From 462fa4fc086d75b010d315969b3c736a567d1c89 Mon Sep 17 00:00:00 2001 From: zhipengl Date: Tue, 27 Nov 2018 01:10:30 +0800 Subject: [PATCH] Refactor patches for nss-pam-ldapd package The change of 3 meta patches refers to %post section in spec file. The comment in the patch mentions that we don't want change our custom binddn and bindpw in nslcd.conf. However, in spec file, "source" variabe could not be assigned to a valid file name, as we could not find these *.conf files in /etc/ folder. if test -s /etc/nss-ldapd.conf ; then source=/etc/nss-ldapd.conf elif test -s /etc/nss_ldap.conf ; then source=/etc/nss_ldap.conf elif test -s /etc/pam_ldap.conf ; then source=/etc/pam_ldap.conf else source=/etc/ldap.conf So it will not change nslcd.conf even if we do not remove below code. if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then # Comment out the packaged default base and replace it. sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target grep -E '^base[[:blank:]]' $source >> $target fi grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target We can use RPM instead of SRPM for nss-pam-ldapd package, since related patches are not used anymore. Deployment test pass. Story: 2003768 Task: 28045 Depends-on: https://review.openstack.org/#/c/619976/ Change-Id: Ia4fa723d1a6ff9a7a8059fc2db1afec640ea41b1 Signed-off-by: zhipengl --- centos_pkg_dirs | 1 - ldap/nss-pam-ldapd/centos/build_srpm.data | 2 - ...te-package-versioning-for-TIS-format.patch | 25 ---- .../centos/meta_patches/PATCH_ORDER | 4 - .../remove-custom-nslcd-conf-file.patch | 34 ------ .../meta_patches/spec-TiS-changes.patch | 56 --------- .../spec-bind-nslcd-to-rootDN.patch | 27 ----- ldap/nss-pam-ldapd/centos/srpm_path | 1 - ldap/nss-pam-ldapd/files/login | 14 --- ldap/nss-pam-ldapd/files/nslcd.init | 109 ------------------ 10 files changed, 273 deletions(-) delete mode 100644 ldap/nss-pam-ldapd/centos/build_srpm.data delete mode 100644 ldap/nss-pam-ldapd/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch delete mode 100644 ldap/nss-pam-ldapd/centos/meta_patches/PATCH_ORDER delete mode 100644 ldap/nss-pam-ldapd/centos/meta_patches/remove-custom-nslcd-conf-file.patch delete mode 100644 ldap/nss-pam-ldapd/centos/meta_patches/spec-TiS-changes.patch delete mode 100644 ldap/nss-pam-ldapd/centos/meta_patches/spec-bind-nslcd-to-rootDN.patch delete mode 100644 ldap/nss-pam-ldapd/centos/srpm_path delete mode 100644 ldap/nss-pam-ldapd/files/login delete mode 100755 ldap/nss-pam-ldapd/files/nslcd.init diff --git a/centos_pkg_dirs b/centos_pkg_dirs index daf4cb134..f7053bc91 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -3,7 +3,6 @@ base/initscripts base/initscripts-config base/setup utilities/namespace-utils -ldap/nss-pam-ldapd base/centos-release-config filesystem/nfs-utils filesystem/nfs-utils-config diff --git a/ldap/nss-pam-ldapd/centos/build_srpm.data b/ldap/nss-pam-ldapd/centos/build_srpm.data deleted file mode 100644 index d6df555cd..000000000 --- a/ldap/nss-pam-ldapd/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -COPY_LIST="files/*" -TIS_PATCH_VER=4 diff --git a/ldap/nss-pam-ldapd/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/ldap/nss-pam-ldapd/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch deleted file mode 100644 index 9b6de8358..000000000 --- a/ldap/nss-pam-ldapd/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d40b26f83438d44cff778d3c25cb15ca45e9b59c Mon Sep 17 00:00:00 2001 -From: Don Penney -Date: Mon, 26 Sep 2016 17:40:10 -0400 -Subject: Update package versioning for TIS format - ---- - SPECS/nss-pam-ldapd.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec -index 6313d0f..90dca69 100644 ---- a/SPECS/nss-pam-ldapd.spec -+++ b/SPECS/nss-pam-ldapd.spec -@@ -39,7 +39,7 @@ - - Name: nss-pam-ldapd - Version: 0.8.13 --Release: 16%{?dist} -+Release: 16.el7%{?_tis_dist}.%{tis_patch_ver} - Summary: An nsswitch module which uses directory servers - Group: System Environment/Base - License: LGPLv2+ --- -2.7.4 - diff --git a/ldap/nss-pam-ldapd/centos/meta_patches/PATCH_ORDER b/ldap/nss-pam-ldapd/centos/meta_patches/PATCH_ORDER deleted file mode 100644 index ab49c7aec..000000000 --- a/ldap/nss-pam-ldapd/centos/meta_patches/PATCH_ORDER +++ /dev/null @@ -1,4 +0,0 @@ -spec-TiS-changes.patch -spec-bind-nslcd-to-rootDN.patch -remove-custom-nslcd-conf-file.patch -0001-Update-package-versioning-for-TIS-format.patch diff --git a/ldap/nss-pam-ldapd/centos/meta_patches/remove-custom-nslcd-conf-file.patch b/ldap/nss-pam-ldapd/centos/meta_patches/remove-custom-nslcd-conf-file.patch deleted file mode 100644 index 9a8efc35a..000000000 --- a/ldap/nss-pam-ldapd/centos/meta_patches/remove-custom-nslcd-conf-file.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 73815bebec5f3e65dbe4b7bcd7270604ca0da266 Mon Sep 17 00:00:00 2001 -From: Saju Oommen -Date: Mon, 15 Jan 2018 14:19:08 -0500 -Subject: remove-custom-nslcd-conf-file - ---- - SPECS/nss-pam-ldapd.spec | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec -index 18e6482..6313d0f 100644 ---- a/SPECS/nss-pam-ldapd.spec -+++ b/SPECS/nss-pam-ldapd.spec -@@ -49,7 +49,6 @@ Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.s - Source2: nslcd.init - Source3: nslcd.tmpfiles - Source4: nslcd.service --Source5: nslcd.conf - Patch1: nss-pam-ldapd-0.8.12-validname.patch - Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch - Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch -@@ -179,9 +178,6 @@ mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir} - install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf - %endif - --# WRS --install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf -- - %clean - rm -rf $RPM_BUILD_ROOT - --- -2.7.4 - diff --git a/ldap/nss-pam-ldapd/centos/meta_patches/spec-TiS-changes.patch b/ldap/nss-pam-ldapd/centos/meta_patches/spec-TiS-changes.patch deleted file mode 100644 index 8c11dfbd1..000000000 --- a/ldap/nss-pam-ldapd/centos/meta_patches/spec-TiS-changes.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 2ee677b05e412d2f60aa290e64d642667dd80b4c Mon Sep 17 00:00:00 2001 -From: Vu Tran -Date: Wed Apr 20 13:37:31 2016 -0400 -Subject: nss-pam-ldapd: include Titanium Cloud changes - -New nss-pam-ldapd uses default ldap group ID, so we set -gid in nslcd.conf to ldap. - -Signed-off-by: Sun Austin ---- - SPECS/nss-pam-ldapd.spec | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec -index e6e0844..ae547f1 100644 ---- a/SPECS/nss-pam-ldapd.spec -+++ b/SPECS/nss-pam-ldapd.spec -@@ -49,6 +49,7 @@ Source1: http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.s - Source2: nslcd.init - Source3: nslcd.tmpfiles - Source4: nslcd.service -+Source5: nslcd.conf - Patch1: nss-pam-ldapd-0.8.12-validname.patch - Patch2: nss-pam-ldapd-0.8.12-In-nslcd-log-EPIPE-only-on-debug-level.patch - Patch3: nss-pam-ldapd-0.8.12-uid-overflow.patch -@@ -178,6 +179,9 @@ mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir} - install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf - %endif - -+# WRS -+install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf -+ - %clean - rm -rf $RPM_BUILD_ROOT - -@@ -261,12 +265,13 @@ if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then - grep -E '^host[[:blank:]]' $source |\ - sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target - fi -+ # WRS: we don't want to change our custom base in nslcd.conf - # Base doesn't require any special logic. -- if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then -+ # if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then - # Comment out the packaged default base and replace it. -- sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target -- grep -E '^base[[:blank:]]' $source >> $target -- fi -+ # sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target -+ # grep -E '^base[[:blank:]]' $source >> $target -+ # fi - # Pull in these settings, if they're set, directly. - grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target - grep -E '^(tls_)' $source 2> /dev/null >> $target --- -2.7.4 - diff --git a/ldap/nss-pam-ldapd/centos/meta_patches/spec-bind-nslcd-to-rootDN.patch b/ldap/nss-pam-ldapd/centos/meta_patches/spec-bind-nslcd-to-rootDN.patch deleted file mode 100644 index 70e8b177a..000000000 --- a/ldap/nss-pam-ldapd/centos/meta_patches/spec-bind-nslcd-to-rootDN.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 93fb9c5632063cb636d870c1b50c4a99a008e76c Mon Sep 17 00:00:00 2001 -From: Kam Nasim -Date: Thu, 13 Apr 2017 11:43:59 -0400 -Subject: specify rootDN as bindDN in nslcd to prevent writes over anonymous - binds. - ---- - SPECS/nss-pam-ldapd.spec | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/SPECS/nss-pam-ldapd.spec b/SPECS/nss-pam-ldapd.spec -index ae547f1..18e6482 100644 ---- a/SPECS/nss-pam-ldapd.spec -+++ b/SPECS/nss-pam-ldapd.spec -@@ -273,7 +273,8 @@ if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then - # grep -E '^base[[:blank:]]' $source >> $target - # fi - # Pull in these settings, if they're set, directly. -- grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target -+ # WRS: we don't want change our custom binddn and bindpw in nslcd.conf -+ grep -E '^(port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target - grep -E '^(tls_)' $source 2> /dev/null >> $target - grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target - fi --- -2.7.4 - diff --git a/ldap/nss-pam-ldapd/centos/srpm_path b/ldap/nss-pam-ldapd/centos/srpm_path deleted file mode 100644 index 5fe2120a1..000000000 --- a/ldap/nss-pam-ldapd/centos/srpm_path +++ /dev/null @@ -1 +0,0 @@ -mirror:Source/nss-pam-ldapd-0.8.13-16.el7.src.rpm diff --git a/ldap/nss-pam-ldapd/files/login b/ldap/nss-pam-ldapd/files/login deleted file mode 100644 index a8a9977b2..000000000 --- a/ldap/nss-pam-ldapd/files/login +++ /dev/null @@ -1,14 +0,0 @@ -auth sufficient pam_unix.so -auth sufficient pam_ldap.so use_first_pass -auth required pam_deny.so - -account required pam_unix.so -account sufficient pam_ldap.so -account required pam_permit.so - -session required pam_unix.so -session optional pam_ldap.so - -password sufficient pam_unix.so nullok md5 shadow use_authtok -password sufficient pam_ldap.so try_first_pass -password required pam_deny.so diff --git a/ldap/nss-pam-ldapd/files/nslcd.init b/ldap/nss-pam-ldapd/files/nslcd.init deleted file mode 100755 index 681a91d12..000000000 --- a/ldap/nss-pam-ldapd/files/nslcd.init +++ /dev/null @@ -1,109 +0,0 @@ -#! /bin/sh - -# /etc/init.d/nslcd script for starting and stopping nslcd -# Copyright (C) 2006 West Consulting -# Copyright (C) 2006, 2008, 2009, 2010, 2011, 2012, 2013 Arthur de Jong -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 USA - -### BEGIN INIT INFO -# Provides: nslcd -# Required-Start: $remote_fs $syslog $time -# Required-Stop: $remote_fs $syslog -# Should-Start: $named $network slapd -# Should-Stop: $network -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: LDAP connection daemon -# Description: nslcd is a LDAP connection daemon that is used to -# do LDAP queries for the NSS and PAM modules. -### END INIT INFO - -PATH=/bin:/usr/bin:/sbin:/usr/sbin -NSLCD_NAME=nslcd -NSLCD_BIN=/usr/sbin/$NSLCD_NAME -NSLCD_DESC="LDAP connection daemon" -NSLCD_CFG=/etc/nslcd.conf -NSLCD_STATEDIR=/var/run/nslcd -NSLCD_PIDFILE=$NSLCD_STATEDIR/nslcd.pid - -[ -x "$NSLCD_BIN" ] || exit 0 -[ -f "$NSLCD_CFG" ] || exit 0 - -. /lib/lsb/init-functions - -# read defaults -[ -f /etc/default/$NSLCD_NAME ] && . /etc/default/$NSLCD_NAME - -case "$1" in -start) - # set up state directory - [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \ - chown nslcd:nslcd "$NSLCD_STATEDIR" ) - # start nslcd - log_begin_msg "Starting $NSLCD_DESC" "$NSLCD_NAME" - # THIS IS ONLY TEMPORARY - create-cracklib-dict /usr/share/cracklib/cracklib-small > /dev/null 2>&1 - start-stop-daemon --start --oknodo \ - --pidfile $NSLCD_PIDFILE \ - --startas $NSLCD_BIN - log_end_msg $? - ;; -stop) - # stop nslcd - log_begin_msg "Stopping $NSLCD_DESC" "$NSLCD_NAME" - start-stop-daemon --stop --oknodo \ - --pidfile $NSLCD_PIDFILE \ - --name "$NSLCD_NAME" - log_end_msg $? - [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE - ;; -restart|force-reload) - [ -d "$NSLCD_STATEDIR" ] || ( mkdir -m 755 "$NSLCD_STATEDIR" ; \ - chown nslcd:nslcd "$NSLCD_STATEDIR" ) - log_begin_msg "Restarting $NSLCD_DESC" "$NSLCD_NAME" - start-stop-daemon --stop --quiet --retry 10 \ - --pidfile $NSLCD_PIDFILE \ - --name "$NSLCD_NAME" - [ -n "$NSLCD_PIDFILE" ] && rm -f $NSLCD_PIDFILE - start-stop-daemon --start \ - --pidfile $NSLCD_PIDFILE \ - --startas $NSLCD_BIN - log_end_msg $? - ;; -status) - if [ -f "$NSLCD_PIDFILE" ] - then - if $NSLCD_BIN --check - then - log_success_msg "$NSLCD_NAME running (pid `cat $NSLCD_PIDFILE`)" - exit 0 - else - log_success_msg "$NSLCD_NAME stopped" - exit 1 - fi - else - log_success_msg "$NSLCD_NAME stopped" - exit 3 - fi - ;; -*) - log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}" - exit 1 - ;; -esac - -exit 0