websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: websms:upstream/4.3.1
Branches Tags
websms:master websms:pristine-tar websms:upstream
websms:debian/4.12.4-1 websms:upstream/4.12.4 websms:debian/4.8.10-2_1633258737 websms:debian/4.8.10-2 websms:upstream/4.8.10 websms:debian/4.3.1-0ubuntu1 websms:upstream/4.3.1 websms:debian/4.7.2-3_1633255473 websms:debian/4.7.2-3 websms:upstream/4.7.2 websms:debian/4.0.5-6_numeezy_1628560756 websms:debian/4.0.5-6_numeezy websms:upstream/4.0.5 websms:debian/4.6.2-4_numeezy websms:upstream/4.6.2
...
compare: websms:debian/4.0.5-6_numeezy
Branches Tags
websms:master websms:pristine-tar websms:upstream
websms:debian/4.12.4-1 websms:upstream/4.12.4 websms:debian/4.8.10-2_1633258737 websms:debian/4.8.10-2 websms:upstream/4.8.10 websms:debian/4.3.1-0ubuntu1 websms:upstream/4.3.1 websms:debian/4.7.2-3_1633255473 websms:debian/4.7.2-3 websms:upstream/4.7.2 websms:debian/4.0.5-6_numeezy_1628560756 websms:debian/4.0.5-6_numeezy websms:upstream/4.0.5 websms:debian/4.6.2-4_numeezy websms:upstream/4.6.2

2 Commits
upstream/4 ... debian/4.0

Author SHA1 Message Date
Alexandre Ellert
2c5b897d9d Imported Debian patch 4.0.5-6~numeezy 2021-07-25 07:50:53 +02:00
Alexandre Ellert
c86f4cfde4 Imported Debian patch 4.6.2-4~numeezy 2021-07-25 07:32:52 +02:00
32 changed files with 1914 additions and 0 deletions
Expand all files Collapse all files

3
debian/autoreconf vendored Normal file
View File

@@ -0,0 +1,3 @@
ipa-client
daemons
install

99
debian/changelog vendored Normal file
View File

@@ -0,0 +1,99 @@
freeipa (4.0.5-6~numeezy) jessie; urgency=medium
* Non-maintainer upload.
-- Alexandre Ellert <aellert@numeezy.com> Wed, 17 Feb 2016 15:07:45 +0100
freeipa (4.0.5-6) unstable; urgency=medium
* control Add gnupg-agent to python-freeipa depends, and change gnupg
to gnupg2. (LP: #1492184)
* Rebuild against current krb5, there was an abi break which broke at
least the setup phase.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 24 Sep 2015 23:22:24 +0300
freeipa (4.0.5-5) unstable; urgency=medium
* control: Drop selinux-policy-dev from build-depends, not needed
anymore.
* client.dirs,postrm: Drop removing /etc/pki/nssdb from postrm and let
dpkg handle it. (Closes: #781114)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 09 Apr 2015 17:16:37 +0300
freeipa (4.0.5-4) unstable; urgency=medium
* control: Fix freeipa-tests depends.
* control: Add systemd-sysv to server depends. (Closes: #780386)
* freeipa-client.postrm: Purge /etc/pki if empty. (Closes: #781114)
* add-a-clear-openssl-exception.diff: Add a clear OpenSSL exception.
(Closes: #772136)
* control: Add systemd to build-depends.
* dont-check-for-systemd-pc.diff: Dropped, not needed anymore.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 02 Apr 2015 10:53:55 +0300
freeipa (4.0.5-3) unstable; urgency=medium
* rules: Set JAVA_STACK_SIZE to hopefully avoid FTBFS on exotic archs.
* freeipa-client.postrm: Remove nssdb files on purge. (Closes:
#775387)
* freeipa-client.postinst: Fix bashism with echo. (Closes: #772242)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 04 Mar 2015 14:51:35 +0200
freeipa (4.0.5-2) unstable; urgency=medium
* Team upload.
* Let python-freeipa depend on python-pyasn1, because pyasn1 is imported
by ipalib/pkcs10.py and ipalib/plugins/cert.py.
* debian/copyright: Drop unused PD license section
* debian/copyright: Fix paths of Javascript files
-- Benjamin Drung <benjamin.drung@profitbricks.com> Mon, 24 Nov 2014 12:32:36 +0100
freeipa (4.0.5-1) unstable; urgency=medium
* New upstream release
- Fix CVE-2014-7828. (Closes: #768294)
* control: Update my email address.
* fix-bind-conf.diff, add-debian-platform.diff: Fix bind config
template to use Debian specific paths, and replace named.conf not
named.conf.local. (Closes: #768122)
* rules, -server.postinst: Create /var/cache/bind/data owned by bind
user.
* rules: Fix /var/lib/ipa/backup permissions.
* Add non-standard-dir-perm to server lintian overrides.
* copyright: Fix a typo.
* control: Bump dependency on bind9-dyndb-ldap to 6.0-4~.
* control: Move dependency on python-qrcode and python-yubico from
server to python-freeipa and drop python-selinux which belongs to
pki-server.
* control: Relax libxmlrpc-core-c3-dev buil-dep and 389-ds-base dep
for easier backporting.
* control: Add python-dateutils to server, and python-dbus and python-
memcache to python-freeipa dependencies. (Closes: #768187)
* platform: Handle /etc/default/nfs-common and /etc/default/autofs,
drop NSS_DB_DIR since it's inherited already. (Closes: #769037)
* control: Bump policy to 3.9.6, no changes.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 11 Nov 2014 10:38:52 +0200
freeipa (4.0.4-2) unstable; urgency=medium
* control: Add python-qrcode, python-selinux, python-yubico
to freeipa-server dependencies. (Closes: #767427)
* freeipa-server.postinst: Enable mod_authz_user and mod_deflate too,
but since they should be part of the default apache2 install, don't
disable them on uninstall like the other modules. (Closes: #767425)
* control: Bump server dependency on -mod-nss to 1.0.10-2 which
doesn't enable the module by default.
-- Timo Aaltonen <tjaalton@debian.org> Fri, 31 Oct 2014 11:36:51 +0200
freeipa (4.0.4-1) unstable; urgency=medium
* Initial release (Closes: #734703)
-- Timo Aaltonen <tjaalton@debian.org> Sat, 25 Oct 2014 02:43:59 +0300

1
debian/compat vendored Normal file
View File

@@ -0,0 +1 @@
9

233
debian/control vendored Normal file
View File

@@ -0,0 +1,233 @@
Source: freeipa
Section: net
Priority: extra
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton@debian.org>
Build-Depends:
389-ds-base-dev (>= 1.3.3.2),
check,
debhelper (>= 9),
dh-autoreconf,
dh-python,
dh-systemd,
gettext,
krb5-user,
libcmocka-dev,
libcurl4-nss-dev,
libkrad-dev,
libkrb5-dev (>= 1.12),
libldap2-dev,
libnspr4-dev,
libnss3-dev,
libpopt-dev,
librhino-java,
libsasl2-dev,
libssl-dev,
libsss-idmap-dev,
libsss-nss-idmap-dev,
libsvrcore-dev,
libtalloc-dev,
libtevent-dev,
libunistring-dev,
libverto-dev,
libxmlrpc-core-c3-dev (>= 1.33.06),
python-all-dev,
python-dnspython (>= 1.11.1),
python-kerberos,
python-krbv,
python-ldap,
python-lesscpy,
python-libipa-hbac,
python-lxml,
python-memcache,
python-netaddr,
python-nose,
python-nss,
python-openssl,
python-polib,
python-pyasn1,
python-qrcode (>= 5.0.0),
python-setuptools,
python-sss (>= 1.8.0),
python-yubico,
rhino,
samba-dev,
systemd,
uuid-dev
Standards-Version: 3.9.6
Vcs-Git: git://anonscm.debian.org/pkg-freeipa/freeipa.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-freeipa/freeipa.git
Homepage: http://www.freeipa.org
Package: freeipa-server
Architecture: any
Depends:
389-ds-base (>= 1.3.3.5-2~),
acl,
apache2,
bind9,
bind9-dyndb-ldap (>= 6.0-4~),
certmonger (>= 0.75.14),
dogtag-pki-server-theme,
fonts-font-awesome,
freeipa-admintools (= ${binary:Version}),
freeipa-client (= ${binary:Version}),
krb5-admin-server,
krb5-kdc,
krb5-kdc-ldap,
krb5-pkinit,
ldap-utils,
libapache2-mod-auth-kerb (>= 5.4-2.2~),
libapache2-mod-nss (>= 1.0.10-2~),
libapache2-mod-wsgi,
libjs-dojo-core,
libjs-jquery,
libnss3-tools,
libsasl2-modules-gssapi-mit,
memcached,
ntp,
pki-ca,
python-dateutil,
python-freeipa (= ${binary:Version}),
python-krbv,
python-ldap,
python-pyasn1,
slapi-nis (>= 0.54),
systemd-sysv,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Description: FreeIPA centralized identity framework -- server
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This is the server package.
Package: freeipa-server-trust-ad
Architecture: any
Depends:
freeipa-server (= ${binary:Version}),
python-libsss-nss-idmap,
python-m2crypto,
python-samba,
samba,
winbind,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Description: FreeIPA centralized identity framework -- AD trust installer
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
dependencies at once.
Package: freeipa-client
Architecture: any
Depends:
bind9utils,
certmonger,
dnsutils,
krb5-user,
libcurl3 (>= 7.22.0),
libnss3-tools,
libsasl2-modules-gssapi-mit,
libxmlrpc-core-c3 (>= 1.16.33-3.1ubuntu5),
ntp,
python-dnspython,
python-freeipa (= ${binary:Version}),
python-krbv,
python-ldap,
sssd (>= 1.11.1),
wget,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Suggests: libpam-krb5
Description: FreeIPA centralized identity framework -- client
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This is the client package.
Package: freeipa-admintools
Architecture: any
Depends:
freeipa-client (= ${binary:Version}),
python-freeipa (= ${binary:Version}),
python-krbv,
python-ldap,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Description: FreeIPA centralized identity framework -- admintools
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package contains some tools for administrators.
Package: freeipa-tests
Architecture: any
Depends:
freeipa-client (= ${binary:Version}),
libnss3-tools,
python-coverage,
python-freeipa (= ${binary:Version}),
python-nose,
python-paramiko,
python-paste,
python-polib,
xz-utils,
${misc:Depends},
${python:Depends}
Recommends:
python-yaml,
Description: FreeIPA centralized identity framework -- tests
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package contains tests that verify IPA functionality.
Package: python-freeipa
Architecture: any
Section: python
Depends:
gnupg2,
gnupg-agent,
iproute,
keyutils,
python-dbus,
python-dnspython,
python-kerberos,
python-krbv,
python-ldap,
python-libipa-hbac,
python-lxml,
python-memcache,
python-netaddr,
python-nss,
python-openssl,
python-pyasn1,
python-qrcode (>= 5.0.0),
python-yubico,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Description: FreeIPA centralized identity framework -- Python modules
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This Python module is used by other FreeIPA packages.

339
debian/copyright vendored Normal file
View File

@@ -0,0 +1,339 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-name: freeipa
Source: http://freeipa.org/downloads/src/
Files: *
Copyright: 1999-2011 Red Hat, Inc.
License: GPL-3+
Files: daemons/ipa-slapi-plugins/*/*.c
daemons/ipa-slapi-plugins/*/*.h
Copyright: 2005-2010 Red Hat, Inc.
License: GPL-3+ with OpenSSL exception
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
Additional permission under GPLv3 section 7:
.
In the following paragraph, "GPL" means the GNU General Public
License, version 3 or any later version, and "Non-GPL Code" means
code that is governed neither by the GPL nor a license
compatible with the GPL.
.
You may link the code of this Program with Non-GPL Code and convey
linked combinations including the two, provided that such Non-GPL
Code only links to the code of this Program through those well
defined interfaces identified in the file named EXCEPTION found in
the source code files (the "Approved Interfaces"). The files of
Non-GPL Code may instantiate templates or use macros or inline
functions from the Approved Interfaces without causing the resulting
work to be covered by the GPL. Only the copyright holders of this
Program may make changes or additions to the list of Approved
Interfaces.
Files: daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c
Copyright: 2001, Sun Microsystems, Inc. Used by permission.
2013, Red Hat, Inc.
License: GPL-2
Files: install/share/05rfc2247.ldif install/share/certmap.conf.template
Copyright: 2001, Sun Microsystems, Inc.
2005, Red Hat, Inc.
License: GPL-2
Files: install/ui/css/patternfly.css
Copyright: Nicolas Gallagher
Jonathan Neal
License: MIT
Files: install/ui/src/libs/bootstrap.js
Copyright: 2011-2014 Twitter, Inc.
License: MIT
Files: install/ui/src/libs/jquery.js
Copyright: 2005, 2013 jQuery Foundation, Inc.
License: MIT
Files: install/ui/src/libs/json2.js
Copyright: None
License: public-domain
Public Domain.
Files: install/ui/src/libs/qrcode.js
Copyright: 2012, Shim Sangmin
License: MIT
Files: install/ui/less/font-awesome/*
Copyright: 2012-2013, Dave Gandy <drgandy@alum.mit.edu>
License: MIT
Files: install/ui/util/uglifyjs/lib/consolidator.js
Copyright: 2012, Robert Gust-Bardon
License: BSD-2-clause
Files: install/ui/util/uglifyjs/lib/parse-js.js
install/ui/util/uglifyjs/lib/process.js
install/ui/util/uglifyjs/lib/squeeze-more.js
Copyright: 2010, Mihai Bazon <mihai.bazon@gmail.com>
License: BSD-2-clause
Files: install/ui/util/build/build.js
install/ui/util/build/_base/configRhino.js
install/ui/build/dojo/dojo.js
Copyright: 2004-2012, The Dojo Foundation
License: BSD-3-clause or AFL-2.1
Files: install/ui/test/qunit.css install/ui/test/qunit.js
Copyright: 2009, John Resig, Jörn Zaefferer
License: MIT or GPL-2
Files: install/ui/test/qunit.js
Copyright: 2009, John Resig, Jörn Zaefferer
2008, Ariel Flesler
License: MIT or GPL-2 or BSD-2-clause
Files: debian/*
Copyright: Michele Baldessari michele@pupazzo.org>
Timo Aaltonen <tjaalton@ubuntu.com>
License: GPL-2+
License: GPL-2
On Debian machines the full text of the GNU General Public License
version 2 can be found in the file /usr/share/common-licenses/GPL-2.
License: GPL-2+
On Debian machines the full text of the GNU General Public License
version 2 can be found in the file /usr/share/common-licenses/GPL-2.
License: GPL-3+
On Debian machines the full text of the GNU General Public License
version 3 can be found in the file /usr/share/common-licenses/GPL-3.
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
.
* Redistributions of source code must retain the above
copyright notice, this list of conditions and the following
disclaimer.
.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials
provided with the distribution.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the Dojo Foundation nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: MIT
Permission is hereby granted, free of charge, to any person obtaining a copy of this software
and associated documentation files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in all copies or
substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
License: AFL-2.1
This Academic Free License (the "License") applies to any original work of
authorship (the "Original Work") whose owner (the "Licensor") has placed the
following notice immediately following the copyright notice for the Original
Work:
.
Licensed under the Academic Free License version 2.1
.
1) Grant of Copyright License. Licensor hereby grants You a world-wide,
royalty-free, non-exclusive, perpetual, sublicenseable license to do the
following:
.
a) to reproduce the Original Work in copies;
.
b) to prepare derivative works ("Derivative Works") based upon the Original
Work;
.
c) to distribute copies of the Original Work and Derivative Works to the
public;
.
d) to perform the Original Work publicly; and
.
e) to display the Original Work publicly.
.
2) Grant of Patent License. Licensor hereby grants You a world-wide,
royalty-free, non-exclusive, perpetual, sublicenseable license, under patent
claims owned or controlled by the Licensor that are embodied in the Original
Work as furnished by the Licensor, to make, use, sell and offer for sale the
Original Work and Derivative Works.
.
3) Grant of Source Code License. The term "Source Code" means the preferred
form of the Original Work for making modifications to it and all available
documentation describing how to modify the Original Work. Licensor hereby
agrees to provide a machine-readable copy of the Source Code of the Original
Work along with each copy of the Original Work that Licensor distributes.
Licensor reserves the right to satisfy this obligation by placing a
machine-readable copy of the Source Code in an information repository
reasonably calculated to permit inexpensive and convenient access by You for as
long as Licensor continues to distribute the Original Work, and by publishing
the address of that information repository in a notice immediately following
the copyright notice that applies to the Original Work.
.
4) Exclusions From License Grant. Neither the names of Licensor, nor the names
of any contributors to the Original Work, nor any of their trademarks or
service marks, may be used to endorse or promote products derived from this
Original Work without express prior written permission of the Licensor. Nothing
in this License shall be deemed to grant any rights to trademarks, copyrights,
patents, trade secrets or any other intellectual property of Licensor except as
expressly stated herein. No patent license is granted to make, use, sell or
offer to sell embodiments of any patent claims other than the licensed claims
defined in Section 2. No right is granted to the trademarks of Licensor even if
such marks are included in the Original Work. Nothing in this License shall be
interpreted to prohibit Licensor from licensing under different terms from this
License any Original Work that Licensor otherwise would have a right to
license.
.
5) This section intentionally omitted.
.
6) Attribution Rights. You must retain, in the Source Code of any Derivative
Works that You create, all copyright, patent or trademark notices from the
Source Code of the Original Work, as well as any notices of licensing and any
descriptive text identified therein as an "Attribution Notice." You must cause
the Source Code for any Derivative Works that You create to carry a prominent
Attribution Notice reasonably calculated to inform recipients that You have
modified the Original Work.
.
7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that
the copyright in and to the Original Work and the patent rights granted herein
by Licensor are owned by the Licensor or are sublicensed to You under the terms
of this License with the permission of the contributor(s) of those copyrights
and patent rights. Except as expressly stated in the immediately proceeding
sentence, the Original Work is provided under this License on an "AS IS" BASIS
and WITHOUT WARRANTY, either express or implied, including, without limitation,
the warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU.
This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No
license to Original Work is granted hereunder except under this disclaimer.
.
8) Limitation of Liability. Under no circumstances and under no legal theory,
whether in tort (including negligence), contract, or otherwise, shall the
Licensor be liable to any person for any direct, indirect, special, incidental,
or consequential damages of any character arising as a result of this License
or the use of the Original Work including, without limitation, damages for loss
of goodwill, work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses. This limitation of liability shall not
apply to liability for death or personal injury resulting from Licensor's
negligence to the extent applicable law prohibits such limitation. Some
jurisdictions do not allow the exclusion or limitation of incidental or
consequential damages, so this exclusion and limitation may not apply to You.
.
9) Acceptance and Termination. If You distribute copies of the Original Work or
a Derivative Work, You must make a reasonable effort under the circumstances to
obtain the express assent of recipients to the terms of this License. Nothing
else but this License (or another written agreement between Licensor and You)
grants You permission to create Derivative Works based upon the Original Work
or to exercise any of the rights granted in Section 1 herein, and any attempt
to do so except under the terms of this License (or another written agreement
between Licensor and You) is expressly prohibited by U.S. copyright law, the
equivalent laws of other countries, and by international treaty. Therefore, by
exercising any of the rights granted to You in Section 1 herein, You indicate
Your acceptance of this License and all of its terms and conditions.
.
10) Termination for Patent Action. This License shall terminate automatically
and You may no longer exercise any of the rights granted to You by this License
as of the date You commence an action, including a cross-claim or counterclaim,
against Licensor or any licensee alleging that the Original Work infringes a
patent. This termination provision shall not apply for an action alleging
patent infringement by combinations of the Original Work with other software or
hardware.
.
11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this
License may be brought only in the courts of a jurisdiction wherein the
Licensor resides or in which Licensor conducts its primary business, and under
the laws of that jurisdiction excluding its conflict-of-law provisions. The
application of the United Nations Convention on Contracts for the International
Sale of Goods is expressly excluded. Any use of the Original Work outside the
scope of this License or after its termination shall be subject to the
requirements and penalties of the U.S. Copyright Act, 17 U.S.C. § 101 et
seq., the equivalent laws of other countries, and international treaty. This
section shall survive the termination of this License.
.
12) Attorneys Fees. In any action to enforce the terms of this License or
seeking damages relating thereto, the prevailing party shall be entitled to
recover its costs and expenses, including, without limitation, reasonable
attorneys' fees and costs incurred in connection with such action, including
any appeal of such action. This section shall survive the termination of this
License.
.
13) Miscellaneous. This License represents the complete agreement concerning
the subject matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed only to the extent necessary to
make it enforceable.
.
14) Definition of "You" in This License. "You" throughout this License, whether
in upper or lower case, means an individual or a legal entity exercising rights
under, and complying with all of the terms of, this License. For legal
entities, "You" includes any entity that controls, is controlled by, or is
under common control with you. For purposes of this definition, "control" means
(i) the power, direct or indirect, to cause the direction or management of such
entity, whether by contract or otherwise, or (ii) ownership of fifty percent
(50%) or more of the outstanding shares, or (iii) beneficial ownership of such
entity.
.
15) Right to Use. You may use the Original Work in all ways not otherwise
restricted or conditioned by this License or by law, and Licensor promises not
to interfere with or be responsible for such uses by You.
.
This license is Copyright (C) 2003-2004 Lawrence E. Rosen. All rights reserved.
Permission is hereby granted to copy and distribute this license without
modification. This license may not be modified without the express written
permission of its copyright owner.

3
debian/freeipa-client.dirs vendored Normal file
View File

@@ -0,0 +1,3 @@
etc/ipa
etc/pki/nssdb
var/lib/ipa-client/sysrestore

12
debian/freeipa-client.install vendored Normal file
View File

@@ -0,0 +1,12 @@
usr/lib/python*/dist-packages/ipaclient/*.py
usr/sbin/ipa-client-automount
usr/sbin/ipa-client-install
usr/sbin/ipa-getkeytab
usr/sbin/ipa-join
usr/sbin/ipa-rmkeytab
usr/share/man/man1/ipa-client-automount.1.gz
usr/share/man/man1/ipa-client-install.1.gz
usr/share/man/man1/ipa-getkeytab.1.gz
usr/share/man/man1/ipa-join.1.gz
usr/share/man/man1/ipa-rmkeytab.1.gz
usr/share/man/man5/default.conf.5.gz

3
debian/freeipa-client.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,3 @@
# lintian is lying
python-script-but-no-python-dep
possible-bashism-in-maintainer-script

19
debian/freeipa-client.postinst vendored Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/sh
set -e
if [ "$1" = configure ]; then
if [ ! -e /etc/pki/nssdb ]; then
tmp=$(mktemp) || exit
printf "\n" > $tmp
mkdir -p /etc/pki/nssdb
certutil -N -d /etc/pki/nssdb -f $tmp
chmod 644 /etc/pki/nssdb/*
rm $tmp
fi
fi
if [ ! -e /run/ipa ]; then
mkdir -m 0700 /run/ipa
fi
#DEBHELPER#

13
debian/freeipa-client.postrm vendored Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
set -e
if [ "$1" = purge ]; then
rm -rf /var/lib/ipa-client
rm -f /etc/ipa/default.conf
rm -f /etc/pki/nssdb/cert8.db \
/etc/pki/nssdb/key3.db \
/etc/pki/nssdb/secmod.db
fi
#DEBHELPER#

1
debian/freeipa-client.tmpfile vendored Normal file
View File

@@ -0,0 +1 @@
d /var/run/ipa 0700 root root

19
debian/generate-rndc-key.sh vendored Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
. /lib/lsb/init-functions
# This script generates /etc/rndc.key if doesn't exist AND if there is no rndc.conf
if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
echo -n $"Generating /etc/bind/rndc.key:"
if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then
chmod 640 /etc/bind/rndc.key
chown root.bind /etc/bind/rndc.key
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/bind/rndc.key
log_success_msg "/etc/bind/rndc.key generation"
echo
else
log_failure_msg $"/etc/bind/rndc.key generation"
echo
fi
fi

49
debian/patches/add-a-clear-openssl-exception.diff vendored Normal file
View File

@@ -0,0 +1,49 @@
commit d762f61d25508c1856c0fa7dc0ea1e032671542b
Author: Simo Sorce <simo@redhat.com>
Date: Fri Feb 20 08:46:40 2015 -0500
Add a clear OpenSSL exception.
We are linking with OpenSSL in 2 files, so make it clear we intentionally
add a GPLv3 exception to allow that linking by third parties.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
diff --git a/COPYING.openssl b/COPYING.openssl
new file mode 100644
index 0000000..8a92460
--- /dev/null
+++ b/COPYING.openssl
@@ -0,0 +1,16 @@
+ADDITIONAL PERMISSIONS
+
+This file is a modification of the main license file (COPYING), which
+contains the license terms. It applies only to specific files in the
+tree that include an "OpenSSL license exception" disclaimer.
+
+In addition to the governing license (GPLv3), as a special exception,
+the copyright holders give permission to link the code of this program
+with the OpenSSL library, and distribute linked combinations including
+the two.
+You must obey the GNU General Public License in all respects for all of
+the code used other than OpenSSL. If you modify file(s) with this
+exception, you may extend this exception to your version of the file(s),
+but you are not obligated to do so. If you do not wish to do so, delete
+this exception statement from your version. If you delete the exception
+statement from all source files in the program, then also delete it here.
diff --git a/util/ipa_pwd_ntlm.c b/util/ipa_pwd_ntlm.c
index 8ffa666..c6abd4b 100644
--- a/util/ipa_pwd_ntlm.c
+++ b/util/ipa_pwd_ntlm.c
@@ -18,6 +18,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * This file includes an "OpenSSL license exception", see the
+ * COPYING.openssl file for details.
+ *
*/
#include <stdbool.h>

