RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/authselect#91ff6352fa1af37ab6032dbf588321b73a89328e
This commit is contained in:
parent
645e23dc0b
commit
1baaf3ca85
|
@ -0,0 +1,14 @@
|
||||||
|
/0.1-alpha.tar.gz
|
||||||
|
/0.1.tar.gz
|
||||||
|
/authselect-0.2.tar.gz
|
||||||
|
/authselect-0.3.tar.gz
|
||||||
|
/authselect-0.3.1.tar.gz
|
||||||
|
/authselect-0.3.2.tar.gz
|
||||||
|
/authselect-0.4.tar.gz
|
||||||
|
/authselect-1.0.tar.gz
|
||||||
|
/authselect-1.0.1.tar.gz
|
||||||
|
/authselect-1.0.2.tar.gz
|
||||||
|
/authselect-1.0.3.tar.gz
|
||||||
|
/authselect-1.1.tar.gz
|
||||||
|
/authselect-1.2.tar.gz
|
||||||
|
/authselect-1.2.1.tar.gz
|
|
@ -0,0 +1,264 @@
|
||||||
|
From 4b913748e413314b69c315c314c3d07e10471712 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
|
Date: Mon, 13 Jul 2020 13:43:03 +0200
|
||||||
|
Subject: [PATCH 1/2] utils: correctly remove the whole line if `str` does not
|
||||||
|
point to its beginning
|
||||||
|
|
||||||
|
The following scenario triggers a bug when the line is not removed completely
|
||||||
|
and the two lines are merged instead.
|
||||||
|
```
|
||||||
|
BEGINNING {if "condition":true|false} END {include if "condition"}
|
||||||
|
NEXT LINE
|
||||||
|
|
||||||
|
->
|
||||||
|
BEGINNING falseNEXT LINE
|
||||||
|
```
|
||||||
|
|
||||||
|
This is because `match_string` points after the first condition and we
|
||||||
|
only remove the line to this point. Therefore we need to interate
|
||||||
|
before `match_string` so we can find the real line start.
|
||||||
|
|
||||||
|
Resolves:
|
||||||
|
https://github.com/authselect/authselect/issues/218
|
||||||
|
---
|
||||||
|
src/lib/files/system.c | 2 +-
|
||||||
|
src/lib/util/string.c | 10 ++--
|
||||||
|
src/lib/util/string.h | 3 +-
|
||||||
|
src/lib/util/template.c | 16 ++++---
|
||||||
|
src/tests/test_util_template.c | 84 ++++++++++++++++++++++++++++++++++
|
||||||
|
5 files changed, 103 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/files/system.c b/src/lib/files/system.c
|
||||||
|
index 453e2f4d6fc42ffd2e9bdfc773a38972802c1cb2..ef354b7583914cec07ff3c017394daa5b6cc27e1 100644
|
||||||
|
--- a/src/lib/files/system.c
|
||||||
|
+++ b/src/lib/files/system.c
|
||||||
|
@@ -178,7 +178,7 @@ authselect_system_nsswitch_delete_maps(char **maps,
|
||||||
|
map_len = m[1].rm_eo - m[1].rm_so;
|
||||||
|
for (i = 0; maps[i] != NULL; i++) {
|
||||||
|
if (strncmp(map_name, maps[i], map_len) == 0) {
|
||||||
|
- string_remove_line(match_string, m[1].rm_so);
|
||||||
|
+ string_remove_line(content, match_string, m[1].rm_so);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/src/lib/util/string.c b/src/lib/util/string.c
|
||||||
|
index 0f3936681c6c8af1be940f92a21dfc15dafe4e42..e53a81c250711e5caab8e5f4f751371c332e6b92 100644
|
||||||
|
--- a/src/lib/util/string.c
|
||||||
|
+++ b/src/lib/util/string.c
|
||||||
|
@@ -272,17 +272,21 @@ string_replace_position(char *str, size_t start, size_t end, const char *with)
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
-string_remove_line(char *str, size_t inner_position)
|
||||||
|
+string_remove_line(char *beginning, char *str, size_t inner_position)
|
||||||
|
{
|
||||||
|
char *left;
|
||||||
|
|
||||||
|
- for (left = str + inner_position; left != str; left--) {
|
||||||
|
+ /* str may not be the beginning of the line so we need to refer
|
||||||
|
+ * to iterate until we reach the beginning */
|
||||||
|
+ for (left = str + inner_position; left != beginning; left--) {
|
||||||
|
if (*(left - 1) == '\n') {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- for (; *left != '\0'; left++) {
|
||||||
|
+ /* Remove the whole line that is in front of our string and then iterate
|
||||||
|
+ * to the line end or string end. */
|
||||||
|
+ for (; left < str || *left != '\0'; left++) {
|
||||||
|
if (*left == '\n') {
|
||||||
|
*left = '\0';
|
||||||
|
break;
|
||||||
|
diff --git a/src/lib/util/string.h b/src/lib/util/string.h
|
||||||
|
index e550d853d3fa0699909b84cc9febdae9d5884b9f..724460e771389ac3c015806111d6052ffbfa7566 100644
|
||||||
|
--- a/src/lib/util/string.h
|
||||||
|
+++ b/src/lib/util/string.h
|
||||||
|
@@ -142,11 +142,12 @@ string_replace_position(char *str, size_t start, size_t end, const char *with);
|
||||||
|
* When all replacements are done, call @string_replace_shake() to create
|
||||||
|
* the final string.
|
||||||
|
*
|
||||||
|
+ * @param beginning Pointer to the left most character of the string.
|
||||||
|
* @param str Destination string.
|
||||||
|
* @param inner_position Position inside the line the will be removed.
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
-string_remove_line(char *str, size_t inner_position);
|
||||||
|
+string_remove_line(char *beginning, char *str, size_t inner_position);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Remove string from @from (including) to @to (excluding).
|
||||||
|
diff --git a/src/lib/util/template.c b/src/lib/util/template.c
|
||||||
|
index f86a26a8344f1c140861f1572b74614604624dd5..12324aa9c16b500f481739a46652f65f98863fed 100644
|
||||||
|
--- a/src/lib/util/template.c
|
||||||
|
+++ b/src/lib/util/template.c
|
||||||
|
@@ -211,6 +211,7 @@ template_match_get_values(const char *match_string,
|
||||||
|
|
||||||
|
static errno_t
|
||||||
|
template_match_replace(char ***features,
|
||||||
|
+ char *beginning,
|
||||||
|
char *match_string,
|
||||||
|
regmatch_t *match,
|
||||||
|
enum template_operator op,
|
||||||
|
@@ -231,7 +232,7 @@ template_match_replace(char ***features,
|
||||||
|
switch (op) {
|
||||||
|
case OP_CONTINUE:
|
||||||
|
if (enabled) {
|
||||||
|
- string_remove_line(match_string, match->rm_so);
|
||||||
|
+ string_remove_line(beginning, match_string, match->rm_so);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -239,7 +240,7 @@ template_match_replace(char ***features,
|
||||||
|
break;
|
||||||
|
case OP_STOP:
|
||||||
|
if (!enabled) {
|
||||||
|
- string_remove_line(match_string, match->rm_so);
|
||||||
|
+ string_remove_line(beginning, match_string, match->rm_so);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -251,7 +252,7 @@ template_match_replace(char ***features,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- string_remove_line(match_string, match->rm_so);
|
||||||
|
+ string_remove_line(beginning, match_string, match->rm_so);
|
||||||
|
break;
|
||||||
|
case OP_EXCLUDE:
|
||||||
|
if (!enabled) {
|
||||||
|
@@ -259,7 +260,7 @@ template_match_replace(char ***features,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- string_remove_line(match_string, match->rm_so);
|
||||||
|
+ string_remove_line(beginning, match_string, match->rm_so);
|
||||||
|
break;
|
||||||
|
case OP_IMPLY:
|
||||||
|
if (enabled) {
|
||||||
|
@@ -269,7 +270,7 @@ template_match_replace(char ***features,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- string_remove_line(match_string, match->rm_so);
|
||||||
|
+ string_remove_line(beginning, match_string, match->rm_so);
|
||||||
|
break;
|
||||||
|
case OP_IF:
|
||||||
|
replacement = enabled ? if_true : if_false;
|
||||||
|
@@ -460,8 +461,9 @@ template_process_operators(const char **features,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- ret = template_match_replace(&features_copy, match_string, &m[0], op,
|
||||||
|
- expression, if_true, if_false, value);
|
||||||
|
+ ret = template_match_replace(&features_copy, content, match_string,
|
||||||
|
+ &m[0], op, expression,
|
||||||
|
+ if_true, if_false, value);
|
||||||
|
|
||||||
|
if (expression != NULL) {
|
||||||
|
free(expression);
|
||||||
|
diff --git a/src/tests/test_util_template.c b/src/tests/test_util_template.c
|
||||||
|
