1: %set
2: if test -n "$flavor"; then
3: name="sudo-$flavor"
4: pp_kit_package="sudo_$flavor"
5: else
6: name="sudo"
7: pp_kit_package="sudo"
8: fi
9: summary="Provide limited super-user privileges to specific users"
10: description="Sudo is a program designed to allow a sysadmin to give \
11: limited root privileges to users and log root activity. \
12: The basic philosophy is to give as few privileges as possible but \
13: still allow people to get their work done."
14: vendor="Todd C. Miller"
15: copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
16:
17: %if [aix]
18: # AIX package summary is limited to 40 characters
19: summary="Configurable super-user privileges"
20:
21: # Convert to 4 part version for AIX, including patch level
22: pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
23: %endif
24:
25: %if [kit]
26: # Strip off patchlevel for kit which only supports xyz versions
27: pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
28: pp_kit_name="TCM"
29: %endif
30:
31: %if [sd]
32: pp_sd_vendor_tag="TCM"
33: %endif
34:
35: %if [solaris]
36: pp_solaris_name="TCM${name}"
37: pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
38: %endif
39:
40: %if [rpm,deb]
41: # Convert patch level into release and remove from version
42: pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
43: pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
44: pp_rpm_license="BSD"
45: pp_rpm_url="http://www.sudo.ws/"
46: pp_rpm_group="Applications/System"
47: pp_rpm_packager="Todd.Miller@courtesan.com"
48: if test -n "$linux_audit"; then
49: pp_rpm_requires="audit-libs >= $linux_audit"
50: fi
51:
52: pp_deb_maintainer="$pp_rpm_packager"
53: pp_deb_release="$pp_rpm_release"
54: pp_deb_version="$pp_rpm_version"
55: %else
56: # For all but RPM and Debian we need to install sudoers with a different
57: # name and make a copy of it if there is no existing file.
58: mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
59: %endif
60:
61: %if [rpm]
62: # Add distro info to release
63: osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
64: case "$pp_rpm_distro" in
65: centos*|rhel*)
66: pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
67: ;;
68: sles*)
69: pp_rpm_release="$pp_rpm_release.sles$osrelease"
70: ;;
71: esac
72:
73: # Uncomment some Defaults in sudoers
74: # Note that the order must match that of sudoers.
75: case "$pp_rpm_distro" in
76: centos*|rhel*)
77: chmod u+w ${pp_destdir}${sudoersdir}/sudoers
78: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
79: /Locale settings/+1,s/^# //
80: /Desktop path settings/+1,s/^# //
81: w
82: q
83: EOF
84: chmod u-w ${pp_destdir}${sudoersdir}/sudoers
85: ;;
86: sles*)
87: chmod u+w ${pp_destdir}${sudoersdir}/sudoers
88: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
89: /Locale settings/+1,s/^# //
90: /ConsoleKit session/+1,s/^# //
91: /allow any user to run sudo if they know the password/+2,s/^# //
92: /allow any user to run sudo if they know the password/+3,s/^# //
93: w
94: q
95: EOF
96: chmod u-w ${pp_destdir}${sudoersdir}/sudoers
97: ;;
98: esac
99:
100: # For RedHat the doc dir is expected to include version and release
101: case "$pp_rpm_distro" in
102: centos*|rhel*)
103: mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
104: docdir=${docdir}-${version}-${pp_rpm_release}
105: ;;
106: esac
107:
108: # Choose the correct PAM file by distro, must be tab indented for "<<-"
109: case "$pp_rpm_distro" in
110: centos*|rhel*)
111: mkdir -p ${pp_destdir}/etc/pam.d
112: if test $osrelease -lt 50; then
113: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
114: #%PAM-1.0
115: auth required pam_stack.so service=system-auth
116: account required pam_stack.so service=system-auth
117: password required pam_stack.so service=system-auth
118: session required pam_limits.so
119: EOF
120: else
121: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
122: #%PAM-1.0
123: auth include system-auth
124: account include system-auth
125: password include system-auth
126: session optional pam_keyinit.so revoke
127: session required pam_limits.so
128: EOF
129: cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
130: #%PAM-1.0
131: auth include sudo
132: account include sudo
133: password include sudo
134: session optional pam_keyinit.so force revoke
135: session required pam_limits.so
136: EOF
137: fi
138: ;;
139: sles*)
140: mkdir -p ${pp_destdir}/etc/pam.d
141: if test $osrelease -lt 10; then
142: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
143: #%PAM-1.0
144: auth required pam_unix2.so
145: session required pam_limits.so
146: EOF
147: else
148: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
149: #%PAM-1.0
150: auth include common-auth
151: account include common-account
152: password include common-password
153: session include common-session
154: # session optional pam_xauth.so
155: EOF
156: fi
157: ;;
158: esac
159: %endif
160:
161: %if [deb]
162: # Uncomment some Defaults and the %sudo rule in sudoers
163: # Note that the order must match that of sudoers and be tab-indented.
