diff options
| -rw-r--r-- | freeipa.spec.in | 6 | ||||
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 23 |
2 files changed, 26 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 4f08db9f6..de250d884 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -96,7 +96,7 @@ BuildRequires: python-backports-ssl_match_hostname BuildRequires: softhsm-devel >= 2.0.0rc1-1 BuildRequires: openssl-devel BuildRequires: p11-kit-devel -BuildRequires: pki-base >= 10.2.4-1 +BuildRequires: pki-base >= 10.2.5 BuildRequires: python-pytest-multihost >= 0.5 BuildRequires: python-pytest-sourceorder BuildRequires: python-kdcproxy >= 0.3 @@ -141,8 +141,8 @@ Requires(post): systemd-units Requires: selinux-policy >= %{selinux_policy_version} Requires(post): selinux-policy-base Requires: slapi-nis >= 0.54.2-1 -Requires: pki-ca >= 10.2.4-1 -Requires: pki-kra >= 10.2.4-1 +Requires: pki-ca >= 10.2.5 +Requires: pki-kra >= 10.2.5 Requires(preun): python systemd-units Requires(postun): python systemd-units Requires: python-dns >= 1.11.1 diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 822f74622..4a9f0128a 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -31,6 +31,7 @@ from ipaserver.install import service from ipaserver.install import cainstance from ipaserver.install import certs from ipaserver.install import otpdinstance +from ipaserver.install import schemaupdate from ipaserver.install import sysupgrade from ipaserver.install import dnskeysyncinstance from ipaserver.install.upgradeinstance import IPAUpgrade @@ -1254,6 +1255,27 @@ def update_mod_nss_protocol(http): sysupgrade.set_upgrade_state('nss.conf', 'protocol_updated_tls12', True) +def ca_upgrade_schema(ca): + root_logger.info('[Upgrading CA schema]') + if not ca.is_configured(): + root_logger.info('CA is not configured') + return False + + schema_files=['/usr/share/pki/server/conf/schema-certProfile.ldif'] + try: + modified = schemaupdate.update_schema(schema_files, ldapi=True) + except Exception as e: + root_logger.error("%s", e) + raise RuntimeError('CA schema upgrade failed.', 1) + else: + if modified: + root_logger.info('CA schema update complete') + return True + else: + root_logger.info('CA schema update complete (no changes)') + return False + + def add_default_caacl(ca): root_logger.info('[Add default CA ACL]') @@ -1452,6 +1474,7 @@ def upgrade_configuration(): ca_restart = any([ ca_restart, + ca_upgrade_schema(ca), upgrade_ca_audit_cert_validity(ca), certificate_renewal_update(ca), ca_enable_pkix(ca), |