diff options
| author | Jan Cholasta | 2015-12-11 23:58:11 +0100 |
|---|---|---|
| committer | Jan Cholasta | 2016-08-03 06:58:39 +0200 |
| commit | 616b23b51bcbdb4a87be61397014d072cbc638f6 (patch) | |
| tree | 92e38cb5e186077f94b608a31df18611b98a3d4a | |
| parent | 090d2aac3e33f10f0039bf3b950e149523ccb9a2 (diff) | |
| download | aur-616b23b51bcbdb4a87be61397014d072cbc638f6.tar.gz | |
Update to 4.2.3
| -rw-r--r-- | .SRCINFO | 130 | ||||
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | 0001-Use-Arch-Linux-Paths.patch | 454 | ||||
| -rw-r--r-- | 0002-Add-Arch-Linux-Platform.patch | 151 | ||||
| -rw-r--r-- | 0003-Use-Python-2.patch | 657 | ||||
| -rw-r--r-- | 0004-NTP-Fixes.patch | 38 | ||||
| -rw-r--r-- | 0005-Fix-nss-includes.patch | 40 | ||||
| -rw-r--r-- | 0006-Disable-make-testcert.patch | 24 | ||||
| -rw-r--r-- | 0007-Fix-nosetests-path.patch | 25 | ||||
| -rw-r--r-- | PKGBUILD | 509 | ||||
| -rw-r--r-- | archlinux.patch | 376 | ||||
| -rw-r--r-- | freeipa-client.install | 60 | ||||
| -rw-r--r-- | install.freeipa | 47 | ||||
| -rw-r--r-- | install.freeipa-server | 34 | ||||
| -rwxr-xr-x | sss-auth-setup.py | 2 |
15 files changed, 691 insertions, 1860 deletions
@@ -1,85 +1,89 @@ pkgbase = freeipa - pkgdesc = The Identity, Policy, and Audit system - pkgver = 3.3.5 + pkgdesc = The Identity, Policy and Audit system + pkgver = 4.2.3 pkgrel = 1 url = http://www.freeipa.org/ arch = i686 arch = x86_64 - license = GPL - checkdepends = check - checkdepends = python2-nose - makedepends = curl - makedepends = java-runtime>=7 - makedepends = krb5 - makedepends = libunistring + license = GPL3 makedepends = nspr makedepends = nss makedepends = openssl makedepends = openldap + makedepends = krb5>=1.13 + makedepends = libutil-linux + makedepends = curl>7.21.7 + makedepends = xmlrpc-c>=1.27.4 makedepends = popt makedepends = python2 - makedepends = python2-distribute - makedepends = python2-dnspython - makedepends = python2-kerberos - makedepends = python2-krbv makedepends = python2-ldap - makedepends = python2-lxml - makedepends = python2-memcached - makedepends = python2-m2crypto - makedepends = python2-netaddr + makedepends = python2-setuptools + makedepends = python2-krbv makedepends = python2-nss - makedepends = python2-polib - makedepends = python2-pyasn1 - makedepends = python2-pylint - makedepends = python2-pyopenssl - makedepends = sssd - makedepends = xmlrpc-c - options = !libtool - source = http://www.freeipa.org/downloads/src/freeipa-3.3.5.tar.gz + makedepends = python2-cryptography + makedepends = python2-netaddr + makedepends = python2-kerberos>=1.1 + makedepends = sssd>=1.13.1 + makedepends = python2-memcached + makedepends = python2-lxml + makedepends = python2-pyasn1>=0.0.9a + makedepends = python2-qrcode + makedepends = python2-dnspython>=1.11.1 + makedepends = systemd + makedepends = libunistring + makedepends = python2-yubico>=1.2.3 + source = http://freeipa.org/downloads/src/freeipa-4.2.3.tar.gz source = sss-auth-setup.py - source = 0001-Use-Arch-Linux-Paths.patch - source = 0002-Add-Arch-Linux-Platform.patch - source = 0003-Use-Python-2.patch - source = 0004-NTP-Fixes.patch - source = 0005-Fix-nss-includes.patch - source = 0006-Disable-make-testcert.patch - source = 0007-Fix-nosetests-path.patch - sha512sums = 58325e7a619eeb0170dd32a648f22e50c0df2d7bc0a7609b6f0be3b8328890e5e027ba094fd4970ac063544b4d163f4e07ac62c1b358dba5246e148c2fd830b6 - sha512sums = 5f101692e311205b3706642c6f329459646aaa693683ab2d4847bd8a7f464ef99ec617b0422df8e25ec2a0dc3a68cd9bf54db4bb3013b84844df15160716adc8 - sha512sums = 604927b05f248c6ee8a42c87198a3ab05aa2a98b3a8f4b9ee0352e049d9e59195eac2292b609a9f84b176875cd6640d118f7e5c35f74b042f7e03561aafd2c04 - sha512sums = 7bd0dba218626f27f918b9cf15cf25183a90421ee2c792648f36e6cd75cf09f2ff04e30a9419f6033aa4d640fc1f7dcfa973fec9fc2c74354bb1e609621d449b - sha512sums = 872a172451c436fc916b72bc48733905b4f9298ece39ad737f60790e9fe2da896dfd2255f58d7aeb301c9c19a2bb2078684ca8449f9dec5dcb45fc1f5bda7b30 - sha512sums = a70bcc98ea71e8154e7600d6bf7ed8de6bbb73d31b5ccb0b556a538e9cce78fbd71698e3be6cfa33487226e0e79d6fb8ee78d926259a4543fe4300a6b90b9a09 - sha512sums = 294a6e3a09cada150dd0f21c712f312840a882acb067520b70ebd058cd4ee88863a2a828df63efc190c5608ffb0d71d60253883baddeb7487aec7b3d905abb04 - sha512sums = 5bc0afc21a9a178ace728f902422683502b6cf579585bc8feab42d1f7701e8609468e92265b22c7f1f958f0f175f3287ea011e8f149fb30b231708e15b6eefd2 - sha512sums = 0a79540e0df4e7b0fed8fd378411799fc5b2152795e1938df2ee6935e944517cd8c780740e8aec2f718476f3b5bd0a36113b85add04d4bdb180da5ba80c37c50 + source = archlinux.patch + sha256sums = 7b0e5cb834c6ca36bfe464ec4c6a226e44ce1948edd74b7c4344f43e75d9a133 + sha256sums = 012a11cdc42e0eb072eec3dd988fa910964f355ec2ae6b67ead373ad69e84e3e + sha256sums = 3e237f89fe2d806cdc2e4694233d0e01e01996aa41036dd520b99cb6dae71eed -pkgname = freeipa - install = install.freeipa - depends = autofs - depends = bind - depends = certmonger - depends = curl - depends = cyrus-sasl-gssapi +pkgname = freeipa-python + pkgdesc = Python libraries used by IPA + depends = python2-kerberos>=1.1 depends = gnupg depends = iproute2 - depends = nfs-utils - depends = nfsidmap - depends = nss - depends = ntp - depends = oddjob - depends = pam-krb5 - depends = python2-dnspython - depends = python2-kerberos - depends = python2-krbv - depends = python2-ldap + depends = keyutils + depends = python2-nss>=0.16 + depends = python2-cryptography depends = python2-lxml depends = python2-netaddr - depends = python2-nss - depends = python2-pyopenssl depends = sssd + depends = python2-qrcode>=5.0.0 + depends = python2-pyasn1 + depends = python2-dateutil + depends = python2-yubico>=1.2.3 depends = wget - depends = xmlrpc-c - backup = etc/ipa/default.conf - backup = etc/ipa/ca.crt + depends = python2-dbus + depends = python2-setuptools + +pkgname = freeipa-client + pkgdesc = IPA authentication for use on clients + install = freeipa-client.install + depends = freeipa-python=4.2.3-1 + depends = python2-ldap + depends = cyrus-sasl-gssapi + depends = ntp + depends = krb5 + depends = pam-krb5 + depends = curl>=7.21.7 + depends = xmlrpc-c>=1.27.4 + depends = sssd>=1.13.1 + depends = certmonger>=0.78 + depends = nss + depends = bind-tools + depends = oddjob + depends = python2-krbv + depends = python2-dnspython>=1.11.1 + depends = autofs + depends = nfsidmap + depends = nfs-utils + +pkgname = freeipa-admintools + pkgdesc = IPA administrative tools + depends = freeipa-python=4.2.3-1 + depends = freeipa-client=4.2.3-1 + depends = python2-krbv + depends = python2-ldap diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..c1a848b39cb9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +/*.tar.gz +/*.tar.xz +/pkg/ +/src/ diff --git a/0001-Use-Arch-Linux-Paths.patch b/0001-Use-Arch-Linux-Paths.patch deleted file mode 100644 index c519500596d6..000000000000 --- a/0001-Use-Arch-Linux-Paths.patch +++ /dev/null @@ -1,454 +0,0 @@ -From ba36f963a8eac68990459b1e5fc54413584b4fd1 Mon Sep 17 00:00:00 2001 -From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -Date: Wed, 16 Apr 2014 19:31:08 -0400 -Subject: [PATCH 1/7] Use Arch Linux Paths - ---- - init/systemd/ipa_memcached.service | 2 +- - install/conf/ca_renewal | 2 +- - install/conf/ipa.conf | 2 +- - install/tools/ipa-upgradeconfig | 10 +++++----- - install/tools/man/ipa-upgradeconfig.8 | 2 +- - ipa-client/ipa-install/ipa-client-automount | 4 ++-- - ipa-client/ipa-install/ipa-client-install | 2 +- - ipa-client/ipaclient/ntpconf.py | 2 +- - ipa-client/man/ipa-client-automount.1 | 4 ++-- - ipa-client/man/ipa-client-install.1 | 2 +- - ipapython/certmonger.py | 2 +- - ipapython/platform/base/systemd.py | 22 +++++++++++----------- - ipaserver/install/cainstance.py | 2 +- - ipaserver/install/httpinstance.py | 26 +++++++++++++------------- - ipaserver/install/ipa_backup.py | 10 +++++----- - ipaserver/install/ntpinstance.py | 6 +++--- - 16 files changed, 50 insertions(+), 50 deletions(-) - -diff --git a/init/systemd/ipa_memcached.service b/init/systemd/ipa_memcached.service -index a4857cd..2f73f39 100644 ---- a/init/systemd/ipa_memcached.service -+++ b/init/systemd/ipa_memcached.service -@@ -4,7 +4,7 @@ After=network.target - - [Service] - Type=forking --EnvironmentFile=/etc/sysconfig/ipa_memcached -+EnvironmentFile=/etc/conf.d/ipa_memcached.conf - PIDFile=/var/run/ipa_memcached/ipa_memcached.pid - ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS - -diff --git a/install/conf/ca_renewal b/install/conf/ca_renewal -index 57a9e9c..449e2de 100644 ---- a/install/conf/ca_renewal -+++ b/install/conf/ca_renewal -@@ -3,4 +3,4 @@ - id=dogtag-ipa-retrieve-agent-submit - ca_is_default=0 - ca_type=EXTERNAL --ca_external_helper=/usr/libexec/certmonger/dogtag-ipa-retrieve-agent-submit -+ca_external_helper=/usr/lib/certmonger/certmonger/dogtag-ipa-retrieve-agent-submit -diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf -index 1a33f62..8184f8a 100644 ---- a/install/conf/ipa.conf -+++ b/install/conf/ipa.conf -@@ -36,7 +36,7 @@ Header unset ETag - FileETag None - - # FIXME: WSGISocketPrefix is a server-scope directive. The mod_wsgi package --# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf: -+# should really be fixed by adding this its /etc/httpd/conf/extra/wsgi.conf: - WSGISocketPrefix /run/httpd/wsgi - - -diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig -index 41c5126..c565d27 100644 ---- a/install/tools/ipa-upgradeconfig -+++ b/install/tools/ipa-upgradeconfig -@@ -112,7 +112,7 @@ def update_conf(sub_dict, filename, template_filename): - - def find_hostname(): - """Find the hostname currently configured in ipa-rewrite.conf""" -- filename="/etc/httpd/conf.d/ipa-rewrite.conf" -+ filename="/etc/httpd/conf/extra/ipa-rewrite.conf" - - if not ipautil.file_exists(filename): - return None -@@ -135,7 +135,7 @@ def find_autoredirect(fqdn): - - Returns True if autoredirect is enabled, False otherwise - """ -- filename = '/etc/httpd/conf.d/ipa-rewrite.conf' -+ filename = '/etc/httpd/conf/extra/ipa-rewrite.conf' - if os.path.exists(filename): - pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn - p = re.compile(pattern) -@@ -1030,9 +1030,9 @@ def main(): - certmap_dir = dsinstance.config_dirname( - dsinstance.realm_to_serverid(api.env.realm)) - -- upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") -- upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") -- upgrade(sub_dict, "/etc/httpd/conf.d/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True) -+ upgrade(sub_dict, "/etc/httpd/conf/extra/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") -+ upgrade(sub_dict, "/etc/httpd/conf/extra/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") -+ upgrade(sub_dict, "/etc/httpd/conf/extra/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True) - if subject_base: - upgrade( - sub_dict, -diff --git a/install/tools/man/ipa-upgradeconfig.8 b/install/tools/man/ipa-upgradeconfig.8 -index 43e2ab9..48bc1b6 100644 ---- a/install/tools/man/ipa-upgradeconfig.8 -+++ b/install/tools/man/ipa-upgradeconfig.8 -@@ -24,7 +24,7 @@ ipa\-upgradeconfig - .SH "DESCRIPTION" - A tool to update the IPA Apache configuration during an upgrade. - --It examines the VERSION value in the head of \fI/etc/httpd/conf.d/ipa.conf\fR and \fI/etc/httpd/conf.d/ipa\-rewrite.conf\fR and