Name:		gssproxy
Version:	0.7.0
Release:	8%{?dist}
Summary:	GSSAPI Proxy

Group:		System Environment/Libraries
License:	MIT
URL:		https://pagure.io/gssproxy
Source0:	https://releases.pagure.org/%{name}/%{name}-%{version}.tar.gz
BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)

%global servicename gssproxy
%global pubconfpath %{_sysconfdir}/gssproxy
%global gpstatedir %{_localstatedir}/lib/gssproxy

### Patches ###
Patch0: Properly-renew-expired-credentials.patch
Patch1: Change-impersonator-check-code.patch
Patch2: Allow-connection-to-self-when-impersonator-set.patch
Patch3: Remove-gpm_release_ctx-to-fix-double-unlock.patch
Patch4: Update-systemd-file.patch
Patch5: Fix-unused-variables.patch
Patch6: Fix-segfault-when-no-config-files-are-present.patch
Patch7: Include-header-for-writev.patch

### Dependencies ###
Requires: krb5-libs >= 1.12.0
Requires: keyutils-libs
Requires: libverto-module-base
Requires: libini_config
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units

### Build Dependencies ###
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: m4
BuildRequires: libxslt
BuildRequires: libxml2
BuildRequires: docbook-style-xsl
BuildRequires: doxygen
BuildRequires: gettext-devel
BuildRequires: pkgconfig
BuildRequires: krb5-devel >= 1.12.0
BuildRequires: libselinux-devel
BuildRequires: keyutils-libs-devel
BuildRequires: libini_config-devel >= 1.2.0
BuildRequires: libverto-devel
BuildRequires: popt-devel
BuildRequires: findutils
BuildRequires: systemd-units

%description
A proxy for GSSAPI credential handling

%prep
%setup -q
%patch0 -p2 -b .Properly-renew-expired-credentials
%patch1 -p2 -b .Change-impersonator-check-code
%patch2 -p2 -b .Allow-connection-to-self-when-impersonator-set
%patch3 -p2 -b .Remove-gpm_release_ctx-to-fix-double-unlock
%patch4 -p2 -b .Update-systemd-file
%patch5 -p2 -b .Fix-unused-variables
%patch6 -p2 -b .Fix-segfault-when-no-config-files-are-present
%patch7 -p2 -b .Include-header-for-writev

%build
autoreconf -f -i
%configure \
    --with-pubconf-path=%{pubconfpath} \
    --with-initscript=systemd \
    --disable-static \
    --disable-rpath \
    --with-gpp-default-behavior=REMOTE_FIRST

make %{?_smp_mflags} all
make test_proxymech

%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la
install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy
install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf
install -m644 examples/99-nfs-client.conf %{buildroot}%{_sysconfdir}/gssproxy/99-nfs-client.conf
mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d
install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf
mkdir -p %{buildroot}%{gpstatedir}/rcache

%clean
rm -rf %{buildroot}


%files
%defattr(-,root,root,-)
%doc COPYING
%{_unitdir}/gssproxy.service
%{_sbindir}/gssproxy
%attr(755,root,root) %dir %{pubconfpath}
%attr(755,root,root) %dir %{gpstatedir}
%attr(700,root,root) %dir %{gpstatedir}/clients
%attr(700,root,root) %dir %{gpstatedir}/rcache
%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf
%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-nfs-client.conf
%attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf
%{_libdir}/gssproxy/proxymech.so
%{_mandir}/man5/gssproxy.conf.5*
%{_mandir}/man8/gssproxy.8*
%{_mandir}/man8/gssproxy-mech.8*

%post
%systemd_post gssproxy.service

%preun
%systemd_preun gssproxy.service

%postun
%systemd_postun_with_restart gssproxy.service

%changelog
* Wed May 24 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-8
- Remove (buggy?) logic around NFS snippet.

* Wed May 17 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-7
- Remove NFS server stanza if nfs-utils not present
- Also update gcc7 patch to match upstream

* Tue May 16 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-6
- Fix segfault when no configuration files are found
- Various build fixes for gcc7

* Mon May 01 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-5
- Update systemd unit file (nfs removal, reload capability)

* Mon Apr 03 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-4
- Backport fix for double unlock

* Tue Mar 28 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-3
- Drop NFS server snippet (removes dependency on nfs kernel component)

* Tue Mar 14 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-2
- Fix credential renewal and impersonator checking for m_a_g

* Tue Mar 07 2017 Robbie Harwood <rharwood@redhat.com> - 0.7.0-1
- New upstream release - 0.7.0

* Mon Mar 06 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-4
- Actually apply the patches I just added
- Also include a Coverity fix.

* Tue Feb 28 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-2
- Include other non-null fix and various things from master

* Thu Feb 23 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.2-1
- Fix incorrect use of non-null string in xdr
- Also move version number to better reflect what is inside

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Mon Jan 23 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.1-2
- Fix allocation issue of cred store
- Resolves: #1415400

* Fri Jan 20 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.1-1
- New upstream release v0.6.1
- Resolves: #1415090

* Wed Jan 18 2017 Robbie Harwood <rharwood@redhat.com> - 0.6.0-1
- New upstream release v0.6.0

* Tue Sep 27 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-3
- Adjust libverto dependency to not use a specific backend
- Resolves: #1379812

* Tue Jun 14 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-2
- Own /var/lib/gssproxy/rcache

* Mon Jun 13 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.1-1
- Update to upstream release v0.5.1
- Resolves: #1345871

* Tue Jun 07 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-5
- Acquire new socket for fork/permission drops on clients

* Mon May 09 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-4
- Do not package mod_auth_gssapi conf file
  - This ensures gssproxy works even when the apache user does not exist

* Thu May 05 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-3
- Ensure we actually package the config files

* Thu May 05 2016 Simo Sorce <simo@redhat.com> - 0.5.0-2
- Fix typo in requires

* Wed May 04 2016 Robbie Harwood <rharwood@redhat.com> - 0.5.0-1
- Release new upstream version
- Bump ini_config version for `ini_config_augment()`

* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Wed Dec 16 2015 Robbie Harwood <rharwood@redhat.com> - 0.4.1-4
- Fix issues with 1.14
- Fix bogus date in changelog (March 30 2015 was a Monday)

* Wed Oct 21 2015 Robbie Harwood <rharwood@redhat.com> - 0.4.1-3
- Clear message buffer to fix segfault on arm
- resolves: #1235902

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Mon Mar 30 2015 Simo Sorce <simo@redhat.com> 0.4.1-1
- New upstream release
- Fix issues with paths in config files

* Tue Mar 24 2015 Simo Sorce <simo@redhat.com> 0.4.0-2
- Workaround rawhide bug (bz1204646) with krb5-config by switching to
  pkg-config (patch from upstream)

* Tue Mar 24 2015 Simo Sorce <simo@redhat.com> 0.4.0-1
- New upstream realease
  Added optional support for running GSS-Proxy as an unprivileged user
  Uses new /etc/gss/mech.d configuration directory for gss mechanisms
  Kernel related fixes
  General bug fixing, many minor errors or incorrect behaviours have been corrected
- drop all patches, they are all included upstream

* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Thu May 29 2014 Simo Sorce <simo@redhat.com> 0.3.1-2
- Rebuild as new ding-libs brings in soname bump

* Thu Mar 13 2014 Guenther Deschner <gdeschner@redhat.com> 0.3.1-1
- Fix flags handling in gss_init_sec_context()
- resolves: https://fedorahosted.org/gss-proxy/ticket/112
- Fix nfsd startup
- resolves: https://fedorahosted.org/gss-proxy/ticket/114
- Fix potential mutex deadlock
- resolves: https://fedorahosted.org/gss-proxy/ticket/120
- Fix segfault in gssi_inquire_context
- resolves: https://fedorahosted.org/gss-proxy/ticket/117
- resolves: #1061133

* Tue Nov 26 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.1-0
- New upstream release 0.3.1:
  * Fix use of gssproxy for client initiation
  * Add new enforcing and filtering options for context initialization
  * Fix potential thread safety issues
- resolves: https://fedorahosted.org/gss-proxy/ticket/110
- resolves: https://fedorahosted.org/gss-proxy/ticket/111

* Tue Nov 19 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.0-3
- Fix flags handling in gss_init_sec_context()
- resolves: https://fedorahosted.org/gss-proxy/ticket/106
- Fix OID handling in gss_inquire_cred_by_mech()
- resolves: https://fedorahosted.org/gss-proxy/ticket/107
- Fix continuation processing for not yet fully established contexts.
- resolves: https://fedorahosted.org/gss-proxy/ticket/108
- Add flags filtering and flags enforcing.
- resolves: https://fedorahosted.org/gss-proxy/ticket/109

* Wed Oct 23 2013 Guenther Deschner <gdeschner@redhat.com> 0.3.0-0
- New upstream release 0.3.0:
  * Add support for impersonation (depends on s4u2self/s4u2proxy on the KDC)
  * Add support for new rpc.gssd mode of operation that forks and changes uid
  * Add 2 new options allow_any_uid and cred_usage

* Fri Oct 18 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-8
- Fix default proxymech documentation and fix LOCAL_FIRST implementation
- resolves: https://fedorahosted.org/gss-proxy/ticket/105

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Wed Jul 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-6
- Add better default gssproxy.conf file for nfs client and server usage

* Thu Jun 06 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-5
- New upstream release

* Fri May 31 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-5
- Require libverto-tevent to make sure libverto initialization succeeds

* Wed May 29 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-4
- Modify systemd unit files for nfs-secure services

* Wed May 22 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-3
- Fix cred_store handling w/o client keytab

* Thu May 16 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.2-2
- New upstream release

* Tue May 07 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.1-2
- New upstream release

* Wed Apr 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.0-1
- New upstream release

* Mon Apr 01 2013 Simo Sorce <simo@redhat.com> - 0.1.0-0
- New upstream release

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.0.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Tue Nov 06 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.3-7
- Update to 0.0.3

* Wed Aug 22 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-6
- Use new systemd-rpm macros
- resolves: #850139

* Wed Jul 18 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-5
- More spec file fixes

* Mon Jul 16 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-4
- Fix systemd service file

* Fri Jul 13 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.2-3
- Fix various packaging issues

* Mon Jul 02 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.1-2
- Add systemd packaging

* Wed Mar 28 2012 Guenther Deschner <gdeschner@redhat.com> 0.0.1-1
- Various fixes

* Mon Dec 12 2011 Simo Sorce <simo@redhat.com> - 0.0.2-0
- Automated build of the gssproxy daemon