[packages/sssd.git] / sssd.spec

# TODO
# - pac-responder (currently relies on MIT krb5 >= 1.9)
# - fix stripping before rpm:
#   *** WARNING: no sources found for /usr/lib64/libipa_hbac.so.0.0.0 (stripped without sourcefile information?)
%define		ldb_version 1.1.0
Summary:	System Security Services Daemon
Summary(pl.UTF-8):	System Security Services Daemon - demon usług bezpieczeństwa systemu
Name:		sssd
Version:	1.11.6
Release:	0.1
License:	GPL v3+
Group:		Applications/System
Source0:	https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
# Source0-md5:	e4684e81171a8799fe4839b697c7e740
Source1:	%{name}.init
Patch0:		%{name}-python-config.patch
Patch1:		%{name}-heimdal.patch
Patch2:		%{name}-systemd.patch
URL:		https://fedorahosted.org/sssd/
BuildRequires:	autoconf >= 2.59
BuildRequires:	automake
# nsupdate utility
BuildRequires:	bind-utils
BuildRequires:	c-ares-devel
BuildRequires:	check-devel >= 0.9.5
BuildRequires:	cmocka-devel
BuildRequires:	cyrus-sasl-devel >= 2
BuildRequires:	dbus-devel >= 1.0.0
BuildRequires:	docbook-dtd44-xml
BuildRequires:	docbook-style-xsl
BuildRequires:	doxygen
BuildRequires:	gettext-devel >= 0.14
BuildRequires:	glib2-devel >= 2.0
BuildRequires:	heimdal-devel
BuildRequires:	keyutils-devel
BuildRequires:	libcollection-devel >= 0.5.1
BuildRequires:	libdhash-devel >= 0.4.2
BuildRequires:	libini_config-devel >= 1.0.0
BuildRequires:	ldb-devel >= %{ldb_version}
BuildRequires:	libnl-devel >= 3.2
BuildRequires:	libselinux-devel
BuildRequires:	libsemanage-devel
BuildRequires:	libtool
BuildRequires:	libxml2-progs
BuildRequires:	libxslt-progs
BuildRequires:	m4
BuildRequires:	nspr-devel
BuildRequires:	nss-devel
BuildRequires:	openldap-devel
BuildRequires:	pam-devel
BuildRequires:	pcre-devel >= 7
BuildRequires:	po4a
BuildRequires:	popt-devel
BuildRequires:	python-devel >= 2.4
BuildRequires:	rpmbuild(macros) >= 1.228
# pkgconfig(ndr_nbt)
BuildRequires:	samba-devel >= 4
BuildRequires:	systemd-units
BuildRequires:	talloc-devel
BuildRequires:	tdb-devel >= 1.1.3
BuildRequires:	tevent-devel
Requires(post):	/sbin/ldconfig
Requires(post,preun):	/sbin/chkconfig
Requires:	%{name}-client = %{version}-%{release}
Requires:	cyrus-sasl-gssapi
Requires:	ldb >= %{ldb_version}
Requires:	libsss_idmap = %{version}-%{release}
Requires:	rc-scripts >= 0.4.0.10
Requires:	tdb >= 1.1.3
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		sssdstatedir		%{_localstatedir}/lib/sss
%define		dbpath			%{sssdstatedir}/db
%define		pipepath		%{sssdstatedir}/pipes
%define		pubconfpath		%{sssdstatedir}/pubconf

# Determine the location of the LDB modules directory
%define		ldb_modulesdir	%(pkg-config --variable=modulesdir ldb)

%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple
different account sources. It is also the basis to provide client
auditing and policy services for projects like FreeIPA.

%description -l pl.UTF-8
Ten pakiet dostarcza zbiór demonów do zarządzania dostępem do zdalnych
katalogów i mechanizmów uwierzytelniania. Udostępnia interfejsy NSS i
PAM dla systemu oraz system backendu z wtyczkami w celu łączenia się z
wieloma różnymi źródłami kont. Jest także podstawą zapewniającą audyt
klientów oraz usługi polityk dla projektów takich jak FreeIPA.

%package client
Summary:	SSSD Client libraries for NSS and PAM
Summary(pl.UTF-8):	Biblioteki klienckie SSSD dla NSS i PAM
License:	LGPL v3+
Group:		Applications/System

%description client
Provides the libraries needed by the PAM and NSS stacks to connect to
the SSSD service.

%description client -l pl.UTF-8
Ten pakiet dostarcza biblioteki wymagane przez stosy PAM i NSS w celu
łączenia się z usługą SSSD.

%package tools
Summary:	Userspace tools for use with the SSSD
Summary(pl.UTF-8):	Narzędzia przestrzeni użytkownika do używania z SSSD
License:	GPL v3+
Group:		Applications/System
Requires:	%{name} = %{version}-%{release}

%description tools
Provides userspace tools for manipulating users, groups, and nested
groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf.

Also provides several other administrative tools:
 - sss_debuglevel to change the debug level on the fly,
 - sss_seed which pre-creates a user entry for use in kickstarts,
 - sss_obfuscate for generating an obfuscated LDAP password.

%description tools -l pl.UTF-8
Ten pakiet dostarcza narzędzia przestrzeni poleceń do operowania na
użytkownikach, grupach oraz zagnieżdżonych grupach w SSSD w przypadku
używania id_provider = local w /etc/sssd/sssd.conf.

Pakiet zawiera także kilka innych narzędzi administracyjnych:
 - sss_debuglevel do zmiany poziomu diagnostyki w locie,
 - sss_seed tworzący wpis użytkownika do szybkiego rozruchu,
 - sss_obfuscate do generowania utajnionego hasła LDAP.

