current/SPECS/sudo.spec

# use fakeroot -ba sudo.spec to build!
%define pre p4

Name:           sudo
Version:        1.7.4
Release:        %mkrel 2.%{?pre}.2
Epoch:          1
Summary:        Allows command execution as root for specified users
License:        GPLv2+
Group:          System/Base
URL:            http://www.sudo.ws/sudo
Source0:        http://www.sudo.ws/sudo/dist/%name-%version%{?pre}.tar.gz
Source1:        http://www.sudo.ws/sudo/dist/%name-%version%{?pre}.tar.gz.sig
Source2:        sudo.pamd
Source3:        sudo-1.7.2p2-sudoers
Patch1:         sudo-1.6.7p5-strip.patch
Patch2:         sudo-1.7.2p1-envdebug.patch
Patch3:         sudo-1.7.4p3-m4path.patch
Patch4:         sudo-1.7.4p3-sudolist.patch
Patch5:         sudo-1.7.4p4-getgrouplist.patch
Patch6:         sudo-1.7.4p4-sudoi.patch
Patch7:         sudo-1.7.4p4-auditconn.patch
BuildRequires:  audit-devel
BuildRequires:  bison
BuildRequires:  groff-for-man
BuildRequires:  libcap-devel
BuildRequires:  openldap-devel
BuildRequires:  pam-devel
Requires(pre):  openldap
Buildroot:      %{_tmppath}/%{name}-%{version}-%{release}-root

%description
Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is
to give as few privileges as possible but still allow people to get
their work done.

%prep

%setup -q -n %{name}-%{version}%{?pre}
%patch1 -p1 -b .strip
%patch2 -p1 -b .envdebug
%patch3 -p1 -b .m4path
%patch4 -p1 -b .sudolist
%patch5 -p1 -b .getgrouplist
%patch6 -p0 -b .sudoi
%patch7 -p1 -b .auditconn

%build
# handle newer autoconf
rm -f acsite.m4
mv aclocal.m4 acinclude.m4
autoreconf -fv --install

%serverbuild
export CFLAGS="%{optflags} -D_GNU_SOURCE"

%configure2_5x \
        --without-rpath \
        --with-logging=both \
        --with-logfac=authpriv \
        --with-logpath=%{_logdir}/sudo.log \
        --with-editor=/bin/vi \
        --enable-log-host \
        --with-pam \
        --with-pam-login \
        --with-env-editor \
        --with-noexec=no \
        --with-linux-audit \
        --with-ignore-dot \
        --with-tty-tickets \
        --with-ldap \
        --with-ldap-conf-file=%{_sysconfdir}/ldap.conf \
        --with-secure-path="/sbin:%{_sbindir}:/bin:%{_bindir}:/usr/local/bin:/usr/local/sbin" \
        --with-passprompt="[sudo] password for %p: "

%make

%install
rm -rf %{buildroot}

install -d %{buildroot}/usr
install -d %{buildroot}%{_sysconfdir}/logrotate.d
install -d %{buildroot}%{_sysconfdir}/sudoers.d
install -d %{buildroot}%{_sysconfdir}/pam.d
install -d %{buildroot}%{_var}/db/sudo
install -d %{buildroot}%{_logdir}/sudo
install -d %{buildroot}%{_logdir}/sudo-io

%makeinstall_std install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g)

install -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
install -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers
install -m0755 sudoers2ldif %{buildroot}%{_bindir}

# Installing logrotated file
cat <<END >%{buildroot}%{_sysconfdir}/logrotate.d/sudo
%{_logdir}/sudo.log {
    missingok
    monthly
    compress
}
END

cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so revoke
session    required     pam_limits.so
EOF

cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
#%PAM-1.0
auth       include      sudo
account    include      sudo
password   include      sudo
session    optional     pam_keyinit.so force revoke
session    required     pam_limits.so
EOF

# so that strip can touch it...
chmod 755 %{buildroot}%{_bindir}/*
chmod 755 %{buildroot}%{_sbindir}/*

# (tpg) create the missing log file
touch %{buildroot}%{_logdir}/sudo.log

%post
/bin/chmod 0440 %{_sysconfdir}/sudoers || :
%create_ghostfile %{_logdir}/sudo.log root root 600

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root)
%doc HISTORY PORTING README README.LDAP
%doc TROUBLESHOOTING UPGRADE sample.sudoers
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
%config(noreplace) %{_sysconfdir}/logrotate.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
%attr(0755,root,root) %{_bindir}/sudoers2ldif
%attr(4111,root,root) %{_bindir}/sudo
%attr(4111,root,root) %{_bindir}/sudoedit
%attr(0111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%ghost %{_logdir}/sudo.log
%{_mandir}/*/*
%attr(0700,root,root) %dir %{_var}/db/sudo
%attr(0750,root,root) %dir %{_logdir}/sudo-io


