* [git.ipfire.org] IPFire 3.x development tree branch, master, updated. cd6f1960d84a3b1f34828abf966f96496d8f04c7
@ 2013-03-23 21:20 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-03-23 21:20 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 40121 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via cd6f1960d84a3b1f34828abf966f96496d8f04c7 (commit)
via ceaa40bfcc2a6ab30ab75b158b7f3eb76c050836 (commit)
via 76325a2122d8afd3432f5cb14c99b2430d8dd787 (commit)
via 8fed81c8f4a54c2233d5037601414d814d9fc840 (commit)
via 61867160fc7add5ffc8e282d5812258b3ca28a00 (commit)
via 1f5d577a008bc1a85810cf83f6ce5c108844d7c4 (commit)
via 68d1d93dd11bad10673b92e30c3c507fff5912fe (commit)
via b184c2a2a8a20b32e2b5b02ace11f03bb9796019 (commit)
via 01eadb71275b439b42a38a783c8b538d2a3012e8 (commit)
via db0d87a7baf10af0a439f68434d19bd87d20a4c8 (commit)
via 54bc83102d2c7fcc08204d2bfb5e4b2aa3e2912d (commit)
via 6d3acccbb8d45ebdd84c374f60258b00f3396832 (commit)
via 9094b0d4235ecbb52a84959d599ac805955bd5fe (commit)
via 657b66a1e53faaa095b92e0d01535ebb19ecb4a0 (commit)
via 9f8dcadd8163694b5a732cfd7ca47db36972530a (commit)
from 63db8acd9edd6e76357515c983666e3a995ad2b5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cd6f1960d84a3b1f34828abf966f96496d8f04c7
Merge: ceaa40b 1f5d577
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Mar 23 22:19:31 2013 +0100
Merge remote-tracking branch 'stevee/sssd'
commit ceaa40bfcc2a6ab30ab75b158b7f3eb76c050836
Merge: 76325a2 6186716
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Mar 23 22:19:26 2013 +0100
Merge remote-tracking branch 'stevee/pam-update'
commit 76325a2122d8afd3432f5cb14c99b2430d8dd787
Merge: b184c2a 8fed81c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Mar 23 22:19:21 2013 +0100
Merge remote-tracking branch 'stevee/openldap'
commit 8fed81c8f4a54c2233d5037601414d814d9fc840
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 23 21:48:00 2013 +0100
openldap: Switch to ldif based configuration.
* Remove old slapd.conf file and add a ldif based template.
* Compile in backends for hdb and monitor.
* Put ldapi socket to /run/ldapi.
commit 61867160fc7add5ffc8e282d5812258b3ca28a00
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 23 15:35:41 2013 +0100
pam: Update to 1.1.6.
* Update to the latest version of pam.
* Add patches to fix build with glibc 2.16 and newer versions.
commit 1f5d577a008bc1a85810cf83f6ce5c108844d7c4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 23 15:30:30 2013 +0100
sssd: Add basic configuration and scriptlets.
* Add a default configuration to use sssd on the local running LDAP server.
* Add systemd scriptlet.
* Add scriplet for authconfig to update the system after installation.
commit 68d1d93dd11bad10673b92e30c3c507fff5912fe
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:20:59 2013 +0100
authconfig: Update to 6.2.5.
This is a major update to the latest stable version.
* Remove nss_ldap as runtime dependency.
commit b184c2a2a8a20b32e2b5b02ace11f03bb9796019
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Mar 23 12:25:00 2013 +0100
pkg-config: Update to 0.28.
Fixes bug #10290.
commit 01eadb71275b439b42a38a783c8b538d2a3012e8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:20:43 2013 +0100
sssd: New package.
commit db0d87a7baf10af0a439f68434d19bd87d20a4c8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:20:24 2013 +0100
ding-libs: New package.
This is a build dependency of sssd.
commit 54bc83102d2c7fcc08204d2bfb5e4b2aa3e2912d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:20:09 2013 +0100
libtalloc: New package.
This is a build dependency of sssd.
commit 6d3acccbb8d45ebdd84c374f60258b00f3396832
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:19:51 2013 +0100
libtevent: New package.
This is a build dependency of sssd.
commit 9094b0d4235ecbb52a84959d599ac805955bd5fe
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:19:32 2013 +0100
libtdb: New package.
This is a build dependency of sssd.
commit 657b66a1e53faaa095b92e0d01535ebb19ecb4a0
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:17:27 2013 +0100
libldb: New package.
This is a build dependency of sssd.
commit 9f8dcadd8163694b5a732cfd7ca47db36972530a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Feb 19 22:16:59 2013 +0100
c-ares: New package.
This is a build dependency of sssd.
-----------------------------------------------------------------------
Summary of changes:
authconfig/authconfig.nm | 5 +-
harfbuzz/harfbuzz.nm => c-ares/c-ares.nm | 27 +--
ding-libs/ding-libs.nm | 208 ++++++++++++++++++++++
libldb/libldb.nm | 82 +++++++++
libhtp/libhtp.nm => libtalloc/libtalloc.nm | 36 ++--
eggdbus/eggdbus.nm => libtdb/libtdb.nm | 33 ++--
libhtp/libhtp.nm => libtevent/libtevent.nm | 39 +++--
openldap/openldap-conf.ldif | 149 ++++++++++++++++
openldap/openldap.nm | 12 +-
openldap/slapd.conf | 59 -------
openldap/systemd/openldap.service | 2 +-
openldap/systemd/openldap.socket | 2 +-
pam/pam.nm | 8 +-
pam/patches/pam-1.1.5-unix-build.patch | 34 ++++
pam/patches/pam-1.1.5-unix-no-fallback.patch | 69 ++++++++
pkg-config/pkg-config.nm | 2 +-
pdns-recursor/recursor.conf => sssd/sssd.conf | 30 ++--
sssd/sssd.nm | 240 ++++++++++++++++++++++++++
18 files changed, 882 insertions(+), 155 deletions(-)
copy harfbuzz/harfbuzz.nm => c-ares/c-ares.nm (59%)
create mode 100644 ding-libs/ding-libs.nm
create mode 100644 libldb/libldb.nm
copy libhtp/libhtp.nm => libtalloc/libtalloc.nm (57%)
copy eggdbus/eggdbus.nm => libtdb/libtdb.nm (59%)
copy libhtp/libhtp.nm => libtevent/libtevent.nm (50%)
create mode 100644 openldap/openldap-conf.ldif
delete mode 100644 openldap/slapd.conf
create mode 100644 pam/patches/pam-1.1.5-unix-build.patch
create mode 100644 pam/patches/pam-1.1.5-unix-no-fallback.patch
copy pdns-recursor/recursor.conf => sssd/sssd.conf (55%)
create mode 100644 sssd/sssd.nm
Difference in files:
diff --git a/authconfig/authconfig.nm b/authconfig/authconfig.nm
index 56f2f7b..1dd4a7e 100644
--- a/authconfig/authconfig.nm
+++ b/authconfig/authconfig.nm
@@ -4,8 +4,8 @@
###############################################################################
name = authconfig
-version = 6.2.2
-release = 5
+version = 6.2.5
+release = 1
groups = System/Base
url = https://fedorahosted.org/authconfig
@@ -75,7 +75,6 @@ packages
requires
libpwquality
newt-python
- nss_ldap
end
configfiles
diff --git a/c-ares/c-ares.nm b/c-ares/c-ares.nm
new file mode 100644
index 0000000..dcbe850
--- /dev/null
+++ b/c-ares/c-ares.nm
@@ -0,0 +1,39 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = c-ares
+version = 1.9.1
+release = 1
+
+groups = System/Libraries
+url = http://c-ares.haxx.se/
+license = MIT
+summary = A library that performs asynchronous DNS operations.
+
+description
+ c-ares is a C library that performs DNS requests and name resolves
+ asynchronously. c-ares is a fork of the library named 'ares', written
+ by Greg Hudson at MIT.
+end
+
+source_dl = http://c-ares.haxx.se/download/
+
+build
+ configure_options += \
+ --enable-shared \
+ --disable-static
+end
+
+packages
+ package %{name}
+
+ package %{name}-devel
+ template DEVEL
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
diff --git a/ding-libs/ding-libs.nm b/ding-libs/ding-libs.nm
new file mode 100644
index 0000000..81291ce
--- /dev/null
+++ b/ding-libs/ding-libs.nm
@@ -0,0 +1,208 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = ding-libs
+version = 0.2.91
+release = 1
+
+groups = System/Libraries
+url = http://fedorahosted.org/sssd/
+license = GPLv3+
+summary = "Ding is not GLib" assorted utility libraries.
+
+description
+ A set of helpful libraries used by projects such as SSSD.
+end
+
+source_dl = http://fedorahosted.org/releases/d/i/ding-libs/
+
+build
+ configure_options += \
+ --disable-static
+
+ test
+ make check
+ end
+end
+
+packages
+ # ding-libs is a meta package,
+ # which requires all sub-packages.
+ package %{name}
+ requires
+ libbasicobjects = %{thisver}
+ libcollection = %{thisver}
+ libdhash = %{thisver}
+ libini_config = %{thisver}
+ libpath_utils = %{thisver}
+ libref_array = %{thisver}
+ end
+ end
+
+ # ding-libs-devel is a meta package,
+ # which requires all devel sub-packages.
