From 71e6611a875bae812f3d2dac305a67bd87326fff Mon Sep 17 00:00:00 2001 From: chendexi Date: Thu, 29 Feb 2024 07:17:05 +0000 Subject: [PATCH] unpack for sssd (cherry picked from commit 78583b0f29398518153a7e8fec2f793d82348236) --- sssd.spec | 826 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 586 insertions(+), 240 deletions(-) diff --git a/sssd.spec b/sssd.spec index db36c95..963ce18 100644 --- a/sssd.spec +++ b/sssd.spec @@ -1,74 +1,30 @@ -Name: sssd -Version: 2.9.4 -Release: 1 -Summary: System Security Services Daemon -License: GPLv3+ and LGPLv3+ -URL: https://pagure.io/SSSD/sssd/ -Source0: https://github.com/SSSD/sssd/releases/download/%{version}/%{name}-%{version}.tar.gz - - -Requires: python3-sssd = %{version}-%{release} -Requires: libldb -Requires: cyrus-sasl-gssapi%{?_isa} -%{?systemd_requires} -Recommends: bind-utils -Recommends: bind-utils -Recommends: adcli +# we don't want to provide private python extension libs +%define __provides_exclude_from %{python3_sitearch}/.*\.so$ -Provides: libsss_sudo-devel = %{version}-%{release} -Provides: sssd-common = %{version}-%{release} -Provides: sssd-ldap = %{version}-%{release} -Provides: sssd-krb5 = %{version}-%{release} -Provides: sssd-krb5-common = %{version}-%{release} -Provides: sssd-ipa = %{version}-%{release} -Provides: sssd-ad = %{version}-%{release} -Provides: sssd-client = %{version}-%{release} -Provides: sssd-common-pac = %{version}-%{release} -Provides: sssd-kcm = %{version}-%{release} -Provides: sssd-dbus = %{version}-%{release} -Provides: libsss_sudo = %{version}-%{release} -Provides: sssd-proxy = %{version}-%{release} -Provides: libsss_idmap = %{version}-%{release} -Provides: libipa_hbac = %{version}-%{release} -Provides: libsss_autofs = %{version}-%{release} -Provides: libsss_nss_idmap = %{version}-%{release} -Provides: libsss_simpleifp = %{version}-%{release} -Provides: libsss_certmap = %{version}-%{release} -Provides: sssd-libwbclient = %{version}-%{release} -Provides: sssd-nfs-idmap = %{version}-%{release} -Provides: sssd-winbind-idmap = %{version}-%{release} -Provides: sssd-tools = %{version}-%{release} +# Determine the location of the LDB modules directory +%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) -Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 -Obsoletes: sssd-common < %{version}-%{release} -Obsoletes: sssd-ldap < %{version}-%{release} -Obsoletes: sssd-krb5 < %{version}-%{release} -Obsoletes: sssd-krb5-common < %{version}-%{release} -Obsoletes: sssd-ipa < %{version}-%{release} -Obsoletes: sssd-ad < %{version}-%{release} -Obsoletes: sssd-client < %{version}-%{release} -Obsoletes: sssd-common-pac < %{version}-%{release} -Obsoletes: sssd-kcm < %{version}-%{release} -Obsoletes: sssd-dbus < %{version}-%{release} -Obsoletes: libsss_sudo < %{version}-%{release} -Obsoletes: sssd-proxy < %{version}-%{release} -Obsoletes: libsss_idmap < %{version}-%{release} -Obsoletes: libipa_hbac < %{version}-%{release} -Obsoletes: libsss_autofs < %{version}-%{release} -Obsoletes: libsss_nss_idmap < %{version}-%{release} -Obsoletes: libsss_simpleifp < %{version}-%{release} -Obsoletes: libsss_certmap < %{version}-%{release} -Obsoletes: sssd-libwbclient < %{version}-%{release} -Obsoletes: sssd-nfs-idmap < %{version}-%{release} -Obsoletes: sssd-winbind-idmap < %{version}-%{release} -Obsoletes: sssd-tools < %{version}-%{release} - -Requires(post): /sbin/ldconfig -Requires(postun): /sbin/ldconfig -Requires(post): /usr/sbin/alternatives -Requires(preun): /usr/sbin/alternatives +%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release}) -%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) +Name: sssd +Version: 2.9.4 +Release: 2 +Summary: System Security Services Daemon +License: GPL-3.0-or-later +URL: https://github.com/SSSD/sssd/ +Source0: https://github.com/SSSD/sssd/releases/download/2.9.4/sssd-2.9.4.tar.gz + +Requires: sssd-ad = %{version}-%{release} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-ipa = %{version}-%{release} +Requires: sssd-krb5 = %{version}-%{release} +Requires: sssd-ldap = %{version}-%{release} +Requires: sssd-proxy = %{version}-%{release} +Suggests: logrotate +Suggests: procps-ng +Suggests: python3-sssdconfig = %{version}-%{release} +Suggests: sssd-dbus = %{version}-%{release} +Obsoletes: python3-sssd < %{version}-%{release} BuildRequires: libtool popt-devel BuildRequires: libldb-devel @@ -86,57 +42,327 @@ BuildRequires: libcurl-devel libjose-devel keyutils-libs-devel krb5-devel BuildRequires: pcre2-devel libunistring libunistring-devel %description -SSSD provides a set of daemons to manage access to remote directories -and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It -provides an NSS and PAM interface toward the system and a pluggable -backend system to connect to multiple different account sources. - -%package devel -Summary: Development libraries for the SSSD -License: GPLv3+ and LGPLv3+ -Requires: dbus-devel -Requires: sssd = %{version}-%{release} - -Provides: libsss_idmap-devel = %{version}-%{release} -Provides: libipa_hbac-devel = %{version}-%{release} -Provides: libsss_nss_idmap-devel = %{version}-%{release} -Provides: libsss_simpleifp-devel = %{version}-%{release} -Provides: libsss_certmap-devel = %{version}-%{release} -Provides: sssd-libwbclient-devel = %{version}-%{release} - -Obsoletes: libsss_idmap-devel < %{version}-%{release} -Obsoletes: libipa_hbac-devel < %{version}-%{release} -Obsoletes: libsss_nss_idmap-devel < %{version}-%{release} -Obsoletes: libsss_simpleifp-devel < %{version}-%{release} -Obsoletes: libsss_certmap-devel < %{version}-%{release} -Obsoletes: sssd-libwbclient-devel < %{version}-%{release} - -%description devel -Development libraries for the SSSD - -%package -n python3-sssd +Provides a set of daemons to manage access to remote directories and +authentication mechanisms. It provides an NSS and PAM interface toward +the system and a pluggable back end system to connect to multiple different +account sources. It is also the basis to provide client auditing and policy +services for projects like FreeIPA. + +The sssd subpackage is a meta-package that contains the daemon as well as all +the existing back ends. + +%package common +Summary: Common files for the SSSD +License: GPL-3.0-or-later +Obsoletes: libsss_simpleifp < 2.9.2 +Obsoletes: libsss_simpleifp-debuginfo < 2.9.2 +Requires: libldb +Requires: sssd-client%{?_isa} = %{version}-%{release} +Requires: (libsss_sudo = %{version}-%{release} if sudo) +Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs) +Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap) +Requires: libsss_idmap = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} +%{?systemd_requires} +Provides: libsss_sudo-devel = %{version}-%{release} +Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 + +%description common +Common files for the SSSD. The common package includes all the files needed +to run a particular back end, however, the back ends are packaged in separate +subpackages such as sssd-ldap. + +%package client +Summary: SSSD Client libraries for NSS and PAM +License: LGPL-3.0-or-later +Requires: libsss_nss_idmap = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires(post): /usr/sbin/alternatives +Requires(preun): /usr/sbin/alternatives + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD +service. + +%package -n libsss_sudo +Summary: A library to allow communication between SUDO and SSSD +License: LGPL-3.0-or-later +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_sudo +A utility library to allow communication between SUDO and SSSD + +%package -n libsss_autofs +Summary: A library to allow communication between Autofs and SSSD +License: LGPL-3.0-or-later +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_autofs +A utility library to allow communication between Autofs and SSSD + +%package tools +Summary: Userspace tools for use with the SSSD +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} +# required by sss_obfuscate +Requires: python3-sss = %{version}-%{release} +Requires: python3-sssdconfig = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} +# for logger=journald support with sss_analyze +Requires: python3-systemd +Requires: sssd-dbus + +%description tools +Provides several administrative tools: + * sss_debuglevel to change the debug level on the fly + * sss_seed which pre-creates a user entry for use in kickstarts + * sss_obfuscate for generating an obfuscated LDAP password + * sssctl -- an sssd status and control utility + +%package -n python3-sssdconfig +Summary: SSSD and IPA configuration file manipulation classes and functions +License: GPL-3.0-or-later +BuildArch: noarch +%{?python_provide:%python_provide python3-sssdconfig} + +%description -n python3-sssdconfig +Provides python3 files for manipulation SSSD and IPA configuration files. + +%package -n python3-sss Summary: Python3 bindings for sssd -License: LGPLv3+ -Requires: sssd = %{version}-%{release} -Provides: python3-sss = %{version}-%{release} -Provides: python3-sssdconfig = %{version}-%{release} -Provides: python3-sss-murmur = %{version}-%{release} -provides: python3-libsss_nss_idmap = %{version}-%{release} -Provides: python3-libipa_hbac = %{version}-%{release} -Obsoletes: python3-sss < %{version}-%{release} -Obsoletes: python3-sssdconfig < %{version}-%{release} -Obsoletes: python3-sss-murmur < %{version}-%{release} -Obsoletes: python3-libipa_hbac < %{version}-%{release} -Obsoletes: python3-libsss_nss_idmap < %{version}-%{release} -%{?python_provide:%python_provide python3-sssd} +License: LGPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} %{?python_provide:%python_provide python3-sss} -%{?python_provide:%python_provide python3-sssdconfig} + +%description -n python3-sss +Provides python3 bindings: + * function for retrieving list of groups user belongs to + * class for obfuscation of passwords + +%package -n python3-sss-murmur +Summary: Python3 bindings for murmur hash function +License: LGPL-3.0-or-later %{?python_provide:%python_provide python3-sss-murmur} + +%description -n python3-sss-murmur +Provides python3 module for calculating the murmur hash version 3 + +%package ldap +Summary: The LDAP back end of the SSSD +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} + +%description ldap +Provides the LDAP back end that the SSSD can utilize to fetch identity data +from and authenticate against an LDAP server. + +%package krb5-common +Summary: SSSD helpers needed for Kerberos and GSSAPI authentication +License: GPL-3.0-or-later +Requires: cyrus-sasl-gssapi%{?_isa} +Requires: sssd-common = %{version}-%{release} + +%description krb5-common +Provides helper processes that the LDAP and Kerberos back ends can use for +Kerberos user or host authentication. + +%package krb5 +Summary: The Kerberos authentication back end for the SSSD +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description krb5 +Provides the Kerberos back end that the SSSD can utilize authenticate +against a Kerberos server. + +%package common-pac +Summary: Common files needed for supporting PAC processing +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} + +%description common-pac +Provides common files needed by SSSD providers such as IPA and Active Directory +for handling Kerberos PACs. + +%package ipa +Summary: The IPA back end of the SSSD +License: GPL-3.0-or-later +Requires: samba-client-libs >= %{samba_package_version} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libipa_hbac%{?_isa} = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} +Recommends: bind-utils +Requires: sssd-common-pac = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} + +%description ipa +Provides the IPA back end that the SSSD can utilize to fetch identity data +from and authenticate against an IPA server. + +%package ad +Summary: The AD back end of the SSSD +License: GPL-3.0-or-later +Requires: samba-client-libs >= %{samba_package_version} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: sssd-common-pac = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} +Recommends: bind-utils +Recommends: adcli +Suggests: sssd-winbind-idmap = %{version}-%{release} + +%description ad +Provides the Active Directory back end that the SSSD can utilize to fetch +identity data from and authenticate against an Active Directory server. + +%package proxy +Summary: The proxy back end of the SSSD +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} + +%description proxy +Provides the proxy back end which can be used to wrap an existing NSS and/or +PAM modules to leverage SSSD caching. + +%package -n libsss_idmap +Summary: FreeIPA Idmap library +License: LGPL-3.0-or-later + +%description -n libsss_idmap +Utility library to convert SIDs to Unix uids and gids + +%package -n libsss_idmap-devel +Summary: FreeIPA Idmap library +License: LGPL-3.0-or-later +Requires: libsss_idmap = %{version}-%{release} + +%description -n libsss_idmap-devel +Utility library to SIDs to Unix uids and gids + +%package -n libipa_hbac +Summary: FreeIPA HBAC Evaluator library +License: LGPL-3.0-or-later + +%description -n libipa_hbac +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n libipa_hbac-devel +Summary: FreeIPA HBAC Evaluator library +License: LGPL-3.0-or-later +Requires: libipa_hbac = %{version}-%{release} + +%description -n libipa_hbac-devel +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package -n python3-libipa_hbac +Summary: Python3 bindings for the FreeIPA HBAC Evaluator library +License: LGPL-3.0-or-later +Requires: libipa_hbac = %{version}-%{release} %{?python_provide:%python_provide python3-libipa_hbac} + +%description -n python3-libipa_hbac +The python3-libipa_hbac contains the bindings so that libipa_hbac can be +used by Python applications. + +%package -n libsss_nss_idmap +Summary: Library for SID and certificate based lookups +License: LGPL-3.0-or-later + +%description -n libsss_nss_idmap +Utility library for SID and certificate based lookups + +%package -n libsss_nss_idmap-devel +Summary: Library for SID and certificate based lookups +License: LGPL-3.0-or-later +Requires: libsss_nss_idmap = %{version}-%{release} + +%description -n libsss_nss_idmap-devel +Utility library for SID and certificate based lookups + +%package -n python3-libsss_nss_idmap +Summary: Python3 bindings for libsss_nss_idmap +License: LGPL-3.0-or-later +Requires: libsss_nss_idmap = %{version}-%{release} %{?python_provide:%python_provide python3-libsss_nss_idmap} -%description -n python3-sssd -Python3 bindings for sssd +%description -n python3-libsss_nss_idmap +The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can +be used by Python applications. + +%package dbus +Summary: The D-Bus responder of the SSSD +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description dbus +Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows +the information from the SSSD to be transmitted over the system bus. + +%package winbind-idmap +Summary: SSSD's idmap_sss Backend for Winbind +License: GPL-3.0-or-later AND LGPL-3.0-or-later +Requires: libsss_nss_idmap = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Conflicts: sssd-common < %{version}-%{release} + +%description winbind-idmap +The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs +and SIDs. + +%package nfs-idmap +Summary: SSSD plug-in for NFSv4 rpc.idmapd +License: GPL-3.0-or-later +Conflicts: sssd-common < %{version}-%{release} + +%description nfs-idmap +The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map +UIDs/GIDs to names and vice versa. It can be also used for mapping principal +(user) name to IDs(UID or GID) or to obtain groups which user are member of. + +%package -n libsss_certmap +Summary: SSSD Certificate Mapping Library +License: LGPL-3.0-or-later +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_certmap +Library to map certificates to users based on rules + +%package -n libsss_certmap-devel +Summary: SSSD Certificate Mapping Library +License: LGPL-3.0-or-later +Requires: libsss_certmap = %{version}-%{release} + +%description -n libsss_certmap-devel +Library to map certificates to users based on rules + +%package kcm +Summary: An implementation of a Kerberos KCM server +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} +%{?systemd_requires} + +%description kcm +An implementation of a Kerberos KCM server. Use this package if you want to +use the KCM: Kerberos credentials cache. + +%package idp +Summary: Kerberos plugins and OIDC helper for external identity providers. +License: GPL-3.0-or-later +Requires: sssd-common = %{version}-%{release} + +%description idp +This package provides Kerberos plugins that are required to enable +authentication against external identity providers. Additionally a helper +program to handle the OAuth 2.0 Device Authorization Grant is provided. %package_help @@ -144,6 +370,7 @@ Python3 bindings for sssd %autosetup -p1 %build + autoreconf -ivf %configure \ @@ -169,7 +396,7 @@ autoreconf -ivf %{?with_cifs_utils_plugin_option} \ --enable-systemtap -%make_build all docs +%make_build all docs %check export CK_TIMEOUT_MULTIPLIER=10 @@ -186,88 +413,58 @@ export SETUPTOOLS_USE_DISTUTILS=stdlib sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate %make_install + +# Prepare language files /usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd # install default sssd.conf file install -m600 src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf +# Copy default logrotate file mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd +# Make sure SSSD is able to run on read-only root mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd +# Kerberos KCM credential cache by default mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \ $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache - +# Enable krb5 idp plugins by default (when sssd-idp package is installed) +cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \ + $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp + +# krb5 configuration snippet cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \ $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir +# Create directory for cifs-idmap alternative +# Otherwise this directory could not be owned by sssd-client mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils +# Remove .la files created by libtool %delete_la -for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null` +# Suppress developer-only documentation +#rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} + +# Older versions of rpmbuild can only handle one -f option +# So we need to append to the sssd*.lang file +for file in `find $RPM_BUILD_ROOT/%{python3_sitelib} -maxdepth 1 -name "*.egg-info" 2> /dev/null` do - echo %{python3_sitelib}/`basename $file` >> python3_sssd.lang + echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang done touch sssd.lang - -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/ldap_child -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/krb5_child - -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_pac - -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_krb5.so - -chrpath -d $RPM_BUILD_ROOT%{ldb_modulesdir}/memberof.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_simple.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_child.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_semanage.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_krb5_common.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libifp_iface_sync.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_iface.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_cert.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_iface_sync.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_util.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libifp_iface.