From c0a99edaa5c25abdf6e5ed0f68def378bdf4c4ff284a1925e66e3bff65a9926d Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 7 Jul 2021 16:30:34 +0000 Subject: [PATCH] Accepting request 904461 from network:idm OBS-URL: https://build.opensuse.org/request/show/904461 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kanidm?expand=0&rev=5 --- _constraints | 9 ++ _service | 6 +- cargo_config | 17 +-- kanidm-1.1.0~alpha4~git0.0ac5da8.tar.xz | 3 - kanidm-1.1.0~alpha5~git0.4be329e.tar.xz | 3 + kanidm-unixd-tasks.service | 32 ----- kanidm-unixd.service | 36 ------ kanidm.changes | 153 ++++++++++++++++++++++++ kanidm.spec | 23 ++-- kanidmd.service | 17 --- server.toml | 7 -- vendor.tar.xz | 4 +- 12 files changed, 179 insertions(+), 131 deletions(-) create mode 100644 _constraints delete mode 100644 kanidm-1.1.0~alpha4~git0.0ac5da8.tar.xz create mode 100644 kanidm-1.1.0~alpha5~git0.4be329e.tar.xz delete mode 100644 kanidm-unixd-tasks.service delete mode 100644 kanidm-unixd.service delete mode 100644 kanidmd.service delete mode 100644 server.toml diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..69a75e2 --- /dev/null +++ b/_constraints @@ -0,0 +1,9 @@ + + + + 2 + + 4 + + + diff --git a/_service b/_service index a8d6bad..70331c3 100644 --- a/_service +++ b/_service @@ -3,7 +3,7 @@ https://github.com/kanidm/kanidm.git @PARENT_TAG@~git@TAG_OFFSET@.%h git - v1.1.0-alpha.4 + v1.1.0-alpha.5 v* v(\d+\.\d+\.\d+)-alpha\.(\d+) \1~alpha\2 @@ -16,14 +16,10 @@ xz - - - kanidm diff --git a/cargo_config b/cargo_config index 477597e..6fb4ff4 100644 --- a/cargo_config +++ b/cargo_config @@ -1,20 +1,5 @@ [source.crates-io] replace-with = "vendored-sources" -[source."https://github.com/Firstyear/tokio.git"] -git = "https://github.com/Firstyear/tokio.git" -rev = "aa6fb48d9a1f3652ee79e3b018a2b9d0c9f89c1e" -replace-with = "vendored-sources" - -[source."https://github.com/csnewman/libnss-rs.git"] -git = "https://github.com/csnewman/libnss-rs.git" -rev = "eab2d93d2438652773699b0807d558ce75b1e748" -replace-with = "vendored-sources" - -[source."https://github.com/mozilla-services/fernet-rs.git"] -git = "https://github.com/mozilla-services/fernet-rs.git" -branch = "master" -replace-with = "vendored-sources" - [source.vendored-sources] -directory = "vendor" +directory = "vendor" \ No newline at end of file diff --git a/kanidm-1.1.0~alpha4~git0.0ac5da8.tar.xz b/kanidm-1.1.0~alpha4~git0.0ac5da8.tar.xz deleted file mode 100644 index b04292b..0000000 --- a/kanidm-1.1.0~alpha4~git0.0ac5da8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5e377840482fa88ad5c19431751271a17780e8b8bb2fcefee7fc70f2160b9d52 -size 2413320 diff --git a/kanidm-1.1.0~alpha5~git0.4be329e.tar.xz b/kanidm-1.1.0~alpha5~git0.4be329e.tar.xz new file mode 100644 index 0000000..c8c92dd --- /dev/null +++ b/kanidm-1.1.0~alpha5~git0.4be329e.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:49804f58618be2d11a6827e8926c6cf7427a07556df440fadf0c9e93bf1a9114 +size 2477976 diff --git a/kanidm-unixd-tasks.service b/kanidm-unixd-tasks.service deleted file mode 100644 index d5bb3ed..0000000 --- a/kanidm-unixd-tasks.service +++ /dev/null @@ -1,32 +0,0 @@ -# You should not need to edit this file. Instead, use a drop-in file: -# systemctl edit kanidm-unixd-tasks.service - -[Unit] -Description=Kanidm Local Tasks -After=chronyd.service ntpd.service network-online.target kanidm-unixd.service - -[Service] -User=root -Type=simple -ExecStart=/usr/sbin/kanidm_unixd_tasks - -CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH -# SystemCallFilter=@aio @basic-io @chown @file-system @io-event @network-io @sync -ProtectSystem=strict -ReadWritePaths=/home /var/run/kanidm-unixd -RestrictAddressFamilies=AF_UNIX -NoNewPrivileges=true -PrivateTmp=true -PrivateDevices=true -PrivateNetwork=true -ProtectHostname=true -ProtectClock=true -ProtectKernelTunables=true -ProtectKernelModules=true -ProtectKernelLogs=true -ProtectControlGroups=true -MemoryDenyWriteExecute=true - -[Install] -WantedBy=multi-user.target - diff --git a/kanidm-unixd.service b/kanidm-unixd.service deleted file mode 100644 index 9d2eca6..0000000 --- a/kanidm-unixd.service +++ /dev/null @@ -1,36 +0,0 @@ -# You should not need to edit this file. Instead, use a drop-in file: -# systemctl edit kanidm-unixd.service - -[Unit] -Description=Kanidm Local Client Resolver -After=chronyd.service ntpd.service network-online.target - -[Service] -DynamicUser=yes -UMask=0027 -CacheDirectory=kanidm-unixd -RuntimeDirectory=kanidm-unixd - -Type=simple -ExecStart=/usr/sbin/kanidm_unixd - -# Implied by dynamic user. -# ProtectHome= -# ProtectSystem=strict -# ReadWritePaths=/var/run/kanidm-unixd /var/cache/kanidm-unixd - -# SystemCallFilter=@aio @basic-io @chown @file-system @io-event @network-io @sync -NoNewPrivileges=true -PrivateTmp=true -PrivateDevices=true -ProtectHostname=true -ProtectClock=true -ProtectKernelTunables=true -ProtectKernelModules=true -ProtectKernelLogs=true -ProtectControlGroups=true -MemoryDenyWriteExecute=true - -[Install] -WantedBy=multi-user.target - diff --git a/kanidm.changes b/kanidm.changes index 7379225..ab01caf 100644 --- a/kanidm.changes +++ b/kanidm.changes @@ -1,3 +1,156 @@ +------------------------------------------------------------------- +Wed Jul 07 02:36:51 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha5~git0.4be329e: + * (cargo-release) version 1.1.0-alpha.5 + * Release prep + * Fix totp registration workflow with broken authenticators (#516) + * Add statistical analysis to indexes (#505) + * 511 upgrade failure - add debuging tools and improve debugging of the issue. (#512) + * fixes #503 - TOTP prompt no longer drops a newline (#515) + * Fixing kanidm windows client build (#507) + * Add the ability to configure and provide Oauth2 authentication for Kanidm. (#485) + * Change default totp to sha256 (#504) + * Fixes #494 - password change user-facing responses (#499) + * Fix readonly check (#496) + * Update webauthn-authenticator-rs to fix test failures (#493) + * Update repo locations and versions in prep for release (#492) + * Add workaround for podman subid issue (#491) + * 163 account recovery code (#469) + * check user shell (#392) (#490) + * Removed `OperationResponse` (#489) + * Set default shell to `bin/sh` (#488) + * 20210607 orca ldap (#470) + * `kanidm_client` bool/return values (#479) + * Arc cachesize warning fixes (#483) + * Closure Refactoring (#482) + * Renamed fields in `dbvalue` (#477) + * 471 add service files (#474) + * fixes #478 - adds note about web ui already being packaged (#480) + * unixd will now bail if startup tests fail (#476) + * Add email syntax (#465) + * Add some openid stubs (#464) + * Add auth docs (#463) + * 64 120 session claims (#462) + * Add ldap vattr mapping (#459) + * Fix for unixd issue (#460) + * 414 clear stale credentials (#447) + * Fix multivalue setting of description attribute (#457) + * 445 update pam nsswitch md (#451) + * simpler ip logging (#454) + * I might have become clippy this time (#449) + * Calming clippy's nerves, Friday edition (#448) + * 444 - client's config URI missing and more file open handling (#446) + * Fix proxy usage in tests (#443) + * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) + * oauth design (#441) + * Adding an example config file (#440) + * adding env vars, making clippy happier, cleaning up some error messages (#438) + * 20210509 cleanup clippy and audit name (#437) + * 277 radius pw not accept for main pw (#435) + * Orca - a load testing framework for Kanidm (#431) + * Add verification of name indexes (#433) + * Add ability to pick a server role (#432) + * Adding a new verb group remove_members (#434) + * 397 Caching password badlist (#425) + * User feedback improvements, also handling a permissions issue (#424) + * Fix concat issue + * Update contributors + * Making clippy happy (#420) + * Fix 421 - clearer debug messages when doing things (#422) + * 62 idm qs cleanup (#419) + * Rough working login page (#417) + * Make clippy happy (#415) + * More debug messages (#413) + * merging upstream (#411) + * Improve error message when socket not found (#412) + * Idlset2, query cache, acp resolve cache (#409) + * Add lto thin (#410) + * fixing broken action (#405) + * Basic documentation for monitoring (#404) + * Create design for mfa_backup_code.rst (#402) + * phrasing (#401) + * Docs update (#400) +- Remove un-needed source files: + * kanidm-unixd-tasks.service + * kanidm-unixd.service + * kanidmd.service + * server.toml + +------------------------------------------------------------------- +Thu Jun 24 02:54:31 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git54.675146e: + * check user shell (#392) (#490) + * Removed `OperationResponse` (#489) + * Set default shell to `bin/sh` (#488) + * 20210607 orca ldap (#470) + * `kanidm_client` bool/return values (#479) + * Arc cachesize warning fixes (#483) + * Closure Refactoring (#482) + +------------------------------------------------------------------- +Wed Jun 16 02:38:11 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git47.5e83b68: + * Renamed fields in `dbvalue` (#477) + * 471 add service files (#474) + * fixes #478 - adds note about web ui already being packaged (#480) + * unixd will now bail if startup tests fail (#476) + * Add email syntax (#465) + * Add some openid stubs (#464) + * Add auth docs (#463) + * 64 120 session claims (#462) + * Add ldap vattr mapping (#459) + +------------------------------------------------------------------- +Thu May 27 11:18:43 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git38.d978c9d: + * Fix for unixd issue (#460) + +------------------------------------------------------------------- +Wed May 26 06:12:04 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git37.e8b1089: + * 414 clear stale credentials (#447) + * Fix multivalue setting of description attribute (#457) + * 445 update pam nsswitch md (#451) + * simpler ip logging (#454) + * I might have become clippy this time (#449) + * Calming clippy's nerves, Friday edition (#448) + * 444 - client's config URI missing and more file open handling (#446) + * Fix proxy usage in tests (#443) + * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) + * oauth design (#441) + * Adding an example config file (#440) + * adding env vars, making clippy happier, cleaning up some error messages (#438) + * 20210509 cleanup clippy and audit name (#437) + * 277 radius pw not accept for main pw (#435) + * Orca - a load testing framework for Kanidm (#431) + * Add verification of name indexes (#433) + * Add ability to pick a server role (#432) + * Adding a new verb group remove_members (#434) + * 397 Caching password badlist (#425) + * User feedback improvements, also handling a permissions issue (#424) + * Fix concat issue + * Update contributors + * Making clippy happy (#420) + * Fix 421 - clearer debug messages when doing things (#422) + * 62 idm qs cleanup (#419) + * Rough working login page (#417) + * Make clippy happy (#415) + * More debug messages (#413) + * merging upstream (#411) + * Improve error message when socket not found (#412) + * Idlset2, query cache, acp resolve cache (#409) + * Add lto thin (#410) + * fixing broken action (#405) + * Basic documentation for monitoring (#404) + * Create design for mfa_backup_code.rst (#402) + * phrasing (#401) + * Docs update (#400) + ------------------------------------------------------------------- Thu Apr 01 01:11:04 UTC 2021 - wbrown@suse.de diff --git a/kanidm.spec b/kanidm.spec index b644bb3..3bbe31a 100644 --- a/kanidm.spec +++ b/kanidm.spec @@ -19,7 +19,7 @@ %global rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 Name: kanidm -Version: 1.1.0~alpha4~git0.0ac5da8 +Version: 1.1.0~alpha5~git0.4be329e Release: 0 Summary: A identity management service and clients. License: ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+ @@ -27,23 +27,21 @@ URL: https://github.com/Firstyear/kanidm Source: kanidm-%{version}.tar.xz Source1: vendor.tar.xz Source2: cargo_config -Source10: kanidmd.service -Source11: kanidm-unixd.service -Source12: server.toml -Source13: kanidm-unixd-tasks.service -ExcludeArch: %ix86 s390x ppc64 ppc64le armhfp armv7hl +ExcludeArch: %ix86 s390x ppc ppc64 ppc64le armhfp armv6l armv7l armv7hl BuildRequires: cargo BuildRequires: libudev-devel BuildRequires: pam-devel -BuildRequires: rust >= 1.45.0 +BuildRequires: rust >= 1.52.1 BuildRequires: sqlite-devel -BuildRequires: pkgconfig(openssl) %if 0%{?rhel} > 7 || 0%{?fedora} +BuildRequires: openssl-devel BuildRequires: systemd %{?systemd_requires} +%else +BuildRequires: pkgconfig(openssl) %endif Requires: %{name}-clients @@ -144,11 +142,10 @@ install -m 0755 %{_builddir}/%{name}-%{version}/target/release/kanidm_unixd_stat install -m 0644 %{_builddir}/%{name}-%{version}/target/release/libnss_kanidm.so %{buildroot}%{_libdir}/libnss_kanidm.so.2 install -m 0644 %{_builddir}/%{name}-%{version}/target/release/libpam_kanidm.so %{buildroot}/%_lib/security/pam_kanidm.so -install -m 0644 %{SOURCE10} %{buildroot}%{_unitdir}/kanidmd.service - -install -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/kanidm-unixd.service -install -m 0640 %{SOURCE12} %{buildroot}%{configdir}/server.toml -install -m 0644 %{SOURCE13} %{buildroot}%{_unitdir}/kanidm-unixd-tasks.service +install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/kanidmd.service %{buildroot}%{_unitdir}/kanidmd.service +install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/kanidm-unixd.service %{buildroot}%{_unitdir}/kanidm-unixd.service +install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/kanidm-unixd-tasks.service %{buildroot}%{_unitdir}/kanidm-unixd-tasks.service +install -m 0640 %{_builddir}/%{name}-%{version}/examples/server.toml %{buildroot}%{configdir}/server.toml install -m 0755 %{_builddir}/%{name}-%{version}/target/release/_completions/_kanidmd %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidmd install -m 0755 %{_builddir}/%{name}-%{version}/target/release/_completions/_kanidm %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm diff --git a/kanidmd.service b/kanidmd.service deleted file mode 100644 index f747799..0000000 --- a/kanidmd.service +++ /dev/null @@ -1,17 +0,0 @@ -# You should not need to edit this file. Instead, use a drop-in file as described in: -# /usr/lib/systemd/system/kanidmd.service.d/custom.conf - -[Unit] -Description=Kanidm Identity Server -After=chronyd.service ntpd.service network-online.target -Before=radiusd.service - -[Service] -Type=simple -DynamicUser=yes -UMask=0027 -StateDirectory=kanidmd -ExecStart=/usr/sbin/kanidmd server -c /etc/kanidm/server.toml - -[Install] -WantedBy=multi-user.target diff --git a/server.toml b/server.toml deleted file mode 100644 index 7b99f5e..0000000 --- a/server.toml +++ /dev/null @@ -1,7 +0,0 @@ -bindaddress = "127.0.0.1:8443" -# ldapbindaddress = "127.0.0.1:3636" -db_path = "/var/lib/kanidmd/kanidm.db" -# tls_ca = "/var/lib/kanidmd/ca.pem" -# tls_cert = "/var/lib/kanidmd/cert.pem" -# tls_key = "/var/lib/kanidmd/key.pem" -# log_level = " diff --git a/vendor.tar.xz b/vendor.tar.xz index 2c6b6c5..9ccd252 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5f5311e5cedae06503bc7b86ce7eb43bee66ab935d788735ee38eb1bcc156755 -size 28555024 +oid sha256:c48a647976ee4fcbbf854265c76b77a4828c13393786dd0481f4fd93fbc8272b +size 31898032