%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release |%{__sed} -s 's/7.//')

# we don't want to provide private python extension libs

%define __provides_exclude_from %{python_sitearch}/.*\.so$|%{_libdir}/%{name}/modules/libwbclient.so.*$

%define _hardened_build 1

%if (0%{?fedora} >= 17 || 0%{?rhel} >= 7)

    %global with_cifs_utils_plugin 1

%else

    %global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin

%endif

# Determine the location of the LDB modules directory

%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)

%global ldb_version 1.1.17

%global with_krb5_localauth_plugin 1

%global libwbc_alternatives_suffix %nil

%if 0%{?__isa_bits} == 64

%global libwbc_alternatives_suffix -64

%endif

Name: sssd

Version: 1.13.0

Release: 40%{?dist}

Group: Applications/System

Summary: System Security Services Daemon

License: GPLv3+

URL: http://fedorahosted.org/sssd/

Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz

Source1: cert9.db

Source2: key4.db

BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)

### Patches ###

Patch0001:  0001-test-common-sss_dp_get_account_recv-fix-assignment.patch

Patch0002:  0002-tests-Move-N_ELEMENTS-definition-to-tests-common.h.patch

Patch0003:  0003-SYSDB-Add-functions-to-look-up-multiple-entries-incl.patch

Patch0004:  0004-DP-Add-DP_WILDCARD-and-SSS_DP_WILDCARD_USER-SSS_DP_W.patch

Patch0005:  0005-cache_req-Extend-cache_req-with-wildcard-lookups.patch

Patch0006:  0006-UTIL-Add-sss_filter_sanitize_ex.patch

Patch0007:  0007-LDAP-Fetch-users-and-groups-using-wildcards.patch

Patch0008:  0008-LDAP-Add-sdap_get_and_parse_generic_send.patch

Patch0009:  0009-LDAP-Use-sdap_get_and_parse_generic_-_recv.patch

Patch0010:  0010-LDAP-Add-sdap_lookup_type-enum.patch

Patch0011:  0011-LDAP-Add-the-wildcard_limit-option.patch

Patch0012:  0012-IFP-Add-wildcard-requests.patch

Patch0013:  0013-KRB5-Return-right-data-provider-error-code.patch

Patch0014:  0014-nss_check_name_of_well_known_sid-improve-name-splitt.patch

Patch0015:  0015-DYNDNS-sss_iface_addr_list_get-return-ENOENT.patch

Patch0016:  0016-DYNDNS-support-mult.-interfaces-for-dyndns_iface-opt.patch

Patch0017:  0017-DYNDNS-special-value-for-dyndns_iface-option.patch

Patch0018:  0018-TESTS-dyndns-tests-support-AAAA-addresses.patch

Patch0019:  0019-DYNDNS-support-for-dualstack.patch

Patch0020:  0020-VIEWS-TEST-add-null-check.patch

Patch0021:  0021-SYSDB-prepare-for-LOCAL-view.patch

Patch0022:  0022-TOOLS-add-common-command-framework.patch

Patch0023:  0023-TOOLS-add-sss_override-for-local-overrides.patch

Patch0024:  0024-IPA-Better-debugging.patch

Patch0025:  0025-UTIL-Lower-debug-level-in-perform_checks.patch

Patch0026:  0026-IPA-Handle-sssd-owned-keytabs-when-running-as-root.patch

Patch0027:  0027-TESTS-fix-compiler-warnings.patch

Patch0028:  0028-intg-Invalidate-memory-cache-before-removing-files.patch

Patch0029:  0029-krb5-do-not-send-SSS_OTP-if-two-factors-were-used.patch

Patch0030:  0030-utils-add-NSS-version-of-cert-utils.patch

Patch0031:  0031-Add-NSS-version-of-p11_child.patch

Patch0032:  0032-pack_message_v3-allow-empty-name.patch

Patch0033:  0033-authok-add-support-for-Smart-Card-related-authtokens.patch

Patch0034:  0034-PAM-add-certificate-support-to-PAM-pre-auth-NOTEST.patch

Patch0035:  0035-pam_sss-add-sc-support.patch

Patch0036:  0036-ssh-generate-public-keys-from-certificate.patch

Patch0037:  0037-IPA-Remove-MPG-groups-if-getgrgid-was-called-before-.patch

Patch0038:  0038-mmap_cache-Rename-variables.patch

Patch0039:  0039-mmap_cache-Override-functions-for-initgr-mmap-cache.patch

Patch0040:  0040-mmap-Invalidate-initgroups-memory-cache-after-any-ch.patch

Patch0041:  0041-sss_client-Update-integrity-check-of-records-in-mmap.patch

Patch0042:  0042-intg_test-Add-module-for-simulation-of-utility-id.patch

Patch0043:  0043-intg_test-Add-integration-test-for-memory-cache.patch

Patch0044:  0044-NSS-Initgr-memory-cache-should-work-with-fq-names.patch

Patch0045:  0045-test_memory_cache-Add-test-for-initgroups-mc-with-fq.patch

Patch0046:  0046-test_memory_cache-Test-mmap-cache-after-initgroups.patch

Patch0047:  0047-test_memory_cache-Test-invalidation-with-sss_cache.patch

Patch0048:  0048-krb5-utils-add-sss_krb5_realm_has_proxy.patch

Patch0049:  0049-krb5-do-not-create-kdcinfo-file-if-proxy-configurati.patch

Patch0050:  0050-krb5-assume-online-state-if-KDC-proxy-is-configured.patch

Patch0051:  0051-sss_cache-Wait-a-while-for-invalidation-of-mc-by-nss.patch

Patch0052:  0052-IFP-use-default-limit-if-provided-is-0.patch

Patch0053:  0053-sudo-use-higher-value-wins-when-ordering-rules.patch

Patch0054:  0054-LDAP-use-ldb_binary_encode-when-printing-attribute-v.patch

Patch0055:  0055-IPA-Change-the-default-of-ldap_user_certificate-to-u.patch

Patch0056:  0056-UTIL-Provide-a-common-interface-to-safely-create-tem.patch

Patch0057:  0057-IPA-Always-re-fetch-the-keytab-from-the-IPA-server.patch

Patch0058:  0058-p11child-set-restrictive-umask-and-clear-environment.patch

Patch0059:  0059-pam-Incerease-p11-child-timeout.patch

Patch0060:  0060-SYSDB-Index-the-objectSIDString-attribute.patch

Patch0061:  0061-sss_override-print-input-name-if-unable-to-parse-it.patch

Patch0062:  0062-sss_override-support-domains-that-require-fqname.patch

Patch0063:  0063-TOOLS-add-sss_colondb-API.patch

Patch0064:  0064-sss_override-decompose-code-better.patch

Patch0065:  0065-sss_override-support-import-and-export.patch

Patch0066:  0066-NSS-Fix-use-after-free.patch

Patch0067:  0067-sss_override-document-debug-options.patch

Patch0068:  0068-NSS-Don-t-ignore-backslash-in-usernames-with-ldap-pr.patch

Patch0069:  0069-GPO-fix-memory-leak.patch

Patch0070:  0070-sss_override-support-fqn-in-override-name.patch

Patch0071:  0071-views-do-not-require-overrideDN-in-grous-when-LOCAL-.patch

Patch0072:  0072-views-fix-two-typos-in-debug-messages.patch

Patch0073:  0073-views-allow-ghost-members-for-LOCAL-view.patch

Patch0074:  0074-UTIL-Convert-domain-disabled-into-tri-state-with-dom.patch

Patch0075:  0075-DP-Provide-a-way-to-mark-subdomain-as-disabled-and-a.patch

Patch0076:  0076-SDAP-Do-not-set-is_offline-if-ignore_mark_offline-is.patch

Patch0077:  0077-AD-Only-ignore-errors-from-SDAP-lookups-if-there-s-a.patch

Patch0078:  0078-KRB5-Offline-operation-with-disabled-domain.patch

Patch0079:  0079-AD-Do-not-mark-the-whole-back-end-as-offline-if-subd.patch

Patch0080:  0080-AD-Set-ignore_mark_offline-false-when-resolving-AD-r.patch

Patch0081:  0081-IPA-Do-not-allow-the-AD-lookup-code-to-set-backend-a.patch

Patch0082:  0082-sss_override-remove-d-from-manpage.patch

Patch0083:  0083-LDAP-imposing-sizelimit-1-for-single-entry-searches-.patch

Patch0084:  0084-DYNDNS-Add-a-new-option-dyndns_server.patch

Patch0085:  0085-DYNDNS-Don-t-use-server-cmd-in-nsupdate-by-default.patch

Patch0086:  0086-DYNDNS-remove-redundant-talloc_steal.patch

Patch0087:  0087-DYNDNS-remove-zone-command.patch

Patch0088:  0088-DYNDNS-rename-field-of-sdap_dyndns_update_state.patch

Patch0089:  0089-DYNDNS-remove-code-duplication.patch

Patch0090:  0090-DDNS-execute-nsupdate-for-single-update-of-PTR-rec.patch

Patch0091:  0091-DYNDNS-Return-right-error-code-in-case-of-failure.patch

Patch0092:  0092-IPA-Change-ipa_server_trust_add_send-request-to-be-r.patch

Patch0093:  0093-DEBUG-Add-new-debug-category-for-fail-over.patch

Patch0094:  0094-FO-Add-an-API-to-reset-all-servers-in-a-single-servi.patch

Patch0095:  0095-FO-Also-reset-the-server-common-data-in-addition-to-.patch

Patch0096:  0096-IPA-Retry-fetching-keytab-if-IPA-user-lookup-fails.patch

Patch0097:  0097-AD-inicialize-root_domain_attrs-field.patch

Patch0098:  0098-PAM-only-allow-missing-user-name-for-certificate-aut.patch

Patch0099:  0099-Fix-memory-leak-in-sssdpac_verify.patch

Patch0100:  0100-AD-Provide-common-connection-list-construction-funct.patch

Patch0101:  0101-AD-Consolidate-connection-list-construction-on-ad_co.patch

Patch0102:  0102-nss-send-original-name-and-id-with-local-views-if-po.patch

Patch0103:  0103-sudo-search-with-view-even-if-user-is-found.patch

Patch0104:  0104-sudo-send-original-name-and-id-with-local-views-if-p.patch

#This patch should not be removed in RHEL-7

Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec

### Dependencies ###

Requires: sssd-common = %{version}-%{release}

Requires: sssd-ldap = %{version}-%{release}

Requires: sssd-krb5 = %{version}-%{release}

Requires: sssd-ipa = %{version}-%{release}

Requires: sssd-common-pac = %{version}-%{release}

Requires: sssd-ad = %{version}-%{release}

Requires: sssd-proxy = %{version}-%{release}

Requires: python-sssdconfig = %{version}-%{release}

%global servicename sssd

%global sssdstatedir %{_localstatedir}/lib/sss

%global dbpath %{sssdstatedir}/db

%global keytabdir %{sssdstatedir}/keytabs

%global pipepath %{sssdstatedir}/pipes

%global mcpath %{sssdstatedir}/mc

%global pubconfpath %{sssdstatedir}/pubconf

%global gpocachepath %{sssdstatedir}/gpo_cache

### Build Dependencies ###

BuildRequires: autoconf

BuildRequires: automake

BuildRequires: libtool

BuildRequires: m4

BuildRequires: popt-devel

BuildRequires: libtalloc-devel

BuildRequires: libtevent-devel

BuildRequires: libtdb-devel

# LDB needs a strict version match to build

BuildRequires: libldb-devel >= %{ldb_version}

BuildRequires: libdhash-devel >= 0.4.2

BuildRequires: libcollection-devel

BuildRequires: libini_config-devel >= 1.1.0-24

BuildRequires: dbus-devel

BuildRequires: dbus-libs

BuildRequires: openldap-devel

BuildRequires: pam-devel

BuildRequires: nss-devel

BuildRequires: openssl-devel

BuildRequires: nspr-devel

BuildRequires: pcre-devel

BuildRequires: libxslt

BuildRequires: libxml2

BuildRequires: docbook-style-xsl

%if (0%{?with_krb5_localauth_plugin} == 1)

BuildRequires: krb5-devel >= 1.12

%else

BuildRequires: krb5-devel

%endif

BuildRequires: c-ares-devel

BuildRequires: python-devel

BuildRequires: check-devel

BuildRequires: doxygen

BuildRequires: libselinux-devel

BuildRequires: libsemanage-devel

BuildRequires: bind-utils

BuildRequires: keyutils-libs-devel

BuildRequires: libnl3-devel

BuildRequires: gettext-devel

BuildRequires: pkgconfig

BuildRequires: glib2-devel

BuildRequires: diffstat

BuildRequires: findutils

BuildRequires: samba4-devel >= 4.0.0-59beta2

BuildRequires: selinux-policy-targeted

BuildRequires: systemd-devel

BuildRequires: libsmbclient-devel

%if (0%{?with_cifs_utils_plugin} == 1)

BuildRequires: cifs-utils-devel

%endif

BuildRequires: libnfsidmap-devel

%description

Provides a set of daemons to manage access to remote directories and

authentication mechanisms. It provides an NSS and PAM interface toward

the system and a pluggable backend system to connect to multiple different

account sources. It is also the basis to provide client auditing and policy

services for projects like FreeIPA.

The sssd subpackage is a meta-package that contains the deamon as well as all

the existing back ends.

%package common

Summary: Common files for the SSSD

Group: Applications/System

License: GPLv3+

# Conflicts

Conflicts: selinux-policy < 3.10.0-46

Conflicts: sssd < 1.10.0-8%{?dist}.beta2

# Requires

# LDB needs a strict version match to run

# This protects against

# "sssd[XXX]: ldb: module version mismatch in src/ldb_modules/memberof.c"

Requires: libldb%{?_isa} >= %{ldb_version}

Requires: libtdb%{?_isa} >= 1.1.3

Requires: sssd-client%{?_isa} = %{version}-%{release}

Requires: libsss_idmap%{?_isa} = %{version}-%{release}

Requires: libini_config >= 1.1.0-24

Requires(post): systemd-units chkconfig

Requires(preun): systemd-units chkconfig

Requires(postun): systemd-units chkconfig

Requires(pre): shadow-utils

### Provides ###

Provides: libsss_sudo = %{version}-%{release}

Obsoletes: libsss_sudo <= 1.10.0-7%{?dist}.beta1

Provides: libsss_sudo-devel = %{version}-%{release}

Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1

Provides: libsss_autofs = %{version}-%{release}

Obsoletes: libsss_autofs <= 1.10.0-7%{?dist}.beta1

%description common

Common files for the SSSD. The common package includes all the files needed

to run a particular back end, however, the back ends are packaged in separate

subpackages such as sssd-ldap.

%package client

Summary: SSSD Client libraries for NSS and PAM

Group: Applications/System

License: LGPLv3+

Requires(post): /sbin/ldconfig

Requires(postun): /sbin/ldconfig

Requires(post):  /usr/sbin/alternatives

Requires(preun): /usr/sbin/alternatives

%description client

Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD

service.

%package tools

Summary: Userspace tools for use with the SSSD

Group: Applications/System

License: GPLv3+

Requires: sssd-common = %{version}-%{release}

Requires: python-sss = %{version}-%{release}

Requires: python-sssdconfig = %{version}-%{release}

%description tools

Provides userspace tools for manipulating users, groups, and nested groups in

SSSD when using id_provider = local in /etc/sssd/sssd.conf.

Also provides several other administrative tools:

    * sss_debuglevel to change the debug level on the fly

    * sss_seed which pre-creates a user entry for use in kickstarts

    * sss_obfuscate for generating an obfuscated LDAP password

%package -n python-sssdconfig

Summary: SSSD and IPA configuration file manipulation classes and functions

Group: Applications/System

License: GPLv3+

BuildArch: noarch

%description -n python-sssdconfig

Provides python files for manipulation SSSD and IPA configuration files.

%package -n python-sss

Summary: Python2 bindings for sssd

Group: Development/Libraries

License: LGPLv3+

Requires: sssd-common = %{version}-%{release}

%description -n python-sss

Provides python2 module for manipulating users, groups, and nested groups in

SSSD when using id_provider = local in /etc/sssd/sssd.conf.

Also provides several other useful python2 bindings:

    * function for retrieving list of groups user belongs to.

    * class for obfuscation of passwords

%package -n python-sss-murmur

Summary: Python2 bindings for murmur hash function

Group: Development/Libraries

License: LGPLv3+

%description -n python-sss-murmur

Provides python2 module for calculating the murmur hash version 3

%package ldap

Summary: The LDAP back end of the SSSD

Group: Applications/System

License: GPLv3+

Conflicts: sssd < 1.10.0-8.beta2

Requires: sssd-common = %{version}-%{release}

Requires: sssd-krb5-common = %{version}-%{release}

%description ldap

Provides the LDAP back end that the SSSD can utilize to fetch identity data

from and authenticate against an LDAP server.

%package krb5-common

Summary: SSSD helpers needed for Kerberos and GSSAPI authentication

Group: Applications/System

License: GPLv3+

Conflicts: sssd < 1.10.0-8.beta2

Requires: cyrus-sasl-gssapi%{?_isa}

Requires: sssd-common = %{version}-%{release}

Requires(pre): shadow-utils

%description krb5-common

Provides helper processes that the LDAP and Kerberos back ends can use for

Kerberos user or host authentication.

%package krb5

Summary: The Kerberos authentication back end for the SSSD

Group: Applications/System

License: GPLv3+

Conflicts: sssd < 1.10.0-8.beta2

Requires: sssd-common = %{version}-%{release}

Requires: sssd-krb5-common = %{version}-%{release}

%description krb5

Provides the Kerberos back end that the SSSD can utilize authenticate

against a Kerberos server.

# RHEL 5 is too old to support the PAC responder

%if !0%{?is_rhel5}

%package common-pac

Summary: Common files needed for supporting PAC processing

Group: Applications/System

License: GPLv3+

Requires: sssd-common = %{version}-%{release}

%description common-pac

Provides common files needed by SSSD providers such as IPA and Active Directory

for handling Kerberos PACs.

%endif #is_rhel5

%package ipa

Summary: The IPA back end of the SSSD

Group: Applications/System

License: GPLv3+

Conflicts: sssd < 1.10.0-8.beta2

Requires: sssd-common = %{version}-%{release}

Requires: sssd-krb5-common = %{version}-%{release}

Requires: libipa_hbac%{?_isa} = %{version}-%{release}

Requires: bind-utils

Requires: sssd-common-pac = %{version}-%{release}

Requires(pre): shadow-utils

%description ipa

Provides the IPA back end that the SSSD can utilize to fetch identity data

from and authenticate against an IPA server.

%package ad

Summary: The AD back end of the SSSD

Group: Applications/System

License: GPLv3+

Conflicts: sssd < 1.10.0-8.beta2

Requires: sssd-common = %{version}-%{release}

Requires: sssd-krb5-common = %{version}-%{release}

Requires: bind-utils

Requires: sssd-common-pac = %{version}-%{release}

# In order for libwbclient to be upgraded before sssd-ad and sets up the

# alternatives symlink

Requires: libwbclient >= 4.2.3-1

%description ad

Provides the Active Directory back end that the SSSD can utilize to fetch

identity data from and authenticate against an Active Directory server.

%package proxy

Summary: The proxy back end of the SSSD

Group: Applications/System

License: GPLv3+

Conflicts: sssd < 1.10.0-8.beta2

Requires: sssd-common = %{version}-%{release}

%description proxy

Provides the proxy back end which can be used to wrap an existing NSS and/or

PAM modules to leverage SSSD caching.

%package -n libsss_idmap

Summary: FreeIPA Idmap library

Group: Development/Libraries

License: LGPLv3+

Requires(post): /sbin/ldconfig

Requires(postun): /sbin/ldconfig

%description -n libsss_idmap

Utility library to convert SIDs to Unix uids and gids

%package -n libsss_idmap-devel

Summary: FreeIPA Idmap library

Group: Development/Libraries

License: LGPLv3+

Requires: libsss_idmap = %{version}-%{release}

%description -n libsss_idmap-devel

Utility library to SIDs to Unix uids and gids

%package -n libipa_hbac

Summary: FreeIPA HBAC Evaluator library

Group: Development/Libraries

License: LGPLv3+

Requires(post): /sbin/ldconfig

Requires(postun): /sbin/ldconfig

%description -n libipa_hbac

Utility library to validate FreeIPA HBAC rules for authorization requests

%package -n libipa_hbac-devel

Summary: FreeIPA HBAC Evaluator library

Group: Development/Libraries

License: LGPLv3+

Requires: libipa_hbac = %{version}-%{release}

%description -n libipa_hbac-devel

Utility library to validate FreeIPA HBAC rules for authorization requests

%package -n python-libipa_hbac

Summary: Python bindings for the FreeIPA HBAC Evaluator library

Group: Development/Libraries

License: LGPLv3+

Requires: libipa_hbac = %{version}-%{release}

Provides: libipa_hbac-python = %{version}-%{release}

Obsoletes: libipa_hbac-python < 1.12.90

%description -n python-libipa_hbac

The python-libipa_hbac contains the bindings so that libipa_hbac can be

used by Python applications.

%package -n libsss_nss_idmap

Summary: Library for SID based lookups

Group: Development/Libraries

License: LGPLv3+

Requires(post): /sbin/ldconfig

Requires(postun): /sbin/ldconfig

%description -n libsss_nss_idmap

Utility library for SID based lookups

%package -n libsss_nss_idmap-devel

Summary: Library for SID based lookups

Group: Development/Libraries

License: LGPLv3+

Requires: libsss_nss_idmap = %{version}-%{release}

%description -n libsss_nss_idmap-devel

Utility library for SID based lookups

%package -n python-libsss_nss_idmap

Summary: Python bindings for libsss_nss_idmap

Group: Development/Libraries

License: LGPLv3+

Requires: libsss_nss_idmap = %{version}-%{release}

Provides: libsss_nss_idmap-python = %{version}-%{release}

Obsoletes: libsss_nss_idmap-python < 1.12.90

%description -n python-libsss_nss_idmap

The python-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can

be used by Python applications.

%package dbus

Summary: The D-Bus responder of the SSSD

Group: Applications/System

License: GPLv3+

BuildRequires: augeas-devel

Requires: sssd-common = %{version}-%{release}

%description dbus

Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows

the information from the SSSD to be transmitted over the system bus.

%package -n libsss_simpleifp

Summary: The SSSD D-Bus responder helper library

Group: Development/Libraries

License: GPLv3+

Requires: dbus-libs

Requires: sssd-dbus = %{version}-%{release}

Requires(post): /sbin/ldconfig

Requires(postun): /sbin/ldconfig

%description -n libsss_simpleifp

Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.

%package -n libsss_simpleifp-devel

Summary: The SSSD D-Bus responder helper library

Group: Development/Libraries

License: GPLv3+

Requires: dbus-devel

Requires: libsss_simpleifp = %{version}-%{release}

%description -n libsss_simpleifp-devel

Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.

%package libwbclient

Summary: The SSSD libwbclient implementation

Group: Applications/System

License: GPLv3+ and LGPLv3+

Conflicts: libwbclient < 4.1.12

%description libwbclient

The SSSD libwbclient implementation.

%package libwbclient-devel

Summary: Development libraries for the SSSD libwbclient implementation

Group:  Development/Libraries

License: GPLv3+ and LGPLv3+

Conflicts: libwbclient-devel < 4.1.12

%description libwbclient-devel

Development libraries for the SSSD libwbclient implementation.

%prep

# Update timestamps on the files touched by a patch, to avoid non-equal

# .pyc/.pyo files across the multilib peers within a build, where "Level"

# is the patch prefix option (e.g. -p1)

# Taken from specfile for python-simplejson

UpdateTimestamps() {

  Level=$1

  PatchFile=$2

  # Locate the affected files:

  for f in $(diffstat $Level -l $PatchFile); do

    # Set the files to have the same timestamp as that of the patch:

    touch -r $PatchFile $f

  done

}

%setup -q

for p in %patches ; do

    %__patch -p1 -i $p

    UpdateTimestamps -p1 $p

done

# patch(1) doesn't handle binary files we need for tests. Package them

# as additional sources and add to the source tree

mkdir src/tests/cmocka/p11_nssdb/

cp %{SOURCE1} src/tests/cmocka/p11_nssdb/

cp %{SOURCE2} src/tests/cmocka/p11_nssdb/

%build

autoreconf -ivf

%configure \

    --with-db-path=%{dbpath} \

    --with-pipe-path=%{pipepath} \

    --with-pubconf-path=%{pubconfpath} \

    --with-mcache-path=%{mcpath} \

    --with-gpo-cache-path=%{gpocachepath} \

    --with-init-dir=%{_initrddir} \

    --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \

    --enable-nsslibdir=%{_libdir} \

    --enable-pammoddir=%{_libdir}/security \

    --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \

    --disable-static \

    --disable-rpath \

    --with-sssd-user=sssd \

    --with-test-dir=/dev/shm \

    --with-initscript=systemd \

    --with-syslog=journald \

    --with-test-dir=/dev/shm \

    --enable-sss-default-nss-plugin \

    %{?with_cifs_utils_plugin_option} \

    --without-python3-bindings \

    --with-ad-gpo-default=permissive

make %{?_smp_mflags} all docs

%check

export CK_TIMEOUT_MULTIPLIER=10

make %{?_smp_mflags} check VERBOSE=yes

unset CK_TIMEOUT_MULTIPLIER

%install

rm -rf $RPM_BUILD_ROOT

make install DESTDIR=$RPM_BUILD_ROOT

# Prepare language files

/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd

# Prepare empty config file

mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd

touch $RPM_BUILD_ROOT/%{_sysconfdir}/sssd/sssd.conf

# Copy default logrotate file

mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d

install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd

# Make sure SSSD is able to run on read-only root

mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d

install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd

# Replace sysv init script with systemd unit file

rm -f $RPM_BUILD_ROOT/%{_initrddir}/%{name}

mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/

cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/

# Remove .la files created by libtool

find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;

# Suppress developer-only documentation

rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}

# Older versions of rpmbuild can only handle one -f option

# So we need to append to the sssd*.lang file

for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`

do

    echo %{python_sitelib}/`basename $file` >> python_sssdconfig.lang

done

touch sssd_tools.lang

touch sssd_client.lang

for provider in ldap krb5 ipa ad proxy

do

    touch sssd_$provider.lang

done

for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`

do

    lang=`echo $man | cut -c 1-2`

    case `basename $man` in

        sss_cache*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang

            ;;

        sss_*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang

            ;;

        sssd_krb5_*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang

            ;;

        pam_sss*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang

            ;;

        sssd-ldap*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang

            ;;

        sssd-krb5*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang

            ;;

        sssd-ipa*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang

            ;;

        sssd-ad*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang

            ;;

        sssd-proxy*)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang

            ;;

        *)

            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang

            ;;

    esac

done

# Print these to the rpmbuild log

echo "sssd.lang:"

cat sssd.lang

echo "sssd_client.lang:"

cat sssd_client.lang

echo "sssd_tools.lang:"

cat sssd_tools.lang

for provider in ldap krb5 ipa ad proxy

do

    echo "sssd_$provider.lang:"

    cat sssd_$provider.lang

done

%clean

rm -rf $RPM_BUILD_ROOT

%files

%defattr(-,root,root,-)

%doc COPYING