[sssd] Improved handling of users and groups with multi-valued name attributes (aliases) Performance enhanc
Stephen Gallagher
sgallagh at fedoraproject.org
Tue Oct 18 21:24:44 UTC 2011
commit 75138e2284b202e86edf667a083ec6dee6f59d9e
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue Oct 18 17:24:31 2011 -0400
Improved handling of users and groups with multi-valued name attributes
(aliases)
Performance enhancements
Initgroups on RFC2307bis/FreeIPA
HBAC rule processing
Improved process-hang detection and restarting
Enabled the midpoint cache refresh by default (fewer cache misses on
commonly-used entries)
Cleaned up the example configuration
New tool to change debug level on the fly
.gitignore | 1 +
sources | 2 +-
sssd.spec | 54 +++++++++++++++++++++++++++++++++++-------------------
3 files changed, 37 insertions(+), 20 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index bd1f328..c4f353e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ sssd-1.2.91.tar.gz
/sssd-1.5.11.tar.gz
/sssd-1.6.0.tar.gz
/sssd-1.6.1.tar.gz
+/sssd-1.6.2.tar.gz
diff --git a/sources b/sources
index 29750f4..04c3a55 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2da6d0006b70929d4d491e952e808bf5 sssd-1.6.1.tar.gz
+38cf9c8dc8f173e068fcb31b7ee9baf1 sssd-1.6.2.tar.gz
diff --git a/sssd.spec b/sssd.spec
index 86daf5d..f01c5a9 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -3,6 +3,12 @@
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%endif
+# we don't want to provide private python extension libs
+%{?filter_setup:
+%filter_provides_in %{python_sitearch}/.*\.so$
+%filter_setup
+}
+
%if (0%{?fedora} > 15)
%define _hardened_build 1
%endif
@@ -12,7 +18,7 @@
%global ldb_version 1.1.0
Name: sssd
-Version: 1.6.1
+Version: 1.6.2
Release: 1%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
@@ -84,6 +90,7 @@ BuildRequires: libnl-devel
BuildRequires: nscd
BuildRequires: gettext-devel
BuildRequires: libunistring-devel
+BuildRequires: findutils
%description
Provides a set of daemons to manage access to remote directories and
@@ -152,13 +159,14 @@ autoreconf -ivf
--with-pipe-path=%{pipepath} \
--with-pubconf-path=%{pubconfpath} \
--with-init-dir=%{_initrddir} \
+ --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
--enable-nsslibdir=/%{_lib} \
--enable-pammoddir=/%{_lib}/security \
--disable-static \
--disable-rpath \
--with-test-dir=/dev/shm
-make %{?_smp_mflags}
+make %{?_smp_mflags} all docs
%check
export CK_TIMEOUT_MULTIPLIER=10
@@ -173,9 +181,9 @@ make install DESTDIR=$RPM_BUILD_ROOT
# Prepare language files
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
-# Copy default sssd.conf file
+# Copy SSSDConfig API files
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
-install -m600 src/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
+touch $RPM_BUILD_ROOT/%{_sysconfdir}/sssd/sssd.conf
install -m400 src/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf
install -m400 src/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/
@@ -193,19 +201,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_unitdir}/
cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/
# Remove .la files created by libtool
-rm -f \
- $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
- $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
- $RPM_BUILD_ROOT/%{ldb_modulesdir}/memberof.la \
- $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
- $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
- $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
- $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
- $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_simple.la \
- $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
- $RPM_BUILD_ROOT/%{_libdir}/libipa_hbac.la \
- $RPM_BUILD_ROOT/%{python_sitearch}/pysss.la \
- $RPM_BUILD_ROOT/%{python_sitearch}/pyhbac.la
+find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
+
+# Suppress developer-only documentation
+rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}/doc
# Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd.lang file
@@ -234,24 +233,26 @@ rm -rf $RPM_BUILD_ROOT
%files -f sssd.lang
%defattr(-,root,root,-)
%doc COPYING
+%doc src/examples/sssd.conf
%{_unitdir}/sssd.service
%{_sbindir}/sssd
%{_libexecdir}/%{servicename}/
%{_libdir}/%{name}/
%{ldb_modulesdir}/memberof.so
%dir %{sssdstatedir}
+%dir %{_localstatedir}/cache/krb5rcache
%attr(700,root,root) %dir %{dbpath}
%attr(755,root,root) %dir %{pipepath}
%attr(755,root,root) %dir %{pubconfpath}
%attr(700,root,root) %dir %{pipepath}/private
%attr(750,root,root) %dir %{_var}/log/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/sssd
-%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
+%ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
%config %{_sysconfdir}/sssd/sssd.api.conf
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
-%config %{_sysconfdir}/sssd/sssd.api.d/
+%config %{_sysconfdir}/sssd/sssd.api.d/*
%{_mandir}/man5/sssd.conf.5*
%{_mandir}/man5/sssd-ipa.5*
%{_mandir}/man5/sssd-krb5.5*
@@ -282,6 +283,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sbindir}/sss_groupshow
%{_sbindir}/sss_obfuscate
%{_sbindir}/sss_cache
+%{_sbindir}/sss_debuglevel
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
@@ -291,6 +293,7 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sss_usermod.8*
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_cache.8*
+%{_mandir}/man8/sss_debuglevel.8*
%files -n libipa_hbac
%defattr(-,root,root,-)
@@ -299,6 +302,7 @@ rm -rf $RPM_BUILD_ROOT
%files -n libipa_hbac-devel
%defattr(-,root,root,-)
+%doc hbac_doc/html
%{_includedir}/ipa_hbac.h
%{_libdir}/libipa_hbac.so
%{_libdir}/pkgconfig/ipa_hbac.pc
@@ -353,6 +357,18 @@ fi
%postun -n libipa_hbac -p /sbin/ldconfig
%changelog
+* Tue Oct 18 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.6.2-1
+- Improved handling of users and groups with multi-valued name attributes
+ (aliases)
+- Performance enhancements
+ Initgroups on RFC2307bis/FreeIPA
+ HBAC rule processing
+- Improved process-hang detection and restarting
+- Enabled the midpoint cache refresh by default (fewer cache misses on
+ commonly-used entries)
+- Cleaned up the example configuration
+- New tool to change debug level on the fly
+
* Mon Aug 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.6.1-1
- New upstream release 1.6.1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
More information about the scm-commits
mailing list