|
|
0f405b |
%global project freeipa
|
|
|
0f405b |
%global shortname healthcheck
|
|
|
0f405b |
%global longname ipa%{shortname}
|
|
|
0f405b |
%global debug_package %{nil}
|
|
|
0f405b |
%global python3dir %{_builddir}/python3-%{name}-%{version}-%{release}
|
|
|
0f405b |
%{!?python3_sitelib: %global python3_sitelib %(%{__python3} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
Name: ipa-healthcheck
|
|
|
db8a92 |
Version: 0.7
|
|
|
70e617 |
Release: 14%{?dist}
|
|
|
0f405b |
Summary: Health check tool for IdM
|
|
|
0f405b |
BuildArch: noarch
|
|
|
0f405b |
License: GPLv3
|
|
|
0f405b |
URL: https://github.com/%{project}/freeipa-healthcheck
|
|
|
0f405b |
Source0: https://github.com/%{project}/%{name}/archive/%{version}.tar.gz#/%{project}-%{shortname}-%{version}.tar.gz
|
|
|
0f405b |
Source1: %{longname}.conf
|
|
|
0f405b |
|
|
|
0f405b |
Patch0001: 0001-Remove-requirement-for-pytest-runner-since-PyPI-isn-.patch
|
|
|
db8a92 |
Patch0002: 0002-Remove-ipaclustercheck.patch
|
|
|
db8a92 |
Patch0003: 0003-Use-trust-find-and-trustdomain-find-to-identify-all-.patch
|
|
|
db8a92 |
Patch0004: 0004-result-names-are-not-translated-when-reading-input-f.patch
|
|
|
8cfcc8 |
Patch0005: 0005-Add-check-for-IPA-KRA-Agent.patch
|
|
|
8cfcc8 |
Patch0006: 0006-Add-tests-for-KRA-Agent-validation.patch
|
|
|
8cfcc8 |
Patch0007: 0007-Return-user-friendly-message-when-no-issues-found.patch
|
|
|
8cfcc8 |
Patch0009: 0009-Add-checks-to-detect-mismatch-of-certificates.patch
|
|
|
8cfcc8 |
Patch0010: 0010-Add-tests-for-certificate-mismatch-detection.patch
|
|
|
8cfcc8 |
Patch0011: 0011-Add-log-files-to-the-set-of-files-checked-for-owner-.patch
|
|
|
8cfcc8 |
Patch0012: 0012-Handle-files-that-don-t-exist-in-FileCheck.patch
|
|
|
f3fa67 |
Patch0013: 0013-Add-service-check-dependencies.patch
|
|
|
f3fa67 |
Patch0014: 0014-Filter-out-the-pki-healthcheck-sources-if-IPA-CA-is-.patch
|
|
|
f3fa67 |
Patch0015: 0015-Work-with-existing-resolve_rrsets-and-newer-resolve_.patch
|
|
|
f3fa67 |
Patch0016: 0016-tests-Generate-a-proper-not-valid-after-field.patch
|
|
|
f3fa67 |
Patch0017: 0017-Fix-the-number-of-expected-results-in-the-fix-file-t.patch
|
|
|
7d6859 |
Patch0018: 0018-Don-t-collect-the-CRLManager-role-if-the-CA-is-not-c.patch
|
|
|
ebd3e0 |
Patch0019: 0019-Don-t-depend-on-IPA-status-when-suppressing-pki-chec.patch
|
|
|
70e617 |
Patch0020: 0020-Add-support-for-the-DNS-URI-type.patch
|
|
|
70e617 |
Patch0021: 0021-Use-the-subject-base-from-the-IPA-configuration-not-.patch
|
|
|
70e617 |
Patch0022: 0022-Allow-multiple-file-modes-in-the-FileChecker.patch
|
|
|
70e617 |
Patch0023: 0023-Unify-command-line-options-and-configuration.patch
|
|
|
70e617 |
Patch0024: 0024-Convert-configuration-option-strings-into-native-dat.patch
|
|
|
70e617 |
Patch0025: 0025-Limit-config-file-delimiters-to-catch-empty-values.patch
|
|
|
70e617 |
