You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
333 lines
12 KiB
333 lines
12 KiB
## |
|
## heimdal.spec -- OpenPKG RPM Package Specification |
|
## Copyright (c) 2000-2022 OpenPKG Project <http://openpkg.org/> |
|
## |
|
## Permission to use, copy, modify, and distribute this software for |
|
## any purpose with or without fee is hereby granted, provided that |
|
## the above copyright notice and this permission notice appear in all |
|
## copies. |
|
## |
|
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
|
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
|
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR |
|
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
|
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
|
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
|
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
## SUCH DAMAGE. |
|
## |
|
|
|
# package information |
|
Name: heimdal |
|
Summary: Kerberos Network Authentication System |
|
URL: http://www.h5l.org/ |
|
Vendor: KTH SE |
|
Packager: OpenPKG Project |
|
Distribution: OpenPKG Community |
|
Class: EVAL |
|
Group: Cryptography |
|
License: BSD |
|
Version: 1.4 |
|
Release: 20100914 |
|
|
|
# package options |
|
%option with_fsl yes |
|
%option with_server yes |
|
%option with_ldap no |
|
|
|
# list of sources |
|
Source0: http://www.h5l.org/dist/src/heimdal-%{version}.tar.gz |
|
Source1: rc.heimdal |
|
Source2: fsl.heimdal |
|
Source3: krb5.conf |
|
Source4: kdc.conf |
|
Source5: heimdal-setup.sh |
|
Patch0: heimdal.patch |
|
|
|
# build information |
|
BuildPreReq: OpenPKG, openpkg >= 20160101, bison, flex |
|
PreReq: OpenPKG, openpkg >= 20160101 |
|
%if "%{with_fsl}" == "yes" |
|
BuildPreReq: fsl |
|
PreReq: fsl |
|
%endif |
|
BuildPreReq: readline, openssl, db |
|
PreReq: readline, openssl, db |
|
%if "%{with_ldap}" == "yes" |
|
BuildPreReq: openldap |
|
PreReq: openldap |
|
%endif |
|
Provides: KERBEROS |
|
Conflicts: kerberos |
|
|
|
%description |
|
Kerberos is a network authentication protocol. It is designed |
|
to provide strong authentication for client/server applications |
|
by using secret-key cryptography. This is the free Heimdal |
|
implementation of this protocol, as available from KTH. Kerberos is |
|
available in many commercial products as well. |
|
|
|
%track |
|
prog heimdal = { |
|
version = %{version} |
|
url = http://www.h5l.org/dist/src/ |
|
regex = heimdal-(\d+(\.\d+)+)\.tar\.gz |
|
} |
|
|
|
%prep |
|
%setup -q |
|
%patch -p0 |
|
|
|
%build |
|
# configure toolkit |
|
%{l_shtool} subst \ |
|
-e 's;^\(DIST_SUBDIRS.*\) appl \(.*\)$;\1\2;' \ |
|
Makefile.in |
|
%{l_shtool} subst \ |
|
-e 's;^\(SUBDIRS.*\) appl \(.*\)$;\1\2;' \ |
|
Makefile.in |
|
%{l_shtool} subst \ |
|
-e 's;/krb5.conf:/etc/krb5.conf;/krb5.conf;g' \ |
|
lib/krb5/constants.c |
|
%{l_shtool} subst \ |
|
-e 's;/var/heimdal;%{l_prefix}/var/heimdal/db;g' \ |
|
lib/hdb/hdb.h |
|
%{l_shtool} subst \ |
|
-e 's;/var/run/;%{l_prefix}/var/heimdal/run/;g' \ |
|
lib/roken/roken-common.h |
|
%{l_shtool} subst \ |
|
-e 's;HDB_DB_DIR "/kdc.conf";"%{l_prefix}/etc/heimdal/kdc.conf";g' \ |
|
kadmin/kadmin.c kadmin/kadmind.c kdc/kdc_locl.h kpasswd/kpasswdd.c |
|
%{l_shtool} subst \ |
|
-e 's;HDB_DB_DIR "/slaves";"%{l_prefix}/etc/heimdal/ipropd.slaves";g' \ |
|
-e 's;HDB_DB_DIR "/slaves-stats";"%{l_prefix}/var/heimdal/run/ipropd.stats";g' \ |
|
lib/kadm5/iprop.h |
|
%{l_shtool} subst \ |
|
-e 's;HDB_DB_DIR "/signal";"%{l_prefix}/var/heimdal/run/ipropd.signal";g' \ |
|
lib/kadm5/private.h |
|
( echo "ac_cv_prog_COMPILE_ET=" |
|
) >config.cache |
|
CC="%{l_cc}" \ |
|
CFLAGS="%{l_cflags -O} %{l_cppflags}" \ |
|
CPPFLAGS="%{l_cppflags}" \ |
|
LDFLAGS="%{l_ldflags}" \ |
|
./configure \ |
|
--cache-file=./config.cache \ |
|
--prefix=%{l_prefix} \ |
|
--mandir=%{l_prefix}/man \ |
|
--infodir=%{l_prefix}/info \ |
|
--sysconfdir=%{l_prefix}/etc/heimdal \ |
|
--includedir=%{l_prefix}/include/heimdal \ |
|
--libdir=%{l_prefix}/lib/heimdal \ |
|
--libexecdir=%{l_prefix}/sbin \ |
|
--localstatedir=%{l_prefix}/var/heimdal/db \ |
|
--without-x \ |
|
--with-readline=%{l_prefix} \ |
|
--with-readline-lib=%{l_prefix}/lib \ |
|
--with-readline-include=%{l_prefix}/include \ |
|
--with-openssl=%{l_prefix} \ |
|
--with-openssl-lib=%{l_prefix}/lib \ |
|
--with-openssl-include=%{l_prefix}/include \ |
|
--enable-berkeley-db \ |
|
--disable-ndbm-db \ |
|
%if "%{with_ldap}" == "yes" |
|
--with-openldap=%{l_prefix} \ |
|
--with-openldap-lib=%{l_prefix}/lib \ |
|
--with-openldap-include=%{l_prefix}/include \ |
|
%endif |
|
--enable-kcm \ |
|
--without-krb4 \ |
|
--enable-pthread-support \ |
|
--enable-otp \ |
|
--disable-shared |
|
|
|
# build toolkit |
|
%{l_make} %{l_mflags} |
|
|
|
%install |
|
# install toolkit |
|
%{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT" |
|
|
|
# create additional directories |
|
%{l_shtool} mkdir -p -m 755 \ |
|
%if "%{with_server}" == "yes" |
|
$RPM_BUILD_ROOT%{l_prefix}/var/heimdal/log \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/heimdal/run \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/heimdal/db \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl \ |
|
%endif |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/heimdal |
|
|
|
# strip down installation |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/info/dir |
|
rm -rf $RPM_BUILD_ROOT%{l_prefix}/man/cat* |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/heimdal/libeditline* |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/include/heimdal/editline.h |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man3/editline.3 |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man3/*.3 |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/bin/compile_et |
|
strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true |
|
strip $RPM_BUILD_ROOT%{l_prefix}/sbin/* >/dev/null 2>&1 || true |
|
|
|
# strip down installation (server-related only) |
|
%if "%{with_server}" != "yes" |
|
for file in $RPM_BUILD_ROOT%{l_prefix}/sbin/*; do |
|
base=`echo $file | sed -e "s;^$RPM_BUILD_ROOT%{l_prefix}/sbin/;;"` |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man8/$base.8 >/dev/null 2>&1 || true |
|
rm -f $file >/dev/null 2>&1 || true |
|
done |
|
%endif |
|
|
|
# post-adjust installation |
|
mv $RPM_BUILD_ROOT%{l_prefix}/lib/heimdal/pkgconfig \ |
|
$RPM_BUILD_ROOT%{l_prefix}/lib/pkgconfig |
|
|
|
# install setup script |
|
%if "%{with_server}" == "yes" |
|
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
|
-e 's;@l_bash@;%{l_bash};g' \ |
|
%{SOURCE heimdal-setup.sh} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/sbin/heimdal-setup |
|
%endif |
|
|
|
# install run-command script |
|
%if "%{with_server}" == "yes" |
|
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
|
%{SOURCE rc.heimdal} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ |
|
%endif |
|
|
|
# install default configuration files |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
%{SOURCE krb5.conf} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ |
|
%if "%{with_server}" == "yes" |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
%{SOURCE kdc.conf} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ |
|
%{l_shtool} install -c -m 644 \ |
|
/dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.master |
|
%{l_shtool} install -c -m 644 \ |
|
/dev/null $RPM_BUILD_ROOT%{l_prefix}/etc/heimdal/ipropd.slaves |
|
%endif |
|
|
|
# install OSSP fsl configuration |
|
%if "%{with_server}" == "yes" |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
%{SOURCE fsl.heimdal} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ |
|
%endif |
|
|
|
# provide path compatibility to MIT Kerberos |
|
ln -s heimdal $RPM_BUILD_ROOT%{l_prefix}/include/kerberos |
|
ln -s heimdal $RPM_BUILD_ROOT%{l_prefix}/lib/kerberos |
|
|
|
# determine installation files |
|
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ |
|
%{l_files_std} \ |
|
%if "%{with_server}" == "yes" |
|
'%config %{l_prefix}/etc/fsl/fsl.heimdal' \ |
|
%endif |
|
'%config %{l_prefix}/etc/heimdal/*.conf' |
|
|
|
%files -f files |
|
|
|
%clean |
|
|
|
%pre |
|
# before upgrade, save status and stop service |
|
[ $1 -eq 2 ] || exit 0 |
|
eval `%{l_rc} heimdal status 2>/dev/null | tee %{l_tmpfile}` |
|
%{l_rc} heimdal stop 2>/dev/null |
|
exit 0 |
|
|
|
%post |
|
# initial hints |
|
%if "%{with_server}" == "yes" |
|
if [ $1 -eq 1 ]; then |
|
# display information about next steps |
|
( echo "Before you can use Heimdal you have to choose the" |
|
echo "Kerberos realm (e.g. EXAMPLE.COM) and initialize the" |
|
echo "Heimdal database with the command:" |
|
echo " \$ $RPM_INSTALL_PREFIX/sbin/heimdal-setup <realm> <domain>" |
|
echo "where <domain> is the primary DNS zone of this setup and" |
|
echo "<realm> by convention is the upper-case version of <domain>." |
|
echo "" |
|
echo "After this you should start the Kerberos server with:" |
|
echo " \$ $RPM_INSTALL_PREFIX/bin/openpkg rc heimdal start" |
|
echo "" |
|
echo "Then you should change the password of the admin/admin user" |
|
echo "from the default \"admin\" to something secure:" |
|
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ " |
|
echo " passwd -p <new-password> admin/admin" |
|
echo "" |
|
echo "REPLICATION:" |
|
echo "" |
|
echo "For database replication prepare the *master* with:" |
|
echo " \$ echo 'iprop/<hostname-slave>.<domain>@<realm>' \\ " |
|
echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.slaves" |
|
echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf" |
|
echo " heimdal_daemons=\"[...] ipropd-master\"" |
|
echo "" |
|
echo "For database replication prepare the *slave* with:" |
|
echo " \$ echo '<hostname-master>.<domain>' \\ " |
|
echo " >>$RPM_INSTALL_PREFIX/etc/heimdal/ipropd.master" |
|
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " |
|
echo " add --random-key --attributes=\"\" \\ " |
|
echo " --max-ticket-life=1day --max-renewable-life=1week \\ " |
|
echo " --expiration-time=never --pw-expiration-time=never \\ " |
|
echo " iprop/<hostname-slave>.<domain>" |
|
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " |
|
echo " ext_keytab host/<hostname-slave>.<domain>" |
|
echo " \$ vi $RPM_INSTALL_PREFIX/etc/rc.conf" |
|
echo " heimdal_daemons=\"[...] ipropd-slave\"" |
|
echo "" |
|
echo "HOSTS:" |
|
echo "" |
|
echo "Then you should add and attach all remote hosts to Heimdal" |
|
echo "by running the following command on each *remote* host:" |
|
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " |
|
echo " add --random-key --attributes=\"\" \\ " |
|
echo " --max-ticket-life=1day --max-renewable-life=1week \\ " |
|
echo " --expiration-time=never --pw-expiration-time=never \\ " |
|
echo " host/<hostname>.<domain>" |
|
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -p admin/admin \\ " |
|
echo " ext_keytab host/<hostname>.<domain>" |
|
echo "" |
|
echo "USERS:" |
|
echo "" |
|
echo "Then you should add all your users to Heimdal via:" |
|
echo " \$ $RPM_INSTALL_PREFIX/sbin/kadmin -l -p admin/admin \\ " |
|
echo " add --password=<password> --use-defaults \\ " |
|
echo " <user>/<user>@<realm>" |
|
echo "" |
|
echo "After this, your users can use Kerberos all attached hosts:" |
|
echo " \$ $RPM_INSTALL_PREFIX/bin/kinit <user>/<user>" |
|
echo " \$ $RPM_INSTALL_PREFIX/bin/klist" |
|
echo " \$ $RPM_INSTALL_PREFIX/bin/kdestroy" |
|
echo "" |
|
) | %{l_rpmtool} msg -b -t notice |
|
fi |
|
# after upgrade, restore status |
|
[ $1 -eq 2 ] || exit 0 |
|
eval `cat %{l_tmpfile}`; rm -f %{l_tmpfile} |
|
[ ".$heimdal_active" = .yes ] && %{l_rc} heimdal start |
|
exit 0 |
|
%endif |
|
|
|
%preun |
|
# before erase, stop service and remove log files |
|
%if "%{with_server}" == "yes" |
|
[ $1 -eq 0 ] || exit 0 |
|
%{l_rc} heimdal stop 2>/dev/null |
|
rm -f $RPM_INSTALL_PREFIX/var/heimdal/log/* >/dev/null 2>&1 || true |
|
rm -f $RPM_INSTALL_PREFIX/var/heimdal/run/* >/dev/null 2>&1 || true |
|
rm -f $RPM_INSTALL_PREFIX/var/heimdal/db/* >/dev/null 2>&1 || true |
|
exit 0 |
|
%endif |
|
|
|
|