Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Mon, 2012-01-30 at 13:53 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. I think it would be a good idea. We already own for example default.conf with config(noreplace) which is also generated during installation. There 2 ca.crt's to manage this way: /usr/share/ipa/html/ca.crt /etc/ipa/ca.crt Martin Ok, added both of these. rob ACK. Pushed to master, ipa-2-2. (There was a small rebase for master). Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. I think it would be a good idea. We already own for example default.conf with config(noreplace) which is also generated during installation. There 2 ca.crt's to manage this way: /usr/share/ipa/html/ca.crt /etc/ipa/ca.crt Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
Martin Kosek wrote: On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. I think it would be a good idea. We already own for example default.conf with config(noreplace) which is also generated during installation. There 2 ca.crt's to manage this way: /usr/share/ipa/html/ca.crt /etc/ipa/ca.crt Martin Ok, added both of these. rob From 820570159f180ca72891230474273e2e1403a37c Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Thu, 26 Jan 2012 14:09:45 -0500 Subject: [PATCH] %ghost the UI files that we install/create on the fly https://fedorahosted.org/freeipa/ticket/1764 --- freeipa.spec.in | 15 +++ 1 files changed, 15 insertions(+), 0 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 0ce7379e9499dd4fefea40a377153fe1c1a4ed0d..5e8c493e85ed2bbbf2b371ab917085540fd9a0fe 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -345,6 +345,13 @@ mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/ /bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf /bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf /bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf +mkdir -p %{buildroot}%{_usr}/share/ipa/html/ +/bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt +/bin/touch %{buildroot}%{_usr}/share/ipa/html/configure.jar +/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con +/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini +/bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con +/bin/touch %{buildroot}%{_usr}/share/ipa/html/preferences.html mkdir -p %{buildroot}%{_initrddir} %if 0%{?fedora} = 16 # Default to systemd initscripts for F16 and above @@ -357,6 +364,7 @@ install -m755 init/SystemV/ipa.init %{buildroot}%{_initrddir}/ipa mkdir -p %{buildroot}%{_sysconfdir}/ipa/ /bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf +/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore %if ! %{ONLY_CLIENT} @@ -532,6 +540,12 @@ fi %{_usr}/share/ipa/ipa.conf %{_usr}/share/ipa/ipa-rewrite.conf %{_usr}/share/ipa/ipa-pki-proxy.conf +%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt +%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/configure.jar +%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con +%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini +%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con +%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/preferences.html %dir %{_usr}/share/ipa/updates/ %{_usr}/share/ipa/updates/* %attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so @@ -617,6 +631,7 @@ fi %{python_sitearch}/python_default_encoding-*.egg-info %endif %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf +%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog * Wed Jan 11 2012 Simo Sorce s...@redhat.com? - 2.2.0-7 -- 1.7.6 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 27 Jan 2012, Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... There is /etc/ipa/ca.crt as well, and appropriate certificate imported into nss database too. This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 13:09 +0200, Alexander Bokovoy wrote: On Fri, 27 Jan 2012, Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... There is /etc/ipa/ca.crt as well, and appropriate certificate imported into nss database too. This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 27 Jan 2012, Martin Kosek wrote: file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Do you want ca.crt be removed on uninstall? Or treated as a config file? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 13:55 +0200, Alexander Bokovoy wrote: On Fri, 27 Jan 2012, Martin Kosek wrote: file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Do you want ca.crt be removed on uninstall? Or treated as a config file? In my opinion the certificate should be handled as a config file, i.e. should not be removed on uninstall. If you and Rob agree with such behavior, its ACK from me for this patch as is. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 27 Jan 2012, Martin Kosek wrote: On Fri, 2012-01-27 at 13:55 +0200, Alexander Bokovoy wrote: On Fri, 27 Jan 2012, Martin Kosek wrote: file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Do you want ca.crt be removed on uninstall? Or treated as a config file? In my opinion the certificate should be handled as a config file, i.e. should not be removed on uninstall. If you and Rob agree with such behavior, its ACK from me for this patch as is. I'm also leaning to treat certificates as config files. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. I add my +1 at keeping ca.crt around. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel