forked from jengelh/sssd
Accepting request 875513 from network:ldap
Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/875513 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=107
This commit is contained in:
commit
93a0ad4311
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:13d7eeff15e582279f70a3aad32daeb40d3749ec14947a4eded35adce7490cdd
|
|
||||||
size 7280358
|
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCAAdFiEEGkHcZ1BfiaMwgotmr/513ehQjhIFAl+ELlgACgkQr/513ehQ
|
|
||||||
jhLmrQf/XCUpKoYoPm6UiUadZg7ekdju0qMLP469mwMVxp0GirHa3fNQkfnEg6OY
|
|
||||||
CxuBbD+syRlom33jjmyOudMidmJioycaOgyogMpa+mjHezlrI5fNkX2/8FsUNcqs
|
|
||||||
qoObYBRwE4moGMq5/Ym/dXD3OFJPRladkWtW14R+0W6otU23buSYVPPAkwZ4/sEo
|
|
||||||
VK5Un9+I4H7AYCGDCJuvP6zPAaRao94csOSzHUPcyLEltynu9WYYWIDRfmJ+fCjC
|
|
||||||
q3ul69DnddwiHxpnx/MqxkhlR2enHnJ6286WrIvgccjN1ytdY/LSJQkUxjCKLY/Y
|
|
||||||
XoakWNKd+Z0oXv8/tP0OhOkP6q0qTA==
|
|
||||||
=Cm3o
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
sssd-2.4.2.tar.gz
Normal file
3
sssd-2.4.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:51d12cb38f1134c18a07ded3a5ebfb8d4661613ac00dc029d53d2b496836a6a2
|
||||||
|
size 7402483
|
11
sssd-2.4.2.tar.gz.asc
Normal file
11
sssd-2.4.2.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCAAdFiEEGkHcZ1BfiaMwgotmr/513ehQjhIFAmAv4LcACgkQr/513ehQ
|
||||||
|
jhI+mwgAoTOywo4dBpHlXDWyyBZ0TQAbrCGiRXMIN/Aj4Z+eiOWnAQgFj35lQWsN
|
||||||
|
b479EulLm5FESNXi589NA+QgMMjYojSPMalZPp9GcZAP+utik/Zyqh/XnA3HnHaS
|
||||||
|
QkORz2IbLEJhAQwlnwrAO6PpQEjkDuM96K4Edkdla1v0AmQCWVjN9U6oZxypEisk
|
||||||
|
umr2zDUzYGi6XVh98pEcd2SThvsObBlkzz9NNrC+TN9zXytnZXe1Rf2yZ+MI1+7R
|
||||||
|
MoxN+Pn/a9itUT/Y8cllgHkc/8i2x1jRkl4e2ERJpqQoPQa74n7mPHrt0T8fwBOo
|
||||||
|
SDKd7OeaqC+D1ACTPDmqTWr6WRIh0w==
|
||||||
|
=YihF
|
||||||
|
-----END PGP SIGNATURE-----
|
38
sssd.changes
38
sssd.changes
@ -1,3 +1,41 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 19 17:30:58 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 2.4.2
|
||||||
|
* Default value of "user" config option was fixed into
|
||||||
|
accordance with man page, i.e. default is "root".
|
||||||
|
* pam_sss_gss now support authentication indicators to further
|
||||||
|
harden the authentication.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 12 15:55:37 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
- Pass --with-pid-path=%{_rundir} to configure: adjust rundir
|
||||||
|
according the distro settings, i.e. /run on modern systems.
|
||||||
|
Eliminates a systemd warning like this one in the journal:
|
||||||
|
Feb 12 12:33:32 zeus systemd[1]: /usr/lib/systemd/system/sssd.service:13:
|
||||||
|
PIDFile= references a path below legacy directory /var/run/,
|
||||||
|
updating /var/run/sssd.pid → /run/sssd.pid; please update the unit file accordingly.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 5 12:56:44 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 2.4.1
|
||||||
|
* New PAM module pam_sss_gss for authentication using GSSAPI.
|
||||||
|
* case_sensitive=Preserving can now be set for trusted domains
|
||||||
|
with AD and IPA providers.
|
||||||
|
* krb5_use_subdomain_realm=True can now be used when sub-domain
|
||||||
|
user principal names have upnSuffixes which are not known in
|
||||||
|
the parent domain. SSSD will try to send the Kerberos request
|
||||||
|
directly to a KDC of the sub-domain.
|
||||||
|
* SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald
|
||||||
|
output, to avoid issues with PID parsing in rsyslog
|
||||||
|
(BSD-style forwarder) output.
|
||||||
|
* Added pam_gssapi_check_upn to enforce authentication only
|
||||||
|
with principal that can be associated with target user.
|
||||||
|
* Added pam_gssapi_services to list PAM services that can
|
||||||
|
authenticate using GSSAPI.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Oct 12 13:10:26 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
Mon Oct 12 13:10:26 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
73
sssd.spec
73
sssd.spec
@ -15,18 +15,17 @@
|
|||||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
%define _buildshell /bin/bash
|
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.4.0
|
Version: 2.4.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0-or-later and LGPL-3.0-or-later
|
License: GPL-3.0-or-later and LGPL-3.0-or-later
|
||||||
Group: System/Daemons
|
Group: System/Daemons
|
||||||
URL: https://pagure.io/SSSD/sssd
|
URL: https://pagure.io/SSSD/sssd
|
||||||
#Git-Clone: https://pagure.io/SSSD/sssd
|
#Git-Clone: https://pagure.io/SSSD/sssd
|
||||||
Source: https://github.com/SSSD/sssd/releases/download/sssd-2_4_0/%name-%version.tar.gz
|
Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz
|
||||||
Source2: https://github.com/SSSD/sssd/releases/download/sssd-2_4_0/%name-%version.tar.gz.asc
|
Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
|
||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
Source5: %name.keyring
|
Source5: %name.keyring
|
||||||
Patch1: krb-noversion.diff
|
Patch1: krb-noversion.diff
|
||||||
@ -377,6 +376,7 @@ export LDFLAGS="-pie"
|
|||||||
--with-environment-file="%_sysconfdir/sysconfig/sssd" \
|
--with-environment-file="%_sysconfdir/sysconfig/sssd" \
|
||||||
--with-initscript=systemd \
|
--with-initscript=systemd \
|
||||||
--with-syslog=journald \
|
--with-syslog=journald \
|
||||||
|
--with-pid-path="%_rundir" \
|
||||||
--enable-nsslibdir="/%_lib" \
|
--enable-nsslibdir="/%_lib" \
|
||||||
--enable-pammoddir="/%_lib/security" \
|
--enable-pammoddir="/%_lib/security" \
|
||||||
--with-ldb-lib-dir="$LDB_DIR" \
|
--with-ldb-lib-dir="$LDB_DIR" \
|
||||||
@ -386,7 +386,7 @@ export LDFLAGS="-pie"
|
|||||||
--disable-ldb-version-check \
|
--disable-ldb-version-check \
|
||||||
--without-secrets \
|
--without-secrets \
|
||||||
--without-python2-bindings
|
--without-python2-bindings
|
||||||
make %{?_smp_mflags} all
|
%make_build all
|
||||||
|
|
||||||
%install
|
%install
|
||||||
# sss_obfuscate is compatible with both python 2 and 3
|
# sss_obfuscate is compatible with both python 2 and 3
|
||||||
@ -395,48 +395,37 @@ sed -i -e 's:%_bindir/python:%_bindir/python3:' src/tools/sss_obfuscate
|
|||||||
%make_install
|
%make_install
|
||||||
b="%buildroot"
|
b="%buildroot"
|
||||||
|
|
||||||
# Copy default sssd.conf file
|
#for i in cs cs/man8 nl nl/man8 pt pt/man8 uk uk/man1 uk/man5 uk/man8; do
|
||||||
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
|
# mkdir -p "$b/%_mandir/$i"
|
||||||
"$b/%_mandir"/{uk/man5,uk/man8}
|
#done
|
||||||
install -d "$b/%_sysconfdir/sssd"
|
# Copy some defaults
|
||||||
|
mkdir -p "$b/%_sysconfdir/sssd" "$b/%_sysconfdir/sssd/conf.d"
|
||||||
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
|
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
|
||||||
install -d "$b/%_sysconfdir/sssd/conf.d"
|
|
||||||
install -d "$b/%_unitdir"
|
install -d "$b/%_unitdir"
|
||||||
|
|
||||||
# Copy default logrotate file
|
|
||||||
install -d "$b/%_sysconfdir/logrotate.d"
|
install -d "$b/%_sysconfdir/logrotate.d"
|
||||||
install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
|
install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
|
||||||
|
|
||||||
rm -Rfv "$b/%_initddir"
|
rm -Rfv "$b/%_initddir"
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd"
|
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd-autofs"
|
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd-ifp"
|
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd-nss"
|
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd-pac"
|
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd-pam"
|
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd-ssh"
|
|
||||||
ln -sfv service "$b/%_sbindir/rcsssd-sudo"
|
|
||||||
|
|
||||||
mkdir -pv "$b/%sssdstatedir/mc"
|
mkdir -pv "$b/%sssdstatedir/mc"
|
||||||
find "$b" -type f -name "*.la" -print -delete
|
find "$b" -type f -name "*.la" -print -delete
|
||||||
rm -Rfv "$b/usr/lib/debug/usr/lib/sssd/p11_child-1.16.2-0.x86_64.debug"
|
|
||||||
%find_lang %name --all-name
|
%find_lang %name --all-name
|
||||||
|
|
||||||
%check
|
%check
|
||||||
# sss_config-tests fails
|
# sss_config-tests fails
|
||||||
make %{?_smp_mflags} check || :
|
%make_build check || :
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
%service_add_pre sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%global services sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
||||||
|
%service_add_pre %services
|
||||||
|
|
||||||
%post
|
%post
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
|
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
|
||||||
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
|
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
|
||||||
%service_add_post sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_add_post %services
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%service_del_preun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_del_preun %services
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
@ -447,7 +436,7 @@ fi
|
|||||||
# (especially, downgrades)
|
# (especially, downgrades)
|
||||||
rm -f /var/lib/sss/db/*.ldb
|
rm -f /var/lib/sss/db/*.ldb
|
||||||
# del_postun includes a try-restart
|
# del_postun includes a try-restart
|
||||||
%service_del_postun sssd.service sssd-autofs.service sssd-autofs.socket sssd-nss.service sssd-nss.socket sssd-pac.service sssd-pac.socket sssd-pam-priv.socket sssd-pam.service sssd-pam.socket sssd-ssh.service sssd-ssh.socket sssd-sudo.service sssd-sudo.socket
|
%service_del_postun %services
|
||||||
|
|
||||||
%post -n libsss_certmap0 -p /sbin/ldconfig
|
%post -n libsss_certmap0 -p /sbin/ldconfig
|
||||||
%postun -n libsss_certmap0 -p /sbin/ldconfig
|
%postun -n libsss_certmap0 -p /sbin/ldconfig
|
||||||
@ -472,6 +461,18 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%postun dbus
|
%postun dbus
|
||||||
%service_del_postun sssd-ifp.service
|
%service_del_postun sssd-ifp.service
|
||||||
|
|
||||||
|
%pre kcm
|
||||||
|
%service_add_pre sssd-kcm.service sssd-kcm.socket
|
||||||
|
|
||||||
|
%post kcm
|
||||||
|
%service_add_post sssd-kcm.service sssd-kcm.socket
|
||||||
|
|
||||||
|
%preun kcm
|
||||||
|
%service_del_preun sssd-kcm.service sssd-kcm.socket
|
||||||
|
|
||||||
|
%postun kcm
|
||||||
|
%service_del_postun sssd-kcm.service sssd-kcm.socket
|
||||||
|
|
||||||
%files -f sssd.lang
|
%files -f sssd.lang
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%_unitdir/sssd.service
|
%_unitdir/sssd.service
|
||||||
@ -491,13 +492,13 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%_bindir/sss_ssh_*
|
%_bindir/sss_ssh_*
|
||||||
%_sbindir/sssctl
|
%_sbindir/sssctl
|
||||||
%_sbindir/sssd
|
%_sbindir/sssd
|
||||||
%_sbindir/rcsssd
|
#%_sbindir/rcsssd
|
||||||
%_sbindir/rcsssd-autofs
|
#%_sbindir/rcsssd-autofs
|
||||||
%_sbindir/rcsssd-nss
|
#%_sbindir/rcsssd-nss
|
||||||
%_sbindir/rcsssd-pac
|
#%_sbindir/rcsssd-pac
|
||||||
%_sbindir/rcsssd-pam
|
#%_sbindir/rcsssd-pam
|
||||||
%_sbindir/rcsssd-ssh
|
#%_sbindir/rcsssd-ssh
|
||||||
%_sbindir/rcsssd-sudo
|
#%_sbindir/rcsssd-sudo
|
||||||
%dir %_mandir/??/
|
%dir %_mandir/??/
|
||||||
%dir %_mandir/??/man[158]/
|
%dir %_mandir/??/man[158]/
|
||||||
%_mandir/??/man1/sss_ssh_*
|
%_mandir/??/man1/sss_ssh_*
|
||||||
@ -579,12 +580,14 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
#
|
#
|
||||||
/%_lib/libnss_sss.so.2
|
/%_lib/libnss_sss.so.2
|
||||||
/%_lib/security/pam_sss.so
|
/%_lib/security/pam_sss.so
|
||||||
|
/%_lib/security/pam_sss_gss.so
|
||||||
%_libdir/cifs-utils/
|
%_libdir/cifs-utils/
|
||||||
%_libdir/krb5/
|
%_libdir/krb5/
|
||||||
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
|
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
|
||||||
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
|
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
|
||||||
%_mandir/??/man8/pam_sss.8*
|
%_mandir/??/man8/pam_sss.8*
|
||||||
%_mandir/man8/pam_sss.8*
|
%_mandir/man8/pam_sss.8*
|
||||||
|
%_mandir/man8/pam_sss_gss.8*
|
||||||
%_mandir/man8/sssd_krb5_locator_plugin.8*
|
%_mandir/man8/sssd_krb5_locator_plugin.8*
|
||||||
|
|
||||||
%files ad
|
%files ad
|
||||||
@ -609,7 +612,7 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%dir %_mandir/??/man5/
|
%dir %_mandir/??/man5/
|
||||||
%_mandir/??/man5/sssd-ifp.5*
|
%_mandir/??/man5/sssd-ifp.5*
|
||||||
%_unitdir/sssd-ifp.service
|
%_unitdir/sssd-ifp.service
|
||||||
%_sbindir/rcsssd-ifp
|
#%_sbindir/rcsssd-ifp
|
||||||
%config %_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
|
%config %_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
|
||||||
%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
|
%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user