8917ef788c
It can be now enabled with 'authselect select sssd with-sudo',
see [1] for details.
[1] 4b1981a672
216 lines
6.6 KiB
RPMSpec
216 lines
6.6 KiB
RPMSpec
Name: authselect
|
|
Version: 0.4
|
|
Release: 3%{?dist}
|
|
Summary: Configures authentication and identity sources from supported profiles
|
|
URL: https://github.com/pbrezina/authselect
|
|
|
|
License: GPLv3+
|
|
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
|
|
|
|
Patch1: 0001-Don-t-disable-oddjobd.service.patch
|
|
Patch2: 0002-sssd-disable-sudo-by-default.patch
|
|
|
|
BuildRequires: autoconf
|
|
BuildRequires: automake
|
|
BuildRequires: libtool
|
|
BuildRequires: m4
|
|
BuildRequires: gcc
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: pkgconfig(popt)
|
|
BuildRequires: gettext-devel
|
|
BuildRequires: %{_bindir}/a2x
|
|
BuildRequires: libcmocka-devel >= 1.0.0
|
|
Requires: authselect-libs%{?_isa} = %{version}-%{release}
|
|
Suggests: sssd
|
|
Suggests: samba-winbind
|
|
Suggests: fprintd-pam
|
|
Suggests: oddjob-mkhomedir
|
|
|
|
%description
|
|
Authselect is designed to be a replacement for authconfig but it takes
|
|
a different approach to configure the system. Instead of letting
|
|
the administrator build the PAM stack with a tool (which may potentially
|
|
end up with a broken configuration), it would ship several tested stacks
|
|
(profiles) that solve a use-case and are well tested and supported.
|
|
At the same time, some obsolete features of authconfig are not
|
|
supported by authselect.
|
|
|
|
%package libs
|
|
Summary: Utility library used by the authselect tool
|
|
|
|
%description libs
|
|
Common library files for authselect. This package is used by the authselect
|
|
command line tool and any other potential front-ends.
|
|
|
|
%package compat
|
|
Summary: Tool to provide minimum backwards compatibility with authconfig
|
|
%if 0%{?fedora} && 0%{?fedora} <= 27
|
|
Conflicts: authconfig
|
|
%else
|
|
Obsoletes: authconfig < 7.0.1-6
|
|
%endif
|
|
Provides: authconfig
|
|
BuildRequires: python3-devel
|
|
Requires: authselect%{?_isa} = %{version}-%{release}
|
|
Suggests: sssd
|
|
Suggests: realmd
|
|
Suggests: samba-winbind
|
|
Suggests: oddjob-mkhomedir
|
|
|
|
%description compat
|
|
This package will replace %{_sbindir}/authconfig with a tool that will
|
|
translate some of the authconfig calls into authselect calls. It provides
|
|
only minimum backward compatibility and users are encouraged to migrate
|
|
to authselect completely.
|
|
|
|
%package devel
|
|
Summary: Development libraries and headers for authselect
|
|
Requires: authselect-libs%{?_isa} = %{version}-%{release}
|
|
|
|
%description devel
|
|
System header files and development libraries for authselect. Useful if
|
|
you develop a front-end for the authselect library.
