|
@@ -20,14 +20,14 @@ BuildRequires: socket_wrapper
|
|
Summary: The Kerberos network authentication system
|
|
Summary: The Kerberos network authentication system
|
|
Summary(ja): Kerberos ネットワーク認証システム
|
|
Summary(ja): Kerberos ネットワーク認証システム
|
|
Name: krb5
|
|
Name: krb5
|
|
-Version: 1.14.3
|
|
|
|
-Release: 1%{_dist_release}
|
|
|
|
|
|
+Version: 1.16
|
|
|
|
+Release: 2%{_dist_release}
|
|
|
|
|
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
|
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
|
|
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
|
|
Source0: krb5-%{version}.tar.gz
|
|
Source0: krb5-%{version}.tar.gz
|
|
# Source1: krb5-%{version}.tar.gz.asc
|
|
# Source1: krb5-%{version}.tar.gz.asc
|
|
-#Source3: krb5-%{version}-pdfs.tar
|
|
|
|
|
|
+Source3: krb5-%{version}-pdfs.tar
|
|
Source1000: krb5-%{version}-man.tar
|
|
Source1000: krb5-%{version}-man.tar
|
|
Source1001: krb5-%{version}-html.tar
|
|
Source1001: krb5-%{version}-html.tar
|
|
|
|
|
|
@@ -53,23 +53,19 @@ Source39: krb5-krb5kdc.conf
|
|
# Carry this locally until it's available in a packaged form.
|
|
# Carry this locally until it's available in a packaged form.
|
|
Source100: noport.c
|
|
Source100: noport.c
|
|
|
|
|
|
-Patch6: krb5-1.12-ksu-path.patch
|
|
|
|
-Patch12: krb5-1.12-ktany.patch
|
|
|
|
-Patch16: krb5-1.12-buildconf.patch
|
|
|
|
-Patch23: krb5-1.3.1-dns.patch
|
|
|
|
-Patch39: krb5-1.12-api.patch
|
|
|
|
-Patch60: krb5-1.12.1-pam.patch
|
|
|
|
-Patch71: krb5-1.13-dirsrv-accountlock.patch
|
|
|
|
-Patch86: krb5-1.9-debuginfo.patch
|
|
|
|
-Patch129: krb5-1.11-run_user_0.patch
|
|
|
|
-Patch134: krb5-1.11-kpasswdtest.patch
|
|
|
|
-Patch148: krb5-disable_ofd_locks.patch
|
|
|
|
-Patch150: krb5-acquire_cred_interposer.patch
|
|
|
|
-Patch153: krb5-1.14.2-log_file_permissions.patch
|
|
|
|
-
|
|
|
|
-Patch164: krb5-1.15-kdc_send_receive_hooks.patch
|
|
|
|
-Patch165: krb5-1.15-kdc_hooks_test.patch
|
|
|
|
-
|
|
|
|
|
|
+Patch26: krb5-1.12.1-pam.patch
|
|
|
|
+Patch27: krb5-1.15.1-selinux-label.patch
|
|
|
|
+Patch28: krb5-1.12-ksu-path.patch
|
|
|
|
+Patch29: krb5-1.12-ktany.patch
|
|
|
|
+Patch30: krb5-1.15-beta1-buildconf.patch
|
|
|
|
+Patch31: krb5-1.3.1-dns.patch
|
|
|
|
+Patch32: krb5-1.12-api.patch
|
|
|
|
+Patch33: krb5-1.13-dirsrv-accountlock.patch
|
|
|
|
+Patch34: krb5-1.9-debuginfo.patch
|
|
|
|
+Patch35: krb5-1.11-run_user_0.patch
|
|
|
|
+Patch36: krb5-1.11-kpasswdtest.patch
|
|
|
|
+Patch37: Process-included-directories-in-alphabetical-order.patch
|
|
|
|
+Patch38: Fix-flaws-in-LDAP-DN-checking.patch
|
|
|
|
|
|
License: MIT
|
|
License: MIT
|
|
URL: http://web.mit.edu/kerberos/www/
|
|
URL: http://web.mit.edu/kerberos/www/
|
|
@@ -80,7 +76,7 @@ BuildRequires: autoconf, bison, flex, gawk
|
|
# BuildRequires: libcom_err-devel, libss-devel
|
|
# BuildRequires: libcom_err-devel, libss-devel
|
|
BuildRequires: e2fsprogs-devel
|
|
BuildRequires: e2fsprogs-devel
|
|
# BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
|
|
# BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
|
|
-BuildRequires: gzip, ncurses-devel, texinfo, tar
|
|
|
|
|
|
+BuildRequires: gzip, ncurses-devel, texinfo, tar, git
|
|
# BuildRequires: python-sphinx
|
|
# BuildRequires: python-sphinx
|
|
# BuildRequires: texlive
|
|
# BuildRequires: texlive
|
|
# BuildRequires: texlive-latexrecommended
|
|
# BuildRequires: texlive-latexrecommended
|
|
@@ -242,39 +238,18 @@ certificate.
|
|
# end of compat32 package
|
|
# end of compat32 package
|
|
|
|
|
|
%prep
|
|
%prep
|
|
-#setup -q -a 3 -a 1000 -a 1001
|
|
|
|
-%setup -q -a 1000 -a 1001
|
|
|
|
-ln -s NOTICE LICENSE
|
|
|
|
-
|
|
|
|
-%patch60 -p1 -b .pam
|
|
|
|
-
|
|
|
|
-# %patch63 -p1 -b .selinux-label
|
|
|
|
-
|
|
|
|
-%patch6 -p1 -b .ksu-path
|
|
|
|
-%patch12 -p1 -b .ktany
|
|
|
|
-%patch16 -p1 -b .buildconf %{?_rawbuild}
|
|
|
|
-%patch23 -p1 -b .dns %{?_rawbuild}
|
|
|
|
-%patch39 -p1 -b .api
|
|
|
|
-%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
|
|
|
|
-%patch86 -p0 -b .debuginfo
|
|
|
|
-
|
|
|
|
-# Apply when the hard-wired or configured default location is
|
|
|
|
-# DIR:/run/user/%%{uid}/krb5cc.
|
|
|
|
-#%patch129 -p1 -b .run_user_0
|
|
|
|
|
|
+%autosetup -S git -n %{name}-%{version}
|
|
|
|
+tar xvf %{SOURCE3}
|
|
|
|
+tar xvf %{SOURCE1000}
|
|
|
|
+tar xvf %{SOURCE1001}
|
|
|
|
|
|
-%patch134 -p1 -b .kpasswdtest
|
|
|
|
-
|
|
|
|
-%patch148 -p1 -b .disable_ofd_locks
|
|
|
|
-
|
|
|
|
-%patch150 -p1 -b .fix_interposer
|
|
|
|
-
|
|
|
|
-%patch153 -p1 -b .log_file_permissions
|
|
|
|
|
|
+ln -s NOTICE LICENSE
|
|
|
|
|
|
-%patch164 -p1 -b .kdc_send_receive_hooks
|
|
|
|
-%patch165 -p1 -b .kdc_hooks_test
|
|
|
|
|
|
+# Take the execute bit off of documentation.
|
|
|
|
+chmod -x doc/ccapi/*.html
|
|
|
|
|
|
# Take the execute bit off of documentation.
|
|
# Take the execute bit off of documentation.
|
|
-chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
|
|
|
|
|
|
+chmod -x doc/ccapi/*.html
|
|
|
|
|
|
# Generate an FDS-compatible LDIF file.
|
|
# Generate an FDS-compatible LDIF file.
|
|
inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
|
|
inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
|
|
@@ -283,13 +258,13 @@ cat > '60kerberos.ldif' << EOF
|
|
dn: cn=schema
|
|
dn: cn=schema
|
|
EOF
|
|
EOF
|
|
egrep -iv '(^$|^dn:|^changetype:|^add:)' $inldif | \
|
|
egrep -iv '(^$|^dn:|^changetype:|^add:)' $inldif | \
|
|
-sed -r 's,^ , ,g' | \
|
|
|
|
-sed -r 's,^ , ,g' >> 60kerberos.ldif
|
|
|
|
|
|
+sed -r 's,^ , ,g' | \
|
|
|
|
+sed -r 's,^ , ,g' >> 60kerberos.ldif
|
|
touch -r $inldif 60kerberos.ldif
|
|
touch -r $inldif 60kerberos.ldif
|
|
|
|
|
|
# Rebuild the configure scripts.
|
|
# Rebuild the configure scripts.
|
|
pushd src
|
|
pushd src
|
|
-./util/reconf --verbose
|
|
|
|
|
|
+autoreconf -fiv
|
|
popd
|
|
popd
|
|
|
|
|
|
# Mess with some of the default ports that we use for testing, so that multiple
|
|
# Mess with some of the default ports that we use for testing, so that multiple
|
|
@@ -315,6 +290,7 @@ sed -i -e s,7778,`expr "$PORT" + 1`,g $cfg
|
|
|
|
|
|
%build
|
|
%build
|
|
pushd src
|
|
pushd src
|
|
|
|
+
|
|
# Set this so that configure will have a value even if the current version of
|
|
# Set this so that configure will have a value even if the current version of
|
|
# autoconf doesn't set one.
|
|
# autoconf doesn't set one.
|
|
export runstatedir=%{_localstatedir}/run
|
|
export runstatedir=%{_localstatedir}/run
|
|
@@ -326,7 +302,8 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
|
|
CC="%{__cc}" \
|
|
CC="%{__cc}" \
|
|
CFLAGS="$CFLAGS" \
|
|
CFLAGS="$CFLAGS" \
|
|
CPPFLAGS="$CPPFLAGS" \
|
|
CPPFLAGS="$CPPFLAGS" \
|
|
- SS_LIB="-lss -lncurses" \
|
|
|
|
|
|
+ SS_LIB="-lss" \
|
|
|
|
+ --with-selinux=no \
|
|
--enable-shared \
|
|
--enable-shared \
|
|
%if %{build_static}
|
|
%if %{build_static}
|
|
--enable-static \
|
|
--enable-static \
|
|
@@ -370,7 +347,7 @@ if test "$configured_kdcrundir" != %{_localstatedir}/run/krb5kdc ; then
|
|
fi
|
|
fi
|
|
|
|
|
|
## Build the docs.
|
|
## Build the docs.
|
|
-#make -C src/doc paths.py version.py
|
|
|
|
|
|
+#LANG=C make -C src/doc paths.py version.py
|
|
#cp src/doc/paths.py doc/
|
|
#cp src/doc/paths.py doc/
|
|
#mkdir -p build-man build-html build-pdf
|
|
#mkdir -p build-man build-html build-pdf
|
|
#sphinx-build -a -b man -t pathsubs doc build-man
|
|
#sphinx-build -a -b man -t pathsubs doc build-man
|
|
@@ -421,15 +398,13 @@ install -pm 600 %{SOURCE10} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
|
|
install -pm 600 %{SOURCE11} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
|
|
install -pm 600 %{SOURCE11} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
|
|
|
|
|
|
# Where per-user keytabs live by default.
|
|
# Where per-user keytabs live by default.
|
|
-mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/kdc/user
|
|
|
|
|
|
+mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5/user
|
|
|
|
|
|
# Default configuration file for everything.
|
|
# Default configuration file for everything.
|
|
mkdir -p $RPM_BUILD_ROOT/etc
|
|
mkdir -p $RPM_BUILD_ROOT/etc
|
|
install -pm 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
|
|
install -pm 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
-
|
|
|
|
# Default include on this directory
|
|
# Default include on this directory
|
|
mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d
|
|
mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d
|
|
#ln -sv /etc/crypto-policies/back-ends/krb5.config $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies
|
|
#ln -sv /etc/crypto-policies/back-ends/krb5.config $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies
|
|
@@ -442,20 +417,20 @@ mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss
|
|
# hard-coded in g_initialize.c.
|
|
# hard-coded in g_initialize.c.
|
|
mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss/mech.d
|
|
mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss/mech.d
|
|
|
|
|
|
|
|
+
|
|
# If the default configuration needs to start specifying a default cache
|
|
# If the default configuration needs to start specifying a default cache
|
|
# location, add it now, then fixup the timestamp so that it looks the same.
|
|
# location, add it now, then fixup the timestamp so that it looks the same.
|
|
%if 0%{?configure_default_ccache_name}
|
|
%if 0%{?configure_default_ccache_name}
|
|
export DEFCCNAME="%{configured_default_ccache_name}"
|
|
export DEFCCNAME="%{configured_default_ccache_name}"
|
|
awk '{print}
|
|
awk '{print}
|
|
- /^# default_realm/{print " default_ccache_name =", ENVIRON["DEFCCNAME"]}' \
|
|
|
|
- %{SOURCE6} > $RPM_BUILD_ROOT/etc/krb5.conf
|
|
|
|
|
|
+ /^# default_realm/{print " default_ccache_name =", ENVIRON["DEFCCNAME"]}' \
|
|
|
|
+ %{SOURCE6} > $RPM_BUILD_ROOT/etc/krb5.conf
|
|
touch -r %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
|
|
touch -r %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
|
|
grep default_ccache_name $RPM_BUILD_ROOT/etc/krb5.conf
|
|
grep default_ccache_name $RPM_BUILD_ROOT/etc/krb5.conf
|
|
%endif
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
# Server init scripts (krb5kdc,kadmind,kpropd) and their sysconfig files.
|
|
# Server init scripts (krb5kdc,kadmind,kpropd) and their sysconfig files.
|
|
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
|
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
|
for init in \
|
|
for init in \
|
|
@@ -490,10 +465,10 @@ done
|
|
# logrotate configuration files
|
|
# logrotate configuration files
|
|
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d/
|
|
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d/
|
|
for logrotate in \
|
|
for logrotate in \
|
|
- %{SOURCE33} \
|
|
|
|
- %{SOURCE34} ; do
|
|
|
|
- install -pm 644 ${logrotate} \
|
|
|
|
- $RPM_BUILD_ROOT/etc/logrotate.d/`basename ${logrotate} .logrotate`
|
|
|
|
|
|
+ %{SOURCE33} \
|
|
|
|
+ %{SOURCE34} ; do
|
|
|
|
+ install -pm 644 ${logrotate} \
|
|
|
|
+ $RPM_BUILD_ROOT/etc/logrotate.d/`basename ${logrotate} .logrotate`
|
|
done
|
|
done
|
|
|
|
|
|
# PAM configuration files.
|
|
# PAM configuration files.
|
|
@@ -517,10 +492,19 @@ make -C src DESTDIR=$RPM_BUILD_ROOT EXAMPLEDIR=%{_docdir}/krb5-libs-%{version}/e
|
|
# list of link flags, and it helps prevent file conflicts on multilib systems.
|
|
# list of link flags, and it helps prevent file conflicts on multilib systems.
|
|
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
|
|
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
|
|
|
|
|
|
|
|
+# Temporay workaround for krb5-config reading too much from LDFLAGS.
|
|
|
|
+# Upstream: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8159
|
|
|
|
+sed -r -i -e "s/-specs=\/.+?\/redhat-hardened-ld//g" $RPM_BUILD_ROOT%{_bindir}/krb5-config
|
|
|
|
+
|
|
|
|
+if [[ "$(< $RPM_BUILD_ROOT%{_bindir}/krb5-config )" == *redhat-hardened-ld* ]] ; then
|
|
|
|
+ printf '# redhat-hardened-ld for krb5-config failed' 1>&2
|
|
|
|
+ exit 1
|
|
|
|
+fi
|
|
|
|
+
|
|
# Install processed man pages.
|
|
# Install processed man pages.
|
|
for section in 1 5 8 ; do
|
|
for section in 1 5 8 ; do
|
|
- install -m 644 build-man/*.${section} \
|
|
|
|
- $RPM_BUILD_ROOT/%{_mandir}/man${section}/
|
|
|
|
|
|
+ install -m 644 build-man/*.${section} \
|
|
|
|
+ $RPM_BUILD_ROOT/%{_mandir}/man${section}/
|
|
done
|
|
done
|
|
|
|
|
|
# Move specific libraries from %{_libdir} to /%{_lib}, and fixup the symlinks.
|
|
# Move specific libraries from %{_libdir} to /%{_lib}, and fixup the symlinks.
|
|
@@ -599,6 +583,14 @@ if [ "$2" -eq "0" ] ; then
|
|
fi
|
|
fi
|
|
exit 0
|
|
exit 0
|
|
|
|
|
|
|
|
+%triggerun libs -- krb5-libs < 1.16-2
|
|
|
|
+if grep -q '^includedir /etc/krb5.conf.d' /etc/krb5.conf ; then
|
|
|
|
+ perl -pi \
|
|
|
|
+ -e 's|^includedir /etc/krb5.conf.d|#includedir /etc/krb5.conf.d|' \
|
|
|
|
+ /etc/krb5.conf
|
|
|
|
+fi
|
|
|
|
+exit 0
|
|
|
|
+
|
|
%post -n compat32-%{name}-libs -p /sbin/ldconfig
|
|
%post -n compat32-%{name}-libs -p /sbin/ldconfig
|
|
|
|
|
|
%postun -n compat32-%{name}-libs -p /sbin/ldconfig
|
|
%postun -n compat32-%{name}-libs -p /sbin/ldconfig
|
|
@@ -608,7 +600,7 @@ exit 0
|
|
%doc src/config-files/services.append
|
|
%doc src/config-files/services.append
|
|
%doc src/config-files/krb5.conf
|
|
%doc src/config-files/krb5.conf
|
|
%doc build-html/*
|
|
%doc build-html/*
|
|
-#doc build-pdf/user.pdf build-pdf/basic.pdf
|
|
|
|
|
|
+%doc build-pdf/user.pdf build-pdf/basic.pdf
|
|
%attr(0755,root,root) %doc src/config-files/convert-config-files
|
|
%attr(0755,root,root) %doc src/config-files/convert-config-files
|
|
|
|
|
|
# Clients of the KDC, including tools you're likely to need if you're running
|
|
# Clients of the KDC, including tools you're likely to need if you're running
|
|
@@ -641,7 +633,7 @@ exit 0
|
|
%files server
|
|
%files server
|
|
%defattr(-,root,root,-)
|
|
%defattr(-,root,root,-)
|
|
%docdir %{_mandir}
|
|
%docdir %{_mandir}
|
|
-#doc build-pdf/admin.pdf build-pdf/build.pdf
|
|
|
|
|
|
+%doc build-pdf/admin.pdf build-pdf/build.pdf
|
|
%doc src/config-files/kdc.conf
|
|
%doc src/config-files/kdc.conf
|
|
|
|
|
|
/etc/rc.d/init.d/krb5kdc
|
|
/etc/rc.d/init.d/krb5kdc
|
|
@@ -738,8 +730,8 @@ exit 0
|
|
%{_libdir}/krb5/plugins/kdb/db2.so
|
|
%{_libdir}/krb5/plugins/kdb/db2.so
|
|
%{_libdir}/krb5/plugins/tls/k5tls.so
|
|
%{_libdir}/krb5/plugins/tls/k5tls.so
|
|
%dir %{_var}/kerberos
|
|
%dir %{_var}/kerberos
|
|
-%dir %{_var}/kerberos/kdc
|
|
|
|
-%dir %{_var}/kerberos/kdc/user
|
|
|
|
|
|
+%dir %{_var}/kerberos/krb5
|
|
|
|
+%dir %{_var}/kerberos/krb5/user
|
|
%if ! %{WITH_SYSVERTO}
|
|
%if ! %{WITH_SYSVERTO}
|
|
%{_libdir}/libverto.so
|
|
%{_libdir}/libverto.so
|
|
%{_libdir}/libverto.so.*
|
|
%{_libdir}/libverto.so.*
|
|
@@ -757,8 +749,7 @@ exit 0
|
|
%files devel
|
|
%files devel
|
|
%defattr(-,root,root,-)
|
|
%defattr(-,root,root,-)
|
|
%docdir %{_mandir}
|
|
%docdir %{_mandir}
|
|
-%doc doc/krb5-protocol
|
|
|
|
-#doc build-pdf/appdev.pdf build-pdf/plugindev.pdf
|
|
|
|
|
|
+%doc build-pdf/appdev.pdf build-pdf/plugindev.pdf
|
|
|
|
|
|
%{_includedir}/*
|
|
%{_includedir}/*
|
|
%{_libdir}/libgssapi_krb5.so
|
|
%{_libdir}/libgssapi_krb5.so
|
|
@@ -841,6 +832,12 @@ exit 0
|
|
%endif
|
|
%endif
|
|
|
|
|
|
%changelog
|
|
%changelog
|
|
|
|
+* Wed Feb 28 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.16-2
|
|
|
|
+- fixed /etc/krb5.conf.
|
|
|
|
+
|
|
|
|
+* Wed Feb 28 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.16-1
|
|
|
|
+- updated to 1.16.
|
|
|
|
+
|
|
* Mon Aug 1 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.14.3-1
|
|
* Mon Aug 1 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.14.3-1
|
|
- updated to 1.14.3.
|
|
- updated to 1.14.3.
|
|
|
|
|