[packages/freeipa.git] / freeipa.spec

# TODO
# - build deps:
#        /usr/share/selinux/devel/Makefile is needed by freeipa-2.1.0-0.1.src
#        389-ds-base-devel >= 1.2.9 is needed by freeipa-2.1.0-0.1.src
#        authconfig is needed by freeipa-2.1.0-0.1.src
#        krb5-devel is needed by freeipa-2.1.0-0.1.src
#        krb5-workstation is needed by freeipa-2.1.0-0.1.src
#        libipa_hbac-python is needed by freeipa-2.1.0-0.1.src
#        policycoreutils >= %{POLICYCOREUTILSVER} is needed by freeipa-2.1.0-0.1.src
#        pylint is needed by freeipa-2.1.0-0.1.src
#        python-kerberos is needed by freeipa-2.1.0-0.1.src
#        python-krbV is needed by freeipa-2.1.0-0.1.src
#        python-ldap is needed by freeipa-2.1.0-0.1.src
#        python-netaddr >= 0.7.5-3 is needed by freeipa-2.1.0-0.1.src
#        python-nss is needed by freeipa-2.1.0-0.1.src
#        python-rhsm is needed by freeipa-2.1.0-0.1.src

Summary:	The Identity, Policy and Audit system
Name:		freeipa
Version:	2.1.0
Release:	0.1
License:	GPL v3+
Group:		Base
URL:		http://www.freeipa.org/
Source0:	http://www.freeipa.org/downloads/src/%{name}-%{version}.tar.gz
# Source0-md5:	2272a05e8d09a009a999e4fef25588a6
BuildRequires:	/usr/share/selinux/devel/Makefile
BuildRequires:	389-ds-base-devel >= 1.2.9
BuildRequires:	authconfig
BuildRequires:	autoconf
BuildRequires:	automake
BuildRequires:	curl-devel >= 7.21.3-9
BuildRequires:	gettext
BuildRequires:	krb5-devel
BuildRequires:	krb5-workstation
BuildRequires:	libipa_hbac-python
BuildRequires:	libtool
BuildRequires:	libuuid-devel
BuildRequires:	m4
BuildRequires:	nspr-devel
BuildRequires:	nss-devel
BuildRequires:	openldap-devel
BuildRequires:	openssl-devel
BuildRequires:	policycoreutils >= %{POLICYCOREUTILSVER}
BuildRequires:	popt-devel
BuildRequires:	pylint
BuildRequires:	python-devel
BuildRequires:	python-kerberos
BuildRequires:	python-krbV
BuildRequires:	python-ldap
BuildRequires:	python-netaddr >= 0.7.5-3
BuildRequires:	python-nss
BuildRequires:	python-pyOpenSSL
BuildRequires:	python-rhsm
BuildRequires:	python-setuptools
BuildRequires:	svrcore-devel
BuildRequires:	xmlrpc-c-devel >= 1.25.4
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		httpd_conf			/etc/httpd/conf.d
%define		plugin_dir			%{_libdir}/dirsrv/plugins
%define		POLICYCOREUTILSVER	1.33.12-1
%define		gettext_domain		ipa

%description
IPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials),
Policy (configuration settings, access control information) and Audit
(events, logs, analysis thereof).

%package server
Summary:	The IPA authentication server
Group:		Base
Requires:	%{name}-admintools = %{version}-%{release}
Requires:	%{name}-client = %{version}-%{release}
Requires:	%{name}-python = %{version}-%{release}
Requires(post):	%{name}-server-selinux = %{version}-%{release}
Requires(pre):	389-ds-base >= 1.2.9.6-1
Requires:	acl
Requires:	apache-mod_wsgi
Requires:	cyrus-sasl-gssapi%{?_isa}
Requires:	httpd
Requires:	krb5-pkinit-openssl
Requires:	krb5-server
Requires:	krb5-server-ldap
Requires:	mod_auth_kerb
Requires:	mod_nss >= 1.0.8-10
Requires:	nss
Requires:	nss-tools
Requires:	ntp
Requires:	openldap-clients
Requires:	python-krbV
Requires:	python-ldap
Requires:	python-pyasn1 >= 0.0.9a
Requires:	selinux-policy >= 3.9.16-18
Requires(post):	selinux-policy-base
Requires:	dogtag-pki-ca-theme
Requires:	dogtag-pki-common-theme
Requires:	pki-ca >= 9.0.11
Requires:	pki-silent >= 9.0.11
Requires:	slapi-nis >= 0.21
Requires(preun):	python initscripts chkconfig
Requires(postun):	python initscripts chkconfig
Obsoletes:	ipa-server >= 1.0

%description server
IPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials),
Policy (configuration settings, access control information) and Audit
(events, logs, analysis thereof). If you are installing an IPA server
you need to install this package (in other words, most people should
NOT install this package).


%package server-selinux
Summary:	SELinux rules for freeipa-server daemons
Group:		Base
Requires:	%{name}-server = %{version}-%{release}
Requires(pre):	policycoreutils >= %{POLICYCOREUTILSVER}
Obsoletes:	ipa-server-selinux >= 1.0

%description server-selinux
IPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials),
Policy (configuration settings, access control information) and Audit
(events, logs, analysis thereof). This package provides SELinux rules
for the daemons included in freeipa-server

%package client
Summary:	IPA authentication for use on clients
Group:		Base
Requires:	%{name}-python = %{version}-%{release}
Requires:	authconfig
Requires:	bind-utils
Requires:	certmonger >= 0.26
Requires:	cyrus-sasl-gssapi%{?_isa}
Requires:	krb5-workstation
Requires:	libcurl >= 7.21.3-9
Requires:	nss-tools
Requires:	ntp
Requires:	pam_krb5
Requires:	python-ldap
Requires:	sssd >= 1.5.1
Requires:	wget
Requires:	xmlrpc-c >= 1.25.4
Obsoletes:	ipa-client >= 1.0

%description client
IPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials),
Policy (configuration settings, access control information) and Audit
(events, logs, analysis thereof). If your network uses IPA for
authentication, this package should be installed on every client
machine.

%package admintools
Summary:	IPA administrative tools
Group:		Base
Requires:	%{name}-client = %{version}-%{release}
Requires:	%{name}-python = %{version}-%{release}
Requires:	python-krbV
Requires:	python-ldap
Obsoletes:	ipa-admintools >= 1.0

%description admintools
IPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials),
Policy (configuration settings, access control information) and Audit
(events, logs, analysis thereof). This package provides command-line
tools for IPA administrators.

%package python
Summary:	Python libraries used by IPA
Group:		Libraries
Requires:	python-kerberos >= 1.1-3
Requires:	authconfig
Requires:	gnupg
Requires:	iproute2
Requires:	libipa_hbac-python
Requires:	python-lxml
Requires:	python-netaddr >= 0.7.5-3
Requires:	python-nss >= 0.11
Requires:	python-pyOpenSSL
Obsoletes:	ipa-python >= 1.0

%description python
IPA is an integrated solution to provide centrally managed Identity
(machine, user, virtual machines, groups, authentication credentials),
Policy (configuration settings, access control information) and Audit
(events, logs, analysis thereof). If you are using IPA you need to
install this package.

%prep
%setup -q

%build
export CFLAGS="$CFLAGS %{optflags}"
export CPPFLAGS="$CPPFLAGS %{optflags}"
%{__make} version-update

cd ipa-client
../autogen.sh \
	--prefix=%{_usr} \
	--sysconfdir=%{_sysconfdir} \
	--localstatedir=%{_localstatedir} \
	--libdir=%{_libdir} \
	--mandir=%{_mandir}

cd ../daemons
../autogen.sh \
	--prefix=%{_usr} \
	--sysconfdir=%{_sysconfdir} \
	--localstatedir=%{_localstatedir} \
	--libdir=%{_libdir} \
	--mandir=%{_mandir} \
	--with-openldap

cd ../install
../autogen.sh \
	--prefix=%{_usr} \
	--sysconfdir=%{_sysconfdir} \
	--localstatedir=%{_localstatedir} \
	--libdir=%{_libdir} \
	--mandir=%{_mandir}

cd ..

%{__make} all IPA_VERSION_IS_GIT_SNAPSHOT=no

cd selinux
# This isn't multi-process make capable yet
%{__make} all -j1

%install
rm -rf $RPM_BUILD_ROOT
%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

%{__make} -C selinux install \
	DESTDIR=$RPM_BUILD_ROOT

%find_lang %{gettext_domain}

# Remove .la files from libtool - we don't want to package
# these files
rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_pwd_extop.la
rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_enrollment_extop.la
rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_winsync.la
rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_repl_version.la
rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_uuid.la
rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_modrdn.la
rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_lockout.la

# Some user-modifiable HTML files are provided. Move these to %{_sysconfdir}
# and link back.
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/ipa/html
install -d $RPM_BUILD_ROOT/%{_localstatedir}/cache/ipa/sysrestore
mkdir $RPM_BUILD_ROOT%{_usr}/share/ipa/html/
ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
    $RPM_BUILD_ROOT%{_usr}/share/ipa/html/ssbrowser.html
ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
    $RPM_BUILD_ROOT%{_usr}/share/ipa/html/unauthorized.html
ln -s ../../../..%{_sysconfdir}/ipa/html/browserconfig.html \
    $RPM_BUILD_ROOT%{_usr}/share/ipa/html/browserconfig.html
ln -s ../../../..%{_sysconfdir}/ipa/html/hbac-deny-remove.html \
    $RPM_BUILD_ROOT%{_usr}/share/ipa/html/hbac-deny-remove.html
ln -s ../../../..%{_sysconfdir}/ipa/html/ipa_error.css \
    $RPM_BUILD_ROOT%{_usr}/share/ipa/html/ipa_error.css

# So we can own our Apache configuration
install -d $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa.conf
touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
install ipa.init $RPM_BUILD_ROOT%{_initrddir}/ipa

install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipa
touch $RPM_BUILD_ROOT%{_sysconfdir}/ipa/default.conf
install -p -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/ipa-client/sysrestore

install -d $RPM_BUILD_ROOT/etc/bash_completion.d
install -pm 644 contrib/completion/ipa.bash_completion $RPM_BUILD_ROOT/etc/bash_completion.d/ipa
install -d $RPM_BUILD_ROOT/etc/cron.d
install -pm 644 ipa-compliance.cron $RPM_BUILD_ROOT/etc/cron.d/ipa-compliance

%clean
rm -rf $RPM_BUILD_ROOT

%post server
if [ $1 = 1 ]; then
	/sbin/chkconfig --add ipa
	/sbin/chkconfig --add ipa_kpasswd
fi
if [ $1 -gt 1 ]; then
	%{_sbindir}/ipa-upgradeconfig || :
	%{_sbindir}/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
fi

%preun server
if [ $1 = 0 ]; then
	/sbin/chkconfig --del ipa
	/sbin/chkconfig --del ipa_kpasswd
	%service ipa stop
fi

%postun server
if [ "$1" -ge "1" ]; then
	%service ipa restart
fi

%pre server-selinux
# Save the content state so we can restore it when/if this package is removed
if [ -s /etc/selinux/config ]; then
	. %{_sysconfdir}/selinux/config
	FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
	if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
		cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
	fi
fi

%post server-selinux
# Insert our provide SELinux policy
semodule -s targeted -i %{_datadir}/selinux/targeted/ipa_kpasswd.pp %{_datadir}/selinux/targeted/ipa_httpd.pp %{_datadir}/selinux/targeted/ipa_dogtag.pp
. %{_sysconfdir}/selinux/config
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
selinuxenabled
if [ $? == 0  -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
   fixfiles -C ${FILE_CONTEXT}.%{name} restore
   rm -f ${FILE_CONTEXT}.%{name}
fi

%preun server-selinux
# On the last uninstallation prepare to restore state
if [ $1 = 0 ]; then
	if [ -s %{_sysconfdir}/selinux/config ]; then
	   . %{_sysconfdir}/selinux/config
	   FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
	   if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
		   cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
	   fi
	fi
fi

%postun server-selinux
# On the last uninstallation remove our SELinux policy and restore the state
if [ $1 = 0 ]; then
	semodule -s targeted -r ipa_kpasswd ipa_httpd ipa_dogtag
	. %{_sysconfdir}/selinux/config
	FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
	selinuxenabled
	if [ $? == 0  -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
	   fixfiles -C ${FILE_CONTEXT}.%{name} restore
	   rm -f ${FILE_CONTEXT}.%{name}
	fi
fi

%files server
%defattr(644,root,root,755)
%doc COPYING README Contributors.txt
%attr(755,root,root) %{_sbindir}/ipa-ca-install
%attr(755,root,root) %{_sbindir}/ipa-dns-install
%attr(755,root,root) %{_sbindir}/ipa-server-install
%attr(755,root,root) %{_sbindir}/ipa-replica-conncheck
%attr(755,root,root) %{_sbindir}/ipa-replica-install
%attr(755,root,root) %{_sbindir}/ipa-replica-prepare
%attr(755,root,root) %{_sbindir}/ipa-replica-manage
%attr(755,root,root) %{_sbindir}/ipa-csreplica-manage
%attr(755,root,root) %{_sbindir}/ipa-server-certinstall
%attr(755,root,root) %{_sbindir}/ipa-ldap-updater
%attr(755,root,root) %{_sbindir}/ipa-compat-manage
%attr(755,root,root) %{_sbindir}/ipa-nis-manage
%attr(755,root,root) %{_sbindir}/ipa-host-net-manage
%attr(755,root,root) %{_sbindir}/ipa_kpasswd
%attr(755,root,root) %{_sbindir}/ipactl
%attr(755,root,root) %{_sbindir}/ipa-upgradeconfig
%attr(755,root,root) %{_sbindir}/ipa-compliance
/etc/cron.d/ipa-compliance
%attr(755,root,root) %{_initrddir}/ipa
%attr(755,root,root) %{_initrddir}/ipa_kpasswd
%dir %{py_sitescriptdir}/ipaserver
%{py_sitescriptdir}/ipaserver/*
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/wsgi.py*
%{_usr}/share/ipa/*.ldif
%{_usr}/share/ipa/*.uldif
%{_usr}/share/ipa/*.template
%dir %{_usr}/share/ipa/html
%{_usr}/share/ipa/html/ssbrowser.html
%{_usr}/share/ipa/html/browserconfig.html
%{_usr}/share/ipa/html/unauthorized.html
%{_usr}/share/ipa/html/hbac-deny-remove.html
%{_usr}/share/ipa/html/ipa_error.css
%dir %{_usr}/share/ipa/migration
%{_usr}/share/ipa/migration/error.html
%{_usr}/share/ipa/migration/index.html
%{_usr}/share/ipa/migration/invalid.html
%{_usr}/share/ipa/migration/ipa_migration.css
%{_usr}/share/ipa/migration/migration.py*
%dir %{_usr}/share/ipa/ui
%{_usr}/share/ipa/ui/index.html
%{_usr}/share/ipa/ui/*.png
%{_usr}/share/ipa/ui/*.gif
%{_usr}/share/ipa/ui/*.ico
%{_usr}/share/ipa/ui/*.css
%{_usr}/share/ipa/ui/*.js
%{_usr}/share/ipa/ui/*.eot
%{_usr}/share/ipa/ui/*.svg
%{_usr}/share/ipa/ui/*.ttf
%{_usr}/share/ipa/ui/*.woff
%dir %{_sysconfdir}/ipa
%dir %{_sysconfdir}/ipa/html
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
%config(noreplace) %{_sysconfdir}/ipa/html/ipa_error.css
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
%config(noreplace) %{_sysconfdir}/ipa/html/browserconfig.html
%config(noreplace) %{_sysconfdir}/ipa/html/hbac-deny-remove.html
%ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
%ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
%{_usr}/share/ipa/ipa.conf
%{_usr}/share/ipa/ipa-rewrite.conf
%dir %{_usr}/share/ipa/updates/
%{_usr}/share/ipa/updates/*
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
%attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
%attr(755,root,root) %{plugin_dir}/libipa_winsync.so
%attr(755,root,root) %{plugin_dir}/libipa_repl_version.so
%attr(755,root,root) %{plugin_dir}/libipa_uuid.so
%attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
%attr(755,root,root) %{plugin_dir}/libipa_lockout.so
%dir %{_localstatedir}/lib/ipa
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
%dir %{_localstatedir}/cache/ipa
%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
%{_mandir}/man1/ipa-replica-conncheck.1*
%{_mandir}/man1/ipa-replica-install.1*
%{_mandir}/man1/ipa-replica-manage.1*
%{_mandir}/man1/ipa-csreplica-manage.1*
%{_mandir}/man1/ipa-replica-prepare.1*
%{_mandir}/man1/ipa-server-certinstall.1*
%{_mandir}/man1/ipa-server-install.1*
%{_mandir}/man1/ipa-dns-install.1*
%{_mandir}/man1/ipa-ca-install.1*
%{_mandir}/man1/ipa-compat-manage.1*
%{_mandir}/man1/ipa-nis-manage.1*
%{_mandir}/man1/ipa-host-net-manage.1*
%{_mandir}/man1/ipa-ldap-updater.1*
%{_mandir}/man8/ipa_kpasswd.8*
%{_mandir}/man8/ipactl.8*
%{_mandir}/man1/ipa-compliance.1*

%files server-selinux
%defattr(644,root,root,755)
%doc COPYING README Contributors.txt
%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
%{_usr}/share/selinux/targeted/ipa_httpd.pp
%{_usr}/share/selinux/targeted/ipa_dogtag.pp

%files client
%defattr(644,root,root,755)
%doc COPYING README Contributors.txt
%attr(755,root,root) %{_sbindir}/ipa-client-install
%attr(755,root,root) %{_sbindir}/ipa-getkeytab
%attr(755,root,root) %{_sbindir}/ipa-rmkeytab
%attr(755,root,root) %{_sbindir}/ipa-join
%dir %{_usr}/share/ipa
%dir %{_usr}/share/ipa/ipaclient
%dir %{_localstatedir}/lib/ipa-client
%dir %{_localstatedir}/lib/ipa-client/sysrestore
%{_usr}/share/ipa/ipaclient/ipa.cfg
%{_usr}/share/ipa/ipaclient/ipa.js
%dir %{py_sitescriptdir}/ipaclient
%{py_sitescriptdir}/ipaclient/*.py*
%{_mandir}/man1/ipa-getkeytab.1*
%{_mandir}/man1/ipa-rmkeytab.1*
%{_mandir}/man1/ipa-client-install.1*
%{_mandir}/man1/ipa-join.1*
%{_mandir}/man5/default.conf.5*

%files admintools
%defattr(644,root,root,755)
%doc COPYING README Contributors.txt
%config %{_sysconfdir}/bash_completion.d
%attr(755,root,root) %{_bindir}/ipa
%{_mandir}/man1/ipa.1*

%files python -f %{gettext_domain}.lang
%defattr(644,root,root,755)
%doc COPYING README Contributors.txt
%ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%dir %{py_sitescriptdir}/ipapython
%{py_sitescriptdir}/ipapython/*.py*
%dir %{py_sitescriptdir}/ipalib
%{py_sitescriptdir}/ipalib/*
%{py_sitedir}/default_encoding_utf8.so
%{py_sitescriptdir}/ipapython-*.egg-info
%{py_sitescriptdir}/freeipa-*.egg-info
%{py_sitedir}/python_default_encoding-*.egg-info
Commit	Line	Data
f9afa200 ER	1	# TODO
	2	# - build deps:
	3	# /usr/share/selinux/devel/Makefile is needed by freeipa-2.1.0-0.1.src
	4	# 389-ds-base-devel >= 1.2.9 is needed by freeipa-2.1.0-0.1.src
	5	# authconfig is needed by freeipa-2.1.0-0.1.src
	6	# krb5-devel is needed by freeipa-2.1.0-0.1.src
	7	# krb5-workstation is needed by freeipa-2.1.0-0.1.src
	8	# libipa_hbac-python is needed by freeipa-2.1.0-0.1.src
	9	# policycoreutils >= %{POLICYCOREUTILSVER} is needed by freeipa-2.1.0-0.1.src
	10	# pylint is needed by freeipa-2.1.0-0.1.src
	11	# python-kerberos is needed by freeipa-2.1.0-0.1.src
	12	# python-krbV is needed by freeipa-2.1.0-0.1.src
	13	# python-ldap is needed by freeipa-2.1.0-0.1.src
	14	# python-netaddr >= 0.7.5-3 is needed by freeipa-2.1.0-0.1.src
	15	# python-nss is needed by freeipa-2.1.0-0.1.src
	16	# python-rhsm is needed by freeipa-2.1.0-0.1.src
	17
	18	Summary: The Identity, Policy and Audit system
	19	Name: freeipa
	20	Version: 2.1.0
	21	Release: 0.1
	22	License: GPL v3+
	23	Group: Base
	24	URL: http://www.freeipa.org/
	25	Source0: http://www.freeipa.org/downloads/src/%{name}-%{version}.tar.gz
	26	# Source0-md5: 2272a05e8d09a009a999e4fef25588a6
	27	BuildRequires: /usr/share/selinux/devel/Makefile
	28	BuildRequires: 389-ds-base-devel >= 1.2.9
	29	BuildRequires: authconfig
	30	BuildRequires: autoconf
	31	BuildRequires: automake
	32	BuildRequires: curl-devel >= 7.21.3-9
	33	BuildRequires: gettext
	34	BuildRequires: krb5-devel
	35	BuildRequires: krb5-workstation
	36	BuildRequires: libipa_hbac-python
	37	BuildRequires: libtool
	38	BuildRequires: libuuid-devel
	39	BuildRequires: m4
	40	BuildRequires: nspr-devel
	41	BuildRequires: nss-devel
	42	BuildRequires: openldap-devel
	43	BuildRequires: openssl-devel
	44	BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
	45	BuildRequires: popt-devel
	46	BuildRequires: pylint
	47	BuildRequires: python-devel
	48	BuildRequires: python-kerberos
	49	BuildRequires: python-krbV
	50	BuildRequires: python-ldap
	51	BuildRequires: python-netaddr >= 0.7.5-3
	52	BuildRequires: python-nss
	53	BuildRequires: python-pyOpenSSL
	54	BuildRequires: python-rhsm
	55	BuildRequires: python-setuptools
	56	BuildRequires: svrcore-devel
	57	BuildRequires: xmlrpc-c-devel >= 1.25.4
	58	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	59
	60	%define httpd_conf /etc/httpd/conf.d
	61	%define plugin_dir %{_libdir}/dirsrv/plugins
	62	%define POLICYCOREUTILSVER 1.33.12-1
	63	%define gettext_domain ipa
	64
65	%description
66	IPA is an integrated solution to provide centrally managed Identity
67	(machine, user, virtual machines, groups, authentication credentials),
68	Policy (configuration settings, access control information) and Audit
69	(events, logs, analysis thereof).
70
71	%package server
72	Summary: The IPA authentication server
73	Group: Base
74	Requires: %{name}-admintools = %{version}-%{release}
75	Requires: %{name}-client = %{version}-%{release}
76	Requires: %{name}-python = %{version}-%{release}
77	Requires(post): %{name}-server-selinux = %{version}-%{release}
78	Requires(pre): 389-ds-base >= 1.2.9.6-1
79	Requires: acl
80	Requires: apache-mod_wsgi
81	Requires: cyrus-sasl-gssapi%{?_isa}
82	Requires: httpd
83	Requires: krb5-pkinit-openssl
84	Requires: krb5-server
85	Requires: krb5-server-ldap
86	Requires: mod_auth_kerb
87	Requires: mod_nss >= 1.0.8-10
88	Requires: nss
89	Requires: nss-tools
90	Requires: ntp
91	Requires: openldap-clients
92	Requires: python-krbV
93	Requires: python-ldap
94	Requires: python-pyasn1 >= 0.0.9a
95	Requires: selinux-policy >= 3.9.16-18
96	Requires(post): selinux-policy-base
97	Requires: dogtag-pki-ca-theme
98	Requires: dogtag-pki-common-theme
99	Requires: pki-ca >= 9.0.11
100	Requires: pki-silent >= 9.0.11
101	Requires: slapi-nis >= 0.21
102	Requires(preun): python initscripts chkconfig
103	Requires(postun): python initscripts chkconfig
104	Obsoletes: ipa-server >= 1.0
105
106	%description server
107	IPA is an integrated solution to provide centrally managed Identity
108	(machine, user, virtual machines, groups, authentication credentials),
109	Policy (configuration settings, access control information) and Audit
110	(events, logs, analysis thereof). If you are installing an IPA server
111	you need to install this package (in other words, most people should
112	NOT install this package).
113
114
115	%package server-selinux
