Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
On 07/02/2012 02:47 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 06/29/2012 05:07 PM, Rob Crittenden wrote:
>>> Martin Kosek wrote:
On 06/27/2012 07:46 PM, Rob Crittenden wrote:
> I found a few minor issues when building and installing the master branch
> on
> Fedora 18. This patch should address it.
>
> rob
>
1) This will fail for on F17->F18 upgrades, we need to bump VERSION in
ipa-rewrite.conf.
Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash
during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set.
However, this variable will need to be figured out from current
ipa-rewrite.conf contents as it depends on whether the IPA server was
installed
with --no-ui-redirect or not.
2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6
fixed in BZ 831464?
3) %changelog entry is missing
Martin
>>>
>>> This should do it
>>>
>>> rob
>>
>> This looks as a way to go, but this one won't fly yet - the server FQDN is
>> hard-coded to the find_autoredirect function.
>>
>> Martin
>>
>
> Updated.
>
> rob
>
ACK. Pushed to master.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
Martin Kosek wrote:
On 06/29/2012 05:07 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 06/27/2012 07:46 PM, Rob Crittenden wrote:
I found a few minor issues when building and installing the master branch on
Fedora 18. This patch should address it.
rob
1) This will fail for on F17->F18 upgrades, we need to bump VERSION in
ipa-rewrite.conf.
Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash
during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set.
However, this variable will need to be figured out from current
ipa-rewrite.conf contents as it depends on whether the IPA server was installed
with --no-ui-redirect or not.
2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6
fixed in BZ 831464?
3) %changelog entry is missing
Martin
This should do it
rob
This looks as a way to go, but this one won't fly yet - the server FQDN is
hard-coded to the find_autoredirect function.
Martin
Updated.
rob
>From 0582531451b3fa5505aa116f51e5c45fa83b46d5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 20 Jun 2012 14:09:55 -0400
Subject: [PATCH] Fix compatibility with Fedora 18.
We need a Requires on openssl, the mod_rewrite syntax has changed so
we can dump some unused configuration and we need a newer version of
mod_auth_kerb to pick up the new location of delegated ccache.
https://fedorahosted.org/freeipa/ticket/2839
---
freeipa.spec.in | 13 +
install/conf/ipa-rewrite.conf |5 +
install/tools/ipa-upgradeconfig | 23 ++-
3 files changed, 36 insertions(+), 5 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index f7b115202bc8086ba26b25fbe1848fb4ad1fec2a..52878e0f7b272fc9b64cca679a3f334141723781 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -112,7 +112,11 @@ Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp
Requires: httpd
Requires: mod_wsgi
+%if 0%{?fedora} >= 18
+Requires: mod_auth_kerb >= 5.4-16
+%else
Requires: mod_auth_kerb >= 5.4-8
+%endif
Requires: mod_nss >= 1.0.8-10
Requires: python-ldap
Requires: python-krbV
@@ -145,10 +149,14 @@ Requires: pki-silent >= 9.0.18
Requires: pki-setup >= 9.0.18
Requires: dogtag-pki-common-theme
Requires: dogtag-pki-ca-theme
+%if 0%{?fedora} >= 18
+Requires: tomcat6 >= 6.0.35-4
+%else
%if 0%{?fedora} >= 16
# Only tomcat6 greater than this version provides proper systemd support
Requires: tomcat6 >= 6.0.32-17
%endif
+%endif
%if 0%{?rhel}
Requires: subscription-manager
%endif
@@ -733,6 +741,11 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Fri Jun 29 2012 Rob Crittenden - 2.99.0-37
+- Add Requires on openssl
+- Set minimum tomcat6 to 6.0.35-4 in F-18
+- Set minimum mod_auth_kerb to 5.4-16 in F-18
+
* Fri Jun 21 2012 Sumit Bose - 2.99.0-36
- Add extdom extop plugin
diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf
index 5385f9db027c88fac6e7b0762c60f9a8dc2e1c3c..8da210d0aef95aa8179c00de89850df1f89f140a 100644
--- a/install/conf/ipa-rewrite.conf
+++ b/install/conf/ipa-rewrite.conf
@@ -1,9 +1,6 @@
-# VERSION 2 - DO NOT REMOVE THIS LINE
+# VERSION 3 - DO NOT REMOVE THIS LINE
RewriteEngine on
-RewriteLog /var/log/httpd/rewrite.log
-RewriteLogLevel 0
-
# By default forward all requests to /ipa. If you don't want IPA
# to be the default on your web server comment this line out.
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index bc8e6a249d96c9998e91c6037321aaa9c53ff00c..248232ac6e8048b6091c56a7824025f39a275fba 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -125,6 +125,26 @@ def find_hostname():
raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename)
+def find_autoredirect(fqdn):
+"""
+When upgrading ipa-rewrite.conf we need to see if the automatic redirect
+was disabled during install time (or afterward). So sift through the
+configuration file and see if we can determine the status.
+
+Returns True if autoredirect is enabled, False otherwise
+"""
+filename = '/etc/httpd/conf.d/ipa-rewrite.conf'
+if os.path.exists(filename):
+pattern = "^RewriteRule \^/\$ https://%s/ipa/ui \[L,NC,R=301\]" % fqdn
+p = re.compile(pattern)
+for line in fileinput.input(filename):
+if p.search(line):
+fileinput.close()
+return True
+fileinput.close()
+return False
+return True
+
def find_version(filename):
"""Find the version of a configuration file"""
if os.path.exists(filename):
@@ -386,7 +406,8 @@ def main():
check_certs()
-sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn }
+auto_redirect = find_autoredirect(fqdn)
+sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect else '#'}
upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf"
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
On 06/29/2012 05:07 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 06/27/2012 07:46 PM, Rob Crittenden wrote:
>>> I found a few minor issues when building and installing the master branch on
>>> Fedora 18. This patch should address it.
>>>
>>> rob
>>>
>>
>> 1) This will fail for on F17->F18 upgrades, we need to bump VERSION in
>> ipa-rewrite.conf.
>>
>> Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash
>> during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set.
>>
>> However, this variable will need to be figured out from current
>> ipa-rewrite.conf contents as it depends on whether the IPA server was
>> installed
>> with --no-ui-redirect or not.
>>
>> 2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6
>> fixed in BZ 831464?
>>
>> 3) %changelog entry is missing
>>
>> Martin
>>
>
> This should do it
>
> rob
This looks as a way to go, but this one won't fly yet - the server FQDN is
hard-coded to the find_autoredirect function.
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
Martin Kosek wrote:
On 06/27/2012 07:46 PM, Rob Crittenden wrote:
I found a few minor issues when building and installing the master branch on
Fedora 18. This patch should address it.
rob
1) This will fail for on F17->F18 upgrades, we need to bump VERSION in
ipa-rewrite.conf.
Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash
during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set.
However, this variable will need to be figured out from current
ipa-rewrite.conf contents as it depends on whether the IPA server was installed
with --no-ui-redirect or not.
2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6
fixed in BZ 831464?
3) %changelog entry is missing
Martin
This should do it
rob
>From e354bf16a8768477be8da32643681117bfa5b20b Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 20 Jun 2012 14:09:55 -0400
Subject: [PATCH] Fix compatibility with Fedora 18.
We need a Requires on openssl, the mod_rewrite syntax has changed so
we can dump some unused configuration and we need a newer version of
mod_auth_kerb to pick up the new location of delegated ccache.
https://fedorahosted.org/freeipa/ticket/2839
---
freeipa.spec.in | 14 ++
install/conf/ipa-rewrite.conf |5 +
install/tools/ipa-upgradeconfig | 23 ++-
3 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index f7b115202bc8086ba26b25fbe1848fb4ad1fec2a..55fe90f7afe0ac753d4c02ba3bc77d17bae64bbb 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -112,7 +112,11 @@ Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp
Requires: httpd
Requires: mod_wsgi
+%if 0%{?fedora} >= 18
+Requires: mod_auth_kerb >= 5.4-16
+%else
Requires: mod_auth_kerb >= 5.4-8
+%endif
Requires: mod_nss >= 1.0.8-10
Requires: python-ldap
Requires: python-krbV
@@ -145,10 +149,14 @@ Requires: pki-silent >= 9.0.18
Requires: pki-setup >= 9.0.18
Requires: dogtag-pki-common-theme
Requires: dogtag-pki-ca-theme
+%if 0%{?fedora} >= 18
+Requires: tomcat6 >= 6.0.35-4
+%else
%if 0%{?fedora} >= 16
# Only tomcat6 greater than this version provides proper systemd support
Requires: tomcat6 >= 6.0.32-17
%endif
+%endif
%if 0%{?rhel}
Requires: subscription-manager
%endif
@@ -161,6 +169,7 @@ Requires(postun): python initscripts chkconfig
%endif
Requires: python-dns
Requires: keyutils
+Requires: openssl
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
@@ -733,6 +742,11 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Fri Jun 29 2012 Rob Crittenden - 2.99.0-37
+- Add Requires on openssl
+- Set minimum tomcat6 to 6.0.35-4 in F-18
+- Set minimum mod_auth_kerb to 5.4-16 in F-18
+
* Fri Jun 21 2012 Sumit Bose - 2.99.0-36
- Add extdom extop plugin
diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf
index 5385f9db027c88fac6e7b0762c60f9a8dc2e1c3c..8da210d0aef95aa8179c00de89850df1f89f140a 100644
--- a/install/conf/ipa-rewrite.conf
+++ b/install/conf/ipa-rewrite.conf
@@ -1,9 +1,6 @@
-# VERSION 2 - DO NOT REMOVE THIS LINE
+# VERSION 3 - DO NOT REMOVE THIS LINE
RewriteEngine on
-RewriteLog /var/log/httpd/rewrite.log
-RewriteLogLevel 0
-
# By default forward all requests to /ipa. If you don't want IPA
# to be the default on your web server comment this line out.
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index bc8e6a249d96c9998e91c6037321aaa9c53ff00c..bb5cedda2dc11fd24e442920d4f09605a1ae522e 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -125,6 +125,26 @@ def find_hostname():
raise RuntimeError("Unable to determine the fully qualified hostname from %s" % filename)
+def find_autoredirect(fqdn):
+"""
+When upgrading ipa-rewrite.conf we need to see if the automatic redirect
+was disabled during install time (or afterward). So sift through the
+configuration file and see if we can determine the status.
+
+Returns True if autoredirect is enabled, False otherwise
+"""
+filename = '/etc/httpd/conf.d/ipa-rewrite.conf'
+if os.path.exists(filename):
+pattern = "^RewriteRule \^/\$ https://rawhide2.greyoak.com/ipa/ui \[L,NC,R=301\]"
+p = re.compile(pattern)
+for line in fileinput.input(filename):
+if p.search(line):
+fileinput.close()
+return True
+fileinput.close()
+return False
+return True
+
def find_version(filename):
"""Find the version of a configuration file"""
if os.path.exists(filename):
@@ -386,7 +406,8 @@ def main():
check_certs()
-sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn }
+auto_redirect = find_autoredirect(fqdn)
+sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect els
Re: [Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
On 06/27/2012 07:46 PM, Rob Crittenden wrote:
> I found a few minor issues when building and installing the master branch on
> Fedora 18. This patch should address it.
>
> rob
>
1) This will fail for on F17->F18 upgrades, we need to bump VERSION in
ipa-rewrite.conf.
Besides that, ipa-upgradeconfig needs to be fixed, otherwise it will crash
during ipa-rewrite.conf upgrade - ${AUTOREDIR} variable is not set.
However, this variable will need to be figured out from current
ipa-rewrite.conf contents as it depends on whether the IPA server was installed
with --no-ui-redirect or not.
2) Shouldn't we bump tomcat6 version as well since we depend on the tomcat6
fixed in BZ 831464?
3) %changelog entry is missing
Martin
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 1030 Fedora 18 compatibility
I found a few minor issues when building and installing the master
branch on Fedora 18. This patch should address it.
rob
>From d0a8f5316e17ce37d54a2794ee314ef1ba5a909d Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Wed, 20 Jun 2012 14:09:55 -0400
Subject: [PATCH] Fix compatibility with Fedora 18.
We need a Requires on openssl, the mod_rewrite syntax has changed so
we can dump some unused configuration and we need a newer version of
mod_auth_kerb to pick up the new location of delegated ccache.
https://fedorahosted.org/freeipa/ticket/2839
---
freeipa.spec.in |5 +
install/conf/ipa-rewrite.conf |2 --
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index b61d93ddacc6e8600fde5388c672de95b09febaf..c4e3d6f575622070ea4edcf5f672b64bbd3ff41a 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -110,7 +110,11 @@ Requires: cyrus-sasl-gssapi%{?_isa}
Requires: ntp
Requires: httpd
Requires: mod_wsgi
+%if 0%{?fedora} >= 18
+Requires: mod_auth_kerb >= 5.4-16
+%else
Requires: mod_auth_kerb >= 5.4-8
+%endif
Requires: mod_nss >= 1.0.8-10
Requires: python-ldap
Requires: python-krbV
@@ -159,6 +163,7 @@ Requires(postun): python initscripts chkconfig
%endif
Requires: python-dns
Requires: keyutils
+Requires: openssl
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
diff --git a/install/conf/ipa-rewrite.conf b/install/conf/ipa-rewrite.conf
index 5385f9db027c88fac6e7b0762c60f9a8dc2e1c3c..89e8d7fc89f8959341fc0e0f3b7ffe67213ae25c 100644
--- a/install/conf/ipa-rewrite.conf
+++ b/install/conf/ipa-rewrite.conf
@@ -1,8 +1,6 @@
# VERSION 2 - DO NOT REMOVE THIS LINE
RewriteEngine on
-RewriteLog /var/log/httpd/rewrite.log
-RewriteLogLevel 0
# By default forward all requests to /ipa. If you don't want IPA
--
1.7.10.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
