openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File krb5.spec of Package krb5.8868

#
# spec file for package krb5
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

%define srcRoot krb5-1.12.5
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir  %{_defaultdocdir}/krb5

Name:           krb5
Url:            http://web.mit.edu/kerberos/www/
Version:        1.12.5
Release:        0
Summary:        MIT Kerberos5 Implementation--Libraries
License:        MIT
Group:          Productivity/Networking/Security
Obsoletes:      krb5-plugin-preauth-pkinit-nss
BuildRequires:  autoconf
BuildRequires:  bison
BuildRequires:  doxygen
BuildRequires:  keyutils
BuildRequires:  keyutils-devel
BuildRequires:  libcom_err-devel
BuildRequires:  libopenssl-devel
BuildRequires:  libselinux-devel
BuildRequires:  libverto-devel
BuildRequires:  ncurses-devel
BuildRequires:  openldap2-devel
BuildRequires:  pam-devel
BuildRequires:  python-Cheetah
BuildRequires:  python-Sphinx
BuildRequires:  python-libxml2
BuildRequires:  python-lxml
BuildRequires:  pkgconfig(systemd)
# bug437293
%ifarch ppc64
Obsoletes:      krb5-64bit
%endif
Conflicts:      krb5-mini
Source:         krb5-%{version}.tar.gz
Source1:        vendor-files.tar.bz2
Source2:        baselibs.conf
Source5:        krb5-rpmlintrc
Patch1:         krb5-1.12-pam.patch
Patch2:         krb5-1.9-manpaths.dif
Patch3:         krb5-1.12-buildconf.patch
Patch4:         krb5-1.6.3-gssapi_improve_errormessages.dif
Patch5:         krb5-1.10-kpasswd_tcp.patch
Patch6:         krb5-1.6.3-ktutil-manpage.dif
Patch7:         krb5-1.7-doublelog.patch
Patch8:         krb5-1.12-api.patch
Patch9:         krb5-1.9-kprop-mktemp.patch
Patch10:        krb5-1.10-ksu-access.patch
Patch11:        krb5-1.12-ksu-path.patch
Patch12:        krb5-1.12-selinux-label.patch
Patch13:        krb5-1.9-debuginfo.patch
Patch14:        krb5-kvno-230379.patch
Patch15:        krb5-1.12-doxygen.patch
Patch20:        bnc#897874-CVE-2014-5351.diff
Patch21:        krb5-1.13-work-around-replay-cache-creation-race.patch
Patch104:       0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
Patch105:       0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
Patch106:       0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
Patch107:       0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
Patch108:       0108-Fix-S4U2Self-KDC-crash-when-anon-is-restricted.patch
Patch109:       0109-Preserve-GSS-context-on-init-accept-failure.patch
Patch110:       0110-Fix-PKINIT-cert-matching-data-construction.patch
Patch111:       0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch
Patch112:       0112-Do-not-indicate-deprecated-GSS-mechanisms.patch
Patch113:       0113-Fix-flaws-in-LDAP-DN-checking.patch
Patch114:       0114-resolve-krb5-GSS-creds-if-time_rec-is-requested.patch

%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.

%package client
Conflicts:      krb5-mini
Summary:        MIT Kerberos5 implementation - client programs
Group:          Productivity/Networking/Security

%description client
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...

%package server
Summary:        MIT Kerberos5 implementation - server
Group:          Productivity/Networking/Security
Requires:       cron
Requires:       libverto-libev1
Requires:       logrotate
Requires:       perl-Date-Calc
%{?systemd_requires}
PreReq:         %insserv_prereq %fillup_prereq

%description server
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes the kdc, kadmind
and more.

%package plugin-kdb-ldap
Summary:        MIT Kerberos5 Implementation--LDAP Database Plugin
Group:          Productivity/Networking/Security
Requires:       krb5-server = %{version}

%description plugin-kdb-ldap
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords. This package contains the LDAP
database plugin.

%package plugin-preauth-pkinit
Summary:        MIT Kerberos5 Implementation--PKINIT preauth Plugin
Group:          Productivity/Networking/Security

%description plugin-preauth-pkinit
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes a PKINIT plugin.

%package plugin-preauth-otp
Summary:        MIT Kerberos5 Implementation--OTP preauth Plugin
Group:          Productivity/Networking/Security

%description plugin-preauth-otp
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes a OTP plugin.

%package doc
Summary:        MIT Kerberos5 Implementation--Documentation
Group:          Documentation/Other

%description doc
Kerberos V5 is a trusted-third-party network authentication
system,which can improve your network's security by eliminating the
insecurepractice of clear text passwords. This package includes
extended documentation for MIT Kerberos.

%package devel
Summary:        MIT Kerberos5 - Include Files and Libraries
Group:          Development/Libraries/C and C++
PreReq:         %{name} = %{version}
Requires:       keyutils-devel
Requires:       libcom_err-devel
Requires:       libverto-devel
# bug437293
%ifarch ppc64
Obsoletes:      krb5-devel-64bit
%endif
Conflicts:      krb5-mini-devel
#

%description devel
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes Libraries and
Include Files for Development

%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p0
%patch14 -p1
%patch15 -p1
%patch20 -p1
%patch21 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
%patch111 -p1
%patch112 -p1
%patch113 -p1
%patch114 -p1

%build
# needs to be re-generated
rm -f src/lib/krb5/krb/deltat.c
cd src
./util/reconf
DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
./configure \
    CC="%{__cc}" \
    CFLAGS="$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \
    CPPFLAGS="-I%{_includedir}/et " \
    SS_LIB="-lss" \
    --prefix=/usr/lib/mit \
    --sysconfdir=%{_sysconfdir} \
    --mandir=%{_mandir} \
    --infodir=%{_infodir} \
    --libexecdir=/usr/lib/mit/sbin \
    --libdir=%{_libdir} \
    --includedir=%{_includedir} \
    --localstatedir=%{_localstatedir}/lib/kerberos \
    --localedir=%{_datadir}/locale \
    --enable-shared \
    --disable-static \
    --enable-dns-for-realm \
    --disable-rpath \
    --with-ldap \
    --with-pam \
    --enable-pkinit \
    --with-pkinit-crypto-impl=openssl \
    --with-selinux \
    --with-system-et \
    --with-system-ss \
    --with-system-verto
%{__make} %{?_smp_mflags}
cd doc
make %{?jobs:-j%jobs} substhtml
cp -a html_subst ../../html
cd ..

# Copy kadmin manual page into kadmin.local's due to the split between client and server package
cp man/kadmin.man man/kadmin.local.8

%install

# Where per-user keytabs live by default.
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/kerberos/krb5/user
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5

cd src
make DESTDIR=%{buildroot} install 
cd ..
# Munge krb5-config yet again.  This is totally wrong for 64-bit, but chunks
# of the buildconf patch already conspire to strip out /usr/<anything> from the
# list of link flags, and it helps prevent file conflicts on multilib systems.
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config

# install autoconf macro
mkdir -p %{buildroot}/%{_datadir}/aclocal
install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/
# install sample config files
# I'll probably do something about this later on
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
mkdir -p %{buildroot}%{_sysconfdir}
mkdir -p %{buildroot}/etc/profile.d/
mkdir -p %{buildroot}/var/log/krb5
mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/
# create plugin directories
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
# all libs must have permissions 0755 
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do 
  chmod 0755 ${lib} 
done
# and binaries too
chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu
# install systemd files
%if 0%{?suse_version} >= 1210
mkdir -p %{buildroot}%{_unitdir}
install -m 644 %{vendorFiles}/kadmind.service %{buildroot}%{_unitdir}
install -m 644 %{vendorFiles}/krb5kdc.service %{buildroot}%{_unitdir}
install -m 644 %{vendorFiles}/kpropd.service %{buildroot}%{_unitdir}
%else
# install init scripts
mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
install -m 755 %{vendorFiles}/kpropd.init  %{buildroot}%{_sysconfdir}/init.d/kpropd
%endif
# install sysconfig templates
mkdir -p $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates
install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/
install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/
# install logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
find . -type f -name '*.ps' -exec gzip -9 {} \;
# create rc* links 
mkdir -p %{buildroot}/usr/bin/
mkdir -p %{buildroot}/usr/sbin/
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckadmind
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckrb5kdc
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckpropd
# create links for kinit and klist, because of the java ones
ln -sf ../../usr/lib/mit/bin/kinit   %{buildroot}/usr/bin/kinit
ln -sf ../../usr/lib/mit/bin/klist   %{buildroot}/usr/bin/klist
# install doc
install -d -m 755 %{buildroot}/%{krb5docdir}
install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif
# cleanup
rm -f  %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f  /usr/share/man/man1/tmac.doc*
rm -rf %{buildroot}/usr/lib/mit/share/examples

%find_lang mit-krb5

#####################################################
# krb5 pre/post/postun
#####################################################

%post -p /sbin/ldconfig

%postun
/sbin/ldconfig

#####################################################
# krb5-server preun/postun/pre/post
#####################################################

%preun server
%service_del_preun krb5kdc.service kadmind.service kpropd.service

%postun server
%service_del_postun krb5kdc.service kadmind.service kpropd.service

%post server
%service_add_post krb5kdc.service kadmind.service kpropd.service
%{fillup_only -n kadmind}
%{fillup_only -n krb5kdc}
%{fillup_only -n kpropd}

%pre server
%service_add_pre krb5kdc.service kadmind.service kpropd.service

#####################################################
# krb5-plugin-kdb-ldap post/postun
#####################################################

%post plugin-kdb-ldap -p /sbin/ldconfig

%postun plugin-kdb-ldap
/sbin/ldconfig

########################################################
# files sections
########################################################