+ package %{name}-devel
+ template DEVEL
+
+ requires
+ libbasicobjects-devel = %{thisver}
+ libcollection-devel = %{thisver}
+ libdhash-devel = %{thisver}
+ libini_config-devel = %{thisver}
+ libpath_utils-devel = %{thisver}
+ libref_array-devel = %{thisver}
+ end
+ end
+
+ package libbasicobjects
+ template LIBS
+
+ summary = Basic object types for C.
+ description = %{summary}
+
+ files
+ %{libdir}/libbasicobjects.so.*
+ end
+ end
+
+ package libbasicobjects-devel
+ summary = Development files for libbasicobjects.
+ description = %{summary}
+
+ files
+ %{libdir}/libbasicobjects.so
+ %{libdir}/pkgconfig/basicobjects.pc
+ %{includedir}/simplebuffer.h
+ end
+ end
+
+ package libcollection
+ template LIBS
+
+ summary = Collection data-type for C.
+ description
+ A data-type to collect data in a hierarchical structure
+ for easy iteration and serialization.
+ end
+
+ files
+ %{libdir}/libcollection.so.*
+ end
+ end
+
+ package libcollection-devel
+ summary = Development files for libcollection.
+ description = %{summary}
+
+ files
+ %{libdir}/libcollection.so
+ %{libdir}/pkgconfig/collection.pc
+ %{includedir}/collection*.h
+ end
+ end
+
+ package libdhash
+ template LIBS
+
+ summary = Dynamic hash table.
+ description
+ A hash table which will dynamically resize to achieve
+ optimal storage & access time properties.
+ end
+
+ files
+ %{libdir}/libdhash.so.*
+ end
+ end
+
+ package libdhash-devel
+ summary = Development files for libdhash.
+ description = %{summary}
+
+ files
+ %{libdir}/libdhash.so
+ %{libdir}/pkgconfig/dhash.pc
+ %{includedir}/dhash*.h
+ end
+ end
+
+ package libini_config
+ template LIBS
+
+ summary = INI file parsr for C.
+ description
+ Library to process config files in INI format into a
+ libcollection data structure.
+ end
+
+ files
+ %{libdir}/libini_config.so.*
+ end
+ end
+
+ package libini_config-devel
+ summary = Development files for libini_config.
+ description = %{summary}
+
+ files
+ %{libdir}/libini_config.so
+ %{libdir}/pkgconfig/ini_config.pc
+ %{includedir}/ini_config*.h
+ end
+ end
+
+ package libpath_utils
+ template LIBS
+
+ summary = Filesystem Path Utilities.
+ description
+ Utility functions to manipulate filesystem pathnames.
+ end
+
+ files
+ %{libdir}/libpath_utils.so.*
+ end
+ end
+
+ package libpath_utils-devel
+ summary = Development files for libpath_utils.
+ description = %{summary}
+
+ files
+ %{libdir}/libpath_utils.so
+ %{libdir}/pkgconfig/path_utils.pc
+ %{includedir}/path_utils*.h
+ end
+ end
+
+ package libref_array
+ template LIBS
+
+ summary = A refcounted array for C.
+ description
+ A dynamically-growing, reference-counted array.
+ end
+
+ files
+ %{libdir}/libref_array.so.*
+ end
+ end
+
+ package libref_array-devel
+ summary = Development files for libref_array.
+ description = %{summary}
+
+ files
+ %{libdir}/libref_array.so
+ %{libdir}/pkgconfig/ref_array.pc
+ %{includedir}/ref_array*.h
+ end
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
+
diff --git a/libldb/libldb.nm b/libldb/libldb.nm
new file mode 100644
index 0000000..21323f7
--- /dev/null
+++ b/libldb/libldb.nm
@@ -0,0 +1,82 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = libldb
+version = 1.1.15
+release = 1
+
+groups = System/Libraries
+url = http://ldb.samba.org/
+license = LGPLv3+
+summary = A schema-less, ldap like, API and database.
+
+description
+ An extensible library that implements an LDAP like API to access remote LDAP
+ servers, or use local tdb databases.
+end
+
+thisapp = ldb-%{version}
+
+source_dl = http://samba.org/ftp/ldb/
+
+build
+ requires
+ chrpath
+ docbook-utils
+ docbook-xsl
+ libtalloc-devel
+ libtdb-devel
+ libtevent-devel
+ popt-devel
+ pytalloc
+ pytdb
+ pytevent
+ python-devel
+ end
+
+ configure_options += \
+ --disable-rpath \
+ --disable-rpath-install \
+ --bundled-libraries=NONE \
+ --with-modulesdir=%{libdir}/ldb/modules \
+ --with-privatelibdir=%{libdir}/ldb
+
+ # Disable parallel build.
+ PARALLELISMFLAGS =
+
+ install_cmds
+ # Remove rpath from binaries.
+ chrpath --delete %{BUILDROOT}%{bindir}/*
+ end
+end
+
+packages
+ package %{name}
+
+ package ldb-tools
+ summary = Tools to manage LDB files.
+ description
+ %{summary}
+ end
+
+ files
+ %{bindir}
+ %{libdir}/ldb/libldb-cmdline*
+ %{mandir}/man1/*
+ end
+ end
+
+ package %{name}-devel
+ template DEVEL
+ end
+
+ package pyldb
+ template PYTHON
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
diff --git a/libtalloc/libtalloc.nm b/libtalloc/libtalloc.nm
new file mode 100644
index 0000000..a1244c5
--- /dev/null
+++ b/libtalloc/libtalloc.nm
@@ -0,0 +1,50 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = libtalloc
+version = 2.0.8
+release = 1
+
+groups = System/Libraries
+url = http://talloc.samba.org/
+license = LGPLv3+
+summary = The talloc library.
+
+description
+ A library that implements a hierarchical allocator with destructors.
+end
+
+thisapp = talloc-%{version}
+
+source_dl = http://samba.org/ftp/talloc/
+
+build
+ requires
+ docbook-utils
+ docbook-xsl
+ python-devel
+ end
+
+ configure_options += \
+ --disable-rpath \
+ --disable-rpath-install \
+ --bundled-libraries=NONE
+end
+
+packages
+ package %{name}
+
+ package %{name}-devel
+ template DEVEL
+ end
+
+ package pytalloc
+ template PYTHON
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
diff --git a/libtdb/libtdb.nm b/libtdb/libtdb.nm
new file mode 100644
index 0000000..7b676ae
--- /dev/null
+++ b/libtdb/libtdb.nm
@@ -0,0 +1,50 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = libtdb
+version = 1.2.11
+release = 1
+
+groups = System/Libraries
+url = http://tdb.samba.org/
+license = LGPLv3+
+summary = The tdb library.
+
+description
+ A library that implements a trivial database.
+end
+
+thisapp = tdb-%{version}
+
+source_dl = http://samba.org/ftp/tdb/
+
+build
+ requires
+ docbook-utils
+ docbook-xsl
+ python-devel
+ end
+
+ configure_options += \
+ --disable-rpath \
+ --disable-rpath-install \
+ --bundled-libraries=NONE
+end
+
+packages
+ package %{name}
+
+ package %{name}-devel
+ template DEVEL
+ end
+
+ package pytdb
+ template PYTHON
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
diff --git a/libtevent/libtevent.nm b/libtevent/libtevent.nm
new file mode 100644
index 0000000..a4dc690
--- /dev/null
+++ b/libtevent/libtevent.nm
@@ -0,0 +1,53 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = libtevent
+version = 0.9.17
+release = 1
+
+groups = System/Libraries
+url = http://tevent.samba.org/
+license = LGPLv3+
+summary = The tevent library.
+
+description
+ Tevent is an event system based on the talloc memory management library.
+ Tevent has support for many event types, including timers, signals, and
+ the classic file descriptor events.
+end
+
+thisapp = tevent-%{version}
+
+source_dl = http://samba.org/ftp/tevent/
+
+build
+ requires
+ docbook-utils
+ docbook-xsl
+ libtalloc-devel
+ python-devel
+ end
+
+ configure_options += \
+ --disable-rpath \
+ --disable-rpath-install \
+ --bundled-libraries=NONE
+end
+
+packages
+ package %{name}
+
+ package %{name}-devel
+ template DEVEL
+ end
+
+ package pytevent
+ template PYTHON
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
diff --git a/openldap/openldap-conf.ldif b/openldap/openldap-conf.ldif
new file mode 100644
index 0000000..a34fa04
--- /dev/null
+++ b/openldap/openldap-conf.ldif
@@ -0,0 +1,149 @@
+# See slapd-config(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcArgsFile: /run/openldap/slapd.args
+olcPidFile: /run/openldap/slapd.pid
+#
+# TLS settings
+#
+#olcTLSCACertificateFile: /etc/pki/CA/cacert.pem
+#olcTLSCertificateFile: /etc/openldap/certs/server.pem
+#olcTLSCertificateKeyFile: /etc/openldap/certs/server.pem
+#
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#
+#olcReferral: ldap://root.openldap.org
+#
+# Sample security restrictions
+# Require integrity protection (prevent hijacking)
