URL: https://github.com/SSSD/sssd/pull/5474
Author: pbrezina
Title: #5474: spec: synchronize with Fedora 34 spec file
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5474/head:pr5474
git checkout pr5474
From 193411c13461876a9c371fe08db5ae7ee034c693 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 21 Jan 2021 13:38:03 +0100
Subject: [PATCH 01/17] spec: synchronize with Fedora 34 spec file
---
contrib/sssd.spec.in | 791 +++++++++----------------------------------
1 file changed, 154 insertions(+), 637 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index f7e5ce1332..6fb573ded2 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1,167 +1,49 @@
-# SSSD is running as root user by default.
-# Set --with sssd_user or bcond_without to run SSSD as non-root user(sssd).
-%bcond_with sssd_user
+# SSSD SPEC file for Fedora 34+ and RHEL-9+
-%global rhel6_minor %(%{__grep} -o "6\\.[0-9]*" /etc/redhat-release |%{__sed} -s 's/6.//')
-%global rhel7_minor %(%{__grep} -o "7\\.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//')
+%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//')
-%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
-
-%if 0%{?rhel} && 0%{?rhel} <= 6
-%{!?__python2: %global __python2 /usr/bin/python2}
-%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
-%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
-%endif
-
-%{!?python_provide: %global need_python_provide 1}
-%if 0%{?need_python_provide}
-%define python_provide() %{lua:
- function string.starts(String, Start)
- return string.sub(String, 1, string.len(Start)) == Start
- end
- package = rpm.expand("%{?1:%{1}}");
- vr = rpm.expand("%{?epoch:%{epoch}:}%{version}-%{release}")
- if (string.starts(package, "python2-")) then
- if (rpm.expand("%{?buildarch}") ~= "noarch") then
- str = "Provides: python-" ..
- string.sub(package, 9, string.len(package)) ..
- "%{?_isa} = " .. vr;
- print(rpm.expand(str));
- end
- print("\\nProvides: python-");
- print(string.sub(package, 9, string.len(package)));
- print(" = ");
- print(vr);
- --Obsoleting the previous default python package
- if (rpm.expand("%{?buildarch}") ~= "noarch") then
- str = "\\nObsoletes: python-" ..
- string.sub(package, 9, string.len(package)) ..
- "%{?_isa} < " .. vr;
- print(rpm.expand(str));
- end
- print("\\nObsoletes: python-");
- print(string.sub(package, 9, string.len(package)));
- print(" < ");
- print(vr);
- elseif (string.starts(package, "python3-")) then
- --No unversioned provides as python3 is not default
- else
- print("%python_provide: ERROR: ");
- print(package);
- print(" not recognized.");
- end
-}
-%endif
-
-# Fedora and RHEL 6+
# we don't want to provide private python extension libs
-%define __provides_exclude_from %{python2_sitearch}/.*\.so$
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
-# workaround for rpm 4.13
-%define _empty_manifest_terminate_build 0
-
-%if (0%{?fedora} || 0%{?rhel} >= 7)
- %global use_systemd 1
-%endif
+# SSSD fails to build with -Wl,-z,defs
+%undefine _strict_symbol_defs_build
-%if (0%{?fedora} || 0%{?rhel} >= 8)
- %global enable_files_domain 1
-%endif
+%define _hardened_build 1
-# on Fedora and RHEL7 p11_child needs a polkit config snippet to be allowed to
-# talk to pcscd if SSSD runs as unprivileged user
-%if (%{with sssd_user} && (0%{?fedora} || 0%{?rhel} >= 7))
- %global install_pcscd_polkit_rule 1
-%else
%global enable_polkit_rules_option --disable-polkit-rules-path
-%endif
-
-%if (0%{?use_systemd} == 1)
- %global with_initscript --with-initscript=systemd --with-systemdunitdir=%{_unitdir}
- %global with_syslog --with-syslog=journald
-%else
- %global with_initscript --with-initscript=sysv
-%endif
-
-%global enable_experimental 1
-
-%if (0%{?enable_experimental} == 1)
- %global experimental --enable-all-experimental-features
-%endif
# Determine the location of the LDB modules directory
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
+%global ldb_version 1.2.0
-%if (0%{?fedora} || 0%{?rhel} >= 7)
-%define _hardened_build 1
-%endif
-
-%if (0%{?fedora} || 0%{?rhel} >= 7)
%global with_cifs_utils_plugin 1
-%else
- %global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin
-%endif
-
-%if (0%{?fedora} || 0%{?rhel} > 7)
- %global with_python3 1
-%else
- %global with_python3_option --without-python3-bindings
-%endif
-
-%if (0%{?fedora} > 28 || 0%{?rhel} > 7)
- %global with_python2_option --without-python2-bindings
-%else
- %global with_python2 1
- %global with_python2_option --with-python2-bindings
-%endif
%global enable_systemtap 1
-%if (0%{?enable_systemtap} == 1)
%global enable_systemtap_opt --enable-systemtap
-%endif
-
-%global with_secrets 0
-%global with_secret_responder --without-secrets
-%if (0%{?fedora} >= 23 || 0%{?rhel} >= 7)
%global with_kcm 1
- %global with_kcm_option --with-kcm
-%else
- %global with_kcm_option --without-kcm
-%endif
-%if (0%{?fedora} >= 27 || 0%{?rhel} >= 7)
%global with_gdm_pam_extensions 1
-%else
- %global with_gdm_pam_extensions 0
-%endif
-
-# Do not try to detect the idmap version on RHEL6 to avoid conflicts between
-# samba and samba4 package
-%if (0%{?fedora} || 0%{?rhel} >= 7)
- %global detect_idmap_version 1
-%else
- %global with_idmap_version --with-smb-idmap-interface-version=5
-%endif
-%global with_local_provider 0
-%if (0%{?fedora} <= 28 || 0%{?rhel <= 7})
- %global with_local_provider 1
- %global enable_local_provider --enable-local-provider
+%if (0%{?fedora} > 28) || (0%{?rhel} > 7)
+ %global use_openssl 1
%endif
Name: @PACKAGE_NAME@
Version: @PACKAGE_VERSION@
Release: 0@PRERELEASE_VERSION@%{?dist}
-Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
-URL: https://github.com/SSSD/sssd
-Source0: %{name}-%{version}.tar.gz
-BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+URL: https://github.com/SSSD/sssd/
+Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
### Patches ###
+# Place your patches here:
+# Patch0001: 0001-patch-file.patch
+
+### Downstream only patches ###
+# Place your downstream only patches here:
+# Patch0901: 0901-downstream-only-patch-file.patch
### Dependencies ###
@@ -170,15 +52,9 @@ Requires: sssd-ldap = %{version}-%{release}
Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ipa = %{version}-%{release}
Requires: sssd-ad = %{version}-%{release}
-Requires: sssd-proxy = %{version}-%{release}
-%if (0%{?with_python3} == 1)
-Requires: python3-sssdconfig = %{version}-%{release}
-%else
-Requires: python2-sssdconfig = %{version}-%{release}
-%endif
-%if (0%{?fedora} >= 30 || 0%{?rhel} >= 8)
-Recommends: logrotate
-%endif
+Recommends: sssd-proxy = %{version}-%{release}
+Suggests: python3-sssdconfig = %{version}-%{release}
+Suggests: sssd-dbus = %{version}-%{release}
%global servicename sssd
%global sssdstatedir %{_localstatedir}/lib/sss
@@ -203,7 +79,7 @@ BuildRequires: popt-devel
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libtdb-devel
-BuildRequires: libldb-devel
+BuildRequires: libldb-devel >= %{ldb_version}
BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libcollection-devel
BuildRequires: libini_config-devel >= 1.1
@@ -211,8 +87,7 @@ BuildRequires: dbus-devel
BuildRequires: dbus-libs
BuildRequires: openldap-devel
BuildRequires: pam-devel
-BuildRequires: p11-kit-devel
-BuildRequires: openssl-devel
+BuildRequires: nss-devel
BuildRequires: nspr-devel
BuildRequires: pcre-devel
BuildRequires: libxslt
@@ -220,12 +95,7 @@ BuildRequires: libxml2
BuildRequires: docbook-style-xsl
BuildRequires: krb5-devel
BuildRequires: c-ares-devel
-%if (0%{?with_python2} == 1)
-BuildRequires: python2-devel
-%endif
-%if (0%{?with_python3} == 1)
BuildRequires: python3-devel
-%endif
BuildRequires: check-devel
BuildRequires: doxygen
BuildRequires: libselinux-devel
@@ -234,106 +104,79 @@ BuildRequires: bind-utils
BuildRequires: keyutils-libs-devel
BuildRequires: gettext-devel
BuildRequires: pkgconfig
+BuildRequires: diffstat
BuildRequires: findutils
BuildRequires: glib2-devel
BuildRequires: selinux-policy-targeted
-%if (0%{?fedora} || 0%{?epel})
BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: uid_wrapper
BuildRequires: nss_wrapper
BuildRequires: pam_wrapper
-
-# p11tool from the gnutls-utils package and softhsm2-util from the softhsm package
-# are needed to prepare the data needed for the p11_child Smartcard tests.
-# Since p11_child only looks at slots with are flagged as 'removable'
-# softhsm version 2.1.0 or higher is needed.
-BuildRequires: gnutls-utils
-BuildRequires: softhsm >= 2.1.0
-
-BuildRequires: openssl
-BuildRequires: openssh
-%endif
BuildRequires: libnl3-devel
-%if (0%{?use_systemd} == 1)
BuildRequires: systemd-devel
BuildRequires: systemd
-%endif
-%if (0%{?with_cifs_utils_plugin} == 1)
BuildRequires: cifs-utils-devel
-%endif
-%if (0%{?fedora} || (0%{?rhel} >= 7))
BuildRequires: libnfsidmap-devel
-%else
-BuildRequires: nfs-utils-lib-devel
-%endif
-
-BuildRequires: samba-devel
+BuildRequires: samba4-devel
BuildRequires: libsmbclient-devel
-%if (0%{?detect_idmap_version} == 1)
BuildRequires: samba-winbind
-%endif
-
-%if (0%{?enable_systemtap} == 1)
BuildRequires: systemtap-sdt-devel
-%endif
-%if (0%{?with_secrets} == 1)
BuildRequires: http-parser-devel
-BuildRequires: libcurl-devel
-%endif
-%if (0%{?with_kcm} == 1)
BuildRequires: libuuid-devel
-%endif
-%if (0%{?with_secrets} == 1 || 0%{?with_kcm} == 1)
BuildRequires: jansson-devel
-%endif
-%if (0%{?with_gdm_pam_extensions} == 1)
+BuildRequires: libcurl-devel
BuildRequires: gdm-pam-extensions-devel
+%if (0%{?use_openssl} == 1)
+BuildRequires: p11-kit-devel
+BuildRequires: openssl-devel
+BuildRequires: gnutls-utils
+BuildRequires: softhsm >= 2.1.0
%endif
+BuildRequires: openssl
+BuildRequires: openssh
+BuildRequires: nss-tools
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
-the system and a pluggable backend system to connect to multiple different
+the system and a plug-gable back-end system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
-The sssd subpackage is a meta-package that contains the daemon as well as all
+The sssd sub-package is a meta-package that contains the daemon as well as all
the existing back ends.
