%define _hardened_build 1 %define libdir %{_libdir}/heimdal Name: heimdal Version: 1.5.2 Release: 3%{?dist} Summary: A Kerberos5 implementation without export restrictions License: BSD-like, GPLv2+, X11 URL: http://www.h5l.org/ Group: Networking/Other Source: http://www.h5l.org/dist/src/%{name}-%{version}.tar.gz Source1: %{name}.init Source2: %{name}-kadmind.xinetd Source3: %{name}.sysconfig Source4: %{name}.sh Source5: %{name}.csh Source6: %{name}-rshd.xinetd Source7: %{name}-ftpd.xinetd Source8: %{name}-telnetd.xinetd Source9: krb5.conf.sample Source10: %{name}.logrotate Source11: bashrc Patch1: heimdal.missing-map.diff Patch2: skip_tests.diff Patch3: ipv6_loopbacks_fix.patch Patch4: fedora_suffix_munge.patch # We don't build X11 binaries, switch to new xorg-x11-devel # if we add it. #BuildRequires: xorg-x11-devel BuildRequires: db4-devel >= 4.2.52 BuildRequires: flex BuildRequires: bison BuildRequires: libtool BuildRequires: ncurses-devel >= 5.3 BuildRequires: openldap-devel >= 2.0 BuildRequires: readline-devel BuildRequires: libtermcap-devel BuildRequires: pam-devel BuildRequires: e2fsprogs-devel BuildRequires: texinfo BuildRequires: sqlite-devel BuildRequires: openldap-devel #Required for tests/ldap BuildRequires: openldap-servers %if ! 0%{?fedora} BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %endif %description Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec (rfc1510 and successors) including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center server and support for ticket delegation (S4U2Self, S4U2Proxy). This package can coexist with MIT Kerberos 5 packages. Hesiod is disabled by default since it is deemed too big a security risk by the packager. %package workstation Summary: Heimdal kerberos programs for use on workstations Group: System Environment/Base Requires: xinetd %description workstation This package contains Heimdal Kerberos 5 programs and utilities for use on workstations (kinit, klist, kdestroy, kpasswd) %package appl-clients Summary: Heimdal kerberized client applications Group: System Environment/Base %description appl-clients This package contains Heimdal Kerberos-aware versions of the telnet, ftp, rcp, rsh, and rlogin clients. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. %package appl-servers Summary: Heimdal kerberized server applications Group: System Environment/Daemons %description appl-servers This package contains Heimdal Kerberos-aware versions of the pop3, telnet, ftp, rcp, rsh, and rlogin servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. %package server Summary: Heimdal kerberos server Group: System Environment/Daemons Requires: chkconfig Requires: xinetd %description server This package contains the master Heimdal kerberos Key Distribution Center (KDC), admin interface server (admind) and master-slave synchronisation daemons. Install this package if you intend to set up Kerberos server. %package libs Summary: Heimdal kerberos shared libraries Group: System Environment/Libraries %description libs This package contains shared libraries required by several of the other Heimdal packages. %package devel Summary: Header and other development files for Heimdal kerberos Group: System Environment/Libraries %description devel Contains files needed to compile and link software using the Heimdal kerberos headers/libraries. %prep %setup -q %patch3 -p0 -b .getaddrinfo %patch4 -p0 -b .fedorahax #autoreconf autoreconf -f -i %build %ifarch i386 %define build_fix "-march=i686" %else %define build_fix "" %endif %configure \ --prefix=%{_prefix} \ --includedir=%{_includedir}/%{name} \ --libdir=%{libdir} \ --enable-static \ --enable-shared \ --enable-pthread-support \ --without-x \ --without-hesiod \ --with-ipv6 \ --enable-kcm \ --enable-pk-init \ --with-openssl=%{_prefix} \ --with-openldap=%{_prefix} \ --with-sqlite3=%{_prefix} \ --with-readline-include=%{_includedir}/readline \ --with-readline-lib=%{_libdir} \ LIBS="-ltermcap" \ CFLAGS="-fPIC %{optflags} %{build_fix}" make make -C doc html %check make check %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install install -D -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/rc.d/init.d/heimdal install -D -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/heimdal %ifarch x86_64 install -d -m 755 %{buildroot}/%{_sysconfdir}/profile.d/ sed 's/lib/lib64/g' %{SOURCE4} > %{buildroot}/%{_sysconfdir}/profile.d/heimdal.sh sed 's/lib/lib64/g' %{SOURCE5} > %{buildroot}/%{_sysconfdir}/profile.d/heimdal.csh %else install -D -m 755 %{SOURCE4} %{buildroot}/%{_sysconfdir}/profile.d/heimdal.sh install -D -m 755 %{SOURCE5} %{buildroot}/%{_sysconfdir}/profile.d/heimdal.csh %endif mkdir -p %{buildroot}/%{_sysconfdir}/xinetd.d/ install -D -m 644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/xinetd.d/kadmind sed -e 's#@LIBDIR@#%{libdir}#g' < %SOURCE6 > %{buildroot}/%{_sysconfdir}/xinetd.d/heimdal-rshd sed -e 's#@LIBDIR@#%{libdir}#g' < %SOURCE7 > %{buildroot}/%{_sysconfdir}/xinetd.d/heimdal-ftpd sed -e 's#@LIBDIR@#%{libdir}#g' < %SOURCE8 > %{buildroot}/%{_sysconfdir}/xinetd.d/heimdal-telnetd install -D -m 644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/logrotate.d/heimdal mkdir -p %{buildroot}/%{_localstatedir}/heimdal/ touch %{buildroot}/%{_localstatedir}/heimdal/kadmind.acl touch %{buildroot}/%{_localstatedir}/heimdal/slaves touch %{buildroot}/%{_localstatedir}/heimdal/slave-stats install -d -m 700 %{buildroot}/%{_localstatedir}/log/heimdal install -d -m 755 %{buildroot}/%{_docdir}/%{name}-%{version}/ install -D -m 644 LICENSE %{buildroot}/%{_docdir}/%{name}-%{version}/LICENSE install -D -m 644 %{SOURCE9} %{buildroot}/%{_docdir}/%{name}-%{version}/krb5.conf.sample install -D -m 644 %{SOURCE11} %{buildroot}/%{_docdir}/%{name}-%{version}/ # we don't need pkgconfig file and info/dir rm -rf %{buildroot}/%{libdir}/pkgconfig rm -rf %{buildroot}/%{_infodir}/dir # NOTICE: no support for X11 rm -f %{buildroot}/%{_mandir}/man1/kx.1* rm -f %{buildroot}/%{_mandir}/man1/rxtelnet.1* rm -f %{buildroot}/%{_mandir}/man1/rxterm.1* rm -f %{buildroot}/%{_mandir}/man1/tenletxr.1* rm -f %{buildroot}/%{_mandir}/man1/xnlock.1* rm -f %{buildroot}/%{_mandir}/man8/kxd.8* # Remove CAT files, they are not needed rm -rf %{buildroot}/%{_mandir}/cat* mkdir -p %{buildroot}/%{_sysconfdir}/ld.so.conf.d/ echo "%{libdir}" > %{buildroot}/%{_sysconfdir}/ld.so.conf.d/heimdal.conf # rename clashes with MIT from to .heimdal for prog in kadmin kadmind kdestroy kinit klist kpasswd krb5-config ktutil do mv %{buildroot}/%{_bindir}/${prog} %{buildroot}/%{_bindir}/${prog}.%{name} || mv %{buildroot}/%{_sbindir}/${prog} %{buildroot}/%{_sbindir}/${prog}.%{name} || mv %{buildroot}/%{_libexecdir}/${prog} %{buildroot}/%{_libexecdir}/${prog}.%{name} mv %{buildroot}/%{_mandir}/man1/${prog}.1 \ %{buildroot}/%{_mandir}/man1/${prog}.%{name}.1 || mv %{buildroot}/%{_mandir}/man8/${prog}.8 \ %{buildroot}/%{_mandir}/man8/${prog}.%{name}.8 done mv %{buildroot}/%{_mandir}/man5/krb5.conf.5 \ %{buildroot}/%{_mandir}/man5/krb5.conf.%{name}.5 # Kerberised apps go to /usr/lib/heimdal/bin, FESCo denied us /usr/heimdal mkdir -p %{buildroot}/%{libdir}/bin mkdir -p %{buildroot}/%{_mandir}/%{name}/man{1,5,8} for prog in ftp ftpd login pagsh rcp rsh rshd su telnet telnetd do mv %{buildroot}/%{_bindir}/${prog} %{buildroot}/%{libdir}/bin || mv %{buildroot}/%{_libexecdir}/${prog} %{buildroot}/%{libdir}/bin mv %{buildroot}/%{_mandir}/man1/${prog}.1 \ %{buildroot}/%{_mandir}/%{name}/man1/ || mv %{buildroot}/%{_mandir}/man8/${prog}.8 \ %{buildroot}/%{_mandir}/%{name}/man8 done for man in ftpusers login.access do mv %{buildroot}/%{_mandir}/man5/${man}.5 \ %{buildroot}/%{_mandir}/%{name}/man5/ done %clean rm -rf %{buildroot} %post appl-servers /sbin/service xinetd condrestart %postun appl-servers /sbin/service xinetd condrestart %post server /sbin/chkconfig --add heimdal /sbin/service xinetd condrestart %preun server /sbin/service heimdal stop %postun server /sbin/service xinetd condrestart %post libs /sbin/ldconfig %postun libs /sbin/ldconfig %files libs %defattr(-,root,root,-) %{_sysconfdir}/profile.d/heimdal.sh %{_sysconfdir}/profile.d/heimdal.csh %{_sysconfdir}/ld.so.conf.d/heimdal.conf %{libdir}/lib*.la %{libdir}/lib*.so* %{libdir}/windc.la %{libdir}/windc.so* #%{_infodir}/dir %{_infodir}/heimdal.info* %{_infodir}/hx509.info* %{_mandir}/man5/krb5.conf.%{name}.5* %{_mandir}/man5/qop.5* %{_mandir}/man5/mech.5* %{_mandir}/man8/kerberos.8* %{_prefix}/bin/string2key %{_mandir}/man8/string2key.8* %{_libexecdir}/kdigest %{_mandir}/man8/kdigest.8* %{_prefix}/bin/verify_krb5_conf %{_mandir}/man8/verify_krb5_conf.8* %{_libexecdir}/digest-service %dir %{_docdir}/%{name}-%{version} %doc %{_docdir}/%{name}-%{version}/* # Language files #%{_prefix}/share/locale/*/LC_MESSAGES/* %files server %defattr(-,root,root,-) %{_initrddir}/heimdal %{_sysconfdir}/logrotate.d/heimdal %config(noreplace) %{_sysconfdir}/sysconfig/heimdal %config(noreplace) %{_sysconfdir}/xinetd.d/kadmind %dir %attr(700,root,root) %{_localstatedir}/heimdal %dir %attr(700,root,root) %{_localstatedir}/log/heimdal %config(noreplace) %attr(600,root,root) %{_localstatedir}/heimdal/kadmind.acl %config(noreplace) %attr(600,root,root) %{_localstatedir}/heimdal/slaves %attr(600,root,root) %{_localstatedir}/heimdal/slave-stats %{_libexecdir}/hprop %{_mandir}/man8/hprop.8* %{_libexecdir}/hpropd %{_mandir}/man8/hpropd.8* %{_mandir}/man8/iprop.8* %{_sbindir}/iprop-log %{_mandir}/man8/iprop-log.8* %{_libexecdir}/ipropd-master %{_mandir}/man8/ipropd-master.8* %{_libexecdir}/ipropd-slave %{_mandir}/man8/ipropd-slave.8* %{_libexecdir}/kadmind.%{name} %{_mandir}/man8/kadmind.%{name}.8* %{_libexecdir}/kdc %{_mandir}/man8/kdc.8* %{_libexecdir}/kpasswdd %{_mandir}/man8/kpasswdd.8* %{_sbindir}/kstash %{_mandir}/man8/kstash.8* %files workstation %defattr(-,root,root,-) %{_prefix}/bin/afslog %{_mandir}/man1/afslog.1* %{_prefix}/bin/gsstool %{_prefix}/bin/hxtool %{_prefix}/bin/idn-lookup %{_prefix}/bin/kcc %{_prefix}/bin/kdestroy.%{name} %{_mandir}/man1/kdestroy.%{name}.1* %{_prefix}/bin/kf %{_mandir}/man1/kf.1* %{_prefix}/bin/kgetcred %{_mandir}/man1/kgetcred.1* %{_libexecdir}/kimpersonate %{_mandir}/man8/kimpersonate.8* %{_prefix}/bin/kinit.%{name} %{_mandir}/man1/kinit.%{name}.1* %{_prefix}/bin/klist.%{name} %{_mandir}/man1/klist.%{name}.1* %{_prefix}/bin/kpasswd.%{name} %{_mandir}/man1/kpasswd.%{name}.1* %{_prefix}/bin/kswitch %{_mandir}/man1/kswitch.1* %{_prefix}/bin/otp %{_mandir}/man1/otp.1* %{_prefix}/bin/otpprint %{_mandir}/man1/otpprint.1* %{_prefix}/bin/pfrom %{_mandir}/man1/pfrom.1* %{_sbindir}/kadmin.%{name} %{_mandir}/man8/kadmin.%{name}.8* %{_libexecdir}/kcm %{_mandir}/man8/kcm.8* %{_libexecdir}/kfd %{_mandir}/man8/kfd.8* %{_sbindir}/ktutil.%{name} %{_mandir}/man8/ktutil.%{name}.8* # NOTICE: no support for X11 #%{_libexecdir}/kxd #%{_mandir}/man8/kxd.8* #%{_mandir}/cat8/kxd.8* %{_libexecdir}/popper %{_mandir}/man8/popper.8* # TODO: PUSH needs to go to bin!!! %{_libexecdir}/push %{_mandir}/man8/push.8* %files appl-clients %defattr(-,root,root,-) %{libdir}/bin/ftp %{_mandir}/%{name}/man1/ftp.1* %{libdir}/bin/login %{_mandir}/%{name}/man1/login.1* %{_mandir}/%{name}/man5/login.access.5* %{libdir}/bin/pagsh %{_mandir}/%{name}/man1/pagsh.1* %{libdir}/bin/rcp %{_mandir}/%{name}/man1/rcp.1* %{libdir}/bin/rsh %{_mandir}/%{name}/man1/rsh.1* %attr(04550,root,root) %{_libdir}/%{name}/bin/su %{_mandir}/%{name}/man1/su.1* %{libdir}/bin/telnet %{_mandir}/%{name}/man1/telnet.1* # NOTICE: no support for X11 #%{_prefix}/bin/rxtelnet #%{_mandir}/man1/rxtelnet.1* #%{_mandir}/cat1/rxtelnet.1* %files appl-servers %defattr(-,root,root,-) %config(noreplace) %{_sysconfdir}/xinetd.d/heimdal-ftpd %config(noreplace) %{_sysconfdir}/xinetd.d/heimdal-rshd %config(noreplace) %{_sysconfdir}/xinetd.d/heimdal-telnetd %{libdir}/bin/telnetd %{_mandir}/%{name}/man8/telnetd.8* %{libdir}/bin/ftpd %{_mandir}/%{name}/man8/ftpd.8* %{_mandir}/%{name}/man5/ftpusers.5* %{libdir}/bin/rshd %{_mandir}/%{name}/man8/rshd.8* %files devel %defattr(-,root,root,-) %{_bindir}/krb5-config.%{name} %{_mandir}/man1/krb5-config.%{name}.1* %{_includedir}/* %{libdir}/lib*.a %{libdir}/windc.a %{_mandir}/man3/* #%{_prefix}/bin/compile_et %{_libexecdir}/heimdal/asn1_compile %{_libexecdir}/heimdal/asn1_print %{_libexecdir}/heimdal/slc %changelog * Wed Jul 4 2012 Rok Papež, ARNES - 1.5.2-3 - updated to upstream 1.5.2 - added support for Fedora 17 - fixed wrong PATH on x86_64 - fixed IPv6 and multiple interfaces bug in krb5_parse_address: https://bugzilla.redhat.com/show_bug.cgi?id=808147 - added support for .heimdal prefix to kcc * Tue Oct 4 2011 Rok Papež, ARNES - 1.5.1-1 - updated to upstream 1.5.1 * Tue Sep 27 2011 Rok Papež, ARNES - 1.5.1.pre20110912git-2 - FESCo updates: https://fedorahosted.org/fesco/ticket/577 - Implicit %Requires removed, rpmbuild can figure them out itself - Implicit %Provides removed, we are NOT compatible with krb5 - Enable hardened build: https://fedoraproject.org/wiki/Packaging:Guidelines#PIE https://fedoraproject.org/wiki/User:Kevin/DRAFT_When_to_use_PIE_compiler_flags - Merged updates from Orion Poplawski * Mon Sep 12 2011 Rok Papež, ARNES - 1.5.1.pre20110912git-1.arnes - Updated to Heimdal 1.5.1.pre20110912git * Tue Nov 30 2010 Rok Papež, ARNES - 1.4.1rc1-1.arnes - Updated to Heimdal 1.4.1rc1 * Fri Jul 09 2010 Rok Papež, ARNES - 1.3.3-1.arnes - Updated to Heimdal 1.3.3 * Wed Apr 21 2010 Rok Papež, ARNES - 1.3.2-2.arnes - Updated to Heimdal 1.3.2 * Wed Sep 17 2009 Rok Papež, ARNES - 1.3.0pre9-1 - Updated to Heimdal 1.3.0pre9 - Building on CentOS 5.3 i386 and Fedora 11 x86_64. * Wed Jun 10 2009 Rok Papež, ARNES - 1.2.1-9 - Fixed build for CentOS 4.7 (thanks to Nitzan Zaifman for bugreport) * Sun Jun 8 2009 Rok Papež, ARNES - 1.2.1-8 - Fixed paths for building on CentOS 5.3 - Rebuilt for CentOS 5.3 - removed obsolete X11 dependency * Fri Feb 19 2009 Mitja Mihelic, ARNES - 1.2.1-7 - added dependency on xinetd for heimdal-workstation * Tue Jan 20 2009 Rok Papež, ARNES - Fixed permissions * Wed Oct 8 2008 Rok Papež, ARNES - New specs for Heimdel 1.2.1, suggestions taken from both PDC and Mandrake specs file. - Need to be compatible with MIT Kerberos 5 installation. - Let MIT have priority