compares this with the templates. If an update is needed then new files are written. -+It examines the VERSION value in the head of \fI/etc/httpd/conf/extra/ipa.conf\fR and \fI/etc/httpd/conf/extra/ipa\-rewrite.conf\fR and compares this with the templates. If an update is needed then new files are written. - - It also will convert a CA configured to be accessible via ports 9443, 9444, 9445 and 9446 to be proxied by the IPA web server on ports 80 and 443. - -diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount -index 62531bf..000de4e 100755 ---- a/ipa-client/ipa-install/ipa-client-automount -+++ b/ipa-client/ipa-install/ipa-client-automount -@@ -39,10 +39,10 @@ from ipapython.ipa_log_manager import * - from ipapython.dn import DN - from ipapython import services as ipaservices - --AUTOFS_CONF = '/etc/sysconfig/autofs' -+AUTOFS_CONF = '/etc/conf.d/autofs' - NSSWITCH_CONF = '/etc/nsswitch.conf' - AUTOFS_LDAP_AUTH = '/etc/autofs_ldap_auth.conf' --NFS_CONF = '/etc/sysconfig/nfs' -+NFS_CONF = '/etc/conf.d/nfs' - IDMAPD_CONF = '/etc/idmapd.conf' - - def parse_options(): -diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install -index afed54e..0f42e4b 100755 ---- a/ipa-client/ipa-install/ipa-client-install -+++ b/ipa-client/ipa-install/ipa-client-install -@@ -603,7 +603,7 @@ def uninstall(options, env): - # to this version but not unenrolled/enrolled again - # In such case it is OK to fail - restored = fstore.restore_file("/etc/ntp.conf") -- restored |= fstore.restore_file("/etc/sysconfig/ntpd") -+ restored |= fstore.restore_file("/etc/conf.d/ntpd.conf") - if ntp_step_tickers: - restored |= fstore.restore_file("/etc/ntp/step-tickers") - except Exception: -diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py -index 8c4c653..7c95a46 100644 ---- a/ipa-client/ipaclient/ntpconf.py -+++ b/ipa-client/ipaclient/ntpconf.py -@@ -98,7 +98,7 @@ def __write_config(path, content): - def config_ntp(server_fqdn, fstore = None, sysstore = None): - path_step_tickers = "/etc/ntp/step-tickers" - path_ntp_conf = "/etc/ntp.conf" -- path_ntp_sysconfig = "/etc/sysconfig/ntpd" -+ path_ntp_sysconfig = "/etc/conf.d/ntpd.conf" - sub_dict = { } - sub_dict["SERVER"] = server_fqdn - -diff --git a/ipa-client/man/ipa-client-automount.1 b/ipa-client/man/ipa-client-automount.1 -index 5b60503..16ccbea 100644 ---- a/ipa-client/man/ipa-client-automount.1 -+++ b/ipa-client/man/ipa-client-automount.1 -@@ -29,7 +29,7 @@ The automount configuration consists of three files: - .IP o - /etc/nsswitch.conf - .IP o --/etc/sysconfig/autofs -+/etc/conf.d/autofs - .IP o - /etc/autofs_ldap_auth.conf - -@@ -79,7 +79,7 @@ Files that will be configured when SSSD is the automount client (default): - .TP - Files that will be configured when using the ldap automount client: - --/etc/sysconfig/autofs -+/etc/conf.d/autofs - - /etc/autofs_ldap_auth.conf - -diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 -index 3496ee3..38df29f 100644 ---- a/ipa-client/man/ipa-client-install.1 -+++ b/ipa-client/man/ipa-client-install.1 -@@ -202,7 +202,7 @@ Files that will be replaced if they exist and SSSD is not configured (\-\-no\-ss - Files replaced if NTP is enabled: - - /etc/ntp.conf\p --/etc/sysconfig/ntpd\p -+/etc/conf.d/ntpd.conf\p - /etc/ntp/step\-tickers\p - .TP - Files always created (replacing existing content): -diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py -index 03f4b23..7401ae0 100644 ---- a/ipapython/certmonger.py -+++ b/ipapython/certmonger.py -@@ -298,7 +298,7 @@ def add_principal_to_cas(principal): - If the hostname we were passed to use in ipa-client-install doesn't - match the value of gethostname() then we need to append - -k host/HOSTNAME@REALM to the ca helper defined for -- /usr/libexec/certmonger/ipa-submit. -+ /usr/lib/certmonger/certmonger/ipa-submit. - - We also need to restore this on uninstall. - -diff --git a/ipapython/platform/base/systemd.py b/ipapython/platform/base/systemd.py -index f122018..6f4f6d7 100644 ---- a/ipapython/platform/base/systemd.py -+++ b/ipapython/platform/base/systemd.py -@@ -25,7 +25,7 @@ from ipalib import api - - class SystemdService(base.PlatformService): - SYSTEMD_ETC_PATH = "/etc/systemd/system/" -- SYSTEMD_LIB_PATH = "/lib/systemd/system/" -+ SYSTEMD_LIB_PATH = "/usr/lib/systemd/system/" - SYSTEMD_SRV_TARGET = "%s.target.wants" - - def __init__(self, service_name, systemd_name): -@@ -98,7 +98,7 @@ class SystemdService(base.PlatformService): - - def stop(self, instance_name="", capture_output=True): - instance = self.service_instance(instance_name) -- args = ["/bin/systemctl", "stop", instance] -+ args = ["/usr/bin/systemctl", "stop", instance] - - # The --ignore-dependencies switch is used to avoid possible - # deadlock during the shutdown transaction. For more details, see -@@ -116,7 +116,7 @@ class SystemdService(base.PlatformService): - super(SystemdService, self).stop(instance_name,update_service_list=update_service_list) - - def start(self, instance_name="", capture_output=True, wait=True): -- ipautil.run(["/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output) -+ ipautil.run(["/usr/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output) - if 'context' in api.env and api.env.context in ['ipactl', 'installer']: - update_service_list = True - else: -@@ -128,7 +128,7 @@ class SystemdService(base.PlatformService): - def restart(self, instance_name="", capture_output=True, wait=True): - # Restart command is broken before systemd-36-3.fc16 - # If you have older systemd version, restart of dependent services will hang systemd indefinetly -- ipautil.run(["/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) -+ ipautil.run(["/usr/bin/systemctl", "restart", self.service_instance(instance_name)], capture_output=capture_output) - if wait and self.is_running(instance_name): - self.__wait_for_open_ports(self.service_instance(instance_name)) - -@@ -138,7 +138,7 @@ class SystemdService(base.PlatformService): - while True: - try: - (sout, serr, rcode) = ipautil.run( -- ["/bin/systemctl", "is-active", instance], -+ ["/usr/bin/systemctl", "is-active", instance], - capture_output=True - ) - except ipautil.CalledProcessError as e: -@@ -158,7 +158,7 @@ class SystemdService(base.PlatformService): - def is_installed(self): - installed = True - try: -- (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "list-unit-files", "--full"]) -+ (sout,serr,rcode) = ipautil.run(["/usr/bin/systemctl", "list-unit-files", "--full"]) - if rcode != 0: - installed = False - else: -@@ -173,7 +173,7 @@ class SystemdService(base.PlatformService): - def is_enabled(self, instance_name=""): - enabled = True - try: -- (sout,serr,rcode) = ipautil.run(["/bin/systemctl", "is-enabled", self.service_instance(instance_name)]) -+ (sout,serr,rcode) = ipautil.run(["/usr/bin/systemctl", "is-enabled", self.service_instance(instance_name)]) - if rcode != 0: - enabled = False - except ipautil.CalledProcessError, e: -@@ -218,7 +218,7 @@ class SystemdService(base.PlatformService): - # Link exists and it is broken, make new one - os.unlink(srv_lnk) - os.symlink(self.lib_path, srv_lnk) -- ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) -+ ipautil.run(["/usr/bin/systemctl", "--system", "daemon-reload"]) - except: - pass - else: -@@ -236,7 +236,7 @@ class SystemdService(base.PlatformService): - if ipautil.dir_exists(srv_tgt): - if os.path.islink(srv_lnk): - os.unlink(srv_lnk) -- ipautil.run(["/bin/systemctl", "--system", "daemon-reload"]) -+ ipautil.run(["/usr/bin/systemctl", "--system", "daemon-reload"]) - except: - pass - else: -@@ -244,13 +244,13 @@ class SystemdService(base.PlatformService): - - def __enable(self, instance_name=""): - try: -- ipautil.run(["/bin/systemctl", "enable", self.service_instance(instance_name)]) -+ ipautil.run(["/usr/bin/systemctl", "enable", self.service_instance(instance_name)]) - except ipautil.CalledProcessError, e: - pass - - def __disable(self, instance_name=""): - try: -- ipautil.run(["/bin/systemctl", "disable", self.service_instance(instance_name)]) -+ ipautil.run(["/usr/bin/systemctl", "disable", self.service_instance(instance_name)]) - except ipautil.CalledProcessError, e: - pass - -diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py -index 126bbae..a1f729e 100644 ---- a/ipaserver/install/cainstance.py -+++ b/ipaserver/install/cainstance.py -@@ -57,7 +57,7 @@ from ipaserver.install.installutils import stopped_service - from ipaserver.plugins import ldap2 - from ipapython.ipa_log_manager import * - --HTTPD_CONFD = "/etc/httpd/conf.d/" -+HTTPD_CONFD = "/etc/httpd/conf/extra/" - DEFAULT_DSPORT = dogtag.install_constants.DS_PORT - - PKI_USER = "pkiuser" -diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py -index 689e657..d4a3252 100644 ---- a/ipaserver/install/httpinstance.py -+++ b/ipaserver/install/httpinstance.py -@@ -37,8 +37,8 @@ from ipaserver.install import sysupgrade - from ipalib import api - - HTTPD_DIR = "/etc/httpd" --SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf" --NSS_CONF = HTTPD_DIR + "/conf.d/nss.conf" -+SSL_CONF = HTTPD_DIR + "/conf/extra/ssl.conf" -+NSS_CONF = HTTPD_DIR + "/conf/extra/nss.conf" - - selinux_warning = """ - WARNING: could not set selinux boolean(s) %(var)s to true. The web -@@ -223,7 +223,7 @@ class HTTPInstance(service.Service): - def configure_httpd_ccache(self): - pent = pwd.getpwnam("apache") - ccache = '/tmp/krb5cc_%d' % pent.pw_uid -- filepath = '/etc/sysconfig/httpd' -+ filepath = '/etc/conf.d/apache' - if not os.path.exists(filepath): - # file doesn't exist; create it with correct ownership & mode - open(filepath, 'a').close() -@@ -237,17 +237,17 @@ class HTTPInstance(service.Service): - ipaservices.restore_context(filepath) - - def __configure_http(self): -- target_fname = '/etc/httpd/conf.d/ipa.conf' -+ target_fname = '/etc/httpd/conf/extra/ipa.conf' - http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict) -- self.fstore.backup_file("/etc/httpd/conf.d/ipa.conf") -+ self.fstore.backup_file("/etc/httpd/conf/extra/ipa.conf") - http_fd = open(target_fname, "w") - http_fd.write(http_txt) - http_fd.close() - os.chmod(target_fname, 0644) - -- target_fname = '/etc/httpd/conf.d/ipa-rewrite.conf' -+ target_fname = '/etc/httpd/conf/extra/ipa-rewrite.conf' - http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa-rewrite.conf", self.sub_dict) -- self.fstore.backup_file("/etc/httpd/conf.d/ipa-rewrite.conf") -+ self.fstore.backup_file("/etc/httpd/conf/extra/ipa-rewrite.conf") - http_fd = open(target_fname, "w") - http_fd.write(http_txt) - http_fd.close() -@@ -285,8 +285,8 @@ class HTTPInstance(service.Service): - - def __add_include(self): - """This should run after __set_mod_nss_port so is already backed up""" -- if installutils.update_file(NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0: -- print "Adding Include conf.d/ipa-rewrite to %s failed." % NSS_CONF -+ if installutils.update_file(NSS_CONF, '</VirtualHost>', 'Include conf/extra/ipa-rewrite.conf\n</VirtualHost>') != 0: -+ print "Adding Include conf/extra/ipa-rewrite to %s failed." % NSS_CONF - - def __setup_ssl(self): - fqdn = self.fqdn -@@ -425,7 +425,7 @@ class HTTPInstance(service.Service): - if not enabled is None and not enabled: - self.disable() - -- for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]: -+ for f in ["/etc/httpd/conf/extra/ipa.conf", SSL_CONF, NSS_CONF]: - try: - self.fstore.restore_file(f) - except ValueError, error: -@@ -433,9 +433,9 @@ class HTTPInstance(service.Service): - pass - - # Remove the configuration files we create -- installutils.remove_file("/etc/httpd/conf.d/ipa-rewrite.conf") -- installutils.remove_file("/etc/httpd/conf.d/ipa.conf") -- installutils.remove_file("/etc/httpd/conf.d/ipa-pki-proxy.conf") -+ installutils.remove_file("/etc/httpd/conf/extra/ipa-rewrite.conf") -+ installutils.remove_file("/etc/httpd/conf/extra/ipa.conf") -+ installutils.remove_file("/etc/httpd/conf/extra/ipa-pki-proxy.conf") - - for var in ["httpd_can_network_connect", "httpd_manage_ipa"]: - sebool_state = self.restore_state(var) -diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py -index 12c6215..1fb8334 100644 ---- a/ipaserver/install/ipa_backup.py -+++ b/ipaserver/install/ipa_backup.py -@@ -126,7 +126,7 @@ class Backup(admintool.AdminTool): - '/etc/sysconfig/pki-ca', - '/etc/sysconfig/pki-tomcat', - '/etc/sysconfig/dirsrv', -- '/etc/sysconfig/ntpd', -+ '/etc/conf.d/ntpd.conf', - '/etc/sysconfig/krb5kdc', - '/etc/sysconfig/pki/ca/pki-ca', - '/etc/sysconfig/authconfig', -@@ -140,10 +140,10 @@ class Backup(admintool.AdminTool): - '/etc/security/limits.conf', - '/etc/httpd/conf/password.conf', - '/etc/httpd/conf/ipa.keytab', -- '/etc/httpd/conf.d/ipa-pki-proxy.conf', -- '/etc/httpd/conf.d/ipa-rewrite.conf', -- '/etc/httpd/conf.d/nss.conf', -- '/etc/httpd/conf.d/ipa.conf', -+ '/etc/httpd/conf/extra/ipa-pki-proxy.conf', -+ '/etc/httpd/conf/extra/ipa-rewrite.conf', -+ '/etc/httpd/conf/extra/nss.conf', -+ '/etc/httpd/conf/extra/ipa.conf', - '/etc/ssh/sshd_config', - '/etc/ssh/ssh_config', - '/etc/krb5.conf', -diff --git a/ipaserver/install/ntpinstance.py b/ipaserver/install/ntpinstance.py -index f2e8ffe..00615b9 100644 ---- a/ipaserver/install/ntpinstance.py -+++ b/ipaserver/install/ntpinstance.py -@@ -35,7 +35,7 @@ class NTPInstance(service.Service): - def __write_config(self): - - self.fstore.backup_file("/etc/ntp.conf") -- self.fstore.backup_file("/etc/sysconfig/ntpd") -+ self.fstore.backup_file("/etc/conf.d/ntpd.conf") - - # We use the OS variable to point it towards either the rhel - # or fedora pools. Other distros should be added in the future -@@ -99,7 +99,7 @@ class NTPInstance(service.Service): - #read in memory, find OPTIONS, check/change it, then overwrite file - needopts = [ {'val':'-x', 'need':True}, - {'val':'-g', 'need':True} ] -- fd = open("/etc/sysconfig/ntpd", "r") -+ fd = open("/etc/conf.d/ntpd.conf", "r") - lines = fd.readlines() - fd.close() - for line in lines: -@@ -118,7 +118,7 @@ class NTPInstance(service.Service): - - done = False - if newopts: -- fd = open("/etc/sysconfig/ntpd", "w") -+ fd = open("/etc/conf.d/ntpd.conf", "w") - for line in lines: - if not done: - sline = line.strip() --- -1.9.2 - diff --git a/0002-Add-Arch-Linux-Platform.patch b/0002-Add-Arch-Linux-Platform.patch deleted file mode 100644 index 01c43d44b598..000000000000 --- a/0002-Add-Arch-Linux-Platform.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 5d78b9364c98435b5f3ee54a27c6c9294366c476 Mon Sep 17 00:00:00 2001 -From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -Date: Wed, 16 Apr 2014 19:32:33 -0400 -Subject: [PATCH 2/7] Add Arch Linux Platform - ---- - ipapython/platform/archlinux/__init__.py | 40 ++++++++++++++++++++++++++++++++ - ipapython/platform/archlinux/auth.py | 17 ++++++++++++++ - ipapython/platform/fedora16/service.py | 8 +++---- - ipapython/platform/fedora18/__init__.py | 2 +- - ipapython/setup.py | 1 + - ipapython/setup.py.in | 1 + - 6 files changed, 64 insertions(+), 5 deletions(-) - create mode 100644 ipapython/platform/archlinux/__init__.py - create mode 100644 ipapython/platform/archlinux/auth.py - -diff --git a/ipapython/platform/archlinux/__init__.py b/ipapython/platform/archlinux/__init__.py -new file mode 100644 -index 0000000..2b77bcc ---- /dev/null -+++ b/ipapython/platform/archlinux/__init__.py -@@ -0,0 +1,40 @@ -+import os -+ -+from ipapython.platform import fedora18, base -+from ipapython.platform.archlinux.auth import ArchLinuxAuthConfig -+ -+# All what we allow exporting directly from this module -+# Everything else is made available through these symbols when they are -+# directly imported into ipapython.services: -+# authconfig -- class reference for platform-specific implementation of -+# authconfig(8) -+# service -- class reference for platform-specific implementation of a -+# PlatformService class -+# knownservices -- factory instance to access named services IPA cares about, -+# names are ipapython.services.wellknownservices -+# backup_and_replace_hostname -- platform-specific way to set hostname and -+# make it persistent over reboots -+# restore_network_configuration -- platform-specific way of restoring network -+# configuration (e.g. static hostname) -+# restore_context -- platform-sepcific way to restore security context, if -+# applicable -+# check_selinux_status -- platform-specific way to see if SELinux is enabled -+# and restorecon is installed. -+__all__ = ['authconfig', 'service', 'knownservices', -+ 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', -+ 'restore_network_configuration', 'timedate_services'] -+ -+# Just copy a referential list of timedate services -+timedate_services = list(base.timedate_services) -+ -+def restore_network_configuration(fstore, statestore): -+ filepath = '/etc/hostname' -+ if fstore.has_file(filepath): -+ fstore.restore_file(filepath) -+ -+authconfig = ArchLinuxAuthConfig -+service = fedora18.service -+knownservices = fedora18.knownservices -+backup_and_replace_hostname = fedora18.backup_and_replace_hostname -+restore_context = fedora18.restore_context -+check_selinux_status = fedora18.check_selinux_status -diff --git a/ipapython/platform/archlinux/auth.py b/ipapython/platform/archlinux/auth.py -new file mode 100644 -index 0000000..67ee063 ---- /dev/null -+++ b/ipapython/platform/archlinux/auth.py -@@ -0,0 +1,17 @@ -+from ipapython.platform import base -+ -+class ArchLinuxAuthConfig(base.AuthConfig): -+ """ -+ Arch Linux implementation of the AuthConfig class. -+ -+ The freeipa package includes a sss-auth-setup.py Python 3 script which will -+ set up both the NSS and PAM configuration. However, this script modifies the -+ PAM configuration files directly, so the changes need to be undone before -+ pacman updates anything in /etc/pam.d/ and if any new configuration files -+ are added. -+ -+ It's probably best to have this handled manually. -+ """ -+ -+ def execute(self): -+ raise NotImplementedError -diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py -index edf2d7f..7523761 100644 ---- a/ipapython/platform/fedora16/service.py -+++ b/ipapython/platform/fedora16/service.py -@@ -32,8 +32,8 @@ from ipalib import api - # mapping will be kept in this dictionary - system_units = dict(map(lambda x: (x, "%s.service" % (x)), base.wellknownservices)) - --system_units['rpcgssd'] = 'nfs-secure.service' --system_units['rpcidmapd'] = 'nfs-idmap.service' -+system_units['rpcgssd'] = 'rpc-gssd.service' -+system_units['rpcidmapd'] = 'rpc-idmapd.service' - - # Rewrite dirsrv and pki-tomcatd services as they support instances via separate - # service generator. To make this working, one needs to have both foo@.servic -@@ -144,8 +144,8 @@ class Fedora16CAService(Fedora16Service): - # false positives, so check for existence of our configuration file. - # TODO: Use a cleaner solution - use_proxy = True -- if not (os.path.exists('/etc/httpd/conf.d/ipa.conf') and -- os.path.exists('/etc/httpd/conf.d/ipa-pki-proxy.conf')): -+ if not (os.path.exists('/etc/httpd/conf/extra/ipa.conf') and -+ os.path.exists('/etc/httpd/conf/extra/ipa-pki-proxy.conf')): - root_logger.debug( - 'The httpd proxy is not installed, wait on local port') - use_proxy = False -diff --git a/ipapython/platform/fedora18/__init__.py b/ipapython/platform/fedora18/__init__.py -index d12bdca..2ac882c 100644 ---- a/ipapython/platform/fedora18/__init__.py -+++ b/ipapython/platform/fedora18/__init__.py -@@ -52,7 +52,7 @@ timedate_services = list(base.timedate_services) - def backup_and_replace_hostname(fstore, statestore, hostname): - old_hostname = socket.gethostname() - try: -- ipautil.run(['/bin/hostname', hostname]) -+ ipautil.run(['/usr/bin/hostname', hostname]) - except ipautil.CalledProcessError, e: - print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) - -diff --git a/ipapython/setup.py b/ipapython/setup.py -index cb24eee..cffbf6e 100644 ---- a/ipapython/setup.py -+++ b/ipapython/setup.py -@@ -68,6 +68,7 @@ def setup_package(): - packages = [ "ipapython", - "ipapython.platform", - "ipapython.platform.base", -+ "ipapython.platform.archlinux", - "ipapython.platform.fedora16", - "ipapython.platform.fedora18", - "ipapython.platform.redhat" ], -diff --git a/ipapython/setup.py.in b/ipapython/setup.py.in -index d3bbcaf..c7c6845 100644 ---- a/ipapython/setup.py.in -+++ b/ipapython/setup.py.in -@@ -68,6 +68,7 @@ def setup_package(): - packages = [ "ipapython", - "ipapython.platform", - "ipapython.platform.base", -+ "ipapython.platform.archlinux", - "ipapython.platform.fedora16", - "ipapython.platform.fedora18", - "ipapython.platform.redhat" ], --- -1.9.2 - diff --git a/0003-Use-Python-2.patch b/0003-Use-Python-2.patch deleted file mode 100644 index f948ee2973cc..000000000000 --- a/0003-Use-Python-2.patch +++ /dev/null @@ -1,657 +0,0 @@ -From df24bf0bad4a41262217e6864c76eae7e09d7bc8 Mon Sep 17 00:00:00 2001 -From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -Date: Wed, 16 Apr 2014 19:32:58 -0400 -Subject: [PATCH 3/7] Use Python 2 - ---- - checks/check-ra.py | 2 +- - contrib/RHEL4/ipa-client-setup | 2 +- - contrib/RHEL4/setup.py | 2 +- - daemons/ipa-otpd/test.py | 2 +- - doc/examples/python-api.py | 2 +- - install/certmonger/dogtag-ipa-retrieve-agent-submit | 2 +- - install/po/pygettext.py | 2 +- - install/restart_scripts/renew_ca_cert | 2 +- - install/restart_scripts/renew_ra_cert | 2 +- - install/restart_scripts/restart_dirsrv | 2 +- - install/restart_scripts/restart_httpd | 2 +- - install/restart_scripts/restart_pkicad | 2 +- - install/restart_scripts/stop_pkicad | 2 +- - install/share/copy-schema-to-ca.py | 2 +- - install/tools/ipa-adtrust-install | 2 +- - install/tools/ipa-advise | 2 +- - install/tools/ipa-backup | 2 +- - install/tools/ipa-ca-install | 2 +- - install/tools/ipa-compat-manage | 2 +- - install/tools/ipa-csreplica-manage | 2 +- - install/tools/ipa-dns-install | 2 +- - install/tools/ipa-ldap-updater | 2 +- - install/tools/ipa-managed-entries | 2 +- - install/tools/ipa-nis-manage | 2 +- - install/tools/ipa-replica-conncheck | 2 +- - install/tools/ipa-replica-install | 2 +- - install/tools/ipa-replica-manage | 2 +- - install/tools/ipa-replica-prepare | 2 +- - install/tools/ipa-restore | 2 +- - install/tools/ipa-server-certinstall | 2 +- - install/tools/ipa-server-install | 2 +- - install/tools/ipa-upgradeconfig | 2 +- - install/tools/ipactl | 2 +- - ipa | 2 +- - ipa-client/ipa-install/ipa-client-automount | 2 +- - ipa-client/ipa-install/ipa-client-install | 2 +- - ipapython/Makefile | 8 ++++---- - ipapython/py_default_encoding/Makefile | 8 ++++---- - ipapython/setup.py.in | 2 +- - ipapython/test/test_ipautil.py | 2 +- - ipapython/test/test_ipavalidate.py | 2 +- - ipaserver/install/ipa_server_certinstall.py | 2 +- - ipatests/i18n.py | 2 +- - ipatests/ipa-run-tests | 2 +- - ipatests/ipa-test-config | 2 +- - ipatests/ipa-test-task | 2 +- - ipatests/setup.py.in | 2 +- - ipatests/test_ipapython/test_dn.py | 2 +- - lite-server.py | 2 +- - make-lint | 4 ++-- - make-test | 2 +- - make-testcert | 2 +- - makeapi | 2 +- - setup-client.py | 2 +- - setup.py | 2 +- - 55 files changed, 62 insertions(+), 62 deletions(-) - -diff --git a/checks/check-ra.py b/checks/check-ra.py -index 13a4126..a1df50b 100755 ---- a/checks/check-ra.py -+++ b/checks/check-ra.