Patch0026: 0026-Relocate-eval-of-debug-verbose-in-case-they-are-set-.patch
|
|
|
70e617 |
Patch0027: 0027-Validate-that-a-known-output-type-has-been-selected.patch
|
|
|
70e617 |
Patch0028: 0028-Restore-the-log-level-after-loading-the-resources.patch
|
|
|
0f405b |
|
|
|
0f405b |
Requires: %{name}-core = %{version}-%{release}
|
|
|
0f405b |
Requires: ipa-server
|
|
|
0f405b |
Requires: python3-ipalib
|
|
|
0f405b |
Requires: python3-ipaserver
|
|
|
db8a92 |
Requires: python3-lib389
|
|
|
0f405b |
# cronie-anacron provides anacron
|
|
|
0f405b |
Requires: anacron
|
|
|
0f405b |
Requires: logrotate
|
|
|
0f405b |
Requires(post): systemd-units
|
|
|
0f405b |
Requires: %{name}-core = %{version}-%{release}
|
|
|
0f405b |
BuildRequires: python3-devel
|
|
|
0f405b |
BuildRequires: systemd-devel
|
|
|
0f405b |
%{?systemd_requires}
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%description
|
|
|
0f405b |
The FreeIPA health check tool provides a set of checks to
|
|
|
0f405b |
proactively detect defects in a FreeIPA cluster.
|
|
|
0f405b |
|
|
|
0f405b |
%package -n %{name}-core
|
|
|
0f405b |
Summary: Core plugin system for healthcheck
|
|
|
0f405b |
# No Requires on %%{name} = %%{version}-%%{release} since this can be
|
|
|
0f405b |
# installed standalone
|
|
|
0f405b |
Conflicts: %{name} < 0.4
|
|
|
0f405b |
|
|
|
0f405b |
%description -n %{name}-core
|
|
|
0f405b |
Core files
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%prep
|
|
|
0f405b |
%autosetup -p1 -n %{project}-%{shortname}-%{version}
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%build
|
|
|
0f405b |
%py3_build
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%install
|
|
|
0f405b |
%py3_install
|
|
|
0f405b |
|
|
|
0f405b |
mkdir -p %{buildroot}%{_sysconfdir}/%{longname}
|
|
|
0f405b |
install -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{longname}
|
|
|
0f405b |
|
|
|
0f405b |
mkdir -p %{buildroot}/%{_unitdir}
|
|
|
0f405b |
install -p -m644 %{_builddir}/%{project}-%{shortname}-%{version}/systemd/ipa-%{shortname}.service %{buildroot}%{_unitdir}
|
|
|
0f405b |
install -p -m644 %{_builddir}/%{project}-%{shortname}-%{version}/systemd/ipa-%{shortname}.timer %{buildroot}%{_unitdir}
|
|
|
0f405b |
|
|
|
0f405b |
mkdir -p %{buildroot}/%{_libexecdir}/ipa
|
|
|
0f405b |
install -p -m755 %{_builddir}/%{project}-%{shortname}-%{version}/systemd/ipa-%{shortname}.sh %{buildroot}%{_libexecdir}/ipa/
|
|
|
0f405b |
|
|
|
0f405b |
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
|
|
0f405b |
install -p -m644 %{_builddir}/%{project}-%{shortname}-%{version}/logrotate/%{longname} %{buildroot}%{_sysconfdir}/logrotate.d
|
|
|
0f405b |
|
|
|
0f405b |
mkdir -p %{buildroot}/%{_localstatedir}/log/ipa/%{shortname}
|
|
|
0f405b |
|
|
|
db8a92 |
mkdir -p %{buildroot}/%{_mandir}/man8
|
|
|
0f405b |
mkdir -p %{buildroot}/%{_mandir}/man5
|
|
|
db8a92 |
install -p -m644 %{_builddir}/%{project}-%{shortname}-%{version}/man/man8/ipa-%{shortname}.8 %{buildroot}%{_mandir}/man8/
|
|
|
0f405b |
install -p -m644 %{_builddir}/%{project}-%{shortname}-%{version}/man/man5/%{longname}.conf.5 %{buildroot}%{_mandir}/man5/
|
|
|
0f405b |
|
|
|
0f405b |
(cd %{buildroot}/%{python3_sitelib}/ipahealthcheck && find . -type f | \
|
|
|
0f405b |
grep -v '^./core' | \
|
|
|
0f405b |
grep -v 'opt-1' | \
|
|
|
0f405b |
sed -e 's,\.py.*$,.*,g' | sort -u | \
|
|
|
0f405b |
sed -e 's,\./,%%{python3_sitelib}/ipahealthcheck/,g' ) >healthcheck.list
|
|
|
0f405b |
|
|
|
0f405b |
%post
|
|
|
0f405b |
%systemd_post ipa-%{shortname}.service
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%preun
|
|
|
0f405b |
%systemd_preun ipa-%{shortname}.service
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%postun
|
|
|
0f405b |
%systemd_postun_with_restart ipa-%{shortname}.service
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%files -f healthcheck.list
|
|
|
0f405b |
%{!?_licensedir:%global license %%doc}
|
|
|
0f405b |
%license COPYING
|
|
|
0f405b |
%doc README.md
|
|
|
0f405b |
%{_bindir}/ipa-%{shortname}
|
|
|
0f405b |
%dir %{_sysconfdir}/%{longname}
|
|
|
0f405b |
%dir %{_localstatedir}/log/ipa/%{shortname}
|
|
|
0f405b |
%config(noreplace) %{_sysconfdir}/%{longname}/%{longname}.conf
|
|
|
0f405b |
%config(noreplace) %{_sysconfdir}/logrotate.d/%{longname}
|
|
|
0f405b |
%{python3_sitelib}/%{longname}-%{version}-*.egg-info/
|
|
|
0f405b |
%{python3_sitelib}/%{longname}-%{version}-*-nspkg.pth
|
|
|
0f405b |
%{_unitdir}/*
|
|
|
0f405b |
%{_libexecdir}/*
|
|
|
db8a92 |
%{_mandir}/man8/*
|
|
|
0f405b |
%{_mandir}/man5/*
|
|
|
0f405b |
|
|
|
0f405b |
%files -n %{name}-core
|
|
|
0f405b |
%{!?_licensedir:%global license %%doc}
|
|
|
0f405b |
%license COPYING
|
|
|
0f405b |
%doc README.md
|
|
|
0f405b |
%{python3_sitelib}/%{longname}/core/
|
|
|
0f405b |
|
|
|
0f405b |
|
|
|
0f405b |
%changelog
|
|
|
70e617 |
* Wed May 25 2022 Rob Crittenden <rcritten@redhat.com> - 0.7-14
|
|
|
70e617 |
- Add CLI options to healthcheck configuration file (#1872467)
|
|
|
70e617 |
|
|
|
70e617 |
* Fri Apr 29 2022 Rob Crittenden <rcritten@redhat.com> - 0.7-13
|
|
|
70e617 |
- Allow multiple file modes in the FileChecker (#2058239)
|
|
|
70e617 |
|
|
|
70e617 |
* Thu Mar 31 2022 Rob Crittenden <rcritten@redhat.com> - 0.7-12
|
|
|
70e617 |
- Use the subject base from the IPA configuration, not REALM (#2066308)
|
|
|
70e617 |
|
|
|
70e617 |
* Fri Mar 18 2022 Rob Crittenden <rcritten@redhat.com> - 0.7-11
|
|
|
70e617 |
- Add support for the DNS URI type (#2037847)
|
|
|
70e617 |
|
|
|
ebd3e0 |
* Thu Feb 17 2022 Rob Crittenden <rcritten@redhat.com> - 0.7-10
|
|
|
ebd3e0 |
- Don't depend on IPA status when suppressing pki checks (#2055316)
|
|
|
ebd3e0 |
|
|
|
ebd3e0 |
* Mon Jan 17 2022 Rob Crittenden <rcritten@redhat.com> - 0.7-9
|
|
|
ebd3e0 |
- Don't assume the entry_point order when determining if there is a
|
|
|
ebd3e0 |
CA installed (#2041995)
|
|
|
ebd3e0 |
|
|
|
7d6859 |
* Thu Jan 06 2022 Rob Crittenden <rcritten@redhat.com> - 0.7-8
|
|
|
7d6859 |
- Suppress the CRLManager check false positive when a CA is not
|
|
|
7d6859 |
configured (#1983060)
|
|
|
7d6859 |
- Fix the backport of the pki.server.healthcheck suppression (#1983060)
|
|
|
7d6859 |
|
|
|
f3fa67 |
* Thu Oct 07 2021 Rob Crittenden <rcritten@redhat.com> - 0.7-7
|
|
|
f3fa67 |
- ipa-healthcheck command takes some extra time to complete when dirsrv
|
|
|
f3fa67 |
instance is stopped (#1776687)
|
|
|
f3fa67 |
- ipa-healthcheck complains about pki.server.healthcheck errors even CA
|
|
|
f3fa67 |
is not configured on the replica (#1983060)
|
|
|
f3fa67 |
|
|
|
8cfcc8 |
* Mon Jun 14 2021 Rob Crittenden <rcritten@redhat.com> - 0.7-6
|
|
|
8cfcc8 |
- Fix patch fuzz issues, apply add'l upstream for log files (#1780020)
|
|
|
8cfcc8 |
|
|
|
8cfcc8 |
* Wed Jun 2 2021 Rob Crittenden <rcritten@redhat.com> - 0.7-5
|
|
|
8cfcc8 |
- Return a user-friendly message when no issues are found (#1780062)
|
|
|
8cfcc8 |
- Report on FIPS status (#1781107)
|
|
|
8cfcc8 |
- Detect mismatches beteween certificates in LDAP and filesystem (#1886770)
|
|
|
8cfcc8 |
- Verify owner/perms for important log files (#1780020)
|
|
|
8cfcc8 |
|
|
|
8cfcc8 |
* Tue Apr 6 2021 Rob Crittenden <rcritten@redhat.com> - 0.7-4
|
|
|
8cfcc8 |
- Add check to validate the KRA Agent is correct (#1894781)
|
|
|
8cfcc8 |
|
|
|
db8a92 |
* Fri Dec 4 2020 Rob Crittenden <rcritten@redhat.com> - 0.7-3
|
|
|
db8a92 |
- Translate result names when reading input from a json file (#1866558)
|
|
|
db8a92 |
|
|
|
db8a92 |
* Tue Nov 3 2020 Rob Crittenden <rcritten@redhat.com> - 0.7-2
|
|
|
db8a92 |
- Fix collection of AD trust domains (#1891505)
|
|
|
db8a92 |
|
|
|
db8a92 |
* Tue Nov 3 2020 Rob Crittenden <rcritten@redhat.com> - 0.7-1
|
|
|
db8a92 |
- Update to upstream 0.7 (#1891850)
|
|
|
db8a92 |
- Include Directory Server healthchecks (#1824193)
|
|
|
db8a92 |
- Document that default output format is JSON (#1780328)
|
|
|
db8a92 |
- Fix return value on exit with --input-file (#1866558)
|
|
|
db8a92 |
- Fix examples in man page (#1809215)
|
|
|
db8a92 |
- Replace man page reference to output-format with output-type (#1780303)
|
|
|
db8a92 |
- Add dependencies on services to avoid false positives (#1780510)
|
|
|
db8a92 |
|
|
|
0f405b |
* Wed Aug 19 2020 Rob Crittenden <rcritten@redhat.com> - 0.4-6
|
|
|
0f405b |
- The core subpackage can be installed standalone, drop the Requires
|
|
|
0f405b |
on the base package. (#1852244)
|
|
|
0f405b |
- Add Conflicts < 0.4 to to core to allow downgrading with
|
|
|
0f405b |
--allowerasing (#1852244)
|
|
|
0f405b |
|
|
|
0f405b |
* Tue Aug 4 2020 Rob Crittenden <rcritten@redhat.com> - 0.4-5
|
|
|
0f405b |
- Remove the Obsoletes < 0.4 and add same-version Requires to each
|
|
|
0f405b |
subpackage so that upgrades from 0.3 will work (#1852244)
|
|
|
0f405b |
|
|
|
0f405b |
* Thu Jan 16 2020 Rob Crittenden <rcritten@redhat.com> - 0.4-4
|
|
|
0f405b |
- Allow plugins to read contents from config during initialization (#1784037)
|
|
|
0f405b |
|
|
|
0f405b |
* Thu Dec 5 2019 Rob Crittenden <rcritten@redhat.com> - 0.4-3
|
|
|
0f405b |
- Add Obsoletes to core subpackage (#1780121)
|
|
|
0f405b |
|
|
|
0f405b |
* Mon Dec 2 2019 Rob Crittenden <rcritten@redhat.com> - 0.4-2
|
|
|
0f405b |
- Abstract processing so core package is standalone (#1771710)
|
|
|
0f405b |
|
|
|
0f405b |
* Mon Dec 2 2019 Rob Crittenden <rcritten@redhat.com> - 0.4-1
|
|
|
0f405b |
- Rebase to upstream 0.4 (#1770346)
|
|
|
0f405b |
- Create subpackage to split out core processing (#1771710)
|
|
|
0f405b |
- Correct URL (#1773512)
|
|
|
0f405b |
- Errors not translated to strings (#1752849)
|
|
|
0f405b |
- JSON output not indented by default (#1729043)
|
|
|
0f405b |
- Add dependencies to checks to avoid false-positives (#1727900)
|
|
|
0f405b |
- Verify expected DNS records (#1695125)
|
|
|
0f405b |
|
|
|
0f405b |
* Mon Aug 12 2019 Rob Crittenden <rcritten@redhat.com> - 0.3-4
|
|
|
0f405b |
- Lookup AD user by SID and not by hardcoded username (#1739500)
|
|
|
0f405b |
|
|
|
0f405b |
* Thu Aug 8 2019 Rob Crittenden <rcritten@redhat.com> - 0.3-3
|
|
|
0f405b |
- The AD trust agent and controller are not being initialized (#1738314)
|
|
|
0f405b |
|
|
|
0f405b |
* Mon Aug 5 2019 Rob Crittenden <rcritten@redhat.com> - 0.3-2
|
|
|
0f405b |
- Change DNA plugin to return WARNING if no range is set (#1737492)
|
|
|
0f405b |
|
|
|
0f405b |
* Mon Jul 29 2019 François Cami <fcami@redhat.com> - 0.3-1
|
|
|
0f405b |
- Update to upstream 0.3 (#1701351)
|
|
|
0f405b |
- Add logrotate configs + depend on anacron and logrotate (#1729207)
|
|
|
0f405b |
|
|
|
0f405b |
* Thu Jul 11 2019 François Cami <fcami@redhat.com> - 0.2-4
|
|
|
0f405b |
- Fix ipa-healthcheck.sh installation path (rhbz#1729188)
|
|
|
0f405b |
- Create and own log directory (rhbz#1729188)
|
|
|
0f405b |
|
|
|
0f405b |
* Tue Apr 30 2019 François Cami <fcami@redhat.com> - 0.2-3
|
|
|
0f405b |
- Add python3-lib389 to BRs
|
|
|
0f405b |
|
|
|
0f405b |
* Tue Apr 30 2019 François Cami <fcami@redhat.com> - 0.2-2
|
|
|
0f405b |
- Fix changelog
|
|
|
0f405b |
|
|
|
0f405b |
* Thu Apr 25 2019 Rob Crittenden <rcritten@redhat.com> - 0.2-1
|
|
|
0f405b |
- Update to upstream 0.2
|
|
|
0f405b |
|
|
|
0f405b |
* Thu Apr 4 2019 François Cami <fcami@redhat.com> - 0.1-2
|
|
|
0f405b |
- Explicitly list dependencies
|
|
|
0f405b |
|
|
|
0f405b |
* Tue Apr 2 2019 François Cami <fcami@redhat.com> - 0.1-1
|
|
|
0f405b |
- Initial package import
|