okelet

RPM Spec for nss-pam-ldapd 0.8.12

Nov 29th, 2012
281
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Name:       nss-pam-ldapd
  2. Version:    0.8.12
  3. Release:    %{?dist}.sacyl1
  4. Summary:    An nsswitch module which uses directory servers
  5. Group:      System Environment/Base
  6. License:    LGPLv2+
  7. URL:        http://arthurdejong.org/nss-pam-ldapd/
  8. Source0:    http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
  9. Source1:    nslcd.init
  10. BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
  11. BuildRequires:  openldap-devel, krb5-devel
  12. BuildRequires:  autoconf, automake
  13. Obsoletes:  nss-ldapd < 0.7
  14. Provides:   nss-ldapd = %{version}-%{release}
  15.  
  16. # Pull in the pam_ldap module, which is currently bundled with nss_ldap, to
  17. # keep upgrades from removing the module.  We currently disable nss-pam-ldapd's
  18. # own pam_ldap.so until it's more mature.
  19. Requires:   /%{_lib}/security/pam_ldap.so
  20. # Pull in nscd, which is recommended.
  21. Requires:   nscd
  22. Requires(post):     /sbin/ldconfig, chkconfig, grep, sed
  23. Requires(preun):    chkconfig, initscripts
  24. Requires(postun):   /sbin/ldconfig, initscripts
  25.  
  26. %description
  27. The nss-pam-ldapd daemon, nslcd, uses a directory server to look up name
  28. service information (users, groups, etc.) on behalf of a lightweight
  29. nsswitch module.
  30.  
  31. %prep
  32. %setup -q
  33. autoreconf -f -i
  34.  
  35. %build
  36. %configure --libdir=/%{_lib} --disable-pam
  37. make %{?_smp_mflags}
  38.  
  39. %check
  40. make check
  41.  
  42. %install
  43. rm -rf $RPM_BUILD_ROOT
  44. make install DESTDIR=$RPM_BUILD_ROOT
  45. mkdir -p $RPM_BUILD_ROOT/{%{_initddir},%{_libdir}}
  46. install -p -m755 %{SOURCE2} $RPM_BUILD_ROOT/%{_initddir}/nslcd
  47. # Follow glibc's convention and provide a .so symlink so that people who know
  48. # what to expect can link directly with the module.
  49. if test %{_libdir} != /%{_lib} ; then
  50.     touch $RPM_BUILD_ROOT/rootfile
  51.     relroot=..
  52.     while ! test -r $RPM_BUILD_ROOT/%{_libdir}/$relroot/rootfile ; do
  53.         relroot=../$relroot
  54.     done
  55.     ln -s $relroot/%{_lib}/libnss_ldap.so.2 \
  56.         $RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so
  57.     rm $RPM_BUILD_ROOT/rootfile
  58. fi
  59. cat >> $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf << EOF
  60. uid nslcd
  61. gid ldap
  62. EOF
  63. touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
  64. mkdir -p 0755 $RPM_BUILD_ROOT/var/run/nslcd
  65.  
  66. %clean
  67. rm -rf $RPM_BUILD_ROOT
  68.  
  69. %files
  70. %defattr(-,root,root)
  71. %doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO
  72. %{_sbindir}/*
  73. /%{_lib}/*.so.*
  74. %{_mandir}/*/*
  75. %attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf
  76. %attr(0755,root,root) %{_initddir}/nslcd
  77. %attr(0755,nslcd,root) /var/run/nslcd
  78. # This would be the only thing in the -devel subpackage, so we include it.
  79. /%{_libdir}/*.so
  80.  
  81. %pre
  82. getent group  ldap  > /dev/null || \
  83. /usr/sbin/groupadd -r -g 55 ldap
  84. getent passwd nslcd > /dev/null || \
  85. /usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \
  86.     -u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || :
  87.  
  88. %post
  89. # The usual stuff.
  90. /sbin/chkconfig --add nslcd
  91. /sbin/ldconfig
  92. # Import important non-default settings from nss_ldap or pam_ldap configuration
  93. # files, but only the first time this package is installed.
  94. comment="This comment prevents repeated auto-migration of settings."
  95. target=/etc/nslcd.conf
  96. if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
  97.         touch /var/run/nss-pam-ldapd.migrate
  98. fi
  99. # If this is the first time we're being installed, and the system is already
  100. # configured to use LDAP as a naming service, enable the daemon, but don't
  101. # start it since we can never know if that's a safe thing to do.  If this
  102. # is an upgrade, leave the user's runlevel selections alone.
  103. if [ "$1" -eq "1" ]; then
  104.     if egrep -q '^USELDAP=yes$' /etc/sysconfig/authconfig 2> /dev/null ; then
  105.         /sbin/chkconfig nslcd on
  106.     fi
  107. fi
  108. exit 0
  109.  
  110. %preun
  111. if [ "$1" -eq "0" ]; then
  112.     /sbin/service nslcd stop >/dev/null 2>&1
  113.     /sbin/chkconfig --del nslcd
  114. fi
  115. exit 0
  116.  
  117. %postun
  118. /sbin/ldconfig
  119. if [ "$1" -ge "1" ]; then
  120.     /etc/rc.d/init.d/nslcd condrestart >/dev/null 2>&1
  121. fi
  122. exit 0
  123.  
  124. %posttrans
  125. target=/etc/nslcd.conf
  126. comment="This comment prevents repeated auto-migration of settings."
  127.  
  128. if test -f /var/run/nss-pam-ldapd.migrate; then
  129.     rm -f /var/run/nss-pam-ldapd.migrate
  130.  
  131.     if test -s /etc/nss-ldapd.conf ; then
  132.             source=/etc/nss-ldapd.conf
  133.     elif test -s /etc/nss_ldap.conf ; then
  134.             source=/etc/nss_ldap.conf
  135.     elif test -s /etc/pam_ldap.conf ; then
  136.             source=/etc/pam_ldap.conf
  137.     else
  138.             source=/etc/ldap.conf
  139.     fi
  140.  
  141.     # Try to make sure we only do this the first time.
  142.     echo "# $comment" >> $target
  143.     if egrep -q '^uri[[:blank:]]' $source 2> /dev/null ; then
  144.             # Comment out the packaged default host/uri and replace it...
  145.             sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
  146.             # ... with the uri.
  147.             egrep '^uri[[:blank:]]' $source >> $target
  148.     elif egrep -q '^host[[:blank:]]' $source 2> /dev/null ; then
  149.             # Comment out the packaged default host/uri and replace it...
  150.             sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
  151.             # ... with the "host" reformatted as a URI.
  152.             scheme=ldap
  153.             # check for 'ssl on', which means we want to use ldaps://
  154.             if egrep -q '^ssl[[:blank:]]+on$' $source 2> /dev/null ; then
  155.                     scheme=ldaps
  156.             fi
  157.             egrep '^host[[:blank:]]' $source |\
  158.             sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target
  159.     fi
  160.     # Base doesn't require any special logic.
  161.     if egrep -q '^base[[:blank:]]' $source 2> /dev/null ; then
  162.             # Comment out the packaged default base and replace it.
  163.             sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
  164.             egrep '^base[[:blank:]]' $source >> $target
  165.     fi
  166.     # Pull in these settings, if they're set, directly.
  167.     egrep '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target || :
  168.     egrep '^(tls_)' $source 2> /dev/null >> $target || :
  169.     egrep '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target || :
  170. fi
  171.  
  172. %changelog
  173. * Wed Nov  21 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.5-15.2
  174. - Resolve the error message when requesting a large group (#864365)
  175.  
  176. * Thu Mar  15 2012 Jakub Hrozek <jhrozek@redhat.com> 0.7.5-15.1
  177. - Silence error messages when requesting a large group (#864365)
  178.  
  179. * Tue Dec  20 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.5-15
  180. - Do not check connection before adding a new search (#769289)
  181.  
  182. * Tue Oct  18 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.5-14
  183. - run the config file upgrade in %posttrans to avoid problems on multilib
  184.   (#706454)
  185. - convert UID to long long on all arches to catch negative values (#741362)
  186.  
  187. * Tue Oct  18 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.5-13
  188. - punt on negative UID/GID (#741362)
  189.  
  190. * Tue Oct  4 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.5-12
  191. - patch the nslcd.conf manual page with the "dns:DOMAIN" syntax info (#730309)
  192.  
  193. * Tue Oct  4 2011 Jakub Hrozek <jhrozek@redhat.com> 0.7.5-11
  194. - do not overflow big UID values, use explicit base when converting UIDs
  195.   and GIDs to integer types (#741362)
  196.  
  197. * Mon Sep 12 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-10
  198. - update the validnames changes to the self-tests so that their expectations
  199.   match the modified defaults (#737496)
  200.  
  201. * Wed Aug 24 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-9
  202. - include backported enhancement to take URIs in the form "dns:DOMAIN" in
  203.   addition to the already-implemented "dns" (#730309)
  204.  
  205. * Thu Jul 14 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-8
  206. - switch to only munging the contents of /etc/nslcd.conf on the very first
  207.   install (#706454)
  208. - make sure that we have enough space to parse any valid GID value when
  209.   parsing a user's primary GID (#716822,#720230)
  210. - tweak the default "validnames" setting to also allow shorter and shorter
  211.   names to pass muster (#706860)
  212.  
  213. * Tue Apr  5 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-7
  214. - tag nslcd.conf with %%verify(not md5 size mtime), since we always tweak
  215.   it in %%post (#692225)
  216.  
  217. * Fri Apr  1 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-6
  218. - backport patches from 0.7.10 to interpret more types of errors as indicators
  219.   that we need to ask a different server (#692817) and from 0.7.12 to not
  220.   get stuck while cleaning up SSL/TLS encrypted connections
  221.  
  222. * Tue Mar 29 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-5
  223. - backport support for the "validnames" option from SVN and use it to allow
  224.   parentheses characters by modifying the default setting (#690870)
  225.  
  226. * Fri Mar 18 2011 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-4
  227. - tweak the pre-generated man pages to avoid a syntax error warning with older
  228.   versions of groff (#676483)
  229.  
  230. * Mon May 17 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-3
  231. - switch to the upstream patch for #592965
  232.  
  233. * Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-2
  234. - don't return an uninitialized buffer as the value for an optional attribute
  235.   that isn't present in the directory server entry (#592965)
  236.  
  237. * Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-1
  238. - update to 0.7.5
  239.  
  240. * Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.4-1
  241. - update to 0.7.4 (#592385)
  242. - stop trying to migrate retry timeout parameters from old ldap.conf files
  243. - add an explicit requires: on nscd to make sure it's at least available
  244.   on systems that are using nss-pam-ldapd; otherwise it's usually optional
  245.   (#587306)
  246.  
  247. * Tue Mar 23 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.3-1
  248. - update to 0.7.3
  249.  
  250. * Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-2
  251. - bump release for post-review commit
  252.  
  253. * Thu Feb 25 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.2-1
  254. - add comments about why we have a .so link at all, and not a -devel subpackage
  255.  
  256. * Wed Jan 13 2010 Nalin Dahyabhai <nalin@redhat.com>
  257. - obsolete/provides nss-ldapd
  258. - import configuration from nss-ldapd.conf, too
  259.  
  260. * Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com>
  261. - rename to nss-pam-ldapd
  262. - also check for import settings in /etc/nss_ldap.conf and /etc/pam_ldap.conf
  263.  
  264. * Thu Sep 24 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-2
  265. - rebuild
  266.  
  267. * Wed Sep 16 2009 Nalin Dahyabhai <nalin@redhat.com>
  268. - apply Mitchell Berger's patch to clean up the init script, use %%{_initddir},
  269.   and correct the %%post so that it only thinks about turning on nslcd when
  270.   we're first being installed (#522947)
  271. - tell status() where the pidfile is when the init script is called for that
  272.  
  273. * Tue Sep  8 2009 Nalin Dahyabhai <nalin@redhat.com>
  274. - fix typo in a comment, capitalize the full name for "LDAP Client User" (more
  275.   from #516049)
  276.  
  277. * Wed Sep  2 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.11-1
  278. - update to 0.6.11
  279.  
  280. * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.10-4
  281. - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
  282.  
  283. * Thu Jun 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-3
  284. - update URL: and Source:
  285.  
  286. * Mon Jun 15 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-2
  287. - add and own /var/run/nslcd
  288. - convert hosts to uri during migration
  289.  
  290. * Thu Jun 11 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.10-1
  291. - update to 0.6.10
  292.  
  293. * Fri Apr 17 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-1
  294. - bump release number to 1 (part of #491767)
  295. - fix which group we check for during %%pre (part of #491767)
  296.  
  297. * Tue Mar 24 2009 Nalin Dahyabhai <nalin@redhat.com>
  298. - require chkconfig by package rather than path (Jussi Lehtola, part of #491767)
  299.  
  300. * Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.8-0.1
  301. - update to 0.6.8
  302.  
  303. * Mon Mar 23 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.1
  304. - start using a dedicated user
  305.  
  306. * Wed Mar 18 2009 Nalin Dahyabhai <nalin@redhat.com> 0.6.7-0.0
  307. - initial package (#445965)
RAW Paste Data