sssd/sssd.spec

#
# spec file for package sssd
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           sssd
Version:        1.12.3
Release:        0
Summary:        System Security Services Daemon
License:        GPL-3.0+ and LGPL-3.0+
Group:          System/Daemons
Url:            https://fedorahosted.org/sssd/

#Git-Clone:	git://git.fedorahosted.org/sssd
Source:         https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
Source2:        https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc
Source3:        baselibs.conf
Source4:        sssd.service
Source5:        %name.keyring
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Patch1:         0001-build-detect-endianness-at-configure-time.patch

%define servicename	sssd
%define sssdstatedir	%_localstatedir/lib/sss
%define dbpath		%sssdstatedir/db
%define pipepath	%sssdstatedir/pipes
%define pubconfpath	%sssdstatedir/pubconf

BuildRequires:  autoconf >= 2.59
BuildRequires:  automake
BuildRequires:  bind-utils
BuildRequires:  cifs-utils-devel
BuildRequires:  cyrus-sasl-devel
BuildRequires:  docbook-xsl-stylesheets
%if 0%{?suse_version} >= 1320
BuildRequires:  krb5-devel >= 1.12
%define have_localauth 1
%else
BuildRequires:  krb5-devel
%define have_localauth 0
%endif
BuildRequires:  libsmbclient-devel
BuildRequires:  libtool
BuildRequires:  libxml2-tools
BuildRequires:  libxslt-tools
BuildRequires:  nscd
BuildRequires:  openldap2-devel
BuildRequires:  pam-devel
BuildRequires:  pkg-config
BuildRequires:  pkgconfig >= 0.21
BuildRequires:  systemd-rpm-macros
BuildRequires:  pkgconfig(augeas) >= 1.0.0
BuildRequires:  pkgconfig(collection) >= 0.5.1
BuildRequires:  pkgconfig(dbus-1) >= 1.0.0
BuildRequires:  pkgconfig(dhash) >= 0.4.2
BuildRequires:  pkgconfig(glib-2.0)
BuildRequires:  pkgconfig(ini_config) >= 1.1.0
BuildRequires:  pkgconfig(ldb) >= 0.9.2
BuildRequires:  pkgconfig(libcares)
BuildRequires:  pkgconfig(libcrypto)
BuildRequires:  pkgconfig(libnfsidmap)
BuildRequires:  pkgconfig(libnl-3.0) >= 3.0
BuildRequires:  pkgconfig(libnl-route-3.0) >= 3.0
BuildRequires:  pkgconfig(libpcre) >= 7
BuildRequires:  pkgconfig(libsystemd-login)
BuildRequires:  pkgconfig(ndr_nbt)
BuildRequires:  pkgconfig(popt)
BuildRequires:  pkgconfig(python)
BuildRequires:  pkgconfig(talloc)
BuildRequires:  pkgconfig(tdb) >= 1.1.3
BuildRequires:  pkgconfig(tevent)
%{?systemd_requires}
Requires:       sssd-ldap = %version-%release
Requires(postun): pam-config
Provides:       sssd-client = %version-%release

%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

%package ad
Summary:        The ActiveDirectory backend plugin for sssd
License:        GPL-3.0+
Group:          System/Daemons
Requires:       %name-krb5-common = %version

%description ad
Provides the Active Directory back end that the SSSD can utilize to
fetch identity data from and authenticate against an Active Directory
server.

%package dbus
Summary:        The D-Bus responder of sssd
License:        GPL-3.0+
Group:          System/Base
Requires:       %name = %version

%description dbus
Provides the D-Bus responder of sssd, called InfoPipe, which allows
information from sssd to be transmitted over the system bus.

%package ipa
Summary:        FreeIPA backend plugin for sssd
License:        GPL-3.0+
Group:          System/Daemons
Requires:       %name = %version
Requires:       %name-krb5-common = %version-%release
Obsoletes:      %name-ipa-provider < %version-%release
Provides:       %name-ipa-provider = %version-%release

%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity
data from and authenticate against an IPA server.

%package krb5
Summary:        The Kerberos authentication backend plugin for sssd
License:        GPL-3.0+
Group:          System/Daemons
Requires:       %name-krb5-common = %version-%release

%description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.

%package krb5-common
Summary:        SSSD helpers needed for Kerberos and GSSAPI authentication
License:        GPL-3.0+
Group:          System/Daemons

%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can
use for Kerberos user or host authentication.

%package ldap
Summary:        The LDAP backend plugin for sssd
License:        GPL-3.0+
Group:          System/Daemons
Requires:       %name-krb5-common = %version-%release

%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch
identity data from and authenticate against an LDAP server.

