From c57b1c4cd7348ee6da22e77762167e385f2f21a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BB=98=E5=96=84=E5=BA=86?= Date: Fri, 18 Feb 2022 01:27:37 +0000 Subject: [PATCH] add several subpackages --- sssd.spec | 359 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 283 insertions(+), 76 deletions(-) diff --git a/sssd.spec b/sssd.spec index 6a307bf..f0548d5 100644 --- a/sssd.spec +++ b/sssd.spec @@ -1,11 +1,17 @@ Name: sssd Version: 2.6.1 -Release: 1 +Release: 2 Summary: System Security Services Daemon License: GPLv3+ and LGPLv3+ URL: https://pagure.io/SSSD/sssd/ Source0: https://github.com/SSSD/sssd/releases/download/%{version}/%{name}-%{version}.tar.gz +Requires: sssd-ad = %{version}-%{release} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-ipa = %{version}-%{release} +Requires: sssd-krb5 = %{version}-%{release} +Requires: sssd-ldap = %{version}-%{release} + Requires: python3-sssd = %{version}-%{release} Requires: libldb Requires: cyrus-sasl-gssapi%{?_isa} @@ -15,48 +21,20 @@ Recommends: bind-utils Recommends: adcli Provides: libsss_sudo-devel = %{version}-%{release} -Provides: sssd-common -Provides: sssd-ldap -Provides: sssd-krb5 -Provides: sssd-krb5-common -Provides: sssd-ipa -Provides: sssd-ad -Provides: sssd-client -Provides: sssd-common-pac Provides: sssd-kcm Provides: sssd-dbus -Provides: libsss_sudo Provides: sssd-proxy -Provides: libsss_idmap -Provides: libipa_hbac -Provides: libsss_autofs -Provides: libsss_nss_idmap Provides: libsss_simpleifp -Provides: libsss_certmap Provides: sssd-libwbclient Provides: sssd-nfs-idmap Provides: sssd-winbind-idmap Provides: sssd-tools Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 -Obsoletes: sssd-common -Obsoletes: sssd-ldap -Obsoletes: sssd-krb5 -Obsoletes: sssd-krb5-common -Obsoletes: sssd-ipa -Obsoletes: sssd-ad -Obsoletes: sssd-client -Obsoletes: sssd-common-pac Obsoletes: sssd-kcm Obsoletes: sssd-dbus -Obsoletes: libsss_sudo Obsoletes: sssd-proxy -Obsoletes: libsss_idmap -Obsoletes: libipa_hbac -Obsoletes: libsss_autofs -Obsoletes: libsss_nss_idmap Obsoletes: libsss_simpleifp -Obsoletes: libsss_certmap Obsoletes: sssd-libwbclient Obsoletes: sssd-nfs-idmap Obsoletes: sssd-winbind-idmap @@ -96,6 +74,150 @@ and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. +%package -n libsss_sudo +Summary: A library to allow communication between SUDO and SSSD +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_sudo +A utility library to allow communication between SUDO and SSSD + +%package ldap +Summary: The LDAP back end of the SSSD +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} + +%description ldap +Provides the LDAP back end that the SSSD can utilize to fetch identity data +from and authenticate against an LDAP server. + +%package -n libsss_idmap +Summary: FreeIPA Idmap library +License: LGPLv3+ + +%description -n libsss_idmap +Utility library to convert SIDs to Unix uids and gids + +%package krb5-common +Summary: SSSD helpers needed for Kerberos and GSSAPI authentication +License: GPLv3+ +Requires: cyrus-sasl-gssapi%{?_isa} +Requires: sssd-common = %{version}-%{release} + +%description krb5-common +Provides helper processes that the LDAP and Kerberos back ends can use for +Kerberos user or host authentication. + +%package krb5 +Summary: The Kerberos authentication back end for the SSSD +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description krb5 +Provides the Kerberos back end that the SSSD can utilize authenticate +against a Kerberos server. + +%package ipa +Summary: The IPA back end of the SSSD +License: GPLv3+ +Requires: samba-client-libs >= %{samba_package_version} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libipa_hbac%{?_isa} = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} +Recommends: bind-utils +Requires: sssd-common-pac = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} + +%description ipa +Provides the IPA back end that the SSSD can utilize to fetch identity data +from and authenticate against an IPA server. + +%package -n libipa_hbac +Summary: FreeIPA HBAC Evaluator library +License: LGPLv3+ + +%description -n libipa_hbac +Utility library to validate FreeIPA HBAC rules for authorization requests + +%package ad +Summary: The AD back end of the SSSD +License: GPLv3+ +Requires: samba-client-libs >= %{samba_package_version} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: sssd-common-pac = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} +Recommends: bind-utils +Recommends: adcli +Suggests: sssd-winbind-idmap = %{version}-%{release} + +%description ad +Provides the Active Directory back end that the SSSD can utilize to fetch +identity data from and authenticate against an Active Directory server. + +%package -n libsss_certmap +Summary: SSSD Certificate Mapping Library +License: LGPLv3+ +Conflicts: sssd-common < %{version}-%{release} + +%description -n libsss_certmap +Library to map certificates to users based on rules + +%package client +Summary: SSSD Client libraries for NSS and PAM +License: LGPLv3+ +Requires: libsss_nss_idmap = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires(post): /usr/sbin/alternatives +Requires(preun): /usr/sbin/alternatives + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD +service. + +%package -n libsss_nss_idmap +Summary: Library for SID and certificate based lookups +License: LGPLv3+ + +%description -n libsss_nss_idmap +Utility library for SID and certificate based lookups + +%package common +Summary: Common files for the SSSD +License: GPLv3+ +Requires: libldb >= %{ldb_version} +Requires: sssd-client%{?_isa} = %{version}-%{release} +Recommends: libsss_sudo = %{version}-%{release} +Recommends: libsss_autofs%{?_isa} = %{version}-%{release} +Recommends: sssd-nfs-idmap = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} +%{?systemd_requires} + +Provides: libsss_sudo-devel = %{version}-%{release} +Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1 + +%description common +Common files for the SSSD. The common package includes all the files needed +to run a particular back end, however, the back ends are packaged in separate +subpackages such as sssd-ldap. + +%package common-pac +Summary: Common files needed for supporting PAC processing +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} + +%description common-pac +Provides common files needed by SSSD providers such as IPA and Active Directory +for handling Kerberos PACs. + %package devel Summary: Development libraries for the SSSD License: GPLv3+ and LGPLv3+ @@ -274,12 +396,112 @@ do *) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang ;; + sssd-ad*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang + ;; + sssd_krb5_*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + sssd-krb5*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang + ;; + pam_sss*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang + ;; + sssd-ipa*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang + ;; + sssd-ldap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang + ;; + sss-certmap*) + echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang + ;; esac done %files -f sssd.lang + + +%config(noreplace) /etc/ld.so.conf.d/* + +%{_datadir}/sssd/sssd.api.conf +%{_datadir}/sssd/sssd.api.d + +%{_sbindir}/sss_obfuscate +%{_sbindir}/sss_override +%{_sbindir}/sss_debuglevel +%{_sbindir}/sss_seed +%{_sbindir}/sssctl + +%{_libexecdir}/sssd/sssd_kcm +%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache +%dir %{_datadir}/sssd-kcm +%{_datadir}/sssd-kcm/kcm_default_ccache +%{_unitdir}/sssd-kcm.socket +%{_unitdir}/sssd-kcm.service + +%{_libexecdir}/sssd/sssd_ifp +%{_unitdir}/sssd-ifp.service +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service + +%{_libexecdir}/sssd/proxy_child +%{_libdir}/%{name}/libsss_proxy.so +%{_libdir}/%{name}/modules/libsss_autofs.so +%{_libdir}/libsss_simpleifp.so.* +%{_libdir}/libnfsidmap/sss.so +%dir %{_libdir}/samba/idmap +%{_libdir}/samba/idmap/sss.so + +%files -n libsss_sudo +%license src/sss_client/COPYING +%{_libdir}/libsss_sudo.so* + +%files -n libsss_nss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_nss_idmap.so.* + +%files ldap +%license COPYING +%{_libdir}/%{name}/libsss_ldap.so +%{_mandir}/man5/sssd-ldap.5* +%{_mandir}/man5/sssd-ldap-attributes.5* + +%files -n libsss_certmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_certmap.so.* +%{_mandir}/man5/sss-certmap.5* + + +%files -n libsss_idmap +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libsss_idmap.so.* + +%files krb5-common +%license COPYING +%attr(755,root,root) %dir %{_localstatedir}/lib/sss/pubconf/krb5.include.d +%{_libexecdir}/sssd/ldap_child +%{_libexecdir}/sssd/krb5_child + +%files krb5 +%license COPYING +%{_libdir}/%{name}/libsss_krb5.so +%{_mandir}/man5/sssd-krb5.5* + +%files ipa +%license COPYING +%attr(700,root,root) %dir %{_localstatedir}/lib/sss/keytabs +%{_libdir}/%{name}/libsss_ipa.so +%{_libexecdir}/sssd/selinux_child +%{_mandir}/man5/sssd-ipa.5* + +%files -n libipa_hbac +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/libipa_hbac.so.* + +%files common -f sssd.lang %license COPYING -%license src/sss_client/COPYING.LESSER %doc src/examples/sssd-example.conf %{_sbindir}/sssd %{_unitdir}/sssd.service @@ -308,9 +530,11 @@ done %{_libexecdir}/sssd/sssd_check_socket_activated_responders %dir %{_libdir}/%{name} +# The files provider is intentionally packaged in -common %{_libdir}/%{name}/libsss_files.so %{_libdir}/%{name}/libsss_simple.so +#Internal shared libraries %{_libdir}/%{name}/libsss_child.so %{_libdir}/%{name}/libsss_crypt.so %{_libdir}/%{name}/libsss_cert.so @@ -345,24 +569,31 @@ done %attr(700,root,root) %dir %{_localstatedir}/lib/sss/pipes/private %attr(755,root,root) %dir %{_localstatedir}/lib/sss/pubconf %attr(755,root,root) %dir %{_localstatedir}/lib/sss/gpo_cache + %attr(750,root,root) %dir %{_var}/log/%{name} %attr(700,root,root) %dir %{_sysconfdir}/sssd %attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d %attr(711,root,root) %dir %{_sysconfdir}/sssd/pki -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf %dir %{_sysconfdir}/logrotate.d %config(noreplace) %{_sysconfdir}/logrotate.d/sssd -%config(noreplace) /etc/ld.so.conf.d/* %dir %{_sysconfdir}/rwtab.d %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %dir %{_datadir}/sssd -%{_sysconfdir}/pam.d/sssd-shadowutils +%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils %dir %{_libdir}/%{name}/conf %{_libdir}/%{name}/conf/sssd.conf %{_datadir}/sssd/cfg_rules.ini -%{_datadir}/sssd/sssd.api.conf -%{_datadir}/sssd/sssd.api.d +%{_mandir}/man1/sss_ssh_authorizedkeys.1* +%{_mandir}/man1/sss_ssh_knownhostsproxy.1* +%{_mandir}/man5/sssd.conf.5* +%{_mandir}/man5/sssd-files.5* +%{_mandir}/man5/sssd-simple.5* +%{_mandir}/man5/sssd-sudo.5* +%{_mandir}/man5/sssd-session-recording.5* +%{_mandir}/man8/sssd.8* +%{_mandir}/man8/sss_cache.8* %dir %{_datadir}/sssd/systemtap %{_datadir}/sssd/systemtap/id_perf.stp %{_datadir}/sssd/systemtap/nested_group_perf.stp @@ -372,62 +603,35 @@ done %dir %{_datadir}/systemtap/tapset %{_datadir}/systemtap/tapset/sssd.stp %{_datadir}/systemtap/tapset/sssd_functions.stp +%{_mandir}/man5/sssd-systemtap.5* -%{_sbindir}/sss_obfuscate -%{_sbindir}/sss_override -%{_sbindir}/sss_debuglevel -%{_sbindir}/sss_seed -%{_sbindir}/sssctl - -%attr(755,root,root) %dir %{_localstatedir}/lib/sss/pubconf/krb5.include.d -%{_libexecdir}/sssd/ldap_child -%{_libexecdir}/sssd/krb5_child -%{_libdir}/%{name}/libsss_krb5.so -%{_libdir}/%{name}/libsss_ldap.so - -%attr(700,root,root) %dir %{_localstatedir}/lib/sss/keytabs -%{_libdir}/%{name}/libsss_ipa.so -%{_libexecdir}/sssd/selinux_child +%files ad +%license COPYING %{_libdir}/%{name}/libsss_ad.so %{_libexecdir}/sssd/gpo_child -%{_libexecdir}/sssd/sssd_pac +%{_mandir}/man5/sssd-ad.5* +%files client +%license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libnss_sss.so.2 %{_libdir}/security/pam_sss.so +%{_libdir}/security/pam_sss_gss.so %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so %{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so %dir %{_libdir}/cifs-utils %{_libdir}/cifs-utils/cifs_idmap_sss.so %dir %{_sysconfdir}/cifs-utils %ghost %{_sysconfdir}/cifs-utils/idmap-plugin +%dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/modules %{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so +%{_mandir}/man8/pam_sss.8* +%{_mandir}/man8/pam_sss_gss.8* +%{_mandir}/man8/sssd_krb5_locator_plugin.8* -%{_libexecdir}/sssd/sssd_kcm -%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache -%dir %{_datadir}/sssd-kcm -%{_datadir}/sssd-kcm/kcm_default_ccache -%{_unitdir}/sssd-kcm.socket -%{_unitdir}/sssd-kcm.service - -%{_libexecdir}/sssd/sssd_ifp -%{_unitdir}/sssd-ifp.service -%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf -%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service - -%{_libdir}/libsss_sudo.so* -%{_libexecdir}/sssd/proxy_child -%{_libdir}/%{name}/libsss_proxy.so -%{_libdir}/libsss_idmap.so.* -%{_libdir}/libipa_hbac.so.* -%{_libdir}/%{name}/modules/libsss_autofs.so -%{_libdir}/libsss_nss_idmap.so.* -%{_libdir}/libsss_simpleifp.so.* -%{_libdir}/libsss_certmap.so.* -%{_libdir}/libnfsidmap/sss.so -%dir %{_libdir}/samba/idmap -%{_libdir}/samba/idmap/sss.so -%{_libdir}/security/pam_sss_gss.so +%files common-pac +%license COPYING +%{_libexecdir}/sssd/sssd_pac %files devel %{_includedir}/sss_idmap.h @@ -538,6 +742,9 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Thu Feb 17 2022 fushanqing - 2.6.1-2 +- add several subpackages + * Wed Dec 29 2021 panxiaohe - 2.6.1-1 - update version to 2.6.1 -- Gitee