bgstack15
/
freeipa
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17857 Commits
2 Branches
35 MiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
freeipa/freeipa.spec.in

1445 lines
50 KiB
Raw Permalink Blame History 

  1. # 389-ds-base 1.4 no longer supports i686 platform, build only client

  2. # packages, https://bugzilla.redhat.com/show_bug.cgi?id=1544386

  3. %if 0%{?fedora} >= 28 || 0%{?rhel} > 7

  4.     %ifarch %{ix86}

  5.         %{!?ONLY_CLIENT:%global ONLY_CLIENT 1}

  6.     %endif

  7. %endif

  8. 

  9. # Define ONLY_CLIENT to only make the ipa-client and ipa-python

  10. # subpackages

  11. %{!?ONLY_CLIENT:%global ONLY_CLIENT 0}

  12. %if %{ONLY_CLIENT}

  13.     %global enable_server_option --disable-server

  14. %else

  15.     %global enable_server_option --enable-server

  16. %endif

  17. 

  18. # Build ipatests

  19. %if 0%{?rhel}

  20.     %global with_ipatests 0

  21. %endif

  22. %if ! %{ONLY_CLIENT}

  23.     %{!?with_ipatests:%global with_ipatests 1}

  24. %endif

  25. %if 0%{?with_ipatests}

  26.     %global with_ipatests_option --with-ipatests

  27. %else

  28.     %global with_ipatests_option --without-ipatests

  29. %endif

  30. 

  31. # lint is not executed during rpmbuild

  32. # %%global with_lint 1

  33. %if 0%{?with_lint}

  34.     %global linter_options --enable-pylint --with-jslint

  35. %else

  36.     %global linter_options --disable-pylint --without-jslint

  37. %endif

  38. 

  39. # Include SELinux subpackage

  40. %if 0%{?fedora} >= 30 || 0%{?rhel} > 8

  41.     %global with_selinux 1

  42.     %global selinuxtype targeted

  43.     %global modulename ipa

  44. %endif

  45. 

  46. %if 0%{?rhel}

  47. %global package_name ipa

  48. %global alt_name freeipa

  49. %global krb5_version 1.16.1

  50. %global krb5_kdb_version 7.0

  51. # 0.7.16: https://github.com/drkjam/netaddr/issues/71

  52. %global python_netaddr_version 0.7.16

  53. # Require 4.7.0 which brings Python 3 bindings

  54. %global samba_version 4.7.0

  55. %global selinux_policy_version 3.14.3-21

  56. %global slapi_nis_version 0.56.1-4

  57. %global python_ldap_version 3.1.0-1

  58. # python3-lib389

  59. # Fix for "Installation fails: Replica Busy"

  60. # https://pagure.io/389-ds-base/issue/49818

  61. %global ds_version 1.4.0.16

  62. # Fix for TLS 1.3 PHA, RHBZ#1775158

  63. %global httpd_version 2.4.37-21

  64. 

  65. %else

  66. # Fedora

  67. %global package_name freeipa

  68. %global alt_name ipa

  69. # Fix for CVE-2018-20217

  70. %global krb5_version 1.16.1-24

  71. # 0.7.16: https://github.com/drkjam/netaddr/issues/71

  72. %global python_netaddr_version 0.7.16

  73. # Require 4.7.0 which brings Python 3 bindings

  74. %global samba_version 2:4.7.0

  75. # SELinux context for /etc/named directory, RHBZ#1759495

  76. %global selinux_policy_version 3.14.3-52

  77. %global slapi_nis_version 0.56.1

  78. 

  79. # krb5 can only provide one KDB at a time

  80. %if 0%{?fedora} >= 32

  81. %global krb5_kdb_version 8.0

  82. %else

  83. %global krb5_kdb_version 7.0

  84. %endif

  85. 

  86. # fix for segfault in python3-ldap, https://pagure.io/freeipa/issue/7324

  87. %global python_ldap_version 3.1.0-1

  88. # Fix for create suffix

  89. # https://pagure.io/389-ds-base/issue/49984

  90. %if 0%{?fedora} >= 30

  91. %global ds_version 1.4.1.1

  92. %else

  93. %global ds_version 1.4.0.21

  94. %endif

  95. 

  96. # Fix for TLS 1.3 PHA, RHBZ#1775146

  97. %if 0%{?fedora} >= 31

  98. %global httpd_version 2.4.41-9

  99. %else

  100. %global httpd_version 2.4.41-6.1

  101. %endif

  102. 

  103. # Don't use Fedora's Python dependency generator on Fedora 30/rawhide yet.

  104. # Some packages don't provide new dist aliases.

  105. # https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/

  106. %{?python_disable_dependency_generator}

  107. 

  108. # Fedora

  109. %endif

  110. 

  111. # 10.7.3 supports LWCA key replication using AES

  112. # https://pagure.io/freeipa/issue/8020

  113. %global pki_version 10.7.3-1

  114. 

  115. # https://pagure.io/certmonger/issue/90

  116. %global certmonger_version 0.79.7-1

  117. 

  118. # NSS release with fix for p11-kit-proxy issue, affects F28

  119. # https://pagure.io/freeipa/issue/7810

  120. %if 0%{?fedora} == 28

  121. %global nss_version 3.41.0-3

  122. %else

  123. %global nss_version 3.41.0-1

  124. %endif

  125. 

  126. # One-Way Trust authenticated by trust secret

  127. # https://bugzilla.redhat.com/show_bug.cgi?id=1345975#c20

  128. %global sssd_version 1.16.3-2

  129. 

  130. %define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')

  131. 

  132. %global plugin_dir %{_libdir}/dirsrv/plugins

  133. %global etc_systemd_dir %{_sysconfdir}/systemd/system

  134. %global gettext_domain ipa

  135. 

  136. %define _hardened_build 1

  137. 

  138. # Work-around fact that RPM SPEC parser does not accept

  139. # "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement

  140. %define IPA_VERSION @VERSION@

  141. %define AT_SIGN @

  142. # redefine IPA_VERSION only if its value matches the Autoconf placeholder

  143. %if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"

  144.     %define IPA_VERSION nonsense.to.please.RPM.SPEC.parser

  145. %endif

  146. 

  147. Name:           %{package_name}

  148. Version:        %{IPA_VERSION}

  149. Release:        0%{?dist}

  150. Summary:        The Identity, Policy and Audit system

  151. 

  152. Group:          System Environment/Base

  153. License:        GPLv3+

  154. URL:            http://www.freeipa.org/

  155. Source0:        freeipa-%{version}.tar.gz

  156. BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

  157. 

  158. BuildRequires:  openldap-devel

  159. # For KDB DAL version, make explicit dependency so that increase of version

  160. # will cause the build to fail due to unsatisfied dependencies.

  161. # DAL version change may cause code crash or memory leaks, it is better to fail early.

  162. BuildRequires:  krb5-kdb-version = %{krb5_kdb_version}

  163. BuildRequires:  krb5-devel >= %{krb5_version}

  164. # 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation

  165. BuildRequires:  xmlrpc-c-devel >= 1.27.4

  166. BuildRequires:  popt-devel

  167. BuildRequires:  gcc

  168. BuildRequires:  make

  169. BuildRequires:  pkgconfig

  170. BuildRequires:  autoconf

  171. BuildRequires:  automake

  172. BuildRequires:  libtool

  173. BuildRequires:  gettext

  174. BuildRequires:  gettext-devel

  175. BuildRequires:  python3-devel

  176. BuildRequires:  python3-setuptools

  177. BuildRequires:  systemd

  178. # systemd-tmpfiles which is executed from make install requires apache user

  179. BuildRequires:  httpd

  180. BuildRequires:  nspr-devel

  181. BuildRequires:  nss-devel >= %{nss_version}

  182. BuildRequires:  openssl-devel

  183. BuildRequires:  libini_config-devel

  184. BuildRequires:  cyrus-sasl-devel

  185. %if ! %{ONLY_CLIENT}

  186. BuildRequires:  389-ds-base-devel >= %{ds_version}

  187. BuildRequires:  samba-devel >= %{samba_version}

  188. BuildRequires:  libtalloc-devel

  189. BuildRequires:  libtevent-devel

  190. BuildRequires:  libuuid-devel

  191. BuildRequires:  libsss_idmap-devel

  192. BuildRequires:  libsss_certmap-devel

  193. BuildRequires:  libsss_nss_idmap-devel >= %{sssd_version}

  194. BuildRequires:  nodejs(abi)

  195. BuildRequires:  uglify-js

  196. BuildRequires:  libverto-devel

  197. BuildRequires:  libunistring-devel

  198. # 0.13.0: https://bugzilla.redhat.com/show_bug.cgi?id=1584773

  199. # 0.13.0-2: fix for missing dependency on python-six

  200. BuildRequires:  python3-lesscpy >= 0.13.0-2

  201. 

