Accepting request 1226359 from network:idm

OBS-URL: https://build.opensuse.org/request/show/1226359
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/himmelblau?expand=0&rev=19

_service

@@ -2,7 +2,7 @@
 	<service name="tar_scm" mode="disabled">
 		<param name="url">https://github.com/himmelblau-idm/himmelblau.git</param>
 		<param name="scm">git</param>
-		<param name="revision">stable-0.6.x</param>
+		<param name="revision">stable-0.7.x</param>
 		<param name="versionformat">@PARENT_TAG@+git.@TAG_OFFSET@.%h</param>
 		<param name="versionrewrite-pattern">himmelblau-(.*)</param>
 		<param name="versionrewrite-replacement">\1</param>

_servicedata

@@ -3,4 +3,4 @@
                 <param name="url">https://github.com/openSUSE/himmelblau.git</param>
               <param name="changesrevision">6d2f6450ff3c0c945a884d4b35307e03a035a581</param></service><service name="tar_scm">
                 <param name="url">https://github.com/himmelblau-idm/himmelblau.git</param>
-              <param name="changesrevision">bbda0b636e884701747931a3ae3997f63658ae16</param></service></servicedata>
+              <param name="changesrevision">8f421b0aabce57ee6cbfa712eb5875b3c9949601</param></service></servicedata>

himmelblau-0.6.14+git.0.bbda0b6.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c63fab4c28e38014c5f9378da0e71076294a9357f5f35177b75c1a94cb1af933
-size 6552319

himmelblau-0.7.5+git.0.8f421b0.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:88d6c5b86be18ae64b520dde1be0dfdc0015905e4d4fc4295a06fc548088f19c
+size 2015723

himmelblau.changes

@@ -1,3 +1,104 @@
+-------------------------------------------------------------------
+Mon Nov 25 19:55:22 UTC 2024 - david.mulder@suse.com
+
+- Update to version 0.7.5+git.0.8f421b0:
+  * Version 0.7.5
+  * Remove the org.samba.himmelblau dbus service
+
+-------------------------------------------------------------------
+Mon Nov 25 17:26:11 UTC 2024 - david.mulder@suse.com
+
+- Update to version 0.7.4+git.0.d1291c6:
+  * Version 0.7.4
+  * Fix missing dependency utf8proc_NFKC_Casefold
+  * Package Siemens Linux Entra SSO for Himmelblau
+  * Add SLE15SP6 packaging
+  * Add Fedora 41 packaging
+  * Add Fedora Rawhide packaging
+  * The tasks daemon needs /etc/groups write access
+  * Version 0.7.3
+  * Increase the cache timeout to 5 minutes
+  * Always fetch and cache the graph url
+
+-------------------------------------------------------------------
+Mon Nov 25 14:45:36 UTC 2024 - david.mulder@suse.com
+
+- Update to version 0.7.2+git.0.c76ac0e:
+  * Version 0.7.2
+  * Hello support depends on openssl3
+  * Version 0.7.1
+  * Fix sshd rpm depends
+  * Resolve RPM dependencies automatically
+  * Revert "deps(rust): update notify-debouncer-full requirement from 0.3 to 0.4"
+  * Add openSUSE Tumbleweed packaging
+  * Fix RPM packaging placement of systemd files
+  * Remove the failed attempt at debian packaging
+  * Add stable-0.7.x to CI workflows
+  * deps(rust): update utoipa requirement from 4.0.0 to 4.2.0
+  * deps(rust): update hashbrown requirement from 0.14.0 to 0.15.1
+  * Remove missing feature causing warnings
+  * deps(rust): update notify-debouncer-full requirement from 0.3 to 0.4
+  * Specify scopes when making an SSO request
+  * Implement logon script for ensuring compliance
+  * Option for adding Entra Id users to local groups
+  * Configure EL sshd with ChallengeResponseAuthentication yes
+  * Add rocky 8 packaging
+  * Add RPM packaging for EL9
+  * Modify Ubuntu defaults to fix snaps
+  * Resolve Libreoffice fails to start on Ubuntu
+  * Minor formatting fix
+  * Revert RwLock -> Arc<Mutex> change in idmap
+  * Ignore broker scopes requests for now
+  * Ensure every file specifies the proper license
+  * postinst should not fail on patch or apparmor update
+  * Install pam module to additional location via make
+  * Add sshd config to the Makefile
+  * Don't use sudo in postinst/postrm scripts for deb
+  * PAM should be placed first in the stack
+  * Add the libutf8proc-dev dep for deb
+  * Match the object ID of the fake user and group
+  * Make it possible to stop the broker service
+  * Move sshd config into it's own debian package
+  * Allow the graph to start w/out network
+  * Add hello_pin_min_length conf option
+  * Don't attempt SFA fallback if AADSTSError
+  * Have libhimmelblau handle the DAG fallback
+  * Add a warning to user that SSH needs restarted
+  * Ensure local users are ignored when CN mapping
+  * Ensure DAG is rejected if lifetime expires
+  * Rework the poll logic to resolve timeout issues
+  * Add a sshd soft depends for the deb package
+  * CN name mapping in PAM and NSS
+  * Make CN an optional home directory attribute
+  * Remove the sssd build dependencies
+  * Configuration patches for himmelblau on Debian
+  * Simplify PAM get_item_string calls
+  * Bug in pam which needs defended against
+  * Fix deb build by adding Broker service file
+  * WIP: Install Ubuntu unix-chkpwd apparmor deps
+  * Ensure make install places pam_himmelblau correctly
+  * Add Ubuntu pam-config for pam_himmelblau
+  * Never return Err(PAM_SUCCESS) from get_user
+  * Never return the Pam result from get_user()
+  * Revert "Speed up nss requests w/out auth attempt"
+  * Speed up nss requests w/out auth attempt
+  * Fix some broker responses
+  * Fixes for the dbus broker
+  * Attempt to fix the cargo version in launchpad build
+  * Makefile typo fixes
+  * Version 0.7.0
+  * Add libdbus-1-dev dep
+  * Improve the README installation instructions
+  * Add `make install` command
+  * Improve Debian/Ubuntu install instructions
+  * Fix tag push permissions for tag-version workflow
+  * Add a version check script
+  * Remove the rustc dependency, breaking rustup
+  * Add a debug option to the config
+  * DBus requires that the service file match the name
+  * Add a pam option for the OpenSSH 2876 workaround
+  * Update to the latest libhimmelblau
+
 -------------------------------------------------------------------
 Tue Oct 22 16:22:21 UTC 2024 - david.mulder@suse.com
 

himmelblau.spec

@@ -17,11 +17,11 @@
 
 
 Name:           himmelblau
-Version:        0.6.14+git.0.bbda0b6
+Version:        0.7.5+git.0.8f421b0
 Release:        0
-Summary:        Interoperability suite for Microsoft Azure AD and Intune
+Summary:        Interoperability suite for Microsoft Azure Entra Id
 License:        GPL-3.0-or-later
-URL:            https://github.com/openSUSE/himmelblau
+URL:            https://github.com/himmelblau-idm/himmelblau
 Group:          Productivity/Networking/Security
 Source:         %{name}-%{version}.tar.bz2
 Source1:        vendor.tar.zst
@@ -30,6 +30,7 @@ BuildRequires:  binutils
 BuildRequires:  cargo
 BuildRequires:  cargo-packaging
 BuildRequires:  clang-devel
+BuildRequires:  dbus-1-devel
 BuildRequires:  krb5-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libclang13
@@ -43,31 +44,35 @@ BuildRequires:  patchelf
 BuildRequires:  pcre2-devel
 BuildRequires:  sqlite3-devel
 BuildRequires:  tpm2-0-tss-devel
+BuildRequires:  utf8proc-devel
 ExclusiveArch:  %{rust_tier1_arches}
 Recommends:     libnss_himmelblau2
 Recommends:     pam-himmelblau
 Provides:       aad-cli
 Provides:       aad-common
+Suggests:       himmelblau-sso
+# This is necessary to prevent users from installing Himmelblau along side
+# Microsoft's Broker, as these will conflict.
+Provides:       microsoft-identity-broker
 
 %description
-Himmelblau is an interoperability suite for Microsoft Azure AD and
-Intune, which allows users to sign into a Linux machine using Azure
-Active Directory credentials. It relies on the Microsoft
-Authentication Library to communicate with the Microsoft service.
+Himmelblau is an interoperability suite for Microsoft Azure Entra Id,
+which allows users to sign into a Linux machine using Azure
+Entra Id credentials.
 
 %package -n pam-himmelblau
-Summary:        Azure AD authentication PAM module
+Summary:        Azure Entra Id authentication PAM module
 Requires:       %{name} = %{version}
 Provides:       libpam-aad
+Suggests:       himmelblau-sshd-config
 
 %description -n pam-himmelblau
-Himmelblau is an interoperability suite for Microsoft Azure AD and
-Intune, which allows users to sign into a Linux machine using Azure
-Active Directory credentials. It relies on the Microsoft
-Authentication Library to communicate with the Microsoft service.
+Himmelblau is an interoperability suite for Microsoft Azure Entra Id,
+which allows users to sign into a Linux machine using Azure
+Entra Id credentials.
 
 %package -n libnss_himmelblau2
-Summary:        Azure AD authentication NSS module
+Summary:        Azure Entra Id authentication NSS module
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 Requires:       %{name}
@@ -75,10 +80,33 @@ Provides:       libnss-aad
 Provides:       nss-himmelblau
 
 %description -n libnss_himmelblau2
-Himmelblau is an interoperability suite for Microsoft Azure AD and
-Intune, which allows users to sign into a Linux machine using Azure
-Active Directory credentials. It relies on the Microsoft
-Authentication Library to communicate with the Microsoft service.
+Himmelblau is an interoperability suite for Microsoft Azure Entra Id,
+which allows users to sign into a Linux machine using Azure
+Entra Id credentials.
+
+%package -n himmelblau-sshd-config
+Summary:        Azure Entra Id SSHD Configuration
+Requires:       %{name} = %{version}
+Requires:       openssh-server
+BuildRequires:  openssh-server
+BuildArch:      noarch
+
+%description -n himmelblau-sshd-config
+Himmelblau is an interoperability suite for Microsoft Azure Entra Id,
+which allows users to sign into a Linux machine using Azure
+Entra Id credentials.
+
+%package -n himmelblau-sso
+Summary:        Azure Entra Id Firefox SSO Configuration
+Requires:       %{name} = %{version}
+Requires:       MozillaFirefox
+Requires:       python3-pydbus
+Provides:       linux-entra-sso
+
+%description -n himmelblau-sso
+Himmelblau is an interoperability suite for Microsoft Azure Entra Id,
+which allows users to sign into a Linux machine using Azure
+Entra Id credentials.
 
 %post   -n libnss_himmelblau2 -p /sbin/ldconfig
 %postun -n libnss_himmelblau2 -p /sbin/ldconfig
@@ -108,11 +136,14 @@ install -m 0755 target/release/libpam_%{name}.so %{buildroot}/%{_pam_moduledir}/
 install -D -d -m 0755 %{buildroot}%{_sbindir}
 strip --strip-unneeded target/release/himmelblaud
 strip --strip-unneeded target/release/himmelblaud_tasks
+strip --strip-unneeded target/release/broker
 install -m 0755 target/release/himmelblaud %{buildroot}/%{_sbindir}
 install -m 0755 target/release/himmelblaud_tasks %{buildroot}/%{_sbindir}
+install -m 0755 target/release/broker %{buildroot}/%{_sbindir}
 pushd %{buildroot}%{_sbindir}
 ln -s himmelblaud rchimmelblaud
 ln -s himmelblaud_tasks rchimmelblaud_tasks
+ln -s broker rcbroker
 popd
 install -D -d -m 0755 %{buildroot}%{_bindir}
 strip --strip-unneeded target/release/aad-tool
@@ -120,6 +151,18 @@ install -m 0755 target/release/aad-tool %{buildroot}/%{_bindir}
 install -D -d -m 0755 %{buildroot}%{_unitdir}
 install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/himmelblaud.service %{buildroot}%{_unitdir}/himmelblaud.service
 install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/himmelblaud-tasks.service %{buildroot}%{_unitdir}/himmelblaud-tasks.service
+install -D -d -m 0755 %{buildroot}%{_datarootdir}/dbus-1/services
+install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/com.microsoft.identity.broker1.service %{buildroot}%{_datarootdir}/dbus-1/services/
+install -D -d -m 0755 %{buildroot}%{_sysconfdir}/ssh/sshd_config.d
+install -m 0644 %{_builddir}/%{name}-%{version}/platform/el/sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/himmelblau.conf
+
+# Firefox Single Sign On
+install -m 0755 %{_builddir}/%{name}-%{version}/src/sso/src/linux-entra-sso.py %{buildroot}/%{_bindir}/linux-entra-sso
+sed -i 's/#!\/usr\/bin\/env python3/#!\/usr\/bin\/python3/' %{buildroot}/%{_bindir}/linux-entra-sso
+install -D -d -m 0755 %{buildroot}%{_libdir}/mozilla/native-messaging-hosts
+install -m 0644 %{_builddir}/%{name}-%{version}/src/sso/src/firefox/linux_entra_sso.json %{buildroot}%{_libdir}/mozilla/native-messaging-hosts/
+install -D -d -m 0755 %{buildroot}%{_sysconfdir}/firefox/policies
+install -m 0644 %{_builddir}/%{name}-%{version}/src/sso/src/firefox/policies.json %{buildroot}%{_sysconfdir}/firefox/policies/
 
 %pre
 %service_add_pre himmelblaud.service himmelblaud-tasks.service
@@ -135,14 +178,17 @@ install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/himmelblaud-ta
 
 %files
 %dir %{_sysconfdir}/himmelblau
-%config %{_sysconfdir}/himmelblau/himmelblau.conf
+%config(noreplace) %{_sysconfdir}/himmelblau/himmelblau.conf
 %{_sbindir}/himmelblaud
 %{_sbindir}/rchimmelblaud
 %{_sbindir}/himmelblaud_tasks
 %{_sbindir}/rchimmelblaud_tasks
+%{_sbindir}/broker
+%{_sbindir}/rcbroker
 %{_bindir}/aad-tool
 %{_unitdir}/himmelblaud.service
 %{_unitdir}/himmelblaud-tasks.service
+%{_datarootdir}/dbus-1/services/com.microsoft.identity.broker1.service
 
 %files -n libnss_himmelblau2
 %{_libdir}/libnss_%{name}.so.*
@@ -150,4 +196,16 @@ install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/himmelblaud-ta
 %files -n pam-himmelblau
 %{_pam_moduledir}/pam_%{name}.so
 
+%files -n himmelblau-sshd-config
+%config %{_sysconfdir}/ssh/sshd_config.d/himmelblau.conf
+
+%files -n himmelblau-sso
+%{_bindir}/linux-entra-sso
+%dir %{_libdir}/mozilla
+%dir %{_libdir}/mozilla/native-messaging-hosts
+%{_libdir}/mozilla/native-messaging-hosts/linux_entra_sso.json
+%dir %{_sysconfdir}/firefox
+%dir %{_sysconfdir}/firefox/policies
+%config %{_sysconfdir}/firefox/policies/policies.json
+
 %changelog

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:1ec7da499cff6c374a24b80a4122e4158d629787789ad1e38a6d97c9cdeee02c
-size 46379944
+oid sha256:a99f7256fa13251247d0fd1707ef5f402e2b1950e69dc10083bf6dcdb57529e8
+size 49421183