|
 |
bb0ded |
%define ipa_requires_gt() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}-%%{release}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
|
|
bb0ded |
|
|
|
bb0ded |
# ipatests enabled by default, can be disabled with --without ipatests
|
|
|
bb0ded |
%bcond_without ipatests
|
|
|
bb0ded |
# default to not use XML-RPC in Rawhide, can be turned around with --with ipa_join_xml
|
|
|
bb0ded |
# On RHEL 8 we should use --with ipa_join_xml
|
|
|
bb0ded |
%bcond_with ipa_join_xml
|
|
|
bb0ded |
|
|
|
bb0ded |
# Linting is disabled by default, needed for upstream testing
|
|
|
bb0ded |
%bcond_with lint
|
|
|
bb0ded |
|
|
|
bb0ded |
# Build documentation with sphinx
|
|
|
bb0ded |
%bcond_with doc
|
|
|
bb0ded |
|
|
|
bb0ded |
# Build Python wheels
|
|
|
bb0ded |
%bcond_with wheels
|
|
|
bb0ded |
|
|
|
bb0ded |
# 389-ds-base 1.4 no longer supports i686 platform, build only client
|
|
|
bb0ded |
# packages, https://bugzilla.redhat.com/show_bug.cgi?id=1544386
|
|
|
bb0ded |
%ifarch %{ix86}
|
|
|
bb0ded |
%{!?ONLY_CLIENT:%global ONLY_CLIENT 1}
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# Define ONLY_CLIENT to only make the ipa-client and ipa-python
|
|
|
bb0ded |
# subpackages
|
|
|
bb0ded |
%{!?ONLY_CLIENT:%global ONLY_CLIENT 0}
|
|
|
bb0ded |
%if %{ONLY_CLIENT}
|
|
|
bb0ded |
%global enable_server_option --disable-server
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global enable_server_option --enable-server
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{ONLY_CLIENT}
|
|
|
bb0ded |
%global with_ipatests 0
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# Whether to build ipatests
|
|
|
bb0ded |
%if %{with ipatests}
|
|
|
bb0ded |
%global with_ipatests_option --with-ipatests
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global with_ipatests_option --without-ipatests
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# Whether to use XML-RPC with ipa-join
|
|
|
bb0ded |
%if %{with ipa_join_xml}
|
|
|
bb0ded |
%global with_ipa_join_xml_option --with-ipa-join-xml
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global with_ipa_join_xml_option --without-ipa-join-xml
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# lint is not executed during rpmbuild
|
|
|
bb0ded |
# %%global with_lint 1
|
|
|
bb0ded |
%if %{with lint}
|
|
|
bb0ded |
%global linter_options --enable-pylint --without-jslint --enable-rpmlint
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global linter_options --disable-pylint --without-jslint --disable-rpmlint
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# Include SELinux subpackage
|
|
|
bb0ded |
%if 0%{?fedora} >= 30 || 0%{?rhel} >= 8
|
|
|
bb0ded |
%global with_selinux 1
|
|
|
bb0ded |
%global selinuxtype targeted
|
|
|
bb0ded |
%global modulename ipa
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%if 0%{?rhel}
|
|
|
bb0ded |
%global package_name ipa
|
|
|
bb0ded |
%global alt_name freeipa
|
|
|
bbecb6 |
%global krb5_version 1.20.1-1
|
|
|
bbecb6 |
%global krb5_kdb_version 9.0
|
|
|
bb0ded |
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
|
|
|
bb0ded |
%global python_netaddr_version 0.7.19
|
|
|
bbecb6 |
%global samba_version 4.17.4-101
|
|
|
bb0ded |
%global slapi_nis_version 0.56.4
|
|
|
bb0ded |
%global python_ldap_version 3.1.0-1
|
|
|
bb0ded |
%if 0%{?rhel} < 9
|
|
|
bb0ded |
# Bug 1929067 - PKI instance creation failed with new 389-ds-base build
|
|
|
bb0ded |
%global ds_version 1.4.3.16-12
|
|
|
bbecb6 |
%global selinux_policy_version 3.14.3-107
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
# DNA interval enabled
|
|
|
bb0ded |
%global ds_version 2.0.5-1
|
|
|
bbecb6 |
%global selinux_policy_version 38.1.1-1
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# Fix for TLS 1.3 PHA, RHBZ#1775158
|
|
|
bb0ded |
%global httpd_version 2.4.37-21
|
|
|
bb0ded |
%global bind_version 9.11.20-6
|
|
|
bb0ded |
|
|
|
bbecb6 |
# Fix for https://github.com/SSSD/sssd/issues/6331
|
|
|
bbecb6 |
%global sssd_version 2.8.0
|
|
|
bbecb6 |
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
# Fedora
|
|
|
bb0ded |
%global package_name freeipa
|
|
|
bb0ded |
%global alt_name ipa
|
|
|
bb0ded |
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
|
|
|
bb0ded |
%global python_netaddr_version 0.7.16
|
|
|
bb0ded |
# Require 4.7.0 which brings Python 3 bindings
|
|
|
bb0ded |
# Require 4.12 which has DsRGetForestTrustInformation access rights fixes
|
|
|
bb0ded |
%global samba_version 2:4.12.10
|
|
|
bb0ded |
|
|
|
bb0ded |
# 3.14.5-45 or later includes a number of interfaces fixes for IPA interface
|
|
|
bbecb6 |
# 36.16-1 fixes BZ#2115691
|
|
|
bbecb6 |
%if 0%{?fedora} < 36
|
|
|
bb0ded |
%global selinux_policy_version 3.14.5-45
|
|
|
bbecb6 |
%else
|
|
|
bbecb6 |
%global selinux_policy_version 36.16-1
|
|
|
bbecb6 |
%endif
|
|
|
bb0ded |
%global slapi_nis_version 0.56.5
|
|
|
bb0ded |
|
|
|
bbecb6 |
%if 0%{?fedora} < 38
|
|
|
bbecb6 |
# Fix for CVE-2020-28196
|
|
|
bbecb6 |
%global krb5_version 1.18.2-29
|
|
|
bb0ded |
%global krb5_kdb_version 8.0
|
|
|
bbecb6 |
%else
|
|
|
bbecb6 |
# Fix for CVE-2020-28196
|
|
|
bbecb6 |
%global krb5_version 1.20.1-3
|
|
|
bbecb6 |
%global krb5_kdb_version 9.0
|
|
|
bbecb6 |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# fix for segfault in python3-ldap, https://pagure.io/freeipa/issue/7324
|
|
|
bb0ded |
%global python_ldap_version 3.1.0-1
|
|
|
bb0ded |
|
|
|
bb0ded |
# Make sure to use 389-ds-base versions that fix https://github.com/389ds/389-ds-base/issues/4700
|
|
|
bb0ded |
# and has DNA interval enabled
|
|
|
bb0ded |
%if 0%{?fedora} < 34
|
|
|
bb0ded |
%global ds_version 1.4.4.16-1
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global ds_version 2.0.7-1
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# Fix for TLS 1.3 PHA, RHBZ#1775146
|
|
|
bb0ded |
%global httpd_version 2.4.41-9
|
|
|
bb0ded |
|
|
|
bbecb6 |
# Fix for RHBZ#2117342
|
|
|
bbecb6 |
%if 0%{?fedora} < 37
|
|
|
bb0ded |
%global bind_version 9.11.24-1
|
|
|
bbecb6 |
%else
|
|
|
bbecb6 |
%global bind_version 32:9.18.7-1
|
|
|
bbecb6 |
%endif
|
|
|
bb0ded |
# Don't use Fedora's Python dependency generator on Fedora 30/rawhide yet.
|
|
|
bb0ded |
# Some packages don't provide new dist aliases.
|
|
|
bb0ded |
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/
|
|
|
bb0ded |
%{?python_disable_dependency_generator}
|
|
|
bbecb6 |
|
|
|
bbecb6 |
%if 0%{?fedora} < 37
|
|
|
bbecb6 |
# F35+, adds IdP integration
|
|
|
bbecb6 |
%global sssd_version 2.7.0
|
|
|
bbecb6 |
%else
|
|
|
bbecb6 |
# Fix for https://github.com/SSSD/sssd/issues/6331
|
|
|
bbecb6 |
%global sssd_version 2.8.0
|
|
|
bbecb6 |
%endif
|
|
|
bbecb6 |
|
|
|
bb0ded |
# Fedora
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# BIND employs 'pkcs11' OpenSSL engine instead of native PKCS11
|
|
|
bb0ded |
# Fedora 31+ uses OpenSSL engine, as well as Fedora ELN (RHEL9)
|
|
|
bb0ded |
%if 0%{?fedora} || 0%{?rhel} >= 9
|
|
|
bb0ded |
%global openssl_pkcs11_version 0.4.10-6
|
|
|
bb0ded |
%global softhsm_version 2.5.0-4
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global with_bind_pkcs11 1
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%if 0%{?rhel} == 8
|
|
|
bb0ded |
# Make sure to use PKI versions that work with 389-ds fix for https://github.com/389ds/389-ds-base/issues/4609
|
|
|
bb0ded |
%global pki_version 10.10.5
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
# Make sure to use PKI versions that work with 389-ds fix for https://github.com/389ds/389-ds-base/issues/4609
|
|
|
bb0ded |
%global pki_version 10.10.5
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# RHEL 8.3+, F32+ has 0.79.13
|
|
|
bb0ded |
%global certmonger_version 0.79.7-3
|
|
|
bb0ded |
|
|
|
bb0ded |
# RHEL 8.2+, F32+ has 3.58
|
|
|
bb0ded |
%global nss_version 3.44.0-4
|
|
|
bb0ded |
|
|
|
bb0ded |
%define krb5_base_version %(LC_ALL=C /usr/bin/pkgconf --modversion krb5 | grep -Eo '^[^.]+\.[^.]+' || echo %krb5_version)
|
|
|
bb0ded |
%global kdcproxy_version 0.4-3
|
|
|
bb0ded |
|
|
|
bb0ded |
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
|
|
|
bb0ded |
# systemd with resolved enabled
|
|
|
bb0ded |
# see https://pagure.io/freeipa/issue/8275
|
|
|
bb0ded |
%global systemd_version 246.6-3
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global systemd_version 239
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# augeas support for new chrony options
|
|
|
bb0ded |
# see https://pagure.io/freeipa/issue/8676
|
|
|
bb0ded |
# https://bugzilla.redhat.com/show_bug.cgi?id=1931787
|
|
|
bb0ded |
%if 0%{?fedora} >= 33
|
|
|
bb0ded |
%global augeas_version 1.12.0-6
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%if 0%{?rhel} >= 9
|
|
|
bb0ded |
%global augeas_version 1.12.1-0
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%global augeas_version 1.12.0-3
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%global plugin_dir %{_libdir}/dirsrv/plugins
|
|
|
bb0ded |
%global etc_systemd_dir %{_sysconfdir}/systemd/system
|
|
|
bb0ded |
%global gettext_domain ipa
|
|
|
bb0ded |
|
|
|
bb0ded |
%define _hardened_build 1
|
|
|
bb0ded |
|
|
|
bb0ded |
# Work-around fact that RPM SPEC parser does not accept
|
|
|
bb0ded |
# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
|
|
|
bbecb6 |
%define IPA_VERSION 4.10.1
|
|
|
bb0ded |
# Release candidate version -- uncomment with one percent for RC versions
|
|
|
bb0ded |
#%%global rc_version %%nil
|
|
|
bb0ded |
%define AT_SIGN @
|
|
|
bb0ded |
# redefine IPA_VERSION only if its value matches the Autoconf placeholder
|
|
|
bb0ded |
%if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"
|
|
|
bb0ded |
%define IPA_VERSION nonsense.to.please.RPM.SPEC.parser
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%define NON_DEVELOPER_BUILD ("%{lua: print(rpm.expand('%{suffix:%IPA_VERSION}'):find('^dev'))}" == "nil")
|
|
|
bb0ded |
|
|
|
bb0ded |
Name: %{package_name}
|
|
|
bb0ded |
Version: %{IPA_VERSION}
|
|
|
bbecb6 |
Release: 6%{?rc_version:.%rc_version}%{?dist}
|
|
|
bb0ded |
Summary: The Identity, Policy and Audit system
|
|
|
bb0ded |
|
|
|
bb0ded |
License: GPLv3+
|
|
|
bb0ded |
URL: http://www.freeipa.org/
|
|
|
bb0ded |
Source0: https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_version}.tar.gz
|
|
|
bb0ded |
# Only use detached signature for the distribution builds. If it is a developer build, skip it
|
|
|
bb0ded |
%if %{NON_DEVELOPER_BUILD}
|
|
|
bb0ded |
Source1: https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_version}.tar.gz.asc
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# RHEL spec file only: START: Change branding to IPA and Identity Management
