- allow the package to build without SELinux and audit support (#431415)
- macro usage cleanup
This commit is contained in:
parent
b6b1e29706
commit
717cfde74b
207
pam.spec
207
pam.spec
@ -1,9 +1,3 @@
|
|||||||
%define WITH_AUDIT 1
|
|
||||||
|
|
||||||
%define _sbindir /sbin
|
|
||||||
%define _sysconfdir /etc
|
|
||||||
|
|
||||||
%define pwdb_version 0.62
|
|
||||||
%define db_version 4.6.19
|
%define db_version 4.6.19
|
||||||
%define db_conflicting_version 4.7.0
|
%define db_conflicting_version 4.7.0
|
||||||
%define pam_redhat_version 0.99.8-1
|
%define pam_redhat_version 0.99.8-1
|
||||||
@ -11,7 +5,7 @@
|
|||||||
Summary: A security tool which provides authentication for applications
|
Summary: A security tool which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 0.99.8.1
|
Version: 0.99.8.1
|
||||||
Release: 17%{?dist}
|
Release: 18%{?dist}
|
||||||
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
||||||
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
||||||
# pam_rhosts_auth module is BSD with advertising
|
# pam_rhosts_auth module is BSD with advertising
|
||||||
@ -50,6 +44,18 @@ Patch51: pam-0.99.8.1-audit-failed.patch
|
|||||||
Patch52: pam-0.99.8.1-setkeycreatecon.patch
|
Patch52: pam-0.99.8.1-setkeycreatecon.patch
|
||||||
Patch53: pam-0.99.8.1-sepermit-kill-user.patch
|
Patch53: pam-0.99.8.1-sepermit-kill-user.patch
|
||||||
|
|
||||||
|
%define _sbindir /sbin
|
||||||
|
%define _moduledir /%{_lib}/security
|
||||||
|
%define _secconfdir %{_sysconfdir}/security
|
||||||
|
%define _pamconfdir %{_sysconfdir}/pam.d
|
||||||
|
|
||||||
|
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
|
||||||
|
%define WITH_SELINUX 1
|
||||||
|
%endif
|
||||||
|
%if %{?WITH_AUDIT:0}%{!?WITH_AUDIT:1}
|
||||||
|
%define WITH_AUDIT 1
|
||||||
|
%endif
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
Requires: cracklib, cracklib-dicts >= 2.8
|
Requires: cracklib, cracklib-dicts >= 2.8
|
||||||
Requires(post): coreutils, /sbin/ldconfig
|
Requires(post): coreutils, /sbin/ldconfig
|
||||||
@ -62,8 +68,10 @@ BuildRequires: perl, pkgconfig, gettext
|
|||||||
BuildRequires: audit-libs-devel >= 1.0.8
|
BuildRequires: audit-libs-devel >= 1.0.8
|
||||||
Requires: audit-libs >= 1.0.8
|
Requires: audit-libs >= 1.0.8
|
||||||
%endif
|
%endif
|
||||||
|
%if %{WITH_SELINUX}
|
||||||
BuildRequires: libselinux-devel >= 1.33.2
|
BuildRequires: libselinux-devel >= 1.33.2
|
||||||
Requires: libselinux >= 1.33.2
|
Requires: libselinux >= 1.33.2
|
||||||
|
%endif
|
||||||
BuildRequires: glibc >= 2.3.90-37
|
BuildRequires: glibc >= 2.3.90-37
|
||||||
Requires: glibc >= 2.3.90-37
|
Requires: glibc >= 2.3.90-37
|
||||||
# Following deps are necessary only to build the pam library documentation.
|
# Following deps are necessary only to build the pam library documentation.
|
||||||
@ -161,7 +169,13 @@ LDFLAGS=-L${topdir}/%{_lib} ; export LDFLAGS
|
|||||||
%configure \
|
%configure \
|
||||||
--libdir=/%{_lib} \
|
--libdir=/%{_lib} \
|
||||||
--includedir=%{_includedir}/security \
|
--includedir=%{_includedir}/security \
|
||||||
--enable-isadir=../../%{_lib}/security \
|
--enable-isadir=../..%{_moduledir} \
|
||||||
|
%if ! %{WITH_SELINUX}
|
||||||
|
--disable-selinux \
|
||||||
|
%endif
|
||||||
|
%if ! %{WITH_AUDIT}
|
||||||
|
--disable-audit \
|
||||||
|
%endif
|
||||||
--with-db-uniquename=_pam
|
--with-db-uniquename=_pam
|
||||||
make
|
make
|
||||||
# we do not use _smp_mflags because the build of sources in yacc/flex fails
|
# we do not use _smp_mflags because the build of sources in yacc/flex fails
|
||||||
@ -183,11 +197,11 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
|
|||||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
|
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
|
||||||
|
|
||||||
# Install default configuration files.
|
# Install default configuration files.
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
|
install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
|
||||||
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/other
|
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
|
||||||
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/system-auth
|
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
|
||||||
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/config-util
|
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
|
||||||
install -m 600 /dev/null $RPM_BUILD_ROOT%{_sysconfdir}/security/opasswd
|
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
|
||||||
install -d -m 755 $RPM_BUILD_ROOT/var/log
|
install -d -m 755 $RPM_BUILD_ROOT/var/log
|
||||||
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
|
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
|
||||||
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
|
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
|
||||||
@ -196,7 +210,7 @@ install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
|
|||||||
install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
|
install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
|
||||||
|
|
||||||
for phase in auth acct passwd session ; do
|
for phase in auth acct passwd session ; do
|
||||||
ln -sf pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/pam_unix_${phase}.so
|
ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so
|
||||||
done
|
done
|
||||||
|
|
||||||
# Remove .la files and make new .so links -- this depends on the value
|
# Remove .la files and make new .so links -- this depends on the value
|
||||||
@ -209,12 +223,12 @@ popd
|
|||||||
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.so
|
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.so
|
||||||
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.la
|
rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.la
|
||||||
done
|
done
|
||||||
rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.la
|
rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
|
||||||
|
|
||||||
# Duplicate doc file sets.
|
# Duplicate doc file sets.
|
||||||
rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam
|
rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam
|
||||||
|
|
||||||
# Create /lib/security in case it isn't the same as /%{_lib}/security.
|
# Create /lib/security in case it isn't the same as %{_moduledir}.
|
||||||
install -m755 -d $RPM_BUILD_ROOT/lib/security
|
install -m755 -d $RPM_BUILD_ROOT/lib/security
|
||||||
|
|
||||||
%find_lang Linux-PAM
|
%find_lang Linux-PAM
|
||||||
@ -223,7 +237,10 @@ install -m755 -d $RPM_BUILD_ROOT/lib/security
|
|||||||
# Make sure every module subdirectory gave us a module. Yes, this is hackish.
|
# Make sure every module subdirectory gave us a module. Yes, this is hackish.
|
||||||
for dir in modules/pam_* ; do
|
for dir in modules/pam_* ; do
|
||||||
if [ -d ${dir} ] ; then
|
if [ -d ${dir} ] ; then
|
||||||
if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
|
%if ! %{WITH_SELINUX}
|
||||||
|
[ ${dir} = "modules/pam_selinux" ] && continue
|
||||||
|
%endif
|
||||||
|
if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
|
||||||
echo ERROR `basename ${dir}` did not build a module.
|
echo ERROR `basename ${dir}` did not build a module.
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
@ -233,7 +250,7 @@ done
|
|||||||
# Check for module problems. Specifically, check that every module we just
|
# Check for module problems. Specifically, check that every module we just
|
||||||
# installed can actually be loaded by a minimal PAM-aware application.
|
# installed can actually be loaded by a minimal PAM-aware application.
|
||||||
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
|
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
|
||||||
for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
|
for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
|
||||||
if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
|
if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
|
||||||
%{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
|
%{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
|
||||||
echo ERROR module: ${module} cannot be loaded.
|
echo ERROR module: ${module} cannot be loaded.
|
||||||
@ -265,10 +282,10 @@ fi
|
|||||||
|
|
||||||
%files -f Linux-PAM.lang
|
%files -f Linux-PAM.lang
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%dir /etc/pam.d
|
%dir %{_pamconfdir}
|
||||||
%config(noreplace) /etc/pam.d/other
|
%config(noreplace) %{_pamconfdir}/other
|
||||||
%config(noreplace) /etc/pam.d/system-auth
|
%config(noreplace) %{_pamconfdir}/system-auth
|
||||||
%config(noreplace) /etc/pam.d/config-util
|
%config(noreplace) %{_pamconfdir}/config-util
|
||||||
%doc Copyright
|
%doc Copyright
|
||||||
%doc doc/txts
|
%doc doc/txts
|
||||||
%doc doc/sag/*.txt doc/sag/html
|
%doc doc/sag/*.txt doc/sag/html
|
||||||
@ -285,76 +302,78 @@ fi
|
|||||||
%if %{_lib} != lib
|
%if %{_lib} != lib
|
||||||
%dir /lib/security
|
%dir /lib/security
|
||||||
%endif
|
%endif
|
||||||
%dir /%{_lib}/security
|
%dir %{_moduledir}
|
||||||
/%{_lib}/security/pam_access.so
|
%{_moduledir}/pam_access.so
|
||||||
/%{_lib}/security/pam_chroot.so
|
%{_moduledir}/pam_chroot.so
|
||||||
/%{_lib}/security/pam_console.so
|
%{_moduledir}/pam_console.so
|
||||||
/%{_lib}/security/pam_cracklib.so
|
%{_moduledir}/pam_cracklib.so
|
||||||
/%{_lib}/security/pam_debug.so
|
%{_moduledir}/pam_debug.so
|
||||||
/%{_lib}/security/pam_deny.so
|
%{_moduledir}/pam_deny.so
|
||||||
/%{_lib}/security/pam_echo.so
|
%{_moduledir}/pam_echo.so
|
||||||
/%{_lib}/security/pam_env.so
|
%{_moduledir}/pam_env.so
|
||||||
/%{_lib}/security/pam_exec.so
|
%{_moduledir}/pam_exec.so
|
||||||
/%{_lib}/security/pam_faildelay.so
|
%{_moduledir}/pam_faildelay.so
|
||||||
/%{_lib}/security/pam_filter.so
|
%{_moduledir}/pam_filter.so
|
||||||
/%{_lib}/security/pam_ftp.so
|
%{_moduledir}/pam_ftp.so
|
||||||
/%{_lib}/security/pam_group.so
|
%{_moduledir}/pam_group.so
|
||||||
/%{_lib}/security/pam_issue.so
|
%{_moduledir}/pam_issue.so
|
||||||
/%{_lib}/security/pam_keyinit.so
|
%{_moduledir}/pam_keyinit.so
|
||||||
/%{_lib}/security/pam_lastlog.so
|
%{_moduledir}/pam_lastlog.so
|
||||||
/%{_lib}/security/pam_limits.so
|
%{_moduledir}/pam_limits.so
|
||||||
/%{_lib}/security/pam_listfile.so
|
%{_moduledir}/pam_listfile.so
|
||||||
/%{_lib}/security/pam_localuser.so
|
%{_moduledir}/pam_localuser.so
|
||||||
/%{_lib}/security/pam_loginuid.so
|
%{_moduledir}/pam_loginuid.so
|
||||||
/%{_lib}/security/pam_mail.so
|
%{_moduledir}/pam_mail.so
|
||||||
/%{_lib}/security/pam_mkhomedir.so
|
%{_moduledir}/pam_mkhomedir.so
|
||||||
/%{_lib}/security/pam_motd.so
|
%{_moduledir}/pam_motd.so
|
||||||
/%{_lib}/security/pam_namespace.so
|
%{_moduledir}/pam_namespace.so
|
||||||
/%{_lib}/security/pam_nologin.so
|
%{_moduledir}/pam_nologin.so
|
||||||
/%{_lib}/security/pam_permit.so
|
%{_moduledir}/pam_permit.so
|
||||||
/%{_lib}/security/pam_postgresok.so
|
%{_moduledir}/pam_postgresok.so
|
||||||
/%{_lib}/security/pam_rhosts.so
|
%{_moduledir}/pam_rhosts.so
|
||||||
/%{_lib}/security/pam_rhosts_auth.so
|
%{_moduledir}/pam_rhosts_auth.so
|
||||||
/%{_lib}/security/pam_rootok.so
|
%{_moduledir}/pam_rootok.so
|
||||||
/%{_lib}/security/pam_rps.so
|
%{_moduledir}/pam_rps.so
|
||||||
/%{_lib}/security/pam_selinux.so
|
%if %{WITH_SELINUX}
|
||||||
/%{_lib}/security/pam_selinux_permit.so
|
%{_moduledir}/pam_selinux.so
|
||||||
/%{_lib}/security/pam_securetty.so
|
%{_moduledir}/pam_selinux_permit.so
|
||||||
/%{_lib}/security/pam_shells.so
|
%endif
|
||||||
/%{_lib}/security/pam_stress.so
|
%{_moduledir}/pam_securetty.so
|
||||||
/%{_lib}/security/pam_succeed_if.so
|
%{_moduledir}/pam_shells.so
|
||||||
/%{_lib}/security/pam_tally.so
|
%{_moduledir}/pam_stress.so
|
||||||
/%{_lib}/security/pam_tally2.so
|
%{_moduledir}/pam_succeed_if.so
|
||||||
/%{_lib}/security/pam_time.so
|
%{_moduledir}/pam_tally.so
|
||||||
/%{_lib}/security/pam_timestamp.so
|
%{_moduledir}/pam_tally2.so
|
||||||
/%{_lib}/security/pam_tty_audit.so
|
%{_moduledir}/pam_time.so
|
||||||
/%{_lib}/security/pam_umask.so
|
%{_moduledir}/pam_timestamp.so
|
||||||
/%{_lib}/security/pam_unix.so
|
%{_moduledir}/pam_tty_audit.so
|
||||||
/%{_lib}/security/pam_unix_acct.so
|
%{_moduledir}/pam_umask.so
|
||||||
/%{_lib}/security/pam_unix_auth.so
|
%{_moduledir}/pam_unix.so
|
||||||
/%{_lib}/security/pam_unix_passwd.so
|
%{_moduledir}/pam_unix_acct.so
|
||||||
/%{_lib}/security/pam_unix_session.so
|
%{_moduledir}/pam_unix_auth.so
|
||||||
/%{_lib}/security/pam_userdb.so
|
%{_moduledir}/pam_unix_passwd.so
|
||||||
/%{_lib}/security/pam_warn.so
|
%{_moduledir}/pam_unix_session.so
|
||||||
/%{_lib}/security/pam_wheel.so
|
%{_moduledir}/pam_userdb.so
|
||||||
/%{_lib}/security/pam_xauth.so
|
%{_moduledir}/pam_warn.so
|
||||||
/%{_lib}/security/pam_filter
|
%{_moduledir}/pam_wheel.so
|
||||||
%dir %{_sysconfdir}/security
|
%{_moduledir}/pam_xauth.so
|
||||||
%config(noreplace) %{_sysconfdir}/security/access.conf
|
%{_moduledir}/pam_filter
|
||||||
%config(noreplace) %{_sysconfdir}/security/chroot.conf
|
%dir %{_secconfdir}
|
||||||
%config %{_sysconfdir}/security/console.perms
|
%config(noreplace) %{_secconfdir}/access.conf
|
||||||
%config(noreplace) %{_sysconfdir}/security/console.handlers
|
%config(noreplace) %{_secconfdir}/chroot.conf
|
||||||
%config(noreplace) %{_sysconfdir}/security/group.conf
|
%config %{_secconfdir}/console.perms
|
||||||
%config(noreplace) %{_sysconfdir}/security/limits.conf
|
%config(noreplace) %{_secconfdir}/console.handlers
|
||||||
%config(noreplace) %{_sysconfdir}/security/namespace.conf
|
%config(noreplace) %{_secconfdir}/group.conf
|
||||||
%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init
|
%config(noreplace) %{_secconfdir}/limits.conf
|
||||||
%config(noreplace) %{_sysconfdir}/security/pam_env.conf
|
%config(noreplace) %{_secconfdir}/namespace.conf
|
||||||
%config(noreplace) %{_sysconfdir}/security/sepermit.conf
|
%attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init
|
||||||
%config(noreplace) %{_sysconfdir}/security/time.conf
|
%config(noreplace) %{_secconfdir}/pam_env.conf
|
||||||
%config(noreplace) %{_sysconfdir}/security/opasswd
|
%config(noreplace) %{_secconfdir}/sepermit.conf
|
||||||
%dir %{_sysconfdir}/security/console.apps
|
%config(noreplace) %{_secconfdir}/time.conf
|
||||||
%dir %{_sysconfdir}/security/console.perms.d
|
%config(noreplace) %{_secconfdir}/opasswd
|
||||||
%config %{_sysconfdir}/security/console.perms.d/50-default.perms
|
%dir %{_secconfdir}/console.apps
|
||||||
|
%dir %{_secconfdir}/console.perms.d
|
||||||
|
%config %{_secconfdir}/console.perms.d/50-default.perms
|
||||||
%dir /var/run/console
|
%dir /var/run/console
|
||||||
%dir /var/run/sepermit
|
%dir /var/run/sepermit
|
||||||
%ghost %verify(not md5 size mtime) /var/log/faillog
|
%ghost %verify(not md5 size mtime) /var/log/faillog
|
||||||
@ -373,6 +392,10 @@ fi
|
|||||||
%doc doc/adg/*.txt doc/adg/html
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 4 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-18
|
||||||
|
- allow the package to build without SELinux and audit support (#431415)
|
||||||
|
- macro usage cleanup
|
||||||
|
|
||||||
* Mon Jan 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-17
|
* Mon Jan 28 2008 Tomas Mraz <tmraz@redhat.com> 0.99.8.1-17
|
||||||
- test for setkeycreatecon correctly
|
- test for setkeycreatecon correctly
|
||||||
- add exclusive login mode of operation to pam_selinux_permit (original
|
- add exclusive login mode of operation to pam_selinux_permit (original
|
||||||
|
Loading…
Reference in New Issue
Block a user