%files devel
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
%dir /usr/lib/mit/share
%dir %{_datadir}/aclocal
%{_libdir}/libgssrpc.so
%{_libdir}/libk5crypto.so
%{_libdir}/libkadm5clnt_mit.so
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5srv_mit.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkdb5.so
%{_libdir}/libkrb5.so
%{_libdir}/libkrb5support.so
%{_libdir}/libkrad.so
%{_libdir}/pkgconfig/gssrpc.pc
%{_libdir}/pkgconfig/kadm-client.pc
%{_libdir}/pkgconfig/kadm-server.pc
%{_libdir}/pkgconfig/kdb.pc
%{_libdir}/pkgconfig/krb5-gssapi.pc
%{_libdir}/pkgconfig/krb5.pc
%{_libdir}/pkgconfig/mit-krb5-gssapi.pc
%{_libdir}/pkgconfig/mit-krb5.pc
%{_includedir}/*
/usr/lib/mit/bin/krb5-config
/usr/lib/mit/sbin/krb5-send-pr
/usr/lib/mit/share/gnats
%{_mandir}/man1/krb5-send-pr.1*
%{_mandir}/man1/krb5-config.1*
%{_datadir}/aclocal/ac_check_krb5.m4

%files -f mit-krb5.lang
%defattr(-,root,root)
%dir %{krb5docdir}
# add plugin directories
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%dir %{_libdir}/krb5/plugins/preauth
%dir %{_libdir}/krb5/plugins/libkrb5
# add log directory
%attr(0700,root,root) %dir /var/log/krb5
%doc %{krb5docdir}/README
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
%attr(0644,root,root) %config /etc/profile.d/krb5*
%{_libdir}/libgssapi_krb5.*
%{_libdir}/libgssrpc.so.*
%{_libdir}/libk5crypto.so.*
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%{_libdir}/libkdb5.so.*
%{_libdir}/libkrb5.so.*
%{_libdir}/libkrb5support.so.*
%{_libdir}/libkrad.so.*

%files server
%defattr(-,root,root)
%attr(0700,root,root) %dir /var/log/krb5
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server
%{_unitdir}/kadmind.service
%{_unitdir}/krb5kdc.service
%{_unitdir}/kpropd.service
%dir %{krb5docdir}
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
%dir %{_localstatedir}/lib/kerberos/
%dir %{_localstatedir}/lib/kerberos/krb5kdc
%dir %{_localstatedir}/lib/kerberos/krb5
%dir %{_localstatedir}/lib/kerberos/krb5/user
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
%{_var}/adm/fillup-templates/sysconfig.*
/usr/sbin/rc*
/usr/lib/mit/sbin/kadmin.local
/usr/lib/mit/sbin/kadmind
/usr/lib/mit/sbin/kpropd
/usr/lib/mit/sbin/kproplog
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/uuserver
%{_libdir}/krb5/plugins/kdb/db2.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man5/kadm5.acl.5*
%{_mandir}/man8/kadmind.8*
%{_mandir}/man8/kadmin.local.8*
%{_mandir}/man8/kpropd.8*
%{_mandir}/man8/kprop.8*
%{_mandir}/man8/kproplog.8.gz
%{_mandir}/man8/kdb5_util.8*
%{_mandir}/man8/krb5kdc.8*
%{_mandir}/man8/sserver.8*

%files client
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/kvno
/usr/lib/mit/bin/kinit
/usr/lib/mit/bin/kdestroy
/usr/lib/mit/bin/kpasswd
/usr/lib/mit/bin/klist
/usr/lib/mit/bin/kadmin
/usr/lib/mit/bin/ktutil
/usr/lib/mit/bin/k5srvutil
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/ksu
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/sim_client
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/kswitch
/usr/bin/kinit
/usr/bin/klist
%{_mandir}/man1/kvno.1*
%{_mandir}/man1/kinit.1*
%{_mandir}/man1/kdestroy.1*
%{_mandir}/man1/kpasswd.1*
%{_mandir}/man1/klist.1*
%{_mandir}/man1/kadmin.1*
%{_mandir}/man1/ktutil.1*
%{_mandir}/man1/k5srvutil.1*
%{_mandir}/man1/kswitch.1*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%{_mandir}/man5/.k5identity.5*
%{_mandir}/man5/k5identity.5*
%{_mandir}/man5/k5login.5*
%{_mandir}/man1/ksu.1.gz
%{_mandir}/man1/sclient.1.gz

%files plugin-kdb-ldap
%defattr(-,root,root)
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%dir /usr/lib/mit/sbin/
%dir %{krb5docdir}
%doc %{krb5docdir}/kerberos.schema
%doc %{krb5docdir}/kerberos.ldif
%{_libdir}/krb5/plugins/kdb/kldap.so
/usr/lib/mit/sbin/kdb5_ldap_util
%{_libdir}/libkdb_ldap*
%{_mandir}/man8/kdb5_ldap_util.8*

%files plugin-preauth-pkinit
%defattr(-,root,root)
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/preauth
%{_libdir}/krb5/plugins/preauth/pkinit.so

%files plugin-preauth-otp
%defattr(-,root,root)
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/preauth
%{_libdir}/krb5/plugins/preauth/otp.so

%files doc
%defattr(-,root,root)
%doc html doc/CHANGES doc/README

%changelog

Places

File krb5.spec of Package krb5.8868

Places