File gssproxy.spec of Package gssproxy.19410

# spec file for package gssproxy
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

Name:           gssproxy
Version:        0.8.2
Release:        0
Summary:        Daemon for managing gss-api requests
License:        MIT
Group:          Productivity/Networking/System
# PATCH-FIX-SUSE disable test that fails only on OBS builds
# CVE-2020-12658 [bsc#1180515], unlock cond_mutex issue before pthread exit in gp_worker_main()
Patch1:         gssproxy-CVE-2020-12658.patch
Patch2:         0002-Replace-var-run-run-in-gssproxy.service.patch
BuildRequires:  docbook-xsl-stylesheets
BuildRequires:  doxygen
BuildRequires:  krb5-client
BuildRequires:  krb5-plugin-kdb-ldap
BuildRequires:  libtool
BuildRequires:  openldap2
BuildRequires:  openldap2-client
BuildRequires:  pkgconfig
BuildRequires:  python3
BuildRequires:  system-user-nobody
BuildRequires:  systemd-rpm-macros
BuildRequires:  valgrind
BuildRequires:  krb5-devel
BuildRequires:  pkgconfig(ini_config) >= 1.2.0
BuildRequires:  pkgconfig(krb5-gssapi) >= 1.12.0
BuildRequires:  pkgconfig(libselinux)
BuildRequires:  pkgconfig(libxml-2.0)
BuildRequires:  pkgconfig(libxslt)
BuildRequires:  pkgconfig(nss_wrapper)
BuildRequires:  pkgconfig(popt)
BuildRequires:  pkgconfig(socket_wrapper)
BuildRequires:  pkgconfig(systemd)
%if 0%{?suse_version} > 1315
# in earlier versions, libverto is in krb5-devel
BuildRequires:  pkgconfig(libverto) >= 0.2.2

gssproxy allows the complexity of GSS security negotiation
to be centrallized.  It is particularly useful to keep this out
of kernel space, so that CIPFS, NFS, AFS etc can use GSS-API without
complexity in the kernel.

Using it also improves isolation and privilege separation, so that
HTTP servers, for example, can use GSS-API without needing to access
keys directly.

%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1

autoreconf -fvi
%configure --with-pid-file=%{_rundir}/
make %{?_smp_mflags}
make -j1 test_proxymech

rm -f %{buildroot}%{_libdir}/gssproxy/
ln -s service %{buildroot}%{_sbindir}/rcgssproxy
install -D -m 644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
install -d -m 700 %{buildroot}%{_localstatedir}/lib/gssproxy/rcache
install -D -m 644 examples/24-nfs-server.conf %{buildroot}%{_sysconfdir}/gssproxy/24-nfs-server.conf

make %{?_smp_mflags} check

%service_add_pre gssproxy.service

%service_add_post gssproxy.service

%service_del_preun gssproxy.service

%service_del_postun gssproxy.service

%license COPYING
%dir %{_libdir}/gssproxy
%dir %{_localstatedir}/lib/gssproxy
%dir %{_localstatedir}/lib/gssproxy/rcache
%dir %{_sysconfdir}/gssproxy
%config %{_sysconfdir}/gssproxy/gssproxy.conf
%config %{_sysconfdir}/gssproxy/24-nfs-server.conf

openSUSE Build Service is sponsored by