sudo-vl.spec 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317
  1. Summary: Allows command execution as root for specified users
  2. Summary(ja): スーパーユーザ権限でのコマンドの実行
  3. Name: sudo
  4. Version: 1.8.6p8
  5. Release: 1%{?_dist_release}
  6. License: ISC-style
  7. Group: Applications/System
  8. URL: http://www.sudo.ws/sudo/
  9. Source0: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz
  10. Source1: sudo-sudoers-vine
  11. Patch1: sudo-1.6.7p5-strip.patch
  12. Patch4: sudo-1.7.2p1-envdebug.patch
  13. Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
  14. BuildRequires: pam-devel
  15. BuildRequires: groff
  16. BuildRequires: flex
  17. BuildRequires: bison
  18. BuildRequires: openldap-devel
  19. BuildRequires: automake autoconf libtool
  20. BuildRequires: libcap-devel
  21. Vendor: Project Vine
  22. Distribution: Vine Linux
  23. %description
  24. Sudo (superuser do) allows a system administrator to give certain users
  25. (or groups of users) the ability to run some (or all) commands as root while
  26. logging all commands and arguments. Sudo operates on a per-command basis,
  27. it is not a replacement for the shell.
  28. %description -l ja
  29. sudo は、特定のユーザや特定のグループに所属するユーザが、スーパーユーザ権限で
  30. いくつかのコマンド操作を行うことを許可するためのプログラムです。
  31. %prep
  32. %setup -q
  33. %patch1 -p1 -b .strip
  34. %patch4 -p1 -b .envdebug
  35. autoreconf -I m4 -fv --install
  36. %build
  37. %configure \
  38. --prefix=%{_prefix} \
  39. --sbindir=%{_sbindir} \
  40. --libdir=%{_libdir} \
  41. --sysconfdir=%{_sysconfdir} \
  42. --docdir=%{_datadir}/doc/%{name}-%{version} \
  43. --with-iologdir=/var/log/sudo-io \
  44. --with-pam \
  45. --with-pam-login \
  46. --with-logging=syslog \
  47. --with-logfac=authpriv \
  48. --with-tty-tickets \
  49. --with-ignore-dot \
  50. --with-editor=/bin/vi \
  51. --with-env-editor \
  52. --with-ldap \
  53. --with-passprompt="[sudo] password for %p: " \
  54. --with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin" \
  55. --without-interfaces \
  56. --without-selinux
  57. make %{?_smp_mflags}
  58. %install
  59. rm -rf $RPM_BUILD_ROOT
  60. mkdir $RPM_BUILD_ROOT
  61. make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
  62. chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
  63. install -p -d -m 700 $RPM_BUILD_ROOT/var/run/sudo
  64. install -p -d -m 700 $RPM_BUILD_ROOT/var/log/sudo-io
  65. install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
  66. install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
  67. chmod +x $RPM_BUILD_ROOT%{_libexecdir}/*.so # for stripping, reset in %%files
  68. # Remove execute permission on this script so we don't pull in perl deps
  69. chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
  70. %find_lang sudo
  71. %find_lang sudoers
  72. cat sudo.lang sudoers.lang > sudo_all.lang
  73. rm sudo.lang sudoers.lang
  74. mkdir -p $RPM_BUILD_ROOT/etc/pam.d
  75. cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
  76. #%PAM-1.0
  77. auth include system-auth
  78. account include system-auth
  79. password include system-auth
  80. session optional pam_keyinit.so revoke
  81. session required pam_limits.so
  82. EOF
  83. cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
  84. #%PAM-1.0
  85. auth include sudo
  86. account include sudo
  87. password include sudo
  88. session optional pam_keyinit.so force revoke
  89. session required pam_limits.so
  90. EOF
  91. %clean
  92. rm -rf $RPM_BUILD_ROOT
  93. %files -f sudo_all.lang
  94. %defattr(-,root,root)
  95. %doc plugins/sample/sample_plugin.c
  96. %attr(0440,root,root) %config(noreplace) /etc/sudoers
  97. %attr(0750,root,root) %dir /etc/sudoers.d/
  98. %config(noreplace) /etc/pam.d/sudo
  99. %config(noreplace) /etc/pam.d/sudo-i
  100. %dir /var/run/sudo
  101. %attr(0750,root,root) %dir /var/log/sudo-io
  102. %attr(4111,root,root) %{_bindir}/sudo
  103. %attr(4111,root,root) %{_bindir}/sudoedit
  104. %attr(0111,root,root) %{_bindir}/sudoreplay
  105. %attr(0755,root,root) %{_sbindir}/visudo
  106. %attr(0644,root,root) %{_libexecdir}/sudo_noexec.so
  107. %attr(0644,root,root) %{_libexecdir}/sudoers.so*
  108. %{_mandir}/man5/sudoers*.5*
  109. %{_mandir}/man8/sudo.8*
  110. %{_mandir}/man8/sudoedit.8*
  111. %{_mandir}/man8/sudoreplay.8*
  112. %{_mandir}/man8/visudo.8*
  113. %dir %{_docdir}/sudo-%{version}
  114. %{_docdir}/sudo-%{version}/*
  115. # should be splitted to -devel?
  116. %{_includedir}/sudo_plugin.h
  117. %{_mandir}/man8/sudo_plugin.8*
  118. %post
  119. /bin/chmod 0440 /etc/sudoers || :
  120. %changelog
  121. * Mon Feb 3 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.8.6p8-1
  122. - update to 1.8.6p8
  123. * Mon Mar 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.8.6p7-3
  124. - fix permission of sudoreplay
  125. * Mon Mar 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.8.6p7-2
  126. - add /var/log/sudo-io
  127. - add some comments to default sudoers
  128. * Mon Mar 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.8.6p7-1
  129. - update to 1.8.6p7
  130. - drop unneeded patches.
  131. * Sat May 19 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-5
  132. - add patch120 for fix CVE-2012-2337 (netmask match)
  133. * Fri Jun 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2p7-4
  134. - update sudoers
  135. - enable "%wheel ALL=(ALL) ALL" by default.
  136. * Thu Feb 10 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-3
  137. - add patch110,111 for fix CVE-2011-0010 ("-g" option)
  138. * Wed Sep 8 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-2
  139. - add Patch100 for fix CVE-2010-2956 (sudo Runas)
  140. - add _smp_mflags flag into make section
  141. - fix doc filelist (no longer exist BUGS, CHANGSE)
  142. * Sun Jun 20 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-1
  143. - new upstream release with security fix (CVE-2010-1646)
  144. - change specfile name (-vl)
  145. * Sun Apr 25 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p6-1
  146. - new upstream release with security fix (CVE-2010-1163)
  147. - add sudoers.ldap.5 into files section
  148. * Wed Feb 24 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p4-1
  149. - new upstream release with security fix (CVE-2010-0426)
  150. - update Patch3
  151. * Wed Jul 15 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2-1
  152. - new upstream release
  153. * Wed Jun 17 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.1-1
  154. - new upstream release
  155. - update patches
  156. - disable "Defaults requiretty"
  157. * Fri Feb 13 2009 NAKAMURA Kenta <kenta@vinelinux.org> 1.6.9p20-2
  158. - rebuilt with openldap-2.4.11
  159. * Thu Feb 12 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.9p20-1
  160. - new upstream release with security fix (CVE 2009-0034)
  161. * Sat Aug 16 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.9p17-1
  162. - new upstream release
  163. - merge some changes from fedoraproject
  164. - include [sudo] in password prompt
  165. - compiled with secure path
  166. - also use getgrouplist() to determine group membership
  167. - add sudoers file
  168. - add command aliases, default environment config
  169. - build with openldap
  170. * Fri Aug 15 2008 Shu KONNO <owa@bg.wakwak.com> 1.6.8p12-1vl5
  171. - applied new versioning policy, spec in utf-8
  172. * Fri May 19 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p12-0vl2
  173. - change PAM configuration to use system-auth
  174. - add --with-ignore-dot, --with-editor and --with-env-editor to
  175. configure option.
  176. * Mon Jan 23 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.8p12-0vl1
  177. - new upstream release (included security fix)
  178. - add patch1 for fix CVE-2006-0151
  179. * Mon May 09 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p8-0vl1
  180. - new upstream release
  181. - use macros
  182. - build with pam
  183. * Wed Jan 19 2005 IWAI, Masaharu <iwai@alib.jp> 1.6.8p6-0vl1
  184. - new upstream release
  185. * Sun Oct 10 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8p1-0vl1
  186. - SECURITY FIX: new upstream release
  187. - update rpmnonroot.patch ( Patch0 )
  188. - add new man page: sudoedit(8)
  189. * Wed Sep 1 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8-0vl1
  190. - new upstream release
  191. - update rpmnonroot.patch ( Patch0 )
  192. - change Copyrigh tag to License tag
  193. - update License
  194. - update URL and Source0: official web site moved.
  195. - new files: %%{_bindir}/sudoedit and %%{_libexecdir}/sudo_noexec.*
  196. * Mon Apr 14 2003 IWAI Masaharu <iwai@alib.jp> 1.6.7p3-0vl1
  197. - upstream release
  198. * Wed May 08 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl3
  199. - fixed changelog
  200. -- don't expand macros in changelog ;P
  201. * Wed May 01 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl2
  202. - changed to use configure in build section
  203. (can't build on sparc)
  204. * Fri Apr 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.6-0vl1
  205. - upstream release
  206. - fix security hole : buffer over flow
  207. * Thu Jan 24 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p2-0vl1
  208. - upstream release
  209. - updated sudo.rpmnonroot.diff
  210. * Fri Jan 18 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p1-0vl1
  211. - upstream release
  212. - added configure script option '--disable-root-mailer'
  213. * Tue Jan 15 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4p1-0vl1
  214. - upstream release
  215. - eliminated FAQ from %doc
  216. * Mon Jan 14 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4-0vl1
  217. - upstream release
  218. - added noreplace flag (%{_sysconfdir}/sudoers file is not replaced)
  219. - updated sudo.rpmnonroot.diff
  220. * Wed May 09 2001 <sagami@vinelinux.org>
  221. - 1.6.3p7-0vl2: follow up 1.6.2p6-0.6vl1
  222. * Fri Mar 02 2001 sagami@vinelinux.org
  223. - 1.6.3p7-0vl1
  224. - use better macros
  225. * Thu Mar 1 2001 Kunio Murasawa <murasawa@marineroad.com>
  226. - 1.6.3p6-0vl1
  227. - changed sudo.rpmnonroot.diff for 1.6.3p6
  228. * Tue Sep 19 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
  229. - 1.6.1-2vl5
  230. - patch -p1 -> patch -p0
  231. * Mon Sep 18 2000 MATSUMOTO Shoji <shom@vinelinux.org>
  232. - 1.6.1-2vl4
  233. - fix uid/gid to root.root
  234. - add sudo.rpmnonroot.diff to built by non-root users
  235. * Tue Sep 12 2000 Jun Nishii <jun@vinelinux.org>
  236. - 1.6.1-2vl3
  237. - fix attr
  238. * Sun Sep 10 2000 Jun Nishii <jun@vinelinux.org>
  239. - 1.6.1-2vl2
  240. - enable to build by non-root useres
  241. * Fri Sep 08 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
  242. - 1.6.1-2vl1
  243. - modified %files section to handle compressed man page(s)
  244. * Fri Jan 7 2000 Jun Nishii <jun@vinelinux.org>
  245. - change group
  246. * Thu Dec 30 1999 Jun Nishii <jun@vinelinux.org>
  247. - version 1.6.1
  248. - build for Vine Linux 2.0
  249. * Fri May 14 1999 Takeda Eiji <keda@flatout.org>
  250. - sudo reads $BuildRoot%{_sysconfdir}/sudoers. Make change to read /etc/sudoers.
  251. * Wed Apr 21 1999 Hiroto Watanabe <watanabe@cij.co.jp>
  252. - Initial Release