Blame SPECS/authselect.spec

dd394d
# Do not terminate build if language files are empty.
dd394d
%define _empty_manifest_terminate_build 0
dd394d
1756dc
Name:           authselect
a437f7
Version:        1.2.1
dd394d
Release:        2%{?dist}
1756dc
Summary:        Configures authentication and identity sources from supported profiles
a437f7
URL:            https://github.com/authselect/authselect
1756dc
1756dc
License:        GPLv3+
1756dc
Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
1756dc
1756dc
%global makedir %{_builddir}/%{name}-%{version}
1756dc
a437f7
Patch0001: 0001-po-update-translations.patch
a437f7
1756dc
# Downstream only
1756dc
Patch0901: 0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch
dd394d
Patch0902: 0902-rhel8-remove-ecryptfs-support.patch
1756dc
1756dc
BuildRequires:  autoconf
1756dc
BuildRequires:  automake
1756dc
BuildRequires:  findutils
1756dc
BuildRequires:  libtool
1756dc
BuildRequires:  m4
1756dc
BuildRequires:  gcc
1756dc
BuildRequires:  pkgconfig
1756dc
BuildRequires:  pkgconfig(popt)
1756dc
BuildRequires:  gettext-devel
1756dc
BuildRequires:  po4a
1756dc
BuildRequires:  %{_bindir}/a2x
1756dc
BuildRequires:  libcmocka-devel >= 1.0.0
1756dc
BuildRequires:  libselinux-devel
1756dc
Requires: authselect-libs%{?_isa} = %{version}-%{release}
1756dc
Suggests: sssd
1756dc
Suggests: samba-winbind
1756dc
Suggests: fprintd-pam
1756dc
Suggests: oddjob-mkhomedir
1756dc
1756dc
%description
1756dc
Authselect is designed to be a replacement for authconfig but it takes
1756dc
a different approach to configure the system. Instead of letting
1756dc
the administrator build the PAM stack with a tool (which may potentially
1756dc
end up with a broken configuration), it would ship several tested stacks
1756dc
(profiles) that solve a use-case and are well tested and supported.
1756dc
At the same time, some obsolete features of authconfig are not
1756dc
supported by authselect.
1756dc
1756dc
%package libs
1756dc
Summary: Utility library used by the authselect tool
1756dc
# Required by scriptlets
1756dc
Requires: coreutils
1756dc
Requires: findutils
1756dc
Requires: gawk
1756dc
Requires: grep
1756dc
Requires: sed
1756dc
Requires: systemd
a437f7
Requires: pam >= 1.3.1-9
1756dc
1756dc
%description libs
1756dc
Common library files for authselect. This package is used by the authselect
1756dc
command line tool and any other potential front-ends.
1756dc
1756dc
%package compat
1756dc
Summary: Tool to provide minimum backwards compatibility with authconfig
1756dc
Obsoletes: authconfig < 7.0.1-6
1756dc
Provides: authconfig
1756dc
BuildRequires: python3-devel
1756dc
Requires: authselect%{?_isa} = %{version}-%{release}
dd394d
Recommends: oddjob-mkhomedir
1756dc
Suggests: sssd
1756dc
Suggests: realmd
1756dc
Suggests: samba-winbind
1756dc
# Required by scriptlets
1756dc
Requires: sed
1756dc
1756dc
%description compat
1756dc
This package will replace %{_sbindir}/authconfig with a tool that will
1756dc
translate some of the authconfig calls into authselect calls. It provides
1756dc
only minimum backward compatibility and users are encouraged to migrate
1756dc
to authselect completely.
1756dc
1756dc
%package devel
1756dc
Summary: Development libraries and headers for authselect
1756dc
Requires: authselect-libs%{?_isa} = %{version}-%{release}
1756dc
1756dc
%description devel
1756dc
System header files and development libraries for authselect. Useful if
1756dc
you develop a front-end for the authselect library.
1756dc
1756dc
1756dc
%prep
1756dc
%setup -q
1756dc
1756dc
for p in %patches ; do
1756dc
    %__patch -p1 -i $p
1756dc
done
1756dc
1756dc
%build
1756dc
autoreconf -if
1756dc
%configure --with-pythonbin="%{__python3}"
1756dc
%make_build
1756dc
1756dc
%check
1756dc
%make_build check
1756dc
1756dc
%install
1756dc
%make_install
1756dc
1756dc
# Find translations
1756dc
%find_lang %{name}
1756dc
%find_lang %{name} %{name}.8.lang --with-man
1756dc
%find_lang %{name}-migration %{name}-migration.7.lang --with-man
1756dc
%find_lang %{name}-profiles %{name}-profiles.5.lang --with-man
1756dc
1756dc
# We want this file to contain only manual page translations
dd394d
%__sed -i '/LC_MESSAGES/d' %{name}.8.lang
1756dc
1756dc
# Remove .la and .a files created by libtool
dd394d
find $RPM_BUILD_ROOT -name "*.la" -exec %__rm -f {} \;
dd394d
find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
1756dc
1756dc
%ldconfig_scriptlets libs
1756dc
1756dc
%files libs -f %{name}.lang -f %{name}-profiles.5.lang
1756dc
%dir %{_sysconfdir}/authselect
1756dc
%dir %{_sysconfdir}/authselect/custom
1756dc
%dir %{_localstatedir}/lib/authselect
dd394d
%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-db
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-locks
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/fingerprint-auth
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/nsswitch.conf
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/password-auth
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/postlogin
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/smartcard-auth
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/system-auth
dd394d
%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
1756dc
%dir %{_datadir}/authselect
1756dc
%dir %{_datadir}/authselect/vendor
1756dc
%dir %{_datadir}/authselect/default
a437f7
%dir %{_datadir}/authselect/default/minimal/
1756dc
%dir %{_datadir}/authselect/default/nis/
1756dc
%dir %{_datadir}/authselect/default/sssd/
1756dc
%dir %{_datadir}/authselect/default/winbind/
a437f7
%{_datadir}/authselect/default/minimal/nsswitch.conf
a437f7
%{_datadir}/authselect/default/minimal/password-auth
a437f7
%{_datadir}/authselect/default/minimal/postlogin
a437f7
%{_datadir}/authselect/default/minimal/README
a437f7
%{_datadir}/authselect/default/minimal/REQUIREMENTS
a437f7
%{_datadir}/authselect/default/minimal/system-auth
1756dc
%{_datadir}/authselect/default/nis/dconf-db
1756dc
%{_datadir}/authselect/default/nis/dconf-locks
1756dc
%{_datadir}/authselect/default/nis/fingerprint-auth
1756dc
%{_datadir}/authselect/default/nis/nsswitch.conf
1756dc
%{_datadir}/authselect/default/nis/password-auth
1756dc
%{_datadir}/authselect/default/nis/postlogin
1756dc
%{_datadir}/authselect/default/nis/README
1756dc
%{_datadir}/authselect/default/nis/REQUIREMENTS
1756dc
%{_datadir}/authselect/default/nis/system-auth
1756dc
%{_datadir}/authselect/default/sssd/dconf-db
1756dc
%{_datadir}/authselect/default/sssd/dconf-locks
1756dc
%{_datadir}/authselect/default/sssd/fingerprint-auth
1756dc
%{_datadir}/authselect/default/sssd/nsswitch.conf
1756dc
%{_datadir}/authselect/default/sssd/password-auth
1756dc
%{_datadir}/authselect/default/sssd/postlogin
1756dc
%{_datadir}/authselect/default/sssd/README
1756dc
%{_datadir}/authselect/default/sssd/REQUIREMENTS
1756dc
%{_datadir}/authselect/default/sssd/smartcard-auth
1756dc
%{_datadir}/authselect/default/sssd/system-auth
1756dc
%{_datadir}/authselect/default/winbind/dconf-db
1756dc
%{_datadir}/authselect/default/winbind/dconf-locks
1756dc
%{_datadir}/authselect/default/winbind/fingerprint-auth
1756dc
%{_datadir}/authselect/default/winbind/nsswitch.conf
1756dc
%{_datadir}/authselect/default/winbind/password-auth
1756dc
%{_datadir}/authselect/default/winbind/postlogin
1756dc
%{_datadir}/authselect/default/winbind/README
1756dc
%{_datadir}/authselect/default/winbind/REQUIREMENTS
1756dc
%{_datadir}/authselect/default/winbind/system-auth
1756dc
%{_libdir}/libauthselect.so.*
1756dc
%{_mandir}/man5/authselect-profiles.5*
1756dc
%{_datadir}/doc/authselect/COPYING
1756dc
%{_datadir}/doc/authselect/README.md
1756dc
%license COPYING
1756dc
%doc README.md
1756dc
1756dc
%files compat
1756dc
%{_sbindir}/authconfig
1756dc
%{python3_sitelib}/authselect/
1756dc
1756dc
%files devel
1756dc
%{_includedir}/authselect.h
1756dc
%{_libdir}/libauthselect.so
1756dc
%{_libdir}/pkgconfig/authselect.pc
1756dc
1756dc
%files  -f %{name}.8.lang  -f %{name}-migration.7.lang
1756dc
%{_bindir}/authselect
1756dc
%{_mandir}/man8/authselect.8*
1756dc
%{_mandir}/man7/authselect-migration.7*
dd394d
%{_sysconfdir}/bash_completion.d/authselect-completion.sh
1756dc
1756dc
%global validfile %{_localstatedir}/lib/rpm-state/%{name}.config-valid
1756dc
1756dc
%pre libs
dd394d
%__rm -f %{validfile}
1756dc
if [ $1 -gt 1 ] ; then
1756dc
    # Remember if the current configuration is valid
1756dc
    %{_bindir}/authselect check &> /dev/null
1756dc
    if [ $? -eq 0 ]; then
1756dc
        touch %{validfile}
1756dc
    fi
1756dc
fi
1756dc
1756dc
exit 0
1756dc
1756dc
%posttrans libs
1756dc
# Copy nsswitch.conf to user-nsswitch.conf if it was not yet created
1756dc
if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then
dd394d
    %__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
1756dc
    touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null
1756dc
1756dc
    # If we are upgrading from older version, we want to remove these comments.
dd394d
    %__sed -i '/^# Generated by authselect on .*$/{$!{
1756dc
      N;N # Read also next two lines
1756dc
      /# Generated by authselect on .*\n# Do not modify this file manually.\n/d
1756dc
    }}' %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
1756dc
fi
1756dc
1756dc
# If the configuration is valid and we are upgrading from older version
1756dc
# we need to create these files since they were added in 1.0.
1756dc
if [ -f %{validfile} ]; then
1756dc
    FILES="nsswitch.conf system-auth password-auth fingerprint-auth \
1756dc
           smartcard-auth postlogin dconf-db dconf-locks"
1756dc
1756dc
    for FILE in $FILES ; do
dd394d
        %__cp -n %{_sysconfdir}/authselect/$FILE \
dd394d
               %{_localstatedir}/lib/authselect/$FILE &> /dev/null
1756dc
    done
1756dc
dd394d
    %__rm -f %{validfile}
1756dc
fi
1756dc
1756dc
# Apply any changes to profiles (validates configuration first internally)
1756dc
%{_bindir}/authselect apply-changes &> /dev/null
1756dc
1756dc
# Enable with-sudo feature if sssd-sudo responder is enabled. RHBZ#1582111
1756dc
CURRENT=`%{_bindir}/authselect current --raw 2> /dev/null`
1756dc
if [ $? -eq 0 ]; then
dd394d
    PROFILE=`echo $CURRENT | %__awk '{print $1;}'`
1756dc
1756dc
    if [ $PROFILE == "sssd" ] ; then
dd394d
        if %__grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then
1756dc
            %{_bindir}/authselect enable-feature with-sudo &> /dev/null
1756dc
        elif systemctl is-active sssd-sudo.service sssd-sudo.socket --quiet || systemctl is-enabled sssd-sudo.socket --quiet ; then
1756dc
            %{_bindir}/authselect enable-feature with-sudo &> /dev/null
1756dc
        fi
1756dc
    fi
1756dc
fi
1756dc
1756dc
exit 0
1756dc
1756dc
%posttrans compat
1756dc
# Fix for RHBZ#1618865
1756dc
# Remove invalid lines from pwquality.conf generated by authconfig compat tool
1756dc
# - previous version could write some options without value, which is invalid
1756dc
# - we delete all options without value from existing file
dd394d
%__sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwquality.conf &> /dev/null
1756dc
exit 0
1756dc
1756dc
%changelog
a437f7
* Fri Jun 19 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-2
a437f7
- Update translations (RHBZ #1820533)
a437f7
a437f7
* Tue May 12 2020 Pavel Březina <pbrezina@redhat.com> - 1.2.1-1
a437f7
- Rebase to authselect-1.2.1 (RHBZ #1810471)
a437f7
- CLI commands are now correctly translated (RHBZ #1816009)
a437f7
- Remove unsupported features from sssd profile description (RHBZ #1830251)
a437f7
- add `with-files-access-provider` to sssd profile (RHBZ #1734094)
a437f7
- switch to pam_usertype module (RHBZ #1773567)
a437f7
- fix typo in sssd profile description (RHBZ #1787638)
a437f7
- add minimal profile (RHBZ #1654018)
a437f7
dd394d
* Thu Jul 4 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-2
dd394d
- Update translations (RHBZ #1689973)
dd394d
dd394d
* Mon Jun 10 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-1
dd394d
- Rebase to authselect-1.1 (RHBZ #1685516)
dd394d
- Notify that oddjob-mkhomedir needs to be enabled manually (RHBZ #1694103)
dd394d
- Ask for smartcard insertion when smartcard authentication is required (RHBZ #1674397)
dd394d
- Update translations (RHBZ #1689973)
dd394d
1756dc
* Mon Feb 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.0-13
1756dc
- Revert pam_systemd.so to be optional
1756dc
- Resolves: #rhbz1643928 - pam_systemd shouldn't be optional in system-auth 
1756dc
1756dc
* Mon Feb 4 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-12
1756dc
- make authselect work with selinux disabled (RHBZ #1668025)
1756dc
- require smartcard authentication only for specific services (RHBZ #1665058)
1756dc
- update translations (RHBZ #1608286)
1756dc
1756dc
* Fri Jan 11 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-11
1756dc
- require libselinux needed by (RHBZ #1664650)
1756dc
1756dc
* Fri Jan 11 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-10
1756dc
- invalid selinux context for files under /etc/authselect (RHBZ #1664650)
1756dc
1756dc
* Tue Dec 4 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-9
1756dc
- fix sources for official rhel translations (RHBZ #1608286)
1756dc
- fix coverity warnings for authselect enable-features should error on unknown features (RHBZ #1651637)
1756dc
1756dc
* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-8
1756dc
- add official rhel translations (RHBZ #1608286)
1756dc
1756dc
* Mon Dec 3 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-7
1756dc
- pam_systemd shouldn't be optional in system-auth (RHBZ #1643928)
1756dc
- compat tool: support --enablerequiresmartcard (RHBZ #1649277)
1756dc
- compat tool: support --smartcardaction=0 (RHBZ #1649279)
1756dc
- remove ecryptfs from authselect since it is not present in rhel8 (RHBZ #1649282)
1756dc
- authselect enable-features should error on unknown features (RHBZ #1651637)
1756dc
1756dc
* Wed Oct 31 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-6
1756dc
- Remove mention of Fedora Change page from compat tool (RHBZ #1644309)
1756dc
1756dc
* Wed Oct 10 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-5
1756dc
- Support for "require smartcard for login option" (RHBZ #1611012)
1756dc
1756dc
* Mon Oct 1 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-4
1756dc
- add official rhel translations (RHBZ #1608286)
1756dc
1756dc
* Fri Sep 28 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-3
1756dc
- scriptlet can fail if coreutils is not installed  (RHBZ #1630896)
1756dc
- fix typo (require systemd instead of systemctl)
1756dc
1756dc
* Thu Sep 27 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-2
1756dc
- authconfig --update overwrites current profile (RHBZ #1628492)
1756dc
- authselect profile nis enhancements (RHBZ #1628493)
1756dc
- scriptlet can fail if coreutils is not installed  (RHBZ #1630896)
1756dc
- authconfig --update --enablenis stops ypserv (RHBZ #1632567)
1756dc
- compat tool generates invalid pwquality configuration (RHBZ #1628491) 
1756dc
1756dc
* Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
1756dc
- Rebase to 1.0 (RHBZ #1614235)
1756dc
1756dc
* Wed Aug 01 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.4-4
1756dc
- Rebuild for platform-python
1756dc
1756dc
* Mon May 14 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-3
1756dc
- Disable sssd as sudo rules source with sssd profile by default (RHBZ #1573403)
1756dc
1756dc
* Wed Apr 25 2018 Christian Heimes <cheimes@redhat.com> - 0.4-2
1756dc
- Don't disable oddjobd.service (RHBZ #1571844)
1756dc
1756dc
* Mon Apr 9 2018 Pavel Březina <pbrezina@redhat.com> - 0.4-1
1756dc
- rebasing to 0.4
1756dc
1756dc
* Tue Mar 6 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.2-1
1756dc
- rebasing to 0.3.2
1756dc
- authselect-compat now only suggests packages, not recommends
1756dc
1756dc
* Mon Mar 5 2018 Pavel Březina <pbrezina@redhat.com> - 0.3.1-1
1756dc
- rebasing to 0.3.1
1756dc
1756dc
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-3
1756dc
- Provide authconfig
1756dc
1756dc
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
1756dc
- Properly own all appropriate directories
1756dc
- Remove unneeded %%defattr
1756dc
- Remove deprecated Group tag 
1756dc
- Make Obsoletes versioned
1756dc
- Remove unneeded ldconfig scriptlets
1756dc
1756dc
* Tue Feb 20 2018 Pavel Březina <pbrezina@redhat.com> - 0.3-1
1756dc
- rebasing to 0.3
1756dc
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-3
1756dc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
1756dc
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-2
1756dc
- fix rpmlint errors
1756dc
* Wed Jan 10 2018 Pavel Březina <pbrezina@redhat.com> - 0.2-1
1756dc
- rebasing to 0.2
1756dc
* Mon Jul 31 2017 Jakub Hrozek <jakub.hrozek@posteo.se> - 0.1-1
1756dc
- initial packaging