%package common
Summary: Common files for the SSSD
-Group: Applications/System
License: GPLv3+
+# Conflicts
+Conflicts: selinux-policy < 3.10.0-46
+Conflicts: sssd < 1.10.0-8%{?dist}.beta2
+# Requires
+# due to ABI changes in 1.1.30/1.2.0
+Requires: libldb >= %{ldb_version}
Requires: sssd-client%{?_isa} = %{version}-%{release}
-Requires: libsss_sudo = %{version}-%{release}
-Requires: libsss_autofs%{?_isa} = %{version}-%{release}
+Recommends: libsss_sudo = %{version}-%{release}
+Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
+Recommends: sssd-nfs-idmap = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
-Conflicts: sssd < %{version}-%{release}
-%if (0%{?use_systemd} == 1)
%{?systemd_requires}
-%else
-Requires(post): initscripts chkconfig
-Requires(preun): initscripts chkconfig
-Requires(postun): initscripts chkconfig
-%endif
### Provides ###
Provides: libsss_sudo-devel = %{version}-%{release}
-Obsoletes: libsss_sudo-devel <= 1.9.93
+Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
%description common
Common files for the SSSD. The common package includes all the files needed
to run a particular back end, however, the back ends are packaged in separate
-subpackages such as sssd-ldap.
+sub-packages such as sssd-ldap.
%package client
Summary: SSSD Client libraries for NSS and PAM
-Group: Applications/System
License: LGPLv3+
-Requires: libsss_nss_idmap = %{version}-%{release}
-Requires: libsss_idmap = %{version}-%{release}
Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
+Requires(post): /usr/sbin/alternatives
+Requires(preun): /usr/sbin/alternatives
%description client
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
@@ -341,42 +184,28 @@ service.
%package -n libsss_sudo
Summary: A library to allow communication between SUDO and SSSD
-Group: Development/Libraries
License: LGPLv3+
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
+Conflicts: sssd-common < %{version}-%{release}
%description -n libsss_sudo
A utility library to allow communication between SUDO and SSSD
%package -n libsss_autofs
Summary: A library to allow communication between Autofs and SSSD
-Group: Development/Libraries
License: LGPLv3+
+Conflicts: sssd-common < %{version}-%{release}
%description -n libsss_autofs
A utility library to allow communication between Autofs and SSSD
%package tools
Summary: Userspace tools for use with the SSSD
-Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
-Requires: libsss_simpleifp = %{version}-%{release}
# required by sss_obfuscate
-%if (0%{?with_python3} == 1)
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
-%else
-Requires: python2-sss = %{version}-%{release}
-Requires: python2-sssdconfig = %{version}-%{release}
-%endif
-%if (0%{?use_systemd} == 0)
-Requires: /sbin/service
-%endif
-%if (0%{?fedora} >= 30 || 0%{?rhel} >= 8)
Recommends: sssd-dbus
-%endif
%description tools
Provides userspace tools for manipulating users, groups, and nested groups in
@@ -388,51 +217,17 @@ Also provides several other administrative tools:
* sss_obfuscate for generating an obfuscated LDAP password
* sssctl -- an sssd status and control utility
-%if (0%{?with_python2} == 1)
-%package -n python2-sssdconfig
-Summary: SSSD and IPA configuration file manipulation classes and functions
-Group: Applications/System
-License: GPLv3+
-BuildArch: noarch
-%{?python_provide:%python_provide python2-sssdconfig}
-
-%description -n python2-sssdconfig
-Provides python2 files for manipulation SSSD and IPA configuration files.
-%endif
-
-%if (0%{?with_python3} == 1)
%package -n python3-sssdconfig
Summary: SSSD and IPA configuration file manipulation classes and functions
-Group: Applications/System
License: GPLv3+
BuildArch: noarch
%{?python_provide:%python_provide python3-sssdconfig}
%description -n python3-sssdconfig
Provides python3 files for manipulation SSSD and IPA configuration files.
-%endif
-
-%if (0%{?with_python2} == 1)
-%package -n python2-sss
-Summary: Python2 bindings for sssd
-Group: Development/Libraries
-License: LGPLv3+
-Requires: sssd-common = %{version}-%{release}
-%{?python_provide:%python_provide python2-sss}
-%description -n python2-sss
-Provides python2 module for manipulating users, groups, and nested groups in
-SSSD when using id_provider = local in /etc/sssd/sssd.conf.
-
-Also provides several other useful python2 bindings:
- * function for retrieving list of groups user belongs to.
- * class for obfuscation of passwords
-%endif
-
-%if (0%{?with_python3} == 1)
%package -n python3-sss
Summary: Python3 bindings for sssd
-Group: Development/Libraries
License: LGPLv3+
Requires: sssd-common = %{version}-%{release}
%{?python_provide:%python_provide python3-sss}
@@ -444,38 +239,21 @@ SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other useful python3 bindings:
* function for retrieving list of groups user belongs to.
* class for obfuscation of passwords
-%endif
-%if (0%{?with_python2} == 1)
-%package -n python2-sss-murmur
-Summary: Python2 bindings for murmur hash function
-Group: Development/Libraries
-License: LGPLv3+
-%{?python_provide:%python_provide python2-sss-murmur}
-
-%description -n python2-sss-murmur
-Provides python2 module for calculating the murmur hash version 3
-%endif
-
-%if (0%{?with_python3} == 1)
%package -n python3-sss-murmur
Summary: Python3 bindings for murmur hash function
-Group: Development/Libraries
License: LGPLv3+
%{?python_provide:%python_provide python3-sss-murmur}
%description -n python3-sss-murmur
Provides python3 module for calculating the murmur hash version 3
-%endif
%package ldap
Summary: The LDAP back end of the SSSD
-Group: Applications/System
License: GPLv3+
-Conflicts: sssd < %{version}-%{release}
+Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
-Requires: libsss_idmap = %{version}-%{release}
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch identity data
@@ -483,10 +261,9 @@ from and authenticate against an LDAP server.
%package krb5-common
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
-Group: Applications/System
License: GPLv3+
-Conflicts: sssd < %{version}-%{release}
-Requires: cyrus-sasl-gssapi
+Conflicts: sssd < 1.10.0-8.beta2
+Requires: cyrus-sasl-gssapi%{?_isa}
Requires: sssd-common = %{version}-%{release}
%description krb5-common
@@ -495,9 +272,8 @@ Kerberos user or host authentication.
%package krb5
Summary: The Kerberos authentication back end for the SSSD
-Group: Applications/System
License: GPLv3+
-Conflicts: sssd < %{version}-%{release}
+Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
@@ -507,10 +283,8 @@ against a Kerberos server.
%package common-pac
Summary: Common files needed for supporting PAC processing
-Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
-Requires: libsss_idmap = %{version}-%{release}
%description common-pac
Provides common files needed by SSSD providers such as IPA and Active Directory
@@ -518,16 +292,13 @@ for handling Kerberos PACs.
%package ipa
Summary: The IPA back end of the SSSD
-Group: Applications/System
License: GPLv3+
-Conflicts: sssd < %{version}-%{release}
-Requires: samba-client-libs >= %{samba_package_version}
+Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
-Requires: libipa_hbac = %{version}-%{release}
-Requires: bind-utils
+Requires: libipa_hbac%{?_isa} = %{version}-%{release}
+Recommends: bind-utils
Requires: sssd-common-pac = %{version}-%{release}
-Requires: libsss_idmap = %{version}-%{release}
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity data
@@ -535,15 +306,14 @@ from and authenticate against an IPA server.
%package ad
Summary: The AD back end of the SSSD
-Group: Applications/System
License: GPLv3+
-Conflicts: sssd < %{version}-%{release}
-Requires: samba-client-libs >= %{samba_package_version}
+Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
-Requires: libsss_idmap = %{version}-%{release}
-Requires: bind-utils
+Recommends: bind-utils
+Recommends: adcli
+Suggests: sssd-winbind-idmap = %{version}-%{release}
%description ad
Provides the Active Directory back end that the SSSD can utilize to fetch
@@ -551,9 +321,8 @@ identity data from and authenticate against an Active Directory server.
%package proxy
Summary: The proxy back end of the SSSD
-Group: Applications/System
License: GPLv3+
-Conflicts: sssd < %{version}-%{release}
+Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
%description proxy
@@ -562,61 +331,36 @@ PAM modules to leverage SSSD caching.
%package -n libsss_idmap
Summary: FreeIPA Idmap library
-Group: Development/Libraries
License: LGPLv3+
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
%description -n libsss_idmap
-Utility library to convert SIDs to UNIX UIDs and GIDs
+Utility library to convert SIDs to Unix uids and gids
%package -n libsss_idmap-devel
Summary: FreeIPA Idmap library
-Group: Development/Libraries
License: LGPLv3+
Requires: libsss_idmap = %{version}-%{release}
%description -n libsss_idmap-devel
-Utility library to SIDs to UNIX UIDs and GIDs
+Utility library to SIDs to Unix uids and gids
%package -n libipa_hbac
Summary: FreeIPA HBAC Evaluator library
-Group: Development/Libraries
License: LGPLv3+
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
%description -n libipa_hbac
Utility library to validate FreeIPA HBAC rules for authorization requests
%package -n libipa_hbac-devel
Summary: FreeIPA HBAC Evaluator library
-Group: Development/Libraries
License: LGPLv3+
Requires: libipa_hbac = %{version}-%{release}
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization requests
-%if (0%{?with_python2} == 1)
-%package -n python2-libipa_hbac
-Summary: Python2 bindings for the FreeIPA HBAC Evaluator library
-Group: Development/Libraries
-License: LGPLv3+
-Requires: libipa_hbac = %{version}-%{release}
-Provides: libipa_hbac-python = %{version}-%{release}
-Obsoletes: libipa_hbac-python < 1.12.90
-%{?python_provide:%python_provide python2-libipa_hbac}
-
-%description -n python2-libipa_hbac
-The python2-libipa_hbac contains the bindings so that libipa_hbac can be
-used by Python applications.
-%endif
-
-%if (0%{?with_python3} == 1)
%package -n python3-libipa_hbac
Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
-Group: Development/Libraries
License: LGPLv3+
Requires: libipa_hbac = %{version}-%{release}
%{?python_provide:%python_provide python3-libipa_hbac}
@@ -624,46 +368,24 @@ Requires: libipa_hbac = %{version}-%{release}
%description -n python3-libipa_hbac
The python3-libipa_hbac contains the bindings so that libipa_hbac can be
used by Python applications.
-%endif
%package -n libsss_nss_idmap
Summary: Library for SID and certificate based lookups
-Group: Development/Libraries
License: LGPLv3+
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
%description -n libsss_nss_idmap
Utility library for SID and certificate based lookups
%package -n libsss_nss_idmap-devel
Summary: Library for SID and certificate based lookups
-Group: Development/Libraries
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
%description -n libsss_nss_idmap-devel
Utility library for SID and certificate based lookups
-%if (0%{?with_python2} == 1)
-%package -n python2-libsss_nss_idmap
-Summary: Python2 bindings for libsss_nss_idmap
-Group: Development/Libraries
-License: LGPLv3+
-Requires: libsss_nss_idmap = %{version}-%{release}
-Provides: libsss_nss_idmap-python = %{version}-%{release}
-Obsoletes: libsss_nss_idmap-python < 1.12.90
-%{?python_provide:%python_provide python2-libsss_nss_idmap}
-
-%description -n python2-libsss_nss_idmap
-The python2-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
-be used by Python applications.
-%endif
-
-%if (0%{?with_python3} == 1)
%package -n python3-libsss_nss_idmap
Summary: Python3 bindings for libsss_nss_idmap
-Group: Development/Libraries
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
%{?python_provide:%python_provide python3-libsss_nss_idmap}
@@ -671,11 +393,9 @@ Requires: libsss_nss_idmap = %{version}-%{release}
%description -n python3-libsss_nss_idmap
The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
be used by Python applications.
-%endif
%package dbus
Summary: The D-Bus responder of the SSSD
-Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%{?systemd_requires}
@@ -684,33 +404,16 @@ Requires: sssd-common = %{version}-%{release}
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
the information from the SSSD to be transmitted over the system bus.
-%if (0%{?install_pcscd_polkit_rule} == 1)
-%package polkit-rules
-Summary: Rules for polkit integration for SSSD
-Group: Applications/System
-License: GPLv3+
-Requires: polkit >= 0.106
-Requires: sssd-common = %{version}-%{release}
-
-%description polkit-rules
-Provides rules for polkit integration with SSSD. This is required
-for smartcard support.
-%endif
-
%package -n libsss_simpleifp
Summary: The SSSD D-Bus responder helper library
-Group: Development/Libraries
License: GPLv3+
Requires: sssd-dbus = %{version}-%{release}
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
%description -n libsss_simpleifp
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package -n libsss_simpleifp-devel
Summary: The SSSD D-Bus responder helper library
-Group: Development/Libraries
License: GPLv3+
Requires: dbus-devel
Requires: libsss_simpleifp = %{version}-%{release}
@@ -720,10 +423,8 @@ Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package winbind-idmap
Summary: SSSD's idmap_sss Backend for Winbind
-Group: Applications/System
License: GPLv3+ and LGPLv3+
-Requires: libsss_nss_idmap = %{version}-%{release}
-Requires: libsss_idmap = %{version}-%{release}
+Conflicts: sssd-common < %{version}-%{release}
%description winbind-idmap
The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
@@ -731,8 +432,8 @@ and SIDs.
%package nfs-idmap
Summary: SSSD plug-in for NFSv4 rpc.idmapd
-Group: Applications/System
License: GPLv3+
+Conflicts: sssd-common < %{version}-%{release}
%description nfs-idmap
The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map
@@ -741,27 +442,22 @@ UIDs/GIDs to names and vice versa. It can be also used for mapping principal
%package -n libsss_certmap
Summary: SSSD Certificate Mapping Library
-Group: Development/Libraries
License: LGPLv3+
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
+Conflicts: sssd-common < %{version}-%{release}
%description -n libsss_certmap
Library to map certificates to users based on rules
%package -n libsss_certmap-devel
Summary: SSSD Certificate Mapping Library
-Group: Development/Libraries
License: LGPLv3+
Requires: libsss_certmap = %{version}-%{release}
%description -n libsss_certmap-devel
Library to map certificates to users based on rules
-%if (0%{?with_kcm} == 1)
%package kcm
Summary: An implementation of a Kerberos KCM server
-Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%{?systemd_requires}
@@ -769,12 +465,36 @@ Requires: sssd-common = %{version}-%{release}
%description kcm
An implementation of a Kerberos KCM server. Use this package if you want to
use the KCM: Kerberos credentials cache.
-%endif
%prep
-%setup -q -n %{name}-%{version}
+# Update timestamps on the files touched by a patch, to avoid non-equal
+# .pyc/.pyo files across the multilib peers within a build, where "Level"
+# is the patch prefix option (e.g. -p1)
+# Taken from specfile for python-simplejson
+UpdateTimestamps() {
+ Level=$1
+ PatchFile=$2
+
+ # Locate the affected files:
+ for f in $(diffstat $Level -l $PatchFile); do
+ # Set the files to have the same timestamp as that of the patch:
+ touch -r $PatchFile $f
+ done
+}
+
+%setup -q
+
+for p in %patches ; do
+ %__patch -p1 -i $p
+ UpdateTimestamps -p1 $p
+done
%build
+# This package uses -Wl,-wrap to wrap calls at link time. This is incompatible
+# with LTO.
+# Disable LTO
+%define _lto_cflags %{nil}
+
autoreconf -ivf
%configure \
@@ -786,46 +506,36 @@ autoreconf -ivf
--with-gpo-cache-path=%{gpocachepath} \
--with-init-dir=%{_initrddir} \
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
- --enable-nsslibdir=/%{_lib} \
- --enable-pammoddir=/%{_lib}/security \
+ --with-pid-path=%{_rundir} \
+ --enable-nsslibdir=%{_libdir} \
+ --enable-pammoddir=%{_libdir}/security \
--enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
--disable-static \
--disable-rpath \
-%if %{with sssd_user}
- --with-sssd-user=sssd \
+ --with-initscript=systemd \
+ --with-syslog=journald \
+ --without-python2-bindings \
+%if (0%{?use_openssl} == 1)
+ --with-crypto=libcrypto \
%endif
-%if (0%{?enable_files_domain} == 1)
+ --enable-sss-default-nss-plugin \
--enable-files-domain \
-%endif
- %{with_initscript} \
- %{?with_syslog} \
+ --enable-gss-spnego-for-zero-maxssf \
%{?with_cifs_utils_plugin_option} \
- %{?with_python2_option} \
- %{?with_python3_option} \
- %{?enable_polkit_rules_option} \
- %{?enable_systemtap_opt} \
- %{?with_secret_responder} \
- %{?with_kcm_option} \
- %{?with_idmap_version} \
- %{?enable_local_provider} \
- %{?experimental}
+ %{?enable_systemtap_opt}
-make %{?_smp_mflags} all
+%make_build all docs runstatedir=%{_rundir}
-make %{?_smp_mflags} docs
+sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
%check
export CK_TIMEOUT_MULTIPLIER=10
-make %{?_smp_mflags} check VERBOSE=yes
+%make_build check VERBOSE=yes
unset CK_TIMEOUT_MULTIPLIER
%install
-%if (0%{?with_python3} == 1)
-sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
-%endif
-
-make install DESTDIR=$RPM_BUILD_ROOT
+%make_install
# Prepare language files
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
@@ -839,17 +549,13 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
# Kerberos KCM credential cache by default
-%if (0%{?with_kcm} == 1)
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
-%endif
-%if (0%{?with_cifs_utils_plugin} == 1)
# Create directory for cifs-idmap alternative
# Otherwise this directory could not be owned by sssd-client
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
-%endif
# Remove .la files created by libtool
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
@@ -859,19 +565,10 @@ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
# Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd*.lang file
-%if (0%{?with_python2} == 1)
-for file in `ls $RPM_BUILD_ROOT/%{python2_sitelib}/*.egg-info 2> /dev/null`
-do
- echo %{python2_sitelib}/`basename $file` >> python2_sssdconfig.lang
-done
-%endif
-
-%if (0%{?with_python3} == 1)
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
do
echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
done
-%endif
touch sssd.lang
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
@@ -943,15 +640,8 @@ done
echo "sssd.lang:"
cat sssd.lang
-%if (0%{?with_python2} == 1)
-echo "python2_sssdconfig.lang:"
-cat python2_sssdconfig.lang
-%endif
-
-%if (0%{?with_python3} == 1)
echo "python3_sssdconfig.lang:"
cat python3_sssdconfig.lang
-%endif
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
@@ -961,22 +651,13 @@ do
cat $subpackage.lang
done
-# must be defined after last occurrence of package otherwise
-# RPM will overwrite %%license as soon as it parses a License: tag
-%if 0%{?rhel} <= 6
-%define license %doc
-%endif
-
%files
-%defattr(-,root,root,-)
