337 lines
12 KiB
RPMSpec
337 lines
12 KiB
RPMSpec
#
|
|
# spec file for package pam_mount (Version 1.25)
|
|
#
|
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
|
|
Name: pam_mount
|
|
BuildRequires: perl-XML-Parser perl-XML-Writer
|
|
BuildRequires: libtool pam-devel >= 0.99 pkg-config >= 0.19
|
|
BuildRequires: libxml2-devel >= 2.6 openssl-devel >= 0.9.8
|
|
BuildRequires: libHX-devel >= 2.5
|
|
BuildRequires: linux-kernel-headers >= 2.6
|
|
Summary: A PAM Module that can Mount Volumes for a User Session
|
|
Version: 1.25
|
|
Release: 1
|
|
# psmisc: /bin/fuser
|
|
Recommends: cryptsetup
|
|
Recommends: cifs-mount xfsprogs
|
|
Requires: util-linux
|
|
License: LGPL v2.1 or later
|
|
Prefix: /usr
|
|
Group: System/Libraries
|
|
Source: %{name}-%{version}.tar.bz2
|
|
Source1: convert_pam_mount_conf.pl
|
|
Source2: convert_keyhash.pl
|
|
Source3: mount.crypt
|
|
Source4: mount.encfs13
|
|
Patch1: pam_mount-0.47-enable-logout-kill.dif
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
Url: http://pam-mount.sourceforge.net/
|
|
PreReq: coreutils, perl-XML-Writer, perl-XML-Parser
|
|
|
|
%description
|
|
This module is aimed at environments with central file servers that a
|
|
user wishes to mount on login and unmount on logout, such as
|
|
(semi-)diskless stations where many users can logon.
|
|
|
|
The module also supports mounting local filesystems of any kind the
|
|
normal mount utility supports, with extra code to make sure certain
|
|
volumes are set up properly because often they need more than just a
|
|
mount call, such as encrypted volumes. This includes SMB/CIFS, FUSE,
|
|
dm-crypt and LUKS.
|
|
|
|
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch1 -p1
|
|
|
|
%build
|
|
%{suse_update_config -f}
|
|
autoreconf --verbose --force --install
|
|
CFLAGS="$RPM_OPT_FLAGS "
|
|
%configure --disable-static --with-slibdir=/%{_lib} %{?_with_selinux:--with-selinux}
|
|
%{__make} %{?jobs:-j%jobs}
|
|
|
|
%install
|
|
make install DESTDIR=${RPM_BUILD_ROOT}
|
|
# Remove static and libtool version
|
|
rm -f ${RPM_BUILD_ROOT}/%{_lib}/security/pam_mount.{a,la}
|
|
#install the docs
|
|
mkdir -p ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples
|
|
cp doc/bugs.txt doc/changelog.txt LICENSE* doc/faq.txt doc/todo.txt doc/options.txt doc/pam_mount.txt ${RPM_BUILD_ROOT}/%_docdir/%name/
|
|
install -m 755 %{SOURCE1} ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples/
|
|
install -m 755 %{SOURCE2} ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples/
|
|
#
|
|
# move /sbin/mount.crypt to /usr/sbin/mount.crypt and put a wrapper script to /sbin/mount.crypt
|
|
# The same for mount.encfs13
|
|
#
|
|
mkdir -p ${RPM_BUILD_ROOT}/usr/sbin/
|
|
mv ${RPM_BUILD_ROOT}/sbin/mount.crypt ${RPM_BUILD_ROOT}/usr/sbin/
|
|
mv ${RPM_BUILD_ROOT}/sbin/mount.encfs13 ${RPM_BUILD_ROOT}/usr/sbin/
|
|
ln -s /usr/sbin/mount.crypt ${RPM_BUILD_ROOT}/usr/sbin/umount.crypt
|
|
ln -s /usr/sbin/mount.encfs13 ${RPM_BUILD_ROOT}/usr/sbin/umount.encfs13
|
|
install -m755 %{SOURCE3} ${RPM_BUILD_ROOT}/sbin/
|
|
install -m755 %{SOURCE4} ${RPM_BUILD_ROOT}/sbin/
|
|
|
|
%post
|
|
if [ -e etc/security/pam_mount.conf ]
|
|
then
|
|
cp etc/security/pam_mount.conf.xml %_docdir/%{name}/examples/
|
|
%_docdir/%{name}/examples/convert_pam_mount_conf.pl \
|
|
-i etc/security/pam_mount.conf -o etc/security/pam_mount.conf.xml
|
|
fi
|
|
if [ $1 -gt 1 ]
|
|
then
|
|
for v in `rpm -q --queryformat "%{VERSION} " %{name}`; do
|
|
if echo "$v" | grep -E "^0\." - ; then
|
|
%_docdir/%{name}/examples/convert_keyhash.pl \
|
|
-i etc/security/pam_mount.conf.xml
|
|
break;
|
|
fi
|
|
done
|
|
fi
|
|
|
|
%clean
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
%files
|
|
%defattr(-, root, root)
|
|
%docdir %_docdir/%name
|
|
%_docdir/%name
|
|
/%{_lib}/security/pam_mount*.so
|
|
%{_bindir}/pmt-fd0ssh
|
|
%{_bindir}/pmt-ofl
|
|
/sbin/mount.crypt*
|
|
/sbin/umount.crypt*
|
|
/sbin/mount.encfs13
|
|
%{_sbindir}/mount.crypt
|
|
%{_sbindir}/umount.crypt
|
|
%{_sbindir}/mount.encfs13
|
|
%{_sbindir}/umount.encfs13
|
|
%{_sbindir}/pmvarrun
|
|
%{_sbindir}/pmt-ehd
|
|
%config(noreplace) %{_sysconfdir}/security/pam_mount.conf.xml
|
|
%doc %{_mandir}/man1/pmt-fd0ssh.1.gz
|
|
%doc %{_mandir}/man5/pam_mount.conf.5.gz
|
|
%doc %{_mandir}/man8/*.8.gz
|
|
%if 0%{?_with_selinux:1}
|
|
%policy %_sysconfdir/selinux/strict/src/policy/macros/%{name}_macros.te
|
|
%policy %_sysconfdir/selinux/strict/src/policy/file_contexts/misc/%name.fc
|
|
%endif
|
|
|
|
%changelog
|
|
* Mon May 11 2009 mc@suse.de
|
|
- update to version 1.25
|
|
- fix splitting of "NTDOMAIN\username" strings
|
|
- config: broaden variable expansion to resolve a case where it
|
|
did not do expected expansion with AUFS
|
|
- mount.crypt: write options, not "defaults" to /etc/mtab
|
|
- mount.crypt: keysize truncation must happen later
|
|
- mount.crypt: pass -o ro/rw down to mount program
|
|
- mount.crypt: support for -o remount
|
|
- mount.crypt: support overriding keysize
|
|
- mount.crypt: must pass -s option to cryptsetup
|
|
- mount.crypt: add "Deprecated Mount options" section to manpage
|
|
- pam_mount: fix a double free that can happen when stale entries are in cmtab
|
|
- pam_mount: first-time overriding of mntoptions failed to work
|
|
- pmvarrun: do not segfault when no username is specified (corner-case)
|
|
- pmvarrun: recognize internal _PMT_DEBUG_LEVEL env var
|
|
- mtab: automatically ignore and remove stale entries from cmtab
|
|
- pam_mount: fix unexpected termination after pam_mount ran
|
|
- doc: list support contacts in man page
|
|
* Wed Feb 18 2009 mc@suse.de
|
|
- update to version 1.18
|
|
* lot of fixes and new Features.
|
|
see /usr/share/doc/packages/pam_mount/changelog.txt
|
|
for details
|
|
* Thu Jan 29 2009 crrodriguez@suse.de
|
|
- reduce buildRequires after libHX changes
|
|
* Mon Jan 12 2009 mc@suse.de
|
|
- fix <logout> feature (bnc#461333)
|
|
* enable automatic wait, term and kill. Required to terminate
|
|
pulseaudio
|
|
* add <logout> during convert to converted config
|
|
- remove passwdehd. (CVE-2008-5138) (bnc#465303)
|
|
does not work at all with new config format.
