]>
Commit | Line | Data |
---|---|---|
39c2efed ER |
1 | # TODO |
2 | # - check and package docs: https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.8-docs.tar.bz2 | |
c9ad1aae | 3 | # |
d11ce12e | 4 | # Conditional build: |
b4afc5a5 | 5 | %bcond_without doc # don't build documentation |
b378d3bb | 6 | %bcond_with prelude # build with Prelude IDS support (in libpam) |
846d8fdc | 7 | %bcond_without selinux # build without SELinux support |
84871244 | 8 | %bcond_without audit # build with Linux Auditing library support |
37dd6f95 | 9 | |
48ec83cd | 10 | %define pam_pld_version 1.1.2-1 |
abb00f9e | 11 | Summary: Pluggable Authentication Modules: modular, incremental authentication |
b7025e7f ER |
12 | Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung |
13 | Summary(es.UTF-8): Módulos de autentificación plugables (PAM) | |
14 | Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication | |
15 | Summary(pl.UTF-8): Modularny system uwierzytelniania | |
16 | Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM) | |
17 | Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений | |
18 | Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri | |
19 | Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм | |
abb00f9e | 20 | Name: pam |
6235593e | 21 | Version: 1.1.8 |
22604a87 | 22 | Release: 7 |
e6e4b559 | 23 | Epoch: 1 |
c96a8fe2 | 24 | License: GPL or BSD |
abb00f9e | 25 | Group: Base |
d9e597ca | 26 | Source0: http://www.linux-pam.org/library/Linux-PAM-%{version}.tar.bz2 |
6235593e | 27 | # Source0-md5: 35b6091af95981b1b2cd60d813b5e4ee |
c9ad1aae | 28 | Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz |
48ec83cd | 29 | # Source2-md5: f9ec6fcafcf1801bf318e60040244f2e |
7f8ab60d JR |
30 | Source3: other.pamd |
31 | Source4: system-auth.pamd | |
32 | Source5: config-util.pamd | |
c9ad1aae | 33 | Source6: %{name}_selinux_check.pamd |
7f8ab60d JR |
34 | Source7: system-auth.5 |
35 | Source8: config-util.5 | |
664ca91d | 36 | Source9: %{name}.tmpfiles |
024572d7 | 37 | Source10: postlogin.pamd |
7f8ab60d | 38 | Patch0: %{name}-pld-modules.patch |
57fed07b JR |
39 | Patch2: %{name}-tally-fail-close.patch |
40 | Patch3: %{name}-mkhomedir-notfound.patch | |
41 | Patch4: %{name}-db-gdbm.patch | |
42 | Patch5: %{name}-exec-failok.patch | |
3c20be82 | 43 | Patch6: update-motd.patch |
d9e597ca | 44 | URL: http://www.linux-pam.org/ |
85c2b5f9 | 45 | %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9} |
ce3569c4 | 46 | BuildRequires: autoconf >= 2.61 |
b8f360f2 | 47 | BuildRequires: automake |
1dc7ef6b | 48 | BuildRequires: bison |
234dfb8e | 49 | BuildRequires: cracklib-devel >= 2.8.3 |
b81508df | 50 | # gdbm due to db pulling libpthread |
de5c0104 | 51 | BuildRequires: flex |
c9ad1aae | 52 | BuildRequires: gdbm-devel >= 1.8.3-7 |
ce3569c4 | 53 | BuildRequires: gettext-devel >= 0.15 |
57fed07b | 54 | BuildRequires: glibc-devel >= 6:2.10.1 |
8ea60c4a | 55 | BuildRequires: glibc-misc |
ce3569c4 | 56 | %{?with_prelude:BuildRequires: libprelude-devel >= 0.9.0} |
7f8ab60d | 57 | %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2} |
ce3569c4 | 58 | #BuildRequires: libtirpc-devel |
0a855cc1 | 59 | BuildRequires: libtool >= 2:1.5 |
ce3569c4 | 60 | BuildRequires: libxcrypt-devel |
3895445c | 61 | %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1} |
62 | BuildRequires: zlib-devel | |
b4afc5a5 | 63 | %if %{with doc} |
57fed07b | 64 | BuildRequires: docbook-dtd412-xml |
7f8ab60d JR |
65 | BuildRequires: docbook-dtd43-xml |
66 | BuildRequires: docbook-dtd44-xml | |
67 | BuildRequires: docbook-style-xsl >= 1.69.1 | |
84871244 JR |
68 | # For building PDFs |
69 | #BuildRequires: fop | |
7f8ab60d JR |
70 | BuildRequires: libxml2-progs |
71 | BuildRequires: libxslt-progs | |
72 | BuildRequires: w3m | |
b4afc5a5 | 73 | %endif |
fe9df33a | 74 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
25846ece | 75 | %{?with_audit:Requires: audit-libs >= 1.0.8} |
c9ad1aae | 76 | Requires: awk |
25846ece ER |
77 | Requires: cracklib >= 2.8.3 |
78 | Requires: cracklib-dicts >= 2.8.3 | |
79 | Requires: crypt(blowfish) | |
25846ece | 80 | Requires: glibc >= 6:2.5-0.5 |
eb400e74 | 81 | Suggests: make |
22604a87 | 82 | Suggests: pam-pam_userdb = %{epoch}:%{version}-%{release} |
73954d99 | 83 | Obsoletes: pam-doc |
25846ece ER |
84 | Obsoletes: pam-pam_opie |
85 | Obsoletes: pam-pam_pwdb | |
86 | Obsoletes: pam-pam_radius | |
87 | Obsoletes: pam-pam_skey | |
88 | Obsoletes: pam-pam_tcpd | |
c9ad1aae ER |
89 | Obsoletes: pam_make |
90 | Obsoletes: pamconfig | |
91 | Conflicts: dev < 3.4-4 | |
25846ece | 92 | Conflicts: pam < 0:0.80.1-2 |
c9ad1aae | 93 | Conflicts: udev < 1:138-5 |
28fa39c9 | 94 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
f0f219ac | 95 | |
37dd6f95 ER |
96 | %define _sbindir /sbin |
97 | ||
f0f219ac | 98 | %description |
faaf5eea | 99 | PAM (Pluggable Authentication Modules) is a powerful, flexible, |
100 | extensible authentication system which allows the system administrator | |
101 | to configure authentication services individually for every | |
102 | pam-compliant application without recompiling any of the applications. | |
f0f219ac | 103 | |
e2cbb18f JR |
104 | %description -l de.UTF-8 |
105 | PAM (Pluggable Authentication Modules) ist ein leistungsfähiges, | |
faaf5eea | 106 | flexibles und erweiterbares Authentifizierungssystem, mit dem der |
e2cbb18f | 107 | Systemverwalter Authentifizierungs-Dienste individuell für jede |
faaf5eea | 108 | pam-kompatible Anwendung konfigurieren kann, ohne diese neu |
e2cbb18f | 109 | kompilieren zu müssen. |
f0f219ac | 110 | |
e2cbb18f JR |
111 | %description -l es.UTF-8 |
112 | PAM (Módulos de Autenticación Plugables) es un potente, flexible y | |
113 | extensible sistema de autentificación, que permite al administrador | |
114 | del sistema configurar servicios de autentificación individualmente | |
115 | para cada aplicación pam compatible, sin la necesidad de recompilar | |
8797d11d JB |
116 | cualquier una de las aplicaciones. |
117 | ||
e2cbb18f JR |
118 | %description -l fr.UTF-8 |
119 | PAM (Pluggable Authentication Modules) est un systéme | |
120 | d'authentification puissant, souple et extensible permettant à | |
121 | l'administrateur système de configurer les individuellement les | |
122 | services d'authentification pour chaque application conforme à PAM, | |
faaf5eea | 123 | sans recompiler aucune application. |
ac46f43b | 124 | |
e2cbb18f JR |
125 | %description -l pl.UTF-8 |
126 | PAM (Pluggable Authentication Modules) jest silnym i łatwo | |
127 | dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia | |
128 | administratorowi indywidualne konfigurowanie poszczególnych usług, | |
129 | które są dostosowane i skonsolidowane z bibliotekami PAM, bez | |
130 | późniejszej ich rekompilacji w momencie zmiany sposobu | |
131 | uwierzytelniania tychże usług. | |
b1babe47 | 132 | |
e2cbb18f JR |
133 | %description -l pt_BR.UTF-8 |
134 | PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e | |
135 | extensível sistema de autenticação, que permite o administrador do | |
136 | sistema configurar serviços de autenticação individualmente para cada | |
137 | aplicação pam compatível, sem necessidade de recompilar qualquer uma | |
138 | das aplicações. | |
51c8ab2d | 139 | |
e2cbb18f JR |
140 | %description -l uk.UTF-8 |
141 | PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до | |
142 | розширення система аутентикації, яка дозволяє системному | |
143 | адміністратору налагоджувати севіси авторизації доступу (аутентикації) | |
144 | індивідуально для кожної pam-сумісної програми без необхідності | |
145 | перекомпіляції самої програми. Це базовий механізм аутентикації в PLD | |
b440fddc | 146 | Linux. |
147 | ||
e2cbb18f JR |
148 | %description -l tr.UTF-8 |
149 | PAM (Pluggable Authentication Modules) sistem yöneticilerinin | |
150 | uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu | |
151 | uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan, | |
152 | güclü, esnek ve kapsamlı bir doğrulama sistemidir. | |
51c8ab2d | 153 | |
e2cbb18f JR |
154 | %description -l ru.UTF-8 |
155 | PAM (Pluggable Authentication Modules) - это мощная, гибкая, | |
156 | расширяемая система аутентикации, позволяющая системному | |
157 | администратору конфигурировать сервисы авторизации доступа | |
158 | (аутентикации) индивидуально для каждой pam-совместимой программы без | |
159 | необходимости перекомпилляции самой программы. Это базовый механизм | |
160 | аутентикации в PLD Linux. | |
b440fddc | 161 | |
fe9df33a | 162 | %package libs |
25846ece ER |
163 | Summary: PAM libraries |
164 | Summary(pl.UTF-8): Moduły PAM | |
fe9df33a | 165 | Group: Libraries |
234dfb8e | 166 | Requires(triggerpostun): sed >= 4.0 |
fe9df33a ER |
167 | |
168 | %description libs | |
25846ece | 169 | PAM libraries. |
fe9df33a | 170 | |
e2cbb18f | 171 | %description libs -l pl.UTF-8 |
25846ece | 172 | Moduły PAM. |
b96eca5e | 173 | |
ac46f43b | 174 | %package devel |
abb00f9e | 175 | Summary: PAM header files |
b7025e7f ER |
176 | Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM |
177 | Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
178 | Summary(ru.UTF-8): Библиотеки разработчика для PAM | |
179 | Summary(uk.UTF-8): Бібліотеки програміста для PAM | |
0bb742f7 | 180 | Group: Development/Libraries |
846d8fdc | 181 | Requires: %{name} = %{epoch}:%{version}-%{release} |
15909b27 | 182 | %{?with_audit:Requires: audit-libs-devel >= 1.0.8} |
a3ffb3a4 | 183 | Requires: filesystem >= 3.0-11 |
ac46f43b JR |
184 | |
185 | %description devel | |
186 | Header files for developing PAM based applications. | |
f0f219ac | 187 | |
e2cbb18f JR |
188 | %description devel -l pl.UTF-8 |
189 | Pliki nagłówkowe i dokumentacja programisty do PAM. | |
ac46f43b | 190 | |
e2cbb18f JR |
191 | %description devel -l pt_BR.UTF-8 |
192 | Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
51c8ab2d | 193 | |
e2cbb18f JR |
194 | %description devel -l ru.UTF-8 |
195 | Этот пакет содержит хедеры и библиотеки разработчика для PAM. | |
b440fddc | 196 | |
e2cbb18f JR |
197 | %description devel -l uk.UTF-8 |
198 | Цей пакет містить хедери та бібліотеки програміста для PAM. | |
b440fddc | 199 | |
ac46f43b | 200 | %package static |
abb00f9e | 201 | Summary: PAM static libraries |
b7025e7f ER |
202 | Summary(pl.UTF-8): Biblioteki statyczne PAM |
203 | Summary(ru.UTF-8): Статические библиотеки разработчика для PAM | |
204 | Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM | |
0bb742f7 | 205 | Group: Development/Libraries |
846d8fdc | 206 | Requires: %{name}-devel = %{epoch}:%{version}-%{release} |
ac46f43b JR |
207 | |
208 | %description static | |
209 | PAM static libraries. | |
b1babe47 | 210 | |
e2cbb18f | 211 | %description static -l pl.UTF-8 |
ac46f43b | 212 | Biblioteki statyczne PAM. |
b1babe47 | 213 | |
e2cbb18f JR |
214 | %description static -l ru.UTF-8 |
215 | Этот пакет содержит статические библиотеки разработчика для PAM. | |
b440fddc | 216 | |
e2cbb18f JR |
217 | %description static -l uk.UTF-8 |
218 | Цей пакет містить статичні бібліотеки програміста для PAM. | |
b440fddc | 219 | |
1fbc0597 JR |
220 | %package pam_selinux |
221 | Summary: PAM module - SELinux support | |
b7025e7f | 222 | Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa |
1fbc0597 | 223 | Group: Base |
25846ece | 224 | Requires: libselinux >= 1.33.2 |
1fbc0597 JR |
225 | |
226 | %description pam_selinux | |
227 | PAM module - SELinux support. | |
228 | ||
e2cbb18f JR |
229 | %description pam_selinux -l pl.UTF-8 |
230 | Moduł PAM pozwalający na zmianę kontekstów SELinuksa. | |
1fbc0597 | 231 | |
e5de221b ER |
232 | %package pam_userdb |
233 | Summary: PAM module - authenticate against db database | |
234 | Group: Base | |
235 | Requires: gdbm >= 1.8.3-7 | |
236 | Conflicts: pam-libs < 1:1.1.8-3.1 | |
237 | ||
238 | %description pam_userdb | |
239 | pam_userdb - PAM module to authenticate against a Berkeley DB database | |
240 | ||
f0f219ac | 241 | %prep |
7f8ab60d | 242 | %setup -q -a2 -n Linux-PAM-%{version} |
3d3421d5 | 243 | %patch0 -p1 |
7f8ab60d JR |
244 | %patch2 -p1 |
245 | %patch3 -p1 | |
246 | %patch4 -p1 | |
247 | %patch5 -p1 | |
3c20be82 | 248 | %patch6 -p1 |
e523043b | 249 | |
ac46f43b | 250 | %build |
7796f9da | 251 | %{__libtoolize} |
fc1ef364 | 252 | %{__aclocal} -I m4 |
7796f9da | 253 | %{__autoconf} |
254 | %{__autoheader} | |
255 | %{__automake} | |
7edd7783 | 256 | %configure \ |
6dc76558 | 257 | ac_cv_path_FO2PDF= \ |
7f8ab60d JR |
258 | --enable-static \ |
259 | --enable-shared \ | |
260 | --libdir=/%{_lib} \ | |
261 | --includedir=%{_includedir}/security \ | |
262 | --enable-isadir=../../%{_lib}/security \ | |
b81508df | 263 | --enable-db=gdbm \ |
1fbc0597 JR |
264 | %{!?with_selinux:--disable-selinux} \ |
265 | %{!?with_prelude:--disable-prelude} \ | |
7f8ab60d | 266 | %{!?with_audit:--disable-audit} |
c894cd9b | 267 | |
7f8ab60d JR |
268 | # we must explicitely update-gmo as we patch a po file |
269 | %{__make} -C po update-gmo | |
0c9926ce MB |
270 | %{__make} \ |
271 | DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE" | |
f0f219ac | 272 | |
273 | %install | |
4587144c | 274 | rm -rf $RPM_BUILD_ROOT |
e58dd313 | 275 | install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/{log,run/sepermit}} \ |
0bc3c2f5 | 276 | $RPM_BUILD_ROOT%{systemdtmpfilesdir} |
4d13ca23 | 277 | |
4be82bfe JB |
278 | %{__make} install \ |
279 | DESTDIR=$RPM_BUILD_ROOT | |
4d13ca23 | 280 | |
848c50ae | 281 | %if %{with selinux} |
0bc3c2f5 ER |
282 | install -p modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir} |
283 | cp -p modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8 | |
284 | cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check | |
848c50ae | 285 | %endif |
7f8ab60d | 286 | |
0bc3c2f5 | 287 | cp -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf |
664ca91d | 288 | |
c9ad1aae | 289 | install -d doc/txts |
e5de221b ER |
290 | for r in modules/pam_*/README; do |
291 | cp -pf $r doc/txts/README.$(basename $(dirname $r)) | |
7f8ab60d | 292 | done |
e5de221b | 293 | rm doc/txts/README.pam_userdb |
c9ad1aae | 294 | install -d doc/html |
e5de221b | 295 | cp -pf doc/index.html doc/html/ |
7f8ab60d JR |
296 | |
297 | # fix PAM/pam man page | |
298 | echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8 | |
f0f219ac | 299 | |
157b3e1c | 300 | :> $RPM_BUILD_ROOT/etc/security/opasswd |
b43d0a9b | 301 | :> $RPM_BUILD_ROOT/etc/security/blacklist |
9e64e40d | 302 | |
7f8ab60d | 303 | :> $RPM_BUILD_ROOT/var/log/tallylog |
508c2464 | 304 | |
1107ace3 | 305 | mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir} |
508c2464 | 306 | |
c1d4fb20 | 307 | cd $RPM_BUILD_ROOT/%{_lib} |
a1307506 | 308 | for f in lib*.la ; do |
1107ace3 | 309 | sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f |
a1307506 | 310 | rm -f $f |
2a5c157a | 311 | sed -i -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $RPM_BUILD_ROOT%{_libdir}/$f |
a1307506 | 312 | done |
c1d4fb20 AM |
313 | ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so |
314 | ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so | |
315 | ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so | |
7f8ab60d | 316 | cd - |
8ab52661 | 317 | |
0bc3c2f5 ER |
318 | cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other |
319 | cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth | |
320 | cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util | |
024572d7 | 321 | cp -p %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/postlogin |
7f8ab60d | 322 | |
0bc3c2f5 ER |
323 | cp -p %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5 |
324 | cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5 | |
c38ff42d | 325 | |
b81508df JR |
326 | # Make sure every module subdirectory gave us a module. Yes, this is hackish. |
327 | for dir in modules/pam_* ; do | |
df8313a3 | 328 | %if %{without selinux} |
f9ad2164 | 329 | [ ${dir} = "modules/pam_selinux" ] && continue |
85c2b5f9 | 330 | [ ${dir} = "modules/pam_sepermit" ] && continue |
6d7d9335 JK |
331 | %endif |
332 | %if %{without audit} | |
333 | [ ${dir} = "modules/pam_tty_audit" ] && continue | |
f9ad2164 | 334 | %endif |
b81508df JR |
335 | if [ -d ${dir} ] ; then |
336 | if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then | |
337 | echo ERROR `basename ${dir}` did not build a module. | |
338 | exit 1 | |
339 | fi | |
340 | fi | |
341 | done | |
342 | ||
343 | for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do | |
344 | # Check for module problems. Specifically, check that every module we just | |
345 | # installed can actually be loaded by a minimal PAM-aware application. | |
346 | if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \ | |
347 | ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then | |
348 | echo ERROR module: ${module} cannot be loaded. | |
349 | exit 1 | |
350 | fi | |
b81508df JR |
351 | done |
352 | ||
aae9c5e1 | 353 | # useless - shut up check-files |
c1d4fb20 | 354 | rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a} |
a738676c | 355 | rm -f $RPM_BUILD_ROOT/%{_lib}/lib*.so |
0bc3c2f5 | 356 | rm -rf $RPM_BUILD_ROOT%{_docdir}/Linux-PAM |
fe9df33a | 357 | |
df8313a3 | 358 | %if %{without selinux} |
fe9df33a ER |
359 | rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*} |
360 | %endif | |
aae9c5e1 | 361 | |
7f8ab60d JR |
362 | %find_lang Linux-PAM |
363 | ||
abb00f9e | 364 | %clean |
4587144c | 365 | rm -rf $RPM_BUILD_ROOT |
abb00f9e | 366 | |
5d252f91 | 367 | %triggerpostun libs -- %{name}-libs < 0.99.7.1 |
db255670 | 368 | for f in $(grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*); do |
a1307506 JR |
369 | case "$f" in |
370 | *rpmorig|*rpmnew|*rpmsave|*~|*.orig) | |
371 | continue | |
372 | ;; | |
373 | *) | |
234dfb8e JR |
374 | cp -f "$f" "$f.rpmorig" |
375 | sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \ | |
376 | -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f" | |
a1307506 JR |
377 | ;; |
378 | esac | |
379 | done | |
380 | if [ -d /var/lock/console -a -d /var/run/console ]; then | |
75f2161e | 381 | cp -a /var/lock/console/* /var/run/console/ 2> /dev/null |
234dfb8e | 382 | rm -rf /var/lock/console |
a1307506 | 383 | fi |
5d252f91 | 384 | |
37dd6f95 ER |
385 | %triggerin -- cronie,vixie-cron,hc-cron,fcron,mcron |
386 | # restart crond if pam is upgraded | |
387 | # (crond is linked with old libpam but tries to open modules linked with new libpam) | |
388 | if [ "$1" != 1 ]; then | |
389 | %service -q crond restart | |
390 | fi | |
d2d4c3b4 | 391 | exit 0 |
37dd6f95 | 392 | |
f1a6863d ER |
393 | %triggerpostun -- %{name} < 1:1.1.5-8 |
394 | # removed in 1.1.4 | |
395 | if grep -qs change_uid /etc/pam.d/system-auth; then | |
396 | %{__sed} -i -e '/session/ s/change_uid//' /etc/pam.d/system-auth | |
397 | fi | |
398 | ||
15d8e9b5 JR |
399 | # We want it added for painless upgarde even if it mean log pollution for non-systemd |
400 | # enabled systems, | |
401 | # If this module is not present on systemd enabled system then `systemctl restart sshd.service` | |
402 | # will kill all sessions. | |
403 | if ! grep -qs pam_systemd /etc/pam.d/system-auth; then | |
eb64f1e9 | 404 | echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth |
15d8e9b5 JR |
405 | fi |
406 | ||
00005501 PZ |
407 | %post -p <lua> |
408 | fh, error = io.open("/var/log/tallylog") | |
b8423a52 | 409 | if fh ~= nil then |
00005501 PZ |
410 | io.close(fh) |
411 | else | |
412 | fh = io.open("/var/log/tallylog", "w+") | |
413 | io.close(fh) | |
414 | posix.chmod("/var/log/tallylog", "rw-------") | |
415 | end | |
0607c402 | 416 | |
fe9df33a ER |
417 | %post libs -p /sbin/ldconfig |
418 | %postun libs -p /sbin/ldconfig | |
96ffe39f | 419 | |
7f8ab60d | 420 | %files -f Linux-PAM.lang |
abb00f9e | 421 | %defattr(644,root,root,755) |
a738676c | 422 | %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README* |
fe9df33a | 423 | %if %{with doc} |
a738676c | 424 | %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html |
fe9df33a | 425 | %endif |
c9ad1aae ER |
426 | %dir /etc/pam.d |
427 | %dir /etc/security/console.apps | |
428 | %dir /etc/security/console.perms.d | |
429 | %dir /var/run/console | |
3c20be82 | 430 | %{systemdtmpfilesdir}/%{name}.conf |
b81508df | 431 | %config(noreplace) %verify(not md5 mtime size) /etc/environment |
b2c6cf13 ER |
432 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other |
433 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth | |
7f8ab60d | 434 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util |
024572d7 | 435 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/postlogin |
b2c6cf13 | 436 | %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf |
b43d0a9b | 437 | %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist |
b81508df JR |
438 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers |
439 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms | |
b2c6cf13 ER |
440 | %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf |
441 | %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf | |
b81508df JR |
442 | %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf |
443 | %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init | |
444 | %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf | |
b2c6cf13 | 445 | %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf |
e6a1f162 ER |
446 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram |
447 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.en | |
e8c63aa7 | 448 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.de |
698e82b0 | 449 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.dk |
e8c63aa7 ER |
450 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.es |
451 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.fi | |
452 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.it | |
453 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.ja | |
454 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.no | |
455 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.pl | |
e6a1f162 | 456 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms.d/50-default.perms |
b2c6cf13 | 457 | %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd |
fe9df33a | 458 | %attr(755,root,root) %{_bindir}/pam_pwgen |
57fed07b | 459 | %attr(755,root,root) %{_sbindir}/mkhomedir_helper |
7f8ab60d | 460 | %attr(755,root,root) %{_sbindir}/pam_console_apply |
fe9df33a | 461 | %attr(755,root,root) %{_sbindir}/pam_tally |
7f8ab60d JR |
462 | %attr(755,root,root) %{_sbindir}/pam_tally2 |
463 | %attr(755,root,root) %{_sbindir}/pam_timestamp_check | |
fe9df33a | 464 | %attr(755,root,root) %{_sbindir}/pwgen_trigram |
57fed07b JR |
465 | %attr(4755,root,root) %{_sbindir}/unix_chkpwd |
466 | %attr(4755,root,root) %{_sbindir}/unix_update | |
b378d3bb JB |
467 | %{_mandir}/man5/access.conf.5* |
468 | %{_mandir}/man5/config-util.5* | |
469 | %{_mandir}/man5/console.apps.5* | |
470 | %{_mandir}/man5/console.handlers.5* | |
471 | %{_mandir}/man5/console.perms.5* | |
472 | %{_mandir}/man5/group.conf.5* | |
473 | %{_mandir}/man5/limits.conf.5* | |
474 | %{_mandir}/man5/namespace.conf.5* | |
475 | %{_mandir}/man5/pam.conf.5* | |
476 | %{_mandir}/man5/pam.d.5* | |
477 | %{_mandir}/man5/pam_env.conf.5* | |
478 | %{_mandir}/man5/system-auth.5* | |
479 | %{_mandir}/man5/time.conf.5* | |
480 | %{_mandir}/man8/PAM.8* | |
57fed07b | 481 | %{_mandir}/man8/mkhomedir_helper.8* |
b378d3bb JB |
482 | %{_mandir}/man8/pam.8* |
483 | %{_mandir}/man8/pam_*.8* | |
484 | %{_mandir}/man8/unix_chkpwd.8* | |
485 | %{_mandir}/man8/unix_update.8* | |
24c8c941 | 486 | %if %{with selinux} |
db255670 | 487 | %exclude %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 488 | %exclude %{_mandir}/man8/pam_sepermit.8* |
81eb0561 | 489 | %endif |
e5de221b | 490 | %exclude %{_mandir}/man8/pam_userdb.8* |
c9ad1aae | 491 | %ghost %verify(not md5 mtime size) /var/log/tallylog |
fe9df33a | 492 | |
25846ece | 493 | # PAM modules |
3bc02d41 JB |
494 | %attr(755,root,root) /%{_lib}/security/pam_access.so |
495 | %attr(755,root,root) /%{_lib}/security/pam_console.so | |
496 | %attr(755,root,root) /%{_lib}/security/pam_cracklib.so | |
497 | %attr(755,root,root) /%{_lib}/security/pam_debug.so | |
498 | %attr(755,root,root) /%{_lib}/security/pam_deny.so | |
7f8ab60d | 499 | %attr(755,root,root) /%{_lib}/security/pam_echo.so |
3bc02d41 | 500 | %attr(755,root,root) /%{_lib}/security/pam_env.so |
7f8ab60d JR |
501 | %attr(755,root,root) /%{_lib}/security/pam_exec.so |
502 | %attr(755,root,root) /%{_lib}/security/pam_faildelay.so | |
3bc02d41 | 503 | %attr(755,root,root) /%{_lib}/security/pam_filter.so |
7f8ab60d | 504 | %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER |
3bc02d41 JB |
505 | %attr(755,root,root) /%{_lib}/security/pam_ftp.so |
506 | %attr(755,root,root) /%{_lib}/security/pam_group.so | |
3bc02d41 | 507 | %attr(755,root,root) /%{_lib}/security/pam_issue.so |
7f8ab60d | 508 | %attr(755,root,root) /%{_lib}/security/pam_keyinit.so |
3bc02d41 JB |
509 | %attr(755,root,root) /%{_lib}/security/pam_lastlog.so |
510 | %attr(755,root,root) /%{_lib}/security/pam_limits.so | |
511 | %attr(755,root,root) /%{_lib}/security/pam_listfile.so | |
e1e49c86 | 512 | %attr(755,root,root) /%{_lib}/security/pam_localuser.so |
7f8ab60d | 513 | %attr(755,root,root) /%{_lib}/security/pam_loginuid.so |
3bc02d41 | 514 | %attr(755,root,root) /%{_lib}/security/pam_mail.so |
7f8ab60d | 515 | %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so |
3bc02d41 | 516 | %attr(755,root,root) /%{_lib}/security/pam_motd.so |
b81508df | 517 | %attr(755,root,root) /%{_lib}/security/pam_namespace.so |
3bc02d41 JB |
518 | %attr(755,root,root) /%{_lib}/security/pam_nologin.so |
519 | %attr(755,root,root) /%{_lib}/security/pam_permit.so | |
7f8ab60d | 520 | %attr(755,root,root) /%{_lib}/security/pam_pwexport.so |
3bc02d41 | 521 | %attr(755,root,root) /%{_lib}/security/pam_pwgen.so |
57fed07b | 522 | %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so |
3bc02d41 JB |
523 | %attr(755,root,root) /%{_lib}/security/pam_rhosts.so |
524 | %attr(755,root,root) /%{_lib}/security/pam_rootok.so | |
7f8ab60d | 525 | %attr(755,root,root) /%{_lib}/security/pam_rps.so |
3bc02d41 JB |
526 | %attr(755,root,root) /%{_lib}/security/pam_securetty.so |
527 | %attr(755,root,root) /%{_lib}/security/pam_shells.so | |
528 | %attr(755,root,root) /%{_lib}/security/pam_stress.so | |
e1e49c86 | 529 | %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so |
7f8ab60d | 530 | %attr(755,root,root) /%{_lib}/security/pam_tally2.so |
3bc02d41 JB |
531 | %attr(755,root,root) /%{_lib}/security/pam_tally.so |
532 | %attr(755,root,root) /%{_lib}/security/pam_time.so | |
7f8ab60d | 533 | %attr(755,root,root) /%{_lib}/security/pam_timestamp.so |
6d7d9335 | 534 | %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so} |
7f8ab60d | 535 | %attr(755,root,root) /%{_lib}/security/pam_umask.so |
3bc02d41 | 536 | %attr(755,root,root) /%{_lib}/security/pam_unix.so |
3bc02d41 JB |
537 | %attr(755,root,root) /%{_lib}/security/pam_warn.so |
538 | %attr(755,root,root) /%{_lib}/security/pam_wheel.so | |
539 | %attr(755,root,root) /%{_lib}/security/pam_xauth.so | |
f0f219ac | 540 | |
25846ece ER |
541 | %files libs |
542 | %defattr(644,root,root,755) | |
543 | %dir /%{_lib}/security/pam_filter | |
544 | %attr(755,root,root) /%{_lib}/libpam.so.*.*.* | |
545 | %attr(755,root,root) %ghost /%{_lib}/libpam.so.0 | |
546 | %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.* | |
547 | %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0 | |
548 | %attr(755,root,root) /%{_lib}/libpamc.so.*.*.* | |
549 | %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0 | |
550 | ||
f0f219ac | 551 | %files devel |
abb00f9e | 552 | %defattr(644,root,root,755) |
964f5d32 | 553 | %if %{with doc} |
a738676c | 554 | %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html |
964f5d32 | 555 | %endif |
a738676c JB |
556 | %attr(755,root,root) %{_libdir}/libpam.so |
557 | %attr(755,root,root) %{_libdir}/libpam_misc.so | |
558 | %attr(755,root,root) %{_libdir}/libpamc.so | |
559 | %{_libdir}/libpam.la | |
560 | %{_libdir}/libpam_misc.la | |
561 | %{_libdir}/libpamc.la | |
562 | %{_includedir}/security/_pam_*.h | |
563 | %{_includedir}/security/pam*.h | |
564 | %{_mandir}/man3/misc_conv.3* | |
565 | %{_mandir}/man3/pam*.3* | |
e523043b | 566 | |
ac46f43b | 567 | %files static |
051aeb4a | 568 | %defattr(644,root,root,755) |
98b63014 JR |
569 | %{_libdir}/libpam.a |
570 | %{_libdir}/libpamc.a | |
571 | %{_libdir}/libpam_misc.a | |
7c2f893c | 572 | |
1fbc0597 JR |
573 | %if %{with selinux} |
574 | %files pam_selinux | |
575 | %defattr(644,root,root,755) | |
1fbc0597 | 576 | %attr(755,root,root) /%{_lib}/security/pam_selinux.so |
85c2b5f9 | 577 | %attr(755,root,root) /%{_lib}/security/pam_sepermit.so |
1fbc0597 | 578 | %attr(755,root,root) %{_sbindir}/pam_selinux_check |
c9ad1aae ER |
579 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check |
580 | %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf | |
b378d3bb | 581 | %{_mandir}/man5/sepermit.conf.5* |
1fbc0597 | 582 | %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 583 | %{_mandir}/man8/pam_sepermit.8* |
52c22c8a | 584 | %dir /var/run/sepermit |
1fbc0597 | 585 | %endif |
e5de221b ER |
586 | |
587 | %files pam_userdb | |
588 | %defattr(644,root,root,755) | |
589 | %doc modules/pam_userdb/README | |
590 | %attr(755,root,root) /%{_lib}/security/pam_userdb.so | |
591 | %{_mandir}/man8/pam_userdb.8* |