From fabe9c50d75b9a25379f885f08ce0c3619fc2b32853bf93b2dea255660465f8d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 15 Nov 2012 02:31:26 +0000 Subject: [PATCH 1/7] sssd-1.9.2 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=76 --- 0005-implicit-decl.diff | 12 +- sssd-1.8.93.tar.xz | 3 - sssd-1.9.2.tar.xz | 3 + sssd-ldflags.diff | 115 +++++++++++++++++ sssd.changes | 20 +++ sssd.spec | 271 +++++++++++++++++++++++----------------- 6 files changed, 302 insertions(+), 122 deletions(-) delete mode 100644 sssd-1.8.93.tar.xz create mode 100644 sssd-1.9.2.tar.xz create mode 100644 sssd-ldflags.diff diff --git a/0005-implicit-decl.diff b/0005-implicit-decl.diff index 01ebb41..88cf672 100644 --- a/0005-implicit-decl.diff +++ b/0005-implicit-decl.diff @@ -14,13 +14,13 @@ crypto_sha512crypt.c:221:14: warning: incompatible implicit src/util/crypto/libcrypto/crypto_sha512crypt.c | 1 + 1 file changed, 1 insertion(+) -Index: sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c +Index: sssd-1.9.2/src/util/crypto/libcrypto/crypto_sha512crypt.c =================================================================== ---- sssd-1.8.0.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c -+++ sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c -@@ -10,6 +10,7 @@ - /* SHA512-based Unix crypt implementation. - Released into the Public Domain by Ulrich Drepper . */ +--- sssd-1.9.2.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c ++++ sssd-1.9.2/src/util/crypto/libcrypto/crypto_sha512crypt.c +@@ -12,6 +12,7 @@ + + #include "config.h" +#define _GNU_SOURCE 1 /* mempcpy */ #include diff --git a/sssd-1.8.93.tar.xz b/sssd-1.8.93.tar.xz deleted file mode 100644 index df18eaf..0000000 --- a/sssd-1.8.93.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d0577b6f27ea68ba164b701d84628c380bc82275b546fd20a624cfb752fd3e40 -size 1141600 diff --git a/sssd-1.9.2.tar.xz b/sssd-1.9.2.tar.xz new file mode 100644 index 0000000..8cbde6f --- /dev/null +++ b/sssd-1.9.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f1a597b8e26b083968199aff93c7768ca9aed6ded67cb394734377beb4b085fe +size 1224284 diff --git a/sssd-ldflags.diff b/sssd-ldflags.diff new file mode 100644 index 0000000..1ba81f7 --- /dev/null +++ b/sssd-ldflags.diff @@ -0,0 +1,115 @@ +From: Jan Engelhardt +Date: 2012-11-10 01:36:37.022064770 +0100 + +build: fix link failure because of wrong use of LDFLAGS + + ld: src/sss_client/sss_ssh_authorizedkeys-common.o: undefined + reference to symbol 'pthread_mutexattr_setrobust@@GLIBC_2.12' + +For the i'th time, +http://stackoverflow.com/questions/4241683/linker-flags-in-wrong-place + +The patch fixes the location of library names, and also adds them +to two program which need them. + +--- + Makefile.am | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +Index: sssd-1.9.2/Makefile.am +=================================================================== +--- sssd-1.9.2.orig/Makefile.am ++++ sssd-1.9.2/Makefile.am +@@ -746,8 +746,8 @@ sss_sudo_cli_SOURCES = \ + src/sss_client/common.c \ + src/sss_client/sudo_testcli/sudo_testcli.c + sss_sudo_cli_CFLAGS = $(AM_CFLAGS) +-sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS) + sss_sudo_cli_LDADD = \ ++ $(CLIENT_LIBS) \ + libsss_sudo.la + endif + +@@ -758,6 +758,7 @@ sss_ssh_authorizedkeys_SOURCES = \ + src/sss_client/ssh/sss_ssh_authorizedkeys.c + sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS) + sss_ssh_authorizedkeys_LDADD = \ ++ $(CLIENT_LIBS) \ + libsss_util.la + + sss_ssh_knownhostsproxy_SOURCES = \ +@@ -766,6 +767,7 @@ sss_ssh_knownhostsproxy_SOURCES = \ + src/sss_client/ssh/sss_ssh_knownhostsproxy.c + sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS) + sss_ssh_knownhostsproxy_LDADD = \ ++ $(CLIENT_LIBS) \ + libsss_util.la + endif + +@@ -1152,10 +1154,11 @@ libnss_sss_la_SOURCES = \ + src/sss_client/nss_mc_group.c \ + src/sss_client/nss_mc.h + libnss_sss_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ + -module \ + -version-info 2:0:0 \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports ++libnss_sss_la_LIBADD = \ ++ $(CLIENT_LIBS) + + pamlib_LTLIBRARIES = pam_sss.la + pam_sss_la_SOURCES = \ +@@ -1166,11 +1169,12 @@ pam_sss_la_SOURCES = \ + src/sss_client/sss_pam_macros.h + + pam_sss_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ +- -lpam \ + -module \ + -avoid-version \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_pam.exports ++pam_sss_la_LIBADD = \ ++ $(CLIENT_LIBS) \ ++ -lpam + + if BUILD_SUDO + +@@ -1182,9 +1186,10 @@ libsss_sudo_la_SOURCES = \ + src/sss_client/sudo/sss_sudo.h \ + src/sss_client/sudo/sss_sudo_private.h + libsss_sudo_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \ + -version-info 2:0:1 ++libsss_sudo_la_LIBADD = \ ++ $(CLIENT_LIBS) + + sudolib_LTLIBRARIES = libsss_sudo.la + +@@ -1201,10 +1206,11 @@ libsss_autofs_la_SOURCES = \ + src/sss_client/autofs/sss_autofs_private.h + + libsss_autofs_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ + -module \ + -avoid-version \ + -Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports ++libsss_autofs_la_LIBADD = \ ++ $(CLIENT_LIBS) + endif + + dist_noinst_DATA += \ +@@ -1521,10 +1527,11 @@ sssd_pac_plugin_la_CFLAGS = \ + $(AM_CFLAGS) \ + $(KRB5_CFLAGS) + sssd_pac_plugin_la_LDFLAGS = \ +- $(CLIENT_LIBS) \ +- -lkrb5 \ + -avoid-version \ + -module ++sssd_pac_plugin_la_LIBADD = \ ++ $(CLIENT_LIBS) \ ++ -lkrb5 + + if BUILD_PYTHON_BINDINGS + pysss_la_SOURCES = \ diff --git a/sssd.changes b/sssd.changes index 0c9366d..09ddde0 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 1.9.2 +* Users or groups from trusted domains can be retrieved by UID or + GID as well +* Several fixes that mitigate file descriptor leak during logins +* SSH host keys are also removed from the cache after being + removed from the server +* Fix intermittent crash in responders if the responder was + shutting down while requests were still pending +* Catch an error condition that might have caused a tight loop in + the sssd_nss process while refreshing expired enumeration request +* Fixed memory hierarchy of subdomains discovery requests that + caused use-after-free access bugs +* The krb5_child and ldap_child processes can print libkrb5 tracing + information in the debug logs +- Split sssd into sssd and sssd-client. Since sssd requires the + client, no extra action is needed for upgrade. + ------------------------------------------------------------------- Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index 3585e30..c74e671 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.8.93 +Version: 1.9.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -27,15 +27,15 @@ Url: https://fedorahosted.org/sssd/ #Git-Clone: git://git.fedorahosted.org/sssd Source: %name-%version.tar.xz Source3: baselibs.conf -Patch5: 0005-implicit-decl.diff +Patch1: 0005-implicit-decl.diff +Patch2: sssd-ldflags.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: xz %define servicename sssd -%define sssdstatedir %{_localstatedir}/lib/sss -%define dbpath %{sssdstatedir}/db -%define pipepath %{sssdstatedir}/pipes -%define pubconfpath %{sssdstatedir}/pubconf +%define sssdstatedir %_localstatedir/lib/sss +%define dbpath %sssdstatedir/db +%define pipepath %sssdstatedir/pipes +%define pubconfpath %sssdstatedir/pubconf # SLES11 doesn't know the python_* macros %if %suse_version <= 1110 @@ -43,10 +43,12 @@ BuildRequires: xz %define python_sitearch %py_sitedir %endif -#BuildRequires: autoconf >= 2.59, automake, libtool +BuildRequires: autoconf >= 2.59 +BuildRequires: automake BuildRequires: bind-utils BuildRequires: docbook-xsl-stylesheets BuildRequires: krb5-devel +BuildRequires: libtool BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} >= 1210 BuildRequires: pkgconfig(collection) >= 0.5.1 @@ -96,6 +98,8 @@ BuildRequires: pkg-config BuildRequires: systemd %{?systemd_requires} %endif +BuildRequires: xz +Requires: %name-client = %version %description Provides a set of daemons to manage access to remote directories and @@ -104,11 +108,20 @@ the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. +%package client +Summary: SSSD client libraries for NSS and PAM +License: LGPL-3.0+ +Group: Applications/System + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to +the SSSD service. + %package ipa-provider Summary: FreeIPA provider plugin for sssd License: GPL-3.0+ and LGPL-3.0+ Group: System/Daemons -Requires: sssd = %{version} +Requires: sssd = %version %description ipa-provider This package provide the FreeIPA provider plugin for the System Security @@ -118,7 +131,7 @@ Services Daemon (sssd). Summary: Commandline tools for sssd License: GPL-3.0+ and LGPL-3.0+ Group: System/Management -Requires: sssd = %{version} +Requires: sssd = %version %description tools The packages contains commandline tools for managing users and groups using @@ -160,6 +173,23 @@ Requires: libsss_idmap0 = %version %description -n libsss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. +%package -n libsss_sudo1 +Summary: A library to allow communication between sudo and SSSD +License: LGPL-3.0+ +Group: System/Libraries + +%description -n libsss_sudo1 +A utility library to allow communication between sudo and SSSD. + +%package -n libsss_sudo-devel +Summary: Development files for the sss_sudo library +License: LGPL-3.0+ +Group: Development/Libraries/C and C++ +Requires: libsss_sudo1 = %version + +%description -n libsss_sudo-devel +A utility library to allow communication between sudo and SSSD. + %package -n python-ipa_hbac Summary: Python bindings for the FreeIPA HBAC Evaluator library License: GPL-3.0+ and LGPL-3.0+ @@ -174,7 +204,7 @@ can be used by Python applications. Summary: Python API for configuring sssd License: GPL-3.0+ and LGPL-3.0+ Group: Development/Libraries/Python -%{py_requires} +%py_requires %description -n python-sssd-config Provide python module to access and manage configuration of the System @@ -182,7 +212,7 @@ Security Services Daemon (sssd). %prep %setup -q -%patch -P 5 -p1 +%patch -P 1 -P 2 -p1 %build %if 0%{?suse_version} < 1210 @@ -197,13 +227,14 @@ export LDB_DIR="$(pkg-config ldb --variable=modulesdir)" # help configure find nscd export PATH="$PATH:/usr/sbin" +autoreconf -fi; %configure \ - --with-db-path=%{dbpath} \ - --with-pipe-path=%{pipepath} \ - --with-pubconf-path=%{pubconfpath} \ - --with-init-dir=%{_initrddir} \ - --enable-nsslibdir=/%{_lib} \ - --enable-pammoddir=/%{_lib}/security \ + --with-db-path="%dbpath" \ + --with-pipe-path="%pipepath" \ + --with-pubconf-path="%pubconfpath" \ + --with-init-dir="%_initrddir" \ + --enable-nsslibdir="/%_lib" \ + --enable-pammoddir="/%_lib/security" \ --with-ldb-lib-dir="$LDB_DIR" \ --with-selinux=no \ --with-os=suse \ @@ -212,43 +243,30 @@ export PATH="$PATH:/usr/sbin" make %{?_smp_mflags} all %install -make install DESTDIR="%buildroot" +b="%buildroot"; +make install DESTDIR="$b" # Copy default sssd.conf file -install -d %{buildroot}%{_mandir}/cs -install -d %{buildroot}%{_mandir}/cs/man8 -install -d %{buildroot}%{_mandir}/nl -install -d %{buildroot}%{_mandir}/nl/man8 -install -d %{buildroot}%{_mandir}/pt -install -d %{buildroot}%{_mandir}/pt/man8 -install -d %{buildroot}%{_mandir}/uk -install -d %{buildroot}%{_mandir}/uk/man1 -install -d %{buildroot}%{_mandir}/uk/man5 -install -d %{buildroot}%{_mandir}/uk/man8 -install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sssd -install -m600 src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf -install src/sysv/SUSE/sssd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/sssd +install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ + "$b/%_mandir"/{uk/man5,uk/man8}; +install -d "$b/%_sysconfdir/sssd"; +install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"; +install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd"; %if 0%{?_unitdir:1} -install -d $RPM_BUILD_ROOT/%{_unitdir} -install src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/sssd.service +install -d "$b/%_unitdir"; +install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service"; %endif -ln -sf ../../etc/init.d/sssd $RPM_BUILD_ROOT/usr/sbin/rcsssd +ln -sf ../../etc/init.d/sssd $b/usr/sbin/rcsssd -# Remove .la files created by libtool -find "%buildroot" -type f -name "*.la" -delete; +find "$b" -type f -name "*.la" -delete; %if %suse_version <= 1110 # remove some unsupported languages, sssd does not contain # translations for these anyway -rm -rf \ - $RPM_BUILD_ROOT/usr/share/locale/fa_IR \ - $RPM_BUILD_ROOT/usr/share/locale/ja_JP \ - $RPM_BUILD_ROOT/usr/share/locale/lt_LT \ - $RPM_BUILD_ROOT/usr/share/locale/ta_IN \ - $RPM_BUILD_ROOT/usr/share/locale/vi_VN +rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %endif -%find_lang %{name} --all-name +%find_lang %name --all-name %if 0%{?