From d72d44b780da04c253bf1cb1f200403634446220 Mon Sep 17 00:00:00 2001 From: Packit Date: Aug 19 2020 12:54:23 +0000 Subject: Add spec-file for the distribution --- diff --git a/SPECS/adcli.spec b/SPECS/adcli.spec new file mode 100644 index 0000000..022476f --- /dev/null +++ b/SPECS/adcli.spec @@ -0,0 +1,295 @@ +Name: adcli +Version: 0.8.2 +Release: 5%{?dist} +Summary: Active Directory enrollment +License: LGPLv2+ +URL: http://cgit.freedesktop.org/realmd/adcli +Source0: http://www.freedesktop.org/software/realmd/releases/adcli-%{version}.tar.gz + +Patch1: 0001-Remove-upper-case-only-check-when-looking-for-the-Ne.patch +Patch2: 0002-Use-strdup-if-offset-are-used.patch +Patch3: 0003-correct-spelling-of-adcli_tool_computer_delete-descr.patch +Patch4: 0004-doc-explain-that-all-credential-cache-types-are-supp.patch +Patch5: 0005-library-add-adcli_conn_is_writeable.patch +Patch6: 0006-Handle-kvno-increment-for-RODCs.patch +Patch7: 0007-Fix-memory-leak-in-test_check_nt_time_string_lifetim.patch +Patch8: 0008-library-add-_adcli_bin_sid_to_str.patch +Patch9: 0009-library-add-_adcli_call_external_program.patch +Patch10: 0010-library-add-_adcli_ldap_parse_sid.patch +Patch11: 0011-library-add-lookup_domain_sid.patch +Patch12: 0012-library-add-adcli_conn_get_domain_sid.patch +Patch13: 0013-tools-add-option-add-samba-data.patch +Patch14: 0014-tools-store-Samba-data-if-requested.patch +Patch15: 0015-make-Samba-data-tool-configurable.patch +Patch16: 0016-Add-trusted-for-delegation-option.patch +Patch17: 0017-Only-update-attributes-given-on-the-command-line.patch +Patch18: 0018-update-allow-to-add-service-names.patch +Patch19: 0019-Calculate-enctypes-in-a-separate-function.patch +Patch20: 0020-join-add-all-attributes-while-creating-computer-obje.patch +Patch21: 0021-util-add-_adcli_strv_remove_unsorted.patch +Patch22: 0022-Add-add-service-principal-and-remove-service-princip.patch +Patch23: 0023-adcli_conn_is_writeable-do-not-crash-id-domain_disco.patch +Patch24: 0024-doc-fix-typos-in-the-adcli-man-page.patch + +Patch25: 0001-fix-typo-in-flag-value.patch +Patch26: 0002-_adcli_call_external_program-silence-noisy-debug-mes.patch +Patch27: 0003-Do-not-add-service-principals-twice.patch +Patch28: 0004-Do-not-depend-on-default_realm-in-krb5.conf.patch + +# rhbz#1677194 - Realm cannot join domain when hostname is not FQDN +Patch29: 0001-adutil-add-_adcli_strv_add_unique.patch +Patch30: 0002-adenroll-use-_adcli_strv_add_unique-for-service-prin.patch + +# Forward port of RHEL-7.7 ticket rhbz#1642546 - adcli exports kerberos ticket +# with old kvno +Patch31: 0001-Increment-kvno-after-password-change-with-user-creds.patch + +# Forward port of RHEL-7.7 ticket rhbz#1595911 - [RFE] Have `adcli join` work +# without FQDN in `hostname` output +Patch32: 0001-library-use-getaddrinfo-with-AI_CANONNAME-to-find-a-.patch + +# Forward port of RHEL-7.7 ticket rhbz#1644311 - Improve handling of service +# principals +Patch33: 0001-join-always-add-service-principals.patch +Patch34: 0002-library-return-error-if-no-matching-key-was-found.patch + +# Forward port of RHEL-7.7 ticket rhbz#1337489 - [RFE] adcli command with +# --unix-* options doesn't update values in UnixAttributes Tab for user +Patch35: 0001-create-user-add-nis-domain-option.patch +Patch36: 0002-create-user-try-to-find-NIS-domain-if-needed.patch + +# Forward port of RHEL-7.7 ticket rhbz#1630187 - [RFE] adcli join should +# preserve SPN added by adcli preset-computer +Patch37: 0001-ensure_keytab_principals-do-not-leak-memory-when-cal.patch +Patch38: 0002-library-make-_adcli_strv_has_ex-public.patch +Patch39: 0003-library-_adcli_krb5_build_principal-allow-principals.patch +Patch40: 0004-library-make-sure-server-side-SPNs-are-preserved.patch + +# Forward port of RHEL-7.7 ticket rhbz#1622583 - [RFE] Need an option for adcli +# command which will show domain join status. +Patch41: 0001-Implement-adcli-testjoin.patch + +# Forward port of RHEL-7.7 ticket rhbz#1630187 - [RFE] adcli join should +# preserve SPN added by adcli preset-computer - additional patch +Patch42: 0001-library-add-missing-strdup.patch + +# Forward port of RHEL-7.7 ticket rhbz#1588596 - many adcli-krb5-????? +# directories are created /tmp +Patch43: 0001-tools-remove-errx-from-computer-commands.patch +Patch44: 0002-tools-remove-errx-from-user-and-group-commands.patch +Patch45: 0003-tools-remove-errx-from-info-commands.patch +Patch46: 0004-tools-remove-errx-from-adcli_read_password_func.patch +Patch47: 0005-tools-remove-errx-from-setup_krb5_conf_directory.patch +Patch48: 0006-tools-entry-remove-errx-from-parse_option.patch +Patch49: 0007-tools-computer-remove-errx-from-parse_option.patch + +# rhbz#1717355 - `adcli join` fails in FIPS enabled environment +Patch50: 0001-Fix-for-issues-found-by-Coverity.patch +Patch51: 0001-adenroll-make-sure-only-allowed-enctypes-are-used-in.patch +Patch52: 0002-adconn-add-adcli_conn_set_krb5_context.patch +Patch53: 0003-adenroll-add-adcli_enroll_get_permitted_keytab_encty.patch +Patch54: 0004-adenroll-use-only-enctypes-permitted-by-Kerberos-con.patch + +# rhbz#1745931 - adcli update --add-samba-data does not work as expected +Patch55: 0001-doc-explain-how-to-force-password-reset.patch +Patch56: 0001-man-move-note-to-the-right-section.patch + +# rhbz#1745932 - Issue is that with arcfour-hmac as first encryption type +Patch57: 0001-Do-not-use-arcfour-hmac-md5-when-discovering-the-sal.patch + +Patch58: 0001-Fix-for-issue-found-by-Coverity.patch + +# rhbz#1737342 - [RFE] enhancement adcli to set description attribute and to +# show all AD attributes +Patch59: 0001-tools-add-show-computer-command.patch +Patch60: 0002-add-description-option-to-join-and-update.patch + +Patch61: 0001-Use-GSS-SPNEGO-if-available.patch +Patch62: 0002-add-option-use-ldaps.patch + +BuildRequires: gcc +BuildRequires: intltool pkgconfig +BuildRequires: libtool +BuildRequires: gettext-devel +BuildRequires: krb5-devel +BuildRequires: openldap-devel +BuildRequires: libxslt +BuildRequires: xmlto + +Requires: cyrus-sasl-gssapi + +# adcli no longer has a library of development files +# the adcli tool itself is to be used by callers +Obsoletes: adcli-devel < 0.5 + +%description +adcli is a tool for joining an Active Directory domain using +standard LDAP and Kerberos calls. + +%define _hardened_build 1 + +%prep +%autosetup -p1 + +%build +autoreconf --force --install --verbose +%configure --disable-static --disable-silent-rules +make %{?_smp_mflags} + +%check +make check + +%install +make install DESTDIR=%{buildroot} +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%clean + +%files +%{_sbindir}/adcli +%doc AUTHORS COPYING ChangeLog NEWS README +%doc %{_mandir}/*/* + +%package doc +Summary: adcli documentation +BuildArch: noarch + +%description doc +adcli is a tool for joining an Active Directory domain using +standard LDAP and Kerberos calls. This package contains its +documentation. + +%files doc +%doc %{_datadir}/doc/adcli/* + +%changelog +* Wed Jan 29 2020 Sumit Bose - 0.8.2-5 +- adcli should be able to Force LDAPS over 636 with AD Access Provider w.r.t + sssd [#1762420] + +* Thu Nov 28 2019 Sumit Bose - 0.8.2-4 +- adcli update --add-samba-data does not work as expected [#1745931] +- Issue is that with arcfour-hmac as first encryption type [#1745932] +- [RFE] enhancement adcli to set description attribute and to show all AD + attributes [#1737342] + +* Fri Jun 14 2019 Sumit Bose - 0.8.2-3 +- use autosetup macro to simplify patch handling +- fixed rpmlint warnings in the spec file +- join failed if hostname is not FQDN [#1677194] +- adcli join fails in FIPS enabled environment [#1717355] +- forward port of RHEL-7.7 fixes and enhancements + +* Tue Oct 09 2018 Sumit Bose - 0.8.2-2 +- Do not add service principals twice and related fixes +- Resolves: rhbz#1631734 + +* Thu Jul 05 2018 Sumit Bose - 0.8.2-1 +- Update to upstream release 0.8.2 +- various other fixes and improvements from the latest Fedora update + +* Wed Feb 07 2018 Fedora Release Engineering - 0.8.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 0.8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.8.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.8.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 0.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Dec 17 2015 Sumit Bose - 0.8.0-1 +- Update to upstream release 0.8.0 + +* Mon Oct 19 2015 Stef Walter - 0.7.6-1 +- Fix issue with keytab use with sshd +- Resolves: rhbz#1267319 +- Put documentation in a subpackage + +* Tue Jun 16 2015 Fedora Release Engineering - 0.7.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Aug 15 2014 Fedora Release Engineering - 0.7.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.7.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Jan 30 2014 Stef Walter - 0.7.5-2 +- Fix incorrect ownership of manual page directory + +* Fri Sep 13 2013 Stef Walter - 0.7.5-1 +- Update to upstream point release 0.7.5 +- Workaround for discovery via IPv6 address +- Correctly put IPv6 addresses in temporary krb5.conf + +* Mon Sep 09 2013 Stef Walter - 0.7.4-1 +- Update to upstream point release 0.7.4 +- Correctly handle truncating long host names +- Try to contact all available addresses for discovery +- Build fixes + +* Wed Aug 07 2013 Stef Walter - 0.7.3-1 +- Update to upstream point release 0.7.3 +- Don't try to set encryption types on Windows 2003 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.7.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 22 2013 Stef Walter - 0.7.2-1 +- Update to upstream point release 0.7.2 +- Part of fix for bug [#961244] + +* Mon Jul 15 2013 Stef Walter - 0.7.1-4 +- Build with verbose output logging + +* Tue Jun 11 2013 Stef Walter - 0.7.1-3 +- Run 'make check' when building the package + +* Mon May 13 2013 Stef Walter - 0.7.1-2 +- Bump version to get around botched update + +* Mon May 13 2013 Stef Walter - 0.7.1-1 +- Update to upstream 0.7.1 release +- Fix problems with salt discovery [#961399] + +* Mon May 06 2013 Stef Walter - 0.7-1 +- Work around broken krb5 with empty passwords [#960001] +- Fix memory corruption issue [#959999] +- Update to 0.7, fixing various bugs + +* Mon Apr 29 2013 Stef Walter - 0.6-1 +- Update to 0.6, fixing various bugs + +* Wed Apr 10 2013 Stef walter - 0.5-2 +- Add appropriate Obsoletes line for libadcli removal + +* Wed Apr 10 2013 Stef Walter - 0.5-1 +- Update to upstream 0.5 version +- No more libadcli, and thus no adcli-devel +- Many new adcli commands +- Documentation + +* Wed Feb 13 2013 Fedora Release Engineering - 0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Stef Walter - 0.4-1 +- Update for 0.4 version, fixing various bugs + +* Sat Oct 20 2012 Stef Walter - 0.3-1 +- Update for 0.3 version + +* Tue Sep 4 2012 Stef Walter - 0.2-1 +- Update for 0.2 version + +* Wed Aug 15 2012 Stef Walter - 0.1-1 +- Initial 0.1 package