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: - # Jason Gerard DeRose <jderose@redhat.com> - # John Dennis <jdennis@redhat.com> -diff --git a/contrib/RHEL4/ipa-client-setup b/contrib/RHEL4/ipa-client-setup -index 4d1fead..d8f78c1 100644 ---- a/contrib/RHEL4/ipa-client-setup -+++ b/contrib/RHEL4/ipa-client-setup -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Simo Sorce <ssorce@redhat.com> - # Karl MacMillan <kmacmillan@mentalrootkit.com> - # -diff --git a/contrib/RHEL4/setup.py b/contrib/RHEL4/setup.py -index f535875..5d34930 100644 ---- a/contrib/RHEL4/setup.py -+++ b/contrib/RHEL4/setup.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Copyright (C) 2007 Red Hat - # see file 'COPYING' for use and warranty information - # -diff --git a/daemons/ipa-otpd/test.py b/daemons/ipa-otpd/test.py -index d748c82..824f8a2 100644 ---- a/daemons/ipa-otpd/test.py -+++ b/daemons/ipa-otpd/test.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # - # FreeIPA 2FA companion daemon - # -diff --git a/doc/examples/python-api.py b/doc/examples/python-api.py -index 60578e8..9f315fc 100755 ---- a/doc/examples/python-api.py -+++ b/doc/examples/python-api.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: - # Jason Gerard DeRose <jderose@redhat.com> - # -diff --git a/install/certmonger/dogtag-ipa-retrieve-agent-submit b/install/certmonger/dogtag-ipa-retrieve-agent-submit -index 70cbd82..973af26 100644 ---- a/install/certmonger/dogtag-ipa-retrieve-agent-submit -+++ b/install/certmonger/dogtag-ipa-retrieve-agent-submit -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/po/pygettext.py b/install/po/pygettext.py -index 5293ebf..4e4212e 100755 ---- a/install/po/pygettext.py -+++ b/install/po/pygettext.py -@@ -1,4 +1,4 @@ --#! /usr/bin/python -+#! /usr/bin/python2 - # -*- coding: iso-8859-1 -*- - # Originally written by Barry Warsaw <barry@zope.com> - # -diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert -index b10e4b8..da2253b 100644 ---- a/install/restart_scripts/renew_ca_cert -+++ b/install/restart_scripts/renew_ca_cert -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert -index e541e4b..919f8fc 100644 ---- a/install/restart_scripts/renew_ra_cert -+++ b/install/restart_scripts/renew_ra_cert -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/restart_scripts/restart_dirsrv b/install/restart_scripts/restart_dirsrv -index a9bb897..9b22d08 100644 ---- a/install/restart_scripts/restart_dirsrv -+++ b/install/restart_scripts/restart_dirsrv -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/restart_scripts/restart_httpd b/install/restart_scripts/restart_httpd -index 96f80bd..16a41ee 100644 ---- a/install/restart_scripts/restart_httpd -+++ b/install/restart_scripts/restart_httpd -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad -index f840aeb..9a3d480 100644 ---- a/install/restart_scripts/restart_pkicad -+++ b/install/restart_scripts/restart_pkicad -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/restart_scripts/stop_pkicad b/install/restart_scripts/stop_pkicad -index bbaf889..c275eae 100644 ---- a/install/restart_scripts/stop_pkicad -+++ b/install/restart_scripts/stop_pkicad -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/share/copy-schema-to-ca.py b/install/share/copy-schema-to-ca.py -index 1888f12..a5646cd 100755 ---- a/install/share/copy-schema-to-ca.py -+++ b/install/share/copy-schema-to-ca.py -@@ -1,4 +1,4 @@ --#! /usr/bin/python -+#! /usr/bin/python2 - - """Copy the IPA schema to the CA directory server instance - -diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install -index fe86a94..e81d0ec 100755 ---- a/install/tools/ipa-adtrust-install -+++ b/install/tools/ipa-adtrust-install -@@ -1,4 +1,4 @@ --#! /usr/bin/python -+#! /usr/bin/python2 - # - # Authors: Sumit Bose <sbose@redhat.com> - # Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com> -diff --git a/install/tools/ipa-advise b/install/tools/ipa-advise -index 4ec3c48..6d0d9b9 100755 ---- a/install/tools/ipa-advise -+++ b/install/tools/ipa-advise -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Tomas Babej <tbabej@redhat.com> - # - # Copyright (C) 2013 Red Hat -diff --git a/install/tools/ipa-backup b/install/tools/ipa-backup -index 5bcaa1d..bcdcb30 100755 ---- a/install/tools/ipa-backup -+++ b/install/tools/ipa-backup -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Rob Crittenden <rcritten@redhat.com> - # - # Copyright (C) 2013 Red Hat -diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install -index bb3e595..26f6993 100755 ---- a/install/tools/ipa-ca-install -+++ b/install/tools/ipa-ca-install -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Rob Crittenden <rcritten@redhat.com> - # - # Copyright (C) 2011 Red Hat -diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage -index 7061a3e..bdfb718 100755 ---- a/install/tools/ipa-compat-manage -+++ b/install/tools/ipa-compat-manage -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: Rob Crittenden <rcritten@redhat.com> - # Authors: Simo Sorce <ssorce@redhat.com> - # -diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage -index ce027be..f2490b9 100755 ---- a/install/tools/ipa-csreplica-manage -+++ b/install/tools/ipa-csreplica-manage -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Rob Crittenden <rcritten@redhat.com> - # - # Based on ipa-replica-manage by Karl MacMillan <kmacmillan@mentalrootkit.com> -diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install -index 37a07f8..d87007d 100755 ---- a/install/tools/ipa-dns-install -+++ b/install/tools/ipa-dns-install -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Martin Nagy <mnagy@redhat.com> - # Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com> - # -diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater -index 0fc5a5b..98081d7 100755 ---- a/install/tools/ipa-ldap-updater -+++ b/install/tools/ipa-ldap-updater -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: Rob Crittenden <rcritten@redhat.com> - # - # Copyright (C) 2008 Red Hat -diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries -index 2cf37e2..6baae74 100755 ---- a/install/tools/ipa-managed-entries -+++ b/install/tools/ipa-managed-entries -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: Jr Aquino <jr.aquino@citrix.com> - # - # Copyright (C) 2011 Red Hat -diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage -index 71c0761..3320be7 100755 ---- a/install/tools/ipa-nis-manage -+++ b/install/tools/ipa-nis-manage -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: Rob Crittenden <rcritten@redhat.com> - # Authors: Simo Sorce <ssorce@redhat.com> - # -diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck -index c861e30..2c92eb9 100755 ---- a/install/tools/ipa-replica-conncheck -+++ b/install/tools/ipa-replica-conncheck -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Martin Kosek <mkosek@redhat.com> - # - # Copyright (C) 2011 Red Hat -diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install -index 4418b41..512a4fb 100755 ---- a/install/tools/ipa-replica-install -+++ b/install/tools/ipa-replica-install -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> - # - # Copyright (C) 2007 Red Hat -diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage -index 8e0948e..b768ea4 100755 ---- a/install/tools/ipa-replica-manage -+++ b/install/tools/ipa-replica-manage -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> - # - # Copyright (C) 2007 Red Hat -diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare -index 21df341..4f37b4b 100755 ---- a/install/tools/ipa-replica-prepare -+++ b/install/tools/ipa-replica-prepare -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Petr Viktorin <pviktori@redhat.com> - # - # Copyright (C) 2012 Red Hat -diff --git a/install/tools/ipa-restore b/install/tools/ipa-restore -index 604175b..f2572d5 100755 ---- a/install/tools/ipa-restore -+++ b/install/tools/ipa-restore -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Rob Crittenden <rcritten@redhat.com> - # - # Copyright (C) 2013 Red Hat -diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall -index 9bb0ef8..a0013f6 100755 ---- a/install/tools/ipa-server-certinstall -+++ b/install/tools/ipa-server-certinstall -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Jan Cholasta <jcholast@redhat.com> - # - # Copyright (C) 2013 Red Hat -diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install -index dfbbb91..753c7f0 100755 ---- a/install/tools/ipa-server-install -+++ b/install/tools/ipa-server-install -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> - # Simo Sorce <ssorce@redhat.com> - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig -index c565d27..174ab1b 100644 ---- a/install/tools/ipa-upgradeconfig -+++ b/install/tools/ipa-upgradeconfig -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/install/tools/ipactl b/install/tools/ipactl -index df0d6f5..48bbab5 100755 ---- a/install/tools/ipactl -+++ b/install/tools/ipactl -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: Simo Sorce <ssorce@redhat.com> - # - # Copyright (C) 2008-2010 Red Hat -diff --git a/ipa b/ipa -index c9b7338..64ceea4 100755 ---- a/ipa -+++ b/ipa -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - - # Authors: - # Jason Gerard DeRose <jderose@redhat.com> -diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount -index 000de4e..050bbf3 100755 ---- a/ipa-client/ipa-install/ipa-client-automount -+++ b/ipa-client/ipa-install/ipa-client-automount -@@ -1,4 +1,4 @@ --#!/usr/bin/python -E -+#!/usr/bin/python2 -E - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install -index 0f42e4b..19bfe9c 100755 ---- a/ipa-client/ipa-install/ipa-client-install -+++ b/ipa-client/ipa-install/ipa-client-install -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # Authors: Simo Sorce <ssorce@redhat.com> - # Karl MacMillan <kmacmillan@mentalrootkit.com> - # -diff --git a/ipapython/Makefile b/ipapython/Makefile -index a09ffd1..d1a3ff5 100644 ---- a/ipapython/Makefile -+++ b/ipapython/Makefile -@@ -1,4 +1,4 @@ --PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib()") -+PYTHONLIBDIR ?= $(shell python2 -c "from distutils.sysconfig import *; print get_python_lib()") - PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa - CONFIGDIR ?= $(DESTDIR)/etc/ipa - TESTS = $(wildcard test/*.py) -@@ -12,9 +12,9 @@ all: - - install: - if [ "$(DESTDIR)" = "" ]; then \ -- python setup.py install; \ -+ python2 setup.py install; \ - else \ -- python setup.py install --root $(DESTDIR); \ -+ python2 setup.py install --root $(DESTDIR); \ - fi - @for subdir in $(SUBDIRS); do \ - (cd $$subdir && $(MAKE) $@) || exit 1; \ -@@ -42,4 +42,4 @@ maintainer-clean: distclean - test: $(subst .py,.tst,$(TESTS)) - - %.tst: %.py -- python $< -+ python2 $< -diff --git a/ipapython/py_default_encoding/Makefile b/ipapython/py_default_encoding/Makefile -index 7cd1f6c..88f17f7 100644 ---- a/ipapython/py_default_encoding/Makefile -+++ b/ipapython/py_default_encoding/Makefile -@@ -1,15 +1,15 @@ --PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib()") -+PYTHONLIBDIR ?= $(shell python2 -c "from distutils.sysconfig import *; print get_python_lib()") - PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa - CONFIGDIR ?= $(DESTDIR)/etc/ipa - - all: -- python setup.py build -+ python2 setup.py build - - install: - if [ "$(DESTDIR)" = "" ]; then \ -- python setup.py install; \ -+ python2 setup.py install; \ - else \ -- python setup.py install --root $(DESTDIR); \ -+ python2 setup.py install --root $(DESTDIR); \ - fi - - clean: -diff --git a/ipapython/setup.py.in b/ipapython/setup.py.in -index c7c6845..2860daf 100644 ---- a/ipapython/setup.py.in -+++ b/ipapython/setup.py.in -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Copyright (C) 2007 Red Hat - # see file 'COPYING' for use and warranty information - # -diff --git a/ipapython/test/test_ipautil.py b/ipapython/test/test_ipautil.py -index ff9f282..abc19b3 100644 ---- a/ipapython/test/test_ipautil.py -+++ b/ipapython/test/test_ipautil.py -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # - # Copyright (C) 2007 Red Hat - # see file 'COPYING' for use and warranty information -diff --git a/ipapython/test/test_ipavalidate.py b/ipapython/test/test_ipavalidate.py -index 12b1577..3393de0 100644 ---- a/ipapython/test/test_ipavalidate.py -+++ b/ipapython/test/test_ipavalidate.py -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python2 -E - # - # Copyright (C) 2007 Red Hat - # see file 'COPYING' for use and warranty information -diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py -index 87c4eaf..09d8fba 100644 ---- a/ipaserver/install/ipa_server_certinstall.py -+++ b/ipaserver/install/ipa_server_certinstall.py -@@ -1,4 +1,4 @@ --#! /usr/bin/python -+#! /usr/bin/python2 - # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> - # Jan Cholasta <jcholast@redhat.com> - # -diff --git a/ipatests/i18n.py b/ipatests/i18n.py -index 9c8479b..e0ddfda 100755 ---- a/ipatests/i18n.py -+++ b/ipatests/i18n.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: - # John Dennis <jdennis@redhat.com> - # -diff --git a/ipatests/ipa-run-tests b/ipatests/ipa-run-tests -index 2b61d3c..7e3270b 100755 ---- a/ipatests/ipa-run-tests -+++ b/ipatests/ipa-run-tests -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - - # Authors: - # Petr Viktorin <pviktori@redhat.com> -diff --git a/ipatests/ipa-test-config b/ipatests/ipa-test-config -index ea6d2ce..dc94b8a 100755 ---- a/ipatests/ipa-test-config -+++ b/ipatests/ipa-test-config -@@ -1,4 +1,4 @@ --#! /usr/bin/python -+#! /usr/bin/python2 - - # Authors: - # Petr Viktorin <pviktori@redhat.com> -diff --git a/ipatests/ipa-test-task b/ipatests/ipa-test-task -index 9daad1c..91bc868 100755 ---- a/ipatests/ipa-test-task -+++ b/ipatests/ipa-test-task -@@ -1,4 +1,4 @@ --#! /usr/bin/python -+#! /usr/bin/python2 - - # Authors: - # Petr Viktorin <pviktori@redhat.com> -diff --git a/ipatests/setup.py.in b/ipatests/setup.py.in -index afbe9ab..dabf6d9 100644 ---- a/ipatests/setup.py.in -+++ b/ipatests/setup.py.in -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Copyright (C) 2007 Red Hat - # see file 'COPYING' for use and warranty information - # -diff --git a/ipatests/test_ipapython/test_dn.py b/ipatests/test_ipapython/test_dn.py -index cdeab93..60802b7 100644 ---- a/ipatests/test_ipapython/test_dn.py -+++ b/ipatests/test_ipapython/test_dn.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - - import unittest - from ipapython.dn import * -diff --git a/lite-server.py b/lite-server.py -index e065357..99089b0 100755 ---- a/lite-server.py -+++ b/lite-server.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - - # Authors: - # Jason Gerard DeRose <jderose@redhat.com> -diff --git a/make-lint b/make-lint -index d9c66a8..21d7b53 100755 ---- a/make-lint -+++ b/make-lint -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # - # Authors: - # Jakub Hrozek <jhrozek@redhat.com> -@@ -198,7 +198,7 @@ def find_files(path, basepath): - line = file.readline(128) - file.close() - -- if line[:2] == '#!' and line.find('python') >= 0: -+ if line[:2] == '#!' and line.find('python2') >= 0: - result.append(filepath) - - return result -diff --git a/make-test b/make-test -index b39e4db..1cf5bb3 100755 ---- a/make-test -+++ b/make-test -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - - """ - Run IPA unit tests under multiple versions of Python (if present). -diff --git a/make-testcert b/make-testcert -index 19c188a..ff25b39 100755 ---- a/make-testcert -+++ b/make-testcert -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # - # Authors: - # Rob Crittenden <rcritten@redhat.com> -diff --git a/makeapi b/makeapi -index 86907bd..df8497c 100755 ---- a/makeapi -+++ b/makeapi -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - # Authors: - # Rob Crittenden <rcritten@redhat.com> - # John Dennis <jdennis@redhat.com> -diff --git a/setup-client.py b/setup-client.py -index 332d292..a424440 100755 ---- a/setup-client.py -+++ b/setup-client.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - - # Authors: - # Jason Gerard DeRose <jderose@redhat.com> -diff --git a/setup.py b/setup.py -index 4a01b1e..af7964d 100755 ---- a/setup.py -+++ b/setup.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python2 - - # Authors: - # Jason Gerard DeRose <jderose@redhat.com> --- -1.9.2 - diff --git a/0004-NTP-Fixes.patch b/0004-NTP-Fixes.patch deleted file mode 100644 index 3cbf2a21f3c3..000000000000 --- a/0004-NTP-Fixes.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2b3e1e8cf40dd1ea203da3f50625277c5f9c253b Mon Sep 17 00:00:00 2001 -From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -Date: Wed, 16 Apr 2014 19:33:44 -0400 -Subject: [PATCH 4/7] NTP Fixes - ---- - ipa-client/ipaclient/ntpconf.py | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py -index 7c95a46..4a39200 100644 ---- a/ipa-client/ipaclient/ntpconf.py -+++ b/ipa-client/ipaclient/ntpconf.py -@@ -109,9 +109,9 @@ def config_ntp(server_fqdn, fstore = None, sysstore = None): - if os.path.exists(path_step_tickers): - config_step_tickers = True - ns = ipautil.template_str(ntp_step_tickers, sub_dict) -- __backup_config(path_step_tickers, fstore) -- __write_config(path_step_tickers, ns) -- ipaservices.restore_context(path_step_tickers) -+ #__backup_config(path_step_tickers, fstore) -+ #__write_config(path_step_tickers, ns) -+ #ipaservices.restore_context(path_step_tickers) - - if sysstore: - module = 'ntp' -@@ -146,7 +146,7 @@ def synconce_ntp(server_fqdn): - if os.path.exists(ntpdate): - # retry several times -- logic follows /etc/init.d/ntpdate - # implementation -- cmd = [ntpdate, "-U", "ntp", "-s", "-b", "-v", server_fqdn] -+ cmd = [ntpdate, "-s", "-b", "-v", server_fqdn] - for retry in range(0, 3): - try: - ipautil.run(cmd) --- -1.9.2 - diff --git a/0005-Fix-nss-includes.patch b/0005-Fix-nss-includes.patch deleted file mode 100644 index 9291e511baec..000000000000 --- a/0005-Fix-nss-includes.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e4a871010d86affbf1a3e9d29bf3ec366056f55a Mon Sep 17 00:00:00 2001 -From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -Date: Wed, 16 Apr 2014 19:34:03 -0400 -Subject: [PATCH 5/7] Fix nss includes - ---- - util/ipa_pwd.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/util/ipa_pwd.c b/util/ipa_pwd.c -index 761d1ef..4363706 100644 ---- a/util/ipa_pwd.c -+++ b/util/ipa_pwd.c -@@ -27,10 +27,10 @@ - #include <stdio.h> - #include <time.h> - #include <ctype.h> --#include <nss3/nss.h> --#include <nss3/nssb64.h> --#include <nss3/hasht.h> --#include <nss3/pk11pub.h> -+#include <nss/nss.h> -+#include <nss/nssb64.h> -+#include <nss/hasht.h> -+#include <nss/pk11pub.h> - #include <errno.h> - #include "ipa_pwd.h" - -@@ -159,7 +159,7 @@ static int ipapwd_gentime_cmp(const void *p1, const void *p2) - - #define SHA_SALT_LENGTH 8 - --/* SHA*_LENGTH leghts come from nss3/hasht.h */ -+/* SHA*_LENGTH leghts come from nss/hasht.h */ - #define SHA_HASH_MAX_LENGTH SHA512_LENGTH - - static int ipapwd_hash_type_to_alg(char *hash_type, --- -1.9.2 - diff --git a/0006-Disable-make-testcert.patch b/0006-Disable-make-testcert.patch deleted file mode 100644 index 120e30f8f2f5..000000000000 --- a/0006-Disable-make-testcert.patch +++ /dev/null @@ -1,24 +0,0 @@ -From e4288e533f9dc3111d4b552b51b9e236459c7415 Mon Sep 17 00:00:00 2001 -From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -Date: Wed, 16 Apr 2014 19:34:24 -0400 -Subject: [PATCH 6/7] Disable make testcert - ---- - Makefile | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/Makefile b/Makefile -index eeeb605..c80ff33 100644 ---- a/Makefile -+++ b/Makefile -@@ -110,7 +110,6 @@ lint: bootstrap-autogen - - - test: -- ./make-testcert - ./make-test - - release-update: --- -1.9.2 - diff --git a/0007-Fix-nosetests-path.patch b/0007-Fix-nosetests-path.patch deleted file mode 100644 index fe90c757f913..000000000000 --- a/0007-Fix-nosetests-path.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 9a3ed6203f651568f2f02debbaa223cb3e95fcfc Mon Sep 17 00:00:00 2001 -From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -Date: Wed, 16 Apr 2014 19:34:55 -0400 -Subject: [PATCH 7/7] Fix nosetests path - ---- - make-test | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/make-test b/make-test -index 1cf5bb3..23a5790 100755 ---- a/make-test -+++ b/make-test -@@ -12,7 +12,7 @@ from subprocess import call - - versions = ('2.4', '2.5', '2.6', '2.7') - python = '/usr/bin/python' --nose = '/usr/bin/nosetests' -+nose = '/usr/bin/nosetests2' - ran = [] - fail = [] - --- -1.9.2 - @@ -1,348 +1,205 @@ # Maintainer: Jan Cholasta <grubber at grubber cz> # Contributor: Xiao-Long Chen <chenxiaolong@cxl.epac.to> -# Based on commit b9a15de92091334a6ff3fc9074655f6e5d9f24dd from the fedpkg -# master branch for freeipa. - -# NOTE: ntp, autofs, and ntp support is currently broken because the formats of -# the /etc/conf.d/ configuration files in Arch Linux differ from the formats of -# Fedora's /etc/sysconfig/ configuration files. - -# Active directory trusts will not (probably never) work in Arch. It requires a -# heavily patched version of Samba 4, which uses MIT Kerberos instead of -# Heimdal. (Fedora went through 174 releases to get this working O_O) - -# Client only, for now -build_server=false - -# AUR workaround -pkgname=freeipa - pkgbase=freeipa -: && pkgname=('freeipa') - -if [ "x${build_server}" == "xtrue" ]; then - pkgname+=('freeipa-server') -fi - -pkgver=3.3.5 +pkgname=(freeipa-python freeipa-client freeipa-admintools) +pkgver=4.2.3 pkgrel=1 -pkgdesc="The Identity, Policy, and Audit system" +pkgdesc='The Identity, Policy and Audit system' arch=('i686' 'x86_64') -url="http://www.freeipa.org/" -license=('GPL') - -# Client dependencies -makedepends=() - -# FreeIPA server dependencies -if [ "x${build_server}" == "xtrue" ]; then - makedepends+=('389-ds-base' - #'libwbclient' - 'samba' - 'svrcore' - 'talloc' - 'tevent') - - # SELinux dependencies - #makedepends+=('selinux-refpolicy-arch' - # 'selinux-usr-checkpolicy' - # 'selinux-usr-policycoreutils') -fi - -# Other dependencies -makedepends+=('curl' - 'java-runtime>=7' - 'krb5' - 'libunistring' - 'nspr' - 'nss' - 'openssl' - 'openldap' - 'popt' - 'python2' - 'python2-distribute' - 'python2-dnspython' - 'python2-kerberos' - 'python2-krbv' - 'python2-ldap' - 'python2-lxml' - 'python2-memcached' - 'python2-m2crypto' - 'python2-netaddr' - 'python2-nss' - 'python2-polib' - 'python2-pyasn1' - 'python2-pylint' - 'python2-pyopenssl' - # Red Hat specific - #'python2-rhsm' - 'sssd' - 'xmlrpc-c') - -# Dependencies for "make check" -checkdepends=('check' 'python2-nose') - -options=('!libtool') -source=("http://www.freeipa.org/downloads/src/freeipa-${pkgver}.tar.gz" - 'sss-auth-setup.py' - '0001-Use-Arch-Linux-Paths.patch' - '0002-Add-Arch-Linux-Platform.patch' - '0003-Use-Python-2.patch' - '0004-NTP-Fixes.patch' - '0005-Fix-nss-includes.patch' - '0006-Disable-make-testcert.patch' - '0007-Fix-nosetests-path.patch') -sha512sums=('58325e7a619eeb0170dd32a648f22e50c0df2d7bc0a7609b6f0be3b8328890e5e027ba094fd4970ac063544b4d163f4e07ac62c1b358dba5246e148c2fd830b6' - '5f101692e311205b3706642c6f329459646aaa693683ab2d4847bd8a7f464ef99ec617b0422df8e25ec2a0dc3a68cd9bf54db4bb3013b84844df15160716adc8' - '604927b05f248c6ee8a42c87198a3ab05aa2a98b3a8f4b9ee0352e049d9e59195eac2292b609a9f84b176875cd6640d118f7e5c35f74b042f7e03561aafd2c04' - '7bd0dba218626f27f918b9cf15cf25183a90421ee2c792648f36e6cd75cf09f2ff04e30a9419f6033aa4d640fc1f7dcfa973fec9fc2c74354bb1e609621d449b' - '872a172451c436fc916b72bc48733905b4f9298ece39ad737f60790e9fe2da896dfd2255f58d7aeb301c9c19a2bb2078684ca8449f9dec5dcb45fc1f5bda7b30' - 'a70bcc98ea71e8154e7600d6bf7ed8de6bbb73d31b5ccb0b556a538e9cce78fbd71698e3be6cfa33487226e0e79d6fb8ee78d926259a4543fe4300a6b90b9a09' - '294a6e3a09cada150dd0f21c712f312840a882acb067520b70ebd058cd4ee88863a2a828df63efc190c5608ffb0d71d60253883baddeb7487aec7b3d905abb04' - '5bc0afc21a9a178ace728f902422683502b6cf579585bc8feab42d1f7701e8609468e92265b22c7f1f958f0f175f3287ea011e8f149fb30b231708e15b6eefd2' - '0a79540e0df4e7b0fed8fd378411799fc5b2152795e1938df2ee6935e944517cd8c780740e8aec2f718476f3b5bd0a36113b85add04d4bdb180da5ba80c37c50') +url='http://www.freeipa.org/' +license=('GPL3') +makedepends=('nspr' + 'nss' + 'openssl' + 'openldap' + 'krb5>=1.13' + 'libutil-linux' + 'curl>7.21.7' + 'xmlrpc-c>=1.27.4' + 'popt' + 'python2' + 'python2-ldap' + 'python2-setuptools' + 'python2-krbv' + 'python2-nss' + 'python2-cryptography' + 'python2-netaddr' + 'python2-kerberos>=1.1' + 'sssd>=1.13.1' + 'python2-memcached' + 'python2-lxml' + 'python2-pyasn1>=0.0.9a' + 'python2-qrcode' + 'python2-dnspython>=1.11.1' + 'systemd' + 'libunistring' + 'python2-yubico>=1.2.3') +source=("http://freeipa.org/downloads/src/freeipa-$pkgver.tar.gz" + sss-auth-setup.py + archlinux.patch) +sha256sums=('7b0e5cb834c6ca36bfe464ec4c6a226e44ce1948edd74b7c4344f43e75d9a133' + '012a11cdc42e0eb072eec3dd988fa910964f355ec2ae6b67ead373ad69e84e3e' + '3e237f89fe2d806cdc2e4694233d0e01e01996aa41036dd520b99cb6dae71eed') + +prepare() { + cd "${pkgbase}-${pkgver}" + + rm -rf ipaplatform/archlinux + + patch -p1 <"$srcdir"/archlinux.patch +} build() { - cd "${srcdir}/${pkgbase}-${pkgver}" - - # Change Fedora's paths to the equivalents in Arch Linux - patch -p1 -i "${srcdir}/0001-Use-Arch-Linux-Paths.patch" - # Make slight changes to Fedora 18's platform code (systemd service names, - # /bin/ -> /usr/bin/, etc) and add a minimal Arch Linux platform that - # calls most of Fedora 18's platform, except for AuthConfig - patch -p1 -i "${srcdir}/0002-Add-Arch-Linux-Platform.patch" - # FreeIPA hasn't been ported to Python 3, so the code must be modified to - # run /usr/bin/python2 - patch -p1 -i "${srcdir}/0003-Use-Python-2.patch" - # Arch Linux's ntp does not accept the '-U' parameter and does not have a - # /etc/sysconfig/ configuration files, so the relevant code must be removed - patch -p1 -i "${srcdir}/0004-NTP-Fixes.patch" - # Arch Linux's nss package installs the header files to /usr/include/nss/ - # instead of /usr/include/nss3/ - patch -p1 -i "${srcdir}/0005-Fix-nss-includes.patch" - # make-testcert requires a running certificate server to work properly - patch -p1 -i "${srcdir}/0006-Disable-make-testcert.patch" - # Arch Linux's python2-nose package installs nosetests as - # /usr/bin/nosetests2 - patch -p1 -i "${srcdir}/0007-Fix-nosetests-path.patch" + cd "${pkgbase}-${pkgver}" - export SUPPORTED_PLATFORM=archlinux - export PYTHON=python2 + # Arch specific + export PYTHON=/usr/bin/python2 + mkdir -p _install - # Force regeneration of platform support - rm ipapython/services.py + export SUPPORTED_PLATFORM=archlinux - make version-update + # Force re-generate of platform support + export IPA_VENDOR_VERSION_SUFFIX=-$pkgrel + rm -f ipapython/version.py + rm -f ipaplatform/services.py + rm -f ipaplatform/tasks.py + rm -f ipaplatform/paths.py + rm -f ipaplatform/constants.py + make version-update + cd ipa-client; ../autogen.sh --prefix=/usr --sysconfdir=/etc --sbindir=/usr/bin; cd .. - pushd ipa-client - ../autogen.sh --prefix=/usr --sysconfdir=/etc --sbindir=/usr/bin - popd + make IPA_VERSION_IS_GIT_SNAPSHOT=no client - if [ "x${build_server}" == "xtrue" ]; then - pushd daemons - ../autogen.sh --prefix=/usr --sysconfdir=/etc --sbindir=/usr/bin --with-openldap - popd + make client-install DESTDIR="$PWD"/_install - pushd install - ../autogen.sh --prefix=/usr --sysconfdir=/etc --sbindir=/usr/bin - popd + mkdir -p _install/usr/share/ipa - make IPA_VERSION_IS_GIT_SNAPSHOT=no all - else - make IPA_VERSION_IS_GIT_SNAPSHOT=no client - fi + mkdir -p _install/etc/ipa/ + mkdir -p _install/etc/ipa/nssdb + mkdir -p _install/etc/ipa/dnssec + mkdir -p _install/var/lib/ipa-client/sysrestore + mkdir -p _install/etc/bash_completion.d + install -pm 644 contrib/completion/ipa.bash_completion _install/etc/bash_completion.d/ipa } -check() { - cd "${srcdir}/${pkgbase}-${pkgver}" - # Tests require FreeIPA to be installed and set up - #make test +package_freeipa-python() { + pkgdesc='Python libraries used by IPA' + depends=('python2-kerberos>=1.1' + 'gnupg' + 'iproute2' + 'keyutils' + 'python2-nss>=0.16' + 'python2-cryptography' + 'python2-lxml' + 'python2-netaddr' + 'sssd' + 'python2-qrcode>=5.0.0' + 'python2-pyasn1' + 'python2-dateutil' + 'python2-yubico>=1.2.3' + 'wget' + 'python2-dbus' + 'python2-setuptools') + + cd "${pkgbase}-${pkgver}" + + install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README \ + Contributors.txt + + local _file + for _file in _install/usr/share/locale/*/*/ipa.mo \ + _install/usr/lib/python2.*/site-packages/ipapython \ + _install/usr/lib/python2.*/site-packages/ipalib \ + _install/usr/lib/python2.*/site-packages/ipaplatform \ + _install/usr/lib/python2.*/site-packages/default_encoding_utf8.so \ + _install/usr/lib/python2.*/site-packages/_ipap11helper.so \ + _install/usr/lib/python2.*/site-packages/ipapython-*.egg-info \ + _install/usr/lib/python2.*/site-packages/freeipa-*.egg-info \ + _install/usr/lib/python2.*/site-packages/ipaplatform-*.egg-info \ + _install/usr/lib/python2.*/site-packages/python_default_encoding-*.egg-info \ + _install/usr/lib/python2.*/site-packages/_ipap11helper-*.egg-info \ + _install/etc/ipa/nssdb \ + _install/etc/ipa/dnssec + do + _file="${_file#_install/}" + mkdir -p "$pkgdir"/"${_file%/*}" + mv _install/"$_file" "$pkgdir"/"$_file" + done } -# All files are in freeipa package. This one is here only for the dependencies. -package_freeipa-server() { - : && pkgdesc="The IPA authentication server" - depends=("freeipa=${pkgver}-${pkgrel}" - '389-ds-base' - 'acl' - 'apache' - 'cyrus-sasl-gssapi' - 'keyutils' - 'krb5' - 'memcached' - 'mod_auth_kerb' - 'mod_nss' - 'mod_wsgi' - 'nss' - 'ntp' - 'openldap' - 'python2-dnspython' - 'python2-krbv' - 'python2-ldap' - 'python2-memcached' - 'python2-pyasn1' - 'slapi-nis' - 'systemd' - 'tomcat7' - 'zip') - optdepends=('python2-m2crypto: For Microsoft Active Directory trusts' - 'samba: For Microsoft Active Directory trusts' - 'sssd: For Microsoft Active Directory trusts') - backup=('etc/ipa/html/browserconfig.html' - 'etc/ipa/html/ffconfig.js' - 'etc/ipa/html/ffconfig_page.js' - 'etc/ipa/html/ipa_error.css' - 'etc/ipa/html/ssbrowser.html' - 'etc/ipa/html/unauthorized.html') - # Backup files created by this package - backup+=('etc/httpd/conf/extra/ipa-rewrite.conf' - 'etc/httpd/conf/extra/ipa.conf' - 'etc/httpd/conf/extra/ipa-pki-proxy.conf' - 'usr/share/ipa/html/ca.crt') - install=install.freeipa-server - - # SELinux dependencies - #depends+=("freeipa-server-selinux=${pkgver}-${pkgrel}" - # 'selinux-refpolicy-arch' - # 'selinux-usr-policycoreutils') - - # Conflicts with mod_ssl, but that is a part of the apache package - #conflicts=('mod_ssl') +package_freeipa-client() { + pkgdesc='IPA authentication for use on clients' + depends=("freeipa-python=$pkgver-$pkgrel" + 'python2-ldap' + 'cyrus-sasl-gssapi' + 'ntp' + 'krb5' + 'pam-krb5' + 'curl>=7.21.7' + 'xmlrpc-c>=1.27.4' + 'sssd>=1.13.1' + 'certmonger>=0.78' + 'nss' + 'bind-tools' + 'oddjob' + 'python2-krbv' + 'python2-dnspython>=1.11.1' + 'autofs' + 'nfsidmap' + 'nfs-utils') + install=freeipa-client.install + + cd "${pkgbase}-${pkgver}" + + install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README \ + Contributors.txt + + local _file + for _file in _install/usr/bin/ipa-client-install \ + _install/usr/bin/ipa-client-automount \ + _install/usr/bin/ipa-certupdate \ + _install/usr/bin/ipa-getkeytab \ + _install/usr/bin/ipa-rmkeytab \ + _install/usr/bin/ipa-join \ + _install/usr/share/ipa \ + _install/var/lib/ipa-client/sysrestore \ + _install/usr/lib/python2.