2024-01-05 18:11:17 +01:00
|
|
|
%define sysadmin_groupid 30
|
|
|
|
%define sysadmin_name sysadmin
|
|
|
|
|
|
|
|
%define with_exempt 0
|
|
|
|
|
|
|
|
Name: sudo
|
2024-01-05 18:11:18 +01:00
|
|
|
Version: 1.8.19p1
|
2024-01-05 18:11:18 +01:00
|
|
|
Release: 1mamba
|
2024-01-05 18:11:17 +01:00
|
|
|
Summary: Allows restricted root access for specified users
|
|
|
|
Group: System/Tools
|
|
|
|
Vendor: openmamba
|
|
|
|
Distribution: openmamba
|
|
|
|
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
|
|
|
URL: http://www.courtesan.com/sudo/
|
2024-01-05 18:11:18 +01:00
|
|
|
Source0: https://www.sudo.ws/dist/sudo-%{version}.tar.gz
|
2024-01-05 18:11:17 +01:00
|
|
|
Source1: %{name}-sudoers.conf
|
|
|
|
Source2: %{name}-pam.conf
|
|
|
|
Patch2: %{name}-1.6.8p9-samples.patch
|
|
|
|
Patch3: %{name}-1.6.8p9-can_2005_2959.patch
|
|
|
|
Patch4: %{name}-1.6.8p12-can_2006_0151.patch
|
|
|
|
Patch5: %{name}-1.6.8p12-badenv_table_more.patch
|
|
|
|
Patch6: %{name}-1.6.8p12-sudoers_man.patch
|
|
|
|
Patch7: %{name}-1.7.0-disable_env_reset.patch
|
|
|
|
Patch8: %{name}-1.8.6p4-qemu_no_geteuid.patch
|
|
|
|
License: BSD
|
|
|
|
## AUTOBUILDREQ-BEGIN
|
|
|
|
BuildRequires: glibc-devel
|
2024-01-05 18:11:17 +01:00
|
|
|
BuildRequires: libz-devel
|
|
|
|
BuildRequires: perl-devel
|
|
|
|
## AUTOBUILDREQ-END
|
2024-01-05 18:11:17 +01:00
|
|
|
BuildRequires: pam-devel
|
|
|
|
%if "%{stage1}" != "1"
|
|
|
|
BuildRequires: libopenldap-devel
|
|
|
|
BuildRequires: vim
|
|
|
|
%endif
|
|
|
|
%if "%{stage1}" != "1"
|
|
|
|
Requires: vim >= 6.3
|
|
|
|
%endif
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
|
|
|
|
|
|
|
%description
|
|
|
|
Sudo (superuser do) is a program designed to allow a sysadmin to give limited root privileges to users and log root activity.
|
|
|
|
The basic philosophy is to give as few privileges as possible but still allow people to get their work done.
|
|
|
|
|
|
|
|
%prep
|
|
|
|
%setup -q
|
|
|
|
#%patch2 -p1
|
|
|
|
#%patch4 -p1 -b .can_2006_0151
|
|
|
|
%if %with_exempt
|
|
|
|
%patch6 -p1 -b .sudoers_man
|
|
|
|
%endif
|
|
|
|
#%patch7 -p1
|
2024-01-05 18:11:17 +01:00
|
|
|
#%patch8 -p1
|
2024-01-05 18:11:17 +01:00
|
|
|
|
|
|
|
%build
|
|
|
|
%configure \
|
|
|
|
--with-logging=syslog \
|
|
|
|
--with-logfac=authpriv \
|
|
|
|
%if "%{stage1}" != "1"
|
|
|
|
--with-ldap \
|
|
|
|
%endif
|
|
|
|
--with-pam \
|
|
|
|
--without-rpath \
|
|
|
|
--with-tty-tickets \
|
|
|
|
--with-editor=%{_bindir}/vi \
|
|
|
|
--with-env-editor \
|
|
|
|
--with-ignore-dot \
|
|
|
|
--with-all-insults \
|
|
|
|
--without-lecture \
|
|
|
|
--with-secure-path="\
|
|
|
|
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/kde/bin:/opt/kde3/bin" \
|
|
|
|
--with-fqdn \
|
2024-01-05 18:11:18 +01:00
|
|
|
--with-rundir=/run/sudo \
|
2024-01-05 18:11:17 +01:00
|
|
|
%if %with_exempt
|
|
|
|
--with-exempt=%{sysadmin_name} \
|
|
|
|
%endif
|
|
|
|
--disable-root-mailer \
|
|
|
|
--with-sendmail=/usr/sbin/sendmail \
|
|
|
|
--disable-setresuid
|
|
|
|
|
|
|
|
# --disable-envreset
|
|
|
|
# --with-password-timeout=0
|
|
|
|
|
|
|
|
%make
|
|
|
|
|
|
|
|
%install
|
|
|
|
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
|
|
|
|
%makeinstall \
|
|
|
|
install_uid=`id -u` \
|
|
|
|
install_gid=`id -g` \
|
|
|
|
sudoers_uid=`id -u` \
|
|
|
|
sudoers_gid=`id -g`
|
|
|
|
|
|
|
|
rm -f %{buildroot}%{_bindir}/sudoedit
|
|
|
|
ln -sf sudo %{buildroot}%{_bindir}/sudoedit
|
|
|
|
|
|
|
|
install -D -m0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
|
|
|
|
install -D -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
|
|
|
|
|
|
|
|
install -d %{buildroot}%{_var}/log
|
|
|
|
touch %{buildroot}%{_var}/log/%{name}.log
|
|
|
|
|
|
|
|
install -d -m 510 %{buildroot}%{_sysconfdir}/sudoers.d
|
|
|
|
|
|
|
|
%find_lang %{name}
|
|
|
|
%find_lang sudoers
|
|
|
|
|
|
|
|
cat sudoers.lang >> %{name}.lang
|
|
|
|
|
|
|
|
%clean
|
|
|
|
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
|
|
|
|
|
|
|
|
%pre
|
|
|
|
groupadd sysadmin -g %{sysadmin_groupid} 2>/dev/null || :
|
|
|
|
exit 0
|
|
|
|
|
|
|
|
%post
|
2024-01-05 18:11:17 +01:00
|
|
|
if [ $1 -gt 1 ]; then
|
2024-01-05 18:11:18 +01:00
|
|
|
%tmpfiles_create sudo.conf
|
2024-01-05 18:11:17 +01:00
|
|
|
/bin/chmod 0440 %{_sysconfdir}/sudoers || :
|
|
|
|
grep guarddog %{_sysconfdir}/sudoers >/dev/null && \
|
|
|
|
sed -i "s|/opt/kde3/bin/guarddog|/usr/sbin/ufw|" %{_sysconfdir}/sudoers
|
|
|
|
#grep "/etc/sudoers\.d" %{_sysconfdir}/sudoers >/dev/null || \
|
|
|
|
# echo "#includedir /etc/sudoers.d" >> %{_sysconfdir}/sudoers
|
|
|
|
fi
|
2024-01-05 18:11:17 +01:00
|
|
|
exit 0
|
|
|
|
|
|
|
|
%files -f %{name}.lang
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%attr(0110,root,root) %{_sysconfdir}/sudoers.d
|
|
|
|
%attr(0440,root,root) %config %{_sysconfdir}/sudoers
|
|
|
|
%attr(4111,root,root) %{_bindir}/sudo
|
|
|
|
%attr(4111,root,root) %{_bindir}/sudoedit
|
|
|
|
%attr(4111,root,root) %{_bindir}/sudoreplay
|
|
|
|
%attr(0755,root,root) %{_sbindir}/visudo
|
|
|
|
%config %{_sysconfdir}/pam.d/sudo
|
|
|
|
%dir %{_libexecdir}/sudo
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/group_file.la
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/group_file.so
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/libsudo_util.la
|
|
|
|
%{_libexecdir}/sudo/libsudo_util.so
|
|
|
|
%{_libexecdir}/sudo/libsudo_util.so.*
|
|
|
|
%{_libexecdir}/sudo/sudo_noexec.la
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/sudo_noexec.so
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/sudoers.la
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/sudoers.so
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/system_group.la
|
2024-01-05 18:11:17 +01:00
|
|
|
%{_libexecdir}/sudo/system_group.so
|
|
|
|
%{_includedir}/sudo_plugin.h
|
2024-01-05 18:11:18 +01:00
|
|
|
%{_prefix}/lib/tmpfiles.d/sudo.conf
|
2024-01-05 18:11:17 +01:00
|
|
|
%ghost %{_var}/log/%{name}.log
|
|
|
|
%attr(0700,root,root) %{_localstatedir}/db/sudo
|
|
|
|
%dir %{_docdir}/sudo
|
|
|
|
%{_docdir}/sudo/*
|
|
|
|
%{_mandir}/man5/sudo.conf.5*
|
|
|
|
%{_mandir}/man5/sudoers.*
|
|
|
|
%{_mandir}/man8/sudo.*
|
|
|
|
%{_mandir}/man8/sudoreplay.*
|
|
|
|
%{_mandir}/man8/sudoedit.*
|
|
|
|
%{_mandir}/man8/visudo.*
|
|
|
|
%{_mandir}/man8/sudo_plugin.8*
|
2024-01-05 18:11:17 +01:00
|
|
|
%doc doc/LICENSE
|
|
|
|
#%doc ChangeLog README README.LDAP
|
2024-01-05 18:11:17 +01:00
|
|
|
|
|
|
|
%changelog
|
2024-01-05 18:11:18 +01:00
|
|
|
* Wed Nov 15 2017 Automatic Build System <autodist@mambasoft.it> 1.8.19p1-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
2024-01-05 18:11:18 +01:00
|
|
|
* Tue Nov 22 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.18p1-1mamba
|
|
|
|
- update to 1.8.18p1
|
|
|
|
|
2024-01-05 18:11:18 +01:00
|
|
|
* Thu Sep 29 2016 Automatic Build System <autodist@mambasoft.it> 1.8.18-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
2024-01-05 18:11:18 +01:00
|
|
|
* Sun Jul 31 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.17p1-1mamba
|
|
|
|
- update to 1.8.17p1
|
|
|
|
|
2024-01-05 18:11:18 +01:00
|
|
|
* Thu Mar 31 2016 Automatic Build System <autodist@mambasoft.it> 1.8.16-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
2024-01-05 18:11:18 +01:00
|
|
|
* Sat Nov 07 2015 Automatic Build System <autodist@mambasoft.it> 1.8.15-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
2024-01-05 18:11:18 +01:00
|
|
|
* Wed Aug 19 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.14p3-2mamba
|
|
|
|
- fix rundir
|
|
|
|
|
2024-01-05 18:11:18 +01:00
|
|
|
* Sun Aug 02 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.14p3-1mamba
|
|
|
|
- update to 1.8.14p3
|
|
|
|
|
2024-01-05 18:11:17 +01:00
|
|
|
* Wed Apr 01 2015 Automatic Build System <autodist@mambasoft.it> 1.8.13-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
2024-01-05 18:11:17 +01:00
|
|
|
* Sun Feb 22 2015 Automatic Build System <autodist@mambasoft.it> 1.8.12-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
2024-01-05 18:11:17 +01:00
|
|
|
* Tue Oct 28 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.11p1-1mamba
|
|
|
|
- update to 1.8.11p1
|
|
|
|
- sudoers: enable /sbin/ldconfig for DISTRO_CMD users
|
|
|
|
|
2024-01-05 18:11:17 +01:00
|
|
|
* Thu Jul 03 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.9p5-2mamba
|
|
|
|
- /etc/sudoers: remove old programs and add ufw to SYSADM_CMD (to fix mambatray enable/disable)
|
|
|
|
|
2024-01-05 18:11:17 +01:00
|
|
|
* Wed May 28 2014 Automatic Build System <autodist@mambasoft.it> 1.8.9p5-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
2024-01-05 18:11:17 +01:00
|
|
|
* Sat Feb 01 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.9p4-1mamba
|
|
|
|
- update to 1.8.9p4
|
|
|
|
|
|
|
|
* Fri Oct 04 2013 Automatic Build System <autodist@mambasoft.it> 1.8.8-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Mon Jun 17 2013 Automatic Build System <autodist@mambasoft.it> 1.8.7-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
|
|
|
* Tue Apr 16 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p8-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
|
|
|
* Fri Mar 01 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p7-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
|
|
|
* Wed Jan 23 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p4-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
|
|
|
* Wed Sep 19 2012 Automatic Build System <autodist@mambasoft.it> 1.8.6p3-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
|
|
|
* Sun Jun 26 2011 Automatic Build System <autodist@mambasoft.it> 1.8.1p2-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Wed Feb 02 2011 Automatic Build System <autodist@mambasoft.it> 1.7.4p6-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Tue Jan 11 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p4-2mamba
|
|
|
|
- sudoers: change path or rpm from /bin/rpm to /usr/bin/rpm (rpm 5)
|
|
|
|
|
|
|
|
* Wed Nov 10 2010 Automatic Build System <autodist@mambasoft.it> 1.7.4p4-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Fri Sep 03 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p3-2mamba
|
|
|
|
- create and own /var/db/sudo
|
|
|
|
|
|
|
|
* Sun Aug 22 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p3-1mamba
|
|
|
|
- update to 1.7.4p3
|
|
|
|
- added support for /etc/sudoers.d directory
|
|
|
|
|
|
|
|
* Mon Jun 21 2010 Automatic Build System <autodist@mambasoft.it> 1.7.2p7-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Mon Feb 15 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.2p2-3mamba
|
|
|
|
- /opt/kde3/bin/kcmshell removed from /etc/sudoers
|
|
|
|
|
|
|
|
* Wed Jan 06 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.2p2-2mamba
|
|
|
|
- add /usr/bin/smart to sudoers DISTRO_CMD
|
|
|
|
|
|
|
|
* Tue Dec 08 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2p2-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Wed Jul 29 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2p1-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Fri Jul 17 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Sun Apr 19 2009 Automatic Build System <autodist@mambasoft.it> 1.7.1-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Sat Apr 04 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.0-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Sun Feb 01 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p20-1mamba
|
|
|
|
- update to 1.6.9p20
|
|
|
|
- added support for kde4 binaries path
|
|
|
|
|
|
|
|
* Wed Dec 03 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p18-1mamba
|
|
|
|
- automatic update by autodist
|
|
|
|
|
|
|
|
* Thu May 08 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p15-2mamba
|
|
|
|
- added kde3 path to secure dirs; removed /usr/X11R6/bin
|
|
|
|
- added patch that disables default environment reset
|
|
|
|
|
|
|
|
* Mon Mar 31 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p15-1mamba
|
|
|
|
- update to 1.6.9p15
|
|
|
|
- sudoers: allow execution of all commands in system path to sysadmin group
|
|
|
|
requiring user password
|
|
|
|
- removed pam, badenv table and can_2006_0151 patches applied upstream
|
|
|
|
|
|
|
|
* Fri Dec 28 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-13mamba
|
|
|
|
- removed a message when installing/upgrading
|
|
|
|
|
|
|
|
* Tue Nov 27 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-12mamba
|
|
|
|
- sudoers: added /opt/kde3/bin/mambapt in DISTRO_CMD
|
|
|
|
- sudoers: removed obsolete EXTRA_CMD (/usr/bin/updatechecker and /usr/bin/activate)
|
|
|
|
|
|
|
|
* Thu Nov 22 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-11mamba
|
|
|
|
- fixed pam configuration file
|
|
|
|
|
|
|
|
* Mon Nov 19 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-10mamba
|
|
|
|
- added guarddog and kcmshell to SYSADM_CMD
|
|
|
|
|
|
|
|
* Tue Jun 27 2006 Massimo Pintore <massimo.pintore@qilinux.it> 1.6.8p12-9qilnx
|
|
|
|
- added EXTRA_CMD alias in sudoers file
|
|
|
|
|
|
|
|
* Fri Apr 21 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-8qilnx
|
|
|
|
- added /usr/bin/apt-cdrom and /usr/bin/updatechecker in sudoers file
|
|
|
|
|
|
|
|
* Thu Apr 06 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-7qilnx
|
|
|
|
- option '--with-exempt=%{sysadmin_name}' disabled
|
|
|
|
|
|
|
|
* Wed Apr 05 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-6qilnx
|
|
|
|
- rebuild with the option '--with-exempt=%{sysadmin_name}'
|
|
|
|
- removed patch for CAN-2005-2959 (fixed upstream)
|
|
|
|
|
|
|
|
* Tue Feb 14 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-5qilnx
|
|
|
|
- create and handle sysadmin group
|
|
|
|
|
|
|
|
* Mon Feb 06 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-4qilnx
|
|
|
|
- new patch for CVE-2006-0151
|
|
|
|
|
|
|
|
* Wed Jan 25 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-3qilnx
|
|
|
|
- allow "packager" group users to execute rpm, apt-get and synaptic
|
|
|
|
|
|
|
|
* Mon Jan 23 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-2qilnx
|
|
|
|
- security update for CVE-2006-0151 (qibug#117)
|
|
|
|
|
|
|
|
* Mon Nov 14 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-1qilnx
|
|
|
|
- update to version 1.6.8p12 by autospec
|
|
|
|
- also fixes a security issue in perl scripts (QiLinux bug#69)
|
|
|
|
|
|
|
|
* Wed Oct 26 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p9-2qilnx
|
|
|
|
- security fix for CAN-2005-2959 (closes: #55)
|
|
|
|
|
|
|
|
* Fri Sep 30 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p9-1qilnx
|
|
|
|
- package created by autospec
|