Annotation of embedaddon/sudo/sudo.pp, revision 1.1.1.1
1.1 misho 1: %set
2: if test -n "$flavor"; then
3: name="sudo-$flavor"
4: pp_kit_package="sudo_$flavor"
5: else
6: name="sudo"
7: pp_kit_package="sudo"
8: fi
9: summary="Provide limited super-user privileges to specific users"
10: description="Sudo is a program designed to allow a sysadmin to give \
11: limited root privileges to users and log root activity. \
12: The basic philosophy is to give as few privileges as possible but \
13: still allow people to get their work done."
14: vendor="Todd C. Miller"
15: copyright="(c) 1993-1996,1998-2011 Todd C. Miller"
16:
17: %if [aix]
18: # AIX package summary is limited to 40 characters
19: summary="Configurable super-user privileges"
20:
21: # Convert to 4 part version for AIX, including patch level
22: pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
23: %endif
24:
25: %if [kit]
26: # Strip off patchlevel for kit which only supports xyz versions
27: pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
28: pp_kit_name="TCM"
29: %endif
30:
31: %if [sd]
32: pp_sd_vendor_tag="TCM"
33: %endif
34:
35: %if [solaris]
36: pp_solaris_name="TCM${name}"
37: pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
38: %endif
39:
40: %if [rpm,deb]
41: # Convert patch level into release and remove from version
42: pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
43: pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
44: pp_rpm_license="BSD"
45: pp_rpm_url="http://www.sudo.ws/"
46: pp_rpm_group="Applications/System"
47: pp_rpm_packager="Todd.Miller@courtesan.com"
48: if test -n "$linux_audit"; then
49: pp_rpm_requires="audit-libs >= $linux_audit"
50: fi
51:
52: pp_deb_maintainer="$pp_rpm_packager"
53: pp_deb_release="$pp_rpm_release"
54: pp_deb_version="$pp_rpm_version"
55: %else
56: # For all but RPM and Debian we need to install sudoers with a different
57: # name and make a copy of it if there is no existing file.
58: mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
59: %endif
60:
61: %if [rpm]
62: # Add distro info to release
63: osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
64: case "$pp_rpm_distro" in
65: centos*|rhel*)
66: pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
67: ;;
68: sles*)
69: pp_rpm_release="$pp_rpm_release.sles$osrelease"
70: ;;
71: esac
72:
73: # Uncomment some Defaults in sudoers
74: # Note that the order must match that of sudoers.
75: case "$pp_rpm_distro" in
76: centos*|rhel*)
77: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
78: /Locale settings/+1,s/^# //
79: /Desktop path settings/+1,s/^# //
80: w
81: q
82: EOF
83: ;;
84: sles*)
85: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
86: /Locale settings/+1,s/^# //
87: /ConsoleKit session/+1,s/^# //
88: /allow any user to run sudo if they know the password/+2,s/^# //
89: /allow any user to run sudo if they know the password/+3,s/^# //
90: w
91: q
92: EOF
93: ;;
94: esac
95:
96: # For RedHat the doc dir is expected to include version and release
97: case "$pp_rpm_distro" in
98: centos*|rhel*)
99: mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
100: docdir=${docdir}-${version}-${pp_rpm_release}
101: ;;
102: esac
103:
104: # Choose the correct PAM file by distro, must be tab indented for "<<-"
105: case "$pp_rpm_distro" in
106: centos*|rhel*)
107: mkdir -p ${pp_destdir}/etc/pam.d
108: if test $osrelease -lt 50; then
109: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
110: #%PAM-1.0
111: auth required pam_stack.so service=system-auth
112: account required pam_stack.so service=system-auth
113: password required pam_stack.so service=system-auth
114: session required pam_limits.so
115: EOF
116: else
117: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
118: #%PAM-1.0
119: auth include system-auth
120: account include system-auth
121: password include system-auth
122: session optional pam_keyinit.so revoke
123: session required pam_limits.so
124: EOF
125: cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
126: #%PAM-1.0
127: auth include sudo
128: account include sudo
129: password include sudo
130: session optional pam_keyinit.so force revoke
131: session required pam_limits.so
132: EOF
133: fi
134: ;;
135: sles*)
136: mkdir -p ${pp_destdir}/etc/pam.d
137: if test $osrelease -lt 10; then
138: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
139: #%PAM-1.0
140: auth required pam_unix2.so
141: session required pam_limits.so
142: EOF
143: else
144: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
145: #%PAM-1.0
146: auth include common-auth
147: account include common-account
148: password include common-password
149: session include common-session
150: # session optional pam_xauth.so
151: EOF
152: fi
153: ;;
154: esac
155: %endif
156:
157: %if [deb]
158: # Uncomment some Defaults and the %sudo rule in sudoers
159: # Note that the order must match that of sudoers and be tab-indented.
