Simplify and modernize the specfile
- Get rid of all conditions that are always true for both EPEL-7 and Fedora as it's quite unlikely we'd use this specfile on EPEL-6 - Remove the sysvinit script and all the scriptlets around it - Unconditionally use systemd scriptlet macros and systemd_requires - Unconditionally build the PAM module as the PADL module is long dead - Remove the auto-migration of settings from nss_ldap as it's been long gone from Fedora - Don't check /etc/sysconfig/authconfig as authconfig is on its way out from Fedora - Use only spaces, not tabs, to stop my editor from looking like a Christmas tree - Remove the obsolete Group stanza - Make nscd Recommended, not Required
This commit is contained in:
parent
2635faec28
commit
224e63f170
86
nslcd.init
86
nslcd.init
|
@ -1,86 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# chkconfig: - 12 88
|
||||
# description: Provides naming services using a directory server.
|
||||
# processname: /usr/sbin/nslcd
|
||||
# config: /etc/nslcd.conf
|
||||
# pidfile: /var/run/nslcd/nslcd.pid
|
||||
#
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: nslcd
|
||||
# Required-Start: $network
|
||||
# Required-Stop:
|
||||
# Default-Start:
|
||||
# Default-Stop:
|
||||
# Short-Description: naming services LDAP client daemon
|
||||
# Description: Provides naming services using a directory server.
|
||||
### END INIT INFO
|
||||
|
||||
program=/usr/sbin/nslcd
|
||||
prog=${program##*/}
|
||||
pidfile=/var/run/nslcd/nslcd.pid
|
||||
|
||||
if [ -f /etc/rc.d/init.d/functions ]; then
|
||||
. /etc/rc.d/init.d/functions
|
||||
fi
|
||||
|
||||
RETVAL=0
|
||||
|
||||
start() {
|
||||
echo -n $"Starting $prog: "
|
||||
daemon $program
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc $program
|
||||
RETVAL=$?
|
||||
echo
|
||||
if [ $RETVAL -eq 0 ]; then
|
||||
rm -f /var/lock/subsys/$prog
|
||||
fi
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start)
|
||||
[ -f /var/lock/subsys/$prog ] && exit 0
|
||||
$1
|
||||
;;
|
||||
stop)
|
||||
[ -f /var/lock/subsys/$prog ] || exit 0
|
||||
$1
|
||||
;;
|
||||
restart)
|
||||
$1
|
||||
;;
|
||||
status)
|
||||
status -p $pidfile $program
|
||||
RETVAL=$?
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
[ -f /var/lock/subsys/$prog ] && restart || :
|
||||
;;
|
||||
reload)
|
||||
echo "can't reload configuration, you have to restart it"
|
||||
RETVAL=3
|
||||
;;
|
||||
force-reload)
|
||||
restart
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
exit $RETVAL
|
|
@ -1,94 +1,42 @@
|
|||
%if 0%{?fedora} > 15 || 0%{?rhel} > 6
|
||||
%global systemd 1
|
||||
%global sysvinit 0
|
||||
%else
|
||||
%global systemd 0
|
||||
%global sysvinit 1
|
||||
%endif
|
||||
|
||||
# Fedora had these in F18, but we didn't cut over to use them until after F18
|
||||
# was frozen, so pretend it didn't happen until F19.
|
||||
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
|
||||
%global systemd_macros 1
|
||||
%else
|
||||
%global systemd_macros 0
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} > 14 || 0%{?rhel} > 6
|
||||
%global tmpfiles 1
|
||||
%else
|
||||
%global tmpfiles 0
|
||||
%endif
|
||||
|
||||
# Fedora had it in F17, but moving things around in already-released versions
|
||||
# is a bad idea, so pretend it didn't happen until F19.
|
||||
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
|
||||
%global separate_usr 0
|
||||
%global nssdir %{_libdir}
|
||||
%global pamdir %{_libdir}/security
|
||||
%else
|
||||
%global separate_usr 1
|
||||
%global nssdir /%{_lib}
|
||||
%global pamdir /%{_lib}/security
|
||||
%endif
|
||||
|
||||
# For distributions that support it, build with RELRO
|
||||
%if (0%{?fedora} > 15 || 0%{?rhel} >= 7)
|
||||
%define _hardened_build 1
|
||||
%endif
|
||||
|
||||
Name: nss-pam-ldapd
|
||||
Version: 0.8.14
|
||||
Release: 11%{?dist}
|
||||
Summary: An nsswitch module which uses directory servers
|
||||
Group: System Environment/Base
|
||||
License: LGPLv2+
|
||||
URL: http://arthurdejong.org/nss-pam-ldapd/
|
||||
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
|
||||
Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig
|
||||
Source2: nslcd.init
|
||||
Source3: nslcd.tmpfiles
|
||||
Source4: nslcd.service
|
||||
Patch1: nss-pam-ldapd-0.8.12-validname.patch
|
||||
Patch2: nss-pam-ldapd-0.8.12-uid-overflow.patch
|
||||
Patch3: nss-pam-ldapd-exitcode.patch
|
||||
BuildRequires: openldap-devel, krb5-devel
|
||||
BuildRequires: autoconf, automake
|
||||
BuildRequires: pam-devel
|
||||
Obsoletes: nss-ldapd < 0.7
|
||||
Provides: nss-ldapd = %{version}-%{release}
|
||||
Name: nss-pam-ldapd
|
||||
Version: 0.8.14
|
||||
Release: 12%{?dist}
|
||||
Summary: An nsswitch module which uses directory servers
|
||||
License: LGPLv2+
|
||||
URL: http://arthurdejong.org/nss-pam-ldapd/
|
||||
Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
|
||||
Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig
|
||||
Source3: nslcd.tmpfiles
|
||||
Source4: nslcd.service
|
||||
|
||||
Patch1: nss-pam-ldapd-0.8.12-validname.patch
|
||||
Patch2: nss-pam-ldapd-0.8.12-uid-overflow.patch
|
||||
Patch3: nss-pam-ldapd-exitcode.patch
|
||||
|
||||
BuildRequires: openldap-devel, krb5-devel
|
||||
BuildRequires: autoconf, automake
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: systemd-units
|
||||
%{?systemd_requires}
|
||||
|
||||
# Pull in nscd, which is recommended.
|
||||
Recommends: nscd
|
||||
|
||||
Obsoletes: nss-ldapd < 0.7
|
||||
Provides: nss-ldapd = %{version}-%{release}
|
||||
|
||||
# Obsolete PADL's nss_ldap
|
||||
Provides: nss_ldap = 265-12
|
||||
Obsoletes: nss_ldap < 265-11
|
||||
|
||||
%if 0%{?fedora} > 18 || 0%{?rhel} > 6
|
||||
# Obsolete PADL's pam_ldap
|
||||
Provides: pam_ldap = 185-15
|
||||
Obsoletes: pam_ldap < 185-15
|
||||
%global build_pam_ldap 1
|
||||
%else
|
||||
# Pull in the pam_ldap module, which is its own package in F14 and later, to
|
||||
# keep upgrades from removing the module. We used to disable nss-pam-ldapd's
|
||||
# own pam_ldap.so when it wasn't mature enough.
|
||||
Requires: pam_ldap%{?_isa}
|
||||
%global build_pam_ldap 0
|
||||
%endif
|
||||
|
||||
# Pull in nscd, which is recommended.
|
||||
Requires: nscd
|
||||
%if %{sysvinit}
|
||||
Requires(post): /sbin/ldconfig, chkconfig, grep, sed
|
||||
Requires(preun): chkconfig, initscripts
|
||||
Requires(postun): /sbin/ldconfig, initscripts
|
||||
%endif
|
||||
%if %{systemd}
|
||||
BuildRequires: systemd-units
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
Requires(post): systemd-sysv
|
||||
%endif
|
||||
|
||||
%description
|
||||
The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name
|
||||
|
@ -104,12 +52,8 @@ autoreconf -f -i
|
|||
|
||||
%build
|
||||
%configure --libdir=%{nssdir} \
|
||||
%if %{build_pam_ldap}
|
||||
--with-pam-seclib-dir=%{pamdir}
|
||||
%else
|
||||
--disable-pam
|
||||
%endif
|
||||
make %{?_smp_mflags}
|
||||
--with-pam-seclib-dir=%{pamdir}
|
||||
%make_build
|
||||
|
||||
%check
|
||||
make check
|
||||
|
@ -117,68 +61,29 @@ make check
|
|||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
mkdir -p $RPM_BUILD_ROOT/{%{_initddir},%{_libdir},%{_unitdir}}
|
||||
%if %{sysvinit}
|
||||
install -p -m755 %{SOURCE2} $RPM_BUILD_ROOT/%{_initddir}/nslcd
|
||||
%endif
|
||||
%if %{systemd}
|
||||
mkdir -p $RPM_BUILD_ROOT/{%{_libdir},%{_unitdir}}
|
||||
install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} > 13 || 0%{?rhel} > 5
|
||||
%if %{separate_usr}
|
||||
# Follow glibc's convention and provide a .so symlink so that people who know
|
||||
# what to expect can link directly with the module.
|
||||
if test %{_libdir} != /%{_lib} ; then
|
||||
touch $RPM_BUILD_ROOT/rootfile
|
||||
relroot=..
|
||||
while ! test -r $RPM_BUILD_ROOT/%{_libdir}/$relroot/rootfile ; do
|
||||
relroot=../$relroot
|
||||
done
|
||||
ln -s $relroot/%{_lib}/libnss_ldap.so.2 \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so
|
||||
rm $RPM_BUILD_ROOT/rootfile
|
||||
fi
|
||||
%else
|
||||
ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{nssdir}/libnss_ldap.so
|
||||
%endif
|
||||
%endif
|
||||
|
||||
sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
|
||||
touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
|
||||
mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd
|
||||
%if %{tmpfiles}
|
||||
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
|
||||
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf
|
||||
%endif
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO
|
||||
%{_sbindir}/*
|
||||
%{nssdir}/*.so.*
|
||||
%if %{build_pam_ldap}
|
||||
%{nssdir}/*.so*
|
||||
%{pamdir}/pam_ldap.so
|
||||
%endif
|
||||
%{_mandir}/*/*
|
||||
%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf
|
||||
%if %{tmpfiles}
|
||||
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf
|
||||
%endif
|
||||
%if %{sysvinit}
|
||||
%attr(0755,root,root) %{_initddir}/nslcd
|
||||
%endif
|
||||
%if %{systemd}
|
||||
%config(noreplace) %{_unitdir}/*
|
||||
%endif
|
||||
%{_unitdir}/nslcd.service
|
||||
%attr(0755,nslcd,root) /var/run/nslcd
|
||||
%if 0%{?fedora} > 13 || 0%{?rhel} > 5
|
||||
# This would be the only thing in the -devel subpackage, so we include it. It
|
||||
# will conflict with nss_ldap, so only include it for releases where pam_ldap is
|
||||
# its own package.
|
||||
/%{_libdir}/*.so
|
||||
%endif
|
||||
|
||||
%pre
|
||||
getent group ldap > /dev/null || \
|
||||
|
@ -189,151 +94,32 @@ getent passwd nslcd > /dev/null || \
|
|||
|
||||
%post
|
||||
# The usual stuff.
|
||||
%if %{sysvinit}
|
||||
/sbin/chkconfig --add nslcd
|
||||
%endif
|
||||
%if %{systemd}
|
||||
%if %{systemd_macros}
|
||||
%systemd_post nslcd.service
|
||||
%else
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
%endif
|
||||
%endif
|
||||
/sbin/ldconfig
|
||||
# Import important non-default settings from nss_ldap or pam_ldap configuration
|
||||
# files, but only the first time this package is installed.
|
||||
comment="This comment prevents repeated auto-migration of settings."
|
||||
if test -s /etc/nss-ldapd.conf ; then
|
||||
source=/etc/nss-ldapd.conf
|
||||
elif test -s /etc/nss_ldap.conf ; then
|
||||
source=/etc/nss_ldap.conf
|
||||
elif test -s /etc/pam_ldap.conf ; then
|
||||
source=/etc/pam_ldap.conf
|
||||
else
|
||||
source=/etc/ldap.conf
|
||||
fi
|
||||
target=/etc/nslcd.conf
|
||||
if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
|
||||
# Try to make sure we only do this the first time.
|
||||
echo "# $comment" >> $target
|
||||
if grep -E -q '^uri[[:blank:]]' $source 2> /dev/null ; then
|
||||
# Comment out the packaged default host/uri and replace it...
|
||||
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
|
||||
# ... with the uri.
|
||||
grep -E '^uri[[:blank:]]' $source >> $target
|
||||
elif grep -E -q '^host[[:blank:]]' $source 2> /dev/null ; then
|
||||
# Comment out the packaged default host/uri and replace it...
|
||||
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
|
||||
# ... with the "host" reformatted as a URI.
|
||||
scheme=ldap
|
||||
# check for 'ssl on', which means we want to use ldaps://
|
||||
if grep -E -q '^ssl[[:blank:]]+on$' $source 2> /dev/null ; then
|
||||
scheme=ldaps
|
||||
fi
|
||||
grep -E '^host[[:blank:]]' $source |\
|
||||
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target
|
||||
fi
|
||||
# Base doesn't require any special logic.
|
||||
if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
|
||||
# Comment out the packaged default base and replace it.
|
||||
sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
|
||||
grep -E '^base[[:blank:]]' $source >> $target
|
||||
fi
|
||||
# Pull in these settings, if they're set, directly.
|
||||
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
|
||||
grep -E '^(tls_)' $source 2> /dev/null >> $target
|
||||
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target
|
||||
fi
|
||||
# If this is the first time we're being installed, and the system is already
|
||||
# configured to use LDAP as a naming service or for checking and changing
|
||||
# passwords, enable the daemon, but don't start it since we can never know if
|
||||
# that's a safe thing to do. If this is an upgrade, leave the user's runlevel
|
||||
# selections alone.
|
||||
if [ "$1" -eq "1" ]; then
|
||||
authconf=/etc/sysconfig/authconfig
|
||||
if grep -E -q '^USELDAP(AUTH)?=yes$' $authconf 2> /dev/null ; then
|
||||
%if %{sysvinit}
|
||||
/sbin/chkconfig nslcd on
|
||||
%endif
|
||||
%if %{systemd}
|
||||
/bin/systemctl --no-reload enable nslcd.service >/dev/null 2>&1 ||:
|
||||
%endif
|
||||
fi
|
||||
fi
|
||||
# Earlier versions of 0.7.6 of this package would have included both 'gid
|
||||
# nslcd' (a group which doesn't exist) and 'gid ldap' (which we ensure exists).
|
||||
# If we detect both, fix the configuration.
|
||||
if grep -q '^gid nslcd' $target ; then
|
||||
if grep -q '^gid ldap' $target ; then
|
||||
sed -i -e 's,^gid nslcd$,# gid nslcd,g' $target
|
||||
fi
|
||||
fi
|
||||
# In 0.8.4, the name of the attribute which was expected to contain the DNs of
|
||||
# a group's members changed from "uniqueMember" to "member". Change any
|
||||
# instances of "map group uniqueMember ..." to "map group member ...", unless
|
||||
# "member" is already being mapped, in which case attempting this would
|
||||
# probably just confuse things further.
|
||||
if grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]]" $target ; then
|
||||
if ! grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+member[[:blank:]]" $target ; then
|
||||
sed -i -r -e "s,^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]](.*),map group member \1,g" $target
|
||||
fi
|
||||
fi
|
||||
# Create the daemon's /var/run directory if it isn't there.
|
||||
if ! test -d /var/run/nslcd ; then
|
||||
mkdir -p -m 0755 /var/run/nslcd
|
||||
fi
|
||||
exit 0
|
||||
%systemd_post nslcd.service
|
||||
|
||||
%preun
|
||||
if [ "$1" -eq "0" ]; then
|
||||
%if %{sysvinit}
|
||||
/sbin/service nslcd stop >/dev/null 2>&1
|
||||
/sbin/chkconfig --del nslcd
|
||||
%endif
|
||||
%if %{systemd}
|
||||
%if %{systemd_macros}
|
||||
%systemd_preun nslcd.service
|
||||
%else
|
||||
/bin/systemctl --no-reload disable nslcd.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl stop nslcd.service > /dev/null 2>&1 || :
|
||||
%endif
|
||||
%endif
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
%if %{sysvinit}
|
||||
if [ "$1" -ge "1" ]; then
|
||||
/etc/rc.d/init.d/nslcd condrestart >/dev/null 2>&1
|
||||
fi
|
||||
%endif
|
||||
%if %{systemd}
|
||||
%if %{systemd_macros}
|
||||
%systemd_postun_with_restart nslcd.service
|
||||
%else
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
if [ "$1" -ge "1" ]; then
|
||||
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1
|
||||
fi
|
||||
%endif
|
||||
%endif
|
||||
exit 0
|
||||
|
||||
%if %{systemd}
|
||||
%triggerun -- nss-pam-ldapd < 0.7.13-6
|
||||
# Save the current service runlevel info, in case the user wants to apply
|
||||
# the enabled status manually later, by running
|
||||
# "systemd-sysv-convert --apply nslcd".
|
||||
%{_bindir}/systemd-sysv-convert --save nslcd >/dev/null 2>&1 ||:
|
||||
# Do this because the old package's %%postun doesn't know we need to do it.
|
||||
/sbin/chkconfig --del nslcd >/dev/null 2>&1 || :
|
||||
# Do this because the old package's %%postun wouldn't have tried.
|
||||
/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 || :
|
||||
exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sat Mar 31 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.8.14-12
|
||||
- Get rid of all conditions that are always true for both EPEL-7 and Fedora
|
||||
as it's quite unlikely we'd use this specfile on EPEL-6
|
||||
- Remove the sysvinit script and all the scriptlets around it
|
||||
- Unconditionally use systemd scriptlet macros and systemd_requires
|
||||
- Unconditionally build the PAM module as the PADL module is long dead
|
||||
- Remove the auto-migration of settings from nss_ldap as it's been
|
||||
long gone from Fedora
|
||||
- Don't check /etc/sysconfig/authconfig as authconfig is on its way
|
||||
out from Fedora
|
||||
- Use only spaces, not tabs, to stop my editor from looking like a
|
||||
Christmas tree
|
||||
- Remove the obsolete Group stanza
|
||||
- Make nscd Recommended, not Required
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.14-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
|
|
Loading…
Reference in New Issue