|
|
|
bb0ded |
# Moved branding logos and background to redhat-logos-ipa-80.4:
|
|
|
bb0ded |
# header-logo.png, login-screen-background.jpg, login-screen-logo.png,
|
|
|
bb0ded |
# product-name.png
|
|
|
bb0ded |
# RHEL spec file only: END: Change branding to IPA and Identity Management
|
|
|
bb0ded |
|
|
|
bb0ded |
# RHEL spec file only: START
|
|
|
bb0ded |
%if %{NON_DEVELOPER_BUILD}
|
|
|
bbecb6 |
%if 0%{?rhel} == 8
|
|
|
bbecb6 |
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
|
|
bbecb6 |
Patch1002: 1002-Revert-freeipa.spec-depend-on-bind-dnssec-utils.patch
|
|
|
bbecb6 |
%endif
|
|
|
bbecb6 |
%if 0%{?rhel} == 9
|
|
|
bbecb6 |
Patch0001: 0001-updates-fix-memberManager-ACI-to-allow-managers-from.patch
|
|
|
bbecb6 |
Patch0002: 0002-Spec-file-ipa-client-depends-on-krb5-pkinit-openssl.patch
|
|
|
bbecb6 |
Patch0003: 0003-server-install-remove-error-log-about-missing-bkup-f.patch
|
|
|
bbecb6 |
Patch0004: 0004-ipa-tests-Add-LANG-before-kinit-command-to-fix-issue.patch
|
|
|
bbecb6 |
Patch0005: 0005-trust-add-handle-missing-msSFU30MaxGidNumber.patch
|
|
|
bbecb6 |
Patch0006: 0006-doc-Design-for-certificate-pruning.patch
|
|
|
bbecb6 |
Patch0007: 0007-ipa-acme-manage-add-certificate-request-pruning-mana.patch
|
|
|
bbecb6 |
Patch0008: 0008-doc-add-the-run-command-for-manual-job-execution.patch
|
|
|
bbecb6 |
Patch0009: 0009-tests-add-wrapper-around-ACME-RSNv3-test.patch
|
|
|
bbecb6 |
Patch0010: 0010-automember-rebuild-add-a-notice-about-high-CPU-usage.patch
|
|
|
bbecb6 |
Patch0011: 0011-Fix-setting-values-of-0-in-ACME-pruning.patch
|
|
|
bbecb6 |
Patch0012: 0012-Wipe-the-ipa-ca-DNS-record-when-updating-system-reco.patch
|
|
|
bbecb6 |
Patch0013: 0013-ipa-kdb-PAC-consistency-checker-needs-to-handle-chil.patch
|
|
|
bbecb6 |
Patch0014: 0014-Add-test-for-SSH-with-GSSAPI-auth.patch
|
|
|
bbecb6 |
Patch0015: 0015-webui-tests-fix-assertion-in-test_subid.py.patch
|
|
|
bbecb6 |
Patch0016: 0016-ipatests-mark-test_smb-as-xfail.patch
|
|
|
bbecb6 |
Patch0017: 0017-Tests-force-key-type-in-ACME-tests.patch
|
|
|
bbecb6 |
Patch0018: 0018-tests-Add-ipa_ca_name-checking-to-DNS-system-records.patch
|
|
|
bbecb6 |
Patch0019: 0019-tests-Add-new-ipa-ca-error-messages-to-IPADNSSystemR.patch
|
|
|
bbecb6 |
Patch0020: 0020-ipatests-tests-for-certificate-pruning.patch
|
|
|
bbecb6 |
Patch0021: 0021-ipatests-ensure-that-ipa-automember-rebuild-prints-a.patch
|
|
|
bbecb6 |
Patch0022: 0022-ipatests-fix-tests-in-TestACMEPrune.patch
|
|
|
bb0ded |
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
# RHEL spec file only: END
|
|
|
bb0ded |
|
|
|
bb0ded |
BuildRequires: openldap-devel
|
|
|
bb0ded |
# For KDB DAL version, make explicit dependency so that increase of version
|
|
|
bb0ded |
# will cause the build to fail due to unsatisfied dependencies.
|
|
|
bb0ded |
# DAL version change may cause code crash or memory leaks, it is better to fail early.
|
|
|
bb0ded |
BuildRequires: krb5-kdb-version = %{krb5_kdb_version}
|
|
|
bb0ded |
BuildRequires: krb5-kdb-devel-version = %{krb5_kdb_version}
|
|
|
bb0ded |
BuildRequires: krb5-devel >= %{krb5_version}
|
|
|
bb0ded |
BuildRequires: pkgconfig(krb5)
|
|
|
bb0ded |
%if %{with ipa_join_xml}
|
|
|
bb0ded |
# 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation
|
|
|
bb0ded |
BuildRequires: xmlrpc-c-devel >= 1.27.4
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
BuildRequires: libcurl-devel
|
|
|
bb0ded |
BuildRequires: jansson-devel
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
BuildRequires: popt-devel
|
|
|
bb0ded |
BuildRequires: gcc
|
|
|
bb0ded |
BuildRequires: make
|
|
|
bb0ded |
BuildRequires: pkgconfig
|
|
|
bb0ded |
BuildRequires: pkgconf
|
|
|
bb0ded |
BuildRequires: autoconf
|
|
|
bb0ded |
BuildRequires: automake
|
|
|
bb0ded |
BuildRequires: make
|
|
|
bb0ded |
BuildRequires: libtool
|
|
|
bb0ded |
BuildRequires: gettext
|
|
|
bb0ded |
BuildRequires: gettext-devel
|
|
|
bb0ded |
BuildRequires: python3-devel
|
|
|
bb0ded |
BuildRequires: python3-setuptools
|
|
|
bb0ded |
BuildRequires: systemd >= %{systemd_version}
|
|
|
bb0ded |
# systemd-tmpfiles which is executed from make install requires apache user
|
|
|
bb0ded |
BuildRequires: httpd
|
|
|
bb0ded |
BuildRequires: nspr-devel
|
|
|
bb0ded |
BuildRequires: openssl-devel
|
|
|
bb0ded |
BuildRequires: libini_config-devel
|
|
|
bb0ded |
BuildRequires: cyrus-sasl-devel
|
|
|
bb0ded |
%if ! %{ONLY_CLIENT}
|
|
|
bb0ded |
BuildRequires: 389-ds-base-devel >= %{ds_version}
|
|
|
bb0ded |
BuildRequires: samba-devel >= %{samba_version}
|
|
|
bb0ded |
BuildRequires: libtalloc-devel
|
|
|
bb0ded |
BuildRequires: libtevent-devel
|
|
|
bb0ded |
BuildRequires: libuuid-devel
|
|
|
bb0ded |
BuildRequires: libpwquality-devel
|
|
|
bb0ded |
BuildRequires: libsss_idmap-devel
|
|
|
bb0ded |
BuildRequires: libsss_certmap-devel
|
|
|
bb0ded |
BuildRequires: libsss_nss_idmap-devel >= %{sssd_version}
|
|
|
bb0ded |
BuildRequires: nodejs(abi)
|
|
|
bb0ded |
# use old dependency on RHEL 8 for now
|
|
|
bb0ded |
%if 0%{?fedora} >= 31 || 0%{?rhel} >= 9
|
|
|
bb0ded |
BuildRequires: python3-rjsmin
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
BuildRequires: uglify-js
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
BuildRequires: libverto-devel
|
|
|
bb0ded |
BuildRequires: libunistring-devel
|
|
|
bb0ded |
# 0.13.0: https://bugzilla.redhat.com/show_bug.cgi?id=1584773
|
|
|
bb0ded |
# 0.13.0-2: fix for missing dependency on python-six
|
|
|
bb0ded |
BuildRequires: python3-lesscpy >= 0.13.0-2
|
|
|
bb0ded |
BuildRequires: cracklib-dicts
|
|
|
bb0ded |
# ONLY_CLIENT
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
#
|
|
|
bb0ded |
# Build dependencies for makeapi/makeaci
|
|
|
bb0ded |
#
|
|
|
bb0ded |
BuildRequires: python3-cffi
|
|
|
bb0ded |
BuildRequires: python3-dns
|
|
|
bb0ded |
BuildRequires: python3-ldap >= %{python_ldap_version}
|
|
|
bb0ded |
BuildRequires: python3-libsss_nss_idmap
|
|
|
bb0ded |
BuildRequires: python3-netaddr >= %{python_netaddr_version}
|
|
|
bb0ded |
BuildRequires: python3-pyasn1
|
|
|
bb0ded |
BuildRequires: python3-pyasn1-modules
|
|
|
bb0ded |
BuildRequires: python3-six
|
|
|
bb0ded |
BuildRequires: python3-psutil
|
|
|
bb0ded |
|
|
|
bb0ded |
#
|
|
|
bb0ded |
# Build dependencies for wheel packaging and PyPI upload
|
|
|
bb0ded |
#
|
|
|
bb0ded |
%if %{with wheels}
|
|
|
bb0ded |
BuildRequires: dbus-glib-devel
|
|
|
bb0ded |
BuildRequires: libffi-devel
|
|
|
bb0ded |
BuildRequires: python3-tox
|
|
|
bb0ded |
%if 0%{?fedora} <= 28
|
|
|
bb0ded |
BuildRequires: python3-twine
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
BuildRequires: twine
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
BuildRequires: python3-wheel
|
|
|
bb0ded |
# with_wheels
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with doc}
|
|
|
bb0ded |
BuildRequires: python3-sphinx
|
|
|
8e1ca3 |
BuildRequires: plantuml
|
|
|
8e1ca3 |
BuildRequires: fontconfig
|
|
|
8e1ca3 |
BuildRequires: google-noto-sans-vf-fonts
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
#
|
|
|
bb0ded |
# Build dependencies for lint and fastcheck
|
|
|
bb0ded |
#
|
|
|
bb0ded |
%if %{with lint}
|
|
|
bb0ded |
|
|
|
bb0ded |
# python3-pexpect might not be available in RHEL9
|
|
|
bb0ded |
%if 0%{?fedora} || 0%{?rhel} < 9
|
|
|
bb0ded |
BuildRequires: python3-pexpect
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# jsl is orphaned in Fedora 34+
|
|
|
bb0ded |
%if 0%{?fedora} < 34
|
|
|
bb0ded |
BuildRequires: jsl
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
BuildRequires: git
|
|
|
bb0ded |
BuildRequires: nss-tools
|
|
|
bb0ded |
BuildRequires: rpmlint
|
|
|
bb0ded |
BuildRequires: softhsm
|
|
|
bb0ded |
|
|
|
bb0ded |
BuildRequires: keyutils
|
|
|
bb0ded |
BuildRequires: python3-augeas
|
|
|
bb0ded |
BuildRequires: python3-cffi
|
|
|
bb0ded |
BuildRequires: python3-cryptography >= 1.6
|
|
|
bb0ded |
BuildRequires: python3-dateutil
|
|
|
bb0ded |
BuildRequires: python3-dbus
|
|
|
bb0ded |
BuildRequires: python3-dns >= 1.15
|
|
|
bb0ded |
BuildRequires: python3-docker
|
|
|
bb0ded |
BuildRequires: python3-gssapi >= 1.2.0
|
|
|
bb0ded |
BuildRequires: python3-jinja2
|
|
|
bb0ded |
BuildRequires: python3-jwcrypto >= 0.4.2
|
|
|
bb0ded |
BuildRequires: python3-ldap >= %{python_ldap_version}
|
|
|
bb0ded |
BuildRequires: python3-ldap >= %{python_ldap_version}
|
|
|
bb0ded |
BuildRequires: python3-lib389 >= %{ds_version}
|
|
|
bb0ded |
BuildRequires: python3-libipa_hbac
|
|
|
bb0ded |
BuildRequires: python3-libsss_nss_idmap
|
|
|
bb0ded |
BuildRequires: python3-lxml
|
|
|
bb0ded |
BuildRequires: python3-netaddr >= %{python_netaddr_version}
|
|
|
bb0ded |
BuildRequires: python3-netifaces
|
|
|
bb0ded |
BuildRequires: python3-pki >= %{pki_version}
|
|
|
bb0ded |
BuildRequires: python3-polib
|
|
|
bb0ded |
BuildRequires: python3-pyasn1
|
|
|
bb0ded |
BuildRequires: python3-pyasn1-modules
|
|
|
bb0ded |
BuildRequires: python3-pycodestyle
|
|
|
bb0ded |
# .wheelconstraints.in limits pylint version in Azure and tox tests
|
|
|
bb0ded |
BuildRequires: python3-pylint
|
|
|
bb0ded |
BuildRequires: python3-pytest-multihost
|
|
|
bb0ded |
BuildRequires: python3-pytest-sourceorder
|
|
|
bb0ded |
BuildRequires: python3-qrcode-core >= 5.0.0
|
|
|
bb0ded |
BuildRequires: python3-samba
|
|
|
bb0ded |
BuildRequires: python3-six
|
|
|
bb0ded |
BuildRequires: python3-sss
|
|
|
bb0ded |
BuildRequires: python3-sss-murmur
|
|
|
bb0ded |
BuildRequires: python3-sssdconfig >= %{sssd_version}
|
|
|
bb0ded |
BuildRequires: python3-systemd
|
|
|
bb0ded |
BuildRequires: python3-yaml
|
|
|
bb0ded |
BuildRequires: python3-yubico
|
|
|
bb0ded |
# with_lint
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
#
|
|
|
bb0ded |
# Build dependencies for unit tests
|
|
|
bb0ded |
#
|
|
|
bb0ded |
%if ! %{ONLY_CLIENT}
|
|
|
bb0ded |
BuildRequires: libcmocka-devel
|
|
|
bb0ded |
# Required by ipa_kdb_tests
|
|
|
bb0ded |
BuildRequires: krb5-server >= %{krb5_version}
|
|
|
bb0ded |
# ONLY_CLIENT
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# Build dependencies for SELinux policy
|
|
|
bb0ded |
%if %{with selinux}
|
|
|
bb0ded |
BuildRequires: selinux-policy-devel >= %{selinux_policy_version}
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%description
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%if ! %{ONLY_CLIENT}
|
|
|
bb0ded |
|
|
|
bb0ded |
%package server
|
|
|
bb0ded |
Summary: The IPA authentication server
|
|
|
bb0ded |
Requires: %{name}-server-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: %{name}-client = %{version}-%{release}
|
|
|
bb0ded |
Requires: %{name}-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-ipaserver = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-ldap >= %{python_ldap_version}
|
|
|
bb0ded |
Requires: 389-ds-base >= %{ds_version}
|
|
|
bb0ded |
Requires: openldap-clients > 2.4.35-4
|
|
|
bb0ded |
Requires: nss-tools >= %{nss_version}
|
|
|
bb0ded |
Requires(post): krb5-server >= %{krb5_version}
|
|
|
bb0ded |
Requires(post): krb5-server >= %{krb5_base_version}
|
|
|
bb0ded |
Requires: krb5-kdb-version = %{krb5_kdb_version}
|
|
|
bb0ded |
Requires: cyrus-sasl-gssapi%{?_isa}
|
|
|
bb0ded |
Requires: chrony
|
|
|
bb0ded |
Requires: httpd >= %{httpd_version}
|
|
|
bb0ded |
Requires(preun): python3
|
|
|
bb0ded |
Requires(postun): python3
|
|
|
bb0ded |
Requires: python3-gssapi >= 1.2.0-5
|
|
|
bb0ded |
Requires: python3-systemd
|
|
|
bb0ded |
Requires: python3-mod_wsgi
|
|
|
bb0ded |
Requires: mod_auth_gssapi >= 1.5.0
|
|
|
bb0ded |
Requires: mod_ssl >= %{httpd_version}
|
|
|
bb0ded |
Requires: mod_session >= %{httpd_version}
|
|
|
bb0ded |
# 0.9.9: https://github.com/adelton/mod_lookup_identity/pull/3
|
|
|
bb0ded |
Requires: mod_lookup_identity >= 0.9.9
|
|
|
bb0ded |
Requires: acl
|
|
|
bb0ded |
Requires: systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(pre): systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(post): systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(preun): systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(postun): systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(pre): shadow-utils
|
|
|
bb0ded |
Requires: selinux-policy >= %{selinux_policy_version}
|
|
|
bb0ded |
Requires(post): selinux-policy-base >= %{selinux_policy_version}
|
|
|
bb0ded |
Requires: slapi-nis >= %{slapi_nis_version}
|
|
|
bb0ded |
Requires: pki-ca >= %{pki_version}
|
|
|
bb0ded |
Requires: pki-kra >= %{pki_version}
|
|
|
bb0ded |
# pki-acme package was split out in pki-10.10.0
|
|
|
bb0ded |
Requires: (pki-acme >= %{pki_version} if pki-ca >= 10.10.0)
|
|
|
bb0ded |
Requires: policycoreutils >= 2.1.12-5
|
|
|
bb0ded |
Requires: tar
|
|
|
bb0ded |
Requires(pre): certmonger >= %{certmonger_version}
|
|
|
bb0ded |
Requires(pre): 389-ds-base >= %{ds_version}
|
|
|
bb0ded |
Requires: fontawesome-fonts
|
|
|
bb0ded |
Requires: open-sans-fonts
|
|
|
bb0ded |
%if 0%{?fedora} >= 32 || 0%{?rhel} >= 9
|
|
|
bb0ded |
# https://pagure.io/freeipa/issue/8632
|
|
|
bb0ded |
Requires: openssl > 1.1.1i
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
Requires: openssl
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
Requires: softhsm >= 2.0.0rc1-1
|
|
|
bb0ded |
Requires: p11-kit
|
|
|
bb0ded |
Requires: %{etc_systemd_dir}
|
|
|
bb0ded |
Requires: gzip
|
|
|
bb0ded |
Requires: oddjob
|
|
|
bb0ded |
# 0.7.0-2: https://pagure.io/gssproxy/pull-request/172
|
|
|
bb0ded |
Requires: gssproxy >= 0.7.0-2
|
|
|
bb0ded |
Requires: sssd-dbus >= %{sssd_version}
|
|
|
bb0ded |
Requires: libpwquality
|
|
|
bb0ded |
Requires: cracklib-dicts
|
|
|
bb0ded |
# NDR libraries are internal in Samba and change with version without changing SONAME
|
|
|
bb0ded |
%ipa_requires_gt samba-client-libs
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-server = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-server
|
|
|
bb0ded |
Obsoletes: %{alt_name}-server < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
|
|
|
bb0ded |
# entire SELinux policy is stored in the system policy
|
|
|
bb0ded |
Obsoletes: freeipa-server-selinux < 3.3.0
|
|
|
bb0ded |
|
|
|
bb0ded |
# upgrade path from monolithic -server to -server + -server-dns
|
|
|
bb0ded |
Obsoletes: %{name}-server <= 4.2.0
|
|
|
bb0ded |
|
|
|
bb0ded |
# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
|
|
|
bb0ded |
# member.
|
|
|
bb0ded |
Conflicts: nss-pam-ldapd < 0.8.4
|
|
|
bb0ded |
|
|
|
bb0ded |
# RHEL spec file only: START: Do not build tests
|
|
|
bb0ded |
%if 0%{?rhel} == 8
|
|
|
bb0ded |
# ipa-tests subpackage was moved to separate srpm
|
|
|
bb0ded |
Conflicts: ipa-tests < 3.3.3-9
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
# RHEL spec file only: END: Do not build tests
|
|
|
bb0ded |
|
|
|
bb0ded |
%description server
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If you are installing an IPA server, you need to install this package.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package -n python3-ipaserver
|
|
|
bb0ded |
Summary: Python libraries used by IPA server
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
%{?python_provide:%python_provide python3-ipaserver}
|
|
|
bb0ded |
Requires: %{name}-server-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: %{name}-common = %{version}-%{release}
|
|
|
bb0ded |
# we need pre-requires since earlier versions may break upgrade
|
|
|
bb0ded |
Requires(pre): python3-ldap >= %{python_ldap_version}
|
|
|
bb0ded |
Requires: python3-augeas
|
|
|
bb0ded |
Requires: augeas-libs >= %{augeas_version}
|
|
|
bb0ded |
Requires: python3-dbus
|
|
|
bb0ded |
Requires: python3-dns >= 1.15
|
|
|
bb0ded |
Requires: python3-gssapi >= 1.2.0
|
|
|
bb0ded |
Requires: python3-ipaclient = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-kdcproxy >= %{kdcproxy_version}
|
|
|
bb0ded |
Requires: python3-lxml
|
|
|
bb0ded |
Requires: python3-pki >= %{pki_version}
|
|
|
bb0ded |
Requires: python3-pyasn1 >= 0.3.2-2
|
|
|
bb0ded |
Requires: python3-sssdconfig >= %{sssd_version}
|
|
|
bb0ded |
Requires: python3-psutil
|
|
|
bb0ded |
Requires: rpm-libs
|
|
|
bb0ded |
# Indirect dependency: use newer urllib3 with TLS 1.3 PHA support
|
|
|
bb0ded |
%if 0%{?rhel}
|
|
|
bb0ded |
Requires: python3-urllib3 >= 1.24.2-3
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
Requires: python3-urllib3 >= 1.25.7
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%description -n python3-ipaserver
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If you are installing an IPA server, you need to install this package.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package server-common
|
|
|
bb0ded |
Summary: Common files used by IPA server
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: httpd >= %{httpd_version}
|
|
|
bb0ded |
Requires: systemd-units >= %{systemd_version}
|
|
|
bb0ded |
%if 0%{?rhel} >= 8 && ! 0%{?eln}
|
|
|
bb0ded |
Requires: system-logos-ipa >= 80.4
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-server-common = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-server-common
|
|
|
bb0ded |
Obsoletes: %{alt_name}-server-common < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
%description server-common
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If you are installing an IPA server, you need to install this package.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package server-dns
|
|
|
bb0ded |
Summary: IPA integrated DNS server with support for automatic DNSSEC signing
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
Requires: %{name}-server = %{version}-%{release}
|
|
|
bb0ded |
Requires: bind-dyndb-ldap >= 11.2-2
|
|
|
bb0ded |
Requires: bind >= %{bind_version}
|
|
|
bb0ded |
Requires: bind-utils >= %{bind_version}
|
|
|
bb0ded |
# bind-dnssec-utils is required by the OpenDNSSec integration
|
|
|
bb0ded |
# https://pagure.io/freeipa/issue/9026
|
|
|
bb0ded |
Requires: bind-dnssec-utils >= %{bind_version}
|
|
|
bb0ded |
%if %{with bind_pkcs11}
|
|
|
bb0ded |
Requires: bind-pkcs11 >= %{bind_version}
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
Requires: softhsm >= %{softhsm_version}
|
|
|
bb0ded |
Requires: openssl-pkcs11 >= %{openssl_pkcs11_version}
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
# See https://bugzilla.redhat.com/show_bug.cgi?id=1825812
|
|
|
bb0ded |
# RHEL 8.3+ and Fedora 32+ have 2.1
|
|
|
bb0ded |
Requires: opendnssec >= 2.1.6-5
|
|
|
bb0ded |
%{?systemd_requires}
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-server-dns = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-server-dns
|
|
|
bb0ded |
Obsoletes: %{alt_name}-server-dns < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
# upgrade path from monolithic -server to -server + -server-dns
|
|
|
bb0ded |
Obsoletes: %{name}-server <= 4.2.0
|
|
|
bb0ded |
|
|
|
bb0ded |
%description server-dns
|
|
|
bb0ded |
IPA integrated DNS server with support for automatic DNSSEC signing.
|
|
|
bb0ded |
Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package server-trust-ad
|
|
|
bb0ded |
Summary: Virtual package to install packages required for Active Directory trusts
|
|
|
bb0ded |
Requires: %{name}-server = %{version}-%{release}
|
|
|
bb0ded |
Requires: %{name}-common = %{version}-%{release}
|
|
|
bb0ded |
|
|
|
bb0ded |
Requires: samba >= %{samba_version}
|
|
|
bb0ded |
Requires: samba-winbind
|
|
|
bb0ded |
Requires: sssd-winbind-idmap
|
|
|
8e1ca3 |
Requires: libsss_idmap
|
|
|
bb0ded |
%if 0%{?rhel}
|
|
|
bb0ded |
Obsoletes: ipa-idoverride-memberof-plugin <= 0.1
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
Requires(post): python3
|
|
|
bb0ded |
Requires: python3-samba
|
|
|
bb0ded |
Requires: python3-libsss_nss_idmap
|
|
|
bb0ded |
Requires: python3-sss
|
|
|
bb0ded |
|
|
|
bb0ded |
# We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5
|
|
|
bb0ded |
# on the installes where server-trust-ad subpackage is installed because
|
|
|
bb0ded |
# IPA AD trusts cannot be used at the same time with the locator plugin
|
|
|
bb0ded |
# since Winbindd will be configured in a different mode
|
|
|
bb0ded |
Requires(post): %{_sbindir}/update-alternatives
|
|
|
bb0ded |
Requires(postun): %{_sbindir}/update-alternatives
|
|
|
bb0ded |
Requires(preun): %{_sbindir}/update-alternatives
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-server-trust-ad = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-server-trust-ad
|
|
|
bb0ded |
Obsoletes: %{alt_name}-server-trust-ad < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
%description server-trust-ad
|
|
|
bb0ded |
Cross-realm trusts with Active Directory in IPA require working Samba 4
|
|
|
bb0ded |
installation. This package is provided for convenience to install all required
|
|
|
bb0ded |
dependencies at once.
|
|
|
bb0ded |
|
|
|
bb0ded |
# ONLY_CLIENT
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package client
|
|
|
bb0ded |
Summary: IPA authentication for use on clients
|
|
|
bb0ded |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: %{name}-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-gssapi >= 1.2.0-5
|
|
|
bb0ded |
Requires: python3-ipaclient = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-ldap >= %{python_ldap_version}
|
|
|
bb0ded |
Requires: python3-sssdconfig >= %{sssd_version}
|
|
|
bb0ded |
Requires: cyrus-sasl-gssapi%{?_isa}
|
|
|
bb0ded |
Requires: chrony
|
|
|
bb0ded |
Requires: krb5-workstation >= %{krb5_version}
|
|
|
bbecb6 |
# support pkinit with client install
|
|
|
bbecb6 |
Requires: krb5-pkinit-openssl >= %{krb5_version}
|
|
|
8e1ca3 |
# authselect: sssd profile with-subid
|
|
|
8e1ca3 |
%if 0%{?fedora} >= 36
|
|
|
8e1ca3 |
Requires: authselect >= 1.4.0
|
|
|
8e1ca3 |
%else
|
|
|
8e1ca3 |
Requires: authselect >= 1.2.5
|
|
|
8e1ca3 |
%endif
|
|
|
bb0ded |
Requires: curl
|
|
|
bb0ded |
# NIS domain name config: /usr/lib/systemd/system/*-domainname.service
|
|
|
bb0ded |
# All Fedora 28+ and RHEL8+ contain the service in hostname package
|
|
|
bb0ded |
Requires: hostname
|
|
|
bb0ded |
Requires: libcurl >= 7.21.7-2
|
|
|
bb0ded |
%if %{with ipa_join_xml}
|
|
|
bb0ded |
Requires: xmlrpc-c >= 1.27.4
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
Requires: jansson
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
Requires: sssd-ipa >= %{sssd_version}
|
|
|
8e1ca3 |
Requires: sssd-idp >= %{sssd_version}
|
|
|
bb0ded |
Requires: certmonger >= %{certmonger_version}
|
|
|
bb0ded |
Requires: nss-tools >= %{nss_version}
|
|
|
bb0ded |
Requires: bind-utils
|
|
|
bb0ded |
Requires: oddjob-mkhomedir
|
|
|
bb0ded |
Requires: libsss_autofs
|
|
|
bb0ded |
Requires: autofs
|
|
|
bb0ded |
Requires: libnfsidmap
|
|
|
bb0ded |
Requires: nfs-utils
|
|
|
bb0ded |
Requires: sssd-tools >= %{sssd_version}
|
|
|
bb0ded |
Requires(post): policycoreutils
|
|
|
bb0ded |
|
|
|
bb0ded |
# https://pagure.io/freeipa/issue/8530
|
|
|
bb0ded |
Recommends: libsss_sudo
|
|
|
bb0ded |
Recommends: sudo
|
|
|
bb0ded |
Requires: (libsss_sudo if sudo)
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-client = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-client
|
|
|
bb0ded |
Obsoletes: %{alt_name}-client < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-admintools = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-admintools
|
|
|
bb0ded |
Obsoletes: %{alt_name}-admintools < 4.4.1
|
|
|
bb0ded |
|
|
|
bb0ded |
Obsoletes: %{name}-admintools < 4.4.1
|
|
|
bb0ded |
Provides: %{name}-admintools = %{version}-%{release}
|
|
|
bb0ded |
|
|
|
bb0ded |
%if 0%{?rhel} == 8
|
|
|
bb0ded |
# Conflict with crypto-policies < 20200629-1 to get AD-SUPPORT policy module
|
|
|
bb0ded |
Conflicts: crypto-policies < 20200629-1
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%if 0%{?rhel} == 9
|
|
|
bb0ded |
# Conflict with crypto-policies < 20220223-1 to get upgraded AD-SUPPORT and
|
|
|
bb0ded |
# AD-SUPPORT-LEGACY policy modules
|
|
|
bb0ded |
Conflicts: crypto-policies < 20220223-1
|
|
|
8e1ca3 |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%description client
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If your network uses IPA for authentication, this package should be
|
|
|
bb0ded |
installed on every client machine.
|
|
|
bb0ded |
This package provides command-line tools for IPA administrators.
|
|
|
bb0ded |
|
|
|
bb0ded |
%package client-samba
|
|
|
bb0ded |
Summary: Tools to configure Samba on IPA client
|
|
|
bb0ded |
Group: System Environment/Base
|
|
|
bb0ded |
Requires: %{name}-client = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-samba
|
|
|
bb0ded |
Requires: samba-client
|
|
|
bb0ded |
Requires: samba-winbind
|
|
|
bb0ded |
Requires: samba-common-tools
|
|
|
bb0ded |
Requires: samba
|
|
|
bb0ded |
Requires: sssd-winbind-idmap
|
|
|
bb0ded |
Requires: tdb-tools
|
|
|
bb0ded |
Requires: cifs-utils
|
|
|
bb0ded |
|
|
|
bb0ded |
%description client-samba
|
|
|
bb0ded |
This package provides command-line tools to deploy Samba domain member
|
|
|
bb0ded |
on the machine enrolled into a FreeIPA environment
|
|
|
bb0ded |
|
|
|
bb0ded |
%package client-epn
|
|
|
bb0ded |
Summary: Tools to configure Expiring Password Notification in IPA
|
|
|
bb0ded |
Group: System Environment/Base
|
|
|
bb0ded |
Requires: %{name}-client = %{version}-%{release}
|
|
|
bb0ded |
Requires: systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(post): systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(preun): systemd-units >= %{systemd_version}
|
|
|
bb0ded |
Requires(postun): systemd-units >= %{systemd_version}
|
|
|
bb0ded |
|
|
|
bb0ded |
%description client-epn
|
|
|
bb0ded |
This package provides a service to collect and send expiring password
|
|
|
bb0ded |
notifications via email (SMTP).
|
|
|
bb0ded |
|
|
|
bb0ded |
%package -n python3-ipaclient
|
|
|
bb0ded |
Summary: Python libraries used by IPA client
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
%{?python_provide:%python_provide python3-ipaclient}
|
|
|
bb0ded |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: %{name}-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-ipalib = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-augeas
|
|
|
bb0ded |
Requires: augeas-libs >= %{augeas_version}
|
|
|
bb0ded |
Requires: python3-dns >= 1.15
|
|
|
bb0ded |
Requires: python3-jinja2
|
|
|
bb0ded |
|
|
|
bb0ded |
%description -n python3-ipaclient
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If your network uses IPA for authentication, this package should be
|
|
|
bb0ded |
installed on every client machine.
|
|
|
bb0ded |
|
|
|
bb0ded |
%package client-common
|
|
|
bb0ded |
Summary: Common files used by IPA client
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-client-common = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-client-common
|
|
|
bb0ded |
Obsoletes: %{alt_name}-client-common < %{version}
|
|
|
bb0ded |
# python2-ipa* packages are no longer available in 4.8.
|
|
|
bb0ded |
Obsoletes: python2-ipaclient < 4.8.0-1
|
|
|
bb0ded |
Obsoletes: python2-ipalib < 4.8.0-1
|
|
|
bb0ded |
Obsoletes: python2-ipaserver < 4.8.0-1
|
|
|
bb0ded |
Obsoletes: python2-ipatests < 4.8.0-1
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%description client-common
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If your network uses IPA for authentication, this package should be
|
|
|
bb0ded |
installed on every client machine.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package python-compat
|
|
|
bb0ded |
Summary: Compatiblity package for Python libraries used by IPA
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
Obsoletes: %{name}-python < 4.2.91
|
|
|
bb0ded |
Provides: %{name}-python = %{version}-%{release}
|
|
|
bb0ded |
Requires: %{name}-common = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-ipalib = %{version}-%{release}
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-python-compat = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-python-compat
|
|
|
bb0ded |
Obsoletes: %{alt_name}-python-compat < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
Obsoletes: %{alt_name}-python < 4.2.91
|
|
|
bb0ded |
Provides: %{alt_name}-python = %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
%description python-compat
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
This is a compatibility package to accommodate %{name}-python split into
|
|
|
bb0ded |
python3-ipalib and %{name}-common. Packages still depending on
|
|
|
bb0ded |
%{name}-python should be fixed to depend on python2-ipaclient or
|
|
|
bb0ded |
%{name}-common instead.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package -n python3-ipalib
|
|
|
bb0ded |
Summary: Python3 libraries used by IPA
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
%{?python_provide:%python_provide python3-ipalib}
|
|
|
bb0ded |
Provides: python3-ipapython = %{version}-%{release}
|
|
|
bb0ded |
%{?python_provide:%python_provide python3-ipapython}
|
|
|
bb0ded |
Provides: python3-ipaplatform = %{version}-%{release}
|
|
|
bb0ded |
%{?python_provide:%python_provide python3-ipaplatform}
|
|
|
bb0ded |
Requires: %{name}-common = %{version}-%{release}
|
|
|
bb0ded |
# we need pre-requires since earlier versions may break upgrade
|
|
|
bb0ded |
Requires(pre): python3-ldap >= %{python_ldap_version}
|
|
|
bb0ded |
Requires: gnupg2
|
|
|
bb0ded |
Requires: keyutils
|
|
|
bb0ded |
Requires: python3-cffi
|
|
|
bb0ded |
Requires: python3-cryptography >= 1.6
|
|
|
bb0ded |
Requires: python3-dateutil
|
|
|
bb0ded |
Requires: python3-dbus
|
|
|
bb0ded |
Requires: python3-dns >= 1.15
|
|
|
bb0ded |
Requires: python3-gssapi >= 1.2.0
|
|
|
bb0ded |
Requires: python3-jwcrypto >= 0.4.2
|
|
|
bb0ded |
Requires: python3-libipa_hbac
|
|
|
bb0ded |
Requires: python3-netaddr >= %{python_netaddr_version}
|
|
|
bb0ded |
Requires: python3-netifaces >= 0.10.4
|
|
|
bb0ded |
Requires: python3-pyasn1 >= 0.3.2-2
|
|
|
bb0ded |
Requires: python3-pyasn1-modules >= 0.3.2-2
|
|
|
bb0ded |
Requires: python3-pyusb
|
|
|
bb0ded |
Requires: python3-qrcode-core >= 5.0.0
|
|
|
bb0ded |
Requires: python3-requests
|
|
|
bb0ded |
Requires: python3-six
|
|
|
bb0ded |
Requires: python3-sss-murmur
|
|
|
bb0ded |
Requires: python3-yubico >= 1.3.2-7
|
|
|
bb0ded |
%if 0%{?rhel} && 0%{?rhel} == 8
|
|
|
bb0ded |
Requires: platform-python-setuptools
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
Requires: python3-setuptools
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%description -n python3-ipalib
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If you are using IPA with Python 3, you need to install this package.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%package common
|
|
|
bb0ded |
Summary: Common files used by IPA
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
Conflicts: %{name}-python < 4.2.91
|
|
|
bb0ded |
|
|
|
bb0ded |
Provides: %{alt_name}-common = %{version}
|
|
|
bb0ded |
Conflicts: %{alt_name}-common
|
|
|
bb0ded |
Obsoletes: %{alt_name}-common < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
Conflicts: %{alt_name}-python < %{version}
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with selinux}
|
|
|
bb0ded |
# This ensures that the *-selinux package and all it’s dependencies are not
|
|
|
bb0ded |
# pulled into containers and other systems that do not use SELinux. The
|
|
|
bb0ded |
# policy defines types and file contexts for client and server.
|
|
|
bb0ded |
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%description common
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
If you are using IPA, you need to install this package.
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with ipatests}
|
|
|
bb0ded |
|
|
|
bb0ded |
%package -n python3-ipatests
|
|
|
bb0ded |
Summary: IPA tests and test tools
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
%{?python_provide:%python_provide python3-ipatests}
|
|
|
bb0ded |
Requires: python3-ipaclient = %{version}-%{release}
|
|
|
bb0ded |
Requires: python3-ipaserver = %{version}-%{release}
|
|
|
bb0ded |
Requires: iptables
|
|
|
bb0ded |
Requires: python3-cryptography >= 1.6
|
|
|
bb0ded |
%if 0%{?fedora}
|
|
|
bb0ded |
# These packages do not exist on RHEL and for ipatests use
|
|
|
bb0ded |
# they are installed on the controller through other means
|
|
|
bb0ded |
Requires: ldns-utils
|
|
|
bb0ded |
Requires: python3-pexpect
|
|
|
bb0ded |
# update-crypto-policies
|
|
|
bb0ded |
Requires: crypto-policies-scripts
|
|
|
bb0ded |
Requires: python3-polib
|
|
|
bb0ded |
Requires: python3-pytest >= 3.9.1
|
|
|
bb0ded |
Requires: python3-pytest-multihost >= 0.5
|
|
|
bb0ded |
Requires: python3-pytest-sourceorder
|
|
|
bb0ded |
Requires: sshpass
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
Requires: python3-sssdconfig >= %{sssd_version}
|
|
|
bb0ded |
Requires: tar
|
|
|
bb0ded |
Requires: xz
|
|
|
bb0ded |
Requires: openssh-clients
|
|
|
bb0ded |
%if 0%{?rhel}
|
|
|
bb0ded |
AutoReqProv: no
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%description -n python3-ipatests
|
|
|
bb0ded |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
bb0ded |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
bb0ded |
(host access control, SELinux user roles, services). The solution provides
|
|
|
bb0ded |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
bb0ded |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
bb0ded |
This package contains tests that verify IPA functionality under Python 3.
|
|
|
bb0ded |
|
|
|
bb0ded |
# with ipatests
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with selinux}
|
|
|
bb0ded |
# SELinux subpackage
|
|
|
bb0ded |
%package selinux
|
|
|
bb0ded |
Summary: FreeIPA SELinux policy
|
|
|
bb0ded |
BuildArch: noarch
|
|
|
bb0ded |
Requires: selinux-policy-%{selinuxtype}
|
|
|
bb0ded |
Requires(post): selinux-policy-%{selinuxtype}
|
|
|
bb0ded |
%{?selinux_requires}
|
|
|
bb0ded |
|
|
|
bb0ded |
%description selinux
|
|
|
bb0ded |
Custom SELinux policy module for FreeIPA
|
|
|
bb0ded |
# with selinux
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%prep
|
|
|
bbecb6 |
%autosetup -n freeipa-%{version}%{?rc_version} -N -p1
|
|
|
bb0ded |
|
|
|
bb0ded |
# To allow proper application patches to the stripped po files, strip originals
|
|
|
bb0ded |
pushd po
|
|
|
bb0ded |
for i in *.po ; do
|
|
|
bb0ded |
msgattrib --translated --no-fuzzy --no-location -s $i > $i.tmp || exit 1
|
|
|
bb0ded |
mv $i.tmp $i || exit 1
|
|
|
bb0ded |
done
|
|
|
bb0ded |
popd
|
|
|
bb0ded |
|
|
|
bbecb6 |
%autopatch -p1
|
|
|
bb0ded |
|
|
|
bb0ded |
%build
|
|
|
bb0ded |
# PATH is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1005235
|
|
|
bb0ded |
export PATH=/usr/bin:/usr/sbin:$PATH
|
|
|
bb0ded |
|
|
|
bb0ded |
export PYTHON=%{__python3}
|
|
|
bb0ded |
autoreconf -ivf
|
|
|
bb0ded |
%configure --with-vendor-suffix=-%{release} \
|
|
|
bb0ded |
%{enable_server_option} \
|
|
|
bb0ded |
%{with_ipatests_option} \
|
|
|
bb0ded |
%{with_ipa_join_xml_option} \
|
|
|
bb0ded |
%{linter_options}
|
|
|
bb0ded |
|
|
|
bb0ded |
# run build in default dir
|
|
|
bb0ded |
# -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405
|
|
|
bb0ded |
%make_build -Onone
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%check
|
|
|
bb0ded |
make %{?_smp_mflags} check VERBOSE=yes LIBDIR=%{_libdir}
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%install
|
|
|
bb0ded |
# Please put as much logic as possible into make install. It allows:
|
|
|
bb0ded |
# - easier porting to other distributions
|
|
|
bb0ded |
# - rapid devel & install cycle using make install
|
|
|
bb0ded |
# (instead of full RPM build and installation each time)
|
|
|
bb0ded |
#
|
|
|
bb0ded |
# All files and directories created by spec install should be marked as ghost.
|
|
|
bb0ded |
# (These are typically configuration files created by IPA installer.)
|
|
|
bb0ded |
# All other artifacts should be created by make install.
|
|
|
bb0ded |
|
|
|
bb0ded |
%make_install
|
|
|
bb0ded |
|
|
|
bb0ded |
# don't package ipasphinx for now
|
|
|
bb0ded |
rm -rf %{buildroot}%{python3_sitelib}/ipasphinx*
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with ipatests}
|
|
|
bb0ded |
mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version}
|
|
|
bb0ded |
mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version}
|
|
|
bb0ded |
mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version}
|
|
|
bb0ded |
ln -rs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3
|
|
|
bb0ded |
ln -rs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3
|
|
|
bb0ded |
ln -rs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3
|
|
|
bb0ded |
ln -frs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests
|
|
|
bb0ded |
ln -frs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config
|
|
|
bb0ded |
ln -frs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task
|
|
|
bb0ded |
# with_ipatests
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
# remove files which are useful only for make uninstall
|
|
|
bb0ded |
find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;
|
|
|
bb0ded |
|
|
|
bb0ded |
%if 0%{?rhel}
|
|
|
bb0ded |
# RHEL spec file only: START
|
|
|
bb0ded |
# Moved branding logos and background to redhat-logos-ipa-80.4:
|
|
|
bb0ded |
# header-logo.png, login-screen-background.jpg, login-screen-logo.png,
|
|
|
bb0ded |
# product-name.png
|
|
|
bb0ded |
rm -f %{buildroot}%{_usr}/share/ipa/ui/images/header-logo.png
|
|
|
bb0ded |
rm -f %{buildroot}%{_usr}/share/ipa/ui/images/login-screen-background.jpg
|
|
|
bb0ded |
rm -f %{buildroot}%{_usr}/share/ipa/ui/images/login-screen-logo.png
|
|
|
bb0ded |
rm -f %{buildroot}%{_usr}/share/ipa/ui/images/product-name.png
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
# RHEL spec file only: END
|
|
|
bb0ded |
|
|
|
bb0ded |
%find_lang %{gettext_domain}
|
|
|
bb0ded |
|
|
|
bb0ded |
%if ! %{ONLY_CLIENT}
|
|
|
bb0ded |
# Remove .la files from libtool - we don't want to package
|
|
|
bb0ded |
# these files
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_enrollment_extop.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_winsync.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_repl_version.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_uuid.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_modrdn.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_lockout.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_cldap.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_dns.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_sidgen.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_sidgen_task.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_extdom_extop.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_range_check.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_otp_counter.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libipa_otp_lasttoken.la
|
|
|
8e1ca3 |
rm %{buildroot}/%{plugin_dir}/libipa_graceperiod.la
|
|
|
bb0ded |
rm %{buildroot}/%{plugin_dir}/libtopology.la
|
|
|
bb0ded |
rm %{buildroot}/%{_libdir}/krb5/plugins/kdb/ipadb.la
|
|
|
bb0ded |
rm %{buildroot}/%{_libdir}/samba/pdb/ipasam.la
|
|
|
bb0ded |
|
|
|
bb0ded |
# So we can own our Apache configuration
|
|
|
bb0ded |
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con
|
|
|
bb0ded |
|
|
|
bb0ded |
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
|
|
|
bb0ded |
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|
|
bb0ded |
|
|
|
bb0ded |
# ONLY_CLIENT
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf
|
|
|
bb0ded |
/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt
|
|
|
bb0ded |
|
|
|
bb0ded |
%if ! %{ONLY_CLIENT}
|
|
|
bb0ded |
mkdir -p %{buildroot}%{_sysconfdir}/cron.d
|
|
|
bb0ded |
# ONLY_CLIENT
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%if ! %{ONLY_CLIENT}
|
|
|
bb0ded |
|
|
|
bb0ded |
%post server
|
|
|
bb0ded |
# NOTE: systemd specific section
|
|
|
bb0ded |
/bin/systemctl --system daemon-reload 2>&1 || :
|
|
|
bb0ded |
# END
|
|
|
bb0ded |
if [ $1 -gt 1 ] ; then
|
|
|
bb0ded |
/bin/systemctl condrestart certmonger.service 2>&1 || :
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart dbus
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
bb0ded |
|
|
|
bb0ded |
%tmpfiles_create ipa.conf
|
|
|
bb0ded |
|
|
|
bb0ded |
%posttrans server
|
|
|
bb0ded |
# don't execute upgrade and restart of IPA when server is not installed
|
|
|
bb0ded |
%{__python3} -c "import sys; from ipalib import facts; sys.exit(0 if facts.is_ipa_configured() else 1);" > /dev/null 2>&1
|
|
|
bb0ded |
|
|
|
bb0ded |
if [ $? -eq 0 ]; then
|
|
|
bb0ded |
# This is necessary for Fedora system upgrades which by default
|
|
|
bb0ded |
# work with the network being offline
|
|
|
bb0ded |
/bin/systemctl start network-online.target
|
|
|
bb0ded |
|
|
|
bb0ded |
# Restart IPA processes. This must be also run in postrans so that plugins
|
|
|
bb0ded |
# and software is in consistent state. This will also perform the
|
|
|
bb0ded |
# system upgrade.
|
|
|
bb0ded |
# NOTE: systemd specific section
|
|
|
bb0ded |
|
|
|
bb0ded |
/bin/systemctl is-enabled ipa.service >/dev/null 2>&1
|
|
|
bb0ded |
if [ $? -eq 0 ]; then
|
|
|
bb0ded |
/bin/systemctl restart ipa.service >/dev/null
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
/bin/systemctl is-enabled ipa-ccache-sweep.timer >/dev/null 2>&1
|
|
|
bb0ded |
if [ $? -eq 1 ]; then
|
|
|
bb0ded |
/bin/systemctl enable ipa-ccache-sweep.timer>/dev/null
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
# END
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%preun server
|
|
|
bb0ded |
if [ $1 = 0 ]; then
|
|
|
bb0ded |
# NOTE: systemd specific section
|
|
|
bb0ded |
/bin/systemctl --quiet stop ipa.service || :
|
|
|
bb0ded |
/bin/systemctl --quiet disable ipa.service || :
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart dbus
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
bb0ded |
# END
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%pre server
|
|
|
bb0ded |
# Stop ipa_kpasswd if it exists before upgrading so we don't have a
|
|
|
bb0ded |
# zombie process when we're done.
|
|
|
bb0ded |
if [ -e /usr/sbin/ipa_kpasswd ]; then
|
|
|
bb0ded |
# NOTE: systemd specific section
|
|
|
bb0ded |
/bin/systemctl stop ipa_kpasswd.service >/dev/null 2>&1 || :
|
|
|
bb0ded |
# END
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%pre server-common
|
|
|
bb0ded |
# create users and groups
|
|
|
bb0ded |
# create kdcproxy group and user
|
|
|
bb0ded |
getent group kdcproxy >/dev/null || groupadd -f -r kdcproxy
|
|
|
bb0ded |
getent passwd kdcproxy >/dev/null || useradd -r -g kdcproxy -s /sbin/nologin -d / -c "IPA KDC Proxy User" kdcproxy
|
|
|
bb0ded |
# create ipaapi group and user
|
|
|
bb0ded |
getent group ipaapi >/dev/null || groupadd -f -r ipaapi
|
|
|
bb0ded |
getent passwd ipaapi >/dev/null || useradd -r -g ipaapi -s /sbin/nologin -d / -c "IPA Framework User" ipaapi
|
|
|
bb0ded |
# add apache to ipaaapi group
|
|
|
bb0ded |
id -Gn apache | grep '\bipaapi\b' >/dev/null || usermod apache -a -G ipaapi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%post server-dns
|
|
|
bb0ded |
%systemd_post ipa-dnskeysyncd.service ipa-ods-exporter.socket ipa-ods-exporter.service
|
|
|
bb0ded |
|
|
|
bb0ded |
%preun server-dns
|
|
|
bb0ded |
%systemd_preun ipa-dnskeysyncd.service ipa-ods-exporter.socket ipa-ods-exporter.service
|
|
|
bb0ded |
|
|
|
bb0ded |
%postun server-dns
|
|
|
bb0ded |
%systemd_postun ipa-dnskeysyncd.service ipa-ods-exporter.socket ipa-ods-exporter.service
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%postun server-trust-ad
|
|
|
bb0ded |
if [ "$1" -ge "1" ]; then
|
|
|
bb0ded |
if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then
|
|
|
bb0ded |
%{_sbindir}/alternatives --set winbind_krb5_locator.so /dev/null
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%post server-trust-ad
|
|
|
bb0ded |
%{_sbindir}/update-alternatives --install %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \
|
|
|
bb0ded |
winbind_krb5_locator.so /dev/null 90
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart dbus
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%posttrans server-trust-ad
|
|
|
bb0ded |
%{__python3} -c "import sys; from ipalib import facts; sys.exit(0 if facts.is_ipa_configured() else 1);" > /dev/null 2>&1
|
|
|
bb0ded |
if [ $? -eq 0 ]; then
|
|
|
bb0ded |
# NOTE: systemd specific section
|
|
|
bb0ded |
/bin/systemctl try-restart httpd.service >/dev/null 2>&1 || :
