From 3db6bfb990a4f0a7accb768f9771c97734a09246 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Wed, 21 Jan 2026 15:50:27 +0100 Subject: [PATCH] Rebase to authselect-1.5.2 Resolves: RHEL-133559 - package passwordless-gdm feature --- .gitignore | 1 + ...introduce-with-files-access-provider.patch | 101 - ...file-for-Fedora-40-and-RHEL-10-as-mi.patch | 217 -- 0003-po-update-translations.patch | 471 --- ...is-install-nis-profile-conditionally.patch | 177 -- ...gure-drop-user-nsswitch.conf-support.patch | 349 --- ...onfigure-drop-authconfig-compat-tool.patch | 1510 ---------- 0007-ci-remove-python-checks.patch | 46 - 0008-pot-update-pot-files.patch | 2561 ----------------- ...ge-groups-records-with-SUCCESS-merge.patch | 78 - ...s-with-success-merge-on-ostree-syste.patch | 26 - 0011-profiles-put-myhostname-before-dns.patch | 72 - 0901-rhel10-remove-systemd-homed.patch | 29 +- 0902-rhel10-remove-ecryptfs-support.patch | 18 +- 0903-rhel10-remove-systemd-resolved.patch | 38 +- ...stname-after-dns-to-fix-hostname-fqd.patch | 32 +- authselect.spec | 263 +- changelog | 227 ++ sources | 2 +- 19 files changed, 306 insertions(+), 5912 deletions(-) delete mode 100644 0001-sssd-reintroduce-with-files-access-provider.patch delete mode 100644 0002-spec-modify-specfile-for-Fedora-40-and-RHEL-10-as-mi.patch delete mode 100644 0003-po-update-translations.patch delete mode 100644 0004-nis-install-nis-profile-conditionally.patch delete mode 100644 0005-configure-drop-user-nsswitch.conf-support.patch delete mode 100644 0006-configure-drop-authconfig-compat-tool.patch delete mode 100644 0007-ci-remove-python-checks.patch delete mode 100644 0008-pot-update-pot-files.patch delete mode 100644 0009-profiles-merge-groups-records-with-SUCCESS-merge.patch delete mode 100644 0010-spec-use-altfiles-with-success-merge-on-ostree-syste.patch delete mode 100644 0011-profiles-put-myhostname-before-dns.patch create mode 100644 changelog diff --git a/.gitignore b/.gitignore index 53a6f3f..b498d48 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ /authselect-1.4.2.tar.gz /authselect-1.4.3.tar.gz /authselect-1.5.0.tar.gz +/authselect-1.5.2.tar.gz diff --git a/0001-sssd-reintroduce-with-files-access-provider.patch b/0001-sssd-reintroduce-with-files-access-provider.patch deleted file mode 100644 index d793c67..0000000 --- a/0001-sssd-reintroduce-with-files-access-provider.patch +++ /dev/null @@ -1,101 +0,0 @@ -From adb36ae3633e2dfaa9c21bb45d05551f1ea3d749 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 21 Feb 2024 14:27:49 +0100 -Subject: [PATCH 01/11] sssd: reintroduce with-files-access-provider - -This is still needed to support .k5login file with proxy domain. For -example: - -``` -[domain/proxy] -id_provider = proxy -proxy_lib_name = files -access_provider = krb5 -auth_provider = krb5 -krb5_server = kdc.test -krb5_realm = TEST -``` ---- - profiles/sssd/README | 10 ++++++++++ - profiles/sssd/fingerprint-auth | 2 +- - profiles/sssd/password-auth | 2 +- - profiles/sssd/smartcard-auth | 2 +- - profiles/sssd/system-auth | 2 +- - 5 files changed, 14 insertions(+), 4 deletions(-) - -diff --git a/profiles/sssd/README b/profiles/sssd/README -index 770891a338754b53ee48ba34d9d80c2f2f31cdb6..f7aaba8ecca4bc18a0e57d2334c2030fd26fda0d 100644 ---- a/profiles/sssd/README -+++ b/profiles/sssd/README -@@ -89,6 +89,16 @@ with-mdns4:: - with-mdns6:: - Enable multicast DNS over IPv6. - -+with-files-access-provider:: If set, account management for local users is -+ handled also by pam_sss. This can be used to support SSSD's proxy domain -+ that is configured to serve users from local files but provide -+ authentication and access management (.k5login file) via Kerberos. -+ -+ *WARNING:* SSSD access check will become mandatory for local users and -+ if SSSD is stopped then local users will not be able to log in. Only -+ system accounts (as defined by pam_usertype, including root) will be -+ able to log in. -+ - with-gssapi:: - If set, pam_sss_gss module is enabled to perform user authentication over - GSSAPI. -diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth -index 94232086a60f56976bd5182f5d10da9c63ec22b6..20ad3613e66ec85c7d2462d0449854e522383b3a 100644 ---- a/profiles/sssd/fingerprint-auth -+++ b/profiles/sssd/fingerprint-auth -@@ -11,7 +11,7 @@ auth required pam_deny.so - account required pam_access.so {include if "with-pamaccess"} - account required pam_faillock.so {include if "with-faillock"} - account required pam_unix.so --account sufficient pam_localuser.so -+account sufficient pam_localuser.so {exclude if "with-files-access-provider"} - account sufficient pam_usertype.so issystem - account [default=bad success=ok user_unknown=ignore] pam_sss.so - account required pam_permit.so -diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth -index 05487ca293138a1154cb6820dbc9a53770904670..97c33b678706e7eeb86bf45251baa41739f2940f 100644 ---- a/profiles/sssd/password-auth -+++ b/profiles/sssd/password-auth -@@ -18,7 +18,7 @@ account required pam_access.so - account required pam_faillock.so {include if "with-faillock"} - account sufficient pam_systemd_home.so {include if "with-systemd-homed"} - account required pam_unix.so --account sufficient pam_localuser.so -+account sufficient pam_localuser.so {exclude if "with-files-access-provider"} - account sufficient pam_usertype.so issystem - account [default=bad success=ok user_unknown=ignore] pam_sss.so - account required pam_permit.so -diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth -index 540556ce89b727a226bec4d3322a1775ef350253..78cb329bf332f4d629740a0fff7d2dfe43f7d78d 100644 ---- a/profiles/sssd/smartcard-auth -+++ b/profiles/sssd/smartcard-auth -@@ -11,7 +11,7 @@ auth required pam_deny.so - account required pam_access.so {include if "with-pamaccess"} - account required pam_faillock.so {include if "with-faillock"} - account required pam_unix.so --account sufficient pam_localuser.so -+account sufficient pam_localuser.so {exclude if "with-files-access-provider"} - account sufficient pam_usertype.so issystem - account [default=bad success=ok user_unknown=ignore] pam_sss.so - account required pam_permit.so -diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth -index 83f9214fdd0a97ec49a8df52a2e202e034cbc0c6..90c3504a414f0a151475cc207285b230fec381b1 100644 ---- a/profiles/sssd/system-auth -+++ b/profiles/sssd/system-auth -@@ -25,7 +25,7 @@ account required pam_access.so - account required pam_faillock.so {include if "with-faillock"} - account sufficient pam_systemd_home.so {include if "with-systemd-homed"} - account required pam_unix.so --account sufficient pam_localuser.so -+account sufficient pam_localuser.so {exclude if "with-files-access-provider"} - account sufficient pam_usertype.so issystem - account [default=bad success=ok user_unknown=ignore] pam_sss.so - account required pam_permit.so --- -2.42.0 - diff --git a/0002-spec-modify-specfile-for-Fedora-40-and-RHEL-10-as-mi.patch b/0002-spec-modify-specfile-for-Fedora-40-and-RHEL-10-as-mi.patch deleted file mode 100644 index 1b8159c..0000000 --- a/0002-spec-modify-specfile-for-Fedora-40-and-RHEL-10-as-mi.patch +++ /dev/null @@ -1,217 +0,0 @@ -From d498f7aa562cf41e0999f7733664c27fa62bcf7c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 23 Feb 2024 11:54:44 +0100 -Subject: [PATCH 02/11] spec: modify specfile for Fedora 40 and RHEL 10 as - minimal version - -- conditionals that are no longer used are removed -- upgrade path is removed - - this was already triggered in Fedora 38, so it is no longer useful - - RHEL is updated to authselect with leapp when going from 7 to 8 - we don't want to touch existing configurations ---- - rpm/authselect.spec.in | 102 ++--------------------------------------- - 1 file changed, 3 insertions(+), 99 deletions(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index 24ce4e603208ce26eb228bbee565c868428a2af1..e2c0482f1e7cfceac4aed3a3a4375bca031ac8c1 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -12,20 +12,6 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz - - %global makedir %{_builddir}/%{name}-%{version} - --%if 0%{?fedora} >= 35 || 0%{?rhel} >= 10 --%global with_compat 0 --%else --%global with_compat 1 --%endif -- --%if 0%{?fedora} >= 36 || 0%{?rhel} >= 10 --%global with_user_nsswitch 0 --%global enforce_authselect 1 --%else --%global with_user_nsswitch 1 --%global enforce_authselect 0 --%endif -- - # Set the default profile - %{?fedora:%global default_profile local with-silent-lastlog} - %{?rhel:%global default_profile local} -@@ -43,21 +29,14 @@ BuildRequires: po4a - BuildRequires: %{_bindir}/a2x - BuildRequires: libcmocka-devel >= 1.0.0 - BuildRequires: libselinux-devel --%if %{with_compat} --BuildRequires: python3-devel --%endif - Requires: authselect-libs%{?_isa} = %{version}-%{release} - Suggests: sssd - Suggests: samba-winbind - Suggests: fprintd-pam - Suggests: oddjob-mkhomedir - --%if !%{with_compat} - # Properly obsolete removed authselect-compat package. --Obsoletes: authselect-compat < 1.2.4 --# Inherited from former authselect-compat package. --Obsoletes: authconfig < 7.0.1-6 --%endif -+Obsoletes: authselect-compat < 1.3 - - %description - Authselect is designed to be a replacement for authconfig but it takes -@@ -74,14 +53,6 @@ Summary: Utility library used by the authselect tool - Requires: coreutils - Requires: sed - Suggests: systemd --%if %{enforce_authselect} --# authselect now owns nsswitch.conf (glibc) and pam files --Conflicts: pam < 1.5.2-8 --Conflicts: glibc < 2.34.9000-27 --# systemd, nss-mdns no longer contains nsswitch.conf scriptlets --Conflicts: systemd < 249.7-4 --Conflicts: nss-mdns < 0.15.1-3 --%endif - - %description libs - Common library files for authselect. This package is used by the authselect -@@ -95,25 +66,6 @@ Requires: authselect-libs%{?_isa} = %{version}-%{release} - System header files and development libraries for authselect. Useful if - you develop a front-end for the authselect library. - --%if %{with_compat} --%package compat --Summary: Tool to provide minimum backwards compatibility with authconfig --Obsoletes: authconfig < 7.0.1-6 --Provides: authconfig --Requires: authselect%{?_isa} = %{version}-%{release} --Recommends: oddjob-mkhomedir --Suggests: sssd --Suggests: realmd --Suggests: samba-winbind -- --%description compat --This package will replace %{_sbindir}/authconfig with a tool that will --translate some of the authconfig calls into authselect calls. It provides --only minimum backward compatibility and users are encouraged to migrate --to authselect completely. --%endif -- -- - %prep - %setup -q - -@@ -123,16 +75,7 @@ done - - %build - autoreconf -if --%configure \ --%if %{with_compat} -- --with-pythonbin="%{__python3}" \ -- --with-compat \ --%endif --%if %{with_user_nsswitch} -- --with-user-nsswitch \ --%endif -- %{nil} -- -+%configure - %make_build - - %check -@@ -168,20 +111,14 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; - %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/postlogin - %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/smartcard-auth - %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/system-auth --%if %{enforce_authselect} - %ghost %attr(0644,root,root) %{_sysconfdir}/nsswitch.conf - %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/fingerprint-auth - %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/password-auth - %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/postlogin - %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/smartcard-auth - %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/system-auth --%endif - %dir %{_localstatedir}/lib/authselect - %ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/ --%if %{with_user_nsswitch} --%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created --%endif - %dir %{_datadir}/authselect - %dir %{_datadir}/authselect/vendor - %dir %{_datadir}/authselect/default -@@ -241,12 +178,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; - %{_libdir}/libauthselect.so - %{_libdir}/pkgconfig/authselect.pc - --%if %{with_compat} --%files compat --%{_sbindir}/authconfig --%{python3_sitelib}/authselect/ --%endif -- - %files -f %{name}.8.lang -f %{name}-migration.7.lang - %{_bindir}/authselect - %{_mandir}/man8/authselect.8* -@@ -265,47 +196,21 @@ if [ $1 == 0 ] ; then - fi - - %pre libs --%if %{enforce_authselect} - # Check if this is a new installation. - %__rm -f %{forcefile} - if [ $1 -eq 1 ] ; then - touch %{forcefile} - fi -- --# Check if we are upgrading from older version then authselect-1.3.0 --# The version command is not available on earlier versions --if [ $1 -gt 1 ] ; then -- %{_bindir}/authselect check &> /dev/null -- if [ $? -ne 0 ]; then -- %{_bindir}/authselect version &> /dev/null -- if [ $? -ne 0 ]; then -- touch %{forcefile} -- fi -- fi --fi --%endif -- - exit 0 - - %posttrans libs --# Copy nsswitch.conf to user-nsswitch.conf if it was not yet created --%if %{with_user_nsswitch} --if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then -- %__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null -- touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null --fi --%endif - - # Keep nss-altfiles for all rpm-ostree based systems. - # See https://github.com/authselect/authselect/issues/48 - if test -e /run/ostree-booted; then - for PROFILE in `ls %{_datadir}/authselect/default`; do - %{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null --%if %{with_user_nsswitch} -- %__sed -ie "s/^\(passwd\|group\):\(.*\)systemd\(.*\)/\1:\2systemd altfiles\3/g" %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null --%else - %__sed -ie 's/{if "with-altfiles":altfiles }/altfiles /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null --%endif - done - fi - -@@ -314,8 +219,7 @@ if [ $? -eq 6 ]; then - NOBACKUP="--nobackup" - fi - --# If we are upgrading from pre authselect-1.3.0 or this is a new installation --# select the default configuration. -+# If this is a new installation select the default configuration. - if [ -f %{forcefile} ]; then - %{_bindir}/authselect select %{default_profile} --force $NOBACKUP &> /dev/null - %__rm -f %{forcefile} --- -2.42.0 - diff --git a/0003-po-update-translations.patch b/0003-po-update-translations.patch deleted file mode 100644 index 3903936..0000000 --- a/0003-po-update-translations.patch +++ /dev/null @@ -1,471 +0,0 @@ -From 4485f4686c285310b2a11ac545e88e3acef870ea Mon Sep 17 00:00:00 2001 -From: Weblate -Date: Tue, 20 Feb 2024 21:36:02 +0100 -Subject: [PATCH 03/11] po: update translations -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -(Finnish) currently translated at 100.0% (349 of 349 strings) -Translation: authselect/master -Translate-URL: https://translate.fedoraproject.org/projects/authselect/master-application/fi/ - -Update translation files - -Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. - -po: update translations - -(Turkish) currently translated at 100.0% (349 of 349 strings) -Translation: authselect/master -Translate-URL: https://translate.fedoraproject.org/projects/authselect/master-application/tr/ - -Co-authored-by: Jan Kuparinen -Co-authored-by: Oğuz Ersen -Co-authored-by: Weblate -Translate-URL: https://translate.fedoraproject.org/projects/authselect/master-authselect8adoc/ -Translation: authselect/master-authselect.8.adoc ---- - po/fi.po | 11 +++++------ - po/tr.po | 12 ++++++------ - src/man/po/authselect.8.adoc.ca.po | 2 +- - src/man/po/authselect.8.adoc.cs.po | 2 +- - src/man/po/authselect.8.adoc.de.po | 2 +- - src/man/po/authselect.8.adoc.es.po | 2 +- - src/man/po/authselect.8.adoc.fa.po | 2 +- - src/man/po/authselect.8.adoc.fi.po | 2 +- - src/man/po/authselect.8.adoc.fr.po | 2 +- - src/man/po/authselect.8.adoc.hu.po | 2 +- - src/man/po/authselect.8.adoc.it.po | 2 +- - src/man/po/authselect.8.adoc.ja.po | 2 +- - src/man/po/authselect.8.adoc.ko.po | 2 +- - src/man/po/authselect.8.adoc.nl.po | 2 +- - src/man/po/authselect.8.adoc.pl.po | 2 +- - src/man/po/authselect.8.adoc.pt.po | 2 +- - src/man/po/authselect.8.adoc.pt_BR.po | 2 +- - src/man/po/authselect.8.adoc.ru.po | 2 +- - src/man/po/authselect.8.adoc.si.po | 2 +- - src/man/po/authselect.8.adoc.sv.po | 2 +- - src/man/po/authselect.8.adoc.tr.po | 2 +- - src/man/po/authselect.8.adoc.uk.po | 2 +- - src/man/po/authselect.8.adoc.zh_CN.po | 16 +++++++--------- - src/man/po/authselect.8.adoc.zh_TW.po | 2 +- - 24 files changed, 39 insertions(+), 42 deletions(-) - -diff --git a/po/fi.po b/po/fi.po -index 63f52ad6a8cd85d6f5c06b0a57d194ac94268206..12c84ea64ed09176d2e08e0d02aa47278540758f 100644 ---- a/po/fi.po -+++ b/po/fi.po -@@ -1,14 +1,14 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR Red Hat, Inc. - # This file is distributed under the same license as the authselect package. --# Jan Kuparinen , 2021, 2022. -+# Jan Kuparinen , 2021, 2022, 2024. - # Ricky Tigg , 2022. - msgid "" - msgstr "" - "Project-Id-Version: authselect 1.2.2\n" - "Report-Msgid-Bugs-To: https://github.com/authselect/authselect\n" - "POT-Creation-Date: 2023-09-27 13:03+0200\n" --"PO-Revision-Date: 2022-05-23 17:18+0000\n" -+"PO-Revision-Date: 2024-02-20 20:36+0000\n" - "Last-Translator: Jan Kuparinen \n" - "Language-Team: Finnish \n" -@@ -17,7 +17,7 @@ msgstr "" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=n != 1;\n" --"X-Generator: Weblate 4.12.2\n" -+"X-Generator: Weblate 5.4\n" - - #: src/lib/authselect.c:47 src/lib/authselect.c:188 - msgid "Unable to obtain supported features" -@@ -671,10 +671,9 @@ msgid "Unable to chown file [%s] [%d]: %s" - msgstr "Ei pysty ajamaan chmod tiedostolle [%s] [%d]: %s" - - #: src/lib/util/selinux.c:46 --#, fuzzy, c-format --#| msgid "Unable to create selabel context [%d]: %s" -+#, c-format - msgid "Unable to create selabel handle [%d]: %s" --msgstr "Selabel-kontekstia [%d] ei voida luoda: %s" -+msgstr "Selabel-kahvaa [%d] ei voida luoda: %s" - - #: src/lib/util/selinux.c:55 - #, c-format -diff --git a/po/tr.po b/po/tr.po -index 546e09bcb7457a44b43965dc222328cbdfe6f94d..8799903c5c18c48972d6faf464f5ee256460729a 100644 ---- a/po/tr.po -+++ b/po/tr.po -@@ -3,13 +3,14 @@ - # This file is distributed under the same license as the authselect package. - # Oğuz Ersen , 2020, 2021. - # Anonymous , 2020. -+# Oğuz Ersen , 2024. - msgid "" - msgstr "" - "Project-Id-Version: authselect 1.1\n" - "Report-Msgid-Bugs-To: https://github.com/authselect/authselect\n" - "POT-Creation-Date: 2023-09-27 13:03+0200\n" --"PO-Revision-Date: 2021-12-10 17:16+0000\n" --"Last-Translator: Oğuz Ersen \n" -+"PO-Revision-Date: 2024-01-29 17:36+0000\n" -+"Last-Translator: Oğuz Ersen \n" - "Language-Team: Turkish \n" - "Language: tr\n" -@@ -17,7 +18,7 @@ msgstr "" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=2; plural=n != 1;\n" --"X-Generator: Weblate 4.9.1\n" -+"X-Generator: Weblate 5.3.1\n" - - #: src/lib/authselect.c:47 src/lib/authselect.c:188 - msgid "Unable to obtain supported features" -@@ -671,10 +672,9 @@ msgid "Unable to chown file [%s] [%d]: %s" - msgstr "[%s] dosyasının sahibi değiştirilemedi [%d]: %s" - - #: src/lib/util/selinux.c:46 --#, fuzzy, c-format --#| msgid "Unable to create selabel context [%d]: %s" -+#, c-format - msgid "Unable to create selabel handle [%d]: %s" --msgstr "selabel bağlamı oluşturulamadı [%d]: %s" -+msgstr "selabel tanıtıcısı oluşturulamadı [%d]: %s" - - #: src/lib/util/selinux.c:55 - #, c-format -diff --git a/src/man/po/authselect.8.adoc.ca.po b/src/man/po/authselect.8.adoc.ca.po -index 8c04b973ccfb0136589965d79a4fc38f57c38523..01e54857766fcbf7f063792a9953cbd26a979a51 100644 ---- a/src/man/po/authselect.8.adoc.ca.po -+++ b/src/man/po/authselect.8.adoc.ca.po -@@ -5,7 +5,7 @@ - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" --"POT-Creation-Date: 2023-09-27 13:03+0200\n" -+"POT-Creation-Date: 2024-01-18 16:34+0100\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: Automatically generated\n" - "Language-Team: none\n" -diff --git a/src/man/po/authselect.8.adoc.cs.po b/src/man/po/authselect.8.adoc.cs.po -index 84d630218ec7ef3b880a0da7315b2abd30bd3e62..cc98ea8c50ad65a19862b8470938cafafecc3e70 100644 ---- a/src/man/po/authselect.8.adoc.cs.po -+++ b/src/man/po/authselect.8.adoc.cs.po -@@ -3,7 +3,7 @@ - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" --"POT-Creation-Date: 2023-09-27 13:03+0200\n" -+"POT-Creation-Date: 2024-01-18 16:34+0100\n" - "PO-Revision-Date: 2023-08-07 20:21+0000\n" - "Last-Translator: Jan Kalabza \n" - "Language-Team: Czech \n" - "Language-Team: German \n" - "Language-Team: Spanish \n" - "Language-Team: Persian \n" - "Language-Team: Finnish \n" - "Language-Team: French \n" - "Language-Team: Hungarian \n" - "Language-Team: Italian \n" - "Language-Team: Japanese \n" - "Language-Team: Korean \n" - "Language-Team: Dutch \n" - "Language-Team: Polish \n" - "Language-Team: Portuguese \n" - "Language-Team: Portuguese (Brazil) \n" - "Language-Team: Russian \n" - "Language-Team: Sinhala \n" - "Language-Team: Swedish \n" - "Language-Team: Turkish \n" - "Language-Team: Ukrainian \n" - "Language-Team: Chinese (Simplified) \n" - "Language-Team: Chinese (Traditional) -Date: Fri, 23 Feb 2024 12:51:37 +0100 -Subject: [PATCH 04/11] nis: install nis profile conditionally - -NIS profile is installed only if --with-nis-profile configure flag is -given. ---- - profiles/Makefile.am | 2 ++ - rpm/authselect.spec.in | 37 +++++++++++++++++++---------- - scripts/manpages-build.sh.in | 1 + - src/conf_macros.m4 | 10 ++++++++ - src/man/authselect-migration.7.adoc | 7 ++++++ - 5 files changed, 45 insertions(+), 12 deletions(-) - -diff --git a/profiles/Makefile.am b/profiles/Makefile.am -index bc437c158f6922afdba4ab261c73f31c93846118..61728cab77022ddc0bb35a3649a38123dc4987cf 100644 ---- a/profiles/Makefile.am -+++ b/profiles/Makefile.am -@@ -15,6 +15,7 @@ dist_profile_local_DATA = \ - $(top_srcdir)/profiles/local/dconf-locks \ - $(NULL) - -+if WITH_NIS_PROFILE - profile_nisdir = $(authselect_profile_dir)/nis - dist_profile_nis_DATA = \ - $(top_srcdir)/profiles/nis/nsswitch.conf \ -@@ -28,6 +29,7 @@ dist_profile_nis_DATA = \ - $(top_srcdir)/profiles/nis/dconf-db \ - $(top_srcdir)/profiles/nis/dconf-locks \ - $(NULL) -+endif - - profile_sssddir = $(authselect_profile_dir)/sssd - dist_profile_sssd_DATA = \ -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index e2c0482f1e7cfceac4aed3a3a4375bca031ac8c1..350ca953632f21be861c1ee75f25f71d107ca1ee 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -12,6 +12,13 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz - - %global makedir %{_builddir}/%{name}-%{version} - -+# Disable NIS profile on RHEL -+%if 0%{?rhel} -+%global with_nis_profile 0 -+%else -+%global with_nis_profile 1 -+%endif -+ - # Set the default profile - %{?fedora:%global default_profile local with-silent-lastlog} - %{?rhel:%global default_profile local} -@@ -75,7 +82,11 @@ done - - %build - autoreconf -if --%configure -+%configure \ -+%if %{with_nis_profile} -+ --with-nis-profile \ -+%endif -+ %{nil} - %make_build - - %check -@@ -123,7 +134,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; - %dir %{_datadir}/authselect/vendor - %dir %{_datadir}/authselect/default - %dir %{_datadir}/authselect/default/local/ --%dir %{_datadir}/authselect/default/nis/ - %dir %{_datadir}/authselect/default/sssd/ - %dir %{_datadir}/authselect/default/winbind/ - %{_datadir}/authselect/default/local/dconf-db -@@ -136,16 +146,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; - %{_datadir}/authselect/default/local/REQUIREMENTS - %{_datadir}/authselect/default/local/smartcard-auth - %{_datadir}/authselect/default/local/system-auth --%{_datadir}/authselect/default/nis/dconf-db --%{_datadir}/authselect/default/nis/dconf-locks --%{_datadir}/authselect/default/nis/fingerprint-auth --%{_datadir}/authselect/default/nis/nsswitch.conf --%{_datadir}/authselect/default/nis/password-auth --%{_datadir}/authselect/default/nis/postlogin --%{_datadir}/authselect/default/nis/README --%{_datadir}/authselect/default/nis/REQUIREMENTS --%{_datadir}/authselect/default/nis/smartcard-auth --%{_datadir}/authselect/default/nis/system-auth - %{_datadir}/authselect/default/sssd/dconf-db - %{_datadir}/authselect/default/sssd/dconf-locks - %{_datadir}/authselect/default/sssd/fingerprint-auth -@@ -166,6 +166,19 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; - %{_datadir}/authselect/default/winbind/REQUIREMENTS - %{_datadir}/authselect/default/winbind/smartcard-auth - %{_datadir}/authselect/default/winbind/system-auth -+%if %{with_nis_profile} -+%dir %{_datadir}/authselect/default/nis/ -+%{_datadir}/authselect/default/nis/dconf-db -+%{_datadir}/authselect/default/nis/dconf-locks -+%{_datadir}/authselect/default/nis/fingerprint-auth -+%{_datadir}/authselect/default/nis/nsswitch.conf -+%{_datadir}/authselect/default/nis/password-auth -+%{_datadir}/authselect/default/nis/postlogin -+%{_datadir}/authselect/default/nis/README -+%{_datadir}/authselect/default/nis/REQUIREMENTS -+%{_datadir}/authselect/default/nis/smartcard-auth -+%{_datadir}/authselect/default/nis/system-auth -+%endif - %{_libdir}/libauthselect.so.