Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[freeipa] Update to version 3.2.0

  • Loading branch information...
commit 4e0df0c4992ef8d0629586036fdf4f00a4e2c730 1 parent 9434108
@chenxiaolong authored
View
254 freeipa/0001_Use_ArchLinux_Paths.patch
@@ -1,28 +1,36 @@
-diff -Nru freeipa-3.0.1.orig/install/conf/ca_renewal freeipa-3.0.1/install/conf/ca_renewal
---- freeipa-3.0.1.orig/install/conf/ca_renewal 2012-11-16 16:16:18.751841000 -0500
-+++ freeipa-3.0.1/install/conf/ca_renewal 2012-11-16 16:16:42.500238000 -0500
+--- a/init/systemd/ipa_memcached.service
++++ b/init/systemd/ipa_memcached.service
+@@ -4,7 +4,7 @@
+
+ [Service]
+ Type=forking
+-EnvironmentFile=/etc/sysconfig/ipa_memcached
++EnvironmentFile=/etc/conf.d/ipa_memcached.conf
+ PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
+ ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS
+
+--- a/install/conf/ca_renewal
++++ b/install/conf/ca_renewal
@@ -3,4 +3,4 @@
id=dogtag-ipa-retrieve-agent-submit
ca_is_default=0
ca_type=EXTERNAL
-ca_external_helper=/usr/libexec/certmonger/dogtag-ipa-retrieve-agent-submit
+ca_external_helper=/usr/lib/certmonger/certmonger/dogtag-ipa-retrieve-agent-submit
-diff -Nru freeipa-3.0.1.orig/install/conf/ipa.conf freeipa-3.0.1/install/conf/ipa.conf
---- freeipa-3.0.1.orig/install/conf/ipa.conf 2012-11-16 16:16:18.752270000 -0500
-+++ freeipa-3.0.1/install/conf/ipa.conf 2012-11-16 16:16:50.913588000 -0500
-@@ -24,7 +24,7 @@
-
+--- a/install/conf/ipa.conf
++++ b/install/conf/ipa.conf
+@@ -36,7 +36,7 @@
+ FileETag None
# FIXME: WSGISocketPrefix is a server-scope directive. The mod_wsgi package
-# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf:
+# should really be fixed by adding this its /etc/httpd/conf/extra/wsgi.conf:
- WSGISocketPrefix /var/run/httpd/wsgi
+ WSGISocketPrefix /run/httpd/wsgi
-diff -Nru freeipa-3.0.1.orig/install/tools/ipa-upgradeconfig freeipa-3.0.1/install/tools/ipa-upgradeconfig
---- freeipa-3.0.1.orig/install/tools/ipa-upgradeconfig 2012-11-16 16:16:18.622128000 -0500
-+++ freeipa-3.0.1/install/tools/ipa-upgradeconfig 2012-11-16 16:17:36.270716000 -0500
-@@ -117,7 +117,7 @@
+--- a/install/tools/ipa-upgradeconfig
++++ b/install/tools/ipa-upgradeconfig
+@@ -111,7 +111,7 @@
def find_hostname():
"""Find the hostname currently configured in ipa-rewrite.conf"""
@@ -31,7 +39,7 @@ diff -Nru freeipa-3.0.1.orig/install/tools/ipa-upgradeconfig freeipa-3.0.1/insta
if not ipautil.file_exists(filename):
return None
-@@ -140,7 +140,7 @@
+@@ -134,7 +134,7 @@
Returns True if autoredirect is enabled, False otherwise
"""
@@ -40,9 +48,9 @@ diff -Nru freeipa-3.0.1.orig/install/tools/ipa-upgradeconfig freeipa-3.0.1/insta
if os.path.exists(filename):
pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn
p = re.compile(pattern)
-@@ -626,9 +626,9 @@
- '=')
- sub_dict['CLONE']='#' if crl.lower() == 'true' else ''
+@@ -904,9 +904,9 @@
+ certmap_dir = dsinstance.config_dirname(
+ dsinstance.realm_to_serverid(api.env.realm))
- upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
- upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
@@ -50,12 +58,11 @@ diff -Nru freeipa-3.0.1.orig/install/tools/ipa-upgradeconfig freeipa-3.0.1/insta
+ upgrade(sub_dict, "/etc/httpd/conf/extra/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
+ upgrade(sub_dict, "/etc/httpd/conf/extra/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
+ upgrade(sub_dict, "/etc/httpd/conf/extra/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True)
+ upgrade(sub_dict, os.path.join(certmap_dir, "certmap.conf"),
+ os.path.join(ipautil.SHARE_DIR, "certmap.conf.template"))
upgrade_pki(ca, fstore)
- update_dbmodules(api.env.realm)
- uninstall_ipa_kpasswd()
-diff -Nru freeipa-3.0.1.orig/install/tools/man/ipa-upgradeconfig.8 freeipa-3.0.1/install/tools/man/ipa-upgradeconfig.8
---- freeipa-3.0.1.orig/install/tools/man/ipa-upgradeconfig.8 2012-11-16 16:16:18.609474000 -0500
-+++ freeipa-3.0.1/install/tools/man/ipa-upgradeconfig.8 2012-11-16 16:17:52.593384000 -0500
+--- a/install/tools/man/ipa-upgradeconfig.8
++++ b/install/tools/man/ipa-upgradeconfig.8
@@ -24,7 +24,7 @@
.SH "DESCRIPTION"
A tool to update the IPA Apache configuration during an upgrade.
@@ -65,10 +72,35 @@ diff -Nru freeipa-3.0.1.orig/install/tools/man/ipa-upgradeconfig.8 freeipa-3.0.1
It also will convert a CA configured to be accessible via ports 9443, 9444, 9445 and 9446 to be proxied by the IPA web server on ports 80 and 443.
-diff -Nru freeipa-3.0.1.orig/ipa-client/ipa-install/ipa-client-install freeipa-3.0.1/ipa-client/ipa-install/ipa-client-install
---- freeipa-3.0.1.orig/ipa-client/ipa-install/ipa-client-install 2012-11-16 16:16:19.338614000 -0500
-+++ freeipa-3.0.1/ipa-client/ipa-install/ipa-client-install 2012-11-16 16:18:04.763569000 -0500
-@@ -512,7 +512,7 @@
+--- a/ipa-client/ipaclient/ntpconf.py
++++ b/ipa-client/ipaclient/ntpconf.py
+@@ -99,7 +99,7 @@
+ def config_ntp(server_fqdn, fstore = None, sysstore = None):
+ path_step_tickers = "/etc/ntp/step-tickers"
+ path_ntp_conf = "/etc/ntp.conf"
+- path_ntp_sysconfig = "/etc/sysconfig/ntpd"
++ path_ntp_sysconfig = "/etc/conf.d/ntpd.conf"
+ sub_dict = { }
+ sub_dict["SERVER"] = server_fqdn
+
+--- a/ipa-client/ipa-install/ipa-client-automount
++++ b/ipa-client/ipa-install/ipa-client-automount
+@@ -39,10 +39,10 @@
+ from ipapython.dn import DN
+ from ipapython import services as ipaservices
+
+-AUTOFS_CONF = '/etc/sysconfig/autofs'
++AUTOFS_CONF = '/etc/conf.d/autofs'
+ NSSWITCH_CONF = '/etc/nsswitch.conf'
+ AUTOFS_LDAP_AUTH = '/etc/autofs_ldap_auth.conf'
+-NFS_CONF = '/etc/sysconfig/nfs'
++NFS_CONF = '/etc/conf.d/nfs'
+ IDMAPD_CONF = '/etc/idmapd.conf'
+
+ def parse_options():
+--- a/ipa-client/ipa-install/ipa-client-install
++++ b/ipa-client/ipa-install/ipa-client-install
+@@ -602,7 +602,7 @@
# to this version but not unenrolled/enrolled again
# In such case it is OK to fail
restored = fstore.restore_file("/etc/ntp.conf")
@@ -77,9 +109,39 @@ diff -Nru freeipa-3.0.1.orig/ipa-client/ipa-install/ipa-client-install freeipa-3
if ntp_step_tickers:
restored |= fstore.restore_file("/etc/ntp/step-tickers")
except Exception:
-diff -Nru freeipa-3.0.1.orig/ipapython/certmonger.py freeipa-3.0.1/ipapython/certmonger.py
---- freeipa-3.0.1.orig/ipapython/certmonger.py 2012-11-16 16:16:18.543827000 -0500
-+++ freeipa-3.0.1/ipapython/certmonger.py 2012-11-16 16:18:25.888178000 -0500
+--- a/ipa-client/man/ipa-client-automount.1
++++ b/ipa-client/man/ipa-client-automount.1
+@@ -29,7 +29,7 @@
+ .IP o
+ /etc/nsswitch.conf
+ .IP o
+-/etc/sysconfig/autofs
++/etc/conf.d/autofs
+ .IP o
+ /etc/autofs_ldap_auth.conf
+
+@@ -79,7 +79,7 @@
+ .TP
+ Files that will be configured when using the ldap automount client:
+
+-/etc/sysconfig/autofs
++/etc/conf.d/autofs
+
+ /etc/autofs_ldap_auth.conf
+
+--- a/ipa-client/man/ipa-client-install.1
++++ b/ipa-client/man/ipa-client-install.1
+@@ -177,7 +177,7 @@
+ Files replaced if NTP is enabled:
+
+ /etc/ntp.conf\p
+-/etc/sysconfig/ntpd\p
++/etc/conf.d/ntpd.conf\p
+ /etc/ntp/step\-tickers\p
+ .TP
+ Files always created (replacing existing content):
+--- a/ipapython/certmonger.py
++++ b/ipapython/certmonger.py
@@ -298,7 +298,7 @@
If the hostname we were passed to use in ipa-client-install doesn't
match the value of gethostname() then we need to append
@@ -89,24 +151,36 @@ diff -Nru freeipa-3.0.1.orig/ipapython/certmonger.py freeipa-3.0.1/ipapython/cer
We also need to restore this on uninstall.
-diff -Nru freeipa-3.0.1.orig/ipapython/platform/systemd.py freeipa-3.0.1/ipapython/platform/systemd.py
---- freeipa-3.0.1.orig/ipapython/platform/systemd.py 2012-11-16 16:16:18.540089000 -0500
-+++ freeipa-3.0.1/ipapython/platform/systemd.py 2012-11-16 16:19:24.926587000 -0500
-@@ -90,11 +90,11 @@
+--- a/ipapython/platform/base/systemd.py
++++ b/ipapython/platform/base/systemd.py
+@@ -27,7 +27,7 @@
+
+ class SystemdService(base.PlatformService):
+ SYSTEMD_ETC_PATH = "/etc/systemd/system/"
+- SYSTEMD_LIB_PATH = "/lib/systemd/system/"
++ SYSTEMD_LIB_PATH = "/usr/lib/systemd/system/"
+ SYSTEMD_SRV_TARGET = "%s.target.wants"
+
+ def __init__(self, service_name, systemd_name):
+@@ -93,7 +93,7 @@
ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
def stop(self, instance_name="", capture_output=True):
- ipautil.run(["/bin/systemctl", "stop", self.service_instance(instance_name)], capture_output=capture_output)
+ ipautil.run(["/usr/bin/systemctl", "stop", self.service_instance(instance_name)], capture_output=capture_output)
- super(SystemdService, self).stop(instance_name)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+@@ -101,7 +101,7 @@
+ super(SystemdService, self).stop(instance_name,update_service_list=update_service_list)
def start(self, instance_name="", capture_output=True, wait=True):
- ipautil.run(["/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output)
+ ipautil.run(["/usr/bin/systemctl", "start", self.service_instance(instance_name)], capture_output=capture_output)
- if wait and self.is_running(instance_name):
- self.__wait_for_open_ports(self.service_instance(instance_name))
- super(SystemdService, self).start(instance_name)
-@@ -102,14 +102,14 @@
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+@@ -113,14 +113,14 @@
def restart(self, instance_name="", capture_output=True, wait=True):
# Restart command is broken before systemd-36-3.fc16
# If you have older systemd version, restart of dependent services will hang systemd indefinetly
@@ -123,7 +197,7 @@ diff -Nru freeipa-3.0.1.orig/ipapython/platform/systemd.py freeipa-3.0.1/ipapyth
if rcode != 0:
ret = False
except ipautil.CalledProcessError:
-@@ -119,7 +119,7 @@
+@@ -130,7 +130,7 @@
def is_installed(self):
installed = True
try:
@@ -132,7 +206,7 @@ diff -Nru freeipa-3.0.1.orig/ipapython/platform/systemd.py freeipa-3.0.1/ipapyth
if rcode != 0:
installed = False
else:
-@@ -134,7 +134,7 @@
+@@ -145,7 +145,7 @@
def is_enabled(self, instance_name=""):
enabled = True
try:
@@ -141,7 +215,7 @@ diff -Nru freeipa-3.0.1.orig/ipapython/platform/systemd.py freeipa-3.0.1/ipapyth
if rcode != 0:
enabled = False
except ipautil.CalledProcessError, e:
-@@ -179,7 +179,7 @@
+@@ -190,7 +190,7 @@
# Link exists and it is broken, make new one
os.unlink(srv_lnk)
os.symlink(self.lib_path, srv_lnk)
@@ -150,7 +224,7 @@ diff -Nru freeipa-3.0.1.orig/ipapython/platform/systemd.py freeipa-3.0.1/ipapyth
except:
pass
else:
-@@ -197,7 +197,7 @@
+@@ -208,7 +208,7 @@
if ipautil.dir_exists(srv_tgt):
if os.path.islink(srv_lnk):
os.unlink(srv_lnk)
@@ -159,7 +233,7 @@ diff -Nru freeipa-3.0.1.orig/ipapython/platform/systemd.py freeipa-3.0.1/ipapyth
except:
pass
else:
-@@ -205,13 +205,13 @@
+@@ -216,13 +216,13 @@
def __enable(self, instance_name=""):
try:
@@ -175,23 +249,21 @@ diff -Nru freeipa-3.0.1.orig/ipapython/platform/systemd.py freeipa-3.0.1/ipapyth
except ipautil.CalledProcessError, e:
pass
-diff -Nru freeipa-3.0.1.orig/ipaserver/install/cainstance.py freeipa-3.0.1/ipaserver/install/cainstance.py
---- freeipa-3.0.1.orig/ipaserver/install/cainstance.py 2012-11-16 16:16:19.312810000 -0500
-+++ freeipa-3.0.1/ipaserver/install/cainstance.py 2012-11-16 16:19:54.509756000 -0500
-@@ -59,7 +59,7 @@
- from ipalib import util
+--- a/ipaserver/install/cainstance.py
++++ b/ipaserver/install/cainstance.py
+@@ -56,7 +56,7 @@
+ from ipaserver.plugins import ldap2
from ipapython.ipa_log_manager import *
-HTTPD_CONFD = "/etc/httpd/conf.d/"
+HTTPD_CONFD = "/etc/httpd/conf/extra/"
- DEFAULT_DSPORT=7389
+ DEFAULT_DSPORT = dogtag.install_constants.DS_PORT
PKI_USER = "pkiuser"
-diff -Nru freeipa-3.0.1.orig/ipaserver/install/httpinstance.py freeipa-3.0.1/ipaserver/install/httpinstance.py
---- freeipa-3.0.1.orig/ipaserver/install/httpinstance.py 2012-11-16 16:16:19.312567000 -0500
-+++ freeipa-3.0.1/ipaserver/install/httpinstance.py 2012-11-16 16:20:57.194581000 -0500
+--- a/ipaserver/install/httpinstance.py
++++ b/ipaserver/install/httpinstance.py
@@ -35,8 +35,8 @@
- from ipalib import util, api
+ from ipalib import api
HTTPD_DIR = "/etc/httpd"
-SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf"
@@ -201,8 +273,17 @@ diff -Nru freeipa-3.0.1.orig/ipaserver/install/httpinstance.py freeipa-3.0.1/ipa
selinux_warning = """
WARNING: could not set selinux boolean(s) %(var)s to true. The web
-@@ -190,17 +190,17 @@
- installutils.remove_file('/tmp/krb5cc_%d' % pent.pw_uid)
+@@ -197,7 +197,7 @@
+ def configure_httpd_ccache(self):
+ pent = pwd.getpwnam("apache")
+ ccache = '/tmp/krb5cc_%d' % pent.pw_uid
+- filepath = '/etc/sysconfig/httpd'
++ filepath = '/etc/conf.d/apache'
+ if not os.path.exists(filepath):
+ # file doesn't exist; create it with correct ownership & mode
+ open(filepath, 'a').close()
+@@ -211,17 +211,17 @@
+ ipaservices.restore_context(filepath)
def __configure_http(self):
- target_fname = '/etc/httpd/conf.d/ipa.conf'
@@ -223,7 +304,7 @@ diff -Nru freeipa-3.0.1.orig/ipaserver/install/httpinstance.py freeipa-3.0.1/ipa
http_fd = open(target_fname, "w")
http_fd.write(http_txt)
http_fd.close()
-@@ -228,8 +228,8 @@
+@@ -249,8 +249,8 @@
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
@@ -233,8 +314,8 @@ diff -Nru freeipa-3.0.1.orig/ipaserver/install/httpinstance.py freeipa-3.0.1/ipa
+ print "Adding Include conf/extra/ipa-rewrite to %s failed." % NSS_CONF
def __setup_ssl(self):
- fqdn = None
-@@ -370,7 +370,7 @@
+ fqdn = self.fqdn
+@@ -385,7 +385,7 @@
if not enabled is None and not enabled:
self.disable()
@@ -243,7 +324,7 @@ diff -Nru freeipa-3.0.1.orig/ipaserver/install/httpinstance.py freeipa-3.0.1/ipa
try:
self.fstore.restore_file(f)
except ValueError, error:
-@@ -378,9 +378,9 @@
+@@ -393,9 +393,9 @@
pass
# Remove the configuration files we create
@@ -256,3 +337,58 @@ diff -Nru freeipa-3.0.1.orig/ipaserver/install/httpinstance.py freeipa-3.0.1/ipa
for var in ["httpd_can_network_connect", "httpd_manage_ipa"]:
sebool_state = self.restore_state(var)
+--- a/ipaserver/install/ipa_backup.py
++++ b/ipaserver/install/ipa_backup.py
+@@ -127,7 +127,7 @@
+ '/etc/sysconfig/pki-ca',
+ '/etc/sysconfig/pki-tomcat',
+ '/etc/sysconfig/dirsrv',
+- '/etc/sysconfig/ntpd',
++ '/etc/conf.d/ntpd.conf',
+ '/etc/sysconfig/krb5kdc',
+ '/etc/sysconfig/pki/ca/pki-ca',
+ '/etc/sysconfig/authconfig',
+@@ -141,10 +141,10 @@
+ '/etc/security/limits.conf',
+ '/etc/httpd/conf/password.conf',
+ '/etc/httpd/conf/ipa.keytab',
+- '/etc/httpd/conf.d/ipa-pki-proxy.conf',
+- '/etc/httpd/conf.d/ipa-rewrite.conf',
+- '/etc/httpd/conf.d/nss.conf',
+- '/etc/httpd/conf.d/ipa.conf',
++ '/etc/httpd/conf/extra/ipa-pki-proxy.conf',
++ '/etc/httpd/conf/extra/ipa-rewrite.conf',
++ '/etc/httpd/conf/extra/nss.conf',
++ '/etc/httpd/conf/extra/ipa.conf',
+ '/etc/ssh/sshd_config',
+ '/etc/ssh/ssh_config',
+ '/etc/krb5.conf',
+--- a/ipaserver/install/ntpinstance.py
++++ b/ipaserver/install/ntpinstance.py
+@@ -35,7 +35,7 @@
+ def __write_config(self):
+
+ self.fstore.backup_file("/etc/ntp.conf")
+- self.fstore.backup_file("/etc/sysconfig/ntpd")
++ self.fstore.backup_file("/etc/conf.d/ntpd.conf")
+
+ # We use the OS variable to point it towards either the rhel
+ # or fedora pools. Other distros should be added in the future
+@@ -99,7 +99,7 @@
+ #read in memory, find OPTIONS, check/change it, then overwrite file
+ needopts = [ {'val':'-x', 'need':True},
+ {'val':'-g', 'need':True} ]
+- fd = open("/etc/sysconfig/ntpd", "r")
++ fd = open("/etc/conf.d/ntpd.conf", "r")
+ lines = fd.readlines()
+ fd.close()
+ for line in lines:
+@@ -118,7 +118,7 @@
+
+ done = False
+ if newopts:
+- fd = open("/etc/sysconfig/ntpd", "w")
++ fd = open("/etc/conf.d/ntpd.conf", "w")
+ for line in lines:
+ if not done:
+ sline = line.strip()
View
336 freeipa/0002_Add_ArchLinux_Platform.patch
@@ -1,34 +1,30 @@
-diff -Nru freeipa-3.0.1.orig/ipapython/platform/archlinux.py freeipa-3.0.1/ipapython/platform/archlinux.py
---- freeipa-3.0.1.orig/ipapython/platform/archlinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ freeipa-3.0.1/ipapython/platform/archlinux.py 2012-11-28 02:24:53.264287000 -0500
-@@ -0,0 +1,262 @@
-+# Authors: Alexander Bokovoy <abokovoy@redhat.com>
-+# Xiao-Long Chen <chenxiaolong@cxl.epac.to>
-+#
-+# Copyright (C) 2011 Red Hat
-+# see file 'COPYING' for use and warranty information
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation, either version 3 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program. If not, see <http://www.gnu.org/licenses/>.
-+#
+--- a/ipapython/platform/archlinux/auth.py
++++ b/ipapython/platform/archlinux/auth.py
+@@ -0,0 +1,17 @@
++from ipapython.platform import base
+
++class ArchLinuxAuthConfig(base.AuthConfig):
++ """
++ Arch Linux implementation of the AuthConfig class.
++
++ The freeipa package includes a sss-auth-setup.py Python 3 script which will
++ set up both the NSS and PAM configuration. However, this script modifies the
++ PAM configuration files directly, so the changes need to be undone before
++ pacman updates anything in /etc/pam.d/ and if any new configuration files
++ are added.
++
++ It's probably best to have this handled manually.
++ """
++
++ def execute(self):
++ raise NotImplementedError
+--- a/ipapython/platform/archlinux/__init__.py
++++ b/ipapython/platform/archlinux/__init__.py
+@@ -0,0 +1,40 @@
+import os
-+import time
+
-+from ipapython import ipautil, dogtag
-+from ipapython.platform import base, redhat, systemd
-+from ipapython.ipa_log_manager import root_logger
-+from ipalib import api
++from ipapython.platform import fedora18, base
++from ipapython.platform.archlinux.auth import ArchLinuxAuthConfig
+
+# All what we allow exporting directly from this module
+# Everything else is made available through these symbols when they are
@@ -41,226 +37,80 @@ diff -Nru freeipa-3.0.1.orig/ipapython/platform/archlinux.py freeipa-3.0.1/ipapy
+# names are ipapython.services.wellknownservices
+# backup_and_replace_hostname -- platform-specific way to set hostname and
+# make it persistent over reboots
++# restore_network_configuration -- platform-specific way of restoring network
++# configuration (e.g. static hostname)
+# restore_context -- platform-sepcific way to restore security context, if
+# applicable
+# check_selinux_status -- platform-specific way to see if SELinux is enabled
+# and restorecon is installed.
-+__all__ = ['authconfig', 'service', 'knownservices', 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status']
-+
-+# For beginning just remap names to add .service
-+# As more services will migrate to systemd, unit names will deviate and
-+# mapping will be kept in this dictionary
-+system_units = dict(map(lambda x: (x, "%s.service" % (x)), base.wellknownservices))
-+
-+system_units['rpcgssd'] = 'nfs-secure.service'
-+system_units['rpcidmapd'] = 'nfs-idmap.service'
-+
-+# Rewrite dirsrv and pki-tomcatd services as they support instances via separate
-+# service generator. To make this working, one needs to have both foo@.servic
-+# and foo.target -- the latter is used when request should be coming for
-+# all instances (like stop). systemd, unfortunately, does not allow one
-+# to request action for all service instances at once if only foo@.service
-+# unit is available. To add more, if any of those services need to be
-+# started/stopped automagically, one needs to manually create symlinks in
-+# /etc/systemd/system/foo.target.wants/ (look into systemd.py's enable()
-+# code).
-+system_units['dirsrv'] = 'dirsrv@.service'
-+# Our directory server instance for PKI is dirsrv@PKI-IPA.service
-+system_units['pkids'] = 'dirsrv@PKI-IPA.service'
-+# Old style PKI instance
-+system_units['pki-cad'] = 'pki-cad@pki-ca.service'
-+system_units['pki_cad'] = system_units['pki-cad']
-+# Our PKI instance is pki-tomcatd@pki-tomcat.service
-+system_units['pki-tomcatd'] = 'pki-tomcatd@pki-tomcat.service'
-+system_units['pki_tomcatd'] = system_units['pki-tomcatd']
-+
-+class ArchLinuxService(systemd.SystemdService):
-+ def __init__(self, service_name):
-+ systemd_name = service_name
-+ if service_name in system_units:
-+ systemd_name = system_units[service_name]
-+ else:
-+ if len(service_name.split('.')) == 1:
-+ # if service_name does not have a dot, it is not foo.service
-+ # and not a foo.target. Thus, not correct service name for
-+ # systemd, default to foo.service style then
-+ systemd_name = "%s.service" % (service_name)
-+ super(ArchLinuxService, self).__init__(service_name, systemd_name)
-+
-+# Special handling of directory server service
-+#
-+# We need to explicitly enable instances to install proper symlinks as
-+# dirsrv.target.wants/ dependencies. Standard systemd service class does it
-+# on enable() method call. Unfortunately, ipa-server-install does not do
-+# explicit dirsrv.enable() because the service startup is handled by ipactl.
-+#
-+# If we wouldn't do this, our instances will not be started as systemd would
-+# not have any clue about instances (PKI-IPA and the domain we serve) at all.
-+# Thus, hook into dirsrv.restart().
-+class ArchLinuxDirectoryService(ArchLinuxService):
-+ def enable(self, instance_name=""):
-+ super(ArchLinuxDirectoryService, self).enable(instance_name)
-+ dirsrv_systemd = "/etc/default/dirsrv"
-+ if os.path.exists(dirsrv_systemd):
-+ # We need to enable LimitNOFILE=8192 in the dirsrv@.service
-+ # Since 389-ds-base-1.2.10-0.8.a7 the configuration of the
-+ # service parameters is performed via
-+ # /etc/sysconfig/dirsrv.systemd file which is imported by systemd
-+ # into dirsrv@.service unit
-+ replacevars = {'LimitNOFILE':'8192'}
-+ ipautil.inifile_replace_variables(dirsrv_systemd, 'service', replacevars=replacevars)
-+ restore_context(dirsrv_systemd)
-+ ipautil.run(["/usr/bin/systemctl", "--system", "daemon-reload"],raiseonerr=False)
-+
-+ def restart(self, instance_name="", capture_output=True, wait=True):
-+ if len(instance_name) > 0:
-+ elements = self.systemd_name.split("@")
-+ srv_etc = os.path.join(self.SYSTEMD_ETC_PATH, self.systemd_name)
-+ srv_tgt = os.path.join(self.SYSTEMD_ETC_PATH, self.SYSTEMD_SRV_TARGET % (elements[0]))
-+ srv_lnk = os.path.join(srv_tgt, self.service_instance(instance_name))
-+ if not os.path.exists(srv_etc):
-+ self.enable(instance_name)
-+ elif not os.path.samefile(srv_etc, srv_lnk):
-+ os.unlink(srv_lnk)
-+ os.symlink(srv_etc, srv_lnk)
-+ super(ArchLinuxDirectoryService, self).restart(instance_name, capture_output=capture_output, wait=wait)
-+
-+# Enforce restart of IPA services when we do enable it
-+# This gets around the fact that after ipa-server-install systemd thinks
-+# ipa.service is not yet started but all services were actually started
-+# already.
-+class ArchLinuxIPAService(ArchLinuxService):
-+ def enable(self, instance_name=""):
-+ super(ArchLinuxIPAService, self).enable(instance_name)
-+ self.restart(instance_name)
-+
-+class ArchLinuxSSHService(ArchLinuxService):
-+ def get_config_dir(self, instance_name=""):
-+ return '/etc/ssh'
-+
-+
-+class ArchLinuxCAService(ArchLinuxService):
-+ def __wait_until_running(self):
-+ # We must not wait for the httpd proxy if httpd is not set up yet.
-+ # Unfortunately, knownservices.httpd.is_installed() can return
-+ # false positives, so check for existence of our configuration file.
-+ # TODO: Use a cleaner solution
-+ if not os.path.exists('/etc/httpd/conf/extra/ipa.conf'):
-+ root_logger.debug(
-+ 'The httpd proxy is not installed, skipping wait for CA')
-+ return
-+ if dogtag.install_constants.DOGTAG_VERSION < 10:
-+ # The server status information isn't available on DT 9
-+ root_logger.debug('Using Dogtag 9, skipping wait for CA')
-+ return
-+ root_logger.debug('Waiting until the CA is running')
-+ timeout = api.env.startup_timeout
-+ op_timeout = time.time() + timeout
-+ while time.time() < op_timeout:
-+ status = dogtag.ca_status()
-+ root_logger.debug('The CA status is: %s' % status)
-+ if status == 'running':
-+ break
-+ root_logger.debug('Waiting for CA to start...')
-+ time.sleep(1)
-+ else:
-+ raise RuntimeError('CA did not start in %ss' % timeout)
-+
-+ def start(self, instance_name="", capture_output=True, wait=True):
-+ super(ArchLinuxCAService, self).start(
-+ instance_name, capture_output=capture_output, wait=wait)
-+ if wait:
-+ self.__wait_until_running()
-+
-+ def restart(self, instance_name="", capture_output=True, wait=True):
-+ super(ArchLinuxCAService, self).restart(
-+ instance_name, capture_output=capture_output, wait=wait)
-+ if wait:
-+ self.__wait_until_running()
++__all__ = ['authconfig', 'service', 'knownservices',
++ 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status',
++ 'restore_network_configuration', 'timedate_services']
+
++# Just copy a referential list of timedate services
++timedate_services = list(base.timedate_services)
+
-+# Redirect directory server service through special sub-class due to its
-+# special handling of instances
-+def archlinux_service(name):
-+ if name == 'dirsrv':
-+ return ArchLinuxDirectoryService(name)
-+ if name == 'ipa':
-+ return ArchLinuxIPAService(name)
-+ if name == 'sshd':
-+ return ArchLinuxSSHService(name)
-+ if name in ('pki-cad', 'pki_cad', 'pki-tomcatd', 'pki_tomcatd'):
-+ return ArchLinuxCAService(name)
-+ if name == 'messagebus':
-+ return ArchLinuxService('dbus')
-+ return ArchLinuxService(name)
-+
-+class ArchLinuxAuthConfig(base.AuthConfig):
-+ """
-+ AuthConfig class implements system-independent interface to configure
-+ system authentication resources. In Red Hat-produced systems this is done with
-+ authconfig(8) utility.
-+ """
-+ def __build_args(self):
-+ args = []
-+ for (option, value) in self.parameters.items():
-+ if type(value) is bool:
-+ if value:
-+ args.append("--enable%s" % (option))
-+ else:
-+ args.append("--disable%s" % (option))
-+ elif type(value) in (tuple, list):
-+ args.append("--%s" % (option))
-+ args.append("%s" % (value[0]))
-+ elif value is None:
-+ args.append("--%s" % (option))
-+ else:
-+ args.append("--%s%s" % (option,value))
-+ return args
-+
-+ def execute(self):
-+ args = self.__build_args()
-+ # Taken from Ubuntu's add_debian.py.patch patch
-+ print "The following command would run on a Red Hat platform: /usr/sbin/authconfig " + " ".join(args)
-+ ipautil.user_input("Please do the corresponding changes manually and press Enter")
-+ #ipautil.run(["/usr/sbin/authconfig"]+args)
-+
-+class ArchLinuxServices(base.KnownServices):
-+ def __init__(self):
-+ services = dict()
-+ for s in base.wellknownservices:
-+ services[s] = archlinux_service(s)
-+ # Call base class constructor. This will lock services to read-only
-+ super(ArchLinuxServices, self).__init__(services)
-+
-+def restore_context(filepath, restorecon='/usr/sbin/restorecon'):
-+ return redhat.restore_context(filepath, restorecon)
-+
-+def check_selinux_status(restorecon='/usr/sbin/restorecon'):
-+ return redhat.check_selinux_status(restorecon)
-+
-+def backup_and_replace_hostname(fstore, statestore, hostname):
-+ # Taken from Ubuntu
-+ network_filename = "/etc/hostname"
-+ # Backup original /etc/hostname
-+ fstore.backup_file(network_filename)
-+
-+ # Write new configuration
-+ f = open(network_filename, 'w')
-+ f.write(hostname + "\n")
-+ f.close()
-+
-+ try:
-+ ipautil.run(['/bin/hostname', hostname])
-+ except ipautil.CalledProcessError, e:
-+ print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e))
-+
-+ # For SE Linux environments it is important to reset SE labels to the expected ones
-+ try:
-+ restore_context(network_filename)
-+ except ipautil.CalledProcessError, e:
-+ print >>sys.stderr, "Failed to set permissions for %s (%s)." % (network_filename, str(e))
++def restore_network_configuration(fstore, statestore):
++ filepath = '/etc/hostname'
++ if fstore.has_file(filepath):
++ fstore.restore_file(filepath)
+
+authconfig = ArchLinuxAuthConfig
-+service = archlinux_service
-+knownservices = ArchLinuxServices()
-+backup_and_replace_hostname = backup_and_replace_hostname
++service = fedora18.service
++knownservices = fedora18.knownservices
++backup_and_replace_hostname = fedora18.backup_and_replace_hostname
++restore_context = fedora18.restore_context
++check_selinux_status = fedora18.check_selinux_status
+--- a/ipapython/platform/fedora16/service.py
++++ b/ipapython/platform/fedora16/service.py
+@@ -32,8 +32,8 @@
+ # mapping will be kept in this dictionary
+ system_units = dict(map(lambda x: (x, "%s.service" % (x)), base.wellknownservices))
+
+-system_units['rpcgssd'] = 'nfs-secure.service'
+-system_units['rpcidmapd'] = 'nfs-idmap.service'
++system_units['rpcgssd'] = 'rpc-gssd.service'
++system_units['rpcidmapd'] = 'rpc-idmapd.service'
+
+ # Rewrite dirsrv and pki-tomcatd services as they support instances via separate
+ # service generator. To make this working, one needs to have both foo@.servic
+@@ -124,7 +124,7 @@
+ # Unfortunately, knownservices.httpd.is_installed() can return
+ # false positives, so check for existence of our configuration file.
