current/SPECS/sudo.spec

Name:           sudo
Version:        1.9.2
Release:        %mkrel 1
Epoch:          1
Summary:        Allows command execution as root for specified users
License:        GPLv2+
Group:          System/Base
URL:            http://www.sudo.ws/sudo
Source0:        http://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz
Source1:        http://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz.sig
Source2:        sudo.pamd
Source3:        sudoers
Patch1:         sudo-1.6.7p5-strip.patch
Patch2:         sudo-1.7.2p1-envdebug.patch
BuildRequires:  pkgconfig(audit)
BuildRequires:  bison
BuildRequires:  groff-for-man
BuildRequires:  pkgconfig(libcap)
BuildRequires:  openldap-devel
BuildRequires:  openssl-devel
BuildRequires:  pam-devel
Requires(pre):  openldap
# for create_ghostfile in post
Requires(post): rpm-helper

%description
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis.
It is not a replacement for the shell. Features include: the ability to
restrict what commands a user may run on a per-host basis, copious logging
of each command (providing a clear audit trail of who did what), a
configurable timeout of the sudo command, and the ability to use the same
configuration file (sudoers) on many different machines.

%package devel
Summary:        Development files for sudo plugins
Group:          Development/C
Requires:       %{name} = %{epoch}:%{version}-%{release}

%description    devel
Development files for compiling sudo plugins.

%prep
%setup -q -n %{name}-%{version}%{?pre}
%patch1 -p1 -b .strip
%patch2 -p1 -b .envdebug

# fix attribs
find -name "Makefile.*" | xargs perl -pi -e "s|-m 0444|-m 0644|g"


%build
# handle newer autoconf
rm -f acsite.m4
mv aclocal.m4 acinclude.m4
autoreconf -fv --install

%serverbuild
export CFLAGS="%{optflags} -D_GNU_SOURCE"

%configure \
        --without-rpath \
        --with-logging=both \
        --with-logfac=authpriv \
        --with-logpath=%{_logdir}/sudo.log \
        --with-editor=/bin/vi \
        --enable-openssl \
        --disable-root-mailer \
        --enable-log-host \
        --with-pam \
        --with-pam-login \
        --with-env-editor \
        --with-noexec=no \
        --with-linux-audit \
        --with-ignore-dot \
        --with-tty-tickets \
        --with-ldap \
        --with-ldap-conf-file=%{_sysconfdir}/nslcd.conf \
        --with-ldap-secret-file=%{_sysconfdir}/nslcd.conf \
        --with-secure-path="/sbin:%{_sbindir}:/bin:%{_bindir}:/usr/local/bin:/usr/local/sbin" \
        --with-passprompt="[sudo] password for %p: " \
        --with-plugindir=%{_libdir}/sudo

%make_build

%install
install -d %{buildroot}/usr
install -d %{buildroot}%{_sysconfdir}/logrotate.d
install -d %{buildroot}%{_sysconfdir}/sudoers.d
install -d %{buildroot}%{_sysconfdir}/pam.d
install -d %{buildroot}%{_var}/db/sudo
install -d %{buildroot}%{_var}/db/sudo/lectured
install -d %{buildroot}%{_logdir}/sudo
install -d %{buildroot}%{_logdir}/sudo-io

%make_install install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g)

install -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
install -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers

# Installing logrotated file
cat <<END >%{buildroot}%{_sysconfdir}/logrotate.d/sudo
%{_logdir}/sudo.log {
    missingok
    monthly
    compress
}
END

cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
#%PAM-1.0
auth            include         system-auth
account         include         system-auth
password        include         system-auth
session         optional        pam_keyinit.so revoke
session         required        pam_limits.so
EOF

cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
#%PAM-1.0
auth            include         sudo
account         include         sudo
password        include         sudo
session         optional        pam_keyinit.so force revoke
session         required        pam_limits.so
EOF

# so that strip can touch it...
chmod 755 %{buildroot}%{_bindir}/*
chmod 755 %{buildroot}%{_sbindir}/*

# (tpg) create the missing log file
touch %{buildroot}%{_logdir}/sudo.log

# move the lib to a common place
mv %{buildroot}%{_libexecdir}/sudo/* %{buildroot}%{_libdir}/
rm -rf %{buildroot}%{_libexecdir}/sudo

# cleanup
rm -rf %{buildroot}%{_datadir}/examples samples
cp -rp examples samples
rm -f samples/Makefile*
# too big
rm -f %{buildroot}%{_docdir}/%{name}/ChangeLog

find %{buildroot} -type f -name "*.la" | xargs rm

%find_lang sudo
%find_lang sudoers

cat sudo.lang sudoers.lang > sudo_all.lang
rm sudo.lang sudoers.lang

%check
%__make check

%post
/bin/chmod 0440 %{_sysconfdir}/sudoers || :
%create_ghostfile %{_logdir}/sudo.log root root 600

%files -f sudo_all.lang
%doc samples
%{_docdir}/%{name}/CONTRIBUTORS
%{_docdir}/%{name}/LICENSE
%{_docdir}/%{name}/NEWS
%{_docdir}/%{name}/HISTORY
%{_docdir}/%{name}/README
%{_docdir}/%{name}/README.LDAP
%{_docdir}/%{name}/TROUBLESHOOTING
%{_docdir}/%{name}/UPGRADE
%{_docdir}/%{name}/schema.ActiveDirectory
%{_docdir}/%{name}/schema.OpenLDAP
%{_docdir}/%{name}/schema.iPlanet
%{_docdir}/%{name}/schema.olcSudo
%{_docdir}/%{name}/examples/*.conf
%{_docdir}/%{name}/examples/sudoers
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers.dist
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
%config(noreplace) %{_sysconfdir}/logrotate.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
%attr(0755,root,root) %{_bindir}/cvtsudoers
%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
%attr(0755,root,root) %{_sbindir}/sudo_sendlog
%attr(4111,root,root) %{_bindir}/sudo
%{_bindir}/sudoedit
%attr(0111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%ghost %{_logdir}/sudo.log
%{_mandir}/*/*
%attr(0700,root,root) %dir %{_var}/db/sudo
%attr(0700,root,root) %dir %{_var}/db/sudo/lectured
%attr(0750,root,root) %dir %{_logdir}/sudo-io
%attr(0755,root,root) %{_libdir}/sudo/group_file.so
%attr(0755,root,root) %{_libdir}/sudo/sudoers.so
%attr(0755,root,root) %{_libdir}/sudo/system_group.so
%attr(0755,root,root) %{_libdir}/sudo/audit_json.so
%attr(0755,root,root) %{_libdir}/sudo/sample_approval.so
%{_libdir}/libsudo_util.so.0
%attr(0755,root,root) %{_libdir}/libsudo_util.so.*.*
%{_tmpfilesdir}/sudo.conf

%files devel
%doc plugins/{group_file,sample}
%{_includedir}/sudo_plugin.h
%{_mandir}/man8/sudo_plugin.8*
%{_libdir}/libsudo_util.so
1	Name: sudo
2	Version: 1.9.2
3	Release: %mkrel 1
4	Epoch: 1
5	Summary: Allows command execution as root for specified users
6	License: GPLv2+
7	Group: System/Base
8	URL: http://www.sudo.ws/sudo
9	Source0: http://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz
10	Source1: http://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz.sig
11	Source2: sudo.pamd
12	Source3: sudoers
13	Patch1: sudo-1.6.7p5-strip.patch
14	Patch2: sudo-1.7.2p1-envdebug.patch
15	BuildRequires: pkgconfig(audit)
16	BuildRequires: bison
17	BuildRequires: groff-for-man
18	BuildRequires: pkgconfig(libcap)
19	BuildRequires: openldap-devel
20	BuildRequires: openssl-devel
21	BuildRequires: pam-devel
22	Requires(pre): openldap
23	# for create_ghostfile in post
24	Requires(post): rpm-helper
25
26	%description
27	Sudo (superuser do) allows a system administrator to give certain users (or
28	groups of users) the ability to run some (or all) commands as root while
29	logging all commands and arguments. Sudo operates on a per-command basis.
30	It is not a replacement for the shell. Features include: the ability to
31	restrict what commands a user may run on a per-host basis, copious logging
32	of each command (providing a clear audit trail of who did what), a
33	configurable timeout of the sudo command, and the ability to use the same
34	configuration file (sudoers) on many different machines.
35
36	%package devel
37	Summary: Development files for sudo plugins
38	Group: Development/C
39	Requires: %{name} = %{epoch}:%{version}-%{release}
40
41	%description devel
42	Development files for compiling sudo plugins.
43
44	%prep
45	%setup -q -n %{name}-%{version}%{?pre}
46	%patch1 -p1 -b .strip
47	%patch2 -p1 -b .envdebug
48
49	# fix attribs
50	find -name "Makefile.*" \| xargs perl -pi -e "s\|-m 0444\|-m 0644\|g"
51
52
53	%build
54	# handle newer autoconf
55	rm -f acsite.m4
56	mv aclocal.m4 acinclude.m4
57	autoreconf -fv --install
58
59	%serverbuild
60	export CFLAGS="%{optflags} -D_GNU_SOURCE"
61
62	%configure \
63	--without-rpath \
64	--with-logging=both \
65	--with-logfac=authpriv \
66	--with-logpath=%{_logdir}/sudo.log \
67	--with-editor=/bin/vi \
68	--enable-openssl \
69	--disable-root-mailer \
70	--enable-log-host \
71	--with-pam \
72	--with-pam-login \
73	--with-env-editor \
74	--with-noexec=no \
75	--with-linux-audit \
76	--with-ignore-dot \
77	--with-tty-tickets \
78	--with-ldap \
79	--with-ldap-conf-file=%{_sysconfdir}/nslcd.conf \
80	--with-ldap-secret-file=%{_sysconfdir}/nslcd.conf \
81	--with-secure-path="/sbin:%{_sbindir}:/bin:%{_bindir}:/usr/local/bin:/usr/local/sbin" \
82	--with-passprompt="[sudo] password for %p: " \
83	--with-plugindir=%{_libdir}/sudo
84
85	%make_build
86
87	%install
88	install -d %{buildroot}/usr
89	install -d %{buildroot}%{_sysconfdir}/logrotate.d
90	install -d %{buildroot}%{_sysconfdir}/sudoers.d
91	install -d %{buildroot}%{_sysconfdir}/pam.d
92	install -d %{buildroot}%{_var}/db/sudo
93	install -d %{buildroot}%{_var}/db/sudo/lectured
94	install -d %{buildroot}%{_logdir}/sudo
95	install -d %{buildroot}%{_logdir}/sudo-io
96
97	%make_install install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g)
98
99	install -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
100	install -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers
101
102	# Installing logrotated file
103	cat <<END >%{buildroot}%{_sysconfdir}/logrotate.d/sudo
104	%{_logdir}/sudo.log {
105	missingok
106	monthly
107	compress
108	}
109	END
110
111	cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
112	#%PAM-1.0
113	auth include system-auth
114	account include system-auth
115	password include system-auth
116	session optional pam_keyinit.so revoke
117	session required pam_limits.so
118	EOF
119
120	cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
121	#%PAM-1.0
122	auth include sudo
123	account include sudo
124	password include sudo
125	session optional pam_keyinit.so force revoke
126	session required pam_limits.so
127	EOF
128
129	# so that strip can touch it...
130	chmod 755 %{buildroot}%{_bindir}/*
131	chmod 755 %{buildroot}%{_sbindir}/*
132
133	# (tpg) create the missing log file
134	touch %{buildroot}%{_logdir}/sudo.log
135
136	# move the lib to a common place
137	mv %{buildroot}%{_libexecdir}/sudo/* %{buildroot}%{_libdir}/
138	rm -rf %{buildroot}%{_libexecdir}/sudo
139
140	# cleanup
141	rm -rf %{buildroot}%{_datadir}/examples samples
142	cp -rp examples samples
143	rm -f samples/Makefile*
144	# too big
145	rm -f %{buildroot}%{_docdir}/%{name}/ChangeLog
146
147	find %{buildroot} -type f -name "*.la" \| xargs rm
148
149	%find_lang sudo
150	%find_lang sudoers
151
152	cat sudo.lang sudoers.lang > sudo_all.lang
153	rm sudo.lang sudoers.lang
154
155	%check
156	%__make check
157
158	%post
159	/bin/chmod 0440 %{_sysconfdir}/sudoers \|\| :
160	%create_ghostfile %{_logdir}/sudo.log root root 600
161
162	%files -f sudo_all.lang
163	%doc samples
164	%{_docdir}/%{name}/CONTRIBUTORS
165	%{_docdir}/%{name}/LICENSE
166	%{_docdir}/%{name}/NEWS
167	%{_docdir}/%{name}/HISTORY
168	%{_docdir}/%{name}/README
169	%{_docdir}/%{name}/README.LDAP
170	%{_docdir}/%{name}/TROUBLESHOOTING
171	%{_docdir}/%{name}/UPGRADE
172	%{_docdir}/%{name}/schema.ActiveDirectory
173	%{_docdir}/%{name}/schema.OpenLDAP
174	%{_docdir}/%{name}/schema.iPlanet
175	%{_docdir}/%{name}/schema.olcSudo
176	%{_docdir}/%{name}/examples/*.conf
177	%{_docdir}/%{name}/examples/sudoers
178	%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
179	%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers.dist
180	%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
181	%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
182	%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
183	%config(noreplace) %{_sysconfdir}/logrotate.d/sudo
184	%config(noreplace) %{_sysconfdir}/pam.d/sudo
185	%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
186	%attr(0755,root,root) %{_bindir}/cvtsudoers
187	%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
188	%attr(0755,root,root) %{_sbindir}/sudo_sendlog
189	%attr(4111,root,root) %{_bindir}/sudo
190	%{_bindir}/sudoedit
191	%attr(0111,root,root) %{_bindir}/sudoreplay
192	%attr(0755,root,root) %{_sbindir}/visudo
193	%ghost %{_logdir}/sudo.log
194	%{_mandir}//
195	%attr(0700,root,root) %dir %{_var}/db/sudo
196	%attr(0700,root,root) %dir %{_var}/db/sudo/lectured
197	%attr(0750,root,root) %dir %{_logdir}/sudo-io
198	%attr(0755,root,root) %{_libdir}/sudo/group_file.so
199	%attr(0755,root,root) %{_libdir}/sudo/sudoers.so
200	%attr(0755,root,root) %{_libdir}/sudo/system_group.so
201	%attr(0755,root,root) %{_libdir}/sudo/audit_json.so
202	%attr(0755,root,root) %{_libdir}/sudo/sample_approval.so
203	%{_libdir}/libsudo_util.so.0
204	%attr(0755,root,root) %{_libdir}/libsudo_util.so..
205	%{_tmpfilesdir}/sudo.conf
206
207	%files devel
208	%doc plugins/{group_file,sample}
209	%{_includedir}/sudo_plugin.h
210	%{_mandir}/man8/sudo_plugin.8*
211	%{_libdir}/libsudo_util.so