sudo/sudo.spec

423 lines
14 KiB
RPMSpec
Raw Permalink Normal View History

%define sysadmin_groupid 30
%define sysadmin_name sysadmin
%define with_exempt 0
Name: sudo
Version: 1.9.12
Release: 2mamba
Summary: Allows restricted root access for specified users
Group: System/Tools
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: https://www.sudo.ws/sudo/
Source0: https://www.sudo.ws/dist/sudo-%{version}.tar.gz
Source1: %{name}-sudoers.conf
Source2: %{name}-pam.conf
Patch2: %{name}-1.6.8p9-samples.patch
Patch3: %{name}-1.6.8p9-can_2005_2959.patch
Patch4: %{name}-1.6.8p12-can_2006_0151.patch
Patch5: %{name}-1.6.8p12-badenv_table_more.patch
Patch6: %{name}-1.6.8p12-sudoers_man.patch
Patch7: %{name}-1.7.0-disable_env_reset.patch
Patch8: %{name}-1.8.6p4-qemu_no_geteuid.patch
License: BSD
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libopenldap-devel
BuildRequires: libopenssl-devel
BuildRequires: libpam-devel
BuildRequires: libsasl2-devel
BuildRequires: libz-devel
## AUTOBUILDREQ-END
BuildRequires: pam-devel
%if "%{stage1}" != "1"
BuildRequires: libopenldap-devel
BuildRequires: vim
%endif
%if "%{stage1}" != "1"
Requires: vim >= 6.3
%endif
%description
Sudo (superuser do) is a program designed to allow a sysadmin to give limited root privileges to users and log root activity.
The basic philosophy is to give as few privileges as possible but still allow people to get their work done.
%debug_package
%prep
%setup -q
#%patch2 -p1
#%patch4 -p1 -b .can_2006_0151
%if %with_exempt
%patch6 -p1 -b .sudoers_man
%endif
#%patch7 -p1
#%patch8 -p1
%build
%configure \
--with-logging=syslog \
--with-logfac=authpriv \
%if "%{stage1}" != "1"
--with-ldap \
%endif
--with-pam \
--without-rpath \
--with-tty-tickets \
--with-editor=%{_bindir}/vi \
--with-env-editor \
--with-ignore-dot \
--with-all-insults \
--without-lecture \
--with-secure-path="\
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/kde/bin:/opt/kde3/bin" \
--with-fqdn \
--with-rundir=/run/sudo \
%if %with_exempt
--with-exempt=%{sysadmin_name} \
%endif
--disable-root-mailer \
--with-sendmail=/usr/sbin/sendmail \
--disable-setresuid
# --disable-envreset
# --with-password-timeout=0
%make
%install
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
%makeinstall \
install_uid=`id -u` \
install_gid=`id -g` \
sudoers_uid=`id -u` \
sudoers_gid=`id -g`
rm -f %{buildroot}%{_bindir}/sudoedit
ln -sf sudo %{buildroot}%{_bindir}/sudoedit
install -D -m0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers
install -D -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sudo
install -d %{buildroot}%{_var}/log
touch %{buildroot}%{_var}/log/%{name}.log
install -d -m 510 %{buildroot}%{_sysconfdir}/sudoers.d
%find_lang %{name}
%find_lang sudoers
cat sudoers.lang >> %{name}.lang
%clean
[ "%{buildroot}" != / ] && rm -rf %{buildroot}
%pre
groupadd sysadmin -g %{sysadmin_groupid} 2>/dev/null || :
exit 0
%post
if [ $1 -gt 1 ]; then
%tmpfiles_create sudo.conf
/bin/chmod 0440 %{_sysconfdir}/sudoers || :
grep guarddog %{_sysconfdir}/sudoers >/dev/null && \
sed -i "s|/opt/kde3/bin/guarddog|/usr/sbin/ufw|" %{_sysconfdir}/sudoers
#grep "/etc/sudoers\.d" %{_sysconfdir}/sudoers >/dev/null || \
# echo "#includedir /etc/sudoers.d" >> %{_sysconfdir}/sudoers
fi
exit 0
%files -f %{name}.lang
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/sudo.conf
%config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
%{_sysconfdir}/sudoers.dist
%attr(0110,root,root) %{_sysconfdir}/sudoers.d
%attr(0440,root,root) %config %{_sysconfdir}/sudoers
%config %{_sysconfdir}/pam.d/sudo
%{_bindir}/cvtsudoers
%attr(4111,root,root) %{_bindir}/sudo
%{_bindir}/sudoedit
%attr(4111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%{_sbindir}/sudo_logsrvd
%{_sbindir}/sudo_sendlog
%dir %{_libexecdir}/sudo
%{_libexecdir}/sudo/audit_json.so
%{_libexecdir}/sudo/group_file.so
%{_libexecdir}/sudo/libsudo_util.so
%{_libexecdir}/sudo/libsudo_util.so.*
#%{_libexecdir}/sudo/sample_approval.so
%{_libexecdir}/sudo/sudo_intercept.so
%{_libexecdir}/sudo/sudo_noexec.so
%{_libexecdir}/sudo/sudoers.so
%{_libexecdir}/sudo/system_group.so
%{_includedir}/sudo_plugin.h
%{_prefix}/lib/tmpfiles.d/sudo.conf
%ghost %{_var}/log/%{name}.log
%attr(0700,root,root) %{_localstatedir}/db/sudo
%dir %{_docdir}/sudo
%{_docdir}/sudo/*
%{_mandir}/man1/cvtsudoers.1*
%{_mandir}/man5/sudo.conf.5*
%{_mandir}/man5/sudoers*.5*
%{_mandir}/man5/sudo_logsrv.proto.5*
%{_mandir}/man5/sudo_logsrvd.conf.5*
%{_mandir}/man5/sudo_plugin.5*
%{_mandir}/man8/sudo.*
%{_mandir}/man8/sudoreplay.*
%{_mandir}/man8/sudoedit.*
%{_mandir}/man8/sudo_logsrvd.8*
%{_mandir}/man8/sudo_sendlog.8*
%{_mandir}/man8/visudo.*
%doc LICENSE.md
#%doc ChangeLog README README.LDAP
%changelog
* Tue Jan 24 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 1.9.12-2mamba
- remove obsolete entries from default /etc/sudoers file
- NOPASSWD rpm and dnf only for packager group, no longer for sysadmin
* Tue Oct 25 2022 Automatic Build System <autodist@mambasoft.it> 1.9.12-1mamba
- automatic version update by autodist
* Fri Mar 04 2022 Automatic Build System <autodist@mambasoft.it> 1.9.10-1mamba
- automatic version update by autodist
* Mon Jan 31 2022 Automatic Build System <autodist@mambasoft.it> 1.9.9-1mamba
- automatic version update by autodist
* Tue Sep 14 2021 Automatic Build System <autodist@mambasoft.it> 1.9.8-1mamba
- automatic version update by autodist
* Wed May 12 2021 Automatic Build System <autodist@mambasoft.it> 1.9.7-1mamba
- automatic version update by autodist
* Sun Mar 14 2021 Automatic Build System <autodist@mambasoft.it> 1.9.6-1mamba
- automatic version update by autodist
* Mon Feb 01 2021 Silvan Calarco <silvan.calarco@mambasoft.it> 1.9.5p2-1mamba
- update to 1.9.5p2
* Wed Dec 02 2020 Automatic Build System <autodist@mambasoft.it> 1.9.4-1mamba
- automatic version update by autodist
* Thu Sep 24 2020 Automatic Build System <autodist@mambasoft.it> 1.9.3-1mamba
- automatic version update by autodist
* Sat Jul 25 2020 Automatic Build System <autodist@mambasoft.it> 1.9.2-1mamba
- automatic version update by autodist
* Sat Jun 20 2020 Automatic Build System <autodist@mambasoft.it> 1.9.1-1mamba
- automatic version update by autodist
* Fri May 22 2020 Automatic Build System <autodist@mambasoft.it> 1.9.0-1mamba
- automatic version update by autodist
* Tue Mar 31 2020 Ercole 'ercolinux' Carpanetto <ercole69@gmail.com> 1.8.31p1-1mamba
- update to 1.8.31p1
* Mon Feb 03 2020 Automatic Build System <autodist@mambasoft.it> 1.8.31-1mamba
- automatic version update by autodist
* Fri Jan 03 2020 Automatic Build System <autodist@mambasoft.it> 1.8.30-1mamba
- automatic version update by autodist
* Mon Nov 04 2019 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.29-2mamba
- update /etc/sudoers file: give sysadmin execute permission from any dir and no password for systemctl, journalctl, dnf
* Wed Oct 30 2019 Automatic Build System <autodist@mambasoft.it> 1.8.29-1mamba
- automatic version update by autodist
* Tue Oct 15 2019 Automatic Build System <autodist@mambasoft.it> 1.8.28-1mamba
- automatic version update by autodist
* Wed Jan 16 2019 Automatic Build System <autodist@mambasoft.it> 1.8.27-1mamba
- automatic version update by autodist
* Mon Nov 19 2018 Automatic Build System <autodist@mambasoft.it> 1.8.26-1mamba
- automatic version update by autodist
* Fri Sep 07 2018 Automatic Build System <autodist@mambasoft.it> 1.8.25-1mamba
- automatic version update by autodist
* Wed Aug 29 2018 Automatic Build System <autodist@mambasoft.it> 1.8.24-1mamba
- automatic version update by autodist
* Thu Jul 19 2018 Automatic Build System <autodist@mambasoft.it> 1.8.23-1mamba
- automatic version update by autodist
* Mon Feb 12 2018 Automatic Build System <autodist@mambasoft.it> 1.8.22-1mamba
- automatic version update by autodist
* Wed Nov 15 2017 Automatic Build System <autodist@mambasoft.it> 1.8.19p1-1mamba
- automatic update by autodist
* Tue Nov 22 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.18p1-1mamba
- update to 1.8.18p1
* Thu Sep 29 2016 Automatic Build System <autodist@mambasoft.it> 1.8.18-1mamba
- automatic version update by autodist
* Sun Jul 31 2016 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.17p1-1mamba
- update to 1.8.17p1
* Thu Mar 31 2016 Automatic Build System <autodist@mambasoft.it> 1.8.16-1mamba
- automatic version update by autodist
* Sat Nov 07 2015 Automatic Build System <autodist@mambasoft.it> 1.8.15-1mamba
- automatic version update by autodist
* Wed Aug 19 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.14p3-2mamba
- fix rundir
* Sun Aug 02 2015 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.14p3-1mamba
- update to 1.8.14p3
* Wed Apr 01 2015 Automatic Build System <autodist@mambasoft.it> 1.8.13-1mamba
- automatic version update by autodist
* Sun Feb 22 2015 Automatic Build System <autodist@mambasoft.it> 1.8.12-1mamba
- automatic version update by autodist
* Tue Oct 28 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.11p1-1mamba
- update to 1.8.11p1
- sudoers: enable /sbin/ldconfig for DISTRO_CMD users
* Thu Jul 03 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.9p5-2mamba
- /etc/sudoers: remove old programs and add ufw to SYSADM_CMD (to fix mambatray enable/disable)
* Wed May 28 2014 Automatic Build System <autodist@mambasoft.it> 1.8.9p5-1mamba
- automatic update by autodist
* Sat Feb 01 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 1.8.9p4-1mamba
- update to 1.8.9p4
* Fri Oct 04 2013 Automatic Build System <autodist@mambasoft.it> 1.8.8-1mamba
- automatic update by autodist
* Mon Jun 17 2013 Automatic Build System <autodist@mambasoft.it> 1.8.7-1mamba
- automatic version update by autodist
* Tue Apr 16 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p8-1mamba
- automatic version update by autodist
* Fri Mar 01 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p7-1mamba
- automatic version update by autodist
* Wed Jan 23 2013 Automatic Build System <autodist@mambasoft.it> 1.8.6p4-1mamba
- automatic version update by autodist
* Wed Sep 19 2012 Automatic Build System <autodist@mambasoft.it> 1.8.6p3-1mamba
- automatic version update by autodist
* Sun Jun 26 2011 Automatic Build System <autodist@mambasoft.it> 1.8.1p2-1mamba
- automatic update by autodist
* Wed Feb 02 2011 Automatic Build System <autodist@mambasoft.it> 1.7.4p6-1mamba
- automatic update by autodist
* Tue Jan 11 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p4-2mamba
- sudoers: change path or rpm from /bin/rpm to /usr/bin/rpm (rpm 5)
* Wed Nov 10 2010 Automatic Build System <autodist@mambasoft.it> 1.7.4p4-1mamba
- automatic update by autodist
* Fri Sep 03 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p3-2mamba
- create and own /var/db/sudo
* Sun Aug 22 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.4p3-1mamba
- update to 1.7.4p3
- added support for /etc/sudoers.d directory
* Mon Jun 21 2010 Automatic Build System <autodist@mambasoft.it> 1.7.2p7-1mamba
- automatic update by autodist
* Mon Feb 15 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.2p2-3mamba
- /opt/kde3/bin/kcmshell removed from /etc/sudoers
* Wed Jan 06 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.2p2-2mamba
- add /usr/bin/smart to sudoers DISTRO_CMD
* Tue Dec 08 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2p2-1mamba
- automatic update by autodist
* Wed Jul 29 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2p1-1mamba
- automatic update by autodist
* Fri Jul 17 2009 Automatic Build System <autodist@mambasoft.it> 1.7.2-1mamba
- automatic update by autodist
* Sun Apr 19 2009 Automatic Build System <autodist@mambasoft.it> 1.7.1-1mamba
- automatic update by autodist
* Sat Apr 04 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 1.7.0-1mamba
- automatic update by autodist
* Sun Feb 01 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p20-1mamba
- update to 1.6.9p20
- added support for kde4 binaries path
* Wed Dec 03 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p18-1mamba
- automatic update by autodist
* Thu May 08 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p15-2mamba
- added kde3 path to secure dirs; removed /usr/X11R6/bin
- added patch that disables default environment reset
* Mon Mar 31 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.9p15-1mamba
- update to 1.6.9p15
- sudoers: allow execution of all commands in system path to sysadmin group
requiring user password
- removed pam, badenv table and can_2006_0151 patches applied upstream
* Fri Dec 28 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-13mamba
- removed a message when installing/upgrading
* Tue Nov 27 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-12mamba
- sudoers: added /opt/kde3/bin/mambapt in DISTRO_CMD
- sudoers: removed obsolete EXTRA_CMD (/usr/bin/updatechecker and /usr/bin/activate)
* Thu Nov 22 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-11mamba
- fixed pam configuration file
* Mon Nov 19 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-10mamba
- added guarddog and kcmshell to SYSADM_CMD
* Tue Jun 27 2006 Massimo Pintore <massimo.pintore@qilinux.it> 1.6.8p12-9qilnx
- added EXTRA_CMD alias in sudoers file
* Fri Apr 21 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-8qilnx
- added /usr/bin/apt-cdrom and /usr/bin/updatechecker in sudoers file
* Thu Apr 06 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-7qilnx
- option '--with-exempt=%{sysadmin_name}' disabled
* Wed Apr 05 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-6qilnx
- rebuild with the option '--with-exempt=%{sysadmin_name}'
- removed patch for CAN-2005-2959 (fixed upstream)
* Tue Feb 14 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-5qilnx
- create and handle sysadmin group
* Mon Feb 06 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-4qilnx
- new patch for CVE-2006-0151
* Wed Jan 25 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 1.6.8p12-3qilnx
- allow "packager" group users to execute rpm, apt-get and synaptic
* Mon Jan 23 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-2qilnx
- security update for CVE-2006-0151 (qibug#117)
* Mon Nov 14 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p12-1qilnx
- update to version 1.6.8p12 by autospec
- also fixes a security issue in perl scripts (QiLinux bug#69)
* Wed Oct 26 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p9-2qilnx
- security fix for CAN-2005-2959 (closes: #55)
* Fri Sep 30 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.6.8p9-1qilnx
- package created by autospec