summaryrefslogtreecommitdiffstats
path: root/freeipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
* vault: Move vaults to cn=vaults,cn=kraJan Cholasta2015-06-101-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Introduce installer framework ipapython.installJan Cholasta2015-06-081-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Import included profiles during install or upgradeFraser Tweedale2015-06-041-0/+2
| | | | | | | | | | | | Add a default service profile template as part of FreeIPA and format and import it as part of installation or upgrade process. Also remove the code that modifies the old (file-based) `caIPAserviceCert' profile. Fixes https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Install CA with LDAP profiles backendFraser Tweedale2015-06-041-3/+3
| | | | | | | | | Install the Dogtag CA to use the LDAPProfileSubsystem instead of the default (file-based) ProfileSubsystem. Part of: https://fedorahosted.org/freeipa/ticket/4560 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Make a package out of ipaserver.install.serverJan Cholasta2015-05-291-0/+1
| | | | | | | | | | Until ipa-server-install, ipa-replica-install and ipa-server-upgrade are merged into a single code base, keep their respective bits in separate modules in the package. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ds plugin - manage replication topology in the shared treeLudwig Krispenz2015-05-261-0/+2
| | | | | | | Implementation of ticket: https://fedorahosted.org/freeipa/ticket/4302 Design page: http://www.freeipa.org/page/V4/Manage_replication_topology Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* move IPA-related http runtime directories to common subdirectoryMartin Babinsky2015-05-191-2/+6
| | | | | | | | | | | | | | When both 'mod_auth_kerb' and 'mod_auth_gssapi' are installed at the same time, they use common directory for storing Apache ccache file. Uninstallation of 'mod_auth_kerb' removes this directory leading to invalid CCache path for httpd and authentication failure. Using an IPA-specific directory for credential storage during apache runtime avoids this issue. https://fedorahosted.org/freeipa/ticket/4973 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Fix uniqueness pluginsMartin Basti2015-05-191-3/+3
| | | | | | | | | | | | | | | | | | | Due previous changes (in master branch only) the uniqueness plugins became misconfigured. After this patch: * whole $SUFFIX will be checked by unique plugins * just staged users are exluded from check This reverts some changes in commit 52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb Since 389-ds-base 1.3.4.a1 new attribute 'uniqueness-exclude-subtrees' can be used. https://fedorahosted.org/freeipa/ticket/4921 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* provide dedicated ccache file for httpdMartin Babinsky2015-05-121-0/+5
| | | | | | | | | | | | | httpd service stores Kerberos credentials in kernel keyring which gets destroyed and recreated during service install/upgrade, causing problems when the process is run under SELinux context other than 'unconfined_t'. This patch enables HTTPInstance to set up a dedicated CCache file for Apache to store credentials. https://fedorahosted.org/freeipa/ticket/4973 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Server Upgrade: enable DS global lock during upgradeMartin Basti2015-05-051-3/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4925 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: use ipa-server-upgrade in RPM upgradeMartin Basti2015-05-041-2/+1
| | | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: ipa-server-upgrade commandMartin Basti2015-05-041-0/+2
| | | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* Update python-yubico dependency versionNathaniel McCallum2015-04-241-2/+2
| | | | | | | | This change enables support for all current YubiKey hardware. https://fedorahosted.org/freeipa/ticket/4954 Reviewed-By: Gabe Alford <redhatrises@gmail.com>
* Use mod_auth_gssapi instead of mod_auth_kerb.David Kupka2015-03-301-1/+3
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/4190 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* slapi-nis: require 0.54.2 for CVE-2015-0283 fixesAlexander Bokovoy2015-03-261-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* SPEC: Require python2 version of sssd bindingsLukas Slebodnik2015-03-181-0/+6
| | | | | | | | | | | | | | | | | | | | Python modules pysss and pysss_murmur was part of package sssd-common. Fedora 22 tries to get rid of python2 and therefore these modules were extracted from package sssd-common to separate packages python-sss and python-sss-murmur and python3 version of packages python3-sss python3-sss-murmur git grep "pysss" | grep import ipalib/plugins/trust.py: import pysss_murmur #pylint: disable=F0401 ipaserver/dcerpc.py:import pysss ipaserver/dcerpc.py is pacakged in freeipa-server-trust-ad palib/plugins/trust.py is packaged in freeipa-python Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* SPEC: Explicitly requires python-sssdconfigLukas Slebodnik2015-03-181-0/+2
| | | | | | | Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Bump 389-ds-base and pki-ca dependencies for POODLE fixesJan Cholasta2015-02-101-4/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4653 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Moved dbus-python dependence to freeipa-python packageMartin Babinsky2015-01-281-0/+1
| | | | | | | | Added dbus-python dependency to freeipa-python. This should fix https://fedorahosted.org/freeipa/ticket/4863 and also cover dbus-python dependencies in other freeipa-* packages. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* spec: Add BuildRequires for python-pytest pluginsTomas Babej2015-01-141-1/+3
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Run pylint on testsPetr Viktorin2015-01-141-1/+1
| | | | | | | | | | | | | | | Drop support for pylint < 1.0 Enable ignoring unknown attributes on modules (both nose and pytest use advanced techniques, support for which only made it to pylint recently) Fix some bugs revealed by pylint Do minor refactoring or add pylint:disable directives where the linter complains. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Make certificate renewal process synchronizedJan Cholasta2015-01-131-0/+1
| | | | | | | | Synchronization is achieved using a global renewal lock. https://fedorahosted.org/freeipa/ticket/4803 Reviewed-By: David Kupka <dkupka@redhat.com>
* Bump SSSD Requires to 1.12.3Martin Kosek2015-01-121-1/+1
| | | | | | | | | | | | | The new SSSD Requires contains support for following features: - FreeIPA user ID View overrides (not just AD users) - User SSH public keys in ID Views - krb5.conf localauth plugin https://fedorahosted.org/freeipa/ticket/4685 https://fedorahosted.org/freeipa/ticket/4509 https://fedorahosted.org/freeipa/ticket/4514 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipatests: Use pytest-sourceorderPetr Viktorin2014-12-171-0/+1
| | | | | | | | The plugin to run tests within a class in the order they're defined in the source was split into a separate project. Use this project instead of a FreeIPA-specific copy. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Remove dependency on subscription-managerGabe2014-12-111-3/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4783 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: Increase required version for pytest-multihost pluginTomas Babej2014-12-111-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_integration: Use python-pytest-multihostPetr Viktorin2014-12-111-1/+1
| | | | | | | | | | | | The core integration testing functionality was split into a separate project. Use this project, and configure it for FreeIPA. The "mh" (multihost) fixture is made available for integration tests. Configuration based on environment variables is moved into a separate module, to ease eventual deprecation. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Using wget to get status of CAMartin Basti2014-12-101-0/+1
| | | | | | | This is just workaround Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use NSS protocol range API to set available TLS protocolsRob Crittenden2014-11-241-1/+1
| | | | | | | | | | | | | Protocols are configured as an inclusive range from SSLv3 through TLSv1.2. The allowed values in the range are ssl3, tls1.0, tls1.1 and tls1.2. This is overridable per client by setting tls_version_min and/or tls_version_max. https://fedorahosted.org/freeipa/ticket/4653 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Integration tests: Port the ordering plugin to pytestPetr Viktorin2014-11-211-0/+1
| | | | | | | | Ordered integration tests may now be run with pytest. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix wrong expiration date on renewed IPA CA certificatesJan Cholasta2014-11-191-2/+2
| | | | | | | | | The expiration date was always set to the expiration date of the original certificate. https://fedorahosted.org/freeipa/ticket/4717 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix named working directory permissionsMartin Basti2014-11-181-2/+1
| | | | | | | | Just adding dir to specfile doesnt work, because is not guarantee the named is installed, during RPM installation. Ticket: https://fedorahosted.org/freeipa/ticket/4716 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix minimal version of BIND for Fedora 20 and 21Petr Spacek2014-11-071-1/+7
| | | | Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* specfile: Add BuildRequires for pki-base 10.2.1-0Tomas Babej2014-11-071-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4688 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Update slapi-nis dependency to pull 0.54.1Alexander Bokovoy2014-11-071-1/+1
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fixed KRA backend.Endi S. Dewata2014-11-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The KRA backend has been simplified since most of the tasks have been moved somewhere else. The transport certificate will be installed on the client, and it is not needed by KRA backend. The KRA agent's PEM certificate is now generated during installation due to permission issue. The kra_host() for now is removed since the current ldap_enable() cannot register the KRA service, so it is using the kra_host environment variable. The KRA installer has been modified to use Dogtag's CLI to create KRA agent and setup the client authentication. The proxy settings have been updated to include KRA's URLs. Some constants have been renamed for clarity. The DOGTAG_AGENT_P12 has been renamed to DOGTAG_ADMIN_P12 since file actually contains the Dogtag admin's certificate and private key and it can be used to access both CA and KRA. The DOGTAG_AGENT_PEM has been renamed to KRA_AGENT_PEM since it can only be used for KRA. The Dogtag dependency has been updated to 10.2.1-0.1. https://fedorahosted.org/freeipa/ticket/4503 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add bind-dyndb-ldap working dir to IPA specfileMartin Basti2014-10-311-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4657#comment:6 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* build: increase java stack size for all archesPetr Vobornik2014-10-221-2/+1
| | | | | | | Gradually new arches which need a bigger stack size for web ui build appear. It's safer to increase the stack size for every architecture and avoid possible future issues. Reason: build fail on armv7hl Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNSSEC: add ipa dnssec daemonsPetr Spacek2014-10-211-0/+22
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: add ipapk11helper moduleMartin Basti2014-10-211-0/+2
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: dependenciesMartin Basti2014-10-211-2/+13
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* spec: Bump SSSD requires to 1.12.2Tomas Babej2014-10-211-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* extdom: add support for sss_nss_getorigbyname()Sumit Bose2014-10-211-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* Create ipa-otp-counter 389DS pluginNathaniel McCallum2014-10-201-3/+5
| | | | | | | | | | | | | | | This plugin ensures that all counter/watermark operations are atomic and never decrement. Also, deletion is not permitted. Because this plugin also ensures internal operations behave properly, this also gives ipa-pwd-extop the appropriate behavior for OTP authentication. https://fedorahosted.org/freeipa/ticket/4493 https://fedorahosted.org/freeipa/ticket/4494 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support MS CS as the external CA in ipa-server-install and ipa-ca-installJan Cholasta2014-10-131-1/+1
| | | | | | | | | | | Added a new option --external-ca-type which specifies the type of the external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs" is selected, the CSR generated for the IPA CA will include MS template name extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA". https://fedorahosted.org/freeipa/ticket/4496 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Require slapi-nis 0.54 or later for ID views supportAlexander Bokovoy2014-10-131-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Support building RPMs for RHEL/CentOS 7.0Jan Cholasta2014-10-091-8/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Missing requires on python-dns in spec fileGabe2014-10-091-3/+3
| | | | | | | | - Updated to required python-dns version 1.11.1 https://fedorahosted.org/freeipa/ticket/4613 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove ipa-ca.crt from systemwide CA store on client uninstall and cert updateJan Cholasta2014-09-301-0/+1
| | | | | | | | | | | | | | | | The file was used by previous versions of IPA to provide the IPA CA certificate to p11-kit and has since been obsoleted by ipa.p11-kit, a file which contains all the CA certificates and associated trust policy from the LDAP certificate store. Since p11-kit is hooked into /etc/httpd/alias, ipa-ca.crt must be removed to prevent certificate import failures in installer code. Also add ipa.p11-kit to the files owned by the freeipa-python package. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Introduce NSS database /etc/ipa/nssdbJan Cholasta2014-09-301-0/+17
| | | | | | | | | | This is the new default NSS database for IPA. /etc/pki/nssdb is still maintained for backward compatibility. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-17 14:38:55 +0000