pool/sudo
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 597150 from home:kstreitova:branches:Base:System

Browse Source 
- integrate pam_keyinit pam module [bsc#1081947]
  * add sudo-i.pamd PAM configuration file and install it as
    /etc/pam.d/sudo-i
  * add "session optional pam_keyinit.so revoke" to sudo.pamd and
    "session optional pam_keyinit.so force revoke" to sudo-i.pamd
  * add "--with-pam-login" build option to enable specific PAM
    session for "sudo -i"
- make pam configuration files (noreplace)
- reorganize Sources

OBS-URL: https://build.opensuse.org/request/show/597150
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=137
This commit is contained in:
Kristyna Streitova 2018-04-17 08:06:20 +00:00 committed by Git OBS Bridge
parent 3af71ea9da
commit b023d1651d
4 changed files with 36 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sudo-i.pamd Normal file
View File

@ -0,0 +1,7 @@
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session optional pam_keyinit.so force revoke
session include common-session
# session optional pam_xauth.so

13
sudo.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Mon Apr 16 15:18:12 UTC 2018 - kstreitova@suse.com
- integrate pam_keyinit pam module [bsc#1081947]
* add sudo-i.pamd PAM configuration file and install it as
/etc/pam.d/sudo-i
* add "session optional pam_keyinit.so revoke" to sudo.pamd and
"session optional pam_keyinit.so force revoke" to sudo-i.pamd
* add "--with-pam-login" build option to enable specific PAM
session for "sudo -i"
- make pam configuration files (noreplace)
- reorganize Sources
-------------------------------------------------------------------
Wed Apr 4 11:47:35 CEST 2018 - kukuk@suse.de

1
sudo.pamd
View File

@ -2,5 +2,6 @@
auth include common-auth
account include common-account
password include common-password
session optional pam_keyinit.so revoke
session include common-session
# session optional pam_xauth.so

26
sudo.spec
View File

@ -24,12 +24,13 @@ License: ISC
Group: System/Base
Url: https://www.sudo.ws/
Source0: https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
Source1: sudo.pamd
Source2: README.SUSE
Source3: fate_313276_test.sh
Source4: README_313276.test
Source5: https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
Source6: %{name}.keyring
Source1: https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
Source2: %{name}.keyring
Source3: sudo.pamd
Source4: sudo-i.pamd
Source5: README.SUSE
Source6: fate_313276_test.sh
Source7: README_313276.test
Patch0: sudoers2ldif-env.patch
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
Patch1: sudo-sudoers.patch
@ -88,6 +89,7 @@ export LDFLAGS="-pie"
--with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
--enable-tmpfiles.d=%{_tmpfilesdir} \
--with-pam \
--with-pam-login \
--with-ldap \
--with-selinux \
--with-linux-audit \
@ -109,13 +111,14 @@ make %{?_smp_mflags}
%install
%make_install install_uid=`id -u` install_gid=`id -g`
install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sudo
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/sudo-i
mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
rm -f %{buildroot}%{_bindir}/sudoedit
ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/
install -m 644 %{SOURCE5} %{buildroot}%{_docdir}/%{name}/
rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
@ -126,8 +129,8 @@ rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
cat sudoers.lang >> %{name}.lang
# tests
install -d -m 755 %{buildroot}%{_localstatedir}/lib/tests/sudo
install -m 755 %{SOURCE3} %{buildroot}%{_localstatedir}/lib/tests/sudo
install -m 755 %{SOURCE4} %{buildroot}%{_localstatedir}/lib/tests/sudo
install -m 755 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/tests/sudo
install -m 755 %{SOURCE7} %{buildroot}%{_localstatedir}/lib/tests/sudo
install -d %{buildroot}%{_docdir}/%{name}-test
install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE %{buildroot}%{_docdir}/%{name}-test/LICENSE
rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
@ -158,7 +161,8 @@ chmod 0440 %{_sysconfdir}/sudoers
%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
%dir %{_sysconfdir}/sudoers.d
%config %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
%attr(4755,root,root) %{_bindir}/sudo
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema