1 |
# use fakeroot -ba sudo.spec to build! |
2 |
|
3 |
Name: sudo |
4 |
Version: 1.8.3p2 |
5 |
Release: %mkrel 1 |
6 |
Epoch: 1 |
7 |
Summary: Allows command execution as root for specified users |
8 |
License: GPLv2+ |
9 |
Group: System/Base |
10 |
URL: http://www.sudo.ws/sudo |
11 |
Source0: http://www.sudo.ws/sudo/dist/%name-%version%{?pre}.tar.gz |
12 |
Source1: http://www.sudo.ws/sudo/dist/%name-%version%{?pre}.tar.gz.sig |
13 |
Source2: sudo.pamd |
14 |
Source3: sudo-1.7.2p2-sudoers |
15 |
Patch1: sudo-1.6.7p5-strip.patch |
16 |
Patch2: sudo-1.7.2p1-envdebug.patch |
17 |
Patch3: sudo-1.7.4p3-m4path.patch |
18 |
# http://www.sudo.ws/repos/sudo/rev/172f29597bd2 |
19 |
# These two patches removed at version 1.8.2 :- |
20 |
# Patch4: sudo-1.8.0-fix-n-option.patch |
21 |
# Patch5: sudo_1.8.1_noexec.patch |
22 |
BuildRequires: audit-devel |
23 |
BuildRequires: bison |
24 |
BuildRequires: groff-for-man |
25 |
BuildRequires: libcap-devel |
26 |
BuildRequires: openldap-devel |
27 |
BuildRequires: pam-devel |
28 |
Requires(pre): openldap |
29 |
|
30 |
%description |
31 |
Sudo is a program designed to allow a sysadmin to give limited root |
32 |
privileges to users and log root activity. The basic philosophy is |
33 |
to give as few privileges as possible but still allow people to get |
34 |
their work done. |
35 |
|
36 |
%package devel |
37 |
Summary: Development files for sudo plugins |
38 |
Group: Development/C |
39 |
Requires: %{name} = %{EVRD} |
40 |
|
41 |
%description devel |
42 |
Development files for compiling sudo plugins. |
43 |
|
44 |
%prep |
45 |
%setup -q -n %{name}-%{version}%{?pre} |
46 |
%patch1 -p1 -b .strip |
47 |
%patch2 -p1 -b .envdebug |
48 |
%patch3 -p1 -b .m4path |
49 |
|
50 |
%build |
51 |
# handle newer autoconf |
52 |
rm -f acsite.m4 |
53 |
mv aclocal.m4 acinclude.m4 |
54 |
autoreconf -fv --install |
55 |
|
56 |
%serverbuild |
57 |
export CFLAGS="%{optflags} -D_GNU_SOURCE" |
58 |
|
59 |
%configure2_5x \ |
60 |
--without-rpath \ |
61 |
--with-logging=both \ |
62 |
--with-logfac=authpriv \ |
63 |
--with-logpath=%{_logdir}/sudo.log \ |
64 |
--with-editor=/bin/vi \ |
65 |
--enable-log-host \ |
66 |
--with-pam \ |
67 |
--with-pam-login \ |
68 |
--with-env-editor \ |
69 |
--with-noexec=no \ |
70 |
--with-linux-audit \ |
71 |
--with-ignore-dot \ |
72 |
--with-tty-tickets \ |
73 |
--with-ldap \ |
74 |
--with-ldap-conf-file=%{_sysconfdir}/ldap.conf \ |
75 |
--with-secure-path="/sbin:%{_sbindir}:/bin:%{_bindir}:/usr/local/bin:/usr/local/sbin" \ |
76 |
--with-passprompt="[sudo] password for %p: " |
77 |
|
78 |
%make |
79 |
|
80 |
%install |
81 |
rm -rf %{buildroot} |
82 |
|
83 |
install -d %{buildroot}/usr |
84 |
install -d %{buildroot}%{_sysconfdir}/logrotate.d |
85 |
install -d %{buildroot}%{_sysconfdir}/sudoers.d |
86 |
install -d %{buildroot}%{_sysconfdir}/pam.d |
87 |
install -d %{buildroot}%{_var}/db/sudo |
88 |
install -d %{buildroot}%{_logdir}/sudo |
89 |
install -d %{buildroot}%{_logdir}/sudo-io |
90 |
|
91 |
%makeinstall_std install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g) |
92 |
|
93 |
install -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo |
94 |
install -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers |
95 |
install -m0755 plugins/sudoers/sudoers2ldif %{buildroot}%{_bindir} |
96 |
|
97 |
# Installing logrotated file |
98 |
cat <<END >%{buildroot}%{_sysconfdir}/logrotate.d/sudo |
99 |
%{_logdir}/sudo.log { |
100 |
missingok |
101 |
monthly |
102 |
compress |
103 |
} |
104 |
END |
105 |
|
106 |
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo << EOF |
107 |
#%PAM-1.0 |
108 |
auth include system-auth |
109 |
account include system-auth |
110 |
password include system-auth |
111 |
session optional pam_keyinit.so revoke |
112 |
session required pam_limits.so |
113 |
EOF |
114 |
|
115 |
cat > %{buildroot}%{_sysconfdir}/pam.d/sudo-i << EOF |
116 |
#%PAM-1.0 |
117 |
auth include sudo |
118 |
account include sudo |
119 |
password include sudo |
120 |
session optional pam_keyinit.so force revoke |
121 |
session required pam_limits.so |
122 |
EOF |
123 |
|
124 |
# so that strip can touch it... |
125 |
chmod 755 %{buildroot}%{_bindir}/* |
126 |
chmod 755 %{buildroot}%{_sbindir}/* |
127 |
|
128 |
# (tpg) create the missing log file |
129 |
touch %{buildroot}%{_logdir}/sudo.log |
130 |
|
131 |
%check |
132 |
make check |
133 |
|
134 |
%post |
135 |
/bin/chmod 0440 %{_sysconfdir}/sudoers || : |
136 |
%create_ghostfile %{_logdir}/sudo.log root root 600 |
137 |
|
138 |
%files |
139 |
%doc doc/HISTORY README README.LDAP |
140 |
%doc doc/TROUBLESHOOTING doc/UPGRADE doc/sample.sudoers |
141 |
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers |
142 |
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/ |
143 |
%config(noreplace) %{_sysconfdir}/logrotate.d/sudo |
144 |
%config(noreplace) %{_sysconfdir}/pam.d/sudo |
145 |
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i |
146 |
%attr(0755,root,root) %{_bindir}/sudoers2ldif |
147 |
%attr(4111,root,root) %{_bindir}/sudo |
148 |
%attr(4111,root,root) %{_bindir}/sudoedit |
149 |
%attr(0111,root,root) %{_bindir}/sudoreplay |
150 |
%attr(0755,root,root) %{_sbindir}/visudo |
151 |
%ghost %{_logdir}/sudo.log |
152 |
%{_mandir}/*/* |
153 |
%attr(0700,root,root) %dir %{_var}/db/sudo |
154 |
%attr(0750,root,root) %dir %{_logdir}/sudo-io |
155 |
%{_libdir}/sudoers.so |
156 |
%{_datadir}/locale/*/LC_MESSAGES/* |
157 |
|
158 |
%files devel |
159 |
%{_includedir}/sudo_plugin.h |