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_crypt.so -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_ldap_common.so -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_check_socket_activated_responders -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sss_signal -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_pam -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_sudo -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_autofs -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/p11_child -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_nss -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/oidc_child -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_be -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_ssh -chrpath -d $RPM_BUILD_ROOT%{_bindir}/sss_ssh_authorizedkeys -chrpath -d $RPM_BUILD_ROOT%{_bindir}/sss_ssh_knownhostsproxy -chrpath -d $RPM_BUILD_ROOT%{_sbindir}/sss_cache -chrpath -d $RPM_BUILD_ROOT%{_sbindir}/sssd -chrpath -d $RPM_BUILD_ROOT%{_sbindir}/sssctl -chrpath -d $RPM_BUILD_ROOT%{_sbindir}/sss_override -chrpath -d $RPM_BUILD_ROOT%{_sbindir}/sss_seed -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_ifp - -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_ipa.so -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/selinux_child - -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/sssd_kcm - -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_ldap.so - -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_ad.so -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/gpo_child - -chrpath -d $RPM_BUILD_ROOT%{_libexecdir}/sssd/proxy_child -chrpath -d $RPM_BUILD_ROOT%{_libdir}/%{name}/libsss_proxy.so -chrpath -d $RPM_BUILD_ROOT%{python3_sitearch}/pysss.so +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + touch $subpackage.lang +done mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d echo "/usr/lib64/sssd" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf @@ -275,15 +472,80 @@ for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BU do lang=`echo $man | cut -c 1-2` case `basename $man` in + sss_cache*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_ssh*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang + ;; + sss_rpcidmapd*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang + ;; + sss_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssctl*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang + ;; + sssd_krb5_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + pam_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + sssd-ldap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang + ;; + sssd-krb5*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang + ;; + sssd-ipa*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang + ;; + sssd-ad*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang + ;; + sssd-proxy*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang + ;; + sssd-ifp*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang + ;; + sssd-kcm*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang + ;; + idmap_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang + ;; + sss-certmap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang + ;; *) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang ;; esac done -%files -f sssd.lang +# Print these to the rpmbuild log +echo "sssd.lang:" +cat sssd.lang + +echo "python3_sssdconfig.lang:" +cat python3_sssdconfig.lang + +for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ + sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ + libsss_certmap sssd_kcm +do + echo "$subpackage.lang:" + cat $subpackage.lang +done + +%files +%license COPYING + +%files common -f sssd.lang %license COPYING -%license src/sss_client/COPYING.LESSER %doc src/examples/sssd-example.conf %{_sbindir}/sssd %{_unitdir}/sssd.service @@ -364,8 +626,6 @@ done %{_libdir}/%{name}/conf/sssd.conf %{_datadir}/sssd/cfg_rules.ini -%{_datadir}/sssd/sssd.api.conf -%{_datadir}/sssd/sssd.api.d %dir %{_datadir}/sssd/systemtap %{_datadir}/sssd/systemtap/id_perf.stp %{_datadir}/sssd/systemtap/nested_group_perf.stp @@ -376,27 +636,54 @@ done %{_datadir}/systemtap/tapset/sssd.stp %{_datadir}/systemtap/tapset/sssd_functions.stp -%{_sbindir}/sss_obfuscate -%{_sbindir}/sss_override -%{_sbindir}/sss_debuglevel -%{_sbindir}/sss_seed -%{_sbindir}/sssctl -%{_libexecdir}/sssd/sss_analyze +%files ldap -f sssd_ldap.lang +%license COPYING +%{_libdir}/%{name}/libsss_ldap.so +%files krb5-common +%license COPYING %attr(755,root,root) %dir %{_localstatedir}/lib/sss/pubconf/krb5.include.d %{_libexecdir}/sssd/ldap_child %{_libexecdir}/sssd/krb5_child + +%files krb5 -f sssd_krb5.lang +%license COPYING %{_libdir}/%{name}/libsss_krb5.so -%{_libdir}/%{name}/libsss_ldap.so +%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir +%dir %{_datadir}/sssd/krb5-snippets +%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir +%files common-pac +%license COPYING +%{_libexecdir}/sssd/sssd_pac + +%files ipa -f sssd_ipa.lang +%license COPYING %attr(700,root,root) %dir %{_localstatedir}/lib/sss/keytabs %{_libdir}/%{name}/libsss_ipa.so %{_libexecdir}/sssd/selinux_child + +%files ad -f sssd_ad.lang +%license COPYING %{_libdir}/%{name}/libsss_ad.so %{_libexecdir}/sssd/gpo_child -%{_libexecdir}/sssd/sssd_pac +%files proxy +%license COPYING +%{_libexecdir}/sssd/proxy_child +%{_libdir}/%{name}/libsss_proxy.so + +%files dbus -f sssd_dbus.lang +%license COPYING +%{_libexecdir}/sssd/sssd_ifp +%{_unitdir}/sssd-ifp.service +%{_datadir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service + +%files client -f sssd_client.lang +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libnss_sss.so.2 +%{_libdir}/security/pam_sss_gss.so %{_libdir}/security/pam_sss.so %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so %{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so @@ -407,63 +694,106 @@ done %dir %{_libdir}/%{name}/modules %{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so -%{_libexecdir}/sssd/sssd_kcm -%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache -%dir %{_datadir}/sssd-kcm -%{_datadir}/sssd-kcm/kcm_default_ccache -%{_unitdir}/sssd-kcm.socket -%{_unitdir}/sssd-kcm.service - -%{_libexecdir}/sssd/sssd_ifp -%{_unitdir}/sssd-ifp.service -%{_datadir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf -%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service - +%files -n libsss_sudo +%license src/sss_client/COPYING %{_libdir}/libsss_sudo.so* -%{_libexecdir}/sssd/proxy_child -%{_libdir}/%{name}/libsss_proxy.so -%{_libdir}/libsss_idmap.so.* -%{_libdir}/libipa_hbac.so.* + +%files -n libsss_autofs +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%dir %{_libdir}/%{name}/modules %{_libdir}/%{name}/modules/libsss_autofs.so -%{_libdir}/libsss_nss_idmap.so.* -%{_libdir}/libsss_certmap.so.* -%{_libdir}/libnfsidmap/sss.so -%dir %{_libdir}/samba/idmap -%{_libdir}/samba/idmap/sss.so -%{_libdir}/security/pam_sss_gss.so -%{_libexecdir}/sssd/oidc_child -%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so -%{_datadir}/sssd/krb5-snippets/sssd_enable_idp +%files tools -f sssd_tools.lang +%license COPYING +%{_sbindir}/sss_obfuscate +%{_sbindir}/sss_override +%{_sbindir}/sss_debuglevel +%{_sbindir}/sss_seed +%{_sbindir}/sssctl +%{_libexecdir}/sssd/sss_analyze +%{python3_sitelib}/sssd/ -%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir -%dir %{_datadir}/sssd/krb5-snippets -%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir +%files -n python3-sssdconfig -f python3_sssdconfig.lang +%dir %{python3_sitelib}/SSSDConfig +%{python3_sitelib}/SSSDConfig/*.py* +%dir %{python3_sitelib}/SSSDConfig/__pycache__ +%{python3_sitelib}/SSSDConfig/__pycache__/*.py* +%dir %{_datadir}/sssd +%{_datadir}/sssd/sssd.api.conf +%{_datadir}/sssd/sssd.api.d + +%files -n python3-sss +%{python3_sitearch}/pysss.so -%files devel +%files -n python3-sss-murmur +%{python3_sitearch}/pysss_murmur.so + +%files -n libsss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_idmap.so.* + +%files -n libsss_idmap-devel +%doc idmap_doc/html %{_includedir}/sss_idmap.h %{_libdir}/libsss_idmap.so %{_libdir}/pkgconfig/sss_idmap.pc + +%files -n libipa_hbac +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libipa_hbac.so.* + +%files -n libipa_hbac-devel +%doc hbac_doc/html %{_includedir}/ipa_hbac.h %{_libdir}/libipa_hbac.so %{_libdir}/pkgconfig/ipa_hbac.pc + +%files -n libsss_nss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_nss_idmap.so.* + +%files -n libsss_nss_idmap-devel +%doc nss_idmap_doc/html %{_includedir}/sss_nss_idmap.h %{_libdir}/libsss_nss_idmap.so %{_libdir}/pkgconfig/sss_nss_idmap.pc + +%files -n python3-libsss_nss_idmap +%{python3_sitearch}/pysss_nss_idmap.so + +%files -n python3-libipa_hbac +%{python3_sitearch}/pyhbac.so + +%files winbind-idmap -f sssd_winbind_idmap.lang +%dir %{_libdir}/samba/idmap +%{_libdir}/samba/idmap/sss.so + +%files nfs-idmap -f sssd_nfs_idmap.lang +%{_libdir}/libnfsidmap/sss.so + +%files -n libsss_certmap -f libsss_certmap.lang +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_certmap.so.* + +%files -n libsss_certmap-devel +%doc certmap_doc/html %{_includedir}/sss_certmap.h %{_libdir}/libsss_certmap.so %{_libdir}/pkgconfig/sss_certmap.pc -%files -n python3-sssd -f python3_sssd.lang -%dir %{python3_sitelib}/SSSDConfig -%{python3_sitelib}/SSSDConfig/*.py* -%dir %{python3_sitelib}/SSSDConfig/__pycache__ -%{python3_sitelib}/SSSDConfig/__pycache__/*.py* -%{python3_sitelib}/sssd -%{python3_sitearch}/pysss.so -%{python3_sitearch}/pysss_murmur.so -%{python3_sitearch}/pysss_nss_idmap.so -%{python3_sitearch}/pyhbac.so +%files kcm -f sssd_kcm.lang +%{_libexecdir}/sssd/sssd_kcm +%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache +%dir %{_datadir}/sssd-kcm +%{_datadir}/sssd-kcm/kcm_default_ccache +%{_unitdir}/sssd-kcm.socket +%{_unitdir}/sssd-kcm.service + +%files idp +%{_libexecdir}/sssd/oidc_child +%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so +%{_datadir}/sssd/krb5-snippets/sssd_enable_idp +%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp %files help %doc %{_pkgdocdir} @@ -471,7 +801,7 @@ done %{_mandir}/man5/* %{_mandir}/man8/* -%post +%post common %systemd_post sssd.service %systemd_post sssd-autofs.socket %systemd_post sssd-nss.socket @@ -480,12 +810,8 @@ done %systemd_post sssd-pam-priv.socket %systemd_post sssd-ssh.socket %systemd_post sssd-sudo.socket -%systemd_post sssd-kcm.socket -%systemd_post sssd-ifp.service -/sbin/ldconfig -/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20 -%preun +%preun common %systemd_preun sssd.service %systemd_preun sssd-autofs.socket %systemd_preun sssd-nss.socket @@ -494,13 +820,8 @@ done %systemd_preun sssd-pam-priv.socket %systemd_preun sssd-ssh.socket %systemd_preun sssd-sudo.socket -%systemd_preun sssd-kcm.socket -%systemd_preun sssd-ifp.service -if [ $1 -eq 0 ] ; then - /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so -fi -%postun +%postun common %systemd_postun_with_restart sssd-autofs.socket %systemd_postun_with_restart sssd-nss.socket %systemd_postun_with_restart sssd-pac.socket @@ -508,11 +829,7 @@ fi %systemd_postun_with_restart sssd-pam-priv.socket %systemd_postun_with_restart sssd-ssh.socket %systemd_postun_with_restart sssd-sudo.socket -%systemd_postun_with_restart sssd-kcm.socket -%systemd_postun_with_restart sssd-kcm.service -%systemd_postun_with_restart sssd-ifp.service -# Services have RefuseManualStart=true, therefore we can't request restart. %systemd_postun sssd-autofs.service %systemd_postun sssd-nss.service %systemd_postun sssd-pac.service @@ -520,12 +837,40 @@ fi %systemd_postun sssd-ssh.service %systemd_postun sssd-sudo.service -/sbin/ldconfig +%post dbus +%systemd_post sssd-ifp.service + +%preun dbus +%systemd_preun sssd-ifp.service + +%postun dbus +%systemd_postun_with_restart sssd-ifp.service -%posttrans +%post kcm +%systemd_post sssd-kcm.socket + +%preun kcm +%systemd_preun sssd-kcm.socket + +%postun kcm +%systemd_postun_with_restart sssd-kcm.socket +%systemd_postun_with_restart sssd-kcm.service + +%post client +/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20 + +%preun client +if [ $1 -eq 0 ] ; then + /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so +fi + +%posttrans common %systemd_postun_with_restart sssd.service %changelog +* Thu Feb 29 2024 chendexi - 2.9.4-2 +- unpack for sssd + * Mon Feb 5 2024 wangcheng - 2.9.4-1 - upgrade to 2.9.4 fix some important bugs @@ -585,7 +930,7 @@ fi - install default sssd.conf file * Sat Aug 1 2020 Liquor - 2.2.3-2 -- Fix build failure against samba 4.12.5 +- Fix build failure against samba 4.12.5 * Sat Jul 25 2020 yang_zhuang_zhuang - 2.2.3-1 - update version to 2.2.3 @@ -601,3 +946,4 @@ fi * Tue Aug 27 2019 openEuler Buildteam - 2.2.2-1 - Package init + -- Gitee