Improved handling of users and groups with multi-valued name attributes

(aliases)
Performance enhancements
Initgroups on RFC2307bis/FreeIPA
HBAC rule processing
Improved process-hang detection and restarting
Enabled the midpoint cache refresh by default (fewer cache misses on
commonly-used entries)
Cleaned up the example configuration
New tool to change debug level on the fly
This commit is contained in:
Stephen Gallagher 2011-10-18 17:24:31 -04:00
parent a6910c0007
commit 75138e2284
3 changed files with 37 additions and 20 deletions

1
.gitignore vendored
View File

@ -17,3 +17,4 @@ sssd-1.2.91.tar.gz
/sssd-1.5.11.tar.gz /sssd-1.5.11.tar.gz
/sssd-1.6.0.tar.gz /sssd-1.6.0.tar.gz
/sssd-1.6.1.tar.gz /sssd-1.6.1.tar.gz
/sssd-1.6.2.tar.gz

View File

@ -1 +1 @@
2da6d0006b70929d4d491e952e808bf5 sssd-1.6.1.tar.gz 38cf9c8dc8f173e068fcb31b7ee9baf1 sssd-1.6.2.tar.gz

View File

@ -3,6 +3,12 @@
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif %endif
# we don't want to provide private python extension libs
%{?filter_setup:
%filter_provides_in %{python_sitearch}/.*\.so$
%filter_setup
}
%if (0%{?fedora} > 15) %if (0%{?fedora} > 15)
%define _hardened_build 1 %define _hardened_build 1
%endif %endif
@ -12,7 +18,7 @@
%global ldb_version 1.1.0 %global ldb_version 1.1.0
Name: sssd Name: sssd
Version: 1.6.1 Version: 1.6.2
Release: 1%{?dist} Release: 1%{?dist}
Group: Applications/System Group: Applications/System
Summary: System Security Services Daemon Summary: System Security Services Daemon
@ -84,6 +90,7 @@ BuildRequires: libnl-devel
BuildRequires: nscd BuildRequires: nscd
BuildRequires: gettext-devel BuildRequires: gettext-devel
BuildRequires: libunistring-devel BuildRequires: libunistring-devel
BuildRequires: findutils
%description %description
Provides a set of daemons to manage access to remote directories and Provides a set of daemons to manage access to remote directories and
@ -152,13 +159,14 @@ autoreconf -ivf
--with-pipe-path=%{pipepath} \ --with-pipe-path=%{pipepath} \
--with-pubconf-path=%{pubconfpath} \ --with-pubconf-path=%{pubconfpath} \
--with-init-dir=%{_initrddir} \ --with-init-dir=%{_initrddir} \
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
--enable-nsslibdir=/%{_lib} \ --enable-nsslibdir=/%{_lib} \
--enable-pammoddir=/%{_lib}/security \ --enable-pammoddir=/%{_lib}/security \
--disable-static \ --disable-static \
--disable-rpath \ --disable-rpath \
--with-test-dir=/dev/shm --with-test-dir=/dev/shm
make %{?_smp_mflags} make %{?_smp_mflags} all docs
%check %check
export CK_TIMEOUT_MULTIPLIER=10 export CK_TIMEOUT_MULTIPLIER=10
@ -173,9 +181,9 @@ make install DESTDIR=$RPM_BUILD_ROOT
# Prepare language files # Prepare language files
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd /usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
# Copy default sssd.conf file # Copy SSSDConfig API files
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
install -m600 src/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf touch $RPM_BUILD_ROOT/%{_sysconfdir}/sssd/sssd.conf
install -m400 src/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf install -m400 src/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf
install -m400 src/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/ install -m400 src/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/
@ -193,19 +201,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/
cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/ cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/
# Remove .la files created by libtool # Remove .la files created by libtool
rm -f \ find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \ # Suppress developer-only documentation
$RPM_BUILD_ROOT/%{ldb_modulesdir}/memberof.la \ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}/doc
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_simple.la \
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
$RPM_BUILD_ROOT/%{_libdir}/libipa_hbac.la \
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la \
$RPM_BUILD_ROOT/%{python_sitearch}/pyhbac.la
# Older versions of rpmbuild can only handle one -f option # Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd.lang file # So we need to append to the sssd.lang file
@ -234,24 +233,26 @@ rm -rf $RPM_BUILD_ROOT
%files -f sssd.lang %files -f sssd.lang
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc COPYING %doc COPYING
%doc src/examples/sssd.conf
%{_unitdir}/sssd.service %{_unitdir}/sssd.service
%{_sbindir}/sssd %{_sbindir}/sssd
%{_libexecdir}/%{servicename}/ %{_libexecdir}/%{servicename}/
%{_libdir}/%{name}/ %{_libdir}/%{name}/
%{ldb_modulesdir}/memberof.so %{ldb_modulesdir}/memberof.so
%dir %{sssdstatedir} %dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
%attr(700,root,root) %dir %{dbpath} %attr(700,root,root) %dir %{dbpath}
%attr(755,root,root) %dir %{pipepath} %attr(755,root,root) %dir %{pipepath}
%attr(755,root,root) %dir %{pubconfpath} %attr(755,root,root) %dir %{pubconfpath}
%attr(700,root,root) %dir %{pipepath}/private %attr(700,root,root) %dir %{pipepath}/private
%attr(750,root,root) %dir %{_var}/log/%{name} %attr(750,root,root) %dir %{_var}/log/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/sssd %attr(700,root,root) %dir %{_sysconfdir}/sssd
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf %ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd %config(noreplace) %{_sysconfdir}/logrotate.d/sssd
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd %config(noreplace) %{_sysconfdir}/rwtab.d/sssd
%config %{_sysconfdir}/sssd/sssd.api.conf %config %{_sysconfdir}/sssd/sssd.api.conf
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d %attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
%config %{_sysconfdir}/sssd/sssd.api.d/ %config %{_sysconfdir}/sssd/sssd.api.d/*
%{_mandir}/man5/sssd.conf.5* %{_mandir}/man5/sssd.conf.5*
%{_mandir}/man5/sssd-ipa.5* %{_mandir}/man5/sssd-ipa.5*
%{_mandir}/man5/sssd-krb5.5* %{_mandir}/man5/sssd-krb5.5*
@ -282,6 +283,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sbindir}/sss_groupshow %{_sbindir}/sss_groupshow
%{_sbindir}/sss_obfuscate %{_sbindir}/sss_obfuscate
%{_sbindir}/sss_cache %{_sbindir}/sss_cache
%{_sbindir}/sss_debuglevel
%{_mandir}/man8/sss_groupadd.8* %{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8* %{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8* %{_mandir}/man8/sss_groupmod.8*
@ -291,6 +293,7 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sss_usermod.8* %{_mandir}/man8/sss_usermod.8*
%{_mandir}/man8/sss_obfuscate.8* %{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_cache.8* %{_mandir}/man8/sss_cache.8*
%{_mandir}/man8/sss_debuglevel.8*
%files -n libipa_hbac %files -n libipa_hbac
%defattr(-,root,root,-) %defattr(-,root,root,-)
@ -299,6 +302,7 @@ rm -rf $RPM_BUILD_ROOT
%files -n libipa_hbac-devel %files -n libipa_hbac-devel
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc hbac_doc/html
%{_includedir}/ipa_hbac.h %{_includedir}/ipa_hbac.h
%{_libdir}/libipa_hbac.so %{_libdir}/libipa_hbac.so
%{_libdir}/pkgconfig/ipa_hbac.pc %{_libdir}/pkgconfig/ipa_hbac.pc
@ -353,6 +357,18 @@ fi
%postun -n libipa_hbac -p /sbin/ldconfig %postun -n libipa_hbac -p /sbin/ldconfig
%changelog %changelog
* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1
- Improved handling of users and groups with multi-valued name attributes
(aliases)
- Performance enhancements
Initgroups on RFC2307bis/FreeIPA
HBAC rule processing
- Improved process-hang detection and restarting
- Enabled the midpoint cache refresh by default (fewer cache misses on
commonly-used entries)
- Cleaned up the example configuration
- New tool to change debug level on the fly
* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1 * Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1
- New upstream release 1.6.1 - New upstream release 1.6.1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1