+# Require 112-bit (3DES or better) encryption for updates
+# Require 64-bit encryption for simple bind
+#
+#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
+
+#
+# Load dynamic backend modules:
+# - modulepath is architecture dependent value (32/64-bit system)
+# - back_sql.la backend requires openldap-servers-sql package
+# - dyngroup.la and dynlist.la cannot be used at the same time
+#
+
+#dn: cn=module,cn=config
+#objectClass: olcModuleList
+#cn: module
+#olcModulepath: /usr/lib/openldap
+#olcModulepath: /usr/lib64/openldap
+#olcModuleload: accesslog.la
+#olcModuleload: auditlog.la
+#olcModuleload: back_dnssrv.la
+#olcModuleload: back_hdb.so
+#olcModuleload: back_ldap.la
+#olcModuleload: back_mdb.la
+#olcModuleload: back_meta.la
+#olcModuleload: back_null.la
+#olcModuleload: back_passwd.la
+#olcModuleload: back_relay.la
+#olcModuleload: back_shell.la
+#olcModuleload: back_sock.la
+#olcModuleload: collect.la
+#olcModuleload: constraint.la
+#olcModuleload: dds.la
+#olcModuleload: deref.la
+#olcModuleload: dyngroup.la
+#olcModuleload: dynlist.la
+#olcModuleload: memberof.la
+#olcModuleload: pcache.la
+#olcModuleload: ppolicy.la
+#olcModuleload: refint.la
+#olcModuleload: retcode.la
+#olcModuleload: rwm.la
+#olcModuleload: seqmod.la
+#olcModuleload: smbk5pwd.la
+#olcModuleload: sssvlv.la
+#olcModuleload: syncprov.la
+#olcModuleload: translucent.la
+#olcModuleload: unique.la
+#olcModuleload: valsort.la
+
+
+#
+# Schema settings
+#
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/openldap/schema/core.ldif
+include: file:///etc/openldap/schema/cosine.ldif
+include: file:///etc/openldap/schema/nis.ldif
+include: file:///etc/openldap/schema/inetorgperson.ldif
+
+#
+# Frontend settings
+#
+
+dn: olcDatabase=frontend,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: frontend
+#
+# Sample global access control policy:
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access
+# Allow authenticated users read access
+# Allow anonymous users to authenticate
+#
+#olcAccess: to dn.base="" by * read
+#olcAccess: to dn.base="cn=Subschema" by * read
+#olcAccess: to *
+# by self write
+# by users read
+# by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn. (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+#
+
+#
+# Configuration database
+#
+
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
+ n=auth" manage by * none
+
+#
+# Server status monitoring
+#
+
+#dn: olcDatabase=monitor,cn=config
+#objectClass: olcDatabaseConfig
+#olcDatabase: monitor
+#olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
+ n=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
+
+#
+# Backend database definitions
+#
+
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: hdb
+olcSuffix: @SUFFIX@
+olcRootDN: cn=admin,@SUFFIX@
+olcDbDirectory: /var/lib/ldap
+olcDbIndex: objectClass eq,pres
+olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
diff --git a/openldap/openldap.nm b/openldap/openldap.nm
index 8d054b3..a0fdd96 100644
--- a/openldap/openldap.nm
+++ b/openldap/openldap.nm
@@ -5,7 +5,7 @@
name = openldap
version = 2.4.32
-release = 3
+release = 4
groups = System/Daemons
url = http://www.openldap.org/
@@ -50,6 +50,8 @@ build
--enable-overlays=mod \
--enable-sql=no \
--enable-ndb=no \
+ --enable-hdb=yes \
+ --enable-monitor=yes \
--disable-static
prepare_cmds
@@ -69,6 +71,7 @@ build
ln -svf slapd %{BUILDROOT}/usr/sbin/slaptest
# Remove unneeded files.
+ rm -rvf %{BUILDROOT}%{sysconfidir}/slapd.{conf,ldif}
rm -rvf %{BUILDROOT}%{localstatedir}/openldap-data
rm -rvf %{BUILDROOT}%{localstatedir}/run
@@ -76,9 +79,10 @@ build
chmod -v 0755 %{BUILDROOT}%{libdir}/$(readlink %{BUILDROOT}%{libdir}/lib${LINK}.so)
done
- # Install configuration
- mkdir -pv %{BUILDROOT}/etc/%{name}
- cp -vf %{DIR_SOURCE}/slapd.conf %{BUILDROOT}%{sysconfdir}/%{name}/slapd.conf
+ # Install configuration file.
+ mkdir -pv %{BUILDROOT}%{datadir}/%{name}
+ cp -vf %{DIR_SOURCE}/openldap-conf.ldif \
+ %{BUILDROOT}%{datadir}/%{name}/
# Create directoires.
mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/slapd.d
diff --git a/openldap/slapd.conf b/openldap/slapd.conf
deleted file mode 100644
index cfb95d0..0000000
--- a/openldap/slapd.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-# _ ___ _
-# (_) / __|_)
-# _ ____ | |__ _ ____ ____
-# | | _ \| __) |/ ___) _ )
-# | | | | | | | | | ( (/ /
-# |_| ||_/|_| |_|_| \____)
-# |_|
-#
-# OpenLDAP configuration
-#
-# www.ipfire.org - Licensed under the GPLv3
-#
-
-include /etc/openldap/schema/core.schema
-include /etc/openldap/schema/cosine.schema
-include /etc/openldap/schema/inetorgperson.schema
-include /etc/openldap/schema/nis.schema
-
-pidfile /var/run/slapd.pid
-argsfile /var/run/slapd.args
-
-loglevel 2048
-
-#######################################################################
-# Load modules
-#######################################################################
-
-moduleload back_hdb.so
-
-#######################################################################
-# ACL
-#######################################################################
-
-access to attrs=userPassword,userPKCS12
- by self write
- by * auth
-access to attrs=shadowLastChange
- by self write
- by * read
-access to *
- by * read
-
-#######################################################################
-# BDB database definitions
-#######################################################################
-
-database hdb
-suffix "dc=my-domain,dc=com"
-rootdn "cn=Manager,dc=my-domain,dc=com"
-rootpw secret
-
-directory /var/lib/ldap
-
-# Indices to maintain for this database
-index objectClass eq,pres
-index ou,cn,mail,surname,givenname eq,pres,sub
-index uidNumber,gidNumber,loginShell eq,pres
-index uid,memberUid eq,pres,sub
-index nisMapName,nisMapEntry eq,pres,sub
diff --git a/openldap/systemd/openldap.service b/openldap/systemd/openldap.service
index 9a6e53f..a6960d3 100644
--- a/openldap/systemd/openldap.service
+++ b/openldap/systemd/openldap.service
@@ -3,4 +3,4 @@ Description=OpenLDAP
After=basic.target sockets.target
[Service]
-ExecStart=/usr/sbin/slapd -u ldap -h 'ldapi://%2Frun%2Fopenldap%2Fldapi'
+ExecStart=/usr/sbin/slapd -u ldap -h 'ldapi://'
diff --git a/openldap/systemd/openldap.socket b/openldap/systemd/openldap.socket
index 1fe23ea..b9eb387 100644
--- a/openldap/systemd/openldap.socket
+++ b/openldap/systemd/openldap.socket
@@ -1,5 +1,5 @@
[Socket]
-ListenStream=/run/openldap/ldapi
+ListenStream=/run/ldapi
[Install]
WantedBy=sockets.target
diff --git a/pam/pam.nm b/pam/pam.nm
index be4f7a2..54be8d0 100644
--- a/pam/pam.nm
+++ b/pam/pam.nm
@@ -4,8 +4,8 @@
###############################################################################
name = pam
-version = 1.1.5
-release = 3
+version = 1.1.6
+release = 1
thisapp = Linux-PAM-%{version}
groups = System/Base
@@ -60,10 +60,6 @@ end
packages
package %{name}
- requires
- pam_ldap
- end
-
configfiles
/etc/pam.d
end
diff --git a/pam/patches/pam-1.1.5-unix-build.patch b/pam/patches/pam-1.1.5-unix-build.patch
new file mode 100644
index 0000000..d1f30d0
--- /dev/null
+++ b/pam/patches/pam-1.1.5-unix-build.patch
@@ -0,0 +1,34 @@
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build 2012-07-23 18:46:27.709804094 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c 2012-07-23 18:46:27.764805293 +0200
+@@ -47,6 +47,8 @@
+ #include <time.h> /* for time() */
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <sys/time.h>
++#include <sys/resource.h>
+
+ #include <security/_pam_macros.h>
+
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build 2012-07-23 18:55:16.433314731 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c 2012-07-23 18:54:48.064697131 +0200
+@@ -53,6 +53,7 @@
+ #include <fcntl.h>
+ #include <ctype.h>
+ #include <sys/time.h>
++#include <sys/resource.h>
+ #include <sys/stat.h>
+
+ #include <signal.h>
+diff -up Linux-PAM-1.1.5/modules/pam_unix/support.c.build Linux-PAM-1.1.5/modules/pam_unix/support.c
+--- Linux-PAM-1.1.5/modules/pam_unix/support.c.build 2012-07-23 18:46:27.000000000 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/support.c 2012-07-23 18:54:23.645165507 +0200
+@@ -18,6 +18,7 @@
+ #include <signal.h>
+ #include <ctype.h>
+ #include <syslog.h>
++#include <sys/time.h>
+ #include <sys/resource.h>
+ #ifdef HAVE_RPCSVC_YPCLNT_H
+ #include <rpcsvc/ypclnt.h>
diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1.1.5-unix-no-fallback.patch
new file mode 100644
index 0000000..7857196
--- /dev/null
+++ b/pam/patches/pam-1.1.5-unix-no-fallback.patch
@@ -0,0 +1,69 @@
+diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
+--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback 2011-06-21 11:04:56.000000000 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml 2012-05-09 11:54:34.442036404 +0200
+@@ -265,11 +265,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the SHA256 algorithm. If the
+- SHA256 algorithm is not known to the <citerefentry>
++ encrypt it with the SHA256 algorithm. The
++ SHA256 algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -280,11 +279,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the SHA512 algorithm. If the
+- SHA512 algorithm is not known to the <citerefentry>
++ encrypt it with the SHA512 algorithm. The
++ SHA512 algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -295,11 +293,10 @@
+ <listitem>
+ <para>
+ When a user changes their password next,
+- encrypt it with the blowfish algorithm. If the
+- blowfish algorithm is not known to the <citerefentry>
++ encrypt it with the blowfish algorithm. The
++ blowfish algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+- </citerefentry> function,
+- fall back to MD5.
++ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
+diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
+--- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback 2012-05-09 11:48:12.409632377 +0200
++++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c 2012-05-09 11:48:36.953172291 +0200
+@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
+ if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
+ /* libxcrypt/libc doesn't know the algorithm, use MD5 */
+ pam_syslog(pamh, LOG_ERR,
+- "Algo %s not supported by the crypto backend, "
+- "falling back to MD5\n",
++ "Algo %s not supported by the crypto backend.\n",
+ on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
+ on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
+ on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
+ if(sp) {
+ memset(sp, '\0', strlen(sp));
+ }
+- return crypt_md5_wrapper(password);
++ return NULL;
+ }
+
+ return x_strdup(sp);
diff --git a/pkg-config/pkg-config.nm b/pkg-config/pkg-config.nm
index cc3a3f5..53851f2 100644
--- a/pkg-config/pkg-config.nm
+++ b/pkg-config/pkg-config.nm
@@ -4,7 +4,7 @@
###############################################################################
name = pkg-config
-version = 0.27.1
+version = 0.28
release = 1
groups = Development/Tools
diff --git a/sssd/sssd.conf b/sssd/sssd.conf
new file mode 100644
index 0000000..0aef9be
--- /dev/null
+++ b/sssd/sssd.conf
@@ -0,0 +1,25 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+[sssd]
+domains = LDAP
+services = nss, pam
+config_file_version = 2
+
+[nss]
+filter_groups = root
+filter_users = root
+
+[pam]
+
+[domain/LDAP]
+id_provider = ldap
+ldap_uri = ldapi://
+ldap_search_base = @SUFFIX@
+
+cache_credentials = true
+
+min_id = 1000
+enumerate = False
diff --git a/sssd/sssd.nm b/sssd/sssd.nm
new file mode 100644
index 0000000..2f4c6ad
--- /dev/null
+++ b/sssd/sssd.nm
@@ -0,0 +1,240 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = sssd
+version = 1.9.4
+release = 2
+
+groups = System/Tools
+url = http://fedorahosted.org/sssd/
+license = GPLv3+
+summary = System Security Services Daemon.
+
+description
+ Provides a set of daemons to manage access to remote directories and
+ authentication mechanisms. It provides an NSS and PAM interface toward
+ the system and a pluggable backend system to connect to multiple different
+ account sources.
+end
+
+source_dl = https://fedorahosted.org/released/sssd/
+
+build
+ requires
+ /usr/bin/nsupdate
+ c-ares-devel
+ cyrus-sasl-devel
+ dbus-devel
+ docbook-xsl
+ glib2-devel
+ krb5-devel >= 1.10.3
+ libcollection-devel
+ libdhash-devel
+ libini_config-devel
+ libldb-devel
+ libnl-devel
+ libsemanage-devel
+ libtalloc-devel
+ libtdb-devel
+ libtevent-devel
+ openldap-devel
+ openssl-devel
+ pam-devel >= 1.1.6
+ pcre-devel
+ popt-devel
+ python-devel
+ end
+
+ configure_options += \
+ --with-crypto=libcrypto \
+ --with-db-path=%{localstatedir}/sss/db \
+ --with-pipe-path=%{localstatedir}/sss/pipe \
+ --with-pubconf-path=%{localstatedir}/sss/pubconf \
+ --with-mcache-path=%{localstatedir}/sss/mc \
+ --with-krb5-rcache-dir=%{localstatedir}/cache/krb5rcache \
+ --with-default-ccache-dir=/run/user/%U \
+ --with-default-ccname-template=DIR:%d/krb5cc \
+ --with-initscript=systemd \
+ --with-systemdunitdir=%{unitdir} \
+ --enable-pammoddir=%{libdir}/security \
+ --disable-static \
+ --disable-rpath
+
+ install_cmds
+ # Install default config file.
