# # spec file for package sssd # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: sssd Version: 1.12.0 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ Group: System/Daemons Url: https://fedorahosted.org/sssd/ #Git-Clone: git://git.fedorahosted.org/sssd Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz Source2: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc Source3: baselibs.conf Source4: sssd.service Source5: %name.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build Patch1: 0001-build-detect-endianness-at-configure-time.patch %define servicename sssd %define sssdstatedir %_localstatedir/lib/sss %define dbpath %sssdstatedir/db %define pipepath %sssdstatedir/pipes %define pubconfpath %sssdstatedir/pubconf %if %suse_version <= 1110 # SLES11 doesn't know the python_* macros %define python_sitelib %py_sitedir %define python_sitearch %py_sitedir %endif BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils BuildRequires: cifs-utils-devel BuildRequires: cyrus-sasl-devel BuildRequires: docbook-xsl-stylesheets BuildRequires: krb5-devel BuildRequires: libsmbclient-devel BuildRequires: libtool BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} >= 1210 BuildRequires: pkgconfig(augeas) >= 1.0.0 BuildRequires: pkgconfig(collection) >= 0.5.1 BuildRequires: pkgconfig(dbus-1) >= 1.0.0 BuildRequires: pkgconfig(dhash) >= 0.4.2 BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(ini_config) >= 1.1.0 BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 BuildRequires: pkgconfig(libpcre) >= 7 BuildRequires: pkgconfig(ndr_nbt) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) %else BuildRequires: augeas-devel BuildRequires: dbus-1-devel >= 1.0.0 BuildRequires: glib2-devel BuildRequires: libcares-devel BuildRequires: libcollection-devel >= 0.5.1 BuildRequires: libdhash-devel >= 0.4.2 BuildRequires: libini_config-devel >= 1.1.0 BuildRequires: libldb-devel >= 0.9.2 BuildRequires: libnl-devel >= 1.1 BuildRequires: libopenssl-devel BuildRequires: libtalloc-devel BuildRequires: libtdb-devel >= 1.1.3 BuildRequires: libtevent-devel BuildRequires: pcre-devel >= 7 BuildRequires: popt-devel BuildRequires: python-devel BuildRequires: samba-devel >= 4 %endif BuildRequires: samba-libs >= 4 %if 0%{?suse_version} >= 1220 BuildRequires: libxml2-tools BuildRequires: libxslt-tools %else BuildRequires: libxml2 BuildRequires: libxslt %endif BuildRequires: nscd BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: pkg-config %if %suse_version >= 1210 BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(libsystemd-login) %{?systemd_requires} %endif Requires: sssd-ldap = %version-%release Requires(postun): pam-config %description Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. %package ad Summary: The ActiveDirectory backend plugin for sssd License: GPL-3.0+ Group: System/Daemons Requires: %name-krb5-common = %version %description ad Provides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server. %package dbus Summary: The D-Bus responder of sssd License: GPL-3.0+ Group: System/Base Requires: %name = %version %description dbus Provides the D-Bus responder of sssd, called InfoPipe, which allows information from sssd to be transmitted over the system bus. %package ipa Summary: FreeIPA backend plugin for sssd License: GPL-3.0+ Group: System/Daemons Requires: %name = %version Requires: %name-krb5-common = %version-%release Obsoletes: %name-ipa-provider < %version-%release Provides: %name-ipa-provider = %version-%release %description ipa Provides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server. %package krb5 Summary: The Kerberos authentication backend plugin for sssd License: GPL-3.0+ Group: System/Daemons Requires: %name-krb5-common = %version-%release %description krb5 Provides the Kerberos back end that the SSSD can utilize authenticate against a Kerberos server. %package krb5-common Summary: SSSD helpers needed for Kerberos and GSSAPI authentication License: GPL-3.0+ Group: System/Daemons %description krb5-common Provides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication. %package ldap Summary: The LDAP backend plugin for sssd License: GPL-3.0+ Group: System/Daemons Requires: %name-krb5-common = %version-%release %description ldap Provides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server. %package proxy Summary: The proxy backend plugin for sssd License: GPL-3.0+ Group: System/Daemons %description proxy Provides the proxy back end which can be used to wrap an existing NSS and/or PAM modules to leverage SSSD caching. %package tools Summary: Commandline tools for sssd License: GPL-3.0+ and LGPL-3.0+ Group: System/Management Requires: sssd = %version %description tools The packages contains commandline tools for managing users and groups using the "local" id provider of the System Security Services Daemon (sssd). %package -n libipa_hbac0 Summary: FreeIPA HBAC Evaluator library License: LGPL-3.0+ Group: System/Libraries %description -n libipa_hbac0 Utility library to validate FreeIPA HBAC rules for authorization requests. %package -n libipa_hbac-devel Summary: Development files for the FreeIPA HBAC Evaluator library License: LGPL-3.0+ Group: Development/Libraries/C and C++ Requires: libipa_hbac0 = %version %description -n libipa_hbac-devel Utility library to validate FreeIPA HBAC rules for authorization requests. %package -n libsss_idmap0 Summary: FreeIPA ID mapping library License: LGPL-3.0+ Group: System/Libraries %description -n libsss_idmap0 A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. %package -n libsss_idmap-devel Summary: Development files for the FreeIPA idmap library License: LGPL-3.0+ Group: Development/Libraries/C and C++ Requires: libsss_idmap0 = %version %description -n libsss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. %package -n libsss_nss_idmap0 Summary: FreeIPA ID mapping library License: LGPL-3.0+ Group: System/Libraries %description -n libsss_nss_idmap0 A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. %package -n libsss_nss_idmap-devel Summary: Development files for the FreeIPA idmap library License: LGPL-3.0+ Group: Development/Libraries/C and C++ Requires: libsss_nss_idmap0 = %version %description -n libsss_nss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. %package -n libsss_simpleifp0 Summary: The SSSD D-Bus responder helper library License: GPL-3.0+ Group: System/Libraries %description -n libsss_simpleifp0 This subpackage provides a library that simplifies the D-Bus API for the SSSD InfoPipe responder. %package -n libsss_simpleifp-devel Summary: Development files for the SSSD D-Bus responder helper library License: GPL-3.0+ Group: Development/Libraries/C and C++ Requires: libsss_simpleifp0 = %version %description -n libsss_simpleifp-devel This subpackage provides the development files for sssd's simpleifp, a library that simplifies the D-Bus API for the SSSD InfoPipe responder. %package -n libsss_sudo Summary: A library to allow communication between sudo and SSSD License: LGPL-3.0+ Group: System/Libraries Provides: libsss_sudo-devel = %version-%release Obsoletes: libsss_sudo-devel < %version-%release # No provides: true obsolete. Obsoletes: libsss_sudo1 %description -n libsss_sudo A utility library to allow communication between sudo and SSSD. %package -n python-ipa_hbac Summary: Python bindings for the FreeIPA HBAC Evaluator library License: LGPL-3.0+ Group: Development/Libraries/Python %py_requires %description -n python-ipa_hbac The python-ipa_hbac package contains the bindings so that libipa_hbac can be used by Python applications. %package -n python-sss_nss_idmap Summary: Python bindings for libsss_nss_idmap License: LGPL-3.0+ Group: Development/Libraries/Python %py_requires %description -n python-sss_nss_idmap The libsss_nss_idmap-python contains the bindings so that libsss_nss_idmap can be used by Python applications. %package -n python-sssd-config Summary: Python API for configuring sssd License: GPL-3.0+ and LGPL-3.0+ Group: Development/Libraries/Python %py_requires %description -n python-sssd-config Provide python module to access and manage configuration of the System Security Services Daemon (sssd). %prep %setup -q %patch -P 1 -p1 %build %if 0%{?suse_version} < 1210 # pkgconfig file not present export LDB_LIBS="-lldb" export LDB_CFLAGS=" " export LDB_DIR="%_libdir/ldb" %else export LDB_DIR="$(pkg-config ldb --variable=modulesdir)" %endif # help configure find nscd export PATH="$PATH:/usr/sbin" autoreconf -fi; %configure \ --with-crypto=libcrypto \ --with-db-path="%dbpath" \ --with-pipe-path="%pipepath" \ --with-pubconf-path="%pubconfpath" \ --with-init-dir="%_initrddir" \ --enable-nsslibdir="/%_lib" \ --enable-pammoddir="/%_lib/security" \ --with-ldb-lib-dir="$LDB_DIR" \ --with-selinux=no \ --with-os=suse \ --with-semanage=no \ --disable-ldb-version-check \ --disable-pac-responder make %{?_smp_mflags} all %install b="%buildroot"; make install DESTDIR="$b" # Copy default sssd.conf file install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ "$b/%_mandir"/{uk/man5,uk/man8}; install -d "$b/%_sysconfdir/sssd"; install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"; %if 0%{?_unitdir:1} install -d "$b/%_unitdir"; # Missing service file in 1.11.5.1 #install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service"; install -m644 %{S:4} "$b/%_unitdir/sssd.service"; rm -Rf "$b/%_initddir" ln -s service "$b/%_sbindir/rcsssd" %else install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd"; ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd" %endif find "$b" -type f -name "*.la" -delete; %if %suse_version <= 1110 # remove some unsupported languages, sssd does not contain # translations for these anyway rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %endif rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" %find_lang %name --all-name %if 0%{?_unitdir:1} %pre %service_add_pre sssd.service %endif %post # migrate config variable krb5_kdcip to krb5_server (bnc#851048) /bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf /sbin/ldconfig %if 0%{?_unitdir:1} %service_add_post sssd.service %endif # Clear caches, which may have an incompatible format after (especially) downgrade rm -f /var/lib/sss/db/*.ldb %if 0%{?_unitdir:1} %preun %service_del_preun sssd.service %endif %postun if [ "$1" == "0" ]; then "%_sbindir/pam-config" -d --sss || :; fi; /sbin/ldconfig %if 0%{?_unitdir:1} %service_del_postun sssd.service %endif %post -n libipa_hbac0 -p /sbin/ldconfig %postun -n libipa_hbac0 -p /sbin/ldconfig %post -n libsss_idmap0 -p /sbin/ldconfig %postun -n libsss_idmap0 -p /sbin/ldconfig %post -n libsss_nss_idmap0 -p /sbin/ldconfig %postun -n libsss_nss_idmap0 -p /sbin/ldconfig %post -n libsss_simpleifp0 -p /sbin/ldconfig %postun -n libsss_simpleifp0 -p /sbin/ldconfig %files -f sssd.lang %defattr(-,root,root) %doc COPYING %if 0%{?_unitdir:1} %_unitdir %else %_initrddir/%name %endif %_bindir/sss_ssh_* %_sbindir/sssd %_sbindir/rcsssd %dir %_mandir/??/ %dir %_mandir/??/man?/ %_mandir/??/man1/sss_ssh_* %_mandir/??/man5/sssd-simple.5* %_mandir/??/man5/sssd-sudo.5* %_mandir/??/man5/sssd.conf.5* %_mandir/??/man8/sssd.8* %_mandir/man1/sss_ssh_* %_mandir/man5/sssd-simple.5* %_mandir/man5/sssd-sudo.5* %_mandir/man5/sssd.conf.5* %_mandir/man8/sssd.8* %dir %_libdir/%name/ %_libdir/%name/libsss_child* %_libdir/%name/libsss_crypt* %_libdir/%name/libsss_debug* %_libdir/%name/libsss_simple* %_libdir/%name/libsss_util* %_libdir/%name/modules/ %dir %_libdir/ldb/ %_libdir/ldb/memberof.so %dir %_libexecdir/%name/ %_libexecdir/%name/sssd_autofs %_libexecdir/%name/sssd_be %_libexecdir/%name/sssd_nss %_libexecdir/%name/sssd_pam %_libexecdir/%name/sssd_ssh %_libexecdir/%name/sssd_sudo %_libexecdir/%name/sss_signal %dir %sssdstatedir %attr(700,root,root) %dir %dbpath/ %attr(755,root,root) %dir %pipepath/ %attr(700,root,root) %dir %pipepath/private/ %attr(755,root,root) %dir %pubconfpath/ %attr(750,root,root) %dir %_localstatedir/log/%name/ %dir %_sysconfdir/sssd/ %config(noreplace) %_sysconfdir/sssd/sssd.conf %dir %_datadir/%name/ %_datadir/%name/sssd.api.conf %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-local.conf %_datadir/%name/sssd.api.d/sssd-simple.conf # # sssd-client # /%_lib/libnss_sss.so.2 /%_lib/security/pam_sss.so %_libdir/cifs-utils/ %_libdir/krb5/ %_mandir/??/man8/pam_sss.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/pam_sss.8* %_mandir/man8/sssd_krb5_locator_plugin.8* %files ad %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_ad.so %_libdir/%name/libsss_ad_common.so %dir %_libexecdir/%name/ %_libexecdir/%name/gpo_child %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ad.conf %dir %_mandir/??/man5/ %_mandir/man5/sssd-ad.5* %_mandir/??/man5/sssd-ad.5* %files dbus %defattr(-,root,root) %dir %_libexecdir/sssd/ %_libexecdir/sssd/sssd_ifp %dir %_libdir/sssd/ %_libdir/sssd/libsss_config.so %_mandir/man5/sssd-ifp.5* %_mandir/??/man5/sssd-ifp.5* #%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf #%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service %files ipa %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_ipa* %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d %_datadir/%name/sssd.api.d/sssd-ipa.conf %dir %_mandir/??/man5/ %_mandir/man5/sssd-ipa.5* %_mandir/??/man5/sssd-ipa.5* %files krb5 %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_krb5.so %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-krb5.conf %dir %_mandir/??/man5/ %_mandir/man5/sssd-krb5.5* %_mandir/??/man5/sssd-krb5.5* %files krb5-common %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_krb5_common.so %dir %_libexecdir/%name/ %_libexecdir/%name/krb5_child %_libexecdir/%name/ldap_child %files ldap %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_ldap* %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ldap.conf %dir %_mandir/??/man5/ %_mandir/??/man5/sssd-ldap.5* %_mandir/man5/sssd-ldap.5* %files proxy %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_proxy.so %dir %_libexecdir/%name/ %_libexecdir/%name/proxy_child %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-proxy.conf %files tools %defattr(-,root,root) %_sbindir/sss_cache %_sbindir/sss_debuglevel %_sbindir/sss_groupadd %_sbindir/sss_groupdel %_sbindir/sss_groupmod %_sbindir/sss_groupshow %_sbindir/sss_seed %_sbindir/sss_obfuscate %_sbindir/sss_useradd %_sbindir/sss_userdel %_sbindir/sss_usermod %dir %_mandir/??/man8/ %_mandir/??/man8/sss_*.8* %_mandir/man8/sss_*.8* %files -n libipa_hbac0 %defattr(-,root,root) %_libdir/libipa_hbac.so.0* %files -n libipa_hbac-devel %defattr(-,root,root) %_includedir/ipa_hbac.h %_libdir/libipa_hbac.so %_libdir/pkgconfig/ipa_hbac.pc %files -n libsss_idmap0 %defattr(-,root,root) %_libdir/libsss_idmap.so.0* %files -n libsss_idmap-devel %defattr(-,root,root) %_includedir/sss_idmap.h %_libdir/libsss_idmap.so %_libdir/pkgconfig/sss_idmap.pc %files -n libsss_nss_idmap0 %defattr(-,root,root) %_libdir/libsss_nss_idmap.so.0* %files -n libsss_nss_idmap-devel %defattr(-,root,root) %_includedir/sss_nss_idmap.h %_libdir/libsss_nss_idmap.so %_libdir/pkgconfig/sss_nss_idmap.pc %files -n libsss_simpleifp0 %defattr(-,root,root) %_libdir/libsss_simpleifp.so.0* %files -n libsss_simpleifp-devel %defattr(-,root,root) %_includedir/sss_sifp*.h %_libdir/libsss_simpleifp.so %_libdir/pkgconfig/sss_simpleifp.pc %files -n libsss_sudo %defattr(-,root,root) %_libdir/libsss_sudo.so %files -n python-ipa_hbac %defattr(-,root,root) %dir %python_sitearch %python_sitearch/pyhbac.so %files -n python-sss_nss_idmap %defattr(-,root,root) %dir %python_sitearch %python_sitearch/pysss_nss_idmap.so %files -n python-sssd-config %defattr(-,root,root) %python_sitearch/pysss.so %python_sitearch/pysss_murmur.so %python_sitelib/SSSDConfig* %changelog