Arch Linux User Repository

Keys are in keys/pgp of this package.

I managed to make it work. In addition to steps mentioned below, I had to remove the python-nss dependency from PKGBUILD which btw is currently broken, create a /etc/sysconfig and a /etc/pki directory, create a dummy nis-domainname.service with the following content:

[Unit]
Description=Dummy service

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=true

[Install]
WantedBy=multi-user.target

Then I had to copy /usr/share/ipa into my Arch machine from another Fedora installation with freeipa-client installed. Funnily, it works on my Arch machine but not on Fedora which is getting a strange problem I can't explain. The only thing not working is the certificate, which is imported into /etc/pki and not read by arch.

ipa-client-install fails after the update:

$ /usr/bin/ipa-client-install 
    Traceback (most recent call last):
    File /usr/bin/ipa-client-install, line 22, in <module>
    from ipaclient.install import ipa_client_install
    ModuleNotFoundError: No module named 'ipaclient.install'

to get past the issues reported by yougotborked, I had to:

1) install unlisted build dependencies:

ding-libs, openldap, python-jinja, python-pyasn1-modules, xmlrpc-c

2) install unlisted dependencies from AUR:

python-gssapi, python-nss, python-yubico, yp-tool, certmonger, oddjob, python-ipaclient, python-ipalib

3) fix around things arch does not have (but Fedora/CentOS do)

$ mkdir /etc/krb5.conf.d
$ ln -sf /usr/bin/true  /usr/bin/authselect
$ mkdir /etc/authselect
$ cp /etc/nsswitch.conf /etc/authselect/user-nsswitch.conf

$ cat /etc/krb5.conf.d/freeipa
[libdefaults]
    spake_preauth_groups = edwards25519

Its about the presence of these files and dirs.

After that freeipa-client did build and a join using ipa-client-install ... succeeded.

To get users visible (ie with id) I then had to:

4) manually setup nsswitch.conf by adding to the top:

passwd:     sss files systemd
shadow:     files sss
group:      sss files systemd
netgroup:   sss files
automount:  sss files
services:   sss files
sudoers:    files sss

To get users authenticated I had to:

5) manually setup PAM as described here https://wiki.archlinux.org/index.php/LDAP_authentication#PAM_Configuration_2

the last two are apparently necessary cause arch has no authconfig.

Same issue as yougotborked :-(

the package is missing a chrony dependancy, ipa-client-install fails setting up ntp without it

Continue to configure the system with these values? [no]: yes
Synchronizing time
Configuration of chrony was changed by installer.
CalledProcessError(Command ['/bin/systemctl', 'restart', 'chronyd.service'] returned non-zero exit status 5: 'Failed to restart chronyd.service: Unit chronyd.service not found.\n')
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

next ipa-client-install is missing access to some template files

Could not remove /tmp/tmpp8azpdku.ipabkp
[Errno 2] No such file or directory: '/usr/share/ipa/client/freeipa.template'
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

Next, when trying to uninstall with ipa-client-install --uninstall we get another missing dependency "authselect"

[awing /]# ipa-client-install --uninstall
Disabling client Kerberos and LDAP configurations
Failed to remove krb5/LDAP configuration: [Errno 2] No such file or directory: '/usr/bin/authselect'
The ipa-client-install command failed. See /var/log/ipaclient-uninstall.log for more information

Could you add --with-ipaplatform=arch to ./configure to allow building on manjaro

Hi,

Here you go :

From 7af1f4b3c8d0130f6c6d61765d8396b2e8b7a508 Mon Sep 17 00:00:00 2001
From: Xiao-Long Chen <chenxiaolong@cxl.epac.to>
Date: Wed, 16 Apr 2014 19:31:08 -0400
Subject: [PATCH 2/2] platform: add Arch Linux platform

This patch has been adapted from the patches provided with freeipa package
in the Arch User Repository (AUR).

Signed-off-by: Jan Cholasta <jcholast@redhat.com>
---
 client/man/ipa-client-automount.1 |  4 ++--
 client/man/ipa-client-install.1   |  4 ++--
 ipaplatform/arch/__init__.py      |  3 +++
 ipaplatform/arch/constants.py     | 12 ++++++++++++
 ipaplatform/arch/paths.py         | 22 ++++++++++++++++++++++
 ipaplatform/arch/services.py      | 30 ++++++++++++++++++++++++++++++
 ipaplatform/arch/tasks.py         | 19 +++++++++++++++++++
 ipaplatform/setup.py              |  1 +
 8 files changed, 91 insertions(+), 4 deletions(-)
 create mode 100644 ipaplatform/arch/__init__.py
 create mode 100644 ipaplatform/arch/constants.py
 create mode 100644 ipaplatform/arch/paths.py
 create mode 100644 ipaplatform/arch/services.py
 create mode 100644 ipaplatform/arch/tasks.py

diff --git a/client/man/ipa-client-automount.1 b/client/man/ipa-client-automount.1
index 8b9989dec..2399250b1 100644
--- a/client/man/ipa-client-automount.1
+++ b/client/man/ipa-client-automount.1
@@ -29,7 +29,7 @@ The automount configuration consists of three files:
 .IP  o
 /etc/nsswitch.conf
 .IP  o
-/etc/sysconfig/autofs
+/etc/conf.d/autofs
 .IP  o
 /etc/autofs_ldap_auth.conf

@@ -79,7 +79,7 @@ Files that will be configured when SSSD is the automount client (default):
 .TP
 Files that will be configured when using the ldap automount client:

-/etc/sysconfig/autofs
+/etc/conf.d/autofs

 /etc/autofs_ldap_auth.conf

diff --git a/client/man/ipa-client-install.1 b/client/man/ipa-client-install.1
index 319952cb6..d01ccec64 100644
--- a/client/man/ipa-client-install.1
+++ b/client/man/ipa-client-install.1
@@ -270,6 +270,6 @@ Files updated, existing content is maintained:
 .br
 /etc/krb5.keytab
 .br
-/etc/sysconfig/network
+/etc/hostname

 .TP
diff --git a/ipaplatform/arch/__init__.py b/ipaplatform/arch/__init__.py
new file mode 100644
index 000000000..9da42e7b4
--- /dev/null
+++ b/ipaplatform/arch/__init__.py
@@ -0,0 +1,3 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
diff --git a/ipaplatform/arch/constants.py b/ipaplatform/arch/constants.py
new file mode 100644
index 000000000..b4857aa7c
--- /dev/null
+++ b/ipaplatform/arch/constants.py
@@ -0,0 +1,12 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.constants import RedHatConstantsNamespace
+
+
+class ArchConstantsNamespace(RedHatConstantsNamespace):
+    pass
+
+
+constants = ArchConstantsNamespace()
diff --git a/ipaplatform/arch/paths.py b/ipaplatform/arch/paths.py
new file mode 100644
index 000000000..27721cf2f
--- /dev/null
+++ b/ipaplatform/arch/paths.py
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.paths import RedHatPathNamespace
+
+
+class ArchPathNamespace(RedHatPathNamespace):
+    AUTOFS_LDAP_AUTH_CONF = "/etc/autofs/autofs_ldap_auth.conf"
+    CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
+    SYSCONFIG_NFS = "/etc/conf.d/nfs-common.conf"
+    SYSCONFIG_NTPD = "/etc/conf.d/ntpd.conf"
+    SYSCONFIG_AUTOFS = "/etc/default/autofs"
+    DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = (
+        "/usr/lib/certmonger/certmonger/dogtag-ipa-ca-renew-agent-submit")
+    DOGTAG_IPA_RENEW_AGENT_SUBMIT = (
+        "/usr/lib/certmonger/certmonger/dogtag-ipa-renew-agent-submit")
+    IPA_SERVER_GUARD = "/usr/lib/certmonger/certmonger/ipa-server-guard"
+    LIB64_FIREFOX = "/usr/lib/firefox"
+
+
+paths = ArchPathNamespace()
diff --git a/ipaplatform/arch/services.py b/ipaplatform/arch/services.py
new file mode 100644
index 000000000..4ddfb53c9
--- /dev/null
+++ b/ipaplatform/arch/services.py
@@ -0,0 +1,30 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat import services as redhat_services
+
+arch_system_units = dict(redhat_services.redhat_system_units)
+arch_system_units['messagebus'] = 'dbus.service'
+arch_system_units['rpcgssd'] = 'rpc-gssd.service'
+arch_system_units['rpcidmapd'] = 'rpc-idmapd.service'
+
+
+class ArchService(redhat_services.RedHatService):
+    system_units = arch_system_units
+
+
+def arch_service_class_factory(name, api=None):
+    if name in {'messagebus', 'rpcgssd', 'rpcidmapd'}:
+        return ArchService(name, api)
+    return redhat_services.redhat_service_class_factory(name, api)
+
+
+class ArchServices(redhat_services.RedHatServices):
+    def service_class_factory(self, name, api=None):
+        return arch_service_class_factory(name, api)
+
+
+timedate_services = redhat_services.timedate_services
+service = arch_service_class_factory
+knownservices = ArchServices()
diff --git a/ipaplatform/arch/tasks.py b/ipaplatform/arch/tasks.py
new file mode 100644
index 000000000..58b837d79
--- /dev/null
+++ b/ipaplatform/arch/tasks.py
@@ -0,0 +1,19 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.arch.paths import paths
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
+
+class ArchTaskNamespace(RedHatTaskNamespace):
+    def restore_network_configuration(self, fstore, statestore):
+        filepath = paths.ETC_HOSTNAME
+        if fstore.has_file(filepath):
+            fstore.restore_file(filepath)
+
+    def is_fips_enabled(self):
+        return False
+
+
+tasks = ArchTaskNamespace()
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 501e2bc56..b47875164 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -34,6 +34,7 @@ if __name__ == '__main__':
         package_dir={'ipaplatform': ''},
         packages=[
             "ipaplatform",
+            "ipaplatform.arch",
             "ipaplatform.base",
             "ipaplatform.debian",
             "ipaplatform.fedora",
-- 
2.13.3