[BACK]Return to sudo.pp CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / sudo.pp
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 16:23:02 2012 UTC (12 years, 4 months ago) by misho
Branches: sudo, MAIN
CVS tags: v1_8_3p2, HEAD
sudo

    1: %set
    2: 	if test -n "$flavor"; then
    3: 		name="sudo-$flavor"
    4: 		pp_kit_package="sudo_$flavor"
    5: 	else
    6: 		name="sudo"
    7: 		pp_kit_package="sudo"
    8: 	fi
    9: 	summary="Provide limited super-user privileges to specific users"
   10: 	description="Sudo is a program designed to allow a sysadmin to give \
   11: limited root privileges to users and log root activity.  \
   12: The basic philosophy is to give as few privileges as possible but \
   13: still allow people to get their work done."
   14: 	vendor="Todd C. Miller"
   15: 	copyright="(c) 1993-1996,1998-2011 Todd C. Miller"
   16: 
   17: %if [aix]
   18: 	# AIX package summary is limited to 40 characters
   19: 	summary="Configurable super-user privileges"
   20: 
   21: 	# Convert to 4 part version for AIX, including patch level
   22: 	pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
   23: %endif
   24: 
   25: %if [kit]
   26: 	# Strip off patchlevel for kit which only supports xyz versions
   27: 	pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
   28: 	pp_kit_name="TCM"
   29: %endif
   30: 
   31: %if [sd]
   32: 	pp_sd_vendor_tag="TCM"
   33: %endif
   34: 
   35: %if [solaris]
   36: 	pp_solaris_name="TCM${name}"
   37: 	pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
   38: %endif
   39: 
   40: %if [rpm,deb]
   41: 	# Convert patch level into release and remove from version
   42: 	pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
   43: 	pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
   44: 	pp_rpm_license="BSD"
   45: 	pp_rpm_url="http://www.sudo.ws/"
   46: 	pp_rpm_group="Applications/System"
   47: 	pp_rpm_packager="Todd.Miller@courtesan.com"
   48: 	if test -n "$linux_audit"; then
   49: 		pp_rpm_requires="audit-libs >= $linux_audit"
   50: 	fi
   51: 
   52: 	pp_deb_maintainer="$pp_rpm_packager"
   53: 	pp_deb_release="$pp_rpm_release"
   54: 	pp_deb_version="$pp_rpm_version"
   55: %else
   56: 	# For all but RPM and Debian we need to install sudoers with a different
   57: 	# name and make a copy of it if there is no existing file.
   58: 	mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
   59: %endif
   60: 
   61: %if [rpm]
   62: 	# Add distro info to release
   63: 	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
   64: 	case "$pp_rpm_distro" in
   65: 	centos*|rhel*)
   66: 		pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
   67: 		;;
   68: 	sles*)
   69: 		pp_rpm_release="$pp_rpm_release.sles$osrelease"
   70: 		;;
   71: 	esac
   72: 
   73: 	# Uncomment some Defaults in sudoers
   74: 	# Note that the order must match that of sudoers.
   75: 	case "$pp_rpm_distro" in
   76: 	centos*|rhel*)
   77: 		/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
   78: 		/Locale settings/+1,s/^# //
   79: 		/Desktop path settings/+1,s/^# //
   80: 		w
   81: 		q
   82: 		EOF
   83: 		;;
   84: 	sles*)
   85: 		/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
   86: 		/Locale settings/+1,s/^# //
   87: 		/ConsoleKit session/+1,s/^# //
   88: 		/allow any user to run sudo if they know the password/+2,s/^# //
   89: 		/allow any user to run sudo if they know the password/+3,s/^# //
   90: 		w
   91: 		q
   92: 		EOF
   93: 		;;
   94: 	esac
   95: 
   96: 	# For RedHat the doc dir is expected to include version and release
   97: 	case "$pp_rpm_distro" in
   98: 	centos*|rhel*)
   99: 		mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
  100: 		docdir=${docdir}-${version}-${pp_rpm_release}
  101: 		;;
  102: 	esac
  103: 
  104: 	# Choose the correct PAM file by distro, must be tab indented for "<<-"
  105: 	case "$pp_rpm_distro" in
  106: 	centos*|rhel*)
  107: 		mkdir -p ${pp_destdir}/etc/pam.d
  108: 		if test $osrelease -lt 50; then
  109: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  110: 			#%PAM-1.0
  111: 			auth       required	pam_stack.so service=system-auth
  112: 			account    required	pam_stack.so service=system-auth
  113: 			password   required	pam_stack.so service=system-auth
  114: 			session    required	pam_limits.so
  115: 			EOF
  116: 		else
  117: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  118: 			#%PAM-1.0
  119: 			auth       include	system-auth
  120: 			account    include	system-auth
  121: 			password   include	system-auth
  122: 			session    optional	pam_keyinit.so revoke
  123: 			session    required	pam_limits.so
  124: 			EOF
  125: 			cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
  126: 			#%PAM-1.0
  127: 			auth       include	sudo
  128: 			account    include	sudo
  129: 			password   include	sudo
  130: 			session    optional	pam_keyinit.so force revoke
  131: 			session    required	pam_limits.so
  132: 			EOF
  133: 		fi
  134: 		;;
  135: 	  sles*)
  136: 		mkdir -p ${pp_destdir}/etc/pam.d
  137: 		if test $osrelease -lt 10; then
  138: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  139: 			#%PAM-1.0
  140: 			auth     required       pam_unix2.so
  141: 			session  required       pam_limits.so
  142: 			EOF
  143: 		else
  144: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  145: 			#%PAM-1.0
  146: 			auth     include	common-auth
  147: 			account  include	common-account
  148: 			password include	common-password
  149: 			session  include	common-session
  150: 			# session  optional	pam_xauth.so
  151: 			EOF
  152: 		fi
  153: 		;;
  154: 	esac
  155: %endif
  156: 
  157: %if [deb]
  158: 	# Uncomment some Defaults and the %sudo rule in sudoers
  159: 	# Note that the order must match that of sudoers and be tab-indented.
  160: 	/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
  161: 	/Locale settings/+1,s/^# //
  162: 	/X11 resource/+1,s/^# //
  163: 	/^# \%sudo/,s/^# //
  164: 	w
  165: 	q
  166: 	EOF
  167: 	mkdir -p ${pp_destdir}/etc/pam.d
  168: 	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  169: 	#%PAM-1.0
  170: 
  171: 	@include common-auth
  172: 	@include common-account
  173: 
  174: 	session required pam_permit.so
  175: 	session required pam_limits.so
  176: 	EOF
  177: %endif
  178: 
  179: 	# OS-level directories that should generally exist but might not.
  180: 	extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
  181: 	extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
  182: 	test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
  183: 	for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
  184: 		while test "$dir" != "/"; do
  185: 			osdirs="${osdirs}${osdirs+ }$dir/"
  186: 			dir=`dirname $dir`
  187: 		done
  188: 	done
  189: 	osdirs=`echo $osdirs | tr " " "\n" | sort -u`
  190: 
  191: %files
  192: 	$osdirs		       -
  193: 	$bindir/sudo        4111 root:
  194: 	$bindir/sudoedit    4111 root:
  195: 	$sbindir/visudo     0111
  196: 	$bindir/sudoreplay  0111
  197: 	$includedir/sudo_plugin.h
  198: 	$libexecdir/*		optional
  199: 	$sudoersdir/sudoers.d/	0750 $sudoers_uid:$sudoers_gid
  200: 	$timedir/		0700 root:
  201: 	$docdir/
  202: 	$docdir/*
  203: 	$localedir/		optional
  204: 	$localedir/**		optional
  205: 	/etc/pam.d/*		volatile,optional
  206: %if [rpm,deb]
  207: 	$sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
  208: %else
  209: 	$sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
  210: %endif
  211: 
  212: %files [!aix]
  213: 	$mandir/man*/*
  214: 
  215: %files [aix]
  216: 	# Some versions use catpages, some use manpages.
  217: 	$mandir/cat*/* optional
  218: 	$mandir/man*/* optional
  219: 
  220: %post [!rpm,deb]
  221: 	# Don't overwrite an existing sudoers file
  222: 	sudoersdir=%{sudoersdir}
  223: 	if test ! -r $sudoersdir/sudoers; then
  224: 		cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
  225: 		chmod %{sudoers_mode} $sudoersdir/sudoers
  226: 		chown %{sudoers_uid} $sudoersdir/sudoers
  227: 		chgrp %{sudoers_gid} $sudoersdir/sudoers
  228: 	fi
  229: 
  230: %post [deb]
  231: 	# dpkg-deb does not maintain the mode on the sudoers file, and
  232: 	# installs it 0640 when sudo requires 0440
  233: 	chmod %{sudoers_mode} %{sudoersdir}/sudoers
  234: 
  235: 	# create symlink to ease transition to new path for ldap config
  236: 	# if old config file exists and new one doesn't
  237: 	if test X"%{flavor}" = X"ldap" -a \
  238: 	    -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
  239: 		ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
  240: 	fi
  241: 
  242: 	# Debian uses a sudo group in its default sudoers file
  243: 	perl -e '
  244: 		exit 0 if getgrnam("sudo");
  245: 		$gid = 27; # default debian sudo gid
  246: 		setgrent();
  247: 		while (getgrgid($gid)) { $gid++; }
  248: 		if ($gid != 27) {
  249: 			print "On Debian we normally use gid 27 for \"sudo\".\n";
  250: 			$gname = getgrgid(27);
  251: 			print "However, on your system gid 27 is group \"$gname\".\n\n";
  252: 			print "Would you like me to stop configuring sudo so that you can change this? [n] "; 
  253: 			$ans = <STDIN>;
  254: 			if ($ans =~ /^[yY]/) {
  255: 				print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
  256: 				exit 1;
  257: 			}
  258: 		}
  259: 		print "Creating group \"sudo\" with gid = $gid\n";
  260: 		system("groupadd -g $gid sudo");
  261: 		exit 0;
  262: 	'
  263: 
  264: %preun [deb]
  265: 	# Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
  266: 	# it matches what we created in the postinstall script.
  267: 	if test X"%{flavor}" = X"ldap" -a \
  268: 	    X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
  269: 		rm -f /etc/sudo-ldap.conf
  270: 	fi
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>