Refactor patches for nss-pam-ldapd package

The change of 3 meta patches refers to %post section in spec file.
The comment in the patch mentions that we don't want change our custom
binddn and bindpw in nslcd.conf.
However, in spec file, "source" variabe could not be assigned to a valid
file name, as we could not find these *.conf files in /etc/ folder.

if test -s /etc/nss-ldapd.conf ; then
        source=/etc/nss-ldapd.conf
elif test -s /etc/nss_ldap.conf ; then
        source=/etc/nss_ldap.conf
elif test -s /etc/pam_ldap.conf ; then
        source=/etc/pam_ldap.conf
else
        source=/etc/ldap.conf

So it will not change nslcd.conf even if we do not remove
below code.

if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
     # Comment out the packaged default base and replace it.
        sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
        grep -E '^base[[:blank:]]' $source >> $target
fi

grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]'
   $source 2> /dev/null >> $target

We can use RPM instead of SRPM for nss-pam-ldapd package,
since related patches are not used anymore.

Deployment test pass.

Story: 2003768
Task: 28045
Depends-on: https://review.openstack.org/#/c/619976/

Change-Id: Ia4fa723d1a6ff9a7a8059fc2db1afec640ea41b1
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This commit is contained in:
zhipengl 2018-11-27 01:10:30 +08:00 committed by zhipeng liu
parent f60e67741e
commit 462fa4fc08
10 changed files with 0 additions and 273 deletions

View File

@ -3,7 +3,6 @@ base/initscripts
base/initscripts-config
base/setup
utilities/namespace-utils
ldap/nss-pam-ldapd
base/centos-release-config
filesystem/nfs-utils
filesystem/nfs-utils-config

View File

@ -1,2 +0,0 @@
COPY_LIST="files/*"
TIS_PATCH_VER=4

View File

@ -1,25 +0,0 @@
From d40b26f83438d44cff778d3c25cb15ca45e9b59c Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 26 Sep 2016 17:40:10 -0400
Subject: Update package versioning for TIS format
---
SPECS/nss-pam-ldapd.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index 6313d0f..90dca69 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -39,7 +39,7 @@
Name: nss-pam-ldapd
Version: 0.8.13
-Release: 16%{?dist}
+Release: 16.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: An nsswitch module which uses directory servers
Group: System Environment/Base
License: LGPLv2+
--
2.7.4

View File

@ -1,4 +0,0 @@
spec-TiS-changes.patch
spec-bind-nslcd-to-rootDN.patch
remove-custom-nslcd-conf-file.patch
0001-Update-package-versioning-for-TIS-format.patch

View File

@ -1,34 +0,0 @@
From 73815bebec5f3e65dbe4b7bcd7270604ca0da266 Mon Sep 17 00:00:00 2001
From: Saju Oommen <saju.oommen@windriver.com>
Date: Mon, 15 Jan 2018 14:19:08 -0500
Subject: remove-custom-nslcd-conf-file
---
SPECS/nss-pam-ldapd.spec | 4 ----
1 file changed, 4 deletions(-)
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index 18e6482..6313d0f 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -49,7 +49,6 @@ Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.s
Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
-Source5: nslcd.conf
Patch1: nss-pam-ldapd-0.8.12-validname.patch
Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch
@@ -179,9 +178,6 @@ mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf
%endif
-# WRS
-install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
-
%clean
rm -rf $RPM_BUILD_ROOT
--
2.7.4

View File

@ -1,56 +0,0 @@
From 2ee677b05e412d2f60aa290e64d642667dd80b4c Mon Sep 17 00:00:00 2001
From: Vu Tran <vu.tran@windriver.com>
Date: Wed Apr 20 13:37:31 2016 -0400
Subject: nss-pam-ldapd: include Titanium Cloud changes
New nss-pam-ldapd uses default ldap group ID, so we set
gid in nslcd.conf to ldap.
Signed-off-by: Sun Austin <austin.sun@intel.com>
---
SPECS/nss-pam-ldapd.spec | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index e6e0844..ae547f1 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -49,6 +49,7 @@ Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.s
Source2: nslcd.init
Source3: nslcd.tmpfiles
Source4: nslcd.service
+Source5: nslcd.conf
Patch1: nss-pam-ldapd-0.8.12-validname.patch
Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch
Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch
@@ -178,6 +179,9 @@ mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf
%endif
+# WRS
+install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -261,12 +265,13 @@ if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
grep -E '^host[[:blank:]]' $source |\
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target
fi
+ # WRS: we don't want to change our custom base in nslcd.conf
# Base doesn't require any special logic.
- if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
+ # if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default base and replace it.
- sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
- grep -E '^base[[:blank:]]' $source >> $target
- fi
+ # sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
+ # grep -E '^base[[:blank:]]' $source >> $target
+ # fi
# Pull in these settings, if they're set, directly.
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
grep -E '^(tls_)' $source 2> /dev/null >> $target
--
2.7.4

View File

@ -1,27 +0,0 @@
From 93fb9c5632063cb636d870c1b50c4a99a008e76c Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Thu, 13 Apr 2017 11:43:59 -0400
Subject: specify rootDN as bindDN in nslcd to prevent writes over anonymous
binds.
---
SPECS/nss-pam-ldapd.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec
index ae547f1..18e6482 100644
--- a/SPECS/nss-pam-ldapd.spec
+++ b/SPECS/nss-pam-ldapd.spec
@@ -273,7 +273,8 @@ if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
# grep -E '^base[[:blank:]]' $source >> $target
# fi
# Pull in these settings, if they're set, directly.
- grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
+ # WRS: we don't want change our custom binddn and bindpw in nslcd.conf
+ grep -E '^(port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
grep -E '^(tls_)' $source 2> /dev/null >> $target
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target
fi
--
2.7.4

View File

@ -1 +0,0 @@
mirror:Source/nss-pam-ldapd-0.8.13-16.el7.src.rpm

View File

@ -1,14 +0,0 @@
auth sufficient pam_unix.so
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_ldap.so
account required pam_permit.so
session required pam_unix.so
session optional pam_ldap.so
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so try_first_pass
password required pam_deny.so

View File

@ -1,109 +0,0 @@
#! /bin/sh
# /etc/init.d/nslcd script for starting and stopping nslcd
# Copyright (C) 2006 West Consulting
# Copyright (C) 2006, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA
### BEGIN INIT INFO
# Provides: nslcd
# Required-Start: $remote_fs $syslog $time
# Required-Stop: $remote_fs $syslog
# Should-Start: $named $network slapd
# Should-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: LDAP connection daemon
# Description: nslcd is a LDAP connection daemon that is used to
# do LDAP queries for the NSS and PAM modules.
### END INIT INFO
PATH=/bin:/usr/bin:/sbin:/usr/sbin
NSLCD_NAME=nslcd
NSLCD_BIN=/usr/sbin/$NSLCD_NAME
NSLCD_DESC="LDAP connection daemon"
NSLCD_CFG=/etc/nslcd.conf
NSLCD_STATEDIR=/var/run/nslcd
NSLCD_PIDFILE=$NSLCD_STATEDIR/nslcd.pid
[ -x "$NSLCD_BIN" ] || exit 0
[ -f "$NSLCD_CFG" ] || exit 0
. /lib/lsb/init-functions
# read defaults
[ -f /etc/default/$NSLCD_NAME ] && . /etc/default/$NSLCD_NAME
case "$1" in
start)
# set up state directory
[ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
chown nslcd:nslcd "$NSLCD_STATEDIR" )
# start nslcd
log_begin_msg "Starting $NSLCD_DESC" "$NSLCD_NAME"
# THIS IS ONLY TEMPORARY
create-cracklib-dict /usr/share/cracklib/cracklib-small > /dev/null 2>&1
start-stop-daemon --start --oknodo \
--pidfile $NSLCD_PIDFILE \
--startas $NSLCD_BIN
log_end_msg $?
;;
stop)
# stop nslcd
log_begin_msg "Stopping $NSLCD_DESC" "$NSLCD_NAME"
start-stop-daemon --stop --oknodo \
--pidfile $NSLCD_PIDFILE \
--name "$NSLCD_NAME"
log_end_msg $?
[ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
;;
restart|force-reload)
[ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \
chown nslcd:nslcd "$NSLCD_STATEDIR" )
log_begin_msg "Restarting $NSLCD_DESC" "$NSLCD_NAME"
start-stop-daemon --stop --quiet --retry 10 \
--pidfile $NSLCD_PIDFILE \
--name "$NSLCD_NAME"
[ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE
start-stop-daemon --start \
--pidfile $NSLCD_PIDFILE \
--startas $NSLCD_BIN
log_end_msg $?
;;
status)
if [ -f "$NSLCD_PIDFILE" ]
then
if $NSLCD_BIN --check
then
log_success_msg "$NSLCD_NAME running (pid `cat $NSLCD_PIDFILE`)"
exit 0
else
log_success_msg "$NSLCD_NAME stopped"
exit 1
fi
else
log_success_msg "$NSLCD_NAME stopped"
exit 3
fi
;;
*)
log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0