542
debian/patches/add-debian-platform.diff vendored Normal file
View File

@@ -0,0 +1,542 @@
commit b076743f2cdd3a3cb9e8d0e8be7be8c90160fc21
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Fri Mar 1 12:21:00 2013 +0200
add debian platform support
--- /dev/null
+++ b/ipaplatform/debian/__init__.py
@@ -0,0 +1,22 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains Debian specific platform files.
+"""
--- /dev/null
+++ b/ipaplatform/debian/paths.py
@@ -0,0 +1,70 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This Debian base platform module exports default filesystem paths as common
+in Debian-based systems.
+"""
+
+# Fallback to default path definitions
+from ipaplatform.base.paths import BasePathNamespace
+
+
+class DebianPathNamespace(BasePathNamespace):
+ ETC_HTTPD_DIR = "/etc/apache2"
+ HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
+ ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
+ ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
+ HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
+ HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
+ HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf"
+ HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+ HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
+ IPA_KEYTAB = "/etc/apache2/ipa.keytab"
+ HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
+ NAMED_CONF = "/etc/bind/named.conf"
+ NAMED_KEYTAB = "/etc/bind/named.keytab"
+ NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+ OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
+ ETC_DEBIAN_VERSION = "/etc/debian_version"
+ ETC_SYSCONFIG_DIR = "/etc/default"
+ SYSCONFIG_AUTOFS = "/etc/default/autofs"
+ SYSCONFIG_DIRSRV = "/etc/default/dirsrv"
+ SYSCONFIG_DIRSRV_INSTANCE = "/etc/default/dirsrv-%s"
+ SYSCONFIG_DIRSRV_SYSTEMD = "/etc/default/dirsrv.systemd"
+ SYSCONFIG_KRB5KDC_DIR = "/etc/default/krb5-kdc"
+ SYSCONFIG_NFS = "/etc/default/nfs-common"
+ SYSCONFIG_NTPD = "/etc/default/ntp"
+ SYSCONFIG_PKI = "/etc/dogtag/"
+ SYSCONFIG_PKI_TOMCAT = "/etc/default/pki-tomcat"
+ SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/dogtag/tomcat/pki-tomcat"
+ SBIN_SERVICE = "/usr/sbin/service"
+ BIND_LDAP_SO = "/usr/share/doc/bind9-dyndb-ldap/copyright"
+ LIB_SYSTEMD_SYSTEMD_DIR = "/lib/systemd/system/"
+ HTTPD = "/usr/sbin/apache2ctl"
+ SETUP_DS_PL = "/usr/sbin/setup-ds"
+ VAR_KERBEROS_KRB5KDC_DIR = "/var/lib/krb5kdc/"
+ VAR_KRB5KDC_K5_REALM = "/var/lib/krb5kdc/.k5."
+ CACERT_PEM = "/var/lib/krb5kdc/cacert.pem"
+ KRB5KDC_KDC_CONF = "/var/lib/krb5kdc/kdc.conf"
+ KDC_PEM = "/var/lib/krb5kdc/kdc.pem"
+ VAR_LOG_HTTPD_DIR = "/var/log/apache2"
+ GENERATE_RNDC_KEY = "/usr/share/ipa/generate-rndc-key.sh"
+
+paths = DebianPathNamespace()
--- /dev/null
+++ b/ipaplatform/debian/services.py
@@ -0,0 +1,184 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Contains Debian-specific service class implementations.
+"""
+
+import time
+
+from ipaplatform.tasks import tasks
+from ipaplatform.base import services as base_services
+from ipaplatform.redhat import services as redhat_services
+from ipapython import ipautil
+from ipapython.ipa_log_manager import root_logger
+from ipalib import api
+from ipaplatform.paths import paths
+
+# Mappings from service names as FreeIPA code references to these services
+# to their actual systemd service names
+debian_system_units = redhat_services.redhat_system_units
+
+debian_system_units['pki-tomcatd'] = 'pki-tomcatd.service'
+debian_system_units['pki_tomcatd'] = debian_system_units['pki-tomcatd']
+
+# Service classes that implement Debian-specific behaviour
+
+class DebianService(redhat_services.RedHatService):
+ system_units = debian_system_units
+
+
+class DebianSysvService(base_services.PlatformService):
+ def __wait_for_open_ports(self, instance_name=""):
+ """
+ If this is a service we need to wait for do so.
+ """
+ ports = None
+ if instance_name in base_services.wellknownports:
+ ports = base_services.wellknownports[instance_name]
+ else:
+ if self.service_name in base_services.wellknownports:
+ ports = base_services.wellknownports[self.service_name]
+ if ports:
+ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
+ def stop(self, instance_name='', capture_output=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "stop",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ super(DebianSysvService, self).stop(instance_name)
+
+ def start(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "start",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+ super(DebianSysvService, self).start(instance_name)
+
+ def restart(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart",
+ instance_name], capture_output=capture_output)
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+
+ def is_running(self, instance_name=""):
+ ret = True
+ try:
+ (sout, serr, rcode) = ipautil.run([paths.SBIN_SERVICE,
+ self.service_name, "status",
+ instance_name])
+ if sout.find("NOT running") >= 0:
+ ret = False
+ if sout.find("stop") >= 0:
+ ret = False
+ except ipautil.CalledProcessError:
+ ret = False
+ return ret
+
+ def is_installed(self):
+ installed = True
+ try:
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "status"])
+ except ipautil.CalledProcessError, e:
+ if e.returncode == 1:
+ # service is not installed or there is other serious issue
+ installed = False
+ return installed
+
+ def is_enabled(self, instance_name=""):
+ # Services are always assumed to be enabled when installed
+ return True
+
+ def enable(self):
+ return True
+
+ def disable(self):
+ return True
+
+ def install(self):
+ return True
+
+ def remove(self):
+ return True
+
+ def tune_nofile_platform(self):
+ return True
+
+# For services which have no Debian counterpart
+class DebianNoService(base_services.PlatformService):
+ def restart(self):
+ return True
+
+ def disable(self):
+ return True
+
+
+class DebianSSHService(DebianSysvService):
+ def get_config_dir(self, instance_name=""):
+ return '/etc/ssh'
+
+# Function that constructs proper Debian-specific server classes for services
+# of specified name
+
+def debian_service_class_factory(name):
+ if name == 'dirsrv':
+ return redhat_services.RedHatDirectoryService(name)
+ if name == 'domainname':
+ return DebianNoService(name)
+ if name == 'ipa':
+ return redhat_services.RedHatIPAService(name)
+ if name == 'httpd':
+ return DebianSysvService("apache2")
+ if name == 'kadmin':
+ return DebianSysvService("krb5-admin-server")
+ if name == 'krb5kdc':
+ return DebianSysvService("krb5-kdc")
+ if name == 'messagebus':
+ return DebianSysvService("dbus")
+ if name == 'named':
+ return DebianSysvService("bind9")
+ if name == 'ntpd':
+ return DebianSysvService("ntp")
+ if name == 'sshd':
+ return DebianSSHService(name)
+ return DebianService(name)
+
+
+# Magicdict containing DebianService instances.
+
+class DebianServices(base_services.KnownServices):
+ def __init__(self):
+ services = dict()
+ for s in base_services.wellknownservices:
+ services[s] = debian_service_class_factory(s)
+ # Call base class constructor. This will lock services to read-only
+ super(DebianServices, self).__init__(services)
+
+
+# Objects below are expected to be exported by platform module
+
+from ipaplatform.base.services import timedate_services
+service = debian_service_class_factory
+knownservices = DebianServices()
--- /dev/null
+++ b/ipaplatform/debian/tasks.py
@@ -0,0 +1,53 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains default Debian-specific implementations of system tasks.
+"""
+
+from ipaplatform.paths import paths
+from ipaplatform.base.tasks import *
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
+class DebianTaskNamespace(RedHatTaskNamespace):
+
+ def restore_pre_ipa_client_configuration(self, fstore, statestore,
+ was_sssd_installed,
+ was_sssd_configured):
+ return True
+
+ def set_nisdomain(self, nisdomain):
+ return True
+
+ def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
+ return True
+
+ def modify_pam_to_use_krb5(self, statestore):
+ return True
+
+ def insert_ca_cert_into_systemwide_ca_store(self, ca_certs):
+ return True
+
+ def remove_ca_certs_from_systemwide_ca_store(self):
+ return True
+
+ def restore_network_configuration(self, fstore, statestore):
+ return True
+
+tasks = DebianTaskNamespace()
--- a/ipaplatform/setup.py.in
+++ b/ipaplatform/setup.py.in
@@ -67,6 +67,7 @@ def setup_package():
package_dir = {'ipaplatform': ''},
packages = ["ipaplatform",
"ipaplatform.base",
+ "ipaplatform.debian",
"ipaplatform.fedora",
"ipaplatform.redhat",
"ipaplatform.rhel"],
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -46,6 +46,8 @@ class NTPInstance(service.Service):
os = "fedora"
elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
os = "rhel"
+ elif ipautil.file_exists(paths.ETC_DEBIAN_VERSION):
+ os = "debian"
srv_vals = []
srv_vals.append("0.%s.pool.ntp.org" % os)
@@ -105,9 +107,9 @@ class NTPInstance(service.Service):
fd.close()
for line in lines:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
for opt in needopts:
if sline.find(opt['val']) != -1:
opt['need'] = False
@@ -123,12 +125,12 @@ class NTPInstance(service.Service):
for line in lines:
if not done:
sline = line.strip()
- if not sline.startswith('OPTIONS'):
+ if not sline.startswith('NTPD_OPTS'):
fd.write(line)
continue
- sline = sline.replace('"', '')
+ sline = sline.replace('\'', '')
(variable, opts) = sline.split('=', 1)
- fd.write('OPTIONS="%s %s"\n' % (opts, ' '.join(newopts)))
+ fd.write('NTPD_OPTS="%s %s"\n' % (opts, ' '.join(newopts)))
done = True
else:
fd.write(line)
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -247,9 +247,9 @@ class LDAPUpdate:
bits = platform.architecture()[0]
if bits == "64bit":
- return "64"
+ return "/x86_64-linux-gnu"
else:
- return ""
+ return "/i386-linux-gnu"
def _template_str(self, s):
try:
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -118,6 +118,7 @@ class HTTPInstance(service.Service):
self.step("creating a keytab for httpd", self.__create_http_keytab)
self.step("clean up any existing httpd ccache", self.remove_httpd_ccache)
self.step("configuring SELinux for httpd", self.configure_selinux_for_httpd)
+ ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True)
self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable)
@@ -204,14 +205,14 @@ class HTTPInstance(service.Service):
self.move_service(self.principal)
self.add_cert_to_service()
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(paths.IPA_KEYTAB, pent.pw_uid, pent.pw_gid)
def remove_httpd_ccache(self):
# Clean up existing ccache
# Make sure that empty env is passed to avoid passing KRB5CCNAME from
# current env
- ipautil.run(['kdestroy', '-A'], runas='apache', raiseonerr=False, env={})
+ ipautil.run(['kdestroy', '-A'], runas='www-data', raiseonerr=False, env={})
def __configure_http(self):
target_fname = paths.HTTPD_IPA_CONF
@@ -260,11 +261,11 @@ class HTTPInstance(service.Service):
installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSRequireSafeNegotiation', 'on', False)
def __set_mod_nss_passwordfile(self):
- installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:/etc/httpd/conf/password.conf')
+ installutils.set_directive(paths.HTTPD_NSS_CONF, 'NSSPassPhraseDialog', 'file:' + paths.HTTPD_PASSWORD_CONF)
def __add_include(self):
"""This should run after __set_mod_nss_port so is already backed up"""
- if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf.d/ipa-rewrite.conf\n</VirtualHost>') != 0:
+ if installutils.update_file(paths.HTTPD_NSS_CONF, '</VirtualHost>', 'Include conf-available/ipa-rewrite.conf\n</VirtualHost>') != 0:
print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
def __setup_ssl(self):
@@ -305,7 +306,7 @@ class HTTPInstance(service.Service):
os.chmod(certs.NSS_DIR + "/secmod.db", 0660)
os.chmod(certs.NSS_DIR + "/pwdfile.txt", 0660)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(certs.NSS_DIR + "/cert8.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/key3.db", 0, pent.pw_gid )
os.chown(certs.NSS_DIR + "/secmod.db", 0, pent.pw_gid )
@@ -400,6 +401,8 @@ class HTTPInstance(service.Service):
if not running is None:
self.stop()
+ ipautil.run(["/usr/sbin/a2dismod", "nss"], capture_output=True)
+
self.stop_tracking_certificates()
if not enabled is None and not enabled:
self.disable()
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -148,7 +148,7 @@ class ServerCertInstall(admintool.AdminT
os.chmod(os.path.join(dirname, 'key3.db'), 0640)
os.chmod(os.path.join(dirname, 'secmod.db'), 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(os.path.join(dirname, 'cert8.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1130,7 +1130,7 @@ class CAInstance(service.Service):
os.chmod(self.ra_agent_db + "/key3.db", 0640)
os.chmod(self.ra_agent_db + "/secmod.db", 0640)
- pent = pwd.getpwnam("apache")
+ pent = pwd.getpwnam("www-data")
os.chown(self.ra_agent_db + "/cert8.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/key3.db", 0, pent.pw_gid )
os.chown(self.ra_agent_db + "/secmod.db", 0, pent.pw_gid )
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -740,7 +740,7 @@ class CertDB(object):
f.close()
pwdfile.close()
# TODO: replace explicit uid by a platform-specific one
- self.set_perms(self.pwd_conf, uid="apache")
+ self.set_perms(self.pwd_conf, uid="www-data")
def find_root_cert(self, nickname):
"""
--- a/init/ipa_memcached.conf
+++ b/init/ipa_memcached.conf
@@ -1,5 +1,5 @@
SOCKET_PATH=/var/run/ipa_memcached/ipa_memcached
-USER=apache
+USER=www-data
MAXCONN=1024
CACHESIZE=64
OPTIONS=
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -483,7 +483,7 @@ class BindInstance(service.Service):
suffix = ipautil.dn_attribute_property('_suffix')
def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp,
- reverse_zone, named_user="named", zonemgr=None,
+ reverse_zone, named_user="bind", zonemgr=None,
ca_configured=None):
self.named_user = named_user
self.fqdn = fqdn
@@ -874,7 +874,7 @@ class BindInstance(service.Service):
def __generate_rndc_key(self):
installutils.check_entropy()
- ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+ ipautil.run(paths.GENERATE_RNDC_KEY)
def add_master_dns_records(self, fqdn, ip_address, realm_name, domain_name,
reverse_zone, ntp=False, ca_configured=None):
--- a/init/systemd/ipa_memcached.service
+++ b/init/systemd/ipa_memcached.service
@@ -4,7 +4,7 @@ After=network.target
[Service]
Type=forking
-EnvironmentFile=/etc/sysconfig/ipa_memcached
+EnvironmentFile=/etc/default/ipa_memcached
PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS

39
debian/patches/fix-bind-conf.diff vendored Normal file
View File

@@ -0,0 +1,39 @@
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -3,7 +3,7 @@ options {
listen-on-v6 {any;};
// Put files that named is allowed to write in the data/ directory:
- directory "/var/named"; // the default
+ directory "/var/cache/bind"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
@@ -14,7 +14,7 @@ options {
// Any host is permitted to issue recursive queries
allow-recursion { any; };
- tkey-gssapi-keytab "/etc/named.keytab";
+ tkey-gssapi-keytab "/etc/bind/named.keytab";
pid-file "/run/named/named.pid";
dnssec-enable yes;
@@ -32,12 +32,13 @@ logging {
};
};
-zone "." IN {
- type hint;
- file "named.ca";
-};
+// included below
+//zone "." IN {
+// type hint;
+// file "named.ca";
+//};
-include "/etc/named.rfc1912.zones";
+include "/etc/bind/named.conf.default-zones";
dynamic-db "ipa" {
library "ldap.so";

77
debian/patches/fix-hyphen-used-as-minus-sign.patch vendored Normal file
View File

@@ -0,0 +1,77 @@
Description: Fix hyphen-used-as-minus-sign warning (found by Lintian).
See https://lintian.debian.org/tags/hyphen-used-as-minus-sign.html for
an explanation.
Author: Benjamin Drung <benjamin.drung@profitbricks.com>
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -107,7 +107,7 @@ The name of the user with administrative
\fB\-a\fR, \fB\-\-admin\-password\fR=\fIpassword\fR
The password of the user with administrative privileges for this IPA server. Will be asked interactively if \fB\-U\fR is not specified.
.TP
-The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Directory domain via 'ipa trust-add --type=ad' command.
+The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Directory domain via 'ipa trust\-add \-\-type=ad' command.
.TP
\fB\-\-enable\-compat\fR
Enables support for trusted domains users for old clients through Schema Compatibility plugin.
--- a/install/tools/man/ipa-replica-conncheck.1
+++ b/install/tools/man/ipa-replica-conncheck.1
@@ -70,13 +70,13 @@ Output only errors
.SH "EXAMPLES"
.TP
-\fBipa-replica-conncheck -m master.example.com\fR
+\fBipa\-replica\-conncheck \-m master.example.com\fR
Run a replica machine connection check against a remote master \fImaster.example.com\fR. If the connection to the remote master machine is successful the program will switch to listening mode and prompt for running the master machine part. The second part check the connection from master to replica.
.TP
-\fBipa-replica-conncheck -R replica.example.com\fR
+\fBipa\-replica\-conncheck \-R replica.example.com\fR
Run a master machine connection check part. This is either run automatically by replica part of the connection check program (when \fI-a\fR option is set) or manually by the user. A running ipa-replica-conncheck(1) in a listening mode must be already running on a replica machine.
.TP
-\fBipa-replica-conncheck -m master.example.com -a -r EXAMPLE.COM -w password\fR
+\fBipa\-replica\-conncheck \-m master.example.com \-a \-r EXAMPLE.COM \-w password\fR
Run a replica\-master connection check. In case of a success switch to listening mode, automatically log to \fImaster.example.com\fR in a realm \fIEXAMPLE.COM\fR with a password \fIpassword\fR and run the second part of the connection check.
.SH "EXIT STATUS"
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -49,7 +49,7 @@ Create home directories for users on the
The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures.
.TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
-The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
+The IP address of this server. If this address does not match the address the host resolves to and \-\-setup\-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure NTP
--- a/ipatests/man/ipa-test-config.1
+++ b/ipatests/man/ipa-test-config.1
@@ -22,7 +22,7 @@ ipa\-test\-config \- Generate FreeIPA te
.SH "SYNOPSIS"
ipa\-test\-config [options]
.br
-ipa\-test\-config [options] --global
+ipa\-test\-config [options] \-\-global
.br
ipa\-test\-config [options] hostname
.SH "DESCRIPTION"
@@ -37,7 +37,7 @@ If run without arguments, it prints out
host.
Another host may be specified as an argument, or via the \-\-master,
\-\-replica, and \-\-client options.
-With the --global option, it prints only configuration that is not specific to
+With the \-\-global option, it prints only configuration that is not specific to
any host.
.SH "OPTIONS"
--- a/ipatests/man/ipa-test-task.1
+++ b/ipatests/man/ipa-test-task.1
@@ -20,7 +20,7 @@
.SH "NAME"
ipa\-test\-task \- Run a task for FreeIPA testing
.SH "SYNOPSIS"
-ipa\-test\-task -h
+ipa\-test\-task \-h
.br
ipa\-test\-task [global-options] TASK [task-options]
.SH "DESCRIPTION"

49
debian/patches/fix-ipa-conf.diff vendored Normal file
View File

@@ -0,0 +1,49 @@
Description: Fix paths
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -38,7 +38,7 @@ FileETag None
# FIXME: WSGISocketPrefix is a server-scope directive. The mod_wsgi package
# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf:
-WSGISocketPrefix /run/httpd/wsgi
+WSGISocketPrefix /run/apache2/wsgi
# Configure mod_wsgi handler for /ipa
@@ -71,7 +71,7 @@ KrbConstrainedDelegationLock ipa
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms $REALM
- Krb5KeyTab /etc/httpd/conf/ipa.keytab
+ Krb5KeyTab /etc/apache2/ipa.keytab
KrbSaveCredentials on
KrbConstrainedDelegation on
Require valid-user
@@ -138,8 +138,8 @@ Alias /ipa/crl "$CRL_PUBLISH_PATH"
# List explicitly only the fonts we want to serve
-Alias /ipa/ui/fonts/open-sans "/usr/share/fonts/open-sans"
-Alias /ipa/ui/fonts/fontawesome "/usr/share/fonts/fontawesome"
+Alias /ipa/ui/fonts/open-sans "/usr/share/fonts/truetype/open-sans"
+Alias /ipa/ui/fonts/fontawesome "/usr/share/fonts/truetype/font-awesome"
<Directory "/usr/share/fonts">
SetHandler None
AllowOverride None
@@ -175,14 +175,14 @@ Alias /ipa/wsgi "/usr/share/ipa/wsgi"
</Directory>
# Protect our CGIs
-<Directory /var/www/cgi-bin>
+<Directory /usr/lib/cgi-bin>
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms $REALM
- Krb5KeyTab /etc/httpd/conf/ipa.keytab
+ Krb5KeyTab /etc/apache2/ipa.keytab
KrbSaveCredentials on
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html

