3 # /usr/share/selinux/devel/Makefile is needed by freeipa-2.1.0-0.1.src
4 # 389-ds-base-devel >= 1.2.9 is needed by freeipa-2.1.0-0.1.src
5 # authconfig is needed by freeipa-2.1.0-0.1.src
6 # krb5-devel is needed by freeipa-2.1.0-0.1.src
7 # krb5-workstation is needed by freeipa-2.1.0-0.1.src
8 # libipa_hbac-python is needed by freeipa-2.1.0-0.1.src
9 # policycoreutils >= %{POLICYCOREUTILSVER} is needed by freeipa-2.1.0-0.1.src
10 # pylint is needed by freeipa-2.1.0-0.1.src
11 # python-kerberos is needed by freeipa-2.1.0-0.1.src
12 # python-krbV is needed by freeipa-2.1.0-0.1.src
13 # python-ldap is needed by freeipa-2.1.0-0.1.src
14 # python-netaddr >= 0.7.5-3 is needed by freeipa-2.1.0-0.1.src
15 # python-nss is needed by freeipa-2.1.0-0.1.src
16 # python-rhsm is needed by freeipa-2.1.0-0.1.src
18 Summary: The Identity, Policy and Audit system
24 URL: http://www.freeipa.org/
25 Source0: http://www.freeipa.org/downloads/src/%{name}-%{version}.tar.gz
26 # Source0-md5: 2272a05e8d09a009a999e4fef25588a6
27 BuildRequires: /usr/share/selinux/devel/Makefile
28 BuildRequires: 389-ds-base-devel >= 1.2.9
29 BuildRequires: authconfig
30 BuildRequires: autoconf
31 BuildRequires: automake
32 BuildRequires: curl-devel >= 7.21.3-9
33 BuildRequires: gettext
34 BuildRequires: krb5-devel
35 BuildRequires: krb5-workstation
36 BuildRequires: libipa_hbac-python
37 BuildRequires: libtool
38 BuildRequires: libuuid-devel
40 BuildRequires: nspr-devel
41 BuildRequires: nss-devel
42 BuildRequires: openldap-devel
43 BuildRequires: openssl-devel
44 BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
45 BuildRequires: popt-devel
47 BuildRequires: python-devel
48 BuildRequires: python-kerberos
49 BuildRequires: python-krbV
50 BuildRequires: python-ldap
51 BuildRequires: python-netaddr >= 0.7.5-3
52 BuildRequires: python-nss
53 BuildRequires: python-pyOpenSSL
54 BuildRequires: python-rhsm
55 BuildRequires: python-setuptools
56 BuildRequires: svrcore-devel
57 BuildRequires: xmlrpc-c-devel >= 1.25.4
58 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
60 %define httpd_conf /etc/httpd/conf.d
61 %define plugin_dir %{_libdir}/dirsrv/plugins
62 %define POLICYCOREUTILSVER 1.33.12-1
63 %define gettext_domain ipa
66 IPA is an integrated solution to provide centrally managed Identity
67 (machine, user, virtual machines, groups, authentication credentials),
68 Policy (configuration settings, access control information) and Audit
69 (events, logs, analysis thereof).
72 Summary: The IPA authentication server
74 Requires: %{name}-admintools = %{version}-%{release}
75 Requires: %{name}-client = %{version}-%{release}
76 Requires: %{name}-python = %{version}-%{release}
77 Requires(post): %{name}-server-selinux = %{version}-%{release}
78 Requires(pre): 389-ds-base >= 1.2.9.6-1
80 Requires: apache-mod_wsgi
81 Requires: cyrus-sasl-gssapi%{?_isa}
83 Requires: krb5-pkinit-openssl
85 Requires: krb5-server-ldap
86 Requires: mod_auth_kerb
87 Requires: mod_nss >= 1.0.8-10
91 Requires: openldap-clients
94 Requires: python-pyasn1 >= 0.0.9a
95 Requires: selinux-policy >= 3.9.16-18
96 Requires(post): selinux-policy-base
97 Requires: dogtag-pki-ca-theme
98 Requires: dogtag-pki-common-theme
99 Requires: pki-ca >= 9.0.11
100 Requires: pki-silent >= 9.0.11
101 Requires: slapi-nis >= 0.21
102 Requires(preun): python initscripts chkconfig
103 Requires(postun): python initscripts chkconfig
104 Obsoletes: ipa-server >= 1.0
107 IPA is an integrated solution to provide centrally managed Identity
108 (machine, user, virtual machines, groups, authentication credentials),
109 Policy (configuration settings, access control information) and Audit
110 (events, logs, analysis thereof). If you are installing an IPA server
111 you need to install this package (in other words, most people should
112 NOT install this package).
115 %package server-selinux
116 Summary: SELinux rules for freeipa-server daemons
118 Requires: %{name}-server = %{version}-%{release}
119 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
120 Obsoletes: ipa-server-selinux >= 1.0
122 %description server-selinux
123 IPA is an integrated solution to provide centrally managed Identity
124 (machine, user, virtual machines, groups, authentication credentials),
125 Policy (configuration settings, access control information) and Audit
126 (events, logs, analysis thereof). This package provides SELinux rules
127 for the daemons included in freeipa-server
130 Summary: IPA authentication for use on clients
132 Requires: %{name}-python = %{version}-%{release}
135 Requires: certmonger >= 0.26
136 Requires: cyrus-sasl-gssapi%{?_isa}
137 Requires: krb5-workstation
138 Requires: libcurl >= 7.21.3-9
142 Requires: python-ldap
143 Requires: sssd >= 1.5.1
145 Requires: xmlrpc-c >= 1.25.4
146 Obsoletes: ipa-client >= 1.0
149 IPA is an integrated solution to provide centrally managed Identity
150 (machine, user, virtual machines, groups, authentication credentials),
151 Policy (configuration settings, access control information) and Audit
152 (events, logs, analysis thereof). If your network uses IPA for
153 authentication, this package should be installed on every client
157 Summary: IPA administrative tools
159 Requires: %{name}-client = %{version}-%{release}
160 Requires: %{name}-python = %{version}-%{release}
161 Requires: python-krbV
162 Requires: python-ldap
163 Obsoletes: ipa-admintools >= 1.0
165 %description admintools
166 IPA is an integrated solution to provide centrally managed Identity
167 (machine, user, virtual machines, groups, authentication credentials),
168 Policy (configuration settings, access control information) and Audit
169 (events, logs, analysis thereof). This package provides command-line
170 tools for IPA administrators.
173 Summary: Python libraries used by IPA
175 Requires: python-kerberos >= 1.1-3
179 Requires: libipa_hbac-python
180 Requires: python-lxml
181 Requires: python-netaddr >= 0.7.5-3
182 Requires: python-nss >= 0.11
183 Requires: python-pyOpenSSL
184 Obsoletes: ipa-python >= 1.0
187 IPA is an integrated solution to provide centrally managed Identity
188 (machine, user, virtual machines, groups, authentication credentials),
189 Policy (configuration settings, access control information) and Audit
190 (events, logs, analysis thereof). If you are using IPA you need to
191 install this package.
197 export CFLAGS="$CFLAGS %{optflags}"
198 export CPPFLAGS="$CPPFLAGS %{optflags}"
199 %{__make} version-update
204 --sysconfdir=%{_sysconfdir} \
205 --localstatedir=%{_localstatedir} \
206 --libdir=%{_libdir} \
212 --sysconfdir=%{_sysconfdir} \
213 --localstatedir=%{_localstatedir} \
214 --libdir=%{_libdir} \
215 --mandir=%{_mandir} \
221 --sysconfdir=%{_sysconfdir} \
222 --localstatedir=%{_localstatedir} \
223 --libdir=%{_libdir} \
228 %{__make} all IPA_VERSION_IS_GIT_SNAPSHOT=no
231 # This isn't multi-process make capable yet
235 rm -rf $RPM_BUILD_ROOT
237 DESTDIR=$RPM_BUILD_ROOT
239 %{__make} -C selinux install \
240 DESTDIR=$RPM_BUILD_ROOT
242 %find_lang %{gettext_domain}
244 # Remove .la files from libtool - we don't want to package
246 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_pwd_extop.la
247 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_enrollment_extop.la
248 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_winsync.la
249 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_repl_version.la
250 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_uuid.la
251 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_modrdn.la
252 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_lockout.la
254 # Some user-modifiable HTML files are provided. Move these to %{_sysconfdir}
256 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/ipa/html
257 install -d $RPM_BUILD_ROOT/%{_localstatedir}/cache/ipa/sysrestore
258 mkdir $RPM_BUILD_ROOT%{_usr}/share/ipa/html/
259 ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
260 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/ssbrowser.html
261 ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
262 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/unauthorized.html
263 ln -s ../../../..%{_sysconfdir}/ipa/html/browserconfig.html \
264 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/browserconfig.html
265 ln -s ../../../..%{_sysconfdir}/ipa/html/hbac-deny-remove.html \
266 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/hbac-deny-remove.html
267 ln -s ../../../..%{_sysconfdir}/ipa/html/ipa_error.css \
268 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/ipa_error.css
270 # So we can own our Apache configuration
271 install -d $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
272 touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa.conf
273 touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
274 install ipa.init $RPM_BUILD_ROOT%{_initrddir}/ipa
276 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipa
277 touch $RPM_BUILD_ROOT%{_sysconfdir}/ipa/default.conf
278 install -p -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/ipa-client/sysrestore
280 install -d $RPM_BUILD_ROOT/etc/bash_completion.d
281 install -pm 644 contrib/completion/ipa.bash_completion $RPM_BUILD_ROOT/etc/bash_completion.d/ipa
282 install -d $RPM_BUILD_ROOT/etc/cron.d
283 install -pm 644 ipa-compliance.cron $RPM_BUILD_ROOT/etc/cron.d/ipa-compliance
286 rm -rf $RPM_BUILD_ROOT
290 /sbin/chkconfig --add ipa
291 /sbin/chkconfig --add ipa_kpasswd
293 if [ $1 -gt 1 ]; then
294 %{_sbindir}/ipa-upgradeconfig || :
295 %{_sbindir}/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
300 /sbin/chkconfig --del ipa
301 /sbin/chkconfig --del ipa_kpasswd
306 if [ "$1" -ge "1" ]; then
311 # Save the content state so we can restore it when/if this package is removed
312 if [ -s /etc/selinux/config ]; then
313 . %{_sysconfdir}/selinux/config
314 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
315 if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
316 cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
321 # Insert our provide SELinux policy
322 semodule -s targeted -i %{_datadir}/selinux/targeted/ipa_kpasswd.pp %{_datadir}/selinux/targeted/ipa_httpd.pp %{_datadir}/selinux/targeted/ipa_dogtag.pp
323 . %{_sysconfdir}/selinux/config
324 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
326 if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
327 fixfiles -C ${FILE_CONTEXT}.%{name} restore
328 rm -f ${FILE_CONTEXT}.%{name}
331 %preun server-selinux
332 # On the last uninstallation prepare to restore state
334 if [ -s %{_sysconfdir}/selinux/config ]; then
335 . %{_sysconfdir}/selinux/config
336 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
337 if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
338 cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
343 %postun server-selinux
344 # On the last uninstallation remove our SELinux policy and restore the state
346 semodule -s targeted -r ipa_kpasswd ipa_httpd ipa_dogtag
347 . %{_sysconfdir}/selinux/config
348 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
350 if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
351 fixfiles -C ${FILE_CONTEXT}.%{name} restore
352 rm -f ${FILE_CONTEXT}.%{name}
357 %defattr(644,root,root,755)
358 %doc COPYING README Contributors.txt
359 %attr(755,root,root) %{_sbindir}/ipa-ca-install
360 %attr(755,root,root) %{_sbindir}/ipa-dns-install
361 %attr(755,root,root) %{_sbindir}/ipa-server-install
362 %attr(755,root,root) %{_sbindir}/ipa-replica-conncheck
363 %attr(755,root,root) %{_sbindir}/ipa-replica-install
364 %attr(755,root,root) %{_sbindir}/ipa-replica-prepare
365 %attr(755,root,root) %{_sbindir}/ipa-replica-manage
366 %attr(755,root,root) %{_sbindir}/ipa-csreplica-manage
367 %attr(755,root,root) %{_sbindir}/ipa-server-certinstall
368 %attr(755,root,root) %{_sbindir}/ipa-ldap-updater
369 %attr(755,root,root) %{_sbindir}/ipa-compat-manage
370 %attr(755,root,root) %{_sbindir}/ipa-nis-manage
371 %attr(755,root,root) %{_sbindir}/ipa-host-net-manage
372 %attr(755,root,root) %{_sbindir}/ipa_kpasswd
373 %attr(755,root,root) %{_sbindir}/ipactl
374 %attr(755,root,root) %{_sbindir}/ipa-upgradeconfig
375 %attr(755,root,root) %{_sbindir}/ipa-compliance
376 /etc/cron.d/ipa-compliance
377 %attr(755,root,root) %{_initrddir}/ipa
378 %attr(755,root,root) %{_initrddir}/ipa_kpasswd
379 %dir %{py_sitescriptdir}/ipaserver
380 %{py_sitescriptdir}/ipaserver/*
381 %dir %{_usr}/share/ipa
382 %{_usr}/share/ipa/wsgi.py*
383 %{_usr}/share/ipa/*.ldif
384 %{_usr}/share/ipa/*.uldif
385 %{_usr}/share/ipa/*.template
386 %dir %{_usr}/share/ipa/html
387 %{_usr}/share/ipa/html/ssbrowser.html
388 %{_usr}/share/ipa/html/browserconfig.html
389 %{_usr}/share/ipa/html/unauthorized.html
390 %{_usr}/share/ipa/html/hbac-deny-remove.html
391 %{_usr}/share/ipa/html/ipa_error.css
392 %dir %{_usr}/share/ipa/migration
393 %{_usr}/share/ipa/migration/error.html
394 %{_usr}/share/ipa/migration/index.html
395 %{_usr}/share/ipa/migration/invalid.html
396 %{_usr}/share/ipa/migration/ipa_migration.css
397 %{_usr}/share/ipa/migration/migration.py*
398 %dir %{_usr}/share/ipa/ui
399 %{_usr}/share/ipa/ui/index.html
400 %{_usr}/share/ipa/ui/*.png
401 %{_usr}/share/ipa/ui/*.gif
402 %{_usr}/share/ipa/ui/*.ico
403 %{_usr}/share/ipa/ui/*.css
404 %{_usr}/share/ipa/ui/*.js
405 %{_usr}/share/ipa/ui/*.eot
406 %{_usr}/share/ipa/ui/*.svg
407 %{_usr}/share/ipa/ui/*.ttf
408 %{_usr}/share/ipa/ui/*.woff
409 %dir %{_sysconfdir}/ipa
410 %dir %{_sysconfdir}/ipa/html
411 %config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
