diff --git a/1.3.0.tar.gz b/1.3.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..fc6f0984f23fee97c5054ff7a315ffec75382daf Binary files /dev/null and b/1.3.0.tar.gz differ diff --git a/authselect.spec b/authselect.spec new file mode 100644 index 0000000000000000000000000000000000000000..be755735306c1f6926ad7d51e1bdc5385a6d1b99 --- /dev/null +++ b/authselect.spec @@ -0,0 +1,328 @@ +%define anolis_release 1 +# Do not terminate build if language files are empty. +%define _empty_manifest_terminate_build 0 + +Name: authselect +Version: 1.3.0 +Release: %{anolis_release}%{?dist} +Summary: Configures authentication and identity sources from supported profiles +URL: https://github.com/authselect/authselect + +License: GPLv3+ +Source0: %{url}/archive/refs/tags/%{version}.tar.gz + +%global makedir %{_builddir}/%{name}-%{version} + +%global with_compat 1 + +%global with_user_nsswitch 1 +%global enforce_authselect 0 + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: findutils +BuildRequires: libtool +BuildRequires: m4 +BuildRequires: gcc +BuildRequires: pkgconfig +BuildRequires: pkgconfig(popt) +BuildRequires: gettext-devel +BuildRequires: po4a +BuildRequires: %{_bindir}/a2x +BuildRequires: libcmocka-devel >= 1.0.0 +BuildRequires: libselinux-devel +%if %{with_compat} +BuildRequires: python3-devel +%endif +Requires: authselect-libs%{?_isa} = %{version}-%{release} +Suggests: sssd +Suggests: samba-winbind +Suggests: fprintd-pam +Suggests: oddjob-mkhomedir + +%if !%{with_compat} +# Properly obsolete removed authselect-compat package. +Obsoletes: authselect-compat < 1.2.4 +# Inherited from former authselect-compat package. +Obsoletes: authconfig < 7.0.1-6 +%endif + +%description +Authselect is designed to be a replacement for authconfig but it takes +a different approach to configure the system. Instead of letting +the administrator build the PAM stack with a tool (which may potentially +end up with a broken configuration), it would ship several tested stacks +(profiles) that solve a use-case and are well tested and supported. +At the same time, some obsolete features of authconfig are not +supported by authselect. + +%package libs +Summary: Utility library used by the authselect tool +# Required by scriptlets +Requires: coreutils +Requires: sed +Suggests: systemd +%if %{enforce_authselect} +# authselect now owns nsswitch.conf (glibc) and pam files +Conflicts: pam < 1.5.2-8 +Conflicts: glibc < 2.34.9000-28 +# systemd, nss-mdns no longer contains nsswitch.conf scriptlets +Conflicts: systemd < 250~rc1-3 +Conflicts: nss-mdns < 0.15.1-3 +%endif + +%description libs +Common library files for authselect. This package is used by the authselect +command line tool and any other potential front-ends. + +%package devel +Summary: Development libraries and headers for authselect +Requires: authselect-libs%{?_isa} = %{version}-%{release} + +%description devel +System header files and development libraries for authselect. Useful if +you develop a front-end for the authselect library. + +%if %{with_compat} +%package compat +Summary: Tool to provide minimum backwards compatibility with authconfig +Obsoletes: authconfig < 7.0.1-6 +Provides: authconfig +Requires: authselect%{?_isa} = %{version}-%{release} +Recommends: oddjob-mkhomedir +Suggests: sssd +Suggests: realmd +Suggests: samba-winbind + +%description compat +This package will replace %{_sbindir}/authconfig with a tool that will +translate some of the authconfig calls into authselect calls. It provides +only minimum backward compatibility and users are encouraged to migrate +to authselect completely. +%endif + +%prep +%setup -q + +%build +autoreconf -if +%configure \ +%if %{with_compat} + --with-pythonbin="%{__python3}" \ + --with-compat \ +%endif +%if %{with_user_nsswitch} + --with-user-nsswitch \ +%endif + %{nil} + +%make_build + +%check +%make_build check + +%install +%make_install + +# Find translations +%find_lang %{name} +%find_lang %{name} %{name}.8.lang --with-man +%find_lang %{name}-migration %{name}-migration.7.lang --with-man +%find_lang %{name}-profiles %{name}-profiles.5.lang --with-man + +# We want this file to contain only manual page translations +%__sed -i '/LC_MESSAGES/d' %{name}.8.lang + +# Remove .la and .a files created by libtool +find $RPM_BUILD_ROOT -name "*.la" -exec %__rm -f {} \; +find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; + +%ldconfig_scriptlets libs + +%files libs -f %{name}.lang -f %{name}-profiles.5.lang +%dir %{_sysconfdir}/authselect +%dir %{_sysconfdir}/authselect/custom +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/authselect.conf +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-db +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-locks +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/fingerprint-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/nsswitch.conf +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/password-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/postlogin +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/smartcard-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/system-auth +%if %{enforce_authselect} +%ghost %attr(0644,root,root) %{_sysconfdir}/nsswitch.conf +%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/fingerprint-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/password-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/postlogin +%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/smartcard-auth +%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/system-auth +%endif +%dir %{_localstatedir}/lib/authselect +%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/ +%if %{with_user_nsswitch} +%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf +%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created +%endif +%dir %{_datadir}/authselect +%dir %{_datadir}/authselect/vendor +%dir %{_datadir}/authselect/default +%dir %{_datadir}/authselect/default/minimal/ +%dir %{_datadir}/authselect/default/nis/ +%dir %{_datadir}/authselect/default/sssd/ +%dir %{_datadir}/authselect/default/winbind/ +%{_datadir}/authselect/default/minimal/dconf-db +%{_datadir}/authselect/default/minimal/dconf-locks +%{_datadir}/authselect/default/minimal/fingerprint-auth +%{_datadir}/authselect/default/minimal/nsswitch.conf +%{_datadir}/authselect/default/minimal/password-auth +%{_datadir}/authselect/default/minimal/postlogin +%{_datadir}/authselect/default/minimal/README +%{_datadir}/authselect/default/minimal/REQUIREMENTS +%{_datadir}/authselect/default/minimal/smartcard-auth +%{_datadir}/authselect/default/minimal/system-auth +%{_datadir}/authselect/default/nis/dconf-db +%{_datadir}/authselect/default/nis/dconf-locks +%{_datadir}/authselect/default/nis/fingerprint-auth +%{_datadir}/authselect/default/nis/nsswitch.conf +%{_datadir}/authselect/default/nis/password-auth +%{_datadir}/authselect/default/nis/postlogin +%{_datadir}/authselect/default/nis/README +%{_datadir}/authselect/default/nis/REQUIREMENTS +%{_datadir}/authselect/default/nis/smartcard-auth +%{_datadir}/authselect/default/nis/system-auth +%{_datadir}/authselect/default/sssd/dconf-db +%{_datadir}/authselect/default/sssd/dconf-locks +%{_datadir}/authselect/default/sssd/fingerprint-auth +%{_datadir}/authselect/default/sssd/nsswitch.conf +%{_datadir}/authselect/default/sssd/password-auth +%{_datadir}/authselect/default/sssd/postlogin +%{_datadir}/authselect/default/sssd/README +%{_datadir}/authselect/default/sssd/REQUIREMENTS +%{_datadir}/authselect/default/sssd/smartcard-auth +%{_datadir}/authselect/default/sssd/system-auth +%{_datadir}/authselect/default/winbind/dconf-db +%{_datadir}/authselect/default/winbind/dconf-locks +%{_datadir}/authselect/default/winbind/fingerprint-auth +%{_datadir}/authselect/default/winbind/nsswitch.conf +%{_datadir}/authselect/default/winbind/password-auth +%{_datadir}/authselect/default/winbind/postlogin +%{_datadir}/authselect/default/winbind/README +%{_datadir}/authselect/default/winbind/REQUIREMENTS +%{_datadir}/authselect/default/winbind/smartcard-auth +%{_datadir}/authselect/default/winbind/system-auth +%{_libdir}/libauthselect.so.* +%{_mandir}/man5/authselect-profiles.5* +%{_datadir}/doc/authselect/COPYING +%{_datadir}/doc/authselect/README.md +%license COPYING +%doc README.md + +%files devel +%{_includedir}/authselect.h +%{_libdir}/libauthselect.so +%{_libdir}/pkgconfig/authselect.pc + +%if %{with_compat} +%files compat +%{_sbindir}/authconfig +%{python3_sitelib}/authselect/ +%endif + +%files -f %{name}.8.lang -f %{name}-migration.7.lang +%{_bindir}/authselect +%{_mandir}/man8/authselect.8* +%{_mandir}/man7/authselect-migration.7* +%{_sysconfdir}/bash_completion.d/authselect-completion.sh + +%global forcefile %{_localstatedir}/lib/rpm-state/%{name}.force + +%preun +if [ $1 == 0 ] ; then + # Remove authselect symbolic links so all authselect files can be + # deleted safely. If this fail, the uninstallation must fail to avoid + # breaking the system by removing PAM files. However, the command can + # only fail if it can not write to the file system. + %{_bindir}/authselect opt-out +fi + +%if %{enforce_authselect} +%pre libs -p +force_file = rpm.expand("%{forcefile}") +authselect = rpm.expand("%{_bindir}/authselect") +os.remove(force_file) + +-- Check if this is a new installation. +if tonumber(arg[2]) == 1 +then + f = io.open(force_file, "w") + f:write("") + f:close() +end + +-- Check if we are upgrading from older version then authselect-1.3.0 +-- The version command is not available on earlier versions +if tonumber(arg[2]) > 1 +then + comm = os.execute(authselect .. " check &> /dev/null") + if comm ~= true + then + comm = os.execute(authselect .. " version &> /dev/null") + if comm ~= true + then + f = io.open(force_file, "w") + f:write("") + f:close() + end + end +end + +%else +%pre libs +exit 0 +%endif + + +%posttrans libs +# Copy nsswitch.conf to user-nsswitch.conf if it was not yet created +%if %{with_user_nsswitch} +if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then + %__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null + touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null +fi +%endif + +# Keep nss-altfiles for all rpm-ostree based systems. +# See https://github.com/authselect/authselect/issues/48 +if test -e /run/ostree-booted; then + for PROFILE in `ls %{_datadir}/authselect/default`; do + %{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null +%if %{with_user_nsswitch} + %__sed -ie "s/^\(passwd\|group\):\(.*\)systemd\(.*\)/\1:\2systemd altfiles\3/g" %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null +%else + %__sed -ie 's/{if "with-altfiles":altfiles }/altfiles /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null +%endif + done +fi + +%{_bindir}/authselect check &> /dev/null +if [ $? -eq 6 ]; then + NOBACKUP="--nobackup" +fi + +# If we are upgrading from pre authselect-1.3.0 or this is a new installation +# select the default configuration. +if [ -f %{forcefile} ]; then + %{_bindir}/authselect select %{default_profile} --force $NOBACKUP &> /dev/null + %__rm -f %{forcefile} +fi + +# Apply any changes to profiles (validates configuration first internally) +%{_bindir}/authselect apply-changes &> /dev/null + +exit 0 + +%changelog +* Thu Mar 10 2022 Mingyue Zhao - 1.3.0-1 +- Init for Anolis OS 23