diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec new file mode 100644 index 0000000..b2b862e --- /dev/null +++ b/SPECS/nss-pam-ldapd.spec @@ -0,0 +1,403 @@ +%global nssdir /%{_lib} +%global pamdir /%{_lib}/security + +%define _hardened_build 1 + +Name: nss-pam-ldapd +Version: 0.9.9 +Release: 3%{?dist} +Summary: An nsswitch module which uses directory servers +License: LGPLv2+ +URL: http://arthurdejong.org/nss-pam-ldapd/ +Source0: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz +Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig +Source3: nslcd.tmpfiles +Source4: nslcd.service + +# Pylint tests fail w/o certain imports and are not needed for nslcd anyway, +# plus, we don't ship the python utilities +Patch0001: 0001-Disable-pylint-tests.patch +Patch0002: 0002-Watch-for-uint32_t-overflows.patch + +BuildRequires: openldap-devel, krb5-devel +BuildRequires: autoconf, automake +BuildRequires: pam-devel +BuildRequires: systemd-units +%{?systemd_requires} + +# Pull in nscd, which is recommended. +Recommends: nscd + +Obsoletes: nss-ldapd < 0.7 +Provides: nss-ldapd = %{version}-%{release} + +# Obsolete PADL's nss_ldap +Provides: nss_ldap = 265-12 +Obsoletes: nss_ldap < 265-11 + +# Obsolete PADL's pam_ldap +Provides: pam_ldap = 185-15 +Obsoletes: pam_ldap < 185-15 + +%description +The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name +service information (users, groups, etc.) on behalf of a lightweight +nsswitch module. + +%prep +%autosetup -p1 +autoreconf -f -i + +%build +%configure --libdir=%{nssdir} \ + --disable-utils \ + --with-pam-seclib-dir=%{pamdir} +%make_build + +%check +make check + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/{%{_libdir},%{_unitdir}} +install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/ + +ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{nssdir}/libnss_ldap.so + +sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \ +$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf +touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf +mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd +mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir} +install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf + +%files +%defattr(-,root,root) +%doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO +%{_sbindir}/* +%{nssdir}/*.so* +%{pamdir}/pam_ldap.so +%{_mandir}/*/* +%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf +%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf +%{_unitdir}/nslcd.service +%attr(0775,nslcd,root) /var/run/nslcd + +%pre +getent group ldap > /dev/null || \ +/usr/sbin/groupadd -r -g 55 ldap +getent passwd nslcd > /dev/null || \ +/usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \ + -u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || : + +%post +# The usual stuff. +/sbin/ldconfig +%systemd_post nslcd.service + +%preun +%systemd_preun nslcd.service + +%postun +/sbin/ldconfig +%systemd_postun_with_restart nslcd.service + +%changelog +* Wed May 30 2018 Jakub Hrozek - 0.9.9-3 +- Also change the pemissions on tmpfiles +- Related: rhbz#1583211 - nslcd, the local LDAP daemon, fails to start + with SELinux enabled + +* Wed May 30 2018 Jakub Hrozek - 0.9.9-2 +- Apply a patch by Lukas Slebodnik to allow root to write to the + /var/run/nslcd directory +- Resolves: rhbz#1583211 - nslcd, the local LDAP daemon, fails to start + with SELinux enabled + +* Sun Apr 1 2018 Jakub Hrozek - 0.9.9-1 +- Upgrade to the latest upstream + - Disable the python utilities + - Don't bother with failing pylint test as we don't ship the python + utilities +- Drop unused validname and exitcode patches, port strtoid overflow + patch + +* Sat Mar 31 2018 Jakub Hrozek - 0.8.14-12 +- Get rid of all conditions that are always true for both EPEL-7 and Fedora + as it's quite unlikely we'd use this specfile on EPEL-6 +- Remove the sysvinit script and all the scriptlets around it +- Unconditionally use systemd scriptlet macros and systemd_requires +- Unconditionally build the PAM module as the PADL module is long dead +- Remove the auto-migration of settings from nss_ldap as it's been + long gone from Fedora +- Don't check /etc/sysconfig/authconfig as authconfig is on its way + out from Fedora +- Use only spaces, not tabs, to stop my editor from looking like a + Christmas tree +- Remove the obsolete Group stanza +- Make nscd Recommended, not Required + +* Thu Feb 08 2018 Fedora Release Engineering - 0.8.14-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 0.8.14-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.8.14-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Feb 8 2017 Jakub Hrozek 0.8.14-8 +- Apply a patch from Stanislav Moravec to fix nslcd return code + +* Tue Mar 29 2016 Nalin Dahyabhai 0.8.14-7 +- move the packaged tmpfiles.d file from /etc/tmpfiles.d to %%{_tmpfilesdir}, + per heads-up from Ville Skyttä on devel@ + +* Thu Feb 04 2016 Fedora Release Engineering - 0.8.14-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.8.14-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 0.8.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.8.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 07 2014 Nalin Dahyabhai 0.8.14-2 +- where we check for USELDAP=yes in /etc/sysconfig/authconfig as an indication + of nss_ldap being in use, to decide whether to enable the nslcd service or + not, also check for USELDAPAUTH=yes, which indicates pam_ldap is being used + +* Sat Oct 05 2013 Jakub Hrozek 0.8.14-1 +- New upstream release 0.8.14 +- Remove upstreamed patches + +* Sat Oct 05 2013 Jakub Hrozek 0.8.13-4 +- Backport fixes for #1003011 + +* Sat Oct 05 2013 Jakub Hrozek 0.8.13-3 +- Build with _hardened_build macro + +* Sat Aug 03 2013 Fedora Release Engineering - 0.8.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon May 6 2013 Nalin Dahyabhai 0.8.13-1 +- update to 0.8.13 +- correct a syntax error in the fix that was added for #832706 + +* Tue Apr 30 2013 Nalin Dahyabhai 0.8.12-4 +- in %%post, attempt to rewrite any instances of "map group uniqueMember ..." + to be "map group member ..." in nslcd.conf, as the attribute name changed + in 0.8.4 (via freeipa ticket #3589) + +* Thu Feb 14 2013 Fedora Release Engineering - 0.8.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jan 18 2013 Nalin Dahyabhai 0.8.12-2 +- drop local patch to make the client flush some more read buffers + +* Fri Jan 18 2013 Nalin Dahyabhai 0.8.12-1 +- update to 0.8.12 (#846793) +- make building pam_ldap conditional on the targeted release +- add "After=named.service dirsrv.target slapd.service" to nslcd.service, + to make sure that nslcd is started after them if they're to be started + on the local system (#832706) +- alter the versioned Obsoletes: on pam_ldap to include the F18 package +- use %%{_unitdir} when deciding where to put systemd configuration, based + on patch from Václav Pavlín (#850232) +- use new systemd macros for scriptlet hooks, when available, based on + patch from Václav Pavlín (#850232) + +* Sun Sep 09 2012 Jakub Hrozek 0.7.17-1 +- new upstream release 0.7.17 + +* Sun Aug 05 2012 Jakub Hrozek - 0.7.16-5 +- Obsolete PADL's nss_ldap + +* Sat Aug 04 2012 Jakub Hrozek - 0.7.16-4 +- Build the PAM module, obsoletes PADL's pam-ldap (#856006) + +* Fri Jul 20 2012 Fedora Release Engineering - 0.7.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon May 14 2012 Jakub Hrozek 0.7.16-2 +- backport upstream revision r1659 related to broken pipe when + requesting a large group +- use grep -E instead of egrep to avoid rpmlint warnings + +* Sat Apr 28 2012 Jakub Hrozek 0.7.16-1 +- new upstream release 0.7.16 + +* Thu Mar 15 2012 Jakub Hrozek 0.7.15-2 +- Do not print "Broken Pipe" error message when requesting a large group + +* Fri Mar 9 2012 Jakub Hrozek 0.7.15-1 +- new upstream release 0.7.15 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.7.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Dec 16 2011 Jakub Hrozek 0.7.14-2 +- Do not overflow large UID/GID values on 32bit architectures + +* Mon Nov 28 2011 Nalin Dahyabhai +- use the same conditional test for deciding when to create the .so symlink as + we do later on for deciding when to include it in the package (#757004) + +* Fri Sep 23 2011 Jakub Hrozek 0.7.14-1 +- new upstream release 0.7.14 +- obsoletes nss-pam-ldapd-0.7.x-buffers.patch + +* Wed Aug 24 2011 Nalin Dahyabhai 0.7.13-8 +- include backported enhancement to take URIs in the form "dns:DOMAIN" in + addition to the already-implemented "dns" (#730309) + +* Thu Jul 14 2011 Nalin Dahyabhai 0.7.13-7 +- switch to only munging the contents of /etc/nslcd.conf on the very first + install (#706454) +- make sure that we have enough space to parse any valid GID value when + parsing a user's primary GID (#716822) +- backport support for the "validnames" option from SVN and use it to allow + parentheses characters by modifying the default setting (#690870), then + modify the default again to also allow shorter and shorter names to pass + muster (#706860) + +* Wed Jul 13 2011 Nalin Dahyabhai 0.7.13-6 +- convert to systemd-native startup (#716997) + +* Mon Jun 13 2011 Nalin Dahyabhai 0.7.13-5 +- change the file path Requires: we have for pam_ldap into a package name + Requires: (#601931) + +* Wed Mar 30 2011 Nalin Dahyabhai 0.7.13-4 +- tag nslcd.conf with %%verify(not md5 size mtime), since we always tweak + it in %%post (#692225) + +* Tue Mar 1 2011 Nalin Dahyabhai 0.7.13-3 +- add a tmpfiles configuration to ensure that /var/run/nslcd is created when + /var/run is completely empty at boot (#656643) + +* Tue Feb 08 2011 Fedora Release Engineering - 0.7.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Dec 13 2010 Nalin Dahyabhai 0.7.13-1 +- update to 0.7.13 + +* Fri Oct 29 2010 Nalin Dahyabhai 0.7.12-1 +- update to 0.7.12 + +* Fri Oct 15 2010 Nalin Dahyabhai 0.7.11-1 +- update to 0.7.11 + +* Wed Sep 29 2010 jkeating - 0.7.10-2 +- Rebuilt for gcc bug 634757 + +* Fri Sep 24 2010 Nalin Dahyabhai 0.7.10-1 +- update to 0.7.10 + +* Thu Sep 23 2010 Nalin Dahyabhai 0.7.9-2 +- when creating /var/run/nslcd in the buildroot, specify that 0755 is a + permissions value and not another directory name (#636880) + +* Mon Aug 30 2010 Nalin Dahyabhai 0.7.9-1 +- update to 0.7.9 + +* Wed Aug 18 2010 Nalin Dahyabhai 0.7.8-1 +- update to 0.7.8 + +* Wed Jul 7 2010 Nalin Dahyabhai 0.7.7-1 +- update to 0.7.7 + +* Mon Jun 28 2010 Nalin Dahyabhai 0.7.6-3 +- don't accidentally set multiple 'gid' settings in nslcd.conf, and try to + clean up after older versions of this package that did (#608314) + +* Thu May 27 2010 Nalin Dahyabhai 0.7.6-2 +- make inclusion of the .so symlink conditional on being on a sufficiently- + new Fedora where pam_ldap isn't part of the nss_ldap package, so having + this package conflict with nss_ldap doesn't require that pam_ldap be + removed (#596691) + +* Thu May 27 2010 Nalin Dahyabhai 0.7.6-1 +- update to 0.7.6 + +* Mon May 17 2010 Nalin Dahyabhai 0.7.5-3 +- switch to the upstream patch for #592411 + +* Fri May 14 2010 Nalin Dahyabhai 0.7.5-2 +- don't return an uninitialized buffer as the value for an optional attribute + that isn't present in the directory server entry (#592411) + +* Fri May 14 2010 Nalin Dahyabhai 0.7.5-1 +- update to 0.7.5 + +* Fri May 14 2010 Nalin Dahyabhai 0.7.4-1 +- update to 0.7.4 +- stop trying to migrate retry timeout parameters from old ldap.conf files +- add an explicit requires: on nscd to make sure it's at least available on + systems that are using nss-pam-ldapd; otherwise it's usually optional + +* Tue Mar 23 2010 Nalin Dahyabhai 0.7.3-1 +- update to 0.7.3 + +* Thu Feb 25 2010 Nalin Dahyabhai 0.7.2-2 +- bump release for post-review commit + +* Thu Feb 25 2010 Nalin Dahyabhai 0.7.2-1 +- add comments about why we have a .so link at all, and not a -devel subpackage + +* Wed Jan 13 2010 Nalin Dahyabhai +- obsolete/provides nss-ldapd +- import configuration from nss-ldapd.conf, too + +* Tue Jan 12 2010 Nalin Dahyabhai +- rename to nss-pam-ldapd +- also check for import settings in /etc/nss_ldap.conf and /etc/pam_ldap.conf + +* Thu Sep 24 2009 Nalin Dahyabhai 0.6.11-2 +- rebuild + +* Wed Sep 16 2009 Nalin Dahyabhai +- apply Mitchell Berger's patch to clean up the init script, use %%{_initddir}, + and correct the %%post so that it only thinks about turning on nslcd when + we're first being installed (#522947) +- tell status() where the pidfile is when the init script is called for that + +* Tue Sep 8 2009 Nalin Dahyabhai +- fix typo in a comment, capitalize the full name for "LDAP Client User" (more + from #516049) + +* Wed Sep 2 2009 Nalin Dahyabhai 0.6.11-1 +- update to 0.6.11 + +* Sat Jul 25 2009 Fedora Release Engineering - 0.6.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jun 18 2009 Nalin Dahyabhai 0.6.10-3 +- update URL: and Source: + +* Mon Jun 15 2009 Nalin Dahyabhai 0.6.10-2 +- add and own /var/run/nslcd +- convert hosts to uri during migration + +* Thu Jun 11 2009 Nalin Dahyabhai 0.6.10-1 +- update to 0.6.10 + +* Fri Apr 17 2009 Nalin Dahyabhai 0.6.8-1 +- bump release number to 1 (part of #491767) +- fix which group we check for during %%pre (part of #491767) + +* Tue Mar 24 2009 Nalin Dahyabhai +- require chkconfig by package rather than path (Jussi Lehtola, part of #491767) + +* Mon Mar 23 2009 Nalin Dahyabhai 0.6.8-0.1 +- update to 0.6.8 + +* Mon Mar 23 2009 Nalin Dahyabhai 0.6.7-0.1 +- start using a dedicated user + +* Wed Mar 18 2009 Nalin Dahyabhai 0.6.7-0.0 +- initial package (#445965)