Browse Source

krb5-1.14.2-1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@10333 ec354946-7b23-47d6-9f5a-488ba84defc7
tomop 7 years ago
parent
commit
9d319fa717
1 changed files with 211 additions and 75 deletions
  1. 211 75
      k/krb5/krb5-vl.spec

+ 211 - 75
k/krb5/krb5-vl.spec

@@ -1,3 +1,8 @@
+%bcond_with test
+%if %{with test}
+BuildRequires: socket_wrapper
+%endif
+
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
 
 %global WITH_LDAP 1
@@ -15,13 +20,16 @@
 Summary: The Kerberos network authentication system
 Summary(ja): Kerberos ネットワーク認証システム
 Name: krb5
-Version: 1.11.1
+Version: 1.14.2
 Release: 1%{_dist_release}
 
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
 Source0: krb5-%{version}.tar.gz
 # Source1: krb5-%{version}.tar.gz.asc
+Source3: krb5-%{version}-pdfs.tar
+Source1000: krb5-%{version}-man.tar
+Source1001: krb5-%{version}-html.tar
 
 Source2: kpropd.init
 Source4: kadmind.init
@@ -33,36 +41,35 @@ Source19: krb5kdc.sysconfig
 Source20: kadmin.sysconfig
 # The same source files we "check", generated with "krb5-tex-pdf.sh create"
 # and tarred up.
-Source23: krb5-%{version}-pdf.tar.xz
 Source24: krb5-tex-pdf.sh
-Source25: krb5-1.8-manpaths.txt
 Source29: ksu.pamd
 Source30: kerberos-iv.portreserve
 Source31: kerberos-adm.portreserve
 Source32: krb5_prop.portreserve
 Source33: krb5kdc.logrotate
 Source34: kadmind.logrotate
-Source36: kpropd.init
-Source37: kadmind.init
-Source38: krb5kdc.init
-
-Patch5: krb5-1.10-ksu-access.patch
-Patch6: krb5-1.10-ksu-path.patch
-Patch12: krb5-1.7-ktany.patch
-Patch16: krb5-1.10-buildconf.patch
+Source39: krb5-krb5kdc.conf
+
+# Carry this locally until it's available in a packaged form.
+Source100: noport.c
+
+Patch6: krb5-1.12-ksu-path.patch
+Patch12: krb5-1.12-ktany.patch
+Patch16: krb5-1.12-buildconf.patch
 Patch23: krb5-1.3.1-dns.patch
-Patch29: krb5-1.10-kprop-mktemp.patch
-Patch30: krb5-1.3.4-send-pr-tempfile.patch
-Patch39: krb5-1.8-api.patch
-Patch56: krb5-1.10-doublelog.patch
-Patch59: krb5-1.10-kpasswd_tcp.patch
-Patch60: krb5-1.11-pam.patch
-Patch71: krb5-1.11-dirsrv-accountlock.patch
-Patch75: krb5-trunk-signed.patch
+Patch39: krb5-1.12-api.patch
+Patch60: krb5-1.12.1-pam.patch
+Patch71: krb5-1.13-dirsrv-accountlock.patch
 Patch86: krb5-1.9-debuginfo.patch
-Patch105: krb5-kvno-230379.patch
-Patch113: krb5-1.11-alpha1-init.patch
-Patch114: krb5-lookup_etypes-leak.patch
+Patch129: krb5-1.11-run_user_0.patch
+Patch134: krb5-1.11-kpasswdtest.patch
+Patch148: krb5-disable_ofd_locks.patch
+Patch150: krb5-acquire_cred_interposer.patch
+Patch153: krb5-1.14.2-log_file_permissions.patch
+
+Patch164: krb5-1.15-kdc_send_receive_hooks.patch
+Patch165: krb5-1.15-kdc_hooks_test.patch
+
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -74,7 +81,11 @@ BuildRequires: autoconf, bison, flex, gawk
 BuildRequires: e2fsprogs-devel
 # BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
 BuildRequires: gzip, ncurses-devel, rsh, texinfo, tar
-# BuildRequires: texlive-latex
+# BuildRequires: python-sphinx
+# BuildRequires: texlive
+# BuildRequires: texlive-latexrecommended
+# BuildRequires: texlive-fontsrecommended
+BuildRequires: keyutils
 BuildRequires: keyutils-libs-devel
 # BuildRequires: libselinux-devel
 BuildRequires: pam-devel
@@ -132,8 +143,6 @@ Requires(post): /sbin/install-info, chkconfig
 Requires: initscripts >= 8.91.3-1
 Requires(preun): /sbin/install-info, chkconfig, initscripts
 Requires(postun): initscripts
-# mktemp is used by krb5-send-pr
-Requires: mktemp
 # portreserve is used by init scripts for kadmind, kpropd, and krb5kdc
 Requires: portreserve
 %if %{WITH_SYSVERTO}
@@ -233,51 +242,81 @@ certificate.
 # end of compat32 package
 
 %prep
-%setup -q -a 23
+%setup -q -a 3 -a 1000 -a 1001
 ln -s NOTICE LICENSE
 
 %patch60 -p1 -b .pam
 
 # %patch63 -p1 -b .selinux-label
 
-%patch5  -p1 -b .ksu-access
 %patch6  -p1 -b .ksu-path
 %patch12 -p1 -b .ktany
-%patch16 -p1 -b .buildconf
-%patch23 -p1 -b .dns
-%patch29 -p1 -b .kprop-mktemp
-%patch30 -p1 -b .send-pr-tempfile
+%patch16 -p1 -b .buildconf %{?_rawbuild}
+%patch23 -p1 -b .dns %{?_rawbuild}
 %patch39 -p1 -b .api
-%patch56 -p1 -b .doublelog
-%patch59 -p1 -b .kpasswd_tcp
-%patch71 -p1 -b .dirsrv-accountlock
+%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
 %patch86 -p0 -b .debuginfo
-%patch105 -p1 -b .kvno
-%patch113 -p1 -b .init
-%patch114 -p1 -b .lookup_etypes-leak
+
+# Apply when the hard-wired or configured default location is
+# DIR:/run/user/%%{uid}/krb5cc.
+#%patch129 -p1 -b .run_user_0
+
+%patch134 -p1 -b .kpasswdtest
+
+%patch148 -p1 -b .disable_ofd_locks
+
+%patch150 -p1 -b .fix_interposer
+
+%patch153 -p1 -b .log_file_permissions
+
+%patch164 -p1 -b .kdc_send_receive_hooks
+%patch165 -p1 -b .kdc_hooks_test
 
 # Take the execute bit off of documentation.
-chmod -x doc/krb5-protocol/*.txt
+chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
 
 # Generate an FDS-compatible LDIF file.
 inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
-cat > 60kerberos.ldif << EOF
+cat > '60kerberos.ldif' << EOF
 # This is a variation on kerberos.ldif which 389 Directory Server will like.
 dn: cn=schema
 EOF
 egrep -iv '(^$|^dn:|^changetype:|^add:)' $inldif | \
-sed -r 's,^             ,                ,g' | \
-sed -r 's,^     ,        ,g' >> 60kerberos.ldif
+sed -r 's,^		,                ,g' | \
+sed -r 's,^	,        ,g' >> 60kerberos.ldif
 touch -r $inldif 60kerberos.ldif
 
 # Rebuild the configure scripts.
 pushd src
-autoheader
-autoconf
+./util/reconf --verbose
 popd
 
+# Mess with some of the default ports that we use for testing, so that multiple
+# builds going on the same host don't step on each other.
+cfg="src/kadmin/testing/proto/kdc.conf.proto \
+     src/kadmin/testing/proto/krb5.conf.proto \
+     src/lib/kadm5/unit-test/api.current/init-v2.exp \
+     src/util/k5test.py"
+LONG_BIT=`getconf LONG_BIT`
+PORT=`expr 61000 + $LONG_BIT - 48`
+sed -i -e s,61000,`expr "$PORT" + 0`,g $cfg
+PORT=`expr 1750 + $LONG_BIT - 48`
+sed -i -e s,1750,`expr "$PORT" + 0`,g $cfg
+sed -i -e s,1751,`expr "$PORT" + 1`,g $cfg
+sed -i -e s,1752,`expr "$PORT" + 2`,g $cfg
+PORT=`expr 8888 + $LONG_BIT - 48`
+sed -i -e s,8888,`expr "$PORT" - 0`,g $cfg
+sed -i -e s,8887,`expr "$PORT" - 1`,g $cfg
+sed -i -e s,8886,`expr "$PORT" - 2`,g $cfg
+PORT=`expr 7777 + $LONG_BIT - 48`
+sed -i -e s,7777,`expr "$PORT" + 0`,g $cfg
+sed -i -e s,7778,`expr "$PORT" + 1`,g $cfg
+
 %build
 pushd src
+# Set this so that configure will have a value even if the current version of
+# autoconf doesn't set one.
+export runstatedir=%{_localstatedir}/run
 # Work out the CFLAGS and CPPFLAGS which we intend to use.
 INCLUDES=-I%{_includedir}/et
 CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC -fno-strict-aliasing -fstack-protector-all`"
@@ -293,6 +332,7 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 %endif
 	--localstatedir=%{_var}/kerberos \
 	--disable-rpath \
+	--without-krb5-config \
 	--with-system-et \
 	--with-system-ss \
 	--with-netlib=-lresolv \
@@ -306,7 +346,7 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 %endif
 %if %{WITH_OPENSSL}
 	--enable-pkinit \
-        --with-pkinit-crypto-impl=openssl \
+	--with-pkinit-crypto-impl=openssl \
 %else
 	--disable-pkinit \
 %endif
@@ -321,13 +361,55 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 make %{?_smp_mflags}
 popd
 
+# Sanity check the KDC_RUN_DIR.
+configured_kdcrundir=`grep KDC_RUN_DIR src/include/osconf.h | awk '{print $NF}'`
+configured_kdcrundir=`eval echo $configured_kdcrundir`
+if test "$configured_kdcrundir" != %{_localstatedir}/run/krb5kdc ; then
+        exit 1
+fi
+
+## Build the docs.
+#make -C src/doc paths.py version.py
+#cp src/doc/paths.py doc/
+#mkdir -p build-man build-html build-pdf
+#sphinx-build -a -b man   -t pathsubs doc build-man
+#sphinx-build -a -b html  -t pathsubs doc build-html
+#rm -fr build-html/_sources
+#sphinx-build -a -b latex -t pathsubs doc build-pdf
+## Build the PDFs if we didn't have pre-built ones.
+#for pdf in admin appdev basic build plugindev user ; do
+#        test -s build-pdf/$pdf.pdf || make -C build-pdf
+#done
+
+## new krb5-%{version}-pdf
+#tar -cf "krb5-%{version}-pdfs.tar.new" build-pdf/*.pdf
+
+# We need to cut off any access to locally-running nameservers, too.
+%{__cc} -fPIC -shared -o noport.so -Wall -Wextra $RPM_SOURCE_DIR/noport.c
+
 %check
-# Run the test suite. We can't actually run the whole thing in the build system.
+%if %{with test}
+mkdir nss_wrapper
+
+# Set things up to use the test wrappers.
+export NSS_WRAPPER_HOSTNAME=test.example.com
+export NSS_WRAPPER_HOSTS="$PWD/nss_wrapper/fakehosts"
+echo "127.0.0.1 $NSS_WRAPPER_HOSTNAME localhost" > $NSS_WRAPPER_HOSTS
+export NOPORT='53,111'
+export SOCKET_WRAPPER_DIR="$PWD/sockets" ; mkdir -p $SOCKET_WRAPPER_DIR
+export LD_PRELOAD="$PWD/noport.so:libnss_wrapper.so:libsocket_wrapper.so"
+
+# Run the test suite. We can't actually run the whole thing in the build
+# system, but we can at least run more than we used to.  The build system may
+# give us a revoked session keyring, so run affected tests with a new one.
 make -C src runenv.py
 : make -C src check TMPDIR=%{_tmppath}
-make -C src/lib check TMPDIR=%{_tmppath}
+keyctl session - make -C src/lib check TMPDIR=%{_tmppath} OFFLINE=yes
 make -C src/kdc check TMPDIR=%{_tmppath}
-
+keyctl session - make -C src/appl check TMPDIR=%{_tmppath}
+make -C src/clients check TMPDIR=%{_tmppath}
+keyctl session - make -C src/util check TMPDIR=%{_tmppath}
+%endif
 
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@@ -344,6 +426,35 @@ mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/kdc/user
 mkdir -p $RPM_BUILD_ROOT/etc
 install -pm 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
 
+
+
+
+# Default include on this directory
+mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d
+#ln -sv /etc/crypto-policies/back-ends/krb5.config $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies
+
+# Parent of configuration file for list of loadable GSS mechs ("mechs").  This
+# location is not relative to sysconfdir, but is hard-coded in g_initialize.c.
+mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss
+# Parent of groups of configuration files for a list of loadable GSS mechs
+# ("mechs").  This location is not relative to sysconfdir, and is also
+# hard-coded in g_initialize.c.
+mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss/mech.d
+
+# If the default configuration needs to start specifying a default cache
+# location, add it now, then fixup the timestamp so that it looks the same.
+%if 0%{?configure_default_ccache_name}
+export DEFCCNAME="%{configured_default_ccache_name}"
+awk '{print}
+     /^# default_realm/{print " default_ccache_name =", ENVIRON["DEFCCNAME"]}' \
+     %{SOURCE6} > $RPM_BUILD_ROOT/etc/krb5.conf
+touch -r %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
+grep default_ccache_name $RPM_BUILD_ROOT/etc/krb5.conf
+%endif
+
+
+
+
 # Server init scripts (krb5kdc,kadmind,kpropd) and their sysconfig files.
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
 for init in \
@@ -375,6 +486,14 @@ for portreserve in \
 	$RPM_BUILD_ROOT/etc/portreserve/`basename ${portreserve} .portreserve`
 done
 
+# logrotate configuration files
+mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d/
+for logrotate in \
+        %{SOURCE33} \
+        %{SOURCE34} ; do
+        install -pm 644 ${logrotate} \
+        $RPM_BUILD_ROOT/etc/logrotate.d/`basename ${logrotate} .logrotate`
+done
 
 # PAM configuration files.
 mkdir -p $RPM_BUILD_ROOT/etc/pam.d/
@@ -397,6 +516,12 @@ make -C src DESTDIR=$RPM_BUILD_ROOT EXAMPLEDIR=%{_docdir}/krb5-libs-%{version}/e
 # list of link flags, and it helps prevent file conflicts on multilib systems.
 sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
 
+# Install processed man pages.
+for section in 1 5 8 ; do
+        install -m 644 build-man/*.${section} \
+                       $RPM_BUILD_ROOT/%{_mandir}/man${section}/
+done
+
 # Move specific libraries from %{_libdir} to /%{_lib}, and fixup the symlinks.
 touch $RPM_BUILD_ROOT/rootfile
 rellibdir=..
@@ -412,6 +537,18 @@ for library in libgssapi_krb5 libgssrpc libk5crypto libkrb5 libkrb5support ; do
 	popd
 done
 
+# This script just tells you to send bug reports to krb5-bugs@mit.edu, but
+# since we don't have a man page for it, just drop it.
+rm -- "$RPM_BUILD_ROOT/%{_sbindir}/krb5-send-pr"
+
+# These files are already packaged elsewhere
+rm -f -- "$RPM_BUILD_ROOT/%{_docdir}/krb5-libs/examples/kdc.conf"
+rm -f -- "$RPM_BUILD_ROOT/%{_docdir}/krb5-libs/examples/krb5.conf"
+rm -f -- "$RPM_BUILD_ROOT/%{_docdir}/krb5-libs/examples/services.append"
+
+# This is only needed for tests
+rm -f -- "$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/test.so"
+
 %find_lang %{gettext_domain}
 
 %clean
@@ -467,9 +604,10 @@ exit 0
 
 %files workstation
 %defattr(-,root,root,-)
-%doc doc/user*.ps.gz src/config-files/services.append
-%doc doc/{kdestroy,kinit,klist,kpasswd,ksu}.html
-%doc doc/krb5-user.html
+%doc src/config-files/services.append
+%doc src/config-files/krb5.conf
+%doc build-html/*
+%doc build-pdf/user.pdf build-pdf/basic.pdf
 %attr(0755,root,root) %doc src/config-files/convert-config-files
 
 # Clients of the KDC, including tools you're likely to need if you're running
@@ -499,30 +637,24 @@ exit 0
 %{_mandir}/man1/ksu.1*
 %config(noreplace) /etc/pam.d/ksu
 
-# Problem-reporting tool.
-%{_sbindir}/krb5-send-pr
-%dir %{_datadir}/gnats
-%{_datadir}/gnats/mit
-%{_mandir}/man1/krb5-send-pr.1*
-
 %files server
 %defattr(-,root,root,-)
 %docdir %{_mandir}
+%doc build-pdf/admin.pdf build-pdf/build.pdf
+%doc src/config-files/kdc.conf
 
 /etc/rc.d/init.d/krb5kdc
 /etc/rc.d/init.d/kadmin
 /etc/rc.d/init.d/kprop
 %config(noreplace) /etc/sysconfig/krb5kdc
 %config(noreplace) /etc/sysconfig/kadmin
+%config(noreplace) /etc/logrotate.d/krb5kdc
+%config(noreplace) /etc/logrotate.d/kadmind
+
 %config(noreplace) /etc/portreserve/kerberos-iv
 %config(noreplace) /etc/portreserve/kerberos-adm
 %config(noreplace) /etc/portreserve/krb5_prop
 
-%doc doc/admin*.ps.gz
-%doc doc/install*.ps.gz
-%doc doc/krb5-admin.html
-%doc doc/krb5-install.html
-
 %dir %{_var}/kerberos
 %dir %{_var}/kerberos/krb5kdc
 %config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf
@@ -533,12 +665,7 @@ exit 0
 %dir %{_libdir}/krb5/plugins/kdb
 %dir %{_libdir}/krb5/plugins/preauth
 %dir %{_libdir}/krb5/plugins/authdata
-
-# Problem-reporting tool.
-%{_sbindir}/krb5-send-pr
-%dir %{_datadir}/gnats
-%{_datadir}/gnats/mit
-%{_mandir}/man1/krb5-send-pr.1*
+%{_libdir}/krb5/plugins/preauth/otp.so
 
 # KDC binaries and configuration.
 %{_mandir}/man5/kadm5.acl.5*
@@ -586,7 +713,10 @@ exit 0
 %defattr(-,root,root,-)
 %doc README NOTICE LICENSE
 %docdir %{_mandir}
-%verify(not md5 size mtime) %config(noreplace) /etc/krb5.conf
+%dir /etc/gss
+%dir /etc/gss/mech.d
+%dir /etc/krb5.conf.d
+%config(noreplace) /etc/krb5.conf
 /%{_mandir}/man5/.k5identity.5*
 /%{_mandir}/man5/.k5login.5*
 /%{_mandir}/man5/k5identity.5*
@@ -598,12 +728,14 @@ exit 0
 %{_libdir}/libkadm5clnt_mit.so.*
 %{_libdir}/libkadm5srv_mit.so.*
 %{_libdir}/libkdb5.so.*
+%{_libdir}/libkrad.so.*
 /%{_lib}/libkrb5.so.*
 /%{_lib}/libkrb5support.so.*
 %dir %{_libdir}/krb5
 %dir %{_libdir}/krb5/plugins
 %dir %{_libdir}/krb5/plugins/*
 %{_libdir}/krb5/plugins/kdb/db2.so
+%{_libdir}/krb5/plugins/tls/k5tls.so
 %dir %{_var}/kerberos
 %dir %{_var}/kerberos/kdc
 %dir %{_var}/kerberos/kdc/user
@@ -624,12 +756,8 @@ exit 0
 %files devel
 %defattr(-,root,root,-)
 %docdir %{_mandir}
-%doc build-pdf/*.pdf
-%doc doc/ccapi
-%doc doc/kadmin
 %doc doc/krb5-protocol
-%doc doc/rpc
-%doc doc/threads.txt
+%doc build-pdf/appdev.pdf build-pdf/plugindev.pdf
 
 %{_includedir}/*
 %{_libdir}/libgssapi_krb5.so
@@ -640,13 +768,16 @@ exit 0
 %{_libdir}/libkadm5srv.so
 %{_libdir}/libkadm5srv_mit.so
 %{_libdir}/libkdb5.so
+%{_libdir}/libkrad.so
 %{_libdir}/libkrb5.so
 %{_libdir}/libkrb5support.so
 %if %{build_static}
 %{_libdir}/*.a
 %endif
+%{_libdir}/pkgconfig/*
 
 %{_bindir}/krb5-config
+%{_mandir}/man1/krb5-config.1*
 %{_bindir}/sclient
 %{_mandir}/man1/sclient.1*
 %{_mandir}/man8/sserver.8*
@@ -698,15 +829,20 @@ exit 0
 %{_libdir}/libkadm5srv.so
 %{_libdir}/libkadm5srv_mit.so
 %{_libdir}/libkdb5.so
+%{_libdir}/libkrad.so
 %{_libdir}/libkrb5.so
 %{_libdir}/libkrb5support.so
 %if %{build_static}
 %{_libdir}/*.a
 %endif
+%{_libdir}/pkgconfig/*
 
 %endif
 
 %changelog
+* Wed May 25 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.14.2-1
+- updated to 1.14.2.
+
 * Tue Mar 19 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.11.1-1
 - update to 1.11.1
 
@@ -1848,13 +1984,13 @@ exit 0
 - update for krb5-1.1
 - add KDC rotation to rc.boot, based on ideas from Michael's C version
 
-* Mon Sep 26 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
+* Sun Sep 26 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
 - added -lncurses to telnet and telnetd makefiles
 
 * Mon Jul  5 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
 - added krb5.csh and krb5.sh to /etc/profile.d
 
-* Mon Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
+* Tue Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
 - broke out configuration files
 
 * Mon Jun 14 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>