websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: websms:upstream/4.3.1
Branches Tags
websms:master websms:pristine-tar websms:upstream
websms:debian/4.12.4-1 websms:upstream/4.12.4 websms:debian/4.8.10-2_1633258737 websms:debian/4.8.10-2 websms:upstream/4.8.10 websms:debian/4.3.1-0ubuntu1 websms:upstream/4.3.1 websms:debian/4.7.2-3_1633255473 websms:debian/4.7.2-3 websms:upstream/4.7.2 websms:debian/4.0.5-6_numeezy_1628560756 websms:debian/4.0.5-6_numeezy websms:upstream/4.0.5 websms:debian/4.6.2-4_numeezy websms:upstream/4.6.2
...
compare: websms:debian/4.3.1-0ubuntu1
Branches Tags
websms:master websms:pristine-tar websms:upstream
websms:debian/4.12.4-1 websms:upstream/4.12.4 websms:debian/4.8.10-2_1633258737 websms:debian/4.8.10-2 websms:upstream/4.8.10 websms:debian/4.3.1-0ubuntu1 websms:upstream/4.3.1 websms:debian/4.7.2-3_1633255473 websms:debian/4.7.2-3 websms:upstream/4.7.2 websms:debian/4.0.5-6_numeezy_1628560756 websms:debian/4.0.5-6_numeezy websms:upstream/4.0.5 websms:debian/4.6.2-4_numeezy websms:upstream/4.6.2

5 Commits
upstream/4 ... debian/4.3

Author SHA1 Message Date
Timo Aaltonen
c44de33144 Imported Debian patch 4.3.1-0ubuntu1 2021-08-10 02:38:02 +02:00
Mario Fetka
1e13001953 Bump 2021-08-10 02:17:54 +02:00
Timo Aaltonen
cf130d9898 Imported Debian patch 4.7.2-3 2021-08-09 20:54:13 +02:00
Alexandre Ellert
2c5b897d9d Imported Debian patch 4.0.5-6~numeezy 2021-07-25 07:50:53 +02:00
Alexandre Ellert
c86f4cfde4 Imported Debian patch 4.6.2-4~numeezy 2021-07-25 07:32:52 +02:00
56 changed files with 3488 additions and 0 deletions
Expand all files Collapse all files

5
debian/TODO vendored Normal file
View File

@@ -0,0 +1,5 @@
4.1 needs
- softhsm 2.x
- dnssec patch in bind9

4
debian/autoreconf vendored Normal file
View File

@@ -0,0 +1,4 @@
asn1
client
daemons
install

221
debian/changelog vendored Normal file
View File

@@ -0,0 +1,221 @@
freeipa (4.3.1-0ubuntu1) xenial; urgency=medium
* Sync from Debian.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 19 Apr 2016 00:15:05 +0300
freeipa (4.3.1-1) unstable; urgency=medium
* New upstream release. (Closes: #781607, #786411) (LP: #1449304)
- drop no-test-lang.diff, obsolete
* fix-match-hostname.diff, control: Drop the patch and python-openssl
deps, not needed anymore
* rules, platform, server.dirs, server.install:
Add support for DNSSEC.
* control, rules: Add support for kdcproxy.
* control, server: Migrate to mod-auth-gssapi.
* control, rules, fix-ipa-conf.diff: Add support for custodia.
* control:
- Add python-cryptography to build-deps and python-freeipa deps.
- Add libp11-kit-dev to build-deps, p11-kit to server deps.
- Depend on python-gssapi instead of python-kerberos/-krbV.
- Add libini-config-dev and python-dbus to build-deps, replace wget
with curl.
- Bump libkrb5-dev build-dep.
- Add pki-base to build-deps and pki-kra to server deps, bump pki-ca
version.
- Drop python-m2crypto from deps, obsolete.
- Bump sssd deps to 1.13.1.
- Add python-six to build-deps and python-freeipa deps.
- Split python stuff from server, client, tests to python-
ipa{server,client,tests}, rename python-freeipa to match and move
translations to freeipa-common. Mark them Arch:all where possible,
and add Breaks/Replaces.
- Add oddjob to server and oddjob-mkhomedir to client deps.
- Add python-setuptools to python-ipalib deps.
- Bump 389-ds-base* deps.
- Bump server and python-ipaserver dependency on python-ldap to 2.4.22
to fix a bug on ipa-server-upgrade.
- Add pki-tools to python-ipaserver deps.
- Add zip to python-ipaserver depends.
- Add python-systemd to server depends.
- Add opendnssec to freeipa-server-dns depends.
- Add python-cffi to python-ipalib depends.
- Bump dep on bind9-dyndb-ldap.
- Bump certmonger dependency to version that has helpers in the correct
place.
* patches:
- prefix.patch: Fix ipalib install too.
- Drop bits of platform.diff and other patches that are now upstream.
- fix-kdcproxy-paths.diff: Fix paths in kdcproxy configs.
- fix-oddjobs.diff: Fix paths and uids in oddjob configs.
- fix-replicainstall.diff: Use ldap instead of ldaps for conncheck.
- fix-dnssec-services.diff: Debianize ipa-dnskeysyncd & ipa-ods-
exporter units.
- create-sysconfig-ods.diff: Create an empty file for opendnssec
daemons, until opendnssec itself is fixed.
- purge-firefox-extension.diff: Clean obsolete kerberosauth.xpi.
- enable-mod-nss-during-setup.diff: Split from platform.diff, call
a2enmod/a2dismod from httpinstance.py.
- fix-memcached.diff: Split from platform.diff, debianize memcached
conf & unit.
- hack-libarch.diff: Don't use fedora libpaths.
* add-debian-platform.diff:
- Update paths.py to include all variables, comment out ones we don't
modify.
- Use systemwide certificate store; put ipa-ca.crt in
/usr/local/share/ca-certificates, and run update-ca-certificates
- Map smb service to smbd (LP: #1543230)
- Don't ship /var/cache/bind/data, fix named.conf a bit.
- Use DebianNoService() for dbus. (LP: #1564981)
- Add more constants
* Split freeipa-server-dns from freeipa-server, add -dns to -server
Recommends.
* server.postinst: Use ipa-server-upgrade.
* admintools: Use the new location for bash completions.
* rules: Remove obsolete configure.jar, preferences.html.
* platform: Fix ipautil.run stdout handling, add support for systemd.
* server.postinst, tmpfile: Create state directories for
mod_auth_gssapi.
* rules, server.install: Install scripts under /usr/lib instead of
multiarch path to avoid hacking the code too much.
* fix-ipa-otpd-install.diff, rules, server.install: Put ipa-otpd in
/usr/lib/ipa instead of directly under multiarch lib path.
* control, server*.install: Move dirsrv plugins from server-trust-ad
to server, needed on upgrades even if trust-ad isn't set up.
* server: Enable mod_proxy_ajp and mod_proxy_http on postinst, disable
on postrm.
* rules: Add SKIP_API_VERSION_CHECK, and adjust directories to clean.
* rules: Don't enable systemd units on install.
* client: Don't create /etc/pki/nssdb on postinst, it's not used
anymore.
* platform.diff, rules, server.install: Drop generate-rndc-key.sh, bind
already generates the keyfile.
-- Timo Aaltonen <tjaalton@debian.org> Mon, 18 Apr 2016 17:40:32 +0300
freeipa (4.1.4-1) experimental; urgency=medium
* New upstream release. (LP: #1492226)
- Refresh patches
- platform-support.diff: Added NAMED_VAR_DIR.
- fix-bind-conf.diff: Dropped, obsolete with above.
- disable-dnssec-support.patch: Disable DNSSEC-support as we're
missing the dependencies for now.
* control: Add python-usb to build-depends and to python-freeipa
depends.
* control: Bump SSSD dependencies.
* control: Add libsofthsm2-dev to build-depends and softhsm2 to server
depends.
* freeipa-{server,client}.install: Add new files.
* control: Bump Depends on slapi-nis for CVE fixes.
* control: Bump 389-ds-base, pki-ca depends.
* control: Drop dogtag-pki-server-theme from server depends, it's not
needed.
* control: Server needs newer python-ldap, bump build-dep too.
* control: Bump certmonger depends.
* control: Bump python-nss depends.
* freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.
* platform: Add DebianNamedService.
* platform, disable-dnssec-support.patch: Fix named.conf template.
* server.postinst: Run ipa-ldap-updater and ipa-upgradeconfig on
postinst.
* Revert DNSSEC changes to schema and ACI, makes upgrade tools fail.
* server.postrm: Clean logs on purge and disable apache modules on
remove/purge.
-- Timo Aaltonen <tjaalton@debian.org> Fri, 25 Sep 2015 14:07:40 +0300
freeipa (4.0.5-6) unstable; urgency=medium
* control Add gnupg-agent to python-freeipa depends, and change gnupg
to gnupg2. (LP: #1492184)
* Rebuild against current krb5, there was an abi break which broke at
least the setup phase.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 24 Sep 2015 23:22:24 +0300
freeipa (4.0.5-5) unstable; urgency=medium
* control: Drop selinux-policy-dev from build-depends, not needed
anymore.
* client.dirs,postrm: Drop removing /etc/pki/nssdb from postrm and let
dpkg handle it. (Closes: #781114)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 09 Apr 2015 17:16:37 +0300
freeipa (4.0.5-4) unstable; urgency=medium
* control: Fix freeipa-tests depends.
* control: Add systemd-sysv to server depends. (Closes: #780386)
* freeipa-client.postrm: Purge /etc/pki if empty. (Closes: #781114)
* add-a-clear-openssl-exception.diff: Add a clear OpenSSL exception.
(Closes: #772136)
* control: Add systemd to build-depends.
* dont-check-for-systemd-pc.diff: Dropped, not needed anymore.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 02 Apr 2015 10:53:55 +0300
freeipa (4.0.5-3) unstable; urgency=medium
* rules: Set JAVA_STACK_SIZE to hopefully avoid FTBFS on exotic archs.
* freeipa-client.postrm: Remove nssdb files on purge. (Closes:
#775387)
* freeipa-client.postinst: Fix bashism with echo. (Closes: #772242)
-- Timo Aaltonen <tjaalton@debian.org> Wed, 04 Mar 2015 14:51:35 +0200
freeipa (4.0.5-2) unstable; urgency=medium
* Team upload.
* Let python-freeipa depend on python-pyasn1, because pyasn1 is imported
by ipalib/pkcs10.py and ipalib/plugins/cert.py.
* debian/copyright: Drop unused PD license section
* debian/copyright: Fix paths of Javascript files
-- Benjamin Drung <benjamin.drung@profitbricks.com> Mon, 24 Nov 2014 12:32:36 +0100
freeipa (4.0.5-1) unstable; urgency=medium
* New upstream release
- Fix CVE-2014-7828. (Closes: #768294)
* control: Update my email address.
* fix-bind-conf.diff, add-debian-platform.diff: Fix bind config
template to use Debian specific paths, and replace named.conf not
named.conf.local. (Closes: #768122)
* rules, -server.postinst: Create /var/cache/bind/data owned by bind
user.
* rules: Fix /var/lib/ipa/backup permissions.
* Add non-standard-dir-perm to server lintian overrides.
* copyright: Fix a typo.
* control: Bump dependency on bind9-dyndb-ldap to 6.0-4~.
* control: Move dependency on python-qrcode and python-yubico from
server to python-freeipa and drop python-selinux which belongs to
pki-server.
* control: Relax libxmlrpc-core-c3-dev buil-dep and 389-ds-base dep
for easier backporting.
* control: Add python-dateutils to server, and python-dbus and python-
memcache to python-freeipa dependencies. (Closes: #768187)
* platform: Handle /etc/default/nfs-common and /etc/default/autofs,
drop NSS_DB_DIR since it's inherited already. (Closes: #769037)
* control: Bump policy to 3.9.6, no changes.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 11 Nov 2014 10:38:52 +0200
freeipa (4.0.4-2) unstable; urgency=medium
* control: Add python-qrcode, python-selinux, python-yubico
to freeipa-server dependencies. (Closes: #767427)
* freeipa-server.postinst: Enable mod_authz_user and mod_deflate too,
but since they should be part of the default apache2 install, don't
disable them on uninstall like the other modules. (Closes: #767425)
* control: Bump server dependency on -mod-nss to 1.0.10-2 which
doesn't enable the module by default.
-- Timo Aaltonen <tjaalton@debian.org> Fri, 31 Oct 2014 11:36:51 +0200
freeipa (4.0.4-1) unstable; urgency=medium
* Initial release (Closes: #734703)
-- Timo Aaltonen <tjaalton@debian.org> Sat, 25 Oct 2014 02:43:59 +0300

1
debian/compat vendored Normal file
View File

@@ -0,0 +1 @@
9

355
debian/control vendored Normal file
View File

@@ -0,0 +1,355 @@
Source: freeipa
Section: net
Priority: extra
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton@debian.org>
Build-Depends:
389-ds-base-dev (>= 1.3.4.0),
check,
debhelper (>= 9),
dh-autoreconf,
dh-python,
dh-systemd,
gettext,
krb5-user,
libcmocka-dev,
libcurl4-nss-dev,
libini-config-dev,
libkrad-dev,
libkrb5-dev (>= 1.13),
libldap2-dev,
libnspr4-dev,
libnss3-dev,
libpopt-dev,
librhino-java,
libsasl2-dev,
libssl-dev,
libsss-idmap-dev,
libsss-nss-idmap-dev (>= 1.13.1),
libsvrcore-dev,
libtalloc-dev,
libtevent-dev,
libunistring-dev,
libverto-dev,
libxmlrpc-core-c3-dev (>= 1.33.06),
pki-base (>= 10.2.6),
python-all-dev,
python-cryptography,
python-dbus,
python-dnspython (>= 1.11.1),
python-gssapi,
python-kdcproxy,
python-ldap (>= 2.4.15),
python-lesscpy,
python-libipa-hbac,
python-lxml,
python-memcache,
python-netaddr,
python-nose,
python-nss (>= 0.16.0),
python-polib,
python-pyasn1,
python-qrcode (>= 5.0.0),
python-setuptools,
python-six,
python-sss (>= 1.13.1),
python-usb (>= 1.0.0~b2),
python-yubico,
rhino,
samba-dev,
systemd,
uuid-dev
Standards-Version: 3.9.6
Vcs-Git: https://anonscm.debian.org/git/pkg-freeipa/freeipa.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/freeipa.git
Homepage: http://www.freeipa.org
Package: freeipa-server
Architecture: any
Breaks: freeipa-server-trust-ad (<< 4.3.0-1)
Replaces: freeipa-server-trust-ad (<< 4.3.0-1)
Depends:
389-ds-base (>= 1.3.4.0),
acl,
apache2,
certmonger (>= 0.78.6-3),
custodia,
fonts-font-awesome,
freeipa-admintools (= ${source:Version}),
freeipa-client (= ${binary:Version}),
freeipa-common (= ${source:Version}),
krb5-admin-server,
krb5-kdc,
krb5-kdc-ldap,
krb5-pkinit,
ldap-utils,
libapache2-mod-auth-gssapi (>= 1.3.0),
libapache2-mod-nss (>= 1.0.10-2~),
libapache2-mod-wsgi,
libjs-dojo-core,
libjs-jquery,
libnss3-tools,
libsasl2-modules-gssapi-mit,
memcached,
ntp,
oddjob (>= 0.34.3-2),
p11-kit,
pki-ca (>= 10.2.6),
pki-kra (>= 10.2.6),
python-dateutil,
python-ipaserver (= ${source:Version}),
python-gssapi,
python-ldap (>= 2.4.22),
python-systemd,
slapi-nis (>= 0.54.2),
softhsm2,
systemd-sysv,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Recommends:
freeipa-server-dns,
Description: FreeIPA centralized identity framework -- server
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This is the server package.
Package: freeipa-server-dns
Architecture: all
Breaks: freeipa-server (<< 4.3.0-1)
Replaces: freeipa-server (<< 4.3.0-1)
Depends:
freeipa-server (>= ${source:Version}),
bind9 (>= 1:9.10.3.dfsg.P4-8),
bind9-dyndb-ldap (>= 8.0-4),
opendnssec (>= 1:1.4.9-2),
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Description: FreeIPA centralized identity framework -- IPA DNS integration
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package adds DNS integration with BIND 9.
Package: freeipa-server-trust-ad
Architecture: any
Depends:
freeipa-common (= ${source:Version}),
freeipa-server (= ${binary:Version}),
python-ipaserver (= ${source:Version}),
python-samba,
samba,
winbind,
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Description: FreeIPA centralized identity framework -- AD trust installer
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
dependencies at once.
Package: freeipa-common
Architecture: all
Breaks: python-freeipa
Replaces: python-freeipa
Depends:
${misc:Depends},
Description: FreeIPA centralized identity framework -- common files
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package includes common files.
Package: freeipa-client
Architecture: any
Depends:
bind9utils,
certmonger (>= 0.78.6-3),
curl,
dnsutils,
freeipa-common (= ${source:Version}),
krb5-user,
libcurl3 (>= 7.22.0),
libnss3-tools,
libsasl2-modules-gssapi-mit,
libxmlrpc-core-c3 (>= 1.16.33-3.1ubuntu5),
ntp,
oddjob-mkhomedir,
python-dnspython,
python-ipaclient (= ${source:Version}),
python-gssapi,
python-ldap,
sssd (>= 1.13.1),
${misc:Depends},
${python:Depends},
${shlibs:Depends}
Suggests: libpam-krb5
Description: FreeIPA centralized identity framework -- client
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This is the client package.
Package: freeipa-admintools
Architecture: all
Depends:
freeipa-client (>= ${source:Version}),
python-ipalib (>= ${source:Version}),
python-gssapi,
python-ldap,
${misc:Depends},
${python:Depends},
Description: FreeIPA centralized identity framework -- admintools
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package contains some tools for administrators.
Package: freeipa-tests
Architecture: all
Depends:
freeipa-client (>= ${source:Version}),
python-ipalib (>= ${source:Version}),
python-ipatests (>= ${source:Version}),
python-pytest,
${misc:Depends},
${python:Depends}
Recommends: python-yaml
Description: FreeIPA centralized identity framework -- tests
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This package contains tests that verify IPA functionality.
Package: python-ipaclient
Architecture: all
Section: python
Breaks: freeipa-client (<< 4.3.0-1)
Replaces: freeipa-client (<< 4.3.0-1)
Depends:
freeipa-common (= ${binary:Version}),
python-dnspython,
python-ipalib (>= ${source:Version}),
${misc:Depends},
${python:Depends},
Description: FreeIPA centralized identity framework -- Python modules for ipaclient
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This Python module is used by FreeIPA client.
Package: python-ipalib
Architecture: any
Section: python
Breaks: python-freeipa
Replaces: python-freeipa
Depends:
freeipa-common (= ${source:Version}),
gnupg2,
gnupg-agent,
iproute,
keyutils,
python-cffi,
python-cryptography,
python-dbus,
python-dnspython,
python-gssapi,
python-jwcrypto,
python-ldap,
python-libipa-hbac,
python-lxml,
python-memcache,
python-netaddr,
python-nss (>= 0.16.0),
python-pyasn1,
python-qrcode (>= 5.0.0),
python-setuptools,
python-six,
python-usb (>= 1.0.0~b2),
python-yubico,
${misc:Depends},
${python:Depends},
${shlibs:Depends},
Description: FreeIPA centralized identity framework -- shared Python modules
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This Python module is used by other FreeIPA packages.
Package: python-ipaserver
Architecture: all
Section: python
Breaks: freeipa-server (<< 4.3.0-1)
Replaces: freeipa-server (<< 4.3.0-1)
Depends:
freeipa-common (= ${binary:Version}),
pki-tools (>= 10.2.6-3),
python-dbus,
python-dnspython,
python-gssapi,
python-ipaclient (= ${binary:Version}),
python-ipalib (>= ${source:Version}),
python-kdcproxy,
python-ldap (>= 2.4.22),
python-libsss-nss-idmap,
python-pyasn1,
zip,
${misc:Depends},
${python:Depends},
Description: FreeIPA centralized identity framework -- Python modules for server
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This Python module is used by FreeIPA server.
Package: python-ipatests
Architecture: all
Section: python
Breaks: freeipa-tests (<< 4.3.0-1)
Replaces: freeipa-tests (<< 4.3.0-1)
Depends:
libnss3-tools,
python-coverage,
python-ipalib (>= ${source:Version}),
python-nose,
python-paramiko,
python-paste,
python-polib,
python-pytest-multihost,
python-pytest-sourceorder,
xz-utils,
${misc:Depends},
${python:Depends}
Recommends: python-yaml
Description: FreeIPA centralized identity framework -- Python modules for tests
FreeIPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).
.
This Python module is used by FreeIPA tests.

339
debian/copyright vendored Normal file
View File

@@ -0,0 +1,339 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-name: freeipa
Source: http://freeipa.org/downloads/src/
Files: *
Copyright: 1999-2011 Red Hat, Inc.
License: GPL-3+
Files: daemons/ipa-slapi-plugins/*/*.c
daemons/ipa-slapi-plugins/*/*.h
Copyright: 2005-2010 Red Hat, Inc.
License: GPL-3+ with OpenSSL exception
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
Additional permission under GPLv3 section 7:
.
In the following paragraph, "GPL" means the GNU General Public
License, version 3 or any later version, and "Non-GPL Code" means
code that is governed neither by the GPL nor a license
compatible with the GPL.
.
You may link the code of this Program with Non-GPL Code and convey
linked combinations including the two, provided that such Non-GPL
Code only links to the code of this Program through those well
defined interfaces identified in the file named EXCEPTION found in
the source code files (the "Approved Interfaces"). The files of
Non-GPL Code may instantiate templates or use macros or inline
functions from the Approved Interfaces without causing the resulting
work to be covered by the GPL. Only the copyright holders of this
Program may make changes or additions to the list of Approved
Interfaces.
Files: daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c
Copyright: 2001, Sun Microsystems, Inc. Used by permission.
2013, Red Hat, Inc.
License: GPL-2
Files: install/share/05rfc2247.ldif install/share/certmap.conf.template
Copyright: 2001, Sun Microsystems, Inc.
2005, Red Hat, Inc.
License: GPL-2
Files: install/ui/css/patternfly.css
Copyright: Nicolas Gallagher
Jonathan Neal
License: MIT
Files: install/ui/src/libs/bootstrap.js
Copyright: 2011-2014 Twitter, Inc.
License: MIT
Files: install/ui/src/libs/jquery.js
Copyright: 2005, 2013 jQuery Foundation, Inc.
License: MIT
Files: install/ui/src/libs/json2.js
Copyright: None
License: public-domain
Public Domain.
Files: install/ui/src/libs/qrcode.js
Copyright: 2012, Shim Sangmin
License: MIT
Files: install/ui/less/font-awesome/*
Copyright: 2012-2013, Dave Gandy <drgandy@alum.mit.edu>
License: MIT
Files: install/ui/util/uglifyjs/lib/consolidator.js
Copyright: 2012, Robert Gust-Bardon
License: BSD-2-clause
Files: install/ui/util/uglifyjs/lib/parse-js.js
install/ui/util/uglifyjs/lib/process.js
install/ui/util/uglifyjs/lib/squeeze-more.js
Copyright: 2010, Mihai Bazon <mihai.bazon@gmail.com>
License: BSD-2-clause
Files: install/ui/util/build/build.js
install/ui/util/build/_base/configRhino.js
install/ui/build/dojo/dojo.js
Copyright: 2004-2012, The Dojo Foundation
License: BSD-3-clause or AFL-2.1
Files: install/ui/test/qunit.css install/ui/test/qunit.js
Copyright: 2009, John Resig, Jörn Zaefferer
License: MIT or GPL-2
Files: install/ui/test/qunit.js
Copyright: 2009, John Resig, Jörn Zaefferer
2008, Ariel Flesler
License: MIT or GPL-2 or BSD-2-clause
Files: debian/*
Copyright: Michele Baldessari michele@pupazzo.org>
Timo Aaltonen <tjaalton@ubuntu.com>
License: GPL-2+
License: GPL-2
On Debian machines the full text of the GNU General Public License
version 2 can be found in the file /usr/share/common-licenses/GPL-2.
License: GPL-2+
On Debian machines the full text of the GNU General Public License
version 2 can be found in the file /usr/share/common-licenses/GPL-2.
License: GPL-3+
On Debian machines the full text of the GNU General Public License
version 3 can be found in the file /usr/share/common-licenses/GPL-3.
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
.
* Redistributions of source code must retain the above
copyright notice, this list of conditions and the following
disclaimer.
.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials
provided with the distribution.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the Dojo Foundation nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: MIT
Permission is hereby granted, free of charge, to any person obtaining a copy of this software
and associated documentation files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in all copies or
substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
License: AFL-2.1
This Academic Free License (the "License") applies to any original work of
authorship (the "Original Work") whose owner (the "Licensor") has placed the
following notice immediately following the copyright notice for the Original
Work:
.
Licensed under the Academic Free License version 2.1
.
1) Grant of Copyright License. Licensor hereby grants You a world-wide,
royalty-free, non-exclusive, perpetual, sublicenseable license to do the
following:
.
a) to reproduce the Original Work in copies;
.
b) to prepare derivative works ("Derivative Works") based upon the Original
Work;
.
c) to distribute copies of the Original Work and Derivative Works to the
public;
.
d) to perform the Original Work publicly; and
.
e) to display the Original Work publicly.
.
2) Grant of Patent License. Licensor hereby grants You a world-wide,
royalty-free, non-exclusive, perpetual, sublicenseable license, under patent
claims owned or controlled by the Licensor that are embodied in the Original
Work as furnished by the Licensor, to make, use, sell and offer for sale the
Original Work and Derivative Works.
.
3) Grant of Source Code License. The term "Source Code" means the preferred
form of the Original Work for making modifications to it and all available
documentation describing how to modify the Original Work. Licensor hereby
agrees to provide a machine-readable copy of the Source Code of the Original
Work along with each copy of the Original Work that Licensor distributes.
Licensor reserves the right to satisfy this obligation by placing a
machine-readable copy of the Source Code in an information repository
reasonably calculated to permit inexpensive and convenient access by You for as
long as Licensor continues to distribute the Original Work, and by publishing
the address of that information repository in a notice immediately following
the copyright notice that applies to the Original Work.
.
4) Exclusions From License Grant. Neither the names of Licensor, nor the names
of any contributors to the Original Work, nor any of their trademarks or
service marks, may be used to endorse or promote products derived from this
Original Work without express prior written permission of the Licensor. Nothing
in this License shall be deemed to grant any rights to trademarks, copyrights,
patents, trade secrets or any other intellectual property of Licensor except as
expressly stated herein. No patent license is granted to make, use, sell or
offer to sell embodiments of any patent claims other than the licensed claims
defined in Section 2. No right is granted to the trademarks of Licensor even if
such marks are included in the Original Work. Nothing in this License shall be
interpreted to prohibit Licensor from licensing under different terms from this
License any Original Work that Licensor otherwise would have a right to
license.
.
5) This section intentionally omitted.
.
6) Attribution Rights. You must retain, in the Source Code of any Derivative
Works that You create, all copyright, patent or trademark notices from the
Source Code of the Original Work, as well as any notices of licensing and any
descriptive text identified therein as an "Attribution Notice." You must cause
the Source Code for any Derivative Works that You create to carry a prominent
Attribution Notice reasonably calculated to inform recipients that You have
modified the Original Work.
.
7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that
the copyright in and to the Original Work and the patent rights granted herein
by Licensor are owned by the Licensor or are sublicensed to You under the terms
of this License with the permission of the contributor(s) of those copyrights
and patent rights. Except as expressly stated in the immediately proceeding
sentence, the Original Work is provided under this License on an "AS IS" BASIS
and WITHOUT WARRANTY, either express or implied, including, without limitation,
the warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU.
This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No
license to Original Work is granted hereunder except under this disclaimer.
.
8) Limitation of Liability. Under no circumstances and under no legal theory,
whether in tort (including negligence), contract, or otherwise, shall the
Licensor be liable to any person for any direct, indirect, special, incidental,
or consequential damages of any character arising as a result of this License
or the use of the Original Work including, without limitation, damages for loss
of goodwill, work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses. This limitation of liability shall not
apply to liability for death or personal injury resulting from Licensor's
negligence to the extent applicable law prohibits such limitation. Some
jurisdictions do not allow the exclusion or limitation of incidental or
consequential damages, so this exclusion and limitation may not apply to You.
.
9) Acceptance and Termination. If You distribute copies of the Original Work or
a Derivative Work, You must make a reasonable effort under the circumstances to
obtain the express assent of recipients to the terms of this License. Nothing
else but this License (or another written agreement between Licensor and You)
grants You permission to create Derivative Works based upon the Original Work
or to exercise any of the rights granted in Section 1 herein, and any attempt
to do so except under the terms of this License (or another written agreement
between Licensor and You) is expressly prohibited by U.S. copyright law, the
equivalent laws of other countries, and by international treaty. Therefore, by
exercising any of the rights granted to You in Section 1 herein, You indicate
Your acceptance of this License and all of its terms and conditions.
.
10) Termination for Patent Action. This License shall terminate automatically
and You may no longer exercise any of the rights granted to You by this License
as of the date You commence an action, including a cross-claim or counterclaim,
against Licensor or any licensee alleging that the Original Work infringes a
patent. This termination provision shall not apply for an action alleging
patent infringement by combinations of the Original Work with other software or
hardware.
.
11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this
License may be brought only in the courts of a jurisdiction wherein the
Licensor resides or in which Licensor conducts its primary business, and under
the laws of that jurisdiction excluding its conflict-of-law provisions. The
application of the United Nations Convention on Contracts for the International
Sale of Goods is expressly excluded. Any use of the Original Work outside the
scope of this License or after its termination shall be subject to the
requirements and penalties of the U.S. Copyright Act, 17 U.S.C. § 101 et
seq., the equivalent laws of other countries, and international treaty. This
section shall survive the termination of this License.
.
12) Attorneys Fees. In any action to enforce the terms of this License or
seeking damages relating thereto, the prevailing party shall be entitled to
recover its costs and expenses, including, without limitation, reasonable
attorneys' fees and costs incurred in connection with such action, including
any appeal of such action. This section shall survive the termination of this
License.
.
13) Miscellaneous. This License represents the complete agreement concerning
the subject matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed only to the extent necessary to
make it enforceable.
.
14) Definition of "You" in This License. "You" throughout this License, whether
in upper or lower case, means an individual or a legal entity exercising rights
under, and complying with all of the terms of, this License. For legal
entities, "You" includes any entity that controls, is controlled by, or is
under common control with you. For purposes of this definition, "control" means
(i) the power, direct or indirect, to cause the direction or management of such
entity, whether by contract or otherwise, or (ii) ownership of fifty percent
(50%) or more of the outstanding shares, or (iii) beneficial ownership of such
entity.
.
15) Right to Use. You may use the Original Work in all ways not otherwise
restricted or conditioned by this License or by law, and Licensor promises not
to interfere with or be responsible for such uses by You.
.
This license is Copyright (C) 2003-2004 Lawrence E. Rosen. All rights reserved.
Permission is hereby granted to copy and distribute this license without
modification. This license may not be modified without the express written
permission of its copyright owner.

3
debian/freeipa-admintools.install vendored Normal file
View File

@@ -0,0 +1,3 @@
usr/bin/ipa
usr/share/bash-completion/completions/ipa
usr/share/man/man1/ipa.1

2
debian/freeipa-admintools.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,2 @@
# lintian is lying
python-script-but-no-python-dep

4
debian/freeipa-client.dirs vendored Normal file
View File

@@ -0,0 +1,4 @@
etc/ipa
etc/ipa/nssdb
etc/pki/nssdb
var/lib/ipa-client/sysrestore

13
debian/freeipa-client.install vendored Normal file
View File

@@ -0,0 +1,13 @@
usr/sbin/ipa-certupdate
usr/sbin/ipa-client-automount
usr/sbin/ipa-client-install
usr/sbin/ipa-getkeytab
usr/sbin/ipa-join
usr/sbin/ipa-rmkeytab
usr/share/man/man1/ipa-certupdate.1.gz
usr/share/man/man1/ipa-client-automount.1.gz
usr/share/man/man1/ipa-client-install.1.gz
usr/share/man/man1/ipa-getkeytab.1.gz
usr/share/man/man1/ipa-join.1.gz
usr/share/man/man1/ipa-rmkeytab.1.gz
usr/share/man/man5/default.conf.5.gz

3
debian/freeipa-client.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,3 @@
# lintian is lying
python-script-but-no-python-dep
possible-bashism-in-maintainer-script

21
debian/freeipa-client.postinst vendored Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
set -e
if [ "$1" = configure ]; then
if [ ! -f /etc/ipa/nssdb/cert8.db ]; then
python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1
tmp=$(mktemp) || exit
if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
fi
rm -f "$tmp"
fi
fi
if [ ! -e /run/ipa ]; then
mkdir -m 0700 /run/ipa
fi
#DEBHELPER#

21
debian/freeipa-client.postrm vendored Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
set -e
if [ "$1" = purge ]; then
rm -rf /var/lib/ipa-client
rm -f /etc/ipa/default.conf
rm -f /etc/pki/nssdb/cert8.db \
/etc/pki/nssdb/key3.db \
/etc/pki/nssdb/secmod.db
rm -f /etc/ipa/nssdb/cert8.db \
/etc/ipa/nssdb/key3.db \
/etc/ipa/nssdb/pwdfile.txt \
/etc/ipa/nssdb/secmod.db \
/etc/ipa/nssdb/*.orig
rmdir /etc/pki/nssdb || true
rmdir /etc/ipa/nssdb || true
rmdir /etc/ipa || true
fi
#DEBHELPER#

1
debian/freeipa-client.tmpfile vendored Normal file
View File

@@ -0,0 +1 @@
d /var/run/ipa 0700 root root

1
debian/freeipa-common.install vendored Normal file
View File

@@ -0,0 +1 @@
usr/share/locale

3
debian/freeipa-server-dns.install vendored Normal file
View File

@@ -0,0 +1,3 @@
usr/sbin/ipa-dns-install
usr/share/man/man1/ipa-dns-install.1*

3
debian/freeipa-server-dns.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,3 @@
# lintian is lying
python-script-but-no-python-dep

9
debian/freeipa-server-trust-ad.install vendored Normal file
View File

@@ -0,0 +1,9 @@
etc/dbus-1/system.d/oddjob-ipa-trust.conf
etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
usr/lib/*/samba/pdb/ipasam.so
usr/lib/python*/dist-packages/ipaserver/dcerpc.py
usr/lib/python*/dist-packages/ipaserver/install/adtrustinstance*
usr/lib/ipa/oddjob/com.redhat.idm.trust-fetch-domains
usr/sbin/ipa-adtrust-install
usr/share/ipa/smb.conf.empty
usr/share/man/man1/ipa-adtrust-install.1*

2
debian/freeipa-server-trust-ad.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,2 @@
# lintian is lying
python-script-but-no-python-dep

3
debian/freeipa-server.dirs vendored Normal file
View File

@@ -0,0 +1,3 @@
etc/ipa/custodia
etc/ipa/dnssec
var/lib/ipa/backup

1
debian/freeipa-server.docs vendored Normal file
View File

@@ -0,0 +1 @@
README

98
debian/freeipa-server.install vendored Normal file
View File

@@ -0,0 +1,98 @@
etc/default/ipa_memcached
etc/default/ipa-dnskeysyncd
etc/default/ipa-ods-exporter
etc/ipa/html/*
etc/ipa/kdcproxy
etc/dbus-1/system.d/org.freeipa.server.conf
etc/oddjobd.conf.d/ipa-server.conf
lib/systemd/system/*
usr/lib/*/dirsrv/plugins/libipa_cldap.so
usr/lib/*/dirsrv/plugins/libipa_dns.so
usr/lib/*/dirsrv/plugins/libipa_enrollment_extop.so
usr/lib/*/dirsrv/plugins/libipa_extdom_extop.so
usr/lib/*/dirsrv/plugins/libipa_lockout.so
usr/lib/*/dirsrv/plugins/libipa_modrdn.so
usr/lib/*/dirsrv/plugins/libipa_otp_counter.so
usr/lib/*/dirsrv/plugins/libipa_otp_lasttoken.so
usr/lib/*/dirsrv/plugins/libipa_pwd_extop.so
usr/lib/*/dirsrv/plugins/libipa_range_check.so
usr/lib/*/dirsrv/plugins/libipa_repl_version.so
usr/lib/*/dirsrv/plugins/libipa_sidgen.so
usr/lib/*/dirsrv/plugins/libipa_sidgen_task.so
usr/lib/*/dirsrv/plugins/libipa_uuid.so
usr/lib/*/dirsrv/plugins/libipa_winsync.so
usr/lib/*/dirsrv/plugins/libtopology.so
usr/lib/*/krb5/plugins/kdb/*.so
usr/lib/certmonger/dogtag-ipa-ca-renew-agent-submit
usr/lib/certmonger/ipa-server-guard
usr/lib/ipa/certmonger/*
usr/lib/ipa/ipa-dnskeysync-replica
usr/lib/ipa/ipa-dnskeysyncd
usr/lib/ipa/ipa-httpd-kdcproxy
usr/lib/ipa/ipa-ods-exporter
usr/lib/ipa/ipa-otpd
usr/lib/ipa/oddjob/org.freeipa.server.conncheck
usr/sbin/ipa-advise
usr/sbin/ipa-backup
usr/sbin/ipa-ca-install
usr/sbin/ipa-cacert-manage
usr/sbin/ipa-compat-manage
usr/sbin/ipa-csreplica-manage
usr/sbin/ipa-kra-install
usr/sbin/ipa-ldap-updater
usr/sbin/ipa-managed-entries
usr/sbin/ipa-nis-manage
usr/sbin/ipa-otptoken-import
usr/sbin/ipa-replica-conncheck
usr/sbin/ipa-replica-install
usr/sbin/ipa-replica-manage
usr/sbin/ipa-replica-prepare
usr/sbin/ipa-restore
usr/sbin/ipa-server-certinstall
usr/sbin/ipa-server-install
usr/sbin/ipa-server-upgrade
usr/sbin/ipa-upgradeconfig
usr/sbin/ipa-winsync-migrate
usr/sbin/ipactl
usr/share/ipa/*.ldif
usr/share/ipa/*.template
usr/share/ipa/*.uldif
usr/share/ipa/advise/legacy/*.template
usr/share/ipa/copy-schema-to-ca.py
usr/share/ipa/html/*
usr/share/ipa/ipa-pki-proxy.conf
usr/share/ipa/ipa-rewrite.conf
usr/share/ipa/ipa.conf
usr/share/ipa/ipa-httpd.conf
usr/share/ipa/kdcproxy.conf
usr/share/ipa/migration/*
usr/share/ipa/profiles/*.cfg
usr/share/ipa/ui/*
usr/share/ipa/updates/*
usr/share/ipa/wsgi.py
usr/share/ipa/wsgi/*
usr/share/man/man1/ipa-advise.1*
usr/share/man/man1/ipa-backup.1*
usr/share/man/man1/ipa-ca-install.1*
usr/share/man/man1/ipa-cacert-manage.1*
usr/share/man/man1/ipa-compat-manage.1*
usr/share/man/man1/ipa-csreplica-manage.1*
usr/share/man/man1/ipa-kra-install.1*
usr/share/man/man1/ipa-ldap-updater.1*
usr/share/man/man1/ipa-managed-entries.1*
usr/share/man/man1/ipa-nis-manage.1*
usr/share/man/man1/ipa-otptoken-import.1*
usr/share/man/man1/ipa-replica-conncheck.1*
usr/share/man/man1/ipa-replica-install.1*
usr/share/man/man1/ipa-replica-manage.1*
usr/share/man/man1/ipa-replica-prepare.1*
usr/share/man/man1/ipa-restore.1*
usr/share/man/man1/ipa-server-certinstall.1*
usr/share/man/man1/ipa-server-install.1*
usr/share/man/man1/ipa-server-upgrade.1*
usr/share/man/man1/ipa-winsync-migrate.1*
usr/share/man/man8/ipa-upgradeconfig.8*
usr/share/man/man8/ipactl.8*
var/lib/ipa/pki-ca
var/lib/ipa/sysrestore
var/lib/ipa/sysupgrade

8
debian/freeipa-server.links vendored Normal file
View File

@@ -0,0 +1,8 @@
/etc/ipa/html/browserconfig.html usr/share/ipa/html/browserconfig.html
/etc/ipa/html/ffconfig.js usr/share/ipa/html/ffconfig.js
/etc/ipa/html/ffconfig_page.js usr/share/ipa/html/ffconfig_page.js
/etc/ipa/html/ssbrowser.html usr/share/ipa/html/ssbrowser.html
/etc/ipa/html/unauthorized.html usr/share/ipa/html/unauthorized.html
/usr/share/javascript/prototype/prototype.js /usr/share/ipa/ipagui/static/javascript/prototype.js
/usr/share/javascript/scriptaculous/effects.js /usr/share/ipa/ipagui/static/javascript/effects.js
/usr/share/javascript/scriptaculous/scriptaculous.js /usr/share/ipa/ipagui/static/javascript/scriptaculous.js

9
debian/freeipa-server.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,9 @@
# lintian is lying
python-script-but-no-python-dep
# we really need apache2
web-application-should-not-depend-unconditionally-on-apache2
# embedded versions used for better performance and function
embedded-javascript-library
# this is how we need them
non-standard-dir-perm var/cache/bind/data/ *
non-standard-dir-perm var/lib/ipa/backup/ *

63
debian/freeipa-server.postinst vendored Normal file
View File

@@ -0,0 +1,63 @@
#!/bin/sh
set -e
if [ "$1" = configure ]; then
if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
. /usr/share/apache2/apache2-maintscript-helper
if [ ! -e /etc/apache2/mods-enabled/auth_gssapi.load ]; then
apache2_invoke enmod auth_gssapi || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/authz_user.load ]; then
apache2_invoke enmod authz_user || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/deflate.load ]; then
apache2_invoke enmod deflate || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/expires.load ]; then
apache2_invoke enmod expires || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/headers.load ]; then
apache2_invoke enmod headers || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/proxy.load ]; then
apache2_invoke enmod proxy || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/proxy_ajp.load ]; then
apache2_invoke enmod proxy_ajp || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/proxy_http.load ]; then
apache2_invoke enmod proxy_http || exit $?
fi
if [ ! -e /etc/apache2/mods-enabled/rewrite.load ]; then
apache2_invoke enmod rewrite || exit $?
fi
fi
# check if IPA is set up
is_configured=`python2 -c 'from ipaserver.install import installutils; print "yes" if installutils.is_ipa_configured() else "no";'`
if [ $is_configured = yes ]; then
echo "Running ipa-server-upgrade..."
ipa-server-upgrade --quiet >/dev/null
fi
fi
if [ ! -e /run/ipa_memcached ]; then
mkdir -m 0700 /run/ipa_memcached
chown www-data:www-data /run/ipa_memcached
fi
if [ ! -e /run/apache2/ipa ]; then
mkdir -m 0700 /run/apache2/ipa
chown www-data:www-data /run/apache2/ipa
if [ ! -e /run/apache2/ipa/clientcaches ]; then
mkdir -m 0700 /run/apache2/ipa/clientcaches
chown www-data:www-data /run/apache2/ipa/clientcaches
fi
if [ ! -e /run/apache2/ipa/krbcache ]; then
mkdir -m 0700 /run/apache2/ipa/krbcache
chown www-data:www-data /run/apache2/ipa/krbcache
fi
fi
#DEBHELPER#

53
debian/freeipa-server.postrm vendored Normal file
View File

@@ -0,0 +1,53 @@
#!/bin/sh
set -e
case "$1" in
remove|purge)
if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
. /usr/share/apache2/apache2-maintscript-helper
if [ -e /etc/apache2/mods-enabled/auth_kerb.load ]; then
apache2_invoke dismod auth_kerb || exit $?
fi
if [ -e /etc/apache2/mods-enabled/auth_gssapi.load ]; then
apache2_invoke dismod auth_gssapi || exit $?
fi
if [ -e /etc/apache2/mods-enabled/authz_user.load ]; then
apache2_invoke dismod authz_user || exit $?
fi
if [ -e /etc/apache2/mods-enabled/deflate.load ]; then
apache2_invoke dismod deflate || exit $?
fi
if [ -e /etc/apache2/mods-enabled/expires.load ]; then
apache2_invoke dismod expires || exit $?
fi
if [ -e /etc/apache2/mods-enabled/headers.load ]; then
apache2_invoke dismod headers || exit $?
fi
if [ -e /etc/apache2/mods-enabled/proxy.load ]; then
apache2_invoke dismod proxy || exit $?
fi
if [ -e /etc/apache2/mods-enabled/proxy_ajp.load ]; then
apache2_invoke dismod proxy_ajp || exit $?
fi
if [ -e /etc/apache2/mods-enabled/proxy_http.load ]; then
apache2_invoke dismod proxy_http || exit $?
fi
if [ -e /etc/apache2/mods-enabled/rewrite.load ]; then
apache2_invoke dismod rewrite || exit $?
fi
fi
;;
esac
case "$1" in
purge)
rm -f \
/var/log/ipareplica-conncheck.log \
/var/log/ipareplica-install.log \
/var/log/ipaserver-install.log \
/var/log/ipaserver-uninstall.log \
/var/log/ipaupgrade.log
;;
esac
#DEBHELPER#

26
debian/freeipa-server.prerm vendored Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/sh
set -e
if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then
. /usr/share/apache2/apache2-maintscript-helper
if [ -e /etc/apache2/mods-enabled/auth_kerb ]; then
apache2_invoke dismod auth_kerb || exit $?
fi
if [ -e /etc/apache2/mods-enabled/auth_gssapi ]; then
apache2_invoke dismod auth_gssapi || exit $?
fi
if [ -e /etc/apache2/mods-enabled/expires ]; then
apache2_invoke dismod expires || exit $?
fi
if [ -e /etc/apache2/mods-enabled/headers ]; then
apache2_invoke dismod headers || exit $?
fi
if [ -e /etc/apache2/mods-enabled/proxy ]; then
apache2_invoke dismod proxy || exit $?
fi
if [ -e /etc/apache2/mods-enabled/rewrite ]; then
apache2_invoke dismod rewrite || exit $?
fi
fi
#DEBHELPER#

4
debian/freeipa-server.tmpfile vendored Normal file
View File

@@ -0,0 +1,4 @@
d /var/run/ipa_memcached 0700 www-data www-data
d /var/run/apache2/ipa 0700 www-data www-data
d /var/run/apache2/ipa/clientcaches 0700 www-data www-data
d /var/run/apache2/ipa/krbcache 0700 www-data www-data

6
debian/freeipa-tests.install vendored Normal file
View File

@@ -0,0 +1,6 @@
usr/bin/ipa-run-tests
usr/bin/ipa-test-config
usr/bin/ipa-test-task
usr/share/man/man1/ipa-run-tests.1*
usr/share/man/man1/ipa-test-config.1*
usr/share/man/man1/ipa-test-task.1*

2
debian/freeipa-tests.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,2 @@
# lintian is just wrong
freeipa-tests: python-script-but-no-python-dep

