pool/pam
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
089ed3e485
pam/pam.spec
Thorsten Kukuk 089ed3e485 Accepting request 903070 from home:lnussel:usrmove 
- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
- Backport patch to not install /usr/etc/securetty (boo#1033626) ie
  no distro defaults and don't complain about it missing
  (pam_securetty-don-t-complain-about-missing-config.patch)
- add debug bcond to be able to build pam with debug output easily
- add macros file to allow other packages to stop hardcoding
  directory names. Compatible with Fedora.

- Remove usrmerged conditional as it's now the default

OBS-URL: https://build.opensuse.org/request/show/903070
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=241
2021-07-09 12:12:20 +00:00

458 lines
15 KiB
RPMSpec
Raw Blame History

#
# spec file for package pam
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%bcond_with debug
#
%define enable_selinux 1
%define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
%if ! %{defined _distconfdir}
%define _distconfdir %{_sysconfdir}
%define config_noreplace 1
%endif
#
%{load:%{_sourcedir}/macros.pam}
#
Name: pam
#
Version: 1.5.1
Release: 0
Summary: A Security Tool that Provides Authentication for Applications
License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
URL: http://www.linux-pam.org/
Source: Linux-PAM-%{version}.tar.xz
Source1: Linux-PAM-%{version}-docs.tar.xz
Source2: macros.pam
Source3: other.pamd
Source4: common-auth.pamd
Source5: common-account.pamd
Source6: common-password.pamd
Source7: common-session.pamd
Source9: baselibs.conf
Source10: unix2_chkpwd.c
Source11: unix2_chkpwd.8
Source12: pam-login_defs-check.sh
Source13: motd.tmpfiles
Patch2: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch
Patch5: pam-xauth_ownership.patch
Patch6: pam_cracklib-removal.patch
Patch7: pam_tally2-removal.patch
Patch8: pam-bsc1177858-dont-free-environment-string.patch
Patch9: pam-pam_cracklib-add-usersubstr.patch
Patch10: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
Patch11: bsc1184358-prevent-LOCAL-from-being-resolved.patch
# https://github.com/linux-pam/linux-pam/commit/e842a5fc075002f46672ebcd8e896624f1ec8068
Patch100: pam_securetty-don-t-complain-about-missing-config.patch
BuildRequires: audit-devel
BuildRequires: bison
BuildRequires: cracklib-devel
BuildRequires: flex
BuildRequires: libtool
BuildRequires: xz
Requires(post): permissions
# All login.defs variables require support from shadow side.
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
Recommends: login_defs-support-for-pam >= 1.3.1
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
%endif
%if %{enable_selinux}
BuildRequires: libselinux-devel
%endif
Requires: pam_unix.so
Suggests: pam_unix
%if 0%{?suse_version} >= 1330
Requires(pre): group(shadow)
Requires(pre): user(root)
%endif
%description
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
%package -n pam_unix
Summary: PAM module for standard UNIX authentication
Group: System/Libraries
Provides: pam_unix.so
Conflicts: pam_unix-nis
%description -n pam_unix
This package contains the pam_unix module, which does the standard
UNIX authentication against the passwd and shadow database. This
module does not contain NIS support.
%package extra
Summary: PAM module to authenticate against a separate database
Group: System/Libraries
BuildRequires: libdb-4_8-devel
BuildRequires: pam-devel
%description extra
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains useful extra modules eg pam_userdb which is
used to verify a username/password pair against values stored in
a Berkeley DB database.
%package doc
Summary: Documentation for Pluggable Authentication Modules
Group: Documentation/HTML
%if 0%{?suse_version} >= 1140
BuildArch: noarch
%endif
%description doc
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains the documentation.
%package devel
Summary: Include Files and Libraries for PAM Development
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: pam = %{version}
%description devel
PAM (Pluggable Authentication Modules) is a system security tool which
allows system administrators to set authentication policy without
having to recompile programs which do authentication.
This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.
%package deprecated
Summary: Deprecated PAM Modules
Group: System/Libraries
Provides: pam:/%{_lib}/security/pam_cracklib.so
Provides: pam:/%{_lib}/security/pam_tally2.so
%description deprecated
PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policies without
having to recompile programs that do authentication.
