From 24cc8d4f334c8b61bac09371b5f9f8919395d172 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 10 Apr 2012 21:21:08 +0200 Subject: Configure certmonger to execute restart scripts on renewal. certmonger now has the ability to execute a script when it renews a certificate. This can be used to automatically restart servers so the certificate doesn't expire in the running server. https://fedorahosted.org/freeipa/ticket/2050 --- freeipa.spec.in | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'freeipa.spec.in') diff --git a/freeipa.spec.in b/freeipa.spec.in index dc06d410..f3168830 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -117,7 +117,7 @@ Requires(pre): systemd-units Requires(post): systemd-units %endif %if 0%{?fedora} >= 17 -Requires: selinux-policy >= 3.10.0-82 +Requires: selinux-policy >= 3.10.0-110 %else %if 0%{?fedora} == 16 Requires: selinux-policy >= 3.10.0-78 @@ -214,7 +214,7 @@ Requires: xmlrpc-c %endif %endif Requires: sssd >= 1.8.0 -Requires: certmonger >= 0.26 +Requires: certmonger >= 0.53 Requires: nss-tools Requires: bind-utils Requires: oddjob-mkhomedir @@ -538,6 +538,8 @@ fi %endif %dir %{python_sitelib}/ipaserver %{python_sitelib}/ipaserver/* +%dir %{_libdir}/ipa/certmonger +%attr(755,root,root) %{_libdir}/ipa/certmonger/* %dir %{_usr}/share/ipa %{_usr}/share/ipa/wsgi.py* %{_usr}/share/ipa/*.ldif @@ -674,6 +676,11 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Tue Apr 10 2012 Rob Crittenden - 2.2.0-21 +- Set min for selinux-policy to 3.10.0-110 on F-17 to pick up certmonger + policy for restarting services. +- Set min for certmonger to 0.53 so we have the -C option to set restart + commands. * Thu Apr 5 2012 Rob Crittenden - 2.2.0-20 - Bump minimum version of slapi-nis to 0.40 -- cgit