diff --git a/authselect-lib-filelist b/authselect-lib-filelist new file mode 100644 index 0000000000000000000000000000000000000000..e95639945309f31a29355b14e99a00ef4229d9a9 --- /dev/null +++ b/authselect-lib-filelist @@ -0,0 +1,66 @@ +%dir %{_sysconfdir}/authselect +%dir %{_sysconfdir}/authselect/custom +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/authselect.conf +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-db +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-locks +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/fingerprint-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/nsswitch.conf +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/password-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/postlogin +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/smartcard-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/system-auth +%dir %{_localstatedir}/lib/authselect +%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/ +%dir %{_datadir}/authselect +%dir %{_datadir}/authselect/vendor +%dir %{_datadir}/authselect/default +%dir %{_datadir}/authselect/default/minimal/ +%dir %{_datadir}/authselect/default/nis/ +%dir %{_datadir}/authselect/default/sssd/ +%dir %{_datadir}/authselect/default/winbind/ +%{_datadir}/authselect/default/minimal/dconf-db +%{_datadir}/authselect/default/minimal/dconf-locks +%{_datadir}/authselect/default/minimal/fingerprint-auth +%{_datadir}/authselect/default/minimal/nsswitch.conf +%{_datadir}/authselect/default/minimal/password-auth +%{_datadir}/authselect/default/minimal/postlogin +%{_datadir}/authselect/default/minimal/README +%{_datadir}/authselect/default/minimal/REQUIREMENTS +%{_datadir}/authselect/default/minimal/smartcard-auth +%{_datadir}/authselect/default/minimal/system-auth +%{_datadir}/authselect/default/nis/dconf-db +%{_datadir}/authselect/default/nis/dconf-locks +%{_datadir}/authselect/default/nis/fingerprint-auth +%{_datadir}/authselect/default/nis/nsswitch.conf +%{_datadir}/authselect/default/nis/password-auth +%{_datadir}/authselect/default/nis/postlogin +%{_datadir}/authselect/default/nis/README +%{_datadir}/authselect/default/nis/REQUIREMENTS +%{_datadir}/authselect/default/nis/smartcard-auth +%{_datadir}/authselect/default/nis/system-auth +%{_datadir}/authselect/default/sssd/dconf-db +%{_datadir}/authselect/default/sssd/dconf-locks +%{_datadir}/authselect/default/sssd/fingerprint-auth +%{_datadir}/authselect/default/sssd/nsswitch.conf +%{_datadir}/authselect/default/sssd/password-auth +%{_datadir}/authselect/default/sssd/postlogin +%{_datadir}/authselect/default/sssd/README +%{_datadir}/authselect/default/sssd/REQUIREMENTS +%{_datadir}/authselect/default/sssd/smartcard-auth +%{_datadir}/authselect/default/sssd/system-auth +%{_datadir}/authselect/default/winbind/dconf-db +%{_datadir}/authselect/default/winbind/dconf-locks +%{_datadir}/authselect/default/winbind/fingerprint-auth +%{_datadir}/authselect/default/winbind/nsswitch.conf +%{_datadir}/authselect/default/winbind/password-auth +%{_datadir}/authselect/default/winbind/postlogin +%{_datadir}/authselect/default/winbind/README +%{_datadir}/authselect/default/winbind/REQUIREMENTS +%{_datadir}/authselect/default/winbind/smartcard-auth +%{_datadir}/authselect/default/winbind/system-auth +%{_libdir}/libauthselect.so.* +%{_mandir}/man5/authselect-profiles.5* +%{_datadir}/doc/authselect/COPYING +%{_datadir}/doc/authselect/README.md +%{abidir}/libauthselect.dump +%license COPYING diff --git a/authselect.spec b/authselect.spec index 3f4b9b53b015a7e2cbcb110d235479ca7c849c8a..d25ce84d51b5999e141159ded88ffe8633fdb366 100644 --- a/authselect.spec +++ b/authselect.spec @@ -1,100 +1,92 @@ -%define anolis_release 1 +%define anolis_release 2 + +Name: authselect +Version: 1.4.2 +Release: %{anolis_release}%{?dist} +Summary: Configures authentication and identity sources from supported profiles +URL: https://github.com/authselect/authselect + +License: GPLv3+ +Source0: %{url}/archive/refs/tags/%{version}.tar.gz +Source10: authselect-lib-filelist + + # Do not terminate build if language files are empty. %define _empty_manifest_terminate_build 0 -Name: authselect -Version: 1.4.2 -Release: %{anolis_release}%{?dist} -Summary: Configures authentication and identity sources from supported profiles -URL: https://github.com/authselect/authselect - -License: GPLv3+ -Source0: %{url}/archive/refs/tags/%{version}.tar.gz - -%global makedir %{_builddir}/%{name}-%{version} - -%global with_compat 1 - -%global with_user_nsswitch 0 -%global enforce_authselect 1 - -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: findutils -BuildRequires: libtool -BuildRequires: m4 -BuildRequires: gcc -BuildRequires: pkgconfig -BuildRequires: pkgconfig(popt) -BuildRequires: gettext-devel -BuildRequires: po4a -BuildRequires: %{_bindir}/a2x -BuildRequires: libcmocka-devel >= 1.0.0 -BuildRequires: libselinux-devel -%if %{with_compat} +%bcond_without compat +%bcond_with user_nsswitch +%bcond_without enforce_authselect + +BuildRequires: autoconf, automake, gcc, libtool +BuildRequires: m4, pkgconfig, pkgconfig(popt) +BuildRequires: gettext-devel, po4a, asciidoc, libcmocka-devel, libselinux-devel +%if %{with compat} BuildRequires: python3-devel %endif -Requires: authselect-libs = %{version}-%{release} -Suggests: sssd -Suggests: samba-winbind -Suggests: fprintd-pam -Suggests: oddjob-mkhomedir - -%if !%{with_compat} -# Properly obsolete removed authselect-compat package. -Obsoletes: authselect-compat < 1.2.4 -# Inherited from former authselect-compat package. -Obsoletes: authconfig < 7.0.1 -%endif +Requires: authselect-libs = %{version}-%{release} +Suggests: sssd, samba-winbind, fprintd-pam, oddjob-mkhomedir %description -Authselect is designed to be a replacement for authconfig but it takes -a different approach to configure the system. Instead of letting -the administrator build the PAM stack with a tool (which may potentially -end up with a broken configuration), it would ship several tested stacks -(profiles) that solve a use-case and are well tested and supported. -At the same time, some obsolete features of authconfig are not -supported by authselect. +Authselect is a tool to configure system identity and authentication sources and +providers by selecting a specific profile. Profile is a set of files that +describes how the resulting system configuration will look like. When a profile +is selected, authselect will create nsswitch.conf(5) and PAM(8) stack to use +identity and authentication sources defined by the profile. %package libs -Summary: Utility library used by the authselect tool +Summary: Utility library used by the authselect tool # Required by scriptlets -Requires: coreutils -Requires: sed -Suggests: systemd -%if %{enforce_authselect} +Requires: sed, coreutils +Suggests: systemd +%if %{with enforce_authselect} # authselect now owns nsswitch.conf (glibc) and pam files -Conflicts: pam < 1.5.2 -Conflicts: glibc < 2.34 +Conflicts: pam < 1.5.2 +Conflicts: glibc < 2.34 # systemd, nss-mdns no longer contains nsswitch.conf scriptlets -Conflicts: systemd < 250 -Conflicts: nss-mdns < 0.15.1 +Conflicts: systemd < 250 +Conflicts: nss-mdns < 0.15.1 %endif %description libs -Common library files for authselect. This package is used by the authselect +Authselect is a tool to configure system identity and authentication sources and +providers by selecting a specific profile. Profile is a set of files that +describes how the resulting system configuration will look like. When a profile +is selected, authselect will create nsswitch.conf(5) and PAM(8) stack to use +identity and authentication sources defined by the profile. + +This package provides common library files for authselect and used by the authselect command line tool and any other