2007-01-16 00:38:14 +01:00
|
|
|
#
|
2011-03-23 13:45:03 +01:00
|
|
|
# spec file for package sudo
|
2007-01-16 00:38:14 +01:00
|
|
|
#
|
2020-02-07 17:27:51 +01:00
|
|
|
# Copyright (c) 2020 SUSE LLC
|
2007-01-16 00:38:14 +01:00
|
|
|
#
|
2008-08-07 12:00:06 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-11-20 15:30:18 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-16 00:38:14 +01:00
|
|
|
#
|
|
|
|
|
|
2012-01-31 13:34:31 +01:00
|
|
|
|
2019-12-12 10:24:53 +01:00
|
|
|
%if ! %{defined _distconfdir}
|
|
|
|
|
%define _distconfdir %{_sysconfdir}
|
|
|
|
|
%else
|
|
|
|
|
%define use_usretc 1
|
|
|
|
|
%endif
|
2007-01-16 00:38:14 +01:00
|
|
|
Name: sudo
|
2020-07-27 11:19:24 +02:00
|
|
|
Version: 1.9.2
|
2012-01-04 18:06:35 +01:00
|
|
|
Release: 0
|
2007-01-16 00:38:14 +01:00
|
|
|
Summary: Execute some commands as root
|
2012-12-03 15:39:41 +01:00
|
|
|
License: ISC
|
2011-03-23 13:45:03 +01:00
|
|
|
Group: System/Base
|
2018-09-18 14:51:45 +02:00
|
|
|
URL: https://www.sudo.ws/
|
2020-05-18 22:53:40 +02:00
|
|
|
Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
|
|
|
|
|
Source1: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz.sig
|
2018-04-17 10:06:20 +02:00
|
|
|
Source2: %{name}.keyring
|
|
|
|
|
Source3: sudo.pamd
|
|
|
|
|
Source4: sudo-i.pamd
|
|
|
|
|
Source5: README.SUSE
|
|
|
|
|
Source6: fate_313276_test.sh
|
|
|
|
|
Source7: README_313276.test
|
2013-07-02 18:37:53 +02:00
|
|
|
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
|
2018-05-03 10:02:38 +02:00
|
|
|
Patch0: sudo-sudoers.patch
|
2011-03-23 13:45:03 +01:00
|
|
|
BuildRequires: audit-devel
|
2016-05-21 12:08:11 +02:00
|
|
|
BuildRequires: cyrus-sasl-devel
|
2012-10-26 17:57:42 +02:00
|
|
|
BuildRequires: groff
|
2011-03-23 13:45:03 +01:00
|
|
|
BuildRequires: libselinux-devel
|
|
|
|
|
BuildRequires: openldap2-devel
|
|
|
|
|
BuildRequires: pam-devel
|
2020-04-17 18:51:00 +02:00
|
|
|
BuildRequires: python3-devel
|
2015-08-14 12:55:19 +02:00
|
|
|
BuildRequires: systemd-rpm-macros
|
2015-07-23 10:10:43 +02:00
|
|
|
BuildRequires: zlib-devel
|
2011-10-24 13:08:52 +02:00
|
|
|
Requires(pre): coreutils
|
|
|
|
|
Requires(pre): permissions
|
2020-07-01 23:57:29 +02:00
|
|
|
Recommends: sudo-plugin-python
|
2007-01-16 00:38:14 +01:00
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Sudo is a command that allows users to execute some commands as root.
|
2015-11-06 13:38:32 +01:00
|
|
|
The %{_sysconfdir}/sudoers file (edited with 'visudo') specifies which users have
|
2007-01-16 00:38:14 +01:00
|
|
|
access to sudo and which commands they can run. Sudo logs all its
|
|
|
|
|
activities to syslogd, so the system administrator can keep an eye on
|
|
|
|
|
things. Sudo asks for the password for initializing a check period of a
|
|
|
|
|
given time N (where N is defined at installation and is set to 5
|
|
|
|
|
minutes by default).
|
|
|
|
|
|
2020-07-01 23:57:29 +02:00
|
|
|
%package plugin-python
|
|
|
|
|
Summary: Plugin API for python
|
|
|
|
|
Group: System/Base
|
|
|
|
|
Requires: %{name} = %{version}
|
|
|
|
|
|
|
|
|
|
%description plugin-python
|
|
|
|
|
This package contains the sudo plugin which allows to write sudo plugins
|
|
|
|
|
in python. The API closely follows the C sudo plugin API described by
|
|
|
|
|
sudo_plugin(5).
|
|
|
|
|
|
2011-03-23 13:45:03 +01:00
|
|
|
%package devel
|
|
|
|
|
Summary: Header files needed for sudo plugin development
|
|
|
|
|
Group: Development/Libraries/C and C++
|
2014-10-16 08:00:36 +02:00
|
|
|
Requires: %{name} = %{version}
|
2007-01-16 00:38:14 +01:00
|
|
|
|
2011-03-23 13:45:03 +01:00
|
|
|
%description devel
|
|
|
|
|
These header files are needed for building of sudo plugins.
|
2007-01-16 00:38:14 +01:00
|
|
|
|
2014-02-02 19:13:19 +01:00
|
|
|
%package test
|
|
|
|
|
Summary: Tests for the package
|
2016-03-21 11:14:29 +01:00
|
|
|
Group: Development/Tools/Other
|
2014-02-02 19:13:19 +01:00
|
|
|
Requires: %{name} = %{version}
|
|
|
|
|
|
|
|
|
|
%description test
|
|
|
|
|
Tests for fate#313276
|
|
|
|
|
|
2007-01-16 00:38:14 +01:00
|
|
|
%prep
|
|
|
|
|
%setup -q
|
2015-11-06 13:38:32 +01:00
|
|
|
%patch0 -p1
|
2007-01-16 00:38:14 +01:00
|
|
|
|
|
|
|
|
%build
|
Accepting request 568794 from home:avindra
- Update to 1.8.22
* Commands run in the background from a script run via sudo will
no longer receive SIGHUP when the parent exits and I/O logging
is enabled
* A particularly offensive insult is now disabled by default
* The description of sudo -i now correctly documents that the
env_keep and env_check sudoers options are applied to the
environment
* Fixed a crash when the system's host name is not set
* The sudoers2ldif script now handles #include and #includedir
directives.
* Fixed a bug where sudo would silently exit when the command
was not allowed by sudoers and the passwd_tries sudoers option
was set to a value less than one.
* Fixed a bug with the listpw and verifypw sudoers options and
multiple sudoers sources. If the option is set to all a
password should be required unless none of a user's sudoers
entries from any source require authentication.
* Fixed a bug with the listpw and verifypw sudoers options in
the LDAP and SSSD back-ends. If the option is set to any and
the entry contained multiple rules, only the first matching
rule was checked. If an entry contained more than one matching
rule and the first rule required authentication but a
subsequent rule did not, sudo would prompt for a password when
it should not have.
* When running a command as the invoking user (not root), sudo
would execute the command with the same group vector it was
started with. Sudo now executes the command with a new group
vector based on the group database which is consistent with how
su(1) operates.
* Fixed a double free in the SSSD back-end that could occur when
ipa_hostname is present in sssd.conf and is set to an unqualified
host name.
* When I/O logging is enabled, sudo will now write to the terminal
even when it is a background process. Previously, sudo would only
write to the tty when it was the foreground process when I/O
logging was enabled. If the TOSTOP terminal flag is set, sudo
will suspend the command (and then itself) with the SIGTTOU signal.
* A new authfail_message sudoers option that overrides the default
N incorrect password attempt(s).
* An empty sudoRunAsUser attribute in the LDAP and SSSD backends
will now match the invoking user. This is more consistent with
how an empty runas user in the sudoers file is treated.
* Documented that in check mode, visudo does not check the owner /
mode on files specified with the -f flag
* It is now an error to specify the runas user as an empty string
on the command line. Previously, an empty runas user was treated
the same as an unspecified runas user
* When timestamp_type option is set to tty and a terminal is
present, the time stamp record will now include the start time
of the session leader. When the timestamp_type option is set
to ppid or when no terminal is available, the start time of the
parent process is used instead. This significantly reduces the
likelihood of a time stamp record being re-used when a user logs
out and back in again.
* The sudoers time stamp file format is now documented in the new
sudoers_timestamp manual.
* Visudo will now use the SUDO_EDITOR environment variable (if
present) in addition to VISUAL and EDITOR.