707
debian/patches/add-debian-platform.diff vendored Normal file
View File

@@ -0,0 +1,707 @@
commit b076743f2cdd3a3cb9e8d0e8be7be8c90160fc21
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Fri Mar 1 12:21:00 2013 +0200
add debian platform support
--- /dev/null
+++ b/ipaplatform/debian/__init__.py
@@ -0,0 +1,22 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains Debian specific platform files.
+"""
--- /dev/null
+++ b/ipaplatform/debian/paths.py
@@ -0,0 +1,360 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This Debian base platform module exports default filesystem paths as common
+in Debian-based systems.
+"""
+
+# Fallback to default path definitions
+from ipaplatform.base.paths import BasePathNamespace
+import sysconfig
+
+MULTIARCH = sysconfig.get_config_var('MULTIARCH')
+
+class DebianPathNamespace(BasePathNamespace):
+# BASH = "/bin/bash"
+# BIN_FALSE = "/bin/false"
+# BIN_HOSTNAME = "/bin/hostname"
+# LS = "/bin/ls"
+# SH = "/bin/sh"
+# SYSTEMCTL = "/bin/systemctl"
+# TAR = "/bin/tar"
+# BIN_TRUE = "/bin/true"
+# DEV_NULL = "/dev/null"
+# DEV_STDIN = "/dev/stdin"
+ AUTOFS_LDAP_AUTH_CONF = "/etc/autofs_ldap_auth.conf"
+# ETC_DIRSRV = "/etc/dirsrv"
+# DS_KEYTAB = "/etc/dirsrv/ds.keytab"
+# ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE = "/etc/dirsrv/slapd-%s"
+# ETC_FEDORA_RELEASE = "/etc/fedora-release"
+# GROUP = "/etc/group"
+# ETC_HOSTNAME = "/etc/hostname"
+# HOSTS = "/etc/hosts"
+ ETC_HTTPD_DIR = "/etc/apache2"
+ HTTPD_ALIAS_DIR = "/etc/apache2/nssdb"
+ ALIAS_CACERT_ASC = "/etc/apache2/nssdb/cacert.asc"
+ ALIAS_PWDFILE_TXT = "/etc/apache2/nssdb/pwdfile.txt"
+ HTTPD_CONF_D_DIR = "/etc/apache2/conf-enabled/"
+# HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
+ HTTPD_IPA_KDCPROXY_CONF_SYMLINK = "/etc/apache2/conf-enabled/ipa-kdc-proxy.conf"
+ HTTPD_IPA_PKI_PROXY_CONF = "/etc/apache2/conf-enabled/ipa-pki-proxy.conf"
+ HTTPD_IPA_REWRITE_CONF = "/etc/apache2/conf-available/ipa-rewrite.conf"
+ HTTPD_IPA_CONF = "/etc/apache2/conf-enabled/ipa.conf"
+ HTTPD_NSS_CONF = "/etc/apache2/mods-available/nss.conf"
+# HTTPD_SSL_CONF = "/etc/httpd/conf.d/ssl.conf"
+ IPA_KEYTAB = "/etc/apache2/ipa.keytab"
+ HTTPD_PASSWORD_CONF = "/etc/apache2/password.conf"
+# IDMAPD_CONF = "/etc/idmapd.conf"
+# ETC_IPA = "/etc/ipa"
+# CONNCHECK_CCACHE = "/etc/ipa/.conncheck_ccache"
+# IPA_DNS_CCACHE = "/etc/ipa/.dns_ccache"
+# IPA_DNS_UPDATE_TXT = "/etc/ipa/.dns_update.txt"
+# IPA_CA_CRT = "/etc/ipa/ca.crt"
+# IPA_DEFAULT_CONF = "/etc/ipa/default.conf"
+# IPA_DNSKEYSYNCD_KEYTAB = "/etc/ipa/dnssec/ipa-dnskeysyncd.keytab"
+# IPA_ODS_EXPORTER_KEYTAB = "/etc/ipa/dnssec/ipa-ods-exporter.keytab"
+# DNSSEC_SOFTHSM2_CONF = "/etc/ipa/dnssec/softhsm2.conf"
+# DNSSEC_SOFTHSM_PIN_SO = "/etc/ipa/dnssec/softhsm_pin_so"
+# IPA_NSSDB_DIR = "/etc/ipa/nssdb"
+# IPA_NSSDB_PWDFILE_TXT = "/etc/ipa/nssdb/pwdfile.txt"
+# KRB5_CONF = "/etc/krb5.conf"
+# KRB5_KEYTAB = "/etc/krb5.keytab"
+# LDAP_CONF = "/etc/ldap.conf"
+# LIBNSS_LDAP_CONF = "/etc/libnss-ldap.conf"
+ NAMED_CONF = "/etc/bind/named.conf"
+ NAMED_VAR_DIR = "/var/cache/bind"
+ NAMED_KEYTAB = "/etc/bind/named.keytab"
+ NAMED_RFC1912_ZONES = "/etc/bind/named.conf.default-zones"
+ NAMED_ROOT_KEY = "/etc/bind/bind.keys"
+ NAMED_BINDKEYS_FILE = "/etc/bind/bind.keys"
+ NAMED_MANAGED_KEYS_DIR = "/var/cache/bind/dynamic"
+# NSLCD_CONF = "/etc/nslcd.conf"
+# NSS_LDAP_CONF = "/etc/nss_ldap.conf"
+# NSSWITCH_CONF = "/etc/nsswitch.conf"
+# NTP_CONF = "/etc/ntp.conf"
+# NTP_STEP_TICKERS = "/etc/ntp/step-tickers"
+# ETC_OPENDNSSEC_DIR = "/etc/opendnssec"
+# OPENDNSSEC_CONF_FILE = "/etc/opendnssec/conf.xml"
+# OPENDNSSEC_KASP_FILE = "/etc/opendnssec/kasp.xml"
+# OPENDNSSEC_ZONELIST_FILE = "/etc/opendnssec/zonelist.xml"
+ OPENLDAP_LDAP_CONF = "/etc/ldap/ldap.conf"
+ ETC_DEBIAN_VERSION = "/etc/debian_version"
+# PAM_LDAP_CONF = "/etc/pam_ldap.conf"
+# PASSWD = "/etc/passwd"
+# SYSTEMWIDE_IPA_CA_CRT = "/etc/pki/ca-trust/source/anchors/ipa-ca.crt"
+ IPA_P11_KIT = "/usr/local/share/ca-certificates/ipa-ca.crt"
+# NSS_DB_DIR = "/etc/pki/nssdb"
+# PKI_TOMCAT = "/etc/pki/pki-tomcat"
+# PKI_TOMCAT_ALIAS_DIR = "/etc/pki/pki-tomcat/alias"
+# PKI_TOMCAT_PASSWORD_CONF = "/etc/pki/pki-tomcat/password.conf"
+# ETC_REDHAT_RELEASE = "/etc/redhat-release"
+# RESOLV_CONF = "/etc/resolv.conf"
+# SAMBA_KEYTAB = "/etc/samba/samba.keytab"
+# SMB_CONF = "/etc/samba/smb.conf"
+# LIMITS_CONF = "/etc/security/limits.conf"
+# SSH_CONFIG = "/etc/ssh/ssh_config"
+# SSHD_CONFIG = "/etc/ssh/sshd_config"
+# SSSD_CONF = "/etc/sssd/sssd.conf"
+# SSSD_CONF_BKP = "/etc/sssd/sssd.conf.bkp"
+# SSSD_CONF_DELETED = "/etc/sssd/sssd.conf.deleted"
+ ETC_SYSCONFIG_DIR = "/etc/default"
+# ETC_SYSCONFIG_AUTHCONFIG = "/etc/sysconfig/authconfig"
+ SYSCONFIG_AUTOFS = "/etc/default/autofs"
+ SYSCONFIG_DIRSRV = "/etc/default/dirsrv"
+ SYSCONFIG_DIRSRV_INSTANCE = "/etc/default/dirsrv-%s"
+ SYSCONFIG_DIRSRV_SYSTEMD = "/etc/default/dirsrv.systemd"
+ SYSCONFIG_IPA_DNSKEYSYNCD = "/etc/default/ipa-dnskeysyncd"
+ SYSCONFIG_IPA_ODS_EXPORTER = "/etc/default/ipa-ods-exporter"
+# SYSCONFIG_HTTPD = "/etc/sysconfig/httpd"
+ SYSCONFIG_KRB5KDC_DIR = "/etc/default/krb5-kdc"
+ SYSCONFIG_NAMED = "/etc/default/bind9"
+# SYSCONFIG_NETWORK = "/etc/sysconfig/network"
+# SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp"
+ SYSCONFIG_NFS = "/etc/default/nfs-common"
+ SYSCONFIG_NTPD = "/etc/default/ntp"
+ SYSCONFIG_ODS = "/etc/default/opendnssec"
+ SYSCONFIG_PKI = "/etc/dogtag/"
+ SYSCONFIG_PKI_TOMCAT = "/etc/default/pki-tomcat"
+ SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/dogtag/tomcat/pki-tomcat"
+# ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/"
+ SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/apache2.d/"
+ SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/apache2.d/ipa.conf"
+# SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
+# SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service"
+# SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
+# SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service"
+ DNSSEC_TRUSTED_KEY = "/etc/bind/trusted-key.key"
+# HOME_DIR = "/home"
+# ROOT_IPA_CACHE = "/root/.ipa_cache"
+# ROOT_PKI = "/root/.pki"
+# DOGTAG_ADMIN_P12 = "/root/ca-agent.p12"
+ KRA_AGENT_PEM = "/etc/apache2/nssdb/kra-agent.pem"
+# CACERT_P12 = "/root/cacert.p12"
+# ROOT_IPA_CSR = "/root/ipa.csr"
+# NAMED_PID = "/run/named/named.pid"
+# IP = "/sbin/ip"
+# NOLOGIN = "/sbin/nologin"
+# SBIN_REBOOT = "/sbin/reboot"
+# SBIN_RESTORECON = "/sbin/restorecon"
+ SBIN_SERVICE = "/usr/sbin/service"
+# TMP = "/tmp"
+# TMP_CA_P12 = "/tmp/ca.p12"
+# TMP_KRB5CC = "/tmp/krb5cc_%d"
+# USR_DIR = "/usr"
+ CERTMONGER_COMMAND_TEMPLATE = "/usr/lib/ipa/certmonger/%s"
+# PKCS12EXPORT = "/usr/bin/PKCS12Export"
+# CERTUTIL = "/usr/bin/certutil"
+# CHROMIUM_BROWSER = "/usr/bin/chromium-browser"
+# DS_NEWINST_PL = "/usr/bin/ds_newinst.pl"
+# FIREFOX = "/usr/bin/firefox"
+# GETCERT = "/usr/bin/getcert"
+# GPG = "/usr/bin/gpg"
+# GPG_AGENT = "/usr/bin/gpg-agent"
+# IPA_GETCERT = "/usr/bin/ipa-getcert"
+# KDESTROY = "/usr/bin/kdestroy"
+# KINIT = "/usr/bin/kinit"
+# BIN_KVNO = "/usr/bin/kvno"
+# LDAPMODIFY = "/usr/bin/ldapmodify"
+# LDAPPASSWD = "/usr/bin/ldappasswd"
+# NET = "/usr/bin/net"
+# BIN_NISDOMAINNAME = "/usr/bin/nisdomainname"
+# NSUPDATE = "/usr/bin/nsupdate"
+# ODS_KSMUTIL = "/usr/bin/ods-ksmutil"
+# ODS_SIGNER = "/usr/sbin/ods-signer"
+# OPENSSL = "/usr/bin/openssl"
+# PK12UTIL = "/usr/bin/pk12util"
+# SETPASSWD = "/usr/bin/setpasswd"
+# SIGNTOOL = "/usr/bin/signtool"
+# SOFTHSM2_UTIL = "/usr/bin/softhsm2-util"
+# SSLGET = "/usr/bin/sslget"
+# SSS_SSH_AUTHORIZEDKEYS = "/usr/bin/sss_ssh_authorizedkeys"
+# SSS_SSH_KNOWNHOSTSPROXY = "/usr/bin/sss_ssh_knownhostsproxy"
+# BIN_TIMEOUT = "/usr/bin/timeout"
+ UPDATE_CA_TRUST = "/usr/sbin/update-ca-certificates"
+# BIN_CURL = "/usr/bin/curl"
+# ZIP = "/usr/bin/zip"
+ BIND_LDAP_SO = "/usr/share/doc/bind9-dyndb-ldap/copyright"
+ BIND_LDAP_DNS_IPA_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/"
+ BIND_LDAP_DNS_ZONE_WORKDIR = "/var/cache/bind/dyndb-ldap/ipa/master/"
+# USR_LIB_DIRSRV = "/usr/lib/dirsrv"
+# LIB_FIREFOX = "/usr/lib/firefox"
+ LIBSOFTHSM2_SO = "/usr/lib/%s/softhsm/libsofthsm2.so" % MULTIARCH
+ LIB_SYSTEMD_SYSTEMD_DIR = "/lib/systemd/system/"
+# BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
+# USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
+# LIB64_FIREFOX = "/usr/lib64/firefox"
+# LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
+ DOGTAG_IPA_CA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-ca-renew-agent-submit"
+ DOGTAG_IPA_RENEW_AGENT_SUBMIT = "/usr/lib/certmonger/dogtag-ipa-renew-agent-submit"
+ IPA_SERVER_GUARD = "/usr/lib/certmonger/ipa-server-guard"
+ GENERATE_RNDC_KEY = "/bin/true"
+ IPA_DNSKEYSYNCD_REPLICA = "/usr/lib/ipa/ipa-dnskeysync-replica"
+ IPA_DNSKEYSYNCD = "/usr/lib/ipa/ipa-dnskeysyncd"
+ IPA_ODS_EXPORTER = "/usr/lib/ipa/ipa-ods-exporter"
+# DNSSEC_KEYFROMLABEL = "/usr/sbin/dnssec-keyfromlabel-pkcs11"
+# GETSEBOOL = "/usr/sbin/getsebool"
+# GROUPADD = "/usr/sbin/groupadd"
+ HTTPD = "/usr/sbin/apache2ctl"
+# IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
+# IPA_DNS_INSTALL = "/usr/sbin/ipa-dns-install"
+# SBIN_IPA_JOIN = "/usr/sbin/ipa-join"
+# IPA_REPLICA_CONNCHECK = "/usr/sbin/ipa-replica-conncheck"
+# IPA_RMKEYTAB = "/usr/sbin/ipa-rmkeytab"
+# IPACTL = "/usr/sbin/ipactl"
+# NAMED = "/usr/sbin/named"
+# NAMED_PKCS11 = "/usr/sbin/named-pkcs11"
+# NTPD = "/usr/sbin/ntpd"
+# PKIDESTROY = "/usr/sbin/pkidestroy"
+# PKISPAWN = "/usr/sbin/pkispawn"
+ REMOVE_DS_PL = "/usr/sbin/remove-ds"
+# RESTORECON = "/usr/sbin/restorecon"
+# SELINUXENABLED = "/usr/sbin/selinuxenabled"
+# SETSEBOOL = "/usr/sbin/setsebool"
+ SETUP_DS_PL = "/usr/sbin/setup-ds"
+# SMBD = "/usr/sbin/smbd"
+# USERADD = "/usr/sbin/useradd"
+# USR_SHARE_IPA_DIR = "/usr/share/ipa/"
+# CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
+# FFEXTENSION = "/usr/share/ipa/ffextension"
+# IPA_HTML_DIR = "/usr/share/ipa/html"
+# CA_CRT = "/usr/share/ipa/html/ca.crt"
+# KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
+# KRB_CON = "/usr/share/ipa/html/krb.con"
+# KRB_JS = "/usr/share/ipa/html/krb.js"
+# HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
+# HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
+# NIS_ULDIF = "/usr/share/ipa/nis.uldif"
+# IPA_PLUGINS = "/usr/share/ipa/plugins"
+# SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
+# IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
+# UPDATES_DIR = "/usr/share/ipa/updates/"
+# DICT_WORDS = "/usr/share/dict/words"
+# CACHE_IPA_SESSIONS = "/var/cache/ipa/sessions"
+ VAR_KERBEROS_KRB5KDC_DIR = "/var/lib/krb5kdc/"
+ VAR_KRB5KDC_K5_REALM = "/var/lib/krb5kdc/.k5."
+ CACERT_PEM = "/var/lib/krb5kdc/cacert.pem"
+ KRB5KDC_KADM5_ACL = "/etc/krb5kdc/kadm5.acl"
+ KRB5KDC_KADM5_KEYTAB = "/etc/krb5kdc/kadm5.keytab"
+ KRB5KDC_KDC_CONF = "/etc/krb5kdc/kdc.conf"
+ KDC_PEM = "/var/lib/krb5kdc/kdc.pem"
+# VAR_LIB = "/var/lib"
+# AUTHCONFIG_LAST = "/var/lib/authconfig/last"
+# VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger"
+# CERTMONGER_CAS_DIR = "/var/lib/certmonger/cas/"
+# CERTMONGER_CAS_CA_RENEWAL = "/var/lib/certmonger/cas/ca_renewal"
+# CERTMONGER_REQUESTS_DIR = "/var/lib/certmonger/requests/"
+# VAR_LIB_DIRSRV = "/var/lib/dirsrv"
+# DIRSRV_BOOT_LDIF = "/var/lib/dirsrv/boot.ldif"
+# VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE = "/var/lib/dirsrv/scripts-%s"
+# VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s"
+# SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
+# SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
+# SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
+# VAR_LIB_IPA = "/var/lib/ipa"
+# IPA_CLIENT_SYSRESTORE = "/var/lib/ipa-client/sysrestore"
+# SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
+# IPA_BACKUP_DIR = "/var/lib/ipa/backup"
+# IPA_DNSSEC_DIR = "/var/lib/ipa/dnssec"
+# IPA_KASP_DB_BACKUP = "/var/lib/ipa/ipa-kasp.db.backup"
+# DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
+# DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
+# IPA_CA_CSR = "/var/lib/ipa/ca.csr"
+# PKI_CA_PUBLISH_DIR = "/var/lib/ipa/pki-ca/publish"
+# REPLICA_INFO_TEMPLATE = "/var/lib/ipa/replica-info-%s"
+# REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
+# SYSRESTORE = "/var/lib/ipa/sysrestore"
+# STATEFILE_DIR = "/var/lib/ipa/sysupgrade"
+# VAR_LIB_KDCPROXY = "/var/lib/kdcproxy"
+# VAR_LIB_PKI_DIR = "/var/lib/pki"
+# VAR_LIB_PKI_CA_ALIAS_DIR = "/var/lib/pki-ca/alias"
+# VAR_LIB_PKI_TOMCAT_DIR = "/var/lib/pki/pki-tomcat"
+# CA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12"
+# KRA_BACKUP_KEYS_P12 = "/var/lib/pki/pki-tomcat/alias/kra_backup_keys.p12"
+# CA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
+# CAJARSIGNINGCERT_CFG = (
+# "/var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg")
+# CASIGNEDLOGCERT_CFG = (
+# "/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg")
+# KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg"
+# KRACERT_P12 = "/root/kracert.p12"
+# SAMBA_DIR = "/var/lib/samba/"
+# SSSD_DB = "/var/lib/sss/db"
+# SSSD_MC_GROUP = "/var/lib/sss/mc/group"
+# SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"
+# SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
+# SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
+# DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
+# VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
+# SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
+# SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
+ VAR_LOG_HTTPD_DIR = "/var/log/apache2"
+# IPABACKUP_LOG = "/var/log/ipabackup.log"
+# IPACLIENT_INSTALL_LOG = "/var/log/ipaclient-install.log"
+# IPACLIENT_UNINSTALL_LOG = "/var/log/ipaclient-uninstall.log"
+# IPAREPLICA_CA_INSTALL_LOG = "/var/log/ipareplica-ca-install.log"
+# IPAREPLICA_CONNCHECK_LOG = "/var/log/ipareplica-conncheck.log"
+# IPAREPLICA_INSTALL_LOG = "/var/log/ipareplica-install.log"
+# IPARESTORE_LOG = "/var/log/iparestore.log"
+# IPASERVER_CA_INSTALL_LOG = "/var/log/ipaserver-ca-install.log"
+# IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
+# IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log"
+# IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log"
+# IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
+# IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
+# KADMIND_LOG = "/var/log/kadmind.log"
+# MESSAGES = "/var/log/messages"
+# VAR_LOG_PKI_DIR = "/var/log/pki/"
+# TOMCAT_TOPLEVEL_DIR = "/var/log/pki/pki-tomcat"
+# TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"
+# TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive"
+# TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit"
+# TOMCAT_KRA_DIR = "/var/log/pki/pki-tomcat/kra"
+# TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"
+# TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"
+# LOG_SECURE = "/var/log/secure"
+ NAMED_RUN = "/var/cache/bind/named.run"
+ VAR_OPENDNSSEC_DIR = "/var/lib/opendnssec"
+ OPENDNSSEC_KASP_DB = "/var/lib/opendnssec/db/kasp.db"
+ IPA_ODS_EXPORTER_CCACHE = "/var/lib/opendnssec/tmp/ipa-ods-exporter.ccache"
+# VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
+ KRB5CC_HTTPD = "/var/run/apache2/ipa/krbcache/krb5ccache"
+# IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock"
+# SVC_LIST_FILE = "/var/run/ipa/services.list"
+# IPA_MEMCACHED_DIR = "/var/run/ipa_memcached"
+# VAR_RUN_IPA_MEMCACHED = "/var/run/ipa_memcached/ipa_memcached"
+# KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
+# SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
+# ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
+# ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert'
+# ENTROPY_AVAIL = '/proc/sys/kernel/random/entropy_avail'
+# LDIF2DB = '/usr/sbin/ldif2db'
+# DB2LDIF = '/usr/sbin/db2ldif'
+# BAK2DB = '/usr/sbin/bak2db'
+# DB2BAK = '/usr/sbin/db2bak'
+# KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf'
+# CERTMONGER = '/usr/sbin/certmonger'
+# NETWORK_MANAGER_CONFIG_DIR = '/etc/NetworkManager/conf.d'
+# IPA_CUSTODIA_CONF_DIR = '/etc/ipa/custodia'
+# IPA_CUSTODIA_CONF = '/etc/ipa/custodia/custodia.conf'
+ IPA_CUSTODIA_SOCKET = "/run/apache2/ipa-custodia.sock"
+ IPA_CUSTODIA_AUDIT_LOG = '/var/log/ipa-custodia.audit.log'
+ IPA_GETKEYTAB = '/usr/sbin/ipa-getkeytab'
+
+paths = DebianPathNamespace()
--- /dev/null
+++ b/ipaplatform/debian/services.py
@@ -0,0 +1,200 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Contains Debian-specific service class implementations.
+"""
+
+import time
+
+from ipaplatform.tasks import tasks
+from ipaplatform.base import services as base_services
+from ipaplatform.redhat import services as redhat_services
+from ipapython import ipautil
+from ipapython.ipa_log_manager import root_logger
+from ipalib import api
+from ipaplatform.paths import paths
+
+# Mappings from service names as FreeIPA code references to these services
+# to their actual systemd service names
+debian_system_units = redhat_services.redhat_system_units
+
+debian_system_units['named-regular'] = 'bind9.service'
+debian_system_units['named-pkcs11'] = 'bind9-pkcs11.service'
+debian_system_units['named'] = debian_system_units['named-pkcs11']
+debian_system_units['pki-tomcatd'] = 'pki-tomcatd.service'
+debian_system_units['pki_tomcatd'] = debian_system_units['pki-tomcatd']
+debian_system_units['ods-enforcerd'] = 'opendnssec-enforcer.service'
+debian_system_units['ods_enforcerd'] = debian_system_units['ods-enforcerd']
+debian_system_units['ods-signerd'] = 'opendnssec-signer.service'
+debian_system_units['ods_signerd'] = debian_system_units['ods-signerd']
+
+# Service classes that implement Debian-specific behaviour
+
+class DebianService(redhat_services.RedHatService):
+ system_units = debian_system_units
+
+
+class DebianSysvService(base_services.PlatformService):
+ def __wait_for_open_ports(self, instance_name=""):
+ """
+ If this is a service we need to wait for do so.
+ """
+ ports = None
+ if instance_name in base_services.wellknownports:
+ ports = base_services.wellknownports[instance_name]
+ else:
+ if self.service_name in base_services.wellknownports:
+ ports = base_services.wellknownports[self.service_name]
+ if ports:
+ ipautil.wait_for_open_ports('localhost', ports, api.env.startup_timeout)
+ def stop(self, instance_name='', capture_output=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "stop",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ super(DebianSysvService, self).stop(instance_name)
+
+ def start(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "start",
+ instance_name], capture_output=capture_output)
+ if 'context' in api.env and api.env.context in ['ipactl', 'installer']:
+ update_service_list = True
+ else:
+ update_service_list = False
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+ super(DebianSysvService, self).start(instance_name)
+
+ def restart(self, instance_name='', capture_output=True, wait=True):
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "restart",
+ instance_name], capture_output=capture_output)
+ if wait and self.is_running(instance_name):
+ self.__wait_for_open_ports(instance_name)
+
+ def is_running(self, instance_name=""):
+ ret = True
+ try:
+ result = ipautil.run([paths.SBIN_SERVICE,
+ self.service_name, "status",
+ instance_name],
+ capture_output=True)
+ sout = result.output
+ if sout.find("NOT running") >= 0:
+ ret = False
+ if sout.find("stop") >= 0:
+ ret = False
+ if sout.find("inactive") >= 0:
+ ret = False
+ except ipautil.CalledProcessError:
+ ret = False
+ return ret
+
+ def is_installed(self):
+ installed = True
+ try:
+ ipautil.run([paths.SBIN_SERVICE, self.service_name, "status"])
+ except ipautil.CalledProcessError, e:
+ if e.returncode == 1:
+ # service is not installed or there is other serious issue
+ installed = False
+ return installed
+
+ def is_enabled(self, instance_name=""):
+ # Services are always assumed to be enabled when installed
+ return True
+
+ def enable(self):
+ return True
+
+ def disable(self):
+ return True
+
+ def install(self):
+ return True
+
+ def remove(self):
+ return True
+
+ def tune_nofile_platform(self):
+ return True
+
+# For services which have no Debian counterpart
+class DebianNoService(base_services.PlatformService):
+ def start(self):
+ return True
+
+ def stop(self):
+ return True
+
+ def restart(self):
+ return True
+
+ def disable(self):
+ return True
+
+class DebianSSHService(DebianSysvService):
+ def get_config_dir(self, instance_name=""):
+ return '/etc/ssh'
+
+# Function that constructs proper Debian-specific server classes for services
+# of specified name
+
+def debian_service_class_factory(name):
+ if name == 'dirsrv':
+ return redhat_services.RedHatDirectoryService(name)
+ if name == 'domainname':
+ return DebianNoService(name)
+ if name == 'ipa':
+ return redhat_services.RedHatIPAService(name)
+ if name == 'httpd':
+ return DebianSysvService("apache2")
+ if name == 'kadmin':
+ return DebianSysvService("krb5-admin-server")
+ if name == 'krb5kdc':
+ return DebianSysvService("krb5-kdc")
+ if name == 'messagebus':
+ return DebianNoService(name)
+ if name == 'ntpd':
+ return DebianSysvService("ntp")
+ if name == 'smb':
+ return DebianSysvService("smbd")
+ if name == 'sshd':
+ return DebianSSHService(name)
+ return DebianService(name)
+
+
+# Magicdict containing DebianService instances.
+
+class DebianServices(base_services.KnownServices):
+ def __init__(self):
+ services = dict()
+ for s in base_services.wellknownservices:
+ services[s] = debian_service_class_factory(s)
+ # Call base class constructor. This will lock services to read-only
+ super(DebianServices, self).__init__(services)
+
+
+# Objects below are expected to be exported by platform module
+
+from ipaplatform.base.services import timedate_services
+service = debian_service_class_factory
+knownservices = DebianServices()
--- /dev/null
+++ b/ipaplatform/debian/tasks.py
@@ -0,0 +1,52 @@
+# Authors:
+# Timo Aaltonen <tjaalton@ubuntu.com>
+#
+# Copyright (C) 2014 Timo Aaltonen
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+This module contains default Debian-specific implementations of system tasks.
+"""
+
+from ipaplatform.paths import paths
+from ipaplatform.base.tasks import *
+from ipaplatform.redhat.tasks import RedHatTaskNamespace
+
+BaseTask = BaseTaskNamespace()
+
+class DebianTaskNamespace(RedHatTaskNamespace):
+
+ def restore_pre_ipa_client_configuration(self, fstore, statestore,
+ was_sssd_installed,
+ was_sssd_configured):
+ return True
+
+ def set_nisdomain(self, nisdomain):
+ return True
+
+ def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore):
+ return True
+
+ def modify_pam_to_use_krb5(self, statestore):
+ return True
+
+ def restore_network_configuration(self, fstore, statestore):
+ return True
+
+ def parse_ipa_version(self, version):
+ return BaseTask.parse_ipa_version(version)
+
+tasks = DebianTaskNamespace()
--- a/ipaplatform/setup.py.in
+++ b/ipaplatform/setup.py.in
@@ -67,6 +67,7 @@ def setup_package():
package_dir = {'ipaplatform': ''},
packages = ["ipaplatform",
"ipaplatform.base",
+ "ipaplatform.debian",
"ipaplatform.fedora",
"ipaplatform.redhat",
"ipaplatform.rhel"],
--- a/ipaserver/install/ntpinstance.py
+++ b/ipaserver/install/ntpinstance.py
@@ -50,6 +50,8 @@ class NTPInstance(service.Service):
os = "fedora"
elif ipautil.file_exists(paths.ETC_REDHAT_RELEASE):
os = "rhel"
+ elif ipautil.file_exists(paths.ETC_DEBIAN_VERSION):
+ os = "debian"
srv_vals = []
srv_vals.append("0.%s.pool.ntp.org" % os)
--- /dev/null
+++ b/ipaplatform/debian/constants.py
@@ -0,0 +1,31 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+'''
+This Debian family platform module exports platform dependant constants.
+'''
+
+# Fallback to default path definitions
+from ipaplatform.base.constants import BaseConstantsNamespace
+
+
+class DebianConstantsNamespace(BaseConstantsNamespace):
+# DS_USER = "dirsrv"
+# DS_GROUP = "dirsrv"
+ HTTPD_USER = "www-data"
+# IPA_DNS_PACKAGE_NAME = "freeipa-server-dns"
+# KDCPROXY_USER = "kdcproxy"
+ NAMED_USER = "bind"
+ NAMED_GROUP = "bind"
+ # ntpd init variable used for daemon options
+ NTPD_OPTS_VAR = "NTPD_OPTS"
+ # quote used for daemon options
+ NTPD_OPTS_QUOTE = "\'"
+ ODS_USER = "opendnssec"
+ ODS_GROUP = "opendnssec"
+# PKI_USER = "pkiuser"
+ SECURE_NFS_VAR = "NEED_GSSD"
+# SSSD_USER = "sssd"
+
+constants = DebianConstantsNamespace()

