On (03/09/13 00:43), Timo Aaltonen wrote: > >This fixes https://fedorahosted.org/freeipa/ticket/1887 >and >https://fedorahosted.org/freeipa/ticket/2455 > >the first three patches fix some bugs in how python is used >fourth patch checks if dbus is already running before trying to start it >fifth fixes some compilation warnings >sixth finally adds the Debian platform module > > > >there are also distro patches that aren't upstreamable as-is, that do >stuff like >- give--install-layout=deb to setup.py >- disable make-testcert since it needs a server running >- fix hardcoded NFS related paths and a variable in ipa-client-automount >- fix ldap.conf path in ipa-client-install >- fix ntpdate options in ntpconf.py (Debian doesn't patch ntpdate like >Fedora) >- change nss includes in ipa_pwd.c (<nss/..> not <nss3/..>) Solution is simple. Use pkg-config generated NSS_CFLAGS
bash$ pkg-config --cflags nss -I/usr/include/nss -I/usr/include/nspr bash$ uname -a Linux positron 3.10-2-686-pae #1 SMP Debian 3.10.5-1 (2013-08-07) i686 GNU/Linux bash$pkg-config --cflags nss -I/usr/include/nss3 -I/usr/include/nspr4 bash$uname -a Linux unused-4-233.brq.redhat.com 3.10.10-200.fc19.x86_64 #1 SMP Thu Aug 29 19:05:45 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux It works in sssd. I can send a patch. LS > >dunno what to do about those, the packaging can keep on carrying those >but if you have ideas how to make them configurable so that upstream >git/tarball could be used for development/testing on Debian then that >would be nice. > >t >From b08da1b7712f9621283719b190134586e59fb333 Mon Sep 17 00:00:00 2001 >From: Timo Aaltonen <tjaal...@ubuntu.com> >Date: Tue, 3 Sep 2013 00:01:12 +0300 >Subject: [PATCH 1/6] Use /usr/bin/python as fallback python path > >--- > Makefile | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/Makefile b/Makefile >index >a21cf7e33275fd1a783e89baf237c8dcd8db6508..428f19b1a83da8c424893ea35c901f52dafaf546 > 100644 >--- a/Makefile >+++ b/Makefile >@@ -50,7 +50,7 @@ ifneq ($(DEVELOPER_MODE),0) > LINT_OPTIONS=--no-fail > endif > >-PYTHON ?= $(shell rpm -E %__python) >+PYTHON ?= $(shell rpm -E %__python || echo /usr/bin/python) > > all: bootstrap-autogen server tests > @for subdir in $(SUBDIRS); do \ >-- >1.8.3.2 > >From 7360486d7ed343202062716c0eb4f731923bb509 Mon Sep 17 00:00:00 2001 >From: Timo Aaltonen <tjaal...@ubuntu.com> >Date: Tue, 3 Sep 2013 00:03:12 +0300 >Subject: [PATCH 2/6] Don't search platform path > >Don't use Python.h from the platform specific path >--- > ipapython/py_default_encoding/setup.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/ipapython/py_default_encoding/setup.py >b/ipapython/py_default_encoding/setup.py >index >de2478c1962aba7a78919efdb266bf0600965905..6a1af628272c6cd3eaa755c5728a7a5d020050ec > 100644 >--- a/ipapython/py_default_encoding/setup.py >+++ b/ipapython/py_default_encoding/setup.py >@@ -22,7 +22,7 @@ from distutils.sysconfig import get_python_inc > import sys > import os > >-python_header = os.path.join(get_python_inc(plat_specific=1), 'Python.h') >+python_header = os.path.join(get_python_inc(plat_specific=0), 'Python.h') > if not os.path.exists(python_header): > sys.exit("Cannot find Python development packages that provide Python.h") > >-- >1.8.3.2 > >From be86f0a9bbc3196aa8808243aba6d7e68c6d083b Mon Sep 17 00:00:00 2001 >From: Nick Hatch <nicholas.ha...@gmail.com> >Date: Tue, 3 Sep 2013 00:08:13 +0300 >Subject: [PATCH 3/6] Don't exclude symlinks when loading plugins > >--- > ipalib/util.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/ipalib/util.py b/ipalib/util.py >index >3c52e4fd9a3e08d160dd4ae7076590be8b869d2c..e14077487e979f077ddc1f9e925678884a64b5b5 > 100644 >--- a/ipalib/util.py >+++ b/ipalib/util.py >@@ -81,7 +81,7 @@ def find_modules_in_dir(src_dir): > if not name.endswith(suffix): > continue > pyfile = os.path.join(src_dir, name) >- if os.path.islink(pyfile) or not os.path.isfile(pyfile): >+ if not os.path.isfile(pyfile): > continue > module = name[:-len(suffix)] > if module == '__init__': >-- >1.8.3.2 > >From 34d002d5483b9853a8329215ab12c946b8df7525 Mon Sep 17 00:00:00 2001 >From: Nick Hatch <nicholas.ha...@gmail.com> >Date: Tue, 3 Sep 2013 00:10:30 +0300 >Subject: [PATCH 4/6] Check dbus before starting it > >Check to see if the messagebus (dbus) is running before attempting to start it >--- > ipa-client/ipa-install/ipa-client-install | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > >diff --git a/ipa-client/ipa-install/ipa-client-install >b/ipa-client/ipa-install/ipa-client-install >index >280edd793326150c416fe1b82f9866435e9c6509..7241a3421e348666c47f03a9b4fdac472b2ccabb > 100755 >--- a/ipa-client/ipa-install/ipa-client-install >+++ b/ipa-client/ipa-install/ipa-client-install >@@ -372,10 +372,11 @@ def uninstall(options, env): > # Always start certmonger. We can't untrack something if it isn't > # running > messagebus = ipaservices.knownservices.messagebus >- try: >- messagebus.start() >- except Exception, e: >- log_service_error(messagebus.service_name, 'start', e) >+ if not messagebus.is_running(): >+ try: >+ messagebus.start() >+ except Exception, e: >+ log_service_error(messagebus.service_name, 'start', e) > > cmonger = ipaservices.knownservices.certmonger > try: >@@ -970,10 +971,11 @@ def configure_certmonger(fstore, subject_base, >cli_realm, hostname, options, > principal = 'host/%s@%s' % (hostname, cli_realm) > > messagebus = ipaservices.knownservices.messagebus >- try: >- messagebus.start() >- except Exception, e: >- log_service_error(messagebus.service_name, 'start', e) >+ if not messagebus.is_running(): >+ try: >+ messagebus.start() >+ except Exception, e: >+ log_service_error(messagebus.service_name, 'start', e) > > # Ensure that certmonger has been started at least once to generate the > # cas files in /var/lib/certmonger/cas. >-- >1.8.3.2 > >From 926f2371eaa5166f39f1c25832bb502befca6d4e Mon Sep 17 00:00:00 2001 >From: Krzysztof Klimonda <kklimo...@syntaxhighlighted.com> >Date: Tue, 3 Sep 2013 00:12:26 +0300 >Subject: [PATCH 5/6] Fix -Wformat-security warnings > >--- > daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c | 6 +++--- > daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 8 ++++---- > 2 files changed, 7 insertions(+), 7 deletions(-) > >diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c >b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c >index >9f884bd39233adf90b0f4eff1868885d587d351a..22c40f2bcfc527127b745e1efde5977b148c78a8 > 100644 >--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c >+++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c >@@ -317,7 +317,7 @@ free_and_return: > > if (krbLastPwdChange) slapi_ch_free_string(&krbLastPwdChange); > >- LOG(errMesg ? errMesg : "success\n"); >+ LOG("%s", errMesg ? errMesg : "success\n"); > slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); > > free(principal); >@@ -344,7 +344,7 @@ ipaenrollment_extop(Slapi_PBlock *pb) > if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid ) != 0) { > errMesg = "Could not get OID and value from request.\n"; > rc = LDAP_OPERATIONS_ERROR; >- LOG(errMesg); >+ LOG("%s", errMesg); > goto free_and_return; > } > >@@ -357,7 +357,7 @@ ipaenrollment_extop(Slapi_PBlock *pb) > rc = LDAP_OPERATIONS_ERROR; > > free_and_return: >- LOG(errMesg); >+ LOG("%s", errMesg); > slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); > > return SLAPI_PLUGIN_EXTENDED_SENT_RESULT; >diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c >b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c >index >1058c313d1f2a193eb7fae621bc9c5d103fb6d5f..c3e0ebd9d90f393be031b26fadcedd00f6091a8d > 100644 >--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c >+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c >@@ -573,7 +573,7 @@ free_and_return: > if (targetEntry) slapi_entry_free(targetEntry); > if (ber) ber_free(ber, 1); > >- LOG(errMesg ? errMesg : "success"); >+ LOG("%s", errMesg ? errMesg : "success"); > slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); > > return SLAPI_PLUGIN_EXTENDED_SENT_RESULT; >@@ -1143,7 +1143,7 @@ free_and_return: > > if (rc == LDAP_SUCCESS) > errMesg = NULL; >- LOG(errMesg ? errMesg : "success"); >+ LOG("%s", errMesg ? errMesg : "success"); > slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); > > return SLAPI_PLUGIN_EXTENDED_SENT_RESULT; >@@ -1170,7 +1170,7 @@ static int ipapwd_extop(Slapi_PBlock *pb) > if (slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid) != 0) { > errMesg = "Could not get OID value from request.\n"; > rc = LDAP_OPERATIONS_ERROR; >- LOG(errMesg); >+ LOG("%s", errMesg); > goto free_and_return; > } else { > LOG("Received extended operation request with OID %s\n", oid); >@@ -1193,7 +1193,7 @@ static int ipapwd_extop(Slapi_PBlock *pb) > free_and_return: > if (krbcfg) free_ipapwd_krbcfg(&krbcfg); > >- LOG(errMesg); >+ LOG("%s", errMesg); > slapi_send_ldap_result(pb, rc, NULL, errMesg, 0, NULL); > > return SLAPI_PLUGIN_EXTENDED_SENT_RESULT; >-- >1.8.3.2 > >From 9890f5ac23d927a668097f42a799219ea33b5cbc Mon Sep 17 00:00:00 2001 >From: Timo Aaltonen <tjaal...@ubuntu.com> >Date: Tue, 3 Sep 2013 00:23:09 +0300 >Subject: [PATCH] Add Debian client platform support > >--- > ipapython/platform/debian/__init__.py | 43 ++++++++++++++ > ipapython/platform/debian/auth.py | 38 ++++++++++++ > ipapython/platform/debian/service.py | 107 ++++++++++++++++++++++++++++++++++ > ipapython/setup.py.in | 1 + > 4 files changed, 189 insertions(+) > create mode 100644 ipapython/platform/debian/__init__.py > create mode 100644 ipapython/platform/debian/auth.py > create mode 100644 ipapython/platform/debian/service.py > >diff --git a/ipapython/platform/debian/__init__.py >b/ipapython/platform/debian/__init__.py >new file mode 100644 >index >0000000000000000000000000000000000000000..0312b554521b314b9afe1a460ed3856b493de2bb >--- /dev/null >+++ b/ipapython/platform/debian/__init__.py >@@ -0,0 +1,43 @@ >+import os >+ >+from ipapython.platform import base, redhat, fedora18 >+from ipapython.platform.debian.auth import DebianAuthConfig >+from ipapython.platform.debian.service import debian_service, DebianServices >+ >+# All what we allow exporting directly from this module >+# Everything else is made available through these symbols when they are >+# directly imported into ipapython.services: >+# >+# authconfig -- class reference for platform-specific implementation of >+# authconfig(8) >+# service -- class reference for platform-specific implementation of a >+# PlatformService class >+# knownservices -- factory instance to access named services IPA cares about, >+# names are ipapython.services.wellknownservices >+# backup_and_replace_hostname -- platform-specific way to set hostname and >+# make it persistent over reboots >+# restore_network_configuration -- platform-specific way of restoring network >+# configuration (e.g. static hostname) >+# restore_context -- platform-sepcific way to restore security context, if >+# applicable >+# check_selinux_status -- platform-specific way to see if SELinux is enabled >+# and restorecon is installed. >+__all__ = ['authconfig', 'service', 'knownservices', >+ 'backup_and_replace_hostname', 'restore_context', 'check_selinux_status', >+ 'restore_network_configuration', 'timedate_services'] >+ >+# Just copy a referential list of timedate services >+timedate_services = list(base.timedate_services) >+ >+def restore_network_configuration(fstore, statestore): >+ filepath = '/etc/hostname' >+ if fstore.has_file(filepath): >+ fstore.restore_file(filepath) >+ hostname_was_configured = True >+ >+authconfig = DebianAuthConfig >+service = debian_service >+knownservices = DebianServices() >+backup_and_replace_hostname = fedora18.backup_and_replace_hostname >+restore_context = redhat.restore_context >+check_selinux_status = redhat.check_selinux_status >diff --git a/ipapython/platform/debian/auth.py >b/ipapython/platform/debian/auth.py >new file mode 100644 >index >0000000000000000000000000000000000000000..76e5c90255dc4a0c4830062a54bd237f10d5ca1b >--- /dev/null >+++ b/ipapython/platform/debian/auth.py >@@ -0,0 +1,38 @@ >+from ipapython.platform import base >+ >+class DebianAuthConfig(base.AuthConfig): >+ """ >+ Debian implementation of the AuthConfig class. >+ >+ Debian doesn't provide a single application for changing both >+ nss and pam configuration. PAM can be configured using debconf but there >+ is currently no such solution for updating NSS database and every package >+ does it by itself. >+ """ >+ >+ def __build_args(self): >+ args = ['--force'] >+ for (option, value) in self.parameters.items(): >+ if option == "sssdauth": >+ option = "sss" >+ # only sssd supported, filter the dupe >+ elif option in ["sssd", "krb5", "ldap", "update"]: >+ option = "" >+ if type(value) is bool: >+ if value: >+ if not "package" in args: >+ args.append("--package %s" % (option)) >+ else: >+ args.append("%s" % (option)) >+ else: >+ if not any("remove" in s for s in args): >+ args.append("--remove %s" % (option)) >+ else: >+ args.append("%s" % (option)) >+ >+ >+ def execute(self): >+ env = "DEBCONF_FRONTEND=noninteractive" >+ args = self.__build_args() >+ ipautil.run(["/usr/sbin/pam-auth-update"]+args,env) >+ >diff --git a/ipapython/platform/debian/service.py >b/ipapython/platform/debian/service.py >new file mode 100644 >index >0000000000000000000000000000000000000000..dadd250c4e8cf393453b2c7d6344a6e612c79ad3 >--- /dev/null >+++ b/ipapython/platform/debian/service.py >@@ -0,0 +1,107 @@ >+import time >+ >+from ipapython import ipautil >+from ipapython.ipa_log_manager import root_logger >+from ipapython.platform import base >+from ipalib import api >+ >+class DebianService(base.PlatformService): >+ def __wait_for_open_ports(self, instance_name=""): >+ """ >+ If this is a service we need to wait for do so. >+ """ >+ ports = None >+ if instance_name in base.wellknownports: >+ ports = base.wellknownports[instance_name] >+ else: >+ if self.service_name in base.wellknownports: >+ ports = base.wellknownports[self.service_name] >+ if ports: >+ ipautil.wait_for_open_ports('localhost', ports, >api.env.startup_timeout) >+ def stop(self, instance_name='', capture_output=True): >+ ipautil.run(["/usr/sbin/service", self.service_name, "stop", >+ instance_name], capture_output=capture_output) >+ if 'context' in api.env and api.env.context in ['ipactl', >'installer']: >+ update_service_list = True >+ else: >+ update_service_list = False >+ super(DebianService, self).stop(instance_name) >+ >+ def start(self, instance_name='', capture_output=True, wait=True): >+ ipautil.run(["/usr/sbin/service", self.service_name, "start", >+ instance_name], capture_output=capture_output) >+ if 'context' in api.env and api.env.context in ['ipactl', >'installer']: >+ update_service_list = True >+ else: >+ update_service_list = False >+ if wait and self.is_running(instance_name): >+ self.__wait_for_open_ports(instance_name) >+ super(DebianService, self).start(instance_name) >+ >+ def restart(self, instance_name='', capture_output=True, wait=True): >+ ipautil.run(["/usr/sbin/service", self.service_name, "restart", >+ instance_name], capture_output=capture_output) >+ if wait and self.is_running(instance_name): >+ self.__wait_for_open_ports(instance_name) >+ >+ def is_running(self, instance_name=""): >+ ret = True >+ try: >+ (sout, serr, rcode) = ipautil.run(["/usr/sbin/service", >+ self.service_name, "status", >+ instance_name]) >+ if sout.find("NOT running") >= 0: >+ ret = False >+ if sout.find("stop") >= 0: >+ ret = False >+ except ipautil.CalledProcessError: >+ ret = False >+ return ret >+ >+ def is_installed(self): >+ installed = True >+ try: >+ ipautil.run(["/usr/sbin/service", self.service_name, "status"]) >+ except ipautil.CalledProcessError, e: >+ if e.returncode == 1: >+ # service is not installed or there is other serious issue >+ installed = False >+ return installed >+ >+ def is_enabled(self, instance_name=""): >+ # Services are always assumed to be enabled when installed >+ return True >+ >+ def enable(self): >+ return True >+ >+ def disable(self): >+ return True >+ >+ def install(self): >+ return True >+ >+ def remove(self): >+ return True >+ >+class DebianSSHService(DebianService): >+ def get_config_dir(self, instance_name=""): >+ return '/etc/ssh' >+ >+def debian_service(name): >+ if name == 'sshd': >+ return DebianSSHService(name) >+ return DebianService(name) >+ >+class DebianServices(base.KnownServices): >+ def __init__(self): >+ services = dict() >+ for s in base.wellknownservices: >+ if s == "messagebus": >+ services[s] = debian_service("dbus") >+ elif s == "ntpd": >+ services[s] = debian_service("ntp") >+ else: >+ services[s] = debian_service(s) >+ # Call base class constructor. This will lock services to read-only >+ super(DebianServices, self).__init__(services) >diff --git a/ipapython/setup.py.in b/ipapython/setup.py.in >index >d3bbcaf1e46528d50731ca18a96a3384f6b49548..9ebd76bf14d6cd8033c7d3d4922d0a949475d3c0 > 100644 >--- a/ipapython/setup.py.in >+++ b/ipapython/setup.py.in >@@ -68,6 +68,7 @@ def setup_package(): > packages = [ "ipapython", > "ipapython.platform", > "ipapython.platform.base", >+ "ipapython.platform.debian", > "ipapython.platform.fedora16", > "ipapython.platform.fedora18", > "ipapython.platform.redhat" ], >-- >1.8.3.2 > >_______________________________________________ >Freeipa-devel mailing list >Freeipa-devel@redhat.com >https://www.redhat.com/mailman/listinfo/freeipa-devel _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel