File sssd.spec of Package sssd
#
# spec file for package sssd
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: sssd
Version: 1.9.4
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+
Group: System/Daemons
Url: https://fedorahosted.org/sssd/
Requires(postun): pam-config
#Git-Clone: git://git.fedorahosted.org/sssd
Source: %name-%version.tar.xz
Source3: baselibs.conf
Patch1: 0005-implicit-decl.diff
Patch2: sssd-ldflags.diff
Patch4: sssd-sysdb-binary-attrs.diff
# Fixes for CVE-2013-0287 (will be part of 1.9.5) when released
Patch5: Provide-a-be_get_account_info_send-function.patch
Patch6: Add-unit-tests-for-simple-access-test-by-groups.patch
Patch7: Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch
Patch8: Resolve-GIDs-in-the-simple-access-provider.patch
# End Fixed for CVE-2013-0287
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define servicename sssd
%define sssdstatedir %_localstatedir/lib/sss
%define dbpath %sssdstatedir/db
%define pipepath %sssdstatedir/pipes
%define pubconfpath %sssdstatedir/pubconf
# SLES11 doesn't know the python_* macros
%if %suse_version <= 1110
%define python_sitelib %py_sitedir
%define python_sitearch %py_sitedir
%endif
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bind-utils
BuildRequires: docbook-xsl-stylesheets
BuildRequires: krb5-devel
BuildRequires: libtool
BuildRequires: pkgconfig >= 0.21
%if 0%{?suse_version} >= 1210
BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
BuildRequires: pkgconfig(dhash) >= 0.4.2
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(ini_config) >= 0.6.1
BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libnl-1) >= 1.1
BuildRequires: pkgconfig(libpcre) >= 7
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent)
%else
BuildRequires: dbus-1-devel >= 1.0.0
BuildRequires: glib2-devel
BuildRequires: libcares-devel
BuildRequires: libcollection-devel >= 0.5.1
BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libini_config-devel >= 0.6.1
BuildRequires: libldb-devel >= 0.9.2
BuildRequires: libnl-devel >= 1.1
BuildRequires: libopenssl-devel
BuildRequires: libtalloc-devel
BuildRequires: libtdb-devel >= 1.1.3
BuildRequires: libtevent-devel
BuildRequires: pcre-devel >= 7
BuildRequires: popt-devel
BuildRequires: python-devel
%endif
%if 0%{?suse_version} >= 1220
BuildRequires: libxml2-tools
BuildRequires: libxslt-tools
%else
BuildRequires: libxml2
BuildRequires: libxslt
%endif
BuildRequires: nscd
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
%if %suse_version >= 1210
BuildRequires: systemd
%{?systemd_requires}
%endif
BuildRequires: xz
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package ipa-provider
Summary: FreeIPA provider plugin for sssd
License: GPL-3.0+ and LGPL-3.0+
Group: System/Daemons
Requires: sssd = %version
%description ipa-provider
This package provide the FreeIPA provider plugin for the System Security
Services Daemon (sssd).
%package tools
Summary: Commandline tools for sssd
License: GPL-3.0+ and LGPL-3.0+
Group: System/Management
Requires: sssd = %version
%description tools
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).
%package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0+
Group: System/Libraries
%description -n libipa_hbac0
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libipa_hbac-devel
Summary: Development files for the FreeIPA HBAC Evaluator library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libipa_hbac0 = %version
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libsss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0+
Group: System/Libraries
%description -n libsss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_idmap-devel
Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libsss_idmap0 = %version
%description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_sudo
Summary: A library to allow communication between sudo and SSSD
License: LGPL-3.0+
Group: System/Libraries
Provides: libsss_sudo-devel = %version-%release
Obsoletes: libsss_sudo-devel < %version-%release
# No provides: true obsolete.
Obsoletes: libsss_sudo1
%description -n libsss_sudo
A utility library to allow communication between sudo and SSSD.
%package -n python-ipa_hbac
Summary: Python bindings for the FreeIPA HBAC Evaluator library
License: GPL-3.0+ and LGPL-3.0+
Group: Development/Libraries/Python
%py_requires
%description -n python-ipa_hbac
The python-ipa_hbac package contains the bindings so that libipa_hbac
can be used by Python applications.
%package -n python-sssd-config
Summary: Python API for configuring sssd
License: GPL-3.0+ and LGPL-3.0+
Group: Development/Libraries/Python
%py_requires
%description -n python-sssd-config
Provide python module to access and manage configuration of the System
Security Services Daemon (sssd).
%prep
%setup -q
%patch -P 1 -P 2 -P 4 -P 5 -P 6 -P 7 -P 8 -p1
%build
%if 0%{?suse_version} < 1210
# pkgconfig file not present
export LDB_LIBS="-lldb"
export LDB_CFLAGS=" "
export LDB_DIR="%_libdir/ldb"
%else
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
%endif
# help configure find nscd
export PATH="$PATH:/usr/sbin"
autoreconf -fi;
%configure \
--with-crypto=libcrypto \
--with-db-path="%dbpath" \
--with-pipe-path="%pipepath" \
--with-pubconf-path="%pubconfpath" \
--with-init-dir="%_initrddir" \
--enable-nsslibdir="/%_lib" \
--enable-pammoddir="/%_lib/security" \
--with-ldb-lib-dir="$LDB_DIR" \
--with-selinux=no \
--with-os=suse \
--with-semanage=no
make %{?_smp_mflags} all
%install
b="%buildroot";
make install DESTDIR="$b"
# Copy default sssd.conf file
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
"$b/%_mandir"/{uk/man5,uk/man8};
install -d "$b/%_sysconfdir/sssd";
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd";
%if 0%{?_unitdir:1}
install -d "$b/%_unitdir";
install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service";
%endif
ln -sf ../../etc/init.d/sssd $b/usr/sbin/rcsssd
find "$b" -type f -name "*.la" -delete;
%if %suse_version <= 1110
# remove some unsupported languages, sssd does not contain
# translations for these anyway
rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN}
%endif
%find_lang %name --all-name
%if 0%{?_unitdir:1}
%pre
%service_add_pre sssd.service
%endif
%post
/sbin/ldconfig
%if 0%{?_unitdir:1}
%service_add_post sssd.service
%endif
%preun
%stop_on_removal sssd
%if 0%{?_unitdir:1}
%service_del_preun sssd.service
%endif
%postun
/sbin/ldconfig
%restart_on_update sssd
%insserv_cleanup
%if 0%{?_unitdir:1}
%service_del_postun sssd.service
%endif
if [ "$1" == "0" ]; then
"%_sbindir/pam-config" -d --sss || :;
fi;
%post -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%post -n libsss_idmap0 -p /sbin/ldconfig
%postun -n libsss_idmap0 -p /sbin/ldconfig
%files -f sssd.lang
%defattr(-,root,root)
%doc COPYING
%_initrddir/%name
%if 0%{?_unitdir:1}
%_unitdir
%endif
%_bindir/sss_ssh_*
%_sbindir/sssd
%_sbindir/rcsssd
%dir %_libdir/%name
%dir %_libexecdir/%name
%dir %_mandir/cs
%dir %_mandir/cs/man8
%dir %_mandir/nl
%dir %_mandir/nl/man8
%dir %_mandir/pt
%dir %_mandir/pt/man8
%dir %_mandir/uk
%dir %_mandir/uk/man1
%dir %_mandir/uk/man5
%dir %_mandir/uk/man8
%_mandir/??/man?/*
%_mandir/man1/sss_ssh_*
%_mandir/man5/sssd-ad.5*
%_mandir/man5/sssd-krb5.5*
%_mandir/man5/sssd-ldap.5*
%_mandir/man5/sssd-simple.5*
%_mandir/man5/sssd-sudo.5*
%_mandir/man8/sssd.8*
%_mandir/man5/sssd.conf.5.gz
%_libexecdir/%name/sss*
%_libexecdir/%name/*_child
%_libdir/%name/libsss_ad.so
%_libdir/%name/libsss_krb5*
%_libdir/%name/libsss_ldap*
%_libdir/%name/libsss_proxy*
%_libdir/%name/libsss_simple*
%_libdir/%name/modules
%_libdir/ldb/memberof.so
%dir %sssdstatedir
%attr(700,root,root) %dir %dbpath
%attr(755,root,root) %dir %pipepath
%attr(700,root,root) %dir %pipepath/private
%attr(755,root,root) %dir %pubconfpath
%attr(750,root,root) %dir %_localstatedir/log/%name
%dir %_sysconfdir/sssd
%config(noreplace) %_sysconfdir/sssd/sssd.conf
%_datadir/sssd
%exclude %_datadir/sssd/sssd.api.d/sssd-ipa.conf
#
# client side
#
/%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so
%_libdir/krb5/plugins/libkrb5/*
%_mandir/man8/pam_sss.8.gz
%_mandir/man8/sssd_krb5_locator_plugin.8.gz
%files tools
%defattr(-,root,root)
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
%_sbindir/sss_groupadd
%_sbindir/sss_groupdel
%_sbindir/sss_groupmod
%_sbindir/sss_groupshow
%_sbindir/sss_seed
%_sbindir/sss_useradd
%_sbindir/sss_userdel
%_sbindir/sss_usermod
%_mandir/man8/sss_groupadd.8*
%_mandir/man8/sss_groupdel.8*
%_mandir/man8/sss_groupmod.8*
%_mandir/man8/sss_groupshow.8*
%_mandir/man8/sss_seed.8*
%_mandir/man8/sss_useradd.8*
%_mandir/man8/sss_userdel.8*
%_mandir/man8/sss_usermod.8*
%_mandir/man8/sss_obfuscate.8*
%_mandir/man8/sss_cache.8*
%_mandir/man8/sss_debuglevel.8*
%attr(0755,root,root) %_sbindir/sss_obfuscate
%files ipa-provider
%defattr(-,root,root)
%dir %_datadir/sssd
%dir %_datadir/sssd/sssd.api.d
%_datadir/sssd/sssd.api.d/sssd-ipa.conf
%_libdir/sssd/libsss_ipa*
%_mandir/man5/sssd-ipa.*
%files -n libipa_hbac0
%defattr(-,root,root)
%_libdir/libipa_hbac.so.0*
%files -n libipa_hbac-devel
%defattr(-,root,root)
%_includedir/ipa_hbac.h
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc
%files -n libsss_idmap0
%defattr(-,root,root)
%_libdir/libsss_idmap.so.0*
%files -n libsss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_idmap.h
%_libdir/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc
%files -n libsss_sudo
%defattr(-,root,root)
%_includedir/sss_sudo.h
%_libdir/libsss_sudo.so
%files -n python-ipa_hbac
%defattr(-,root,root)
%python_sitearch/pyhbac.so
%files -n python-sssd-config
%defattr(-,root,root)
%python_sitearch/pysss.so
%python_sitearch/pysss_murmur.so
%python_sitelib/SSSDConfig*
%changelog