- rebase sudoers2ldif-env.patch
- cleanup with spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/568794
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=130
2018-01-24 12:27:07 +01:00
|
|
|
%ifarch s390 s390x %{sparc}
|
2007-01-16 00:38:14 +01:00
|
|
|
F_PIE=-fPIE
|
|
|
|
|
%else
|
|
|
|
|
F_PIE=-fpie
|
|
|
|
|
%endif
|
2011-03-23 13:45:03 +01:00
|
|
|
export CFLAGS="%{optflags} -Wall $F_PIE -DLDAP_DEPRECATED"
|
2007-07-27 02:11:20 +02:00
|
|
|
export LDFLAGS="-pie"
|
|
|
|
|
%configure \
|
|
|
|
|
--libexecdir=%{_libexecdir}/sudo \
|
2011-03-23 13:45:03 +01:00
|
|
|
--docdir=%{_docdir}/%{name} \
|
2007-07-27 02:11:20 +02:00
|
|
|
--with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
|
2015-08-14 12:55:19 +02:00
|
|
|
--enable-tmpfiles.d=%{_tmpfilesdir} \
|
2011-03-23 13:45:03 +01:00
|
|
|
--with-pam \
|
2018-04-17 10:06:20 +02:00
|
|
|
--with-pam-login \
|
2011-03-23 13:45:03 +01:00
|
|
|
--with-ldap \
|
2008-08-22 22:03:52 +02:00
|
|
|
--with-selinux \
|
2011-03-23 13:45:03 +01:00
|
|
|
--with-linux-audit \
|
2007-07-27 02:11:20 +02:00
|
|
|
--with-logfac=auth \
|
|
|
|
|
--with-all-insults \
|
|
|
|
|
--with-ignore-dot \
|
|
|
|
|
--with-tty-tickets \
|
|
|
|
|
--enable-shell-sets-home \
|
2011-03-23 13:45:03 +01:00
|
|
|
--enable-warnings \
|
2020-04-17 19:15:44 +02:00
|
|
|
--enable-python \
|
2011-03-23 13:45:03 +01:00
|
|
|
--with-sendmail=%{_sbindir}/sendmail \
|
2007-07-27 02:11:20 +02:00
|
|
|
--with-sudoers-mode=0440 \
|
|
|
|
|
--with-env-editor \
|
2007-08-15 20:37:18 +02:00
|
|
|
--without-secure-path \
|
2018-02-19 11:49:40 +01:00
|
|
|
--with-passprompt="[sudo] password for %%p: " \
|
2014-03-15 07:41:25 +01:00
|
|
|
--with-rundir=%{_localstatedir}/lib/sudo \
|
2015-11-06 13:38:32 +01:00
|
|
|
--with-sssd
|
2018-07-20 13:29:06 +02:00
|
|
|
# -B required to make every build give the same result - maybe from bad build deps in Makefiles?
|
2020-04-17 18:50:20 +02:00
|
|
|
%make_build -B
|
2007-01-16 00:38:14 +01:00
|
|
|
|
|
|
|
|
%install
|
2014-10-16 08:00:36 +02:00
|
|
|
%make_install install_uid=`id -u` install_gid=`id -g`
|
2019-12-12 10:24:53 +01:00
|
|
|
install -d -m 755 %{buildroot}%{_distconfdir}/pam.d
|
|
|
|
|
install -m 644 %{SOURCE3} %{buildroot}%{_distconfdir}/pam.d/sudo
|
|
|
|
|
install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/sudo-i
|
2011-03-23 13:45:03 +01:00
|
|
|
rm -f %{buildroot}%{_bindir}/sudoedit
|
|
|
|
|
ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
|
|
|
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
|
|
|
|
|
install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
|
2018-04-17 10:06:20 +02:00
|
|
|
install -m 644 %{SOURCE5} %{buildroot}%{_docdir}/%{name}/
|
2011-03-23 13:45:03 +01:00
|
|
|
rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
|
|
|
|
|
rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
|
|
|
|
|
rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
|
2017-12-11 15:43:16 +01:00
|
|
|
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
|
2014-10-16 08:00:36 +02:00
|
|
|
|
2011-10-13 15:29:20 +02:00
|
|
|
%find_lang %{name}
|
|
|
|
|
%find_lang sudoers
|
|
|
|
|
cat sudoers.lang >> %{name}.lang
|
2014-02-02 19:13:19 +01:00
|
|
|
# tests
|
2015-11-06 13:38:32 +01:00
|
|
|
install -d -m 755 %{buildroot}%{_localstatedir}/lib/tests/sudo
|
2018-04-17 10:06:20 +02:00
|
|
|
install -m 755 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/tests/sudo
|
|
|
|
|
install -m 755 %{SOURCE7} %{buildroot}%{_localstatedir}/lib/tests/sudo
|
2014-02-02 19:13:19 +01:00
|
|
|
install -d %{buildroot}%{_docdir}/%{name}-test
|
2014-05-15 19:33:09 +02:00
|
|
|
install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE
|
2018-04-09 11:41:40 +02:00
|
|
|
rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
|
2007-01-16 00:38:14 +01:00
|
|
|
|
2019-12-12 10:24:53 +01:00
|
|
|
%if %{defined use_usretc}
|
|
|
|
|
%pre
|
|
|
|
|
# move outdated pam.d/*.rpmsave files away
|
|
|
|
|
for i in sudo sudo-i ; do
|
2020-04-17 18:50:20 +02:00
|
|
|
test -f %{_sysconfdir}/pam.d/${i}.rpmsave && mv -v %{_sysconfdir}/pam.d/${i}.rpmsave %{_sysconfdir}/pam.d/${i}.rpmsave.old ||:
