Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package voms for openSUSE:Factory checked in at 2026-04-18 21:35:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/voms (Old) and /work/SRC/openSUSE:Factory/.voms.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "voms" Sat Apr 18 21:35:19 2026 rev:6 rq:1347839 version:2.1.3 Changes: -------- --- /work/SRC/openSUSE:Factory/voms/voms.changes 2025-07-15 16:44:58.038423341 +0200 +++ /work/SRC/openSUSE:Factory/.voms.new.11940/voms.changes 2026-04-18 21:35:34.995627569 +0200 @@ -1,0 +2,12 @@ +Tue Mar 24 22:53:46 UTC 2026 - Dirk Müller <[email protected]> + +- update to 2.1.3: + * voms-proxy-init now reports errors similarly to the Java + clients, in particular for expired certificates, suspended + users, expired AUPs + * voms-proxy-init doesn't contact any more the VOMS server + legacy endpoint + * add CI workflow to build RPMs and publish the release + * add a CHANGELOG.md file, used by the above workflow + +------------------------------------------------------------------- Old: ---- voms-2.1.2.tar.gz New: ---- voms-2.1.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ voms.spec ++++++ --- /var/tmp/diff_new_pack.TeDQ6C/_old 2026-04-18 21:35:36.303680879 +0200 +++ /var/tmp/diff_new_pack.TeDQ6C/_new 2026-04-18 21:35:36.319681531 +0200 @@ -1,7 +1,7 @@ # # spec file for package voms # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2015 [email protected] # # All modifications and additions to the file contributed by third parties @@ -18,7 +18,7 @@ Name: voms -Version: 2.1.2 +Version: 2.1.3 Release: 0 Summary: The Virtual Organisation Membership Service License: Apache-2.0 ++++++ voms-2.1.2.tar.gz -> voms-2.1.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/.github/workflows/build-rpm.yaml new/voms-2.1.3/.github/workflows/build-rpm.yaml --- old/voms-2.1.2/.github/workflows/build-rpm.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/voms-2.1.3/.github/workflows/build-rpm.yaml 2025-12-18 13:39:27.000000000 +0100 @@ -0,0 +1,128 @@ +# SPDX-FileCopyrightText: 2014 Istituto Nazionale di Fisica Nucleare +# +# SPDX-License-Identifier: Apache-2.0 + +name: Build RPM +on: push + +jobs: + build-rpm: + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name + strategy: + fail-fast: false + matrix: + os: [almalinux] + version: [8, 9, 10] + outputs: + repo: ${{ steps.info.outputs.repo }} + version: ${{ steps.info.outputs.version }} + runs-on: ubuntu-latest + container: '${{ matrix.os }}:${{ matrix.version }}' + steps: + - name: Install dependencies + run: | + dnf upgrade -y + dnf install -y epel-release + [[ "${{ matrix.version }}" = 8 ]] && dnf config-manager --set-enabled powertools + [[ "${{ matrix.version }}" = 9 ]] && dnf config-manager --set-enabled crb + [[ "${{ matrix.version }}" = 10 ]] && dnf install -y almalinux-release-devel + dnf install -y bison docbook-style-xsl doxygen expat-devel gcc-c++ git gsoap-devel libtool libxslt make openssl-devel pkgconfig pkgconfig rpm-sign rpmdevtools rpmlint + - name: Setup build tree + run: | + echo "%_topdir $(pwd)/rpmbuild" >> ~/.rpmmacros + rpmdev-setuptree + - uses: actions/checkout@v6 + with: + path: 'rpmbuild/BUILD' + fetch-depth: 0 + - name: Calculate version and repo + id: info + run: | + cd rpmbuild/BUILD + if [[ ${{ github.ref_type }} = 'tag' ]]; then + # In case is a tag, check if the tag matches v<x>.<y>.<z>(-[0-9A-Za-z-]+)? + if [[ ${GITHUB_REF_NAME} =~ ^v([0-9]+\.[0-9]+\.[0-9]+)(-[[:alnum:]-]+)?$ ]]; then + if [[ -z ${BASH_REMATCH[2]} ]]; then + REPO='stable' + VERSION="${BASH_REMATCH[1]}" + else + # If the tag includes a "-" is a beta, substitute the first "-" with "~" and any other ones with "_" + REPO='beta' + PRERELEASE=$(echo ${BASH_REMATCH[2]:1} | sed 's/-/_/g') + VERSION="${BASH_REMATCH[1]}~${PRERELEASE}" + fi + fi + else + # Use the output of "git describe" to create version dropping the leading "v" and substituting: + # - the last "-" with "." + # - the now last "-" with "^" + # - the first remaining "-" (if any) with "~" + # - all possible remaining "-" with "_" + VERSION=$(git describe --tags --long | sed 's/^v//' | sed -r 's/(.*)-/\1./' | sed -r 's/(.*)-/\1^/' | sed 's/-/~/' | sed 's/-/_/g') + if [[ ${GITHUB_REF_NAME} = ${{ github.event.repository.default_branch }} ]]; then + REPO='nightly' + fi + fi + echo "REPO=${REPO}" >> "${GITHUB_ENV}" + echo "repo=${REPO}" >> "${GITHUB_OUTPUT}" + echo "VERSION=${VERSION}" >> "${GITHUB_ENV}" + echo "version=${VERSION}" >> "${GITHUB_OUTPUT}" + echo "Version: ${VERSION}" + echo "Repo: ${REPO:-none}" + - name: Import GPG key + if: ${{ matrix.version != 8 }} + env: + MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_KEY }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + run: | + echo "${MAVEN_GPG_KEY}" > private-key.asc + gpg --batch --import-options import-show --import private-key.asc + rm private-key.asc + gpg --export -a CNAFSD > RPM-GPG-KEY-pmanager + rpm --import RPM-GPG-KEY-pmanager + echo "%_gpg_name CNAFSD" >> ~/.rpmmacros + echo "%_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase ${MAVEN_GPG_PASSPHRASE}" >> ~/.rpmmacros + - name: Build RPM + run: | + cp rpmbuild/BUILD/voms.spec rpmbuild/SPECS/voms.spec + rpmlint rpmbuild/SPECS/voms.spec + rpmbuild --define "base_version ${VERSION}" -ba rpmbuild/SPECS/voms.spec + if [[ "${{ matrix.version }}" = 8 ]]; then + echo "Skip signing on AlmaLinux 8 to avoid error: RPM-GPG-KEY-pmanager: key 1 import failed" + exit 0 + fi + for file in rpmbuild/RPMS/*/*.rpm; do + GPG_TTY="" rpm --addsign "${file}" + done + - uses: actions/upload-artifact@v5 + with: + name: build-rpm-${{ matrix.os }}-${{ matrix.version }} + path: | + rpmbuild/RPMS/**/*.rpm + - name: Upload release to repo + if: env.REPO != '' + env: + NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} + run: | + for file in rpmbuild/RPMS/*/*.rpm; do + curl --fail --user "${{ vars.NEXUS_USERNAME }}:${NEXUS_PASSWORD}" --upload-file "${file}" https://repo.cloud.cnaf.infn.it/repository/voms-rpm-${REPO}/redhat${{ matrix.version }}/ + done + create-release: + needs: build-rpm + runs-on: ubuntu-latest + env: + GH_TOKEN: ${{ github.token }} + VERSION: ${{ needs.build-rpm.outputs.version }} + if: needs.build-rpm.outputs.repo == 'stable' + steps: + - name: Check out repository code + uses: actions/checkout@v6 + - uses: actions/download-artifact@v6 + - name: Create release + run: | + # Get from the changelog file only the part related to the tagged release, in particular: + # - Delete lines up to the one beginning with "## <x>.<y>.<z>" (inclusive) + # - Delete lines from the next one beginning with "## " until the end of the file + # - Change all the "### " to "## " to use heading level 2 instead of level 3 + sed -e "1,/^## ${VERSION}/d;/^## /,\$d;s/^### /## /g" CHANGELOG.md > RELEASE-CHANGELOG.md + gh release create v${VERSION} --verify-tag --draft --title "VOMS Server, C/C++ APIs and Clients ${VERSION}" --notes-file RELEASE-CHANGELOG.md build-*/*/*.rpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/.github/workflows/ci.yml new/voms-2.1.3/.github/workflows/ci.yml --- old/voms-2.1.2/.github/workflows/ci.yml 2025-03-27 19:23:30.000000000 +0100 +++ new/voms-2.1.3/.github/workflows/ci.yml 2025-12-18 13:39:27.000000000 +0100 @@ -24,14 +24,15 @@ make ubuntu2004: - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest + container: ubuntu:20.04 steps: - uses: actions/checkout@v4 - name: Install packages run: | - sudo apt update - sudo apt install -y make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev + apt update + DEBIAN_FRONTEND=noninteractive apt install -y make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev - name: Build run: | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/CHANGELOG.md new/voms-2.1.3/CHANGELOG.md --- old/voms-2.1.2/CHANGELOG.md 1970-01-01 01:00:00.000000000 +0100 +++ new/voms-2.1.3/CHANGELOG.md 2025-12-18 13:39:27.000000000 +0100 @@ -0,0 +1,16 @@ +<!-- +SPDX-FileCopyrightText: 2025 Istituto Nazionale di Fisica Nucleare + +SPDX-License-Identifier: Apache-2.0 +--> + +# Changelog + +## 2.1.3 (2025-12-18) + +### What's changed + +* voms-proxy-init now reports errors similarly to the Java clients, in particular for expired certificates, suspended users, expired AUPs +* voms-proxy-init doesn't contact any more the VOMS server legacy endpoint +* add CI workflow to build RPMs and publish the release +* add a CHANGELOG.md file, used by the above workflow diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/configure.ac new/voms-2.1.3/configure.ac --- old/voms-2.1.2/configure.ac 2025-03-27 19:23:30.000000000 +0100 +++ new/voms-2.1.3/configure.ac 2025-12-18 13:39:27.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT([VOMS], [2.1.2]) +AC_INIT([VOMS], [2.1.3]) AC_PREREQ(2.57) AC_CONFIG_AUX_DIR([./aux]) AM_INIT_AUTOMAKE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/spec/voms-all.spec new/voms-2.1.3/spec/voms-all.spec --- old/voms-2.1.2/spec/voms-all.spec 2025-03-27 19:23:30.000000000 +0100 +++ new/voms-2.1.3/spec/voms-all.spec 1970-01-01 01:00:00.000000000 +0100 @@ -1,326 +0,0 @@ -Name: voms -Version: 2.1.2 -Release: 0%{?dist} -Summary: The Virtual Organisation Membership Service C++ APIs - -Group: System Environment/Libraries -License: ASL 2.0 -URL: https://twiki.cnaf.infn.it/twiki/bin/view/VOMS -Source: %{name}-%{version}.tar.gz - -BuildRequires: libtool -BuildRequires: expat-devel -BuildRequires: pkgconfig -BuildRequires: openssl-devel%{?_isa} -BuildRequires: gsoap-devel -BuildRequires: libxslt -BuildRequires: docbook-style-xsl -BuildRequires: doxygen -BuildRequires: bison - -Requires: expat -Requires: openssl - -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - -Packager: Andrea Ceccanti <[email protected]> - -%description -The Virtual Organization Membership Service (VOMS) is an attribute authority -which serves as central repository for VO user authorization information, -providing support for sorting users into group hierarchies, keeping track of -their roles and other attributes in order to issue trusted attribute -certificates and SAML assertions used in the Grid environment for -authorization purposes. - -This package provides libraries that applications using the VOMS functionality -will bind to. - -%package devel -Summary: Virtual Organization Membership Service Development Files -Group: Development/Libraries -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: openssl-devel%{?_isa} -Requires: automake - -%description devel -The Virtual Organization Membership Service (VOMS) is an attribute authority -which serves as central repository for VO user authorization information, -providing support for sorting users into group hierarchies, keeping track of -their roles and other attributes in order to issue trusted attribute -certificates and SAML assertions used in the Grid environment for -authorization purposes. - -This package provides header files for programming with the VOMS libraries. - -%package doc -Summary: Virtual Organization Membership Service Documentation -Group: Documentation -%if %{?fedora}%{!?fedora:0} >= 10 || %{?rhel}%{!?rhel:0} >= 6 -BuildArch: noarch -%endif -Requires: %{name} = %{version}-%{release} - -%description doc -Documentation for the Virtual Organization Membership Service. - -%package clients -Summary: Virtual Organization Membership Service Clients -Group: Applications/Internet - -Requires: %{name}%{?_isa} = %{version}-%{release} -Conflicts: voms-clients3 <= 3.0.4 - -Requires(post): %{_sbindir}/update-alternatives -Requires(postun): %{_sbindir}/update-alternatives - -%description clients -The Virtual Organization Membership Service (VOMS) is an attribute authority -which serves as central repository for VO user authorization information, -providing support for sorting users into group hierarchies, keeping track of -their roles and other attributes in order to issue trusted attribute -certificates and SAML assertions used in the Grid environment for -authorization purposes. - -This package provides command line applications to access the VOMS -services. - -%package server -Summary: Virtual Organization Membership Service Server -Group: Applications/Internet -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: gsoap - -Requires(pre): shadow-utils -Requires(post): chkconfig -Requires(preun): chkconfig -Requires(preun): initscripts -Requires(postun): initscripts - -%description server -The Virtual Organization Membership Service (VOMS) is an attribute authority -which serves as central repository for VO user authorization information, -providing support for sorting users into group hierarchies, keeping track of -their roles and other attributes in order to issue trusted attribute -certificates and SAML assertions used in the Grid environment for -authorization purposes. - -This package provides the VOMS service. - -%prep -%setup -q - -# Fix bad permissions (which otherwise end up in the debuginfo package) -find . '(' -name '*.h' -o -name '*.c' -o -name '*.cpp' -o \ - -name '*.cc' -o -name '*.java' ')' -exec chmod a-x {} ';' -./autogen.sh - -%build - -%configure --disable-static --enable-docs --disable-parser-gen - -make %{?_smp_mflags} - -%install - -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT - -rm $RPM_BUILD_ROOT%{_libdir}/*.la - -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/vomsdir -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/%{name} -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/%{name} -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name} - -mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} -install -m 644 -p LICENSE AUTHORS $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} - -## C API documentation -mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API -cp -pr doc/apidoc/api/VOMS_C_API/html \ - $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API -rm -f $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API/html/installdox - -mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API -cp -pr doc/apidoc/api/VOMS_CC_API/html \ - $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API -rm -f $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API/html/installdox - -for b in voms-proxy-init voms-proxy-info voms-proxy-destroy; do - ## Rename client binaries - mv $RPM_BUILD_ROOT%{_bindir}/${b} $RPM_BUILD_ROOT%{_bindir}/${b}2 - - ## and man pages - mv $RPM_BUILD_ROOT%{_mandir}/man1/${b}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${b}2.1 - - # Needed by alternatives. See http://fedoraproject.org/wiki/Packaging:Alternatives - touch $RPM_BUILD_ROOT/%{_bindir}/${b} -done - -%clean - -rm -rf $RPM_BUILD_ROOT - -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - -%posttrans -# Recover /etc/vomses... -if [ -r %{_sysconfdir}/vomses.rpmsave -a ! -r %{_sysconfdir}/vomses ] ; then - mv %{_sysconfdir}/vomses.rpmsave %{_sysconfdir}/vomses -fi - -%pre server -getent group %{name} >/dev/null || groupadd -r %{name} -getent passwd %{name} >/dev/null || useradd -r -g %{name} \ - -d %{_sysconfdir}/%{name} -s /sbin/nologin -c "VOMS Server Account" %{name} -exit 0 - -%post server -/sbin/chkconfig --add %{name} - -if [ $1 -eq 2 ]; then - chown -R %{name} /var/log/voms - chown -R %{name} /etc/voms -fi - -%preun server -if [ $1 = 0 ]; then - /sbin/service %{name} stop >/dev/null 2>&1 || : - /sbin/chkconfig --del %{name} -fi - -%postun server -if [ $1 -ge 1 ]; then - /sbin/service %{name} condrestart >/dev/null 2>&1 || : -fi - -%pre clients - -if [ $1 -eq 2 ]; then - for c in voms-proxy-init voms-proxy-info voms-proxy-destroy; do - if [[ -x %{_bindir}/$c && ! -L %{_bindir}/$c ]]; then - rm -f %{_bindir}/$c - fi - done -fi - -%post clients - -%{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-init \ - voms-proxy-init %{_bindir}/voms-proxy-init2 50 \ - --slave %{_mandir}/man1/voms-proxy-init.1.gz voms-proxy-init-man %{_mandir}/man1/voms-proxy-init2.1.gz - -%{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-info \ - voms-proxy-info %{_bindir}/voms-proxy-info2 50 \ - --slave %{_mandir}/man1/voms-proxy-info.1.gz voms-proxy-info-man %{_mandir}/man1/voms-proxy-info2.1.gz - -%{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-destroy \ - voms-proxy-destroy %{_bindir}/voms-proxy-destroy2 50 \ - --slave %{_mandir}/man1/voms-proxy-destroy.1.gz voms-proxy-destroy-man %{_mandir}/man1/voms-proxy-destroy2.1.gz - -%postun clients - -if [ $1 -eq 0 ] ; then - %{_sbindir}/update-alternatives --remove voms-proxy-init %{_bindir}/voms-proxy-init2 - %{_sbindir}/update-alternatives --remove voms-proxy-info %{_bindir}/voms-proxy-info2 - %{_sbindir}/update-alternatives --remove voms-proxy-destroy %{_bindir}/voms-proxy-destroy2 -fi - -%files -%defattr(-,root,root,-) -%{_libdir}/libvomsapi.so.1* -%dir %{_sysconfdir}/grid-security -%dir %{_sysconfdir}/grid-security/vomsdir -%dir %{_datadir}/%{name} -%{_datadir}/%{name}/vomses.template -%doc %dir %{_docdir}/%{name}-%{version} -%doc %{_docdir}/%{name}-%{version}/AUTHORS -%doc %{_docdir}/%{name}-%{version}/LICENSE - -%files devel -%defattr(-,root,root,-) -%{_libdir}/libvomsapi.so -%{_includedir}/%{name} -%{_libdir}/pkgconfig/%{name}-2.0.pc -%{_datadir}/aclocal/%{name}.m4 -%{_mandir}/man3/* - -%files doc -%defattr(-,root,root,-) -%doc %{_docdir}/%{name}-%{version}/VOMS_C_API -%doc %{_docdir}/%{name}-%{version}/VOMS_CC_API - -%files clients -%defattr(-,root,root,-) - -%ghost %{_bindir}/voms-proxy-destroy -%ghost %{_bindir}/voms-proxy-info -%ghost %{_bindir}/voms-proxy-init - -%{_bindir}/voms-proxy-destroy2 -%{_bindir}/voms-proxy-info2 -%{_bindir}/voms-proxy-init2 -%{_bindir}/voms-proxy-fake -%{_bindir}/voms-proxy-list -%{_bindir}/voms-verify - -%{_mandir}/man1/voms-proxy-destroy2.1.gz -%{_mandir}/man1/voms-proxy-info2.1.gz -%{_mandir}/man1/voms-proxy-init2.1.gz -%{_mandir}/man1/voms-proxy-fake.1.gz -%{_mandir}/man1/voms-proxy-list.1.gz - -%files server -%defattr(-,root,root,-) -%{_sbindir}/%{name} -%{_initrddir}/%{name} -%config(noreplace) %{_sysconfdir}/sysconfig/%{name} -%dir %{_sysconfdir}/%{name} -%dir %{_sysconfdir}/grid-security/%{name} -%attr(-,voms,voms) %dir %{_localstatedir}/log/%{name} -%{_datadir}/%{name}/mysql2oracle -%{_datadir}/%{name}/upgrade1to2 -%{_datadir}/%{name}/voms.data -%{_datadir}/%{name}/voms_install_db -%{_datadir}/%{name}/voms-ping -%{_datadir}/%{name}/voms_replica_master_setup.sh -%{_datadir}/%{name}/voms_replica_slave_setup.sh -%{_mandir}/man8/voms.8* - -%changelog -* Thu Mar 27 2025 Francesco Giacomini <[email protected]> - 2.1.2-0 -- Packaging for 2.1.0 - -* Tue Aug 23 2016 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.1.0-0 -- Packaging for 2.1.0 - -* Tue Aug 23 2016 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.14-0 -- Packaging for 2.0.14 - -* Mon Nov 9 2015 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.13-0 -- Packaging for 2.0.13 - -* Mon May 12 2014 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.12-2 -- Added missing dependency on gsoap. - -* Mon May 12 2014 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.12-1 -- New packaging of the clients. https://issues.infn.it/jira/browse/VOMS-495 - -* Mon Aug 21 2013 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.11-1 -- Fix for https://issues.infn.it/browse/VOMS-379 - -* Tue Jan 8 2013 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.10-1 -- Fix for https://issues.infn.it/browse/VOMS-196 - -* Sat Oct 27 2012 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.9-1 -- Fix for https://savannah.cern.ch/bugs/?91183 -- Fix for http://issues.cnaf.infn.it/browse/VOMS-128 - -* Tue Apr 10 2012 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.8-1 -- EMI 2 release. - -* Thu Dec 15 2011 Andrea Ceccanti <andrea.ceccanti at cnaf.infn.it> - 2.0.7-1 -- Restructured EMI build to leverage EPEL spec files by Mattias Ellert -- Removed voms-java-apis from the main c-based source tree diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/src/api/ccapi/voms_api.cc new/voms-2.1.3/src/api/ccapi/voms_api.cc --- old/voms-2.1.2/src/api/ccapi/voms_api.cc 2025-03-27 19:23:30.000000000 +0100 +++ new/voms-2.1.3/src/api/ccapi/voms_api.cc 2025-12-18 13:39:27.000000000 +0100 @@ -276,47 +276,9 @@ bool vomsdata::ContactRaw(std::string hostname, int port, std::string servsubject, std::string command, std::string &raw, int& version, int timeout) { - std::string buffer; - std::string subject, ca; - std::string lifetime; - - std::string comm; - std::string targs; - version = 1; - /* Try REST connection first */ - bool ret = ContactRESTRaw(hostname, port, command, raw, version, timeout); - - if (ret - || serverrors.find("User unknown to this VO") != std::string::npos - || serverrors.find("suspended") != std::string::npos - || serverrors.find("not active") != std::string::npos) - return ret; - - // reset the errors - serverrors.clear(); - - std::vector<std::string>::const_iterator end = targets.end(); - std::vector<std::string>::const_iterator begin = targets.begin(); - for (std::vector<std::string>::const_iterator i = begin; i != end; ++i) { - if (i == begin) - targs = *i; - else - targs += std::string(",") + *i; - } - - comm = XML_Req_Encode(command, ordering, targs, duration); - - ret = contact(hostname, port, servsubject, comm, buffer, subject, ca, timeout); - // std::cerr << '\n' << comm << '\n' << buffer << '\n'; - - if (!ret) { - return false; - } - - version = 1; - return InterpretOutput(buffer, raw); + return ContactRESTRaw(hostname, port, command, raw, version, timeout); } static X509 *get_own_cert() @@ -450,22 +412,15 @@ // std::cerr << '\n' << realCommand << '\n' << output << '\n'; - bool ret = false; - - if (res) { - std::string::size_type pos = output.find("<?xml"); - - if (pos != std::string::npos) - ret = InterpretOutput(output.substr(pos), raw); + if (!res) { + return false; + } - if (ret) - if (!(output.substr(0,12) == "HTTP/1.1 200")) - return false; - - return ret; + if (auto pos = output.find("<?xml"); pos != std::string::npos) { + return InterpretOutput(output.substr(pos), raw); } - return ret; + return false; } bool vomsdata::Contact(std::string hostname, int port, std::string servsubject, std::string command) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/src/client/vomsclient.cc new/voms-2.1.3/src/client/vomsclient.cc --- old/voms-2.1.2/src/client/vomsclient.cc 2025-03-27 19:23:30.000000000 +0100 +++ new/voms-2.1.3/src/client/vomsclient.cc 2025-12-18 13:39:27.000000000 +0100 @@ -54,6 +54,9 @@ #include <algorithm> #include <string> #include <random> +#include <iomanip> +#include <cassert> +#include <memory> #include "options.h" #include "vomsxml.h" @@ -459,7 +462,7 @@ exit(1); } - Print(DEBUG) << "Number of bits in key :" << bits << std::endl; + Print(DEBUG) << "Number of bits in key: " << bits << std::endl; /* parse valid options */ @@ -671,8 +674,6 @@ /* create a temporary proxy to contact the server */ if (!noregen) { - Print(INFO) << "Creating temporary proxy " << std::flush; - Print(DEBUG) << "to " << proxyfile << " " << std::flush; int tmp = hours; hours = 1; @@ -682,8 +683,8 @@ } /* contact server */ - Print(INFO) << "Contacting " << " " << beg->host << ":" << beg->port - << " [" << beg->contact << "] \"" << beg->vo << "\"" << std::flush; + Print(INFO) << "Contacting " << beg->host << ":" << beg->port + << " [" << beg->contact << "] \"" << beg->vo << "\"..." << std::flush; int status = v->ContactRaw(beg->host, beg->port, beg->contact, command, buffer, version, timeout); @@ -731,7 +732,7 @@ Print(INFO) << std::endl << "Trying next server for " << beg->nick << "." << std::endl; } else { - Print(ERROR) << std::endl << "None of the contacted servers for " << beg->vo << " were capable\nof returning a valid AC for the user." << std::endl; + Print(ERROR) << "\nNone of the contacted servers for " << beg->vo << " were capable of returning a valid AC for the user.\n"; if (!noregen) unlink(proxyfile.c_str()); return 1; @@ -778,19 +779,12 @@ } /* create a proxy containing the data retrieved from VOMS servers */ - - Print(INFO) << "Creating proxy " << std::flush; - Print(DEBUG) << "to " << proxyfile << " " << std::flush; if (CreateProxy(data, aclist, proxyver)) { goto err2; } - // else { - // free(aclist); - // aclist = NULL; - // } - Print(INFO) << "\n" << std::flush; + Print(INFO) << '\n'; /* unset environment */ @@ -799,12 +793,7 @@ else { setenv("X509_USER_PROXY", oldenv, 1); } - - /* assure user certificate is not expired or going to, else advise but still create proxy */ - - if (Test()) - return 1; - + return Verify(); err: @@ -817,10 +806,46 @@ return 1; } +namespace { + +// generate a string preferably in local time, with TZ indication +std::string to_string(const ASN1_TIME *time) +{ + assert(time != nullptr); + + tm tm_utc; + ASN1_TIME_to_tm(time, &tm_utc); + std::ostringstream os; +#ifdef HAVE_TIMEGM + time_t t_utc = timegm(&tm_utc); + tm *tm_ptr = localtime(&t_utc); + os << std::put_time(tm_ptr, "%c %Z"); +#else + os << std::put_time(&tm_utc, "%c GMT"); +#endif + return os.str(); +} + +} + bool Client::CreateProxy(std::string data, AC ** aclist, int version) { - struct VOMSProxyArguments *args = VOMS_MakeProxyArguments(); - int ret = 0; + using ArgsPtr = std::unique_ptr<VOMSProxyArguments, void (*)(VOMSProxyArguments *)>; + ArgsPtr args{ + VOMS_MakeProxyArguments(), + [](VOMSProxyArguments* args) + { + free(args->proxyfilename); + free(args->policyfile); + free(args->policylang); + free(args->voID); + free(args->filename); + + VOMS_FreeProxyArguments(args); + } + }; + + int ret = -1; if (args) { args->proxyfilename = strdup(proxyfile.c_str()); @@ -848,13 +873,20 @@ args->limited = limit_proxy; args->voID = strdup(voID.c_str()); - args->callback = kpcallback; int warn = 0; void *additional = NULL; - struct VOMSProxy *proxy = VOMS_MakeProxy(args, &warn, &additional); - - PrintProxyCreationError(warn, additional); + // we are creating a temporary proxy if there is no AC or + // if this is a plain Grid proxy (i.e. there was no -voms) + bool const temporary = aclist == nullptr && !vomses.empty(); + Print(DEBUG) << "Creating" << (temporary ? " temporary " : " ") + << "proxy in " << proxyfile << "... " << std::flush; + + using ProxyPtr = std::unique_ptr<VOMSProxy, void(*)(VOMSProxy*)>; + ProxyPtr proxy{ + VOMS_MakeProxy(args.get(), &warn, &additional), + [](VOMSProxy* p) { VOMS_FreeProxy(p); } + }; if (proxy) { /* In case of success, OpenSSL routines have already automagically @@ -863,23 +895,29 @@ free(args->aclist); this->aclist = NULL; } - ret = VOMS_WriteProxy(proxyfile.c_str(), proxy); - if (ret == -1) - Print(ERROR) << "\nERROR: Cannot write proxy to: " << proxyfile << std::endl << std::flush; - } - - - if (ret != -1) - Print(INFO) << " Done" << std::endl << std::flush; - - VOMS_FreeProxy(proxy); - free(args->proxyfilename); - free(args->policyfile); - free(args->policylang); - free(args->voID); - free(args->filename); + ret = VOMS_WriteProxy(proxyfile.c_str(), proxy.get()); + if (ret == -1) { + Print(DEBUG) << "Failed\n"; + PrintProxyCreationError(warn, additional); + if (!temporary) + { + Print(ERROR) << "\nERROR: Cannot write proxy to: " << proxyfile << '\n'; + } + } else { + Print(DEBUG) << "Done\n"; + PrintProxyCreationError(warn, additional); - VOMS_FreeProxyArguments(args); + if (!temporary) + { + Print(INFO) << "\nCreated proxy in " << proxyfile + << ".\n\nYour proxy is valid until " + << to_string(X509_get0_notAfter(proxy->cert)) << '\n'; + } + } + } else { + Print(DEBUG) << "Failed\n"; + Print(ERROR) << OpenSSLError(true) << '\n'; + } } return ret == -1; @@ -891,9 +929,9 @@ if (msg) { if (PROXY_ERROR_IS_WARNING(error)) - Print(DEBUG) << msg; + Print(DEBUG) << msg << '\n'; else - Print(ERROR) << msg; + Print(ERROR) << msg << '\n'; free(msg); } } @@ -1018,36 +1056,6 @@ bool Client::Test() { - ASN1_UTCTIME * asn1_time = ASN1_UTCTIME_new(); - X509_gmtime_adj(asn1_time, 0); - time_t time_now = ASN1_UTCTIME_mktime(asn1_time); - ASN1_UTCTIME_free(asn1_time); - time_t time_after = ASN1_UTCTIME_mktime(X509_get_notAfter(ucert)); - time_t time_diff = time_after - time_now ; - int length = hours*60*60 + minutes*60; - - if (time_diff < 0) { - Print(WARN) << std::endl << "ERROR: Your certificate expired " - << asctime(localtime(&time_after)) << std::endl; - - return true; - } - - if (hours && time_diff < length) { - Print(WARN) << std::endl << "Warning: your certificate and proxy will expire " - << asctime(localtime(&time_after)) - << "which is within the requested lifetime of the proxy" - << std::endl; - return false; - } - - if (!quiet) { - time_t time_after_proxy; - time_after_proxy = time_now + length; - - Print(INFO) << "Your proxy is valid until " - << asctime(localtime(&time_after_proxy)) << std::flush; - } return false; } @@ -1098,6 +1106,39 @@ return true; } +static bool check_validity_dates(X509 const* cert, int& time_left, std::string& error) +{ + assert(cert != nullptr); + + time_left = 0; + error.clear(); + + ASN1_TIME const* not_before = X509_get0_notBefore(cert); + ASN1_TIME const* not_after = X509_get0_notAfter(cert); + int start_cmp = X509_cmp_current_time(not_before); + int end_cmp = X509_cmp_current_time(not_after); + + if (start_cmp == 0 || end_cmp == 0) { + error = "Cannot check validity of certificate dates"; + return false; + } + + if (start_cmp > 0) { + error = "Certificate is not yet valid; validity starts on " + to_string(not_before); + return false; + } + + int days{0}, secs{0}; + ASN1_TIME_diff(&days, &secs, nullptr, not_after); + time_left = days * 24 * 60 * 60 + secs; + + if (end_cmp < 0) { + error = "Certificate has expired on " + to_string(not_after); + return false; + } + + return true; +} bool Client::pcdInit() { @@ -1109,26 +1150,30 @@ OpenSSL_add_all_ciphers(); PKCS12_PBE_add(); - if (!determine_filenames(&cacertfile, &certdir, &outfile, &certfile, &keyfile, noregen ? 1 : 0)) - goto err; + if (!determine_filenames(&cacertfile, &certdir, &outfile, &certfile, &keyfile, noregen ? 1 : 0)) { + Error(); + return false; + } if (!certfile){ - Print(ERROR) << "ERROR: Coudln't find valid credentials to generate a proxy." << std::endl; - goto err; + Print(ERROR) << "ERROR: Couldn't find valid credentials to generate a proxy." << std::endl; + Error(); + return false; } - if (certfile == keyfile) + if (certfile == keyfile) { keyfile = strdup(certfile); + } if (!noregen) { - if (certfile) + if (certfile) { setenv("X509_USER_CERT", certfile, 1); - - if (keyfile) + } + if (keyfile) { setenv("X509_USER_KEY", keyfile, 1); - } - else { + } + } else { if (outfile) { setenv("X509_USER_CERT", outfile, 1); setenv("X509_USER_KEY", outfile, 1); @@ -1139,33 +1184,42 @@ if (!checkstats(certfile, S_IXUSR | S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH) || !checkstats(keyfile, S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IRGRP | - S_IWOTH | S_IXOTH)) - exit(1); + S_IWOTH | S_IXOTH)) { + Error(); + return false; + } Print(DEBUG) << "Files being used:" << std::endl << " CA certificate file: " << (cacertfile ? cacertfile : "none") << std::endl - << " Trusted certificates directory : " << (certdir ? certdir : "none") << std::endl - << " Proxy certificate file : " << (outfile ? outfile : "none") << std::endl + << " Trusted certificates directory: " << (certdir ? certdir : "none") << std::endl + << " Proxy certificate file: " << (outfile ? outfile : "none") << std::endl << " User certificate file: " << (certfile ? certfile : "none") << std::endl - << " User key file: " << (keyfile ? keyfile : "none") << std::endl - << "Output to " << outfile << std::endl; + << " User key file: " << (keyfile ? keyfile : "none") << std::endl; - if (!load_credentials(certfile, keyfile, &ucert, &cert_chain, &private_key, pw_cb)) - goto err; + if (!load_credentials(certfile, keyfile, &ucert, &cert_chain, &private_key, pw_cb)) { + Error(); + return false; + } if (!quiet) { - char * s = NULL; - s = X509_NAME_oneline(X509_get_subject_name(ucert),NULL,0); + char* s = X509_NAME_oneline(X509_get_subject_name(ucert),NULL,0); Print(INFO) << "Your identity: " << s << std::endl; OPENSSL_free(s); } - status = true; - - err: - Error(); - return status; - + int time_left; + std::string error; + if (!check_validity_dates(ucert, time_left, error)) { + Print(ERROR) << "\nERROR: " << error << "\n\n"; + Error(); + return false; + } + + if (time_left < hours * 60 * 60 + minutes * 60) { + Print(WARN) << "\nWARNING: proxy lifetime limited to issuing credential lifetime\n"; + } + + return true; } void Client::Error() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/voms-2.1.2/voms.spec new/voms-2.1.3/voms.spec --- old/voms-2.1.2/voms.spec 1970-01-01 01:00:00.000000000 +0100 +++ new/voms-2.1.3/voms.spec 2025-12-18 13:39:27.000000000 +0100 @@ -0,0 +1,287 @@ +# Remember to define the base_version macro +%{!?base_version: %global base_version 0.0.0} + +Name: voms +Version: %{base_version} +Release: 1%{?dist} +Summary: Virtual Organization Membership Service + +Group: System Environment/Libraries +License: Apache-2.0 +URL: https://italiangrid.github.io/voms/ + +BuildRequires: make +BuildRequires: gcc-c++ +BuildRequires: libtool +BuildRequires: expat-devel +BuildRequires: pkgconfig +BuildRequires: openssl-devel%{?_isa} +BuildRequires: gsoap-devel +BuildRequires: libxslt +BuildRequires: docbook-style-xsl +BuildRequires: doxygen +BuildRequires: bison + +Requires: expat +Requires: openssl + +%description +The Virtual Organization Membership Service (VOMS) is an attribute authority +which serves as central repository for VO user authorization information, +providing support for sorting users into group hierarchies, keeping track of +their roles and other attributes in order to issue trusted attribute +certificates and SAML assertions used in the Grid environment for +authorization purposes. + +This package provides libraries that applications using the VOMS functionality +will bind to. + +%package devel +Summary: Virtual Organization Membership Service Development Files +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: openssl-devel%{?_isa} +Requires: automake + +%description devel +The Virtual Organization Membership Service (VOMS) is an attribute authority +which serves as central repository for VO user authorization information, +providing support for sorting users into group hierarchies, keeping track of +their roles and other attributes in order to issue trusted attribute +certificates and SAML assertions used in the Grid environment for +authorization purposes. + +This package provides header files for programming with the VOMS libraries. + +%package doc +Summary: Virtual Organization Membership Service Documentation +Group: Documentation +%if %{?fedora}%{!?fedora:0} >= 10 || %{?rhel}%{!?rhel:0} >= 6 +BuildArch: noarch +%endif +Requires: %{name} = %{version}-%{release} + +%description doc +Documentation for the Virtual Organization Membership Service. + +%package clients +Summary: Virtual Organization Membership Service Clients +Group: Applications/Internet + +Requires: %{name}%{?_isa} = %{version}-%{release} +Conflicts: voms-clients3 <= 3.0.4 + +Requires(post): %{_sbindir}/update-alternatives +Requires(postun): %{_sbindir}/update-alternatives + +%description clients +The Virtual Organization Membership Service (VOMS) is an attribute authority +which serves as central repository for VO user authorization information, +providing support for sorting users into group hierarchies, keeping track of +their roles and other attributes in order to issue trusted attribute +certificates and SAML assertions used in the Grid environment for +authorization purposes. + +This package provides command line applications to access the VOMS +services. + +%package server +Summary: Virtual Organization Membership Service Server +Group: Applications/Internet +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: gsoap + +Requires(pre): shadow-utils +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts +Requires(postun): initscripts + +%description server +The Virtual Organization Membership Service (VOMS) is an attribute authority +which serves as central repository for VO user authorization information, +providing support for sorting users into group hierarchies, keeping track of +their roles and other attributes in order to issue trusted attribute +certificates and SAML assertions used in the Grid environment for +authorization purposes. + +This package provides the VOMS service. + +%prep + +# Fix bad permissions (which otherwise end up in the debuginfo package) +find . '(' -name '*.h' -o -name '*.c' -o -name '*.cpp' -o \ + -name '*.cc' -o -name '*.java' ')' -exec chmod a-x {} ';' +./autogen.sh + +%build + +%configure --disable-static --enable-docs --disable-parser-gen + +make %{?