Imported Debian patch 4.7.2-3

ipaplatform/fedora/constants.py

@@ -10,12 +10,6 @@ This Fedora base platform module exports platform related constants.
 from __future__ import absolute_import
 
 from ipaplatform.redhat.constants import RedHatConstantsNamespace
-from ipaplatform.osinfo import osinfo
-
-# Fedora 28 and earlier use /etc/sysconfig/nfs
-# Fedora 30 and later use /etc/nfs.conf
-# Fedora 29 has both
-HAS_NFS_CONF = osinfo.version_number >= (30,)
 
 
 class FedoraConstantsNamespace(RedHatConstantsNamespace):
@@ -24,7 +18,10 @@ class FedoraConstantsNamespace(RedHatConstantsNamespace):
     MOD_WSGI_PYTHON2 = "modules/mod_wsgi.so"
     MOD_WSGI_PYTHON3 = "modules/mod_wsgi_python3.so"
 
-    if HAS_NFS_CONF:
-        SECURE_NFS_VAR = None
+    # System-wide crypto policy, but without TripleDES, pre-shared key,
+    # secure remote password, and DSA cert authentication.
+    # see https://fedoraproject.org/wiki/Changes/CryptoPolicy
+    TLS_HIGH_CIPHERS = "PROFILE=SYSTEM:!3DES:!PSK:!SRP:!aDSS"
+
 
 constants = FedoraConstantsNamespace()

ipaplatform/fedora/paths.py

@@ -26,7 +26,6 @@ in Fedora-based systems.
 from __future__ import absolute_import
 
 from ipaplatform.redhat.paths import RedHatPathNamespace
-from ipaplatform.fedora.constants import HAS_NFS_CONF
 
 
 class FedoraPathNamespace(RedHatPathNamespace):
@@ -34,8 +33,6 @@ class FedoraPathNamespace(RedHatPathNamespace):
         "/etc/httpd/conf.modules.d/02-ipa-wsgi.conf"
     )
     NAMED_CRYPTO_POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
-    if HAS_NFS_CONF:
-        SYSCONFIG_NFS = '/etc/nfs.conf'
 
 
 paths = FedoraPathNamespace()

ipaplatform/fedora/services.py

@@ -24,12 +24,21 @@ Contains Fedora-specific service class implementations.
 
 from __future__ import absolute_import
 
+from ipaplatform.osinfo import osinfo
 from ipaplatform.redhat import services as redhat_services
 
 # Mappings from service names as FreeIPA code references to these services
 # to their actual systemd service names
 fedora_system_units = redhat_services.redhat_system_units.copy()
 
+# Fedora 28 and earlier have fedora-domainname.service. Starting from
+# Fedora 29, the service is called nis-domainname.service as defined in
+# ipaplatform.redhat.services.
+HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28
+
+if HAS_FEDORA_DOMAINNAME_SERVICE:
+    fedora_system_units['domainname'] = 'fedora-domainname.service'
+
 
 # Service classes that implement Fedora-specific behaviour
 
@@ -41,6 +50,8 @@ class FedoraService(redhat_services.RedHatService):
 # of specified name
 
 def fedora_service_class_factory(name, api=None):
+    if HAS_FEDORA_DOMAINNAME_SERVICE and name == 'domainname':
+        return FedoraService(name, api)
     return redhat_services.redhat_service_class_factory(name, api)
 
 

ipaplatform/fedora/tasks.py

@@ -25,22 +25,11 @@ This module contains default Fedora-specific implementations of system tasks.
 
 from __future__ import absolute_import
 
-from ipapython import directivesetter
 from ipaplatform.redhat.tasks import RedHatTaskNamespace
-from ipaplatform.paths import paths
 
 
 class FedoraTaskNamespace(RedHatTaskNamespace):
-
-    def configure_httpd_protocol(self):
-        # On Fedora 31 and earlier DEFAULT crypto-policy has TLS 1.0 and 1.1
-        # enabled.
-        directivesetter.set_directive(
-            paths.HTTPD_SSL_CONF,
-            'SSLProtocol',
-            "all -SSLv3 -TLSv1 -TLSv1.1",
-            False
-        )
+    pass
 
 
 tasks = FedoraTaskNamespace()