From 717cfde74bf96e9a6dfa44db144af9f808de712a Mon Sep 17 00:00:00 2001 From: Tomáš Mráz Date: Feb 04 2008 13:06:18 +0000 Subject: - allow the package to build without SELinux and audit support (#431415) - macro usage cleanup --- diff --git a/pam.spec b/pam.spec index c9240bc..98dd4c1 100644 --- a/pam.spec +++ b/pam.spec @@ -1,9 +1,3 @@ -%define WITH_AUDIT 1 - -%define _sbindir /sbin -%define _sysconfdir /etc - -%define pwdb_version 0.62 %define db_version 4.6.19 %define db_conflicting_version 4.7.0 %define pam_redhat_version 0.99.8-1 @@ -11,7 +5,7 @@ Summary: A security tool which provides authentication for applications Name: pam Version: 0.99.8.1 -Release: 17%{?dist} +Release: 18%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # pam_rhosts_auth module is BSD with advertising @@ -50,6 +44,18 @@ Patch51: pam-0.99.8.1-audit-failed.patch Patch52: pam-0.99.8.1-setkeycreatecon.patch Patch53: pam-0.99.8.1-sepermit-kill-user.patch +%define _sbindir /sbin +%define _moduledir /%{_lib}/security +%define _secconfdir %{_sysconfdir}/security +%define _pamconfdir %{_sysconfdir}/pam.d + +%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} +%define WITH_SELINUX 1 +%endif +%if %{?WITH_AUDIT:0}%{!?WITH_AUDIT:1} +%define WITH_AUDIT 1 +%endif + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: cracklib, cracklib-dicts >= 2.8 Requires(post): coreutils, /sbin/ldconfig @@ -62,8 +68,10 @@ BuildRequires: perl, pkgconfig, gettext BuildRequires: audit-libs-devel >= 1.0.8 Requires: audit-libs >= 1.0.8 %endif +%if %{WITH_SELINUX} BuildRequires: libselinux-devel >= 1.33.2 Requires: libselinux >= 1.33.2 +%endif BuildRequires: glibc >= 2.3.90-37 Requires: glibc >= 2.3.90-37 # Following deps are necessary only to build the pam library documentation. @@ -161,7 +169,13 @@ LDFLAGS=-L${topdir}/%{_lib} ; export LDFLAGS %configure \ --libdir=/%{_lib} \ --includedir=%{_includedir}/security \ - --enable-isadir=../../%{_lib}/security \ + --enable-isadir=../..%{_moduledir} \ +%if ! %{WITH_SELINUX} + --disable-selinux \ +%endif +%if ! %{WITH_AUDIT} + --disable-audit \ +%endif --with-db-uniquename=_pam make # we do not use _smp_mflags because the build of sources in yacc/flex fails @@ -183,11 +197,11 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment # Install default configuration files. -install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d -install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/other -install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/system-auth -install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/config-util -install -m 600 /dev/null $RPM_BUILD_ROOT%{_sysconfdir}/security/opasswd +install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir} +install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other +install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth +install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/config-util +install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd install -d -m 755 $RPM_BUILD_ROOT/var/log install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog @@ -196,7 +210,7 @@ install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/ for phase in auth acct passwd session ; do - ln -sf pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/pam_unix_${phase}.so + ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so done # Remove .la files and make new .so links -- this depends on the value @@ -209,12 +223,12 @@ popd rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.so rm -f $RPM_BUILD_ROOT/%{_lib}/${lib}.la done -rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.la +rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la # Duplicate doc file sets. rm -fr $RPM_BUILD_ROOT/usr/share/doc/pam -# Create /lib/security in case it isn't the same as /%{_lib}/security. +# Create /lib/security in case it isn't the same as %{_moduledir}. install -m755 -d $RPM_BUILD_ROOT/lib/security %find_lang Linux-PAM @@ -223,7 +237,10 @@ install -m755 -d $RPM_BUILD_ROOT/lib/security # Make sure every module subdirectory gave us a module. Yes, this is hackish. for dir in modules/pam_* ; do if [ -d ${dir} ] ; then - if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then +%if ! %{WITH_SELINUX} + [ ${dir} = "modules/pam_selinux" ] && continue +%endif + if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then echo ERROR `basename ${dir}` did not build a module. exit 1 fi @@ -233,7 +250,7 @@ done # Check for module problems. Specifically, check that every module we just # installed can actually be loaded by a minimal PAM-aware application. /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib} -for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do +for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \ %{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then echo ERROR module: ${module} cannot be loaded. @@ -265,10 +282,10 @@ fi %files -f Linux-PAM.lang %defattr(-,root,root) -%dir /etc/pam.d -%config(noreplace) /etc/pam.d/other -%config(noreplace) /etc/pam.d/system-auth -%config(noreplace) /etc/pam.d/config-util +%dir %{_pamconfdir} +%config(noreplace) %{_pamconfdir}/other +%config(noreplace) %{_pamconfdir}/system-auth +%config(noreplace) %{_pamconfdir}/config-util %doc Copyright %doc doc/txts %doc doc/sag/*.txt doc/sag/html @@ -285,76 +302,78 @@ fi %if %{_lib} != lib %dir /lib/security %endif -%dir /%{_lib}/security -/%{_lib}/security/pam_access.so -/%{_lib}/security/pam_chroot.so -/%{_lib}/security/pam_console.so -/%{_lib}/security/pam_cracklib.so -/%{_lib}/security/pam_debug.so -/%{_lib}/security/pam_deny.so -/%{_lib}/security/pam_echo.so -/%{_lib}/security/pam_env.so -/%{_lib}/security/pam_exec.so -/%{_lib}/security/pam_faildelay.so -/%{_lib}/security/pam_filter.so -/%{_lib}/security/pam_ftp.so -/%{_lib}/security/pam_group.so -/%{_lib}/security/pam_issue.so -/%{_lib}/security/pam_keyinit.so -/%{_lib}/security/pam_lastlog.so -/%{_lib}/security/pam_limits.so -/%{_lib}/security/pam_listfile.so -/%{_lib}/security/pam_localuser.so -/%{_lib}/security/pam_loginuid.so -/%{_lib}/security/pam_mail.so -/%{_lib}/security/pam_mkhomedir.so -/%{_lib}/security/pam_motd.so -/%{_lib}/security/pam_namespace.so -/%{_lib}/security/pam_nologin.so -/%{_lib}/security/pam_permit.so -/%{_lib}/security/pam_postgresok.so -/%{_lib}/security/pam_rhosts.so -/%{_lib}/security/pam_rhosts_auth.so -/%{_lib}/security/pam_rootok.so -/%{_lib}/security/pam_rps.so -/%{_lib}/security/pam_selinux.so -/%{_lib}/security/pam_selinux_permit.so -/%{_lib}/security/pam_securetty.so -/%{_lib}/security/pam_shells.so -/%{_lib}/security/pam_stress.so -/%{_lib}/security/pam_succeed_if.so -/%{_lib}/security/pam_tally.so -/%{_lib}/security/pam_tally2.so -/%{_lib}/security/pam_time.so -/%{_lib}/security/pam_timestamp.so -/%{_lib}/security/pam_tty_audit.so -/%{_lib}/security/pam_umask.so -/%{_lib}/security/pam_unix.so -/%{_lib}/security/pam_unix_acct.so -/%{_lib}/security/pam_unix_auth.so -/%{_lib}/security/pam_unix_passwd.so -/%{_lib}/security/pam_unix_session.so -/%{_lib}/security/pam_userdb.so -/%{_lib}/security/pam_warn.so -/%{_lib}/security/pam_wheel.so -/%{_lib}/security/pam_xauth.so -/%{_lib}/security/pam_filter -%dir %{_sysconfdir}/security -%config(noreplace) %{_sysconfdir}/security/access.conf -%config(noreplace) %{_sysconfdir}/security/chroot.conf -%config %{_sysconfdir}/security/console.perms -%config(noreplace) %{_sysconfdir}/security/console.handlers -%config(noreplace) %{_sysconfdir}/security/group.conf -%config(noreplace) %{_sysconfdir}/security/limits.conf -%config(noreplace) %{_sysconfdir}/security/namespace.conf -%attr(755,root,root) %config(noreplace) %{_sysconfdir}/security/namespace.init -%config(noreplace) %{_sysconfdir}/security/pam_env.conf -%config(noreplace) %{_sysconfdir}/security/sepermit.conf -%config(noreplace) %{_sysconfdir}/security/time.conf -%config(noreplace) %{_sysconfdir}/security/opasswd -%dir %{_sysconfdir}/security/console.apps -%dir %{_sysconfdir}/security/console.perms.d -%config %{_sysconfdir}/security/console.perms.d/50-default.perms +%dir %{_moduledir} +%{_moduledir}/pam_access.so +%{_moduledir}/pam_chroot.so +%{_moduledir}/pam_console.so +%{_moduledir}/pam_cracklib.so +%{_moduledir}/pam_debug.so +%{_moduledir}/pam_deny.so +%{_moduledir}/pam_echo.so +%{_moduledir}/pam_env.so +%{_moduledir}/pam_exec.so +%{_moduledir}/pam_faildelay.so +%{_moduledir}/pam_filter.so +%{_moduledir}/pam_ftp.so +%{_moduledir}/pam_group.so +%{_moduledir}/pam_issue.so +%{_moduledir}/pam_keyinit.so +%{_moduledir}/pam_lastlog.so +%{_moduledir}/pam_limits.so +%{_moduledir}/pam_listfile.so +%{_moduledir}/pam_localuser.so +%{_moduledir}/pam_loginuid.so +%{_moduledir}/pam_mail.so +%{_moduledir}/pam_mkhomedir.so +%{_moduledir}/pam_motd.so +%{_moduledir}/pam_namespace.so +%{_moduledir}/pam_nologin.so +%{_moduledir}/pam_permit.so +%{_moduledir}/pam_postgresok.so +%{_moduledir}/pam_rhosts.so +%{_moduledir}/pam_rhosts_auth.so +%{_moduledir}/pam_rootok.so +%{_moduledir}/pam_rps.so +%if %{WITH_SELINUX} +%{_moduledir}/pam_selinux.so +%{_moduledir}/pam_selinux_permit.so +%endif +%{_moduledir}/pam_securetty.so +%{_moduledir}/pam_shells.so +%{_moduledir}/pam_stress.so +%{_moduledir}/pam_succeed_if.so +%{_moduledir}/pam_tally.so +%{_moduledir}/pam_tally2.so +%{_moduledir}/pam_time.so +%{_moduledir}/pam_timestamp.so +%{_moduledir}/pam_tty_audit.so +%{_moduledir}/pam_umask.so +%{_moduledir}/pam_unix.so +%{_moduledir}/pam_unix_acct.so +%{_moduledir}/pam_unix_auth.so +%{_moduledir}/pam_unix_passwd.so +%{_moduledir}/pam_unix_session.so +%{_moduledir}/pam_userdb.so +%{_moduledir}/pam_warn.so +%{_moduledir}/pam_wheel.so +%{_moduledir}/pam_xauth.so +%{_moduledir}/pam_filter +%dir %{_secconfdir} +%config(noreplace) %{_secconfdir}/access.conf +%config(noreplace) %{_secconfdir}/chroot.conf +%config %{_secconfdir}/console.perms +%config(noreplace) %{_secconfdir}/console.handlers +%config(noreplace) %{_secconfdir}/group.conf +%config(noreplace) %{_secconfdir}/limits.conf +%config(noreplace) %{_secconfdir}/namespace.conf +%attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init +%config(noreplace) %{_secconfdir}/pam_env.conf +%config(noreplace) %{_secconfdir}/sepermit.conf +%config(noreplace) %{_secconfdir}/time.conf +%config(noreplace) %{_secconfdir}/opasswd +%dir %{_secconfdir}/console.apps +%dir %{_secconfdir}/console.perms.d +%config %{_secconfdir}/console.perms.d/50-default.perms %dir /var/run/console %dir /var/run/sepermit %ghost %verify(not md5 size mtime) /var/log/faillog @@ -373,6 +392,10 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Mon Feb 4 2008 Tomas Mraz 0.99.8.1-18 +- allow the package to build without SELinux and audit support (#431415) +- macro usage cleanup + * Mon Jan 28 2008 Tomas Mraz 0.99.8.1-17 - test for setkeycreatecon correctly - add exclusive login mode of operation to pam_selinux_permit (original