_unitdir:1} %pre @@ -275,90 +293,107 @@ rm -rf \ %service_del_postun sssd.service %endif -%post -n libipa_hbac0 -p /sbin/ldconfig - +%post client -p /sbin/ldconfig +%postun client -p /sbin/ldconfig +%post -n libipa_hbac0 -p /sbin/ldconfig %postun -n libipa_hbac0 -p /sbin/ldconfig +%post -n libsss_idmap0 -p /sbin/ldconfig +%postun -n libsss_idmap0 -p /sbin/ldconfig +%post -n libsss_sudo1 -p /sbin/ldconfig +%postun -n libsss_sudo1 -p /sbin/ldconfig %files -f sssd.lang -%defattr(-,root,root,-) +%defattr(-,root,root) %doc COPYING -%{_initrddir}/%{name} +%_initrddir/%name %if 0%{?_unitdir:1} -%{_unitdir}/sssd.service +%_unitdir %endif -%{_sbindir}/sssd -%{_sbindir}/rcsssd -%dir %{_libdir}/%{name} -%dir %{_libexecdir}/%{name} -%dir %{_mandir}/cs -%dir %{_mandir}/cs/man8 -%dir %{_mandir}/nl -%dir %{_mandir}/nl/man8 -%dir %{_mandir}/pt -%dir %{_mandir}/pt/man8 -%dir %{_mandir}/uk -%dir %{_mandir}/uk/man1 -%dir %{_mandir}/uk/man5 -%dir %{_mandir}/uk/man8 -%{_mandir}/??/man?/* -%{_mandir}/man5/sssd-krb5.5* -%{_mandir}/man5/sssd-ldap.5* -%{_mandir}/man5/sssd-simple.5* -%{_mandir}/man8/sssd.8* -%{_mandir}/man5/sssd.conf.5.gz -%{_mandir}/man8/pam_sss.8.gz -%{_mandir}/man8/sssd_krb5_locator_plugin.8.gz -%{_libexecdir}/%{name}/sss* -%{_libexecdir}/%{name}/*_child -%{_libdir}/%{name}/libsss_krb5* -%{_libdir}/%{name}/libsss_ldap* -%{_libdir}/%{name}/libsss_proxy* -%{_libdir}/%{name}/libsss_simple* -%{_libdir}/ldb/memberof.so -%{_libdir}/krb5/plugins/libkrb5/* -%dir %{sssdstatedir} -%attr(700,root,root) %dir %{dbpath} -%attr(755,root,root) %dir %{pipepath} -%attr(700,root,root) %dir %{pipepath}/private -%attr(755,root,root) %dir %{pubconfpath} -%attr(750,root,root) %dir %{_var}/log/%{name} -%dir %{_sysconfdir}/sssd -%config(noreplace) %{_sysconfdir}/sssd/sssd.conf -/%{_lib}/libnss_sss.so.2 -/%{_lib}/security/pam_sss.so +%_bindir/sss_ssh_* +%_sbindir/sssd +%_sbindir/rcsssd +%dir %_libdir/%name +%dir %_libexecdir/%name +%dir %_mandir/cs +%dir %_mandir/cs/man8 +%dir %_mandir/nl +%dir %_mandir/nl/man8 +%dir %_mandir/pt +%dir %_mandir/pt/man8 +%dir %_mandir/uk +%dir %_mandir/uk/man1 +%dir %_mandir/uk/man5 +%dir %_mandir/uk/man8 +%_mandir/??/man?/* +%_mandir/man1/sss_ssh_* +%_mandir/man1/sss_ssh_* +%_mandir/man5/sssd-ad.5* +%_mandir/man5/sssd-krb5.5* +%_mandir/man5/sssd-ldap.5* +%_mandir/man5/sssd-simple.5* +%_mandir/man5/sssd-sudo.5* +%_mandir/man8/sssd.8* +%_mandir/man5/sssd.conf.5.gz +%_libexecdir/%name/sss* +%_libexecdir/%name/*_child +%_libdir/%name/libsss_ad.so +%_libdir/%name/libsss_krb5* +%_libdir/%name/libsss_ldap* +%_libdir/%name/libsss_proxy* +%_libdir/%name/libsss_simple* +%_libdir/%name/modules +%_libdir/ldb/memberof.so +%dir %sssdstatedir +%attr(700,root,root) %dir %dbpath +%attr(755,root,root) %dir %pipepath +%attr(700,root,root) %dir %pipepath/private +%attr(755,root,root) %dir %pubconfpath +%attr(750,root,root) %dir %_localstatedir/log/%name +%dir %_sysconfdir/sssd +%config(noreplace) %_sysconfdir/sssd/sssd.conf %_datadir/sssd %exclude %_datadir/sssd/sssd.api.d/sssd-ipa.conf +%files client +%defattr(-,root,root) +/%_lib/libnss_sss.so.2 +/%_lib/security/pam_sss.so +%_libdir/krb5/plugins/libkrb5/* +%_mandir/man8/pam_sss.8.gz +%_mandir/man8/sssd_krb5_locator_plugin.8.gz + %files tools -%defattr(-,root,root,-) -%{_sbindir}/sss_cache -%{_sbindir}/sss_debuglevel -%{_sbindir}/sss_useradd -%{_sbindir}/sss_userdel -%{_sbindir}/sss_usermod -%{_sbindir}/sss_groupadd -%{_sbindir}/sss_groupdel -%{_sbindir}/sss_groupmod -%{_sbindir}/sss_groupshow -%{_mandir}/man8/sss_groupadd.8* -%{_mandir}/man8/sss_groupdel.8* -%{_mandir}/man8/sss_groupmod.8* -%{_mandir}/man8/sss_groupshow.8* -%{_mandir}/man8/sss_useradd.8* -%{_mandir}/man8/sss_userdel.8* -%{_mandir}/man8/sss_usermod.8* -%{_mandir}/man8/sss_obfuscate.8* -%{_mandir}/man8/sss_cache.8* -%{_mandir}/man8/sss_debuglevel.8* -%attr(0755,root,root) %{_sbindir}/sss_obfuscate +%defattr(-,root,root) +%_sbindir/sss_cache +%_sbindir/sss_debuglevel +%_sbindir/sss_groupadd +%_sbindir/sss_groupdel +%_sbindir/sss_groupmod +%_sbindir/sss_groupshow +%_sbindir/sss_seed +%_sbindir/sss_useradd +%_sbindir/sss_userdel +%_sbindir/sss_usermod +%_mandir/man8/sss_groupadd.8* +%_mandir/man8/sss_groupdel.8* +%_mandir/man8/sss_groupmod.8* +%_mandir/man8/sss_groupshow.8* +%_mandir/man8/sss_seed.8* +%_mandir/man8/sss_useradd.8* +%_mandir/man8/sss_userdel.8* +%_mandir/man8/sss_usermod.8* +%_mandir/man8/sss_obfuscate.8* +%_mandir/man8/sss_cache.8* +%_mandir/man8/sss_debuglevel.8* +%attr(0755,root,root) %_sbindir/sss_obfuscate %files ipa-provider -%defattr(-,root,root,-) +%defattr(-,root,root) %dir %_datadir/sssd %dir %_datadir/sssd/sssd.api.d %_datadir/sssd/sssd.api.d/sssd-ipa.conf -%{_libdir}/sssd/libsss_ipa* -%{_mandir}/man5/sssd-ipa.* +%_libdir/sssd/libsss_ipa* +%_mandir/man5/sssd-ipa.* %files -n libipa_hbac0 %defattr(-,root,root) @@ -380,6 +415,15 @@ rm -rf \ %_libdir/libsss_idmap.so %_libdir/pkgconfig/sss_idmap.pc +%files -n libsss_sudo1 +%defattr(-,root,root) +%_libdir/libsss_sudo.so.1* + +%files -n libsss_sudo-devel +%defattr(-,root,root) +%_includedir/sss_sudo.h +%_libdir/libsss_sudo.so + %files -n python-ipa_hbac %defattr(-,root,root) %python_sitearch/pyhbac.so @@ -387,6 +431,7 @@ rm -rf \ %files -n python-sssd-config %defattr(-,root,root) %python_sitearch/pysss.so +%python_sitearch/pysss_murmur.so %python_sitelib/SSSDConfig* %changelog From 0e60c7e306e065874e557215f783e8600cc8a98926b6c8270e9980c8c65dbb71 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 15 Nov 2012 02:39:30 +0000 Subject: [PATCH 2/7] Stomp -client again; there seems to be hardly a point in having the NSS plugin without having an sssd OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=77 --- baselibs.conf | 2 +- sssd.changes | 2 -- sssd.spec | 17 +++-------------- 3 files changed, 4 insertions(+), 17 deletions(-) diff --git a/baselibs.conf b/baselibs.conf index 22e0a35..5149f91 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,4 @@ -sssd +sssd-client supplements "packageand(sssd:pam-)" supplements "packageand(sssd:glibc-)" -/usr/lib(64)?/* diff --git a/sssd.changes b/sssd.changes index 09ddde0..f4640d8 100644 --- a/sssd.changes +++ b/sssd.changes @@ -15,8 +15,6 @@ Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de caused use-after-free access bugs * The krb5_child and ldap_child processes can print libkrb5 tracing information in the debug logs -- Split sssd into sssd and sssd-client. Since sssd requires the - client, no extra action is needed for upgrade. ------------------------------------------------------------------- Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index c74e671..b79b40f 100644 --- a/sssd.spec +++ b/sssd.spec @@ -108,15 +108,6 @@ the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. -%package client -Summary: SSSD client libraries for NSS and PAM -License: LGPL-3.0+ -Group: Applications/System - -%description client -Provides the libraries needed by the PAM and NSS stacks to connect to -the SSSD service. - %package ipa-provider Summary: FreeIPA provider plugin for sssd License: GPL-3.0+ and LGPL-3.0+ @@ -293,8 +284,6 @@ rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %service_del_postun sssd.service %endif -%post client -p /sbin/ldconfig -%postun client -p /sbin/ldconfig %post -n libipa_hbac0 -p /sbin/ldconfig %postun -n libipa_hbac0 -p /sbin/ldconfig %post -n libsss_idmap0 -p /sbin/ldconfig @@ -353,9 +342,9 @@ rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %config(noreplace) %_sysconfdir/sssd/sssd.conf %_datadir/sssd %exclude %_datadir/sssd/sssd.api.d/sssd-ipa.conf - -%files client -%defattr(-,root,root) +# +# client side +# /%_lib/libnss_sss.so.2 /%_lib/security/pam_sss.so %_libdir/krb5/plugins/libkrb5/* From ce396e6add2051fdbac3eb0a43a8b33abdbb22ea637e468f7cb53cbe40030649 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 6 Dec 2012 09:16:16 +0000 Subject: [PATCH 3/7] sssd-1.9.3 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=78 --- sssd-1.9.2.tar.xz | 3 -- sssd-1.9.3.tar.xz | 3 ++ sssd-ldflags.diff | 89 +++++++++++++++++++++++++++++++++++------------ sssd.changes | 16 +++++++++ sssd.spec | 27 +++++--------- 5 files changed, 93 insertions(+), 45 deletions(-) delete mode 100644 sssd-1.9.2.tar.xz create mode 100644 sssd-1.9.3.tar.xz diff --git a/sssd-1.9.2.tar.xz b/sssd-1.9.2.tar.xz deleted file mode 100644 index 8cbde6f..0000000 --- a/sssd-1.9.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f1a597b8e26b083968199aff93c7768ca9aed6ded67cb394734377beb4b085fe -size 1224284 diff --git a/sssd-1.9.3.tar.xz b/sssd-1.9.3.tar.xz new file mode 100644 index 0000000..facfca1 --- /dev/null +++ b/sssd-1.9.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:123aa0bd6c2c7276f04f3c4dd7681f0d08cd0c186fd61288bb454c7e2840d4ad +size 1252232 diff --git a/sssd-ldflags.diff b/sssd-ldflags.diff index 1ba81f7..da7a141 100644 --- a/sssd-ldflags.diff +++ b/sssd-ldflags.diff @@ -13,40 +13,84 @@ The patch fixes the location of library names, and also adds them to two program which need them. --- - Makefile.am | 23 +++++++++++++++-------- - 1 file changed, 15 insertions(+), 8 deletions(-) + Makefile.am | 36 +++++++++++++++++++++--------------- + 1 file changed, 21 insertions(+), 15 deletions(-) -Index: sssd-1.9.2/Makefile.am +Index: sssd-1.9.3/Makefile.am =================================================================== ---- sssd-1.9.2.orig/Makefile.am -+++ sssd-1.9.2/Makefile.am -@@ -746,8 +746,8 @@ sss_sudo_cli_SOURCES = \ - src/sss_client/common.c \ +--- sssd-1.9.3.orig/Makefile.am ++++ sssd-1.9.3/Makefile.am +@@ -531,7 +531,8 @@ libipa_hbac_la_SOURCES = \ + src/providers/ipa/hbac_evaluator.c \ + src/util/sss_utf8.c + libipa_hbac_la_LDFLAGS = \ +- -version-info 0:1:0 \ ++ -version-info 0:1:0 ++libipa_hbac_la_LIBADD = \ + $(UNICODE_LIBS) + + dist_pkgconfig_DATA += src/lib/idmap/sss_idmap.pc +@@ -645,11 +646,11 @@ sssd_be_LDADD = \ + -ldl \ + $(SSSD_LIBS) \ + $(CARES_LIBS) \ ++ $(PAM_LIBS) \ + libsss_util.la + sssd_be_LDFLAGS = \ + -Wl,--version-script,$(srcdir)/src/providers/sssd_be.exports \ +- -export-dynamic \ +- $(PAM_LIBS) ++ -export-dynamic + + if BUILD_PYTHON_BINDINGS + sss_obfuscate_pythondir = $(sbindir) +@@ -750,7 +751,7 @@ sss_sudo_cli_SOURCES = \ + src/sss_client/sudo/sss_sudo_response.c \ src/sss_client/sudo_testcli/sudo_testcli.c sss_sudo_cli_CFLAGS = $(AM_CFLAGS) -sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS) - sss_sudo_cli_LDADD = \ -+ $(CLIENT_LIBS) \ - libsss_sudo.la ++sss_sudo_cli_LDADD = $(CLIENT_LIBS) endif -@@ -758,6 +758,7 @@ sss_ssh_authorizedkeys_SOURCES = \ + if BUILD_SSH +@@ -760,8 +761,8 @@ sss_ssh_authorizedkeys_SOURCES = \ src/sss_client/ssh/sss_ssh_authorizedkeys.c sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS) sss_ssh_authorizedkeys_LDADD = \ + $(CLIENT_LIBS) \ libsss_util.la +-sss_ssh_authorizedkeys_LDFLAGS = $(CLIENT_LIBS) sss_ssh_knownhostsproxy_SOURCES = \ -@@ -766,6 +767,7 @@ sss_ssh_knownhostsproxy_SOURCES = \ + src/sss_client/common.c \ +@@ -769,8 +770,8 @@ sss_ssh_knownhostsproxy_SOURCES = \ src/sss_client/ssh/sss_ssh_knownhostsproxy.c sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS) sss_ssh_knownhostsproxy_LDADD = \ + $(CLIENT_LIBS) \ libsss_util.la +-sss_ssh_knownhostsproxy_LDFLAGS = $(CLIENT_LIBS) endif -@@ -1152,10 +1154,11 @@ libnss_sss_la_SOURCES = \ + ################# +@@ -1127,14 +1128,14 @@ noinst_PROGRAMS += autofs_test_client + endif + + pam_test_client_SOURCES = src/sss_client/pam_test_client.c +-pam_test_client_LDFLAGS = -lpam -lpam_misc ++pam_test_client_LDADD = -lpam -lpam_misc + + if BUILD_AUTOFS + autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \ + src/sss_client/autofs/sss_autofs.c \ + src/sss_client/common.c + autofs_test_client_CFLAGS = $(AM_CFLAGS) +-autofs_test_client_LDFLAGS = -lpopt $(CLIENT_LIBS) ++autofs_test_client_LDADD = -lpopt $(CLIENT_LIBS) + endif + + #################### +@@ -1156,10 +1157,11 @@ libnss_sss_la_SOURCES = \ src/sss_client/nss_mc_group.c \ src/sss_client/nss_mc.h libnss_sss_la_LDFLAGS = \ @@ -59,7 +103,7 @@ Index: sssd-1.9.2/Makefile.am pamlib_LTLIBRARIES = pam_sss.la pam_sss_la_SOURCES = \ -@@ -1166,11 +1169,12 @@ pam_sss_la_SOURCES = \ +@@ -1170,11 +1172,12 @@ pam_sss_la_SOURCES = \ src/sss_client/sss_pam_macros.h pam_sss_la_LDFLAGS = \ @@ -74,19 +118,18 @@ Index: sssd-1.9.2/Makefile.am if BUILD_SUDO -@@ -1182,9 +1186,10 @@ libsss_sudo_la_SOURCES = \ +@@ -1185,8 +1188,9 @@ libsss_sudo_la_SOURCES = \ + src/sss_client/sudo/sss_sudo.c \ src/sss_client/sudo/sss_sudo.h \ src/sss_client/sudo/sss_sudo_private.h ++libsss_sudo_la_LIBADD = \ ++ $(CLIENT_LIBS) libsss_sudo_la_LDFLAGS = \ - $(CLIENT_LIBS) \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \ - -version-info 2:0:1 -+libsss_sudo_la_LIBADD = \ -+ $(CLIENT_LIBS) - - sudolib_LTLIBRARIES = libsss_sudo.la - -@@ -1201,10 +1206,11 @@ libsss_autofs_la_SOURCES = \ + -module \ + -avoid-version +@@ -1206,10 +1210,11 @@ libsss_autofs_la_SOURCES = \ src/sss_client/autofs/sss_autofs_private.h libsss_autofs_la_LDFLAGS = \ @@ -99,7 +142,7 @@ Index: sssd-1.9.2/Makefile.am endif dist_noinst_DATA += \ -@@ -1521,10 +1527,11 @@ sssd_pac_plugin_la_CFLAGS = \ +@@ -1528,10 +1533,11 @@ sssd_pac_plugin_la_CFLAGS = \ $(AM_CFLAGS) \ $(KRB5_CFLAGS) sssd_pac_plugin_la_LDFLAGS = \ diff --git a/sssd.changes b/sssd.changes index f4640d8..98a367c 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Thu Dec 6 09:05:29 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 1.9.3 +* Many fixes related to deployments where the SSSD is running as + a client of IPA server with trust relation established with an + Active Directory server +* Multiple fixes related to correct reporting of group + memberships, especially in setups that use nested groups +* Fixed a bug that prevented upgrade from the 1.8 series if the + cache contained nested groups before the upgrade +* Restarting the responders is more robust for cases where the + machine is under heavy load during back end restart +* The default_shell option can now be also set per-domain in + addition to global setting. + ------------------------------------------------------------------- Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index b79b40f..94dc420 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.9.2 +Version: 1.9.3 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -164,21 +164,16 @@ Requires: libsss_idmap0 = %version %description -n libsss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. -%package -n libsss_sudo1 +%package -n libsss_sudo Summary: A library to allow communication between sudo and SSSD License: LGPL-3.0+ Group: System/Libraries +Provides: libsss_sudo-devel = %version-%release +Obsoletes: libsss_sudo-devel < %version-%release +# No provides: true obsolete. +Obsoletes: libsss_sudo1 -%description -n libsss_sudo1 -A utility library to allow communication between sudo and SSSD. - -%package -n libsss_sudo-devel -Summary: Development files for the sss_sudo library -License: LGPL-3.0+ -Group: Development/Libraries/C and C++ -Requires: libsss_sudo1 = %version - -%description -n libsss_sudo-devel +%description -n libsss_sudo A utility library to allow communication between sudo and SSSD. %package -n python-ipa_hbac @@ -288,8 +283,6 @@ rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %postun -n libipa_hbac0 -p /sbin/ldconfig %post -n libsss_idmap0 -p /sbin/ldconfig %postun -n libsss_idmap0 -p /sbin/ldconfig -%post -n libsss_sudo1 -p /sbin/ldconfig -%postun -n libsss_sudo1 -p /sbin/ldconfig %files -f sssd.lang %defattr(-,root,root) @@ -404,11 +397,7 @@ rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %_libdir/libsss_idmap.so %_libdir/pkgconfig/sss_idmap.pc -%files -n libsss_sudo1 -%defattr(-,root,root) -%_libdir/libsss_sudo.so.1* - -%files -n libsss_sudo-devel +%files -n libsss_sudo %defattr(-,root,root) %_includedir/sss_sudo.h %_libdir/libsss_sudo.so From ae139341b65759a16129ba81192778bb2e335b01c062bd9f192b80c93b8416c9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 6 Dec 2012 12:32:20 +0000 Subject: [PATCH 4/7] Accepting request 144398 from home:rhafer:branches:network:ldap switch back to openssl for cypto stuff, cleanup PAM config after uninstall OBS-URL: https://build.opensuse.org/request/show/144398 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=79 --- sssd.changes | 7 +++++++ sssd.spec | 10 +++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/sssd.changes b/sssd.changes index 98a367c..9bb71a1 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Dec 6 10:38:59 UTC 2012 - rhafer@suse.com + +- Switch back to using libcrypto instead of mozilla-nss as it seems + to be supported upstream again +- cleanup PAM configuration after uninstalling sssd (bnc#788328) + ------------------------------------------------------------------- Thu Dec 6 09:05:29 UTC 2012 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index 94dc420..8dddbcc 100644 --- a/sssd.spec +++ b/sssd.spec @@ -23,6 +23,7 @@ Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ Group: System/Daemons Url: https://fedorahosted.org/sssd/ +Requires(postun): pam-config #Git-Clone: git://git.fedorahosted.org/sssd Source: %name-%version.tar.xz @@ -60,7 +61,7 @@ BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libnl-1) >= 1.1 BuildRequires: pkgconfig(libpcre) >= 7 -BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) @@ -75,10 +76,10 @@ BuildRequires: libdhash-devel >= 0.4.2 BuildRequires: libini_config-devel >= 0.6.1 BuildRequires: libldb-devel >= 0.9.2 BuildRequires: libnl-devel >= 1.1 +BuildRequires: libopenssl-devel BuildRequires: libtalloc-devel BuildRequires: libtdb-devel >= 1.1.3 BuildRequires: libtevent-devel -BuildRequires: mozilla-nss-devel BuildRequires: pcre-devel >= 7 BuildRequires: popt-devel BuildRequires: python-devel @@ -215,6 +216,7 @@ export PATH="$PATH:/usr/sbin" autoreconf -fi; %configure \ + --with-crypto=libcrypto \ --with-db-path="%dbpath" \ --with-pipe-path="%pipepath" \ --with-pubconf-path="%pubconfpath" \ @@ -278,6 +280,9 @@ rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %if 0%{?_unitdir:1} %service_del_postun sssd.service %endif +if [ "$1" == "0" ]; then + %{_sbindir}/pam-config -d --sss || true +fi %post -n libipa_hbac0 -p /sbin/ldconfig %postun -n libipa_hbac0 -p /sbin/ldconfig @@ -308,7 +313,6 @@ rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %dir %_mandir/uk/man8 %_mandir/??/man?/* %_mandir/man1/sss_ssh_* -%_mandir/man1/sss_ssh_* %_mandir/man5/sssd-ad.5* %_mandir/man5/sssd-krb5.5* %_mandir/man5/sssd-ldap.5* From 713327f0e489383bb3a2eaa7273935939d6006e223252dd2af028f34237e0ad6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 6 Dec 2012 12:35:38 +0000 Subject: [PATCH 5/7] Add reference URL OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=80 --- sssd.changes | 5 +++-- sssd.spec | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/sssd.changes b/sssd.changes index 9bb71a1..610b0e3 100644 --- a/sssd.changes +++ b/sssd.changes @@ -2,8 +2,9 @@ Thu Dec 6 10:38:59 UTC 2012 - rhafer@suse.com - Switch back to using libcrypto instead of mozilla-nss as it seems - to be supported upstream again -- cleanup PAM configuration after uninstalling sssd (bnc#788328) + to be supported upstream again, cf. + https://lists.fedorahosted.org/pipermail/sssd-devel/2012-June/010202.html +- Cleanup PAM configuration after uninstalling sssd (bnc#788328) ------------------------------------------------------------------- Thu Dec 6 09:05:29 UTC 2012 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index 8dddbcc..d14e07b 100644 --- a/sssd.spec +++ b/sssd.spec @@ -281,8 +281,8 @@ rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %service_del_postun sssd.service %endif if [ "$1" == "0" ]; then - %{_sbindir}/pam-config -d --sss || true -fi + "%_sbindir/pam-config" -d --sss || :; +fi; %post -n libipa_hbac0 -p /sbin/ldconfig %postun -n libipa_hbac0 -p /sbin/ldconfig From 9152279ec8f8588fb3a99aa2f3d7702186dfd63f9de790d431fc3586ada30b0f Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Mon, 10 Dec 2012 09:57:21 +0000 Subject: [PATCH 6/7] - Removed left-over "Requires" for no longer existing sssd-client subpackage. OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=81 --- sssd.changes | 6 ++++++ sssd.spec | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/sssd.changes b/sssd.changes index 610b0e3..6009d7d 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Dec 10 09:55:35 UTC 2012 - rhafer@suse.com + +- Removed left-over "Requires" for no longer existing sssd-client + subpackage. + ------------------------------------------------------------------- Thu Dec 6 10:38:59 UTC 2012 - rhafer@suse.com diff --git a/sssd.spec b/sssd.spec index d14e07b..41b19e8 100644 --- a/sssd.spec +++ b/sssd.spec @@ -100,7 +100,6 @@ BuildRequires: systemd %{?systemd_requires} %endif BuildRequires: xz -Requires: %name-client = %version %description Provides a set of daemons to manage access to remote directories and From 7d9aa8419e17b1fac6822a7dc70ae80cefb0329dc1ded192ef6bb715a3669277 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 12 Dec 2012 12:00:43 +0000 Subject: [PATCH 7/7] Updated change log a make Factory reviewer happy OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=82 --- sssd.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sssd.changes b/sssd.changes index 6009d7d..184d8f6 100644 --- a/sssd.changes +++ b/sssd.changes @@ -3,6 +3,8 @@ Mon Dec 10 09:55:35 UTC 2012 - rhafer@suse.com - Removed left-over "Requires" for no longer existing sssd-client subpackage. +- New patch: sssd-ldflags.diff to fix link failures due to erroneous + LDFLAGS usage ------------------------------------------------------------------- Thu Dec 6 10:38:59 UTC 2012 - rhafer@suse.com