File sssd.spec of Package sssd.6481
#
# spec file for package sssd
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sssd
Version: 1.13.4
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: System/Daemons
Url: https://fedorahosted.org/sssd/
Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
Source2: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc
Source3: baselibs.conf
Source4: sssd.service
Source5: sssd.keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Patch1: 0001-build-detect-endianness-at-configure-time.patch
Patch2: 0002-sss_client-Defer-thread-cancellation-until-completio.patch
Patch3: 0003-GPO-ignore-non-KVP-lines-if-possible.patch
Patch4: 0004-sysdb-sanitize-search-filter-input.patch
Patch5: 0005-sdap-Fix-ldap_rfc_2307_fallback_to_local_users.patch
Patch6: 0006-Solve-segfault-in-sss_cache-command-invoked-on-speci.patch
Patch7: 0007-AUTOFS-Fix-offline-resolution-of-autofs-maps.patch
Patch8: 0008-Logging-handle-hup-for-helper-fds.patch
Patch9: 0009-SUDO-Create-the-socket-with-stricter-permissions.patch
Patch10: 0010-NSS-Move-a-DEBUG-message-so-that-it-s-less-confusing.patch
Patch11: 0011-trim_whitespaces_in_netgroup_triples.patch
Patch12: 0012-call_exit_if_exec_failed.patch
Patch13: 0013-AD-skip-reneval-task-without-adcli.patch
Patch14: 0014-MONITOR-Create-pidfile-after-responders-started.patch
Patch15: 0015-UTILS-Fixing-duplication-of-pid-file-declaration.patch
Patch16: 0016-BUILD-Fix-detection-of-systemd.patch
%define servicename sssd
%define sssdstatedir %_localstatedir/lib/sss
%define dbpath %sssdstatedir/db
%define pipepath %sssdstatedir/pipes
%define pubconfpath %sssdstatedir/pubconf
%define mcpath %sssdstatedir/mcpath
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bind-utils
BuildRequires: cyrus-sasl-devel
BuildRequires: docbook-xsl-stylesheets
BuildRequires: gpg-offline
BuildRequires: krb5-devel
BuildRequires: libsmbclient-devel
BuildRequires: libtool
BuildRequires: libxml2-tools
BuildRequires: libxslt-tools
BuildRequires: logrotate
BuildRequires: nscd
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: pkgconfig >= 0.21
BuildRequires: samba-libs >= 4
BuildRequires: systemd
BuildRequires: systemd-devel
BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
BuildRequires: pkgconfig(dhash) >= 0.4.2
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(ini_config) >= 0.6.1
BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libnl-1) >= 1.1
BuildRequires: pkgconfig(libpcre) >= 7
BuildRequires: pkgconfig(ndr_krb5pac)
BuildRequires: pkgconfig(ndr_nbt)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent)
Requires: libsss_sudo = %version-%release
Requires: sssd-ldap = %version-%release
Requires(postun): pam-config
Recommends: logrotate
%{?systemd_requires}
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package ad
Summary: The ActiveDirectory backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name-krb5-common = %version
%description ad
Provides the Active Directory back end that the SSSD can utilize to
fetch identity data from and authenticate against an Active Directory
server.
%package ipa
Summary: FreeIPA backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name = %version
Requires: %name-ad = %version-%release
Requires: %name-krb5-common = %version-%release
Obsoletes: %name-ipa-provider < %version-%release
Provides: %name-ipa-provider = %version-%release
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity
data from and authenticate against an IPA server.
%package krb5
Summary: The Kerberos authentication backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name-krb5-common = %version-%release
%description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.
%package krb5-common
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
License: GPL-3.0-or-later
Group: System/Daemons
Requires: cyrus-sasl-gssapi
%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can
use for Kerberos user or host authentication.
%package ldap
Summary: The LDAP backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name-krb5-common = %version-%release
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch
identity data from and authenticate against an LDAP server.
%package proxy
Summary: The proxy backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
%description proxy
Provides the proxy back end which can be used to wrap an existing NSS
and/or PAM modules to leverage SSSD caching.
%package tools
Summary: Commandline tools for sssd
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: System/Management
Requires: python-sssd-config = %version
Requires: sssd = %version
%description tools
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).
%package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0-or-later
Group: System/Libraries
%description -n libipa_hbac0
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libipa_hbac-devel
Summary: Development files for the FreeIPA HBAC Evaluator library
License: LGPL-3.0-or-later
Group: Development/Libraries/C and C++
Requires: libipa_hbac0 = %version
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libsss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0-or-later
Group: System/Libraries
%description -n libsss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_idmap-devel
Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0-or-later
Group: Development/Libraries/C and C++
Requires: libsss_idmap0 = %version
%description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_nss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0-or-later
Group: System/Libraries
%description -n libsss_nss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_nss_idmap-devel
Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0-or-later
Group: Development/Libraries/C and C++
Requires: libsss_nss_idmap0 = %version
%description -n libsss_nss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_sudo
Summary: A library to allow communication between sudo and SSSD
License: LGPL-3.0-or-later
Group: System/Libraries
Provides: libsss_sudo-devel = %version-%release
Obsoletes: libsss_sudo-devel < %version-%release
# No provides: true obsolete.
Obsoletes: libsss_sudo1
%description -n libsss_sudo
A utility library to allow communication between sudo and SSSD.
%package -n python-ipa_hbac
Summary: Python bindings for the FreeIPA HBAC Evaluator library
License: LGPL-3.0-or-later
Group: Development/Libraries/Python
%py_requires
%description -n python-ipa_hbac
The python-ipa_hbac package contains the bindings so that libipa_hbac
can be used by Python applications.
%package -n python-sss_nss_idmap
Summary: Python bindings for libsss_nss_idmap
License: LGPL-3.0-or-later
Group: Development/Libraries/Python
%py_requires
%description -n python-sss_nss_idmap
The libsss_nss_idmap-python contains the bindings so that
libsss_nss_idmap can be used by Python applications.
%package -n python-sssd-config
Summary: Python API for configuring sssd
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: Development/Libraries/Python
%py_requires
%description -n python-sssd-config
Provide python module to access and manage configuration of the System
Security Services Daemon (sssd).
%prep
%{?gpg_verify: %gpg_verify %{S:2}}
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%build
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
# help configure find nscd
export PATH="$PATH:/usr/sbin"
autoreconf -fi;
%configure \
--with-crypto=libcrypto \
--with-db-path="%dbpath" \
--with-mcache-path="%mcpath" \
--with-pipe-path="%pipepath" \
--with-pubconf-path="%pubconfpath" \
--with-init-dir="%_initrddir" \
--enable-nsslibdir="/%_lib" \
--enable-pammoddir="/%_lib/security" \
--with-ldb-lib-dir="$LDB_DIR" \
--with-selinux=no \
--with-os=suse \
--with-semanage=no \
--disable-config-lib \
--without-python3-bindings \
--disable-cifs-idmap-plugin \
--without-nfsv4-idmapd-plugin \
--without-infopipe \
--disable-ldb-version-check \
--with-libwbclient=no
make %{?_smp_mflags} all
%install
b="%buildroot";
make install DESTDIR="$b"
# Remove manual pages that belong to the disabled infopipe and idmapd plugin
rm %{buildroot}%{_mandir}/*/man*/{sss_rpcidmapd*,sssd-ifp*}
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
"$b/%_mandir"/{uk/man5,uk/man8};
install -d "$b/%_sysconfdir/sssd";
# Copy default sssd.conf file
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
mkdir -p "$b/%_sysconfdir/logrotate.d"
install -m600 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd";
install -d "$b/%_unitdir";
install -m644 %{S:4} "$b/%_unitdir/sssd.service";
rm -Rf "$b/%_initddir"
# Install rcsssd
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcsssd
find "$b" -type f -name "*.la" -delete;
%find_lang %name --all-name
%pre
%service_add_pre sssd.service
%post
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
/sbin/ldconfig
%service_add_post sssd.service
%preun
%service_del_preun sssd.service
%postun
if [ "$1" == "0" ]; then
"%_sbindir/pam-config" -d --sss || :;
fi;
/sbin/ldconfig
%service_del_postun sssd.service
%post -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%post -n libsss_idmap0 -p /sbin/ldconfig
%postun -n libsss_idmap0 -p /sbin/ldconfig
%post -n libsss_nss_idmap0 -p /sbin/ldconfig
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
%files -f sssd.lang
%defattr(-,root,root)
%license COPYING
%_unitdir
%_bindir/sss_ssh_*
%_sbindir/sssd
%dir %_mandir/??/
%dir %_mandir/??/man?/
%_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5*
%_mandir/??/man5/sssd.conf.5*
%_mandir/??/man8/sssd.8*
%_mandir/man1/sss_ssh_*
%_mandir/man5/sssd-simple.5*
%_mandir/man5/sssd-sudo.5*
%_mandir/man5/sssd.conf.5*
%_mandir/man8/sssd.8*
%dir %_libdir/%name/
%_libdir/%name/libsss_child*
%_libdir/%name/libsss_crypt*
%_libdir/%name/libsss_debug*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
%_libdir/%name/libsss_cert.*
%_libdir/%name/libsss_semanage.*
%_libdir/%name/modules/
%dir %_libdir/ldb/
%_libdir/ldb/memberof.so
%dir %_libexecdir/%name/
%_libexecdir/%name/sssd_autofs
%_libexecdir/%name/sssd_be
%_libexecdir/%name/sssd_nss
%_libexecdir/%name/sssd_pam
%_libexecdir/%name/sssd_ssh
%_libexecdir/%name/sssd_sudo
%_libexecdir/%name/sss_signal
%dir %sssdstatedir
%attr(755,root,root) %dir %mcpath
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %mcpath/passwd
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %mcpath/group
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %mcpath/initgroups
%attr(700,root,root) %dir %dbpath/
%attr(755,root,root) %dir %pipepath/
%attr(700,root,root) %dir %pipepath/private/
%attr(755,root,root) %dir %pubconfpath/
%attr(750,root,root) %dir %_localstatedir/log/%name/
%dir %_sysconfdir/sssd/
%config(noreplace) %_sysconfdir/sssd/sssd.conf
%config(noreplace) %_sysconfdir/logrotate.d/sssd
%dir %_datadir/%name/
%_datadir/%name/sssd.api.conf
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-local.conf
%_datadir/%name/sssd.api.d/sssd-simple.conf
%{_sbindir}/rcsssd
#
# sssd-client
#
/%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so
%_libdir/krb5/
%_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/man8/pam_sss.8*
%_mandir/man8/sssd_krb5_locator_plugin.8*
%files ad
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ad.*
%_libexecdir/%name/sssd_pac
%_libexecdir/%name/gpo_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-ad.5*
%_mandir/??/man5/sssd-ad.5*
%files ipa
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ipa*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-ipa.5*
%_mandir/??/man5/sssd-ipa.5*
%files krb5
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5.so
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5*
%files krb5-common
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5_common.so
%dir %_libexecdir/%name/
%_libexecdir/%name/krb5_child
%_libexecdir/%name/ldap_child
%files ldap
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ldap*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ldap.5*
%_mandir/man5/sssd-ldap.5*
%files proxy
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_proxy.so
%dir %_libexecdir/%name/
%_libexecdir/%name/proxy_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-proxy.conf
%files tools
%defattr(-,root,root)
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
%_sbindir/sss_groupadd
%_sbindir/sss_groupdel
%_sbindir/sss_groupmod
%_sbindir/sss_groupshow
%_sbindir/sss_seed
%_sbindir/sss_obfuscate
%_sbindir/sss_useradd
%_sbindir/sss_userdel
%_sbindir/sss_usermod
%_sbindir/sss_override
%dir %_mandir/??/man8/
%_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8*
%files -n libipa_hbac0
%defattr(-,root,root)
%_libdir/libipa_hbac.so.0*
%files -n libipa_hbac-devel
%defattr(-,root,root)
%_includedir/ipa_hbac.h
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc
%files -n libsss_idmap0
%defattr(-,root,root)
%_libdir/libsss_idmap.so.0*
%files -n libsss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_idmap.h
%_libdir/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc
%files -n libsss_nss_idmap0
%defattr(-,root,root)
%_libdir/libsss_nss_idmap.so.0*
%files -n libsss_nss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_nss_idmap.h
%_libdir/libsss_nss_idmap.so
%_libdir/pkgconfig/sss_nss_idmap.pc
%files -n libsss_sudo
%defattr(-,root,root)
%_libdir/libsss_sudo.so
%files -n python-ipa_hbac
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pyhbac.so
%files -n python-sss_nss_idmap
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pysss_nss_idmap.so
%files -n python-sssd-config
%defattr(-,root,root)
%python_sitearch/pysss.so
%python_sitearch/pysss_murmur.so
%python_sitelib/SSSDConfig*
%changelog
