rpms
/
nss-pam-ldapd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Simplify and modernize the specfile 

- Get rid of all conditions that are always true for both EPEL-7 and Fedora
  as it's quite unlikely we'd use this specfile on EPEL-6
- Remove the sysvinit script and all the scriptlets around it
- Unconditionally use systemd scriptlet macros and systemd_requires
- Unconditionally build the PAM module as the PADL module is long dead
- Remove the auto-migration of settings from nss_ldap as it's been
  long gone from Fedora
- Don't check /etc/sysconfig/authconfig as authconfig is on its way
  out from Fedora
- Use only spaces, not tabs, to stop my editor from looking like a
  Christmas tree
- Remove the obsolete Group stanza
- Make nscd Recommended, not Required
This commit is contained in:
Jakub Hrozek 2018-03-31 21:54:28 +02:00
parent 2635faec28
commit 224e63f170
2 changed files with 47 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
nslcd.init
View File

@ -1,86 +0,0 @@
#!/bin/sh
#
# chkconfig: - 12 88
# description: Provides naming services using a directory server.
# processname: /usr/sbin/nslcd
# config: /etc/nslcd.conf
# pidfile: /var/run/nslcd/nslcd.pid
#
### BEGIN INIT INFO
# Provides: nslcd
# Required-Start: $network
# Required-Stop:
# Default-Start:
# Default-Stop:
# Short-Description: naming services LDAP client daemon
# Description: Provides naming services using a directory server.
### END INIT INFO
program=/usr/sbin/nslcd
prog=${program##*/}
pidfile=/var/run/nslcd/nslcd.pid
if [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
fi
RETVAL=0
start() {
echo -n $"Starting $prog: "
daemon $program
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $program
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/$prog
fi
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
[ -f /var/lock/subsys/$prog ] && exit 0
$1
;;
stop)
[ -f /var/lock/subsys/$prog ] || exit 0
$1
;;
restart)
$1
;;
status)
status -p $pidfile $program
RETVAL=$?
;;
condrestart|try-restart)
[ -f /var/lock/subsys/$prog ] && restart || :
;;
reload)
echo "can't reload configuration, you have to restart it"
RETVAL=3
;;
force-reload)
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 1
;;
esac
exit $RETVAL

308
nss-pam-ldapd.spec
View File

@ -1,94 +1,42 @@
%if 0%{?fedora} > 15 || 0%{?rhel} > 6
%global systemd 1
%global sysvinit 0
%else
%global systemd 0
%global sysvinit 1
%endif
# Fedora had these in F18, but we didn't cut over to use them until after F18
# was frozen, so pretend it didn't happen until F19.
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
%global systemd_macros 1
%else
%global systemd_macros 0
%endif
%if 0%{?fedora} > 14 || 0%{?rhel} > 6
%global tmpfiles 1
%else
%global tmpfiles 0
%endif
# Fedora had it in F17, but moving things around in already-released versions
# is a bad idea, so pretend it didn't happen until F19.
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
%global separate_usr 0
%global nssdir %{_libdir}
%global pamdir %{_libdir}/security
%else
%global separate_usr 1
%global nssdir /%{_lib}
%global pamdir /%{_lib}/security
%endif
# For distributions that support it, build with RELRO
%if (0%{?fedora} > 15 || 0%{?rhel} >= 7)
%define _hardened_build 1
%endif
Name: nss-pam-ldapd
Version: 0.8.14
Release: 11%{?dist}
Summary: An nsswitch module which uses directory servers
Group: System Environment/Base
License: LGPLv2+
URL: http://arthurdejong.org/nss-pam-ldapd/
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig
Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
Patch1: nss-pam-ldapd-0.8.12-validname.patch
Patch2: nss-pam-ldapd-0.8.12-uid-overflow.patch
Patch3: nss-pam-ldapd-exitcode.patch
BuildRequires: openldap-devel, krb5-devel
BuildRequires: autoconf, automake
BuildRequires: pam-devel
Obsoletes: nss-ldapd < 0.7
Provides: nss-ldapd = %{version}-%{release}
Name: nss-pam-ldapd
Version: 0.8.14
Release: 12%{?dist}
Summary: An nsswitch module which uses directory servers
License: LGPLv2+
URL: http://arthurdejong.org/nss-pam-ldapd/
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig
Source3: nslcd.tmpfiles
Source4: nslcd.service
Patch1: nss-pam-ldapd-0.8.12-validname.patch
Patch2: nss-pam-ldapd-0.8.12-uid-overflow.patch
Patch3: nss-pam-ldapd-exitcode.patch
BuildRequires: openldap-devel, krb5-devel
BuildRequires: autoconf, automake
BuildRequires: pam-devel
BuildRequires: systemd-units
%{?systemd_requires}
# Pull in nscd, which is recommended.
Recommends: nscd
Obsoletes: nss-ldapd < 0.7
Provides: nss-ldapd = %{version}-%{release}
# Obsolete PADL's nss_ldap
Provides: nss_ldap = 265-12
Obsoletes: nss_ldap < 265-11
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
# Obsolete PADL's pam_ldap
Provides: pam_ldap = 185-15
Obsoletes: pam_ldap < 185-15
%global build_pam_ldap 1
%else
# Pull in the pam_ldap module, which is its own package in F14 and later, to
# keep upgrades from removing the module. We used to disable nss-pam-ldapd's
# own pam_ldap.so when it wasn't mature enough.
Requires: pam_ldap%{?_isa}
%global build_pam_ldap 0
%endif
# Pull in nscd, which is recommended.
Requires: nscd
%if %{sysvinit}
Requires(post): /sbin/ldconfig, chkconfig, grep, sed
Requires(preun): chkconfig, initscripts
Requires(postun): /sbin/ldconfig, initscripts
%endif
%if %{systemd}
BuildRequires: systemd-units
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(post): systemd-sysv
%endif
%description
The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name
@ -104,12 +52,8 @@ autoreconf -f -i
%build
%configure --libdir=%{nssdir} \
%if %{build_pam_ldap}
--with-pam-seclib-dir=%{pamdir}
%else
--disable-pam
%endif
make %{?_smp_mflags}
--with-pam-seclib-dir=%{pamdir}
%make_build
%check
make check
@ -117,68 +61,29 @@ make check
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/{%{_initddir},%{_libdir},%{_unitdir}}
%if %{sysvinit}
install -p -m755 %{SOURCE2} $RPM_BUILD_ROOT/%{_initddir}/nslcd
%endif
%if %{systemd}
mkdir -p $RPM_BUILD_ROOT/{%{_libdir},%{_unitdir}}
install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/
%endif
%if 0%{?fedora} > 13 || 0%{?rhel} > 5
%if %{separate_usr}
# Follow glibc's convention and provide a .so symlink so that people who know
# what to expect can link directly with the module.
if test %{_libdir} != /%{_lib} ; then
touch $RPM_BUILD_ROOT/rootfile
relroot=..
while ! test -r $RPM_BUILD_ROOT/%{_libdir}/$relroot/rootfile ; do
relroot=../$relroot
done
ln -s $relroot/%{_lib}/libnss_ldap.so.2 \
$RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so
rm $RPM_BUILD_ROOT/rootfile
fi
%else
ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{nssdir}/libnss_ldap.so
%endif
%endif
sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \
$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd
%if %{tmpfiles}
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf
%endif
%files
%defattr(-,root,root)
%doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO
%{_sbindir}/*
%{nssdir}/*.so.*
%if %{build_pam_ldap}
%{nssdir}/*.so*
%{pamdir}/pam_ldap.so
%endif
%{_mandir}/*/*
%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf
%if %{tmpfiles}
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf
%endif
%if %{sysvinit}
%attr(0755,root,root) %{_initddir}/nslcd
%endif
%if %{systemd}
%config(noreplace) %{_unitdir}/*
%endif
%{_unitdir}/nslcd.service
%attr(0755,nslcd,root) /var/run/nslcd
%if 0%{?fedora} > 13 || 0%{?rhel} > 5
# This would be the only thing in the -devel subpackage, so we include it. It
# will conflict with nss_ldap, so only include it for releases where pam_ldap is
# its own package.
/%{_libdir}/*.so
%endif
%pre
getent group ldap > /dev/null || \
@ -189,151 +94,32 @@ getent passwd nslcd > /dev/null || \
%post
# The usual stuff.
%if %{sysvinit}
/sbin/chkconfig --add nslcd
%endif
%if %{systemd}
%if %{systemd_macros}
%systemd_post nslcd.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%endif
%endif
/sbin/ldconfig
# Import important non-default settings from nss_ldap or pam_ldap configuration
# files, but only the first time this package is installed.
comment="This comment prevents repeated auto-migration of settings."
if test -s /etc/nss-ldapd.conf ; then
source=/etc/nss-ldapd.conf
elif test -s /etc/nss_ldap.conf ; then
source=/etc/nss_ldap.conf
elif test -s /etc/pam_ldap.conf ; then
source=/etc/pam_ldap.conf
else
source=/etc/ldap.conf
fi
target=/etc/nslcd.conf
if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
# Try to make sure we only do this the first time.
echo "# $comment" >> $target
if grep -E -q '^uri[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default host/uri and replace it...
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
# ... with the uri.
grep -E '^uri[[:blank:]]' $source >> $target
elif grep -E -q '^host[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default host/uri and replace it...
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
# ... with the "host" reformatted as a URI.
scheme=ldap
# check for 'ssl on', which means we want to use ldaps://
if grep -E -q '^ssl[[:blank:]]+on$' $source 2> /dev/null ; then
scheme=ldaps
fi
grep -E '^host[[:blank:]]' $source |\
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target
fi
# Base doesn't require any special logic.
if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default base and replace it.
sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
grep -E '^base[[:blank:]]' $source >> $target
fi
# Pull in these settings, if they're set, directly.
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
grep -E '^(tls_)' $source 2> /dev/null >> $target
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target
fi
# If this is the first time we're being installed, and the system is already
# configured to use LDAP as a naming service or for checking and changing
# passwords, enable the daemon, but don't start it since we can never know if
# that's a safe thing to do. If this is an upgrade, leave the user's runlevel
# selections alone.
if [ "$1" -eq "1" ]; then
authconf=/etc/sysconfig/authconfig
if grep -E -q '^USELDAP(AUTH)?=yes$' $authconf 2> /dev/null ; then
%if %{sysvinit}
/sbin/chkconfig nslcd on
%endif
%if %{systemd}
/bin/systemctl --no-reload enable nslcd.service >/dev/null 2>&1 ||:
%endif
fi
fi
# Earlier versions of 0.7.6 of this package would have included both 'gid
# nslcd' (a group which doesn't exist) and 'gid ldap' (which we ensure exists).
# If we detect both, fix the configuration.
if grep -q '^gid nslcd' $target ; then
if grep -q '^gid ldap' $target ; then
sed -i -e 's,^gid nslcd$,# gid nslcd,g' $target
fi
fi
# In 0.8.4, the name of the attribute which was expected to contain the DNs of
# a group's members changed from "uniqueMember" to "member". Change any
# instances of "map group uniqueMember ..." to "map group member ...", unless
# "member" is already being mapped, in which case attempting this would
# probably just confuse things further.
if grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]]" $target ; then
if ! grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+member[[:blank:]]" $target ; then
sed -i -r -e "s,^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]](.*),map group member \1,g" $target
fi
fi
# Create the daemon's /var/run directory if it isn't there.
if ! test -d /var/run/nslcd ; then
mkdir -p -m 0755 /var/run/nslcd
fi
exit 0
%systemd_post nslcd.service
%preun
if [ "$1" -eq "0" ]; then
%if %{sysvinit}
/sbin/service nslcd stop >/dev/null 2>&1
/sbin/chkconfig --del nslcd
%endif
%if %{systemd}
%if %{systemd_macros}
%systemd_preun nslcd.service
%else
/bin/systemctl --no-reload disable nslcd.service > /dev/null 2>&1 || :
/bin/systemctl stop nslcd.service > /dev/null 2>&1 || :
%endif
%endif
fi
exit 0
%postun
/sbin/ldconfig
%if %{sysvinit}
if [ "$1" -ge "1" ]; then
/etc/rc.d/init.d/nslcd condrestart >/dev/null 2>&1
fi
%endif
%if %{systemd}
%if %{systemd_macros}
%systemd_postun_with_restart nslcd.service
%else
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" ]; then
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1
fi
%endif
%endif
exit 0
%if %{systemd}
%triggerun -- nss-pam-ldapd < 0.7.13-6
# Save the current service runlevel info, in case the user wants to apply
# the enabled status manually later, by running
# "systemd-sysv-convert --apply nslcd".
%{_bindir}/systemd-sysv-convert --save nslcd >/dev/null 2>&1 ||:
# Do this because the old package's %%postun doesn't know we need to do it.
/sbin/chkconfig --del nslcd >/dev/null 2>&1 || :
# Do this because the old package's %%postun wouldn't have tried.
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 || :
exit 0
%endif
%changelog
* Sat Mar 31 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.8.14-12
- Get rid of all conditions that are always true for both EPEL-7 and Fedora
as it's quite unlikely we'd use this specfile on EPEL-6
- Remove the sysvinit script and all the scriptlets around it
- Unconditionally use systemd scriptlet macros and systemd_requires
- Unconditionally build the PAM module as the PADL module is long dead
- Remove the auto-migration of settings from nss_ldap as it's been
long gone from Fedora
- Don't check /etc/sysconfig/authconfig as authconfig is on its way
out from Fedora
- Use only spaces, not tabs, to stop my editor from looking like a
Christmas tree
- Remove the obsolete Group stanza
- Make nscd Recommended, not Required
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.14-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild