rpms
/
authselect
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authselect-1.4.0-1: rebase to 1.4.0

This commit is contained in:
Pavel Březina 2022-05-05 14:09:31 +02:00
parent a7d4a1ef58
commit eb39ec3181
16 changed files with 16 additions and 1142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -16,3 +16,4 @@
/authselect-1.2.3.tar.gz
/authselect-1.2.4.tar.gz
/authselect-1.3.0.tar.gz
/authselect-1.4.0.tar.gz

36
0001-main-Drop-an-unnecessary-NULL-check-before-free.patch
View File

@ -1,36 +0,0 @@
From 46386b75fb90ce91ede80093ce73e99fde53ba3b Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 4 Jan 2022 18:33:30 -0500
Subject: [PATCH 01/11] main: Drop an unnecessary `NULL` check before `free()`
From `man free()`:
```
The free() function frees the memory space pointed to by ptr ... If ptr is NULL, no operation is performed.
```
Obviously there are *tons* of these in the codebase; just doing
this one as a preliminary PR; if accepted I may do some more, or
others can. Or we could try a coccinelle semantic patch.
---
src/cli/main.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/cli/main.c b/src/cli/main.c
index 4b8ab8573470c55891d35f50fc9c20d7459776ba..575e56f00edfc35ab4b5368ee40a497016d68cc3 100644
--- a/src/cli/main.c
+++ b/src/cli/main.c
@@ -231,9 +231,7 @@ done:
free(requirements);
authselect_array_free(maps);
authselect_profile_free(profile);
- if (features != NULL) {
- free(features);
- }
+ free(features);
return ret;
}
--
2.34.1

376
0002-lib-drop-strict-change-detection.patch
View File

@ -1,376 +0,0 @@
From 4c4730ea760ddfed94de55769682356c7f95fd21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 11:30:23 +0100
Subject: [PATCH 02/11] lib: drop strict change detection
One of the main authselect features is to refuse to overwrite user
changes to the configuration. To do so, it used to validate files and
directory structure and also files contents.
This however allowed to have a mixed configuration on the system, that
was created by authselect but then modified by user. This is no longer
possible and the behavior has changed in a way that any user changes
made to configuration created by authselect are overwritten without
requiring the *--force* parameter (files contents are no longer
validated).
This will make the configuration consistent - users either use
authselect or not, nothing in between. It also makes authselect work
on ostree server side, where it is not possible to write to /var.
---
Makefile.am | 2 --
rpm/authselect.spec.in | 8 -----
src/conf_macros.m4 | 4 ---
src/lib/Makefile.am | 2 --
src/lib/authselect.c | 27 ++++-----------
src/lib/files/config.c | 1 -
src/lib/files/system.c | 62 ++-------------------------------
src/lib/paths.h | 78 ++++++++++++++++++------------------------
8 files changed, 41 insertions(+), 143 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 0277c6ef6d43e60ea330c465535a88ae405c8630..1c9b88d47f809cb218d19887734769f12b944bb4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,7 +35,6 @@ authselect_custom_dir=@AUTHSELECT_CUSTOM_DIR@
authselect_dconf_dir=@AUTHSELECT_DCONF_DIR@
authselect_pam_dir=@AUTHSELECT_PAM_DIR@
authselect_backup_dir=@AUTHSELECT_BACKUP_DIR@
-authselect_state_dir=@AUTHSELECT_STATE_DIR@
install-exec-hook:
$(MKDIR_P) $(DESTDIR)$/$(authselect_config_dir)
@@ -45,7 +44,6 @@ install-exec-hook:
$(MKDIR_P) $(DESTDIR)$/$(authselect_dconf_dir)/locks
$(MKDIR_P) $(DESTDIR)$/$(authselect_pam_dir)
$(MKDIR_P) $(DESTDIR)$/$(authselect_backup_dir)
- $(MKDIR_P) $(DESTDIR)$/$(authselect_state_dir)
# Build RPMs
RPMBUILD ?= $(PWD)/rpmbuild
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index c05c010c916ac095ba021adf87dd6b985c9661a6..9f36d0dcf001f953b8384d54f60af25d71ef0321 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -184,14 +184,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%endif
%dir %{_localstatedir}/lib/authselect
%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-db
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-locks
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/fingerprint-auth
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/nsswitch.conf
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/password-auth
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/postlogin
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/smartcard-auth
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/system-auth
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
%dir %{_datadir}/authselect
%dir %{_datadir}/authselect/vendor
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 68d8885c0c2d637ae8aaa02e4bd15fab70af5841..17c1629723066b0c4e354051366ce209428af6c1 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -58,10 +58,6 @@ CONFIGURABLE_VALUE(backup-dir, backup_dir, AUTHSELECT_BACKUP_DIR, DIR,
[Directory where configuration backups should be stored],
$localstatedir/lib/authselect/backups)
-CONFIGURABLE_VALUE(state-dir, state_dir, AUTHSELECT_STATE_DIR, DIR,
- [Directory where authselect state should be stored],
- $localstatedir/lib/authselect)
-
CONFIGURABLE_VALUE(pythonbin, pythonbin, PYTHON_BIN, PATH,
[Path to the python interpreter],
$bindir/python3)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index c0bc1cc1439c64c2e096e03020f4464496992878..88411ac51bd8d7c219c3097542e16fa99e0a38a2 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -43,7 +43,6 @@ authselect_dconf_dir=@AUTHSELECT_DCONF_DIR@
authselect_dconf_file=@AUTHSELECT_DCONF_FILE@
authselect_dconf_bin=@AUTHSELECT_DCONF_BIN@
authselect_backup_dir=@AUTHSELECT_BACKUP_DIR@
-authselect_state_dir=@AUTHSELECT_STATE_DIR@
libauthselect_la_SOURCES = \
authselect.c \
@@ -84,7 +83,6 @@ libauthselect_la_CFLAGS = \
-DAUTHSELECT_DCONF_FILE=\"$(authselect_dconf_file)\" \
-DAUTHSELECT_DCONF_BIN=\"$(authselect_dconf_bin)\" \
-DAUTHSELECT_BACKUP_DIR=\"$(authselect_backup_dir)\" \
- -DAUTHSELECT_STATE_DIR=\"$(authselect_state_dir)\" \
$(NULL)
libauthselect_la_LDFLAGS = \
-Wl,--version-script=$(srcdir)/authselect.exports \
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
index a901e02719713bd13d5a4fab606ee713b3d6ddca..b84aa73351448dc5caf802ae7282ebd9aa1c27d7 100644
--- a/src/lib/authselect.c
+++ b/src/lib/authselect.c
@@ -103,32 +103,17 @@ authselect_activate(const char *profile_id,
goto done;
}
- /* First, check that current configuration is valid. */
+ /* Require force if authselect.conf is missing or invalid but otherwise
+ * ignore user changes. */
ret = authselect_validate_configuration(&is_valid);
- if (ret != EOK && ret != ENOENT) {
- ERROR("Unable to check configuration [%d]: %s", ret, strerror(ret));
- goto done;
- }
-
- if (!is_valid) {
- ERROR("Unexpected changes to the configuration were detected.");
- ERROR("Refusing to activate profile unless those changes are removed "
- "or overwrite is requested.");
+ if (ret != EOK) {
+ ERROR("%s is missing or unreadable, system was not properly configured "
+ "by authselect.", PATH_CONFIG_FILE);
+ ERROR("Refusing to activate profile unless overwrite is requested.");
ret = EEXIST;
goto done;
}
- /* If no configuration is present, check for existing files. */
- if (ret == ENOENT) {
- if (!authselect_symlinks_location_available()) {
- ERROR("File that needs to be overwritten was found");
- ERROR("Refusing to activate profile unless this file is removed "
- "or overwrite is requested.");
- ret = EEXIST;
- goto done;
- }
- }
-
ret = authselect_profile_activate(profile, features);
done:
diff --git a/src/lib/files/config.c b/src/lib/files/config.c
index 2d95a1223220888a71e103fa0face84fd1c89dbb..8a10ef8c4c4ccd1a047b39b3ff6399fe31d17c73 100644
--- a/src/lib/files/config.c
+++ b/src/lib/files/config.c
@@ -142,7 +142,6 @@ authselect_config_locations_writable()
{
struct authselect_symlink files[] = {
{PATH_CONFIG_FILE, NULL, false},
- {PATH_COPY_SYSTEM, NULL, false},
SYMLINK_FILES
};
bool result = true;
diff --git a/src/lib/files/system.c b/src/lib/files/system.c
index b121fc4aa5f0e1482bbbb46055274298c0d6447e..e830942c629f462b3b187a7591a1b9b2c248d9da 100644
--- a/src/lib/files/system.c
+++ b/src/lib/files/system.c
@@ -213,19 +213,11 @@ authselect_system_write(const char **features,
struct authselect_generated generated[] = GENERATED_FILES(files);
char *tmp_files[sizeof(generated)/sizeof(struct authselect_generated)] = {NULL};
- char *tmp_copies[sizeof(generated)/sizeof(struct authselect_generated)] = {NULL};
/* First, write content into temporary files, so we can safely fail
* on error. */
now = time(NULL);
for (i = 0; generated[i].path != NULL; i++) {
- ret = authselect_system_write_temp(generated[i].copy_path,
- generated[i].content,
- now, &tmp_copies[i]);
- if (ret != EOK) {
- goto done;
- }
-
ret = authselect_system_write_temp(generated[i].path,
generated[i].content,
now, &tmp_files[i]);
@@ -241,14 +233,6 @@ authselect_system_write(const char **features,
* can fail is EIO which we can not do anything about and we can not
* even recover from it.
*/
- for (i = 0; generated[i].copy_path != NULL; i++) {
- ret = authselect_system_rename_temp(&tmp_copies[i],
- generated[i].copy_path);
- if (ret != EOK) {
- goto done;
- }
- }
-
for (i = 0; generated[i].path != NULL; i++) {
ret = authselect_system_rename_temp(&tmp_files[i], generated[i].path);
if (ret != EOK) {
@@ -261,12 +245,6 @@ authselect_system_write(const char **features,
done:
if (ret != EOK) {
for (i = 0; generated[i].path != NULL; i++) {
- if (tmp_copies[i] != NULL) {
- unlink(tmp_copies[i]);
- free(tmp_copies[i]);
- tmp_copies[i] = NULL;
- }
-
if (tmp_files[i] != NULL) {
unlink(tmp_files[i]);
free(tmp_files[i]);
@@ -280,46 +258,12 @@ done:
}
static bool
-authselect_system_validate_file(const char *path,
- const char *copy_path,
- const char *expected)
+authselect_system_validate_file(const char *path)
{
- char *content;
- char *copy_content;
errno_t ret;
bool bret;
INFO("Validating file [%s]", path);
- expected = expected == NULL ? "" : expected;
-
- ret = textfile_read(path, AUTHSELECT_FILE_SIZE_LIMIT, &content);
- if (ret == ENOENT) {
- ERROR("[%s] does not exist!", path);
- return false;
- } else if (ret == EACCES) {
- ERROR("Unable to read [%s] [%d]: %s", path, ret, strerror(ret));
- return false;
- } else if (ret != EOK) {
- ERROR("Unable to validate file [%s] [%d]: %s", path, ret, strerror(ret));
- return false;
- }
-
- ret = textfile_read(copy_path, AUTHSELECT_FILE_SIZE_LIMIT, &copy_content);
- if (ret == EOK) {
- /* Compare against copy of the originally generated files. */
- INFO("Comparing content against [%s]", copy_path);
- bret = strcmp(content, copy_content) == 0;
- free(copy_content);
- } else {
- INFO("Comparing content against current profile");
- bret = template_validate_written_content(content, expected);
- }
-
- free(content);
- if (!bret) {
- ERROR("[%s] has unexpected content!", path);
- return false;
- }
ret = file_is_regular(path, AUTHSELECT_UID, AUTHSELECT_GID,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, &bret);
@@ -341,9 +285,7 @@ authselect_system_validate(struct authselect_files *files)
int i;
for (i = 0; generated[i].path != NULL; i++) {
- bret = authselect_system_validate_file(generated[i].path,
- generated[i].copy_path,
- generated[i].content);
+ bret = authselect_system_validate_file(generated[i].path);
result &= bret;
if (!bret) {
WARN("File [%s] was modified outside authselect!",
diff --git a/src/lib/paths.h b/src/lib/paths.h
index e6f7b32013a901d35d9d385a3a50dc4868b80d70..ca30b784f8bc63150f46ef08a26ec2bc5bcb3d67 100644
--- a/src/lib/paths.h
+++ b/src/lib/paths.h
@@ -56,17 +56,6 @@
/* Path to files that can be modified by user. */
#define PATH_USER_NSSWITCH AUTHSELECT_CONFIG_DIR "/user-nsswitch.conf"
-/* Paths to copy generated system files. Used to check changes
- * in configuration. */
-#define PATH_COPY_SYSTEM AUTHSELECT_STATE_DIR "/" FILE_SYSTEM
-#define PATH_COPY_PASSWORD AUTHSELECT_STATE_DIR "/" FILE_PASSWORD
-#define PATH_COPY_FINGERPRINT AUTHSELECT_STATE_DIR "/" FILE_FINGERPRINT
-#define PATH_COPY_SMARTCARD AUTHSELECT_STATE_DIR "/" FILE_SMARTCARD
-#define PATH_COPY_POSTLOGIN AUTHSELECT_STATE_DIR "/" FILE_POSTLOGIN
-#define PATH_COPY_NSSWITCH AUTHSELECT_STATE_DIR "/" FILE_NSSWITCH
-#define PATH_COPY_DCONF_DB AUTHSELECT_STATE_DIR "/" FILE_DCONF_DB
-#define PATH_COPY_DCONF_LOCK AUTHSELECT_STATE_DIR "/" FILE_DCONF_LOCK
-
/* Names of symbolic links that points to generated files. */
#define PATH_SYMLINK_SYSTEM AUTHSELECT_PAM_DIR "/" FILE_SYSTEM
#define PATH_SYMLINK_PASSWORD AUTHSELECT_PAM_DIR "/" FILE_PASSWORD
@@ -86,47 +75,46 @@
* @see GENERATED_FILES, GENERATED_FILES_PATHS */
struct authselect_generated {
const char *path;
- const char *copy_path;
const char *content;
};
-#define GENERATED_FILES(files) \
-{ \
- {PATH_SYSTEM, PATH_COPY_SYSTEM, (files)->systemauth}, \
- {PATH_PASSWORD, PATH_COPY_PASSWORD, (files)->passwordauth}, \
- {PATH_FINGERPRINT, PATH_COPY_FINGERPRINT, (files)->fingerprintauth}, \
- {PATH_SMARTCARD, PATH_COPY_SMARTCARD, (files)->smartcardauth}, \
- {PATH_POSTLOGIN, PATH_COPY_POSTLOGIN, (files)->postlogin}, \
- {PATH_NSSWITCH, PATH_COPY_NSSWITCH, (files)->nsswitch}, \
- {PATH_DCONF_DB, PATH_COPY_DCONF_DB, (files)->dconfdb}, \
- {PATH_DCONF_LOCK, PATH_COPY_DCONF_LOCK, (files)->dconflock}, \
- {NULL, NULL, NULL} \
+#define GENERATED_FILES(files) \
+{ \
+ {PATH_SYSTEM, (files)->systemauth}, \
+ {PATH_PASSWORD, (files)->passwordauth}, \
+ {PATH_FINGERPRINT, (files)->fingerprintauth}, \
+ {PATH_SMARTCARD, (files)->smartcardauth}, \
+ {PATH_POSTLOGIN, (files)->postlogin}, \
+ {PATH_NSSWITCH, (files)->nsswitch}, \
+ {PATH_DCONF_DB, (files)->dconfdb}, \
+ {PATH_DCONF_LOCK, (files)->dconflock}, \
+ {NULL, NULL} \
}
-#define GENERATED_FILES_PATHS \
-{ \
- {PATH_SYSTEM, NULL, NULL}, \
- {PATH_PASSWORD, NULL, NULL}, \
- {PATH_FINGERPRINT, NULL, NULL}, \
- {PATH_SMARTCARD, NULL, NULL}, \
- {PATH_POSTLOGIN, NULL, NULL}, \
- {PATH_NSSWITCH, NULL, NULL}, \
- {PATH_DCONF_DB, NULL, NULL}, \
- {PATH_DCONF_LOCK, NULL, NULL}, \
- {NULL, NULL, NULL} \
+#define GENERATED_FILES_PATHS \
+{ \
+ {PATH_SYSTEM, NULL}, \
+ {PATH_PASSWORD, NULL}, \
+ {PATH_FINGERPRINT, NULL}, \
+ {PATH_SMARTCARD, NULL}, \
+ {PATH_POSTLOGIN, NULL}, \
+ {PATH_NSSWITCH, NULL}, \
+ {PATH_DCONF_DB, NULL}, \
+ {PATH_DCONF_LOCK, NULL}, \
+ {NULL, NULL} \
}
-#define PROFILE_FILES(files) \
-{ \
- {FILE_SYSTEM, NULL, (files)->systemauth}, \
- {FILE_PASSWORD, NULL, (files)->passwordauth}, \
- {FILE_FINGERPRINT, NULL, (files)->fingerprintauth}, \
- {FILE_SMARTCARD, NULL, (files)->smartcardauth}, \
- {FILE_POSTLOGIN, NULL, (files)->postlogin}, \
- {FILE_NSSWITCH, NULL, (files)->nsswitch}, \
- {FILE_DCONF_DB, NULL, (files)->dconfdb}, \
- {FILE_DCONF_LOCK, NULL, (files)->dconflock}, \
- {NULL, NULL, NULL} \
+#define PROFILE_FILES(files) \
+{ \
+ {FILE_SYSTEM, (files)->systemauth}, \
+ {FILE_PASSWORD, (files)->passwordauth}, \
+ {FILE_FINGERPRINT, (files)->fingerprintauth}, \
+ {FILE_SMARTCARD, (files)->smartcardauth}, \
+ {FILE_POSTLOGIN, (files)->postlogin}, \
+ {FILE_NSSWITCH, (files)->nsswitch}, \
+ {FILE_DCONF_DB, (files)->dconfdb}, \
+ {FILE_DCONF_LOCK, (files)->dconflock}, \
+ {NULL, NULL} \
}
/* Structure to hold information about symbolic link names and destinations.
--
2.34.1

92
0003-lib-let-authselect_uninstall-delete-files-from-etc-a.patch
View File

@ -1,92 +0,0 @@
From 87a19680be527ebc8035afc850078ca10000ba7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 11:58:57 +0100
Subject: [PATCH 03/11] lib: let authselect_uninstall delete files from
/etc/authselect
This is to ensure that there are no left overs.
---
src/lib/authselect.c | 10 ++++++++++
src/lib/files/files.h | 6 ++++++
src/lib/files/system.c | 30 ++++++++++++++++++++++++++++++
3 files changed, 46 insertions(+)
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
index b84aa73351448dc5caf802ae7282ebd9aa1c27d7..62a0fde47d122cea21f3738e7badc2fdb6a7c78b 100644
--- a/src/lib/authselect.c
+++ b/src/lib/authselect.c
@@ -142,6 +142,16 @@ authselect_uninstall(void)
INFO("Symbolic links were successfully removed");
+ /* Remove files from /etc/authselect */
+ ret = authselect_files_uninstall();
+ if (ret != EOK) {
+ ERROR("Unable to remove authselect configuration [%d]: %s",
+ ret, strerror(ret));
+ return ret;
+ }
+
+ INFO("Authselect configuration was successfully removed");
+
return EOK;
}
diff --git a/src/lib/files/files.h b/src/lib/files/files.h
index d91e80e176ebead21fa24acea5eccc97838bb2a5..9a551b3c0c3da3b241cdd9bd88ed550e1e60c72a 100644
--- a/src/lib/files/files.h
+++ b/src/lib/files/files.h
@@ -229,6 +229,12 @@ authselect_symlinks_location_available(void);
errno_t
authselect_symlinks_uninstall();
+/**
+ * Remove files from authselect directory.
+ */
+errno_t
+authselect_files_uninstall(void);
+
/**
* List all profile directories in a sorted NULL-terminated string array.
*
diff --git a/src/lib/files/system.c b/src/lib/files/system.c
index e830942c629f462b3b187a7591a1b9b2c248d9da..0cbe2d0a495a98ec24f822b0bd64b7538887f047 100644
--- a/src/lib/files/system.c
+++ b/src/lib/files/system.c
@@ -319,3 +319,33 @@ authselect_system_validate_missing()
return result;
}
+
+errno_t
+authselect_files_uninstall()
+{
+ struct authselect_generated generated[] = GENERATED_FILES_PATHS;
+ errno_t ret;
+ int iret;
+ int i;
+
+ errno = 0;
+ iret = unlink(PATH_CONFIG_FILE);
+ if (iret != 0 && errno != ENOENT) {
+ ret = errno;
+ ERROR("Unable to delete [%s] [%d]: %s", PATH_CONFIG_FILE,
+ ret, strerror(ret));
+ return ret;
+ }
+
+ for (i = 0; generated[i].path != NULL; i++) {
+ /* We can ignore errors here. */
+ iret = unlink(generated[i].path);
+ if (iret != 0 && errno != ENOENT) {
+ ret = errno;
+ WARN("Unable to delete [%s] [%d]: %s", generated[i].path,
+ ret, strerror(ret));
+ }
+ }
+
+ return EOK;
+}
--
2.34.1

107
0004-cli-add-opt-out-command.patch
View File

@ -1,107 +0,0 @@
From f337c17c359c7264395804e6d15e1c294e458dbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 12:00:00 +0100
Subject: [PATCH 04/11] cli: add opt-out command
To opt-out from authselect managed configuration.
---
rpm/authselect.spec.in | 2 +-
src/cli/authselect-completion.sh | 2 +-
src/cli/main.c | 4 +++-
src/lib/authselect.c | 6 ++++++
src/man/authselect.8.adoc | 14 ++++++++++++++
5 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index 9f36d0dcf001f953b8384d54f60af25d71ef0321..6e178b88bc2f19cb17692b029430e3eca13dfbef 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -264,7 +264,7 @@ if [ $1 == 0 ] ; then
# deleted safely. If this fail, the uninstallation must fail to avoid
# breaking the system by removing PAM files. However, the command can
# only fail if it can not write to the file system.
- %{_bindir}/authselect uninstall
+ %{_bindir}/authselect opt-out
fi
%pre libs
diff --git a/src/cli/authselect-completion.sh b/src/cli/authselect-completion.sh
index 84a63c9ec9278417720f6bde270c498a700ca48d..8f03aee850a088cdf77bf3dda3a2cf017e257709 100644
--- a/src/cli/authselect-completion.sh
+++ b/src/cli/authselect-completion.sh
@@ -191,7 +191,7 @@ _authselect_completions()
COMMANDS=(select apply-changes list list-features show requirements current
check test enable-feature disable-feature create-profile
- backup-list backup-remove backup-restore)
+ backup-list backup-remove backup-restore opt-out)
possibleopts="$(get_option_params)"
if [[ "$possibleopts" != "" ]]; then
diff --git a/src/cli/main.c b/src/cli/main.c
index 575e56f00edfc35ab4b5368ee40a497016d68cc3..db5f6dc2de6f4f58273f0719f8bb77122edfafe5 100644
--- a/src/cli/main.c
+++ b/src/cli/main.c
@@ -967,7 +967,9 @@ int main(int argc, const char **argv)
CLI_TOOL_COMMAND("backup-list", "List available backups", CLI_CMD_NONE, backup_list),
CLI_TOOL_COMMAND("backup-remove", "Remove backup", CLI_CMD_REQUIRE_ROOT, backup_remove),
CLI_TOOL_COMMAND("backup-restore", "Restore from backup", CLI_CMD_REQUIRE_ROOT, backup_restore),
- CLI_TOOL_COMMAND("uninstall", "Uninstall authselect configuration", CLI_CMD_REQUIRE_ROOT | CLI_CMD_HIDDEN, uninstall),
+ CLI_TOOL_DELIMITER("Other:"),
+ CLI_TOOL_COMMAND("opt-out", "Opt-out from authselect managed configuration", CLI_CMD_REQUIRE_ROOT, uninstall),
+ /* Hidden commands */
CLI_TOOL_COMMAND("version", "Print authselect version", CLI_CMD_HIDDEN, version),
CLI_TOOL_LAST
};
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
index 62a0fde47d122cea21f3738e7badc2fdb6a7c78b..6b8edf32a50a06fdaa583146c1b8a549ba17130a 100644
--- a/src/lib/authselect.c
+++ b/src/lib/authselect.c
@@ -114,6 +114,12 @@ authselect_activate(const char *profile_id,
goto done;
}
+ if (!is_valid) {
+ ERROR("Changes to the authselect configuration were detected. "
+ "These changes will be overwritten. Please call "
+ "'authselect opt-out' in order to keep them.");
+ }
+
ret = authselect_profile_activate(profile, features);
done:
diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc
index ff6dc1e234580061e059316451a1ed293cd1502e..47e04106543825a4c0995a22c336bd7d2d1f9c81 100644
--- a/src/man/authselect.8.adoc
+++ b/src/man/authselect.8.adoc
@@ -37,6 +37,12 @@ automatically generate a backup of your current configuration so if you wish
to go back you can restore it with *authselect backup-restore* command
(see description below).
+OPT-OUT FROM AUTHSELECT
+-----------------------
+To stop authselect from managing your configuration, run *authselect opt-out*.
+This will remove all authselect configuration from your system and you can then
+modify your configuration manually.
+
AVAILABLE COMMANDS
------------------
To list all available commands run *authselect* without any parameters.
@@ -232,6 +238,14 @@ These commands can be used to manage backed up configurations.
Restore configuration from backup named _BACKUP_. *Note:* this will
overwrite current configuration.
+OTHER COMMANDS
+--------------
+
+*opt-out*::
+ Remove authselect configuration. This will restore nsswitch and PAM
+ configuration under its system location and authselect will no longer
+ manage it. Run *authselect select* to opt-in again.
+
COMMON OPTIONS
--------------
These options are available with all commands.
--
2.34.1

27
0005-lib-make-preambule-more-descriptive.patch
View File

@ -1,27 +0,0 @@
From 4f6f91cf8098053dd855d6b8a1c20fcb8815a90c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 12:00:29 +0100
Subject: [PATCH 05/11] lib: make preambule more descriptive
---
src/lib/util/template.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/lib/util/template.c b/src/lib/util/template.c
index 17513dc733016e8b59df5d33fc25794122677211..8ecb0428634ea487e3f6454ec243ebffc7d0fec2 100644
--- a/src/lib/util/template.c
+++ b/src/lib/util/template.c
@@ -567,7 +567,9 @@ template_generate_preamble(time_t timestamp)
}
preamble = format("# Generated by authselect on %s\n"
- "# Do not modify this file manually.\n\n",
+ "# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.\n"
+ "# You can stop authselect from managing your configuration by calling 'authselect opt-out'.\n"
+ "# See authselect(8) for more details.\n\n",
trimmed);
free(trimmed);
if (preamble == NULL) {
--
2.34.1

33
0006-spec-own-user-nsswitch-created-only-if-with_user_nss.patch
View File

@ -1,33 +0,0 @@
From 4c08cf7b01ea2c219de30f944b08f50663974104 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 12:15:35 +0100
Subject: [PATCH 06/11] spec: own user-nsswitch-created only if
with_user_nsswitch
---
rpm/authselect.spec.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index 6e178b88bc2f19cb17692b029430e3eca13dfbef..781d0193c02c9c4c9fa18596caeebe7e02a25a12 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -179,12 +179,12 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/smartcard-auth
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/system-auth
%endif
-%if %{with_user_nsswitch}
-%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf
-%endif
%dir %{_localstatedir}/lib/authselect
%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
+%if %{with_user_nsswitch}
+%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
+%endif
%dir %{_datadir}/authselect
%dir %{_datadir}/authselect/vendor
%dir %{_datadir}/authselect/default
--
2.34.1

256
0007-cli-check-command-return-6-if-no-configuration-is-de.patch
View File

@ -1,256 +0,0 @@
From 3a3df3b409d599682de3936374fc6de9c7163373 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 12:37:37 +0100
Subject: [PATCH 07/11] cli: check command return 6 if no configuration is
detected
If no configuration is detected at all (no files in /etc/authselect
and no system configuration is present either) the check command now
returns 6. This can be used to detect fresh installation.
---
include/authselect.h | 5 +++--
src/cli/cli_tool.c | 2 ++
src/cli/main.c | 10 ++++++++--
src/lib/authselect.c | 13 ++++++++----
src/lib/files/config.c | 36 ++++++++++++++++++++++++++++++---
src/lib/files/files.h | 42 +++++++++++++++++++++++++--------------
src/man/authselect.8.adoc | 1 +
7 files changed, 83 insertions(+), 26 deletions(-)
diff --git a/include/authselect.h b/include/authselect.h
index 5b6cad122257e3ae9509d5799a02668c6705e978..bf04aace4607f765a5b46185a4e9ef70867f73f6 100644
--- a/include/authselect.h
+++ b/include/authselect.h
@@ -192,8 +192,9 @@ authselect_feature_disable(const char *feature);
* @return
* - 0 if there is an existing authselect configuration, the result of
* validation is returned in @_is_valid output variable.
- * - ENOENT if there is no existing authselect configuration, the result of
- * validation is returned in @_is_valid output variable.
+ * - ENOENT if there is no existing configuration
+ * - EEXIST if there is existing configuration, not created by authselect,
+ * the result of validation is returned in @_is_valid output variable.
* - Other errno code on generic error.
*/
int
diff --git a/src/cli/cli_tool.c b/src/cli/cli_tool.c
index 64807af3cb0c3aeb70ff652962dca62a3b99c431..83bc1ef339bdc5e610c930ccb605946f0096fb1a 100644
--- a/src/cli/cli_tool.c
+++ b/src/cli/cli_tool.c
@@ -445,6 +445,8 @@ int cli_tool_main(int argc, const char **argv,
return 4;
case EACCES:
return 5;
+ case ENODEV:
+ return 6;
}
/* Generic error. */
diff --git a/src/cli/main.c b/src/cli/main.c
index db5f6dc2de6f4f58273f0719f8bb77122edfafe5..afe10097612a06b78f0aa45738dc4f9cc3a4f9c9 100644
--- a/src/cli/main.c
+++ b/src/cli/main.c
@@ -349,7 +349,7 @@ static errno_t check(struct cli_cmdline *cmdline)
}
ret = authselect_validate_configuration(&is_valid);
- if (ret != EOK && ret != ENOENT) {
+ if (ret != EOK && ret != ENOENT && ret != EEXIST) {
ERROR("Unable to test current configuration [%d]: %s",
ret, strerror(ret));
@@ -367,12 +367,18 @@ static errno_t check(struct cli_cmdline *cmdline)
puts(_("Current configuration is valid."));
break;
case ENOENT:
+ puts(_("No configuration detected."));
+ ret = ENODEV;
+ break;
+ case EEXIST:
puts(_("System was not configured with authselect."));
+ ret = ENOENT; /* for backwards compatibility */
break;
}
/* EOK = existing configuration is valid,
- * ENOENT = non-existing configuration is valid */
+ * ENODEV = no configuration detected,
+ * ENOENT = non-authselet configuration is valid */
return ret;
}
diff --git a/src/lib/authselect.c b/src/lib/authselect.c
index 6b8edf32a50a06fdaa583146c1b8a549ba17130a..bcb53f03c67c6b822480ad3557919ca75f045949 100644
--- a/src/lib/authselect.c
+++ b/src/lib/authselect.c
@@ -271,14 +271,19 @@ authselect_validate_configuration(bool *_is_valid)
ret = authselect_config_read(&profile_id, &features);
if (ret == ENOENT) {
- *_is_valid = authselect_config_validate_non_existing();
- return ENOENT;
+ *_is_valid = authselect_config_validate_user();
+
+ if (*_is_valid && authselect_config_validate_missing()) {
+ return ENOENT;
+ }
+
+ return EEXIST;
} if (ret != EOK) {
return ret;
}
- *_is_valid = authselect_config_validate_existing(profile_id,
- (const char **)features);
+ *_is_valid = authselect_config_validate_authselect(profile_id,
+ (const char **)features);
free(profile_id);
string_array_free(features);
diff --git a/src/lib/files/config.c b/src/lib/files/config.c
index 8a10ef8c4c4ccd1a047b39b3ff6399fe31d17c73..c841860e347d08bcfb14ca51c0630b453d186d00 100644
--- a/src/lib/files/config.c
+++ b/src/lib/files/config.c
@@ -183,8 +183,8 @@ authselect_config_locations_writable()
}
bool
-authselect_config_validate_existing(const char *profile_id,
- const char **features)
+authselect_config_validate_authselect(const char *profile_id,
+ const char **features)
{
struct authselect_files *files;
bool result = true;
@@ -209,7 +209,7 @@ authselect_config_validate_existing(const char *profile_id,
}
bool
-authselect_config_validate_non_existing()
+authselect_config_validate_user()
{
bool result = true;
@@ -218,3 +218,33 @@ authselect_config_validate_non_existing()
return result;
}
+
+bool
+authselect_config_validate_missing()
+{
+ struct authselect_generated generated[] = GENERATED_FILES_PATHS;
+ struct authselect_symlink symlinks[] = {SYMLINK_FILES};
+ errno_t ret;
+ int i;
+
+ ret = file_exists(PATH_CONFIG_FILE);
+ if (ret != ENOENT) {
+ return false;
+ }
+
+ for (i = 0; generated[i].path != NULL; i++) {
+ ret = file_exists(generated[i].path);
+ if (ret != ENOENT) {
+ return false;
+ }
+ }
+
+ for (i = 0; symlinks[i].name != NULL; i++) {
+ ret = file_exists(symlinks[i].name);
+ if (ret != ENOENT) {
+ return false;
+ }
+ }
+
+ return true;
+}
diff --git a/src/lib/files/files.h b/src/lib/files/files.h
index 9a551b3c0c3da3b241cdd9bd88ed550e1e60c72a..5eeca3ebf58e730c586d6bf6bf18e22a67218067 100644
--- a/src/lib/files/files.h
+++ b/src/lib/files/files.h
@@ -71,7 +71,7 @@ bool
authselect_config_locations_writable(void);
/**
- * Validate existing configuration.
+ * Validate existing authselect configuration.
*
* Check that all files are created, readable and with correct content
* and that all symbolic links exist.
@@ -79,8 +79,31 @@ authselect_config_locations_writable(void);
* @return True if the configuration is valid, false otherwise.
*/
bool
-authselect_config_validate_existing(const char *profile_id,
- const char **features);
+authselect_config_validate_authselect(const char *profile_id,
+ const char **features);
+
+/**
+ * Validate existing non-authselect configuration.
+ *
+ * Check that there are no left overs from previous authselect configuration.
+ * All generated files must be removed and all symbolic links must either not
+ * exists, point to different location or must be other file or directory.
+ *
+ * @return True if the are no left overs, false otherwise.
+ */
+bool
+authselect_config_validate_user(void);
+
+/**
+ * Validate missing configuration.
+ *
+ * Check that there is no configuration at all (there are no authselect and
+ * no system files present).
+ *
+ * @return True if there is no configuration, false otherwise.
+ */
+bool
+authselect_config_validate_missing(void);
/**
* Generate contents of nsswitch.conf.
@@ -108,18 +131,6 @@ errno_t
authselect_nsswitch_find_maps(char *content,
char ***_maps);
-/**
- * Validate non-existing configuration.
- *
- * Check that there are no left overs from previous authselect configuration.
- * All generated files must be removed and all symbolic links must either not
- * exists, point to different location or must be other file or directory.
- *
- * @return True if the are no left overs, false otherwise.
- */
-bool
-authselect_config_validate_non_existing();
-
/**
* Read system files templates and return them in files structure.
*
@@ -235,6 +246,7 @@ authselect_symlinks_uninstall();
errno_t
authselect_files_uninstall(void);
+
/**
* List all profile directories in a sorted NULL-terminated string array.
*
diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc
index 47e04106543825a4c0995a22c336bd7d2d1f9c81..9295701619332f23db74c8560b8ac2003a0b6c4d 100644
--- a/src/man/authselect.8.adoc
+++ b/src/man/authselect.8.adoc
@@ -363,6 +363,7 @@ The *authselect* can return these exit codes:
* 3: Current configuration is not valid, it was edited without authselect.
* 4: System configuration must be overwritten to activate an authselect profile, --force parameter is needed.
* 5: Executed command must be run as root.
+* 6: No configuration was detected.
GENERATED FILES
---------------
--
2.34.1

36
0008-spec-do-not-backup-non-existing-configuration-on-fre.patch
View File

@ -1,36 +0,0 @@
From 919ffffe831d361c1575899ac17c30a428536714 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 12:43:28 +0100
Subject: [PATCH 08/11] spec: do not backup non-existing configuration on fresh
install
Freshly installed system does not have any configuration files to
backup.
---
rpm/authselect.spec.in | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index 781d0193c02c9c4c9fa18596caeebe7e02a25a12..dc21389fdc91db3d115699f1db16eb8dc906ac8c 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -312,10 +312,15 @@ if %__grep "OSTREE_VERSION=" /etc/os-release &> /dev/null; then
done
fi
+%{_bindir}/authselect check &> /dev/null
+if [ $? -eq 6 ]; then
+ NOBACKUP="--nobackup"
+fi
+
# If we are upgrading from pre authselect-1.3.0 or this is a new installation
# select the default configuration.
if [ -f %{forcefile} ]; then
- %{_bindir}/authselect select %{default_profile} --force &> /dev/null
+ %{_bindir}/authselect select %{default_profile} --force $NOBACKUP &> /dev/null
%__rm -f %{forcefile}
fi
--
2.34.1

27
0009-lib-bump-soname-version-to-4-3-1.patch
View File

@ -1,27 +0,0 @@
From 66e06017494ff092e56373c88787e728ade3d361 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 31 Jan 2022 12:58:55 +0100
Subject: [PATCH 09/11] lib: bump soname version to 4:3:1
Algorithm used:
https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
---
src/lib/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 88411ac51bd8d7c219c3097542e16fa99e0a38a2..365da957a3ee8cd2e5abebc2a5190844f47d4879 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -86,7 +86,7 @@ libauthselect_la_CFLAGS = \
$(NULL)
libauthselect_la_LDFLAGS = \
-Wl,--version-script=$(srcdir)/authselect.exports \
- -version-info 4:2:1
+ -version-info 4:3:1
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = \
--
2.34.1

28
0010-spec-fix-detection-of-ostree-system.patch
View File

@ -1,28 +0,0 @@
From e12f91ecaf437315c02d74aef9d08a5def140d6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 1 Feb 2022 09:57:01 +0100
Subject: [PATCH 10/11] spec: fix detection of ostree system
The information in /etc/os-release may not be available if the system
has not yet been mutated into ostree. This may happen during initial
compose.
---
rpm/authselect.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index dc21389fdc91db3d115699f1db16eb8dc906ac8c..fa01d4508b34023ad36d7bbfc6ffb05c517a9198 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -301,7 +301,7 @@ fi
# Keep nss-altfiles for all rpm-ostree based systems.
# See https://github.com/authselect/authselect/issues/48
-if %__grep "OSTREE_VERSION=" /etc/os-release &> /dev/null; then
+if test -e /run/ostree-booted; then
for PROFILE in `ls %{_datadir}/authselect/default`; do
%{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null
%if %{with_user_nsswitch}
--
2.34.1

39
0011-spec-remove-unnecessary-dependencies.patch
View File

@ -1,39 +0,0 @@
From 33230db31309b08a4e332fc5ee49f440871b7ee8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 1 Feb 2022 09:58:29 +0100
Subject: [PATCH 11/11] spec: remove unnecessary dependencies
- gawk, findutils and grep are no longer needed in scriptlets
- systemd does not have to be required
PAM and nsswitch.conf from shipped profiles references several
systemd modules. However if those modules are not installed,
they are simply ignored, therefore this dependency can be
omitted.
systemd is usually installed anyway, but it is not necessary to
pull it in on cases when it is not desired, such as in containers.
---
rpm/authselect.spec.in | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index fa01d4508b34023ad36d7bbfc6ffb05c517a9198..c11dfa510307e951ec6f9aa15dfe2dd4b19cd2f9 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -72,11 +72,8 @@ supported by authselect.
Summary: Utility library used by the authselect tool
# Required by scriptlets
Requires: coreutils
-Requires: findutils
-Requires: gawk
-Requires: grep
Requires: sed
-Requires: systemd
+Suggests: systemd
%if %{enforce_authselect}
# authselect now owns nsswitch.conf (glibc) and pam files
Conflicts: pam < 1.5.2-8
--
2.34.1

69
0012-profile-fix-mdns-support.patch
View File

@ -1,69 +0,0 @@
From b9cbd670c2993dd2c6c8c107712c68f8c874ac16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 10 Feb 2022 12:40:45 +0100
Subject: [PATCH] profile: fix mdns support
Resolves:
https://github.com/authselect/authselect/issues/293
---
profiles/minimal/nsswitch.conf | 2 +-
profiles/nis/nsswitch.conf | 2 +-
profiles/sssd/nsswitch.conf | 2 +-
profiles/winbind/nsswitch.conf | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/profiles/minimal/nsswitch.conf b/profiles/minimal/nsswitch.conf
index 6c3c355b523226a694d64276ffe907cec175022b..563ba030d4c1291023ba36d33eb9f225f10cfa9b 100644
--- a/profiles/minimal/nsswitch.conf
+++ b/profiles/minimal/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }systemd
shadow: files
group: files {if "with-altfiles":altfiles }systemd
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
services: files
netgroup: files
automount: files
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
index e60eeaacf68728d7355647c068fff9bbb1916b4a..49b91eaaa1395ea2fcbe402bc29bd7fb24c4a0c9 100644
--- a/profiles/nis/nsswitch.conf
+++ b/profiles/nis/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }nis systemd
shadow: files nis
group: files {if "with-altfiles":altfiles }nis systemd
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] nis myhostname dns
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns
services: files nis
netgroup: files nis
automount: files nis
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
index 526cbaeeecee7649e2b3071c8706ce35ec7ed388..699fac909dd66bec06dcf372a99b487be2d85059 100644
--- a/profiles/sssd/nsswitch.conf
+++ b/profiles/sssd/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd
shadow: files
group: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
services: files sss
netgroup: files sss
sudoers: files sss {include if "with-sudo"}
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
index b3ea72d94bc3795113d76178ed070ff8f928e137..835800e50f94256baca99bd31e09ef1488e5eeb1 100644
--- a/profiles/winbind/nsswitch.conf
+++ b/profiles/winbind/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }winbind systemd
shadow: files
group: files {if "with-altfiles":altfiles }winbind systemd
-hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns
+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
services: files
netgroup: files
automount: files
--
2.31.1

9
authselect.rpmlintrc Normal file
View File

@ -0,0 +1,9 @@
# Whitelist known warnings that can not be fixed
addFilter("authselect.*: W: spelling-error %description -l en_US authconfig -> configuration");
addFilter("authselect.*: W: non-conffile-in-etc /etc/bash_completion.d/authselect-completion.sh")
addFilter("authselect-compat.*: W: self-obsoletion authconfig < 7.0.1-6 obsoletes authconfig")
addFilter("authselect-compat.*: W: no-documentation")
addFilter("authselect-compat.*: W: no-manual-page-for-binary authconfig")
addFilter("authselect-devel.*: W: no-documentation")
addFilter("authselect-libs.*: W: dangerous-command-in-%pre rm")
addFilter("authselect-libs.*: W: dangerous-command-in-%posttrans cp")

20
authselect.spec
View File

@ -2,27 +2,14 @@
%define _empty_manifest_terminate_build 0
Name: authselect
Version: 1.3.0
Release: 10%{?dist}
Version: 1.4.0
Release: 1%{?dist}
Summary: Configures authentication and identity sources from supported profiles
URL: https://github.com/authselect/authselect
License: GPLv3+
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch0001: 0001-main-Drop-an-unnecessary-NULL-check-before-free.patch
Patch0002: 0002-lib-drop-strict-change-detection.patch
Patch0003: 0003-lib-let-authselect_uninstall-delete-files-from-etc-a.patch
Patch0004: 0004-cli-add-opt-out-command.patch
Patch0005: 0005-lib-make-preambule-more-descriptive.patch
Patch0006: 0006-spec-own-user-nsswitch-created-only-if-with_user_nss.patch
Patch0007: 0007-cli-check-command-return-6-if-no-configuration-is-de.patch
Patch0008: 0008-spec-do-not-backup-non-existing-configuration-on-fre.patch
Patch0009: 0009-lib-bump-soname-version-to-4-3-1.patch
Patch0010: 0010-spec-fix-detection-of-ostree-system.patch
Patch0011: 0011-spec-remove-unnecessary-dependencies.patch
Patch0012: 0012-profile-fix-mdns-support.patch
%global makedir %{_builddir}/%{name}-%{version}
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 10
@ -354,6 +341,9 @@ fi
exit 0
%changelog
* Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.0-1
- Rebase to 1.3.0
* Thu Feb 10 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-10
- Fix mdns support (#2052269)

2
sources
View File

@ -1 +1 @@
SHA512 (authselect-1.3.0.tar.gz) = bebccbd0a3a189812c1e2dc85ab4e4514f56f99728b4c4214862b850ddf259918d7e0ee00acd538045d2a71149b761176ecd2d4744a6ff3f19bccda57445351d
SHA512 (authselect-1.4.0.tar.gz) = 878603fddcff5f9df07e86f01c1486f331535b455ca4f11bec90e86c8c923137b4cf67a2856bd9f2a5b3f11f1a22f7691a6b1cc702c53291f83ccdadcb70d957