URL: https://github.com/SSSD/sssd/pull/5474 Author: pbrezina Title: #5474: spec: synchronize with Fedora 34 spec file Action: opened
PR body: """ The upstream spec file is out of sync with what we use in Fedora. This copies current Fedora 34 (rawhide) spec file to bring new features in. It also removes things that we do not need anymore. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5474/head:pr5474 git checkout pr5474
From 32cb4e7b63cc70b801a7d0ea794ddbee27c3401d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Thu, 21 Jan 2021 13:38:03 +0100 Subject: [PATCH 1/8] spec: synchronize with Fedora 34 spec file --- contrib/sssd.spec.in | 791 ++++++------------------------- contrib/sssd.spec.in.bak | 983 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 1137 insertions(+), 637 deletions(-) create mode 100644 contrib/sssd.spec.in.bak diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index f7e5ce1332..6fb573ded2 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -1,167 +1,49 @@ -# SSSD is running as root user by default. -# Set --with sssd_user or bcond_without to run SSSD as non-root user(sssd). -%bcond_with sssd_user +# SSSD SPEC file for Fedora 34+ and RHEL-9+ -%global rhel6_minor %(%{__grep} -o "6\\.[0-9]*" /etc/redhat-release |%{__sed} -s 's/6.//') -%global rhel7_minor %(%{__grep} -o "7\\.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//') +%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//') -%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) - -%if 0%{?rhel} && 0%{?rhel} <= 6 -%{!?__python2: %global __python2 /usr/bin/python2} -%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} -%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} -%endif - -%{!?python_provide: %global need_python_provide 1} -%if 0%{?need_python_provide} -%define python_provide() %{lua: - function string.starts(String, Start) - return string.sub(String, 1, string.len(Start)) == Start - end - package = rpm.expand("%{?1:%{1}}"); - vr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}") - if (string.starts(package, "python2-")) then - if (rpm.expand("%{?buildarch}") ~= "noarch") then - str = "Provides: python-" .. - string.sub(package, 9, string.len(package)) .. - "%{?_isa} = " .. vr; - print(rpm.expand(str)); - end - print("\\nProvides: python-"); - print(string.sub(package, 9, string.len(package))); - print(" = "); - print(vr); - --Obsoleting the previous default python package - if (rpm.expand("%{?buildarch}") ~= "noarch") then - str = "\\nObsoletes: python-" .. - string.sub(package, 9, string.len(package)) .. - "%{?_isa} < " .. vr; - print(rpm.expand(str)); - end - print("\\nObsoletes: python-"); - print(string.sub(package, 9, string.len(package))); - print(" < "); - print(vr); - elseif (string.starts(package, "python3-")) then - --No unversioned provides as python3 is not default - else - print("%python_provide: ERROR: "); - print(package); - print(" not recognized."); - end -} -%endif - -# Fedora and RHEL 6+ # we don't want to provide private python extension libs -%define __provides_exclude_from %{python2_sitearch}/.*\.so$ %define __provides_exclude_from %{python3_sitearch}/.*\.so$ -# workaround for rpm 4.13 -%define _empty_manifest_terminate_build 0 - -%if (0%{?fedora} || 0%{?rhel} >= 7) - %global use_systemd 1 -%endif +# SSSD fails to build with -Wl,-z,defs +%undefine _strict_symbol_defs_build -%if (0%{?fedora} || 0%{?rhel} >= 8) - %global enable_files_domain 1 -%endif +%define _hardened_build 1 -# on Fedora and RHEL7 p11_child needs a polkit config snippet to be allowed to -# talk to pcscd if SSSD runs as unprivileged user -%if (%{with sssd_user} && (0%{?fedora} || 0%{?rhel} >= 7)) - %global install_pcscd_polkit_rule 1 -%else %global enable_polkit_rules_option --disable-polkit-rules-path -%endif - -%if (0%{?use_systemd} == 1) - %global with_initscript --with-initscript=systemd --with-systemdunitdir=%{_unitdir} - %global with_syslog --with-syslog=journald -%else - %global with_initscript --with-initscript=sysv -%endif - -%global enable_experimental 1 - -%if (0%{?enable_experimental} == 1) - %global experimental --enable-all-experimental-features -%endif # Determine the location of the LDB modules directory %global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) +%global ldb_version 1.2.0 -%if (0%{?fedora} || 0%{?rhel} >= 7) -%define _hardened_build 1 -%endif - -%if (0%{?fedora} || 0%{?rhel} >= 7) %global with_cifs_utils_plugin 1 -%else - %global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin -%endif - -%if (0%{?fedora} || 0%{?rhel} > 7) - %global with_python3 1 -%else - %global with_python3_option --without-python3-bindings -%endif - -%if (0%{?fedora} > 28 || 0%{?rhel} > 7) - %global with_python2_option --without-python2-bindings -%else - %global with_python2 1 - %global with_python2_option --with-python2-bindings -%endif %global enable_systemtap 1 -%if (0%{?enable_systemtap} == 1) %global enable_systemtap_opt --enable-systemtap -%endif - -%global with_secrets 0 -%global with_secret_responder --without-secrets -%if (0%{?fedora} >= 23 || 0%{?rhel} >= 7) %global with_kcm 1 - %global with_kcm_option --with-kcm -%else - %global with_kcm_option --without-kcm -%endif -%if (0%{?fedora} >= 27 || 0%{?rhel} >= 7) %global with_gdm_pam_extensions 1 -%else - %global with_gdm_pam_extensions 0 -%endif - -# Do not try to detect the idmap version on RHEL6 to avoid conflicts between -# samba and samba4 package -%if (0%{?fedora} || 0%{?rhel} >= 7) - %global detect_idmap_version 1 -%else - %global with_idmap_version --with-smb-idmap-interface-version=5 -%endif -%global with_local_provider 0 -%if (0%{?fedora} <= 28 || 0%{?rhel <= 7}) - %global with_local_provider 1 - %global enable_local_provider --enable-local-provider +%if (0%{?fedora} > 28) || (0%{?rhel} > 7) + %global use_openssl 1 %endif Name: @PACKAGE_NAME@ Version: @PACKAGE_VERSION@ Release: 0@PRERELEASE_VERSION@%{?dist} -Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ -URL: https://github.com/SSSD/sssd -Source0: %{name}-%{version}.tar.gz -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +URL: https://github.com/SSSD/sssd/ +Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz ### Patches ### +# Place your patches here: +# Patch0001: 0001-patch-file.patch + +### Downstream only patches ### +# Place your downstream only patches here: +# Patch0901: 0901-downstream-only-patch-file.patch ### Dependencies ### @@ -170,15 +52,9 @@ Requires: sssd-ldap = %{version}-%{release} Requires: sssd-krb5 = %{version}-%{release} Requires: sssd-ipa = %{version}-%{release} Requires: sssd-ad = %{version}-%{release} -Requires: sssd-proxy = %{version}-%{release} -%if (0%{?with_python3} == 1) -Requires: python3-sssdconfig = %{version}-%{release} -%else -Requires: python2-sssdconfig = %{version}-%{release} -%endif -%if (0%{?fedora} >= 30 || 0%{?rhel} >= 8) -Recommends: logrotate -%endif +Recommends: sssd-proxy = %{version}-%{release} +Suggests: python3-sssdconfig = %{version}-%{release} +Suggests: sssd-dbus = %{version}-%{release} %global servicename sssd %global sssdstatedir %{_localstatedir}/lib/sss @@ -203,7 +79,7 @@ BuildRequires: popt-devel BuildRequires: libtalloc-devel BuildRequires: libtevent-devel BuildRequires: libtdb-devel -BuildRequires: libldb-devel +BuildRequires: libldb-devel >= %{ldb_version} BuildRequires: libdhash-devel >= 0.4.2 BuildRequires: libcollection-devel BuildRequires: libini_config-devel >= 1.1 @@ -211,8 +87,7 @@ BuildRequires: dbus-devel BuildRequires: dbus-libs BuildRequires: openldap-devel BuildRequires: pam-devel -BuildRequires: p11-kit-devel -BuildRequires: openssl-devel +BuildRequires: nss-devel BuildRequires: nspr-devel BuildRequires: pcre-devel BuildRequires: libxslt @@ -220,12 +95,7 @@ BuildRequires: libxml2 BuildRequires: docbook-style-xsl BuildRequires: krb5-devel BuildRequires: c-ares-devel -%if (0%{?with_python2} == 1) -BuildRequires: python2-devel -%endif -%if (0%{?with_python3} == 1) BuildRequires: python3-devel -%endif BuildRequires: check-devel BuildRequires: doxygen BuildRequires: libselinux-devel @@ -234,106 +104,79 @@ BuildRequires: bind-utils BuildRequires: keyutils-libs-devel BuildRequires: gettext-devel BuildRequires: pkgconfig +BuildRequires: diffstat BuildRequires: findutils BuildRequires: glib2-devel BuildRequires: selinux-policy-targeted -%if (0%{?fedora} || 0%{?epel}) BuildRequires: libcmocka-devel >= 1.0.0 BuildRequires: uid_wrapper BuildRequires: nss_wrapper BuildRequires: pam_wrapper - -# p11tool from the gnutls-utils package and softhsm2-util from the softhsm package -# are needed to prepare the data needed for the p11_child Smartcard tests. -# Since p11_child only looks at slots with are flagged as 'removable' -# softhsm version 2.1.0 or higher is needed. -BuildRequires: gnutls-utils -BuildRequires: softhsm >= 2.1.0 - -BuildRequires: openssl -BuildRequires: openssh -%endif BuildRequires: libnl3-devel -%if (0%{?use_systemd} == 1) BuildRequires: systemd-devel BuildRequires: systemd -%endif -%if (0%{?with_cifs_utils_plugin} == 1) BuildRequires: cifs-utils-devel -%endif -%if (0%{?fedora} || (0%{?rhel} >= 7)) BuildRequires: libnfsidmap-devel -%else -BuildRequires: nfs-utils-lib-devel -%endif - -BuildRequires: samba-devel +BuildRequires: samba4-devel BuildRequires: libsmbclient-devel -%if (0%{?detect_idmap_version} == 1) BuildRequires: samba-winbind -%endif - -%if (0%{?enable_systemtap} == 1) BuildRequires: systemtap-sdt-devel -%endif -%if (0%{?with_secrets} == 1) BuildRequires: http-parser-devel -BuildRequires: libcurl-devel -%endif -%if (0%{?with_kcm} == 1) BuildRequires: libuuid-devel -%endif -%if (0%{?with_secrets} == 1 || 0%{?with_kcm} == 1) BuildRequires: jansson-devel -%endif -%if (0%{?with_gdm_pam_extensions} == 1) +BuildRequires: libcurl-devel BuildRequires: gdm-pam-extensions-devel +%if (0%{?use_openssl} == 1) +BuildRequires: p11-kit-devel +BuildRequires: openssl-devel +BuildRequires: gnutls-utils +BuildRequires: softhsm >= 2.1.0 %endif +BuildRequires: openssl +BuildRequires: openssh +BuildRequires: nss-tools %description Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward -the system and a pluggable backend system to connect to multiple different +the system and a plug-gable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. -The sssd subpackage is a meta-package that contains the daemon as well as all +The sssd sub-package is a meta-package that contains the daemon as well as all the existing back ends. %package common Summary: Common files for the SSSD -Group: Applications/System License: GPLv3+ +# Conflicts +Conflicts: selinux-policy < 3.10.0-46 +Conflicts: sssd < 1.10.0-8%{?dist}.beta2 +# Requires +# due to ABI changes in 1.1.30/1.2.0 +Requires: libldb >= %{ldb_version} Requires: sssd-client%{?