current/SPECS/pam.spec

%define libname %mklibname %{name} 0
%define develname %mklibname %{name} -d

%define with_prelude 0
%{?_without_prelude: %{expand: %%global with_prelude 0}}
%{?_with_prelude: %{expand: %%global with_prelude 1}}

%define bootstrap 0
%{?_without_bootstrap: %global bootstrap 0}
%{?_with_bootstrap: %global bootstrap 1}

%define pam_redhat_version 0.99.10-1

Summary:        A security tool which provides authentication for applications
Name:           pam
Version:        1.1.8
%define subrel  1
Release:        %mkrel 7
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License:        BSD and GPLv2+
Group:          System/Libraries
Url:            http://www.linux-pam.org/
Source0:        http://www.linux-pam.org/library/Linux-PAM-%{version}.tar.bz2
Source1:        %{name}-tmpfiles.conf
Source2:        pam-redhat-%{pam_redhat_version}.tar.bz2
Source5:        other.pamd
Source6:        system-auth.pamd
Source7:        config-util.pamd
Source8:        dlopen.sh
Source9:        system-auth.5
Source10:       config-util.5
Source11:       90-nproc.conf
Source12:       postlogin.pamd
Source13:       postlogin.5

# RedHat patches
Patch1:  pam-1.0.90-redhat-modules.patch
Patch2:  pam-1.1.6-std-noclose.patch
Patch4:  pam-1.1.0-console-nochmod.patch
Patch5:  pam-1.1.0-notally.patch
Patch7:  pam-1.1.0-console-fixes.patch
Patch9:  pam-1.1.6-noflex.patch
Patch10: pam-1.1.3-nouserenv.patch
Patch11: pam-1.1.3-console-abstract.patch
Patch13: pam-1.1.5-limits-user.patch
Patch22: pam-1.1.7-unix-build.patch
Patch32: pam-1.1.7-tty-audit-init.patch
Patch35: pam-1.1.8-cve-2013-7041.patch
Patch36: pam-1.1.8-cve-2014-2583.patch

# Mageia specific sources/patches
# (fl) fix infinite loop
Patch507:       pam-0.74-loop.patch
# (fc) don't complain when / is owned by root.adm
Patch508:       Linux-PAM-0.99.3.0-pamtimestampadm.patch
# (fl) pam_xauth: set extra groups because in high security levels
#      access to /usr/X11R6/bin dir is controlled by a group
Patch512:       Linux-PAM-1.1.1-xauth-groups.patch
# (blino) fix parallel build (pam_console)
Patch521:       Linux-PAM-0.99.3.0-pbuild-rh.patch

Patch700:       pam_fix_static_pam_console.patch
# (fc) do not output error when no file is in /etc/security/console.perms.d/
Patch701:       pam-1.1.0-console-nopermsd.patch
# (peroyvind): add missing constant that went with rpc removal from glibc 2.14
Patch702:       Linux-PAM-1.1.4-add-now-missing-nis-constant.patch

#add missing documentation
Source501:      pam_tty_audit.8
Source502:      README
Requires(pre):  filesystem >= 2.1.9-18
Requires(posttrans):    systemd >= %{systemd_required_version}
Requires:       cracklib-dicts
Requires:       setup >= 2.7.12-2
Requires:       pam_tcb >= 1.0.2-16
Conflicts:      initscripts < 3.94
Requires(pre):  rpm-helper
Requires(posttrans):    coreutils
Requires(posttrans):    tcb >= 1.0.2-16
BuildRequires:  bison cracklib-devel flex
%if !%{bootstrap}
# this pulls in the mega texlive load
BuildRequires:  linuxdoc-tools
%endif
BuildRequires:  db5_nss-devel
BuildRequires:  openssl-devel
BuildRequires:  libaudit-devel
BuildRequires:  glibc-crypt_blowfish-devel
BuildRequires:  gettext-devel
%if %with_prelude
BuildRequires:  prelude-devel >= 0.9.0
%else
BuildConflicts: prelude-devel
%endif

%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

%package        doc
Summary:        Additional documentation for %{name}
Group:          System/Libraries
Requires:       %{name} = %{version}
BuildArch:      noarch

%description    doc
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

This is the documentation package of %{name}.

%package -n     %{libname}
Summary:        Libraries for %{name}
Group:          System/Libraries
Requires(pre):  filesystem >= 2.1.9-18

%description -n %{libname}
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

This package contains the librairies for %{name}.

%package -n     %{develname}
Summary:        Development headers and libraries for %{name}
Group:          Development/Other
Requires(pre):  filesystem >= 2.1.9-18
Requires:       %{libname} = %{version}
Provides:       %{name}-devel = %{version}-%{release}
Provides:       lib%{name}-devel = %{version}-%{release}

%description -n %{develname}
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

This package contains the development librairies for %{name}.

%prep
%setup -q -n Linux-PAM-%{version} -a 2

# Add custom modules.
mv pam-redhat-%{pam_redhat_version}/* modules

# (RH)
%patch1 -p1 -b .redhat-modules
%patch2 -p1 -b .std-noclose
%patch4 -p1 -b .nochmod
%patch5 -p1 -b .notally
%patch7 -p1 -b .console-fixes
%patch9 -p1 -b .noflex
%patch10 -p1 -b .nouserenv
%patch11 -p1 -b .abstract
%patch13 -p1 -b .limits
%patch22 -p1 -b .build
%patch32 -p1 -b .tty-audit-init
%patch35 -p1 -b .case
%patch36 -p1 -b .timestamp-ruser

# (Mageia)
%patch507 -p1 -b .loop
%patch508 -p1 -b .pamtimestampadm
%patch512 -p0 -b .xauth-groups
%patch521 -p1 -b .pbuild-rh
%patch700 -p1 -b .static
%patch701 -p1 -b .nopermsd
%patch702 -p1 -b .nis-const

# 08/08/2008 - vdanen - make pam provide pam_unix until we can work out all the issues in pam_tcb; this
# just makes things easier but is not meant to be a permanent solution
## Remove unwanted modules; pam_tcb provides pam_unix now
#for d in pam_unix; do
#    rm -rf modules/$d
#    sed -i "s,modules/$d/Makefile,," configure.in
#    sed -i "s/ $d / /" modules/Makefile.am
#done


install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/

mkdir -p doc/txts
for readme in modules/pam_*/README ; do
        cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
done

%build
autoreconf -fi -I m4

export BROWSER=""
CFLAGS="$RPM_OPT_FLAGS -fPIC -I%{_includedir}/db_nss -D_GNU_SOURCE" \
%configure2_5x \
        --includedir=%{_includedir}/security \
        --with-db-uniquename=_nss \
        --docdir=%{_docdir}/%{name} \
        --disable-selinux
%make

%install
mkdir -p %{buildroot}%{_includedir}/security
mkdir -p %{buildroot}%{_libdir}/security
%makeinstall_std LDCONFIG=:
install -d -m 755 %{buildroot}/etc/pam.d
install -m 644 %{SOURCE5} %{buildroot}/etc/pam.d/other
install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/system-auth
install -m 644 %{SOURCE7} %{buildroot}/etc/pam.d/config-util
install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/security/limits.d/90-nproc.conf
install -m 644 %{SOURCE12} %{buildroot}/etc/pam.d/postlogin
install -m 600 /dev/null %{buildroot}%{_sysconfdir}/security/opasswd
install -d -m 755 %{buildroot}/var/log
install -m 600 /dev/null %{buildroot}/var/log/tallylog

# Install man pages.
install -m 644 %{SOURCE9} %{SOURCE10} %{SOURCE13} %{buildroot}%{_mandir}/man5/

# Install tmpfiles
install -D -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf

# remove unpackaged .la files
rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{_libdir}/security/*.la

# no longer needed, handled by ACL in udev
for phase in auth acct passwd session ; do       
        ln -sf pam_unix.so %{buildroot}%{_libdir}/security/pam_unix_${phase}.so  
done

%find_lang Linux-PAM

%check
# (blino) we don't want to test if SE Linux is built, it's disabled
# Make sure every module subdirectory gave us a module.  Yes, this is hackish.
for dir in modules/pam_* ; do
if [ -d ${dir} ] && [ ${dir} != "modules/pam_selinux" && [ ${dir} != "modules/pam_sepermit"  ]; then
         [ ${dir} = "modules/pam_tally" ] && continue
        if ! ls -1 %{buildroot}%{_libdir}/security/`basename ${dir}`*.so ; then
                echo ERROR `basename ${dir}` did not build a module.
                exit 1
        fi
fi
done

# Check for module problems.  Specifically, check that every module we just
# installed can actually be loaded by a minimal PAM-aware application.
%{_sbindir}/ldconfig -n %{buildroot}%{_libdir}
for module in %{buildroot}%{_libdir}/security/pam*.so ; do
        if ! env LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
                 %{SOURCE8} -ldl -lpam -L%{buildroot}%{_libdir} ${module} ; then
                echo ERROR module: ${module} cannot be loaded.
                exit 1
        fi
done

rmdir %{buildroot}/var/run/console

%posttrans
%_tmpfilescreate %{name}
# (cg) Ensure that the pam_systemd.so is included for user ACLs under systemd
# Note: Only affects upgrades, but does no harm so always update if needed.
if ! grep -q "pam_systemd\.so" /etc/pam.d/system-auth; then
  echo "-session    optional      pam_systemd.so" >>/etc/pam.d/system-auth
fi

if [ ! -a /var/log/tallylog ] ; then
       install -m 600 /dev/null /var/log/tallylog
fi
if [ -f /etc/login.defs ] && ! grep -q USE_TCB /etc/login.defs; then
       %{_sbindir}/set_tcb --auto --migrate
fi


%files -f Linux-PAM.lang
%doc NEWS
%docdir %{_docdir}/%{name}
%dir /etc/pam.d
%config(noreplace) /etc/environment
%config(noreplace) /etc/pam.d/other
%attr(0644,root,shadow) %config(noreplace) /etc/pam.d/system-auth
%config(noreplace) /etc/pam.d/config-util
%config(noreplace) /etc/pam.d/postlogin
%{_sbindir}/mkhomedir_helper
%{_sbindir}/pam_console_apply
%{_sbindir}/pam_tally2
%{_sbindir}/unix_chkpwd
%{_sbindir}/unix_update
%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
%{_tmpfilesdir}/%{name}.conf
%config(noreplace) %{_sysconfdir}/security/access.conf
%config(noreplace) %{_sysconfdir}/security/chroot.conf
%config(noreplace) %{_sysconfdir}/security/console.perms
%config(noreplace) %{_sysconfdir}/security/console.handlers
%config(noreplace) %{_sysconfdir}/security/group.conf
%config(noreplace) %{_sysconfdir}/security/limits.conf
%dir %{_sysconfdir}/security/limits.d
%config(noreplace) %{_sysconfdir}/security/limits.d/90-nproc.conf
%config(noreplace) %{_sysconfdir}/security/namespace.conf
%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init
%config(noreplace) %{_sysconfdir}/security/pam_env.conf
%config(noreplace) %{_sysconfdir}/security/time.conf
%config(noreplace) %{_sysconfdir}/security/opasswd
%dir %{_sysconfdir}/security/console.apps
%dir %{_sysconfdir}/security/console.perms.d
%ghost %verify(not md5 size mtime) /var/log/tallylog
%{_mandir}/man5/*
%{_mandir}/man8/*

%files -n %{libname}
%{_libdir}/libpam.so.*
%{_libdir}/libpamc.so.*
%{_libdir}/libpam_misc.so.*
%{_libdir}/security/*.so
%{_libdir}/security/pam_filter
%dir %{_libdir}/security

%files -n %{develname}
%doc Copyright
%{_libdir}/libpam.so
%{_libdir}/libpam_misc.so
%{_libdir}/libpamc.so
%{_includedir}/security/*.h
%{_mandir}/man3/*

%files doc
%doc doc/txts doc/specs/rfc86.0.txt Copyright
1	%define libname %mklibname %{name} 0
2	%define develname %mklibname %{name} -d
3
4	%define with_prelude 0
5	%{?_without_prelude: %{expand: %%global with_prelude 0}}
6	%{?_with_prelude: %{expand: %%global with_prelude 1}}
7
8	%define bootstrap 0
9	%{?_without_bootstrap: %global bootstrap 0}
10	%{?_with_bootstrap: %global bootstrap 1}
11
12	%define pam_redhat_version 0.99.10-1
13
14	Summary: A security tool which provides authentication for applications
15	Name: pam
16	Version: 1.1.8
17	%define subrel 1
18	Release: %mkrel 7
19	# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
20	# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
21	License: BSD and GPLv2+
22	Group: System/Libraries
23	Url: http://www.linux-pam.org/
24	Source0: http://www.linux-pam.org/library/Linux-PAM-%{version}.tar.bz2
25	Source1: %{name}-tmpfiles.conf
26	Source2: pam-redhat-%{pam_redhat_version}.tar.bz2
27	Source5: other.pamd
28	Source6: system-auth.pamd
29	Source7: config-util.pamd
30	Source8: dlopen.sh
31	Source9: system-auth.5
32	Source10: config-util.5
33	Source11: 90-nproc.conf
34	Source12: postlogin.pamd
35	Source13: postlogin.5
36
37	# RedHat patches
38	Patch1: pam-1.0.90-redhat-modules.patch
39	Patch2: pam-1.1.6-std-noclose.patch
40	Patch4: pam-1.1.0-console-nochmod.patch
41	Patch5: pam-1.1.0-notally.patch
42	Patch7: pam-1.1.0-console-fixes.patch
43	Patch9: pam-1.1.6-noflex.patch
44	Patch10: pam-1.1.3-nouserenv.patch
45	Patch11: pam-1.1.3-console-abstract.patch
46	Patch13: pam-1.1.5-limits-user.patch
47	Patch22: pam-1.1.7-unix-build.patch
48	Patch32: pam-1.1.7-tty-audit-init.patch
49	Patch35: pam-1.1.8-cve-2013-7041.patch
50	Patch36: pam-1.1.8-cve-2014-2583.patch
51
52	# Mageia specific sources/patches
53	# (fl) fix infinite loop
54	Patch507: pam-0.74-loop.patch
55	# (fc) don't complain when / is owned by root.adm
56	Patch508: Linux-PAM-0.99.3.0-pamtimestampadm.patch
57	# (fl) pam_xauth: set extra groups because in high security levels
58	# access to /usr/X11R6/bin dir is controlled by a group
59	Patch512: Linux-PAM-1.1.1-xauth-groups.patch
60	# (blino) fix parallel build (pam_console)
61	Patch521: Linux-PAM-0.99.3.0-pbuild-rh.patch
62
63	Patch700: pam_fix_static_pam_console.patch
64	# (fc) do not output error when no file is in /etc/security/console.perms.d/
65	Patch701: pam-1.1.0-console-nopermsd.patch
66	# (peroyvind): add missing constant that went with rpc removal from glibc 2.14
67	Patch702: Linux-PAM-1.1.4-add-now-missing-nis-constant.patch
68
69	#add missing documentation
70	Source501: pam_tty_audit.8
71	Source502: README
72	Requires(pre): filesystem >= 2.1.9-18
73	Requires(posttrans): systemd >= %{systemd_required_version}
74	Requires: cracklib-dicts
75	Requires: setup >= 2.7.12-2
76	Requires: pam_tcb >= 1.0.2-16
77	Conflicts: initscripts < 3.94
78	Requires(pre): rpm-helper
79	Requires(posttrans): coreutils
80	Requires(posttrans): tcb >= 1.0.2-16
81	BuildRequires: bison cracklib-devel flex
82	%if !%{bootstrap}
83	# this pulls in the mega texlive load
84	BuildRequires: linuxdoc-tools
85	%endif
86	BuildRequires: db5_nss-devel
87	BuildRequires: openssl-devel
88	BuildRequires: libaudit-devel
89	BuildRequires: glibc-crypt_blowfish-devel
90	BuildRequires: gettext-devel
91	%if %with_prelude
92	BuildRequires: prelude-devel >= 0.9.0
93	%else
94	BuildConflicts: prelude-devel
95	%endif
96
97	%description
98	PAM (Pluggable Authentication Modules) is a system security tool that
99	allows system administrators to set authentication policy without
100	having to recompile programs that handle authentication.
101
102	%package doc
103	Summary: Additional documentation for %{name}
104	Group: System/Libraries
105	Requires: %{name} = %{version}
106	BuildArch: noarch
107
108	%description doc
109	PAM (Pluggable Authentication Modules) is a system security tool that
110	allows system administrators to set authentication policy without
111	having to recompile programs that handle authentication.
112
113	This is the documentation package of %{name}.
114
115	%package -n %{libname}
116	Summary: Libraries for %{name}
117	Group: System/Libraries
118	Requires(pre): filesystem >= 2.1.9-18
119
120	%description -n %{libname}
121	PAM (Pluggable Authentication Modules) is a system security tool that
122	allows system administrators to set authentication policy without
123	having to recompile programs that handle authentication.
124
125	This package contains the librairies for %{name}.
126
127	%package -n %{develname}
128	Summary: Development headers and libraries for %{name}
129	Group: Development/Other
130	Requires(pre): filesystem >= 2.1.9-18
131	Requires: %{libname} = %{version}
132	Provides: %{name}-devel = %{version}-%{release}
133	Provides: lib%{name}-devel = %{version}-%{release}
134
135	%description -n %{develname}
136	PAM (Pluggable Authentication Modules) is a system security tool that
137	allows system administrators to set authentication policy without
138	having to recompile programs that handle authentication.
139
140	This package contains the development librairies for %{name}.
141
142	%prep
143	%setup -q -n Linux-PAM-%{version} -a 2
144
145	# Add custom modules.
146	mv pam-redhat-%{pam_redhat_version}/* modules
147
148	# (RH)
149	%patch1 -p1 -b .redhat-modules
150	%patch2 -p1 -b .std-noclose
151	%patch4 -p1 -b .nochmod
152	%patch5 -p1 -b .notally
153	%patch7 -p1 -b .console-fixes
154	%patch9 -p1 -b .noflex
155	%patch10 -p1 -b .nouserenv
156	%patch11 -p1 -b .abstract
157	%patch13 -p1 -b .limits
158	%patch22 -p1 -b .build
159	%patch32 -p1 -b .tty-audit-init
160	%patch35 -p1 -b .case
161	%patch36 -p1 -b .timestamp-ruser
162
163	# (Mageia)
164	%patch507 -p1 -b .loop
165	%patch508 -p1 -b .pamtimestampadm
166	%patch512 -p0 -b .xauth-groups
167	%patch521 -p1 -b .pbuild-rh
168	%patch700 -p1 -b .static
169	%patch701 -p1 -b .nopermsd
170	%patch702 -p1 -b .nis-const
171
172	# 08/08/2008 - vdanen - make pam provide pam_unix until we can work out all the issues in pam_tcb; this
173	# just makes things easier but is not meant to be a permanent solution
174	## Remove unwanted modules; pam_tcb provides pam_unix now
175	#for d in pam_unix; do
176	# rm -rf modules/$d
177	# sed -i "s,modules/$d/Makefile,," configure.in
178	# sed -i "s/ $d / /" modules/Makefile.am
179	#done
180
181
182	install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/
183
184	mkdir -p doc/txts
185	for readme in modules/pam_*/README ; do
186	cp -f ${readme} doc/txts/README.`dirname ${readme} \| sed -e 's\|^modules/\|\|'`
187	done
188
189	%build
190	autoreconf -fi -I m4
191
192	export BROWSER=""
193	CFLAGS="$RPM_OPT_FLAGS -fPIC -I%{_includedir}/db_nss -D_GNU_SOURCE" \
194	%configure2_5x \
195	--includedir=%{_includedir}/security \
196	--with-db-uniquename=_nss \
197	--docdir=%{_docdir}/%{name} \
198	--disable-selinux
199	%make
200
201	%install
202	mkdir -p %{buildroot}%{_includedir}/security
203	mkdir -p %{buildroot}%{_libdir}/security
204	%makeinstall_std LDCONFIG=:
205	install -d -m 755 %{buildroot}/etc/pam.d
206	install -m 644 %{SOURCE5} %{buildroot}/etc/pam.d/other
207	install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/system-auth
208	install -m 644 %{SOURCE7} %{buildroot}/etc/pam.d/config-util
209	install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/security/limits.d/90-nproc.conf
210	install -m 644 %{SOURCE12} %{buildroot}/etc/pam.d/postlogin
211	install -m 600 /dev/null %{buildroot}%{_sysconfdir}/security/opasswd
212	install -d -m 755 %{buildroot}/var/log
213	install -m 600 /dev/null %{buildroot}/var/log/tallylog
214
215	# Install man pages.
216	install -m 644 %{SOURCE9} %{SOURCE10} %{SOURCE13} %{buildroot}%{_mandir}/man5/
217
218	# Install tmpfiles
219	install -D -p -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf
220
221	# remove unpackaged .la files
222	rm -rf %{buildroot}%{_libdir}/.la %{buildroot}%{_libdir}/security/.la
223
224	# no longer needed, handled by ACL in udev
225	for phase in auth acct passwd session ; do
226	ln -sf pam_unix.so %{buildroot}%{_libdir}/security/pam_unix_${phase}.so
227	done
228
229	%find_lang Linux-PAM
230
231	%check
232	# (blino) we don't want to test if SE Linux is built, it's disabled
233	# Make sure every module subdirectory gave us a module. Yes, this is hackish.
234	for dir in modules/pam_* ; do
235	if [ -d ${dir} ] && [ ${dir} != "modules/pam_selinux" && [ ${dir} != "modules/pam_sepermit" ]; then
236	[ ${dir} = "modules/pam_tally" ] && continue
237	if ! ls -1 %{buildroot}%{_libdir}/security/`basename ${dir}`*.so ; then
238	echo ERROR `basename ${dir}` did not build a module.
239	exit 1
240	fi
241	fi
242	done
243
244	# Check for module problems. Specifically, check that every module we just
245	# installed can actually be loaded by a minimal PAM-aware application.
246	%{_sbindir}/ldconfig -n %{buildroot}%{_libdir}
247	for module in %{buildroot}%{_libdir}/security/pam*.so ; do
248	if ! env LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
249	%{SOURCE8} -ldl -lpam -L%{buildroot}%{_libdir} ${module} ; then
250	echo ERROR module: ${module} cannot be loaded.
251	exit 1
252	fi
253	done
254
255	rmdir %{buildroot}/var/run/console
256
257	%posttrans
258	%_tmpfilescreate %{name}
259	# (cg) Ensure that the pam_systemd.so is included for user ACLs under systemd
260	# Note: Only affects upgrades, but does no harm so always update if needed.
261	if ! grep -q "pam_systemd\.so" /etc/pam.d/system-auth; then
262	echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth
263	fi
264
265	if [ ! -a /var/log/tallylog ] ; then
266	install -m 600 /dev/null /var/log/tallylog
267	fi
268	if [ -f /etc/login.defs ] && ! grep -q USE_TCB /etc/login.defs; then
269	%{_sbindir}/set_tcb --auto --migrate
270	fi
271
272
273	%files -f Linux-PAM.lang
274	%doc NEWS
275	%docdir %{_docdir}/%{name}
276	%dir /etc/pam.d
277	%config(noreplace) /etc/environment
278	%config(noreplace) /etc/pam.d/other
279	%attr(0644,root,shadow) %config(noreplace) /etc/pam.d/system-auth
280	%config(noreplace) /etc/pam.d/config-util
281	%config(noreplace) /etc/pam.d/postlogin
282	%{_sbindir}/mkhomedir_helper
283	%{_sbindir}/pam_console_apply
284	%{_sbindir}/pam_tally2
285	%{_sbindir}/unix_chkpwd
286	%{_sbindir}/unix_update
287	%attr(4755,root,root) %{_sbindir}/pam_timestamp_check
288	%{_tmpfilesdir}/%{name}.conf
289	%config(noreplace) %{_sysconfdir}/security/access.conf
290	%config(noreplace) %{_sysconfdir}/security/chroot.conf
291	%config(noreplace) %{_sysconfdir}/security/console.perms
292	%config(noreplace) %{_sysconfdir}/security/console.handlers
293	%config(noreplace) %{_sysconfdir}/security/group.conf
294	%config(noreplace) %{_sysconfdir}/security/limits.conf
295	%dir %{_sysconfdir}/security/limits.d
296	%config(noreplace) %{_sysconfdir}/security/limits.d/90-nproc.conf
297	%config(noreplace) %{_sysconfdir}/security/namespace.conf
298	%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init
299	%config(noreplace) %{_sysconfdir}/security/pam_env.conf
300	%config(noreplace) %{_sysconfdir}/security/time.conf
301	%config(noreplace) %{_sysconfdir}/security/opasswd
302	%dir %{_sysconfdir}/security/console.apps
303	%dir %{_sysconfdir}/security/console.perms.d
304	%ghost %verify(not md5 size mtime) /var/log/tallylog
305	%{_mandir}/man5/*
306	%{_mandir}/man8/*
307
308	%files -n %{libname}
309	%{_libdir}/libpam.so.*
310	%{_libdir}/libpamc.so.*
311	%{_libdir}/libpam_misc.so.*
312	%{_libdir}/security/*.so
313	%{_libdir}/security/pam_filter
314	%dir %{_libdir}/security
315
316	%files -n %{develname}
317	%doc Copyright
318	%{_libdir}/libpam.so
319	%{_libdir}/libpam_misc.so
320	%{_libdir}/libpamc.so
321	%{_includedir}/security/*.h
322	%{_mandir}/man3/*
323
324	%files doc
325	%doc doc/txts doc/specs/rfc86.0.txt Copyright