%license COPYING
%files common -f sssd.lang
-%defattr(-,root,root,-)
%license COPYING
%doc src/examples/sssd-example.conf
%{_sbindir}/sssd
-%if (0%{?use_systemd} == 1)
%{_unitdir}/sssd.service
%{_unitdir}/sssd-autofs.socket
%{_unitdir}/sssd-autofs.service
@@ -991,9 +672,6 @@ done
%{_unitdir}/sssd-ssh.service
%{_unitdir}/sssd-sudo.socket
%{_unitdir}/sssd-sudo.service
-%else
-%{_initrddir}/%{name}
-%endif
%dir %{_libexecdir}/%{servicename}
%{_libexecdir}/%{servicename}/sssd_be
@@ -1003,9 +681,7 @@ done
%{_libexecdir}/%{servicename}/sssd_ssh
%{_libexecdir}/%{servicename}/sssd_sudo
%{_libexecdir}/%{servicename}/p11_child
-%if (0%{?use_systemd} == 1)
%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
-%endif
%dir %{_libdir}/%{name}
# The files provider is intentionally packaged in -common
@@ -1021,15 +697,12 @@ done
%{_libdir}/%{name}/libsss_ldap_common.so
%{_libdir}/%{name}/libsss_util.so
%{_libdir}/%{name}/libsss_semanage.so
-%{_libdir}/%{name}/libsss_sbus.so
-%{_libdir}/%{name}/libsss_sbus_sync.so
-%{_libdir}/%{name}/libsss_iface.so
-%{_libdir}/%{name}/libsss_iface_sync.so
%{_libdir}/%{name}/libifp_iface.so
%{_libdir}/%{name}/libifp_iface_sync.so
-%if (0%{?with_secrets} == 1 || 0%{?with_kcm} == 1)
-%{_libdir}/%{name}/libsss_secrets.so
-%endif
+%{_libdir}/%{name}/libsss_iface.so
+%{_libdir}/%{name}/libsss_iface_sync.so
+%{_libdir}/%{name}/libsss_sbus.so
+%{_libdir}/%{name}/libsss_sbus_sync.so
%{ldb_modulesdir}/memberof.so
%{_bindir}/sss_ssh_authorizedkeys
@@ -1039,31 +712,36 @@ done
%dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
-%attr(700,sssd,sssd) %dir %{dbpath}
-%attr(775,sssd,sssd) %dir %{mcpath}
-%attr(751,sssd,sssd) %dir %{deskprofilepath}
-%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
-%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
-%ghost %attr(0664,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
-%attr(755,sssd,sssd) %dir %{pipepath}
-%attr(750,sssd,root) %dir %{pipepath}/private
-%attr(755,sssd,sssd) %dir %{pubconfpath}
-%attr(755,sssd,sssd) %dir %{gpocachepath}
-%attr(750,sssd,sssd) %dir %{_var}/log/%{name}
-%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd
-%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/conf.d
-%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/pki
-%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
+%attr(700,root,root) %dir %{dbpath}
+%attr(775,root,root) %dir %{mcpath}
+%attr(700,root,root) %dir %{secdbpath}
+%attr(751,root,root) %dir %{deskprofilepath}
+%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/passwd
+%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/group
+%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/initgroups
+%attr(755,root,root) %dir %{pipepath}
+%attr(700,root,root) %dir %{pipepath}/private
+%attr(755,root,root) %dir %{pubconfpath}
+%attr(755,root,root) %dir %{gpocachepath}
+%attr(750,root,root) %dir %{_var}/log/%{name}
+%attr(700,root,root) %dir %{_sysconfdir}/sssd
+%attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d
+%if (0%{?use_openssl} == 1)
+%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
+%endif
+%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%dir %{_sysconfdir}/logrotate.d
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
%dir %{_sysconfdir}/rwtab.d
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
%dir %{_datadir}/sssd
-%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
+%{_sysconfdir}/pam.d/sssd-shadowutils
%dir %{_libdir}/%{name}/conf
%{_libdir}/%{name}/conf/sssd.conf
%{_datadir}/sssd/cfg_rules.ini
+%{_datadir}/sssd/sssd.api.conf
+%{_datadir}/sssd/sssd.api.d
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
%{_mandir}/man5/sssd.conf.5*
@@ -1073,7 +751,6 @@ done
%{_mandir}/man5/sssd-session-recording.5*
%{_mandir}/man8/sssd.8*
%{_mandir}/man8/sss_cache.8*
-%if (0%{?enable_systemtap} == 1)
%dir %{_datadir}/sssd/systemtap
%{_datadir}/sssd/systemtap/id_perf.stp
%{_datadir}/sssd/systemtap/nested_group_perf.stp
@@ -1084,77 +761,60 @@ done
%{_datadir}/systemtap/tapset/sssd.stp
%{_datadir}/systemtap/tapset/sssd_functions.stp
%{_mandir}/man5/sssd-systemtap.5*
-%endif
-%if (0%{?install_pcscd_polkit_rule} == 1)
-%files polkit-rules
-%{_datadir}/polkit-1/rules.d/*
-%endif
%files ldap -f sssd_ldap.lang
-%defattr(-,root,root,-)
%license COPYING
%{_libdir}/%{name}/libsss_ldap.so
%{_mandir}/man5/sssd-ldap.5*
%{_mandir}/man5/sssd-ldap-attributes.5*
%files krb5-common
-%defattr(-,root,root,-)
%license COPYING
-%attr(755,sssd,sssd) %dir %{pubconfpath}/krb5.include.d
-%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child
-%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child
+%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
+%{_libexecdir}/%{servicename}/ldap_child
+%{_libexecdir}/%{servicename}/krb5_child
%files krb5 -f sssd_krb5.lang
-%defattr(-,root,root,-)
%license COPYING
%{_libdir}/%{name}/libsss_krb5.so
%{_mandir}/man5/sssd-krb5.5*
%files common-pac
-%defattr(-,root,root,-)
%license COPYING
%{_libexecdir}/%{servicename}/sssd_pac
%files ipa -f sssd_ipa.lang
-%defattr(-,root,root,-)
%license COPYING
-%attr(700,sssd,sssd) %dir %{keytabdir}
+%attr(700,root,root) %dir %{keytabdir}
%{_libdir}/%{name}/libsss_ipa.so
-%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child
+%{_libexecdir}/%{servicename}/selinux_child
%{_mandir}/man5/sssd-ipa.5*
%files ad -f sssd_ad.lang
-%defattr(-,root,root,-)
%license COPYING
%{_libdir}/%{name}/libsss_ad.so
%{_libexecdir}/%{servicename}/gpo_child
%{_mandir}/man5/sssd-ad.5*
%files proxy
-%defattr(-,root,root,-)
%license COPYING
-%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/proxy_child
+%{_libexecdir}/%{servicename}/proxy_child
%{_libdir}/%{name}/libsss_proxy.so
%files dbus -f sssd_dbus.lang
-%defattr(-,root,root,-)
%license COPYING
%{_libexecdir}/%{servicename}/sssd_ifp
%{_mandir}/man5/sssd-ifp.5*
-%if (0%{?use_systemd} == 1)
%{_unitdir}/sssd-ifp.service
-%endif
# InfoPipe DBus plumbing
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
%files -n libsss_simpleifp
-%defattr(-,root,root,-)
%{_libdir}/libsss_simpleifp.so.*
%files -n libsss_simpleifp-devel
-%defattr(-,root,root,-)
%doc sss_simpleifp_doc/html
%{_includedir}/sss_sifp.h
%{_includedir}/sss_sifp_dbus.h
@@ -1162,19 +822,16 @@ done
%{_libdir}/pkgconfig/sss_simpleifp.pc
%files client -f sssd_client.lang
-%defattr(-,root,root,-)
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
-/%{_lib}/libnss_sss.so.2
-/%{_lib}/security/pam_sss.so
-/%{_lib}/security/pam_sss_gss.so
+%{_libdir}/libnss_sss.so.2
+%{_libdir}/security/pam_sss.so
+%{_libdir}/security/pam_sss_gss.so
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
-%if (0%{?with_cifs_utils_plugin} == 1)
%dir %{_libdir}/cifs-utils
%{_libdir}/cifs-utils/cifs_idmap_sss.so
%dir %{_sysconfdir}/cifs-utils
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
-%endif
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/modules
%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
@@ -1183,153 +840,74 @@ done
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%files -n libsss_sudo
-%defattr(-,root,root,-)
%license src/sss_client/COPYING
%{_libdir}/libsss_sudo.so*
%files -n libsss_autofs
-%defattr(-,root,root,-)
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%dir %{_libdir}/%{name}/modules
%{_libdir}/%{name}/modules/libsss_autofs.so
%files tools -f sssd_tools.lang
-%defattr(-,root,root,-)
%license COPYING
-%if (0%{with_local_provider} == 1)
-%{_sbindir}/sss_useradd
-%{_sbindir}/sss_userdel
-%{_sbindir}/sss_usermod
-%{_sbindir}/sss_groupadd
-%{_sbindir}/sss_groupdel
-%{_sbindir}/sss_groupmod
-%{_sbindir}/sss_groupshow
-%endif
%{_sbindir}/sss_obfuscate
%{_sbindir}/sss_override
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed
%{_sbindir}/sssctl
-%if (0%{with_local_provider} == 1)
-%{_mandir}/man8/sss_groupadd.8*
-%{_mandir}/man8/sss_groupdel.8*
-%{_mandir}/man8/sss_groupmod.8*
-%{_mandir}/man8/sss_groupshow.8*
-%{_mandir}/man8/sss_useradd.8*
-%{_mandir}/man8/sss_userdel.8*
-%{_mandir}/man8/sss_usermod.8*
-%endif
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_override.8*
%{_mandir}/man8/sss_debuglevel.8*
%{_mandir}/man8/sss_seed.8*
%{_mandir}/man8/sssctl.8*
-%if (0%{?with_python2} == 1)
-%files -n python2-sssdconfig -f python2_sssdconfig.lang
-%defattr(-,root,root,-)
-%dir %{python2_sitelib}/SSSDConfig
-%{python2_sitelib}/SSSDConfig/*.py*
-%dir %{_datadir}/sssd
-%{_datadir}/sssd/sssd.api.conf
-%{_datadir}/sssd/sssd.api.d
-%endif
-
-%if (0%{?with_python3} == 1)
%files -n python3-sssdconfig -f python3_sssdconfig.lang
-%defattr(-,root,root,-)
%dir %{python3_sitelib}/SSSDConfig
%{python3_sitelib}/SSSDConfig/*.py*
%dir %{python3_sitelib}/SSSDConfig/__pycache__
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
-%dir %{_datadir}/sssd
-%{_datadir}/sssd/sssd.api.conf
-%{_datadir}/sssd/sssd.api.d
-%endif
-
-%if (0%{?with_python2} == 1)
-%files -n python2-sss
-%defattr(-,root,root,-)
-%{python2_sitearch}/pysss.so
-%endif
-%if (0%{?with_python3} == 1)
%files -n python3-sss
-%defattr(-,root,root,-)
%{python3_sitearch}/pysss.so
-%endif
-%if (0%{?with_python2} == 1)
-%files -n python2-sss-murmur
-%defattr(-,root,root,-)
-%{python2_sitearch}/pysss_murmur.so
-%endif
-
-%if (0%{?with_python3} == 1)
%files -n python3-sss-murmur
-%defattr(-,root,root,-)
%{python3_sitearch}/pysss_murmur.so
-%endif
%files -n libsss_idmap
-%defattr(-,root,root,-)
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_idmap.so.*
%files -n libsss_idmap-devel
-%defattr(-,root,root,-)
%doc idmap_doc/html
%{_includedir}/sss_idmap.h
%{_libdir}/libsss_idmap.so
%{_libdir}/pkgconfig/sss_idmap.pc
%files -n libipa_hbac
-%defattr(-,root,root,-)
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libipa_hbac.so.*
%files -n libipa_hbac-devel
-%defattr(-,root,root,-)
%doc hbac_doc/html
%{_includedir}/ipa_hbac.h
%{_libdir}/libipa_hbac.so
%{_libdir}/pkgconfig/ipa_hbac.pc
%files -n libsss_nss_idmap
-%defattr(-,root,root,-)
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_nss_idmap.so.*
%files -n libsss_nss_idmap-devel
-%defattr(-,root,root,-)
%doc nss_idmap_doc/html
%{_includedir}/sss_nss_idmap.h
%{_libdir}/libsss_nss_idmap.so
%{_libdir}/pkgconfig/sss_nss_idmap.pc
-%if (0%{?with_python2} == 1)
-%files -n python2-libsss_nss_idmap
-%defattr(-,root,root,-)
-%{python2_sitearch}/pysss_nss_idmap.so
-%endif
-
-%if (0%{?with_python3} == 1)
%files -n python3-libsss_nss_idmap
-%defattr(-,root,root,-)
%{python3_sitearch}/pysss_nss_idmap.so
-%endif
-%if (0%{?with_python2} == 1)
-%files -n python2-libipa_hbac
-%defattr(-,root,root,-)
-%{python2_sitearch}/pyhbac.so
-%endif
-
-%if (0%{?with_python3} == 1)
%files -n python3-libipa_hbac
-%defattr(-,root,root,-)
%{python3_sitearch}/pyhbac.so
-%endif
%files winbind-idmap -f sssd_winbind_idmap.lang
%dir %{_libdir}/samba/idmap
@@ -1341,44 +919,26 @@ done
%{_libdir}/libnfsidmap/sss.so
%files -n libsss_certmap -f libsss_certmap.lang
-%defattr(-,root,root,-)
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_certmap.so.*
%{_mandir}/man5/sss-certmap.5*
%files -n libsss_certmap-devel
-%defattr(-,root,root,-)
%doc certmap_doc/html
%{_includedir}/sss_certmap.h
%{_libdir}/libsss_certmap.so
%{_libdir}/pkgconfig/sss_certmap.pc
-%if (0%{?with_kcm} == 1)
%files kcm -f sssd_kcm.lang
-%attr(700,root,root) %dir %{secdbpath}
%{_libexecdir}/%{servicename}/sssd_kcm
-%if (0%{?with_secrets} == 1)
-%{_libexecdir}/%{servicename}/sssd_secrets
-%endif
%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
%dir %{_datadir}/sssd-kcm
%{_datadir}/sssd-kcm/kcm_default_ccache
%{_unitdir}/sssd-kcm.socket
%{_unitdir}/sssd-kcm.service
%{_mandir}/man8/sssd-kcm.8*
-%if (0%{?with_secrets} == 1)
-%{_unitdir}/sssd-secrets.socket
-%{_unitdir}/sssd-secrets.service
-%{_mandir}/man5/sssd-secrets.5*
-%endif
-%endif
-
-%pre common
-getent group sssd >/dev/null || groupadd -r sssd
-getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
+%{_libdir}/%{name}/libsss_secrets.so
-%if (0%{?use_systemd} == 1)
-# systemd
%post common
%systemd_post sssd.service
%systemd_post sssd-autofs.socket
@@ -1400,7 +960,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%systemd_preun sssd-sudo.socket
%postun common
-%systemd_postun_with_restart sssd.service
%systemd_postun_with_restart sssd-autofs.socket
%systemd_postun_with_restart sssd-autofs.service
%systemd_postun_with_restart sssd-nss.socket
@@ -1424,7 +983,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%postun dbus
%systemd_postun_with_restart sssd-ifp.service
-%if (0%{?with_kcm} == 1)
%post kcm
%systemd_post sssd-kcm.socket
@@ -1434,74 +992,33 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
%postun kcm
%systemd_postun_with_restart sssd-kcm.socket
%systemd_postun_with_restart sssd-kcm.service
-%endif
-
-%if (0%{?with_secrets} == 1)
-%post secrets
-%systemd_postun_with_restart sssd-secrets.socket
-
-%preun secrets
-%systemd_preun_with_restart sssd-secrets.socket
-
-%postun secrets
-%systemd_postun_with_restart sssd-secrets.socket
-%systemd_postun_with_restart sssd-secrets.service
-%endif
-
-%else
-# sysv
-%post common
-/sbin/chkconfig --add %{servicename}
-
-%posttrans
-/sbin/service %{servicename} condrestart 2>&1 > /dev/null
-%preun common
-if [ $1 = 0 ] ; then
- /sbin/service %{servicename} stop 2>&1 > /dev/null
- /sbin/chkconfig --del %{servicename}
-fi
-%endif
-
-%if (0%{?with_cifs_utils_plugin} == 1)
%post client
-/sbin/ldconfig
+%{?ldconfig}
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20
%preun client
if [ $1 -eq 0 ] ; then
/usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
fi
-%else
-%post client -p /sbin/ldconfig
-%endif
-%postun client -p /sbin/ldconfig
+%ldconfig_postun client
-%post -n libsss_sudo -p /sbin/ldconfig
+%ldconfig_scriptlets -n libsss_sudo
-%postun -n libsss_sudo -p /sbin/ldconfig
+%ldconfig_scriptlets -n libipa_hbac
-%post -n libipa_hbac -p /sbin/ldconfig
+%ldconfig_scriptlets -n libsss_idmap
-%postun -n libipa_hbac -p /sbin/ldconfig
+%ldconfig_scriptlets -n libsss_nss_idmap
-%post -n libsss_idmap -p /sbin/ldconfig
+%ldconfig_scriptlets -n libsss_simpleifp
-%postun -n libsss_idmap -p /sbin/ldconfig
+%ldconfig_scriptlets -n libsss_certmap
-%post -n libsss_nss_idmap -p /sbin/ldconfig
-
-%postun -n libsss_nss_idmap -p /sbin/ldconfig
-
-%post -n libsss_simpleifp -p /sbin/ldconfig
-
-%postun -n libsss_simpleifp -p /sbin/ldconfig
-
-%post -n libsss_certmap -p /sbin/ldconfig
-
-%postun -n libsss_certmap -p /sbin/ldconfig
+%posttrans common
+%systemd_postun_with_restart sssd.service
%changelog
-* Mon Mar 15 2010 Stephen Gallagher <sgall...@redhat.com> - @PACKAGE_VERSION@-0@PRERELEASE_VERSION@
-- Automated build of the SSSD
+* Thu Jan 21 2021 Pavel Březina <pbrez...@redhat.com> - @PACKAGE_NAME@-@PACKAGE_VERSION@-0@PRERELEASE_VERSION@
+- Built from upstream sources.
\ No newline at end of file
From 1c6d126f4475fcdc694fb6f1dd749c5841dfb0f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Mon, 25 Jan 2021 12:45:03 +0100
Subject: [PATCH 02/17] spec: remove unneeded conditionals and unused variables
This patch removes unused variables and unneeded conditions that
reflect current state.
---
contrib/sssd.spec.in | 26 +-------------------------
1 file changed, 1 insertion(+), 25 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 6fb573ded2..afdf55bb7c 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1,7 +1,5 @@
# SSSD SPEC file for Fedora 34+ and RHEL-9+
-%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//')
-
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
@@ -10,25 +8,10 @@
%define _hardened_build 1
- %global enable_polkit_rules_option --disable-polkit-rules-path
-
# Determine the location of the LDB modules directory
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
%global ldb_version 1.2.0
- %global with_cifs_utils_plugin 1
-
-%global enable_systemtap 1
- %global enable_systemtap_opt --enable-systemtap
-
- %global with_kcm 1
-
- %global with_gdm_pam_extensions 1
-
-%if (0%{?fedora} > 28) || (0%{?rhel} > 7)
- %global use_openssl 1
-%endif
-
Name: @PACKAGE_NAME@
Version: @PACKAGE_VERSION@
Release: 0@PRERELEASE_VERSION@%{?dist}
@@ -126,12 +109,10 @@ BuildRequires: libuuid-devel
BuildRequires: jansson-devel
BuildRequires: libcurl-devel
BuildRequires: gdm-pam-extensions-devel
-%if (0%{?use_openssl} == 1)
BuildRequires: p11-kit-devel
BuildRequires: openssl-devel
BuildRequires: gnutls-utils
BuildRequires: softhsm >= 2.1.0
-%endif
BuildRequires: openssl
BuildRequires: openssh
BuildRequires: nss-tools
@@ -515,14 +496,11 @@ autoreconf -ivf
--with-initscript=systemd \
--with-syslog=journald \
--without-python2-bindings \
-%if (0%{?use_openssl} == 1)
--with-crypto=libcrypto \
-%endif
--enable-sss-default-nss-plugin \
--enable-files-domain \
--enable-gss-spnego-for-zero-maxssf \
- %{?with_cifs_utils_plugin_option} \
- %{?enable_systemtap_opt}
+ --enable-systemtap
%make_build all docs runstatedir=%{_rundir}
@@ -726,9 +704,7 @@ done
%attr(750,root,root) %dir %{_var}/log/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/sssd
%attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d
-%if (0%{?use_openssl} == 1)
%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
-%endif
%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%dir %{_sysconfdir}/logrotate.d
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
From b462005df60b4458d8a1179534fb1cd0246665b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Mon, 25 Jan 2021 12:46:26 +0100
Subject: [PATCH 03/17] spec: keep _strict_symbol_defs_build
SSSD now builds fine with -Wl,-z,defs
---
contrib/sssd.spec.in | 3 ---
1 file changed, 3 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index afdf55bb7c..488705dde1 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -3,9 +3,6 @@
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
-# SSSD fails to build with -Wl,-z,defs
-%undefine _strict_symbol_defs_build
-
%define _hardened_build 1
# Determine the location of the LDB modules directory
From 1fc1bcce7048edc9075c1796a111cd3e3ce826b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Mon, 25 Jan 2021 12:47:08 +0100
Subject: [PATCH 04/17] spec: enable LTO
SSSD builds fine with LTO. The only problem was in tests but it is now fixed.
---
contrib/sssd.spec.in | 4 ----
1 file changed, 4 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 488705dde1..dcd965c878 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -468,10 +468,6 @@ for p in %patches ; do
done
%build
-# This package uses -Wl,-wrap to wrap calls at link time. This is incompatible
-# with LTO.
-# Disable LTO
-%define _lto_cflags %{nil}
autoreconf -ivf
From db6430336bd753cbc87e60292eaf6ff9266b376b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Mon, 25 Jan 2021 12:54:44 +0100
Subject: [PATCH 05/17] spec: remove support for NSS
We no longer built with NSS. --with-crypto option no longer exist and
we don't require these packages anymore.
---
contrib/sssd.spec.in | 3 ---
1 file changed, 3 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index dcd965c878..a8797f1c80 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -67,7 +67,6 @@ BuildRequires: dbus-devel
BuildRequires: dbus-libs
BuildRequires: openldap-devel
BuildRequires: pam-devel
-BuildRequires: nss-devel
BuildRequires: nspr-devel
BuildRequires: pcre-devel
BuildRequires: libxslt
@@ -112,7 +111,6 @@ BuildRequires: gnutls-utils
BuildRequires: softhsm >= 2.1.0
BuildRequires: openssl
BuildRequires: openssh
-BuildRequires: nss-tools
%description
Provides a set of daemons to manage access to remote directories and
@@ -489,7 +487,6 @@ autoreconf -ivf
--with-initscript=systemd \
--with-syslog=journald \
--without-python2-bindings \
- --with-crypto=libcrypto \
--enable-sss-default-nss-plugin \
--enable-files-domain \
--enable-gss-spnego-for-zero-maxssf \
From e18890dc8c3491ab68c3ecab9afd44b435b4d9b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Mon, 25 Jan 2021 13:35:03 +0100
Subject: [PATCH 06/17] spec: remove --without-python2-bindings
Python2 bindings are not built by default anymore.
---
contrib/sssd.spec.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index a8797f1c80..05cf051232 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -486,7 +486,6 @@ autoreconf -ivf
--disable-rpath \
--with-initscript=systemd \
--with-syslog=journald \
- --without-python2-bindings \
--enable-sss-default-nss-plugin \
--enable-files-domain \
--enable-gss-spnego-for-zero-maxssf \
From 565fe523dd1343e1704b30837f4129f94a960356 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 11:45:20 +0100
Subject: [PATCH 07/17] spec: re-import changes that were not merged in Fedora
There were several changes in upstream spec file that were not merged
in Fedora but fixed valid problems. These are:
- https://github.com/SSSD/sssd/pull/1008
- https://github.com/SSSD/sssd/pull/1039
- https://github.com/SSSD/sssd/pull/5137
- https://github.com/SSSD/sssd/commit/e698d53e0ddd3c2778e04fd8e405f8c0cee0a766
- https://github.com/SSSD/sssd/commit/7fbc7e3ffb7a5c0090bb2091011762dabf1f512f
---
contrib/sssd.spec.in | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 05cf051232..1160145d22 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -9,6 +9,8 @@
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
%global ldb_version 1.2.0
+%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
+
Name: @PACKAGE_NAME@
Version: @PACKAGE_VERSION@
Release: 0@PRERELEASE_VERSION@%{?dist}
@@ -35,6 +37,7 @@ Requires: sssd-ad = %{version}-%{release}
Recommends: sssd-proxy = %{version}-%{release}
Suggests: python3-sssdconfig = %{version}-%{release}
Suggests: sssd-dbus = %{version}-%{release}
+Recommends: logrotate
%global servicename sssd
%global sssdstatedir %{_localstatedir}/lib/sss
@@ -96,7 +99,7 @@ BuildRequires: systemd-devel
BuildRequires: systemd
BuildRequires: cifs-utils-devel
BuildRequires: libnfsidmap-devel
-BuildRequires: samba4-devel
+BuildRequires: samba-devel
BuildRequires: libsmbclient-devel
BuildRequires: samba-winbind
BuildRequires: systemtap-sdt-devel
@@ -150,6 +153,8 @@ sub-packages such as sssd-ldap.
%package client
Summary: SSSD Client libraries for NSS and PAM
License: LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
Requires(post): /sbin/ldconfig
Requires(post): /usr/sbin/alternatives
Requires(preun): /usr/sbin/alternatives
@@ -178,6 +183,7 @@ A utility library to allow communication between Autofs and SSSD
Summary: Userspace tools for use with the SSSD
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
+Requires: libsss_simpleifp = %{version}-%{release}
# required by sss_obfuscate
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
@@ -230,6 +236,7 @@ License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch identity data
@@ -261,6 +268,7 @@ against a Kerberos server.
Summary: Common files needed for supporting PAC processing
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
%description common-pac
Provides common files needed by SSSD providers such as IPA and Active Directory
@@ -270,11 +278,13 @@ for handling Kerberos PACs.
Summary: The IPA back end of the SSSD
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
+Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
Recommends: bind-utils
Requires: sssd-common-pac = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity data
@@ -284,9 +294,11 @@ from and authenticate against an IPA server.
Summary: The AD back end of the SSSD
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
+Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
Recommends: bind-utils
Recommends: adcli
Suggests: sssd-winbind-idmap = %{version}-%{release}
@@ -400,6 +412,8 @@ Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package winbind-idmap
Summary: SSSD's idmap_sss Backend for Winbind
License: GPLv3+ and LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
Conflicts: sssd-common < %{version}-%{release}
%description winbind-idmap
@@ -700,13 +714,11 @@ done
%dir %{_sysconfdir}/rwtab.d
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
%dir %{_datadir}/sssd
-%{_sysconfdir}/pam.d/sssd-shadowutils
+%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
%dir %{_libdir}/%{name}/conf
%{_libdir}/%{name}/conf/sssd.conf
%{_datadir}/sssd/cfg_rules.ini
-%{_datadir}/sssd/sssd.api.conf
-%{_datadir}/sssd/sssd.api.d
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
%{_mandir}/man5/sssd.conf.5*
@@ -831,6 +843,9 @@ done
%{python3_sitelib}/SSSDConfig/*.py*
%dir %{python3_sitelib}/SSSDConfig/__pycache__
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
+%dir %{_datadir}/sssd
+%{_datadir}/sssd/sssd.api.conf
+%{_datadir}/sssd/sssd.api.d
%files -n python3-sss
%{python3_sitearch}/pysss.so
From d286bbb53301447def45d2b2f7ae294bece1590f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 12:10:03 +0100
Subject: [PATCH 08/17] spec: synchronize with RHEL spec file
Bring stuff from RHEL spec file that was not available in Fedora.
---
contrib/sssd.spec.in | 34 ++++++++++++++++++++++++++++++++--
1 file changed, 32 insertions(+), 2 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 1160145d22..1e14d8393b 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -35,7 +35,7 @@ Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ipa = %{version}-%{release}
Requires: sssd-ad = %{version}-%{release}
Recommends: sssd-proxy = %{version}-%{release}
-Suggests: python3-sssdconfig = %{version}-%{release}
+Requires: python3-sssdconfig = %{version}-%{release}
Suggests: sssd-dbus = %{version}-%{release}
Recommends: logrotate
@@ -139,6 +139,8 @@ Recommends: libsss_sudo = %{version}-%{release}
Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
Recommends: sssd-nfs-idmap = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
+Requires(pre): shadow-utils
%{?systemd_requires}
### Provides ###
@@ -187,6 +189,7 @@ Requires: libsss_simpleifp = %{version}-%{release}
# required by sss_obfuscate
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
Recommends: sssd-dbus
%description tools
@@ -237,6 +240,7 @@ Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch identity data
@@ -248,6 +252,7 @@ License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: sssd-common = %{version}-%{release}
+Requires(pre): shadow-utils
%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can use for
@@ -282,9 +287,11 @@ Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
Recommends: bind-utils
Requires: sssd-common-pac = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
+Requires(pre): shadow-utils
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity data
@@ -299,6 +306,7 @@ Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
+Requires: libsss_certmap = %{version}-%{release}
Recommends: bind-utils
Recommends: adcli
Suggests: sssd-winbind-idmap = %{version}-%{release}
@@ -312,6 +320,7 @@ Summary: The proxy back end of the SSSD
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
+Requires(pre): shadow-utils
%description proxy
Provides the proxy back end which can be used to wrap an existing NSS and/or
@@ -392,6 +401,19 @@ Requires: sssd-common = %{version}-%{release}
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
the information from the SSSD to be transmitted over the system bus.
+%if 0%{?rhel}
+%package polkit-rules
+Summary: Rules for polkit integration for SSSD
+Group: Applications/System
+License: GPLv3+
+Requires: polkit >= 0.106
+Requires: sssd-common = %{version}-%{release}
+
+%description polkit-rules
+Provides rules for polkit integration with SSSD. This is required
+for smartcard support.
+%endif
+
%package -n libsss_simpleifp
Summary: The SSSD D-Bus responder helper library
License: GPLv3+
@@ -503,7 +525,11 @@ autoreconf -ivf
--enable-sss-default-nss-plugin \
--enable-files-domain \
--enable-gss-spnego-for-zero-maxssf \
- --enable-systemtap
+ --enable-systemtap \
+%if 0%{?fedora}
+ --disable-polkit-rules-path \
+%endif
+ %{nil}
%make_build all docs runstatedir=%{_rundir}
@@ -739,6 +765,10 @@ done
%{_datadir}/systemtap/tapset/sssd_functions.stp
%{_mandir}/man5/sssd-systemtap.5*
+%if 0%{?rhel}
+%files polkit-rules
+%{_datadir}/polkit-1/rules.d/*
+%endif
%files ldap -f sssd_ldap.lang
%license COPYING
From 8c5e204d6a668a7e60cd956142098679800281be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 12:31:48 +0100
Subject: [PATCH 09/17] spec: use sssd user on RHEL
---
contrib/sssd.spec.in | 57 +++++++++++++++++++++++++++-----------------
1 file changed, 35 insertions(+), 22 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 1e14d8393b..5ca6cd85d6 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1,5 +1,12 @@
# SSSD SPEC file for Fedora 34+ and RHEL-9+
+# define SSSD user
+%if 0%{?rhel}
+%global sssd_user sssd
+%else
+%global sssd_user root
+%endif
+
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
@@ -140,7 +147,9 @@ Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
Recommends: sssd-nfs-idmap = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
Requires: libsss_certmap = %{version}-%{release}
+%if 0%{?rhel}
Requires(pre): shadow-utils
+%endif
%{?systemd_requires}
### Provides ###
@@ -252,7 +261,6 @@ License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: sssd-common = %{version}-%{release}
-Requires(pre): shadow-utils
%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can use for
@@ -291,7 +299,6 @@ Requires: libsss_certmap = %{version}-%{release}
Recommends: bind-utils
Requires: sssd-common-pac = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
-Requires(pre): shadow-utils
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity data
@@ -320,7 +327,6 @@ Summary: The proxy back end of the SSSD
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
-Requires(pre): shadow-utils
%description proxy
Provides the proxy back end which can be used to wrap an existing NSS and/or
@@ -526,6 +532,7 @@ autoreconf -ivf
--enable-files-domain \
--enable-gss-spnego-for-zero-maxssf \
--enable-systemtap \
+ --with-sssd-user=%{sssd_user} \
%if 0%{?fedora}
--disable-polkit-rules-path \
%endif
@@ -719,20 +726,20 @@ done
%dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
-%attr(700,root,root) %dir %{dbpath}
-%attr(775,root,root) %dir %{mcpath}
+%attr(700,%{sssd_user},%{sssd_user}) %dir %{dbpath}
+%attr(775,%{sssd_user},%{sssd_user}) %dir %{mcpath}
%attr(700,root,root) %dir %{secdbpath}
%attr(751,root,root) %dir %{deskprofilepath}
-%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/passwd
-%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/group
-%ghost %attr(0664,root,root) %verify(not md5 size mtime) %{mcpath}/initgroups
-%attr(755,root,root) %dir %{pipepath}
-%attr(700,root,root) %dir %{pipepath}/private
-%attr(755,root,root) %dir %{pubconfpath}
-%attr(755,root,root) %dir %{gpocachepath}
-%attr(750,root,root) %dir %{_var}/log/%{name}
-%attr(700,root,root) %dir %{_sysconfdir}/sssd
-%attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d
+%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/passwd
+%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/group
+%ghost %attr(0664,%{sssd_user},%{sssd_user}) %verify(not md5 size mtime) %{mcpath}/initgroups
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{pipepath}
+%attr(750,%{sssd_user},root) %dir %{pipepath}/private
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{gpocachepath}
+%attr(750,%{sssd_user},%{sssd_user}) %dir %{_var}/log/%{name}
+%attr(700,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd
+%attr(711,%{sssd_user},%{sssd_user}) %dir %{_sysconfdir}/sssd/conf.d
%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%dir %{_sysconfdir}/logrotate.d
@@ -778,9 +785,9 @@ done
%files krb5-common
%license COPYING
-%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
-%{_libexecdir}/%{servicename}/ldap_child
-%{_libexecdir}/%{servicename}/krb5_child
+%attr(755,%{sssd_user},%{sssd_user}) %dir %{pubconfpath}/krb5.include.d
+%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/ldap_child
+%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/krb5_child
%files krb5 -f sssd_krb5.lang
%license COPYING
@@ -793,9 +800,9 @@ done
%files ipa -f sssd_ipa.lang
%license COPYING
-%attr(700,root,root) %dir %{keytabdir}
+%attr(700,%{sssd_user},%{sssd_user}) %dir %{keytabdir}
%{_libdir}/%{name}/libsss_ipa.so
-%{_libexecdir}/%{servicename}/selinux_child
+%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/selinux_child
%{_mandir}/man5/sssd-ipa.5*
%files ad -f sssd_ad.lang
@@ -806,7 +813,7 @@ done
%files proxy
%license COPYING
-%{_libexecdir}/%{servicename}/proxy_child
+%attr(4750,root,%{sssd_user}) %{_libexecdir}/%{servicename}/proxy_child
%{_libdir}/%{name}/libsss_proxy.so
%files dbus -f sssd_dbus.lang
@@ -949,6 +956,12 @@ done
%{_mandir}/man8/sssd-kcm.8*
%{_libdir}/%{name}/libsss_secrets.so
+%if 0%{?rhel}
+%pre common
+getent group sssd >/dev/null || groupadd -r sssd
+getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
+%endif
+
%post common
%systemd_post sssd.service
%systemd_post sssd-autofs.socket
@@ -1031,4 +1044,4 @@ fi
%changelog
* Thu Jan 21 2021 Pavel Březina <pbrez...@redhat.com> - @PACKAGE_NAME@-@PACKAGE_VERSION@-0@PRERELEASE_VERSION@
-- Built from upstream sources.
\ No newline at end of file
+- Built from upstream sources.
From 97f6c084b14b704140984eeea473f39bcd9a0926 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 12:33:26 +0100
Subject: [PATCH 10/17] spec: remove conflicts that no longer make sense
---
contrib/sssd.spec.in | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 5ca6cd85d6..14e82715c9 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -135,9 +135,6 @@ the existing back ends.
%package common
Summary: Common files for the SSSD
License: GPLv3+
-# Conflicts
-Conflicts: selinux-policy < 3.10.0-46
-Conflicts: sssd < 1.10.0-8%{?dist}.beta2
# Requires
# due to ABI changes in 1.1.30/1.2.0
Requires: libldb >= %{ldb_version}
@@ -245,7 +242,6 @@ Provides python3 module for calculating the murmur hash version 3
%package ldap
Summary: The LDAP back end of the SSSD
License: GPLv3+
-Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
@@ -258,7 +254,6 @@ from and authenticate against an LDAP server.
%package krb5-common
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
License: GPLv3+
-Conflicts: sssd < 1.10.0-8.beta2
Requires: cyrus-sasl-gssapi%{?_isa}
Requires: sssd-common = %{version}-%{release}
@@ -269,7 +264,6 @@ Kerberos user or host authentication.
%package krb5
Summary: The Kerberos authentication back end for the SSSD
License: GPLv3+
-Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
@@ -290,7 +284,6 @@ for handling Kerberos PACs.
%package ipa
Summary: The IPA back end of the SSSD
License: GPLv3+
-Conflicts: sssd < 1.10.0-8.beta2
Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
@@ -307,7 +300,6 @@ from and authenticate against an IPA server.
%package ad
Summary: The AD back end of the SSSD
License: GPLv3+
-Conflicts: sssd < 1.10.0-8.beta2
Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
@@ -325,7 +317,6 @@ identity data from and authenticate against an Active Directory server.
%package proxy
Summary: The proxy back end of the SSSD
License: GPLv3+
-Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
%description proxy
From 7c51287ccf83b5a62b67cca2ff6c7d8b4adf04d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 12:39:18 +0100
Subject: [PATCH 11/17] spec: remove unused BuildRequires
- http-parser-devel, libcurl-devel - needed by secrets responder which is not built anymore
- dbus-libs, openssl, systemd - pulled in by -devel packages
- libcollection-devel, nspr-devel - not required
---
contrib/sssd.spec.in | 7 -------
1 file changed, 7 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 14e82715c9..3dfdb8fb3c 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -71,13 +71,10 @@ BuildRequires: libtevent-devel
BuildRequires: libtdb-devel
BuildRequires: libldb-devel >= %{ldb_version}
BuildRequires: libdhash-devel >= 0.4.2
-BuildRequires: libcollection-devel
BuildRequires: libini_config-devel >= 1.1
BuildRequires: dbus-devel
-BuildRequires: dbus-libs
BuildRequires: openldap-devel
BuildRequires: pam-devel
-BuildRequires: nspr-devel
BuildRequires: pcre-devel
BuildRequires: libxslt
BuildRequires: libxml2
@@ -103,23 +100,19 @@ BuildRequires: nss_wrapper
BuildRequires: pam_wrapper
BuildRequires: libnl3-devel
BuildRequires: systemd-devel
-BuildRequires: systemd
BuildRequires: cifs-utils-devel
BuildRequires: libnfsidmap-devel
BuildRequires: samba-devel
BuildRequires: libsmbclient-devel
BuildRequires: samba-winbind
BuildRequires: systemtap-sdt-devel
-BuildRequires: http-parser-devel
BuildRequires: libuuid-devel
BuildRequires: jansson-devel
-BuildRequires: libcurl-devel
BuildRequires: gdm-pam-extensions-devel
BuildRequires: p11-kit-devel
BuildRequires: openssl-devel
BuildRequires: gnutls-utils
BuildRequires: softhsm >= 2.1.0
-BuildRequires: openssl
BuildRequires: openssh
%description
From 7bb817e280432948ec5a7ccd940e1bb3229837d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 12:43:24 +0100
Subject: [PATCH 12/17] spec: remove unused Requires
- simpleifp was required by sssctl but not anymore
- we don't call ldconfig in post for client
---
contrib/sssd.spec.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 3dfdb8fb3c..a742536cba 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -184,7 +184,6 @@ A utility library to allow communication between Autofs and SSSD
Summary: Userspace tools for use with the SSSD
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
-Requires: libsss_simpleifp = %{version}-%{release}
# required by sss_obfuscate
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
From aaaae2ffb8f8d289a985113911311877e00d993e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 13:33:18 +0100
Subject: [PATCH 13/17] spec: sort Requires, BuildRequires and configure for
better clarity
---
contrib/sssd.spec.in | 124 +++++++++++++++++++++----------------------
1 file changed, 62 insertions(+), 62 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index a742536cba..815d3826bc 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -36,15 +36,15 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
### Dependencies ###
+Requires: python3-sssdconfig = %{version}-%{release}
+Requires: sssd-ad = %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
-Requires: sssd-ldap = %{version}-%{release}
-Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ipa = %{version}-%{release}
-Requires: sssd-ad = %{version}-%{release}
+Requires: sssd-krb5 = %{version}-%{release}
+Requires: sssd-ldap = %{version}-%{release}
Recommends: sssd-proxy = %{version}-%{release}
-Requires: python3-sssdconfig = %{version}-%{release}
-Suggests: sssd-dbus = %{version}-%{release}
Recommends: logrotate
+Suggests: sssd-dbus = %{version}-%{release}
%global servicename sssd
%global sssdstatedir %{_localstatedir}/lib/sss
@@ -59,61 +59,61 @@ Recommends: logrotate
### Build Dependencies ###
-BuildRequires: make
BuildRequires: autoconf
BuildRequires: automake
-BuildRequires: libtool
-BuildRequires: m4
-BuildRequires: gcc
-BuildRequires: popt-devel
-BuildRequires: libtalloc-devel
-BuildRequires: libtevent-devel
-BuildRequires: libtdb-devel
-BuildRequires: libldb-devel >= %{ldb_version}
-BuildRequires: libdhash-devel >= 0.4.2
-BuildRequires: libini_config-devel >= 1.1
-BuildRequires: dbus-devel
-BuildRequires: openldap-devel
-BuildRequires: pam-devel
-BuildRequires: pcre-devel
-BuildRequires: libxslt
-BuildRequires: libxml2
-BuildRequires: docbook-style-xsl
-BuildRequires: krb5-devel
+BuildRequires: bind-utils
BuildRequires: c-ares-devel
-BuildRequires: python3-devel
BuildRequires: check-devel
-BuildRequires: doxygen
-BuildRequires: libselinux-devel
-BuildRequires: libsemanage-devel
-BuildRequires: bind-utils
-BuildRequires: keyutils-libs-devel
-BuildRequires: gettext-devel
-BuildRequires: pkgconfig
+BuildRequires: cifs-utils-devel
+BuildRequires: dbus-devel
BuildRequires: diffstat
+BuildRequires: docbook-style-xsl
+BuildRequires: doxygen
BuildRequires: findutils
+BuildRequires: gcc
+BuildRequires: gdm-pam-extensions-devel
+BuildRequires: gettext-devel
BuildRequires: glib2-devel
-BuildRequires: selinux-policy-targeted
+BuildRequires: gnutls-utils
+BuildRequires: jansson-devel
+BuildRequires: keyutils-libs-devel
+BuildRequires: krb5-devel
BuildRequires: libcmocka-devel >= 1.0.0
-BuildRequires: uid_wrapper
-BuildRequires: nss_wrapper
-BuildRequires: pam_wrapper
-BuildRequires: libnl3-devel
-BuildRequires: systemd-devel
-BuildRequires: cifs-utils-devel
+BuildRequires: libdhash-devel >= 0.4.2
+BuildRequires: libini_config-devel >= 1.1
+BuildRequires: libldb-devel >= %{ldb_version}
BuildRequires: libnfsidmap-devel
-BuildRequires: samba-devel
+BuildRequires: libnl3-devel
+BuildRequires: libselinux-devel
+BuildRequires: libsemanage-devel
BuildRequires: libsmbclient-devel
-BuildRequires: samba-winbind
-BuildRequires: systemtap-sdt-devel
+BuildRequires: libtalloc-devel
+BuildRequires: libtdb-devel
+BuildRequires: libtevent-devel
+BuildRequires: libtool
BuildRequires: libuuid-devel
-BuildRequires: jansson-devel
-BuildRequires: gdm-pam-extensions-devel
-BuildRequires: p11-kit-devel
+BuildRequires: libxml2
+BuildRequires: libxslt
+BuildRequires: m4
+BuildRequires: make
+BuildRequires: nss_wrapper
+BuildRequires: openldap-devel
+BuildRequires: openssh
BuildRequires: openssl-devel
-BuildRequires: gnutls-utils
+BuildRequires: p11-kit-devel
+BuildRequires: pam_wrapper
+BuildRequires: pam-devel
+BuildRequires: pcre-devel
+BuildRequires: pkgconfig
+BuildRequires: popt-devel
+BuildRequires: python3-devel
+BuildRequires: samba-devel
+BuildRequires: samba-winbind
+BuildRequires: selinux-policy-targeted
BuildRequires: softhsm >= 2.1.0
-BuildRequires: openssh
+BuildRequires: systemd-devel
+BuildRequires: systemtap-sdt-devel
+BuildRequires: uid_wrapper
%description
Provides a set of daemons to manage access to remote directories and
@@ -495,27 +495,27 @@ done
autoreconf -ivf
%configure \
- --with-test-dir=/dev/shm \
+ --disable-rpath \
+ --disable-static \
+ --enable-files-domain \
+ --enable-gss-spnego-for-zero-maxssf \
+ --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
+ --enable-nsslibdir=%{_libdir} \
+ --enable-pammoddir=%{_libdir}/security \
+ --enable-sss-default-nss-plugin \
+ --enable-systemtap \
--with-db-path=%{dbpath} \
- --with-mcache-path=%{mcpath} \
- --with-pipe-path=%{pipepath} \
- --with-pubconf-path=%{pubconfpath} \
--with-gpo-cache-path=%{gpocachepath} \
--with-init-dir=%{_initrddir} \
+ --with-initscript=systemd \
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
+ --with-mcache-path=%{mcpath} \
--with-pid-path=%{_rundir} \
- --enable-nsslibdir=%{_libdir} \
- --enable-pammoddir=%{_libdir}/security \
- --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
- --disable-static \
- --disable-rpath \
- --with-initscript=systemd \
- --with-syslog=journald \
- --enable-sss-default-nss-plugin \
- --enable-files-domain \
- --enable-gss-spnego-for-zero-maxssf \
- --enable-systemtap \
+ --with-pipe-path=%{pipepath} \
+ --with-pubconf-path=%{pubconfpath} \
--with-sssd-user=%{sssd_user} \
+ --with-syslog=journald \
+ --with-test-dir=/dev/shm \
%if 0%{?fedora}
--disable-polkit-rules-path \
%endif
From c39009bc0ffdba90b0e233aa6b28f9e69c7e2c94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 28 Jan 2021 13:36:08 +0100
Subject: [PATCH 14/17] spec: comment some requirements
---
contrib/sssd.spec.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 815d3826bc..5a328a24eb 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -74,6 +74,7 @@ BuildRequires: gcc
BuildRequires: gdm-pam-extensions-devel
BuildRequires: gettext-devel
BuildRequires: glib2-devel
+# required for p11_child smartcard tests
BuildRequires: gnutls-utils
BuildRequires: jansson-devel
BuildRequires: keyutils-libs-devel
@@ -108,8 +109,10 @@ BuildRequires: pkgconfig
BuildRequires: popt-devel
BuildRequires: python3-devel
BuildRequires: samba-devel
+# required for idmap_sss.so
BuildRequires: samba-winbind
BuildRequires: selinux-policy-targeted
+# required for p11_child smartcard tests
BuildRequires: softhsm >= 2.1.0
BuildRequires: systemd-devel
BuildRequires: systemtap-sdt-devel
From 1ea43265e4d5184c28d2d44a0683bf674f7526be Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikh...@redhat.com>
Date: Mon, 1 Feb 2021 17:56:18 +0100
Subject: [PATCH 15/17] Makefile: add missing '-fno-lto' to some tests
---
Makefile.am | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile.am b/Makefile.am
index b3d820c1f2..f0083ffd7a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3717,6 +3717,7 @@ test_cert_utils_CFLAGS = \
-U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \
-I$(abs_builddir)/src \
$(CRYPTO_CFLAGS) \
+ $(CMOCKA_CFLAGS) \
$(NULL)
test_cert_utils_LDADD = \
$(CMOCKA_LIBS) \
From 05f9b1be86fdc911af58e52315669b4995a3a460 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Wed, 3 Feb 2021 12:23:48 +0100
Subject: [PATCH 16/17] spec: fix spelling in package description
---
contrib/sssd.spec.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 5a328a24eb..5d2d99648c 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -121,11 +121,11 @@ BuildRequires: uid_wrapper
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
-the system and a plug-gable back-end system to connect to multiple different
+the system and a pluggable back end system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
-The sssd sub-package is a meta-package that contains the daemon as well as all
+The sssd subpackage is a meta-package that contains the daemon as well as all
the existing back ends.
%package common
@@ -152,7 +152,7 @@ Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
%description common
Common files for the SSSD. The common package includes all the files needed
to run a particular back end, however, the back ends are packaged in separate
-sub-packages such as sssd-ldap.
+subpackages such as sssd-ldap.
%package client
Summary: SSSD Client libraries for NSS and PAM
From e08d969d877e8c7e9a7ec05370727add90c93cb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Wed, 3 Feb 2021 12:41:16 +0100
Subject: [PATCH 17/17] spec: use %autosetup instead of %setup
---
contrib/sssd.spec.in | 23 +----------------------
1 file changed, 1 insertion(+), 22 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 5d2d99648c..53dee22a0b 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -66,7 +66,6 @@ BuildRequires: c-ares-devel
BuildRequires: check-devel
BuildRequires: cifs-utils-devel
BuildRequires: dbus-devel
-BuildRequires: diffstat
BuildRequires: docbook-style-xsl
BuildRequires: doxygen
BuildRequires: findutils
@@ -471,27 +470,7 @@ An implementation of a Kerberos KCM server. Use this package if you want to
use the KCM: Kerberos credentials cache.
%prep
-# Update timestamps on the files touched by a patch, to avoid non-equal
-# .pyc/.pyo files across the multilib peers within a build, where "Level"
-# is the patch prefix option (e.g. -p1)
-# Taken from specfile for python-simplejson
-UpdateTimestamps() {
- Level=$1
- PatchFile=$2
-
- # Locate the affected files:
- for f in $(diffstat $Level -l $PatchFile); do
- # Set the files to have the same timestamp as that of the patch:
- touch -r $PatchFile $f
- done
-}
-
-%setup -q
-
-for p in %patches ; do
- %__patch -p1 -i $p
- UpdateTimestamps -p1 $p
-done
+%autosetup -p1
%build
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
