Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
On 07/02/2012 02:47 PM, Rob Crittenden wrote: > Martin Kosek wrote: >> On 06/29/2012 05:07 PM, Rob Crittenden wrote: >>> Martin Kosek wrote: On 06/27/2012 07:46 PM, Rob Crittenden wrote: > I found a few minor issues when building and installing the master branch > on > Fedora 18. This patch should address it. > > rob > 1) This will fail for on F17->F18 upgrades, we need to bump VERSION in ipa-rewrite.conf. Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set. However, this variable will need to be figured out from current ipa-rewrite.conf contents as it depends on whether the IPA server was installed with --no-ui-redirect or not. 2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6 fixed in BZ 831464? 3) %changelog entry is missing Martin >>> >>> This should do it >>> >>> rob >> >> This looks as a way to go, but this one won't fly yet - the server FQDN is >> hard-coded to the find_autoredirect function. >> >> Martin >> > > Updated. > > rob > ACK. Pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
Martin Kosek wrote: On 06/29/2012 05:07 PM, Rob Crittenden wrote: Martin Kosek wrote: On 06/27/2012 07:46 PM, Rob Crittenden wrote: I found a few minor issues when building and installing the master branch on Fedora 18. This patch should address it. rob 1) This will fail for on F17->F18 upgrades, we need to bump VERSION in ipa-rewrite.conf. Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set. However, this variable will need to be figured out from current ipa-rewrite.conf contents as it depends on whether the IPA server was installed with --no-ui-redirect or not. 2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6 fixed in BZ 831464? 3) %changelog entry is missing Martin This should do it rob This looks as a way to go, but this one won't fly yet - the server FQDN is hard-coded to the find_autoredirect function. Martin Updated. rob >From 0582531451b3fa5505aa116f51e5c45fa83b46d5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 20 Jun 2012 14:09:55 -0400 Subject: [PATCH] Fix compatibility with Fedora 18. We need a Requires on openssl, the mod_rewrite syntax has changed so we can dump some unused configuration and we need a newer version of mod_auth_kerb to pick up the new location of delegated ccache. https://fedorahosted.org/freeipa/ticket/2839 --- freeipa.spec.in | 13 + install/conf/ipa-rewrite.conf |5 + install/tools/ipa-upgradeconfig | 23 ++- 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index f7b115202bc8086ba26b25fbe1848fb4ad1fec2a..52878e0f7b272fc9b64cca679a3f334141723781 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -112,7 +112,11 @@ Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp Requires: httpd Requires: mod_wsgi +%if 0%{?fedora} >= 18 +Requires: mod_auth_kerb >= 5.4-16 +%else Requires: mod_auth_kerb >= 5.4-8 +%endif Requires: mod_nss >= 1.0.8-10 Requires: python-ldap Requires: python-krbV @@ -145,10 +149,14 @@ Requires: pki-silent >= 9.0.18 Requires: pki-setup >= 9.0.18 Requires: dogtag-pki-common-theme Requires: dogtag-pki-ca-theme +%if 0%{?fedora} >= 18 +Requires: tomcat6 >= 6.0.35-4 +%else %if 0%{?fedora} >= 16 # Only tomcat6 greater than this version provides proper systemd support Requires: tomcat6 >= 6.0.32-17 %endif +%endif %if 0%{?rhel} Requires: subscription-manager %endif @@ -733,6 +741,11 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Fri Jun 29 2012 Rob Crittenden - 2.99.0-37 +- Add Requires on openssl +- Set minimum tomcat6 to 6.0.35-4 in F-18 +- Set minimum mod_auth_kerb to 5.4-16 in F-18 + * Fri Jun 21 2012 Sumit Bose - 2.99.0-36 - Add extdom extop plugin diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf index 5385f9db027c88fac6e7b0762c60f9a8dc2e1c3c..8da210d0aef95aa8179c00de89850df1f89f140a 100644 --- a/install/conf/ipa-rewrite.conf +++ b/install/conf/ipa-rewrite.conf @@ -1,9 +1,6 @@ -# VERSION 2 - DO NOT REMOVE THIS LINE +# VERSION 3 - DO NOT REMOVE THIS LINE RewriteEngine on -RewriteLog /var/log/httpd/rewrite.log -RewriteLogLevel 0 - # By default forward all requests to /ipa. If you don't want IPA # to be the default on your web server comment this line out. diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index bc8e6a249d96c9998e91c6037321aaa9c53ff00c..248232ac6e8048b6091c56a7824025f39a275fba 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -125,6 +125,26 @@ def find_hostname(): raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename) +def find_autoredirect(fqdn): +""" +When upgrading ipa-rewrite.conf we need to see if the automatic redirect +was disabled during install time (or afterward). So sift through the +configuration file and see if we can determine the status. + +Returns True if autoredirect is enabled, False otherwise +""" +filename = '/etc/httpd/conf.d/ipa-rewrite.conf' +if os.path.exists(filename): +pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn +p = re.compile(pattern) +for line in fileinput.input(filename): +if p.search(line): +fileinput.close() +return True +fileinput.close() +return False +return True + def find_version(filename): """Find the version of a configuration file""" if os.path.exists(filename): @@ -386,7 +406,8 @@ def main(): check_certs() -sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } +auto_redirect = find_autoredirect(fqdn) +sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect else '#'} upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf"
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
On 06/29/2012 05:07 PM, Rob Crittenden wrote: > Martin Kosek wrote: >> On 06/27/2012 07:46 PM, Rob Crittenden wrote: >>> I found a few minor issues when building and installing the master branch on >>> Fedora 18. This patch should address it. >>> >>> rob >>> >> >> 1) This will fail for on F17->F18 upgrades, we need to bump VERSION in >> ipa-rewrite.conf. >> >> Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash >> during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set. >> >> However, this variable will need to be figured out from current >> ipa-rewrite.conf contents as it depends on whether the IPA server was >> installed >> with --no-ui-redirect or not. >> >> 2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6 >> fixed in BZ 831464? >> >> 3) %changelog entry is missing >> >> Martin >> > > This should do it > > rob This looks as a way to go, but this one won't fly yet - the server FQDN is hard-coded to the find_autoredirect function. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
Martin Kosek wrote: On 06/27/2012 07:46 PM, Rob Crittenden wrote: I found a few minor issues when building and installing the master branch on Fedora 18. This patch should address it. rob 1) This will fail for on F17->F18 upgrades, we need to bump VERSION in ipa-rewrite.conf. Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set. However, this variable will need to be figured out from current ipa-rewrite.conf contents as it depends on whether the IPA server was installed with --no-ui-redirect or not. 2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6 fixed in BZ 831464? 3) %changelog entry is missing Martin This should do it rob >From e354bf16a8768477be8da32643681117bfa5b20b Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 20 Jun 2012 14:09:55 -0400 Subject: [PATCH] Fix compatibility with Fedora 18. We need a Requires on openssl, the mod_rewrite syntax has changed so we can dump some unused configuration and we need a newer version of mod_auth_kerb to pick up the new location of delegated ccache. https://fedorahosted.org/freeipa/ticket/2839 --- freeipa.spec.in | 14 ++ install/conf/ipa-rewrite.conf |5 + install/tools/ipa-upgradeconfig | 23 ++- 3 files changed, 37 insertions(+), 5 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index f7b115202bc8086ba26b25fbe1848fb4ad1fec2a..55fe90f7afe0ac753d4c02ba3bc77d17bae64bbb 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -112,7 +112,11 @@ Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp Requires: httpd Requires: mod_wsgi +%if 0%{?fedora} >= 18 +Requires: mod_auth_kerb >= 5.4-16 +%else Requires: mod_auth_kerb >= 5.4-8 +%endif Requires: mod_nss >= 1.0.8-10 Requires: python-ldap Requires: python-krbV @@ -145,10 +149,14 @@ Requires: pki-silent >= 9.0.18 Requires: pki-setup >= 9.0.18 Requires: dogtag-pki-common-theme Requires: dogtag-pki-ca-theme +%if 0%{?fedora} >= 18 +Requires: tomcat6 >= 6.0.35-4 +%else %if 0%{?fedora} >= 16 # Only tomcat6 greater than this version provides proper systemd support Requires: tomcat6 >= 6.0.32-17 %endif +%endif %if 0%{?rhel} Requires: subscription-manager %endif @@ -161,6 +169,7 @@ Requires(postun): python initscripts chkconfig %endif Requires: python-dns Requires: keyutils +Requires: openssl # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions @@ -733,6 +742,11 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt %changelog +* Fri Jun 29 2012 Rob Crittenden - 2.99.0-37 +- Add Requires on openssl +- Set minimum tomcat6 to 6.0.35-4 in F-18 +- Set minimum mod_auth_kerb to 5.4-16 in F-18 + * Fri Jun 21 2012 Sumit Bose - 2.99.0-36 - Add extdom extop plugin diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf index 5385f9db027c88fac6e7b0762c60f9a8dc2e1c3c..8da210d0aef95aa8179c00de89850df1f89f140a 100644 --- a/install/conf/ipa-rewrite.conf +++ b/install/conf/ipa-rewrite.conf @@ -1,9 +1,6 @@ -# VERSION 2 - DO NOT REMOVE THIS LINE +# VERSION 3 - DO NOT REMOVE THIS LINE RewriteEngine on -RewriteLog /var/log/httpd/rewrite.log -RewriteLogLevel 0 - # By default forward all requests to /ipa. If you don't want IPA # to be the default on your web server comment this line out. diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index bc8e6a249d96c9998e91c6037321aaa9c53ff00c..bb5cedda2dc11fd24e442920d4f09605a1ae522e 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -125,6 +125,26 @@ def find_hostname(): raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename) +def find_autoredirect(fqdn): +""" +When upgrading ipa-rewrite.conf we need to see if the automatic redirect +was disabled during install time (or afterward). So sift through the +configuration file and see if we can determine the status. + +Returns True if autoredirect is enabled, False otherwise +""" +filename = '/etc/httpd/conf.d/ipa-rewrite.conf' +if os.path.exists(filename): +pattern = "^RewriteRule \^/\$ https://rawhide2.greyoak.com/ipa/ui \[L,NC,R=301\]" +p = re.compile(pattern) +for line in fileinput.input(filename): +if p.search(line): +fileinput.close() +return True +fileinput.close() +return False +return True + def find_version(filename): """Find the version of a configuration file""" if os.path.exists(filename): @@ -386,7 +406,8 @@ def main(): check_certs() -sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } +auto_redirect = find_autoredirect(fqdn) +sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect els
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
On 06/27/2012 07:46 PM, Rob Crittenden wrote: > I found a few minor issues when building and installing the master branch on > Fedora 18. This patch should address it. > > rob > 1) This will fail for on F17->F18 upgrades, we need to bump VERSION in ipa-rewrite.conf. Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set. However, this variable will need to be figured out from current ipa-rewrite.conf contents as it depends on whether the IPA server was installed with --no-ui-redirect or not. 2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6 fixed in BZ 831464? 3) %changelog entry is missing Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
I found a few minor issues when building and installing the master branch on Fedora 18. This patch should address it. rob >From d0a8f5316e17ce37d54a2794ee314ef1ba5a909d Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 20 Jun 2012 14:09:55 -0400 Subject: [PATCH] Fix compatibility with Fedora 18. We need a Requires on openssl, the mod_rewrite syntax has changed so we can dump some unused configuration and we need a newer version of mod_auth_kerb to pick up the new location of delegated ccache. https://fedorahosted.org/freeipa/ticket/2839 --- freeipa.spec.in |5 + install/conf/ipa-rewrite.conf |2 -- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index b61d93ddacc6e8600fde5388c672de95b09febaf..c4e3d6f575622070ea4edcf5f672b64bbd3ff41a 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -110,7 +110,11 @@ Requires: cyrus-sasl-gssapi%{?_isa} Requires: ntp Requires: httpd Requires: mod_wsgi +%if 0%{?fedora} >= 18 +Requires: mod_auth_kerb >= 5.4-16 +%else Requires: mod_auth_kerb >= 5.4-8 +%endif Requires: mod_nss >= 1.0.8-10 Requires: python-ldap Requires: python-krbV @@ -159,6 +163,7 @@ Requires(postun): python initscripts chkconfig %endif Requires: python-dns Requires: keyutils +Requires: openssl # We have a soft-requires on bind. It is an optional part of # IPA but if it is configured we need a way to require versions diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf index 5385f9db027c88fac6e7b0762c60f9a8dc2e1c3c..89e8d7fc89f8959341fc0e0f3b7ffe67213ae25c 100644 --- a/install/conf/ipa-rewrite.conf +++ b/install/conf/ipa-rewrite.conf @@ -1,8 +1,6 @@ # VERSION 2 - DO NOT REMOVE THIS LINE RewriteEngine on -RewriteLog /var/log/httpd/rewrite.log -RewriteLogLevel 0 # By default forward all requests to /ipa. If you don't want IPA -- 1.7.10.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel