427 lines
14 KiB
RPMSpec
427 lines
14 KiB
RPMSpec
#
|
|
# spec file for package pam
|
|
#
|
|
# Copyright (c) 2022-2023 ZhuningOS
|
|
#
|
|
|
|
|
|
#
|
|
%define enable_selinux 1
|
|
#
|
|
%{load:%{_sourcedir}/macros.pam}
|
|
#
|
|
Name: pam
|
|
Url: http://www.linux-pam.org/
|
|
BuildRequires: audit-devel
|
|
BuildRequires: bison
|
|
BuildRequires: cracklib-devel
|
|
BuildRequires: flex
|
|
%if 0%{?suse_version} > 1320
|
|
BuildRequires: pkgconfig(libnsl)
|
|
BuildRequires: pkgconfig(libtirpc)
|
|
%endif
|
|
%if %{enable_selinux}
|
|
BuildRequires: libselinux-devel
|
|
%endif
|
|
%define libpam_so_version 0.84.2
|
|
%define libpam_misc_so_version 0.82.1
|
|
%define libpamc_so_version 0.82.1
|
|
#
|
|
Version: 1.3.0
|
|
Release: 150000.6.66.1
|
|
Summary: A Security Tool that Provides Authentication for Applications
|
|
License: GPL-2.0+ or BSD-3-Clause
|
|
Group: System/Libraries
|
|
PreReq: permissions
|
|
%if 0%{?suse_version} >= 1330
|
|
Requires(pre): group(shadow)
|
|
Requires(pre): user(root)
|
|
%endif
|
|
|
|
#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/
|
|
Source: Linux-PAM-%{version}.tar.bz2
|
|
Source1: Linux-PAM-%{version}-docs.tar.bz2
|
|
Source2: securetty
|
|
Source3: other.pamd
|
|
Source4: common-auth.pamd
|
|
Source5: common-account.pamd
|
|
Source6: common-password.pamd
|
|
Source7: common-session.pamd
|
|
Source8: etc.environment
|
|
Source9: baselibs.conf
|
|
Source10: unix2_chkpwd.c
|
|
Source11: unix2_chkpwd.8
|
|
Source12: macros.pam
|
|
Source13: pam.tmpfiles
|
|
Patch0: fix-man-links.dif
|
|
Patch3: encryption_method_nis.diff
|
|
Patch4: pam-hostnames-in-access_conf.patch
|
|
Patch5: pam-fix-config-order-in-manpage.patch
|
|
Patch6: use-correct-IP-address.patch
|
|
Patch8: pam-xauth_ownership.patch
|
|
Patch9: pam-bsc1178727-initialize-daysleft.patch
|
|
Patch10: pam-bsc1177858-dont-free-environment-string.patch
|
|
Patch11: pam-pam_cracklib-add-usersubstr.patch
|
|
Patch12: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
|
|
Patch13: bsc1184358-prevent-LOCAL-from-being-resolved.patch
|
|
Patch14: pam-sle20638-add-pam_faillock.patch
|
|
Patch15: pam-bsc1197024-free-addrinfo-before-return.patch
|
|
Patch16: pam-bsc1197794-do-not-include-obsolete-header-files.patch
|
|
Patch17: pam-ped1712-pam_motd-directory-feature.patch
|
|
Patch18: pam-bsc1217000-pam_lastlog-check-localtime_r-return-value.patch
|
|
Patch19: pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
# Remove with next version update:
|
|
BuildRequires: autoconf
|
|
BuildRequires: automake
|
|
BuildRequires: libtool
|
|
|
|
%description
|
|
PAM (Pluggable Authentication Modules) is a system security tool that
|
|
allows system administrators to set authentication policies without
|
|
having to recompile programs that do authentication.
|
|
|
|
%package extra
|
|
Summary: PAM module to authenticate against a separate database
|
|
Group: System/Libraries%description
|
|
BuildRequires: libdb-4_8-devel
|
|
BuildRequires: pam-devel
|
|
|
|
%description extra
|
|
PAM (Pluggable Authentication Modules) is a system security tool that
|
|
allows system administrators to set authentication policies without
|
|
having to recompile programs that do authentication.
|
|
|
|
This package contains useful extra modules eg pam_userdb which is
|
|
used to verify a username/password pair against values stored in
|
|
a Berkeley DB database.
|
|
|
|
|
|
|
|
%package doc
|
|
Summary: Documentation for Pluggable Authentication Modules
|
|
Group: Documentation/HTML
|
|
%if 0%{?suse_version} >= 1140
|
|
BuildArch: noarch
|
|
%endif
|
|
|
|
%description doc
|
|
PAM (Pluggable Authentication Modules) is a system security tool that
|
|
allows system administrators to set authentication policies without
|
|
having to recompile programs that do authentication.
|
|
|
|
This package contains the documentation.
|
|
|
|
|
|
|
|
%package devel
|
|
Summary: Include Files and Libraries for PAM-Development
|
|
Group: Development/Libraries/C and C++
|
|
Requires: glibc-devel
|
|
Requires: pam = %{version}
|
|
|
|
%description devel
|
|
PAM (Pluggable Authentication Modules) is a system security tool which
|
|
allows system administrators to set authentication policy without
|
|
having to recompile programs which do authentication.
|
|
|
|
This package contains header files and static libraries used for
|
|
building both PAM-aware applications and modules for use with PAM.
|
|
|
|
%prep
|
|
%setup -q -n Linux-PAM-%{version} -b 1
|
|
%patch0 -p1
|
|
%patch3 -p0
|
|
%patch4 -p0
|
|
%patch5 -p1
|
|
%patch6 -p1
|
|
%patch8 -p1
|
|
%patch9 -p1
|
|
%patch10 -p1
|
|
%patch11 -p1
|
|
%patch12 -p1
|
|
%patch13 -p1
|
|
%patch14 -p1
|
|
%patch15 -p1
|
|
%patch16 -p1
|
|
%patch17 -p1
|
|
%patch18 -p1
|
|
%patch19 -p1
|
|
|
|
%build
|
|
autoreconf -fiv
|
|
export CFLAGS="%optflags -DNDEBUG"
|
|
%configure \
|
|
--sbindir=/sbin \
|
|
--includedir=%_includedir/security \
|
|
--docdir=%{_docdir}/pam \
|
|
--htmldir=%{_docdir}/pam/html \
|
|
--pdfdir=%{_docdir}/pam/pdf \
|
|
--libdir=/%{_lib} \
|
|
--enable-isadir=../..%{_pam_moduledir} \
|
|
--enable-securedir=%{_pam_moduledir}
|
|
make %{?_smp_mflags}
|
|
# These two files are introduced through a patch so they do not
|
|
# get the required execute permission.
|
|
chmod 750 build-aux/test-driver modules/pam_faillock/tst-pam_faillock
|
|
%__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/.libs/ -lpam
|
|
|
|
%check
|
|
make %{?_smp_mflags} check
|
|
|
|
%install
|
|
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
|
|
mkdir -p $RPM_BUILD_ROOT/usr/include/security
|
|
mkdir -p $RPM_BUILD_ROOT%{_pam_moduledir}
|
|
mkdir -p $RPM_BUILD_ROOT/sbin
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_libdir}
|
|
make DESTDIR=$RPM_BUILD_ROOT install
|
|
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
|
|
# Install documentation
|
|
make -C doc install DESTDIR=$RPM_BUILD_ROOT
|
|
# install /etc/environment
|
|
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/environment
|
|
# install securetty
|
|
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc
|
|
# install tmpfiles
|
|
install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
|
|
%ifarch s390 s390x
|
|
echo "ttyS0" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "ttyS1" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc0" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc1" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc2" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc3" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc4" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc5" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc6" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "hvc7" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "sclp_line0" >> $RPM_BUILD_ROOT/etc/securetty
|
|
echo "ttysclp0" >> $RPM_BUILD_ROOT/etc/securetty
|
|
%endif
|
|
# install other.pamd and common-*.pamd
|
|
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
|
|
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/common-auth
|
|
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/common-account
|
|
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/common-password
|
|
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/common-session
|
|
rm $RPM_BUILD_ROOT/%{_lib}/libpam.so
|
|
ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam.so
|
|
rm $RPM_BUILD_ROOT/%{_lib}/libpamc.so
|
|
ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpamc.so
|
|
rm $RPM_BUILD_ROOT/%{_lib}/libpam_misc.so
|
|
ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
|
|
#
|
|
# Remove crap
|
|
#
|
|
rm -rf $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT%{_pam_moduledir}/*.la
|
|
for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do
|
|
ln -f $RPM_BUILD_ROOT%{_pam_moduledir}/pam_unix.so $RPM_BUILD_ROOT%{_pam_moduledir}/$x.so
|
|
done
|
|
#
|
|
# Install READMEs of PAM modules
|
|
#
|
|
DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam
|
|
mkdir -p $DOC/modules
|
|
(
|
|
cd modules;
|
|
for i in pam_*/README ; do
|
|
cp -fpv ${i} $DOC/modules/README.`dirname ${i}`
|
|
done
|
|
)
|
|
#
|
|
# pam_tally is deprecated since ages
|
|
#
|
|
rm -f $RPM_BUILD_ROOT%{_pam_moduledir}/pam_tally.so
|
|
rm -f $RPM_BUILD_ROOT/sbin/pam_tally
|
|
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8*
|
|
rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/pam/modules/README.pam_tally
|
|
# Install unix2_chkpwd
|
|
install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/
|
|
install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/
|
|
# rpm macros
|
|
install -D -m 644 %{SOURCE12} %{buildroot}%{_rpmmacrodir}/macros.pam
|
|
# Create filelist with translatins
|
|
%{find_lang} Linux-PAM
|
|
|
|
%verifyscript
|
|
%verify_permissions -e /sbin/unix_chkpwd
|
|
%verify_permissions -e /sbin/unix2_chkpwd
|
|
|
|
%post
|
|
/sbin/ldconfig
|
|
%set_permissions /sbin/unix_chkpwd
|
|
%set_permissions /sbin/unix2_chkpwd
|
|
%tmpfiles_create %{_tmpfilesdir}/pam.conf
|
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
%files -f Linux-PAM.lang
|
|
%defattr(-,root,root)
|
|
%dir %{_sysconfdir}/pam.d
|
|
%dir %{_sysconfdir}/security
|
|
%dir %{_sysconfdir}/security/limits.d
|
|
%dir %{_defaultdocdir}/pam
|
|
%config(noreplace) %{_sysconfdir}/pam.d/other
|
|
%config(noreplace) %{_sysconfdir}/pam.d/common-*
|
|
%config(noreplace) %{_sysconfdir}/securetty
|
|
%config(noreplace) %{_sysconfdir}/environment
|
|
%config(noreplace) %{_sysconfdir}/security/access.conf
|
|
%config(noreplace) %{_sysconfdir}/security/group.conf
|
|
%config(noreplace) %{_sysconfdir}/security/limits.conf
|
|
%config(noreplace) %{_sysconfdir}/security/pam_env.conf
|
|
%if %{enable_selinux}
|
|
%config(noreplace) %{_sysconfdir}/security/sepermit.conf
|
|
%endif
|
|
%config(noreplace) %{_sysconfdir}/security/time.conf
|
|
%config(noreplace) %{_sysconfdir}/security/namespace.conf
|
|
%config(noreplace) %{_sysconfdir}/security/namespace.init
|
|
%config(noreplace) %{_sysconfdir}/security/faillock.conf
|
|
%doc NEWS
|
|
%license COPYING
|
|
%doc %{_mandir}/man5/environment.5*
|
|
%doc %{_mandir}/man5/*.conf.5*
|
|
%doc %{_mandir}/man5/pam.d.5*
|
|
%dir %{_mandir}/man8
|
|
%doc %{_mandir}/man8/pam.8.gz
|
|
%doc %{_mandir}/man8/pam_access.8.gz
|
|
%doc %{_mandir}/man8/pam_cracklib.8.gz
|
|
%doc %{_mandir}/man8/pam_debug.8.gz
|
|
%doc %{_mandir}/man8/pam_deny.8.gz
|
|
%doc %{_mandir}/man8/pam_echo.8.gz
|
|
%doc %{_mandir}/man8/pam_env.8.gz
|
|
%doc %{_mandir}/man8/pam_exec.8.gz
|
|
%doc %{_mandir}/man8/pam_faildelay.8.gz
|
|
%doc %{_mandir}/man8/pam_faillock.8.gz
|
|
%doc %{_mandir}/man8/faillock.8.gz
|
|
%doc %{_mandir}/man8/pam_filter.8.gz
|
|
%doc %{_mandir}/man8/pam_ftp.8.gz
|
|
%doc %{_mandir}/man8/pam_group.8.gz
|
|
%doc %{_mandir}/man8/pam_issue.8.gz
|
|
%doc %{_mandir}/man8/pam_keyinit.8.gz
|
|
%doc %{_mandir}/man8/pam_lastlog.8.gz
|
|
%doc %{_mandir}/man8/pam_limits.8.gz
|
|
%doc %{_mandir}/man8/pam_listfile.8.gz
|
|
%doc %{_mandir}/man8/pam_localuser.8.gz
|
|
%doc %{_mandir}/man8/pam_loginuid.8.gz
|
|
%doc %{_mandir}/man8/pam_mail.8.gz
|
|
%doc %{_mandir}/man8/pam_mkhomedir.8.gz
|
|
%doc %{_mandir}/man8/pam_motd.8.gz
|
|
%doc %{_mandir}/man8/pam_namespace.8.gz
|
|
%doc %{_mandir}/man8/pam_nologin.8.gz
|
|
%doc %{_mandir}/man8/pam_permit.8.gz
|
|
%doc %{_mandir}/man8/pam_pwhistory.8.gz
|
|
%doc %{_mandir}/man8/pam_rhosts.8.gz
|
|
%doc %{_mandir}/man8/pam_rootok.8.gz
|
|
%doc %{_mandir}/man8/pam_securetty.8.gz
|
|
%doc %{_mandir}/man8/pam_selinux.8.gz
|
|
%doc %{_mandir}/man8/pam_sepermit.8.gz
|
|
%doc %{_mandir}/man8/pam_shells.8.gz
|
|
%doc %{_mandir}/man8/pam_succeed_if.8.gz
|
|
%doc %{_mandir}/man8/pam_tally2.8.gz
|
|
%doc %{_mandir}/man8/pam_time.8.gz
|
|
%doc %{_mandir}/man8/pam_timestamp.8.gz
|
|
%doc %{_mandir}/man8/pam_timestamp_check.8.gz
|
|
%doc %{_mandir}/man8/pam_tty_audit.8.gz
|
|
%doc %{_mandir}/man8/pam_umask.8.gz
|
|
%doc %{_mandir}/man8/pam_unix.8.gz
|
|
%doc %{_mandir}/man8/pam_warn.8.gz
|
|
%doc %{_mandir}/man8/pam_wheel.8.gz
|
|
%doc %{_mandir}/man8/pam_xauth.8.gz
|
|
%doc %{_mandir}/man8/PAM.8.gz
|
|
%doc %{_mandir}/man8/mkhomedir_helper.8.gz
|
|
%doc %{_mandir}/man8/unix2_chkpwd.8.gz
|
|
%doc %{_mandir}/man8/unix_chkpwd.8.gz
|
|
%doc %{_mandir}/man8/unix_update.8.gz
|
|
/%{_lib}/libpam.so.0
|
|
/%{_lib}/libpam.so.%{libpam_so_version}
|
|
/%{_lib}/libpamc.so.0
|
|
/%{_lib}/libpamc.so.%{libpamc_so_version}
|
|
/%{_lib}/libpam_misc.so.0
|
|
/%{_lib}/libpam_misc.so.%{libpam_misc_so_version}
|
|
%dir %{_pam_moduledir}
|
|
%{_pam_moduledir}/pam_access.so
|
|
%{_pam_moduledir}/pam_cracklib.so
|
|
%{_pam_moduledir}/pam_debug.so
|
|
%{_pam_moduledir}/pam_deny.so
|
|
%{_pam_moduledir}/pam_echo.so
|
|
%{_pam_moduledir}/pam_env.so
|
|
%{_pam_moduledir}/pam_exec.so
|
|
%{_pam_moduledir}/pam_faildelay.so
|
|
%{_pam_moduledir}/pam_faillock.so
|
|
%{_pam_moduledir}/pam_filter.so
|
|
%dir %{_pam_moduledir}/pam_filter
|
|
%{_pam_moduledir}//pam_filter/upperLOWER
|
|
%{_pam_moduledir}/pam_ftp.so
|
|
%{_pam_moduledir}/pam_group.so
|
|
%{_pam_moduledir}/pam_issue.so
|
|
%{_pam_moduledir}/pam_keyinit.so
|
|
%{_pam_moduledir}/pam_lastlog.so
|
|
%{_pam_moduledir}/pam_limits.so
|
|
%{_pam_moduledir}/pam_listfile.so
|
|
%{_pam_moduledir}/pam_localuser.so
|
|
%{_pam_moduledir}/pam_loginuid.so
|
|
%{_pam_moduledir}/pam_mail.so
|
|
%{_pam_moduledir}/pam_mkhomedir.so
|
|
%{_pam_moduledir}/pam_motd.so
|
|
%{_pam_moduledir}/pam_namespace.so
|
|
%{_pam_moduledir}/pam_nologin.so
|
|
%{_pam_moduledir}/pam_permit.so
|
|
%{_pam_moduledir}/pam_pwhistory.so
|
|
%{_pam_moduledir}/pam_rhosts.so
|
|
%{_pam_moduledir}/pam_rootok.so
|
|
%{_pam_moduledir}/pam_securetty.so
|
|
%if %{enable_selinux}
|
|
%{_pam_moduledir}/pam_selinux.so
|
|
%{_pam_moduledir}/pam_sepermit.so
|
|
%endif
|
|
%{_pam_moduledir}/pam_shells.so
|
|
%{_pam_moduledir}/pam_stress.so
|
|
%{_pam_moduledir}/pam_succeed_if.so
|
|
%{_pam_moduledir}/pam_tally2.so
|
|
%{_pam_moduledir}/pam_time.so
|
|
%{_pam_moduledir}/pam_timestamp.so
|
|
%{_pam_moduledir}/pam_tty_audit.so
|
|
%{_pam_moduledir}/pam_umask.so
|
|
%{_pam_moduledir}/pam_unix.so
|
|
%{_pam_moduledir}/pam_unix_acct.so
|
|
%{_pam_moduledir}/pam_unix_auth.so
|
|
%{_pam_moduledir}/pam_unix_passwd.so
|
|
%{_pam_moduledir}/pam_unix_session.so
|
|
%{_pam_moduledir}/pam_warn.so
|
|
%{_pam_moduledir}/pam_wheel.so
|
|
%{_pam_moduledir}/pam_xauth.so
|
|
/sbin/mkhomedir_helper
|
|
/sbin/faillock
|
|
/sbin/pam_tally2
|
|
/sbin/pam_timestamp_check
|
|
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
|
|
%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
|
|
%attr(0700,root,root) /sbin/unix_update
|
|
%{_tmpfilesdir}/pam.conf
|
|
|
|
%files extra
|
|
%defattr(-,root,root,755)
|
|
%attr(755,root,root) %{_pam_moduledir}/pam_userdb.so
|
|
%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz
|
|
|
|
%files doc
|
|
%defattr(644,root,root,755)
|
|
%dir %{_defaultdocdir}/pam
|
|
%doc %{_defaultdocdir}/pam/html
|
|
%doc %{_defaultdocdir}/pam/modules
|
|
%doc %{_defaultdocdir}/pam/pdf
|
|
%doc %{_defaultdocdir}/pam/*.txt
|
|
|
|
%files devel
|
|
%defattr(644,root,root,755)
|
|
%dir /usr/include/security
|
|
%doc %{_mandir}/man3/pam*
|
|
%doc %{_mandir}/man3/misc_conv.3*
|
|
%{_includedir}/security/*.h
|
|
%{_libdir}/libpam.so
|
|
%{_libdir}/libpamc.so
|
|
%{_libdir}/libpam_misc.so
|
|
%{_rpmmacrodir}/macros.pam
|
|
|
|
%changelog
|