krb5-pkinit-openssl is used for PKINIT support. Make it a required package.

ticket 599

rob
>From 5d34d7ed42bb943129514fb116476c49d356c48a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 13 Dec 2010 14:46:09 -0500
Subject: [PATCH] Add krb5-pkinit-openssl as a Requires on ipa-server package

ticket 599
---
 install/tools/ipa-replica-install |    9 ---------
 install/tools/ipa-server-install  |    5 -----
 ipa.spec.in                       |    4 ++++
 ipaserver/install/krbinstance.py  |   10 ----------
 4 files changed, 4 insertions(+), 24 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 40aa9c6..0826afa 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -279,11 +279,6 @@ def check_bind():
         print "Aborting installation"
         sys.exit(1)
 
-def check_pkinit():
-    if not krbinstance.check_pkinit_plugin():
-        print "Aborting installation"
-        sys.exit(1)
-
 def main():
     if not check_replication_plugin():
         sys.exit(1)
@@ -353,10 +348,6 @@ def main():
     if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed():
         options.setup_pkinit = False
 
-    # check the pkinit plugin is installed
-    if options.setup_pkinit:
-        check_pkinit()
-
     # Install CA cert so that we can do SSL connections with ldap
     install_ca_cert(config)
 
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 0a1f1c5..5b9e652 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -548,11 +548,6 @@ def main():
         if not bindinstance.check_inst(options.unattended):
             sys.exit("Aborting installation")
 
-    # check the pkinit plugin is installed
-    if options.setup_pkinit:
-        if not krbinstance.check_pkinit_plugin():
-            sys.exit("Aborting installation")
-
     # check the hostname is correctly configured, it must be as the kldap
     # utilities just use the hostname as returned by gethostbyname to set
     # up some of the standard entries
diff --git a/ipa.spec.in b/ipa.spec.in
index f808e41..0860482 100644
--- a/ipa.spec.in
+++ b/ipa.spec.in
@@ -72,6 +72,7 @@ Requires: nss-tools
 Requires: krb5-server
 %endif
 Requires: krb5-server-ldap
+Requires: krb5-pkinit-openssl
 Requires: cyrus-sasl-gssapi
 Requires: ntp
 Requires: httpd
@@ -508,6 +509,9 @@ fi
 %endif
 
 %changelog
+* Mon Dec 13 2010 Rob Crittenden <rcrit...@redhat.com> - 1.99-34
+- Add Requires on krb5-pkinit-openssl
+
 * Tue Dec  7 2010 Simo Sorce <sso...@redhat.com> - 1.99-33
 - Add ipa init script
 
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 247b390..c1e5a3f 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -49,16 +49,6 @@ from distutils import version
 
 KRBMKEY_DENY_ACI = '(targetattr = "krbMKey")(version 3.0; acl "No external access"; deny (read,write,search,compare) userdn != "ldap:///uid=kdc,cn=sysaccounts,cn=etc,$SUFFIX";;)'
 
-def check_pkinit_plugin():
-    LIB32 = '/usr/lib/krb5/plugins/preauth/pkinit.so'
-    LIB64 = '/usr/lib64/krb5/plugins/preauth/pkinit.so'
-    if not os.path.exists(LIB32) and not os.path.exists(LIB64):
-        print "The pkinit plugin is missing"
-        print "Please install the 'krb5-pkinit-openssl' package and start the installation again"
-        return False
-
-    return True
-
 def update_key_val_in_file(filename, key, val):
     if os.path.exists(filename):
         pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val))
-- 
1.7.2.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to