Репозиторий Sisyphus
Последнее обновление: 21 августа 2018 | Пакетов: 18643 | Посещений: 12109603
en ru br
Репозитории ALT

Группа :: Система/Основа
Пакет: freeipa

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

%define _unpackaged_files_terminate_build 1

%define _libexecdir /usr/libexec
%define plugin_dir %_libdir/dirsrv/plugins
%define _localstatedir %_var

%define with_python3 0

# lint is not executed during rpmbuild

# %%define with_lint 1
%if 0%{?with_lint}
   %define linter_options --enable-pylint --with-jslint
%else
   %define linter_options --disable-pylint --without-jslint
%endif

%define krb5_version 1.15.2
%define python_netaddr_version 0.7.5
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
# Require 4.7.0 which brings Python 3 bindings
%define samba_version 4.7.6
%define slapi_nis_version 0.56.1
%define python_ldap_version 3.0.0

%define plugin_dir %_libdir/dirsrv/plugins
%define etc_systemd_dir %_sysconfdir/systemd/system

Name: freeipa
Version: 4.6.3
Release: alt5%ubt
Summary: The Identity, Policy and Audit system

Group: System/Base
License: GPLv3+
Url: http://www.freeipa.org/
Source0: %name-%version.tar
Source1: freeipa-server.filetrigger
Patch: %name-%version-alt.patch

BuildRequires(pre): rpm-build-ubt
BuildRequires(pre): rpm-macros-fedora-compat
BuildRequires(pre): rpm-macros-apache2
BuildRequires: /proc
BuildRequires: rpm-macros-webserver-common
BuildRequires: rpm-build-python
BuildRequires: rpm-build-python3
BuildRequires: libkrb5-devel >= %krb5_version
BuildRequires: java-1.8.0-openjdk-headless
BuildRequires: libldap-devel
BuildRequires: libsasl2-devel
BuildRequires: libsystemd-devel

BuildRequires: libxmlrpc-devel
BuildRequires: libpopt-devel
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: gettext
BuildRequires: python-dev
BuildRequires: python-module-setuptools >= 38.4.0
BuildRequires: python-module-pyparsing
BuildRequires: python-module-execnet
BuildRequires: python-module-mock
BuildRequires: python-module-appdirs
BuildRequires: python3-module-pyparsing
BuildRequires: python3-module-execnet
BuildRequires: python3-module-mock
BuildRequires: python3-module-appdirs
%if 0%{?with_python3}
BuildRequires: python3-dev
BuildRequires: python3-module-setuptools >= 38.4.0
%endif # with_python3
BuildRequires: systemd
BuildRequires: apache2-base
BuildRequires: libnspr-devel
BuildRequires: libnss-devel
BuildRequires: libssl-devel
BuildRequires: libini_config-devel
BuildRequires: libsasl2-devel
BuildRequires: 389-ds-base-devel >= 1.3.3.9
BuildRequires: libsvrcore-devel
BuildRequires: samba-devel >= 4.0.0
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libuuid-devel
BuildRequires: libsss_idmap-devel
BuildRequires: libsss_certmap-devel
BuildRequires: libsss_nss_idmap-devel >= 1.15.3
BuildRequires: rhino
BuildRequires: libverto-devel
BuildRequires: libunistring-devel
BuildRequires: python-module-lesscpy

#

# Build dependencies for makeapi/makeaci
# makeapi/makeaci is using Python 2 only for now
#
BuildRequires: python-module-ldap >= %python_ldap_version
BuildRequires: python-module-netaddr
BuildRequires: python-module-pyasn1 >= 0.3.2
BuildRequires: python-module-pyasn1-modules >= 0.1.5
BuildRequires: python-module-dns
BuildRequires: python-module-six
BuildRequires: python-module-sss_nss_idmap
BuildRequires: python-module-cffi

#TODO

# Build dependencies for wheel packaging and PyPI upload
#
#%%if 0%%{?with_wheels}
#BuildRequires:  dbus-glib-devel
#BuildRequires:  libffi-devel
#BuildRequires:  python2-tox
#BuildRequires:  python2-twine
#BuildRequires:  python2-wheel
#%%if 0%%{?with_python3}
#BuildRequires:  python3-tox
#BuildRequires:  python3-twine
#BuildRequires:  python3-wheel
#%%endif
#%%endif # with_wheels

#

# Build dependencies for lint and fastcheck
#
%if 0%{?with_lint}
BuildRequires: python-module-cryptography >= 1.6
BuildRequires: python-module-gssapi >= 1.2.2
BuildRequires: softhsm
BuildRequires: pylint >= 1.7
BuildRequires: python-module-pycodestyle
BuildRequires: python-module-polib
BuildRequires: python-module-ipa_hbac
BuildRequires: python-module-lxml
BuildRequires: python-module-qrcode >= 5.0.0
BuildRequires: python-module-dns >= 1.15
#BuildRequires:  jsl
BuildRequires: python-module-yubico
# pki Python package
BuildRequires: python-module-pki-base
BuildRequires: python-module-pytest-multihost
BuildRequires: python-module-pytest_sourceorder
# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
BuildRequires: python-module-jwcrypto >= 0.4.2
# 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
BuildRequires: python-module-custodia >= 0.5.0
BuildRequires: python-module-dbus
BuildRequires: python-module-dateutil
BuildRequires: python-module-enum34
BuildRequires: python-module-netifaces
BuildRequires: python-module-sss
BuildRequires: python-module-sss-murmur
BuildRequires: python-module-sssdconfig
BuildRequires: python-module-nose
BuildRequires: python-module-paste
BuildRequires: python-module-systemd
BuildRequires: python-module-jinja2
BuildRequires: python-module-augeas

%if 0%{?with_python3}
#BuildRequires:  python3-module-samba added smbc
BuildRequires: python3-module-smbc
# 1.6: x509.Name.rdns (https://github.com/pyca/cryptography/issues/3199)
BuildRequires: python3-module-cryptography >= 1.6
BuildRequires: python3-module-gssapi >= 1.2.2
BuildRequires: pylint-py3 >= 1.7
BuildRequires: python3-module-pycodestyle
# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
BuildRequires: python3-module-polib
BuildRequires: python3-module-ipa_hbac
BuildRequires: python3-module-memcached
BuildRequires: python3-module-lxml
BuildRequires: python3-module-qrcode >= 5.0.0
BuildRequires: python3-module-dns >= 1.15
BuildRequires: python3-module-yubico
# pki Python package
BuildRequires: python3-module-pki-base
BuildRequires: python3-module-pytest-multihost
BuildRequires: python3-module-pytest_sourceorder
# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
BuildRequires: python3-module-jwcrypto >= 0.4.2
# 0.3: sd_notify (https://pagure.io/freeipa/issue/5825)
BuildRequires: python3-module-custodia >= 0.5.0
BuildRequires: python3-module-dbus
BuildRequires: python3-module-dateutil
BuildRequires: python3-module-enum34
BuildRequires: python3-module-netifaces
BuildRequires: python3-module-sss
BuildRequires: python3-module-sss-murmur
BuildRequires: python3-module-sssdconfig
BuildRequires: python3-module-libsss_nss_idmap
BuildRequires: python3-module-nose
BuildRequires: python3-module-paste
BuildRequires: python3-module-systemd
BuildRequires: python3-module-jinja2
BuildRequires: python3-module-augeas
BuildRequires: python3-module-netaddr
BuildRequires: python3-module-pyasn1
BuildRequires: python3-module-pyasn1-modules
BuildRequires: python3-module-ldap >= %python_ldap_version
%endif # with_python3
%endif # with_lint

#

# Build dependencies for unit tests
#
BuildRequires: libcmocka-devel
# Required by ipa_kdb_tests
# BuildRequires:  %_libdir/krb5/plugins/kdb/db2.so

%description
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).

%package server
Summary: The IPA authentication server
Group: System/Base
Requires: %name-server-common = %version-%release
Requires: %name-client = %version-%release
Requires: %name-common = %version-%release
%if 0%{?with_python3}
Requires: python3-module-ipaserver = %version-%release
Requires: python3-module-ldap >= %python_ldap_version
%else
Requires: python-module-ipaserver = %version-%release
Requires: python-module-ldap >= %python_ldap_version
%endif
# 1.3.7.6-1: https://bugzilla.redhat.com/show_bug.cgi?id=1488295
Requires: 389-ds-base >= 1.3.7.0
Requires: openldap-clients > 2.4.35
Requires: libnss >= 3.14.3
Requires: nss-utils >= 3.14.3
Requires: krb5-kdc >= %krb5_version
Requires: krb5-kinit >= %krb5_version
Requires: libsasl2-plugin-gssapi
Requires: openntpd
Requires: apache2-base >= 2.4.6
%if 0%with_python3
Requires(preun): python3
Requires(postun): python3
Requires: python3-module-gssapi >= 1.2.2
Requires: apache2-mod_wsgi-python3
Conflicts: apache2-mod_wsgi
Requires: python3-module-systemd
%else
Requires(preun): python
Requires(postun): python
Requires: python-module-gssapi >= 1.2.2
Requires: python-module-systemd
Requires: apache2-mod_wsgi
#After packing apache2-mod_wsgi-python3 in ALTLinux add corresponding conflict
#Conflicts: apache2-mod_wsgi-python3
%endif
Requires: apache2-mod_auth_gssapi >= 1.6.0
# 1.0.14-3: https://bugzilla.redhat.com/show_bug.cgi?id=1431206
Requires: apache2-mod_nss >= 1.0.14-alt3
# 0.9.9: https://github.com/adelton/mod_lookup_identity/pull/3
Requires: mod_lookup_identity >= 1.0.0
Requires: acl
Requires: systemd >= 38
Requires(pre): shadow-utils
Requires: selinux-policy
Requires(post): selinux-policy-base
Requires: slapi-nis >= %slapi_nis_version
Requires: pki-ca >= 10.5.3
Requires: pki-kra >= 10.5.3
Requires: policycoreutils >= 2.1.5
Requires: tar
# certmonger-0.79.4-2 fixes newlines in PEM files
Requires(pre): certmonger >= 0.79.5
# 1.3.7.6-1: https://bugzilla.redhat.com/show_bug.cgi?id=1488295
Requires: 389-ds-base >= 1.3.7.0
Requires: fonts-font-awesome
Requires: fonts-ttf-open-sans
Requires: openssl
Requires: softhsm >= 2.0.0
Requires: libp11-kit
Requires: %etc_systemd_dir
Requires: gzip
Requires: oddjob
# 0.7.0-2: https://pagure.io/gssproxy/pull-request/172
Requires: gssproxy >= 0.7.0
# 1.15.2: FindByNameAndCertificate (https://pagure.io/SSSD/sssd/issue/3050)
Requires: sssd-dbus >= 1.15.2

# upgrade path from monolithic -server to -server + -server-dns

Obsoletes: %name-server <= 4.2.0

# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to

# member.
Conflicts: nss-ldapd < 0.8.4

%description server
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.

%package -n python-module-ipaserver
Summary: Python libraries used by IPA server
Group: System/Libraries
BuildArch: noarch
Requires: %name-server-common = %version-%release
Requires: %name-common = %version-%release
Requires: python-module-ipaclient = %version-%release
Requires: python-module-custodia >= 0.5.0
Requires: python-module-ldap >= %python_ldap_version
Requires: python-module-lxml
Requires: python-module-gssapi >= 1.2.2
Requires: python-module-sssdconfig
Requires: python-module-pyasn1 >= 0.3.2
Requires: python-module-dbus
Requires: python-module-dns >= 1.15
Requires: python-module-kdcproxy >= 0.3
Requires: librpm
Requires: python-module-pki-base
Requires: python-module-augeas

%description -n python-module-ipaserver
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.

%if 0%{?with_python3}

%package -n python3-module-ipaserver
Summary: Python libraries used by IPA server
Group: System/Libraries
BuildArch: noarch
Requires: %name-server-common = %version-%release
Requires: %name-common = %version-%release
Requires: python3-module-ipaclient = %version-%release
Requires: python3-module-custodia >= 0.5.0
Requires(pre): python3-module-ldap >= %python_ldap_version
Requires: python3-module-lxml
Requires: python3-module-gssapi >= 1.2.2
#Requires: python3-module-sssdconfig
Requires: python3-module-pyasn1 >= 0.3.2
Requires: python3-module-dbus
Requires: python3-module-dns >= 1.15
#Requires: python3-module-kdcproxy >= 0.3
Requires: python3-module-augeas
Requires: librpm
Requires: python3-module-pki-base

%description -n python3-module-ipaserver
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.

%endif  # with_python3

%package server-common
Summary: Common files used by IPA server
Group: System/Base
BuildArch: noarch
Requires: %name-client-common = %version-%release
Requires: apache2-base >= 2.4.6
Requires: systemd >= 38
Requires: custodia >= 0.5.0
Requires: fonts-font-awesome
Requires: fonts-ttf-open-sans

%description server-common
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.

%package server-dns
Summary: IPA integrated DNS server with support for automatic DNSSEC signing
Group: System/Base
BuildArch: noarch
Requires: %name-server = %version-%release
Requires: bind-dyndb-ldap >= 11.0
Requires: bind >= 9.11.0
Requires: bind-utils >= 9.11.0
Requires: opendnssec >= 1.4.6
# Keep python2 dependencies until DNSSEC daemons are ported to Python 3
Requires: python
Requires: python-module-freeipa
Requires: python-module-ipaserver

# upgrade path from monolithic -server to -server + -server-dns

Obsoletes: %name-server <= 4.2.0

%description server-dns
IPA integrated DNS server with support for automatic DNSSEC signing.
Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

%package server-trust-ad
Summary: Virtual package to install packages required for Active Directory trusts
Group: System/Base
Requires: %name-server = %version-%release
Requires: %name-common = %version-%release

Requires: samba >= %samba_version
Requires: samba-winbind
Requires: libsss_idmap

%if 0%{?with_python3}
Requires(post): python3
Requires: python3-module-samba
Requires: python3-module-sss_nss_idmap
Requires: python3-module-sss
%else
Requires(post): python
Requires: python-module-samba
Requires: python-module-sss_nss_idmap
Requires: python-module-sss
%endif  # with_python3

%description server-trust-ad
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
dependencies at once.

%package client
Summary: IPA authentication for use on clients
Group: System/Base
Requires: %name-client-common = %version-%release
Requires: %name-common = %version-%release
%if 0%{?with_python3}
Requires: python3-module-gssapi >= 1.2.2
Requires: python3-module-ipaclient = %version-%release
Requires: python3-module-ldap >= %python_ldap_version
%else
Requires: python-module-gssapi >= 1.2.2
Requires: python-module-ipaclient = %version-%release
Requires: python-module-ldap >= %python_ldap_version
%endif
Requires: libsasl2-plugin-gssapi
Requires: openntpd
Requires: ntpdate
Requires: curl
# NIS domain name config: /usr/lib/systemd/system/*-domainname.service
#Requires: initscripts
Requires: libcurl >= 7.21.7
Requires: xmlrpc-c >= 1.27.4
Requires: sssd >= 1.14.0
Requires: sssd-krb5
Requires: sssd-ipa
Requires: libsss_sudo
Requires: python-module-sssdconfig
# certmonger-0.79.4-2 fixes newlines in PEM files
Requires: certmonger >= 0.79.5
Requires: nss-utils
Requires: bind-utils
Requires: oddjob-mkhomedir
Requires: libsss_autofs
Requires: autofs
Requires: libnfsidmap
Requires: nfs-utils
Requires(post): policycoreutils

Obsoletes: %name-admintools < 4.4.1
Provides: %name-admintools = %EVR

%description client
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.
This package provides command-line tools for IPA administrators.

%package -n python-module-ipaclient
Summary: Python libraries used by IPA client
Group: System/Libraries
BuildArch: noarch
Requires: %name-client-common = %version-%release
Requires: %name-common = %version-%release
Requires: python-module-freeipa = %version-%release
Requires: python-module-dns >= 1.15
Requires: python-module-jinja2

%description -n python-module-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.

%if 0%{?with_python3}

%package -n python3-module-ipaclient
Summary: Python libraries used by IPA client
Group: System/Libraries
BuildArch: noarch
Requires: %name-client-common = %version-%release
Requires: %name-common = %version-%release
Requires: python3-module-freeipa = %version-%release
Requires: python3-module-dns >= 1.15
Requires: python3-module-jinja2

%description -n python3-module-ipaclient
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.

%endif  # with_python3

%package client-common
Summary: Common files used by IPA client
Group: System/Base
BuildArch: noarch
Requires: ca-trust

%description client-common
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.

%package -n python-module-freeipa
Summary: Python libraries used by IPA
Group: System/Libraries
BuildArch: noarch
Requires: %name-common = %version-%release
Requires: python-module-gssapi >= 1.2.2
Requires: gnupg
Requires: libkeyutils
Requires: python >= 2.7.9
Requires: python-module-cryptography >= 1.6
Requires: python-module-netaddr >= %python_netaddr_version
Requires: python-module-ipa_hbac
Requires: python-module-qrcode >= 5.0.0
Requires: python-module-pyasn1 >= 0.3.2
Requires: python-module-pyasn1-modules >= 0.1.5
Requires: python-module-dateutil
Requires: python-module-yubico >= 1.2.3
Requires: python-module-sss-murmur
Requires: python-module-dbus
Requires: python-module-setuptools
Requires: python-module-six
# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
Requires: python-module-jwcrypto >= 0.4.2
Requires: python-module-cffi
Requires: python-module-ldap >= %python_ldap_version
Requires: python-module-requests
Requires: python-module-dns >= 1.15
Requires: python-module-enum34
Requires: python-module-netifaces >= 0.10.4
Requires: python-module-pyusb
%py_provides ipaplatform

%description -n python-module-freeipa
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are using IPA, you need to install this package.

%if 0%{?with_python3}

%package -n python3-module-freeipa
Summary: Python3 libraries used by IPA
Group: System/Libraries
BuildArch: noarch
Requires: %name-common = %version-%release
Requires: python3-module-gssapi >= 1.2.2
Requires: gnupg
Requires: keyutils
Requires: python3-module-cryptography >= 1.6
Requires: python3-module-netaddr >= %python_netaddr_version
#Requires: python3-module-ipa_hbac
Requires: python3-module-qrcode >= 5.0.0
Requires: python3-module-pyasn1 >= 0.3.2
Requires: python3-module-pyasn1-modules >= 0.1.5
Requires: python3-module-dateutil
# fixes searching for yubikeys in python3
#Requires: python3-module-yubico >= 1.3.2-7
Requires: python3-module-sss-murmur
Requires: python3-module-dbus
Requires: python3-module-setuptools
Requires: python3-module-six
# 0.4.2: Py3 fix https://bugzilla.redhat.com/show_bug.cgi?id=1476150
Requires: python3-module-jwcrypto >= 0.4.2
Requires: python3-module-cffi
# we need pre-requires since earlier versions may break upgrade
Requires: python3-module-ldap >= %python_ldap_version
Requires: python3-module-requests
Requires: python3-module-dns >= 1.15
Requires: python3-module-netifaces >= 0.10.4
#Requires: python3-module-pyusb

%description -n python3-module-freeipa
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are using IPA with Python 3, you need to install this package.

%endif # with_python3

%package common
Summary: Common files used by IPA
Group: System/Libraries
BuildArch: noarch

%description common
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are using IPA, you need to install this package.

%package -n python-module-ipatests
Summary: IPA tests and test tools
Group: System/Base
BuildArch: noarch
Obsoletes: %name-tests <= 4.4.4
Provides: %name-tests = %EVR
Requires: python-module-ipaclient = %version-%release
Requires: python-module-ipaserver = %version-%release
Requires: tar
Requires: xz
Requires: python-module-nose
Requires: pytest >= 2.6
Requires: python-module-paste
Requires: python-module-coverage
# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1096506
Requires: python-module-polib
#Requires: python-pytest-multihost >= 0.5
Requires: python-module-pytest-multihost
Requires: python-module-pytest_sourceorder
#Requires: ldns-utils
Requires: python-module-sssdconfig
Requires: python-module-cryptography >= 1.6
Requires: iptables

%description -n python-module-ipatests
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
This package contains tests that verify IPA functionality.

%if 0%{?with_python3}

%package -n python3-module-ipatests
Summary: IPA tests and test tools
Group: System/Base
BuildArch: noarch
Requires: python3-module-ipaclient = %version-%release
Requires: python3-module-ipaserver = %version-%release
Requires: tar
Requires: xz
Requires: python3-module-nose
Requires: python3-module-pytest >= 2.6
Requires: python3-module-coverage
Requires: python3-module-polib
Requires: python3-module-pytest-multihost >= 0.5
#Requires: python3-module-pytest_sourceorder
#Requires: ldns-utils
Requires: python3-module-sssdconfig
Requires: python3-module-cryptography >= 1.6
Requires: iptables

%description -n python3-module-ipatests
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
This package contains tests that verify IPA functionality under Python 3.

%endif # with_python3

%prep
%setup -n %name-%version
%patch -p1
%if 0%{?with_python3}
# Workaround: We want to build Python things twice. To be sure we do not mess
# up something, do two separate builds in separate directories.
cp -r %_builddir/freeipa-%version %_builddir/freeipa-%version-python3
%endif # with_python3

%build
# UI compilation segfaulted on some arches when the stack was lower (#1040576)
export JAVA_STACK_SIZE="8m"
# PATH is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1005235
export PYTHON=%_bindir/python
# Workaround: make sure all shebangs are pointing to Python 2
# This should be solved properly using setuptools
# and this hack should be removed.
find \
! -name '*.pyc' -a \
! -name '*.pyo' -a \
-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%_bindir/python|' {} \;

%if 0%{?with_python3}
# TODO: temporary solution until all scripts are ported to python3,
# TODO: workaround: some scripts are copied over, so the are always py2.
# We have to explicitly set python3 here for ported files here
PY3_SUBST_PATHS='
client/ipa-certupdate
client/ipa-client-automount
client/ipa-client-install
daemons/ipa-otpd/test.py
install/certmonger/ipa-server-guard
install/certmonger/dogtag-ipa-ca-renew-agent-submit
install/oddjob/com.redhat.idm.trust-fetch-domains
install/restart_scripts/renew_ra_cert_pre
install/restart_scripts/renew_ca_cert
install/restart_scripts/renew_ra_cert
install/restart_scripts/restart_httpd
install/restart_scripts/renew_kdc_cert
install/restart_scripts/stop_pkicad
install/restart_scripts/restart_dirsrv
install/tools/ipa-advise
install/tools/ipa-adtrust-install
install/tools/ipa-backup
install/tools/ipa-ca-install
install/tools/ipa-cacert-manage
install/tools/ipa-compat-manage
install/tools/ipa-csreplica-manage
install/tools/ipa-custodia
install/tools/ipa-custodia-check
install/tools/ipa-dns-install
install/tools/ipa-httpd-kdcproxy
install/tools/ipa-kra-install
install/tools/ipa-ldap-updater
install/tools/ipa-managed-entries
install/tools/ipa-nis-manage
install/tools/ipa-otptoken-import
install/tools/ipa-pkinit-manage
install/tools/ipa-pki-retrieve-key
install/tools/ipa-replica-conncheck
install/tools/ipa-replica-install
install/tools/ipa-replica-manage
install/tools/ipa-replica-prepare
install/tools/ipa-restore
install/tools/ipa-server-certinstall
install/tools/ipa-server-install
install/tools/ipa-server-upgrade
install/tools/ipa-winsync-migrate
install/tools/ipactl
ipa
'
for P in $PY3_SUBST_PATHS; do
   sed -i -e '1 s|^#!\s\?.*\bpython[0-9]*|#!%_bindir/python3|' $P
done;

%endif # with_python3
%autoreconf
%configure --with-vendor-suffix=-%release \
          --enable-server \
          --with-ipatests \
  --with-ipaplatform=altlinux \
  IPA_VERSION_IS_GIT_SNAPSHOT=no \
          %linter_options

%make_build

%if 0%{?with_python3}
pushd %_builddir/freeipa-%version-python3
export PYTHON=%_bindir/python3
# Workaround: make sure all shebangs are pointing to Python 3
# This should be solved properly using setuptools
# and this hack should be removed.
find \
! -name '*.pyc' -a \
! -name '*.pyo' -a \
-type f -exec grep -qsm1 '^#!.*\bpython' {} \; \
-exec sed -i -e '1 s|^#!.*\bpython[^ ]*|#!%_bindir/python3|' {} \;
%autoreconf
%configure --with-vendor-suffix=-%release \
          --enable-server \
          --with-ipatests \
  --with-ipaplatform=altlinux \
  IPA_VERSION_IS_GIT_SNAPSHOT=no \
          %linter_options
popd
%endif # with_python3

%install
# Please put as much logic as possible into make install. It allows:
# - easier porting to other distributions
# - rapid devel & install cycle using make install
#   (instead of full RPM build and installation each time)
#
# All files and directories created by spec install should be marked as ghost.
# (These are typically configuration files created by IPA installer.)
# All other artifacts should be created by make install.
#
# Exception to this rule are test programs which where want to install
# Python2/3 versions at the same time so we need to rename them. Yuck.

%if 0%{?with_python3}
# Python 3 installation needs to be done first. Subsequent Python 2 install
# will overwrite /usr/bin/ipa and other scripts with variants using
# python2 shebang.
pushd %_builddir/freeipa-%version-python3
(cd ipaclient && %makeinstall_std)
(cd ipalib && %makeinstall_std)
(cd ipaplatform && %makeinstall_std)
(cd ipapython && %makeinstall_std)
(cd ipaserver && %makeinstall_std)
(cd ipatests && %makeinstall_std)
popd

mv %buildroot%_bindir/ipa-run-tests %buildroot%_bindir/ipa-run-tests-%_python3_version
mv %buildroot%_bindir/ipa-test-config %buildroot%_bindir/ipa-test-config-%_python3_version
mv %buildroot%_bindir/ipa-test-task %buildroot%_bindir/ipa-test-task-%_python3_version
ln -s %_bindir/ipa-run-tests-%_python3_version %buildroot%_bindir/ipa-run-tests-3
ln -s %_bindir/ipa-test-config-%_python3_version %buildroot%_bindir/ipa-test-config-3
ln -s %_bindir/ipa-test-task-%_python3_version %buildroot%_bindir/ipa-test-task-3

%endif # with_python3

# Python 2 installation

%makeinstall_std

mv %buildroot%_bindir/ipa-run-tests %buildroot%_bindir/ipa-run-tests-%_python_version
mv %buildroot%_bindir/ipa-test-config %buildroot%_bindir/ipa-test-config-%_python_version
mv %buildroot%_bindir/ipa-test-task %buildroot%_bindir/ipa-test-task-%_python_version
ln -s %_bindir/ipa-run-tests-%_python_version %buildroot%_bindir/ipa-run-tests-2
ln -s %_bindir/ipa-test-config-%_python_version %buildroot%_bindir/ipa-test-config-2
ln -s %_bindir/ipa-test-task-%_python_version %buildroot%_bindir/ipa-test-task-2

# Decide which Python (2 or 3) should be used as default for tests

%if 0%{?with_python3}
# Building with python3 => make it default for tests
ln -s %_bindir/ipa-run-tests-%_python3_version %buildroot%_bindir/ipa-run-tests
ln -s %_bindir/ipa-test-config-%_python3_version %buildroot%_bindir/ipa-test-config
ln -s %_bindir/ipa-test-task-%_python3_version %buildroot%_bindir/ipa-test-task
%else
# Building python2 only => make it default for tests
ln -s %_bindir/ipa-run-tests-%_python_version %buildroot%_bindir/ipa-run-tests
ln -s %_bindir/ipa-test-config-%_python_version %buildroot%_bindir/ipa-test-config
ln -s %_bindir/ipa-test-task-%_python_version %buildroot%_bindir/ipa-test-task
%endif # with_python3

# remove files which are useful only for make uninstall

find %buildroot -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;

%find_lang ipa

# Remove .la files from libtool - we don't want to package

# these files
rm %buildroot/%plugin_dir/libipa_pwd_extop.la
rm %buildroot/%plugin_dir/libipa_enrollment_extop.la
rm %buildroot/%plugin_dir/libipa_winsync.la
rm %buildroot/%plugin_dir/libipa_repl_version.la
rm %buildroot/%plugin_dir/libipa_uuid.la
rm %buildroot/%plugin_dir/libipa_modrdn.la
rm %buildroot/%plugin_dir/libipa_lockout.la
rm %buildroot/%plugin_dir/libipa_cldap.la
rm %buildroot/%plugin_dir/libipa_dns.la
rm %buildroot/%plugin_dir/libipa_sidgen.la
rm %buildroot/%plugin_dir/libipa_sidgen_task.la
rm %buildroot/%plugin_dir/libipa_extdom_extop.la
rm %buildroot/%plugin_dir/libipa_range_check.la
rm %buildroot/%plugin_dir/libipa_otp_counter.la
rm %buildroot/%plugin_dir/libipa_otp_lasttoken.la
rm %buildroot/%plugin_dir/libtopology.la
rm %buildroot/%_libdir/krb5/plugins/kdb/ipadb.la
rm %buildroot/%_libdir/samba/pdb/ipasam.la

# So we can own our Apache configuration

mkdir -p %buildroot%apache2_confdir/{sites-available,extra-available,extra-enabled}
/bin/touch %buildroot%apache2_sites_available/ipa.conf
/bin/touch %buildroot%apache2_extra_enabled/ipa-kdc-proxy.conf
/bin/touch %buildroot%apache2_extra_enabled/ipa-pki-proxy.conf
/bin/touch %buildroot%apache2_extra_enabled/ipa-rewrite.conf
/bin/touch %buildroot%_datadir/ipa/html/ca.crt
/bin/touch %buildroot%_datadir/ipa/html/krb.con
/bin/touch %buildroot%_datadir/ipa/html/krb5.ini
/bin/touch %buildroot%_datadir/ipa/html/krbrealm.con

#mkdir -p %%buildroot%%_libdir/krb5/plugins/libkrb5

#touch %%buildroot%%_libdir/krb5/plugins/libkrb5/winbind_krb5_locator.so

/bin/touch %buildroot%_sysconfdir/ipa/default.conf
/bin/touch %buildroot%_sysconfdir/ipa/ca.crt

mkdir -p %buildroot%etc_systemd_dir/httpd2.service.d
touch %buildroot%etc_systemd_dir/httpd2.service.d/ipa.conf

mkdir -p %buildroot%_sysconfdir/cron.d

mkdir -p %buildroot%_sharedstatedir/kdcproxy
mkdir -p %buildroot%_sharedstatedir/ipa/backup
mkdir -p %buildroot%_sharedstatedir/ipa/gssproxy
mkdir -p %buildroot%_sharedstatedir/ipa/sysrestore
mkdir -p %buildroot%_sharedstatedir/ipa/sysupgrade
mkdir -p %buildroot%_sharedstatedir/ipa/pki-ca
mkdir -p %buildroot%_sharedstatedir/bind/zone/dyndb-ldap
mkdir -p %buildroot%_sharedstatedir/bind/data
mkdir -p %buildroot%_sharedstatedir/bind/dynamic
touch %buildroot%_sharedstatedir/bind/zone/dyndb-ldap/ipa
touch %buildroot%_sharedstatedir/ipa/pki-ca/publish
touch %buildroot%_sysconfdir/ipa/kdcproxy/ipa-kdc-proxy.conf

# NSS

# old dbm format
touch %buildroot%_sysconfdir/ipa/nssdb/cert8.db
touch %buildroot%_sysconfdir/ipa/nssdb/key3.db
touch %buildroot%_sysconfdir/ipa/nssdb/secmod.db
touch %buildroot%_sysconfdir/ipa/nssdb/pwdfile.txt
# new sql format
touch %buildroot%_sysconfdir/ipa/nssdb/cert9.db
touch %buildroot%_sysconfdir/ipa/nssdb/key4.db
touch %buildroot%_sysconfdir/ipa/nssdb/pkcs11.txt

mkdir -p %buildroot%_sysconfdir/pki/ca-trust/source
touch %buildroot%_sysconfdir/pki/ca-trust/source/ipa.p11-kit

mkdir -p %buildroot%_sharedstatedir/ipa-client
mkdir -p %buildroot%_sharedstatedir/ipa-client/pki
mkdir -p %buildroot%_sharedstatedir/ipa-client/sysrestore

mkdir -p %buildroot%_runtimedir
install -d -m 0700 %buildroot%_runtimedir/ipa
install -d -m 0700 %buildroot%_runtimedir/ipa/ccaches

# install filetrigger

mkdir -p %buildroot%_rpmlibdir
install -D -p -m 0755 %SOURCE1 %buildroot%_rpmlibdir/freeipa-server.filetrigger

%check
%make %{?_smp_mflags} check VERBOSE=yes LIBDIR=%_libdir

%post server
# NOTE: systemd specific section
   /bin/systemctl --system daemon-reload 2>&1 ||:
# END
if [ $1 -gt 1 ] ; then
   /bin/systemctl condrestart certmonger.service 2>&1 ||:
fi
/bin/systemctl reload-or-try-restart dbus ||:
/bin/systemctl reload-or-try-restart oddjobd ||:

%tmpfiles_create ipa.conf

%preun server
if [ $1 = 0 ]; then
# NOTE: systemd specific section
   /bin/systemctl --quiet stop ipa.service ||:
   /bin/systemctl --quiet disable ipa.service ||:
   /bin/systemctl reload-or-try-restart dbus ||:
   /bin/systemctl reload-or-try-restart oddjobd ||:
# END
fi

%triggerpostun server-common -- freeipa-server-common <= 4.6.1
if /usr/bin/python -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1; then
       a2dismod ipa-nss >/dev/null 2>&1 ||:

       if systemctl is-enabled httpd2.service >/dev/null 2>&1; then
               systemctl try-restart httpd2.service >/dev/null 2>&1 ||:
       fi
fi

%pre server
# Stop ipa_kpasswd if it exists before upgrading so we don't have a
# zombie process when we're done.
if [ -e /usr/sbin/ipa_kpasswd ]; then
# NOTE: systemd specific section
   /bin/systemctl stop ipa_kpasswd.service >/dev/null 2>&1 ||:
# END
fi

# create users and groups

# create kdcproxy group and user
getent group kdcproxy >/dev/null || groupadd -f -r kdcproxy ||:
getent passwd kdcproxy >/dev/null || useradd -r -g kdcproxy -s /sbin/nologin -d / -c "IPA KDC Proxy User" kdcproxy ||:
# create ipaapi group and user
getent group ipaapi >/dev/null || groupadd -f -r ipaapi ||:
getent passwd ipaapi >/dev/null || useradd -r -g ipaapi -s /sbin/nologin -d / -c "IPA Framework User" ipaapi ||:
# add apache to ipaaapi group
id -Gn apache2 | grep '\bipaapi\b' >/dev/null || usermod apache2 -a -G ipaapi ||:

%post client
if [ $1 -gt 1 ] ; then
   # Has the client been configured?
   restore=0
   test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}') ||:

   if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
       if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf  2>/dev/null ; then
           echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
           cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
           mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
       fi
   fi

   if [ $restore -ge 2 ]; then
       if grep -E -q '\s*pkinit_anchors = FILE:/etc/ipa/ca.crt$' /etc/krb5.conf 2>/dev/null; then
           sed -E 's|(\s*)pkinit_anchors = FILE:/etc/ipa/ca.crt$|\1pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem\n\1pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem|' /etc/krb5.conf >/etc/krb5.conf.ipanew
           mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
           cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/kdc-ca-bundle.pem
           cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/ca-bundle.pem
       fi
   fi

   if [ $restore -ge 2 ]; then
       python2 -c 'from ipaclient.install.client import update_ipa_nssdb; update_ipa_nssdb()' >/var/log/ipaupgrade.log 2>&1
   fi
fi

%triggerin client -- openssh-server
# Has the client been configured?
restore=0
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}') ||:

if [ -f '/etc/openssh/sshd_config' -a $restore -ge 2 ]; then
   if grep -E -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %%u)$' /etc/openssh/sshd_config 2>/dev/null; then
       sed -r '
           /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
       ' /etc/openssh/sshd_config >/etc/openssh/sshd_config.ipanew

       if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody' 2>/dev/null; then
           sed -ri '
               s/^PubKeyAgent (.+) %%u$/AuthorizedKeysCommand \1/
               s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
           ' /etc/openssh/sshd_config.ipanew
       elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody' 2>/dev/null; then
           sed -ri '
               s/^PubKeyAgent (.+) %%u$/AuthorizedKeysCommand \1/
               s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
           ' /etc/openssh/sshd_config.ipanew
       elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %%u' -o 'PubKeyAgentRunAs=nobody' 2>/dev/null; then
           sed -ri '
               s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %%u/
               s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
           ' /etc/openssh/sshd_config.ipanew
       fi

       mv -Z /etc/openssh/sshd_config.ipanew /etc/openssh/sshd_config
       chmod 600 /etc/openssh/sshd_config

       /bin/systemctl condrestart sshd.service 2>&1 ||:
   fi
fi

%files server
%doc COPYING README.md Contributors.txt
%_sbindir/ipa-backup
%_sbindir/ipa-restore
%_sbindir/ipa-ca-install
%_sbindir/ipa-kra-install
%_sbindir/ipa-server-install
%_sbindir/ipa-replica-conncheck
%_sbindir/ipa-replica-install
%_sbindir/ipa-replica-prepare
%_sbindir/ipa-replica-manage
%_sbindir/ipa-csreplica-manage
%_sbindir/ipa-server-certinstall
%_sbindir/ipa-server-upgrade
%_sbindir/ipa-ldap-updater
%_sbindir/ipa-otptoken-import
%_sbindir/ipa-compat-manage
%_sbindir/ipa-nis-manage
%_sbindir/ipa-managed-entries
%_sbindir/ipactl
%_sbindir/ipa-advise
%_sbindir/ipa-cacert-manage
%_sbindir/ipa-winsync-migrate
%_sbindir/ipa-pkinit-manage
%_libexecdir/certmonger/dogtag-ipa-ca-renew-agent-submit
%_libexecdir/certmonger/ipa-server-guard
%dir %_libexecdir/ipa
%_libexecdir/ipa/ipa-custodia
%_libexecdir/ipa/ipa-custodia-check
%_libexecdir/ipa/ipa-dnskeysyncd
%_libexecdir/ipa/ipa-dnskeysync-replica
%_libexecdir/ipa/ipa-ods-exporter
%_libexecdir/ipa/ipa-httpd-kdcproxy
%_libexecdir/ipa/ipa-pki-retrieve-key
%_libexecdir/ipa/ipa-otpd
%dir %_libexecdir/ipa/oddjob
%attr(0755,root,root) %_libexecdir/ipa/oddjob/org.freeipa.server.conncheck
%config(noreplace) %_sysconfdir/dbus-1/system.d/org.freeipa.server.conf
%config(noreplace) %_sysconfdir/oddjobd.conf.d/ipa-server.conf
%dir %_libexecdir/ipa/certmonger
%attr(755,root,root) %_libexecdir/ipa/certmonger/*
# NOTE: systemd specific section
%attr(644,root,root) %_unitdir/ipa.service
%attr(644,root,root) %_unitdir/ipa-otpd.socket
%attr(644,root,root) %_unitdir/ipa-otpd at .service
%attr(644,root,root) %_unitdir/ipa-dnskeysyncd.service
%attr(644,root,root) %_unitdir/ipa-ods-exporter.socket
%attr(644,root,root) %_unitdir/ipa-ods-exporter.service
# END
%attr(755,root,root) %plugin_dir/libipa_pwd_extop.so
%attr(755,root,root) %plugin_dir/libipa_enrollment_extop.so
%attr(755,root,root) %plugin_dir/libipa_winsync.so
%attr(755,root,root) %plugin_dir/libipa_repl_version.so
%attr(755,root,root) %plugin_dir/libipa_uuid.so
%attr(755,root,root) %plugin_dir/libipa_modrdn.so
%attr(755,root,root) %plugin_dir/libipa_lockout.so
%attr(755,root,root) %plugin_dir/libipa_cldap.so
%attr(755,root,root) %plugin_dir/libipa_dns.so
%attr(755,root,root) %plugin_dir/libipa_range_check.so
%attr(755,root,root) %plugin_dir/libipa_otp_counter.so
%attr(755,root,root) %plugin_dir/libipa_otp_lasttoken.so
%attr(755,root,root) %plugin_dir/libtopology.so
%attr(755,root,root) %plugin_dir/libipa_sidgen.so
%attr(755,root,root) %plugin_dir/libipa_sidgen_task.so
%attr(755,root,root) %plugin_dir/libipa_extdom_extop.so
%attr(755,root,root) %_libdir/krb5/plugins/kdb/ipadb.so
%_mandir/man1/ipa-replica-conncheck.1*
%_mandir/man1/ipa-replica-install.1*
%_mandir/man1/ipa-replica-manage.1*
%_mandir/man1/ipa-csreplica-manage.1*
%_mandir/man1/ipa-replica-prepare.1*
%_mandir/man1/ipa-server-certinstall.1*
%_mandir/man1/ipa-server-install.1*
%_mandir/man1/ipa-server-upgrade.1*
%_mandir/man1/ipa-ca-install.1*
%_mandir/man1/ipa-kra-install.1*
%_mandir/man1/ipa-compat-manage.1*
%_mandir/man1/ipa-nis-manage.1*
%_mandir/man1/ipa-managed-entries.1*
%_mandir/man1/ipa-ldap-updater.1*
%_mandir/man8/ipactl.8*
%_mandir/man1/ipa-backup.1*
%_mandir/man1/ipa-restore.1*
%_mandir/man1/ipa-advise.1*
%_mandir/man1/ipa-otptoken-import.1*
%_mandir/man1/ipa-cacert-manage.1*
%_mandir/man1/ipa-winsync-migrate.1*
%_mandir/man1/ipa-pkinit-manage.1*

%_rpmlibdir/freeipa-server.filetrigger

%files -n python-module-ipaserver
%doc COPYING README.md Contributors.txt
%python_sitelibdir_noarch/ipaserver
%python_sitelibdir_noarch/ipaserver-*.egg-info

%if 0%{?with_python3}

%files -n python3-module-ipaserver
%doc COPYING README.md Contributors.txt
%python3_sitelibdir_noarch/ipaserver
%python3_sitelibdir_noarch/ipaserver-*.egg-info

%endif # with_python3

%files server-common
%doc COPYING README.md Contributors.txt
%dir %attr(0700,root,root) %_runtimedir/ipa
%dir %attr(0700,root,root) %_runtimedir/ipa/ccaches
%ghost %verify(not user group) %dir %_sharedstatedir/kdcproxy
%dir %attr(0755,root,root) %_sysconfdir/ipa/kdcproxy
%config(noreplace) %_sysconfdir/sysconfig/ipa-dnskeysyncd
%config(noreplace) %_sysconfdir/sysconfig/ipa-ods-exporter
%config(noreplace) %_sysconfdir/ipa/kdcproxy/kdcproxy.conf
# NOTE: systemd specific section
%_tmpfilesdir/ipa.conf
%attr(644,root,root) %_unitdir/ipa-custodia.service
%ghost %attr(644,root,root) %etc_systemd_dir/httpd2.service.d/ipa.conf
# END
%dir %_datadir/ipa
%_datadir/ipa/wsgi.py*
%_datadir/ipa/kdcproxy.wsgi
%_datadir/ipa/*.ldif
%_datadir/ipa/*.uldif
%_datadir/ipa/*.template
%dir %_datadir/ipa/advise
%dir %_datadir/ipa/advise/legacy
%_datadir/ipa/advise/legacy/*.template
%dir %_datadir/ipa/profiles
%_datadir/ipa/profiles/README
%_datadir/ipa/profiles/*.cfg
%dir %_datadir/ipa/html
%_datadir/ipa/html/ssbrowser.html
%_datadir/ipa/html/unauthorized.html
%dir %_datadir/ipa/migration
%_datadir/ipa/migration/error.html
%_datadir/ipa/migration/index.html
%_datadir/ipa/migration/invalid.html
%_datadir/ipa/migration/migration.py*
%dir %_datadir/ipa/ui
%_datadir/ipa/ui/index.html
%_datadir/ipa/ui/reset_password.html
%_datadir/ipa/ui/sync_otp.html
%_datadir/ipa/ui/*.ico
%_datadir/ipa/ui/*.css
%_datadir/ipa/ui/*.js
%dir %_datadir/ipa/ui/css
%_datadir/ipa/ui/css/*.css
%dir %_datadir/ipa/ui/js
%dir %_datadir/ipa/ui/js/dojo
%_datadir/ipa/ui/js/dojo/dojo.js
%dir %_datadir/ipa/ui/js/libs
%_datadir/ipa/ui/js/libs/*.js
%dir %_datadir/ipa/ui/js/freeipa
%_datadir/ipa/ui/js/freeipa/app.js
%_datadir/ipa/ui/js/freeipa/core.js
%dir %_datadir/ipa/ui/js/plugins
%dir %_datadir/ipa/ui/images
%_datadir/ipa/ui/images/*.jpg
%_datadir/ipa/ui/images/*.png
%dir %_datadir/ipa/wsgi
%_datadir/ipa/wsgi/plugins.py*
%dir %_sysconfdir/ipa
%dir %_sysconfdir/ipa/html
%config(noreplace) %_sysconfdir/ipa/html/ssbrowser.html
%config(noreplace) %_sysconfdir/ipa/html/unauthorized.html
%ghost %attr(0644,root,apache2) %config(noreplace) %apache2_sites_available/ipa.conf
%ghost %attr(0644,root,apache2) %config(noreplace) %apache2_extra_enabled/ipa-rewrite.conf
%ghost %attr(0644,root,apache2) %config(noreplace) %apache2_extra_enabled/ipa-kdc-proxy.conf
%ghost %attr(0644,root,apache2) %config(noreplace) %apache2_extra_enabled/ipa-pki-proxy.conf
%ghost %attr(0644,root,apache2) %config(noreplace) %_sysconfdir/ipa/kdcproxy/ipa-kdc-proxy.conf
%dir %attr(0755,root,root) %_sysconfdir/ipa/dnssec
%_datadir/ipa/ipa.conf
%_datadir/ipa/ipa-rewrite.conf
%_datadir/ipa/ipa-pki-proxy.conf
%ghost %attr(0644,root,apache2) %config(noreplace) %_datadir/ipa/html/ca.crt
%ghost %attr(0644,root,apache2) %_datadir/ipa/html/krb.con
%ghost %attr(0644,root,apache2) %_datadir/ipa/html/krb5.ini
%ghost %attr(0644,root,apache2) %_datadir/ipa/html/krbrealm.con
%dir %_datadir/ipa/updates/
%_datadir/ipa/updates/*
%dir %_sharedstatedir/ipa
%attr(700,root,root) %dir %_sharedstatedir/ipa/backup
%attr(700,root,root) %dir %_sharedstatedir/ipa/gssproxy
%attr(711,root,root) %dir %_sharedstatedir/ipa/sysrestore
%attr(700,root,root) %dir %_sharedstatedir/ipa/sysupgrade
%attr(755,root,root) %dir %_sharedstatedir/ipa/pki-ca
%attr(770,root,named) %dir %_sharedstatedir/bind/data
%attr(770,root,named) %dir %_sharedstatedir/bind/dynamic
%ghost %_sharedstatedir/ipa/pki-ca/publish
%ghost %_sharedstatedir/bind/zone/dyndb-ldap/ipa

%dir %attr(0700,root,root) %_sysconfdir/ipa/custodia
%dir %_datadir/ipa/schema.d
%attr(0644,root,root) %_datadir/ipa/schema.d/README
%attr(0644,root,root) %_datadir/ipa/gssapi.login
%_datadir/ipa/ipakrb5.aug

%files server-dns
%doc COPYING README.md Contributors.txt
%_sbindir/ipa-dns-install
%_mandir/man1/ipa-dns-install.1*

%files server-trust-ad
%doc COPYING README.md Contributors.txt
%_sbindir/ipa-adtrust-install
%_datadir/ipa/smb.conf.empty
%attr(755,root,root) %_libdir/samba/pdb/ipasam.so
%_mandir/man1/ipa-adtrust-install.1*
%_sysconfdir/dbus-1/system.d/oddjob-ipa-trust.conf
%_sysconfdir/oddjobd.conf.d/oddjobd-ipa-trust.conf
%%attr(755,root,root) %_libexecdir/ipa/oddjob/com.redhat.idm.trust-fetch-domains

%files client
%doc COPYING README.md Contributors.txt
%_sbindir/ipa-client-install
%_sbindir/ipa-client-automount
%_sbindir/ipa-certupdate
%_sbindir/ipa-getkeytab
%_sbindir/ipa-rmkeytab
%_sbindir/ipa-join
%_bindir/ipa
%config %_sysconfdir/bash_completion.d
%_mandir/man1/ipa.1*
%_mandir/man1/ipa-getkeytab.1*
%_mandir/man1/ipa-rmkeytab.1*
%_mandir/man1/ipa-client-install.1*
%_mandir/man1/ipa-client-automount.1*
%_mandir/man1/ipa-certupdate.1*
%_mandir/man1/ipa-join.1*

%files -n python-module-ipaclient
%doc COPYING README.md Contributors.txt
%dir %python_sitelibdir_noarch/ipaclient
%python_sitelibdir_noarch/ipaclient/*.py*
%dir %python_sitelibdir_noarch/ipaclient/install
%python_sitelibdir_noarch/ipaclient/install/*.py*
%dir %python_sitelibdir_noarch/ipaclient/plugins
%python_sitelibdir_noarch/ipaclient/plugins/*.py*
%dir %python_sitelibdir_noarch/ipaclient/remote_plugins
%python_sitelibdir_noarch/ipaclient/remote_plugins/*.py*
%dir %python_sitelibdir_noarch/ipaclient/remote_plugins/2_*
%python_sitelibdir_noarch/ipaclient/remote_plugins/2_*/*.py*
%dir %python_sitelibdir_noarch/ipaclient/csrgen
%dir %python_sitelibdir_noarch/ipaclient/csrgen/profiles
%python_sitelibdir_noarch/ipaclient/csrgen/profiles/*.json
%dir %python_sitelibdir_noarch/ipaclient/csrgen/rules
%python_sitelibdir_noarch/ipaclient/csrgen/rules/*.json
%dir %python_sitelibdir_noarch/ipaclient/csrgen/templates
%python_sitelibdir_noarch/ipaclient/csrgen/templates/*.tmpl
%python_sitelibdir_noarch/ipaclient-*.egg-info

%if 0%{?with_python3}

%files -n python3-module-ipaclient
%doc COPYING README.md Contributors.txt
%dir %python3_sitelibdir_noarch/ipaclient
%python3_sitelibdir_noarch/ipaclient/*.py
%python3_sitelibdir_noarch/ipaclient/__pycache__/*.py*
%dir %python3_sitelibdir_noarch/ipaclient/install
%python3_sitelibdir_noarch/ipaclient/install/*.py
%python3_sitelibdir_noarch/ipaclient/install/__pycache__/*.py*
%dir %python3_sitelibdir_noarch/ipaclient/plugins
%python3_sitelibdir_noarch/ipaclient/plugins/*.py
%python3_sitelibdir_noarch/ipaclient/plugins/__pycache__/*.py*
%dir %python3_sitelibdir_noarch/ipaclient/remote_plugins
%python3_sitelibdir_noarch/ipaclient/remote_plugins/*.py
%python3_sitelibdir_noarch/ipaclient/remote_plugins/__pycache__/*.py*
%dir %python3_sitelibdir_noarch/ipaclient/remote_plugins/2_*
%python3_sitelibdir_noarch/ipaclient/remote_plugins/2_*/*.py
%python3_sitelibdir_noarch/ipaclient/remote_plugins/2_*/__pycache__/*.py*
%dir %python3_sitelibdir_noarch/ipaclient/csrgen
%dir %python3_sitelibdir_noarch/ipaclient/csrgen/profiles
%python3_sitelibdir_noarch/ipaclient/csrgen/profiles/*.json
%dir %python3_sitelibdir_noarch/ipaclient/csrgen/rules
%python3_sitelibdir_noarch/ipaclient/csrgen/rules/*.json
%dir %python3_sitelibdir_noarch/ipaclient/csrgen/templates
%python3_sitelibdir_noarch/ipaclient/csrgen/templates/*.tmpl
%python3_sitelibdir_noarch/ipaclient-*.egg-info

%endif # with_python3

%files client-common
%doc COPYING README.md Contributors.txt
%dir %attr(0755,root,root) %_sysconfdir/ipa/
%ghost %attr(0644,root,apache2) %config(noreplace) %_sysconfdir/ipa/default.conf
%ghost %attr(0644,root,apache2) %config(noreplace) %_sysconfdir/ipa/ca.crt
%dir %attr(0755,root,root) %_sysconfdir/ipa/nssdb
# old dbm format
%ghost %config(noreplace) %_sysconfdir/ipa/nssdb/cert8.db
%ghost %config(noreplace) %_sysconfdir/ipa/nssdb/key3.db
%ghost %config(noreplace) %_sysconfdir/ipa/nssdb/secmod.db
# new sql format
%ghost %config(noreplace) %_sysconfdir/ipa/nssdb/cert9.db
%ghost %config(noreplace) %_sysconfdir/ipa/nssdb/key4.db
%ghost %config(noreplace) %_sysconfdir/ipa/nssdb/pkcs11.txt
%ghost %config(noreplace) %_sysconfdir/ipa/nssdb/pwdfile.txt
%ghost %config(noreplace) %_sysconfdir/pki/ca-trust/source/ipa.p11-kit
%dir %_sharedstatedir/ipa-client
%dir %_sharedstatedir/ipa-client/pki
%dir %_sharedstatedir/ipa-client/sysrestore
%_mandir/man5/default.conf.5*

%files -n python-module-freeipa
%doc COPYING README.md Contributors.txt
%dir %python_sitelibdir_noarch/ipapython
%python_sitelibdir_noarch/ipapython/*.py*
%dir %python_sitelibdir_noarch/ipapython/install
%python_sitelibdir_noarch/ipapython/install/*.py*
%dir %python_sitelibdir_noarch/ipalib
%python_sitelibdir_noarch/ipalib/*.py*
%dir %python_sitelibdir_noarch/ipalib/install
%python_sitelibdir_noarch/ipalib/install/*.py*
%dir %python_sitelibdir_noarch/ipaplatform
%python_sitelibdir_noarch/ipaplatform/*
%python_sitelibdir_noarch/ipapython-*.egg-info
%python_sitelibdir_noarch/ipalib-*.egg-info
%python_sitelibdir_noarch/ipaplatform-*.egg-info
%python_sitelibdir_noarch/ipaplatform-*-nspkg.pth

%files common -f ipa.lang
%doc COPYING README.md Contributors.txt

%if 0%{?with_python3}

%files -n python3-module-freeipa
%doc COPYING README.md Contributors.txt

%python3_sitelibdir_noarch/ipapython/
%python3_sitelibdir_noarch/ipalib/
%python3_sitelibdir_noarch/ipaplatform/
%python3_sitelibdir_noarch/ipapython-*.egg-info
%python3_sitelibdir_noarch/ipalib-*.egg-info
%python3_sitelibdir_noarch/ipaplatform-*.egg-info
%python3_sitelibdir_noarch/ipaplatform-*-nspkg.pth

%endif # with_python3

%files -n python-module-ipatests
%doc COPYING README.md Contributors.txt
%python_sitelibdir_noarch/ipatests
%python_sitelibdir_noarch/ipatests-*.egg-info
%_bindir/ipa-run-tests
%_bindir/ipa-test-config
%_bindir/ipa-test-task
%_bindir/ipa-run-tests-2
%_bindir/ipa-test-config-2
%_bindir/ipa-test-task-2
%_bindir/ipa-run-tests-%_python_version
%_bindir/ipa-test-config-%_python_version
%_bindir/ipa-test-task-%_python_version
%_mandir/man1/ipa-run-tests.1*
%_mandir/man1/ipa-test-config.1*
%_mandir/man1/ipa-test-task.1*

%if 0%{?with_python3}

%files -n python3-module-ipatests
%doc COPYING README.md Contributors.txt
%python3_sitelibdir_noarch/ipatests
%python3_sitelibdir_noarch/ipatests-*.egg-info
%_bindir/ipa-run-tests-3
%_bindir/ipa-test-config-3
%_bindir/ipa-test-task-3
%_bindir/ipa-run-tests-%_python3_version
%_bindir/ipa-test-config-%_python3_version
%_bindir/ipa-test-task-%_python3_version

%endif # with_python3

%changelog

Полный changelog можно просмотреть здесь

 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin