- allow the package to build without SELinux and audit support (#431415)

- macro usage cleanup
This commit is contained in:
Tomáš Mráz 2008-02-04 13:06:18 +00:00
parent b6b1e29706
commit 717cfde74b

207
pam.spec
View File

@ -1,9 +1,3 @@
%define WITH_AUDIT 1
%define _sbindir /sbin
%define _sysconfdir /etc
%define pwdb_version 0.62
%define db_version 4.6.19 %define db_version 4.6.19
%define db_conflicting_version 4.7.0 %define db_conflicting_version 4.7.0
%define pam_redhat_version 0.99.8-1 %define pam_redhat_version 0.99.8-1
@ -11,7 +5,7 @@
Summary: A security tool which provides authentication for applications Summary: A security tool which provides authentication for applications
Name: pam Name: pam
Version: 0.99.8.1 Version: 0.99.8.1
Release: 17%{?dist} Release: 18%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising # pam_rhosts_auth module is BSD with advertising
@ -50,6 +44,18 @@ Patch51: pam-0.99.8.1-audit-failed.patch
Patch52: pam-0.99.8.1-setkeycreatecon.patch Patch52: pam-0.99.8.1-setkeycreatecon.patch
Patch53: pam-0.99.8.1-sepermit-kill-user.patch Patch53: pam-0.99.8.1-sepermit-kill-user.patch
%define _sbindir /sbin
%define _moduledir /%{_lib}/security
%define _secconfdir %{_sysconfdir}/security
%define _pamconfdir %{_sysconfdir}/pam.d
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
%define WITH_SELINUX 1
%endif
%if %{?WITH_AUDIT:0}%{!?WITH_AUDIT:1}
%define WITH_AUDIT 1
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: cracklib, cracklib-dicts >= 2.8 Requires: cracklib, cracklib-dicts >= 2.8
Requires(post): coreutils, /sbin/ldconfig Requires(post): coreutils, /sbin/ldconfig
@ -62,8 +68,10 @@ BuildRequires: perl, pkgconfig, gettext
BuildRequires: audit-libs-devel >= 1.0.8 BuildRequires: audit-libs-devel >= 1.0.8
Requires: audit-libs >= 1.0.8 Requires: audit-libs >= 1.0.8
%endif %endif
%if %{WITH_SELINUX}
BuildRequires: libselinux-devel >= 1.33.2 BuildRequires: libselinux-devel >= 1.33.2
Requires: libselinux >= 1.33.2 Requires: libselinux >= 1.33.2
%endif
BuildRequires: glibc >= 2.3.90-37 BuildRequires: glibc >= 2.3.90-37
Requires: glibc >= 2.3.90-37 Requires: glibc >= 2.3.90-37
# Following deps are necessary only to build the pam library documentation. # Following deps are necessary only to build the pam library documentation.
@ -161,7 +169,13 @@ LDFLAGS=-L${topdir}/%{_lib} ; export LDFLAGS
%configure \ %configure \
--libdir=/%{_lib} \ --libdir=/%{_lib} \
--includedir=%{_includedir}/security \ --includedir=%{_includedir}/security \
--enable-isadir=../../%{_lib}/security \ --enable-isadir=../..%{_moduledir} \
%if ! %{WITH_SELINUX}
--disable-selinux \
%endif
%if ! %{WITH_AUDIT}
--disable-audit \
%endif
--with-db-uniquename=_pam --with-db-uniquename=_pam
make make
# we do not use _smp_mflags because the build of sources in yacc/flex fails # we do not use _smp_mflags because the build of sources in yacc/flex fails
@ -183,11 +197,11 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
# Install default configuration files. # Install default configuration files.
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/other install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/system-auth install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/config-util install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
install -m 600 /dev/null $RPM_BUILD_ROOT%{_sysconfdir}/security/opasswd install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
install -d -m 755 $RPM_BUILD_ROOT/var/log install -d -m 755 $RPM_BUILD_ROOT/var/log
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
@ -196,7 +210,7 @@ install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/ install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
for phase in auth acct passwd session ; do for phase in auth acct passwd session ; do
ln -sf pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/pam_unix_${phase}.so ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so
done done
# Remove .la files and make new .so links -- this depends on the value # Remove .la files and make new .so links -- this depends on the value
@ -209,12 +223,12 @@ popd
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.so rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.so
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.la rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.la
done done
rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.la rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
# Duplicate doc file sets. # Duplicate doc file sets.
rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam
# Create /lib/security in case it isn't the same as /%{_lib}/security. # Create /lib/security in case it isn't the same as %{_moduledir}.
install -m755 -d $RPM_BUILD_ROOT/lib/security install -m755 -d $RPM_BUILD_ROOT/lib/security
%find_lang Linux-PAM %find_lang Linux-PAM
@ -223,7 +237,10 @@ install -m755 -d $RPM_BUILD_ROOT/lib/security
# Make sure every module subdirectory gave us a module. Yes, this is hackish. # Make sure every module subdirectory gave us a module. Yes, this is hackish.
for dir in modules/pam_* ; do for dir in modules/pam_* ; do
if [ -d ${dir} ] ; then if [ -d ${dir} ] ; then
if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then %if ! %{WITH_SELINUX}
[ ${dir} = "modules/pam_selinux" ] && continue
%endif
if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
echo ERROR `basename ${dir}` did not build a module. echo ERROR `basename ${dir}` did not build a module.
exit 1 exit 1
fi fi
@ -233,7 +250,7 @@ done
# Check for module problems. Specifically, check that every module we just # Check for module problems. Specifically, check that every module we just
# installed can actually be loaded by a minimal PAM-aware application. # installed can actually be loaded by a minimal PAM-aware application.
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib} /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \ if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
%{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then %{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
echo ERROR module: ${module} cannot be loaded. echo ERROR module: ${module} cannot be loaded.
@ -265,10 +282,10 @@ fi
%files -f Linux-PAM.lang %files -f Linux-PAM.lang
%defattr(-,root,root) %defattr(-,root,root)
%dir /etc/pam.d %dir %{_pamconfdir}
%config(noreplace) /etc/pam.d/other %config(noreplace) %{_pamconfdir}/other
%config(noreplace) /etc/pam.d/system-auth %config(noreplace) %{_pamconfdir}/system-auth
%config(noreplace) /etc/pam.d/config-util %config(noreplace) %{_pamconfdir}/config-util
%doc Copyright %doc Copyright
%doc doc/txts %doc doc/txts
%doc doc/sag/*.txt doc/sag/html %doc doc/sag/*.txt doc/sag/html
@ -285,76 +302,78 @@ fi
%if %{_lib} != lib %if %{_lib} != lib
%dir /lib/security %dir /lib/security
%endif %endif
%dir /%{_lib}/security %dir %{_moduledir}
/%{_lib}/security/pam_access.so %{_moduledir}/pam_access.so
/%{_lib}/security/pam_chroot.so %{_moduledir}/pam_chroot.so
/%{_lib}/security/pam_console.so %{_moduledir}/pam_console.so
/%{_lib}/security/pam_cracklib.so %{_moduledir}/pam_cracklib.so
/%{_lib}/security/pam_debug.so %{_moduledir}/pam_debug.so
/%{_lib}/security/pam_deny.so %{_moduledir}/pam_deny.so
/%{_lib}/security/pam_echo.so %{_moduledir}/pam_echo.so
/%{_lib}/security/pam_env.so %{_moduledir}/pam_env.so
/%{_lib}/security/pam_exec.so %{_moduledir}/pam_exec.so
/%{_lib}/security/pam_faildelay.so %{_moduledir}/pam_faildelay.so
/%{_lib}/security/pam_filter.so %{_moduledir}/pam_filter.so
/%{_lib}/security/pam_ftp.so %{_moduledir}/pam_ftp.so
/%{_lib}/security/pam_group.so %{_moduledir}/pam_group.so
/%{_lib}/security/pam_issue.so %{_moduledir}/pam_issue.so
/%{_lib}/security/pam_keyinit.so %{_moduledir}/pam_keyinit.so
/%{_lib}/security/pam_lastlog.so %{_moduledir}/pam_lastlog.so
/%{_lib}/security/pam_limits.so %{_moduledir}/pam_limits.so
/%{_lib}/security/pam_listfile.so %{_moduledir}/pam_listfile.so
/%{_lib}/security/pam_localuser.so %{_moduledir}/pam_localuser.so
/%{_lib}/security/pam_loginuid.so %{_moduledir}/pam_loginuid.so
/%{_lib}/security/pam_mail.so %{_moduledir}/pam_mail.so
/%{_lib}/security/pam_mkhomedir.so %{_moduledir}/pam_mkhomedir.so
/%{_lib}/security/pam_motd.so %{_moduledir}/pam_motd.so
/%{_lib}/security/pam_namespace.so %{_moduledir}/pam_namespace.so
/%{_lib}/security/pam_nologin.so %{_moduledir}/pam_nologin.so
/%{_lib}/security/pam_permit.so %{_moduledir}/pam_permit.so
/%{_lib}/security/pam_postgresok.so %{_moduledir}/pam_postgresok.so
/%{_lib}/security/pam_rhosts.so %{_moduledir}/pam_rhosts.so
/%{_lib}/security/pam_rhosts_auth.so %{_moduledir}/pam_rhosts_auth.so
/%{_lib}/security/pam_rootok.so %{_moduledir}/pam_rootok.so
/%{_lib}/security/pam_rps.so %{_moduledir}/pam_rps.so
/%{_lib}/security/pam_selinux.so %if %{WITH_SELINUX}
/%{_lib}/security/pam_selinux_permit.so %{_moduledir}/pam_selinux.so
/%{_lib}/security/pam_securetty.so %{_moduledir}/pam_selinux_permit.so
/%{_lib}/security/pam_shells.so %endif
/%{_lib}/security/pam_stress.so %{_moduledir}/pam_securetty.so
/%{_lib}/security/pam_succeed_if.so %{_moduledir}/pam_shells.so
/%{_lib}/security/pam_tally.so %{_moduledir}/pam_stress.so
/%{_lib}/security/pam_tally2.so %{_moduledir}/pam_succeed_if.so
/%{_lib}/security/pam_time.so %{_moduledir}/pam_tally.so
/%{_lib}/security/pam_timestamp.so %{_moduledir}/pam_tally2.so
/%{_lib}/security/pam_tty_audit.so %{_moduledir}/pam_time.so
/%{_lib}/security/pam_umask.so %{_moduledir}/pam_timestamp.so
/%{_lib}/security/pam_unix.so %{_moduledir}/pam_tty_audit.so
/%{_lib}/security/pam_unix_acct.so %{_moduledir}/pam_umask.so
/%{_lib}/security/pam_unix_auth.so %{_moduledir}/pam_unix.so
/%{_lib}/security/pam_unix_passwd.so %{_moduledir}/pam_unix_acct.so
/%{_lib}/security/pam_unix_session.so %{_moduledir}/pam_unix_auth.so
/%{_lib}/security/pam_userdb.so %{_moduledir}/pam_unix_passwd.so
/%{_lib}/security/pam_warn.so %{_moduledir}/pam_unix_session.so
/%{_lib}/security/pam_wheel.so %{_moduledir}/pam_userdb.so
/%{_lib}/security/pam_xauth.so %{_moduledir}/pam_warn.so
/%{_lib}/security/pam_filter %{_moduledir}/pam_wheel.so
%dir %{_sysconfdir}/security %{_moduledir}/pam_xauth.so
%config(noreplace) %{_sysconfdir}/security/access.conf %{_moduledir}/pam_filter
%config(noreplace) %{_sysconfdir}/security/chroot.conf %dir %{_secconfdir}
%config %{_sysconfdir}/security/console.perms %config(noreplace) %{_secconfdir}/access.conf
%config(noreplace) %{_sysconfdir}/security/console.handlers %config(noreplace) %{_secconfdir}/chroot.conf
%config(noreplace) %{_sysconfdir}/security/group.conf %config %{_secconfdir}/console.perms
%config(noreplace) %{_sysconfdir}/security/limits.conf %config(noreplace) %{_secconfdir}/console.handlers
%config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_secconfdir}/group.conf
%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init %config(noreplace) %{_secconfdir}/limits.conf
%config(noreplace) %{_sysconfdir}/security/pam_env.conf %config(noreplace) %{_secconfdir}/namespace.conf
%config(noreplace) %{_sysconfdir}/security/sepermit.conf %attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init
%config(noreplace) %{_sysconfdir}/security/time.conf %config(noreplace) %{_secconfdir}/pam_env.conf
%config(noreplace) %{_sysconfdir}/security/opasswd %config(noreplace) %{_secconfdir}/sepermit.conf
%dir %{_sysconfdir}/security/console.apps %config(noreplace) %{_secconfdir}/time.conf
%dir %{_sysconfdir}/security/console.perms.d %config(noreplace) %{_secconfdir}/opasswd
%config %{_sysconfdir}/security/console.perms.d/50-default.perms %dir %{_secconfdir}/console.apps
%dir %{_secconfdir}/console.perms.d
%config %{_secconfdir}/console.perms.d/50-default.perms
%dir /var/run/console %dir /var/run/console
%dir /var/run/sepermit %dir /var/run/sepermit
%ghost %verify(not md5 size mtime) /var/log/faillog %ghost %verify(not md5 size mtime) /var/log/faillog
@ -373,6 +392,10 @@ fi
%doc doc/adg/*.txt doc/adg/html %doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Mon Feb 4 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-18
- allow the package to build without SELinux and audit support (#431415)
- macro usage cleanup
* Mon Jan 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-17 * Mon Jan 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-17
- test for setkeycreatecon correctly - test for setkeycreatecon correctly
- add exclusive login mode of operation to pam_selinux_permit (original - add exclusive login mode of operation to pam_selinux_permit (original