7a3070709b
freeipa (4.12.4-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2024-11029 (Closes: #1093383)
- CVE-2025-4404 (Closes: #1108050)
* control: Demote libnss-myhostname to Suggests. (ref. #1006829)
* patches: Fix samba lock directory location. (Closes: #1012593)
* patches: Map nobody group to nogroup on Debian. (Closes: #1012592)
.
freeipa (4.12.2-3) unstable; urgency=medium
.
* control: Add libnss-myhostname to client depends. (Closes: #1006829)
* control: Add python3-ifaddr to ipalib depends. (Closes: #1089716)
* control: Add python3-sphinx to build-depends. (Closes: #1003179,
#1044642, #1049799)
.
freeipa (4.12.2-2) unstable; urgency=medium
.
* control: Migrate to bind9-dnsutils. (Closes: #1094939)
.
freeipa (4.12.2-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2024-2698 (Closes: #1077682)
- CVE-2024-3183 (Closes: #1077683)
* control: Drop conflicts on systemd-timesyncd as upstream recognizes
it now. (Closes: #1072168)
* use-raw-strings.diff: Dropped, upstream.
* rules: Fix installing bash-completions. (Closes: #1089329)
* control: Drop python3-nose from build-depends, unused. (Closes:
#1018359)
.
freeipa (4.11.1-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Replace systemd Build-Depends with systemd-dev for systemd.pc.
(Closes: #1060469)
.
freeipa (4.11.1-2) unstable; urgency=medium
.
* use-raw-strings.diff: Import patch from upstream to fix noise when
installing. (LP: #2060298)
* map-ssh-service.diff: Map sshd service to use ssh.service. (LP:
#2061055)
.
freeipa (4.11.1-1) unstable; urgency=medium
.
* New upstream release.
* control: Add sssd-passkey to freeipa-client Recommends.
* control.server: Drop python3-paste from python3-ipatests depends,
obsolete.
* control, rules: Replace hardcoded librpm9 depends. (Closes:
#1067570)
.
freeipa (4.10.2-2) unstable; urgency=medium
.
[ Timo Aaltonen ]
* control: Bump certmonger dependency.
.
[ Helmut Grohne ]
* Fix FTBFS when systemd.pc changes systemdsystemunitdir. (Closes:
#1052641)
.
freeipa (4.10.2-1) unstable; urgency=medium
.
* New upstream release.
* control: Bump sssd, bind9 depends.
* source: Update extend-diff-ignore.
* copyright, source: Fix some lintian issues/overrides.
* server-trust-ad: Add a lintian override for the samba plugin rpath.
* source: Add a lintian override for client-only build; empty-debian-
tests-control.
.
freeipa (4.9.11-1) unstable; urgency=medium
.
* New upstream release. (Closes: #1029070)
* control: Add systemd-timesyncd to freeipa-client Conflicts. (Closes:
#1008195)
* patches: Drop upstreamed patches.
* source: Extend diff-ignore.
* server.install: Updated.
.
freeipa (4.9.8-1) unstable; urgency=medium
.
* New upstream release.
* patches: Drop upstreamed patch.
* server.install: Updated.
* Build only the client in order to be able to backport to bullseye.
(Closes: #996946)
* control: Depend on librpm9 instead of librpm8.
* tests: Disabled for a client-only build.
.
freeipa (4.9.7-3) unstable; urgency=medium
.
* tests: Set KRB5_TRACE to use stderr.
* patches: Fix apache group properly.
* client: Move .tmpfile -> .tmpfiles.
* control: Bump debhelper to 13, gain dh_installtmpfiles being run.
* control, rules: Add --without-ipa-join-xml and drop libxmlrpc from depends.
* server.postinst: Drop creating old ccaches for mod_auth_gssapi, obsolete.
* server.postinst: Drop old upgrade rules.
* patches: Fix named keytab name.
.
freeipa (4.9.7-2) unstable; urgency=medium
.
* lintian: Drop override on python-script-but-no-python-dep, which doesn't
exist anymore.
* rules: Add fortify flag to CFLAGS, as CPPFLAGS isn't used by the project.
* ci: Drop allowed failure for blhc, it passes now.
* control: Build-depend on libcurl4-openssl-dev.
* fix-paths.diff: Fix some paths in ipaplatform/base.
* fix-apache-group.diff: Fix apache group name in ipa.conf tmpfile.
* control: Depend on gpg instead of gnupg.
* control: Drop libwbclient-sssd from freeipa-client-samba Depends.
* patches: Import a patch to fix ipa cert-find. (Closes: #997952)
.
freeipa (4.9.7-1) unstable; urgency=medium
.
* New upstream release.
* control: Drop obsolete depends on python3-nss.
* pkcs11-openssl-for-bind.diff,
migrate-to-gpg.diff,
use-bind9.16.diff,
fix-chrony-service-name.diff:
- Dropped, upstream.
* watch: Fixed to find upstream rc's.
* source: Update extend-diff-ignore.
* control: Add libcurl-dev, libjansson-dev and libpwquality-dev to
build-depends.
* install: Added new files.
* rules: Drop ipasphinx files for now.
* control: Drop dependency on custodia, not needed.
* control: Bump 389-ds-base depends.
* control: Drop python3-coverage depends, it's not used.
* control: Bump dogtag depends.
55 lines
2.3 KiB
Diff
55 lines
2.3 KiB
Diff
From 1e47185289fbbe29eedca82a4872d1d075b26c26 Mon Sep 17 00:00:00 2001
|
|
From: Frederik Himpe <frederik@frehi.be>
|
|
Date: Thu, 27 Feb 2025 11:28:30 +0100
|
|
Subject: [PATCH] Make path of Samba lock directory configurable and use
|
|
/run/samba on Debian
|
|
|
|
Signed-off-by: Frederik Himpe <frederik@frehi.be>
|
|
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
ipaplatform/base/paths.py | 1 +
|
|
ipaplatform/debian/paths.py | 1 +
|
|
ipaserver/install/adtrustinstance.py | 2 +-
|
|
3 files changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
|
|
index 6a62d7bd0..f794aae6d 100644
|
|
--- a/ipaplatform/base/paths.py
|
|
+++ b/ipaplatform/base/paths.py
|
|
@@ -350,6 +350,7 @@ class BasePathNamespace:
|
|
KRA_CS_CFG_PATH = "/var/lib/pki/pki-tomcat/conf/kra/CS.cfg"
|
|
KRACERT_P12 = "/root/kracert.p12"
|
|
SAMBA_DIR = "/var/lib/samba"
|
|
+ SAMBA_LOCKDIR = "/var/lib/samba/lock"
|
|
SSSD_DB = "/var/lib/sss/db"
|
|
SSSD_MC_GROUP = "/var/lib/sss/mc/group"
|
|
SSSD_MC_PASSWD = "/var/lib/sss/mc/passwd"
|
|
diff --git a/ipaplatform/debian/paths.py b/ipaplatform/debian/paths.py
|
|
index 7a8099680..229f185f0 100644
|
|
--- a/ipaplatform/debian/paths.py
|
|
+++ b/ipaplatform/debian/paths.py
|
|
@@ -44,6 +44,7 @@ class DebianPathNamespace(BasePathNamespace):
|
|
OPENSSL_DIR = "/usr/lib/ssl"
|
|
OPENSSL_CERTS_DIR = "/usr/lib/ssl/certs"
|
|
OPENSSL_PRIVATE_DIR = "/usr/lib/ssl/private"
|
|
+ SAMBA_LOCKDIR = "/run/samba"
|
|
ETC_DEBIAN_VERSION = "/etc/debian_version"
|
|
# Old versions of freeipa wrote all trusted certificates to a single
|
|
# file, which is not supported by ca-certificates.
|
|
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
|
|
index df2586ef1..bc3a282e6 100644
|
|
--- a/ipaserver/install/adtrustinstance.py
|
|
+++ b/ipaserver/install/adtrustinstance.py
|
|
@@ -962,7 +962,7 @@ class ADTRUSTInstance(service.Service):
|
|
# in /var/lib/samba and /var/lib/samba/private
|
|
for smbpath in (paths.SAMBA_DIR,
|
|
os.path.join(paths.SAMBA_DIR, "private"),
|
|
- os.path.join(paths.SAMBA_DIR, "lock")):
|
|
+ paths.SAMBA_LOCKDIR):
|
|
if os.path.isdir(smbpath):
|
|
tdb_files = [
|
|
os.path.join(smbpath, tdb_file)
|
|
--
|
|
2.48.1
|
|
|