*/site-packages/ipaclient \ + _install/usr/share/man/man1/ipa-getkeytab.1.gz \ + _install/usr/share/man/man1/ipa-rmkeytab.1.gz \ + _install/usr/share/man/man1/ipa-client-install.1.gz \ + _install/usr/share/man/man1/ipa-client-automount.1.gz \ + _install/usr/share/man/man1/ipa-certupdate.1.gz \ + _install/usr/share/man/man1/ipa-join.1.gz \ + _install/usr/share/man/man5/default.conf.5.gz + do + _file="${_file#_install/}" + mkdir -p "$pkgdir"/"${_file%/*}" + mv _install/"$_file" "$pkgdir"/"$_file" + done + + install -Dm755 "$srcdir"/sss-auth-setup.py "$pkgdir"/usr/bin/sss-auth-setup } -package_freeipa() { - : && pkgdesc="IPA authentication for use on clients" - depends=('autofs' - 'bind' - 'certmonger' - 'curl' - 'cyrus-sasl-gssapi' - 'gnupg' - 'iproute2' - 'nfs-utils' - 'nfsidmap' - 'nss' - 'ntp' - 'oddjob' - 'pam-krb5' - 'python2-dnspython' - 'python2-kerberos' - 'python2-krbv' - 'python2-ldap' - 'python2-lxml' - 'python2-netaddr' - 'python2-nss' - 'python2-pyopenssl' - 'sssd' - 'wget' - 'xmlrpc-c') - backup=('etc/ipa/default.conf' - 'etc/ipa/ca.crt') - install=install.freeipa - - # authconfig is Fedora specific - #depends+=('authconfig') - - install -dm755 "${pkgdir}/usr/bin/" - install -m755 "${srcdir}/sss-auth-setup.py" \ - "${pkgdir}/usr/bin/sss-auth-setup" - - cd "${srcdir}/${pkgbase}-${pkgver}" - - export SUPPORTED_PLATFORM=archlinux - export PYTHON=python2 - - # Force regeneration of platform support - rm ipapython/services.py - - if [ "x${build_server}" == "xtrue" ]; then - make install DESTDIR="${pkgdir}" - else - make client-install DESTDIR="${pkgdir}" - fi - - if [ "x${build_server}" == "xtrue" ]; then - # Some user-modifiable HTML files are provided. Move these to /etc and link - # back. - install -dm755 "${pkgdir}/etc/ipa/html/" - install -dm755 "${pkgdir}/var/cache/ipa/sysrestore/" - install -dm755 "${pkgdir}/var/cache/ipa/sysupgrade/" - install -dm755 "${pkgdir}/usr/share/ipa/html/" - ln -s ../../../../etc/ipa/html/ffconfig.js \ - "${pkgdir}/usr/share/ipa/html/ffconfig.js" - ln -s ../../../../etc/ipa/html/ffconfig_page.js \ - "${pkgdir}/usr/share/ipa/html/ffconfig_page.js" - ln -s ../../../../etc/ipa/html/ssbrowser.html \ - "${pkgdir}/usr/share/ipa/html/ssbrowser.html" - ln -s ../../../../etc/ipa/html/unauthorized.html \ - "${pkgdir}/usr/share/ipa/html/unauthorized.html" - ln -s ../../../../etc/ipa/html/browserconfig.html \ - "${pkgdir}/usr/share/ipa/html/browserconfig.html" - ln -s ../../../../etc/ipa/html/ipa_error.css \ - "${pkgdir}/usr/share/ipa/html/ipa_error.css" - - # So we can own our Apache configuration - install -dm755 "${pkgdir}/etc/httpd/conf/extra/" - touch "${pkgdir}/etc/httpd/conf/extra/ipa.conf" - touch "${pkgdir}/etc/httpd/conf/extra/ipa-pki-proxy.conf" - touch "${pkgdir}/etc/httpd/conf/extra/ipa-rewrite.conf" - install -dm755 "${pkgdir}/usr/share/ipa/html/" - touch "${pkgdir}/usr/share/ipa/html/ca.crt" - touch "${pkgdir}/usr/share/ipa/html/configure.jar" - touch "${pkgdir}/usr/share/ipa/html/kerberosauth.xpi" - touch "${pkgdir}/usr/share/ipa/html/krb.con" - touch "${pkgdir}/usr/share/ipa/html/krb.js" - touch "${pkgdir}/usr/share/ipa/html/krb5.ini" - touch "${pkgdir}/usr/share/ipa/html/krbrealm.con" - touch "${pkgdir}/usr/share/ipa/html/preferences.html" - - # systemd service - install -dm755 "${pkgdir}/usr/lib/systemd/system/" - install -m644 \ - init/systemd/ipa.service \ - init/systemd/ipa_memcached.service \ - "${pkgdir}/usr/lib/systemd/system/" - - # Configuration files - install -dm755 "${pkgdir}/etc/conf.d/" - install -m644 init/ipa_memcached.conf \ - "${pkgdir}/etc/conf.d/" - - # /run - install -dm755 "${pkgdir}/run/" - install -dm700 "${pkgdir}/run/ipa/" - install -dm700 "${pkgdir}/run/ipa_memcached/" - - # systemd tmpfiles.d configuration - install -dm755 "${pkgdir}/usr/lib/tmpfiles.d/" - install -m644 init/systemd/ipa.conf.tmpfiles \ - "${pkgdir}/usr/lib/tmpfiles.d/ipa.conf" - - # bash completion configuration files - install -dm755 "${pkgdir}/etc/bash_completion.d/" - install -m644 contrib/completion/ipa.bash_completion \ - "${pkgdir}/etc/bash_completion.d/ipa" - - # Web UI plugin dir - install -dm755 "${pkgdir}/usr/share/ipa/ui/js/plugins/" - - # Backup directory - install -dm755 "${pkgdir}/var/lib/ipa/backup/" - fi - - install -dm755 "${pkgdir}/var/lib/ipa-client/sysrestore/" - - # /etc/ipa/ is needed for ipa-client-install - install -dm755 "${pkgdir}/etc/ipa/" - - # Fix filenames - pushd "${pkgdir}/usr/lib/python2.7/site-packages/" - mv ipapython-${pkgver}*-py2.7.egg-info ipapython-${pkgver}-py2.7.egg-info - popd - - find "${pkgdir}/" \( -name '*.pyc' -o -name '*.pyo' \) -delete - - # Not packaging the tests for now - find "${pkgdir}/" -type f | grep '\.py' | grep ipatests | xargs rm -f +package_freeipa-admintools() { + pkgdesc="IPA administrative tools" + depends=("freeipa-python=$pkgver-$pkgrel" + "freeipa-client=$pkgver-$pkgrel" + 'python2-krbv' + 'python2-ldap') + + cd "${pkgbase}-${pkgver}" + + install -D -m644 -t"$pkgdir"/usr/share/doc/$pkgname README \ + Contributors.txt + + local _file + for _file in _install/usr/bin/ipa \ + _install/etc/bash_completion.d \ + _install/usr/share/man/man1/ipa.1 + do + _file="${_file#_install/}" + mkdir -p "$pkgdir"/"${_file%/*}" + mv _install/"$_file" "$pkgdir"/"$_file" + done } diff --git a/archlinux.patch b/archlinux.patch new file mode 100644 index 000000000000..5035bf3a90c0 --- /dev/null +++ b/archlinux.patch @@ -0,0 +1,376 @@ +From 4578e73df81f2edc0e2d1dc6799be54ae4ed6971 Mon Sep 17 00:00:00 2001 +From: Xiao-Long Chen <chenxiaolong@cxl.epac.to> +Date: Wed, 16 Apr 2014 19:31:08 -0400 +Subject: [PATCH] Add Arch Linux Platform + +This patch has been adapted from the patches and sss-auth-setup.py script +provided with freeipa in AUR. + +Signed-off-by: Jan Cholasta <jcholast@redhat.com> +--- + ipa-client/ipa-install/ipa-client-install | 32 ------------------------------- + ipa-client/ipaclient/ipa_certupdate.py | 12 ------------ + ipa-client/ipaclient/ntpconf.py | 6 +++--- + ipa-client/man/ipa-client-automount.1 | 4 ++-- + ipa-client/man/ipa-client-install.1 | 5 ++--- + ipaplatform/archlinux/__init__.py | 3 +++ + ipaplatform/archlinux/authconfig.py | 22 +++++++++++++++++++++ + ipaplatform/archlinux/constants.py | 12 ++++++++++++ + ipaplatform/archlinux/paths.py | 21 ++++++++++++++++++++ + ipaplatform/archlinux/services.py | 29 ++++++++++++++++++++++++++++ + ipaplatform/archlinux/tasks.py | 16 ++++++++++++++++ + ipaplatform/setup.py.in | 1 + + ipapython/certmonger.py | 12 +++--------- + 13 files changed, 114 insertions(+), 61 deletions(-) + create mode 100644 ipaplatform/archlinux/__init__.py + create mode 100644 ipaplatform/archlinux/authconfig.py + create mode 100644 ipaplatform/archlinux/constants.py + create mode 100644 ipaplatform/archlinux/paths.py + create mode 100644 ipaplatform/archlinux/services.py + create mode 100644 ipaplatform/archlinux/tasks.py + +diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install +index 789ff59..1d57245 100755 +--- a/ipa-client/ipa-install/ipa-client-install ++++ b/ipa-client/ipa-install/ipa-client-install +@@ -536,7 +536,6 @@ def uninstall(options, env): + hostname = socket.getfqdn() + + ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR) +- sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR) + + cmonger = services.knownservices.certmonger + if ipa_db.has_nickname('Local IPA host'): +@@ -547,15 +546,6 @@ def uninstall(options, env): + root_logger.error("%s failed to stop tracking certificate: %s", + cmonger.service_name, e) + +- client_nss_nickname = 'IPA Machine Certificate - %s' % hostname +- if sys_db.has_nickname(client_nss_nickname): +- try: +- certmonger.stop_tracking(paths.NSS_DB_DIR, +- nickname=client_nss_nickname) +- except RuntimeError, e: +- root_logger.error("%s failed to stop tracking certificate: %s", +- cmonger.service_name, e) +- + # Remove our host cert and CA cert + try: + ipa_certs = ipa_db.list_certs() +@@ -570,15 +560,6 @@ def uninstall(options, env): + os.path.join(ipa_db.secdir, 'pwdfile.txt')): + remove_file(filename) + +- for nickname, trust_flags in ipa_certs: +- while sys_db.has_nickname(nickname): +- try: +- sys_db.delete_cert(nickname) +- except Exception, e: +- root_logger.error("Failed to remove %s from %s: %s", +- nickname, sys_db.secdir, e) +- break +- + # Remove any special principal names we added to the IPA CA helper + certmonger.remove_principal_from_cas() + +@@ -2883,19 +2864,6 @@ def install(options, env, fstore, statestore): + # Add the CA certificates to the platform-dependant systemwide CA store + tasks.insert_ca_certs_into_systemwide_ca_store(ca_certs) + +- # Add the CA certificates to the default NSS database +- root_logger.debug( +- "Attempting to add CA certificates to the default NSS database.") +- sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR) +- for cert, nickname, trust_flags in ca_certs_trust: +- try: +- sys_db.add_cert(cert, nickname, trust_flags) +- except CalledProcessError, e: +- root_logger.error( +- "Failed to add %s to the default NSS database.", nickname) +- return CLIENT_INSTALL_ERROR +- root_logger.info("Added CA certificates to the default NSS database.") +- + if not options.on_master: + client_dns(cli_server[0], hostname, options) + configure_certmonger(fstore, subject_base, cli_realm, hostname, +diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py +index a953067..4cb8872 100644 +--- a/ipa-client/ipaclient/ipa_certupdate.py ++++ b/ipa-client/ipaclient/ipa_certupdate.py +@@ -94,17 +94,6 @@ class CertUpdate(admintool.AdminTool): + self.update_file(paths.IPA_CA_CRT, certs) + + ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR) +- sys_db = certdb.NSSDatabase(paths.NSS_DB_DIR) +- +- # Remove IPA certs from /etc/pki/nssdb +- for nickname, trust_flags in ipa_db.list_certs(): +- while sys_db.has_nickname(nickname): +- try: +- sys_db.delete_cert(nickname) +- except ipautil.CalledProcessError, e: +- self.log.error("Failed to remove %s from %s: %s", +- nickname, sys_db.secdir, e) +- break + + # Remove old IPA certs from /etc/ipa/nssdb + for nickname in ('IPA CA', 'External CA cert'): +@@ -117,7 +106,6 @@ class CertUpdate(admintool.AdminTool): + break + + self.update_db(ipa_db.secdir, certs) +- self.update_db(sys_db.secdir, certs) + + tasks.remove_ca_certs_from_systemwide_ca_store() + tasks.insert_ca_certs_into_systemwide_ca_store(certs) +diff --git a/ipa-client/ipaclient/ntpconf.py b/ipa-client/ipaclient/ntpconf.py +index 9a7db65..3c26eef 100644 +--- a/ipa-client/ipaclient/ntpconf.py ++++ b/ipa-client/ipaclient/ntpconf.py +@@ -112,9 +112,9 @@ def config_ntp(ntp_servers, fstore = None, sysstore = None): + if os.path.exists(path_step_tickers): + config_step_tickers = True + ns = ipautil.template_str(ntp_step_tickers, sub_dict) +- __backup_config(path_step_tickers, fstore) +- __write_config(path_step_tickers, ns) +- tasks.restore_context(path_step_tickers) ++ #__backup_config(path_step_tickers, fstore) ++ #__write_config(path_step_tickers, ns) ++ #tasks.restore_context(path_step_tickers) + + if sysstore: + module = 'ntp' +diff --git a/ipa-client/man/ipa-client-automount.1 b/ipa-client/man/ipa-client-automount.1 +index 5b60503..16ccbea 100644 +--- a/ipa-client/man/ipa-client-automount.1 ++++ b/ipa-client/man/ipa-client-automount.1 +@@ -29,7 +29,7 @@ The automount configuration consists of three files: + .IP o + /etc/nsswitch.conf + .IP o +-/etc/sysconfig/autofs ++/etc/conf.d/autofs + .IP o + /etc/autofs_ldap_auth.conf + +@@ -79,7 +79,7 @@ Files that will be configured when SSSD is the automount client (default): + .TP + Files that will be configured when using the ldap automount client: + +-/etc/sysconfig/autofs ++/etc/conf.d/autofs + + /etc/autofs_ldap_auth.conf + +diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 +index 0fafd8a..9ffcd05 100644 +--- a/ipa-client/man/ipa-client-install.1 ++++ b/ipa-client/man/ipa-client-install.1 +@@ -235,7 +235,7 @@ Files that will be replaced if they exist and SSSD is not configured (\-\-no\-ss + Files replaced if NTP is enabled: + + /etc/ntp.conf\p +-/etc/sysconfig/ntpd\p ++/etc/conf.d/ntpd.conf\p + /etc/ntp/step\-tickers\p + .TP + Files always created (replacing existing content): +@@ -249,9 +249,8 @@ Files always created (replacing existing content): + Files updated, existing content is maintained: + + /etc/nsswitch.conf\p +-/etc/pki/nssdb\p + /etc/krb5.keytab\p +-/etc/sysconfig/network\p ++/etc/hostname\p + .SH "EXIT STATUS" + 0 if the installation was successful + +diff --git a/ipaplatform/archlinux/__init__.py b/ipaplatform/archlinux/__init__.py +new file mode 100644 +index 0000000..9da42e7 +--- /dev/null ++++ b/ipaplatform/archlinux/__init__.py +@@ -0,0 +1,3 @@ ++# ++# Copyright (C) 2015 FreeIPA Contributors see COPYING for license ++# +diff --git a/ipaplatform/archlinux/authconfig.py b/ipaplatform/archlinux/authconfig.py +new file mode 100644 +index 0000000..620b057 +--- /dev/null ++++ b/ipaplatform/archlinux/authconfig.py +@@ -0,0 +1,22 @@ ++# ++# Copyright (C) 2015 FreeIPA Contributors see COPYING for license ++# ++ ++from ipaplatform.base.authconfig import AuthConfig ++ ++ ++class ArchLinuxAuthConfig(AuthConfig): ++ """ ++ Arch Linux implementation of the AuthConfig class. ++ ++ The freeipa package includes a sss-auth-setup.py Python 2 script which ++ will set up both the NSS and PAM configuration. However, this script ++ modifies the PAM configuration files directly, so the changes need to ++ be undone before pacman updates anything in /etc/pam.d/ and if any new ++ configuration files are added. ++ ++ It's probably best to have this handled manually. ++ """ ++ ++ def execute(self): ++ raise NotImplementedError +diff --git a/ipaplatform/archlinux/constants.py b/ipaplatform/archlinux/constants.py +new file mode 100644 +index 0000000..459c22c +--- /dev/null ++++ b/ipaplatform/archlinux/constants.py +@@ -0,0 +1,12 @@ ++# ++# Copyright (C) 2015 FreeIPA Contributors see COPYING for license ++# ++ ++from ipaplatform.base.constants import BaseConstantsNamespace ++ ++ ++class ArchLinuxConstantsNamespace(BaseConstantsNamespace): ++ pass ++ ++ ++constants = ArchLinuxConstantsNamespace() +diff --git a/ipaplatform/archlinux/paths.py b/ipaplatform/archlinux/paths.py +new file mode 100644 +index 0000000..d5b5da5 +--- /dev/null ++++ b/ipaplatform/archlinux/paths.py +@@ -0,0 +1,21 @@ ++# ++# Copyright (C) 2015 FreeIPA Contributors see COPYING for license ++# ++ ++from ipaplatform.redhat.paths import RedHatPathNamespace ++ ++ ++class ArchLinuxPathNamespace(RedHatPathNamespace): ++ AUTOFS_LDAP_AUTH_CONF = "/etc/autofs/autofs_ldap_auth.conf" ++ SYSCONFIG_NFS = "/etc/conf.d/nfs-common.conf" ++ SYSCONFIG_NTPD = "/etc/conf.d/ntpd.conf" ++ SYSCONFIG_AUTOFS = "/etc/default/autofs" ++ DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = ( ++ "/usr/lib/certmonger/certmonger/dogtag-ipa-ca-renew-agent-submit") ++ DOGTAG_IPA_RENEW_AGENT_SUBMIT = ( ++ "/usr/lib/certmonger/certmonger/dogtag-ipa-renew-agent-submit") ++ IPA_SERVER_GUARD = "/usr/lib/certmonger/certmonger/ipa-server-guard" ++ LIB64_FIREFOX = "/usr/lib/firefox" ++ ++ ++paths = ArchLinuxPathNamespace() +diff --git a/ipaplatform/archlinux/services.py b/ipaplatform/archlinux/services.py +new file mode 100644 +index 0000000..4230e62 +--- /dev/null ++++ b/ipaplatform/archlinux/services.py +@@ -0,0 +1,29 @@ ++# ++# Copyright (C) 2015 FreeIPA Contributors see COPYING for license ++# ++ ++from ipaplatform.redhat.services import ( ++ redhat_system_units, RedHatService, redhat_service_class_factory, ++ RedHatServices, timedate_services) ++ ++archlinux_system_units = dict(redhat_system_units) ++archlinux_system_units['messagebus'] = 'dbus.service' ++archlinux_system_units['rpcgssd'] = 'rpc-gssd.service' ++archlinux_system_units['rpcidmapd'] = 'rpc-idmapd.service' ++ ++ ++class ArchLinuxService(RedHatService): ++ system_units = archlinux_system_units ++ ++ ++def archlinux_service_class_factory(name): ++ return ArchLinuxService(name) ++ ++ ++class ArchLinuxServices(RedHatServices): ++ def service_class_factory(self, name): ++ return archlinux_service_class_factory(name) ++ ++ ++service = archlinux_service_class_factory ++knownservices = ArchLinuxServices() +diff --git a/ipaplatform/archlinux/tasks.py b/ipaplatform/archlinux/tasks.py +new file mode 100644 +index 0000000..654eb9a +--- /dev/null ++++ b/ipaplatform/archlinux/tasks.py +@@ -0,0 +1,16 @@ ++# ++# Copyright (C) 2015 FreeIPA Contributors see COPYING for license ++# ++ ++from ipaplatform.archlinux.paths import paths ++from ipaplatform.base.tasks import BaseTaskNamespace ++ ++ ++class ArchLinuxTaskNamespace(BaseTaskNamespace): ++ def restore_network_configuration(self, fstore, statestore): ++ filepath = paths.ETC_HOSTNAME ++ if fstore.has_file(filepath): ++ fstore.restore_file(filepath) ++ ++ ++tasks = ArchLinuxTaskNamespace() +diff --git a/ipaplatform/setup.py.in b/ipaplatform/setup.py.in +index 944e686..1fcaab0 100644 +--- a/ipaplatform/setup.py.in ++++ b/ipaplatform/setup.py.in +@@ -66,6 +66,7 @@ def setup_package(): + classifiers=filter(None, CLASSIFIERS.split('\n')), + package_dir = {'ipaplatform': ''}, + packages = ["ipaplatform", ++ "ipaplatform.archlinux", + "ipaplatform.base", + "ipaplatform.fedora", + "ipaplatform.redhat", +diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py +index b376768..b22ce24 100644 +--- a/ipapython/certmonger.py ++++ b/ipapython/certmonger.py +@@ -418,7 +418,7 @@ def add_principal_to_cas(principal): + If the hostname we were passed to use in ipa-client-install doesn't + match the value of gethostname() then we need to append + -k host/HOSTNAME@REALM to the ca helper defined for +- /usr/libexec/certmonger/ipa-submit. ++ /usr/lib/certmonger/certmonger/ipa-submit. + + We also need to restore this on uninstall. + """ +@@ -493,18 +493,12 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, + params['KEY_PIN_FILE'] = os.path.abspath(pinfile) + if pre_command: + if not os.path.isabs(pre_command): +- if sys.maxsize > 2**32L: +- libpath = 'lib64' +- else: +- libpath = 'lib' ++ libpath = 'lib' + pre_command = certmonger_cmd_template % (libpath, pre_command) + params['cert-presave-command'] = pre_command + if post_command: + if not os.path.isabs(post_command): +- if sys.maxsize > 2**32L: +- libpath = 'lib64' +- else: +- libpath = 'lib' ++ libpath = 'lib' + post_command = certmonger_cmd_template % (libpath, post_command) + params['cert-postsave-command'] = post_command + if profile: +-- +2.6.4 + diff --git a/freeipa-client.install b/freeipa-client.install new file mode 100644 index 000000000000..07a72603e788 --- /dev/null +++ b/freeipa-client.install @@ -0,0 +1,60 @@ +post_upgrade() { + # Has the client been configured? + restore=0 + test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}') + + if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then + if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then + echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew + cat /etc/krb5.conf >> /etc/krb5.conf.ipanew + mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf + fi + fi + + if [ -f '/etc/sysconfig/ntpd' -a $restore -ge 2 ]; then + if grep -E -q 'OPTIONS=.*-u ntp:ntp' /etc/sysconfig/ntpd 2>/dev/null; then + sed -r '/OPTIONS=/ { s/\s+-u ntp:ntp\s+/ /; s/\s*-u ntp:ntp\s*// }' /etc/sysconfig/ntpd >/etc/sysconfig/ntpd.ipanew + mv -Z /etc/sysconfig/ntpd.ipanew /etc/sysconfig/ntpd + + /bin/systemctl condrestart ntpd.service 2>&1 || : + fi + fi + + if [ ! -f '/etc/ipa/nssdb/cert8.db' -a $restore -ge 2 ]; then + python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1 + fi + + # Has the client been configured? + restore=0 + test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}') + + if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then + if grep -E -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then + sed -r ' + /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d + ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew + + if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then + sed -ri ' + s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ + s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/ + ' /etc/ssh/sshd_config.ipanew + elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then + sed -ri ' + s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ + s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/ + ' /etc/ssh/sshd_config.ipanew + elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then + sed -ri ' + s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/ + s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/ + ' /etc/ssh/sshd_config.ipanew + fi + + mv -Z /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config + chmod 600 /etc/ssh/sshd_config + + /bin/systemctl condrestart sshd.service 2>&1 || : + fi + fi +} diff --git a/install.freeipa b/install.freeipa deleted file mode 100644 index 4d2bd0e9788a..000000000000 --- a/install.freeipa +++ /dev/null @@ -1,47 +0,0 @@ -post_upgrade() { - # Has the client been configured? - restore=0 - test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}') - - if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then - if ! grep -Eq '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null; then - echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew - cat /etc/krb5.conf >> /etc/krb5.conf.ipanew - mv /etc/krb5.conf.ipanew /etc/krb5.conf - fi - fi - - # Has the client been configured? - restore=0 - test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' \ - && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' \ - | awk '{print $1}') - - if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then - if grep -Eq '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then - sed -r ' - /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d - ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew - - if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then - sed -ri ' - s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ - s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/ - ' /etc/ssh/sshd_config.ipanew - elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then - sed -ri ' - s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ - s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/ - ' /etc/ssh/sshd_config.ipanew - elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then - sed -ri ' - s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/ - s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/ - ' /etc/ssh/sshd_config.ipanew - fi - - mv /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config - chmod 600 /etc/ssh/sshd_config - fi - fi -} diff --git a/install.freeipa-server b/install.freeipa-server deleted file mode 100644 index 08aa85b15e74..000000000000 --- a/install.freeipa-server +++ /dev/null @@ -1,34 +0,0 @@ -post_install() { - # Fedora updates systemd and attempts to restart the service, but Arch usually - # does not do this. - #systemctl --system daemon-reload - - echo "Please install the optional dependencies to set up trusts for Microsoft's" - echo "Active Directory. The winbind_krb5_locator.so plugin in the samba package" - echo "will also have to be removed." - echo - echo "IMPORTANT: You MUST include the following files in /etc/httpd/httpd.conf after" - echo "running ipa-server-install if you want web access to the administration GUI:" - echo " /etc/httpd/conf/extra/ipa-rewrite.conf" - echo " /etc/httpd/conf/extra/ipa.conf" - echo " /etc/httpd/conf/extra/ipa-pki-proxy.conf" -} - -post_upgrade() { - # Update FreeIPA's configuration. It is safe to run even when the - # configuration files do not need to be updated. - ipa-upgradeconfig - ipa-ldap-updater --upgrade -} - -post_remove() { - # Remove %ghost'ed (from Fedora's spec) files - rm -vf \ - /usr/share/ipa/html/configure.jar \ - /usr/share/ipa/html/kerberosauth.xpi \ - /usr/share/ipa/html/krb.con \ - /usr/share/ipa/html/krb.js \ - /usr/share/ipa/html/krb5.ini \ - /usr/share/ipa/html/krbrealm.con \ - /usr/share/ipa/html/preferences.html -} diff --git a/sss-auth-setup.py b/sss-auth-setup.py index efc6eadcd624..38a0d435b54a 100755 --- a/sss-auth-setup.py +++ b/sss-auth-setup.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python2 # Written by: Xiao-Long Chen <chenxiaolong@cxl.epac.to> # License: GPLv3 |