From 488d867f619a7ddf6ad4d1f224fd50f52ba3d5e17bc125ea9ac0769e231febe7 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@suse.com>
Date: Fri, 19 Jan 2024 11:24:46 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=290

---
 pam.spec | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/pam.spec b/pam.spec
index 23bbc86..a0249b5 100644
--- a/pam.spec
+++ b/pam.spec
@@ -151,12 +151,11 @@ username/password pair against values stored in a Berkeley DB database.
 %package -n pam-extra
 Summary:        PAM module with extended dependencies
 Group:          System/Libraries
-#BuildRequires:  pkgconfig(systemd)
+#BuildRequires:  pkgconfig(systemd) 
 # The systemd-mini package does not pass configure checks
 BuildRequires:  systemd-devel >= 254
 BuildRequires:  pam-devel
 Provides:	pam:%{_sbindir}/pam_timestamp_check
-Provides:       pam:%{_sbindir}/pam_namespace_helper
 
 %description -n pam-extra
 PAM (Pluggable Authentication Modules) is a system security tool that
@@ -302,6 +301,8 @@ rm -f %{buildroot}%{_libdir}/security/pam_canonicalize_user.so
 %make_install -C doc
 # XXX remove for now until we have a security review, see above
 rm -f %{buildroot}%{_mandir}/man8/pam_canonicalize_user.8*
+# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript
+install -d %{buildroot}%{_pam_secconfdir}/namespace.d
 # install other.pamd and common-*.pamd
 install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other
 install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth
@@ -336,7 +337,7 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
 # /run/motd.d
 install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
 
-mkdir -p %{buildroot}%{_pam_secdistconfdir}/limits.d
+mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d}
 mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment
 
 # Remove manual pages for main package
@@ -349,10 +350,9 @@ echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
 %endif
 
 %if !%{build_main}
-rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir}/{environment,pam.d},%{_sbindir}/{f*,m*,pw*,u*}}
-rm -rf %{buildroot}{%{_pam_secdistconfdir}/{a,f,g,l,p,s,t}*.conf,%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
+rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
 rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}}
-rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,no,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
+rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
 %else
 # Delete files for extra package
 rm -rf  %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check}
@@ -419,7 +419,10 @@ done
 %{_pam_secdistconfdir}/sepermit.conf
 %endif
 %{_pam_secdistconfdir}/time.conf
+%{_pam_secdistconfdir}/namespace.conf
+%{_pam_secdistconfdir}/namespace.init
 %{_pam_secdistconfdir}/pwhistory.conf
+%dir %{_pam_secdistconfdir}/namespace.d
 %{_libdir}/libpam.so.0
 %{_libdir}/libpam.so.%{libpam_so_version}
 %{_libdir}/libpamc.so.0
@@ -448,6 +451,7 @@ done
 %{_pam_moduledir}/pam_mail.so
 %{_pam_moduledir}/pam_mkhomedir.so
 %{_pam_moduledir}/pam_motd.so
+%{_pam_moduledir}/pam_namespace.so
 %{_pam_moduledir}/pam_nologin.so
 %{_pam_moduledir}/pam_permit.so
 %{_pam_moduledir}/pam_pwhistory.so
@@ -472,10 +476,12 @@ done
 %{_pam_moduledir}/pam_xauth.so
 %{_sbindir}/faillock
 %{_sbindir}/mkhomedir_helper
+%{_sbindir}/pam_namespace_helper
 %{_sbindir}/pwhistory_helper
 %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
 %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd
 %attr(0700,root,root) %{_sbindir}/unix_update
+%{_unitdir}/pam_namespace.service
 %{_tmpfilesdir}/pam.conf
 
 %files devel
@@ -500,13 +506,8 @@ done
 %files -n pam-extra
 %defattr(-,root,root,755)
 %{_pam_moduledir}/pam_issue.so
-%{_pam_moduledir}/pam_namespace.so
 %{_pam_moduledir}/pam_timestamp.so
-%{_sbindir}/pam_namespace_helper
 %{_sbindir}/pam_timestamp_check
-%{_pam_secdistconfdir}/namespace.conf
-%{_pam_secdistconfdir}/namespace.init
-%{_unitdir}/pam_namespace.service
 %endif
 
 %if %{build_doc}