  202. # ONLY_CLIENT

  203. %endif

  204. 

  205. #

  206. # Build dependencies for makeapi/makeaci

  207. #

  208. BuildRequires:  python3-cffi

  209. BuildRequires:  python3-dns

  210. BuildRequires:  python3-ldap >= %{python_ldap_version}

  211. BuildRequires:  python3-libsss_nss_idmap

  212. BuildRequires:  python3-netaddr >= %{python_netaddr_version}

  213. BuildRequires:  python3-pyasn1

  214. BuildRequires:  python3-pyasn1-modules

  215. BuildRequires:  python3-six

  216. 

  217. #

  218. # Build dependencies for wheel packaging and PyPI upload

  219. #

  220. %if 0%{?with_wheels}

  221. BuildRequires:  dbus-glib-devel

  222. BuildRequires:  libffi-devel

  223. BuildRequires:  python3-tox

  224. %if 0%{?fedora} <= 28

  225. BuildRequires:  python3-twine

  226. %else

  227. BuildRequires:  twine

  228. %endif

  229. BuildRequires:  python3-wheel

  230. # with_wheels

  231. %endif

  232. 

  233. #

  234. # Build dependencies for lint and fastcheck

  235. #

  236. %if 0%{?with_lint}

  237. BuildRequires:  jsl

  238. BuildRequires:  rpmlint

  239. BuildRequires:  softhsm

  240. BuildRequires:  python3-augeas

  241. BuildRequires:  python3-cffi

  242. BuildRequires:  python3-cryptography >= 1.6

  243. BuildRequires:  python3-custodia >= 0.3.1

  244. BuildRequires:  python3-dateutil

  245. BuildRequires:  python3-dbus

  246. BuildRequires:  python3-dns >= 1.15

  247. BuildRequires:  python3-docker

  248. BuildRequires:  python3-gssapi >= 1.2.0

  249. BuildRequires:  python3-jinja2

  250. BuildRequires:  python3-jwcrypto >= 0.4.2

  251. BuildRequires:  python3-ldap >= %{python_ldap_version}

  252. BuildRequires:  python3-ldap >= %{python_ldap_version}

  253. BuildRequires:  python3-lib389 >= %{ds_version}

  254. BuildRequires:  python3-libipa_hbac

  255. BuildRequires:  python3-libsss_nss_idmap

  256. BuildRequires:  python3-lxml

  257. BuildRequires:  python3-netaddr >= %{python_netaddr_version}

  258. BuildRequires:  python3-netifaces

  259. BuildRequires:  python3-paste

  260. BuildRequires:  python3-pki >= %{pki_version}

  261. BuildRequires:  python3-polib

  262. BuildRequires:  python3-pyasn1

  263. BuildRequires:  python3-pyasn1-modules

  264. BuildRequires:  python3-pycodestyle

  265. %if 0%{?fedora} >= 29

  266. # https://bugzilla.redhat.com/show_bug.cgi?id=1648299

  267. BuildRequires:  python3-pylint >= 2.1.1-2

  268. %else

  269. BuildRequires:  python3-pylint >= 1.7

  270. %endif

  271. BuildRequires:  python3-pytest-multihost

  272. BuildRequires:  python3-pytest-sourceorder

  273. BuildRequires:  python3-qrcode-core >= 5.0.0

  274. BuildRequires:  python3-samba

  275. BuildRequires:  python3-six

  276. BuildRequires:  python3-sss

  277. BuildRequires:  python3-sss-murmur

  278. BuildRequires:  python3-sssdconfig >= %{sssd_version}

  279. BuildRequires:  python3-systemd

  280. BuildRequires:  python3-yubico

  281. # with_lint

  282. %endif

  283. 

  284. #

  285. # Build dependencies for unit tests

  286. #

  287. %if ! %{ONLY_CLIENT}

  288. BuildRequires:  libcmocka-devel

  289. # Required by ipa_kdb_tests

  290. BuildRequires:  krb5-server >= %{krb5_version}

  291. # ONLY_CLIENT

  292. %endif

  293. 

  294. #

  295. # Build dependencies for SELinux policy

  296. #

  297. %if 0%{?with_selinux}

  298. BuildRequires:  selinux-policy-devel

  299. %endif

  300. 

  301. %description

  302. IPA is an integrated solution to provide centrally managed Identity (users,

  303. hosts, services), Authentication (SSO, 2FA), and Authorization

  304. (host access control, SELinux user roles, services). The solution provides

  305. features for further integration with Linux based clients (SUDO, automount)

  306. and integration with Active Directory based infrastructures (Trusts).

  307. 

  308. 

  309. %if ! %{ONLY_CLIENT}

  310. 

  311. %package server

  312. Summary: The IPA authentication server

  313. Group: System Environment/Base

  314. Requires: %{name}-server-common = %{version}-%{release}

  315. Requires: %{name}-client = %{version}-%{release}

  316. Requires: %{name}-common = %{version}-%{release}

  317. Requires: python3-ipaserver = %{version}-%{release}

  318. Requires: python3-ldap >= %{python_ldap_version}

  319. Requires: 389-ds-base >= %{ds_version}

  320. Requires: openldap-clients > 2.4.35-4

  321. Requires: nss >= %{nss_version}

  322. Requires: nss-tools >= %{nss_version}

  323. Requires(post): krb5-server >= %{krb5_version}

  324. Requires(post): krb5-server >= %{krb5_base_version}, krb5-server < %{krb5_base_version}.100

  325. Requires: krb5-pkinit-openssl >= %{krb5_version}

  326. Requires: cyrus-sasl-gssapi%{?_isa}

  327. Requires: chrony

  328. Requires: httpd >= %{httpd_version}

  329. Requires(preun): python3

  330. Requires(postun): python3

  331. Requires: python3-gssapi >= 1.2.0-5

  332. Requires: python3-systemd

  333. Requires: python3-mod_wsgi

  334. Requires: mod_auth_gssapi >= 1.5.0

  335. Requires: mod_ssl >= %{httpd_version}

  336. Requires: mod_session >= %{httpd_version}

  337. # 0.9.9: https://github.com/adelton/mod_lookup_identity/pull/3

  338. Requires: mod_lookup_identity >= 0.9.9

  339. Requires: acl

  340. Requires: systemd-units >= 38

  341. Requires(pre): shadow-utils

  342. Requires(pre): systemd-units

  343. Requires(post): systemd-units

  344. Requires: selinux-policy >= %{selinux_policy_version}

  345. Requires(post): selinux-policy-base >= %{selinux_policy_version}

  346. Requires: slapi-nis >= %{slapi_nis_version}

  347. Requires: pki-ca >= %{pki_version}

  348. Requires: pki-kra >= %{pki_version}

  349. Requires(preun): systemd-units

  350. Requires(postun): systemd-units

  351. Requires: policycoreutils >= 2.1.12-5

  352. Requires: tar

  353. Requires(pre): certmonger >= %{certmonger_version}

  354. Requires(pre): 389-ds-base >= %{ds_version}

  355. Requires: fontawesome-fonts

  356. Requires: open-sans-fonts

  357. Requires: openssl

  358. Requires: softhsm >= 2.0.0rc1-1

  359. Requires: p11-kit

  360. Requires: %{etc_systemd_dir}

  361. Requires: gzip

  362. Requires: oddjob

  363. # 0.7.0-2: https://pagure.io/gssproxy/pull-request/172

  364. Requires: gssproxy >= 0.7.0-2

  365. Requires: sssd-dbus >= %{sssd_version}

  366. 

  367. Provides: %{alt_name}-server = %{version}

  368. Conflicts: %{alt_name}-server

  369. Obsoletes: %{alt_name}-server < %{version}

  370. 

  371. # With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the

  372. # entire SELinux policy is stored in the system policy

  373. Obsoletes: freeipa-server-selinux < 3.3.0

  374. 

  375. # upgrade path from monolithic -server to -server + -server-dns

  376. Obsoletes: %{name}-server <= 4.2.0

  377. 

  378. # Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to

  379. # member.

  380. Conflicts: nss-pam-ldapd < 0.8.4

  381. 

  382. %description server

  383. IPA is an integrated solution to provide centrally managed Identity (users,

  384. hosts, services), Authentication (SSO, 2FA), and Authorization

  385. (host access control, SELinux user roles, services). The solution provides

  386. features for further integration with Linux based clients (SUDO, automount)

  387. and integration with Active Directory based infrastructures (Trusts).

  388. If you are installing an IPA server, you need to install this package.

  389. 

  390. 

  391. %package -n python3-ipaserver

  392. Summary: Python libraries used by IPA server

  393. Group: System Environment/Libraries

  394. BuildArch: noarch

  395. %{?python_provide:%python_provide python3-ipaserver}

  396. Requires: %{name}-server-common = %{version}-%{release}

  397. Requires: %{name}-common = %{version}-%{release}

  398. # we need pre-requires since earlier versions may break upgrade

  399. Requires(pre): python3-ldap >= %{python_ldap_version}

  400. Requires: python3-augeas

  401. Requires: python3-custodia >= 0.3.1

  402. Requires: python3-dbus

  403. Requires: python3-dns >= 1.15

  404. Requires: python3-gssapi >= 1.2.0

  405. Requires: python3-ipaclient = %{version}-%{release}

  406. Requires: python3-kdcproxy >= 0.3

  407. Requires: python3-lxml

  408. Requires: python3-pki >= %{pki_version}

  409. Requires: python3-pyasn1 >= 0.3.2-2

  410. Requires: python3-sssdconfig >= %{sssd_version}

  411. Requires: rpm-libs

  412. # Indirect dependency: use newer urllib3 with TLS 1.3 PHA support

  413. %if 0%{?rhel}

  414. Requires: python3-urllib3 >= 1.24.2-3

  415. %else

  416. Requires: python3-urllib3 >= 1.25.7

  417. %endif

  418. 

  419. 

  420. %description -n python3-ipaserver

  421. IPA is an integrated solution to provide centrally managed Identity (users,

  422. hosts, services), Authentication (SSO, 2FA), and Authorization

  423. (host access control, SELinux user roles, services). The solution provides

  424. features for further integration with Linux based clients (SUDO, automount)

  425. and integration with Active Directory based infrastructures (Trusts).

  426. If you are installing an IPA server, you need to install this package.

  427. 

  428. 

  429. %package server-common

  430. Summary: Common files used by IPA server

  431. Group: System Environment/Base

  432. BuildArch: noarch

  433. Requires: %{name}-client-common = %{version}-%{release}

  434. Requires: httpd >= %{httpd_version}

  435. Requires: systemd-units >= 38

  436. 

  437. Provides: %{alt_name}-server-common = %{version}

  438. Conflicts: %{alt_name}-server-common

  439. Obsoletes: %{alt_name}-server-common < %{version}

  440. 

  441. %description server-common

  442. IPA is an integrated solution to provide centrally managed Identity (users,

  443. hosts, services), Authentication (SSO, 2FA), and Authorization

  444. (host access control, SELinux user roles, services). The solution provides

  445. features for further integration with Linux based clients (SUDO, automount)

  446. and integration with Active Directory based infrastructures (Trusts).

  447. If you are installing an IPA server, you need to install this package.

  448. 

  449. 

  450. %package server-dns

  451. Summary: IPA integrated DNS server with support for automatic DNSSEC signing

  452. Group: System Environment/Base

  453. BuildArch: noarch

  454. Requires: %{name}-server = %{version}-%{release}

  455. Requires: bind-dyndb-ldap >= 11.0-2

  456. Requires: bind >= 9.11.0-6.P2

  457. Requires: bind-utils >= 9.11.0-6.P2

  458. Requires: bind-pkcs11 >= 9.11.0-6.P2

  459. Requires: bind-pkcs11-utils >= 9.11.0-6.P2

  460. Requires: opendnssec >= 1.4.6-4

  461. %{?systemd_requires}

  462. 

  463. Provides: %{alt_name}-server-dns = %{version}

  464. Conflicts: %{alt_name}-server-dns

  465. Obsoletes: %{alt_name}-server-dns < %{version}

  466. 

  467. # upgrade path from monolithic -server to -server + -server-dns

  468. Obsoletes: %{name}-server <= 4.2.0

  469. 

  470. %description server-dns

  471. IPA integrated DNS server with support for automatic DNSSEC signing.

  472. Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

  473. 

  474. 

  475. %package server-trust-ad

  476. Summary: Virtual package to install packages required for Active Directory trusts

  477. Group: System Environment/Base

  478. Requires: %{name}-server = %{version}-%{release}

  479. Requires: %{name}-common = %{version}-%{release}

  480. 

  481. Requires: samba >= %{samba_version}

  482. Requires: samba-winbind

  483. Requires: libsss_idmap

  484. 

  485. Requires(post): python3

  486. Requires: python3-samba

  487. Requires: python3-libsss_nss_idmap

  488. Requires: python3-sss

  489. 

  490. # We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5

  491. # on the installes where server-trust-ad subpackage is installed because

  492. # IPA AD trusts cannot be used at the same time with the locator plugin

  493. # since Winbindd will be configured in a different mode

  494. Requires(post): %{_sbindir}/update-alternatives

  495. Requires(postun): %{_sbindir}/update-alternatives

  496. Requires(preun): %{_sbindir}/update-alternatives

  497. 

  498. Provides: %{alt_name}-server-trust-ad = %{version}

  499. Conflicts: %{alt_name}-server-trust-ad

  500. Obsoletes: %{alt_name}-server-trust-ad < %{version}

  501. 

  502. %description server-trust-ad

  503. Cross-realm trusts with Active Directory in IPA require working Samba 4

  504. installation. This package is provided for convenience to install all required

  505. dependencies at once.

  506. 

  507. # ONLY_CLIENT

  508. %endif

  509. 

  510. 

  511. %package client

  512. Summary: IPA authentication for use on clients

  513. Group: System Environment/Base

  514. Requires: %{name}-client-common = %{version}-%{release}

  515. Requires: %{name}-common = %{version}-%{release}

  516. Requires: python3-gssapi >= 1.2.0-5

  517. Requires: python3-ipaclient = %{version}-%{release}

  518. Requires: python3-ldap >= %{python_ldap_version}

  519. Requires: python3-sssdconfig >= %{sssd_version}

  520. Requires: cyrus-sasl-gssapi%{?_isa}

  521. Requires: chrony

  522. Requires: krb5-workstation >= %{krb5_version}

  523. Requires: authselect >= 0.4-2

  524. Requires: curl

  525. # NIS domain name config: /usr/lib/systemd/system/*-domainname.service

  526. %if 0%{?fedora} >= 29

  527. Requires: hostname

  528. %else

  529. Requires: initscripts

  530. %endif

  531. Requires: libcurl >= 7.21.7-2

  532. Requires: xmlrpc-c >= 1.27.4

  533. Requires: sssd-ipa >= %{sssd_version}

  534. Requires: certmonger >= %{certmonger_version}

  535. Requires: nss-tools >= %{nss_version}

  536. Requires: bind-utils

  537. Requires: oddjob-mkhomedir

  538. Requires: libsss_autofs

  539. Requires: autofs

  540. Requires: libnfsidmap

  541. Requires: nfs-utils

  542. Requires: sssd-tools >= %{sssd_version}

  543. Requires(post): policycoreutils

  544. 

  545. Provides: %{alt_name}-client = %{version}

  546. Conflicts: %{alt_name}-client

  547. Obsoletes: %{alt_name}-client < %{version}

  548. 

  549. Provides: %{alt_name}-admintools = %{version}

  550. Conflicts: %{alt_name}-admintools

  551. Obsoletes: %{alt_name}-admintools < 4.4.1

  552. 

  553. Obsoletes: %{name}-admintools < 4.4.1

  554. Provides: %{name}-admintools = %{version}-%{release}

  555. 

  556. %description client

  557. IPA is an integrated solution to provide centrally managed Identity (users,

  558. hosts, services), Authentication (SSO, 2FA), and Authorization

  559. (host access control, SELinux user roles, services). The solution provides

  560. features for further integration with Linux based clients (SUDO, automount)

  561. and integration with Active Directory based infrastructures (Trusts).

  562. If your network uses IPA for authentication, this package should be

  563. installed on every client machine.

  564. This package provides command-line tools for IPA administrators.

  565. 

  566. %package client-samba

  567. Summary: Tools to configure Samba on IPA client

  568. Group: System Environment/Base

  569. Requires: %{name}-client = %{version}-%{release}

  570. Requires: python3-samba

  571. Requires: samba-client

  572. Requires: samba-winbind

  573. Requires: samba-common-tools

  574. Requires: samba

  575. Requires: sssd-winbind-idmap

  576. Requires: tdb-tools

  577. Requires: cifs-utils

  578. 

  579. %description client-samba

  580. This package provides command-line tools to deploy Samba domain member

  581. on the machine enrolled into a FreeIPA environment

  582. 

  583. %package -n python3-ipaclient

  584. Summary: Python libraries used by IPA client

  585. Group: System Environment/Libraries

  586. BuildArch: noarch

  587. %{?python_provide:%python_provide python3-ipaclient}

  588. Requires: %{name}-client-common = %{version}-%{release}

  589. Requires: %{name}-common = %{version}-%{release}

  590. Requires: python3-ipalib = %{version}-%{release}

  591. Requires: python3-augeas

  592. Requires: python3-dns >= 1.15

  593. Requires: python3-jinja2

  594. 

  595. %description -n python3-ipaclient

  596. IPA is an integrated solution to provide centrally managed Identity (users,

  597. hosts, services), Authentication (SSO, 2FA), and Authorization

  598. (host access control, SELinux user roles, services). The solution provides

  599. features for further integration with Linux based clients (SUDO, automount)

  600. and integration with Active Directory based infrastructures (Trusts).

  601. If your network uses IPA for authentication, this package should be

  602. installed on every client machine.

  603. 

  604. 

  605. %package client-common

  606. Summary: Common files used by IPA client

  607. Group: System Environment/Base

  608. BuildArch: noarch

  609. 

  610. Provides: %{alt_name}-client-common = %{version}

  611. Conflicts: %{alt_name}-client-common

  612. Obsoletes: %{alt_name}-client-common < %{version}

  613. # python2-ipa* packages are no longer available in 4.8.

  614. Obsoletes: python2-ipaclient < 4.8.0-1

  615. Obsoletes: python2-ipalib < 4.8.0-1

  616. Obsoletes: python2-ipaserver < 4.8.0-1

  617. Obsoletes: python2-ipatests < 4.8.0-1

  618. 

  619. 

  620. %description client-common

  621. IPA is an integrated solution to provide centrally managed Identity (users,

  622. hosts, services), Authentication (SSO, 2FA), and Authorization

  623. (host access control, SELinux user roles, services). The solution provides

  624. features for further integration with Linux based clients (SUDO, automount)

  625. and integration with Active Directory based infrastructures (Trusts).

  626. If your network uses IPA for authentication, this package should be

  627. installed on every client machine.

  628. 

  629. 

  630. %package python-compat

  631. Summary: Compatiblity package for Python libraries used by IPA

  632. Group: System Environment/Libraries

  633. BuildArch: noarch

  634. Obsoletes: %{name}-python < 4.2.91

  635. Provides: %{name}-python = %{version}-%{release}

  636. Requires: %{name}-common = %{version}-%{release}

  637. Requires: python3-ipalib = %{version}-%{release}

  638. 

  639. Provides: %{alt_name}-python-compat = %{version}

  640. Conflicts: %{alt_name}-python-compat

  641. Obsoletes: %{alt_name}-python-compat < %{version}

  642. 

  643. Obsoletes: %{alt_name}-python < 4.2.91

  644. Provides: %{alt_name}-python = %{version}

  645. 

  646. %description python-compat

  647. IPA is an integrated solution to provide centrally managed Identity (users,

  648. hosts, services), Authentication (SSO, 2FA), and Authorization

  649. (host access control, SELinux user roles, services). The solution provides

  650. features for further integration with Linux based clients (SUDO, automount)

  651. and integration with Active Directory based infrastructures (Trusts).

  652. This is a compatibility package to accommodate %{name}-python split into

  653. python3-ipalib and %{name}-common. Packages still depending on

  654. %{name}-python should be fixed to depend on python2-ipaclient or

  655. %{name}-common instead.

  656. 

  657. 

  658. %package -n python3-ipalib

  659. Summary: Python3 libraries used by IPA

  660. Group: System Environment/Libraries

  661. BuildArch: noarch

  662. %{?python_provide:%python_provide python3-ipalib}

  663. Provides: python3-ipapython = %{version}-%{release}

  664. %{?python_provide:%python_provide python3-ipapython}

  665. Provides: python3-ipaplatform = %{version}-%{release}

  666. %{?python_provide:%python_provide python3-ipaplatform}

  667. Requires: %{name}-common = %{version}-%{release}

  668. # we need pre-requires since earlier versions may break upgrade

  669. Requires(pre): python3-ldap >= %{python_ldap_version}

  670. Requires: gnupg2

  671. Requires: keyutils

  672. Requires: python3-cffi

  673. Requires: python3-cryptography >= 1.6

  674. Requires: python3-dateutil

  675. Requires: python3-dbus

  676. Requires: python3-dns >= 1.15

  677. Requires: python3-gssapi >= 1.2.0

  678. Requires: python3-jwcrypto >= 0.4.2

  679. Requires: python3-libipa_hbac

  680. Requires: python3-netaddr >= %{python_netaddr_version}

  681. Requires: python3-netifaces >= 0.10.4

  682. Requires: python3-pyasn1 >= 0.3.2-2

  683. Requires: python3-pyasn1-modules >= 0.3.2-2

  684. Requires: python3-pyusb

  685. Requires: python3-qrcode-core >= 5.0.0

  686. Requires: python3-requests

  687. Requires: python3-setuptools

  688. Requires: python3-six

  689. Requires: python3-sss-murmur

  690. Requires: python3-yubico >= 1.3.2-7

  691. 

  692. %description -n python3-ipalib

  693. IPA is an integrated solution to provide centrally managed Identity (users,

  694. hosts, services), Authentication (SSO, 2FA), and Authorization

  695. (host access control, SELinux user roles, services). The solution provides

  696. features for further integration with Linux based clients (SUDO, automount)

  697. and integration with Active Directory based infrastructures (Trusts).

  698. If you are using IPA with Python 3, you need to install this package.

  699. 

  700. 

  701. %package common

  702. Summary: Common files used by IPA

  703. Group: System Environment/Libraries

  704. BuildArch: noarch

  705. Conflicts: %{name}-python < 4.2.91

  706. 

  707. Provides: %{alt_name}-common = %{version}

  708. Conflicts: %{alt_name}-common

  709. Obsoletes: %{alt_name}-common < %{version}

  710. 

  711. Conflicts: %{alt_name}-python < %{version}

  712. 

  713. %if 0%{?with_selinux}

  714. # This ensures that the *-selinux package and all it’s dependencies are not

  715. # pulled into containers and other systems that do not use SELinux. The

  716. # policy defines types and file contexts for client and server.

  717. Requires:       (%{name}-selinux if selinux-policy-%{selinuxtype})

  718. %endif

  719. 

  720. %description common

  721. IPA is an integrated solution to provide centrally managed Identity (users,

  722. hosts, services), Authentication (SSO, 2FA), and Authorization

  723. (host access control, SELinux user roles, services). The solution provides

  724. features for further integration with Linux based clients (SUDO, automount)

  725. and integration with Active Directory based infrastructures (Trusts).

  726. If you are using IPA, you need to install this package.

  727. 

  728. 

  729. %if 0%{?with_ipatests}

  730. 

  731. %package -n python3-ipatests

  732. Summary: IPA tests and test tools

  733. BuildArch: noarch

  734. %{?python_provide:%python_provide python3-ipatests}

  735. Requires: python3-ipaclient = %{version}-%{release}

  736. Requires: python3-ipaserver = %{version}-%{release}

  737. Requires: iptables

  738. Requires: ldns-utils

  739. Requires: python3-coverage

  740. Requires: python3-cryptography >= 1.6

  741. Requires: python3-polib

  742. Requires: python3-pytest >= 2.6

  743. Requires: python3-pytest-multihost >= 0.5

  744. Requires: python3-pytest-sourceorder

  745. Requires: python3-sssdconfig >= %{sssd_version}

  746. Requires: tar

  747. Requires: xz

  748. Requires: openssh-clients

  749. Requires: sshpass

  750. 

  751. %description -n python3-ipatests

  752. IPA is an integrated solution to provide centrally managed Identity (users,

  753. hosts, services), Authentication (SSO, 2FA), and Authorization

  754. (host access control, SELinux user roles, services). The solution provides

  755. features for further integration with Linux based clients (SUDO, automount)

  756. and integration with Active Directory based infrastructures (Trusts).

  757. This package contains tests that verify IPA functionality under Python 3.

  758. 

  759. # with_ipatests

  760. %endif

  761. 

  762. %if 0%{?with_selinux}

  763. # SELinux subpackage

  764. %package selinux

  765. Summary:             FreeIPA SELinux policy

  766. BuildArch:           noarch

  767. Requires:            selinux-policy-%{selinuxtype}

  768. Requires(post):      selinux-policy-%{selinuxtype}

  769. %{?selinux_requires}

  770. 

  771. %description selinux

  772. Custom SELinux policy module

  773. # with_selinux

  774. %endif

  775. 

  776. %prep

  777. %setup -n freeipa-%{version} -q

  778. 

  779. %build

  780. # PATH is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1005235

  781. export PATH=/usr/bin:/usr/sbin:$PATH

  782. 

  783. 

  784. export PYTHON=%{__python3}

  785. autoreconf -ivf

  786. %configure --with-vendor-suffix=-%{release} \

  787.            %{enable_server_option} \

  788.            %{with_ipatests_option} \

  789.            %{linter_options}

  790. 

  791. # run build in default dir

  792. # -Onone is workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1398405

  793. %make_build -Onone

  794. 

  795. 

  796. %check

  797. make %{?_smp_mflags} check VERBOSE=yes LIBDIR=%{_libdir}

  798. 

  799. 

  800. %install

  801. # Please put as much logic as possible into make install. It allows:

  802. # - easier porting to other distributions

  803. # - rapid devel & install cycle using make install

  804. #   (instead of full RPM build and installation each time)

  805. #

  806. # All files and directories created by spec install should be marked as ghost.

  807. # (These are typically configuration files created by IPA installer.)

  808. # All other artifacts should be created by make install.

  809. 

  810. %make_install

  811. 

  812. %if 0%{?with_ipatests}

  813. mv %{buildroot}%{_bindir}/ipa-run-tests %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version}

  814. mv %{buildroot}%{_bindir}/ipa-test-config %{buildroot}%{_bindir}/ipa-test-config-%{python3_version}

  815. mv %{buildroot}%{_bindir}/ipa-test-task %{buildroot}%{_bindir}/ipa-test-task-%{python3_version}

  816. ln -rs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests-3

  817. ln -rs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config-3

  818. ln -rs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task-3

  819. ln -frs %{buildroot}%{_bindir}/ipa-run-tests-%{python3_version} %{buildroot}%{_bindir}/ipa-run-tests

  820. ln -frs %{buildroot}%{_bindir}/ipa-test-config-%{python3_version} %{buildroot}%{_bindir}/ipa-test-config

  821. ln -frs %{buildroot}%{_bindir}/ipa-test-task-%{python3_version} %{buildroot}%{_bindir}/ipa-test-task

  822. # with_ipatests

  823. %endif

  824. 

  825. # remove files which are useful only for make uninstall

  826. find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -exec rm {} \;

  827. 

  828. %find_lang %{gettext_domain}

  829. 

  830. %if ! %{ONLY_CLIENT}

  831. # Remove .la files from libtool - we don't want to package

  832. # these files

  833. rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la

  834. rm %{buildroot}/%{plugin_dir}/libipa_enrollment_extop.la

  835. rm %{buildroot}/%{plugin_dir}/libipa_winsync.la

  836. rm %{buildroot}/%{plugin_dir}/libipa_repl_version.la

  837. rm %{buildroot}/%{plugin_dir}/libipa_uuid.la

  838. rm %{buildroot}/%{plugin_dir}/libipa_modrdn.la

  839. rm %{buildroot}/%{plugin_dir}/libipa_lockout.la

  840. rm %{buildroot}/%{plugin_dir}/libipa_cldap.la

  841. rm %{buildroot}/%{plugin_dir}/libipa_dns.la

  842. rm %{buildroot}/%{plugin_dir}/libipa_sidgen.la

  843. rm %{buildroot}/%{plugin_dir}/libipa_sidgen_task.la

  844. rm %{buildroot}/%{plugin_dir}/libipa_extdom_extop.la

  845. rm %{buildroot}/%{plugin_dir}/libipa_range_check.la

  846. rm %{buildroot}/%{plugin_dir}/libipa_otp_counter.la

  847. rm %{buildroot}/%{plugin_dir}/libipa_otp_lasttoken.la

  848. rm %{buildroot}/%{plugin_dir}/libtopology.la

  849. rm %{buildroot}/%{_libdir}/krb5/plugins/kdb/ipadb.la

  850. rm %{buildroot}/%{_libdir}/samba/pdb/ipasam.la

  851. 

  852. # So we can own our Apache configuration

  853. mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/

  854. /bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf

  855. /bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf

  856. /bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf

  857. /bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf

  858. /bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt

  859. /bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con

  860. /bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini

  861. /bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con

  862. 

  863. mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5

  864. touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so

  865. 

  866. # ONLY_CLIENT

  867. %endif

  868. 

  869. /bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf

  870. /bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt

  871. 

  872. %if ! %{ONLY_CLIENT}

  873. mkdir -p %{buildroot}%{_sysconfdir}/cron.d

  874. # ONLY_CLIENT

  875. %endif

  876. 

  877. %clean

  878. rm -rf %{buildroot}

  879. 

  880. 

  881. %if ! %{ONLY_CLIENT}

  882. 

  883. %post server

  884. # NOTE: systemd specific section

  885.     /bin/systemctl --system daemon-reload 2>&1 || :

  886. # END

  887. if [ $1 -gt 1 ] ; then

  888.     /bin/systemctl condrestart certmonger.service 2>&1 || :

  889. fi

  890. /bin/systemctl reload-or-try-restart dbus

  891. /bin/systemctl reload-or-try-restart oddjobd

  892. 

  893. %tmpfiles_create ipa.conf

  894. 

  895. %posttrans server

  896. # don't execute upgrade and restart of IPA when server is not installed

  897. %{__python3} -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1

  898. 

  899. if [  $? -eq 0 ]; then

  900.     # This is necessary for Fedora system upgrades which by default

  901.     # work with the network being offline

  902.     /bin/systemctl start network-online.target

  903. 

  904.     # Restart IPA processes. This must be also run in postrans so that plugins

  905.     # and software is in consistent state. This will also perform the

  906.     # system upgrade.

  907.     # NOTE: systemd specific section

  908. 

  909.     /bin/systemctl is-enabled ipa.service >/dev/null 2>&1

  910.     if [  $? -eq 0 ]; then

  911.         /bin/systemctl restart ipa.service >/dev/null

  912.     fi

  913. fi

  914. # END

  915. 

  916. 

  917. %preun server

  918. if [ $1 = 0 ]; then

  919. # NOTE: systemd specific section

  920.     /bin/systemctl --quiet stop ipa.service || :

  921.     /bin/systemctl --quiet disable ipa.service || :

  922.     /bin/systemctl reload-or-try-restart dbus

  923.     /bin/systemctl reload-or-try-restart oddjobd

  924. # END

  925. fi

  926. 

  927. 

  928. %pre server

  929. # Stop ipa_kpasswd if it exists before upgrading so we don't have a

  930. # zombie process when we're done.

  931. if [ -e /usr/sbin/ipa_kpasswd ]; then

  932. # NOTE: systemd specific section

  933.     /bin/systemctl stop ipa_kpasswd.service >/dev/null 2>&1 || :

  934. # END

  935. fi

  936. 

  937. 

  938. %pre server-common

  939. # create users and groups

  940. # create kdcproxy group and user

  941. getent group kdcproxy >/dev/null || groupadd -f -r kdcproxy

  942. getent passwd kdcproxy >/dev/null || useradd -r -g kdcproxy -s /sbin/nologin -d / -c "IPA KDC Proxy User" kdcproxy

  943. # create ipaapi group and user

  944. getent group ipaapi >/dev/null || groupadd -f -r ipaapi

  945. getent passwd ipaapi >/dev/null || useradd -r -g ipaapi -s /sbin/nologin -d / -c "IPA Framework User" ipaapi

  946. # add apache to ipaaapi group

  947. id -Gn apache | grep '\bipaapi\b' >/dev/null || usermod apache -a -G ipaapi

  948. 

  949. 

  950. %post server-dns

  951. %systemd_post ipa-dnskeysyncd.service ipa-ods-exporter.socket ipa-ods-exporter.service

  952. 

  953. %preun server-dns

  954. %systemd_preun ipa-dnskeysyncd.service ipa-ods-exporter.socket ipa-ods-exporter.service

  955. 

  956. %postun server-dns

  957. %systemd_postun ipa-dnskeysyncd.service ipa-ods-exporter.socket ipa-ods-exporter.service

  958. 

  959. 

  960. %postun server-trust-ad

  961. if [ "$1" -ge "1" ]; then

  962.     if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then

  963.         %{_sbindir}/alternatives --set winbind_krb5_locator.so /dev/null

  964.     fi

  965. fi

  966. 

  967. 

  968. %post server-trust-ad

  969. %{_sbindir}/update-alternatives --install %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \

  970.         winbind_krb5_locator.so /dev/null 90

  971. /bin/systemctl reload-or-try-restart dbus

  972. /bin/systemctl reload-or-try-restart oddjobd

  973. 

  974. 

  975. %posttrans server-trust-ad

  976. %{__python3} -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1

  977. if [  $? -eq 0 ]; then

  978. # NOTE: systemd specific section

  979.     /bin/systemctl try-restart httpd.service >/dev/null 2>&1 || :

  980. # END

  981. fi

  982. 

  983. 

  984. %preun server-trust-ad

  985. if [ $1 -eq 0 ]; then

  986.     %{_sbindir}/update-alternatives --remove winbind_krb5_locator.so /dev/null

  987.     /bin/systemctl reload-or-try-restart dbus

  988.     /bin/systemctl reload-or-try-restart oddjobd

  989. fi

  990. 

  991. # ONLY_CLIENT

  992. %endif

  993. 

  994. 

  995. %post client

  996. if [ $1 -gt 1 ] ; then

  997.     # Has the client been configured?

  998.     restore=0

  999.     test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')

  1000. 

  1001.     if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then

  1002.         if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf  2>/dev/null ; then

  1003.             echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew

  1004.             cat /etc/krb5.conf >> /etc/krb5.conf.ipanew

  1005.             mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf

  1006.         fi

  1007.     fi

  1008. 

  1009.     if [ $restore -ge 2 ]; then

  1010.         if grep -E -q '\s*pkinit_anchors = FILE:/etc/ipa/ca.crt$' /etc/krb5.conf 2>/dev/null; then

  1011.             sed -E 's|(\s*)pkinit_anchors = FILE:/etc/ipa/ca.crt$|\1pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem\n\1pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem|' /etc/krb5.conf >/etc/krb5.conf.ipanew

  1012.             mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf

  1013.             cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/kdc-ca-bundle.pem

  1014.             cp /etc/ipa/ca.crt /var/lib/ipa-client/pki/ca-bundle.pem

  1015.         fi

  1016. 

  1017.         %{__python3} -c 'from ipaclient.install.client import configure_krb5_snippet; configure_krb5_snippet()' >>/var/log/ipaupgrade.log 2>&1

  1018.     fi

  1019. 

  1020.     if [ $restore -ge 2 ]; then

  1021.         %{__python3} -c 'from ipaclient.install.client import update_ipa_nssdb; update_ipa_nssdb()' >>/var/log/ipaupgrade.log 2>&1

  1022.     fi

  1023. 

  1024.     if [ $restore -ge 2 ]; then

  1025.         sed -E --in-place=.orig 's/^(HostKeyAlgorithms ssh-rsa,ssh-dss)$/# disabled by ipa-client update\n# \1/' /etc/ssh/ssh_config

  1026.     fi

  1027. fi

  1028. 

  1029. 

  1030. %if 0%{?with_selinux}

  1031. # SELinux contexts are saved so that only affected files can be

  1032. # relabeled after the policy module installation

  1033. %pre selinux

  1034. %selinux_relabel_pre -s %{selinuxtype}

  1035. 

  1036. %post selinux

  1037. semodule -d ipa_custodia &> /dev/null || true;

  1038. %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2

  1039. 

  1040. %postun selinux

  1041. if [ $1 -eq 0 ]; then

  1042.     %selinux_modules_uninstall -s %{selinuxtype} %{modulename}

  1043.     semodule -e ipa_custodia &> /dev/null || true;

  1044. fi

  1045. 

  1046. %posttrans selinux

  1047. %selinux_relabel_post -s %{selinuxtype}

  1048. # with_selinux

  1049. %endif

  1050. 

  1051. 

  1052. %triggerin client -- openssh-server

  1053. # Has the client been configured?

  1054. restore=0

  1055. test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')

  1056. 

  1057. if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then

  1058.     if grep -E -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then

  1059.         sed -r '

  1060.             /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d

  1061.         ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew

  1062. 

  1063.         if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody' 2>/dev/null; then

  1064.             sed -ri '

  1065.                 s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/

  1066.                 s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/

  1067.             ' /etc/ssh/sshd_config.ipanew

  1068.         elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody' 2>/dev/null; then

  1069.             sed -ri '

  1070.                 s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/

  1071.                 s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/

  1072.             ' /etc/ssh/sshd_config.ipanew

  1073.         elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody' 2>/dev/null; then

  1074.             sed -ri '

  1075.                 s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/

  1076.                 s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/

  1077.             ' /etc/ssh/sshd_config.ipanew

  1078.         fi

  1079. 

  1080.         mv -Z /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config

  1081.         chmod 600 /etc/ssh/sshd_config

  1082. 

  1083.         /bin/systemctl condrestart sshd.service 2>&1 || :

  1084.     fi

  1085. fi

  1086. 

  1087. 

  1088. %if ! %{ONLY_CLIENT}

  1089. 

  1090. %files server

  1091. %doc README.md Contributors.txt

  1092. %license COPYING

  1093. %{_sbindir}/ipa-backup

  1094. %{_sbindir}/ipa-restore

  1095. %{_sbindir}/ipa-ca-install

  1096. %{_sbindir}/ipa-kra-install

  1097. %{_sbindir}/ipa-server-install

  1098. %{_sbindir}/ipa-replica-conncheck

  1099. %{_sbindir}/ipa-replica-install

  1100. %{_sbindir}/ipa-replica-manage

  1101. %{_sbindir}/ipa-csreplica-manage

  1102. %{_sbindir}/ipa-server-certinstall

  1103. %{_sbindir}/ipa-server-upgrade

  1104. %{_sbindir}/ipa-ldap-updater

  1105. %{_sbindir}/ipa-otptoken-import

  1106. %{_sbindir}/ipa-compat-manage

  1107. %{_sbindir}/ipa-nis-manage

  1108. %{_sbindir}/ipa-managed-entries

  1109. %{_sbindir}/ipactl

  1110. %{_sbindir}/ipa-advise

  1111. %{_sbindir}/ipa-cacert-manage

  1112. %{_sbindir}/ipa-winsync-migrate

  1113. %{_sbindir}/ipa-pkinit-manage

  1114. %{_sbindir}/ipa-crlgen-manage

  1115. %{_sbindir}/ipa-cert-fix

  1116. %{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit

  1117. %{_libexecdir}/certmonger/ipa-server-guard

  1118. %dir %{_libexecdir}/ipa

  1119. %{_libexecdir}/ipa/ipa-custodia

  1120. %{_libexecdir}/ipa/ipa-custodia-check

  1121. %{_libexecdir}/ipa/ipa-httpd-kdcproxy

  1122. %{_libexecdir}/ipa/ipa-httpd-pwdreader

  1123. %{_libexecdir}/ipa/ipa-pki-retrieve-key

  1124. %{_libexecdir}/ipa/ipa-pki-wait-running

  1125. %{_libexecdir}/ipa/ipa-otpd

  1126. %dir %{_libexecdir}/ipa/custodia

  1127. %attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-dmldap

  1128. %attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat

  1129. %attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-pki-tomcat-wrapped

  1130. %attr(755,root,root) %{_libexecdir}/ipa/custodia/ipa-custodia-ra-agent

  1131. %dir %{_libexecdir}/ipa/oddjob

  1132. %attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck

  1133. %attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.trust-enable-agent

  1134. %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf

  1135. %config(noreplace) %{_sysconfdir}/oddjobd.conf.d/ipa-server.conf

  1136. %dir %{_libexecdir}/ipa/certmonger

  1137. %attr(755,root,root) %{_libexecdir}/ipa/certmonger/*

  1138. # NOTE: systemd specific section

  1139. %attr(644,root,root) %{_unitdir}/ipa.service

  1140. %attr(644,root,root) %{_unitdir}/ipa-otpd.socket

  1141. %attr(644,root,root) %{_unitdir}/ipa-otpd@.service

  1142. # END

  1143. %attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so

  1144. %attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so

  1145. %attr(755,root,root) %{plugin_dir}/libipa_winsync.so

  1146. %attr(755,root,root) %{plugin_dir}/libipa_repl_version.so

  1147. %attr(755,root,root) %{plugin_dir}/libipa_uuid.so

  1148. %attr(755,root,root) %{plugin_dir}/libipa_modrdn.so

  1149. %attr(755,root,root) %{plugin_dir}/libipa_lockout.so

  1150. %attr(755,root,root) %{plugin_dir}/libipa_cldap.so

  1151. %attr(755,root,root) %{plugin_dir}/libipa_dns.so

  1152. %attr(755,root,root) %{plugin_dir}/libipa_range_check.so

  1153. %attr(755,root,root) %{plugin_dir}/libipa_otp_counter.so

  1154. %attr(755,root,root) %{plugin_dir}/libipa_otp_lasttoken.so

  1155. %attr(755,root,root) %{plugin_dir}/libtopology.so

  1156. %attr(755,root,root) %{plugin_dir}/libipa_sidgen.so

  1157. %attr(755,root,root) %{plugin_dir}/libipa_sidgen_task.so

  1158. %attr(755,root,root) %{plugin_dir}/libipa_extdom_extop.so

  1159. %attr(755,root,root) %{_libdir}/krb5/plugins/kdb/ipadb.so

  1160. %{_mandir}/man1/ipa-replica-conncheck.1*

  1161. %{_mandir}/man1/ipa-replica-install.1*

  1162. %{_mandir}/man1/ipa-replica-manage.1*

  1163. %{_mandir}/man1/ipa-csreplica-manage.1*

  1164. %{_mandir}/man1/ipa-server-certinstall.1*

  1165. %{_mandir}/man1/ipa-server-install.1*

  1166. %{_mandir}/man1/ipa-server-upgrade.1*

  1167. %{_mandir}/man1/ipa-ca-install.1*

  1168. %{_mandir}/man1/ipa-kra-install.1*

  1169. %{_mandir}/man1/ipa-compat-manage.1*

  1170. %{_mandir}/man1/ipa-nis-manage.1*

  1171. %{_mandir}/man1/ipa-managed-entries.1*

  1172. %{_mandir}/man1/ipa-ldap-updater.1*

  1173. %{_mandir}/man8/ipactl.8*

  1174. %{_mandir}/man1/ipa-backup.1*

  1175. %{_mandir}/man1/ipa-restore.1*

  1176. %{_mandir}/man1/ipa-advise.1*

  1177. %{_mandir}/man1/ipa-otptoken-import.1*

  1178. %{_mandir}/man1/ipa-cacert-manage.1*

  1179. %{_mandir}/man1/ipa-winsync-migrate.1*

  1180. %{_mandir}/man1/ipa-pkinit-manage.1*

  1181. %{_mandir}/man1/ipa-crlgen-manage.1*

  1182. %{_mandir}/man1/ipa-cert-fix.1*

  1183. 

  1184. 

  1185. %files -n python3-ipaserver

  1186. %doc README.md Contributors.txt

  1187. %license COPYING

  1188. %{python3_sitelib}/ipaserver

  1189. %{python3_sitelib}/ipaserver-*.egg-info

  1190. 

  1191. 

  1192. %files server-common

  1193. %doc README.md Contributors.txt

  1194. %license COPYING

  1195. %ghost %verify(not owner group) %dir %{_sharedstatedir}/kdcproxy

  1196. %dir %attr(0755,root,root) %{_sysconfdir}/ipa/kdcproxy

  1197. %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf

  1198. # NOTE: systemd specific section

  1199. %{_tmpfilesdir}/ipa.conf

  1200. %attr(644,root,root) %{_unitdir}/ipa-custodia.service

  1201. %ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf

  1202. # END

  1203. %{_usr}/share/ipa/wsgi.py*

  1204. %{_usr}/share/ipa/kdcproxy.wsgi

  1205. %{_usr}/share/ipa/ipaca*.ini

  1206. %{_usr}/share/ipa/*.ldif

  1207. %{_usr}/share/ipa/*.uldif

  1208. %{_usr}/share/ipa/*.template

  1209. %{_usr}/share/ipa/bind.ipa-ext.conf

  1210. %dir %{_usr}/share/ipa/advise

  1211. %dir %{_usr}/share/ipa/advise/legacy

  1212. %{_usr}/share/ipa/advise/legacy/*.template

  1213. %dir %{_usr}/share/ipa/profiles

  1214. %{_usr}/share/ipa/profiles/README

  1215. %{_usr}/share/ipa/profiles/*.cfg

  1216. %dir %{_usr}/share/ipa/html

  1217. %{_usr}/share/ipa/html/ssbrowser.html

  1218. %{_usr}/share/ipa/html/unauthorized.html

  1219. %dir %{_usr}/share/ipa/migration

  1220. %{_usr}/share/ipa/migration/index.html

  1221. %{_usr}/share/ipa/migration/migration.py*

  1222. %dir %{_usr}/share/ipa/ui

  1223. %{_usr}/share/ipa/ui/index.html

  1224. %{_usr}/share/ipa/ui/reset_password.html

  1225. %{_usr}/share/ipa/ui/sync_otp.html

  1226. %{_usr}/share/ipa/ui/*.ico

  1227. %{_usr}/share/ipa/ui/*.css

  1228. %dir %{_usr}/share/ipa/ui/css

  1229. %{_usr}/share/ipa/ui/css/*.css

  1230. %dir %{_usr}/share/ipa/ui/js

  1231. %dir %{_usr}/share/ipa/ui/js/dojo

  1232. %{_usr}/share/ipa/ui/js/dojo/dojo.js

  1233. %dir %{_usr}/share/ipa/ui/js/libs

  1234. %{_usr}/share/ipa/ui/js/libs/*.js

  1235. %dir %{_usr}/share/ipa/ui/js/freeipa

  1236. %{_usr}/share/ipa/ui/js/freeipa/app.js

  1237. %{_usr}/share/ipa/ui/js/freeipa/core.js

  1238. %dir %{_usr}/share/ipa/ui/js/plugins

  1239. %dir %{_usr}/share/ipa/ui/images

  1240. %{_usr}/share/ipa/ui/images/*.jpg

  1241. %{_usr}/share/ipa/ui/images/*.png

  1242. %dir %{_usr}/share/ipa/wsgi

  1243. %{_usr}/share/ipa/wsgi/plugins.py*

  1244. %dir %{_sysconfdir}/ipa

  1245. %dir %{_sysconfdir}/ipa/html

  1246. %config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html

  1247. %config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html

  1248. %ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf

  1249. %ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf

  1250. %ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf

  1251. %ghost %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf

  1252. %ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/ipa-kdc-proxy.conf

  1253. %ghost %attr(0644,root,root) %config(noreplace) %{_usr}/share/ipa/html/ca.crt

  1254. %ghost %attr(0640,root,named) %config(noreplace) %{_sysconfdir}/named/ipa-ext.conf

  1255. %ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krb.con

  1256. %ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krb5.ini

  1257. %ghost %attr(0644,root,root) %{_usr}/share/ipa/html/krbrealm.con

  1258. %dir %{_usr}/share/ipa/updates/

  1259. %{_usr}/share/ipa/updates/*

  1260. %dir %{_localstatedir}/lib/ipa

  1261. %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/backup

  1262. %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/gssproxy

  1263. %attr(711,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore

  1264. %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysupgrade

  1265. %attr(755,root,root) %dir %{_localstatedir}/lib/ipa/pki-ca

  1266. %attr(755,root,root) %dir %{_localstatedir}/lib/ipa/certs

  1267. %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/private

  1268. %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/passwds

  1269. %ghost %attr(775,root,pkiuser) %{_localstatedir}/lib/ipa/pki-ca/publish

  1270. %ghost %attr(770,named,named) %{_localstatedir}/named/dyndb-ldap/ipa

  1271. %dir %attr(0700,root,root) %{_sysconfdir}/ipa/custodia

  1272. %dir %{_usr}/share/ipa/schema.d

  1273. %attr(0644,root,root) %{_usr}/share/ipa/schema.d/README

  1274. %attr(0644,root,root) %{_usr}/share/ipa/gssapi.login

  1275. %{_usr}/share/ipa/ipakrb5.aug

  1276. 