+ # TODO: Use a cleaner solution
+- if not os.path.exists('/etc/httpd/conf.d/ipa.conf'):
++ if not os.path.exists('/etc/httpd/conf/extra/ipa.conf'):
+ root_logger.debug(
+ 'The httpd proxy is not installed, skipping wait for CA')
+ return
+--- a/ipapython/platform/fedora18/__init__.py
++++ b/ipapython/platform/fedora18/__init__.py
+@@ -52,7 +52,7 @@
+ def backup_and_replace_hostname(fstore, statestore, hostname):
+ old_hostname = socket.gethostname()
+ try:
+- ipautil.run(['/bin/hostname', hostname])
++ ipautil.run(['/usr/bin/hostname', hostname])
+ except ipautil.CalledProcessError, e:
+ print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e))
+
+--- a/ipapython/setup.py
++++ b/ipapython/setup.py
+@@ -68,6 +68,7 @@
+ packages = [ "ipapython",
+ "ipapython.platform",
+ "ipapython.platform.base",
++ "ipapython.platform.archlinux",
+ "ipapython.platform.fedora16",
+ "ipapython.platform.fedora18",
+ "ipapython.platform.redhat" ],
+--- a/ipapython/setup.py.in
++++ b/ipapython/setup.py.in
+@@ -68,6 +68,7 @@
+ packages = [ "ipapython",
+ "ipapython.platform",
+ "ipapython.platform.base",
++ "ipapython.platform.archlinux",
+ "ipapython.platform.fedora16",
+ "ipapython.platform.fedora18",
+ "ipapython.platform.redhat" ],
View
447 freeipa/0003_Use_Python_2.patch
@@ -1,450 +1,356 @@
-diff -Nru freeipa-3.0.0.orig/checks/check-ra.py freeipa-3.0.0/checks/check-ra.py
---- freeipa-3.0.0.orig/checks/check-ra.py 2012-11-15 15:13:09.617353890 -0500
-+++ freeipa-3.0.0/checks/check-ra.py 2012-11-15 17:26:14.829260760 -0500
+--- a/checks/check-ra.py
++++ b/checks/check-ra.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# Jason Gerard DeRose <jderose@redhat.com>
# John Dennis <jdennis@redhat.com>
-diff -Nru freeipa-3.0.0.orig/contrib/RHEL4/ipa-client-setup freeipa-3.0.0/contrib/RHEL4/ipa-client-setup
---- freeipa-3.0.0.orig/contrib/RHEL4/ipa-client-setup 2012-11-15 15:13:09.370687151 -0500
-+++ freeipa-3.0.0/contrib/RHEL4/ipa-client-setup 2012-11-15 17:30:47.565980980 -0500
-@@ -1,4 +1,4 @@
--#! /usr/bin/python -E
-+#! /usr/bin/python2 -E
- # Authors: Simo Sorce <ssorce@redhat.com>
- # Karl MacMillan <kmacmillan@mentalrootkit.com>
- #
-diff -Nru freeipa-3.0.0.orig/contrib/RHEL4/setup.py freeipa-3.0.0/contrib/RHEL4/setup.py
---- freeipa-3.0.0.orig/contrib/RHEL4/setup.py 2012-11-15 15:13:09.370687151 -0500
-+++ freeipa-3.0.0/contrib/RHEL4/setup.py 2012-11-15 17:30:39.885979496 -0500
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python2
- # Copyright (C) 2007 Red Hat
- # see file 'COPYING' for use and warranty information
- #
-diff -Nru freeipa-3.0.0.orig/doc/examples/python-api.py freeipa-3.0.0/doc/examples/python-api.py
---- freeipa-3.0.0.orig/doc/examples/python-api.py 2012-11-15 15:13:09.370687151 -0500
-+++ freeipa-3.0.0/doc/examples/python-api.py 2012-11-15 17:30:55.142649480 -0500
+--- a/doc/examples/python-api.py
++++ b/doc/examples/python-api.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# Jason Gerard DeRose <jderose@redhat.com>
#
-diff -Nru freeipa-3.0.0.orig/init/systemd/freeipa-systemd-upgrade freeipa-3.0.0/init/systemd/freeipa-systemd-upgrade
---- freeipa-3.0.0.orig/init/systemd/freeipa-systemd-upgrade 2012-11-15 15:13:09.344020476 -0500
-+++ freeipa-3.0.0/init/systemd/freeipa-systemd-upgrade 2012-11-15 17:31:21.352654393 -0500
-@@ -1,4 +1,4 @@
--#! /usr/bin/python -E
-+#! /usr/bin/python2 -E
- from ipaserver.install.krbinstance import update_key_val_in_file
- from ipapython import ipautil, config
- from ipapython import services as ipaservices
-diff -Nru freeipa-3.0.0.orig/install/certmonger/dogtag-ipa-retrieve-agent-submit freeipa-3.0.0/install/certmonger/dogtag-ipa-retrieve-agent-submit
---- freeipa-3.0.0.orig/install/certmonger/dogtag-ipa-retrieve-agent-submit 2012-11-15 15:13:09.444020503 -0500
-+++ freeipa-3.0.0/install/certmonger/dogtag-ipa-retrieve-agent-submit 2012-11-15 17:28:05.059283071 -0500
+--- a/install/certmonger/dogtag-ipa-retrieve-agent-submit
++++ b/install/certmonger/dogtag-ipa-retrieve-agent-submit
@@ -1,4 +1,4 @@
-#!/usr/bin/python -E
+#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/po/pygettext.py freeipa-3.0.0/install/po/pygettext.py
---- freeipa-3.0.0.orig/install/po/pygettext.py 2012-11-15 15:13:09.437353834 -0500
-+++ freeipa-3.0.0/install/po/pygettext.py 2012-11-15 17:29:44.942635841 -0500
+--- a/install/po/pygettext.py
++++ b/install/po/pygettext.py
@@ -1,4 +1,4 @@
-#! /usr/bin/python
+#! /usr/bin/python2
# -*- coding: iso-8859-1 -*-
# Originally written by Barry Warsaw <barry@zope.com>
#
-diff -Nru freeipa-3.0.0.orig/install/restart_scripts/renew_ca_cert freeipa-3.0.0/install/restart_scripts/renew_ca_cert
---- freeipa-3.0.0.orig/install/restart_scripts/renew_ca_cert 2012-11-15 15:13:09.474020510 -0500
-+++ freeipa-3.0.0/install/restart_scripts/renew_ca_cert 2012-11-15 17:27:33.199276389 -0500
+--- a/install/restart_scripts/renew_ca_cert
++++ b/install/restart_scripts/renew_ca_cert
@@ -1,4 +1,4 @@
-#!/usr/bin/python -E
+#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/restart_scripts/renew_ra_cert freeipa-3.0.0/install/restart_scripts/renew_ra_cert
---- freeipa-3.0.0.orig/install/restart_scripts/renew_ra_cert 2012-11-15 15:13:09.474020510 -0500
-+++ freeipa-3.0.0/install/restart_scripts/renew_ra_cert 2012-11-15 17:27:50.549280342 -0500
+--- a/install/restart_scripts/renew_ra_cert
++++ b/install/restart_scripts/renew_ra_cert
@@ -1,4 +1,4 @@
-#!/usr/bin/python -E
+#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/restart_scripts/restart_dirsrv freeipa-3.0.0/install/restart_scripts/restart_dirsrv
---- freeipa-3.0.0.orig/install/restart_scripts/restart_dirsrv 2012-11-15 15:13:09.474020510 -0500
-+++ freeipa-3.0.0/install/restart_scripts/restart_dirsrv 2012-11-15 17:27:58.169281755 -0500
+--- a/install/restart_scripts/restart_dirsrv
++++ b/install/restart_scripts/restart_dirsrv
@@ -1,4 +1,4 @@
-#!/usr/bin/python -E
+#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/restart_scripts/restart_httpd freeipa-3.0.0/install/restart_scripts/restart_httpd
---- freeipa-3.0.0.orig/install/restart_scripts/restart_httpd 2012-11-15 15:13:09.474020510 -0500
-+++ freeipa-3.0.0/install/restart_scripts/restart_httpd 2012-11-15 17:27:18.532606981 -0500
+--- a/install/restart_scripts/restart_httpd
++++ b/install/restart_scripts/restart_httpd
@@ -1,4 +1,4 @@
-#!/usr/bin/python -E
+#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/restart_scripts/restart_pkicad freeipa-3.0.0/install/restart_scripts/restart_pkicad
---- freeipa-3.0.0.orig/install/restart_scripts/restart_pkicad 2012-11-15 15:13:09.474020510 -0500
-+++ freeipa-3.0.0/install/restart_scripts/restart_pkicad 2012-11-15 17:27:25.369274945 -0500
+--- a/install/restart_scripts/restart_pkicad
++++ b/install/restart_scripts/restart_pkicad
@@ -1,4 +1,4 @@
-#!/usr/bin/python -E
+#!/usr/bin/python2 -E
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-adtrust-install freeipa-3.0.0/install/tools/ipa-adtrust-install
---- freeipa-3.0.0.orig/install/tools/ipa-adtrust-install 2012-11-15 15:13:09.444020503 -0500
-+++ freeipa-3.0.0/install/tools/ipa-adtrust-install 2012-11-15 17:29:27.362631982 -0500
+--- a/install/restart_scripts/stop_pkicad
++++ b/install/restart_scripts/stop_pkicad
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python -E
++#!/usr/bin/python2 -E
+ #
+ # Authors:
+ # Rob Crittenden <rcritten@redhat.com>
+--- a/install/share/copy-schema-to-ca.py
++++ b/install/share/copy-schema-to-ca.py
+@@ -1,4 +1,4 @@
+-#! /usr/bin/python
++#! /usr/bin/python2
+
+ """Copy the IPA schema to the CA directory server instance
+
+--- a/install/tools/ipa-adtrust-install
++++ b/install/tools/ipa-adtrust-install
@@ -1,4 +1,4 @@
-#! /usr/bin/python
+#! /usr/bin/python2
#
# Authors: Sumit Bose <sbose@redhat.com>
# Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com>
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-ca-install freeipa-3.0.0/install/tools/ipa-ca-install
---- freeipa-3.0.0.orig/install/tools/ipa-ca-install 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-ca-install 2012-11-15 17:28:30.422621051 -0500
+--- a/install/tools/ipa-backup
++++ b/install/tools/ipa-backup
+@@ -1,4 +1,4 @@
+-#! /usr/bin/python -E
++#! /usr/bin/python2 -E
+ # Authors: Rob Crittenden <rcritten@redhat.com>
+ #
+ # Copyright (C) 2013 Red Hat
+--- a/install/tools/ipa-ca-install
++++ b/install/tools/ipa-ca-install
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2011 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-compat-manage freeipa-3.0.0/install/tools/ipa-compat-manage
---- freeipa-3.0.0.orig/install/tools/ipa-compat-manage 2012-11-15 15:13:09.444020503 -0500
-+++ freeipa-3.0.0/install/tools/ipa-compat-manage 2012-11-15 17:29:19.182630373 -0500
+--- a/install/tools/ipa-compat-manage
++++ b/install/tools/ipa-compat-manage
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors: Rob Crittenden <rcritten@redhat.com>
# Authors: Simo Sorce <ssorce@redhat.com>
#
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-compliance freeipa-3.0.0/install/tools/ipa-compliance
---- freeipa-3.0.0.orig/install/tools/ipa-compliance 2012-11-15 15:13:09.444020503 -0500
-+++ freeipa-3.0.0/install/tools/ipa-compliance 2012-11-15 17:29:15.012629553 -0500
+--- a/install/tools/ipa-compliance
++++ b/install/tools/ipa-compliance
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-csreplica-manage freeipa-3.0.0/install/tools/ipa-csreplica-manage
---- freeipa-3.0.0.orig/install/tools/ipa-csreplica-manage 2012-11-15 15:13:09.444020503 -0500
-+++ freeipa-3.0.0/install/tools/ipa-csreplica-manage 2012-11-15 17:29:23.729297946 -0500
+--- a/install/tools/ipa-csreplica-manage
++++ b/install/tools/ipa-csreplica-manage
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Based on ipa-replica-manage by Karl MacMillan <kmacmillan@mentalrootkit.com>
-diff -Nru freeipa-3.0.0.orig/install/tools/ipactl freeipa-3.0.0/install/tools/ipactl
---- freeipa-3.0.0.orig/install/tools/ipactl 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipactl 2012-11-15 17:28:45.715957216 -0500
+--- a/install/tools/ipactl
++++ b/install/tools/ipactl
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors: Simo Sorce <ssorce@redhat.com>
#
# Copyright (C) 2008-2010 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-dns-install freeipa-3.0.0/install/tools/ipa-dns-install
---- freeipa-3.0.0.orig/install/tools/ipa-dns-install 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-dns-install 2012-11-15 17:28:35.125955298 -0500
+--- a/install/tools/ipa-dns-install
++++ b/install/tools/ipa-dns-install
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Martin Nagy <mnagy@redhat.com>
# Based on ipa-server-install by Karl MacMillan <kmacmillan@mentalrootkit.com>
#
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-ldap-updater freeipa-3.0.0/install/tools/ipa-ldap-updater
---- freeipa-3.0.0.orig/install/tools/ipa-ldap-updater 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-ldap-updater 2012-11-15 17:28:41.925956524 -0500
+--- a/install/tools/ipa-ldap-updater
++++ b/install/tools/ipa-ldap-updater
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors: Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2008 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-managed-entries freeipa-3.0.0/install/tools/ipa-managed-entries
---- freeipa-3.0.0.orig/install/tools/ipa-managed-entries 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-managed-entries 2012-11-15 17:29:05.642627732 -0500
+--- a/install/tools/ipa-managed-entries
++++ b/install/tools/ipa-managed-entries
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors: Jr Aquino <jr.aquino@citrix.com>
#
# Copyright (C) 2011 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-nis-manage freeipa-3.0.0/install/tools/ipa-nis-manage
---- freeipa-3.0.0.orig/install/tools/ipa-nis-manage 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-nis-manage 2012-11-15 17:28:49.732624692 -0500
+--- a/install/tools/ipa-nis-manage
++++ b/install/tools/ipa-nis-manage
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors: Rob Crittenden <rcritten@redhat.com>
# Authors: Simo Sorce <ssorce@redhat.com>
#
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-replica-conncheck freeipa-3.0.0/install/tools/ipa-replica-conncheck
---- freeipa-3.0.0.orig/install/tools/ipa-replica-conncheck 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-replica-conncheck 2012-11-15 17:29:39.272634691 -0500
+--- a/install/tools/ipa-replica-conncheck
++++ b/install/tools/ipa-replica-conncheck
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Martin Kosek <mkosek@redhat.com>
#
# Copyright (C) 2011 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-replica-install freeipa-3.0.0/install/tools/ipa-replica-install
---- freeipa-3.0.0.orig/install/tools/ipa-replica-install 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-replica-install 2012-11-15 17:28:54.572625627 -0500
+--- a/install/tools/ipa-replica-install
++++ b/install/tools/ipa-replica-install
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2007 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-replica-manage freeipa-3.0.0/install/tools/ipa-replica-manage
---- freeipa-3.0.0.orig/install/tools/ipa-replica-manage 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-replica-manage 2012-11-15 17:28:23.655953147 -0500
+--- a/install/tools/ipa-replica-manage
++++ b/install/tools/ipa-replica-manage
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2007 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-replica-prepare freeipa-3.0.0/install/tools/ipa-replica-prepare
---- freeipa-3.0.0.orig/install/tools/ipa-replica-prepare 2012-11-15 15:13:09.437353834 -0500
-+++ freeipa-3.0.0/install/tools/ipa-replica-prepare 2012-11-15 17:28:17.825952026 -0500
+--- a/install/tools/ipa-replica-prepare
++++ b/install/tools/ipa-replica-prepare
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
- # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+ # Authors: Petr Viktorin <pviktori@redhat.com>
#
- # Copyright (C) 2007 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-server-certinstall freeipa-3.0.0/install/tools/ipa-server-certinstall
---- freeipa-3.0.0.orig/install/tools/ipa-server-certinstall 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-server-certinstall 2012-11-15 17:29:00.115959983 -0500
+ # Copyright (C) 2012 Red Hat
+--- a/install/tools/ipa-restore
++++ b/install/tools/ipa-restore
+@@ -1,4 +1,4 @@
+-#! /usr/bin/python -E
++#! /usr/bin/python2 -E
+ # Authors: Rob Crittenden <rcritten@redhat.com>
+ #
+ # Copyright (C) 2013 Red Hat
+--- a/install/tools/ipa-server-certinstall
++++ b/install/tools/ipa-server-certinstall
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2007 Red Hat
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-server-install freeipa-3.0.0/install/tools/ipa-server-install
---- freeipa-3.0.0.orig/install/tools/ipa-server-install 2012-11-15 15:13:09.440687168 -0500
-+++ freeipa-3.0.0/install/tools/ipa-server-install 2012-11-15 17:29:10.995962102 -0500
+--- a/install/tools/ipa-server-install
++++ b/install/tools/ipa-server-install
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
# Simo Sorce <ssorce@redhat.com>
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/install/tools/ipa-upgradeconfig freeipa-3.0.0/install/tools/ipa-upgradeconfig
---- freeipa-3.0.0.orig/install/tools/ipa-upgradeconfig 2012-11-15 16:24:59.041702000 -0500
-+++ freeipa-3.0.0/install/tools/ipa-upgradeconfig 2012-11-15 17:29:30.852632679 -0500
+--- a/install/tools/ipa-upgradeconfig
++++ b/install/tools/ipa-upgradeconfig
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/ipa freeipa-3.0.0/ipa
---- freeipa-3.0.0.orig/ipa 2012-11-15 15:13:09.617353890 -0500
-+++ freeipa-3.0.0/ipa 2012-11-15 17:26:19.052595147 -0500
+--- a/ipa
++++ b/ipa
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# Jason Gerard DeRose <jderose@redhat.com>
-diff -Nru freeipa-3.0.0.orig/ipa-client/ipa-install/ipa-client-automount freeipa-3.0.0/ipa-client/ipa-install/ipa-client-automount
---- freeipa-3.0.0.orig/ipa-client/ipa-install/ipa-client-automount 2012-11-15 15:13:09.364020482 -0500
-+++ freeipa-3.0.0/ipa-client/ipa-install/ipa-client-automount 2012-11-15 17:31:14.025986303 -0500
+--- a/ipa-client/ipa-install/ipa-client-automount
++++ b/ipa-client/ipa-install/ipa-client-automount
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/ipa-client/ipa-install/ipa-client-install freeipa-3.0.0/ipa-client/ipa-install/ipa-client-install
---- freeipa-3.0.0.orig/ipa-client/ipa-install/ipa-client-install 2012-11-15 16:24:59.045035334 -0500
-+++ freeipa-3.0.0/ipa-client/ipa-install/ipa-client-install 2012-11-15 17:31:05.055984694 -0500
+--- a/ipa-client/ipa-install/ipa-client-install
++++ b/ipa-client/ipa-install/ipa-client-install
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
# Authors: Simo Sorce <ssorce@redhat.com>
# Karl MacMillan <kmacmillan@mentalrootkit.com>
#
-diff -Nru freeipa-3.0.0.orig/ipa-client/py-compile freeipa-3.0.0/ipa-client/py-compile
---- freeipa-3.0.0.orig/ipa-client/py-compile 2012-11-15 15:13:09.360687148 -0500
-+++ freeipa-3.0.0/ipa-client/py-compile 2012-11-15 17:33:07.176011529 -0500
-@@ -29,7 +29,7 @@
- # <automake-patches@gnu.org>.
-
- if [ -z "$PYTHON" ]; then
-- PYTHON=python
-+ PYTHON=python2
- fi
-
- me=py-compile
-diff -Nru freeipa-3.0.0.orig/ipalib/x509.py freeipa-3.0.0/ipalib/x509.py
---- freeipa-3.0.0.orig/ipalib/x509.py 2012-11-15 15:13:09.344020476 -0500
-+++ freeipa-3.0.0/ipalib/x509.py 2012-11-15 17:32:09.929331825 -0500
-@@ -238,7 +238,7 @@
-
- if __name__ == '__main__':
- # this can be run with:
-- # python ipalib/x509.py < /etc/ipa/ca.crt
-+ # python2 ipalib/x509.py < /etc/ipa/ca.crt
-
- from ipalib import api
- api.bootstrap()
-diff -Nru freeipa-3.0.0.orig/ipapython/Makefile freeipa-3.0.0/ipapython/Makefile
---- freeipa-3.0.0.orig/ipapython/Makefile 2012-11-15 15:13:09.617353890 -0500
-+++ freeipa-3.0.0/ipapython/Makefile 2012-11-15 17:37:29.926067739 -0500
-@@ -1,4 +1,4 @@
--PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib()")
-+PYTHONLIBDIR ?= $(shell python2 -c "from distutils.sysconfig import *; print get_python_lib()")
- PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa
- CONFIGDIR ?= $(DESTDIR)/etc/ipa
- TESTS = $(wildcard test/*.py)
-@@ -12,9 +12,9 @@
-
- install:
- if [ "$(DESTDIR)" = "" ]; then \
-- python setup.py install; \
-+ python2 setup.py install; \
- else \
-- python setup.py install --root $(DESTDIR); \
-+ python2 setup.py install --root $(DESTDIR); \
- fi
- @for subdir in $(SUBDIRS); do \
- (cd $$subdir && $(MAKE) $@) || exit 1; \
-@@ -42,4 +42,4 @@
- test: $(subst .py,.tst,$(TESTS))
-
- %.tst: %.py
-- python $<
-+ python2 $<
-diff -Nru freeipa-3.0.0.orig/ipapython/py_default_encoding/Makefile freeipa-3.0.0/ipapython/py_default_encoding/Makefile
---- freeipa-3.0.0.orig/ipapython/py_default_encoding/Makefile 2012-11-15 15:13:09.617353890 -0500
-+++ freeipa-3.0.0/ipapython/py_default_encoding/Makefile 2012-11-15 17:37:03.089395314 -0500
-@@ -1,15 +1,15 @@
--PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib()")
-+PYTHONLIBDIR ?= $(shell python2 -c "from distutils.sysconfig import *; print get_python_lib()")
- PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa
- CONFIGDIR ?= $(DESTDIR)/etc/ipa
-
- all:
-- python setup.py build
-+ python2 setup.py build
-
- install:
- if [ "$(DESTDIR)" = "" ]; then \
-- python setup.py install; \
-+ python2 setup.py install; \
- else \
-- python setup.py install --root $(DESTDIR); \
-+ python2 setup.py install --root $(DESTDIR); \
- fi
-
- clean:
-diff -Nru freeipa-3.0.0.orig/ipapython/setup.py freeipa-3.0.0/ipapython/setup.py
---- freeipa-3.0.0.orig/ipapython/setup.py 2012-11-15 15:13:09.614020557 -0500
-+++ freeipa-3.0.0/ipapython/setup.py 2012-11-15 17:26:28.759263676 -0500
+--- a/ipapython/setup.py
++++ b/ipapython/setup.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
-diff -Nru freeipa-3.0.0.orig/ipapython/setup.py.in freeipa-3.0.0/ipapython/setup.py.in
---- freeipa-3.0.0.orig/ipapython/setup.py.in 2012-11-15 15:13:09.614020557 -0500
-+++ freeipa-3.0.0/ipapython/setup.py.in 2012-11-15 17:26:37.205931898 -0500
+--- a/ipapython/setup.py.in
++++ b/ipapython/setup.py.in
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
-diff -Nru freeipa-3.0.0.orig/ipapython/test/test_ipautil.py freeipa-3.0.0/ipapython/test/test_ipautil.py
---- freeipa-3.0.0.orig/ipapython/test/test_ipautil.py 2012-11-15 15:13:09.614020557 -0500
-+++ freeipa-3.0.0/ipapython/test/test_ipautil.py 2012-11-15 17:26:44.399266593 -0500
+--- a/ipapython/test/test_ipautil.py
++++ b/ipapython/test/test_ipautil.py
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
-diff -Nru freeipa-3.0.0.orig/ipapython/test/test_ipavalidate.py freeipa-3.0.0/ipapython/test/test_ipavalidate.py
---- freeipa-3.0.0.orig/ipapython/test/test_ipavalidate.py 2012-11-15 15:13:09.614020557 -0500
-+++ freeipa-3.0.0/ipapython/test/test_ipavalidate.py 2012-11-15 17:26:50.729267769 -0500
+--- a/ipapython/test/test_ipavalidate.py
++++ b/ipapython/test/test_ipavalidate.py
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python2 -E
#
# Copyright (C) 2007 Red Hat
# see file 'COPYING' for use and warranty information
-diff -Nru freeipa-3.0.0.orig/ipaserver/install/ipa_ldap_updater.py freeipa-3.0.0/ipaserver/install/ipa_ldap_updater.py
---- freeipa-3.0.0.orig/ipaserver/install/ipa_ldap_updater.py 2012-11-15 15:13:09.607353888 -0500
-+++ freeipa-3.0.0/ipaserver/install/ipa_ldap_updater.py 2012-11-15 17:27:03.125937426 -0500
+--- a/ipaserver/install/ipa_backup.py
++++ b/ipaserver/install/ipa_backup.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python2
+ # Authors: Rob Crittenden <rcritten@redhat.com
+ #
+ # Copyright (C) 2013 Red Hat
+--- a/ipaserver/install/ipa_ldap_updater.py
++++ b/ipaserver/install/ipa_ldap_updater.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors: Rob Crittenden <rcritten@redhat.com>
# Petr Viktorin <pviktori@redhat.com>
#
-diff -Nru freeipa-3.0.0.orig/lite-server.py freeipa-3.0.0/lite-server.py
---- freeipa-3.0.0.orig/lite-server.py 2012-11-15 15:13:09.617353890 -0500
-+++ freeipa-3.0.0/lite-server.py 2012-11-15 17:26:22.972595910 -0500
+--- a/ipaserver/install/ipa_replica_prepare.py
++++ b/ipaserver/install/ipa_replica_prepare.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python2
+ # Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
+ # Petr Viktorin <pviktori@redhat.com>
+ #
+--- a/ipaserver/install/ipa_restore.py
++++ b/ipaserver/install/ipa_restore.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python2
+ # Authors: Rob Crittenden <rcritten@redhat.com
+ #
+ # Copyright (C) 2013 Red Hat
+--- a/lite-server.py
++++ b/lite-server.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# Jason Gerard DeRose <jderose@redhat.com>
-diff -Nru freeipa-3.0.0.orig/makeapi freeipa-3.0.0/makeapi
---- freeipa-3.0.0.orig/makeapi 2012-11-15 15:13:09.434020500 -0500
-+++ freeipa-3.0.0/makeapi 2012-11-15 17:30:11.452640745 -0500
+--- a/makeapi
++++ b/makeapi
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# Rob Crittenden <rcritten@redhat.com>
# John Dennis <jdennis@redhat.com>
-diff -Nru freeipa-3.0.0.orig/Makefile freeipa-3.0.0/Makefile
---- freeipa-3.0.0.orig/Makefile 2012-11-15 15:13:09.617353890 -0500
-+++ freeipa-3.0.0/Makefile 2012-11-15 17:44:56.979508580 -0500
-@@ -44,7 +44,7 @@
- LINT_OPTIONS=--no-fail
- endif
-
--PYTHON ?= $(shell rpm -E %__python)
-+PYTHON ?= /usr/bin/python2
-
- all: bootstrap-autogen server
- @for subdir in $(SUBDIRS); do \
-diff -Nru freeipa-3.0.0.orig/make-lint freeipa-3.0.0/make-lint
---- freeipa-3.0.0.orig/make-lint 2012-11-15 15:13:09.434020500 -0500
-+++ freeipa-3.0.0/make-lint 2012-11-15 17:30:06.652639612 -0500
+--- a/make-lint
++++ b/make-lint
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
#
# Authors:
# Jakub Hrozek <jhrozek@redhat.com>
-@@ -181,7 +181,7 @@
+@@ -190,7 +190,7 @@
line = file.readline(128)
file.close()
@@ -453,66 +359,99 @@ diff -Nru freeipa-3.0.0.orig/make-lint freeipa-3.0.0/make-lint
result.append(filepath)
return result
-diff -Nru freeipa-3.0.0.orig/make-test freeipa-3.0.0/make-test
---- freeipa-3.0.0.orig/make-test 2012-11-15 15:13:09.340687141 -0500
-+++ freeipa-3.0.0/make-test 2012-11-15 17:37:52.159407513 -0500
+--- a/make-test
++++ b/make-test
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
"""
Run IPA unit tests under multiple versions of Python (if present).
-@@ -11,7 +11,7 @@
- from subprocess import call
-
- versions = ('2.4', '2.5', '2.6', '2.7')
--python = '/usr/bin/python'
-+python = '/usr/bin/python2'
- nose = '/usr/bin/nosetests'
- ran = []
- fail = []
-diff -Nru freeipa-3.0.0.orig/make-testcert freeipa-3.0.0/make-testcert
---- freeipa-3.0.0.orig/make-testcert 2012-11-15 15:13:09.340687141 -0500
-+++ freeipa-3.0.0/make-testcert 2012-11-15 17:26:03.199258201 -0500
+--- a/make-testcert
++++ b/make-testcert
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
#
# Authors:
# Rob Crittenden <rcritten@redhat.com>
-diff -Nru freeipa-3.0.0.orig/setup-client.py freeipa-3.0.0/setup-client.py
---- freeipa-3.0.0.orig/setup-client.py 2012-11-15 15:13:09.404020492 -0500
-+++ freeipa-3.0.0/setup-client.py 2012-11-15 17:30:15.739308261 -0500
+--- a/setup-client.py
++++ b/setup-client.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# Jason Gerard DeRose <jderose@redhat.com>
-diff -Nru freeipa-3.0.0.orig/setup.py freeipa-3.0.0/setup.py
---- freeipa-3.0.0.orig/setup.py 2012-11-15 15:13:09.404020492 -0500
-+++ freeipa-3.0.0/setup.py 2012-11-15 17:30:19.365975639 -0500
+--- a/setup.py
++++ b/setup.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# Jason Gerard DeRose <jderose@redhat.com>
-diff -Nru freeipa-3.0.0.orig/tests/i18n.py freeipa-3.0.0/tests/i18n.py
---- freeipa-3.0.0.orig/tests/i18n.py 2012-11-15 15:13:09.404020492 -0500
-+++ freeipa-3.0.0/tests/i18n.py 2012-11-15 17:30:23.495976487 -0500
+--- a/tests/i18n.py
++++ b/tests/i18n.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# Authors:
# John Dennis <jdennis@redhat.com>
#
-diff -Nru freeipa-3.0.0.orig/tests/test_ipapython/test_dn.py freeipa-3.0.0/tests/test_ipapython/test_dn.py
---- freeipa-3.0.0.orig/tests/test_ipapython/test_dn.py 2012-11-15 15:13:09.374020486 -0500
-+++ freeipa-3.0.0/tests/test_ipapython/test_dn.py 2012-11-15 17:30:34.322645128 -0500
+--- a/tests/test_ipapython/test_dn.py
++++ b/tests/test_ipapython/test_dn.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
import unittest
from ipapython.dn import *
+--- a/ipapython/Makefile
++++ b/ipapython/Makefile
+@@ -1,4 +1,4 @@
+-PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib()")
++PYTHONLIBDIR ?= $(shell python2 -c "from distutils.sysconfig import *; print get_python_lib()")
+ PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa
+ CONFIGDIR ?= $(DESTDIR)/etc/ipa
+ TESTS = $(wildcard test/*.py)
+@@ -12,9 +12,9 @@
+
+ install:
+ if [ "$(DESTDIR)" = "" ]; then \
+- python setup.py install; \
++ python2 setup.py install; \
+ else \
+- python setup.py install --root $(DESTDIR); \
++ python2 setup.py install --root $(DESTDIR); \
+ fi
+ @for subdir in $(SUBDIRS); do \
+ (cd $$subdir && $(MAKE) $@) || exit 1; \
+@@ -42,4 +42,4 @@
+ test: $(subst .py,.tst,$(TESTS))
+
+ %.tst: %.py
+- python $<
++ python2 $<
+--- a/ipapython/py_default_encoding/Makefile
++++ b/ipapython/py_default_encoding/Makefile
+@@ -1,15 +1,15 @@
+-PYTHONLIBDIR ?= $(shell python -c "from distutils.sysconfig import *; print get_python_lib()")
++PYTHONLIBDIR ?= $(shell python2 -c "from distutils.sysconfig import *; print get_python_lib()")
+ PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa
+ CONFIGDIR ?= $(DESTDIR)/etc/ipa
+
+ all:
+- python setup.py build
++ python2 setup.py build
+
+ install:
+ if [ "$(DESTDIR)" = "" ]; then \
+- python setup.py install; \
++ python2 setup.py install; \
+ else \
+- python setup.py install --root $(DESTDIR); \
++ python2 setup.py install --root $(DESTDIR); \
+ fi
+
+ clean:
View
31 freeipa/0004_NTP_Fixes.patch
@@ -1,20 +1,19 @@
-diff -Nru freeipa-3.0.1.orig/ipa-client/ipaclient/ntpconf.py freeipa-3.0.1/ipa-client/ipaclient/ntpconf.py
---- freeipa-3.0.1.orig/ipa-client/ipaclient/ntpconf.py 2012-11-16 14:16:12.578349000 -0500
-+++ freeipa-3.0.1/ipa-client/ipaclient/ntpconf.py 2012-11-16 14:16:43.722680000 -0500
-@@ -123,9 +123,9 @@
- __write_config(path_ntp_conf, nc)
- ipaservices.restore_context(path_ntp_conf)
+--- a/ipa-client/ipaclient/ntpconf.py
++++ b/ipa-client/ipaclient/ntpconf.py
+@@ -110,9 +110,9 @@
+ if os.path.exists(path_step_tickers):
+ config_step_tickers = True
+ ns = ipautil.template_str(ntp_step_tickers, sub_dict)
+- __backup_config(path_step_tickers, fstore)
+- __write_config(path_step_tickers, ns)
+- ipaservices.restore_context(path_step_tickers)
++ #__backup_config(path_step_tickers, fstore)
++ #__write_config(path_step_tickers, ns)
++ #ipaservices.restore_context(path_step_tickers)
-- __backup_config(path_ntp_sysconfig, fstore)
-- __write_config(path_ntp_sysconfig, ntp_sysconfig)
-- ipaservices.restore_context(path_ntp_sysconfig)
-+ #__backup_config(path_ntp_sysconfig, fstore)
-+ #__write_config(path_ntp_sysconfig, ntp_sysconfig)
-+ #ipaservices.restore_context(path_ntp_sysconfig)
-
- # Set the ntpd to start on boot
- ipaservices.knownservices.ntpd.enable()
-@@ -146,7 +146,7 @@
+ if sysstore:
+ module = 'ntp'
+@@ -147,7 +147,7 @@
if os.path.exists(ntpdate):
# retry several times -- logic follows /etc/init.d/ntpdate
# implementation
View
7 freeipa/0005_ntpdate_path.patch
@@ -1,7 +1,6 @@
-diff -Nru freeipa-3.0.1.orig/ipa-client/ipaclient/ntpconf.py freeipa-3.0.1/ipa-client/ipaclient/ntpconf.py
---- freeipa-3.0.1.orig/ipa-client/ipaclient/ntpconf.py 2012-11-27 16:38:09.976231000 -0500
-+++ freeipa-3.0.1/ipa-client/ipaclient/ntpconf.py 2012-11-27 16:38:58.291218000 -0500
-@@ -142,7 +142,7 @@
+--- a/ipa-client/ipaclient/ntpconf.py
++++ b/ipa-client/ipaclient/ntpconf.py
+@@ -143,7 +143,7 @@
Returns True if sync was successful
"""
View
26 freeipa/0006_Fix_nss_includes.patch
@@ -0,0 +1,26 @@
+--- a/util/ipa_pwd.c
++++ b/util/ipa_pwd.c
+@@ -27,10 +27,10 @@
+ #include <stdio.h>
+ #include <time.h>
+ #include <ctype.h>
+-#include <nss3/nss.h>
+-#include <nss3/nssb64.h>
+-#include <nss3/hasht.h>
+-#include <nss3/pk11pub.h>
++#include <nss/nss.h>
++#include <nss/nssb64.h>
++#include <nss/hasht.h>
++#include <nss/pk11pub.h>
+ #include <errno.h>
+ #include "ipa_pwd.h"
+
+@@ -159,7 +159,7 @@
+
+ #define SHA_SALT_LENGTH 8
+
+-/* SHA*_LENGTH leghts come from nss3/hasht.h */
++/* SHA*_LENGTH leghts come from nss/hasht.h */
+ #define SHA_HASH_MAX_LENGTH SHA512_LENGTH
+
+ static int ipapwd_hash_type_to_alg(char *hash_type,
View
10 freeipa/0007_Disable_make-testcert.patch
@@ -0,0 +1,10 @@
+--- a/Makefile
++++ b/Makefile
+@@ -102,7 +102,6 @@
+
+
+ test:
+- ./make-testcert
+ ./make-test
+
+ release-update:
View
11 freeipa/0008_Fix_nosetests_path.patch
@@ -0,0 +1,11 @@
+--- a/make-test
++++ b/make-test
+@@ -12,7 +12,7 @@
+
+ versions = ('2.4', '2.5', '2.6', '2.7')
+ python = '/usr/bin/python'
+-nose = '/usr/bin/nosetests'
++nose = '/usr/bin/nosetests2'
+ ran = []
+ fail = []
+
View
126 freeipa/PKGBUILD
@@ -1,11 +1,17 @@
# Maintainer: Xiao-Long Chen <chenxiaolong@cxl.epac.to>
-# Quite possibly the uglyest PKGBUILD you'll ever see :P
+# Quite possibly the ugliest PKGBUILD you'll ever see :P
+
+# Based on commit 5e12d2ddce6c65d869defd52578cf8253eccd645 from the fedpkg
+# master branch for freeipa.
# NOTE: ntp, autofs, and ntp support is currently broken because the formats of
# the /etc/conf.d/ configuration files in Arch Linux differ from the formats of
-# Fedora's /etc/sysconfig/ configuration files. Samba/Active Directory support
-# is probably broken too, since the AUR version installs to /opt/samba4.
+# Fedora's /etc/sysconfig/ configuration files.
+
+# Active directory trusts will not (probably never) work in Arch. It requires a
+# heavily patched version of Samba 4, which uses MIT Kerberos instead of
+# Heimdal. (Fedora went through 174 releases to get this working O_O)
# Client only, for now
build_server=false
@@ -27,56 +33,57 @@ if [ "x${build_server}" == "xtrue" ]; then
fi
fi
-pkgver=3.0.1
-pkgrel=4
+pkgver=3.2.0
+pkgrel=1
pkgdesc="The Identity, Policy, and Audit system"
arch=('i686' 'x86_64')
url="http://www.freeipa.org/"
license=('GPL')
# Client dependencies
-makedepends=('389-ds-base-updated'
- #'libwbclient' # Samba4 version
- 'samba4'
- 'svrcore'
- 'systemd'
- 'talloc'
- 'tevent')
-
-# SELinux dependencies
-if [ "x${build_selinux}" == "xtrue" ]; then
- makedepends+=('selinux-refpolicy-arch'
- 'selinux-usr-checkpolicy'
- 'selinux-usr-policycoreutils')
-fi
+makedepends=()
# FreeIPA server dependencies
if [ "x${build_server}" == "xtrue" ]; then
- makedepends+=()
+ makedepends+=('389-ds-base'
+ 'libwbclient'
+ 'samba'
+ 'svrcore'
+ 'systemd'
+ 'talloc'
+ 'tevent')
+
+ # SELinux dependencies
+ if [ "x${build_selinux}" == "xtrue" ]; then
+ makedepends+=('selinux-refpolicy-arch'
+ 'selinux-usr-checkpolicy'
+ 'selinux-usr-policycoreutils')
+ fi
fi
# Other dependencies
makedepends+=('curl'
+ 'jre7-openjdk'
'krb5'
- 'memcached'
'nspr'
'nss'
'openssl'
'openldap'
'popt'
- 'pylint'
'python2'
- 'python2-crypto'
'python2-distribute'
'python2-dnspython'
'python2-kerberos'
'python2-krbv'
'python2-ldap'
'python2-lxml'
+ 'python2-memcached'
+ 'python2-m2crypto'
'python2-netaddr'
'python2-nss'
'python2-polib'
'python2-pyasn1'
+ 'python2-pylint'
'python2-pyopenssl'
# Red Hat specific
#'python2-rhsm'
@@ -84,7 +91,7 @@ makedepends+=('curl'
'xmlrpc-c')
# Dependencies for "make check"
-checkdepends=('check')
+checkdepends=('check' 'python2-nose')
options=('!libtool')
source=("http://www.freeipa.org/downloads/src/freeipa-${pkgver}.tar.gz"
@@ -98,19 +105,25 @@ source=("http://www.freeipa.org/downloads/src/freeipa-${pkgver}.tar.gz"
'0002_Add_ArchLinux_Platform.patch'
'0003_Use_Python_2.patch'
'0004_NTP_Fixes.patch'
- '0005_ntpdate_path.patch')
-sha512sums=('4a83b5e738ffc9d9c56622ca532f5672ec9abcd46180dea78bd4dcee2c3eac8a9aed07ea04674899462ae82fb11988aa28755dea1ec9955d480a5dbad03b95af'
- 'a58d28405adbf2e8d52f998b30f17dc5f494c6507a7754d157f24888b712b4838d38f011a90473fa16976b6ecdb1fb5d70d064b3eac8afcc386d507d0e20b65d'
- '6a44b76f0767dc406b86af88817c7a05380df79e914998880daa1c6b3643698a46d1703d6fd4aee58b9e20cb6f05a96f18e7069e8eabb09d128cc786e91c8d24'
+ '0005_ntpdate_path.patch'
+ '0006_Fix_nss_includes.patch'
+ '0007_Disable_make-testcert.patch'
+ '0008_Fix_nosetests_path.patch')
+sha512sums=('00f14ad80dbd5a411f4a5aa591aab1f11ffcb2aef4d4263d00a0f6129e009afced7c25e87f37558d2372f24f3a4eb1a90dfba60b17bafd223a706ba95fb64416'
+ 'd70adf5f5339b9eb84b3ecc22e0caa286fb2a411f826d64aae4781c4684bc4d4d4d63ace799029d8318d6d0a2b834e7cc0434a63296497471099877ba2458570'
+ 'cdc08dad1528ce364ea9e4fa8f4022edb02df7ec5a8ae7c333d0ff5accd8d653eead9c3184737c3b04e901816e6f3ac0905dda34896a7d0287c499b2af84bb18'
'5182d7a9d25f920c3591bf037dd7ad92bf912db55dc9ac5f1e3fc557c19658515a51270e396aa2614dd7f047b7351cfe281519dc3524f953b495cf9164f836a2'
'cf9b40b305a004342c40695b635a9eadead90c41197d24c3b96658dc5e992c1748ac3f0262e0c5353e7ddaa3fb2db96143fcd3a6ca7ab34cd737c0d52fad00d6'
'ae93857dc42f6afb3ec67623b14d3294ad3a21f2ad21e60e245f41ce9fc3ff927ea1820f0783f6f4a5c5bf87d05c3c590fbb441f8dd411bab88be0a29c759897'
- '81bbcc2d567b6b154a1bb436c37ad0efb6e104aa9a651d24545eeb0f4889f15424aa805d2b7460faad2a8804fe2ec59fce64360cd9f61f0ac3f14fb5772c350b'
- '8c83d37c8c1c6184f6eafd3f1ae09bf5fd999123e81cdd4b54f902d691b6d1a88ad9614521b411b2da00486978a7a01a2e0bd5156dd13b18afbd713416080a80'
- 'c0fe0d9815755bc108c2693ceb7f517c7093ef23a35007b24167514a82273c53cb20d25ba0da3030955c4b8998a22fa0f3b124dae9551769efb1eda979aa2f43'
- 'dd762c4355eac9afd36525ee203cd298cce476ef10f5e0bc75a6d4f994aab88cb5c7377dc58b07179f231ae02e03e1ba02295eb030bfd0dbb778899ef524a76f'
- 'ccc2c1f216ec85e85b9e17dffcc6fa88a31b3d3a319bdf9154705a7e619311ed3c9dc8e2b704d8a1366b79d92d660ad29a7c3554751f46b5a08c4e911a27fe8d'
- 'c1536e7154e1ae063747ac4296ff0f298b704e99e0819b2501a12d3a25c46ecfda4c716d42ad18ff4137c3a903f1dce2df09e273e004fd64006f8a03c4f5456c')
+ '7baa3920c6bcb0eee3c8c43b65c44a9dbfa56ef511ca878f321be2240f4218e57e73a7b99df86201ced6f2f04bef172dccf1b7d46d54477c0cd86bd8cda3688f'
+ '2f80330cca20c57ac552b209ab7cfcbc65595d016198dd6a986fa5255aabec841ce618c3a5203dcfa450b4521da2d67bbda2b7759ff1caad0a868d9ee02774c9'
+ '23d9e5ba753344bca51b332f11fad3c909cc3998b7d52d3ad931e10f28b2c172adb8d6b0652b5084c765eddf3d60cc7e6f0be9c0b3e0982eba4bf0409de7a267'
+ 'e9355816b2b8c9278e87ef8843278176dabf6c6e1cd410cce48d21c70d41b9019a6ea8836c18e47b73d2eca0b794c114c59ad23c5ad89955b627b0e723f9d484'
+ '98b8c060bb9c17e927db4c5a5fdd40b022f827082b9da90e035e53f050373b5cd434497f1b31eee3bcbf0a6b471c4a2c0bd155705b06d21deb4d4cfbb8ebc6d0'
+ 'db9382d0e2bb0c8b85d7bc166714f801dda385a2665f96f7442e745e4bdc944f687b86e5fb27d1d2c8880ee952b5185dd9cf676e57c264e754340cd85b49deec'
+ '732bcebdf9795ac38e2e86dccd92a2571714ba080e01a392c782412740a88e35e48b1e968db2ed047462c19d1c89af8c8189408c4ae6f24f2c8b8e9be134fdc2'
+ 'b58913775e60fe8edd900c42cfc33961c053453c128f3872021713b6dc39ea706480cf3f2ccabd7b2c07aa900cbfda48547c722f8c347fd9ecbd107eecb9fa05'
+ 'f59422bb5bb511e28c0151afe1d425ecac06130341ef01a922e1595012a8bbc7655b6b711590018406f8cd00ef9702109fdbc74e3e1c13f946ab15d1b3b84a8d')
build() {
cd "${srcdir}/${pkgbase}-${pkgver}"
@@ -120,9 +133,9 @@ build() {
# Change Fedora's paths to the equivalents in Arch Linux
patch -p1 -i "${srcdir}/0001_Use_ArchLinux_Paths.patch"
# 0002_Add_ArchLinux_Platform.patch
- # Add platform specific code for starting/stopping services, modifying
- # authentication (/etc/pam.d/) settings, SELinux settings, etc.
- # This patch contains code from Fedora and Ubuntu
+ # Make slight changes to Fedora 18's platform code (systemd service names,
+ # /bin/ -> /usr/bin/, etc) and add a minimal Arch Linux platform that
+ # calls most of Fedora 18's platform, except for AuthConfig
patch -p1 -i "${srcdir}/0002_Add_ArchLinux_Platform.patch"
# 0003_Use_Python_2.patch
# FreeIPA hasn't been ported to Python 3, so the code must be modified to
@@ -135,6 +148,17 @@ build() {
# 0005_ntpdate_path.patch
# Arch Linux's ntp package puts ntpdate in /usr/bin/ instead of /usr/sbin/
patch -p1 -i "${srcdir}/0005_ntpdate_path.patch"
+ # 0006_Fix_nss_includes.patch
+ # Arch Linux's nss package installs the header files to /usr/include/nss/
+ # instead of /usr/include/nss3/
+ patch -p1 -i "${srcdir}/0006_Fix_nss_includes.patch"
+ # 0007_Disable_make-testcert.patch
+ # make-testcert requires a running certificate server to work properly
+ patch -p1 -i "${srcdir}/0007_Disable_make-testcert.patch"
+ # 0008_Fix_nosetests_path.patch
+ # Arch Linux's python2-nose package installs nosetests as
+ # /usr/bin/nosetests2
+ patch -p1 -i "${srcdir}/0008_Fix_nosetests_path.patch"
export SUPPORTED_PLATFORM=archlinux
export PYTHON=python2
@@ -157,7 +181,7 @@ build() {
../autogen.sh --prefix=/usr --sysconfdir=/etc
popd
- make IPA_VERSION_IS_GIT_SNAPSHOT=no ${MAKEFLAGS} all
+ make IPA_VERSION_IS_GIT_SNAPSHOT=no all
if [ "x${build_selinux}" == "xtrue" ]; then
pushd selinux
@@ -165,7 +189,7 @@ build() {
popd
fi
else
- make IPA_VERSION_IS_GIT_SNAPSHOT=no ${MAKEFLAGS} client
+ make IPA_VERSION_IS_GIT_SNAPSHOT=no client
fi
# Install to temporary directory #############################################
@@ -231,13 +255,13 @@ build() {
"${srcdir}/install_temp/usr/lib/systemd/system/"
# Configuration files
- # Use /etc/conf.d ##########################################################
install -dm755 "${srcdir}/install_temp/etc/conf.d/"
install -m644 init/ipa_memcached.conf \
"${srcdir}/install_temp/etc/conf.d/"
# /run
install -dm755 "${srcdir}/install_temp/run/"
+ install -dm700 "${srcdir}/install_temp/run/ipa/"
install -dm700 "${srcdir}/install_temp/run/ipa_memcached/"
# krb5 plugins
@@ -245,7 +269,7 @@ build() {
touch "${srcdir}/install_temp/usr/lib/krb5/plugins/libkrb5/winbind_krb5_locator.so"
# systemd tmpfiles.d configuration
- install -dm755 "${srcdir}/install_temp/etc/tmpfiles.d/"
+ install -dm755 "${srcdir}/install_temp/usr/lib/tmpfiles.d/"
install -m644 init/systemd/ipa.conf.tmpfiles \
"${srcdir}/install_temp/usr/lib/tmpfiles.d/ipa.conf"
@@ -257,6 +281,12 @@ build() {
# cron files
install -dm755 "${srcdir}/install_temp/etc/cron.d/"
install -m644 ipa-compliance.cron "${srcdir}/etc/cron.d/ipa-compliance"
+
+ # Web UI plugin dir
+ install -dm755 "${srcdir}/install_temp/usr/share/ipa/ui/js/plugins/"
+
+ # Backup directory
+ install -dm755 "${srcdir}/install_temp/var/lib/ipa/backup/"
fi
install -dm755 "${srcdir}/install_temp/var/lib/ipa-client/sysrestore/"
@@ -268,12 +298,14 @@ build() {
pushd "${srcdir}/install_temp/usr/lib/python2.7/site-packages/"
mv ipapython-${pkgver}*-py2.7.egg-info ipapython-${pkgver}-py2.7.egg-info
popd
+
+ find "${srcdir}/install_temp/" \( -name '*.pyc' -o -name '*.pyo' \) -delete
}
check() {
cd "${srcdir}/${pkgbase}-${pkgver}"
- # No 'check' target yet
-# make check
+ # Tests require FreeIPA to be installed and set up
+ #make test
}
install_file() {
@@ -333,7 +365,7 @@ package_freeipa-server() {
depends=("freeipa-admintools=${pkgver}-${pkgrel}"
"freeipa-client=${pkgver}-${pkgrel}"
"python2-freeipa=${pkgver}-${pkgrel}"
- '389-ds-base-updated'
+ '389-ds-base'
'acl'
'apache'
'cyrus-sasl-gssapi'
@@ -355,8 +387,8 @@ package_freeipa-server() {
'systemd'
'tomcat7'
'zip')
- optdepends=('python2-crypto: For Microsoft Active Directory trusts'
- 'samba4: For Microsoft Active Directory trusts'
+ optdepends=('python2-m2crypto: For Microsoft Active Directory trusts'
+ 'samba: For Microsoft Active Directory trusts'
'sssd: For Microsoft Active Directory trusts')
backup=('etc/ipa/html/browserconfig.html'
'etc/ipa/html/ffconfig.js'
@@ -418,7 +450,6 @@ package_freeipa-client() {
'certmonger'
'curl-gssapi'
'cyrus-sasl-gssapi'
- 'krb5'
'nfs-utils'
'nfsidmap'
'nss'
@@ -445,6 +476,7 @@ package_freeipa-client() {
package_python2-freeipa() {
: && pkgdesc="Python 2 libraries used by IPA"
depends=('gnupg'
+ 'iproute2'
'python2-kerberos'
'python2-lxml'
'python2-netaddr'
View
5 freeipa/files.freeipa-server
@@ -56,6 +56,7 @@
/usr/lib/ipa/certmonger/restart_pkicad
# Data files (okay, here we go...) #############################################
+/usr/share/ipa/ui/js/plugins/
/usr/share/ipa/wsgi.py
# LDAP ldif and uldif files ####################################################
@@ -354,6 +355,9 @@
/usr/lib/python2.7/site-packages/ipaserver/plugins/xmlserver.py
/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py
+# Python 2 files in /usr/share/
+######################/usr/share/ipa/copy-schema-to-ca.py
+
# Dirsrv plugins
/usr/lib/dirsrv/plugins/libipa_cldap.so
/usr/lib/dirsrv/plugins/libipa_enrollment_extop.so
@@ -371,6 +375,7 @@
# Other directories
0700:/var/lib/ipa/sysrestore/
0700:/var/lib/ipa/sysupgrade/
+/var/lib/ipa/backup/
/var/lib/ipa/pki-ca/publish/
0700:/var/cache/ipa/sessions/
View
22 freeipa/files.python2-freeipa
@@ -4,6 +4,7 @@
/usr/lib/python2.7/site-packages/ipalib/aci.py
/usr/lib/python2.7/site-packages/ipalib/backend.py
/usr/lib/python2.7/site-packages/ipalib/base.py
+/usr/lib/python2.7/site-packages/ipalib/capabilities.py
/usr/lib/python2.7/site-packages/ipalib/cli.py
/usr/lib/python2.7/site-packages/ipalib/config.py
/usr/lib/python2.7/site-packages/ipalib/constants.py
@@ -12,6 +13,7 @@
/usr/lib/python2.7/site-packages/ipalib/frontend.py
/usr/lib/python2.7/site-packages/ipalib/__init__.py
/usr/lib/python2.7/site-packages/ipalib/krb_utils.py
+/usr/lib/python2.7/site-packages/ipalib/messages.py
/usr/lib/python2.7/site-packages/ipalib/output.py
/usr/lib/python2.7/site-packages/ipalib/parameters.py
/usr/lib/python2.7/site-packages/ipalib/pkcs10.py
@@ -47,6 +49,7 @@
/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py
/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py
/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py
+/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py
/usr/lib/python2.7/site-packages/ipalib/plugins/role.py
/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py
/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py
@@ -64,28 +67,28 @@
/usr/lib/python2.7/site-packages/ipalib/text.py
/usr/lib/python2.7/site-packages/ipalib/util.py
/usr/lib/python2.7/site-packages/ipalib/x509.py
-/usr/lib/python2.7/site-packages/ipapython-3.0.1-py2.7.egg-info
+/usr/lib/python2.7/site-packages/ipapython-3.2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/ipapython/admintool.py
/usr/lib/python2.7/site-packages/ipapython/certdb.py
/usr/lib/python2.7/site-packages/ipapython/certmonger.py
-/usr/lib/python2.7/site-packages/ipapython/compat.py
/usr/lib/python2.7/site-packages/ipapython/config.py
+/usr/lib/python2.7/site-packages/ipapython/cookie.py
/usr/lib/python2.7/site-packages/ipapython/dn.py
/usr/lib/python2.7/site-packages/ipapython/dogtag.py
-/usr/lib/python2.7/site-packages/ipapython/entity.py
/usr/lib/python2.7/site-packages/ipapython/__init__.py
+/usr/lib/python2.7/site-packages/ipapython/ipaldap.py
/usr/lib/python2.7/site-packages/ipapython/ipa_log_manager.py
/usr/lib/python2.7/site-packages/ipapython/ipautil.py
/usr/lib/python2.7/site-packages/ipapython/ipavalidate.py
/usr/lib/python2.7/site-packages/ipapython/kernel_keyring.py
/usr/lib/python2.7/site-packages/ipapython/log_manager.py
/usr/lib/python2.7/site-packages/ipapython/nsslib.py
-/usr/lib/python2.7/site-packages/ipapython/platform/archlinux.py
-/usr/lib/python2.7/site-packages/ipapython/platform/base.py
-/usr/lib/python2.7/site-packages/ipapython/platform/fedora16.py
/usr/lib/python2.7/site-packages/ipapython/platform/__init__.py
-/usr/lib/python2.7/site-packages/ipapython/platform/redhat.py
-/usr/lib/python2.7/site-packages/ipapython/platform/systemd.py
+/usr/lib/python2.7/site-packages/ipapython/platform/archlinux/
+/usr/lib/python2.7/site-packages/ipapython/platform/base/
+/usr/lib/python2.7/site-packages/ipapython/platform/fedora16/
+/usr/lib/python2.7/site-packages/ipapython/platform/fedora18/
+/usr/lib/python2.7/site-packages/ipapython/platform/redhat/
/usr/lib/python2.7/site-packages/ipapython/services.py
/usr/lib/python2.7/site-packages/ipapython/ssh.py
/usr/lib/python2.7/site-packages/ipapython/sysrestore.py
@@ -94,8 +97,11 @@
# Locales ######################################################################
/usr/share/locale/bn_IN/LC_MESSAGES/ipa.mo
+/usr/share/locale/ca/LC_MESSAGES/ipa.mo
+/usr/share/locale/cs/LC_MESSAGES/ipa.mo
/usr/share/locale/de/LC_MESSAGES/ipa.mo
/usr/share/locale/es/LC_MESSAGES/ipa.mo
+/usr/share/locale/eu/LC_MESSAGES/ipa.mo
/usr/share/locale/fr/LC_MESSAGES/ipa.mo
/usr/share/locale/id/LC_MESSAGES/ipa.mo
/usr/share/locale/ja/LC_MESSAGES/ipa.mo
View
2  freeipa/install.freeipa-server
@@ -4,7 +4,7 @@ post_install() {
#systemctl --system daemon-reload
echo "Please install the optional dependencies to set up trusts for Microsoft's"
- echo "Active Directory. The winbind_krb5_locator.so plugin in the samba4 package"
+ echo "Active Directory. The winbind_krb5_locator.so plugin in the samba package"
echo "will also have to be removed."
echo
echo "IMPORTANT: You MUST include the following files in /etc/httpd/httpd.conf after"
View
17 freeipa/sss-auth-setup.py
@@ -155,6 +155,8 @@ def pam_config_setup(pam_config):
shutil.move("/etc/sssd/" + pam_config + ".tmp", "/etc/pam.d/" + pam_config)
def pam_enable_sss():
+ finish_msg = "Sucessfully enabled support for SSSD in PAM"
+
if os.path.exists("/etc/sssd/pam.hashes"):
print("PAM is already set up!")
exit(1)
@@ -198,7 +200,8 @@ def pam_enable_sss():
pam_sss.write("auth required pam_deny.so\n")
# Account
pam_sss.write("account required pam_unix.so\n")
- pam_sss.write("account [default=bad success=ok user_unknown=ignore] pam_sss.so\n")
+ pam_sss.write("#account [default=bad success=ok user_unknown=ignore] pam_sss.so\n")
+ pam_sss.write("account optional pam_sss.so\n")
# Password
pam_sss.write("password sufficient pam_unix.so try_first_pass nullok sha512 shadow\n")
pam_sss.write("password sufficient pam_sss.so use_authtok\n")
@@ -208,7 +211,11 @@ def pam_enable_sss():
pam_sss.write("session optional pam_sss.so\n")
pam_sss.close()
+ print("Finished: " + finish_msg)
+
def pam_disable_sss():
+ finish_msg = "Sucessfully disabled support for SSSD in PAM"
+
if not os.path.exists("/etc/sssd/pam.hashes"):
print("PAM hasn't been set up yet!")
exit(1)
@@ -224,6 +231,11 @@ def pam_disable_sss():
pam_file = open("/etc/pam.d/" + pam_config, 'rb')
sha512sum = hashlib.sha512(pam_file.read()).hexdigest()
pam_file.close()
+
+ if not os.path.exists("/etc/sssd/pam.hashes"):
+ print("Info: No more backup files to read")
+ break
+
sha512sum_bak = pam_hash_read(pam_config)
if sha512sum_bak == "":
@@ -250,6 +262,9 @@ def pam_disable_sss():
for fullpath, directories, files in os.walk("/etc/sssd/pam.backup/"):
for pam_config in files:
print(" /etc/sssd/pam.backup/" + pam_config)
+ finish_msg = "Partially disabled support for SSSD in PAM"
+
+ print("Finished: " + finish_msg)
def parse_arguments():
import argparse
Please sign in to comment.
Something went wrong with that request. Please try again.