/[packages]/updates/8/sudo/current/SPECS/sudo.spec
ViewVC logotype

Contents of /updates/8/sudo/current/SPECS/sudo.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1935428 - (show annotations) (download)
Mon Jan 23 21:28:19 2023 UTC (14 months, 3 weeks ago) by luigiwalser
File size: 6976 byte(s) 
SILENT: update URLs to https
1 Name: sudo
2 Version: 1.9.5p2
3 %define subrel 2
4 Release: %mkrel 2
5 Epoch: 1
6 Summary: Allows command execution as root for specified users
7 License: GPLv2+
8 Group: System/Base
9 URL: https://www.sudo.ws/sudo
10 Source0: https://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz
11 Source1: https://www.sudo.ws/sudo/dist/%{name}-%{version}%{?pre}.tar.gz.sig
12 Source2: sudo.pamd
13 Source3: sudoers
14 Patch1: sudo-1.6.7p5-strip.patch
15 Patch2: sudo-1.7.2p1-envdebug.patch
16 Patch3: sudo-Fix-NO_ROOT_MAILER.patch
17 Patch4: bd209b9f16fcd1270c13db27ae3329c677d48050.patch
18 Patch5: CVE-2023-22809.patch
19 BuildRequires: pkgconfig(audit)
20 BuildRequires: bison
21 BuildRequires: groff-for-man
22 BuildRequires: pkgconfig(libcap)
23 BuildRequires: openldap-devel
24 BuildRequires: openssl-devel
25 BuildRequires: pam-devel
26 Requires(pre): openldap
27 # for create_ghostfile in post
28 Requires(post): rpm-helper
29
30 %description
31 Sudo (superuser do) allows a system administrator to give certain users (or
32 groups of users) the ability to run some (or all) commands as root while
33 logging all commands and arguments. Sudo operates on a per-command basis.
34 It is not a replacement for the shell. Features include: the ability to
35 restrict what commands a user may run on a per-host basis, copious logging
36 of each command (providing a clear audit trail of who did what), a
37 configurable timeout of the sudo command, and the ability to use the same
38 configuration file (sudoers) on many different machines.
39
40 %package devel
41 Summary: Development files for sudo plugins
42 Group: Development/C
43 Requires: %{name} = %{epoch}:%{version}-%{release}
44
45 %description devel
46 Development files for compiling sudo plugins.
47
48 %prep
49 %setup -q -n %{name}-%{version}%{?pre}
50 %patch1 -p1 -b .strip
51 %patch2 -p1 -b .envdebug
52 %patch3 -p1
53 %patch4 -p1
54 %patch5 -p1
55
56 # fix attribs
57 find -name "Makefile.*" | xargs perl -pi -e "s|-m 0444|-m 0644|g"
58
59
60 %build
61 # handle newer autoconf
62 rm -f acsite.m4
63 mv aclocal.m4 acinclude.m4
64 autoreconf -fv --install
65
66 %serverbuild
67 export CFLAGS="%{optflags} -D_GNU_SOURCE"
68
69 %configure \
70 --without-rpath \
71 --with-logging=both \
72 --with-logfac=authpriv \
73 --with-logpath=%{_logdir}/sudo.log \
74 --with-editor=/bin/vi \
75 --enable-openssl \
76 --disable-root-mailer \
77 --enable-log-host \
78 --with-pam \
79 --with-pam-login \
80 --with-env-editor \
81 --with-noexec=no \
82 --with-linux-audit \
83 --with-ignore-dot \
84 --with-tty-tickets \
85 --with-ldap \
86 --with-ldap-conf-file=%{_sysconfdir}/nslcd.conf \
87 --with-ldap-secret-file=%{_sysconfdir}/nslcd.conf \
88 --with-secure-path="/sbin:%{_sbindir}:/bin:%{_bindir}:/usr/local/bin:/usr/local/sbin" \
89 --with-passprompt="[sudo] password for %p: " \
90 --with-plugindir=%{_libdir}/sudo \
91 --with-sendmail=/usr/sbin/sendmail
92
93 %make_build
94
95 %install
96 install -d %{buildroot}/usr
97 install -d %{buildroot}%{_sysconfdir}/logrotate.d
98 install -d %{buildroot}%{_sysconfdir}/sudoers.d
99 install -d %{buildroot}%{_sysconfdir}/pam.d
100 install -d %{buildroot}%{_var}/db/sudo
101 install -d %{buildroot}%{_var}/db/sudo/lectured
102 install -d %{buildroot}%{_logdir}/sudo
103 install -d %{buildroot}%{_logdir}/sudo-io
104
105 %make_install install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g)
106
107 install -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
108 install -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers
109
110 # Installing logrotated file
111 cat <<END >%{buildroot}%{_sysconfdir}/logrotate.d/sudo
112 %{_logdir}/sudo.log {
113 missingok
114 monthly
115 compress
116 }
117 END
118
119 cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF
120 #%PAM-1.0
121 auth include system-auth
122 account include system-auth
123 password include system-auth
124 session optional pam_keyinit.so revoke
125 session required pam_limits.so
126 EOF
127
128 cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF
129 #%PAM-1.0
130 auth include sudo
131 account include sudo
132 password include sudo
133 session optional pam_keyinit.so force revoke
134 session required pam_limits.so
135 EOF
136
137 # so that strip can touch it...
