sssd-io/contrib/sssd.spec.in

	sssd.spec.in revision b6840554b4eeda395f5460a56df2eac1f3f97397
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//')
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if 0%{?rhel} && 0%{?rhel} <= 6
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%{!?__python2: %global __python2 /usr/bin/python2}
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce# Fedora and RHEL 6+
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce# we don't want to provide private python extension libs
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%define __provides_exclude_from %{python2_sitearch}/.*\.so$
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?fedora} || 0%{?rhel} >= 7)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global use_systemd 1
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?use_systemd} == 1)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global with_initscript --with-initscript=systemd --with-systemdunitdir=%{_unitdir}
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global with_syslog --with-syslog=journald
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%else
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global with_initscript --with-initscript=sysv
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%global enable_experimental 1
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?enable_experimental} == 1)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global experimental --enable-all-experimental-features
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce# Determine the location of the LDB modules directory
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?fedora} || 0%{?rhel} >= 7)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%define _hardened_build 1
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?fedora} || 0%{?rhel} >= 7)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global with_cifs_utils_plugin 1
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%else
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?fedora} >= 21 || (0%{?rhel} == 7 &&  0%{?rhel7_minor} >= 1))
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    %global with_krb5_localauth_plugin 1
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceName: @PACKAGE_NAME@
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceVersion: @PACKAGE_VERSION@
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceRelease: 0@PRERELEASE_VERSION@%{?dist}
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceGroup: Applications/System
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceSummary: System Security Services Daemon
edaadf8de0c86a2cfff2d29215775d42919476f3Pavel BřezinaLicense: GPLv3+
edaadf8de0c86a2cfff2d29215775d42919476f3Pavel BřezinaURL: http://fedorahosted.org/sssd/
4ebab24f65b54720a6672898b76185462015ababPavel BřezinaSource0: %{name}-%{version}.tar.gz
75d66aea7accc842e68c88f085f9053112b20eccPavel BřezinaBuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
c1058e96679c7ed1372825bf5226ce7d28a8e6ffPavel Březina
dee7a89098b698e756f63e4041734d7322ad8b1ePavel Březina### Patches ###
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce### Dependencies ###
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce
c6872e79e8496fd075e20aec0343ade99cca725cSimo SorceRequires: sssd-common = %{version}-%{release}
7c69221077c780e62f6c536e78675f2dc1c131bcMichal ZidekRequires: sssd-ldap = %{version}-%{release}
22a21e910fd216ec1468fe769dcc29f1621a52a4Ondrej KosRequires: sssd-krb5 = %{version}-%{release}
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo SorceRequires: sssd-ipa = %{version}-%{release}
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo SorceRequires: sssd-common-pac = %{version}-%{release}
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo SorceRequires: sssd-ad = %{version}-%{release}
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo SorceRequires: sssd-proxy = %{version}-%{release}
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo SorceRequires: python-sssdconfig = %{version}-%{release}
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce%global servicename sssd
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce%global sssdstatedir %{_localstatedir}/lib/sss
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce%global dbpath %{sssdstatedir}/db
c9b0071bfcb8eb8c71e40248de46d23aceecc0f3Pavel Reichl%global pipepath %{sssdstatedir}/pipes
c9b0071bfcb8eb8c71e40248de46d23aceecc0f3Pavel Reichl%global mcpath %{sssdstatedir}/mc
c9b0071bfcb8eb8c71e40248de46d23aceecc0f3Pavel Reichl%global pubconfpath %{sssdstatedir}/pubconf
dfd71fc92db940b2892cc996911cec03d7b6c52bSimo Sorce%global gpocachepath %{sssdstatedir}/gpo_cache
f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina
f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina### Build Dependencies ###
e5f455afbc2d149527bfd08f4e89903a3a8da17aPavel Březina
