Accepting request 904461 from network:idm

OBS-URL: https://build.opensuse.org/request/show/904461
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kanidm?expand=0&rev=5

_constraints

@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<constraints>
+  <hardware>
+    <processors>2</processors>
+    <memory>
+      <size unit="G">4</size>
+    </memory>
+  </hardware>
+</constraints>

_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/kanidm/kanidm.git</param>
     <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
     <param name="scm">git</param>
-    <param name="revision">v1.1.0-alpha.4</param>
+    <param name="revision">v1.1.0-alpha.5</param>
     <param name="match-tag">v*</param>
     <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)-alpha\.(\d+)</param>
     <param name="versionrewrite-replacement">\1~alpha\2</param>
@@ -16,14 +16,10 @@
     <param name="compression">xz</param>
   </service>
   <service mode="disabled" name="set_version"/>
-  <!-- There seems to be a bug here somewhere .... -->
-  <!-- For now on another machine: cargo vendor && tar -cJf vendor.tar.xz vendor -->
-  <!--
   <service name="cargo_vendor" mode="disabled">
      <param name="srcdir">kanidm</param>
      <param name="compression">xz</param>
   </service>
-  -->
   <service name="cargo_audit" mode="disabled">
      <param name="srcdir">kanidm</param>
   </service>

cargo_config

@@ -1,20 +1,5 @@
 [source.crates-io]
 replace-with = "vendored-sources"
 
-[source."https://github.com/Firstyear/tokio.git"]
-git = "https://github.com/Firstyear/tokio.git"
-rev = "aa6fb48d9a1f3652ee79e3b018a2b9d0c9f89c1e"
-replace-with = "vendored-sources"
-
-[source."https://github.com/csnewman/libnss-rs.git"]
-git = "https://github.com/csnewman/libnss-rs.git"
-rev = "eab2d93d2438652773699b0807d558ce75b1e748"
-replace-with = "vendored-sources"
-
-[source."https://github.com/mozilla-services/fernet-rs.git"]
-git = "https://github.com/mozilla-services/fernet-rs.git"
-branch = "master"
-replace-with = "vendored-sources"
-
 [source.vendored-sources]
 directory = "vendor"

kanidm-1.1.0~alpha4~git0.0ac5da8.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5e377840482fa88ad5c19431751271a17780e8b8bb2fcefee7fc70f2160b9d52
-size 2413320

kanidm-1.1.0~alpha5~git0.4be329e.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:49804f58618be2d11a6827e8926c6cf7427a07556df440fadf0c9e93bf1a9114
+size 2477976

kanidm-unixd-tasks.service

@@ -1,32 +0,0 @@
-# You should not need to edit this file. Instead, use a drop-in file:
-#   systemctl edit kanidm-unixd-tasks.service
-
-[Unit]
-Description=Kanidm Local Tasks
-After=chronyd.service ntpd.service network-online.target kanidm-unixd.service
-
-[Service]
-User=root
-Type=simple
-ExecStart=/usr/sbin/kanidm_unixd_tasks
-
-CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH
-# SystemCallFilter=@aio @basic-io @chown @file-system @io-event @network-io @sync
-ProtectSystem=strict
-ReadWritePaths=/home /var/run/kanidm-unixd
-RestrictAddressFamilies=AF_UNIX
-NoNewPrivileges=true
-PrivateTmp=true
-PrivateDevices=true
-PrivateNetwork=true
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-MemoryDenyWriteExecute=true
-
-[Install]
-WantedBy=multi-user.target
-

