pool/kanidm
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory
pool:devel
rpm:factory
rpm:devel
..
compare: rpm:factory
Branches Tags
rpm:factory
rpm:devel
pool:factory
pool:devel

No commits in common. "factory" and "factory" have entirely different histories.
factory ... factory

7 changed files with 13 additions and 245 deletions
Show Stats Expand all files Collapse all files

2
_service
View File

@ -3,7 +3,7 @@
<param name="url">https://github.com/kanidm/kanidm.git</param> <param name="url">https://github.com/kanidm/kanidm.git</param>
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param> <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="revision">1.4.0</param> <param name="revision">1.3.0</param>
<param name="match-tag">v*</param> <param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param> <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param> <param name="versionrewrite-replacement">\1</param>

2
_servicedata
View File

@ -1,4 +1,4 @@
<servicedata> <servicedata>
<service name="tar_scm"> <service name="tar_scm">
<param name="url">https://github.com/kanidm/kanidm.git</param> <param name="url">https://github.com/kanidm/kanidm.git</param>
<param name="changesrevision">a7fabdedefa1afec41221d73861bac35af9c0b6f</param></service></servicedata> <param name="changesrevision">f075d13e165f0587054e2c91bc9175b7b1f2a806</param></service></servicedata>

3
kanidm-1.3.3~git0.f075d13.tar.zst Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea1ecccc0cb1ac71c30ee3b5442b271222e4c2b607f609a07b4cfeab371a44af
size 11628892

3
kanidm-1.4.5~git0.a7fabde.tar.zst
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:073e89a14b896c634d46aadb00b0da4163bd9b7d4c13f055f5dd2878e37740fd
size 6861536

