-identity (>= 1.0.0),
libapache2-mod-nss (>= 1.0.10-2~),
libapache2-mod-wsgi,
libjs-dojo-core,
diff --git a/debian/freeipa-server.postinst b/debian/freeipa-server.postinst
index df0be8c..bbd5032 100644
--- a/debian/freeipa-server.postinst
+++ b/debian/freeipa-server.postinst
@@ -37,6 +37,9 @@ if [ "$1" = configure ]; then
if [ ! -e /etc/apache2/mods-enabled/headers.load ]; then
apache2_invoke enmod headers || exit $?
fi
+ if [ ! -e /etc/apache2/mods-enabled/lookup_identity.load ]; then
+ apache2_invoke enmod lookup_identity || exit $?
+ fi
if [ ! -e /etc/apache2/mods-enabled/proxy.load ]; then
apache2_invoke enmod proxy || exit $?
fi
diff --git a/debian/freeipa-server.postrm b/debian/freeipa-server.postrm
index 235ebba..3765846 100644
--- a/debian/freeipa-server.postrm
+++ b/debian/freeipa-server.postrm
@@ -24,6 +24,9 @@ case "$1" in
if [ -e /etc/apache2/mods-enabled/headers.load ]; then
apache2_invoke dismod headers || exit $?
fi
+ if [ -e /etc/apache2/mods-enabled/lookup_identity.load ]; then
+ apache2_invoke dismod lookup_identity || exit $?
+ fi
if [ -e /etc/apache2/mods-enabled/proxy.load ]; then
apache2_invoke dismod proxy || exit $?
fi
commit b717390f133f417ada58eff55637f518d1f0a836
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Dec 22 19:19:41 2017 +0200
control: Bump dependency on bind9 and bind9-dyndb-ldap.
diff --git a/debian/changelog b/debian/changelog
index 9a7ccac..424357c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -34,6 +34,7 @@ freeipa (4.6.2-1) UNRELEASED; urgency=medium
for now.
* control: Drop libcurl4-nss-dev from build-depends, bump libkrb5-dev
build-dependency.
+ * control: Bump dependency on bind9 and bind9-dyndb-ldap.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 14 Mar 2017 16:55:45 +0200
diff --git a/debian/control b/debian/control
index 452cf5f..c270ed0 100644
--- a/debian/control
+++ b/debian/control
@@ -126,8 +126,8 @@ Breaks: freeipa-server (<< 4.3.0-1)
Replaces: freeipa-server (<< 4.3.0-1)
Depends:
freeipa-server (>= ${source:Version}),
- bind9 (>= 1:9.10.3.dfsg.P4-8),
- bind9-dyndb-ldap (>= 10),
+ bind9 (>= 1:9.11),
+ bind9-dyndb-ldap (>= 11),
opendnssec (>= 1:1.4.9-2),
${misc:Depends},
${python:Depends},
commit ad0c3f22196bcf623f19bacaeaebb8e33d8c99a6
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Dec 22 19:12:58 2017 +0200
control: Drop libcurl4-nss-dev from build-depends, bump libkrb5-dev build-dependency.
diff --git a/debian/changelog b/debian/changelog
index c33613a..9a7ccac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,6 +32,8 @@ freeipa (4.6.2-1) UNRELEASED; urgency=medium
* control: Add python-sss to python-ipaserver depends.
* rules: Disable building on a builddirectory, it's broken upstream
for now.
+ * control: Drop libcurl4-nss-dev from build-depends, bump libkrb5-dev
+ build-dependency.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 14 Mar 2017 16:55:45 +0200
diff --git a/debian/control b/debian/control
index 67d2514..452cf5f 100644
--- a/debian/control
+++ b/debian/control
@@ -13,10 +13,9 @@ Build-Depends:
gettext,
krb5-user,
libcmocka-dev,
- libcurl4-nss-dev,
libini-config-dev,
libkrad-dev,
- libkrb5-dev (>= 1.13),
+ libkrb5-dev (>= 1.15),
libldap2-dev,
libnspr4-dev,
libnss3-dev,
commit 9611654766abe3db4b7062cf6380ccc986020bdb
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Dec 22 19:10:48 2017 +0200
rules: Disable building on a builddirectory, it's broken upstream for now.
diff --git a/debian/changelog b/debian/changelog
index ffa01bd..c33613a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -30,6 +30,8 @@ freeipa (4.6.2-1) UNRELEASED; urgency=medium
* Drop server tmpfile, ship upstream one, and create ipaapi/kdcproxy
users/groups on install and add www-data to ipaapi group.
* control: Add python-sss to python-ipaserver depends.
+ * rules: Disable building on a builddirectory, it's broken upstream
+ for now.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 14 Mar 2017 16:55:45 +0200
diff --git a/debian/rules b/debian/rules
index 4021640..3eea738 100755
--- a/debian/rules
+++ b/debian/rules
@@ -74,5 +74,5 @@ override_dh_fixperms:
fi
%:
- dh $@ --with autoreconf,python2,systemd \
- --builddirectory=build
+ dh $@ --with autoreconf,python2,systemd
+# --builddirectory=build
commit a62313a3cf4a93a7b0c960b30e5d14bc224b24d5
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Dec 22 17:18:34 2017 +0200
control: Add python-sss to python-ipaserver depends.
diff --git a/debian/changelog b/debian/changelog
index fd0208d..ffa01bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -29,6 +29,7 @@ freeipa (4.6.2-1) UNRELEASED; urgency=medium
* rules: Migrate to dh_missing.
* Drop server tmpfile, ship upstream one, and create ipaapi/kdcproxy
users/groups on install and add www-data to ipaapi group.
+ * control: Add python-sss to python-ipaserver depends.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 14 Mar 2017 16:55:45 +0200
diff --git a/debian/control b/debian/control
index 6172bae..67d2514 100644
--- a/debian/control
+++ b/debian/control
@@ -329,6 +329,7 @@ Depends:
python-ldap (>= 2.4.22),
python-libsss-nss-idmap,
python-pyasn1,
+ python-sss,
samba-common,
zip,
${misc:Depends},
commit 8c9a5238c6bc0c4f7587e3fb15c88a8afd5f06d9
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Dec 22 16:20:44 2017 +0200
update *.install
diff --git a/debian/freeipa-server.install b/debian/freeipa-server.install
index 971b45e..9f0ee7d 100644
--- a/debian/freeipa-server.install
+++ b/debian/freeipa-server.install
@@ -34,6 +34,7 @@ usr/lib/ipa/ipa-ods-exporter
usr/lib/ipa/ipa-otpd
usr/lib/ipa/ipa-pki-retrieve-key
usr/lib/ipa/oddjob/org.freeipa.server.conncheck
+usr/lib/tmpfiles.d/ipa.conf
usr/sbin/ipa-advise
usr/sbin/ipa-backup
usr/sbin/ipa-ca-install
diff --git a/debian/python-ipalib.install b/debian/python-ipalib.install
index aec89e9..f603124 100644
--- a/debian/python-ipalib.install
+++ b/debian/python-ipalib.install
@@ -1,6 +1,7 @@
usr/lib/python*/dist-packages/ipalib-*.egg-info
usr/lib/python*/dist-packages/ipalib/*
usr/lib/python*/dist-packages/ipaplatform-*.egg-info
+usr/lib/python*/dist-packages/ipaplatform-*-nspkg.pth
usr/lib/python*/dist-packages/ipaplatform/*
usr/lib/python*/dist-packages/ipapython-*.egg-info
usr/lib/python*/dist-packages/ipapython/*
diff --git a/debian/python-ipaserver.install b/debian/python-ipaserver.install
index 5f18f7f..6dfbd26 100644
--- a/debian/python-ipaserver.install
+++ b/debian/python-ipaserver.install
@@ -1,10 +1,13 @@
usr/lib/python*/dist-packages/ipaserver-*.egg-info
usr/lib/python*/dist-packages/ipaserver/__init__*
usr/lib/python*/dist-packages/ipaserver/advise/*
+usr/lib/python*/dist-packages/ipaserver/dcerpc.py
+usr/lib/python*/dist-packages/ipaserver/dcerpc_common.py
usr/lib/python*/dist-packages/ipaserver/dns_data_management*
usr/lib/python*/dist-packages/ipaserver/dnssec/*
usr/lib/python*/dist-packages/ipaserver/install/__init__.py
usr/lib/python*/dist-packages/ipaserver/install/adtrust.py
+usr/lib/python*/dist-packages/ipaserver/install/adtrustinstance.py
usr/lib/python*/dist-packages/ipaserver/install/bindinstance.py
usr/lib/python*/dist-packages/ipaserver/install/ca.py
usr/lib/python*/dist-packages/ipaserver/install/cainstance.py
commit 84a568bed2bba463a347f8dcd818d8256154e8a5
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Dec 22 16:20:19 2017 +0200
Drop server tmpfile, ship upstream one, and create ipaapi/kdcproxy users/groups on install and add www-data to ipaapi group.
diff --git a/debian/changelog b/debian/changelog
index 869b616..fd0208d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -27,6 +27,8 @@ freeipa (4.6.2-1) UNRELEASED; urgency=medium
drop d/autoreconf.
* local-options: Ignore some files not on tarballs.
* rules: Migrate to dh_missing.
+ * Drop server tmpfile, ship upstream one, and create ipaapi/kdcproxy
+ users/groups on install and add www-data to ipaapi group.
-- Timo Aaltonen <tjaalton at debian.org> Tue, 14 Mar 2017 16:55:45 +0200
diff --git a/debian/freeipa-client.tmpfile b/debian/freeipa-client.tmpfile
index 4a77b95..5d6759e 100644
--- a/debian/freeipa-client.tmpfile
+++ b/debian/freeipa-client.tmpfile
@@ -1 +1 @@
-d /var/run/ipa 0700 root root
+d /var/run/ipa 0711 root root
diff --git a/debian/freeipa-server.postinst b/debian/freeipa-server.postinst
index 4c1c76c..df0be8c 100644
--- a/debian/freeipa-server.postinst
+++ b/debian/freeipa-server.postinst
@@ -2,6 +2,24 @@
set -e
if [ "$1" = configure ]; then
+ if ! getent passwd kdcproxy > $OUT; then
+ adduser --quiet --system --home / \
+ --shell /usr/sbin/nologin --group \
+ --no-create-home --gecos "IPA KDC Proxy User" \
+ kdcproxy > $OUT
+ fi
+ if ! getent passwd ipaapi > $OUT; then
+ adduser --quiet --system --home / \
+ --shell /usr/sbin/nologin --group \
+ --no-create-home --gecos "IPA Framework User" \
+ ipaapi > $OUT
+ fi
+
+ # add www-data to ipaapi group
+ if ! id -Gn www-data | grep '\bipaapi\b' >/dev/null; then
+ usermod www-data -a -G ipaapi
+ fi
+
if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
. /usr/share/apache2/apache2-maintscript-helper
if [ ! -e /etc/apache2/mods-enabled/auth_gssapi.load ]; then
diff --git a/debian/freeipa-server.tmpfile b/debian/freeipa-server.tmpfile
deleted file mode 100644
index 52b5cb9..0000000
--- a/debian/freeipa-server.tmpfile
+++ /dev/null
@@ -1,3 +0,0 @@
-d /var/run/apache2/ipa 0700 www-data www-data
-d /var/run/apache2/ipa/clientcaches 0700 www-data www-data
-d /var/run/apache2/ipa/krbcache 0700 www-data www-data
More information about the Pkg-freeipa-devel
mailing list