|
|
|
bb0ded |
# END
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%preun server-trust-ad
|
|
|
bb0ded |
if [ $1 -eq 0 ]; then
|
|
|
bb0ded |
%{_sbindir}/update-alternatives --remove winbind_krb5_locator.so /dev/null
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart dbus
|
|
|
bb0ded |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
# ONLY_CLIENT
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%preun client-epn
|
|
|
bb0ded |
%systemd_preun ipa-epn.service
|
|
|
bb0ded |
%systemd_preun ipa-epn.timer
|
|
|
bb0ded |
|
|
|
bb0ded |
%postun client-epn
|
|
|
bb0ded |
%systemd_postun ipa-epn.service
|
|
|
bb0ded |
%systemd_postun ipa-epn.timer
|
|
|
bb0ded |
|
|
|
bb0ded |
%post client-epn
|
|
|
bb0ded |
%systemd_post ipa-epn.service
|
|
|
bb0ded |
%systemd_post ipa-epn.timer
|
|
|
bb0ded |
|
|
|
bb0ded |
%post client
|
|
|
bb0ded |
if [ $1 -gt 1 ] ; then
|
|
|
bb0ded |
# Has the client been configured?
|
|
|
bb0ded |
restore=0
|
|
|
bb0ded |
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
|
|
bb0ded |
|
|
|
bb0ded |
if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
|
|
|
bb0ded |
if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
|
|
|
bb0ded |
echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
|
|
|
bb0ded |
cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
|
|
|
bb0ded |
mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
if [ $restore -ge 2 ]; then
|
|
|
bb0ded |
if grep -E -q '\s*pkinit_anchors = FILE:/etc/ipa/ca.crt$' /etc/krb5.conf 2>/dev/null; then
|
|
|
bb0ded |
sed -E 's|(\s*)pkinit_anchors = FILE:/etc/ipa/ca.crt$|\1pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem\n\1pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem|' /etc/krb5.conf >/etc/krb5.conf.ipanew
|
|
|
bb0ded |
mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
|
|
|
bb0ded |
cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/kdc-ca-bundle.pem
|
|
|
bb0ded |
cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/ca-bundle.pem
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
%{__python3} -c 'from ipaclient.install.client import configure_krb5_snippet; configure_krb5_snippet()' >>/var/log/ipaupgrade.log 2>&1
|
|
|
bb0ded |
%{__python3} -c 'from ipaclient.install.client import update_ipa_nssdb; update_ipa_nssdb()' >>/var/log/ipaupgrade.log 2>&1
|
|
|
8e1ca3 |
chmod 0600 /var/log/ipaupgrade.log
|
|
|
bb0ded |
SSH_CLIENT_SYSTEM_CONF="/etc/ssh/ssh_config"
|
|
|
bb0ded |
if [ -f "$SSH_CLIENT_SYSTEM_CONF" ]; then
|
|
|
bb0ded |
sed -E --in-place=.orig 's/^(HostKeyAlgorithms ssh-rsa,ssh-dss)$/# disabled by ipa-client update\n# \1/' "$SSH_CLIENT_SYSTEM_CONF"
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with selinux}
|
|
|
bb0ded |
# SELinux contexts are saved so that only affected files can be
|
|
|
bb0ded |
# relabeled after the policy module installation
|
|
|
bb0ded |
%pre selinux
|
|
|
bb0ded |
%selinux_relabel_pre -s %{selinuxtype}
|
|
|
bb0ded |
|
|
|
bb0ded |
%post selinux
|
|
|
bb0ded |
semodule -d ipa_custodia &> /dev/null || true;
|
|
|
bb0ded |
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
|
|
|
bb0ded |
|
|
|
bb0ded |
%postun selinux
|
|
|
bb0ded |
if [ $1 -eq 0 ]; then
|
|
|
bb0ded |
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
|
|
|
bb0ded |
semodule -e ipa_custodia &> /dev/null || true;
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
%posttrans selinux
|
|
|
bb0ded |
%selinux_relabel_post -s %{selinuxtype}
|
|
|
bb0ded |
# with_selinux
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%triggerin client -- openssh-server < 8.2
|
|
|
bb0ded |
# Has the client been configured?
|
|
|
bb0ded |
restore=0
|
|
|
bb0ded |
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
|
|
bb0ded |
|
|
|
bb0ded |
if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
|
|
|
bb0ded |
if grep -E -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then
|
|
|
bb0ded |
sed -r '
|
|
|
bb0ded |
/^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
|
|
|
bb0ded |
' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew
|
|
|
bb0ded |
|
|
|
bb0ded |
if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody' 2>/dev/null; then
|
|
|
bb0ded |
sed -ri '
|
|
|
bb0ded |
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
|
|
|
bb0ded |
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
|
|
|
bb0ded |
' /etc/ssh/sshd_config.ipanew
|
|
|
bb0ded |
elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody' 2>/dev/null; then
|
|
|
bb0ded |
sed -ri '
|
|
|
bb0ded |
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
|
|
|
bb0ded |
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
|
|
|
bb0ded |
' /etc/ssh/sshd_config.ipanew
|
|
|
bb0ded |
elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody' 2>/dev/null; then
|
|
|
bb0ded |
sed -ri '
|
|
|
bb0ded |
s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/
|
|
|
bb0ded |
s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
|
|
|
bb0ded |
' /etc/ssh/sshd_config.ipanew
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
mv -Z /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
|
|
|
bb0ded |
chmod 600 /etc/ssh/sshd_config
|
|
|
bb0ded |
|
|
|
bb0ded |
/bin/systemctl condrestart sshd.service 2>&1 || :
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%triggerin client -- openssh-server >= 8.2
|
|
|
bb0ded |
# Has the client been configured?
|
|
|
bb0ded |
restore=0
|
|
|
bb0ded |
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
|
|
bb0ded |
|
|
|
bb0ded |
if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
|
|
|
bb0ded |
# If the snippet already exists, skip
|
|
|
bb0ded |
if [ ! -f '/etc/ssh/sshd_config.d/04-ipa.conf' ]; then
|
|
|
bb0ded |
# Take the values from /etc/ssh/sshd_config and put them in 04-ipa.conf
|
|
|
bb0ded |
grep -E '^(PubkeyAuthentication|KerberosAuthentication|GSSAPIAuthentication|UsePAM|ChallengeResponseAuthentication|AuthorizedKeysCommand|AuthorizedKeysCommandUser)' /etc/ssh/sshd_config 2>/dev/null > /etc/ssh/sshd_config.d/04-ipa.conf
|
|
|
bb0ded |
# Remove the values from sshd_conf
|
|
|
bb0ded |
sed -ri '
|
|
|
bb0ded |
/^(PubkeyAuthentication|KerberosAuthentication|GSSAPIAuthentication|UsePAM|ChallengeResponseAuthentication|AuthorizedKeysCommand|AuthorizedKeysCommandUser)[ \t]/ d
|
|
|
bb0ded |
' /etc/ssh/sshd_config
|
|
|
bb0ded |
|
|
|
bb0ded |
/bin/systemctl condrestart sshd.service 2>&1 || :
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
# If the snippet has been created, ensure that it is included
|
|
|
bb0ded |
# either by /etc/ssh/sshd_config.d/*.conf or directly
|
|
|
bb0ded |
if [ -f '/etc/ssh/sshd_config.d/04-ipa.conf' ]; then
|
|
|
bb0ded |
if ! grep -E -q '^\s*Include\s*/etc/ssh/sshd_config.d/\*\.conf' /etc/ssh/sshd_config 2> /dev/null ; then
|
|
|
bb0ded |
if ! grep -E -q '^\s*Include\s*/etc/ssh/sshd_config.d/04-ipa\.conf' /etc/ssh/sshd_config 2> /dev/null ; then
|
|
|
bb0ded |
# Include the snippet
|
|
|
bb0ded |
echo "Include /etc/ssh/sshd_config.d/04-ipa.conf" > /etc/ssh/sshd_config.ipanew
|
|
|
bb0ded |
cat /etc/ssh/sshd_config >> /etc/ssh/sshd_config.ipanew
|
|
|
bb0ded |
mv -fZ --backup=existing --suffix .ipaold /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
fi
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%if ! %{ONLY_CLIENT}
|
|
|
bb0ded |
|
|
|
bb0ded |
%files server
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%{_sbindir}/ipa-backup
|
|
|
bb0ded |
%{_sbindir}/ipa-restore
|
|
|
bb0ded |
%{_sbindir}/ipa-ca-install
|
|
|
bb0ded |
%{_sbindir}/ipa-kra-install
|
|
|
bb0ded |
%{_sbindir}/ipa-server-install
|
|
|
bb0ded |
%{_sbindir}/ipa-replica-conncheck
|
|
|
bb0ded |
%{_sbindir}/ipa-replica-install
|
|
|
bb0ded |
%{_sbindir}/ipa-replica-manage
|
|
|
bb0ded |
%{_sbindir}/ipa-csreplica-manage
|
|
|
bb0ded |
%{_sbindir}/ipa-server-certinstall
|
|
|
bb0ded |
%{_sbindir}/ipa-server-upgrade
|
|
|
bb0ded |
%{_sbindir}/ipa-ldap-updater
|
|
|
bb0ded |
%{_sbindir}/ipa-otptoken-import
|
|
|
bb0ded |
%{_sbindir}/ipa-compat-manage
|
|
|
bb0ded |
%{_sbindir}/ipa-nis-manage
|
|
|
bb0ded |
%{_sbindir}/ipa-managed-entries
|
|
|
bb0ded |
%{_sbindir}/ipactl
|
|
|
bb0ded |
%{_sbindir}/ipa-advise
|
|
|
bb0ded |
%{_sbindir}/ipa-cacert-manage
|
|
|
bb0ded |
%{_sbindir}/ipa-winsync-migrate
|
|
|
bb0ded |
%{_sbindir}/ipa-pkinit-manage
|
|
|
bb0ded |
%{_sbindir}/ipa-crlgen-manage
|
|
|
bb0ded |
%{_sbindir}/ipa-cert-fix
|
|
|
bb0ded |
%{_sbindir}/ipa-acme-manage
|
|
|
bb0ded |
%{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
bb0ded |
%{_libexecdir}/certmonger/ipa-server-guard
|
|
|
bb0ded |
%dir %{_libexecdir}/ipa
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-ccache-sweeper
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-custodia
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-custodia-check
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-httpd-kdcproxy
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-httpd-pwdreader
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-pki-retrieve-key
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-pki-wait-running
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-otpd
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-print-pac
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-subids
|
|
|
bb0ded |
%dir %{_libexecdir}/ipa/custodia
|
|
|
bb0ded |
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-dmldap
|
|
|
bb0ded |
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat
|
|
|
bb0ded |
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat-wrapped
|
|
|
bb0ded |
%attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-ra-agent
|
|
|
bb0ded |
%dir %{_libexecdir}/ipa/oddjob
|
|
|
bb0ded |
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck
|
|
|
bb0ded |
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.trust-enable-agent
|
|
|
bb0ded |
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.config-enable-sid
|
|
|
bb0ded |
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf
|
|
|
bb0ded |
%config(noreplace) %{_sysconfdir}/oddjobd.conf.d/ipa-server.conf
|
|
|
bb0ded |
%dir %{_libexecdir}/ipa/certmonger
|
|
|
bb0ded |
%attr(755,root,root) %{_libexecdir}/ipa/certmonger/*
|
|
|
bb0ded |
# NOTE: systemd specific section
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa.service
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-otpd.socket
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-otpd@.service
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-ccache-sweep.service
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-ccache-sweep.timer
|
|
|
bb0ded |
# END
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_winsync.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_repl_version.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_uuid.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_lockout.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_dns.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_range_check.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_otp_counter.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_otp_lasttoken.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libtopology.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_sidgen.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_sidgen_task.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_extdom_extop.so
|
|
|
8e1ca3 |
%attr(755,root,root) %{plugin_dir}/libipa_graceperiod.so
|
|
|
bb0ded |
%attr(755,root,root) %{_libdir}/krb5/plugins/kdb/ipadb.so
|
|
|
bb0ded |
%{_mandir}/man1/ipa-replica-conncheck.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-replica-install.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-replica-manage.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-csreplica-manage.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-server-certinstall.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-server-install.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-server-upgrade.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-ca-install.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-kra-install.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-compat-manage.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-nis-manage.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-managed-entries.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-ldap-updater.1*
|
|
|
bb0ded |
%{_mandir}/man8/ipactl.8*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-backup.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-restore.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-advise.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-otptoken-import.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-cacert-manage.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-winsync-migrate.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-pkinit-manage.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-crlgen-manage.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-cert-fix.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-acme-manage.1*
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files -n python3-ipaserver
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%{python3_sitelib}/ipaserver
|
|
|
bb0ded |
%{python3_sitelib}/ipaserver-*.egg-info
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files server-common
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%ghost %verify(not owner group) %dir %{_sharedstatedir}/kdcproxy
|
|
|
bb0ded |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/kdcproxy
|
|
|
bb0ded |
%config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
|
|
|
bb0ded |
# NOTE: systemd specific section
|
|
|
bb0ded |
%{_tmpfilesdir}/ipa.conf
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-custodia.service
|
|
|
bb0ded |
%ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf
|
|
|
bb0ded |
# END
|
|
|
bb0ded |
%{_usr}/share/ipa/wsgi.py*
|
|
|
bb0ded |
%{_usr}/share/ipa/kdcproxy.wsgi
|
|
|
bb0ded |
%{_usr}/share/ipa/ipaca*.ini
|
|
|
bb0ded |
%{_usr}/share/ipa/*.ldif
|
|
|
bb0ded |
%exclude %{_datadir}/ipa/ipa-cldap-conf.ldif
|
|
|
bb0ded |
%{_usr}/share/ipa/*.uldif
|
|
|
bb0ded |
%{_usr}/share/ipa/*.template
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/advise
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/advise/legacy
|
|
|
bb0ded |
%{_usr}/share/ipa/advise/legacy/*.template
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/profiles
|
|
|
bb0ded |
%{_usr}/share/ipa/profiles/README
|
|
|
bb0ded |
%{_usr}/share/ipa/profiles/*.cfg
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/html
|
|
|
bb0ded |
%{_usr}/share/ipa/html/ssbrowser.html
|
|
|
bb0ded |
%{_usr}/share/ipa/html/unauthorized.html
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/migration
|
|
|
bb0ded |
%{_usr}/share/ipa/migration/index.html
|
|
|
bb0ded |
%{_usr}/share/ipa/migration/migration.py*
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/index.html
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/reset_password.html
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/sync_otp.html
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/*.ico
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/*.css
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui/css
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/css/*.css
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui/js
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui/js/dojo
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/js/dojo/dojo.js
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui/js/libs
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/js/libs/*.js
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui/js/freeipa
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/js/freeipa/app.js
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/js/freeipa/core.js
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui/js/plugins
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/ui/images
|
|
|
bb0ded |
%if 0%{?rhel}
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/images/facet-*.png
|
|
|
bb0ded |
# Moved branding logos and background to redhat-logos-ipa-80.4:
|
|
|
bb0ded |
# header-logo.png, login-screen-background.jpg, login-screen-logo.png,
|
|
|
bb0ded |
# product-name.png
|
|
|
bb0ded |
%else
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/images/*.jpg
|
|
|
bb0ded |
%{_usr}/share/ipa/ui/images/*.png
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/wsgi
|
|
|
bb0ded |
%{_usr}/share/ipa/wsgi/plugins.py*
|
|
|
bb0ded |
%dir %{_sysconfdir}/ipa
|
|
|
bb0ded |
%dir %{_sysconfdir}/ipa/html
|
|
|
bb0ded |
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
|
|
|
bb0ded |
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
|
|
bb0ded |
%ghost %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/ipa-kdc-proxy.conf
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
|
|
|
bb0ded |
%ghost %attr(0640,root,named) %config(noreplace) %{_sysconfdir}/named/ipa-ext.conf
|
|
|
bb0ded |
%ghost %attr(0640,root,named) %config(noreplace) %{_sysconfdir}/named/ipa-options-ext.conf
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krb.con
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krb5.ini
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krbrealm.con
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/updates/
|
|
|
bb0ded |
%{_usr}/share/ipa/updates/*
|
|
|
bb0ded |
%dir %{_localstatedir}/lib/ipa
|
|
|
bb0ded |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/backup
|
|
|
bb0ded |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/gssproxy
|
|
|
bb0ded |
%attr(711,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
|
|
|
bb0ded |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysupgrade
|
|
|
bb0ded |
%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/pki-ca
|
|
|
bb0ded |
%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/certs
|
|
|
bb0ded |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/private
|
|
|
bb0ded |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/passwds
|
|
|
bb0ded |
%ghost %attr(775,root,pkiuser) %{_localstatedir}/lib/ipa/pki-ca/publish
|
|
|
bb0ded |
%ghost %attr(770,named,named) %{_localstatedir}/named/dyndb-ldap/ipa
|
|
|
bb0ded |
%dir %attr(0700,root,root) %{_sysconfdir}/ipa/custodia
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/schema.d
|
|
|
bb0ded |
%attr(0644,root,root) %{_usr}/share/ipa/schema.d/README
|
|
|
bb0ded |
%attr(0644,root,root) %{_usr}/share/ipa/gssapi.login
|
|
|
bb0ded |
%{_usr}/share/ipa/ipakrb5.aug
|
|
|
bb0ded |
|
|
|
bb0ded |
%files server-dns
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
|
|
|
bb0ded |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
|
|
|
bb0ded |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/dnssec
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-dnskeysyncd
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-dnskeysync-replica
|
|
|
bb0ded |
%{_libexecdir}/ipa/ipa-ods-exporter
|
|
|
bb0ded |
%{_sbindir}/ipa-dns-install
|
|
|
bb0ded |
%{_mandir}/man1/ipa-dns-install.1*
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-dnskeysyncd.service
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.socket
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.service
|
|
|
bb0ded |
|
|
|
bb0ded |
%files server-trust-ad
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%{_sbindir}/ipa-adtrust-install
|
|
|
bb0ded |
%{_usr}/share/ipa/smb.conf.empty
|
|
|
bb0ded |
%attr(755,root,root) %{_libdir}/samba/pdb/ipasam.so
|
|
|
bb0ded |
%attr(755,root,root) %{plugin_dir}/libipa_cldap.so
|
|
|
bb0ded |
%{_datadir}/ipa/ipa-cldap-conf.ldif
|
|
|
bb0ded |
%{_mandir}/man1/ipa-adtrust-install.1*
|
|
|
bb0ded |
%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|
|
bb0ded |
%{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf
|
|
|
bb0ded |
%{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf
|
|
|
bb0ded |
%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains
|
|
|
bb0ded |
|
|
|
bb0ded |
# ONLY_CLIENT
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files client
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%{_sbindir}/ipa-client-install
|
|
|
bb0ded |
%{_sbindir}/ipa-client-automount
|
|
|
bb0ded |
%{_sbindir}/ipa-certupdate
|
|
|
bb0ded |
%{_sbindir}/ipa-getkeytab
|
|
|
bb0ded |
%{_sbindir}/ipa-rmkeytab
|
|
|
bb0ded |
%{_sbindir}/ipa-join
|
|
|
bb0ded |
%{_bindir}/ipa
|
|
|
bb0ded |
%config %{_sysconfdir}/bash_completion.d
|
|
|
bb0ded |
%config %{_sysconfdir}/sysconfig/certmonger
|
|
|
bb0ded |
%{_mandir}/man1/ipa.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-getkeytab.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-rmkeytab.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-client-install.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-client-automount.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-certupdate.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-join.1*
|
|
|
bb0ded |
%dir %{_libexecdir}/ipa/acme
|
|
|
bb0ded |
%{_libexecdir}/ipa/acme/certbot-dns-ipa
|
|
|
bb0ded |
|
|
|
bb0ded |
%files client-samba
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%{_sbindir}/ipa-client-samba
|
|
|
bb0ded |
%{_mandir}/man1/ipa-client-samba.1*
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files client-epn
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%dir %{_sysconfdir}/ipa/epn
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%{_sbindir}/ipa-epn
|
|
|
bb0ded |
%{_mandir}/man1/ipa-epn.1*
|
|
|
bb0ded |
%{_mandir}/man5/epn.conf.5*
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-epn.service
|
|
|
bb0ded |
%attr(644,root,root) %{_unitdir}/ipa-epn.timer
|
|
|
bb0ded |
%attr(600,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn.conf
|
|
|
bb0ded |
%attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn/expire_msg.template
|
|
|
bb0ded |
|
|
|
bb0ded |
%files -n python3-ipaclient
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%dir %{python3_sitelib}/ipaclient
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/*.py
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/__pycache__/*.py*
|
|
|
bb0ded |
%dir %{python3_sitelib}/ipaclient/install
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/install/*.py
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/install/__pycache__/*.py*
|
|
|
bb0ded |
%dir %{python3_sitelib}/ipaclient/plugins
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/plugins/*.py
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/plugins/__pycache__/*.py*
|
|
|
bb0ded |
%dir %{python3_sitelib}/ipaclient/remote_plugins
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/remote_plugins/*.py
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
|
|
|
bb0ded |
%dir %{python3_sitelib}/ipaclient/remote_plugins/2_*
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
|
|
|
bb0ded |
%{python3_sitelib}/ipaclient-*.egg-info
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files client-common
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/default.conf
|
|
|
bb0ded |
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
|
|
|
bb0ded |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb
|
|
|
bb0ded |
# old dbm format
|
|
|
bb0ded |
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db
|
|
|
bb0ded |
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db
|
|
|
bb0ded |
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
|
|
|
bb0ded |
# new sql format
|
|
|
bb0ded |
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert9.db
|
|
|
bb0ded |
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/key4.db
|
|
|
bb0ded |
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/pkcs11.txt
|
|
|
bb0ded |
%ghost %attr(600,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
|
|
|
bb0ded |
%ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
|
|
|
bb0ded |
%dir %{_localstatedir}/lib/ipa-client
|
|
|
bb0ded |
%dir %{_localstatedir}/lib/ipa-client/pki
|
|
|
bb0ded |
%dir %{_localstatedir}/lib/ipa-client/sysrestore
|
|
|
bb0ded |
%{_mandir}/man5/default.conf.5*
|
|
|
bb0ded |
%dir %{_usr}/share/ipa/client
|
|
|
bb0ded |
%{_usr}/share/ipa/client/*.template
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files python-compat
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files common -f %{gettext_domain}.lang
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%dir %{_usr}/share/ipa
|
|
|
bb0ded |
%dir %{_libexecdir}/ipa
|
|
|
bb0ded |
|
|
|
bb0ded |
%files -n python3-ipalib
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
|
|
|
bb0ded |
%{python3_sitelib}/ipapython/
|
|
|
bb0ded |
%{python3_sitelib}/ipalib/
|
|
|
bb0ded |
%{python3_sitelib}/ipaplatform/
|
|
|
bb0ded |
%{python3_sitelib}/ipapython-*.egg-info
|
|
|
bb0ded |
%{python3_sitelib}/ipalib-*.egg-info
|
|
|
bb0ded |
%{python3_sitelib}/ipaplatform-*.egg-info
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with ipatests}
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%files -n python3-ipatests
|
|
|
bb0ded |
%doc README.md Contributors.txt
|
|
|
bb0ded |
%license COPYING
|
|
|
bb0ded |
%{python3_sitelib}/ipatests
|
|
|
bb0ded |
%{python3_sitelib}/ipatests-*.egg-info
|
|
|
bb0ded |
%{_bindir}/ipa-run-tests-3
|
|
|
bb0ded |
%{_bindir}/ipa-test-config-3
|
|
|
bb0ded |
%{_bindir}/ipa-test-task-3
|
|
|
bb0ded |
%{_bindir}/ipa-run-tests-%{python3_version}
|
|
|
bb0ded |
%{_bindir}/ipa-test-config-%{python3_version}
|
|
|
bb0ded |
%{_bindir}/ipa-test-task-%{python3_version}
|
|
|
bb0ded |
%{_bindir}/ipa-run-tests
|
|
|
bb0ded |
%{_bindir}/ipa-test-config
|
|
|
bb0ded |
%{_bindir}/ipa-test-task
|
|
|
bb0ded |
%{_mandir}/man1/ipa-run-tests.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-test-config.1*
|
|
|
bb0ded |
%{_mandir}/man1/ipa-test-task.1*
|
|
|
bb0ded |
|
|
|
bb0ded |
# with ipatests
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
|
|
|
bb0ded |
%if %{with selinux}
|
|
|
bb0ded |
%files selinux
|
|
|
bb0ded |
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
|
|
|
bbecb6 |
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
|
|
bb0ded |
# with selinux
|
|
|
bb0ded |
%endif
|
|
|
bb0ded |
|
|
|
bb0ded |
%changelog
|
|
|
fe3b6d |
* Tue May 09 2023 CentOS Sources <bugs@centos.org> - 4.10.1-6.el9.centos
|
|
|
fe3b6d |
- Apply debranding changes
|
|
|
fe3b6d |
|
|
|
bbecb6 |
* Wed Feb 22 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-6
|
|
|
bbecb6 |
- Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests
|
|
|
bbecb6 |
|
|
|
bbecb6 |
* Mon Feb 13 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-5
|
|
|
bbecb6 |
- Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain
|
|
|
bbecb6 |
- Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work
|
|
|
bbecb6 |
- Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task
|
|
|
bbecb6 |
- Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command
|
|
|
bbecb6 |
|
|
|
bbecb6 |
* Mon Feb 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-4
|
|
|
bbecb6 |
- Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful
|
|
|
bbecb6 |
- Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range
|
|
|
bbecb6 |
- Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning
|
|
|
bbecb6 |
- Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests
|
|
|
bbecb6 |
|
|
|
bbecb6 |
* Wed Dec 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.10.1-3
|
|
|
bbecb6 |
- Rebuild against krb5 1.20.1 ABI
|
|
|
bbecb6 |
- Resolves: rhbz#2155425
|
|
|
bbecb6 |
|
|
|
bbecb6 |
* Fri Dec 9 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-2
|
|
|
bbecb6 |
- Resolves: rhbz#2148887 MemberManager with groups fails
|
|
|
bbecb6 |
- Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit
|
|
|
bbecb6 |
|
|
|
bbecb6 |
* Fri Nov 25 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-1
|
|
|
bbecb6 |
- Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2
|
|
|
bbecb6 |
- Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf
|
|
|
bbecb6 |
- Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (`REQ_FULL_WITH_MEMBERS` returns object from wrong domain)
|
|
|
bbecb6 |
- Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value
|
|
|
bbecb6 |
- Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password
|
|
|
bbecb6 |
- Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken
|
|
|
bbecb6 |
- Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation
|
|
|
bbecb6 |
- Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC
|
|
|
bbecb6 |
- Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers
|
|
|
bbecb6 |
- Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones
|
|
|
bbecb6 |
- Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality
|
|
|
170f38 |
|
|
|
84ae89 |
* Tue Oct 25 2022 Rafael Jeffman <rjeffman@redhat.com> - 4.10.0-7
|
|
|
84ae89 |
- Resolves: rhbz#2124547 Attempt to log in as "root" user with admin's password in Web UI does not properly fail
|
|
|
84ae89 |
- Resolves: rhbz#2137555 Attempt to log in as "root" user with admin's password in Web UI does not properly fail [rhel-9.1.0.z]
|
|
|
84ae89 |
|
|
|
8e1ca3 |
* Fri Aug 19 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-6
|
|
|
8e1ca3 |
- Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0
|
|
|
8e1ca3 |
- Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI
|
|
|
8e1ca3 |
- Resolves: rhbz#2115495 group password policy by default does not allow grace logins
|
|
|
8e1ca3 |
- Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower'
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Thu Jul 28 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-5
|
|
|
8e1ca3 |
- Resolves: rhbz#2109645
|
|
|
8e1ca3 |
- Rebuild for samba-4.16.3-101.el9
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Thu Jul 21 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-4
|
|
|
8e1ca3 |
- Resolves: rhbz#2109645
|
|
|
8e1ca3 |
- Rebuild for samba-4.16.3-100.el9
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Fri Jul 15 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-3
|
|
|
8e1ca3 |
- Resolves: rhbz#2105294 IdM WebUI Pagination Size should not allow empty value
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-2
|
|
|
8e1ca3 |
- Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-1
|
|
|
8e1ca3 |
- Resolves: rhbz#747959 [RFE] Support random serial numbers in IPA certificates
|
|
|
8e1ca3 |
- Resolves: rhbz#2100227 [UX] Preserving a user account produces output saying it was deleted
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Fri Jun 17 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.10-1
|
|
|
8e1ca3 |
- Resolves: rhbz#2079469 [Rebase] Rebase ipa to latest 4.9.x release
|
|
|
8e1ca3 |
- Resolves: rhbz#2012911 named journalctl logs shows 'zone testrealm.test/IN: serial (serialnumber) write back to LDAP failed.'
|
|
|
8e1ca3 |
- Resolves: rhbz#2069202 [RFE] add support for authenticating against external IdP services using OAUTH2 preauthenticaiton mechanism provided by SSSD
|
|
|
8e1ca3 |
- Resolves: rhbz#2083218 ipa-dnskeysyncd floods /var/log/messages with DEBUG messages
|
|
|
8e1ca3 |
- Resolves: rhbz#2089750 RFE: Improve error message with more detail for ipa-replica-install command
|
|
|
8e1ca3 |
- Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind
|
|
|
8e1ca3 |
- Resolves: rhbz#2094400 [RFE] ipa-client-install should provide option to enable subid: sss in /etc/nsswitch.conf
|
|
|
8e1ca3 |
- Resolves: rhbz#2096922 secret in ipa-pki-proxy.conf is not changed if new requiredSecret value is present in /etc/pki/pki-tomcat/server.xml
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Wed Apr 06 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-8
|
|
|
8e1ca3 |
- Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9
|
|
|
8e1ca3 |
- tests: ensure AD-SUPPORT subpolicy is active in more cases
|
|
|
8e1ca3 |
- ipatests: fix check for AD topology being present
|
|
|
8e1ca3 |
|
|
|
8e1ca3 |
* Thu Mar 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-7
|
|
|
8e1ca3 |
- Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9
|
|
|
bb0ded |
- KRB instance: make provision to work with crypto policy without SHA-1 HMAC types
|
|
|
bb0ded |
- tests: ensure AD-SUPPORT subpolicy is active
|
|
|
bb0ded |
- ipatests: extend AES keyset to SHA2-based ones
|
|
|
bb0ded |
- freeipa.spec: bump crypto-policies dependency for CentOS 9 Stream
|
|
|
bb0ded |
- Kerberos instance: default to AES256-SHA2 for master key encryption
|
|
|
bb0ded |
- test_otp: do not use paramiko unless it is really needed
|
|
|
bb0ded |
- test_krbtpolicy: skip SPAKE-related tests in FIPS mode
|
|
|
bb0ded |
- Support AES for KRA archival wrapping
|
|
|
bb0ded |
- Set AES as default for KRA archival wrapping
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-6
|
|
|
bb0ded |
- Resolves: rhbz#2057467 Backport latest test fixes in python3-ipatests
|
|
|
bb0ded |
- ipatests: Tests for Autoprivate group.
|
|
|
bb0ded |
- mark xfail for test_idoverride_with_auto_private_group[hybrid]
|
|
|
bb0ded |
- Mark xfail test_gidnumber_not_corresponding_existing_group[true,hybrid]
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-5
|
|
|
bb0ded |
- Resolves: rhbz#2053025
|
|
|
bb0ded |
- add IPA test suite fixes
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 14 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.8-4
|
|
|
bb0ded |
- Resolves: rhbz#2053586 IPA LDAP plugin ipa-cldap memory leak
|
|
|
bb0ded |
- fix memory leak in CLDAP responder
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Feb 11 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-3
|
|
|
bb0ded |
- Resolves: rhbz#2050540 Unable to join RHEL 8.5 Replica to RHEL 7.9 Master for migration purposes
|
|
|
bb0ded |
- Don't always override the port in import_included_profiles
|
|
|
bb0ded |
- Resolves: rhbz#2051582 Enable ipa-ccache-sweep.timer during server installation
|
|
|
bb0ded |
- Test ipa-ccache-sweep.timer enabled by default during installation
|
|
|
bb0ded |
- Enable the ccache sweep timer during installation
|
|
|
bb0ded |
- Resolves: rhbz#2051844 ipa-join tests are failing due to changes in expected output
|
|
|
bb0ded |
- Remove ipa-join errors from behind the debug option
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 03 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-2
|
|
|
bb0ded |
- Resolves: rhbz#2040619 - Changing default pac type to 'nfs:NONE and MS-PAC' doesnot display error 'ipa: ERROR: no modifications to be performed'
|
|
|
bb0ded |
- Config plugin: return EmptyModlist when no change is applied
|
|
|
bb0ded |
- config plugin: add a test ensuring EmptyModlist is returned
|
|
|
bb0ded |
- Resolves: rhbz#2048510 - [rhel-9.0] Backport latest test fixes in python3-ipatests
|
|
|
bb0ded |
- ipatests: webui: Tests for subordinate ids.
|
|
|
bb0ded |
- ipatests: webui: Use safe-loader for loading YAML configuration file
|
|
|
bb0ded |
- ipatests: Fix test_ipa_cert_fix.py::TestCertFixReplica teardown
|
|
|
bb0ded |
- Test cases for ipa-replica-conncheck command
|
|
|
bb0ded |
- PEP8 Fixes
|
|
|
bb0ded |
- ipatests: Test empty cert request doesn't force certmonger to segfault
|
|
|
bb0ded |
- ipatests: Test default value of nsslapd-sizelimit.
|
|
|
bb0ded |
- Extend test to see if replica is not shown when running `ipa-replica-manage list -v <FQDN>`
|
|
|
bb0ded |
- Added test automation for SHA384withRSA CSR support
|
|
|
bb0ded |
- Resolves: rhbz#2049104 - User can't log in after ipa-user-mod --user-auth-type=hardened
|
|
|
bb0ded |
- ipa-kdb: do not remove keys for hardened auth-enabled users
|
|
|
bb0ded |
- ipatests: add case for hardened-only ticket policy
|
|
|
bb0ded |
- Resolves: rhbz#2049174 - KRA GetStatus service blocked by IPA proxy
|
|
|
bb0ded |
- ipa-pki-proxy.conf: provide access to /kra/admin/kra/getStatus
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Dec 02 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-1
|
|
|
bb0ded |
- Resolves: rhbz#2015608 - [Rebase] Rebase ipa to latest 4.9.x release RHEL9
|
|
|
bb0ded |
- Resolves: rhbz#1825010 - Concerns regarding 'ipa pwpolicy-mod --minlife 24 --maxlife 1'
|
|
|
bb0ded |
- Resolves: rhbz#1966289 - Info about searchrecordslimit set search limit to 10,000 after upgrade
|
|
|
bb0ded |
- Resolves: rhbz#1980356 - reinstalling samba client causes winbindd coredump
|
|
|
bb0ded |
- Resolves: rhbz#1986054 - fix automountlocation-tofiles output
|
|
|
bb0ded |
- Resolves: rhbz#2020205 - Missing bind-pkcs11-utils causing failures in OpenDNSSec
|
|
|
bb0ded |
- Resolves: rhbz#2021445 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
|
|
|
bb0ded |
- ipa-kdb: issue PAC_REQUESTER_SID only for TGTs
|
|
|
bb0ded |
- ipa-kdb: fix requester SID check according to MS-KILE and MS-SFU updates
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 5 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-9
|
|
|
bb0ded |
- Resolves: rhbz#2010701 ipa-server-install fails while 'configuring certificate server instance'
|
|
|
bb0ded |
- Parse getStatus as JSON not XML
|
|
|
bb0ded |
- Parse cert chain as JSON not XML
|
|
|
bb0ded |
- Specify PKI installation log paths
|
|
|
bb0ded |
- Make Dogtag return XML for ipa cert-find
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Sep 17 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-8
|
|
|
bb0ded |
- Resolves: rhbz#2005864 ipa cert-request replaces user certificate instead of adding
|
|
|
bb0ded |
- Don't store entries with a usercertificate in the LDAP cache
|
|
|
bb0ded |
- ipatests: Test that a user can be issued multiple certificates
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Sep 10 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-7
|
|
|
bb0ded |
- Resolves: rhbz#2003005 AVC denied { read } comm="ipa-custodia" on aarch64 during installation of ipa-server
|
|
|
bb0ded |
- selinux policy: allow custodia to access /proc/cpuinfo
|
|
|
bb0ded |
- Resolves: rhbz#2003004 extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT
|
|
|
bb0ded |
- extdom: return LDAP_NO_SUCH_OBJECT if domains differ
|
|
|
bb0ded |
- Resolves: rhbz#2003003 subid: subid-match displays the DN of the owner, not its UID.
|
|
|
bb0ded |
- subid: subid-match: display the owner's ID not DN
|
|
|
bb0ded |
- Resolves: rhbz#2013116 ipa migrate-ds command fails to warn when compat plugin is enabled
|
|
|
bb0ded |
- migrate-ds: workaround to detect compat tree
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Aug 26 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-6
|
|
|
bb0ded |
- Resolves: rhbz#1998098 - Backport latest test fixes in python3-ipatests
|
|
|
bb0ded |
- ipatests: Test unsecure nsupdate.
|
|
|
bb0ded |
- ipatests: Fix TestAJPSecretUpgrade tests on systems without pkiuser
|
|
|
bb0ded |
- ipatests: test_ipahealthcheck: Verify permissions for /var/log/ files
|
|
|
bb0ded |
- ipatests: test to renew certs on replica using ipa-cert-fix
|
|
|
bb0ded |
- ipatests: wait while http/ldap/pkinit cert get renew on replica
|
|
|
bb0ded |
- ipatests: refactor test_ipa_cert_fix with tasks
|
|
|
bb0ded |
- ipatests: use whole date for journalctl --since
|
|
|
bb0ded |
* Tue Aug 17 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-5
|
|
|
bb0ded |
- Resolves: rhbz#1988383 Do SRV discovery in ipa-getkeytab if -s and -H aren't provided
|
|
|
bb0ded |
- ipa-getkeytab: add option to discover servers using DNS SRV
|
|
|
bb0ded |
- ipa-getkeytab: fix compiler warnings
|
|
|
bb0ded |
- ipatests: test ipa-getkeytab server option
|
|
|
bb0ded |
- Resolves: rhbz#1986329 ipa-server install failure without DNS
|
|
|
bb0ded |
- Fix ldapupdate.get_sub_dict() for missing named user
|
|
|
bb0ded |
- Resolves: rhbz#1980734 Remove python3-pexpect as dependency for ipatests pkg
|
|
|
bb0ded |
- freeipa.spec.in: remove python3-pexpect from Requires
|
|
|
bb0ded |
- Resolves: rhbz#1992538 Backport recent test fixes in python3-ipatests
|
|
|
bb0ded |
- ipatests: use whole date when calling journalctl --since
|
|
|
bb0ded |
- ipatests: Fix for test_source_ipahealthcheck_ipa_host_check_ipahostkeytab
|
|
|
bb0ded |
- ipatests: test_ipahealthcheck: print a message if a system is healthy
|
|
|
bb0ded |
- ipatests: test_installation: move tracking_reqs dependency to ipalib constants ipaserver: krainstance: utilize moved tracking_reqs dependency
|
|
|
bb0ded |
- webui tests: close notification when revoking cert
|
|
|
bb0ded |
- ipatests: Test ipa-cert-fix warns when startup directive is missing from CS.cfg
|
|
|
bb0ded |
- webui tests: fix algo for finding available idrange
|
|
|
bb0ded |
- ipatests: smbclient "-k" => "--use-kerberos=desired"
|
|
|
bb0ded |
- test_acme: refactor with tasks
|
|
|
bb0ded |
- test_acme: make password renewal more robust
|
|
|
bb0ded |
- tasks.py: fix flake8-reported issues
|
|
|
bb0ded |
- ipatests: Test for OTP when the LDAP connection timed out.
|
|
|
bb0ded |
- ipatests: verify that getcert output includes the issued date
|
|
|
bb0ded |
- ipatests: Look for warning into stderr instead of stdout
|
|
|
bb0ded |
- ipatests: use krb5_trace in TestIpaAdTrustInstall
|
|
|
bb0ded |
- ipatests: Test ldapsearch with base scope works with compat tree.
|
|
|
bb0ded |
- ipatests: skip test_basesearch_compat_tree on fedora.
|
|
|
bb0ded |
- ipatests: Refactor test_check_otpd_after_idle_timeout
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.9.6-4.1
|
|
|
bb0ded |
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
bb0ded |
Related: rhbz#1991688
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jul 23 2021 Rob Crittenden <rcritten@redhat.com> - 4.9.6-4
|
|
|
bb0ded |
- Use new method in check to prevent removal of last KRA (#1985072)
|
|
|
bb0ded |
- ipatests: NAMED_CRYPTO_POLICY_FILE not defined for RHEL (#1982952)
|
|
|
bb0ded |
- Fix index definition for memberOf (#1952028)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jul 15 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-3
|
|
|
bb0ded |
- Resolves: rhbz#1979629 Add checks to prevent assigning authentication indicators to internal IPA services
|
|
|
bb0ded |
- Resolves: rhbz#1982212 ipa-trust-add fails with "not enough quota"
|
|
|
bb0ded |
- Resolves: rhbz#1952028 [RFE] Add support for managing subuids and subgids in FreeIPA
|
|
|
bb0ded |
- Resolves: rhbz#1981789 [man page] contradiction in ipa-server-upgrade command's man page and usage
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jul 9 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-2
|
|
|
bb0ded |
- Resolves: rhbz#1955440 ipa installation fails to configure chrony
|
|
|
bb0ded |
- Resolves: rhbz#1976761 Package python3-ipatests (from CRB repo) Requires python3-coverage
|
|
|
bb0ded |
- Resolves: rhbz#1979609 Unable to set ipaUserAuthType with stageuser-add
|
|
|
bb0ded |
- Resolves: rhbz#1979629 Add checks to prevent assigning authentication indicators to internal IPA services
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jun 30 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.6-1
|
|
|
bb0ded |
- Resolves: rhbz#1969351 Rebase IPA to latest 4.9.x version
|
|
|
bb0ded |
- Resolves: rhbz#1976288 ansible-freeipa automember test fails with `automember_add_condition: testgroup: 'objectclass'` due to ldap cache
|
|
|
bb0ded |
- Resolves: rhbz#1975139 Upgrade error: Add failure missing required attribute "objectclass"
|
|
|
bb0ded |
- Resolves: rhbz#1973024 CA_less ipa-server-install fails if CA cert subject contains non ascii chars
|
|
|
bb0ded |
- Resolves: rhbz#1966101 [RFE] - IDM - Allow specifying permanent logging settings for BIND
|
|
|
bb0ded |
- Resolves: rhbz#1962570 IPA in c9s should not require redhat-logos-ipa as a runtime package
|
|
|
bb0ded |
- Resolves: rhbz#1957736 [RFE] IPA to allow configuring auto-private-groups at idrange level
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.9.3-2.1
|
|
|
bb0ded |
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
|
bb0ded |
Related: rhbz#1971065
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Apr 20 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.3-2
|
|
|
bb0ded |
- RHEL 9 Beta mass rebuild. Resolves: rhbz#1951304
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Mar 31 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.3-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.9.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Feb 26 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-4
|
|
|
bb0ded |
- Rebuild against 389-ds and PKI to fix https://github.com/389ds/389-ds-base/issues/4609
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Feb 23 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-3
|
|
|
bb0ded |
- Only use python-platform on RHEL 8
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 15 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-2
|
|
|
bb0ded |
- Fix ipatests dependency to python3-pexpect
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 15 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.2-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.9.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 27 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.1-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.9.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.0-2.1
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 20 2021 Rob Crittenden <rcritten@redhat.com> - 4.9.0-2
|
|
|
bb0ded |
- Set client keytab location for 389ds (RHBZ#1918075)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Dec 23 17:05:00 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-1
|
|
|
bb0ded |
- FreeIPA 4.9.0 final release
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Dec 16 07:52:00 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.6.rc3
|
|
|
bb0ded |
- Refactor DNSSEC paths creation code (upstream PR#5340)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Dec 10 20:06:03 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.5.rc3
|
|
|
bb0ded |
- FreeIPA 4.9.0 release candidate 3
|
|
|
bb0ded |
- Enforce C.UTF-8 locale in systemd service units
|
|
|
bb0ded |
- Fold up fixes from Rawhide and RHEL 8.4 testing
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Dec 9 20:06:03 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.4.rc2
|
|
|
bb0ded |
- Fix upgrade script for CA rule rewrites
|
|
|
bb0ded |
- Fix permissions for /run/ipa/ccaches
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 4 22:17:00 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.3.rc2
|
|
|
bb0ded |
- Correct SELinux policy requirements
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 4 13:41:28 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.2.rc2
|
|
|
bb0ded |
- FreeIPA 4.9.0 release candidate 2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Nov 19 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.1.rc1
|
|
|
bb0ded |
- Use correct bind PKCS11 engine dependencies
|
|
|
bb0ded |
- Fix SELinux build requirement
|
|
|
bb0ded |
- Fix linting requirements
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Nov 18 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.rc1
|
|
|
bb0ded |
- FreeIPA 4.9.0 release candidate 1
|
|
|
bb0ded |
- Synchronize spec file with upstream and RHEL
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 28 2020 Adam Williamson <awilliam@redhat.com> - 4.8.10-7
|
|
|
bb0ded |
- Backport #5212 for deployment failures with 389-ds-base 1.4.4.6+
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 13 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-6
|
|
|
bb0ded |
- Handle sshd_config upgrade properly
|
|
|
bb0ded |
Fixes: rhbz#1887928
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Sep 29 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-5
|
|
|
bb0ded |
- Properly handle upgrade case when systemd-resolved is enabled
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Sep 28 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-4
|
|
|
bb0ded |
- Fix permissions for /etc/systemd/resolved.conf.d/zzz-ipa.conf
|
|
|
bb0ded |
- Add NetworkManager and systemd-resolved configuration files to backup
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sun Sep 27 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-3
|
|
|
bb0ded |
- Fix dependency between freeipa-selinux and freeipa-common
|
|
|
bb0ded |
- Resolves: rhbz#1883005
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Sep 26 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-2
|
|
|
bb0ded |
- Support upgrade F32 -> F33 with systemd-resolved
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Sep 26 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.8.10
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Aug 21 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.9-2
|
|
|
bb0ded |
- Backport fix for detecting older installations on upgrade
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Aug 20 2020 François Cami <fcami@redhat.com> - 4.8.9-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.8.9
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Aug 03 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.7-5
|
|
|
bb0ded |
- Make use of unshare+chroot in ipa-extdom-extop unittests to work against glibc 2.32
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.7-4
|
|
|
bb0ded |
- Second attempt - Rebuilt for
|
|
|
bb0ded |
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jul 30 2020 Merlin Mathesius <mmathesi@redhat.com> - 4.8.7-3
|
|
|
bb0ded |
- Conditional fixes for ELN to set krb5-kdb version appropriately
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.7-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jun 10 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.7-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.8.7
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 4.8.6-2
|
|
|
bb0ded |
- Rebuilt for Python 3.9
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Mar 27 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.6-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.8.6
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Mar 21 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.5-2
|
|
|
bb0ded |
- Roll up post-release fixes from upstream
|
|
|
bb0ded |
- Move freeipa-selinux to be a dependency of freeipa-common
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Mar 18 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.5-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.8.5
|
|
|
bb0ded |
- Depend on selinux-policy-devel 3.14.6-9 for build due to a makefile issue in
|
|
|
bb0ded |
SELinux external policy support
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Mar 03 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-8
|
|
|
bb0ded |
- Support opendnssec 2.1
|
|
|
bb0ded |
- Resolves: #1809492
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 17 2020 François Cami <fcami@redhat.com> - 4.8.4-7
|
|
|
bb0ded |
- Fix audit_as_req() callback usage
|
|
|
bb0ded |
- Resolves: #1803786
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Feb 01 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-6
|
|
|
bb0ded |
- Fix constraint delegation for krb5 1.18 update
|
|
|
bb0ded |
- Resolves: #1797096
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.4-5
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 28 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-4
|
|
|
bb0ded |
- Rebuild against krb5 1.18 beta
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sun Jan 26 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-3
|
|
|
bb0ded |
- Rebuild against Samba 4.12RC1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Dec 16 2019 Adam Williamson <awilliam@redhat.com> - 4.8.4-2
|
|
|
bb0ded |
- Backport PR #4045 to fix overlapping DNS zone check bugs
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Dec 14 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-1
|
|
|
bb0ded |
- New upstream release 4.8.4
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Nov 26 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.3-1
|
|
|
bb0ded |
- New upstream release 4.8.3
|
|
|
bb0ded |
- CVE-2019-14867: Denial of service in IPA server due to wrong use of ber_scanf()
|
|
|
bb0ded |
- CVE-2019-10195: Don't log passwords embedded in commands in calls using batch
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Nov 12 2019 Rob Crittenden <rcritten@redhat.com> - 4.8.2-1
|
|
|
bb0ded |
- New upstream release 4.8.2
|
|
|
bb0ded |
- Replace %%{_libdir} macro in BuildRequires (#1746882)
|
|
|
bb0ded |
- Restore user-nsswitch.conf before calling authselect (#1746557)
|
|
|
bb0ded |
- ipa service-find does not list cifs service created by
|
|
|
bb0ded |
ipa-client-samba (#1731433)
|
|
|
bb0ded |
- Occasional 'whoami.data is undefined' error in FreeIPA web UI
|
|
|
bb0ded |
(#1699109)
|
|
|
bb0ded |
- ipa-kra-install fails due to fs.protected_regular=1 (#1698384)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sun Oct 20 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.1-5
|
|
|
bb0ded |
- Don't create log files from helper scripts
|
|
|
bb0ded |
- Fixes: rhbz#1754189
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 08 2019 Christian Heimes <cheimes@redhat.com> - 4.8.1-4
|
|
|
bb0ded |
- Fix compatibility issue with preexec_fn in Python 3.8
|
|
|
bb0ded |
- Fixes: rhbz#1759290
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 1 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.1-3
|
|
|
bb0ded |
- Fix ipasam for compatibility with Samba 4.11
|
|
|
bb0ded |
- Fixes: rhbz#1757089
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 4.8.1-2
|
|
|
bb0ded |
- Rebuilt for Python 3.8
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Aug 14 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.1-1
|
|
|
bb0ded |
- New upstream release 4.8.1
|
|
|
bb0ded |
- Fixes: rhbz#1732528
|
|
|
bb0ded |
- Fixes: rhbz#1732524
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.0-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jul 03 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.0-1
|
|
|
bb0ded |
- New upstream release 4.8.0
|
|
|
bb0ded |
- New subpackage: freeipa-client-samba
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat May 11 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.90.pre1-6
|
|
|
bb0ded |
- Upgrade: handle situation when trusts were configured but not established yet
|
|
|
bb0ded |
Fixed: rhbz#1708808
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri May 3 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.90.pre1-5
|
|
|
bb0ded |
- Add krb5-kdb-server dependency provided by krb5-server >= 1.17-17
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri May 3 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.90.pre1-4
|
|
|
bb0ded |
- Rebuild to drop upper limit for Kerberos package
|
|
|
bb0ded |
After krb5-server will provide krb5-kdb-version, we'll switch to it
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed May 1 2019 Adam Williamson <awilliam@redhat.com> - 4.7.90.pre1-3
|
|
|
bb0ded |
- Backport PR #3104 to fix a font path error
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed May 1 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.90.pre1-2
|
|
|
bb0ded |
- Revert MINSSF defaults because realmd cannot join FreeIPA right now
|
|
|
bb0ded |
as it uses anonymous LDAP connection for the discovery and validation
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Apr 29 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.90.pre1-1
|
|
|
bb0ded |
- First release candidate for FreeIPA 4.8.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Apr 06 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-8
|
|
|
bb0ded |
- Fixed: rhbz#1696963 (Failed to install replica)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Apr 06 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-7
|
|
|
bb0ded |
- Support Samba 4.10
|
|
|
bb0ded |
- Support 389-ds 1.4.1.2-2.fc30 or later
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 28 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-6
|
|
|
bb0ded |
- Support new nfs-utils behavior (#1668836)
|
|
|
bb0ded |
- ipa-client-automount now works without /etc/sysconfig/nfs
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Feb 19 2019 François Cami <fcami@redhat.com> - 4.7.2-5
|
|
|
bb0ded |
- Fix FTBS due to Samba having removed talloc_strackframe.h
|
|
|
bb0ded |
and memory.h (#1678670)
|
|
|
bb0ded |
- Fix CA setup when fs.protected_regular=1 (#1677027)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 11 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-4
|
|
|
bb0ded |
- Disable python dependency generator in Rawhide as not all required packages support it yet
|
|
|
bb0ded |
- Require python-kdcproxy 0.4.1 or later on Rawhide
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Feb 8 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-3
|
|
|
bb0ded |
- Fix compile issues after a mass rebuild using upstream patches
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.7.2-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Dec 03 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-1
|
|
|
bb0ded |
- Upstream release FreeIPA 4.7.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Nov 28 2018 Adam Williamson <awilliam@redhat.com> - 4.7.1-4
|
|
|
bb0ded |
- Update PR #2610 patch to tiran's modified version
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Nov 27 2018 Adam Williamson <awilliam@redhat.com> - 4.7.1-3
|
|
|
bb0ded |
- Backport PR #2610 to fix for authselect 1.0.2+ (see #1645708)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sun Nov 11 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.1-2
|
|
|
bb0ded |
- Rebuild for krb5-1.17 (#1648673)
|
|
|
bb0ded |
- Bump required SSSD version to 2.0.0-4 to get back pysss.getgrouplist() API
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 5 2018 Rob Crittenden <rcritten@redhat.com> - 4.7.1-1
|
|
|
bb0ded |
- Update to upstream 4.7.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Sep 25 2018 Christian Heimes <cheimes@redhat.com> - 4.7.0-5
|
|
|
bb0ded |
- Remove Python 2 support from Fedora 30
|
|
|
bb0ded |
- https://fedoraproject.org/wiki/Changes/FreeIPA_Python_2_Removal
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Sep 4 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-4
|
|
|
bb0ded |
- Enable python2 client packages for f30 for now again
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Sep 4 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-3
|
|
|
bb0ded |
- Force generation of aclocal.m4 and configuration scripts
|
|
|
bb0ded |
- Fix only client build for Fedora>=28 and RHEL>7
|
|
|
bb0ded |
- Bring back special patch handling for Fedora
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Sep 3 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-2
|
|
|
bb0ded |
- Restore SELinux context of session_dir /etc/httpd/alias (pagure#7662)
|
|
|
bb0ded |
- Restore SELinux context of template_dir /var/log/dirsrv/slapd-X (pagure#7662)
|
|
|
bb0ded |
- Add "389-ds-base-legacy-tools" to requires
|
|
|
bb0ded |
- Refactor os-release and platform information (#1609475)
|
|
|
bb0ded |
- Don't check for systemd service (#1609475)
|
|
|
bb0ded |
- Switched to upstream spec file with small adaptions
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jul 26 2018 Thomas Woerner <twoerner@redhat.com> - 4.7.0-1
|
|
|
bb0ded |
- Update to upstream 4.7.0
|
|
|
bb0ded |
- New BuildRequires for nodejs and uglify-js
|
|
|
bb0ded |
- New Requires for 389-ds-base-legacy-tools in server (RHBZ#1606541)
|
|
|
bb0ded |
- Do not build python2-ipaserver and python2-ipatests for Fedora 29 and up
|
|
|
bb0ded |
- Do not build any python2 packages for Fedora 30
|
|
|
bb0ded |
- Added ipatest man pages to python3-ipatests packages also
|
|
|
bb0ded |
- Added ipatest bindir links to python3-ipatests for Fedora up to 28
|
|
|
bb0ded |
- Dropped explicit copy of freeipa.template, install is doing this now
|
|
|
bb0ded |
- Added upstream fix: (f3faecb) Fix $-style format string in ipa_ldap_init
|
|
|
bb0ded |
- Added upstream fix: (4b592fe,1a7baa2) Added reason to raise of errors.NotFound
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 16 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre2-11
|
|
|
bb0ded |
- Use version-aware macros for Python
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.6.90.pre2-10
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 4.6.90.pre2-9
|
|
|
bb0ded |
- Rebuilt for Python 3.7
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jun 27 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre2-8
|
|
|
bb0ded |
- Build UI using py3-lesscpy
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jun 19 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre2-7
|
|
|
bb0ded |
- *-domainname.service moved to the hostname package in F29 (#1592355)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 4.6.90.pre2-6
|
|
|
bb0ded |
- Rebuilt for Python 3.7
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jun 15 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre2-5
|
|
|
bb0ded |
- Change BuildRequires from python-lesscpy to python3-lesscpy
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jun 15 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre2-4.1
|
|
|
bb0ded |
- Rename service fedora-domainname.service to nis-domainname.service
|
|
|
bb0ded |
(#1588192)
|
|
|
bb0ded |
- Fix bad date in changelog
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed May 16 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre2-3
|
|
|
bb0ded |
- Fine tune packaging of server templates so that it doesn't include
|
|
|
bb0ded |
freeipa.template which always go to freeipa-client-common
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue May 15 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre2-2
|
|
|
bb0ded |
- Exclude /usr/share from client-only builds
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue May 15 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre2-1
|
|
|
bb0ded |
- Update to upstream 4.6.90.pre2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed May 02 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre1-7
|
|
|
bb0ded |
- Fix upgrade when named.conf does not exist
|
|
|
bb0ded |
- Resolves rhbz#1573671
|
|
|
bb0ded |
- Requires newer slapi-nis to avoid hitting rhbz#1573636
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Mar 21 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre1-6.1
|
|
|
bb0ded |
- Change upgrade code to use DIR-based ccache and no kinit (#1558818)
|
|
|
bb0ded |
- Require pki-symkey until pki-core has proper dependencies
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Mar 21 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre1-6
|
|
|
bb0ded |
- Change upgrade code to use DIR-based ccache and no kinit (#1558818)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Mar 20 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre1-5
|
|
|
bb0ded |
- Apply upstream fix for #1558354
|
|
|
bb0ded |
- Run upgrade under file-based ccache (#1558818)
|
|
|
bb0ded |
- Fix OTP token issuance due to regression in https://pagure.io/389-ds-base/issue/49617
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Mar 20 2018 Adam Williamson <awilliam@redhat.com> - 4.6.90.pre1-4
|
|
|
bb0ded |
- Fix upgrades harder (extension of -3 patch) (#1558354)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Mar 20 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.90.pre1-3
|
|
|
bb0ded |
- Fix upgrade from F27 to F28 (#1558354)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Mar 19 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre1-2
|
|
|
bb0ded |
- Patch to fix GUI login for non-admin users (#1557609)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Mar 16 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre1-1
|
|
|
bb0ded |
- Update to upstream 4.6.90.pre1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Feb 20 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.3-5
|
|
|
bb0ded |
- Disable i686 server builds because 389-ds no longer provides
|
|
|
bb0ded |
builds on that arch. (#1544386)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.6.3-4
|
|
|
bb0ded |
- Escape macros in %%changelog
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 8 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.3-3
|
|
|
bb0ded |
- Don't fail on upgrades if KRA is not installed
|
|
|
bb0ded |
- Remove Conflicts between mod_wsgi and python3-mod_wsgi
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.6.3-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 31 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.3-1
|
|
|
bb0ded |
- Update to upstream 4.6.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 03 2018 Lumír Balhar <lbalhar@redhat.com> - 4.6.1-5
|
|
|
bb0ded |
- Fix directory ownership in python3 subpackage
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 17 2017 Rob Crittenden <rcritten@redhat.com> - 4.6.1-4
|
|
|
bb0ded |
- Update workaround patch to prevent SELinux execmem AVC (#1491508)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Oct 16 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.6.1-3
|
|
|
bb0ded |
- Another attempt at fix for bug #1491053
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 06 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.1-2
|
|
|
bb0ded |
- Rebuild against krb5-1.16
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Sep 22 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.1-1
|
|
|
bb0ded |
- Fixes #1491053 Firefox reports insecure TLS configuration when visiting
|
|
|
bb0ded |
FreeIPA web UI after standard server deployment
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Sep 13 2017 Adam Williamson <awilliam@redhat.com> - 4.6.0-3
|
|
|
bb0ded |
- Fixes #1490762 Ipa-server-install update dse.ldif with wrong SELinux context
|
|
|
bb0ded |
- Fixes #1491056 FreeIPA enrolment via kickstart fails
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Sep 06 2017 Adam Williamson <awilliam@redhat.com> - 4.6.0-2
|
|
|
bb0ded |
- Fixes #1488640 "unknown command 'undefined'" error when changing password in web UI
|
|
|
bb0ded |
- BuildRequires diffstat (for the use in patch application)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Sep 04 2017 Tomas Krizek <tkrizek@redhat.com> - 4.6.0-1
|
|
|
bb0ded |
- Rebase to upstream 4.6.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.3-3
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.3-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jul 21 2017 Tomas Krizek <tkrizek@redhat.com> - 4.5.3-1
|
|
|
bb0ded |
- Update to upstream 4.5.3 - see https://www.freeipa.org/page/Releases/4.5.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jul 13 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.5.2-4
|
|
|
bb0ded |
- Make sure tmpfiles.d snippet for replica is in place after install
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 10 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.5.2-3
|
|
|
bb0ded |
- Fix build with Samba 4.7.0-RC1
|
|
|
bb0ded |
- Increase java stack for rhino calls to get around crashes on ppc64-le
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jun 20 2017 Tomas Krizek <tkrizek@redhat.com> - 4.5.2-2
|
|
|
bb0ded |
- Patch: Fix IP address checks
|
|
|
bb0ded |
- Patch: python-netifaces fix
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sun Jun 18 2017 Tomas Krizek <tkrizek@redhat.com> - 4.5.2-1
|
|
|
bb0ded |
- Update to upstream 4.5.2 - see https://www.freeipa.org/page/Releases/4.5.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu May 25 2017 Tomas Krizek <tkrizek@redhat.com> - 4.5.1-1
|
|
|
bb0ded |
- Update to upstream 4.5.1 - see https://www.freeipa.org/page/Releases/4.5.1
|
|
|
bb0ded |
- Fixes #1168266 UI drops "Enknown Error" when the ipa record in /etc/hosts changes
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue May 23 2017 Tomas Krizek <tkrizek@redhat.com> - 4.4.4-2
|
|
|
bb0ded |
- Fixes #1448049 Subpackage freeipa-server-common has unmet dependencies on Rawhide
|
|
|
bb0ded |
- Fixes #1430247 FreeIPA server deployment runs ipa-custodia on Python 3, should use Python 2
|
|
|
bb0ded |
- Fixes #1446744 python2-ipaclient subpackage does not own %%{python_sitelib}/ipaclient/plugins
|
|
|
bb0ded |
- Fixes #1440525 surplus 'the' in output of `ipa-adtrust-install`
|
|
|
bb0ded |
- Fixes #1411810 ipa-replica-install fails with 406 Client Error
|
|
|
bb0ded |
- Fixes #1405814 ipa plugins: ERROR an internal error occured
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Mar 24 2017 Tomas Krizek <tkrizek@redhat.com> - 4.4.4-1
|
|
|
bb0ded |
- Update to upstream 4.4.4 - see https://www.freeipa.org/page/Releases/4.4.4
|
|
|
bb0ded |
- Add upstream signature file for tarball
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Mar 1 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.4.3-8
|
|
|
bb0ded |
- Use different method to keep /usr/bin/ipa on Python 2
|
|
|
bb0ded |
- Fixes #1426847
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 27 2017 Tomas Krizek <tkrizek@redhat.com> - 4.4.3-7
|
|
|
bb0ded |
- Fixes #1413137 CVE-2017-2590 ipa: Insufficient permission check for
|
|
|
bb0ded |
ca-del, ca-disable and ca-enable commands
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 27 2017 Alexander Bokovoy <abokovoy@redhat.com> - 4.4.3-6
|
|
|
bb0ded |
- Rebuild to pick up system-python dependency change
|
|
|
bb0ded |
- Fixes #1426847 - Cannot upgrade freeipa-client on rawhide
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 15 2017 Tomas Krizek <tkrizek@redhat.com> - 4.4.3-5
|
|
|
bb0ded |
- Fixes #1403352 - bind-dyndb-ldap: support new named.conf API in BIND 9.11
|
|
|
bb0ded |
- Fixes #1412739 - ipa-kdb: support DAL version 6.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.3-4
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Jan 21 2017 Igor Gnatenko <ignatenko@redhat.com> - 4.4.3-3
|
|
|
bb0ded |
- Rebuild for xmlrpc-c
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Dec 22 2016 Miro Hrončok <mhroncok@redhat.com> - 4.4.3-2
|
|
|
bb0ded |
- Rebuild for Python 3.6
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 16 2016 Pavel Vomacka <pvomacka@redhat.com> - 4.4.3-1
|
|
|
bb0ded |
- Update to upstream 4.4.3 - see http://www.freeipa.org/page/Releases/4.4.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Dec 14 2016 Pavel Vomacka <pvomacka@redhat.com> - 4.4.2-4
|
|
|
bb0ded |
- Fixes 1395311 - CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod
|
|
|
bb0ded |
- Fixes 1370493 - CVE-2016-7030 ipa: DoS attack against kerberized services
|
|
|
bb0ded |
by abusing password policy
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Nov 29 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.2-3
|
|
|
bb0ded |
- Fixes 1389866 krb5-server: ipadb_change_pwd(): kdb5_util killed by SIGSEGV
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 21 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.2-2
|
|
|
bb0ded |
- Rebuild against krb5-1.15
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Oct 13 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.2-1
|
|
|
bb0ded |
- Update to upstream 4.4.2 - see http://www.freeipa.org/page/Releases/4.4.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Sep 01 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.4.1-1
|
|
|
bb0ded |
- Update to upstream 4.4.1 - see http://www.freeipa.org/page/Releases/4.4.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Aug 19 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.2-2
|
|
|
bb0ded |
- Fixes 1365669 - The ipa-server-upgrade command failed when named-pkcs11 does
|
|
|
bb0ded |
not happen to run during dnf upgrade
|
|
|
bb0ded |
- Fixes 1367883 - CVE-2016-5404 freeipa: ipa: Insufficient privileges check
|
|
|
bb0ded |
in certificate revocation
|
|
|
bb0ded |
- Fixes 1364338 - Freeipa cannot be build on fedora 25
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jul 22 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.2-1
|
|
|
bb0ded |
- Update to upstream 4.3.2 - see http://www.freeipa.org/page/Releases/4.3.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3.1-2
|
|
|
bb0ded |
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Mar 24 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.1-1
|
|
|
bb0ded |
- Update to upstream 4.3.1 - see http://www.freeipa.org/page/Releases/4.3.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 04 2016 Petr Vobornik <pvoborni@redhat.com> - 4.3.0-3
|
|
|
bb0ded |
- Fix build with Samba 4.4
|
|
|
bb0ded |
- Update SELinux requires to fix connection check during installation
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 18 2015 Petr Vobornik <pvoborni@redhat.com> - 4.3.0-1
|
|
|
bb0ded |
- Update to upstream 4.3.0 - see http://www.freeipa.org/page/Releases/4.3.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Dec 07 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.3-2
|
|
|
bb0ded |
- Workarounds for SELinux execmem violations in cryptography
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Nov 02 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.3-1
|
|
|
bb0ded |
- Update to upstream 4.2.3 - see http://www.freeipa.org/page/Releases/4.2.3
|
|
|
bb0ded |
- fix #1274905
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 21 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.2-2
|
|
|
bb0ded |
- Depend on samba-common-tools for the trust-ad subpackage after
|
|
|
bb0ded |
samba package split
|
|
|
bb0ded |
- Rebuild against krb5 1.14 to fix bug #1273957
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Oct 8 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.2-1
|
|
|
bb0ded |
- Update to upstream 4.2.2 - see http://www.freeipa.org/page/Releases/4.2.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Sep 7 2015 Petr Vobornik <pvoborni@redhat.com> - 4.2.1-1
|
|
|
bb0ded |
- Update to upstream 4.2.1 - see http://www.freeipa.org/page/Releases/4.2.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.1.4-5
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue May 12 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.4-4
|
|
|
bb0ded |
- Fix typo in the patch to fix bug #1219834
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon May 11 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.4-3
|
|
|
bb0ded |
- Fix FreeIPA trusts to AD feature with Samba 4.2 (#1219834)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Mar 30 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.4-2
|
|
|
bb0ded |
- Replace mod_auth_kerb usage with mod_auth_gssapi
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Mar 26 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.4-1
|
|
|
bb0ded |
- Update to upstream 4.1.4 - see http://www.freeipa.org/page/Releases/4.1.4
|
|
|
bb0ded |
- fix CVE-2015-1827 (#1206047)
|
|
|
bb0ded |
- Require slapi-nis 0.54.2 and newer for CVE-2015-0283 fixes
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Mar 17 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.3-3
|
|
|
bb0ded |
- Timeout ipa-client install if ntp server is unreachable #4842
|
|
|
bb0ded |
- Skip time sync during client install when using --no-ntp #4842
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Mar 04 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.3-2
|
|
|
bb0ded |
- Add missing sssd python dependencies
|
|
|
bb0ded |
- https://bugzilla.redhat.com/show_bug.cgi?id=1197218
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 18 2015 Petr Vobornik <pvoborni@redhat.com> - 4.1.3-1
|
|
|
bb0ded |
- Update to upstream 4.1.3 - see http://www.freeipa.org/page/Releases/4.1.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jan 19 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.2-2
|
|
|
bb0ded |
- Fix broken build after Samba ABI change and rename of libpdb to libsamba-passdb
|
|
|
bb0ded |
- Use python-dateutil15 until we validate python-dateutil 2.x
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Nov 25 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.2-1
|
|
|
bb0ded |
- Update to upstream 4.1.2 - see http://www.freeipa.org/page/Releases/4.1.2
|
|
|
bb0ded |
- fix CVE-2014-7850
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Nov 20 2014 Simo Sorce <simo@redhat.com> - 4.1.1-2
|
|
|
bb0ded |
- Patch blokers and feature freze exceptions
|
|
|
bb0ded |
- Resolves: bz1165674
|
|
|
bb0ded |
- Resolves: bz1165856 (CVE-2014-7850)
|
|
|
bb0ded |
- Fixes DNS install issue that prevents the server from working
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Nov 06 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.1-1
|
|
|
bb0ded |
- Update to upstream 4.1.1 - see http://www.freeipa.org/page/Releases/4.1.1
|
|
|
bb0ded |
- fix CVE-2014-7828
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 22 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.0-2
|
|
|
bb0ded |
- fix armv7hl stack oversize build failure
|
|
|
bb0ded |
- fix https://fedorahosted.org/freeipa/ticket/4660
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 21 2014 Petr Vobornik <pvoborni@redhat.com> - 4.1.0-1
|
|
|
bb0ded |
- Update to upstream 4.1.0 - see http://www.freeipa.org/page/Releases/4.1.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Sep 12 2014 Petr Viktorin <pviktori@redhat.com> - 4.0.3-1
|
|
|
bb0ded |
- Update to upstream 4.0.3 - see http://www.freeipa.org/page/Releases/4.0.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Sep 05 2014 Petr Viktorin <pviktori@redhat.com> - 4.0.2-1
|
|
|
bb0ded |
- Update to upstream 4.0.1 - see http://www.freeipa.org/page/Releases/4.0.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Sep 02 2014 Pádraig Brady <pbrady@redhat.com> - 4.0.1-3
|
|
|
bb0ded |
- rebuild for libunistring soname bump
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.1-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jul 25 2014 Martin Kosek <mkosek@redhat.com> 4.0.1-1
|
|
|
bb0ded |
- Update to upstream 4.0.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 07 2014 Petr Viktorin <pviktori@redhat.com> 4.0.0-1
|
|
|
bb0ded |
- Update to upstream 4.0.0
|
|
|
bb0ded |
- Remove the server-strict package
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.5-4
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed May 21 2014 Petr Vobornik <pvoborni@redhat.com> 3.3.5-3
|
|
|
bb0ded |
- Increase Java stack size for Web UI build on aarch64
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Apr 16 2014 Peter Robinson <pbrobinson@fedoraproject.org> 3.3.5-2
|
|
|
bb0ded |
- Add rhino as dependency to fix FTBFS
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Mar 28 2014 Martin Kosek <mkosek@redhat.com> - 3.3.5-1
|
|
|
bb0ded |
- Update to upstream 3.3.5
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Feb 11 2014 Martin Kosek <mkosek@redhat.com> - 3.3.4-3
|
|
|
bb0ded |
- Move ipa-otpd socket directory to /var/run/krb5kdc
|
|
|
bb0ded |
- Require krb5-server 1.11.5-3 supporting the new directory
|
|
|
bb0ded |
- ipa_lockout plugin did not work with users's without krbPwdPolicyReference
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 29 2014 Martin Kosek <mkosek@redhat.com> - 3.3.4-2
|
|
|
bb0ded |
- Fix hardened build
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 28 2014 Martin Kosek <mkosek@redhat.com> - 3.3.4-1
|
|
|
bb0ded |
- Update to upstream 3.3.4
|
|
|
bb0ded |
- Install CA anchor into standard location (#928478)
|
|
|
bb0ded |
- ipa-client-install part of ipa-server-install fails on reinstall (#1044994)
|
|
|
bb0ded |
- Remove mod_ssl workaround (RHEL bug #1029046)
|
|
|
bb0ded |
- Enable syncrepl plugin to support bind-dyndb-ldap 4.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jan 3 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-5
|
|
|
bb0ded |
- Build crashed with rhino exception on s390 architectures (#1040576)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Dec 12 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-4
|
|
|
bb0ded |
- Build crashed with rhino exception on PPC architectures (#1040576)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Dec 3 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-3
|
|
|
bb0ded |
- Fix -Werror=format-security errors (#1037070)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Nov 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-2
|
|
|
bb0ded |
- ipa-server-install crashed when freeipa-server-trust-ad subpackage was not
|
|
|
bb0ded |
installed
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Nov 1 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-1
|
|
|
bb0ded |
- Update to upstream 3.3.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1
|
|
|
bb0ded |
- Update to upstream 3.3.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Aug 29 2013 Petr Viktorin <pviktori@redhat.com> - 3.3.1-1
|
|
|
bb0ded |
- Bring back Fedora-only changes
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Aug 29 2013 Petr Viktorin <pviktori@redhat.com> - 3.3.1-0
|
|
|
bb0ded |
- Update to upstream 3.3.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Aug 14 2013 Alexander Bokovoy <abokovoy@redhat.com> - 3.3.0-2
|
|
|
bb0ded |
- Remove freeipa-systemd-upgrade as non-systemd installs are not supported
|
|
|
bb0ded |
anymore by Fedora project
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Aug 7 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-1
|
|
|
bb0ded |
- Update to upstream 3.3.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2.2-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jul 17 2013 Martin Kosek <mkosek@redhat.com> - 3.2.2-1
|
|
|
bb0ded |
- Update to upstream 3.2.2
|
|
|
bb0ded |
- Drop freeipa-server-selinux subpackage
|
|
|
bb0ded |
- Drop redundant directory /var/cache/ipa/sessions
|
|
|
bb0ded |
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
|
|
|
bb0ded |
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
|
|
|
bb0ded |
issues when there are still old parts of software (like entitlements plugin)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jun 7 2013 Martin Kosek <mkosek@redhat.com> - 3.2.1-1
|
|
|
bb0ded |
- Update to upstream 3.2.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue May 14 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-2
|
|
|
bb0ded |
- Add OTP patches
|
|
|
bb0ded |
- Add patch to set KRB5CCNAME for 389-ds-base
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri May 10 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-1
|
|
|
bb0ded |
- Update to upstream 3.2.0 GA
|
|
|
bb0ded |
- ipa-client-install fails if /etc/ipa does not exist (#961483)
|
|
|
bb0ded |
- Certificate status is not visible in Service and Host page (#956718)
|
|
|
bb0ded |
- ipa-client-install removes needed options from ldap.conf (#953991)
|
|
|
bb0ded |
- Handle socket.gethostbyaddr() exceptions when verifying hostnames (#953957)
|
|
|
bb0ded |
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
|
|
|
bb0ded |
- Require nss 3.14.3-12.0 to address certutil certificate import
|
|
|
bb0ded |
errors (#953485)
|
|
|
bb0ded |
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
|
|
|
bb0ded |
environments. (#953464)
|
|
|
bb0ded |
- ipa-client-install removes 'sss' from /etc/nsswitch.conf (#953453)
|
|
|
bb0ded |
- ipa-server-install --uninstall doesn't stop dirsrv instances (#953432)
|
|
|
bb0ded |
- Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON behavior for
|
|
|
bb0ded |
socket based connections (#960222)
|
|
|
bb0ded |
- Require libsss_nss_idmap-python
|
|
|
bb0ded |
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember to
|
|
|
bb0ded |
member is now done automatically and having it in the config file raises
|
|
|
bb0ded |
an error.
|
|
|
bb0ded |
- Add backup and restore tools, directory.
|
|
|
bb0ded |
- require at least systemd 38 which provides the journal (we no longer
|
|
|
bb0ded |
need to require syslog.target)
|
|
|
bb0ded |
- Update Requires on policycoreutils to 2.1.14-37
|
|
|
bb0ded |
- Update Requires on selinux-policy to 3.12.1-42
|
|
|
bb0ded |
- Update Requires on 389-ds-base to 1.3.1.0
|
|
|
bb0ded |
- Remove a Requires for java-atk-wrapper
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Apr 23 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.4.beta1
|
|
|
bb0ded |
- Remove release from krb5-server in strict sub-package to allow for rebuilds.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Apr 22 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.3.beta1
|
|
|
bb0ded |
- Add a Requires for java-atk-wrapper until we can determine which package
|
|
|
bb0ded |
should be pulling it in, dogtag or tomcat.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Apr 16 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.2.beta1
|
|
|
bb0ded |
- Update to upstream 3.2.0 Beta 1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Apr 2 2013 Martin Kosek <mkosek@redhat.com> - 3.2.0-0.1.pre1
|
|
|
bb0ded |
- Update to upstream 3.2.0 Prerelease 1
|
|
|
bb0ded |
- Use upstream reference spec file as a base for Fedora spec file
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Mar 30 2013 Kevin Fenzi <kevin@scrye.com> 3.1.2-4
|
|
|
bb0ded |
- Rebuild for broken deps
|
|
|
bb0ded |
- Fix 389-ds-base strict dep to be 1.3.0.5 and krb5-server 1.11.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Feb 23 2013 Kevin Fenzi <kevin@scrye.com> - 3.1.2-3
|
|
|
bb0ded |
- Rebuild for broken deps in rawhide
|
|
|
bb0ded |
- Fix 389-ds-base strict dep to be 1.3.0.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.2-2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 23 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.2-1
|
|
|
bb0ded |
- Update to upstream 3.1.2
|
|
|
bb0ded |
- CVE-2012-4546: Incorrect CRLs publishing
|
|
|
bb0ded |
- CVE-2012-5484: MITM Attack during Join process
|
|
|
bb0ded |
- CVE-2013-0199: Cross-Realm Trust key leak
|
|
|
bb0ded |
- Updated strict dependencies to 389-ds-base = 1.3.0.2 and
|
|
|
bb0ded |
pki-ca = 10.0.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Dec 20 2012 Martin Kosek <mkosek@redhat.com> - 3.1.0-2
|
|
|
bb0ded |
- Remove redundat Requires versions that are already in Fedora 17
|
|
|
bb0ded |
- Replace python-crypto Requires with m2crypto
|
|
|
bb0ded |
- Add missing Requires(post) for client and server-trust-ad subpackages
|
|
|
bb0ded |
- Restart httpd service when server-trust-ad subpackage is installed
|
|
|
bb0ded |
- Bump selinux-policy Requires to pick up PKI/LDAP port labeling fixes
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Dec 10 2012 Rob Crittenden <rcritten@redhat.com> - 3.1.0-1
|
|
|
bb0ded |
- Updated to upstream 3.1.0 GA
|
|
|
bb0ded |
- Set minimum for sssd to 1.9.2
|
|
|
bb0ded |
- Set minimum for pki-ca to 10.0.0-1
|
|
|
bb0ded |
- Set minimum for 389-ds-base to 1.3.0
|
|
|
bb0ded |
- Set minimum for selinux-policy to 3.11.1-60
|
|
|
bb0ded |
- Remove unneeded dogtag package requires
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 23 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-3
|
|
|
bb0ded |
- Update Requires on krb5-server to 1.11
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-2
|
|
|
bb0ded |
- Configure CA replication to use TLS instead of SSL
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-1
|
|
|
bb0ded |
- Updated to upstream 3.0.0 GA
|
|
|
bb0ded |
- Set minimum for samba to 4.0.0-153.
|
|
|
bb0ded |
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
|
|
|
bb0ded |
plugin to /dev/null since they cannot be used when trusts are configured
|
|
|
bb0ded |
- Restrict krb5-server to 1.10.
