From 82f0692bb1b452c749ab38d7db044e2ae78cdcc14302ac770d7e7c4782b6daf6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 16 Mar 2019 12:05:57 +0000 Subject: [PATCH 1/3] - Update to new upstream release 2.1.0 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=215 --- sssd-2.0.0.tar.gz | 3 --- sssd-2.0.0.tar.gz.asc | 10 ---------- sssd-2.1.0.tar.gz | 3 +++ sssd-2.1.0.tar.gz.asc | 6 ++++++ sssd.changes | 16 ++++++++++++++++ sssd.spec | 29 +++++++++++++---------------- 6 files changed, 38 insertions(+), 29 deletions(-) delete mode 100644 sssd-2.0.0.tar.gz delete mode 100644 sssd-2.0.0.tar.gz.asc create mode 100644 sssd-2.1.0.tar.gz create mode 100644 sssd-2.1.0.tar.gz.asc diff --git a/sssd-2.0.0.tar.gz b/sssd-2.0.0.tar.gz deleted file mode 100644 index 2591175..0000000 --- a/sssd-2.0.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:77569d00dd516e7eba1bfcc2ae562647068d7d16e283e8b3fc4f1e03fc899586 -size 6263376 diff --git a/sssd-2.0.0.tar.gz.asc b/sssd-2.0.0.tar.gz.asc deleted file mode 100644 index a446f4f..0000000 --- a/sssd-2.0.0.tar.gz.asc +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEcBAABAgAGBQJbcd4JAAoJEHDBRgYiUL36ZpUH/0R46OWssuYR7gVSoh1UWZdA -Gg/uPN5iSo0hq6mjU/w7inGb5GxTnbj8WQXo8466EUw98NDTTc7NMLScy83bsb1i -MIk4eXxm0c5lsRuIFCS+3qtakZtYyjDk+8v6BqRARFFPE9R4j8Cb1BOUurgoMDTg -IE75AP+QHTxdrPQ/xj4PQcdIZ6qimeztD1IJDrb7hValyMfqs9XHsamXsQwRrfEV -l0U3eUlsX0vegrQwEG8iOQt4v0cr9jMCahgSnvNZotqiyHUr5VLH901OSZzwPly6 -8+BAp9mnNZ2lG5pqFEXOsI1kmQ5hnXDFu1OcIedkKHdBRMqNZC3ip0k8ow3fbAk= -=K92m ------END PGP SIGNATURE----- diff --git a/sssd-2.1.0.tar.gz b/sssd-2.1.0.tar.gz new file mode 100644 index 0000000..840d42f --- /dev/null +++ b/sssd-2.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:10f04bd8a1ae7e888e2bcc13edc1a64ef19b4990866c09c65c667d0c72b66743 +size 6463331 diff --git a/sssd-2.1.0.tar.gz.asc b/sssd-2.1.0.tar.gz.asc new file mode 100644 index 0000000..3a490d1 --- /dev/null +++ b/sssd-2.1.0.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlx24YkACgkQHsardTLnvCWcxgCgt5a0AYEWnuJkx7qH37pBpDj8 +nQEAn3x6FKj/f71JTCYpPrykAc47dyRD +=fQLU +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index f2bde67..1d71cf4 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Sat Mar 16 11:50:58 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 2.1.0 + * Any provider can now match and map certificates to user + identities. + * pam_sss can now be configured to only perform Smart Card + authentication or return an error if this is not possible. + * pam_sss can also prompt the user to insert a Smart Card if, + during an authentication it is not available. + * A new configuration option ad_gpo_implicit_deny was added. + This option (when set to True) can be used to deny access to + users even if there is not applicable GPO. + * The dynamic DNS update can now batch DNS updates to include + all address family updates in a single transaction. + ------------------------------------------------------------------- Wed Feb 20 16:01:52 UTC 2019 - Samuel Cabrero diff --git a/sssd.spec b/sssd.spec index b01ea33..5b9e591 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 2.0.0 +Version: 2.1.0 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -409,8 +409,8 @@ make %{?_smp_mflags} all # sss_obfuscate is compatible with both python 2 and 3 sed -i -e 's:%_bindir/python:%_bindir/python3:' src/tools/sss_obfuscate +%make_install b="%buildroot" -make install DESTDIR="$b" # Copy default sssd.conf file install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ @@ -424,20 +424,17 @@ install -d "$b/%_unitdir" install -d "$b/%_sysconfdir/logrotate.d" install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd" -rm -Rf "$b/%_initddir" -ln -s service "$b/%_sbindir/rcsssd" +rm -Rfv "$b/%_initddir" +ln -sfv service "$b/%_sbindir/rcsssd" -mkdir -p "$b/%sssdstatedir/mc" -mkdir -p "$b/%_sysconfdir/ld.so.conf.d" +mkdir -pv "$b/%sssdstatedir/mc" +mkdir -pv "$b/%_sysconfdir/ld.so.conf.d" cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF %_libdir/%name/modules EOF -find "$b" -type f -name "*.la" -delete - -rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" -rm -rf "$b/usr/lib/debug/usr/lib/sssd/p11_child-1.16.2-0.x86_64.debug" - - +find "$b" -type f -name "*.la" -print -delete +rm -Rfv "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" +rm -Rfv "$b/usr/lib/debug/usr/lib/sssd/p11_child-1.16.2-0.x86_64.debug" %find_lang %name --all-name %check @@ -448,19 +445,19 @@ make %{?_smp_mflags} check ||: %service_add_pre sssd.service %post +/sbin/ldconfig # migrate config variable krb5_kdcip to krb5_server (bnc#851048) /bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf -/sbin/ldconfig %service_add_post sssd.service %preun %service_del_preun sssd.service %postun -if [ "$1" = "0" ]; then +/sbin/ldconfig +if [ "$1" = "0" -a -x "%_sbindir/pam-config" ]; then "%_sbindir/pam-config" -d --sss || : fi -/sbin/ldconfig # Clear caches, which may have an incompatible format afterwards # (especially, downgrades) rm -f /var/lib/sss/db/*.ldb @@ -567,7 +564,7 @@ rm -f /var/lib/sss/db/*.ldb %_libdir/krb5/ %_libdir/%name/modules/sssd_krb5_localauth_plugin.so %_mandir/??/man8/pam_sss.8* -%_mandir/??/man8/sssd_krb5_locator_plugin.8* +#%_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/pam_sss.8* %_mandir/man8/sssd_krb5_locator_plugin.8* From f0c0b7301ed35295f669bd11ac3b61627aa462b4f0a16847a27231554d175473 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 23 Apr 2019 09:04:50 +0000 Subject: [PATCH 2/3] update build deps OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=216 --- sssd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sssd.spec b/sssd.spec index 5b9e591..e06fa79 100644 --- a/sssd.spec +++ b/sssd.spec @@ -82,8 +82,8 @@ BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(ndr_krb5pac) -BuildRequires: p11-kit-devel -%{?systemd_requires} +BuildRequires: pkgconfig(p11-kit-1) >= 0.23.3 +%{?systemd_ordering} Requires: sssd-ldap = %version-%release Requires(postun): pam-config Provides: libsss_sudo = %version-%release From 3e5ec14f79e5f3c43bcb19fff63775ef775900f9b8be7867fdfa013914fa9a26 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 23 Apr 2019 12:00:09 +0000 Subject: [PATCH 3/3] 2.1.0 uses an alternate key OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=217 --- sssd.keyring | 83 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 26 deletions(-) diff --git a/sssd.keyring b/sssd.keyring index b01b32b..ef250bc 100644 --- a/sssd.keyring +++ b/sssd.keyring @@ -1,29 +1,60 @@ -pub 2048R/2250BDFA 2018-08-12 Jakub Hrozek +pub dsa1024/0x1EC6AB7532E7BC25 2007-02-02 [SC] + Key fingerprint = E4E3 6675 8CA0 716A AB80 4867 1EC6 AB75 32E7 BC25 +uid [ unknown] Jakub Hrozek -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: SKS 1.1.6 -Comment: Hostname: pgp.mit.edu -mQENBFtwK6cBCADYyh4mnEJ7DTKIHsONfEYBJM+OTaRG4DeRIyApnEjxxTLugUBUBUQ/lDAI -BPDqoB661AAj0b0G2aI6JHlZaxE+npHtxKzulJHPfLs7IbIi7xdHutT3CKEBSKkKabSwgKWz -wd1B91HXBttAzGKBBPxTE63UeZKSAlpvuO69K9WM5J1qZmkEiwxtJssLoyeZjFiOVK4aRq8F -qm2O8n56Kz0r8TEkb3bNLr1N1Uq3KlAklX3run0uInjjZAw0V3rTBMHBrE/wsjccnBYp5eDE -6Ff8NxhD28BqIPQp6NMjsZPVJODo03HdN+y7p+p/ca3XV8X7hG2eF0SNGkuhb7I1D+KPABEB -AAG0IUpha3ViIEhyb3playA8amhyb3pla0ByZWRoYXQuY29tPokBOAQTAQIAIgUCW3ArpwIb -AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQcMFGBiJQvfop3AgAtSyZmkDq5mZm0aw2 -IPboKXLlbaihofsOEewvkc6BjaDNgrSZKwBrdlFv5SVYvue7e/Jl985/bAqbSyM+LWdk77of -/SVfGQJAWya+nmQegP2GQm9FNFdTcOHpUGUJbxEw0uLOo7r1RDnp7GdwmprzF8XMptI5mRWS -pxo3c9oFZ8Y1HI2Uz8jyvMN4DD/X9HGNvxGeLv7D3Jz3oDy3O5kLpqH6rDQOiVSCUdw3mjZc -iqT3QLcT8PZo49/20NqcTgRekWc4mZIuUrqABlzDNzPAr28is2dZ7k0cyOM6p/o7nU6TdDdT -h7fdRfUp4GWVsXng7r6TKIYqMbKjbnsdi85qm7kBDQRbcCunAQgAzsipKSdm6+/T0Lms24vK -2j4xxeBn/CfIAu0HGdeJxUhumSLW5pb8/QjxDp6ooDnxODbagSTYlBb5DQIVu4OkRPspdtPs -qI6ZX92NdeIHbSTAHyj1M7me9TZ/Y1CqcvxYRnjLbI4CH9Kvi5BuMLMk+MirRjDivJgph1Gr -rwL7NwLXMWX1bm/252ytal4Fw4ZN0CnDmwCCu2TxWvwfYxtNZ5XgDW5qY62594+nPoCmZR+F -8UuDlRS2tnKC7nyiWilb4+6iNbKL7yWqZt/l0WChIRAbxBzTR4uxk5Mfe3yhhujEgid3PZwK -OE67YQ5qaYfUOIaWs8nlgf19twL1hfKggwARAQABiQEfBBgBAgAJBQJbcCunAhsMAAoJEHDB -RgYiUL36HYwH/1j8b6ZMymcxe3DLvcXy7PJWJL5Tn2xhHaUlWONcXYY922gDH+qk12SjHDES -sEXGU/4nt9ktoiFeRX4KiFHi84znHBF3PqacriMApCueX/HZHOL45VxoUNEqYK33t8MfPsXc -qaJa2FQznHaSgpMP27DmsJYlANEcMeDEM4jZKYc9L7l7Jz8WlsyYHR8aqfu4NLXXSsUSUNyQ -PfiUH91djow08X65Rwv+sAABDGQH66oPf45UWIwn54K7iigK+s2j60H68mqYymb1CerDrw6b -4K3BCsHqalllAeLCsTqn6nVsHF7V6I99dSG3Ij6DK/AYsuWjrJZ1AMpNHgU63CtybUo= -=uiHO +mQGiBEXDdfURBACLDLdnY7LeLJ7fh3HQWojKuMtJGV3tmTRtt58XnEf/FPJae0MU +XQDAKJM7MDYf0yDNT6Nq6WMQDAIHznFdGRTTSaD97kMeYO11i60FfZ9nM88XJCv0 +R+OiWh8d7ChCG6riv/AUeNtg++casIQNB8xK9HKLFBS1e+q3b+rXTS9crwCg7FWX +qZoZrm4lPlBZQltfhzdmvn8D/3CyvgtW5hwr7w+ScQcYnBxdVCtMPSEo541Ealjg +q9Knn4sE9lnGjtG4RCYMT2Sideognk9Ah5nWOGynwta6cluCEqlF6ORJPKpAeqG1 +a2zpn3iSPbUiyRF+udta9sbwL0hsJTcPTGzvDZO/XtMoHSSyPi/Xum6R+jwISv7n +TMQpA/0efY/Gy/SZrulBgQqKBMbaW2phvgRThph4n31IYrlSB6tAqN0G7VL6AFcs +iOJZPhu0TNqEOSYE6Mh5/YBwRPnrKMHZYXiKOeUrfjvURVq+l5dTX7KNtbnCrhS+ +Rlgq1uin5L7g8QbAKMns32Mo1MxB5aN0YUL5pTbJuWL0Sb2Kb7QhSmFrdWIgSHJv +emVrIDxqaHJvemVrQHJlZGhhdC5jb20+iEYEEBECAAYFAkoAZ+EACgkQeiVVYja6 +o6PaUgCcC1uIdzSouXkz/Hpc8WIq5bbdMCkAoIi6PtlzQuiCQgzN39VcFzIdnUfu +iEYEEBECAAYFAkoAaA0ACgkQWAkQHAJrbG8paQCgle0IkEHUEpBG3T+despZYg2K +aIwAnRRsCazy6CeJfOuP0IVGY8FKWedYiEYEEBECAAYFAkoAcQUACgkQGliNByGN +TpdfzgCfVdjXUF5AXkDJ78q2N9biKECoGTEAoJWdxJJAI6kE54tSCay6LkqU49et +iEgEEBECAAkFAkoAZiECBwAACgkQUDGHpI6P4rpHYgCWJtMmuHsk2/znWsUfqALe +XL3LXQCgpmRUJbjVee51ja2KSLRqslUZZ1KIXwQTEQIAIAUCRcN19QIbAwYLCQgH +AwIEFQIIAwQWAgMBAh4BAheAAAoJEB7Gq3Uy57wlIcEAoKNgX8eyFiQnylJlOKUs +7TJsxY4XAJiU6oXuJwZUMVPjZbcKiot+BqMKiQIcBBABAgAGBQJKAGrfAAoJEKqM +a5A1GvYd/CsP/1eHH2Ogbp9ycbPBc7pO5iLwBDPE81a4SMXqLcs0VS4Ps5d4gpjG +o6CilNb6gi5GTK4gmpQqFHYmzRSacO5aYnwSeueGYpI+jMxDeQcbabwA9oquOhck +YuQ4tM6Cmnwdiym40RsIA+8zEnZuzQywUD7h/b1xRjoEeLAe24UPdF0qMypChdF0 +EGXhosaapmxhXe31F/qqa2uHLUpECwJb417y9aVxDxtq4tnWh3kjpFMrLkX8NA2q +MkBO9csI0lRVkDu+Ofs0V7yc3MjART2kazYI7VkpVbqRc4QHnzfD3MLR2sgycEc5 +HQzJZYhe84AYATz8bqwptJlDi2pfEx11rHpVeGGN/I2hjitsARsNUIopYyNdXpbw +Ck4xv2U+uZzGpgzpt/siU4t1oKHc+P2gJ5xrazRan3gEd6QFXrWHq1+sdV4pUFM2 +R3UZt8z8NquRposHPn9ldNEpxNVkjbTZiY6D+f3yIUa43z6f4B2gWSuIGq2ayIVG +SKaf+hxzFa9sFsMJ1VeGsYt9g3zxnWRFEJRup0/VasVCqkMan0YoXOJB5+R2Ie73 +WWfoLlv2KozPDL91D1sXhxschxHHnQ8ro3Nl80s+yCNINhBK3+UUZsE/THlU7KQv +q2j8dy85frWvjPylNddJsXGRzBVTu629Gkhm3glVMPrfi5CEZkuRC4FOiQIcBBAB +AgAGBQJNsBsGAAoJEK184QA5M3MO9bMP/R4d3Xvhx65ayuLTehyoi0CAdaCU6wbx +vO922rzSu57i0JY2Ef14ZXF22RDrkAPgbw6S+wF8GRT4NKvfYaVx9oYunvD1OTa5 +EfEjG2KvJrKOsOKUCD7yQxKXGhP7K8scAiuZk4rCgfX9+O4RpqRdl1/EqCEBzUZa +U79RN/KLqapddtF0H4tyLWpWSyrQs8PjGRJmeh3J7RuD7ZYC4XRtvpx3IDqn6+RC +QFhb/EpGX7EwxbKgapmpD+9W2vqLHbM655w6/hc68J4bnE80DnZKc659HuNvRGit +zS7ShbI+8h5TUHcxsEsQCnfKkrkfdQo79878IKBmlJKC1WqUBZbbvdITfVToL9dt +ShHiNoy4jVuxUoizEAXEIjdi52MHhAY5I6wWyrDOV9Ftg9ZLwa6MbH31EKUbRMmP +75y0ID4RQCINqP7HMu5vlHRBKAKC1Tf3DqRZJIU61v4A3WR6IMGNXaoVFbQwB6YX +sOkJPiN1vgrqo42Z+rNRFFkCj341RJO2KNpjeUdeKVSyDmEb22wiRLEgXnmk902u +OJN1HFcj7/JjlXGRR24Zu0C97B+HNdlmWVnxJx/aNx2zkGnjdAjMLy1bosMJSPyA +JVWnKU3TmrsB4raPeawbk8OSmwzRCiIl9VDlBjaDK4E4+0I05/BNMWvsEMOeGeJd +KU/OhWYPnoBWuQINBEXDdgAQCAC6qjQXEfVe106L+pbq/61Z2pgcuP9/RWiqPVxu +lL5w4M1NpfX9d/gme/q+biU4bmAiSoPV7lQKkbmkMm8ySuljSVhGvlEagLb20dlh +d8QFUSR2G5TtlNJBFqiK0rlNLCM6Ploq8VIcSMysJZwZJRqMQJCREfBlvccrbCqo +FasmOOM+2P7lxCD6wqntmnrFTeJmUyhV91iL/MZ6e6YKnlIybwJlnmByw1mGMi2R +PDDkr/83orPjWgxjIeWCHTb0kPQsc+Appw/cp4QQPNIMTH9JIQXjMP8R8sMd6GBr ++fRmKw2bF3G578EjYubuqoY0O1X6prXukgnp899p9tIAphq3AAQLB/9K4yRk3fpQ +Oyg6fTqoitiLkkGyzew5+F4kSepQgQ7QkKnJv5+qKx2qhMkzQbmAWkK+5k4AKnPN +W/RaOGUwjI+X/tS4/gpgjosaoABGo3GwdPsU3FPRS/pBHx8Y9CpV0UsUF3roQEv0 ++c63dENjC0mUP1ww1Q2nNYReMndEKTSVkXZ6WOk+W7Q6vnc66KiaaeGZyaPFHmC8 +x/ikupRGERnZTTKVGJOJMiTRjIgBKwOcB/QEKUVfPiLipIPqMmWgqitELsy7zvGL +UMbgwv4VgL/Z3ncjw6ocFGG01S38Zty2GwcPEWrmJWk3HAMBfW+vrk9a/3ym9Myc +maMgOF+DAkx0iEkEGBECAAkFAkXDdgACGwwACgkQHsardTLnvCWU5wCgqQcHeUMV +aVQ1xIt1EJDF+wILLvMAn0YtJTYbQdH6FBUyLY42isSL8TJM +=+iK5 -----END PGP PUBLIC KEY BLOCK-----