%package -n libipa_hbac
Summary:	FreeIPA HBAC Evaluator library
Summary(pl.UTF-8):	Biblioteka oceniająca FreeIPA HBAC
License:	LGPL v3+
Group:		Libraries

%description -n libipa_hbac
Utility library to validate FreeIPA HBAC rules for authorization
requests.

%description -n libipa_hbac
Biblioteka narzędziowa do sprawdzania poprawności reguł FreeIPA HBAC
dla żądań autoryzacji.

%package -n libipa_hbac-devel
Summary:	Development files for FreeIPA HBAC Evaluator library
Summary(pl.UTF-8):	Pliki programistyczne biblioteki oceniająca FreeIPA HBAC
License:	LGPL v3+
Group:		Development/Libraries
Requires:	libipa_hbac = %{version}-%{release}

%description -n libipa_hbac-devel
Development files for FreeIPA HBAC Evaluator library.

%description -n libipa_hbac-devel -l pl.UTF-8
Pliki programistyczne biblioteki oceniająca FreeIPA HBAC.

%package -n python-libipa_hbac
Summary:	Python bindings for the FreeIPA HBAC Evaluator library
Summary(pl.UTF-8):	Wiązania Pythona do biblioteki oceniającej FreeIPA HBAC
License:	LGPL v3+
Group:		Libraries/Python
Requires:	libipa_hbac = %{version}-%{release}
Obsoletes:	libipa_hbac-python

%description -n python-libipa_hbac
This package contains the bindings so that libipa_hbac can be used by
Python applications.

%description -n python-libipa_hbac -l pl.UTF-8
Ten pakiet zawiera wiązania pozwalające na używanie libipa_hbac w
aplikacjach Pythona.

%package -n libsss_idmap
Summary:	FreeIPA Idmap library
Summary(pl.UTF-8):	Biblioteka FreeIPA Idmap
Group:		Libraries
License:	LGPL v3+

%description -n libsss_idmap
Utility library to convert SIDs to Unix uids and gids.

%description -n libsss_idmap -l pl.UTF-8
Biblioteka narzędziowa konwertująca SID-y na uniksowe uidy i gidy.

%package -n libsss_idmap-devel
Summary:	Development files for FreeIPA Idmap library
Summary(pl.UTF-8):	Pliki programistyczne biblioteki FreeIPA Idmap
Group:		Development/Libraries
License:	LGPL v3+
Requires:	libsss_idmap = %{version}-%{release}

%description -n libsss_idmap-devel
Development files for FreeIPA Idmap library.

%description -n libsss_idmap-devel -l pl.UTF-8
Pliki programistyczne biblioteki FreeIPA Idmap.

%package -n libsss_nss_idmap
Summary:	Library for SID based lookups
Summary(pl.UTF-8):	Biblioteka do wyszukiwań w oparciu o SID
Group:		Libraries
License:	LGPL v3+

%description -n libsss_nss_idmap
Utility library for SID based lookups.

%description -n libsss_nss_idmap -l pl.UTF-8
Biblioteka do wyszukiwań w oparciu o SID.

%package -n libsss_nss_idmap-devel
Summary:	Development files for sss_nss_idmap library
Summary(pl.UTF-8):	Pliki programistyczne biblioteki sss_nss_idmap
Group:		Development/Libraries
License:	LGPL v3+
Requires:	libsss_nss_idmap = %{version}-%{release}

%description -n libsss_nss_idmap-devel
Development files for sss_nss_idmap library.

%description -n libsss_nss_idmap-devel -l pl.UTF-8
Pliki programistyczne biblioteki sss_nss_idmap.

%package -n python-libsss_nss_idmap
Summary:	Python bindings for libsss_nss_idmap
Summary(pl.UTF-8):	Wiązania Pythona do biblioteki libsss_nss_idmap
Group:		Libraries/Python
License:	LGPL v3+
Requires:	libsss_nss_idmap = %{version}-%{release}

%description -n python-libsss_nss_idmap
This package contains the bindings so that libsss_nss_idmap can be
used by Python applications.

%description -n python-libsss_nss_idmap -l pl.UTF-8
Ten pakiet zawiera wiązania umożliwiające korzystanie z biblioteki
libsss_nss_idmap w aplikacjach Pythona.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1

%build
%{__libtoolize}
%{__gettextize}
%{__aclocal}
%{__automake}
%{__autoconf}
#CFLAGS="-Wno-deprecated-declarations"
%configure \
	NSCD=/usr/sbin/nscd \
	--with-db-path=%{dbpath} \
	--with-initscript=sysv,systemd \
	--with-pipe-path=%{pipepath} \
	--with-pubconf-path=%{pubconfpath} \
	--with-init-dir=/etc/rc.d/init.d \
	--enable-nsslibdir=/%{_lib} \
	--enable-pammoddir=/%{_lib}/security \
	--disable-rpath \
	--with-systemdunitdir=%{systemdunitdir} \
	--with-test-dir=/dev/shm

%{__make}

%if %{with tests}
export CK_TIMEOUT_MULTIPLIER=10
%{__make} check
unset CK_TIMEOUT_MULTIPLIER
%endif

%install
rm -rf $RPM_BUILD_ROOT
%{__make} install \
	DESTDIR=$RPM_BUILD_ROOT

# Prepare language files
%find_lang %{name}

# Copy default sssd.conf file
install -d $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d
cp -p src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf

# Copy default logrotate file
install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
cp -p src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd

# Make sure SSSD is able to run on read-only root
install -d $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d
cp -p src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd

%py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
%py_comp $RPM_BUILD_ROOT%{py_sitedir}
%py_ocomp $RPM_BUILD_ROOT%{py_sitescriptdir}
%py_comp $RPM_BUILD_ROOT%{py_sitescriptdir}
%py_postclean

# Remove .la files created by libtool
%{__rm} \
	$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
	$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
	$RPM_BUILD_ROOT%{ldb_modulesdir}/memberof.la \
	$RPM_BUILD_ROOT%{_libdir}/krb5/plugins/libkrb5/sss*.la \
	$RPM_BUILD_ROOT%{_libdir}/sssd/libsss_*.la \
	$RPM_BUILD_ROOT%{_libdir}/sssd/modules/libsss_*.la \
	$RPM_BUILD_ROOT%{_libdir}/lib*.la \
	$RPM_BUILD_ROOT%{py_sitedir}/*.la

install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}

echo '%%defattr(644,root,root,755)' > sssd_client.lang
echo '%%defattr(644,root,root,755)' > sssd_tools.lang
for man in $(find $RPM_BUILD_ROOT%{_mandir}/??/man? -type f | sed -e "s#$RPM_BUILD_ROOT%{_mandir}/##"); do
	lang=$(echo $man | cut -c 1-2)
	case $(basename $man) in
	pam_sss.8|sssd_krb5_locator_plugin.8)
		echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_client.lang
		;;
	sss_debuglevel.8|sss_group*.8|sss_obfuscate.8|sss_seed.8|sss_user*.8)
		echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_tools.lang
		;;
	*)
		echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd.lang
		;;
	esac
done

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/ldconfig
/sbin/chkconfig --add %{name}
%service %{name} restart

%preun
if [ "$1" = "0" ]; then
	%service -q %{name} stop
	/sbin/chkconfig --del %{name}
fi

%postun	-p /sbin/ldconfig

%post	client -p /sbin/ldconfig
%postun	client -p /sbin/ldconfig

%post	-n libipa_hbac -p /sbin/ldconfig
%postun	-n libipa_hbac -p /sbin/ldconfig

%post	-n libsss_idmap -p /sbin/ldconfig
%postun	-n libsss_idmap -p /sbin/ldconfig

%post	-n libsss_nss_idmap -p /sbin/ldconfig
%postun	-n libsss_nss_idmap -p /sbin/ldconfig

%files -f sssd.lang
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/sss_ssh_authorizedkeys
%attr(755,root,root) %{_bindir}/sss_ssh_knownhostsproxy
%attr(755,root,root) %{_sbindir}/sss_cache
%attr(755,root,root) %{_sbindir}/sssd
%attr(755,root,root) %{_libdir}/libsss_sudo.so
%dir %{_libdir}/sssd
# internal shared libraries
%attr(755,root,root) %{_libdir}/sssd/libsss_child.so
%attr(755,root,root) %{_libdir}/sssd/libsss_crypt.so
%attr(755,root,root) %{_libdir}/sssd/libsss_debug.so
%attr(755,root,root) %{_libdir}/sssd/libsss_ldap_common.so
%attr(755,root,root) %{_libdir}/sssd/libsss_util.so
# modules
%attr(755,root,root) %{_libdir}/sssd/libsss_simple.so
%attr(755,root,root) %{_libdir}/sssd/libsss_ad.so
%attr(755,root,root) %{_libdir}/sssd/libsss_ipa.so
%attr(755,root,root) %{_libdir}/sssd/libsss_krb5.so
%attr(755,root,root) %{_libdir}/sssd/libsss_krb5_common.so
%attr(755,root,root) %{_libdir}/sssd/libsss_ldap.so
%attr(755,root,root) %{_libdir}/sssd/libsss_proxy.so
%dir %{_libdir}/sssd/modules
%attr(755,root,root) %{_libdir}/sssd/modules/libsss_autofs.so
%if "%{_libdir}" != "%{_libexecdir}"
%dir %{_libexecdir}/sssd
%endif
%attr(755,root,root) %{_libexecdir}/sssd/krb5_child
%attr(755,root,root) %{_libexecdir}/sssd/ldap_child
%attr(755,root,root) %{_libexecdir}/sssd/proxy_child
%attr(755,root,root) %{_libexecdir}/sssd/sssd_autofs
%attr(755,root,root) %{_libexecdir}/sssd/sssd_be
%attr(755,root,root) %{_libexecdir}/sssd/sssd_ifp
%attr(755,root,root) %{_libexecdir}/sssd/sssd_nss
%attr(755,root,root) %{_libexecdir}/sssd/sssd_pam
%attr(755,root,root) %{_libexecdir}/sssd/sssd_ssh
%attr(755,root,root) %{_libexecdir}/sssd/sssd_sudo
%dir %{_datadir}/sssd
%{_datadir}/sssd/sssd.api.conf
%dir %{_datadir}/sssd/sssd.api.d
%{_datadir}/sssd/sssd.api.d/sssd-ad.conf
%{_datadir}/sssd/sssd.api.d/sssd-ipa.conf
%{_datadir}/sssd/sssd.api.d/sssd-krb5.conf
%{_datadir}/sssd/sssd.api.d/sssd-ldap.conf
%{_datadir}/sssd/sssd.api.d/sssd-local.conf
%{_datadir}/sssd/sssd.api.d/sssd-proxy.conf
%{_datadir}/sssd/sssd.api.d/sssd-simple.conf
%attr(755,root,root) %{ldb_modulesdir}/memberof.so
%dir %{sssdstatedir}
%attr(700,root,root) %dir %{dbpath}
%dir %{pipepath}
%dir %{pubconfpath}
%attr(700,root,root) %dir %{pipepath}/private
%attr(750,root,root) %dir %{_var}/log/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/sssd
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sssd/sssd.conf
%config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/sssd
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rwtab.d/sssd
%attr(754,root,root) /etc/rc.d/init.d/sssd
%{systemdunitdir}/sssd.service
/etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
%{_mandir}/man5/sssd.conf.5*
%{_mandir}/man5/sssd-ad.5*
%{_mandir}/man5/sssd-ifp.5*
%{_mandir}/man5/sssd-ipa.5*
%{_mandir}/man5/sssd-krb5.5*
%{_mandir}/man5/sssd-ldap.5*
%{_mandir}/man5/sssd-simple.5*
%{_mandir}/man5/sssd-sudo.5*
%{_mandir}/man8/sss_cache.8*
%{_mandir}/man8/sssd.8*
%attr(755,root,root) %{py_sitedir}/pysss.so
%attr(755,root,root) %{py_sitedir}/pysss_murmur.so
%dir %{py_sitescriptdir}/SSSDConfig
%{py_sitescriptdir}/SSSDConfig/*.py[co]
%{py_sitescriptdir}/SSSDConfig-%{version}-py*.egg-info

%files client -f sssd_client.lang
%defattr(644,root,root,755)
%attr(755,root,root) /%{_lib}/libnss_sss.so.2
%attr(755,root,root) /%{_lib}/security/pam_sss.so
# FIXME: is it proper path for heimdal? where to package parent dirs?
#%attr(755,root,root) %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
%{_mandir}/man8/pam_sss.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*

%files tools -f sssd_tools.lang
%defattr(644,root,root,755)
%attr(755,root,root) %{_sbindir}/sss_debuglevel
%attr(755,root,root) %{_sbindir}/sss_groupadd
%attr(755,root,root) %{_sbindir}/sss_groupdel
%attr(755,root,root) %{_sbindir}/sss_groupmod
%attr(755,root,root) %{_sbindir}/sss_groupshow
%attr(755,root,root) %{_sbindir}/sss_obfuscate
%attr(755,root,root) %{_sbindir}/sss_seed
%attr(755,root,root) %{_sbindir}/sss_useradd
%attr(755,root,root) %{_sbindir}/sss_userdel
%attr(755,root,root) %{_sbindir}/sss_usermod
%{_mandir}/man8/sss_debuglevel.8*
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
%{_mandir}/man8/sss_groupshow.8*
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_seed.8*
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*

%files -n libipa_hbac
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libipa_hbac.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libipa_hbac.so.0

%files -n libipa_hbac-devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libipa_hbac.so
%{_includedir}/ipa_hbac.h
%{_pkgconfigdir}/ipa_hbac.pc

%files -n python-libipa_hbac
%defattr(644,root,root,755)
%attr(755,root,root) %{py_sitedir}/pyhbac.so

%files -n libsss_idmap
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libsss_idmap.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libsss_idmap.so.0

%files -n libsss_idmap-devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libsss_idmap.so
%{_includedir}/sss_idmap.h
%{_pkgconfigdir}/sss_idmap.pc

%files -n libsss_nss_idmap
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libsss_nss_idmap.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libsss_nss_idmap.so.0

%files -n libsss_nss_idmap-devel
%defattr(644,root,root,755)
%attr(755,root,root) %{_libdir}/libsss_nss_idmap.so
%{_includedir}/sss_nss_idmap.h
%{_pkgconfigdir}/sss_nss_idmap.pc

%files -n python-libsss_nss_idmap
%defattr(644,root,root,755)
%attr(755,root,root) %{py_sitedir}/pysss_nss_idmap.so
Commit	Line	Data
	1	# TODO
	2	# - pac-responder (currently relies on MIT krb5 >= 1.9)
	3	# - fix stripping before rpm:
	4	# *** WARNING: no sources found for /usr/lib64/libipa_hbac.so.0.0.0 (stripped without sourcefile information?)
	5	%define ldb_version 1.1.0
	6	Summary: System Security Services Daemon
	7	Summary(pl.UTF-8): System Security Services Daemon - demon usług bezpieczeństwa systemu
	8	Name: sssd
	9	Version: 1.11.6
	10	Release: 0.1
	11	License: GPL v3+
	12	Group: Applications/System
	13	Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
	14	# Source0-md5: e4684e81171a8799fe4839b697c7e740
	15	Source1: %{name}.init
	16	Patch0: %{name}-python-config.patch
	17	Patch1: %{name}-heimdal.patch
	18	Patch2: %{name}-systemd.patch
	19	URL: https://fedorahosted.org/sssd/
	20	BuildRequires: autoconf >= 2.59
	21	BuildRequires: automake
	22	# nsupdate utility
	23	BuildRequires: bind-utils
	24	BuildRequires: c-ares-devel
	25	BuildRequires: check-devel >= 0.9.5
	26	BuildRequires: cmocka-devel
	27	BuildRequires: cyrus-sasl-devel >= 2
	28	BuildRequires: dbus-devel >= 1.0.0
	29	BuildRequires: docbook-dtd44-xml
	30	BuildRequires: docbook-style-xsl
	31	BuildRequires: doxygen
	32	BuildRequires: gettext-devel >= 0.14
	33	BuildRequires: glib2-devel >= 2.0
	34	BuildRequires: heimdal-devel
	35	BuildRequires: keyutils-devel
	36	BuildRequires: libcollection-devel >= 0.5.1
	37	BuildRequires: libdhash-devel >= 0.4.2
	38	BuildRequires: libini_config-devel >= 1.0.0
	39	BuildRequires: ldb-devel >= %{ldb_version}
	40	BuildRequires: libnl-devel >= 3.2
	41	BuildRequires: libselinux-devel
	42	BuildRequires: libsemanage-devel
	43	BuildRequires: libtool
	44	BuildRequires: libxml2-progs
	45	BuildRequires: libxslt-progs
	46	BuildRequires: m4
	47	BuildRequires: nspr-devel
	48	BuildRequires: nss-devel
	49	BuildRequires: openldap-devel
	50	BuildRequires: pam-devel
	51	BuildRequires: pcre-devel >= 7
	52	BuildRequires: po4a
	53	BuildRequires: popt-devel
	54	BuildRequires: python-devel >= 2.4
	55	BuildRequires: rpmbuild(macros) >= 1.228
	56	# pkgconfig(ndr_nbt)
	57	BuildRequires: samba-devel >= 4
	58	BuildRequires: systemd-units
	59	BuildRequires: talloc-devel
	60	BuildRequires: tdb-devel >= 1.1.3
	61	BuildRequires: tevent-devel
	62	Requires(post): /sbin/ldconfig
	63	Requires(post,preun): /sbin/chkconfig
	64	Requires: %{name}-client = %{version}-%{release}
	65	Requires: cyrus-sasl-gssapi
	66	Requires: ldb >= %{ldb_version}
	67	Requires: libsss_idmap = %{version}-%{release}
	68	Requires: rc-scripts >= 0.4.0.10
	69	Requires: tdb >= 1.1.3
	70	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	71
	72	%define sssdstatedir %{_localstatedir}/lib/sss
	73	%define dbpath %{sssdstatedir}/db
	74	%define pipepath %{sssdstatedir}/pipes
	75	%define pubconfpath %{sssdstatedir}/pubconf
	76
	77	# Determine the location of the LDB modules directory
	78	%define ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
	79
	80	%description
	81	Provides a set of daemons to manage access to remote directories and
	82	authentication mechanisms. It provides an NSS and PAM interface toward
	83	the system and a pluggable backend system to connect to multiple
	84	different account sources. It is also the basis to provide client
	85	auditing and policy services for projects like FreeIPA.
	86
	87	%description -l pl.UTF-8
	88	Ten pakiet dostarcza zbiór demonów do zarządzania dostępem do zdalnych
	89	katalogów i mechanizmów uwierzytelniania. Udostępnia interfejsy NSS i
	90	PAM dla systemu oraz system backendu z wtyczkami w celu łączenia się z
	91	wieloma różnymi źródłami kont. Jest także podstawą zapewniającą audyt
	92	klientów oraz usługi polityk dla projektów takich jak FreeIPA.
	93
	94	%package client
	95	Summary: SSSD Client libraries for NSS and PAM
	96	Summary(pl.UTF-8): Biblioteki klienckie SSSD dla NSS i PAM
	97	License: LGPL v3+
	98	Group: Applications/System
	99
	100	%description client
	101	Provides the libraries needed by the PAM and NSS stacks to connect to
	102	the SSSD service.
	103
	104	%description client -l pl.UTF-8
	105	Ten pakiet dostarcza biblioteki wymagane przez stosy PAM i NSS w celu
	106	łączenia się z usługą SSSD.
	107
	108	%package tools
	109	Summary: Userspace tools for use with the SSSD
	110	Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do używania z SSSD
	111	License: GPL v3+
	112	Group: Applications/System
	113	Requires: %{name} = %{version}-%{release}
	114
	115	%description tools
	116	Provides userspace tools for manipulating users, groups, and nested
	117	groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf.
	118
	119	Also provides several other administrative tools:
	120	- sss_debuglevel to change the debug level on the fly,
	121	- sss_seed which pre-creates a user entry for use in kickstarts,
	122	- sss_obfuscate for generating an obfuscated LDAP password.
	123
	124	%description tools -l pl.UTF-8
	125	Ten pakiet dostarcza narzędzia przestrzeni poleceń do operowania na
	126	użytkownikach, grupach oraz zagnieżdżonych grupach w SSSD w przypadku
	127	używania id_provider = local w /etc/sssd/sssd.conf.
	128
	129	Pakiet zawiera także kilka innych narzędzi administracyjnych:
	130	- sss_debuglevel do zmiany poziomu diagnostyki w locie,
	131	- sss_seed tworzący wpis użytkownika do szybkiego rozruchu,
	132	- sss_obfuscate do generowania utajnionego hasła LDAP.
	133
	134	%package -n libipa_hbac
	135	Summary: FreeIPA HBAC Evaluator library
	136	Summary(pl.UTF-8): Biblioteka oceniająca FreeIPA HBAC
	137	License: LGPL v3+
	138	Group: Libraries
	139
	140	%description -n libipa_hbac
	141	Utility library to validate FreeIPA HBAC rules for authorization
	142	requests.
	143
	144	%description -n libipa_hbac
	145	Biblioteka narzędziowa do sprawdzania poprawności reguł FreeIPA HBAC
	146	dla żądań autoryzacji.
	147
	148	%package -n libipa_hbac-devel
	149	Summary: Development files for FreeIPA HBAC Evaluator library
	150	Summary(pl.UTF-8): Pliki programistyczne biblioteki oceniająca FreeIPA HBAC
	151	License: LGPL v3+
	152	Group: Development/Libraries
	153	Requires: libipa_hbac = %{version}-%{release}
	154
	155	%description -n libipa_hbac-devel
	156	Development files for FreeIPA HBAC Evaluator library.
	157
	158	%description -n libipa_hbac-devel -l pl.UTF-8
	159	Pliki programistyczne biblioteki oceniająca FreeIPA HBAC.
	160
	161	%package -n python-libipa_hbac
	162	Summary: Python bindings for the FreeIPA HBAC Evaluator library
	163	Summary(pl.UTF-8): Wiązania Pythona do biblioteki oceniającej FreeIPA HBAC
	164	License: LGPL v3+
	165	Group: Libraries/Python
	166	Requires: libipa_hbac = %{version}-%{release}
	167	Obsoletes: libipa_hbac-python
	168
	169	%description -n python-libipa_hbac
	170	This package contains the bindings so that libipa_hbac can be used by
	171	Python applications.
	172
	173	%description -n python-libipa_hbac -l pl.UTF-8
	174	Ten pakiet zawiera wiązania pozwalające na używanie libipa_hbac w
	175	aplikacjach Pythona.
	176
	177	%package -n libsss_idmap
	178	Summary: FreeIPA Idmap library
	179	Summary(pl.UTF-8): Biblioteka FreeIPA Idmap
	180	Group: Libraries
	181	License: LGPL v3+
	182
	183	%description -n libsss_idmap
	184	Utility library to convert SIDs to Unix uids and gids.
	185
	186	%description -n libsss_idmap -l pl.UTF-8
	187	Biblioteka narzędziowa konwertująca SID-y na uniksowe uidy i gidy.
	188
	189	%package -n libsss_idmap-devel
	190	Summary: Development files for FreeIPA Idmap library
	191	Summary(pl.UTF-8): Pliki programistyczne biblioteki FreeIPA Idmap
	192	Group: Development/Libraries
	193	License: LGPL v3+
	194	Requires: libsss_idmap = %{version}-%{release}
	195
	196	%description -n libsss_idmap-devel
	197	Development files for FreeIPA Idmap library.
	198
	199	%description -n libsss_idmap-devel -l pl.UTF-8
	200	Pliki programistyczne biblioteki FreeIPA Idmap.
	201
	202	%package -n libsss_nss_idmap
	203	Summary: Library for SID based lookups
	204	Summary(pl.UTF-8): Biblioteka do wyszukiwań w oparciu o SID
	205	Group: Libraries
	206	License: LGPL v3+
	207
	208	%description -n libsss_nss_idmap
	209	Utility library for SID based lookups.
	210
	211	%description -n libsss_nss_idmap -l pl.UTF-8
	212	Biblioteka do wyszukiwań w oparciu o SID.
	213
	214	%package -n libsss_nss_idmap-devel
	215	Summary: Development files for sss_nss_idmap library
	216	Summary(pl.UTF-8): Pliki programistyczne biblioteki sss_nss_idmap
	217	Group: Development/Libraries
	218	License: LGPL v3+
	219	Requires: libsss_nss_idmap = %{version}-%{release}
	220
	221	%description -n libsss_nss_idmap-devel
	222	Development files for sss_nss_idmap library.
	223
	224	%description -n libsss_nss_idmap-devel -l pl.UTF-8
	225	Pliki programistyczne biblioteki sss_nss_idmap.
	226
	227	%package -n python-libsss_nss_idmap
	228	Summary: Python bindings for libsss_nss_idmap
	229	Summary(pl.UTF-8): Wiązania Pythona do biblioteki libsss_nss_idmap
	230	Group: Libraries/Python
	231	License: LGPL v3+
	232	Requires: libsss_nss_idmap = %{version}-%{release}
	233
	234	%description -n python-libsss_nss_idmap
	235	This package contains the bindings so that libsss_nss_idmap can be
	236	used by Python applications.
	237
	238	%description -n python-libsss_nss_idmap -l pl.UTF-8
	239	Ten pakiet zawiera wiązania umożliwiające korzystanie z biblioteki
	240	libsss_nss_idmap w aplikacjach Pythona.
	241
	242	%prep
	243	%setup -q
	244	%patch0 -p1
	245	%patch1 -p1
	246	%patch2 -p1
	247
	248	%build
	249	%{__libtoolize}
	250	%{__gettextize}
	251	%{__aclocal}
	252	%{__automake}
	253	%{__autoconf}
	254	#CFLAGS="-Wno-deprecated-declarations"
	255	%configure \
	256	NSCD=/usr/sbin/nscd \
	257	--with-db-path=%{dbpath} \
	258	--with-initscript=sysv,systemd \
	259	--with-pipe-path=%{pipepath} \
	260	--with-pubconf-path=%{pubconfpath} \
	261	--with-init-dir=/etc/rc.d/init.d \
	262	--enable-nsslibdir=/%{_lib} \
	263	--enable-pammoddir=/%{_lib}/security \
	264	--disable-rpath \
	265	--with-systemdunitdir=%{systemdunitdir} \
	266	--with-test-dir=/dev/shm
	267
	268	%{__make}
	269
	270	%if %{with tests}
	271	export CK_TIMEOUT_MULTIPLIER=10
	272	%{__make} check
	273	unset CK_TIMEOUT_MULTIPLIER
	274	%endif
	275
	276	%install
	277	rm -rf $RPM_BUILD_ROOT
	278	%{__make} install \
	279	DESTDIR=$RPM_BUILD_ROOT
	280
	281	# Prepare language files
	282	%find_lang %{name}
	283
	284	# Copy default sssd.conf file
	285	install -d $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d
	286	cp -p src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
	287
	288	# Copy default logrotate file
	289	install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
	290	cp -p src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
	291
	292	# Make sure SSSD is able to run on read-only root
	293	install -d $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d
	294	cp -p src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
	295
	296	%py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
	297	%py_comp $RPM_BUILD_ROOT%{py_sitedir}
	298	%py_ocomp $RPM_BUILD_ROOT%{py_sitescriptdir}
	299	%py_comp $RPM_BUILD_ROOT%{py_sitescriptdir}
	300	%py_postclean
	301
	302	# Remove .la files created by libtool
	303	%{__rm} \
	304	$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
	305	$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
	306	$RPM_BUILD_ROOT%{ldb_modulesdir}/memberof.la \
	307	$RPM_BUILD_ROOT%{_libdir}/krb5/plugins/libkrb5/sss*.la \
	308	$RPM_BUILD_ROOT%{_libdir}/sssd/libsss_*.la \
	309	$RPM_BUILD_ROOT%{_libdir}/sssd/modules/libsss_*.la \
	310	$RPM_BUILD_ROOT%{_libdir}/lib*.la \
	311	$RPM_BUILD_ROOT%{py_sitedir}/*.la
	312
	313	install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
	314
	315	echo '%%defattr(644,root,root,755)' > sssd_client.lang
	316	echo '%%defattr(644,root,root,755)' > sssd_tools.lang
	317	for man in $(find $RPM_BUILD_ROOT%{_mandir}/??/man? -type f \| sed -e "s#$RPM_BUILD_ROOT%{_mandir}/##"); do
	318	lang=$(echo $man \| cut -c 1-2)
	319	case $(basename $man) in
	320	pam_sss.8\|sssd_krb5_locator_plugin.8)
	321	echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_client.lang
	322	;;
	323	sss_debuglevel.8\|sss_group.8\|sss_obfuscate.8\|sss_seed.8\|sss_user.8)
	324	echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_tools.lang
	325	;;
	326	*)
	327	echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd.lang
	328	;;
	329	esac
	330	done
	331
	332	%clean
	333	rm -rf $RPM_BUILD_ROOT
	334
	335	%post
	336	/sbin/ldconfig
	337	/sbin/chkconfig --add %{name}
	338	%service %{name} restart
	339
	340	%preun
	341	if [ "$1" = "0" ]; then
	342	%service -q %{name} stop
	343	/sbin/chkconfig --del %{name}
	344	fi
	345
	346	%postun -p /sbin/ldconfig
	347
	348	%post client -p /sbin/ldconfig
	349	%postun client -p /sbin/ldconfig
	350
	351	%post -n libipa_hbac -p /sbin/ldconfig
	352	%postun -n libipa_hbac -p /sbin/ldconfig
	353
	354	%post -n libsss_idmap -p /sbin/ldconfig
	355	%postun -n libsss_idmap -p /sbin/ldconfig
	356
	357	%post -n libsss_nss_idmap -p /sbin/ldconfig
	358	%postun -n libsss_nss_idmap -p /sbin/ldconfig
	359
	360	%files -f sssd.lang
	361	%defattr(644,root,root,755)
	362	%attr(755,root,root) %{_bindir}/sss_ssh_authorizedkeys
	363	%attr(755,root,root) %{_bindir}/sss_ssh_knownhostsproxy
	364	%attr(755,root,root) %{_sbindir}/sss_cache
	365	%attr(755,root,root) %{_sbindir}/sssd
	366	%attr(755,root,root) %{_libdir}/libsss_sudo.so
	367	%dir %{_libdir}/sssd
	368	# internal shared libraries
	369	%attr(755,root,root) %{_libdir}/sssd/libsss_child.so
	370	%attr(755,root,root) %{_libdir}/sssd/libsss_crypt.so
	371	%attr(755,root,root) %{_libdir}/sssd/libsss_debug.so
	372	%attr(755,root,root) %{_libdir}/sssd/libsss_ldap_common.so
	373	%attr(755,root,root) %{_libdir}/sssd/libsss_util.so
	374	# modules
	375	%attr(755,root,root) %{_libdir}/sssd/libsss_simple.so
	376	%attr(755,root,root) %{_libdir}/sssd/libsss_ad.so
	377	%attr(755,root,root) %{_libdir}/sssd/libsss_ipa.so
	378	%attr(755,root,root) %{_libdir}/sssd/libsss_krb5.so
	379	%attr(755,root,root) %{_libdir}/sssd/libsss_krb5_common.so
	380	%attr(755,root,root) %{_libdir}/sssd/libsss_ldap.so
	381	%attr(755,root,root) %{_libdir}/sssd/libsss_proxy.so
	382	%dir %{_libdir}/sssd/modules
	383	%attr(755,root,root) %{_libdir}/sssd/modules/libsss_autofs.so
	384	%if "%{_libdir}" != "%{_libexecdir}"
	385	%dir %{_libexecdir}/sssd
	386	%endif
	387	%attr(755,root,root) %{_libexecdir}/sssd/krb5_child
	388	%attr(755,root,root) %{_libexecdir}/sssd/ldap_child
	389	%attr(755,root,root) %{_libexecdir}/sssd/proxy_child
	390	%attr(755,root,root) %{_libexecdir}/sssd/sssd_autofs
	391	%attr(755,root,root) %{_libexecdir}/sssd/sssd_be
	392	%attr(755,root,root) %{_libexecdir}/sssd/sssd_ifp
	393	%attr(755,root,root) %{_libexecdir}/sssd/sssd_nss
	394	%attr(755,root,root) %{_libexecdir}/sssd/sssd_pam
	395	%attr(755,root,root) %{_libexecdir}/sssd/sssd_ssh
	396	%attr(755,root,root) %{_libexecdir}/sssd/sssd_sudo
	397	%dir %{_datadir}/sssd
	398	%{_datadir}/sssd/sssd.api.conf
	399	%dir %{_datadir}/sssd/sssd.api.d
	400	%{_datadir}/sssd/sssd.api.d/sssd-ad.conf
	401	%{_datadir}/sssd/sssd.api.d/sssd-ipa.conf
	402	%{_datadir}/sssd/sssd.api.d/sssd-krb5.conf
	403	%{_datadir}/sssd/sssd.api.d/sssd-ldap.conf
	404	%{_datadir}/sssd/sssd.api.d/sssd-local.conf
	405	%{_datadir}/sssd/sssd.api.d/sssd-proxy.conf
	406	%{_datadir}/sssd/sssd.api.d/sssd-simple.conf
	407	%attr(755,root,root) %{ldb_modulesdir}/memberof.so
	408	%dir %{sssdstatedir}
	409	%attr(700,root,root) %dir %{dbpath}
	410	%dir %{pipepath}
	411	%dir %{pubconfpath}
	412	%attr(700,root,root) %dir %{pipepath}/private
	413	%attr(750,root,root) %dir %{_var}/log/%{name}
	414	%attr(700,root,root) %dir %{_sysconfdir}/sssd
	415	%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sssd/sssd.conf
	416	%config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/sssd
	417	%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rwtab.d/sssd
	418	%attr(754,root,root) /etc/rc.d/init.d/sssd
	419	%{systemdunitdir}/sssd.service
	420	/etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
	421	%{_mandir}/man1/sss_ssh_authorizedkeys.1*
	422	%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
	423	%{_mandir}/man5/sssd.conf.5*
	424	%{_mandir}/man5/sssd-ad.5*
	425	%{_mandir}/man5/sssd-ifp.5*
	426	%{_mandir}/man5/sssd-ipa.5*
	427	%{_mandir}/man5/sssd-krb5.5*
	428	%{_mandir}/man5/sssd-ldap.5*
	429	%{_mandir}/man5/sssd-simple.5*
	430	%{_mandir}/man5/sssd-sudo.5*
	431	%{_mandir}/man8/sss_cache.8*
	432	%{_mandir}/man8/sssd.8*
	433	%attr(755,root,root) %{py_sitedir}/pysss.so
	434	%attr(755,root,root) %{py_sitedir}/pysss_murmur.so
	435	%dir %{py_sitescriptdir}/SSSDConfig
	436	%{py_sitescriptdir}/SSSDConfig/*.py[co]
	437	%{py_sitescriptdir}/SSSDConfig-%{version}-py*.egg-info
	438
	439	%files client -f sssd_client.lang
	440	%defattr(644,root,root,755)
	441	%attr(755,root,root) /%{_lib}/libnss_sss.so.2
	442	%attr(755,root,root) /%{_lib}/security/pam_sss.so
	443	# FIXME: is it proper path for heimdal? where to package parent dirs?
	444	#%attr(755,root,root) %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
	445	%{_mandir}/man8/pam_sss.8*
	446	%{_mandir}/man8/sssd_krb5_locator_plugin.8*
	447
	448	%files tools -f sssd_tools.lang
	449	%defattr(644,root,root,755)
	450	%attr(755,root,root) %{_sbindir}/sss_debuglevel
	451	%attr(755,root,root) %{_sbindir}/sss_groupadd
	452	%attr(755,root,root) %{_sbindir}/sss_groupdel
	453	%attr(755,root,root) %{_sbindir}/sss_groupmod
	454	%attr(755,root,root) %{_sbindir}/sss_groupshow
	455	%attr(755,root,root) %{_sbindir}/sss_obfuscate
	456	%attr(755,root,root) %{_sbindir}/sss_seed
	457	%attr(755,root,root) %{_sbindir}/sss_useradd
	458	%attr(755,root,root) %{_sbindir}/sss_userdel
	459	%attr(755,root,root) %{_sbindir}/sss_usermod
	460	%{_mandir}/man8/sss_debuglevel.8*
	461	%{_mandir}/man8/sss_groupadd.8*
	462	%{_mandir}/man8/sss_groupdel.8*
	463	%{_mandir}/man8/sss_groupmod.8*
	464	%{_mandir}/man8/sss_groupshow.8*
	465	%{_mandir}/man8/sss_obfuscate.8*
	466	%{_mandir}/man8/sss_seed.8*
	467	%{_mandir}/man8/sss_useradd.8*
	468	%{_mandir}/man8/sss_userdel.8*
	469	%{_mandir}/man8/sss_usermod.8*
	470
	471	%files -n libipa_hbac
	472	%defattr(644,root,root,755)
	473	%attr(755,root,root) %{_libdir}/libipa_hbac.so...*
	474	%attr(755,root,root) %ghost %{_libdir}/libipa_hbac.so.0
	475
	476	%files -n libipa_hbac-devel
	477	%defattr(644,root,root,755)
	478	%attr(755,root,root) %{_libdir}/libipa_hbac.so
	479	%{_includedir}/ipa_hbac.h
	480	%{_pkgconfigdir}/ipa_hbac.pc
	481
	482	%files -n python-libipa_hbac
	483	%defattr(644,root,root,755)
	484	%attr(755,root,root) %{py_sitedir}/pyhbac.so
	485
	486	%files -n libsss_idmap
	487	%defattr(644,root,root,755)
	488	%attr(755,root,root) %{_libdir}/libsss_idmap.so...*
	489	%attr(755,root,root) %ghost %{_libdir}/libsss_idmap.so.0
	490
	491	%files -n libsss_idmap-devel
	492	%defattr(644,root,root,755)
	493	%attr(755,root,root) %{_libdir}/libsss_idmap.so
	494	%{_includedir}/sss_idmap.h
	495	%{_pkgconfigdir}/sss_idmap.pc
	496
	497	%files -n libsss_nss_idmap
	498	%defattr(644,root,root,755)
	499	%attr(755,root,root) %{_libdir}/libsss_nss_idmap.so...*
	500	%attr(755,root,root) %ghost %{_libdir}/libsss_nss_idmap.so.0
	501
	502	%files -n libsss_nss_idmap-devel
	503	%defattr(644,root,root,755)
	504	%attr(755,root,root) %{_libdir}/libsss_nss_idmap.so
	505	%{_includedir}/sss_nss_idmap.h
	506	%{_pkgconfigdir}/sss_nss_idmap.pc
	507
	508	%files -n python-libsss_nss_idmap
	509	%defattr(644,root,root,755)
	510	%attr(755,root,root) %{py_sitedir}/pysss_nss_idmap.so