|
|
|
bb0ded |
- Update BR for 389-ds-base to 1.3.0
|
|
|
bb0ded |
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
|
|
|
bb0ded |
- Add Requires on zip for generating FF browser extension
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 5 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.10
|
|
|
bb0ded |
- Updated to upstream 3.0.0 rc 2
|
|
|
bb0ded |
- Include new FF configuration extension
|
|
|
bb0ded |
- Set minimum Requires of selinux-policy to 3.11.1-33
|
|
|
bb0ded |
- Set minimum Requires dogtag to 10.0.0-0.43.b1
|
|
|
bb0ded |
- Add new optional strict sub-package to allow users to limit other
|
|
|
bb0ded |
package upgrades.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 2 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-0.9
|
|
|
bb0ded |
- Require samba packages instead of obsoleted samba4 packages
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Sep 21 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.8
|
|
|
bb0ded |
- Updated to upstream 3.0.0 rc 1
|
|
|
bb0ded |
- Update BR for 389-ds-base to 1.2.11.14
|
|
|
bb0ded |
- Update BR for krb5 to 1.10
|
|
|
bb0ded |
- Update BR for samba4-devel to 4.0.0-139 (rc1)
|
|
|
bb0ded |
- Add BR for python-polib
|
|
|
bb0ded |
- Update BR and Requires on sssd to 1.9.0
|
|
|
bb0ded |
- Update Requires on policycoreutils to 2.1.12-5
|
|
|
bb0ded |
- Update Requires on 389-ds-base to 1.2.11.14
|
|
|
bb0ded |
- Update Requires on selinux-policy to 3.11.1-21
|
|
|
bb0ded |
- Update Requires on dogtag to 10.0.0-0.33.a1
|
|
|
bb0ded |
- Update Requires on certmonger to 0.60
|
|
|
bb0ded |
- Update Requires on tomcat to 7.0.29
|
|
|
bb0ded |
- Update minimum version of bind to 9.9.1-10.P3
|
|
|
bb0ded |
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.16.rc1
|
|
|
bb0ded |
- Remove Requires on authconfig from python sub-package
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Sep 5 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.7
|
|
|
bb0ded |
- Rebuild against samba4 beta8
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Aug 31 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.6
|
|
|
bb0ded |
- Rebuild against samba4 beta7
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Aug 22 2012 Alexander Bokovoy <abokovoy@redhat.com> - 3.0.0-0.5
|
|
|
bb0ded |
- Adopt to samba4 beta6 (libsecurity -> libsamba-security)
|
|
|
bb0ded |
- Add dependency to samba4-winbind
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Aug 17 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.4
|
|
|
bb0ded |
- Updated to upstream 3.0.0 beta 2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Aug 6 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-0.3
|
|
|
bb0ded |
- Updated to current upstream state of 3.0.0 beta 2 development
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 23 2012 Alexander Bokovoy <abokovy@redhat.com> - 3.0.0-0.2
|
|
|
bb0ded |
- Rebuild against samba4 beta4
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 2 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.1
|
|
|
bb0ded |
- Updated to upstream 3.0.0 beta 1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu May 3 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-1
|
|
|
bb0ded |
- Updated to upstream 2.2.0 GA
|
|
|
bb0ded |
- Update minimum n-v-r of certmonger to 0.53
|
|
|
bb0ded |
- Update minimum n-v-r of slapi-nis to 0.40
|
|
|
bb0ded |
- Add Requires in client to oddjob-mkhomedir and python-krbV
|
|
|
bb0ded |
- Update minimum selinux-policy to 3.10.0-110
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Mar 19 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.2
|
|
|
bb0ded |
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
|
|
|
bb0ded |
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
|
|
|
bb0ded |
- Add Conflicts on mod_ssl
|
|
|
bb0ded |
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
|
|
|
bb0ded |
- Update minimum n-v-r of sssd to 1.8.0
|
|
|
bb0ded |
- Update minimum n-v-r of slapi-nis to 0.38
|
|
|
bb0ded |
- Update minimum n-v-r of pki-* to 9.0.18
|
|
|
bb0ded |
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
|
|
|
bb0ded |
- Update conflicts on bind to < 9.9.0-1
|
|
|
bb0ded |
- Drop requires on krb5-server-ldap
|
|
|
bb0ded |
- Add patch to remove escaping arguments to pkisilent
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 06 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.1
|
|
|
bb0ded |
- Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 01 2012 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-5
|
|
|
bb0ded |
- Force to use 389-ds 1.2.10-0.8.a7 or above
|
|
|
bb0ded |
- Improve upgrade script to handle systemd 389-ds change
|
|
|
bb0ded |
- Fix freeipa to work with python-ldap 2.4.6
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 11 2012 Martin Kosek <mkosek@redhat.com> - 2.1.4-4
|
|
|
bb0ded |
- Fix ipa-replica-install crashes
|
|
|
bb0ded |
- Fix ipa-server-install and ipa-dns-install logging
|
|
|
bb0ded |
- Set minimum version of pki-ca to 9.0.17 to fix sslget problem
|
|
|
bb0ded |
caused by FEDORA-2011-17400 update (#771357)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Dec 21 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-3
|
|
|
bb0ded |
- Allow Web-based migration to work with tightened SE Linux policy (#769440)
|
|
|
bb0ded |
- Rebuild slapi plugins against re-enterant version of libldap
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sun Dec 11 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-2
|
|
|
bb0ded |
- Allow longer dirsrv startup with systemd:
|
|
|
bb0ded |
- IPAdmin class will wait until dirsrv instance is available up to 10 seconds
|
|
|
bb0ded |
- Helps with restarts during upgrade for ipa-ldap-updater
|
|
|
bb0ded |
- Fix pylint warnings from F16 and Rawhide
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Dec 6 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.4-1
|
|
|
bb0ded |
- Update to upstream 2.1.4 (CVE-2011-3636)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Dec 5 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-8
|
|
|
bb0ded |
- Update SELinux policy to allow ipa_kpasswd to connect ldap and
|
|
|
bb0ded |
read /dev/urandom. (#759679)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Nov 30 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-7
|
|
|
bb0ded |
- Fix wrong path in packaging freeipa-systemd-upgrade
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Nov 30 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-6
|
|
|
bb0ded |
- Introduce upgrade script to recover existing configuration after systemd migration
|
|
|
bb0ded |
as user has no means to recover FreeIPA from systemd migration
|
|
|
bb0ded |
- Upgrade script:
|
|
|
bb0ded |
- recovers symlinks in Dogtag instance install
|
|
|
bb0ded |
- recovers systemd configuration for FreeIPA's directory server instances
|
|
|
bb0ded |
- recovers freeipa.service
|
|
|
bb0ded |
- migrates directory server and KDC configs to use proper keytabs for systemd services
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-5
|
|
|
bb0ded |
- Rebuilt for glibc bug#747377
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 19 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-4
|
|
|
bb0ded |
- clean up spec
|
|
|
bb0ded |
- Depend on sssd >= 1.6.2 for better user experience
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-3
|
|
|
bb0ded |
- Fix Fedora package changelog after merging systemd changes
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-2
|
|
|
bb0ded |
- Fix postin scriplet for F-15/F-16
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-1
|
|
|
bb0ded |
- 2.1.3
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Oct 17 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.2-1
|
|
|
bb0ded |
- Default to systemd for Fedora 16 and onwards
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Aug 16 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.0-1
|
|
|
bb0ded |
- Update to upstream 2.1.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri May 6 2011 Simo Sorce <ssorce@redhat.com> - 2.0.1-2
|
|
|
bb0ded |
- Fix bug #702633
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon May 2 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.1-1
|
|
|
bb0ded |
- Update minimum selinux-policy to 3.9.16-18
|
|
|
bb0ded |
- Update minimum pki-ca and pki-selinux to 9.0.7
|
|
|
bb0ded |
- Update minimum 389-ds-base to 1.2.8.0-1
|
|
|
bb0ded |
- Update to upstream 2.0.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Mar 24 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-1
|
|
|
bb0ded |
- Update to upstream GA release
|
|
|
bb0ded |
- Automatically apply updates when the package is upgraded
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Feb 25 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.4.rc2
|
|
|
bb0ded |
- Update to upstream freeipa-2.0.0.rc2
|
|
|
bb0ded |
- Set minimum version of python-nss to 0.11 to make sure IPv6 support is in
|
|
|
bb0ded |
- Set minimum version of sssd to 1.5.1
|
|
|
bb0ded |
- Patch to include SuiteSpotGroup when setting up 389-ds instances
|
|
|
bb0ded |
- Move a lot of BuildRequires so this will build with ONLY_CLIENT enabled
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Feb 15 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.3.rc1
|
|
|
bb0ded |
- Set the N-V-R so rc1 is an update to beta2.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 14 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.rc1
|
|
|
bb0ded |
- Set minimum version of sssd to 1.5.1
|
|
|
bb0ded |
- Update to upstream freeipa-2.0.0.rc1
|
|
|
bb0ded |
- Move server-only binaries from admintools subpackage to server
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.0-0.2.beta2
|
|
|
bb0ded |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 3 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.beta2
|
|
|
bb0ded |
- Set min version of 389-ds-base to 1.2.8
|
|
|
bb0ded |
- Set min version of mod_nss 1.0.8-10
|
|
|
bb0ded |
- Set min version of selinux-policy to 3.9.7-27
|
|
|
bb0ded |
- Add dogtag themes to Requires
|
|
|
bb0ded |
- Update to upstream freeipa-2.0.0.pre2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 27 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.2.beta.git80e87e7
|
|
|
bb0ded |
- Remove unnecessary moving of v1 CA serial number file in post script
|
|
|
bb0ded |
- Add Obsoletes for server-selinxu subpackage
|
|
|
bb0ded |
- Using git snapshot 442d6ad30ce1156914e6245aa7502499e50ec0da
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 26 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.beta.git80e87e7
|
|
|
bb0ded |
- Prepare spec file for release
|
|
|
bb0ded |
- Using git snapshot 80e87e75bd6ab56e3e20c49ece55bd4d52f1a503
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 25 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-41
|
|
|
bb0ded |
- Re-arrange doc and defattr to clean up rpmlint warnings
|
|
|
bb0ded |
- Remove conditionals on older releases
|
|
|
bb0ded |
- Move some man pages into admintools subpackage
|
|
|
bb0ded |
- Remove some explicit Requires in client that aren't needed
|
|
|
bb0ded |
- Consistent use of buildroot vs RPM_BUILD_ROOT
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 19 2011 Adam Young <ayoung@redhat.com> - 1.99-40
|
|
|
bb0ded |
- Moved directory install/static to install/ui
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 13 2011 Simo Sorce <ssorce@redhat.com> - 1.99-39
|
|
|
bb0ded |
- Remove dependency on nss_ldap/nss-pam-ldapd
|
|
|
bb0ded |
- The official client is sssd and that's what we use by default.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 13 2011 Simo Sorce <ssorce@redhat.com> - 1.99-38
|
|
|
bb0ded |
- Remove radius subpackages
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 13 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-37
|
|
|
bb0ded |
- Set minimum pki-ca and pki-silent versions to 9.0.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-36
|
|
|
bb0ded |
- Drop BuildRequires on mozldap-devel
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Dec 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-35
|
|
|
bb0ded |
- Add Requires on krb5-pkinit-openssl
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 10 2010 Jr Aquino <jr.aquino@citrix.com> - 1.99-34
|
|
|
bb0ded |
- Add ipa-host-net-manage script
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Dec 7 2010 Simo Sorce <ssorce@redhat.com> - 1.99-33
|
|
|
bb0ded |
- Add ipa init script
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Nov 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-32
|
|
|
bb0ded |
- Set minimum level of 389-ds-base to 1.2.7 for enhanced memberof plugin
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Nov 3 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-31
|
|
|
bb0ded |
- remove ipa-fix-CVE-2008-3274
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 6 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-30
|
|
|
bb0ded |
- Remove duplicate %%files entries on share/ipa/static
|
|
|
bb0ded |
- Add python default encoding shared library
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Sep 20 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-29
|
|
|
bb0ded |
- Drop requires on python-configobj (not used any more)
|
|
|
bb0ded |
- Drop ipa-ldap-updater message, upgrades are done differently now
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Sep 8 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-28
|
|
|
bb0ded |
- Drop conflicts on mod_nss
|
|
|
bb0ded |
- Require nss-pam-ldapd on F-14 or higher instead of nss_ldap (#606847)
|
|
|
bb0ded |
- Drop a slew of conditionals on older Fedora releases (< 12)
|
|
|
bb0ded |
- Add a few conditionals against RHEL 6
|
|
|
bb0ded |
- Add Requires of nss-tools on ipa-client
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Aug 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-27
|
|
|
bb0ded |
- Set minimum version of certmonger to 0.26 (to pck up #621670)
|
|
|
bb0ded |
- Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm)
|
|
|
bb0ded |
- Set minimum version of pki-ca to 1.3.6
|
|
|
bb0ded |
- Set minimum version of sssd to 1.2.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Aug 10 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-26
|
|
|
bb0ded |
- Add BuildRequires for authconfig
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jul 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-25
|
|
|
bb0ded |
- Bump up minimum version of python-nss to pick up nss_is_initialize() API
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jun 24 2010 Adam Young <ayoung@redhat.com> - 1.99-24
|
|
|
bb0ded |
- Removed python-asset based webui
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jun 24 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-23
|
|
|
bb0ded |
- Change Requires from fedora-ds-base to 389-ds-base
|
|
|
bb0ded |
- Set minimum level of 389-ds-base to 1.2.6 for the replication
|
|
|
bb0ded |
version plugin.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jun 1 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-22
|
|
|
bb0ded |
- Drop Requires of python-krbV on ipa-client
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon May 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-21
|
|
|
bb0ded |
- Load ipa_dogtag.pp in post install
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Apr 26 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-20
|
|
|
bb0ded |
- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Mar 4 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-19
|
|
|
bb0ded |
- No need to create /var/log/ipa_error.log since we aren't using
|
|
|
bb0ded |
TurboGears any more.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Mar 1 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-18
|
|
|
bb0ded |
- Fixed share/ipa/wsgi.py so .pyc, .pyo files are included
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 24 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-17
|
|
|
bb0ded |
- Added Require mod_wsgi, added share/ipa/wsgi.py
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 11 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-16
|
|
|
bb0ded |
- Require python-wehjit >= 0.2.2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Feb 3 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-15
|
|
|
bb0ded |
- Add sssd and certmonger as a Requires on ipa-client
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jan 27 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-14
|
|
|
bb0ded |
- Require python-wehjit >= 0.2.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-13
|
|
|
bb0ded |
- Add ipa-rmkeytab tool
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Dec 1 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-12
|
|
|
bb0ded |
- Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1
|
|
|
bb0ded |
Any type
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Nov 25 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-11
|
|
|
bb0ded |
- Remove v1-style /etc/ipa/ipa.conf, replacing with /etc/ipa/default.conf
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Nov 13 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-10
|
|
|
bb0ded |
- Add bash completion script and own /etc/bash_completion.d in case it
|
|
|
bb0ded |
doesn't already exist
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Nov 3 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-9
|
|
|
bb0ded |
- Remove ipa_webgui, its functions rolled into ipa_httpd
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Oct 12 2009 Jason Gerard DeRose <jderose@redhat.com> - 1.99-8
|
|
|
bb0ded |
- Removed python-cherrypy from BuildRequires and Requires
|
|
|
bb0ded |
- Added Requires python-assets, python-wehjit
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Aug 24 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-7
|
|
|
bb0ded |
- Added httpd SELinux policy so CRLs can be read
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu May 21 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-6
|
|
|
bb0ded |
- Move ipalib to ipa-python subpackage
|
|
|
bb0ded |
- Bump minimum version of slapi-nis to 0.15
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed May 6 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-5
|
|
|
bb0ded |
- Set 0.14 as minimum version for slapi-nis
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Apr 22 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-4
|
|
|
bb0ded |
- Add Requires: python-nss to ipa-python sub-package
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Mar 5 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-3
|
|
|
bb0ded |
- Remove the IPA DNA plugin, use the DS one
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Mar 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-2
|
|
|
bb0ded |
- Build radius separately
|
|
|
bb0ded |
- Fix a few minor issues
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Feb 3 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-1
|
|
|
bb0ded |
- Replace TurboGears requirement with python-cherrypy
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.1-3
|
|
|
bb0ded |
- rebuild with new openssl
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.2.1-2
|
|
|
bb0ded |
- Fix SELinux code
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Dec 15 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-1
|
|
|
bb0ded |
- Fix breakage caused by python-kerberos update to 1.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 5 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-0
|
|
|
bb0ded |
- New upstream release 1.2.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.0-4
|
|
|
bb0ded |
- Rebuild for Python 2.6
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Nov 14 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-3
|
|
|
bb0ded |
- Respin after the tarball has been re-released upstream
|
|
|
bb0ded |
New hash is 506c9c92dcaf9f227cba5030e999f177
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Nov 13 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-2
|
|
|
bb0ded |
- Conditionally restart also dirsrv and httpd when upgrading
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.2.0-1
|
|
|
bb0ded |
- Update to upstream version 1.2.0
|
|
|
bb0ded |
- Set fedora-ds-base minimum version to 1.1.3 for winsync header
|
|
|
bb0ded |
- Set the minimum version for SELinux policy
|
|
|
bb0ded |
- Remove references to Fedora 7
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jul 23 2008 Simo Sorce <ssorce@redhat.com> - 1.1.0-3
|
|
|
bb0ded |
- Fix for CVE-2008-3274
|
|
|
bb0ded |
- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface
|
|
|
bb0ded |
- Add fix for bug #453185
|
|
|
bb0ded |
- Rebuild against openldap libraries, mozldap ones do not work properly
|
|
|
bb0ded |
- TurboGears is currently broken in rawhide. Added patch to not build
|
|
|
bb0ded |
the UI locales and removed them from the ipa-server files section.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-2
|
|
|
bb0ded |
- Add call to /usr/sbin/upgradeconfig to post install
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Jun 11 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-1
|
|
|
bb0ded |
- Update to upstream version 1.1.0
|
|
|
bb0ded |
- Patch for indexing memberof attribute
|
|
|
bb0ded |
- Patch for indexing uidnumber and gidnumber
|
|
|
bb0ded |
- Patch to change DNA default values for replicas
|
|
|
bb0ded |
- Patch to fix uninitialized variable in ipa-getkeytab
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri May 16 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-5
|
|
|
bb0ded |
- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum
|
|
|
bb0ded |
version to 1.0.7-4 so we pick up the NSS fixes.
|
|
|
bb0ded |
- Add selinux-policy-base(post) to Requires (446496)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Apr 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-4
|
|
|
bb0ded |
- Add missing entry for /var/cache/ipa/kpasswd (444624)
|
|
|
bb0ded |
- Added patch to fix permissions problems with the Apache NSS database.
|
|
|
bb0ded |
- Added patch to fix problem with DNS querying where the query could be
|
|
|
bb0ded |
returned as the answer.
|
|
|
bb0ded |
- Fix spec error where patch1 was in the wrong section
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3
|
|
|
bb0ded |
- Added patch to fix problem reported by ldapmodify
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
|
|
|
bb0ded |
- Fix Requires for krb5-server that was missing for Fedora versions > 9
|
|
|
bb0ded |
- Remove quotes around test for fedora version to package egg-info
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Apr 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
|
|
|
bb0ded |
- Update to upstream version 1.0.0
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Mar 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-12
|
|
|
bb0ded |
- Pull upstream changelog 722
|
|
|
bb0ded |
- Add Conflicts mod_ssl (435360)
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Feb 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-11
|
|
|
bb0ded |
- Pull upstream changelog 698
|
|
|
bb0ded |
- Fix ownership of /var/log/ipa_error.log during install (435119)
|
|
|
bb0ded |
- Add pwpolicy command and man page
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-10
|
|
|
bb0ded |
- Pull upstream changelog 678
|
|
|
bb0ded |
- Add new subpackage, ipa-server-selinux
|
|
|
bb0ded |
- Add Requires: authconfig to ipa-python (bz #433747)
|
|
|
bb0ded |
- Package i18n files
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Feb 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-9
|
|
|
bb0ded |
- Pull upstream changelog 641
|
|
|
bb0ded |
- Require minimum version of krb5-server on F-7 and F-8
|
|
|
bb0ded |
- Package some new files
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> 0.99-8
|
|
|
bb0ded |
- Marked with wrong license. IPA is GPLv2.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-7
|
|
|
bb0ded |
- Ensure that /etc/ipa exists before moving user-modifiable html files there
|
|
|
bb0ded |
- Put html files into /etc/ipa/html instead of /etc/ipa
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-6
|
|
|
bb0ded |
- Pull upstream changelog 608 which renamed several files
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-5
|
|
|
bb0ded |
- package the sessions dir /var/cache/ipa/sessions
|
|
|
bb0ded |
- Pull upstream changelog 597
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-4
|
|
|
bb0ded |
- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
|
|
|
bb0ded |
UI to not start.
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-3
|
|
|
bb0ded |
- Included LICENSE and README in all packages for documentation
|
|
|
bb0ded |
- Move user-modifiable content to /etc/ipa and linked back to
|
|
|
bb0ded |
/usr/share/ipa/html
|
|
|
bb0ded |
- Changed some references to /usr to the {_usr} macro and /etc
|
|
|
bb0ded |
to {_sysconfdir}
|
|
|
bb0ded |
- Added popt-devel to BuildRequires for Fedora 8 and higher and
|
|
|
bb0ded |
popt for Fedora 7
|
|
|
bb0ded |
- Package the egg-info for Fedora 9 and higher for ipa-python
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> 0.99-2
|
|
|
bb0ded |
- Added auto* BuildRequires
|
|
|
bb0ded |
|
|
|
bb0ded |
* Mon Jan 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-1
|
|
|
bb0ded |
- Unified spec file
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
|
|
|
bb0ded |
- Fixed License in specfile
|
|
|
bb0ded |
- Include files from /usr/lib/python*/site-packages/ipaserver
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
|
|
|
bb0ded |
- Version bump for release
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1
|
|
|
bb0ded |
- Preverse mode on ipa-keytab-util
|
|
|
bb0ded |
- Version bump for relase and rpm name change
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2
|
|
|
bb0ded |
- Broke invididual Requires and BuildRequires onto separate lines and
|
|
|
bb0ded |
reordered them
|
|
|
bb0ded |
- Added python-tgexpandingformwidget as a dependency
|
|
|
bb0ded |
- Require at least fedora-ds-base 1.1
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
|
|
|
bb0ded |
- Version bump for release
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6
|
|
|
bb0ded |
- Add dep for freeipa-admintools and acl
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5
|
|
|
bb0ded |
- Add dependency for python-krbV
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4
|
|
|
bb0ded |
- Require mod_nss-1.0.7-2 for mod_proxy fixes
|
|
|
bb0ded |
|
|
|
bb0ded |
* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3
|
|
|
bb0ded |
- Convert to autotools-based build
|
|
|
bb0ded |
|
|
|
bb0ded |
* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
|
|
|
bb0ded |
- Added support for libipa-dna-plugin
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1
|
|
|
bb0ded |
- Added support for ipa_kpasswd and ipa_pwd_extop
|
|
|
bb0ded |
|
|
|
bb0ded |
* Sun Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
|
|
|
bb0ded |
- Abstracted client class to work directly or over RPC
|
|
|
bb0ded |
|
|
|
bb0ded |
* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2
|
|
|
bb0ded |
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
|
|
|
bb0ded |
- Remove references to admin server in ipa-server-setupssl
|
|
|
bb0ded |
- Generate a client certificate for the XML-RPC server to connect to LDAP with
|
|
|
bb0ded |
- Create a keytab for Apache
|
|
|
bb0ded |
- Create an ldif with a test user
|
|
|
bb0ded |
- Provide a certmap.conf for doing SSL client authentication
|
|
|
bb0ded |
|
|
|
bb0ded |
* Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1
|
|
|
bb0ded |
- Initial rpm version
|