Accepting request 78444 from Linux-PAM

- Add commit 2f8daad from upstream - call umount.crypt directly from pam_mount.so while mount.crypt is having no support for utab (bnc#671276); also add commit eb20a26 for better wording of this situation. - Update to new upstream release 2.11 * Allow specifying CIFS/NCP/NFS <volume>s without a "server" attribute (this allows AD integration via pam_winbind) * Added a handful of diagnostics to umount.crypt to determine failure to find vfsmounts * Use /run directory for our variadic data * pmt-ehd: Exclusively create LUKS partitions from now on OBS-URL: https://build.opensuse.org/request/show/78444 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_mount?expand=0&rev=49
2011-08-11 08:16:36 +00:00 · 2011-08-11 08:16:36 +00:00 · ec9f6406d4
commit ec9f6406d4
parent 8976d7d386 80b9da29c3
9 changed files with 109 additions and 45 deletions
--- a/2f8daad-call-umount-crypt-directly.diff
+++ b/2f8daad-call-umount-crypt-directly.diff
@ -0,0 +1,41 @@
 parent eb20a2681362520a9728038a9ff3bdbba58eb1cb (v2.11-1-geb20a26)
 commit 2f8daad6ee71bade802f78e5072410e46bfd74c1
 Author: Jan Engelhardt <jengelh@medozas.de>
 Date:   Wed Aug 10 12:48:49 2011 +0200
 config: default to calling umount.crypt directly
 As long as utab (no mtab or ro mtab) is not supported, at least try to
 get the user's volumes unmounted on logout.
 ---
 doc/changelog.txt |    1 +
 src/rdconf1.c     |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)
 diff --git a/doc/changelog.txt b/doc/changelog.txt
 index d14828f..d99e52f 100644
 --- a/doc/changelog.txt
 +++ b/doc/changelog.txt
@@ -3,6 +3,7 @@ For details, see the history as recorded in the git repository.
 HEAD
 ====
 +config: default to calling umount.crypt directly
 v2.11 (2011-08-07)
 diff --git a/src/rdconf1.c b/src/rdconf1.c
 index 37b465c..e64df06 100644
 --- a/src/rdconf1.c
 +++ b/src/rdconf1.c
@@ -1367,7 +1367,7 @@ static const struct pmt_command default_command[] = {
 	{CMD_NFSMOUNT,    "nfs4"},
 	{CMD_LCLMOUNT,    NULL,    {"mount", "-p0", "%(if %(OPTIONS),-o%(OPTIONS))", "-t%(FSTYPE)", "%(VOLUME)", "%(MNTPT)", NULL}},
 	{CMD_CRYPTMOUNT,  "crypt", {"mount", "-t", "crypt", "%(if %(CIPHER),-ocipher=%(CIPHER))", "%(if %(FSKEYCIPHER),-ofsk_cipher=%(FSKEYCIPHER))", "%(if %(FSKEYHASH),-ofsk_hash=%(FSKEYHASH))", "%(if %(FSKEYPATH),-okeyfile=%(FSKEYPATH))", "%(if %(OPTIONS),-o%(OPTIONS))", "%(VOLUME)", "%(MNTPT)", NULL}},
 -	{CMD_CRYPTUMOUNT, "crypt", {"umount", "%(MNTPT)", NULL}},
 +	{CMD_CRYPTUMOUNT, "crypt", {"umount.crypt", "%(MNTPT)", NULL}},
 	{CMD_UMOUNT,     NULL,     {"umount", "%(MNTPT)", NULL}},
 	{CMD_FSCK,       NULL,     {"fsck", "-p", "%(FSCKTARGET)", NULL}},
 	{CMD_PMVARRUN,   NULL,     {"pmvarrun", "-u", "%(USER)", "-o", "%(OPERATION)", NULL}},
 -- 
 # Created with git-export-patch
--- a/eb20a26-utab-explain.diff
+++ b/eb20a26-utab-explain.diff
@ -0,0 +1,31 @@
 parent ebeca48d6740cc18dcb4bac15f19b5808c67ae72 (v2.11)
 commit eb20a2681362520a9728038a9ff3bdbba58eb1cb
