%global servicename sssd
%define sssdstatedir %{_localstatedir}/lib/sss
%define dbpath %{sssdstatedir}/db
%global keytabdir %{sssdstatedir}/keytabs
%define pipepath %{sssdstatedir}/pipes
%define mcpath %{sssdstatedir}/mc
%define pubconfpath %{sssdstatedir}/pubconf
%global gpocachepath %{sssdstatedir}/gpo_cache
%global secdbpath %{sssdstatedir}/secrets
%global deskprofilepath %{sssdstatedir}/deskprofile
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python2_sitearch}/.*\.so$|%{python3_sitearch}/.*\.so$|%{_libdir}/%{name}/modules/libwbclient.so.*$
# Determine the location of the LDB modules directory
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
%global ldb_version 1.5.2
%define _disable_ld_no_undefined 1
Name: sssd
Version: 1.16.3
Release: %mkrel 3
Group: System/Libraries
Summary: System Security Services Daemon
License: GPLv3+
URL: https://pagure.io/SSSD/sssd/
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
Source1: sssd.conf
# Patches
Patch0001: 0001-man-sss_ssh_knownhostsproxy-fix-typo-pubkeys-pubkey.patch
Patch0002: 0002-krb5_locator-Make-debug-function-internal.patch
Patch0003: 0003-krb5_locator-Simplify-usage-of-macro-PLUGIN_DEBUG.patch
Patch0004: 0004-krb5_locator-Fix-typo-in-debug-message.patch
Patch0005: 0005-krb5_locator-Fix-formatting-of-the-variable-port.patch
Patch0006: 0006-krb5_locator-Use-format-string-checking-for-debug-fu.patch
Patch0007: 0007-PAM-Allow-to-configure-pam-services-for-Smartcards.patch
Patch0050: sssd-1.16.3-krb5-1.17.patch
Patch0051: sssd-1.16.3-fix-curl-ftbfs.patch
Patch0052: sssd-1.16.3-sss_ipa-no-selinux.patch
Patch0053: sssd-1.16-CVE-2019-3811.patch
Patch0054: sssd-1.16-mga-fix-error-implicit-declaration-of-function-ARRAY_SIZE.patch
### Downstream only patches ###
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tevent)
BuildRequires: pkgconfig(tdb)
BuildRequires: pkgconfig(ldb)
BuildRequires: pkgconfig(libnl-3.0)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(nss)
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(krb5) >= 1.10
BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(python3)
BuildRequires: pkgconfig(check)
BuildRequires: pkgconfig(dhash)
BuildRequires: pkgconfig(collection)
BuildRequires: pkgconfig(ini_config)
BuildRequires: pkgconfig(path_utils)
BuildRequires: pkgconfig(libselinux)
BuildRequires: pkgconfig(gdm-pam-extensions)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: ldb-utils
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: keyutils-devel
BuildRequires: libunistring-devel
BuildRequires: cifs-utils-devel
BuildRequires: samba-devel
BuildRequires: smbclient-devel
BuildRequires: samba-winbind
BuildRequires: pkgconfig(libnfsidmap)
BuildRequires: gettext-devel
BuildRequires: xsltproc
BuildRequires: libxml2
BuildRequires: xsltproc
BuildRequires: docbook-style-xsl
BuildRequires: docbook-dtd44-xml
BuildRequires: doxygen
BuildRequires: bind-utils
BuildRequires: http-parser-devel
BuildRequires: jansson-devel
BuildRequires: gnutls
BuildRequires: softhsm >= 2.1.0
BuildRequires: openssl
BuildRequires: openssh
Recommends: sssd-ad = %{version}-%{release}
Recommends: sssd-ipa = %{version}-%{release}
Recommends: sssd-krb5 = %{version}-%{release}
Recommends: sssd-ldap = %{version}-%{release}
Recommends: sssd-proxy = %{version}-%{release}
Recommends: sssd-dbus = %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
Recommends: sssd-dbus = %{version}-%{release}
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package common
Summary: Common files for the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-client = %{version}-%{release}
Requires: libsss_sudo = %{version}-%{release}
Requires: libsss_autofs = %{version}-%{release}
Recommends: sssd-nfs-idmap = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
%description common
Common files for the SSSD. The common package includes all the files needed
to run a particular back end, however, the back ends are packaged in separate
sub-packages such as sssd-ldap.
%package client
Summary: SSSD Client libraries for NSS and PAM
Group: System/Libraries
License: LGPLv3+
%description client
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
service.
%package -n libsss_sudo
Summary: A library to allow communication between SUDO and SSSD
Group: System/Libraries
License: LGPLv3+
%description -n libsss_sudo
A utility library to allow communication between SUDO and SSSD
%package -n libsss_autofs
Summary: A library to allow communication between Autofs and SSSD
Group: System/Libraries
License: LGPLv3+
%description -n libsss_autofs
A utility library to allow communication between Autofs and SSSD
%package tools
Summary: Userspace tools for use with the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
# required by sss_obfuscate
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
%description tools
Provides userspace tools for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other administrative tools:
* sss_debuglevel to change the debug level on the fly
* sss_seed which pre-creates a user entry for use in kickstarts
* sss_obfuscate for generating an obfuscated LDAP password
* sssctl -- an sssd status and control utility
%package -n python2-sssdconfig
Summary: SSSD and IPA configuration file manipulation classes and functions
Group: System/Libraries
License: GPLv3+
BuildArch: noarch
Provides: python-sssdconfig = %{version}-%{release}
Obsoletes: python-sssdconfig < 1.13.4-12
%description -n python2-sssdconfig
Provides python2 files for manipulation SSSD and IPA configuration files.
%package -n python3-sssdconfig
Summary: SSSD and IPA configuration file manipulation classes and functions
Group: System/Libraries
License: GPLv3+
BuildArch: noarch
%description -n python3-sssdconfig
Provides python3 files for manipulation SSSD and IPA configuration files.
%package -n python2-sss
Summary: Python2 bindings for sssd
Group: System/Libraries
License: LGPLv3+
Requires: sssd-common = %{version}-%{release}
Provides: python-sss = %{version}-%{release}
Obsoletes: python-sss < 1.13.4-12
%description -n python2-sss
Provides python2 module for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other useful python2 bindings:
* function for retrieving list of groups user belongs to.
* class for obfuscation of passwords
%package -n python3-sss
Summary: Python3 bindings for sssd
Group: System/Libraries
License: LGPLv3+
Requires: sssd-common = %{version}-%{release}
%description -n python3-sss
Provides python3 module for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other useful python3 bindings:
* function for retrieving list of groups user belongs to.
* class for obfuscation of passwords
%package -n python2-sss-murmur
Summary: Python2 bindings for murmur hash function
Group: System/Libraries
License: LGPLv3+
Provides: python-sss-murmur = %{version}-%{release}
Obsoletes: python-sss-murmur < 1.13.4-12
%description -n python2-sss-murmur
Provides python2 module for calculating the murmur hash version 3
%package -n python3-sss-murmur
Summary: Python3 bindings for murmur hash function
Group: System/Libraries
License: LGPLv3+
%description -n python3-sss-murmur
Provides python3 module for calculating the murmur hash version 3
%package ldap
Summary: The LDAP back end of the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch identity data
from and authenticate against an LDAP server.
%package krb5-common
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
Group: System/Libraries
License: GPLv3+
Requires: sasl-plug-gssapi
Requires: sssd-common = %{version}-%{release}
%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can use for
Kerberos user or host authentication.
%package krb5
Summary: The Kerberos authentication back end for the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
%description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.
%package common-pac
Summary: Common files needed for supporting PAC processing
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%description common-pac
Provides common files needed by SSSD providers such as IPA and Active Directory
for handling Kerberos PACs.
%package ipa
Summary: The IPA back end of the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libipa_hbac = %{version}-%{release}
Requires: bind-utils
Requires: sssd-common-pac = %{version}-%{release}
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity data
from and authenticate against an IPA server.
%package ad
Summary: The AD back end of the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
Requires: bind-utils
Recommends: adcli
Recommends: sssd-libwbclient = %{version}-%{release}
Recommends: sssd-winbind-idmap = %{version}-%{release}
%description ad
Provides the Active Directory back end that the SSSD can utilize to fetch
identity data from and authenticate against an Active Directory server.
%package proxy
Summary: The proxy back end of the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%description proxy
Provides the proxy back end which can be used to wrap an existing NSS and/or
PAM modules to leverage SSSD caching.
%package -n libsss_idmap
Summary: FreeIPA Idmap library
Group: System/Libraries
License: LGPLv3+
Conflicts: sssd-%{mklibname ipa_hbac 0} < 1.13.0
%description -n libsss_idmap
Utility library to convert SIDs to Unix uids and gids
%package -n libsss_idmap-devel
Summary: FreeIPA Idmap library
Group: Development/C
License: LGPLv3+
Requires: libsss_idmap = %{version}-%{release}
%description -n libsss_idmap-devel
Utility library to SIDs to Unix uids and gids
%package -n libipa_hbac
Summary: FreeIPA HBAC Evaluator library
Group: System/Libraries
License: LGPLv3+
Conflicts: sssd-%{mklibname ipa_hbac 0} < 1.13.0
%description -n libipa_hbac
Utility library to validate FreeIPA HBAC rules for authorization requests
%package -n libipa_hbac-devel
Summary: FreeIPA HBAC Evaluator library
Group: Development/C
License: LGPLv3+
Requires: libipa_hbac = %{version}-%{release}
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization requests
%package -n python2-libipa_hbac
Summary: Python2 bindings for the FreeIPA HBAC Evaluator library
Group: Development/Python
License: LGPLv3+
Requires: libipa_hbac = %{version}-%{release}
Provides: libipa_hbac-python = %{version}-%{release}
Obsoletes: libipa_hbac-python < 1.13.0
Provides: python-libipa_hbac = %{version}-%{release}
Obsoletes: python-libipa_hbac < 1.13.4-12
%description -n python2-libipa_hbac
The python2-libipa_hbac contains the bindings so that libipa_hbac can be
used by Python 2 applications.
%package -n python3-libipa_hbac
Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
Group: Development/Python
License: LGPLv3+
Requires: libipa_hbac = %{version}-%{release}
%description -n python3-libipa_hbac
The python3-libipa_hbac contains the bindings so that libipa_hbac can be
used by Python 3 applications.
%package -n libsss_nss_idmap
Summary: Library for SID based lookups
Group: System/Libraries
License: LGPLv3+
%description -n libsss_nss_idmap
Utility library for SID based lookups
%package -n libsss_nss_idmap-devel
Summary: Library for SID based lookups
Group: Development/C
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
%description -n libsss_nss_idmap-devel
Utility library for SID based lookups
%package -n python2-libsss_nss_idmap
Summary: Python2 bindings for libsss_nss_idmap
Group: Development/Python
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
Provides: libsss_nss_idmap-python = %{version}-%{release}
Obsoletes: libsss_nss_idmap-python < 1.13.0
Provides: python-libsss_nss_idmap = %{version}-%{release}
Obsoletes: python-libsss_nss_idmap < 1.13.4-12
%description -n python2-libsss_nss_idmap
The python2-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
be used by Python 2 applications.
%package -n python3-libsss_nss_idmap
Summary: Python3 bindings for libsss_nss_idmap
Group: Development/Python
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
%description -n python3-libsss_nss_idmap
The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
be used by Python 3 applications.
%package dbus
Summary: The D-Bus responder of the SSSD
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%description dbus
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
the information from the SSSD to be transmitted over the system bus.
%package -n libsss_simpleifp
Summary: The SSSD D-Bus responder helper library
Group: System/Libraries
License: GPLv3+
Requires: sssd-dbus = %{version}-%{release}
%description -n libsss_simpleifp
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package -n libsss_simpleifp-devel
Summary: The SSSD D-Bus responder helper library
Group: Development/C
License: GPLv3+
Requires: dbus-devel
Requires: libsss_simpleifp = %{version}-%{release}
%description -n libsss_simpleifp-devel
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package libwbclient
Summary: The SSSD libwbclient implementation
Group: System/Libraries
License: GPLv3+ and LGPLv3+
%description libwbclient
The SSSD libwbclient implementation.
%package libwbclient-devel
Summary: Development libraries for the SSSD libwbclient implementation
Group: Development/C
License: GPLv3+ and LGPLv3+
Requires: sssd-libwbclient = %{version}-%{release}
%description libwbclient-devel
Development libraries for the SSSD libwbclient implementation.
%package winbind-idmap
Summary: SSSD's idmap_sss Backend for Winbind
Group: System/Libraries
License: GPLv3+ and LGPLv3+
%description winbind-idmap
The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
and SIDs.
%package nfs-idmap
Summary: SSSD plug-in for NFSv4 rpc.idmapd
Group: System/Libraries
License: GPLv3+
%description nfs-idmap
The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map
UIDs/GIDs to names and vice versa. It can be also used for mapping principal
(user) name to IDs(UID or GID) or to obtain groups which user are member of.
%package -n libsss_certmap
Summary: SSSD Certficate Mapping Library
Group: System/Libraries
License: LGPLv3+
Conflicts: sssd-common < %{version}-%{release}
%description -n libsss_certmap
Library to map certificates to users based on rules
%package -n libsss_certmap-devel
Summary: SSSD Certficate Mapping Library
Group: Development/C
License: LGPLv3+
Requires: libsss_certmap = %{version}-%{release}
%description -n libsss_certmap-devel
Library to map certificates to users based on rules
%package kcm
Summary: An implementation of a Kerberos KCM server
Group: System/Libraries
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%description kcm
An implementation of a Kerberos KCM server. Use this package if you want to
use the KCM: Kerberos credentials cache.
%prep
%setup -q
%autopatch -p1
%build
autoreconf -ivf
%configure2_5x \
--with-test-dir=/dev/shm \
--with-db-path=%{dbpath} \
--with-mcache-path=%{mcpath} \
--with-pipe-path=%{pipepath} \
--with-pubconf-path=%{pubconfpath} \
--with-gpo-cache-path=%{gpocachepath} \
--with-init-dir=%{_initrddir} \
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
--enable-nsslibdir=/%{_libdir} \
--enable-pammoddir=/%{_libdir}/security \
--enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
--disable-static \
--disable-rpath \
--with-initscript=systemd \
--with-syslog=journald \
--with-crypto=libcrypto \
--enable-sss-default-nss-plugin \
--enable-files-domain \
--without-semanage \
--with-smb-idmap-interface-version=6
%make_build all docs
%check
export CK_TIMEOUT_MULTIPLIER=10
%make_build check VERBOSE=yes
unset CK_TIMEOUT_MULTIPLIER
%install
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
%make_install
# Prepare language files
%find_lang sssd
# Copy default logrotate file
install -D -m 644 src/examples/logrotate \
%{buildroot}%{_sysconfdir}/logrotate.d/sssd
# Make sure SSSD is able to run on read-only root
install -D -m 644 src/examples/rwtab %{buildroot}%{_sysconfdir}/rwtab.d/sssd
# Kerberos KCM credential cache by default
mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d
cp %{buildroot}%{_datadir}/sssd-kcm/kcm_default_ccache \
%{buildroot}%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
# Create directory for cifs-idmap alternative
# Otherwise this directory could not be owned by sssd-client
mkdir -p %{buildroot}/%{_sysconfdir}/cifs-utils
# Remove .la files created by libtool
find %{buildroot} -name "*.la" -delete
# Suppress developer-only documentation
rm -rf %{buildroot}%{_docdir}/%{name}
# Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd*.lang file
for file in `ls %{buildroot}%{python2_sitelib}/*.egg-info 2> /dev/null`
do
echo %{python2_sitelib}/`basename $file` >> python2_sssdconfig.lang
done
for file in `ls %{buildroot}%{python3_sitelib}/*.egg-info 2> /dev/null`
do
echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
done
for man in `find %{buildroot}%{_mandir}/??/man?/ -type f | sed -e "s#%{buildroot}%{_mandir}/##"`; do
lang=`echo $man | cut -c 1-2`
case `basename $man` in
sss_cache*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
;;
sss_ssh*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
;;
sss_rpcidmapd*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang
;;
sss_*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
;;
sssctl*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
;;
sssd_krb5_*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
;;
pam_sss*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
;;
sssd-ldap*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
;;
sssd-krb5*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
;;
sssd-ipa*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
;;
sssd-ad*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
;;
sssd-proxy*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
;;
sssd-ifp*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
;;
sssd-kcm*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang
;;
idmap_sss*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang
;;
sss-certmap*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang
;;
*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
;;
esac
done
%post common
%_post_service %{name}
%preun common
%_preun_service %{name}
%files
%license COPYING
%files common -f sssd.lang
%license COPYING
%doc src/examples/sssd-example.conf
%{_sbindir}/sssd
%{_unitdir}/sssd.service
%{_unitdir}/sssd-autofs.socket
%{_unitdir}/sssd-autofs.service
%{_unitdir}/sssd-nss.socket
%{_unitdir}/sssd-nss.service
%{_unitdir}/sssd-pac.socket
%{_unitdir}/sssd-pac.service
%{_unitdir}/sssd-pam.socket
%{_unitdir}/sssd-pam-priv.socket
%{_unitdir}/sssd-pam.service
%{_unitdir}/sssd-ssh.socket
%{_unitdir}/sssd-ssh.service
%{_unitdir}/sssd-sudo.socket
%{_unitdir}/sssd-sudo.service
%{_unitdir}/sssd-secrets.socket
%{_unitdir}/sssd-secrets.service
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/sssd_be
%{_libexecdir}/%{name}/sssd_nss
%{_libexecdir}/%{name}/sssd_pam
%{_libexecdir}/%{name}/sssd_autofs
%{_libexecdir}/%{servicename}/sssd_secrets
%{_libexecdir}/%{name}/sssd_ssh
%{_libexecdir}/%{name}/sssd_sudo
%{_libexecdir}/%{name}/p11_child
%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
%dir %{_libdir}/%{name}
# The files provider is intentionally packaged in -common
%{_libdir}/%{name}/libsss_files.so
%{_libdir}/%{name}/libsss_simple.so
#Internal shared libraries
%{_libdir}/%{name}/libsss_child.so
%{_libdir}/%{name}/libsss_crypt.so
%{_libdir}/%{name}/libsss_cert.so
%{_libdir}/%{name}/libsss_debug.so
%{_libdir}/%{name}/libsss_krb5_common.so
%{_libdir}/%{name}/libsss_ldap_common.so
%{_libdir}/%{name}/libsss_util.so
%{_libdir}/%{name}/libsss_semanage.so
%{ldb_modulesdir}/memberof.so
%{_bindir}/sss_ssh_authorizedkeys
%{_bindir}/sss_ssh_knownhostsproxy
%{_sbindir}/sss_cache
%{_libexecdir}/%{servicename}/sss_signal
%dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
%attr(700,root,root) %dir %{dbpath}
%attr(755,root,root) %dir %{mcpath}
%attr(700,root,root) %dir %{secdbpath}
%attr(751,root,root) %dir %{deskprofilepath}
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/passwd
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/initgroups
%attr(755,root,root) %dir %{pipepath}
%attr(755,root,root) %dir %{pipepath}/private
%attr(755,root,root) %dir %{pubconfpath}
%attr(755,root,root) %dir %{gpocachepath}
%attr(750,root,root) %dir %{_var}/log/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/sssd
%attr(711,root,root) %dir %{_sysconfdir}/sssd/conf.d
%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
%dir %{_datadir}/sssd
%{_sysconfdir}/pam.d/sssd-shadowutils
%dir %{_libdir}/%{name}/conf
%{_libdir}/%{name}/conf/sssd.conf
%{_datadir}/sssd/cfg_rules.ini
%{_datadir}/sssd/sssd.api.conf
%{_datadir}/sssd/sssd.api.d
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
%{_mandir}/man5/sssd.conf.5*
%{_mandir}/man5/sssd-files.5*
%{_mandir}/man5/sssd-simple.5*
%{_mandir}/man5/sssd-sudo.5*
%{_mandir}/man5/sssd-session-recording.5*
%{_mandir}/man5/sssd-secrets.5*
%{_mandir}/man8/sssd.8*
%{_mandir}/man8/sss_cache.8*
%files ldap -f sssd_ldap.lang
%license COPYING
%{_libdir}/%{name}/libsss_ldap.so
%{_mandir}/man5/sssd-ldap.5*
%files krb5-common
%license COPYING
%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
%{_libexecdir}/%{servicename}/ldap_child
%{_libexecdir}/%{servicename}/krb5_child
%files krb5 -f sssd_krb5.lang
%license COPYING
%{_libdir}/%{name}/libsss_krb5.so
%{_mandir}/man5/sssd-krb5.5*
%files common-pac
%license COPYING
%{_libexecdir}/%{servicename}/sssd_pac
%files ipa -f sssd_ipa.lang
%license COPYING
%attr(700,root,root) %dir %{keytabdir}
%{_libdir}/%{name}/libsss_ipa.so
#%%{_libexecdir}/%%{servicename}/selinux_child
%{_mandir}/man5/sssd-ipa.5*
%files ad -f sssd_ad.lang
%license COPYING
%{_libdir}/%{name}/libsss_ad.so
%{_libexecdir}/%{servicename}/gpo_child
%{_mandir}/man5/sssd-ad.5*
%files proxy
%license COPYING
%{_libexecdir}/%{servicename}/proxy_child
%{_libdir}/%{name}/libsss_proxy.so
%files dbus -f sssd_dbus.lang
%license COPYING
%{_libexecdir}/%{servicename}/sssd_ifp
%{_mandir}/man5/sssd-ifp.5*
%{_unitdir}/sssd-ifp.service
# InfoPipe DBus plumbing
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
%files -n libsss_simpleifp
%{_libdir}/libsss_simpleifp.so.*
%files -n libsss_simpleifp-devel
%doc sss_simpleifp_doc/html
%{_includedir}/sss_sifp.h
%{_includedir}/sss_sifp_dbus.h
%{_libdir}/libsss_simpleifp.so
%{_libdir}/pkgconfig/sss_simpleifp.pc
%files client -f sssd_client.lang
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
/%{_libdir}/libnss_sss.so.2
/%{_libdir}/security/pam_sss.so
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
%dir %{_libdir}/cifs-utils
%{_libdir}/cifs-utils/cifs_idmap_sss.so
%dir %{_sysconfdir}/cifs-utils
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/modules
%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
%{_mandir}/man8/pam_sss.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%files -n libsss_sudo
%license src/sss_client/COPYING
%{_libdir}/libsss_sudo.so*
%files -n libsss_autofs
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%dir %{_libdir}/%{name}/modules
%{_libdir}/%{name}/modules/libsss_autofs.so
%files tools -f sssd_tools.lang
%license COPYING
%{_sbindir}/sss_useradd
%{_sbindir}/sss_userdel
%{_sbindir}/sss_usermod
%{_sbindir}/sss_groupadd
%{_sbindir}/sss_groupdel
%{_sbindir}/sss_groupmod
%{_sbindir}/sss_groupshow
%{_sbindir}/sss_obfuscate
%{_sbindir}/sss_override
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed
%{_sbindir}/sssctl
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
%{_mandir}/man8/sss_groupshow.8*
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_override.8*
%{_mandir}/man8/sss_debuglevel.8*
%{_mandir}/man8/sss_seed.8*
%{_mandir}/man8/sssctl.8*
%files -n python2-sssdconfig -f python2_sssdconfig.lang
%dir %{python2_sitelib}/SSSDConfig
%{python2_sitelib}/SSSDConfig/*.py*
%files -n python3-sssdconfig -f python3_sssdconfig.lang
%dir %{python3_sitelib}/SSSDConfig
%{python3_sitelib}/SSSDConfig/*.py*
%dir %{python3_sitelib}/SSSDConfig/__pycache__
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
%files -n python2-sss
%{python2_sitearch}/pysss.so
%files -n python3-sss
%{python3_sitearch}/pysss.so
%files -n python2-sss-murmur
%{python2_sitearch}/pysss_murmur.so
%files -n python3-sss-murmur
%{python3_sitearch}/pysss_murmur.so
%files -n libsss_idmap
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_idmap.so.*
%files -n libsss_idmap-devel
%doc idmap_doc/html
%{_includedir}/sss_idmap.h
%{_libdir}/libsss_idmap.so
%{_libdir}/pkgconfig/sss_idmap.pc
%files -n libipa_hbac
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libipa_hbac.so.*
%files -n libipa_hbac-devel
%doc hbac_doc/html
%{_includedir}/ipa_hbac.h
%{_libdir}/libipa_hbac.so
%{_libdir}/pkgconfig/ipa_hbac.pc
%files -n libsss_nss_idmap
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_nss_idmap.so.*
%files -n libsss_nss_idmap-devel
%doc nss_idmap_doc/html
%{_includedir}/sss_nss_idmap.h
%{_libdir}/libsss_nss_idmap.so
%{_libdir}/pkgconfig/sss_nss_idmap.pc
%files -n python2-libsss_nss_idmap
%{python2_sitearch}/pysss_nss_idmap.so
%files -n python3-libsss_nss_idmap
%{python3_sitearch}/pysss_nss_idmap.so
%files -n python2-libipa_hbac
%{python2_sitearch}/pyhbac.so
%files -n python3-libipa_hbac
%{python3_sitearch}/pyhbac.so
%files libwbclient
%dir %{_libdir}/%{name}
%dir %{_libdir}/%{name}/modules
%{_libdir}/%{name}/modules/libwbclient.so.*
%files libwbclient-devel
%{_includedir}/wbclient_sssd.h
%{_libdir}/%{name}/modules/libwbclient.so
%{_libdir}/pkgconfig/wbclient_sssd.pc
%files winbind-idmap -f sssd_winbind_idmap.lang
%dir %{_libdir}/samba/idmap
%{_libdir}/samba/idmap/sss.so
%{_mandir}/man8/idmap_sss.8*
%files nfs-idmap -f sssd_nfs_idmap.lang
%{_mandir}/man5/sss_rpcidmapd.5*
%{_libdir}/libnfsidmap/sss.so
%files -n libsss_certmap -f libsss_certmap.lang
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_certmap.so.*
%{_mandir}/man5/sss-certmap.5*
%files -n libsss_certmap-devel
%doc certmap_doc/html
%{_includedir}/sss_certmap.h
%{_libdir}/libsss_certmap.so
%{_libdir}/pkgconfig/sss_certmap.pc
%files kcm -f sssd_kcm.lang
%{_libexecdir}/%{servicename}/sssd_kcm
%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
%dir %{_datadir}/sssd-kcm
%{_datadir}/sssd-kcm/kcm_default_ccache
%{_unitdir}/sssd-kcm.socket
%{_unitdir}/sssd-kcm.service
%{_mandir}/man8/sssd-kcm.8*
%changelog
* Mon Mar 25 2019 ns80 <ns80> 1.16.3-3.mga7
+ Revision: 1380119
- add patch fix-error-implicit-declaration-of-function-ARRAY_SIZE
- add upstream patch for CVE-2019-3811 (mga#24513)
* Sat Mar 09 2019 luigiwalser <luigiwalser> 1.16.3-2.mga7
+ Revision: 1373000
- rebuild for ldb
* Tue Jan 22 2019 luigiwalser <luigiwalser> 1.16.3-1.mga7
+ Revision: 1359110
- 1.16.3
- resync patches with fedora
* Sun Jan 20 2019 luigiwalser <luigiwalser> 1.13.4-19.mga7
+ Revision: 1358451
- fix build with krb5 1.17
- rebuild for ldb
* Tue Jan 08 2019 daviddavid <daviddavid> 1.13.4-18.mga7
+ Revision: 1352836
- rebuild for new Python 3.7
* Mon Dec 31 2018 luigiwalser <luigiwalser> 1.13.4-17.mga7
+ Revision: 1347610
- rebuild for ldb 1.4.3
- update URLs
* Sat Oct 27 2018 bcornec <bcornec> 1.13.4-16.mga7
+ Revision: 1326195
- rebuild for ldb 1.4.2
* Sun Sep 23 2018 umeabot <umeabot> 1.13.4-15.mga7
+ Revision: 1301180
- Mageia 7 Mass Rebuild
* Mon Aug 13 2018 daviddavid <daviddavid> 1.13.4-14.mga7
+ Revision: 1251287
- add upstream patch to fix CVE-2018-10852 (mga#23381)
* Sun May 06 2018 daviddavid <daviddavid> 1.13.4-13.mga7
+ Revision: 1226657
- add patch to fix format not a string literal error
* Tue Feb 20 2018 daviddavid <daviddavid> 1.13.4-12.mga7
+ Revision: 1203467
- add upstream patch to allow building with krb5 1.16
- rename all python-xxx packages to python2-xxx
* Fri Nov 10 2017 luigiwalser <luigiwalser> 1.13.4-11.mga7
+ Revision: 1176848
- add patches from opensuse to fix CVE-2017-12173 and other bugs
* Sat Aug 05 2017 pterjan <pterjan> 1.13.4-10.mga7
+ Revision: 1135718
- Rebuild for python 3.6
* Fri Feb 24 2017 luigiwalser <luigiwalser> 1.13.4-9.mga6
+ Revision: 1087558
- disable internal config-lib to avoid augeas dependency
- push some packaging fixes from Guillaume
* Sun Feb 19 2017 luigiwalser <luigiwalser> 1.13.4-8.mga6
+ Revision: 1086925
- add upstream patch to allow building with krb5 1.15
* Thu Dec 08 2016 luigiwalser <luigiwalser> 1.13.4-7.mga6
+ Revision: 1073378
- rebuild for ldb
* Thu Aug 11 2016 luigiwalser <luigiwalser> 1.13.4-6.mga6
+ Revision: 1045939
- rebuild for updated ldb
* Thu Aug 11 2016 luigiwalser <luigiwalser> 1.13.4-5.mga6
+ Revision: 1045522
- add more upstream patches via fedora
* Mon Aug 08 2016 luigiwalser <luigiwalser> 1.13.4-4.mga6
+ Revision: 1044976
- add conflicts to fix upgrade from mga5
* Fri Jul 29 2016 luigiwalser <luigiwalser> 1.13.4-3.mga6
+ Revision: 1043879
- use recommends to pull in needed subpackages to not break on upgrade from mga5
* Fri Jul 29 2016 luigiwalser <luigiwalser> 1.13.4-2.mga6
+ Revision: 1043875
- fix requires
* Mon May 09 2016 luigiwalser <luigiwalser> 1.13.4-1.mga6
+ Revision: 1011570
- 1.13.4
- remove upstreamed patches
- add two upstream patches via fedora
* Fri Mar 04 2016 luigiwalser <luigiwalser> 1.13.3-3.mga6
+ Revision: 985752
- fix sasl-plug-gssapi requires
* Tue Feb 23 2016 guillomovitch <guillomovitch> 1.13.3-2.mga6
+ Revision: 977407
- bump release
- new version 1.13.3
* Wed Feb 17 2016 umeabot <umeabot> 1.9.7-6.mga6
+ Revision: 962930
- Mageia 6 Mass Rebuild
* Thu Nov 05 2015 luigiwalser <luigiwalser> 1.9.7-5.mga6
+ Revision: 897972
- disable semanage support
- start sssd after time-sync so that kerberos will work
* Tue Oct 20 2015 danf <danf> 1.9.7-4.mga6
+ Revision: 892994
- Added installsh.patch to fix missing install-sh build error
* Sun Mar 15 2015 tmb <tmb> 1.9.7-3.mga5
+ Revision: 818635
- rebuild for missing signatures
* Thu Mar 12 2015 luigiwalser <luigiwalser> 1.9.7-2.mga5
+ Revision: 818469
- remove f18 changes of krb5 ccache location, does not work reliably
* Fri Dec 26 2014 luigiwalser <luigiwalser> 1.9.7-1.mga5
+ Revision: 806067
- 1.9.7
- backport libnl3 support from 1.10 and build with libnl3
* Wed Oct 15 2014 umeabot <umeabot> 1.9.6-4.mga5
+ Revision: 744245
- Second Mageia 5 Mass Rebuild
* Sat Sep 27 2014 tv <tv> 1.9.6-3.mga5
+ Revision: 730256
- rebuild for missing pythoneggs deps
* Tue Sep 16 2014 umeabot <umeabot> 1.9.6-2.mga5
+ Revision: 689332
- Mageia 5 Mass Rebuild
* Sun Aug 17 2014 luigiwalser <luigiwalser> 1.9.6-1.mga5
+ Revision: 664526
- 1.9.6
* Sat Jul 19 2014 daviddavid <daviddavid> 1.9.5-6.mga5
+ Revision: 653727
- rebuild for new libini_config.so.5 (pkg ding-libs)
+ pterjan <pterjan>
- Rebuild for new Python
* Tue Oct 22 2013 umeabot <umeabot> 1.9.5-4.mga4
+ Revision: 544672
- Mageia 4 Mass Rebuild
* Tue Oct 15 2013 pterjan <pterjan> 1.9.5-3.mga4
+ Revision: 499893
- Rebuild to add different pythonegg provides for python 2 and 3
* Sun Aug 25 2013 luigiwalser <luigiwalser> 1.9.5-2.mga4
+ Revision: 471535
- re-add ccache location patch from fedora (not upstreamed)
* Sun Aug 25 2013 luigiwalser <luigiwalser> 1.9.5-1.mga4
+ Revision: 471529
- 1.9.5
- remove upstreamed patches
* Wed Mar 20 2013 luigiwalser <luigiwalser> 1.9.4-2.mga3
+ Revision: 404186
- add upstream patches to fix CVE-2013-0287
* Fri Feb 15 2013 luigiwalser <luigiwalser> 1.9.4-1.mga3
+ Revision: 398567
- BR gettext-devel for autoreconf
- 1.9.4
- add patches from fedora to fix build and other issues
+ umeabot <umeabot>
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild
* Mon Dec 31 2012 guillomovitch <guillomovitch> 1.9.3-1.mga3
+ Revision: 336684
- new version
* Sat Dec 01 2012 fwang <fwang> 1.7.0-2.mga3
+ Revision: 323909
- br selinux
* Tue Mar 20 2012 tmb <tmb> 1.7.0-2.mga2
+ Revision: 225041
- rebuild against libnl3
* Thu Jan 26 2012 nanardon <nanardon> 1.7.0-1.mga2
+ Revision: 201914
- disable test (don't pass on bs)
- 1.7.0
+ dmorgan <dmorgan>
- imported package sssd
* Tue Feb 01 2011 Guillaume Rousse <guillomovitch@mandriva.org> 1.5.1-1mdv2011.0
+ Revision: 634648
- new version
* Fri Dec 31 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.5.0-3mdv2011.0
+ Revision: 626831
- more dependencies fix
* Thu Dec 30 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.5.0-2mdv2011.0
+ Revision: 626422
- fix post/postun scripts
- drop explicit dependencies
* Tue Dec 28 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.5.0-1mdv2011.0
+ Revision: 625516
- new version
* Fri Nov 05 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.4.1-1mdv2011.0
+ Revision: 593703
- update to new version 1.4.1
* Wed Nov 03 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.4.0-2mdv2011.0
+ Revision: 592981
- new version
+ Michael Scherer <misc@mandriva.org>
- fix build on 2.7
- rebuild for python 2.7
* Sun Aug 08 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.3.0-1mdv2011.0
+ Revision: 567789
- new version
- import sssd
