3 # /usr/share/selinux/devel/Makefile is needed by freeipa-2.1.0-0.1.src
4 # 389-ds-base-devel >= 1.2.9 is needed by freeipa-2.1.0-0.1.src
5 # authconfig is needed by freeipa-2.1.0-0.1.src
6 # krb5-devel is needed by freeipa-2.1.0-0.1.src
7 # krb5-workstation is needed by freeipa-2.1.0-0.1.src
8 # libipa_hbac-python is needed by freeipa-2.1.0-0.1.src
9 # python-kerberos is needed by freeipa-2.1.0-0.1.src
10 # python-krbV is needed by freeipa-2.1.0-0.1.src
11 # python-nss is needed by freeipa-2.1.0-0.1.src
12 # python-rhsm is needed by freeipa-2.1.0-0.1.src
14 %define POLICYCOREUTILSVER 1.33.12-1
15 Summary: The Identity, Policy and Audit system
21 URL: http://www.freeipa.org/
22 Source0: http://www.freeipa.org/downloads/src/%{name}-%{version}.tar.gz
23 # Source0-md5: 2272a05e8d09a009a999e4fef25588a6
24 BuildRequires: /usr/share/selinux/devel/Makefile
25 BuildRequires: 389-ds-base-devel >= 1.2.9
26 BuildRequires: authconfig
27 BuildRequires: autoconf
28 BuildRequires: automake
29 BuildRequires: curl-devel >= 7.21.3-9
30 BuildRequires: gettext
31 BuildRequires: krb5-devel
32 BuildRequires: krb5-workstation
33 BuildRequires: libipa_hbac-python
34 BuildRequires: libtool
35 BuildRequires: libuuid-devel
37 BuildRequires: nspr-devel
38 BuildRequires: nss-devel
39 BuildRequires: openldap-devel
40 BuildRequires: openssl-devel
41 BuildRequires: policycoreutils >= %{POLICYCOREUTILSVER}
42 BuildRequires: popt-devel
44 BuildRequires: python-devel
45 BuildRequires: python-kerberos
46 BuildRequires: python-krbV
47 BuildRequires: python-ldap
48 BuildRequires: python-netaddr >= 0.7.5-3
49 BuildRequires: python-nss
50 BuildRequires: python-pyOpenSSL
51 BuildRequires: python-rhsm
52 BuildRequires: python-setuptools
53 BuildRequires: svrcore-devel
54 BuildRequires: xmlrpc-c-devel >= 1.25.4
55 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
57 %define httpd_conf /etc/httpd/conf.d
58 %define plugin_dir %{_libdir}/dirsrv/plugins
59 %define gettext_domain ipa
62 IPA is an integrated solution to provide centrally managed Identity
63 (machine, user, virtual machines, groups, authentication credentials),
64 Policy (configuration settings, access control information) and Audit
65 (events, logs, analysis thereof).
68 Summary: The IPA authentication server
70 Requires: %{name}-admintools = %{version}-%{release}
71 Requires: %{name}-client = %{version}-%{release}
72 Requires: %{name}-python = %{version}-%{release}
73 Requires(post): %{name}-server-selinux = %{version}-%{release}
74 Requires(pre): 389-ds-base >= 1.2.9.6-1
76 Requires: apache-mod_wsgi
77 Requires: cyrus-sasl-gssapi%{?_isa}
79 Requires: krb5-pkinit-openssl
81 Requires: krb5-server-ldap
82 Requires: mod_auth_kerb
83 Requires: mod_nss >= 1.0.8-10
87 Requires: openldap-clients
90 Requires: python-pyasn1 >= 0.0.9a
91 Requires: selinux-policy >= 3.9.16-18
92 Requires(post): selinux-policy-base
93 Requires: dogtag-pki-ca-theme
94 Requires: dogtag-pki-common-theme
95 Requires: pki-ca >= 9.0.11
96 Requires: pki-silent >= 9.0.11
97 Requires: slapi-nis >= 0.21
98 Requires(preun): python initscripts chkconfig
99 Requires(postun): python initscripts chkconfig
100 Obsoletes: ipa-server >= 1.0
103 IPA is an integrated solution to provide centrally managed Identity
104 (machine, user, virtual machines, groups, authentication credentials),
105 Policy (configuration settings, access control information) and Audit
106 (events, logs, analysis thereof). If you are installing an IPA server
107 you need to install this package (in other words, most people should
108 NOT install this package).
111 %package server-selinux
112 Summary: SELinux rules for freeipa-server daemons
114 Requires: %{name}-server = %{version}-%{release}
115 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
116 Obsoletes: ipa-server-selinux >= 1.0
118 %description server-selinux
119 IPA is an integrated solution to provide centrally managed Identity
120 (machine, user, virtual machines, groups, authentication credentials),
121 Policy (configuration settings, access control information) and Audit
122 (events, logs, analysis thereof). This package provides SELinux rules
123 for the daemons included in freeipa-server
126 Summary: IPA authentication for use on clients
128 Requires: %{name}-python = %{version}-%{release}
131 Requires: certmonger >= 0.26
132 Requires: cyrus-sasl-gssapi%{?_isa}
133 Requires: krb5-workstation
134 Requires: libcurl >= 7.21.3-9
138 Requires: python-ldap
139 Requires: sssd >= 1.5.1
141 Requires: xmlrpc-c >= 1.25.4
142 Obsoletes: ipa-client >= 1.0
145 IPA is an integrated solution to provide centrally managed Identity
146 (machine, user, virtual machines, groups, authentication credentials),
147 Policy (configuration settings, access control information) and Audit
148 (events, logs, analysis thereof). If your network uses IPA for
149 authentication, this package should be installed on every client
153 Summary: IPA administrative tools
155 Requires: %{name}-client = %{version}-%{release}
156 Requires: %{name}-python = %{version}-%{release}
157 Requires: python-krbV
158 Requires: python-ldap
159 Obsoletes: ipa-admintools >= 1.0
161 %description admintools
162 IPA is an integrated solution to provide centrally managed Identity
163 (machine, user, virtual machines, groups, authentication credentials),
164 Policy (configuration settings, access control information) and Audit
165 (events, logs, analysis thereof). This package provides command-line
166 tools for IPA administrators.
169 Summary: Python libraries used by IPA
171 Requires: python-kerberos >= 1.1-3
175 Requires: libipa_hbac-python
176 Requires: python-lxml
177 Requires: python-netaddr >= 0.7.5-3
178 Requires: python-nss >= 0.11
179 Requires: python-pyOpenSSL
180 Obsoletes: ipa-python >= 1.0
183 IPA is an integrated solution to provide centrally managed Identity
184 (machine, user, virtual machines, groups, authentication credentials),
185 Policy (configuration settings, access control information) and Audit
186 (events, logs, analysis thereof). If you are using IPA you need to
187 install this package.
193 export CFLAGS="$CFLAGS %{optflags}"
194 export CPPFLAGS="$CPPFLAGS %{optflags}"
195 %{__make} version-update
200 --sysconfdir=%{_sysconfdir} \
201 --localstatedir=%{_localstatedir} \
202 --libdir=%{_libdir} \
208 --sysconfdir=%{_sysconfdir} \
209 --localstatedir=%{_localstatedir} \
210 --libdir=%{_libdir} \
211 --mandir=%{_mandir} \
217 --sysconfdir=%{_sysconfdir} \
218 --localstatedir=%{_localstatedir} \
219 --libdir=%{_libdir} \
224 %{__make} all IPA_VERSION_IS_GIT_SNAPSHOT=no
227 # This isn't multi-process make capable yet
231 rm -rf $RPM_BUILD_ROOT
233 DESTDIR=$RPM_BUILD_ROOT
235 %{__make} -C selinux install \
236 DESTDIR=$RPM_BUILD_ROOT
238 %find_lang %{gettext_domain}
240 # Remove .la files from libtool - we don't want to package
242 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_pwd_extop.la
243 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_enrollment_extop.la
244 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_winsync.la
245 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_repl_version.la
246 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_uuid.la
247 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_modrdn.la
248 rm $RPM_BUILD_ROOT/%{plugin_dir}/libipa_lockout.la
250 # Some user-modifiable HTML files are provided. Move these to %{_sysconfdir}
252 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/ipa/html
253 install -d $RPM_BUILD_ROOT/%{_localstatedir}/cache/ipa/sysrestore
254 mkdir $RPM_BUILD_ROOT%{_usr}/share/ipa/html/
255 ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
256 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/ssbrowser.html
257 ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
258 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/unauthorized.html
259 ln -s ../../../..%{_sysconfdir}/ipa/html/browserconfig.html \
260 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/browserconfig.html
261 ln -s ../../../..%{_sysconfdir}/ipa/html/hbac-deny-remove.html \
262 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/hbac-deny-remove.html
263 ln -s ../../../..%{_sysconfdir}/ipa/html/ipa_error.css \
264 $RPM_BUILD_ROOT%{_usr}/share/ipa/html/ipa_error.css
266 # So we can own our Apache configuration
267 install -d $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
268 touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa.conf
269 touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
270 install ipa.init $RPM_BUILD_ROOT%{_initrddir}/ipa
272 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ipa
273 touch $RPM_BUILD_ROOT%{_sysconfdir}/ipa/default.conf
274 install -p -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/ipa-client/sysrestore
276 install -d $RPM_BUILD_ROOT/etc/bash_completion.d
277 install -pm 644 contrib/completion/ipa.bash_completion $RPM_BUILD_ROOT/etc/bash_completion.d/ipa
278 install -d $RPM_BUILD_ROOT/etc/cron.d
279 install -pm 644 ipa-compliance.cron $RPM_BUILD_ROOT/etc/cron.d/ipa-compliance
282 rm -rf $RPM_BUILD_ROOT
286 /sbin/chkconfig --add ipa
287 /sbin/chkconfig --add ipa_kpasswd
289 if [ $1 -gt 1 ]; then
290 %{_sbindir}/ipa-upgradeconfig || :
291 %{_sbindir}/ipa-ldap-updater --upgrade >/dev/null 2>&1 || :
296 /sbin/chkconfig --del ipa
297 /sbin/chkconfig --del ipa_kpasswd
302 if [ "$1" -ge "1" ]; then
307 # Save the content state so we can restore it when/if this package is removed
308 if [ -s /etc/selinux/config ]; then
309 . %{_sysconfdir}/selinux/config
310 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
311 if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