+ install -m 600 %{DIR_SOURCE}/sssd.conf \
+ %{BUILDROOT}%{sysconfdir}/sssd/sssd.conf
+
+ # Remove old sysVinit stuff.
+ rm -rvf %{BUILDROOT}%{sysconfdir}/rc.d
+ end
+end
+
+packages
+ package %{name}
+ groups += Base
+
+ configfiles
+ %{sysconfdir}/sssd/sssd.conf
+ end
+
+ prerequires += systemd-units
+
+ script postin
+ systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script preun
+ systemctl --no-reload disable sssd.service >/dev/null 2>&1 || :
+ systemctl stop sssd.service >/dev/null 2>&1 || :
+ end
+
+ script postun
+ systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script postup
+ systemctl daemon-reload >/dev/null 2>&1 || :
+ systemctl try-restart sssd.service >/dev/null 2>&1 || :
+ end
+ end
+
+ package %{name}-client
+ summary = SSSD Client libraries.
+ description = %{summary}
+ groups += Base
+
+ requires
+ %{name} = %{thisver}
+ end
+
+ obsoletes
+ nss_ldap
+ pam_ldap
+ end
+
+ files
+ %{libdir}/libnss_sss.so.*
+ %{libdir}/security/pam_sss.so
+ %{libdir}/krb5/
+ %{mandir}/man8/pam_sss.8*
+ %{mandir}/man8/sssd_krb5*.8*
+ end
+
+ prerequires += \
+ authconfig >= 6.2.5
+
+ script postin
+ authconfig --update --enableldap --enablesssd --enablesssdauth
+ end
+
+ script postun
+ authconfig --update --disableldap --disablesssd --disablesssdauth
+ end
+ end
+
+ package %{name}-tools
+ summary = Userspace tools for use with the SSSD.
+ description
+ Provides userspace tools for manipulating users, groups, and nested groups in
+ SSSD when using id_provider = local in /etc/sssd/sssd.conf.
+ end
+
+ requires
+ %{name} = %{thisver}
+ end
+
+ files
+ %{sbindir}/sss_*
+ %{mandir}/man8/sss_*.8*
+ end
+ end
+
+ package %{name}-devel
+ template DEVEL
+ end
+
+ package libsss_idmap
+ summary = FreeIPA Idmap library.
+ description
+ Utility library to convert SIDs to Unix uids and gids.
+ end
+
+ files
+ %{libdir}/libsss_idmap.so.*
+ end
+ end
+
+ package libsss_idmap-devel
+ summary = Development files for libsss_idmap.
+ description = %{summary}
+
+ files
+ %{libdir}/libsss_idmap.so
+ %{libdir}/pkgconfig/sss_idmap.pc
+ %{includedir}/sss_idmap.h
+ end
+ end
+
+ package libipa_hbac
+ summary = FreeIPA HBAC Evaluator library.
+ description
+ Utility library to validate FreeIPA HBAC rules for authorization requests.
+ end
+
+ files
+ %{libdir}/libipa_hbac.so.*
+ end
+ end
+
+ package libipa_hbac-devel
+ summary = Development files for libipa_hbac.
+ description = %{summary}
+
+ files
+ %{libdir}/libipa_hbac.so
+ %{libdir}/pkgconfig/ipa_hbac.pc
+ %{includedir}/ipa_hbac.h
+ end
+ end
+
+ package python-libipa_hbac
+ summary = Python bindings for the FreeIPA HBAC Evaluator library.
+ description
+ This package contains the bindings so that libipa_hbac can be
+ used by Python applications.
+ end
+
+ files
+ %{python_sitearch}/pyhbac.so
+ end
+ end
+
+ package libsss_sudo
+ summary = A library to allow communication between SUDO and SSSD.
+ description
+ A utility library to allow communication between SUDO and SSSD.
+ end
+
+ files
+ %{libdir}/libsss_sudo.so.*
+ end
+ end
+
+ package libsss_sudo-devel
+ summary = Development header for libsss_sudo.
+ description = %{summary}
+
+ files
+ %{libdir}/libsss_sudo.so
+ %{libdir}/pkgconfig/sss_sudo.pc
+ %{includedir}/sss_sudo.h
+ end
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
hooks/post-receive
--
IPFire 3.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-03-23 21:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-23 21:20 [git.ipfire.org] IPFire 3.x development tree branch, master, updated. cd6f1960d84a3b1f34828abf966f96496d8f04c7 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox