diff --git a/Makefile.am b/Makefile.am index bd4d17ec472..a551aaa3146 100644 --- a/Makefile.am +++ b/Makefile.am @@ -165,7 +165,6 @@ sbin_PROGRAMS = \ sssd \ sss_cache \ sss_override \ - sss_seed \ sssctl \ $(NULL) @@ -309,7 +308,6 @@ if HAVE_CMOCKA sss_certmap_test \ test_sssd_krb5_locator_plugin \ test_confdb \ - test_krb5_idp_plugin \ $(NULL) @@ -1881,14 +1879,6 @@ if BUILD_SYSTEMTAP sssd_be_LDADD += stap_generated_probes.lo endif -if BUILD_PYTHON_BINDINGS -sss_obfuscate_pythondir = $(sbindir) -dist_sss_obfuscate_python_SCRIPTS = \ - src/tools/sss_obfuscate -endif - - - dist_noinst_DATA += \ src/examples/sssd-example.conf \ src/examples/sssdproxytest \ @@ -1917,13 +1907,6 @@ sss_cache_LDADD = \ $(CLIENT_LIBS) sss_cache_CFLAGS = $(AM_CFLAGS) -sss_seed_SOURCES = \ - src/tools/sss_seed.c \ - $(SSSD_TOOLS_OBJ) -sss_seed_LDADD = \ - $(TOOLS_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) - sss_signal_SOURCES = \ src/tools/sss_signal.c \ src/tools/common/sss_process.c @@ -3975,19 +3958,6 @@ test_kcm_queue_LDADD = \ libsss_sbus.la \ $(NULL) -test_krb5_idp_plugin_SOURCES = \ - src/tests/cmocka/test_krb5_idp_plugin.c \ - src/krb5_plugin/common/utils.c \ - src/krb5_plugin/idp/idp_utils.c \ - $(NULL) -test_krb5_idp_plugin_CFLAGS = \ - $(AM_CFLAGS) \ - $(NULL) -test_krb5_idp_plugin_LDADD = \ - $(CMOCKA_LIBS) \ - $(JANSSON_LIBS) \ - $(NULL) - if BUILD_PASSKEY test_krb5_passkey_plugin_SOURCES = \ src/tests/cmocka/test_krb5_passkey_plugin.c \ diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 70c459333d2..3d421daf602 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -19,33 +19,13 @@ # Capabilities of privileged child helpers (required even if SSSD runs under root) %global child_capabilities cap_chown,cap_dac_override,cap_setuid,cap_setgid=ep -%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 -%global build_subid 1 -%else %global build_subid 0 -%endif -%if 0%{?fedora} >= 34 -%global build_kcm_renewals 1 -%global krb5_version 1.19.1 -%elif 0%{?rhel} >= 8 -%global build_kcm_renewals 1 -%global krb5_version 1.18.2 -%else %global build_kcm_renewals 0 -%endif -%if 0%{?fedora} >= 39 || 0%{?rhel} >= 9 -%global build_passkey 1 -%else %global build_passkey 0 -%endif -%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10 %global build_ssh_known_hosts_proxy 0 -%else -%global build_ssh_known_hosts_proxy 1 -%endif # we don't want to provide private python extension libs %define __provides_exclude_from %{python3_sitearch}/.*\.so$ @@ -556,21 +536,20 @@ autoreconf -ivf --disable-rpath \ --disable-static \ --enable-gss-spnego-for-zero-maxssf \ - --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \ --enable-nsslibdir=%{_libdir} \ --enable-pammoddir=%{_libdir}/security \ --enable-sss-default-nss-plugin \ - --enable-systemtap \ + --disable-systemtap \ --with-db-path=%{dbpath} \ --with-gpo-cache-path=%{gpocachepath} \ --with-init-dir=%{_initrddir} \ - --with-initscript=systemd \ + --with-initscript=sysv \ --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \ --with-mcache-path=%{mcpath} \ --with-pipe-path=%{pipepath} \ --with-pubconf-path=%{pubconfpath} \ --with-sssd-user=%{sssd_user} \ - --with-syslog=journald \ + --with-syslog=syslog \ --with-test-dir=/dev/shm \ %if %{build_subid} --with-subid \ @@ -584,7 +563,19 @@ autoreconf -ivf %if %{build_ssh_known_hosts_proxy} --with-ssh-known-hosts-proxy \ %endif - + --without-sudo \ + --without-autofs \ + --without-ssh \ + --without-nfsv4-idmapd-plugin \ + --without-selinux \ + --without-manpages \ + --without-python2-bindings \ + --without-python3-bindings \ + --without-kcm \ +%if ! %{build_kcm_renewals} + --disable-kcm-renewal \ +%endif + --without-oidc-child \ %{nil} %make_build all docs runstatedir=%{_rundir} @@ -601,9 +592,6 @@ unset CK_TIMEOUT_MULTIPLIER %make_install -# Prepare language files -/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd - # Copy default logrotate file mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd @@ -612,15 +600,6 @@ install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/s mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd -# Kerberos KCM credential cache by default -mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d -cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \ - $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache - -# Enable krb5 idp plugins by default (when sssd-idp package is installed) -cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \ - $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp - # Enable krb5 passkey plugins by default (when sssd-passkey package is installed) %if %{build_passkey} cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_passkey \ @@ -631,6 +610,7 @@ install -D -p -m 0644 contrib/90-sssd-token-access.rules %{buildroot}%{_udevrule %endif # krb5 configuration snippet +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \ $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir @@ -644,94 +624,6 @@ find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; # Suppress developer-only documentation rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} -# Older versions of rpmbuild can only handle one -f option -# So we need to append to the sssd*.lang file -for file in `find $RPM_BUILD_ROOT/%{python3_sitelib} -maxdepth 1 -name "*.egg-info" 2> /dev/null` -do - echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang -done - -touch sssd.lang -for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ - sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ - libsss_certmap sssd_kcm -do - touch $subpackage.lang -done - -for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"` -do - lang=`echo $man | cut -c 1-2` - case `basename $man` in - sss_cache*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang - ;; - sss_ssh*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang - ;; - sss_rpcidmapd*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang - ;; - sss_*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang - ;; - sssctl*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang - ;; - sssd_krb5_*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang - ;; - pam_sss*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang - ;; - sssd-ldap*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang - ;; - sssd-krb5*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang - ;; - sssd-ipa*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang - ;; - sssd-ad*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang - ;; - sssd-proxy*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang - ;; - sssd-ifp*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang - ;; - sssd-kcm*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang - ;; - idmap_sss*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang - ;; - sss-certmap*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang - ;; - *) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang - ;; - esac -done - -# Print these to the rpmbuild log -echo "sssd.lang:" -cat sssd.lang - -echo "python3_sssdconfig.lang:" -cat python3_sssdconfig.lang - -for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \ - sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \ - libsss_certmap sssd_kcm -do - echo "$subpackage.lang:" - cat $subpackage.lang -done - %if %{use_sysusers} install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.conf %endif @@ -739,33 +631,16 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %files %license COPYING -%files common -f sssd.lang +%files common %license COPYING %doc src/examples/sssd-example.conf %{_sbindir}/sssd -%{_unitdir}/sssd.service -%{_unitdir}/sssd-autofs.socket -%{_unitdir}/sssd-autofs.service -%{_unitdir}/sssd-nss.socket -%{_unitdir}/sssd-nss.service -%{_unitdir}/sssd-pac.socket -%{_unitdir}/sssd-pac.service -%{_unitdir}/sssd-pam.socket -%{_unitdir}/sssd-pam.service -%{_unitdir}/sssd-ssh.socket -%{_unitdir}/sssd-ssh.service -%{_unitdir}/sssd-sudo.socket -%{_unitdir}/sssd-sudo.service %dir %{_libexecdir}/%{servicename} %{_libexecdir}/%{servicename}/sssd_be %{_libexecdir}/%{servicename}/sssd_nss %{_libexecdir}/%{servicename}/sssd_pam -%{_libexecdir}/%{servicename}/sssd_autofs -%{_libexecdir}/%{servicename}/sssd_ssh -%{_libexecdir}/%{servicename}/sssd_sudo %{_libexecdir}/%{servicename}/p11_child -%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders %dir %{_libdir}/%{name} %{_libdir}/%{name}/libsss_simple.so @@ -787,9 +662,6 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %{_libdir}/%{name}/libsss_sbus_sync.so %{ldb_modulesdir}/memberof.so -%{_bindir}/sss_ssh_authorizedkeys -%{_bindir}/sss_ssh_knownhosts -%{_bindir}/sss_ssh_knownhostsproxy %{_sbindir}/sss_cache %{_libexecdir}/%{servicename}/sss_signal @@ -819,17 +691,8 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %{_libdir}/%{name}/conf/sssd.conf %{_datadir}/sssd/cfg_rules.ini -%{_mandir}/man1/sss_ssh_authorizedkeys.1* -%{_mandir}/man1/sss_ssh_knownhosts.1* %if %{build_ssh_known_hosts_proxy} -%{_mandir}/man1/sss_ssh_knownhostsproxy.1* %endif -%{_mandir}/man5/sssd.conf.5* -%{_mandir}/man5/sssd-simple.5* -%{_mandir}/man5/sssd-sudo.5* -%{_mandir}/man5/sssd-session-recording.5* -%{_mandir}/man8/sssd.8* -%{_mandir}/man8/sss_cache.8* %dir %{_datadir}/sssd/systemtap %{_datadir}/sssd/systemtap/id_perf.stp %{_datadir}/sssd/systemtap/nested_group_perf.stp @@ -839,7 +702,6 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %dir %{_datadir}/systemtap/tapset %{_datadir}/systemtap/tapset/sssd.stp %{_datadir}/systemtap/tapset/sssd_functions.stp -%{_mandir}/man5/sssd-systemtap.5* %if %{use_sysusers} %{_sysusersdir}/sssd.conf %endif @@ -850,11 +712,9 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %{_datadir}/polkit-1/rules.d/* %endif -%files ldap -f sssd_ldap.lang +%files ldap %license COPYING %{_libdir}/%{name}/libsss_ldap.so -%{_mandir}/man5/sssd-ldap.5* -%{_mandir}/man5/sssd-ldap-attributes.5* %files krb5-common %license COPYING @@ -862,10 +722,9 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %attr(0750,root,%{sssd_user}) %caps(%{child_capabilities}) %{_libexecdir}/%{servicename}/ldap_child %attr(0750,root,%{sssd_user}) %caps(%{child_capabilities}) %{_libexecdir}/%{servicename}/krb5_child -%files krb5 -f sssd_krb5.lang +%files krb5 %license COPYING %{_libdir}/%{name}/libsss_krb5.so -%{_mandir}/man5/sssd-krb5.5* %config(noreplace) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir %dir %{_datadir}/sssd/krb5-snippets %{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir @@ -874,34 +733,31 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %license COPYING %{_libexecdir}/%{servicename}/sssd_pac -%files ipa -f sssd_ipa.lang +%files ipa %license COPYING %attr(770,%{sssd_user},%{sssd_user}) %dir %{keytabdir} %{_libdir}/%{name}/libsss_ipa.so %attr(0750,root,%{sssd_user}) %caps(%{child_capabilities}) %{_libexecdir}/%{servicename}/selinux_child -%{_mandir}/man5/sssd-ipa.5* -%files ad -f sssd_ad.lang +%files ad %license COPYING %{_libdir}/%{name}/libsss_ad.so %{_libexecdir}/%{servicename}/gpo_child -%{_mandir}/man5/sssd-ad.5* %files proxy %license COPYING %{_libexecdir}/%{servicename}/proxy_child %{_libdir}/%{name}/libsss_proxy.so -%files dbus -f sssd_dbus.lang +%files dbus %license COPYING %{_libexecdir}/%{servicename}/sssd_ifp -%{_mandir}/man5/sssd-ifp.5* %{_unitdir}/sssd-ifp.service # InfoPipe DBus plumbing %{_datadir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf %{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service -%files client -f sssd_client.lang +%files client %license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libnss_sss.so.2 %if %{build_subid} @@ -918,10 +774,6 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/modules %{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so -%{_mandir}/man8/pam_sss.8* -%{_mandir}/man8/pam_sss_gss.8* -%{_mandir}/man8/sssd_krb5_locator_plugin.8* -%{_mandir}/man8/sssd_krb5_localauth_plugin.8* %files -n libsss_sudo %license src/sss_client/COPYING @@ -932,35 +784,13 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %dir %{_libdir}/%{name}/modules %{_libdir}/%{name}/modules/libsss_autofs.so -%files tools -f sssd_tools.lang +%files tools %license COPYING -%{_sbindir}/sss_obfuscate %{_sbindir}/sss_override %{_sbindir}/sss_debuglevel -%{_sbindir}/sss_seed %{_sbindir}/sssctl %{_libexecdir}/%{servicename}/sss_analyze %{python3_sitelib}/sssd/ -%{_mandir}/man8/sss_obfuscate.8* -%{_mandir}/man8/sss_override.8* -%{_mandir}/man8/sss_debuglevel.8* -%{_mandir}/man8/sss_seed.8* -%{_mandir}/man8/sssctl.8* - -%files -n python3-sssdconfig -f python3_sssdconfig.lang -%dir %{python3_sitelib}/SSSDConfig -%{python3_sitelib}/SSSDConfig/*.py* -%dir %{python3_sitelib}/SSSDConfig/__pycache__ -%{python3_sitelib}/SSSDConfig/__pycache__/*.py* -%dir %{_datadir}/sssd -%{_datadir}/sssd/sssd.api.conf -%{_datadir}/sssd/sssd.api.d - -%files -n python3-sss -%{python3_sitearch}/pysss.so - -%files -n python3-sss-murmur -%{python3_sitearch}/pysss_murmur.so %files -n libsss_idmap %license src/sss_client/COPYING src/sss_client/COPYING.LESSER @@ -998,19 +828,16 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %files -n python3-libipa_hbac %{python3_sitearch}/pyhbac.so -%files winbind-idmap -f sssd_winbind_idmap.lang +%files winbind-idmap %dir %{_libdir}/samba/idmap %{_libdir}/samba/idmap/sss.so -%{_mandir}/man8/idmap_sss.8* -%files nfs-idmap -f sssd_nfs_idmap.lang -%{_mandir}/man5/sss_rpcidmapd.5* +%files nfs-idmap %{_libdir}/libnfsidmap/sss.so -%files -n libsss_certmap -f libsss_certmap.lang +%files -n libsss_certmap %license src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libsss_certmap.so.* -%{_mandir}/man5/sss-certmap.5* %files -n libsss_certmap-devel %doc certmap_doc/html @@ -1018,21 +845,6 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con %{_libdir}/libsss_certmap.so %{_libdir}/pkgconfig/sss_certmap.pc -%files kcm -f sssd_kcm.lang -%{_libexecdir}/%{servicename}/sssd_kcm -%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache -%dir %{_datadir}/sssd-kcm -%{_datadir}/sssd-kcm/kcm_default_ccache -%{_unitdir}/sssd-kcm.socket -%{_unitdir}/sssd-kcm.service -%{_mandir}/man8/sssd-kcm.8* - -%files idp -%{_libexecdir}/%{servicename}/oidc_child -%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so -%{_datadir}/sssd/krb5-snippets/sssd_enable_idp -%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp - %if %{build_passkey} %files passkey %attr(755,%{sssd_user},%{sssd_user}) %{_libexecdir}/%{servicename}/passkey_child