164: chmod u+w ${pp_destdir}${sudoersdir}/sudoers
165: /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
166: /Locale settings/+1,s/^# //
167: /X11 resource/+1,s/^# //
168: /^# \%sudo/,s/^# //
169: w
170: q
171: EOF
172: chmod u-w ${pp_destdir}${sudoersdir}/sudoers
173: mkdir -p ${pp_destdir}/etc/pam.d
174: cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
175: #%PAM-1.0
176:
177: @include common-auth
178: @include common-account
179:
180: session required pam_permit.so
181: session required pam_limits.so
182: EOF
183: %endif
184:
185: %if [macos]
186: pp_macos_pkg_type=flat
187: pp_macos_bundle_id=ws.sudo.pkg.sudo
188: pp_macos_pkg_license=doc/LICENSE
189: pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt
190: perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt
191: %endif
192:
193: # OS-level directories that should generally exist but might not.
194: extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
195: extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
196: test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
197: for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
198: while test "$dir" != "/"; do
199: osdirs="${osdirs}${osdirs+ }$dir/"
200: dir=`dirname $dir`
201: done
202: done
203: osdirs=`echo $osdirs | tr " " "\n" | sort -u`
204:
205: %files
206: $osdirs -
207: $bindir/sudo 4111 root:
208: $bindir/sudoedit 4111 root:
209: $sbindir/visudo 0111
210: $bindir/sudoreplay 0111
211: $includedir/sudo_plugin.h 0444
212: $libexecdir/* 0755 optional
213: $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
214: $timedir/ 0700 root:
215: $docdir/ 0755
216: $docdir/sudoers2ldif 0555 optional,ignore-others
217: $docdir/* 0444
218: $localedir/ - optional
219: $localedir/** 0444 optional
220: /etc/pam.d/* 0444 volatile,optional
221: %if [rpm,deb]
222: $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
223: %else
224: $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
225: %endif
226:
227: %files [!aix]
228: $mandir/man*/*
229:
230: %files [aix]
231: # Some versions use catpages, some use manpages.
232: $mandir/cat*/* optional
233: $mandir/man*/* optional
234:
235: %post [!rpm,deb]
236: # Don't overwrite an existing sudoers file
237: %if [solaris]
238: sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir}
239: %else
240: sudoersdir=%{sudoersdir}
241: %endif
242: if test ! -r $sudoersdir/sudoers; then
243: cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
244: chmod %{sudoers_mode} $sudoersdir/sudoers
245: chown %{sudoers_uid} $sudoersdir/sudoers
246: chgrp %{sudoers_gid} $sudoersdir/sudoers
247: fi
248:
249: %post [deb]
250: # dpkg-deb does not maintain the mode on the sudoers file, and
251: # installs it 0640 when sudo requires 0440
252: chmod %{sudoers_mode} %{sudoersdir}/sudoers
253:
254: # create symlink to ease transition to new path for ldap config
255: # if old config file exists and new one doesn't
256: if test X"%{flavor}" = X"ldap" -a \
257: -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
258: ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
259: fi
260:
261: # Debian uses a sudo group in its default sudoers file
262: perl -e '
263: exit 0 if getgrnam("sudo");
264: $gid = 27; # default debian sudo gid
265: setgrent();
266: while (getgrgid($gid)) { $gid++; }
267: if ($gid != 27) {
268: print "On Debian we normally use gid 27 for \"sudo\".\n";
269: $gname = getgrgid(27);
270: print "However, on your system gid 27 is group \"$gname\".\n\n";
271: print "Would you like me to stop configuring sudo so that you can change this? [n] ";
272: $ans = <STDIN>;
273: if ($ans =~ /^[yY]/) {
274: print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
275: exit 1;
276: }
277: }
278: print "Creating group \"sudo\" with gid = $gid\n";
279: system("groupadd -g $gid sudo");
280: exit 0;
281: '
282:
283: %preun [deb]
284: # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
285: # it matches what we created in the postinstall script.
286: if test X"%{flavor}" = X"ldap" -a \
287: X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
288: rm -f /etc/sudo-ldap.conf
289: fi
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.pp CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo