.gitignore

@@ -1 +1,18 @@
-SOURCES/authselect-1.2.6.tar.gz
+/0.1-alpha.tar.gz
+/0.1.tar.gz
+/authselect-0.2.tar.gz
+/authselect-0.3.tar.gz
+/authselect-0.3.1.tar.gz
+/authselect-0.3.2.tar.gz
+/authselect-0.4.tar.gz
+/authselect-1.0.tar.gz
+/authselect-1.0.1.tar.gz
+/authselect-1.0.2.tar.gz
+/authselect-1.0.3.tar.gz
+/authselect-1.1.tar.gz
+/authselect-1.2.tar.gz
+/authselect-1.2.1.tar.gz
+/authselect-1.2.2.tar.gz
+/authselect-1.2.3.tar.gz
+/authselect-1.2.5.tar.gz
+/authselect-1.2.6.tar.gz

0001-po-update-translations.patch

@@ -1,7 +1,7 @@
-From 726f29193abade533dd812aa562de6c80d7920b7 Mon Sep 17 00:00:00 2001
+From 6f1aca05a24356da6787903e67b15588cf3a9ba8 Mon Sep 17 00:00:00 2001
 From: Weblate <noreply@weblate.org>
 Date: Sat, 3 Dec 2022 11:19:57 +0100
-Subject: [PATCH 1/7] po: update translations
+Subject: [PATCH 1/8] po: update translations
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -48,7 +48,7 @@ Translation: authselect/1.2.x
 Translation: authselect/1.2.x-authselect.8.adoc
 Patch-name: 0001-po-update-translations.patch
 Patch-id: 1
-From-dist-git-commit: 4793c5170d11c5d4ce4c6c7b0e8902429e1011fc
+From-dist-git-commit: 8461b94b1539db7f26c288e0d5d20dd71e6609bf
 ---
  po/ca.po                              | 228 ++++++++---------
  po/cs.po                              | 228 ++++++++---------

0002-profiles-do-not-try-to-change-password-via-sssd-for-.patch

@@ -1,7 +1,7 @@
-From c7fbbc569d150b09878ccf6e8e0e031d0f41224d Mon Sep 17 00:00:00 2001
+From 9b52842d6b4b6ae0ad1f36d3d731d7afc94338e1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Thu, 29 Jun 2023 14:07:25 +0200
-Subject: [PATCH 2/7] profiles: do not try to change password via sssd for
+Subject: [PATCH 2/8] profiles: do not try to change password via sssd for
  local users
 
 Steps to reproduce:

0003-po-update-translations.patch

@@ -1,7 +1,7 @@
-From 598f82ea8fc40b07bb357d9f341e0701b54f631b Mon Sep 17 00:00:00 2001
+From 236be42c318d7267524cc6d29f9cf62687d4bf23 Mon Sep 17 00:00:00 2001
 From: Weblate <noreply@weblate.org>
 Date: Tue, 1 Aug 2023 14:23:28 +0200
-Subject: [PATCH 3/7] po: update translations
+Subject: [PATCH 3/8] po: update translations
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch

@@ -1,7 +1,7 @@
-From 2f1fea5ec3132f2ced05887ba24d03e134934930 Mon Sep 17 00:00:00 2001
+From c3c2c3b7ffe04dc2e810c9fffdd82689543a94df Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Tue, 30 Oct 2018 14:08:12 +0100
-Subject: [PATCH 1/3] rhel8: remove mention of Fedora Change page in compat
+Subject: [PATCH 1/4] rhel9: remove mention of Fedora Change page in compat
  tool
 
 ---

0902-rhel9-remove-ecryptfs-support.patch

@@ -1,7 +1,7 @@
-From bfa639947df40c7d601a459af5f0995c89a67200 Mon Sep 17 00:00:00 2001
+From 9da7355f1e2c8a148d4730fec4c4707c56e6dfa1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Mon, 10 Jun 2019 10:53:15 +0200
-Subject: [PATCH 2/3] rhel8: remove ecryptfs support
+Subject: [PATCH 2/4] rhel9: remove ecryptfs support
 
 ---
  profiles/nis/README                 | 3 ---

0903-rhel9-Revert-profiles-add-support-for-resolved.patch

@@ -1,7 +1,7 @@
-From 9009c94f3abf85954ffc04c354c6eaff715b4512 Mon Sep 17 00:00:00 2001
+From 6381b49e90b3850fade68c8af03b17d0cc016d3c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Wed, 25 Nov 2020 14:05:00 +0100
-Subject: [PATCH 3/3] rhel8: Revert "profiles: add support for resolved"
+Subject: [PATCH 3/4] rhel9: Revert "profiles: add support for resolved"
 
 systemd-resolved should not be enabled by default on rhel8.
 

