]>
Commit | Line | Data |
---|---|---|
39c2efed | 1 | # TODO |
f0a40d52 | 2 | # - check and package docs: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz |
62c4d422 | 3 | # - fix pdf gen or disable it: No fo2pdf processor installed, skip PDF generation |
36ef1baf | 4 | # - replace pam_cracklib.so with pam_pwquality.so (backwards compatible with its options), comes with pam-pam_pwquality package |
d10a7e65 ER |
5 | # - pam_tally, pam_tally2 is deprecated in favor of pam_faillock |
6 | # use patch for now: pkgs.fedoraproject.org/pam/pam-1.2.1-faillock.patch | |
7 | # https://www.redhat.com/archives/pam-list/2017-June/msg00002.html | |
c9ad1aae | 8 | # |
d11ce12e | 9 | # Conditional build: |
b4afc5a5 | 10 | %bcond_without doc # don't build documentation |
b378d3bb | 11 | %bcond_with prelude # build with Prelude IDS support (in libpam) |
846d8fdc | 12 | %bcond_without selinux # build without SELinux support |
84871244 | 13 | %bcond_without audit # build with Linux Auditing library support |
37dd6f95 | 14 | |
48ec83cd | 15 | %define pam_pld_version 1.1.2-1 |
abb00f9e | 16 | Summary: Pluggable Authentication Modules: modular, incremental authentication |
b7025e7f ER |
17 | Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung |
18 | Summary(es.UTF-8): Módulos de autentificación plugables (PAM) | |
19 | Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication | |
20 | Summary(pl.UTF-8): Modularny system uwierzytelniania | |
21 | Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM) | |
22 | Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений | |
23 | Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri | |
24 | Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм | |
abb00f9e | 25 | Name: pam |
f0a40d52 | 26 | Version: 1.3.1 |
1854045c | 27 | Release: 2 |
e6e4b559 | 28 | Epoch: 1 |
e6a46f40 ER |
29 | # The library is BSD licensed with option to relicense as GPLv2+ |
30 | # - this option is redundant as the BSD license allows that anyway. | |
31 | # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. | |
c82e01c3 | 32 | License: BSD and GPL v2+ |
abb00f9e | 33 | Group: Base |
f0a40d52 ER |
34 | Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz |
35 | # Source0-md5: 558ff53b0fc0563ca97f79e911822165 | |
c9ad1aae | 36 | Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz |
48ec83cd | 37 | # Source2-md5: f9ec6fcafcf1801bf318e60040244f2e |
7f8ab60d JR |
38 | Source3: other.pamd |
39 | Source4: system-auth.pamd | |
40 | Source5: config-util.pamd | |
c9ad1aae | 41 | Source6: %{name}_selinux_check.pamd |
7f8ab60d JR |
42 | Source7: system-auth.5 |
43 | Source8: config-util.5 | |
664ca91d | 44 | Source9: %{name}.tmpfiles |
024572d7 | 45 | Source10: postlogin.pamd |
7f8ab60d | 46 | Patch0: %{name}-pld-modules.patch |
3675ad2d | 47 | Patch1: %{name}_console-lex-static.patch |
57fed07b JR |
48 | Patch2: %{name}-tally-fail-close.patch |
49 | Patch3: %{name}-mkhomedir-notfound.patch | |
50 | Patch4: %{name}-db-gdbm.patch | |
51 | Patch5: %{name}-exec-failok.patch | |
3c20be82 | 52 | Patch6: update-motd.patch |
d9e597ca | 53 | URL: http://www.linux-pam.org/ |
85c2b5f9 | 54 | %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9} |
ce3569c4 | 55 | BuildRequires: autoconf >= 2.61 |
b8f360f2 | 56 | BuildRequires: automake |
1dc7ef6b | 57 | BuildRequires: bison |
234dfb8e | 58 | BuildRequires: cracklib-devel >= 2.8.3 |
de5c0104 | 59 | BuildRequires: flex |
c82e01c3 | 60 | # gdbm due to db pulling libpthread |
c9ad1aae | 61 | BuildRequires: gdbm-devel >= 1.8.3-7 |
8d4d959f | 62 | BuildRequires: gettext-tools >= 0.18.3 |
57fed07b | 63 | BuildRequires: glibc-devel >= 6:2.10.1 |
ce3569c4 | 64 | %{?with_prelude:BuildRequires: libprelude-devel >= 0.9.0} |
818d8684 | 65 | %{?with_selinux:BuildRequires: libselinux-devel >= 2.1.9} |
c044e6be JB |
66 | BuildRequires: libtirpc-devel |
67 | BuildRequires: libtool >= 2:2 | |
ce3569c4 | 68 | BuildRequires: libxcrypt-devel |
3895445c | 69 | %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1} |
c53831dc | 70 | BuildRequires: pkgconfig |
3895445c | 71 | BuildRequires: zlib-devel |
b4afc5a5 | 72 | %if %{with doc} |
57fed07b | 73 | BuildRequires: docbook-dtd412-xml |
7f8ab60d JR |
74 | BuildRequires: docbook-dtd43-xml |
75 | BuildRequires: docbook-dtd44-xml | |
76 | BuildRequires: docbook-style-xsl >= 1.69.1 | |
84871244 JR |
77 | # For building PDFs |
78 | #BuildRequires: fop | |
7f8ab60d JR |
79 | BuildRequires: libxml2-progs |
80 | BuildRequires: libxslt-progs | |
81 | BuildRequires: w3m | |
b4afc5a5 | 82 | %endif |
fe9df33a | 83 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
25846ece | 84 | %{?with_audit:Requires: audit-libs >= 1.0.8} |
c9ad1aae | 85 | Requires: awk |
25846ece | 86 | Requires: crypt(blowfish) |
25846ece | 87 | Requires: glibc >= 6:2.5-0.5 |
818d8684 | 88 | %{?with_selinux:Requires: libselinux >= 2.1.9} |
375c4d21 | 89 | Requires: pam-pam_cracklib = %{epoch}:%{version}-%{release} |
eb400e74 | 90 | Suggests: make |
5a075d87 | 91 | Suggests: pam-pam_pwquality |
22604a87 | 92 | Suggests: pam-pam_userdb = %{epoch}:%{version}-%{release} |
73954d99 | 93 | Obsoletes: pam-doc |
25846ece ER |
94 | Obsoletes: pam-pam_opie |
95 | Obsoletes: pam-pam_pwdb | |
96 | Obsoletes: pam-pam_radius | |
97 | Obsoletes: pam-pam_skey | |
98 | Obsoletes: pam-pam_tcpd | |
c9ad1aae ER |
99 | Obsoletes: pam_make |
100 | Obsoletes: pamconfig | |
101 | Conflicts: dev < 3.4-4 | |
25846ece | 102 | Conflicts: pam < 0:0.80.1-2 |
c9ad1aae | 103 | Conflicts: udev < 1:138-5 |
28fa39c9 | 104 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
f0f219ac | 105 | |
37dd6f95 ER |
106 | %define _sbindir /sbin |
107 | ||
f0f219ac | 108 | %description |
faaf5eea | 109 | PAM (Pluggable Authentication Modules) is a powerful, flexible, |
110 | extensible authentication system which allows the system administrator | |
111 | to configure authentication services individually for every | |
112 | pam-compliant application without recompiling any of the applications. | |
f0f219ac | 113 | |
e2cbb18f JR |
114 | %description -l de.UTF-8 |
115 | PAM (Pluggable Authentication Modules) ist ein leistungsfähiges, | |
faaf5eea | 116 | flexibles und erweiterbares Authentifizierungssystem, mit dem der |
e2cbb18f | 117 | Systemverwalter Authentifizierungs-Dienste individuell für jede |
faaf5eea | 118 | pam-kompatible Anwendung konfigurieren kann, ohne diese neu |
e2cbb18f | 119 | kompilieren zu müssen. |
f0f219ac | 120 | |
e2cbb18f JR |
121 | %description -l es.UTF-8 |
122 | PAM (Módulos de Autenticación Plugables) es un potente, flexible y | |
123 | extensible sistema de autentificación, que permite al administrador | |
124 | del sistema configurar servicios de autentificación individualmente | |
125 | para cada aplicación pam compatible, sin la necesidad de recompilar | |
8797d11d JB |
126 | cualquier una de las aplicaciones. |
127 | ||
e2cbb18f JR |
128 | %description -l fr.UTF-8 |
129 | PAM (Pluggable Authentication Modules) est un systéme | |
130 | d'authentification puissant, souple et extensible permettant à | |
131 | l'administrateur système de configurer les individuellement les | |
132 | services d'authentification pour chaque application conforme à PAM, | |
faaf5eea | 133 | sans recompiler aucune application. |
ac46f43b | 134 | |
e2cbb18f JR |
135 | %description -l pl.UTF-8 |
136 | PAM (Pluggable Authentication Modules) jest silnym i łatwo | |
137 | dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia | |
138 | administratorowi indywidualne konfigurowanie poszczególnych usług, | |
139 | które są dostosowane i skonsolidowane z bibliotekami PAM, bez | |
140 | późniejszej ich rekompilacji w momencie zmiany sposobu | |
141 | uwierzytelniania tychże usług. | |
b1babe47 | 142 | |
e2cbb18f JR |
143 | %description -l pt_BR.UTF-8 |
144 | PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e | |
145 | extensível sistema de autenticação, que permite o administrador do | |
146 | sistema configurar serviços de autenticação individualmente para cada | |
147 | aplicação pam compatível, sem necessidade de recompilar qualquer uma | |
148 | das aplicações. | |
51c8ab2d | 149 | |
e2cbb18f JR |
150 | %description -l uk.UTF-8 |
151 | PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до | |
152 | розширення система аутентикації, яка дозволяє системному | |
153 | адміністратору налагоджувати севіси авторизації доступу (аутентикації) | |
154 | індивідуально для кожної pam-сумісної програми без необхідності | |
155 | перекомпіляції самої програми. Це базовий механізм аутентикації в PLD | |
b440fddc | 156 | Linux. |
157 | ||
e2cbb18f JR |
158 | %description -l tr.UTF-8 |
159 | PAM (Pluggable Authentication Modules) sistem yöneticilerinin | |
160 | uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu | |
161 | uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan, | |
162 | güclü, esnek ve kapsamlı bir doğrulama sistemidir. | |
51c8ab2d | 163 | |
e2cbb18f JR |
164 | %description -l ru.UTF-8 |
165 | PAM (Pluggable Authentication Modules) - это мощная, гибкая, | |
166 | расширяемая система аутентикации, позволяющая системному | |
167 | администратору конфигурировать сервисы авторизации доступа | |
168 | (аутентикации) индивидуально для каждой pam-совместимой программы без | |
169 | необходимости перекомпилляции самой программы. Это базовый механизм | |
170 | аутентикации в PLD Linux. | |
b440fddc | 171 | |
fe9df33a | 172 | %package libs |
25846ece ER |
173 | Summary: PAM libraries |
174 | Summary(pl.UTF-8): Moduły PAM | |
fe9df33a | 175 | Group: Libraries |
234dfb8e | 176 | Requires(triggerpostun): sed >= 4.0 |
fe9df33a ER |
177 | |
178 | %description libs | |
25846ece | 179 | PAM libraries. |
fe9df33a | 180 | |
e2cbb18f | 181 | %description libs -l pl.UTF-8 |
25846ece | 182 | Moduły PAM. |
b96eca5e | 183 | |
ac46f43b | 184 | %package devel |
abb00f9e | 185 | Summary: PAM header files |
b7025e7f ER |
186 | Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM |
187 | Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
188 | Summary(ru.UTF-8): Библиотеки разработчика для PAM | |
189 | Summary(uk.UTF-8): Бібліотеки програміста для PAM | |
0bb742f7 | 190 | Group: Development/Libraries |
c82e01c3 | 191 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
15909b27 | 192 | %{?with_audit:Requires: audit-libs-devel >= 1.0.8} |
a3ffb3a4 | 193 | Requires: filesystem >= 3.0-11 |
ac46f43b JR |
194 | |
195 | %description devel | |
196 | Header files for developing PAM based applications. | |
f0f219ac | 197 | |
e2cbb18f JR |
198 | %description devel -l pl.UTF-8 |
199 | Pliki nagłówkowe i dokumentacja programisty do PAM. | |
ac46f43b | 200 | |
e2cbb18f JR |
201 | %description devel -l pt_BR.UTF-8 |
202 | Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
51c8ab2d | 203 | |
e2cbb18f JR |
204 | %description devel -l ru.UTF-8 |
205 | Этот пакет содержит хедеры и библиотеки разработчика для PAM. | |
b440fddc | 206 | |
e2cbb18f JR |
207 | %description devel -l uk.UTF-8 |
208 | Цей пакет містить хедери та бібліотеки програміста для PAM. | |
b440fddc | 209 | |
ac46f43b | 210 | %package static |
abb00f9e | 211 | Summary: PAM static libraries |
b7025e7f ER |
212 | Summary(pl.UTF-8): Biblioteki statyczne PAM |
213 | Summary(ru.UTF-8): Статические библиотеки разработчика для PAM | |
214 | Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM | |
0bb742f7 | 215 | Group: Development/Libraries |
846d8fdc | 216 | Requires: %{name}-devel = %{epoch}:%{version}-%{release} |
ac46f43b JR |
217 | |
218 | %description static | |
219 | PAM static libraries. | |
b1babe47 | 220 | |
e2cbb18f | 221 | %description static -l pl.UTF-8 |
ac46f43b | 222 | Biblioteki statyczne PAM. |
b1babe47 | 223 | |
e2cbb18f JR |
224 | %description static -l ru.UTF-8 |
225 | Этот пакет содержит статические библиотеки разработчика для PAM. | |
b440fddc | 226 | |
e2cbb18f JR |
227 | %description static -l uk.UTF-8 |
228 | Цей пакет містить статичні бібліотеки програміста для PAM. | |
b440fddc | 229 | |
375c4d21 ER |
230 | %package pam_cracklib |
231 | Summary: PAM module to check the password against dictionary words | |
c82e01c3 | 232 | Summary(pl.UTF-8): Moduł PAM do sprawdzania haseł względem słów ze słownika |
375c4d21 | 233 | Group: Base |
c82e01c3 JB |
234 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
235 | Requires: cracklib >= 2.8.3 | |
236 | Requires: cracklib-dicts >= 2.8.3 | |
375c4d21 ER |
237 | |
238 | %description pam_cracklib | |
239 | PAM module to check the password against dictionary words. | |
240 | ||
c82e01c3 JB |
241 | %description pam_cracklib -l pl.UTF-8 |
242 | Moduł PAM do sprawdzania haseł względem słów ze słownika. | |
243 | ||
1fbc0597 JR |
244 | %package pam_selinux |
245 | Summary: PAM module - SELinux support | |
b7025e7f | 246 | Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa |
1fbc0597 | 247 | Group: Base |
c82e01c3 | 248 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
818d8684 | 249 | Requires: libselinux >= 2.1.9 |
1fbc0597 JR |
250 | |
251 | %description pam_selinux | |
252 | PAM module - SELinux support. | |
253 | ||
e2cbb18f JR |
254 | %description pam_selinux -l pl.UTF-8 |
255 | Moduł PAM pozwalający na zmianę kontekstów SELinuksa. | |
1fbc0597 | 256 | |
e5de221b | 257 | %package pam_userdb |
c82e01c3 JB |
258 | Summary: PAM module - authenticate against GDBM database |
259 | Summary(pl.UTF-8): Moduł PAM do uwierzytelniania względem bazy danych GDBM | |
e5de221b | 260 | Group: Base |
c82e01c3 | 261 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
e5de221b | 262 | Requires: gdbm >= 1.8.3-7 |
e5de221b ER |
263 | |
264 | %description pam_userdb | |
c82e01c3 JB |
265 | pam_userdb - PAM module to authenticate against GDBM database. |
266 | ||
267 | %description pam_userdb -l pl.UTF-8 | |
268 | pam_userdb - moduł PAM służący do uwierzytelniania względem bazy | |
269 | danych GDBM. | |
e5de221b | 270 | |
f0f219ac | 271 | %prep |
7f8ab60d | 272 | %setup -q -a2 -n Linux-PAM-%{version} |
3d3421d5 | 273 | %patch0 -p1 |
3675ad2d | 274 | %patch1 -p1 |
7f8ab60d JR |
275 | %patch2 -p1 |
276 | %patch3 -p1 | |
277 | %patch4 -p1 | |
278 | %patch5 -p1 | |
4f6939c8 ER |
279 | # upstream has similar approach for multiple files (not no exec): |
280 | # https://github.com/linux-pam/linux-pam/pull/48 | |
281 | #%patch6 -p1 | |
e523043b | 282 | |
ac46f43b | 283 | %build |
7796f9da | 284 | %{__libtoolize} |
fc1ef364 | 285 | %{__aclocal} -I m4 |
7796f9da | 286 | %{__autoconf} |
287 | %{__autoheader} | |
288 | %{__automake} | |
7edd7783 | 289 | %configure \ |
6dc76558 | 290 | ac_cv_path_FO2PDF= \ |
7f8ab60d JR |
291 | --enable-static \ |
292 | --enable-shared \ | |
293 | --libdir=/%{_lib} \ | |
294 | --includedir=%{_includedir}/security \ | |
295 | --enable-isadir=../../%{_lib}/security \ | |
b81508df | 296 | --enable-db=gdbm \ |
1fbc0597 JR |
297 | %{!?with_selinux:--disable-selinux} \ |
298 | %{!?with_prelude:--disable-prelude} \ | |
7f8ab60d | 299 | %{!?with_audit:--disable-audit} |
c894cd9b | 300 | |
7f8ab60d JR |
301 | # we must explicitely update-gmo as we patch a po file |
302 | %{__make} -C po update-gmo | |
0c9926ce MB |
303 | %{__make} \ |
304 | DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE" | |
f0f219ac | 305 | |
306 | %install | |
4587144c | 307 | rm -rf $RPM_BUILD_ROOT |
e58dd313 | 308 | install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/{log,run/sepermit}} \ |
0bc3c2f5 | 309 | $RPM_BUILD_ROOT%{systemdtmpfilesdir} |
4d13ca23 | 310 | |
4be82bfe JB |
311 | %{__make} install \ |
312 | DESTDIR=$RPM_BUILD_ROOT | |
4d13ca23 | 313 | |
848c50ae | 314 | %if %{with selinux} |
0bc3c2f5 ER |
315 | install -p modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir} |
316 | cp -p modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8 | |
317 | cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check | |
848c50ae | 318 | %endif |
7f8ab60d | 319 | |
0bc3c2f5 | 320 | cp -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf |
664ca91d | 321 | |
c9ad1aae | 322 | install -d doc/txts |
e5de221b ER |
323 | for r in modules/pam_*/README; do |
324 | cp -pf $r doc/txts/README.$(basename $(dirname $r)) | |
7f8ab60d | 325 | done |
c044e6be | 326 | %{__rm} doc/txts/README.pam_userdb |
375c4d21 | 327 | %{__rm} doc/txts/README.pam_cracklib |
c9ad1aae | 328 | install -d doc/html |
e5de221b | 329 | cp -pf doc/index.html doc/html/ |
7f8ab60d JR |
330 | |
331 | # fix PAM/pam man page | |
332 | echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8 | |
f0f219ac | 333 | |
157b3e1c | 334 | :> $RPM_BUILD_ROOT/etc/security/opasswd |
b43d0a9b | 335 | :> $RPM_BUILD_ROOT/etc/security/blacklist |
9e64e40d | 336 | |
7f8ab60d | 337 | :> $RPM_BUILD_ROOT/var/log/tallylog |
508c2464 | 338 | |
c044e6be | 339 | %{__mv} $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir} |
508c2464 | 340 | |
c1d4fb20 | 341 | cd $RPM_BUILD_ROOT/%{_lib} |
a1307506 | 342 | for f in lib*.la ; do |
c044e6be JB |
343 | %{__sed} -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' \ |
344 | -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $f > $RPM_BUILD_ROOT%{_libdir}/$f | |
345 | %{__rm} $f | |
a1307506 | 346 | done |
c1d4fb20 AM |
347 | ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so |
348 | ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so | |
349 | ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so | |
7f8ab60d | 350 | cd - |
8ab52661 | 351 | |
0bc3c2f5 ER |
352 | cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other |
353 | cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth | |
354 | cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util | |
024572d7 | 355 | cp -p %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/postlogin |
7f8ab60d | 356 | |
0bc3c2f5 ER |
357 | cp -p %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5 |
358 | cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5 | |
c38ff42d | 359 | |
b81508df JR |
360 | # Make sure every module subdirectory gave us a module. Yes, this is hackish. |
361 | for dir in modules/pam_* ; do | |
df8313a3 | 362 | %if %{without selinux} |
f9ad2164 | 363 | [ ${dir} = "modules/pam_selinux" ] && continue |
85c2b5f9 | 364 | [ ${dir} = "modules/pam_sepermit" ] && continue |
6d7d9335 JK |
365 | %endif |
366 | %if %{without audit} | |
367 | [ ${dir} = "modules/pam_tty_audit" ] && continue | |
f9ad2164 | 368 | %endif |
b81508df JR |
369 | if [ -d ${dir} ] ; then |
370 | if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then | |
371 | echo ERROR `basename ${dir}` did not build a module. | |
372 | exit 1 | |
373 | fi | |
374 | fi | |
375 | done | |
376 | ||
377 | for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do | |
378 | # Check for module problems. Specifically, check that every module we just | |
379 | # installed can actually be loaded by a minimal PAM-aware application. | |
380 | if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \ | |
381 | ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then | |
382 | echo ERROR module: ${module} cannot be loaded. | |
383 | exit 1 | |
384 | fi | |
b81508df JR |
385 | done |
386 | ||
aae9c5e1 | 387 | # useless - shut up check-files |
c044e6be JB |
388 | %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a} |
389 | %{__rm} $RPM_BUILD_ROOT/%{_lib}/lib*.so | |
390 | %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/Linux-PAM | |
fe9df33a | 391 | |
df8313a3 | 392 | %if %{without selinux} |
fe9df33a ER |
393 | rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*} |
394 | %endif | |
aae9c5e1 | 395 | |
7f8ab60d JR |
396 | %find_lang Linux-PAM |
397 | ||
abb00f9e | 398 | %clean |
4587144c | 399 | rm -rf $RPM_BUILD_ROOT |
abb00f9e | 400 | |
5d252f91 | 401 | %triggerpostun libs -- %{name}-libs < 0.99.7.1 |
db255670 | 402 | for f in $(grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*); do |
a1307506 JR |
403 | case "$f" in |
404 | *rpmorig|*rpmnew|*rpmsave|*~|*.orig) | |
405 | continue | |
406 | ;; | |
407 | *) | |
234dfb8e JR |
408 | cp -f "$f" "$f.rpmorig" |
409 | sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \ | |
410 | -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f" | |
a1307506 JR |
411 | ;; |
412 | esac | |
413 | done | |
414 | if [ -d /var/lock/console -a -d /var/run/console ]; then | |
75f2161e | 415 | cp -a /var/lock/console/* /var/run/console/ 2> /dev/null |
234dfb8e | 416 | rm -rf /var/lock/console |
a1307506 | 417 | fi |
5d252f91 | 418 | |
37dd6f95 ER |
419 | %triggerin -- cronie,vixie-cron,hc-cron,fcron,mcron |
420 | # restart crond if pam is upgraded | |
421 | # (crond is linked with old libpam but tries to open modules linked with new libpam) | |
422 | if [ "$1" != 1 ]; then | |
423 | %service -q crond restart | |
424 | fi | |
d2d4c3b4 | 425 | exit 0 |
37dd6f95 | 426 | |
f1a6863d ER |
427 | %triggerpostun -- %{name} < 1:1.1.5-8 |
428 | # removed in 1.1.4 | |
429 | if grep -qs change_uid /etc/pam.d/system-auth; then | |
430 | %{__sed} -i -e '/session/ s/change_uid//' /etc/pam.d/system-auth | |
431 | fi | |
432 | ||
15d8e9b5 JR |
433 | # We want it added for painless upgarde even if it mean log pollution for non-systemd |
434 | # enabled systems, | |
435 | # If this module is not present on systemd enabled system then `systemctl restart sshd.service` | |
436 | # will kill all sessions. | |
437 | if ! grep -qs pam_systemd /etc/pam.d/system-auth; then | |
eb64f1e9 | 438 | echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth |
15d8e9b5 JR |
439 | fi |
440 | ||
00005501 PZ |
441 | %post -p <lua> |
442 | fh, error = io.open("/var/log/tallylog") | |
b8423a52 | 443 | if fh ~= nil then |
00005501 PZ |
444 | io.close(fh) |
445 | else | |
446 | fh = io.open("/var/log/tallylog", "w+") | |
447 | io.close(fh) | |
448 | posix.chmod("/var/log/tallylog", "rw-------") | |
449 | end | |
0607c402 | 450 | |
fe9df33a ER |
451 | %post libs -p /sbin/ldconfig |
452 | %postun libs -p /sbin/ldconfig | |
96ffe39f | 453 | |
7f8ab60d | 454 | %files -f Linux-PAM.lang |
abb00f9e | 455 | %defattr(644,root,root,755) |
a738676c | 456 | %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README* |
fe9df33a | 457 | %if %{with doc} |
a738676c | 458 | %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html |
fe9df33a | 459 | %endif |
c9ad1aae ER |
460 | %dir /etc/pam.d |
461 | %dir /etc/security/console.apps | |
462 | %dir /etc/security/console.perms.d | |
463 | %dir /var/run/console | |
3c20be82 | 464 | %{systemdtmpfilesdir}/%{name}.conf |
b81508df | 465 | %config(noreplace) %verify(not md5 mtime size) /etc/environment |
b2c6cf13 ER |
466 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other |
467 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth | |
7f8ab60d | 468 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util |
024572d7 | 469 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/postlogin |
b2c6cf13 | 470 | %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf |
b43d0a9b | 471 | %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist |
b81508df JR |
472 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers |
473 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms | |
b2c6cf13 ER |
474 | %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf |
475 | %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf | |
b81508df JR |
476 | %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf |
477 | %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init | |
478 | %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf | |
b2c6cf13 | 479 | %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf |
e6a1f162 ER |
480 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram |
481 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.en | |
e8c63aa7 | 482 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.de |
698e82b0 | 483 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.dk |
e8c63aa7 ER |
484 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.es |
485 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.fi | |
486 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.it | |
487 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.ja | |
488 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.no | |
489 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.pl | |
e6a1f162 | 490 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms.d/50-default.perms |
b2c6cf13 | 491 | %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd |
fe9df33a | 492 | %attr(755,root,root) %{_bindir}/pam_pwgen |
57fed07b | 493 | %attr(755,root,root) %{_sbindir}/mkhomedir_helper |
7f8ab60d | 494 | %attr(755,root,root) %{_sbindir}/pam_console_apply |
fe9df33a | 495 | %attr(755,root,root) %{_sbindir}/pam_tally |
7f8ab60d JR |
496 | %attr(755,root,root) %{_sbindir}/pam_tally2 |
497 | %attr(755,root,root) %{_sbindir}/pam_timestamp_check | |
fe9df33a | 498 | %attr(755,root,root) %{_sbindir}/pwgen_trigram |
57fed07b JR |
499 | %attr(4755,root,root) %{_sbindir}/unix_chkpwd |
500 | %attr(4755,root,root) %{_sbindir}/unix_update | |
b378d3bb JB |
501 | %{_mandir}/man5/access.conf.5* |
502 | %{_mandir}/man5/config-util.5* | |
503 | %{_mandir}/man5/console.apps.5* | |
504 | %{_mandir}/man5/console.handlers.5* | |
505 | %{_mandir}/man5/console.perms.5* | |
c044e6be | 506 | %{_mandir}/man5/environment.5* |
b378d3bb JB |
507 | %{_mandir}/man5/group.conf.5* |
508 | %{_mandir}/man5/limits.conf.5* | |
509 | %{_mandir}/man5/namespace.conf.5* | |
510 | %{_mandir}/man5/pam.conf.5* | |
511 | %{_mandir}/man5/pam.d.5* | |
512 | %{_mandir}/man5/pam_env.conf.5* | |
513 | %{_mandir}/man5/system-auth.5* | |
514 | %{_mandir}/man5/time.conf.5* | |
515 | %{_mandir}/man8/PAM.8* | |
57fed07b | 516 | %{_mandir}/man8/mkhomedir_helper.8* |
b378d3bb JB |
517 | %{_mandir}/man8/pam.8* |
518 | %{_mandir}/man8/pam_*.8* | |
519 | %{_mandir}/man8/unix_chkpwd.8* | |
520 | %{_mandir}/man8/unix_update.8* | |
24c8c941 | 521 | %if %{with selinux} |
db255670 | 522 | %exclude %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 523 | %exclude %{_mandir}/man8/pam_sepermit.8* |
81eb0561 | 524 | %endif |
375c4d21 | 525 | %exclude %{_mandir}/man8/pam_cracklib.8* |
e5de221b | 526 | %exclude %{_mandir}/man8/pam_userdb.8* |
c9ad1aae | 527 | %ghost %verify(not md5 mtime size) /var/log/tallylog |
fe9df33a | 528 | |
25846ece | 529 | # PAM modules |
3bc02d41 JB |
530 | %attr(755,root,root) /%{_lib}/security/pam_access.so |
531 | %attr(755,root,root) /%{_lib}/security/pam_console.so | |
3bc02d41 JB |
532 | %attr(755,root,root) /%{_lib}/security/pam_debug.so |
533 | %attr(755,root,root) /%{_lib}/security/pam_deny.so | |
7f8ab60d | 534 | %attr(755,root,root) /%{_lib}/security/pam_echo.so |
3bc02d41 | 535 | %attr(755,root,root) /%{_lib}/security/pam_env.so |
7f8ab60d JR |
536 | %attr(755,root,root) /%{_lib}/security/pam_exec.so |
537 | %attr(755,root,root) /%{_lib}/security/pam_faildelay.so | |
3bc02d41 | 538 | %attr(755,root,root) /%{_lib}/security/pam_filter.so |
7f8ab60d | 539 | %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER |
3bc02d41 JB |
540 | %attr(755,root,root) /%{_lib}/security/pam_ftp.so |
541 | %attr(755,root,root) /%{_lib}/security/pam_group.so | |
3bc02d41 | 542 | %attr(755,root,root) /%{_lib}/security/pam_issue.so |
7f8ab60d | 543 | %attr(755,root,root) /%{_lib}/security/pam_keyinit.so |
3bc02d41 JB |
544 | %attr(755,root,root) /%{_lib}/security/pam_lastlog.so |
545 | %attr(755,root,root) /%{_lib}/security/pam_limits.so | |
546 | %attr(755,root,root) /%{_lib}/security/pam_listfile.so | |
e1e49c86 | 547 | %attr(755,root,root) /%{_lib}/security/pam_localuser.so |
7f8ab60d | 548 | %attr(755,root,root) /%{_lib}/security/pam_loginuid.so |
3bc02d41 | 549 | %attr(755,root,root) /%{_lib}/security/pam_mail.so |
7f8ab60d | 550 | %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so |
3bc02d41 | 551 | %attr(755,root,root) /%{_lib}/security/pam_motd.so |
b81508df | 552 | %attr(755,root,root) /%{_lib}/security/pam_namespace.so |
3bc02d41 JB |
553 | %attr(755,root,root) /%{_lib}/security/pam_nologin.so |
554 | %attr(755,root,root) /%{_lib}/security/pam_permit.so | |
7f8ab60d | 555 | %attr(755,root,root) /%{_lib}/security/pam_pwexport.so |
3bc02d41 | 556 | %attr(755,root,root) /%{_lib}/security/pam_pwgen.so |
57fed07b | 557 | %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so |
3bc02d41 JB |
558 | %attr(755,root,root) /%{_lib}/security/pam_rhosts.so |
559 | %attr(755,root,root) /%{_lib}/security/pam_rootok.so | |
7f8ab60d | 560 | %attr(755,root,root) /%{_lib}/security/pam_rps.so |
3bc02d41 JB |
561 | %attr(755,root,root) /%{_lib}/security/pam_securetty.so |
562 | %attr(755,root,root) /%{_lib}/security/pam_shells.so | |
563 | %attr(755,root,root) /%{_lib}/security/pam_stress.so | |
e1e49c86 | 564 | %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so |
7f8ab60d | 565 | %attr(755,root,root) /%{_lib}/security/pam_tally2.so |
3bc02d41 JB |
566 | %attr(755,root,root) /%{_lib}/security/pam_tally.so |
567 | %attr(755,root,root) /%{_lib}/security/pam_time.so | |
7f8ab60d | 568 | %attr(755,root,root) /%{_lib}/security/pam_timestamp.so |
6d7d9335 | 569 | %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so} |
7f8ab60d | 570 | %attr(755,root,root) /%{_lib}/security/pam_umask.so |
3bc02d41 | 571 | %attr(755,root,root) /%{_lib}/security/pam_unix.so |
3bc02d41 JB |
572 | %attr(755,root,root) /%{_lib}/security/pam_warn.so |
573 | %attr(755,root,root) /%{_lib}/security/pam_wheel.so | |
574 | %attr(755,root,root) /%{_lib}/security/pam_xauth.so | |
f0f219ac | 575 | |
25846ece ER |
576 | %files libs |
577 | %defattr(644,root,root,755) | |
578 | %dir /%{_lib}/security/pam_filter | |
579 | %attr(755,root,root) /%{_lib}/libpam.so.*.*.* | |
580 | %attr(755,root,root) %ghost /%{_lib}/libpam.so.0 | |
581 | %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.* | |
582 | %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0 | |
583 | %attr(755,root,root) /%{_lib}/libpamc.so.*.*.* | |
584 | %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0 | |
585 | ||
f0f219ac | 586 | %files devel |
abb00f9e | 587 | %defattr(644,root,root,755) |
964f5d32 | 588 | %if %{with doc} |
a738676c | 589 | %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html |
964f5d32 | 590 | %endif |
a738676c JB |
591 | %attr(755,root,root) %{_libdir}/libpam.so |
592 | %attr(755,root,root) %{_libdir}/libpam_misc.so | |
593 | %attr(755,root,root) %{_libdir}/libpamc.so | |
594 | %{_libdir}/libpam.la | |
595 | %{_libdir}/libpam_misc.la | |
596 | %{_libdir}/libpamc.la | |
597 | %{_includedir}/security/_pam_*.h | |
598 | %{_includedir}/security/pam*.h | |
599 | %{_mandir}/man3/misc_conv.3* | |
600 | %{_mandir}/man3/pam*.3* | |
e523043b | 601 | |
ac46f43b | 602 | %files static |
051aeb4a | 603 | %defattr(644,root,root,755) |
98b63014 JR |
604 | %{_libdir}/libpam.a |
605 | %{_libdir}/libpamc.a | |
606 | %{_libdir}/libpam_misc.a | |
7c2f893c | 607 | |
1fbc0597 JR |
608 | %if %{with selinux} |
609 | %files pam_selinux | |
610 | %defattr(644,root,root,755) | |
1fbc0597 | 611 | %attr(755,root,root) /%{_lib}/security/pam_selinux.so |
85c2b5f9 | 612 | %attr(755,root,root) /%{_lib}/security/pam_sepermit.so |
1fbc0597 | 613 | %attr(755,root,root) %{_sbindir}/pam_selinux_check |
c9ad1aae ER |
614 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check |
615 | %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf | |
b378d3bb | 616 | %{_mandir}/man5/sepermit.conf.5* |
1fbc0597 | 617 | %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 618 | %{_mandir}/man8/pam_sepermit.8* |
52c22c8a | 619 | %dir /var/run/sepermit |
1fbc0597 | 620 | %endif |
e5de221b | 621 | |
375c4d21 ER |
622 | %files pam_cracklib |
623 | %defattr(644,root,root,755) | |
624 | %doc modules/pam_cracklib/README | |
625 | %attr(755,root,root) /%{_lib}/security/pam_cracklib.so | |
626 | %{_mandir}/man8/pam_cracklib.8* | |
627 | ||
e5de221b ER |
628 | %files pam_userdb |
629 | %defattr(644,root,root,755) | |
630 | %doc modules/pam_userdb/README | |
631 | %attr(755,root,root) /%{_lib}/security/pam_userdb.so | |
632 | %{_mandir}/man8/pam_userdb.8* |