index 90327ea68d0e09df98befde4835e90350f0c6238..fac3f4c94e3553c71ee538a5725fb0a734f89382 100644
|
||||||
|
--- a/src/tests/test_util_template.c
|
||||||
|
+++ b/src/tests/test_util_template.c
|
||||||
|
@@ -269,6 +269,86 @@ void test_template_imply_if(void **state)
|
||||||
|
free(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
+void test_template_if_and_include__true(void **state)
|
||||||
|
+{
|
||||||
|
+ const char *myfeatures[] = {
|
||||||
|
+ "true",
|
||||||
|
+ NULL
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ const char *template =
|
||||||
|
+ "L1 {if \"f1\":T1|T2} T3 {include if \"true\"} \n"
|
||||||
|
+ "L2 \n"
|
||||||
|
+ "";
|
||||||
|
+ const char *expected =
|
||||||
|
+ "L1 T2 T3\n"
|
||||||
|
+ "L2\n"
|
||||||
|
+ "";
|
||||||
|
+
|
||||||
|
+ char *result = template_generate(template, myfeatures);
|
||||||
|
+ assert_string_equal(expected, result);
|
||||||
|
+ free(result);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void test_template_if_and_include__false(void **state)
|
||||||
|
+{
|
||||||
|
+ const char *myfeatures[] = {
|
||||||
|
+ NULL
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ const char *template =
|
||||||
|
+ "L1 {if \"f1\":T1|T2} T3 {include if \"true\"} \n"
|
||||||
|
+ "L2 \n"
|
||||||
|
+ "";
|
||||||
|
+ const char *expected =
|
||||||
|
+ "L2\n"
|
||||||
|
+ "";
|
||||||
|
+
|
||||||
|
+ char *result = template_generate(template, myfeatures);
|
||||||
|
+ assert_string_equal(expected, result);
|
||||||
|
+ free(result);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void test_template_if_and_exclude__true(void **state)
|
||||||
|
+{
|
||||||
|
+ const char *myfeatures[] = {
|
||||||
|
+ "true",
|
||||||
|
+ NULL
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ const char *template =
|
||||||
|
+ "L1 {if \"f1\":T1|T2} T3 {exclude if \"true\"} \n"
|
||||||
|
+ "L2 \n"
|
||||||
|
+ "";
|
||||||
|
+ const char *expected =
|
||||||
|
+ "L2\n"
|
||||||
|
+ "";
|
||||||
|
+
|
||||||
|
+ char *result = template_generate(template, myfeatures);
|
||||||
|
+ assert_string_equal(expected, result);
|
||||||
|
+ free(result);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void test_template_if_and_exclude__false(void **state)
|
||||||
|
+{
|
||||||
|
+ const char *myfeatures[] = {
|
||||||
|
+ NULL
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ const char *template =
|
||||||
|
+ "L1 {if \"f1\":T1|T2} T3 {exclude if \"true\"} \n"
|
||||||
|
+ "L2 \n"
|
||||||
|
+ "";
|
||||||
|
+ const char *expected =
|
||||||
|
+ "L1 T2 T3\n"
|
||||||
|
+ "L2\n"
|
||||||
|
+ "";
|
||||||
|
+
|
||||||
|
+ char *result = template_generate(template, myfeatures);
|
||||||
|
+ assert_string_equal(expected, result);
|
||||||
|
+ free(result);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int main(int argc, const char *argv[])
|
||||||
|
{
|
||||||
|
|
||||||
|
@@ -281,6 +361,10 @@ int main(int argc, const char *argv[])
|
||||||
|
cmocka_unit_test(test_template_continue_if),
|
||||||
|
cmocka_unit_test(test_template_list_features),
|
||||||
|
cmocka_unit_test(test_template_imply_if),
|
||||||
|
+ cmocka_unit_test(test_template_if_and_include__true),
|
||||||
|
+ cmocka_unit_test(test_template_if_and_include__false),
|
||||||
|
+ cmocka_unit_test(test_template_if_and_exclude__true),
|
||||||
|
+ cmocka_unit_test(test_template_if_and_exclude__false),
|
||||||
|
};
|
||||||
|
|
||||||
|
return cmocka_run_group_tests(tests, NULL, NULL);
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
From eb4ef2c111b3b439bda66cc0ac8764343e9d6d6f Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
|
Date: Mon, 20 Jul 2020 11:36:14 +0200
|
||||||
|
Subject: [PATCH 2/2] profiles: add support for resolved
|
||||||
|
|
||||||
|
Resolved is enabled by default since Fedora 33 so we need to reflect
|
||||||
|
this change in our profiles.
|
||||||
|
|
||||||
|
It should be OK to enabled it unconditionaly. The module is part of
|
||||||
|
systemd so it basically can not be uninstalled and it can be safely
|
||||||
|
disabled through `systemctl disable --now systemd-resolved.service`.
|
||||||
|
|
||||||
|
Resolves:
|
||||||
|
https://github.com/authselect/authselect/issues/221
|
||||||
|
---
|
||||||
|
profiles/minimal/nsswitch.conf | 2 +-
|
||||||
|
profiles/nis/nsswitch.conf | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/profiles/minimal/nsswitch.conf b/profiles/minimal/nsswitch.conf
|
||||||
|
index a39e4d32ebf79e8bf05f2db5753b01596222dc35..7df28821dbb03eaf986660a016a48051eb91d092 100644
|
||||||
|
--- a/profiles/minimal/nsswitch.conf
|
||||||
|
+++ b/profiles/minimal/nsswitch.conf
|
||||||
|
@@ -2,7 +2,7 @@ aliases: files {exclude if "with-custom
|
||||||
|
automount: files {exclude if "with-custom-automount"}
|
||||||
|
ethers: files {exclude if "with-custom-ethers"}
|
||||||
|
group: files {if "with-altfiles":altfiles }systemd {exclude if "with-custom-group"}
|
||||||
|
-hosts: files dns myhostname {exclude if "with-custom-hosts"}
|
||||||
|
+hosts: resolve [!UNAVAIL=return] myhostname files dns {exclude if "with-custom-hosts"}
|
||||||
|
initgroups: files {exclude if "with-custom-initgroups"}
|
||||||
|
netgroup: files {exclude if "with-custom-netgroup"}
|
||||||
|
networks: files {exclude if "with-custom-networks"}
|
||||||
|
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
|
||||||
|
index 9bee7d839f84ff39d54cb6ead9dea38e51736b4d..1aaa2d99eb004851eb2413e7722d971d2e3bc7eb 100644
|
||||||
|
--- a/profiles/nis/nsswitch.conf
|
||||||
|
+++ b/profiles/nis/nsswitch.conf
|
||||||
|
@@ -2,7 +2,7 @@ aliases: files nis {exclude if "with-custom-aliases"}
|
||||||
|
automount: files nis {exclude if "with-custom-automount"}
|
||||||
|
ethers: files nis {exclude if "with-custom-ethers"}
|
||||||
|
group: files nis systemd {exclude if "with-custom-group"}
|
||||||
|
-hosts: files nis dns myhostname {exclude if "with-custom-hosts"}
|
||||||
|
+hosts: resolve [!UNAVAIL=return] myhostname files dns {exclude if "with-custom-hosts"}
|
||||||
|
initgroups: files nis {exclude if "with-custom-initgroups"}
|
||||||
|
netgroup: files nis {exclude if "with-custom-netgroup"}
|
||||||
|
networks: files nis {exclude if "with-custom-networks"}
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
|
@ -0,0 +1,377 @@
|
||||||
|
# Do not terminate build if language files are empty.
|
||||||
|
%define _empty_manifest_terminate_build 0
|
||||||
|
|
||||||
|
Name: authselect
|
||||||
|
Version: 1.2.1
|
||||||
|
Release: 4%{?dist}
|
||||||
|
Summary: Configures authentication and identity sources from supported profiles
|
||||||
|
URL: https://github.com/authselect/authselect
|
||||||
|
|
||||||
|
License: GPLv3+
|
||||||
|
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
|
||||||
|
|
||||||
|
Patch0001: 0001-utils-correctly-remove-the-whole-line-if-str-does-no.patch
|
||||||
|
Patch0002: 0002-profiles-add-support-for-resolved.patch
|
||||||
|
|
||||||
|
%global makedir %{_builddir}/%{name}-%{version}
|
||||||
|
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: findutils
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: m4
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
BuildRequires: pkgconfig(popt)
|
||||||
|
BuildRequires: gettext-devel
|
||||||
|
BuildRequires: po4a
|
||||||
|
BuildRequires: %{_bindir}/a2x
|
||||||
|
BuildRequires: libcmocka-devel >= 1.0.0
|
||||||
|
BuildRequires: libselinux-devel
|
||||||
|
Requires: authselect-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Suggests: sssd
|
||||||
|
Suggests: samba-winbind
|
||||||
|
Suggests: fprintd-pam
|
||||||
|
Suggests: oddjob-mkhomedir
|
||||||
|
|
||||||
|
%description
|
||||||
|
Authselect is designed to be a replacement for authconfig but it takes
|
||||||
|
a different approach to configure the system. Instead of letting
|
||||||
|
the administrator build the PAM stack with a tool (which may potentially
|
||||||
|
end up with a broken configuration), it would ship several tested stacks
|
||||||
|
(profiles) that solve a use-case and are well tested and supported.
|
||||||
|
At the same time, some obsolete features of authconfig are not
|
||||||
|
supported by authselect.
|
||||||
|
|
||||||
|
%package libs
|
||||||
|
Summary: Utility library used by the authselect tool
|
||||||
|
# Required by scriptlets
|
||||||
|
Requires: coreutils
|
||||||
|
Requires: findutils
|
||||||
|
Requires: gawk
|
||||||
|
Requires: grep
|
||||||
|
Requires: sed
|
||||||
|
Requires: systemd
|
||||||
|
Requires: pam >= 1.3.1-23
|
||||||
|
|
||||||
|
%description libs
|
||||||
|
Common library files for authselect. This package is used by the authselect
|
||||||
|
command line tool and any other potential front-ends.
|
||||||
|
|
||||||
|
%package compat
|
||||||
|
Summary: Tool to provide minimum backwards compatibility with authconfig
|
||||||
|
Obsoletes: authconfig < 7.0.1-6
|
||||||
|
Provides: authconfig
|
||||||
|
BuildRequires: python3-devel
|
||||||
|
Requires: authselect%{?_isa} = %{version}-%{release}
|
||||||
|
Recommends: oddjob-mkhomedir
|
||||||
|
Suggests: sssd
|
||||||
|
Suggests: realmd
|
||||||
|
Suggests: samba-winbind
|
||||||
|
# Required by scriptlets
|
||||||
|
Requires: sed
|
||||||
|
|
||||||
|
%description compat
|
||||||
|
This package will replace %{_sbindir}/authconfig with a tool that will
|
||||||
|
translate some of the authconfig calls into authselect calls. It provides
|
||||||
|
only minimum backward compatibility and users are encouraged to migrate
|
||||||
|
to authselect completely.
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development libraries and headers for authselect
|
||||||
|
Requires: authselect-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
System header files and development libraries for authselect. Useful if
|
||||||
|
you develop a front-end for the authselect library.
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q
|
||||||
|
|
||||||
|
for p in %patches ; do
|
||||||
|
%__patch -p1 -i $p
|
||||||
|
done
|
||||||
|
|
||||||
|
%build
|
||||||
|
autoreconf -if
|
||||||
|
%configure --with-pythonbin="%{__python3}"
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
%check
|
||||||
|
%make_build check
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
|
||||||
|
# Find translations
|
||||||
|
%find_lang %{name}
|
||||||
|
%find_lang %{name} %{name}.8.lang --with-man
|
||||||
|
%find_lang %{name}-migration %{name}-migration.7.lang --with-man
|
||||||
|
%find_lang %{name}-profiles %{name}-profiles.5.lang --with-man
|
||||||
|
|
||||||
|
# We want this file to contain only manual page translations
|
||||||
|
%__sed -i '/LC_MESSAGES/d' %{name}.8.lang
|
||||||
|
|
||||||
|
# Remove .la and .a files created by libtool
|
||||||
|
find $RPM_BUILD_ROOT -name "*.la" -exec %__rm -f {} \;
|
||||||
|
find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
||||||
|
|
||||||
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
|
%files libs -f %{name}.lang -f %{name}-profiles.5.lang
|
||||||
|
%dir %{_sysconfdir}/authselect
|
||||||
|
%dir %{_sysconfdir}/authselect/custom
|
||||||
|
%dir %{_localstatedir}/lib/authselect
|
||||||
|
%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-db
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-locks
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/fingerprint-auth
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/nsswitch.conf
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/password-auth
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/postlogin
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/smartcard-auth
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/system-auth
|
||||||
|
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
|
||||||
|
%dir %{_datadir}/authselect
|
||||||
|
%dir %{_datadir}/authselect/vendor
|
||||||
|
%dir %{_datadir}/authselect/default
|
||||||
|
%dir %{_datadir}/authselect/default/minimal/
|
||||||
|
%dir %{_datadir}/authselect/default/nis/
|
||||||
|
%dir %{_datadir}/authselect/default/sssd/
|
||||||
|
%dir %{_datadir}/authselect/default/winbind/
|
||||||
|
%{_datadir}/authselect/default/minimal/nsswitch.conf
|
||||||
|
%{_datadir}/authselect/default/minimal/password-auth
|
||||||
|
%{_datadir}/authselect/default/minimal/postlogin
|
||||||
|
%{_datadir}/authselect/default/minimal/README
|
||||||
|
%{_datadir}/authselect/default/minimal/REQUIREMENTS
|
||||||
|
%{_datadir}/authselect/default/minimal/system-auth
|
||||||
|
%{_datadir}/authselect/default/nis/dconf-db
|
||||||
|
%{_datadir}/authselect/default/nis/dconf-locks
|
||||||
|
%{_datadir}/authselect/default/nis/fingerprint-auth
|
||||||
|
%{_datadir}/authselect/default/nis/nsswitch.conf
|
||||||
|
%{_datadir}/authselect/default/nis/password-auth
|
||||||
|
%{_datadir}/authselect/default/nis/postlogin
|
||||||
|
%{_datadir}/authselect/default/nis/README
|
||||||
|
%{_datadir}/authselect/default/nis/REQUIREMENTS
|
||||||
|
%{_datadir}/authselect/default/nis/system-auth
|
||||||
|
%{_datadir}/authselect/default/sssd/dconf-db
|
||||||
|
%{_datadir}/authselect/default/sssd/dconf-locks
|
||||||
|
%{_datadir}/authselect/default/sssd/fingerprint-auth
|
||||||
|
%{_datadir}/authselect/default/sssd/nsswitch.conf
|
||||||
|
%{_datadir}/authselect/default/sssd/password-auth
|
||||||
|
%{_datadir}/authselect/default/sssd/postlogin
|
||||||
|
%{_datadir}/authselect/default/sssd/README
|
||||||
|
%{_datadir}/authselect/default/sssd/REQUIREMENTS
|
||||||
|
%{_datadir}/authselect/default/sssd/smartcard-auth
|
||||||
|
%{_datadir}/authselect/default/sssd/system-auth
|
||||||
|
%{_datadir}/authselect/default/winbind/dconf-db
|
||||||
|
%{_datadir}/authselect/default/winbind/dconf-locks
|
||||||
|
%{_datadir}/authselect/default/winbind/fingerprint-auth
|
||||||
|
%{_datadir}/authselect/default/winbind/nsswitch.conf
|
||||||
|
%{_datadir}/authselect/default/winbind/password-auth
|
||||||
|
%{_datadir}/authselect/default/winbind/postlogin
|
||||||
|
%{_datadir}/authselect/default/winbind/README
|
||||||
|
%{_datadir}/authselect/default/winbind/REQUIREMENTS
|
||||||
|
%{_datadir}/authselect/default/winbind/system-auth
|
||||||
|
%{_libdir}/libauthselect.so.*
|
||||||
|
%{_mandir}/man5/authselect-profiles.5*
|
||||||
|
%{_datadir}/doc/authselect/COPYING
|
||||||
|
%{_datadir}/doc/authselect/README.md
|
||||||
|
%license COPYING
|
||||||
|
%doc README.md
|
||||||
|
|
||||||
|
%files compat
|
||||||
|
%{_sbindir}/authconfig
|
||||||
|
%{python3_sitelib}/authselect/
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%{_includedir}/authselect.h
|
||||||
|
%{_libdir}/libauthselect.so
|
||||||
|
%{_libdir}/pkgconfig/authselect.pc
|
||||||
|
|
||||||
|
%files -f %{name}.8.lang -f %{name}-migration.7.lang
|
||||||
|
%{_bindir}/authselect
|
||||||
|
%{_mandir}/man8/authselect.8*
|
||||||
|
%{_mandir}/man7/authselect-migration.7*
|
||||||
|
%{_sysconfdir}/bash_completion.d/authselect-completion.sh
|
||||||
|
|
||||||
|
%global validfile %{_localstatedir}/lib/rpm-state/%{name}.config-valid
|
||||||
|
|
||||||
|
%pre libs
|
||||||
|
%__rm -f %{validfile}
|
||||||
|
if [ $1 -gt 1 ] ; then
|
||||||
|
# Remember if the current configuration is valid
|
||||||
|
%{_bindir}/authselect check &> /dev/null
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
touch %{validfile}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%posttrans libs
|
||||||
|
# Copy nsswitch.conf to user-nsswitch.conf if it was not yet created
|
||||||
|
if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then
|
||||||
|
%__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
|
||||||
|
touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null
|
||||||
|
|
||||||
|
# If we are upgrading from older version, we want to remove these comments.
|
||||||
|
%__sed -i '/^# Generated by authselect on .*$/{$!{
|
||||||
|
N;N # Read also next two lines
|
||||||
|
/# Generated by authselect on .*\n# Do not modify this file manually.\n/d
|
||||||
|
}}' %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If the configuration is valid and we are upgrading from older version
|
||||||
|
# we need to create these files since they were added in 1.0.
|
||||||
|
if [ -f %{validfile} ]; then
|
||||||
|
FILES="nsswitch.conf system-auth password-auth fingerprint-auth \
|
||||||
|
smartcard-auth postlogin dconf-db dconf-locks"
|
||||||
|
|
||||||
|
for FILE in $FILES ; do
|
||||||
|
%__cp -n %{_sysconfdir}/authselect/$FILE \
|
||||||
|
%{_localstatedir}/lib/authselect/$FILE &> /dev/null
|
||||||
|
done
|
||||||
|
|
||||||
|
%__rm -f %{validfile}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Apply any changes to profiles (validates configuration first internally)
|
||||||
|
%{_bindir}/authselect apply-changes &> /dev/null
|
||||||
|
|
||||||
|
# Enable with-sudo feature if sssd-sudo responder is enabled. RHBZ#1582111
|
||||||
|
CURRENT=`%{_bindir}/authselect current --raw 2> /dev/null`
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
PROFILE=`echo $CURRENT | %__awk '{print $1;}'`
|
||||||
|
|
||||||
|
if [ $PROFILE == "sssd" ] ; then
|
||||||
|
if %__grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then
|
||||||
|
%{_bindir}/authselect enable-feature with-sudo &> /dev/null
|
||||||
|
elif systemctl is-active sssd-sudo.service sssd-sudo.socket --quiet || systemctl is-enabled sssd-sudo.socket --quiet ; then
|
||||||
|
%{_bindir}/authselect enable-feature with-sudo &> /dev/null
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%posttrans compat
|
||||||
|
# Fix for RHBZ#1618865
|
||||||
|
# Remove invalid lines from pwquality.conf generated by authconfig compat tool
|
||||||
|
# - previous version could write some options without value, which is invalid
|
||||||
|
# - we delete all options without value from existing file
|
||||||
|
%__sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwquality.conf &> /dev/null
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 22 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-3
|
||||||
|
- Add resolved by default to nis and minimal profiles
|
||||||
|
- Fix parsing of multiple conditionals on the same line
|
||||||
|
|
||||||
|
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.2.1-2
|
||||||
|
- Rebuilt for Python 3.9
|
||||||
|
|
||||||
|
* Mon May 11 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-1
|
||||||
|
- Rebase to 1.2.1
|
||||||
|
|
||||||
|
* Wed Mar 4 2020 Pavel Březina <pbrezina@redhat.com> - 1.2-1
|
||||||
|
- Rebase to 1.2
|
||||||
|
|
||||||
|
* Mon Feb 17 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-7
|
||||||
|
- fix restoring non-authselect configuration from backup
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-6
|
||||||
|
- cli: fix auto backup when --force is set
|
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-4
|
||||||
|
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||||
|
|
||||||
|
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-3
|
||||||
|
- Rebuilt for Python 3.8
|
||||||
|
|
||||||
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jun 13 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-1
|
||||||
|
- Rebase to 1.1
|
||||||
|
|
||||||
|
* Tue Feb 26 2019 Pavel Březina <pbrezina@redhat.com> - 1.0.3-1
|
||||||
|
- Rebase to 1.0.3
|
||||||
|
|
||||||
|
* Tue Feb 26 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0.2-4
|
||||||
|
- Use %ghost for files owned by authselect
|
||||||
|
|
||||||
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-2
|
||||||
|
- Resolves rhbz#1655025 (invalid backup).
|
||||||
|
|
||||||
|
* Fri Nov 23 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-1
|
||||||
|
- Rebase to 1.0.2
|
||||||
|
|
||||||
|
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-2
|
||||||
|
- Require systemd instead of systemctl
|
||||||
|
|
||||||
|
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-1
|
||||||
|
- Rebase to 1.0.1
|
||||||
|
|
||||||
|
* Fri Sep 14 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-3
|
||||||
|
- Scriptlets should no produce any error messages (RHBZ #1622272)
|
||||||
|
- Provide fix for pwquality configuration (RHBZ #1618865)
|
||||||
|
|
||||||
|
* Thu Aug 30 2018 Adam Williamson <awilliam@redhat.com> - 1.0-2
|
||||||
|
- Backport PR #78 to fix broken pwquality config (RHBZ #1618865)
|
||||||
|
|
||||||
|
* Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
|
||||||
|
- Rebase to 1.0
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.4-4
|
||||||
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
|
* Mon May 14 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-3
|
||||||
|
- Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403)
|
||||||
|
|
||||||
|
* Wed Apr 25 2018 Christian Heimes <cheimes@redhat.com> - 0.4-2
|
||||||
|
- Don't disable oddjobd.service (RHBZ #1571844)
|
||||||
|
|
||||||
|
* Mon Apr 9 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-1
|
||||||
|
- rebasing to 0.4
|
||||||
|
|
||||||
|
* Tue Mar 6 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.2-1
|
||||||
|
- rebasing to 0.3.2
|
||||||
|
- authselect-compat now only suggests packages, not recommends
|
||||||
|
|
||||||
|
* Mon Mar 5 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.1-1
|
||||||
|
- rebasing to 0.3.1
|
||||||
|
|
||||||
|
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-3
|
||||||
|
- Provide authconfig
|
||||||
|
|
||||||
|
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
|
||||||
|
- Properly own all appropriate directories
|
||||||
|
- Remove unneeded %%defattr
|
||||||
|
- Remove deprecated Group tag
|
||||||
|
- Make Obsoletes versioned
|
||||||
|
- Remove unneeded ldconfig scriptlets
|
||||||
|
|
||||||
|
* Tue Feb 20 2018 Pavel Březina <pbrezina@redhat.com> - 0.3-1
|
||||||
|
- rebasing to 0.3
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-2
|
||||||
|
- fix rpmlint errors
|
||||||
|
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-1
|
||||||
|
- rebasing to 0.2
|
||||||
|
* Mon Jul 31 2017 Jakub Hrozek <jakub.hrozek@posteo.se> - 0.1-1
|
||||||
|
- initial packaging
|
Loading…
Reference in New Issue