Hello, Create server-dns sub-package.
This allows us to automatically pull in package bind-pkcs11 and thus create upgrade path for on CentOS 7.1 -> 7.2. IPA previously had no requires on BIND packages and these had to be installed manually before first ipa-dns-install run. We need to pull additional bind-pkcs11 package during RPM upgrade so ipa-dns-install cannot help with this. https://fedorahosted.org/freeipa/ticket/4058 -- Petr^2 Spacek
From 5dc874339861eadd3715b3db728756d4e38e460a Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Wed, 1 Jul 2015 14:06:37 +0200 Subject: [PATCH] Create server-dns sub-package. This allows us to automatically pull in package bind-pkcs11 and thus create upgrade path for on CentOS 7.1 -> 7.2. IPA previously had no requires on BIND packages and these had to be installed manually before first ipa-dns-install run. We need to pull additional bind-pkcs11 package during RPM upgrade so ipa-dns-install cannot help with this. https://fedorahosted.org/freeipa/ticket/4058 --- freeipa.spec.in | 83 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 59 insertions(+), 24 deletions(-) diff --git a/freeipa.spec.in b/freeipa.spec.in index 4f08db9f693318c6f4bfaf5e634ccffa78a4a28c..2287755b298f138d5e7e3d3872a28e9b307da6fb 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -111,6 +111,20 @@ logs, analysis thereof). %package server Summary: The IPA authentication server Group: System Environment/Base +Requires: %{name}-server-core = %{version}-%{release} +Requires: %{name}-server-dns = %{version}-%{release} + +%description server +IPA server metapackage. Main IPA server functionality is provided by +ipa-server-core package. Integrated DNS server is in ipa-server-dns package. + + +%package server-core +Summary: The IPA authentication server +Group: System Environment/Base +# upgrade from monolithic freeipa-server to freeipa-server + freeipa-server-dns +Conflicts: %{name}-server < 4.2.0 + Requires: %{name}-python = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} Requires: %{name}-admintools = %{version}-%{release} @@ -161,43 +175,57 @@ Requires: systemd-python Requires: %{etc_systemd_dir} Conflicts: %{alt_name}-server -Obsoletes: %{alt_name}-server < %{version} +Conflicts: %{alt_name}-server-core +Obsoletes: %{alt_name}-server-core < %{version} # With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the # entire SELinux policy is stored in the system policy Obsoletes: freeipa-server-selinux < 3.3.0 -# We have a soft-requires on bind. It is an optional part of -# IPA but if it is configured we need a way to require versions -# that work for us. -Conflicts: bind-dyndb-ldap < 6.0-4 -%if 0%{?fedora} >= 21 -Conflicts: bind < 9.9.6-3 -Conflicts: bind-utils < 9.9.6-3 -%else -Conflicts: bind < 9.9.4-21 -Conflicts: bind-utils < 9.9.4-21 -%endif -# DNSSEC -Conflicts: opendnssec < 1.4.6-4 - # Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to # member. Conflicts: nss-pam-ldapd < 0.8.4 -%description server +%description server-core IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof). If you are installing an IPA server you need to install this package (in other words, most people should NOT install this package). +%package server-dns +Summary: IPA integrated DNS server (BIND 9) with DNSSEC support (OpenDNSSEC) +Group: System Environment/Base +Requires: %{name}-server-core = %{version}-%{release} + +Requires: bind-dyndb-ldap >= 6.0-4 +%if 0%{?fedora} >= 21 +Requires: bind >= 9.9.6-3 +Requires: bind-utils >= 9.9.6-3 +Requires: bind-pkcs11 >= 9.9.6-3 +Requires: bind-pkcs11-utils >= 9.9.6-3 +%else +Requires: bind >= 9.9.4-21 +Requires: bind-utils >= 9.9.4-21 +Requires: bind-pkcs11 >= 9.9.4-21 +Requires: bind-pkcs11-utils >= 9.9.4-21 +%endif +# DNSSEC +Requires: opendnssec >= 1.4.6-4 + +Obsoletes: %{alt_name}-server-dns < %{version} + +%description server-dns +IPA integrated DNS server with support for automatic DNSSEC signing. +DNS server implementation is BIND 9. DNSSEC signing is provided by OpenDNSSEC. + + %package server-trust-ad Summary: Virtual package to install packages required for Active Directory trusts Group: System Environment/Base -Requires: %{name}-server = %version-%release +Requires: %{name}-server-core = %version-%release Requires: m2crypto Requires: samba-python Requires: samba >= %{samba_version} @@ -522,15 +550,15 @@ mkdir -p %{buildroot}%{_sysconfdir}/cron.d rm -rf %{buildroot} %if ! %{ONLY_CLIENT} -%post server +%post server-core # NOTE: systemd specific section /bin/systemctl --system daemon-reload 2>&1 || : # END if [ $1 -gt 1 ] ; then /bin/systemctl condrestart certmonger.service 2>&1 || : fi -%posttrans server +%posttrans server-core # This must be run in posttrans so that updates from previous # execution that may no longer be shipped are not applied. /usr/sbin/ipa-server-upgrade --quiet >/dev/null || echo "IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually." @@ -547,15 +575,15 @@ if [ $? -eq 0 ]; then fi # END -%preun server +%preun server-core if [ $1 = 0 ]; then # NOTE: systemd specific section /bin/systemctl --quiet stop ipa.service || : /bin/systemctl --quiet disable ipa.service || : # END fi -%pre server +%pre server-core # Stop ipa_kpasswd if it exists before upgrading so we don't have a # zombie process when we're done. if [ -e /usr/sbin/ipa_kpasswd ]; then @@ -671,13 +699,15 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then fi %if ! %{ONLY_CLIENT} -%files server -f server-python.list +%files server +# metapackage + +%files server-core -f server-python.list %defattr(-,root,root,-) %doc COPYING README Contributors.txt %{_sbindir}/ipa-backup %{_sbindir}/ipa-restore %{_sbindir}/ipa-ca-install -%{_sbindir}/ipa-dns-install %{_sbindir}/ipa-kra-install %{_sbindir}/ipa-server-install %{_sbindir}/ipa-replica-conncheck @@ -845,7 +875,6 @@ fi %{_mandir}/man1/ipa-server-certinstall.1.gz %{_mandir}/man1/ipa-server-install.1.gz %{_mandir}/man1/ipa-server-upgrade.1.gz -%{_mandir}/man1/ipa-dns-install.1.gz %{_mandir}/man1/ipa-ca-install.1.gz %{_mandir}/man1/ipa-kra-install.1.gz %{_mandir}/man1/ipa-compat-manage.1.gz @@ -860,6 +889,12 @@ fi %{_mandir}/man1/ipa-otptoken-import.1.gz %{_mandir}/man1/ipa-cacert-manage.1.gz + +%files server-dns +%{_sbindir}/ipa-dns-install +%{_mandir}/man1/ipa-dns-install.1.gz + + %files server-trust-ad %{_sbindir}/ipa-adtrust-install %attr(755,root,root) %{plugin_dir}/libipa_extdom_extop.so -- 2.1.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