kanidm-unixd.service

@@ -1,36 +0,0 @@
-# You should not need to edit this file. Instead, use a drop-in file:
-#   systemctl edit kanidm-unixd.service
-
-[Unit]
-Description=Kanidm Local Client Resolver
-After=chronyd.service ntpd.service network-online.target
-
-[Service]
-DynamicUser=yes
-UMask=0027
-CacheDirectory=kanidm-unixd
-RuntimeDirectory=kanidm-unixd
-
-Type=simple
-ExecStart=/usr/sbin/kanidm_unixd
-
-# Implied by dynamic user.
-# ProtectHome=
-# ProtectSystem=strict
-# ReadWritePaths=/var/run/kanidm-unixd /var/cache/kanidm-unixd
-
-# SystemCallFilter=@aio @basic-io @chown @file-system @io-event @network-io @sync
-NoNewPrivileges=true
-PrivateTmp=true
-PrivateDevices=true
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-MemoryDenyWriteExecute=true
-
-[Install]
-WantedBy=multi-user.target
-

kanidm.changes

@@ -1,3 +1,156 @@
+-------------------------------------------------------------------
+Wed Jul 07 02:36:51 UTC 2021 - wbrown@suse.de
+
+- Update to version 1.1.0~alpha5~git0.4be329e:
+  * (cargo-release) version 1.1.0-alpha.5
+  * Release prep
+  * Fix totp registration workflow with broken authenticators (#516)
+  * Add statistical analysis to indexes (#505)
+  * 511 upgrade failure - add debuging tools and improve debugging of the issue. (#512)
+  * fixes #503 - TOTP prompt no longer drops a newline (#515)
+  * Fixing kanidm windows client build (#507)
+  * Add the ability to configure and provide Oauth2 authentication for Kanidm. (#485)
+  * Change default totp to sha256 (#504)
+  * Fixes #494 - password change user-facing responses (#499)
+  * Fix readonly check (#496)
+  * Update webauthn-authenticator-rs to fix test failures (#493)
+  * Update repo locations and versions in prep for release (#492)
+  * Add workaround for podman subid issue (#491)
+  * 163 account recovery code (#469)
+  * check user shell (#392) (#490)
+  * Removed `OperationResponse` (#489)
+  * Set default shell to `bin/sh` (#488)
+  * 20210607 orca ldap (#470)
+  * `kanidm_client` bool/return values (#479)
+  * Arc cachesize warning fixes (#483)
+  * Closure Refactoring (#482)
+  * Renamed fields in `dbvalue` (#477)
+  * 471 add service files (#474)
+  * fixes #478 - adds note about web ui already being packaged (#480)
+  * unixd will now bail if startup tests fail (#476)
+  * Add email syntax (#465)
+  * Add some openid stubs (#464)
+  * Add auth docs (#463)
+  * 64 120 session claims (#462)
+  * Add ldap vattr mapping (#459)
+  * Fix for unixd issue (#460)
+  * 414 clear stale credentials (#447)
+  * Fix multivalue setting of description attribute (#457)
+  * 445 update pam nsswitch md (#451)
+  * simpler ip logging (#454)
+  * I might have become clippy this time (#449)
+  * Calming clippy's nerves, Friday edition (#448)
+  * 444 - client's config URI missing and more file open handling (#446)
+  * Fix proxy usage in tests (#443)
+  * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442)
+  * oauth design (#441)
+  * Adding an example config file (#440)
+  * adding env vars, making clippy happier, cleaning up some error messages (#438)
+  * 20210509 cleanup clippy and audit name (#437)
+  * 277 radius pw not accept for main pw (#435)
+  * Orca - a load testing framework for Kanidm (#431)
+  * Add verification of name indexes (#433)
+  * Add ability to pick a server role (#432)
+  * Adding a new verb group remove_members (#434)
+  * 397 Caching password badlist (#425)
+  * User feedback improvements, also handling a permissions issue (#424)
+  * Fix concat issue
+  * Update contributors
+  * Making clippy happy (#420)
+  * Fix 421 - clearer debug messages when doing things (#422)
+  * 62 idm qs cleanup (#419)
+  * Rough working login page (#417)
+  * Make clippy happy (#415)
+  * More debug messages (#413)
+  * merging upstream (#411)
+  * Improve error message when socket not found (#412)
+  * Idlset2, query cache, acp resolve cache (#409)
+  * Add lto thin (#410)
+  * fixing broken action (#405)
+  * Basic documentation for monitoring (#404)
+  * Create design for mfa_backup_code.rst (#402)
+  * phrasing (#401)
+  * Docs update (#400)
+- Remove un-needed source files:
+    * kanidm-unixd-tasks.service
+    * kanidm-unixd.service
+    * kanidmd.service
+    * server.toml
+
+-------------------------------------------------------------------
+Thu Jun 24 02:54:31 UTC 2021 - wbrown@suse.de
+
+- Update to version 1.1.0~alpha4~git54.675146e:
+  * check user shell (#392) (#490)
+  * Removed `OperationResponse` (#489)
+  * Set default shell to `bin/sh` (#488)
+  * 20210607 orca ldap (#470)
+  * `kanidm_client` bool/return values (#479)
+  * Arc cachesize warning fixes (#483)
+  * Closure Refactoring (#482)
+
+-------------------------------------------------------------------
+Wed Jun 16 02:38:11 UTC 2021 - wbrown@suse.de
+
+- Update to version 1.1.0~alpha4~git47.5e83b68:
+  * Renamed fields in `dbvalue` (#477)
+  * 471 add service files (#474)
+  * fixes #478 - adds note about web ui already being packaged (#480)
+  * unixd will now bail if startup tests fail (#476)
+  * Add email syntax (#465)
+  * Add some openid stubs (#464)
+  * Add auth docs (#463)
+  * 64 120 session claims (#462)
+  * Add ldap vattr mapping (#459)
+
+-------------------------------------------------------------------
+Thu May 27 11:18:43 UTC 2021 - wbrown@suse.de
+
+- Update to version 1.1.0~alpha4~git38.d978c9d:
+  * Fix for unixd issue (#460)
+
+-------------------------------------------------------------------
+Wed May 26 06:12:04 UTC 2021 - wbrown@suse.de
+
+- Update to version 1.1.0~alpha4~git37.e8b1089:
+  * 414 clear stale credentials (#447)
+  * Fix multivalue setting of description attribute (#457)
+  * 445 update pam nsswitch md (#451)
+  * simpler ip logging (#454)
+  * I might have become clippy this time (#449)
+  * Calming clippy's nerves, Friday edition (#448)
+  * 444 - client's config URI missing and more file open handling (#446)
+  * Fix proxy usage in tests (#443)
+  * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442)
+  * oauth design (#441)
+  * Adding an example config file (#440)
+  * adding env vars, making clippy happier, cleaning up some error messages (#438)
+  * 20210509 cleanup clippy and audit name (#437)
+  * 277 radius pw not accept for main pw (#435)
+  * Orca - a load testing framework for Kanidm (#431)
+  * Add verification of name indexes (#433)
+  * Add ability to pick a server role (#432)
+  * Adding a new verb group remove_members (#434)
+  * 397 Caching password badlist (#425)
+  * User feedback improvements, also handling a permissions issue (#424)
+  * Fix concat issue
+  * Update contributors
+  * Making clippy happy (#420)
+  * Fix 421 - clearer debug messages when doing things (#422)
+  * 62 idm qs cleanup (#419)
+  * Rough working login page (#417)
+  * Make clippy happy (#415)
+  * More debug messages (#413)
+  * merging upstream (#411)
+  * Improve error message when socket not found (#412)
+  * Idlset2, query cache, acp resolve cache (#409)
+  * Add lto thin (#410)
+  * fixing broken action (#405)
+  * Basic documentation for monitoring (#404)
+  * Create design for mfa_backup_code.rst (#402)
+  * phrasing (#401)
+  * Docs update (#400)
+
 -------------------------------------------------------------------
 Thu Apr 01 01:11:04 UTC 2021 - wbrown@suse.de
 

kanidm.spec

@@ -19,7 +19,7 @@
 %global rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2
 
 Name:           kanidm
-Version:        1.1.0~alpha4~git0.0ac5da8
+Version:        1.1.0~alpha5~git0.4be329e
 Release:        0
 Summary:        A identity management service and clients.
 License:        ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+
@@ -27,23 +27,21 @@ URL:            https://github.com/Firstyear/kanidm
 Source:         kanidm-%{version}.tar.xz
 Source1:        vendor.tar.xz
 Source2:        cargo_config
-Source10:       kanidmd.service
-Source11:       kanidm-unixd.service
-Source12:       server.toml
-Source13:       kanidm-unixd-tasks.service
 
-ExcludeArch:    %ix86 s390x ppc64 ppc64le armhfp armv7hl
+ExcludeArch:    %ix86 s390x ppc ppc64 ppc64le armhfp armv6l armv7l armv7hl
 
 BuildRequires:  cargo
 BuildRequires:  libudev-devel
 BuildRequires:  pam-devel
-BuildRequires:  rust >= 1.45.0
+BuildRequires:  rust >= 1.52.1
 BuildRequires:  sqlite-devel
-BuildRequires:  pkgconfig(openssl)
 
 %if 0%{?rhel} > 7 || 0%{?fedora}
+BuildRequires:  openssl-devel
 BuildRequires:  systemd
 %{?systemd_requires}
+%else
+BuildRequires:  pkgconfig(openssl)
 %endif
 
 Requires:       %{name}-clients
@@ -144,11 +142,10 @@ install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_unixd_stat
 install -m 0644 %{_builddir}/%{name}-%{version}/target/release/libnss_kanidm.so %{buildroot}%{_libdir}/libnss_kanidm.so.2
 install -m 0644 %{_builddir}/%{name}-%{version}/target/release/libpam_kanidm.so %{buildroot}/%_lib/security/pam_kanidm.so
 
-install -m 0644 %{SOURCE10} %{buildroot}%{_unitdir}/kanidmd.service
+install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/kanidmd.service %{buildroot}%{_unitdir}/kanidmd.service
-
+install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/kanidm-unixd.service %{buildroot}%{_unitdir}/kanidm-unixd.service
-install -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/kanidm-unixd.service
+install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/kanidm-unixd-tasks.service %{buildroot}%{_unitdir}/kanidm-unixd-tasks.service
-install -m 0640 %{SOURCE12} %{buildroot}%{configdir}/server.toml
+install -m 0640 %{_builddir}/%{name}-%{version}/examples/server.toml %{buildroot}%{configdir}/server.toml
-install -m 0644 %{SOURCE13} %{buildroot}%{_unitdir}/kanidm-unixd-tasks.service
 
 install -m 0755 %{_builddir}/%{name}-%{version}/target/release/_completions/_kanidmd   %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidmd
 install -m 0755 %{_builddir}/%{name}-%{version}/target/release/_completions/_kanidm   %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm

kanidmd.service

@@ -1,17 +0,0 @@
-# You should not need to edit this file. Instead, use a drop-in file as described in:
-#   /usr/lib/systemd/system/kanidmd.service.d/custom.conf
-
-[Unit]
-Description=Kanidm Identity Server
-After=chronyd.service ntpd.service network-online.target
-Before=radiusd.service
-
-[Service]
-Type=simple
-DynamicUser=yes
-UMask=0027
-StateDirectory=kanidmd
-ExecStart=/usr/sbin/kanidmd server -c /etc/kanidm/server.toml
-
-[Install]
-WantedBy=multi-user.target

server.toml

@@ -1,7 +0,0 @@
-bindaddress = "127.0.0.1:8443"
-# ldapbindaddress = "127.0.0.1:3636"
-db_path = "/var/lib/kanidmd/kanidm.db"
-# tls_ca = "/var/lib/kanidmd/ca.pem"
-# tls_cert = "/var/lib/kanidmd/cert.pem"
-# tls_key = "/var/lib/kanidmd/key.pem"
-# log_level = "

vendor.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5f5311e5cedae06503bc7b86ce7eb43bee66ab935d788735ee38eb1bcc156755
+oid sha256:c48a647976ee4fcbbf854265c76b77a4828c13393786dd0481f4fd93fbc8272b
-size 28555024
+size 31898032