116	Summary: SELinux rules for freeipa-server daemons
117	Group: Base
118	Requires: %{name}-server = %{version}-%{release}
119	Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
120	Obsoletes: ipa-server-selinux >= 1.0
121
122	%description server-selinux
123	IPA is an integrated solution to provide centrally managed Identity
124	(machine, user, virtual machines, groups, authentication credentials),
125	Policy (configuration settings, access control information) and Audit
126	(events, logs, analysis thereof). This package provides SELinux rules
127	for the daemons included in freeipa-server
128
129	%package client
130	Summary: IPA authentication for use on clients
131	Group: Base
132	Requires: %{name}-python = %{version}-%{release}
133	Requires: authconfig
134	Requires: bind-utils
135	Requires: certmonger >= 0.26
136	Requires: cyrus-sasl-gssapi%{?_isa}
137	Requires: krb5-workstation
138	Requires: libcurl >= 7.21.3-9
139	Requires: nss-tools
140	Requires: ntp
141	Requires: pam_krb5
142	Requires: python-ldap
143	Requires: sssd >= 1.5.1
144	Requires: wget
145	Requires: xmlrpc-c >= 1.25.4
146	Obsoletes: ipa-client >= 1.0
147
148	%description client
149	IPA is an integrated solution to provide centrally managed Identity
150	(machine, user, virtual machines, groups, authentication credentials),
151	Policy (configuration settings, access control information) and Audit
152	(events, logs, analysis thereof). If your network uses IPA for
153	authentication, this package should be installed on every client
154	machine.
155
156	%package admintools
157	Summary: IPA administrative tools
158	Group: Base
159	Requires: %{name}-client = %{version}-%{release}
160	Requires: %{name}-python = %{version}-%{release}
161	Requires: python-krbV
162	Requires: python-ldap
163	Obsoletes: ipa-admintools >= 1.0
164
165	%description admintools
166	IPA is an integrated solution to provide centrally managed Identity
167	(machine, user, virtual machines, groups, authentication credentials),
168	Policy (configuration settings, access control information) and Audit
169	(events, logs, analysis thereof). This package provides command-line
170	tools for IPA administrators.
171
172	%package python
173	Summary: Python libraries used by IPA
174	Group: Libraries
175	Requires: python-kerberos >= 1.1-3
176	Requires: authconfig
177	Requires: gnupg
178	Requires: iproute2
179	Requires: libipa_hbac-python
180	Requires: python-lxml
181	Requires: python-netaddr >= 0.7.5-3
182	Requires: python-nss >= 0.11
183	Requires: python-pyOpenSSL
184	Obsoletes: ipa-python >= 1.0
185
186	%description python
187	IPA is an integrated solution to provide centrally managed Identity
188	(machine, user, virtual machines, groups, authentication credentials),
189	Policy (configuration settings, access control information) and Audit
190	(events, logs, analysis thereof). If you are using IPA you need to
191	install this package.
192
193	%prep
194	%setup -q
195
196	%build
197	export CFLAGS="$CFLAGS %{optflags}"
198	export CPPFLAGS="$CPPFLAGS %{optflags}"
199	%{__make} version-update
200
201	cd ipa-client
202	../autogen.sh \
203	--prefix=%{_usr} \
204	--sysconfdir=%{_sysconfdir} \
205	--localstatedir=%{_localstatedir} \
206	--libdir=%{_libdir} \
207	--mandir=%{_mandir}
208
209	cd ../daemons
210	../autogen.sh \
211	--prefix=%{_usr} \
212	--sysconfdir=%{_sysconfdir} \
213	--localstatedir=%{_localstatedir} \
214	--libdir=%{_libdir} \
215	--mandir=%{_mandir} \
216	--with-openldap
217
218	cd ../install
219	../autogen.sh \
220	--prefix=%{_usr} \
221	--sysconfdir=%{_sysconfdir} \
222	--localstatedir=%{_localstatedir} \
223	--libdir=%{_libdir} \
224	--mandir=%{_mandir}
225
226	cd ..
227
228	%{__make} all IPA_VERSION_IS_GIT_SNAPSHOT=no
229
230	cd selinux
231	# This isn't multi-process make capable yet
232	%{__make} all -j1
233
234	%install
235	rm -rf $RPM_BUILD_ROOT
236	%{__make} install \
237	DESTDIR=$RPM_BUILD_ROOT
238
239	%{__make} -C selinux install \
240	DESTDIR=$RPM_BUILD_ROOT
241
242	%find_lang %{gettext_domain}
243
244	# Remove .la files from libtool - we don't want to package
245	# these files
246	rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_pwd_extop.la
247	rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_enrollment_extop.la
248	rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_winsync.la
249	rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_repl_version.la
250	rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_uuid.la
251	rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_modrdn.la
252	rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_lockout.la
253
254	# Some user-modifiable HTML files are provided. Move these to %{_sysconfdir}
255	# and link back.
256	install -d $RPM_BUILD_ROOT/%{_sysconfdir}/ipa/html
257	install -d $RPM_BUILD_ROOT/%{_localstatedir}/cache/ipa/sysrestore
258	mkdir $RPM_BUILD_ROOT%{_usr}/share/ipa/html/
259	ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
260	$RPM_BUILD_ROOT%{_usr}/share/ipa/html/ssbrowser.html
261	ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
262	$RPM_BUILD_ROOT%{_usr}/share/ipa/html/unauthorized.html
263	ln -s ../../../..%{_sysconfdir}/ipa/html/browserconfig.html \
264	$RPM_BUILD_ROOT%{_usr}/share/ipa/html/browserconfig.html
265	ln -s ../../../..%{_sysconfdir}/ipa/html/hbac-deny-remove.html \
266	$RPM_BUILD_ROOT%{_usr}/share/ipa/html/hbac-deny-remove.html
267	ln -s ../../../..%{_sysconfdir}/ipa/html/ipa_error.css \
268	$RPM_BUILD_ROOT%{_usr}/share/ipa/html/ipa_error.css
269
270	# So we can own our Apache configuration
271	install -d $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
272	touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa.conf
273	touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
274	install ipa.init $RPM_BUILD_ROOT%{_initrddir}/ipa
275
276	install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipa
277	touch $RPM_BUILD_ROOT%{_sysconfdir}/ipa/default.conf
278	install -p -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/ipa-client/sysrestore
279
280	install -d $RPM_BUILD_ROOT/etc/bash_completion.d
281	install -pm 644 contrib/completion/ipa.bash_completion $RPM_BUILD_ROOT/etc/bash_completion.d/ipa
282	install -d $RPM_BUILD_ROOT/etc/cron.d
283	install -pm 644 ipa-compliance.cron $RPM_BUILD_ROOT/etc/cron.d/ipa-compliance
284
285	%clean
286	rm -rf $RPM_BUILD_ROOT
287
288	%post server
289	if [ $1 = 1 ]; then
290	/sbin/chkconfig --add ipa
291	/sbin/chkconfig --add ipa_kpasswd
292	fi
293	if [ $1 -gt 1 ]; then
294	%{_sbindir}/ipa-upgradeconfig \|\| :
295	%{_sbindir}/ipa-ldap-updater --upgrade >/dev/null 2>&1 \|\| :
296	fi
297
298	%preun server
299	if [ $1 = 0 ]; then
300	/sbin/chkconfig --del ipa
301	/sbin/chkconfig --del ipa_kpasswd
302	%service ipa stop
303	fi
304
305	%postun server
306	if [ "$1" -ge "1" ]; then
307	%service ipa restart
308	fi
309
310	%pre server-selinux
311	# Save the content state so we can restore it when/if this package is removed
312	if [ -s /etc/selinux/config ]; then
313	. %{_sysconfdir}/selinux/config
314	FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
315	if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
316	cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
317	fi
318	fi
319
320	%post server-selinux
321	# Insert our provide SELinux policy
322	semodule -s targeted -i %{_datadir}/selinux/targeted/ipa_kpasswd.pp %{_datadir}/selinux/targeted/ipa_httpd.pp %{_datadir}/selinux/targeted/ipa_dogtag.pp
323	. %{_sysconfdir}/selinux/config
324	FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
325	selinuxenabled
326	if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
327	fixfiles -C ${FILE_CONTEXT}.%{name} restore
328	rm -f ${FILE_CONTEXT}.%{name}
329	fi
330
331	%preun server-selinux
332	# On the last uninstallation prepare to restore state
333	if [ $1 = 0 ]; then
334	if [ -s %{_sysconfdir}/selinux/config ]; then
335	. %{_sysconfdir}/selinux/config
336	FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
337	if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
338	cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
339	fi
340	fi
341	fi
342
343	%postun server-selinux
344	# On the last uninstallation remove our SELinux policy and restore the state
345	if [ $1 = 0 ]; then
346	semodule -s targeted -r ipa_kpasswd ipa_httpd ipa_dogtag
347	. %{_sysconfdir}/selinux/config
348	FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
349	selinuxenabled
350	if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
351	fixfiles -C ${FILE_CONTEXT}.%{name} restore
352	rm -f ${FILE_CONTEXT}.%{name}
353	fi
354	fi
355
356	%files server
357	%defattr(644,root,root,755)
358	%doc COPYING README Contributors.txt
359	%attr(755,root,root) %{_sbindir}/ipa-ca-install
360	%attr(755,root,root) %{_sbindir}/ipa-dns-install
361	%attr(755,root,root) %{_sbindir}/ipa-server-install
362	%attr(755,root,root) %{_sbindir}/ipa-replica-conncheck
363	%attr(755,root,root) %{_sbindir}/ipa-replica-install
364	%attr(755,root,root) %{_sbindir}/ipa-replica-prepare
365	%attr(755,root,root) %{_sbindir}/ipa-replica-manage
366	%attr(755,root,root) %{_sbindir}/ipa-csreplica-manage
367	%attr(755,root,root) %{_sbindir}/ipa-server-certinstall
368	%attr(755,root,root) %{_sbindir}/ipa-ldap-updater
369	%attr(755,root,root) %{_sbindir}/ipa-compat-manage
370	%attr(755,root,root) %{_sbindir}/ipa-nis-manage
371	%attr(755,root,root) %{_sbindir}/ipa-host-net-manage
372	%attr(755,root,root) %{_sbindir}/ipa_kpasswd
373	%attr(755,root,root) %{_sbindir}/ipactl
374	%attr(755,root,root) %{_sbindir}/ipa-upgradeconfig
375	%attr(755,root,root) %{_sbindir}/ipa-compliance
376	/etc/cron.d/ipa-compliance
377	%attr(755,root,root) %{_initrddir}/ipa
378	%attr(755,root,root) %{_initrddir}/ipa_kpasswd
379	%dir %{py_sitescriptdir}/ipaserver
380	%{py_sitescriptdir}/ipaserver/*
381	%dir %{_usr}/share/ipa
382	%{_usr}/share/ipa/wsgi.py*
383	%{_usr}/share/ipa/*.ldif
384	%{_usr}/share/ipa/*.uldif
385	%{_usr}/share/ipa/*.template
386	%dir %{_usr}/share/ipa/html
387	%{_usr}/share/ipa/html/ssbrowser.html
388	%{_usr}/share/ipa/html/browserconfig.html
389	%{_usr}/share/ipa/html/unauthorized.html
390	%{_usr}/share/ipa/html/hbac-deny-remove.html
391	%{_usr}/share/ipa/html/ipa_error.css
392	%dir %{_usr}/share/ipa/migration
393	%{_usr}/share/ipa/migration/error.html
394	%{_usr}/share/ipa/migration/index.html
395	%{_usr}/share/ipa/migration/invalid.html
396	%{_usr}/share/ipa/migration/ipa_migration.css
397	%{_usr}/share/ipa/migration/migration.py*
398	%dir %{_usr}/share/ipa/ui
399	%{_usr}/share/ipa/ui/index.html
400	%{_usr}/share/ipa/ui/*.png
401	%{_usr}/share/ipa/ui/*.gif
402	%{_usr}/share/ipa/ui/*.ico
403	%{_usr}/share/ipa/ui/*.css
404	%{_usr}/share/ipa/ui/*.js
405	%{_usr}/share/ipa/ui/*.eot
406	%{_usr}/share/ipa/ui/*.svg
407	%{_usr}/share/ipa/ui/*.ttf
408	%{_usr}/share/ipa/ui/*.woff
409	%dir %{_sysconfdir}/ipa
410	%dir %{_sysconfdir}/ipa/html
411	%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
412	%config(noreplace) %{_sysconfdir}/ipa/html/ipa_error.css
413	%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
414	%config(noreplace) %{_sysconfdir}/ipa/html/browserconfig.html
415	%config(noreplace) %{_sysconfdir}/ipa/html/hbac-deny-remove.html
416	%ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
417	%ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
418	%{_usr}/share/ipa/ipa.conf
419	%{_usr}/share/ipa/ipa-rewrite.conf
420	%dir %{_usr}/share/ipa/updates/
421	%{_usr}/share/ipa/updates/*
422	%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
423	%attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
424	%attr(755,root,root) %{plugin_dir}/libipa_winsync.so
425	%attr(755,root,root) %{plugin_dir}/libipa_repl_version.so
426	%attr(755,root,root) %{plugin_dir}/libipa_uuid.so
427	%attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
428	%attr(755,root,root) %{plugin_dir}/libipa_lockout.so
429	%dir %{_localstatedir}/lib/ipa
430	%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
431	%dir %{_localstatedir}/cache/ipa
432	%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
433	%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
434	%{_mandir}/man1/ipa-replica-conncheck.1*
435	%{_mandir}/man1/ipa-replica-install.1*
436	%{_mandir}/man1/ipa-replica-manage.1*
437	%{_mandir}/man1/ipa-csreplica-manage.1*
438	%{_mandir}/man1/ipa-replica-prepare.1*
439	%{_mandir}/man1/ipa-server-certinstall.1*
440	%{_mandir}/man1/ipa-server-install.1*
441	%{_mandir}/man1/ipa-dns-install.1*
442	%{_mandir}/man1/ipa-ca-install.1*
443	%{_mandir}/man1/ipa-compat-manage.1*
444	%{_mandir}/man1/ipa-nis-manage.1*
445	%{_mandir}/man1/ipa-host-net-manage.1*
446	%{_mandir}/man1/ipa-ldap-updater.1*
447	%{_mandir}/man8/ipa_kpasswd.8*
448	%{_mandir}/man8/ipactl.8*
449	%{_mandir}/man1/ipa-compliance.1*
450
451	%files server-selinux
452	%defattr(644,root,root,755)
453	%doc COPYING README Contributors.txt
454	%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
455	%{_usr}/share/selinux/targeted/ipa_httpd.pp
456	%{_usr}/share/selinux/targeted/ipa_dogtag.pp
457
458	%files client
459	%defattr(644,root,root,755)
460	%doc COPYING README Contributors.txt
461	%attr(755,root,root) %{_sbindir}/ipa-client-install
462	%attr(755,root,root) %{_sbindir}/ipa-getkeytab
463	%attr(755,root,root) %{_sbindir}/ipa-rmkeytab
464	%attr(755,root,root) %{_sbindir}/ipa-join
465	%dir %{_usr}/share/ipa
466	%dir %{_usr}/share/ipa/ipaclient
467	%dir %{_localstatedir}/lib/ipa-client
468	%dir %{_localstatedir}/lib/ipa-client/sysrestore
469	%{_usr}/share/ipa/ipaclient/ipa.cfg
470	%{_usr}/share/ipa/ipaclient/ipa.js
471	%dir %{py_sitescriptdir}/ipaclient
472	%{py_sitescriptdir}/ipaclient/.py
473	%{_mandir}/man1/ipa-getkeytab.1*
474	%{_mandir}/man1/ipa-rmkeytab.1*
475	%{_mandir}/man1/ipa-client-install.1*
476	%{_mandir}/man1/ipa-join.1*
477	%{_mandir}/man5/default.conf.5*
478
479	%files admintools
480	%defattr(644,root,root,755)
481	%doc COPYING README Contributors.txt
482	%config %{_sysconfdir}/bash_completion.d
483	%attr(755,root,root) %{_bindir}/ipa
484	%{_mandir}/man1/ipa.1*
485
486	%files python -f %{gettext_domain}.lang
487	%defattr(644,root,root,755)
488	%doc COPYING README Contributors.txt
489	%ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
490	%dir %{py_sitescriptdir}/ipapython
491	%{py_sitescriptdir}/ipapython/.py
492	%dir %{py_sitescriptdir}/ipalib
493	%{py_sitescriptdir}/ipalib/*
494	%{py_sitedir}/default_encoding_utf8.so
495	%{py_sitescriptdir}/ipapython-*.egg-info
496	%{py_sitescriptdir}/freeipa-*.egg-info
497	%{py_sitedir}/python_default_encoding-*.egg-info