0904-rhel9-remove-nis-support.patch

@@ -0,0 +1,297 @@
+From fde1c60f1e87383596ee7060f4d748675b2efae9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Wed, 9 Jun 2021 13:59:01 +0200
+Subject: [PATCH 4/4] rhel9: remove nis support
+
+NIS is no longer supported in RHEL9.
+---
+ profiles/Makefile.am                | 14 -----
+ profiles/nis/dconf-db               |  3 -
+ profiles/nis/dconf-locks            |  2 -
+ profiles/nis/nsswitch.conf          | 14 -----
+ profiles/nis/postlogin              |  4 --
+ rpm/authselect.spec.in              | 11 ----
+ src/compat/authcompat.py.in.in      | 95 -----------------------------
+ src/compat/authcompat_Options.py    |  8 ++-
+ src/man/authselect-migration.7.adoc |  2 +-
+ 9 files changed, 6 insertions(+), 147 deletions(-)
+ delete mode 100644 profiles/nis/dconf-db
+ delete mode 100644 profiles/nis/dconf-locks
+ delete mode 100644 profiles/nis/nsswitch.conf
+ delete mode 100644 profiles/nis/postlogin
+
+diff --git a/profiles/Makefile.am b/profiles/Makefile.am
+index 7191b2604ca2c9ebaba3a4f1beb950e7d0e03970..4ab613f42a581df02c427636a0070092b58ec418 100644
+--- a/profiles/Makefile.am
++++ b/profiles/Makefile.am
+@@ -15,20 +15,6 @@ dist_profile_minimal_DATA = \
+     $(top_srcdir)/profiles/minimal/dconf-locks \
+     $(NULL)
+ 
+-profile_nisdir = $(authselect_profile_dir)/nis
+-dist_profile_nis_DATA = \
+-    $(top_srcdir)/profiles/nis/nsswitch.conf \
+-    $(top_srcdir)/profiles/nis/password-auth \
+-    $(top_srcdir)/profiles/nis/postlogin \
+-    $(top_srcdir)/profiles/nis/README \
+-    $(top_srcdir)/profiles/nis/REQUIREMENTS \
+-    $(top_srcdir)/profiles/nis/smartcard-auth \
+-    $(top_srcdir)/profiles/nis/system-auth \
+-    $(top_srcdir)/profiles/nis/fingerprint-auth \
+-    $(top_srcdir)/profiles/nis/dconf-db \
+-    $(top_srcdir)/profiles/nis/dconf-locks \
+-    $(NULL)
+-
+ profile_sssddir = $(authselect_profile_dir)/sssd
+ dist_profile_sssd_DATA = \
+     $(top_srcdir)/profiles/sssd/nsswitch.conf \
+diff --git a/profiles/nis/dconf-db b/profiles/nis/dconf-db
+deleted file mode 100644
+index bd32b2819f66acdc75ab0fc522ec85673d10ed72..0000000000000000000000000000000000000000
+--- a/profiles/nis/dconf-db
++++ /dev/null
+@@ -1,3 +0,0 @@
+-[org/gnome/login-screen]
+-enable-smartcard-authentication=false
+-enable-fingerprint-authentication={if "with-fingerprint":true|false}
+diff --git a/profiles/nis/dconf-locks b/profiles/nis/dconf-locks
+deleted file mode 100644
+index 8a36fa9568344338272786394aece872185d0ab3..0000000000000000000000000000000000000000
+--- a/profiles/nis/dconf-locks
++++ /dev/null
+@@ -1,2 +0,0 @@
+-/org/gnome/login-screen/enable-smartcard-authentication
+-/org/gnome/login-screen/enable-fingerprint-authentication
+diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
+deleted file mode 100644
+index 9bee7d839f84ff39d54cb6ead9dea38e51736b4d..0000000000000000000000000000000000000000
+--- a/profiles/nis/nsswitch.conf
++++ /dev/null
+@@ -1,14 +0,0 @@
+-aliases:    files nis                   {exclude if "with-custom-aliases"}
+-automount:  files nis                   {exclude if "with-custom-automount"}
+-ethers:     files nis                   {exclude if "with-custom-ethers"}
+-group:      files nis systemd           {exclude if "with-custom-group"}
+-hosts:      files nis dns myhostname    {exclude if "with-custom-hosts"}
+-initgroups: files nis                   {exclude if "with-custom-initgroups"}
+-netgroup:   files nis                   {exclude if "with-custom-netgroup"}
+-networks:   files nis                   {exclude if "with-custom-networks"}
+-passwd:     files nis systemd           {exclude if "with-custom-passwd"}
+-protocols:  files nis                   {exclude if "with-custom-protocols"}
+-publickey:  files nis                   {exclude if "with-custom-publickey"}
+-rpc:        files nis                   {exclude if "with-custom-rpc"}
+-services:   files nis                   {exclude if "with-custom-services"}
+-shadow:     files nis                   {exclude if "with-custom-shadow"}
+diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin
+deleted file mode 100644
+index 04a11f049bc1e220c9064fba7b46eb243ddd4996..0000000000000000000000000000000000000000
+--- a/profiles/nis/postlogin
++++ /dev/null
+@@ -1,4 +0,0 @@
+-session     optional                   pam_umask.so silent
+-session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+-session     [default=1]                pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
+-session     optional                   pam_lastlog.so silent noupdate showfailed
+diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
+index f8539d5a028da1a7184b47609a8efdb5ce0be14e..95da183a41a29f7913a0a255a94070908ed9a66c 100644
+--- a/rpm/authselect.spec.in
++++ b/rpm/authselect.spec.in
+@@ -165,7 +165,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
+ %dir %{_datadir}/authselect/vendor
+ %dir %{_datadir}/authselect/default
+ %dir %{_datadir}/authselect/default/minimal/
+-%dir %{_datadir}/authselect/default/nis/
+ %dir %{_datadir}/authselect/default/sssd/
+ %dir %{_datadir}/authselect/default/winbind/
+ %{_datadir}/authselect/default/minimal/dconf-db
+@@ -178,16 +177,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
+ %{_datadir}/authselect/default/minimal/REQUIREMENTS
+ %{_datadir}/authselect/default/minimal/smartcard-auth
+ %{_datadir}/authselect/default/minimal/system-auth
+-%{_datadir}/authselect/default/nis/dconf-db
+-%{_datadir}/authselect/default/nis/dconf-locks
+-%{_datadir}/authselect/default/nis/fingerprint-auth
+-%{_datadir}/authselect/default/nis/nsswitch.conf
+-%{_datadir}/authselect/default/nis/password-auth
+-%{_datadir}/authselect/default/nis/postlogin
+-%{_datadir}/authselect/default/nis/README
+-%{_datadir}/authselect/default/nis/REQUIREMENTS
+-%{_datadir}/authselect/default/nis/smartcard-auth
+-%{_datadir}/authselect/default/nis/system-auth
+ %{_datadir}/authselect/default/sssd/dconf-db
+ %{_datadir}/authselect/default/sssd/dconf-locks
+ %{_datadir}/authselect/default/sssd/fingerprint-auth
+diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
+index 55e205bae2c0b1f7892f8b286c288dfeaa26a60d..c6d1f2786c233f7ebdbfe5f2503aa0016012aee0 100755
+--- a/src/compat/authcompat.py.in.in
++++ b/src/compat/authcompat.py.in.in
+@@ -243,20 +243,6 @@ class Configuration:
+ 
+             config.write(keys)
+ 
+-    class Network(Base):
+-        def __init__(self, options):
+-            super(Configuration.Network, self).__init__(options)
+-
+-        def write(self):
+-            nisdomain = self.get("nisdomain")
+-            config = EnvironmentFile(Path.System('network'))
+-
+-            if nisdomain is None:
+-                return
+-
+-            config.set("NISDOMAIN", nisdomain)
+-            config.write()
+-
+     class SSSD(Base):
+         def __init__(self, options):
+             super(Configuration.SSSD, self).__init__(options, ServiceName="sssd")
+@@ -378,83 +364,6 @@ class Configuration:
+             # other applications may depend on it.
+             return
+ 
+-    class NIS(Base):
+-        def __init__(self, options):
+-            super(Configuration.NIS, self).__init__(options)
+-            self.rpcbind = Service("rpcbind")
+-            self.ypbind = Service("ypbind")
+-
+-        def isEnabled(self):
+-            if not self.isset("nis"):
+-                return None
+-
+-            return self.getBool("nis")
+-
+-        def enableService(self, nostart):
+-            if not self.isset("nisdomain"):
+-                return
+-
+-            nisdom = self.get("nisdomain")
+-
+-            if not nostart:
+-                cmd = Command(Path.System('cmd-domainname'), [nisdom])
+-                cmd.run()
+-
+-            cmd = Command(Path.System('cmd-setsebool'),
+-                          ['-P', 'allow_ypbind', '1'])
+-            cmd.run()
+-
+-            self.rpcbind.enable()
+-            self.ypbind.enable()
+-
+-            if not nostart:
+-                self.rpcbind.start(Restart=False)
+-                self.ypbind.start()
+-
+-        def disableService(self, nostop):
+-            if not nostop:
+-                cmd = Command(Path.System('cmd-domainname'), ["(none)"])
+-                cmd.run()
+-
+-            cmd = Command(Path.System('cmd-setsebool'),
+-                          ['-P', 'allow_ypbind', '0'])
+-            cmd.run()
+-
+-            self.rpcbind.disable()
