diff --git a/.gitignore b/.gitignore index 0436ce1..aeb06b3 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /authselect-1.2.3.tar.gz /authselect-1.2.4.tar.gz /authselect-1.3.0.tar.gz +/authselect-1.4.0.tar.gz diff --git a/0001-main-Drop-an-unnecessary-NULL-check-before-free.patch b/0001-main-Drop-an-unnecessary-NULL-check-before-free.patch deleted file mode 100644 index 276cf38..0000000 --- a/0001-main-Drop-an-unnecessary-NULL-check-before-free.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 46386b75fb90ce91ede80093ce73e99fde53ba3b Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Tue, 4 Jan 2022 18:33:30 -0500 -Subject: [PATCH 01/11] main: Drop an unnecessary `NULL` check before `free()` - -From `man free()`: - -``` -The free() function frees the memory space pointed to by ptr ... If ptr is NULL, no operation is performed. -``` - -Obviously there are *tons* of these in the codebase; just doing -this one as a preliminary PR; if accepted I may do some more, or -others can. Or we could try a coccinelle semantic patch. ---- - src/cli/main.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/cli/main.c b/src/cli/main.c -index 4b8ab8573470c55891d35f50fc9c20d7459776ba..575e56f00edfc35ab4b5368ee40a497016d68cc3 100644 ---- a/src/cli/main.c -+++ b/src/cli/main.c -@@ -231,9 +231,7 @@ done: - free(requirements); - authselect_array_free(maps); - authselect_profile_free(profile); -- if (features != NULL) { -- free(features); -- } -+ free(features); - - return ret; - } --- -2.34.1 - diff --git a/0002-lib-drop-strict-change-detection.patch b/0002-lib-drop-strict-change-detection.patch deleted file mode 100644 index ac24217..0000000 --- a/0002-lib-drop-strict-change-detection.patch +++ /dev/null @@ -1,376 +0,0 @@ -From 4c4730ea760ddfed94de55769682356c7f95fd21 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 11:30:23 +0100 -Subject: [PATCH 02/11] lib: drop strict change detection - -One of the main authselect features is to refuse to overwrite user -changes to the configuration. To do so, it used to validate files and -directory structure and also files contents. - -This however allowed to have a mixed configuration on the system, that -was created by authselect but then modified by user. This is no longer -possible and the behavior has changed in a way that any user changes -made to configuration created by authselect are overwritten without -requiring the *--force* parameter (files contents are no longer -validated). - -This will make the configuration consistent - users either use -authselect or not, nothing in between. It also makes authselect work -on ostree server side, where it is not possible to write to /var. ---- - Makefile.am | 2 -- - rpm/authselect.spec.in | 8 ----- - src/conf_macros.m4 | 4 --- - src/lib/Makefile.am | 2 -- - src/lib/authselect.c | 27 ++++----------- - src/lib/files/config.c | 1 - - src/lib/files/system.c | 62 ++------------------------------- - src/lib/paths.h | 78 ++++++++++++++++++------------------------ - 8 files changed, 41 insertions(+), 143 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 0277c6ef6d43e60ea330c465535a88ae405c8630..1c9b88d47f809cb218d19887734769f12b944bb4 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -35,7 +35,6 @@ authselect_custom_dir=@AUTHSELECT_CUSTOM_DIR@ - authselect_dconf_dir=@AUTHSELECT_DCONF_DIR@ - authselect_pam_dir=@AUTHSELECT_PAM_DIR@ - authselect_backup_dir=@AUTHSELECT_BACKUP_DIR@ --authselect_state_dir=@AUTHSELECT_STATE_DIR@ - - install-exec-hook: - $(MKDIR_P) $(DESTDIR)$/$(authselect_config_dir) -@@ -45,7 +44,6 @@ install-exec-hook: - $(MKDIR_P) $(DESTDIR)$/$(authselect_dconf_dir)/locks - $(MKDIR_P) $(DESTDIR)$/$(authselect_pam_dir) - $(MKDIR_P) $(DESTDIR)$/$(authselect_backup_dir) -- $(MKDIR_P) $(DESTDIR)$/$(authselect_state_dir) - - # Build RPMs - RPMBUILD ?= $(PWD)/rpmbuild -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index c05c010c916ac095ba021adf87dd6b985c9661a6..9f36d0dcf001f953b8384d54f60af25d71ef0321 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -184,14 +184,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; - %endif - %dir %{_localstatedir}/lib/authselect - %ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/ --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-db --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-locks --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/fingerprint-auth --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/nsswitch.conf --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/password-auth --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/postlogin --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/smartcard-auth --%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/system-auth - %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created - %dir %{_datadir}/authselect - %dir %{_datadir}/authselect/vendor -diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 -index 68d8885c0c2d637ae8aaa02e4bd15fab70af5841..17c1629723066b0c4e354051366ce209428af6c1 100644 ---- a/src/conf_macros.m4 -+++ b/src/conf_macros.m4 -@@ -58,10 +58,6 @@ CONFIGURABLE_VALUE(backup-dir, backup_dir, AUTHSELECT_BACKUP_DIR, DIR, - [Directory where configuration backups should be stored], - $localstatedir/lib/authselect/backups) - --CONFIGURABLE_VALUE(state-dir, state_dir, AUTHSELECT_STATE_DIR, DIR, -- [Directory where authselect state should be stored], -- $localstatedir/lib/authselect) -- - CONFIGURABLE_VALUE(pythonbin, pythonbin, PYTHON_BIN, PATH, - [Path to the python interpreter], - $bindir/python3) -diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am -index c0bc1cc1439c64c2e096e03020f4464496992878..88411ac51bd8d7c219c3097542e16fa99e0a38a2 100644 ---- a/src/lib/Makefile.am -+++ b/src/lib/Makefile.am -@@ -43,7 +43,6 @@ authselect_dconf_dir=@AUTHSELECT_DCONF_DIR@ - authselect_dconf_file=@AUTHSELECT_DCONF_FILE@ - authselect_dconf_bin=@AUTHSELECT_DCONF_BIN@ - authselect_backup_dir=@AUTHSELECT_BACKUP_DIR@ --authselect_state_dir=@AUTHSELECT_STATE_DIR@ - - libauthselect_la_SOURCES = \ - authselect.c \ -@@ -84,7 +83,6 @@ libauthselect_la_CFLAGS = \ - -DAUTHSELECT_DCONF_FILE=\"$(authselect_dconf_file)\" \ - -DAUTHSELECT_DCONF_BIN=\"$(authselect_dconf_bin)\" \ - -DAUTHSELECT_BACKUP_DIR=\"$(authselect_backup_dir)\" \ -- -DAUTHSELECT_STATE_DIR=\"$(authselect_state_dir)\" \ - $(NULL) - libauthselect_la_LDFLAGS = \ - -Wl,--version-script=$(srcdir)/authselect.exports \ -diff --git a/src/lib/authselect.c b/src/lib/authselect.c -index a901e02719713bd13d5a4fab606ee713b3d6ddca..b84aa73351448dc5caf802ae7282ebd9aa1c27d7 100644 ---- a/src/lib/authselect.c -+++ b/src/lib/authselect.c -@@ -103,32 +103,17 @@ authselect_activate(const char *profile_id, - goto done; - } - -- /* First, check that current configuration is valid. */ -+ /* Require force if authselect.conf is missing or invalid but otherwise -+ * ignore user changes. */ - ret = authselect_validate_configuration(&is_valid); -- if (ret != EOK && ret != ENOENT) { -- ERROR("Unable to check configuration [%d]: %s", ret, strerror(ret)); -- goto done; -- } -- -- if (!is_valid) { -- ERROR("Unexpected changes to the configuration were detected."); -- ERROR("Refusing to activate profile unless those changes are removed " -- "or overwrite is requested."); -+ if (ret != EOK) { -+ ERROR("%s is missing or unreadable, system was not properly configured " -+ "by authselect.", PATH_CONFIG_FILE); -+ ERROR("Refusing to activate profile unless overwrite is requested."); - ret = EEXIST; - goto done; - } - -- /* If no configuration is present, check for existing files. */ -- if (ret == ENOENT) { -- if (!authselect_symlinks_location_available()) { -- ERROR("File that needs to be overwritten was found"); -- ERROR("Refusing to activate profile unless this file is removed " -- "or overwrite is requested."); -- ret = EEXIST; -- goto done; -- } -- } -- - ret = authselect_profile_activate(profile, features); - - done: -diff --git a/src/lib/files/config.c b/src/lib/files/config.c -index 2d95a1223220888a71e103fa0face84fd1c89dbb..8a10ef8c4c4ccd1a047b39b3ff6399fe31d17c73 100644 ---- a/src/lib/files/config.c -+++ b/src/lib/files/config.c -@@ -142,7 +142,6 @@ authselect_config_locations_writable() - { - struct authselect_symlink files[] = { - {PATH_CONFIG_FILE, NULL, false}, -- {PATH_COPY_SYSTEM, NULL, false}, - SYMLINK_FILES - }; - bool result = true; -diff --git a/src/lib/files/system.c b/src/lib/files/system.c -index b121fc4aa5f0e1482bbbb46055274298c0d6447e..e830942c629f462b3b187a7591a1b9b2c248d9da 100644 ---- a/src/lib/files/system.c -+++ b/src/lib/files/system.c -@@ -213,19 +213,11 @@ authselect_system_write(const char **features, - - struct authselect_generated generated[] = GENERATED_FILES(files); - char *tmp_files[sizeof(generated)/sizeof(struct authselect_generated)] = {NULL}; -- char *tmp_copies[sizeof(generated)/sizeof(struct authselect_generated)] = {NULL}; - - /* First, write content into temporary files, so we can safely fail - * on error. */ - now = time(NULL); - for (i = 0; generated[i].path != NULL; i++) { -- ret = authselect_system_write_temp(generated[i].copy_path, -- generated[i].content, -- now, &tmp_copies[i]); -- if (ret != EOK) { -- goto done; -- } -- - ret = authselect_system_write_temp(generated[i].path, - generated[i].content, - now, &tmp_files[i]); -@@ -241,14 +233,6 @@ authselect_system_write(const char **features, - * can fail is EIO which we can not do anything about and we can not - * even recover from it. - */ -- for (i = 0; generated[i].copy_path != NULL; i++) { -- ret = authselect_system_rename_temp(&tmp_copies[i], -- generated[i].copy_path); -- if (ret != EOK) { -- goto done; -- } -- } -- - for (i = 0; generated[i].path != NULL; i++) { - ret = authselect_system_rename_temp(&tmp_files[i], generated[i].path); - if (ret != EOK) { -@@ -261,12 +245,6 @@ authselect_system_write(const char **features, - done: - if (ret != EOK) { - for (i = 0; generated[i].path != NULL; i++) { -- if (tmp_copies[i] != NULL) { -- unlink(tmp_copies[i]); -- free(tmp_copies[i]); -- tmp_copies[i] = NULL; -- } -- - if (tmp_files[i] != NULL) { - unlink(tmp_files[i]); - free(tmp_files[i]); -@@ -280,46 +258,12 @@ done: - } - - static bool --authselect_system_validate_file(const char *path, -- const char *copy_path, -- const char *expected) -+authselect_system_validate_file(const char *path) - { -- char *content; -- char *copy_content; - errno_t ret; - bool bret; - - INFO("Validating file [%s]", path); -- expected = expected == NULL ? "" : expected; -- -- ret = textfile_read(path, AUTHSELECT_FILE_SIZE_LIMIT, &content); -- if (ret == ENOENT) { -- ERROR("[%s] does not exist!", path); -- return false; -- } else if (ret == EACCES) { -- ERROR("Unable to read [%s] [%d]: %s", path, ret, strerror(ret)); -- return false; -- } else if (ret != EOK) { -- ERROR("Unable to validate file [%s] [%d]: %s", path, ret, strerror(ret)); -- return false; -- } -- -- ret = textfile_read(copy_path, AUTHSELECT_FILE_SIZE_LIMIT, ©_content); -- if (ret == EOK) { -- /* Compare against copy of the originally generated files. */ -- INFO("Comparing content against [%s]", copy_path); -- bret = strcmp(content, copy_content) == 0; -- free(copy_content); -- } else { -- INFO("Comparing content against current profile"); -- bret = template_validate_written_content(content, expected); -- } -- -- free(content); -- if (!bret) { -- ERROR("[%s] has unexpected content!", path); -- return false; -- } - - ret = file_is_regular(path, AUTHSELECT_UID, AUTHSELECT_GID, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, &bret); -@@ -341,9 +285,7 @@ authselect_system_validate(struct authselect_files *files) - int i; - - for (i = 0; generated[i].path != NULL; i++) { -- bret = authselect_system_validate_file(generated[i].path, -- generated[i].copy_path, -- generated[i].content); -+ bret = authselect_system_validate_file(generated[i].path); - result &= bret; - if (!bret) { - WARN("File [%s] was modified outside authselect!", -diff --git a/src/lib/paths.h b/src/lib/paths.h -index e6f7b32013a901d35d9d385a3a50dc4868b80d70..ca30b784f8bc63150f46ef08a26ec2bc5bcb3d67 100644 ---- a/src/lib/paths.h -+++ b/src/lib/paths.h -@@ -56,17 +56,6 @@ - /* Path to files that can be modified by user. */ - #define PATH_USER_NSSWITCH AUTHSELECT_CONFIG_DIR "/user-nsswitch.conf" - --/* Paths to copy generated system files. Used to check changes -- * in configuration. */ --#define PATH_COPY_SYSTEM AUTHSELECT_STATE_DIR "/" FILE_SYSTEM --#define PATH_COPY_PASSWORD AUTHSELECT_STATE_DIR "/" FILE_PASSWORD --#define PATH_COPY_FINGERPRINT AUTHSELECT_STATE_DIR "/" FILE_FINGERPRINT --#define PATH_COPY_SMARTCARD AUTHSELECT_STATE_DIR "/" FILE_SMARTCARD --#define PATH_COPY_POSTLOGIN AUTHSELECT_STATE_DIR "/" FILE_POSTLOGIN --#define PATH_COPY_NSSWITCH AUTHSELECT_STATE_DIR "/" FILE_NSSWITCH --#define PATH_COPY_DCONF_DB AUTHSELECT_STATE_DIR "/" FILE_DCONF_DB --#define PATH_COPY_DCONF_LOCK AUTHSELECT_STATE_DIR "/" FILE_DCONF_LOCK -- - /* Names of symbolic links that points to generated files. */ - #define PATH_SYMLINK_SYSTEM AUTHSELECT_PAM_DIR "/" FILE_SYSTEM - #define PATH_SYMLINK_PASSWORD AUTHSELECT_PAM_DIR "/" FILE_PASSWORD -@@ -86,47 +75,46 @@ - * @see GENERATED_FILES, GENERATED_FILES_PATHS */ - struct authselect_generated { - const char *path; -- const char *copy_path; - const char *content; - }; - --#define GENERATED_FILES(files) \ --{ \ -- {PATH_SYSTEM, PATH_COPY_SYSTEM, (files)->systemauth}, \ -- {PATH_PASSWORD, PATH_COPY_PASSWORD, (files)->passwordauth}, \ -- {PATH_FINGERPRINT, PATH_COPY_FINGERPRINT, (files)->fingerprintauth}, \ -- {PATH_SMARTCARD, PATH_COPY_SMARTCARD, (files)->smartcardauth}, \ -- {PATH_POSTLOGIN, PATH_COPY_POSTLOGIN, (files)->postlogin}, \ -- {PATH_NSSWITCH, PATH_COPY_NSSWITCH, (files)->nsswitch}, \ -- {PATH_DCONF_DB, PATH_COPY_DCONF_DB, (files)->dconfdb}, \ -- {PATH_DCONF_LOCK, PATH_COPY_DCONF_LOCK, (files)->dconflock}, \ -- {NULL, NULL, NULL} \ -+#define GENERATED_FILES(files) \ -+{ \ -+ {PATH_SYSTEM, (files)->systemauth}, \ -+ {PATH_PASSWORD, (files)->passwordauth}, \ -+ {PATH_FINGERPRINT, (files)->fingerprintauth}, \ -+ {PATH_SMARTCARD, (files)->smartcardauth}, \ -+ {PATH_POSTLOGIN, (files)->postlogin}, \ -+ {PATH_NSSWITCH, (files)->nsswitch}, \ -+ {PATH_DCONF_DB, (files)->dconfdb}, \ -+ {PATH_DCONF_LOCK, (files)->dconflock}, \ -+ {NULL, NULL} \ - } - --#define GENERATED_FILES_PATHS \ --{ \ -- {PATH_SYSTEM, NULL, NULL}, \ -- {PATH_PASSWORD, NULL, NULL}, \ -- {PATH_FINGERPRINT, NULL, NULL}, \ -- {PATH_SMARTCARD, NULL, NULL}, \ -- {PATH_POSTLOGIN, NULL, NULL}, \ -- {PATH_NSSWITCH, NULL, NULL}, \ -- {PATH_DCONF_DB, NULL, NULL}, \ -- {PATH_DCONF_LOCK, NULL, NULL}, \ -- {NULL, NULL, NULL} \ -+#define GENERATED_FILES_PATHS \ -+{ \ -+ {PATH_SYSTEM, NULL}, \ -+ {PATH_PASSWORD, NULL}, \ -+ {PATH_FINGERPRINT, NULL}, \ -+ {PATH_SMARTCARD, NULL}, \ -+ {PATH_POSTLOGIN, NULL}, \ -+ {PATH_NSSWITCH, NULL}, \ -+ {PATH_DCONF_DB, NULL}, \ -+ {PATH_DCONF_LOCK, NULL}, \ -+ {NULL, NULL} \ - } - --#define PROFILE_FILES(files) \ --{ \ -- {FILE_SYSTEM, NULL, (files)->systemauth}, \ -- {FILE_PASSWORD, NULL, (files)->passwordauth}, \ -- {FILE_FINGERPRINT, NULL, (files)->fingerprintauth}, \ -- {FILE_SMARTCARD, NULL, (files)->smartcardauth}, \ -- {FILE_POSTLOGIN, NULL, (files)->postlogin}, \ -- {FILE_NSSWITCH, NULL, (files)->nsswitch}, \ -- {FILE_DCONF_DB, NULL, (files)->dconfdb}, \ -- {FILE_DCONF_LOCK, NULL, (files)->dconflock}, \ -- {NULL, NULL, NULL} \ -+#define PROFILE_FILES(files) \ -+{ \ -+ {FILE_SYSTEM, (files)->systemauth}, \ -+ {FILE_PASSWORD, (files)->passwordauth}, \ -+ {FILE_FINGERPRINT, (files)->fingerprintauth}, \ -+ {FILE_SMARTCARD, (files)->smartcardauth}, \ -+ {FILE_POSTLOGIN, (files)->postlogin}, \ -+ {FILE_NSSWITCH, (files)->nsswitch}, \ -+ {FILE_DCONF_DB, (files)->dconfdb}, \ -+ {FILE_DCONF_LOCK, (files)->dconflock}, \ -+ {NULL, NULL} \ - } - - /* Structure to hold information about symbolic link names and destinations. --- -2.34.1 - diff --git a/0003-lib-let-authselect_uninstall-delete-files-from-etc-a.patch b/0003-lib-let-authselect_uninstall-delete-files-from-etc-a.patch deleted file mode 100644 index 43b5b30..0000000 --- a/0003-lib-let-authselect_uninstall-delete-files-from-etc-a.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 87a19680be527ebc8035afc850078ca10000ba7b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 11:58:57 +0100 -Subject: [PATCH 03/11] lib: let authselect_uninstall delete files from - /etc/authselect - -This is to ensure that there are no left overs. ---- - src/lib/authselect.c | 10 ++++++++++ - src/lib/files/files.h | 6 ++++++ - src/lib/files/system.c | 30 ++++++++++++++++++++++++++++++ - 3 files changed, 46 insertions(+) - -diff --git a/src/lib/authselect.c b/src/lib/authselect.c -index b84aa73351448dc5caf802ae7282ebd9aa1c27d7..62a0fde47d122cea21f3738e7badc2fdb6a7c78b 100644 ---- a/src/lib/authselect.c -+++ b/src/lib/authselect.c -@@ -142,6 +142,16 @@ authselect_uninstall(void) - - INFO("Symbolic links were successfully removed"); - -+ /* Remove files from /etc/authselect */ -+ ret = authselect_files_uninstall(); -+ if (ret != EOK) { -+ ERROR("Unable to remove authselect configuration [%d]: %s", -+ ret, strerror(ret)); -+ return ret; -+ } -+ -+ INFO("Authselect configuration was successfully removed"); -+ - return EOK; - } - -diff --git a/src/lib/files/files.h b/src/lib/files/files.h -index d91e80e176ebead21fa24acea5eccc97838bb2a5..9a551b3c0c3da3b241cdd9bd88ed550e1e60c72a 100644 ---- a/src/lib/files/files.h -+++ b/src/lib/files/files.h -@@ -229,6 +229,12 @@ authselect_symlinks_location_available(void); - errno_t - authselect_symlinks_uninstall(); - -+/** -+ * Remove files from authselect directory. -+ */ -+errno_t -+authselect_files_uninstall(void); -+ - /** - * List all profile directories in a sorted NULL-terminated string array. - * -diff --git a/src/lib/files/system.c b/src/lib/files/system.c -index e830942c629f462b3b187a7591a1b9b2c248d9da..0cbe2d0a495a98ec24f822b0bd64b7538887f047 100644 ---- a/src/lib/files/system.c -+++ b/src/lib/files/system.c -@@ -319,3 +319,33 @@ authselect_system_validate_missing() - - return result; - } -+ -+errno_t -+authselect_files_uninstall() -+{ -+ struct authselect_generated generated[] = GENERATED_FILES_PATHS; -+ errno_t ret; -+ int iret; -+ int i; -+ -+ errno = 0; -+ iret = unlink(PATH_CONFIG_FILE); -+ if (iret != 0 && errno != ENOENT) { -+ ret = errno; -+ ERROR("Unable to delete [%s] [%d]: %s", PATH_CONFIG_FILE, -+ ret, strerror(ret)); -+ return ret; -+ } -+ -+ for (i = 0; generated[i].path != NULL; i++) { -+ /* We can ignore errors here. */ -+ iret = unlink(generated[i].path); -+ if (iret != 0 && errno != ENOENT) { -+ ret = errno; -+ WARN("Unable to delete [%s] [%d]: %s", generated[i].path, -+ ret, strerror(ret)); -+ } -+ } -+ -+ return EOK; -+} --- -2.34.1 - diff --git a/0004-cli-add-opt-out-command.patch b/0004-cli-add-opt-out-command.patch deleted file mode 100644 index f669987..0000000 --- a/0004-cli-add-opt-out-command.patch +++ /dev/null @@ -1,107 +0,0 @@ -From f337c17c359c7264395804e6d15e1c294e458dbe Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 12:00:00 +0100 -Subject: [PATCH 04/11] cli: add opt-out command - -To opt-out from authselect managed configuration. ---- - rpm/authselect.spec.in | 2 +- - src/cli/authselect-completion.sh | 2 +- - src/cli/main.c | 4 +++- - src/lib/authselect.c | 6 ++++++ - src/man/authselect.8.adoc | 14 ++++++++++++++ - 5 files changed, 25 insertions(+), 3 deletions(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index 9f36d0dcf001f953b8384d54f60af25d71ef0321..6e178b88bc2f19cb17692b029430e3eca13dfbef 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -264,7 +264,7 @@ if [ $1 == 0 ] ; then - # deleted safely. If this fail, the uninstallation must fail to avoid - # breaking the system by removing PAM files. However, the command can - # only fail if it can not write to the file system. -- %{_bindir}/authselect uninstall -+ %{_bindir}/authselect opt-out - fi - - %pre libs -diff --git a/src/cli/authselect-completion.sh b/src/cli/authselect-completion.sh -index 84a63c9ec9278417720f6bde270c498a700ca48d..8f03aee850a088cdf77bf3dda3a2cf017e257709 100644 ---- a/src/cli/authselect-completion.sh -+++ b/src/cli/authselect-completion.sh -@@ -191,7 +191,7 @@ _authselect_completions() - - COMMANDS=(select apply-changes list list-features show requirements current - check test enable-feature disable-feature create-profile -- backup-list backup-remove backup-restore) -+ backup-list backup-remove backup-restore opt-out) - - possibleopts="$(get_option_params)" - if [[ "$possibleopts" != "" ]]; then -diff --git a/src/cli/main.c b/src/cli/main.c -index 575e56f00edfc35ab4b5368ee40a497016d68cc3..db5f6dc2de6f4f58273f0719f8bb77122edfafe5 100644 ---- a/src/cli/main.c -+++ b/src/cli/main.c -@@ -967,7 +967,9 @@ int main(int argc, const char **argv) - CLI_TOOL_COMMAND("backup-list", "List available backups", CLI_CMD_NONE, backup_list), - CLI_TOOL_COMMAND("backup-remove", "Remove backup", CLI_CMD_REQUIRE_ROOT, backup_remove), - CLI_TOOL_COMMAND("backup-restore", "Restore from backup", CLI_CMD_REQUIRE_ROOT, backup_restore), -- CLI_TOOL_COMMAND("uninstall", "Uninstall authselect configuration", CLI_CMD_REQUIRE_ROOT | CLI_CMD_HIDDEN, uninstall), -+ CLI_TOOL_DELIMITER("Other:"), -+ CLI_TOOL_COMMAND("opt-out", "Opt-out from authselect managed configuration", CLI_CMD_REQUIRE_ROOT, uninstall), -+ /* Hidden commands */ - CLI_TOOL_COMMAND("version", "Print authselect version", CLI_CMD_HIDDEN, version), - CLI_TOOL_LAST - }; -diff --git a/src/lib/authselect.c b/src/lib/authselect.c -index 62a0fde47d122cea21f3738e7badc2fdb6a7c78b..6b8edf32a50a06fdaa583146c1b8a549ba17130a 100644 ---- a/src/lib/authselect.c -+++ b/src/lib/authselect.c -@@ -114,6 +114,12 @@ authselect_activate(const char *profile_id, - goto done; - } - -+ if (!is_valid) { -+ ERROR("Changes to the authselect configuration were detected. " -+ "These changes will be overwritten. Please call " -+ "'authselect opt-out' in order to keep them."); -+ } -+ - ret = authselect_profile_activate(profile, features); - - done: -diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc -index ff6dc1e234580061e059316451a1ed293cd1502e..47e04106543825a4c0995a22c336bd7d2d1f9c81 100644 ---- a/src/man/authselect.8.adoc -+++ b/src/man/authselect.8.adoc -@@ -37,6 +37,12 @@ automatically generate a backup of your current configuration so if you wish - to go back you can restore it with *authselect backup-restore* command - (see description below). - -+OPT-OUT FROM AUTHSELECT -+----------------------- -+To stop authselect from managing your configuration, run *authselect opt-out*. -+This will remove all authselect configuration from your system and you can then -+modify your configuration manually. -+ - AVAILABLE COMMANDS - ------------------ - To list all available commands run *authselect* without any parameters. -@@ -232,6 +238,14 @@ These commands can be used to manage backed up configurations. - Restore configuration from backup named _BACKUP_. *Note:* this will - overwrite current configuration. - -+OTHER COMMANDS -+-------------- -+ -+*opt-out*:: -+ Remove authselect configuration. This will restore nsswitch and PAM -+ configuration under its system location and authselect will no longer -+ manage it. Run *authselect select* to opt-in again. -+ - COMMON OPTIONS - -------------- - These options are available with all commands. --- -2.34.1 - diff --git a/0005-lib-make-preambule-more-descriptive.patch b/0005-lib-make-preambule-more-descriptive.patch deleted file mode 100644 index eb6bf04..0000000 --- a/0005-lib-make-preambule-more-descriptive.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 4f6f91cf8098053dd855d6b8a1c20fcb8815a90c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 12:00:29 +0100 -Subject: [PATCH 05/11] lib: make preambule more descriptive - ---- - src/lib/util/template.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/lib/util/template.c b/src/lib/util/template.c -index 17513dc733016e8b59df5d33fc25794122677211..8ecb0428634ea487e3f6454ec243ebffc7d0fec2 100644 ---- a/src/lib/util/template.c -+++ b/src/lib/util/template.c -@@ -567,7 +567,9 @@ template_generate_preamble(time_t timestamp) - } - - preamble = format("# Generated by authselect on %s\n" -- "# Do not modify this file manually.\n\n", -+ "# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.\n" -+ "# You can stop authselect from managing your configuration by calling 'authselect opt-out'.\n" -+ "# See authselect(8) for more details.\n\n", - trimmed); - free(trimmed); - if (preamble == NULL) { --- -2.34.1 - diff --git a/0006-spec-own-user-nsswitch-created-only-if-with_user_nss.patch b/0006-spec-own-user-nsswitch-created-only-if-with_user_nss.patch deleted file mode 100644 index edac15f..0000000 --- a/0006-spec-own-user-nsswitch-created-only-if-with_user_nss.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 4c08cf7b01ea2c219de30f944b08f50663974104 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 12:15:35 +0100 -Subject: [PATCH 06/11] spec: own user-nsswitch-created only if - with_user_nsswitch - ---- - rpm/authselect.spec.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index 6e178b88bc2f19cb17692b029430e3eca13dfbef..781d0193c02c9c4c9fa18596caeebe7e02a25a12 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -179,12 +179,12 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; - %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/smartcard-auth - %ghost %attr(0644,root,root) %{_sysconfdir}/pam.d/system-auth - %endif --%if %{with_user_nsswitch} --%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf --%endif - %dir %{_localstatedir}/lib/authselect - %ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/ -+%if %{with_user_nsswitch} -+%ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf - %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created -+%endif - %dir %{_datadir}/authselect - %dir %{_datadir}/authselect/vendor - %dir %{_datadir}/authselect/default --- -2.34.1 - diff --git a/0007-cli-check-command-return-6-if-no-configuration-is-de.patch b/0007-cli-check-command-return-6-if-no-configuration-is-de.patch deleted file mode 100644 index fb71f3f..0000000 --- a/0007-cli-check-command-return-6-if-no-configuration-is-de.patch +++ /dev/null @@ -1,256 +0,0 @@ -From 3a3df3b409d599682de3936374fc6de9c7163373 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 12:37:37 +0100 -Subject: [PATCH 07/11] cli: check command return 6 if no configuration is - detected - -If no configuration is detected at all (no files in /etc/authselect -and no system configuration is present either) the check command now -returns 6. This can be used to detect fresh installation. ---- - include/authselect.h | 5 +++-- - src/cli/cli_tool.c | 2 ++ - src/cli/main.c | 10 ++++++++-- - src/lib/authselect.c | 13 ++++++++---- - src/lib/files/config.c | 36 ++++++++++++++++++++++++++++++--- - src/lib/files/files.h | 42 +++++++++++++++++++++++++-------------- - src/man/authselect.8.adoc | 1 + - 7 files changed, 83 insertions(+), 26 deletions(-) - -diff --git a/include/authselect.h b/include/authselect.h -index 5b6cad122257e3ae9509d5799a02668c6705e978..bf04aace4607f765a5b46185a4e9ef70867f73f6 100644 ---- a/include/authselect.h -+++ b/include/authselect.h -@@ -192,8 +192,9 @@ authselect_feature_disable(const char *feature); - * @return - * - 0 if there is an existing authselect configuration, the result of - * validation is returned in @_is_valid output variable. -- * - ENOENT if there is no existing authselect configuration, the result of -- * validation is returned in @_is_valid output variable. -+ * - ENOENT if there is no existing configuration -+ * - EEXIST if there is existing configuration, not created by authselect, -+ * the result of validation is returned in @_is_valid output variable. - * - Other errno code on generic error. - */ - int -diff --git a/src/cli/cli_tool.c b/src/cli/cli_tool.c -index 64807af3cb0c3aeb70ff652962dca62a3b99c431..83bc1ef339bdc5e610c930ccb605946f0096fb1a 100644 ---- a/src/cli/cli_tool.c -+++ b/src/cli/cli_tool.c -@@ -445,6 +445,8 @@ int cli_tool_main(int argc, const char **argv, - return 4; - case EACCES: - return 5; -+ case ENODEV: -+ return 6; - } - - /* Generic error. */ -diff --git a/src/cli/main.c b/src/cli/main.c -index db5f6dc2de6f4f58273f0719f8bb77122edfafe5..afe10097612a06b78f0aa45738dc4f9cc3a4f9c9 100644 ---- a/src/cli/main.c -+++ b/src/cli/main.c -@@ -349,7 +349,7 @@ static errno_t check(struct cli_cmdline *cmdline) - } - - ret = authselect_validate_configuration(&is_valid); -- if (ret != EOK && ret != ENOENT) { -+ if (ret != EOK && ret != ENOENT && ret != EEXIST) { - ERROR("Unable to test current configuration [%d]: %s", - ret, strerror(ret)); - -@@ -367,12 +367,18 @@ static errno_t check(struct cli_cmdline *cmdline) - puts(_("Current configuration is valid.")); - break; - case ENOENT: -+ puts(_("No configuration detected.")); -+ ret = ENODEV; -+ break; -+ case EEXIST: - puts(_("System was not configured with authselect.")); -+ ret = ENOENT; /* for backwards compatibility */ - break; - } - - /* EOK = existing configuration is valid, -- * ENOENT = non-existing configuration is valid */ -+ * ENODEV = no configuration detected, -+ * ENOENT = non-authselet configuration is valid */ - return ret; - } - -diff --git a/src/lib/authselect.c b/src/lib/authselect.c -index 6b8edf32a50a06fdaa583146c1b8a549ba17130a..bcb53f03c67c6b822480ad3557919ca75f045949 100644 ---- a/src/lib/authselect.c -+++ b/src/lib/authselect.c -@@ -271,14 +271,19 @@ authselect_validate_configuration(bool *_is_valid) - - ret = authselect_config_read(&profile_id, &features); - if (ret == ENOENT) { -- *_is_valid = authselect_config_validate_non_existing(); -- return ENOENT; -+ *_is_valid = authselect_config_validate_user(); -+ -+ if (*_is_valid && authselect_config_validate_missing()) { -+ return ENOENT; -+ } -+ -+ return EEXIST; - } if (ret != EOK) { - return ret; - } - -- *_is_valid = authselect_config_validate_existing(profile_id, -- (const char **)features); -+ *_is_valid = authselect_config_validate_authselect(profile_id, -+ (const char **)features); - - free(profile_id); - string_array_free(features); -diff --git a/src/lib/files/config.c b/src/lib/files/config.c -index 8a10ef8c4c4ccd1a047b39b3ff6399fe31d17c73..c841860e347d08bcfb14ca51c0630b453d186d00 100644 ---- a/src/lib/files/config.c -+++ b/src/lib/files/config.c -@@ -183,8 +183,8 @@ authselect_config_locations_writable() - } - - bool --authselect_config_validate_existing(const char *profile_id, -- const char **features) -+authselect_config_validate_authselect(const char *profile_id, -+ const char **features) - { - struct authselect_files *files; - bool result = true; -@@ -209,7 +209,7 @@ authselect_config_validate_existing(const char *profile_id, - } - - bool --authselect_config_validate_non_existing() -+authselect_config_validate_user() - { - bool result = true; - -@@ -218,3 +218,33 @@ authselect_config_validate_non_existing() - - return result; - } -+ -+bool -+authselect_config_validate_missing() -+{ -+ struct authselect_generated generated[] = GENERATED_FILES_PATHS; -+ struct authselect_symlink symlinks[] = {SYMLINK_FILES}; -+ errno_t ret; -+ int i; -+ -+ ret = file_exists(PATH_CONFIG_FILE); -+ if (ret != ENOENT) { -+ return false; -+ } -+ -+ for (i = 0; generated[i].path != NULL; i++) { -+ ret = file_exists(generated[i].path); -+ if (ret != ENOENT) { -+ return false; -+ } -+ } -+ -+ for (i = 0; symlinks[i].name != NULL; i++) { -+ ret = file_exists(symlinks[i].name); -+ if (ret != ENOENT) { -+ return false; -+ } -+ } -+ -+ return true; -+} -diff --git a/src/lib/files/files.h b/src/lib/files/files.h -index 9a551b3c0c3da3b241cdd9bd88ed550e1e60c72a..5eeca3ebf58e730c586d6bf6bf18e22a67218067 100644 ---- a/src/lib/files/files.h -+++ b/src/lib/files/files.h -@@ -71,7 +71,7 @@ bool - authselect_config_locations_writable(void); - - /** -- * Validate existing configuration. -+ * Validate existing authselect configuration. - * - * Check that all files are created, readable and with correct content - * and that all symbolic links exist. -@@ -79,8 +79,31 @@ authselect_config_locations_writable(void); - * @return True if the configuration is valid, false otherwise. - */ - bool --authselect_config_validate_existing(const char *profile_id, -- const char **features); -+authselect_config_validate_authselect(const char *profile_id, -+ const char **features); -+ -+/** -+ * Validate existing non-authselect configuration. -+ * -+ * Check that there are no left overs from previous authselect configuration. -+ * All generated files must be removed and all symbolic links must either not -+ * exists, point to different location or must be other file or directory. -+ * -+ * @return True if the are no left overs, false otherwise. -+ */ -+bool -+authselect_config_validate_user(void); -+ -+/** -+ * Validate missing configuration. -+ * -+ * Check that there is no configuration at all (there are no authselect and -+ * no system files present). -+ * -+ * @return True if there is no configuration, false otherwise. -+ */ -+bool -+authselect_config_validate_missing(void); - - /** - * Generate contents of nsswitch.conf. -@@ -108,18 +131,6 @@ errno_t - authselect_nsswitch_find_maps(char *content, - char ***_maps); - --/** -- * Validate non-existing configuration. -- * -- * Check that there are no left overs from previous authselect configuration. -- * All generated files must be removed and all symbolic links must either not -- * exists, point to different location or must be other file or directory. -- * -- * @return True if the are no left overs, false otherwise. -- */ --bool --authselect_config_validate_non_existing(); -- - /** - * Read system files templates and return them in files structure. - * -@@ -235,6 +246,7 @@ authselect_symlinks_uninstall(); - errno_t - authselect_files_uninstall(void); - -+ - /** - * List all profile directories in a sorted NULL-terminated string array. - * -diff --git a/src/man/authselect.8.adoc b/src/man/authselect.8.adoc -index 47e04106543825a4c0995a22c336bd7d2d1f9c81..9295701619332f23db74c8560b8ac2003a0b6c4d 100644 ---- a/src/man/authselect.8.adoc -+++ b/src/man/authselect.8.adoc -@@ -363,6 +363,7 @@ The *authselect* can return these exit codes: - * 3: Current configuration is not valid, it was edited without authselect. - * 4: System configuration must be overwritten to activate an authselect profile, --force parameter is needed. - * 5: Executed command must be run as root. -+* 6: No configuration was detected. - - GENERATED FILES - --------------- --- -2.34.1 - diff --git a/0008-spec-do-not-backup-non-existing-configuration-on-fre.patch b/0008-spec-do-not-backup-non-existing-configuration-on-fre.patch deleted file mode 100644 index 1e7ac35..0000000 --- a/0008-spec-do-not-backup-non-existing-configuration-on-fre.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 919ffffe831d361c1575899ac17c30a428536714 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 12:43:28 +0100 -Subject: [PATCH 08/11] spec: do not backup non-existing configuration on fresh - install - -Freshly installed system does not have any configuration files to -backup. ---- - rpm/authselect.spec.in | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index 781d0193c02c9c4c9fa18596caeebe7e02a25a12..dc21389fdc91db3d115699f1db16eb8dc906ac8c 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -312,10 +312,15 @@ if %__grep "OSTREE_VERSION=" /etc/os-release &> /dev/null; then - done - fi - -+%{_bindir}/authselect check &> /dev/null -+if [ $? -eq 6 ]; then -+ NOBACKUP="--nobackup" -+fi -+ - # If we are upgrading from pre authselect-1.3.0 or this is a new installation - # select the default configuration. - if [ -f %{forcefile} ]; then -- %{_bindir}/authselect select %{default_profile} --force &> /dev/null -+ %{_bindir}/authselect select %{default_profile} --force $NOBACKUP &> /dev/null - %__rm -f %{forcefile} - fi - --- -2.34.1 - diff --git a/0009-lib-bump-soname-version-to-4-3-1.patch b/0009-lib-bump-soname-version-to-4-3-1.patch deleted file mode 100644 index 0dfe13d..0000000 --- a/0009-lib-bump-soname-version-to-4-3-1.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 66e06017494ff092e56373c88787e728ade3d361 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Mon, 31 Jan 2022 12:58:55 +0100 -Subject: [PATCH 09/11] lib: bump soname version to 4:3:1 - -Algorithm used: -https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html ---- - src/lib/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am -index 88411ac51bd8d7c219c3097542e16fa99e0a38a2..365da957a3ee8cd2e5abebc2a5190844f47d4879 100644 ---- a/src/lib/Makefile.am -+++ b/src/lib/Makefile.am -@@ -86,7 +86,7 @@ libauthselect_la_CFLAGS = \ - $(NULL) - libauthselect_la_LDFLAGS = \ - -Wl,--version-script=$(srcdir)/authselect.exports \ -- -version-info 4:2:1 -+ -version-info 4:3:1 - - pkgconfigdir = $(libdir)/pkgconfig - pkgconfig_DATA = \ --- -2.34.1 - diff --git a/0010-spec-fix-detection-of-ostree-system.patch b/0010-spec-fix-detection-of-ostree-system.patch deleted file mode 100644 index a6f7089..0000000 --- a/0010-spec-fix-detection-of-ostree-system.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e12f91ecaf437315c02d74aef9d08a5def140d6c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 1 Feb 2022 09:57:01 +0100 -Subject: [PATCH 10/11] spec: fix detection of ostree system - -The information in /etc/os-release may not be available if the system -has not yet been mutated into ostree. This may happen during initial -compose. ---- - rpm/authselect.spec.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index dc21389fdc91db3d115699f1db16eb8dc906ac8c..fa01d4508b34023ad36d7bbfc6ffb05c517a9198 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -301,7 +301,7 @@ fi - - # Keep nss-altfiles for all rpm-ostree based systems. - # See https://github.com/authselect/authselect/issues/48 --if %__grep "OSTREE_VERSION=" /etc/os-release &> /dev/null; then -+if test -e /run/ostree-booted; then - for PROFILE in `ls %{_datadir}/authselect/default`; do - %{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null - %if %{with_user_nsswitch} --- -2.34.1 - diff --git a/0011-spec-remove-unnecessary-dependencies.patch b/0011-spec-remove-unnecessary-dependencies.patch deleted file mode 100644 index cb897a3..0000000 --- a/0011-spec-remove-unnecessary-dependencies.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 33230db31309b08a4e332fc5ee49f440871b7ee8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Tue, 1 Feb 2022 09:58:29 +0100 -Subject: [PATCH 11/11] spec: remove unnecessary dependencies - -- gawk, findutils and grep are no longer needed in scriptlets -- systemd does not have to be required - -PAM and nsswitch.conf from shipped profiles references several -systemd modules. However if those modules are not installed, -they are simply ignored, therefore this dependency can be -omitted. - -systemd is usually installed anyway, but it is not necessary to -pull it in on cases when it is not desired, such as in containers. ---- - rpm/authselect.spec.in | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in -index fa01d4508b34023ad36d7bbfc6ffb05c517a9198..c11dfa510307e951ec6f9aa15dfe2dd4b19cd2f9 100644 ---- a/rpm/authselect.spec.in -+++ b/rpm/authselect.spec.in -@@ -72,11 +72,8 @@ supported by authselect. - Summary: Utility library used by the authselect tool - # Required by scriptlets - Requires: coreutils --Requires: findutils --Requires: gawk --Requires: grep - Requires: sed --Requires: systemd -+Suggests: systemd - %if %{enforce_authselect} - # authselect now owns nsswitch.conf (glibc) and pam files - Conflicts: pam < 1.5.2-8 --- -2.34.1 - diff --git a/0012-profile-fix-mdns-support.patch b/0012-profile-fix-mdns-support.patch deleted file mode 100644 index 97ecbb1..0000000 --- a/0012-profile-fix-mdns-support.patch +++ /dev/null @@ -1,69 +0,0 @@ -From b9cbd670c2993dd2c6c8c107712c68f8c874ac16 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Thu, 10 Feb 2022 12:40:45 +0100 -Subject: [PATCH] profile: fix mdns support - -Resolves: -https://github.com/authselect/authselect/issues/293 ---- - profiles/minimal/nsswitch.conf | 2 +- - profiles/nis/nsswitch.conf | 2 +- - profiles/sssd/nsswitch.conf | 2 +- - profiles/winbind/nsswitch.conf | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/profiles/minimal/nsswitch.conf b/profiles/minimal/nsswitch.conf -index 6c3c355b523226a694d64276ffe907cec175022b..563ba030d4c1291023ba36d33eb9f225f10cfa9b 100644 ---- a/profiles/minimal/nsswitch.conf -+++ b/profiles/minimal/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: files {if "with-altfiles":altfiles }systemd - shadow: files - group: files {if "with-altfiles":altfiles }systemd --hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns -+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns - services: files - netgroup: files - automount: files -diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf -index e60eeaacf68728d7355647c068fff9bbb1916b4a..49b91eaaa1395ea2fcbe402bc29bd7fb24c4a0c9 100644 ---- a/profiles/nis/nsswitch.conf -+++ b/profiles/nis/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: files {if "with-altfiles":altfiles }nis systemd - shadow: files nis - group: files {if "with-altfiles":altfiles }nis systemd --hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] nis myhostname dns -+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] nis dns - services: files nis - netgroup: files nis - automount: files nis -diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf -index 526cbaeeecee7649e2b3071c8706ce35ec7ed388..699fac909dd66bec06dcf372a99b487be2d85059 100644 ---- a/profiles/sssd/nsswitch.conf -+++ b/profiles/sssd/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd - shadow: files - group: {if "with-files-domain":sss }files {if "with-altfiles":altfiles }{if not "with-files-domain":sss }systemd --hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns -+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns - services: files sss - netgroup: files sss - sudoers: files sss {include if "with-sudo"} -diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf -index b3ea72d94bc3795113d76178ed070ff8f928e137..835800e50f94256baca99bd31e09ef1488e5eeb1 100644 ---- a/profiles/winbind/nsswitch.conf -+++ b/profiles/winbind/nsswitch.conf -@@ -2,7 +2,7 @@ - passwd: files {if "with-altfiles":altfiles }winbind systemd - shadow: files - group: files {if "with-altfiles":altfiles }winbind systemd --hosts: files {if "with-mdns4" and "with-mdns6":mdns_minimal }{if "with-mdns4" and not "with-mdns6":mdns4_minimal }{if not "with-mdns4" and "with-mdns6":mdns6_minimal }resolve [!UNAVAIL=return] myhostname dns -+hosts: files myhostname {if "with-mdns4" and "with-mdns6":mdns_minimal [NOTFOUND=return] }{if "with-mdns4" and not "with-mdns6":mdns4_minimal [NOTFOUND=return] }{if not "with-mdns4" and "with-mdns6":mdns6_minimal [NOTFOUND=return] }resolve [!UNAVAIL=return] dns - services: files - netgroup: files - automount: files --- -2.31.1 - diff --git a/authselect.rpmlintrc b/authselect.rpmlintrc new file mode 100644 index 0000000..389e22f --- /dev/null +++ b/authselect.rpmlintrc @@ -0,0 +1,9 @@ +# Whitelist known warnings that can not be fixed +addFilter("authselect.*: W: spelling-error %description -l en_US authconfig -> configuration"); +addFilter("authselect.*: W: non-conffile-in-etc /etc/bash_completion.d/authselect-completion.sh") +addFilter("authselect-compat.*: W: self-obsoletion authconfig < 7.0.1-6 obsoletes authconfig") +addFilter("authselect-compat.*: W: no-documentation") +addFilter("authselect-compat.*: W: no-manual-page-for-binary authconfig") +addFilter("authselect-devel.*: W: no-documentation") +addFilter("authselect-libs.*: W: dangerous-command-in-%pre rm") +addFilter("authselect-libs.*: W: dangerous-command-in-%posttrans cp") diff --git a/authselect.spec b/authselect.spec index 7704f6d..d93eba9 100644 --- a/authselect.spec +++ b/authselect.spec @@ -2,27 +2,14 @@ %define _empty_manifest_terminate_build 0 Name: authselect -Version: 1.3.0 -Release: 10%{?dist} +Version: 1.4.0 +Release: 1%{?dist} Summary: Configures authentication and identity sources from supported profiles URL: https://github.com/authselect/authselect License: GPLv3+ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch0001: 0001-main-Drop-an-unnecessary-NULL-check-before-free.patch -Patch0002: 0002-lib-drop-strict-change-detection.patch -Patch0003: 0003-lib-let-authselect_uninstall-delete-files-from-etc-a.patch -Patch0004: 0004-cli-add-opt-out-command.patch -Patch0005: 0005-lib-make-preambule-more-descriptive.patch -Patch0006: 0006-spec-own-user-nsswitch-created-only-if-with_user_nss.patch -Patch0007: 0007-cli-check-command-return-6-if-no-configuration-is-de.patch -Patch0008: 0008-spec-do-not-backup-non-existing-configuration-on-fre.patch -Patch0009: 0009-lib-bump-soname-version-to-4-3-1.patch -Patch0010: 0010-spec-fix-detection-of-ostree-system.patch -Patch0011: 0011-spec-remove-unnecessary-dependencies.patch -Patch0012: 0012-profile-fix-mdns-support.patch - %global makedir %{_builddir}/%{name}-%{version} %if 0%{?fedora} >= 35 || 0%{?rhel} >= 10 @@ -354,6 +341,9 @@ fi exit 0 %changelog +* Thu May 5 2022 Pavel Březina - 1.4.0-1 +- Rebase to 1.3.0 + * Thu Feb 10 2022 Pavel Březina - 1.3.0-10 - Fix mdns support (#2052269) diff --git a/sources b/sources index b533281..a4f88f3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (authselect-1.3.0.tar.gz) = bebccbd0a3a189812c1e2dc85ab4e4514f56f99728b4c4214862b850ddf259918d7e0ee00acd538045d2a71149b761176ecd2d4744a6ff3f19bccda57445351d +SHA512 (authselect-1.4.0.tar.gz) = 878603fddcff5f9df07e86f01c1486f331535b455ca4f11bec90e86c8c923137b4cf67a2856bd9f2a5b3f11f1a22f7691a6b1cc702c53291f83ccdadcb70d957