krb5/krb5.spec

%global _hardening_ldflags %{nil}
%global WITH_DIRSRV 1

Name:     krb5
Version:  1.19.2
Release:  1
Summary:  The Kerberos network authentication protocol
License:  MIT
URL:      http://web.mit.edu/kerberos/www/
Source0:  https://web.mit.edu/kerberos/dist/krb5/1.19/%{name}-%{version}.tar.gz
Source1:  https://web.mit.edu/kerberos/dist/krb5/1.19/%{name}-%{version}.tar.gz.asc
Source2:  kprop.service
Source3:  kadmin.service
Source4:  krb5kdc.service
Source5:  krb5.conf
Source6:  kdc.conf
Source7:  kadm5.acl
Source11: ksu.pamd
Source12: krb5kdc.logrotate
Source13: kadmind.logrotate
Source100: noport.c 
Patch0: ksu-pam-integration.patch
Patch1: SELinux-integration.patch
Patch2: Adjust-build-configuration.patch
Patch3: netlib-and-dns.patch
Patch4: fix-debuginfo-with-y.tab.c.patch
Patch5: Remove-3des-support.patch
Patch6: FIPS-with-PRNG-and-RADIUS-and-MD4.patch
Patch7: backport-CVE-2021-37750.patch

BuildRequires:  gettext
BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
BuildRequires:  libcom_err-devel openssl-devel openldap-devel libss-devel libverto-module-base

# tests
BuildRequires: perl-interpreter dejagnu python3 tcl-devel
BuildRequires: net-tools rpcbind hostname iproute libverto-devel
BuildRequires: nss_wrapper socket_wrapper keyutils, keyutils-libs-devel
BuildRequires: lmdb-devel

Obsoletes:     libkadm5 < %{version}-%{release}
Provides:      libkadm5 = %{version}-%{release}

%description
Kerberos is a network authentication protocol.
It is designed to provide strong authentication
for client/server applications by using secret-key
cryptography.


%package server
Summary:    krb5 server
Requires:   %{name}-libs%{?_isa} = %{version}-%{release}
Requires:   logrotate libverto systemd words crypto-policies
Obsoletes:  krb5-pkinit < %{version}-%{release}
Obsoletes:  krb5-server-ldap < %{version}-%{release}
Provides:   krb5-pkinit = %{version}-%{release}
Provides:   krb5-server-ldap = %{version}-%{release}
Obsoletes:  krb5-pkinit-openssl < %{version}-%{release}
Provides:   krb5-pkinit-openssl = %{version}-%{release}

%description server
This package provides krb5 server programs.

%package client
Summary:    krb5 client
Requires:   %{name}-libs%{?_isa} = %{version}-%{release}
Obsoletes:  %{name}-workstation
Provides:   %{name}-workstation

%description client
This package provides krb5 client programs.

%package devel
Summary:    Development files for compiling with krb5
Requires:   %{name}-libs%{?_isa} = %{version}-%{release}
Requires:   e2fsprogs-devel keyutils-libs-devel libselinux-devel libverto-devel
Provides:   krb5-kdb-version = 7.0

%description devel
%{summary}.

%package libs
Summary:    The non-admin shared libraries used by Kerberos 5
Requires:   coreutils gawk grep sed keyutils-libs
Requires:   /etc/crypto-policies/back-ends/krb5.config

%description libs
This package contains the shared libraries needed by Kerberos 5.

%package help
Summary:    The documents for krb5
BuildArch:  noarch

%description help
%{summary}.

%prep
%autosetup -n %{name}-%{version} -p1

pushd src
autoreconf -fiv
popd

%build
source %{_libdir}/tclConfig.sh
pushd src

# Set this so that configure will have a value even if the current version of
# autoconf doesn't set one.
export runstatedir=%{_localstatedir}/run
# Work out the CFLAGS and CPPFLAGS which we intend to use.
INCLUDES=-I%{_includedir}/et
CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC -fno-strict-aliasing -fstack-protector-all`"
CPPFLAGS="`echo $DEFINES $INCLUDES`"
%configure \
    CC="%{__cc}" \
    CFLAGS="$CFLAGS" \
    CPPFLAGS="$CPPFLAGS" \
    SS_LIB="-lss" \
    --enable-shared \
    --localstatedir=%{_var}/kerberos \
    --disable-rpath \
    --without-krb5-config \
    --with-system-et \
    --with-system-ss \
    --with-netlib=-lresolv \
    --with-tcl \
    --enable-dns-for-realm \
    --with-ldap \
%if %{WITH_DIRSRV}
    --with-dirsrv-account-locking \
%endif
    --enable-pkinit \
    --with-crypto-impl=openssl \
    --with-tls-impl=openssl \
    --with-system-verto \
    --with-pam \
    --with-selinux \
    --with-prng-alg=os \
    --with-lmdb \
    || (cat config.log; exit 1)

