File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / sudo.pp
Revision 1.1.1.3 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Oct 9 09:29:52 2012 UTC (12 years ago) by misho
Branches: sudo, MAIN
CVS tags: HEAD
sudo

    1: %set
    2: 	if test -n "$flavor"; then
    3: 		name="sudo-$flavor"
    4: 		pp_kit_package="sudo_$flavor"
    5: 	else
    6: 		name="sudo"
    7: 		pp_kit_package="sudo"
    8: 	fi
    9: 	summary="Provide limited super-user privileges to specific users"
   10: 	description="Sudo is a program designed to allow a sysadmin to give \
   11: limited root privileges to users and log root activity.  \
   12: The basic philosophy is to give as few privileges as possible but \
   13: still allow people to get their work done."
   14: 	vendor="Todd C. Miller"
   15: 	copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
   16: 	sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"`
   17: 	sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`
   18: 
   19: %if [aix]
   20: 	# AIX package summary is limited to 40 characters
   21: 	summary="Configurable super-user privileges"
   22: 
   23: 	# Convert to 4 part version for AIX, including patch level
   24: 	pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
   25: %endif
   26: 
   27: %if [kit]
   28: 	# Strip off patchlevel for kit which only supports xyz versions
   29: 	pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
   30: 	pp_kit_name="TCM"
   31: %endif
   32: 
   33: %if [sd]
   34: 	pp_sd_vendor_tag="TCM"
   35: %endif
   36: 
   37: %if [solaris]
   38: 	pp_solaris_name="TCM${name}"
   39: 	pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
   40: %endif
   41: 
   42: %if [rpm,deb]
   43: 	# Convert patch level into release and remove from version
   44: 	pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
   45: 	pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
   46: 	pp_rpm_license="BSD"
   47: 	pp_rpm_url="http://www.sudo.ws/"
   48: 	pp_rpm_group="Applications/System"
   49: 	pp_rpm_packager="Todd C. Miller <Todd.Miller@courtesan.com>"
   50: 	if test -n "$linux_audit"; then
   51: 		pp_rpm_requires="audit-libs >= $linux_audit"
   52: 	fi
   53: %else
   54: 	# For all but RPM and Debian we need to install sudoers with a different
   55: 	# name and make a copy of it if there is no existing file.
   56: 	mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
   57: %endif
   58: 
   59: %if [deb]
   60: 	pp_deb_maintainer="$pp_rpm_packager"
   61: 	pp_deb_release="$pp_rpm_release"
   62: 	pp_deb_version="$pp_rpm_version"
   63: 	pp_deb_section=admin
   64: 	install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright
   65: 	install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
   66: 	gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
   67: 	printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n  * see upstream changelog\n\n -- $pp_deb_maintainer  `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
   68: 	chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
   69: 	gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
   70: 	# Create lintian override file
   71: 	mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides
   72: 	cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF
   73: 	# The sudo binary must be setuid root
   74: 	$name: setuid-binary usr/bin/sudo 4755 root/root
   75: 	# Sudo configuration and data dirs must not be world-readable
   76: 	$name: non-standard-file-perm etc/sudoers 0440 != 0644
   77: 	$name: non-standard-dir-perm etc/sudoers.d/ 0750 != 0755
   78: 	$name: non-standard-dir-perm var/lib/sudo/ 0700 != 0755
   79: 	# Sudo ships with debugging symbols
   80: 	$name: unstripped-binary-or-object
   81: 	EOF
   82: 	chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name}
   83: %endif
   84: 
   85: %if [rpm]
   86: 	# Add distro info to release
   87: 	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
   88: 	case "$pp_rpm_distro" in
   89: 	centos*|rhel*)
   90: 		pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
   91: 		;;
   92: 	sles*)
   93: 		pp_rpm_release="$pp_rpm_release.sles$osrelease"
   94: 		;;
   95: 	esac
   96: 
   97: 	# Uncomment some Defaults in sudoers
   98: 	# Note that the order must match that of sudoers.
   99: 	case "$pp_rpm_distro" in
  100: 	centos*|rhel*)
  101: 		chmod u+w ${pp_destdir}${sudoersdir}/sudoers
  102: 		/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
  103: 		/Locale settings/+1,s/^# //
  104: 		/Desktop path settings/+1,s/^# //
  105: 		w
  106: 		q
  107: 		EOF
  108: 		chmod u-w ${pp_destdir}${sudoersdir}/sudoers
  109: 		;;
  110: 	sles*)
  111: 		chmod u+w ${pp_destdir}${sudoersdir}/sudoers
  112: 		/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
  113: 		/Locale settings/+1,s/^# //
  114: 		/ConsoleKit session/+1,s/^# //
  115: 		/allow any user to run sudo if they know the password/+2,s/^# //
  116: 		/allow any user to run sudo if they know the password/+3,s/^# //
  117: 		w
  118: 		q
  119: 		EOF
  120: 		chmod u-w ${pp_destdir}${sudoersdir}/sudoers
  121: 		;;
  122: 	esac
  123: 
  124: 	# For RedHat the doc dir is expected to include version and release
  125: 	case "$pp_rpm_distro" in
  126: 	centos*|rhel*)
  127: 		mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
  128: 		docdir=${docdir}-${version}-${pp_rpm_release}
  129: 		;;
  130: 	esac
  131: 
  132: 	# Choose the correct PAM file by distro, must be tab indented for "<<-"
  133: 	case "$pp_rpm_distro" in
  134: 	centos*|rhel*)
  135: 		mkdir -p ${pp_destdir}/etc/pam.d
  136: 		if test $osrelease -lt 50; then
  137: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  138: 			#%PAM-1.0
  139: 			auth       required	pam_stack.so service=system-auth
  140: 			account    required	pam_stack.so service=system-auth
  141: 			password   required	pam_stack.so service=system-auth
  142: 			session    required	pam_limits.so
  143: 			EOF
  144: 		else
  145: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  146: 			#%PAM-1.0
  147: 			auth       include	system-auth
  148: 			account    include	system-auth
  149: 			password   include	system-auth
  150: 			session    optional	pam_keyinit.so revoke
  151: 			session    required	pam_limits.so
  152: 			EOF
  153: 			cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
  154: 			#%PAM-1.0
  155: 			auth       include	sudo
  156: 			account    include	sudo
  157: 			password   include	sudo
  158: 			session    optional	pam_keyinit.so force revoke
  159: 			session    required	pam_limits.so
  160: 			EOF
  161: 		fi
  162: 		;;
  163: 	  sles*)
  164: 		mkdir -p ${pp_destdir}/etc/pam.d
  165: 		if test $osrelease -lt 10; then
  166: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  167: 			#%PAM-1.0
  168: 			auth     required       pam_unix2.so
  169: 			session  required       pam_limits.so
  170: 			EOF
  171: 		else
  172: 			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  173: 			#%PAM-1.0
  174: 			auth     include	common-auth
  175: 			account  include	common-account
  176: 			password include	common-password
  177: 			session  include	common-session
  178: 			# session  optional	pam_xauth.so
  179: 			EOF
  180: 		fi
  181: 		;;
  182: 	esac
  183: %endif
  184: 
  185: %if [deb]
  186: 	# Uncomment some Defaults and the %sudo rule in sudoers
  187: 	# Note that the order must match that of sudoers and be tab-indented.
  188: 	chmod u+w ${pp_destdir}${sudoersdir}/sudoers
  189: 	/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
  190: 	/Locale settings/+1,s/^# //
  191: 	/X11 resource/+1,s/^# //
  192: 	/^# \%sudo/,s/^# //
  193: 	w
  194: 	q
  195: 	EOF
  196: 	chmod u-w ${pp_destdir}${sudoersdir}/sudoers
  197: 	mkdir -p ${pp_destdir}/etc/pam.d
  198: 	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
  199: 	#%PAM-1.0
  200: 
  201: 	@include common-auth
  202: 	@include common-account
  203: 
  204: 	session required pam_permit.so
  205: 	session required pam_limits.so
  206: 	EOF
  207: %endif
  208: 
  209: %if [macos]
  210: 	pp_macos_pkg_type=flat
  211: 	pp_macos_bundle_id=ws.sudo.pkg.sudo
  212: 	pp_macos_pkg_license=doc/LICENSE
  213: 	pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt
  214: 	perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt
  215: %endif
  216: 
  217: %if X"$aix_freeware" = X"true"
  218: 	# Create links from /opt/freeware/{bin,sbin} -> /usr/{bin.sbin}
  219: 	mkdir -p ${pp_destdir}/usr/bin ${pp_destdir}/usr/sbin
  220: 	ln -s -f ${bindir}/sudo ${pp_destdir}/usr/bin
  221: 	ln -s -f ${bindir}/sudoedit ${pp_destdir}/usr/bin
  222: 	ln -s -f ${bindir}/sudoreplay ${pp_destdir}/usr/bin
  223: 	ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin
  224: %endif
  225: 
  226: 	# OS-level directories that should generally exist but might not.
  227: 	extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
  228: 	extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
  229: 	test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir"
  230: 	test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
  231: 	for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
  232: 		while test "$dir" != "/"; do
  233: 			osdirs="${osdirs}${osdirs+ }$dir/"
  234: 			dir=`dirname $dir`
  235: 		done
  236: 	done
  237: 	osdirs=`echo $osdirs | tr " " "\n" | sort -u`
  238: 
  239: %depend [deb]
  240: 	libc6, libpam0g, libpam-modules, zlib1g, libselinux1
  241: 
  242: %fixup [deb]
  243: 	# Add Conflicts, Replaces headers and add libldap depedency as needed.
  244: 	if test -z "%{flavor}"; then
  245: 	    echo "Conflicts: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
  246: 	    echo "Replaces: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
  247: 	elif test "%{flavor}" = "ldap"; then
  248: 	    echo "Conflicts: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
  249: 	    echo "Replaces: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
  250: 	    echo "Provides: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
  251: 	    cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$
  252: 	    sed 's/^\(Depends:.*\) *$/\1, libldap-2.4-2/' %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control
  253: 	    rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$
  254: 	fi
  255: 	echo "Homepage: http://www.sudo.ws/sudo/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
  256: 	echo "Bugs: http://www.sudo.ws/bugs/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
  257: 
  258: %files
  259: 	$osdirs			-
  260: 	$bindir/sudo        	4755 root:
  261: 	$bindir/sudoedit    	0755 root: symlink sudo
  262: 	$sbindir/visudo     	0755
  263: 	$bindir/sudoreplay  	0755
  264: 	$includedir/sudo_plugin.h 0644
  265: 	$libexecdir/*		$shlib_mode optional
  266: 	$sudoersdir/sudoers.d/	0750 $sudoers_uid:$sudoers_gid
  267: 	$timedir/		0700 root:
  268: 	$docdir/		0755
  269: 	$docdir/sudoers2ldif	0755 optional,ignore-others
  270: %if [deb]
  271: 	$docdir/LICENSE		ignore,ignore-others
  272: 	$docdir/ChangeLog	ignore,ignore-others
  273: %endif
  274: 	$docdir/*		0644
  275: 	$localedir/*/		-    optional
  276: 	$localedir/*/LC_MESSAGES/ -    optional
  277: 	$localedir/*/LC_MESSAGES/* 0644    optional
  278: 	/etc/pam.d/*		0644 volatile,optional
  279: %if [rpm,deb]
  280: 	$sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
  281: %else
  282: 	$sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
  283: %endif
  284: %if X"$aix_freeware" = X"true"
  285: 	# Links for binaries from /opt/freeware to /usr
  286: 	/usr/bin/sudo    	0755 root: symlink $bindir/sudo
  287: 	/usr/bin/sudoedit    	0755 root: symlink $bindir/sudoedit
  288: 	/usr/bin/sudoreplay    	0755 root: symlink $bindir/sudoreplay
  289: 	/usr/sbin/visudo    	0755 root: symlink $sbindir/visudo
  290: %endif
  291: 
  292: %files [!aix]
  293: 	$sudoedit_man		0644 symlink,ignore-others $sudoedit_man_target
  294: 	$mandir/man*/*		0644
  295: 
  296: %files [aix]
  297: 	# Some versions use catpages, some use manpages.
  298: 	$sudoedit_man		0644 symlink,ignore-others $sudoedit_man_target
  299: 	$mandir/cat*/*		0644 optional
  300: 	$mandir/man*/*		0644 optional
  301: 
  302: %pre [aix]
  303: 	if rpm -q %{name} >/dev/null 2>&1; then
  304: 		echo "Another version of sudo is currently installed via rpm." 2>&1
  305: 		echo "Please either uninstall the rpm version of sudo by running \"rpm -e sudo\"" 2>&1
  306: 		echo "or upgrade the existing version of sudo using the .rpm packagae instead" 2>&1
  307: 		echo "instead of the .bff package." 2>&1
  308: 		echo "" 2>&1
  309: 		echo "Note that you may need to pass rpm the --oldpackage flag when upgrading" 2>&1
  310: 		echo "the AIX Toolbox version of sudo to the latest sudo rpm from sudo.ws." 2>&1
  311: 		echo "" 2>&1
  312: 		exit 1
  313: 	fi
  314: 
  315: %post [!rpm,deb]
  316: 	# Don't overwrite an existing sudoers file
  317: %if [solaris]
  318: 	sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir}
  319: %else
  320: 	sudoersdir=%{sudoersdir}
  321: %endif
  322: 	if test ! -r $sudoersdir/sudoers; then
  323: 		cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
  324: 		chmod %{sudoers_mode} $sudoersdir/sudoers
  325: 		chown %{sudoers_uid} $sudoersdir/sudoers
  326: 		chgrp %{sudoers_gid} $sudoersdir/sudoers
  327: 	fi
  328: 
  329: %post [deb]
  330: 	set -e
  331: 
  332: 	# dpkg-deb does not maintain the mode on the sudoers file, and
  333: 	# installs it 0640 when sudo requires 0440
  334: 	chmod %{sudoers_mode} %{sudoersdir}/sudoers
  335: 
  336: 	# create symlink to ease transition to new path for ldap config
  337: 	# if old config file exists and new one doesn't
  338: 	if test X"%{flavor}" = X"ldap" -a \
  339: 	    -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
  340: 		ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
  341: 	fi
  342: 
  343: 	# Debian uses a sudo group in its default sudoers file
  344: 	perl -e '
  345: 		exit 0 if getgrnam("sudo");
  346: 		$gid = 27; # default debian sudo gid
  347: 		setgrent();
  348: 		while (getgrgid($gid)) { $gid++; }
  349: 		if ($gid != 27) {
  350: 			print "On Debian we normally use gid 27 for \"sudo\".\n";
  351: 			$gname = getgrgid(27);
  352: 			print "However, on your system gid 27 is group \"$gname\".\n\n";
  353: 			print "Would you like me to stop configuring sudo so that you can change this? [n] "; 
  354: 			$ans = <STDIN>;
  355: 			if ($ans =~ /^[yY]/) {
  356: 				print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
  357: 				exit 1;
  358: 			}
  359: 		}
  360: 		print "Creating group \"sudo\" with gid = $gid\n";
  361: 		system("groupadd -g $gid sudo");
  362: 		exit 0;
  363: 	'
  364: 
  365: %preun [deb]
  366: 	set -e
  367: 
  368: 	# Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
  369: 	# it matches what we created in the postinstall script.
  370: 	if test X"%{flavor}" = X"ldap" -a \
  371: 	    X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
  372: 		rm -f /etc/sudo-ldap.conf
  373: 	fi

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>