[gnome-build-meta/mcatanzaro/gssproxy] Replace hardcoded krb5.conf with gssproxy

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-build-meta/mcatanzaro/gssproxy] Replace hardcoded krb5.conf with gssproxy
Date: Thu, 5 May 2022 17:10:47 +0000 (UTC)


commit aa0207c7e0eeb16ab8f7cf39acf8ad1c0e1e7f9d
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Thu May 5 11:50:49 2022 -0500

    Replace hardcoded krb5.conf with gssproxy
    
    Instead of having our own krb5.conf and pulling in the kerberos ccache
    from the user environemnt inside the flatpak runtime, let's use gssproxy
    instead. GSS-Proxy's proxymech.so plugin intercepts GSSAPI calls and
    forwards them to the gssproxy service. By bind-mounting the gssproxy
    service socket in the flatpak environment we outsource dealing with all
    the kerberos configuration and ticket management to the host user session.
    
    As a bonus we avoid exposing the kerberos tickets to the flatpak
    environment.

 elements/sdk/gssproxy.bst | 21 +++++++++++++++++++++
 elements/sdk/krb5.bst     |  9 ---------
 files/krb5/krb5.conf      |  9 ---------
 3 files changed, 21 insertions(+), 18 deletions(-)
---
diff --git a/elements/sdk/gssproxy.bst b/elements/sdk/gssproxy.bst
new file mode 100644
index 000000000..0fb23ae83
--- /dev/null
+++ b/elements/sdk/gssproxy.bst
@@ -0,0 +1,21 @@
+kind: autotools
+
+sources:
+- kind: git_tag
+  url: github:gssapi/gssproxy.git
+  track: 38237bec475ea8d73214ee925a149842db6c2b79
+
+build-depends:
+- freedesktop-sdk.bst:public-stacks/buildsystem-autotools.bst
+- freedesktop-sdk.bst:components/libxslt.bst
+- freedesktop-sdk.bst:components/systemd.bst
+
+depends:
+- sdk/krb5.bst
+
+variables:
+  autogen: |
+    autoreconf -fvi
+  conf-local: >-
+    --enable-only-gss-module
+    --with-manpages=no
diff --git a/elements/sdk/krb5.bst b/elements/sdk/krb5.bst
index 7be02bc47..649f1709b 100644
--- a/elements/sdk/krb5.bst
+++ b/elements/sdk/krb5.bst
@@ -3,9 +3,6 @@ kind: autotools
 sources:
 - kind: tar
   url: kerberos:dist/krb5/1.19/krb5-1.19.2.tar.gz
-- kind: local
-  path: files/krb5
-  directory: krb5-config
 
 build-depends:
 - freedesktop-sdk.bst:components/bison.bst
@@ -30,12 +27,6 @@ variables:
     --with-system-et
     --with-system-ss
 
-config:
-  install-commands:
-    (>):
-    - mkdir -p %{install-root}%{sysconfdir}
-    - install -m 644 ../krb5-config/krb5.conf %{install-root}%{sysconfdir}/krb5.conf
-
 public:
   bst:
     split-rules:

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]