93
debian/patches/fix-manpage-has-errors-from-man.patch vendored Normal file
View File

@@ -0,0 +1,93 @@
Description: Fix manpage-has-errors-from-man warning (found by Lintian).
See https://lintian.debian.org/tags/manpage-has-errors-from-man.html for
an explanation. Issues found were
ipa-client-install.1.gz 208: warning [p 5, 4.0i]: cannot adjust line
default.conf.5.gz 50: warning: macro `np' not defined
Author: Benjamin Drung <benjamin.drung@profitbricks.com>
--- freeipa-4.0.2.orig/ipa-client/man/default.conf.5
+++ freeipa-4.0.2/ipa-client/man/default.conf.5
@@ -47,14 +47,14 @@ Valid lines consist of an option name, a
Values should not be quoted, the quotes will not be stripped.
-.np
+.DS L
# Wrong \- don't include quotes
verbose = "True"
# Right \- Properly formatted options
verbose = True
verbose=True
-.fi
+.DE
Options must appear in the section named [global]. There are no other sections defined or used currently.
--- freeipa-4.0.2.orig/ipa-client/man/ipa-client-install.1
+++ freeipa-4.0.2/ipa-client/man/ipa-client-install.1
@@ -205,35 +205,47 @@ Unattended uninstallation. The user will
.TP
Files that will be replaced if SSSD is configured (default):
-/etc/sssd/sssd.conf\p
+/etc/sssd/sssd.conf
.TP
Files that will be replaced if they exist and SSSD is not configured (\-\-no\-sssd):
-/etc/ldap.conf\p
-/etc/nss_ldap.conf\p
-/etc/libnss\-ldap.conf\p
-/etc/pam_ldap.conf\p
-/etc/nslcd.conf\p
+/etc/ldap.conf
+.br
+/etc/nss_ldap.conf
+.br
+/etc/libnss\-ldap.conf
+.br
+/etc/pam_ldap.conf
+.br
+/etc/nslcd.conf
.TP
Files replaced if NTP is enabled:
-/etc/ntp.conf\p
-/etc/sysconfig/ntpd\p
-/etc/ntp/step\-tickers\p
+/etc/ntp.conf
+.br
+/etc/sysconfig/ntpd
+.br
+/etc/ntp/step\-tickers
.TP
Files always created (replacing existing content):
-/etc/krb5.conf\p
-/etc/ipa/ca.crt\p
-/etc/ipa/default.conf\p
-/etc/openldap/ldap.conf\p
+/etc/krb5.conf
+.br
+/etc/ipa/ca.crt
+.br
+/etc/ipa/default.conf
+.br
+/etc/openldap/ldap.conf
.TP
Files updated, existing content is maintained:
-/etc/nsswitch.conf\p
-/etc/pki/nssdb\p
-/etc/krb5.keytab\p
-/etc/sysconfig/network\p
+/etc/nsswitch.conf
+.br
+/etc/pki/nssdb
+.br
+/etc/krb5.keytab
+.br
+/etc/sysconfig/network
.SH "EXIT STATUS"
0 if the installation was successful

11
debian/patches/fix-match-hostname.diff vendored Normal file
View File

@@ -0,0 +1,11 @@
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@@ -25,7 +25,7 @@ from ipalib.errors import PasswordMismat
from ipalib.request import context
from ipalib.frontend import Local
-from backports.ssl_match_hostname import match_hostname
+from ssl import match_hostname
import base64
import uuid
import urllib

13
debian/patches/fix-pykerberos-api.diff vendored Normal file
View File

@@ -0,0 +1,13 @@
Description: we have a newer pykerberos than Fedora
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 81e7aa3..ce5f2a0 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -380,7 +380,7 @@ class KerbTransport(SSLTransport):
service = "HTTP@" + host.split(':')[0]
try:
- (rc, vc) = kerberos.authGSSClientInit(service, self.flags)
+ (rc, vc) = kerberos.authGSSClientInit(service, gssflags=self.flags)
except kerberos.GSSError, e:
self._handle_exception(e)

14
debian/patches/fix-typo.patch vendored Normal file
View File

@@ -0,0 +1,14 @@
Description: Fix typo
Author: Benjamin Drung <benjamin.drung@profitbricks.com>
--- a/ipa-client/man/default.conf.5
+++ b/ipa-client/man/default.conf.5
@@ -140,7 +140,7 @@
in the logger tree. The dot character is also a regular
expression metacharacter (matches any character) therefore you
will usually need to escape the dot in the logger names by
-preceeding it with a backslash.
+preceding it with a backslash.
.TP
.B mode <mode>
Specifies the mode the server is running in. The currently support values are \fBproduction\fR and \fBdevelopment\fR. When running in production mode some self\-tests are skipped to improve performance.

11
debian/patches/no-test-lang.diff vendored Normal file
View File

@@ -0,0 +1,11 @@
--- a/Makefile
+++ b/Makefile
@@ -114,7 +114,7 @@ client-dirs:
lint: bootstrap-autogen
./make-lint $(LINT_OPTIONS)
- $(MAKE) -C install/po validate-src-strings
+# $(MAKE) -C install/po validate-src-strings
test:

11
debian/patches/port-ipa-client-automount.diff vendored Normal file
View File

@@ -0,0 +1,11 @@
--- a/ipa-client/ipa-install/ipa-client-automount
+++ b/ipa-client/ipa-install/ipa-client-automount
@@ -311,7 +311,7 @@
Configure secure NFS
"""
replacevars = {
- 'SECURE_NFS': 'yes',
+ 'NEED_GSSD': 'yes',
}
ipautil.backup_config_and_replace_variables(fstore,
NFS_CONF, replacevars=replacevars)

70
debian/patches/prefix.patch vendored Normal file
View File

@@ -0,0 +1,70 @@
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Mon Jan 2 16:09:40 2012 +0200
use the debian layout when installing python modules
--- a/Makefile
+++ b/Makefile
@@ -96,11 +96,11 @@ client-install: client client-dirs
done
cd install/po && $(MAKE) install || exit 1;
if [ "$(DESTDIR)" = "" ]; then \
- $(PYTHON) setup-client.py install; \
- (cd ipaplatform && $(PYTHON) setup.py install); \
+ $(PYTHON) setup-client.py install --install-layout=deb; \
+ (cd ipaplatform && $(PYTHON) setup.py install --install-layout=deb); \
else \
- $(PYTHON) setup-client.py install --root $(DESTDIR); \
- (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR)); \
+ $(PYTHON) setup-client.py install --root $(DESTDIR) --install-layout=deb; \
+ (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \
fi
client-dirs:
@@ -171,11 +171,11 @@ server: version-update
server-install: server
if [ "$(DESTDIR)" = "" ]; then \
- $(PYTHON) setup.py install; \
- (cd ipaplatform && $(PYTHON) setup.py install); \
+ $(PYTHON) setup.py install --install-layout=deb; \
+ (cd ipaplatform && $(PYTHON) setup.py install --install-layout=deb); \
else \
- $(PYTHON) setup.py install --root $(DESTDIR); \
- (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR)); \
+ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
+ (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \
fi
tests: version-update tests-man-autogen
@@ -186,7 +186,7 @@ tests-install: tests
if [ "$(DESTDIR)" = "" ]; then \
cd ipatests; $(PYTHON) setup.py install; \
else \
- cd ipatests; $(PYTHON) setup.py install --root $(DESTDIR); \
+ cd ipatests; $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
cd ipatests/man && $(MAKE) install
--- a/ipapython/Makefile
+++ b/ipapython/Makefile
@@ -14,7 +14,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
python2 setup.py install; \
else \
- python2 setup.py install --root $(DESTDIR); \
+ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
--- a/ipapython/py_default_encoding/Makefile
+++ b/ipapython/py_default_encoding/Makefile
@@ -9,7 +9,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
python2 setup.py install; \
else \
- python2 setup.py install --root $(DESTDIR); \
+ python2 setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
clean:

