SPEC: build minimal / container oriented SSSD

SSSD · Mar 28, 2024 · fc8e39a · fc8e39a
1 parent ce6f33f
commit fc8e39a
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 180 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -309,7 +309,6 @@ if HAVE_CMOCKA
         sss_certmap_test \
         test_sssd_krb5_locator_plugin \
         test_confdb \
-        test_krb5_idp_plugin \
         $(NULL)
 
 
@@ -3975,19 +3974,6 @@ test_kcm_queue_LDADD = \
     libsss_sbus.la \
     $(NULL)
 
-test_krb5_idp_plugin_SOURCES = \
-    src/tests/cmocka/test_krb5_idp_plugin.c \
-    src/krb5_plugin/common/utils.c \
-    src/krb5_plugin/idp/idp_utils.c \
-    $(NULL)
-test_krb5_idp_plugin_CFLAGS = \
-    $(AM_CFLAGS) \
-    $(NULL)
-test_krb5_idp_plugin_LDADD = \
-    $(CMOCKA_LIBS) \
-    $(JANSSON_LIBS) \
-    $(NULL)
-
 if BUILD_PASSKEY
 test_krb5_passkey_plugin_SOURCES = \
     src/tests/cmocka/test_krb5_passkey_plugin.c \

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
@@ -19,33 +19,13 @@
 # Capabilities of privileged child helpers (required even if SSSD runs under root)
 %global child_capabilities cap_chown,cap_dac_override,cap_setuid,cap_setgid=ep
 
-%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
-%global build_subid 1
-%else
 %global build_subid 0
-%endif
 
-%if 0%{?fedora} >= 34
-%global build_kcm_renewals 1
-%global krb5_version 1.19.1
-%elif 0%{?rhel} >= 8
-%global build_kcm_renewals 1
-%global krb5_version 1.18.2
-%else
 %global build_kcm_renewals 0
-%endif
 
-%if 0%{?fedora} >= 39 || 0%{?rhel} >= 9
-%global build_passkey 1
-%else
 %global build_passkey 0
-%endif
 
-%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10
 %global build_ssh_known_hosts_proxy 0
-%else
-%global build_ssh_known_hosts_proxy 1
-%endif
 
 # we don't want to provide private python extension libs
 %define __provides_exclude_from %{python3_sitearch}/.*\.so$
@@ -556,21 +536,20 @@ autoreconf -ivf
     --disable-rpath \
     --disable-static \
     --enable-gss-spnego-for-zero-maxssf \
-    --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
     --enable-nsslibdir=%{_libdir} \
     --enable-pammoddir=%{_libdir}/security \
     --enable-sss-default-nss-plugin \
-    --enable-systemtap \
+    --disable-systemtap \
     --with-db-path=%{dbpath} \
     --with-gpo-cache-path=%{gpocachepath} \
     --with-init-dir=%{_initrddir} \
-    --with-initscript=systemd \
+    --with-initscript=sysv \
     --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
     --with-mcache-path=%{mcpath} \
     --with-pipe-path=%{pipepath} \
     --with-pubconf-path=%{pubconfpath} \
     --with-sssd-user=%{sssd_user} \
-    --with-syslog=journald \
+    --with-syslog=syslog \
     --with-test-dir=/dev/shm \
 %if %{build_subid}
     --with-subid \
@@ -584,7 +563,16 @@ autoreconf -ivf
 %if %{build_ssh_known_hosts_proxy}
     --with-ssh-known-hosts-proxy \
 %endif
-
+    --without-sudo \
+    --without-autofs \
+    --without-ssh \
+    --without-nfsv4-idmapd-plugin \
+    --without-selinux \
+    --without-manpages \
+    --without-python2-bindings \
+    --without-python3-bindings \
+    --without-kcm \
+    --without-oidc-child \
     %{nil}
 
 %make_build all docs runstatedir=%{_rundir}
@@ -601,9 +589,6 @@ unset CK_TIMEOUT_MULTIPLIER
 
 %make_install
 
-# Prepare language files
-/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
-
 # Copy default logrotate file
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
 install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
@@ -612,15 +597,6 @@ install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/s
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
 install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
 
-# Kerberos KCM credential cache by default
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
-cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
-   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
-
-# Enable krb5 idp plugins by default (when sssd-idp package is installed)
-cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \
-   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp
-
 # Enable krb5 passkey plugins by default (when sssd-passkey package is installed)
 %if %{build_passkey}
 cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_passkey \
@@ -631,6 +607,7 @@ install -D -p -m 0644 contrib/90-sssd-token-access.rules %{buildroot}%{_udevrule
 %endif
 
 # krb5 configuration snippet
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
 cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
    $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
 
@@ -644,102 +621,14 @@ find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
 # Suppress developer-only documentation
 rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
 
-# Older versions of rpmbuild can only handle one -f option
-# So we need to append to the sssd*.lang file
-for file in `find $RPM_BUILD_ROOT/%{python3_sitelib} -maxdepth 1 -name "*.egg-info" 2> /dev/null`
-do
-    echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
-done
-
-touch sssd.lang
-for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
-                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
-                  libsss_certmap sssd_kcm
-do
-    touch $subpackage.lang
-done
-
-for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
-do
-    lang=`echo $man | cut -c 1-2`
-    case `basename $man` in
-        sss_cache*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
-            ;;
-        sss_ssh*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
-            ;;
-        sss_rpcidmapd*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang
-            ;;
-        sss_*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
-            ;;
-        sssctl*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
-            ;;
-        sssd_krb5_*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
-            ;;
-        pam_sss*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
-            ;;
-        sssd-ldap*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
-            ;;
-        sssd-krb5*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
-            ;;
-        sssd-ipa*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
-            ;;
-        sssd-ad*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
-            ;;
-        sssd-proxy*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
-            ;;
-        sssd-ifp*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
-            ;;
-        sssd-kcm*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang
-            ;;
-        idmap_sss*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang
-            ;;
-        sss-certmap*)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang
-            ;;
-        *)
-            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
-            ;;
-    esac
-done
-
-# Print these to the rpmbuild log
-echo "sssd.lang:"
-cat sssd.lang
-
-echo "python3_sssdconfig.lang:"
-cat python3_sssdconfig.lang
-
-for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
-                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
-                  libsss_certmap sssd_kcm
-do
-    echo "$subpackage.lang:"
-    cat $subpackage.lang
-done
-
 %if %{use_sysusers}
 install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.conf
 %endif
 
 %files
 %license COPYING
 
-%files common -f sssd.lang
+%files common
 %license COPYING
 %doc src/examples/sssd-example.conf
 %{_sbindir}/sssd
@@ -850,7 +739,7 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %{_datadir}/polkit-1/rules.d/*
 %endif
 
-%files ldap -f sssd_ldap.lang
+%files ldap
 %license COPYING
 %{_libdir}/%{name}/libsss_ldap.so
 %{_mandir}/man5/sssd-ldap.5*
@@ -862,7 +751,7 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %attr(0750,root,%{sssd_user}) %caps(%{child_capabilities}) %{_libexecdir}/%{servicename}/ldap_child
 %attr(0750,root,%{sssd_user}) %caps(%{child_capabilities}) %{_libexecdir}/%{servicename}/krb5_child
 
-%files krb5 -f sssd_krb5.lang
+%files krb5
 %license COPYING
 %{_libdir}/%{name}/libsss_krb5.so
 %{_mandir}/man5/sssd-krb5.5*
@@ -874,14 +763,14 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %license COPYING
 %{_libexecdir}/%{servicename}/sssd_pac
 
-%files ipa -f sssd_ipa.lang
+%files ipa
 %license COPYING
 %attr(770,%{sssd_user},%{sssd_user}) %dir %{keytabdir}
 %{_libdir}/%{name}/libsss_ipa.so
 %attr(0750,root,%{sssd_user}) %caps(%{child_capabilities}) %{_libexecdir}/%{servicename}/selinux_child
 %{_mandir}/man5/sssd-ipa.5*
 
-%files ad -f sssd_ad.lang
+%files ad
 %license COPYING
 %{_libdir}/%{name}/libsss_ad.so
 %{_libexecdir}/%{servicename}/gpo_child
@@ -892,7 +781,7 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %{_libexecdir}/%{servicename}/proxy_child
 %{_libdir}/%{name}/libsss_proxy.so
 
-%files dbus -f sssd_dbus.lang
+%files dbus
 %license COPYING
 %{_libexecdir}/%{servicename}/sssd_ifp
 %{_mandir}/man5/sssd-ifp.5*
@@ -901,7 +790,7 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %{_datadir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
 %{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
 
-%files client -f sssd_client.lang
+%files client
 %license src/sss_client/COPYING src/sss_client/COPYING.LESSER
 %{_libdir}/libnss_sss.so.2
 %if %{build_subid}
@@ -932,7 +821,7 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %dir %{_libdir}/%{name}/modules
 %{_libdir}/%{name}/modules/libsss_autofs.so
 
-%files tools -f sssd_tools.lang
+%files tools
 %license COPYING
 %{_sbindir}/sss_obfuscate
 %{_sbindir}/sss_override
@@ -947,21 +836,6 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %{_mandir}/man8/sss_seed.8*
 %{_mandir}/man8/sssctl.8*
 
-%files -n python3-sssdconfig -f python3_sssdconfig.lang
-%dir %{python3_sitelib}/SSSDConfig
-%{python3_sitelib}/SSSDConfig/*.py*
-%dir %{python3_sitelib}/SSSDConfig/__pycache__
-%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
-%dir %{_datadir}/sssd
-%{_datadir}/sssd/sssd.api.conf
-%{_datadir}/sssd/sssd.api.d
-
-%files -n python3-sss
-%{python3_sitearch}/pysss.so
-
-%files -n python3-sss-murmur
-%{python3_sitearch}/pysss_murmur.so
-
 %files -n libsss_idmap
 %license src/sss_client/COPYING src/sss_client/COPYING.LESSER
 %{_libdir}/libsss_idmap.so.*
@@ -998,16 +872,16 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %files -n python3-libipa_hbac
 %{python3_sitearch}/pyhbac.so
 
-%files winbind-idmap -f sssd_winbind_idmap.lang
+%files winbind-idmap
 %dir %{_libdir}/samba/idmap
 %{_libdir}/samba/idmap/sss.so
 %{_mandir}/man8/idmap_sss.8*
 
-%files nfs-idmap -f sssd_nfs_idmap.lang
+%files nfs-idmap
 %{_mandir}/man5/sss_rpcidmapd.5*
 %{_libdir}/libnfsidmap/sss.so
 
-%files -n libsss_certmap -f libsss_certmap.lang
+%files -n libsss_certmap
 %license src/sss_client/COPYING src/sss_client/COPYING.LESSER
 %{_libdir}/libsss_certmap.so.*
 %{_mandir}/man5/sss-certmap.5*
@@ -1018,21 +892,6 @@ install -D -p -m 0644 contrib/sssd.sysusers %{buildroot}%{_sysusersdir}/sssd.con
 %{_libdir}/libsss_certmap.so
 %{_libdir}/pkgconfig/sss_certmap.pc
 
-%files kcm -f sssd_kcm.lang
-%{_libexecdir}/%{servicename}/sssd_kcm
-%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
-%dir %{_datadir}/sssd-kcm
-%{_datadir}/sssd-kcm/kcm_default_ccache
-%{_unitdir}/sssd-kcm.socket
-%{_unitdir}/sssd-kcm.service
-%{_mandir}/man8/sssd-kcm.8*
-
-%files idp
-%{_libexecdir}/%{servicename}/oidc_child
-%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so
-%{_datadir}/sssd/krb5-snippets/sssd_enable_idp
-%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp
-
 %if %{build_passkey}
 %files passkey
 %attr(755,%{sssd_user},%{sssd_user}) %{_libexecdir}/%{servicename}/passkey_child