##
## heimdal.spec -- OpenPKG RPM Package Specification
## Copyright (c) 2000-2020 OpenPKG Project
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
# package information
Name: heimdal
Summary: Kerberos Network Authentication System
URL: http://www.h5l.org/
Vendor: KTH SE
Packager: OpenPKG Project
Distribution: OpenPKG Community
Class: EVAL
Group: Cryptography
License: BSD
Version: 1.4
Release: 20100914
# package options
%option with_fsl yes
%option with_server yes
%option with_ldap no
# list of sources
Source0: http://www.h5l.org/dist/src/heimdal-%{version}.tar.gz
Source1: rc.heimdal
Source2: fsl.heimdal
Source3: krb5.conf
Source4: kdc.conf
Source5: heimdal-setup.sh
Patch0: heimdal.patch
# build information
BuildPreReq: OpenPKG, openpkg >= 20160101, bison, flex
PreReq: OpenPKG, openpkg >= 20160101
%if "%{with_fsl}" == "yes"
BuildPreReq: fsl
PreReq: fsl
%endif
BuildPreReq: readline, openssl, db
PreReq: readline, openssl, db
%if "%{with_ldap}" == "yes"
BuildPreReq: openldap
PreReq: openldap
%endif
Provides: KERBEROS
Conflicts: kerberos
%description
Kerberos is a network authentication protocol. It is designed
to provide strong authentication for client/server applications
by using secret-key cryptography. This is the free Heimdal
implementation of this protocol, as available from KTH. Kerberos is
available in many commercial products as well.
%track
prog heimdal = {
version = %{version}
url = http://www.h5l.org/dist/src/
regex = heimdal-(\d+(\.\d+)+)\.tar\.gz
}
%prep
%setup -q
%patch -p0
%build
# configure toolkit
%{l_shtool} subst \
-e 's;^\(DIST_SUBDIRS.*\) appl \(.*\)$;\1\2;' \
Makefile.in
%{l_shtool} subst \
-e 's;^\(SUBDIRS.*\) appl \(.*\)$;\1\2;' \
Makefile.in
%{l_shtool} subst \
-e 's;/krb5.conf:/etc/krb5.conf;/krb5.conf;g' \
lib/krb5/constants.c
%{l_shtool} subst \
-e 's;/var/heimdal;%{l_prefix}/var/heimdal/db;g' \
lib/hdb/hdb.h
%{l_shtool} subst \
-e 's;/var/run/;%{l_prefix}/var/heimdal/run/;g' \
lib/roken/roken-common.h
%{l_shtool} subst \
-e 's;HDB_DB_DIR "/kdc.conf";"%{l_prefix}/etc/heimdal/kdc.conf";g' \
kadmin/kadmin.c kadmin/kadmind.c kdc/kdc_locl.h kpasswd/kpasswdd.c
%{l_shtool} subst \
-e 's;HDB_DB_DIR "/slaves";"%{l_prefix}/etc/heimdal/ipropd.slaves";g' \
-e 's;HDB_DB_DIR "/slaves-stats";"%{l_prefix}/var/heimdal/run/ipropd.stats";g' \
lib/kadm5/iprop.h
%{l_shtool} subst \
-e 's;HDB_DB_DIR "/signal";"%{l_prefix}/var/heimdal/run/ipropd.signal";g' \
lib/kadm5/private.h
( echo "ac_cv_prog_COMPILE_ET="
) >config.cache
CC="%{l_cc}" \
CFLAGS="%{l_cflags -O} %{l_cppflags}" \
CPPFLAGS="%{l_cppflags}" \
LDFLAGS="%{l_ldflags}" \
./configure \
--cache-file=./config.cache \
--prefix=%{l_prefix} \
--mandir=%{l_prefix}/man \
--infodir=%{l_prefix}/info \
--sysconfdir=%{l_prefix}/etc/heimdal \
--includedir=%{l_prefix}/include/heimdal \
--libdir=%{l_prefix}/lib/heimdal \
--libexecdir=%{l_prefix}/sbin \
--localstatedir=%{l_prefix}/var/heimdal/db \
--without-x \
--with-readline=%{l_prefix} \
--with-readline-lib=%{l_prefix}/lib \
--with-readline-include=%{l_prefix}/include \
--with-openssl=%{l_prefix} \
--with-openssl-lib=%{l_prefix}/lib \
--with-openssl-include=%{l_prefix}/include \
--enable-berkeley-db \
--disable-ndbm-db \
%if "%{with_ldap}" == "yes"
--with-openldap=%{l_prefix} \
--with-openldap-lib=%{l_prefix}/lib \
--with-openldap-include=%{l_prefix}/include \
%endif
--enable-kcm \
--without-krb4 \
--enable-pthread-support \
--enable-otp \
--disable-shared
# build toolkit
%{l_make} %{l_mflags}
%install
# install toolkit
%{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT"
# create additional directories
%{l_shtool} mkdir -p -m 755 \
%if "%{with_server}" == "yes"
$RPM_BUILD_ROOT%{l_prefix}/var/heimdal/log \
$RPM_BUILD_ROOT%{l_prefix}/var/heimdal/run \
$RPM_BUILD_ROOT%{l_prefix}/var/heimdal/db \
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl \
%endif
$RPM_BUILD_ROOT%{l_prefix}/etc/heimdal
# strip down installation
rm -f $RPM_BUILD_ROOT%{l_prefix}/info/dir
rm -rf $RPM_BUILD_ROOT%{l_prefix}/man/cat*
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/heimdal/libeditline*
rm -f $RPM_BUILD_ROOT%{l_prefix}/include/heimdal/editline.h
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man3/editline.3
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man3/*.3
rm -f $RPM_BUILD_ROOT%{l_prefix}/bin/compile_et
strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true
strip $RPM_BUILD_ROOT%{l_prefix}/sbin/* >/dev/null 2>&1 || true
# strip down installation (server-related only)
%if "%{with_server}" != "yes"
for file in $RPM_BUILD_ROOT%{l_prefix}/sbin/*; do
base=`echo $file | sed -e "s;^$RPM_BUILD_ROOT%{l_prefix}/sbin/;;"`
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man8/$base.8 >/dev/null 2>&1 || true
rm -f $file >/dev/null 2>&1 || true
done
%endif
# post-adjust installation
mv $RPM_BUILD_ROOT%{l_prefix}/lib/heimdal/pkgconfig \
$RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig
# install setup script
%if "%{with_server}" == "yes"
%{l_shtool} install -c -m 755 %{l_value -s -a} \
-e 's;@l_bash@;%{l_bash};g' \
%{SOURCE heimdal-setup.sh} \
$RPM_BUILD_ROOT%{l_prefix}/sbin/heimdal-setup
%endif
# install run-command script
%if "%{with_server}" == "yes"
%{l_shtool} install -c -m 755 %{l_value -s -a} \
%{SOURCE rc.heimdal} \
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
%endif
# install default configuration files
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE krb5.conf} \
$RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/
%if "%{with_server}" == "yes"
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE kdc.conf} \
$RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/
%{l_shtool} install -c -m 644 \
/dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.master
%{l_shtool} install -c -m 644 \
/dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.slaves
%endif
# install OSSP fsl configuration
%if "%{with_server}" == "yes"
%{l_shtool} install -c -m 644 %{l_value -s -a} \
%{SOURCE fsl.heimdal} \
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl/
%endif
# provide path compatibility to MIT Kerberos
ln -s heimdal $RPM_BUILD_ROOT%{l_prefix}/include/kerberos
ln -s heimdal $RPM_BUILD_ROOT%{l_prefix}/lib/kerberos
# determine installation files
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
%if "%{with_server}" == "yes"
'%config %{l_prefix}/etc/fsl/fsl.heimdal' \
%endif
'%config %{l_prefix}/etc/heimdal/*.conf'
%files -f files
%clean
%pre
# before upgrade, save status and stop service
[ $1 -eq 2 ] || exit 0
eval `%{l_rc} heimdal status 2>/dev/null | tee %{l_tmpfile}`
%{l_rc} heimdal stop 2>/dev/null
exit 0
%post
# initial hints
%if "%{with_server}" == "yes"
if [ $1 -eq 1 ]; then
# display information about next steps
( echo "Before you can use Heimdal you have to choose the"
echo "Kerberos realm (e.g. EXAMPLE.COM) and initialize the"
echo "Heimdal database with the command:"
echo " \$ $RPM_INSTALL_PREFIX/sbin/heimdal-setup "
echo "where is the primary DNS zone of this setup and"
echo " by convention is the upper-case version of ."
echo ""
echo "After this you should start the Kerberos server with:"
echo " \$ $RPM_INSTALL_PREFIX/bin/openpkg rc heimdal start"
echo ""
echo "Then you should change the password of the admin/admin user"
echo "from the default \"admin\" to something secure:"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ "
echo " passwd -p admin/admin"
echo ""
echo "REPLICATION:"
echo ""
echo "For database replication prepare the *master* with:"
echo " \$ echo 'iprop/.@' \\ "
echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.slaves"
echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf"
echo " heimdal_daemons=\"[...] ipropd-master\""
echo ""
echo "For database replication prepare the *slave* with:"
echo " \$ echo '.' \\ "
echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.master"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " add --random-key --attributes=\"\" \\ "
echo " --max-ticket-life=1day --max-renewable-life=1week \\ "
echo " --expiration-time=never --pw-expiration-time=never \\ "
echo " iprop/."
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " ext_keytab host/."
echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf"
echo " heimdal_daemons=\"[...] ipropd-slave\""
echo ""
echo "HOSTS:"
echo ""
echo "Then you should add and attach all remote hosts to Heimdal"
echo "by running the following command on each *remote* host:"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " add --random-key --attributes=\"\" \\ "
echo " --max-ticket-life=1day --max-renewable-life=1week \\ "
echo " --expiration-time=never --pw-expiration-time=never \\ "
echo " host/."
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ "
echo " ext_keytab host/."
echo ""
echo "USERS:"
echo ""
echo "Then you should add all your users to Heimdal via:"
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ "
echo " add --password= --use-defaults \\ "
echo " /@"
echo ""
echo "After this, your users can use Kerberos all attached hosts:"
echo " \$ $RPM_INSTALL_PREFIX/bin/kinit /"
echo " \$ $RPM_INSTALL_PREFIX/bin/klist"
echo " \$ $RPM_INSTALL_PREFIX/bin/kdestroy"
echo ""
) | %{l_rpmtool} msg -b -t notice
fi
# after upgrade, restore status
[ $1 -eq 2 ] || exit 0
eval `cat %{l_tmpfile}`; rm -f %{l_tmpfile}
[ ".$heimdal_active" = .yes ] && %{l_rc} heimdal start
exit 0
%endif
%preun
# before erase, stop service and remove log files
%if "%{with_server}" == "yes"
[ $1 -eq 0 ] || exit 0
%{l_rc} heimdal stop 2>/dev/null
rm -f $RPM_INSTALL_PREFIX/var/heimdal/log/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/heimdal/run/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/var/heimdal/db/* >/dev/null 2>&1 || true
exit 0
%endif