scabrero/sssd
SHA256
1
0
Fork 1
forked from pool/sssd
Code Pull Requests Activity

Compare commits

base: scabrero:rpmlintrc
Branches Tags
scabrero:factory scabrero:master scabrero:rpmlintrc scabrero:bsc1236031 scabrero:remove-u-a scabrero:sssd-2-10-update scabrero:sssd-2-10-dirty scabrero:fix-slfo-build pool:slfo-1.2 pool:slfo-main pool:factory pool:devel
..
compare: scabrero:master
Branches Tags
scabrero:master scabrero:rpmlintrc scabrero:bsc1236031 scabrero:remove-u-a scabrero:sssd-2-10-update scabrero:sssd-2-10-dirty scabrero:fix-slfo-build scabrero:factory pool:slfo-1.2 pool:slfo-main pool:factory pool:devel

4 Commits
rpmlintrc ... master

Author SHA256 Message Date
Samuel Cabrero
07ba7dab75 Install file to load sssd generated krb5 config snippets 
Signed-off-by: Samuel Cabrero <scabrero@suse.com>
 2025-06-11 18:51:36 +02:00
Jan Engelhardt
1802fa3261 Stricter syntax adherence for changelog 2025-06-05 18:32:59 +02:00
Jan Engelhardt
11708aedcc sssd 2.11.0 2025-06-05 14:46:45 +02:00
Jan Engelhardt
ea880556c3 Run mkdir/rm with verbose mode for the build log 2025-03-11 22:35:43 +01:00
6 changed files with 76 additions and 55 deletions
Expand all files Collapse all files

BIN
sssd-2.10.2.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

16
sssd-2.10.2.tar.gz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmeaLD8ACgkQ09IbKRDP
Z1nLAxAAm9zM2u1XR3FBK6iy2xC+PoDWdu8Kh+oU0B6NgFK5LEJk9TWBdHlLpYcS
HugTfQb5wPfUejZTk9u8TIoVIa7pTYl3kGH8RuLnEUr5lBKdYaDf5BUb8uM7YaBP
NZQDqCFshNMMF8Z44HfRQltmqblJWj7TdFXJ8dCkRupbXjrbqiBrH5XjooLUK0dX
/7m63at6BZFjuuFt/QvA2QbwK3fa2wUxuX0vMrD6f2zZuWptcE3zhXaa/BtPm5ZD
8S5oC+RkKMGfLWNfIc1noXOZQIT+sGNyeUhq/QRFybcHZ+tXqJrNmfz/OWf5HZ/U
vsJDIWv4db83asTtU3j5+ec4+fRwv7BK8X2V2UnpPOrAhN0r+zWp98BwUfSCqHlR
E8dBlbAU3pRL1qDZG71tpIgHeDNtB42MM0UmmBY4w18nNBbp8Be6vtEbD6ktoa0P
2uZRO9v/RgeKQTs0hfuzsbHcpd1hQmhtfwGAlxTWuGkoSjZyk2xUiV3JZ/3/kWH5
dCU26txrtgWFqLbUhanatFrdmdKwn5hp5eP/Px330zJVTjuILlqTZ1CLAW2B5Gal
JJT17j8ecqVedyHCkVnN9wD26ivwl8POBnrD3FfB6zKszcZewNRuKW24RyVamo6e
k4JVMTDzjOwr31Tt6eLhU0BsPA8G8wCntl3wj36T7VWh47ncsX8=
=vuNl
-----END PGP SIGNATURE-----

BIN
sssd-2.11.0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
sssd-2.11.0.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmhBWQkACgkQ09IbKRDP
Z1nnrg//ZyIWtg+Qp5bVW6MQS99kuATk0hvAQnm4tTjO8HzphWFl0Hta7h9QOsM3
QhVs4liW13eb9yZDnHfFh44o0F+QEYzHouMikZaA6riIxzYO0Im5Rglq/jkcZGn9
IrR4w0of45wmL9huZAsXnYosw9RtDuF5FEDB6yypcPqSyXxr+jyW3U52hEXpjaQ/
M3XXmoeQVMeb1RmQkcMWt+7/gjOoWSjONtOOFoUlGxn3GgeIroPIzUViYqJDJZi2
zIkBhoGw1EdKPVFV/8YTNH4u5RA3PmN92tmey9uWA5mfxH//njPUNv5sKO8RKkaU
BD2ftTK3Vv8QzLpKEuANnJ5/P/bh5LWGjn3J6kJBn5w2Zedy0AecZfo1PKONfukv
+QIyNKBlc9x0kts/TwMLo60p2olJqh/AKlXwgexfxAzQqcuBlcZdpMqyV279cmXl
X78NYzdR9F5n4czKiDU8JWudndIzagVi/0NmuQJWfFCz0o3sCtI9QUj+GUH8Ynxd
DCyxXZptN2LtobxJnaSXB3HwwJ6qKlQTrfHWwqcmzf/p2KyJIaGg93nYhwIlLrev
HVkuTB9dTpZa0LkljWOd/i7eoGQ0zxYM3pTm2FKDy/Ff5ChPriHdjIAhYqgPxt+j
r3wMiMOIRckv1a538CAKdbC8k8Q0nmHfYTdrt3dp+fSSr4iwZLA=
=gdC9
-----END PGP SIGNATURE-----

