SHA256
1
0
forked from jengelh/sssd

Accepting request 875513 from network:ldap

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/875513
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=107
This commit is contained in:
Dominique Leuenberger 2021-03-12 12:30:40 +00:00 committed by Git OBS Bridge
commit 93a0ad4311
6 changed files with 90 additions and 49 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
size 7280358

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEGkHcZ1BfiaMwgotmr/513ehQjhIFAl+ELlgACgkQr/513ehQ
jhLmrQf/XCUpKoYoPm6UiUadZg7ekdju0qMLP469mwMVxp0GirHa3fNQkfnEg6OY
CxuBbD+syRlom33jjmyOudMidmJioycaOgyogMpa+mjHezlrI5fNkX2/8FsUNcqs
qoObYBRwE4moGMq5/Ym/dXD3OFJPRladkWtW14R+0W6otU23buSYVPPAkwZ4/sEo
VK5Un9+I4H7AYCGDCJuvP6zPAaRao94csOSzHUPcyLEltynu9WYYWIDRfmJ+fCjC
q3ul69DnddwiHxpnx/MqxkhlR2enHnJ6286WrIvgccjN1ytdY/LSJQkUxjCKLY/Y
XoakWNKd+Z0oXv8/tP0OhOkP6q0qTA==
=Cm3o
-----END PGP SIGNATURE-----

3
sssd-2.4.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:51d12cb38f1134c18a07ded3a5ebfb8d4661613ac00dc029d53d2b496836a6a2
size 7402483

11
sssd-2.4.2.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEGkHcZ1BfiaMwgotmr/513ehQjhIFAmAv4LcACgkQr/513ehQ
jhI+mwgAoTOywo4dBpHlXDWyyBZ0TQAbrCGiRXMIN/Aj4Z+eiOWnAQgFj35lQWsN
b479EulLm5FESNXi589NA+QgMMjYojSPMalZPp9GcZAP+utik/Zyqh/XnA3HnHaS
QkORz2IbLEJhAQwlnwrAO6PpQEjkDuM96K4Edkdla1v0AmQCWVjN9U6oZxypEisk
umr2zDUzYGi6XVh98pEcd2SThvsObBlkzz9NNrC+TN9zXytnZXe1Rf2yZ+MI1+7R
MoxN+Pn/a9itUT/Y8cllgHkc/8i2x1jRkl4e2ERJpqQoPQa74n7mPHrt0T8fwBOo
SDKd7OeaqC+D1ACTPDmqTWr6WRIh0w==
=YihF
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Fri Feb 19 17:30:58 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.4.2
* Default value of "user" config option was fixed into
accordance with man page, i.e. default is "root".
* pam_sss_gss now support authentication indicators to further
harden the authentication.
-------------------------------------------------------------------
Fri Feb 12 15:55:37 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Pass --with-pid-path=%{_rundir} to configure: adjust rundir
according the distro settings, i.e. /run on modern systems.
Eliminates a systemd warning like this one in the journal:
Feb 12 12:33:32 zeus systemd[1]: /usr/lib/systemd/system/sssd.service:13:
PIDFile= references a path below legacy directory /var/run/,
updating /var/run/sssd.pid → /run/sssd.pid; please update the unit file accordingly.
-------------------------------------------------------------------
Fri Feb 5 12:56:44 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.4.1
* New PAM module pam_sss_gss for authentication using GSSAPI.
* case_sensitive=Preserving can now be set for trusted domains
with AD and IPA providers.
* krb5_use_subdomain_realm=True can now be used when sub-domain
user principal names have upnSuffixes which are not known in
the parent domain. SSSD will try to send the Kerberos request
directly to a KDC of the sub-domain.
* SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald
output, to avoid issues with PID parsing in rsyslog
(BSD-style forwarder) output.
* Added pam_gssapi_check_upn to enforce authentication only
with principal that can be associated with target user.
* Added pam_gssapi_services to list PAM services that can
authenticate using GSSAPI.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 12 13:10:26 UTC 2020 - Jan Engelhardt <jengelh@inai.de> Mon Oct 12 13:10:26 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

View File

@ -15,18 +15,17 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
%define _buildshell /bin/bash
Name: sssd Name: sssd
Version: 2.4.0 Version: 2.4.2
Release: 0 Release: 0
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0-or-later and LGPL-3.0-or-later License: GPL-3.0-or-later and LGPL-3.0-or-later
Group: System/Daemons Group: System/Daemons
URL: https://pagure.io/SSSD/sssd URL: https://pagure.io/SSSD/sssd
#Git-Clone: https://pagure.io/SSSD/sssd #Git-Clone: https://pagure.io/SSSD/sssd
Source: https://github.com/SSSD/sssd/releases/download/sssd-2_4_0/%name-%version.tar.gz Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz
Source2: https://github.com/SSSD/sssd/releases/download/sssd-2_4_0/%name-%version.tar.gz.asc Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
Source3: baselibs.conf Source3: baselibs.conf
Source5: %name.keyring Source5: %name.keyring
Patch1: krb-noversion.diff Patch1: krb-noversion.diff
@ -377,6 +376,7 @@ export LDFLAGS="-pie"
--with-environment-file="%_sysconfdir/sysconfig/sssd" \ --with-environment-file="%_sysconfdir/sysconfig/sssd" \
--with-initscript=systemd \ --with-initscript=systemd \
--with-syslog=journald \ --with-syslog=journald \
--with-pid-path="%_rundir" \
--enable-nsslibdir="/%_lib" \ --enable-nsslibdir="/%_lib" \
--enable-pammoddir="/%_lib/security" \ --enable-pammoddir="/%_lib/security" \
--with-ldb-lib-dir="$LDB_DIR" \ --with-ldb-lib-dir="$LDB_DIR" \
@ -386,7 +386,7 @@ export LDFLAGS="-pie"
--disable-ldb-version-check \ --disable-ldb-version-check \
--without-secrets \ --without-secrets \
--without-python2-bindings --without-python2-bindings
make %{?_smp_mflags} all %make_build all
%install %install
# sss_obfuscate is compatible with both python 2 and 3 # sss_obfuscate is compatible with both python 2 and 3
@ -395,48 +395,37 @@ sed -i -e 's:%_bindir/python:%_bindir/python3:' src/tools/sss_obfuscate
%make_install %make_install
b="%buildroot" b="%buildroot"
# Copy default sssd.conf file #for i in cs cs/man8 nl nl/man8 pt pt/man8 uk uk/man1 uk/man5 uk/man8; do
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ # mkdir -p "$b/%_mandir/$i"
"$b/%_mandir"/{uk/man5,uk/man8} #done
install -d "$b/%_sysconfdir/sssd" # Copy some defaults
mkdir -p "$b/%_sysconfdir/sssd" "$b/%_sysconfdir/sssd/conf.d"
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
install -d "$b/%_sysconfdir/sssd/conf.d"
install -d "$b/%_unitdir" install -d "$b/%_unitdir"
# Copy default logrotate file
install -d "$b/%_sysconfdir/logrotate.d" install -d "$b/%_sysconfdir/logrotate.d"
install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd" install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
rm -Rfv "$b/%_initddir" rm -Rfv "$b/%_initddir"
ln -sfv service "$b/%_sbindir/rcsssd"
ln -sfv service "$b/%_sbindir/rcsssd-autofs"
ln -sfv service "$b/%_sbindir/rcsssd-ifp"
ln -sfv service "$b/%_sbindir/rcsssd-nss"
ln -sfv service "$b/%_sbindir/rcsssd-pac"
ln -sfv service "$b/%_sbindir/rcsssd-pam"
ln -sfv service "$b/%_sbindir/rcsssd-ssh"
ln -sfv service "$b/%_sbindir/rcsssd-sudo"
mkdir -pv "$b/%sssdstatedir/mc" mkdir -pv "$b/%sssdstatedir/mc"
find "$b" -type f -name "*.la" -print -delete find "$b" -type f -name "*.la" -print -delete
rm -Rfv "$b/usr/lib/debug/usr/lib/sssd/p11_child-1.16.2-0.x86_64.debug"
%find_lang %name --all-name %find_lang %name --all-name
%check %check
# sss_config-tests fails # sss_config-tests fails
make %{?_smp_mflags} check || : %make_build check || :
%pre %pre
%service_add_pre sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket %global services sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
%service_add_pre %services
%post %post
/sbin/ldconfig /sbin/ldconfig
# migrate config variable krb5_kdcip to krb5_server (bnc#851048) # migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf /bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
%service_add_post sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket %service_add_post %services
%preun %preun
%service_del_preun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket %service_del_preun %services
%postun %postun
/sbin/ldconfig /sbin/ldconfig
@ -447,7 +436,7 @@ fi
# (especially, downgrades) # (especially, downgrades)
rm -f /var/lib/sss/db/*.ldb rm -f /var/lib/sss/db/*.ldb
# del_postun includes a try-restart # del_postun includes a try-restart
%service_del_postun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket %service_del_postun %services
%post -n libsss_certmap0 -p /sbin/ldconfig %post -n libsss_certmap0 -p /sbin/ldconfig
%postun -n libsss_certmap0 -p /sbin/ldconfig %postun -n libsss_certmap0 -p /sbin/ldconfig
@ -472,6 +461,18 @@ rm -f /var/lib/sss/db/*.ldb
%postun dbus %postun dbus
%service_del_postun sssd-ifp.service %service_del_postun sssd-ifp.service
%pre kcm
%service_add_pre sssd-kcm.service sssd-kcm.socket
%post kcm
%service_add_post sssd-kcm.service sssd-kcm.socket
%preun kcm
%service_del_preun sssd-kcm.service sssd-kcm.socket
%postun kcm
%service_del_postun sssd-kcm.service sssd-kcm.socket
%files -f sssd.lang %files -f sssd.lang
%license COPYING %license COPYING
%_unitdir/sssd.service %_unitdir/sssd.service
@ -491,13 +492,13 @@ rm -f /var/lib/sss/db/*.ldb
%_bindir/sss_ssh_* %_bindir/sss_ssh_*
%_sbindir/sssctl %_sbindir/sssctl
%_sbindir/sssd %_sbindir/sssd
%_sbindir/rcsssd #%_sbindir/rcsssd
%_sbindir/rcsssd-autofs #%_sbindir/rcsssd-autofs
%_sbindir/rcsssd-nss #%_sbindir/rcsssd-nss
%_sbindir/rcsssd-pac #%_sbindir/rcsssd-pac
%_sbindir/rcsssd-pam #%_sbindir/rcsssd-pam
%_sbindir/rcsssd-ssh #%_sbindir/rcsssd-ssh
%_sbindir/rcsssd-sudo #%_sbindir/rcsssd-sudo
%dir %_mandir/??/ %dir %_mandir/??/
%dir %_mandir/??/man[158]/ %dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_* %_mandir/??/man1/sss_ssh_*
@ -579,12 +580,14 @@ rm -f /var/lib/sss/db/*.ldb
# #
/%_lib/libnss_sss.so.2 /%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so /%_lib/security/pam_sss.so
/%_lib/security/pam_sss_gss.so
%_libdir/cifs-utils/ %_libdir/cifs-utils/
%_libdir/krb5/ %_libdir/krb5/
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so %_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/??/man8/pam_sss.8* %_mandir/??/man8/pam_sss.8*
%_mandir/man8/pam_sss.8* %_mandir/man8/pam_sss.8*
%_mandir/man8/pam_sss_gss.8*
%_mandir/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/sssd_krb5_locator_plugin.8*
%files ad %files ad
@ -609,7 +612,7 @@ rm -f /var/lib/sss/db/*.ldb
%dir %_mandir/??/man5/ %dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ifp.5* %_mandir/??/man5/sssd-ifp.5*
%_unitdir/sssd-ifp.service %_unitdir/sssd-ifp.service
%_sbindir/rcsssd-ifp #%_sbindir/rcsssd-ifp
%config %_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf %config %_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service %_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service