%package proxy
Summary:        The proxy backend plugin for sssd
License:        GPL-3.0+
Group:          System/Daemons

%description proxy
Provides the proxy back end which can be used to wrap an existing NSS
and/or PAM modules to leverage SSSD caching.

%package tools
Summary:        Commandline tools for sssd
License:        GPL-3.0+ and LGPL-3.0+
Group:          System/Management
Requires:       python-sssd-config = %version
Requires:       sssd = %version

%description tools
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).

%package wbclient
Summary:        SSSD's implementation of the Winbind pipe protocol
License:        LGPL-3.0+
Group:          System/Libraries

%description wbclient
libwbclient is a plugin for the Samba client, though it has been
implemented as a regular shared library requested via DT_NEEDED.

sssd-wbclient implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and
groups identified by their SID to POSIX users and groups identified
by their POSIX UIDs and GIDs respectively.

%package wbclient-devel
Summary:        Development files for SSSD winbind
License:        LGPL-3.0+
Group:          Development/Libraries/C and C++
Requires:       %name-wbclient = %version

%description wbclient-devel
sssd-wbclient implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and
groups identified by their SID to POSIX users and groups identified
by their POSIX UIDs and GIDs respectively.

%package -n libipa_hbac0
Summary:        FreeIPA HBAC Evaluator library
License:        LGPL-3.0+
Group:          System/Libraries

%description -n libipa_hbac0
Utility library to validate FreeIPA HBAC rules for authorization
requests.

%package -n libipa_hbac-devel
Summary:        Development files for the FreeIPA HBAC Evaluator library
License:        LGPL-3.0+
Group:          Development/Libraries/C and C++
Requires:       libipa_hbac0 = %version

%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization
requests.

%package -n libnfsidmap-sss
Summary:        Library to allow communication between libnfsidmap and SSSD
License:        GPL-3.0+
Group:          System/Libraries
Supplements:    packageand(nfsidmap:sssd-client)

%description -n libnfsidmap-sss
A utility library to allow communication between libnfsidmap and SSSD.

%package -n libsss_idmap0
Summary:        FreeIPA ID mapping library
License:        LGPL-3.0+
Group:          System/Libraries

%description -n libsss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%package -n libsss_idmap-devel
Summary:        Development files for the FreeIPA idmap library
License:        LGPL-3.0+
Group:          Development/Libraries/C and C++
Requires:       libsss_idmap0 = %version

%description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%package -n libsss_nss_idmap0
Summary:        FreeIPA ID mapping library
License:        LGPL-3.0+
Group:          System/Libraries

%description -n libsss_nss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%package -n libsss_nss_idmap-devel
Summary:        Development files for the FreeIPA idmap library
License:        LGPL-3.0+
Group:          Development/Libraries/C and C++
Requires:       libsss_nss_idmap0 = %version

%description -n libsss_nss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%package -n libsss_simpleifp0
Summary:        The SSSD D-Bus responder helper library
License:        GPL-3.0+
Group:          System/Libraries

%description -n libsss_simpleifp0
This subpackage provides a library that simplifies the D-Bus API for
the SSSD InfoPipe responder.

%package -n libsss_simpleifp-devel
Summary:        Development files for the SSSD D-Bus responder helper library
License:        GPL-3.0+
Group:          Development/Libraries/C and C++
Requires:       libsss_simpleifp0 = %version

%description -n libsss_simpleifp-devel
This subpackage provides the development files for sssd's simpleifp,
a library that simplifies the D-Bus API for the SSSD InfoPipe
responder.

%package -n libsss_sudo
Summary:        A library to allow communication between sudo and SSSD
License:        LGPL-3.0+
Group:          System/Libraries
Provides:       libsss_sudo-devel = %version-%release
Obsoletes:      libsss_sudo-devel < %version-%release
# No provides: true obsolete.
Obsoletes:      libsss_sudo1
Supplements:    packageand(sudo:sssd-client)

%description -n libsss_sudo
A utility library to allow communication between sudo and SSSD.

%package -n python-ipa_hbac
Summary:        Python bindings for the FreeIPA HBAC Evaluator library
License:        LGPL-3.0+
Group:          Development/Libraries/Python
%py_requires

%description -n python-ipa_hbac
The python-ipa_hbac package contains the bindings so that libipa_hbac
can be used by Python applications.

%package -n python-sss_nss_idmap
Summary:        Python bindings for libsss_nss_idmap
License:        LGPL-3.0+
Group:          Development/Libraries/Python
%py_requires

%description -n python-sss_nss_idmap
The libsss_nss_idmap-python contains the bindings so that
libsss_nss_idmap can be used by Python applications.

