# 389-ds-base 1.4 no longer supports i686 platform, build only client

# packages, https://bugzilla.redhat.com/show_bug.cgi?id=1544386

%if 0%{?fedora} >= 28 || 0%{?rhel} > 7

    %ifarch %{ix86}

        %{!?ONLY_CLIENT:%global ONLY_CLIENT 1}

    %endif

%endif

# Define ONLY_CLIENT to only make the ipa-client and ipa-python

# subpackages

%{!?ONLY_CLIENT:%global ONLY_CLIENT 0}

%if %{ONLY_CLIENT}

    %global enable_server_option --disable-server

%else

    %global enable_server_option --enable-server

%endif

# Build ipatests

%if 0%{?rhel}

    %global with_ipatests 0

%endif

%if ! %{ONLY_CLIENT}

    %{!?with_ipatests:%global with_ipatests 1}

%endif

%if 0%{?with_ipatests}

    %global with_ipatests_option --with-ipatests

%else

    %global with_ipatests_option --without-ipatests

%endif

# Python 2/3 packages and default Python interpreter

%if 0%{?rhel} > 7

    %global with_default_python 3

%endif

%if 0%{?fedora} >= 29

    # F29 only supports Python 3 as default Python

    %global with_default_python 3

%endif

%{!?with_default_python:%global with_default_python 3}

%global with_python3 1

%global python %{__python3}

# lint is not executed during rpmbuild

# %%global with_lint 1

%if 0%{?with_lint}

    %global linter_options --enable-pylint --with-jslint

%else

    %global linter_options --disable-pylint --without-jslint

%endif

%if 0%{?rhel}

%global package_name ipa

%global alt_name freeipa

%global krb5_version 1.16.1

%global krb5_kdb_version 7.0

# 0.7.16: https://github.com/drkjam/netaddr/issues/71

%global python_netaddr_version 0.7.16

# Require 4.7.0 which brings Python 3 bindings

%global samba_version 4.7.0

%global selinux_policy_version 3.14.3-21

%global slapi_nis_version 0.56.1-4

%global python_ldap_version 3.1.0-1

# python3-lib389

# Fix for "Installation fails: Replica Busy"

# https://pagure.io/389-ds-base/issue/49818

%global ds_version 1.4.0.16

# Fix for TLS 1.3 PHA, RHBZ#1775158

%global httpd_version 2.4.37-21

%else

# Fedora

%global package_name freeipa

%global alt_name ipa

# Fix for CVE-2018-20217

%global krb5_version 1.17-17

%global krb5_kdb_version 7.0

# 0.7.16: https://github.com/drkjam/netaddr/issues/71

%global python_netaddr_version 0.7.16

# Require 4.7.0 which brings Python 3 bindings

%global samba_version 2:4.9.0

# SELinux context for /etc/named directory, RHBZ#1759495

%global selinux_policy_version 3.14.3-52

%global slapi_nis_version 0.56.1

# fix for segfault in python3-ldap, https://pagure.io/freeipa/issue/7324

%global python_ldap_version 3.1.0-1

# Fix for create suffix

# https://pagure.io/389-ds-base/issue/49984

%global ds_version 1.4.1.1

# Fix for TLS 1.3 PHA, RHBZ#1775146

%if 0%{?fedora} >= 31

%global httpd_version 2.4.41-9

%else

%global httpd_version 2.4.41-6.1

%endif

# Don't use Fedora's Python dependency generator on Fedora 30/rawhide yet.

# Some packages don't provide new dist aliases.

# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/

%{?python_disable_dependency_generator}

%endif  # Fedora

# 10.7.3 supports LWCA key replication using AES

# https://pagure.io/freeipa/issue/8020

%global pki_version 10.7.3-1

# https://pagure.io/certmonger/issue/90

%global certmonger_version 0.79.7-1

# NSS release with fix for p11-kit-proxy issue, affects F28

# https://pagure.io/freeipa/issue/7810

%if 0%{?fedora} == 28

%global nss_version 3.41.0-3

%else

%global nss_version 3.41.0-1

%endif

%global sssd_version 2.2.0-1

%define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')

%global plugin_dir %{_libdir}/dirsrv/plugins

%global etc_systemd_dir %{_sysconfdir}/systemd/system

%global gettext_domain ipa

%define _hardened_build 1

# Work-around fact that RPM SPEC parser does not accept

# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement

%define IPA_VERSION 4.8.4

%define AT_SIGN @

# redefine IPA_VERSION only if its value matches the Autoconf placeholder

%if "%{IPA_VERSION}" == "%{AT_SIGN}VERSION%{AT_SIGN}"

    %define IPA_VERSION nonsense.to.please.RPM.SPEC.parser

%endif

Name:           %{package_name}

Version:        %{IPA_VERSION}

Release:        2%{?dist}

Summary:        The Identity, Policy and Audit system

License:        GPLv3+

URL:            http://www.freeipa.org/

Source0:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz

Source1:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc

# https://github.com/freeipa/freeipa/pull/4045

# Fix bugs in the overlapping DNS zone check

Patch0:         4045.patch

# For the timestamp trick in patch application

BuildRequires:  diffstat

BuildRequires:  openldap-devel

# For KDB DAL version, make explicit dependency so that increase of version

# will cause the build to fail due to unsatisfied dependencies.

# DAL version change may cause code crash or memory leaks, it is better to fail early.

BuildRequires:  krb5-kdb-version = %{krb5_kdb_version}

BuildRequires:  krb5-devel >= %{krb5_version}

# 1.27.4: xmlrpc_curl_xportparms.gssapi_delegation

BuildRequires:  xmlrpc-c-devel >= 1.27.4

BuildRequires:  popt-devel

BuildRequires:  gcc

BuildRequires:  make

BuildRequires:  pkgconfig

BuildRequires:  autoconf

BuildRequires:  automake

BuildRequires:  libtool

BuildRequires:  gettext

BuildRequires:  gettext-devel

BuildRequires:  python3-devel

BuildRequires:  python3-setuptools

BuildRequires:  systemd

# systemd-tmpfiles which is executed from make install requires apache user

BuildRequires:  httpd

BuildRequires:  nspr-devel

BuildRequires:  nss-devel >= %{nss_version}

BuildRequires:  openssl-devel

BuildRequires:  libini_config-devel

BuildRequires:  cyrus-sasl-devel

%if ! %{ONLY_CLIENT}

BuildRequires:  389-ds-base-devel >= %{ds_version}

BuildRequires:  samba-devel >= %{samba_version}

BuildRequires:  libtalloc-devel

BuildRequires:  libtevent-devel

BuildRequires:  libuuid-devel

BuildRequires:  libsss_idmap-devel

BuildRequires:  libsss_certmap-devel

BuildRequires:  libsss_nss_idmap-devel >=  %{sssd_version}

BuildRequires:  nodejs

BuildRequires:  uglify-js

BuildRequires:  libverto-devel

BuildRequires:  libunistring-devel

# 0.13.0: https://bugzilla.redhat.com/show_bug.cgi?id=1584773

# 0.13.0-2: fix for missing dependency on python-six

BuildRequires:  python3-lesscpy >= 0.13.0-2

%endif # ONLY_CLIENT

#

# Build dependencies for makeapi/makeaci

#

BuildRequires:  python3-cffi

BuildRequires:  python3-dns

BuildRequires:  python3-ldap >= %{python_ldap_version}

BuildRequires:  python3-libsss_nss_idmap

BuildRequires:  python3-netaddr >= %{python_netaddr_version}

BuildRequires:  python3-pyasn1

BuildRequires:  python3-pyasn1-modules

BuildRequires:  python3-six

#

# Build dependencies for wheel packaging and PyPI upload

#

%if 0%{?with_wheels}

BuildRequires:  dbus-glib-devel

BuildRequires:  libffi-devel

BuildRequires:  python3-tox

%if 0%{?fedora} <= 28

BuildRequires:  python3-twine

%else

BuildRequires:  twine

%endif

BuildRequires:  python3-wheel

%endif # with_wheels

#

# Build dependencies for lint and fastcheck

#

%if 0%{?with_lint}

BuildRequires:  jsl

BuildRequires:  rpmlint

BuildRequires:  softhsm

BuildRequires:  python3-augeas

BuildRequires:  python3-cffi

BuildRequires:  python3-cryptography >= 1.6

BuildRequires:  python3-custodia >= 0.3.1

BuildRequires:  python3-dateutil

BuildRequires:  python3-dbus

BuildRequires:  python3-dns >= 1.15

BuildRequires:  python3-gssapi >= 1.2.0

BuildRequires:  python3-jinja2

BuildRequires:  python3-jwcrypto >= 0.4.2

BuildRequires:  python3-ldap >= %{python_ldap_version}

BuildRequires:  python3-ldap >= %{python_ldap_version}

BuildRequires:  python3-lib389 >= %{ds_version}

BuildRequires:  python3-libipa_hbac

BuildRequires:  python3-libsss_nss_idmap

BuildRequires:  python3-lxml

BuildRequires:  python3-netaddr >= %{python_netaddr_version}

BuildRequires:  python3-netifaces

BuildRequires:  python3-paste

BuildRequires:  python3-pki >= %{pki_version}

BuildRequires:  python3-polib

BuildRequires:  python3-pyasn1

BuildRequires:  python3-pyasn1-modules

BuildRequires:  python3-pycodestyle

%if 0%{?fedora} >= 29

# https://bugzilla.redhat.com/show_bug.cgi?id=1648299

BuildRequires:  python3-pylint >= 2.1.1-2

%else

BuildRequires:  python3-pylint >= 1.7

%endif

BuildRequires:  python3-pytest-multihost

BuildRequires:  python3-pytest-sourceorder

BuildRequires:  python3-qrcode-core >= 5.0.0

BuildRequires:  python3-samba

BuildRequires:  python3-six

BuildRequires:  python3-sss

BuildRequires:  python3-sss-murmur

BuildRequires:  python3-sssdconfig >= %{sssd_version}

BuildRequires:  python3-systemd

BuildRequires:  python3-yubico

%endif # with_lint

#

# Build dependencies for unit tests

#

%if ! %{ONLY_CLIENT}

BuildRequires:  libcmocka-devel

# Required by ipa_kdb_tests

BuildRequires:  krb5-server >= %{krb5_version}

%endif # ONLY_CLIENT

%description

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

%if ! %{ONLY_CLIENT}

%package server

Summary: The IPA authentication server

Requires: %{name}-server-common = %{version}-%{release}

Requires: %{name}-client = %{version}-%{release}

Requires: %{name}-common = %{version}-%{release}

Requires: python3-ipaserver = %{version}-%{release}

Requires: python3-ldap >= %{python_ldap_version}

Requires: 389-ds-base >= %{ds_version}

Requires: openldap-clients > 2.4.35-4

Requires: nss >= %{nss_version}

Requires: nss-tools >= %{nss_version}

Requires(post): krb5-server >= %{krb5_version}

Requires(post): krb5-server >= %{krb5_base_version}

Requires: krb5-kdb-version = %{krb5_kdb_version}

Requires: krb5-pkinit-openssl >= %{krb5_version}

Requires: cyrus-sasl-gssapi%{?_isa}

Requires: chrony

Requires: httpd >= %{httpd_version}

Requires(preun): python3

Requires(postun): python3

Requires: python3-gssapi >= 1.2.0-5

Requires: python3-systemd

Requires: python3-mod_wsgi

Requires: mod_auth_gssapi >= 1.5.0

Requires: mod_ssl >= %{httpd_version}

Requires: mod_session >= %{httpd_version}

# 0.9.9: https://github.com/adelton/mod_lookup_identity/pull/3

Requires: mod_lookup_identity >= 0.9.9

Requires: acl

Requires: systemd-units >= 38

Requires(pre): shadow-utils

Requires(pre): systemd-units

Requires(post): systemd-units

Requires: selinux-policy >= %{selinux_policy_version}

Requires(post): selinux-policy-base >= %{selinux_policy_version}

Requires: slapi-nis >= %{slapi_nis_version}

Requires: pki-ca >= %{pki_version}

Requires: pki-kra >= %{pki_version}

Requires(preun): systemd-units

Requires(postun): systemd-units

Requires: policycoreutils >= 2.1.12-5

Requires: tar

Requires(pre): certmonger >= %{certmonger_version}

Requires(pre): 389-ds-base >= %{ds_version}

Requires: fontawesome-fonts

Requires: open-sans-fonts

Requires: openssl

Requires: softhsm >= 2.0.0rc1-1

Requires: p11-kit

Requires: %{etc_systemd_dir}

Requires: gzip

Requires: oddjob

# 0.7.0-2: https://pagure.io/gssproxy/pull-request/172

Requires: gssproxy >= 0.7.0-2

Requires: sssd-dbus >= %{sssd_version}

Provides: %{alt_name}-server = %{version}

Conflicts: %{alt_name}-server

Obsoletes: %{alt_name}-server < %{version}

# With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the

# entire SELinux policy is stored in the system policy

Obsoletes: freeipa-server-selinux < 3.3.0

# upgrade path from monolithic -server to -server + -server-dns

Obsoletes: %{name}-server <= 4.2.0

# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to

# member.

Conflicts: nss-pam-ldapd < 0.8.4

%description server

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If you are installing an IPA server, you need to install this package.

%package -n python3-ipaserver

Summary: Python libraries used by IPA server

BuildArch: noarch

%{?python_provide:%python_provide python3-ipaserver}

Requires: %{name}-server-common = %{version}-%{release}

Requires: %{name}-common = %{version}-%{release}

# we need pre-requires since earlier versions may break upgrade

Requires(pre): python3-ldap >= %{python_ldap_version}

Requires: python3-augeas

Requires: python3-custodia >= 0.3.1

Requires: python3-dbus

Requires: python3-dns >= 1.15

Requires: python3-gssapi >= 1.2.0

Requires: python3-ipaclient = %{version}-%{release}

Requires: python3-kdcproxy >= 0.4.1

Requires: python3-lxml

Requires: python3-pki >= %{pki_version}

Requires: python3-pyasn1 >= 0.3.2-2

Requires: python3-sssdconfig >= %{sssd_version}

Requires: rpm-libs

# Indirect dependency: use newer urllib3 with TLS 1.3 PHA support

%if 0%{?rhel}

Requires: python3-urllib3 >= 1.24.2-3

%else

Requires: python3-urllib3 >= 1.25.7

%endif

%description -n python3-ipaserver

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If you are installing an IPA server, you need to install this package.

%package server-common

Summary: Common files used by IPA server

BuildArch: noarch

Requires: %{name}-client-common = %{version}-%{release}

Requires: httpd >= %{httpd_version}

Requires: systemd-units >= 38

Requires: custodia >= 0.3.1

Provides: %{alt_name}-server-common = %{version}

Conflicts: %{alt_name}-server-common

Obsoletes: %{alt_name}-server-common < %{version}

%description server-common

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If you are installing an IPA server, you need to install this package.

%package server-dns

Summary: IPA integrated DNS server with support for automatic DNSSEC signing

BuildArch: noarch

Requires: %{name}-server = %{version}-%{release}

Requires: bind-dyndb-ldap >= 11.0-2

Requires: bind >= 9.11.0-6.P2

Requires: bind-utils >= 9.11.0-6.P2

Requires: bind-pkcs11 >= 9.11.0-6.P2

Requires: bind-pkcs11-utils >= 9.11.0-6.P2

Requires: opendnssec >= 1.4.6-4

%{?systemd_requires}

Provides: %{alt_name}-server-dns = %{version}

Conflicts: %{alt_name}-server-dns

Obsoletes: %{alt_name}-server-dns < %{version}

# upgrade path from monolithic -server to -server + -server-dns

Obsoletes: %{name}-server <= 4.2.0

%description server-dns

IPA integrated DNS server with support for automatic DNSSEC signing.

Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

%package server-trust-ad

Summary: Virtual package to install packages required for Active Directory trusts

Requires: %{name}-server = %{version}-%{release}

Requires: %{name}-common = %{version}-%{release}

Requires: samba >= %{samba_version}

Requires: samba-winbind

Requires: libsss_idmap

Requires(post): python3

Requires: python3-samba

Requires: python3-libsss_nss_idmap

Requires: python3-sss

# We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5

# on the installes where server-trust-ad subpackage is installed because

# IPA AD trusts cannot be used at the same time with the locator plugin

# since Winbindd will be configured in a different mode

Requires(post): %{_sbindir}/update-alternatives

Requires(postun): %{_sbindir}/update-alternatives

Requires(preun): %{_sbindir}/update-alternatives

Provides: %{alt_name}-server-trust-ad = %{version}

Conflicts: %{alt_name}-server-trust-ad

Obsoletes: %{alt_name}-server-trust-ad < %{version}

%description server-trust-ad

Cross-realm trusts with Active Directory in IPA require working Samba 4

installation. This package is provided for convenience to install all required

dependencies at once.

%endif # ONLY_CLIENT

%package client

Summary: IPA authentication for use on clients

Requires: %{name}-client-common = %{version}-%{release}

Requires: %{name}-common = %{version}-%{release}

Requires: python3-gssapi >= 1.2.0-5

Requires: python3-ipaclient = %{version}-%{release}

Requires: python3-ldap >= %{python_ldap_version}

Requires: python3-sssdconfig >= %{sssd_version}

Requires: cyrus-sasl-gssapi%{?_isa}

Requires: chrony

Requires: krb5-workstation >= %{krb5_version}

Requires: authselect >= 0.4-2

Requires: curl

# NIS domain name config: /usr/lib/systemd/system/*-domainname.service

%if 0%{?fedora} >= 29

Requires: hostname

%else

Requires: initscripts

%endif

Requires: libcurl >= 7.21.7-2

Requires: xmlrpc-c >= 1.27.4

Requires: sssd-ipa >= %{sssd_version}

Requires: certmonger >= %{certmonger_version}

Requires: nss-tools >= %{nss_version}

Requires: bind-utils

Requires: oddjob-mkhomedir

Requires: libsss_autofs

Requires: autofs

Requires: libnfsidmap

Requires: nfs-utils

Requires: sssd-tools >= %{sssd_version}

Requires(post): policycoreutils

Provides: %{alt_name}-client = %{version}

Conflicts: %{alt_name}-client

Obsoletes: %{alt_name}-client < %{version}

Provides: %{alt_name}-admintools = %{version}

Conflicts: %{alt_name}-admintools

Obsoletes: %{alt_name}-admintools < 4.4.1

Obsoletes: %{name}-admintools < 4.4.1

Provides: %{name}-admintools = %{version}-%{release}

%description client

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If your network uses IPA for authentication, this package should be

installed on every client machine.

This package provides command-line tools for IPA administrators.

%package client-samba

Summary: Tools to configure Samba on IPA client

Group: System Environment/Base

Requires: %{name}-client = %{version}-%{release}

Requires: python3-samba

Requires: samba-client

Requires: samba-winbind

Requires: samba-common-tools

Requires: samba

Requires: sssd-winbind-idmap

Requires: tdb-tools

Requires: cifs-utils

%description client-samba

This package provides command-line tools to deploy Samba domain member

on the machine enrolled into a FreeIPA environment

%package -n python3-ipaclient

Summary: Python libraries used by IPA client

BuildArch: noarch

%{?python_provide:%python_provide python3-ipaclient}

Requires: %{name}-client-common = %{version}-%{release}

Requires: %{name}-common = %{version}-%{release}

Requires: python3-ipalib = %{version}-%{release}

Requires: python3-augeas

Requires: python3-dns >= 1.15

Requires: python3-jinja2

%description -n python3-ipaclient

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If your network uses IPA for authentication, this package should be

installed on every client machine.

%package client-common

Summary: Common files used by IPA client

BuildArch: noarch

Provides: %{alt_name}-client-common = %{version}

Conflicts: %{alt_name}-client-common

Obsoletes: %{alt_name}-client-common < %{version}

%description client-common

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If your network uses IPA for authentication, this package should be

installed on every client machine.

%package python-compat

Summary: Compatiblity package for Python libraries used by IPA

BuildArch: noarch

Obsoletes: %{name}-python < 4.2.91

Provides: %{name}-python = %{version}-%{release}

Requires: %{name}-common = %{version}-%{release}

Requires: python3-ipalib = %{version}-%{release}

Provides: %{alt_name}-python-compat = %{version}

Conflicts: %{alt_name}-python-compat

Obsoletes: %{alt_name}-python-compat < %{version}

Obsoletes: %{alt_name}-python < 4.2.91

Provides: %{alt_name}-python = %{version}

%description python-compat

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

This is a compatibility package to accommodate %{name}-python split into

python3-ipalib and %{name}-common. Packages still depending on

%{name}-python should be fixed to depend on python2-ipaclient or

%{name}-common instead.

%package -n python3-ipalib

Summary: Python3 libraries used by IPA

BuildArch: noarch

%{?python_provide:%python_provide python3-ipalib}

Provides: python3-ipapython = %{version}-%{release}

%{?python_provide:%python_provide python3-ipapython}

Provides: python3-ipaplatform = %{version}-%{release}

%{?python_provide:%python_provide python3-ipaplatform}

Requires: %{name}-common = %{version}-%{release}

# we need pre-requires since earlier versions may break upgrade

Requires(pre): python3-ldap >= %{python_ldap_version}

Requires: gnupg2

Requires: keyutils

Requires: python3-cffi

Requires: python3-cryptography >= 1.6

Requires: python3-dateutil

Requires: python3-dbus

Requires: python3-dns >= 1.15

Requires: python3-gssapi >= 1.2.0

Requires: python3-jwcrypto >= 0.4.2

Requires: python3-libipa_hbac

Requires: python3-netaddr >= %{python_netaddr_version}

Requires: python3-netifaces >= 0.10.4

Requires: python3-pyasn1 >= 0.3.2-2

Requires: python3-pyasn1-modules >= 0.3.2-2

Requires: python3-pyusb

Requires: python3-qrcode-core >= 5.0.0

Requires: python3-requests

Requires: python3-setuptools

Requires: python3-six

Requires: python3-sss-murmur

Requires: python3-yubico >= 1.3.2-7

%description -n python3-ipalib

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If you are using IPA with Python 3, you need to install this package.

%package common

Summary: Common files used by IPA

BuildArch: noarch

Conflicts: %{name}-python < 4.2.91

Provides: %{alt_name}-common = %{version}

Conflicts: %{alt_name}-common

Obsoletes: %{alt_name}-common < %{version}

Conflicts: %{alt_name}-python < %{version}

%description common

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

If you are using IPA, you need to install this package.

%if 0%{?with_ipatests}

%package -n python3-ipatests

Summary: IPA tests and test tools

BuildArch: noarch

%{?python_provide:%python_provide python3-ipatests}

Requires: python3-ipaclient = %{version}-%{release}

Requires: python3-ipaserver = %{version}-%{release}

Requires: iptables

Requires: ldns-utils

Requires: python3-coverage

Requires: python3-cryptography >= 1.6

Requires: python3-polib

Requires: python3-pytest >= 2.6

Requires: python3-pytest-multihost >= 0.5

Requires: python3-pytest-sourceorder

Requires: python3-sssdconfig >= %{sssd_version}

Requires: tar

Requires: xz

%description -n python3-ipatests

IPA is an integrated solution to provide centrally managed Identity (users,

hosts, services), Authentication (SSO, 2FA), and Authorization

(host access control, SELinux user roles, services). The solution provides

features for further integration with Linux based clients (SUDO, automount)

and integration with Active Directory based infrastructures (Trusts).

This package contains tests that verify IPA functionality under Python 3.

%endif # with_ipatests

%prep

# Fedora spec file only: START

# Update timestamps on the files touched by a patch, to avoid non-equal

# .pyc/.pyo files across the multilib peers within a build, where "Level"

# is the patch prefix option (e.g. -p1)

# Taken from specfile for sssd and python-simplejson

UpdateTimestamps() {

  Level=$1

  PatchFile=$2

  # Locate the affected files:

  for f in $(diffstat $Level -l $PatchFile); do

    # Set the files to have the same timestamp as that of the patch:

    touch -r $PatchFile $f

  done

}