>From 254a9f0a328ef3680df6cf301d550f0690e76ac7 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 5 Jun 2013 12:53:30 +0200 Subject: [PATCH 2/2] rpm: Split providers into separate subpackages https://fedorahosted.org/sssd/ticket/1510 This patch splits the previously monolithic sssd package into sssd-common that contains the deamon and the responders and per-provider packages such as sssd-ldap or sssd-ipa. This split would benefit two parties: 1) security auditors who are often trying to find the smallest package set including dependencies needed for the package to function. They would be able to i.e. install sssd-ldap and not bother about sssd-ipa or sssd-ad pulling in more dependencies. 2) 3rd party programs such as realmd or authconfig that would only be able to require or install on demand the needed packages. --- contrib/sssd.spec.in | 192 +++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 149 insertions(+), 43 deletions(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index c48a5de9095d50d2ac8856b45a8c2ed9b040f7bf..ff3ffa5f7434f87b4dab9d8d190dfa782ed7fe96 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -60,30 +60,13 @@ Patch0001: sssd-1.9-man-change-default-ccache.patch ### Dependencies ### -Requires: libldb >= 0.9.3 -Requires: libtdb >= 1.1.3 -Requires: sssd-client%{?_isa} = %{version}-%{release} -Requires: libipa_hbac = %{version}-%{release} -Requires: libsss_idmap = %{version}-%{release} +Conflicts: sssd < %{version}-%{release} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-ldap = %{version}-%{release} +Requires: sssd-krb5 = %{version}-%{release} +Requires: sssd-ipa = %{version}-%{release} +Requires: sssd-ad = %{version}-%{release} Requires: python-sssdconfig = %{version}-%{release} -Requires: cyrus-sasl-gssapi -%if (0%{?use_systemd} == 1) -Requires(post): systemd-units systemd-sysv -Requires(preun): systemd-units -Requires(postun): systemd-units -%else -Requires(post): initscripts chkconfig -Requires(preun): initscripts chkconfig -Requires(postun): initscripts chkconfig -%endif - -### Provides ### -Provides: libsss_sudo = %{version}-%{release} -Obsoletes: libsss_sudo < %{version}-%{release} -Provides: libsss_sudo-devel = %{version}-%{release} -Obsoletes: libsss_sudo-devel < %{version}-%{release} -Provides: libsss_autofs = %{version}-%{release} -Obsoletes: libsss_autofs < %{version}-%{release} %global servicename sssd %global sssdstatedir %{_localstatedir}/lib/sss @@ -159,6 +142,40 @@ the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. +The sssd subpackage is a meta-package that contains the deamon as well as all +the existing back ends. + +%package common +Summary: Common files for the SSSD +Group: Applications/System +License: GPLv3+ +Requires: libldb >= 0.9.3 +Requires: libtdb >= 1.1.3 +Requires: sssd-client%{?_isa} = %{version}-%{release} +Conflicts: sssd < %{version}-%{release} +%if (0%{?use_systemd} == 1) +Requires(post): systemd-units systemd-sysv +Requires(preun): systemd-units +Requires(postun): systemd-units +%else +Requires(post): initscripts chkconfig +Requires(preun): initscripts chkconfig +Requires(postun): initscripts chkconfig +%endif + +### Provides ### +Provides: libsss_sudo = %{version}-%{release} +Obsoletes: libsss_sudo < %{version}-%{release} +Provides: libsss_sudo-devel = %{version}-%{release} +Obsoletes: libsss_sudo-devel < %{version}-%{release} +Provides: libsss_autofs = %{version}-%{release} +Obsoletes: libsss_autofs < %{version}-%{release} + +%description common +Common files for the SSSD. The common package includes all the files needed +to run a particular back end, however, the back ends are packaged in separate +subpackages such as sssd-ldap. + %package client Summary: SSSD Client libraries for NSS and PAM Group: Applications/System @@ -174,7 +191,7 @@ service. Summary: Userspace tools for use with the SSSD Group: Applications/System License: GPLv3+ -Requires: sssd = %{version}-%{release} +Requires: sssd-common = %{version}-%{release} %description tools Provides userspace tools for manipulating users, groups, and nested groups in @@ -194,6 +211,72 @@ BuildArch: noarch %description -n python-sssdconfig Provides python files for manipulation SSSD and IPA configuration files. +%package ldap +Summary: The LDAP back end of the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < %{version}-%{release} +Requires: sssd-common = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description ldap +Provides the LDAP back end that the SSSD can utilize to fetch identity data +from and authenticate against an LDAP server. + +%package krb5-common +Summary: SSSD helpers needed for Kerberos and GSSAPI authentication +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < %{version}-%{release} +Requires: cyrus-sasl-gssapi +Requires: sssd-common = %{version}-%{release} + +%description krb5-common +Provides helper processes that the LDAP and Kerberos back ends can use for +Kerberos user or host authentication. + +%package krb5 +Summary: The Kerberos authentication back end for the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < %{version}-%{release} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} + +%description krb5 +Provides the Kerberos back end that the SSSD can utilize authenticate +against a Kerberos server. + +%package ipa +Summary: The IPA back end of the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < %{version}-%{release} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libipa_hbac = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: bind-utils + +%description ipa +Provides the IPA back end that the SSSD can utilize to fetch identity data +from and authenticate against an IPA server. + +%package ad +Summary: The AD back end of the SSSD +Group: Applications/System +License: GPLv3+ +Conflicts: sssd < %{version}-%{release} +Requires: sssd-common = %{version}-%{release} +Requires: sssd-krb5-common = %{version}-%{release} +Requires: libsss_idmap = %{version}-%{release} +Requires: bind-utils + +%description ad +Provides the Active Directory back end that the SSSD can utilize to fetch +identity data from and authenticate against an Active Directory server. + %package -n libsss_idmap Summary: FreeIPA Idmap library Group: Development/Libraries @@ -386,7 +469,11 @@ touch $RPM_BUILD_ROOT/%{mcpath}/group %clean rm -rf $RPM_BUILD_ROOT -%files -f sssd.lang +%files +%defattr(-,root,root,-) +%doc COPYING + +%files common -f sssd.lang %defattr(-,root,root,-) %doc COPYING %doc src/examples/sssd-example.conf @@ -398,8 +485,6 @@ rm -rf $RPM_BUILD_ROOT %endif %dir %{_libexecdir}/%{servicename} -%{_libexecdir}/%{servicename}/krb5_child -%{_libexecdir}/%{servicename}/ldap_child %{_libexecdir}/%{servicename}/proxy_child %{_libexecdir}/%{servicename}/sssd_be %{_libexecdir}/%{servicename}/sssd_nss @@ -409,17 +494,7 @@ rm -rf $RPM_BUILD_ROOT %{_libexecdir}/%{servicename}/sssd_ssh %{_libexecdir}/%{servicename}/sssd_sudo -# RHEL 5 is too old to support the PAC responder -%if !0%{?is_rhel5} -%{_libexecdir}/%{servicename}/sssd_pac - -%endif - %dir %{_libdir}/%{name} -%{_libdir}/%{name}/libsss_ad.so -%{_libdir}/%{name}/libsss_ipa.so -%{_libdir}/%{name}/libsss_krb5.so -%{_libdir}/%{name}/libsss_ldap.so %{_libdir}/%{name}/libsss_proxy.so %{_libdir}/%{name}/libsss_simple.so @@ -427,7 +502,6 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/%{name}/libsss_child.so %{_libdir}/%{name}/libsss_crypt.so %{_libdir}/%{name}/libsss_debug.so -%{_libdir}/%{name}/libsss_krb5_common.so %{_libdir}/%{name}/libsss_ldap_common.so %{_libdir}/%{name}/libsss_util.so @@ -448,7 +522,6 @@ rm -rf $RPM_BUILD_ROOT %ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group %attr(755,root,root) %dir %{pipepath} %attr(755,root,root) %dir %{pubconfpath} -%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d %attr(700,root,root) %dir %{pipepath}/private %attr(750,root,root) %dir %{_var}/log/%{name} %attr(711,root,root) %dir %{_sysconfdir}/sssd @@ -459,10 +532,6 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/sssd/sssd.api.conf %{_datadir}/sssd/sssd.api.d %{_mandir}/man5/sssd.conf.5* -%{_mandir}/man5/sssd-ipa.5* -%{_mandir}/man5/sssd-ad.5* -%{_mandir}/man5/sssd-krb5.5* -%{_mandir}/man5/sssd-ldap.5* %{_mandir}/man5/sssd-simple.5* %{_mandir}/man5/sssd-sudo.5* %{_mandir}/man8/sssd.8* @@ -472,6 +541,43 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/pysss.so %{python_sitearch}/pysss_murmur.so +%files ldap +%defattr(-,root,root,-) +%doc COPYING +%{_libdir}/%{name}/libsss_ldap.so +%{_mandir}/man5/sssd-ldap.5* + +%files krb5-common +%defattr(-,root,root,-) +%doc COPYING +%{_libdir}/%{name}/libsss_krb5_common.so +%{_libexecdir}/%{servicename}/ldap_child +%{_libexecdir}/%{servicename}/krb5_child + +%files krb5 +%defattr(-,root,root,-) +%doc COPYING +%{_libdir}/%{name}/libsss_krb5.so +%{_mandir}/man5/sssd-krb5.5* + +%files ipa +%defattr(-,root,root,-) +%doc COPYING +# RHEL 5 is too old to support the PAC responder +%if !0%{?is_rhel5} +%{_libexecdir}/%{servicename}/sssd_pac +%endif + +%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d +%{_libdir}/%{name}/libsss_ipa.so +%{_mandir}/man5/sssd-ipa.5* + +%files ad +%defattr(-,root,root,-) +%doc COPYING +%{_libdir}/%{name}/libsss_ad.so +%{_mandir}/man5/sssd-ad.5* + %files client -f sssd_client.lang %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER -- 1.8.2.1