diff --git a/.gitignore b/.gitignore index 440751f..e6fcc1d 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /adcli-0.9.0.tar.gz /adcli-0.9.1.tar.gz /adcli-0.9.2.tar.gz +/adcli-0.9.3.1.tar.gz diff --git a/adcli.spec b/adcli.spec index 0c41652..27b666b 100644 --- a/adcli.spec +++ b/adcli.spec @@ -1,10 +1,14 @@ +%global with_selinux 1 +%global selinuxtype targeted +%global modulename adcli + Name: adcli -Version: 0.9.2 +Version: 0.9.3.1 Release: 1%{?dist} Summary: Active Directory enrollment -License: LGPLv2+ +License: LGPL-2.1-or-later URL: https://gitlab.freedesktop.org/realmd/adcli -Source0: https://gitlab.freedesktop.org/realmd/adcli/uploads/ea560656ac921b3fe0d455976aaae9be/adcli-%{version}.tar.gz +Source0: https://gitlab.freedesktop.org/-/project/1196/uploads/5a1c55410c0965835b81fbd28d820d46/adcli-%{version}.tar.gz BuildRequires: gcc BuildRequires: intltool pkgconfig @@ -15,6 +19,13 @@ BuildRequires: openldap-devel BuildRequires: libxslt BuildRequires: xmlto BuildRequires: make +BuildRequires: libnetapi-devel + +# Build dependencies for SELinux policy +%if %{with selinux} +BuildRequires: libselinux-devel +BuildRequires: selinux-policy-devel +%endif Requires: cyrus-sasl-gssapi Conflicts: adcli-doc < %{version}-%{release} @@ -23,10 +34,31 @@ Conflicts: adcli-doc < %{version}-%{release} # the adcli tool itself is to be used by callers Obsoletes: adcli-devel < 0.5 +%if %{with selinux} +# This ensures that the *-selinux package and all it’s dependencies are not +# pulled into containers and other systems that do not use SELinux. The +# policy defines types and file contexts for client and server. +Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) +%endif + %description adcli is a tool for joining an Active Directory domain using standard LDAP and Kerberos calls. +%if %{with selinux} +# SELinux subpackage +%package selinux +Summary: The adcli SELinux policy +BuildArch: noarch +Requires: selinux-policy-%{selinuxtype} +Requires(post): selinux-policy-%{selinuxtype} +%{?selinux_requires} + +%description selinux +Custom SELinux policy module for adcli to make sure generated Kerberos keytab +files have the right SELinux context. +%endif + %define _hardened_build 1 %prep @@ -39,24 +71,43 @@ autoreconf --force --install --verbose --with-vendor-error-message='Please check\n https://red.ht/support_rhel_ad \nto get help for common issues.' \ %endif %{nil} -make %{?_smp_mflags} +%make_build %check make check %install -make install DESTDIR=%{buildroot} +%make_install find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %ldconfig_scriptlets +%if %{with selinux} +# SELinux contexts are saved so that only affected files can be +# relabeled after the policy module installation +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{modulename} +fi + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} + +%endif + %files %{_sbindir}/adcli %doc AUTHORS COPYING ChangeLog NEWS README %doc %{_mandir}/*/* %package doc -Summary: adcli documentation +Summary: The adcli documentation package BuildArch: noarch Conflicts: adcli < %{version}-%{release} @@ -68,7 +119,24 @@ documentation. %files doc %doc %{_datadir}/doc/adcli/* +%if %{with selinux} +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} +%endif + %changelog +* Wed Dec 17 2025 Sumit Bose - 0.9.3.1-1 +- Rebase to latest upstream version + Resolves: RHEL-134944 + Resolves: RHEL-134945 + Resolves: RHEL-134946 + Resolves: RHEL-134947 + Resolves: RHEL-134948 + Resolves: RHEL-134950 + Resolves: RHEL-134951 + Resolves: RHEL-134952 + * Wed Oct 12 2022 Sumit Bose - 0.9.2-1 - Update to upstream release 0.9.2 Resolves: rhbz#2124030, rhbz#2133836 diff --git a/sources b/sources index 1dd0180..aa241fa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (adcli-0.9.2.tar.gz) = 0953ffb940b9abdf6277731b3fa14656b9af5686902f1b8c44389c2537e6c33db5b5272061964cf60fd6a7831e581c5362bff89d0adddc9b17059ed3a30e3971 +SHA512 (adcli-0.9.3.1.tar.gz) = 3f501173b5344b38f33a3f65faec9e894da81b44b37bb161da103d8a29459d8807dfe566a5dd0a8c7eec466567b6cca4331c81dd70158b5478a61b03be37355d