rpms/authselect
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to authselect-1.5.2

Browse Source 
Resolves: RHEL-133559 - package passwordless-gdm feature
This commit is contained in:
Pavel Březina 2026-01-21 15:50:27 +01:00
parent feadf355be
commit 3db6bfb990
19 changed files with 306 additions and 5912 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -21,3 +21,4 @@
/authselect-1.4.2.tar.gz
/authselect-1.4.3.tar.gz
/authselect-1.5.0.tar.gz
/authselect-1.5.2.tar.gz

101
0001-sssd-reintroduce-with-files-access-provider.patch
View File

@ -1,101 +0,0 @@
From adb36ae3633e2dfaa9c21bb45d05551f1ea3d749 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 21 Feb 2024 14:27:49 +0100
Subject: [PATCH 01/11] sssd: reintroduce with-files-access-provider
This is still needed to support .k5login file with proxy domain. For
example:
```
[domain/proxy]
id_provider = proxy
proxy_lib_name = files
access_provider = krb5
auth_provider = krb5
krb5_server = kdc.test
krb5_realm = TEST
```
---
profiles/sssd/README | 10 ++++++++++
profiles/sssd/fingerprint-auth | 2 +-
profiles/sssd/password-auth | 2 +-
profiles/sssd/smartcard-auth | 2 +-
profiles/sssd/system-auth | 2 +-
5 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/profiles/sssd/README b/profiles/sssd/README
index 770891a338754b53ee48ba34d9d80c2f2f31cdb6..f7aaba8ecca4bc18a0e57d2334c2030fd26fda0d 100644
--- a/profiles/sssd/README
+++ b/profiles/sssd/README
@@ -89,6 +89,16 @@ with-mdns4::
with-mdns6::
Enable multicast DNS over IPv6.
+with-files-access-provider:: If set, account management for local users is
+ handled also by pam_sss. This can be used to support SSSD's proxy domain
+ that is configured to serve users from local files but provide
+ authentication and access management (.k5login file) via Kerberos.
+
+ *WARNING:* SSSD access check will become mandatory for local users and
+ if SSSD is stopped then local users will not be able to log in. Only
+ system accounts (as defined by pam_usertype, including root) will be
+ able to log in.
+
with-gssapi::
If set, pam_sss_gss module is enabled to perform user authentication over
GSSAPI.
diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
index 94232086a60f56976bd5182f5d10da9c63ec22b6..20ad3613e66ec85c7d2462d0449854e522383b3a 100644
--- a/profiles/sssd/fingerprint-auth
+++ b/profiles/sssd/fingerprint-auth
@@ -11,7 +11,7 @@ auth required pam_deny.so
account required pam_access.so {include if "with-pamaccess"}
account required pam_faillock.so {include if "with-faillock"}
account required pam_unix.so
-account sufficient pam_localuser.so
+account sufficient pam_localuser.so {exclude if "with-files-access-provider"}
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
index 05487ca293138a1154cb6820dbc9a53770904670..97c33b678706e7eeb86bf45251baa41739f2940f 100644
--- a/profiles/sssd/password-auth
+++ b/profiles/sssd/password-auth
@@ -18,7 +18,7 @@ account required pam_access.so
account required pam_faillock.so {include if "with-faillock"}
account sufficient pam_systemd_home.so {include if "with-systemd-homed"}
account required pam_unix.so
-account sufficient pam_localuser.so
+account sufficient pam_localuser.so {exclude if "with-files-access-provider"}
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
index 540556ce89b727a226bec4d3322a1775ef350253..78cb329bf332f4d629740a0fff7d2dfe43f7d78d 100644
--- a/profiles/sssd/smartcard-auth
+++ b/profiles/sssd/smartcard-auth
@@ -11,7 +11,7 @@ auth required pam_deny.so
account required pam_access.so {include if "with-pamaccess"}
account required pam_faillock.so {include if "with-faillock"}
account required pam_unix.so
-account sufficient pam_localuser.so
+account sufficient pam_localuser.so {exclude if "with-files-access-provider"}
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
index 83f9214fdd0a97ec49a8df52a2e202e034cbc0c6..90c3504a414f0a151475cc207285b230fec381b1 100644
--- a/profiles/sssd/system-auth
+++ b/profiles/sssd/system-auth
@@ -25,7 +25,7 @@ account required pam_access.so
account required pam_faillock.so {include if "with-faillock"}
account sufficient pam_systemd_home.so {include if "with-systemd-homed"}
account required pam_unix.so
-account sufficient pam_localuser.so
+account sufficient pam_localuser.so {exclude if "with-files-access-provider"}
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
--
2.42.0

217
0002-spec-modify-specfile-for-Fedora-40-and-RHEL-10-as-mi.patch
View File

@ -1,217 +0,0 @@
From d498f7aa562cf41e0999f7733664c27fa62bcf7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 11:54:44 +0100
Subject: [PATCH 02/11] spec: modify specfile for Fedora 40 and RHEL 10 as
minimal version
- conditionals that are no longer used are removed
- upgrade path is removed
- this was already triggered in Fedora 38, so it is no longer useful
- RHEL is updated to authselect with leapp when going from 7 to 8
we don't want to touch existing configurations
---
rpm/authselect.spec.in | 102 ++---------------------------------------
1 file changed, 3 insertions(+), 99 deletions(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index 24ce4e603208ce26eb228bbee565c868428a2af1..e2c0482f1e7cfceac4aed3a3a4375bca031ac8c1 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -12,20 +12,6 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
%global makedir %{_builddir}/%{name}-%{version}
-%if 0%{?fedora} >= 35 || 0%{?rhel} >= 10
-%global with_compat 0
-%else
-%global with_compat 1
-%endif
-
-%if 0%{?fedora} >= 36 || 0%{?rhel} >= 10
-%global with_user_nsswitch 0
-%global enforce_authselect 1
-%else
-%global with_user_nsswitch 1
-%global enforce_authselect 0
-%endif
-
# Set the default profile
%{?fedora:%global default_profile local with-silent-lastlog}
%{?rhel:%global default_profile local}
@@ -43,21 +29,14 @@ BuildRequires: po4a
BuildRequires: %{_bindir}/a2x
BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: libselinux-devel
-%if %{with_compat}
-BuildRequires: python3-devel
-%endif
Requires: authselect-libs%{?_isa} = %{version}-%{release}
Suggests: sssd
Suggests: samba-winbind
Suggests: fprintd-pam
Suggests: oddjob-mkhomedir
-%if !%{with_compat}
# Properly obsolete removed authselect-compat package.
-Obsoletes: authselect-compat < 1.2.4
-# Inherited from former authselect-compat package.
-Obsoletes: authconfig < 7.0.1-6
-%endif
+Obsoletes: authselect-compat < 1.3
%description
Authselect is designed to be a replacement for authconfig but it takes
@@ -74,14 +53,6 @@ Summary: Utility library used by the authselect tool
Requires: coreutils
Requires: sed
Suggests: systemd
-%if %{enforce_authselect}
-# authselect now owns nsswitch.conf (glibc) and pam files
-Conflicts: pam < 1.5.2-8
-Conflicts: glibc < 2.34.9000-27
-# systemd, nss-mdns no longer contains nsswitch.conf scriptlets
-Conflicts: systemd < 249.7-4
-Conflicts: nss-mdns < 0.15.1-3
-%endif
%description libs
Common library files for authselect. This package is used by the authselect
@@ -95,25 +66,6 @@ Requires: authselect-libs%{?_isa} = %{version}-%{release}
System header files and development libraries for authselect. Useful if
you develop a front-end for the authselect library.
-%if %{with_compat}
-%package compat
-Summary: Tool to provide minimum backwards compatibility with authconfig
-Obsoletes: authconfig < 7.0.1-6
-Provides: authconfig
-Requires: authselect%{?_isa} = %{version}-%{release}
-Recommends: oddjob-mkhomedir
-Suggests: sssd
-Suggests: realmd
-Suggests: samba-winbind
-
-%description compat
-This package will replace %{_sbindir}/authconfig with a tool that will
-translate some of the authconfig calls into authselect calls. It provides
-only minimum backward compatibility and users are encouraged to migrate
-to authselect completely.
-%endif
-
-
%prep
%setup -q
@@ -123,16 +75,7 @@ done
%build
autoreconf -if
-%configure \
-%if %{with_compat}
- --with-pythonbin="%{__python3}" \
- --with-compat \
-%endif
-%if %{with_user_nsswitch}
- --with-user-nsswitch \
-%endif
- %{nil}
-
+%configure
%make_build
%check
@@ -168,20 +111,14 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/postlogin
%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/smartcard-auth
%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/system-auth
-%if %{enforce_authselect}
%ghost %attr(0644,root,root) %{_sysconfdir}/nsswitch.conf
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/fingerprint-auth
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/password-auth
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/postlogin
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/smartcard-auth
%ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/system-auth
-%endif
%dir %{_localstatedir}/lib/authselect
%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
-%if %{with_user_nsswitch}
-%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf
-%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
-%endif
%dir %{_datadir}/authselect
%dir %{_datadir}/authselect/vendor
%dir %{_datadir}/authselect/default
@@ -241,12 +178,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_libdir}/libauthselect.so
%{_libdir}/pkgconfig/authselect.pc
-%if %{with_compat}
-%files compat
-%{_sbindir}/authconfig
-%{python3_sitelib}/authselect/
-%endif
-
%files -f %{name}.8.lang -f %{name}-migration.7.lang
%{_bindir}/authselect
%{_mandir}/man8/authselect.8*
@@ -265,47 +196,21 @@ if [ $1 == 0 ] ; then
fi
%pre libs
-%if %{enforce_authselect}
# Check if this is a new installation.
%__rm -f %{forcefile}
if [ $1 -eq 1 ] ; then
touch %{forcefile}
fi
-
-# Check if we are upgrading from older version then authselect-1.3.0
-# The version command is not available on earlier versions
-if [ $1 -gt 1 ] ; then
- %{_bindir}/authselect check &> /dev/null
- if [ $? -ne 0 ]; then
- %{_bindir}/authselect version &> /dev/null
- if [ $? -ne 0 ]; then
- touch %{forcefile}
- fi
- fi
-fi
-%endif
-
exit 0
%posttrans libs
-# Copy nsswitch.conf to user-nsswitch.conf if it was not yet created
-%if %{with_user_nsswitch}
-if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then
- %__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
- touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null
-fi
-%endif
# Keep nss-altfiles for all rpm-ostree based systems.
# See https://github.com/authselect/authselect/issues/48
if test -e /run/ostree-booted; then
for PROFILE in `ls %{_datadir}/authselect/default`; do
%{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null
-%if %{with_user_nsswitch}
- %__sed -ie "s/^\(passwd\|group\):\(.*\)systemd\(.*\)/\1:\2systemd altfiles\3/g" %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null
-%else
%__sed -ie 's/{if "with-altfiles":altfiles }/altfiles /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null
-%endif
done
fi
@@ -314,8 +219,7 @@ if [ $? -eq 6 ]; then
NOBACKUP="--nobackup"
fi
-# If we are upgrading from pre authselect-1.3.0 or this is a new installation
-# select the default configuration.
+# If this is a new installation select the default configuration.
if [ -f %{forcefile} ]; then
%{_bindir}/authselect select %{default_profile} --force $NOBACKUP &> /dev/null
%__rm -f %{forcefile}
--
2.42.0

471
0003-po-update-translations.patch
View File

@ -1,471 +0,0 @@
From 4485f4686c285310b2a11ac545e88e3acef870ea Mon Sep 17 00:00:00 2001
From: Weblate <noreply@weblate.org>
Date: Tue, 20 Feb 2024 21:36:02 +0100
Subject: [PATCH 03/11] po: update translations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
(Finnish) currently translated at 100.0% (349 of 349 strings)
Translation: authselect/master
Translate-URL: https://translate.fedoraproject.org/projects/authselect/master-application/fi/
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
po: update translations
(Turkish) currently translated at 100.0% (349 of 349 strings)
Translation: authselect/master
Translate-URL: https://translate.fedoraproject.org/projects/authselect/master-application/tr/
Co-authored-by: Jan Kuparinen <copper_fin@hotmail.com>
Co-authored-by: Oğuz Ersen <oguz@ersen.moe>
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/authselect/master-authselect8adoc/
Translation: authselect/master-authselect.8.adoc
---
po/fi.po | 11 +++++------
po/tr.po | 12 ++++++------
src/man/po/authselect.8.adoc.ca.po | 2 +-
src/man/po/authselect.8.adoc.cs.po | 2 +-
src/man/po/authselect.8.adoc.de.po | 2 +-
src/man/po/authselect.8.adoc.es.po | 2 +-
src/man/po/authselect.8.adoc.fa.po | 2 +-
src/man/po/authselect.8.adoc.fi.po | 2 +-
src/man/po/authselect.8.adoc.fr.po | 2 +-
src/man/po/authselect.8.adoc.hu.po | 2 +-
src/man/po/authselect.8.adoc.it.po | 2 +-
src/man/po/authselect.8.adoc.ja.po | 2 +-
src/man/po/authselect.8.adoc.ko.po | 2 +-
src/man/po/authselect.8.adoc.nl.po | 2 +-
src/man/po/authselect.8.adoc.pl.po | 2 +-
src/man/po/authselect.8.adoc.pt.po | 2 +-
src/man/po/authselect.8.adoc.pt_BR.po | 2 +-
src/man/po/authselect.8.adoc.ru.po | 2 +-
src/man/po/authselect.8.adoc.si.po | 2 +-
src/man/po/authselect.8.adoc.sv.po | 2 +-
src/man/po/authselect.8.adoc.tr.po | 2 +-
src/man/po/authselect.8.adoc.uk.po | 2 +-
src/man/po/authselect.8.adoc.zh_CN.po | 16 +++++++---------
src/man/po/authselect.8.adoc.zh_TW.po | 2 +-
24 files changed, 39 insertions(+), 42 deletions(-)
diff --git a/po/fi.po b/po/fi.po
index 63f52ad6a8cd85d6f5c06b0a57d194ac94268206..12c84ea64ed09176d2e08e0d02aa47278540758f 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -1,14 +1,14 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR Red Hat, Inc.
# This file is distributed under the same license as the authselect package.
-# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022.
+# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2024.
# Ricky Tigg <ricky.tigg@gmail.com>, 2022.
msgid ""
msgstr ""
"Project-Id-Version: authselect 1.2.2\n"
"Report-Msgid-Bugs-To: https://github.com/authselect/authselect\n"
"POT-Creation-Date: 2023-09-27 13:03+0200\n"
-"PO-Revision-Date: 2022-05-23 17:18+0000\n"
+"PO-Revision-Date: 2024-02-20 20:36+0000\n"
"Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n"
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/"
"authselect/master-application/fi/>\n"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.12.2\n"
+"X-Generator: Weblate 5.4\n"
#: src/lib/authselect.c:47 src/lib/authselect.c:188
msgid "Unable to obtain supported features"
@@ -671,10 +671,9 @@ msgid "Unable to chown file [%s] [%d]: %s"
msgstr "Ei pysty ajamaan chmod tiedostolle [%s] [%d]: %s"
#: src/lib/util/selinux.c:46
-#, fuzzy, c-format
-#| msgid "Unable to create selabel context [%d]: %s"
+#, c-format
msgid "Unable to create selabel handle [%d]: %s"
-msgstr "Selabel-kontekstia [%d] ei voida luoda: %s"
+msgstr "Selabel-kahvaa [%d] ei voida luoda: %s"
#: src/lib/util/selinux.c:55
#, c-format
diff --git a/po/tr.po b/po/tr.po
index 546e09bcb7457a44b43965dc222328cbdfe6f94d..8799903c5c18c48972d6faf464f5ee256460729a 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -3,13 +3,14 @@
# This file is distributed under the same license as the authselect package.
# Oğuz Ersen <oguzersen@protonmail.com>, 2020, 2021.
# Anonymous <noreply@weblate.org>, 2020.
+# Oğuz Ersen <oguz@ersen.moe>, 2024.
msgid ""
msgstr ""
"Project-Id-Version: authselect 1.1\n"
"Report-Msgid-Bugs-To: https://github.com/authselect/authselect\n"
"POT-Creation-Date: 2023-09-27 13:03+0200\n"
-"PO-Revision-Date: 2021-12-10 17:16+0000\n"
-"Last-Translator: Oğuz Ersen <oguzersen@protonmail.com>\n"
+"PO-Revision-Date: 2024-01-29 17:36+0000\n"
+"Last-Translator: Oğuz Ersen <oguz@ersen.moe>\n"
"Language-Team: Turkish <https://translate.fedoraproject.org/projects/"
"authselect/master-application/tr/>\n"
"Language: tr\n"
@@ -17,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 4.9.1\n"
+"X-Generator: Weblate 5.3.1\n"
#: src/lib/authselect.c:47 src/lib/authselect.c:188
msgid "Unable to obtain supported features"
@@ -671,10 +672,9 @@ msgid "Unable to chown file [%s] [%d]: %s"
msgstr "[%s] dosyasının sahibi değiştirilemedi [%d]: %s"
#: src/lib/util/selinux.c:46
-#, fuzzy, c-format
-#| msgid "Unable to create selabel context [%d]: %s"
+#, c-format
msgid "Unable to create selabel handle [%d]: %s"
-msgstr "selabel bağlamı oluşturulamadı [%d]: %s"
+msgstr "selabel tanıtıcısı oluşturulamadı [%d]: %s"
#: src/lib/util/selinux.c:55
#, c-format
diff --git a/src/man/po/authselect.8.adoc.ca.po b/src/man/po/authselect.8.adoc.ca.po
index 8c04b973ccfb0136589965d79a4fc38f57c38523..01e54857766fcbf7f063792a9953cbd26a979a51 100644
--- a/src/man/po/authselect.8.adoc.ca.po
+++ b/src/man/po/authselect.8.adoc.ca.po
@@ -5,7 +5,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
diff --git a/src/man/po/authselect.8.adoc.cs.po b/src/man/po/authselect.8.adoc.cs.po
index 84d630218ec7ef3b880a0da7315b2abd30bd3e62..cc98ea8c50ad65a19862b8470938cafafecc3e70 100644
--- a/src/man/po/authselect.8.adoc.cs.po
+++ b/src/man/po/authselect.8.adoc.cs.po
@@ -3,7 +3,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-08-07 20:21+0000\n"
"Last-Translator: Jan Kalabza <jan.kalabza@gmail.com>\n"
"Language-Team: Czech <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.de.po b/src/man/po/authselect.8.adoc.de.po
index c336bc529496cf756c4bbf19740866ebaf42a338..e3182a8baf1652da247c2dc9f773a313f29f79a2 100644
--- a/src/man/po/authselect.8.adoc.de.po
+++ b/src/man/po/authselect.8.adoc.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-08-15 14:21+0000\n"
"Last-Translator: Jens Maucher <jensmaucher@gmail.com>\n"
"Language-Team: German <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.es.po b/src/man/po/authselect.8.adoc.es.po
index 3d4ad340075ba970b2b56768fffb49567d16dcfa..b578e40a436b8ea242c4aba0e5149c09336162e2 100644
--- a/src/man/po/authselect.8.adoc.es.po
+++ b/src/man/po/authselect.8.adoc.es.po
@@ -5,7 +5,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-11-26 20:01+0000\n"
"Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
"Language-Team: Spanish <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.fa.po b/src/man/po/authselect.8.adoc.fa.po
index ae77afb38249e573ebeedd97b6ebddfc8f681d59..e4b24f2f91ea06ed6e83a50c4e6e35678f65dd80 100644
--- a/src/man/po/authselect.8.adoc.fa.po
+++ b/src/man/po/authselect.8.adoc.fa.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-05-28 19:20+0000\n"
"Last-Translator: Taha Mokhtary <taha490mokh@outlook.com>\n"
"Language-Team: Persian <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.fi.po b/src/man/po/authselect.8.adoc.fi.po
index 8253cfd47b1b4ddb9d57283f887f1de6ad59b473..16aec3e6d69581b8875b5af4e426efc5cbc0ca5e 100644
--- a/src/man/po/authselect.8.adoc.fi.po
+++ b/src/man/po/authselect.8.adoc.fi.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-05-26 06:18+0000\n"
"Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n"
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.fr.po b/src/man/po/authselect.8.adoc.fr.po
index d8a23e660ec33a5d59b3647ae4795375451e70a9..ffb86dc6e1f79205213f4c576ddea94858f00088 100644
--- a/src/man/po/authselect.8.adoc.fr.po
+++ b/src/man/po/authselect.8.adoc.fr.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-03-24 15:20+0000\n"
"Last-Translator: grimst <grimaitres@gmail.com>\n"
"Language-Team: French <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.hu.po b/src/man/po/authselect.8.adoc.hu.po
index cc9533c0b0b31a691c636bee3305a0d6dcd05f7b..e9afadedb912b8e1838ab0552e1fce292e5a972f 100644
--- a/src/man/po/authselect.8.adoc.hu.po
+++ b/src/man/po/authselect.8.adoc.hu.po
@@ -4,7 +4,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-05-12 16:21+0000\n"
"Last-Translator: Dankaházi (ifj.) István <dankahazi.istvan@gmail.com>\n"
"Language-Team: Hungarian <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.it.po b/src/man/po/authselect.8.adoc.it.po
index ba4c7f28c8339e051f6ec1a671f5b36a241ed22c..f7be3a8f0316ad6ab3d85e0e844801e8709d4c23 100644
--- a/src/man/po/authselect.8.adoc.it.po
+++ b/src/man/po/authselect.8.adoc.it.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-06-09 21:18+0000\n"
"Last-Translator: Nathan <nathan95@live.it>\n"
"Language-Team: Italian <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.ja.po b/src/man/po/authselect.8.adoc.ja.po
index a51b5e224fabe4481cad474e75428d0ebf3e6b8e..ef82bf20e14d8f34f81709ab5b591a5608577dfe 100644
--- a/src/man/po/authselect.8.adoc.ja.po
+++ b/src/man/po/authselect.8.adoc.ja.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-01-21 09:16+0000\n"
"Last-Translator: simmon <simmon@nplob.com>\n"
"Language-Team: Japanese <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.ko.po b/src/man/po/authselect.8.adoc.ko.po
index 1c5e72b3d83c651e892f957829a8a95f4e8a3de5..27d7ea56ccb60b2623245bb002b2aca1fceafe9c 100644
--- a/src/man/po/authselect.8.adoc.ko.po
+++ b/src/man/po/authselect.8.adoc.ko.po
@@ -9,7 +9,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-12-03 10:19+0000\n"
"Last-Translator: 김인수 <simmon@nplob.com>\n"
"Language-Team: Korean <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.nl.po b/src/man/po/authselect.8.adoc.nl.po
index 63237e8274e347f97bccf9cb10fbf2b9ed6a4d65..b26ffb2185f994f4305b59d59567a787cd2e4bfd 100644
--- a/src/man/po/authselect.8.adoc.nl.po
+++ b/src/man/po/authselect.8.adoc.nl.po
@@ -5,7 +5,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-04-02 20:20+0000\n"
"Last-Translator: Maarten <maarten@posteo.de>\n"
"Language-Team: Dutch <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.pl.po b/src/man/po/authselect.8.adoc.pl.po
index b75ee13e702eef796f650c3a9da3b6c5b4e6fc0c..a7d6b42b39470b34672a543ae84f8cb0f0f0be05 100644
--- a/src/man/po/authselect.8.adoc.pl.po
+++ b/src/man/po/authselect.8.adoc.pl.po
@@ -9,7 +9,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-05-07 11:00+0000\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
"Language-Team: Polish <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.pt.po b/src/man/po/authselect.8.adoc.pt.po
index 6b70ebc6b96a6ff6a83c853090939a2c6fb9818c..d38eb472eaabaa1475aba0438e00b0a76eb6eb0c 100644
--- a/src/man/po/authselect.8.adoc.pt.po
+++ b/src/man/po/authselect.8.adoc.pt.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2020-05-27 14:40+0000\n"
"Last-Translator: Manuela Silva <mmsrs@sky.com>\n"
"Language-Team: Portuguese <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.pt_BR.po b/src/man/po/authselect.8.adoc.pt_BR.po
index b53c0991c3741bda2863f5741279da4f94ad9ac1..6793e2b4bb32ddc268a998de262c4e2ebbbbe60b 100644
--- a/src/man/po/authselect.8.adoc.pt_BR.po
+++ b/src/man/po/authselect.8.adoc.pt_BR.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2020-08-05 21:29+0000\n"
"Last-Translator: Fábio Rodrigues Ribeiro <farribeiro@gmail.com>\n"
"Language-Team: Portuguese (Brazil) <https://translate.fedoraproject.org/"
diff --git a/src/man/po/authselect.8.adoc.ru.po b/src/man/po/authselect.8.adoc.ru.po
index e3be9c2f74466768d302a7b572c611b66a8ce06c..e09ff934255b8159b96844698191edf49563c3b3 100644
--- a/src/man/po/authselect.8.adoc.ru.po
+++ b/src/man/po/authselect.8.adoc.ru.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-04-15 19:17+0000\n"
"Last-Translator: Igor Gorbounov <igor.gorbounov@gmail.com>\n"
"Language-Team: Russian <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.si.po b/src/man/po/authselect.8.adoc.si.po
index 680dbc849fffac6aa36f6cd73bfa7e937495c184..73ee855f62defbe3c1b9f7dcbf0d52e64a57f2e3 100644
--- a/src/man/po/authselect.8.adoc.si.po
+++ b/src/man/po/authselect.8.adoc.si.po
@@ -5,7 +5,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2021-08-18 19:04+0000\n"
"Last-Translator: Hela Basa <r45xveza@pm.me>\n"
"Language-Team: Sinhala <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.sv.po b/src/man/po/authselect.8.adoc.sv.po
index 09230620986f5e51d6fb3f448408cd358fa2f405..e02d689dfe45c91a5a9498b80628b179c2900141 100644
--- a/src/man/po/authselect.8.adoc.sv.po
+++ b/src/man/po/authselect.8.adoc.sv.po
@@ -5,7 +5,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-02-04 22:20+0000\n"
"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
"Language-Team: Swedish <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.tr.po b/src/man/po/authselect.8.adoc.tr.po
index 6e07d847ebe1215f2447409a4a278569ce937665..9ae399bdd4834ff268be140ced000e8940a9bd47 100644
--- a/src/man/po/authselect.8.adoc.tr.po
+++ b/src/man/po/authselect.8.adoc.tr.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-12-03 10:19+0000\n"
"Last-Translator: Oğuz Ersen <oguz@ersen.moe>\n"
"Language-Team: Turkish <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.uk.po b/src/man/po/authselect.8.adoc.uk.po
index 5f29b38d2c6134893285054e8ee53bf57c5afb4e..4ea4a570a0cc1aaa6c705fe29d39aaa2d58fab5f 100644
--- a/src/man/po/authselect.8.adoc.uk.po
+++ b/src/man/po/authselect.8.adoc.uk.po
@@ -5,7 +5,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2022-12-03 10:19+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
diff --git a/src/man/po/authselect.8.adoc.zh_CN.po b/src/man/po/authselect.8.adoc.zh_CN.po
index 914e9495d27dd96dc8642f2f8fd14cf423ec4b81..eda47df87c59010fe0cc3a970352257604e6b0a9 100644
--- a/src/man/po/authselect.8.adoc.zh_CN.po
+++ b/src/man/po/authselect.8.adoc.zh_CN.po
@@ -8,7 +8,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2023-12-04 03:43+0000\n"
"Last-Translator: Jingge Chen <mariocanfly@hotmail.com>\n"
"Language-Team: Chinese (Simplified) <https://translate.fedoraproject.org/"
@@ -141,9 +141,7 @@ msgstr ""
#: src/man/authselect.8.adoc:51
#, no-wrap
msgid "*select* profile_id [features] [-f, --force] [-q, --quiet] [-b] [--backup=NAME]"
-msgstr ""
-"*select* profile_id [features] [-f, --force] [-q, --quiet] [-b] "
-"[--backup=NAME]"
+msgstr "*select* profile_id [features] [-f, --force] [-q, --quiet] [-b] [--backup=NAME]"
#. type: Plain text
#: src/man/authselect.8.adoc:54
@@ -254,8 +252,8 @@ msgid ""
"otherwise an error is returned."
msgstr ""
"重新应用当前选定的配置文件。如果配置文件模板已更新,该命令可用于重新生成当前"
-"系统配置,以便在系统上应用这些更改。只有当现有配置是有效的 authselect "
-"配置时,此命令才会重新应用更改,否则将返回错误信息。"
+"系统配置,以便在系统上应用这些更改。只有当现有配置是有效的 authselect 配置"
+"时,此命令才会重新应用更改,否则将返回错误信息。"
#. type: Plain text
#: src/man/authselect.8.adoc:91
@@ -308,8 +306,7 @@ msgid ""
"_Note:_ This will only list the features without any description. Please, read the profile documentation with *show* to see what the features do."
msgstr ""
"列出给定配置文件中的所有可用功能。\n"
-"_注意_这仅会列出所有功能但不提供任何描述。请使用 *show* "
-"阅读配置文件,了解这些功能。"
+"_注意_这仅会列出所有功能但不提供任何描述。请使用 *show* 阅读配置文件,了解这些功能。"
#. type: Labeled list
#: src/man/authselect.8.adoc:105
@@ -345,7 +342,8 @@ msgid ""
"Print information about currently selected profiles. If *--raw* option is "
"specified, the command will print raw parameters as they were passed to "
"*select* command instead of formatted output."
-msgstr "打印当前所选配置文件的信息。如果指定了 *--raw* 选项,命令将打印传给 *select* "
+msgstr ""
+"打印当前所选配置文件的信息。如果指定了 *--raw* 选项,命令将打印传给 *select* "
"命令的原始参数,而不是格式化输出。"
#. type: Labeled list
diff --git a/src/man/po/authselect.8.adoc.zh_TW.po b/src/man/po/authselect.8.adoc.zh_TW.po
index eb80dce79f25d5aba2c9806c869fdaf959fd4c93..80c3eed4a6ef2259540ca32335c9e1f4f623a25a 100644
--- a/src/man/po/authselect.8.adoc.zh_TW.po
+++ b/src/man/po/authselect.8.adoc.zh_TW.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2023-09-27 13:03+0200\n"
+"POT-Creation-Date: 2024-01-18 16:34+0100\n"
"PO-Revision-Date: 2020-05-22 17:40+0000\n"
"Last-Translator: Yi-Jyun Pan <pan93412@gmail.com>\n"
"Language-Team: Chinese (Traditional) <https://translate.fedoraproject.org/"
--
2.42.0

177
0004-nis-install-nis-profile-conditionally.patch
View File

@ -1,177 +0,0 @@
From 9321126e20898b23c19e168177d8a383a750fefb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 12:51:37 +0100
Subject: [PATCH 04/11] nis: install nis profile conditionally
NIS profile is installed only if --with-nis-profile configure flag is
given.
---
profiles/Makefile.am | 2 ++
rpm/authselect.spec.in | 37 +++++++++++++++++++----------
scripts/manpages-build.sh.in | 1 +
src/conf_macros.m4 | 10 ++++++++
src/man/authselect-migration.7.adoc | 7 ++++++
5 files changed, 45 insertions(+), 12 deletions(-)
diff --git a/profiles/Makefile.am b/profiles/Makefile.am
index bc437c158f6922afdba4ab261c73f31c93846118..61728cab77022ddc0bb35a3649a38123dc4987cf 100644
--- a/profiles/Makefile.am
+++ b/profiles/Makefile.am
@@ -15,6 +15,7 @@ dist_profile_local_DATA = \
$(top_srcdir)/profiles/local/dconf-locks \
$(NULL)
+if WITH_NIS_PROFILE
profile_nisdir = $(authselect_profile_dir)/nis
dist_profile_nis_DATA = \
$(top_srcdir)/profiles/nis/nsswitch.conf \
@@ -28,6 +29,7 @@ dist_profile_nis_DATA = \
$(top_srcdir)/profiles/nis/dconf-db \
$(top_srcdir)/profiles/nis/dconf-locks \
$(NULL)
+endif
profile_sssddir = $(authselect_profile_dir)/sssd
dist_profile_sssd_DATA = \
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index e2c0482f1e7cfceac4aed3a3a4375bca031ac8c1..350ca953632f21be861c1ee75f25f71d107ca1ee 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -12,6 +12,13 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
%global makedir %{_builddir}/%{name}-%{version}
+# Disable NIS profile on RHEL
+%if 0%{?rhel}
+%global with_nis_profile 0
+%else
+%global with_nis_profile 1
+%endif
+
# Set the default profile
%{?fedora:%global default_profile local with-silent-lastlog}
%{?rhel:%global default_profile local}
@@ -75,7 +82,11 @@ done
%build
autoreconf -if
-%configure
+%configure \
+%if %{with_nis_profile}
+ --with-nis-profile \
+%endif
+ %{nil}
%make_build
%check
@@ -123,7 +134,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%dir %{_datadir}/authselect/vendor
%dir %{_datadir}/authselect/default
%dir %{_datadir}/authselect/default/local/
-%dir %{_datadir}/authselect/default/nis/
%dir %{_datadir}/authselect/default/sssd/
%dir %{_datadir}/authselect/default/winbind/
%{_datadir}/authselect/default/local/dconf-db
@@ -136,16 +146,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/local/REQUIREMENTS
%{_datadir}/authselect/default/local/smartcard-auth
%{_datadir}/authselect/default/local/system-auth
-%{_datadir}/authselect/default/nis/dconf-db
-%{_datadir}/authselect/default/nis/dconf-locks
-%{_datadir}/authselect/default/nis/fingerprint-auth
-%{_datadir}/authselect/default/nis/nsswitch.conf
-%{_datadir}/authselect/default/nis/password-auth
-%{_datadir}/authselect/default/nis/postlogin
-%{_datadir}/authselect/default/nis/README
-%{_datadir}/authselect/default/nis/REQUIREMENTS
-%{_datadir}/authselect/default/nis/smartcard-auth
-%{_datadir}/authselect/default/nis/system-auth
%{_datadir}/authselect/default/sssd/dconf-db
%{_datadir}/authselect/default/sssd/dconf-locks
%{_datadir}/authselect/default/sssd/fingerprint-auth
@@ -166,6 +166,19 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/winbind/REQUIREMENTS
%{_datadir}/authselect/default/winbind/smartcard-auth
%{_datadir}/authselect/default/winbind/system-auth
+%if %{with_nis_profile}
+%dir %{_datadir}/authselect/default/nis/
+%{_datadir}/authselect/default/nis/dconf-db
+%{_datadir}/authselect/default/nis/dconf-locks
+%{_datadir}/authselect/default/nis/fingerprint-auth
+%{_datadir}/authselect/default/nis/nsswitch.conf
+%{_datadir}/authselect/default/nis/password-auth
+%{_datadir}/authselect/default/nis/postlogin
+%{_datadir}/authselect/default/nis/README
+%{_datadir}/authselect/default/nis/REQUIREMENTS
+%{_datadir}/authselect/default/nis/smartcard-auth
+%{_datadir}/authselect/default/nis/system-auth
+%endif
%{_libdir}/libauthselect.so.*
%{_mandir}/man5/authselect-profiles.5*
%{_datadir}/doc/authselect/COPYING
diff --git a/scripts/manpages-build.sh.in b/scripts/manpages-build.sh.in
index 314bb2b2a0e4432632478230ab5ff5b3dce2943f..9e553f755a64717f854f3aba33c62140130ce18f 100755
--- a/scripts/manpages-build.sh.in
+++ b/scripts/manpages-build.sh.in
@@ -233,6 +233,7 @@ ATTR+=" -a AUTHSELECT_PROFILE_DIR=\"@AUTHSELECT_PROFILE_DIR@\""
ATTR+=" -a AUTHSELECT_VENDOR_DIR=\"@AUTHSELECT_VENDOR_DIR@\""
ATTR+=" -a AUTHSELECT_BACKUP_DIR=\"@AUTHSELECT_BACKUP_DIR@\""
ATTR+=" -a BUILD_USER_NSSWITCH=\"@BUILD_USER_NSSWITCH@\""
+ATTR+=" -a WITH_NIS_PROFILE=\"@WITH_NIS_PROFILE@\""
manpages-translate
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 17c1629723066b0c4e354051366ce209428af6c1..9a81a6e194d16ecc0408e8631530cf7048fd9241 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -99,3 +99,13 @@ if test x"$with_user_nsswitch" = xyes; then
AC_DEFINE(BUILD_USER_NSSWITCH, 1, [whether to build with user nsswitch support])
AC_SUBST(BUILD_USER_NSSWITCH, 1)
fi
+
+AC_ARG_WITH([nis-profile],
+ [AC_HELP_STRING([--with-nis-profile], [Install NIS profile [no]])],
+ [], with_nis_profile=no
+)
+AM_CONDITIONAL([WITH_NIS_PROFILE], [test x$with_nis_profile = xyes])
+AC_SUBST(WITH_NIS_PROFILE, 0)
+if test x"$with_nis_profile" = xyes; then
+ AC_SUBST(WITH_NIS_PROFILE, 1)
+fi
diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
index 3513a7e7cd3d7cc0045167e8224248c5be90ab2c..8cc58e60301925974fdb738c5b9a746749981df8 100644
--- a/src/man/authselect-migration.7.adoc
+++ b/src/man/authselect-migration.7.adoc
@@ -72,7 +72,12 @@ configuration file for required services.
|--enablesssd --enablesssdauth |sssd
|--enablekrb5 |sssd
|--enablewinbind --enablewinbindauth |winbind
+ifeval::[{WITH_NIS_PROFILE} == 1]
|--enablenis |nis
+endif::[]
+ifeval::[{WITH_NIS_PROFILE} != 1]
+|--enablenis |none
+endif::[]
|=========================================================
.Relation of authconfig options to authselect profile features
@@ -199,6 +204,7 @@ will perform an initial setup which involves creating a Kerberos keytab and
running `adcli` to join the domain. It also makes changes to `smb.conf`. You
can then tune it up by modifying {sysconfdir}/samba/smb.conf.
+ifeval::[{WITH_NIS_PROFILE} == 1]
NIS
~~~
There are several places that needs to be configured in order to make
@@ -227,6 +233,7 @@ $ domainname mydomain
$ setsebool -P allow_ypbind 1
----
+endif::[]
PASSWORD QUALITY
~~~~~~~~~~~~~~~~
Authselect enables `pam_pwquality` module to enforce password quality
--
2.42.0

349
0005-configure-drop-user-nsswitch.conf-support.patch
View File

@ -1,349 +0,0 @@
From 923fd37712eae8d99d514708e35894b6ea056628 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 13:24:25 +0100
Subject: [PATCH 05/11] configure: drop user-nsswitch.conf support
user-nsswitch.conf support is now completely dropped, it can no
longer be enabled via configure flag
---
scripts/manpages-build.sh.in | 1 -
src/cli/main.c | 9 --
src/conf_macros.m4 | 10 --
src/lib/files/nsswitch.c | 156 -----------------------------
src/lib/paths.h | 3 -
src/man/authselect-profiles.5.adoc | 7 --
src/man/authselect.8.adoc | 61 -----------
7 files changed, 247 deletions(-)
diff --git a/scripts/manpages-build.sh.in b/scripts/manpages-build.sh.in
index 9e553f755a64717f854f3aba33c62140130ce18f..f4ac71e3a22723a52101bb9cbbadd79740515070 100755
--- a/scripts/manpages-build.sh.in
+++ b/scripts/manpages-build.sh.in
@@ -232,7 +232,6 @@ ATTR+=" -a AUTHSELECT_PAM_DIR=\"@AUTHSELECT_PAM_DIR@\""
ATTR+=" -a AUTHSELECT_PROFILE_DIR=\"@AUTHSELECT_PROFILE_DIR@\""
ATTR+=" -a AUTHSELECT_VENDOR_DIR=\"@AUTHSELECT_VENDOR_DIR@\""
ATTR+=" -a AUTHSELECT_BACKUP_DIR=\"@AUTHSELECT_BACKUP_DIR@\""
-ATTR+=" -a BUILD_USER_NSSWITCH=\"@BUILD_USER_NSSWITCH@\""
ATTR+=" -a WITH_NIS_PROFILE=\"@WITH_NIS_PROFILE@\""
manpages-translate
diff --git a/src/cli/main.c b/src/cli/main.c
index 18486b50bc42f9937cc7294c3e5e2b32cafab5e0..fe06a5d8ababa58209690a97e84ae254b859cdc6 100644
--- a/src/cli/main.c
+++ b/src/cli/main.c
@@ -186,15 +186,6 @@ static errno_t activate(struct cli_cmdline *cmdline)
goto done;
}
-#ifdef BUILD_USER_NSSWITCH
- maps = authselect_profile_nsswitch_maps(profile, features);
- if (maps == NULL) {
- ERROR("Unable to obtain nsswitch maps!");
- ret = EFAULT;
- goto done;
- }
-#endif
-
if (backup || backup_name != NULL || (enforce && !nobackup)) {
ret = perform_backup(quiet, 1, backup_name);
if (ret != EOK) {
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 9a81a6e194d16ecc0408e8631530cf7048fd9241..ae8fa0274e038e98115d000717487dbdbc04df4c 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -90,16 +90,6 @@ if test x"$with_compat" = xyes; then
