certmonger may provide new CAs, as in the case from upgrading IPA 2.2 to
3.x. We need these new CAs available during the upgrade process.
The certmonger package does its own condrestart as part of %postun which
runs after the %post script of freeipa-server, so we need to restart it
ourselves before upgrading.
rob
>From dd2243cb11db4ea3e56d5801d53b616113bbb1f5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <[email protected]>
Date: Thu, 24 Jan 2013 16:14:31 -0500
Subject: [PATCH] Make certmonger a (pre) requires on server, restart it before
upgrading
certmonger may provide new CAs, as in the case from upgrading IPA 2.2
to 3.x. We need these new CAs available during the upgrade process.
The certmonger package does its own condrestart as part of %postun
which runs after the %post script of freeipa-server, so we need to
restart it ourselves before upgrading.
https://fedorahosted.org/freeipa/ticket/3378
---
freeipa.spec.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 3493fed..189c7b9 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -127,6 +127,7 @@ Requires: keyutils
Requires: zip
Requires: policycoreutils >= %{POLICYCOREUTILSVER}
Requires: tar
+Requires(pre): certmonger >= 0.65
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
@@ -214,7 +215,7 @@ Requires: wget
Requires: libcurl >= 7.21.7-2
Requires: xmlrpc-c >= 1.27.4
Requires: sssd >= 1.8.0
-Requires: certmonger >= 0.60
+Requires: certmonger >= 0.65
Requires: nss-tools
Requires: bind-utils
Requires: oddjob-mkhomedir
@@ -430,6 +431,7 @@ rm -rf %{buildroot}
/bin/systemctl --system daemon-reload 2>&1 || :
# END
if [ $1 -gt 1 ] ; then
+ /bin/systemctl condrestart certmonger.service 2>&1 || :
/usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
fi
@@ -767,6 +769,10 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Thu Jan 24 2013 Rob Crittenden <[email protected]> - 3.0.99-12
+- Add certmonger condrestart to server post scriptlet
+- Make certmonger a (pre) Requires on the server subpackage
+
* Fri Jan 22 2013 Petr Vobornik <[email protected]> - 3.0.99-11
- dependency fix
- Add BuildRequires: java-1.7.0-openjdk.
--
1.8.1
>From ed7ee4072e00d56f5da8e26436f7cda233c16dbb Mon Sep 17 00:00:00 2001
From: Rob Crittenden <[email protected]>
Date: Thu, 24 Jan 2013 16:14:31 -0500
Subject: [PATCH] Make certmonger a (pre) requires on server, restart it before
upgrading
certmonger may provide new CAs, as in the case from upgrading IPA 2.2
to 3.x. We need these new CAs available during the upgrade process.
The certmonger package does its own condrestart as part of %postun
which runs after the %post script of freeipa-server, so we need to
restart it ourselves before upgrading.
https://fedorahosted.org/freeipa/ticket/3378
---
freeipa.spec.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index f1c45b6cce0ba109638bd538aa468c47d2024652..900148194bd86a246162b6a5f786c181ce461b5c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -126,6 +126,7 @@ Requires: keyutils
Requires: zip
Requires: policycoreutils >= %{POLICYCOREUTILSVER}
Requires: tar
+Requires(pre): certmonger >= 0.65
# We have a soft-requires on bind. It is an optional part of
# IPA but if it is configured we need a way to require versions
@@ -213,7 +214,7 @@ Requires: wget
Requires: libcurl >= 7.21.7-2
Requires: xmlrpc-c >= 1.27.4
Requires: sssd >= 1.8.0
-Requires: certmonger >= 0.60
+Requires: certmonger >= 0.65
Requires: nss-tools
Requires: bind-utils
Requires: oddjob-mkhomedir
@@ -429,6 +430,7 @@ rm -rf %{buildroot}
/bin/systemctl --system daemon-reload 2>&1 || :
# END
if [ $1 -gt 1 ] ; then
+ /bin/systemctl condrestart certmonger.service 2>&1 || :
/usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
fi
@@ -752,6 +754,10 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Thu Jan 24 2013 Rob Crittenden <[email protected]> - 3.0.99-10
+- Add certmonger condrestart to server post scriptlet
+- Make certmonger a (pre) Requires on the server subpackage
+
* Fri Dec 7 2012 Endi S. Dewata <[email protected]> - 3.0.99-9
- Bump minimum version of pki-ca to 10.0.0-0.54.b3
--
1.8.1
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
