184 lines
4.8 KiB
Plaintext
184 lines
4.8 KiB
Plaintext
###############################################################################
|
|
# IPFire.org - An Open Source Firewall Solution #
|
|
# Copyright (C) - IPFire Development Team <info@ipfire.org> #
|
|
###############################################################################
|
|
|
|
name = krb5
|
|
version = %{ver_maj}.%{ver_min}
|
|
ver_maj = 1.20
|
|
ver_min = 1
|
|
release = 4
|
|
|
|
groups = System/Libraries
|
|
url = https://web.mit.edu/kerberos/www/
|
|
license = MIT
|
|
summary = The Kerberos network authentication system.
|
|
|
|
description
|
|
Kerberos V5 is a trusted-third-party network authentication system,
|
|
which can improve your network's security by eliminating the insecure
|
|
practice of sending passwords over the network in unencrypted form.
|
|
end
|
|
|
|
source_dl = https://web.mit.edu/kerberos/dist/krb5/%{ver_maj}/
|
|
|
|
build
|
|
DIR_APP = %{DIR_SRC}/%{thisapp}/src
|
|
|
|
requires
|
|
autoconf
|
|
automake
|
|
bison >= 3.0.4-2
|
|
dejagnu
|
|
flex
|
|
gettext
|
|
libcom_err-devel
|
|
libss-devel
|
|
ncurses-devel
|
|
openldap-devel
|
|
openssl-devel
|
|
pam-devel
|
|
perl
|
|
systemd-units
|
|
tcl-devel
|
|
texinfo
|
|
end
|
|
|
|
configure_options += \
|
|
--enable-shared \
|
|
--disable-rpath \
|
|
--localstatedir=%{sharedstatedir}/kerberos \
|
|
--with-system-et \
|
|
--with-system-ss \
|
|
--with-netlib=-lresolv \
|
|
--with-tcl \
|
|
--enable-dns-for-realm \
|
|
--with-dirsrv \
|
|
--enable-pkinit \
|
|
--with-crypto-impl=openssl \
|
|
--with-pam
|
|
|
|
configure_cmds
|
|
# Add additional compiler flags to proper harden the binaries.
|
|
sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
|
|
clients/kpasswd/Makefile
|
|
sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
|
|
appl/simple/server/Makefile
|
|
sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
|
|
appl/sample/sserver/Makefile
|
|
end
|
|
|
|
install_cmds
|
|
# Sample KDC config files (bundled kdc.conf and kadm5.acl).
|
|
mkdir -pv %{BUILDROOT}%{sharedstatedir}/kerberos/krb5kdc
|
|
install -pm 600 %{DIR_SOURCE}/kdc.conf %{BUILDROOT}%{sharedstatedir}/kerberos/krb5kdc/
|
|
install -pm 600 %{DIR_SOURCE}/kadm5.acl %{BUILDROOT}%{sharedstatedir}/kerberos/krb5kdc/
|
|
|
|
# Default configuration file for everything.
|
|
mkdir -pv %{BUILDROOT}/etc
|
|
install -pm 644 %{DIR_SOURCE}/krb5.conf %{BUILDROOT}/etc/krb5.conf
|
|
|
|
# Plug-in directories.
|
|
install -pdm 755 %{BUILDROOT}%{libdir}/krb5/plugins/preauth
|
|
install -pdm 755 %{BUILDROOT}%{libdir}/krb5/plugins/kdb
|
|
install -pdm 755 %{BUILDROOT}%{libdir}/krb5/plugins/authdata
|
|
end
|
|
end
|
|
|
|
packages
|
|
package %{name}-server
|
|
summary = The KDC and related programs for Kerberos 5.
|
|
description
|
|
Kerberos is a network authentication system. The krb5-server package
|
|
contains the programs that must be installed on a Kerberos 5 key
|
|
distribution center (KDC). If you are installing a Kerberos 5 KDC,
|
|
you need to install this package.
|
|
end
|
|
|
|
requires
|
|
%{name}-libs = %{thisver}
|
|
end
|
|
|
|
script postin
|
|
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
end
|
|
|
|
script preun
|
|
/usr/bin/systemctl --no-reload disable kadmin.service >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl --no-reload disable kprop.service >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl --no-reload disable krb5kdc.service >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl stop kadmin.service >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl stop kprop.service >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl stop krb5kdc.service >/dev/null 2>&1 || :
|
|
end
|
|
|
|
script postun
|
|
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
end
|
|
|
|
script postup
|
|
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl try-restart kadmin.service >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl try-restart kprop.service >/dev/null 2>&1 || :
|
|
/usr/bin/systemctl try-restart krb5kdc.service >/dev/null 2>&1 || :
|
|
end
|
|
end
|
|
|
|
package %{name}-workstation
|
|
summary = Kerberos 5 programs for use on workstations.
|
|
description
|
|
Kerberos is a network authentication system. The krb5-workstation
|
|
package contains the basic Kerberos programs (kinit, klist, kdestroy,
|
|
kpasswd). If your network uses Kerberos, this package should be
|
|
installed on every workstation.
|
|
end
|
|
|
|
requires
|
|
%{name}-libs = %{thisver}
|
|
end
|
|
|
|
files
|
|
%{bindir}/kdestroy
|
|
%{bindir}/kinit
|
|
%{bindir}/klist
|
|
%{bindir}/kpassword
|
|
%{bindir}/kswitch
|
|
%{bindir}/kvno
|
|
%{bindir}/kadmin
|
|
%{bindir}/k5srvutil
|
|
%{bindir}/kutil
|
|
%{bindir}/ksu
|
|
%{bindir}/krb5-send-pr
|
|
|
|
%{sysconfdir}/pam.d
|
|
|
|
%{mandir}/man1/kdestroy.*
|
|
%{mandir}/man1/kinit.*
|
|
%{mandir}/man1/klist.*
|
|
%{mandir}/man1/kpassword.*
|
|
%{mandir}/man1/kswitch.*
|
|
%{mandir}/man1/kvno.*
|
|
%{mandir}/man1/kadmin.*
|
|
%{mandir}/man1/k5srvutil.*
|
|
%{mandir}/man1/kutil.*
|
|
%{mandir}/man1/ksu.*
|
|
end
|
|
end
|
|
|
|
package %{name}-libs
|
|
template LIBS
|
|
end
|
|
|
|
package %{name}-devel
|
|
template DEVEL
|
|
|
|
requires
|
|
libcom_err-devel
|
|
end
|
|
end
|
|
|
|
package %{name}-debuginfo
|
|
template DEBUGINFO
|
|
end
|
|
end
|