This package contains deprecated extra modules like pam_cracklib and
pam_tally2, which are no longer supported upstream and will be completly
removed with one of the next releases.
%prep
%setup -q -n Linux-PAM-%{version} -b 1
cp -a %{SOURCE12} .
%patch2 -p1
%patch4 -p1
%patch5 -p1
%patch6 -R -p1
%patch7 -R -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch100 -p1
%build
bash ./pam-login_defs-check.sh
export CFLAGS="%{optflags}"
%if !%{with debug}
CFLAGS="$CFLAGS -DNDEBUG"
%endif
%configure \
--includedir=%{_includedir}/security \
--docdir=%{_docdir}/pam \
--htmldir=%{_docdir}/pam/html \
--pdfdir=%{_docdir}/pam/pdf \
--enable-isadir=../..%{_pam_moduledir} \
--enable-securedir=%{_pam_moduledir} \
--enable-vendordir=%{_distconfdir} \
%if %{with debug}
--enable-debug \
%endif
--enable-tally2 --enable-cracklib
make %{?_smp_mflags}
gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam
%check
%make_build check
%install
mkdir -p %{buildroot}%{_pam_confdir}
mkdir -p %{buildroot}%{_pam_vendordir}
mkdir -p %{buildroot}%{_includedir}/security
mkdir -p %{buildroot}%{_pam_moduledir}
mkdir -p %{buildroot}/sbin
mkdir -p -m 755 %{buildroot}%{_libdir}
%make_install
/sbin/ldconfig -n %{buildroot}%{libdir}
# Install documentation
%make_install -C doc
# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript
install -d %{buildroot}%{_pam_secconfdir}/namespace.d
# install other.pamd and common-*.pamd
install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other
install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth
install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account
install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password
install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session
mkdir -p %{buildroot}%{_prefix}/lib/motd.d
#
# Remove crap
#
find %{buildroot} -type f -name "*.la" -delete -print
for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do
ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so
done
#
# Install READMEs of PAM modules
#
DOC=%{buildroot}%{_defaultdocdir}/pam
mkdir -p $DOC/modules
pushd modules
for i in pam_*/README; do
cp -fpv "$i" "$DOC/modules/README.${i%/*}"
done
popd
# Install unix2_chkpwd
install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir}
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
# rpm macros
install -D -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.pam
# /run/motd.d
install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/motd.conf
# Create filelist with translations
%find_lang Linux-PAM
%verifyscript
%verify_permissions -e %{_sbindir}/unix_chkpwd
%verify_permissions -e %{_sbindir}/unix2_chkpwd
%post
/sbin/ldconfig
%set_permissions %{_sbindir}/unix_chkpwd
%set_permissions %{_sbindir}/unix2_chkpwd
%tmpfiles_create %{_tmpfilesdir}/motd.conf
%postun -p /sbin/ldconfig
%pre
for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%posttrans
# Migration to /usr/etc.
for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%files -f Linux-PAM.lang
%exclude %{_defaultdocdir}/pam
%dir %{_pam_confdir}
%dir %{_pam_vendordir}
%dir %{_pam_secconfdir}
%dir %{_pam_secconfdir}/limits.d
%dir %{_prefix}/lib/motd.d
%ghost %dir %{_rundir}/motd.d
%if %{defined config_noreplace}
%config(noreplace) %{_pam_confdir}/other
%config(noreplace) %{_pam_confdir}/common-*
%else
%{_pam_vendordir}/other
%{_pam_vendordir}/common-*
%endif
%config(noreplace) %{_sysconfdir}/environment
%config(noreplace) %{_pam_secconfdir}/access.conf
%config(noreplace) %{_pam_secconfdir}/group.conf
%config(noreplace) %{_pam_secconfdir}/faillock.conf
%config(noreplace) %{_pam_secconfdir}/limits.conf
%config(noreplace) %{_pam_secconfdir}/pam_env.conf
%if %{enable_selinux}
%config(noreplace) %{_pam_secconfdir}/sepermit.conf
%endif
%config(noreplace) %{_pam_secconfdir}/time.conf
%config(noreplace) %{_pam_secconfdir}/namespace.conf
%config(noreplace) %{_pam_secconfdir}/namespace.init
%dir %{_pam_secconfdir}/namespace.d
%doc NEWS
%license COPYING
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
%{_mandir}/man8/PAM.8%{?ext_man}
%{_mandir}/man8/faillock.8%{?ext_man}
%{_mandir}/man8/mkhomedir_helper.8%{?ext_man}
%{_mandir}/man8/pam.8%{?ext_man}
%{_mandir}/man8/pam_access.8%{?ext_man}
%{_mandir}/man8/pam_debug.8%{?ext_man}
%{_mandir}/man8/pam_deny.8%{?ext_man}
%{_mandir}/man8/pam_echo.8%{?ext_man}
%{_mandir}/man8/pam_env.8%{?ext_man}
%{_mandir}/man8/pam_exec.8%{?ext_man}
%{_mandir}/man8/pam_faildelay.8%{?ext_man}
%{_mandir}/man8/pam_faillock.8%{?ext_man}
%{_mandir}/man8/pam_filter.8%{?ext_man}
%{_mandir}/man8/pam_ftp.8%{?ext_man}
%{_mandir}/man8/pam_group.8%{?ext_man}
%{_mandir}/man8/pam_issue.8%{?ext_man}
%{_mandir}/man8/pam_keyinit.8%{?ext_man}
%{_mandir}/man8/pam_lastlog.8%{?ext_man}
%{_mandir}/man8/pam_limits.8%{?ext_man}
%{_mandir}/man8/pam_listfile.8%{?ext_man}
%{_mandir}/man8/pam_localuser.8%{?ext_man}
%{_mandir}/man8/pam_loginuid.8%{?ext_man}
%{_mandir}/man8/pam_mail.8%{?ext_man}
%{_mandir}/man8/pam_mkhomedir.8%{?ext_man}
%{_mandir}/man8/pam_motd.8%{?ext_man}
%{_mandir}/man8/pam_namespace.8%{?ext_man}
%{_mandir}/man8/pam_namespace_helper.8%{?ext_man}
%{_mandir}/man8/pam_nologin.8%{?ext_man}
%{_mandir}/man8/pam_permit.8%{?ext_man}
%{_mandir}/man8/pam_pwhistory.8%{?ext_man}
%{_mandir}/man8/pam_rhosts.8%{?ext_man}
%{_mandir}/man8/pam_rootok.8%{?ext_man}
%{_mandir}/man8/pam_securetty.8%{?ext_man}
%{_mandir}/man8/pam_selinux.8%{?ext_man}
%{_mandir}/man8/pam_sepermit.8%{?ext_man}
%{_mandir}/man8/pam_setquota.8%{?ext_man}
%{_mandir}/man8/pam_shells.8%{?ext_man}
%{_mandir}/man8/pam_stress.8%{?ext_man}
%{_mandir}/man8/pam_succeed_if.8%{?ext_man}
%{_mandir}/man8/pam_time.8%{?ext_man}
%{_mandir}/man8/pam_timestamp.8%{?ext_man}
%{_mandir}/man8/pam_timestamp_check.8%{?ext_man}
%{_mandir}/man8/pam_tty_audit.8%{?ext_man}
%{_mandir}/man8/pam_umask.8%{?ext_man}
%{_mandir}/man8/pam_unix.8%{?ext_man}
%{_mandir}/man8/pam_usertype.8%{?ext_man}
%{_mandir}/man8/pam_warn.8%{?ext_man}
%{_mandir}/man8/pam_wheel.8%{?ext_man}
%{_mandir}/man8/pam_xauth.8%{?ext_man}
%{_mandir}/man8/pwhistory_helper.8%{?ext_man}
%{_mandir}/man8/unix2_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_chkpwd.8%{?ext_man}
%{_mandir}/man8/unix_update.8%{?ext_man}
%{_libdir}/libpam.so.0
%{_libdir}/libpam.so.%{libpam_so_version}
%{_libdir}/libpamc.so.0
%{_libdir}/libpamc.so.%{libpamc_so_version}
%{_libdir}/libpam_misc.so.0
%{_libdir}/libpam_misc.so.%{libpam_misc_so_version}
%dir %{_pam_moduledir}
%{_pam_moduledir}/pam_access.so
%{_pam_moduledir}/pam_debug.so
%{_pam_moduledir}/pam_deny.so
%{_pam_moduledir}/pam_echo.so
%{_pam_moduledir}/pam_env.so
%{_pam_moduledir}/pam_exec.so
%{_pam_moduledir}/pam_faildelay.so
%{_pam_moduledir}/pam_faillock.so
%{_pam_moduledir}/pam_filter.so
%dir %{_pam_moduledir}/pam_filter
%{_pam_moduledir}//pam_filter/upperLOWER
%{_pam_moduledir}/pam_ftp.so
%{_pam_moduledir}/pam_group.so
%{_pam_moduledir}/pam_issue.so
%{_pam_moduledir}/pam_keyinit.so
%{_pam_moduledir}/pam_lastlog.so
%{_pam_moduledir}/pam_limits.so
%{_pam_moduledir}/pam_listfile.so
%{_pam_moduledir}/pam_localuser.so
%{_pam_moduledir}/pam_loginuid.so
%{_pam_moduledir}/pam_mail.so
%{_pam_moduledir}/pam_mkhomedir.so
%{_pam_moduledir}/pam_motd.so
%{_pam_moduledir}/pam_namespace.so
%{_pam_moduledir}/pam_nologin.so
%{_pam_moduledir}/pam_permit.so
%{_pam_moduledir}/pam_pwhistory.so
%{_pam_moduledir}/pam_rhosts.so
%{_pam_moduledir}/pam_rootok.so
%{_pam_moduledir}/pam_securetty.so
%if %{enable_selinux}
%{_pam_moduledir}/pam_selinux.so
%{_pam_moduledir}/pam_sepermit.so
%endif
%{_pam_moduledir}/pam_setquota.so
%{_pam_moduledir}/pam_shells.so
%{_pam_moduledir}/pam_stress.so
%{_pam_moduledir}/pam_succeed_if.so
%{_pam_moduledir}/pam_time.so
%{_pam_moduledir}/pam_timestamp.so
%{_pam_moduledir}/pam_tty_audit.so
%{_pam_moduledir}/pam_umask.so
%{_pam_moduledir}/pam_usertype.so
%{_pam_moduledir}/pam_warn.so
%{_pam_moduledir}/pam_wheel.so
%{_pam_moduledir}/pam_xauth.so
%{_sbindir}/faillock
%{_sbindir}/mkhomedir_helper
%{_sbindir}/pam_namespace_helper
%{_sbindir}/pam_timestamp_check
%{_sbindir}/pwhistory_helper
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd
%attr(0700,root,root) %{_sbindir}/unix_update
%{_unitdir}/pam_namespace.service
%{_tmpfilesdir}/motd.conf
%files -n pam_unix
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_unix.so
%{_pam_moduledir}/pam_unix_acct.so
%{_pam_moduledir}/pam_unix_auth.so
%{_pam_moduledir}/pam_unix_passwd.so
%{_pam_moduledir}/pam_unix_session.so
%files extra
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_userdb.so
%{_mandir}/man8/pam_userdb.8%{?ext_man}
%files deprecated
%defattr(-,root,root,755)
%{_pam_moduledir}/pam_cracklib.so
%{_pam_moduledir}/pam_tally2.so
%{_sbindir}/pam_tally2
%files doc
%defattr(644,root,root,755)
%dir %{_defaultdocdir}/pam
%doc %{_defaultdocdir}/pam/html
%doc %{_defaultdocdir}/pam/modules
%doc %{_defaultdocdir}/pam/pdf
%doc %{_defaultdocdir}/pam/*.txt
%files devel
%defattr(644,root,root,755)
%dir %{_includedir}/security
%{_mandir}/man3/pam*
%{_mandir}/man3/misc_conv.3%{?ext_man}
%{_includedir}/security/*.h
%{_libdir}/libpam.so
%{_libdir}/libpamc.so
%{_libdir}/libpam_misc.so
%{_prefix}/lib/rpm/macros.d/macros.pam
%changelog
Reference in New Issue View Git Blame Copy Permalink