rpms/authselect
6
0
Fork 0
Code Issues Pull Requests Releases Activity

new upstream release (1.0)

Browse Source
This commit is contained in:
Pavel Březina 2018-08-14 13:02:13 +02:00
parent bcada503e0
commit 6cc7543c3f
5 changed files with 76 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@
/authselect-0.3.1.tar.gz
/authselect-0.3.2.tar.gz
/authselect-0.4.tar.gz
/authselect-1.0.tar.gz

38
0001-Don-t-disable-oddjobd.service.patch
View File

@ -1,38 +0,0 @@
From fb7477d0a9e5077adf328163fb83bb8aad8242ca Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Wed, 25 Apr 2018 15:59:22 +0200
Subject: [PATCH] Don't disable oddjobd.service
authselect disables oddjobd.service unless the mkhomedir option is
supplied. This breaks other services that depend on oddjobd, e.g.
FreeIPA.
Enable oddjobd.service with mkhomedir. Don't touch oddjobd.service
otherwise.
See: https://pagure.io/freeipa/issue/7465
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1571844
Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
src/compat/authcompat.py.in.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
index e83c36e..95fd07f 100755
--- a/src/compat/authcompat.py.in.in
+++ b/src/compat/authcompat.py.in.in
@@ -437,10 +437,10 @@ class AuthCompat:
config.cleanup()
self.disableService(config.service)
+ # Enable oddjobd for mkhomedir, but don't disable the service in
+ # case it's already running.
if self.options.getBool("mkhomedir"):
self.enableService("oddjobd")
- else:
- self.disableService("oddjobd")
def main():
--
2.14.3

43
0002-sssd-disable-sudo-by-default.patch
View File

@ -1,43 +0,0 @@
From 4b1981a67216f56e67cff3887fe38ee8063ee0b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 9 May 2018 14:27:56 +0200
Subject: [PATCH] sssd: disable sudo by default
SSSD's sudo responder is not enabled by default on Fedora systems,
therefore having it enabled in nsswitch.conf produced warnings in
logs or sudo mails.
---
profiles/sssd/README | 3 +++
profiles/sssd/nsswitch.conf | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/profiles/sssd/README b/profiles/sssd/README
index d2e104f80ce1c1993c683f5c5331f09e8afa1ee9..a7e6e640eefa1268586169b7349e8ed6d062066f 100644
--- a/profiles/sssd/README
+++ b/profiles/sssd/README
@@ -50,6 +50,9 @@ with-fingerprint::
with-silent-lastlog::
Do not produce pam_lastlog message during login.
+with-sudo::
+ Allow sudo to use SSSD as a source for sudo rules in addition of /etc/sudoers.
+
EXAMPLES
--------
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
index fa5d76a9594dca9b9e192af7774600451557e5c5..cde7964a8531ae2b5e28ed6bf5428731b80b6ece 100644
--- a/profiles/sssd/nsswitch.conf
+++ b/profiles/sssd/nsswitch.conf
@@ -3,7 +3,7 @@ group: sss files
netgroup: sss files
automount: sss files
services: sss files
-sudoers: files sss
+sudoers: files {if "with-sudo":sss}
shadow: files
ethers: files
--
2.14.3

102
authselect.spec
View File

@ -1,15 +1,12 @@
Name: authselect
Version: 0.4
Release: 5%{?dist}
Version: 1.0
Release: 1%{?dist}
Summary: Configures authentication and identity sources from supported profiles
URL: https://github.com/pbrezina/authselect
License: GPLv3+
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch1: 0001-Don-t-disable-oddjobd.service.patch
Patch2: 0002-sssd-disable-sudo-by-default.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@ -18,6 +15,7 @@ BuildRequires: gcc
BuildRequires: pkgconfig
BuildRequires: pkgconfig(popt)
BuildRequires: gettext-devel
BuildRequires: po4a
BuildRequires: %{_bindir}/a2x
BuildRequires: libcmocka-devel >= 1.0.0
Requires: authselect-libs%{?_isa} = %{version}-%{release}
@ -74,8 +72,6 @@ you develop a front-end for the authselect library.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
@ -89,20 +85,40 @@ autoreconf -if
%install
%make_install
# Find translations
%find_lang %{name}
%find_lang %{name} %{name}.8.lang --with-man
%find_lang %{name}-migration %{name}-migration.7.lang --with-man
%find_lang %{name}-profiles %{name}-profiles.5.lang --with-man
# We want this file to contain only manual page translations
sed -i '/LC_MESSAGES/d' %{name}.8.lang
# Remove .la and .a files created by libtool
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
%ldconfig_scriptlets libs
%files libs
%files libs -f %{name}.lang -f %{name}-profiles.5.lang
%dir %{_sysconfdir}/authselect
%dir %{_sysconfdir}/authselect/custom
%dir %{_localstatedir}/lib/authselect
%dir %{_datadir}/authselect
%dir %{_datadir}/authselect/vendor
%dir %{_datadir}/authselect/default
%dir %{_datadir}/authselect/default/nis/
%dir %{_datadir}/authselect/default/sssd/
%dir %{_datadir}/authselect/default/winbind/
%{_datadir}/authselect/default/nis/dconf-db
%{_datadir}/authselect/default/nis/dconf-locks
%{_datadir}/authselect/default/nis/fingerprint-auth
%{_datadir}/authselect/default/nis/nsswitch.conf
%{_datadir}/authselect/default/nis/password-auth
%{_datadir}/authselect/default/nis/postlogin
%{_datadir}/authselect/default/nis/README
%{_datadir}/authselect/default/nis/REQUIREMENTS
%{_datadir}/authselect/default/nis/system-auth
%{_datadir}/authselect/default/sssd/dconf-db
%{_datadir}/authselect/default/sssd/dconf-locks
%{_datadir}/authselect/default/sssd/fingerprint-auth
@ -110,6 +126,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
%{_datadir}/authselect/default/sssd/password-auth
%{_datadir}/authselect/default/sssd/postlogin
%{_datadir}/authselect/default/sssd/README
%{_datadir}/authselect/default/sssd/REQUIREMENTS
%{_datadir}/authselect/default/sssd/smartcard-auth
%{_datadir}/authselect/default/sssd/system-auth
%{_datadir}/authselect/default/winbind/dconf-db
@ -119,6 +136,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
%{_datadir}/authselect/default/winbind/password-auth
%{_datadir}/authselect/default/winbind/postlogin
%{_datadir}/authselect/default/winbind/README
%{_datadir}/authselect/default/winbind/REQUIREMENTS
%{_datadir}/authselect/default/winbind/system-auth
%{_libdir}/libauthselect.so.*
%{_mandir}/man5/authselect-profiles.5*
@ -136,47 +154,75 @@ find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
%{_libdir}/libauthselect.so
%{_libdir}/pkgconfig/authselect.pc
%files
%files -f %{name}.8.lang -f %{name}-migration.7.lang
%{_bindir}/authselect
%{_mandir}/man8/authselect.8*
%{_mandir}/man7/authselect-migration.7*
%global updatefile %{_localstatedir}/lib/rpm-state/%{name}.update-profile
%global validfile %{_localstatedir}/lib/rpm-state/%{name}.config-valid
%pre libs
rm -f "%{updatefile}"
rm -f %{validfile}
if [ $1 -gt 1 ] ; then
# Check that authselect cli is installed, otherwise there is nothing to do.
rpm -q %{name} &> /dev/null
if [ $? -ne 0 ] ; then
exit 0
fi
# This is an upgrade. Check that the current configuration is valid
# and store the information for later use in posttrans. The check must
# be done here (before profiles are updated), otherwise it would return
# an error if the new profile is different from the old one but selected.
# Remember if the current configuration is valid
%{_bindir}/authselect check &> /dev/null
if [ $? -eq 0 ]; then
touch "%{updatefile}"
touch %{validfile}
fi
fi
exit 0
%posttrans libs
if [ -f "%{updatefile}" ]; then
# This is an upgrade. Update current profile if possible.
PROFILE=`%{_bindir}/authselect current --raw`
if [ $? -eq 0 ]; then
%{_bindir}/authselect select $PROFILE --force &> /dev/null
# Copy nsswitch.conf to user-nsswitch.conf if it was not yet created
if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then
cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null
# If we are upgrading from older version, we want to remove these comments.
sed -i '/^# Generated by authselect on .*$/{$!{
N;N # Read also next two lines
/# Generated by authselect on .*\n# Do not modify this file manually.\n/d
}}' %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
fi
# If the configuration is valid and we are upgrading from older version
# we need to create these files since they were added in 1.0.
if [ -f %{validfile} ]; then
FILES="nsswitch.conf system-auth password-auth fingerprint-auth \
smartcard-auth postlogin dconf-db dconf-locks"
for FILE in $FILES ; do
cp -n %{_sysconfdir}/authselect/$FILE \
%{_localstatedir}/lib/authselect/$FILE &> /dev/null
done
rm -f %{validfile}
fi
# Apply any changes to profiles (validates configuration first internally)
%{_bindir}/authselect apply-changes &> /dev/null
# Enable with-sudo feature if sssd-sudo responder is enabled. RHBZ#1582111
CURRENT=`%{_bindir}/authselect current --raw`
if [ $? -eq 0 ]; then
PROFILE=`echo $CURRENT | awk '{print $1;}'`
if [ $PROFILE == "sssd" ] ; then
if grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then
%{_bindir}/authselect enable-feature with-sudo
elif systemctl is-active sssd-sudo.service sssd-sudo.socket --quiet || systemctl is-enabled sssd-sudo.socket --quiet ; then
%{_bindir}/authselect enable-feature with-sudo
fi
fi
rm -f "%{updatefile}"
fi
exit 0
%changelog
* Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
- Rebase to 1.0
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (authselect-0.4.tar.gz) = 5d2ed1080943f270dcfe9825f3d81bf471860648846729ca2b0847f659fbc84558abaab0570a600a9dc8d896832404da94058085237c8ee9be1fcf5a6e4fd212
SHA512 (authselect-1.0.tar.gz) = d5463a1b854d9c18bd687a43d3c2822302f872d4b35c16b671d22aec78131f99ab08c96184e50778cea322bb04a1991b59f845dba55bb408634cb333bfb2d2fc