412 %config(noreplace) %{_sysconfdir}/ipa/html/ipa_error.css
413 %config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
414 %config(noreplace) %{_sysconfdir}/ipa/html/browserconfig.html
415 %config(noreplace) %{_sysconfdir}/ipa/html/hbac-deny-remove.html
416 %ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
417 %ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
418 %{_usr}/share/ipa/ipa.conf
419 %{_usr}/share/ipa/ipa-rewrite.conf
420 %dir %{_usr}/share/ipa/updates/
421 %{_usr}/share/ipa/updates/*
422 %attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
423 %attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
424 %attr(755,root,root) %{plugin_dir}/libipa_winsync.so
425 %attr(755,root,root) %{plugin_dir}/libipa_repl_version.so
426 %attr(755,root,root) %{plugin_dir}/libipa_uuid.so
427 %attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
428 %attr(755,root,root) %{plugin_dir}/libipa_lockout.so
429 %dir %{_localstatedir}/lib/ipa
430 %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
431 %dir %{_localstatedir}/cache/ipa
432 %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
433 %attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
434 %{_mandir}/man1/ipa-replica-conncheck.1*
435 %{_mandir}/man1/ipa-replica-install.1*
436 %{_mandir}/man1/ipa-replica-manage.1*
437 %{_mandir}/man1/ipa-csreplica-manage.1*
438 %{_mandir}/man1/ipa-replica-prepare.1*
439 %{_mandir}/man1/ipa-server-certinstall.1*
440 %{_mandir}/man1/ipa-server-install.1*
441 %{_mandir}/man1/ipa-dns-install.1*
442 %{_mandir}/man1/ipa-ca-install.1*
443 %{_mandir}/man1/ipa-compat-manage.1*
444 %{_mandir}/man1/ipa-nis-manage.1*
445 %{_mandir}/man1/ipa-host-net-manage.1*
446 %{_mandir}/man1/ipa-ldap-updater.1*
447 %{_mandir}/man8/ipa_kpasswd.8*
448 %{_mandir}/man8/ipactl.8*
449 %{_mandir}/man1/ipa-compliance.1*
451 %files server-selinux
452 %defattr(644,root,root,755)
453 %doc COPYING README Contributors.txt
454 %{_usr}/share/selinux/targeted/ipa_kpasswd.pp
455 %{_usr}/share/selinux/targeted/ipa_httpd.pp
456 %{_usr}/share/selinux/targeted/ipa_dogtag.pp
459 %defattr(644,root,root,755)
460 %doc COPYING README Contributors.txt
461 %attr(755,root,root) %{_sbindir}/ipa-client-install
462 %attr(755,root,root) %{_sbindir}/ipa-getkeytab
463 %attr(755,root,root) %{_sbindir}/ipa-rmkeytab
464 %attr(755,root,root) %{_sbindir}/ipa-join
465 %dir %{_usr}/share/ipa
466 %dir %{_usr}/share/ipa/ipaclient
467 %dir %{_localstatedir}/lib/ipa-client
468 %dir %{_localstatedir}/lib/ipa-client/sysrestore
469 %{_usr}/share/ipa/ipaclient/ipa.cfg
470 %{_usr}/share/ipa/ipaclient/ipa.js
471 %dir %{py_sitescriptdir}/ipaclient
472 %{py_sitescriptdir}/ipaclient/*.py*
473 %{_mandir}/man1/ipa-getkeytab.1*
474 %{_mandir}/man1/ipa-rmkeytab.1*
475 %{_mandir}/man1/ipa-client-install.1*
476 %{_mandir}/man1/ipa-join.1*
477 %{_mandir}/man5/default.conf.5*
480 %defattr(644,root,root,755)
481 %doc COPYING README Contributors.txt
482 %config %{_sysconfdir}/bash_completion.d
483 %attr(755,root,root) %{_bindir}/ipa
484 %{_mandir}/man1/ipa.1*
486 %files python -f %{gettext_domain}.lang
487 %defattr(644,root,root,755)
488 %doc COPYING README Contributors.txt
489 %ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
490 %dir %{py_sitescriptdir}/ipapython
491 %{py_sitescriptdir}/ipapython/*.py*
492 %dir %{py_sitescriptdir}/ipalib
493 %{py_sitescriptdir}/ipalib/*
494 %{py_sitedir}/default_encoding_utf8.so
495 %{py_sitescriptdir}/ipapython-*.egg-info
496 %{py_sitescriptdir}/freeipa-*.egg-info
497 %{py_sitedir}/python_default_encoding-*.egg-info