193
debian/patches/configure-apache-from-installer.diff vendored Normal file
View File

@@ -0,0 +1,193 @@
From 9cce757cbdb19e71d314339cd2b822792dde3210 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 16 Mar 2016 09:04:42 +0100
Subject: [PATCH] Configure httpd service from installer instead of directly
from RPM
File httpd.service was created by RPM, what causes that httpd service may
fail due IPA specific configuration even if IPA wasn't installed or was
uninstalled (without erasing RPMs).
With this patch httpd service is configured by httpd.d/ipa.conf during
IPA installation and this config is removed by uninstaller, so no
residual http configuration related to IPA should stay there.
https://fedorahosted.org/freeipa/ticket/5681
---
freeipa.spec.in | 4 ++--
install/share/Makefile.am | 1 +
.../httpd.service => install/share/ipa-httpd.conf | 2 +-
ipaplatform/base/paths.py | 2 ++
ipaplatform/base/tasks.py | 8 ++++++++
ipaplatform/redhat/tasks.py | 19 +++++++++++++++++++
ipaserver/install/httpinstance.py | 6 ++++++
ipaserver/install/server/upgrade.py | 5 +++++
8 files changed, 44 insertions(+), 3 deletions(-)
rename init/systemd/httpd.service => install/share/ipa-httpd.conf (82%)
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -832,7 +832,6 @@ mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}%{etc_systemd_dir}
install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
-install -m 644 init/systemd/httpd.service %{buildroot}%{etc_systemd_dir}/httpd.service
install -m 644 init/systemd/ipa-custodia.service %{buildroot}%{_unitdir}/ipa-custodia.service
# END
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup
@@ -1143,7 +1142,7 @@ fi
%{_tmpfilesdir}/%{name}.conf
%attr(644,root,root) %{_unitdir}/ipa_memcached.service
%attr(644,root,root) %{_unitdir}/ipa-custodia.service
-%attr(644,root,root) %{etc_systemd_dir}/httpd.service
+%ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf
# END
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/wsgi.py*
@@ -1218,6 +1217,7 @@ fi
%{_usr}/share/ipa/ipa-rewrite.conf
%{_usr}/share/ipa/ipa-pki-proxy.conf
%{_usr}/share/ipa/kdcproxy.conf
+%{_usr}/share/ipa/ipa-httpd.conf
%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/kerberosauth.xpi
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -88,6 +88,7 @@ app_DATA = \
kdcproxy.conf \
kdcproxy-enable.uldif \
kdcproxy-disable.uldif \
+ ipa-httpd.conf \
$(NULL)
EXTRA_DIST = \
--- a/init/systemd/httpd.service
+++ /dev/null
@@ -1,7 +0,0 @@
-.include /usr/lib/systemd/system/httpd.service
-
-[Service]
-Environment=KRB5CCNAME=/var/run/httpd/ipa/krbcache/krb5ccache
-Environment=KDCPROXY_CONFIG=/etc/ipa/kdcproxy/kdcproxy.conf
-ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy
-ExecStopPost=-/usr/bin/kdestroy -A
--- /dev/null
+++ b/install/share/ipa-httpd.conf
@@ -0,0 +1,7 @@
+# Do not edit. Created by IPA installer.
+
+[Service]
+Environment=KRB5CCNAME=/run/apache2/ipa/krbcache/krb5ccache
+Environment=KDCPROXY_CONFIG=/etc/ipa/kdcproxy/kdcproxy.conf
+ExecStartPre=/usr/lib/ipa/ipa-httpd-kdcproxy
+ExecStopPost=-/usr/bin/kdestroy -A
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -127,6 +127,8 @@ class BasePathNamespace(object):
SYSCONFIG_PKI_TOMCAT = "/etc/sysconfig/pki-tomcat"
SYSCONFIG_PKI_TOMCAT_PKI_TOMCAT_DIR = "/etc/sysconfig/pki/tomcat/pki-tomcat"
ETC_SYSTEMD_SYSTEM_DIR = "/etc/systemd/system/"
+ SYSTEMD_SYSTEM_HTTPD_D_DIR = "/etc/systemd/system/httpd.d/"
+ SYSTEMD_SYSTEM_HTTPD_IPA_CONF = "/etc/systemd/system/httpd.d/ipa.conf"
SYSTEMD_CERTMONGER_SERVICE = "/etc/systemd/system/multi-user.target.wants/certmonger.service"
SYSTEMD_IPA_SERVICE = "/etc/systemd/system/multi-user.target.wants/ipa.service"
SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service"
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -236,3 +236,11 @@ class BaseTaskNamespace(object):
:return: object implementing proper __cmp__ method for version compare
"""
return parse_version(version)
+
+ def configure_httpd_service_ipa_conf(self):
+ """Configure httpd service to work with IPA"""
+ return
+
+ def remove_httpd_service_ipa_conf(self):
+ """Remove configuration of httpd service of IPA"""
+ return
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -30,6 +30,7 @@ import stat
import socket
import sys
import base64
+import shutil
from cffi import FFI
from ctypes.util import find_library
from functools import total_ordering
@@ -460,5 +461,23 @@ class RedHatTaskNamespace(BaseTaskNamesp
"""
return IPAVersion(version)
+ def configure_httpd_service_ipa_conf(self):
+ """Create systemd config for httpd service to work with IPA
+ """
+ if not os.path.exists(paths.SYSTEMD_SYSTEM_HTTPD_D_DIR):
+ os.mkdir(paths.SYSTEMD_SYSTEM_HTTPD_D_DIR, 0o755)
+
+ shutil.copy(
+ os.path.join(ipautil.SHARE_DIR, 'ipa-httpd.conf'),
+ paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
+ os.chmod(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, 0o644)
+ self.restore_context(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
+
+ def remove_httpd_service_ipa_conf(self):
+ """Remove systemd config for httpd service of IPA"""
+ try:
+ os.unlink(paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF)
+ except OSError:
+ pass
tasks = RedHatTaskNamespace()
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -225,6 +225,8 @@ class HTTPInstance(service.Service):
[paths.KDESTROY, '-A'], runas=HTTPD_USER, raiseonerr=False, env={})
def __configure_http(self):
+ self.update_httpd_service_ipa_conf()
+
target_fname = paths.HTTPD_IPA_CONF
http_txt = ipautil.template_file(ipautil.SHARE_DIR + "ipa.conf", self.sub_dict)
self.fstore.backup_file(paths.HTTPD_IPA_CONF)
@@ -479,6 +481,9 @@ class HTTPInstance(service.Service):
except Exception as e:
root_logger.critical("Unable to start oddjobd: {0}".format(str(e)))
+ def update_httpd_service_ipa_conf(self):
+ tasks.configure_httpd_service_ipa_conf()
+
def uninstall(self):
if self.is_configured():
self.print_msg("Unconfiguring web server")
@@ -534,6 +539,7 @@ class HTTPInstance(service.Service):
installutils.remove_file(paths.HTTPD_IPA_PKI_PROXY_CONF)
installutils.remove_file(paths.HTTPD_IPA_KDCPROXY_CONF_SYMLINK)
installutils.remove_file(paths.HTTPD_IPA_KDCPROXY_CONF)
+ tasks.remove_httpd_service_ipa_conf()
# Restore SELinux boolean states
boolean_states = {name: self.restore_state(name)
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1376,6 +1376,10 @@ def update_mod_nss_cipher_suite(http):
'cipher_suite_updated',
httpinstance.NSS_CIPHER_REVISION)
+def update_ipa_httpd_service_conf(http):
+ root_logger.info('[Updating HTTPD service IPA configuration]')
+ http.update_httpd_service_ipa_conf()
+
def ds_enable_sidgen_extdom_plugins(ds):
"""For AD trust agents, make sure we enable sidgen and extdom plugins
@@ -1562,6 +1566,7 @@ def upgrade_configuration():
http.enable_kdcproxy()
http.stop()
+ update_ipa_httpd_service_conf(http)
update_mod_nss_protocol(http)
update_mod_nss_cipher_suite(http)
fix_trust_flags()

