Martin Kosek wrote:
This set of patches handles enabling psearch both for new installations
(patch 263) and upgraded IPA servers.

For upgraded IPA servers I needed to make sure that psearch is not
enabled for every IPA package update, but at most once, when a user
updates to IPA with this patch for the first time (patch 264). This is
enabled by a new State store located in /var/lib/ipa/sysupgrade (patch

I also improved the way we handled SELinux sebool updates (patch 265),
this can make ipa-upgradeconfig to finish in 0.4 seconds and not in 150
seconds as previously. Details are in the patches.


The sysupgrade directory isn't created by the RPM install:

mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysupgrade


It looks like zone_refresh is simply disabled in, why not remove it completely?


Small nit, worth doing case-insensitive compare of psearch enabled status?

We're updating named.conf in place so I don't know that we need to reset permissions. It at least shouldn't get modified by the write.