  1277. %files server-dns

  1278. %doc README.md Contributors.txt

  1279. %license COPYING

  1280. %config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd

  1281. %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter

  1282. %dir %attr(0755,root,root) %{_sysconfdir}/ipa/dnssec

  1283. %{_libexecdir}/ipa/ipa-dnskeysyncd

  1284. %{_libexecdir}/ipa/ipa-dnskeysync-replica

  1285. %{_libexecdir}/ipa/ipa-ods-exporter

  1286. %{_sbindir}/ipa-dns-install

  1287. %{_mandir}/man1/ipa-dns-install.1*

  1288. %attr(644,root,root) %{_unitdir}/ipa-dnskeysyncd.service

  1289. %attr(644,root,root) %{_unitdir}/ipa-ods-exporter.socket

  1290. %attr(644,root,root) %{_unitdir}/ipa-ods-exporter.service

  1291. 

  1292. %files server-trust-ad

  1293. %doc README.md Contributors.txt

  1294. %license COPYING

  1295. %{_sbindir}/ipa-adtrust-install

  1296. %{_usr}/share/ipa/smb.conf.empty

  1297. %attr(755,root,root) %{_libdir}/samba/pdb/ipasam.so

  1298. %{_mandir}/man1/ipa-adtrust-install.1*

  1299. %ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so

  1300. %{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf

  1301. %{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf

  1302. %%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains

  1303. 

  1304. # ONLY_CLIENT

  1305. %endif

  1306. 

  1307. 

  1308. %files client

  1309. %doc README.md Contributors.txt

  1310. %license COPYING

  1311. %{_sbindir}/ipa-client-install

  1312. %{_sbindir}/ipa-client-automount

  1313. %{_sbindir}/ipa-certupdate

  1314. %{_sbindir}/ipa-getkeytab

  1315. %{_sbindir}/ipa-rmkeytab

  1316. %{_sbindir}/ipa-join

  1317. %{_bindir}/ipa

  1318. %config %{_sysconfdir}/bash_completion.d

  1319. %config %{_sysconfdir}/sysconfig/certmonger

  1320. %{_mandir}/man1/ipa.1*

  1321. %{_mandir}/man1/ipa-getkeytab.1*

  1322. %{_mandir}/man1/ipa-rmkeytab.1*

  1323. %{_mandir}/man1/ipa-client-install.1*

  1324. %{_mandir}/man1/ipa-client-automount.1*

  1325. %{_mandir}/man1/ipa-certupdate.1*

  1326. %{_mandir}/man1/ipa-join.1*

  1327. 

  1328. %files client-samba

  1329. %doc README.md Contributors.txt

  1330. %license COPYING

  1331. %{_sbindir}/ipa-client-samba

  1332. %{_mandir}/man1/ipa-client-samba.1*

  1333. 

  1334. %files -n python3-ipaclient

  1335. %doc README.md Contributors.txt

  1336. %license COPYING

  1337. %dir %{python3_sitelib}/ipaclient

  1338. %{python3_sitelib}/ipaclient/*.py

  1339. %{python3_sitelib}/ipaclient/__pycache__/*.py*

  1340. %dir %{python3_sitelib}/ipaclient/install

  1341. %{python3_sitelib}/ipaclient/install/*.py

  1342. %{python3_sitelib}/ipaclient/install/__pycache__/*.py*

  1343. %dir %{python3_sitelib}/ipaclient/plugins

  1344. %{python3_sitelib}/ipaclient/plugins/*.py

  1345. %{python3_sitelib}/ipaclient/plugins/__pycache__/*.py*

  1346. %dir %{python3_sitelib}/ipaclient/remote_plugins

  1347. %{python3_sitelib}/ipaclient/remote_plugins/*.py

  1348. %{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*

  1349. %dir %{python3_sitelib}/ipaclient/remote_plugins/2_*

  1350. %{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py

  1351. %{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*

  1352. %dir %{python3_sitelib}/ipaclient/csrgen

  1353. %dir %{python3_sitelib}/ipaclient/csrgen/profiles

  1354. %{python3_sitelib}/ipaclient/csrgen/profiles/*.json

  1355. %dir %{python3_sitelib}/ipaclient/csrgen/rules

  1356. %{python3_sitelib}/ipaclient/csrgen/rules/*.json

  1357. %dir %{python3_sitelib}/ipaclient/csrgen/templates

  1358. %{python3_sitelib}/ipaclient/csrgen/templates/*.tmpl

  1359. %{python3_sitelib}/ipaclient-*.egg-info

  1360. 

  1361. 

  1362. %files client-common

  1363. %doc README.md Contributors.txt

  1364. %license COPYING

  1365. %dir %attr(0755,root,root) %{_sysconfdir}/ipa/

  1366. %ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/default.conf

  1367. %ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/ca.crt

  1368. %dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb

  1369. # old dbm format

  1370. %ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db

  1371. %ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db

  1372. %ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db

  1373. # new sql format

  1374. %ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert9.db

  1375. %ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/key4.db

  1376. %ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/pkcs11.txt

  1377. %ghost %attr(600,root,root) %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt

  1378. %ghost %attr(644,root,root) %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit

  1379. %dir %{_localstatedir}/lib/ipa-client

  1380. %dir %{_localstatedir}/lib/ipa-client/pki

  1381. %dir %{_localstatedir}/lib/ipa-client/sysrestore

  1382. %{_mandir}/man5/default.conf.5*

  1383. %dir %{_usr}/share/ipa/client

  1384. %{_usr}/share/ipa/client/*.template

  1385. 

  1386. 

  1387. %files python-compat

  1388. %doc README.md Contributors.txt

  1389. %license COPYING

  1390. 

  1391. 

  1392. %files common -f %{gettext_domain}.lang

  1393. %doc README.md Contributors.txt

  1394. %license COPYING

  1395. %dir %{_usr}/share/ipa

  1396. 

  1397. 

  1398. %files -n python3-ipalib

  1399. %doc README.md Contributors.txt

  1400. %license COPYING

  1401. 

  1402. %{python3_sitelib}/ipapython/

  1403. %{python3_sitelib}/ipalib/

  1404. %{python3_sitelib}/ipaplatform/

  1405. %{python3_sitelib}/ipapython-*.egg-info

  1406. %{python3_sitelib}/ipalib-*.egg-info

  1407. %{python3_sitelib}/ipaplatform-*.egg-info

  1408. %{python3_sitelib}/ipaplatform-*-nspkg.pth

  1409. 

  1410. 

  1411. %if 0%{?with_ipatests}

  1412. 

  1413. %files -n python3-ipatests

  1414. %doc README.md Contributors.txt

  1415. %license COPYING

  1416. %{python3_sitelib}/ipatests

  1417. %{python3_sitelib}/ipatests-*.egg-info

  1418. %{_bindir}/ipa-run-tests-3

  1419. %{_bindir}/ipa-test-config-3

  1420. %{_bindir}/ipa-test-task-3

  1421. %{_bindir}/ipa-run-tests-%{python3_version}

  1422. %{_bindir}/ipa-test-config-%{python3_version}

  1423. %{_bindir}/ipa-test-task-%{python3_version}

  1424. %{_bindir}/ipa-run-tests

  1425. %{_bindir}/ipa-test-config

  1426. %{_bindir}/ipa-test-task

  1427. %{_mandir}/man1/ipa-run-tests.1*

  1428. %{_mandir}/man1/ipa-test-config.1*

  1429. %{_mandir}/man1/ipa-test-task.1*

  1430. 

  1431. # with_ipatests

  1432. %endif

  1433. 

  1434. %if 0%{?with_selinux}

  1435. %files selinux

  1436. %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*

  1437. %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}

  1438. # with_selinux

  1439. %endif

  1440. 

  1441. %changelog

  1442. * Tue Nov 26 2013 Petr Viktorin <pviktori@redhat.com> - @VERSION@-@VENDOR_SUFFIX@

  1443. - Remove changelog. The history is kept in Git, downstreams have own logs.

  1444. # note, this entry is here to placate tools that expect a non-empty changelog