* - %{_mandir}/man5/authselect-profiles.5* - %{_datadir}/doc/authselect/COPYING -diff --git a/scripts/manpages-build.sh.in b/scripts/manpages-build.sh.in -index 314bb2b2a0e4432632478230ab5ff5b3dce2943f..9e553f755a64717f854f3aba33c62140130ce18f 100755 ---- a/scripts/manpages-build.sh.in -+++ b/scripts/manpages-build.sh.in -@@ -233,6 +233,7 @@ ATTR+=" -a AUTHSELECT_PROFILE_DIR=\"@AUTHSELECT_PROFILE_DIR@\"" - ATTR+=" -a AUTHSELECT_VENDOR_DIR=\"@AUTHSELECT_VENDOR_DIR@\"" - ATTR+=" -a AUTHSELECT_BACKUP_DIR=\"@AUTHSELECT_BACKUP_DIR@\"" - ATTR+=" -a BUILD_USER_NSSWITCH=\"@BUILD_USER_NSSWITCH@\"" -+ATTR+=" -a WITH_NIS_PROFILE=\"@WITH_NIS_PROFILE@\"" - - manpages-translate - -diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 -index 17c1629723066b0c4e354051366ce209428af6c1..9a81a6e194d16ecc0408e8631530cf7048fd9241 100644 ---- a/src/conf_macros.m4 -+++ b/src/conf_macros.m4 -@@ -99,3 +99,13 @@ if test x"$with_user_nsswitch" = xyes; then - AC_DEFINE(BUILD_USER_NSSWITCH, 1, [whether to build with user nsswitch support]) - AC_SUBST(BUILD_USER_NSSWITCH, 1) - fi -+ -+AC_ARG_WITH([nis-profile], -+ [AC_HELP_STRING([--with-nis-profile], [Install NIS profile [no]])], -+ [], with_nis_profile=no -+) -+AM_CONDITIONAL([WITH_NIS_PROFILE], [test x$with_nis_profile = xyes]) -+AC_SUBST(WITH_NIS_PROFILE, 0) -+if test x"$with_nis_profile" = xyes; then -+ AC_SUBST(WITH_NIS_PROFILE, 1) -+fi -diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc -index 3513a7e7cd3d7cc0045167e8224248c5be90ab2c..8cc58e60301925974fdb738c5b9a746749981df8 100644 ---- a/src/man/authselect-migration.7.adoc -+++ b/src/man/authselect-migration.7.adoc -@@ -72,7 +72,12 @@ configuration file for required services. - |--enablesssd --enablesssdauth |sssd - |--enablekrb5 |sssd - |--enablewinbind --enablewinbindauth |winbind -+ifeval::[{WITH_NIS_PROFILE} == 1] - |--enablenis |nis -+endif::[] -+ifeval::[{WITH_NIS_PROFILE} != 1] -+|--enablenis |none -+endif::[] - |========================================================= - - .Relation of authconfig options to authselect profile features -@@ -199,6 +204,7 @@ will perform an initial setup which involves creating a Kerberos keytab and - running `adcli` to join the domain. It also makes changes to `smb.conf`. You - can then tune it up by modifying {sysconfdir}/samba/smb.conf. - -+ifeval::[{WITH_NIS_PROFILE} == 1] - NIS - ~~~ - There are several places that needs to be configured in order to make -@@ -227,6 +233,7 @@ $ domainname mydomain - $ setsebool -P allow_ypbind 1 - ---- - -+endif::[] - PASSWORD QUALITY - ~~~~~~~~~~~~~~~~ - Authselect enables `pam_pwquality` module to enforce password quality --- -2.42.0 - diff --git a/0005-configure-drop-user-nsswitch.conf-support.patch b/0005-configure-drop-user-nsswitch.conf-support.patch deleted file mode 100644 index 1e401ca..0000000 --- a/0005-configure-drop-user-nsswitch.conf-support.patch +++ /dev/null @@ -1,349 +0,0 @@ -From 923fd37712eae8d99d514708e35894b6ea056628 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 23 Feb 2024 13:24:25 +0100 -Subject: [PATCH 05/11] configure: drop user-nsswitch.conf support - -user-nsswitch.conf support is now completely dropped, it can no -longer be enabled via configure flag ---- - scripts/manpages-build.sh.in | 1 - - src/cli/main.c | 9 -- - src/conf_macros.m4 | 10 -- - src/lib/files/nsswitch.c | 156 ----------------------------- - src/lib/paths.h | 3 - - src/man/authselect-profiles.5.adoc | 7 -- - src/man/authselect.8.adoc | 61 ----------- - 7 files changed, 247 deletions(-) - -diff --git a/scripts/manpages-build.sh.in b/scripts/manpages-build.sh.in -index 9e553f755a64717f854f3aba33c62140130ce18f..f4ac71e3a22723a52101bb9cbbadd79740515070 100755 ---- a/scripts/manpages-build.sh.in -+++ b/scripts/manpages-build.sh.in -@@ -232,7 +232,6 @@ ATTR+=" -a AUTHSELECT_PAM_DIR=\"@AUTHSELECT_PAM_DIR@\"" - ATTR+=" -a AUTHSELECT_PROFILE_DIR=\"@AUTHSELECT_PROFILE_DIR@\"" - ATTR+=" -a AUTHSELECT_VENDOR_DIR=\"@AUTHSELECT_VENDOR_DIR@\"" - ATTR+=" -a AUTHSELECT_BACKUP_DIR=\"@AUTHSELECT_BACKUP_DIR@\"" --ATTR+=" -a BUILD_USER_NSSWITCH=\"@BUILD_USER_NSSWITCH@\"" - ATTR+=" -a WITH_NIS_PROFILE=\"@WITH_NIS_PROFILE@\"" - - manpages-translate -diff --git a/src/cli/main.c b/src/cli/main.c -index 18486b50bc42f9937cc7294c3e5e2b32cafab5e0..fe06a5d8ababa58209690a97e84ae254b859cdc6 100644 ---- a/src/cli/main.c -+++ b/src/cli/main.c -@@ -186,15 +186,6 @@ static errno_t activate(struct cli_cmdline *cmdline) - goto done; - } - --#ifdef BUILD_USER_NSSWITCH -- maps = authselect_profile_nsswitch_maps(profile, features); -- if (maps == NULL) { -- ERROR("Unable to obtain nsswitch maps!"); -- ret = EFAULT; -- goto done; -- } --#endif -- - if (backup || backup_name != NULL || (enforce && !nobackup)) { - ret = perform_backup(quiet, 1, backup_name); - if (ret != EOK) { -diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 -index 9a81a6e194d16ecc0408e8631530cf7048fd9241..ae8fa0274e038e98115d000717487dbdbc04df4c 100644 ---- a/src/conf_macros.m4 -+++ b/src/conf_macros.m4 -@@ -90,16 +90,6 @@ if test x"$with_compat" = xyes; then - fi - AM_CONDITIONAL([BUILD_COMPAT], [test x$with_compat = xyes]) - --AC_ARG_WITH([user-nsswitch], -- [AC_HELP_STRING([--with-user-nsswitch], [Build with user nsswitch support [no]])], -- [], with_user_nsswitch=no --) --AC_SUBST(BUILD_USER_NSSWITCH, 0) --if test x"$with_user_nsswitch" = xyes; then -- AC_DEFINE(BUILD_USER_NSSWITCH, 1, [whether to build with user nsswitch support]) -- AC_SUBST(BUILD_USER_NSSWITCH, 1) --fi -- - AC_ARG_WITH([nis-profile], - [AC_HELP_STRING([--with-nis-profile], [Install NIS profile [no]])], - [], with_nis_profile=no -diff --git a/src/lib/files/nsswitch.c b/src/lib/files/nsswitch.c -index 9598ea5cc5d5e30678acd91354629a87fc727be9..0e35380a2603316483cd6bcfdc58742c25b6a2b1 100644 ---- a/src/lib/files/nsswitch.c -+++ b/src/lib/files/nsswitch.c -@@ -87,160 +87,6 @@ done: - return ret; - } - --#ifdef BUILD_USER_NSSWITCH -- --static errno_t --authselect_nsswitch_delete_maps(char **maps, -- char *content) --{ -- char *match_string; -- const char *map_name; -- size_t map_len; -- size_t orig_len; -- regmatch_t m[RE_NSS_MATCHES]; -- regex_t regex; -- errno_t ret; -- int reret; -- int i; -- -- if (string_is_empty(content)) { -- return EOK; -- } -- -- orig_len = strlen(content); -- -- reret = regcomp(®ex, RE_NSS, REG_EXTENDED | REG_NEWLINE); -- if (reret != REG_NOERROR) { -- ERROR("Unable to compile regular expression: regex error %d", reret); -- ret = EFAULT; -- goto done; -- } -- -- match_string = content; -- while ((reret = regexec(®ex, match_string, 2, m, 0)) == REG_NOERROR) { -- map_name = match_string + m[1].rm_so; -- map_len = m[1].rm_eo - m[1].rm_so; -- for (i = 0; maps[i] != NULL; i++) { -- if (strncmp(map_name, maps[i], map_len) == 0) { -- string_remove_line(content, match_string, m[1].rm_so); -- break; -- } -- } -- -- /* Since the whole line could have been removed, we have to find first -- * non-zero position. */ -- match_string += m[0].rm_eo; -- while (*match_string == '\0' && match_string - content < orig_len) { -- match_string++; -- } -- } -- -- if (reret != REG_NOMATCH) { -- ERROR("Unable to search string: regex error %d", reret); -- ret = EFAULT; -- goto done; -- } -- -- string_replace_shake(content, orig_len); -- -- ret = EOK; -- --done: -- regfree(®ex); -- -- return ret; --} -- --errno_t --authselect_nsswitch_generate(const char *template, -- const char **features, -- char **_content) --{ -- static const char *preambule = \ -- "# If you want to make changes to nsswitch.conf please modify\n" -- "# " PATH_USER_NSSWITCH " and run 'authselect apply-changes'.\n" -- "#\n" -- "# Note that your changes may not be applied as they may be\n" -- "# overwritten by selected profile. Maps set in the authselect\n" -- "# profile takes always precedence and overwrites the same maps\n" -- "# set in the user file. Only maps that are not set by the profile\n" -- "# are applied from the user file.\n" -- "#\n" -- "# For example, if the profile sets:\n" -- "# passwd: sss files\n" -- "# and " PATH_USER_NSSWITCH " contains:\n" -- "# passwd: files\n" -- "# hosts: files dns\n" -- "# the resulting generated nsswitch.conf will be:\n" -- "# passwd: sss files # from profile\n" -- "# hosts: files dns # from user file\n\n"; -- char *user_content = NULL; -- char *generated = NULL; -- char *content = NULL; -- char **maps = NULL; -- errno_t ret; -- -- generated = template_generate(template, features); -- if (generated == NULL) { -- ret = ENOMEM; -- goto done; -- } -- -- ret = textfile_read(PATH_USER_NSSWITCH, AUTHSELECT_FILE_SIZE_LIMIT, -- &user_content); -- switch (ret) { -- case EOK: -- ret = authselect_nsswitch_find_maps(generated, &maps); -- if (ret != EOK) { -- goto done; -- } -- -- ret = authselect_nsswitch_delete_maps(maps, user_content); -- if (ret != EOK) { -- goto done; -- } -- -- if (string_is_empty(user_content)) { -- content = format("%s%s", preambule, generated); -- break; -- } -- -- content = format("%s%s\n# Included from %s\n\n%s", -- preambule, generated, PATH_USER_NSSWITCH, -- user_content); -- break; -- case ENOENT: -- content = format("%s%s", preambule, generated); -- break; -- default: -- ERROR("Unable to read [%s] [%d]: %s", PATH_USER_NSSWITCH, -- ret, strerror(ret)); -- goto done; -- } -- -- if (content == NULL) { -- ret = ENOMEM; -- goto done; -- } -- -- *_content = content; -- -- ret = EOK; -- --done: -- if (ret != EOK) { -- ERROR("Unable to generate nsswitch.conf [%d]: %s", ret, strerror(ret)); -- } -- -- free(user_content); -- free(generated); -- string_array_free(maps); -- -- return ret; --} -- --#else /* BUILD_USER_NSSWITCH */ -- - errno_t - authselect_nsswitch_generate(const char *template, - const char **features, -@@ -257,5 +103,3 @@ authselect_nsswitch_generate(const char *template, - - return EOK; - } -- --#endif /* BUILD_USER_NSSWITCH */ -diff --git a/src/lib/paths.h b/src/lib/paths.h -index ca30b784f8bc63150f46ef08a26ec2bc5bcb3d67..41e4534b2efd421be8b9fea3b1fa9ebc3a699749 100644 ---- a/src/lib/paths.h -+++ b/src/lib/paths.h -@@ -53,9 +53,6 @@ - #define PATH_DCONF_DB AUTHSELECT_CONFIG_DIR "/" FILE_DCONF_DB - #define PATH_DCONF_LOCK AUTHSELECT_CONFIG_DIR "/" FILE_DCONF_LOCK - --/* Path to files that can be modified by user. */ --#define PATH_USER_NSSWITCH AUTHSELECT_CONFIG_DIR "/user-nsswitch.conf" -- - /* Names of symbolic links that points to generated files. */ - #define PATH_SYMLINK_SYSTEM AUTHSELECT_PAM_DIR "/" FILE_SYSTEM - #define PATH_SYMLINK_PASSWORD AUTHSELECT_PAM_DIR "/" FILE_PASSWORD -diff --git a/src/man/authselect-profiles.5.adoc b/src/man/authselect-profiles.5.adoc -index 76a48fa25a13a7052eeac662d7f5f1b11f1f9493..648b7980cfaabeb02913650a35dfffa8e17b0aaa 100644 ---- a/src/man/authselect-profiles.5.adoc -+++ b/src/man/authselect-profiles.5.adoc -@@ -53,14 +53,7 @@ done to the system. - the modules in the system-auth configuration file._ - - *nsswitch.conf*:: --ifeval::[{BUILD_USER_NSSWITCH} == 0] - Name Service Switch configuration file. --endif::[] --ifeval::[{BUILD_USER_NSSWITCH} == 1] -- Name Service Switch configuration file. Only maps relevant to the profile -- must be set. Maps that are not specified by the profile are included from -- {AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf. --endif::[] - - *dconf-db*:: - Changes to dconf database. The main uses case of this file is to set -diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc -index 39758a6ca71e962ae942ce3608ac3bd0ffd3fabf..5d695cced0fbdc2cda78d61eb3f7b8d929cae692 100644 ---- a/src/man/authselect.8.adoc -+++ b/src/man/authselect.8.adoc -@@ -261,67 +261,6 @@ These options are available with all commands. - the program execution but may indicate some undesired situations - (e.g. unexpected file in a profile directory). - --ifeval::[{BUILD_USER_NSSWITCH} == 1] --NSSWITCH.CONF MANAGEMENT -------------------------- --Authselect generates {AUTHSELECT_NSSWITCH_CONF} and does not allow any user --changes to this file. Such changes are detected and authselect will refuse to --write any system configuration unless a *--force* option is provided to --the *select* command. This mechanism prevents authselect from overwriting --anything that does not match any available profile. -- --Any user changes to nsswitch maps must be done in file --{AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf. When authselect generates --new _nsswitch.conf_ it reads this file and combines it with configuration --from selected profile. The profile configuration takes always precedence. --In other words, profiles do not have to set all nsswitch maps but can set only --those that are relevant to the profile. If a map is set within a profile, --it always overwrites the same map from _user-nsswitch.conf_. -- --.Example 1 --[subs="attributes"] ------ --# "sssd" profile --$ cat {AUTHSELECT_PROFILE_DIR}/sssd/nsswitch.conf --passwd: sss files systemd --group: sss files systemd --netgroup: sss files --automount: sss files --services: sss files --sudoers: files sss {include if "with-sudo"} -- --$ cat {AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf --passwd: files sss --group: files sss --hosts: files dns myhostname --sudoers: files -- --$ authselect select sssd -- --# passwd and group maps from user-nsswitch.conf are ignored --$ cat {AUTHSELECT_NSSWITCH_CONF} --passwd: sss files systemd --group: sss files systemd --netgroup: sss files --automount: sss files --services: sss files --hosts: files dns myhostname --sudoers: files -- --$ authselect select sssd with-sudo -- --# passwd, group and sudoers maps from user-nsswitch.conf are ignored --$ cat {AUTHSELECT_NSSWITCH_CONF} --passwd: sss files systemd --group: sss files systemd --netgroup: sss files --automount: sss files --services: sss files --sudoers: files sss --hosts: files dns myhostname ------ --endif::[] -- - TROUBLESHOOTING - --------------- - --- -2.42.0 - diff --git a/0006-configure-drop-authconfig-compat-tool.patch b/0006-configure-drop-authconfig-compat-tool.patch deleted file mode 100644 index 926549c..0000000 --- a/0006-configure-drop-authconfig-compat-tool.patch +++ /dev/null @@ -1,1510 +0,0 @@ -From 3687d4e28a45b1896165e2e1d029fc81bf5a2a11 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 23 Feb 2024 13:25:50 +0100 -Subject: [PATCH 06/11] configure: drop authconfig compat tool - -authconfig-compat tool is now dropped and it can no longer be -enabled via configure switch ---- - Makefile.am | 1 - - configure.ac | 2 - - po/POTFILES.in | 6 - - src/compat/Makefile.am | 47 -- - src/compat/authcompat.py.in.in | 665 ----------------------- - src/compat/authcompat_ConfigSnippet.py | 92 ---- - src/compat/authcompat_EnvironmentFile.py | 216 -------- - src/compat/authcompat_Options.py | 326 ----------- - src/compat/snippets/authconfig-krb.conf | 14 - - src/compat/snippets/authconfig-sssd.conf | 18 - - src/conf_macros.m4 | 9 - - 11 files changed, 1396 deletions(-) - delete mode 100644 src/compat/Makefile.am - delete mode 100755 src/compat/authcompat.py.in.in - delete mode 100644 src/compat/authcompat_ConfigSnippet.py - delete mode 100644 src/compat/authcompat_EnvironmentFile.py - delete mode 100644 src/compat/authcompat_Options.py - delete mode 100644 src/compat/snippets/authconfig-krb.conf - delete mode 100644 src/compat/snippets/authconfig-sssd.conf - -diff --git a/Makefile.am b/Makefile.am -index 1c9b88d47f809cb218d19887734769f12b944bb4..befa38ba16f2ff6659fe452c4e4f8d9f646b3d84 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -2,7 +2,6 @@ SUBDIRS= \ - po \ - profiles \ - src/common \ -- src/compat \ - src/lib \ - src/cli \ - src/tests \ -diff --git a/configure.ac b/configure.ac -index 3a355bb78dd8040cd91f32e5602a55bf34a9563b..612763702cda22737ad841dd246dafbb607c0bed 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -51,8 +51,6 @@ AC_CONFIG_FILES([Makefile - profiles/Makefile - rpm/authselect.spec - src/common/Makefile -- src/compat/authcompat.py.in -- src/compat/Makefile - src/cli/Makefile - src/lib/Makefile - src/lib/authselect.pc -diff --git a/po/POTFILES.in b/po/POTFILES.in -index 2e7fbc89bbffe3a7584cf48bb99509d0912854e9..1380ba855ab4c9c2d35f956736cb195d4890042d 100644 ---- a/po/POTFILES.in -+++ b/po/POTFILES.in -@@ -26,9 +26,3 @@ src/common/format.c - # Command line tool - src/cli/cli_tool.c - src/cli/main.c -- --# Compat tool --src/compat/authcompat_ConfigSnippet.py --src/compat/authcompat_EnvironmentFile.py --src/compat/authcompat_Options.py --src/compat/authcompat.py.in.in -diff --git a/src/compat/Makefile.am b/src/compat/Makefile.am -deleted file mode 100644 -index 5928e53a22d432247a2ce1e120dcad699d3c961e..0000000000000000000000000000000000000000 ---- a/src/compat/Makefile.am -+++ /dev/null -@@ -1,47 +0,0 @@ --if BUILD_COMPAT --expand_prefix = \ -- ( \ -- $(SED) -e 's,$${exec_prefix},$(exec_prefix),g' | \ -- $(SED) -e 's,$${prefix},$(prefix),g' \ -- ) -- --generated_files = \ -- authcompat.py \ -- $(NULL) -- --expand_files: -- for FILE in $(generated_files) ; do \ -- $(expand_prefix) < $$FILE.in > $$FILE ; \ -- done -- --.PHONY: expand_files --BUILT_SOURCES = expand_files -- --CLEANFILES = \ -- $(generated_files) \ -- $(NULL) -- --pkgpython_SCRIPTS = \ -- authcompat.py \ -- $(NULL) -- --dist_pkgpython_DATA = \ -- authcompat_ConfigSnippet.py \ -- authcompat_EnvironmentFile.py \ -- authcompat_Options.py \ -- $(NULL) -- --snippetsdir = $(pkgpythondir)/snippets --dist_snippets_DATA = \ -- snippets/authconfig-krb.conf \ -- snippets/authconfig-sssd.conf \ -- $(NULL) -- --# Create symbolic link that will replace authconfig --install-exec-hook: -- $(MKDIR_P) $(DESTDIR)/$(sbindir) -- $(LN_S) -f $(pkgpythondir)/authcompat.py $(DESTDIR)/$(sbindir)/authconfig -- --uninstall-local: -- $(RM) $(DESTDIR)/$(sbindir)/authconfig --endif -diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in -deleted file mode 100755 -index 6bea49829410e280ea06d19e265bad552ac93b02..0000000000000000000000000000000000000000 ---- a/src/compat/authcompat.py.in.in -+++ /dev/null -@@ -1,665 +0,0 @@ --#!@PYTHON_BIN@ --# -*- coding: utf-8 -*- --# --# Authors: --# Pavel Březina --# --# Copyright (C) 2018 Red Hat --# --# This program is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 3 of the License, or --# (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program. If not, see . --# -- --import os --import sys --import locale --import gettext --import subprocess -- -- --from authcompat_Options import Options --from authcompat_EnvironmentFile import EnvironmentFile --from authcompat_ConfigSnippet import ConfigSnippet -- --_ = gettext.gettext -- -- --def eprint(*args, **kwargs): -- print(*args, file=sys.stderr, **kwargs) -- -- --class Command: -- TEST = False -- -- def __init__(self, command, args, input=None, check=True): -- self.args = [command] + args -- self.input = input.encode() if input is not None else None -- self.check = check -- self.result = None -- -- def run(self): -- print(_("Executing: %s") % ' '.join(self.args)) -- -- if self.TEST: -- return -- -- self.result = subprocess.run(self.args, check=self.check, -- input=self.input, -- stdout=subprocess.PIPE, -- stderr=subprocess.PIPE) -- -- --class Service: -- def __init__(self, name): -- self.name = name + '.service' -- -- def runsystemd(self, command, required, enoent_code): -- try: -- command.run() -- except subprocess.CalledProcessError as result: -- if required and result.returncode == enoent_code: -- eprint(_("Service %s was not found. Please install the service.") -- % self.name) -- elif result.returncode != enoent_code: -- eprint(_("Command [%s] failed with %d, stderr:") -- % (' '.join(result.cmd), result.returncode)) -- eprint(result.stderr.decode()) -- -- def enable(self): -- cmd = Command(Path.System("cmd-systemctl"), ["enable", self.name]) -- self.runsystemd(cmd, True, 1) -- -- def disable(self): -- cmd = Command(Path.System("cmd-systemctl"), ["disable", self.name]) -- self.runsystemd(cmd, False, 1) -- -- def start(self, Restart=True): -- if Restart: -- self.stop() -- cmd = Command(Path.System("cmd-systemctl"), ["start", self.name]) -- self.runsystemd(cmd, True, 5) -- -- def stop(self): -- cmd = Command(Path.System("cmd-systemctl"), ["stop", self.name]) -- self.runsystemd(cmd, False, 5) -- -- --class Path: -- LocalDir = os.path.dirname(os.path.realpath(__file__)) -- Config = EnvironmentFile(LocalDir + "/authcompat_paths") -- -- Files = { -- 'ldap.conf': '@sysconfdir@/openldap/ldap.conf', -- 'krb5.conf': '@sysconfdir@/krb5.conf.d/authconfig-krb.conf', -- 'sssd.conf': '@sysconfdir@/sssd/conf.d/authconfig-sssd.conf', -- 'authconfig': '@sysconfdir@/sysconfig/authconfig', -- 'network': '@sysconfdir@/sysconfig/network', -- 'pwquality.conf': '@sysconfdir@/security/pwquality.conf.d/10-authconfig-pwquality.conf', -- 'yp.conf': '@sysconfdir@/yp.conf', -- 'cmd-systemctl': '@bindir@/systemctl', -- 'cmd-authselect': '@bindir@/authselect', -- 'cmd-realm': '@sbindir@/realm', -- 'cmd-domainname': '@bindir@/domainname', -- 'cmd-setsebool': '@sbindir@/setsebool' -- } -- -- @staticmethod -- def Local(relpath): -- return "%s/%s" % (Path.LocalDir, relpath) -- -- @staticmethod -- def System(name): -- return Path.Files[name] -- -- --class Configuration: -- class Base(object): -- def __init__(self, options, ServiceName=None): -- self.options = options -- self.service = None -- if ServiceName is not None: -- self.service = Service(ServiceName) -- -- def isEnabled(self): -- return True -- -- def isDisabled(self): -- return not self.isEnabled() -- -- def enableService(self, nostart): -- if self.service is None: -- return -- -- self.service.enable() -- -- if not nostart: -- self.service.start() -- -- def disableService(self, nostop): -- if self.service is None: -- return -- -- self.service.disable() -- -- if not nostop: -- self.service.stop() -- -- def cleanup(self): -- return -- -- def write(self): -- return -- -- def get(self, name): -- return self.options.get(name) -- -- def isset(self, name): -- return self.options.isset(name) -- -- def getTrueOrNone(self, name): -- return self.options.getTrueOrNone(name) -- -- def getBool(self, name): -- return self.options.getBool(name) -- -- def getBoolAsValue(self, name, if_true, if_false, AllowNone=False): -- if AllowNone and not self.isset(name): -- return None -- -- value = self.getBool(name) -- if value: -- return if_true -- -- return if_false -- -- def removeFile(self, filename): -- print(_("Removing file: %s") % filename) -- if self.options.getBool("test-call"): -- return -- -- try: -- os.remove(filename) -- except FileNotFoundError: -- return -- -- class LDAP(Base): -- def __init__(self, options): -- super(Configuration.LDAP, self).__init__(options) -- -- def write(self): -- config = EnvironmentFile(Path.System('ldap.conf'), " ", -- delimiter_re=r"\s\t", quotes=False) -- if self.isset("ldapserver"): -- config.set("URI", self.get("ldapserver")) -- -- if self.isset("ldapbasedn"): -- config.set("BASE", self.get("ldapbasedn")) -- -- config.write() -- -- class Kerberos(Base): -- def __init__(self, options): -- super(Configuration.Kerberos, self).__init__(options) -- -- def isEnabled(self): -- if not self.isset("krb5realm") and not self.isset("krb5realmdns"): -- return None -- -- return self.get("krb5realm") != "" or self.getBool("krb5realmdns") -- -- def cleanup(self): -- # Do not remove the file if these options are not set -- if not self.isset("krb5realm") and not self.isset("krb5realmdns"): -- return -- -- self.removeFile(Path.System('krb5.conf')) -- -- def write(self): -- if self.isDisabled(): -- return -- -- path = Path.Local("snippets/authconfig-krb.conf") -- config = ConfigSnippet(path, Path.System('krb5.conf')) -- realm = self.get("krb5realm") -- -- keys = { -- 'realm': self.get("krb5realm"), -- 'kdc-srv': self.get("krb5kdcdns"), -- 'realm-srv': self.get("krb5realmdns"), -- 'kdc': self.get("krb5kdc") if realm else None, -- 'adminserver': self.get("krb5adminserver") if realm else None, -- 'domain': realm.lower() if realm else None -- } -- -- config.write(keys) -- -- class Network(Base): -- def __init__(self, options): -- super(Configuration.Network, self).