312 cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
317 # Insert our provide SELinux policy
318 semodule -s targeted -i %{_datadir}/selinux/targeted/ipa_kpasswd.pp %{_datadir}/selinux/targeted/ipa_httpd.pp %{_datadir}/selinux/targeted/ipa_dogtag.pp
319 . %{_sysconfdir}/selinux/config
320 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
322 if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
323 fixfiles -C ${FILE_CONTEXT}.%{name} restore
324 rm -f ${FILE_CONTEXT}.%{name}
327 %preun server-selinux
328 # On the last uninstallation prepare to restore state
330 if [ -s %{_sysconfdir}/selinux/config ]; then
331 . %{_sysconfdir}/selinux/config
332 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
333 if [ "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT} ]; then \
334 cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.%{name}
339 %postun server-selinux
340 # On the last uninstallation remove our SELinux policy and restore the state
342 semodule -s targeted -r ipa_kpasswd ipa_httpd ipa_dogtag
343 . %{_sysconfdir}/selinux/config
344 FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
346 if [ $? == 0 -a "${SELINUXTYPE}" == targeted -a -f ${FILE_CONTEXT}.%{name} ]; then
347 fixfiles -C ${FILE_CONTEXT}.%{name} restore
348 rm -f ${FILE_CONTEXT}.%{name}
353 %defattr(644,root,root,755)
354 %doc COPYING README Contributors.txt
355 %attr(755,root,root) %{_sbindir}/ipa-ca-install
356 %attr(755,root,root) %{_sbindir}/ipa-dns-install
357 %attr(755,root,root) %{_sbindir}/ipa-server-install
358 %attr(755,root,root) %{_sbindir}/ipa-replica-conncheck
359 %attr(755,root,root) %{_sbindir}/ipa-replica-install
360 %attr(755,root,root) %{_sbindir}/ipa-replica-prepare
361 %attr(755,root,root) %{_sbindir}/ipa-replica-manage
362 %attr(755,root,root) %{_sbindir}/ipa-csreplica-manage
363 %attr(755,root,root) %{_sbindir}/ipa-server-certinstall
364 %attr(755,root,root) %{_sbindir}/ipa-ldap-updater
365 %attr(755,root,root) %{_sbindir}/ipa-compat-manage
366 %attr(755,root,root) %{_sbindir}/ipa-nis-manage
367 %attr(755,root,root) %{_sbindir}/ipa-host-net-manage
368 %attr(755,root,root) %{_sbindir}/ipa_kpasswd
369 %attr(755,root,root) %{_sbindir}/ipactl
370 %attr(755,root,root) %{_sbindir}/ipa-upgradeconfig
371 %attr(755,root,root) %{_sbindir}/ipa-compliance
372 /etc/cron.d/ipa-compliance
373 %attr(755,root,root) %{_initrddir}/ipa
374 %attr(755,root,root) %{_initrddir}/ipa_kpasswd
375 %dir %{py_sitescriptdir}/ipaserver
376 %{py_sitescriptdir}/ipaserver/*
377 %dir %{_usr}/share/ipa
378 %{_usr}/share/ipa/wsgi.py*
379 %{_usr}/share/ipa/*.ldif
380 %{_usr}/share/ipa/*.uldif
381 %{_usr}/share/ipa/*.template
382 %dir %{_usr}/share/ipa/html
383 %{_usr}/share/ipa/html/ssbrowser.html
384 %{_usr}/share/ipa/html/browserconfig.html
385 %{_usr}/share/ipa/html/unauthorized.html
386 %{_usr}/share/ipa/html/hbac-deny-remove.html
387 %{_usr}/share/ipa/html/ipa_error.css
388 %dir %{_usr}/share/ipa/migration
389 %{_usr}/share/ipa/migration/error.html
390 %{_usr}/share/ipa/migration/index.html
391 %{_usr}/share/ipa/migration/invalid.html
392 %{_usr}/share/ipa/migration/ipa_migration.css
393 %{_usr}/share/ipa/migration/migration.py*
394 %dir %{_usr}/share/ipa/ui
395 %{_usr}/share/ipa/ui/index.html
396 %{_usr}/share/ipa/ui/*.png
397 %{_usr}/share/ipa/ui/*.gif
398 %{_usr}/share/ipa/ui/*.ico
399 %{_usr}/share/ipa/ui/*.css
400 %{_usr}/share/ipa/ui/*.js
401 %{_usr}/share/ipa/ui/*.eot
402 %{_usr}/share/ipa/ui/*.svg
403 %{_usr}/share/ipa/ui/*.ttf
404 %{_usr}/share/ipa/ui/*.woff
405 %dir %{_sysconfdir}/ipa
406 %dir %{_sysconfdir}/ipa/html
407 %config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
408 %config(noreplace) %{_sysconfdir}/ipa/html/ipa_error.css
409 %config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
410 %config(noreplace) %{_sysconfdir}/ipa/html/browserconfig.html
411 %config(noreplace) %{_sysconfdir}/ipa/html/hbac-deny-remove.html
412 %ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
413 %ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
414 %{_usr}/share/ipa/ipa.conf
415 %{_usr}/share/ipa/ipa-rewrite.conf
416 %dir %{_usr}/share/ipa/updates/
417 %{_usr}/share/ipa/updates/*
418 %attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
419 %attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
420 %attr(755,root,root) %{plugin_dir}/libipa_winsync.so
421 %attr(755,root,root) %{plugin_dir}/libipa_repl_version.so
422 %attr(755,root,root) %{plugin_dir}/libipa_uuid.so
423 %attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
424 %attr(755,root,root) %{plugin_dir}/libipa_lockout.so
425 %dir %{_localstatedir}/lib/ipa
426 %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
427 %dir %{_localstatedir}/cache/ipa
428 %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
429 %attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
430 %{_mandir}/man1/ipa-replica-conncheck.1*
431 %{_mandir}/man1/ipa-replica-install.1*
432 %{_mandir}/man1/ipa-replica-manage.1*
433 %{_mandir}/man1/ipa-csreplica-manage.1*
434 %{_mandir}/man1/ipa-replica-prepare.1*
435 %{_mandir}/man1/ipa-server-certinstall.1*
436 %{_mandir}/man1/ipa-server-install.1*
437 %{_mandir}/man1/ipa-dns-install.1*
438 %{_mandir}/man1/ipa-ca-install.1*
439 %{_mandir}/man1/ipa-compat-manage.1*
440 %{_mandir}/man1/ipa-nis-manage.1*
441 %{_mandir}/man1/ipa-host-net-manage.1*
442 %{_mandir}/man1/ipa-ldap-updater.1*
443 %{_mandir}/man8/ipa_kpasswd.8*
444 %{_mandir}/man8/ipactl.8*
445 %{_mandir}/man1/ipa-compliance.1*
447 %files server-selinux
448 %defattr(644,root,root,755)
449 %doc COPYING README Contributors.txt
450 %{_usr}/share/selinux/targeted/ipa_kpasswd.pp
451 %{_usr}/share/selinux/targeted/ipa_httpd.pp
452 %{_usr}/share/selinux/targeted/ipa_dogtag.pp
455 %defattr(644,root,root,755)
456 %doc COPYING README Contributors.txt
457 %attr(755,root,root) %{_sbindir}/ipa-client-install
458 %attr(755,root,root) %{_sbindir}/ipa-getkeytab
459 %attr(755,root,root) %{_sbindir}/ipa-rmkeytab
460 %attr(755,root,root) %{_sbindir}/ipa-join
461 %dir %{_usr}/share/ipa
462 %dir %{_usr}/share/ipa/ipaclient
463 %dir %{_localstatedir}/lib/ipa-client
464 %dir %{_localstatedir}/lib/ipa-client/sysrestore
465 %{_usr}/share/ipa/ipaclient/ipa.cfg
466 %{_usr}/share/ipa/ipaclient/ipa.js
467 %dir %{py_sitescriptdir}/ipaclient
468 %{py_sitescriptdir}/ipaclient/*.py*
469 %{_mandir}/man1/ipa-getkeytab.1*
470 %{_mandir}/man1/ipa-rmkeytab.1*
471 %{_mandir}/man1/ipa-client-install.1*
472 %{_mandir}/man1/ipa-join.1*
473 %{_mandir}/man5/default.conf.5*
476 %defattr(644,root,root,755)
477 %doc COPYING README Contributors.txt
478 %config %{_sysconfdir}/bash_completion.d
479 %attr(755,root,root) %{_bindir}/ipa
480 %{_mandir}/man1/ipa.1*
482 %files python -f %{gettext_domain}.lang
483 %defattr(644,root,root,755)
484 %doc COPYING README Contributors.txt
485 %ghost %attr(644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
486 %dir %{py_sitescriptdir}/ipapython
487 %{py_sitescriptdir}/ipapython/*.py*
488 %dir %{py_sitescriptdir}/ipalib
489 %{py_sitescriptdir}/ipalib/*
490 %{py_sitedir}/default_encoding_utf8.so
491 %{py_sitescriptdir}/ipapython-*.egg-info
492 %{py_sitescriptdir}/freeipa-*.egg-info
493 %{py_sitedir}/python_default_encoding-*.egg-info