24
sssd.changes
View File

@@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Jun 11 14:53:26 UTC 2025 - Samuel Cabrero <scabrero@suse.de>
- Install file in krb5.conf.d to include sssd krb5 config snippets;
(bsc#1244325);
-------------------------------------------------------------------
Thu Jun 5 12:14:03 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.11
* The deprecated tool `sss_ssh_knownhostsproxy` was finally
removed.
* Support for `id_provider = files` was removed.
* SSSD doesn't create any more missing path components of
DIR:/FILE: ccache types while acquiring user's TGT.
* New generic id and auth provider for Identity Providers (IdPs)
for Keycloak/EntraID. [Not enabled in openSUSE for now.]
-------------------------------------------------------------------
Tue Mar 11 21:35:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Run mkdir/rm with verbose mode for the build log
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 30 14:24:04 UTC 2025 - Jan Engelhardt <jengelh@inai.de> Thu Jan 30 14:24:04 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
@@ -1892,7 +1915,6 @@ Wed Apr 4 16:13:33 PDT 2012 - ben.kevan@gmail.com
connect to an auth server connect to an auth server
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de
- Update to new upstream release 1.8.0 - Update to new upstream release 1.8.0

69
sssd.spec
View File

@@ -17,7 +17,7 @@
Name: sssd Name: sssd
Version: 2.10.2 Version: 2.11.0
Release: 0 Release: 0
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0-or-later AND LGPL-3.0-or-later License: GPL-3.0-or-later AND LGPL-3.0-or-later
@@ -451,26 +451,26 @@ b="%buildroot"
# Copy some defaults # Copy some defaults
%if "%{?_distconfdir}" != "" %if "%{?_distconfdir}" != ""
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf" install -Dpvm 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
install -d -m 0755 "$b/%_distconfdir/sssd/conf.d" install -dvm 0755 "$b/%_distconfdir/sssd/conf.d"
%else %else
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" install -Dpm 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d" install -dvm 0755 "$b/%_sysconfdir/sssd/conf.d"
%endif %endif
install -d "$b/%_unitdir" install -dv "$b/%_unitdir"
%if 0%{?suse_version} > 1500 %if 0%{?suse_version} > 1500
install -d "$b/%_distconfdir/logrotate.d" install -dv "$b/%_distconfdir/logrotate.d"
install -m644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd" install -vm644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd"
install -d "$b/%_pam_vendordir" install -dv "$b/%_pam_vendordir"
mv "$b/%_pam_confdir/sssd-shadowutils" "$b/%_pam_vendordir" mv "$b/%_pam_confdir/sssd-shadowutils" "$b/%_pam_vendordir"
%else %else
install -d "$b/%_sysconfdir/logrotate.d" install -dv "$b/%_sysconfdir/logrotate.d"
install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd" install -vm644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
%endif %endif
rm -Rfv "$b/%_initddir" rm -Rfv "$b/%_initddir"
%if 0%{?suse_version} < 1600 %if 0%{?suse_version} < 1600
ln -s service "$b/%_sbindir/rcsssd" ln -sv service "$b/%_sbindir/rcsssd"
%endif %endif
mkdir -pv "$b/%sssdstatedir/mc" mkdir -pv "$b/%sssdstatedir/mc"
@@ -478,8 +478,8 @@ find "$b" -type f -name "*.la" -print -delete
%find_lang %name --all-name %find_lang %name --all-name
# dummy target for cifs-idmap-plugin # dummy target for cifs-idmap-plugin
mkdir -p %{buildroot}%{_sysconfdir}/cifs-utils mkdir -pv %buildroot/%_sysconfdir/cifs-utils
ln -s -f %{cifs_idmap_lib} %{buildroot}%{cifs_idmap_plugin} ln -sfv %cifs_idmap_lib %buildroot/%cifs_idmap_plugin
%python3_fix_shebang %python3_fix_shebang
%if 0%{?suse_version} > 1600 %if 0%{?suse_version} > 1600
@@ -490,16 +490,16 @@ sed -i '1s@#!.*python.*@#!%_bindir/python3.11@' "$b/%_libexecdir/%name/sss_analy
%endif %endif
echo 'u sssd - "System Security Services Daemon" /run/sssd /sbin/nologin' >system-user-sssd.conf echo 'u sssd - "System Security Services Daemon" /run/sssd /sbin/nologin' >system-user-sssd.conf
mkdir -p "$b/%_sysusersdir" mkdir -pv "$b/%_sysusersdir"
cp -a system-user-sssd.conf "$b/%_sysusersdir/" cp -av system-user-sssd.conf "$b/%_sysusersdir/"
%sysusers_generate_pre system-user-sssd.conf random system-user-sssd.conf %sysusers_generate_pre system-user-sssd.conf random system-user-sssd.conf
install -Dpm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf" install -Dpvm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf"
# #
# Security considerations for capabilities, chown and stuff: # Security considerations for capabilities, chown and stuff:
# https://www.openwall.com/lists/oss-security/2024/12/19/1 # https://www.openwall.com/lists/oss-security/2024/12/19/1
# #
# should match entry from %%files list # should match entry from %%files list
mkdir -p "$b/%permissions_path" mkdir -pv "$b/%permissions_path"
cat >"$b/%permissions_path/sssd" <<-EOF cat >"$b/%permissions_path/sssd" <<-EOF
%_libexecdir/sssd/sssd_pam root:sssd 0750 %_libexecdir/sssd/sssd_pam root:sssd 0750
+capabilities cap_dac_read_search=p +capabilities cap_dac_read_search=p
@@ -511,6 +511,10 @@ cat >"$b/%permissions_path/sssd" <<-EOF
+capabilities cap_dac_read_search=p +capabilities cap_dac_read_search=p
EOF EOF
mkdir -pv "$b/%_sysconfdir/krb5.conf.d"
ln -sv %_datadir/%name/krb5-snippets/enable_sssd_conf_dir \
"$b/%_sysconfdir/krb5.conf.d/enable_sssd_conf_dir"
%check %check
# sss_config-tests fails # sss_config-tests fails
%make_build check || : %make_build check || :
@@ -669,12 +673,8 @@ fi
%_mandir/??/man1/sss_ssh_* %_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sss-certmap.5* %_mandir/??/man5/sss-certmap.5*
%_mandir/??/man5/sssd-ad.5* %_mandir/??/man5/sssd-ad.5*
%if 0%{?suse_version} < 1600
%_mandir/??/man5/sssd-files.5*
%endif
%_mandir/??/man5/sssd-ldap-attributes.5* %_mandir/??/man5/sssd-ldap-attributes.5*
%_mandir/??/man5/sssd-session-recording.5* %_mandir/??/man5/sssd-session-recording.5*
%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5* %_mandir/??/man5/sssd-sudo.5*
%_mandir/??/man5/sssd-systemtap.5* %_mandir/??/man5/sssd-systemtap.5*
%_mandir/??/man5/sssd.conf.5* %_mandir/??/man5/sssd.conf.5*
@@ -682,9 +682,6 @@ fi
%_mandir/??/man8/sssd.8* %_mandir/??/man8/sssd.8*
%_mandir/man1/sss_ssh_* %_mandir/man1/sss_ssh_*
%_mandir/man5/sss-certmap.5* %_mandir/man5/sss-certmap.5*
%if 0%{?suse_version} < 1600
%_mandir/man5/sssd-files.5*
%endif
%_mandir/man5/sssd-ldap-attributes.5* %_mandir/man5/sssd-ldap-attributes.5*
%_mandir/man5/sssd-session-recording.5* %_mandir/man5/sssd-session-recording.5*
%_mandir/man5/sssd-simple.5* %_mandir/man5/sssd-simple.5*
@@ -727,7 +724,6 @@ fi
%attr(755,%sssd_user,%sssd_user) %dir %pipepath/ %attr(755,%sssd_user,%sssd_user) %dir %pipepath/
%attr(700,%sssd_user,%sssd_user) %dir %pipepath/private/ %attr(700,%sssd_user,%sssd_user) %dir %pipepath/private/
%attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/ %attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/
%attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/krb5.include.d
%attr(755,%sssd_user,%sssd_user) %dir %gpocachepath/ %attr(755,%sssd_user,%sssd_user) %dir %gpocachepath/
%attr(755,%sssd_user,%sssd_user) %dir %mcpath/ %attr(755,%sssd_user,%sssd_user) %dir %mcpath/
%attr(700,%sssd_user,%sssd_user) %dir %keytabdir/ %attr(700,%sssd_user,%sssd_user) %dir %keytabdir/
@@ -754,22 +750,16 @@ fi
%_datadir/%name/sssd.api.conf %_datadir/%name/sssd.api.conf
%dir %_datadir/%name/sssd.api.d/ %dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-simple.conf %_datadir/%name/sssd.api.d/sssd-simple.conf
%if 0%{?suse_version} < 1600
%_datadir/%name/sssd.api.d/sssd-files.conf
%else
%exclude %_mandir/*/*/sssd-files.5.gz
%endif
%attr(775,%sssd_user,%sssd_user) %ghost %dir %_rundir/sssd %attr(775,%sssd_user,%sssd_user) %ghost %dir %_rundir/sssd
%doc src/examples/sssd.conf %doc src/examples/sssd.conf
# #
# sssd-client # %%files sssd-client
# #
%_libdir/libnss_sss.so.2 %_libdir/libnss_sss.so.2
%_pam_moduledir/pam_sss.so %_pam_moduledir/pam_sss.so
%_pam_moduledir/pam_sss_gss.so %_pam_moduledir/pam_sss_gss.so
%_libdir/krb5/ %_libdir/krb5/
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so %_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so
%if 0%{?suse_version} >= 1600 %if 0%{?suse_version} >= 1600
%_libdir/libsubid_sss.so %_libdir/libsubid_sss.so
%endif %endif
@@ -781,7 +771,12 @@ fi
%_mandir/man8/sssd_krb5_localauth_plugin.8* %_mandir/man8/sssd_krb5_localauth_plugin.8*
%_mandir/??/man8/sssd_krb5_localauth_plugin.8* %_mandir/??/man8/sssd_krb5_localauth_plugin.8*
%_mandir/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/sssd_krb5_locator_plugin.8*
#
# %%files sssd-idp
#
%exclude %_libdir/sssd/libsss_idp.so
%exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so
%exclude %_mandir/man5/sssd-idp*
%files ad %files ad
%dir %_libdir/%name/ %dir %_libdir/%name/
@@ -832,7 +827,6 @@ fi
%dir %_libdir/%name/ %dir %_libdir/%name/
%_libdir/%name/libsss_krb5.so %_libdir/%name/libsss_krb5.so
%dir %_datadir/%name/ %dir %_datadir/%name/
%exclude %_datadir/%name/krb5-snippets/
%dir %_datadir/%name/sssd.api.d/ %dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf %_datadir/%name/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/ %dir %_mandir/??/
@@ -841,11 +835,16 @@ fi
%_mandir/??/man5/sssd-krb5.5* %_mandir/??/man5/sssd-krb5.5*
%files krb5-common %files krb5-common
%attr(755,root,root) %dir %pubconfpath/krb5.include.d
%config(noreplace,missingok) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
%dir %_libdir/%name/ %dir %_libdir/%name/
%_libdir/%name/libsss_krb5_common.so %_libdir/%name/libsss_krb5_common.so
%dir %_libexecdir/%name/ %dir %_libexecdir/%name/
%attr(750,root,%sssd_user) %caps(cap_dac_read_search,cap_setgid,cap_setuid=p) %_libexecdir/%name/krb5_child %attr(750,root,%sssd_user) %caps(cap_dac_read_search,cap_setgid,cap_setuid=p) %_libexecdir/%name/krb5_child
%attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/ldap_child %attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/ldap_child
%dir %{_datadir}/sssd/krb5-snippets
%_datadir/%name/krb5-snippets/enable_sssd_conf_dir
%_datadir/%name/krb5-snippets/sssd_enable_idp
%files ldap %files ldap
%dir %_libdir/%name/ %dir %_libdir/%name/