_isa} = %{version}-%{release} -Requires: libsss_sudo = %{version}-%{release} -Requires: libsss_autofs%{?_isa} = %{version}-%{release} +Recommends: libsss_sudo = %{version}-%{release} +Recommends: libsss_autofs%{?_isa} = %{version}-%{release} +Recommends: sssd-nfs-idmap = %{version}-%{release} Requires: libsss_idmap = %{version}-%{release} -Conflicts: sssd < %{version}-%{release} -%if (0%{?use_systemd} == 1) %{?systemd_requires} -%else -Requires(post): initscripts chkconfig -Requires(preun): initscripts chkconfig -Requires(postun): initscripts chkconfig -%endif ### Provides ### Provides: libsss_sudo-devel = %{version}-%{release} -Obsoletes: libsss_sudo-devel <= 1.9.93 +Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 %description common Common files for the SSSD. The common package includes all the files needed to run a particular back end, however, the back ends are packaged in separate -subpackages such as sssd-ldap. +sub-packages such as sssd-ldap. %package client Summary: SSSD Client libraries for NSS and PAM -Group: Applications/System License: LGPLv3+ -Requires: libsss_nss_idmap = %{version}-%{release} -Requires: libsss_idmap = %{version}-%{release} Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig +Requires(post): /usr/sbin/alternatives +Requires(preun): /usr/sbin/alternatives %description client Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD @@ -341,42 +184,28 @@ service. %package -n libsss_sudo Summary: A library to allow communication between SUDO and SSSD -Group: Development/Libraries License: LGPLv3+ -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig +Conflicts: sssd-common < %{version}-%{release} %description -n libsss_sudo A utility library to allow communication between SUDO and SSSD %package -n libsss_autofs Summary: A library to allow communication between Autofs and SSSD -Group: Development/Libraries License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} %description -n libsss_autofs A utility library to allow communication between Autofs and SSSD %package tools Summary: Userspace tools for use with the SSSD -Group: Applications/System License: GPLv3+ Requires: sssd-common = %{version}-%{release} -Requires: libsss_simpleifp = %{version}-%{release} # required by sss_obfuscate -%if (0%{?with_python3} == 1) Requires: python3-sss = %{version}-%{release} Requires: python3-sssdconfig = %{version}-%{release} -%else -Requires: python2-sss = %{version}-%{release} -Requires: python2-sssdconfig = %{version}-%{release} -%endif -%if (0%{?use_systemd} == 0) -Requires: /sbin/service -%endif -%if (0%{?fedora} >= 30 || 0%{?rhel} >= 8) Recommends: sssd-dbus -%endif %description tools Provides userspace tools for manipulating users, groups, and nested groups in @@ -388,51 +217,17 @@ Also provides several other administrative tools: * sss_obfuscate for generating an obfuscated LDAP password * sssctl -- an sssd status and control utility -%if (0%{?with_python2} == 1) -%package -n python2-sssdconfig -Summary: SSSD and IPA configuration file manipulation classes and functions -Group: Applications/System -License: GPLv3+ -BuildArch: noarch -%{?python_provide:%python_provide python2-sssdconfig} - -%description -n python2-sssdconfig -Provides python2 files for manipulation SSSD and IPA configuration files. -%endif - -%if (0%{?with_python3} == 1) %package -n python3-sssdconfig Summary: SSSD and IPA configuration file manipulation classes and functions -Group: Applications/System License: GPLv3+ BuildArch: noarch %{?python_provide:%python_provide python3-sssdconfig} %description -n python3-sssdconfig Provides python3 files for manipulation SSSD and IPA configuration files. -%endif - -%if (0%{?with_python2} == 1) -%package -n python2-sss -Summary: Python2 bindings for sssd -Group: Development/Libraries -License: LGPLv3+ -Requires: sssd-common = %{version}-%{release} -%{?python_provide:%python_provide python2-sss} -%description -n python2-sss -Provides python2 module for manipulating users, groups, and nested groups in -SSSD when using id_provider = local in /etc/sssd/sssd.conf. - -Also provides several other useful python2 bindings: - * function for retrieving list of groups user belongs to. - * class for obfuscation of passwords -%endif - -%if (0%{?with_python3} == 1) %package -n python3-sss Summary: Python3 bindings for sssd -Group: Development/Libraries License: LGPLv3+ Requires: sssd-common = %{version}-%{release} %{?python_provide:%python_provide python3-sss} @@ -444,38 +239,21 @@ SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other useful python3 bindings: * function for retrieving list of groups user belongs to. * class for obfuscation of passwords -%endif -%if (0%{?with_python2} == 1) -%package -n python2-sss-murmur -Summary: Python2 bindings for murmur hash function -Group: Development/Libraries -License: LGPLv3+ -%{?python_provide:%python_provide python2-sss-murmur} - -%description -n python2-sss-murmur -Provides python2 module for calculating the murmur hash version 3 -%endif - -%if (0%{?with_python3} == 1) %package -n python3-sss-murmur Summary: Python3 bindings for murmur hash function -Group: Development/Libraries License: LGPLv3+ %{?python_provide:%python_provide python3-sss-murmur} %description -n python3-sss-murmur Provides python3 module for calculating the murmur hash version 3 -%endif %package ldap Summary: The LDAP back end of the SSSD -Group: Applications/System License: GPLv3+ -Conflicts: sssd < %{version}-%{release} +Conflicts: sssd < 1.10.0-8.beta2 Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} -Requires: libsss_idmap = %{version}-%{release} %description ldap Provides the LDAP back end that the SSSD can utilize to fetch identity data @@ -483,10 +261,9 @@ from and authenticate against an LDAP server. %package krb5-common Summary: SSSD helpers needed for Kerberos and GSSAPI authentication -Group: Applications/System License: GPLv3+ -Conflicts: sssd < %{version}-%{release} -Requires: cyrus-sasl-gssapi +Conflicts: sssd < 1.10.0-8.beta2 +Requires: cyrus-sasl-gssapi%{?_isa} Requires: sssd-common = %{version}-%{release} %description krb5-common @@ -495,9 +272,8 @@ Kerberos user or host authentication. %package krb5 Summary: The Kerberos authentication back end for the SSSD -Group: Applications/System License: GPLv3+ -Conflicts: sssd < %{version}-%{release} +Conflicts: sssd < 1.10.0-8.beta2 Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} @@ -507,10 +283,8 @@ against a Kerberos server. %package common-pac Summary: Common files needed for supporting PAC processing -Group: Applications/System License: GPLv3+ Requires: sssd-common = %{version}-%{release} -Requires: libsss_idmap = %{version}-%{release} %description common-pac Provides common files needed by SSSD providers such as IPA and Active Directory @@ -518,16 +292,13 @@ for handling Kerberos PACs. %package ipa Summary: The IPA back end of the SSSD -Group: Applications/System License: GPLv3+ -Conflicts: sssd < %{version}-%{release} -Requires: samba-client-libs >= %{samba_package_version} +Conflicts: sssd < 1.10.0-8.beta2 Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} -Requires: libipa_hbac = %{version}-%{release} -Requires: bind-utils +Requires: libipa_hbac%{?_isa} = %{version}-%{release} +Recommends: bind-utils Requires: sssd-common-pac = %{version}-%{release} -Requires: libsss_idmap = %{version}-%{release} %description ipa Provides the IPA back end that the SSSD can utilize to fetch identity data @@ -535,15 +306,14 @@ from and authenticate against an IPA server. %package ad Summary: The AD back end of the SSSD -Group: Applications/System License: GPLv3+ -Conflicts: sssd < %{version}-%{release} -Requires: samba-client-libs >= %{samba_package_version} +Conflicts: sssd < 1.10.0-8.beta2 Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} Requires: sssd-common-pac = %{version}-%{release} -Requires: libsss_idmap = %{version}-%{release} -Requires: bind-utils +Recommends: bind-utils +Recommends: adcli +Suggests: sssd-winbind-idmap = %{version}-%{release} %description ad Provides the Active Directory back end that the SSSD can utilize to fetch @@ -551,9 +321,8 @@ identity data from and authenticate against an Active Directory server. %package proxy Summary: The proxy back end of the SSSD -Group: Applications/System License: GPLv3+ -Conflicts: sssd < %{version}-%{release} +Conflicts: sssd < 1.10.0-8.beta2 Requires: sssd-common = %{version}-%{release} %description proxy @@ -562,61 +331,36 @@ PAM modules to leverage SSSD caching. %package -n libsss_idmap Summary: FreeIPA Idmap library -Group: Development/Libraries License: LGPLv3+ -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig %description -n libsss_idmap -Utility library to convert SIDs to UNIX UIDs and GIDs +Utility library to convert SIDs to Unix uids and gids %package -n libsss_idmap-devel Summary: FreeIPA Idmap library -Group: Development/Libraries License: LGPLv3+ Requires: libsss_idmap = %{version}-%{release} %description -n libsss_idmap-devel -Utility library to SIDs to UNIX UIDs and GIDs +Utility library to SIDs to Unix uids and gids %package -n libipa_hbac Summary: FreeIPA HBAC Evaluator library -Group: Development/Libraries License: LGPLv3+ -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig %description -n libipa_hbac Utility library to validate FreeIPA HBAC rules for authorization requests %package -n libipa_hbac-devel Summary: FreeIPA HBAC Evaluator library -Group: Development/Libraries License: LGPLv3+ Requires: libipa_hbac = %{version}-%{release} %description -n libipa_hbac-devel Utility library to validate FreeIPA HBAC rules for authorization requests -%if (0%{?with_python2} == 1) -%package -n python2-libipa_hbac -Summary: Python2 bindings for the FreeIPA HBAC Evaluator library -Group: Development/Libraries -License: LGPLv3+ -Requires: libipa_hbac = %{version}-%{release} -Provides: libipa_hbac-python = %{version}-%{release} -Obsoletes: libipa_hbac-python < 1.12.90 -%{?python_provide:%python_provide python2-libipa_hbac} - -%description -n python2-libipa_hbac -The python2-libipa_hbac contains the bindings so that libipa_hbac can be -used by Python applications. -%endif - -%if (0%{?with_python3} == 1) %package -n python3-libipa_hbac Summary: Python3 bindings for the FreeIPA HBAC Evaluator library -Group: Development/Libraries License: LGPLv3+ Requires: libipa_hbac = %{version}-%{release} %{?python_provide:%python_provide python3-libipa_hbac} @@ -624,46 +368,24 @@ Requires: libipa_hbac = %{version}-%{release} %description -n python3-libipa_hbac The python3-libipa_hbac contains the bindings so that libipa_hbac can be used by Python applications. -%endif %package -n libsss_nss_idmap Summary: Library for SID and certificate based lookups -Group: Development/Libraries License: LGPLv3+ -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig %description -n libsss_nss_idmap Utility library for SID and certificate based lookups %package -n libsss_nss_idmap-devel Summary: Library for SID and certificate based lookups -Group: Development/Libraries License: LGPLv3+ Requires: libsss_nss_idmap = %{version}-%{release} %description -n libsss_nss_idmap-devel Utility library for SID and certificate based lookups -%if (0%{?with_python2} == 1) -%package -n python2-libsss_nss_idmap -Summary: Python2 bindings for libsss_nss_idmap -Group: Development/Libraries -License: LGPLv3+ -Requires: libsss_nss_idmap = %{version}-%{release} -Provides: libsss_nss_idmap-python = %{version}-%{release} -Obsoletes: libsss_nss_idmap-python < 1.12.90 -%{?python_provide:%python_provide python2-libsss_nss_idmap} - -%description -n python2-libsss_nss_idmap -The python2-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can -be used by Python applications. -%endif - -%if (0%{?with_python3} == 1) %package -n python3-libsss_nss_idmap Summary: Python3 bindings for libsss_nss_idmap -Group: Development/Libraries License: LGPLv3+ Requires: libsss_nss_idmap = %{version}-%{release} %{?python_provide:%python_provide python3-libsss_nss_idmap} @@ -671,11 +393,9 @@ Requires: libsss_nss_idmap = %{version}-%{release} %description -n python3-libsss_nss_idmap The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can be used by Python applications. -%endif %package dbus Summary: The D-Bus responder of the SSSD -Group: Applications/System License: GPLv3+ Requires: sssd-common = %{version}-%{release} %{?systemd_requires} @@ -684,33 +404,16 @@ Requires: sssd-common = %{version}-%{release} Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus. -%if (0%{?install_pcscd_polkit_rule} == 1) -%package polkit-rules -Summary: Rules for polkit integration for SSSD -Group: Applications/System -License: GPLv3+ -Requires: polkit >= 0.106 -Requires: sssd-common = %{version}-%{release} - -%description polkit-rules -Provides rules for polkit integration with SSSD. This is required -for smartcard support. -%endif - %package -n libsss_simpleifp Summary: The SSSD D-Bus responder helper library -Group: Development/Libraries License: GPLv3+ Requires: sssd-dbus = %{version}-%{release} -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig %description -n libsss_simpleifp Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. %package -n libsss_simpleifp-devel Summary: The SSSD D-Bus responder helper library -Group: Development/Libraries License: GPLv3+ Requires: dbus-devel Requires: libsss_simpleifp = %{version}-%{release} @@ -720,10 +423,8 @@ Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. %package winbind-idmap Summary: SSSD's idmap_sss Backend for Winbind -Group: Applications/System License: GPLv3+ and LGPLv3+ -Requires: libsss_nss_idmap = %{version}-%{release} -Requires: libsss_idmap = %{version}-%{release} +Conflicts: sssd-common < %{version}-%{release} %description winbind-idmap The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs @@ -731,8 +432,8 @@ and SIDs. %package nfs-idmap Summary: SSSD plug-in for NFSv4 rpc.idmapd -Group: Applications/System License: GPLv3+ +Conflicts: sssd-common < %{version}-%{release} %description nfs-idmap The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map @@ -741,27 +442,22 @@ UIDs/GIDs to names and vice versa. It can be also used for mapping principal %package -n libsss_certmap Summary: SSSD Certificate Mapping Library -Group: Development/Libraries License: LGPLv3+ -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig +Conflicts: sssd-common < %{version}-%{release} %description -n libsss_certmap Library to map certificates to users based on rules %package -n libsss_certmap-devel Summary: SSSD Certificate Mapping Library -Group: Development/Libraries License: LGPLv3+ Requires: libsss_certmap = %{version}-%{release} %description -n libsss_certmap-devel Library to map certificates to users based on rules -%if (0%{?with_kcm} == 1) %package kcm Summary: An implementation of a Kerberos KCM server -Group: Applications/System License: GPLv3+ Requires: sssd-common = %{version}-%{release} %{?systemd_requires} @@ -769,12 +465,36 @@ Requires: sssd-common = %{version}-%{release} %description kcm An implementation of a Kerberos KCM server. Use this package if you want to use the KCM: Kerberos credentials cache. -%endif %prep -%setup -q -n %{name}-%{version} +# Update timestamps on the files touched by a patch, to avoid non-equal +# .pyc/.pyo files across the multilib peers within a build, where "Level" +# is the patch prefix option (e.g. -p1) +# Taken from specfile for python-simplejson +UpdateTimestamps() { + Level=$1 + PatchFile=$2 + + # Locate the affected files: + for f in $(diffstat $Level -l $PatchFile); do + # Set the files to have the same timestamp as that of the patch: + touch -r $PatchFile $f + done +} + +%setup -q + +for p in %patches ; do + %__patch -p1 -i $p + UpdateTimestamps -p1 $p +done %build +# This package uses -Wl,-wrap to wrap calls at link time. This is incompatible +# with LTO. +# Disable LTO +%define _lto_cflags %{nil} + autoreconf -ivf %configure \ @@ -786,46 +506,36 @@ autoreconf -ivf --with-gpo-cache-path=%{gpocachepath} \ --with-init-dir=%{_initrddir} \ --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \ - --enable-nsslibdir=/%{_lib} \ - --enable-pammoddir=/%{_lib}/security \ + --with-pid-path=%{_rundir} \ + --enable-nsslibdir=%{_libdir} \ + --enable-pammoddir=%{_libdir}/security \ --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ --disable-static \ --disable-rpath \ -%if %{with sssd_user} - --with-sssd-user=sssd \ + --with-initscript=systemd \ + --with-syslog=journald \ + --without-python2-bindings \ +%if (0%{?use_openssl} == 1) + --with-crypto=libcrypto \ %endif -%if (0%{?enable_files_domain} == 1) + --enable-sss-default-nss-plugin \ --enable-files-domain \ -%endif - %{with_initscript} \ - %{?with_syslog} \ + --enable-gss-spnego-for-zero-maxssf \ %{?with_cifs_utils_plugin_option} \ - %{?with_python2_option} \ - %{?with_python3_option} \ - %{?enable_polkit_rules_option} \ - %{?enable_systemtap_opt} \ - %{?with_secret_responder} \ - %{?with_kcm_option} \ - %{?with_idmap_version} \ - %{?enable_local_provider} \ - %{?experimental} + %{?enable_systemtap_opt} -make %{?_smp_mflags} all +%make_build all docs runstatedir=%{_rundir} -make %{?_smp_mflags} docs +sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate %check export CK_TIMEOUT_MULTIPLIER=10 -make %{?_smp_mflags} check VERBOSE=yes +%make_build check VERBOSE=yes unset CK_TIMEOUT_MULTIPLIER %install -%if (0%{?with_python3} == 1) -sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate -%endif - -make install DESTDIR=$RPM_BUILD_ROOT +%make_install # Prepare language files /usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd @@ -839,17 +549,13 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd # Kerberos KCM credential cache by default -%if (0%{?with_kcm} == 1) mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \ $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache -%endif -%if (0%{?with_cifs_utils_plugin} == 1) # Create directory for cifs-idmap alternative # Otherwise this directory could not be owned by sssd-client mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils -%endif # Remove .la files created by libtool find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; @@ -859,19 +565,10 @@ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} # Older versions of rpmbuild can only handle one -f option # So we need to append to the sssd*.lang file -%if (0%{?with_python2} == 1) -for file in `ls $RPM_BUILD_ROOT/%{python2_sitelib}/*.egg-info 2> /dev/null` -do - echo %{python2_sitelib}/`basename $file` >> python2_sssdconfig.lang -done -%endif - -%if (0%{?with_python3} == 1) for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null` do echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang done -%endif touch sssd.lang for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ @@ -943,15 +640,8 @@ done echo "sssd.lang:" cat sssd.lang -%if (0%{?with_python2} == 1) -echo "python2_sssdconfig.lang:" -cat python2_sssdconfig.lang -%endif - -%if (0%{?with_python3} == 1) echo "python3_sssdconfig.lang:" cat python3_sssdconfig.lang -%endif for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ @@ -961,22 +651,13 @@ do cat $subpackage.lang done -# must be defined after last occurrence of package otherwise -# RPM will overwrite %%license as soon as it parses a License: tag -%if 0%{?rhel} <= 6 -%define license %doc -%endif - %files -%defattr(-,root,root,-) %license COPYING %files common -f sssd.lang -%defattr(-,root,root,-) %license COPYING %doc src/examples/sssd-example.conf %{_sbindir}/sssd -%if (0%{?use_systemd} == 1) %{_unitdir}/sssd.service %{_unitdir}/sssd-autofs.socket %{_unitdir}/sssd-autofs.service @@ -991,9 +672,6 @@ done %{_unitdir}/sssd-ssh.service %{_unitdir}/sssd-sudo.socket %{_unitdir}/sssd-sudo.service -%else -%{_initrddir}/%{name} -%endif %dir %{_libexecdir}/%{servicename} %{_libexecdir}/%{servicename}/sssd_be @@ -1003,9 +681,7 @@ done %{_libexecdir}/%{servicename}/sssd_ssh %{_libexecdir}/%{servicename}/sssd_sudo %{_libexecdir}/%{servicename}/p11_child -%if (0%{?use_systemd} == 1) %{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders -%endif %dir %{_libdir}/%{name} # The files provider is intentionally packaged in -common @@ -1021,15 +697,12 @@ done %{_libdir}/%{name}/libsss_ldap_common.so %{_libdir}/%{name}/libsss_util.so %{_libdir}/%{name}/libsss_semanage.so -%{_libdir}/%{name}/libsss_sbus.so -%{_libdir}/%{name}/libsss_sbus_sync.so -%{_libdir}/%{name}/libsss_iface.so -%{_libdir}/%{name}/libsss_iface_sync.so %{_libdir}/%{name}/libifp_iface.so %{_libdir}/%{name}/libifp_iface_sync.so -%if (0%{?with_secrets} == 1 || 0%{?with_kcm} == 1) -%{_libdir}/%{name}/libsss_secrets.so -%endif +%{_libdir}/%{name}/libsss_iface.so +%{_libdir}/%{name}/libsss_iface_sync.so +%{_libdir}/%{name}/libsss_sbus.so +%{_libdir}/%{name}/libsss_sbus_sync.so %{ldb_modulesdir}/memberof.so %{_bindir}/sss_ssh_authorizedkeys @@ -1039,31 +712,36 @@ done %dir %{sssdstatedir} %dir %{_localstatedir}/cache/krb5rcache -%attr(700,sssd,sssd) %dir %{dbpath} -%attr(775,sssd,sssd) %dir %{mcpath} -%attr(751,sssd,sssd) %dir %{deskprofilepath} -%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd -%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group -%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups -%attr(755,sssd,sssd) %dir %{pipepath} -%attr(750,sssd,root) %dir %{pipepath}/private -%attr(755,sssd,sssd) %dir %{pubconfpath} -%attr(755,sssd,sssd) %dir %{gpocachepath} -%attr(750,sssd,sssd) %dir %{_var}/log/%{name} -%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd -%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/conf.d -%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/pki -%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%attr(700,root,root) %dir %{dbpath} +%attr(775,root,root) %dir %{mcpath} +%attr(700,root,root) %dir %{secdbpath} +%attr(751,root,root) %dir %{deskprofilepath} +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/passwd +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/group +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/initgroups +%attr(755,root,root) %dir %{pipepath} +%attr(700,root,root) %dir %{pipepath}/private +%attr(755,root,root) %dir %{pubconfpath} +%attr(755,root,root) %dir %{gpocachepath} +%attr(750,root,root) %dir %{_var}/log/%{name} +%attr(700,root,root) %dir %{_sysconfdir}/sssd +%attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d +%if (0%{?use_openssl} == 1) +%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki +%endif +%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf %dir %{_sysconfdir}/logrotate.d %config(noreplace) %{_sysconfdir}/logrotate.d/sssd %dir %{_sysconfdir}/rwtab.d %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %dir %{_datadir}/sssd -%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils +%{_sysconfdir}/pam.d/sssd-shadowutils %dir %{_libdir}/%{name}/conf %{_libdir}/%{name}/conf/sssd.conf %{_datadir}/sssd/cfg_rules.ini +%{_datadir}/sssd/sssd.api.conf +%{_datadir}/sssd/sssd.api.d %{_mandir}/man1/sss_ssh_authorizedkeys.1* %{_mandir}/man1/sss_ssh_knownhostsproxy.1* %{_mandir}/man5/sssd.conf.5* @@ -1073,7 +751,6 @@ done %{_mandir}/man5/sssd-session-recording.5* %{_mandir}/man8/sssd.8* %{_mandir}/man8/sss_cache.8* -%if (0%{?enable_systemtap} == 1) %dir %{_datadir}/sssd/systemtap %{_datadir}/sssd/systemtap/id_perf.stp %{_datadir}/sssd/systemtap/nested_group_perf.stp @@ -1084,77 +761,60 @@ done %{_datadir}/systemtap/tapset/sssd.stp %{_datadir}/systemtap/tapset/sssd_functions.stp %{_mandir}/man5/sssd-systemtap.5* -%endif -%if (0%{?install_pcscd_polkit_rule} == 1) -%files polkit-rules -%{_datadir}/polkit-1/rules.d/* -%endif %files ldap -f sssd_ldap.lang -%defattr(-,root,root,-) %license COPYING %{_libdir}/%{name}/libsss_ldap.so %{_mandir}/man5/sssd-ldap.5* %{_mandir}/man5/sssd-ldap-attributes.5* %files krb5-common -%defattr(-,root,root,-) %license COPYING -%attr(755,sssd,sssd) %dir %{pubconfpath}/krb5.include.d -%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child -%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child +%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d +%{_libexecdir}/%{servicename}/ldap_child +%{_libexecdir}/%{servicename}/krb5_child %files krb5 -f sssd_krb5.lang -%defattr(-,root,root,-) %license COPYING %{_libdir}/%{name}/libsss_krb5.so %{_mandir}/man5/sssd-krb5.5* %files common-pac -%defattr(-,root,root,-) %license COPYING %{_libexecdir}/%{servicename}/sssd_pac %files ipa -f sssd_ipa.lang -%defattr(-,root,root,-) %license COPYING -%attr(700,sssd,sssd) %dir %{keytabdir} +%attr(700,root,root) %dir %{keytabdir} %{_libdir}/%{name}/libsss_ipa.so -%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child +%{_libexecdir}/%{servicename}/selinux_child %{_mandir}/man5/sssd-ipa.5* %files ad -f sssd_ad.lang -%defattr(-,root,root,-) %license COPYING %{_libdir}/%{name}/libsss_ad.so %{_libexecdir}/%{servicename}/gpo_child %{_mandir}/man5/sssd-ad.5* %files proxy -%defattr(-,root,root,-) %license COPYING -%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/proxy_child +%{_libexecdir}/%{servicename}/proxy_child %{_libdir}/%{name}/libsss_proxy.so %files dbus -f sssd_dbus.lang -%defattr(-,root,root,-) %license COPYING %{_libexecdir}/%{servicename}/sssd_ifp %{_mandir}/man5/sssd-ifp.5* -%if (0%{?use_systemd} == 1) %{_unitdir}/sssd-ifp.service -%endif # InfoPipe DBus plumbing %{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf %{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service %files -n libsss_simpleifp -%defattr(-,root,root,-) %{_libdir}/libsss_simpleifp.so.* %files -n libsss_simpleifp-devel -%defattr(-,root,root,-) %doc sss_simpleifp_doc/html %{_includedir}/sss_sifp.h %{_includedir}/sss_sifp_dbus.h @@ -1162,19 +822,16 @@ done %{_libdir}/pkgconfig/sss_simpleifp.pc %files client -f sssd_client.lang -%defattr(-,root,root,-) %license src/sss_client/COPYING src/sss_client/COPYING.LESSER -/%{_lib}/libnss_sss.so.2 -/%{_lib}/security/pam_sss.so -/%{_lib}/security/pam_sss_gss.so +%{_libdir}/libnss_sss.so.2 +%{_libdir}/security/pam_sss.so +%{_libdir}/security/pam_sss_gss.so %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so %{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so -%if (0%{?with_cifs_utils_plugin} == 1) %dir %{_libdir}/cifs-utils %{_libdir}/cifs-utils/cifs_idmap_sss.so %dir %{_sysconfdir}/cifs-utils %ghost %{_sysconfdir}/cifs-utils/idmap-plugin -%endif %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/modules %{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so @@ -1183,153 +840,74 @@ done %{_mandir}/man8/sssd_krb5_locator_plugin.8* %files -n libsss_sudo -%defattr(-,root,root,-) %license src/sss_client/COPYING %{_libdir}/libsss_sudo.so* %files -n libsss_autofs -%defattr(-,root,root,-) %license src/sss_client/COPYING src/sss_client/COPYING.LESSER %dir %{_libdir}/%{name}/modules %{_libdir}/%{name}/modules/libsss_autofs.so %files tools -f sssd_tools.lang -%defattr(-,root,root,-) %license COPYING -%if (0%{with_local_provider} == 1) -%{_sbindir}/sss_useradd -%{_sbindir}/sss_userdel -%{_sbindir}/sss_usermod -%{_sbindir}/sss_groupadd -%{_sbindir}/sss_groupdel -%{_sbindir}/sss_groupmod -%{_sbindir}/sss_groupshow -%endif %{_sbindir}/sss_obfuscate %{_sbindir}/sss_override %{_sbindir}/sss_debuglevel %{_sbindir}/sss_seed %{_sbindir}/sssctl -%if (0%{with_local_provider} == 1) -%{_mandir}/man8/sss_groupadd.8* -%{_mandir}/man8/sss_groupdel.8* -%{_mandir}/man8/sss_groupmod.8* -%{_mandir}/man8/sss_groupshow.8* -%{_mandir}/man8/sss_useradd.8* -%{_mandir}/man8/sss_userdel.8* -%{_mandir}/man8/sss_usermod.8* -%endif %{_mandir}/man8/sss_obfuscate.8* %{_mandir}/man8/sss_override.8* %{_mandir}/man8/sss_debuglevel.8* %{_mandir}/man8/sss_seed.8* %{_mandir}/man8/sssctl.8* -%if (0%{?with_python2} == 1) -%files -n python2-sssdconfig -f python2_sssdconfig.lang -%defattr(-,root,root,-) -%dir %{python2_sitelib}/SSSDConfig -%{python2_sitelib}/SSSDConfig/*.py* -%dir %{_datadir}/sssd -%{_datadir}/sssd/sssd.api.conf -%{_datadir}/sssd/sssd.api.d -%endif - -%if (0%{?with_python3} == 1) %files -n python3-sssdconfig -f python3_sssdconfig.lang -%defattr(-,root,root,-) %dir %{python3_sitelib}/SSSDConfig %{python3_sitelib}/SSSDConfig/*.py* %dir %{python3_sitelib}/SSSDConfig/__pycache__ %{python3_sitelib}/SSSDConfig/__pycache__/*.py* -%dir %{_datadir}/sssd -%{_datadir}/sssd/sssd.api.conf -%{_datadir}/sssd/sssd.api.d -%endif - -%if (0%{?with_python2} == 1) -%files -n python2-sss -%defattr(-,root,root,-) -%{python2_sitearch}/pysss.so -%endif -%if (0%{?with_python3} == 1) %files -n python3-sss -%defattr(-,root,root,-) %{python3_sitearch}/pysss.so -%endif -%if (0%{?with_python2} == 1) -%files -n python2-sss-murmur -%defattr(-,root,root,-) -%{python2_sitearch}/pysss_murmur.so -%endif - -%if (0%{?with_python3} == 1) %files -n python3-sss-murmur -%defattr(-,root,root,-) %{python3_sitearch}/pysss_murmur.so -%endif %files -n libsss_idmap -%defattr(-,root,root,-) %license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libsss_idmap.so.* %files -n libsss_idmap-devel -%defattr(-,root,root,-) %doc idmap_doc/html %{_includedir}/sss_idmap.h %{_libdir}/libsss_idmap.so %{_libdir}/pkgconfig/sss_idmap.pc %files -n libipa_hbac -%defattr(-,root,root,-) %license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libipa_hbac.so.* %files -n libipa_hbac-devel -%defattr(-,root,root,-) %doc hbac_doc/html %{_includedir}/ipa_hbac.h %{_libdir}/libipa_hbac.so %{_libdir}/pkgconfig/ipa_hbac.pc %files -n libsss_nss_idmap -%defattr(-,root,root,-) %license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libsss_nss_idmap.so.* %files -n libsss_nss_idmap-devel -%defattr(-,root,root,-) %doc nss_idmap_doc/html %{_includedir}/sss_nss_idmap.h %{_libdir}/libsss_nss_idmap.so %{_libdir}/pkgconfig/sss_nss_idmap.pc -%if (0%{?with_python2} == 1) -%files -n python2-libsss_nss_idmap -%defattr(-,root,root,-) -%{python2_sitearch}/pysss_nss_idmap.so -%endif - -%if (0%{?with_python3} == 1) %files -n python3-libsss_nss_idmap -%defattr(-,root,root,-) %{python3_sitearch}/pysss_nss_idmap.so -%endif -%if (0%{?with_python2} == 1) -%files -n python2-libipa_hbac -%defattr(-,root,root,-) -%{python2_sitearch}/pyhbac.so -%endif - -%if (0%{?with_python3} == 1) %files -n python3-libipa_hbac -%defattr(-,root,root,-) %{python3_sitearch}/pyhbac.so -%endif %files winbind-idmap -f sssd_winbind_idmap.lang %dir %{_libdir}/samba/idmap @@ -1341,44 +919,26 @@ done %{_libdir}/libnfsidmap/sss.so %files -n libsss_certmap -f libsss_certmap.lang -%defattr(-,root,root,-) %license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libsss_certmap.so.* %{_mandir}/man5/sss-certmap.5* %files -n libsss_certmap-devel -%defattr(-,root,root,-) %doc certmap_doc/html %{_includedir}/sss_certmap.h %{_libdir}/libsss_certmap.so %{_libdir}/pkgconfig/sss_certmap.pc -%if (0%{?with_kcm} == 1) %files kcm -f sssd_kcm.lang -%attr(700,root,root) %dir %{secdbpath} %{_libexecdir}/%{servicename}/sssd_kcm -%if (0%{?with_secrets} == 1) -%{_libexecdir}/%{servicename}/sssd_secrets -%endif %config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache %dir %{_datadir}/sssd-kcm %{_datadir}/sssd-kcm/kcm_default_ccache %{_unitdir}/sssd-kcm.socket %{_unitdir}/sssd-kcm.service %{_mandir}/man8/sssd-kcm.8* -%if (0%{?with_secrets} == 1) -%{_unitdir}/sssd-secrets.socket -%{_unitdir}/sssd-secrets.service -%{_mandir}/man5/sssd-secrets.5* -%endif -%endif - -%pre common -getent group sssd >/dev/null || groupadd -r sssd -getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd +%{_libdir}/%{name}/libsss_secrets.so -%if (0%{?use_systemd} == 1) -# systemd %post common %systemd_post sssd.service %systemd_post sssd-autofs.socket @@ -1400,7 +960,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %systemd_preun sssd-sudo.socket %postun common -%systemd_postun_with_restart sssd.service %systemd_postun_with_restart sssd-autofs.socket %systemd_postun_with_restart sssd-autofs.service %systemd_postun_with_restart sssd-nss.socket @@ -1424,7 +983,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %postun dbus %systemd_postun_with_restart sssd-ifp.service -%if (0%{?with_kcm} == 1) %post kcm %systemd_post sssd-kcm.socket @@ -1434,74 +992,33 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us %postun kcm %systemd_postun_with_restart sssd-kcm.socket %systemd_postun_with_restart sssd-kcm.service -%endif - -%if (0%{?with_secrets} == 1) -%post secrets -%systemd_postun_with_restart sssd-secrets.socket - -%preun secrets -%systemd_preun_with_restart sssd-secrets.socket - -%postun secrets -%systemd_postun_with_restart sssd-secrets.socket -%systemd_postun_with_restart sssd-secrets.service -%endif - -%else -# sysv -%post common -/sbin/chkconfig --add %{servicename} - -%posttrans -/sbin/service %{servicename} condrestart 2>&1 > /dev/null -%preun common -if [ $1 = 0 ] ; then - /sbin/service %{servicename} stop 2>&1 > /dev/null - /sbin/chkconfig --del %{servicename} -fi -%endif - -%if (0%{?with_cifs_utils_plugin} == 1) %post client -/sbin/ldconfig +%{?ldconfig} /usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20 %preun client if [ $1 -eq 0 ] ; then /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so fi -%else -%post client -p /sbin/ldconfig -%endif -%postun client -p /sbin/ldconfig +%ldconfig_postun client -%post -n libsss_sudo -p /sbin/ldconfig +%ldconfig_scriptlets -n libsss_sudo -%postun -n libsss_sudo -p /sbin/ldconfig +%ldconfig_scriptlets -n libipa_hbac -%post -n libipa_hbac -p /sbin/ldconfig +%ldconfig_scriptlets -n libsss_idmap -%postun -n libipa_hbac -p /sbin/ldconfig +%ldconfig_scriptlets -n libsss_nss_idmap -%post -n libsss_idmap -p /sbin/ldconfig +%ldconfig_scriptlets -n libsss_simpleifp -%postun -n libsss_idmap -p /sbin/ldconfig +%ldconfig_scriptlets -n libsss_certmap -%post -n libsss_nss_idmap -p /sbin/ldconfig - -%postun -n libsss_nss_idmap -p /sbin/ldconfig - -%post -n libsss_simpleifp -p /sbin/ldconfig - -%postun -n libsss_simpleifp -p /sbin/ldconfig - -%post -n libsss_certmap -p /sbin/ldconfig - -%postun -n libsss_certmap -p /sbin/ldconfig +%posttrans common +%systemd_postun_with_restart sssd.service %changelog -* Mon Mar 15 2010 Stephen Gallagher <sgall...@redhat.com> - @PACKAGE_VERSION@-0@PRERELEASE_VERSION@ -- Automated build of the SSSD +* Thu Jan 21 2021 Pavel Březina <pbrez...@redhat.com> - @PACKAGE_NAME@-@PACKAGE_VERSION@-0@PRERELEASE_VERSION@ +- Built from upstream sources. \ No newline at end of file diff --git a/contrib/sssd.spec.in.bak b/contrib/sssd.spec.in.bak new file mode 100644 index 0000000000..b5ba92854c --- /dev/null +++ b/contrib/sssd.spec.in.bak @@ -0,0 +1,983 @@ +# we don't want to provide private python extension libs +%define __provides_exclude_from %{python3_sitearch}/.*\.so$ + +# SSSD fails to build with -Wl,-z,defs +#%undefine _strict_symbol_defs_build + +%define _hardened_build 1 + +# Determine the location of the LDB modules directory +%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) +%global ldb_version 1.2.0 + +Name: @PACKAGE_NAME@ +Version: @PACKAGE_VERSION@ +Release: 0@PRERELEASE_VERSION@%{?dist} +Summary: System Security Services Daemon +License: GPLv3+ +URL: https://github.com/SSSD/sssd/ +Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz + +### Patches ### + +### Downstream only patches ### + +### Dependencies ### + +Requires: sssd-common = %{version}-%{release} +Requires: sssd-ldap = %{version}-%{release} +Requires: sssd-krb5 = %{version}-%{release} +Requires: sssd-ipa = %{version}-%{release} +Requires: sssd-ad = %{version}-%{release} +Recommends: sssd-proxy = %{version}-%{release} +Suggests: python3-sssdconfig = %{version}-%{release} +Suggests: sssd-dbus = %{version}-%{release} + +%global servicename sssd +%global sssdstatedir %{_localstatedir}/lib/sss +%global dbpath %{sssdstatedir}/db +%global keytabdir %{sssdstatedir}/keytabs +%global pipepath %{sssdstatedir}/pipes +%global mcpath %{sssdstatedir}/mc +%global pubconfpath %{sssdstatedir}/pubconf +%global gpocachepath %{sssdstatedir}/gpo_cache +%global secdbpath %{sssdstatedir}/secrets +%global deskprofilepath %{sssdstatedir}/deskprofile + +### Build Dependencies ### + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: bind-utils +BuildRequires: c-ares-devel +BuildRequires: check-devel +BuildRequires: cifs-utils-devel +BuildRequires: dbus-devel +BuildRequires: dbus-libs +BuildRequires: diffstat +BuildRequires: docbook-style-xsl +BuildRequires: doxygen +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: gdm-pam-extensions-devel +BuildRequires: gettext-devel +BuildRequires: glib2-devel +BuildRequires: gnutls-utils +BuildRequires: jansson-devel +BuildRequires: keyutils-libs-devel +BuildRequires: krb5-devel +BuildRequires: libcmocka-devel >= 1.0.0 +BuildRequires: libcollection-devel +BuildRequires: libcurl-devel +BuildRequires: libdhash-devel >= 0.4.2 +BuildRequires: libini_config-devel >= 1.1 +BuildRequires: libldb-devel >= %{ldb_version} +BuildRequires: libnfsidmap-devel +BuildRequires: libnl3-devel +BuildRequires: libselinux-devel +BuildRequires: libsemanage-devel +BuildRequires: libsmbclient-devel +BuildRequires: libtalloc-devel +BuildRequires: libtdb-devel +BuildRequires: libtevent-devel +BuildRequires: libtool +BuildRequires: libuuid-devel +BuildRequires: libxml2 +BuildRequires: libxslt +BuildRequires: m4 +BuildRequires: make +BuildRequires: nspr-devel +BuildRequires: nss_wrapper +BuildRequires: openldap-devel +BuildRequires: openssh +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: p11-kit-devel +BuildRequires: pam_wrapper +BuildRequires: pam-devel +BuildRequires: pcre-devel +BuildRequires: pkgconfig +BuildRequires: popt-devel +BuildRequires: python3-devel +BuildRequires: samba-winbind +BuildRequires: samba4-devel +BuildRequires: selinux-policy-targeted +BuildRequires: softhsm >= 2.1.0 +BuildRequires: systemd +BuildRequires: systemd-devel +BuildRequires: systemtap-sdt-devel +BuildRequires: uid_wrapper + +%description +Provides a set of daemons to manage access to remote directories and +authentication mechanisms. It provides an NSS and PAM interface toward +the system and a plug-gable back-end system to connect to multiple different +account sources. It is also the basis to provide client auditing and policy +services for projects like FreeIPA. + +The sssd sub-package is a meta-package that contains the daemon as well as all +the existing back ends. + +%package common +Summary: Common files for the SSSD +License: GPLv3+ +# Conflicts +Conflicts: selinux-policy < 3.10.0-46 +Conflicts: sssd < 1.10.0-8%{?dist}.beta2 +# Requires +# due to ABI changes in 1.1.30/1.2.0 +Requires: libldb >= %{ldb_version} +Requires: sssd-client%{?_isa} = %{version}-%{release} +Recommends: libsss_sudo = %{version}-%{release} +Recommends: libsss_autofs%{?_isa} = %{version}-%{release} +Recommends: sssd-nfs-idmap = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +%{?systemd_requires} + +### Provides ### +Provides: libsss_sudo-devel = %{version}-%{release} +Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 + +%description common +Common files for the SSSD. The common package includes all the files needed +to run a particular back end, however, the back ends are packaged in separate +sub-packages such as sssd-ldap. + +%package client +Summary: SSSD Client libraries for NSS and PAM +License: LGPLv3+ +Requires(post): /sbin/ldconfig +Requires(post): /usr/sbin/alternatives +Requires(preun): /usr/sbin/alternatives + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD +service. + +%package -n libsss_sudo +Summary: A library to allow communication between SUDO and SSSD +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_sudo +A utility library to allow communication between SUDO and SSSD + +%package -n libsss_autofs +Summary: A library to allow communication between Autofs and SSSD +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_autofs +A utility library to allow communication between Autofs and SSSD + +%package tools +Summary: Userspace tools for use with the SSSD +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +# required by sss_obfuscate +Requires: python3-sss = %{version}-%{release} +Requires: python3-sssdconfig = %{version}-%{release} +Recommends: sssd-dbus + +%description tools +Provides userspace tools for manipulating users, groups, and nested groups in +SSSD when using id_provider = local in /etc/sssd/sssd.conf. + +Also provides several other administrative tools: + * sss_debuglevel to change the debug level on the fly + * sss_seed which pre-creates a user entry for use in kickstarts + * sss_obfuscate for generating an obfuscated LDAP password + * sssctl -- an sssd status and control utility + +%package -n python3-sssdconfig +Summary: SSSD and IPA configuration file manipulation classes and functions +License: GPLv3+ +BuildArch: noarch +%{?python_provide:%python_provide python3-sssdconfig} + +%description -n python3-sssdconfig +Provides python3 files for manipulation SSSD and IPA configuration files. + +%package -n python3-sss +Summary: Python3 bindings for sssd +License: LGPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?python_provide:%python_provide python3-sss} + +%description -n python3-sss +Provides python3 module for manipulating users, groups, and nested groups in +SSSD when using id_provider = local in /etc/sssd/sssd.conf. + +Also provides several other useful python3 bindings: + * function for retrieving list of groups user belongs to. + * class for obfuscation of passwords + +%package -n python3-sss-murmur +Summary: Python3 bindings for murmur hash function +License: LGPLv3+ +%{?python_provide:%python_provide python3-sss-murmur} + +%description -n python3-sss-murmur +Provides python3 module for calculating the murmur hash version 3 + +%package ldap +Summary: The LDAP back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description ldap +Provides the LDAP back end that the SSSD can utilize to fetch identity data +from and authenticate against an LDAP server. + +%package krb5-common +Summary: SSSD helpers needed for Kerberos and GSSAPI authentication +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: cyrus-sasl-gssapi%{?_isa} +Requires: sssd-common = %{version}-%{release} + +%description krb5-common +Provides helper processes that the LDAP and Kerberos back ends can use for +Kerberos user or host authentication. + +%package krb5 +Summary: The Kerberos authentication back end for the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description krb5 +Provides the Kerberos back end that the SSSD can utilize authenticate +against a Kerberos server. + +%package common-pac +Summary: Common files needed for supporting PAC processing +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} + +%description common-pac +Provides common files needed by SSSD providers such as IPA and Active Directory +for handling Kerberos PACs. + +%package ipa +Summary: The IPA back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libipa_hbac%{?_isa} = %{version}-%{release} +Recommends: bind-utils +Requires: sssd-common-pac = %{version}-%{release} + +%description ipa +Provides the IPA back end that the SSSD can utilize to fetch identity data +from and authenticate against an IPA server. + +%package ad +Summary: The AD back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: sssd-common-pac = %{version}-%{release} +Recommends: bind-utils +Recommends: adcli +Suggests: sssd-winbind-idmap = %{version}-%{release} + +%description ad +Provides the Active Directory back end that the SSSD can utilize to fetch +identity data from and authenticate against an Active Directory server. + +%package proxy +Summary: The proxy back end of the SSSD +License: GPLv3+ +Conflicts: sssd < 1.10.0-8.beta2 +Requires: sssd-common = %{version}-%{release} + +%description proxy +Provides the proxy back end which can be used to wrap an existing NSS and/or +PAM modules to leverage SSSD caching. + +%package -n libsss_idmap +Summary: FreeIPA Idmap library +License: LGPLv3+ + +%description -n libsss_idmap +Utility library to convert SIDs to Unix uids and gids + +%package -n libsss_idmap-devel +Summary: FreeIPA Idmap library +License: LGPLv3+ +Requires: libsss_idmap = %{version}-%{release} + +%description -n libsss_idmap-devel +Utility library to SIDs to Unix uids and gids + +%package -n libipa_hbac +Summary: FreeIPA HBAC Evaluator library +License: LGPLv3+ + +%description -n libipa_hbac +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n libipa_hbac-devel +Summary: FreeIPA HBAC Evaluator library +License: LGPLv3+ +Requires: libipa_hbac = %{version}-%{release} + +%description -n libipa_hbac-devel +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n python3-libipa_hbac +Summary: Python3 bindings for the FreeIPA HBAC Evaluator library +License: LGPLv3+ +Requires: libipa_hbac = %{version}-%{release} +%{?python_provide:%python_provide python3-libipa_hbac} + +%description -n python3-libipa_hbac +The python3-libipa_hbac contains the bindings so that libipa_hbac can be +used by Python applications. + +%package -n libsss_nss_idmap +Summary: Library for SID and certificate based lookups +License: LGPLv3+ + +%description -n libsss_nss_idmap +Utility library for SID and certificate based lookups + +%package -n libsss_nss_idmap-devel +Summary: Library for SID and certificate based lookups +License: LGPLv3+ +Requires: libsss_nss_idmap = %{version}-%{release} + +%description -n libsss_nss_idmap-devel +Utility library for SID and certificate based lookups + +%package -n python3-libsss_nss_idmap +Summary: Python3 bindings for libsss_nss_idmap +License: LGPLv3+ +Requires: libsss_nss_idmap = %{version}-%{release} +%{?python_provide:%python_provide python3-libsss_nss_idmap} + +%description -n python3-libsss_nss_idmap +The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can +be used by Python applications. + +%package dbus +Summary: The D-Bus responder of the SSSD +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description dbus +Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows +the information from the SSSD to be transmitted over the system bus. + +%package -n libsss_simpleifp +Summary: The SSSD D-Bus responder helper library +License: GPLv3+ +Requires: sssd-dbus = %{version}-%{release} + +%description -n libsss_simpleifp +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +%package -n libsss_simpleifp-devel +Summary: The SSSD D-Bus responder helper library +License: GPLv3+ +Requires: dbus-devel +Requires: libsss_simpleifp = %{version}-%{release} + +%description -n libsss_simpleifp-devel +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +%package winbind-idmap +Summary: SSSD's idmap_sss Backend for Winbind +License: GPLv3+ and LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description winbind-idmap +The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs +and SIDs. + +%package nfs-idmap +Summary: SSSD plug-in for NFSv4 rpc.idmapd +License: GPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description nfs-idmap +The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map +UIDs/GIDs to names and vice versa. It can be also used for mapping principal +(user) name to IDs(UID or GID) or to obtain groups which user are member of. + +%package -n libsss_certmap +Summary: SSSD Certificate Mapping Library +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_certmap +Library to map certificates to users based on rules + +%package -n libsss_certmap-devel +Summary: SSSD Certificate Mapping Library +License: LGPLv3+ +Requires: libsss_certmap = %{version}-%{release} + +%description -n libsss_certmap-devel +Library to map certificates to users based on rules + +%package kcm +Summary: An implementation of a Kerberos KCM server +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description kcm +An implementation of a Kerberos KCM server. Use this package if you want to +use the KCM: Kerberos credentials cache. + +%prep +# Update timestamps on the files touched by a patch, to avoid non-equal +# .pyc/.pyo files across the multilib peers within a build, where "Level" +# is the patch prefix option (e.g. -p1) +# Taken from specfile for python-simplejson +UpdateTimestamps() { + Level=$1 + PatchFile=$2 + + # Locate the affected files: + for f in $(diffstat $Level -l $PatchFile); do + # Set the files to have the same timestamp as that of the patch: + touch -r $PatchFile $f + done +} + +%setup -q + +for p in %patches ; do + %__patch -p1 -i $p + UpdateTimestamps -p1 $p +done + +%build +autoreconf -ivf + +%configure \ + --disable-rpath \ + --disable-static \ + --enable-files-domain \ + --enable-gss-spnego-for-zero-maxssf \ + --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ + --enable-nsslibdir=%{_libdir} \ + --enable-pammoddir=%{_libdir}/security \ + --enable-sss-default-nss-plugin \ + --enable-systemtap \ + --with-crypto=libcrypto \ + --with-db-path=%{dbpath} \ + --with-gpo-cache-path=%{gpocachepath} \ + --with-init-dir=%{_initrddir} \ + --with-initscript=systemd \ + --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \ + --with-mcache-path=%{mcpath} \ + --with-pid-path=%{_rundir} \ + --with-pipe-path=%{pipepath} \ + --with-pubconf-path=%{pubconfpath} \ + --with-syslog=journald \ + --with-test-dir=/dev/shm + +%make_build all docs runstatedir=%{_rundir} + +sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate + +%check +export CK_TIMEOUT_MULTIPLIER=10 +%make_build check VERBOSE=yes +unset CK_TIMEOUT_MULTIPLIER + +%install + +%make_install + +# Prepare language files +/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd + +# Copy default logrotate file +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d +install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd + +# Make sure SSSD is able to run on read-only root +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d +install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd + +# Kerberos KCM credential cache by default +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d +cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \ + $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache + +# Create directory for cifs-idmap alternative +# Otherwise this directory could not be owned by sssd-client +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils + +# Remove .la files created by libtool +find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; + +# Suppress developer-only documentation +rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} + +# Older versions of rpmbuild can only handle one -f option +# So we need to append to the sssd*.lang file +for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null` +do + echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang +done + +touch sssd.lang +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + touch $subpackage.lang +done + +for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"` +do + lang=`echo $man | cut -c 1-2` + case `basename $man` in + sss_cache*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_ssh*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_rpcidmapd*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang + ;; + sss_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssctl*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssd_krb5_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + pam_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + sssd-ldap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang + ;; + sssd-krb5*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang + ;; + sssd-ipa*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang + ;; + sssd-ad*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang + ;; + sssd-proxy*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang + ;; + sssd-ifp*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang + ;; + sssd-kcm*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang + ;; + idmap_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang + ;; + sss-certmap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang + ;; + *) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + esac +done + +# Print these to the rpmbuild log +echo "sssd.lang:" +cat sssd.lang + +echo "python3_sssdconfig.lang:" +cat python3_sssdconfig.lang + +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + echo "$subpackage.lang:" + cat $subpackage.lang +done + +%files +%license COPYING + +%files common -f sssd.lang +%license COPYING +%doc src/examples/sssd-example.conf +%{_sbindir}/sssd +%{_unitdir}/sssd.service +%{_unitdir}/sssd-autofs.socket +%{_unitdir}/sssd-autofs.service +%{_unitdir}/sssd-nss.socket +%{_unitdir}/sssd-nss.service +%{_unitdir}/sssd-pac.socket +%{_unitdir}/sssd-pac.service +%{_unitdir}/sssd-pam.socket +%{_unitdir}/sssd-pam-priv.socket +%{_unitdir}/sssd-pam.service +%{_unitdir}/sssd-ssh.socket +%{_unitdir}/sssd-ssh.service +%{_unitdir}/sssd-sudo.socket +%{_unitdir}/sssd-sudo.service + +%dir %{_libexecdir}/%{servicename} +%{_libexecdir}/%{servicename}/sssd_be +%{_libexecdir}/%{servicename}/sssd_nss +%{_libexecdir}/%{servicename}/sssd_pam +%{_libexecdir}/%{servicename}/sssd_autofs +%{_libexecdir}/%{servicename}/sssd_ssh +%{_libexecdir}/%{servicename}/sssd_sudo +%{_libexecdir}/%{servicename}/p11_child +%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders + +%dir %{_libdir}/%{name} +# The files provider is intentionally packaged in -common +%{_libdir}/%{name}/libsss_files.so +%{_libdir}/%{name}/libsss_simple.so + +#Internal shared libraries +%{_libdir}/%{name}/libsss_child.so +%{_libdir}/%{name}/libsss_crypt.so +%{_libdir}/%{name}/libsss_cert.so +%{_libdir}/%{name}/libsss_debug.so +%{_libdir}/%{name}/libsss_krb5_common.so +%{_libdir}/%{name}/libsss_ldap_common.so +%{_libdir}/%{name}/libsss_util.so +%{_libdir}/%{name}/libsss_semanage.so +%{_libdir}/%{name}/libifp_iface.so +%{_libdir}/%{name}/libifp_iface_sync.so +%{_libdir}/%{name}/libsss_iface.so +%{_libdir}/%{name}/libsss_iface_sync.so +%{_libdir}/%{name}/libsss_sbus.so +%{_libdir}/%{name}/libsss_sbus_sync.so + +%{ldb_modulesdir}/memberof.so +%{_bindir}/sss_ssh_authorizedkeys +%{_bindir}/sss_ssh_knownhostsproxy +%{_sbindir}/sss_cache +%{_libexecdir}/%{servicename}/sss_signal + +%dir %{sssdstatedir} +%dir %{_localstatedir}/cache/krb5rcache +%attr(700,root,root) %dir %{dbpath} +%attr(775,root,root) %dir %{mcpath} +%attr(700,root,root) %dir %{secdbpath} +%attr(751,root,root) %dir %{deskprofilepath} +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/passwd +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/group +%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/initgroups +%attr(755,root,root) %dir %{pipepath} +%attr(700,root,root) %dir %{pipepath}/private +%attr(755,root,root) %dir %{pubconfpath} +%attr(755,root,root) %dir %{gpocachepath} +%attr(750,root,root) %dir %{_var}/log/%{name} +%attr(700,root,root) %dir %{_sysconfdir}/sssd +%attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d +%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki +%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%dir %{_sysconfdir}/logrotate.d +%config(noreplace) %{_sysconfdir}/logrotate.d/sssd +%dir %{_sysconfdir}/rwtab.d +%config(noreplace) %{_sysconfdir}/rwtab.d/sssd +%dir %{_datadir}/sssd +%{_sysconfdir}/pam.d/sssd-shadowutils +%dir %{_libdir}/%{name}/conf +%{_libdir}/%{name}/conf/sssd.conf + +%{_datadir}/sssd/cfg_rules.ini +%{_datadir}/sssd/sssd.api.conf +%{_datadir}/sssd/sssd.api.d +%{_mandir}/man1/sss_ssh_authorizedkeys.1* +%{_mandir}/man1/sss_ssh_knownhostsproxy.1* +%{_mandir}/man5/sssd.conf.5* +%{_mandir}/man5/sssd-files.5* +%{_mandir}/man5/sssd-simple.5* +%{_mandir}/man5/sssd-sudo.5* +%{_mandir}/man5/sssd-session-recording.5* +%{_mandir}/man8/sssd.8* +%{_mandir}/man8/sss_cache.8* +%dir %{_datadir}/sssd/systemtap +%{_datadir}/sssd/systemtap/id_perf.stp +%{_datadir}/sssd/systemtap/nested_group_perf.stp +%{_datadir}/sssd/systemtap/dp_request.stp +%{_datadir}/sssd/systemtap/ldap_perf.stp +%dir %{_datadir}/systemtap +%dir %{_datadir}/systemtap/tapset +%{_datadir}/systemtap/tapset/sssd.stp +%{_datadir}/systemtap/tapset/sssd_functions.stp +%{_mandir}/man5/sssd-systemtap.5* + + +%files ldap -f sssd_ldap.lang +%license COPYING +%{_libdir}/%{name}/libsss_ldap.so +%{_mandir}/man5/sssd-ldap.5* +%{_mandir}/man5/sssd-ldap-attributes.5* + +%files krb5-common +%license COPYING +%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d +%{_libexecdir}/%{servicename}/ldap_child +%{_libexecdir}/%{servicename}/krb5_child + +%files krb5 -f sssd_krb5.lang +%license COPYING +%{_libdir}/%{name}/libsss_krb5.so +%{_mandir}/man5/sssd-krb5.5* + +%files common-pac +%license COPYING +%{_libexecdir}/%{servicename}/sssd_pac + +%files ipa -f sssd_ipa.lang +%license COPYING +%attr(700,root,root) %dir %{keytabdir} +%{_libdir}/%{name}/libsss_ipa.so +%{_libexecdir}/%{servicename}/selinux_child +%{_mandir}/man5/sssd-ipa.5* + +%files ad -f sssd_ad.lang +%license COPYING +%{_libdir}/%{name}/libsss_ad.so +%{_libexecdir}/%{servicename}/gpo_child +%{_mandir}/man5/sssd-ad.5* + +%files proxy +%license COPYING +%{_libexecdir}/%{servicename}/proxy_child +%{_libdir}/%{name}/libsss_proxy.so + +%files dbus -f sssd_dbus.lang +%license COPYING +%{_libexecdir}/%{servicename}/sssd_ifp +%{_mandir}/man5/sssd-ifp.5* +%{_unitdir}/sssd-ifp.service +# InfoPipe DBus plumbing +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service + +%files -n libsss_simpleifp +%{_libdir}/libsss_simpleifp.so.* + +%files -n libsss_simpleifp-devel +%doc sss_simpleifp_doc/html +%{_includedir}/sss_sifp.h +%{_includedir}/sss_sifp_dbus.h +%{_libdir}/libsss_simpleifp.so +%{_libdir}/pkgconfig/sss_simpleifp.pc + +%files client -f sssd_client.lang +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libnss_sss.so.2 +%{_libdir}/security/pam_sss.so +%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so +%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so +%dir %{_libdir}/cifs-utils +%{_libdir}/cifs-utils/cifs_idmap_sss.so +%dir %{_sysconfdir}/cifs-utils +%ghost %{_sysconfdir}/cifs-utils/idmap-plugin +%dir %{_libdir}/%{name} +%dir %{_libdir}/%{name}/modules +%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so +%{_mandir}/man8/pam_sss.8* +%{_mandir}/man8/sssd_krb5_locator_plugin.8* + +%files -n libsss_sudo +%license src/sss_client/COPYING +%{_libdir}/libsss_sudo.so* + +%files -n libsss_autofs +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%dir %{_libdir}/%{name}/modules +%{_libdir}/%{name}/modules/libsss_autofs.so + +%files tools -f sssd_tools.lang +%license COPYING +%{_sbindir}/sss_obfuscate +%{_sbindir}/sss_override +%{_sbindir}/sss_debuglevel +%{_sbindir}/sss_seed +%{_sbindir}/sssctl +%{_mandir}/man8/sss_obfuscate.8* +%{_mandir}/man8/sss_override.8* +%{_mandir}/man8/sss_debuglevel.8* +%{_mandir}/man8/sss_seed.8* +%{_mandir}/man8/sssctl.8* + +%files -n python3-sssdconfig -f python3_sssdconfig.lang +%dir %{python3_sitelib}/SSSDConfig +%{python3_sitelib}/SSSDConfig/*.py* +%dir %{python3_sitelib}/SSSDConfig/__pycache__ +%{python3_sitelib}/SSSDConfig/__pycache__/*.py* + +%files -n python3-sss +%{python3_sitearch}/pysss.so + +%files -n python3-sss-murmur +%{python3_sitearch}/pysss_murmur.so + +%files -n libsss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_idmap.so.* + +%files -n libsss_idmap-devel +%doc idmap_doc/html +%{_includedir}/sss_idmap.h +%{_libdir}/libsss_idmap.so +%{_libdir}/pkgconfig/sss_idmap.pc + +%files -n libipa_hbac +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libipa_hbac.so.* + +%files -n libipa_hbac-devel +%doc hbac_doc/html +%{_includedir}/ipa_hbac.h +%{_libdir}/libipa_hbac.so +%{_libdir}/pkgconfig/ipa_hbac.pc + +%files -n libsss_nss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_nss_idmap.so.* + +%files -n libsss_nss_idmap-devel +%doc nss_idmap_doc/html +%{_includedir}/sss_nss_idmap.h +%{_libdir}/libsss_nss_idmap.so +%{_libdir}/pkgconfig/sss_nss_idmap.pc + +%files -n python3-libsss_nss_idmap +%{python3_sitearch}/pysss_nss_idmap.so + +%files -n python3-libipa_hbac +%{python3_sitearch}/pyhbac.so + +%files winbind-idmap -f sssd_winbind_idmap.lang +%dir %{_libdir}/samba/idmap +%{_libdir}/samba/idmap/sss.so +%{_mandir}/man8/idmap_sss.8* + +%files nfs-idmap -f sssd_nfs_idmap.lang +%{_mandir}/man5/sss_rpcidmapd.5* +%{_libdir}/libnfsidmap/sss.so + +%files -n libsss_certmap -f libsss_certmap.lang +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_certmap.so.* +%{_mandir}/man5/sss-certmap.5* + +%files -n libsss_certmap-devel +%doc certmap_doc/html +%{_includedir}/sss_certmap.h +%{_libdir}/libsss_certmap.so +%{_libdir}/pkgconfig/sss_certmap.pc + +%files kcm -f sssd_kcm.lang +%{_libexecdir}/%{servicename}/sssd_kcm +%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache +%dir %{_datadir}/sssd-kcm +%{_datadir}/sssd-kcm/kcm_default_ccache +%{_unitdir}/sssd-kcm.socket +%{_unitdir}/sssd-kcm.service +%{_mandir}/man8/sssd-kcm.8* +%{_libdir}/%{name}/libsss_secrets.so + +%post common +%systemd_post sssd.service +%systemd_post sssd-autofs.socket +%systemd_post sssd-nss.socket +%systemd_post sssd-pac.socket +%systemd_post sssd-pam.socket +%systemd_post sssd-pam-priv.socket +%systemd_post sssd-ssh.socket +%systemd_post sssd-sudo.socket + +%preun common +%systemd_preun sssd.service +%systemd_preun sssd-autofs.socket +%systemd_preun sssd-nss.socket +%systemd_preun sssd-pac.socket +%systemd_preun sssd-pam.socket +%systemd_preun sssd-pam-priv.socket +%systemd_preun sssd-ssh.socket +%systemd_preun sssd-sudo.socket + +%postun common +%systemd_postun_with_restart sssd-autofs.socket +%systemd_postun_with_restart sssd-autofs.service +%systemd_postun_with_restart sssd-nss.socket +%systemd_postun_with_restart sssd-nss.service +%systemd_postun_with_restart sssd-pac.socket +%systemd_postun_with_restart sssd-pac.service +%systemd_postun_with_restart sssd-pam.socket +%systemd_postun_with_restart sssd-pam-priv.socket +%systemd_postun_with_restart sssd-pam.service +%systemd_postun_with_restart sssd-ssh.socket +%systemd_postun_with_restart sssd-ssh.service +%systemd_postun_with_restart sssd-sudo.socket +%systemd_postun_with_restart sssd-sudo.service + +%post dbus +%systemd_post sssd-ifp.service + +%preun dbus +%systemd_preun sssd-ifp.service + +%postun dbus +%systemd_postun_with_restart sssd-ifp.service + +%post kcm +%systemd_post sssd-kcm.socket + +%preun kcm +%systemd_preun sssd-kcm.socket + +%postun kcm +%systemd_postun_with_restart sssd-kcm.socket +%systemd_postun_with_restart sssd-kcm.service + +%post client +%{?ldconfig} +/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20 + +%preun client +if [ $1 -eq 0 ] ; then + /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so +fi + +%ldconfig_postun client + +%ldconfig_scriptlets -n libsss_sudo + +%ldconfig_scriptlets -n libipa_hbac + +%ldconfig_scriptlets -n libsss_idmap + +%ldconfig_scriptlets -n libsss_nss_idmap + +%ldconfig_scriptlets -n libsss_simpleifp + +%ldconfig_scriptlets -n libsss_certmap + +%posttrans common +%systemd_postun_with_restart sssd.service + +%changelog +* Thu Jan 21 2020 Pavel Březina <pbrez...@redhat.com> - @PACKAGE_NAME@-@PACKAGE_VERSION@-0@PRERELEASE_VERSION@ +- Built from upstream sources. From 714ee0839c04a071881d3fc58a3b4a89bafae42f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 25 Jan 2021 12:45:03 +0100 Subject: [PATCH 2/8] spec: remove unneeded conditionals and unused variables This patch removes unused variables and unneeded conditions that reflect current state. --- contrib/sssd.spec.in | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 6fb573ded2..afdf55bb7c 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -1,7 +1,5 @@ # SSSD SPEC file for Fedora 34+ and RHEL-9+ -%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//') - # we don't want to provide private python extension libs %define __provides_exclude_from %{python3_sitearch}/.*\.so$ @@ -10,25 +8,10 @@ %define _hardened_build 1 - %global enable_polkit_rules_option --disable-polkit-rules-path - # Determine the location of the LDB modules directory %global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) %global ldb_version 1.2.0 - %global with_cifs_utils_plugin 1 - -%global enable_systemtap 1 - %global enable_systemtap_opt --enable-systemtap - - %global with_kcm 1 - - %global with_gdm_pam_extensions 1 - -%if (0%{?fedora} > 28) || (0%{?rhel} > 7) - %global use_openssl 1 -%endif - Name: @PACKAGE_NAME@ Version: @PACKAGE_VERSION@ Release: 0@PRERELEASE_VERSION@%{?dist} @@ -126,12 +109,10 @@ BuildRequires: libuuid-devel BuildRequires: jansson-devel BuildRequires: libcurl-devel BuildRequires: gdm-pam-extensions-devel -%if (0%{?use_openssl} == 1) BuildRequires: p11-kit-devel BuildRequires: openssl-devel BuildRequires: gnutls-utils BuildRequires: softhsm >= 2.1.0 -%endif BuildRequires: openssl BuildRequires: openssh BuildRequires: nss-tools @@ -515,14 +496,11 @@ autoreconf -ivf --with-initscript=systemd \ --with-syslog=journald \ --without-python2-bindings \ -%if (0%{?use_openssl} == 1) --with-crypto=libcrypto \ -%endif --enable-sss-default-nss-plugin \ --enable-files-domain \ --enable-gss-spnego-for-zero-maxssf \ - %{?with_cifs_utils_plugin_option} \ - %{?enable_systemtap_opt} + --enable-systemtap %make_build all docs runstatedir=%{_rundir} @@ -726,9 +704,7 @@ done %attr(750,root,root) %dir %{_var}/log/%{name} %attr(700,root,root) %dir %{_sysconfdir}/sssd %attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d -%if (0%{?use_openssl} == 1) %attr(711,root,root) %dir %{_sysconfdir}/sssd/pki -%endif %ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf %dir %{_sysconfdir}/logrotate.d %config(noreplace) %{_sysconfdir}/logrotate.d/sssd From 38df561245dd607c1fc70fa20ab9241bb267d57f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 25 Jan 2021 12:46:26 +0100 Subject: [PATCH 3/8] spec: keep _strict_symbol_defs_build SSSD now builds fine with -Wl,-z,defs --- contrib/sssd.spec.in | 3 --- 1 file changed, 3 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index afdf55bb7c..488705dde1 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -3,9 +3,6 @@ # we don't want to provide private python extension libs %define __provides_exclude_from %{python3_sitearch}/.*\.so$ -# SSSD fails to build with -Wl,-z,defs -%undefine _strict_symbol_defs_build - %define _hardened_build 1 # Determine the location of the LDB modules directory From ef8b37524182dea99055e6f6ab95a844b7b1a7f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 25 Jan 2021 12:47:08 +0100 Subject: [PATCH 4/8] spec: enable LTO SSSD builds fine with LTO. The only problem was in tests but it is now fixed. --- contrib/sssd.spec.in | 4 ---- 1 file changed, 4 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 488705dde1..dcd965c878 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -468,10 +468,6 @@ for p in %patches ; do done %build -# This package uses -Wl,-wrap to wrap calls at link time. This is incompatible -# with LTO. -# Disable LTO -%define _lto_cflags %{nil} autoreconf -ivf From 117bd83ce0e2ef506361a3896115c004a9afda5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 25 Jan 2021 12:54:44 +0100 Subject: [PATCH 5/8] spec: remove support for NSS We no longer built with NSS. --with-crypto option no longer exist and we don't require these packages anymore. --- contrib/sssd.spec.in | 3 --- 1 file changed, 3 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index dcd965c878..a8797f1c80 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -67,7 +67,6 @@ BuildRequires: dbus-devel BuildRequires: dbus-libs BuildRequires: openldap-devel BuildRequires: pam-devel -BuildRequires: nss-devel BuildRequires: nspr-devel BuildRequires: pcre-devel BuildRequires: libxslt @@ -112,7 +111,6 @@ BuildRequires: gnutls-utils BuildRequires: softhsm >= 2.1.0 BuildRequires: openssl BuildRequires: openssh -BuildRequires: nss-tools %description Provides a set of daemons to manage access to remote directories and @@ -489,7 +487,6 @@ autoreconf -ivf --with-initscript=systemd \ --with-syslog=journald \ --without-python2-bindings \ - --with-crypto=libcrypto \ --enable-sss-default-nss-plugin \ --enable-files-domain \ --enable-gss-spnego-for-zero-maxssf \ From 221f28bdbf686dc6d8b05f88fd154b0723efbc35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 25 Jan 2021 13:35:03 +0100 Subject: [PATCH 6/8] spec: remove --without-python2-bindings Python2 bindings are not built by default anymore. --- contrib/sssd.spec.in | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index a8797f1c80..05cf051232 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -486,7 +486,6 @@ autoreconf -ivf --disable-rpath \ --with-initscript=systemd \ --with-syslog=journald \ - --without-python2-bindings \ --enable-sss-default-nss-plugin \ --enable-files-domain \ --enable-gss-spnego-for-zero-maxssf \ From 9f0d756fbc3aed475eab161cba01264305bbbdc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 25 Jan 2021 13:36:03 +0100 Subject: [PATCH 7/8] spec: sort configure flags for clarity --- contrib/sssd.spec.in | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 05cf051232..d4c5c9c102 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -470,26 +470,27 @@ done autoreconf -ivf %configure \ - --with-test-dir=/dev/shm \ + --disable-rpath \ + --disable-static \ + --enable-files-domain \ + --enable-gss-spnego-for-zero-maxssf \ + --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ + --enable-nsslibdir=%{_libdir} \ + --enable-pammoddir=%{_libdir}/security \ + --enable-sss-default-nss-plugin \ + --enable-systemtap \ --with-db-path=%{dbpath} \ - --with-mcache-path=%{mcpath} \ - --with-pipe-path=%{pipepath} \ - --with-pubconf-path=%{pubconfpath} \ --with-gpo-cache-path=%{gpocachepath} \ --with-init-dir=%{_initrddir} \ + --with-initscript=systemd \ --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \ + --with-mcache-path=%{mcpath} \ --with-pid-path=%{_rundir} \ - --enable-nsslibdir=%{_libdir} \ - --enable-pammoddir=%{_libdir}/security \ - --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ - --disable-static \ - --disable-rpath \ - --with-initscript=systemd \ + --with-pipe-path=%{pipepath} \ + --with-pubconf-path=%{pubconfpath} \ --with-syslog=journald \ - --enable-sss-default-nss-plugin \ - --enable-files-domain \ - --enable-gss-spnego-for-zero-maxssf \ - --enable-systemtap + --with-test-dir=/dev/shm \ + %{nil} %make_build all docs runstatedir=%{_rundir} From bfb2ad2e71ca58be2ca8968852dbd6b4b1bb6f9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 25 Jan 2021 13:36:37 +0100 Subject: [PATCH 8/8] spec: sort BuildRequires for clarity --- contrib/sssd.spec.in | 96 ++++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index d4c5c9c102..2ac025efb5 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -49,68 +49,68 @@ Suggests: sssd-dbus = %{version}-%{release} ### Build Dependencies ### -BuildRequires: make BuildRequires: autoconf BuildRequires: automake -BuildRequires: libtool -BuildRequires: m4 -BuildRequires: gcc -BuildRequires: popt-devel -BuildRequires: libtalloc-devel -BuildRequires: libtevent-devel -BuildRequires: libtdb-devel -BuildRequires: libldb-devel >= %{ldb_version} -BuildRequires: libdhash-devel >= 0.4.2 -BuildRequires: libcollection-devel -BuildRequires: libini_config-devel >= 1.1 +BuildRequires: bind-utils +BuildRequires: c-ares-devel +BuildRequires: check-devel +BuildRequires: cifs-utils-devel BuildRequires: dbus-devel BuildRequires: dbus-libs -BuildRequires: openldap-devel -BuildRequires: pam-devel -BuildRequires: nspr-devel -BuildRequires: pcre-devel -BuildRequires: libxslt -BuildRequires: libxml2 +BuildRequires: diffstat BuildRequires: docbook-style-xsl -BuildRequires: krb5-devel -BuildRequires: c-ares-devel -BuildRequires: python3-devel -BuildRequires: check-devel BuildRequires: doxygen -BuildRequires: libselinux-devel -BuildRequires: libsemanage-devel -BuildRequires: bind-utils -BuildRequires: keyutils-libs-devel -BuildRequires: gettext-devel -BuildRequires: pkgconfig -BuildRequires: diffstat BuildRequires: findutils +BuildRequires: gcc +BuildRequires: gdm-pam-extensions-devel +BuildRequires: gettext-devel BuildRequires: glib2-devel -BuildRequires: selinux-policy-targeted +BuildRequires: gnutls-utils +BuildRequires: http-parser-devel +BuildRequires: jansson-devel +BuildRequires: keyutils-libs-devel +BuildRequires: krb5-devel BuildRequires: libcmocka-devel >= 1.0.0 -BuildRequires: uid_wrapper -BuildRequires: nss_wrapper -BuildRequires: pam_wrapper -BuildRequires: libnl3-devel -BuildRequires: systemd-devel -BuildRequires: systemd -BuildRequires: cifs-utils-devel +BuildRequires: libcollection-devel +BuildRequires: libcurl-devel +BuildRequires: libdhash-devel >= 0.4.2 +BuildRequires: libini_config-devel >= 1.1 +BuildRequires: libldb-devel >= %{ldb_version} BuildRequires: libnfsidmap-devel -BuildRequires: samba4-devel +BuildRequires: libnl3-devel +BuildRequires: libselinux-devel +BuildRequires: libsemanage-devel BuildRequires: libsmbclient-devel -BuildRequires: samba-winbind -BuildRequires: systemtap-sdt-devel -BuildRequires: http-parser-devel +BuildRequires: libtalloc-devel +BuildRequires: libtdb-devel +BuildRequires: libtevent-devel +BuildRequires: libtool BuildRequires: libuuid-devel -BuildRequires: jansson-devel -BuildRequires: libcurl-devel -BuildRequires: gdm-pam-extensions-devel -BuildRequires: p11-kit-devel +BuildRequires: libxml2 +BuildRequires: libxslt +BuildRequires: m4 +BuildRequires: make +BuildRequires: nspr-devel +BuildRequires: nss_wrapper +BuildRequires: openldap-devel +BuildRequires: openssh +BuildRequires: openssl BuildRequires: openssl-devel -BuildRequires: gnutls-utils +BuildRequires: p11-kit-devel +BuildRequires: pam_wrapper +BuildRequires: pam-devel +BuildRequires: pcre-devel +BuildRequires: pkgconfig +BuildRequires: popt-devel +BuildRequires: python3-devel +BuildRequires: samba-winbind +BuildRequires: samba4-devel +BuildRequires: selinux-policy-targeted BuildRequires: softhsm >= 2.1.0 -BuildRequires: openssl -BuildRequires: openssh +BuildRequires: systemd +BuildRequires: systemd-devel +BuildRequires: systemtap-sdt-devel +BuildRequires: uid_wrapper %description Provides a set of daemons to manage access to remote directories and
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org