__init__(options) -- -- def write(self): -- nisdomain = self.get("nisdomain") -- config = EnvironmentFile(Path.System('network')) -- -- if nisdomain is None: -- return -- -- config.set("NISDOMAIN", nisdomain) -- config.write() -- -- class SSSD(Base): -- def __init__(self, options): -- super(Configuration.SSSD, self).__init__(options, ServiceName="sssd") -- -- def isEnabled(self): -- if not self.isset("ldap") and not self.isset("sssd"): -- return None -- -- return self.getBool("ldap") or self.getBool("sssd") -- -- def cleanup(self): -- self.removeFile(Path.System('sssd.conf')) -- -- def write(self): -- # Authconfig would not generate sssd in this case so we should not -- # either. Even if --enablesssd[auth] was provided the configuration -- # would not be generated. -- if not self.getBool("ldap"): -- return -- -- path = Path.Local("snippets/authconfig-sssd.conf") -- config = ConfigSnippet(path, Path.System('sssd.conf')) -- -- schema = "rfc2307bis" if self.getBool("rfc2307bis") else None -- -- keys = { -- 'ldap-uri': self.get("ldapserver"), -- 'ldap-basedn': self.get("ldapbasedn"), -- 'ldap-tls': self.getTrueOrNone("ldaptls"), -- 'ldap-schema': schema, -- 'krb5': self.getTrueOrNone("krb5"), -- 'kdc-uri': self.get("krb5kdc"), -- 'kpasswd-uri': self.get("krb5adminserver"), -- 'realm': self.get("krb5realm"), -- 'cache-creds': self.getTrueOrNone("cachecreds"), -- 'cert-auth': self.getTrueOrNone("smartcard") -- } -- -- config.write(keys) -- os.chmod(Path.System('sssd.conf'), mode=0o600) -- -- class Winbind(Base): -- def __init__(self, options): -- super(Configuration.Winbind, self).__init__(options, ServiceName="winbind") -- -- def isEnabled(self): -- if not self.isset("winbind") and not self.isset("winbindauth"): -- return None -- -- return self.getBool("winbind") or self.getBool("winbindauth") -- -- def write(self): -- if not self.isset("winbindjoin"): -- return -- -- creds = self.options.get("winbindjoin").split("%", 1) -- -- user = creds[0] -- password = None -- if len(creds) > 1: -- password = creds[1] + '\n' -- -- args = [ -- 'join', -- '-U', '"%s"' % user, -- '--client-software', 'winbind' -- ] -- -- if self.isset("smbworkgroup"): -- args.append(self.get("smbworkgroup")) -- -- cmd = Command(Path.System('cmd-realm'), args, input=password) -- try: -- cmd.run() -- except FileNotFoundError: -- eprint(_("%s was not found. Please, install realmd.") -- % Path.System('cmd-realm')) -- -- class PWQuality(Base): -- def __init__(self, options): -- super(Configuration.PWQuality, self).__init__(options) -- -- def write(self): -- config = EnvironmentFile(Path.System('pwquality.conf')) -- value_set = False -- -- pwopts = { -- "minlen": self.get("passminlen"), -- "minclass": self.get("passminclass"), -- "maxrepeat": self.get("passmaxrepeat"), -- "maxclassrepeat": self.get("passmaxclassrepeat"), -- "lcredit": self.getBoolAsValue("reqlower", -1, 0, AllowNone=True), -- "ucredit": self.getBoolAsValue("requpper", -1, 0, AllowNone=True), -- "dcredit": self.getBoolAsValue("reqdigit", -1, 0, AllowNone=True), -- "ocredit": self.getBoolAsValue("reqother", -1, 0, AllowNone=True) -- } -- -- # Write options only if their are actually set -- for opt, value in pwopts.items(): -- if value is not None: -- print(opt + "=" + str(value)) -- config.set(opt, value) -- value_set = True -- -- if value_set: -- config.write() -- -- class MakeHomedir(Base): -- def __init__(self, options): -- super(Configuration.MakeHomedir, self).__init__(options, ServiceName="oddjobd") -- -- def isEnabled(self): -- if not self.isset("mkhomedir"): -- return None -- -- return self.getBool("mkhomedir") -- -- def disableService(self, nostop): -- # Never disable the service in case it is already running as -- # other applications may depend on it. -- return -- -- class NIS(Base): -- def __init__(self, options): -- super(Configuration.NIS, self).__init__(options) -- self.rpcbind = Service("rpcbind") -- self.ypbind = Service("ypbind") -- -- def isEnabled(self): -- if not self.isset("nis"): -- return None -- -- return self.getBool("nis") -- -- def enableService(self, nostart): -- if not self.isset("nisdomain"): -- return -- -- nisdom = self.get("nisdomain") -- -- if not nostart: -- cmd = Command(Path.System('cmd-domainname'), [nisdom]) -- cmd.run() -- -- cmd = Command(Path.System('cmd-setsebool'), -- ['-P', 'allow_ypbind', '1']) -- cmd.run() -- -- self.rpcbind.enable() -- self.ypbind.enable() -- -- if not nostart: -- self.rpcbind.start(Restart=False) -- self.ypbind.start() -- -- def disableService(self, nostop): -- if not nostop: -- cmd = Command(Path.System('cmd-domainname'), ["(none)"]) -- cmd.run() -- -- cmd = Command(Path.System('cmd-setsebool'), -- ['-P', 'allow_ypbind', '0']) -- cmd.run() -- -- self.rpcbind.disable() -- self.ypbind.disable() -- -- if not nostop: -- self.rpcbind.stop() -- self.ypbind.stop() -- -- def write(self): -- if not self.isset("nisdomain"): -- return -- -- output = "domain " + self.get("nisdomain") -- -- additional_servers = [] -- if self.isset("nisserver"): -- servers = self.get("nisserver").split(",") -- additional_servers = servers[1:] -- output += " server " + servers[0] + "\n" -- else: -- output += " broadcast\n" -- -- for server in additional_servers: -- output += "ypserver " + server + "\n" -- -- filename = Path.System('yp.conf') -- if self.getBool("test-call"): -- print("========== BEGIN Content of [%s] ==========" % filename) -- print(output) -- print("========== END Content of [%s] ==========\n" % filename) -- return -- -- with open(filename, "w") as f: -- f.write(output) -- -- --class AuthCompat: -- def __init__(self): -- self.sysconfig = EnvironmentFile(Path.System('authconfig')) -- self.options = Options() -- -- self.options.parse() -- self.options.applysysconfig(self.sysconfig) -- self.options.updatesysconfig(self.sysconfig) -- -- def printWarning(self): -- print(_("Running authconfig compatibility tool.")) -- print(_("The purpose of this tool is to enable authentication against " -- "chosen services with authselect and minimum configuration. " -- "It does not provide all capabilities of authconfig.\n")) -- print(_("IMPORTANT: authconfig is replaced by authselect, " -- "please update your scripts.")) -- print(_("See Fedora 28 Change Page: https://fedoraproject.org/wiki/Changes/AuthselectAsDefault")) -- print(_("See man authselect-migration(7) to help you with migration to authselect")) -- -- options = self.options.getSetButUnsupported() -- if options: -- print(_("Warning: These options are not supported anymore " -- "and have no effect:")) -- for name in options: -- print(" --%s" % name) -- -- print("") -- -- def printOptions(self): -- for option in Options.List: -- print("%s=%s" % (option.name, option.value)) -- -- def printSysconfig(self): -- for line in self.sysconfig.getall(): -- print("%s=%s" % (line.name, line.value)) -- -- def canContinue(self): -- disallowed = ["test", "probe", "restorebackup", "restorelastbackup"] -- required = ["update", "updateall", "kickstart"] -- -- if not self.options.getBool("test") and os.getuid() != 0: -- print(_("authconfig can only be run as root")) -- return False -- -- for option in disallowed: -- if self.options.getBool(option): -- print(_("Error: option --%s is no longer supported and we " -- "cannot continue if it is set." % option)) -- return False -- -- if self.options.getBool("winbind") != self.options.getBool("winbindauth"): -- print(_("Error: Both --enablewinbind and --enablewinbindauth must be set.")) -- return False -- -- # We require one of these options to perform changes -- # We encourage to use --updateall since we no longer support just pure -- # --update or --kickstart, they will act as --updateall. -- for option in required: -- if self.options.getBool(option): -- return True -- -- print(_("Error: Please, provide --updateall option.")) -- return False -- -- def runAuthselect(self): -- map = { -- 'smartcard': 'with-smartcard', -- 'requiresmartcard': 'with-smartcard-required', -- 'fingerprint': 'with-fingerprint', -- 'ecryptfs': 'with-ecryptfs', -- 'mkhomedir': 'with-mkhomedir', -- 'faillock': 'with-faillock', -- 'pamaccess': 'with-pamaccess', -- 'winbindkrb5': 'with-krb5' -- } -- -- # Read current configuration first. -- (profile, features) = self.getCurrentAuthselectConfig() -- -- # Change profile if requested. -- if (self.options.getBool("ldap") -- or self.options.getBool("ldapauth") -- or self.options.getBool("sssd") -- or self.options.getBool("sssdauth")): -- profile = "sssd" -- elif self.options.getBool("nis"): -- profile = "nis" -- elif self.options.getBool("winbind"): -- profile = "winbind" -- -- # Default to sssd -- if profile is None: -- profile = "sssd" -- -- # Add enabled and remove disabled features. -- for option, feature in map.items(): -- if not self.options.isset(option): -- continue -- -- enabled = self.options.getBool(option) -- if enabled: -- features.append(feature) -- else: -- while feature in features: -- features.remove(feature) -- -- # Add lock-on-smartcard-removal if requested -- if self.options.isset("smartcardaction"): -- if int(self.options.get("smartcardaction")) == 0: -- features.append("with-smartcard-lock-on-removal") -- else: -- features.remove("with-smartcard-lock-on-removal") -- -- # Remove duplicates. The order is not kept but that does not matter. -- features = list(set(features)) -- -- # Always run with --force. This is either first call of authconfig -- # in installation script or it is run on already configured system. -- # We want to use authselect in both cases anyway, since authconfig -- # would change the configuration either way. -- args = ["select", profile] -- args.extend(features) -- args.append("--force") -- -- cmd = Command(Path.System('cmd-authselect'), args) -- cmd.run() -- -- def getCurrentAuthselectConfig(self): -- cmd = Command(Path.System('cmd-authselect'), ['check'], check=False) -- cmd.run() -- -- if cmd.result is None or cmd.result.returncode != 0: -- return (None, []) -- -- cmd = Command(Path.System('cmd-authselect'), ['current', '--raw']) -- cmd.run() -- -- current = cmd.result.stdout.decode("utf-8").split() -- return (current[0], current[1:]) -- -- def writeConfiguration(self): -- configs = [ -- Configuration.LDAP(self.options), -- Configuration.Network(self.options), -- Configuration.Kerberos(self.options), -- Configuration.SSSD(self.options), -- Configuration.Winbind(self.options), -- Configuration.PWQuality(self.options), -- Configuration.MakeHomedir(self.options), -- Configuration.NIS(self.options) -- ] -- -- for config in configs: -- # Configuration decides if it needs to write something or not -- config.write() -- -- # Enable or disable service if needed -- nostart = self.options.getBool("nostart") -- try: -- enabled = config.isEnabled() -- -- # Skip service management if it can not be decided -- if enabled is None: -- continue -- -- if enabled: -- config.enableService(nostart) -- else: -- config.disableService(nostart) -- config.cleanup() -- except subprocess.CalledProcessError as result: -- # This is not fatal error. -- eprint(_("Command [%s] failed with %d, stderr:") -- % (' '.join(result.cmd), result.returncode)) -- eprint(result.stderr.decode()) -- -- --def main(): -- try: -- locale.setlocale(locale.LC_ALL, '') -- except locale.Error: -- sys.stderr.write('Warning: Unsupported locale setting.\n') -- -- authcompat = AuthCompat() -- authcompat.printWarning() -- -- Command.TEST = authcompat.options.getBool("test-call") -- EnvironmentFile.TEST = authcompat.options.getBool("test-call") -- ConfigSnippet.TEST = authcompat.options.getBool("test-call") -- -- if not authcompat.canContinue(): -- sys.exit(1) -- -- try: -- authcompat.runAuthselect() -- authcompat.writeConfiguration() -- authcompat.sysconfig.write() -- except subprocess.CalledProcessError as result: -- eprint(_("Command [%s] failed with %d, stderr:") -- % (' '.join(result.cmd), result.returncode)) -- eprint(result.stderr.decode()) -- -- sys.exit(0) -- -- --if __name__ == "__main__": -- main() -diff --git a/src/compat/authcompat_ConfigSnippet.py b/src/compat/authcompat_ConfigSnippet.py -deleted file mode 100644 -index 01033ea0ab71e0eb235f03f1fb2a6aec124e2286..0000000000000000000000000000000000000000 ---- a/src/compat/authcompat_ConfigSnippet.py -+++ /dev/null -@@ -1,92 +0,0 @@ --# -*- coding: utf-8 -*- --# --# Authors: --# Pavel Březina --# --# Copyright (C) 2018 Red Hat --# --# This program is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 3 of the License, or --# (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program. If not, see . --# -- --import errno --import os --import re -- -- --class ConfigSnippet: -- TEST = False -- -- AllKeysRE = re.compile(r'\${\??(?P[\w-]*)}') -- DummyKeysRE = re.compile(r'\${\?[\w-]*}') -- -- def __init__(self, template, destination): -- with open(template, "r") as f: -- self.template = f.read() -- -- self.destination = destination -- -- def generate(self, values): -- # First remove lines containing key that is not set -- lines = self.template.split('\n') -- remove = [] -- -- for idx, line in enumerate(lines): -- for match in self.AllKeysRE.finditer(line): -- key = match.group("key") -- if key not in values or values[key] is None: -- remove.append(idx) -- break -- -- for idx in sorted(remove, reverse=True): -- del lines[idx] -- -- # Build output string -- output = '\n'.join(lines) -- -- # Remove all dummy keys ${?key} -- output = self.DummyKeysRE.sub("", output) -- -- # Replace values -- for key, value in values.items(): -- if value is None: -- continue -- -- if type(value) is bool: -- value = "true" if value else "false" -- -- output = output.replace("${%s}" % key, value) -- -- return output -- -- def write(self, values, to_stdout=False): -- output = self.generate(values) -- -- if self.TEST: -- print("========== BEGIN Content of [%s] ==========" % self.destination) -- print(output) -- print("========== END Content of [%s] ==========\n" % self.destination) -- return -- -- dirname = os.path.dirname(self.destination) -- if not os.path.exists(dirname): -- try: -- os.makedirs(dirname) -- except OSError as exception: -- if exception.errno == errno.EEXIST and os.path.isdir(dirname): -- pass -- else: -- raise -- -- with open(self.destination, "w") as f: -- f.write(output) -diff --git a/src/compat/authcompat_EnvironmentFile.py b/src/compat/authcompat_EnvironmentFile.py -deleted file mode 100644 -index 2dabd5963ce1aa7160801415f3bf69d4a793cdd1..0000000000000000000000000000000000000000 ---- a/src/compat/authcompat_EnvironmentFile.py -+++ /dev/null -@@ -1,216 +0,0 @@ --# -*- coding: utf-8 -*- --# --# Authors: --# Pavel Březina --# --# Copyright (C) 2018 Red Hat --# --# This program is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 3 of the License, or --# (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program. If not, see . --# -- --import errno --import os --import re -- -- --class EnvironmentFile: -- TEST = False -- -- def __init__(self, filename, -- delimiter='=', delimiter_re=None, -- quotes=True): -- self.filename = filename -- self.delimiter = delimiter -- self.quotes = quotes -- self.environment = [] -- -- delimiter_re = delimiter_re if delimiter_re is not None else delimiter -- self.pattern = re.compile(r'^(\s*)(\S*)([^\n\S]*)(' -- + delimiter_re -- + r')([^\n\S]*)(.*)$', -- re.MULTILINE) -- -- self.read() -- -- def read(self): -- try: -- with open(self.filename, "r") as f: -- lines = f.readlines() -- except FileNotFoundError: -- return -- -- for line in lines: -- parsed = self.Line.Parse(line, self.pattern, -- self.delimiter, self.quotes) -- self.environment.append(parsed) -- -- def write(self): -- output = "" -- for line in self.environment: -- output = output + line.getLine() -- -- if self.TEST: -- print("========== BEGIN Content of [%s] ==========" % self.filename) -- print(output) -- print("========== END Content of [%s] ==========\n" % self.filename) -- return -- -- dirname = os.path.dirname(self.filename) -- if not os.path.exists(dirname): -- try: -- os.makedirs(dirname) -- except OSError as exception: -- if exception.errno == errno.EEXIST and os.path.isdir(dirname): -- pass -- else: -- raise -- -- with open(self.filename, "w") as f: -- f.write(output) -- -- def get(self, name, default=None): -- value = None -- for line in self.environment: -- if line.isVariable() and line.name == name: -- value = line.value -- -- if value is None: -- return default -- -- if value.lower() in [None, "no", "false", "f", "n"]: -- return False -- elif value.lower() in ["yes", "true", "t", "y"]: -- return True -- -- return value -- -- def getall(self): -- lines = [] -- for line in self.environment: -- if line.isVariable(): -- lines.append(line) -- -- return lines -- -- def set(self, name, value): -- if type(value) is bool: -- value = "yes" if value else "no" -- -- for line in self.environment: -- if line.isVariable() and line.name == name: -- line.set(name, value) -- return -- -- line = self.Line(self.delimiter, self.quotes) -- line.set(name, value) -- self.environment.append(line) -- -- class Line: -- def __init__(self, delimiter, quotes, -- name=None, value=None, original=None, fmt=None): -- self.delimiter = delimiter -- self.quotes = quotes -- self.name = name -- self.value = value -- self.original = original -- self.fmt = fmt -- -- def isVariable(self): -- return self.fmt is not None -- -- def isOriginal(self): -- return self.original is not None -- -- def set(self, name, value): -- self.name = name -- self.value = value -- if self.fmt is None: -- self.fmt = "${name}%s${value}\n" % self.delimiter -- -- def getLine(self): -- if self.isOriginal(): -- return self.original -- -- value = self.value if self.value is not None else "" -- replacement = { -- 'name': self.name, -- 'value': self.Escape(value, self.quotes) -- } -- -- line = self.fmt -- for key, value in replacement.items(): -- line = line.replace("${" + key + "}", str(value)) -- -- return line -- -- @staticmethod -- def Parse(line, pattern, delimiter, quotes): -- match = pattern.match(line) -- if line.startswith('#') or not line.strip() or not match: -- return EnvironmentFile.Line(delimiter, quotes, original=line) -- -- name = match.group(2) -- value = EnvironmentFile.Line.Unescape(match.group(6), quotes) -- fmt = "%s${name}%s%s%s${value}\n" % (match.group(1), -- match.group(3), -- match.group(4), -- match.group(5)) -- -- return EnvironmentFile.Line(delimiter, quotes, name=name, -- value=value, fmt=fmt) -- -- @staticmethod -- def Escape(value, quotes): -- if value is None: -- return "" -- -- value = str(value) -- value = value.replace("\\", "\\\\") -- value = value.replace("\"", "\\\"") -- value = value.replace("'", "\\\'") -- value = value.replace("$", "\\$") -- value = value.replace("~", "\\~") -- value = value.replace("`", "\\`") -- -- if quotes: -- if value.find(" ") > 0 or value.find("\t") > 0: -- value = "\"" + value + "\"" -- -- return value -- -- @staticmethod -- def Unescape(value, quotes): -- if not value: -- return value -- -- value = str(value) -- -- length = len(value) -- if quotes: -- if (value[0] == "\"" or value[0] == "'") and value[0] == value[length - 1]: -- value = value[1:length - 1] -- -- i = 0 -- while True: -- i = value.find("\\", i) -- if i < 0: -- break -- if i + 1 >= len(value): -- value = value[0:i] -- break -- -- value = value[0:i] + value[i + 1:] -- i += 1 -- -- return value -diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py -deleted file mode 100644 -index d26dedabdfb9519861076b58cddd0dd0eb04b7cb..0000000000000000000000000000000000000000 ---- a/src/compat/authcompat_Options.py -+++ /dev/null -@@ -1,326 +0,0 @@ --# -*- coding: utf-8 -*- --# --# Authors: --# Pavel Březina --# --# Copyright (C) 2018 Red Hat --# --# This program is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 3 of the License, or --# (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for morerequi details. --# --# You should have received a copy of the GNU General Public License --# along with this program. If not, see . --# -- --import argparse --import gettext -- --_ = gettext.gettext -- -- --class Option: -- def __init__(self, name, metavar, help, feature, supported): -- self.name = name -- self.metavar = metavar -- self.help = help -- self.feature = feature -- self.supported = supported -- self.value = None -- self.from_sysconfig = False -- -- def set(self, new_value): -- self.value = new_value -- -- def set_from_sysconfig(self, new_value): -- self.set(new_value) -- self.from_sysconfig = True -- -- def isset(self): -- return self.value is not None -- -- @staticmethod -- def Valued(name, metavar, help): -- return Option(name, metavar, help, feature=False, supported=True) -- -- @staticmethod -- def Switch(name, help): -- return Option(name, None, help, feature=False, supported=True) -- -- @staticmethod -- def Feature(name, help): -- return Option(name, None, help, feature=True, supported=True) -- -- @staticmethod -- def UnsupportedValued(name, metavar): -- return Option(name, metavar, None, feature=False, supported=False) -- -- @staticmethod -- def UnsupportedFeature(name): -- return Option(name, None, None, feature=True, supported=False) -- -- @staticmethod -- def UnsupportedSwitch(name): -- return Option(name, None, None, feature=False, supported=False) -- -- --class Options: -- List = [ -- # These options are still supported in authconfig compatibility -- # layers. The tool will do its best to translate them to authselect -- # call and where needed, it will generate a configuration file. -- # -- # However, they will just make sure that an authentication against -- # expected service is working. They may not result in the exact same -- # configuration as authconfig would generate. -- Option.Feature("nis", _("NIS for user information by default")), -- Option.Valued("nisdomain", _(""), _("default NIS domain")), -- Option.Valued("nisserver", _(""), _("default NIS server")), -- Option.Feature("ldap", _("LDAP for user information by default")), -- Option.Feature("ldapauth", _("LDAP for authentication by default")), -- Option.Valued("ldapserver", _(""), _("default LDAP server hostname or URI")), -- Option.Valued("ldapbasedn", _(""), _("default LDAP base DN")), -- Option.Feature("ldaptls", _("use of TLS with LDAP (RFC-2830)")), -- Option.Feature("ldapstarttls", _("use of TLS for identity lookups with LDAP (RFC-2830)")), -- Option.Feature("rfc2307bis", _("use of RFC-2307bis schema for LDAP user information lookups")), -- Option.Feature("smartcard", _("authentication with smart card by default")), -- Option.Valued("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")), -- Option.Feature("requiresmartcard", _("require smart card for authentication by default")), -- Option.Feature("fingerprint", _("authentication with fingerprint readers by default")), -- Option.Feature("ecryptfs", _("automatic per-user ecryptfs")), -- Option.Feature("krb5", _("Kerberos authentication by default")), -- Option.Valued("krb5kdc", _(""), _("default Kerberos KDC")), -- Option.Valued("krb5adminserver", _(""), _("default Kerberos admin server")), -- Option.Valued("krb5realm", _(""), _("default Kerberos realm")), -- Option.Feature("krb5kdcdns", _("use of DNS to find Kerberos KDCs")), -- Option.Feature("krb5realmdns", _("use of DNS to find Kerberos realms")), -- Option.Feature("winbind", _("winbind for user information by default")), -- Option.Feature("winbindauth", _("winbind for authentication by default")), -- Option.Valued("winbindjoin", _(""), _("join the winbind domain or ads realm now as this administrator")), -- Option.Feature("winbindkrb5", _("Kerberos 5 for authenticate with winbind")), -- Option.Valued("smbworkgroup", _(""), _("workgroup authentication servers are in")), -- Option.Feature("sssd", _("SSSD for user information by default with manually managed configuration")), -- Option.Feature("sssdauth", _("SSSD for authentication by default with manually managed configuration")), -- Option.Feature("cachecreds", _("caching of user credentials in SSSD by default")), -- Option.Feature("pamaccess", _("check of access.conf during account authorization")), -- Option.Feature("mkhomedir", _("creation of home directories for users on their first login")), -- Option.Feature("faillock", _("account locking in case of too many consecutive authentication failures")), -- Option.Valued("passminlen", _(""), _("minimum length of a password")), -- Option.Valued("passminclass", _(""), _("minimum number of character classes in a password")), -- Option.Valued("passmaxrepeat", _(""), _("maximum number of same consecutive characters in a password")), -- Option.Valued("passmaxclassrepeat", _(""), _("maximum number of consecutive characters of same class in a password")), -- Option.Feature("reqlower", _("require at least one lowercase character in a password")), -- Option.Feature("requpper", _("require at least one uppercase character in a password")), -- Option.Feature("reqdigit", _("require at least one digit in a password")), -- Option.Feature("reqother", _("require at least one other character in a password")), -- -- # Program options -- Option.Switch("nostart", _("do not start/stop services")), -- Option.Switch("updateall", _("update all configuration files")), -- Option.Switch("update", _("the same as --updateall")), -- Option.Switch("kickstart", _("the same as --updateall")), -- -- # Hidden compat tool option, useful for testing. No changes to the -- # system will be done, they will be printed. -- Option.Switch("test-call", argparse.SUPPRESS), -- -- # Unsupported program options but we have to react somehow when set -- Option.UnsupportedSwitch("test"), -- Option.UnsupportedSwitch("probe"), -- Option.UnsupportedValued("savebackup", _("")), -- Option.UnsupportedValued("restorebackup", _("")), -- Option.UnsupportedSwitch("restorelastbackup"), -- -- # These options are no longer supported in authconfig compatibility -- # layers and will produce warning when used. They will not affect -- # the system. -- Option.UnsupportedFeature("cache"), -- Option.UnsupportedFeature("shadow"), -- Option.UnsupportedSwitch("useshadow"), -- Option.UnsupportedFeature("md5"), -- Option.UnsupportedSwitch("usemd5"), -- Option.UnsupportedValued("passalgo", _("")), -- Option.UnsupportedValued("ldaploadcacert", _("")), -- Option.UnsupportedValued("smartcardmodule", _("")), -- Option.UnsupportedValued("smbsecurity", _("")), -- Option.UnsupportedValued("smbrealm", _("")), -- Option.UnsupportedValued("smbservers", _("")), -- Option.UnsupportedValued("smbidmaprange", _("")), -- Option.UnsupportedValued("smbidmapuid", _("")), -- Option.UnsupportedValued("smbidmapgid", _("")), -- Option.UnsupportedValued("winbindseparator", _("<\\>")), -- Option.UnsupportedValued("winbindtemplatehomedir", _("")), -- Option.UnsupportedValued("winbindtemplateshell", _("")), -- Option.UnsupportedFeature("winbindusedefaultdomain"), -- Option.UnsupportedFeature("winbindoffline"), -- Option.UnsupportedFeature("preferdns"), -- Option.UnsupportedFeature("forcelegacy"), -- Option.UnsupportedFeature("locauthorize"), -- Option.UnsupportedFeature("sysnetauth"), -- Option.UnsupportedValued("faillockargs", _("")), -- ] -- -- Map = { -- # These options were use with autodetection of pam_cracklib -- # and pam_passwdqc. However, authselect supports only pam_pwquality. -- # "USEPWQUALITY" : "", -- # "USEPASSWDQC" : "", -- "USEFAILLOCK": "faillock", -- "FAILLOCKARGS": "faillockargs", -- "USELDAP": "ldap", -- "USENIS": "nis", -- "USEECRYPTFS": "ecryptfs", -- "USEWINBIND": "winbind", -- "WINBINDKRB5": "winbindkrb5", -- "USESSSD": "sssd", -- "USEKERBEROS": "krb5", -- "USELDAPAUTH": "ldapauth", -- "USESMARTCARD": "smartcard", -- "FORCESMARTCARD": "requiresmartcard", -- "USEFPRINTD": "fingerprint", -- "PASSWDALGORITHM": "passalgo", -- "USEMD5": "md5", -- "USESHADOW": "shadow", -- "USEWINBINDAUTH": "winbindauth", -- "USESSSDAUTH": "sssdauth", -- "USELOCAUTHORIZE": "locauthorize", -- "USEPAMACCESS": "pamaccess", -- "USEMKHOMEDIR": "mkhomedir", -- "USESYSNETAUTH": "sysnetauth", -- "FORCELEGACY": "forcelegacy", -- "CACHECREDENTIALS": "cachecreds", -- } -- -- def __init__(self): -- self.options = {} -- -- for option in self.List: -- self.options[option.name] = option -- -- def parse(self): -- parser = argparse.ArgumentParser(description='Authconfig Compatibility Tool.') -- -- parsers = { -- 'supported': parser.add_argument_group(_('These options have a compatibility layer')), -- 'unsupported': parser.add_argument_group(_('These options are no longer supported and have no effect')) -- } -- -- for option in self.List: -- group = 'supported' if option.supported else 'unsupported' -- self.add_option(parsers[group], option) -- -- cmdline = parser.parse_args() -- -- for name, option in self.options.items(): -- value = getattr(cmdline, name) -- option.set(value) -- -- # usemd5 and useshadow are equivalent to enablemd5 and enableshadow -- if not self.isset('md5') and self.isset('usemd5'): -- self.set('md5', self.get('usemd5')) -- -- if not self.isset('shadow') and self.isset('useshadow'): -- self.set('shadow', self.get('useshadow')) -- -- # ldapstarttls is equivalent to ldaptls -- if self.isset('ldapstarttls') and not self.isset('ldaptls'): -- self.set('ldaptls', self.get('ldapstarttls')) -- -- def applysysconfig(self, sysconfig): -- for name, option in self.Map.items(): -- if not self.isset(option): -- self.options[option].set_from_sysconfig(sysconfig.get(name)) -- -- def updatesysconfig(self, sysconfig): -- for name, option in self.Map.items(): -- if self.isset(option): -- sysconfig.set(name, self.get(option)) -- -- def get(self, name): -- return self.options[name].value -- -- def set(self, name, value): -- self.options[name].set(value) -- -- def isset(self, name): -- return self.options[name].isset() -- -- def getBool(self, name): -- value = self.get(name) -- if value is None or not value: -- return False -- return True -- -- def getTrueOrNone(self, name): -- value = self.get(name) -- if value is None or not value: -- return None -- return True -- -- def getSetButUnsupported(self): -- options = [] -- for option in Options.List: -- if option.supported: -- continue -- -- if not option.isset(): -- continue -- -- if option.from_sysconfig: -- continue -- -- name = option.name -- if option.feature: -- name = "enable" + name if option.value else "disable" + name -- -- options.append(name) -- -- return options -- -- def add_option(self, parser, option): -- if option.metavar is not None: -- self.add_valued(parser, option) -- elif option.feature: -- self.add_feature(parser, option) -- else: -- self.add_switch(parser, option) -- -- def add_valued(self, parser, option): -- parser.add_argument("--" + option.name, -- action='store', -- help=option.help, -- dest=option.name, -- metavar=option.metavar) -- -- def add_switch(self, parser, option): -- parser.add_argument("--" + option.name, -- action='store_const', -- const=True, -- help=option.help, -- dest=option.name) -- -- def add_feature(self, parser, option): -- help_enable = None -- help_disable = None -- -- if option.help is not None: -- help_enable = _("enable") + " " + option.help -- help_disable = _("disable") + " " + option.help -- -- parser.add_argument("--enable" + option.name, -- action='store_const', -- const=True, -- help=help_enable, -- dest=option.name) -- -- parser.add_argument("--disable" + option.name, -- action='store_const', -- const=False, -- help=help_disable, -- dest=option.name) -diff --git a/src/compat/snippets/authconfig-krb.conf b/src/compat/snippets/authconfig-krb.conf -deleted file mode 100644 -index e5ace8626321795c009ed9c0050cd35cab6a8ee0..0000000000000000000000000000000000000000 ---- a/src/compat/snippets/authconfig-krb.conf -+++ /dev/null -@@ -1,14 +0,0 @@ --[libdefaults] -- dns_lookup_kdc = ${kdc-srv} -- dns_lookup_realm = ${realm-srv} -- default_realm = ${realm} -- --[realms] -- ${realm} = { -- kdc = ${kdc} -- admin_server = ${adminserver} -- ${?realm}} -- --[domain_realm] -- ${domain} = ${realm} -- .${domain} = ${realm} -diff --git a/src/compat/snippets/authconfig-sssd.conf b/src/compat/snippets/authconfig-sssd.conf -deleted file mode 100644 -index 13bd1dcb84c0b4a983d19dc00d8a73e4c7c2cee4..0000000000000000000000000000000000000000 ---- a/src/compat/snippets/authconfig-sssd.conf -+++ /dev/null -@@ -1,18 +0,0 @@ --[sssd] --domains = default -- --[domain/default] --id_provider = ldap --auth_provider${?krb5} = krb5 --ldap_uri = ${ldap-uri} --ldap_search_base = ${ldap-basedn} --ldap_id_use_start_tls = ${ldap-tls} --ldap_schema = ${ldap-schema} --krb5_server${?krb5} = ${kdc-uri} --krb5_kpasswd${?krb5} = ${kpasswd-uri} --krb5_realm${?krb5} = ${realm} --krb5_store_password_if_offline${?krb5} = ${cache-credentials} --cache_credentials = ${cache-credentials} -- --[pam]${?cert-auth} --pam_cert_auth = ${cert-auth} -diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 -index ae8fa0274e038e98115d000717487dbdbc04df4c..8dafd94cf57398ce1c654d83289d210ac730d14d 100644 ---- a/src/conf_macros.m4 -+++ b/src/conf_macros.m4 -@@ -81,15 +81,6 @@ AS_IF([test "x$enable_debug_template_regex" = "xyes"], - ) - ) - --AC_ARG_WITH([compat], -- [AC_HELP_STRING([--with-compat], [Build with compatibility tool [no]])], -- [], with_compat=no --) --if test x"$with_compat" = xyes; then -- AM_PATH_PYTHON([3]) --fi --AM_CONDITIONAL([BUILD_COMPAT], [test x$with_compat = xyes]) -- - AC_ARG_WITH([nis-profile], - [AC_HELP_STRING([--with-nis-profile], [Install NIS profile [no]])], - [], with_nis_profile=no --- -2.42.0 - diff --git a/0007-ci-remove-python-checks.patch b/0007-ci-remove-python-checks.patch deleted file mode 100644 index 7b3fccd..0000000 --- a/0007-ci-remove-python-checks.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 23936036c5b6cd51843a7f964998f5345877fa8e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 23 Feb 2024 13:34:31 +0100 -Subject: [PATCH 07/11] ci: remove python checks - -With the compat tool gone, there is no other python script. ---- - .github/workflows/analyze.yml | 18 +----------------- - 1 file changed, 1 insertion(+), 17 deletions(-) - -diff --git a/.github/workflows/analyze.yml b/.github/workflows/analyze.yml -index 37682f068b586dc0e7ba34f1098f4009b88e7254..16b48b031519b81221de9248d65f076b2616b2f7 100644 ---- a/.github/workflows/analyze.yml -+++ b/.github/workflows/analyze.yml -@@ -25,7 +25,7 @@ jobs: - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: -- languages: cpp, python -+ languages: cpp - queries: +security-and-quality - - - name: Autobuild -@@ -33,19 +33,3 @@ jobs: - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 -- -- flake8: -- runs-on: ubuntu-latest -- permissions: -- contents: read -- steps: -- - name: Checkout repository -- uses: actions/checkout@v2 -- -- - name: Install flake8 -- run: | -- sudo apt update -- sudo apt install -y flake8 -- -- - name: Execute flake8 on the repository -- run: flake8 --ignore=W503,E501 src/compat/authcompat.py.in.in . --- -2.42.0 - diff --git a/0008-pot-update-pot-files.patch b/0008-pot-update-pot-files.patch deleted file mode 100644 index 5351deb..0000000 --- a/0008-pot-update-pot-files.patch +++ /dev/null @@ -1,2561 +0,0 @@ -From 9159f3a5306ae12139e283858f942c0891d5b098 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 23 Feb 2024 14:08:47 +0100 -Subject: [PATCH 08/11] pot: update pot files - ---- - po/authselect.pot | 536 ++++----------------- - src/man/po/authselect-migration.7.adoc.pot | 218 ++++----- - src/man/po/authselect-profiles.5.adoc.pot | 259 +++++----- - src/man/po/authselect.8.adoc.pot | 171 ++----- - 4 files changed, 349 insertions(+), 835 deletions(-) - -diff --git a/po/authselect.pot b/po/authselect.pot -index 3428c421b57a5b9b06452c986cb47856a5b48f60..77e626f303ae1d54b28e90ffd5642502c65690dc 100644 ---- a/po/authselect.pot -+++ b/po/authselect.pot -@@ -6,9 +6,9 @@ - #, fuzzy - msgid "" - msgstr "" --"Project-Id-Version: authselect 1.4.2\n" -+"Project-Id-Version: authselect 1.5.0\n" - "Report-Msgid-Bugs-To: https://github.com/authselect/authselect\n" --"POT-Creation-Date: 2023-09-27 13:03+0200\n" -+"POT-Creation-Date: 2024-02-23 14:08+0100\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -565,7 +565,7 @@ msgid "Unable to get basename of [%s]" - msgstr "" - - #: src/lib/util/dir.c:90 src/lib/util/dir.c:97 src/lib/util/file.c:126 --#: src/lib/util/file.c:199 src/cli/main.c:857 -+#: src/lib/util/file.c:199 src/cli/main.c:848 - #, c-format - msgid "Unable to stat [%s] [%d]: %s" - msgstr "" -@@ -855,7 +855,7 @@ msgstr "" - msgid "[OPTIONS...]" - msgstr "" - --#: src/cli/cli_tool.c:337 src/cli/cli_tool.c:389 src/cli/main.c:849 -+#: src/cli/cli_tool.c:337 src/cli/cli_tool.c:389 src/cli/main.c:840 - msgid "Out of memory!" - msgstr "" - -@@ -894,14 +894,14 @@ msgid "" - "\n" - msgstr "" - --#: src/cli/main.c:76 src/cli/main.c:441 src/cli/main.c:484 -+#: src/cli/main.c:76 src/cli/main.c:432 src/cli/main.c:475 - msgid "Profile identifier." - msgstr "" - --#: src/cli/main.c:79 src/cli/main.c:257 src/cli/main.c:302 src/cli/main.c:351 --#: src/cli/main.c:399 src/cli/main.c:444 src/cli/main.c:487 src/cli/main.c:660 --#: src/cli/main.c:737 src/cli/main.c:784 src/cli/main.c:824 src/cli/main.c:889 --#: src/cli/main.c:915 -+#: src/cli/main.c:79 src/cli/main.c:248 src/cli/main.c:293 src/cli/main.c:342 -+#: src/cli/main.c:390 src/cli/main.c:435 src/cli/main.c:478 src/cli/main.c:651 -+#: src/cli/main.c:728 src/cli/main.c:775 src/cli/main.c:815 src/cli/main.c:880 -+#: src/cli/main.c:906 - msgid "Unable to parse command arguments" - msgstr "" - -@@ -918,15 +918,15 @@ msgstr "" - msgid "Enforce changes" - msgstr "" - --#: src/cli/main.c:162 src/cli/main.c:250 src/cli/main.c:650 src/cli/main.c:728 -+#: src/cli/main.c:162 src/cli/main.c:241 src/cli/main.c:641 src/cli/main.c:719 - msgid "Backup system files before activating profile (generate unique name)" - msgstr "" - --#: src/cli/main.c:163 src/cli/main.c:251 src/cli/main.c:651 src/cli/main.c:729 -+#: src/cli/main.c:163 src/cli/main.c:242 src/cli/main.c:642 src/cli/main.c:720 - msgid "Backup system files before activating profile" - msgstr "" - --#: src/cli/main.c:163 src/cli/main.c:251 src/cli/main.c:651 src/cli/main.c:729 -+#: src/cli/main.c:163 src/cli/main.c:242 src/cli/main.c:642 src/cli/main.c:720 - msgid "NAME" - msgstr "" - -@@ -934,179 +934,175 @@ msgstr "" - msgid "Do not backup system files when --force is set" - msgstr "" - --#: src/cli/main.c:165 src/cli/main.c:652 -+#: src/cli/main.c:165 src/cli/main.c:643 - msgid "Do not print profile requirements" - msgstr "" - --#: src/cli/main.c:176 src/cli/main.c:414 src/cli/main.c:450 src/cli/main.c:493 --#: src/cli/main.c:525 src/cli/main.c:679 -+#: src/cli/main.c:176 src/cli/main.c:405 src/cli/main.c:441 src/cli/main.c:484 -+#: src/cli/main.c:516 src/cli/main.c:670 - #, c-format - msgid "Unable to get profile information [%d]: %s" - msgstr "" - --#: src/cli/main.c:184 src/cli/main.c:533 src/cli/main.c:687 -+#: src/cli/main.c:184 src/cli/main.c:524 src/cli/main.c:678 - msgid "Unable to read profile requirements!" - msgstr "" - --#: src/cli/main.c:192 --msgid "Unable to obtain nsswitch maps!" --msgstr "" -- --#: src/cli/main.c:207 -+#: src/cli/main.c:198 - msgid "" - "\n" - "Some unexpected changes to the configuration were detected.\n" - "Use --force parameter if you want to overwrite these changes.\n" - msgstr "" - --#: src/cli/main.c:212 -+#: src/cli/main.c:203 - #, c-format - msgid "Unable to activate profile [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:217 -+#: src/cli/main.c:208 - #, c-format - msgid "Profile \"%s\" was selected.\n" - msgstr "" - --#: src/cli/main.c:220 -+#: src/cli/main.c:211 - msgid "The following nsswitch maps are overwritten by the profile:\n" - msgstr "" - --#: src/cli/main.c:223 -+#: src/cli/main.c:214 - #, c-format - msgid "- %s\n" - msgstr "" - --#: src/cli/main.c:228 -+#: src/cli/main.c:219 - #, c-format - msgid "" - "\n" - "%s\n" - msgstr "" - --#: src/cli/main.c:269 -+#: src/cli/main.c:260 - msgid "Changes were successfully applied.\n" - msgstr "" - --#: src/cli/main.c:272 src/cli/main.c:308 src/cli/main.c:669 -+#: src/cli/main.c:263 src/cli/main.c:299 src/cli/main.c:660 - msgid "No existing configuration detected.\n" - msgstr "" - --#: src/cli/main.c:275 -+#: src/cli/main.c:266 - msgid "" - "Some unexpected changes to the configuration were detected. Use 'select' " - "command instead.\n" - msgstr "" - --#: src/cli/main.c:279 -+#: src/cli/main.c:270 - #, c-format - msgid "Unable to apply changes [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:296 -+#: src/cli/main.c:287 - msgid "Print command parameters instead of formatted output" - msgstr "" - --#: src/cli/main.c:311 src/cli/main.c:672 -+#: src/cli/main.c:302 src/cli/main.c:663 - #, c-format - msgid "Unable to get current configuration [%d]: %s" - msgstr "" - --#: src/cli/main.c:325 -+#: src/cli/main.c:316 - #, c-format - msgid "Profile ID: %s\n" - msgstr "" - --#: src/cli/main.c:326 -+#: src/cli/main.c:317 - msgid "Enabled features:" - msgstr "" - --#: src/cli/main.c:329 -+#: src/cli/main.c:320 - msgid " None\n" - msgstr "" - --#: src/cli/main.c:357 -+#: src/cli/main.c:348 - #, c-format - msgid "Unable to test current configuration [%d]: %s" - msgstr "" - --#: src/cli/main.c:364 -+#: src/cli/main.c:355 - msgid "" - "Current configuration is not valid. It was probably modified outside " - "authselect." - msgstr "" - --#: src/cli/main.c:371 -+#: src/cli/main.c:362 - msgid "Current configuration is valid." - msgstr "" - --#: src/cli/main.c:374 -+#: src/cli/main.c:365 - msgid "No configuration detected." - msgstr "" - --#: src/cli/main.c:378 -+#: src/cli/main.c:369 - msgid "System was not configured with authselect." - msgstr "" - --#: src/cli/main.c:405 -+#: src/cli/main.c:396 - msgid "Unable to get profile list!" - msgstr "" - --#: src/cli/main.c:458 -+#: src/cli/main.c:449 - #, c-format - msgid "Unable to get profile features [%d]: %s" - msgstr "" - --#: src/cli/main.c:572 -+#: src/cli/main.c:563 - msgid "Print content of all files" - msgstr "" - --#: src/cli/main.c:573 -+#: src/cli/main.c:564 - msgid "Print nsswitch.conf content" - msgstr "" - --#: src/cli/main.c:574 -+#: src/cli/main.c:565 - msgid "Print system-auth content" - msgstr "" - --#: src/cli/main.c:575 -+#: src/cli/main.c:566 - msgid "Print password-auth content" - msgstr "" - --#: src/cli/main.c:576 -+#: src/cli/main.c:567 - msgid "Print smartcard-auth content" - msgstr "" - --#: src/cli/main.c:577 -+#: src/cli/main.c:568 - msgid "Print fingerprint-auth content" - msgstr "" - --#: src/cli/main.c:578 -+#: src/cli/main.c:569 - msgid "Print postlogin content" - msgstr "" - --#: src/cli/main.c:579 -+#: src/cli/main.c:570 - msgid "Print dconf database content" - msgstr "" - --#: src/cli/main.c:580 -+#: src/cli/main.c:571 - msgid "Print dconf lock content" - msgstr "" - --#: src/cli/main.c:607 -+#: src/cli/main.c:598 - #, c-format - msgid "Unable to get generated content [%d]: %s" - msgstr "" - --#: src/cli/main.c:626 -+#: src/cli/main.c:617 - #, c-format - msgid "" - "File %s: Empty\n" - "\n" - msgstr "" - --#: src/cli/main.c:628 -+#: src/cli/main.c:619 - #, c-format - msgid "" - "File %s:\n" -@@ -1114,534 +1110,190 @@ msgid "" - "\n" - msgstr "" - --#: src/cli/main.c:657 -+#: src/cli/main.c:648 - msgid "Feature to enable." - msgstr "" - --#: src/cli/main.c:694 -+#: src/cli/main.c:685 - #, c-format - msgid "Unable to backup current configuration [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:701 -+#: src/cli/main.c:692 - #, c-format - msgid "Unable to enable feature [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:706 -+#: src/cli/main.c:697 - #, c-format - msgid "%s\n" - msgstr "" - --#: src/cli/main.c:734 -+#: src/cli/main.c:725 - msgid "Feature to disable." - msgstr "" - --#: src/cli/main.c:748 -+#: src/cli/main.c:739 - #, c-format - msgid "Unable to disable feature [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:769 -+#: src/cli/main.c:760 - msgid "Create new profile as a vendor profile instead of a custom profile" - msgstr "" - --#: src/cli/main.c:770 -+#: src/cli/main.c:761 - msgid "ID of a profile that should be used as a base for the new profile" - msgstr "" - --#: src/cli/main.c:771 -+#: src/cli/main.c:762 - msgid "" - "Base new profile on a default profile even if vendor profile with the same " - "name exists" - msgstr "" - --#: src/cli/main.c:772 -+#: src/cli/main.c:763 - msgid "Symlink meta files from the base profile instead of copying them" - msgstr "" - --#: src/cli/main.c:773 -+#: src/cli/main.c:764 - msgid "Symlink nsswitch files from the base profile instead of copying them" - msgstr "" - --#: src/cli/main.c:774 -+#: src/cli/main.c:765 - msgid "Symlink pam files from the base profile instead of copying them" - msgstr "" - --#: src/cli/main.c:775 -+#: src/cli/main.c:766 - msgid "Symlink dconf files from the base profile instead of copying them" - msgstr "" - --#: src/cli/main.c:776 -+#: src/cli/main.c:767 - msgid "Symlink specific file (can be set multiple times)" - msgstr "" - --#: src/cli/main.c:781 -+#: src/cli/main.c:772 - msgid "New profile name." - msgstr "" - --#: src/cli/main.c:791 -+#: src/cli/main.c:782 - #, c-format - msgid "Unable to create new profile [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:795 -+#: src/cli/main.c:786 - #, c-format - msgid "New profile was created at %s\n" - msgstr "" - --#: src/cli/main.c:818 -+#: src/cli/main.c:809 - msgid "Print backup names without any formatting and additional information" - msgstr "" - --#: src/cli/main.c:830 -+#: src/cli/main.c:821 - msgid "Unable to list available backups!" - msgstr "" - --#: src/cli/main.c:867 -+#: src/cli/main.c:858 - #, c-format - msgid "%-*s (created at %s)\n" - msgstr "" - --#: src/cli/main.c:886 -+#: src/cli/main.c:877 - msgid "Name of the backup to remove." - msgstr "" - --#: src/cli/main.c:895 -+#: src/cli/main.c:886 - #, c-format - msgid "Unable to remove backup [%s] [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:912 -+#: src/cli/main.c:903 - msgid "Name of the backup to restore from." - msgstr "" - --#: src/cli/main.c:921 -+#: src/cli/main.c:912 - #, c-format - msgid "Unable to restore backup [%s] [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:937 -+#: src/cli/main.c:928 - #, c-format - msgid "Unable to uninstall authselect configuration [%d]: %s\n" - msgstr "" - --#: src/cli/main.c:987 -+#: src/cli/main.c:978 - msgid "Select profile" - msgstr "" - --#: src/cli/main.c:988 -+#: src/cli/main.c:979 - msgid "Regenerate configuration for currently selected command" - msgstr "" - --#: src/cli/main.c:989 -+#: src/cli/main.c:980 - msgid "List available profiles" - msgstr "" - --#: src/cli/main.c:990 -+#: src/cli/main.c:981 - msgid "List available profile features" - msgstr "" - --#: src/cli/main.c:991 -+#: src/cli/main.c:982 - msgid "Show profile information" - msgstr "" - --#: src/cli/main.c:992 -+#: src/cli/main.c:983 - msgid "Print profile requirements" - msgstr "" - --#: src/cli/main.c:993 -+#: src/cli/main.c:984 - msgid "Get identifier of currently selected profile" - msgstr "" - --#: src/cli/main.c:994 -+#: src/cli/main.c:985 - msgid "Check if the current configuration is valid" - msgstr "" - --#: src/cli/main.c:995 -+#: src/cli/main.c:986 - msgid "Print changes that would be otherwise written" - msgstr "" - --#: src/cli/main.c:996 -+#: src/cli/main.c:987 - msgid "Enable feature in currently selected profile" - msgstr "" - --#: src/cli/main.c:997 -+#: src/cli/main.c:988 - msgid "Disable feature in currently selected profile" - msgstr "" - --#: src/cli/main.c:998 -+#: src/cli/main.c:989 - msgid "Create new authselect profile" - msgstr "" - --#: src/cli/main.c:999 -+#: src/cli/main.c:990 - msgid "Backup commands:" - msgstr "" - --#: src/cli/main.c:1000 -+#: src/cli/main.c:991 - msgid "List available backups" - msgstr "" - --#: src/cli/main.c:1001 -+#: src/cli/main.c:992 - msgid "Remove backup" - msgstr "" - --#: src/cli/main.c:1002 -+#: src/cli/main.c:993 - msgid "Restore from backup" - msgstr "" - --#: src/cli/main.c:1003 -+#: src/cli/main.c:994 - msgid "Other:" - msgstr "" - --#: src/cli/main.c:1004 -+#: src/cli/main.c:995 - msgid "Opt-out from authselect managed configuration" - msgstr "" - --#: src/cli/main.c:1006 -+#: src/cli/main.c:997 - msgid "Print authselect version" - msgstr "" -- --#: src/compat/authcompat_Options.py:82 --msgid "NIS for user information by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:83 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:83 --msgid "default NIS domain" --msgstr "" -- --#: src/compat/authcompat_Options.py:84 src/compat/authcompat_Options.py:87 --#: src/compat/authcompat_Options.py:98 src/compat/authcompat_Options.py:99 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:84 --msgid "default NIS server" --msgstr "" -- --#: src/compat/authcompat_Options.py:85 --msgid "LDAP for user information by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:86 --msgid "LDAP for authentication by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:87 --msgid "default LDAP server hostname or URI" --msgstr "" -- --#: src/compat/authcompat_Options.py:88 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:88 --msgid "default LDAP base DN" --msgstr "" -- --#: src/compat/authcompat_Options.py:89 --msgid "use of TLS with LDAP (RFC-2830)" --msgstr "" -- --#: src/compat/authcompat_Options.py:90 --msgid "use of TLS for identity lookups with LDAP (RFC-2830)" --msgstr "" -- --#: src/compat/authcompat_Options.py:91 --msgid "use of RFC-2307bis schema for LDAP user information lookups" --msgstr "" -- --#: src/compat/authcompat_Options.py:92 --msgid "authentication with smart card by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:93 --msgid "<0=Lock|1=Ignore>" --msgstr "" -- --#: src/compat/authcompat_Options.py:93 --msgid "action to be taken on smart card removal" --msgstr "" -- --#: src/compat/authcompat_Options.py:94 --msgid "require smart card for authentication by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:95 --msgid "authentication with fingerprint readers by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:96 --msgid "automatic per-user ecryptfs" --msgstr "" -- --#: src/compat/authcompat_Options.py:97 --msgid "Kerberos authentication by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:98 --msgid "default Kerberos KDC" --msgstr "" -- --#: src/compat/authcompat_Options.py:99 --msgid "default Kerberos admin server" --msgstr "" -- --#: src/compat/authcompat_Options.py:100 src/compat/authcompat_Options.py:152 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:100 --msgid "default Kerberos realm" --msgstr "" -- --#: src/compat/authcompat_Options.py:101 --msgid "use of DNS to find Kerberos KDCs" --msgstr "" -- --#: src/compat/authcompat_Options.py:102 --msgid "use of DNS to find Kerberos realms" --msgstr "" -- --#: src/compat/authcompat_Options.py:103 --msgid "winbind for user information by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:104 --msgid "winbind for authentication by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:105 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:105 --msgid "join the winbind domain or ads realm now as this administrator" --msgstr "" -- --#: src/compat/authcompat_Options.py:106 --msgid "Kerberos 5 for authenticate with winbind" --msgstr "" -- --#: src/compat/authcompat_Options.py:107 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:107 --msgid "workgroup authentication servers are in" --msgstr "" -- --#: src/compat/authcompat_Options.py:108 --msgid "" --"SSSD for user information by default with manually managed configuration" --msgstr "" -- --#: src/compat/authcompat_Options.py:109 --msgid "SSSD for authentication by default with manually managed configuration" --msgstr "" -- --#: src/compat/authcompat_Options.py:110 --msgid "caching of user credentials in SSSD by default" --msgstr "" -- --#: src/compat/authcompat_Options.py:111 --msgid "check of access.conf during account authorization" --msgstr "" -- --#: src/compat/authcompat_Options.py:112 --msgid "creation of home directories for users on their first login" --msgstr "" -- --#: src/compat/authcompat_Options.py:113 --msgid "account locking in case of too many consecutive authentication failures" --msgstr "" -- --#: src/compat/authcompat_Options.py:114 src/compat/authcompat_Options.py:115 --#: src/compat/authcompat_Options.py:116 src/compat/authcompat_Options.py:117 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:114 --msgid "minimum length of a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:115 --msgid "minimum number of character classes in a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:116 --msgid "maximum number of same consecutive characters in a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:117 --msgid "maximum number of consecutive characters of same class in a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:118 --msgid "require at least one lowercase character in a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:119 --msgid "require at least one uppercase character in a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:120 --msgid "require at least one digit in a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:121 --msgid "require at least one other character in a password" --msgstr "" -- --#: src/compat/authcompat_Options.py:124 --msgid "do not start/stop services" --msgstr "" -- --#: src/compat/authcompat_Options.py:125 --msgid "update all configuration files" --msgstr "" -- --#: src/compat/authcompat_Options.py:126 src/compat/authcompat_Options.py:127 --msgid "the same as --updateall" --msgstr "" -- --#: src/compat/authcompat_Options.py:136 src/compat/authcompat_Options.py:137 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:148 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:149 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:150 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:151 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:153 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:154 src/compat/authcompat_Options.py:155 --#: src/compat/authcompat_Options.py:156 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:157 --msgid "<\\>" --msgstr "" -- --#: src/compat/authcompat_Options.py:158 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:159 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:166 --msgid "" --msgstr "" -- --#: src/compat/authcompat_Options.py:210 --msgid "These options have a compatibility layer" --msgstr "" -- --#: src/compat/authcompat_Options.py:211 --msgid "These options are no longer supported and have no effect" --msgstr "" -- --#: src/compat/authcompat_Options.py:313 --msgid "enable" --msgstr "" -- --#: src/compat/authcompat_Options.py:314 --msgid "disable" --msgstr "" -- --#: src/compat/authcompat.py.in.in:51 --#, python-format --msgid "Executing: %s" --msgstr "" -- --#: src/compat/authcompat.py.in.in:71 --#, python-format --msgid "Service %s was not found. Please install the service." --msgstr "" -- --#: src/compat/authcompat.py.in.in:74 src/compat/authcompat.py.in.in:631 --#: src/compat/authcompat.py.in.in:657 --#, python-format --msgid "Command [%s] failed with %d, stderr:" --msgstr "" -- --#: src/compat/authcompat.py.in.in:186 --#, python-format --msgid "Removing file: %s" --msgstr "" -- --#: src/compat/authcompat.py.in.in:335 --#, python-format --msgid "%s was not found. Please, install realmd." --msgstr "" -- --#: src/compat/authcompat.py.in.in:469 --msgid "Running authconfig compatibility tool." --msgstr "" -- --#: src/compat/authcompat.py.in.in:470 --msgid "" --"The purpose of this tool is to enable authentication against chosen services " --"with authselect and minimum configuration. It does not provide all " --"capabilities of authconfig.\n" --msgstr "" -- --#: src/compat/authcompat.py.in.in:473 --msgid "" --"IMPORTANT: authconfig is replaced by authselect, please update your scripts." --msgstr "" -- --#: src/compat/authcompat.py.in.in:475 --msgid "" --"See Fedora 28 Change Page: https://fedoraproject.org/wiki/Changes/" --"AuthselectAsDefault" --msgstr "" -- --#: src/compat/authcompat.py.in.in:476 --msgid "" --"See man authselect-migration(7) to help you with migration to authselect" --msgstr "" -- --#: src/compat/authcompat.py.in.in:480 --msgid "Warning: These options are not supported anymore and have no effect:" --msgstr "" -- --#: src/compat/authcompat.py.in.in:500 --msgid "authconfig can only be run as root" --msgstr "" -- --#: src/compat/authcompat.py.in.in:505 --#, python-format --msgid "" --"Error: option --%s is no longer supported and we cannot continue if it is " --"set." --msgstr "" -- --#: src/compat/authcompat.py.in.in:510 --msgid "Error: Both --enablewinbind and --enablewinbindauth must be set." --msgstr "" -- --#: src/compat/authcompat.py.in.in:520 --msgid "Error: Please, provide --updateall option." --msgstr "" -diff --git a/src/man/po/authselect-migration.7.adoc.pot b/src/man/po/authselect-migration.7.adoc.pot -index 86a7f52ecac93a6538e5168deb806a97515c8c7c..93c99f10098b2ba2775823150b6efbf83a05e2ac 100644 ---- a/src/man/po/authselect-migration.7.adoc.pot -+++ b/src/man/po/authselect-migration.7.adoc.pot -@@ -7,7 +7,7 @@ - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" --"POT-Creation-Date: 2022-05-04 13:46+0200\n" -+"POT-Creation-Date: 2024-02-23 14:08+0100\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -17,30 +17,31 @@ msgstr "" - "Content-Transfer-Encoding: 8bit\n" - - #. type: Title = --#: ./src/man/authselect-migration.7.adoc:2 -+#: src/man/authselect-migration.7.adoc:2 - #, no-wrap - msgid "authselect-migration(7)" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:6 -+#: src/man/authselect-migration.7.adoc:6 - #, no-wrap - msgid "NAME" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:8 --msgid "authselect-migration - A guide how to migrate from authconfig to authselect." -+#: src/man/authselect-migration.7.adoc:8 -+msgid "" -+"authselect-migration - A guide how to migrate from authconfig to authselect." - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:10 -+#: src/man/authselect-migration.7.adoc:10 - #, no-wrap - msgid "DESCRIPTION" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:15 -+#: src/man/authselect-migration.7.adoc:15 - msgid "" - "This manual page explains the main differences between authconfig, the " - "previous tool to configure system authentication and identity sources, and " -@@ -49,20 +50,20 @@ msgid "" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:17 -+#: src/man/authselect-migration.7.adoc:17 - #, no-wrap - msgid "MAIN DIFFERENCES" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:20 -+#: src/man/authselect-migration.7.adoc:20 - msgid "" - "Authselect takes a completely different approach to system configuration " - "than the previous tool authconfig." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:25 -+#: src/man/authselect-migration.7.adoc:25 - msgid "" - "Authconfig tries its best to keep users's manual changes to the files it " - "generates. It generates not only PAM configuration files and nsswitch.conf " -@@ -71,38 +72,36 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:34 -+#: src/man/authselect-migration.7.adoc:34 - msgid "" - "Authselect does no such things. It does not generate any configuration files " - "beside PAM and nsswitch.conf and it strictly prohibits any manual changes to " - "generated configuration. It provides a set of files called profiles. Each " - "profile describes how the resulting configuration should look like and it " --"can be slightly modified by enabling or disabling certain optional " --"features. If a need arises for a different profile than what authselect " --"ships, the administrator has an option to create a whole new profile and use " --"it with authselect. See authselect-profiles(5) to learn more about " --"profiles." -+"can be slightly modified by enabling or disabling certain optional features. " -+"If a need arises for a different profile than what authselect ships, the " -+"administrator has an option to create a whole new profile and use it with " -+"authselect. See authselect-profiles(5) to learn more about profiles." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:46 -+#: src/man/authselect-migration.7.adoc:46 - msgid "" --"This may seem like a big disadvantage but the truth is the " --"opposite. Authconfig is a very old tool and the applications providing " --"required services have changed rapidly over the years. Typically, there is " --"no longer a need to have multiple authentication modules in PAM and " --"nsswitch.conf, because the vast majority of use-cases is covered by " --"SSSD. Therefore there is no need to add or remove them specifically. There " --"are also better tools to generate configuration for system daemons that can " --"help you automate the process of joining to a remote domain such as " --"`realm`. In addition, the shipped profiles give us comprehensive and " --"deterministic system configuration that can be fully tested and is much less " --"error prone. It is also much easier to distribute such configuration across " --"many systems." -+"This may seem like a big disadvantage but the truth is the opposite. " -+"Authconfig is a very old tool and the applications providing required " -+"services have changed rapidly over the years. Typically, there is no longer " -+"a need to have multiple authentication modules in PAM and nsswitch.conf, " -+"because the vast majority of use-cases is covered by SSSD. Therefore there " -+"is no need to add or remove them specifically. There are also better tools " -+"to generate configuration for system daemons that can help you automate the " -+"process of joining to a remote domain such as `realm`. In addition, the " -+"shipped profiles give us comprehensive and deterministic system " -+"configuration that can be fully tested and is much less error prone. It is " -+"also much easier to distribute such configuration across many systems." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:52 -+#: src/man/authselect-migration.7.adoc:52 - msgid "" - "Probably the most controversial change is that authselect only ships " - "profiles for sssd and winbind providers. Those two providers cover all " -@@ -113,13 +112,13 @@ msgid "" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:54 -+#: src/man/authselect-migration.7.adoc:54 - #, no-wrap - msgid "JOINING REMOTE DOMAINS" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:59 -+#: src/man/authselect-migration.7.adoc:59 - msgid "" - "You can use either `ipa-client-install` or `realm` to join an IPA domain and " - "`realm` to join an Active Directory domain. These tools will make sure that " -@@ -128,13 +127,13 @@ msgid "" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:61 -+#: src/man/authselect-migration.7.adoc:61 - #, no-wrap - msgid "CONVERTING YOUR SCRIPTS" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:67 -+#: src/man/authselect-migration.7.adoc:67 - msgid "" - "If you use `ipa-client-install` or `realm` to join a domain, you can just " - "remove any authconfig call in your scripts. If this is not an option, you " -@@ -144,13 +143,13 @@ msgid "" - msgstr "" - - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:68 -+#: src/man/authselect-migration.7.adoc:68 - #, no-wrap - msgid "Relation of authconfig options to authselect profiles" - msgstr "" - - #. type: Table --#: ./src/man/authselect-migration.7.adoc:76 -+#: src/man/authselect-migration.7.adoc:77 - #, no-wrap - msgid "" - "|*Authconfig options* |*Authselect profile*\n" -@@ -161,14 +160,20 @@ msgid "" - "|--enablenis |nis\n" - msgstr "" - -+#. type: Table -+#: src/man/authselect-migration.7.adoc:80 -+#, no-wrap -+msgid "|--enablenis |none\n" -+msgstr "" -+ - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:78 -+#: src/man/authselect-migration.7.adoc:83 - #, no-wrap - msgid "Relation of authconfig options to authselect profile features" - msgstr "" - - #. type: Table --#: ./src/man/authselect-migration.7.adoc:90 -+#: src/man/authselect-migration.7.adoc:95 - #, no-wrap - msgid "" - "|*Authconfig options* |*Authselect profile feature*\n" -@@ -184,7 +189,7 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:97 -+#: src/man/authselect-migration.7.adoc:102 - msgid "" - "Authconfig options `--enableshadow` and `--passalgo=sha512` were often used " - "to make sure that passwords are stored in `/etc/shadow` using `sha512` " -@@ -194,13 +199,13 @@ msgid "" - msgstr "" - - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:98 -+#: src/man/authselect-migration.7.adoc:103 - #, no-wrap - msgid "Examples" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:102 -+#: src/man/authselect-migration.7.adoc:107 - #, no-wrap - msgid "" - "authconfig --enableldap --enableldapauth --enablefaillock --updateall\n" -@@ -208,16 +213,15 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:105 -+#: src/man/authselect-migration.7.adoc:110 - #, no-wrap - msgid "" --"authconfig --enablesssd --enablesssdauth --enablesmartcard " --"--smartcardmodule=sssd --updateall\n" -+"authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall\n" - "authselect select sssd with-smartcard\n" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:108 -+#: src/man/authselect-migration.7.adoc:113 - #, no-wrap - msgid "" - "authconfig --enableecryptfs --enablepamaccess --updateall\n" -@@ -225,35 +229,33 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:111 -+#: src/man/authselect-migration.7.adoc:116 - #, no-wrap - msgid "" --"authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator " --"--updateall\n" -+"authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall\n" - "realm join -U Administrator --client-software=winbind WINBINDDOMAIN\n" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:114 -+#: src/man/authselect-migration.7.adoc:119 - #, no-wrap - msgid "CONFIGURATION FILES" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:116 -+#: src/man/authselect-migration.7.adoc:121 - msgid "" --"This section contains snippets for minimal configuration of various " --"services." -+"This section contains snippets for minimal configuration of various services." - msgstr "" - - #. type: Title ~ --#: ./src/man/authselect-migration.7.adoc:118 -+#: src/man/authselect-migration.7.adoc:123 - #, no-wrap - msgid "LDAP" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:122 -+#: src/man/authselect-migration.7.adoc:127 - msgid "" - "Even if LDAP is not directly used through `pam_ldap` and `nss_ldap`, it is " - "still useful to configure ldap.conf to configure openldap-libs and " -@@ -261,13 +263,13 @@ msgid "" - msgstr "" - - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:123 -+#: src/man/authselect-migration.7.adoc:128 - #, no-wrap - msgid "{sysconfdir}/openldap/ldap.conf" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:127 -+#: src/man/authselect-migration.7.adoc:132 - #, no-wrap - msgid "" - "# Set the default base dn\n" -@@ -275,7 +277,7 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:130 -+#: src/man/authselect-migration.7.adoc:135 - #, no-wrap - msgid "" - "# Set the default LDAP server\n" -@@ -283,13 +285,13 @@ msgid "" - msgstr "" - - #. type: Title ~ --#: ./src/man/authselect-migration.7.adoc:133 -+#: src/man/authselect-migration.7.adoc:138 - #, no-wrap - msgid "KERBEROS" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:136 -+#: src/man/authselect-migration.7.adoc:141 - msgid "" - "If you use Kerberos, the default Kerberos realm should be configured in " - "order for krb5-libs and therefore tools such as `kinit` to work out of the " -@@ -297,13 +299,13 @@ msgid "" - msgstr "" - - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:137 -+#: src/man/authselect-migration.7.adoc:142 - #, no-wrap - msgid "{sysconfdir}/krb5.conf" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:141 -+#: src/man/authselect-migration.7.adoc:146 - #, no-wrap - msgid "" - "[libdefaults]\n" -@@ -311,7 +313,7 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:146 -+#: src/man/authselect-migration.7.adoc:151 - #, no-wrap - msgid "" - "[realms]\n" -@@ -321,7 +323,7 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:150 -+#: src/man/authselect-migration.7.adoc:155 - #, no-wrap - msgid "" - "[domain_realm]\n" -@@ -330,31 +332,31 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:153 --#: ./src/man/authselect-migration.7.adoc:247 -+#: src/man/authselect-migration.7.adoc:158 -+#: src/man/authselect-migration.7.adoc:254 - #, no-wrap - msgid "SSSD" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:158 -+#: src/man/authselect-migration.7.adoc:163 - msgid "" - "Authselect encourages users to use SSSD wherever possible. There are many " - "configuration options, see sssd.conf(5). This is a minimal configuration " --"that creates one LDAP domain called `default`. The LDAP server is " --"auto-discovered through DNS lookups." -+"that creates one LDAP domain called `default`. The LDAP server is auto-" -+"discovered through DNS lookups." - msgstr "" - - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:159 --#: ./src/man/authselect-migration.7.adoc:175 -+#: src/man/authselect-migration.7.adoc:164 -+#: src/man/authselect-migration.7.adoc:180 - #, no-wrap - msgid "{sysconfdir}/sssd/sssd.conf" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:164 --#: ./src/man/authselect-migration.7.adoc:180 -+#: src/man/authselect-migration.7.adoc:169 -+#: src/man/authselect-migration.7.adoc:185 - #, no-wrap - msgid "" - "[sssd]\n" -@@ -363,7 +365,7 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:169 -+#: src/man/authselect-migration.7.adoc:174 - #, no-wrap - msgid "" - "[domain/default]\n" -@@ -373,7 +375,7 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:174 -+#: src/man/authselect-migration.7.adoc:179 - msgid "" - "And here is a configuration snippet for the same domain but now the " - "authentication is done over Kerberos. The KDC server is auto-discovered " -@@ -381,7 +383,7 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:188 -+#: src/man/authselect-migration.7.adoc:193 - #, no-wrap - msgid "" - "[domain/default]\n" -@@ -394,7 +396,7 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:194 -+#: src/man/authselect-migration.7.adoc:199 - msgid "" - "If you want to configure SSSD for an IPA or Active Directory domain, use the " - "`realm` tool. This will perform an initial setup which involves creating a " -@@ -403,13 +405,13 @@ msgid "" - msgstr "" - - #. type: Title ~ --#: ./src/man/authselect-migration.7.adoc:196 -+#: src/man/authselect-migration.7.adoc:201 - #, no-wrap - msgid "WINBIND" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:201 -+#: src/man/authselect-migration.7.adoc:206 - msgid "" - "If you want to configure the machine to use Winbind, use `realm`. This will " - "perform an initial setup which involves creating a Kerberos keytab and " -@@ -418,14 +420,14 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:203 --#: ./src/man/authselect-migration.7.adoc:255 -+#: src/man/authselect-migration.7.adoc:209 -+#: src/man/authselect-migration.7.adoc:262 - #, no-wrap - msgid "NIS" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:207 -+#: src/man/authselect-migration.7.adoc:213 - msgid "" - "There are several places that needs to be configured in order to make NIS " - "authentication work. First, you need to set NIS domain and optionally also " -@@ -433,13 +435,13 @@ msgid "" - msgstr "" - - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:208 -+#: src/man/authselect-migration.7.adoc:214 - #, no-wrap - msgid "{sysconfdir}/yp.conf" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:213 -+#: src/man/authselect-migration.7.adoc:219 - #, no-wrap - msgid "" - "domain mydomain broadcast\n" -@@ -448,24 +450,24 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:216 -+#: src/man/authselect-migration.7.adoc:222 - msgid "NIS domain must be also set in system network configuration." - msgstr "" - - #. type: Block title --#: ./src/man/authselect-migration.7.adoc:217 -+#: src/man/authselect-migration.7.adoc:223 - #, no-wrap - msgid "{sysconfdir}/sysconfig/network" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:220 -+#: src/man/authselect-migration.7.adoc:226 - #, no-wrap - msgid "NISDOMAIN=mydomain\n" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:224 -+#: src/man/authselect-migration.7.adoc:230 - msgid "" - "Now, you can set the domain name with command line so there is no need to " - "reboot your system. Additionaly, it may be necessary to enable NIS in " -@@ -473,7 +475,7 @@ msgid "" - msgstr "" - - #. type: delimited block - --#: ./src/man/authselect-migration.7.adoc:228 -+#: src/man/authselect-migration.7.adoc:234 - #, no-wrap - msgid "" - "$ domainname mydomain\n" -@@ -481,13 +483,13 @@ msgid "" - msgstr "" - - #. type: Title ~ --#: ./src/man/authselect-migration.7.adoc:231 -+#: src/man/authselect-migration.7.adoc:238 - #, no-wrap - msgid "PASSWORD QUALITY" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:236 -+#: src/man/authselect-migration.7.adoc:243 - msgid "" - "Authselect enables `pam_pwquality` module to enforce password quality " - "restrictions. This module is enabled only for local users. Remote users " -@@ -496,45 +498,45 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:240 -+#: src/man/authselect-migration.7.adoc:247 - msgid "" --"The `pam_pwquality` module can be configured in " --"{sysconfdir}/security/pwquality.conf. See pam_pwquality(8) to see its " --"configuration options and defaults." -+"The `pam_pwquality` module can be configured in {sysconfdir}/security/" -+"pwquality.conf. See pam_pwquality(8) to see its configuration options and " -+"defaults." - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:242 -+#: src/man/authselect-migration.7.adoc:249 - #, no-wrap - msgid "STARTING SERVICES" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:245 -+#: src/man/authselect-migration.7.adoc:252 - msgid "" - "Depending on your configuration, you need to start required services " - "manually with systemd." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:249 -+#: src/man/authselect-migration.7.adoc:256 - #, no-wrap - msgid "systemctl enable sssd.service ; systemctl start sssd.service\n" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:251 -+#: src/man/authselect-migration.7.adoc:258 - msgid "Winbind" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:253 -+#: src/man/authselect-migration.7.adoc:260 - #, no-wrap - msgid "systemctl enable winbind.service ; systemctl start winbind.service\n" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:258 -+#: src/man/authselect-migration.7.adoc:265 - #, no-wrap - msgid "" - "systemctl enable rpcbind.service ; systemctl start rpcbind.service\n" -@@ -542,24 +544,24 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:260 -+#: src/man/authselect-migration.7.adoc:267 - msgid "If mkhomedir feature is enabled" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:262 -+#: src/man/authselect-migration.7.adoc:269 - #, no-wrap - msgid "systemctl enable oddjobd.service ; systemctl start oddjobd.service\n" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:264 -+#: src/man/authselect-migration.7.adoc:271 - #, no-wrap - msgid "AUTHCONFIG TOOLS" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:268 -+#: src/man/authselect-migration.7.adoc:275 - msgid "" - "Authconfig shipped a tool called _cacertdir_rehash_. If you depend on this " - "tool, please switch to native _openssl_ command: *openssl rehash " -@@ -567,14 +569,14 @@ msgid "" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-migration.7.adoc:270 -+#: src/man/authselect-migration.7.adoc:277 - #, no-wrap - msgid "SEE ALSO" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-migration.7.adoc:272 -+#: src/man/authselect-migration.7.adoc:279 - msgid "" --"authselect(8), authselect-profiles(5), realm(8), ipa-client-install(1), " --"sssd.conf(5), smb.conf(5), ldap.conf(5), krb5.conf(5)" -+"authselect(8), authselect-profiles(5), realm(8), ipa-client-install(1), sssd." -+"conf(5), smb.conf(5), ldap.conf(5), krb5.conf(5)" - msgstr "" -diff --git a/src/man/po/authselect-profiles.5.adoc.pot b/src/man/po/authselect-profiles.5.adoc.pot -index 45ca16e66e2dabbc55ec5106352c0b8f43b3826b..d6ce53d9b963771113b81d502338b352d410807d 100644 ---- a/src/man/po/authselect-profiles.5.adoc.pot -+++ b/src/man/po/authselect-profiles.5.adoc.pot -@@ -7,7 +7,7 @@ - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" --"POT-Creation-Date: 2022-05-04 13:46+0200\n" -+"POT-Creation-Date: 2024-02-23 14:08+0100\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -17,89 +17,90 @@ msgstr "" - "Content-Transfer-Encoding: 8bit\n" - - #. type: Title = --#: ./src/man/authselect-profiles.5.adoc:2 -+#: src/man/authselect-profiles.5.adoc:2 - #, no-wrap - msgid "authselect-profiles(5)" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-profiles.5.adoc:6 -+#: src/man/authselect-profiles.5.adoc:6 - #, no-wrap - msgid "NAME" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:8 -+#: src/man/authselect-profiles.5.adoc:8 - msgid "authselect-profiles - how to extend authselect profiles." - msgstr "" - - #. type: Title - --#: ./src/man/authselect-profiles.5.adoc:10 -+#: src/man/authselect-profiles.5.adoc:10 - #, no-wrap - msgid "DESCRIPTION" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:13 -+#: src/man/authselect-profiles.5.adoc:13 - msgid "" - "This manual page explains how are authselect profiles organized and how to " - "create new profiles." - msgstr "" - - #. type: Title - --#: ./src/man/authselect-profiles.5.adoc:15 -+#: src/man/authselect-profiles.5.adoc:15 - #, no-wrap - msgid "PROFILE DIRECTORIES" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:17 -+#: src/man/authselect-profiles.5.adoc:17 - msgid "Profiles can be found in one of three directories." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:18 -+#: src/man/authselect-profiles.5.adoc:18 - #, no-wrap - msgid "*{AUTHSELECT_PROFILE_DIR}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:20 --msgid "Read-only directory containing profiles shipped together with authselect." -+#: src/man/authselect-profiles.5.adoc:20 -+msgid "" -+"Read-only directory containing profiles shipped together with authselect." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:21 -+#: src/man/authselect-profiles.5.adoc:21 - #, no-wrap - msgid "*{AUTHSELECT_VENDOR_DIR}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:24 -+#: src/man/authselect-profiles.5.adoc:24 - msgid "" - "Read-only directory for vendor-specific profiles that can override the ones " - "in _default_ directory." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:25 -+#: src/man/authselect-profiles.5.adoc:25 - #, no-wrap - msgid "*{AUTHSELECT_CUSTOM_DIR}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:27 -+#: src/man/authselect-profiles.5.adoc:27 - msgid "Place for administrator-defined profiles." - msgstr "" - - #. type: Title - --#: ./src/man/authselect-profiles.5.adoc:29 -+#: src/man/authselect-profiles.5.adoc:29 - #, no-wrap - msgid "PROFILE FILES" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:33 -+#: src/man/authselect-profiles.5.adoc:33 - msgid "" - "Each profile consists of one or more of these files which provide a " - "mandatory profile description and describe the changes that are done to the " -@@ -107,37 +108,38 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:34 -+#: src/man/authselect-profiles.5.adoc:34 - #, no-wrap - msgid "*README*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:36 --msgid "Description of the profile. The first line must be a name of the profile." -+#: src/man/authselect-profiles.5.adoc:36 -+msgid "" -+"Description of the profile. The first line must be a name of the profile." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:37 -+#: src/man/authselect-profiles.5.adoc:37 - #, no-wrap - msgid "*system-auth*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:40 -+#: src/man/authselect-profiles.5.adoc:40 - msgid "" - "PAM stack that is included from nearly all individual service configuration " - "files." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:41 -+#: src/man/authselect-profiles.5.adoc:41 - #, no-wrap - msgid "*password-auth*, *smartcard-auth*, *fingerprint-auth*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:45 -+#: src/man/authselect-profiles.5.adoc:45 - msgid "" - "These PAM stacks are for applications which handle authentication from " - "different types of devices via simultaneously running individual " -@@ -145,13 +147,13 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:46 -+#: src/man/authselect-profiles.5.adoc:46 - #, no-wrap - msgid "*postlogin*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:54 -+#: src/man/authselect-profiles.5.adoc:54 - msgid "" - "The purpose of this PAM stack is to provide a common place for all PAM " - "modules which should be called after the stack configured in system-auth or " -@@ -163,35 +165,24 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:55 -+#: src/man/authselect-profiles.5.adoc:55 - #, no-wrap - msgid "*nsswitch.conf*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:58 -+#: src/man/authselect-profiles.5.adoc:57 - msgid "Name Service Switch configuration file." - msgstr "" - --#. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:63 --#, no-wrap --msgid "" --" Name Service Switch configuration file. Only maps relevant to the " --"profile\n" --" must be set. Maps that are not specified by the profile are included " --"from\n" --" {AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf.\n" --msgstr "" -- - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:65 -+#: src/man/authselect-profiles.5.adoc:58 - #, no-wrap - msgid "*dconf-db*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:69 -+#: src/man/authselect-profiles.5.adoc:62 - msgid "" - "Changes to dconf database. The main uses case of this file is to set changes " - "for gnome login screen in order to enable or disable smartcard and " -@@ -199,24 +190,24 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:70 -+#: src/man/authselect-profiles.5.adoc:63 - #, no-wrap - msgid "*dconf-locks*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:72 -+#: src/man/authselect-profiles.5.adoc:65 - msgid "This file define locks on values set in dconf database." - msgstr "" - - #. type: Title ~ --#: ./src/man/authselect-profiles.5.adoc:74 -+#: src/man/authselect-profiles.5.adoc:67 - #, no-wrap - msgid "CONDITIONAL LINES" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:78 -+#: src/man/authselect-profiles.5.adoc:71 - msgid "" - "Each of these files serves as a template. A template is a plain text file " - "with optional usage of several operators that can be used to provide some " -@@ -224,13 +215,13 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:79 -+#: src/man/authselect-profiles.5.adoc:72 - #, no-wrap - msgid "*{continue if \"feature\"}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:84 -+#: src/man/authselect-profiles.5.adoc:77 - msgid "" - "Immediately stop processing of the file unless \"feature\" is defined (the " - "rest of the file content will be removed). If \"feature\" is defined, the " -@@ -239,13 +230,13 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:85 -+#: src/man/authselect-profiles.5.adoc:78 - #, no-wrap - msgid "*{stop if \"feature\"}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:90 -+#: src/man/authselect-profiles.5.adoc:83 - msgid "" - "Opposite of \"continue if\". Immediately stop processing of the file if " - "\"feature\" is defined (the rest of the file content will be removed). If " -@@ -254,39 +245,39 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:91 -+#: src/man/authselect-profiles.5.adoc:84 - #, no-wrap - msgid "*{include if \"feature\"}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:94 -+#: src/man/authselect-profiles.5.adoc:87 - msgid "" - "Include the line where this operator is placed only if \"feature\" is " - "defined." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:95 -+#: src/man/authselect-profiles.5.adoc:88 - #, no-wrap - msgid "*{exclude if \"feature\"}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:98 -+#: src/man/authselect-profiles.5.adoc:91 - msgid "" - "Opposite to \"include-if\". Include the line where this operator is placed " - "only if \"feature\" is not defined." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:99 -+#: src/man/authselect-profiles.5.adoc:92 - #, no-wrap - msgid "*{imply \"implied-feature\" if \"feature\"}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:103 -+#: src/man/authselect-profiles.5.adoc:96 - msgid "" - "Enable feature \"implied-feature\" if feature \"feature\" is enabled. The " - "whole line with this operator is removed, thus it is not possible to add " -@@ -294,33 +285,33 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:104 -+#: src/man/authselect-profiles.5.adoc:97 - #, no-wrap - msgid "*{if \"feature\":true|false}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:107 -+#: src/man/authselect-profiles.5.adoc:100 - msgid "" - "If \"feature\" is defined, replace this operator with string \"true\", " - "otherwise with string \"false\"." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:108 -+#: src/man/authselect-profiles.5.adoc:101 - #, no-wrap - msgid "*{if \"feature\":true}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:111 -+#: src/man/authselect-profiles.5.adoc:104 - msgid "" - "If \"feature\" is defined, replace this operator with string \"true\", " - "otherwise with an empty string." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:115 -+#: src/man/authselect-profiles.5.adoc:108 - msgid "" - "It is also possible to use logical expression in conditional line instead of " - "specifying single feature name. In this case the expression will evaluate to " -@@ -328,7 +319,7 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:120 -+#: src/man/authselect-profiles.5.adoc:113 - msgid "" - "The expression syntax consists of feature names (e.g. _\"feature\"_) which " - "returns _true_ if the feature is defined or _false_ if it is not defined and " -@@ -337,57 +328,57 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:122 -+#: src/man/authselect-profiles.5.adoc:115 - msgid "For example:" - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:123 -+#: src/man/authselect-profiles.5.adoc:116 - #, no-wrap - msgid "*{if \"feature1\" or \"feature2\":true}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:126 -+#: src/man/authselect-profiles.5.adoc:119 - msgid "" - "If \"feature1\" or \"feature2\" is defined, replace this operator with " - "string \"true\", otherwise with an empty string." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:127 -+#: src/man/authselect-profiles.5.adoc:120 - #, no-wrap - msgid "*{if not \"feature\":true|false}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:130 -+#: src/man/authselect-profiles.5.adoc:123 - msgid "" - "If \"feature\" is not defined, replace this operator with string \"true\", " - "otherwise with string \"false\"." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:131 -+#: src/man/authselect-profiles.5.adoc:124 - #, no-wrap - msgid "*{if not \"feature\":true}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:134 -+#: src/man/authselect-profiles.5.adoc:127 - msgid "" - "If \"feature\" is not defined, replace this operator with string \"true\", " - "otherwise with an empty string." - msgstr "" - - #. type: Labeled list --#: ./src/man/authselect-profiles.5.adoc:135 -+#: src/man/authselect-profiles.5.adoc:128 - #, no-wrap - msgid "*{if \"feature1\" and (\"feature2\" or \"feature3\"):true}*" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:138 -+#: src/man/authselect-profiles.5.adoc:131 - msgid "" - "If \"feature1\" is defined, and one of \"feature2\" and \"feature3\" is " - "defined replace this operator with string \"true\", otherwise with an empty " -@@ -395,20 +386,20 @@ msgid "" - msgstr "" - - #. type: Title ~ --#: ./src/man/authselect-profiles.5.adoc:140 -+#: src/man/authselect-profiles.5.adoc:133 - #, no-wrap - msgid "EXAMPLE" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:143 -+#: src/man/authselect-profiles.5.adoc:136 - msgid "" - "Here is an example of using \"if\" operator. If \"with-sudo\" feature is " - "enabled, it will add \"sss\" to sudoers line." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:150 -+#: src/man/authselect-profiles.5.adoc:143 - #, no-wrap - msgid "" - " passwd: sss files\n" -@@ -420,42 +411,34 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:155 -+#: src/man/authselect-profiles.5.adoc:148 - msgid "" - "Here is an example of \"continue-if\" and \"include-if\" operators. The " --"resulting file will be empty unless \"with-smartcard\" feature is " --"enabled. If it is enabled and also \"with-faillock\" feature is enabled, it " --"will also enable support for pam_faillock." -+"resulting file will be empty unless \"with-smartcard\" feature is enabled. " -+"If it is enabled and also \"with-faillock\" feature is enabled, it will also " -+"enable support for pam_faillock." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:168 -+#: src/man/authselect-profiles.5.adoc:161 - #, no-wrap - msgid "" - " {continue if \"with-smartcard\"}\n" - " auth required pam_env.so\n" --" auth required pam_faildelay.so " --"delay=2000000\n" --" auth required pam_faillock.so " --"preauth silent deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" --" auth [default=1 ignore=ignore success=ok] pam_succeed_if.so " --"uid >= 1000 quiet\n" --" auth [default=1 ignore=ignore success=ok] " --"pam_localuser.so\n" --" auth sufficient pam_unix.so " --"nullok\n" --" auth requisite pam_succeed_if.so " --"uid >= 1000 quiet_success\n" --" auth sufficient pam_sss.so " --"forward_pass\n" --" auth required pam_faillock.so " --"authfail deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" -+" auth required pam_faildelay.so delay=2000000\n" -+" auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" -+" auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet\n" -+" auth [default=1 ignore=ignore success=ok] pam_localuser.so\n" -+" auth sufficient pam_unix.so nullok\n" -+" auth requisite pam_succeed_if.so uid >= 1000 quiet_success\n" -+" auth sufficient pam_sss.so forward_pass\n" -+" auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" - " auth required pam_deny.so\n" - " ...\n" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:173 -+#: src/man/authselect-profiles.5.adoc:166 - msgid "" - "Here is an example of \"continue-if\" using logical expression. The file " - "will be empty unless \"with-smartcard\" or \"with-smartcard-required\" is " -@@ -465,82 +448,60 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:186 -+#: src/man/authselect-profiles.5.adoc:179 - #, no-wrap - msgid "" - " {continue if \"with-smartcard\" or \"with-smartcard-required\"}\n" - " auth required pam_env.so\n" --" auth required pam_faildelay.so " --"delay=2000000\n" --" auth required pam_faillock.so " --"preauth silent deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" --" auth [default=1 ignore=ignore success=ok] pam_succeed_if.so " --"uid >= 1000 quiet\n" --" auth [default=1 ignore=ignore success=ok] " --"pam_localuser.so\n" --" auth sufficient pam_unix.so " --"nullok\n" --" auth requisite pam_succeed_if.so " --"uid >= 1000 quiet_success\n" --" auth sufficient pam_sss.so " --"forward_pass\n" --" auth required pam_faillock.so " --"authfail deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" -+" auth required pam_faildelay.so delay=2000000\n" -+" auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" -+" auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet\n" -+" auth [default=1 ignore=ignore success=ok] pam_localuser.so\n" -+" auth sufficient pam_unix.so nullok\n" -+" auth requisite pam_succeed_if.so uid >= 1000 quiet_success\n" -+" auth sufficient pam_sss.so forward_pass\n" -+" auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if \"with-faillock\"}\n" - " auth required pam_deny.so\n" - " ...\n" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:191 -+#: src/man/authselect-profiles.5.adoc:184 - msgid "" --"Here is an example of \"imply-if\" operator. Enabling feature " --"\"with-smartcard-required\" will also enable \"with-smartcard\" to make sure " --"that all relevant PAM modules are used. This will achieve the same behavior " --"as the previous example." -+"Here is an example of \"imply-if\" operator. Enabling feature \"with-" -+"smartcard-required\" will also enable \"with-smartcard\" to make sure that " -+"all relevant PAM modules are used. This will achieve the same behavior as " -+"the previous example." - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:206 -+#: src/man/authselect-profiles.5.adoc:199 - #, no-wrap - msgid "" - " {imply \"with-smartcard\" if \"with-smartcard-required\"}\n" - " auth required pam_env.so\n" --" auth required pam_faildelay.so " --"delay=2000000\n" --" auth [success=1 default=ignore] pam_succeed_if.so " --"service notin " --"login:gdm:xdm:kdm:kde:xscreensaver:gnome-screensaver:kscreensaver quiet " --"use_uid {include if \"with-smartcard-required\"}\n" --" auth [success=done ignore=ignore default=die] pam_sss.so " --"require_cert_auth ignore_authinfo_unavail {include if " --"\"with-smartcard-required\"}\n" --" auth [default=1 ignore=ignore success=ok] pam_succeed_if.so " --"uid >= 1000 quiet\n" --" auth [default=1 ignore=ignore success=ok] pam_localuser.so " --"{exclude if \"with-smartcard\"}\n" --" auth [default=2 ignore=ignore success=ok] pam_localuser.so " --"{include if \"with-smartcard\"}\n" --" auth [success=done authinfo_unavail=ignore user_unknown=ignore " --"ignore=ignore default=die] pam_sss.so try_cert_auth {include if " --"\"with-smartcard\"}\n" --" auth sufficient pam_unix.so {if " --"not \"without-nullok\":nullok}\n" --" auth requisite pam_succeed_if.so " --"uid >= 1000 quiet_success\n" --" auth sufficient pam_sss.so " --"forward_pass\n" -+" auth required pam_faildelay.so delay=2000000\n" -+" auth [success=1 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:kde:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if \"with-smartcard-required\"}\n" -+" auth [success=done ignore=ignore default=die] pam_sss.so require_cert_auth ignore_authinfo_unavail {include if \"with-smartcard-required\"}\n" -+" auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet\n" -+" auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if \"with-smartcard\"}\n" -+" auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if \"with-smartcard\"}\n" -+" auth [success=done authinfo_unavail=ignore user_unknown=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if \"with-smartcard\"}\n" -+" auth sufficient pam_unix.so {if not \"without-nullok\":nullok}\n" -+" auth requisite pam_succeed_if.so uid >= 1000 quiet_success\n" -+" auth sufficient pam_sss.so forward_pass\n" - " auth required pam_deny.so\n" - " ...\n" - msgstr "" - - #. type: Title - --#: ./src/man/authselect-profiles.5.adoc:208 -+#: src/man/authselect-profiles.5.adoc:201 - #, no-wrap - msgid "CREATING A NEW PROFILE" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:213 -+#: src/man/authselect-profiles.5.adoc:206 - msgid "" - "To register a new profile within authselect, create a directory in one of " - "the authselect profile locations with the files listed above. Not all of the " -@@ -549,20 +510,20 @@ msgid "" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:217 -+#: src/man/authselect-profiles.5.adoc:210 - msgid "" - "You may find *authselect create-profile* command helpful when creating new " --"profile. See *authselect(8)* manual page or *authselect create-profile " --"--help* for more information." -+"profile. See *authselect(8)* manual page or *authselect create-profile --" -+"help* for more information." - msgstr "" - - #. type: Title - --#: ./src/man/authselect-profiles.5.adoc:219 -+#: src/man/authselect-profiles.5.adoc:212 - #, no-wrap - msgid "SEE ALSO" - msgstr "" - - #. type: Plain text --#: ./src/man/authselect-profiles.5.adoc:220 -+#: src/man/authselect-profiles.5.adoc:213 - msgid "authselect(8), nsswitch.conf(5), PAM(8)" - msgstr "" -diff --git a/src/man/po/authselect.8.adoc.pot b/src/man/po/authselect.8.adoc.pot -index 09bf6e5714249a0ee4271db22577581d7ebdc3e7..097472b8f2b1c0d6f0d5d86e68e884142f25017b 100644 ---- a/src/man/po/authselect.8.adoc.pot -+++ b/src/man/po/authselect.8.adoc.pot -@@ -7,7 +7,7 @@ - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" --"POT-Creation-Date: 2024-01-18 16:34+0100\n" -+"POT-Creation-Date: 2024-02-23 14:08+0100\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -765,120 +765,19 @@ msgid "" - msgstr "" - - #. type: Title - --#: src/man/authselect.8.adoc:266 --#, no-wrap --msgid "NSSWITCH.CONF MANAGEMENT" --msgstr "" -- --#. type: Plain text --#: src/man/authselect.8.adoc:272 --msgid "" --"Authselect generates {AUTHSELECT_NSSWITCH_CONF} and does not allow any user " --"changes to this file. Such changes are detected and authselect will refuse " --"to write any system configuration unless a *--force* option is provided to " --"the *select* command. This mechanism prevents authselect from overwriting " --"anything that does not match any available profile." --msgstr "" -- --#. type: Plain text --#: src/man/authselect.8.adoc:280 --msgid "" --"Any user changes to nsswitch maps must be done in file " --"{AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf. When authselect generates new " --"_nsswitch.conf_ it reads this file and combines it with configuration from " --"selected profile. The profile configuration takes always precedence. In " --"other words, profiles do not have to set all nsswitch maps but can set only " --"those that are relevant to the profile. If a map is set within a profile, it " --"always overwrites the same map from _user-nsswitch.conf_." --msgstr "" -- --#. type: Block title --#: src/man/authselect.8.adoc:281 --#, no-wrap --msgid "Example 1" --msgstr "" -- --#. type: delimited block - --#: src/man/authselect.8.adoc:292 --#, no-wrap --msgid "" --"# \"sssd\" profile\n" --"$ cat {AUTHSELECT_PROFILE_DIR}/sssd/nsswitch.conf\n" --"passwd: sss files systemd\n" --"group: sss files systemd\n" --"netgroup: sss files\n" --"automount: sss files\n" --"services: sss files\n" --"sudoers: files sss {include if \"with-sudo\"}\n" --msgstr "" -- --#. type: delimited block - --#: src/man/authselect.8.adoc:298 --#, no-wrap --msgid "" --"$ cat {AUTHSELECT_CONFIG_DIR}/user-nsswitch.conf\n" --"passwd: files sss\n" --"group: files sss\n" --"hosts: files dns myhostname\n" --"sudoers: files\n" --msgstr "" -- --#. type: delimited block - --#: src/man/authselect.8.adoc:300 --#, no-wrap --msgid "$ authselect select sssd\n" --msgstr "" -- --#. type: delimited block - --#: src/man/authselect.8.adoc:310 --#, no-wrap --msgid "" --"# passwd and group maps from user-nsswitch.conf are ignored\n" --"$ cat {AUTHSELECT_NSSWITCH_CONF}\n" --"passwd: sss files systemd\n" --"group: sss files systemd\n" --"netgroup: sss files\n" --"automount: sss files\n" --"services: sss files\n" --"hosts: files dns myhostname\n" --"sudoers: files\n" --msgstr "" -- --#. type: delimited block - --#: src/man/authselect.8.adoc:312 --#, no-wrap --msgid "$ authselect select sssd with-sudo\n" --msgstr "" -- --#. type: delimited block - --#: src/man/authselect.8.adoc:322 --#, no-wrap --msgid "" --"# passwd, group and sudoers maps from user-nsswitch.conf are ignored\n" --"$ cat {AUTHSELECT_NSSWITCH_CONF}\n" --"passwd: sss files systemd\n" --"group: sss files systemd\n" --"netgroup: sss files\n" --"automount: sss files\n" --"services: sss files\n" --"sudoers: files sss\n" --"hosts: files dns myhostname\n" --msgstr "" -- --#. type: Title - --#: src/man/authselect.8.adoc:326 -+#: src/man/authselect.8.adoc:265 - #, no-wrap - msgid "TROUBLESHOOTING" - msgstr "" - - #. type: Title ~ --#: src/man/authselect.8.adoc:329 -+#: src/man/authselect.8.adoc:268 - #, no-wrap - msgid "How can I tell if my system is using authselect?" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:333 -+#: src/man/authselect.8.adoc:272 - msgid "" - "Use *authselect check*. The output will tell you if you have 1) " - "configuration generated by authselect 2) non-authselect configuration or 3) " -@@ -887,13 +786,13 @@ msgid "" - msgstr "" - - #. type: Title ~ --#: src/man/authselect.8.adoc:335 -+#: src/man/authselect.8.adoc:274 - #, no-wrap - msgid "Is nsswitch.conf supposed to be a symbolic link now?" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:341 -+#: src/man/authselect.8.adoc:280 - msgid "" - "Authselect generates your system configuration from scratch and stores it at " - "{AUTHSELECT_CONFIG_DIR}. System files are then created as symbolic links to " -@@ -903,18 +802,18 @@ msgid "" - msgstr "" - - #. type: Title ~ --#: src/man/authselect.8.adoc:343 -+#: src/man/authselect.8.adoc:282 - #, no-wrap - msgid "Error: Unexpected changes to the configuration were detected." - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:345 -+#: src/man/authselect.8.adoc:284 - msgid "For example:" - msgstr "" - - #. type: delimited block . --#: src/man/authselect.8.adoc:351 -+#: src/man/authselect.8.adoc:290 - #, no-wrap - msgid "" - "[error] [/etc/authselect/nsswitch.conf] does not exist!\n" -@@ -925,7 +824,7 @@ msgid "" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:355 -+#: src/man/authselect.8.adoc:294 - msgid "" - "This means that your configuration is unknown to authselect and as such it " - "will not be modified. To fix this, please call *authselect select* with *--" -@@ -933,101 +832,101 @@ msgid "" - msgstr "" - - #. type: Title - --#: src/man/authselect.8.adoc:357 -+#: src/man/authselect.8.adoc:296 - #, no-wrap - msgid "RETURN CODES" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:359 -+#: src/man/authselect.8.adoc:298 - msgid "The *authselect* can return these exit codes:" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:361 -+#: src/man/authselect.8.adoc:300 - msgid "0: Success." - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:362 -+#: src/man/authselect.8.adoc:301 - msgid "1: Generic error." - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:363 -+#: src/man/authselect.8.adoc:302 - msgid "" - "2: Profile or configuration was not found or the system was not configured " - "with authselect." - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:364 -+#: src/man/authselect.8.adoc:303 - msgid "" - "3: Current configuration is not valid, it was edited without authselect." - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:365 -+#: src/man/authselect.8.adoc:304 - msgid "" - "4: System configuration must be overwritten to activate an authselect " - "profile, --force parameter is needed." - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:366 -+#: src/man/authselect.8.adoc:305 - msgid "5: Executed command must be run as root." - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:367 -+#: src/man/authselect.8.adoc:306 - msgid "6: No configuration was detected." - msgstr "" - - #. type: Title - --#: src/man/authselect.8.adoc:369 -+#: src/man/authselect.8.adoc:308 - #, no-wrap - msgid "GENERATED FILES" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:372 -+#: src/man/authselect.8.adoc:311 - msgid "" - "Authselect creates and maintains the following files to configure system " - "identity and authentication providers properly." - msgstr "" - - #. type: Labeled list --#: src/man/authselect.8.adoc:373 -+#: src/man/authselect.8.adoc:312 - #, no-wrap - msgid "*{AUTHSELECT_NSSWITCH_CONF}*" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:375 -+#: src/man/authselect.8.adoc:314 - msgid "Name Service Switch configuration file." - msgstr "" - - #. type: Labeled list --#: src/man/authselect.8.adoc:376 -+#: src/man/authselect.8.adoc:315 - #, no-wrap - msgid "*{AUTHSELECT_PAM_DIR}/system-auth*" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:379 -+#: src/man/authselect.8.adoc:318 - msgid "" - "PAM stack that is included from nearly all individual service configuration " - "files." - msgstr "" - - #. type: Labeled list --#: src/man/authselect.8.adoc:380 -+#: src/man/authselect.8.adoc:319 - #, no-wrap - msgid "*{AUTHSELECT_PAM_DIR}/password-auth, smartcard-auth, fingerprint-auth*" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:384 -+#: src/man/authselect.8.adoc:323 - msgid "" - "These PAM stacks are for applications which handle authentication from " - "different types of devices via simultaneously running individual " -@@ -1035,13 +934,13 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: src/man/authselect.8.adoc:385 -+#: src/man/authselect.8.adoc:324 - #, no-wrap - msgid "*{AUTHSELECT_PAM_DIR}/postlogin*" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:393 -+#: src/man/authselect.8.adoc:332 - msgid "" - "The purpose of this PAM stack is to provide a common place for all PAM " - "modules which should be called after the stack configured in system-auth or " -@@ -1053,13 +952,13 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: src/man/authselect.8.adoc:394 -+#: src/man/authselect.8.adoc:333 - #, no-wrap - msgid "*{AUTHSELECT_DCONF_DIR}/{AUTHSELECT_DCONF_FILE}*" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:398 -+#: src/man/authselect.8.adoc:337 - msgid "" - "Changes to dconf database. The main uses case of this file is to set changes " - "for gnome login screen in order to enable or disable smartcard and " -@@ -1067,24 +966,24 @@ msgid "" - msgstr "" - - #. type: Labeled list --#: src/man/authselect.8.adoc:399 -+#: src/man/authselect.8.adoc:338 - #, no-wrap - msgid "*{AUTHSELECT_DCONF_DIR}/locks/{AUTHSELECT_DCONF_FILE}*" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:401 -+#: src/man/authselect.8.adoc:340 - msgid "This file define locks on values set in dconf database." - msgstr "" - - #. type: Title - --#: src/man/authselect.8.adoc:403 -+#: src/man/authselect.8.adoc:342 - #, no-wrap - msgid "SEE ALSO" - msgstr "" - - #. type: Plain text --#: src/man/authselect.8.adoc:404 -+#: src/man/authselect.8.adoc:343 - msgid "" - "authselect-profiles(5), authselect-migration(7), nsswitch.conf(5), PAM(8)" - msgstr "" --- -2.42.0 - diff --git a/0009-profiles-merge-groups-records-with-SUCCESS-merge.patch b/0009-profiles-merge-groups-records-with-SUCCESS-merge.patch deleted file mode 100644 index 436d2d0..0000000 --- a/0009-profiles-merge-groups-records-with-SUCCESS-merge.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 8d8adbd35c741d9038588386414ccbddb99bd31d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 14 Dec 2023 14:16:11 +0100 -Subject: [PATCH 09/11] profiles: merge groups records with [SUCCESS=merge] - -Services such as systemd-homed would like to advertise users which are -part of system groups, such as "wheel". That only works if glibc's -[SUCCESS=merge] feature is used in nsswitch.conf, so that group records -from multiple sources are merged. - -This is documented here: - -https://www.freedesktop.org/software/systemd/man/latest/nss-systemd.html#Configuration%20in%20/etc/nsswitch.conf - -This hence adds [SUCCESS=merge] expressions to all NSS modules listed in -the "groups" lines. ---- - profiles/local/nsswitch.conf | 2 +- - profiles/nis/nsswitch.conf | 2 +- - profiles/sssd/nsswitch.conf | 2 +- - profiles/winbind/nsswitch.conf | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf -index c63692fc00c0815c5ba303ec5b48b6c9d7577df2..8582a955c8d03ea1d122a34cd273326d985bdcfb 100644 ---- a/profiles/local/nsswitch.conf -+++ b/profiles/local/nsswitch.conf -@@ -1,7 +1,7 @@ - # In order of likelihood of use to accelerate lookup. - passwd: files {if "with-altfiles":altfiles }systemd - shadow: files --group: files {if "with-altfiles":altfiles }systemd -+group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd - hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns - services: files - netgroup: files -diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf -index 685f92c326bc7767ee167a77b7ba782672bf801f..c033812facee9159c76e2d514ac652e4de2e0b6b 100644 ---- a/profiles/nis/nsswitch.conf -+++ b/profiles/nis/nsswitch.conf -@@ -1,7 +1,7 @@ - # In order of likelihood of use to accelerate lookup. - passwd: files {if "with-altfiles":altfiles }nis systemd - shadow: files nis --group: files {if "with-altfiles":altfiles }nis systemd -+group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd - hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns - services: files nis - netgroup: files nis -diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf -index 58844a62c8f52f8f25477a811b02a5e401120f30..9f194bc82cee52d4e12779def95afa2f794f66bf 100644 ---- a/profiles/sssd/nsswitch.conf -+++ b/profiles/sssd/nsswitch.conf -@@ -1,7 +1,7 @@ - # In order of likelihood of use to accelerate lookup. - passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd - shadow: files --group: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd -+group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd - hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns - services: files sss - netgroup: files sss -diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf -index f0a97e42e084f94fddd329d4cb93d5b5d1da3360..1591ccb3ffa8bd10b8ff06a0620328e275d09241 100644 ---- a/profiles/winbind/nsswitch.conf -+++ b/profiles/winbind/nsswitch.conf -@@ -1,7 +1,7 @@ - # In order of likelihood of use to accelerate lookup. - passwd: files {if "with-altfiles":altfiles }winbind systemd - shadow: files --group: files {if "with-altfiles":altfiles }winbind systemd -+group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd - hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns - services: files - netgroup: files --- -2.42.0 - diff --git a/0010-spec-use-altfiles-with-success-merge-on-ostree-syste.patch b/0010-spec-use-altfiles-with-success-merge-on-ostree-syste.patch deleted file mode 100644 index 440ef32..0000000 --- a/0010-spec-use-altfiles-with-success-merge-on-ostree-syste.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 565d8a76f1d6ec6c23cd38f7aa4812426e8cb460 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 23 Feb 2024 14:18:00 +0100 -Subject: [PATCH 10/11] spec: use altfiles with success=merge on ostree systems - as well - ---- - rpm/authselect.spec.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index 350ca953632f21be861c1ee75f25f71d107ca1ee..39c4ca66058e0749e6d3aea6e7ff76a7a06c4ecc 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -223,7 +223,7 @@ exit 0 - if test -e /run/ostree-booted; then - for PROFILE in `ls %{_datadir}/authselect/default`; do - %{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null -- %__sed -ie 's/{if "with-altfiles":altfiles }/altfiles /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null -+ %__sed -ie 's/{if "with-altfiles":altfiles \[SUCCESS=merge\] }/altfiles [SUCCESS=merge] /g' %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null - done - fi - --- -2.42.0 - diff --git a/0011-profiles-put-myhostname-before-dns.patch b/0011-profiles-put-myhostname-before-dns.patch deleted file mode 100644 index 33fb9c7..0000000 --- a/0011-profiles-put-myhostname-before-dns.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 7b7889507928610b37b73641d28d5bbe3f763a4a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 23 Feb 2024 17:22:45 +0100 -Subject: [PATCH 11/11] profiles: put myhostname before dns - -To allow `hostname --fqdn` to work correctly. Putting myhostname early -prevents lookup of canonical hostname if only shortname is provided. - -myhostname has been moved back and forth several times, it looks -like this place is now functional and works as expected. ---- - profiles/local/nsswitch.conf | 2 +- - profiles/nis/nsswitch.conf | 2 +- - profiles/sssd/nsswitch.conf | 2 +- - profiles/winbind/nsswitch.conf | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf -index 8582a955c8d03ea1d122a34cd273326d985bdcfb..538926e4d5cc8c190a7b2d10fd3756ad3269a720 100644 ---- a/profiles/local/nsswitch.conf -+++ b/profiles/local/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: files {if "with-altfiles":altfiles }systemd - shadow: files - group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd --hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns - services: files - netgroup: files - automount: files -diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf -index c033812facee9159c76e2d514ac652e4de2e0b6b..488476e91879b549fe605008d500b1810360f3be 100644 ---- a/profiles/nis/nsswitch.conf -+++ b/profiles/nis/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: files {if "with-altfiles":altfiles }nis systemd - shadow: files nis - group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd --hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis myhostname dns - services: files nis - netgroup: files nis - automount: files nis -diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf -index 9f194bc82cee52d4e12779def95afa2f794f66bf..b98094d9e0eaeb1559347b81a9505822ff713034 100644 ---- a/profiles/sssd/nsswitch.conf -+++ b/profiles/sssd/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd - shadow: files - group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd --hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns - services: files sss - netgroup: files sss - sudoers: files sss {include if "with-sudo"} -diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf -index 1591ccb3ffa8bd10b8ff06a0620328e275d09241..cc966b34464bb28776b903d61fff1f6a94a1eb6f 100644 ---- a/profiles/winbind/nsswitch.conf -+++ b/profiles/winbind/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: files {if "with-altfiles":altfiles }winbind systemd - shadow: files - group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd --hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns - services: files - netgroup: files - automount: files --- -2.42.0 - diff --git a/0901-rhel10-remove-systemd-homed.patch b/0901-rhel10-remove-systemd-homed.patch index 2b28c62..4abd451 100644 --- a/0901-rhel10-remove-systemd-homed.patch +++ b/0901-rhel10-remove-systemd-homed.patch @@ -1,7 +1,7 @@ -From 054c83d1a40d5e0f98230d0f6ac34bd7ecdf383e Mon Sep 17 00:00:00 2001 +From 89bcfe5ed055ac1e80d9c782b178b7a4577e62ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 23 Feb 2024 15:49:09 +0100 -Subject: [PATCH 1/3] rhel10: remove systemd-homed +Subject: [PATCH 1/4] rhel10: remove systemd-homed systemd-homed is not present in rhel. --- @@ -23,10 +23,10 @@ systemd-homed is not present in rhel. 15 files changed, 53 deletions(-) diff --git a/profiles/local/README b/profiles/local/README -index 03f602441fe95ee280b575508f20d1f1de949b25..eedb298090b5b7c068ee1dfec0ee36c8b3086af4 100644 +index 5108590d509e9694f28358d5c4c2e60a2be99183..ad762bc2d4a55ba44fe53dba035d5c220a8b877f 100644 --- a/profiles/local/README +++ b/profiles/local/README -@@ -54,9 +54,6 @@ with-mdns4:: +@@ -57,9 +57,6 @@ with-mdns4:: with-mdns6:: Enable multicast DNS over IPv6. @@ -97,10 +97,10 @@ index 7f3c56adb2329dd4a08b1cb08b63e8d0d9b13c86..290cd24eb9c50f196d6fc68a3688f097 session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/nis/README b/profiles/nis/README -index e3a1a0b986689bfd43d9531464bcd8fa7a0f5237..745138bbdb1e045db41990dcb8864477d3408e36 100644 +index 2f91de7c397b67a28fd22df2ba9f08cebb861007..566509f541449cbc9eda9b9f46edd14d3773bb6c 100644 --- a/profiles/nis/README +++ b/profiles/nis/README -@@ -65,9 +65,6 @@ with-mdns4:: +@@ -68,9 +68,6 @@ with-mdns4:: with-mdns6:: Enable multicast DNS over IPv6. @@ -182,10 +182,10 @@ index 0bd022ee2286f37a5becb0daba2a5813693300a9..40a1bf74aaf3d721c4d720938e57766b session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/sssd/README b/profiles/sssd/README -index f7aaba8ecca4bc18a0e57d2334c2030fd26fda0d..a497da5dcffd0a03a122677c49ee2f8021927b04 100644 +index 33aa59c0d0b367f596c162ff017dd1b314be3c06..77d94f1890556dc17e0d7dc56f45da41dcf7ef22 100644 --- a/profiles/sssd/README +++ b/profiles/sssd/README -@@ -106,9 +106,6 @@ with-gssapi:: +@@ -109,9 +109,6 @@ with-gssapi:: with-subid:: Enable SSSD as a source of subid database in /etc/nsswitch.conf. @@ -196,16 +196,19 @@ index f7aaba8ecca4bc18a0e57d2334c2030fd26fda0d..a497da5dcffd0a03a122677c49ee2f80 Do not add nullok parameter to pam_unix. diff --git a/profiles/sssd/REQUIREMENTS b/profiles/sssd/REQUIREMENTS -index 6aaf7c771f7c1bcbf2aee7152422acc9d53c71f5..b36f6069a54a5f711a10aa0700f33e1a8e37794e 100644 +index 8137f4b2f9aca5654c15802e21390e6b0fa315cb..ef853121810621aae6c45cd63ae619a8473dd91e 100644 --- a/profiles/sssd/REQUIREMENTS +++ b/profiles/sssd/REQUIREMENTS -@@ -25,6 +25,3 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo +@@ -25,9 +25,6 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo - with-tlog is selected, make sure that session recording is enabled in SSSD {include if "with-tlog"} {include if "with-libvirt"} - with-libvirt is selected, make sure that the libvirt NSS plugins are installed {include if "with-libvirt"} - {include if "with-systemd-homed"} -- with-systemd-homed is selected, make sure that the system-homed service is enabled {include if "with-systemd-homed"} - - systemctl enable --now systemd-homed.service {include if "with-systemd-homed"} + {include if "with-switchable-auth"} + - with-switchable-auth is selected, make sure to enable it in sssd.conf {include if "with-switchable-auth"} + - set "pam_json_services = list-of-services" in [pam] section {include if "with-switchable-auth"} diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth index 97c33b678706e7eeb86bf45251baa41739f2940f..f468507b938ea2a7ac305a65f5fdea14a1ae10f1 100644 --- a/profiles/sssd/password-auth @@ -277,10 +280,10 @@ index 90c3504a414f0a151475cc207285b230fec381b1..870e4d7024066e3e40786bde6c3c39c7 session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/winbind/README b/profiles/winbind/README -index f65870d1d03da6465ad446dac87ed141d7115d8b..8844e1da2003a0266dfe8937774d6d6f7dad0210 100644 +index 24e6fc891ab14ac6f7aab7e86a388ae81f615b7f..11f305d5a2f18e82fd8393191e496d25c8a1f7fc 100644 --- a/profiles/winbind/README +++ b/profiles/winbind/README -@@ -75,9 +75,6 @@ with-mdns4:: +@@ -78,9 +78,6 @@ with-mdns4:: with-mdns6:: Enable multicast DNS over IPv6. @@ -372,5 +375,5 @@ index 2326c859284c5823c5a6d34390d794dbf33110d2..612143d10fe502d7f6ed636b4fba6cc6 session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid -- -2.42.0 +2.52.0 diff --git a/0902-rhel10-remove-ecryptfs-support.patch b/0902-rhel10-remove-ecryptfs-support.patch index fda2f95..e99fd62 100644 --- a/0902-rhel10-remove-ecryptfs-support.patch +++ b/0902-rhel10-remove-ecryptfs-support.patch @@ -1,7 +1,7 @@ -From 3167eaadde7a3f997925172b8d77cb380bf0d9d8 Mon Sep 17 00:00:00 2001 +From cc9a698d03a581b9e73e532a1020a9533e084329 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Mon, 10 Jun 2019 10:53:15 +0200 -Subject: [PATCH 2/3] rhel10: remove ecryptfs support +Subject: [PATCH 2/4] rhel10: remove ecryptfs support ecryptfs-utils is not present in rhel. --- @@ -25,7 +25,7 @@ ecryptfs-utils is not present in rhel. 17 files changed, 2 insertions(+), 34 deletions(-) diff --git a/profiles/nis/README b/profiles/nis/README -index 745138bbdb1e045db41990dcb8864477d3408e36..3e2f8b01fa37f8c7060a9c263f66c3df9782061d 100644 +index 566509f541449cbc9eda9b9f46edd14d3773bb6c..660ebd1e79a7e28da64e8552ac1218b1229d48f5 100644 --- a/profiles/nis/README +++ b/profiles/nis/README @@ -21,9 +21,6 @@ with-mkhomedir:: @@ -63,7 +63,7 @@ index 927fbcbda8fa4e910e29c88a3806fb5265bbc7bc..56a51d9eebb2987da340805ddb4e4a67 session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin -index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644 +index 2f89ee94cade90686ac4e0e326efe84d7d8211aa..4e1bdf83c4d6973eb5838a9d94b36c9fe40347f4 100644 --- a/profiles/nis/postlogin +++ b/profiles/nis/postlogin @@ -1,7 +1,3 @@ @@ -87,7 +87,7 @@ index 40a1bf74aaf3d721c4d720938e57766bfe651e47..74cf6ece9ce0b1b64b122fd2309ebf5d session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/sssd/README b/profiles/sssd/README -index a497da5dcffd0a03a122677c49ee2f8021927b04..2038a32b682f36d9eef51fda138730abc9666279 100644 +index 77d94f1890556dc17e0d7dc56f45da41dcf7ef22..ba9b44071a0ca906ad00c09f6fd767ea686efcb5 100644 --- a/profiles/sssd/README +++ b/profiles/sssd/README @@ -35,9 +35,6 @@ with-mkhomedir:: @@ -125,7 +125,7 @@ index f468507b938ea2a7ac305a65f5fdea14a1ae10f1..c15121ad00ff00dfcd1743341594c853 session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin -index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644 +index 2f89ee94cade90686ac4e0e326efe84d7d8211aa..4e1bdf83c4d6973eb5838a9d94b36c9fe40347f4 100644 --- a/profiles/sssd/postlogin +++ b/profiles/sssd/postlogin @@ -1,7 +1,3 @@ @@ -161,7 +161,7 @@ index 870e4d7024066e3e40786bde6c3c39c7ba8d62c0..4ea19acebe2208f9e21676bf0ae0a92e session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/winbind/README b/profiles/winbind/README -index 8844e1da2003a0266dfe8937774d6d6f7dad0210..7397bb9a6c8086b9720cc355d98de70b8107e79b 100644 +index 11f305d5a2f18e82fd8393191e496d25c8a1f7fc..f246fb43bb68f427fa0782d9662af02bcb4bf0ef 100644 --- a/profiles/winbind/README +++ b/profiles/winbind/README @@ -33,9 +33,6 @@ with-mkhomedir:: @@ -199,7 +199,7 @@ index 8d1682b9301c2b9c92292a41120f69611f148108..8b260fa06f5ed8494d1f6fac74517d3a session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin -index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644 +index 2f89ee94cade90686ac4e0e326efe84d7d8211aa..4e1bdf83c4d6973eb5838a9d94b36c9fe40347f4 100644 --- a/profiles/winbind/postlogin +++ b/profiles/winbind/postlogin @@ -1,7 +1,3 @@ @@ -246,5 +246,5 @@ index 8cc58e60301925974fdb738c5b9a746749981df8..9056913dee9eef1590c8590d3cc0b510 authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall realm join -U Administrator --client-software=winbind WINBINDDOMAIN -- -2.42.0 +2.52.0 diff --git a/0903-rhel10-remove-systemd-resolved.patch b/0903-rhel10-remove-systemd-resolved.patch index 545e5a1..a5f5b9d 100644 --- a/0903-rhel10-remove-systemd-resolved.patch +++ b/0903-rhel10-remove-systemd-resolved.patch @@ -1,7 +1,7 @@ -From b259ca399de497e0fc5e0763257e89bcc2e5a902 Mon Sep 17 00:00:00 2001 +From 7b93a32e84845c545ae3a28a6b53a77ea518d727 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 23 Feb 2024 16:01:58 +0100 -Subject: [PATCH 3/3] rhel10: remove systemd-resolved +Subject: [PATCH 3/4] rhel10: remove systemd-resolved systemd-resolved should not be enabled by default in rhel. --- @@ -12,57 +12,57 @@ systemd-resolved should not be enabled by default in rhel. 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf -index 538926e4d5cc8c190a7b2d10fd3756ad3269a720..1ad4276566f775086fc091d8e1c35d4ac94a9786 100644 +index b21d36c64249c08600ec8aca09a92a062d9eb084..bbcbf2b684e9c1e1755c0afd619e2c3b8e9c6b99 100644 --- a/profiles/local/nsswitch.conf +++ b/profiles/local/nsswitch.conf @@ -2,7 +2,7 @@ passwd: files {if "with-altfiles":altfiles }systemd - shadow: files + shadow: files systemd group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns ++hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns services: files netgroup: files automount: files diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf -index 488476e91879b549fe605008d500b1810360f3be..88110258a69e7366980944ec3ccd9c79c0a1b323 100644 +index f7749d0eb12229aa577dc0a84ef284dad24027c8..2e7b63dd36f46185c513779b09c6123bd7e7a373 100644 --- a/profiles/nis/nsswitch.conf +++ b/profiles/nis/nsswitch.conf @@ -2,7 +2,7 @@ passwd: files {if "with-altfiles":altfiles }nis systemd - shadow: files nis + shadow: files nis systemd group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis myhostname dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns ++hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis dns services: files nis netgroup: files nis automount: files nis diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf -index b98094d9e0eaeb1559347b81a9505822ff713034..89a1f230487a18d12ff9c3862e3394035bf17cff 100644 +index b893ee67698d60175ffe6396a12546f5aed97ca7..b8138a3c07e3c54612a0cbf3c0b721bedd821966 100644 --- a/profiles/sssd/nsswitch.conf +++ b/profiles/sssd/nsswitch.conf @@ -2,7 +2,7 @@ passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd - shadow: files + shadow: files systemd group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns ++hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns services: files sss netgroup: files sss sudoers: files sss {include if "with-sudo"} diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf -index cc966b34464bb28776b903d61fff1f6a94a1eb6f..5315640e39f7c84b4c138f393fa3b5c970e4afa5 100644 +index 6282c1385f687fbeb928567dc8de03c3b7d66a21..c7d57595b0c4e2f8c492b8e4f1a9c56f203337c5 100644 --- a/profiles/winbind/nsswitch.conf +++ b/profiles/winbind/nsswitch.conf @@ -2,7 +2,7 @@ passwd: files {if "with-altfiles":altfiles }winbind systemd - shadow: files + shadow: files systemd group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] myhostname dns -+hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns ++hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns services: files netgroup: files automount: files -- -2.42.0 +2.52.0 diff --git a/0904-rhel10-move-myhostname-after-dns-to-fix-hostname-fqd.patch b/0904-rhel10-move-myhostname-after-dns-to-fix-hostname-fqd.patch index 5024ee9..384c5f4 100644 --- a/0904-rhel10-move-myhostname-after-dns-to-fix-hostname-fqd.patch +++ b/0904-rhel10-move-myhostname-after-dns-to-fix-hostname-fqd.patch @@ -1,15 +1,13 @@ -From 1a19a17f08cc65ff0d701e107155cb61344bed5b Mon Sep 17 00:00:00 2001 +From abdef39cb04eee5ad2507252f917d0f2e3fdcb5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 2 Aug 2024 12:26:38 +0200 -Subject: [PATCH] rhel10: move myhostname after dns to fix hostname --fqdn +Subject: [PATCH 4/4] rhel10: move myhostname after dns to fix hostname --fqdn behavior Since rhel10 does not have systemd-resolved support in authselect, we need to place myhostname after dns module to make ` hostname --fqdn` work. This was the default order in rhel8 and rhel9. - -Resolves: https://issues.redhat.com/browse/RHEL-39537 --- profiles/local/nsswitch.conf | 2 +- profiles/nis/nsswitch.conf | 2 +- @@ -18,57 +16,57 @@ Resolves: https://issues.redhat.com/browse/RHEL-39537 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/profiles/local/nsswitch.conf b/profiles/local/nsswitch.conf -index 1ad4276566f775086fc091d8e1c35d4ac94a9786..48c7f0420030069048d41a99ec3cfad1d15da2cc 100644 +index bbcbf2b684e9c1e1755c0afd619e2c3b8e9c6b99..37a13b0e254c01b2b358bd9e85f742ade693d0ce 100644 --- a/profiles/local/nsswitch.conf +++ b/profiles/local/nsswitch.conf @@ -2,7 +2,7 @@ passwd: files {if "with-altfiles":altfiles }systemd - shadow: files + shadow: files systemd group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns +hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns myhostname services: files netgroup: files automount: files diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf -index 88110258a69e7366980944ec3ccd9c79c0a1b323..24c7499ecbfd9c034f480b7b155e6d3ae4bfd38a 100644 +index 2e7b63dd36f46185c513779b09c6123bd7e7a373..109f44129ef034795ae5585e6a7b2f12f847084b 100644 --- a/profiles/nis/nsswitch.conf +++ b/profiles/nis/nsswitch.conf @@ -2,7 +2,7 @@ passwd: files {if "with-altfiles":altfiles }nis systemd - shadow: files nis + shadow: files nis systemd group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }nis [SUCCESS=merge] systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis dns +hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }nis dns myhostname services: files nis netgroup: files nis automount: files nis diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf -index 89a1f230487a18d12ff9c3862e3394035bf17cff..40ea3aecbf0adb71bc8cc33b7dd2241c7596bcfd 100644 +index b8138a3c07e3c54612a0cbf3c0b721bedd821966..27ccf10befc3fa7e5371459cc9f6f4cd1fcf5d10 100644 --- a/profiles/sssd/nsswitch.conf +++ b/profiles/sssd/nsswitch.conf @@ -2,7 +2,7 @@ passwd: {if "with-tlog":sss }files {if "with-altfiles":altfiles }{if not "with-tlog":sss }systemd - shadow: files + shadow: files systemd group: {if "with-tlog":sss [SUCCESS=merge] }files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }{if not "with-tlog":sss [SUCCESS=merge] }systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns +hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns myhostname services: files sss netgroup: files sss sudoers: files sss {include if "with-sudo"} diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf -index 5315640e39f7c84b4c138f393fa3b5c970e4afa5..8b6c494dcf8bff14694e61ea044eb29e23ac3e47 100644 +index c7d57595b0c4e2f8c492b8e4f1a9c56f203337c5..64600c57329459e2fa78c6514f6cc8913e64d23a 100644 --- a/profiles/winbind/nsswitch.conf +++ b/profiles/winbind/nsswitch.conf @@ -2,7 +2,7 @@ passwd: files {if "with-altfiles":altfiles }winbind systemd - shadow: files + shadow: files systemd group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }winbind [SUCCESS=merge] systemd --hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }myhostname dns +-hosts: files myhostname {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns +hosts: files {if "with-libvirt":libvirt libvirt_guest }{if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] } dns myhostname services: files netgroup: files automount: files -- -2.42.0 +2.52.0 diff --git a/authselect.spec b/authselect.spec index 799bf50..89a7917 100644 --- a/authselect.spec +++ b/authselect.spec @@ -2,8 +2,8 @@ %define _empty_manifest_terminate_build 0 Name: authselect -Version: 1.5.0 -Release: 8%{?dist} +Version: 1.5.2 +Release: %autorelease Summary: Configures authentication and identity sources from supported profiles URL: https://github.com/authselect/authselect @@ -24,17 +24,6 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz %{?rhel:%global default_profile local} # Patches -Patch0001: 0001-sssd-reintroduce-with-files-access-provider.patch -Patch0002: 0002-spec-modify-specfile-for-Fedora-40-and-RHEL-10-as-mi.patch -Patch0003: 0003-po-update-translations.patch -Patch0004: 0004-nis-install-nis-profile-conditionally.patch -Patch0005: 0005-configure-drop-user-nsswitch.conf-support.patch -Patch0006: 0006-configure-drop-authconfig-compat-tool.patch -Patch0007: 0007-ci-remove-python-checks.patch -Patch0008: 0008-pot-update-pot-files.patch -Patch0009: 0009-profiles-merge-groups-records-with-SUCCESS-merge.patch -Patch0010: 0010-spec-use-altfiles-with-success-merge-on-ostree-syste.patch -Patch0011: 0011-profiles-put-myhostname-before-dns.patch # RHEL-only patches %if 0%{?rhel} @@ -58,10 +47,19 @@ BuildRequires: %{_bindir}/a2x BuildRequires: libcmocka-devel >= 1.0.0 BuildRequires: libselinux-devel Requires: authselect-libs%{?_isa} = %{version}-%{release} + +# RHEL does not have meta flag yet +%if 0%{?rhel} <= 10 Suggests: sssd Suggests: samba-winbind Suggests: fprintd-pam Suggests: oddjob-mkhomedir +%else +Suggests(meta): sssd +Suggests(meta): samba-winbind +Suggests(meta): fprintd-pam +Suggests(meta): oddjob-mkhomedir +%endif # Properly obsolete removed authselect-compat package. Obsoletes: authselect-compat < 1.3 @@ -95,11 +93,7 @@ System header files and development libraries for authselect. Useful if you develop a front-end for the authselect library. %prep -%setup -q - -for p in %patches ; do - %__patch -p1 -i $p -done +%autosetup -p1 %build autoreconf -if @@ -167,6 +161,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; %{_datadir}/authselect/default/local/README %{_datadir}/authselect/default/local/REQUIREMENTS %{_datadir}/authselect/default/local/smartcard-auth +%{_datadir}/authselect/default/local/switchable-auth %{_datadir}/authselect/default/local/system-auth %{_datadir}/authselect/default/sssd/dconf-db %{_datadir}/authselect/default/sssd/dconf-locks @@ -177,6 +172,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; %{_datadir}/authselect/default/sssd/README %{_datadir}/authselect/default/sssd/REQUIREMENTS %{_datadir}/authselect/default/sssd/smartcard-auth +%{_datadir}/authselect/default/sssd/switchable-auth %{_datadir}/authselect/default/sssd/system-auth %{_datadir}/authselect/default/winbind/dconf-db %{_datadir}/authselect/default/winbind/dconf-locks @@ -187,6 +183,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; %{_datadir}/authselect/default/winbind/README %{_datadir}/authselect/default/winbind/REQUIREMENTS %{_datadir}/authselect/default/winbind/smartcard-auth +%{_datadir}/authselect/default/winbind/switchable-auth %{_datadir}/authselect/default/winbind/system-auth %if %{with_nis_profile} %dir %{_datadir}/authselect/default/nis/ @@ -199,10 +196,12 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; %{_datadir}/authselect/default/nis/README %{_datadir}/authselect/default/nis/REQUIREMENTS %{_datadir}/authselect/default/nis/smartcard-auth +%{_datadir}/authselect/default/nis/switchable-auth %{_datadir}/authselect/default/nis/system-auth %endif %{_libdir}/libauthselect.so.* %{_mandir}/man5/authselect-profiles.5* +%dir %{_datadir}/doc/authselect %{_datadir}/doc/authselect/COPYING %{_datadir}/doc/authselect/README.md %license COPYING @@ -260,230 +259,4 @@ done exit 0 %changelog -* Tue Oct 29 2024 Troy Dawson - 1.5.0-8 -- Bump release for October 2024 mass rebuild: - Resolves: RHEL-64018 - -* Fri Aug 02 2024 Pavel Březina - 1.5.0-7 -- myhostname is put after dns module in nsswitch.conf hosts to fix hostname --fqdn (RHEL-39537) - -* Mon Jun 24 2024 Troy Dawson - 1.5.0-6 -- Bump release for June 2024 mass rebuild - -* Tue Feb 27 2024 Jonathan Lebon - 1.5.0-5 -- Fix altfiles rendering on OSTree variants - -* Fri Feb 23 2024 Pavel Březina - 1.5.0-4 -- Add back with-files-access-provider -- Remove outdated scriptlets -- Group merging added to nsswitch.conf group in all profiles -- myhostname is put right before dns module in nsswitch.conf hosts (rhbz#2257197) -- Internal packaging changes - -* Mon Jan 22 2024 Fedora Release Engineering - 1.5.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 1.5.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Thu Jan 18 2024 Pavel Březina - 1.5.0-1 -- Rebase to 1.5.0 -- "minimal" profile was removed and replaced with "local". (rhbz#2253180) -- "local" profile is now default (rhbz#2253180) - -* Wed Sep 27 2023 Pavel Březina - 1.4.3-1 -- Rebase to 1.4.3 - -* Wed Jul 19 2023 Fedora Release Engineering - 1.4.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Wed Jan 18 2023 Fedora Release Engineering - 1.4.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Mon Dec 5 2022 Pavel Březina - 1.4.2-1 -- Rebase to 1.4.2 - -* Thu Dec 1 2022 Pavel Březina - 1.4.1-1 -- Rebase to 1.4.1 - -* Wed Jul 20 2022 Fedora Release Engineering - 1.4.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Fri Jul 8 2022 Pavel Březina - 1.4.0-2 -- Fix issues with popt-1.19 - -* Thu May 5 2022 Pavel Březina - 1.4.0-1 -- Rebase to 1.3.0 - -* Thu Feb 10 2022 Pavel Březina - 1.3.0-10 -- Fix mdns support (#2052269) - -* Thu Feb 3 2022 Pavel Březina - 1.3.0-9 -- Make authselect compatible with ostree (#2034360) -- Authselect now requires explicit opt-out if users don't want to use it (#2051545) - -* Wed Jan 19 2022 Fedora Release Engineering - 1.3.0-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Thu Jan 13 2022 Pavel Březina - 1.3.0-7 -- Remove unnecessary dependencies (#2039869) - -* Thu Jan 13 2022 Pavel Březina - 1.3.0-6 -- Fix detection of ostree system (#2034360) - -* Tue Dec 28 2021 Frantisek Zatloukal - 1.3.0-5 -- Try to use io.open() in pre scriptlet instead of rpm.open() (rpm >= 4.17.0) - -* Tue Dec 21 2021 Frantisek Zatloukal - 1.3.0-4 -- Use lua for pre scriptlets to reduce dependencies - -* Fri Dec 10 2021 Pavel Březina - 1.3.0-3 -- Update conflicting versions of glibc and pam - -* Mon Dec 6 2021 Pavel Březina - 1.3.0-1 -- Rebase to 1.3.0 -- Authselect configuration is now enforced (#2000936) - -* Sat Aug 14 2021 Björn Esser - 1.2.4-2 -- Add proper Obsoletes for removed authselect-compat package - Fixes: rhbz#1993189 - -* Mon Aug 9 2021 Pavel Březina - 1.2.4-1 -- Rebase to 1.2.4 - -* Wed Jul 21 2021 Fedora Release Engineering - 1.2.3-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon Jun 21 2021 Björn Esser - 1.2.3-3 -- Backport support for yescrypt hash method - -* Fri Jun 04 2021 Python Maint - 1.2.3-2 -- Rebuilt for Python 3.10 - -* Wed Mar 31 2021 Pavel Březina - 1.2.3-1 -- Rebase to 1.2.3 - -* Tue Mar 09 2021 Benjamin Berg - 1.2.2-4 -- Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors - Resolves: #1935331 - -* Thu Mar 4 2021 Pavel Březina - 1.2.2-3 -- minimal: add dconf settings to explicitly disable fingerprint and smartcard authentication - -* Tue Jan 26 2021 Fedora Release Engineering - 1.2.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Wed Nov 25 2020 Pavel Březina - 1.2.2-1 -- Rebase to 1.2.2 -- Add nss-altfiles to profiles on Fedora Silverblue - -* Mon Jul 27 2020 Fedora Release Engineering - 1.2.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 22 2020 Pavel Březina - 1.2.1-3 -- Add resolved by default to nis and minimal profiles -- Fix parsing of multiple conditionals on the same line - -* Tue May 26 2020 Miro Hrončok - 1.2.1-2 -- Rebuilt for Python 3.9 - -* Mon May 11 2020 Pavel Březina - 1.2.1-1 -- Rebase to 1.2.1 - -* Wed Mar 4 2020 Pavel Březina - 1.2-1 -- Rebase to 1.2 - -* Mon Feb 17 2020 Pavel Březina - 1.1-7 -- fix restoring non-authselect configuration from backup - -* Wed Jan 29 2020 Pavel Březina - 1.1-6 -- cli: fix auto backup when --force is set - -* Tue Jan 28 2020 Fedora Release Engineering - 1.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Oct 03 2019 Miro Hrončok - 1.1-4 -- Rebuilt for Python 3.8.0rc1 (#1748018) - -* Mon Aug 19 2019 Miro Hrončok - 1.1-3 -- Rebuilt for Python 3.8 - -* Wed Jul 24 2019 Fedora Release Engineering - 1.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu Jun 13 2019 Pavel Březina - 1.1-1 -- Rebase to 1.1 - -* Tue Feb 26 2019 Pavel Březina - 1.0.3-1 -- Rebase to 1.0.3 - -* Tue Feb 26 2019 Igor Gnatenko - 1.0.2-4 -- Use %ghost for files owned by authselect - -* Thu Jan 31 2019 Fedora Release Engineering - 1.0.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Dec 3 2018 Pavel Březina - 1.0.2-2 -- Resolves rhbz#1655025 (invalid backup). - -* Fri Nov 23 2018 Pavel Březina - 1.0.2-1 -- Rebase to 1.0.2 - -* Thu Sep 27 2018 Pavel Březina - 1.0.1-2 -- Require systemd instead of systemctl - -* Thu Sep 27 2018 Pavel Březina - 1.0.1-1 -- Rebase to 1.0.1 - -* Fri Sep 14 2018 Pavel Březina - 1.0-3 -- Scriptlets should no produce any error messages (RHBZ #1622272) -- Provide fix for pwquality configuration (RHBZ #1618865) - -* Thu Aug 30 2018 Adam Williamson - 1.0-2 -- Backport PR #78 to fix broken pwquality config (RHBZ #1618865) - -* Mon Aug 13 2018 Pavel Březina - 1.0-1 -- Rebase to 1.0 - -* Thu Jul 12 2018 Fedora Release Engineering - 0.4-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jun 19 2018 Miro Hrončok - 0.4-4 -- Rebuilt for Python 3.7 - -* Mon May 14 2018 Pavel Březina - 0.4-3 -- Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403) - -* Wed Apr 25 2018 Christian Heimes - 0.4-2 -- Don't disable oddjobd.service (RHBZ #1571844) - -* Mon Apr 9 2018 Pavel Březina - 0.4-1 -- rebasing to 0.4 - -* Tue Mar 6 2018 Pavel Březina - 0.3.2-1 -- rebasing to 0.3.2 -- authselect-compat now only suggests packages, not recommends - -* Mon Mar 5 2018 Pavel Březina - 0.3.1-1 -- rebasing to 0.3.1 - -* Tue Feb 20 2018 Igor Gnatenko - 0.3-3 -- Provide authconfig - -* Tue Feb 20 2018 Igor Gnatenko - 0.3-2 -- Properly own all appropriate directories -- Remove unneeded %%defattr -- Remove deprecated Group tag -- Make Obsoletes versioned -- Remove unneeded ldconfig scriptlets - -* Tue Feb 20 2018 Pavel Březina - 0.3-1 -- rebasing to 0.3 -* Wed Feb 07 2018 Fedora Release Engineering - 0.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -* Wed Jan 10 2018 Pavel Březina - 0.2-2 -- fix rpmlint errors -* Wed Jan 10 2018 Pavel Březina - 0.2-1 -- rebasing to 0.2 -* Mon Jul 31 2017 Jakub Hrozek - 0.1-1 -- initial packaging +%autochangelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..5a63c31 --- /dev/null +++ b/changelog @@ -0,0 +1,227 @@ +* Tue Oct 29 2024 Troy Dawson - 1.5.0-8 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 + +* Fri Aug 02 2024 Pavel Březina - 1.5.0-7 +- myhostname is put after dns module in nsswitch.conf hosts to fix hostname --fqdn (RHEL-39537) + +* Mon Jun 24 2024 Troy Dawson - 1.5.0-6 +- Bump release for June 2024 mass rebuild + +* Tue Feb 27 2024 Jonathan Lebon - 1.5.0-5 +- Fix altfiles rendering on OSTree variants + +* Fri Feb 23 2024 Pavel Březina - 1.5.0-4 +- Add back with-files-access-provider +- Remove outdated scriptlets +- Group merging added to nsswitch.conf group in all profiles +- myhostname is put right before dns module in nsswitch.conf hosts (rhbz#2257197) +- Internal packaging changes + +* Mon Jan 22 2024 Fedora Release Engineering - 1.5.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 1.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 18 2024 Pavel Březina - 1.5.0-1 +- Rebase to 1.5.0 +- "minimal" profile was removed and replaced with "local". (rhbz#2253180) +- "local" profile is now default (rhbz#2253180) + +* Wed Sep 27 2023 Pavel Březina - 1.4.3-1 +- Rebase to 1.4.3 + +* Wed Jul 19 2023 Fedora Release Engineering - 1.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jan 18 2023 Fedora Release Engineering - 1.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Dec 5 2022 Pavel Březina - 1.4.2-1 +- Rebase to 1.4.2 + +* Thu Dec 1 2022 Pavel Březina - 1.4.1-1 +- Rebase to 1.4.1 + +* Wed Jul 20 2022 Fedora Release Engineering - 1.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Fri Jul 8 2022 Pavel Březina - 1.4.0-2 +- Fix issues with popt-1.19 + +* Thu May 5 2022 Pavel Březina - 1.4.0-1 +- Rebase to 1.3.0 + +* Thu Feb 10 2022 Pavel Březina - 1.3.0-10 +- Fix mdns support (#2052269) + +* Thu Feb 3 2022 Pavel Březina - 1.3.0-9 +- Make authselect compatible with ostree (#2034360) +- Authselect now requires explicit opt-out if users don't want to use it (#2051545) + +* Wed Jan 19 2022 Fedora Release Engineering - 1.3.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jan 13 2022 Pavel Březina - 1.3.0-7 +- Remove unnecessary dependencies (#2039869) + +* Thu Jan 13 2022 Pavel Březina - 1.3.0-6 +- Fix detection of ostree system (#2034360) + +* Tue Dec 28 2021 Frantisek Zatloukal - 1.3.0-5 +- Try to use io.open() in pre scriptlet instead of rpm.open() (rpm >= 4.17.0) + +* Tue Dec 21 2021 Frantisek Zatloukal - 1.3.0-4 +- Use lua for pre scriptlets to reduce dependencies + +* Fri Dec 10 2021 Pavel Březina - 1.3.0-3 +- Update conflicting versions of glibc and pam + +* Mon Dec 6 2021 Pavel Březina - 1.3.0-1 +- Rebase to 1.3.0 +- Authselect configuration is now enforced (#2000936) + +* Sat Aug 14 2021 Björn Esser - 1.2.4-2 +- Add proper Obsoletes for removed authselect-compat package + Fixes: rhbz#1993189 + +* Mon Aug 9 2021 Pavel Březina - 1.2.4-1 +- Rebase to 1.2.4 + +* Wed Jul 21 2021 Fedora Release Engineering - 1.2.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jun 21 2021 Björn Esser - 1.2.3-3 +- Backport support for yescrypt hash method + +* Fri Jun 04 2021 Python Maint - 1.2.3-2 +- Rebuilt for Python 3.10 + +* Wed Mar 31 2021 Pavel Březina - 1.2.3-1 +- Rebase to 1.2.3 + +* Tue Mar 09 2021 Benjamin Berg - 1.2.2-4 +- Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors + Resolves: #1935331 + +* Thu Mar 4 2021 Pavel Březina - 1.2.2-3 +- minimal: add dconf settings to explicitly disable fingerprint and smartcard authentication + +* Tue Jan 26 2021 Fedora Release Engineering - 1.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Nov 25 2020 Pavel Březina - 1.2.2-1 +- Rebase to 1.2.2 +- Add nss-altfiles to profiles on Fedora Silverblue + +* Mon Jul 27 2020 Fedora Release Engineering - 1.2.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 22 2020 Pavel Březina - 1.2.1-3 +- Add resolved by default to nis and minimal profiles +- Fix parsing of multiple conditionals on the same line + +* Tue May 26 2020 Miro Hrončok - 1.2.1-2 +- Rebuilt for Python 3.9 + +* Mon May 11 2020 Pavel Březina - 1.2.1-1 +- Rebase to 1.2.1 + +* Wed Mar 4 2020 Pavel Březina - 1.2-1 +- Rebase to 1.2 + +* Mon Feb 17 2020 Pavel Březina - 1.1-7 +- fix restoring non-authselect configuration from backup + +* Wed Jan 29 2020 Pavel Březina - 1.1-6 +- cli: fix auto backup when --force is set + +* Tue Jan 28 2020 Fedora Release Engineering - 1.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Oct 03 2019 Miro Hrončok - 1.1-4 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Mon Aug 19 2019 Miro Hrončok - 1.1-3 +- Rebuilt for Python 3.8 + +* Wed Jul 24 2019 Fedora Release Engineering - 1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jun 13 2019 Pavel Březina - 1.1-1 +- Rebase to 1.1 + +* Tue Feb 26 2019 Pavel Březina - 1.0.3-1 +- Rebase to 1.0.3 + +* Tue Feb 26 2019 Igor Gnatenko - 1.0.2-4 +- Use %ghost for files owned by authselect + +* Thu Jan 31 2019 Fedora Release Engineering - 1.0.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Dec 3 2018 Pavel Březina - 1.0.2-2 +- Resolves rhbz#1655025 (invalid backup). + +* Fri Nov 23 2018 Pavel Březina - 1.0.2-1 +- Rebase to 1.0.2 + +* Thu Sep 27 2018 Pavel Březina - 1.0.1-2 +- Require systemd instead of systemctl + +* Thu Sep 27 2018 Pavel Březina - 1.0.1-1 +- Rebase to 1.0.1 + +* Fri Sep 14 2018 Pavel Březina - 1.0-3 +- Scriptlets should no produce any error messages (RHBZ #1622272) +- Provide fix for pwquality configuration (RHBZ #1618865) + +* Thu Aug 30 2018 Adam Williamson - 1.0-2 +- Backport PR #78 to fix broken pwquality config (RHBZ #1618865) + +* Mon Aug 13 2018 Pavel Březina - 1.0-1 +- Rebase to 1.0 + +* Thu Jul 12 2018 Fedora Release Engineering - 0.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 0.4-4 +- Rebuilt for Python 3.7 + +* Mon May 14 2018 Pavel Březina - 0.4-3 +- Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403) + +* Wed Apr 25 2018 Christian Heimes - 0.4-2 +- Don't disable oddjobd.service (RHBZ #1571844) + +* Mon Apr 9 2018 Pavel Březina - 0.4-1 +- rebasing to 0.4 + +* Tue Mar 6 2018 Pavel Březina - 0.3.2-1 +- rebasing to 0.3.2 +- authselect-compat now only suggests packages, not recommends + +* Mon Mar 5 2018 Pavel Březina - 0.3.1-1 +- rebasing to 0.3.1 + +* Tue Feb 20 2018 Igor Gnatenko - 0.3-3 +- Provide authconfig + +* Tue Feb 20 2018 Igor Gnatenko - 0.3-2 +- Properly own all appropriate directories +- Remove unneeded %%defattr +- Remove deprecated Group tag +- Make Obsoletes versioned +- Remove unneeded ldconfig scriptlets + +* Tue Feb 20 2018 Pavel Březina - 0.3-1 +- rebasing to 0.3 +* Wed Feb 07 2018 Fedora Release Engineering - 0.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild +* Wed Jan 10 2018 Pavel Březina - 0.2-2 +- fix rpmlint errors +* Wed Jan 10 2018 Pavel Březina - 0.2-1 +- rebasing to 0.2 +* Mon Jul 31 2017 Jakub Hrozek - 0.1-1 +- initial packaging diff --git a/sources b/sources index 72352b6..6cc240f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (authselect-1.5.0.tar.gz) = 33101654f8fd15e14bb644cf486734757fcfb7f0b83916ec1571f71d3e558e199ac6a14d10d402932531b54951717fda65d4a506199f9760937af26159ee5894 +SHA512 (authselect-1.5.2.tar.gz) = a4dc363ede65740be651ebba328f051be68d60e918c3d67bc95e0bd3a491d555fbeb840c7b11590941f50340ef5bf3c002e3c49e1c73ae2d40a66c5d811a549b