rpms/ipa/F-9 freeipa-dnsquery.patch, NONE, 1.1 freeipa-nssperms.patch, NONE, 1.1 ipa.spec, 1.8, 1.9
Robert Crittenden (rcritten)
fedora-extras-commits at redhat.com
Mon Apr 28 20:27:16 UTC 2008
Author: rcritten
Update of /cvs/extras/rpms/ipa/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18223
Modified Files:
ipa.spec
Added Files:
freeipa-dnsquery.patch freeipa-nssperms.patch
Log Message:
- Added patch to fix permissions problems with the Apache NSS database.
- Added patch to fix problem with DNS querying where the query could be
returned as the answer.
- Fix spec error where patch1 was in the wrong section
freeipa-dnsquery.patch:
--- NEW FILE freeipa-dnsquery.patch ---
--- a/ipa-python/dnsclient.py
+++ b/ipa-python/dnsclient.py
@@ -365,22 +365,22 @@ def dnsParseResults(results):
if not rest:
return []
- rr = DNSResult()
+ qq = DNSResult()
(rest, label) = dnsParseLabel(rest, results)
if label is None:
return []
- if len(rest) < rr.qsize():
+ if len(rest) < qq.qsize():
return []
- rr.qunpack(rest)
+ qq.qunpack(rest)
- rest = rest[rr.qsize():]
+ rest = rest[qq.qsize():]
if DEBUG_DNSCLIENT:
print "Queried for '%s', class = %d, type = %d." % (label,
- rr.dns_class, rr.dns_type)
+ qq.dns_class, qq.dns_type)
for i in xrange(header.dns_ancount + header.dns_nscount + header.dns_arcount):
(rest, label) = dnsParseLabel(rest, results)
@@ -424,8 +424,6 @@ def dnsParseResults(results):
rest = rest[rr.dns_rlength:]
rrlist += [rr]
- if not rrlist:
- rrlist = [rr]
return rrlist
def query(query, qclass, qtype):
freeipa-nssperms.patch:
--- NEW FILE freeipa-nssperms.patch ---
--- a/ipa-server/ipaserver/httpinstance.py
+++ b/ipa-server/ipaserver/httpinstance.py
@@ -160,6 +160,16 @@ class HTTPInstance(service.Service):
ca.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca)
ca.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ds_ca)
+ # Fix the database permissions
+ os.chmod(NSS_DIR + "/cert8.db", 0640)
+ os.chmod(NSS_DIR + "/key3.db", 0640)
+ os.chmod(NSS_DIR + "/secmod.db", 0640)
+
+ pent = pwd.getpwnam("apache")
+ os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid )
+ os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid )
+ os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid )
+
def __setup_autoconfig(self):
prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict)
prefs_fd = open("/usr/share/ipa/html/preferences.html", "w")
Index: ipa.spec
===================================================================
RCS file: /cvs/extras/rpms/ipa/F-9/ipa.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ipa.spec 25 Apr 2008 18:53:13 -0000 1.8
+++ ipa.spec 28 Apr 2008 20:26:39 -0000 1.9
@@ -6,7 +6,7 @@
Name: ipa
Version: 1.0.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: The Identity, Policy and Audit system
Group: System Environment/Base
@@ -16,6 +16,8 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: freeipa-default-keytype.patch
+Patch2: freeipa-nssperms.patch
+Patch3: freeipa-dnsquery.patch
BuildRequires: fedora-ds-base-devel >= 1.1
BuildRequires: mozldap-devel
@@ -176,9 +178,11 @@
administering radius authentication settings in IPA.
-%patch1 -p1 -b default-keytype
%prep
%setup -n freeipa-%{version} -q
+%patch1 -p1 -b .default-keytype
+%patch2 -p1 -b .nssperms
+%patch3 -p1 -b .dnsquery
%build
cd ipa-server; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
@@ -424,6 +428,12 @@
%{_sbindir}/ipa-modradiusprofile
%changelog
+* Mon Apr 28 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.0-3
+- Added patch to fix permissions problems with the Apache NSS database.
+- Added patch to fix problem with DNS querying where the query could be
+ returned as the answer.
+- Fix spec error where patch1 was in the wrong section
+
* Fri Apr 25 2008 Rob Crittenden <rcritten at redhat.com> - 1.0.0-2
- Added patch to fix problem reported by ldapmodify
- Fix Requires for krb5-server that was missing for Fedora versions > 9
More information about the fedora-extras-commits
mailing list