1	blino	17466	# use fakeroot -ba sudo.spec to build!
2			%define pre p4
3
4			Name: sudo
5			Version: 1.7.4
6			Release: %mkrel 2.%{?pre}.2
7			Epoch: 1
8			Summary: Allows command execution as root for specified users
9			License: GPLv2+
10			Group: System/Base
11			URL: http://www.sudo.ws/sudo
12			Source0: http://www.sudo.ws/sudo/dist/%name-%version%{?pre}.tar.gz
13			Source1: http://www.sudo.ws/sudo/dist/%name-%version%{?pre}.tar.gz.sig
14			Source2: sudo.pamd
15			Source3: sudo-1.7.2p2-sudoers
16			Patch1: sudo-1.6.7p5-strip.patch
17			Patch2: sudo-1.7.2p1-envdebug.patch
18			Patch3: sudo-1.7.4p3-m4path.patch
19			Patch4: sudo-1.7.4p3-sudolist.patch
20			Patch5: sudo-1.7.4p4-getgrouplist.patch
21			Patch6: sudo-1.7.4p4-sudoi.patch
22			Patch7: sudo-1.7.4p4-auditconn.patch
23			BuildRequires: audit-devel
24			BuildRequires: bison
25			BuildRequires: groff-for-man
26			BuildRequires: libcap-devel
27			BuildRequires: openldap-devel
28			BuildRequires: pam-devel
29			Requires(pre): openldap
30			Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
31
32			%description
33			Sudo is a program designed to allow a sysadmin to give limited root
34			privileges to users and log root activity. The basic philosophy is
35			to give as few privileges as possible but still allow people to get
36			their work done.
37
38			%prep
39
40			%setup -q -n %{name}-%{version}%{?pre}
41			%patch1 -p1 -b .strip
42			%patch2 -p1 -b .envdebug
43			%patch3 -p1 -b .m4path
44			%patch4 -p1 -b .sudolist
45			%patch5 -p1 -b .getgrouplist
46			%patch6 -p0 -b .sudoi
47			%patch7 -p1 -b .auditconn
48
49			%build
50			# handle newer autoconf
51			rm -f acsite.m4
52			mv aclocal.m4 acinclude.m4
53			autoreconf -fv --install
54
55			%serverbuild
56			export CFLAGS="%{optflags} -D_GNU_SOURCE"
57
58			%configure2_5x \
59			--without-rpath \
60			--with-logging=both \
61			--with-logfac=authpriv \
62			--with-logpath=%{_logdir}/sudo.log \
63			--with-editor=/bin/vi \
64			--enable-log-host \
65			--with-pam \
66			--with-pam-login \
67			--with-env-editor \
68			--with-noexec=no \
69			--with-linux-audit \
70			--with-ignore-dot \
71			--with-tty-tickets \
72			--with-ldap \
73			--with-ldap-conf-file=%{_sysconfdir}/ldap.conf \
74			--with-secure-path="/sbin:%{_sbindir}:/bin:%{_bindir}:/usr/local/bin:/usr/local/sbin" \
75			--with-passprompt="[sudo] password for %p: "
76
77			%make
78
79			%install
80			rm -rf %{buildroot}
81
82			install -d %{buildroot}/usr
83			install -d %{buildroot}%{_sysconfdir}/logrotate.d
84			install -d %{buildroot}%{_sysconfdir}/sudoers.d
85			install -d %{buildroot}%{_sysconfdir}/pam.d
86			install -d %{buildroot}%{_var}/db/sudo
87			install -d %{buildroot}%{_logdir}/sudo
88			install -d %{buildroot}%{_logdir}/sudo-io
89
90			%makeinstall_std install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g)
91
92			install -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
93			install -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers
94			install -m0755 sudoers2ldif %{buildroot}%{_bindir}
95
96			# Installing logrotated file
97			cat <<END >%{buildroot}%{_sysconfdir}/logrotate.d/sudo
98			%{_logdir}/sudo.log {
99			missingok
100			monthly
101			compress
102			}
103			END
104
105			cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
106			#%PAM-1.0
107			auth include system-auth
108			account include system-auth
109			password include system-auth
110			session optional pam_keyinit.so revoke
111			session required pam_limits.so
112			EOF
113
114			cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
115			#%PAM-1.0
116			auth include sudo
117			account include sudo
118			password include sudo
119			session optional pam_keyinit.so force revoke
120			session required pam_limits.so
121			EOF
122
123			# so that strip can touch it...
124			chmod 755 %{buildroot}%{_bindir}/*
125			chmod 755 %{buildroot}%{_sbindir}/*
126
127			# (tpg) create the missing log file
128			touch %{buildroot}%{_logdir}/sudo.log
129
130			%post
131			/bin/chmod 0440 %{_sysconfdir}/sudoers \|\| :
132			%create_ghostfile %{_logdir}/sudo.log root root 600
133
134			%clean
135			rm -rf %{buildroot}
136
137			%files
138			%defattr(-,root,root)
139			%doc HISTORY PORTING README README.LDAP
140			%doc TROUBLESHOOTING UPGRADE sample.sudoers
141			%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
142			%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
143			%config(noreplace) %{_sysconfdir}/logrotate.d/sudo
144			%config(noreplace) %{_sysconfdir}/pam.d/sudo
145			%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
146			%attr(0755,root,root) %{_bindir}/sudoers2ldif
147			%attr(4111,root,root) %{_bindir}/sudo
148			%attr(4111,root,root) %{_bindir}/sudoedit
149			%attr(0111,root,root) %{_bindir}/sudoreplay
150			%attr(0755,root,root) %{_sbindir}/visudo
151			%ghost %{_logdir}/sudo.log
152			%{_mandir}//
153			%attr(0700,root,root) %dir %{_var}/db/sudo
154			%attr(0750,root,root) %dir %{_logdir}/sudo-io
155
156