Accepting request 1321892 from network:idm

OBS-URL: https://build.opensuse.org/request/show/1321892
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kanidm?expand=0&rev=60

_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/kanidm/kanidm.git</param>
     <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
     <param name="scm">git</param>
-    <param name="revision">1.7.0</param>
+    <param name="revision">1.8.0</param>
     <param name="match-tag">v*</param>
     <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
     <param name="versionrewrite-replacement">\1</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/kanidm/kanidm.git</param>
-              <param name="changesrevision">130a31d295c8d93c9efb8151d211e7d47f0ecc1a</param></service></servicedata>
+              <param name="changesrevision">2449805e30a9ae8be267d4377aa7d9243f2af519</param></service></servicedata>

kanidm-1.7.1~git0.130a31d29.tar.zst

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4f2fd2f0577ab17f368c8dce164ec0bd24a2401053a4989208da98867585da7d
-size 6925653

kanidm-1.8.4~git0.2449805e3.tar.zst

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4f154095e0f46cc4dc2556f3b7871a09b88188ed0af8004abeb5e65c59576ce3
+size 6979729

kanidm.changes

@@ -1,3 +1,179 @@
+-------------------------------------------------------------------
+Wed Dec 10 06:20:30 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.8.4~git0.2449805e3:
+  * Release 1.8.4
+  * Handle concurrent pam sessions. (#4001)
+  * fix: correcting parsing of backup compression input (#3995)
+  * fixing up docs builds (#4006)
+
+-------------------------------------------------------------------
+Fri Nov 28 06:02:48 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.8.3~git0.471c021f2:
+  * Release 1.8.3
+  * Resolve infinite reauth loop
+
+-------------------------------------------------------------------
+Fri Nov 28 04:08:34 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.8.2~git0.387e2ce61:
+  * Release 1.8.2
+  * Prevent deprecation warnings affecting release
+  * Ignore CredentialTypeMinimum during migrations (#3991)
+  * Report correct client IP in request log (#3990)
+  * Ensure that privileged sessions expirations are synced (#3984)
+  * Missing constraint on skip upgrade process (#3983)
+  * Document the upgrade process through versions. (#3982)
+  * lib crypto should not depend on proto (#3975)
+  * Change AttributeUniqueness to yield BAD_REQUEST (#3974)
+  * fix: kanidm_build_profiles has unwrap which can cause builds to fail (#3973)
+
+-------------------------------------------------------------------
+Wed Nov 19 04:16:56 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.8.1~git0.3d1bdfd13:
+  * Release 1.8.1
+  * Small fixes (#3965)
+  * Make log messages more verbose for issues with resources server (#3954)
+  * unixd_tasks: update home alias symlink conditionally and atomically (#3947)
+  * Manually handle form bytes to allow optional encoding (#3968)
+  * Improve handling of ready event (#3967)
+  * Fix typo in kanidm-ldap-sync (#3964)
+
+-------------------------------------------------------------------
+Thu Nov 13 04:50:16 UTC 2025 - William Brown <william.brown@suse.com>
+
+- Resolve Leap:15 build issues
+
+-------------------------------------------------------------------
+Wed Nov 12 06:55:32 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.8.0~git0.42d0e864c:
+  * Release 1.8.0
+  * 20251108 lld (#3944)
+  * Improve uid/gid overlap message during IAM migration (#3943)
+  * Release 1.8.0-pre
+  * Release Prep (#3938)
+  * 20251029 hmac name uniqueness (#3931)
+  * sssshhhhh quiet there. (#3906)
+  * Add support for proxyv1 (#3935)
+  * 20251031 nss sync conn persist (#3921)
+  * Improve offline authentication (#3934)
+  * 20251005 multiple accept (#3933)
+  * Add CSS to support forced-colors on the toggle switch (#3932)
+  * Prevent replication certificate renewal deadlock
+  * fix: ensure CLI exits with non-zero code on HTTP client errors (#3929)
+  * Bump the all group with 5 updates (#3927)
+  * 20251015 OIDC auth source (#3905)
+  * Bump the all group with 2 updates (#3913)
+  * Bump the all group with 2 updates (#3914)
+  * Prevent users saving their credentials if there are none (#3805)
+  * Fix passkey typos (#3907)
+  * fix: Replace letter "d" by sink (#3909)
+  * Bump the all group with 33 updates (#3898)
+  * Fix: set OAuth2 JTI to session ID  (#3901)
+  * Open app links in new tabs (#3899)
+  * 20251009 account/group schema changes (#3880)
+  * [fix] Mail attribute on service accounts not accessible (#3893)
+  * Correct RADIUS API token generation examples (#3890)
+  * Foundations of message sending (#3878)
+  * 20251010 drop eckeys (#3882)
+  * Remove systemd notify-reload. (#3885)
+  * Bump the all group with 3 updates (#3884)
+  * 20250801 reference entries (#3863)
+  * 20251009 3829 OIDC groups (#3879)
+  * Bump the all group with 5 updates (#3876)
+  * 20251003 im silly (#3874)
+  * When no upgrade checks are performed, issue a status: PASS (#3873)
+  * Example of ipv4 to ipv6 addr mapping. (#3871)
+  * 20250919 csp again (#3856)
+  * client_secret_post auth for oauth2 endpoints (#3833)
+  * Fix some CLI things (#3870)
+  * Bump the all group with 6 updates (#3869)
+  * Use connection address for Proxy::Local Requests (#3868)
+  * Dont prevalidate UAT on oauth2 routes (#3865)
+  * Backup Compression (#3821)
+  * fix: always throw error when pam_allowed_login_groups is empty in Kanidm unixd (#3840)
+  * update oauth2 outline config example (#3826)
+  * Syntax errors in openapi.json (#3859)
+  * fix: stop duplicating logs in otel mode (#3704)
+  * Update fedora docs, start to add authselect profile (#3806)
+  * Document oauth2 shortnames in book (#3857)
+  * Bump the all group with 9 updates (#3861)
+  * fix: Revert adding fetching ui hints to the reset-credentials flow. (#3831)
+  * 20250912 unixd performance (#3846)
+  * Fix readme file for better readability (#3775)
+  * Updates for rust 1.90 (#3855)
+  * Add password check api (#3847)
+  * Bump the all group with 3 updates (#3853)
+  * Add form-action localhost to csp (#3849)
+  * Bump the all group across 1 directory with 8 updates (#3845)
+  * Bump actions/setup-python from 5 to 6 in the all group (#3842)
+  * docs: Don't enable unixd Kanidm provider in safe default config (#3839)
+  * Add yescrypt support (#3844)
+  * fix: spelling (#3841)
+  * Bump the all group with 2 updates (#3836)
+  * Bump tracing-subscriber from 0.3.19 to 0.3.20 in the cargo group (#3832)
+  * CLI gardening (#3819)
+  * Bump the all group with 7 updates (#3823)
+  * Bump actions/upload-pages-artifact from 3 to 4 in the all group (#3824)
+  * Prevent memory exhaustion on freebsd builds (#3818)
+  * Make it clearer why acceptor isnt available (#3812)
+  * Minor: reduce logging verbosity during debug (#3810)
+  * Handle IP addresses in replication SAN field (#3811)
+  * Update to use the codec properly (#3807)
+  * Show the admin page in the navbar when the user has experiment ui hint. (#3793)
+  * Bump actions/checkout from 4 to 5 in the all group (#3803)
+  * Bump the all group with 5 updates (#3804)
+  * Update whatwg email validation regex (#3797)
+  * Fix account recover-disable edge case (#3796)
+  * Dynamic version for centos/fedora repository (#3794)
+  * Resolve replication show-cert issue (#3792)
+  * Add json codec wrapper for unix integration (#3789)
+  * Break-glass account disable command (#3780)
+  * Bump the all group across 1 directory with 11 updates (#3790)
+  * Bump slab from 0.4.10 to 0.4.11 in the cargo group (#3788)
+  * [webui] add members to group (#3786)
+  * Bump actions/download-artifact from 4 to 5 in the all group (#3785)
+  * Make it clearer why the user can't login with unixd (#3778)
+  * fix: bump HSTS age to 2 years + 1 second (#3779)
+  * updating packages (#3774)
+  * Improve argon2id parameter search speed (#3768)
+  * Improve error messages during server startup to identify failing cert… (#3771)
+  * Update docs re PA and google (#3772)
+  * Forget username if user no longer wants to be remembered (#3770)
+  * 20250802 handle sec1 keys (#3769)
+  * Trying to clean up order of operations in kanidm_unixd_tasks (#3762)
+  * Bump the all group with 7 updates (#3764)
+  * Provide correct access for RADIUS service accounts (#3759)
+  * Fix a couple of commands in the OAuth2 Proxy examples (#3758)
+  * Design doc for email messaging (#3729)
+  * 20250725 unixd access token (#3751)
+  * 20250729 dev version (#3757)
+
+-------------------------------------------------------------------
+Fri Aug 22 03:46:01 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.7.3~git0.10847190e:
+  * Release 1.7.3
+  * Make it clearer why acceptor isnt available (#3812)
+  * Minor: reduce logging verbosity during debug (#3810)
+  * Handle IP addresses in replication SAN field (#3811)
+  * Update to use the codec properly (#3807)
+
+-------------------------------------------------------------------
+Fri Aug 15 04:45:26 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.7.2~git0.d331ea986:
+  * Release 1.7.2
+  * Resolve replication show-cert issue (#3792)
+  * Add json codec wrapper for unix integration (#3789)
+  * Trying to clean up order of operations in kanidm_unixd_tasks (#3762)
+  * Break-glass account disable command (#3780)
+  * Make it clearer why the user can't login with unixd (#3778)
+  * Improve argon2id parameter search speed (#3768)
+
 -------------------------------------------------------------------
 Wed Aug 06 01:11:19 UTC 2025 - william.brown@suse.com
 