|
|
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch1 -p1
|
|
%patch2 -p1
|
|
|
|
|
|
%build
|
|
autoreconf -if
|
|
%configure
|
|
%make_build
|
|
|
|
%check
|
|
%make_build check
|
|
|
|
%install
|
|
%make_install
|
|
|
|
# Remove .la and .a files created by libtool
|
|
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
|
|
find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
|
|
|
|
%ldconfig_scriptlets libs
|
|
|
|
%files libs
|
|
%dir %{_sysconfdir}/authselect
|
|
%dir %{_sysconfdir}/authselect/custom
|
|
%dir %{_datadir}/authselect
|
|
%dir %{_datadir}/authselect/vendor
|
|
%dir %{_datadir}/authselect/default
|
|
%dir %{_datadir}/authselect/default/sssd/
|
|
%dir %{_datadir}/authselect/default/winbind/
|
|
%{_datadir}/authselect/default/sssd/dconf-db
|
|
%{_datadir}/authselect/default/sssd/dconf-locks
|
|
%{_datadir}/authselect/default/sssd/fingerprint-auth
|
|
%{_datadir}/authselect/default/sssd/nsswitch.conf
|
|
%{_datadir}/authselect/default/sssd/password-auth
|
|
%{_datadir}/authselect/default/sssd/postlogin
|
|
%{_datadir}/authselect/default/sssd/README
|
|
%{_datadir}/authselect/default/sssd/smartcard-auth
|
|
%{_datadir}/authselect/default/sssd/system-auth
|
|
%{_datadir}/authselect/default/winbind/dconf-db
|
|
%{_datadir}/authselect/default/winbind/dconf-locks
|
|
%{_datadir}/authselect/default/winbind/fingerprint-auth
|
|
%{_datadir}/authselect/default/winbind/nsswitch.conf
|
|
%{_datadir}/authselect/default/winbind/password-auth
|
|
%{_datadir}/authselect/default/winbind/postlogin
|
|
%{_datadir}/authselect/default/winbind/README
|
|
%{_datadir}/authselect/default/winbind/system-auth
|
|
%{_libdir}/libauthselect.so.*
|
|
%{_mandir}/man5/authselect-profiles.5*
|
|
%{_datadir}/doc/authselect/COPYING
|
|
%{_datadir}/doc/authselect/README.md
|
|
%license COPYING
|
|
%doc README.md
|
|
|
|
%files compat
|
|
%{_sbindir}/authconfig
|
|
%{python3_sitelib}/authselect/
|
|
|
|
%files devel
|
|
%{_includedir}/authselect.h
|
|
%{_libdir}/libauthselect.so
|
|
%{_libdir}/pkgconfig/authselect.pc
|
|
|
|
%files
|
|
%{_bindir}/authselect
|
|
%{_mandir}/man8/authselect.8*
|
|
%{_mandir}/man7/authselect-migration.7*
|
|
|
|
%global updatefile %{_localstatedir}/lib/rpm-state/%{name}.update-profile
|
|
|
|
%pre libs
|
|
rm -f "%{updatefile}"
|
|
if [ $1 -gt 1 ] ; then
|
|
# Check that authselect cli is installed, otherwise there is nothing to do.
|
|
rpm -q %{name} &> /dev/null
|
|
if [ $? -ne 0 ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
# This is an upgrade. Check that the current configuration is valid
|
|
# and store the information for later use in posttrans. The check must
|
|
# be done here (before profiles are updated), otherwise it would return
|
|
# an error if the new profile is different from the old one but selected.
|
|
%{_bindir}/authselect check &> /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
touch "%{updatefile}"
|
|
fi
|
|
fi
|
|
|
|
exit 0
|
|
|
|
%posttrans libs
|
|
if [ -f "%{updatefile}" ]; then
|
|
# This is an upgrade. Update current profile if possible.
|
|
PROFILE=`%{_bindir}/authselect current --raw`
|
|
if [ $? -eq 0 ]; then
|
|
%{_bindir}/authselect select $PROFILE --force &> /dev/null
|
|
fi
|
|
rm -f "%{updatefile}"
|
|
fi
|
|
|
|
exit 0
|
|
|
|
%changelog
|
|
* Wed May 14 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-3
|
|
- Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403)
|
|
|
|
* Wed Apr 25 2018 Christian Heimes <cheimes@redhat.com> - 0.4-2
|
|
- Don't disable oddjobd.service (RHBZ #1571844)
|
|
|
|
* Mon Apr 9 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-1
|
|
- rebasing to 0.4
|
|
|
|
* Tue Mar 6 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.2-1
|
|
- rebasing to 0.3.2
|
|
- authselect-compat now only suggests packages, not recommends
|
|
|
|
* Mon Mar 5 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.1-1
|
|
- rebasing to 0.3.1
|
|
|
|
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-3
|
|
- Provide authconfig
|
|
|
|
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
|
|
- Properly own all appropriate directories
|
|
- Remove unneeded %%defattr
|
|
- Remove deprecated Group tag
|
|
- Make Obsoletes versioned
|
|
- Remove unneeded ldconfig scriptlets
|
|
|
|
* Tue Feb 20 2018 Pavel Březina <pbrezina@redhat.com> - 0.3-1
|
|
- rebasing to 0.3
|
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-3
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-2
|
|
- fix rpmlint errors
|
|
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-1
|
|
- rebasing to 0.2
|
|
* Mon Jul 31 2017 Jakub Hrozek <jakub.hrozek@posteo.se> - 0.1-1
|
|
- initial packaging
|