%make_build
popd
# We need to cut off any access to locally-running nameservers, too.
%{__cc} -fPIC -shared -o noport.so -Wall -Wextra %{SOURCE100}

%install
pushd src
%make_install
popd

mkdir -p $RPM_BUILD_ROOT/etc
install -pm 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/krb5.conf

mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc
install -pm 600 %{SOURCE6} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
install -pm 600 %{SOURCE7} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/

mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5/user

mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d
ln -sv /etc/crypto-policies/back-ends/krb5.config $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies

mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss

mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss/mech.d

mkdir -p $RPM_BUILD_ROOT%{_unitdir}
install -pm 644 %{SOURCE2} $RPM_BUILD_ROOT%{_unitdir}
install -pm 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}
install -pm 644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}

mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/krb5kdc

# install logrotate config files for server
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d/
install -pm 644 %{SOURCE12} $RPM_BUILD_ROOT/etc/logrotate.d/`basename %{SOURCE12} .logrotate`
install -pm 644 %{SOURCE13} $RPM_BUILD_ROOT/etc/logrotate.d/`basename %{SOURCE13} .logrotate`

# PAM configuration files.
mkdir -p $RPM_BUILD_ROOT/etc/pam.d/
install -pm 644 %{SOURCE11} $RPM_BUILD_ROOT/etc/pam.d/`basename %{SOURCE11} .pamd`

install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth
install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/kdb
install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/authdata

rm -vf %{buildroot}/%{_sbindir}/krb5-send-pr
rm -vrf %{buildroot}/%{_datadir}/examples
rm -vf %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so

find %buildroot -type f \( -name '*.so' -o -name '*.so.*' \) -exec chmod 755 {} +

%find_lang mit-krb5


%check
make -C src runenv.py
make -C src check || :

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post server
%systemd_post krb5kdc.service kadmin.service kprop.service
/bin/systemctl daemon-reload

%preun server
%systemd_preun krb5kdc.service kadmin.service kprop.service

%postun server
%systemd_postun_with_restart krb5kdc.service kadmin.service kprop.service

%files
%defattr(-,root,root,-)
%doc NOTICE README
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*

%files libs -f mit-krb5.lang
%defattr(-,root,root,-)
%dir /etc/gss
%dir /etc/gss/mech.d
%dir /etc/krb5.conf.d
%config(noreplace) /etc/krb5.conf
%config(noreplace) /etc/krb5.conf.d/crypto-policies
%{_libdir}/libgssapi_krb5.so.*
%{_libdir}/libgssrpc.so.*
%{_libdir}/libk5crypto.so.*
%{_libdir}/libkdb5.so.*
%{_libdir}/libkrad.so.*
%{_libdir}/libkrb5.so.*
%{_libdir}/libkrb5support.so.*
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/*
%{_libdir}/krb5/plugins/preauth/spake.so
%{_libdir}/krb5/plugins/tls/k5tls.so
%dir %{_var}/kerberos
%dir %{_var}/kerberos/krb5
%dir %{_var}/kerberos/krb5/user

%files server
%defattr(-,root,root,-)
%{_unitdir}/krb5kdc.service
%{_unitdir}/kadmin.service
%{_unitdir}/kprop.service
%dir %{_localstatedir}/run/krb5kdc
%config(noreplace) /etc/logrotate.d/krb5kdc
%config(noreplace) /etc/logrotate.d/kadmind
%dir %{_var}/kerberos
%dir %{_var}/kerberos/krb5kdc
%config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf
%config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%dir %{_libdir}/krb5/plugins/preauth
%dir %{_libdir}/krb5/plugins/authdata
%{_libdir}/krb5/plugins/preauth/otp.so
%{_libdir}/krb5/plugins/preauth/pkinit.so
%{_libdir}/krb5/plugins/kdb/db2.so
%{_libdir}/krb5/plugins/kdb/kldap.so
%{_libdir}/krb5/plugins/kdb/klmdb.so
%{_libdir}/libkdb_ldap.so
%{_libdir}/libkdb_ldap.so.*
%{_sbindir}/kdb5_ldap_util
%{_sbindir}/kadmin.local
%{_sbindir}/kadmind
%{_sbindir}/kdb5_util
%{_sbindir}/kprop
%{_sbindir}/kpropd
%{_sbindir}/kproplog
%{_sbindir}/krb5kdc
%{_bindir}/sclient
%{_sbindir}/sserver

%files client
%defattr(-,root,root,-)
%config(noreplace) /etc/pam.d/ksu
%{_bindir}/kdestroy
%{_bindir}/kinit
%{_bindir}/klist
%{_bindir}/kpasswd
%{_bindir}/kswitch
%{_bindir}/kvno
%{_bindir}/kadmin
%{_bindir}/k5srvutil
%{_bindir}/ktutil
%attr(4755,root,root) %{_bindir}/ksu

%files devel
%defattr(-,root,root,-)
%{_includedir}/*
%{_libdir}/{libgssapi_krb5.so,libgssrpc.so,libk5crypto.so,libkdb5.so,libkrad.so,libkrb5.so,libkrb5support.so}
%{_libdir}/pkgconfig/*
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5clnt_mit.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkadm5srv_mit.so
%{_bindir}/krb5-config
%{_bindir}/sim_client
%{_bindir}/gss-client
%{_bindir}/uuclient
%{_sbindir}/sim_server
%{_sbindir}/gss-server
%{_sbindir}/uuserver

%files help
%defattr(-,root,root,-)
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man5/{.k5identity.5.*,.k5login.5.*}
%{_mandir}/man7/*
%{_mandir}/man8/*

%changelog
* Fri Dec 24 2021 yixiangzhike <yixiangzhike007@163.com> - 1.19.2-1
- Update to 1.19.2

* Tue Aug 24 2021 gaoyusong <gaoyusong1@huawei.com> - 1.19.1-3
- Fix CVE-2021-37750

* Wed Jul 21 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.19.1-2
- Fix CVE-2021-36222

* Sat Jun 26 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.19.1-1
- Upgrade upstream to 1.19.1

* Wed May 26 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.18.2-3
- Add gettext to BuildRequires

* Thu Jan 7 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.18.2-2
- Fix CVE-2020-28196

* Fri Jun 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.18.2-1
- Upgrade upstream to 1.18.2

* Wed Apr 29 2020 steven<steven_ygui@163.com> - 1.18-2
- Fix parameters in kdc.conf of version 1.18

* Fri Apr 24 2020 steven<steven_ygui@163.com> - 1.18-1
- Upgrade upstream to 1.18

* Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-9
- add krb5-libs containing some commands and dynamic library

* Fri Feb 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-8
- fix several problems of version 1.17

* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-7
- fix the permission problem

* Wed Jan 8 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-6
- simplify functions

* Fri Nov 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-5
- delete unused patch

* Fri Nov 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-4
- change LDFLAGS in building environment to solve build failure of pam_krb5

* Thu Oct 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-3
- Add BuildRequires: byacc

* Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-2
- Adjust requires

* Thu Sep 19 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-1
- Package init
update 2019-12-08 12:06:25 +08:00			`%global _hardening_ldflags %{nil}`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`%global WITH_DIRSRV 1`
update 2019-12-08 12:06:25 +08:00
Package init 2019-09-30 10:54:30 -04:00			`Name: krb5`
Update to 1.19.2 2021-12-24 15:39:53 +08:00			`Version: 1.19.2`
			`Release: 1`
Package init 2019-09-30 10:54:30 -04:00			`Summary: The Kerberos network authentication protocol`
			`License: MIT`
			`URL: http://web.mit.edu/kerberos/www/`
Update to 1.19.1 2021-06-26 12:40:15 +08:00			`Source0: https://web.mit.edu/kerberos/dist/krb5/1.19/%{name}-%{version}.tar.gz`
			`Source1: https://web.mit.edu/kerberos/dist/krb5/1.19/%{name}-%{version}.tar.gz.asc`
Package init 2019-09-30 10:54:30 -04:00			`Source2: kprop.service`
			`Source3: kadmin.service`
			`Source4: krb5kdc.service`
			`Source5: krb5.conf`
			`Source6: kdc.conf`
			`Source7: kadm5.acl`
			`Source11: ksu.pamd`
			`Source12: krb5kdc.logrotate`
			`Source13: kadmind.logrotate`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`Source100: noport.c`
			`Patch0: ksu-pam-integration.patch`
			`Patch1: SELinux-integration.patch`
			`Patch2: Adjust-build-configuration.patch`
			`Patch3: netlib-and-dns.patch`
			`Patch4: fix-debuginfo-with-y.tab.c.patch`
			`Patch5: Remove-3des-support.patch`
			`Patch6: FIPS-with-PRNG-and-RADIUS-and-MD4.patch`
Update to 1.19.2 2021-12-24 15:39:53 +08:00			`Patch7: backport-CVE-2021-37750.patch`
Package init 2019-09-30 10:54:30 -04:00
Add gettext to BuildRequires 2021-05-26 12:05:00 +08:00			`BuildRequires: gettext`
update code 2019-11-06 19:35:14 +08:00			`BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc`
Package init 2019-09-30 10:54:30 -04:00			`BuildRequires: libcom_err-devel openssl-devel openldap-devel libss-devel libverto-module-base`

			`# tests`
			`BuildRequires: perl-interpreter dejagnu python3 tcl-devel`
			`BuildRequires: net-tools rpcbind hostname iproute libverto-devel`
			`BuildRequires: nss_wrapper socket_wrapper keyutils, keyutils-libs-devel`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`BuildRequires: lmdb-devel`
Package init 2019-09-30 10:54:30 -04:00
add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`Obsoletes: libkadm5 < %{version}-%{release}`
			`Provides: libkadm5 = %{version}-%{release}`
Package init 2019-09-30 10:54:30 -04:00
			`%description`
			`Kerberos is a network authentication protocol.`
			`It is designed to provide strong authentication`
			`for client/server applications by using secret-key`
			`cryptography.`


			`%package server`
			`Summary: krb5 server`
add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`Requires: %{name}-libs%{?_isa} = %{version}-%{release}`
Package init 2019-09-30 10:54:30 -04:00			`Requires: logrotate libverto systemd words crypto-policies`
add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`Obsoletes: krb5-pkinit < %{version}-%{release}`
			`Obsoletes: krb5-server-ldap < %{version}-%{release}`
			`Provides: krb5-pkinit = %{version}-%{release}`
			`Provides: krb5-server-ldap = %{version}-%{release}`
Package init 2019-09-30 10:54:30 -04:00			`Obsoletes: krb5-pkinit-openssl < %{version}-%{release}`
			`Provides: krb5-pkinit-openssl = %{version}-%{release}`

			`%description server`
			`This package provides krb5 server programs.`

			`%package client`
			`Summary: krb5 client`
add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`Requires: %{name}-libs%{?_isa} = %{version}-%{release}`
Package init 2019-09-30 10:54:30 -04:00			`Obsoletes: %{name}-workstation`
			`Provides: %{name}-workstation`

			`%description client`
			`This package provides krb5 client programs.`

			`%package devel`
			`Summary: Development files for compiling with krb5`
add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`Requires: %{name}-libs%{?_isa} = %{version}-%{release}`
Package init 2019-09-30 10:54:30 -04:00			`Requires: e2fsprogs-devel keyutils-libs-devel libselinux-devel libverto-devel`
			`Provides: krb5-kdb-version = 7.0`

			`%description devel`
			`%{summary}.`

add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`%package libs`
			`Summary: The non-admin shared libraries used by Kerberos 5`
			`Requires: coreutils gawk grep sed keyutils-libs`
			`Requires: /etc/crypto-policies/back-ends/krb5.config`

			`%description libs`
			`This package contains the shared libraries needed by Kerberos 5.`

Package init 2019-09-30 10:54:30 -04:00			`%package help`
			`Summary: The documents for krb5`
			`BuildArch: noarch`

			`%description help`
			`%{summary}.`

			`%prep`
			`%autosetup -n %{name}-%{version} -p1`

			`pushd src`
			`autoreconf -fiv`
			`popd`

			`%build`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`source %{_libdir}/tclConfig.sh`
Package init 2019-09-30 10:54:30 -04:00			`pushd src`
upgrade to 1.18 2020-05-11 14:21:22 +08:00
			`# Set this so that configure will have a value even if the current version of`
			`# autoconf doesn't set one.`
			`export runstatedir=%{_localstatedir}/run`
			`# Work out the CFLAGS and CPPFLAGS which we intend to use.`
			`INCLUDES=-I%{_includedir}/et`
			CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC -fno-strict-aliasing -fstack-protector-all`"
			CPPFLAGS="`echo $DEFINES $INCLUDES`"
Package init 2019-09-30 10:54:30 -04:00			`%configure \`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`CC="%{__cc}" \`
			`CFLAGS="$CFLAGS" \`
			`CPPFLAGS="$CPPFLAGS" \`
			`SS_LIB="-lss" \`
Package init 2019-09-30 10:54:30 -04:00			`--enable-shared \`
			`--localstatedir=%{_var}/kerberos \`
			`--disable-rpath \`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`--without-krb5-config \`
			`--with-system-et \`
			`--with-system-ss \`
Package init 2019-09-30 10:54:30 -04:00			`--with-netlib=-lresolv \`
			`--with-tcl \`
			`--enable-dns-for-realm \`
			`--with-ldap \`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`%if %{WITH_DIRSRV}`
			`--with-dirsrv-account-locking \`
			`%endif`
Package init 2019-09-30 10:54:30 -04:00			`--enable-pkinit \`
			`--with-crypto-impl=openssl \`
			`--with-tls-impl=openssl \`
			`--with-system-verto \`
			`--with-pam \`
			`--with-selinux \`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`--with-prng-alg=os \`
			`--with-lmdb \`
			`\|\| (cat config.log; exit 1)`
Package init 2019-09-30 10:54:30 -04:00
			`%make_build`
			`popd`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`# We need to cut off any access to locally-running nameservers, too.`
			`%{__cc} -fPIC -shared -o noport.so -Wall -Wextra %{SOURCE100}`
Package init 2019-09-30 10:54:30 -04:00
			`%install`
			`pushd src`
			`%make_install`
			`popd`

			`mkdir -p $RPM_BUILD_ROOT/etc`
			`install -pm 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/krb5.conf`

			`mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc`
			`install -pm 600 %{SOURCE6} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/`
			`install -pm 600 %{SOURCE7} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/`

			`mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5/user`

			`mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d`
			`ln -sv /etc/crypto-policies/back-ends/krb5.config $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies`

			`mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss`

			`mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss/mech.d`

			`mkdir -p $RPM_BUILD_ROOT%{_unitdir}`
			`install -pm 644 %{SOURCE2} $RPM_BUILD_ROOT%{_unitdir}`
			`install -pm 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}`
			`install -pm 644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}`

			`mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/krb5kdc`

			`# install logrotate config files for server`
			`mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d/`
			install -pm 644 %{SOURCE12} $RPM_BUILD_ROOT/etc/logrotate.d/`basename %{SOURCE12} .logrotate`
			install -pm 644 %{SOURCE13} $RPM_BUILD_ROOT/etc/logrotate.d/`basename %{SOURCE13} .logrotate`

			`# PAM configuration files.`
			`mkdir -p $RPM_BUILD_ROOT/etc/pam.d/`
			install -pm 644 %{SOURCE11} $RPM_BUILD_ROOT/etc/pam.d/`basename %{SOURCE11} .pamd`

			`install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth`
			`install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/kdb`
			`install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/authdata`

			`rm -vf %{buildroot}/%{_sbindir}/krb5-send-pr`
			`rm -vrf %{buildroot}/%{_datadir}/examples`
			`rm -vf %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so`

fix the permission problem 2020-01-14 11:33:06 +08:00			`find %buildroot -type f \( -name '.so' -o -name '.so.*' \) -exec chmod 755 {} +`

Package init 2019-09-30 10:54:30 -04:00			`%find_lang mit-krb5`


			`%check`
			`make -C src runenv.py`
			`make -C src check \|\| :`

			`%post -p /sbin/ldconfig`

			`%postun -p /sbin/ldconfig`

			`%post server`
			`%systemd_post krb5kdc.service kadmin.service kprop.service`
			`/bin/systemctl daemon-reload`

			`%preun server`
			`%systemd_preun krb5kdc.service kadmin.service kprop.service`

			`%postun server`
			`%systemd_postun_with_restart krb5kdc.service kadmin.service kprop.service`

add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`%files`
fix the permission problem 2020-01-14 11:33:06 +08:00			`%defattr(-,root,root,-)`
Package init 2019-09-30 10:54:30 -04:00			`%doc NOTICE README`
add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`%{_libdir}/libkadm5clnt_mit.so.*`
			`%{_libdir}/libkadm5srv_mit.so.*`

			`%files libs -f mit-krb5.lang`
			`%defattr(-,root,root,-)`
Package init 2019-09-30 10:54:30 -04:00			`%dir /etc/gss`
			`%dir /etc/gss/mech.d`
			`%dir /etc/krb5.conf.d`
			`%config(noreplace) /etc/krb5.conf`
			`%config(noreplace) /etc/krb5.conf.d/crypto-policies`
			`%{_libdir}/libgssapi_krb5.so.*`
			`%{_libdir}/libgssrpc.so.*`
			`%{_libdir}/libk5crypto.so.*`
			`%{_libdir}/libkdb5.so.*`
			`%{_libdir}/libkrad.so.*`
			`%{_libdir}/libkrb5.so.*`
			`%{_libdir}/libkrb5support.so.*`
add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`%dir %{_libdir}/krb5`
			`%dir %{_libdir}/krb5/plugins`
			`%dir %{_libdir}/krb5/plugins/*`
			`%{_libdir}/krb5/plugins/preauth/spake.so`
			`%{_libdir}/krb5/plugins/tls/k5tls.so`
			`%dir %{_var}/kerberos`
			`%dir %{_var}/kerberos/krb5`
			`%dir %{_var}/kerberos/krb5/user`
Package init 2019-09-30 10:54:30 -04:00
			`%files server`
fix the permission problem 2020-01-14 11:33:06 +08:00			`%defattr(-,root,root,-)`
Package init 2019-09-30 10:54:30 -04:00			`%{_unitdir}/krb5kdc.service`
			`%{_unitdir}/kadmin.service`
			`%{_unitdir}/kprop.service`
			`%dir %{_localstatedir}/run/krb5kdc`
			`%config(noreplace) /etc/logrotate.d/krb5kdc`
			`%config(noreplace) /etc/logrotate.d/kadmind`
			`%dir %{_var}/kerberos`
			`%dir %{_var}/kerberos/krb5kdc`
			`%config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf`
			`%config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl`
			`%dir %{_libdir}/krb5`
			`%dir %{_libdir}/krb5/plugins`
			`%dir %{_libdir}/krb5/plugins/kdb`
			`%dir %{_libdir}/krb5/plugins/preauth`
			`%dir %{_libdir}/krb5/plugins/authdata`
			`%{_libdir}/krb5/plugins/preauth/otp.so`
			`%{_libdir}/krb5/plugins/preauth/pkinit.so`
			`%{_libdir}/krb5/plugins/kdb/db2.so`
			`%{_libdir}/krb5/plugins/kdb/kldap.so`
upgrade to 1.18 2020-05-11 14:21:22 +08:00			`%{_libdir}/krb5/plugins/kdb/klmdb.so`
Package init 2019-09-30 10:54:30 -04:00			`%{_libdir}/libkdb_ldap.so`
			`%{_libdir}/libkdb_ldap.so.*`
			`%{_sbindir}/kdb5_ldap_util`
			`%{_sbindir}/kadmin.local`
			`%{_sbindir}/kadmind`
			`%{_sbindir}/kdb5_util`
			`%{_sbindir}/kprop`
			`%{_sbindir}/kpropd`
			`%{_sbindir}/kproplog`
			`%{_sbindir}/krb5kdc`
			`%{_bindir}/sclient`
			`%{_sbindir}/sserver`

			`%files client`
fix the permission problem 2020-01-14 11:33:06 +08:00			`%defattr(-,root,root,-)`
Package init 2019-09-30 10:54:30 -04:00			`%config(noreplace) /etc/pam.d/ksu`
			`%{_bindir}/kdestroy`
			`%{_bindir}/kinit`
			`%{_bindir}/klist`
			`%{_bindir}/kpasswd`
			`%{_bindir}/kswitch`
			`%{_bindir}/kvno`
			`%{_bindir}/kadmin`
			`%{_bindir}/k5srvutil`
			`%{_bindir}/ktutil`
			`%attr(4755,root,root) %{_bindir}/ksu`

			`%files devel`
fix the permission problem 2020-01-14 11:33:06 +08:00			`%defattr(-,root,root,-)`
Package init 2019-09-30 10:54:30 -04:00			`%{_includedir}/*`
			`%{_libdir}/{libgssapi_krb5.so,libgssrpc.so,libk5crypto.so,libkdb5.so,libkrad.so,libkrb5.so,libkrb5support.so}`
			`%{_libdir}/pkgconfig/*`
			`%{_libdir}/libkadm5clnt.so`
			`%{_libdir}/libkadm5clnt_mit.so`
			`%{_libdir}/libkadm5srv.so`
			`%{_libdir}/libkadm5srv_mit.so`
			`%{_bindir}/krb5-config`
			`%{_bindir}/sim_client`
			`%{_bindir}/gss-client`
			`%{_bindir}/uuclient`
			`%{_sbindir}/sim_server`
			`%{_sbindir}/gss-server`
			`%{_sbindir}/uuserver`

			`%files help`
fix the permission problem 2020-01-14 11:33:06 +08:00			`%defattr(-,root,root,-)`
Package init 2019-09-30 10:54:30 -04:00			`%{_mandir}/man1/*`
			`%{_mandir}/man5/*`
			`%{_mandir}/man5/{.k5identity.5.,.k5login.5.}`
			`%{_mandir}/man7/*`
			`%{_mandir}/man8/*`

			`%changelog`
Update to 1.19.2 2021-12-24 15:39:53 +08:00			`* Fri Dec 24 2021 yixiangzhike <yixiangzhike007@163.com> - 1.19.2-1`
			`- Update to 1.19.2`

[Mainline]: Fix CVE-2021-37750 2021-08-24 19:43:39 +08:00			`* Tue Aug 24 2021 gaoyusong <gaoyusong1@huawei.com> - 1.19.1-3`
			`- Fix CVE-2021-37750`

Fix CVE-2021-36222 2021-07-21 16:08:17 +08:00			`* Wed Jul 21 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.19.1-2`
			`- Fix CVE-2021-36222`

Update to 1.19.1 2021-06-26 12:40:15 +08:00			`* Sat Jun 26 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.19.1-1`
			`- Upgrade upstream to 1.19.1`

Add gettext to BuildRequires 2021-05-26 12:05:00 +08:00			`* Wed May 26 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.18.2-3`
			`- Add gettext to BuildRequires`

Fix CVE-2020-28196 2021-01-07 17:11:39 +08:00			`* Thu Jan 7 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.18.2-2`
			`- Fix CVE-2020-28196`

update to 1.18.2 2020-06-19 15:53:27 +08:00			`* Fri Jun 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.18.2-1`
			`- Upgrade upstream to 1.18.2`

upgrade to 1.18 2020-05-11 14:21:22 +08:00			`* Wed Apr 29 2020 steven<steven_ygui@163.com> - 1.18-2`
			`- Fix parameters in kdc.conf of version 1.18`

			`* Fri Apr 24 2020 steven<steven_ygui@163.com> - 1.18-1`
			`- Upgrade upstream to 1.18`

add krb5-libs containing some commands and dynamic library 2020-02-17 11:07:59 +08:00			`* Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-9`
			`- add krb5-libs containing some commands and dynamic library`

fix several problems of version 1.17 2020-02-14 16:13:46 +08:00			`* Fri Feb 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-8`
			`- fix several problems of version 1.17`

fix the permission problem 2020-01-14 11:33:06 +08:00			`* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-7`
			`- fix the permission problem`

simplify functions 2020-01-10 16:32:54 +08:00			`* Wed Jan 8 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-6`
			`- simplify functions`

delete unused patch 2019-12-31 15:31:25 +08:00			`* Fri Nov 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-5`
			`- delete unused patch`

update 2019-12-08 12:06:25 +08:00			`* Fri Nov 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-4`
			`- change LDFLAGS in building environment to solve build failure of pam_krb5`

update code 2019-11-06 19:35:14 +08:00			`* Thu Oct 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-3`
			`- Add BuildRequires: byacc`

Package init 2019-09-30 10:54:30 -04:00			`* Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-2`
			`- Adjust requires`

			`* Thu Sep 19 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-1`
			`- Package init`