|
2019-12-12 10:24:53 +01:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
%posttrans
|
|
|
|
|
# Migration to /usr/etc.
|
|
|
|
|
for i in sudo sudo-i ; do
|
2020-04-17 18:50:20 +02:00
|
|
|
test -f %{_sysconfdir}/pam.d/${i}.rpmsave && mv -v %{_sysconfdir}/pam.d/${i}.rpmsave %{_sysconfdir}/pam.d/${i} ||:
|
2019-12-12 10:24:53 +01:00
|
|
|
done
|
|
|
|
|
%endif
|
|
|
|
|
|
2007-01-26 23:12:53 +01:00
|
|
|
%post
|
|
|
|
|
chmod 0440 %{_sysconfdir}/sudoers
|
2011-03-23 13:45:03 +01:00
|
|
|
%if 0%{?suse_version} <= 1130
|
|
|
|
|
%run_permissions
|
|
|
|
|
%else
|
2015-11-06 13:38:32 +01:00
|
|
|
%set_permissions %{_bindir}/sudo
|
2011-03-23 13:45:03 +01:00
|
|
|
%endif
|
2015-08-14 12:55:19 +02:00
|
|
|
%tmpfiles_create %{_tmpfilesdir}/sudo.conf
|
2011-03-23 13:45:03 +01:00
|
|
|
|
|
|
|
|
%verifyscript
|
2015-11-06 13:38:32 +01:00
|
|
|
%verify_permissions -e %{_bindir}/sudo
|
2007-01-26 23:12:53 +01:00
|
|
|
|
2011-10-13 15:29:20 +02:00
|
|
|
%files -f %{name}.lang
|
2018-04-09 11:41:40 +02:00
|
|
|
%license doc/LICENSE
|
2011-03-23 13:45:03 +01:00
|
|
|
%doc %{_docdir}/%{name}
|
2018-09-18 14:51:45 +02:00
|
|
|
%{_mandir}/man1/cvtsudoers.1%{?ext_man}
|
|
|
|
|
%{_mandir}/man5/sudoers.5%{?ext_man}
|
|
|
|
|
%{_mandir}/man5/sudo.conf.5%{?ext_man}
|
|
|
|
|
%{_mandir}/man5/sudoers.ldap.5%{?ext_man}
|
|
|
|
|
%{_mandir}/man5/sudoers_timestamp.5%{?ext_man}
|
|
|
|
|
%{_mandir}/man8/sudo.8%{?ext_man}
|
|
|
|
|
%{_mandir}/man8/sudoedit.8%{?ext_man}
|
|
|
|
|
%{_mandir}/man8/sudoreplay.8%{?ext_man}
|
|
|
|
|
%{_mandir}/man8/visudo.8%{?ext_man}
|
2020-04-17 18:50:20 +02:00
|
|
|
%{_mandir}/man5/sudo_logsrv.proto.5%{?ext_man}
|
|
|
|
|
%{_mandir}/man5/sudo_logsrvd.conf.5%{?ext_man}
|
|
|
|
|
%{_mandir}/man8/sudo_logsrvd.8%{?ext_man}
|
|
|
|
|
%{_mandir}/man8/sudo_sendlog.8%{?ext_man}
|
2014-10-16 08:00:36 +02:00
|
|
|
|
2007-07-27 02:11:20 +02:00
|
|
|
%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
|
2011-03-23 13:45:03 +01:00
|
|
|
%dir %{_sysconfdir}/sudoers.d
|
2020-04-17 19:15:44 +02:00
|
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
|
|
|
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
|
2019-12-12 10:24:53 +01:00
|
|
|
%if %{defined use_usretc}
|
|
|
|
|
%{_distconfdir}/pam.d/sudo
|
|
|
|
|
%{_distconfdir}/pam.d/sudo-i
|
|
|
|
|
%else
|
2018-04-17 10:06:20 +02:00
|
|
|
%config(noreplace) %{_sysconfdir}/pam.d/sudo
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
|
2019-12-12 10:24:53 +01:00
|
|
|
%endif
|
2007-01-16 00:38:14 +01:00
|
|
|
%attr(4755,root,root) %{_bindir}/sudo
|
2011-01-28 12:22:22 +01:00
|
|
|
%dir %{_sysconfdir}/openldap
|
|
|
|
|
%dir %{_sysconfdir}/openldap/schema
|
|
|
|
|
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema
|
2007-01-16 00:38:14 +01:00
|
|
|
%{_bindir}/sudoedit
|
2011-03-23 13:45:03 +01:00
|
|
|
%{_bindir}/sudoreplay
|
2018-05-03 10:02:38 +02:00
|
|
|
%{_bindir}/cvtsudoers
|
2011-03-23 13:45:03 +01:00
|
|
|
%{_sbindir}/visudo
|
2020-04-17 18:50:20 +02:00
|
|
|
%{_sbindir}/sudo_logsrvd
|
|
|
|
|
%{_sbindir}/sudo_sendlog
|
2014-10-16 08:00:36 +02:00
|
|
|
%dir %{_libexecdir}/%{name}
|
|
|
|
|
%{_libexecdir}/%{name}/sesh
|
|
|
|
|
%{_libexecdir}/%{name}/sudo_noexec.so
|
2019-10-28 11:04:59 +01:00
|
|
|
%dir %{_libexecdir}/%{name}/%{name}
|
|
|
|
|
%{_libexecdir}/%{name}/%{name}/sudoers.so
|
|
|
|
|
%{_libexecdir}/%{name}/%{name}/group_file.so
|
|
|
|
|
%{_libexecdir}/%{name}/%{name}/system_group.so
|
2020-04-17 18:50:20 +02:00
|
|
|
%{_libexecdir}/%{name}/%{name}/audit_json.so
|
|
|
|
|
%{_libexecdir}/%{name}/%{name}/sample_approval.so
|
2014-10-16 08:00:36 +02:00
|
|
|
%{_libexecdir}/%{name}/libsudo_util.so.*
|
2018-09-21 11:55:59 +02:00
|
|
|
%attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
|
|
|
|
|
%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts
|
2017-01-05 10:56:38 +01:00
|
|
|
%dir %{_tmpfilesdir}
|
2015-08-14 12:55:19 +02:00
|
|
|
%{_tmpfilesdir}/sudo.conf
|
2011-03-23 13:45:03 +01:00
|
|
|
|
2020-07-01 23:57:29 +02:00
|
|
|
%files plugin-python
|
|
|
|
|
%{_mandir}/man8/sudo_plugin_python.8%{?ext_man}
|
|
|
|
|
%{_libexecdir}/%{name}/%{name}/python_plugin.so
|
|
|
|
|
|
2011-03-23 13:45:03 +01:00
|
|
|
%files devel
|
2014-10-16 08:00:36 +02:00
|
|
|
%doc plugins/sample/sample_plugin.c
|
2011-03-23 13:45:03 +01:00
|
|
|
%{_includedir}/sudo_plugin.h
|
2018-09-18 14:51:45 +02:00
|
|
|
%{_mandir}/man8/sudo_plugin.8%{?ext_man}
|
2014-10-16 08:00:36 +02:00
|
|
|
%attr(0644,root,root) %{_libexecdir}/%{name}/libsudo_util.so
|
2019-10-28 11:04:59 +01:00
|
|
|
%{_libexecdir}/%{name}/sudo/*.la
|
2014-10-16 08:00:36 +02:00
|
|
|
%{_libexecdir}/%{name}/*.la
|
2007-12-06 01:36:36 +01:00
|
|
|
|
2014-02-02 19:13:19 +01:00
|
|
|
%files test
|
2015-11-06 13:38:32 +01:00
|
|
|
%{_localstatedir}/lib/tests
|
2014-02-02 19:13:19 +01:00
|
|
|
%{_docdir}/%{name}-test/
|
|
|
|
|
|
2007-07-18 23:01:14 +02:00
|
|
|
%changelog
|