 Author: Jan Engelhardt <jengelh@medozas.de>
 Date:   Wed Aug 10 12:48:44 2011 +0200
 mount.crypt: clarify situation about current absence of utab support
 ---
 src/mtcrypt.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)
 diff --git a/src/mtcrypt.c b/src/mtcrypt.c
 index b416dc3..d74a07c 100644
 --- a/src/mtcrypt.c
 +++ b/src/mtcrypt.c
@@ -674,9 +674,11 @@ int main(int argc, const char **argv)
 	int ret;
 	if (stat("/etc/mtab", &sb) == 0 && (sb.st_mode & S_IWUGO) == 0)
 -		fprintf(stderr, "BIG FAT WARNING: This version of mount.crypt "
 -		        "does not support unmounting crypto volumes through "
 -		        "umount(8) on systems with read-only mtab yet.\n");
 +		fprintf(stderr, "NOTE: mount.crypt does not support utab "
 +		        "(systems with no mtab or read-only mtab) yet. This "
 +		        "means that you will temporarily need to call "
 +		        "umount.crypt(8) rather than umount(8) to get crypto "
 +		        "volumes unmounted.\n");
 	ret = HX_init();
 	if (ret <= 0) {
 -- 
 # Created with git-export-patch
--- a/mount.encfs13
+++ b/mount.encfs13
@ -1,21 +0,0 @@
 #!/bin/bash
 CMD="${0##*/}"
 if [[ "$CMD" =~ "umount" ]]; then
    if [ ! -x /usr/sbin/umount.encfs13 ]; then
        logger -t "mount.encfs13" -p user.err -i "/usr/sbin/umount.encfs13: File not found."
        exit 1
    fi
    /usr/sbin/umount.encfs13 "$@"
 elif [[ "$CMD" =~ "mount" ]]; then
    if [ ! -x /usr/sbin/mount.encfs13 ]; then
        logger -t "mount.encfs13" -p user.err -i "/usr/sbin/mount.encfs13: File not found."
        exit 1
    fi
    /usr/sbin/mount.encfs13 "$@"
 else
    logger -t "mount.encfs13" -p user.err -i "Unknown command: $0"
    exit 1
 fi
--- a/pam_mount-2.10.tar.xz
+++ b/pam_mount-2.10.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e0241950ee4753e0110dba13a68b8f1dc3c059c45a253452cdb67584d60c361c
 size 284152
--- a/pam_mount-2.10.tar.xz.asc
+++ b/pam_mount-2.10.tar.xz.asc
@ -1,7 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.16 (GNU/Linux)
 iEYEABECAAYFAk2ob4AACgkQ92gFgoRMQ2DhiwCcCyIQvBPY2vn6H8D+GEF0eor5
 jRoAn1gGHx2D1yDiU9oul2TqqUULbqqY
 =y9rO
 -----END PGP SIGNATURE-----
--- a/pam_mount-2.11.tar.xz
+++ b/pam_mount-2.11.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:48e3048f6e28fb1c69dee6bdd7f60af8772fe5ddab135c9f6b543202e6dbec2d
 size 283960
--- a/pam_mount-2.11.tar.xz.asc
+++ b/pam_mount-2.11.tar.xz.asc
@ -0,0 +1,7 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.16 (GNU/Linux)
 iF4EABEIAAYFAk491X0ACgkQkb3j62iiDkWT5AD9FbCohmRy/Yz7T45XDYQw69/a
 RmLWSrkE4x3b4F47/XsA/3EuH9OFL+xecizdjVqTrKn/G8j6MWtEeG+usxXNUIhf
 =PYPR
 -----END PGP SIGNATURE-----
--- a/pam_mount.changes
+++ b/pam_mount.changes
@ -1,3 +1,22 @@
 -------------------------------------------------------------------
 Wed Aug 10 11:00:29 UTC 2011 - jengelh@medozas.de
 - Add commit 2f8daad from upstream - call umount.crypt directly
  from pam_mount.so while mount.crypt is having no support for
  utab (bnc#671276); also add commit eb20a26 for better wording of
  this situation.