%package -n python-sssd-config
Summary:        Python API for configuring sssd
License:        GPL-3.0+ and LGPL-3.0+
Group:          Development/Libraries/Python
%py_requires

%description -n python-sssd-config
Provide python module to access and manage configuration of the System 
Security Services Daemon (sssd).

%prep
%setup -q
%patch -P 1 -p1

%build
%if 0%{?suse_version} < 1210
# pkgconfig file not present
export LDB_LIBS="-lldb"
export LDB_CFLAGS=" "
export LDB_DIR="%_libdir/ldb"
%else
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
%endif

# help configure find nscd
export PATH="$PATH:/usr/sbin"

autoreconf -fiv;
export CFLAGS="%optflags -fPIE"
export LDFLAGS="-pie"
%configure \
    --with-crypto=libcrypto \
    --with-db-path="%dbpath" \
    --with-pipe-path="%pipepath" \
    --with-pubconf-path="%pubconfpath" \
    --with-init-dir="%_initrddir" \
    --enable-nsslibdir="/%_lib" \
    --enable-pammoddir="/%_lib/security" \
    --with-ldb-lib-dir="$LDB_DIR" \
    --with-selinux=no \
    --with-os=suse \
    --with-semanage=no \
    --disable-ldb-version-check \
    --disable-pac-responder

make %{?_smp_mflags} all

%install
b="%buildroot";
make install DESTDIR="$b"

# Copy default sssd.conf file
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
           "$b/%_mandir"/{uk/man5,uk/man8};
install -d "$b/%_sysconfdir/sssd";
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
%if 0%{?_unitdir:1}
install -d "$b/%_unitdir";
# Missing service file in 1.11.5.1
#install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service";
install -m644 %{S:4} "$b/%_unitdir/sssd.service";
rm -Rf "$b/%_initddir"
ln -s service "$b/%_sbindir/rcsssd"
%else
install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd";
ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd"
%endif

mkdir -p "$b/%_sysconfdir/ld.so.conf.d"
cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
	%_libdir/%name/modules
EOF
find "$b" -type f -name "*.la" -delete;

%if %suse_version <= 1110
# remove some unsupported languages, sssd does not contain
# translations for these anyway
rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN}
%endif

rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1"

%find_lang %name --all-name

%if 0%{?_unitdir:1}
%pre
%service_add_pre sssd.service
%endif

%post
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
/sbin/ldconfig
%if 0%{?_unitdir:1}
%service_add_post sssd.service
%endif

%if 0%{?_unitdir:1}
%preun
%service_del_preun sssd.service
%endif

%postun
if [ "$1" = "0" ]; then
	"%_sbindir/pam-config" -d --sss || :;
fi;
/sbin/ldconfig
%if 0%{?_unitdir:1}
# Clear caches, which may have an incompatible format afterwards
# (especially, downgrades)
rm -f /var/lib/sss/db/*.ldb
# del_postun includes a try-restart
%service_del_postun sssd.service
%else
%restart_on_update sssd
%endif
%insserv_cleanup

%post   -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%post   -n libsss_idmap0 -p /sbin/ldconfig
%postun -n libsss_idmap0 -p /sbin/ldconfig
%post   -n libsss_nss_idmap0 -p /sbin/ldconfig
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
%post   -n libsss_simpleifp0 -p /sbin/ldconfig
%postun -n libsss_simpleifp0 -p /sbin/ldconfig

%files -f sssd.lang
%defattr(-,root,root)
%doc COPYING
%if 0%{?_unitdir:1}
%_unitdir
%else
%_initrddir/%name
%endif
%_bindir/sss_ssh_*
%_sbindir/sssd
%_sbindir/rcsssd
%dir %_mandir/??/
%dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5*
%_mandir/??/man5/sssd.conf.5*
%_mandir/??/man8/sssd.8*
%_mandir/man1/sss_ssh_*
%_mandir/man5/sssd-simple.5*
%_mandir/man5/sssd-sudo.5*
%_mandir/man5/sssd.conf.5*
%_mandir/man8/sssd.8*
%dir %_libdir/%name/
%_libdir/%name/libsss_child*
%_libdir/%name/libsss_crypt*
%_libdir/%name/libsss_debug*
%_libdir/%name/libsss_semanage*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
%dir %_libdir/%name/modules/
%_libdir/%name/modules/libsss_autofs.so
%dir %_libdir/ldb/
%_libdir/ldb/memberof.so
%dir %_libexecdir/%name/
%_libexecdir/%name/sssd_autofs
%_libexecdir/%name/sssd_be
%_libexecdir/%name/sssd_nss
%_libexecdir/%name/sssd_pam
%_libexecdir/%name/sssd_ssh
%_libexecdir/%name/sssd_sudo
%_libexecdir/%name/sss_signal
%dir %sssdstatedir
%attr(700,root,root) %dir %dbpath/
%attr(755,root,root) %dir %pipepath/
%attr(700,root,root) %dir %pipepath/private/
%attr(755,root,root) %dir %pubconfpath/
%attr(750,root,root) %dir %_localstatedir/log/%name/
%dir %_sysconfdir/sssd/
%config(noreplace) %_sysconfdir/sssd/sssd.conf
%dir %_datadir/%name/
%_datadir/%name/sssd.api.conf
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-local.conf
%_datadir/%name/sssd.api.d/sssd-simple.conf
#
# sssd-client
#
/%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so
%_libdir/cifs-utils/
%_libdir/krb5/
%if %have_localauth
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%endif
%_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/man8/pam_sss.8*
%_mandir/man8/sssd_krb5_locator_plugin.8*

%files ad
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ad.so
%_libdir/%name/libsss_ad_common.so
%dir %_libexecdir/%name/
%_libexecdir/%name/gpo_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf
%_mandir/man5/sssd-ad.5*

%files dbus
%defattr(-,root,root)
%dir %_libexecdir/sssd/
%_libexecdir/sssd/sssd_ifp
%dir %_libdir/sssd/
%_libdir/sssd/libsss_config.so
%_mandir/man5/sssd-ifp.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ifp.5*
#%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
#%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service

%files ipa
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ipa*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf
%_mandir/man5/sssd-ipa.5*

%files krb5
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5.so
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5*

%files krb5-common
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5_common.so
%dir %_libexecdir/%name/
%_libexecdir/%name/krb5_child
%_libexecdir/%name/ldap_child

%files ldap
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ldap*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf
%_mandir/man5/sssd-ldap.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ldap.5*

%files proxy
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_proxy.so
%dir %_libexecdir/%name/
%_libexecdir/%name/proxy_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-proxy.conf

%files tools
%defattr(-,root,root)
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
%_sbindir/sss_groupadd
%_sbindir/sss_groupdel
%_sbindir/sss_groupmod
%_sbindir/sss_groupshow
%_sbindir/sss_seed
%_sbindir/sss_obfuscate
%_sbindir/sss_useradd
%_sbindir/sss_userdel
%_sbindir/sss_usermod
%dir %_mandir/??/man8/
%_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8*

%files wbclient
%defattr(-,root,root)
%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf
%dir %_libdir/sssd/
%dir %_libdir/sssd/modules/
%_libdir/sssd/modules/libwbclient.so.*

%files wbclient-devel
%defattr(-,root,root)
%_includedir/wbclient_sssd.h
%dir %_libdir/sssd/
%dir %_libdir/sssd/modules/
%_libdir/sssd/modules/libwbclient.so
%_libdir/pkgconfig/wbclient_sssd.pc

%files -n libipa_hbac0
%defattr(-,root,root)
%_libdir/libipa_hbac.so.0*

%files -n libipa_hbac-devel
%defattr(-,root,root)
%_includedir/ipa_hbac.h
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc

%files -n libnfsidmap-sss
%defattr(-,root,root)
%_libdir/libnfsidmap/
%_mandir/man5/sss_rpcidmapd.5*

%files -n libsss_idmap0
%defattr(-,root,root)
%_libdir/libsss_idmap.so.0*

%files -n libsss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_idmap.h
%_libdir/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc

%files -n libsss_nss_idmap0
%defattr(-,root,root)
%_libdir/libsss_nss_idmap.so.0*

%files -n libsss_nss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_nss_idmap.h
%_libdir/libsss_nss_idmap.so
%_libdir/pkgconfig/sss_nss_idmap.pc

%files -n libsss_simpleifp0
%defattr(-,root,root)
%_libdir/libsss_simpleifp.so.0*

%files -n libsss_simpleifp-devel
%defattr(-,root,root)
%_includedir/sss_sifp*.h
%_libdir/libsss_simpleifp.so
%_libdir/pkgconfig/sss_simpleifp.pc

%files -n libsss_sudo
%defattr(-,root,root)
%_libdir/libsss_sudo.so

%files -n python-ipa_hbac
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pyhbac.so

%files -n python-sss_nss_idmap
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pysss_nss_idmap.so

%files -n python-sssd-config
%defattr(-,root,root)
%python_sitearch/pysss.so
%python_sitearch/pysss_murmur.so
%python_sitelib/SSSDConfig*

%changelog