%define httpd_conf /etc/httpd/conf.d
%define plugin_dir %{_libdir}/dirsrv/plugins
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

Name:           ipa
Version:        0.99
Release:        5%{?dist}
Summary:        The Identity, Policy and Audit system

Group:          System Environment/Base
License:        GPLv2+
URL:            http://www.freeipa.org/
Source0:        freeipa-%{version}.tar.gz
# Tree is not tagged or branched at 1.0 yet (soon). The tar.gz was created 
# with:
# hg clone -r 597 http://hg.fedorahosted.org/hg/freeipa freeipa-0.99
# tar czf freeipa-0.99.tar.gz freeipa-0.99
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires:  fedora-ds-base-devel >= 1.1
BuildRequires:  mozldap-devel
BuildRequires:  openssl-devel
BuildRequires:  openldap-devel
BuildRequires:  krb5-devel
BuildRequires:  nss-devel
BuildRequires:  libcap-devel
BuildRequires:  python-devel
BuildRequires:  autoconf
BuildRequires:  automake
BuildRequires:  libtool
%if "%{?fedora}" == "7"
BuildRequires:  popt
%else
BuildRequires:  popt-devel
%endif

%description
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof).

%package server
Summary: The IPA authentication server
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires: fedora-ds-base >= 1.1
Requires: openldap-clients
Requires: nss
Requires: nss-tools
Requires: krb5-server
Requires: krb5-server-ldap
Requires: cyrus-sasl-gssapi
Requires: ntp
Requires: httpd
Requires: mod_python
Requires: mod_auth_kerb
Requires: mod_nss >= 1.0.7-2
Requires: python-ldap
Requires: python-krbV
Requires: TurboGears
Requires: python-tgexpandingformwidget
Requires: acl
Requires: python-pyasn1
Requires: libcap

%description server
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are installing an IPA server you need
to install this package (in other words, most people should NOT install
this package).


%package client
Summary: IPA authentication for use on clients
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: python-ldap
Requires: python-krbV
Requires: cyrus-sasl-gssapi

%description client
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If your network uses IPA for authentication,
this package should be installed on every client machine.


%package admintools
Summary: IPA administrative tools
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: python-krbV

%description admintools
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This package provides command-line tools for
IPA administrators.

%package python
Summary: Python libraries used by IPA
Group: System Environment/Libraries
Requires: python-kerberos

%description python
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are using IPA you need to install this
package.

%package radius-server
Summary: IPA authentication server - radius plugin
Group: System Environment/Base
Requires: freeradius
Requires: %{name}-python = %{version}-%{release}

%description radius-server
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This plugin enables radius support.

%package radius-admintools
Summary: IPA authentication server - radius administration tools
Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
Requires: python-krbV

%description radius-admintools
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). This package provides command-line tools for
administering radius authentication settings in IPA.


%prep
%setup -n freeipa-%{version} -q

%build
cd ipa-server; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir}; cd ..
cd ipa-client; ./autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir}; cd ..

make %{?_smp_mflags} all

%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT

# Remove .la files from libtool - we don't want to package
# these files
rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la
rm %{buildroot}/%{plugin_dir}/libipa-memberof-plugin.la
rm %{buildroot}/%{plugin_dir}/libipa-dna-plugin.la

# Some user-modifiable HTML files are provided. Move these to /etc
# and link back.
mv %{buildroot}/%{_usr}/share/ipa/html/ssbrowser.html %{buildroot}/%{_sysconfdir}/ipa
mv %{buildroot}/%{_usr}/share/ipa/html/unauthorized.html %{buildroot}/%{_sysconfdir}/ipa
ln -s ../../../..%{_sysconfdir}/ipa \
    %{buildroot}%{_usr}/share/ipa/html/ssbrowser.html
ln -s ../../../..%{_sysconfdir}/ipa \
    %{buildroot}%{_usr}/share/ipa/html/unauthorized.html

%clean
rm -rf $RPM_BUILD_ROOT

%post server
if [ $1 = 1 ]; then
    /sbin/chkconfig --add ipa_kpasswd
    /sbin/chkconfig --add ipa_webgui
fi

%preun server
if [ $1 = 0 ]; then
    /sbin/chkconfig --del ipa_kpasswd
    /sbin/chkconfig --del ipa_webgui
    /sbin/service ipa_kpasswd stop >/dev/null 2>&1 || :
    /sbin/service ipa_webgui stop >/dev/null 2>&1 || :
fi

%postun server
if [ "$1" -ge "1" ]; then
    /sbin/service ipa_kpasswd condrestart >/dev/null 2>&1 || :
    /sbin/service ipa_webgui condrestart >/dev/null 2>&1 || :
fi


%files server
%doc LICENSE README
%defattr(-,root,root,-)
%{_sbindir}/ipa-server-install
%{_sbindir}/ipa-replica-install
%{_sbindir}/ipa-replica-prepare
%{_sbindir}/ipa-replica-manage
%{_sbindir}/ipa-server-certinstall
%{_sbindir}/ipa_kpasswd
%{_sbindir}/ipa_webgui
%attr(755,root,root) %{_initrddir}/ipa_kpasswd
%attr(755,root,root) %{_initrddir}/ipa_webgui
%dir %{_usr}/share/ipa
%{_usr}/share/ipa/*.ldif
%{_usr}/share/ipa/*.template
%dir %{_usr}/share/ipa/html
%{_usr}/share/ipa/html/ssbrowser.html
%{_usr}/share/ipa/html/unauthorized.html
%dir %{_sysconfdir}/ipa
%config(noreplace) %{_sysconfdir}/ipa/ssbrowser.html
%config(noreplace) %{_sysconfdir}/ipa/unauthorized.html
%{_usr}/share/ipa/ipa_webgui.cfg
%{_usr}/share/ipa/ipa.conf
%dir %{_usr}/share/ipa/ipagui
%{_usr}/share/ipa/ipagui/*
%dir %{_usr}/share/ipa/ipa_gui.egg-info
%{_usr}/share/ipa/ipa_gui.egg-info/*
%dir %{_usr}/share/ipa/ipaserver
%dir %{_usr}/share/ipa/ipaserver/*
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
%attr(755,root,root) %{plugin_dir}/libipa-memberof-plugin.so
%attr(755,root,root) %{plugin_dir}/libipa-dna-plugin.so
%dir %{_localstatedir}/cache/ipa
%dir %{_localstatedir}/cache/ipa/sysrestore
%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
%dir %{python_sitelib}/ipaserver
%{python_sitelib}/ipaserver/*.py*

%files client
%doc LICENSE README
%{_sbindir}/ipa-client-install
%{_sbindir}/ipa-getkeytab
%dir %{_usr}/share/ipa
%dir %{_usr}/share/ipa/ipaclient
%{_usr}/share/ipa/ipaclient/ipa.cfg
%{_usr}/share/ipa/ipaclient/ipa.js
%dir %{python_sitelib}/ipaclient
%{python_sitelib}/ipaclient/*.py*

