File freeipa.spec of Package freeipa
#
# spec file for package freeipa
#
# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%bcond_without only_client
%if %{with only_client}
%global enable_server_option --disable-server
%else
%global enable_server_option --enable-server
%endif
# while we only build the client this works. for building the server we still need python2
# then we will need to change the BR for sssd-config to python3-sssd-config
%define skip_python2 1
# 1.15.1-7: certauth (http://krbdev.mit.edu/rt/Ticket/Display.html?id=8561)
%global krb5_version 1.15.1
# 0.7.16: https://github.com/drkjam/netaddr/issues/71
%global python_netaddr_version 0.7.16
# Require 4.6.0-4 which brings RC4 for FIPS + trust fixes to priv. separation
%global samba_version 4.6.0
%global samba_build_version 4.2.1
%global selinux_policy_version 3.13.1
%global slapi_nis_version 0.56.1
%define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
%global plugin_dir %{_libdir}/dirsrv/plugins
%global etc_systemd_dir %{_sysconfdir}/systemd/system
%global gettext_domain ipa
Name: freeipa
Version: 4.12.2+git0.c7da7e0d
Release: 0
License: GPL-3.0+
Summary: The Identity, Policy and Audit system
Url: https://www.freeipa.org/
Group: Productivity/Networking/LDAP/Servers
Source: freeipa-%{version}.tar.xz
Source1: %{name}-rpmlintrc
%if 0%{?sle_version} > 150400 || 0%{?suse_version} > 1500
Patch0001: krb5-client_paths.patch
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# autogen.sh
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: gettext
BuildRequires: gettext-devel
#
BuildRequires: pkgconfig(ini_config)
BuildRequires: pkgconfig(krb5) >= %{krb5_version}
BuildRequires: pkgconfig(libsasl2)
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(nss)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(sss_nss_idmap)
#
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
# all
BuildRequires: %{python_module six}
# ipaclient
BuildRequires: %{python_module cryptography}
BuildRequires: %{python_module qrcode}
# ipaclient/csrgen
Recommends: %{python_module jinja2}
# ipaclient/otptoken_yubikey
Recommends: %{python_module python-yubico}
Recommends: %{python_module pyusb}
# ipalib
BuildRequires: %{python_module netaddr}
BuildRequires: %{python_module pyasn1}
BuildRequires: %{python_module pyasn1-modules}
# ipaplatform
BuildRequires: %{python_module cffi}
# ipapython
BuildRequires: %{python_module dnspython}
BuildRequires: %{python_module gssapi}
BuildRequires: %{python_module netifaces}
BuildRequires: %{python_module ldap}
BuildRequires: %{python_module dbus-python}
BuildRequires: %{python_module gssapi}
BuildRequires: python3-sssd-config
BuildRequires: %{python_module nss}
#
%if 0%{?suse_version}
BuildRequires: openldap2-devel
# For rpmlint
BuildRequires: fdupes
BuildRequires: systemd-rpm-macros
%else
BuildRequires: openldap-devel
%endif
# for sssd_pac
BuildRequires: sssd-ad
BuildRequires: sssd-ipa
BuildRequires: suse-release
BuildRequires: xmlrpc-c-devel >= 1.27.4
BuildRequires: libjansson-devel
BuildRequires: libcurl-devel
BuildRequires: systemd
%description
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
%package client
Group: Productivity/Networking/LDAP/Clients
Requires: %{name}-common = %{version}
Requires: %{name}-client-common = %{version}
# all
Requires: python3-six
# ipaclient
Requires: python3-cryptography
Requires: python3-qrcode
# ipaclient/csrgen
Recommends: python3-jinja2
# ipaclient/otptoken_yubikey
Recommends: python3-python-yubico
Recommends: python3-pyusb
# ipalib
Requires: python3-netaddr
Requires: python3-pyasn1
Requires: python3-pyasn1-modules
# ipaplatform
Requires: python3-cffi
# ipapython
Requires: python3-dnspython
Requires: python3-gssapi
Requires: python3-netifaces
Requires: python3-ldap
#Requires: python3-enum34
Requires: python3-dbus-python
Requires: python3-gssapi
Requires: python3-sssd-config
Requires: python3-nss
Requires: sssd-ipa
Requires: certmonger >= 0.79.15
Requires: krb5-client
Requires: python3-augeas
Requires: pam-config >= 1.1-3
Requires: keyutils
Requires: mozilla-nss-tools
Requires: oddjob
Summary: Freeipa Client
%description client
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
%package client-samba
Summary: Tools to configure Samba on IPA client
Group: Productivity/Networking/Samba
Requires: %{name}-client = %{version}-%{release}
Requires: python3-samba
Requires: samba-client
Requires: samba-winbind
Requires: samba-common-tools
Requires: samba
Requires: sssd-winbind-idmap
Requires: tdb-tools
Requires: cifs-utils
%description client-samba
This package provides command-line tools to deploy Samba domain member
on the machine enrolled into a FreeIPA environment
%package client-epn
Summary: Tools to configure Expiring Password Notification in IPA
Group: System/Base
Requires: %{name}-client = %{version}-%{release}
%description client-epn
This package provides a service to collect and send expiring password
notifications via email (SMTP).
%package common
Group: Productivity/Networking/LDAP/Servers
#
Summary: Freeipa Common files
%description common
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
This package holds the common files
%package client-common
Group: Productivity/Networking/LDAP/Clients
#
Summary: Freeipa Common files
%description client-common
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
This package holds the common files
%prep
%autosetup -p1
%build
export JAVA_STACK_SIZE="16m"
perl -p -i -e '
$tagged_release = "%{version}";
$tagged_release =~ s|\d+\.\d+\.(\d+).*|$1|;
s|define\(IPA_VERSION_RELEASE, \d+\)|define(IPA_VERSION_RELEASE, ${tagged_release})|g;
s|define\(IPA_VERSION_IS_GIT_SNAPSHOT, yes\)|define(IPA_VERSION_IS_GIT_SNAPSHOT, no)|g;
' VERSION.m4
autoreconf -i -f
%configure --with-vendor-suffix=-%{release} --without-ipatests \
%{enable_server_option}
make %{?_smp_mflags} VERBOSE=yes
%install
%make_install
find %{buildroot} -wholename '*/site-packages/*/install_files.txt' -delete
mkdir -p %{buildroot}%{_sysconfdir}/pki/ca-trust/source/
mkdir -p %{buildroot}%{_fillupdir}
mv %{buildroot}%{_sysconfdir}/sysconfig/certmonger %{buildroot}%{_fillupdir}/sysconfig.certmonger
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcipa-epn
# This file is meant to be sourced, not executed, and %{_sysconfdir}/bash_completion.d is for user files.
mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions
chmod a-x %{buildroot}%{_sysconfdir}/bash_completion.d/ipa
mv %{buildroot}%{_sysconfdir}/bash_completion.d/ipa %{buildroot}%{_datarootdir}/bash-completion/completions/ipa
%find_lang ipa
%if 0%{?suse_version}
%fdupes %{buildroot}%{python3_sitelib}/ipa*
%endif
%pre client-epn
%service_add_pre ipa-epn.service ipa-epn.timer
%post client-epn
%service_add_post ipa-epn.service ipa-epn.timer
%preun client-epn
%service_del_preun ipa-epn.service ipa-epn.timer
%postun client-epn
%service_del_postun ipa-epn.service ipa-epn.timer
%files common -f ipa.lang
%defattr(-,root,root)
%doc README.md Contributors.txt
%license COPYING
%files client
%defattr(-,root,root)
%doc README.md Contributors.txt
%dir %{_libexecdir}/ipa
%dir %{_libexecdir}/ipa/acme
%license COPYING
%{_datarootdir}/bash-completion/completions/ipa
%{_bindir}/ipa*
%{_sbindir}/ipa-client-install
%{_sbindir}/ipa-client-automount
%{_sbindir}/ipa-certupdate
%{_sbindir}/ipa-getkeytab
%{_sbindir}/ipa-rmkeytab
%{_sbindir}/ipa-join
%{_fillupdir}/sysconfig.certmonger
%{_mandir}/man1/ipa.1*
%{_mandir}/man1/ipa-getkeytab.1*
%{_mandir}/man1/ipa-rmkeytab.1*
%{_mandir}/man1/ipa-client-install.1*
%{_mandir}/man1/ipa-client-automount.1*
%{_mandir}/man1/ipa-certupdate.1*
%{_mandir}/man1/ipa-join.1*
%{python3_sitelib}/ipa*
%{_libexecdir}/ipa/acme/certbot-dns-ipa
%files client-samba
%doc README.md Contributors.txt
%license COPYING
%{_sbindir}/ipa-client-samba
%{_mandir}/man1/ipa-client-samba.1*
%files client-epn
%doc README.md Contributors.txt
%dir %{_sysconfdir}/ipa/epn
%license COPYING
%{_sbindir}/ipa-epn
%{_sbindir}/rcipa-epn
%{_mandir}/man1/ipa-epn.1*
%{_mandir}/man5/epn.conf.5*
%attr(644,root,root) %{_unitdir}/ipa-epn.service
%attr(644,root,root) %{_unitdir}/ipa-epn.timer
%attr(600,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn.conf
%attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn/expire_msg.template
%files client-common
%defattr(-,root,root,-)
%doc README.md Contributors.txt
%dir %{_usr}/share/ipa
%dir %{_usr}/share/ipa/client
%license COPYING
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/default.conf
%ghost %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb
# old dbm format
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
# new sql format
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert9.db
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key4.db
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pkcs11.txt
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
%dir %{_sysconfdir}/pki/
%dir %{_sysconfdir}/pki/ca-trust/
%dir %{_sysconfdir}/pki/ca-trust/source/
%ghost %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
%dir %{_localstatedir}/lib/ipa-client
%dir %{_localstatedir}/lib/ipa-client/pki
%dir %{_localstatedir}/lib/ipa-client/sysrestore
%{_mandir}/man5/default.conf.5*
%{_usr}/share/ipa/client/*.template
%changelog
