rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- bump to 1.10 alpha 1

Browse Source
This commit is contained in:
Nalin Dahyabhai 2011-11-15 12:45:44 -05:00
parent a8e279c6ee
commit 1110ccd873
3 changed files with 108 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -56,3 +56,6 @@ krb5-1.8.3-pdf.tar.gz
/krb5-1.9.1.tar.gz /krb5-1.9.1.tar.gz
/krb5-1.9.1.tar.gz.asc /krb5-1.9.1.tar.gz.asc
/krb5-1.9.1-pdf.tar.bz2 /krb5-1.9.1-pdf.tar.bz2
/krb5-1.10-alpha1.tar.gz
/krb5-1.10-alpha1.tar.gz.asc
/krb5-1.10-pdf.tar.bz2

166
krb5.spec
View File

@ -1,16 +1,25 @@
%global WITH_LDAP 1 %global WITH_LDAP 1
%global WITH_DIRSRV 1
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
# These next two *will* change.
%global WITH_OPENSSL 1 %global WITH_OPENSSL 1
%global WITH_NSS 0 %global WITH_NSS 0
%global WITH_DIRSRV 1 %global WITH_SYSVERTO 1
%else
%global WITH_OPENSSL 1
%global WITH_NSS 0
%global WITH_SYSVERTO 0
%endif
%global gettext_domain mit-krb5
Summary: The Kerberos network authentication system Summary: The Kerberos network authentication system
Name: krb5 Name: krb5
Version: 1.9.1 Version: 1.10
Release: 19%{?dist} Release: 0%{?dist}.alpha1.0
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.1-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10-alpha1-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}-alpha1.tar.gz
Source1: krb5-%{version}.tar.gz.asc Source1: krb5-%{version}-alpha1.tar.gz.asc
Source2: kprop.service Source2: kprop.service
Source4: kadmin.service Source4: kadmin.service
Source5: krb5kdc.service Source5: krb5kdc.service
@ -23,7 +32,7 @@ Source20: kadmin.sysconfig
# and tarred up. # and tarred up.
Source23: krb5-%{version}-pdf.tar.bz2 Source23: krb5-%{version}-pdf.tar.bz2
Source24: krb5-tex-pdf.sh Source24: krb5-tex-pdf.sh
Source25: krb5-1.8-manpaths.txt Source25: krb5-1.10-manpaths.txt
Source29: ksu.pamd Source29: ksu.pamd
Source30: kerberos-iv.portreserve Source30: kerberos-iv.portreserve
Source31: kerberos-adm.portreserve Source31: kerberos-adm.portreserve
@ -32,45 +41,29 @@ Source33: krb5kdc.logrotate
Source34: kadmind.logrotate Source34: kadmind.logrotate
Source35: kdb_check_weak.c Source35: kdb_check_weak.c
Patch5: krb5-1.8-ksu-access.patch Patch5: krb5-1.10-ksu-access.patch
Patch6: krb5-1.9-ksu-path.patch Patch6: krb5-1.10-ksu-path.patch
Patch12: krb5-1.7-ktany.patch Patch12: krb5-1.7-ktany.patch
Patch16: krb5-1.9.1-buildconf.patch Patch16: krb5-1.10-buildconf.patch
Patch23: krb5-1.3.1-dns.patch Patch23: krb5-1.3.1-dns.patch
Patch29: krb5-1.9-kprop-mktemp.patch Patch29: krb5-1.10-kprop-mktemp.patch
Patch30: krb5-1.3.4-send-pr-tempfile.patch Patch30: krb5-1.3.4-send-pr-tempfile.patch
Patch39: krb5-1.8-api.patch Patch39: krb5-1.8-api.patch
Patch53: krb5-1.7-nodeplibs.patch Patch56: krb5-1.10-doublelog.patch
Patch56: krb5-1.7-doublelog.patch Patch59: krb5-1.10-kpasswd_tcp.patch
Patch59: krb5-1.8-kpasswd_tcp.patch Patch60: krb5-1.10-pam.patch
Patch60: krb5-1.8-pam.patch Patch61: krb5-1.10-manpaths.patch
Patch61: krb5-1.9-manpaths.patch Patch63: krb5-1.10-selinux-label.patch
Patch63: krb5-1.9-selinux-label.patch
Patch70: krb5-trunk-kpasswd_tcp2.patch
Patch71: krb5-1.9-dirsrv-accountlock.patch Patch71: krb5-1.9-dirsrv-accountlock.patch
Patch72: krb5-pkinit-cms2.patch
Patch75: krb5-pkinit-debug.patch Patch75: krb5-pkinit-debug.patch
Patch77: krb5-1.9-paren.patch
Patch78: krb5-trunk-chpw-err.patch
Patch79: krb5-klist_s.patch
Patch80: krb5-trunk-kadmin-oldproto.patch
Patch81: krb5-1.9-canonicalize-fallback.patch
Patch82: krb5-1.9.1-ai_addrconfig.patch
Patch83: krb5-1.9.1-ai_addrconfig2.patch
Patch84: krb5-1.9.1-sendto_poll.patch
Patch85: krb5-trunk-gss_delete_sec.patch
Patch86: krb5-1.9-debuginfo.patch Patch86: krb5-1.9-debuginfo.patch
Patch87: krb5-1.9.1-sendto_poll2.patch Patch92: krb5-1.10-alpha1-uninit.patch
Patch88: krb5-1.9-crossrealm.patch
Patch89: krb5-1.9.1-sendto_poll3.patch
Patch90: krb5-trunk-ext_pac_sign.patch
Patch91: krb5-1.9-MITKRB5-SA-2011-006.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, bison, flex, gawk BuildRequires: autoconf, bison, flex, gawk, gettext
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
BuildRequires: libcom_err-devel, libss-devel BuildRequires: libcom_err-devel, libss-devel
%endif %endif
@ -86,17 +79,20 @@ BuildRequires: perl, dejagnu, tcl-devel
%if %{WITH_LDAP} %if %{WITH_LDAP}
BuildRequires: openldap-devel BuildRequires: openldap-devel
%endif %endif
%if %{WITH_OPENSSL} %if %{WITH_OPENSSL} || %{WITH_NSS}
BuildRequires: openssl-devel >= 0.9.8 BuildRequires: openssl-devel >= 0.9.8
%endif %endif
%if %{WITH_NSS} %if %{WITH_NSS}
BuildRequires: nss-devel >= 3.12.10 BuildRequires: nss-devel >= 3.13
%endif
%if %{WITH_SYSVERTO}
BuildRequires: libverto-devel
%endif %endif
%description %description
Kerberos V5 is a trusted-third-party network authentication system, Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure which can improve your network's security by eliminating the insecure
practice of cleartext passwords. practice of sending passwords over the network in unencrypted form.
%package devel %package devel
Summary: Development files needed to compile Kerberos 5 programs Summary: Development files needed to compile Kerberos 5 programs
@ -176,19 +172,31 @@ package contains the basic Kerberos programs (kinit, klist, kdestroy,
kpasswd). If your network uses Kerberos, this package should be kpasswd). If your network uses Kerberos, this package should be
installed on every workstation. installed on every workstation.
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
%package pkinit
%else
%package pkinit-openssl %package pkinit-openssl
%endif
Summary: The PKINIT module for Kerberos 5 Summary: The PKINIT module for Kerberos 5
Group: System Environment/Libraries Group: System Environment/Libraries
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
Obsoletes: krb5-pkinit-openssl
Provides: krb5-pkinit-openssl = %{version}-%{release}
%endif
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
%description pkinit
%else
%description pkinit-openssl %description pkinit-openssl
Kerberos is a network authentication system. The krb5-pkinit-openssl %endif
package contains the PKINIT plugin, which uses OpenSSL to allow clients Kerberos is a network authentication system. The krb5-pkinit
package contains the PKINIT plugin, which allows clients
to obtain initial credentials from a KDC using a private key and a to obtain initial credentials from a KDC using a private key and a
certificate. certificate.
%prep %prep
%setup -q -a 23 %setup -q -a 23 -n krb5-%{version}-alpha1
ln -s NOTICE LICENSE ln -s NOTICE LICENSE
%patch60 -p1 -b .pam %patch60 -p1 -b .pam
@ -205,28 +213,16 @@ ln -s NOTICE LICENSE
%patch29 -p1 -b .kprop-mktemp %patch29 -p1 -b .kprop-mktemp
%patch30 -p1 -b .send-pr-tempfile %patch30 -p1 -b .send-pr-tempfile
%patch39 -p1 -b .api %patch39 -p1 -b .api
%patch53 -p1 -b .nodeplibs
%patch56 -p1 -b .doublelog %patch56 -p1 -b .doublelog
%patch59 -p1 -b .kpasswd_tcp %patch59 -p1 -b .kpasswd_tcp
#%patch70 -p0 -b .kpasswd_tcp2
%patch71 -p1 -b .dirsrv-accountlock %patch71 -p1 -b .dirsrv-accountlock
%patch72 -p1 -b .pkinit_cms2
#%patch75 -p1 -b .pkinit-debug #%patch75 -p1 -b .pkinit-debug
%patch77 -p1 -b .paren
%patch78 -p0 -b .chpw-err
%patch79 -p1 -b .klist_s
%patch80 -p0 -b .kadmin-oldproto
%patch81 -p1 -b .canonicalize-fallback
%patch82 -p0 -b .ai_addrconfig
%patch83 -p0 -b .ai_addrconfig2
%patch84 -p0 -b .sendto_poll
%patch85 -p1 -b .gss_delete_sec
%patch86 -p0 -b .debuginfo %patch86 -p0 -b .debuginfo
%patch87 -p1 -b .sendto_poll2 # XXX Temporary, backported from trunk.
%patch88 -p1 -b .crossrealm %patch92 -p1 -b .uninit
%patch89 -p1 -b .sendto_poll3 # XXX Temporary, fixed properly in trunk.
%patch90 -p1 -b .ext_pac_sign ln -s /usr/include/et/com_err.h src/include
%patch91 -p1 -b .2011-006
gzip doc/*.ps gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@ -308,18 +304,26 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
--with-ldap \ --with-ldap \
%endif %endif
%endif %endif
%if %{WITH_OPENSSL} %if %{WITH_OPENSSL} || %{WITH_NSS}
--enable-pkinit \ --enable-pkinit \
%else %else
--disable-pkinit \ --disable-pkinit \
%endif %endif
%if %{WITH_OPENSSL}
--with-pkinit-crypto-impl=openssl \
%endif
%if %{WITH_NSS} %if %{WITH_NSS}
--with-crypto-impl=nss \ --with-crypto-impl=nss \
%endif
%if %{WITH_SYSVERTO}
--with-system-verto \
%else
--without-system-verto \
%endif %endif
--with-pam \ --with-pam \
--with-selinux --with-selinux
# Now build it. # Now build it.
make %{?_smp_mflags} make
popd popd
# A sanity checker for upgrades. # A sanity checker for upgrades.
@ -329,8 +333,12 @@ env LD_LIBRARY_PATH=`pwd`/src/lib \
%{SOURCE35} \ %{SOURCE35} \
-L src/lib `./src/krb5-config --libs kdb` -L src/lib `./src/krb5-config --libs kdb`
# Run the test suite. We can't actually do this in the build system. %check
# Run the test suite. We can't actually run the whole thing in the build system.
make -C src fake-install
: make -C src check TMPDIR=%{_tmppath} : make -C src check TMPDIR=%{_tmppath}
make -C src/lib check TMPDIR=%{_tmppath}
make -C src/kdc check TMPDIR=%{_tmppath}
%install %install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@ -429,6 +437,8 @@ done
# A sanity checker for upgrades. # A sanity checker for upgrades.
install -m 755 kdb_check_weak $RPM_BUILD_ROOT/%{_libdir}/krb5/ install -m 755 kdb_check_weak $RPM_BUILD_ROOT/%{_libdir}/krb5/
%find_lang %{gettext_domain}
%clean %clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@ -528,6 +538,8 @@ exit 0
%{_mandir}/man1/klist.1* %{_mandir}/man1/klist.1*
%{_bindir}/kpasswd %{_bindir}/kpasswd
%{_mandir}/man1/kpasswd.1* %{_mandir}/man1/kpasswd.1*
%{_bindir}/kswitch
%{_mandir}/man1/kswitch.1*
%{_bindir}/kvno %{_bindir}/kvno
%{_mandir}/man1/kvno.1* %{_mandir}/man1/kvno.1*
@ -578,6 +590,10 @@ exit 0
%config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl %config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl
%dir %{_libdir}/krb5 %dir %{_libdir}/krb5
%if ! %{WITH_SYSVERTO}
%{_libdir}/libverto-k5ev.so
%{_libdir}/libverto-k5ev.so.*
%endif
%{_libdir}/krb5/kdb_check_weak %{_libdir}/krb5/kdb_check_weak
%dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/kdb
@ -631,13 +647,16 @@ exit 0
%{_sbindir}/kdb5_ldap_util %{_sbindir}/kdb5_ldap_util
%endif %endif
%files libs %files libs -f %{gettext_domain}.lang
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc README NOTICE LICENSE %doc README NOTICE LICENSE
%docdir %{_mandir} %docdir %{_mandir}
%verify(not md5 size mtime) %config(noreplace) /etc/krb5.conf %verify(not md5 size mtime) %config(noreplace) /etc/krb5.conf
/%{_mandir}/man1/kerberos.1* /%{_mandir}/man1/kerberos.1*
/%{_mandir}/man5/.k5identity.5*
/%{_mandir}/man5/.k5login.5* /%{_mandir}/man5/.k5login.5*
/%{_mandir}/man5/k5identity.5*
/%{_mandir}/man5/k5login.5*
/%{_mandir}/man5/krb5.conf.5* /%{_mandir}/man5/krb5.conf.5*
/%{_lib}/libgssapi_krb5.so.* /%{_lib}/libgssapi_krb5.so.*
/%{_lib}/libgssrpc.so.* /%{_lib}/libgssrpc.so.*
@ -650,17 +669,25 @@ exit 0
%dir %{_libdir}/krb5 %dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/* %dir %{_libdir}/krb5/plugins/*
%{_libdir}/krb5/plugins/preauth/encrypted_challenge.so
%{_libdir}/krb5/plugins/kdb/db2.so %{_libdir}/krb5/plugins/kdb/db2.so
%if ! %{WITH_SYSVERTO}
# These really shouldn't be here, but until we have a system copy of libverto,
# don't force people who are using libverto to install the KDC just to get the
# shared library. Not that there are any development headers, but anyway.
%{_libdir}/libverto.so
%{_libdir}/libverto.so.*
%endif
%if %{WITH_OPENSSL} %if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
%files pkinit
%else
%files pkinit-openssl %files pkinit-openssl
%endif
%defattr(-,root,root,-) %defattr(-,root,root,-)
%dir %{_libdir}/krb5 %dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/preauth
%{_libdir}/krb5/plugins/preauth/pkinit.so %{_libdir}/krb5/plugins/preauth/pkinit.so
%endif
%files devel %files devel
%defattr(-,root,root,-) %defattr(-,root,root,-)
@ -705,6 +732,17 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Tue Nov 15 2011 Nalin Dahyabhai <nalin@redhat.com> 1.10-0.alpha1.0
- update to 1.10 alpha 1
- on newer releases where we can assume NSS >= 3.13, configure PKINIT to build
using NSS
- on newer releases where we build PKINIT using NSS, configure libk5crypto to
build using NSS
- rename krb5-pkinit-openssl to krb5-pkinit on newer releases where we're
expecting to build PKINIT using NSS instead
- during %%check, run check in the library and kdc subdirectories, which
should be able to run inside of the build system without issue
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.1-19 * Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.1-19
- Rebuilt for glibc bug#747377 - Rebuilt for glibc bug#747377

6
sources
View File

@ -1,3 +1,3 @@
88d7bbb869849cd0cce1af3165ac0cc6 krb5-1.9.1.tar.gz fff5dd2e8833f8711ae67f07d7a446a4 krb5-1.10-alpha1.tar.gz
a0bd0c8ff1a2d7e41be77b80e713c319 krb5-1.9.1.tar.gz.asc cf2659adc8ddd8db9eca035a8f3bd58b krb5-1.10-alpha1.tar.gz.asc
9d214707c921ba0887f92fb5408d0370 krb5-1.9.1-pdf.tar.bz2 75395af76f40b71834166770a663a64d krb5-1.10-pdf.tar.bz2