]>
Commit | Line | Data |
---|---|---|
39c2efed | 1 | # TODO |
62c4d422 | 2 | # - fix pdf gen or disable it: No fo2pdf processor installed, skip PDF generation |
36ef1baf | 3 | # - replace pam_cracklib.so with pam_pwquality.so (backwards compatible with its options), comes with pam-pam_pwquality package |
be652228 JB |
4 | # - pam_tally, pam_tally2 are deprecated in favor of pam_faillock |
5 | # NOTE: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz | |
6 | # is not needed here: it contains documentation in target formats (HTML, PDF) built from sources included in main tarball | |
c9ad1aae | 7 | # |
d11ce12e | 8 | # Conditional build: |
be652228 JB |
9 | %bcond_without doc # documentation |
10 | %bcond_with prelude # Prelude IDS support (in libpam) | |
11 | %bcond_without cracklib # (deprecated) cracklib module | |
12 | %bcond_without selinux # SELinux support | |
13 | %bcond_without audit # Linux Auditing library support | |
37dd6f95 | 14 | |
48ec83cd | 15 | %define pam_pld_version 1.1.2-1 |
abb00f9e | 16 | Summary: Pluggable Authentication Modules: modular, incremental authentication |
b7025e7f ER |
17 | Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung |
18 | Summary(es.UTF-8): Módulos de autentificación plugables (PAM) | |
19 | Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication | |
20 | Summary(pl.UTF-8): Modularny system uwierzytelniania | |
21 | Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM) | |
22 | Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений | |
23 | Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri | |
24 | Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм | |
abb00f9e | 25 | Name: pam |
be652228 JB |
26 | Version: 1.4.0 |
27 | Release: 1 | |
e6e4b559 | 28 | Epoch: 1 |
e6a46f40 ER |
29 | # The library is BSD licensed with option to relicense as GPLv2+ |
30 | # - this option is redundant as the BSD license allows that anyway. | |
31 | # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. | |
c82e01c3 | 32 | License: BSD and GPL v2+ |
abb00f9e | 33 | Group: Base |
f0a40d52 | 34 | Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz |
be652228 | 35 | # Source0-md5: 39fca0523bccec6af4b63b5322276c84 |
c9ad1aae | 36 | Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz |
48ec83cd | 37 | # Source2-md5: f9ec6fcafcf1801bf318e60040244f2e |
7f8ab60d JR |
38 | Source3: other.pamd |
39 | Source4: system-auth.pamd | |
40 | Source5: config-util.pamd | |
c9ad1aae | 41 | Source6: %{name}_selinux_check.pamd |
7f8ab60d JR |
42 | Source7: system-auth.5 |
43 | Source8: config-util.5 | |
664ca91d | 44 | Source9: %{name}.tmpfiles |
024572d7 | 45 | Source10: postlogin.pamd |
7f8ab60d | 46 | Patch0: %{name}-pld-modules.patch |
3675ad2d | 47 | Patch1: %{name}_console-lex-static.patch |
57fed07b JR |
48 | Patch2: %{name}-tally-fail-close.patch |
49 | Patch3: %{name}-mkhomedir-notfound.patch | |
50 | Patch4: %{name}-db-gdbm.patch | |
51 | Patch5: %{name}-exec-failok.patch | |
3c20be82 | 52 | Patch6: update-motd.patch |
d9e597ca | 53 | URL: http://www.linux-pam.org/ |
85c2b5f9 | 54 | %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9} |
ce3569c4 | 55 | BuildRequires: autoconf >= 2.61 |
b8f360f2 | 56 | BuildRequires: automake |
1dc7ef6b | 57 | BuildRequires: bison |
be652228 | 58 | %{?with_cracklib:BuildRequires: cracklib-devel >= 2.8.3} |
de5c0104 | 59 | BuildRequires: flex |
c82e01c3 | 60 | # gdbm due to db pulling libpthread |
c9ad1aae | 61 | BuildRequires: gdbm-devel >= 1.8.3-7 |
8d4d959f | 62 | BuildRequires: gettext-tools >= 0.18.3 |
57fed07b | 63 | BuildRequires: glibc-devel >= 6:2.10.1 |
be652228 | 64 | BuildRequires: libnsl-devel |
ce3569c4 | 65 | %{?with_prelude:BuildRequires: libprelude-devel >= 0.9.0} |
818d8684 | 66 | %{?with_selinux:BuildRequires: libselinux-devel >= 2.1.9} |
c044e6be JB |
67 | BuildRequires: libtirpc-devel |
68 | BuildRequires: libtool >= 2:2 | |
ce3569c4 | 69 | BuildRequires: libxcrypt-devel |
3895445c | 70 | %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1} |
c53831dc | 71 | BuildRequires: pkgconfig |
be652228 JB |
72 | BuildRequires: tar >= 1:1.22 |
73 | BuildRequires: xz | |
3895445c | 74 | BuildRequires: zlib-devel |
b4afc5a5 | 75 | %if %{with doc} |
57fed07b | 76 | BuildRequires: docbook-dtd412-xml |
7f8ab60d JR |
77 | BuildRequires: docbook-dtd43-xml |
78 | BuildRequires: docbook-dtd44-xml | |
79 | BuildRequires: docbook-style-xsl >= 1.69.1 | |
84871244 JR |
80 | # For building PDFs |
81 | #BuildRequires: fop | |
7f8ab60d JR |
82 | BuildRequires: libxml2-progs |
83 | BuildRequires: libxslt-progs | |
84 | BuildRequires: w3m | |
b4afc5a5 | 85 | %endif |
fe9df33a | 86 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
25846ece | 87 | %{?with_audit:Requires: audit-libs >= 1.0.8} |
c9ad1aae | 88 | Requires: awk |
25846ece | 89 | Requires: crypt(blowfish) |
25846ece | 90 | Requires: glibc >= 6:2.5-0.5 |
818d8684 | 91 | %{?with_selinux:Requires: libselinux >= 2.1.9} |
be652228 | 92 | %{?with_cracklib:Requires: pam-pam_cracklib = %{epoch}:%{version}-%{release}} |
eb400e74 | 93 | Suggests: make |
5a075d87 | 94 | Suggests: pam-pam_pwquality |
22604a87 | 95 | Suggests: pam-pam_userdb = %{epoch}:%{version}-%{release} |
73954d99 | 96 | Obsoletes: pam-doc |
25846ece ER |
97 | Obsoletes: pam-pam_opie |
98 | Obsoletes: pam-pam_pwdb | |
99 | Obsoletes: pam-pam_radius | |
100 | Obsoletes: pam-pam_skey | |
101 | Obsoletes: pam-pam_tcpd | |
c9ad1aae ER |
102 | Obsoletes: pam_make |
103 | Obsoletes: pamconfig | |
104 | Conflicts: dev < 3.4-4 | |
25846ece | 105 | Conflicts: pam < 0:0.80.1-2 |
c9ad1aae | 106 | Conflicts: udev < 1:138-5 |
28fa39c9 | 107 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
f0f219ac | 108 | |
37dd6f95 ER |
109 | %define _sbindir /sbin |
110 | ||
f0f219ac | 111 | %description |
faaf5eea | 112 | PAM (Pluggable Authentication Modules) is a powerful, flexible, |
113 | extensible authentication system which allows the system administrator | |
114 | to configure authentication services individually for every | |
115 | pam-compliant application without recompiling any of the applications. | |
f0f219ac | 116 | |
e2cbb18f JR |
117 | %description -l de.UTF-8 |
118 | PAM (Pluggable Authentication Modules) ist ein leistungsfähiges, | |
faaf5eea | 119 | flexibles und erweiterbares Authentifizierungssystem, mit dem der |
e2cbb18f | 120 | Systemverwalter Authentifizierungs-Dienste individuell für jede |
faaf5eea | 121 | pam-kompatible Anwendung konfigurieren kann, ohne diese neu |
e2cbb18f | 122 | kompilieren zu müssen. |
f0f219ac | 123 | |
e2cbb18f JR |
124 | %description -l es.UTF-8 |
125 | PAM (Módulos de Autenticación Plugables) es un potente, flexible y | |
126 | extensible sistema de autentificación, que permite al administrador | |
127 | del sistema configurar servicios de autentificación individualmente | |
128 | para cada aplicación pam compatible, sin la necesidad de recompilar | |
8797d11d JB |
129 | cualquier una de las aplicaciones. |
130 | ||
e2cbb18f JR |
131 | %description -l fr.UTF-8 |
132 | PAM (Pluggable Authentication Modules) est un systéme | |
133 | d'authentification puissant, souple et extensible permettant à | |
134 | l'administrateur système de configurer les individuellement les | |
135 | services d'authentification pour chaque application conforme à PAM, | |
faaf5eea | 136 | sans recompiler aucune application. |
ac46f43b | 137 | |
e2cbb18f JR |
138 | %description -l pl.UTF-8 |
139 | PAM (Pluggable Authentication Modules) jest silnym i łatwo | |
140 | dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia | |
141 | administratorowi indywidualne konfigurowanie poszczególnych usług, | |
142 | które są dostosowane i skonsolidowane z bibliotekami PAM, bez | |
143 | późniejszej ich rekompilacji w momencie zmiany sposobu | |
144 | uwierzytelniania tychże usług. | |
b1babe47 | 145 | |
e2cbb18f JR |
146 | %description -l pt_BR.UTF-8 |
147 | PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e | |
148 | extensível sistema de autenticação, que permite o administrador do | |
149 | sistema configurar serviços de autenticação individualmente para cada | |
150 | aplicação pam compatível, sem necessidade de recompilar qualquer uma | |
151 | das aplicações. | |
51c8ab2d | 152 | |
e2cbb18f JR |
153 | %description -l uk.UTF-8 |
154 | PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до | |
155 | розширення система аутентикації, яка дозволяє системному | |
156 | адміністратору налагоджувати севіси авторизації доступу (аутентикації) | |
157 | індивідуально для кожної pam-сумісної програми без необхідності | |
158 | перекомпіляції самої програми. Це базовий механізм аутентикації в PLD | |
b440fddc | 159 | Linux. |
160 | ||
e2cbb18f JR |
161 | %description -l tr.UTF-8 |
162 | PAM (Pluggable Authentication Modules) sistem yöneticilerinin | |
163 | uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu | |
164 | uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan, | |
165 | güclü, esnek ve kapsamlı bir doğrulama sistemidir. | |
51c8ab2d | 166 | |
e2cbb18f JR |
167 | %description -l ru.UTF-8 |
168 | PAM (Pluggable Authentication Modules) - это мощная, гибкая, | |
169 | расширяемая система аутентикации, позволяющая системному | |
170 | администратору конфигурировать сервисы авторизации доступа | |
171 | (аутентикации) индивидуально для каждой pam-совместимой программы без | |
172 | необходимости перекомпилляции самой программы. Это базовый механизм | |
173 | аутентикации в PLD Linux. | |
b440fddc | 174 | |
fe9df33a | 175 | %package libs |
25846ece ER |
176 | Summary: PAM libraries |
177 | Summary(pl.UTF-8): Moduły PAM | |
fe9df33a | 178 | Group: Libraries |
234dfb8e | 179 | Requires(triggerpostun): sed >= 4.0 |
fe9df33a ER |
180 | |
181 | %description libs | |
25846ece | 182 | PAM libraries. |
fe9df33a | 183 | |
e2cbb18f | 184 | %description libs -l pl.UTF-8 |
25846ece | 185 | Moduły PAM. |
b96eca5e | 186 | |
ac46f43b | 187 | %package devel |
abb00f9e | 188 | Summary: PAM header files |
b7025e7f ER |
189 | Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM |
190 | Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
191 | Summary(ru.UTF-8): Библиотеки разработчика для PAM | |
192 | Summary(uk.UTF-8): Бібліотеки програміста для PAM | |
0bb742f7 | 193 | Group: Development/Libraries |
c82e01c3 | 194 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
15909b27 | 195 | %{?with_audit:Requires: audit-libs-devel >= 1.0.8} |
a3ffb3a4 | 196 | Requires: filesystem >= 3.0-11 |
ac46f43b JR |
197 | |
198 | %description devel | |
199 | Header files for developing PAM based applications. | |
f0f219ac | 200 | |
e2cbb18f JR |
201 | %description devel -l pl.UTF-8 |
202 | Pliki nagłówkowe i dokumentacja programisty do PAM. | |
ac46f43b | 203 | |
e2cbb18f JR |
204 | %description devel -l pt_BR.UTF-8 |
205 | Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
51c8ab2d | 206 | |
e2cbb18f JR |
207 | %description devel -l ru.UTF-8 |
208 | Этот пакет содержит хедеры и библиотеки разработчика для PAM. | |
b440fddc | 209 | |
e2cbb18f JR |
210 | %description devel -l uk.UTF-8 |
211 | Цей пакет містить хедери та бібліотеки програміста для PAM. | |
b440fddc | 212 | |
ac46f43b | 213 | %package static |
abb00f9e | 214 | Summary: PAM static libraries |
b7025e7f ER |
215 | Summary(pl.UTF-8): Biblioteki statyczne PAM |
216 | Summary(ru.UTF-8): Статические библиотеки разработчика для PAM | |
217 | Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM | |
0bb742f7 | 218 | Group: Development/Libraries |
846d8fdc | 219 | Requires: %{name}-devel = %{epoch}:%{version}-%{release} |
ac46f43b JR |
220 | |
221 | %description static | |
222 | PAM static libraries. | |
b1babe47 | 223 | |
e2cbb18f | 224 | %description static -l pl.UTF-8 |
ac46f43b | 225 | Biblioteki statyczne PAM. |
b1babe47 | 226 | |
e2cbb18f JR |
227 | %description static -l ru.UTF-8 |
228 | Этот пакет содержит статические библиотеки разработчика для PAM. | |
b440fddc | 229 | |
e2cbb18f JR |
230 | %description static -l uk.UTF-8 |
231 | Цей пакет містить статичні бібліотеки програміста для PAM. | |
b440fddc | 232 | |
375c4d21 ER |
233 | %package pam_cracklib |
234 | Summary: PAM module to check the password against dictionary words | |
c82e01c3 | 235 | Summary(pl.UTF-8): Moduł PAM do sprawdzania haseł względem słów ze słownika |
375c4d21 | 236 | Group: Base |
c82e01c3 JB |
237 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
238 | Requires: cracklib >= 2.8.3 | |
239 | Requires: cracklib-dicts >= 2.8.3 | |
375c4d21 ER |
240 | |
241 | %description pam_cracklib | |
242 | PAM module to check the password against dictionary words. | |
243 | ||
c82e01c3 JB |
244 | %description pam_cracklib -l pl.UTF-8 |
245 | Moduł PAM do sprawdzania haseł względem słów ze słownika. | |
246 | ||
1fbc0597 JR |
247 | %package pam_selinux |
248 | Summary: PAM module - SELinux support | |
b7025e7f | 249 | Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa |
1fbc0597 | 250 | Group: Base |
c82e01c3 | 251 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
818d8684 | 252 | Requires: libselinux >= 2.1.9 |
1fbc0597 JR |
253 | |
254 | %description pam_selinux | |
255 | PAM module - SELinux support. | |
256 | ||
e2cbb18f JR |
257 | %description pam_selinux -l pl.UTF-8 |
258 | Moduł PAM pozwalający na zmianę kontekstów SELinuksa. | |
1fbc0597 | 259 | |
e5de221b | 260 | %package pam_userdb |
c82e01c3 JB |
261 | Summary: PAM module - authenticate against GDBM database |
262 | Summary(pl.UTF-8): Moduł PAM do uwierzytelniania względem bazy danych GDBM | |
e5de221b | 263 | Group: Base |
c82e01c3 | 264 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
e5de221b | 265 | Requires: gdbm >= 1.8.3-7 |
e5de221b ER |
266 | |
267 | %description pam_userdb | |
c82e01c3 JB |
268 | pam_userdb - PAM module to authenticate against GDBM database. |
269 | ||
270 | %description pam_userdb -l pl.UTF-8 | |
271 | pam_userdb - moduł PAM służący do uwierzytelniania względem bazy | |
272 | danych GDBM. | |
e5de221b | 273 | |
f0f219ac | 274 | %prep |
7f8ab60d | 275 | %setup -q -a2 -n Linux-PAM-%{version} |
3d3421d5 | 276 | %patch0 -p1 |
3675ad2d | 277 | %patch1 -p1 |
7f8ab60d JR |
278 | %patch2 -p1 |
279 | %patch3 -p1 | |
280 | %patch4 -p1 | |
281 | %patch5 -p1 | |
4f6939c8 ER |
282 | # upstream has similar approach for multiple files (not no exec): |
283 | # https://github.com/linux-pam/linux-pam/pull/48 | |
284 | #%patch6 -p1 | |
e523043b | 285 | |
ac46f43b | 286 | %build |
7796f9da | 287 | %{__libtoolize} |
fc1ef364 | 288 | %{__aclocal} -I m4 |
7796f9da | 289 | %{__autoconf} |
290 | %{__autoheader} | |
291 | %{__automake} | |
7edd7783 | 292 | %configure \ |
6dc76558 | 293 | ac_cv_path_FO2PDF= \ |
7f8ab60d JR |
294 | --enable-static \ |
295 | --enable-shared \ | |
296 | --libdir=/%{_lib} \ | |
297 | --includedir=%{_includedir}/security \ | |
be652228 JB |
298 | %{!?with_audit:--disable-audit} \ |
299 | %{?with_cracklib:--enable-cracklib} \ | |
b81508df | 300 | --enable-db=gdbm \ |
be652228 | 301 | --enable-isadir=../../%{_lib}/security \ |
1fbc0597 | 302 | %{!?with_prelude:--disable-prelude} \ |
be652228 JB |
303 | %{!?with_selinux:--disable-selinux} \ |
304 | --enable-tally \ | |
305 | --enable-tally2 | |
c894cd9b | 306 | |
7f8ab60d JR |
307 | # we must explicitely update-gmo as we patch a po file |
308 | %{__make} -C po update-gmo | |
0c9926ce MB |
309 | %{__make} \ |
310 | DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE" | |
f0f219ac | 311 | |
312 | %install | |
4587144c | 313 | rm -rf $RPM_BUILD_ROOT |
e58dd313 | 314 | install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/{log,run/sepermit}} \ |
0bc3c2f5 | 315 | $RPM_BUILD_ROOT%{systemdtmpfilesdir} |
4d13ca23 | 316 | |
4be82bfe | 317 | %{__make} install \ |
be652228 JB |
318 | DESTDIR=$RPM_BUILD_ROOT \ |
319 | servicedir=%{systemdunitdir} | |
4d13ca23 | 320 | |
848c50ae | 321 | %if %{with selinux} |
0bc3c2f5 ER |
322 | install -p modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir} |
323 | cp -p modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8 | |
324 | cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check | |
848c50ae | 325 | %endif |
7f8ab60d | 326 | |
0bc3c2f5 | 327 | cp -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf |
664ca91d | 328 | |
c9ad1aae | 329 | install -d doc/txts |
e5de221b ER |
330 | for r in modules/pam_*/README; do |
331 | cp -pf $r doc/txts/README.$(basename $(dirname $r)) | |
7f8ab60d | 332 | done |
c044e6be | 333 | %{__rm} doc/txts/README.pam_userdb |
375c4d21 | 334 | %{__rm} doc/txts/README.pam_cracklib |
c9ad1aae | 335 | install -d doc/html |
e5de221b | 336 | cp -pf doc/index.html doc/html/ |
7f8ab60d JR |
337 | |
338 | # fix PAM/pam man page | |
339 | echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8 | |
f0f219ac | 340 | |
157b3e1c | 341 | :> $RPM_BUILD_ROOT/etc/security/opasswd |
b43d0a9b | 342 | :> $RPM_BUILD_ROOT/etc/security/blacklist |
9e64e40d | 343 | |
7f8ab60d | 344 | :> $RPM_BUILD_ROOT/var/log/tallylog |
508c2464 | 345 | |
c044e6be | 346 | %{__mv} $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir} |
508c2464 | 347 | |
c1d4fb20 | 348 | cd $RPM_BUILD_ROOT/%{_lib} |
a1307506 | 349 | for f in lib*.la ; do |
c044e6be JB |
350 | %{__sed} -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' \ |
351 | -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $f > $RPM_BUILD_ROOT%{_libdir}/$f | |
352 | %{__rm} $f | |
a1307506 | 353 | done |
c1d4fb20 AM |
354 | ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so |
355 | ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so | |
356 | ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so | |
7f8ab60d | 357 | cd - |
8ab52661 | 358 | |
0bc3c2f5 ER |
359 | cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other |
360 | cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth | |
361 | cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util | |
024572d7 | 362 | cp -p %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/postlogin |
7f8ab60d | 363 | |
0bc3c2f5 ER |
364 | cp -p %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5 |
365 | cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5 | |
c38ff42d | 366 | |
b81508df JR |
367 | # Make sure every module subdirectory gave us a module. Yes, this is hackish. |
368 | for dir in modules/pam_* ; do | |
df8313a3 | 369 | %if %{without selinux} |
f9ad2164 | 370 | [ ${dir} = "modules/pam_selinux" ] && continue |
85c2b5f9 | 371 | [ ${dir} = "modules/pam_sepermit" ] && continue |
6d7d9335 JK |
372 | %endif |
373 | %if %{without audit} | |
374 | [ ${dir} = "modules/pam_tty_audit" ] && continue | |
f9ad2164 | 375 | %endif |
b81508df JR |
376 | if [ -d ${dir} ] ; then |
377 | if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then | |
378 | echo ERROR `basename ${dir}` did not build a module. | |
379 | exit 1 | |
380 | fi | |
381 | fi | |
382 | done | |
383 | ||
384 | for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do | |
385 | # Check for module problems. Specifically, check that every module we just | |
386 | # installed can actually be loaded by a minimal PAM-aware application. | |
387 | if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \ | |
388 | ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then | |
389 | echo ERROR module: ${module} cannot be loaded. | |
390 | exit 1 | |
391 | fi | |
b81508df JR |
392 | done |
393 | ||
aae9c5e1 | 394 | # useless - shut up check-files |
c044e6be JB |
395 | %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a} |
396 | %{__rm} $RPM_BUILD_ROOT/%{_lib}/lib*.so | |
397 | %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/Linux-PAM | |
fe9df33a | 398 | |
df8313a3 | 399 | %if %{without selinux} |
fe9df33a ER |
400 | rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*} |
401 | %endif | |
aae9c5e1 | 402 | |
7f8ab60d JR |
403 | %find_lang Linux-PAM |
404 | ||
abb00f9e | 405 | %clean |
4587144c | 406 | rm -rf $RPM_BUILD_ROOT |
abb00f9e | 407 | |
5d252f91 | 408 | %triggerpostun libs -- %{name}-libs < 0.99.7.1 |
db255670 | 409 | for f in $(grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*); do |
a1307506 JR |
410 | case "$f" in |
411 | *rpmorig|*rpmnew|*rpmsave|*~|*.orig) | |
412 | continue | |
413 | ;; | |
414 | *) | |
234dfb8e JR |
415 | cp -f "$f" "$f.rpmorig" |
416 | sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \ | |
417 | -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f" | |
a1307506 JR |
418 | ;; |
419 | esac | |
420 | done | |
421 | if [ -d /var/lock/console -a -d /var/run/console ]; then | |
75f2161e | 422 | cp -a /var/lock/console/* /var/run/console/ 2> /dev/null |
234dfb8e | 423 | rm -rf /var/lock/console |
a1307506 | 424 | fi |
5d252f91 | 425 | |
37dd6f95 ER |
426 | %triggerin -- cronie,vixie-cron,hc-cron,fcron,mcron |
427 | # restart crond if pam is upgraded | |
428 | # (crond is linked with old libpam but tries to open modules linked with new libpam) | |
429 | if [ "$1" != 1 ]; then | |
430 | %service -q crond restart | |
431 | fi | |
d2d4c3b4 | 432 | exit 0 |
37dd6f95 | 433 | |
f1a6863d ER |
434 | %triggerpostun -- %{name} < 1:1.1.5-8 |
435 | # removed in 1.1.4 | |
436 | if grep -qs change_uid /etc/pam.d/system-auth; then | |
437 | %{__sed} -i -e '/session/ s/change_uid//' /etc/pam.d/system-auth | |
438 | fi | |
439 | ||
15d8e9b5 JR |
440 | # We want it added for painless upgarde even if it mean log pollution for non-systemd |
441 | # enabled systems, | |
442 | # If this module is not present on systemd enabled system then `systemctl restart sshd.service` | |
443 | # will kill all sessions. | |
444 | if ! grep -qs pam_systemd /etc/pam.d/system-auth; then | |
eb64f1e9 | 445 | echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth |
15d8e9b5 JR |
446 | fi |
447 | ||
00005501 PZ |
448 | %post -p <lua> |
449 | fh, error = io.open("/var/log/tallylog") | |
b8423a52 | 450 | if fh ~= nil then |
00005501 PZ |
451 | io.close(fh) |
452 | else | |
453 | fh = io.open("/var/log/tallylog", "w+") | |
454 | io.close(fh) | |
455 | posix.chmod("/var/log/tallylog", "rw-------") | |
456 | end | |
0607c402 | 457 | |
fe9df33a ER |
458 | %post libs -p /sbin/ldconfig |
459 | %postun libs -p /sbin/ldconfig | |
96ffe39f | 460 | |
7f8ab60d | 461 | %files -f Linux-PAM.lang |
abb00f9e | 462 | %defattr(644,root,root,755) |
a738676c | 463 | %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README* |
fe9df33a | 464 | %if %{with doc} |
a738676c | 465 | %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html |
fe9df33a | 466 | %endif |
c9ad1aae ER |
467 | %dir /etc/pam.d |
468 | %dir /etc/security/console.apps | |
469 | %dir /etc/security/console.perms.d | |
470 | %dir /var/run/console | |
3c20be82 | 471 | %{systemdtmpfilesdir}/%{name}.conf |
b81508df | 472 | %config(noreplace) %verify(not md5 mtime size) /etc/environment |
b2c6cf13 ER |
473 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other |
474 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth | |
7f8ab60d | 475 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util |
024572d7 | 476 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/postlogin |
b2c6cf13 | 477 | %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf |
b43d0a9b | 478 | %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist |
b81508df JR |
479 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers |
480 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms | |
be652228 | 481 | %config(noreplace) %verify(not md5 mtime size) /etc/security/faillock.conf |
b2c6cf13 ER |
482 | %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf |
483 | %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf | |
b81508df JR |
484 | %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf |
485 | %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init | |
486 | %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf | |
b2c6cf13 | 487 | %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf |
e6a1f162 ER |
488 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram |
489 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.en | |
e8c63aa7 | 490 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.de |
698e82b0 | 491 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.dk |
e8c63aa7 ER |
492 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.es |
493 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.fi | |
494 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.it | |
495 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.ja | |
496 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.no | |
497 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.pl | |
e6a1f162 | 498 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms.d/50-default.perms |
b2c6cf13 | 499 | %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd |
fe9df33a | 500 | %attr(755,root,root) %{_bindir}/pam_pwgen |
be652228 | 501 | %attr(755,root,root) %{_sbindir}/faillock |
57fed07b | 502 | %attr(755,root,root) %{_sbindir}/mkhomedir_helper |
7f8ab60d | 503 | %attr(755,root,root) %{_sbindir}/pam_console_apply |
be652228 | 504 | %attr(755,root,root) %{_sbindir}/pam_namespace_helper |
fe9df33a | 505 | %attr(755,root,root) %{_sbindir}/pam_tally |
7f8ab60d JR |
506 | %attr(755,root,root) %{_sbindir}/pam_tally2 |
507 | %attr(755,root,root) %{_sbindir}/pam_timestamp_check | |
fe9df33a | 508 | %attr(755,root,root) %{_sbindir}/pwgen_trigram |
57fed07b JR |
509 | %attr(4755,root,root) %{_sbindir}/unix_chkpwd |
510 | %attr(4755,root,root) %{_sbindir}/unix_update | |
be652228 | 511 | %{systemdunitdir}/pam_namespace.service |
b378d3bb JB |
512 | %{_mandir}/man5/access.conf.5* |
513 | %{_mandir}/man5/config-util.5* | |
514 | %{_mandir}/man5/console.apps.5* | |
515 | %{_mandir}/man5/console.handlers.5* | |
516 | %{_mandir}/man5/console.perms.5* | |
c044e6be | 517 | %{_mandir}/man5/environment.5* |
be652228 | 518 | %{_mandir}/man5/faillock.conf.5* |
b378d3bb JB |
519 | %{_mandir}/man5/group.conf.5* |
520 | %{_mandir}/man5/limits.conf.5* | |
521 | %{_mandir}/man5/namespace.conf.5* | |
522 | %{_mandir}/man5/pam.conf.5* | |
523 | %{_mandir}/man5/pam.d.5* | |
524 | %{_mandir}/man5/pam_env.conf.5* | |
525 | %{_mandir}/man5/system-auth.5* | |
526 | %{_mandir}/man5/time.conf.5* | |
527 | %{_mandir}/man8/PAM.8* | |
be652228 | 528 | %{_mandir}/man8/faillock.8* |
57fed07b | 529 | %{_mandir}/man8/mkhomedir_helper.8* |
b378d3bb JB |
530 | %{_mandir}/man8/pam.8* |
531 | %{_mandir}/man8/pam_*.8* | |
532 | %{_mandir}/man8/unix_chkpwd.8* | |
533 | %{_mandir}/man8/unix_update.8* | |
be652228 JB |
534 | %if %{with cracklib} |
535 | %exclude %{_mandir}/man8/pam_cracklib.8* | |
536 | %endif | |
24c8c941 | 537 | %if %{with selinux} |
db255670 | 538 | %exclude %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 539 | %exclude %{_mandir}/man8/pam_sepermit.8* |
81eb0561 | 540 | %endif |
e5de221b | 541 | %exclude %{_mandir}/man8/pam_userdb.8* |
c9ad1aae | 542 | %ghost %verify(not md5 mtime size) /var/log/tallylog |
fe9df33a | 543 | |
25846ece | 544 | # PAM modules |
3bc02d41 JB |
545 | %attr(755,root,root) /%{_lib}/security/pam_access.so |
546 | %attr(755,root,root) /%{_lib}/security/pam_console.so | |
3bc02d41 JB |
547 | %attr(755,root,root) /%{_lib}/security/pam_debug.so |
548 | %attr(755,root,root) /%{_lib}/security/pam_deny.so | |
7f8ab60d | 549 | %attr(755,root,root) /%{_lib}/security/pam_echo.so |
3bc02d41 | 550 | %attr(755,root,root) /%{_lib}/security/pam_env.so |
7f8ab60d JR |
551 | %attr(755,root,root) /%{_lib}/security/pam_exec.so |
552 | %attr(755,root,root) /%{_lib}/security/pam_faildelay.so | |
be652228 | 553 | %attr(755,root,root) /%{_lib}/security/pam_faillock.so |
3bc02d41 | 554 | %attr(755,root,root) /%{_lib}/security/pam_filter.so |
7f8ab60d | 555 | %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER |
3bc02d41 JB |
556 | %attr(755,root,root) /%{_lib}/security/pam_ftp.so |
557 | %attr(755,root,root) /%{_lib}/security/pam_group.so | |
3bc02d41 | 558 | %attr(755,root,root) /%{_lib}/security/pam_issue.so |
7f8ab60d | 559 | %attr(755,root,root) /%{_lib}/security/pam_keyinit.so |
3bc02d41 JB |
560 | %attr(755,root,root) /%{_lib}/security/pam_lastlog.so |
561 | %attr(755,root,root) /%{_lib}/security/pam_limits.so | |
562 | %attr(755,root,root) /%{_lib}/security/pam_listfile.so | |
e1e49c86 | 563 | %attr(755,root,root) /%{_lib}/security/pam_localuser.so |
7f8ab60d | 564 | %attr(755,root,root) /%{_lib}/security/pam_loginuid.so |
3bc02d41 | 565 | %attr(755,root,root) /%{_lib}/security/pam_mail.so |
7f8ab60d | 566 | %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so |
3bc02d41 | 567 | %attr(755,root,root) /%{_lib}/security/pam_motd.so |
b81508df | 568 | %attr(755,root,root) /%{_lib}/security/pam_namespace.so |
3bc02d41 JB |
569 | %attr(755,root,root) /%{_lib}/security/pam_nologin.so |
570 | %attr(755,root,root) /%{_lib}/security/pam_permit.so | |
7f8ab60d | 571 | %attr(755,root,root) /%{_lib}/security/pam_pwexport.so |
3bc02d41 | 572 | %attr(755,root,root) /%{_lib}/security/pam_pwgen.so |
57fed07b | 573 | %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so |
3bc02d41 JB |
574 | %attr(755,root,root) /%{_lib}/security/pam_rhosts.so |
575 | %attr(755,root,root) /%{_lib}/security/pam_rootok.so | |
7f8ab60d | 576 | %attr(755,root,root) /%{_lib}/security/pam_rps.so |
3bc02d41 | 577 | %attr(755,root,root) /%{_lib}/security/pam_securetty.so |
be652228 | 578 | %attr(755,root,root) /%{_lib}/security/pam_setquota.so |
3bc02d41 JB |
579 | %attr(755,root,root) /%{_lib}/security/pam_shells.so |
580 | %attr(755,root,root) /%{_lib}/security/pam_stress.so | |
e1e49c86 | 581 | %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so |
3bc02d41 | 582 | %attr(755,root,root) /%{_lib}/security/pam_tally.so |
be652228 | 583 | %attr(755,root,root) /%{_lib}/security/pam_tally2.so |
3bc02d41 | 584 | %attr(755,root,root) /%{_lib}/security/pam_time.so |
7f8ab60d | 585 | %attr(755,root,root) /%{_lib}/security/pam_timestamp.so |
6d7d9335 | 586 | %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so} |
7f8ab60d | 587 | %attr(755,root,root) /%{_lib}/security/pam_umask.so |
3bc02d41 | 588 | %attr(755,root,root) /%{_lib}/security/pam_unix.so |
be652228 | 589 | %attr(755,root,root) /%{_lib}/security/pam_usertype.so |
3bc02d41 JB |
590 | %attr(755,root,root) /%{_lib}/security/pam_warn.so |
591 | %attr(755,root,root) /%{_lib}/security/pam_wheel.so | |
592 | %attr(755,root,root) /%{_lib}/security/pam_xauth.so | |
f0f219ac | 593 | |
25846ece ER |
594 | %files libs |
595 | %defattr(644,root,root,755) | |
596 | %dir /%{_lib}/security/pam_filter | |
597 | %attr(755,root,root) /%{_lib}/libpam.so.*.*.* | |
598 | %attr(755,root,root) %ghost /%{_lib}/libpam.so.0 | |
599 | %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.* | |
600 | %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0 | |
601 | %attr(755,root,root) /%{_lib}/libpamc.so.*.*.* | |
602 | %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0 | |
603 | ||
f0f219ac | 604 | %files devel |
abb00f9e | 605 | %defattr(644,root,root,755) |
964f5d32 | 606 | %if %{with doc} |
a738676c | 607 | %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html |
964f5d32 | 608 | %endif |
a738676c JB |
609 | %attr(755,root,root) %{_libdir}/libpam.so |
610 | %attr(755,root,root) %{_libdir}/libpam_misc.so | |
611 | %attr(755,root,root) %{_libdir}/libpamc.so | |
612 | %{_libdir}/libpam.la | |
613 | %{_libdir}/libpam_misc.la | |
614 | %{_libdir}/libpamc.la | |
615 | %{_includedir}/security/_pam_*.h | |
616 | %{_includedir}/security/pam*.h | |
617 | %{_mandir}/man3/misc_conv.3* | |
618 | %{_mandir}/man3/pam*.3* | |
e523043b | 619 | |
ac46f43b | 620 | %files static |
051aeb4a | 621 | %defattr(644,root,root,755) |
98b63014 JR |
622 | %{_libdir}/libpam.a |
623 | %{_libdir}/libpamc.a | |
624 | %{_libdir}/libpam_misc.a | |
7c2f893c | 625 | |
be652228 JB |
626 | %if %{with cracklib} |
627 | %files pam_cracklib | |
628 | %defattr(644,root,root,755) | |
629 | %doc modules/pam_cracklib/README | |
630 | %attr(755,root,root) /%{_lib}/security/pam_cracklib.so | |
631 | %{_mandir}/man8/pam_cracklib.8* | |
632 | %endif | |
633 | ||
1fbc0597 JR |
634 | %if %{with selinux} |
635 | %files pam_selinux | |
636 | %defattr(644,root,root,755) | |
1fbc0597 | 637 | %attr(755,root,root) /%{_lib}/security/pam_selinux.so |
85c2b5f9 | 638 | %attr(755,root,root) /%{_lib}/security/pam_sepermit.so |
1fbc0597 | 639 | %attr(755,root,root) %{_sbindir}/pam_selinux_check |
c9ad1aae ER |
640 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check |
641 | %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf | |
b378d3bb | 642 | %{_mandir}/man5/sepermit.conf.5* |
1fbc0597 | 643 | %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 644 | %{_mandir}/man8/pam_sepermit.8* |
52c22c8a | 645 | %dir /var/run/sepermit |
1fbc0597 | 646 | %endif |
e5de221b ER |
647 | |
648 | %files pam_userdb | |
649 | %defattr(644,root,root,755) | |
650 | %doc modules/pam_userdb/README | |
651 | %attr(755,root,root) /%{_lib}/security/pam_userdb.so | |
652 | %{_mandir}/man8/pam_userdb.8* |