160: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
161: /Locale settings/+1,s/^# //
162: /X11 resource/+1,s/^# //
163: /^# \%sudo/,s/^# //
164: w
165: q
166: EOF
167: mkdir -p ${pp_destdir}/etc/pam.d
168: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
169: #%PAM-1.0
170:
171: @include common-auth
172: @include common-account
173:
174: session required pam_permit.so
175: session required pam_limits.so
176: EOF
177: %endif
178:
179: # OS-level directories that should generally exist but might not.
180: extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
181: extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
182: test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
183: for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
184: while test "$dir" != "/"; do
185: osdirs="${osdirs}${osdirs+ }$dir/"
186: dir=`dirname $dir`
187: done
188: done
189: osdirs=`echo $osdirs | tr " " "\n" | sort -u`
190:
191: %files
192: $osdirs -
193: $bindir/sudo 4111 root:
194: $bindir/sudoedit 4111 root:
195: $sbindir/visudo 0111
196: $bindir/sudoreplay 0111
197: $includedir/sudo_plugin.h
198: $libexecdir/* optional
199: $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
200: $timedir/ 0700 root:
201: $docdir/
202: $docdir/*
203: $localedir/ optional
204: $localedir/** optional
205: /etc/pam.d/* volatile,optional
206: %if [rpm,deb]
207: $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
208: %else
209: $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
210: %endif
211:
212: %files [!aix]
213: $mandir/man*/*
214:
215: %files [aix]
216: # Some versions use catpages, some use manpages.
217: $mandir/cat*/* optional
218: $mandir/man*/* optional
219:
220: %post [!rpm,deb]
221: # Don't overwrite an existing sudoers file
222: sudoersdir=%{sudoersdir}
223: if test ! -r $sudoersdir/sudoers; then
224: cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
225: chmod %{sudoers_mode} $sudoersdir/sudoers
226: chown %{sudoers_uid} $sudoersdir/sudoers
227: chgrp %{sudoers_gid} $sudoersdir/sudoers
228: fi
229:
230: %post [deb]
231: # dpkg-deb does not maintain the mode on the sudoers file, and
232: # installs it 0640 when sudo requires 0440
233: chmod %{sudoers_mode} %{sudoersdir}/sudoers
234:
235: # create symlink to ease transition to new path for ldap config
236: # if old config file exists and new one doesn't
237: if test X"%{flavor}" = X"ldap" -a \
238: -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
239: ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
240: fi
241:
242: # Debian uses a sudo group in its default sudoers file
243: perl -e '
244: exit 0 if getgrnam("sudo");
245: $gid = 27; # default debian sudo gid
246: setgrent();
247: while (getgrgid($gid)) { $gid++; }
248: if ($gid != 27) {
249: print "On Debian we normally use gid 27 for \"sudo\".\n";
250: $gname = getgrgid(27);
251: print "However, on your system gid 27 is group \"$gname\".\n\n";
252: print "Would you like me to stop configuring sudo so that you can change this? [n] ";
253: $ans = <STDIN>;
254: if ($ans =~ /^[yY]/) {
255: print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
256: exit 1;
257: }
258: }
259: print "Creating group \"sudo\" with gid = $gid\n";
260: system("groupadd -g $gid sudo");
261: exit 0;
262: '
263:
264: %preun [deb]
265: # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
266: # it matches what we created in the postinstall script.
267: if test X"%{flavor}" = X"ldap" -a \
268: X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
269: rm -f /etc/sudo-ldap.conf
270: fi
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.pp CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo