Arch Linux User Repository

Keys are in keys/pgp of this package.

to get past the issues reported by yougotborked, I had to:

1) install unlisted build dependencies:

ding-libs, openldap, python-jinja, python-pyasn1-modules, xmlrpc-c

2) install unlisted dependencies from AUR:

python-gssapi, python-nss, python-yubico, yp-tool, certmonger, oddjob, python-ipaclient, python-ipalib

3) fix around things arch does not have (but Fedora/CentOS do)

$ mkdir /etc/krb5.conf.d
$ ln -sf /usr/bin/true  /usr/bin/authselect
$ mkdir /etc/authselect
$ cp /etc/nsswitch.conf /etc/authselect/user-nsswitch.conf

$ cat /etc/krb5.conf.d/freeipa
[libdefaults]
    spake_preauth_groups = edwards25519

Its about the presence of these files and dirs.

After that freeipa-client did build and a join using ipa-client-install ... succeeded.

To get users visible (ie with id) I then had to:

4) manually setup nsswitch.conf by adding to the top:

passwd:     sss files systemd
shadow:     files sss
group:      sss files systemd
netgroup:   sss files
automount:  sss files
services:   sss files
sudoers:    files sss

To get users authenticated I had to:

5) manually setup PAM as described here https://wiki.archlinux.org/index.php/LDAP_authentication#PAM_Configuration_2

the last two are apparently necessary cause arch has no authconfig.

Same issue as yougotborked :-(

the package is missing a chrony dependancy, ipa-client-install fails setting up ntp without it

Continue to configure the system with these values? [no]: yes
Synchronizing time
Configuration of chrony was changed by installer.
CalledProcessError(Command ['/bin/systemctl', 'restart', 'chronyd.service'] returned non-zero exit status 5: 'Failed to restart chronyd.service: Unit chronyd.service not found.\n')
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

next ipa-client-install is missing access to some template files

Could not remove /tmp/tmpp8azpdku.ipabkp
[Errno 2] No such file or directory: '/usr/share/ipa/client/freeipa.template'
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information

Next, when trying to uninstall with ipa-client-install --uninstall we get another missing dependency "authselect"

[awing /]# ipa-client-install --uninstall
Disabling client Kerberos and LDAP configurations
Failed to remove krb5/LDAP configuration: [Errno 2] No such file or directory: '/usr/bin/authselect'
The ipa-client-install command failed. See /var/log/ipaclient-uninstall.log for more information

Could you add --with-ipaplatform=arch to ./configure to allow building on manjaro

Hi,

Here you go :

From 7af1f4b3c8d0130f6c6d61765d8396b2e8b7a508 Mon Sep 17 00:00:00 2001
From: Xiao-Long Chen <chenxiaolong@cxl.epac.to>
Date: Wed, 16 Apr 2014 19:31:08 -0400
Subject: [PATCH 2/2] platform: add Arch Linux platform

This patch has been adapted from the patches provided with freeipa package
in the Arch User Repository (AUR).

Signed-off-by: Jan Cholasta <jcholast@redhat.com>
---
 client/man/ipa-client-automount.1 |  4 ++--
 client/man/ipa-client-install.1   |  4 ++--
 ipaplatform/arch/__init__.py      |  3 +++
 ipaplatform/arch/constants.py     | 12 ++++++++++++
 ipaplatform/arch/paths.py         | 22 ++++++++++++++++++++++
 ipaplatform/arch/services.py      | 30 ++++++++++++++++++++++++++++++
 ipaplatform/arch/tasks.py         | 19 +++++++++++++++++++
 ipaplatform/setup.py              |  1 +
 8 files changed, 91 insertions(+), 4 deletions(-)
 create mode 100644 ipaplatform/arch/__init__.py
 create mode 100644 ipaplatform/arch/constants.py
 create mode 100644 ipaplatform/arch/paths.py
 create mode 100644 ipaplatform/arch/services.py
 create mode 100644 ipaplatform/arch/tasks.py

diff --git a/client/man/ipa-client-automount.1 b/client/man/ipa-client-automount.1
index 8b9989dec..2399250b1 100644
--- a/client/man/ipa-client-automount.1
+++ b/client/man/ipa-client-automount.1
@@ -29,7 +29,7 @@ The automount configuration consists of three files:
 .IP  o
 /etc/nsswitch.conf
 .IP  o
-/etc/sysconfig/autofs
+/etc/conf.d/autofs
 .IP  o
 /etc/autofs_ldap_auth.conf

@@ -79,7 +79,7 @@ Files that will be configured when SSSD is the automount client (default):
 .TP
 Files that will be configured when using the ldap automount client:

-/etc/sysconfig/autofs
+/etc/conf.d/autofs

 /etc/autofs_ldap_auth.conf

diff --git a/client/man/ipa-client-install.1 b/client/man/ipa-client-install.1
index 319952cb6..d01ccec64 100644
--- a/client/man/ipa-client-install.1
+++ b/client/man/ipa-client-install.1
@@ -270,6 +270,6 @@ Files updated, existing content is maintained:
 .br
 /etc/krb5.keytab
 .br
-/etc/sysconfig/network
+/etc/hostname

 .TP
diff --git a/ipaplatform/arch/__init__.py b/ipaplatform/arch/__init__.py
new file mode 100644
index 000000000..9da42e7b4
--- /dev/null
+++ b/ipaplatform/arch/__init__.py
@@ -0,0 +1,3 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
diff --git a/ipaplatform/arch/constants.py b/ipaplatform/arch/constants.py
new file mode 100644
index 000000000..b4857aa7c
--- /dev/null
+++ b/ipaplatform/arch/constants.py
@@ -0,0 +1,12 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.constants import RedHatConstantsNamespace
+
+
+class ArchConstantsNamespace(RedHatConstantsNamespace):
+    pass
+
+
+constants = ArchConstantsNamespace()
diff --git a/ipaplatform/arch/paths.py b/ipaplatform/arch/paths.py
new file mode 100644
index 000000000..27721cf2f
--- /dev/null
+++ b/ipaplatform/arch/paths.py
@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat.paths import RedHatPathNamespace
+
+
+class ArchPathNamespace(RedHatPathNamespace):
+    AUTOFS_LDAP_AUTH_CONF = "/etc/autofs/autofs_ldap_auth.conf"
+    CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
+    SYSCONFIG_NFS = "/etc/conf.d/nfs-common.conf"
+    SYSCONFIG_NTPD = "/etc/conf.d/ntpd.conf"
+    SYSCONFIG_AUTOFS = "/etc/default/autofs"
+    DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = (
+        "/usr/lib/certmonger/certmonger/dogtag-ipa-ca-renew-agent-submit")
+    DOGTAG_IPA_RENEW_AGENT_SUBMIT = (
+        "/usr/lib/certmonger/certmonger/dogtag-ipa-renew-agent-submit")
+    IPA_SERVER_GUARD = "/usr/lib/certmonger/certmonger/ipa-server-guard"
+    LIB64_FIREFOX = "/usr/lib/firefox"
+
+
+paths = ArchPathNamespace()
diff --git a/ipaplatform/arch/services.py b/ipaplatform/arch/services.py
new file mode 100644
index 000000000..4ddfb53c9
--- /dev/null
+++ b/ipaplatform/arch/services.py
@@ -0,0 +1,30 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.redhat import services as redhat_services
+
+arch_system_units = dict(redhat_services.redhat_system_units)
+arch_system_units['messagebus'] = 'dbus.service'
+arch_system_units['rpcgssd'] = 'rpc-gssd.service'
+arch_system_units['rpcidmapd'] = 'rpc-idmapd.service'
+
+
+class ArchService(redhat_services.RedHatService):
+    system_units = arch_system_units
+
+
+def arch_service_class_factory(name, api=None):
+    if name in {'messagebus', 'rpcgssd', 'rpcidmapd'}:
+        return ArchService(name, api)
+    return redhat_services.redhat_service_class_factory(name, api)
+
+
+class ArchServices(redhat_services.RedHatServices):
+    def service_class_factory(self, name, api=None):
+        return arch_service_class_factory(name, api)
+
+
+timedate_services = redhat_services.timedate_services
+service = arch_service_class_factory
+knownservices = ArchServices()
diff --git a/ipaplatform/arch/tasks.py b/ipaplatform/arch/tasks.py
new file mode 100644
index 000000000..58b837d79
--- /dev/null
+++ b/ipaplatform/arch/tasks.py
@@ -0,0 +1,19 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipaplatform.arch.paths import paths
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
+
+class ArchTaskNamespace(RedHatTaskNamespace):
+    def restore_network_configuration(self, fstore, statestore):
+        filepath = paths.ETC_HOSTNAME
+        if fstore.has_file(filepath):
+            fstore.restore_file(filepath)
+
+    def is_fips_enabled(self):
+        return False
+
+
+tasks = ArchTaskNamespace()
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 501e2bc56..b47875164 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -34,6 +34,7 @@ if __name__ == '__main__':
         package_dir={'ipaplatform': ''},
         packages=[
             "ipaplatform",
+            "ipaplatform.arch",
             "ipaplatform.base",
             "ipaplatform.debian",
             "ipaplatform.fedora",
-- 
2.13.3

Hi,

I successfully build this package, with some modifications. I didn't tried all the tools, and I don't know if there is some side effects to my patches. But right now, my ipa cli seems to be working fine. The main goal was to remove all python2 dependencies and only build python3 packages.

Here are the modifications I made by file :

• PKGBUILD

In the pkgname var, I removed python2-ipalib and python2-ipaclient. In the makedepends var, I removed python2, python2-setuptools, python2-nss, python2-pyasn1, python2-pyasn1-modules, python2-dnspython, python2-six, python2-cffi, python2-jinja.

In the sha256sums, I replaced the sum for 0001-platform-add-Arch-Linux-platform.patch by 'SKIP' to skip it.

In the build function, I removed the lines between "cd freeipa-${pkgver}" and "export PYTHON=/usr/bin/python3". I also removed all the line with either "pushd" or "popd" in the end of the function.

I commented the function to build python2-ipalib and python2-ipaclient. In the package_freeipa-client function, I modified the python2-ipaclient requirements to python-ipaclient and python2-gssapi to python-gssapi.

• 0001-platform-add-Arch-Linux-platform.patch

I updated the ipa-client-install.1 patch to :

diff --git a/client/man/ipa-client-install.1 b/client/man/ipa-client-install.1
index 319952cb6..d01ccec64 100644
--- a/client/man/ipa-client-install.1
+++ b/client/man/ipa-client-install.1
@@ -270,6 +270,6 @@ Files updated, existing content is maintained:
 .br
 /etc/krb5.keytab
 .br
-/etc/sysconfig/network
+/etc/hostname

.TP

I get several errors trying to update to the latest 4.8.4-1 update (2020-02-10):

The first one happens during prepare when applying patches from ./0001-platform-add-Arch-Linux-platform.patch:

==> Starting prepare()...
patching file client/man/ipa-client-automount.1
Hunk #2 succeeded at 82 (offset 3 lines).
patching file client/man/ipa-client-install.1
Hunk #1 FAILED at 250.
Hunk #2 FAILED at 272.
2 out of 2 hunks FAILED -- saving rejects to file client/man/ipa-client-install.1.rej
patching file ipaplatform/arch/__init__.py
patching file ipaplatform/arch/constants.py
patching file ipaplatform/arch/paths.py
patching file ipaplatform/arch/services.py
patching file ipaplatform/arch/tasks.py
patching file ipaplatform/setup.py
Hunk #1 succeeded at 34 with fuzz 1.
    ==> ERROR: A failure occurred in prepare().
Aborting...

The patch file lines do not match the file to be patched. So I removed those lines and disabled the checksum (also tried just adding the new checksum). This lets me progress but fails at the python version check in the configure file. This file checks if python is >= 3.6 which fails because in the PKGBUILD the python is set to python2 by [i]export PYTHON=/usr/bin/python2[/i] for the non python3 build. I tried to fix this by adding a "sed -i 's/3.6/2.7/g' ../freeipa-${pkgver}/configure" to the prepare statement after the source is copied. After this change I get past this stage but run into the next error:

==> Leaving fakeroot environment.
==> Finished making: freeipa 4.8.4-1 (2020-02-11T14:23:58 CET)

loading packages...
resolving dependencies...
warning: cannot resolve "python-gssapi>=1.2.0", a dependency of "python-ipalib"
warning: cannot resolve "python-nss>=0.16", a dependency of "python-ipalib"
warning: cannot resolve "python-yubico>=1.2.3", a dependency of "python-ipalib"
warning: cannot resolve "python-ipalib=4.8.4-1", a dependency of "python-ipaclient"
warning: cannot resolve "python-gssapi>=1.2.0", a dependency of "python-ipalib"
warning: cannot resolve "python-nss>=0.16", a dependency of "python-ipalib"
warning: cannot resolve "python-yubico>=1.2.3", a dependency of "python-ipalib"
:: The following packages cannot be upgraded due to unresolvable dependencies:
      python-ipaclient  python-ipalib

:: Do you want to skip the above packages for this upgrade? [y/N]

Here I do not know how to continue. The mentioned packages appear to build fine before. I fear one of my previous "fixes" could be the reason and a proper fix for this package (or my system?) is needed. I also wonder if the python2 package variants are even needed anymore as python2 support was removed with freeipa 4.8.0 (https://fedoraproject.org/wiki/Changes/FreeIPA_Python_2_Removal)