%define bootstrap 0 %{?_without_bootstrap: %global bootstrap 0} %{?_with_bootstrap: %global bootstrap 1} %define name krb5 %define version 1.11.1 %define release %mkrel 1 %define major 3 %define libname %mklibname %name %major # enable checking after compile %define enable_check 0 %{?_with_check: %global %enable_check 1} Summary: The Kerberos network authentication system Name: %{name} Version: %{version} Release: %{release} License: MIT Group: System/Libraries URL: http://web.mit.edu/kerberos/www/ # from http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar Source0: %{name}-%{version}.tar.gz Source1: %{name}-%{version}.tar.gz.asc Source2: kprop.service Source3: kadmin.service Source4: krb5kdc.service Source5: kadmin.sysconfig Source6: krb5kdc.sysconfig Source7: kadmin.logrotate Source8: krb5kdc.logrotate Source9: krb5.conf Source10: kdc.conf Source11: kadm5.acl Source25: krb5-1.10-manpaths.txt Source29: ksu.pamd # stolen from fedora Patch5: krb5-1.10-ksu-access.patch Patch6: krb5-1.10-ksu-path.patch Patch12: krb5-1.7-ktany.patch Patch16: krb5-1.10-buildconf.patch Patch23: krb5-1.3.1-dns.patch Patch29: krb5-1.10-kprop-mktemp.patch Patch30: krb5-1.3.4-send-pr-tempfile.patch Patch39: krb5-1.8-api.patch Patch56: krb5-1.10-doublelog.patch Patch59: krb5-1.10-kpasswd_tcp.patch Patch60: krb5-1.11-pam.patch Patch71: krb5-1.11-dirsrv-accountlock.patch Patch75: krb5-pkinit-debug.patch Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch BuildRequires: flex BuildRequires: bison BuildRequires: chrpath BuildRequires: termcap-devel BuildRequires: e2fsprogs-devel BuildRequires: pam-devel BuildRequires: verto-devel BuildRequires: python-sphinx BuildRequires: texlive BuildRequires: openssl-devel %if %enable_check BuildRequires: dejagnu %endif BuildRequires: multiarch-utils >= 1.0.3 %if !%bootstrap BuildRequires: openldap-devel %endif %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package -n %{libname}-devel Summary: Development files needed for compiling Kerberos 5 programs Group: Development/Other Requires: %{libname} = %{version} Provides: krb-devel = %{version}-%{release} Provides: krb5-devel = %{version}-%{release} Provides: libkrb-devel %description -n %{libname}-devel Kerberos is a network authentication system. The krb5-devel package contains the header files and libraries needed for compiling Kerberos 5 programs. If you want to develop Kerberos-aware programs, you'll need to install this package. %package -n %{libname} Summary: The shared libraries used by Kerberos 5 Group: System/Libraries Provides: krb5-libs = %{version}-%{release} # we need the conf file, and better make sure it's a recent version # for example, previous MIT kerberos versions didn't have ldap support, # and this is specified in the conf file Requires: %{name} >= %{version} %description -n %{libname} Kerberos is a network authentication system. The krb5-libs package contains the shared libraries needed by Kerberos 5. If you're using Kerberos, you'll need to install this package. %package server Group: System/Servers Summary: The server programs for Kerberos 5 Requires: %{libname} = %{version}-%{release} Requires(post): rpm-helper Requires(preun):rpm-helper %description server Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 server. If you're installing a Kerberos 5 server, you need to install this package (in other words, most people should NOT install this package). %package server-ldap Group: System/Servers Summary: The LDAP storage plugin for the Kerberos 5 KDC Requires: %{name}-server = %{version}-%{release} %description server-ldap Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 key distribution center (KDC). If you are installing a Kerberos 5 KDC, and you wish to