_smp_mflags} + +%install + +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT + +rm $RPM_BUILD_ROOT%{_libdir}/*.la + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/vomsdir +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/%{name} +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/%{name} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name} + +mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} +install -m 644 -p LICENSE AUTHORS $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} + +## C API documentation +mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API +cp -pr doc/apidoc/api/VOMS_C_API/html \ + $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API +rm -f $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_C_API/html/installdox + +mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API +cp -pr doc/apidoc/api/VOMS_CC_API/html \ + $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API +rm -f $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/VOMS_CC_API/html/installdox + +for b in voms-proxy-init voms-proxy-info voms-proxy-destroy; do + ## Rename client binaries + mv $RPM_BUILD_ROOT%{_bindir}/${b} $RPM_BUILD_ROOT%{_bindir}/${b}2 + + ## and man pages + mv $RPM_BUILD_ROOT%{_mandir}/man1/${b}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${b}2.1 + + # Needed by alternatives. See http://fedoraproject.org/wiki/Packaging:Alternatives + touch $RPM_BUILD_ROOT/%{_bindir}/${b} +done + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%posttrans +# Recover /etc/vomses... +if [ -r %{_sysconfdir}/vomses.rpmsave -a ! -r %{_sysconfdir}/vomses ] ; then + mv %{_sysconfdir}/vomses.rpmsave %{_sysconfdir}/vomses +fi + +%pre server +getent group %{name} >/dev/null || groupadd -r %{name} +getent passwd %{name} >/dev/null || useradd -r -g %{name} \ + -d %{_sysconfdir}/%{name} -s /sbin/nologin -c "VOMS Server Account" %{name} +exit 0 + +%post server +/sbin/chkconfig --add %{name} + +if [ $1 -eq 2 ]; then + chown -R %{name} /var/log/voms + chown -R %{name} /etc/voms +fi + +%preun server +if [ $1 = 0 ]; then + /sbin/service %{name} stop >/dev/null 2>&1 || : + /sbin/chkconfig --del %{name} +fi + +%postun server +if [ $1 -ge 1 ]; then + /sbin/service %{name} condrestart >/dev/null 2>&1 || : +fi + +%pre clients + +if [ $1 -eq 2 ]; then + for c in voms-proxy-init voms-proxy-info voms-proxy-destroy; do + if [[ -x %{_bindir}/$c && ! -L %{_bindir}/$c ]]; then + rm -f %{_bindir}/$c + fi + done +fi + +%post clients + +%{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-init \ + voms-proxy-init %{_bindir}/voms-proxy-init2 50 \ + --slave %{_mandir}/man1/voms-proxy-init.1.gz voms-proxy-init-man %{_mandir}/man1/voms-proxy-init2.1.gz + +%{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-info \ + voms-proxy-info %{_bindir}/voms-proxy-info2 50 \ + --slave %{_mandir}/man1/voms-proxy-info.1.gz voms-proxy-info-man %{_mandir}/man1/voms-proxy-info2.1.gz + +%{_sbindir}/update-alternatives --install %{_bindir}/voms-proxy-destroy \ + voms-proxy-destroy %{_bindir}/voms-proxy-destroy2 50 \ + --slave %{_mandir}/man1/voms-proxy-destroy.1.gz voms-proxy-destroy-man %{_mandir}/man1/voms-proxy-destroy2.1.gz + +%postun clients + +if [ $1 -eq 0 ] ; then + %{_sbindir}/update-alternatives --remove voms-proxy-init %{_bindir}/voms-proxy-init2 + %{_sbindir}/update-alternatives --remove voms-proxy-info %{_bindir}/voms-proxy-info2 + %{_sbindir}/update-alternatives --remove voms-proxy-destroy %{_bindir}/voms-proxy-destroy2 +fi + +%files +%defattr(-,root,root,-) +%{_libdir}/libvomsapi.so.1* +%dir %{_sysconfdir}/grid-security +%dir %{_sysconfdir}/grid-security/vomsdir +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/vomses.template +%doc %dir %{_docdir}/%{name}-%{version} +%doc %{_docdir}/%{name}-%{version}/AUTHORS +%doc %{_docdir}/%{name}-%{version}/LICENSE + +%files devel +%defattr(-,root,root,-) +%{_libdir}/libvomsapi.so +%{_includedir}/%{name} +%{_libdir}/pkgconfig/%{name}-2.0.pc +%{_datadir}/aclocal/%{name}.m4 +%{_mandir}/man3/* + +%files doc +%defattr(-,root,root,-) +%doc %{_docdir}/%{name}-%{version}/VOMS_C_API +%doc %{_docdir}/%{name}-%{version}/VOMS_CC_API + +%files clients +%defattr(-,root,root,-) + +%ghost %{_bindir}/voms-proxy-destroy +%ghost %{_bindir}/voms-proxy-info +%ghost %{_bindir}/voms-proxy-init + +%{_bindir}/voms-proxy-destroy2 +%{_bindir}/voms-proxy-info2 +%{_bindir}/voms-proxy-init2 +%{_bindir}/voms-proxy-fake +%{_bindir}/voms-proxy-list +%{_bindir}/voms-verify + +%{_mandir}/man1/voms-proxy-destroy2.1.gz +%{_mandir}/man1/voms-proxy-info2.1.gz +%{_mandir}/man1/voms-proxy-init2.1.gz +%{_mandir}/man1/voms-proxy-fake.1.gz +%{_mandir}/man1/voms-proxy-list.1.gz + +%files server +%defattr(-,root,root,-) +%{_sbindir}/%{name} +%{_initrddir}/%{name} +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%dir %{_sysconfdir}/%{name} +%dir %{_sysconfdir}/grid-security/%{name} +%attr(-,voms,voms) %dir %{_localstatedir}/log/%{name} +%{_datadir}/%{name}/mysql2oracle +%{_datadir}/%{name}/upgrade1to2 +%{_datadir}/%{name}/voms.data +%{_datadir}/%{name}/voms_install_db +%{_datadir}/%{name}/voms-ping +%{_datadir}/%{name}/voms_replica_master_setup.sh +%{_datadir}/%{name}/voms_replica_slave_setup.sh +%{_mandir}/man8/voms.8* + +%changelog
