[Pkg-freeipa-devel] [Git][freeipa-team/freeipa][master] 4 commits: server.postinst: Drop creating old ccaches for mod_auth_gssapi, obsolete.

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Thu Nov 18 19:22:41 GMT 2021 


Timo Aaltonen pushed to branch master at FreeIPA packaging / freeipa


Commits:
2b5cb6c3 by Timo Aaltonen at 2021-11-18T18:50:16+02:00
server.postinst: Drop creating old ccaches for mod_auth_gssapi, obsolete.

- - - - -
7bba5e75 by Timo Aaltonen at 2021-11-18T18:52:43+02:00
server.postinst: Drop old upgrade rules.

- - - - -
97062538 by Timo Aaltonen at 2021-11-18T19:11:43+02:00
patches: Fix named keytab name.

- - - - -
9fe1b05e by Timo Aaltonen at 2021-11-18T21:20:45+02:00
releasing package freeipa version 4.9.7-3

- - - - -


4 changed files:

- debian/changelog
- debian/freeipa-server.postinst
- + debian/patches/0001-ipaplatform-debian-Fix-named-keytab-name.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,16 @@
+freeipa (4.9.7-3) unstable; urgency=medium
+
+  * tests: Set KRB5_TRACE to use stderr.
+  * patches: Fix apache group properly.
+  * client: Move .tmpfile -> .tmpfiles.
+  * control: Bump debhelper to 13, gain dh_installtmpfiles being run.
+  * control, rules: Add --without-ipa-join-xml and drop libxmlrpc from depends.
+  * server.postinst: Drop creating old ccaches for mod_auth_gssapi, obsolete.
+  * server.postinst: Drop old upgrade rules.
+  * patches: Fix named keytab name.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Thu, 18 Nov 2021 21:20:16 +0200
+
 freeipa (4.9.7-2) unstable; urgency=medium
 
   * lintian: Drop override on python-script-but-no-python-dep, which doesn't


=====================================
debian/freeipa-server.postinst
=====================================
@@ -17,25 +17,6 @@ if [ "$1" = configure ]; then
             ipaapi > $OUT
     fi
 
-    # fix upgrade
-    if dpkg --compare-versions "$2" lt "4.7.0~pre2-1"; then
-        # mod_nss needs to be disabled before mod_ssl is enabled
-        if [ -e /etc/apache2/mods-enabled/nss.load ]; then
-            . /usr/share/apache2/apache2-maintscript-helper
-            apache2_invoke dismod nss || exit $?
-            # and if that's not enough, just remove the links to be sure
-            rm /etc/apache2/mods-enabled/nss.load /etc/apache2/mods-enabled/nss.conf
-        fi
-
-        # this is new in tmpfiles.d/ipa.conf, need to create it here
-        # for the upgrader
-        if [ ! -e /var/run/ipa/ccaches ]; then
-            mkdir /var/run/ipa/ccaches
-            chown ipaapi:ipaapi /var/run/ipa/ccaches
-            chmod 770 /var/run/ipa/ccaches
-        fi
-    fi
-
     chmod 711 /var/lib/ipa/sysrestore > $OUT || true
     chmod 700 /var/lib/ipa/passwds > $OUT || true
     chmod 700 /var/lib/ipa/private > $OUT || true
@@ -94,18 +75,4 @@ if [ "$1" = configure ]; then
     fi
 fi
 
-if [ ! -e /run/apache2/ipa ]; then
-    mkdir -m 0700 /run/apache2/ipa
-    chown www-data:www-data /run/apache2/ipa
-
-    if [ ! -e /run/apache2/ipa/clientcaches ]; then
-        mkdir -m 0700 /run/apache2/ipa/clientcaches
-        chown www-data:www-data /run/apache2/ipa/clientcaches
-    fi
-    if [ ! -e /run/apache2/ipa/krbcache ]; then
-        mkdir -m 0700 /run/apache2/ipa/krbcache
-        chown www-data:www-data /run/apache2/ipa/krbcache
-    fi
-fi
-
 #DEBHELPER#


=====================================
debian/patches/0001-ipaplatform-debian-Fix-named-keytab-name.patch
=====================================
@@ -0,0 +1,28 @@
+From 5814a18e99bcea70325d1d3f872d87ec1b91037d Mon Sep 17 00:00:00 2001
+From: Timo Aaltonen <tjaalton at debian.org>
+Date: Sat, 23 Oct 2021 09:36:11 +0300
+Subject: [PATCH] ipaplatform/debian: Fix named keytab name
+
+This was changed in bind9 9.16 packaging
+
+Signed-off-by: Timo Aaltonen <tjaalton at debian.org>
+---
+ ipaplatform/debian/paths.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py
+index ff235a2e9..c596e18c2 100644
+--- a/ipaplatform/debian/paths.py
++++ b/ipaplatform/debian/paths.py
+@@ -36,7 +36,7 @@ class DebianPathNamespace(BasePathNamespace):
+     NAMED_CUSTOM_OPTIONS_CONF = "/etc/bind/ipa-options-ext.conf"
+     NAMED_LOGGING_OPTIONS_CONF = "/etc/bind/ipa-logging-ext.conf"
+     NAMED_VAR_DIR = "/var/cache/bind"
+-    NAMED_KEYTAB = "/etc/bind/named.keytab"
++    NAMED_KEYTAB = "/etc/bind/krb5.keytab"
+     NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+     NAMED_ROOT_KEY = "/etc/bind/bind.keys"
+     NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
+-- 
+2.32.0
+


=====================================
debian/patches/series
=====================================
@@ -8,3 +8,4 @@ dnssec-race-wa.diff
 fix-sssd-socket-activation.diff
 fix-paths.diff
 0001-configure-Use-HTTPD_GROUP-in-init-tmpfiles-ipa.conf..patch
+0001-ipaplatform-debian-Fix-named-keytab-name.patch



View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/-/compare/038c24afcc564a96130f7e4bd1b0a37025067406...9fe1b05eb0aa7f074425c0990e756a6411a773e3

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/-/compare/038c24afcc564a96130f7e4bd1b0a37025067406...9fe1b05eb0aa7f074425c0990e756a6411a773e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20211118/6393377f/attachment-0001.htm>

More information about the Pkg-freeipa-devel mailing list