|
|
- recognize required and deny options for luserconf
|
|
(bnc#463524)
|
|
* Tue Nov 04 2008 mc@suse.de
|
|
- fix failing convert script. (bnc#438842)
|
|
* Mon Oct 27 2008 mc@suse.de
|
|
- remove lsof callback from convert script. lsof is not needed
|
|
in this version of pam_mount. (bnc#438842)
|
|
* Tue Oct 14 2008 mc@suse.de
|
|
- fix checking deny options
|
|
* Mon Oct 13 2008 mc@suse.de
|
|
- replace also options which are specified in a volume
|
|
(bnc#433845)
|
|
* Thu Sep 25 2008 mc@suse.de
|
|
- fix reading the key from harddisk.
|
|
- using losteup command directly (bnc#427343)
|
|
* Fri Sep 05 2008 mc@suse.de
|
|
- version 0.47
|
|
- mount.crypt: add missing null command to conform to sh syntax
|
|
(SF bug #2089446)
|
|
- conf: fix printing of strings when luser volume options were not ok
|
|
- conf: re-add luserconf security checks
|
|
- add support for encfs 1.3.x (1.4.x already has been in for long)
|
|
- conf: add the "noroot" attribute for <volume> to force mounting with
|
|
the unprivileged user account (required for FUSE filesystems)
|
|
- replace fixed-size buffers and arrays with dynamic ones (complete)
|
|
(obsolets pam_mount-0.45-bump-max-par.diff)
|
|
* Mon Sep 01 2008 mc@suse.de
|
|
- version 0.45
|
|
* fix double-freeing the authentication token
|
|
* use ofl instead of lsof/fuser
|
|
* kill-on-logout support (terminate processes that would stand in the
|
|
way of unmounting)
|
|
(remove suse patch which supports this)
|
|
* mount.crypt: auto-detect necessity for running losetup
|
|
* Mon Aug 18 2008 mc@suse.de
|
|
- version 0.44
|
|
- mount.crypt: fix option slurping
|
|
- properly handle simple sgrp config items
|
|
- src: correct error check in run_lsof()
|
|
- conf: check that slash follows home tilde
|
|
- conf: wildcard inadvertently matched root sometimes
|
|
* Mon Aug 11 2008 mc@suse.de
|
|
- version 0.43
|
|
- remove davfs support
|
|
- pass fsck definition from pam_mount.conf.xml to mount.crypt
|
|
- document pam_mount.conf.xml defaults
|
|
- do not call fsck from within pam_mount for encrypted devices,
|
|
let mount.crypt do it
|
|
* Mon Jun 23 2008 mc@suse.de
|
|
- version 0.41
|
|
- add missing pgrp/sgrp attribute handling for simple user control
|
|
- mount.crypt: handle arbitrary argument order
|
|
- correct extended sgrp handling
|
|
- manpages: add missing description for <fsck>, and reorder <path>
|
|
- the documentation in pam_mount.conf.xml has been reworked and
|
|
split off into pam_mount.conf(5).
|
|
- extensive user selection for <volume> (revised)
|
|
- case-insensitive matching for user, pgrp, sgrp
|
|
- fixed segfault when more than one volume was defined
|
|
- extended user selection for <volume>
|
|
- fix an unwanted inversion for handling <options allow=" (nonempty) ">
|
|
- store per-volume option list in ordered form --
|
|
essentially fixes the problem of "user" (implies noeexec)
|
|
overriding "exec"
|
|
- fix null pointer deref (from new UID/GID range support)
|
|
- mount.crypt uses normal sleep from coreutils again
|
|
- truecrypt 5.x is not supported because the truecrypt CLI component
|
|
that pam_mount requires was removed
|
|
- <volume> tag in pam_mount.conf.xml supports UID and GID ranges now
|
|
- fix HAVE_LIBCRYPTO regression;
|
|
crypto was always disabled even if openssl present
|
|
- remove pam_mount-0.35-fix-configure.dif (is upstream now)
|
|
* Tue Apr 22 2008 mc@suse.de
|
|
- use upstream fix for bnc#381292
|
|
* Fri Apr 18 2008 mc@suse.de
|
|
- fix configure (bnc#381292)
|
|
* Thu Apr 10 2008 ro@suse.de
|
|
- added baselibs.conf file to build xxbit packages
|
|
for multilib support
|
|
* Mon Apr 07 2008 mc@suse.de
|
|
- update to version 0.35
|
|
- mount.crypt: fix loop device detection
|
|
- mount.crypt: wait for dm devices to show up
|
|
- fixed: mount flag and value were one argument
|
|
- pmvarrun: support unprivileged mode
|
|
- Support for SSH keyboard-interactive authenticated volumes
|
|
- documentation updates
|
|
* Wed Apr 02 2008 mc@suse.de
|
|
- update to version 0.32
|
|
- notify about unknown options in /etc/pam.d/*
|
|
- support "debug" option for pam_mount in /etc/pam.d/*
|
|
- mount.crypt: detect loop devices by major number
|
|
- Fixed parsing of old-style pam_mount.conf with spaces in group names,
|
|
copy-and-paste typos and a missing return value. Added workaround for
|
|
CIFS volumes within NFS mounts with "root_squash" option.
|
|
- allow --keyfile to be used for non-LUKS too
|
|
- luksClose is the same as Remove (in umount.crypt)
|
|
- convert "local" fstype entries from old configuration format correctly.
|
|
- fixed parsing of old pam_mount.conf with spaces in group names
|
|
- fixed: When no volumes were to be mounted, return value
|
|
was not PAM_SUCCESS.
|
|
* Mon Oct 08 2007 mc@suse.de
|
|
- update to version 0.29
|
|
* pam_mount switched to an XML configuration.
|
|
* added truecrypt support
|
|
* add an "invert" attribute
|
|
* split group matching into multiple attributes
|
|
* properly detect loop64 support
|
|
* NT domain placeholders
|
|
* Implement the "soft_try_pass" option
|
|
* add "nullok" option
|
|
* --keyfile option added to mount.crypt
|
|
* Fri Sep 21 2007 mc@suse.de
|
|
- remove the loopdevice for the image too
|
|
[#326802]
|
|
* Thu Sep 20 2007 mc@suse.de
|
|
- add required dependencies [#326802]
|
|
* Wed Apr 04 2007 crivera@suse.de
|
|
- Don't package mount_ehd, it's only for
|
|
OpenBSD. Fixes 256214.
|
|
* Thu Mar 29 2007 mc@suse.de
|
|
- add zlib-devel to BuildRequires
|
|
* Tue Mar 13 2007 mc@suse.de
|
|
- fix reference counting of pmvarrun app
|
|
[#252243]
|
|
* Tue Jan 23 2007 mc@suse.de
|
|
- fix umount encrypted homedirectories
|
|
[#237793]
|
|
* Thu Jan 18 2007 mc@suse.de
|
|
- disable debug
|
|
- increase MAX_PAR to be able to read longer keys
|
|
* Fri Jan 12 2007 mc@suse.de
|
|
- add patch to kill all remaining user processes before
|
|
unmounting crypted partition
|
|
(pam_mount-0.18-umount-home-dir.dif)
|
|
* Fri Dec 08 2006 dgollub@suse.de
|
|
- use UID of specified user for owner change of mount point
|
|
(pam_mount-chownuid-fix.diff)
|
|
* Tue Sep 12 2006 mc@suse.de
|
|
- Update to 0.18
|
|
* fixes memory corruptions, zero termination, segfaults
|
|
* A crash on x86_64 has been fixed. pam_mount now changes
|
|
to the root directory before attempting to (un)mount
|
|
* Mon Jul 31 2006 kukuk@suse.de
|
|
- Update to version 0.16
|
|
bugfix release
|
|
* Wed Jan 25 2006 mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Thu Dec 22 2005 varkoly@suse.de
|
|
- Update to version 0.10.0
|
|
* Mon Dec 19 2005 ro@suse.de
|
|
- added symlinks to package
|
|
* Mon Jul 11 2005 schubi@suse.de
|
|
- Update to version 0.9.25
|
|
* Mon Apr 11 2005 kukuk@suse.de
|
|
- Update to version 0.9.22 [Bug #65110]
|
|
* Fri Jan 16 2004 kukuk@suse.de
|
|
- Build as user
|
|
- Add pam-devel to neededforbuild
|
|
* Mon Jan 12 2004 kukuk@suse.de
|
|
- Update to version 0.9.9
|
|
* Mon Oct 27 2003 kukuk@suse.de
|
|
- Update to version 0.9.6 [Bug #32216]
|
|
* Wed May 28 2003 kukuk@suse.de
|
|
- Initial package
|