%files admintools
%doc LICENSE README
%defattr(-,root,root,-)
%{_sbindir}/ipa-adddelegation
%{_sbindir}/ipa-addgroup
%{_sbindir}/ipa-addservice
%{_sbindir}/ipa-adduser
%{_sbindir}/ipa-deldelegation
%{_sbindir}/ipa-delgroup
%{_sbindir}/ipa-deluser
%{_sbindir}/ipa-findgroup
%{_sbindir}/ipa-finduser
%{_sbindir}/ipa-groupmod
%{_sbindir}/ipa-listdelegation
%{_sbindir}/ipa-lockuser
%{_sbindir}/ipa-moddelegation
%{_sbindir}/ipa-passwd
%{_sbindir}/ipa-usermod
%{_mandir}/man1/ipa-adddelegation.1.gz
%{_mandir}/man1/ipa-addgroup.1.gz
%{_mandir}/man1/ipa-adduser.1.gz
%{_mandir}/man1/ipa-deldelegation.1.gz
%{_mandir}/man1/ipa-delgroup.1.gz
%{_mandir}/man1/ipa-deluser.1.gz
%{_mandir}/man1/ipa-findgroup.1.gz
%{_mandir}/man1/ipa-finduser.1.gz
%{_mandir}/man1/ipa-getkeytab.1.gz
%{_mandir}/man1/ipa-groupmod.1.gz
%{_mandir}/man1/ipa-listdelegation.1.gz
%{_mandir}/man1/ipa-lockuser.1.gz
%{_mandir}/man1/ipa-moddelegation.1.gz
%{_mandir}/man1/ipa-passwd.1.gz
%{_mandir}/man1/ipa-usermod.1.gz

%files python
%doc LICENSE README
%defattr(-,root,root,-)
%dir %{python_sitelib}/ipa
%{python_sitelib}/ipa/*.py*
%if "%{?fedora}" >= "9"
%{python_sitelib}/ipa-*.egg-info
%endif
%config(noreplace) %{_sysconfdir}/ipa/ipa.conf

%files radius-server
%doc LICENSE README
%{_sbindir}/ipa-radius-install
%{_usr}/share/ipa/ipaserver/plugins/*
%dir %{_usr}/share/ipa/plugins
%{_usr}/share/ipa/plugins/radius.radiusd.conf.template

%files radius-admintools
%doc LICENSE README
%{_sbindir}/ipa-addradiusclient
%{_sbindir}/ipa-addradiusprofile
%{_sbindir}/ipa-delradiusclient
%{_sbindir}/ipa-delradiusprofile
%{_sbindir}/ipa-findradiusclient
%{_sbindir}/ipa-findradiusprofile
%{_sbindir}/ipa-radiusclientmod
%{_sbindir}/ipa-radiusprofilemod

%changelog
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-5
- package the sessions dir /var/cache/ipa/sessions
- Pull upstream version 597

* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-4
- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
  UI to not start.

* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-3
- Included LICENSE and README in all packages for documentation
- Move user-modifiable content to /etc/ipa and linked back to 
  /usr/share/ipa/html
- Changed some references to /usr to the {_usr} macro and /etc
  to {_sysconfdir}
- Added popt-devel to BuildRequires for Fedora 8 and higher and
  popt for Fedora 7
- Package the egg-info for Fedora 9 and higher for ipa-python

* Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> 0.99-2
- Added auto* BuildRequires

* Mon Jan 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-1
- Unified spec file

* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
- Fixed License in specfile
- Include files from /usr/lib/python*/site-packages/ipaserver

* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
- Version bump for release

* Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1
- Preverse mode on ipa-keytab-util
- Version bump for relase and rpm name change

* Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2
- Broke invididual Requires and BuildRequires onto separate lines and
  reordered them
- Added python-tgexpandingformwidget as a dependency
- Require at least fedora-ds-base 1.1

* Thu Nov  1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
- Version bump for release

* Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6
- Add dep for freeipa-admintools and acl

* Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5
- Add dependency for python-krbV

* Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4
- Require mod_nss-1.0.7-2 for mod_proxy fixes

* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3
- Convert to autotools-based build

* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
  
* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
- Added support for libipa-dna-plugin

* Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1
- Added support for ipa_kpasswd and ipa_pwd_extop

* Mon Aug  5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
- Abstracted client class to work directly or over RPC

* Wed Aug  1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
- Remove references to admin server in ipa-server-setupssl
- Generate a client certificate for the XML-RPC server to connect to LDAP with
- Create a keytab for Apache
- Create an ldif with a test user
- Provide a certmap.conf for doing SSL client authentication

* Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1
- Initial rpm version