use a directory server to store the data for your realm, you need to install this package. %package workstation Summary: Kerberos 5 programs for use on workstations Group: System/Base Requires: %{libname} = %{version}-%{release} Requires(post): rpm-helper Requires(preun):rpm-helper Provides: kerberos-workstation %description workstation Kerberos is a network authentication system. The krb5-workstation package contains the basic Kerberos programs (kinit, klist, kdestroy, kpasswd). If your network uses Kerberos, this package should be installed on every workstation. %package pkinit-openssl Summary: The PKINIT module for Kerberos 5 Group: System/Libraries Requires: %{name}-libs = %{version}-%{release} %description pkinit-openssl Kerberos is a network authentication system. The krb5-pkinit-openssl package contains the PKINIT plugin, which uses OpenSSL to allow clients to obtain initial credentials from a KDC using a private key and a certificate. %prep %setup -q %patch60 -p1 -b .pam %patch5 -p1 -b .ksu-access %patch6 -p1 -b .ksu-path %patch12 -p1 -b .ktany %patch16 -p1 -b .buildconf %patch23 -p1 -b .dns %patch29 -p1 -b .kprop-mktemp %patch30 -p1 -b .send-pr-tempfile %patch39 -p1 -b .api %patch56 -p1 -b .doublelog %patch59 -p1 -b .kpasswd_tcp %patch71 -p1 -b .dirsrv-accountlock %patch86 -p0 -b .debuginfo %patch105 -p1 -b .kvno # Take the execute bit off of documentation. chmod -x doc/krb5-protocol/*.txt sed -i s,^attributetype:,attributetypes:,g \ src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif pushd src autoreconf %build %serverbuild pushd src # Work out the CFLAGS and CPPFLAGS which we intend to use. INCLUDES=-I%{_includedir}/et CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC`" CPPFLAGS="`echo $DEFINES $INCLUDES`" %configure2_5x \ CC="%{__cc}" \ CFLAGS="$CFLAGS" \ CPPFLAGS="$CPPFLAGS" \ --enable-shared \ --localstatedir=%{_localstatedir}/lib \ --enable-dns-for-realm \ --enable-pkinit \ --without-tcl \ --with-system-et \ --with-system-ss \ --with-system-verto \ --disable-static \ --disable-rpath \ %if !%bootstrap --with-ldap \ %endif --with-pam \ --with-dirsrv-account-locking # parallel build causes troubles on build host make popd # Build the docs. make -C src/doc paths.py version.py cp src/doc/paths.py doc/ mkdir -p build-man build-html build-pdf sphinx-build -a -b man -t pathsubs doc build-man sphinx-build -a -b html -t pathsubs doc build-html rm -fr build-html/_sources sphinx-build -a -b latex -t pathsubs doc build-pdf make -C build-pdf %install rm -rf %{buildroot} # Sample KDC config files (bundled kdc.conf and kadm5.acl) install -d -m 755 %{buildroot}%{_localstatedir}/lib/krb5kdc install -m 644 %{SOURCE10} %{buildroot}%{_localstatedir}/lib/krb5kdc/kdc.conf install -m 600 %{SOURCE11} %{buildroot}%{_localstatedir}/lib/krb5kdc/kadm5.acl # Default configuration file for everything install -d -m 755 %{buildroot}%{_sysconfdir} install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/krb5.conf install -d -m 755 %{buildroot}%{_unitdir} install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/kprop.service install -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/kadmin.service install -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/krb5kdc.service # sysconfig configuration files install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/kadmin install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/krb5kdc # logrotate configuration files install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/kadmin install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/logrotate.d/krb5kdc # PAM configuration files install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d install -m 644 %{SOURCE29} %{buildroot}%{_sysconfdir}/pam.d/ksu # Plug-in directories. install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/preauth install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/kdb install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/authdata # The rest of the binaries, headers, libraries, and docs. make -C src \ DESTDIR=%{buildroot} \ EXAMPLEDIR=%{_docdir}/%{libname}-devel/examples\ install # logdir install -d %{buildroot}%{_localstatedir}/log/kerberos # clear the LDFLAGS perl -pi -e "s|^LDFLAGS.*|LDFLAGS=''|g" %{buildroot}%{_bindir}/krb5-config # multiarch policy %multiarch_binaries %{buildroot}%{_bindir}/krb5-config %multiarch_includes %{buildroot}%{_includedir}/gssapi/gssapi.h # (gb) this one could be fixed differently and properly using <stdint.h> %multiarch_includes %{buildroot}%{_includedir}/gssrpc/types.h # multiarch_includes %{buildroot}%{_includedir}/krb5/k5-config.h # multiarch_includes %{buildroot}%{_includedir}/krb5/autoconf.h # multiarch_includes %{buildroot}%{_includedir}/krb5/osconf.h %multiarch_includes %{buildroot}%{_includedir}/krb5.h # Install processed man pages. for section in 1 5 8; do install -m 644 build-man/*.$section %{buildroot}%{_mandir}/man$section/ done %if %bootstrap rm -f %{buildroot}%{_mandir}/man8/kdb5_ldap_util.8* %endif %find_lang mit-krb5 %post server %_post_service krb5kdc %_post_service kadmin %_post_service kprop %preun server %_preun_service krb5kdc %_preun_service kadmin %_preun_service kprop %clean rm -rf %{buildroot} %files -f mit-krb5.lang %doc README %config(noreplace) %{_sysconfdir}/krb5.conf %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %{_mandir}/man5/krb5.conf.5* %{_mandir}/man5/.k5login.5* %{_mandir}/man5/.k5identity.5* %{_mandir}/man5/k5login.5* %{_mandir}/man5/k5identity.5* %files workstation %doc src/config-files/services.append %doc build-html/* %doc build-pdf/user.pdf build-pdf/basic.pdf %attr(0755,root,root) %doc src/config-files/convert-config-files %{_bindir}/kdestroy %{_mandir}/man1/kdestroy.1* %{_bindir}/kinit %{_mandir}/man1/kinit.1* %{_bindir}/klist %{_mandir}/man1/klist.1* %{_bindir}/kpasswd %{_mandir}/man1/kpasswd.1* %{_bindir}/kswitch %{_mandir}/man1/kswitch.1* %{_bindir}/kvno %{_mandir}/man1/kvno.1* %{_bindir}/kadmin %{_mandir}/man1/kadmin.1* %{_bindir}/k5srvutil %{_mandir}/man1/k5srvutil.1* %{_bindir}/ktutil %{_mandir}/man1/ktutil.1* %attr(4755,root,root) %{_bindir}/ksu %{_mandir}/man1/ksu.1* %config(noreplace) /etc/pam.d/ksu # Problem-reporting tool %{_datadir}/gnats %{_sbindir}/krb5-send-pr %{_mandir}/man1/krb5-send-pr.1* %files server %doc build-pdf/admin.pdf build-pdf/build.pdf %{_unitdir}/krb5kdc.service %{_unitdir}/kadmin.service %{_unitdir}/kprop.service %config(noreplace) %{_sysconfdir}/sysconfig/krb5kdc %config(noreplace) %{_sysconfdir}/sysconfig/kadmin %config(noreplace) %{_sysconfdir}/logrotate.d/kadmin %config(noreplace) %{_sysconfdir}/logrotate.d/krb5kdc %dir %{_localstatedir}/log/kerberos %dir %{_localstatedir}/lib/krb5kdc %config(noreplace) %{_localstatedir}/lib/krb5kdc/kdc.conf %config(noreplace) %{_localstatedir}/lib/krb5kdc/kadm5.acl %{_mandir}/man5/kadm5.acl.5* %{_mandir}/man5/kdc.conf.5* %{_sbindir}/kadmin.local %{_mandir}/man8/kadmin.local.8* %{_sbindir}/kadmind %{_mandir}/man8/kadmind.8* %{_sbindir}/kdb5_util %{_mandir}/man8/kdb5_util.8* %if !%bootstrap %{_sbindir}/kdb5_ldap_util %{_mandir}/man8/kdb5_ldap_util.8* %endif %{_sbindir}/kprop %{_mandir}/man8/kprop.8* %{_sbindir}/kpropd %{_mandir}/man8/kpropd.8* %{_sbindir}/kproplog %{_mandir}/man8/kproplog.8* %{_sbindir}/krb5kdc %{_mandir}/man8/krb5kdc.8* %{_sbindir}/sim_server # This is here for people who want to test their server, and also # included in devel package for similar reasons. %{_bindir}/sclient %{_mandir}/man1/sclient.1* %{_sbindir}/sserver %{_mandir}/man8/sserver.8* %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/authdata %files -n %{libname} %{_libdir}/libgssapi_krb5.so.* %{_libdir}/libgssrpc.so.* %{_libdir}/libk5crypto.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libkadm5clnt_mit.so.* %{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkdb5.so.* %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/* %{_libdir}/krb5/plugins/kdb/db2.so %files -n %{libname}-devel %doc build-pdf/appdev.pdf build-pdf/plugindev.pdf %doc doc/krb5-protocol %multiarch %{multiarch_bindir}/krb5-config %multiarch %{multiarch_includedir}/gssapi/gssapi.h %multiarch %{multiarch_includedir}/gssrpc/types.h %multiarch %{multiarch_includedir}/krb5.h %{_includedir}/*.h %{_includedir}/gssapi %{_includedir}/gssrpc %{_includedir}/kadm5 %{_includedir}/krb5 %{_bindir}/krb5-config %{_libdir}/libgssapi_krb5.so %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so %{_libdir}/libkadm5clnt.so %{_libdir}/libkadm5clnt_mit.so %{_libdir}/libkadm5srv.so %{_libdir}/libkadm5srv_mit.so %{_libdir}/libkdb5.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_bindir}/sclient %{_mandir}/man1/sclient.1* %{_sbindir}/sserver %{_mandir}/man8/sserver.8* # Protocol test clients %{_bindir}/sim_client %{_bindir}/gss-client %{_bindir}/uuclient # Protocol test servers %{_sbindir}/gss-server %{_sbindir}/uuserver %{_mandir}/man5/.k5login.5* %{_mandir}/man5/krb5.conf.5* %files pkinit-openssl %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/pkinit.so %files server-ldap %doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %if !%bootstrap %{_libdir}/krb5/plugins/kdb/kldap.so %{_libdir}/libkdb_ldap.so %{_libdir}/libkdb_ldap.so.* %{_sbindir}/kdb5_ldap_util %endif %changelog * Mon Feb 25 2013 guillomovitch <guillomovitch> 1.11.1-1.mga3 + Revision: 400305 - new version * Sat Jan 12 2013 umeabot <umeabot> 1.11-3.mga3 + Revision: 356461 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Wed Jan 02 2013 guillomovitch <guillomovitch> 1.11-2.mga3 + Revision: 337655 - ldap support is back * Wed Jan 02 2013 guillomovitch <guillomovitch> 1.11-1.mga3 + Revision: 337601 - disable ldap support temporarily, in order to be able to install verto-devel - new version * Tue Oct 16 2012 guillomovitch <guillomovitch> 1.10.3-2.mga3 + Revision: 307137 - drop portreserve support, because of its marginal usefulness * Fri Sep 07 2012 luigiwalser <luigiwalser> 1.10.3-1.mga3 + Revision: 289609 - 1.10.3 * Wed Aug 01 2012 luigiwalser <luigiwalser> 1.10.2-3.mga3 + Revision: 277685 - add upstream patch to fix CVE-2012-1014 and CVE-2012-1015 * Thu Jul 05 2012 guillomovitch <guillomovitch> 1.10.2-2.mga3 + Revision: 267906 - use /var/lib/krb5kdc as database directory - force usage of builtin libverto, to fix chicken-and-egg issue + luigiwalser <luigiwalser> - fix paths in kadmin and kprop service files * Wed Jun 27 2012 guillomovitch <guillomovitch> 1.10.2-1.mga3 + Revision: 264466 - new version - sync patch set with fedora - add systemd support - drop sysinit support * Fri Jun 15 2012 luigiwalser <luigiwalser> 1.9.2-3.mga3 + Revision: 260854 - add upstream patch to fix CVE-2012-1013 * Mon Jan 02 2012 dmorgan <dmorgan> 1.9.2-2.mga2 + Revision: 189535 - Add fix for CVE-2011-1530 * Thu Nov 03 2011 guillomovitch <guillomovitch> 1.9.2-1.mga2 + Revision: 162139 - new version - new version - drop old obsoletes tags from spec file * Tue May 03 2011 saispo <saispo> 1.8.3-5.mga1 + Revision: 94391 - Sync Advisories for 2010 and 2011 + rtp <rtp> - allow to break openldap <-> krb circular build require * Sun Jan 09 2011 blino <blino> 1.8.3-4.mga1 + Revision: 3724 - remove old conflicts and ldconfig scriptlets - imported package krb5