 -------------------------------------------------------------------
 Sun Aug  7 00:09:17 UTC 2011 - jengelh@medozas.de
 - Update to new upstream release 2.11
 * Allow specifying CIFS/NCP/NFS <volume>s without a
  "server" attribute (this allows AD integration via pam_winbind)
 * Added a handful of diagnostics to umount.crypt to determine
  failure to find vfsmounts
 * Use /run directory for our variadic data
 * pmt-ehd: Exclusively create LUKS partitions from now on
 -------------------------------------------------------------------
 Fri Apr 15 11:21:08 UTC 2011 - jengelh@medozas.de
--- a/pam_mount.spec
+++ b/pam_mount.spec
@ -15,8 +15,6 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 # norootforbuild
 Name:           pam_mount
 BuildRequires:  perl-XML-Parser perl-XML-Writer
@ -27,7 +25,7 @@ BuildRequires:  libcryptsetup-devel >= 1.1.2
 Requires:       device-mapper >= 1.02.48
 BuildRequires:  linux-kernel-headers >= 2.6
 Summary:        A PAM Module that can Mount Volumes for a User Session
-Version:        2.10
+Version:        2.11
 Release:        1
 # for fd0ssh and ofl:
 Suggests:       hxtools >= 20090116
@ -38,13 +36,14 @@ License:        LGPLv2.1+
 Group:          System/Libraries
 Source:         %name-%version.tar.xz
 Source9:        %name-%version.tar.xz.asc
-BuildRequires:  xz
+BuildRequires:  man, xz
 Source1:        convert_pam_mount_conf.pl
 Source2:        convert_keyhash.pl
 Source3:        mount.crypt
 Source4:        mount.encfs13
 Source5:        baselibs.conf
 Patch1:         pam_mount-0.47-enable-logout-kill.dif
 Patch2:		eb20a26-utab-explain.diff
 Patch3:		2f8daad-call-umount-crypt-directly.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://pam-mount.sf.net/
 Requires(post):	coreutils, perl-XML-Writer, perl-XML-Parser
@ -60,11 +59,13 @@ volumes are set up properly because often they need more than just a
 mount call, such as encrypted volumes. This includes SMB/CIFS, FUSE,
 dm-crypt and LUKS.
-
+Author(s):
 ----------
 	Jan Engelhardt
 %prep
 %setup -q
-%patch1 -p1
+%patch -P 1 -P 2 -P 3 -p1
 %build
 %configure --with-slibdir=/%_lib %{?_with_selinux:--with-selinux}
@ -81,15 +82,11 @@ install -m 755 %SOURCE1 %buildroot/%_docdir/%name/examples/
 install -m 755 %SOURCE2 %buildroot/%_docdir/%name/examples/
 #
 # move /sbin/mount.crypt to %_sbindir/mount.crypt and put a wrapper script to /sbin/mount.crypt
 # The same for mount.encfs13
 #
 mkdir -p %buildroot%_sbindir/
 mv %buildroot/sbin/mount.crypt %buildroot%_sbindir/
 mv %buildroot/sbin/mount.encfs13 %buildroot%_sbindir/
 ln -s %_sbindir/mount.crypt %buildroot%_sbindir/umount.crypt
 ln -s %_sbindir/mount.encfs13 %buildroot%_sbindir/umount.encfs13
 install -m755 %SOURCE3 %buildroot/sbin/
 install -m755 %SOURCE4 %buildroot/sbin/
 %post
 if [ -e etc/security/pam_mount.conf ]
@ -116,11 +113,8 @@ fi
 /%_lib/security/pam_mount*.so
 /sbin/mount.crypt*
 /sbin/umount.crypt*
 /sbin/mount.encfs13
 %_sbindir/mount.crypt
 %_sbindir/umount.crypt
 %_sbindir/mount.encfs13
 %_sbindir/umount.encfs13
 %_sbindir/pmvarrun
 %_sbindir/pmt-ehd
 %config(noreplace) %_sysconfdir/security/pam_mount.conf.xml