Marcus Meissner
cf6621d369
- update to 1.8.8
- drop sudo-plugins-sudoers-sssd.patch (upstream)
* Removed a warning on PAM systems with stacked auth modules
where the first module on the stack does not succeed.
* Sudo, sudoreplay and visudo now support GNU-style long options.
* The -h (--host) option may now be used to specify a host name.
This is currently only used by the sudoers plugin in conjunction
with the -l (--list) option.
* Sudo's LDAP SASL support now works properly with Kerberos.
Previously, the SASL library was unable to locate the user's
credential cache.
* It is now possible to set the nproc resource limit to unlimited
via pam_limits on Linux (bug #565).
* New "pam_service" and "pam_login_service" sudoers options
that can be used to specify the PAM service name to use.
* New "pam_session" and "pam_setcred" sudoers options that
can be used to disable PAM session and credential support.
* The sudoers plugin now properly supports UIDs and GIDs
that are larger than 0x7fffffff on 32-bit platforms.
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group
Defaults entries would cause an internal error.
* If the "tty_tickets" sudoers option is enabled (the default),
but there is no tty present, sudo will now use a ticket file
based on the parent process ID. This makes it possible to support
the normal timeout behavior for the session.
* Fixed a problem running commands that change their process
group and then attempt to change the terminal settings when not
running the command in a pseudo-terminal. Previously, the process
would receive SIGTTOU since it was effectively a background
process. Sudo will now grant the child the controlling tty and
OBS-URL: https://build.opensuse.org/request/show/202594
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=63
151 lines
4.6 KiB
RPMSpec
151 lines
4.6 KiB
RPMSpec
#
|
|
# spec file for package sudo
|
|
#
|
|
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: sudo
|
|
Version: 1.8.8
|
|
Release: 0
|
|
Summary: Execute some commands as root
|
|
License: ISC
|
|
Group: System/Base
|
|
Url: http://www.sudo.ws/
|
|
Source0: http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
|
|
Source1: sudo.pamd
|
|
Source2: README.SUSE
|
|
Patch0: sudoers2ldif-env.patch
|
|
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
|
|
Patch1: sudo-sudoers.patch
|
|
# PATCH-FIX-UPSTREAM: fixes 64bit-portability-issue ./sssd.c:829; sent upstream
|
|
BuildRequires: audit-devel
|
|
BuildRequires: groff
|
|
BuildRequires: libselinux-devel
|
|
BuildRequires: libsss_sudo
|
|
BuildRequires: openldap2-devel
|
|
BuildRequires: pam-devel
|
|
Requires(pre): coreutils
|
|
Requires(pre): permissions
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
|
|
%description
|
|
Sudo is a command that allows users to execute some commands as root.
|
|
The /etc/sudoers file (edited with 'visudo') specifies which users have
|
|
access to sudo and which commands they can run. Sudo logs all its
|
|
activities to syslogd, so the system administrator can keep an eye on
|
|
things. Sudo asks for the password for initializing a check period of a
|
|
given time N (where N is defined at installation and is set to 5
|
|
minutes by default).
|
|
|
|
%package devel
|
|
Summary: Header files needed for sudo plugin development
|
|
Group: Development/Libraries/C and C++
|
|
|
|
%description devel
|
|
These header files are needed for building of sudo plugins.
|
|
|
|
%prep
|
|
%setup -q
|
|
%patch0 -p1
|
|
%patch1 -p1
|
|
|
|
%build
|
|
%ifarch s390 s390x %sparc
|
|
F_PIE=-fPIE
|
|
%else
|
|
F_PIE=-fpie
|
|
%endif
|
|
export CFLAGS="%{optflags} -Wall $F_PIE -DLDAP_DEPRECATED"
|
|
export LDFLAGS="-pie"
|
|
%configure \
|
|
--libexecdir=%{_libexecdir}/sudo \
|
|
--docdir=%{_docdir}/%{name} \
|
|
--with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
|
|
--with-pam \
|
|
--with-ldap \
|
|
--with-selinux \
|
|
--with-linux-audit \
|
|
--with-logfac=auth \
|
|
--with-insults \
|
|
--with-all-insults \
|
|
--with-ignore-dot \
|
|
--with-tty-tickets \
|
|
--enable-shell-sets-home \
|
|
--enable-warnings \
|
|
--with-sendmail=%{_sbindir}/sendmail \
|
|
--with-sudoers-mode=0440 \
|
|
--with-env-editor \
|
|
--without-secure-path \
|
|
--with-passprompt='%%p\x27s password:' \
|
|
--with-timedir=%{_localstatedir}/lib/sudo \
|
|
--with-sssd
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
%make_install
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
|
|
install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo
|
|
mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
|
|
rm -f %{buildroot}%{_bindir}/sudoedit
|
|
ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
|
|
install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
|
|
install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/
|
|
rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
|
|
rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
|
|
rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
|
|
rm -f %{buildroot}%{_libexecdir}/%{name}/sudoers.la
|
|
%find_lang %{name}
|
|
%find_lang sudoers
|
|
cat sudoers.lang >> %{name}.lang
|
|
|
|
%post
|
|
chmod 0440 %{_sysconfdir}/sudoers
|
|
%if 0%{?suse_version} <= 1130
|
|
%run_permissions
|
|
%else
|
|
%set_permissions /usr/bin/sudo
|
|
%endif
|
|
|
|
%verifyscript
|
|
%verify_permissions -e /usr/bin/sudo
|
|
|
|
%clean
|
|
rm -rf %{buildroot}
|
|
|
|
%files -f %{name}.lang
|
|
%defattr(-,root,root)
|
|
%doc %{_docdir}/%{name}
|
|
%doc %{_mandir}/man?/*
|
|
%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
|
|
%dir %{_sysconfdir}/sudoers.d
|
|
%config %{_sysconfdir}/pam.d/sudo
|
|
%attr(4755,root,root) %{_bindir}/sudo
|
|
%dir %{_sysconfdir}/openldap
|
|
%dir %{_sysconfdir}/openldap/schema
|
|
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema
|
|
%{_bindir}/sudoedit
|
|
%{_bindir}/sudoreplay
|
|
%{_sbindir}/visudo
|
|
%attr(0755,root,root) %{_sbindir}/sudoers2ldif
|
|
%{_libexecdir}/sudo
|
|
%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/sudo
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%{_includedir}/sudo_plugin.h
|
|
|
|
%changelog
|