Compare commits
34 Commits
Author | SHA1 | Date |
---|---|---|
Miro Hrončok | d3ba8fb11a | |
Stephen Gallagher | 52b92253b5 | |
Fedora Release Engineering | d754fc4089 | |
Alexey Tikhonov | fc2376eb12 | |
Pavel Březina | a168c6ad5f | |
Pavel Březina | cf2cbdba82 | |
Pavel Březina | d24bcc9e43 | |
Pavel Březina | ac043fc3b6 | |
Pavel Březina | 75b451ce66 | |
Pavel Březina | de3d5df87d | |
Adam Williamson | d6d567aead | |
Fedora Release Engineering | beee1ce0c2 | |
Pavel Březina | 6895b4538e | |
Python Maint | 2e485e40e8 | |
Pavel Březina | 450f45b104 | |
Pavel Březina | ec123cd550 | |
Pavel Březina | 562c0b9a10 | |
Pavel Březina | aa08692c22 | |
Iker Pedrosa | 5591d45546 | |
Pavel Březina | 1e24a3ac9d | |
Pavel Březina | 94f6ba0323 | |
Pavel Březina | a6c8ad89b6 | |
Fedora Release Engineering | 2136e097a2 | |
Iker Pedrosa | 637b653264 | |
Iker Pedrosa | 2739fd3aa8 | |
Pavel Březina | 2bec749253 | |
Pavel Březina | 31f8189d14 | |
Pavel Březina | a4a75d5f98 | |
Pavel Březina | 306f2f008c | |
Pavel Březina | c0c482c21d | |
Pavel Březina | 879ffa1b7c | |
Iker Pedrosa | 1f7c03c1eb | |
Sahana Prasad | 7f02d6d429 | |
Pavel Březina | 866067e628 |
|
@ -94,3 +94,14 @@ sssd-1.2.91.tar.gz
|
|||
/sssd-2.5.0.tar.gz
|
||||
/sssd-2.5.1.tar.gz
|
||||
/sssd-2.5.2.tar.gz
|
||||
/sssd-2.6.0.tar.gz
|
||||
/sssd-2.6.1.tar.gz
|
||||
/sssd-2.6.2.tar.gz
|
||||
/sssd-2.6.3.tar.gz
|
||||
/sssd-2.7.0.tar.gz
|
||||
/sssd-2.7.1.tar.gz
|
||||
/sssd-2.7.3.tar.gz
|
||||
/sssd-2.7.4.tar.gz
|
||||
/sssd-2.8.0.tar.gz
|
||||
/sssd-2.8.1.tar.gz
|
||||
/sssd-2.8.2.tar.gz
|
||||
|
|
File diff suppressed because it is too large
Load Diff
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (sssd-2.5.2.tar.gz) = a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48
|
||||
SHA512 (sssd-2.8.2.tar.gz) = 10b7a641823aefb43e30bff9e5f309a1f48446ffff421a06f86496db24ba1fbd384733b5690864507ef9b2f04c91e563fe9820536031f83f1bd6e93edfedee55
|
||||
|
|
181
sssd.spec
181
sssd.spec
|
@ -14,6 +14,22 @@
|
|||
%global child_attrs 4750
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
|
||||
%global build_subid 1
|
||||
%else
|
||||
%global build_subid 0
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 34
|
||||
%global build_kcm_renewals 1
|
||||
%global krb5_version 1.19.1
|
||||
%elif 0%{?rhel} >= 8
|
||||
%global build_kcm_renewals 1
|
||||
%global krb5_version 1.18.2
|
||||
%else
|
||||
%global build_kcm_renewals 0
|
||||
%endif
|
||||
|
||||
# we don't want to provide private python extension libs
|
||||
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
|
||||
|
||||
|
@ -26,15 +42,14 @@
|
|||
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
|
||||
|
||||
Name: sssd
|
||||
Version: 2.5.2
|
||||
Version: 2.8.2
|
||||
Release: 4%{?dist}
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
URL: https://github.com/SSSD/sssd/
|
||||
Source0: https://github.com/SSSD/sssd/releases/download/2.5.2/sssd-2.5.2.tar.gz
|
||||
Source0: https://github.com/SSSD/sssd/releases/download/2.8.2/sssd-2.8.2.tar.gz
|
||||
|
||||
### Patches ###
|
||||
Patch0001: 0001-Basics-of-subid-ranges-support-for-IPA-provider.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
|
@ -43,8 +58,8 @@ Requires: sssd-common = %{version}-%{release}
|
|||
Requires: sssd-ipa = %{version}-%{release}
|
||||
Requires: sssd-krb5 = %{version}-%{release}
|
||||
Requires: sssd-ldap = %{version}-%{release}
|
||||
Recommends: sssd-proxy = %{version}-%{release}
|
||||
Recommends: logrotate
|
||||
Requires: sssd-proxy = %{version}-%{release}
|
||||
Suggests: logrotate
|
||||
Suggests: python3-sssdconfig = %{version}-%{release}
|
||||
Suggests: sssd-dbus = %{version}-%{release}
|
||||
|
||||
|
@ -74,10 +89,11 @@ BuildRequires: findutils
|
|||
BuildRequires: gcc
|
||||
BuildRequires: gdm-pam-extensions-devel
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: glib2-devel
|
||||
# required for p11_child smartcard tests
|
||||
BuildRequires: gnutls-utils
|
||||
BuildRequires: jansson-devel
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: libjose-devel
|
||||
BuildRequires: keyutils-libs-devel
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcmocka-devel >= 1.0.0
|
||||
|
@ -93,6 +109,8 @@ BuildRequires: libtalloc-devel
|
|||
BuildRequires: libtdb-devel
|
||||
BuildRequires: libtevent-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libunistring
|
||||
BuildRequires: libunistring-devel
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: libxml2
|
||||
BuildRequires: libxslt
|
||||
|
@ -111,16 +129,24 @@ BuildRequires: pcre2-devel
|
|||
BuildRequires: pkgconfig
|
||||
BuildRequires: popt-devel
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: (python3-setuptools if python3 >= 3.12)
|
||||
BuildRequires: samba-devel
|
||||
# required for idmap_sss.so
|
||||
BuildRequires: samba-winbind
|
||||
BuildRequires: selinux-policy-targeted
|
||||
# required for p11_child smartcard tests
|
||||
BuildRequires: softhsm >= 2.1.0
|
||||
BuildRequires: bc
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
BuildRequires: uid_wrapper
|
||||
BuildRequires: po4a
|
||||
%if %{build_subid}
|
||||
BuildRequires: shadow-utils-subid-devel
|
||||
%endif
|
||||
%if %{build_kcm_renewals}
|
||||
BuildRequires: krb5-libs >= %{krb5_version}
|
||||
%endif
|
||||
|
||||
%description
|
||||
Provides a set of daemons to manage access to remote directories and
|
||||
|
@ -140,9 +166,9 @@ License: GPLv3+
|
|||
Requires: libldb >= %{ldb_version}
|
||||
Requires: libtevent >= 0.11.0
|
||||
Requires: sssd-client%{?_isa} = %{version}-%{release}
|
||||
Recommends: libsss_sudo = %{version}-%{release}
|
||||
Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
|
||||
Recommends: sssd-nfs-idmap = %{version}-%{release}
|
||||
Requires: (libsss_sudo = %{version}-%{release} if sudo)
|
||||
Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs)
|
||||
Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap)
|
||||
Requires: libsss_idmap = %{version}-%{release}
|
||||
Requires: libsss_certmap = %{version}-%{release}
|
||||
%if 0%{?rhel}
|
||||
|
@ -195,13 +221,12 @@ Requires: sssd-common = %{version}-%{release}
|
|||
Requires: python3-sss = %{version}-%{release}
|
||||
Requires: python3-sssdconfig = %{version}-%{release}
|
||||
Requires: libsss_certmap = %{version}-%{release}
|
||||
Recommends: sssd-dbus
|
||||
# for logger=journald support with sss_analyze
|
||||
Requires: python3-systemd
|
||||
Requires: sssd-dbus
|
||||
|
||||
%description tools
|
||||
Provides userspace tools for manipulating users, groups, and nested groups in
|
||||
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
|
||||
|
||||
Also provides several other administrative tools:
|
||||
Provides several administrative tools:
|
||||
* sss_debuglevel to change the debug level on the fly
|
||||
* sss_seed which pre-creates a user entry for use in kickstarts
|
||||
* sss_obfuscate for generating an obfuscated LDAP password
|
||||
|
@ -223,11 +248,8 @@ Requires: sssd-common = %{version}-%{release}
|
|||
%{?python_provide:%python_provide python3-sss}
|
||||
|
||||
%description -n python3-sss
|
||||
Provides python3 module for manipulating users, groups, and nested groups in
|
||||
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
|
||||
|
||||
Also provides several other useful python3 bindings:
|
||||
* function for retrieving list of groups user belongs to.
|
||||
Provides python3 bindings:
|
||||
* function for retrieving list of groups user belongs to
|
||||
* class for obfuscation of passwords
|
||||
|
||||
%package -n python3-sss-murmur
|
||||
|
@ -468,13 +490,25 @@ Library to map certificates to users based on rules
|
|||
Summary: An implementation of a Kerberos KCM server
|
||||
License: GPLv3+
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: krb5-libs >= 1.19.1
|
||||
%if %{build_kcm_renewals}
|
||||
Requires: krb5-libs >= %{krb5_version}
|
||||
%endif
|
||||
%{?systemd_requires}
|
||||
|
||||
%description kcm
|
||||
An implementation of a Kerberos KCM server. Use this package if you want to
|
||||
use the KCM: Kerberos credentials cache.
|
||||
|
||||
%package idp
|
||||
Summary: Kerberos plugins and OIDC helper for external identity providers.
|
||||
License: GPLv3+
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
|
||||
%description idp
|
||||
This package provides Kerberos plugins that are required to enable
|
||||
authentication against external identity providers. Additionally a helper
|
||||
program to handle the OAuth 2.0 Device Authorization Grant is provided.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
|
@ -503,6 +537,9 @@ autoreconf -ivf
|
|||
--with-sssd-user=%{sssd_user} \
|
||||
--with-syslog=journald \
|
||||
--with-test-dir=/dev/shm \
|
||||
%if %{build_subid}
|
||||
--with-subid \
|
||||
%endif
|
||||
%if 0%{?fedora}
|
||||
--disable-polkit-rules-path \
|
||||
%endif
|
||||
|
@ -510,6 +547,7 @@ autoreconf -ivf
|
|||
|
||||
%make_build all docs runstatedir=%{_rundir}
|
||||
|
||||
%py3_shebang_fix src/tools/analyzer/sss_analyze
|
||||
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
|
||||
|
||||
%check
|
||||
|
@ -537,6 +575,14 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
|
|||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
|
||||
|
||||
# Enable krb5 idp plugins by default (when sssd-idp package is installed)
|
||||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp
|
||||
|
||||
# krb5 configuration snippet
|
||||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
|
||||
|
||||
# Create directory for cifs-idmap alternative
|
||||
# Otherwise this directory could not be owned by sssd-client
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
|
||||
|
@ -549,7 +595,7 @@ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
|
|||
|
||||
# Older versions of rpmbuild can only handle one -f option
|
||||
# So we need to append to the sssd*.lang file
|
||||
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
|
||||
for file in `find $RPM_BUILD_ROOT/%{python3_sitelib} -maxdepth 1 -name "*.egg-info" 2> /dev/null`
|
||||
do
|
||||
echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
|
||||
done
|
||||
|
@ -763,6 +809,9 @@ done
|
|||
%license COPYING
|
||||
%{_libdir}/%{name}/libsss_krb5.so
|
||||
%{_mandir}/man5/sssd-krb5.5*
|
||||
%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
|
||||
%dir %{_datadir}/sssd/krb5-snippets
|
||||
%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
|
||||
|
||||
%files common-pac
|
||||
%license COPYING
|
||||
|
@ -808,6 +857,9 @@ done
|
|||
%files client -f sssd_client.lang
|
||||
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
|
||||
%{_libdir}/libnss_sss.so.2
|
||||
%if %{build_subid}
|
||||
%{_libdir}/libsubid_sss.so
|
||||
%endif
|
||||
%{_libdir}/security/pam_sss.so
|
||||
%{_libdir}/security/pam_sss_gss.so
|
||||
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
|
||||
|
@ -822,6 +874,7 @@ done
|
|||
%{_mandir}/man8/pam_sss.8*
|
||||
%{_mandir}/man8/pam_sss_gss.8*
|
||||
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
|
||||
%{_mandir}/man8/sssd_krb5_localauth_plugin.8*
|
||||
|
||||
%files -n libsss_sudo
|
||||
%license src/sss_client/COPYING
|
||||
|
@ -839,6 +892,8 @@ done
|
|||
%{_sbindir}/sss_debuglevel
|
||||
%{_sbindir}/sss_seed
|
||||
%{_sbindir}/sssctl
|
||||
%{_libexecdir}/%{servicename}/sss_analyze
|
||||
%{python3_sitelib}/sssd/
|
||||
%{_mandir}/man8/sss_obfuscate.8*
|
||||
%{_mandir}/man8/sss_override.8*
|
||||
%{_mandir}/man8/sss_debuglevel.8*
|
||||
|
@ -924,7 +979,12 @@ done
|
|||
%{_unitdir}/sssd-kcm.socket
|
||||
%{_unitdir}/sssd-kcm.service
|
||||
%{_mandir}/man8/sssd-kcm.8*
|
||||
%{_libdir}/%{name}/libsss_secrets.so
|
||||
|
||||
%files idp
|
||||
%{_libexecdir}/%{servicename}/oidc_child
|
||||
%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so
|
||||
%{_datadir}/sssd/krb5-snippets/sssd_enable_idp
|
||||
%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp
|
||||
|
||||
%if 0%{?rhel}
|
||||
%pre common
|
||||
|
@ -1000,6 +1060,83 @@ fi
|
|||
%systemd_postun_with_restart sssd.service
|
||||
|
||||
%changelog
|
||||
* Thu Jan 26 2023 Stephen Gallagher <sgallagh@redhat.com> - 2.8.2-4
|
||||
- Rebuild against libunistring 1.1
|
||||
|
||||
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Fri Jan 20 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-2
|
||||
- Rebuild against Samba 4.18rc1
|
||||
|
||||
* Fri Dec 9 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.2-1
|
||||
- Rebase to SSSD 2.8.2
|
||||
|
||||
* Fri Nov 4 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.1-1
|
||||
- Rebase to SSSD 2.8.1
|
||||
|
||||
* Mon Oct 24 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.0-2
|
||||
- Fix regression, syslog is no longer spammed when no SSSD domain is configured (#2133437)
|
||||
|
||||
* Fri Oct 7 2022 Pavel Březina <pbrezina@redhat.com> - 2.8.0-1
|
||||
- Rebase to SSSD 2.8.0
|
||||
|
||||
* Fri Aug 26 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.4-1
|
||||
- Rebase to SSSD 2.7.4
|
||||
|
||||
* Tue Aug 09 2022 Adam Williamson <awilliam@redhat.com> - 2.7.3-3
|
||||
- Rebuild against new libndr
|
||||
|
||||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Mon Jul 4 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.3-1
|
||||
- Rebase to SSSD 2.7.3
|
||||
|
||||
* Wed Jun 15 2022 Python Maint <python-maint@redhat.com> - 2.7.1-3
|
||||
- Rebuilt for Python 3.11
|
||||
|
||||
* Thu Jun 9 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-2
|
||||
- Fix regression in IPA provider (#2094685)
|
||||
|
||||
* Thu Jun 2 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-1
|
||||
- Rebase to SSSD 2.7.1
|
||||
|
||||
* Thu Apr 14 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.0-1
|
||||
- Rebase to SSSD 2.7.0
|
||||
|
||||
* Tue Jan 25 2022 Pavel Březina <pbrezina@redhat.com> - 2.6.3-1
|
||||
- Rebase to SSSD 2.6.3
|
||||
|
||||
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Tue Jan 04 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2.6.2-2
|
||||
- Fix IPA reply socket of selinux_child
|
||||
|
||||
* Thu Dec 23 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2.6.2-1
|
||||
- Rebase to SSSD 2.6.2
|
||||
|
||||
* Tue Nov 09 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.1-1
|
||||
- Rebase to SSSD 2.6.1
|
||||
|
||||
* Mon Nov 01 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.0-2
|
||||
- Add additional patches on top of 2.6.0
|
||||
- Fix KCM upgrade from older releases
|
||||
- Enable subid ranges
|
||||
|
||||
* Thu Oct 14 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.0-1
|
||||
- Rebase to SSSD 2.6.0
|
||||
|
||||
* Tue Sep 21 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2.5.2-7
|
||||
- Solve compilation problem with autoconf
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.5.2-6
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
* Mon Aug 16 2021 Pavel Březina <pbrezina@redhat.com> - 2.5.2-5
|
||||
- Fix CVE-2021-3621
|
||||
|
||||
* Mon Aug 09 2021 Pavel Březina <pbrezina@redhat.com> - 2.5.2-4
|
||||
- Disable running files provider by default
|
||||
- Support subid ranges managed by FreeIPA
|
||||
|
|
Loading…
Reference in New Issue