Compare commits
No commits in common. "master" and "factory" have entirely different histories.
@ -1,11 +1,7 @@
|
|||||||
---
|
Index: sssd-2.5.2/src/sysv/systemd/sssd-kcm.service.in
|
||||||
src/sysv/systemd/sssd-kcm.service.in | 13 +++++++++++++
|
|
||||||
1 file changed, 13 insertions(+)
|
|
||||||
|
|
||||||
Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in
|
|
||||||
===================================================================
|
===================================================================
|
||||||
--- sssd-2.10.0.orig/src/sysv/systemd/sssd-kcm.service.in
|
--- sssd-2.5.2.orig/src/sysv/systemd/sssd-kcm.service.in
|
||||||
+++ sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in
|
+++ sssd-2.5.2/src/sysv/systemd/sssd-kcm.service.in
|
||||||
@@ -8,6 +8,19 @@ After=sssd-kcm.socket
|
@@ -8,6 +8,19 @@ After=sssd-kcm.socket
|
||||||
Also=sssd-kcm.socket
|
Also=sssd-kcm.socket
|
||||||
|
|
||||||
@ -24,5 +20,5 @@ Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in
|
|||||||
+RestrictRealtime=true
|
+RestrictRealtime=true
|
||||||
+# end of automatic additions
|
+# end of automatic additions
|
||||||
Environment=DEBUG_LOGGER=--logger=files
|
Environment=DEBUG_LOGGER=--logger=files
|
||||||
ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
|
ExecStartPre=-@sbindir@/sssd --genconf-section=kcm
|
||||||
ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
|
ExecStart=@libexecdir@/sssd/sssd_kcm --uid 0 --gid 0 ${DEBUG_LOGGER}
|
||||||
|
BIN
sssd-2.10.1.tar.gz
(Stored with Git LFS)
BIN
sssd-2.10.1.tar.gz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmdYSb4ACgkQ09IbKRDP
|
|
||||||
Z1kRyRAAmkKhCUcBs4h2mDg7uzz7DfYFkHXEiY8EMoVP5Iw6ZsNL/V9fwF9xhj49
|
|
||||||
XbnCfxj2zFfVWZd5VYnTpl86Hg3NrxuPehgM+iMAXS6U/55TvRPunCtTiRwoTZ4t
|
|
||||||
zSgiBaSg3I2hmSN2cnSU8PpilEDCIeSP3uafmGXI1KUxEQltVbp0EeJ5CL5GP3xU
|
|
||||||
rFgI1pKdTySlw6jZ3vjkAaHwdsJGB0MKtjiBJYtqvHmIzbUdSNN/iE5Wf5xsdtez
|
|
||||||
KKLUrnKeQFuNyYWpjipJvbs7i9+E5VKFvCfrqFb6vQbp+Rgd98epVjp2VKovNy8p
|
|
||||||
gZQmgfbi5GCWKuBx+dbaRSFa8hWemEwnBNboV6JKq4+CoPsMkI367utZV5gd58V5
|
|
||||||
RHgLsrZfjahAXgG4ytwPhgKDV+sX+sSn4aXIdaSgc+vP7+ykLMxyzyR2GXyG+y11
|
|
||||||
WrnovdR0HywHfzvlUnKQmcLUjCkXKVwIMw0oBRa8+YLTD08EeYgu+oXXDpGD0oL1
|
|
||||||
YJLLBdr6ycR9Rk/sUqbZgEnzQZPYXazIraUrd71Ry8CaNvqi86Of7sX6SgSQQeg/
|
|
||||||
ZPLNcPWPadG/9jpMNJNsXXEZicNJXznQczlXKvRXINOJzknJYwwgH+/55otbzNzq
|
|
||||||
EjlOmFEn07bGAHCsHTfydlCeYqD9x+WV/X8CReMFjcaaBH4TDms=
|
|
||||||
=S0c5
|
|
||||||
-----END PGP SIGNATURE-----
|
|
BIN
sssd-2.9.5.tar.gz
(Stored with Git LFS)
Normal file
BIN
sssd-2.9.5.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
sssd-2.9.5.tar.gz.asc
Normal file
16
sssd-2.9.5.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmZF8CMACgkQ09IbKRDP
|
||||||
|
Z1lSVQ/9EPVvWUX1z/pHfbvDjRpfD+LDbDceYB4YBh0caYpMVFm/2wHhFIjTYEpf
|
||||||
|
SmIR+SQp50NkRSK6tE/u+Swu+YUkiCqnEWv2y9wd4Uh2NKiukyiqBC1k2cn9URNu
|
||||||
|
oRreBM1KIRvTkdoyZwteELJ7vMLVr0UT2iIXZQFIIZX+LM3FNZJ5vFcj5fF0Hz1f
|
||||||
|
v8zR0VTB7xY/6U+4KikvMyM3fOPeTOJvEtMp4xDWyquRjCADjZasOQcKRQzXp1er
|
||||||
|
zs/qLcQ8eCODXhKelGqmppVIElW+72f1FNbMpBnlQ7VtFn6pn4sPazO0Hr7eNfZJ
|
||||||
|
Vc6GXN8zZ/oF5U4x7XSMVqeOHLQoLeb2HxgUzS+1Ig19FHOs6Xoj0dO5l/TOEFav
|
||||||
|
l61qytYnj3DNZjrMVLsMvOx3qGYK7PmyaWNoIJlLO2GbWKMP/8yBm35Ugd0jybSi
|
||||||
|
T7VWX+isQHfVhSZ9wD4/yYOBAU3lABORAjXkCWQp/vMR/KiHbfaajCAbl56KiijQ
|
||||||
|
eKYaq57EH3N+qKd1sqCrPfSw3HSqm3rngG1CsMasBQgLFs2aW+Mwo3UvQ1U/ykED
|
||||||
|
mOo2D9uhOQluv4AUSpKK6E8EXoPSxDFZI4WX37depO2VGXDO90JNfVamJXjy1+bH
|
||||||
|
d/RnoZfC7h7Vb1P1bPgGdsAFQBOP0FinbEjehpw0P0U2xAZQWek=
|
||||||
|
=pY7t
|
||||||
|
-----END PGP SIGNATURE-----
|
62
sssd.changes
62
sssd.changes
@ -1,65 +1,3 @@
|
|||||||
-------------------------------------------------------------------
|
|
||||||
Tue Dec 10 20:17:10 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
|
||||||
|
|
||||||
- Update to release 2.10.1
|
|
||||||
* SSSD does not create anymore missing path components of
|
|
||||||
DIR:/FILE: ccache types while acquiring user's TGT. The
|
|
||||||
parent directory of requested ccache directory must exist and
|
|
||||||
the user trying to log in must have rwx access to this
|
|
||||||
directory. This matches behavior of /usr/bin/kinit.
|
|
||||||
* The option default_domain_suffix is deprecated.
|
|
||||||
- Delete 0001-Configuration-make-sure-etc-sssd-and-everything.patch,
|
|
||||||
0001-INI-relax-config-files-checks.patch,
|
|
||||||
0001-INI-stop-using-libini_config-for-access-check.patch,
|
|
||||||
0001-sssd-always-print-path-when-config-object-is-rejecte.patch
|
|
||||||
(merged)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Oct 15 12:59:51 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
|
||||||
|
|
||||||
- Update to release 2.10.0
|
|
||||||
* The ``sssctl cache-upgrade`` command was removed. SSSD
|
|
||||||
performs automatic upgrades at startup when needed.
|
|
||||||
* Support of ``enumeration`` feature (i.e. ability to list all
|
|
||||||
users/groups using ``getent passwd/group`` without argument)
|
|
||||||
for AD/IPA providers is deprecated and might be removed in
|
|
||||||
further releases.
|
|
||||||
* The new tool ``sss_ssh_knownhosts`` can be used with ssh's
|
|
||||||
``KnownHostsCommand`` configuration option to retrieve the
|
|
||||||
host's public keys from a remote server (FreeIPA, LDAP,
|
|
||||||
etc.). It replaces ```sss_ssh_knownhostsproxy``.
|
|
||||||
* The default value for ``ldap_id_use_start_tls`` changed from
|
|
||||||
false to true for improved security.
|
|
||||||
* https://github.com/SSSD/sssd/releases/tag/2.10.0
|
|
||||||
- Add 0001-sssd-always-print-path-when-config-object-is-rejecte.patch,
|
|
||||||
0001-INI-stop-using-libini_config-for-access-check.patch,
|
|
||||||
0001-INI-relax-config-files-checks.patch,
|
|
||||||
0001-Configuration-make-sure-etc-sssd-and-everything.patch
|
|
||||||
- Fix socket activation of responders
|
|
||||||
- Daemon runs now as unprivileged user 'sssd'
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Oct 1 10:15:07 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
|
||||||
|
|
||||||
- Update filelists involving memberof.so and idmap/sss.so to
|
|
||||||
avoid gobbling up one file into multiple sssd subpackages.
|
|
||||||
(Between samba-4.20 and 4.21, %ldbdir changes from
|
|
||||||
/usr/lib64/ldb2/modules/ldb to /usr/lib64/samba/ldb, so now
|
|
||||||
`%_libdir/samba` is a bit too broad.)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jul 17 09:19:20 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
|
|
||||||
|
|
||||||
- Fix spec file for openSUSE ALP and SUSE SLFO, where the
|
|
||||||
python3_fix_shebang_path RPM macro is not available
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jul 11 09:41:21 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
|
|
||||||
|
|
||||||
- Revert the change dropping the default configuration file. If
|
|
||||||
/usr/etc exists will be installed there, otherwise in /etc.
|
|
||||||
(bsc#1226157);
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 16 12:13:02 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
Thu May 16 12:13:02 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
261
sssd.spec
261
sssd.spec
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.10.1
|
Version: 2.9.5
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
||||||
@ -28,10 +28,10 @@ Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%v
|
|||||||
Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
|
Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
|
||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
Source5: %name.keyring
|
Source5: %name.keyring
|
||||||
Patch11: krb-noversion.diff
|
Patch1: krb-noversion.diff
|
||||||
Patch12: harden_sssd-ifp.service.patch
|
Patch2: harden_sssd-ifp.service.patch
|
||||||
Patch13: harden_sssd-kcm.service.patch
|
Patch3: harden_sssd-kcm.service.patch
|
||||||
Patch14: symvers.patch
|
Patch4: symvers.patch
|
||||||
BuildRequires: autoconf >= 2.59
|
BuildRequires: autoconf >= 2.59
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: bind-utils
|
BuildRequires: bind-utils
|
||||||
@ -53,26 +53,21 @@ BuildRequires: nss_wrapper
|
|||||||
BuildRequires: openldap2-devel
|
BuildRequires: openldap2-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: pkg-config >= 0.21
|
BuildRequires: pkg-config >= 0.21
|
||||||
BuildRequires: python3-wheel
|
|
||||||
BuildRequires: python3-setuptools
|
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
BuildRequires: sysuser-tools
|
|
||||||
BuildRequires: uid_wrapper
|
BuildRequires: uid_wrapper
|
||||||
BuildRequires: pkgconfig(augeas) >= 1.0.0
|
BuildRequires: pkgconfig(augeas) >= 1.0.0
|
||||||
BuildRequires: pkgconfig(collection) >= 0.5.1
|
BuildRequires: pkgconfig(collection) >= 0.5.1
|
||||||
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
|
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
|
||||||
BuildRequires: pkgconfig(dhash) >= 0.4.2
|
BuildRequires: pkgconfig(dhash) >= 0.4.2
|
||||||
BuildRequires: pkgconfig(glib-2.0)
|
BuildRequires: pkgconfig(glib-2.0)
|
||||||
BuildRequires: pkgconfig(ini_config) >= 1.3
|
BuildRequires: pkgconfig(ini_config) >= 1.1.0
|
||||||
BuildRequires: pkgconfig(jansson)
|
BuildRequires: pkgconfig(jansson)
|
||||||
BuildRequires: pkgconfig(ldb) >= 1.2.0
|
BuildRequires: pkgconfig(ldb) >= 0.9.2
|
||||||
BuildRequires: pkgconfig(libcap)
|
|
||||||
BuildRequires: pkgconfig(libcares)
|
BuildRequires: pkgconfig(libcares)
|
||||||
BuildRequires: pkgconfig(libcrypto) >= 1.0.1
|
BuildRequires: pkgconfig(libcrypto)
|
||||||
%if 0%{?suse_version} >= 1600
|
%if 0%{?suse_version} >= 1600
|
||||||
BuildRequires: pkgconfig(libcurl)
|
BuildRequires: pkgconfig(libcurl)
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: pkgconfig(libcap)
|
|
||||||
BuildRequires: pkgconfig(libnfsidmap)
|
BuildRequires: pkgconfig(libnfsidmap)
|
||||||
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
|
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
|
||||||
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
|
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
|
||||||
@ -91,17 +86,7 @@ BuildRequires: pkgconfig(talloc)
|
|||||||
BuildRequires: pkgconfig(tdb) >= 1.1.3
|
BuildRequires: pkgconfig(tdb) >= 1.1.3
|
||||||
BuildRequires: pkgconfig(tevent)
|
BuildRequires: pkgconfig(tevent)
|
||||||
BuildRequires: pkgconfig(uuid)
|
BuildRequires: pkgconfig(uuid)
|
||||||
%if 0%{?suse_version} && 0%{?suse_version} < 1600
|
|
||||||
# samba-client-devel pulls samba-client-libs pulls libldap-2_4-2 wants libldap-data(-2.4);
|
|
||||||
# this conflicts with
|
|
||||||
# openldap2-devel pulls libldap2 wants libldap-data(-2.6)
|
|
||||||
# Package contains just config files, not needed for build.
|
|
||||||
#!BuildIgnore: libldap-data
|
|
||||||
%endif
|
|
||||||
%sysusers_requires
|
|
||||||
%{?systemd_ordering}
|
%{?systemd_ordering}
|
||||||
Requires(post): permissions
|
|
||||||
Requires(verify): permissions
|
|
||||||
Requires: sssd-ldap = %version-%release
|
Requires: sssd-ldap = %version-%release
|
||||||
Requires(postun): pam-config
|
Requires(postun): pam-config
|
||||||
Provides: libsss_sudo = %version-%release
|
Provides: libsss_sudo = %version-%release
|
||||||
@ -110,19 +95,16 @@ Obsoletes: libsss_sudo < %version-%release
|
|||||||
Provides: sssd-common = %version-%release
|
Provides: sssd-common = %version-%release
|
||||||
Obsoletes: sssd-common < %version-%release
|
Obsoletes: sssd-common < %version-%release
|
||||||
|
|
||||||
%global sssd_user sssd
|
|
||||||
%define servicename sssd
|
%define servicename sssd
|
||||||
%define sssdstatedir %_localstatedir/lib/sss
|
%define sssdstatedir %_localstatedir/lib/sss
|
||||||
%define dbpath %sssdstatedir/db
|
%define dbpath %sssdstatedir/db
|
||||||
%define pipepath %sssdstatedir/pipes
|
%define pipepath %sssdstatedir/pipes
|
||||||
%define pubconfpath %sssdstatedir/pubconf
|
%define pubconfpath %sssdstatedir/pubconf
|
||||||
%define gpocachepath %sssdstatedir/gpo_cache
|
%define gpocachepath %sssdstatedir/gpo_cache
|
||||||
%define keytabdir %sssdstatedir/keytabs
|
|
||||||
%define mcpath %sssdstatedir/mc
|
|
||||||
%define ldbdir %(pkg-config ldb --variable=modulesdir)
|
%define ldbdir %(pkg-config ldb --variable=modulesdir)
|
||||||
|
|
||||||
# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
|
# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
|
||||||
# %%_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins
|
# %_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins
|
||||||
# * cifs-utils one is the default (priority 20)
|
# * cifs-utils one is the default (priority 20)
|
||||||
# * installing SSSD should NOT switch to SSSD plugin (priority 10)
|
# * installing SSSD should NOT switch to SSSD plugin (priority 10)
|
||||||
%define cifs_idmap_plugin %_sysconfdir/cifs-utils/idmap-plugin
|
%define cifs_idmap_plugin %_sysconfdir/cifs-utils/idmap-plugin
|
||||||
@ -133,11 +115,11 @@ Requires(post): update-alternatives
|
|||||||
Requires(postun): update-alternatives
|
Requires(postun): update-alternatives
|
||||||
|
|
||||||
%description
|
%description
|
||||||
A set of daemons to manage access to remote directories and
|
Provides a set of daemons to manage access to remote directories and
|
||||||
authentication mechanisms. sssd provides an NSS and PAM interfaces
|
authentication mechanisms. It provides an NSS and PAM interface toward
|
||||||
toward the system and a pluggable backend system to connect to
|
the system and a pluggable backend system to connect to multiple different
|
||||||
multiple different account sources. It is also the basis to provide
|
account sources. It is also the basis to provide client auditing and policy
|
||||||
client auditing and policy services for projects like FreeIPA.
|
services for projects like FreeIPA.
|
||||||
|
|
||||||
%package ad
|
%package ad
|
||||||
Summary: The ActiveDirectory backend plugin for sssd
|
Summary: The ActiveDirectory backend plugin for sssd
|
||||||
@ -147,8 +129,9 @@ Requires: %name-krb5-common = %version-%release
|
|||||||
Requires: adcli
|
Requires: adcli
|
||||||
|
|
||||||
%description ad
|
%description ad
|
||||||
A back-end provider that the SSSD can utilize to fetch identity data
|
Provides the Active Directory back end that the SSSD can utilize to
|
||||||
from, and authenticate with, an Active Directory server.
|
fetch identity data from and authenticate against an Active Directory
|
||||||
|
server.
|
||||||
|
|
||||||
%package dbus
|
%package dbus
|
||||||
Summary: The D-Bus responder of sssd
|
Summary: The D-Bus responder of sssd
|
||||||
@ -157,7 +140,7 @@ Group: System/Base
|
|||||||
Requires: %name = %version
|
Requires: %name = %version
|
||||||
|
|
||||||
%description dbus
|
%description dbus
|
||||||
D-Bus responder of sssd, called InfoPipe, which allows
|
Provides the D-Bus responder of sssd, called InfoPipe, which allows
|
||||||
information from sssd to be transmitted over the system bus.
|
information from sssd to be transmitted over the system bus.
|
||||||
|
|
||||||
%package ipa
|
%package ipa
|
||||||
@ -171,8 +154,8 @@ Obsoletes: %name-ipa-provider < %version-%release
|
|||||||
Provides: %name-ipa-provider = %version-%release
|
Provides: %name-ipa-provider = %version-%release
|
||||||
|
|
||||||
%description ipa
|
%description ipa
|
||||||
A back-end provider that the SSSD can utilize to fetch identity data
|
Provides the IPA back end that the SSSD can utilize to fetch identity
|
||||||
from, and authenticate with, an IPA server.
|
data from and authenticate against an IPA server.
|
||||||
|
|
||||||
%package kcm
|
%package kcm
|
||||||
Summary: SSSD's Kerberos cache manager
|
Summary: SSSD's Kerberos cache manager
|
||||||
@ -191,16 +174,14 @@ Group: System/Daemons
|
|||||||
Requires: %name-krb5-common = %version-%release
|
Requires: %name-krb5-common = %version-%release
|
||||||
|
|
||||||
%description krb5
|
%description krb5
|
||||||
A back-end provider that the SSSD can utilize to authenticate against
|
Provides the Kerberos back end that the SSSD can utilize authenticate
|
||||||
a Kerberos server.
|
against a Kerberos server.
|
||||||
|
|
||||||
%package krb5-common
|
%package krb5-common
|
||||||
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
|
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
Group: System/Daemons
|
Group: System/Daemons
|
||||||
Requires: cyrus-sasl-gssapi
|
Requires: cyrus-sasl-gssapi
|
||||||
Requires(post): permissions
|
|
||||||
Requires(verify): permissions
|
|
||||||
|
|
||||||
%description krb5-common
|
%description krb5-common
|
||||||
Provides helper processes that the LDAP and Kerberos back ends can
|
Provides helper processes that the LDAP and Kerberos back ends can
|
||||||
@ -213,8 +194,8 @@ Group: System/Daemons
|
|||||||
Requires: %name-krb5-common = %version-%release
|
Requires: %name-krb5-common = %version-%release
|
||||||
|
|
||||||
%description ldap
|
%description ldap
|
||||||
A back-end provider that the SSSD can utilize to fetch identity data
|
Provides the LDAP back end that the SSSD can utilize to fetch
|
||||||
from, and authenticate with, an LDAP server.
|
identity data from and authenticate against an LDAP server.
|
||||||
|
|
||||||
%package proxy
|
%package proxy
|
||||||
Summary: The proxy backend plugin for sssd
|
Summary: The proxy backend plugin for sssd
|
||||||
@ -222,8 +203,8 @@ License: GPL-3.0-or-later
|
|||||||
Group: System/Daemons
|
Group: System/Daemons
|
||||||
|
|
||||||
%description proxy
|
%description proxy
|
||||||
A back-end provider which can be used to wrap existing NSS and/or PAM
|
Provides the proxy back end which can be used to wrap an existing NSS
|
||||||
modules to leverage SSSD caching. (This can replace nscd.)
|
and/or PAM modules to leverage SSSD caching.
|
||||||
|
|
||||||
%package tools
|
%package tools
|
||||||
Summary: Commandline tools for sssd
|
Summary: Commandline tools for sssd
|
||||||
@ -233,7 +214,7 @@ Requires: python3-sssd-config = %version-%release
|
|||||||
Requires: sssd = %version
|
Requires: sssd = %version
|
||||||
|
|
||||||
%description tools
|
%description tools
|
||||||
The packages contains command-line tools for managing users and groups using
|
The packages contains commandline tools for managing users and groups using
|
||||||
the "local" id provider of the System Security Services Daemon (sssd).
|
the "local" id provider of the System Security Services Daemon (sssd).
|
||||||
|
|
||||||
%package winbind-idmap
|
%package winbind-idmap
|
||||||
@ -250,7 +231,7 @@ License: LGPL-3.0-or-later
|
|||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
|
|
||||||
%description -n libsss_certmap0
|
%description -n libsss_certmap0
|
||||||
A utility library for FreeIPA to map certificates.
|
A utility library for FreeIPA to map certs.
|
||||||
|
|
||||||
%package -n libsss_certmap-devel
|
%package -n libsss_certmap-devel
|
||||||
Summary: Development files for the FreeIPA certmap library
|
Summary: Development files for the FreeIPA certmap library
|
||||||
@ -259,7 +240,7 @@ Group: Development/Libraries/C and C++
|
|||||||
Requires: libsss_certmap0 = %version
|
Requires: libsss_certmap0 = %version
|
||||||
|
|
||||||
%description -n libsss_certmap-devel
|
%description -n libsss_certmap-devel
|
||||||
A utility library for FreeIPA to map certificates.
|
A utility library for FreeIPA to map certs.
|
||||||
|
|
||||||
%package -n libipa_hbac0
|
%package -n libipa_hbac0
|
||||||
Summary: FreeIPA HBAC Evaluator library
|
Summary: FreeIPA HBAC Evaluator library
|
||||||
@ -323,6 +304,7 @@ Requires: libsss_nss_idmap0 = %version
|
|||||||
%description -n libsss_nss_idmap-devel
|
%description -n libsss_nss_idmap-devel
|
||||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
||||||
|
|
||||||
|
%if 0%{?suse_version} < 1600
|
||||||
%package -n libsss_simpleifp0
|
%package -n libsss_simpleifp0
|
||||||
Summary: The SSSD D-Bus responder helper library
|
Summary: The SSSD D-Bus responder helper library
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
@ -345,6 +327,7 @@ Requires: libsss_simpleifp0 = %version
|
|||||||
This subpackage provides the development files for sssd's simpleifp,
|
This subpackage provides the development files for sssd's simpleifp,
|
||||||
a library that simplifies the D-Bus API for the SSSD InfoPipe
|
a library that simplifies the D-Bus API for the SSSD InfoPipe
|
||||||
responder.
|
responder.
|
||||||
|
%endif
|
||||||
|
|
||||||
%package -n libsss_sudo
|
%package -n libsss_sudo
|
||||||
Summary: A library to allow communication between sudo and SSSD
|
Summary: A library to allow communication between sudo and SSSD
|
||||||
@ -411,38 +394,32 @@ autoreconf -fiv
|
|||||||
--with-environment-file="%_sysconfdir/sysconfig/sssd" \
|
--with-environment-file="%_sysconfdir/sysconfig/sssd" \
|
||||||
--with-initscript=systemd \
|
--with-initscript=systemd \
|
||||||
--with-syslog=journald \
|
--with-syslog=journald \
|
||||||
--with-pid-path="%_rundir/sssd" \
|
--with-pid-path="%_rundir" \
|
||||||
|
--enable-nsslibdir="/%_lib" \
|
||||||
--enable-pammoddir="%_pam_moduledir" \
|
--enable-pammoddir="%_pam_moduledir" \
|
||||||
--with-ldb-lib-dir="%ldbdir" \
|
--with-ldb-lib-dir="%ldbdir" \
|
||||||
--with-os=suse \
|
--with-os=suse \
|
||||||
--disable-ldb-version-check \
|
--disable-ldb-version-check \
|
||||||
--without-python2-bindings \
|
--without-python2-bindings \
|
||||||
--without-oidc-child \
|
--without-oidc-child \
|
||||||
--with-sssd-user="%sssd_user" \
|
|
||||||
%if 0%{?suse_version} >= 1600
|
%if 0%{?suse_version} >= 1600
|
||||||
--with-selinux=yes \
|
--with-selinux=yes \
|
||||||
--with-subid
|
--with-subid
|
||||||
%else
|
%else
|
||||||
--with-selinux=no \
|
--with-selinux=no \
|
||||||
|
--with-semanage=no \
|
||||||
--with-libsifp \
|
--with-libsifp \
|
||||||
--with-files-provider
|
--with-files-provider
|
||||||
%endif
|
%endif
|
||||||
%make_build all
|
%make_build all
|
||||||
|
|
||||||
%install
|
%install
|
||||||
# sss_obfuscate is compatible with both Python 2 and 3
|
# sss_obfuscate is compatible with both python 2 and 3
|
||||||
perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate
|
perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate
|
||||||
%make_install dbuspolicydir=%_datadir/dbus-1/system.d
|
%make_install dbuspolicydir=%_datadir/dbus-1/system.d
|
||||||
b="%buildroot"
|
b="%buildroot"
|
||||||
|
|
||||||
# Copy some defaults
|
# Copy some defaults
|
||||||
%if "%{?_distconfdir}" != ""
|
|
||||||
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
|
|
||||||
install -d -m 0755 "$b/%_distconfdir/sssd/conf.d"
|
|
||||||
%else
|
|
||||||
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
|
|
||||||
install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d"
|
|
||||||
%endif
|
|
||||||
install -d "$b/%_unitdir"
|
install -d "$b/%_unitdir"
|
||||||
%if 0%{?suse_version} > 1500
|
%if 0%{?suse_version} > 1500
|
||||||
install -d "$b/%_distconfdir/logrotate.d"
|
install -d "$b/%_distconfdir/logrotate.d"
|
||||||
@ -464,49 +441,23 @@ find "$b" -type f -name "*.la" -print -delete
|
|||||||
%find_lang %name --all-name
|
%find_lang %name --all-name
|
||||||
|
|
||||||
# dummy target for cifs-idmap-plugin
|
# dummy target for cifs-idmap-plugin
|
||||||
mkdir -pv "$b/%_sysconfdir/alternatives" "$b/%_sysconfdir/cifs-utils"
|
mkdir -pv %buildroot/%_sysconfdir/alternatives %buildroot/%_sysconfdir/cifs-utils
|
||||||
ln -sfv "%_sysconfdir/alternatives/%cifs_idmap_name" "$b/%cifs_idmap_plugin"
|
ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
|
||||||
%python3_fix_shebang
|
%python3_fix_shebang
|
||||||
%if 0%{?suse_version} > 1600
|
%if %{suse_version} >= 1600
|
||||||
%python3_fix_shebang_path %buildroot/%_libexecdir/%name/sss_analyze
|
%python3_fix_shebang_path %{buildroot}/%{_libexecdir}/%{name}/
|
||||||
%elif 0%{?suse_version} == 1600
|
|
||||||
# python3_fix_shebang_path macro does not exist in < 1600, was added in python-rom-macros 20231204
|
|
||||||
sed -i '1s@#!.*python.*@#!%_bindir/python3.11@' "$b/%_libexecdir/%name/sss_analyze"
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
echo 'u sssd - "System Security Services Daemon" /run/sssd /sbin/nologin' >system-user-sssd.conf
|
|
||||||
mkdir -p "$b/%_sysusersdir" "$b/etc/permissions.d"
|
|
||||||
cp -a system-user-sssd.conf "$b/%_sysusersdir/"
|
|
||||||
%sysusers_generate_pre system-user-sssd.conf random system-user-sssd.conf
|
|
||||||
install -Dpm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf"
|
|
||||||
#
|
|
||||||
# Security considerations for capabilities, chown and stuff:
|
|
||||||
# https://www.openwall.com/lists/oss-security/2024/12/19/1
|
|
||||||
#
|
|
||||||
# should match entry from %%files list
|
|
||||||
cat >"$b/etc/permissions.d/sssd" <<-EOF
|
|
||||||
%_libexecdir/sssd/sssd_pam root:sssd 0750
|
|
||||||
+capabilities cap_dac_read_search=p
|
|
||||||
%_libexecdir/sssd/selinux_child root:sssd 0750
|
|
||||||
+capabilities cap_setgid,cap_setuid=p
|
|
||||||
%_libexecdir/sssd/krb5_child root:sssd 0750
|
|
||||||
+capabilities cap_dac_read_search,cap_setgid,cap_setuid=p
|
|
||||||
%_libexecdir/sssd/ldap_child root:sssd 0750
|
|
||||||
+capabilities cap_dac_read_search=p
|
|
||||||
EOF
|
|
||||||
|
|
||||||
%check
|
%check
|
||||||
# sss_config-tests fails
|
# sss_config-tests fails
|
||||||
%make_build check || :
|
%make_build check || :
|
||||||
|
|
||||||
%pre -f random.pre
|
%pre
|
||||||
%service_add_pre sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_add_pre sssd.service
|
||||||
%if "%{?_distconfdir}" != ""
|
|
||||||
# Prepare for migration to /usr/etc; save any old .rpmsave
|
# Prepare for migration to /usr/etc; save any old .rpmsave
|
||||||
for i in sssd/sssd.conf pam.d/sssd-shadowutils logrotate.d/sssd ; do
|
for i in sssd/sssd.conf pam.d/sssd-shadowutils logrotate.d/sssd ; do
|
||||||
test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i.rpmsave.old" || :
|
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
|
||||||
done
|
done
|
||||||
%endif
|
|
||||||
|
|
||||||
%post
|
%post
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
@ -514,38 +465,38 @@ done
|
|||||||
if [ -f "%_sysconfdir/sssd/sssd.conf" ]; then
|
if [ -f "%_sysconfdir/sssd/sssd.conf" ]; then
|
||||||
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' "%_sysconfdir/sssd/sssd.conf"
|
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' "%_sysconfdir/sssd/sssd.conf"
|
||||||
fi
|
fi
|
||||||
%service_add_post sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_add_post sssd.service
|
||||||
|
|
||||||
%_bindir/rm -f %mcpath/passwd %mcpath/group %mcpath/initgroups %mcpath/sid
|
|
||||||
%tmpfiles_create %name.conf
|
|
||||||
%set_permissions %_libexecdir/%name/selinux_child %_libexecdir/%name/sssd_pam
|
|
||||||
|
|
||||||
# install SSSD cifs-idmap plugin as an alternative
|
# install SSSD cifs-idmap plugin as an alternative
|
||||||
update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority
|
update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%service_del_preun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_del_preun sssd.service
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
if [ "$1" = "0" ] && [ -x "%_sbindir/pam-config" ]; then
|
if [ "$1" = "0" -a -x "%_sbindir/pam-config" ]; then
|
||||||
"%_sbindir/pam-config" -d --sss || :
|
"%_sbindir/pam-config" -d --sss || :
|
||||||
fi
|
fi
|
||||||
# del_postun includes a try-restart
|
# del_postun includes a try-restart
|
||||||
%service_del_postun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_del_postun sssd.service
|
||||||
|
|
||||||
if [ ! -f "%cifs_idmap_lib" ]; then
|
if [ ! -f "%cifs_idmap_lib" ]; then
|
||||||
update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib
|
update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%ldconfig_scriptlets -n libsss_certmap0
|
%post -n libsss_certmap0 -p /sbin/ldconfig
|
||||||
%ldconfig_scriptlets -n libipa_hbac0
|
%postun -n libsss_certmap0 -p /sbin/ldconfig
|
||||||
%ldconfig_scriptlets -n libsss_idmap0
|
%post -n libipa_hbac0 -p /sbin/ldconfig
|
||||||
%ldconfig_scriptlets -n libsss_nss_idmap0
|
%postun -n libipa_hbac0 -p /sbin/ldconfig
|
||||||
%ldconfig_scriptlets -n libsss_simpleifp0
|
%post -n libsss_idmap0 -p /sbin/ldconfig
|
||||||
|
%postun -n libsss_idmap0 -p /sbin/ldconfig
|
||||||
%verifyscript
|
%post -n libsss_nss_idmap0 -p /sbin/ldconfig
|
||||||
%verify_permissions -e %_libexecdir/%name/selinux_child %_libexecdir/%name/sssd_pam
|
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
|
||||||
|
%if 0%{?suse_version} < 1600
|
||||||
|
%post -n libsss_simpleifp0 -p /sbin/ldconfig
|
||||||
|
%postun -n libsss_simpleifp0 -p /sbin/ldconfig
|
||||||
|
%endif
|
||||||
|
|
||||||
%triggerun -- %name < %version-%release
|
%triggerun -- %name < %version-%release
|
||||||
# sssd takes care of upgrading the database but it doesn't handle downgrades.
|
# sssd takes care of upgrading the database but it doesn't handle downgrades.
|
||||||
@ -580,52 +531,40 @@ fi
|
|||||||
%postun kcm
|
%postun kcm
|
||||||
%service_del_postun sssd-kcm.service sssd-kcm.socket
|
%service_del_postun sssd-kcm.service sssd-kcm.socket
|
||||||
|
|
||||||
%pre krb5-common -f random.pre
|
|
||||||
|
|
||||||
%post krb5-common
|
|
||||||
%set_permissions %_libexecdir/%name/krb5_child %_libexecdir/%name/ldap_child
|
|
||||||
|
|
||||||
%verifyscript krb5-common
|
|
||||||
%verify_permissions -e %_libexecdir/%name/krb5_child %_libexecdir/%name/ldap_child
|
|
||||||
|
|
||||||
%pre proxy -f random.pre
|
|
||||||
|
|
||||||
%pretrans
|
%pretrans
|
||||||
# Migrate sssd.service from sssd-common to sssd
|
# Migrate sssd.service from sssd-common to sssd
|
||||||
systemctl is-enabled sssd.service > /dev/null
|
systemctl is-enabled sssd.service > /dev/null
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
mkdir -p /run/systemd/rpm/
|
mkdir -p /run/systemd/rpm/
|
||||||
touch /run/systemd/rpm/sssd-was-enabled
|
touch /run/systemd/rpm/sssd-was-enabled
|
||||||
fi
|
fi
|
||||||
systemctl is-active sssd.service > /dev/null
|
systemctl is-active sssd.service > /dev/null
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
mkdir -p /run/systemd/rpm/
|
mkdir -p /run/systemd/rpm/
|
||||||
touch /run/systemd/rpm/sssd-was-active
|
touch /run/systemd/rpm/sssd-was-active
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%posttrans
|
%posttrans
|
||||||
%if "%{?_distconfdir}" != ""
|
|
||||||
# Migration to /usr/etc, restore just created .rpmsave
|
# Migration to /usr/etc, restore just created .rpmsave
|
||||||
for i in sssd/sssd.conf logrotate.d/sssd pam.d/sssd-shadowutils ; do
|
for i in sssd/sssd.conf logrotate.d/sssd pam.d/sssd-shadowutils ; do
|
||||||
test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i" || :
|
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
|
||||||
done
|
done
|
||||||
%endif
|
|
||||||
# Migrate sssd.service from sssd-common to sssd
|
# Migrate sssd.service from sssd-common to sssd
|
||||||
if [ -e /run/systemd/rpm/sssd-was-enabled ]; then
|
if [ -e /run/systemd/rpm/sssd-was-enabled ]; then
|
||||||
systemctl is-enabled sssd.service >/dev/null
|
systemctl is-enabled sssd.service > /dev/null
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Migrating sssd.service, was enabled"
|
echo "Migrating sssd.service, was enabled"
|
||||||
systemctl enable sssd.service
|
systemctl enable sssd.service
|
||||||
fi
|
fi
|
||||||
rm /run/systemd/rpm/sssd-was-enabled
|
rm /run/systemd/rpm/sssd-was-enabled
|
||||||
fi
|
fi
|
||||||
if [ -e /run/systemd/rpm/sssd-was-active ]; then
|
if [ -e /run/systemd/rpm/sssd-was-active ]; then
|
||||||
systemctl is-active sssd.service >/dev/null
|
systemctl is-active sssd.service > /dev/null
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo "Migrating sssd.service, was active"
|
echo "Migrating sssd.service, was active"
|
||||||
systemctl start sssd.service
|
systemctl start sssd.service
|
||||||
fi
|
fi
|
||||||
rm /run/systemd/rpm/sssd-was-active
|
rm /run/systemd/rpm/sssd-was-active
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%files -f sssd.lang
|
%files -f sssd.lang
|
||||||
@ -638,15 +577,12 @@ fi
|
|||||||
%_unitdir/sssd-pac.socket
|
%_unitdir/sssd-pac.socket
|
||||||
%_unitdir/sssd-pac.service
|
%_unitdir/sssd-pac.service
|
||||||
%_unitdir/sssd-pam.socket
|
%_unitdir/sssd-pam.socket
|
||||||
|
%_unitdir/sssd-pam-priv.socket
|
||||||
%_unitdir/sssd-pam.service
|
%_unitdir/sssd-pam.service
|
||||||
%_unitdir/sssd-ssh.socket
|
%_unitdir/sssd-ssh.socket
|
||||||
%_unitdir/sssd-ssh.service
|
%_unitdir/sssd-ssh.service
|
||||||
%_unitdir/sssd-sudo.socket
|
%_unitdir/sssd-sudo.socket
|
||||||
%_unitdir/sssd-sudo.service
|
%_unitdir/sssd-sudo.service
|
||||||
%_sysusersdir/*sssd*
|
|
||||||
%_tmpfilesdir/*sssd*
|
|
||||||
%_sysconfdir/permissions.d/*
|
|
||||||
%_datadir/polkit-1/
|
|
||||||
%_bindir/sss_ssh_*
|
%_bindir/sss_ssh_*
|
||||||
%_sbindir/sssd
|
%_sbindir/sssd
|
||||||
%if 0%{?suse_version} < 1600
|
%if 0%{?suse_version} < 1600
|
||||||
@ -690,6 +626,7 @@ fi
|
|||||||
%_libdir/%name/libsss_files*
|
%_libdir/%name/libsss_files*
|
||||||
%endif
|
%endif
|
||||||
%_libdir/%name/libsss_iface*
|
%_libdir/%name/libsss_iface*
|
||||||
|
%_libdir/%name/libsss_semanage*
|
||||||
%_libdir/%name/libsss_sbus*
|
%_libdir/%name/libsss_sbus*
|
||||||
%_libdir/%name/libsss_simple*
|
%_libdir/%name/libsss_simple*
|
||||||
%_libdir/%name/libsss_util*
|
%_libdir/%name/libsss_util*
|
||||||
@ -702,34 +639,24 @@ fi
|
|||||||
%_libexecdir/%name/sssd_autofs
|
%_libexecdir/%name/sssd_autofs
|
||||||
%_libexecdir/%name/sssd_be
|
%_libexecdir/%name/sssd_be
|
||||||
%_libexecdir/%name/sssd_nss
|
%_libexecdir/%name/sssd_nss
|
||||||
%attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/sssd_pam
|
%_libexecdir/%name/sssd_pam
|
||||||
%_libexecdir/%name/sssd_ssh
|
%_libexecdir/%name/sssd_ssh
|
||||||
%_libexecdir/%name/sssd_sudo
|
%_libexecdir/%name/sssd_sudo
|
||||||
%_libexecdir/%name/sss_signal
|
%_libexecdir/%name/sss_signal
|
||||||
%_libexecdir/%name/sssd_check_socket_activated_responders
|
%_libexecdir/%name/sssd_check_socket_activated_responders
|
||||||
%if 0%{?suse_version} >= 1600
|
%if 0%{?suse_version} >= 1600
|
||||||
%attr(750,root,%sssd_user) %caps(cap_setgid,cap_setuid=p) %_libexecdir/%name/selinux_child
|
%_libexecdir/%name/selinux_child
|
||||||
%endif
|
%endif
|
||||||
%dir %sssdstatedir
|
%dir %sssdstatedir
|
||||||
%attr(700,%sssd_user,%sssd_user) %dir %dbpath/
|
%attr(700,root,root) %dir %dbpath/
|
||||||
%attr(755,%sssd_user,%sssd_user) %dir %pipepath/
|
%attr(755,root,root) %dir %pipepath/
|
||||||
%attr(700,%sssd_user,%sssd_user) %dir %pipepath/private/
|
%attr(700,root,root) %dir %pipepath/private/
|
||||||
%attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/
|
%attr(755,root,root) %dir %pubconfpath/
|
||||||
%attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/krb5.include.d
|
%attr(755,root,root) %dir %pubconfpath/krb5.include.d
|
||||||
%attr(755,%sssd_user,%sssd_user) %dir %gpocachepath/
|
%attr(755,root,root) %dir %gpocachepath/
|
||||||
%attr(755,%sssd_user,%sssd_user) %dir %mcpath/
|
%attr(755,root,root) %dir %sssdstatedir/mc/
|
||||||
%attr(700,%sssd_user,%sssd_user) %dir %keytabdir/
|
%attr(700,root,root) %dir %sssdstatedir/keytabs/
|
||||||
%attr(750,%sssd_user,%sssd_user) %dir %_localstatedir/log/%name/
|
%attr(750,root,root) %dir %_localstatedir/log/%name/
|
||||||
%attr(775,%sssd_user,%sssd_user) %dir %sssdstatedir/
|
|
||||||
%if "%{?_distconfdir}" != ""
|
|
||||||
%attr(750,root,%sssd_user) %dir %_distconfdir/sssd/
|
|
||||||
%attr(750,root,%sssd_user) %dir %_distconfdir/sssd/conf.d
|
|
||||||
%attr(640,root,%sssd_user) %_distconfdir/sssd/sssd.conf
|
|
||||||
%else
|
|
||||||
%attr(750,root,%sssd_user) %dir %_sysconfdir/sssd/
|
|
||||||
%attr(750,root,%sssd_user) %dir %_sysconfdir/sssd/conf.d
|
|
||||||
%ghost %attr(640,root,%sssd_user) %config(noreplace) %_sysconfdir/sssd/sssd.conf
|
|
||||||
%endif
|
|
||||||
%if 0%{?suse_version} > 1500
|
%if 0%{?suse_version} > 1500
|
||||||
%_distconfdir/logrotate.d/sssd
|
%_distconfdir/logrotate.d/sssd
|
||||||
%_pam_vendordir/sssd-shadowutils
|
%_pam_vendordir/sssd-shadowutils
|
||||||
@ -747,12 +674,11 @@ fi
|
|||||||
%else
|
%else
|
||||||
%exclude %_mandir/*/*/sssd-files.5.gz
|
%exclude %_mandir/*/*/sssd-files.5.gz
|
||||||
%endif
|
%endif
|
||||||
%attr(775,%sssd_user,%sssd_user) %ghost %dir %_rundir/sssd
|
|
||||||
%doc src/examples/sssd.conf
|
%doc src/examples/sssd.conf
|
||||||
#
|
#
|
||||||
# sssd-client
|
# sssd-client
|
||||||
#
|
#
|
||||||
%_libdir/libnss_sss.so.2
|
/%_lib/libnss_sss.so.2
|
||||||
%_pam_moduledir/pam_sss.so
|
%_pam_moduledir/pam_sss.so
|
||||||
%_pam_moduledir/pam_sss_gss.so
|
%_pam_moduledir/pam_sss_gss.so
|
||||||
%_libdir/krb5/
|
%_libdir/krb5/
|
||||||
@ -837,8 +763,8 @@ fi
|
|||||||
%dir %_libdir/%name/
|
%dir %_libdir/%name/
|
||||||
%_libdir/%name/libsss_krb5_common.so
|
%_libdir/%name/libsss_krb5_common.so
|
||||||
%dir %_libexecdir/%name/
|
%dir %_libexecdir/%name/
|
||||||
%attr(750,root,%sssd_user) %caps(cap_dac_read_search,cap_setgid,cap_setuid=p) %_libexecdir/%name/krb5_child
|
%_libexecdir/%name/krb5_child
|
||||||
%attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/ldap_child
|
%_libexecdir/%name/ldap_child
|
||||||
|
|
||||||
%files ldap
|
%files ldap
|
||||||
%dir %_libdir/%name/
|
%dir %_libdir/%name/
|
||||||
@ -855,7 +781,7 @@ fi
|
|||||||
%dir %_libdir/%name/
|
%dir %_libdir/%name/
|
||||||
%_libdir/%name/libsss_proxy.so
|
%_libdir/%name/libsss_proxy.so
|
||||||
%dir %_libexecdir/%name/
|
%dir %_libexecdir/%name/
|
||||||
%attr(750,root,%sssd_user) %_libexecdir/%name/proxy_child
|
%_libexecdir/%name/proxy_child
|
||||||
%dir %_datadir/%name/
|
%dir %_datadir/%name/
|
||||||
%dir %_datadir/%name/sssd.api.d/
|
%dir %_datadir/%name/sssd.api.d/
|
||||||
%_datadir/%name/sssd.api.d/sssd-proxy.conf
|
%_datadir/%name/sssd.api.d/sssd-proxy.conf
|
||||||
@ -876,8 +802,7 @@ fi
|
|||||||
%python3_sitelib/sssd/
|
%python3_sitelib/sssd/
|
||||||
|
|
||||||
%files winbind-idmap
|
%files winbind-idmap
|
||||||
%dir %_libdir/samba/
|
%_libdir/samba/
|
||||||
%_libdir/samba/idmap/
|
|
||||||
%_mandir/man8/idmap_sss.8*
|
%_mandir/man8/idmap_sss.8*
|
||||||
|
|
||||||
%files -n libipa_hbac0
|
%files -n libipa_hbac0
|
||||||
|
@ -12,14 +12,14 @@ libsss_ldap.so(-2.7.4) cannot find a libsss_util.so(-2.7.4), since
|
|||||||
the system only has libsss_util.so(-2.8.2) at this point.
|
the system only has libsss_util.so(-2.8.2) at this point.
|
||||||
|
|
||||||
---
|
---
|
||||||
Makefile.am | 44 ++++++++++++++++++++++++++++++--------------
|
Makefile.am | 47 ++++++++++++++++++++++++++++++++---------------
|
||||||
1 file changed, 30 insertions(+), 14 deletions(-)
|
1 file changed, 32 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
Index: sssd-2.10.1/Makefile.am
|
Index: sssd-2.9.2/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- sssd-2.10.1.orig/Makefile.am
|
--- sssd-2.9.2.orig/Makefile.am
|
||||||
+++ sssd-2.10.1/Makefile.am
|
+++ sssd-2.9.2/Makefile.am
|
||||||
@@ -971,7 +971,11 @@ libsss_debug_la_SOURCES = \
|
@@ -955,7 +955,11 @@ libsss_debug_la_SOURCES = \
|
||||||
libsss_debug_la_LIBADD = \
|
libsss_debug_la_LIBADD = \
|
||||||
$(SYSLOG_LIBS)
|
$(SYSLOG_LIBS)
|
||||||
libsss_debug_la_LDFLAGS = \
|
libsss_debug_la_LDFLAGS = \
|
||||||
@ -32,7 +32,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_child.la
|
pkglib_LTLIBRARIES += libsss_child.la
|
||||||
libsss_child_la_SOURCES = src/util/child_common.c
|
libsss_child_la_SOURCES = src/util/child_common.c
|
||||||
@@ -981,7 +985,8 @@ libsss_child_la_LIBADD = \
|
@@ -965,7 +969,8 @@ libsss_child_la_LIBADD = \
|
||||||
$(DHASH_LIBS) \
|
$(DHASH_LIBS) \
|
||||||
libsss_debug.la \
|
libsss_debug.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
@ -42,7 +42,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_crypt.la
|
pkglib_LTLIBRARIES += libsss_crypt.la
|
||||||
|
|
||||||
@@ -1021,7 +1026,8 @@ libsss_crypt_la_LIBADD = \
|
@@ -1004,7 +1009,8 @@ libsss_crypt_la_LIBADD = \
|
||||||
libsss_debug.la \
|
libsss_debug.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_crypt_la_LDFLAGS = \
|
libsss_crypt_la_LDFLAGS = \
|
||||||
@ -52,7 +52,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_cert.la
|
pkglib_LTLIBRARIES += libsss_cert.la
|
||||||
|
|
||||||
@@ -1046,8 +1052,9 @@ libsss_cert_la_LIBADD = \
|
@@ -1029,8 +1035,9 @@ libsss_cert_la_LIBADD = \
|
||||||
libsss_debug.la \
|
libsss_debug.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_cert_la_LDFLAGS = \
|
libsss_cert_la_LDFLAGS = \
|
||||||
@ -63,7 +63,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
generate-sbus-code:
|
generate-sbus-code:
|
||||||
$(builddir)/sbus_generate.sh $(abs_srcdir)
|
$(builddir)/sbus_generate.sh $(abs_srcdir)
|
||||||
@@ -1148,8 +1155,9 @@ libsss_sbus_la_CFLAGS = \
|
@@ -1131,8 +1138,9 @@ libsss_sbus_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_sbus_la_LDFLAGS = \
|
libsss_sbus_la_LDFLAGS = \
|
||||||
@ -74,7 +74,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_sbus_sync.la
|
pkglib_LTLIBRARIES += libsss_sbus_sync.la
|
||||||
libsss_sbus_sync_la_SOURCES = \
|
libsss_sbus_sync_la_SOURCES = \
|
||||||
@@ -1184,8 +1192,9 @@ libsss_sbus_sync_la_CFLAGS = \
|
@@ -1167,8 +1175,9 @@ libsss_sbus_sync_la_CFLAGS = \
|
||||||
$(UNICODE_LIBS) \
|
$(UNICODE_LIBS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_sbus_sync_la_LDFLAGS = \
|
libsss_sbus_sync_la_LDFLAGS = \
|
||||||
@ -85,7 +85,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_iface.la
|
pkglib_LTLIBRARIES += libsss_iface.la
|
||||||
libsss_iface_la_SOURCES = \
|
libsss_iface_la_SOURCES = \
|
||||||
@@ -1214,8 +1223,9 @@ libsss_iface_la_CFLAGS = \
|
@@ -1197,8 +1206,9 @@ libsss_iface_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_iface_la_LDFLAGS = \
|
libsss_iface_la_LDFLAGS = \
|
||||||
@ -96,7 +96,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_iface_sync.la
|
pkglib_LTLIBRARIES += libsss_iface_sync.la
|
||||||
libsss_iface_sync_la_SOURCES = \
|
libsss_iface_sync_la_SOURCES = \
|
||||||
@@ -1242,8 +1252,9 @@ libsss_iface_sync_la_CFLAGS = \
|
@@ -1225,8 +1235,9 @@ libsss_iface_sync_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_iface_sync_la_LDFLAGS = \
|
libsss_iface_sync_la_LDFLAGS = \
|
||||||
@ -107,7 +107,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_util.la
|
pkglib_LTLIBRARIES += libsss_util.la
|
||||||
libsss_util_la_SOURCES = \
|
libsss_util_la_SOURCES = \
|
||||||
@@ -1338,7 +1349,8 @@ endif
|
@@ -1322,7 +1333,8 @@ endif
|
||||||
if BUILD_PASSKEY
|
if BUILD_PASSKEY
|
||||||
libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c
|
libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c
|
||||||
endif # BUILD_PASSKEY
|
endif # BUILD_PASSKEY
|
||||||
@ -115,9 +115,19 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
+libsss_util_la_LDFLAGS = -avoid-version ${symv}
|
+libsss_util_la_LDFLAGS = -avoid-version ${symv}
|
||||||
+EXTRA_libsss_util_la_DEPENDENCIES = x.sym
|
+EXTRA_libsss_util_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
|
pkglib_LTLIBRARIES += libsss_semanage.la
|
||||||
|
libsss_semanage_la_CFLAGS = \
|
||||||
|
@@ -1341,7 +1353,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_
|
||||||
|
endif
|
||||||
|
|
||||||
|
libsss_semanage_la_LDFLAGS = \
|
||||||
|
- -avoid-version
|
||||||
|
+ -avoid-version ${symv}
|
||||||
|
+EXTRA_libsss_semanage_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
SSSD_INTERNAL_LTLIBS = \
|
SSSD_INTERNAL_LTLIBS = \
|
||||||
libsss_util.la \
|
libsss_util.la \
|
||||||
@@ -1354,7 +1366,7 @@ lib_LTLIBRARIES = libipa_hbac.la \
|
@@ -1357,7 +1370,7 @@ lib_LTLIBRARIES = libipa_hbac.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
|
|
||||||
pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
|
pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
|
||||||
@ -126,7 +136,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
libipa_hbac_la_SOURCES = \
|
libipa_hbac_la_SOURCES = \
|
||||||
src/lib/ipa_hbac/hbac_evaluator.c \
|
src/lib/ipa_hbac/hbac_evaluator.c \
|
||||||
src/util/sss_utf8.c
|
src/util/sss_utf8.c
|
||||||
@@ -1682,8 +1694,9 @@ libifp_iface_la_CFLAGS = \
|
@@ -1688,8 +1701,9 @@ libifp_iface_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libifp_iface_la_LDFLAGS = \
|
libifp_iface_la_LDFLAGS = \
|
||||||
@ -137,7 +147,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libifp_iface_sync.la
|
pkglib_LTLIBRARIES += libifp_iface_sync.la
|
||||||
libifp_iface_sync_la_SOURCES = \
|
libifp_iface_sync_la_SOURCES = \
|
||||||
@@ -1708,8 +1721,9 @@ libifp_iface_sync_la_CFLAGS = \
|
@@ -1714,8 +1728,9 @@ libifp_iface_sync_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libifp_iface_sync_la_LDFLAGS = \
|
libifp_iface_sync_la_LDFLAGS = \
|
||||||
@ -148,7 +158,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
|
|
||||||
sssd_ifp_SOURCES = \
|
sssd_ifp_SOURCES = \
|
||||||
src/responder/ifp/ifpsrv.c \
|
src/responder/ifp/ifpsrv.c \
|
||||||
@@ -4314,8 +4328,9 @@ libsss_ldap_common_la_LIBADD = \
|
@@ -4314,8 +4329,9 @@ libsss_ldap_common_la_LIBADD = \
|
||||||
$(SSSD_INTERNAL_LTLIBS) \
|
$(SSSD_INTERNAL_LTLIBS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_ldap_common_la_LDFLAGS = \
|
libsss_ldap_common_la_LDFLAGS = \
|
||||||
@ -159,7 +169,7 @@ Index: sssd-2.10.1/Makefile.am
|
|||||||
if BUILD_SYSTEMTAP
|
if BUILD_SYSTEMTAP
|
||||||
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
|
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
|
||||||
endif
|
endif
|
||||||
@@ -4371,7 +4386,8 @@ libsss_krb5_common_la_LIBADD = \
|
@@ -4372,7 +4388,8 @@ libsss_krb5_common_la_LIBADD = \
|
||||||
$(SSSD_INTERNAL_LTLIBS) \
|
$(SSSD_INTERNAL_LTLIBS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_krb5_common_la_LDFLAGS = \
|
libsss_krb5_common_la_LDFLAGS = \
|
||||||
|
Loading…
Reference in New Issue
Block a user