24
debian/patches/revert-pykerberos-api-change.diff vendored Normal file
View File

@@ -0,0 +1,24 @@
Description: so we don't need to patch pykerberos
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -59,15 +59,12 @@ def json_serialize(obj):
def get_current_principal():
try:
- import kerberos
- rc, vc = kerberos.authGSSClientInit("notempty")
- rc = kerberos.authGSSClientInquireCred(vc)
- username = kerberos.authGSSClientUserName(vc)
- kerberos.authGSSClientClean(vc)
- return unicode(username)
+ # krbV isn't necessarily available on client machines, fail gracefully
+ import krbV
+ return unicode(krbV.default_context().default_ccache().principal().name)
except ImportError:
- raise RuntimeError('python-kerberos is not available.')
- except kerberos.GSSError, e:
+ raise RuntimeError('python-krbV is not available.')
+ except krbV.Krb5Error:
#TODO: do a kinit?
raise errors.CCacheError()

17
debian/patches/series vendored Normal file
View File

@@ -0,0 +1,17 @@
# not upstreamable
work-around-apache-fail.diff
prefix.patch
no-test-lang.diff
port-ipa-client-automount.diff
# send upstream
fix-match-hostname.diff
add-debian-platform.diff
fix-hyphen-used-as-minus-sign.patch
fix-manpage-has-errors-from-man.patch
fix-typo.patch
fix-ipa-conf.diff
fix-pykerberos-api.diff
revert-pykerberos-api-change.diff
fix-bind-conf.diff
add-a-clear-openssl-exception.diff

25
debian/patches/work-around-apache-fail.diff vendored Normal file
View File

@@ -0,0 +1,25 @@
Description: service apache2 restart fails on sid, so don't do that
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1212,7 +1212,8 @@ def main():
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
- http.restart()
+ http.stop()
+ http.start()
# Set the admin user kerberos password
ds.change_admin_password(admin_password)
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -124,7 +124,8 @@ class HTTPInstance(service.Service):
def __start(self):
self.backup_state("running", self.is_running())
- self.restart()
+ self.stop()
+ self.start()
def __enable(self):
self.backup_state("enabled", self.is_running())

9
debian/python-freeipa.install vendored Normal file
View File

@@ -0,0 +1,9 @@
usr/lib/python*/dist-packages/default_encoding_utf8.so
usr/lib/python*/dist-packages/freeipa-*.egg-info
usr/lib/python*/dist-packages/ipalib/*
usr/lib/python*/dist-packages/ipaplatform-*.egg-info
usr/lib/python*/dist-packages/ipaplatform/*
usr/lib/python*/dist-packages/ipapython-*.egg-info
usr/lib/python*/dist-packages/ipapython/*.py
usr/lib/python*/dist-packages/python_default_encoding-*.egg-info
usr/share/locale

105
debian/rules vendored Executable file
View File

@@ -0,0 +1,105 @@
#!/usr/bin/make -f
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
ONLY_CLIENT=1
DESTDIR=$(CURDIR)/debian/tmp
PLATFORM="SUPPORTED_PLATFORM=debian"
JAVA_STACK_SIZE ?= 8m
export JAVA_STACK_SIZE
# For maintainer use only, generate a tarball:
SOURCE = freeipa
gentarball: UV=$(shell dpkg-parsechangelog|awk '/^Version:/ {print $$2}'|sed 's/-.*$$//')
gentarball:
git archive --format=tar upstream --prefix=$(SOURCE)-$(UV)/ | xz --best > ../$(SOURCE)_$(UV).orig.tar.xz
override_dh_auto_clean:
for i in daemons install ipapython ipaserver ipa-client; do \
(cd $$i && [ ! -f Makefile ] || $(MAKE) distclean); \
(cd $$i && rm -f COPYING INSTALL depcomp install-sh missing py-compile config.guess config.sub aclocal.m4 config.h.in version.m4); \
done
find . -name "*.pyo" -o -name "*.pyc" -type f -exec rm -f "{}" \;
find . -name "ltmain.sh" -exec rm -f "{}" \;
find . -name "configure" -exec rm -f "{}" \;
rm -rf daemons/ipa-version.h freeipa.spec freeipa.egg-info ipa-client/ipa-client.spec version.m4
rm -rf ipapython/build RELEASE build
override_dh_autoreconf:
make IPA_VERSION_IS_GIT_SNAPSHOT=no version-update
dh_autoreconf; cd ..
override_dh_auto_configure:
dh_auto_configure -Dipa-client
ifneq ($(ONLY_CLIENT), 1)
dh_auto_configure -Ddaemons -- \
--with-openldap \
--with-systemdsystemunitdir=/lib/systemd/system
dh_auto_configure -Dinstall
endif
override_dh_auto_build:
ifneq ($(ONLY_CLIENT), 1)
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no all
# cd selinux ; make all
else
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client
endif
# tests would just fail, they need a proper environment with 389 running et al
override_dh_auto_test:
override_dh_auto_install:
ifneq ($(ONLY_CLIENT), 1)
# Force re-generate of platform support
rm -f ipapython/services.py
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR)
cd ..
chmod 755 $(DESTDIR)/usr/lib/*/ipa/certmonger/*
mkdir -p $(DESTDIR)/etc/bash_completion.d \
$(DESTDIR)/etc/default \
$(DESTDIR)/usr/share/ipa/html
touch $(DESTDIR)/usr/share/ipa/html/ca.crt
touch $(DESTDIR)/usr/share/ipa/html/configure.jar
touch $(DESTDIR)/usr/share/ipa/html/kerberosauth.xpi
touch $(DESTDIR)/usr/share/ipa/html/krb.con
touch $(DESTDIR)/usr/share/ipa/html/krb.js
touch $(DESTDIR)/usr/share/ipa/html/krb5.ini
touch $(DESTDIR)/usr/share/ipa/html/krbrealm.con
touch $(DESTDIR)/usr/share/ipa/html/preferences.html
install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/etc/bash_completion.d/ipa
install -m 0644 init/ipa_memcached.conf $(DESTDIR)/etc/default/ipa_memcached
install -m 0644 init/systemd/ipa_memcached.service $(DESTDIR)/lib/systemd/system
install -m 0644 init/systemd/ipa.service $(DESTDIR)/lib/systemd/system
install -m 0755 debian/generate-rndc-key.sh $(DESTDIR)/usr/share/ipa
else
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client-install DESTDIR=$(DESTDIR)
endif
# purge .la files
find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \;
# purge precompiled .pyc/.pyo files
find $(CURDIR)/debian/tmp -name '*.py[c,o]' -exec rm '{}' ';'
# fix permissions
find $(CURDIR)/debian/tmp -name "*.mo" -type f -exec chmod -x "{}" \;
override_dh_install:
dh_install --list-missing
ifneq ($(ONLY_CLIENT), 1)
mkdir -m 770 -p $(CURDIR)/debian/freeipa-server/var/cache/bind/data
mkdir -m 700 -p $(CURDIR)/debian/freeipa-server/var/lib/ipa/backup
endif
override_dh_fixperms:
dh_fixperms -X var/cache/bind/data -X var/lib/ipa/backup
%:
dh $@ --with autoreconf,python2,systemd

2
debian/source/format vendored Normal file
View File

@@ -0,0 +1,2 @@
3.0 (quilt)

6
debian/source/lintian-overrides vendored Normal file
View File

@@ -0,0 +1,6 @@
# lintian fails with javascript files
source-is-missing install/ui/build/dojo/dojo.js
source-is-missing install/ui/src/libs/bootstrap.js
source-is-missing install/ui/src/libs/jquery.js
source-is-missing install/ui/src/libs/qrcode.js
source-is-missing install/ui/util/build/build.js

2
debian/watch vendored Normal file
View File

@@ -0,0 +1,2 @@
version=3
http://freeipa.org/page/Downloads http://freeipa.org/downloads/src/freeipa-(.+).tar.gz