From f3b606b627ea317e87b89ffb6ce2f0fb745f38aa Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 20 Jan 2012 13:30:25 -0500
Subject: Update and package ipa-upgradeconfig man page.

Require that the tool be run as root to avoid a permission-related
backtrace.

https://fedorahosted.org/freeipa/ticket/1758
---
 freeipa.spec.in                       | 1 +
 install/tools/ipa-upgradeconfig       | 3 +++
 install/tools/man/Makefile.am         | 1 +
 install/tools/man/ipa-upgradeconfig.8 | 4 +++-
 4 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 2526a5247..729343f7a 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -564,6 +564,7 @@ fi
 %{_mandir}/man1/ipa-managed-entries.1.gz
 %{_mandir}/man1/ipa-ldap-updater.1.gz
 %{_mandir}/man8/ipactl.8.gz
+%{_mandir}/man8/ipa-upgradeconfig.8.gz
 %{_mandir}/man1/ipa-compliance.1.gz
 
 %files server-selinux
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 8c4d9a260..2cd3ef376 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -164,6 +164,9 @@ def main():
     exit gracefully.
     """
 
+    if not os.geteuid()==0:
+        sys.exit("\nYou must be root to run this script.\n")
+
     try:
         krbctx = krbV.default_context()
     except krbV.Krb5Error, e:
diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am
index 91aa23ca1..8d5d416d9 100644
--- a/install/tools/man/Makefile.am
+++ b/install/tools/man/Makefile.am
@@ -23,6 +23,7 @@ man1_MANS = 				\
 
 man8_MANS =				\
 	ipactl.8			\
+	ipa-upgradeconfig.8		\
         $(NULL)
 
 install-data-hook:
diff --git a/install/tools/man/ipa-upgradeconfig.8 b/install/tools/man/ipa-upgradeconfig.8
index 76e2782a4..442f05482 100644
--- a/install/tools/man/ipa-upgradeconfig.8
+++ b/install/tools/man/ipa-upgradeconfig.8
@@ -26,7 +26,9 @@ A tool to update the IPA Apache configuration during an upgrade.
 
 It examines the VERSION value in the head of \fI/etc/httpd/conf.d/ipa.conf\fR and \fI/etc/httpd/conf.d/ipa\-rewrite.conf\fR and compares this with the templates. If an update is needed then new files are written.
 
-This is not intended to be run by an end\-user. It is executed when the IPA rpms are upgraded.
+It also will convert a CA configured to be accessible via ports 9443, 9444, 9445 and 9446 to be proxied by the IPA web server on ports 80 and 443.
+
+This is not intended to be run by an end\-user. It is executed when the IPA rpms are upgraded. This must be run as the root user.
 .SH "EXIT STATUS"
 0 if the update was successful or there was nothing to do
 
-- 
cgit