kanidm.spec

@@ -1,6 +1,7 @@
 #
 # spec file for package kanidm
 #
+# Copyright (c) 2025 SUSE LLC
 # Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
@@ -20,7 +21,7 @@
 %define configdir %{_sysconfdir}/kanidm
 
 Name:           kanidm
-Version:        1.7.1~git0.130a31d29
+Version:        1.8.4~git0.2449805e3
 Release:        0
 Summary:        A identity management service and clients.
 License:        ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+
@@ -29,21 +30,16 @@ Source:         kanidm-%{version}.tar.zst
 Source1:        vendor.tar.zst
 
 BuildRequires:  cargo
-%if 0%{?is_opensuse}
-BuildRequires:  cargo-packaging
-BuildRequires:  llvm-clang >= 13
-%else
-BuildRequires:  clang >= 13
-BuildRequires:  lld >= 13
-%endif
+BuildRequires:  clang
 BuildRequires:  libselinux-devel
 BuildRequires:  libudev-devel
 BuildRequires:  pam-devel
-BuildRequires:  rust >= 1.69.0
+BuildRequires:  rust >= 1.90.0
 BuildRequires:  sqlite-devel
 %if 0%{?rhel} > 7 || 0%{?fedora}
 BuildRequires:  tpm2-tss-devel
 %else
+BuildRequires:  cargo-packaging
 BuildRequires:  tpm2-0-tss-devel
 # BuildRequires:  tpm2-openssl
 %endif
@@ -120,18 +116,16 @@ find vendor -type f -name \*.rs -exec chmod -x '{}' \;
 %build
 # Set our build profile, this will autodetect our cpu flags
 export KANIDM_BUILD_PROFILE=%{kanidm_profile}
+
 # Show linking info for debugging
 # export RUSTC_LOG='rustc_codegen_ssa::back::link=info'
 # Dump the target features of this cpu.
 rustc --print target-cpus
 
-%if 0%{?is_opensuse}
-# Override buildflags, we want to use clang + lld here. It's much better/faster than bfd.
-%define build_rustflags -C linker=clang -C link-arg=-fuse-ld=/usr/lib/rustlib/%{_arch}-unknown-linux-gnu/bin/gcc-ld/ld.lld
-
-%{cargo_build} --features=kanidm_unix_int/tpm,kanidm_unix_int/selinux
+%if 0%{?rhel} > 7 || 0%{?fedora}
+CARGO_INCREMENTAL=0 CARGO_FEATURE_VENDORED=1 RUSTFLAGS="-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 -C strip=none" cargo build --release --features=kanidm_unix_int/selinux
 %else
-CARGO_INCREMENTAL=0 CARGO_FEATURE_VENDORED=1 RUSTFLAGS="-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 -C strip=none -C linker=clang -C link-arg=-fuse-ld=lld" cargo build --release --features=kanidm_unix_int/selinux
+%{cargo_build} --features=kanidm_unix_int/tpm,kanidm_unix_int/selinux
 %endif
 
 %install

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4d9ac5aee0bfba307bb4f73b7cf0e8ac8c78d99cf0806ce56690ab31fef1f403
-size 73231204
+oid sha256:9c23f3a4cc988056d958fb5ec9f2520784aac1a5efe55cef82507f514a26ef93
+size 80150393