-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathfermilab-util_kcron.spec
163 lines (131 loc) · 3.22 KB
/
fermilab-util_kcron.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
%define _hardened_build 1
%bcond_without libcap
%bcond_without systemtap
%bcond_without seccomp
%if 0%{?rhel} < 9 && 0%{?fedora} < 31
%bcond_with landlock
%else
%bcond_without landlock
%endif
Name: fermilab-util_kcron
Version: 1.8
Release: 1%{?dist}
Summary: A utility for getting Kerberos credentials in scheduled jobs
Group: Fermilab
License: MIT
URL: https://github.com/fermitools/kcron
Source0: kcron.tar.gz
Provides: kcron = %{version}-%{release}
Provides: fermilab-util_kcron = %{version}-%{release}
%if %{_hardened_build}
BuildRequires: checksec openssl procps-ng
%endif
%if %{with libcap}
BuildRequires: libcap libcap-devel
%endif
%if %{with systemtap}
BuildRequires: systemtap-sdt-devel
%endif
%if %{with seccomp}
BuildRequires: libseccomp-devel
%endif
%if %{with landlock}
BuildRequires: kernel-devel
%endif
BuildRequires: cmake >= 3.14
BuildRequires: asciidoc redhat-rpm-config coreutils bash gcc
%if 0%{?rhel} < 10
BuildRequires: gcc-toolset-13 scl-utils
%endif
Requires: krb5-workstation >= 1.11
Requires: util-linux coreutils
%description
The kcron utility has a long history at Fermilab. It is useful
for running daemons and automatic jobs with kerberos rights.
%prep
%setup -q -n kcron
%build
%if 0%{?rhel} < 9 && 0%{?fedora} < 31
mkdir build
cd build
%endif
%if 0%{?rhel} < 10
source scl_source enable gcc-toolset-13
%endif
%cmake3 -Wdev \
%if %{with libcap}
-DUSE_CAPABILITIES=ON \
%else
-DUSE_CAPABILITIES=OFF \
%endif
%if %{with systemtap}
-DUSE_SYSTEMTAP=ON \
%else
-DUSE_SYSTEMTAP=OFF \
%endif
%if %{with seccomp}
-DUSE_SECCOMP=ON \
%else
-DUSE_SECCOMP=OFF \
%endif
%if %{with landlock}
-DUSE_LANDLOCK=ON \
%else
-DUSE_LANDLOCK=OFF \
%endif
-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
-DCMAKE_RULE_MESSAGES:BOOL=ON \
-DCLIENT_KEYTAB_DIR=%{_localstatedir}/kerberos/krb5/user \
-Wdeprecated ..
%if 0%{?rhel} < 8 && 0%{?fedora} < 31
make VERBOSE=2 %{?_smp_mflags}
%else
%cmake_build
%endif
%install
%if 0%{?rhel} < 9 && 0%{?fedora} < 31
cd build
make install DESTDIR=%{buildroot}
%else
%cmake_install
%endif
%check
for code in $(ls %{buildroot}%{_bindir}); do
bash -n %{buildroot}%{_bindir}/${code}
if [[ $? -ne 0 ]]; then
exit 1
fi
done
bash -n %{buildroot}%{_sysconfdir}/sysconfig/kcron
if [[ $? -ne 0 ]]; then
exit 1
fi
%if %{_hardened_build}
for code in $(ls %{buildroot}%{_libexecdir}/kcron); do
checksec --file=%{buildroot}%{_libexecdir}/kcron/${code}
if [[ $? -ne 0 ]]; then
exit 1
fi
checksec --fortify-file=%{buildroot}%{_libexecdir}/kcron/${code}
if [[ $? -ne 0 ]]; then
exit 1
fi
done
%endif
%post
%{__mkdir_p} --mode=0755 %{_localstatedir}/kerberos/krb5/user
%{__chmod} 0751 %{_localstatedir}/kerberos/krb5/user
%files
%defattr(0644,root,root,0755)
%doc %{_mandir}/man1/*
%attr(0755,root,root) %{_bindir}/*
%config(noreplace) %{_sysconfdir}/sysconfig/kcron
%attr(0755,root,root) /usr/libexec/kcron/client-keytab-name
%if %{with libcap}
# If you can edit the memory this allocates, you can redirect the caps
# so we still suid to prevent this. user 'bin' is basically unusable anyway.
%attr(4711,bin,root) %caps(cap_chown=p cap_dac_override=p) %{_libexecdir}/kcron/init-kcron-keytab
%else
%attr(4711,root,root) %{_libexecdir}/kcron/init-kcron-keytab
%endif
%changelog