+-            self.ypbind.disable()
+-
+-            if not nostop:
+-                self.rpcbind.stop()
+-                self.ypbind.stop()
+-
+-        def write(self):
+-            if not self.isset("nisdomain"):
+-                return
+-
+-            output = "domain " + self.get("nisdomain")
+-
+-            additional_servers = []
+-            if self.isset("nisserver"):
+-                servers = self.get("nisserver").split(",")
+-                additional_servers = servers[1:]
+-                output += " server " + servers[0] + "\n"
+-            else:
+-                output += " broadcast\n"
+-
+-            for server in additional_servers:
+-                output += "ypserver " + server + "\n"
+-
+-            filename = Path.System('yp.conf')
+-            if self.getBool("test-call"):
+-                print("========== BEGIN Content of [%s] ==========" % filename)
+-                print(output)
+-                print("========== END   Content of [%s] ==========\n" % filename)
+-                return
+-
+-            with open(filename, "w") as f:
+-                f.write(output)
+-
+-
+ class AuthCompat:
+     def __init__(self):
+         self.sysconfig = EnvironmentFile(Path.System('authconfig'))
+@@ -538,8 +447,6 @@ class AuthCompat:
+                 or self.options.getBool("sssd")
+                 or self.options.getBool("sssdauth")):
+             profile = "sssd"
+-        elif self.options.getBool("nis"):
+-            profile = "nis"
+         elif self.options.getBool("winbind"):
+             profile = "winbind"
+ 
+@@ -596,13 +503,11 @@ class AuthCompat:
+     def writeConfiguration(self):
+         configs = [
+             Configuration.LDAP(self.options),
+-            Configuration.Network(self.options),
+             Configuration.Kerberos(self.options),
+             Configuration.SSSD(self.options),
+             Configuration.Winbind(self.options),
+             Configuration.PWQuality(self.options),
+             Configuration.MakeHomedir(self.options),
+-            Configuration.NIS(self.options)
+         ]
+ 
+         for config in configs:
+diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
+index 5c8b21b55014198d6d9dfc98bd807c3c922b06f4..79ead60fa9edc1244227e3b69df025471b7c7991 100644
+--- a/src/compat/authcompat_Options.py
++++ b/src/compat/authcompat_Options.py
+@@ -79,9 +79,6 @@ class Options:
+         # However, they will just make sure that an authentication against
+         # expected service is working. They may not result in the exact same
+         # configuration as authconfig would generate.
+-        Option.Feature("nis", _("NIS for user information by default")),
+-        Option.Valued("nisdomain", _("<domain>"), _("default NIS domain")),
+-        Option.Valued("nisserver", _("<server>"), _("default NIS server")),
+         Option.Feature("ldap", _("LDAP for user information by default")),
+         Option.Feature("ldapauth", _("LDAP for authentication by default")),
+         Option.Valued("ldapserver", _("<server>"), _("default LDAP server hostname or URI")),
+@@ -164,6 +161,11 @@ class Options:
+         Option.UnsupportedFeature("locauthorize"),
+         Option.UnsupportedFeature("sysnetauth"),
+         Option.UnsupportedValued("faillockargs", _("<options>")),
++
++        # NIS is no longer supported
++        Option.UnsupportedFeature("nis"),
++        Option.UnsupportedValued("nisdomain", _("<domain>")),
++        Option.UnsupportedValued("nisserver", _("<server>")),
+     ]
+ 
+     Map = {
+diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
+index 888cd4e5a0750d4e1aa5898887f5f7fd42472741..d9777b9b473859d7ec532f39f7e14bd81c4f1b90 100644
+--- a/src/man/authselect-migration.7.adoc
++++ b/src/man/authselect-migration.7.adoc
+@@ -72,7 +72,7 @@ configuration file for required services.
+ |--enablesssd --enablesssdauth       |sssd
+ |--enablekrb5                        |sssd
+ |--enablewinbind --enablewinbindauth |winbind
+-|--enablenis                         |nis
++|--enablenis                         |none
+ |=========================================================
+ 
+ .Relation of authconfig options to authselect profile features
+-- 
+2.34.1
+

0905-rhel9-Revert-yescrypt.patch

@@ -1,11 +1,12 @@
-From c40bbcc77373120915033ab24d5ab149920666a4 Mon Sep 17 00:00:00 2001
+From f222ccb9f4d0ec1021d3117e9b91b3317722a3fe Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
 Date: Mon, 5 Dec 2022 19:03:00 +0100
-Subject: [PATCH 7/7] rhel8: Revert yescrypt
+Subject: [PATCH 8/8] rhel9: Revert yescrypt
 
-Patch-name: 0904-rhel8-Revert-yescrypt.patch
+(cherry picked from commit a5d390b6c2a98854c6b5a53f49e3e76e86d7eb28)
-Patch-id: 904
+Patch-name: 0905-rhel9-Revert-yescrypt.patch
-From-dist-git-commit: 4793c5170d11c5d4ce4c6c7b0e8902429e1011fc
+Patch-id: 905
+From-dist-git-commit: 8461b94b1539db7f26c288e0d5d20dd71e6609bf
 ---
  po/af.po                                        | 2 +-
  po/authselect.pot                               | 2 +-
@@ -549,10 +550,10 @@ index 33aa13e..afe27d7 100644
  password    required                                     pam_deny.so
  
 diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
-index 5c8b21b..5c97fee 100644
+index 79ead60..5b80b80 100644
 --- a/src/compat/authcompat_Options.py
 +++ b/src/compat/authcompat_Options.py
-@@ -145,7 +145,7 @@ class Options:
+@@ -142,7 +142,7 @@ class Options:
          Option.UnsupportedSwitch("useshadow"),
          Option.UnsupportedFeature("md5"),
          Option.UnsupportedSwitch("usemd5"),
@@ -562,7 +563,7 @@ index 5c8b21b..5c97fee 100644
          Option.UnsupportedValued("smartcardmodule", _("<module>")),
          Option.UnsupportedValued("smbsecurity", _("<user|server|domain|ads>")),
 diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
-index 888cd4e..ee493ee 100644
+index d9777b9..9e3021a 100644
 --- a/src/man/authselect-migration.7.adoc
 +++ b/src/man/authselect-migration.7.adoc
 @@ -90,7 +90,7 @@ configuration file for required services.

authselect.rpmlintrc

@@ -0,0 +1,9 @@
+# Whitelist known warnings that can not be fixed
+addFilter("authselect.*: W: spelling-error %description -l en_US authconfig -> configuration");
+addFilter("authselect.*: W: non-conffile-in-etc /etc/bash_completion.d/authselect-completion.sh")
+addFilter("authselect-compat.*: W: self-obsoletion authconfig < 7.0.1-6 obsoletes authconfig")
+addFilter("authselect-compat.*: W: no-documentation")
+addFilter("authselect-compat.*: W: no-manual-page-for-binary authconfig")
+addFilter("authselect-devel.*: W: no-documentation")
+addFilter("authselect-libs.*: W: dangerous-command-in-%pre rm")
+addFilter("authselect-libs.*: W: dangerous-command-in-%posttrans cp")

authselect.spec

@@ -10,18 +10,19 @@ URL:            https://github.com/authselect/authselect
 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
+Patch0001:  0001-po-update-translations.patch
+Patch0002:  0002-profiles-do-not-try-to-change-password-via-sssd-for-.patch
+Patch0003:  0003-po-update-translations.patch
+
+### Downstream Patches ###
+Patch0901:  0901-rhel9-remove-mention-of-Fedora-Change-page-in-compat.patch
+Patch0902:  0902-rhel9-remove-ecryptfs-support.patch
+Patch0903:  0903-rhel9-Revert-profiles-add-support-for-resolved.patch
+Patch0904:  0904-rhel9-remove-nis-support.patch
+Patch0905:  0905-rhel9-Revert-yescrypt.patch
+
 %global makedir %{_builddir}/%{name}-%{version}
 
-Patch0001: 0001-po-update-translations.patch
-Patch0002: 0002-profiles-do-not-try-to-change-password-via-sssd-for-.patch
-Patch0003: 0003-po-update-translations.patch
-
-# Downstream only
-Patch0901: 0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch
-Patch0902: 0902-rhel8-remove-ecryptfs-support.patch
-Patch0903: 0903-rhel8-Revert-profiles-add-support-for-resolved.patch
-Patch0904: 0904-rhel8-Revert-yescrypt.patch
-
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  findutils
@@ -35,7 +36,7 @@ BuildRequires:  po4a
 BuildRequires:  %{_bindir}/a2x
 BuildRequires:  libcmocka-devel >= 1.0.0
 BuildRequires:  libselinux-devel
-BuildRequires: python3-devel
+BuildRequires:  python3-devel
 Requires: authselect-libs%{?_isa} = %{version}-%{release}
 Suggests: sssd
 Suggests: samba-winbind
@@ -60,7 +61,7 @@ Requires: gawk
 Requires: grep
 Requires: sed
 Requires: systemd
-Requires: pam >= 1.3.1-9
+Requires: pam >= 1.3.1-23
 
 %description libs
 Common library files for authselect. This package is used by the authselect
@@ -150,7 +151,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %dir %{_datadir}/authselect/vendor
 %dir %{_datadir}/authselect/default
 %dir %{_datadir}/authselect/default/minimal/
-%dir %{_datadir}/authselect/default/nis/
 %dir %{_datadir}/authselect/default/sssd/
 %dir %{_datadir}/authselect/default/winbind/
 %{_datadir}/authselect/default/minimal/dconf-db
@@ -163,16 +163,6 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
 %{_datadir}/authselect/default/minimal/REQUIREMENTS
 %{_datadir}/authselect/default/minimal/smartcard-auth
 %{_datadir}/authselect/default/minimal/system-auth
-%{_datadir}/authselect/default/nis/dconf-db
-%{_datadir}/authselect/default/nis/dconf-locks
-%{_datadir}/authselect/default/nis/fingerprint-auth
-%{_datadir}/authselect/default/nis/nsswitch.conf
-%{_datadir}/authselect/default/nis/password-auth
-%{_datadir}/authselect/default/nis/postlogin
-%{_datadir}/authselect/default/nis/README
-%{_datadir}/authselect/default/nis/REQUIREMENTS
-%{_datadir}/authselect/default/nis/smartcard-auth
-%{_datadir}/authselect/default/nis/system-auth
 %{_datadir}/authselect/default/sssd/dconf-db
 %{_datadir}/authselect/default/sssd/dconf-locks
 %{_datadir}/authselect/default/sssd/fingerprint-auth
@@ -303,106 +293,140 @@ exit 0
 
 %changelog
 * Thu Aug 3 2023 Pavel Březina <pbrezina@redhat.com> - 1.2.6-2
-- Fix Japanese translations (RHBZ #2216755)
+- Fix Japanese translations (RHBZ #2153364)
-- Update translations (RHBZ #2189557)
+- Update translations (RHBZ #2189498)
-- Do not prompt for password twice when changing password of local user (RHBZ #2179607)
+- Do not prompt for password twice when changing password of local user (RHBZ #2228098)
 
 * Thu Dec 1 2022 Pavel Březina <pbrezina@redhat.com> - 1.2.6-1
 - Rebase to 1.2.6 (RHBZ #2142805)
-- Update translations (RHBZ #2139696)
+- update translations (RHBZ #2139642)
-- Change password hashing algorithm from yescrypt back to sha512 (RHBZ #2151140)
+- Change password hashing algorithm from yescrypt back to sha512 (RHBZ #2151145)
 
 * Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.2.5-1
-- Rebase to 1.2.5 (RHBZ #2080238)
+- Rebase to 1.2.5 (RHBZ #2080239)
-- sssd profile with-smartcard no longer prevents local users from accessing cron (RHBZ #2070325)
+- backup-restore now works correctly (RHBZ #2070541)
-- backup-restore now works correctly (RHBZ #2066535)
+- add with-subid to sssd profile (RHBZ #2075192)
-- add with-subid to sssd profile (RHBZ #2063750)
+- add with-gssapi to sssd profile (RHBZ #2077893)
 
-* Wed Jul 14 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3
+* Thu Aug 26 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-7
-- Update translations (RHBZ #1961625)
+- Avoid freeing uninitialized variable in authselect_apply_changes (rhbz#1970871)
 
-* Wed Jul 14 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-2
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.3-6
-- try_first_pass option no longer works on some PAM modules in RHEL8 (RHBZ #1949070)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-- Need to localize the description of --debug option in authselect show (RHBZ #1970408)
+  Related: rhbz#1991688
+
+* Wed Jun 9 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-5
+- Remove nis support (rhbz#1968396)
+
+* Wed Jun 9 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-4
+- Remove nis support (rhbz#1968396)
+
+* Tue Jun 1 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-3
+- Remove systemd-resolved support (rhbz#1966484)
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.3-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Mar 31 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.3-1
+- Rebase to 1.2.3
+
+* Mon Mar 29 2021 Benjamin Berg <bberg@redhat.com> - 1.2.2-7
+- Fix fingerprint-auth success result
+  The previous patch had an issue breaking fingerprint login
+
+* Tue Mar 09 2021 Benjamin Berg <bberg@redhat.com> - 1.2.2-6
+- Add patch to make fingerprint-auth return non-failing pam_fprintd.so errors
+  Resolves: #1935331
+
+* Thu Mar 4 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-5
+- minimal: add dconf settings to explicitly disable fingerprint and smartcard authentication
+
+* Wed Feb 24 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-4
+- Prepare authselect for RHEL-9, add downstream-only patches that will be synced
+
+* Fri Feb 19 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3
+- Add RHEL9 only patch
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
 * Wed Nov 25 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.2-1
-- Rebase to authselect-1.2.2 (RHBZ #1892761)
+- Rebase to 1.2.2
+- Add nss-altfiles to profiles on Fedora Silverblue
 
-* Fri Jun 19 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-2
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
-- Update translations (RHBZ #1820533)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Tue May 12 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-1
+* Wed Jul 22 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-3
-- Rebase to authselect-1.2.1 (RHBZ #1810471)
+- Add resolved by default to nis and minimal profiles
-- CLI commands are now correctly translated (RHBZ #1816009)
+- Fix parsing of multiple conditionals on the same line
-- Remove unsupported features from sssd profile description (RHBZ #1830251)
-- add `with-files-access-provider` to sssd profile (RHBZ #1734094)
-- switch to pam_usertype module (RHBZ #1773567)
-- fix typo in sssd profile description (RHBZ #1787638)
-- add minimal profile (RHBZ #1654018)
 
-* Thu Jul 4 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-2
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.2.1-2
-- Update translations (RHBZ #1689973)
+- Rebuilt for Python 3.9
 
-* Mon Jun 10 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-1
+* Mon May 11 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-1
-- Rebase to authselect-1.1 (RHBZ #1685516)
+- Rebase to 1.2.1
-- Notify that oddjob-mkhomedir needs to be enabled manually (RHBZ #1694103)
-- Ask for smartcard insertion when smartcard authentication is required (RHBZ #1674397)
-- Update translations (RHBZ #1689973)
 
-* Mon Feb 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.0-13
+* Wed Mar 4 2020 Pavel Březina <pbrezina@redhat.com> - 1.2-1
-- Revert pam_systemd.so to be optional
+- Rebase to 1.2
-- Resolves: #rhbz1643928 - pam_systemd shouldn't be optional in system-auth
 
-* Mon Feb 4 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-12
+* Mon Feb 17 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-7
-- make authselect work with selinux disabled (RHBZ #1668025)
+- fix restoring non-authselect configuration from backup
-- require smartcard authentication only for specific services (RHBZ #1665058)
-- update translations (RHBZ #1608286)
 
-* Fri Jan 11 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-11
+* Wed Jan 29 2020 Pavel Březina <pbrezina@redhat.com> - 1.1-6
-- require libselinux needed by (RHBZ #1664650)
+- cli: fix auto backup when --force is set
 
-* Fri Jan 11 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-10
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-5
-- invalid selinux context for files under /etc/authselect (RHBZ #1664650)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
-* Tue Dec 4 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-9
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-4
-- fix sources for official rhel translations (RHBZ #1608286)
+- Rebuilt for Python 3.8.0rc1 (#1748018)
-- fix coverity warnings for authselect enable-features should error on unknown features (RHBZ #1651637)
 
-* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-8
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.1-3
-- add official rhel translations (RHBZ #1608286)
+- Rebuilt for Python 3.8
 
-* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-7
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-2
-- pam_systemd shouldn't be optional in system-auth (RHBZ #1643928)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-- compat tool: support --enablerequiresmartcard (RHBZ #1649277)
-- compat tool: support --smartcardaction=0 (RHBZ #1649279)
-- remove ecryptfs from authselect since it is not present in rhel8 (RHBZ #1649282)
-- authselect enable-features should error on unknown features (RHBZ #1651637)
 
-* Wed Oct 31 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-6
+* Thu Jun 13 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-1
-- Remove mention of Fedora Change page from compat tool (RHBZ #1644309)
+- Rebase to 1.1
 
-* Wed Oct 10 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-5
+* Tue Feb 26 2019 Pavel Březina <pbrezina@redhat.com> - 1.0.3-1
-- Support for "require smartcard for login option" (RHBZ #1611012)
+- Rebase to 1.0.3
 
-* Mon Oct 1 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-4
+* Tue Feb 26 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0.2-4
-- add official rhel translations (RHBZ #1608286)
+- Use %ghost for files owned by authselect
 
-* Fri Sep 28 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-3
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-3
-- scriptlet can fail if coreutils is not installed  (RHBZ #1630896)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-- fix typo (require systemd instead of systemctl)
 
-* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-2
+* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-2
-- authconfig --update overwrites current profile (RHBZ #1628492)
+- Resolves rhbz#1655025 (invalid backup).
-- authselect profile nis enhancements (RHBZ #1628493)
+
-- scriptlet can fail if coreutils is not installed  (RHBZ #1630896)
+* Fri Nov 23 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.2-1
-- authconfig --update --enablenis stops ypserv (RHBZ #1632567)
+- Rebase to 1.0.2
-- compat tool generates invalid pwquality configuration (RHBZ #1628491)
+
+* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-2
+- Require systemd instead of systemctl
+
+* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0.1-1
+- Rebase to 1.0.1
+
+* Fri Sep 14 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-3
+- Scriptlets should no produce any error messages (RHBZ #1622272)
+- Provide fix for pwquality configuration (RHBZ #1618865)
+
+* Thu Aug 30 2018 Adam Williamson <awilliam@redhat.com> - 1.0-2
+- Backport PR #78 to fix broken pwquality config (RHBZ #1618865)
 
 * Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
-- Rebase to 1.0 (RHBZ #1614235)
+- Rebase to 1.0
 
-* Wed Aug 01 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.4-4
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-5
-- Rebuild for platform-python
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.4-4
+- Rebuilt for Python 3.7
 
 * Mon May 14 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-3
 - Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403)

gating.yaml

@@ -0,0 +1,7 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}

sources

@@ -0,0 +1 @@
+SHA512 (authselect-1.2.6.tar.gz) = c89ea02f3f6c8018d42b99599744049e12caf87e9ed30173f52d4c8d97777cc33450b87fbb3b7d73129d096bff83525dd332e4919a1fbafa73e9af66d5c2dd61

tests/tests.yml

@@ -0,0 +1,11 @@
+---  
+- hosts: localhost
+  tags:
+    - classic
+  roles:
+  - role: standard-test-basic
+    become: True
+    tests:
+    - simple:
+        dir: .
+        run: authselect list