Annotation of embedaddon/sudo/sudo.pp, revision 1.1.1.3
1.1 misho 1: %set
2: if test -n "$flavor"; then
3: name="sudo-$flavor"
4: pp_kit_package="sudo_$flavor"
5: else
6: name="sudo"
7: pp_kit_package="sudo"
8: fi
9: summary="Provide limited super-user privileges to specific users"
10: description="Sudo is a program designed to allow a sysadmin to give \
11: limited root privileges to users and log root activity. \
12: The basic philosophy is to give as few privileges as possible but \
13: still allow people to get their work done."
14: vendor="Todd C. Miller"
1.1.1.2 misho 15: copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
1.1.1.3 ! misho 16: sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"`
! 17: sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`
1.1 misho 18:
19: %if [aix]
20: # AIX package summary is limited to 40 characters
21: summary="Configurable super-user privileges"
22:
23: # Convert to 4 part version for AIX, including patch level
24: pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
25: %endif
26:
27: %if [kit]
28: # Strip off patchlevel for kit which only supports xyz versions
29: pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
30: pp_kit_name="TCM"
31: %endif
32:
33: %if [sd]
34: pp_sd_vendor_tag="TCM"
35: %endif
36:
37: %if [solaris]
38: pp_solaris_name="TCM${name}"
39: pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
40: %endif
41:
42: %if [rpm,deb]
43: # Convert patch level into release and remove from version
44: pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
45: pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
46: pp_rpm_license="BSD"
47: pp_rpm_url="http://www.sudo.ws/"
48: pp_rpm_group="Applications/System"
1.1.1.3 ! misho 49: pp_rpm_packager="Todd C. Miller <Todd.Miller@courtesan.com>"
1.1 misho 50: if test -n "$linux_audit"; then
51: pp_rpm_requires="audit-libs >= $linux_audit"
52: fi
53: %else
54: # For all but RPM and Debian we need to install sudoers with a different
55: # name and make a copy of it if there is no existing file.
56: mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
57: %endif
58:
1.1.1.3 ! misho 59: %if [deb]
! 60: pp_deb_maintainer="$pp_rpm_packager"
! 61: pp_deb_release="$pp_rpm_release"
! 62: pp_deb_version="$pp_rpm_version"
! 63: pp_deb_section=admin
! 64: install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright
! 65: install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
! 66: gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
! 67: printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
! 68: chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
! 69: gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
! 70: # Create lintian override file
! 71: mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides
! 72: cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF
! 73: # The sudo binary must be setuid root
! 74: $name: setuid-binary usr/bin/sudo 4755 root/root
! 75: # Sudo configuration and data dirs must not be world-readable
! 76: $name: non-standard-file-perm etc/sudoers 0440 != 0644
! 77: $name: non-standard-dir-perm etc/sudoers.d/ 0750 != 0755
! 78: $name: non-standard-dir-perm var/lib/sudo/ 0700 != 0755
! 79: # Sudo ships with debugging symbols
! 80: $name: unstripped-binary-or-object
! 81: EOF
! 82: chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name}
! 83: %endif
! 84:
1.1 misho 85: %if [rpm]
86: # Add distro info to release
87: osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
88: case "$pp_rpm_distro" in
89: centos*|rhel*)
90: pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
91: ;;
92: sles*)
93: pp_rpm_release="$pp_rpm_release.sles$osrelease"
94: ;;
95: esac
96:
97: # Uncomment some Defaults in sudoers
98: # Note that the order must match that of sudoers.
