Compare commits
14 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
adaf48077d | ||
|
d4e9bb77c7 | ||
|
a6bd748810 | ||
|
27aeda066a | ||
|
ead475bdc9 | ||
|
cc487be535 | ||
|
f866020248 | ||
|
6abb9247b9 | ||
|
fb7e3914c8 | ||
|
3fe7e4133f | ||
|
441a4fbedb | ||
|
cd66015704 | ||
|
721a66ff38 | ||
|
339a1fb07b |
8
.gitignore
vendored
8
.gitignore
vendored
@ -94,3 +94,11 @@ sssd-1.2.91.tar.gz
|
||||
/sssd-2.5.0.tar.gz
|
||||
/sssd-2.5.1.tar.gz
|
||||
/sssd-2.5.2.tar.gz
|
||||
/sssd-2.6.0.tar.gz
|
||||
/sssd-2.6.1.tar.gz
|
||||
/sssd-2.6.2.tar.gz
|
||||
/sssd-2.6.3.tar.gz
|
||||
/sssd-2.7.0.tar.gz
|
||||
/sssd-2.7.1.tar.gz
|
||||
/sssd-2.7.3.tar.gz
|
||||
/sssd-2.7.4.tar.gz
|
||||
|
File diff suppressed because it is too large
Load Diff
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (sssd-2.5.2.tar.gz) = a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48
|
||||
SHA512 (sssd-2.7.4.tar.gz) = 2c211f7fdc4325c77e2bf61c5c6981a9a7809d6e02f43b564ed3bb63390f91461f4c48910d4bf111484e00f428ce827f2a5b960930c6b95f2662c7e1207af53b
|
||||
|
142
sssd.spec
142
sssd.spec
@ -14,6 +14,22 @@
|
||||
%global child_attrs 4750
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
|
||||
%global build_subid 1
|
||||
%else
|
||||
%global build_subid 0
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 34
|
||||
%global build_kcm_renewals 1
|
||||
%global krb5_version 1.19.1
|
||||
%elif 0%{?rhel} >= 8
|
||||
%global build_kcm_renewals 1
|
||||
%global krb5_version 1.18.2
|
||||
%else
|
||||
%global build_kcm_renewals 0
|
||||
%endif
|
||||
|
||||
# we don't want to provide private python extension libs
|
||||
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
|
||||
|
||||
@ -26,15 +42,14 @@
|
||||
%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
|
||||
|
||||
Name: sssd
|
||||
Version: 2.5.2
|
||||
Release: 4%{?dist}
|
||||
Version: 2.7.4
|
||||
Release: 1%{?dist}
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
URL: https://github.com/SSSD/sssd/
|
||||
Source0: https://github.com/SSSD/sssd/releases/download/2.5.2/sssd-2.5.2.tar.gz
|
||||
Source0: https://github.com/SSSD/sssd/releases/download/2.7.4/sssd-2.7.4.tar.gz
|
||||
|
||||
### Patches ###
|
||||
Patch0001: 0001-Basics-of-subid-ranges-support-for-IPA-provider.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
@ -43,8 +58,8 @@ Requires: sssd-common = %{version}-%{release}
|
||||
Requires: sssd-ipa = %{version}-%{release}
|
||||
Requires: sssd-krb5 = %{version}-%{release}
|
||||
Requires: sssd-ldap = %{version}-%{release}
|
||||
Recommends: sssd-proxy = %{version}-%{release}
|
||||
Recommends: logrotate
|
||||
Requires: sssd-proxy = %{version}-%{release}
|
||||
Suggests: logrotate
|
||||
Suggests: python3-sssdconfig = %{version}-%{release}
|
||||
Suggests: sssd-dbus = %{version}-%{release}
|
||||
|
||||
@ -74,10 +89,11 @@ BuildRequires: findutils
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gdm-pam-extensions-devel
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: glib2-devel
|
||||
# required for p11_child smartcard tests
|
||||
BuildRequires: gnutls-utils
|
||||
BuildRequires: jansson-devel
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: libjose-devel
|
||||
BuildRequires: keyutils-libs-devel
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcmocka-devel >= 1.0.0
|
||||
@ -93,6 +109,8 @@ BuildRequires: libtalloc-devel
|
||||
BuildRequires: libtdb-devel
|
||||
BuildRequires: libtevent-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libunistring
|
||||
BuildRequires: libunistring-devel
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: libxml2
|
||||
BuildRequires: libxslt
|
||||
@ -121,6 +139,12 @@ BuildRequires: systemd-devel
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
BuildRequires: uid_wrapper
|
||||
BuildRequires: po4a
|
||||
%if %{build_subid}
|
||||
BuildRequires: shadow-utils-subid-devel
|
||||
%endif
|
||||
%if %{build_kcm_renewals}
|
||||
BuildRequires: krb5-libs >= %{krb5_version}
|
||||
%endif
|
||||
|
||||
%description
|
||||
Provides a set of daemons to manage access to remote directories and
|
||||
@ -140,9 +164,9 @@ License: GPLv3+
|
||||
Requires: libldb >= %{ldb_version}
|
||||
Requires: libtevent >= 0.11.0
|
||||
Requires: sssd-client%{?_isa} = %{version}-%{release}
|
||||
Recommends: libsss_sudo = %{version}-%{release}
|
||||
Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
|
||||
Recommends: sssd-nfs-idmap = %{version}-%{release}
|
||||
Requires: (libsss_sudo = %{version}-%{release} if sudo)
|
||||
Requires: (libsss_autofs%{?_isa} = %{version}-%{release} if autofs)
|
||||
Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap)
|
||||
Requires: libsss_idmap = %{version}-%{release}
|
||||
Requires: libsss_certmap = %{version}-%{release}
|
||||
%if 0%{?rhel}
|
||||
@ -195,13 +219,12 @@ Requires: sssd-common = %{version}-%{release}
|
||||
Requires: python3-sss = %{version}-%{release}
|
||||
Requires: python3-sssdconfig = %{version}-%{release}
|
||||
Requires: libsss_certmap = %{version}-%{release}
|
||||
Recommends: sssd-dbus
|
||||
# for logger=journald support with sss_analyze
|
||||
Requires: python3-systemd
|
||||
Requires: sssd-dbus
|
||||
|
||||
%description tools
|
||||
Provides userspace tools for manipulating users, groups, and nested groups in
|
||||
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
|
||||
|
||||
Also provides several other administrative tools:
|
||||
Provides several administrative tools:
|
||||
* sss_debuglevel to change the debug level on the fly
|
||||
* sss_seed which pre-creates a user entry for use in kickstarts
|
||||
* sss_obfuscate for generating an obfuscated LDAP password
|
||||
@ -223,11 +246,8 @@ Requires: sssd-common = %{version}-%{release}
|
||||
%{?python_provide:%python_provide python3-sss}
|
||||
|
||||
%description -n python3-sss
|
||||
Provides python3 module for manipulating users, groups, and nested groups in
|
||||
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
|
||||
|
||||
Also provides several other useful python3 bindings:
|
||||
* function for retrieving list of groups user belongs to.
|
||||
Provides python3 bindings:
|
||||
* function for retrieving list of groups user belongs to
|
||||
* class for obfuscation of passwords
|
||||
|
||||
%package -n python3-sss-murmur
|
||||
@ -468,13 +488,25 @@ Library to map certificates to users based on rules
|
||||
Summary: An implementation of a Kerberos KCM server
|
||||
License: GPLv3+
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: krb5-libs >= 1.19.1
|
||||
%if %{build_kcm_renewals}
|
||||
Requires: krb5-libs >= %{krb5_version}
|
||||
%endif
|
||||
%{?systemd_requires}
|
||||
|
||||
%description kcm
|
||||
An implementation of a Kerberos KCM server. Use this package if you want to
|
||||
use the KCM: Kerberos credentials cache.
|
||||
|
||||
%package idp
|
||||
Summary: Kerberos plugins and OIDC helper for external identity providers.
|
||||
License: GPLv3+
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
|
||||
%description idp
|
||||
This package provides Kerberos plugins that are required to enable
|
||||
authentication against external identity providers. Additionally a helper
|
||||
program to handle the OAuth 2.0 Device Authorization Grant is provided.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
@ -503,6 +535,9 @@ autoreconf -ivf
|
||||
--with-sssd-user=%{sssd_user} \
|
||||
--with-syslog=journald \
|
||||
--with-test-dir=/dev/shm \
|
||||
%if %{build_subid}
|
||||
--with-subid \
|
||||
%endif
|
||||
%if 0%{?fedora}
|
||||
--disable-polkit-rules-path \
|
||||
%endif
|
||||
@ -510,6 +545,7 @@ autoreconf -ivf
|
||||
|
||||
%make_build all docs runstatedir=%{_rundir}
|
||||
|
||||
%py3_shebang_fix src/tools/analyzer/sss_analyze
|
||||
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
|
||||
|
||||
%check
|
||||
@ -537,6 +573,14 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
|
||||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
|
||||
|
||||
# Enable krb5 idp plugins by default (when sssd-idp package is installed)
|
||||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp
|
||||
|
||||
# krb5 configuration snippet
|
||||
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
|
||||
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
|
||||
|
||||
# Create directory for cifs-idmap alternative
|
||||
# Otherwise this directory could not be owned by sssd-client
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
|
||||
@ -549,7 +593,7 @@ rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
|
||||
|
||||
# Older versions of rpmbuild can only handle one -f option
|
||||
# So we need to append to the sssd*.lang file
|
||||
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
|
||||
for file in `find $RPM_BUILD_ROOT/%{python3_sitelib} -maxdepth 1 -name "*.egg-info" 2> /dev/null`
|
||||
do
|
||||
echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
|
||||
done
|
||||
@ -763,6 +807,9 @@ done
|
||||
%license COPYING
|
||||
%{_libdir}/%{name}/libsss_krb5.so
|
||||
%{_mandir}/man5/sssd-krb5.5*
|
||||
%config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
|
||||
%dir %{_datadir}/sssd/krb5-snippets
|
||||
%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir
|
||||
|
||||
%files common-pac
|
||||
%license COPYING
|
||||
@ -808,6 +855,9 @@ done
|
||||
%files client -f sssd_client.lang
|
||||
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
|
||||
%{_libdir}/libnss_sss.so.2
|
||||
%if %{build_subid}
|
||||
%{_libdir}/libsubid_sss.so
|
||||
%endif
|
||||
%{_libdir}/security/pam_sss.so
|
||||
%{_libdir}/security/pam_sss_gss.so
|
||||
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
|
||||
@ -822,6 +872,7 @@ done
|
||||
%{_mandir}/man8/pam_sss.8*
|
||||
%{_mandir}/man8/pam_sss_gss.8*
|
||||
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
|
||||
%{_mandir}/man8/sssd_krb5_localauth_plugin.8*
|
||||
|
||||
%files -n libsss_sudo
|
||||
%license src/sss_client/COPYING
|
||||
@ -839,6 +890,8 @@ done
|
||||
%{_sbindir}/sss_debuglevel
|
||||
%{_sbindir}/sss_seed
|
||||
%{_sbindir}/sssctl
|
||||
%{_libexecdir}/%{servicename}/sss_analyze
|
||||
%{python3_sitelib}/sssd/
|
||||
%{_mandir}/man8/sss_obfuscate.8*
|
||||
%{_mandir}/man8/sss_override.8*
|
||||
%{_mandir}/man8/sss_debuglevel.8*
|
||||
@ -924,7 +977,12 @@ done
|
||||
%{_unitdir}/sssd-kcm.socket
|
||||
%{_unitdir}/sssd-kcm.service
|
||||
%{_mandir}/man8/sssd-kcm.8*
|
||||
%{_libdir}/%{name}/libsss_secrets.so
|
||||
|
||||
%files idp
|
||||
%{_libexecdir}/%{servicename}/oidc_child
|
||||
%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so
|
||||
%{_datadir}/sssd/krb5-snippets/sssd_enable_idp
|
||||
%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp
|
||||
|
||||
%if 0%{?rhel}
|
||||
%pre common
|
||||
@ -1000,6 +1058,44 @@ fi
|
||||
%systemd_postun_with_restart sssd.service
|
||||
|
||||
%changelog
|
||||
* Fri Aug 26 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.4-1
|
||||
- Rebase to SSSD 2.7.4
|
||||
|
||||
* Mon Jul 4 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.3-1
|
||||
- Rebase to SSSD 2.7.3
|
||||
|
||||
* Thu Jun 9 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-2
|
||||
- Fix regression in IPA provider (#2094685)
|
||||
|
||||
* Thu Jun 2 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-1
|
||||
- Rebase to SSSD 2.7.1
|
||||
|
||||
* Thu Apr 14 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.0-1
|
||||
- Rebase to SSSD 2.7.0
|
||||
|
||||
* Tue Jan 25 2022 Pavel Březina <pbrezina@redhat.com> - 2.6.3-1
|
||||
- Rebase to SSSD 2.6.3
|
||||
|
||||
* Tue Jan 04 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2.6.2-2
|
||||
- Fix IPA reply socket of selinux_child
|
||||
|
||||
* Thu Dec 23 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2.6.2-1
|
||||
- Rebase to SSSD 2.6.2
|
||||
|
||||
* Tue Nov 09 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.1-1
|
||||
- Rebase to SSSD 2.6.1
|
||||
|
||||
* Mon Nov 01 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.0-2
|
||||
- Add additional patches on top of 2.6.0
|
||||
- Fix KCM upgrade from older releases
|
||||
- Enable subid ranges
|
||||
|
||||
* Thu Oct 14 2021 Pavel Březina <pbrezina@redhat.com> - 2.6.0-1
|
||||
- Rebase to SSSD 2.6.0
|
||||
|
||||
* Mon Aug 16 2021 Pavel Březina <pbrezina@redhat.com> - 2.5.2-5
|
||||
- Fix CVE-2021-3621
|
||||
|
||||
* Mon Aug 09 2021 Pavel Březina <pbrezina@redhat.com> - 2.5.2-4
|
||||
- Disable running files provider by default
|
||||
- Support subid ranges managed by FreeIPA
|
||||
|
Loading…
Reference in New Issue
Block a user