229
kanidm.changes
View File

@ -1,232 +1,3 @@
-------------------------------------------------------------------
Sat Dec 21 07:57:16 UTC 2024 - william.brown@suse.com
- Update to version 1.4.5~git0.a7fabde:
* Release 1.4.5
* nss/pam resolver should reauth faster (#3309)
* Further SCIM sync testing, minor fixes (#3305)
* Automatically trigger passkeys on login view (#3307)
* Re-add enrol another device flow
* Improved Cookie Removal
* Allow reseting account policy values to defaults (#3306)
* Incorrect member name in groups (#3302)
* SCIM Sync Missing Annotation (#3300)
* Ignore system users for UPG synthesiseation (#3297)
* Limit OAuth2 resumption to session (#3296)
* Use specific errors for intent token revoked (#3291)
* Autocomplete password during reauth with TOTP (#3290)
* Add CORS headers to jwks and userinfo (#3283)
-------------------------------------------------------------------
Wed Dec 11 03:12:47 UTC 2024 - William Brown <william.brown@suse.com>
- Require system-user-nobody to prevent install ordering issue with
invalid rpc/statd users
-------------------------------------------------------------------
Tue Dec 03 05:55:52 UTC 2024 - william.brown@suse.com
- Update to version 1.4.4~git0.c3dbf83:
* Release 1.4.4
* Check DNS on replication loop start not at task start (#3243)
* Work around systemd race condition (#3262)
* Clear invalid tokens from unix resolver (#3256)
* Allow OAuth2 loopback redirects if the path matches (#3252)
* Correctly display domain name on login (#3254)
* Display account_id during success/deny paths in unixd (#3253)
* s/idm_people_self_write_mail/idm_people_self_mail_write/g (#3250)
* handle missing map_group setting in config (#3242)
* owncloud: Add SameSite=Lax config for cross-domain auth (#3245)
* Yaleman/issue3229 (#3239)
-------------------------------------------------------------------
Fri Nov 22 07:08:34 UTC 2024 - william.brown@suse.com
- Update to version 1.4.3~git1.078625c:
* Update to latest fido-mds-tool (#3230)
-------------------------------------------------------------------
Fri Nov 22 06:52:53 UTC 2024 - william.brown@suse.com
- Update to version 1.4.3~git0.fb00176:
* Release 1.4.3
* Warn when v2 options are used in v1 unixd config (#3228)
* Resolve UI Auth Loop with OAuth2 (#3226)
* Harden transport in pam unixd (#3227)
* Improve warning around invalid JWT deserialisation (#3224)
* Update and fix server config files in examples. (#3225)
* Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212)
* Add docs on customising Kanidm. (#3209)
* Correct spelling of occurred (#3222)
* UI/Feature polish (#3191)
* Prevent Invalid MFA Reg States (#3194)
* Change CSS for applications so SVG scales nicely in Firefox. (#3200)
* 20241109 3185 max age (#3196)
* Hoist max_age to prevent incorrect deserialisation (#3190)
* Release 1.4.2
* Re-migrate all acps to force updating (#3184)
* security - low - fault in migrations (#3182)
-------------------------------------------------------------------
Tue Nov 05 05:13:11 UTC 2024 - william.brown@suse.com
- Update to version 1.4.1~git0.ad93202:
* Release 1.4.1
* Correct missing CSP header (#3177)
* Resolve pam services not always having a tty (#3176)
-------------------------------------------------------------------
Sun Nov 03 00:17:17 UTC 2024 - william.brown@suse.com
- Update to version 1.4.0~git2.770efa8:
* Resolve incorrect handling of rhost in pam (#3171)
-------------------------------------------------------------------
Fri Nov 01 02:24:42 UTC 2024 - william.brown@suse.com
- Update to version 1.4.0~git1.c297c3f:
* Docker makefile latest
* Release 1.4.0
* chore: Made oauth2 scopes required in CLI (#3165)
* More "choosing a domain" revision (#3161)
* Update missing inputmode numeric when adding a new TOTP. (#3160)
* Improve OAuth2 authorisation ux (#3158)
* Fix attribute scim sync attribute naming (#3159)
* Change to text input and use numeric mode for TOTP prompts. (#3154)
* Fix release note date and typos (#3153)
* Release 1.4.0-pre
* Release Notes (#3149)
* Remove WASM (#3148)
* Rewrite "choosing a domain", add other considerations (#3147)
* Harmonize UI and remove unused css (#3033)
* ripping out some extra packages (#3146)
* OAuth2 Device flow foundations (#3098)
* htmx by default (#3145)
* Support reloading via systemd (#3144)
* Chore: Refactor Groups to be more generic (#3136)
* 20241024 1271 cert reload on SIGHUP (#3140)
* Update docs, improve locking (#3141)
* 2856 - use tags for containers on build (#3139)
* Fix image when too smol (#3138)
* yale's rabbit-hole-chasing-htmx-fixing-megapatch (#3135)
* ipinfo should be single value (#3137)
* Tidy the reauth ui (#3130)
* Add missing schemas to get OpenAPI validation to pass. (#3129)
* Change some OperationError into HTTP Bad Request (400). (#3125)
* Bump the all group with 11 updates (#3127)
* Bump the all group in /pykanidm with 5 updates (#3128)
* Fill in some Swagger API docs for a few v1 endpoints. (#3126)
* Diagram Improvements in Book (#3124)
* Fix passkey auth flow redirects (#3123)
* Improve handling of inaccesible shadow file (#3122)
* Log HTTP Not Found (404) as info log level. (#3119)
* more errors for the people (#3121)
* 20241017 unixd home (#3113)
* 20241017 3107 token ttl (#3114)
