File krb5-plugin-preauth-pkinit-nss.spec of Package krb5-plugin-preauth-pkinit-nss
#
# spec file for package krb5-plugin-preauth-pkinit-nss (Version 0.7.7)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: krb5-plugin-preauth-pkinit-nss
Version: 0.7.7
Release: 1
BuildRequires: keyutils-devel krb5-devel >= 1.6.1 mozilla-nss-devel >= 3.11.2 pkgconfig
Summary: MIT Kerberos5 Implementation--PKINIT preauth Plugin
License: LGPL v2.1 or later
Group: Productivity/Networking/Security
Provides: pkinit-nss
Obsoletes: pkinit-nss
Conflicts: krb5-plugin-preauth-pkinit
Source: pkinit-nss-%{version}-1.tar.bz2
Patch0: pkinit-nss-0.6.1-match-default-realms.patch
Patch1: pkinit-nss-0.7.2-1-documentation.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
The pkinit-nss package implements the PKINIT standard for MIT Kerberos.
It does this, using the Mozilla NSS library.
Authors:
--------
Nalin Dahyabhai <nalin@redhat.com>
%prep
%setup -q -n pkinit-nss-%{version}-1
%patch0
%patch1
%build
%configure --disable-static --enable-gcc-warnings \
--with-default-server-nss-dbdir=/var/lib/kerberos/krb5kdc/ \
--with-default-client-nss-dbdir=/etc/ssl/nssdb
make
%install
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/*.{a,la}
# installing docs
mkdir -p $RPM_BUILD_ROOT/%{_docdir}/%{name}/examples
cp doc/openssl/make-certs.sh $RPM_BUILD_ROOT/%{_docdir}/%{name}/examples/
cp ChangeLog doc/README doc/STANDARDS doc/TODO doc/CONFIGURATION $RPM_BUILD_ROOT/%{_docdir}/%{name}/
cp backport/*.patch $RPM_BUILD_ROOT/%{_docdir}/%{name}/
%clean
rm -fr $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%dir %{_docdir}/%{name}/examples
%{_docdir}/%name
%{_bindir}/pkinit-show-cert-guid
%{_bindir}/pkinit-get-san
%{_libdir}/krb5
%changelog
* Thu Sep 04 2008 mc@suse.de
- update to version 0.7.7
* Learn to match certificates on email addresses, and to handle references to
parts of the relevant principal name in matching rules.
* Let the KDC use the matching rules to determine if a certificate matches the
user for whom a TGT is being requested.
* Fri Aug 29 2008 mc@suse.de
- update to version 0.7.6
* Correctly initialize NSS so that we continue to be able to read the database
with NSS 3.12.
* Make the version number we use when generating Signed-Data tunable for the
sake of other implementations which only accept one version or another.
* Teach the server side about a "server_pin_file", so that databases with a
PIN set can be used.
* Add some brief notes on setting up for testing.
* Fix wire-level incompatibilities with WS2008.
* Recognize and support "pkinit_kdc_hostname" and "pkinit_eku_checking"
settings.
* Recognize and support "pkinit_dh_min_bits", and allow it to override the
configured preference of which Oakley group to use.
* Recognize and support "pkinit_cert_match" rules.
* Wed Feb 13 2008 mc@suse.de
- modify pkinit-nss-0.6.1-match-default-realms.patch
to call krb5_get_host_realm() correct.
[bnc#298362]
* Wed Oct 24 2007 mc@suse.de
- update to version 0.7.4
* Implement interfaces for krb5 1.6.3.
* Tue Oct 23 2007 mc@suse.de
- add Conflicts to krb5-plugin-preauth-pkinit
* Thu Jul 12 2007 mc@suse.de
- update to version 0.7.3
* initialize "name" to avoid displaying a garbage pointer
when using software certs
* Tue Jul 03 2007 mc@suse.de
- add pkinit-nss-0.6.1-match-default-realms.patch
- fix documentation
* Fri Jun 22 2007 mc@suse.de
- update to version 0.7.2
* Bug fixes
* Tue Jun 19 2007 mc@suse.de
- initial release (Version 0.7.1)