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub HrozekBuildRequires: autoconf
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub HrozekBuildRequires: automake
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub HrozekBuildRequires: libtool
7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub HrozekBuildRequires: m4
dcc6877aa2e2dd63a9dc9c411a9c58feaeb36b9aStephen GallagherBuildRequires: popt-devel
bc30ce9b7d588a17e58012e699986f0d6898b791Pavel BřezinaBuildRequires: libtalloc-devel
b5ee224324b0158641d9b110f81d2bc6eddddc13Pavel ReichlBuildRequires: libtevent-devel
2a96981a0ac781d01e5bba473409ed2bdf4cd4e0Jakub HrozekBuildRequires: libtdb-devel
e81deec535d11912b87954c81a1edd768c1386c9Jakub HrozekBuildRequires: libldb-devel
4dd38025efda88f123eac672f87d3cda12f050c8Jakub HrozekBuildRequires: libdhash-devel >= 0.4.2
4dd38025efda88f123eac672f87d3cda12f050c8Jakub HrozekBuildRequires: libcollection-devel
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub HrozekBuildRequires: libini_config-devel >= 1.1
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub HrozekBuildRequires: dbus-devel
10a28f461c25d788ff4dcffefa881e7aa724a25dPavel BřezinaBuildRequires: dbus-libs
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir ElleyBuildRequires: openldap-devel
1319e71fd1680ca4864afe0b1aca2b8c8e4a1ee4Stef WalterBuildRequires: pam-devel
0c1d65998907930678da2d091789446f2c344d5dJakub HrozekBuildRequires: nss-devel
a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2Jakub HrozekBuildRequires: nspr-devel
f3a25949de81f80c136bb073e4a8f504b080c20cJakub HrozekBuildRequires: pcre-devel
8394eddba54b5d3e3fda868145e3751247bdbdb2Michal ZidekBuildRequires: libxslt
5a5c5cdeb92f4012fc75fd717bfea06598f68f12Pavel ReichlBuildRequires: libxml2
804df4040eb142f82a44c019c7a55b5ce524583cMichal ZidekBuildRequires: docbook-style-xsl
1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek%if (0%{?with_krb5_localauth_plugin} == 1)
1243e093fd31c5660adf1bb3dd477d6935a755beJakub HrozekBuildRequires: krb5-devel >= 1.12
82a958e6592c4a4078e45b7197bbe4751b70f511Pavel Reichl%else
979e8d8d6ed444007eeff6be5269e8dc5d2bdf68Pavel ReichlBuildRequires: krb5-devel
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek%endif
64ea4127f463798410a2c20e0261c6b15f60257fJakub HrozekBuildRequires: c-ares-devel
64ea4127f463798410a2c20e0261c6b15f60257fJakub HrozekBuildRequires: python-devel
a8d887323f83984679a7d9b827a70146656bb7b2Sumit BoseBuildRequires: check-devel
b42bf6c0c01db08208fb81d8295a2909d307284aPavel ReichlBuildRequires: doxygen
9118a539a5d59f669f551114f880fe91d6bb8741Jakub HrozekBuildRequires: libselinux-devel
b5825c74b6bf7a99ae2172392dbecb51179013a6Jakub HrozekBuildRequires: libsemanage-devel
19e44537c28f6d5f011cd7ac885c74c1e892605fSimo SorceBuildRequires: bind-utils
5f7cd30c865046a7ea69944f7e07c85b4c43465aSumit BoseBuildRequires: keyutils-libs-devel
c30b7a1931211fdcae0564551a7625cc4f6dee9fJakub HrozekBuildRequires: gettext-devel
e732d23f3ec986a463d757781a334040e03d1f59Jakub HrozekBuildRequires: pkgconfig
e732d23f3ec986a463d757781a334040e03d1f59Jakub HrozekBuildRequires: findutils
dd285415d7a8d8376207960cfa3e977524c3b98cJakub HrozekBuildRequires: glib2-devel
dd285415d7a8d8376207960cfa3e977524c3b98cJakub HrozekBuildRequires: selinux-policy-targeted
beec1ee5799570f34a51ea57674c7291c15f7022Jakub Hrozek%if 0%{?fedora}
fcbcfa69f9291936f01f24b5fcb5a7672dca46f3Jakub HrozekBuildRequires: libcmocka-devel
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?fedora} >= 20)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: uid_wrapper
0c16d2eefbc6ac8331078a4cdcecfee817a71bc6Simo SorceBuildRequires: nss_wrapper
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: libnl3-devel
7650ded4ffa87fcf7ce5adf00920fecf89cffcf5Michal Zidek%if (0%{?use_systemd} == 1)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: systemd-devel
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?with_cifs_utils_plugin} == 1)
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: cifs-utils-devel
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%if (0%{?fedora} || (0%{?rhel} >= 7))
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: libnfsidmap-devel
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%else
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: nfs-utils-lib-devel
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%endif
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: samba4-devel
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceBuildRequires: libsmbclient-devel
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce%description
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo SorceProvides a set of daemons to manage access to remote directories and
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorceauthentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

The sssd subpackage is a meta-package that contains the deamon as well as all
the existing back ends.