* docs: Update kanidm_ppa instructions for new repo logic (#3117)
* fix(lint) minor lint fix for unnecessary match use (#3118)
* Totp input changes (#3115)
* Add the strict flag on client creates for developers (#3111)
* Working scim entry get for person (#3088)
* Add nss testframework and fallback when daemon offline (#3093)
* Improve deb packaging, add aarch64 (#3083)
* Cache buster buster (#3091)
* fix(http): status content type should be JSON (#3096)
* Bump the all group across 1 directory with 7 updates (#3106)
* Bump the all group across 1 directory with 10 updates (#3103)
* 20241012 attr name SCIM fix (#3102)
* Scim add EntryReference (#3079)
* Bump the all group across 1 directory with 3 updates (#3094)
* Fix Increment Replication Post Upgrade (#3089)
* Remove white background from square logo (#3087)
* Add support for group extension (#3081)
* 20240921 ssh keys and unix password in credential update session (#3056)
* Fix landing and redirect URLs for GitLab, add some useful links (#3055)
* [htmx] Make it harder to miss the save button on the cred update page (#3013)
* Add example Outline config (#3076)
* 20240925 cleanups (#3060)
* Add instructions for unlinking Homebrew Rust on macOS (#3085)
* Don't reprompt for login when no session exists in cli (#3082)
* Make good on some TechDebt (#3084)
* Feat: Adding POSIX Password fallback (#3067)
* Bump the all group across 1 directory with 13 updates (#3080)
* Complete the implementation of the posix account cache (#3041)
* 20240926 tech debt (#3066)
* Fix migration of last mod cid (#3065)
* Increase totp secret size (#3061)
* Bump mozilla-actions/sccache-action from 0.0.5 to 0.0.6 in the all group (#3075)
* Improve pipe handling on linux (#3069)
* reformat oauth2 URL list, highlight legacy bits (#3062)
* scim_proto: fix incorrect language tag (#3064)
* Add ownCloud example config (#3059)
* Add example config for JetBrains Hub / YouTrack (#3058)
* Bump the all group with 8 updates (#3053)
* Bump the all group in /pykanidm with 3 updates (#3054)
* Document basic authenticating GitLab to Kanidm (#3050)
* fix(doc): updating docker container ref (#3049)
* Resolve incorrect SCIM Sync serialisation (#3047)
* CLI image error nicening (#3037)
* Add rfc7009 and rfc7662 metadata to oidc discovery (#3046)
* More openapi tweaks (#3038)
* Bump the all group with 6 updates (#3044)
* Bump the all group in /pykanidm with 3 updates (#3043)
* fix(docs): make it clearer that bearer auth is a thing (#3031)
* implements additional traits for filter types (#3036)
* 20240810 SCIM entry basic (#3032)
* CreatedAt/ModifiedAt fix (#3034)
* Pykanidm fixes (#3030)
* 20240906 Attribute as an Enum Type (#3025)
* Bump the all group with 9 updates (#3029)
* Bump the all group in /pykanidm with 4 updates (#3028)
* Credentials page/Self cred update flow UI improvements (#3012)
* 20240828 Support Larger Images, Allow Custom Domain Icons (#3016)
* MemberOf in search implies DirectMemberOf (#3024)
* fix(kanidm): don't allow empty string fields on CLI (#3018)
* Bump cryptography from 42.0.4 to 43.0.1 in /pykanidm in the pip group (#3023)
* generate completions for elvish and fish (#3015)
* Bump the all group with 4 updates (#3021)
* Bump the all group in /pykanidm with 3 updates (#3022)
* 20240820 SCIM value (#2992)
* fix(daemon): handling IPv6 addresses in healthcheck (#3004)
* fix(webui): Javascript errors after server-side update blocking login. Fixed after cache invalidating (#3011)
* OAuth2 Token Type (#3008)
* Bump the all group in /pykanidm with 4 updates (#3007)
* Bump the all group with 8 updates (#3006)
* Spattering of oauth2 stuff (#3000)
* Doc multi instance (#2997)
* Expose group rename (#2999)
* feat: self cred update flow (#2995)
* Better Error Message (#2998)
* Add missing group for application admin (#2991)
* enforcen den clippen (#2990)
* 20240817 group mail acp (#2982)
* 20240810 application passwords (#2968)
* Bump the all group with 17 updates (#2986)
* Bump the all group in /pykanidm with 3 updates (#2985)
* Mail substr index (#2981)
* Doc format, add api-token section (#2975)
* [HTMX] small profile improvements (#2974)
* Foundations of pam/nss multi resolver
* TLS, no seriously. (#2963)
* Update suse.md to avoid Authentication token manipulation error (#2973)
* Add Alpine Linux installation instructions (#2871)
* Bump the all group across 1 directory with 10 updates (#2966)
* [HTMX] User settings (#2929)
* Bump the all group in /pykanidm with 2 updates (#2965)
* Docs updates (#2961)
* Bump aiohttp from 3.10.0 to 3.10.2 in /pykanidm in the pip group (#2962)
* Prevent bug in pam (#2960)
* Improve migration error message (#2959)
* Fix incorrect logic in cred update flow (#2956)
* Docker-and-docs-fixes (#2954)
* Bump the all group in /pykanidm with 5 updates (#2952)
* Bump the all group with 10 updates (#2953)
* Added orca flag to extend privileged authentication expiry (#2949)
* In honour of SebaT, error on db lock acq timeout (#2947)
* Add measurement of lock acquisition (#2946)
* [htmx] Credential Update page (#2897)
* Update to 1.4.0-dev (#2943)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 12 00:23:51 UTC 2024 - William Brown <william.brown@suse.com> Thu Sep 12 00:23:51 UTC 2024 - William Brown <william.brown@suse.com>

15
kanidm.spec
View File

@ -20,7 +20,7 @@
%define configdir %{_sysconfdir}/kanidm %define configdir %{_sysconfdir}/kanidm
Name: kanidm Name: kanidm
Version: 1.4.5~git0.a7fabde Version: 1.3.3~git0.f075d13
Release: 0 Release: 0
Summary: A identity management service and clients. Summary: A identity management service and clients.
License: ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+ License: ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+
@ -90,9 +90,6 @@ Requires: tpm2-tss
%else %else
Requires: system-user-tss Requires: system-user-tss
Requires: tpm2.0-tools Requires: tpm2.0-tools
# progress.o.o #170107 - prevent an error for installing system-user-nobody due to invalid /etc/passwd
# configuration of the statd and rpc users.
Requires: system-user-nobody
%endif %endif
%description unixd-clients %description unixd-clients
@ -178,7 +175,7 @@ install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/
install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/kanidm_ssh_authorizedkeys.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys.sh install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/kanidm_ssh_authorizedkeys.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys.sh
cp -r %{_builddir}/kanidm-%{version}/book/src/ %{buildroot}%{_datadir}/kanidm/docs/ cp -r %{_builddir}/kanidm-%{version}/book/src/ %{buildroot}%{_datadir}/kanidm/docs/
cp -r %{_builddir}/kanidm-%{version}/server/core/static %{buildroot}%{_datadir}/kanidm/ui/hpkg cp -r %{_builddir}/kanidm-%{version}/server/web_ui/pkg %{buildroot}%{_datadir}/kanidm/ui/pkg
## End install ## End install
@ -267,10 +264,10 @@ cp -r %{_builddir}/kanidm-%{version}/server/core/static %{buildroot}%{_datadir}/
%{_unitdir}/kanidm-ipa-sync.service %{_unitdir}/kanidm-ipa-sync.service
%dir %{_datadir}/kanidm %dir %{_datadir}/kanidm
%dir %{_datadir}/kanidm/ui %dir %{_datadir}/kanidm/ui
%dir %{_datadir}/kanidm/ui/hpkg %dir %{_datadir}/kanidm/ui/pkg
%dir %{_datadir}/kanidm/ui/hpkg/external %dir %{_datadir}/kanidm/ui/pkg/external
%{_datadir}/kanidm/ui/hpkg/* %{_datadir}/kanidm/ui/pkg/*
%{_datadir}/kanidm/ui/hpkg/external/* %{_datadir}/kanidm/ui/pkg/external/*
%dir %{configdir} %dir %{configdir}
%config(noreplace) %{configdir}/server.toml %config(noreplace) %{configdir}/server.toml
%dir %{_sysconfdir}/zsh_completion.d %dir %{_sysconfdir}/zsh_completion.d

4
vendor.tar.zst
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:7d577decb3b20a1309b40e55d4a83cc0663301c927549e4a8d735f992d6bdb89 oid sha256:59dc51d23d78ff8cb7d6fce2810142e7d03bb3523ce5fa6cb2306f0e0c6f5ede
size 68718947 size 69311053