From 6b229d097a14a0cb7dc0e6b5d9513ba5f9099295102d7e39e9cc965cc2233876 Mon Sep 17 00:00:00 2001 From: William Brown Date: Tue, 1 Nov 2022 05:36:06 +0000 Subject: [PATCH] Accepting request 1032603 from home:firstyear:branches:network:idm - Update to kanidm 1.1.0-alpha.10 * Management and tracking of authenticated sessions * Make upgrade migrations more robust when upgrading over multiple versions * Add support for service account tokens via ldap for extended read permissions * Unix password management in web ui for posix accounts * Support internal dynamic group entries * Allow selection of name/spn in oidc claims * Admin UI wireframes and basic elements * TLS enforced as a requirement for all servers * Support API service account tokens * Make name rules stricter due to issues found in production * Improve Oauth2 PKCE testing * Add support for new password import hashes * Allow configuration of trusting x forward for headers * Components for account permission elevation modes * Make pam\_unix more robust in high latency environments * Add proc macros for test cases * Improve authentication requests with cookie/token seperation * Cleanup of expired authentication sessions * Improved administration of password badlists OBS-URL: https://build.opensuse.org/request/show/1032603 OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=17 --- _service | 6 +++--- cargo_config | 5 +++++ kanidm-1.1.0~alpha10~git0.e43141c.tar.zst | 3 +++ kanidm-1.1.0~alpha9~git6.b20d5312.tar.xz | 3 --- kanidm.changes | 24 +++++++++++++++++++++++ kanidm.spec | 18 ++++++----------- vendor.tar.xz | 3 --- vendor.tar.zst | 3 +++ 8 files changed, 44 insertions(+), 21 deletions(-) create mode 100644 kanidm-1.1.0~alpha10~git0.e43141c.tar.zst delete mode 100644 kanidm-1.1.0~alpha9~git6.b20d5312.tar.xz delete mode 100644 vendor.tar.xz create mode 100644 vendor.tar.zst diff --git a/_service b/_service index dde45ae..6320fea 100644 --- a/_service +++ b/_service @@ -3,7 +3,7 @@ https://github.com/kanidm/kanidm.git @PARENT_TAG@~git@TAG_OFFSET@.%h git - 1.1.0-alpha.9 + 1.1.0-alpha.10 v* v(\d+\.\d+\.\d+)-alpha\.(\d+) \1~alpha\2 @@ -13,12 +13,12 @@ *.tar - xz + zst kanidm - xz + zst true diff --git a/cargo_config b/cargo_config index 6fb4ff4..3da8798 100644 --- a/cargo_config +++ b/cargo_config @@ -1,5 +1,10 @@ [source.crates-io] replace-with = "vendored-sources" +[source."https://github.com/QnnOkabayashi/tracing-forest.git"] +git = "https://github.com/QnnOkabayashi/tracing-forest.git" +rev = "48d78f7294ceee47a22eee5c80964143c4fb3fe1" +replace-with = "vendored-sources" + [source.vendored-sources] directory = "vendor" \ No newline at end of file diff --git a/kanidm-1.1.0~alpha10~git0.e43141c.tar.zst b/kanidm-1.1.0~alpha10~git0.e43141c.tar.zst new file mode 100644 index 0000000..e5d8913 --- /dev/null +++ b/kanidm-1.1.0~alpha10~git0.e43141c.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:47563dd98e6854beab67e147be2ba0ff0b7519f1d9a4fa1efe16561fcfa50dbe +size 4378358 diff --git a/kanidm-1.1.0~alpha9~git6.b20d5312.tar.xz b/kanidm-1.1.0~alpha9~git6.b20d5312.tar.xz deleted file mode 100644 index 525c9b1..0000000 --- a/kanidm-1.1.0~alpha9~git6.b20d5312.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:631b6c8cdb9f4ef8867ad542a5adda6577c5597ae788d8e63df15ec5c629e696 -size 3879140 diff --git a/kanidm.changes b/kanidm.changes index 537242f..3bcfac9 100644 --- a/kanidm.changes +++ b/kanidm.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Tue Nov 1 04:31:58 UTC 2022 - William Brown + +- Update to kanidm 1.1.0-alpha.10 + * Management and tracking of authenticated sessions + * Make upgrade migrations more robust when upgrading over multiple versions + * Add support for service account tokens via ldap for extended read permissions + * Unix password management in web ui for posix accounts + * Support internal dynamic group entries + * Allow selection of name/spn in oidc claims + * Admin UI wireframes and basic elements + * TLS enforced as a requirement for all servers + * Support API service account tokens + * Make name rules stricter due to issues found in production + * Improve Oauth2 PKCE testing + * Add support for new password import hashes + * Allow configuration of trusting x forward for headers + * Components for account permission elevation modes + * Make pam\_unix more robust in high latency environments + * Add proc macros for test cases + * Improve authentication requests with cookie/token seperation + * Cleanup of expired authentication sessions + * Improved administration of password badlists + ------------------------------------------------------------------- Fri Sep 09 02:33:47 UTC 2022 - william.brown@suse.com diff --git a/kanidm.spec b/kanidm.spec index 8952dc2..631e1ea 100644 --- a/kanidm.spec +++ b/kanidm.spec @@ -19,13 +19,13 @@ %global rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 Name: kanidm -Version: 1.1.0~alpha9~git6.b20d5312 +Version: 1.1.0~alpha10~git0.e43141c Release: 0 Summary: A identity management service and clients. License: ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+ URL: https://github.com/Firstyear/kanidm -Source: kanidm-%{version}.tar.xz -Source1: vendor.tar.xz +Source: kanidm-%{version}.tar.zst +Source1: vendor.tar.zst Source2: cargo_config ExcludeArch: %ix86 s390x ppc ppc64 ppc64le armhfp armv6l armv7l armv7hl @@ -33,7 +33,7 @@ ExcludeArch: %ix86 s390x ppc ppc64 ppc64le armhfp armv6l armv7l armv7hl BuildRequires: cargo BuildRequires: libudev-devel BuildRequires: pam-devel -BuildRequires: rust >= 1.59.0 +BuildRequires: rust >= 1.64.0 BuildRequires: sqlite-devel BuildRequires: zstd @@ -134,7 +134,6 @@ install -D -d -m 0755 %{buildroot}%{_datadir}/kanidm/ui/pkg install -D -d -m 0755 %{buildroot}%{_datadir}/kanidm/ui/pkg/external install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidmd %{buildroot}%{_sbindir}/kanidmd -install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_badlist_preprocess %{buildroot}%{_bindir}/kanidm_badlist_preprocess install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm %{buildroot}%{_bindir}/kanidm install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_cache_clear %{buildroot}%{_sbindir}/kanidm_cache_clear install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_cache_invalidate %{buildroot}%{_sbindir}/kanidm_cache_invalidate @@ -157,7 +156,6 @@ install -m 0640 %{_builddir}/%{name}-%{version}/examples/server.toml %{buildroot install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/_kanidmd %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidmd install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/_kanidm %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm -install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/_kanidm_badlist_preprocess %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm_badlist_preprocess install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/_kanidm_ssh_authorizedkeys_direct %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm_ssh_authorizedkeys_direct install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/_kanidm_cache_clear %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm_cache_clear install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/_kanidm_cache_invalidate %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm_cache_invalidate @@ -166,15 +164,14 @@ install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidmd.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidmd.sh install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidm.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm.sh -install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidm_badlist_preprocess.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_badlist_preprocess.sh install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidm_ssh_authorizedkeys_direct.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys_direct.sh install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidm_cache_clear.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_cache_clear.sh install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidm_cache_invalidate.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_cache_invalidate.sh install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidm_ssh_authorizedkeys.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys.sh install -m 0755 %{_builddir}/%{name}-%{version}/target/release/build/completions/kanidm_unixd_status.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_unixd_status.sh -rm %{_builddir}/%{name}-%{version}/kanidm_book/src/DEVELOPER_README.md -cp %{_builddir}/%{name}-%{version}/DEVELOPER_README.md %{_builddir}/%{name}-%{version}/kanidm_book/src/DEVELOPER_README.md +# rm %{_builddir}/%{name}-%{version}/kanidm_book/src/DEVELOPER_README.md +# cp %{_builddir}/%{name}-%{version}/DEVELOPER_README.md %{_builddir}/%{name}-%{version}/kanidm_book/src/DEVELOPER_README.md cp -r %{_builddir}/%{name}-%{version}/kanidm_book/src/ %{buildroot}%{_datadir}/kanidm/docs/ ## TODO: Add /usr/share/kanidm/ui/pkg @@ -262,7 +259,6 @@ install -m 0644 %{_builddir}/%{name}-%{version}/kanidmd_web_ui/pkg/external/conf %{_sysconfdir}/bash_completion.d/kanidm.sh %files server -%{_bindir}/kanidm_badlist_preprocess %{_sbindir}/kanidmd %{_unitdir}/kanidmd.service %dir %{_datadir}/kanidm @@ -276,9 +272,7 @@ install -m 0644 %{_builddir}/%{name}-%{version}/kanidmd_web_ui/pkg/external/conf %dir %{_sysconfdir}/zsh_completion.d %dir %{_sysconfdir}/bash_completion.d %{_sysconfdir}/zsh_completion.d/_kanidmd -%{_sysconfdir}/zsh_completion.d/_kanidm_badlist_preprocess %{_sysconfdir}/bash_completion.d/kanidmd.sh -%{_sysconfdir}/bash_completion.d/kanidm_badlist_preprocess.sh %files unixd-clients %{_libdir}/libnss_kanidm.so.2 diff --git a/vendor.tar.xz b/vendor.tar.xz deleted file mode 100644 index 18b7265..0000000 --- a/vendor.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:61dbbfdf9e4497dbf4329c026c975d55222c95c51990a366df3202ba37f1d071 -size 31469768 diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..4be096e --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f6e9e1ae398a63051848c6cef2fccdab108897fa2d373ed75f6e4c3fe041976f +size 56022571