99: case "$pp_rpm_distro" in
100: centos*|rhel*)
1.1.1.2 misho 101: chmod u+w ${pp_destdir}${sudoersdir}/sudoers
1.1 misho 102: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
103: /Locale settings/+1,s/^# //
104: /Desktop path settings/+1,s/^# //
105: w
106: q
107: EOF
1.1.1.2 misho 108: chmod u-w ${pp_destdir}${sudoersdir}/sudoers
1.1 misho 109: ;;
110: sles*)
1.1.1.2 misho 111: chmod u+w ${pp_destdir}${sudoersdir}/sudoers
1.1 misho 112: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
113: /Locale settings/+1,s/^# //
114: /ConsoleKit session/+1,s/^# //
115: /allow any user to run sudo if they know the password/+2,s/^# //
116: /allow any user to run sudo if they know the password/+3,s/^# //
117: w
118: q
119: EOF
1.1.1.2 misho 120: chmod u-w ${pp_destdir}${sudoersdir}/sudoers
1.1 misho 121: ;;
122: esac
123:
124: # For RedHat the doc dir is expected to include version and release
125: case "$pp_rpm_distro" in
126: centos*|rhel*)
127: mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
128: docdir=${docdir}-${version}-${pp_rpm_release}
129: ;;
130: esac
131:
132: # Choose the correct PAM file by distro, must be tab indented for "<<-"
133: case "$pp_rpm_distro" in
134: centos*|rhel*)
135: mkdir -p ${pp_destdir}/etc/pam.d
136: if test $osrelease -lt 50; then
137: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
138: #%PAM-1.0
139: auth required pam_stack.so service=system-auth
140: account required pam_stack.so service=system-auth
141: password required pam_stack.so service=system-auth
142: session required pam_limits.so
143: EOF
144: else
145: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
146: #%PAM-1.0
147: auth include system-auth
148: account include system-auth
149: password include system-auth
150: session optional pam_keyinit.so revoke
151: session required pam_limits.so
152: EOF
153: cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
154: #%PAM-1.0
155: auth include sudo
156: account include sudo
157: password include sudo
158: session optional pam_keyinit.so force revoke
159: session required pam_limits.so
160: EOF
161: fi
162: ;;
163: sles*)
164: mkdir -p ${pp_destdir}/etc/pam.d
165: if test $osrelease -lt 10; then
166: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
167: #%PAM-1.0
168: auth required pam_unix2.so
169: session required pam_limits.so
170: EOF
171: else
172: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
173: #%PAM-1.0
174: auth include common-auth
175: account include common-account
176: password include common-password
177: session include common-session
178: # session optional pam_xauth.so
179: EOF
180: fi
181: ;;
182: esac
183: %endif
184:
185: %if [deb]
186: # Uncomment some Defaults and the %sudo rule in sudoers
187: # Note that the order must match that of sudoers and be tab-indented.
1.1.1.2 misho 188: chmod u+w ${pp_destdir}${sudoersdir}/sudoers
1.1 misho 189: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
190: /Locale settings/+1,s/^# //
191: /X11 resource/+1,s/^# //
192: /^# \%sudo/,s/^# //
193: w
194: q
195: EOF
1.1.1.2 misho 196: chmod u-w ${pp_destdir}${sudoersdir}/sudoers
1.1 misho 197: mkdir -p ${pp_destdir}/etc/pam.d
198: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
199: #%PAM-1.0
200:
201: @include common-auth
202: @include common-account
203:
204: session required pam_permit.so
205: session required pam_limits.so
206: EOF
207: %endif
208:
1.1.1.2 misho 209: %if [macos]
210: pp_macos_pkg_type=flat
211: pp_macos_bundle_id=ws.sudo.pkg.sudo
212: pp_macos_pkg_license=doc/LICENSE
213: pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt
214: perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt
215: %endif
216:
1.1.1.3 ! misho 217: %if X"$aix_freeware" = X"true"
! 218: # Create links from /opt/freeware/{bin,sbin} -> /usr/{bin.sbin}
! 219: mkdir -p ${pp_destdir}/usr/bin ${pp_destdir}/usr/sbin
! 220: ln -s -f ${bindir}/sudo ${pp_destdir}/usr/bin
! 221: ln -s -f ${bindir}/sudoedit ${pp_destdir}/usr/bin
! 222: ln -s -f ${bindir}/sudoreplay ${pp_destdir}/usr/bin
! 223: ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin
! 224: %endif
! 225:
1.1 misho 226: # OS-level directories that should generally exist but might not.
227: extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
228: extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
1.1.1.3 ! misho 229: test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir"
1.1 misho 230: test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
231: for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
232: while test "$dir" != "/"; do
233: osdirs="${osdirs}${osdirs+ }$dir/"
234: dir=`dirname $dir`
235: done
236: done
237: osdirs=`echo $osdirs | tr " " "\n" | sort -u`
238:
1.1.1.3 ! misho 239: %depend [deb]
! 240: libc6, libpam0g, libpam-modules, zlib1g, libselinux1
! 241:
! 242: %fixup [deb]
! 243: # Add Conflicts, Replaces headers and add libldap depedency as needed.
! 244: if test -z "%{flavor}"; then
! 245: echo "Conflicts: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
! 246: echo "Replaces: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
! 247: elif test "%{flavor}" = "ldap"; then
! 248: echo "Conflicts: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
! 249: echo "Replaces: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
! 250: echo "Provides: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
! 251: cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$
! 252: sed 's/^\(Depends:.*\) *$/\1, libldap-2.4-2/' %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control
! 253: rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$
! 254: fi
! 255: echo "Homepage: http://www.sudo.ws/sudo/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
! 256: echo "Bugs: http://www.sudo.ws/bugs/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
! 257:
1.1 misho 258: %files
1.1.1.2 misho 259: $osdirs -
1.1.1.3 ! misho 260: $bindir/sudo 4755 root:
! 261: $bindir/sudoedit 0755 root: symlink sudo
! 262: $sbindir/visudo 0755
! 263: $bindir/sudoreplay 0755
! 264: $includedir/sudo_plugin.h 0644
! 265: $libexecdir/* $shlib_mode optional
1.1 misho 266: $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
267: $timedir/ 0700 root:
1.1.1.2 misho 268: $docdir/ 0755
1.1.1.3 ! misho 269: $docdir/sudoers2ldif 0755 optional,ignore-others
! 270: %if [deb]
! 271: $docdir/LICENSE ignore,ignore-others
! 272: $docdir/ChangeLog ignore,ignore-others
! 273: %endif
! 274: $docdir/* 0644
! 275: $localedir/*/ - optional
! 276: $localedir/*/LC_MESSAGES/ - optional
! 277: $localedir/*/LC_MESSAGES/* 0644 optional
! 278: /etc/pam.d/* 0644 volatile,optional
1.1 misho 279: %if [rpm,deb]
280: $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
281: %else
282: $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
283: %endif
1.1.1.3 ! misho 284: %if X"$aix_freeware" = X"true"
! 285: # Links for binaries from /opt/freeware to /usr
! 286: /usr/bin/sudo 0755 root: symlink $bindir/sudo
! 287: /usr/bin/sudoedit 0755 root: symlink $bindir/sudoedit
! 288: /usr/bin/sudoreplay 0755 root: symlink $bindir/sudoreplay
! 289: /usr/sbin/visudo 0755 root: symlink $sbindir/visudo
! 290: %endif
1.1 misho 291:
292: %files [!aix]
1.1.1.3 ! misho 293: $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target
! 294: $mandir/man*/* 0644
1.1 misho 295:
296: %files [aix]
297: # Some versions use catpages, some use manpages.
1.1.1.3 ! misho 298: $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target
! 299: $mandir/cat*/* 0644 optional
! 300: $mandir/man*/* 0644 optional
! 301:
! 302: %pre [aix]
! 303: if rpm -q %{name} >/dev/null 2>&1; then
! 304: echo "Another version of sudo is currently installed via rpm." 2>&1
! 305: echo "Please either uninstall the rpm version of sudo by running \"rpm -e sudo\"" 2>&1
! 306: echo "or upgrade the existing version of sudo using the .rpm packagae instead" 2>&1
! 307: echo "instead of the .bff package." 2>&1
! 308: echo "" 2>&1
! 309: echo "Note that you may need to pass rpm the --oldpackage flag when upgrading" 2>&1
! 310: echo "the AIX Toolbox version of sudo to the latest sudo rpm from sudo.ws." 2>&1
! 311: echo "" 2>&1
! 312: exit 1
! 313: fi
1.1 misho 314:
315: %post [!rpm,deb]
316: # Don't overwrite an existing sudoers file
1.1.1.2 misho 317: %if [solaris]
318: sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir}
319: %else
1.1 misho 320: sudoersdir=%{sudoersdir}
1.1.1.2 misho 321: %endif
1.1 misho 322: if test ! -r $sudoersdir/sudoers; then
323: cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
324: chmod %{sudoers_mode} $sudoersdir/sudoers
325: chown %{sudoers_uid} $sudoersdir/sudoers
326: chgrp %{sudoers_gid} $sudoersdir/sudoers
327: fi
328:
329: %post [deb]
1.1.1.3 ! misho 330: set -e
! 331:
1.1 misho 332: # dpkg-deb does not maintain the mode on the sudoers file, and
333: # installs it 0640 when sudo requires 0440
334: chmod %{sudoers_mode} %{sudoersdir}/sudoers
335:
336: # create symlink to ease transition to new path for ldap config
337: # if old config file exists and new one doesn't
338: if test X"%{flavor}" = X"ldap" -a \
339: -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
340: ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
341: fi
342:
343: # Debian uses a sudo group in its default sudoers file
344: perl -e '
345: exit 0 if getgrnam("sudo");
346: $gid = 27; # default debian sudo gid
347: setgrent();
348: while (getgrgid($gid)) { $gid++; }
349: if ($gid != 27) {
350: print "On Debian we normally use gid 27 for \"sudo\".\n";
351: $gname = getgrgid(27);
352: print "However, on your system gid 27 is group \"$gname\".\n\n";
353: print "Would you like me to stop configuring sudo so that you can change this? [n] ";
354: $ans = <STDIN>;
355: if ($ans =~ /^[yY]/) {
356: print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
357: exit 1;
358: }
359: }
360: print "Creating group \"sudo\" with gid = $gid\n";
361: system("groupadd -g $gid sudo");
362: exit 0;
363: '
364:
365: %preun [deb]
1.1.1.3 ! misho 366: set -e
! 367:
1.1 misho 368: # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
369: # it matches what we created in the postinstall script.
370: if test X"%{flavor}" = X"ldap" -a \
371: X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
372: rm -f /etc/sudo-ldap.conf
373: fi
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.pp CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo