2 # - pac-responder (currently relies on MIT krb5 >= 1.9)
3 # - fix stripping before rpm:
4 # *** WARNING: no sources found for /usr/lib64/libipa_hbac.so.0.0.0 (stripped without sourcefile information?)
5 %define ldb_version 1.1.0
6 Summary: System Security Services Daemon
7 Summary(pl.UTF-8): System Security Services Daemon - demon usług bezpieczeństwa systemu
12 Group: Applications/System
13 Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
14 # Source0-md5: 6b52a62fd6f6b170553d032deb7b0bc8
16 Patch0: %{name}-python-config.patch
17 Patch1: %{name}-heimdal.patch
18 URL: https://fedorahosted.org/sssd/
19 BuildRequires: autoconf >= 2.59
20 BuildRequires: automake
22 BuildRequires: bind-utils
23 BuildRequires: c-ares-devel
24 BuildRequires: check-devel >= 0.9.5
25 BuildRequires: cmocka-devel
26 BuildRequires: cyrus-sasl-devel >= 2
27 BuildRequires: dbus-devel >= 1.0.0
28 BuildRequires: docbook-dtd44-xml
29 BuildRequires: docbook-style-xsl
30 BuildRequires: doxygen
31 BuildRequires: gettext-devel >= 0.14
32 BuildRequires: glib2-devel >= 2.0
33 BuildRequires: heimdal-devel
34 BuildRequires: keyutils-devel
35 BuildRequires: libcollection-devel >= 0.5.1
36 BuildRequires: libdhash-devel >= 0.4.2
37 BuildRequires: libini_config-devel >= 1.0.0
38 BuildRequires: ldb-devel >= %{ldb_version}
39 BuildRequires: libnl-devel >= 3.2
40 BuildRequires: libselinux-devel
41 BuildRequires: libsemanage-devel
42 BuildRequires: libtool
43 BuildRequires: libxml2-progs
44 BuildRequires: libxslt-progs
46 BuildRequires: nspr-devel
47 BuildRequires: nss-devel
48 BuildRequires: openldap-devel
49 BuildRequires: pam-devel
50 BuildRequires: pcre-devel >= 7
52 BuildRequires: popt-devel
53 BuildRequires: python-devel >= 2.4
54 BuildRequires: rpmbuild(macros) >= 1.228
55 BuildRequires: samba-devel >= 4
56 BuildRequires: systemd-units
57 BuildRequires: talloc-devel
58 BuildRequires: tdb-devel >= 1.1.3
59 BuildRequires: tevent-devel
60 Requires(post,postun): /sbin/ldconfig
61 Requires(post,preun): /sbin/chkconfig
62 Requires: %{name}-client = %{version}-%{release}
63 Requires: cyrus-sasl-gssapi
64 Requires: ldb >= %{ldb_version}
65 Requires: libsss_idmap = %{version}-%{release}
66 Requires: rc-scripts >= 0.4.0.10
67 Requires: tdb >= 1.1.3
68 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
70 %define sssdstatedir %{_localstatedir}/lib/sss
71 %define dbpath %{sssdstatedir}/db
72 %define pipepath %{sssdstatedir}/pipes
73 %define pubconfpath %{sssdstatedir}/pubconf
75 # Determine the location of the LDB modules directory
76 %define ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
79 Provides a set of daemons to manage access to remote directories and
80 authentication mechanisms. It provides an NSS and PAM interface toward
81 the system and a pluggable backend system to connect to multiple
82 different account sources. It is also the basis to provide client
83 auditing and policy services for projects like FreeIPA.
85 %description -l pl.UTF-8
86 Ten pakiet dostarcza zbiór demonów do zarządzania dostępem do zdalnych
87 katalogów i mechanizmów uwierzytelniania. Udostępnia interfejsy NSS i
88 PAM dla systemu oraz system backendu z wtyczkami w celu łączenia się z
89 wieloma różnymi źródłami kont. Jest także podstawą zapewniającą audyt
90 klientów oraz usługi polityk dla projektów takich jak FreeIPA.
93 Summary: SSSD Client libraries for NSS and PAM
94 Summary(pl.UTF-8): Biblioteki klienckie SSSD dla NSS i PAM
96 Group: Applications/System
99 Provides the libraries needed by the PAM and NSS stacks to connect to
102 %description client -l pl.UTF-8
103 Ten pakiet dostarcza biblioteki wymagane przez stosy PAM i NSS w celu
104 łączenia się z usługą SSSD.
107 Summary: Userspace tools for use with the SSSD
108 Summary(pl.UTF-8): Narzędzia przestrzeni użytkownika do używania z SSSD
110 Group: Applications/System
111 Requires: %{name} = %{version}-%{release}
114 Provides userspace tools for manipulating users, groups, and nested
115 groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf.
117 Also provides several other administrative tools:
118 - sss_debuglevel to change the debug level on the fly,
119 - sss_seed which pre-creates a user entry for use in kickstarts,
120 - sss_obfuscate for generating an obfuscated LDAP password.
122 %description tools -l pl.UTF-8
123 Ten pakiet dostarcza narzędzia przestrzeni poleceń do operowania na
124 użytkownikach, grupach oraz zagnieżdżonych grupach w SSSD w przypadku
125 używania id_provider = local w /etc/sssd/sssd.conf.
127 Pakiet zawiera także kilka innych narzędzi administracyjnych:
128 - sss_debuglevel do zmiany poziomu diagnostyki w locie,
129 - sss_seed tworzący wpis użytkownika do szybkiego rozruchu,
130 - sss_obfuscate do generowania utajnionego hasła LDAP.
132 %package -n libipa_hbac
133 Summary: FreeIPA HBAC Evaluator library
134 Summary(pl.UTF-8): Biblioteka oceniająca FreeIPA HBAC
138 %description -n libipa_hbac
139 Utility library to validate FreeIPA HBAC rules for authorization
142 %description -n libipa_hbac
143 Biblioteka narzędziowa do sprawdzania poprawności reguł FreeIPA HBAC
144 dla żądań autoryzacji.
146 %package -n libipa_hbac-devel
147 Summary: Development files for FreeIPA HBAC Evaluator library
148 Summary(pl.UTF-8): Pliki programistyczne biblioteki oceniająca FreeIPA HBAC
150 Group: Development/Libraries
151 Requires: libipa_hbac = %{version}-%{release}
153 %description -n libipa_hbac-devel
154 Development files for FreeIPA HBAC Evaluator library.
156 %description -n libipa_hbac-devel -l pl.UTF-8
157 Pliki programistyczne biblioteki oceniająca FreeIPA HBAC.
159 %package -n python-libipa_hbac
160 Summary: Python bindings for the FreeIPA HBAC Evaluator library
161 Summary(pl.UTF-8): Wiązania Pythona do biblioteki oceniającej FreeIPA HBAC
163 Group: Libraries/Python
164 Requires: libipa_hbac = %{version}-%{release}
165 Obsoletes: libipa_hbac-python
167 %description -n python-libipa_hbac
168 This package contains the bindings so that libipa_hbac can be used by
171 %description -n python-libipa_hbac -l pl.UTF-8
172 Ten pakiet zawiera wiązania pozwalające na używanie libipa_hbac w
175 %package -n libsss_idmap
176 Summary: FreeIPA Idmap library
177 Summary(pl.UTF-8): Biblioteka FreeIPA Idmap
181 %description -n libsss_idmap
182 Utility library to convert SIDs to Unix uids and gids.
184 %description -n libsss_idmap -l pl.UTF-8
185 Biblioteka narzędziowa konwertująca SID-y na uniksowe uidy i gidy.
187 %package -n libsss_idmap-devel
188 Summary: Development files for FreeIPA Idmap library
189 Summary(pl.UTF-8): Pliki programistyczne biblioteki FreeIPA Idmap
190 Group: Development/Libraries
192 Requires: libsss_idmap = %{version}-%{release}
194 %description -n libsss_idmap-devel
195 Development files for FreeIPA Idmap library.
197 %description -n libsss_idmap-devel -l pl.UTF-8
198 Pliki programistyczne biblioteki FreeIPA Idmap.
200 %package -n libsss_nss_idmap
201 Summary: Library for SID based lookups
202 Summary(pl.UTF-8): Biblioteka do wyszukiwań w oparciu o SID
206 %description -n libsss_nss_idmap
207 Utility library for SID based lookups.
209 %description -n libsss_nss_idmap -l pl.UTF-8
210 Biblioteka do wyszukiwań w oparciu o SID.
212 %package -n libsss_nss_idmap-devel
213 Summary: Development files for sss_nss_idmap library
214 Summary(pl.UTF-8): Pliki programistyczne biblioteki sss_nss_idmap
215 Group: Development/Libraries
217 Requires: libsss_nss_idmap = %{version}-%{release}
219 %description -n libsss_nss_idmap-devel
220 Development files for sss_nss_idmap library.
222 %description -n libsss_nss_idmap-devel -l pl.UTF-8
223 Pliki programistyczne biblioteki sss_nss_idmap.
225 %package -n python-libsss_nss_idmap
226 Summary: Python bindings for libsss_nss_idmap
227 Summary(pl.UTF-8): Wiązania Pythona do biblioteki libsss_nss_idmap
228 Group: Libraries/Python
230 Requires: libsss_nss_idmap = %{version}-%{release}
232 %description -n python-libsss_nss_idmap
233 This package contains the bindings so that libsss_nss_idmap can be
234 used by Python applications.
236 %description -n python-libsss_nss_idmap -l pl.UTF-8
237 Ten pakiet zawiera wiązania umożliwiające korzystanie z biblioteki
238 libsss_nss_idmap w aplikacjach Pythona.
251 #CFLAGS="-Wno-deprecated-declarations"
253 NSCD=/usr/sbin/nscd \
254 --with-db-path=%{dbpath} \
255 --with-pipe-path=%{pipepath} \
256 --with-pubconf-path=%{pubconfpath} \
257 --with-init-dir=%{_initrddir} \
258 --enable-nsslibdir=/%{_lib} \
259 --enable-pammoddir=/%{_lib}/security \
261 --with-test-dir=/dev/shm
266 export CK_TIMEOUT_MULTIPLIER=10
268 unset CK_TIMEOUT_MULTIPLIER
272 rm -rf $RPM_BUILD_ROOT
274 DESTDIR=$RPM_BUILD_ROOT
276 # Prepare language files
279 # Copy default sssd.conf file
280 install -d $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d
281 cp -p src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
283 # Copy default logrotate file
284 install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
285 cp -p src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
287 # Make sure SSSD is able to run on read-only root
288 install -d $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d
289 cp -p src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
291 %py_ocomp $RPM_BUILD_ROOT%{py_sitedir}
292 %py_comp $RPM_BUILD_ROOT%{py_sitedir}
293 %py_ocomp $RPM_BUILD_ROOT%{py_sitescriptdir}
294 %py_comp $RPM_BUILD_ROOT%{py_sitescriptdir}
297 # Remove .la files created by libtool
299 $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
300 $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
301 $RPM_BUILD_ROOT%{ldb_modulesdir}/memberof.la \
302 $RPM_BUILD_ROOT%{_libdir}/krb5/plugins/libkrb5/sss*.la \
303 $RPM_BUILD_ROOT%{_libdir}/sssd/libsss_*.la \
304 $RPM_BUILD_ROOT%{_libdir}/sssd/modules/libsss_*.la \
305 $RPM_BUILD_ROOT%{_libdir}/lib*.la \
306 $RPM_BUILD_ROOT%{py_sitedir}/*.la
308 install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
310 echo '%%defattr(644,root,root,755)' > sssd_client.lang
311 echo '%%defattr(644,root,root,755)' > sssd_tools.lang
312 for man in $(find $RPM_BUILD_ROOT%{_mandir}/??/man? -type f | sed -e "s#$RPM_BUILD_ROOT%{_mandir}/##"); do
313 lang=$(echo $man | cut -c 1-2)
314 case $(basename $man) in
315 pam_sss.8|sssd_krb5_locator_plugin.8)
316 echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_client.lang
318 sss_debuglevel.8|sss_group*.8|sss_obfuscate.8|sss_seed.8|sss_user*.8)
319 echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd_tools.lang
322 echo "%lang(${lang}) %{_mandir}/${man}*" >> sssd.lang
328 rm -rf $RPM_BUILD_ROOT
332 /sbin/chkconfig --add %{name}
333 %service %{name} restart
336 if [ "$1" = "0" ]; then
337 %service -q %{name} stop
338 /sbin/chkconfig --del %{name}
341 %post -p /sbin/ldconfig
342 %postun -p /sbin/ldconfig
344 %post client -p /sbin/ldconfig
345 %postun client -p /sbin/ldconfig
347 %post -n libipa_hbac -p /sbin/ldconfig
348 %postun -n libipa_hbac -p /sbin/ldconfig
350 %post -n libsss_idmap -p /sbin/ldconfig
351 %postun -n libsss_idmap -p /sbin/ldconfig
353 %post -n libsss_nss_idmap -p /sbin/ldconfig
354 %postun -n libsss_nss_idmap -p /sbin/ldconfig
357 %defattr(644,root,root,755)
358 %attr(754,root,root) /etc/rc.d/init.d/sssd
359 %attr(755,root,root) %{_bindir}/sss_ssh_authorizedkeys
360 %attr(755,root,root) %{_bindir}/sss_ssh_knownhostsproxy
361 %attr(755,root,root) %{_sbindir}/sss_cache
362 %attr(755,root,root) %{_sbindir}/sssd
363 %attr(755,root,root) %{_libdir}/libsss_sudo.so
365 # internal shared libraries
366 %attr(755,root,root) %{_libdir}/sssd/libsss_child.so
367 %attr(755,root,root) %{_libdir}/sssd/libsss_crypt.so
368 %attr(755,root,root) %{_libdir}/sssd/libsss_debug.so
369 %attr(755,root,root) %{_libdir}/sssd/libsss_ldap_common.so
370 %attr(755,root,root) %{_libdir}/sssd/libsss_util.so
372 %attr(755,root,root) %{_libdir}/sssd/libsss_simple.so
373 %attr(755,root,root) %{_libdir}/sssd/libsss_ad.so
374 %attr(755,root,root) %{_libdir}/sssd/libsss_ipa.so
375 %attr(755,root,root) %{_libdir}/sssd/libsss_krb5.so
376 %attr(755,root,root) %{_libdir}/sssd/libsss_krb5_common.so
377 %attr(755,root,root) %{_libdir}/sssd/libsss_ldap.so
378 %attr(755,root,root) %{_libdir}/sssd/libsss_proxy.so
379 %dir %{_libdir}/sssd/modules
380 %attr(755,root,root) %{_libdir}/sssd/modules/libsss_autofs.so
381 %if "%{_libdir}" != "%{_libexecdir}"
382 %dir %{_libexecdir}/sssd
384 %attr(755,root,root) %{_libexecdir}/sssd/krb5_child
385 %attr(755,root,root) %{_libexecdir}/sssd/ldap_child
386 %attr(755,root,root) %{_libexecdir}/sssd/proxy_child
387 %attr(755,root,root) %{_libexecdir}/sssd/sssd_autofs
388 %attr(755,root,root) %{_libexecdir}/sssd/sssd_be
389 %attr(755,root,root) %{_libexecdir}/sssd/sssd_nss
390 %attr(755,root,root) %{_libexecdir}/sssd/sssd_pam
391 %attr(755,root,root) %{_libexecdir}/sssd/sssd_ssh
392 %attr(755,root,root) %{_libexecdir}/sssd/sssd_sudo
393 %dir %{_datadir}/sssd
394 %{_datadir}/sssd/sssd.api.conf
395 %dir %{_datadir}/sssd/sssd.api.d
396 %{_datadir}/sssd/sssd.api.d/sssd-ad.conf
397 %{_datadir}/sssd/sssd.api.d/sssd-ipa.conf
398 %{_datadir}/sssd/sssd.api.d/sssd-krb5.conf
399 %{_datadir}/sssd/sssd.api.d/sssd-ldap.conf
400 %{_datadir}/sssd/sssd.api.d/sssd-local.conf
401 %{_datadir}/sssd/sssd.api.d/sssd-proxy.conf
402 %{_datadir}/sssd/sssd.api.d/sssd-simple.conf
403 %attr(755,root,root) %{ldb_modulesdir}/memberof.so
405 %attr(700,root,root) %dir %{dbpath}
408 %attr(700,root,root) %dir %{pipepath}/private
409 %attr(750,root,root) %dir %{_var}/log/%{name}
410 %attr(700,root,root) %dir %{_sysconfdir}/sssd
411 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sssd/sssd.conf
412 %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/sssd
413 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rwtab.d/sssd
414 %{_mandir}/man1/sss_ssh_authorizedkeys.1*
415 %{_mandir}/man1/sss_ssh_knownhostsproxy.1*
416 %{_mandir}/man5/sssd.conf.5*
417 %{_mandir}/man5/sssd-ad.5*
418 %{_mandir}/man5/sssd-ipa.5*
419 %{_mandir}/man5/sssd-krb5.5*
420 %{_mandir}/man5/sssd-ldap.5*
421 %{_mandir}/man5/sssd-simple.5*
422 %{_mandir}/man5/sssd-sudo.5*
423 %{_mandir}/man8/sss_cache.8*
424 %{_mandir}/man8/sssd.8*
425 %attr(755,root,root) %{py_sitedir}/pysss.so
426 %attr(755,root,root) %{py_sitedir}/pysss_murmur.so
427 %dir %{py_sitescriptdir}/SSSDConfig
428 %{py_sitescriptdir}/SSSDConfig/*.py[co]
429 %{py_sitescriptdir}/SSSDConfig-%{version}-py*.egg-info
431 %files client -f sssd_client.lang
432 %defattr(644,root,root,755)
433 %attr(755,root,root) /%{_lib}/libnss_sss.so.2
434 %attr(755,root,root) /%{_lib}/security/pam_sss.so
435 # FIXME: is it proper path for heimdal? where to package parent dirs?
436 #%attr(755,root,root) %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
437 %{_mandir}/man8/pam_sss.8*
438 %{_mandir}/man8/sssd_krb5_locator_plugin.8*
440 %files tools -f sssd_tools.lang
441 %defattr(644,root,root,755)
442 %attr(755,root,root) %{_sbindir}/sss_debuglevel
443 %attr(755,root,root) %{_sbindir}/sss_groupadd
444 %attr(755,root,root) %{_sbindir}/sss_groupdel
445 %attr(755,root,root) %{_sbindir}/sss_groupmod
446 %attr(755,root,root) %{_sbindir}/sss_groupshow
447 %attr(755,root,root) %{_sbindir}/sss_obfuscate
448 %attr(755,root,root) %{_sbindir}/sss_seed
449 %attr(755,root,root) %{_sbindir}/sss_useradd
450 %attr(755,root,root) %{_sbindir}/sss_userdel
451 %attr(755,root,root) %{_sbindir}/sss_usermod
452 %{_mandir}/man8/sss_debuglevel.8*
453 %{_mandir}/man8/sss_groupadd.8*
454 %{_mandir}/man8/sss_groupdel.8*
455 %{_mandir}/man8/sss_groupmod.8*
456 %{_mandir}/man8/sss_groupshow.8*
457 %{_mandir}/man8/sss_obfuscate.8*
458 %{_mandir}/man8/sss_seed.8*
459 %{_mandir}/man8/sss_useradd.8*
460 %{_mandir}/man8/sss_userdel.8*
461 %{_mandir}/man8/sss_usermod.8*
463 %files -n libipa_hbac
464 %defattr(644,root,root,755)
465 %attr(755,root,root) %{_libdir}/libipa_hbac.so.*.*.*
466 %attr(755,root,root) %ghost %{_libdir}/libipa_hbac.so.0
468 %files -n libipa_hbac-devel
469 %defattr(644,root,root,755)
470 %attr(755,root,root) %{_libdir}/libipa_hbac.so
471 %{_includedir}/ipa_hbac.h
472 %{_pkgconfigdir}/ipa_hbac.pc
474 %files -n python-libipa_hbac
475 %defattr(644,root,root,755)
476 %attr(755,root,root) %{py_sitedir}/pyhbac.so
478 %files -n libsss_idmap
479 %defattr(644,root,root,755)
480 %attr(755,root,root) %{_libdir}/libsss_idmap.so.*.*.*
481 %attr(755,root,root) %ghost %{_libdir}/libsss_idmap.so.0
483 %files -n libsss_idmap-devel
484 %defattr(644,root,root,755)
485 %attr(755,root,root) %{_libdir}/libsss_idmap.so
486 %{_includedir}/sss_idmap.h
487 %{_pkgconfigdir}/sss_idmap.pc
489 %files -n libsss_nss_idmap
490 %defattr(644,root,root,755)
491 %attr(755,root,root) %{_libdir}/libsss_nss_idmap.so.*.*.*
492 %attr(755,root,root) %ghost %{_libdir}/libsss_nss_idmap.so.0
494 %files -n libsss_nss_idmap-devel
495 %defattr(644,root,root,755)
496 %attr(755,root,root) %{_libdir}/libsss_nss_idmap.so
497 %{_includedir}/sss_nss_idmap.h
498 %{_pkgconfigdir}/sss_nss_idmap.pc
500 %files -n python-libsss_nss_idmap
501 %defattr(644,root,root,755)
502 %attr(755,root,root) %{py_sitedir}/pysss_nsss_idmap.so