12
debian/patches/create-sysconfig-ods.diff vendored Normal file
View File

@@ -0,0 +1,12 @@
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -212,6 +212,9 @@ class OpenDNSSECInstance(service.Service
if not self.fstore.has_file(paths.SYSCONFIG_ODS):
self.fstore.backup_file(paths.SYSCONFIG_ODS)
+ # create the configfile, opendnssec-enforcer doesn't ship it
+ open(paths.SYSCONFIG_ODS, 'a').close()
+
installutils.set_directive(paths.SYSCONFIG_ODS,
'SOFTHSM2_CONF',
paths.DNSSEC_SOFTHSM2_CONF,

20
debian/patches/enable-mod-nss-during-setup.diff vendored Normal file
View File

@@ -0,0 +1,20 @@
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -183,6 +183,7 @@ class HTTPInstance(service.Service):
self.step("create KDC proxy user", create_kdcproxy_user)
self.step("create KDC proxy config", self.create_kdcproxy_conf)
self.step("enable KDC proxy", self.enable_kdcproxy)
+ ipautil.run(["/usr/sbin/a2enmod", "nss"], capture_output=True)
self.step("restarting httpd", self.__start)
self.step("configuring httpd to start on boot", self.__enable)
self.step("enabling oddjobd", self.enable_and_start_oddjobd)
@@ -507,6 +508,8 @@ class HTTPInstance(service.Service):
except Exception:
pass
+ ipautil.run(["/usr/sbin/a2dismod", "nss"], capture_output=True)
+
self.stop_tracking_certificates()
helper = self.restore_state('certmonger_ipa_helper')

34
debian/patches/fix-dnssec-services.diff vendored Normal file
View File

@@ -0,0 +1,34 @@
--- a/daemons/dnssec/ipa-dnskeysyncd.service
+++ b/daemons/dnssec/ipa-dnskeysyncd.service
@@ -2,11 +2,11 @@
Description=IPA key daemon
[Service]
-EnvironmentFile=/etc/sysconfig/ipa-dnskeysyncd
-ExecStart=/usr/libexec/ipa/ipa-dnskeysyncd
-User=ods
-Group=named
-SupplementaryGroups=ods
+EnvironmentFile=/etc/default/ipa-dnskeysyncd
+ExecStart=/usr/lib/ipa/ipa-dnskeysyncd
+User=opendnssec
+Group=bind
+SupplementaryGroups=opendnssec
PrivateTmp=yes
Restart=on-failure
RestartSec=60s
--- a/daemons/dnssec/ipa-ods-exporter.service
+++ b/daemons/dnssec/ipa-ods-exporter.service
@@ -4,9 +4,9 @@ Wants=ipa-ods-exporter.socket
After=ipa-ods-exporter.socket
[Service]
-EnvironmentFile=/etc/sysconfig/ipa-ods-exporter
-ExecStart=/usr/libexec/ipa/ipa-ods-exporter
-User=ods
+EnvironmentFile=/etc/default/ipa-ods-exporter
+ExecStart=/usr/lib/ipa/ipa-ods-exporter
+User=opendnssec
PrivateTmp=yes
Restart=on-failure
RestartSec=60s

45
debian/patches/fix-ipa-conf.diff vendored Normal file
View File

@@ -0,0 +1,45 @@
Description: Fix paths
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -37,7 +37,7 @@ FileETag None
# FIXME: WSGISocketPrefix is a server-scope directive. The mod_wsgi package
# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf:
-WSGISocketPrefix /run/httpd/wsgi
+WSGISocketPrefix /run/apache2/wsgi
# Configure mod_wsgi handler for /ipa
@@ -62,9 +62,9 @@ WSGIScriptReloading Off
<Location "/ipa">
AuthType GSSAPI
AuthName "Kerberos Login"
- GssapiCredStore keytab:/etc/httpd/conf/ipa.keytab
- GssapiCredStore client_keytab:/etc/httpd/conf/ipa.keytab
- GssapiDelegCcacheDir /var/run/httpd/ipa/clientcaches
+ GssapiCredStore keytab:/etc/apache2/ipa.keytab
+ GssapiCredStore client_keytab:/etc/apache2/ipa.keytab
+ GssapiDelegCcacheDir /var/run/apache2/ipa/clientcaches
GssapiUseS4U2Proxy on
GssapiAllowedMech krb5
Require valid-user
@@ -107,7 +107,7 @@ WSGIScriptReloading Off
# Custodia stuff is redirected to the custodia daemon
# after authentication
<Location "/ipa/keys/">
- ProxyPass "unix:/run/httpd/ipa-custodia.sock|http://localhost/keys/"
+ ProxyPass "unix:/run/apache2/ipa-custodia.sock|http://localhost/keys/"
RequestHeader set GSS_NAME %{GSS_NAME}s
RequestHeader set REMOTE_USER %{REMOTE_USER}s
</Location>
@@ -141,8 +141,8 @@ Alias /ipa/crl "$CRL_PUBLISH_PATH"
# List explicitly only the fonts we want to serve
-Alias /ipa/ui/fonts/open-sans "/usr/share/fonts/open-sans"
-Alias /ipa/ui/fonts/fontawesome "/usr/share/fonts/fontawesome"
+Alias /ipa/ui/fonts/open-sans "/usr/share/fonts/truetype/open-sans"
+Alias /ipa/ui/fonts/fontawesome "/usr/share/fonts/truetype/font-awesome"
<Directory "/usr/share/fonts">
SetHandler None
AllowOverride None

12
debian/patches/fix-ipa-otpd-install.diff vendored Normal file
View File

@@ -0,0 +1,12 @@
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -2,7 +2,8 @@ AM_CFLAGS := @LDAP_CFLAGS@ @LIBVERTO_CFL
AM_LDFLAGS := @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@
noinst_HEADERS = internal.h
-libexec_PROGRAMS = ipa-otpd
+appdir = $(libexecdir)/ipa/
+app_PROGRAMS = ipa-otpd
dist_noinst_DATA = ipa-otpd.socket.in ipa-otpd@.service.in test.py
systemdsystemunit_DATA = ipa-otpd.socket ipa-otpd@.service

33
debian/patches/fix-kdcproxy-paths.diff vendored Normal file
View File

@@ -0,0 +1,33 @@
--- a/install/conf/ipa-kdc-proxy.conf.template
+++ b/install/conf/ipa-kdc-proxy.conf.template
@@ -1,24 +1,24 @@
# Kerberos over HTTP / MS-KKDCP support (Kerberos KDC Proxy)
#
-# The symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/ is maintained
-# by the ExecStartPre script /usr/libexec/ipa/ipa-httpd-kdcproxy in
+# The symlink from /etc/ipa/kdcproxy/ to /etc/apache2/conf.enabled/ is maintained
+# by the ExecStartPre script /usr/lib/ipa/ipa-httpd-kdcproxy in
# httpd.service. The service also sets the environment variable
# KDCPROXY_CONFIG to $KDCPROXY_CONFIG.
#
# Disable KDC Proxy on the current host:
# # ipa-ldap-updater /usr/share/ipa/kdcproxy-disable.uldif
-# # systemctl restart httpd.service
+# # systemctl restart apache2.service
#
# Enable KDC Proxy on the current host:
# # ipa-ldap-updater /usr/share/ipa/kdcproxy-enable.uldif
-# # systemctl restart httpd.service
+# # systemctl restart apache2.service
#
WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \
user=kdcproxy group=kdcproxy display-name=%{GROUP}
-WSGIImportScript /usr/lib/python2.7/site-packages/kdcproxy/__init__.py \
+WSGIImportScript /usr/lib/python2.7/dist-packages/kdcproxy/__init__.py \
process-group=kdcproxy application-group=kdcproxy
-WSGIScriptAlias /KdcProxy /usr/lib/python2.7/site-packages/kdcproxy/__init__.py
+WSGIScriptAlias /KdcProxy /usr/lib/python2.7/dist-packages/kdcproxy/__init__.py
WSGIScriptReloading Off
<Location "/KdcProxy">

20
debian/patches/fix-memcached.diff vendored Normal file
View File

@@ -0,0 +1,20 @@
--- a/init/ipa_memcached.conf
+++ b/init/ipa_memcached.conf
@@ -1,5 +1,5 @@
SOCKET_PATH=/var/run/ipa_memcached/ipa_memcached
-USER=apache
+USER=www-data
MAXCONN=1024
CACHESIZE=64
OPTIONS=
--- a/init/systemd/ipa_memcached.service
+++ b/init/systemd/ipa_memcached.service
@@ -4,7 +4,7 @@ After=network.target
[Service]
Type=forking
-EnvironmentFile=/etc/sysconfig/ipa_memcached
+EnvironmentFile=/etc/default/ipa_memcached
PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS

46
debian/patches/fix-named-conf-template.diff vendored Normal file
View File

@@ -0,0 +1,46 @@
Description: fix named.conf template
* extra logging disabled as it'd just duplicate everything
* zones are loaded via includes
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -4,9 +4,9 @@ options {
// Put files that named is allowed to write in the data/ directory:
directory "$NAMED_VAR_DIR"; // the default
- dump-file "data/cache_dump.db";
- statistics-file "data/named_stats.txt";
- memstatistics-file "data/named_mem_stats.txt";
+ dump-file "cache_dump.db";
+ statistics-file "named_stats.txt";
+ memstatistics-file "named_mem_stats.txt";
forward first;
forwarders {$FORWARDERS};
@@ -30,18 +30,14 @@ options {
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
-logging {
- channel default_debug {
- file "data/named.run";
- severity dynamic;
- print-time yes;
- };
-};
+//logging {
+// channel default_debug {
+// file "data/named.run";
+// severity dynamic;
+// print-time yes;
+// };
+//};
-zone "." IN {
- type hint;
- file "named.ca";
-};
include "$RFC1912_ZONES";
include "$ROOT_KEY";

58
debian/patches/fix-oddjobs.diff vendored Normal file
View File

@@ -0,0 +1,58 @@
--- a/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
+++ b/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf
@@ -30,7 +30,7 @@
send_member="Get"/>
</policy>
- <policy user="apache">
+ <policy user="www-data">
<allow send_destination="com.redhat.idm.trust"
send_path="/"
send_interface="com.redhat.idm.trust"
--- a/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
+++ b/install/oddjob/etc/dbus-1/system.d/org.freeipa.server.conf
@@ -10,7 +10,7 @@
<allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
</policy>
- <policy user="apache">
+ <policy user="www-data">
<allow send_destination="org.freeipa.server" send_interface="org.freeipa.server"/>
</policy>
--- a/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
+++ b/install/oddjob/etc/oddjobd.conf.d/ipa-server.conf
@@ -2,11 +2,11 @@
<oddjobconfig>
<service name="org.freeipa.server">
<allow user="root"/>
- <allow user="apache"/>
+ <allow user="www-data"/>
<object name="/">
<interface name="org.freeipa.server">
<method name="conncheck">
- <helper exec="/usr/libexec/ipa/oddjob/org.freeipa.server.conncheck"
+ <helper exec="/usr/lib/ipa/oddjob/org.freeipa.server.conncheck"
arguments="1"
prepend_user_name="no"
argument_passing_method="cmdline"/>
--- a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
+++ b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
@@ -2,7 +2,7 @@
<oddjobconfig>
<service name="com.redhat.idm.trust">
<allow user="root"/>
- <allow user="apache"/>
+ <allow user="www-data"/>
<object name="/">
<interface name="org.freedesktop.DBus.Introspectable">
<allow min_uid="0" max_uid="0"/>
@@ -10,7 +10,7 @@
</interface>
<interface name="com.redhat.idm.trust">
<method name="fetch_domains">
- <helper exec="/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains"
+ <helper exec="/usr/lib/ipa/oddjob/com.redhat.idm.trust-fetch-domains"
arguments="1"
argument_passing_method="cmdline"
prepend_user_name="no"/>

11
debian/patches/fix-replicainstall.diff vendored Normal file
View File

@@ -0,0 +1,11 @@
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1073,7 +1073,7 @@ def promote_check(installer):
raise RuntimeError("CA cert file is not available! Please reinstall"
"the client and try again.")
- ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
+ ldapuri = 'ldap://%s' % ipautil.format_netloc(config.master_host_name)
remote_api = create_api(mode=None)
remote_api.bootstrap(in_server=True, context='installer',
ldap_uri=ldapuri)

15
debian/patches/hack-libarch.diff vendored Normal file
View File

@@ -0,0 +1,15 @@
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -335,9 +335,9 @@ class LDAPUpdate:
bits = platform.architecture()[0]
if bits == "64bit":
- return "64"
+ return "/x86_64-linux-gnu"
else:
- return ""
+ return "/i386-linux-gnu"
def _template_str(self, s):
try:

66
debian/patches/prefix.patch vendored Normal file
View File

@@ -0,0 +1,66 @@
Author: Timo Aaltonen <tjaalton@ubuntu.com>
Date: Mon Jan 2 16:09:40 2012 +0200
use the debian layout when installing python modules
--- a/Makefile
+++ b/Makefile
@@ -113,9 +113,9 @@ client-install: client client-dirs
cd install/po && $(MAKE) install || exit 1;
@for subdir in $(CLIENTPYDIRS); do \
if [ "$(DESTDIR)" = "" ]; then \
- (cd $$subdir && $(PYTHON) setup.py install); \
+ (cd $$subdir && $(PYTHON) setup.py install --install-layout=deb); \
else \
- (cd $$subdir && $(PYTHON) setup.py install --root $(DESTDIR)); \
+ (cd $$subdir && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \
fi \
done
@@ -198,11 +198,11 @@ server: version-update
server-install: server
if [ "$(DESTDIR)" = "" ]; then \
- $(PYTHON) setup.py install; \
- (cd ipaplatform && $(PYTHON) setup.py install); \
+ $(PYTHON) setup.py install --install-layout=deb; \
+ (cd ipaplatform && $(PYTHON) setup.py install --install-layout=deb); \
else \
- $(PYTHON) setup.py install --root $(DESTDIR); \
- (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR)); \
+ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
+ (cd ipaplatform && $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb); \
fi
tests: version-update tests-man-autogen
@@ -213,7 +213,7 @@ tests-install: tests
if [ "$(DESTDIR)" = "" ]; then \
cd ipatests; $(PYTHON) setup.py install; \
else \
- cd ipatests; $(PYTHON) setup.py install --root $(DESTDIR); \
+ cd ipatests; $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
cd ipatests/man && $(MAKE) install
--- a/ipapython/Makefile
+++ b/ipapython/Makefile
@@ -13,7 +13,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
$(PYTHON) setup.py install; \
else \
- $(PYTHON) setup.py install --root $(DESTDIR); \
+ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
--- a/ipalib/Makefile
+++ b/ipalib/Makefile
@@ -12,7 +12,7 @@ install:
if [ "$(DESTDIR)" = "" ]; then \
$(PYTHON) setup.py install; \
else \
- $(PYTHON) setup.py install --root $(DESTDIR); \
+ $(PYTHON) setup.py install --root $(DESTDIR) --install-layout=deb; \
fi
clean:

682
debian/patches/purge-firefox-extension.diff vendored Normal file
View File

@@ -0,0 +1,682 @@
commit 5d6e79b8f03198056103a31acc20536f8323756d
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Tue Mar 29 21:33:15 2016 +0300
Purge firefox extension
diff --git a/freeipa.spec.in b/freeipa.spec.in
index b0861d8..67152f6 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -158,7 +158,6 @@ Requires: pki-ca >= 10.2.6-13
Requires: pki-kra >= 10.2.6-13
Requires(preun): python systemd-units
Requires(postun): python systemd-units
-Requires: zip
Requires: policycoreutils >= 2.1.12-5
Requires: tar
Requires(pre): certmonger >= 0.78
diff --git a/install/Makefile.am b/install/Makefile.am
index ac52ad3..d13ecb7 100644
--- a/install/Makefile.am
+++ b/install/Makefile.am
@@ -7,7 +7,6 @@ NULL =
SUBDIRS = \
certmonger \
conf \
- ffextension \
html \
migration \
share \
diff --git a/install/ffextension/Makefile.am b/install/ffextension/Makefile.am
deleted file mode 100644
index 7a72205..0000000
--- a/install/ffextension/Makefile.am
+++ /dev/null
@@ -1,23 +0,0 @@
-AUTOMAKE_OPTIONS = 1.7
-
-NULL =
-
-SUBDIRS = \
- chrome \
- locale \
- $(NULL)
-
-appdir = $(IPA_DATA_DIR)/ffextension
-app_DATA = \
- bootstrap.js \
- chrome.manifest \
- install.rdf \
- $(NULL)
-
-EXTRA_DIST = \
- $(app_DATA) \
- $(NULL)
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in
diff --git a/install/ffextension/bootstrap.js b/install/ffextension/bootstrap.js
deleted file mode 100644
index 7e2ae57..0000000
--- a/install/ffextension/bootstrap.js
+++ /dev/null
@@ -1,88 +0,0 @@
-// Heavily inspired by Dave Townsend's post:
-// Playing with windows in restartless (bootstrapped) extensions
-// http://www.oxymoronical.com/blog/2011/01/Playing-with-windows-in-restartless-bootstrapped-extensions
-
-const Cc = Components.classes;
-const Ci = Components.interfaces;
-const Cu = Components.utils;
-
-var WindowListener = {
-
- setupBrowserUI: function(domWindow) {
- var doc = domWindow.document;
- domWindow.kerberosauth_listener = kerberosauth_listener(domWindow);
- doc.addEventListener('kerberos-auth-config', domWindow.kerberosauth_listener, false, true);
- },
-
- tearDownBrowserUI: function(domWindow) {
-
- var doc = domWindow.document;
- doc.removeEventListener('kerberos-auth-config', domWindow.kerberosauth_listener);
- delete domWindow.kerberosauth_listener;
- },
-
- // nsIWindowMediatorListener functions
- onOpenWindow: function(xulWindow) {
- // A new window has opened
- var domWindow = xulWindow.QueryInterface(Ci.nsIInterfaceRequestor).
- getInterface(Ci.nsIDOMWindowInternal);
-
- // Wait for it to finish loading
- domWindow.addEventListener("load", function listener() {
- domWindow.removeEventListener("load", listener, false);
-
- // If this is a browser window then setup its UI
- if (domWindow.document.documentElement.getAttribute("windowtype") === "navigator:browser") {
- WindowListener.setupBrowserUI(domWindow);
- }
- }, false);
- },
-
- onCloseWindow: function(xulWindow) {
- },
-
- onWindowTitleChange: function(xulWindow, newTitle) {
- }
-};
-
-function startup(data, reason) {
- var wm = Cc["@mozilla.org/appshell/window-mediator;1"].getService(Ci.nsIWindowMediator);
-
- Cu['import']("chrome://kerberosauth/content/kerberosauth.js");
-
- // Get the list of browser windows already open
- var windows = wm.getEnumerator("navigator:browser");
- while (windows.hasMoreElements()) {
- var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow);
-
- WindowListener.setupBrowserUI(domWindow);
- }
-
- // Wait for any new browser windows to open
- wm.addListener(WindowListener);
-}
-
-function shutdown(data, reason) {
- // When the application is shutting down we normally don't have to clean
- // up any UI changes made
- if (reason == APP_SHUTDOWN)
- return;
-
- var wm = Cc["@mozilla.org/appshell/window-mediator;1"].
- getService(Ci.nsIWindowMediator);
-
- // Get the list of browser windows already open
- var windows = wm.getEnumerator("navigator:browser");
- while (windows.hasMoreElements()) {
- var domWindow = windows.getNext().QueryInterface(Ci.nsIDOMWindow);
- WindowListener.tearDownBrowserUI(domWindow);
- }
-
- // Stop listening for any new browser windows to open
- wm.removeListener(WindowListener);
-
- Cu.unload("chrome://kerberosauth/content/kerberosauth.js");
-}
-
-function install() {}
-function uninstall() {}
\ No newline at end of file
diff --git a/install/ffextension/chrome.manifest b/install/ffextension/chrome.manifest
deleted file mode 100644
index 775d3a3..0000000
--- a/install/ffextension/chrome.manifest
+++ /dev/null
@@ -1,4 +0,0 @@
-content kerberosauth chrome/content/
-resource kerberosauth chrome/content/
-overlay chrome://browser/content/browser.xul resource://kerberosauth/kerberosauth_overlay.xul
-locale kerberosauth en-US locale/en-US/
\ No newline at end of file
diff --git a/install/ffextension/chrome/Makefile.am b/install/ffextension/chrome/Makefile.am
deleted file mode 100644
index 10d23a7..0000000
--- a/install/ffextension/chrome/Makefile.am
+++ /dev/null
@@ -1,19 +0,0 @@
-AUTOMAKE_OPTIONS = 1.7
-
-NULL =
-
-SUBDIRS = \
- content \
- $(NULL)
-
-appdir = $(IPA_DATA_DIR)/ffextension/chrome
-app_DATA = \
- $(NULL)
-
-EXTRA_DIST = \
- $(app_DATA) \
- $(NULL)
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in
diff --git a/install/ffextension/chrome/content/Makefile.am b/install/ffextension/chrome/content/Makefile.am
deleted file mode 100644
index 7ff81e5..0000000
--- a/install/ffextension/chrome/content/Makefile.am
+++ /dev/null
@@ -1,17 +0,0 @@
-AUTOMAKE_OPTIONS = 1.7
-
-NULL =
-
-appdir = $(IPA_DATA_DIR)/ffextension/chrome/content
-app_DATA = \
- kerberosauth_overlay.xul \
- kerberosauth.js \
- $(NULL)
-
-EXTRA_DIST = \
- $(app_DATA) \
- $(NULL)
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in
diff --git a/install/ffextension/chrome/content/kerberosauth.js b/install/ffextension/chrome/content/kerberosauth.js
deleted file mode 100644
index c5afde9..0000000
--- a/install/ffextension/chrome/content/kerberosauth.js
+++ /dev/null
@@ -1,197 +0,0 @@
-/* Authors:
- * Petr Vobornik <pvoborni@redhat.com>
- *
- * Copyright (C) 2012 Red Hat
- * see file 'COPYING' for use and warranty information
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-var EXPORTED_SYMBOLS = ["kerberosauth", "kerberosauth_listener"];
-
-var Cc = Components.classes;
-var Ci = Components.interfaces;
-
-var kerberosauth = {
-
- // Dictionary of configuration options this extension can configure.
- // An alias (key) is set for each options. Using a set of aliases limits
- // configuration pages from supplying potential malicious options.
- config_options: {
- referer: ['network.http.sendRefererHeader', 'int'],
- native_gss_lib: ['network.negotiate-auth.using-native-gsslib', 'bool'],
- trusted_uris: ['network.negotiate-auth.trusted-uris', 'str'],
- allow_proxies: ['network.negotiate-auth.allow-proxies', 'bool']
- },
-
- // Some preconfigurations to make things easier. Can be good if UI is added
- // (mostly for future usage).
- predefined_configurations: {
- ipa: {
- referer: '2',
- native_gss_lib: 'true',
- trusted_uris: '',
- allow_proxies: 'true',
- append: ['trusted_uris']
- }
- },
-
- page_listener: function(event, dom_window) {
-
- var self = this;
-
- var conf = {
- event: event,
- window: dom_window || window,
- element: event.target
- };
-
- if (!conf.element.hasAttribute('method')) return;
-
- var method = conf.element.getAttribute('method');
-
- if (method === 'configure') self.configure(conf);
- if (method === 'can_configure') self.send_response(conf.element, { answer: 'true' });
- },
-
- send_response: function(element, options) {
-
- options = options || {};
-
- var doc = element.ownerDocument;
-
- for (var opt in options) {
- element.setAttribute(opt, options[opt]);
- }
-
- var answer_event = doc.createEvent("HTMLEvents");
- answer_event.initEvent("kerberos-auth-answer", true, false);
- element.dispatchEvent(answer_event);
- },
-
- notify_installed: function(window) {
- var doc = window.document;
- var event = doc.createEvent("HTMLEvents");
- event.initEvent("kerberos-auth-installed", true, false);
- doc.dispatchEvent(event);
- },
-
- configure: function(conf) {
- var self = this;
-
- var options = {}; // options to be configured
- var opt;
-
- // use predefined configuration if supplied
- if (conf.element.hasAttribute('predefined')) {
- var predefined = conf.element.getAttribute('predefined');
-
- var pconfig = self.predefined_configurations[predefined];
- if (pconfig) {
- for (opt in pconfig) {
- options[opt] = pconfig[opt];
- }
- }
- }
-
- // overwrite predefined with supplied and only supported options
- for (var i=0; i < conf.element.attributes.length; i++) {
- var attr = conf.element.attributes[i].name;
- if (attr in self.config_options) {
- options[attr] = conf.element.getAttribute(attr);
- }
- }
-
- if (self.prompt(conf, options)) {
- self.configure_core(conf, options);
- self.send_response(conf.element, { answer: 'configured' });
- } else {
- self.send_response(conf.element, { answer: 'aborted' });
- }
- },
-
- configure_core: function(conf, options) {
-
- var self = this;
-
- var prefs = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);
- var append_opts = options.append || [];
-
- for (var opt in options) {
-
- if (!self.config_options[opt]) continue;
-
- var name = self.config_options[opt][0];
- var type = self.config_options[opt][1];
- var value = options[opt];
-
- if (type === 'str') {
- if (value && append_opts.indexOf(opt) > -1) {
- var current = prefs.getCharPref(name) || '';
- if (this.str_contains(current, value)) {
- continue;
- } else if (current) {
- value = current + ', ' + value;
- }
- }
- prefs.setCharPref(name, value);
- } else if (type ==='int') {
- prefs.setIntPref(name, Number(value));
- } else if (type === 'bool') {
- prefs.setBoolPref(name, value === 'true');
- }
- }
- },
-
- str_contains: function(str, value) {
-
- if (!str) return false;
- var vals = str.split(',');
- for (var i=0, l=vals.length; i<l; i++) {
- if (vals[i].trim() === value) return true;
- }
- return false;
- },
-
- prompt: function(conf, options) {
- var strs = Cc["@mozilla.org/intl/stringbundle;1"].
- getService(Ci.nsIStringBundleService).
- createBundle("chrome://kerberosauth/locale/kerberosauth.properties");
-
- var prompts = Cc["@mozilla.org/embedcomp/prompt-service;1"].
- getService(Ci.nsIPromptService);
-
- var title = strs.GetStringFromName('prompt_title');
- var text = strs.GetStringFromName('prompt_topic');
-
- if (options.trusted_uris) {
- text += strs.GetStringFromName('prompt_domain').replace('${domain}', options.trusted_uris);
- }
- text += strs.GetStringFromName('prompt_question');
-
- var flags = prompts.STD_YES_NO_BUTTONS;
-
- var confirmed = prompts.confirmEx(conf.window, title, text, flags, "","","",
- null,{value: false}) === 0;
- return confirmed;
- }
-};
-
-var kerberosauth_listener = function(window) {
-
- return function(event) {
-
- kerberosauth.page_listener(event, window);
- };
-};
\ No newline at end of file
diff --git a/install/ffextension/chrome/content/kerberosauth_overlay.xul b/install/ffextension/chrome/content/kerberosauth_overlay.xul
deleted file mode 100644
index acad079..0000000
--- a/install/ffextension/chrome/content/kerberosauth_overlay.xul
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-
-<overlay id="kerberosauthOverlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
- <script type="application/x-javascript">
- Components.utils['import']("resource://kerberosauth/kerberosauth.js");
- window.addEventListener('kerberos-auth-config', kerberosauth_listener(window), false, true);
- </script>
-</overlay>
\ No newline at end of file
diff --git a/install/ffextension/install.rdf b/install/ffextension/install.rdf
deleted file mode 100644
index d931f19..0000000
--- a/install/ffextension/install.rdf
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-
- <Description about="urn:mozilla:install-manifest">
-
- <em:id>kerberosauth@redhat.com</em:id>
- <em:name>Kerberos Configuration</em:name>
- <em:version>0.1</em:version>
- <em:description>Configures browser to use negotiate authentication</em:description>
- <em:type>2</em:type>
- <em:creator>Red Hat, Inc.</em:creator>
- <em:developer>Petr Vobornik</em:developer>
- <em:homepageURL>http://www.redhat.com/</em:homepageURL>
- <em:bootstrap>true</em:bootstrap>
-
- <!-- Firefox -->
- <em:targetApplication>
- <Description>
- <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
- <em:minVersion>10.0</em:minVersion>
- <em:maxVersion>15.0.*</em:maxVersion>
- </Description>
- </em:targetApplication>
- </Description>
-</RDF>
\ No newline at end of file
diff --git a/install/ffextension/locale/Makefile.am b/install/ffextension/locale/Makefile.am
deleted file mode 100644
index 7e64536..0000000
--- a/install/ffextension/locale/Makefile.am
+++ /dev/null
@@ -1,19 +0,0 @@
-AUTOMAKE_OPTIONS = 1.7
-
-NULL =
-
-SUBDIRS = \
- en-US \
- $(NULL)
-
-appdir = $(IPA_DATA_DIR)/ffextension/locale
-app_DATA = \
- $(NULL)
-
-EXTRA_DIST = \
- $(app_DATA) \
- $(NULL)
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in
diff --git a/install/ffextension/locale/en-US/Makefile.am b/install/ffextension/locale/en-US/Makefile.am
deleted file mode 100644
index d19e8c7..0000000
--- a/install/ffextension/locale/en-US/Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
-AUTOMAKE_OPTIONS = 1.7
-
-NULL =
-
-appdir = $(IPA_DATA_DIR)/ffextension/locale/en-US
-app_DATA = \
- kerberosauth.properties \
- $(NULL)
-
-EXTRA_DIST = \
- $(app_DATA) \
- $(NULL)
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in
diff --git a/install/ffextension/locale/en-US/kerberosauth.properties b/install/ffextension/locale/en-US/kerberosauth.properties
deleted file mode 100644
index b822535..0000000
--- a/install/ffextension/locale/en-US/kerberosauth.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-prompt_title=Kerberos configuration confirmation
-prompt_topic=The page you are visiting is trying to configure Firefox for Kerberos authentication.
-prompt_domain=\n\nDomain: ${domain}
-prompt_question=\n\nDo you want to configure the browser?
\ No newline at end of file
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index b4cb831..b666bb2 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -51,7 +51,6 @@ app_DATA = \
krb5.conf.template \
krb5.ini.template \
krb.con.template \
- krb.js.template \
krbrealm.con.template \
smb.conf.template \
smb.conf.empty \
diff --git a/install/share/krb.js.template b/install/share/krb.js.template
deleted file mode 100644
index e7ea055..0000000
--- a/install/share/krb.js.template
+++ /dev/null
@@ -1,2 +0,0 @@
-var IPA_REALM = "$REALM";
-var IPA_DOMAIN = "$DOMAIN";
\ No newline at end of file
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 1b79015..19dffb0 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -180,7 +180,6 @@ class BasePathNamespace(object):
BIN_TIMEOUT = "/usr/bin/timeout"
UPDATE_CA_TRUST = "/usr/bin/update-ca-trust"
BIN_CURL = "/usr/bin/curl"
- ZIP = "/usr/bin/zip"
BIND_LDAP_SO = "/usr/lib/bind/ldap.so"
BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
@@ -223,12 +222,9 @@ class BasePathNamespace(object):
USERADD = "/usr/sbin/useradd"
USR_SHARE_IPA_DIR = "/usr/share/ipa/"
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
- FFEXTENSION = "/usr/share/ipa/ffextension"
IPA_HTML_DIR = "/usr/share/ipa/html"
CA_CRT = "/usr/share/ipa/html/ca.crt"
- KERBEROSAUTH_XPI = "/usr/share/ipa/html/kerberosauth.xpi"
KRB_CON = "/usr/share/ipa/html/krb.con"
- KRB_JS = "/usr/share/ipa/html/krb.js"
HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
NIS_ULDIF = "/usr/share/ipa/nis.uldif"
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index b0fbe69..8b2d2ea 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -130,7 +130,7 @@ class HTTPInstance(service.Service):
subject_base = ipautil.dn_attribute_property('_subject_base')
def create_instance(self, realm, fqdn, domain_name, dm_password=None,
- autoconfig=True, pkcs12_info=None,
+ pkcs12_info=None,
subject_base=None, auto_redirect=True, ca_file=None,
ca_is_configured=None, promote=False):
self.fqdn = fqdn
@@ -173,8 +173,6 @@ class HTTPInstance(service.Service):
self.step("setting up httpd keytab", self.__create_http_keytab)
self.step("setting up ssl", self.__setup_ssl)
self.step("importing CA certificates from LDAP", self.__import_ca_certs)
- if autoconfig:
- self.step("setting up browser autoconfig", self.__setup_autoconfig)
if not self.promote:
self.step("publish CA cert", self.__publish_ca_cert)
self.step("clean up any existing httpd ccache", self.remove_httpd_ccache)
@@ -371,42 +369,6 @@ class HTTPInstance(service.Service):
db = certs.CertDB(self.realm, subject_base=self.subject_base)
self.import_ca_certs(db, self.ca_is_configured)
- def __setup_autoconfig(self):
- self.setup_firefox_extension(self.realm, self.domain)
-
- def setup_firefox_extension(self, realm, domain):
- """Set up the signed browser configuration extension
- """
-
- target_fname = paths.KRB_JS
- sub_dict = dict(REALM=realm, DOMAIN=domain)
- db = certs.CertDB(realm)
- with open(db.passwd_fname) as pwdfile:
- pwd = pwdfile.read()
-
- ipautil.copy_template_file(ipautil.SHARE_DIR + "krb.js.template",
- target_fname, sub_dict)
- os.chmod(target_fname, 0o644)
-
- # Setup extension
- tmpdir = tempfile.mkdtemp(prefix="tmp-")
- extdir = tmpdir + "/ext"
- target_fname = paths.KERBEROSAUTH_XPI
- shutil.copytree(paths.FFEXTENSION, extdir)
- if db.has_nickname('Signing-Cert'):
- db.run_signtool(["-k", "Signing-Cert",
- "-p", pwd,
- "-X", "-Z", target_fname,
- extdir])
- else:
- root_logger.warning('Object-signing certificate was not found. '
- 'Creating unsigned Firefox configuration extension.')
- filenames = os.listdir(extdir)
- ipautil.run([paths.ZIP, '-r', target_fname] + filenames,
- cwd=extdir)
- shutil.rmtree(tmpdir)
- os.chmod(target_fname, 0o644)
-
def __publish_ca_cert(self):
ca_db = certs.CertDB(self.realm)
ca_db.publish_ca_cert(paths.CA_CRT)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index e3052c1..6d7ccde 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -180,12 +180,10 @@ def install_http(config, auto_redirect, ca_is_configured, promote=False,
http = httpinstance.HTTPInstance()
http.create_instance(
config.realm_name, config.host_name, config.domain_name,
- config.dirman_password, False, pkcs12_info,
+ config.dirman_password, pkcs12_info,
auto_redirect=auto_redirect, ca_file=ca_file,
ca_is_configured=ca_is_configured, promote=promote)
- http.setup_firefox_extension(config.realm_name, config.domain_name)
-
return http
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 3e60cfd..622f5f1 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -282,16 +282,6 @@ def cleanup_adtrust(fstore):
root_logger.debug('Removing %s from backup', backed_up_file)
-def setup_firefox_extension(fstore):
- """Set up the Firefox configuration extension, if it's not set up yet
- """
- root_logger.info('[Setting up Firefox extension]')
- http = httpinstance.HTTPInstance(fstore)
- realm = api.env.realm
- domain = api.env.domain
- http.setup_firefox_extension(realm, domain)
-
-
def ca_configure_profiles_acl(ca):
root_logger.info('[Authorizing RA Agent to modify profiles]')
@@ -1600,7 +1590,6 @@ def upgrade_configuration():
cleanup_kdc(fstore)
cleanup_adtrust(fstore)
- setup_firefox_extension(fstore)
add_ca_dns_records()
# Any of the following functions returns True iff the named.conf file

21
debian/patches/series vendored Normal file
View File

@@ -0,0 +1,21 @@
# upstreamed
configure-apache-from-installer.diff
# not upstreamable
work-around-apache-fail.diff
prefix.patch
hack-libarch.diff
enable-mod-nss-during-setup.diff
# send upstream
add-debian-platform.diff
fix-ipa-conf.diff
fix-kdcproxy-paths.diff
fix-ipa-otpd-install.diff
fix-replicainstall.diff
fix-dnssec-services.diff
create-sysconfig-ods.diff
fix-named-conf-template.diff
fix-memcached.diff
fix-oddjobs.diff
purge-firefox-extension.diff

49
debian/patches/work-around-apache-fail.diff vendored Normal file
View File

@@ -0,0 +1,49 @@
Description: service apache2 restart fails on sid, so don't do that
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -191,7 +191,8 @@ class HTTPInstance(service.Service):
def __start(self):
self.backup_state("running", self.is_running())
- self.restart()
+ self.stop()
+ self.start()
def __enable(self):
self.backup_state("enabled", self.is_enabled())
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -142,7 +142,8 @@ def main():
fstore = sysrestore.FileStore(paths.SYSRESTORE)
http = httpinstance.HTTPInstance(fstore)
service.print_msg("Restarting the web server")
- http.restart()
+ http.stop()
+ http.start()
# execute ipactl to refresh services status
ipautil.run(['ipactl', 'start', '--ignore-service-failures'],
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -999,7 +999,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
- http.restart()
+ http.stop()
+ http.start()
# update DNA shared config entry is done as far as possible
# from restart to avoid waiting for its creation
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -856,7 +856,8 @@ def install(installer):
# Restart httpd to pick up the new IPA configuration
service.print_msg("Restarting the web server")
- http.restart()
+ http.stop()
+ http.start()
# Call client install script
service.print_msg("Configuring client side components")

2
debian/python-ipaclient.install vendored Normal file
View File

@@ -0,0 +1,2 @@
usr/lib/python*/dist-packages/ipaclient-*.egg-info
usr/lib/python*/dist-packages/ipaclient/*.py

7
debian/python-ipalib.install vendored Normal file
View File

@@ -0,0 +1,7 @@
usr/lib/python*/dist-packages/freeipa-*.egg-info
usr/lib/python*/dist-packages/ipalib-*.egg-info
usr/lib/python*/dist-packages/ipalib/*
usr/lib/python*/dist-packages/ipaplatform-*.egg-info
usr/lib/python*/dist-packages/ipaplatform/*
usr/lib/python*/dist-packages/ipapython-*.egg-info
usr/lib/python*/dist-packages/ipapython/*

33
debian/python-ipaserver.install vendored Normal file
View File

@@ -0,0 +1,33 @@
usr/lib/python*/dist-packages/ipaserver/__init__*
usr/lib/python*/dist-packages/ipaserver/advise/*
usr/lib/python*/dist-packages/ipaserver/install/__init__.py
usr/lib/python*/dist-packages/ipaserver/install/bindinstance.py
usr/lib/python*/dist-packages/ipaserver/install/ca.py
usr/lib/python*/dist-packages/ipaserver/install/cainstance.py
usr/lib/python*/dist-packages/ipaserver/install/certs.py
usr/lib/python*/dist-packages/ipaserver/install/custodiainstance.py
usr/lib/python*/dist-packages/ipaserver/install/dns.py
usr/lib/python*/dist-packages/ipaserver/install/dnskeysyncinstance.py
usr/lib/python*/dist-packages/ipaserver/install/dogtaginstance.py
usr/lib/python*/dist-packages/ipaserver/install/dsinstance.py
usr/lib/python*/dist-packages/ipaserver/install/httpinstance.py
usr/lib/python*/dist-packages/ipaserver/install/installutils.py
usr/lib/python*/dist-packages/ipaserver/install/ipa_*.py
usr/lib/python*/dist-packages/ipaserver/install/kra.py
usr/lib/python*/dist-packages/ipaserver/install/krainstance.py
usr/lib/python*/dist-packages/ipaserver/install/krbinstance.py
usr/lib/python*/dist-packages/ipaserver/install/ldapupdate.py
usr/lib/python*/dist-packages/ipaserver/install/memcacheinstance.py
usr/lib/python*/dist-packages/ipaserver/install/ntpinstance.py
usr/lib/python*/dist-packages/ipaserver/install/odsexporterinstance.py
usr/lib/python*/dist-packages/ipaserver/install/opendnssecinstance.py
usr/lib/python*/dist-packages/ipaserver/install/otpdinstance.py
usr/lib/python*/dist-packages/ipaserver/install/plugins
usr/lib/python*/dist-packages/ipaserver/install/replication.py
usr/lib/python*/dist-packages/ipaserver/install/schemaupdate.py
usr/lib/python*/dist-packages/ipaserver/install/server/*
usr/lib/python*/dist-packages/ipaserver/install/service.py
usr/lib/python*/dist-packages/ipaserver/install/sysupgrade.py
usr/lib/python*/dist-packages/ipaserver/install/upgradeinstance.py
usr/lib/python*/dist-packages/ipaserver/plugins/*
usr/lib/python*/dist-packages/ipaserver/rpcserver*

2
debian/python-ipatests.install vendored Normal file
View File

@@ -0,0 +1,2 @@
usr/lib/python*/dist-packages/ipatests-*
usr/lib/python*/dist-packages/ipatests/*

2
debian/python-ipatests.lintian-overrides vendored Normal file
View File

@@ -0,0 +1,2 @@
# no need to be executable
python-ipatests: script-not-executable usr/lib/python*/dist-packages/ipatests/test_integration/scripts/caless-create-pki

124
debian/rules vendored Executable file
View File

@@ -0,0 +1,124 @@
#!/usr/bin/make -f
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
ONLY_CLIENT=0
DESTDIR=$(CURDIR)/debian/tmp
export SKIP_API_VERSION_CHECK="yes"
export SUPPORTED_PLATFORM=debian
PLATFORM="SUPPORTED_PLATFORM=debian"
JAVA_STACK_SIZE ?= 8m
export JAVA_STACK_SIZE
# For maintainer use only, generate a tarball:
SOURCE = freeipa
gentarball: UV=$(shell dpkg-parsechangelog|awk '/^Version:/ {print $$2}'|sed 's/-.*$$//')
gentarball:
git archive --format=tar experimental --prefix=$(SOURCE)-$(UV)/ | xz --best > ../$(SOURCE)_$(UV).orig.tar.xz
override_dh_auto_clean:
for i in asn1 daemons install ipalib ipapython; do \
(cd $$i && [ ! -f Makefile ] || $(MAKE) distclean); \
(cd $$i && rm -f COPYING INSTALL depcomp install-sh missing py-compile config.guess config.sub aclocal.m4 config.h.in version.m4); \
done
find . -name "*.pyo" -o -name "*.pyc" -type f -exec rm -f "{}" \;
find . -name "ltmain.sh" -exec rm -f "{}" \;
find . -name "configure" -exec rm -f "{}" \;
rm -rf daemons/ipa-version.h freeipa.spec freeipa.egg-info version.m4
rm -rf ipapython/build RELEASE build
override_dh_autoreconf:
make IPA_VERSION_IS_GIT_SNAPSHOT=no version-update
dh_autoreconf; cd ..
override_dh_auto_configure:
dh_auto_configure -Dclient
ifneq ($(ONLY_CLIENT), 1)
dh_auto_configure -Ddaemons -- \
--libexecdir=/usr/lib \
--with-openldap \
--with-systemdsystemunitdir=/lib/systemd/system
dh_auto_configure -Dinstall -- \
--libexecdir=/usr/lib
endif
override_dh_auto_build:
ifneq ($(ONLY_CLIENT), 1)
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no all
# cd selinux ; make all
else
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client
endif
# tests would just fail, they need a proper environment with 389 running et al
override_dh_auto_test:
override_dh_auto_install:
ifneq ($(ONLY_CLIENT), 1)
# Force re-generate of platform support
rm -f ipapython/services.py
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no install DESTDIR=$(DESTDIR)
cd ..
chmod 755 $(DESTDIR)/usr/lib/ipa/certmonger/*
mkdir -p $(DESTDIR)/usr/share/bash-completion/completions \
$(DESTDIR)/etc/default \
$(DESTDIR)/etc/ipa/kdcproxy \
$(DESTDIR)/usr/share/ipa/html
touch $(DESTDIR)/usr/share/ipa/html/ca.crt
touch $(DESTDIR)/usr/share/ipa/html/kerberosauth.xpi
touch $(DESTDIR)/usr/share/ipa/html/krb.con
touch $(DESTDIR)/usr/share/ipa/html/krb.js
touch $(DESTDIR)/usr/share/ipa/html/krb5.ini
touch $(DESTDIR)/usr/share/ipa/html/krbrealm.con
install -m 0644 init/ipa_memcached.conf $(DESTDIR)/etc/default/ipa_memcached
install -m 0644 init/ipa-dnskeysyncd.conf $(DESTDIR)/etc/default/ipa-dnskeysyncd
install -m 0644 init/ipa-ods-exporter.conf $(DESTDIR)/etc/default/ipa-ods-exporter
install -m 0644 install/share/kdcproxy.conf $(DESTDIR)/etc/ipa/kdcproxy/kdcproxy.conf
install -m 0755 daemons/dnssec/ipa-dnskeysync-replica $(DESTDIR)/usr/lib/ipa/
install -m 0755 daemons/dnssec/ipa-dnskeysyncd $(DESTDIR)/usr/lib/ipa/
install -m 0644 daemons/dnssec/ipa-dnskeysyncd.service $(DESTDIR)/lib/systemd/system
install -m 0755 daemons/dnssec/ipa-ods-exporter $(DESTDIR)/usr/lib/ipa/
install -m 0644 daemons/dnssec/ipa-ods-exporter.service $(DESTDIR)/lib/systemd/system
install -m 0644 daemons/dnssec/ipa-ods-exporter.socket $(DESTDIR)/lib/systemd/system
install -m 0644 init/systemd/ipa_memcached.service $(DESTDIR)/lib/systemd/system
install -m 0644 init/systemd/ipa.service $(DESTDIR)/lib/systemd/system
install -m 0644 init/systemd/ipa-custodia.service $(DESTDIR)/lib/systemd/system
install -m 0644 contrib/completion/ipa.bash_completion $(DESTDIR)/usr/share/bash-completion/completions/ipa
else
make $(PLATFORM) IPA_VERSION_IS_GIT_SNAPSHOT=no client-install DESTDIR=$(DESTDIR)
endif
# purge .la files
find $(CURDIR)/debian/tmp -name "*.la" -type f -exec rm -f "{}" \;
# purge precompiled .pyc/.pyo files
find $(CURDIR)/debian/tmp -name '*.py[c,o]' -exec rm '{}' ';'
# fix permissions
find $(CURDIR)/debian/tmp -name "*.mo" -type f -exec chmod -x "{}" \;
override_dh_install:
dh_install --fail-missing
override_dh_systemd_enable:
dh_systemd_enable -pfreeipa-server --no-enable ipa.service
dh_systemd_enable -pfreeipa-server --no-enable ipa_memcached.service
dh_systemd_enable -pfreeipa-server --no-enable ipa-dnskeysyncd.service
dh_systemd_enable -pfreeipa-server --no-enable ipa-custodia.service
dh_systemd_enable -pfreeipa-server --no-enable ipa-ods-exporter.service
override_dh_fixperms:
dh_fixperms
chmod 0700 $(CURDIR)/debian/freeipa-server/etc/ipa/custodia
chmod 0700 $(CURDIR)/debian/freeipa-server/var/lib/ipa/backup
%:
dh $@ --with autoreconf,python2,systemd

2
debian/source/format vendored Normal file
View File

@@ -0,0 +1,2 @@
3.0 (quilt)

6
debian/source/lintian-overrides vendored Normal file
View File

@@ -0,0 +1,6 @@
# lintian fails with javascript files
source-is-missing install/ui/build/dojo/dojo.js
source-is-missing install/ui/src/libs/bootstrap.js
source-is-missing install/ui/src/libs/jquery.js
source-is-missing install/ui/src/libs/qrcode.js
source-is-missing install/ui/util/build/build.js

2
debian/watch vendored Normal file
View File

@@ -0,0 +1,2 @@
version=3
http://freeipa.org/page/Downloads http://freeipa.org/downloads/src/freeipa-(.+).tar.gz