From a4d2bcde3347eb387b8094d703f02c3d24f21218 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 20 Jun 2012 14:09:55 -0400 Subject: Fix compatibility with Fedora 18. We need a Requires on openssl, the mod_rewrite syntax has changed so we can dump some unused configuration and we need a newer version of mod_auth_kerb to pick up the new location of delegated ccache. https://fedorahosted.org/freeipa/ticket/2839 --- freeipa.spec.in | 13 +++++++++++++ install/conf/ipa-rewrite.conf | 5 +---- install/tools/ipa-upgradeconfig | 23 ++++++++++++++++++++++- 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index b0f3cee99..deeb3341b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -112,7 +112,11 @@ Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp Requires: httpd Requires: mod_wsgi +%if 0%{?fedora} >= 18 +Requires: mod_auth_kerb >= 5.4-16 +%else Requires: mod_auth_kerb >= 5.4-8 +%endif Requires: mod_nss >= 1.0.8-10 Requires: python-ldap Requires: python-krbV @@ -145,10 +149,14 @@ Requires: pki-silent >= 9.0.18 Requires: pki-setup >= 9.0.18 Requires: dogtag-pki-common-theme Requires: dogtag-pki-ca-theme +%if 0%{?fedora} >= 18 +Requires: tomcat6 >= 6.0.35-4 +%else %if 0%{?fedora} >= 16 # Only tomcat6 greater than this version provides proper systemd support Requires: tomcat6 >= 6.0.32-17 %endif +%endif %if 0%{?rhel} Requires: subscription-manager %endif @@ -735,6 +743,11 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Fri Jun 29 2012 Rob Crittenden - 2.99.0-37 +- Add Requires on openssl +- Set minimum tomcat6 to 6.0.35-4 in F-18 +- Set minimum mod_auth_kerb to 5.4-16 in F-18 + * Fri Jun 21 2012 Sumit Bose - 2.99.0-36 - Add extdom extop plugin diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf index 5385f9db0..8da210d0a 100644 --- a/install/conf/ipa-rewrite.conf +++ b/install/conf/ipa-rewrite.conf @@ -1,9 +1,6 @@ -# VERSION 2 - DO NOT REMOVE THIS LINE +# VERSION 3 - DO NOT REMOVE THIS LINE RewriteEngine on -RewriteLog /var/log/httpd/rewrite.log -RewriteLogLevel 0 - # By default forward all requests to /ipa. If you don't want IPA # to be the default on your web server comment this line out. diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index bc8e6a249..248232ac6 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -125,6 +125,26 @@ def find_hostname(): raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename) +def find_autoredirect(fqdn): + """ + When upgrading ipa-rewrite.conf we need to see if the automatic redirect + was disabled during install time (or afterward). So sift through the + configuration file and see if we can determine the status. + + Returns True if autoredirect is enabled, False otherwise + """ + filename = '/etc/httpd/conf.d/ipa-rewrite.conf' + if os.path.exists(filename): + pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn + p = re.compile(pattern) + for line in fileinput.input(filename): + if p.search(line): + fileinput.close() + return True + fileinput.close() + return False + return True + def find_version(filename): """Find the version of a configuration file""" if os.path.exists(filename): @@ -386,7 +406,8 @@ def main(): check_certs() - sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } + auto_redirect = find_autoredirect(fqdn) + sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect else '#'} upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") -- cgit