summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-06-05 12:53:30 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-11 16:32:25 +0200
commita5ff89ca9d55aab2107c4be073fa5d983e9d385f (patch)
tree29cba9ed1a696d77baa0fc5d445b60bd95de5559
parent12a73062d84fec27536b09fd275ea248d14b93e5 (diff)
downloadsssd-a5ff89ca9d55aab2107c4be073fa5d983e9d385f.tar.gz
sssd-a5ff89ca9d55aab2107c4be073fa5d983e9d385f.tar.xz
sssd-a5ff89ca9d55aab2107c4be073fa5d983e9d385f.zip
rpm: Split providers into separate subpackages
https://fedorahosted.org/sssd/ticket/1510 This patch splits the previously monolithic sssd package into sssd-common that contains the deamon and the responders and per-provider packages such as sssd-ldap or sssd-ipa. This split would benefit two parties: 1) security auditors who are often trying to find the smallest package set including dependencies needed for the package to function. They would be able to i.e. install sssd-ldap and not bother about sssd-ipa or sssd-ad pulling in more dependencies. 2) 3rd party programs such as realmd or authconfig that would only be able to require or install on demand the needed packages.
-rw-r--r--contrib/sssd.spec.in233
-rw-r--r--version.m42
2 files changed, 188 insertions, 47 deletions
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index c48a5de90..b9f852201 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -60,30 +60,13 @@ Patch0001: sssd-1.9-man-change-default-ccache.patch
### Dependencies ###
-Requires: libldb >= 0.9.3
-Requires: libtdb >= 1.1.3
-Requires: sssd-client%{?_isa} = %{version}-%{release}
-Requires: libipa_hbac = %{version}-%{release}
-Requires: libsss_idmap = %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-ldap = %{version}-%{release}
+Requires: sssd-krb5 = %{version}-%{release}
+Requires: sssd-ipa = %{version}-%{release}
+Requires: sssd-ad = %{version}-%{release}
+Requires: sssd-proxy = %{version}-%{release}
Requires: python-sssdconfig = %{version}-%{release}
-Requires: cyrus-sasl-gssapi
-%if (0%{?use_systemd} == 1)
-Requires(post): systemd-units systemd-sysv
-Requires(preun): systemd-units
-Requires(postun): systemd-units
-%else
-Requires(post): initscripts chkconfig
-Requires(preun): initscripts chkconfig
-Requires(postun): initscripts chkconfig
-%endif
-
-### Provides ###
-Provides: libsss_sudo = %{version}-%{release}
-Obsoletes: libsss_sudo < %{version}-%{release}
-Provides: libsss_sudo-devel = %{version}-%{release}
-Obsoletes: libsss_sudo-devel < %{version}-%{release}
-Provides: libsss_autofs = %{version}-%{release}
-Obsoletes: libsss_autofs < %{version}-%{release}
%global servicename sssd
%global sssdstatedir %{_localstatedir}/lib/sss
@@ -159,6 +142,40 @@ the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
+The sssd subpackage is a meta-package that contains the deamon as well as all
+the existing back ends.
+
+%package common
+Summary: Common files for the SSSD
+Group: Applications/System
+License: GPLv3+
+Requires: libldb >= 0.9.3
+Requires: libtdb >= 1.1.3
+Requires: sssd-client%{?_isa} = %{version}-%{release}
+Conflicts: sssd < %{version}-%{release}
+%if (0%{?use_systemd} == 1)
+Requires(post): systemd-units systemd-sysv
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+%else
+Requires(post): initscripts chkconfig
+Requires(preun): initscripts chkconfig
+Requires(postun): initscripts chkconfig
+%endif
+
+### Provides ###
+Provides: libsss_sudo = %{version}-%{release}
+Obsoletes: libsss_sudo <= 1.9.93
+Provides: libsss_sudo-devel = %{version}-%{release}
+Obsoletes: libsss_sudo-devel <= 1.9.93
+Provides: libsss_autofs = %{version}-%{release}
+Obsoletes: libsss_autofs <= 1.9.93
+
+%description common
+Common files for the SSSD. The common package includes all the files needed
+to run a particular back end, however, the back ends are packaged in separate
+subpackages such as sssd-ldap.
+
%package client
Summary: SSSD Client libraries for NSS and PAM
Group: Applications/System
@@ -174,7 +191,7 @@ service.
Summary: Userspace tools for use with the SSSD
Group: Applications/System
License: GPLv3+
-Requires: sssd = %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
%description tools
Provides userspace tools for manipulating users, groups, and nested groups in
@@ -194,6 +211,83 @@ BuildArch: noarch
%description -n python-sssdconfig
Provides python files for manipulation SSSD and IPA configuration files.
+%package ldap
+Summary: The LDAP back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+
+%description ldap
+Provides the LDAP back end that the SSSD can utilize to fetch identity data
+from and authenticate against an LDAP server.
+
+%package krb5-common
+Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < %{version}-%{release}
+Requires: cyrus-sasl-gssapi
+Requires: sssd-common = %{version}-%{release}
+
+%description krb5-common
+Provides helper processes that the LDAP and Kerberos back ends can use for
+Kerberos user or host authentication.
+
+%package krb5
+Summary: The Kerberos authentication back end for the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+
+%description krb5
+Provides the Kerberos back end that the SSSD can utilize authenticate
+against a Kerberos server.
+
+%package ipa
+Summary: The IPA back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+Requires: libipa_hbac = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Requires: bind-utils
+
+%description ipa
+Provides the IPA back end that the SSSD can utilize to fetch identity data
+from and authenticate against an IPA server.
+
+%package ad
+Summary: The AD back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
+Requires: sssd-krb5-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
+Requires: bind-utils
+
+%description ad
+Provides the Active Directory back end that the SSSD can utilize to fetch
+identity data from and authenticate against an Active Directory server.
+
+%package proxy
+Summary: The proxy back end of the SSSD
+Group: Applications/System
+License: GPLv3+
+Conflicts: sssd < %{version}-%{release}
+Requires: sssd-common = %{version}-%{release}
+
+%description proxy
+Provides the proxy back end which can be used to wrap an existing NSS and/or
+PAM modules to leverage SSSD caching.
+
%package -n libsss_idmap
Summary: FreeIPA Idmap library
Group: Development/Libraries
@@ -272,7 +366,7 @@ The libsss_nss_idmap-python contains the bindings so that libsss_nss_idmap can
be used by Python applications.
%prep
-%setup -q
+%setup -q -n %{name}-%{version}
%if (0%{?fedora} >= 17)
%patch0001 -p1
%endif
@@ -359,6 +453,11 @@ done
touch sssd.lang
touch sssd_tools.lang
touch sssd_client.lang
+for provider in ldap krb5 ipa ad proxy
+do
+ touch sssd_$provider.lang
+done
+
for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
do
lang=`echo $man | cut -c 1-2`
@@ -372,6 +471,21 @@ do
sssd_krb5_*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
;;
+ sssd-ldap*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
+ ;;
+ sssd-krb5*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
+ ;;
+ sssd-ipa*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
+ ;;
+ sssd-ad*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
+ ;;
+ sssd-proxy*)
+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
+ ;;
*)
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
;;
@@ -386,7 +500,11 @@ touch $RPM_BUILD_ROOT/%{mcpath}/group
%clean
rm -rf $RPM_BUILD_ROOT
-%files -f sssd.lang
+%files
+%defattr(-,root,root,-)
+%doc COPYING
+
+%files common -f sssd.lang
%defattr(-,root,root,-)
%doc COPYING
%doc src/examples/sssd-example.conf
@@ -398,9 +516,6 @@ rm -rf $RPM_BUILD_ROOT
%endif
%dir %{_libexecdir}/%{servicename}
-%{_libexecdir}/%{servicename}/krb5_child
-%{_libexecdir}/%{servicename}/ldap_child
-%{_libexecdir}/%{servicename}/proxy_child
%{_libexecdir}/%{servicename}/sssd_be
%{_libexecdir}/%{servicename}/sssd_nss
%{_libexecdir}/%{servicename}/sssd_pam
@@ -409,25 +524,13 @@ rm -rf $RPM_BUILD_ROOT
%{_libexecdir}/%{servicename}/sssd_ssh
%{_libexecdir}/%{servicename}/sssd_sudo
-# RHEL 5 is too old to support the PAC responder
-%if !0%{?is_rhel5}
-%{_libexecdir}/%{servicename}/sssd_pac
-
-%endif
-
%dir %{_libdir}/%{name}
-%{_libdir}/%{name}/libsss_ad.so
-%{_libdir}/%{name}/libsss_ipa.so
-%{_libdir}/%{name}/libsss_krb5.so
-%{_libdir}/%{name}/libsss_ldap.so
-%{_libdir}/%{name}/libsss_proxy.so
%{_libdir}/%{name}/libsss_simple.so
#Internal shared libraries
%{_libdir}/%{name}/libsss_child.so
%{_libdir}/%{name}/libsss_crypt.so
%{_libdir}/%{name}/libsss_debug.so
-%{_libdir}/%{name}/libsss_krb5_common.so
%{_libdir}/%{name}/libsss_ldap_common.so
%{_libdir}/%{name}/libsss_util.so
@@ -448,7 +551,6 @@ rm -rf $RPM_BUILD_ROOT
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group
%attr(755,root,root) %dir %{pipepath}
%attr(755,root,root) %dir %{pubconfpath}
-%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
%attr(700,root,root) %dir %{pipepath}/private
%attr(750,root,root) %dir %{_var}/log/%{name}
%attr(711,root,root) %dir %{_sysconfdir}/sssd
@@ -459,10 +561,6 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/sssd/sssd.api.conf
%{_datadir}/sssd/sssd.api.d
%{_mandir}/man5/sssd.conf.5*
-%{_mandir}/man5/sssd-ipa.5*
-%{_mandir}/man5/sssd-ad.5*
-%{_mandir}/man5/sssd-krb5.5*
-%{_mandir}/man5/sssd-ldap.5*
%{_mandir}/man5/sssd-simple.5*
%{_mandir}/man5/sssd-sudo.5*
%{_mandir}/man8/sssd.8*
@@ -472,6 +570,49 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/pysss.so
%{python_sitearch}/pysss_murmur.so
+%files ldap -f sssd_ldap.lang
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_ldap.so
+%{_mandir}/man5/sssd-ldap.5*
+
+%files krb5-common
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_krb5_common.so
+%{_libexecdir}/%{servicename}/ldap_child
+%{_libexecdir}/%{servicename}/krb5_child
+
+%files krb5 -f sssd_krb5.lang
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_krb5.so
+%{_mandir}/man5/sssd-krb5.5*
+
+%files ipa -f sssd_ipa.lang
+%defattr(-,root,root,-)
+%doc COPYING
+# RHEL 5 is too old to support the PAC responder
+%if !0%{?is_rhel5}
+%{_libexecdir}/%{servicename}/sssd_pac
+%endif
+
+%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
+%{_libdir}/%{name}/libsss_ipa.so
+%{_mandir}/man5/sssd-ipa.5*
+
+%files ad -f sssd_ad.lang
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libdir}/%{name}/libsss_ad.so
+%{_mandir}/man5/sssd-ad.5*
+
+%files proxy
+%defattr(-,root,root,-)
+%doc COPYING
+%{_libexecdir}/%{servicename}/proxy_child
+%{_libdir}/%{name}/libsss_proxy.so
+
%files client -f sssd_client.lang
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
diff --git a/version.m4 b/version.m4
index 7a07ea5e0..1435f6999 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
# Primary version number
-m4_define([VERSION_NUMBER], [1.9.93])
+m4_define([VERSION_NUMBER], [1.9.94])
# If the PRERELEASE_VERSION_NUMBER is set, we'll append
# it to the release tag when creating an RPM or SRPM