Accepting request 78444 from Linux-PAM

- Add commit 2f8daad from upstream - call umount.crypt directly from pam_mount.so while mount.crypt is having no support for utab (bnc#671276); also add commit eb20a26 for better wording of this situation. - Update to new upstream release 2.11 * Allow specifying CIFS/NCP/NFS <volume>s without a "server" attribute (this allows AD integration via pam_winbind) * Added a handful of diagnostics to umount.crypt to determine failure to find vfsmounts * Use /run directory for our variadic data * pmt-ehd: Exclusively create LUKS partitions from now on OBS-URL: https://build.opensuse.org/request/show/78444 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_mount?expand=0&rev=49
2011-08-11 08:16:36 +00:00 · 2011-08-11 08:16:36 +00:00 · ec9f6406d4
commit ec9f6406d4
parent 8976d7d386 80b9da29c3
9 changed files with 109 additions and 45 deletions
--- a/2f8daad-call-umount-crypt-directly.diff
+++ b/2f8daad-call-umount-crypt-directly.diff
@ -0,0 +1,41 @@
+parent eb20a2681362520a9728038a9ff3bdbba58eb1cb (v2.11-1-geb20a26)
+commit 2f8daad6ee71bade802f78e5072410e46bfd74c1
+Author: Jan Engelhardt <jengelh@medozas.de>
+Date:   Wed Aug 10 12:48:49 2011 +0200
+
+config: default to calling umount.crypt directly
+
+As long as utab (no mtab or ro mtab) is not supported, at least try to
+get the user's volumes unmounted on logout.
+---
+ doc/changelog.txt |    1 +
+ src/rdconf1.c     |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/doc/changelog.txt b/doc/changelog.txt
+index d14828f..d99e52f 100644
+--- a/doc/changelog.txt
+++ b/doc/changelog.txt
+@@ -3,6 +3,7 @@ For details, see the history as recorded in the git repository.
+ 
+ HEAD
+ ====
+config: default to calling umount.crypt directly
+ 
+ 
+ v2.11 (2011-08-07)
+diff --git a/src/rdconf1.c b/src/rdconf1.c
+index 37b465c..e64df06 100644
+--- a/src/rdconf1.c
+++ b/src/rdconf1.c
+@@ -1367,7 +1367,7 @@ static const struct pmt_command default_command[] = {
+ 	{CMD_NFSMOUNT,    "nfs4"},
+ 	{CMD_LCLMOUNT,    NULL,    {"mount", "-p0", "%(if %(OPTIONS),-o%(OPTIONS))", "-t%(FSTYPE)", "%(VOLUME)", "%(MNTPT)", NULL}},
+ 	{CMD_CRYPTMOUNT,  "crypt", {"mount", "-t", "crypt", "%(if %(CIPHER),-ocipher=%(CIPHER))", "%(if %(FSKEYCIPHER),-ofsk_cipher=%(FSKEYCIPHER))", "%(if %(FSKEYHASH),-ofsk_hash=%(FSKEYHASH))", "%(if %(FSKEYPATH),-okeyfile=%(FSKEYPATH))", "%(if %(OPTIONS),-o%(OPTIONS))", "%(VOLUME)", "%(MNTPT)", NULL}},
+-	{CMD_CRYPTUMOUNT, "crypt", {"umount", "%(MNTPT)", NULL}},
+	{CMD_CRYPTUMOUNT, "crypt", {"umount.crypt", "%(MNTPT)", NULL}},
+ 	{CMD_UMOUNT,     NULL,     {"umount", "%(MNTPT)", NULL}},
+ 	{CMD_FSCK,       NULL,     {"fsck", "-p", "%(FSCKTARGET)", NULL}},
+ 	{CMD_PMVARRUN,   NULL,     {"pmvarrun", "-u", "%(USER)", "-o", "%(OPERATION)", NULL}},
+-- 
+# Created with git-export-patch
--- a/eb20a26-utab-explain.diff
+++ b/eb20a26-utab-explain.diff
@ -0,0 +1,31 @@
+parent ebeca48d6740cc18dcb4bac15f19b5808c67ae72 (v2.11)
+commit eb20a2681362520a9728038a9ff3bdbba58eb1cb
+Author: Jan Engelhardt <jengelh@medozas.de>
+Date:   Wed Aug 10 12:48:44 2011 +0200
+
+mount.crypt: clarify situation about current absence of utab support
+---
+ src/mtcrypt.c |    8 +++++---
+ 1 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/mtcrypt.c b/src/mtcrypt.c
+index b416dc3..d74a07c 100644
+--- a/src/mtcrypt.c
+++ b/src/mtcrypt.c
+@@ -674,9 +674,11 @@ int main(int argc, const char **argv)
+ 	int ret;
+ 
+ 	if (stat("/etc/mtab", &sb) == 0 && (sb.st_mode & S_IWUGO) == 0)
+-		fprintf(stderr, "BIG FAT WARNING: This version of mount.crypt "
+-		        "does not support unmounting crypto volumes through "
+-		        "umount(8) on systems with read-only mtab yet.\n");
+		fprintf(stderr, "NOTE: mount.crypt does not support utab "
+		        "(systems with no mtab or read-only mtab) yet. This "
+		        "means that you will temporarily need to call "
+		        "umount.crypt(8) rather than umount(8) to get crypto "
+		        "volumes unmounted.\n");
+ 
+ 	ret = HX_init();
+ 	if (ret <= 0) {
+-- 
+# Created with git-export-patch
--- a/mount.encfs13
+++ b/mount.encfs13
@ -1,21 +0,0 @@
-#!/bin/bash
-
-CMD="${0##*/}"
-
-if [[ "$CMD" =~ "umount" ]]; then
-    if [ ! -x /usr/sbin/umount.encfs13 ]; then
-        logger -t "mount.encfs13" -p user.err -i "/usr/sbin/umount.encfs13: File not found."
-        exit 1
-    fi
-    /usr/sbin/umount.encfs13 "$@"
-elif [[ "$CMD" =~ "mount" ]]; then
-    if [ ! -x /usr/sbin/mount.encfs13 ]; then
-        logger -t "mount.encfs13" -p user.err -i "/usr/sbin/mount.encfs13: File not found."
-        exit 1
-    fi
-    /usr/sbin/mount.encfs13 "$@"
-else
-    logger -t "mount.encfs13" -p user.err -i "Unknown command: $0"
-    exit 1
-fi
-
--- a/pam_mount-2.10.tar.xz
+++ b/pam_mount-2.10.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e0241950ee4753e0110dba13a68b8f1dc3c059c45a253452cdb67584d60c361c
-size 284152
--- a/pam_mount-2.10.tar.xz.asc
+++ b/pam_mount-2.10.tar.xz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.16 (GNU/Linux)
-
-iEYEABECAAYFAk2ob4AACgkQ92gFgoRMQ2DhiwCcCyIQvBPY2vn6H8D+GEF0eor5
-jRoAn1gGHx2D1yDiU9oul2TqqUULbqqY
-=y9rO
-----END PGP SIGNATURE-----
--- a/pam_mount-2.11.tar.xz
+++ b/pam_mount-2.11.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:48e3048f6e28fb1c69dee6bdd7f60af8772fe5ddab135c9f6b543202e6dbec2d
+size 283960
--- a/pam_mount-2.11.tar.xz.asc
+++ b/pam_mount-2.11.tar.xz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.16 (GNU/Linux)
+
+iF4EABEIAAYFAk491X0ACgkQkb3j62iiDkWT5AD9FbCohmRy/Yz7T45XDYQw69/a
+RmLWSrkE4x3b4F47/XsA/3EuH9OFL+xecizdjVqTrKn/G8j6MWtEeG+usxXNUIhf
+=PYPR
+-----END PGP SIGNATURE-----
--- a/pam_mount.changes
+++ b/pam_mount.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Wed Aug 10 11:00:29 UTC 2011 - jengelh@medozas.de
+
+- Add commit 2f8daad from upstream - call umount.crypt directly
+  from pam_mount.so while mount.crypt is having no support for
+  utab (bnc#671276); also add commit eb20a26 for better wording of
+  this situation.
+
+-------------------------------------------------------------------
+Sun Aug  7 00:09:17 UTC 2011 - jengelh@medozas.de
+
+- Update to new upstream release 2.11
+* Allow specifying CIFS/NCP/NFS <volume>s without a
+  "server" attribute (this allows AD integration via pam_winbind)
+* Added a handful of diagnostics to umount.crypt to determine
+  failure to find vfsmounts
+* Use /run directory for our variadic data
+* pmt-ehd: Exclusively create LUKS partitions from now on
+
 -------------------------------------------------------------------
 Fri Apr 15 11:21:08 UTC 2011 - jengelh@medozas.de

--- a/pam_mount.spec
+++ b/pam_mount.spec
@ -15,8 +15,6 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

-# norootforbuild
-

 Name:           pam_mount
 BuildRequires:  perl-XML-Parser perl-XML-Writer
@ -27,7 +25,7 @@ BuildRequires:  libcryptsetup-devel >= 1.1.2
 Requires:       device-mapper >= 1.02.48
 BuildRequires:  linux-kernel-headers >= 2.6
 Summary:        A PAM Module that can Mount Volumes for a User Session
-Version:        2.10
+Version:        2.11
 Release:        1
 # for fd0ssh and ofl:
 Suggests:       hxtools >= 20090116
@ -38,13 +36,14 @@ License:        LGPLv2.1+
 Group:          System/Libraries
 Source:         %name-%version.tar.xz
 Source9:        %name-%version.tar.xz.asc
-BuildRequires:  xz
+BuildRequires:  man, xz
 Source1:        convert_pam_mount_conf.pl
 Source2:        convert_keyhash.pl
 Source3:        mount.crypt
-Source4:        mount.encfs13
 Source5:        baselibs.conf
 Patch1:         pam_mount-0.47-enable-logout-kill.dif
+Patch2:		eb20a26-utab-explain.diff
+Patch3:		2f8daad-call-umount-crypt-directly.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://pam-mount.sf.net/
 Requires(post):	coreutils, perl-XML-Writer, perl-XML-Parser
@ -60,11 +59,13 @@ volumes are set up properly because often they need more than just a
 mount call, such as encrypted volumes. This includes SMB/CIFS, FUSE,
 dm-crypt and LUKS.

-
+Author(s):
+----------
+	Jan Engelhardt

 %prep
 %setup -q
-%patch1 -p1
+%patch -P 1 -P 2 -P 3 -p1

 %build
 %configure --with-slibdir=/%_lib %{?_with_selinux:--with-selinux}
@ -81,15 +82,11 @@ install -m 755 %SOURCE1 %buildroot/%_docdir/%name/examples/
 install -m 755 %SOURCE2 %buildroot/%_docdir/%name/examples/
 #
 # move /sbin/mount.crypt to %_sbindir/mount.crypt and put a wrapper script to /sbin/mount.crypt
-# The same for mount.encfs13
 #
 mkdir -p %buildroot%_sbindir/
 mv %buildroot/sbin/mount.crypt %buildroot%_sbindir/
-mv %buildroot/sbin/mount.encfs13 %buildroot%_sbindir/
 ln -s %_sbindir/mount.crypt %buildroot%_sbindir/umount.crypt
-ln -s %_sbindir/mount.encfs13 %buildroot%_sbindir/umount.encfs13
 install -m755 %SOURCE3 %buildroot/sbin/
-install -m755 %SOURCE4 %buildroot/sbin/

 %post
 if [ -e etc/security/pam_mount.conf ]
@ -116,11 +113,8 @@ fi
 /%_lib/security/pam_mount*.so
 /sbin/mount.crypt*
 /sbin/umount.crypt*
-/sbin/mount.encfs13
 %_sbindir/mount.crypt
 %_sbindir/umount.crypt
-%_sbindir/mount.encfs13
-%_sbindir/umount.encfs13
 %_sbindir/pmvarrun
 %_sbindir/pmt-ehd
 %config(noreplace) %_sysconfdir/security/pam_mount.conf.xml