File gssproxy.spec of Package gssproxy
#
# spec file for package gssproxy
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: gssproxy
Version: 0.7.0
Release: 0
Summary: Daemon for managing gss-api requests
License: MIT
Group: Productivity/Networking/System
Url: https://pagure.io/gssproxy
Source0: https://releases.pagure.org/gssproxy/%{name}-%{version}.tar.gz
Source1: libverto.pc
Source2: ini_config.pc
Patch2: gp_config.fix
Patch3: 0001-Add-support-for-the-NO_CI_FLAG-credentials-option.REVERT
Patch4: 0002-Add-test-to-check-setting-cred-options.REVERT
Patch5: 0003-Include-header-for-writev.patch
BuildRequires: docbook-xsl-stylesheets
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: pkgconfig(krb5-gssapi) >= 1.12.0
BuildRequires: pkgconfig(ini_config)
BuildRequires: pkgconfig(libselinux)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(libxslt)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(systemd)
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
%if 0%{?suse_version} > 1315
# in earlier versions, libverto is in krb5-devel
BuildRequires: pkgconfig(libverto) >= 0.2.2
%endif
%description
gssproxy allows the complexity of GSS security negotiation
to be centrallized. It is particularly useful to keep this out
of kernel space, so that CIPFS, NFS, AFS etc can use GSS-API without
complexity in the kernel.
Using it also improves isolation and privilege separation, so that
HTTP servers, for example, can use GSS-API without needing to access
keys directly.
%prep
%setup -q
%if 0%{?suse_version} <= 1315
# patch is needed to disable ini_config_augment, which is
# not available in the version on SLE12-SP1
%patch2 -p1
# These two patches remove use of GSS_KRB5_CRED_NO_CI_FLAGS_X
# which was not added to krb5 until k5b5-1.14
%patch3 -p1
%patch4 -p1
%endif
%patch5 -p1
%build
autoreconf -f -i
%if 0%{?suse_version} <= 1315
# fake acceptable versions of some packages
export PKG_CONFIG_PATH=.
cp %{SOURCE1} %{SOURCE2} .
%endif
%configure
make %{?_smp_mflags}
%install
%make_install
rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcgssproxy
install -D -m 644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
install -d -m 700 %{buildroot}%{_localstatedir}/lib/gssproxy/rcache
%if 0%{?suse_version} <= 1315
# due to old libini_config, we can only support a single config file
cat examples/24-nfs-server.conf >> %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
%else
install -D -m 644 examples/24-nfs-server.conf %{buildroot}%{_sysconfdir}/gssproxy/24-nfs-server.conf
%endif
%pre
%service_add_pre gssproxy.service
%post
%service_add_post gssproxy.service
%preun
%service_del_preun gssproxy.service
%postun
%service_del_postun gssproxy.service
%files
%defattr(-,root,root)
%{_sbindir}/gssproxy
%{_sbindir}/rcgssproxy
%dir %{_libdir}/gssproxy
%{_libdir}/gssproxy/proxymech.so
%dir %{_localstatedir}/lib/gssproxy
%dir %{_localstatedir}/lib/gssproxy/rcache
%{_unitdir}/gssproxy.service
%{_mandir}/man5/gssproxy.conf.5%{ext_man}
%{_mandir}/man8/gssproxy-mech.8%{ext_man}
%{_mandir}/man8/gssproxy.8%{ext_man}
%dir %{_sysconfdir}/gssproxy
%config %{_sysconfdir}/gssproxy/gssproxy.conf
%if 0%{?suse_version} > 1315
%config %{_sysconfdir}/gssproxy/24-nfs-server.conf
%endif
%changelog
