# Do not terminate build if language files are empty. %define _empty_manifest_terminate_build 0 Name: authselect Version: pr372 Release: 369%{?dist} Summary: Configures authentication and identity sources from supported profiles URL: https://github.com/authselect/authselect License: GPLv3+ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz %global makedir %{_builddir}/%{name}-%{version} %if 0%{?fedora} >= 35 || 0%{?rhel} >= 10 %global with_compat 0 %else %global with_compat 1 %endif BuildRequires: autoconf BuildRequires: automake BuildRequires: findutils BuildRequires: libtool BuildRequires: m4 BuildRequires: gcc BuildRequires: pkgconfig BuildRequires: pkgconfig(popt) BuildRequires: gettext-devel BuildRequires: po4a BuildRequires: %{_bindir}/a2x BuildRequires: libcmocka-devel >= 1.0.0 BuildRequires: libselinux-devel %if %{with_compat} BuildRequires: python3-devel %endif Requires: authselect-libs%{?_isa} = %{version}-%{release} Suggests: sssd Suggests: samba-winbind Suggests: fprintd-pam Suggests: oddjob-mkhomedir %if !%{with_compat} # Properly obsolete removed authselect-compat package. Obsoletes: authselect-compat < 1.2.4 # Inherited from former authselect-compat package. Obsoletes: authconfig < 7.0.1-6 %endif %description Authselect is designed to be a replacement for authconfig but it takes a different approach to configure the system. Instead of letting the administrator build the PAM stack with a tool (which may potentially end up with a broken configuration), it would ship several tested stacks (profiles) that solve a use-case and are well tested and supported. At the same time, some obsolete features of authconfig are not supported by authselect. %package libs Summary: Utility library used by the authselect tool # Required by scriptlets Requires: coreutils Requires: findutils Requires: gawk Requires: grep Requires: sed Requires: systemd Requires: pam >= 1.3.1-23 %description libs Common library files for authselect. This package is used by the authselect command line tool and any other potential front-ends. %package devel Summary: Development libraries and headers for authselect Requires: authselect-libs%{?_isa} = %{version}-%{release} %description devel System header files and development libraries for authselect. Useful if you develop a front-end for the authselect library. %if %{with_compat} %package compat Summary: Tool to provide minimum backwards compatibility with authconfig Obsoletes: authconfig < 7.0.1-6 Provides: authconfig Requires: authselect%{?_isa} = %{version}-%{release} Recommends: oddjob-mkhomedir Suggests: sssd Suggests: realmd Suggests: samba-winbind %description compat This package will replace %{_sbindir}/authconfig with a tool that will translate some of the authconfig calls into authselect calls. It provides only minimum backward compatibility and users are encouraged to migrate to authselect completely. %endif %prep %setup -q for p in %patches ; do %__patch -p1 -i $p done %build autoreconf -if %configure \ %if %{with_compat} --with-pythonbin="%{__python3}" \ --with-compat \ %endif %{nil} %make_build %check %make_build check %install %make_install # Find translations %find_lang %{name} %find_lang %{name} %{name}.8.lang --with-man %find_lang %{name}-migration %{name}-migration.7.lang --with-man %find_lang %{name}-profiles %{name}-profiles.5.lang --with-man # We want this file to contain only manual page translations %__sed -i '/LC_MESSAGES/d' %{name}.8.lang # Remove .la and .a files created by libtool find $RPM_BUILD_ROOT -name "*.la" -exec %__rm -f {} \; find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \; %ldconfig_scriptlets libs %files libs -f %{name}.lang -f %{name}-profiles.5.lang %dir %{_sysconfdir}/authselect %dir %{_sysconfdir}/authselect/custom %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/authselect.conf %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-db %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/dconf-locks %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/fingerprint-auth %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/nsswitch.conf %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/password-auth %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/postlogin %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/smartcard-auth %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/system-auth %ghost %attr(0644,root,root) %{_sysconfdir}/authselect/user-nsswitch.conf %dir %{_localstatedir}/lib/authselect %ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/ %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-db %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-locks %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/fingerprint-auth %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/nsswitch.conf %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/password-auth %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/postlogin %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/smartcard-auth %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/system-auth %ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created %dir %{_datadir}/authselect %dir %{_datadir}/authselect/vendor %dir %{_datadir}/authselect/default %dir %{_datadir}/authselect/default/minimal/ %dir %{_datadir}/authselect/default/nis/ %dir %{_datadir}/authselect/default/sssd/ %dir %{_datadir}/authselect/default/winbind/ %{_datadir}/authselect/default/minimal/dconf-db %{_datadir}/authselect/default/minimal/dconf-locks %{_datadir}/authselect/default/minimal/fingerprint-auth %{_datadir}/authselect/default/minimal/nsswitch.conf %{_datadir}/authselect/default/minimal/password-auth %{_datadir}/authselect/default/minimal/postlogin %{_datadir}/authselect/default/minimal/README %{_datadir}/authselect/default/minimal/REQUIREMENTS %{_datadir}/authselect/default/minimal/smartcard-auth %{_datadir}/authselect/default/minimal/system-auth %{_datadir}/authselect/default/nis/dconf-db %{_datadir}/authselect/default/nis/dconf-locks %{_datadir}/authselect/default/nis/fingerprint-auth %{_datadir}/authselect/default/nis/nsswitch.conf %{_datadir}/authselect/default/nis/password-auth %{_datadir}/authselect/default/nis/postlogin %{_datadir}/authselect/default/nis/README %{_datadir}/authselect/default/nis/REQUIREMENTS %{_datadir}/authselect/default/nis/smartcard-auth %{_datadir}/authselect/default/nis/system-auth %{_datadir}/authselect/default/sssd/dconf-db %{_datadir}/authselect/default/sssd/dconf-locks %{_datadir}/authselect/default/sssd/fingerprint-auth %{_datadir}/authselect/default/sssd/nsswitch.conf %{_datadir}/authselect/default/sssd/password-auth %{_datadir}/authselect/default/sssd/postlogin %{_datadir}/authselect/default/sssd/README %{_datadir}/authselect/default/sssd/REQUIREMENTS %{_datadir}/authselect/default/sssd/smartcard-auth %{_datadir}/authselect/default/sssd/system-auth %{_datadir}/authselect/default/winbind/dconf-db %{_datadir}/authselect/default/winbind/dconf-locks %{_datadir}/authselect/default/winbind/fingerprint-auth %{_datadir}/authselect/default/winbind/nsswitch.conf %{_datadir}/authselect/default/winbind/password-auth %{_datadir}/authselect/default/winbind/postlogin %{_datadir}/authselect/default/winbind/README %{_datadir}/authselect/default/winbind/REQUIREMENTS %{_datadir}/authselect/default/winbind/smartcard-auth %{_datadir}/authselect/default/winbind/system-auth %{_libdir}/libauthselect.so.* %{_mandir}/man5/authselect-profiles.5* %{_datadir}/doc/authselect/COPYING %{_datadir}/doc/authselect/README.md %license COPYING %doc README.md %files devel %{_includedir}/authselect.h %{_libdir}/libauthselect.so %{_libdir}/pkgconfig/authselect.pc %if %{with_compat} %files compat %{_sbindir}/authconfig %{python3_sitelib}/authselect/ %endif %files -f %{name}.8.lang -f %{name}-migration.7.lang %{_bindir}/authselect %{_mandir}/man8/authselect.8* %{_mandir}/man7/authselect-migration.7* %{_sysconfdir}/bash_completion.d/authselect-completion.sh %global validfile %{_localstatedir}/lib/rpm-state/%{name}.config-valid %preun if [ $1 == 0 ] ; then # Remove authselect symbolic links so all authselect files can be # deleted safely. If this fail, the uninstallation must fail to avoid # breaking the system by removing PAM files. However, the command can # only fail if it can not write to the file system. %{_bindir}/authselect uninstall fi %pre libs %__rm -f %{validfile} if [ $1 -gt 1 ] ; then # Remember if the current configuration is valid %{_bindir}/authselect check &> /dev/null if [ $? -eq 0 ]; then touch %{validfile} fi fi exit 0 %posttrans libs # Copy nsswitch.conf to user-nsswitch.conf if it was not yet created if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then %__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null # If we are upgrading from older version, we want to remove these comments. %__sed -i '/^# Generated by authselect on .*$/{$!{ N;N # Read also next two lines /# Generated by authselect on .*\n# Do not modify this file manually.\n/d }}' %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null fi # If the configuration is valid and we are upgrading from older version # we need to create these files since they were added in 1.0. if [ -f %{validfile} ]; then FILES="nsswitch.conf system-auth password-auth fingerprint-auth \ smartcard-auth postlogin dconf-db dconf-locks" for FILE in $FILES ; do %__cp -n %{_sysconfdir}/authselect/$FILE \ %{_localstatedir}/lib/authselect/$FILE &> /dev/null done %__rm -f %{validfile} fi # Keep nss-altfiles for all rpm-ostree based systems. # See https://github.com/authselect/authselect/issues/48 if test -e /run/ostree-booted; then for PROFILE in `ls %{_datadir}/authselect/default`; do %{_bindir}/authselect create-profile $PROFILE --vendor --base-on $PROFILE --symlink-pam --symlink-dconf --symlink=REQUIREMENTS --symlink=README &> /dev/null %__sed -ie "s/^\(passwd\|group\):\(.*\)systemd\(.*\)/\1:\2systemd altfiles\3/g" %{_datadir}/authselect/vendor/$PROFILE/nsswitch.conf &> /dev/null done fi # Apply any changes to profiles (validates configuration first internally) %{_bindir}/authselect apply-changes &> /dev/null # Enable with-sudo feature if sssd-sudo responder is enabled. RHBZ#1582111 CURRENT=`%{_bindir}/authselect current --raw 2> /dev/null` if [ $? -eq 0 ]; then PROFILE=`echo $CURRENT | %__awk '{print $1;}'` if [ $PROFILE == "sssd" ] ; then if %__grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then %{_bindir}/authselect enable-feature with-sudo &> /dev/null elif systemctl is-active sssd-sudo.service sssd-sudo.socket --quiet || systemctl is-enabled sssd-sudo.socket --quiet ; then %{_bindir}/authselect enable-feature with-sudo &> /dev/null fi fi fi exit 0 %changelog * Thu Feb 22 2018 Pavel Březina - pr372-369 - Do not use change log for rpm generated from source