potential front-ends. %package devel -Summary: Development libraries and headers for authselect -Requires: authselect-libs = %{version}-%{release} +Summary: Development libraries and headers for authselect +Requires: authselect-libs = %{version}-%{release} %description devel -System header files and development libraries for authselect. Useful if -you develop a front-end for the authselect library. +Authselect is a tool to configure system identity and authentication sources and +providers by selecting a specific profile. Profile is a set of files that +describes how the resulting system configuration will look like. When a profile +is selected, authselect will create nsswitch.conf(5) and PAM(8) stack to use +identity and authentication sources defined by the profile. + +This package provides system header files and development libraries for authselect. +Useful if you develop a front-end for the authselect library. -%if %{with_compat} +%if %{with compat} %package compat -Summary: Tool to provide minimum backwards compatibility with authconfig -Obsoletes: authconfig < 7.0.1 -Provides: authconfig -Requires: authselect = %{version}-%{release} -Recommends: oddjob-mkhomedir -Suggests: sssd -Suggests: realmd -Suggests: samba-winbind +Summary: Tool to provide minimum backwards compatibility with authconfig +Provides: authconfig +Requires: authselect = %{version}-%{release} +Recommends: oddjob-mkhomedir +Suggests: sssd, realmd, samba-winbind %description compat +Authselect is a tool to configure system identity and authentication sources and +providers by selecting a specific profile. Profile is a set of files that +describes how the resulting system configuration will look like. When a profile +is selected, authselect will create nsswitch.conf(5) and PAM(8) stack to use +identity and authentication sources defined by the profile. + This package will replace %{_sbindir}/authconfig with a tool that will translate some of the authconfig calls into authselect calls. It provides only minimum backward compatibility and users are encouraged to migrate @@ -107,19 +99,39 @@ Requires: %{name}-libs = %{version}-%{release} BuildArch: noarch %description doc +Authselect is a tool to configure system identity and authentication sources and +providers by selecting a specific profile. Profile is a set of files that +describes how the resulting system configuration will look like. When a profile +is selected, authselect will create nsswitch.conf(5) and PAM(8) stack to use +identity and authentication sources defined by the profile. + The %{name}-doc package contains documentation files for %{name}. +%package lang +Summary: Language translations for authselect +Requires: %{name}-libs = %{version}-%{release} +BuildArch: noarch + +%description lang +Authselect is a tool to configure system identity and authentication sources and +providers by selecting a specific profile. Profile is a set of files that +describes how the resulting system configuration will look like. When a profile +is selected, authselect will create nsswitch.conf(5) and PAM(8) stack to use +identity and authentication sources defined by the profile. + +This package contains the language translation files for authselect + %prep %autosetup -n %{name}-%{version} %build -autoreconf -if +autoreconf -ifv %configure \ -%if %{with_compat} +%if %{with compat} --with-pythonbin="%{__python3}" \ --with-compat \ %endif -%if %{with_user_nsswitch} +%if %{with user_nsswitch} --with-user-nsswitch \ %endif %{nil} @@ -142,26 +154,16 @@ autoreconf -if %__sed -i '/LC_MESSAGES/d' %{name}.8.lang # Remove .la and .a files created by libtool -find $RPM_BUILD_ROOT -name "*.la" -exec %__rm -f {} \; -find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; +find %{buildroot} \( -name "*.la" -o -name "*.a" \) -exec %__rm -vf {} \; +# Call ldconfig in %post/%postun %ldconfig_scriptlets libs +# Generate compateibility abi/api files %generate_compatibility_deps -%files libs -f %{name}.lang -f %{name}-profiles.5.lang -%dir %{_sysconfdir}/authselect -%dir %{_sysconfdir}/authselect/custom -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/authselect.conf -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-db -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-locks -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/fingerprint-auth -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/nsswitch.conf -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/password-auth -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/postlogin -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/smartcard-auth -%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/system-auth -%if %{enforce_authselect} +%files libs -f %{SOURCE10} +%if %{with enforce_authselect} %ghost %attr(0644,root,root) %{_sysconfdir}/nsswitch.conf %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/fingerprint-auth %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/password-auth @@ -169,65 +171,10 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/smartcard-auth %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/system-auth %endif -%dir %{_localstatedir}/lib/authselect -%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/ -%if %{with_user_nsswitch} +%if %{with user_nsswitch} %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created %endif -%dir %{_datadir}/authselect -%dir %{_datadir}/authselect/vendor -%dir %{_datadir}/authselect/default -%dir %{_datadir}/authselect/default/minimal/ -%dir %{_datadir}/authselect/default/nis/ -%dir %{_datadir}/authselect/default/sssd/ -%dir %{_datadir}/authselect/default/winbind/ -%{_datadir}/authselect/default/minimal/dconf-db -%{_datadir}/authselect/default/minimal/dconf-locks -%{_datadir}/authselect/default/minimal/fingerprint-auth -%{_datadir}/authselect/default/minimal/nsswitch.conf -%{_datadir}/authselect/default/minimal/password-auth -%{_datadir}/authselect/default/minimal/postlogin -%{_datadir}/authselect/default/minimal/README -%{_datadir}/authselect/default/minimal/REQUIREMENTS -%{_datadir}/authselect/default/minimal/smartcard-auth -%{_datadir}/authselect/default/minimal/system-auth -%{_datadir}/authselect/default/nis/dconf-db -%{_datadir}/authselect/default/nis/dconf-locks -%{_datadir}/authselect/default/nis/fingerprint-auth -%{_datadir}/authselect/default/nis/nsswitch.conf -%{_datadir}/authselect/default/nis/password-auth -%{_datadir}/authselect/default/nis/postlogin -%{_datadir}/authselect/default/nis/README -%{_datadir}/authselect/default/nis/REQUIREMENTS -%{_datadir}/authselect/default/nis/smartcard-auth -%{_datadir}/authselect/default/nis/system-auth -%{_datadir}/authselect/default/sssd/dconf-db -%{_datadir}/authselect/default/sssd/dconf-locks -%{_datadir}/authselect/default/sssd/fingerprint-auth -%{_datadir}/authselect/default/sssd/nsswitch.conf -%{_datadir}/authselect/default/sssd/password-auth -%{_datadir}/authselect/default/sssd/postlogin -%{_datadir}/authselect/default/sssd/README -%{_datadir}/authselect/default/sssd/REQUIREMENTS -%{_datadir}/authselect/default/sssd/smartcard-auth -%{_datadir}/authselect/default/sssd/system-auth -%{_datadir}/authselect/default/winbind/dconf-db -%{_datadir}/authselect/default/winbind/dconf-locks -%{_datadir}/authselect/default/winbind/fingerprint-auth -%{_datadir}/authselect/default/winbind/nsswitch.conf -%{_datadir}/authselect/default/winbind/password-auth -%{_datadir}/authselect/default/winbind/postlogin -%{_datadir}/authselect/default/winbind/README -%{_datadir}/authselect/default/winbind/REQUIREMENTS -%{_datadir}/authselect/default/winbind/smartcard-auth -%{_datadir}/authselect/default/winbind/system-auth -%{_libdir}/libauthselect.so.* -%{_mandir}/man5/authselect-profiles.5* -%{_datadir}/doc/authselect/COPYING -%{_datadir}/doc/authselect/README.md -%{abidir}/libauthselect.dump -%license COPYING %files doc %doc README.md @@ -237,19 +184,21 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; %{_libdir}/libauthselect.so %{_libdir}/pkgconfig/authselect.pc -%if %{with_compat} +%if %{with compat} %files compat %{_sbindir}/authconfig %{python3_sitelib}/authselect/ %endif -%files -f %{name}.8.lang -f %{name}-migration.7.lang +%files lang -f %{name}.lang -f %{name}-profiles.5.lang -f %{name}.8.lang -f %{name}-migration.7.lang + +%files %{_bindir}/authselect %{_mandir}/man8/authselect.8* %{_mandir}/man7/authselect-migration.7* %{_sysconfdir}/bash_completion.d/authselect-completion.sh -%global forcefile %{_localstatedir}/lib/rpm-state/%{name}.force +%global forcefile %{_sharedstatedir}/rpm-state/%{name}.force %preun if [ $1 == 0 ] ; then @@ -260,36 +209,28 @@ if [ $1 == 0 ] ; then %{_bindir}/authselect opt-out fi -%if %{enforce_authselect} -%pre libs -p -force_file = rpm.expand("%{forcefile}") -authselect = rpm.expand("%{_bindir}/authselect") -os.remove(force_file) - --- Check if this is a new installation. -if tonumber(arg[2]) == 1 -then - f = io.open(force_file, "w") - f:write("") - f:close() -end - --- Check if we are upgrading from older version then authselect-1.3.0 --- The version command is not available on earlier versions -if tonumber(arg[2]) > 1 -then - comm = os.execute(authselect .. " check &> /dev/null") - if comm ~= true - then - comm = os.execute(authselect .. " version &> /dev/null") - if comm ~= true - then - f = io.open(force_file, "w") - f:write("") - f:close() - end - end -end +%if %{with enforce_authselect} +%pre libs +force_file="%{forcefile}" +authselect="%{_bindir}/authselect" +rm -vf $force_file + +# Check if this is a new installation. +if [ $1 -eq 1 ]; then + touch $force_file +fi + +# Check if we are upgrading from older version then authselect-1.3.0 +# The version command is not available on earlier versions +if [ $1 -gt 1 ]; then + comm=$( $authselect check &> /dev/null ) + if [ $? -ne 0 ]; then + comm=$( $authselect version &> /dev/null ) + if [ $? -ne 0 ]; then + touch $force_file + fi + fi +fi %else %pre libs @@ -298,10 +239,11 @@ exit 0 %posttrans libs # Copy nsswitch.conf to user-nsswitch.conf if it was not yet created -%if %{with_user_nsswitch} -if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then - %__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null - touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null +%if %{with user_nsswitch} +if [ ! -f %{_sharedstatedir}/authselect/user-nsswitch-created ]; then + %__cp -n %{_sysconfdir}/nsswitch.conf \ + %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null + touch %{_sharedstatedir}/authselect/user-nsswitch-created &> /dev/null fi %endif @@ -309,11 +251,14 @@ fi # See https://github.com/authselect/authselect/issues/48 if test -e /run/ostree-booted; then for PROFILE in `ls %{_datadir}/authselect/default`; do - %{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null -%if %{with_user_nsswitch} - %__sed -ie "s/^\(passwd\|group\):\(.*\)systemd\(.*\)/\1:\2systemd altfiles\3/g" %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null + %{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE \ + --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null +%if %{with user_nsswitch} + %__sed -ie "s/^\(passwd\|group\):\(.*\)systemd\(.*\)/\1:\2systemd altfiles\3/g" \ + %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null %else - %__sed -ie 's/{if "with-altfiles":altfiles }/altfiles /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null + %__sed -ie 's/{if "with-altfiles":altfiles }/altfiles /g' \ + %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null %endif done fi @@ -336,6 +281,9 @@ fi exit 0 %changelog +* Fri Apr 14 2023 DengXiewei - 1.4.2-2 +- optimise spec + * Mon Dec 26 2022 Kun(llfl) - 1.4.2-1 - update to 1.4.2 - optimise spec