summaryrefslogtreecommitdiffstats
path: root/freeipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
* Use mod_auth_gssapi instead of mod_auth_kerb.David Kupka2015-03-301-1/+3
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/4190 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* slapi-nis: require 0.54.2 for CVE-2015-0283 fixesAlexander Bokovoy2015-03-261-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* SPEC: Require python2 version of sssd bindingsLukas Slebodnik2015-03-181-0/+6
| | | | | | | | | | | | | | | | | | | | Python modules pysss and pysss_murmur was part of package sssd-common. Fedora 22 tries to get rid of python2 and therefore these modules were extracted from package sssd-common to separate packages python-sss and python-sss-murmur and python3 version of packages python3-sss python3-sss-murmur git grep "pysss" | grep import ipalib/plugins/trust.py: import pysss_murmur #pylint: disable=F0401 ipaserver/dcerpc.py:import pysss ipaserver/dcerpc.py is pacakged in freeipa-server-trust-ad palib/plugins/trust.py is packaged in freeipa-python Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* SPEC: Explicitly requires python-sssdconfigLukas Slebodnik2015-03-181-0/+2
| | | | | | | Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Bump 389-ds-base and pki-ca dependencies for POODLE fixesJan Cholasta2015-02-101-4/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4653 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Moved dbus-python dependence to freeipa-python packageMartin Babinsky2015-01-281-0/+1
| | | | | | | | Added dbus-python dependency to freeipa-python. This should fix https://fedorahosted.org/freeipa/ticket/4863 and also cover dbus-python dependencies in other freeipa-* packages. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* spec: Add BuildRequires for python-pytest pluginsTomas Babej2015-01-141-1/+3
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Run pylint on testsPetr Viktorin2015-01-141-1/+1
| | | | | | | | | | | | | | | Drop support for pylint < 1.0 Enable ignoring unknown attributes on modules (both nose and pytest use advanced techniques, support for which only made it to pylint recently) Fix some bugs revealed by pylint Do minor refactoring or add pylint:disable directives where the linter complains. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Make certificate renewal process synchronizedJan Cholasta2015-01-131-0/+1
| | | | | | | | Synchronization is achieved using a global renewal lock. https://fedorahosted.org/freeipa/ticket/4803 Reviewed-By: David Kupka <dkupka@redhat.com>
* Bump SSSD Requires to 1.12.3Martin Kosek2015-01-121-1/+1
| | | | | | | | | | | | | The new SSSD Requires contains support for following features: - FreeIPA user ID View overrides (not just AD users) - User SSH public keys in ID Views - krb5.conf localauth plugin https://fedorahosted.org/freeipa/ticket/4685 https://fedorahosted.org/freeipa/ticket/4509 https://fedorahosted.org/freeipa/ticket/4514 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipatests: Use pytest-sourceorderPetr Viktorin2014-12-171-0/+1
| | | | | | | | The plugin to run tests within a class in the order they're defined in the source was split into a separate project. Use this project instead of a FreeIPA-specific copy. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Remove dependency on subscription-managerGabe2014-12-111-3/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4783 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipatests: Increase required version for pytest-multihost pluginTomas Babej2014-12-111-1/+1
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_integration: Use python-pytest-multihostPetr Viktorin2014-12-111-1/+1
| | | | | | | | | | | | The core integration testing functionality was split into a separate project. Use this project, and configure it for FreeIPA. The "mh" (multihost) fixture is made available for integration tests. Configuration based on environment variables is moved into a separate module, to ease eventual deprecation. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Using wget to get status of CAMartin Basti2014-12-101-0/+1
| | | | | | | This is just workaround Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use NSS protocol range API to set available TLS protocolsRob Crittenden2014-11-241-1/+1
| | | | | | | | | | | | | Protocols are configured as an inclusive range from SSLv3 through TLSv1.2. The allowed values in the range are ssl3, tls1.0, tls1.1 and tls1.2. This is overridable per client by setting tls_version_min and/or tls_version_max. https://fedorahosted.org/freeipa/ticket/4653 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Integration tests: Port the ordering plugin to pytestPetr Viktorin2014-11-211-0/+1
| | | | | | | | Ordered integration tests may now be run with pytest. https://fedorahosted.org/freeipa/ticket/4610 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix wrong expiration date on renewed IPA CA certificatesJan Cholasta2014-11-191-2/+2
| | | | | | | | | The expiration date was always set to the expiration date of the original certificate. https://fedorahosted.org/freeipa/ticket/4717 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix named working directory permissionsMartin Basti2014-11-181-2/+1
| | | | | | | | Just adding dir to specfile doesnt work, because is not guarantee the named is installed, during RPM installation. Ticket: https://fedorahosted.org/freeipa/ticket/4716 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix minimal version of BIND for Fedora 20 and 21Petr Spacek2014-11-071-1/+7
| | | | Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* specfile: Add BuildRequires for pki-base 10.2.1-0Tomas Babej2014-11-071-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4688 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Update slapi-nis dependency to pull 0.54.1Alexander Bokovoy2014-11-071-1/+1
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fixed KRA backend.Endi S. Dewata2014-11-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The KRA backend has been simplified since most of the tasks have been moved somewhere else. The transport certificate will be installed on the client, and it is not needed by KRA backend. The KRA agent's PEM certificate is now generated during installation due to permission issue. The kra_host() for now is removed since the current ldap_enable() cannot register the KRA service, so it is using the kra_host environment variable. The KRA installer has been modified to use Dogtag's CLI to create KRA agent and setup the client authentication. The proxy settings have been updated to include KRA's URLs. Some constants have been renamed for clarity. The DOGTAG_AGENT_P12 has been renamed to DOGTAG_ADMIN_P12 since file actually contains the Dogtag admin's certificate and private key and it can be used to access both CA and KRA. The DOGTAG_AGENT_PEM has been renamed to KRA_AGENT_PEM since it can only be used for KRA. The Dogtag dependency has been updated to 10.2.1-0.1. https://fedorahosted.org/freeipa/ticket/4503 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add bind-dyndb-ldap working dir to IPA specfileMartin Basti2014-10-311-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4657#comment:6 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* build: increase java stack size for all archesPetr Vobornik2014-10-221-2/+1
| | | | | | | Gradually new arches which need a bigger stack size for web ui build appear. It's safer to increase the stack size for every architecture and avoid possible future issues. Reason: build fail on armv7hl Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNSSEC: add ipa dnssec daemonsPetr Spacek2014-10-211-0/+22
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: add ipapk11helper moduleMartin Basti2014-10-211-0/+2
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: dependenciesMartin Basti2014-10-211-2/+13
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* spec: Bump SSSD requires to 1.12.2Tomas Babej2014-10-211-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* extdom: add support for sss_nss_getorigbyname()Sumit Bose2014-10-211-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* Create ipa-otp-counter 389DS pluginNathaniel McCallum2014-10-201-3/+5
| | | | | | | | | | | | | | | This plugin ensures that all counter/watermark operations are atomic and never decrement. Also, deletion is not permitted. Because this plugin also ensures internal operations behave properly, this also gives ipa-pwd-extop the appropriate behavior for OTP authentication. https://fedorahosted.org/freeipa/ticket/4493 https://fedorahosted.org/freeipa/ticket/4494 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support MS CS as the external CA in ipa-server-install and ipa-ca-installJan Cholasta2014-10-131-1/+1
| | | | | | | | | | | Added a new option --external-ca-type which specifies the type of the external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs" is selected, the CSR generated for the IPA CA will include MS template name extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA". https://fedorahosted.org/freeipa/ticket/4496 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Require slapi-nis 0.54 or later for ID views supportAlexander Bokovoy2014-10-131-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Support building RPMs for RHEL/CentOS 7.0Jan Cholasta2014-10-091-8/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Missing requires on python-dns in spec fileGabe2014-10-091-3/+3
| | | | | | | | - Updated to required python-dns version 1.11.1 https://fedorahosted.org/freeipa/ticket/4613 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove ipa-ca.crt from systemwide CA store on client uninstall and cert updateJan Cholasta2014-09-301-0/+1
| | | | | | | | | | | | | | | | The file was used by previous versions of IPA to provide the IPA CA certificate to p11-kit and has since been obsoleted by ipa.p11-kit, a file which contains all the CA certificates and associated trust policy from the LDAP certificate store. Since p11-kit is hooked into /etc/httpd/alias, ipa-ca.crt must be removed to prevent certificate import failures in installer code. Also add ipa.p11-kit to the files owned by the freeipa-python package. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Introduce NSS database /etc/ipa/nssdbJan Cholasta2014-09-301-0/+17
| | | | | | | | | | This is the new default NSS database for IPA. /etc/pki/nssdb is still maintained for backward compatibility. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* FIX: ldap schmema updater needs correct ordering of the updatesMartin Basti2014-09-251-1/+1
| | | | | | | | | Required bugfix in python-ldap 2.4.15 Updates must respect SUP objectclasses/attributes and update dependencies first Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Include the ipa command in client-only buildJan Cholasta2014-09-231-6/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4536 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Include ipaplatform in client-only buildJan Cholasta2014-09-231-0/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4533 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow RPM upgrade from ipa-* packagesJan Cholasta2014-09-231-5/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/4532 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Dogtag 10.2 to spec.fileMartin Basti2014-09-221-2/+2
| | | | | | Dogtag 10.2 is required due to support a Vault feature Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Update SSL ciphers configured in 389-ds-baseLudwig Krispenz2014-09-121-3/+3
| | | | | | | | | | use configuration parameters to enable ciphers provided by NSS and not considered weak. This requires 389-ds version 1.3.3.2 or later https://fedorahosted.org/freeipa/ticket/4395 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Update qrcode support for newer python-qrcodeNathaniel McCallum2014-09-111-2/+2
| | | | | | | | | This substantially reduces the FreeIPA dependencies and allows QR codes to fit in a standard terminal. https://fedorahosted.org/freeipa/ticket/4430 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix hardcoded lib dir in freeipa.specGabe2014-09-091-3/+3
| | | | | | | | - Migrate hardcoded tmpfiles.d paths to %{_tmpfilesdir} macro in spec file https://fedorahosted.org/freeipa/ticket/4528 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use autobind when updating CA people entries during certificate renewalJan Cholasta2014-09-091-1/+1
| | | | | | | | | Requires fix for <https://bugzilla.redhat.com/show_bug.cgi?id=1122110>, bump selinux-policy in the spec file. https://fedorahosted.org/freeipa/ticket/4005 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use certmonger D-Bus API instead of messing with its files.David Kupka2014-09-051-1/+1
| | | | | | | | | | | | FreeIPA certmonger module changed to use D-Bus to communicate with certmonger. Using the D-Bus API should be more stable and supported way of using cermonger than tampering with its files. >=certmonger-0.75.13 is needed for this to work. https://fedorahosted.org/freeipa/ticket/4280 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* freeipa.spec.in: Add python-backports-ssl_match_hostname to BuildRequiresPetr Viktorin2014-09-021-0/+1
| | | | | | | | | | This patch adds an explicit build dependency to python-backports-ssl_match_hostname. Without it, the build-time lint would fail. https://fedorahosted.org/freeipa/ticket/4515 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* CLIENT: Explicitly require python-backports-ssl_match_hostnameJakub Hrozek2014-09-021-0/+1
| | | | | | | | | | | | | | Without python-backports-ssl_match_hostname installed, an ipa-client installation could have failed with: from backports.ssl_match_hostname import match_hostname ImportError: No module named ssl_match_hostname This patch adds an explicit dependency to python-backports-ssl_match_hostname. https://fedorahosted.org/freeipa/ticket/4515 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add man page for ipa-kra-installAde Lee2014-08-261-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4504 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-11 01:15:13 +0000