2010-03-08 18:24:35 +01:00
|
|
|
#
|
2011-01-18 12:05:50 +01:00
|
|
|
# spec file for package sssd
|
2010-03-08 18:24:35 +01:00
|
|
|
#
|
2024-01-12 15:08:36 +01:00
|
|
|
# Copyright (c) 2024 SUSE LLC
|
2010-03-08 18:24:35 +01:00
|
|
|
#
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2019-02-21 14:28:33 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2010-03-08 18:24:35 +01:00
|
|
|
#
|
2012-04-10 19:58:50 +02:00
|
|
|
|
2012-04-12 23:15:53 +02:00
|
|
|
|
2010-03-08 18:24:35 +01:00
|
|
|
Name: sssd
|
2024-10-15 15:33:24 +02:00
|
|
|
Version: 2.10.0
|
2012-04-18 15:53:28 +02:00
|
|
|
Release: 0
|
2010-03-08 18:24:35 +01:00
|
|
|
Summary: System Security Services Daemon
|
2022-12-21 20:31:49 +01:00
|
|
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
2012-03-15 13:56:41 +01:00
|
|
|
Group: System/Daemons
|
2022-04-15 01:20:29 +02:00
|
|
|
URL: https://github.com/SSSD/sssd
|
|
|
|
#Git-Clone: https://github.com/SSSD/sssd
|
2021-02-19 19:09:29 +01:00
|
|
|
Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz
|
|
|
|
Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
|
2012-05-12 01:41:20 +02:00
|
|
|
Source3: baselibs.conf
|
2017-10-25 14:00:49 +02:00
|
|
|
Source5: %name.keyring
|
2024-11-05 20:41:43 +01:00
|
|
|
Patch3: 0001-sssd-always-print-path-when-config-object-is-rejecte.patch
|
|
|
|
Patch4: 0001-INI-stop-using-libini_config-for-access-check.patch
|
|
|
|
Patch5: 0001-INI-relax-config-files-checks.patch
|
2024-11-05 19:07:28 +01:00
|
|
|
Patch6: 0001-Configuration-make-sure-etc-sssd-and-everything.patch
|
|
|
|
Patch11: krb-noversion.diff
|
|
|
|
Patch12: harden_sssd-ifp.service.patch
|
|
|
|
Patch13: harden_sssd-kcm.service.patch
|
|
|
|
Patch14: symvers.patch
|
2012-11-15 03:31:26 +01:00
|
|
|
BuildRequires: autoconf >= 2.59
|
|
|
|
BuildRequires: automake
|
2012-06-27 14:37:11 +02:00
|
|
|
BuildRequires: bind-utils
|
2020-05-19 13:46:11 +02:00
|
|
|
BuildRequires: check-devel
|
2014-08-10 16:40:01 +02:00
|
|
|
BuildRequires: cifs-utils-devel
|
2013-06-16 18:15:48 +02:00
|
|
|
BuildRequires: cyrus-sasl-devel
|
2012-06-27 14:37:11 +02:00
|
|
|
BuildRequires: docbook-xsl-stylesheets
|
2014-10-10 11:06:01 +02:00
|
|
|
BuildRequires: krb5-devel >= 1.12
|
2020-05-19 13:46:11 +02:00
|
|
|
BuildRequires: libcmocka-devel
|
2023-11-20 11:17:08 +01:00
|
|
|
%if 0%{?suse_version} >= 1600
|
2022-12-21 20:31:49 +01:00
|
|
|
BuildRequires: libsubid-devel
|
2023-11-20 11:17:08 +01:00
|
|
|
%endif
|
2012-11-15 03:31:26 +01:00
|
|
|
BuildRequires: libtool
|
2021-10-16 13:09:53 +02:00
|
|
|
BuildRequires: libunistring-devel
|
2014-10-09 19:56:31 +02:00
|
|
|
BuildRequires: libxml2-tools
|
|
|
|
BuildRequires: libxslt-tools
|
|
|
|
BuildRequires: nscd
|
2020-05-19 13:46:11 +02:00
|
|
|
BuildRequires: nss_wrapper
|
2014-10-09 19:56:31 +02:00
|
|
|
BuildRequires: openldap2-devel
|
|
|
|
BuildRequires: pam-devel
|
2015-08-20 10:53:21 +02:00
|
|
|
BuildRequires: pkg-config >= 0.21
|
2024-10-16 17:05:53 +02:00
|
|
|
BuildRequires: python3-wheel
|
|
|
|
BuildRequires: python3-setuptools
|
2014-10-09 19:56:31 +02:00
|
|
|
BuildRequires: systemd-rpm-macros
|
2024-10-16 17:05:53 +02:00
|
|
|
BuildRequires: sysuser-tools
|
2016-02-11 08:15:11 +01:00
|
|
|
BuildRequires: uid_wrapper
|
2014-08-10 16:40:01 +02:00
|
|
|
BuildRequires: pkgconfig(augeas) >= 1.0.0
|
2012-03-15 13:56:41 +01:00
|
|
|
BuildRequires: pkgconfig(collection) >= 0.5.1
|
2012-06-27 14:37:11 +02:00
|
|
|
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
|
2012-03-15 13:56:41 +01:00
|
|
|
BuildRequires: pkgconfig(dhash) >= 0.4.2
|
2012-06-27 14:37:11 +02:00
|
|
|
BuildRequires: pkgconfig(glib-2.0)
|
2024-10-15 15:33:24 +02:00
|
|
|
BuildRequires: pkgconfig(ini_config) >= 1.3
|
2020-08-10 14:55:49 +02:00
|
|
|
BuildRequires: pkgconfig(jansson)
|
2024-08-30 11:37:19 +02:00
|
|
|
BuildRequires: pkgconfig(ldb) >= 1.2.0
|
2024-10-15 15:33:24 +02:00
|
|
|
BuildRequires: pkgconfig(libcap)
|
2012-03-15 13:56:41 +01:00
|
|
|
BuildRequires: pkgconfig(libcares)
|
2024-10-15 15:33:24 +02:00
|
|
|
BuildRequires: pkgconfig(libcrypto) >= 1.0.1
|
2023-11-21 19:20:32 +01:00
|
|
|
%if 0%{?suse_version} >= 1600
|
2022-04-15 01:20:29 +02:00
|
|
|
BuildRequires: pkgconfig(libcurl)
|
2023-11-21 19:20:32 +01:00
|
|
|
%endif
|
2024-08-30 11:37:19 +02:00
|
|
|
BuildRequires: pkgconfig(libcap)
|
2014-10-09 19:56:31 +02:00
|
|
|
BuildRequires: pkgconfig(libnfsidmap)
|
2014-05-27 19:40:18 +02:00
|
|
|
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
|
|
|
|
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
|
2021-08-06 23:07:18 +02:00
|
|
|
BuildRequires: pkgconfig(libpcre2-8)
|
2023-11-21 19:20:32 +01:00
|
|
|
%if 0%{?suse_version} >= 1600
|
2022-12-21 20:31:49 +01:00
|
|
|
BuildRequires: pkgconfig(libsemanage)
|
2023-11-21 19:20:32 +01:00
|
|
|
%endif
|
2016-12-12 14:46:31 +01:00
|
|
|
BuildRequires: pkgconfig(libsystemd)
|
2020-08-10 14:55:49 +02:00
|
|
|
BuildRequires: pkgconfig(ndr_krb5pac)
|
2013-09-14 18:34:44 +02:00
|
|
|
BuildRequires: pkgconfig(ndr_nbt)
|
2020-08-10 14:55:49 +02:00
|
|
|
BuildRequires: pkgconfig(p11-kit-1) >= 0.23.3
|
2012-03-15 13:56:41 +01:00
|
|
|
BuildRequires: pkgconfig(popt)
|
2017-12-01 15:37:44 +01:00
|
|
|
BuildRequires: pkgconfig(python3)
|
2022-01-12 00:42:34 +01:00
|
|
|
BuildRequires: pkgconfig(smbclient)
|
2012-03-15 13:56:41 +01:00
|
|
|
BuildRequires: pkgconfig(talloc)
|
|
|
|
BuildRequires: pkgconfig(tdb) >= 1.1.3
|
|
|
|
BuildRequires: pkgconfig(tevent)
|
2020-08-10 14:55:49 +02:00
|
|
|
BuildRequires: pkgconfig(uuid)
|
2024-09-25 21:38:18 +02:00
|
|
|
%if 0%{?suse_version} && 0%{?suse_version} < 1600
|
|
|
|
# samba-client-devel pulls samba-client-libs pulls libldap-2_4-2 wants libldap-data(-2.4);
|
|
|
|
# this conflicts with
|
|
|
|
# openldap2-devel pulls libldap2 wants libldap-data(-2.6)
|
|
|
|
# Package contains just config files, not needed for build.
|
|
|
|
#!BuildIgnore: libldap-data
|
|
|
|
%endif
|
2024-10-16 17:05:53 +02:00
|
|
|
%sysusers_requires
|
2019-04-23 11:04:50 +02:00
|
|
|
%{?systemd_ordering}
|
2024-08-30 11:37:19 +02:00
|
|
|
Requires(post): permissions
|
|
|
|
Requires(verify): permissions
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: sssd-ldap = %version-%release
|
2024-05-16 14:13:29 +02:00
|
|
|
Requires(postun): pam-config
|
2017-10-25 14:00:49 +02:00
|
|
|
Provides: libsss_sudo = %version-%release
|
|
|
|
Provides: sssd-client = %version-%release
|
|
|
|
Obsoletes: libsss_sudo < %version-%release
|
2023-11-21 19:20:32 +01:00
|
|
|
Provides: sssd-common = %version-%release
|
|
|
|
Obsoletes: sssd-common < %version-%release
|
2010-03-08 18:24:35 +01:00
|
|
|
|
2024-08-30 11:37:19 +02:00
|
|
|
%global sssd_user sssd
|
2021-10-16 13:07:49 +02:00
|
|
|
%define servicename sssd
|
|
|
|
%define sssdstatedir %_localstatedir/lib/sss
|
|
|
|
%define dbpath %sssdstatedir/db
|
|
|
|
%define pipepath %sssdstatedir/pipes
|
|
|
|
%define pubconfpath %sssdstatedir/pubconf
|
|
|
|
%define gpocachepath %sssdstatedir/gpo_cache
|
2024-08-30 11:37:19 +02:00
|
|
|
%define keytabdir %sssdstatedir/keytabs
|
|
|
|
%define mcpath %sssdstatedir/mc
|
2022-01-17 18:29:28 +01:00
|
|
|
%define ldbdir %(pkg-config ldb --variable=modulesdir)
|
2024-08-30 11:37:19 +02:00
|
|
|
%define child_capabilities cap_chown,cap_dac_override,cap_setuid,cap_setgid=ep
|
2021-10-16 13:07:49 +02:00
|
|
|
|
|
|
|
# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
|
2024-09-25 21:38:18 +02:00
|
|
|
# %%_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins
|
2021-10-16 13:07:49 +02:00
|
|
|
# * cifs-utils one is the default (priority 20)
|
|
|
|
# * installing SSSD should NOT switch to SSSD plugin (priority 10)
|
|
|
|
%define cifs_idmap_plugin %_sysconfdir/cifs-utils/idmap-plugin
|
|
|
|
%define cifs_idmap_lib %_libdir/cifs-utils/cifs_idmap_sss.so
|
|
|
|
%define cifs_idmap_name cifs-idmap-plugin
|
|
|
|
%define cifs_idmap_priority 10
|
2024-05-16 14:13:29 +02:00
|
|
|
Requires(post): update-alternatives
|
|
|
|
Requires(postun): update-alternatives
|
2021-10-16 13:07:49 +02:00
|
|
|
|
2010-03-08 18:24:35 +01:00
|
|
|
%description
|
2024-10-16 17:05:53 +02:00
|
|
|
A set of daemons to manage access to remote directories and
|
|
|
|
authentication mechanisms. sssd provides an NSS and PAM interfaces
|
|
|
|
toward the system and a pluggable backend system to connect to
|
|
|
|
multiple different account sources. It is also the basis to provide
|
|
|
|
client auditing and policy services for projects like FreeIPA.
|
2010-03-08 18:24:35 +01:00
|
|
|
|
2013-11-02 01:05:06 +01:00
|
|
|
%package ad
|
|
|
|
Summary: The ActiveDirectory backend plugin for sssd
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2010-03-08 18:24:35 +01:00
|
|
|
Group: System/Daemons
|
2023-10-31 17:22:04 +01:00
|
|
|
Requires: %name-krb5-common = %version-%release
|
2018-10-01 16:44:53 +02:00
|
|
|
Requires: adcli
|
2013-11-02 01:05:06 +01:00
|
|
|
|
|
|
|
%description ad
|
2024-10-16 17:05:53 +02:00
|
|
|
A back-end provider that the SSSD can utilize to fetch identity data
|
|
|
|
from, and authenticate with, an Active Directory server.
|
2013-11-02 01:05:06 +01:00
|
|
|
|
2014-08-10 16:40:01 +02:00
|
|
|
%package dbus
|
|
|
|
Summary: The D-Bus responder of sssd
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2014-08-10 16:40:01 +02:00
|
|
|
Group: System/Base
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: %name = %version
|
2014-08-10 16:40:01 +02:00
|
|
|
|
|
|
|
%description dbus
|
2024-10-16 17:05:53 +02:00
|
|
|
D-Bus responder of sssd, called InfoPipe, which allows
|
2014-08-10 16:40:01 +02:00
|
|
|
information from sssd to be transmitted over the system bus.
|
|
|
|
|
2013-11-02 01:05:06 +01:00
|
|
|
%package ipa
|
|
|
|
Summary: FreeIPA backend plugin for sssd
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2013-11-02 01:05:06 +01:00
|
|
|
Group: System/Daemons
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: %name = %version
|
2018-04-24 21:16:52 +02:00
|
|
|
Requires: %name-ad = %version-%release
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: %name-krb5-common = %version-%release
|
|
|
|
Obsoletes: %name-ipa-provider < %version-%release
|
|
|
|
Provides: %name-ipa-provider = %version-%release
|
2013-11-02 01:05:06 +01:00
|
|
|
|
|
|
|
%description ipa
|
2024-10-16 17:05:53 +02:00
|
|
|
A back-end provider that the SSSD can utilize to fetch identity data
|
|
|
|
from, and authenticate with, an IPA server.
|
2013-11-02 01:05:06 +01:00
|
|
|
|
2020-08-10 14:55:49 +02:00
|
|
|
%package kcm
|
|
|
|
Summary: SSSD's Kerberos cache manager
|
|
|
|
License: GPL-3.0-or-later
|
|
|
|
Group: System/Daemons
|
|
|
|
Requires: sssd = %version-%release
|
|
|
|
|
|
|
|
%description kcm
|
|
|
|
KCM is a process that stores, tracks and manages Kerberos credential
|
|
|
|
caches.
|
|
|
|
|
2013-11-02 01:05:06 +01:00
|
|
|
%package krb5
|
|
|
|
Summary: The Kerberos authentication backend plugin for sssd
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2013-11-02 01:05:06 +01:00
|
|
|
Group: System/Daemons
|
2023-10-31 17:22:04 +01:00
|
|
|
Requires: %name-krb5-common = %version-%release
|
2013-11-02 01:05:06 +01:00
|
|
|
|
|
|
|
%description krb5
|
2024-10-16 17:05:53 +02:00
|
|
|
A back-end provider that the SSSD can utilize to authenticate against
|
|
|
|
a Kerberos server.
|
2013-11-02 01:05:06 +01:00
|
|
|
|
|
|
|
%package krb5-common
|
|
|
|
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2013-11-02 01:05:06 +01:00
|
|
|
Group: System/Daemons
|
2017-03-16 14:36:38 +01:00
|
|
|
Requires: cyrus-sasl-gssapi
|
2024-08-30 11:37:19 +02:00
|
|
|
Requires(post): permissions
|
|
|
|
Requires(verify): permissions
|
2013-11-02 01:05:06 +01:00
|
|
|
|
|
|
|
%description krb5-common
|
|
|
|
Provides helper processes that the LDAP and Kerberos back ends can
|
|
|
|
use for Kerberos user or host authentication.
|
|
|
|
|
|
|
|
%package ldap
|
|
|
|
Summary: The LDAP backend plugin for sssd
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2013-11-02 01:05:06 +01:00
|
|
|
Group: System/Daemons
|
2023-10-31 17:22:04 +01:00
|
|
|
Requires: %name-krb5-common = %version-%release
|
2010-03-08 18:24:35 +01:00
|
|
|
|
2013-11-02 01:05:06 +01:00
|
|
|
%description ldap
|
2024-10-16 17:05:53 +02:00
|
|
|
A back-end provider that the SSSD can utilize to fetch identity data
|
|
|
|
from, and authenticate with, an LDAP server.
|
2013-11-02 01:05:06 +01:00
|
|
|
|
|
|
|
%package proxy
|
|
|
|
Summary: The proxy backend plugin for sssd
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2013-11-02 01:05:06 +01:00
|
|
|
Group: System/Daemons
|
|
|
|
|
|
|
|
%description proxy
|
2024-10-16 17:05:53 +02:00
|
|
|
A back-end provider which can be used to wrap existing NSS and/or PAM
|
|
|
|
modules to leverage SSSD caching. (This can replace nscd.)
|
2010-03-08 18:24:35 +01:00
|
|
|
|
|
|
|
%package tools
|
|
|
|
Summary: Commandline tools for sssd
|
2022-12-21 20:31:49 +01:00
|
|
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
2010-03-08 18:24:35 +01:00
|
|
|
Group: System/Management
|
2023-10-31 17:22:04 +01:00
|
|
|
Requires: python3-sssd-config = %version-%release
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: sssd = %version
|
2010-03-08 18:24:35 +01:00
|
|
|
|
|
|
|
%description tools
|
2024-10-16 17:05:53 +02:00
|
|
|
The packages contains command-line tools for managing users and groups using
|
2010-03-08 18:24:35 +01:00
|
|
|
the "local" id provider of the System Security Services Daemon (sssd).
|
|
|
|
|
2016-07-08 18:12:31 +02:00
|
|
|
%package winbind-idmap
|
2019-12-17 17:30:17 +01:00
|
|
|
Summary: The sss idmap backend for Winbind
|
2016-07-08 18:12:31 +02:00
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description winbind-idmap
|
|
|
|
The idmap_sss module provides a way for Winbind to call SSSD to map
|
|
|
|
UIDs/GIDs and SIDs.
|
|
|
|
|
2017-10-25 13:56:22 +02:00
|
|
|
%package -n libsss_certmap0
|
|
|
|
Summary: FreeIPA ID mapping library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2017-10-25 13:56:22 +02:00
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libsss_certmap0
|
2024-10-16 17:05:53 +02:00
|
|
|
A utility library for FreeIPA to map certificates.
|
2017-10-25 13:56:22 +02:00
|
|
|
|
|
|
|
%package -n libsss_certmap-devel
|
|
|
|
Summary: Development files for the FreeIPA certmap library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2017-10-25 13:56:22 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: libsss_certmap0 = %version
|
2017-10-25 13:56:22 +02:00
|
|
|
|
|
|
|
%description -n libsss_certmap-devel
|
2024-10-16 17:05:53 +02:00
|
|
|
A utility library for FreeIPA to map certificates.
|
2017-10-25 13:56:22 +02:00
|
|
|
|
2012-03-15 13:56:41 +01:00
|
|
|
%package -n libipa_hbac0
|
|
|
|
Summary: FreeIPA HBAC Evaluator library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2012-03-15 13:56:41 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libipa_hbac0
|
|
|
|
Utility library to validate FreeIPA HBAC rules for authorization
|
|
|
|
requests.
|
|
|
|
|
|
|
|
%package -n libipa_hbac-devel
|
|
|
|
Summary: Development files for the FreeIPA HBAC Evaluator library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2012-03-15 13:56:41 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: libipa_hbac0 = %version
|
2012-03-15 13:56:41 +01:00
|
|
|
|
|
|
|
%description -n libipa_hbac-devel
|
|
|
|
Utility library to validate FreeIPA HBAC rules for authorization
|
|
|
|
requests.
|
|
|
|
|
2014-10-09 19:56:31 +02:00
|
|
|
%package -n libnfsidmap-sss
|
|
|
|
Summary: Library to allow communication between libnfsidmap and SSSD
|
2019-12-17 17:48:36 +01:00
|
|
|
License: GPL-3.0-or-later
|
2014-10-09 19:56:31 +02:00
|
|
|
Group: System/Libraries
|
2022-02-21 18:10:16 +01:00
|
|
|
Supplements: (nfsidmap and sssd-client)
|
2014-10-09 19:56:31 +02:00
|
|
|
|
|
|
|
%description -n libnfsidmap-sss
|
|
|
|
A utility library to allow communication between libnfsidmap and SSSD.
|
|
|
|
|
2012-06-27 14:37:11 +02:00
|
|
|
%package -n libsss_idmap0
|
|
|
|
Summary: FreeIPA ID mapping library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2012-06-27 14:37:11 +02:00
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libsss_idmap0
|
|
|
|
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
|
|
|
|
|
|
%package -n libsss_idmap-devel
|
|
|
|
Summary: Development files for the FreeIPA idmap library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2012-06-27 14:37:11 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: libsss_idmap0 = %version
|
2012-06-27 14:37:11 +02:00
|
|
|
|
|
|
|
%description -n libsss_idmap-devel
|
|
|
|
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
|
|
|
2013-11-01 18:37:29 +01:00
|
|
|
%package -n libsss_nss_idmap0
|
|
|
|
Summary: FreeIPA ID mapping library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2013-11-01 18:37:29 +01:00
|
|
|
Group: System/Libraries
|
|
|
|
|
|
|
|
%description -n libsss_nss_idmap0
|
|
|
|
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
|
|
|
|
|
|
%package -n libsss_nss_idmap-devel
|
|
|
|
Summary: Development files for the FreeIPA idmap library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2013-11-01 18:37:29 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
2017-10-25 14:00:49 +02:00
|
|
|
Requires: libsss_nss_idmap0 = %version
|
2013-11-01 18:37:29 +01:00
|
|
|
|
|
|
|
%description -n libsss_nss_idmap-devel
|
|
|
|
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
|
|
|
|
2023-11-21 19:20:32 +01:00
|
|
|
%package -n libsss_simpleifp0
|
|
|
|
Summary: The SSSD D-Bus responder helper library
|
|
|
|
License: GPL-3.0-or-later
|
|
|
|
Group: System/Libraries
|
2023-11-21 19:24:05 +01:00
|
|
|
# Even though sssd has obsoleted simpleifp, the plan here is to retain ABI
|
|
|
|
# compatibility with the existing SUSE 15.x product line. ...at least, until
|
|
|
|
# sssd completely removes SIFP from source.
|
2023-11-21 19:20:32 +01:00
|
|
|
|
|
|
|
%description -n libsss_simpleifp0
|
|
|
|
This subpackage provides a library that simplifies the D-Bus API for
|
|
|
|
the SSSD InfoPipe responder.
|
|
|
|
|
|
|
|
%package -n libsss_simpleifp-devel
|
|
|
|
Summary: Development files for the SSSD D-Bus responder helper library
|
|
|
|
License: GPL-3.0-or-later
|
|
|
|
Group: Development/Libraries/C and C++
|
|
|
|
Requires: libsss_simpleifp0 = %version
|
|
|
|
|
|
|
|
%description -n libsss_simpleifp-devel
|
|
|
|
This subpackage provides the development files for sssd's simpleifp,
|
|
|
|
a library that simplifies the D-Bus API for the SSSD InfoPipe
|
|
|
|
responder.
|
|
|
|
|
2012-12-06 10:16:16 +01:00
|
|
|
%package -n libsss_sudo
|
2012-11-15 03:31:26 +01:00
|
|
|
Summary: A library to allow communication between sudo and SSSD
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2012-11-15 03:31:26 +01:00
|
|
|
Group: System/Libraries
|
2022-02-21 18:10:16 +01:00
|
|
|
Supplements: (sudo and sssd-client)
|
2012-11-15 03:31:26 +01:00
|
|
|
|
2012-12-06 10:16:16 +01:00
|
|
|
%description -n libsss_sudo
|
2012-11-15 03:31:26 +01:00
|
|
|
A utility library to allow communication between sudo and SSSD.
|
|
|
|
|
2015-08-20 10:53:21 +02:00
|
|
|
%package -n python3-ipa_hbac
|
|
|
|
Summary: Python bindings for the FreeIPA HBAC Evaluator library
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2015-08-20 10:53:21 +02:00
|
|
|
Group: Development/Libraries/Python
|
2018-02-27 10:36:30 +01:00
|
|
|
Requires: python3
|
2015-08-20 10:53:21 +02:00
|
|
|
|
|
|
|
%description -n python3-ipa_hbac
|
|
|
|
The python-ipa_hbac package contains the bindings so that libipa_hbac
|
|
|
|
can be used by Python applications.
|
|
|
|
|
|
|
|
%package -n python3-sss-murmur
|
|
|
|
Summary: Python3 bindings for SSSD Murmur hash function
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2015-08-20 10:53:21 +02:00
|
|
|
Group: Development/Libraries/Python
|
2018-02-27 10:36:30 +01:00
|
|
|
Requires: python3
|
2015-08-20 10:53:21 +02:00
|
|
|
|
|
|
|
%description -n python3-sss-murmur
|
|
|
|
This subpackage provides the python3 module for calculating the
|
|
|
|
Murmur hash version 3.
|
|
|
|
|
|
|
|
%package -n python3-sss_nss_idmap
|
|
|
|
Summary: Python bindings for libsss_nss_idmap
|
2019-12-17 17:48:36 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2015-08-20 10:53:21 +02:00
|
|
|
Group: Development/Libraries/Python
|
2018-02-27 10:36:30 +01:00
|
|
|
Requires: python3
|
2015-08-20 10:53:21 +02:00
|
|
|
|
|
|
|
%description -n python3-sss_nss_idmap
|
|
|
|
The libsss_nss_idmap-python contains the bindings so that
|
|
|
|
libsss_nss_idmap can be used by Python applications.
|
|
|
|
|
|
|
|
%package -n python3-sssd-config
|
|
|
|
Summary: Python API for configuring sssd
|
2022-12-21 20:31:49 +01:00
|
|
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
2015-08-20 10:53:21 +02:00
|
|
|
Group: Development/Libraries/Python
|
2018-02-27 10:36:30 +01:00
|
|
|
Requires: python3
|
2015-08-20 10:53:21 +02:00
|
|
|
|
|
|
|
%description -n python3-sssd-config
|
2019-02-15 21:56:08 +01:00
|
|
|
Provide python module to access and manage configuration of the System
|
2015-08-20 10:53:21 +02:00
|
|
|
Security Services Daemon (sssd).
|
|
|
|
|
2010-03-08 18:24:35 +01:00
|
|
|
%prep
|
2019-02-15 18:36:42 +01:00
|
|
|
%autosetup -p1
|
2010-03-08 18:24:35 +01:00
|
|
|
|
|
|
|
%build
|
2011-08-02 11:16:11 +02:00
|
|
|
# help configure find nscd
|
2012-03-15 13:56:41 +01:00
|
|
|
export PATH="$PATH:/usr/sbin"
|
2011-08-02 11:16:11 +02:00
|
|
|
|
2016-07-08 18:12:31 +02:00
|
|
|
autoreconf -fiv
|
2010-03-08 18:24:35 +01:00
|
|
|
%configure \
|
2022-04-15 01:20:29 +02:00
|
|
|
--with-db-path="%dbpath" \
|
|
|
|
--with-pipe-path="%pipepath" \
|
|
|
|
--with-pubconf-path="%pubconfpath" \
|
|
|
|
--with-gpo-cache-path="%gpocachepath" \
|
|
|
|
--with-environment-file="%_sysconfdir/sysconfig/sssd" \
|
|
|
|
--with-initscript=systemd \
|
|
|
|
--with-syslog=journald \
|
2024-08-30 11:37:19 +02:00
|
|
|
--with-pid-path="%_rundir/sssd" \
|
2022-06-15 14:27:00 +02:00
|
|
|
--enable-pammoddir="%_pam_moduledir" \
|
2022-04-15 01:20:29 +02:00
|
|
|
--with-ldb-lib-dir="%ldbdir" \
|
|
|
|
--with-os=suse \
|
|
|
|
--disable-ldb-version-check \
|
|
|
|
--without-python2-bindings \
|
2023-11-20 11:17:08 +01:00
|
|
|
--without-oidc-child \
|
2024-08-30 11:37:19 +02:00
|
|
|
--with-sssd-user="%sssd_user" \
|
2023-11-20 11:17:08 +01:00
|
|
|
%if 0%{?suse_version} >= 1600
|
2023-11-21 19:20:32 +01:00
|
|
|
--with-selinux=yes \
|
2023-11-20 11:17:08 +01:00
|
|
|
--with-subid
|
2023-11-21 19:20:32 +01:00
|
|
|
%else
|
|
|
|
--with-selinux=no \
|
|
|
|
--with-libsifp \
|
|
|
|
--with-files-provider
|
2023-11-20 11:17:08 +01:00
|
|
|
%endif
|
2021-02-05 13:58:17 +01:00
|
|
|
%make_build all
|
2010-03-08 18:24:35 +01:00
|
|
|
|
|
|
|
%install
|
2024-10-16 17:05:53 +02:00
|
|
|
# sss_obfuscate is compatible with both Python 2 and 3
|
2021-10-16 13:07:49 +02:00
|
|
|
perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate
|
2023-10-31 17:22:04 +01:00
|
|
|
%make_install dbuspolicydir=%_datadir/dbus-1/system.d
|
2017-10-25 14:01:40 +02:00
|
|
|
b="%buildroot"
|
2010-03-08 18:24:35 +01:00
|
|
|
|
2021-02-19 19:09:29 +01:00
|
|
|
# Copy some defaults
|
2024-09-25 22:30:26 +02:00
|
|
|
%if "%{?_distconfdir}" != ""
|
2024-07-16 11:35:17 +02:00
|
|
|
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
|
|
|
|
install -d -m 0755 "$b/%_distconfdir/sssd/conf.d"
|
|
|
|
%else
|
|
|
|
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
|
|
|
|
install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d"
|
|
|
|
%endif
|
2017-10-25 14:01:40 +02:00
|
|
|
install -d "$b/%_unitdir"
|
2022-06-21 10:13:19 +02:00
|
|
|
%if 0%{?suse_version} > 1500
|
|
|
|
install -d "$b/%_distconfdir/logrotate.d"
|
|
|
|
install -m644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd"
|
2023-01-03 16:05:05 +01:00
|
|
|
install -d "$b/%_pam_vendordir"
|
|
|
|
mv "$b/%_pam_confdir/sssd-shadowutils" "$b/%_pam_vendordir"
|
2022-06-21 10:13:19 +02:00
|
|
|
%else
|
2019-02-21 14:29:19 +01:00
|
|
|
install -d "$b/%_sysconfdir/logrotate.d"
|
|
|
|
install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
|
2022-06-21 10:13:19 +02:00
|
|
|
%endif
|
2019-02-21 14:28:33 +01:00
|
|
|
|
2019-03-16 13:05:57 +01:00
|
|
|
rm -Rfv "$b/%_initddir"
|
2023-11-21 19:20:32 +01:00
|
|
|
%if 0%{?suse_version} < 1600
|
|
|
|
ln -s service "$b/%_sbindir/rcsssd"
|
|
|
|
%endif
|
|
|
|
|
2019-03-16 13:05:57 +01:00
|
|
|
mkdir -pv "$b/%sssdstatedir/mc"
|
|
|
|
find "$b" -type f -name "*.la" -print -delete
|
2017-10-25 14:00:49 +02:00
|
|
|
%find_lang %name --all-name
|
2010-08-30 11:22:01 +02:00
|
|
|
|
2021-03-19 15:41:35 +01:00
|
|
|
# dummy target for cifs-idmap-plugin
|
2024-10-16 17:05:53 +02:00
|
|
|
mkdir -pv "$b/%_sysconfdir/alternatives" "$b/%_sysconfdir/cifs-utils"
|
|
|
|
ln -sfv "%_sysconfdir/alternatives/%cifs_idmap_name" "$b/%cifs_idmap_plugin"
|
2024-03-08 16:45:07 +01:00
|
|
|
%python3_fix_shebang
|
2024-07-17 11:57:47 +02:00
|
|
|
%if 0%{?suse_version} > 1600
|
2024-08-30 11:37:19 +02:00
|
|
|
%python3_fix_shebang_path %buildroot/%_libexecdir/%name/sss_analyze
|
2024-07-17 11:57:47 +02:00
|
|
|
%elif 0%{?suse_version} == 1600
|
|
|
|
# python3_fix_shebang_path macro does not exist in < 1600, was added in python-rom-macros 20231204
|
2024-10-16 17:05:53 +02:00
|
|
|
sed -i '1s@#!.*python.*@#!%_bindir/python3.11@' "$b/%_libexecdir/%name/sss_analyze"
|
2024-03-08 16:45:07 +01:00
|
|
|
%endif
|
2021-03-19 15:41:35 +01:00
|
|
|
|
2024-10-16 17:05:53 +02:00
|
|
|
echo 'u sssd - "System Security Services Daemon" /run/sssd /sbin/nologin' >system-user-sssd.conf
|
2024-08-30 11:37:19 +02:00
|
|
|
mkdir -p "$b/%_sysusersdir" "$b/etc/permissions.d"
|
2024-10-16 17:05:53 +02:00
|
|
|
cp -a system-user-sssd.conf "$b/%_sysusersdir/"
|
|
|
|
%sysusers_generate_pre system-user-sssd.conf random system-user-sssd.conf
|
2024-08-30 11:37:19 +02:00
|
|
|
install -Dpm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf"
|
|
|
|
# should match entry from %%files list
|
|
|
|
cat >"$b/etc/permissions.d/sssd" <<-EOF
|
|
|
|
%_libexecdir/sssd/sssd_pam root:sssd 0750
|
|
|
|
+capabilities cap_dac_read_search=p
|
|
|
|
%_libexecdir/sssd/selinux_child root:sssd 0750
|
|
|
|
+capabilities %child_capabilities
|
|
|
|
%_libexecdir/sssd/krb5_child root:sssd 0750
|
|
|
|
+capabilities %child_capabilities
|
|
|
|
%_libexecdir/sssd/ldap_child root:sssd 0750
|
|
|
|
+capabilities %child_capabilities
|
|
|
|
EOF
|
2024-10-16 17:05:53 +02:00
|
|
|
|
2016-02-11 08:15:11 +01:00
|
|
|
%check
|
|
|
|
# sss_config-tests fails
|
2021-02-19 19:09:29 +01:00
|
|
|
%make_build check || :
|
2016-02-11 08:15:11 +01:00
|
|
|
|
2024-10-16 17:05:53 +02:00
|
|
|
%pre -f random.pre
|
2024-08-30 11:37:19 +02:00
|
|
|
%service_add_pre sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
2024-09-25 22:30:26 +02:00
|
|
|
%if "%{?_distconfdir}" != ""
|
2023-01-03 16:05:05 +01:00
|
|
|
# Prepare for migration to /usr/etc; save any old .rpmsave
|
2023-11-17 15:14:26 +01:00
|
|
|
for i in sssd/sssd.conf pam.d/sssd-shadowutils logrotate.d/sssd ; do
|
2024-07-16 13:04:35 +02:00
|
|
|
test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i.rpmsave.old" || :
|
2023-01-03 16:05:05 +01:00
|
|
|
done
|
2024-07-16 11:35:17 +02:00
|
|
|
%endif
|
2011-10-19 16:17:34 +02:00
|
|
|
|
|
|
|
%post
|
2019-03-16 13:05:57 +01:00
|
|
|
/sbin/ldconfig
|
2013-12-18 13:36:44 +01:00
|
|
|
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
|
2023-10-31 12:18:57 +01:00
|
|
|
if [ -f "%_sysconfdir/sssd/sssd.conf" ]; then
|
|
|
|
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' "%_sysconfdir/sssd/sssd.conf"
|
|
|
|
fi
|
2024-08-30 11:37:19 +02:00
|
|
|
%service_add_post sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
2010-08-30 11:22:01 +02:00
|
|
|
|
2024-08-30 11:37:19 +02:00
|
|
|
%_bindir/rm -f %mcpath/passwd %mcpath/group %mcpath/initgroups %mcpath/sid
|
|
|
|
%tmpfiles_create %name.conf
|
|
|
|
%set_permissions %_libexecdir/%name/selinux_child %_libexecdir/%name/sssd_pam
|
|
|
|
|
2021-03-19 15:41:35 +01:00
|
|
|
# install SSSD cifs-idmap plugin as an alternative
|
2021-04-13 13:24:53 +02:00
|
|
|
update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority
|
2021-03-19 15:41:35 +01:00
|
|
|
|
2013-12-22 19:51:04 +01:00
|
|
|
%preun
|
2024-08-30 11:37:19 +02:00
|
|
|
%service_del_preun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
2010-08-30 11:22:01 +02:00
|
|
|
|
|
|
|
%postun
|
2019-03-16 13:05:57 +01:00
|
|
|
/sbin/ldconfig
|
2024-10-16 17:05:53 +02:00
|
|
|
if [ "$1" = "0" ] && [ -x "%_sbindir/pam-config" ]; then
|
2017-10-25 14:00:49 +02:00
|
|
|
"%_sbindir/pam-config" -d --sss || :
|
2016-07-08 18:12:31 +02:00
|
|
|
fi
|
2014-08-11 02:18:49 +02:00
|
|
|
# del_postun includes a try-restart
|
2024-08-30 11:37:19 +02:00
|
|
|
%service_del_postun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
2010-08-30 11:22:01 +02:00
|
|
|
|
2021-04-13 13:24:53 +02:00
|
|
|
if [ ! -f "%cifs_idmap_lib" ]; then
|
|
|
|
update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib
|
2021-03-19 15:41:35 +01:00
|
|
|
fi
|
|
|
|
|
2024-10-16 17:05:53 +02:00
|
|
|
%ldconfig_scriptlets -n libsss_certmap0
|
|
|
|
%ldconfig_scriptlets -n libipa_hbac0
|
|
|
|
%ldconfig_scriptlets -n libsss_idmap0
|
|
|
|
%ldconfig_scriptlets -n libsss_nss_idmap0
|
|
|
|
%ldconfig_scriptlets -n libsss_simpleifp0
|
2019-12-17 17:30:17 +01:00
|
|
|
|
2024-08-30 11:37:19 +02:00
|
|
|
%verifyscript
|
|
|
|
%verify_permissions -e %_libexecdir/%name/selinux_child %_libexecdir/%name/sssd_pam
|
|
|
|
|
2023-10-31 17:22:04 +01:00
|
|
|
%triggerun -- %name < %version-%release
|
2022-02-10 17:12:31 +01:00
|
|
|
# sssd takes care of upgrading the database but it doesn't handle downgrades.
|
|
|
|
# Clear caches when downgrading the package, which may have an
|
|
|
|
# incompatible format afterwards preventing the daemon from startup.
|
|
|
|
if [ "$1" = "1" ] && [ "$2" = "2" ]; then
|
|
|
|
echo "Package downgrade detected, removing cache files which may have an incompati |