From f1f3ef478d8d2786269a919bb428cb2ee5372ba6 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Jul 17 2015 08:40:44 +0000 Subject: Create server-dns sub-package. This allows us to automatically pull in package bind-pkcs11 and thus create upgrade path for on CentOS 7.1 -> 7.2. IPA previously had no requires on BIND packages and these had to be installed manually before first ipa-dns-install run. We need to pull additional bind-pkcs11 package during RPM upgrade so ipa-dns-install cannot help with this. https://fedorahosted.org/freeipa/ticket/4058 Reviewed-By: Jan Cholasta Reviewed-By: Alexander Bokovoy --- diff --git a/freeipa.spec.in b/freeipa.spec.in index fabfaee..fef20e1 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -170,19 +170,8 @@ Obsoletes: %{alt_name}-server < %{version} # entire SELinux policy is stored in the system policy Obsoletes: freeipa-server-selinux < 3.3.0 -# We have a soft-requires on bind. It is an optional part of -# IPA but if it is configured we need a way to require versions -# that work for us. -Conflicts: bind-dyndb-ldap < 6.0-4 -%if 0%{?fedora} >= 21 -Conflicts: bind < 9.9.6-3 -Conflicts: bind-utils < 9.9.6-3 -%else -Conflicts: bind < 9.9.4-21 -Conflicts: bind-utils < 9.9.4-21 -%endif -# DNSSEC -Conflicts: opendnssec < 1.4.6-4 +# upgrade path from monolithic -server to -server + -server-dns +Obsoletes: %{name}-server <= 4.2.0 # Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to # member. @@ -197,6 +186,35 @@ to install this package (in other words, most people should NOT install this package). +%package server-dns +Summary: IPA integrated DNS server with support for automatic DNSSEC signing +Group: System Environment/Base +Requires: %{name}-server = %{version}-%{release} +Requires: bind-dyndb-ldap >= 6.0-4 +%if 0%{?fedora} >= 21 +Requires: bind >= 9.9.6-3 +Requires: bind-utils >= 9.9.6-3 +Requires: bind-pkcs11 >= 9.9.6-3 +Requires: bind-pkcs11-utils >= 9.9.6-3 +%else +Requires: bind >= 9.9.4-21 +Requires: bind-utils >= 9.9.4-21 +Requires: bind-pkcs11 >= 9.9.4-21 +Requires: bind-pkcs11-utils >= 9.9.4-21 +%endif +Requires: opendnssec >= 1.4.6-4 + +Conflicts: %{alt_name}-server-dns +Obsoletes: %{alt_name}-server-dns < %{version} + +# upgrade path from monolithic -server to -server + -server-dns +Obsoletes: %{name}-server <= 4.2.0 + +%description server-dns +IPA integrated DNS server with support for automatic DNSSEC signing. +Integrated DNS server is BIND 9. OpenDNSSEC provides key management. + + %package server-trust-ad Summary: Virtual package to install packages required for Active Directory trusts Group: System Environment/Base @@ -683,7 +701,6 @@ fi %{_sbindir}/ipa-backup %{_sbindir}/ipa-restore %{_sbindir}/ipa-ca-install -%{_sbindir}/ipa-dns-install %{_sbindir}/ipa-kra-install %{_sbindir}/ipa-server-install %{_sbindir}/ipa-replica-conncheck @@ -857,7 +874,6 @@ fi %{_mandir}/man1/ipa-server-certinstall.1.gz %{_mandir}/man1/ipa-server-install.1.gz %{_mandir}/man1/ipa-server-upgrade.1.gz -%{_mandir}/man1/ipa-dns-install.1.gz %{_mandir}/man1/ipa-ca-install.1.gz %{_mandir}/man1/ipa-kra-install.1.gz %{_mandir}/man1/ipa-compat-manage.1.gz @@ -873,6 +889,10 @@ fi %{_mandir}/man1/ipa-cacert-manage.1.gz %{_mandir}/man1/ipa-winsync-migrate.1.gz +%files server-dns +%{_sbindir}/ipa-dns-install +%{_mandir}/man1/ipa-dns-install.1.gz + %files server-trust-ad %{_sbindir}/ipa-adtrust-install %{_usr}/share/ipa/smb.conf.empty