1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
|
Name: ipa-server
Version: __VERSION__
Release: __RELEASE__%{?dist}
Summary: IPA authentication server
Group: System Environment/Base
License: GPLv2
URL: http://www.freeipa.org
Source0: %{name}-%{version}.tgz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: fedora-ds-base-devel >= 1.1
BuildRequires: mozldap-devel
BuildRequires: openssl-devel
BuildRequires: openldap-devel
BuildRequires: krb5-devel
BuildRequires: nss-devel
BuildRequires: libcap-devel
Requires(post): ipa-server-selinux
Requires: ipa-python
Requires: ipa-admintools
Requires: ipa-client
Requires: fedora-ds-base >= 1.1
Requires: openldap-clients
Requires: nss
Requires: nss-tools
Requires: krb5-server
Requires: krb5-server-ldap
Requires: cyrus-sasl-gssapi
Requires: ntp
Requires: httpd
Requires: mod_python
Requires: mod_auth_kerb
Requires: mod_nss >= 1.0.7-2
Requires: python-ldap
Requires: python
Requires: python-krbV
Requires: TurboGears
Requires: python-tgexpandingformwidget
Requires: acl
Requires: python-pyasn1
Requires: libcap
Requires: slapi-nis
Conflicts: mod_ssl
%define httpd_conf /etc/httpd/conf.d
%define plugin_dir %{_libdir}/dirsrv/plugins
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%description
IPA is a server for identity, policy, and audit.
%prep
%setup -q
./configure --prefix=%{buildroot}/usr --libdir=%{buildroot}/%{_libdir} --sysconfdir=%{buildroot}/etc --localstatedir=%{buildroot}/var --mandir=%{buildroot}/usr/share/man
%build
make
%install
rm -rf %{buildroot}
make install
# Remove .la files from libtool - we don't want to package
# these files
rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la
rm %{buildroot}/%{plugin_dir}/libipa-memberof-plugin.la
rm %{buildroot}/%{plugin_dir}/libipa-dna-plugin.la
rm %{buildroot}/%{plugin_dir}/libipa_winsync.la
# Some user-modifiable HTML files are provided. Move these to /etc
# and link back.
mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html
mv %{buildroot}/%{_usr}/share/ipa/html/ssbrowser.html %{buildroot}/%{_sysconfdir}/ipa/html
mv %{buildroot}/%{_usr}/share/ipa/html/unauthorized.html %{buildroot}/%{_sysconfdir}/ipa/html
ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
%{buildroot}%{_usr}/share/ipa/html/ssbrowser.html
ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
%{buildroot}%{_usr}/share/ipa/html/unauthorized.html
%clean
rm -rf %{buildroot}
%post
if [ $1 = 1 ]; then
/sbin/chkconfig --add ipa_kpasswd
/sbin/chkconfig --add ipa_webgui
fi
if [ -e /usr/share/ipa/serial ]; then
mv /usr/share/ipa/serial /var/lib/ipa/ca_serialno
fi
/bin/touch /var/log/ipa_error.log
/bin/chown apache /var/log/ipa_error.log
/bin/chmod 600 /var/log/ipa_error.log
restorecon /var/log/ipa_error.log
/usr/sbin/ipa-upgradeconfig || :
%preun
if [ $1 = 0 ]; then
/sbin/chkconfig --del ipa_kpasswd
/sbin/chkconfig --del ipa_webgui
/sbin/service ipa_kpasswd stop >/dev/null 2>&1 || :
/sbin/service ipa_webgui stop >/dev/null 2>&1 || :
fi
%postun
if [ "$1" -ge "1" ]; then
/sbin/service ipa_kpasswd condrestart >/dev/null 2>&1 || :
/sbin/service ipa_webgui condrestart >/dev/null 2>&1 || :
/sbin/service httpd condrestart >/dev/null 2>&1 || :
/sbin/service dirsrv condrestart >/dev/null 2>&1 || :
fi
%files
%defattr(-,root,root,-)
%{_sbindir}/ipa-server-install
%{_sbindir}/ipa-replica-install
%{_sbindir}/ipa-replica-prepare
%{_sbindir}/ipa-replica-manage
%{_sbindir}/ipa-server-certinstall
%{_sbindir}/ipactl
%{_sbindir}/ipa_kpasswd
%{_sbindir}/ipa_webgui
%{_sbindir}/ipa-upgradeconfig
%{_sbindir}/ipa-fix-CVE-2008-3274
%{_sbindir}/ipa-ldap-updater
%{_sbindir}/ipa-compat-manage
%attr(755,root,root) %{_initrddir}/ipa_kpasswd
%attr(755,root,root) %{_initrddir}/ipa_webgui
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/*.ldif
%{_usr}/share/ipa/*.template
%dir %{_usr}/share/ipa/html
%{_usr}/share/ipa/html/ssbrowser.html
%{_usr}/share/ipa/html/unauthorized.html
%dir %{_sysconfdir}/ipa
%dir %{_sysconfdir}/ipa/html
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
%{_usr}/share/ipa/ipa_webgui.cfg
%{_usr}/share/ipa/ipa.conf
%{_usr}/share/ipa/ipa-rewrite.conf
%dir %{_usr}/share/ipa/ipagui
%{_usr}/share/ipa/ipagui/*
%dir %{_usr}/share/ipa/ipa_gui.egg-info
%{_usr}/share/ipa/ipa_gui.egg-info/*
%dir %{_usr}/share/ipa/ipaserver
%{_usr}/share/ipa/ipaserver/*
%dir %{_usr}/share/ipa/locales/
%{_usr}/share/ipa/locales/*
%dir %{_usr}/share/ipa/updates/
%{_usr}/share/ipa/updates/*
%dir %{python_sitelib}/ipaserver
%{python_sitelib}/ipaserver/*.py*
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
%attr(755,root,root) %{plugin_dir}/libipa-memberof-plugin.so
%attr(755,root,root) %{plugin_dir}/libipa-dna-plugin.so
%attr(755,root,root) %{plugin_dir}/libipa_winsync.so
%dir %{_localstatedir}/lib/ipa
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
%dir %{_localstatedir}/cache/ipa
%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
%{_mandir}/man8/ipactl.8.gz
%{_mandir}/man8/ipa_kpasswd.8.gz
%{_mandir}/man8/ipa_webgui.8.gz
%{_mandir}/man1/ipa-replica-install.1.gz
%{_mandir}/man1/ipa-replica-manage.1.gz
%{_mandir}/man1/ipa-replica-prepare.1.gz
%{_mandir}/man1/ipa-server-certinstall.1.gz
%{_mandir}/man1/ipa-server-install.1.gz
%{_mandir}/man1/ipa-ldap-updater.1.gz
%{_mandir}/man1/ipa-compat-manage.1.gz
%changelog
* Wed Sep 17 2008 Rob Crittenden <rcritten@redhat.com> - 1.2.0-0
- Add ipa-upgradeconfig command and run it at post
- Move location of the self-signed CA serial number
- Add ipa-ldap-updater
- Add updates directory
- Restart httpd and dirsrv services after upgrade
- Added WinSync Support - winsync plugin, ipa-replica-manage
* Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
- Version bump for release
* Fri Mar 14 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-5
- Run restorecon on /var/log/ipa_error.log to ensure correct selinux context
- Add (post) to ipa-server-selinux Requires
* Fri Mar 14 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-4
- Add missing man pages
- Add Conflicts for mod_ssl
* Thu Feb 26 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-3
- Add ipactl command
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-2
- package new file ipa-rewrite.conf
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> - 0.99.0-1
- Version bump for release
* Thu Feb 7 2008 Masato Taruishi <taruishi@redhat.com> = 0.6.0-9
- Internationalize the kid templates and include a Japanese translation.
* Thu Feb 6 2008 Karl MacMillan <kmacmill@redhat.com> = 0.6.0-8
- Add requirement on ipa-server-selinux
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> = 0.6.0-7
- Marked with wrong license. IPA is GPLv2.
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> = 0.6.0-6
- Ensure that the ipa_webgui error log exists and has correct permissions.
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> = 0.6.0-5
- Put user-modifiable files into /etc/ipa so they can be marked as
config(noreplace).
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> = 0.6.0-4
- Use new name of pyasn1, python-pyasn1, in Requires
* Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> = 0.6.0-3
- add session cache directory
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> = 0.6.0-2
- Fixed License in specfile
- Include files from /usr/lib/python*/site-packages/ipaserver
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
- Version bump for release
* Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1
- Preverse mode on ipa-keytab-util
- Version bump for relase and rpm name change
* Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2
- Broke invididual Requires and BuildRequires onto separate lines and
reordered them
- Added python-tgexpandingformwidget as a dependency
- Require at least fedora-ds-base 1.1
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
- Version bump for release
* Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6
- Add dep for freeipa-admintools and acl
* Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5
- Add dependency for python-krbV
* Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4
- Require mod_nss-1.0.7-2 for mod_proxy fixes
* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3
- Convert to autotools-based build
* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
- Package ipa-webgui
* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
- Added support for libipa-dna-plugin
* Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1
- Added support for ipa_kpasswd and ipa_pwd_extop
* Mon Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
- Abstracted client class to work directly or over RPC
* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
- Remove references to admin server in ipa-server-setupssl
- Generate a client certificate for the XML-RPC server to connect to LDAP with
- Create a keytab for Apache
- Create an ldif with a test user
- Provide a certmap.conf for doing SSL client authentication
* Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1
- Initial rpm version
|
