Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Mon, 2012-01-30 at 13:53 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. I think it would be a good idea. We already own for example default.conf with config(noreplace) which is also generated during installation. There 2 ca.crt's to manage this way: /usr/share/ipa/html/ca.crt /etc/ipa/ca.crt Martin Ok, added both of these. rob ACK. Pushed to master, ipa-2-2. (There was a small rebase for master). Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. I think it would be a good idea. We already own for example default.conf with config(noreplace) which is also generated during installation. There 2 ca.crt's to manage this way: /usr/share/ipa/html/ca.crt /etc/ipa/ca.crt Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
Martin Kosek wrote:
On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote:
Add a %ghost to some files installed by the UI so that they are owned by
freeipa-server when the server is installed and they will be removed by
rpm when the package is removed.
rob
I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this
intentional? We may want to keep ca.crt intact when freeipa package is
uninstalled...
This a list of files in /usr/share/ipa/ that we do not own:
file /usr/share/ipa/html/krb.con is not owned by any package
file /usr/share/ipa/html/preferences.html is not owned by any package
file /usr/share/ipa/html/configure.jar is not owned by any package
file /usr/share/ipa/html/krbrealm.con is not owned by any package
file /usr/share/ipa/html/ca.crt is not owned by any package
file /usr/share/ipa/html/krb5.ini is not owned by any package
Martin
This was my thinking exactly.
Right now if you uninstall the rpms and re-install them then (at least
apparently) the server continues to work.
I might be talked into adding a config(noreplace) if we want this at
least owned by the package.
I think it would be a good idea. We already own for example default.conf
with config(noreplace) which is also generated during installation.
There 2 ca.crt's to manage this way:
/usr/share/ipa/html/ca.crt
/etc/ipa/ca.crt
Martin
Ok, added both of these.
rob
From 820570159f180ca72891230474273e2e1403a37c Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 26 Jan 2012 14:09:45 -0500
Subject: [PATCH] %ghost the UI files that we install/create on the fly
https://fedorahosted.org/freeipa/ticket/1764
---
freeipa.spec.in | 15 +++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 0ce7379e9499dd4fefea40a377153fe1c1a4ed0d..5e8c493e85ed2bbbf2b371ab917085540fd9a0fe 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -345,6 +345,13 @@ mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
+mkdir -p %{buildroot}%{_usr}/share/ipa/html/
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/configure.jar
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con
+/bin/touch %{buildroot}%{_usr}/share/ipa/html/preferences.html
mkdir -p %{buildroot}%{_initrddir}
%if 0%{?fedora} = 16
# Default to systemd initscripts for F16 and above
@@ -357,6 +364,7 @@ install -m755 init/SystemV/ipa.init %{buildroot}%{_initrddir}/ipa
mkdir -p %{buildroot}%{_sysconfdir}/ipa/
/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf
+/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
%if ! %{ONLY_CLIENT}
@@ -532,6 +540,12 @@ fi
%{_usr}/share/ipa/ipa.conf
%{_usr}/share/ipa/ipa-rewrite.conf
%{_usr}/share/ipa/ipa-pki-proxy.conf
+%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/configure.jar
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con
+%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/preferences.html
%dir %{_usr}/share/ipa/updates/
%{_usr}/share/ipa/updates/*
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
@@ -617,6 +631,7 @@ fi
%{python_sitearch}/python_default_encoding-*.egg-info
%endif
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
+%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
* Wed Jan 11 2012 Simo Sorce s...@redhat.com? - 2.2.0-7
--
1.7.6
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 27 Jan 2012, Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... There is /etc/ipa/ca.crt as well, and appropriate certificate imported into nss database too. This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 13:09 +0200, Alexander Bokovoy wrote: On Fri, 27 Jan 2012, Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... There is /etc/ipa/ca.crt as well, and appropriate certificate imported into nss database too. This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 27 Jan 2012, Martin Kosek wrote: file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Do you want ca.crt be removed on uninstall? Or treated as a config file? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 13:55 +0200, Alexander Bokovoy wrote: On Fri, 27 Jan 2012, Martin Kosek wrote: file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Do you want ca.crt be removed on uninstall? Or treated as a config file? In my opinion the certificate should be handled as a config file, i.e. should not be removed on uninstall. If you and Rob agree with such behavior, its ACK from me for this patch as is. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 27 Jan 2012, Martin Kosek wrote: On Fri, 2012-01-27 at 13:55 +0200, Alexander Bokovoy wrote: On Fri, 27 Jan 2012, Martin Kosek wrote: file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package What about files in /etc/ipa/? I see that ca.crt is the only file that we don't own. Thus we are consistent in %ghost files with /usr/share/ipa/html/ca.crt. Do you want ca.crt be removed on uninstall? Or treated as a config file? In my opinion the certificate should be handled as a config file, i.e. should not be removed on uninstall. If you and Rob agree with such behavior, its ACK from me for this patch as is. I'm also leaning to treat certificates as config files. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 933 %ghost some UI files
On Fri, 2012-01-27 at 09:26 -0500, Rob Crittenden wrote: Martin Kosek wrote: On Thu, 2012-01-26 at 14:11 -0500, Rob Crittenden wrote: Add a %ghost to some files installed by the UI so that they are owned by freeipa-server when the server is installed and they will be removed by rpm when the package is removed. rob I see you did not add /usr/share/ipa/html/ca.crt to %ghost too. Is this intentional? We may want to keep ca.crt intact when freeipa package is uninstalled... This a list of files in /usr/share/ipa/ that we do not own: file /usr/share/ipa/html/krb.con is not owned by any package file /usr/share/ipa/html/preferences.html is not owned by any package file /usr/share/ipa/html/configure.jar is not owned by any package file /usr/share/ipa/html/krbrealm.con is not owned by any package file /usr/share/ipa/html/ca.crt is not owned by any package file /usr/share/ipa/html/krb5.ini is not owned by any package Martin This was my thinking exactly. Right now if you uninstall the rpms and re-install them then (at least apparently) the server continues to work. I might be talked into adding a config(noreplace) if we want this at least owned by the package. I add my +1 at keeping ca.crt around. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
