From 68add0bc4331ca65fc3afb7632d2e33fffac3536bc07d5efd4732420bb5f636d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 9 Oct 2014 17:56:31 +0000 Subject: [PATCH 01/11] sssd-1.12.1 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=127 --- sssd-1.12.0.tar.gz | 3 - sssd-1.12.0.tar.gz.asc | 7 --- sssd-1.12.1.tar.gz | 3 + sssd-1.12.1.tar.gz.asc | 7 +++ sssd.spec | 122 ++++++++++++++++++++++++----------------- 5 files changed, 83 insertions(+), 59 deletions(-) delete mode 100644 sssd-1.12.0.tar.gz delete mode 100644 sssd-1.12.0.tar.gz.asc create mode 100644 sssd-1.12.1.tar.gz create mode 100644 sssd-1.12.1.tar.gz.asc diff --git a/sssd-1.12.0.tar.gz b/sssd-1.12.0.tar.gz deleted file mode 100644 index 347fd26..0000000 --- a/sssd-1.12.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d536471fbc4d4b9948adfb751b7a9df3405ddfbc58274d73adc0c997c91c6472 -size 3968855 diff --git a/sssd-1.12.0.tar.gz.asc b/sssd-1.12.0.tar.gz.asc deleted file mode 100644 index 91c9957..0000000 --- a/sssd-1.12.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlO9gK0ACgkQHsardTLnvCVxmACg1tRelGxCTMeHLjDkHAonfQzG -bz4AoL7RQa1oHlGtazWSzoMrambqy621 -=noRD ------END PGP SIGNATURE----- diff --git a/sssd-1.12.1.tar.gz b/sssd-1.12.1.tar.gz new file mode 100644 index 0000000..955ce67 --- /dev/null +++ b/sssd-1.12.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:18b2d7e93e77435708feaf3ff65656f89e5a531ae6d48c4bff98168f171ba8ff +size 4088341 diff --git a/sssd-1.12.1.tar.gz.asc b/sssd-1.12.1.tar.gz.asc new file mode 100644 index 0000000..bbfda1c --- /dev/null +++ b/sssd-1.12.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlQN/WkACgkQHsardTLnvCWhKgCgockfRoS89lFLzVsOWYFJbXUS +WroAn3lcdoVKWhnhOo+VAelcI3ySr6m3 +=PKS5 +-----END PGP SIGNATURE----- diff --git a/sssd.spec b/sssd.spec index 70bbf35..473564f 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.12.0 +Version: 1.12.1 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -39,12 +39,6 @@ Patch1: 0001-build-detect-endianness-at-configure-time.patch %define pipepath %sssdstatedir/pipes %define pubconfpath %sssdstatedir/pubconf -%if %suse_version <= 1110 -# SLES11 doesn't know the python_* macros -%define python_sitelib %py_sitedir -%define python_sitearch %py_sitedir -%endif - BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils @@ -54,8 +48,14 @@ BuildRequires: docbook-xsl-stylesheets BuildRequires: krb5-devel BuildRequires: libsmbclient-devel BuildRequires: libtool +BuildRequires: libxml2-tools +BuildRequires: libxslt-tools +BuildRequires: nscd +BuildRequires: openldap2-devel +BuildRequires: pam-devel +BuildRequires: pkg-config BuildRequires: pkgconfig >= 0.21 -%if 0%{?suse_version} >= 1210 +BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(augeas) >= 1.0.0 BuildRequires: pkgconfig(collection) >= 0.5.1 BuildRequires: pkgconfig(dbus-1) >= 1.0.0 @@ -64,54 +64,22 @@ BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(ini_config) >= 1.1.0 BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(libcares) +BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libnfsidmap) BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 BuildRequires: pkgconfig(libpcre) >= 7 +BuildRequires: pkgconfig(libsystemd-login) BuildRequires: pkgconfig(ndr_nbt) -BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) -%else -BuildRequires: augeas-devel -BuildRequires: dbus-1-devel >= 1.0.0 -BuildRequires: glib2-devel -BuildRequires: libcares-devel -BuildRequires: libcollection-devel >= 0.5.1 -BuildRequires: libdhash-devel >= 0.4.2 -BuildRequires: libini_config-devel >= 1.1.0 -BuildRequires: libldb-devel >= 0.9.2 -BuildRequires: libnl-devel >= 1.1 -BuildRequires: libopenssl-devel -BuildRequires: libtalloc-devel -BuildRequires: libtdb-devel >= 1.1.3 -BuildRequires: libtevent-devel -BuildRequires: pcre-devel >= 7 -BuildRequires: popt-devel -BuildRequires: python-devel -BuildRequires: samba-devel >= 4 -%endif -BuildRequires: samba-libs >= 4 -%if 0%{?suse_version} >= 1220 -BuildRequires: libxml2-tools -BuildRequires: libxslt-tools -%else -BuildRequires: libxml2 -BuildRequires: libxslt -%endif -BuildRequires: nscd -BuildRequires: openldap2-devel -BuildRequires: pam-devel -BuildRequires: pkg-config -%if %suse_version >= 1210 -BuildRequires: systemd-rpm-macros -BuildRequires: pkgconfig(libsystemd-login) %{?systemd_requires} -%endif Requires: sssd-ldap = %version-%release Requires(postun): pam-config +Provides: sssd-client = %version-%release %description Provides a set of daemons to manage access to remote directories and @@ -203,6 +171,29 @@ Requires: sssd = %version The packages contains commandline tools for managing users and groups using the "local" id provider of the System Security Services Daemon (sssd). +%package wbclient +Summary: SSSD's implementation of the Winbind pipe protocol +License: LGPL-3.0+ +Group: System/Libraries +AutoReqProv: off + +%description wbclient +sssd-wbclient implements the libwbclient API for Samba daemons and +utilities. The main purpose is to map Active Directory users and +groups identified by their SID to POSIX users and groups identified +by their POSIX UIDs and GIDs respectively. + +%package wbclient-devel +Summary: Development files for SSSD winbind +License: LGPL-3.0+ +Group: Development/Libraries/C and C++ + +%description wbclient-devel +sssd-wbclient implements the libwbclient API for Samba daemons and +utilities. The main purpose is to map Active Directory users and +groups identified by their SID to POSIX users and groups identified +by their POSIX UIDs and GIDs respectively. + %package -n libipa_hbac0 Summary: FreeIPA HBAC Evaluator library License: LGPL-3.0+ @@ -222,6 +213,15 @@ Requires: libipa_hbac0 = %version Utility library to validate FreeIPA HBAC rules for authorization requests. +%package -n libnfsidmap-sss +Summary: Library to allow communication between libnfsidmap and SSSD +License: GPL-3.0+ +Group: System/Libraries +Supplements: packageand(nfsidmap:sssd-client) + +%description -n libnfsidmap-sss +A utility library to allow communication between libnfsidmap and SSSD. + %package -n libsss_idmap0 Summary: FreeIPA ID mapping library License: LGPL-3.0+ @@ -284,6 +284,7 @@ Provides: libsss_sudo-devel = %version-%release Obsoletes: libsss_sudo-devel < %version-%release # No provides: true obsolete. Obsoletes: libsss_sudo1 +Supplements: packageand(sudo:sssd-client) %description -n libsss_sudo A utility library to allow communication between sudo and SSSD. @@ -441,7 +442,7 @@ rm -f /var/lib/sss/db/*.ldb %_sbindir/sssd %_sbindir/rcsssd %dir %_mandir/??/ -%dir %_mandir/??/man?/ +%dir %_mandir/??/man[158]/ %_mandir/??/man1/sss_ssh_* %_mandir/??/man5/sssd-simple.5* %_mandir/??/man5/sssd-sudo.5* @@ -458,7 +459,8 @@ rm -f /var/lib/sss/db/*.ldb %_libdir/%name/libsss_debug* %_libdir/%name/libsss_simple* %_libdir/%name/libsss_util* -%_libdir/%name/modules/ +%dir %_libdir/%name/modules/ +%_libdir/%name/modules/libsss_autofs.so %dir %_libdir/ldb/ %_libdir/ldb/memberof.so %dir %_libexecdir/%name/ @@ -504,9 +506,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ad.conf -%dir %_mandir/??/man5/ %_mandir/man5/sssd-ad.5* -%_mandir/??/man5/sssd-ad.5* %files dbus %defattr(-,root,root) @@ -515,6 +515,8 @@ rm -f /var/lib/sss/db/*.ldb %dir %_libdir/sssd/ %_libdir/sssd/libsss_config.so %_mandir/man5/sssd-ifp.5* +%dir %_mandir/??/ +%dir %_mandir/??/man5/ %_mandir/??/man5/sssd-ifp.5* #%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf #%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service @@ -526,6 +528,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d %_datadir/%name/sssd.api.d/sssd-ipa.conf +%dir %_mandir/??/ %dir %_mandir/??/man5/ %_mandir/man5/sssd-ipa.5* %_mandir/??/man5/sssd-ipa.5* @@ -537,6 +540,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-krb5.conf +%dir %_mandir/??/ %dir %_mandir/??/man5/ %_mandir/man5/sssd-krb5.5* %_mandir/??/man5/sssd-krb5.5* @@ -556,9 +560,10 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ldap.conf +%_mandir/man5/sssd-ldap.5* +%dir %_mandir/??/ %dir %_mandir/??/man5/ %_mandir/??/man5/sssd-ldap.5* -%_mandir/man5/sssd-ldap.5* %files proxy %defattr(-,root,root) @@ -587,6 +592,20 @@ rm -f /var/lib/sss/db/*.ldb %_mandir/??/man8/sss_*.8* %_mandir/man8/sss_*.8* +%files wbclient +%defattr(-,root,root) +%dir %_libdir/sssd/ +%dir %_libdir/sssd/modules/ +%_libdir/sssd/modules/libwbclient.so.* + +%files wbclient-devel +%defattr(-,root,root) +%_includedir/wbclient_sssd.h +%dir %_libdir/sssd/ +%dir %_libdir/sssd/modules/ +%_libdir/sssd/modules/libwbclient.so +%_libdir/pkgconfig/wbclient_sssd.pc + %files -n libipa_hbac0 %defattr(-,root,root) %_libdir/libipa_hbac.so.0* @@ -597,6 +616,11 @@ rm -f /var/lib/sss/db/*.ldb %_libdir/libipa_hbac.so %_libdir/pkgconfig/ipa_hbac.pc +%files -n libnfsidmap-sss +%defattr(-,root,root) +%_libdir/libnfsidmap/ +%_mandir/man5/sss_rpcidmapd.5* + %files -n libsss_idmap0 %defattr(-,root,root) %_libdir/libsss_idmap.so.0* From 8ca2d3df1ce5c8c711697d6d77786e661c8842351b92e19bd6f0eaea3f5f71cb Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 10 Oct 2014 07:25:15 +0000 Subject: [PATCH 02/11] Changelog summary from varkoly OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=128 --- sssd.changes | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/sssd.changes b/sssd.changes index 74e55c9..7c5f102 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Mon Oct 6 13:25:23 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.12.1 +* The GPO access control was further enhanced to allow the access + control decisions while offline and map the Windows logon + rights onto Linux PAM services. +* The SSSD now ships a plugin for the rpc.idmapd daemon, + sss_rpcidmapd(5). +* A MIT Kerberos localauth plugin was added to SSSD. This plugin + helps translating principals to user names in IPA-AD trust + scenarios, allowing the krb5.conf configuration to be less + complex. +* A libwbclient plugin implementation is now part of the SSSD. + The main purpose is to map Active Directory users and groups + identified by their SID to POSIX users and groups for the + file-server use-case. +* Active Directory users ca nnow use their User Logon Name to log + in. +* The sss_cache tool was enhanced to allow invalidating the SSH + host keys. +* Groups without full POSIX information can now be used to enroll + group membership (CVE-2014-0249). +* Detection of transition from offline to online state was + improved, resulting in fewer timeouts when SSSD is offline. +* The Active Directory provider now correctly detects Windows + Server 2012 R2. Previous versions would fall back to the slower + non-AD path with 2012 R2. +* Several other bugs related to deployments where SSSD is acting + as an AD client were fixed. + ------------------------------------------------------------------- Fri Aug 22 15:44:14 UTC 2014 - lchiquitto@suse.com From 9164480cf8ed5b83697214244bf17b04974116402c8ff0e8117b3f2272e5f254 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 10 Oct 2014 07:25:27 +0000 Subject: [PATCH 03/11] wbclient plugin handling OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=129 --- sssd.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sssd.spec b/sssd.spec index 473564f..7818d03 100644 --- a/sssd.spec +++ b/sssd.spec @@ -175,9 +175,11 @@ the "local" id provider of the System Security Services Daemon (sssd). Summary: SSSD's implementation of the Winbind pipe protocol License: LGPL-3.0+ Group: System/Libraries -AutoReqProv: off %description wbclient +libwbclient is a plugin for the Samba client, though it has been +implemented as a regular shared library requested via DT_NEEDED. + sssd-wbclient implements the libwbclient API for Samba daemons and utilities. The main purpose is to map Active Directory users and groups identified by their SID to POSIX users and groups identified @@ -375,6 +377,10 @@ install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd"; ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd" %endif +mkdir -p "$b/%_sysconfdir/ld.so.conf.d" +cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF + %_libdir/%name/modules +EOF find "$b" -type f -name "*.la" -delete; %if %suse_version <= 1110 @@ -594,6 +600,7 @@ rm -f /var/lib/sss/db/*.ldb %files wbclient %defattr(-,root,root) +%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf %dir %_libdir/sssd/ %dir %_libdir/sssd/modules/ %_libdir/sssd/modules/libwbclient.so.* From 252f21485c76f965a0f05182581771d5616da350b0df0a24e7260c735d485cdc Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 10 Oct 2014 09:06:01 +0000 Subject: [PATCH 04/11] ship krb5 localauth plugin OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=130 --- sssd.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sssd.spec b/sssd.spec index 7818d03..ec788a3 100644 --- a/sssd.spec +++ b/sssd.spec @@ -45,7 +45,13 @@ BuildRequires: bind-utils BuildRequires: cifs-utils-devel BuildRequires: cyrus-sasl-devel BuildRequires: docbook-xsl-stylesheets +%if 0%{?suse_version} >= 1320 +BuildRequires: krb5-devel >= 1.12 +%define have_localauth 1 +%else BuildRequires: krb5-devel +%define have_localauth 0 +%endif BuildRequires: libsmbclient-devel BuildRequires: libtool BuildRequires: libxml2-tools @@ -497,6 +503,9 @@ rm -f /var/lib/sss/db/*.ldb /%_lib/security/pam_sss.so %_libdir/cifs-utils/ %_libdir/krb5/ +%if %have_localauth +%_libdir/%name/modules/sssd_krb5_localauth_plugin.so +%endif %_mandir/??/man8/pam_sss.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/pam_sss.8* From f8b9ac4b8fbb0cb53b5af140d45d4a2f7395e1c8154563f2d4b63ded17e681a3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 11 Oct 2014 10:06:15 +0000 Subject: [PATCH 05/11] Ignore self-built package OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=131 --- sssd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/sssd.spec b/sssd.spec index ec788a3..938dc19 100644 --- a/sssd.spec +++ b/sssd.spec @@ -82,6 +82,7 @@ BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) +#!BuildIgnore: sssd-wbclient %{?systemd_requires} Requires: sssd-ldap = %version-%release Requires(postun): pam-config From 913fb74ac90e74b6727a99d261c5a72a6f7ee555ebe0eb9b2da4bc384e6b8f53 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 11 Oct 2014 10:30:37 +0000 Subject: [PATCH 06/11] Edit prjconf instead OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=132 --- sssd.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/sssd.spec b/sssd.spec index 938dc19..ec788a3 100644 --- a/sssd.spec +++ b/sssd.spec @@ -82,7 +82,6 @@ BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) -#!BuildIgnore: sssd-wbclient %{?systemd_requires} Requires: sssd-ldap = %version-%release Requires(postun): pam-config From 1a9ba34fc626b5f77757f3d5721b2847cb57f4db255efa24dfb4c6781c065176 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 11 Oct 2014 12:40:55 +0000 Subject: [PATCH 07/11] Accepting request 255031 from home:elvigia:branches:network:ldap - 0001-build-detect-endianness-at-configure-time.patch Correct defective endianness test. OBS-URL: https://build.opensuse.org/request/show/255031 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=133 --- ...ild-detect-endianness-at-configure-time.patch | 16 +++++----------- sssd.changes | 6 ++++++ sssd.spec | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/0001-build-detect-endianness-at-configure-time.patch b/0001-build-detect-endianness-at-configure-time.patch index 86c37fd..1a8da77 100644 --- a/0001-build-detect-endianness-at-configure-time.patch +++ b/0001-build-detect-endianness-at-configure-time.patch @@ -11,20 +11,14 @@ Signed-off-by: David Disseldorp configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) -Index: sssd-1.11.5.1/configure.ac -=================================================================== ---- sssd-1.11.5.1.orig/configure.ac -+++ sssd-1.11.5.1/configure.ac -@@ -301,6 +301,13 @@ AM_CHECK_CMOCKA +--- sssd-1.12.1.orig/configure.ac ++++ sssd-1.12.1/configure.ac +@@ -322,6 +322,9 @@ AM_CHECK_CMOCKA AM_CONDITIONAL([HAVE_DEVSHM], [test -d /dev/shm]) -+AC_C_BIGENDIAN -+if test x$WORDS_BIGENDIAN != x; then -+ AC_DEFINE(HAVE_BIG_ENDIAN, 1, [whether platform is big endian]) -+else -+ AC_DEFINE(HAVE_LITTLE_ENDIAN, 1, [whether platform is little endian]) -+fi ++AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big endian])], ++ [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is little endian])]) + abs_build_dir=`pwd` AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory]) diff --git a/sssd.changes b/sssd.changes index 7c5f102..0cc8d57 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org + +- 0001-build-detect-endianness-at-configure-time.patch + Correct defective endianness test. + ------------------------------------------------------------------- Mon Oct 6 13:25:23 UTC 2014 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index ec788a3..a4085d5 100644 --- a/sssd.spec +++ b/sssd.spec @@ -344,7 +344,7 @@ export LDB_DIR="$(pkg-config ldb --variable=modulesdir)" # help configure find nscd export PATH="$PATH:/usr/sbin" -autoreconf -fi; +autoreconf -fiv; %configure \ --with-crypto=libcrypto \ --with-db-path="%dbpath" \ From 44b6230c6dfd47652b9cce2b5fed91f828158c27ded80409c9428a5a1d837dc3 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 11 Oct 2014 13:39:47 +0000 Subject: [PATCH 08/11] Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=134 --- ...C_BUILD_AUX_DIR-before-anything-else.patch | 72 +++++++++++++++++++ sssd.changes | 6 ++ sssd.spec | 3 +- 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch diff --git a/0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch b/0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch new file mode 100644 index 0000000..49a5d68 --- /dev/null +++ b/0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch @@ -0,0 +1,72 @@ +From d88892b43dc8183a06cd811690fa8af26ad018c9 Mon Sep 17 00:00:00 2001 +From: Jan Engelhardt +Date: Sat, 11 Oct 2014 15:27:45 +0200 +Subject: [PATCH] build: call AC_BUILD_AUX_DIR before anything else +X-Upstream: sent 2014-10-11 15:36 +To: sssd-devel@lists.fedorahosted.org +Cc: Sumit Bose , + Stefano Lattarini + +sssd's configure.ac (abridged) contains these lines: + + AC_INIT([sssd], ...) + m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], + [AC_USE_SYSTEM_EXTENSIONS], [AC_GNU_SOURCE]) + AC_CONFIG_AUX_DIR([build]) + +When turned into configure, this will be emitted: + + ac_aux_dir= + for ac_dir in build "$srcdir"/build; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + +However, with automake commit v1.14.1-36-g7bc5927, this will be emitted +instead: + + ac_aux_dir= + for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + +As configure no longer looks into build/ for install-sh, running +./configure fails: + + configure: error: cannot find install-sh, install.sh, + or shtool in "." "./.." "./../.." + +I think the error is that someone placed AC_BUILD_AUX_DIR +too late. Move it upwards. +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 660ea8d..e6745cb 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -4,6 +4,8 @@ m4_include([version.m4]) + AC_INIT([sssd], + VERSION_NUMBER, + [sssd-devel@lists.fedorahosted.org]) ++AC_CONFIG_SRCDIR([BUILD.txt]) ++AC_CONFIG_AUX_DIR([build]) + + m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], + [AC_USE_SYSTEM_EXTENSIONS], +@@ -11,8 +13,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], + + CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" + +-AC_CONFIG_SRCDIR([BUILD.txt]) +-AC_CONFIG_AUX_DIR([build]) + + AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax]) + AM_PROG_CC_C_O +-- +2.0.0 + diff --git a/sssd.changes b/sssd.changes index 0cc8d57..3a487d2 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de + +- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch + to workaround bad autoconf invocation + ------------------------------------------------------------------- Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org diff --git a/sssd.spec b/sssd.spec index a4085d5..33d36e4 100644 --- a/sssd.spec +++ b/sssd.spec @@ -32,6 +32,7 @@ Source4: sssd.service Source5: %name.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build Patch1: 0001-build-detect-endianness-at-configure-time.patch +Patch2: 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch %define servicename sssd %define sssdstatedir %_localstatedir/lib/sss @@ -329,7 +330,7 @@ Security Services Daemon (sssd). %prep %setup -q -%patch -P 1 -p1 +%patch -P 1 -P 2 -p1 %build %if 0%{?suse_version} < 1210 From 938cdaff2faddc87ed79897a7e5ef675b2ef6f5c89c670c9820e11658b23dcc7 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 30 Oct 2014 13:18:09 +0000 Subject: [PATCH 09/11] sssd-1.12.2 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=135 --- ...C_BUILD_AUX_DIR-before-anything-else.patch | 72 ------------------- sssd-1.12.1.tar.gz | 3 - sssd-1.12.1.tar.gz.asc | 7 -- sssd-1.12.2.tar.gz | 3 + sssd-1.12.2.tar.gz.asc | 7 ++ sssd.changes | 21 ++++++ sssd.spec | 8 +-- 7 files changed, 33 insertions(+), 88 deletions(-) delete mode 100644 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch delete mode 100644 sssd-1.12.1.tar.gz delete mode 100644 sssd-1.12.1.tar.gz.asc create mode 100644 sssd-1.12.2.tar.gz create mode 100644 sssd-1.12.2.tar.gz.asc diff --git a/0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch b/0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch deleted file mode 100644 index 49a5d68..0000000 --- a/0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch +++ /dev/null @@ -1,72 +0,0 @@ -From d88892b43dc8183a06cd811690fa8af26ad018c9 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Sat, 11 Oct 2014 15:27:45 +0200 -Subject: [PATCH] build: call AC_BUILD_AUX_DIR before anything else -X-Upstream: sent 2014-10-11 15:36 -To: sssd-devel@lists.fedorahosted.org -Cc: Sumit Bose , - Stefano Lattarini - -sssd's configure.ac (abridged) contains these lines: - - AC_INIT([sssd], ...) - m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], - [AC_USE_SYSTEM_EXTENSIONS], [AC_GNU_SOURCE]) - AC_CONFIG_AUX_DIR([build]) - -When turned into configure, this will be emitted: - - ac_aux_dir= - for ac_dir in build "$srcdir"/build; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - -However, with automake commit v1.14.1-36-g7bc5927, this will be emitted -instead: - - ac_aux_dir= - for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - -As configure no longer looks into build/ for install-sh, running -./configure fails: - - configure: error: cannot find install-sh, install.sh, - or shtool in "." "./.." "./../.." - -I think the error is that someone placed AC_BUILD_AUX_DIR -too late. Move it upwards. ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 660ea8d..e6745cb 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -4,6 +4,8 @@ m4_include([version.m4]) - AC_INIT([sssd], - VERSION_NUMBER, - [sssd-devel@lists.fedorahosted.org]) -+AC_CONFIG_SRCDIR([BUILD.txt]) -+AC_CONFIG_AUX_DIR([build]) - - m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], - [AC_USE_SYSTEM_EXTENSIONS], -@@ -11,8 +13,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], - - CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" - --AC_CONFIG_SRCDIR([BUILD.txt]) --AC_CONFIG_AUX_DIR([build]) - - AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax]) - AM_PROG_CC_C_O --- -2.0.0 - diff --git a/sssd-1.12.1.tar.gz b/sssd-1.12.1.tar.gz deleted file mode 100644 index 955ce67..0000000 --- a/sssd-1.12.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18b2d7e93e77435708feaf3ff65656f89e5a531ae6d48c4bff98168f171ba8ff -size 4088341 diff --git a/sssd-1.12.1.tar.gz.asc b/sssd-1.12.1.tar.gz.asc deleted file mode 100644 index bbfda1c..0000000 --- a/sssd-1.12.1.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlQN/WkACgkQHsardTLnvCWhKgCgockfRoS89lFLzVsOWYFJbXUS -WroAn3lcdoVKWhnhOo+VAelcI3ySr6m3 -=PKS5 ------END PGP SIGNATURE----- diff --git a/sssd-1.12.2.tar.gz b/sssd-1.12.2.tar.gz new file mode 100644 index 0000000..e2d6d31 --- /dev/null +++ b/sssd-1.12.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:55a06a191b2e2506b23f80cf3d15f58b8d94d1f5a1bc5dc77ccf010c0eaafa5d +size 4149084 diff --git a/sssd-1.12.2.tar.gz.asc b/sssd-1.12.2.tar.gz.asc new file mode 100644 index 0000000..0af3ab6 --- /dev/null +++ b/sssd-1.12.2.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlRFH8kACgkQHsardTLnvCXMOACeKY1jciw1hTsvG/aOYK3h0+N1 +1/QAniL6o+Rhb0HReZPsMGYlQv41MI2C +=chdM +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 3a487d2..7f52c7a 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Thu Oct 30 12:22:06 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.12.2 (bugfix release) +* Fixed a regression where the IPA provider did not fetch User + Private Groups correctly +* An important bug in the GPO access control which resulted in a + wrong principal being used, was fixed. +* Several new options are available for deployments that need to + restrict a certain PAM service from connecting to a certain SSSD + domain. For more details, see the description of + pam_trusted_users and pam_public_domains options in the + sssd.conf(5) man page and the domains option in the pam_sss(8) + man page. +* When SSSD is acting as an IPA client in setup with trusted AD + domains, it is able to return group members or full group + memberships for users from trusted AD domains. +* Support for the "views" feature of IPA. +- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch + (merged upstream) + ------------------------------------------------------------------- Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de diff --git a/sssd.spec b/sssd.spec index 33d36e4..f5f9da0 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.12.1 +Version: 1.12.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -32,7 +32,6 @@ Source4: sssd.service Source5: %name.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build Patch1: 0001-build-detect-endianness-at-configure-time.patch -Patch2: 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch %define servicename sssd %define sssdstatedir %_localstatedir/lib/sss @@ -330,7 +329,7 @@ Security Services Daemon (sssd). %prep %setup -q -%patch -P 1 -P 2 -p1 +%patch -P 1 -p1 %build %if 0%{?suse_version} < 1210 @@ -544,10 +543,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d %_datadir/%name/sssd.api.d/sssd-ipa.conf -%dir %_mandir/??/ -%dir %_mandir/??/man5/ %_mandir/man5/sssd-ipa.5* -%_mandir/??/man5/sssd-ipa.5* %files krb5 %defattr(-,root,root) From f5f2db69d2b625680b288e1bd287f676e2d96d7bc6a86d88b9ccf3fa758d645e Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 30 Oct 2014 20:04:24 +0000 Subject: [PATCH 10/11] - Update to new upstream release 1.12.2 (bugfix release, bnc#900159) OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=136 --- sssd.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sssd.changes b/sssd.changes index 7f52c7a..c3de741 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Thu Oct 30 12:22:06 UTC 2014 - jengelh@inai.de -- Update to new upstream release 1.12.2 (bugfix release) +- Update to new upstream release 1.12.2 (bugfix release, bnc#900159) * Fixed a regression where the IPA provider did not fetch User Private Groups correctly * An important bug in the GPO access control which resulted in a From a271d4bdca46e74cd4aa994fefc6d3a519a7b52ffd769f2f04011159a2d42bb5 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 31 Oct 2014 10:28:30 +0000 Subject: [PATCH 11/11] Add missing devel>library require OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=137 --- sssd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/sssd.spec b/sssd.spec index f5f9da0..8b1510a 100644 --- a/sssd.spec +++ b/sssd.spec @@ -195,6 +195,7 @@ by their POSIX UIDs and GIDs respectively. Summary: Development files for SSSD winbind License: LGPL-3.0+ Group: Development/Libraries/C and C++ +Requires: %name-wbclient = %version %description wbclient-devel sssd-wbclient implements the libwbclient API for Samba daemons and