From 9ec791e6c9785805f52fc22f18aa72e6582d93b4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 17 May 2022 06:33:10 -0400 Subject: [PATCH] import realmd-0.17.0-9.el9 --- .gitignore | 1 + .realmd.metadata | 1 + ...endor-error-message-configure-option.patch | 61 +++ ...-add-computer-name-to-realm-man-page.patch | 36 ++ SOURCES/0001-ldap-add-socket-timeout.patch | 78 +++ ...-new-Samba-4.15-command-line-options.patch | 128 +++++ SOURCES/0001-switch-to-authselect.patch | 36 ++ ...-syslog-avoid-duplicate-log-messages.patch | 38 ++ ...update-some-macros-for-autoconf-2.71.patch | 77 +++ SOURCES/ipa-packages.patch | 13 + SPECS/realmd.spec | 463 ++++++++++++++++++ 11 files changed, 932 insertions(+) create mode 100644 .gitignore create mode 100644 .realmd.metadata create mode 100644 SOURCES/0001-build-add-with-vendor-error-message-configure-option.patch create mode 100644 SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch create mode 100644 SOURCES/0001-ldap-add-socket-timeout.patch create mode 100644 SOURCES/0001-samba-use-new-Samba-4.15-command-line-options.patch create mode 100644 SOURCES/0001-switch-to-authselect.patch create mode 100644 SOURCES/0001-syslog-avoid-duplicate-log-messages.patch create mode 100644 SOURCES/0002-configure-update-some-macros-for-autoconf-2.71.patch create mode 100644 SOURCES/ipa-packages.patch create mode 100644 SPECS/realmd.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fec7a99 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/realmd-0.17.0.tar.gz diff --git a/.realmd.metadata b/.realmd.metadata new file mode 100644 index 0000000..0bc70e7 --- /dev/null +++ b/.realmd.metadata @@ -0,0 +1 @@ +c29f4819713b8af59b53ed0aecb0b273d5bf2b46 SOURCES/realmd-0.17.0.tar.gz diff --git a/SOURCES/0001-build-add-with-vendor-error-message-configure-option.patch b/SOURCES/0001-build-add-with-vendor-error-message-configure-option.patch new file mode 100644 index 0000000..faac53c --- /dev/null +++ b/SOURCES/0001-build-add-with-vendor-error-message-configure-option.patch @@ -0,0 +1,61 @@ +From 4ef597d15df246f4121266aaf3e291e3f06f6f4a Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 10 Mar 2021 17:57:07 +0100 +Subject: [PATCH 1/2] build: add --with-vendor-error-message configure option + +With the new configure option --with-vendor-error-message a packager or +a distribution can add a message if realmd returns with an error. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1889386 +--- + configure.ac | 15 +++++++++++++++ + tools/realm.c | 7 +++++++ + 2 files changed, 22 insertions(+) + +diff --git a/configure.ac b/configure.ac +index ee067d9..05ec1bf 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -51,6 +51,21 @@ fi + + AC_SUBST(DISTRO) + ++# ----------------------------------------------------------------------------- ++# Vendor error message ++ ++AC_ARG_WITH([vendor-error-message], ++ [AS_HELP_STRING([--with-vendor-error-message=ARG], ++ [Add a vendor specific error message shown if a realm command fails] ++ )], ++ [AS_IF([test "x$withval" != "x"], ++ [AC_DEFINE_UNQUOTED([VENDOR_MSG], ++ ["$withval"], ++ [Vendor specific error message])], ++ [AC_MSG_ERROR([--with-vendor-error-message requires an argument])] ++ )], ++ []) ++ + # ----------------------------------------------------------------------------- + # Basic tools + +diff --git a/tools/realm.c b/tools/realm.c +index 1530f09..8fdca16 100644 +--- a/tools/realm.c ++++ b/tools/realm.c +@@ -287,6 +287,13 @@ main (int argc, + ret = (realm_commands[i].function) (client, argc, argv); + g_object_unref (client); + ++#ifdef VENDOR_MSG ++ if (ret != 0) { ++ g_printerr (VENDOR_MSG"\n"); ++ } ++ ++#endif ++ + break; + } + } +-- +2.30.2 + diff --git a/SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch b/SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch new file mode 100644 index 0000000..f5345d6 --- /dev/null +++ b/SOURCES/0001-doc-add-computer-name-to-realm-man-page.patch @@ -0,0 +1,36 @@ +From 05100771ea6bd775caae705bb53f76a0816f3b81 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 11 May 2021 11:13:06 +0200 +Subject: [PATCH] doc: add computer-name to realm man page + +--- + doc/manual/realm.xml | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/doc/manual/realm.xml b/doc/manual/realm.xml +index 9160a8a..b4dc27c 100644 +--- a/doc/manual/realm.xml ++++ b/doc/manual/realm.xml +@@ -222,6 +222,19 @@ $ realm join --user=admin --computer-ou=OU=Special domain.example.com + supported for all realms. By default the membership software + is automatically selected. + ++ ++ ++ ++ This option only applies to Active ++ Directory realms. Specify this option to ++ override the default name used when creating ++ the computer account. The system's FQDN will ++ still be saved in the dNSHostName attribute. ++ Specify the name as a string of 15 or ++ fewer characters that is a valid NetBIOS ++ computer name. ++ ++ + + + Perform the join automatically without +-- +2.31.1 + diff --git a/SOURCES/0001-ldap-add-socket-timeout.patch b/SOURCES/0001-ldap-add-socket-timeout.patch new file mode 100644 index 0000000..2ba2db6 --- /dev/null +++ b/SOURCES/0001-ldap-add-socket-timeout.patch @@ -0,0 +1,78 @@ +From 370bf84857d5674a092f46fa5932a0c92ad5bbf5 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 24 Nov 2021 17:25:18 +0100 +Subject: [PATCH] ldap: add socket timeout + +During the discovery phase realmd tries to open LDAP connections to +multiple DC addresses returned by DNS. When cleaning up we have to call +ldap_destroy() to release the resources allocated for the LDAP context. +ldap_destroy() tries to send a LDAP unbind request independent of the +connection state. If the related address is block by a firewall or a not +properly routed IPv6 address there might be no reply on the TCP level +and the request might be stuck for quite some tome in the kernel. + +To avoid the unexpected long delays will block realmd this patch lowers +the timeout considerably to 5s. As multiple other timeouts this value is +currently hardcoded. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1817869 +--- + service/realm-ldap.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/service/realm-ldap.c b/service/realm-ldap.c +index bdfb96c..f7b6d13 100644 +--- a/service/realm-ldap.c ++++ b/service/realm-ldap.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + #include + +@@ -179,6 +180,7 @@ static GSourceFuncs socket_source_funcs = { + + /* Not included in ldap.h but documented */ + int ldap_init_fd (ber_socket_t fd, int proto, LDAP_CONST char *url, struct ldap **ldp); ++#define LDAP_SOCKET_TIMEOUT 5 + + GSource * + realm_ldap_connect_anonymous (GSocketAddress *address, +@@ -202,6 +204,8 @@ realm_ldap_connect_anonymous (GSocketAddress *address, + int opt_rc; + int ldap_opt_val; + const char *errmsg = NULL; ++ struct timeval tv = {LDAP_SOCKET_TIMEOUT, 0}; ++ unsigned int milli = LDAP_SOCKET_TIMEOUT * 1000; + + g_return_val_if_fail (G_IS_INET_SOCKET_ADDRESS (address), NULL); + +@@ -244,6 +248,23 @@ realm_ldap_connect_anonymous (GSocketAddress *address, + if (!g_unix_set_fd_nonblocking (ls->sock, FALSE, NULL)) + g_warning ("couldn't set to blocking"); + ++ /* Lower the kernel defaults which might be minutes to hours */ ++ rc = setsockopt (ls->sock, SOL_SOCKET, SO_RCVTIMEO, ++ &tv, sizeof (tv)); ++ if (rc != 0) { ++ g_warning ("couldn't set SO_RCVTIMEO"); ++ } ++ rc = setsockopt (ls->sock, SOL_SOCKET, SO_SNDTIMEO, ++ &tv, sizeof (tv)); ++ if (rc != 0) { ++ g_warning ("couldn't set SO_SNDTIMEO"); ++ } ++ rc = setsockopt (ls->sock, IPPROTO_TCP, TCP_USER_TIMEOUT, ++ &milli, sizeof (milli)); ++ if (rc != 0) { ++ g_warning ("couldn't set TCP_USER_TIMEOUT"); ++ } ++ + if (family == G_SOCKET_FAMILY_IPV4) { + url = g_strdup_printf ("%s://%s:%d", + use_ldaps ? "ldaps" : "ldap", +-- +2.34.1 + diff --git a/SOURCES/0001-samba-use-new-Samba-4.15-command-line-options.patch b/SOURCES/0001-samba-use-new-Samba-4.15-command-line-options.patch new file mode 100644 index 0000000..176d046 --- /dev/null +++ b/SOURCES/0001-samba-use-new-Samba-4.15-command-line-options.patch @@ -0,0 +1,128 @@ +From 68f73b78a34299ee37dd06e2ab3ede8985fa277b Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 14 Dec 2021 15:32:32 +0100 +Subject: [PATCH] samba: use new Samba-4.15 command line options + +Samba-4.15 changed a couple of command line options of the net utility. +This patch adds a configure option to select the new or the old style. +If the option is not used configure tries to call the net utility to +check for the options. If this fails the old style is used. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2028530 +--- + configure.ac | 34 ++++++++++++++++++++++++++++++++++ + service/realm-samba-enroll.c | 18 +++++++++++++----- + 2 files changed, 47 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index ea51f92..ddc25d0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -227,6 +227,40 @@ LDAP_CFLAGS="" + AC_SUBST(LDAP_LIBS) + AC_SUBST(LDAP_CFLAGS) + ++# ------------------------------------------------------------------- ++# Samba ++ ++AC_ARG_WITH(new-samba-cli-options, ++ AS_HELP_STRING([--with-new-samba-cli-options=yes/no], ++ [Use new command line options introduced with Samba-4.15, ++ if not provided the output of 'net help' is checked or old ++ style options are used])) ++ ++if test "$with_new_samba_cli_options" = "no"; then ++ AC_MSG_RESULT([Using old Samba command line options]) ++elif test "$with_new_samba_cli_options" = "yes"; then ++ AC_DEFINE_UNQUOTED(WITH_NEW_SAMBA_CLI_OPTS, 1, ++ [Use new command line options introduced with Samba-4.15]) ++ AC_MSG_RESULT([Using new Samba command line options]) ++else ++ AC_PATH_PROG([SAMBA_NET], [net]) ++ if test ! -x "$SAMBA_NET"; then ++ AC_MSG_NOTICE([Could not find Samba's net utility, ] ++ [assuming old style command line options, ] ++ [please install the net utility for proper detection.]) ++ else ++ AC_MSG_CHECKING([for --debug-stdout option of net]) ++ if AC_RUN_LOG([$SAMBA_NET help 2>&1 |grep -- '--debug-stdout' > /dev/null]); then ++ AC_DEFINE_UNQUOTED(WITH_NEW_SAMBA_CLI_OPTS, 1, ++ [Use new command line options introduced with Samba-4.15]) ++ AC_MSG_RESULT([yes]) ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ fi ++fi ++ ++ + # ------------------------------------------------------------------- + # Directories + +diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c +index 5624a08..8b2ee38 100644 +--- a/service/realm-samba-enroll.c ++++ b/service/realm-samba-enroll.c +@@ -37,6 +37,14 @@ + #include + #include + ++#ifdef WITH_NEW_SAMBA_CLI_OPTS ++#define SMBCLI_KERBEROS "--use-kerberos=required" ++#define SMBCLI_CONF "--configfile" ++#else ++#define SMBCLI_KERBEROS "-k" ++#define SMBCLI_CONF "-s" ++#endif ++ + typedef struct { + GDBusMethodInvocation *invocation; + gchar *join_args[8]; +@@ -260,7 +268,7 @@ begin_net_process (JoinClosure *join, + /* Use our custom smb.conf */ + g_ptr_array_add (args, (gpointer)realm_settings_path ("net")); + if (join->custom_smb_conf) { +- g_ptr_array_add (args, "-s"); ++ g_ptr_array_add (args, SMBCLI_CONF); + g_ptr_array_add (args, join->custom_smb_conf); + } + +@@ -370,7 +378,7 @@ on_join_do_keytab (GObject *source, + } else { + begin_net_process (join, NULL, + on_keytab_do_finish, g_object_ref (task), +- "-k", "ads", "keytab", "create", NULL); ++ SMBCLI_KERBEROS, "ads", "keytab", "create", NULL); + } + + g_object_unref (task); +@@ -428,7 +436,7 @@ begin_join (GTask *task, + begin_net_process (join, join->password_input, + on_join_do_keytab, g_object_ref (task), + "-U", join->user_name, +- "-k", "ads", "join", join->disco->domain_name, ++ SMBCLI_KERBEROS, "ads", "join", join->disco->domain_name, + join->join_args[0], join->join_args[1], + join->join_args[2], join->join_args[3], + join->join_args[4], NULL); +@@ -437,7 +445,7 @@ begin_join (GTask *task, + } else { + begin_net_process (join, NULL, + on_join_do_keytab, g_object_ref (task), +- "-k", "ads", "join", join->disco->domain_name, ++ SMBCLI_KERBEROS, "ads", "join", join->disco->domain_name, + join->join_args[0], join->join_args[1], + join->join_args[2], join->join_args[3], + join->join_args[4], NULL); +@@ -543,7 +551,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco, + join->envvar = g_strdup_printf ("KRB5CCNAME=%s", cred->x.ccache.file); + begin_net_process (join, NULL, + on_leave_complete, g_object_ref (task), +- "-k", "ads", "leave", NULL); ++ SMBCLI_KERBEROS, "ads", "leave", NULL); + break; + default: + g_return_if_reached (); +-- +2.34.1 + diff --git a/SOURCES/0001-switch-to-authselect.patch b/SOURCES/0001-switch-to-authselect.patch new file mode 100644 index 0000000..d750d6d --- /dev/null +++ b/SOURCES/0001-switch-to-authselect.patch @@ -0,0 +1,36 @@ +From 32645f2fc1ddfb2eed7069fd749602619f26ed37 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavel=20B=C5=99ezina?= +Date: Mon, 19 Feb 2018 11:51:06 +0100 +Subject: [PATCH] switch to authselect + +--- + service/realmd-redhat.conf | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf +index e39fad525c716d1ed99715280cd5d497b9039427..26cf6147f352e1b48c3261fa42707d816428f879 100644 +--- a/service/realmd-redhat.conf ++++ b/service/realmd-redhat.conf +@@ -23,15 +23,15 @@ adcli = /usr/sbin/adcli + freeipa-client = /usr/sbin/ipa-client-install + + [commands] +-winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" +-winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart ++winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" ++winbind-disable-logins = /usr/bin/authselect select sssd with-mkhomedir + winbind-enable-service = /usr/bin/systemctl enable winbind.service + winbind-disable-service = /usr/bin/systemctl disable winbind.service + winbind-restart-service = /usr/bin/systemctl restart winbind.service + winbind-stop-service = /usr/bin/systemctl stop winbind.service + +-sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" +-sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart ++sssd-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select sssd with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" ++sssd-disable-logins = /usr/bin/authselect select sssd with-mkhomedir + sssd-enable-service = /usr/bin/systemctl enable sssd.service + sssd-disable-service = /usr/bin/systemctl disable sssd.service + sssd-restart-service = /usr/bin/systemctl restart sssd.service +-- +2.9.3 + diff --git a/SOURCES/0001-syslog-avoid-duplicate-log-messages.patch b/SOURCES/0001-syslog-avoid-duplicate-log-messages.patch new file mode 100644 index 0000000..001b2a2 --- /dev/null +++ b/SOURCES/0001-syslog-avoid-duplicate-log-messages.patch @@ -0,0 +1,38 @@ +From 720ddd02100ab8592e081aed425c9455b397a462 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Thu, 25 Nov 2021 14:36:10 +0100 +Subject: [PATCH] syslog: avoid duplicate log messages + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2024248 +--- + service/realm-diagnostics.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/service/realm-diagnostics.c b/service/realm-diagnostics.c +index 850b2e3..6aa5288 100644 +--- a/service/realm-diagnostics.c ++++ b/service/realm-diagnostics.c +@@ -55,12 +55,20 @@ log_syslog_and_debug (GDBusMethodInvocation *invocation, + while ((ptr = memchr (at, '\n', length)) != NULL) { + *ptr = '\0'; + if (line_buffer && line_buffer->len > 0) { ++#ifdef WITH_JOURNAL ++ /* Call realm_daemon_syslog directly to add ++ * REALMD_OPERATION to the jounrnal */ + realm_daemon_syslog (operation, log_level, "%s%s", line_buffer->str, at); ++#else + g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s%s", line_buffer->str, at); ++#endif + g_string_set_size (line_buffer, 0); + } else { ++#ifdef WITH_JOURNAL + realm_daemon_syslog (operation, log_level, "%s", at); ++#else + g_log (G_LOG_DOMAIN, G_LOG_LEVEL_DEBUG, "%s", at); ++#endif + } + + *ptr = '\n'; +-- +2.34.1 + diff --git a/SOURCES/0002-configure-update-some-macros-for-autoconf-2.71.patch b/SOURCES/0002-configure-update-some-macros-for-autoconf-2.71.patch new file mode 100644 index 0000000..a47f0c5 --- /dev/null +++ b/SOURCES/0002-configure-update-some-macros-for-autoconf-2.71.patch @@ -0,0 +1,77 @@ +From cff19e9044e3f389a14fbc5e98366a31107d4a02 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 6 Apr 2021 15:23:54 +0200 +Subject: [PATCH 2/2] configure: update some macros for autoconf-2.71 + +--- + configure.ac | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 05ec1bf..4dac5a9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,4 +1,4 @@ +-AC_PREREQ(2.63) ++AC_PREREQ([2.63]) + + AC_INIT([realmd], [0.17.0], + [https://gitlab.freedesktop.org/realmd/realmd/-/issues], +@@ -69,8 +69,7 @@ AC_ARG_WITH([vendor-error-message], + # ----------------------------------------------------------------------------- + # Basic tools + +-AC_GNU_SOURCE +-AC_ISC_POSIX ++AC_USE_SYSTEM_EXTENSIONS + AC_PROG_CC + AC_PROG_CPP + AM_PROG_CC_C_O +@@ -109,7 +108,7 @@ AC_SUBST(POLKIT_LIBS) + + AC_MSG_CHECKING([systemd unit directory]) + AC_ARG_WITH(systemd-unit-dir, +- AC_HELP_STRING([--with-systemd-unit-dir], ++ AS_HELP_STRING([--with-systemd-unit-dir], + [Directory to install systemd service file])) + + if test "$with_systemd_unit_dir" = "" -o "$with_systemd_unit_dir" = "yes"; then +@@ -136,7 +135,7 @@ AC_SUBST(dbus_systemd_service) + AC_MSG_RESULT($with_systemd_unit_dir) + + AC_ARG_WITH(systemd-journal, +- AC_HELP_STRING([--with-systemd-journal], ++ AS_HELP_STRING([--with-systemd-journal], + [Use systemd's journal for logging])) + + if test "$with_systemd_journal" != "no"; then +@@ -245,7 +244,7 @@ AC_SUBST(POLKIT_ACTION_DIR) + + AC_MSG_CHECKING([whether to build documentation]) + AC_ARG_ENABLE(doc, +- AC_HELP_STRING([--enable-doc], ++ AS_HELP_STRING([--enable-doc], + [Disable building documentation]) + ) + +@@ -314,7 +313,7 @@ AC_SUBST(GENHTML) + + AC_MSG_CHECKING([for debug mode]) + AC_ARG_ENABLE(debug, +- AC_HELP_STRING([--enable-debug=no/default/yes], ++ AS_HELP_STRING([--enable-debug=no/default/yes], + [Turn on or off debugging]) + ) + +@@ -397,7 +396,7 @@ AC_SUBST(TEST_MODE) + privatedir='${prefix}/lib/realmd' + AC_MSG_CHECKING([private directory]) + AC_ARG_WITH(private-dir, +- AC_HELP_STRING([--with-private-dir=DIR], ++ AS_HELP_STRING([--with-private-dir=DIR], + [Directory to install realmd system defaults (default: ${prefix}/lib/realmd)])) + + if test -n "$with_private_dir"; then +-- +2.30.2 + diff --git a/SOURCES/ipa-packages.patch b/SOURCES/ipa-packages.patch new file mode 100644 index 0000000..67df543 --- /dev/null +++ b/SOURCES/ipa-packages.patch @@ -0,0 +1,13 @@ +diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf +index da2de55..856b36d 100644 +--- a/service/realmd-redhat.conf ++++ b/service/realmd-redhat.conf +@@ -20,7 +20,7 @@ oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir + adcli = /usr/sbin/adcli + + [ipa-packages] +-freeipa-client = /usr/sbin/ipa-client-install ++ipa-client = /usr/sbin/ipa-client-install + + [commands] + winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" diff --git a/SPECS/realmd.spec b/SPECS/realmd.spec new file mode 100644 index 0000000..0c8f2db --- /dev/null +++ b/SPECS/realmd.spec @@ -0,0 +1,463 @@ +Name: realmd +Version: 0.17.0 +Release: 9%{?dist} +Summary: Kerberos realm enrollment service +License: LGPLv2+ +URL: https://gitlab.freedesktop.org/realmd/realmd +Source0: https://gitlab.freedesktop.org/sbose/realmd/uploads/b13a87292762bdad3ecbfe65bbb57211/realmd-%{version}.tar.gz + +Patch1: 0001-switch-to-authselect.patch +Patch2: 0001-build-add-with-vendor-error-message-configure-option.patch +Patch3: 0002-configure-update-some-macros-for-autoconf-2.71.patch +Patch4: 0001-doc-add-computer-name-to-realm-man-page.patch + +# rhbz#1978255 - regression in realmd/Sanity/realmd-service-sanity +Patch5: ipa-packages.patch + +# rhbz#2038260 - realmd operations hang if a DC is unreachable +Patch6: 0001-ldap-add-socket-timeout.patch + +# rhbz#2038268 - realmd logs are duplicated +Patch7: 0001-syslog-avoid-duplicate-log-messages.patch + +# rhbz#2028530 - realm join needs to updated to use the command line options of +# Samba's net command +Patch8: 0001-samba-use-new-Samba-4.15-command-line-options.patch + +BuildRequires: make +BuildRequires: gcc +BuildRequires: automake +BuildRequires: autoconf +BuildRequires: intltool pkgconfig +BuildRequires: gettext-devel +BuildRequires: glib2-devel >= 2.32.0 +BuildRequires: openldap-devel +BuildRequires: polkit-devel +BuildRequires: krb5-devel +BuildRequires: systemd-devel +BuildRequires: libxslt +BuildRequires: xmlto +BuildRequires: samba-common-tools +BuildRequires: python3 + +Requires: authselect +Requires: polkit +Conflicts: realmd-devel-docs < %{version}-%{release} +# This build will use Samba's new command line options so it cannot be used +# with older versions of Samba. +Conflicts: samba-common-tools < 4.15 + +%description +realmd is a DBus system service which manages discovery and enrollment in realms +and domains like Active Directory or IPA. The control center uses realmd as the +back end to 'join' a domain simply and automatically configure things correctly. + +%package devel-docs +Summary: Developer documentation files for %{name} +Conflicts: realmd < %{version}-%{release} + +%description devel-docs +The %{name}-devel package contains developer documentation for developing +applications that use %{name}. + +%define _hardened_build 1 + +%prep +%autosetup -p1 + +%build +autoreconf -fi +%configure --disable-silent-rules \ + --with-new-samba-cli-options=yes \ +%if 0%{?rhel} + --with-vendor-error-message='Please check\n https://red.ht/support_rhel_ad \nto get help for common issues.' \ +%endif + %{nil} + +make %{?_smp_mflags} + +%check +make check + +%install +make install DESTDIR=%{buildroot} + +%find_lang realmd + +%post +%systemd_post realmd.service + +%preun +%systemd_preun realmd.service + +%postun +%systemd_postun_with_restart realmd.service + +%files -f realmd.lang +%doc AUTHORS COPYING NEWS README +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf +%{_sbindir}/realm +%dir %{_prefix}/lib/realmd +%{_libexecdir}/realmd +%{_prefix}/lib/realmd/realmd-defaults.conf +%{_prefix}/lib/realmd/realmd-distro.conf +%{_unitdir}/realmd.service +%{_datadir}/dbus-1/system-services/org.freedesktop.realmd.service +%{_datadir}/polkit-1/actions/org.freedesktop.realmd.policy +%{_mandir}/man8/realm.8.gz +%{_mandir}/man5/realmd.conf.5.gz +%{_localstatedir}/cache/realmd/ + +%files devel-docs +%doc %{_datadir}/doc/realmd/ +%doc ChangeLog + +%changelog +* Tue Jan 11 2022 Sumit Bose - 0.17.0-9 +- enforce new Samba command line options + Resolves: rhbz#2028530 + +* Mon Jan 10 2022 Sumit Bose - 0.17.0-8 +- LDAP socket timeout, fix duplicated logs and new Samba command line options + Resolves: rhbz#2038260 + Resolves: rhbz#2038268 + Resolves: rhbz#2028530 + +* Tue Aug 10 2021 Mohan Boddu - 0.17.0-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Jul 01 2021 Sumit Bose - 0.17.0-6 +- regression in realmd/Sanity/realmd-service-sanity + Resolves: rhbz#1978255 + +* Tue Jun 29 2021 Sumit Bose - 0.17.0-5 +- Updates and fixes from upstream, Fedora and RHEL-8.5 + Resolves: rhbz#1977163 + +* Fri Apr 16 2021 Mohan Boddu - 0.17.0-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Mar 03 2021 Sumit Bose - 0.17.0-3 +- Use authselect instead of authconfig + Resolves: rhbz#1934124 + +* Sat Feb 20 2021 Sumit Bose - 0.17.0-2 +- Add Conflicts to avoid update/downgrade issues + +* Fri Feb 19 2021 Sumit Bose - 0.17.0-1 +- Updated to upstream 0.17.0 + +* Wed Jan 27 2021 Fedora Release Engineering - 0.16.3-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Nov 04 2020 Sumit Bose - 0.16.3-27 +- Sync with latest upstream patches + +* Wed Aug 12 2020 Sumit Bose - 0.16.3-25 +- Sync with latest upstream patches + +* Sat Aug 01 2020 Fedora Release Engineering - 0.16.3-25 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 0.16.3-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Mar 18 2020 Sumit Bose - 0.16.3-23 +- Sync with latest upstream patches and fix package URL + Resolves: rhbz#1800897 + +* Thu Jan 30 2020 Fedora Release Engineering - 0.16.3-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Aug 02 2019 Sumit Bose - 0.16.3-21 +- Remove gtester support, use autosetup + Resolves: rhbz#1736578 + +* Fri Jul 26 2019 Fedora Release Engineering - 0.16.3-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Feb 21 2019 Sumit Bose - 0.16.3-19 +- fix test depending on order + Resolves: rhbz#1675879 + +* Wed Feb 20 2019 Adam Williamson - 0.16.3-18 +- Backport fix from upstream to always install latest packages via PK + +* Sat Feb 02 2019 Fedora Release Engineering - 0.16.3-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Sep 27 2018 Sumit Bose - 0.16.3-16 +- Do not call authselect for IPA domains + Resolves: rhbz#1620097 + +* Tue Aug 21 2018 Sumit Bose - 0.16.3-15 +- Change IPA defaults and improve realm discovery + Resolves: rhbz#1575538 + Resolves: rhbz#1145777 + +* Sat Jul 14 2018 Fedora Release Engineering - 0.16.3-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 04 2018 Sumit Bose - 0.16.3-13 +- Drop python2 build dependency +- Add polkit runtime dependency + Resolves: rhbz#1577178 +- Fix documentation reference in systemd unit file + Resolves: rhbz#1596323 +- Use current Samba config options + Resolves: rhbz#1482926 + +* Sun Mar 18 2018 René Genz - 0.16.3-12 +- use correct authselect syntax for *-disable-logins to fix rhbz#1558245 +- Iryna Shcherbina + Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Thu Mar 01 2018 Sumit Bose - 0.16.3-11 +- Require authselect instead of authconfig, related: rhbz#1537246 + +* Tue Feb 20 2018 Sumit Bose - 0.16.3-10 +- added BuildRequires gcc +- Use authselect instead of authconfig, related: rhbz#1537246 + +* Fri Feb 09 2018 Fedora Release Engineering - 0.16.