fi
AM_CONDITIONAL([BUILD_COMPAT], [test x$with_compat = xyes])
-AC_ARG_WITH([user-nsswitch],
- [AC_HELP_STRING([--with-user-nsswitch], [Build with user nsswitch support [no]])],
- [], with_user_nsswitch=no
-)
-AC_SUBST(BUILD_USER_NSSWITCH, 0)
-if test x"$with_user_nsswitch" = xyes; then
- AC_DEFINE(BUILD_USER_NSSWITCH, 1, [whether to build with user nsswitch support])
- AC_SUBST(BUILD_USER_NSSWITCH, 1)
-fi
-
AC_ARG_WITH([nis-profile],
[AC_HELP_STRING([--with-nis-profile], [Install NIS profile [no]])],
[], with_nis_profile=no
diff --git a/src/lib/files/nsswitch.c b/src/lib/files/nsswitch.c
index 9598ea5cc5d5e30678acd91354629a87fc727be9..0e35380a2603316483cd6bcfdc58742c25b6a2b1 100644
--- a/src/lib/files/nsswitch.c
+++ b/src/lib/files/nsswitch.c
@@ -87,160 +87,6 @@ done:
return ret;
}
-#ifdef BUILD_USER_NSSWITCH
-
-static errno_t
-authselect_nsswitch_delete_maps(char **maps,
- char *content)
-{
- char *match_string;
- const char *map_name;
- size_t map_len;
- size_t orig_len;
- regmatch_t m[RE_NSS_MATCHES];
- regex_t regex;
- errno_t ret;
- int reret;
- int i;
-
- if (string_is_empty(content)) {
- return EOK;
- }
-
- orig_len = strlen(content);
-
- reret = regcomp(&regex, RE_NSS, REG_EXTENDED | REG_NEWLINE);
- if (reret != REG_NOERROR) {
- ERROR("Unable to compile regular expression: regex error %d", reret);
- ret = EFAULT;
- goto done;
- }
-
- match_string = content;
- while ((reret = regexec(&regex, match_string, 2, m, 0)) == REG_NOERROR) {
- map_name = match_string + m[1].rm_so;
- map_len = m[1].rm_eo - m[1].rm_so;
- for (i = 0; maps[i] != NULL; i++) {
- if (strncmp(map_name, maps[i], map_len) == 0) {
- string_remove_line(content, match_string, m[1].rm_so);
- break;
- }
- }
-
- /* Since the whole line could have been removed, we have to find first
- * non-zero position. */
- match_string += m[0].rm_eo;
- while (*match_string == '\0' && match_string - content < orig_len) {
- match_string++;
- }
- }
-
- if (reret != REG_NOMATCH) {
- ERROR("Unable to search string: regex error %d", reret);
- ret = EFAULT;
- goto done;
- }
-
- string_replace_shake(content, orig_len);
-
- ret = EOK;
-
-done:
- regfree(&regex);
-
- return ret;
-}
-
-errno_t
-authselect_nsswitch_generate(const char *template,
- const char **features,
- char **_content)
-{
- static const char *preambule = \
- "# If you want to make changes to nsswitch.conf please modify\n"
- "# " PATH_USER_NSSWITCH " and run 'authselect apply-changes'.\n"
- "#\n"
- "# Note that your changes may not be applied as they may be\n"
- "# overwritten by selected profile. Maps set in the authselect\n"
- "# profile takes always precedence and overwrites the same maps\n"
- "# set in the user file. Only maps that are not set by the profile\n"
- "# are applied from the user file.\n"
- "#\n"
- "# For example, if the profile sets:\n"
- "# passwd: sss files\n"
- "# and " PATH_USER_NSSWITCH " contains:\n"
- "# passwd: files\n"
- "# hosts: files dns\n"
- "# the resulting generated nsswitch.conf will be:\n"
- "# passwd: sss files # from profile\n"
- "# hosts: files dns # from user file\n\n";
- char *user_content = NULL;
- char *generated = NULL;
- char *content = NULL;
- char **maps = NULL;
- errno_t ret;
-
- generated = template_generate(template, features);
- if (generated == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = textfile_read(PATH_USER_NSSWITCH, AUTHSELECT_FILE_SIZE_LIMIT,
- &user_content);
- switch (ret) {
- case EOK:
- ret = authselect_nsswitch_find_maps(generated, &maps);
- if (ret != EOK) {
- goto done;
- }
-
- ret = authselect_nsswitch_delete_maps(maps, user_content);
- if (ret != EOK) {
- goto done;
- }
-
- if (string_is_empty(user_content)) {
- content = format("%s%s", preambule, generated);
- break;
- }
-
- content = format("%s%s\n# Included from %s\n\n%s",
- preambule, generated, PATH_USER_NSSWITCH,
- user_content);
- break;
- case ENOENT:
- content = format("%s%s", preambule, generated);
- break;
- default:
- ERROR("Unable to read [%s] [%d]: %s", PATH_USER_NSSWITCH,
- ret, strerror(ret));
- goto done;
- }
-
- if (content == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- *_content = content;
-
- ret = EOK;
-
-done:
- if (ret != EOK) {
- ERROR("Unable to generate nsswitch.conf [%d]: %s", ret, strerror(ret));
- }
-
- free(user_content);
- free(generated);
- string_array_free(maps);
-
- return ret;
-}
-
-#else /* BUILD_USER_NSSWITCH */
-
errno_t
authselect_nsswitch_generate(const char *template,
const char **features,
@@ -257,5 +103,3 @@ authselect_nsswitch_generate(const char *template,
return EOK;
}
-
-#endif /* BUILD_USER_NSSWITCH */
diff --git a/src/lib/paths.h b/src/lib/paths.h
index ca30b784f8bc63150f46ef08a26ec2bc5bcb3d67..41e4534b2efd421be8b9fea3b1fa9ebc3a699749 100644
--- a/src/lib/paths.h
+++ b/src/lib/paths.h
@@ -53,9 +53,6 @@
#define PATH_DCONF_DB AUTHSELECT_CONFIG_DIR "/" FILE_DCONF_DB
#define PATH_DCONF_LOCK AUTHSELECT_CONFIG_DIR "/" FILE_DCONF_LOCK
-/* Path to files that can be modified by user. */
-#define PATH_USER_NSSWITCH AUTHSELECT_CONFIG_DIR "/user-nsswitch.conf"
-
/* Names of symbolic links that points to generated files. */
#define PATH_SYMLINK_SYSTEM AUTHSELECT_PAM_DIR "/" FILE_SYSTEM
#define PATH_SYMLINK_PASSWORD AUTHSELECT_PAM_DIR "/" FILE_PASSWORD
diff --git a/src/man/authselect-profiles.5.adoc b/src/man/authselect-profiles.5.adoc
index 76a48fa25a13a7052eeac662d7f5f1b11f1f9493..648b7980cfaabeb02913650a35dfffa8e17b0aaa 100644
--- a/src/man/authselect-profiles.5.adoc
+++ b/src/man/authselect-profiles.5.adoc
@@ -53,14 +53,7 @@ done to the system.
the modules in the system-auth configuration file._
*nsswitch.conf*::
-ifeval::[{BUILD_USER_NSSWITCH} == 0]
Name Service Switch configuration file.
-endif::[]
-ifeval::[{BUILD_USER_NSSWITCH} == 1]
- Name Service Switch configuration file. Only maps relevant to the profile
- must be set. Maps that are not specified by the profile are included from
- {AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf.
-endif::[]
*dconf-db*::
Changes to dconf database. The main uses case of this file is to set
diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc
index 39758a6ca71e962ae942ce3608ac3bd0ffd3fabf..5d695cced0fbdc2cda78d61eb3f7b8d929cae692 100644
--- a/src/man/authselect.8.adoc
+++ b/src/man/authselect.8.adoc
@@ -261,67 +261,6 @@ These options are available with all commands.
the program execution but may indicate some undesired situations
(e.g. unexpected file in a profile directory).
-ifeval::[{BUILD_USER_NSSWITCH} == 1]
-NSSWITCH.CONF MANAGEMENT
-------------------------
-Authselect generates {AUTHSELECT_NSSWITCH_CONF} and does not allow any user
-changes to this file. Such changes are detected and authselect will refuse to
-write any system configuration unless a *--force* option is provided to
-the *select* command. This mechanism prevents authselect from overwriting
-anything that does not match any available profile.
-
-Any user changes to nsswitch maps must be done in file
-{AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf. When authselect generates
-new _nsswitch.conf_ it reads this file and combines it with configuration
-from selected profile. The profile configuration takes always precedence.
-In other words, profiles do not have to set all nsswitch maps but can set only
-those that are relevant to the profile. If a map is set within a profile,
-it always overwrites the same map from _user-nsswitch.conf_.
-
-.Example 1
-[subs="attributes"]
-----
-# "sssd" profile
-$ cat {AUTHSELECT_PROFILE_DIR}/sssd/nsswitch.conf
-passwd: sss files systemd
-group: sss files systemd
-netgroup: sss files
-automount: sss files
-services: sss files
-sudoers: files sss {include if "with-sudo"}
-
-$ cat {AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf
-passwd: files sss
-group: files sss
-hosts: files dns myhostname
-sudoers: files
-
-$ authselect select sssd
-
-# passwd and group maps from user-nsswitch.conf are ignored
-$ cat {AUTHSELECT_NSSWITCH_CONF}
-passwd: sss files systemd
-group: sss files systemd
-netgroup: sss files
-automount: sss files
-services: sss files
-hosts: files dns myhostname
-sudoers: files
-
-$ authselect select sssd with-sudo
-
-# passwd, group and sudoers maps from user-nsswitch.conf are ignored
-$ cat {AUTHSELECT_NSSWITCH_CONF}
-passwd: sss files systemd
-group: sss files systemd
-netgroup: sss files
-automount: sss files
-services: sss files
-sudoers: files sss
-hosts: files dns myhostname
-----
-endif::[]
-
TROUBLESHOOTING
---------------
--
2.42.0

