Add macros file to allow other packages to stop hardcoding directory names

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-07-22 12:43:20 +02:00 · 2021-07-22 12:43:20 +02:00 · 06d409fea6
commit 06d409fea6
parent d335a7441d
2 changed files with 123 additions and 115 deletions
--- a/macros.pam
+++ b/macros.pam
@ -0,0 +1,5 @@
+%_pam_libdir     %{_libdir}
+%_pam_moduledir  %{_libdir}/security
+%_pam_secconfdir %{_sysconfdir}/security
+%_pam_confdir    %{_sysconfdir}/pam.d
+%_pam_vendordir  %{_datadir}/pam.d
--- a/pam.spec
+++ b/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.5.1
-Release: 8%{?dist}
+Release: 9%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -11,6 +11,7 @@ License: BSD and GPLv2+
 Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
 Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz.asc
 Source2: https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
+Source3: macros.%{name}
 Source5: other.pamd
 Source6: system-auth.pamd
 Source7: password-auth.pamd
@ -32,13 +33,7 @@ Patch4: https://github.com/linux-pam/linux-pam/pull/368.patch#/pam-1.5.1-no_cryp
 # https://github.com/linux-pam/linux-pam/commit/ec0e724fe53188c5c762c34ca9db6681c0de01b8
 Patch5:  pam-1.5.1-pam_filter_close_file_after_controlling_tty.patch

-
-%global _pamlibdir %{_libdir}
-%global _moduledir %{_libdir}/security
-%global _secconfdir %{_sysconfdir}/security
-%global _pamconfdir %{_sysconfdir}/pam.d
-%global _pamvendordir %{_datadir}/pam.d
-%global _systemdlibdir /usr/lib/systemd/system
+%{load:%{SOURCE3}}

 %if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
 %global WITH_SELINUX 1
@ -72,6 +67,7 @@ BuildRequires: libdb-devel
 BuildRequires: linuxdoc-tools, elinks, libxslt
 BuildRequires: docbook-style-xsl, docbook-dtds
 BuildRequires: gcc
+BuildRequires: systemd

 URL: http://www.linux-pam.org/

@ -123,7 +119,7 @@ autoreconf -i
 %build
 %configure \
 	--disable-rpath \
-	--libdir=%{_pamlibdir} \
+	--libdir=%{_pam_libdir} \
 	--includedir=%{_includedir}/security \
 	--enable-vendordir=%{_datadir} \
 %if ! %{WITH_SELINUX}
@ -144,12 +140,15 @@ for readme in modules/pam_*/README ; do
 	cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
 done

+# Install the macros file
+install -D -m 644 %{SOURCE3} %{buildroot}%{_rpmconfigdir}/macros.d/macros.%{name}
+
 # Install the binaries, libraries, and modules.
 make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:

 %if %{WITH_SELINUX}
 # Temporary compat link
-ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_moduledir}/pam_selinux_permit.so
+ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_selinux_permit.so
 %endif

 # RPM uses docs from source tree
@ -158,16 +157,16 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment

 # Install default configuration files.
-install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
-install -d -m 755 $RPM_BUILD_ROOT%{_pamvendordir}
-install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
-install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
-install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
-install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
-install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
-install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
-install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin
-install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
+install -d -m 755 $RPM_BUILD_ROOT%{_pam_confdir}
+install -d -m 755 $RPM_BUILD_ROOT%{_pam_vendordir}
+install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pam_confdir}/other
+install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pam_confdir}/system-auth
+install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pam_confdir}/password-auth
+install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pam_confdir}/fingerprint-auth
+install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pam_confdir}/smartcard-auth
+install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pam_confdir}/config-util
+install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pam_confdir}/postlogin
+install -m 600 /dev/null $RPM_BUILD_ROOT%{_pam_secconfdir}/opasswd
 install -d -m 755 $RPM_BUILD_ROOT/var/log
 install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock
 install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/motd.d
@ -182,23 +181,23 @@ ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/smartcard-auth.5


 for phase in auth acct passwd session ; do
-	ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so 
+	ln -sf pam_unix.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_unix_${phase}.so 
 done

 # Remove .la files and make new .so links -- this depends on the value
 # of _libdir not changing, and *not* being /usr/lib.
 for lib in libpam libpamc libpam_misc ; do
-rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.la
+rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.la
 done
-rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
+rm -f $RPM_BUILD_ROOT%{_pam_moduledir}/*.la

-%if "%{_pamlibdir}" != "%{_libdir}"
+%if "%{_pam_libdir}" != "%{_libdir}"
 install -d -m 755 $RPM_BUILD_ROOT%{_libdir}
 for lib in libpam libpamc libpam_misc ; do
 pushd $RPM_BUILD_ROOT%{_libdir}
-ln -sf %{_pamlibdir}/${lib}.so.*.* ${lib}.so
+ln -sf %{_pam_libdir}/${lib}.so.*.* ${lib}.so
 popd
-rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.so
+rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.so
 done
 %endif

@ -221,7 +220,7 @@ if [ -d ${dir} ] ; then
 %if ! %{WITH_AUDIT}
 	[ ${dir} = "modules/pam_tty_audit" ] && continue
 %endif
-	if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
+	if ! ls -1 $RPM_BUILD_ROOT%{_pam_moduledir}/`basename ${dir}`*.so ; then
 		echo ERROR `basename ${dir}` did not build a module.
 		exit 1
 	fi
@ -230,9 +229,9 @@ done

 # Check for module problems.  Specifically, check that every module we just
 # installed can actually be loaded by a minimal PAM-aware application.
-/sbin/ldconfig -n $RPM_BUILD_ROOT%{_pamlibdir}
-for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
-	if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pamlibdir} \
+/sbin/ldconfig -n $RPM_BUILD_ROOT%{_pam_libdir}
+for module in $RPM_BUILD_ROOT%{_pam_moduledir}/pam*.so ; do
+	if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pam_libdir} \
 		 %{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT%{_libdir} ${module} ; then
 		echo ERROR module: ${module} cannot be loaded.
 		exit 1
@ -242,21 +241,22 @@ done
 %ldconfig_scriptlets

 %files -f Linux-PAM.lang
-%dir %{_pamconfdir}
-%dir %{_pamvendordir}
-%config(noreplace) %{_pamconfdir}/other
-%config(noreplace) %{_pamconfdir}/system-auth
-%config(noreplace) %{_pamconfdir}/password-auth
-%config(noreplace) %{_pamconfdir}/fingerprint-auth
-%config(noreplace) %{_pamconfdir}/smartcard-auth
-%config(noreplace) %{_pamconfdir}/config-util
-%config(noreplace) %{_pamconfdir}/postlogin
+%dir %{_pam_confdir}
+%dir %{_pam_vendordir}
+%config(noreplace) %{_pam_confdir}/other
+%config(noreplace) %{_pam_confdir}/system-auth
+%config(noreplace) %{_pam_confdir}/password-auth
+%config(noreplace) %{_pam_confdir}/fingerprint-auth
+%config(noreplace) %{_pam_confdir}/smartcard-auth
+%config(noreplace) %{_pam_confdir}/config-util
+%config(noreplace) %{_pam_confdir}/postlogin
+%{_rpmconfigdir}/macros.d/macros.%{name}
 %{!?_licensedir:%global license %%doc}
 %license Copyright
 %license gpl-2.0.txt
-%{_pamlibdir}/libpam.so.*
-%{_pamlibdir}/libpamc.so.*
-%{_pamlibdir}/libpam_misc.so.*
+%{_pam_libdir}/libpam.so.*
+%{_pam_libdir}/libpamc.so.*
+%{_pam_libdir}/libpam_misc.so.*
 %{_sbindir}/pam_console_apply
 %{_sbindir}/pam_namespace_helper
 %{_sbindir}/faillock
@ -265,85 +265,85 @@ done
 %attr(0700,root,root) %{_sbindir}/unix_update
 %attr(0755,root,root) %{_sbindir}/mkhomedir_helper
 %attr(0755,root,root) %{_sbindir}/pwhistory_helper
-%dir %{_moduledir}
-%{_moduledir}/pam_access.so
-%{_moduledir}/pam_chroot.so
-%{_moduledir}/pam_console.so
-%{_moduledir}/pam_debug.so
-%{_moduledir}/pam_deny.so
-%{_moduledir}/pam_echo.so
-%{_moduledir}/pam_env.so
-%{_moduledir}/pam_exec.so
-%{_moduledir}/pam_faildelay.so
-%{_moduledir}/pam_faillock.so
-%{_moduledir}/pam_filter.so
-%{_moduledir}/pam_ftp.so
-%{_moduledir}/pam_group.so
-%{_moduledir}/pam_issue.so
-%{_moduledir}/pam_keyinit.so
-%{_moduledir}/pam_lastlog.so
-%{_moduledir}/pam_limits.so
-%{_moduledir}/pam_listfile.so
-%{_moduledir}/pam_localuser.so
-%{_moduledir}/pam_loginuid.so
-%{_moduledir}/pam_mail.so
-%{_moduledir}/pam_mkhomedir.so
-%{_moduledir}/pam_motd.so
-%{_moduledir}/pam_namespace.so
-%{_moduledir}/pam_nologin.so
-%{_moduledir}/pam_permit.so
-%{_moduledir}/pam_postgresok.so
-%{_moduledir}/pam_pwhistory.so
-%{_moduledir}/pam_rhosts.so
-%{_moduledir}/pam_rootok.so
+%dir %{_pam_moduledir}
+%{_pam_moduledir}/pam_access.so
+%{_pam_moduledir}/pam_chroot.so
+%{_pam_moduledir}/pam_console.so
+%{_pam_moduledir}/pam_debug.so
+%{_pam_moduledir}/pam_deny.so
+%{_pam_moduledir}/pam_echo.so
+%{_pam_moduledir}/pam_env.so
+%{_pam_moduledir}/pam_exec.so
+%{_pam_moduledir}/pam_faildelay.so
+%{_pam_moduledir}/pam_faillock.so
+%{_pam_moduledir}/pam_filter.so
+%{_pam_moduledir}/pam_ftp.so
+%{_pam_moduledir}/pam_group.so
+%{_pam_moduledir}/pam_issue.so
+%{_pam_moduledir}/pam_keyinit.so
+%{_pam_moduledir}/pam_lastlog.so
+%{_pam_moduledir}/pam_limits.so
+%{_pam_moduledir}/pam_listfile.so
+%{_pam_moduledir}/pam_localuser.so
+%{_pam_moduledir}/pam_loginuid.so
+%{_pam_moduledir}/pam_mail.so
+%{_pam_moduledir}/pam_mkhomedir.so
+%{_pam_moduledir}/pam_motd.so
+%{_pam_moduledir}/pam_namespace.so
+%{_pam_moduledir}/pam_nologin.so
+%{_pam_moduledir}/pam_permit.so
+%{_pam_moduledir}/pam_postgresok.so
+%{_pam_moduledir}/pam_pwhistory.so
+%{_pam_moduledir}/pam_rhosts.so
+%{_pam_moduledir}/pam_rootok.so
 %if %{WITH_SELINUX}
-%{_moduledir}/pam_selinux.so
-%{_moduledir}/pam_selinux_permit.so
-%{_moduledir}/pam_sepermit.so
+%{_pam_moduledir}/pam_selinux.so
+%{_pam_moduledir}/pam_selinux_permit.so
+%{_pam_moduledir}/pam_sepermit.so
 %endif
-%{_moduledir}/pam_securetty.so
-%{_moduledir}/pam_setquota.so
-%{_moduledir}/pam_shells.so
-%{_moduledir}/pam_stress.so
-%{_moduledir}/pam_succeed_if.so
-%{_moduledir}/pam_time.so
-%{_moduledir}/pam_timestamp.so
+%{_pam_moduledir}/pam_securetty.so
+%{_pam_moduledir}/pam_setquota.so
+%{_pam_moduledir}/pam_shells.so
+%{_pam_moduledir}/pam_stress.so
+%{_pam_moduledir}/pam_succeed_if.so
+%{_pam_moduledir}/pam_time.so
+%{_pam_moduledir}/pam_timestamp.so
 %if %{WITH_AUDIT}
-%{_moduledir}/pam_tty_audit.so
+%{_pam_moduledir}/pam_tty_audit.so
 %endif
-%{_moduledir}/pam_umask.so
-%{_moduledir}/pam_unix.so
-%{_moduledir}/pam_unix_acct.so
-%{_moduledir}/pam_unix_auth.so
-%{_moduledir}/pam_unix_passwd.so
-%{_moduledir}/pam_unix_session.so
-%{_moduledir}/pam_userdb.so
-%{_moduledir}/pam_usertype.so
-%{_moduledir}/pam_warn.so
-%{_moduledir}/pam_wheel.so
-%{_moduledir}/pam_xauth.so
-%{_moduledir}/pam_filter
-%{_systemdlibdir}/pam_namespace.service
-%dir %{_secconfdir}
-%config(noreplace) %{_secconfdir}/access.conf
-%config(noreplace) %{_secconfdir}/chroot.conf
-%config %{_secconfdir}/console.perms
-%config(noreplace) %{_secconfdir}/console.handlers
-%config(noreplace) %{_secconfdir}/faillock.conf
-%config(noreplace) %{_secconfdir}/group.conf
-%config(noreplace) %{_secconfdir}/limits.conf
-%dir %{_secconfdir}/limits.d
-%config(noreplace) %{_secconfdir}/namespace.conf
-%dir %{_secconfdir}/namespace.d
-%attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init
-%config(noreplace) %{_secconfdir}/pam_env.conf
-%config(noreplace) %{_secconfdir}/time.conf
-%config(noreplace) %{_secconfdir}/opasswd
-%dir %{_secconfdir}/console.apps
-%dir %{_secconfdir}/console.perms.d
+%{_pam_moduledir}/pam_umask.so
+%{_pam_moduledir}/pam_unix.so
+%{_pam_moduledir}/pam_unix_acct.so
+%{_pam_moduledir}/pam_unix_auth.so
+%{_pam_moduledir}/pam_unix_passwd.so
+%{_pam_moduledir}/pam_unix_session.so
+%{_pam_moduledir}/pam_userdb.so
+%{_pam_moduledir}/pam_usertype.so
+%{_pam_moduledir}/pam_warn.so
+%{_pam_moduledir}/pam_wheel.so
+%{_pam_moduledir}/pam_xauth.so
+%{_pam_moduledir}/pam_filter
+%{_unitdir}/pam_namespace.service
+%dir %{_pam_secconfdir}
+%config(noreplace) %{_pam_secconfdir}/access.conf
+%config(noreplace) %{_pam_secconfdir}/chroot.conf
+%config %{_pam_secconfdir}/console.perms
+%config(noreplace) %{_pam_secconfdir}/console.handlers
+%config(noreplace) %{_pam_secconfdir}/faillock.conf
+%config(noreplace) %{_pam_secconfdir}/group.conf
+%config(noreplace) %{_pam_secconfdir}/limits.conf
+%dir %{_pam_secconfdir}/limits.d
+%config(noreplace) %{_pam_secconfdir}/namespace.conf
+%dir %{_pam_secconfdir}/namespace.d
+%attr(755,root,root) %config(noreplace) %{_pam_secconfdir}/namespace.init
+%config(noreplace) %{_pam_secconfdir}/pam_env.conf
+%config(noreplace) %{_pam_secconfdir}/time.conf
+%config(noreplace) %{_pam_secconfdir}/opasswd
+%dir %{_pam_secconfdir}/console.apps
+%dir %{_pam_secconfdir}/console.perms.d
 %dir /var/run/console
 %if %{WITH_SELINUX}
-%config(noreplace) %{_secconfdir}/sepermit.conf
+%config(noreplace) %{_pam_secconfdir}/sepermit.conf
 %dir /var/run/sepermit
 %endif
 %dir /var/run/faillock
@ -384,6 +384,9 @@ test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \
 exit 0

 %changelog
+* Thu Jul 22 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-9
+- Add macros file to allow other packages to stop hardcoding directory names
+
 * Fri Jul  9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-8
 - Fix issues detected by covscan tool