2 # - pac-responder (currently relies on MIT krb5 >= 1.9)
3 # - fix stripping before rpm:
4 # *** WARNING: no sources found for /usr/lib64/libipa_hbac.so.0.0.0 (stripped without sourcefile information?)
5 %define ldb_version 1.1.0
6 Summary: System Security Services Daemon
7 Summary(pl.UTF-8): System Security Services Daemon - demon usług bezpieczeństwa systemu
12 Group: Applications/System
13 Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
14 # Source0-md5: e4684e81171a8799fe4839b697c7e740
16 Patch0: %{name}-python-config.patch
17 Patch1: %{name}-heimdal.patch
18 Patch2: %{name}-systemd.patch
19 URL: https://fedorahosted.org/sssd/
20 BuildRequires: autoconf >= 2.59
21 BuildRequires: automake
23 BuildRequires: bind-utils
24 BuildRequires: c-ares-devel
25 BuildRequires: check-devel >= 0.9.5
26 BuildRequires: cmocka-devel
27 BuildRequires: cyrus-sasl-devel >= 2
28 BuildRequires: dbus-devel >= 1.0.0
29 BuildRequires: docbook-dtd44-xml
30 BuildRequires: docbook-style-xsl
31 BuildRequires: doxygen
32 BuildRequires: gettext-devel >= 0.14
33 BuildRequires: glib2-devel >= 2.0
34 BuildRequires: heimdal-devel
35 BuildRequires: keyutils-devel
36 BuildRequires: libcollection-devel >= 0.5.1
37 BuildRequires: libdhash-devel >= 0.4.2
38 BuildRequires: libini_config-devel >= 1.0.0
39 BuildRequires: ldb-devel >= %{ldb_version}
40 BuildRequires: libnl-devel >= 3.2
41 BuildRequires: libselinux-devel
42 BuildRequires: libsemanage-devel
43 BuildRequires: libtool
44 BuildRequires: libxml2-progs
45 BuildRequires: libxslt-progs
47 BuildRequires: nspr-devel
48 BuildRequires: nss-devel
49 BuildRequires: openldap-devel
50 BuildRequires: pam-devel
51 BuildRequires: pcre-devel >= 7
53 BuildRequires: popt-devel
54 BuildRequires: python-devel >= 2.4
55 BuildRequires: rpmbuild(macros) >= 1.228
57 BuildRequires: samba-devel >= 4
58 BuildRequires: systemd-units
59 BuildRequires: talloc-devel
60 BuildRequires: tdb-devel >= 1.1.3
61 BuildRequires: tevent-devel
62 Requires(post): /sbin/ldconfig
63 Requires(post,preun): /sbin/chkconfig
64 Requires: %{name}-client = %{version}-%{release}
65 Requires: cyrus-sasl-gssapi
66 Requires: ldb >= %{ldb_version}
67 Requires: libsss_idmap = %{version}-%{release}
68 Requires: rc-scripts >= 0.4.0.10
69 Requires: tdb >= 1.1.3
70 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
72 %define sssdstatedir %{_localstatedir}/lib/sss
73 %define dbpath %{sssdstatedir}/db
74 %define pipepath %{sssdstatedir}/pipes
75 %define pubconfpath %{sssdstatedir}/pubconf
77 # Determine the location of the LDB modules directory
78 %define ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
81 Provides a set of daemons to manage access to remote directories and
82 authentication mechanisms. It provides an NSS and PAM interface toward
83 the system and a pluggable backend system to connect to multiple
84 different account sources. It is also the basis to provide client
85 auditing and policy services for projects like FreeIPA.
87 %description -l pl.UTF-8
88 Ten pakiet dostarcza zbiór demonów do zarządzania dostępem do zdalnych
89 katalogów i mechanizmów uwierzytelniania. Udostępnia interfejsy NSS i
90 PAM dla systemu oraz system backendu z wtyczkami w celu łączenia się z
91 wieloma różnymi źródłami kont. Jest także podstawą zapewniającą audyt
92 klientów oraz usługi polityk dla projektów takich jak FreeIPA.
95 Summary: SSSD Client libraries for NSS and PAM
96 Summary(pl.UTF-8): Biblioteki klienckie SSSD dla NSS i PAM
98 Group: Applications/System
101 Provides the libraries needed by the PAM and NSS stacks to connect to
104 %description client -l pl.UTF-8
105 Ten pakiet dostarcza biblioteki wymagane przez stosy PAM i NSS w celu
106 łączenia się z usługą SSSD.
109 Summary: Userspace tools for use with the SSSD
110 Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do używania z SSSD
112 Group: Applications/System
113 Requires: %{name} = %{version}-%{release}
116 Provides userspace tools for manipulating users, groups, and nested
117 groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf.
119 Also provides several other administrative tools:
120 - sss_debuglevel to change the debug level on the fly,
121 - sss_seed which pre-creates a user entry for use in kickstarts,
122 - sss_obfuscate for generating an obfuscated LDAP password.
124 %description tools -l pl.UTF-8
125 Ten pakiet dostarcza narzędzia przestrzeni poleceń do operowania na
126 użytkownikach, grupach oraz zagnieżdżonych grupach w SSSD w przypadku
127 używania id_provider = local w /etc/sssd/sssd.conf.
129 Pakiet zawiera także kilka innych narzędzi administracyjnych:
130 - sss_debuglevel do zmiany poziomu diagnostyki w locie,
131 - sss_seed tworzący wpis użytkownika do szybkiego rozruchu,
132 - sss_obfuscate do generowania utajnionego hasła LDAP.
134 %package -n libipa_hbac
135 Summary: FreeIPA HBAC Evaluator library
136 Summary(pl.UTF-8): Biblioteka oceniająca FreeIPA HBAC
140 %description -n libipa_hbac
141 Utility library to validate FreeIPA HBAC rules for authorization
144 %description -n libipa_hbac
145 Biblioteka narzędziowa do sprawdzania poprawności reguł FreeIPA HBAC
146 dla żądań autoryzacji.
148 %package -n libipa_hbac-devel
149 Summary: Development files for FreeIPA HBAC Evaluator library
150 Summary(pl.UTF-8): Pliki programistyczne biblioteki oceniająca FreeIPA HBAC
152 Group: Development/Libraries
153 Requires: libipa_hbac = %{version}-%{release}
155 %description -n libipa_hbac-devel
156 Development files for FreeIPA HBAC Evaluator library.
158 %description -n libipa_hbac-devel -l pl.UTF-8
159 Pliki programistyczne biblioteki oceniająca FreeIPA HBAC.
161 %package -n python-libipa_hbac
162 Summary: Python bindings for the FreeIPA HBAC Evaluator library
163 Summary(pl.UTF-8): Wiązania Pythona do biblioteki oceniającej FreeIPA HBAC
165 Group: Libraries/Python
166 Requires: libipa_hbac = %{version}-%{release}
167 Obsoletes: libipa_hbac-python
169 %description -n python-libipa_hbac
170 This package contains the bindings so that libipa_hbac can be used by
173 %description -n python-libipa_hbac -l pl.UTF-8
174 Ten pakiet zawiera wiązania pozwalające na używanie libipa_hbac w
177 %package -n libsss_idmap
178 Summary: FreeIPA Idmap library
179 Summary(pl.UTF-8): Biblioteka FreeIPA Idmap
183 %description -n libsss_idmap
184 Utility library to convert SIDs to Unix uids and gids.
186 %description -n libsss_idmap -l pl.UTF-8
187 Biblioteka narzędziowa konwertująca SID-y na uniksowe uidy i gidy.
189 %package -n libsss_idmap-devel
190 Summary: Development files for FreeIPA Idmap library
191 Summary(pl.UTF-8): Pliki programistyczne biblioteki FreeIPA Idmap
192 Group: Development/Libraries
194 Requires: libsss_idmap = %{version}-%{release}
196 %description -n libsss_idmap-devel
197 Development files for FreeIPA Idmap library.
199 %description -n libsss_idmap-devel -l pl.UTF-8
200 Pliki programistyczne biblioteki FreeIPA Idmap.
202 %package -n libsss_nss_idmap
203 Summary: Library for SID based lookups
204 Summary(pl.UTF-8): Biblioteka do wyszukiwań w oparciu o SID
208 %description -n libsss_nss_idmap
209 Utility library for SID based lookups.
211 %description -n libsss_nss_idmap -l pl.UTF-8
212 Biblioteka do wyszukiwań w oparciu o SID.
214 %package -n libsss_nss_idmap-devel
215 Summary: Development files for sss_nss_idmap library
216 Summary(pl.UTF-8): Pliki programistyczne biblioteki sss_nss_idmap
217 Group: Development/Libraries
219 Requires: libsss_nss_idmap = %{version}-%{release}
221 %description -n libsss_nss_idmap-devel
222 Development files for sss_nss_idmap library.
224 %description -n libsss_nss_idmap-devel -l pl.UTF-8
225 Pliki programistyczne biblioteki sss_nss_idmap.
227 %package -n python-libsss_nss_idmap
228 Summary: Python bindings for libsss_nss_idmap
229 Summary(pl.UTF-8): Wiązania Pythona do biblioteki libsss_nss_idmap
230 Group: Libraries/Python
232 Requires: libsss_nss_idmap = %{version}-%{release}
234 %description -n python-libsss_nss_idmap
235 This package contains the bindings so that libsss_nss_idmap can be
236 used by Python applications.
238 %description -n python-libsss_nss_idmap -l pl.UTF-8
239 Ten pakiet zawiera wiązania umożliwiające korzystanie z biblioteki
240 libsss_nss_idmap w aplikacjach Pythona.
254 #CFLAGS="-Wno-deprecated-declarations"
256 NSCD=/usr/sbin/nscd \
257 --with-db-path=%{dbpath} \
258 --with-initscript=sysv,systemd \
259 --with-pipe-path=%{pipepath} \
260 --with-pubconf-path=%{pubconfpath} \
261 --with-init-dir=/etc/rc.d/init.d \
262 --enable-nsslibdir=/%{_lib} \
263 --enable-pammoddir=/%{_lib}/security \
265 --with-systemdunitdir=%{systemdunitdir} \
266 --with-test-dir=/dev/shm
271 export CK_TIMEOUT_MULTIPLIER=10
273 unset CK_TIMEOUT_MULTIPLIER
277 rm -rf $RPM_BUILD_ROOT
279 DESTDIR=$RPM_BUILD_ROOT
281 # Prepare language files
284 # Copy default sssd.conf file
285 install -d $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d
286 cp -p src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
288 # Copy default logrotate file
289 install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
290 cp -p src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
292 # Make sure SSSD is able to run on read-only root
293 install -d $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d
294 cp -p src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
296 %py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
297 %py_comp $RPM_BUILD_ROOT%{py_sitedir}
298 %py_ocomp $RPM_BUILD_ROOT%{py_sitescriptdir}
299 %py_comp $RPM_BUILD_ROOT%{py_sitescriptdir}
302 # Remove .la files created by libtool
304 $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
305 $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
306 $RPM_BUILD_ROOT%{ldb_modulesdir}/memberof.la \
307 $RPM_BUILD_ROOT%{_libdir}/krb5/plugins/libkrb5/sss*.la \
308 $RPM_BUILD_ROOT%{_libdir}/sssd/libsss_*.la \
309 $RPM_BUILD_ROOT%{_libdir}/sssd/modules/libsss_*.la \
310 $RPM_BUILD_ROOT%{_libdir}/lib*.la \
311 $RPM_BUILD_ROOT%{py_sitedir}/*.la
313 install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
315 echo '%%defattr(644,root,root,755)' > sssd_client.lang
316 echo '%%defattr(644,root,root,755)' > sssd_tools.lang
317 for man in $(find $RPM_BUILD_ROOT%{_mandir}/??/man? -type f | sed -e "s#$RPM_BUILD_ROOT%{_mandir}/##"); do
318 lang=$(echo $man | cut -c 1-2)
319 case $(basename $man) in
320 pam_sss.8|sssd_krb5_locator_plugin.8)
321 echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_client.lang
323 sss_debuglevel.8|sss_group*.8|sss_obfuscate.8|sss_seed.8|sss_user*.8)
324 echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_tools.lang
327 echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd.lang
333 rm -rf $RPM_BUILD_ROOT
337 /sbin/chkconfig --add %{name}
338 %service %{name} restart
341 if [ "$1" = "0" ]; then
342 %service -q %{name} stop
343 /sbin/chkconfig --del %{name}
346 %postun -p /sbin/ldconfig
348 %post client -p /sbin/ldconfig
349 %postun client -p /sbin/ldconfig
351 %post -n libipa_hbac -p /sbin/ldconfig
352 %postun -n libipa_hbac -p /sbin/ldconfig
354 %post -n libsss_idmap -p /sbin/ldconfig
355 %postun -n libsss_idmap -p /sbin/ldconfig
357 %post -n libsss_nss_idmap -p /sbin/ldconfig
358 %postun -n libsss_nss_idmap -p /sbin/ldconfig
361 %defattr(644,root,root,755)
362 %attr(755,root,root) %{_bindir}/sss_ssh_authorizedkeys
363 %attr(755,root,root) %{_bindir}/sss_ssh_knownhostsproxy
364 %attr(755,root,root) %{_sbindir}/sss_cache
365 %attr(755,root,root) %{_sbindir}/sssd
366 %attr(755,root,root) %{_libdir}/libsss_sudo.so
368 # internal shared libraries
369 %attr(755,root,root) %{_libdir}/sssd/libsss_child.so
370 %attr(755,root,root) %{_libdir}/sssd/libsss_crypt.so
371 %attr(755,root,root) %{_libdir}/sssd/libsss_debug.so
372 %attr(755,root,root) %{_libdir}/sssd/libsss_ldap_common.so
373 %attr(755,root,root) %{_libdir}/sssd/libsss_util.so
375 %attr(755,root,root) %{_libdir}/sssd/libsss_simple.so
376 %attr(755,root,root) %{_libdir}/sssd/libsss_ad.so
377 %attr(755,root,root) %{_libdir}/sssd/libsss_ipa.so
378 %attr(755,root,root) %{_libdir}/sssd/libsss_krb5.so
379 %attr(755,root,root) %{_libdir}/sssd/libsss_krb5_common.so
380 %attr(755,root,root) %{_libdir}/sssd/libsss_ldap.so
381 %attr(755,root,root) %{_libdir}/sssd/libsss_proxy.so
382 %dir %{_libdir}/sssd/modules
383 %attr(755,root,root) %{_libdir}/sssd/modules/libsss_autofs.so
384 %if "%{_libdir}" != "%{_libexecdir}"
385 %dir %{_libexecdir}/sssd
387 %attr(755,root,root) %{_libexecdir}/sssd/krb5_child
388 %attr(755,root,root) %{_libexecdir}/sssd/ldap_child
389 %attr(755,root,root) %{_libexecdir}/sssd/proxy_child
390 %attr(755,root,root) %{_libexecdir}/sssd/sssd_autofs
391 %attr(755,root,root) %{_libexecdir}/sssd/sssd_be
392 %attr(755,root,root) %{_libexecdir}/sssd/sssd_ifp
393 %attr(755,root,root) %{_libexecdir}/sssd/sssd_nss
394 %attr(755,root,root) %{_libexecdir}/sssd/sssd_pam
395 %attr(755,root,root) %{_libexecdir}/sssd/sssd_ssh
396 %attr(755,root,root) %{_libexecdir}/sssd/sssd_sudo
397 %dir %{_datadir}/sssd
398 %{_datadir}/sssd/sssd.api.conf
399 %dir %{_datadir}/sssd/sssd.api.d
400 %{_datadir}/sssd/sssd.api.d/sssd-ad.conf
401 %{_datadir}/sssd/sssd.api.d/sssd-ipa.conf
402 %{_datadir}/sssd/sssd.api.d/sssd-krb5.conf
403 %{_datadir}/sssd/sssd.api.d/sssd-ldap.conf
404 %{_datadir}/sssd/sssd.api.d/sssd-local.conf
405 %{_datadir}/sssd/sssd.api.d/sssd-proxy.conf
406 %{_datadir}/sssd/sssd.api.d/sssd-simple.conf
407 %attr(755,root,root) %{ldb_modulesdir}/memberof.so
409 %attr(700,root,root) %dir %{dbpath}
412 %attr(700,root,root) %dir %{pipepath}/private
413 %attr(750,root,root) %dir %{_var}/log/%{name}
414 %attr(700,root,root) %dir %{_sysconfdir}/sssd
415 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sssd/sssd.conf
416 %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/sssd
417 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rwtab.d/sssd
418 %attr(754,root,root) /etc/rc.d/init.d/sssd
419 %{systemdunitdir}/sssd.service
420 /etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
421 %{_mandir}/man1/sss_ssh_authorizedkeys.1*
422 %{_mandir}/man1/sss_ssh_knownhostsproxy.1*
423 %{_mandir}/man5/sssd.conf.5*
424 %{_mandir}/man5/sssd-ad.5*
425 %{_mandir}/man5/sssd-ifp.5*
426 %{_mandir}/man5/sssd-ipa.5*
427 %{_mandir}/man5/sssd-krb5.5*
428 %{_mandir}/man5/sssd-ldap.5*
429 %{_mandir}/man5/sssd-simple.5*
430 %{_mandir}/man5/sssd-sudo.5*
431 %{_mandir}/man8/sss_cache.8*
432 %{_mandir}/man8/sssd.8*
433 %attr(755,root,root) %{py_sitedir}/pysss.so
434 %attr(755,root,root) %{py_sitedir}/pysss_murmur.so
435 %dir %{py_sitescriptdir}/SSSDConfig
436 %{py_sitescriptdir}/SSSDConfig/*.py[co]
437 %{py_sitescriptdir}/SSSDConfig-%{version}-py*.egg-info
439 %files client -f sssd_client.lang
440 %defattr(644,root,root,755)
441 %attr(755,root,root) /%{_lib}/libnss_sss.so.2
442 %attr(755,root,root) /%{_lib}/security/pam_sss.so
443 # FIXME: is it proper path for heimdal? where to package parent dirs?
444 #%attr(755,root,root) %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
445 %{_mandir}/man8/pam_sss.8*
446 %{_mandir}/man8/sssd_krb5_locator_plugin.8*
448 %files tools -f sssd_tools.lang
449 %defattr(644,root,root,755)
450 %attr(755,root,root) %{_sbindir}/sss_debuglevel
451 %attr(755,root,root) %{_sbindir}/sss_groupadd
452 %attr(755,root,root) %{_sbindir}/sss_groupdel
453 %attr(755,root,root) %{_sbindir}/sss_groupmod
454 %attr(755,root,root) %{_sbindir}/sss_groupshow
455 %attr(755,root,root) %{_sbindir}/sss_obfuscate
456 %attr(755,root,root) %{_sbindir}/sss_seed
457 %attr(755,root,root) %{_sbindir}/sss_useradd
458 %attr(755,root,root) %{_sbindir}/sss_userdel
459 %attr(755,root,root) %{_sbindir}/sss_usermod
460 %{_mandir}/man8/sss_debuglevel.8*
461 %{_mandir}/man8/sss_groupadd.8*
462 %{_mandir}/man8/sss_groupdel.8*
463 %{_mandir}/man8/sss_groupmod.8*
464 %{_mandir}/man8/sss_groupshow.8*
465 %{_mandir}/man8/sss_obfuscate.8*
466 %{_mandir}/man8/sss_seed.8*
467 %{_mandir}/man8/sss_useradd.8*
468 %{_mandir}/man8/sss_userdel.8*
469 %{_mandir}/man8/sss_usermod.8*
471 %files -n libipa_hbac
472 %defattr(644,root,root,755)
473 %attr(755,root,root) %{_libdir}/libipa_hbac.so.*.*.*
474 %attr(755,root,root) %ghost %{_libdir}/libipa_hbac.so.0
476 %files -n libipa_hbac-devel
477 %defattr(644,root,root,755)
478 %attr(755,root,root) %{_libdir}/libipa_hbac.so
479 %{_includedir}/ipa_hbac.h
480 %{_pkgconfigdir}/ipa_hbac.pc
482 %files -n python-libipa_hbac
483 %defattr(644,root,root,755)
484 %attr(755,root,root) %{py_sitedir}/pyhbac.so
486 %files -n libsss_idmap
487 %defattr(644,root,root,755)
488 %attr(755,root,root) %{_libdir}/libsss_idmap.so.*.*.*
489 %attr(755,root,root) %ghost %{_libdir}/libsss_idmap.so.0
491 %files -n libsss_idmap-devel
492 %defattr(644,root,root,755)
493 %attr(755,root,root) %{_libdir}/libsss_idmap.so
494 %{_includedir}/sss_idmap.h
495 %{_pkgconfigdir}/sss_idmap.pc
497 %files -n libsss_nss_idmap
498 %defattr(644,root,root,755)
499 %attr(755,root,root) %{_libdir}/libsss_nss_idmap.so.*.*.*
500 %attr(755,root,root) %ghost %{_libdir}/libsss_nss_idmap.so.0
502 %files -n libsss_nss_idmap-devel
503 %defattr(644,root,root,755)
504 %attr(755,root,root) %{_libdir}/libsss_nss_idmap.so
505 %{_includedir}/sss_nss_idmap.h
506 %{_pkgconfigdir}/sss_nss_idmap.pc
508 %files -n python-libsss_nss_idmap
509 %defattr(644,root,root,755)
510 %attr(755,root,root) %{py_sitedir}/pysss_nss_idmap.so