1510
0006-configure-drop-authconfig-compat-tool.patch
View File

File diff suppressed because it is too large Load Diff

46
0007-ci-remove-python-checks.patch
View File

@ -1,46 +0,0 @@
From 23936036c5b6cd51843a7f964998f5345877fa8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 13:34:31 +0100
Subject: [PATCH 07/11] ci: remove python checks
With the compat tool gone, there is no other python script.
---
.github/workflows/analyze.yml | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
diff --git a/.github/workflows/analyze.yml b/.github/workflows/analyze.yml
index 37682f068b586dc0e7ba34f1098f4009b88e7254..16b48b031519b81221de9248d65f076b2616b2f7 100644
--- a/.github/workflows/analyze.yml
+++ b/.github/workflows/analyze.yml
@@ -25,7 +25,7 @@ jobs:
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
- languages: cpp, python
+ languages: cpp
queries: +security-and-quality
- name: Autobuild
@@ -33,19 +33,3 @@ jobs:
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
-
- flake8:
- runs-on: ubuntu-latest
- permissions:
- contents: read
- steps:
- - name: Checkout repository
- uses: actions/checkout@v2
-
- - name: Install flake8
- run: |
- sudo apt update
- sudo apt install -y flake8
-
- - name: Execute flake8 on the repository
- run: flake8 --ignore=W503,E501 src/compat/authcompat.py.in.in .
--
2.42.0

2561
0008-pot-update-pot-files.patch
View File

File diff suppressed because it is too large Load Diff

78
0009-profiles-merge-groups-records-with-SUCCESS-merge.patch
View File

@ -1,78 +0,0 @@
From 8d8adbd35c741d9038588386414ccbddb99bd31d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Dec 2023 14:16:11 +0100
Subject: [PATCH 09/11] profiles: merge groups records with [SUCCESS=merge]
Services such as systemd-homed would like to advertise users which are
part of system groups, such as "wheel". That only works if glibc's
[SUCCESS=merge] feature is used in nsswitch.conf, so that group records
from multiple sources are merged.
This is documented here:
https://www.freedesktop.org/software/systemd/man/latest/nss-systemd.html#Configuration%20in%20/etc/nsswitch.conf
This hence adds [SUCCESS=merge] expressions to all NSS modules listed in
the "groups" lines.
---
profiles/local/nsswitch.conf | 2 +-
profiles/nis/nsswitch.conf | 2 +-
profiles/sssd/nsswitch.conf | 2 +-
profiles/winbind/nsswitch.conf | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf
index c63692fc00c0815c5ba303ec5b48b6c9d7577df2..8582a955c8d03ea1d122a34cd273326d985bdcfb 100644
--- a/profiles/local/nsswitch.conf
+++ b/profiles/local/nsswitch.conf
@@ -1,7 +1,7 @@
# In order of likelihood of use to accelerate lookup.
passwd: files {if "with-altfiles":altfiles }systemd
shadow: files
-group: files {if "with-altfiles":altfiles }systemd
+group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd
hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
services: files
netgroup: files
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
index 685f92c326bc7767ee167a77b7ba782672bf801f..c033812facee9159c76e2d514ac652e4de2e0b6b 100644
--- a/profiles/nis/nsswitch.conf
+++ b/profiles/nis/nsswitch.conf
@@ -1,7 +1,7 @@
# In order of likelihood of use to accelerate lookup.
passwd: files {if "with-altfiles":altfiles }nis systemd
shadow: files nis
-group: files {if "with-altfiles":altfiles }nis systemd
+group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd
hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns
services: files nis
netgroup: files nis
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
index 58844a62c8f52f8f25477a811b02a5e401120f30..9f194bc82cee52d4e12779def95afa2f794f66bf 100644
--- a/profiles/sssd/nsswitch.conf
+++ b/profiles/sssd/nsswitch.conf
@@ -1,7 +1,7 @@
# In order of likelihood of use to accelerate lookup.
passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd
shadow: files
-group: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd
+group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd
hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
services: files sss
netgroup: files sss
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
index f0a97e42e084f94fddd329d4cb93d5b5d1da3360..1591ccb3ffa8bd10b8ff06a0620328e275d09241 100644
--- a/profiles/winbind/nsswitch.conf
+++ b/profiles/winbind/nsswitch.conf
@@ -1,7 +1,7 @@
# In order of likelihood of use to accelerate lookup.
passwd: files {if "with-altfiles":altfiles }winbind systemd
shadow: files
-group: files {if "with-altfiles":altfiles }winbind systemd
+group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd
hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
services: files
netgroup: files
--
2.42.0

26
0010-spec-use-altfiles-with-success-merge-on-ostree-syste.patch
View File

@ -1,26 +0,0 @@
From 565d8a76f1d6ec6c23cd38f7aa4812426e8cb460 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 14:18:00 +0100
Subject: [PATCH 10/11] spec: use altfiles with success=merge on ostree systems
as well
---
rpm/authselect.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index 350ca953632f21be861c1ee75f25f71d107ca1ee..39c4ca66058e0749e6d3aea6e7ff76a7a06c4ecc 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -223,7 +223,7 @@ exit 0
if test -e /run/ostree-booted; then
for PROFILE in `ls %{_datadir}/authselect/default`; do
%{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null
- %__sed -ie 's/{if "with-altfiles":altfiles }/altfiles /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null
+ %__sed -ie 's/{if "with-altfiles":altfiles \[SUCCESS=merge\] }/altfiles [SUCCESS=merge] /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null
done
fi
--
2.42.0

72
0011-profiles-put-myhostname-before-dns.patch
View File

@ -1,72 +0,0 @@
From 7b7889507928610b37b73641d28d5bbe3f763a4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 17:22:45 +0100
Subject: [PATCH 11/11] profiles: put myhostname before dns
To allow `hostname --fqdn` to work correctly. Putting myhostname early
prevents lookup of canonical hostname if only shortname is provided.
myhostname has been moved back and forth several times, it looks
like this place is now functional and works as expected.
---
profiles/local/nsswitch.conf | 2 +-
profiles/nis/nsswitch.conf | 2 +-
profiles/sssd/nsswitch.conf | 2 +-
profiles/winbind/nsswitch.conf | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf
index 8582a955c8d03ea1d122a34cd273326d985bdcfb..538926e4d5cc8c190a7b2d10fd3756ad3269a720 100644
--- a/profiles/local/nsswitch.conf
+++ b/profiles/local/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }systemd
shadow: files
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns
services: files
netgroup: files
automount: files
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
index c033812facee9159c76e2d514ac652e4de2e0b6b..488476e91879b549fe605008d500b1810360f3be 100644
--- a/profiles/nis/nsswitch.conf
+++ b/profiles/nis/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }nis systemd
shadow: files nis
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis myhostname dns
services: files nis
netgroup: files nis
automount: files nis
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
index 9f194bc82cee52d4e12779def95afa2f794f66bf..b98094d9e0eaeb1559347b81a9505822ff713034 100644
--- a/profiles/sssd/nsswitch.conf
+++ b/profiles/sssd/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd
shadow: files
group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns
services: files sss
netgroup: files sss
sudoers: files sss {include if "with-sudo"}
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
index 1591ccb3ffa8bd10b8ff06a0620328e275d09241..cc966b34464bb28776b903d61fff1f6a94a1eb6f 100644
--- a/profiles/winbind/nsswitch.conf
+++ b/profiles/winbind/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }winbind systemd
shadow: files
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns
services: files
netgroup: files
automount: files
--
2.42.0

29
0901-rhel10-remove-systemd-homed.patch
View File

@ -1,7 +1,7 @@
From 054c83d1a40d5e0f98230d0f6ac34bd7ecdf383e Mon Sep 17 00:00:00 2001
From 89bcfe5ed055ac1e80d9c782b178b7a4577e62ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 15:49:09 +0100
Subject: [PATCH 1/3] rhel10: remove systemd-homed
Subject: [PATCH 1/4] rhel10: remove systemd-homed
systemd-homed is not present in rhel.
---
@ -23,10 +23,10 @@ systemd-homed is not present in rhel.
15 files changed, 53 deletions(-)
diff --git a/profiles/local/README b/profiles/local/README
index 03f602441fe95ee280b575508f20d1f1de949b25..eedb298090b5b7c068ee1dfec0ee36c8b3086af4 100644
index 5108590d509e9694f28358d5c4c2e60a2be99183..ad762bc2d4a55ba44fe53dba035d5c220a8b877f 100644
--- a/profiles/local/README
+++ b/profiles/local/README
@@ -54,9 +54,6 @@ with-mdns4::
@@ -57,9 +57,6 @@ with-mdns4::
with-mdns6::
Enable multicast DNS over IPv6.
@ -97,10 +97,10 @@ index 7f3c56adb2329dd4a08b1cb08b63e8d0d9b13c86..290cd24eb9c50f196d6fc68a3688f097
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/nis/README b/profiles/nis/README
index e3a1a0b986689bfd43d9531464bcd8fa7a0f5237..745138bbdb1e045db41990dcb8864477d3408e36 100644
index 2f91de7c397b67a28fd22df2ba9f08cebb861007..566509f541449cbc9eda9b9f46edd14d3773bb6c 100644
--- a/profiles/nis/README
+++ b/profiles/nis/README
@@ -65,9 +65,6 @@ with-mdns4::
@@ -68,9 +68,6 @@ with-mdns4::
with-mdns6::
Enable multicast DNS over IPv6.
@ -182,10 +182,10 @@ index 0bd022ee2286f37a5becb0daba2a5813693300a9..40a1bf74aaf3d721c4d720938e57766b
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/README b/profiles/sssd/README
index f7aaba8ecca4bc18a0e57d2334c2030fd26fda0d..a497da5dcffd0a03a122677c49ee2f8021927b04 100644
index 33aa59c0d0b367f596c162ff017dd1b314be3c06..77d94f1890556dc17e0d7dc56f45da41dcf7ef22 100644
--- a/profiles/sssd/README
+++ b/profiles/sssd/README
@@ -106,9 +106,6 @@ with-gssapi::
@@ -109,9 +109,6 @@ with-gssapi::
with-subid::
Enable SSSD as a source of subid database in /etc/nsswitch.conf.
@ -196,16 +196,19 @@ index f7aaba8ecca4bc18a0e57d2334c2030fd26fda0d..a497da5dcffd0a03a122677c49ee2f80
Do not add nullok parameter to pam_unix.
diff --git a/profiles/sssd/REQUIREMENTS b/profiles/sssd/REQUIREMENTS
index 6aaf7c771f7c1bcbf2aee7152422acc9d53c71f5..b36f6069a54a5f711a10aa0700f33e1a8e37794e 100644
index 8137f4b2f9aca5654c15802e21390e6b0fa315cb..ef853121810621aae6c45cd63ae619a8473dd91e 100644
--- a/profiles/sssd/REQUIREMENTS
+++ b/profiles/sssd/REQUIREMENTS
@@ -25,6 +25,3 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo
@@ -25,9 +25,6 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo
- with-tlog is selected, make sure that session recording is enabled in SSSD {include if "with-tlog"}
{include if "with-libvirt"}
- with-libvirt is selected, make sure that the libvirt NSS plugins are installed {include if "with-libvirt"}
- {include if "with-systemd-homed"}
-- with-systemd-homed is selected, make sure that the system-homed service is enabled {include if "with-systemd-homed"}
- - systemctl enable --now systemd-homed.service {include if "with-systemd-homed"}
{include if "with-switchable-auth"}
- with-switchable-auth is selected, make sure to enable it in sssd.conf {include if "with-switchable-auth"}
- set "pam_json_services = list-of-services" in [pam] section {include if "with-switchable-auth"}
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
index 97c33b678706e7eeb86bf45251baa41739f2940f..f468507b938ea2a7ac305a65f5fdea14a1ae10f1 100644
--- a/profiles/sssd/password-auth
@ -277,10 +280,10 @@ index 90c3504a414f0a151475cc207285b230fec381b1..870e4d7024066e3e40786bde6c3c39c7
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/README b/profiles/winbind/README
index f65870d1d03da6465ad446dac87ed141d7115d8b..8844e1da2003a0266dfe8937774d6d6f7dad0210 100644
index 24e6fc891ab14ac6f7aab7e86a388ae81f615b7f..11f305d5a2f18e82fd8393191e496d25c8a1f7fc 100644
--- a/profiles/winbind/README
+++ b/profiles/winbind/README
@@ -75,9 +75,6 @@ with-mdns4::
@@ -78,9 +78,6 @@ with-mdns4::
with-mdns6::
Enable multicast DNS over IPv6.
@ -372,5 +375,5 @@ index 2326c859284c5823c5a6d34390d794dbf33110d2..612143d10fe502d7f6ed636b4fba6cc6
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
--
2.42.0
2.52.0

18
0902-rhel10-remove-ecryptfs-support.patch
View File

@ -1,7 +1,7 @@
From 3167eaadde7a3f997925172b8d77cb380bf0d9d8 Mon Sep 17 00:00:00 2001
From cc9a698d03a581b9e73e532a1020a9533e084329 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Mon, 10 Jun 2019 10:53:15 +0200
Subject: [PATCH 2/3] rhel10: remove ecryptfs support
Subject: [PATCH 2/4] rhel10: remove ecryptfs support
ecryptfs-utils is not present in rhel.
---
@ -25,7 +25,7 @@ ecryptfs-utils is not present in rhel.
17 files changed, 2 insertions(+), 34 deletions(-)
diff --git a/profiles/nis/README b/profiles/nis/README
index 745138bbdb1e045db41990dcb8864477d3408e36..3e2f8b01fa37f8c7060a9c263f66c3df9782061d 100644
index 566509f541449cbc9eda9b9f46edd14d3773bb6c..660ebd1e79a7e28da64e8552ac1218b1229d48f5 100644
--- a/profiles/nis/README
+++ b/profiles/nis/README
@@ -21,9 +21,6 @@ with-mkhomedir::
@ -63,7 +63,7 @@ index 927fbcbda8fa4e910e29c88a3806fb5265bbc7bc..56a51d9eebb2987da340805ddb4e4a67
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
index 2f89ee94cade90686ac4e0e326efe84d7d8211aa..4e1bdf83c4d6973eb5838a9d94b36c9fe40347f4 100644
--- a/profiles/nis/postlogin
+++ b/profiles/nis/postlogin
@@ -1,7 +1,3 @@
@ -87,7 +87,7 @@ index 40a1bf74aaf3d721c4d720938e57766bfe651e47..74cf6ece9ce0b1b64b122fd2309ebf5d
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/README b/profiles/sssd/README
index a497da5dcffd0a03a122677c49ee2f8021927b04..2038a32b682f36d9eef51fda138730abc9666279 100644
index 77d94f1890556dc17e0d7dc56f45da41dcf7ef22..ba9b44071a0ca906ad00c09f6fd767ea686efcb5 100644
--- a/profiles/sssd/README
+++ b/profiles/sssd/README
@@ -35,9 +35,6 @@ with-mkhomedir::
@ -125,7 +125,7 @@ index f468507b938ea2a7ac305a65f5fdea14a1ae10f1..c15121ad00ff00dfcd1743341594c853
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
index 2f89ee94cade90686ac4e0e326efe84d7d8211aa..4e1bdf83c4d6973eb5838a9d94b36c9fe40347f4 100644
--- a/profiles/sssd/postlogin
+++ b/profiles/sssd/postlogin
@@ -1,7 +1,3 @@
@ -161,7 +161,7 @@ index 870e4d7024066e3e40786bde6c3c39c7ba8d62c0..4ea19acebe2208f9e21676bf0ae0a92e
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/README b/profiles/winbind/README
index 8844e1da2003a0266dfe8937774d6d6f7dad0210..7397bb9a6c8086b9720cc355d98de70b8107e79b 100644
index 11f305d5a2f18e82fd8393191e496d25c8a1f7fc..f246fb43bb68f427fa0782d9662af02bcb4bf0ef 100644
--- a/profiles/winbind/README
+++ b/profiles/winbind/README
@@ -33,9 +33,6 @@ with-mkhomedir::
@ -199,7 +199,7 @@ index 8d1682b9301c2b9c92292a41120f69611f148108..8b260fa06f5ed8494d1f6fac74517d3a
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
index 2f89ee94cade90686ac4e0e326efe84d7d8211aa..4e1bdf83c4d6973eb5838a9d94b36c9fe40347f4 100644
--- a/profiles/winbind/postlogin
+++ b/profiles/winbind/postlogin
@@ -1,7 +1,3 @@
@ -246,5 +246,5 @@ index 8cc58e60301925974fdb738c5b9a746749981df8..9056913dee9eef1590c8590d3cc0b510
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
realm join -U Administrator --client-software=winbind WINBINDDOMAIN
--
2.42.0
2.52.0

38
0903-rhel10-remove-systemd-resolved.patch
View File

@ -1,7 +1,7 @@
From b259ca399de497e0fc5e0763257e89bcc2e5a902 Mon Sep 17 00:00:00 2001
From 7b93a32e84845c545ae3a28a6b53a77ea518d727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 23 Feb 2024 16:01:58 +0100
Subject: [PATCH 3/3] rhel10: remove systemd-resolved
Subject: [PATCH 3/4] rhel10: remove systemd-resolved
systemd-resolved should not be enabled by default in rhel.
---
@ -12,57 +12,57 @@ systemd-resolved should not be enabled by default in rhel.
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf
index 538926e4d5cc8c190a7b2d10fd3756ad3269a720..1ad4276566f775086fc091d8e1c35d4ac94a9786 100644
index b21d36c64249c08600ec8aca09a92a062d9eb084..bbcbf2b684e9c1e1755c0afd619e2c3b8e9c6b99 100644
--- a/profiles/local/nsswitch.conf
+++ b/profiles/local/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }systemd
shadow: files
shadow: files systemd
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
+hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns
services: files
netgroup: files
automount: files
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
index 488476e91879b549fe605008d500b1810360f3be..88110258a69e7366980944ec3ccd9c79c0a1b323 100644
index f7749d0eb12229aa577dc0a84ef284dad24027c8..2e7b63dd36f46185c513779b09c6123bd7e7a373 100644
--- a/profiles/nis/nsswitch.conf
+++ b/profiles/nis/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }nis systemd
shadow: files nis
shadow: files nis systemd
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis myhostname dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns
+hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis dns
services: files nis
netgroup: files nis
automount: files nis
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
index b98094d9e0eaeb1559347b81a9505822ff713034..89a1f230487a18d12ff9c3862e3394035bf17cff 100644
index b893ee67698d60175ffe6396a12546f5aed97ca7..b8138a3c07e3c54612a0cbf3c0b721bedd821966 100644
--- a/profiles/sssd/nsswitch.conf
+++ b/profiles/sssd/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd
shadow: files
shadow: files systemd
group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
+hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns
services: files sss
netgroup: files sss
sudoers: files sss {include if "with-sudo"}
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
index cc966b34464bb28776b903d61fff1f6a94a1eb6f..5315640e39f7c84b4c138f393fa3b5c970e4afa5 100644
index 6282c1385f687fbeb928567dc8de03c3b7d66a21..c7d57595b0c4e2f8c492b8e4f1a9c56f203337c5 100644
--- a/profiles/winbind/nsswitch.conf
+++ b/profiles/winbind/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }winbind systemd
shadow: files
shadow: files systemd
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns
+hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns
services: files
netgroup: files
automount: files
--
2.42.0
2.52.0

32
0904-rhel10-move-myhostname-after-dns-to-fix-hostname-fqd.patch
View File

@ -1,15 +1,13 @@
From 1a19a17f08cc65ff0d701e107155cb61344bed5b Mon Sep 17 00:00:00 2001
From abdef39cb04eee5ad2507252f917d0f2e3fdcb5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 2 Aug 2024 12:26:38 +0200
Subject: [PATCH] rhel10: move myhostname after dns to fix hostname --fqdn
Subject: [PATCH 4/4] rhel10: move myhostname after dns to fix hostname --fqdn
behavior
Since rhel10 does not have systemd-resolved support in authselect,
we need to place myhostname after dns module to make
` hostname --fqdn` work. This was the default order
in rhel8 and rhel9.
Resolves: https://issues.redhat.com/browse/RHEL-39537
---
profiles/local/nsswitch.conf | 2 +-
profiles/nis/nsswitch.conf | 2 +-
@ -18,57 +16,57 @@ Resolves: https://issues.redhat.com/browse/RHEL-39537
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf
index 1ad4276566f775086fc091d8e1c35d4ac94a9786..48c7f0420030069048d41a99ec3cfad1d15da2cc 100644
index bbcbf2b684e9c1e1755c0afd619e2c3b8e9c6b99..37a13b0e254c01b2b358bd9e85f742ade693d0ce 100644
--- a/profiles/local/nsswitch.conf
+++ b/profiles/local/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }systemd
shadow: files
shadow: files systemd
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns myhostname
services: files
netgroup: files
automount: files
diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
index 88110258a69e7366980944ec3ccd9c79c0a1b323..24c7499ecbfd9c034f480b7b155e6d3ae4bfd38a 100644
index 2e7b63dd36f46185c513779b09c6123bd7e7a373..109f44129ef034795ae5585e6a7b2f12f847084b 100644
--- a/profiles/nis/nsswitch.conf
+++ b/profiles/nis/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }nis systemd
shadow: files nis
shadow: files nis systemd
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis dns myhostname
services: files nis
netgroup: files nis
automount: files nis
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
index 89a1f230487a18d12ff9c3862e3394035bf17cff..40ea3aecbf0adb71bc8cc33b7dd2241c7596bcfd 100644
index b8138a3c07e3c54612a0cbf3c0b721bedd821966..27ccf10befc3fa7e5371459cc9f6f4cd1fcf5d10 100644
--- a/profiles/sssd/nsswitch.conf
+++ b/profiles/sssd/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd
shadow: files
shadow: files systemd
group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns myhostname
services: files sss
netgroup: files sss
sudoers: files sss {include if "with-sudo"}
diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
index 5315640e39f7c84b4c138f393fa3b5c970e4afa5..8b6c494dcf8bff14694e61ea044eb29e23ac3e47 100644
index c7d57595b0c4e2f8c492b8e4f1a9c56f203337c5..64600c57329459e2fa78c6514f6cc8913e64d23a 100644
--- a/profiles/winbind/nsswitch.conf
+++ b/profiles/winbind/nsswitch.conf
@@ -2,7 +2,7 @@
passwd: files {if "with-altfiles":altfiles }winbind systemd
shadow: files
shadow: files systemd
group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd
-hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns
-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns
+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns myhostname
services: files
netgroup: files
automount: files
--
2.42.0
2.52.0

263
authselect.spec
View File

@ -2,8 +2,8 @@
%define _empty_manifest_terminate_build 0
Name: authselect
Version: 1.5.0
Release: 8%{?dist}
Version: 1.5.2
Release: %autorelease
Summary: Configures authentication and identity sources from supported profiles
URL: https://github.com/authselect/authselect
@ -24,17 +24,6 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
%{?rhel:%global default_profile local}
# Patches
Patch0001: 0001-sssd-reintroduce-with-files-access-provider.patch
Patch0002: 0002-spec-modify-specfile-for-Fedora-40-and-RHEL-10-as-mi.patch
Patch0003: 0003-po-update-translations.patch
Patch0004: 0004-nis-install-nis-profile-conditionally.patch
Patch0005: 0005-configure-drop-user-nsswitch.conf-support.patch
Patch0006: 0006-configure-drop-authconfig-compat-tool.patch
Patch0007: 0007-ci-remove-python-checks.patch
Patch0008: 0008-pot-update-pot-files.patch
Patch0009: 0009-profiles-merge-groups-records-with-SUCCESS-merge.patch
Patch0010: 0010-spec-use-altfiles-with-success-merge-on-ostree-syste.patch
Patch0011: 0011-profiles-put-myhostname-before-dns.patch
# RHEL-only patches
%if 0%{?rhel}
@ -58,10 +47,19 @@ BuildRequires: %{_bindir}/a2x
BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: libselinux-devel
Requires: authselect-libs%{?_isa} = %{version}-%{release}
# RHEL does not have meta flag yet
%if 0%{?rhel} <= 10
Suggests: sssd
Suggests: samba-winbind
Suggests: fprintd-pam
Suggests: oddjob-mkhomedir
%else
Suggests(meta): sssd
Suggests(meta): samba-winbind
Suggests(meta): fprintd-pam
Suggests(meta): oddjob-mkhomedir
%endif
# Properly obsolete removed authselect-compat package.
Obsoletes: authselect-compat < 1.3
@ -95,11 +93,7 @@ System header files and development libraries for authselect. Useful if
you develop a front-end for the authselect library.
%prep
%setup -q
for p in %patches ; do
%__patch -p1 -i $p
done
%autosetup -p1
%build
autoreconf -if
@ -167,6 +161,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/local/README
%{_datadir}/authselect/default/local/REQUIREMENTS
%{_datadir}/authselect/default/local/smartcard-auth
%{_datadir}/authselect/default/local/switchable-auth
%{_datadir}/authselect/default/local/system-auth
%{_datadir}/authselect/default/sssd/dconf-db
%{_datadir}/authselect/default/sssd/dconf-locks
@ -177,6 +172,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/sssd/README
%{_datadir}/authselect/default/sssd/REQUIREMENTS
%{_datadir}/authselect/default/sssd/smartcard-auth
%{_datadir}/authselect/default/sssd/switchable-auth
%{_datadir}/authselect/default/sssd/system-auth
%{_datadir}/authselect/default/winbind/dconf-db
%{_datadir}/authselect/default/winbind/dconf-locks
@ -187,6 +183,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/winbind/README
%{_datadir}/authselect/default/winbind/REQUIREMENTS
%{_datadir}/authselect/default/winbind/smartcard-auth
%{_datadir}/authselect/default/winbind/switchable-auth
%{_datadir}/authselect/default/winbind/system-auth
%if %{with_nis_profile}
%dir %{_datadir}/authselect/default/nis/
@ -199,10 +196,12 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%{_datadir}/authselect/default/nis/README
%{_datadir}/authselect/default/nis/REQUIREMENTS
%{_datadir}/authselect/default/nis/smartcard-auth
%{_datadir}/authselect/default/nis/switchable-auth
%{_datadir}/authselect/default/nis/system-auth
%endif
%{_libdir}/libauthselect.so.*
%{_mandir}/man5/authselect-profiles.5*
%dir %{_datadir}/doc/authselect
%{_datadir}/doc/authselect/COPYING
%{_datadir}/doc/authselect/README.md
%license COPYING
@ -260,230 +259,4 @@ done
exit 0
%changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.5.0-8
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Aug 02 2024 Pavel Březina <pbrezina@redhat.com> - 1.5.0-7
- myhostname is put after dns module in nsswitch.conf hosts to fix hostname --fqdn (RHEL-39537)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.5.0-6
- Bump release for June 2024 mass rebuild
* Tue Feb 27 2024 Jonathan Lebon <jonathan@jlebon.com> - 1.5.0-5
- Fix altfiles rendering on OSTree variants
* Fri Feb 23 2024 Pavel Březina <pbrezina@redhat.com> - 1.5.0-4
- Add back with-files-access-provider
- Remove outdated scriptlets
- Group merging added to nsswitch.conf group in all profiles
- myhostname is put right before dns module in nsswitch.conf hosts (rhbz#2257197)
- Internal packaging changes
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Pavel Březina <pbrezina@redhat.com> - 1.5.0-1
- Rebase to 1.5.0
- "minimal" profile was removed and replaced with "local". (rhbz#2253180)
- "local" profile is now default (rhbz#2253180)
* Wed Sep 27 2023 Pavel Březina <pbrezina@redhat.com> - 1.4.3-1
- Rebase to 1.4.3
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.2-1
- Rebase to 1.4.2
* Thu Dec 1 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.1-1
- Rebase to 1.4.1
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 8 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.0-2
- Fix issues with popt-1.19
* Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.0-1
- Rebase to 1.3.0
* Thu Feb 10 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-10
- Fix mdns support (#2052269)
* Thu Feb 3 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-9
- Make authselect compatible with ostree (#2034360)
- Authselect now requires explicit opt-out if users don't want to use it (#2051545)
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jan 13 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-7
- Remove unnecessary dependencies (#2039869)
* Thu Jan 13 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-6
- Fix detection of ostree system (#2034360)
* Tue Dec 28 2021 Frantisek Zatloukal <fzatlouk@redhat.com> - 1.3.0-5
- Try to use io.open() in pre scriptlet instead of rpm.open() (rpm >= 4.17.0)
* Tue Dec 21 2021 Frantisek Zatloukal <fzatlouk@redhat.com> - 1.3.0-4
- Use lua for pre scriptlets to reduce dependencies
* Fri Dec 10 2021 Pavel Březina <pbrezina@redhat.com> - 1.3.0-3
- Update conflicting versions of glibc and pam
* Mon Dec 6 2021 Pavel Březina <pbrezina@redhat.com> - 1.3.0-1
- Rebase to 1.3.0
- Authselect configuration is now enforced (#2000936)
* Sat Aug 14 2021 Björn Esser <besser82@fedoraproject.org> - 1.2.4-2
- Add proper Obsoletes for removed authselect-compat package
Fixes: rhbz#1993189
* Mon Aug 9 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.4-1
- Rebase to 1.2.4
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 21 2021 Björn Esser <besser82@fedoraproject.org> - 1.2.3-3
- Backport support for yescrypt hash method
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.2.3-2
- Rebuilt for Python 3.10
* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-1
- Rebase to 1.2.3
* Tue Mar 09 2021 Benjamin Berg <bberg@redhat.com> - 1.2.2-4
- Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors
Resolves: #1935331
* Thu Mar 4 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3
- minimal: add dconf settings to explicitly disable fingerprint and smartcard authentication
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Nov 25 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.2-1
- Rebase to 1.2.2
- Add nss-altfiles to profiles on Fedora Silverblue
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 22 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-3
- Add resolved by default to nis and minimal profiles
- Fix parsing of multiple conditionals on the same line
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.2.1-2
- Rebuilt for Python 3.9
* Mon May 11 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-1
- Rebase to 1.2.1
* Wed Mar 4 2020 Pavel Březina <pbrezina@redhat.com> - 1.2-1
- Rebase to 1.2
* Mon Feb 17 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-7
- fix restoring non-authselect configuration from backup
* Wed Jan 29 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-6
- cli: fix auto backup when --force is set
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-3
- Rebuilt for Python 3.8
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 13 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-1
- Rebase to 1.1
* Tue Feb 26 2019 Pavel Březina <pbrezina@redhat.com> - 1.0.3-1
- Rebase to 1.0.3
* Tue Feb 26 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0.2-4
- Use %ghost for files owned by authselect
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-2
- Resolves rhbz#1655025 (invalid backup).
* Fri Nov 23 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-1
- Rebase to 1.0.2
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-2
- Require systemd instead of systemctl
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-1
- Rebase to 1.0.1
* Fri Sep 14 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-3
- Scriptlets should no produce any error messages (RHBZ #1622272)
- Provide fix for pwquality configuration (RHBZ #1618865)
* Thu Aug 30 2018 Adam Williamson <awilliam@redhat.com> - 1.0-2
- Backport PR #78 to fix broken pwquality config (RHBZ #1618865)
* Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
- Rebase to 1.0
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.4-4
- Rebuilt for Python 3.7
* Mon May 14 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-3
- Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403)
* Wed Apr 25 2018 Christian Heimes <cheimes@redhat.com> - 0.4-2
- Don't disable oddjobd.service (RHBZ #1571844)
* Mon Apr 9 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-1
- rebasing to 0.4
* Tue Mar 6 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.2-1
- rebasing to 0.3.2
- authselect-compat now only suggests packages, not recommends
* Mon Mar 5 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.1-1
- rebasing to 0.3.1
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-3
- Provide authconfig
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
- Properly own all appropriate directories
- Remove unneeded %%defattr
- Remove deprecated Group tag
- Make Obsoletes versioned
- Remove unneeded ldconfig scriptlets
* Tue Feb 20 2018 Pavel Březina <pbrezina@redhat.com> - 0.3-1
- rebasing to 0.3
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-2
- fix rpmlint errors
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-1
- rebasing to 0.2
* Mon Jul 31 2017 Jakub Hrozek <jakub.hrozek@posteo.se> - 0.1-1
- initial packaging
%autochangelog

227
changelog Normal file
View File

@ -0,0 +1,227 @@
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.5.0-8
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Aug 02 2024 Pavel Březina <pbrezina@redhat.com> - 1.5.0-7
- myhostname is put after dns module in nsswitch.conf hosts to fix hostname --fqdn (RHEL-39537)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.5.0-6
- Bump release for June 2024 mass rebuild
* Tue Feb 27 2024 Jonathan Lebon <jonathan@jlebon.com> - 1.5.0-5
- Fix altfiles rendering on OSTree variants
* Fri Feb 23 2024 Pavel Březina <pbrezina@redhat.com> - 1.5.0-4
- Add back with-files-access-provider
- Remove outdated scriptlets
- Group merging added to nsswitch.conf group in all profiles
- myhostname is put right before dns module in nsswitch.conf hosts (rhbz#2257197)
- Internal packaging changes
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Pavel Březina <pbrezina@redhat.com> - 1.5.0-1
- Rebase to 1.5.0
- "minimal" profile was removed and replaced with "local". (rhbz#2253180)
- "local" profile is now default (rhbz#2253180)
* Wed Sep 27 2023 Pavel Březina <pbrezina@redhat.com> - 1.4.3-1
- Rebase to 1.4.3
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.2-1
- Rebase to 1.4.2
* Thu Dec 1 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.1-1
- Rebase to 1.4.1
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 8 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.0-2
- Fix issues with popt-1.19
* Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.4.0-1
- Rebase to 1.3.0
* Thu Feb 10 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-10
- Fix mdns support (#2052269)
* Thu Feb 3 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-9
- Make authselect compatible with ostree (#2034360)
- Authselect now requires explicit opt-out if users don't want to use it (#2051545)
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jan 13 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-7
- Remove unnecessary dependencies (#2039869)
* Thu Jan 13 2022 Pavel Březina <pbrezina@redhat.com> - 1.3.0-6
- Fix detection of ostree system (#2034360)
* Tue Dec 28 2021 Frantisek Zatloukal <fzatlouk@redhat.com> - 1.3.0-5
- Try to use io.open() in pre scriptlet instead of rpm.open() (rpm >= 4.17.0)
* Tue Dec 21 2021 Frantisek Zatloukal <fzatlouk@redhat.com> - 1.3.0-4
- Use lua for pre scriptlets to reduce dependencies
* Fri Dec 10 2021 Pavel Březina <pbrezina@redhat.com> - 1.3.0-3
- Update conflicting versions of glibc and pam
* Mon Dec 6 2021 Pavel Březina <pbrezina@redhat.com> - 1.3.0-1
- Rebase to 1.3.0
- Authselect configuration is now enforced (#2000936)
* Sat Aug 14 2021 Björn Esser <besser82@fedoraproject.org> - 1.2.4-2
- Add proper Obsoletes for removed authselect-compat package
Fixes: rhbz#1993189
* Mon Aug 9 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.4-1
- Rebase to 1.2.4
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 21 2021 Björn Esser <besser82@fedoraproject.org> - 1.2.3-3
- Backport support for yescrypt hash method
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.2.3-2
- Rebuilt for Python 3.10
* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-1
- Rebase to 1.2.3
* Tue Mar 09 2021 Benjamin Berg <bberg@redhat.com> - 1.2.2-4
- Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors
Resolves: #1935331
* Thu Mar 4 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3
- minimal: add dconf settings to explicitly disable fingerprint and smartcard authentication
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Nov 25 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.2-1
- Rebase to 1.2.2
- Add nss-altfiles to profiles on Fedora Silverblue
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 22 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-3
- Add resolved by default to nis and minimal profiles
- Fix parsing of multiple conditionals on the same line
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.2.1-2
- Rebuilt for Python 3.9
* Mon May 11 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-1
- Rebase to 1.2.1
* Wed Mar 4 2020 Pavel Březina <pbrezina@redhat.com> - 1.2-1
- Rebase to 1.2
* Mon Feb 17 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-7
- fix restoring non-authselect configuration from backup
* Wed Jan 29 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-6
- cli: fix auto backup when --force is set
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-3
- Rebuilt for Python 3.8
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 13 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-1
- Rebase to 1.1
* Tue Feb 26 2019 Pavel Březina <pbrezina@redhat.com> - 1.0.3-1
- Rebase to 1.0.3
* Tue Feb 26 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0.2-4
- Use %ghost for files owned by authselect
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-2
- Resolves rhbz#1655025 (invalid backup).
* Fri Nov 23 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-1
- Rebase to 1.0.2
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-2
- Require systemd instead of systemctl
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-1
- Rebase to 1.0.1
* Fri Sep 14 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-3
- Scriptlets should no produce any error messages (RHBZ #1622272)
- Provide fix for pwquality configuration (RHBZ #1618865)
* Thu Aug 30 2018 Adam Williamson <awilliam@redhat.com> - 1.0-2
- Backport PR #78 to fix broken pwquality config (RHBZ #1618865)
* Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
- Rebase to 1.0
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.4-4
- Rebuilt for Python 3.7
* Mon May 14 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-3
- Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403)
* Wed Apr 25 2018 Christian Heimes <cheimes@redhat.com> - 0.4-2
- Don't disable oddjobd.service (RHBZ #1571844)
* Mon Apr 9 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-1
- rebasing to 0.4
* Tue Mar 6 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.2-1
- rebasing to 0.3.2
- authselect-compat now only suggests packages, not recommends
* Mon Mar 5 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.1-1
- rebasing to 0.3.1
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-3
- Provide authconfig
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
- Properly own all appropriate directories
- Remove unneeded %%defattr
- Remove deprecated Group tag
- Make Obsoletes versioned
- Remove unneeded ldconfig scriptlets
* Tue Feb 20 2018 Pavel Březina <pbrezina@redhat.com> - 0.3-1
- rebasing to 0.3
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-2
- fix rpmlint errors
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-1
- rebasing to 0.2
* Mon Jul 31 2017 Jakub Hrozek <jakub.hrozek@posteo.se> - 0.1-1
- initial packaging

2
sources
View File

@ -1 +1 @@
SHA512 (authselect-1.5.0.tar.gz) = 33101654f8fd15e14bb644cf486734757fcfb7f0b83916ec1571f71d3e558e199ac6a14d10d402932531b54951717fda65d4a506199f9760937af26159ee5894
SHA512 (authselect-1.5.2.tar.gz) = a4dc363ede65740be651ebba328f051be68d60e918c3d67bc95e0bd3a491d555fbeb840c7b11590941f50340ef5bf3c002e3c49e1c73ae2d40a66c5d811a549b