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Sep 05 2017 Petr Pisar - 0.16.3-8 +- Update all m4 macros to prevent from mismatching between Automake versions + +* Thu Aug 03 2017 Fedora Release Engineering - 0.16.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.16.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Apr 25 2017 Sumit Bose - 0.16.3-5 +- Resolves: rhbz#1445017 + +* Sat Feb 11 2017 Fedora Release Engineering - 0.16.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 19 2017 Merlin Mathesius - 0.16.3-3 +- Add BuildRequires: python to fix FTBFS (BZ#1415000). + +* Tue Dec 13 2016 Sumit Bose - 0.16.3-2 +- Resolves: rhbz#1401605 + +* Wed Nov 30 2016 Sumit Bose - 0.16.3-1 +- Updated to upstream 0.16.3 plus patches from git master + +* Fri Jun 03 2016 Sumit Bose - 0.16.2-5 +- properly apply patch for rhbz#1330766 +- Resolves: rhbz#1330766 + +* Wed May 18 2016 Sumit Bose - 0.16.2-4 +- Resolves: rhbz#1330766 + +* Thu Feb 04 2016 Fedora Release Engineering - 0.16.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Sep 11 2015 Stef Walter - 0.16.2-2 +- Fixed --computer-ou regression +- Show message when installing packages + +* Fri Jul 31 2015 Stef Walter - 0.16.2-1 +- Updated to upstream 0.16.2 +- Install to $prefix/lib instead of $libdir +- Resolves: rhbz#1246741 + +* Tue Jul 14 2015 Stef Walter - 0.16.1-1 +- Updated to upstream 0.16.1 +- Resolves: rhbz#1231128 + +* Thu Jun 18 2015 Fedora Release Engineering - 0.16.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Apr 14 2015 Stef Walter - 0.16.0-1 +- Updated to upstream 0.16.0 +- Resolves: rhbz#1205753 +- Resolves: rhbz#1142190 +- Resolves: rhbz#1061091 +- Resolves: rhbz#1205752 + +* Thu Apr 09 2015 Stephen Gallagher - 0.15.2-2 +- Resolves: rhbz#1210483 + +* Mon Oct 06 2014 Stef Walter - 0.15.2-1 +- Update to upstream 0.15.2 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.15.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 0.15.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat May 31 2014 Peter Robinson 0.15.1-2 +- Move ChangeLog to devel-docs. NEWS is probably riveting enough for users + +* Fri May 23 2014 Stef Walter - 0.15.1-1 +- Update to upstream 0.15.1 +- Remove the packagekit patch that's now integrated upstream + +* Thu Jan 30 2014 Richard Hughes - 0.15.0-2 +- Rebuild for libpackagekit-glib soname bump + +* Tue Jan 07 2014 Stef Walter - 0.15.0-1 +- Update to upstream 0.15.0 release, fixing various bugs + +* Mon Sep 09 2013 Stef Walter - 0.14.6-1 +- Update to upstream 0.14.6 point release +- Set 'kerberos method = system keytab' in smb.conf properly +- Limit Netbios name to 15 chars when joining AD domain + +* Thu Aug 15 2013 Stef Walter - 0.14.5-1 +- Update to upstream 0.14.5 point release +- Fix regression conflicting --unattended and -U as in --user args +- Pass discovered server address to adcli tool + +* Wed Aug 07 2013 Stef Walter - 0.14.4-1 +- Update to upstream 0.14.4 point release +- Fix up the [sssd] section in sssd.conf if it's screwed up +- Add an --unattended argument to realm command line client +- Clearer 'realm permit' manual page example + +* Wed Aug 07 2013 Stef Walter - 0.14.3-1 +- Update to upstream 0.14.3 point release +- Populate LoginFormats correctly [#961442] +- Documentation clarifications +- Set sssd.conf default_shell per domain +- Notify in terminal output when installing packages +- If joined via adcli, delete computer with adcli too [#961244] +- If input is not a tty, read from stdin without getpass() [#983153] +- Configure pam_winbind.conf appropriately [#983153] +- Refer to FreeIPA as IPA +- Support use of kerberos ccache to join when winbind + +* Sun Aug 04 2013 Fedora Release Engineering - 0.14.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Stef Walter - 0.14.2-4 +- Build with verbose automake output + +* Tue Jun 11 2013 Stef Walter - 0.14.2-3 +- Run test suite when building the package +- Fix rpmlint errors + +* Thu Jun 06 2013 Stef Walter - 0.14.2-2 +- Install oddjobd and oddjob-mkhomedir when joining domains [#969441] + +* Mon May 27 2013 Stef Walter - 0.14.2-1 +- Update to upstream 0.14.2 version +- Discover FreeIPA 3.0 with AD trust correctly [#966148] +- Only allow joining one realm by default [#966650] +- Enable the oddjobd service after joining a domain [#964971] +- Remove sssd.conf allow lists when permitting all [#965760] +- Add dependency on authconfig [#964675] +- Remove glib-networking dependency now that we no longer use SSL. + +* Mon May 13 2013 Stef Walter - 0.14.1-1 +- Update to upstream 0.14.1 version +- Fix crasher/regression using passwords with joins [#961435] +- Make second Ctrl-C just quit realm tool [#961325] +- Fix critical warning when leaving IPA realm [#961320] +- Don't print out journalctl command in obvious situations [#961230] +- Document the --all option to 'realm discover' [#961279] +- No need to require sssd-tools package [#961254] +- Enable services even in install mode [#960887] +- Use the AD domain name in sssd.conf directly [#960270] +- Fix critical warning when service Release() method [#961385] + +* Mon May 06 2013 Stef Walter - 0.14.0-1 +- Work around broken krb5 with empty passwords [#960001] +- Add manual page for realmd.conf [#959357] +- Update to upstream 0.14.0 version + +* Thu May 02 2013 Stef Walter - 0.13.91-1 +- Fix regression when using one time password [#958667] +- Support for permitting logins by group [#887675] + +* Mon Apr 29 2013 Stef Walter - 0.13.90-1 +- Add option to disable package-kit installs [#953852] +- Add option to use unqualified names [#953825] +- Better discovery of domains [#953153] +- Concept of managing parts of the system [#914892] +- Fix problems with cache directory [#913457] +- Clearly explain when realm cannot be joined [#878018] +- Many other upstream enhancements and fixes + +* Wed Apr 17 2013 Stef Walter - 0.13.3-2 +- Add missing glib-networking dependency, currently used + for FreeIPA discovery [#953151] + +* Wed Apr 17 2013 Stef Walter - 0.13.3-1 +- Update for upstream 0.13.3 version +- Add dependency on systemd for installing service file + +* Tue Apr 16 2013 Stef Walter - 0.13.2-2 +- Fix problem with sssd not starting after joining + +* Mon Feb 18 2013 Stef Walter - 0.13.2-1 +- Update to upstream 0.13.2 version + +* Mon Feb 18 2013 Stef Walter - 0.13.1-1 +- Update to upstream 0.13.1 version for bug fixes + +* Thu Feb 14 2013 Fedora Release Engineering - 0.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Stef Walter - 0.12-1 +- Update to upstream 0.12 version for bug fixes + +* Tue Oct 30 2012 Stef Walter - 0.11-1 +- Update to upstream 0.11 version + +* Sat Oct 20 2012 Stef Walter - 0.10-1 +- Update to upstream 0.10 version + +* Wed Oct 17 2012 Stef Walter - 0.9-1 +- Update to upstream 0.9 version + +* Wed Sep 19 2012 Stef Walter - 0.8-2 +- Add openldap-devel build requirement + +* Wed Sep 19 2012 Stef Walter - 0.8-1 +- Update to upstream 0.8 version +- Add support for translations + +* Mon Aug 20 2012 Stef Walter - 0.7-2 +- Build requires gtk-doc + +* Mon Aug 20 2012 Stef Walter - 0.7-1 +- Update to upstream 0.7 version +- Remove files no longer present in upstream version +- Put documentation in its own realmd-devel-docs subpackage +- Update upstream URLs + +* Mon Aug 6 2012 Stef Walter - 0.6-1 +- Update to upstream 0.6 version + +* Tue Jul 17 2012 Stef Walter - 0.5-2 +- Remove missing SssdIpa.service file from the files list. + This file will return upstream in 0.6 + +* Tue Jul 17 2012 Stef Walter - 0.5-1 +- Update to upstream 0.5 version + +* Tue Jun 19 2012 Stef Walter - 0.4-1 +- Update to upstream 0.4 version +- Cleanup various rpmlint warnings + +* Tue Jun 19 2012 Stef Walter - 0.3-2 +- Add doc files +- Own directories +- Remove obsolete parts of spec file +- Remove explicit dependencies +- Updated License line to LGPLv2+ + +* Tue Jun 19 2012 Stef Walter - 0.3 +- Build fixes + +* Mon Jun 18 2012 Stef Walter - 0.2 +- Initial RPM