%package common
Summary: Common files for the SSSD
Group: Applications/System
License: GPLv3+
Requires: libldb >= 0.9.3
Requires: libtdb >= 1.1.3
Requires: sssd-client%{?_isa} = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
Conflicts: sssd < %{version}-%{release}
%if (0%{?use_systemd} == 1)
Requires(post): systemd-units systemd-sysv
Requires(preun): systemd-units
Requires(postun): systemd-units
%else
Requires(post): initscripts chkconfig
Requires(preun):  initscripts chkconfig
Requires(postun): initscripts chkconfig
%endif

### Provides ###
Provides: libsss_sudo = %{version}-%{release}
Obsoletes: libsss_sudo <= 1.9.93
Provides: libsss_sudo-devel = %{version}-%{release}
Obsoletes: libsss_sudo-devel <= 1.9.93
Provides: libsss_autofs = %{version}-%{release}
Obsoletes: libsss_autofs <= 1.9.93

%description common
Common files for the SSSD. The common package includes all the files needed
to run a particular back end, however, the back ends are packaged in separate
subpackages such as sssd-ldap.

%package client
Summary: SSSD Client libraries for NSS and PAM
Group: Applications/System
License: LGPLv3+
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig

%description client
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
service.

%package tools
Summary: Userspace tools for use with the SSSD
Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
# required by sss_obfuscate
Requires: python-sss = %{version}-%{release}
Requires: python-sssdconfig = %{version}-%{release}

%description tools
Provides userspace tools for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.

Also provides several other administrative tools:
    * sss_debuglevel to change the debug level on the fly
    * sss_seed which pre-creates a user entry for use in kickstarts
    * sss_obfuscate for generating an obfuscated LDAP password

%package -n python-sssdconfig
Summary: SSSD and IPA configuration file manipulation classes and functions
Group: Applications/System
License: GPLv3+
BuildArch: noarch

%description -n python-sssdconfig
Provides python files for manipulation SSSD and IPA configuration files.

%package -n python-sss
Summary: Python bindings for sssd
Group: Development/Libraries
License: LGPLv3+
Requires: sssd-common = %{version}-%{release}

%description -n python-sss
Provides python module for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.

Also provides several other useful python bindings:
    * function for retrieving list of groups user belongs to.
    * class for obfuscation of passwords

%package -n python-sss-murmur
Summary: Python bindings for murmur hash function
Group: Development/Libraries
License: LGPLv3+

%description -n python-sss-murmur
Provides python module for calculating the murmur hash version 3

%package ldap
Summary: The LDAP back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}

%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch identity data
from and authenticate against an LDAP server.

%package krb5-common
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
Group: Applications/System
License: GPLv3+
Conflicts: sssd < %{version}-%{release}
Requires: cyrus-sasl-gssapi
Requires: sssd-common = %{version}-%{release}

%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can use for
Kerberos user or host authentication.

%package krb5
Summary: The Kerberos authentication back end for the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}

%description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.

%package common-pac
Summary: Common files needed for supporting PAC processing
Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}

%description common-pac
Provides common files needed by SSSD providers such as IPA and Active Directory
for handling Kerberos PACs.

%package ipa
Summary: The IPA back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libipa_hbac = %{version}-%{release}
Requires: bind-utils
Requires: sssd-common-pac = %{version}-%{release}

%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity data
from and authenticate against an IPA server.

%package ad
Summary: The AD back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: bind-utils
Requires: sssd-common-pac = %{version}-%{release}

%description ad
Provides the Active Directory back end that the SSSD can utilize to fetch
identity data from and authenticate against an Active Directory server.

%package proxy
Summary: The proxy back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}

%description proxy
Provides the proxy back end which can be used to wrap an existing NSS and/or
PAM modules to leverage SSSD caching.

%package -n libsss_idmap
Summary: FreeIPA Idmap library
Group: Development/Libraries
License: LGPLv3+
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig

%description -n libsss_idmap
Utility library to convert SIDs to Unix uids and gids

%package -n libsss_idmap-devel
Summary: FreeIPA Idmap library
Group: Development/Libraries
License: LGPLv3+
Requires: libsss_idmap = %{version}-%{release}

%description -n libsss_idmap-devel
Utility library to SIDs to Unix uids and gids

%package -n libipa_hbac
Summary: FreeIPA HBAC Evaluator library
Group: Development/Libraries
License: LGPLv3+
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig

%description -n libipa_hbac
Utility library to validate FreeIPA HBAC rules for authorization requests

%package -n libipa_hbac-devel
Summary: FreeIPA HBAC Evaluator library
Group: Development/Libraries
License: LGPLv3+
Requires: libipa_hbac = %{version}-%{release}

%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization requests

%package -n python-libipa_hbac
Summary: Python bindings for the FreeIPA HBAC Evaluator library
Group: Development/Libraries
License: LGPLv3+
Requires: libipa_hbac = %{version}-%{release}
Provides: libipa_hbac-python = %{version}-%{release}
Obsoletes: libipa_hbac-python < 1.12.90

%description -n python-libipa_hbac
The python-libipa_hbac contains the bindings so that libipa_hbac can be
used by Python applications.

%package -n libsss_nss_idmap
Summary: Library for SID based lookups
Group: Development/Libraries
License: LGPLv3+
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig

%description -n libsss_nss_idmap
Utility library for SID based lookups

%package -n libsss_nss_idmap-devel
Summary: Library for SID based lookups
Group: Development/Libraries
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}

%description -n libsss_nss_idmap-devel
Utility library for SID based lookups

%package -n python-libsss_nss_idmap
Summary: Python bindings for libsss_nss_idmap
Group: Development/Libraries
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
Provides: libsss_nss_idmap-python = %{version}-%{release}
Obsoletes: libsss_nss_idmap-python < 1.12.90

%description -n python-libsss_nss_idmap
The python-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
be used by Python applications.

%package dbus
Summary: The D-Bus responder of the SSSD
Group: Applications/System
License: GPLv3+
BuildRequires: augeas-devel
Requires: sssd-common = %{version}-%{release}

%description dbus
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
the information from the SSSD to be transmitted over the system bus.

%package -n libsss_simpleifp
Summary: The SSSD D-Bus responder helper library
Group: Development/Libraries
License: GPLv3+
Requires: dbus-libs
Requires: sssd-dbus = %{version}-%{release}
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig

%description -n libsss_simpleifp
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.

%package -n libsss_simpleifp-devel
Summary: The SSSD D-Bus responder helper library
Group: Development/Libraries
License: GPLv3+
Requires: dbus-devel
Requires: libsss_simpleifp = %{version}-%{release}

%description -n libsss_simpleifp-devel
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.

%package libwbclient
Summary: The SSSD libwbclient implementation
Group: Applications/System
License: GPLv3+ and LGPLv3+

%description libwbclient
The SSSD libwbclient implementation.

%package libwbclient-devel
Summary: Development libraries for the SSSD libwbclient implementation
Group:  Development/Libraries
License: GPLv3+ and LGPLv3+

%description libwbclient-devel
Development libraries for the SSSD libwbclient implementation.

%prep
%setup -q -n %{name}-%{version}

%build

# RHEL 5 uses an old libtool, so we need to force it to reconfigure
# This is safe to do on newer packages too, as it will just
# gather the appropriate m4 files from the libtool package
for i in libtool.m4  lt~obsolete.m4  ltoptions.m4  ltsugar.m4  ltversion.m4
do
    find . -name $i -exec rm -f {} \;
done

autoreconf -ivf

%configure \
    --with-test-dir=/dev/shm \
    --with-db-path=%{dbpath} \
    --with-mcache-path=%{mcpath} \
    --with-pipe-path=%{pipepath} \
    --with-pubconf-path=%{pubconfpath} \
    --with-gpo-cache-path=%{gpocachepath} \
    --with-init-dir=%{_initrddir} \
    --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
    --enable-nsslibdir=/%{_lib} \
    --enable-pammoddir=/%{_lib}/security \
    --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
    --disable-static \
    --disable-rpath \
    %{?with_ccache} \
    %{with_initscript} \
    %{?with_syslog} \
    %{?with_cifs_utils_plugin_option} \
    %{?experimental}

make %{?_smp_mflags} all

make %{?_smp_mflags} docs

%check
export CK_TIMEOUT_MULTIPLIER=10
make %{?_smp_mflags} check VERBOSE=yes
unset CK_TIMEOUT_MULTIPLIER

%install
rm -rf $RPM_BUILD_ROOT

make install DESTDIR=$RPM_BUILD_ROOT

# Prepare language files
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd

# Prepare empty config file (needed for RHEL 5)
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
touch $RPM_BUILD_ROOT/%{_sysconfdir}/sssd/sssd.conf

# Copy default logrotate file
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd

# Make sure SSSD is able to run on read-only root
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd

# Remove .la files created by libtool
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;

# Suppress developer-only documentation
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}

# Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd*.lang file
for file in `ls $RPM_BUILD_ROOT/%{python2_sitelib}/*.egg-info 2> /dev/null`
do
    echo %{python2_sitelib}/`basename $file` >> python2_sssdconfig.lang
done

touch sssd.lang
touch sssd_tools.lang
touch sssd_client.lang
for provider in ldap krb5 ipa ad proxy
do
    touch sssd_$provider.lang
done

for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
do
    lang=`echo $man | cut -c 1-2`
    case `basename $man` in
        sss_cache*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
            ;;
        sss_*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
            ;;
        sssd_krb5_*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
            ;;
        pam_sss*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
            ;;
        sssd-ldap*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
            ;;
        sssd-krb5*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
            ;;
        sssd-ipa*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
            ;;
        sssd-ad*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
            ;;
        sssd-proxy*)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
            ;;
        *)
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
            ;;
    esac
done

# Old versions of rpmbuild require ghost files to be present in the buildroot
mkdir -p $RPM_BUILD_ROOT/%{mcpath}
touch $RPM_BUILD_ROOT/%{mcpath}/passwd
touch $RPM_BUILD_ROOT/%{mcpath}/group

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root,-)
%doc COPYING

%files common -f sssd.lang
%defattr(-,root,root,-)
%doc COPYING
%doc src/examples/sssd-example.conf
%{_sbindir}/sssd
%if (0%{?use_systemd} == 1)
%{_unitdir}/sssd.service
%else
%{_initrddir}/%{name}
%endif

%dir %{_libexecdir}/%{servicename}
%{_libexecdir}/%{servicename}/sssd_be
%{_libexecdir}/%{servicename}/sssd_nss
%{_libexecdir}/%{servicename}/sssd_pam

%{_libexecdir}/%{servicename}/sssd_autofs
%{_libexecdir}/%{servicename}/sssd_ssh
%{_libexecdir}/%{servicename}/sssd_sudo

%dir %{_libdir}/%{name}
%{_libdir}/%{name}/libsss_simple.so

#Internal shared libraries
%{_libdir}/%{name}/libsss_child.so
%{_libdir}/%{name}/libsss_crypt.so
%{_libdir}/%{name}/libsss_debug.so
%{_libdir}/%{name}/libsss_ldap_common.so
%{_libdir}/%{name}/libsss_util.so
%{_libdir}/%{name}/libsss_semanage.so

# 3rd party application libraries
%{_libdir}/sssd/modules/libsss_autofs.so
%{_libdir}/libsss_sudo.so
%{_libdir}/libnfsidmap/sss.so

%{ldb_modulesdir}/memberof.so
%{_bindir}/sss_ssh_authorizedkeys
%{_bindir}/sss_ssh_knownhostsproxy
%{_sbindir}/sss_cache
%{_libexecdir}/%{servicename}/sss_signal

%dir %{sssdstatedir}
%dir %{_localstatedir}/cache/krb5rcache
%attr(700,sssd,sssd) %dir %{dbpath}
%attr(755,sssd,sssd) %dir %{mcpath}
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
%attr(755,sssd,sssd) %dir %{pipepath}
%attr(755,sssd,sssd) %dir %{pubconfpath}
%attr(755,sssd,sssd) %dir %{gpocachepath}
%attr(700,sssd,sssd) %dir %{pipepath}/private
%attr(750,sssd,sssd) %dir %{_var}/log/%{name}
%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd
%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%if (0%{?use_systemd} == 1)
%attr(755,root,root) %dir %{_sysconfdir}/systemd/system/sssd.service.d
%config(noreplace) %{_sysconfdir}/systemd/system/sssd.service.d/journal.conf
%endif
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
%dir %{_datadir}/sssd
%{_datadir}/sssd/sssd.api.conf
%{_datadir}/sssd/sssd.api.d
%{_mandir}/man5/sssd.conf.5*
%{_mandir}/man5/sssd-simple.5*
%{_mandir}/man5/sssd-sudo.5*
%{_mandir}/man5/sss_rpcidmapd.5*
%{_mandir}/man8/sssd.8*
%{_mandir}/man8/sss_cache.8*
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*

%files ldap -f sssd_ldap.lang
%defattr(-,root,root,-)
%doc COPYING
%{_libdir}/%{name}/libsss_ldap.so
%{_mandir}/man5/sssd-ldap.5*

%files krb5-common
%defattr(-,root,root,-)
%doc COPYING
%{_libdir}/%{name}/libsss_krb5_common.so
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child

%files krb5 -f sssd_krb5.lang
%defattr(-,root,root,-)
%doc COPYING
%{_libdir}/%{name}/libsss_krb5.so
%{_mandir}/man5/sssd-krb5.5*

%files common-pac
%defattr(-,root,root,-)
%doc COPYING
%{_libexecdir}/%{servicename}/sssd_pac


%files ipa -f sssd_ipa.lang
%defattr(-,root,root,-)
%doc COPYING
%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
%{_libdir}/%{name}/libsss_ipa.so
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child
%{_mandir}/man5/sssd-ipa.5*

%files ad -f sssd_ad.lang
%defattr(-,root,root,-)
%doc COPYING
%{_libdir}/%{name}/libsss_ad.so
%{_libdir}/%{name}/libsss_ad_common.so
%{_libexecdir}/%{servicename}/gpo_child
%{_mandir}/man5/sssd-ad.5*

%files proxy
%defattr(-,root,root,-)
%doc COPYING
%{_libexecdir}/%{servicename}/proxy_child
%{_libdir}/%{name}/libsss_proxy.so

%files dbus
%defattr(-,root,root,-)
%doc COPYING
%{_libexecdir}/%{servicename}/sssd_ifp
%{_mandir}/man5/sssd-ifp.5*
# InfoPipe DBus plumbing
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
%{_libdir}/%{name}/libsss_config.so

%files -n libsss_simpleifp
%defattr(-,root,root,-)
%{_libdir}/libsss_simpleifp.so.*

%files -n libsss_simpleifp-devel
%defattr(-,root,root,-)
%doc sss_simpleifp_doc/html
%{_includedir}/sss_sifp.h
%{_includedir}/sss_sifp_dbus.h
%{_libdir}/libsss_simpleifp.so
%{_libdir}/pkgconfig/sss_simpleifp.pc

%files client -f sssd_client.lang
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
/%{_lib}/libnss_sss.so.2
/%{_lib}/security/pam_sss.so
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
%if (0%{?with_cifs_utils_plugin} == 1)
%{_libdir}/cifs-utils/cifs_idmap_sss.so
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
%endif
%if (0%{?with_krb5_localauth_plugin} == 1)
%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
%endif
%{_mandir}/man8/pam_sss.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*

%files tools -f sssd_tools.lang
%defattr(-,root,root,-)
%doc COPYING
%{_sbindir}/sss_useradd
%{_sbindir}/sss_userdel
%{_sbindir}/sss_usermod
%{_sbindir}/sss_groupadd
%{_sbindir}/sss_groupdel
%{_sbindir}/sss_groupmod
%{_sbindir}/sss_groupshow
%{_sbindir}/sss_obfuscate
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
%{_mandir}/man8/sss_groupshow.8*
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_debuglevel.8*
%{_mandir}/man8/sss_seed.8*

%files -n python-sssdconfig -f python2_sssdconfig.lang
%defattr(-,root,root,-)
%dir %{python2_sitelib}/SSSDConfig
%{python2_sitelib}/SSSDConfig/*.py*

%files -n python-sss
%defattr(-,root,root,-)
%{python2_sitearch}/pysss.so
%{python2_sitearch}/_py2sss.so

%files -n python-sss-murmur
%defattr(-,root,root,-)
%{python2_sitearch}/pysss_murmur.so
%{python2_sitearch}/_py2sss_murmur.so

%files -n libsss_idmap
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_idmap.so.*

%files -n libsss_idmap-devel
%defattr(-,root,root,-)
%doc idmap_doc/html
%{_includedir}/sss_idmap.h
%{_libdir}/libsss_idmap.so
%{_libdir}/pkgconfig/sss_idmap.pc

%files -n libipa_hbac
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libipa_hbac.so.*

%files -n libipa_hbac-devel
%defattr(-,root,root,-)
%doc hbac_doc/html
%{_includedir}/ipa_hbac.h
%{_libdir}/libipa_hbac.so
%{_libdir}/pkgconfig/ipa_hbac.pc

%files -n libsss_nss_idmap
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_nss_idmap.so.*

%files -n libsss_nss_idmap-devel
%defattr(-,root,root,-)
%doc nss_idmap_doc/html
%{_includedir}/sss_nss_idmap.h
%{_libdir}/libsss_nss_idmap.so
%{_libdir}/pkgconfig/sss_nss_idmap.pc

%files -n python-libsss_nss_idmap
%defattr(-,root,root,-)
%{python2_sitearch}/pysss_nss_idmap.so
%{python2_sitearch}/_py2sss_nss_idmap.so

%files -n python-libipa_hbac
%defattr(-,root,root,-)
%{python2_sitearch}/pyhbac.so
%{python2_sitearch}/_py2hbac.so

%files libwbclient
%defattr(-,root,root,-)
%{_libdir}/%{name}/modules/libwbclient.so.*

%files libwbclient-devel
%defattr(-,root,root,-)
%{_includedir}/wbclient_sssd.h
%{_libdir}/%{name}/modules/libwbclient.so
%{_libdir}/pkgconfig/wbclient_sssd.pc

%pre common
getent group sssd >/dev/null || groupadd -r sssd
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd

%if (0%{?use_systemd} == 1)
# systemd
%post common
if [ $1 -eq 1 ] ; then
    # Initial installation
    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
fi

%preun common
if [ $1 -eq 0 ] ; then
    # Package removal, not upgrade
    /bin/systemctl --no-reload disable sssd.service > /dev/null 2>&1 || :
    /bin/systemctl stop sssd.service > /dev/null 2>&1 || :
fi

%postun common
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
    # Package upgrade, not uninstall
    /bin/systemctl try-restart sssd.service >/dev/null 2>&1 || :
fi

%else
# sysv
%post common
/sbin/chkconfig --add %{servicename}

%posttrans
/sbin/service %{servicename} condrestart 2>&1 > /dev/null

%preun common
if [ $1 = 0 ]; then
    /sbin/service %{servicename} stop 2>&1 > /dev/null
    /sbin/chkconfig --del %{servicename}
fi
%endif

%if (0%{?with_cifs_utils_plugin} == 1)
%post client
/sbin/ldconfig
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20

%preun client
if [ $1 -eq 0 ]; then
        /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
fi
%else
%post client -p /sbin/ldconfig
%endif

%postun client -p /sbin/ldconfig

%post -n libipa_hbac -p /sbin/ldconfig

%postun -n libipa_hbac -p /sbin/ldconfig

%post -n libsss_idmap -p /sbin/ldconfig

%postun -n libsss_idmap -p /sbin/ldconfig

%post -n libsss_nss_idmap -p /sbin/ldconfig

%postun -n libsss_nss_idmap -p /sbin/ldconfig

%changelog
* Mon Mar 15 2010 Stephen Gallagher <sgallagh@redhat.com> - @PACKAGE_VERSION@-0@PRERELEASE_VERSION@
- Automated build of the SSSD