138 chmod 755 %{buildroot}%{_bindir}/*
139 chmod 755 %{buildroot}%{_sbindir}/*
140
141 # (tpg) create the missing log file
142 touch %{buildroot}%{_logdir}/sudo.log
143
144 # move the lib to a common place
145 mv %{buildroot}%{_libexecdir}/sudo/* %{buildroot}%{_libdir}/
146 rm -rf %{buildroot}%{_libexecdir}/sudo
147
148 # cleanup
149 rm -rf %{buildroot}%{_datadir}/examples samples
150 cp -rp examples samples
151 rm -f samples/Makefile*
152 # too big
153 rm -f %{buildroot}%{_docdir}/%{name}/ChangeLog
154
155 find %{buildroot} -type f -name "*.la" | xargs rm
156
157 %find_lang sudo
158 %find_lang sudoers
159
160 cat sudo.lang sudoers.lang > sudo_all.lang
161 rm sudo.lang sudoers.lang
162
163 %check
164 %__make check
165
166 %post
167 /bin/chmod 0440 %{_sysconfdir}/sudoers || :
168 %create_ghostfile %{_logdir}/sudo.log root root 600
169
170 %files -f sudo_all.lang
171 %doc samples
172 %{_docdir}/%{name}/CONTRIBUTORS
173 %{_docdir}/%{name}/LICENSE
174 %{_docdir}/%{name}/NEWS
175 %{_docdir}/%{name}/HISTORY
176 %{_docdir}/%{name}/README
177 %{_docdir}/%{name}/README.LDAP
178 %{_docdir}/%{name}/TROUBLESHOOTING
179 %{_docdir}/%{name}/UPGRADE
180 %{_docdir}/%{name}/schema.ActiveDirectory
181 %{_docdir}/%{name}/schema.OpenLDAP
182 %{_docdir}/%{name}/schema.iPlanet
183 %{_docdir}/%{name}/schema.olcSudo
184 %{_docdir}/%{name}/examples/*.conf
185 %{_docdir}/%{name}/examples/sudoers
186 %attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
187 %attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers.dist
188 %attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
189 %attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
190 %attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
191 %config(noreplace) %{_sysconfdir}/logrotate.d/sudo
192 %config(noreplace) %{_sysconfdir}/pam.d/sudo
193 %config(noreplace) %{_sysconfdir}/pam.d/sudo-i
194 %attr(0755,root,root) %{_bindir}/cvtsudoers
195 %attr(0755,root,root) %{_sbindir}/sudo_logsrvd
196 %attr(0755,root,root) %{_sbindir}/sudo_sendlog
197 %attr(4111,root,root) %{_bindir}/sudo
198 %{_bindir}/sudoedit
199 %attr(0111,root,root) %{_bindir}/sudoreplay
200 %attr(0755,root,root) %{_sbindir}/visudo
201 %ghost %{_logdir}/sudo.log
202 %{_mandir}/*/*
203 %attr(0700,root,root) %dir %{_var}/db/sudo
204 %attr(0700,root,root) %dir %{_var}/db/sudo/lectured
205 %attr(0750,root,root) %dir %{_logdir}/sudo-io
206 %attr(0755,root,root) %{_libdir}/sudo/group_file.so
207 %attr(0755,root,root) %{_libdir}/sudo/sudoers.so
208 %attr(0755,root,root) %{_libdir}/sudo/system_group.so
209 %attr(0755,root,root) %{_libdir}/sudo/audit_json.so
210 %attr(0755,root,root) %{_libdir}/sudo/sample_approval.so
211 %{_libdir}/libsudo_util.so.0
212 %attr(0755,root,root) %{_libdir}/libsudo_util.so.*.*
213 %{_tmpfilesdir}/sudo.conf
214
215 %files devel
216 %doc plugins/{group_file,sample}
217 %{_includedir}/sudo_plugin.h
218 %{_mandir}/man8/sudo_plugin.8*
219 %{_libdir}/libsudo_util.so
  ViewVC Help
Powered by ViewVC 1.1.30