[gnome-build-meta/mcatanzaro/gssproxy] Replace hardcoded krb5.conf with use of GSS-Proxy

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-build-meta/mcatanzaro/gssproxy] Replace hardcoded krb5.conf with use of GSS-Proxy
Date: Thu, 5 May 2022 21:57:14 +0000 (UTC)


commit bfa7e6dc84c6ca7a27546040a5732f07d7c90512
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Thu May 5 11:50:49 2022 -0500

    Replace hardcoded krb5.conf with use of GSS-Proxy
    
    Instead of having our own krb5.conf and pulling in the kerberos ccache
    from the user environemnt inside the flatpak runtime, let's use
    GSS-Proxy instead. GSS-Proxy's proxymech.so plugin intercepts GSSAPI
    calls and forwards them to the gssproxy service. By bind-mounting the
    gssproxy service socket in the flatpak environment, we outsource
    dealing with all the kerberos configuration and ticket management to
    the host user session.
    
    As a bonus we avoid exposing the kerberos tickets to the flatpak
    environment.

 elements/sdk/gssproxy.bst | 20 ++++++++++++++++++++
 elements/sdk/krb5.bst     |  9 ---------
 files/krb5/krb5.conf      |  9 ---------
 3 files changed, 20 insertions(+), 18 deletions(-)
---
diff --git a/elements/sdk/gssproxy.bst b/elements/sdk/gssproxy.bst
new file mode 100644
index 000000000..152043205
--- /dev/null
+++ b/elements/sdk/gssproxy.bst
@@ -0,0 +1,20 @@
+kind: autotools
+
+sources:
+- kind: git_tag
+  url: github:gssapi/gssproxy.git
+  track: 38237bec475ea8d73214ee925a149842db6c2b79
+
+build-depends:
+- freedesktop-sdk.bst:public-stacks/buildsystem-autotools.bst
+
+depends:
+- sdk/krb5.bst
+
+variables:
+  autogen: |
+    autoreconf -fvi
+  conf-local: >-
+    --enable-only-gss-module
+    --with-gpp-default-behavior=REMOTE_FIRST
+    --with-manpages=no
diff --git a/elements/sdk/krb5.bst b/elements/sdk/krb5.bst
index 7be02bc47..649f1709b 100644
--- a/elements/sdk/krb5.bst
+++ b/elements/sdk/krb5.bst
@@ -3,9 +3,6 @@ kind: autotools
 sources:
 - kind: tar
   url: kerberos:dist/krb5/1.19/krb5-1.19.2.tar.gz
-- kind: local
-  path: files/krb5
-  directory: krb5-config
 
 build-depends:
 - freedesktop-sdk.bst:components/bison.bst
@@ -30,12 +27,6 @@ variables:
     --with-system-et
     --with-system-ss
 
-config:
-  install-commands:
-    (>):
-    - mkdir -p %{install-root}%{sysconfdir}
-    - install -m 644 ../krb5-config/krb5.conf %{install-root}%{sysconfdir}/krb5.conf
-
 public:
   bst:
     split-rules:

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]