302 lines
11 KiB
RPMSpec
302 lines
11 KiB
RPMSpec
#
|
|
# spec file for package pam_mount (Version 0.47)
|
|
#
|
|
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
|
|
Name: pam_mount
|
|
BuildRequires: libHX-devel libxml2-devel lzma openssl-devel pam-devel perl-XML-Writer pkg-config
|
|
BuildRequires: linux-kernel-headers
|
|
Summary: A PAM Module that can Mount Volumes for a User Session
|
|
Version: 0.47
|
|
Release: 12
|
|
# psmisc: /bin/fuser
|
|
Recommends: cifs-mount psmisc
|
|
Recommends: cryptsetup
|
|
Requires: util-linux
|
|
License: LGPL v2.1 or later
|
|
Prefix: /usr
|
|
Group: System/Libraries
|
|
Source: %{name}-%{version}.tar.lzma
|
|
Patch1: pam_mount-0.45-umount-home-dir.dif
|
|
Patch2: pam_mount-0.47-fix-decrypt-key.dif
|
|
Patch3: pam_mount-0.47-fix-replace-options.dif
|
|
Patch4: pam_mount-0.47-fix-deny_ok.dif
|
|
Patch5: pam_mount-0.47-remove-lsof-convert.dif
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
Url: http://pam-mount.sourceforge.net/
|
|
PreReq: coreutils, perl-XML-Writer
|
|
|
|
%description
|
|
This module is aimed at environments with SMB (Samba or Windows NT) or
|
|
NCP (Netware or Mars-NWE) servers that Unix users wish to access
|
|
transparently. It facilitates access to private volumes of these types.
|
|
This module also supports mounting home directories using loopback
|
|
encrypted filesystems. The module was originally written for use on the
|
|
Linux operating system but has since been modified to work on several
|
|
flavors of BSD.
|
|
|
|
o Every user can access their own volumes
|
|
|
|
o The user only needs to type the password once (at login)
|
|
|
|
o The mounting process is transparent to the user
|
|
|
|
o There is no need to keep the login passwords in any additional files
|
|
|
|
o The volumes are unmounted on logout, so it saves system resources,
|
|
avoiding the need to list every possibly useful remote volume in
|
|
/etc/fstab or in an automount/supermount config file. This is also
|
|
necessary for securing encrypted filesystems.
|
|
|
|
Pam_mount "understands" SMB, NCP, and any type of filesystem that can
|
|
be mounted using the standard mount command. If someone has a
|
|
particular need for a different filesystem, feel free to ask me to
|
|
include it and send me patches.
|
|
|
|
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch1
|
|
%patch2
|
|
%patch3
|
|
%patch4
|
|
%patch5
|
|
|
|
%build
|
|
%{suse_update_config -f}
|
|
autoreconf --verbose --force --install
|
|
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" ./configure \
|
|
--prefix=%{_prefix} --with-slibdir=/%{_lib} --mandir=%{_mandir} \
|
|
--sysconfdir=%{_sysconfdir}
|
|
make
|
|
|
|
%install
|
|
make install DESTDIR=${RPM_BUILD_ROOT}
|
|
# Remove static and libtool version
|
|
rm -f ${RPM_BUILD_ROOT}/%{_lib}/security/pam_mount.{a,la}
|
|
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/security
|
|
# remove mount_ehd, it's only for OpenBSD
|
|
rm $RPM_BUILD_ROOT%{_prefix}/bin/mount_ehd
|
|
rm $RPM_BUILD_ROOT%{_mandir}/man8/mount_ehd.8
|
|
#install the docs
|
|
mkdir -p ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples
|
|
cp doc/bugs.txt doc/changelog.txt LICENSE* doc/faq.txt doc/todo.txt doc/options.txt doc/pam_mount.txt ${RPM_BUILD_ROOT}/%_docdir/%name/
|
|
install -m 755 scripts/convert_pam_mount_conf.pl ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples/
|
|
|
|
%post
|
|
if [ -e etc/security/pam_mount.conf ]
|
|
then
|
|
cp etc/security/pam_mount.conf.xml %_docdir/%{name}/examples/
|
|
%_docdir/%{name}/examples/convert_pam_mount_conf.pl \
|
|
-i etc/security/pam_mount.conf -o etc/security/pam_mount.conf.xml
|
|
fi
|
|
|
|
%clean
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
%files
|
|
%defattr(-, root, root)
|
|
%docdir %_docdir/%name
|
|
%_docdir/%name
|
|
/%{_lib}/security/pam_mount*.so
|
|
%{_prefix}/bin/mkehd
|
|
%{_prefix}/bin/autoehd
|
|
%{_prefix}/bin/passwdehd
|
|
%{_prefix}/bin/pmt-fd0ssh
|
|
%{_prefix}/bin/pmt-ofl
|
|
/sbin/mount.crypt
|
|
/sbin/umount.crypt
|
|
/sbin/mount.encfs13
|
|
%{_sbindir}/pmvarrun
|
|
%config(noreplace) %{_sysconfdir}/security/pam_mount.conf.xml
|
|
%doc %{_mandir}/man1/mkehd.1.gz
|
|
%doc %{_mandir}/man1/pmt-fd0ssh.1.gz
|
|
%doc %{_mandir}/man5/pam_mount.conf.5.gz
|
|
%doc %{_mandir}/man8/autoehd.8.gz
|
|
%doc %{_mandir}/man8/mount.crypt.8.gz
|
|
%doc %{_mandir}/man8/pam_mount.8.gz
|
|
%doc %{_mandir}/man8/passwdehd.8.gz
|
|
%doc %{_mandir}/man8/pmvarrun.8.gz
|
|
%doc %{_mandir}/man8/umount.crypt.8.gz
|
|
|
|
%changelog
|
|
* Tue Nov 04 2008 mc@suse.de
|
|
- fix failing convert script. (bnc#438842)
|
|
* Mon Oct 27 2008 mc@suse.de
|
|
- remove lsof callback from convert script. lsof is not needed
|
|
in this version of pam_mount. (bnc#438842)
|
|
* Tue Oct 14 2008 mc@suse.de
|
|
- fix checking deny options
|
|
* Mon Oct 13 2008 mc@suse.de
|
|
- replace also options which are specified in a volume
|
|
(bnc#433845)
|
|
* Thu Sep 25 2008 mc@suse.de
|
|
- fix reading the key from harddisk.
|
|
- using losteup command directly (bnc#427343)
|
|
* Fri Sep 05 2008 mc@suse.de
|
|
- version 0.47
|
|
- mount.crypt: add missing null command to conform to sh syntax
|
|
(SF bug #2089446)
|
|
- conf: fix printing of strings when luser volume options were not ok
|
|
- conf: re-add luserconf security checks
|
|
- add support for encfs 1.3.x (1.4.x already has been in for long)
|
|
- conf: add the "noroot" attribute for <volume> to force mounting with
|
|
the unprivileged user account (required for FUSE filesystems)
|
|
- replace fixed-size buffers and arrays with dynamic ones (complete)
|
|
(obsolets pam_mount-0.45-bump-max-par.diff)
|
|
* Mon Sep 01 2008 mc@suse.de
|
|
- version 0.45
|
|
* fix double-freeing the authentication token
|
|
* use ofl instead of lsof/fuser
|
|
* kill-on-logout support (terminate processes that would stand in the
|
|
way of unmounting)
|
|
(remove suse patch which supports this)
|
|
* mount.crypt: auto-detect necessity for running losetup
|
|
* Mon Aug 18 2008 mc@suse.de
|
|
- version 0.44
|
|
- mount.crypt: fix option slurping
|
|
- properly handle simple sgrp config items
|
|
- src: correct error check in run_lsof()
|
|
- conf: check that slash follows home tilde
|
|
- conf: wildcard inadvertently matched root sometimes
|
|
* Mon Aug 11 2008 mc@suse.de
|
|
- version 0.43
|
|
- remove davfs support
|
|
- pass fsck definition from pam_mount.conf.xml to mount.crypt
|
|
- document pam_mount.conf.xml defaults
|
|
- do not call fsck from within pam_mount for encrypted devices,
|
|
let mount.crypt do it
|
|
* Mon Jun 23 2008 mc@suse.de
|
|
- version 0.41
|
|
- add missing pgrp/sgrp attribute handling for simple user control
|
|
- mount.crypt: handle arbitrary argument order
|
|
- correct extended sgrp handling
|
|
- manpages: add missing description for <fsck>, and reorder <path>
|
|
- the documentation in pam_mount.conf.xml has been reworked and
|
|
split off into pam_mount.conf(5).
|
|
- extensive user selection for <volume> (revised)
|
|
- case-insensitive matching for user, pgrp, sgrp
|
|
- fixed segfault when more than one volume was defined
|
|
- extended user selection for <volume>
|
|
- fix an unwanted inversion for handling <options allow=" (nonempty) ">
|
|
- store per-volume option list in ordered form --
|
|
essentially fixes the problem of "user" (implies noeexec)
|
|
overriding "exec"
|
|
- fix null pointer deref (from new UID/GID range support)
|
|
- mount.crypt uses normal sleep from coreutils again
|
|
- truecrypt 5.x is not supported because the truecrypt CLI component
|
|
that pam_mount requires was removed
|
|
- <volume> tag in pam_mount.conf.xml supports UID and GID ranges now
|
|
- fix HAVE_LIBCRYPTO regression;
|
|
crypto was always disabled even if openssl present
|
|
- remove pam_mount-0.35-fix-configure.dif (is upstream now)
|
|
* Tue Apr 22 2008 mc@suse.de
|
|
- use upstream fix for bnc#381292
|
|
* Fri Apr 18 2008 mc@suse.de
|
|
- fix configure (bnc#381292)
|
|
* Thu Apr 10 2008 ro@suse.de
|
|
- added baselibs.conf file to build xxbit packages
|
|
for multilib support
|
|
* Mon Apr 07 2008 mc@suse.de
|
|
- update to version 0.35
|
|
- mount.crypt: fix loop device detection
|
|
- mount.crypt: wait for dm devices to show up
|
|
- fixed: mount flag and value were one argument
|
|
- pmvarrun: support unprivileged mode
|
|
- Support for SSH keyboard-interactive authenticated volumes
|
|
- documentation updates
|
|
* Wed Apr 02 2008 mc@suse.de
|
|
- update to version 0.32
|
|
- notify about unknown options in /etc/pam.d/*
|
|
- support "debug" option for pam_mount in /etc/pam.d/*
|
|
- mount.crypt: detect loop devices by major number
|
|
- Fixed parsing of old-style pam_mount.conf with spaces in group names,
|
|
copy-and-paste typos and a missing return value. Added workaround for
|
|
CIFS volumes within NFS mounts with "root_squash" option.
|
|
- allow --keyfile to be used for non-LUKS too
|
|
- luksClose is the same as Remove (in umount.crypt)
|
|
- convert "local" fstype entries from old configuration format correctly.
|
|
- fixed parsing of old pam_mount.conf with spaces in group names
|
|
- fixed: When no volumes were to be mounted, return value
|
|
was not PAM_SUCCESS.
|
|
* Mon Oct 08 2007 mc@suse.de
|
|
- update to version 0.29
|
|
* pam_mount switched to an XML configuration.
|
|
* added truecrypt support
|
|
* add an "invert" attribute
|
|
* split group matching into multiple attributes
|
|
* properly detect loop64 support
|
|
* NT domain placeholders
|
|
* Implement the "soft_try_pass" option
|
|
* add "nullok" option
|
|
* --keyfile option added to mount.crypt
|
|
* Fri Sep 21 2007 mc@suse.de
|
|
- remove the loopdevice for the image too
|
|
[#326802]
|
|
* Thu Sep 20 2007 mc@suse.de
|
|
- add required dependencies [#326802]
|
|
* Wed Apr 04 2007 crivera@suse.de
|
|
- Don't package mount_ehd, it's only for
|
|
OpenBSD. Fixes 256214.
|
|
* Thu Mar 29 2007 mc@suse.de
|
|
- add zlib-devel to BuildRequires
|
|
* Tue Mar 13 2007 mc@suse.de
|
|
- fix reference counting of pmvarrun app
|
|
[#252243]
|
|
* Tue Jan 23 2007 mc@suse.de
|
|
- fix umount encrypted homedirectories
|
|
[#237793]
|
|
* Thu Jan 18 2007 mc@suse.de
|
|
- disable debug
|
|
- increase MAX_PAR to be able to read longer keys
|
|
* Fri Jan 12 2007 mc@suse.de
|
|
- add patch to kill all remaining user processes before
|
|
unmounting crypted partition
|
|
(pam_mount-0.18-umount-home-dir.dif)
|
|
* Fri Dec 08 2006 dgollub@suse.de
|
|
- use UID of specified user for owner change of mount point
|
|
(pam_mount-chownuid-fix.diff)
|
|
* Tue Sep 12 2006 mc@suse.de
|
|
- Update to 0.18
|
|
* fixes memory corruptions, zero termination, segfaults
|
|
* A crash on x86_64 has been fixed. pam_mount now changes
|
|
to the root directory before attempting to (un)mount
|
|
* Mon Jul 31 2006 kukuk@suse.de
|
|
- Update to version 0.16
|
|
bugfix release
|
|
* Wed Jan 25 2006 mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Thu Dec 22 2005 varkoly@suse.de
|
|
- Update to version 0.10.0
|
|
* Mon Dec 19 2005 ro@suse.de
|
|
- added symlinks to package
|
|
* Mon Jul 11 2005 schubi@suse.de
|
|
- Update to version 0.9.25
|
|
* Mon Apr 11 2005 kukuk@suse.de
|
|
- Update to version 0.9.22 [Bug #65110]
|
|
* Fri Jan 16 2004 kukuk@suse.de
|
|
- Build as user
|
|
- Add pam-devel to neededforbuild
|
|
* Mon Jan 12 2004 kukuk@suse.de
|
|
- Update to version 0.9.9
|
|
* Mon Oct 27 2003 kukuk@suse.de
|
|
- Update to version 0.9.6 [Bug #32216]
|
|
* Wed May 28 2003 kukuk@suse.de
|
|
- Initial package
|