]>
Commit | Line | Data |
---|---|---|
39c2efed | 1 | # TODO |
62c4d422 | 2 | # - fix pdf gen or disable it: No fo2pdf processor installed, skip PDF generation |
36ef1baf | 3 | # - replace pam_cracklib.so with pam_pwquality.so (backwards compatible with its options), comes with pam-pam_pwquality package |
be652228 JB |
4 | # - pam_tally, pam_tally2 are deprecated in favor of pam_faillock |
5 | # NOTE: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz | |
6 | # is not needed here: it contains documentation in target formats (HTML, PDF) built from sources included in main tarball | |
c9ad1aae | 7 | # |
d11ce12e | 8 | # Conditional build: |
be652228 JB |
9 | %bcond_without doc # documentation |
10 | %bcond_with prelude # Prelude IDS support (in libpam) | |
11 | %bcond_without cracklib # (deprecated) cracklib module | |
3aeeeeb3 | 12 | %bcond_without tally # (deprecated) tally/tally2 modules |
be652228 JB |
13 | %bcond_without selinux # SELinux support |
14 | %bcond_without audit # Linux Auditing library support | |
37dd6f95 | 15 | |
48ec83cd | 16 | %define pam_pld_version 1.1.2-1 |
abb00f9e | 17 | Summary: Pluggable Authentication Modules: modular, incremental authentication |
b7025e7f ER |
18 | Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung |
19 | Summary(es.UTF-8): Módulos de autentificación plugables (PAM) | |
20 | Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication | |
21 | Summary(pl.UTF-8): Modularny system uwierzytelniania | |
22 | Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM) | |
23 | Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений | |
24 | Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri | |
25 | Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм | |
abb00f9e | 26 | Name: pam |
be652228 | 27 | Version: 1.4.0 |
1c7ad2f8 | 28 | Release: 3 |
e6e4b559 | 29 | Epoch: 1 |
e6a46f40 ER |
30 | # The library is BSD licensed with option to relicense as GPLv2+ |
31 | # - this option is redundant as the BSD license allows that anyway. | |
32 | # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. | |
c82e01c3 | 33 | License: BSD and GPL v2+ |
abb00f9e | 34 | Group: Base |
f0a40d52 | 35 | Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz |
be652228 | 36 | # Source0-md5: 39fca0523bccec6af4b63b5322276c84 |
c9ad1aae | 37 | Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz |
48ec83cd | 38 | # Source2-md5: f9ec6fcafcf1801bf318e60040244f2e |
7f8ab60d JR |
39 | Source3: other.pamd |
40 | Source4: system-auth.pamd | |
41 | Source5: config-util.pamd | |
c9ad1aae | 42 | Source6: %{name}_selinux_check.pamd |
7f8ab60d JR |
43 | Source7: system-auth.5 |
44 | Source8: config-util.5 | |
664ca91d | 45 | Source9: %{name}.tmpfiles |
024572d7 | 46 | Source10: postlogin.pamd |
7f8ab60d | 47 | Patch0: %{name}-pld-modules.patch |
3675ad2d | 48 | Patch1: %{name}_console-lex-static.patch |
57fed07b JR |
49 | Patch2: %{name}-tally-fail-close.patch |
50 | Patch3: %{name}-mkhomedir-notfound.patch | |
51 | Patch4: %{name}-db-gdbm.patch | |
52 | Patch5: %{name}-exec-failok.patch | |
3c20be82 | 53 | Patch6: update-motd.patch |
70821672 | 54 | Patch7: pam_console_pam_tty.patch |
d9e597ca | 55 | URL: http://www.linux-pam.org/ |
85c2b5f9 | 56 | %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9} |
ce3569c4 | 57 | BuildRequires: autoconf >= 2.61 |
b8f360f2 | 58 | BuildRequires: automake |
1dc7ef6b | 59 | BuildRequires: bison |
be652228 | 60 | %{?with_cracklib:BuildRequires: cracklib-devel >= 2.8.3} |
de5c0104 | 61 | BuildRequires: flex |
c82e01c3 | 62 | # gdbm due to db pulling libpthread |
c9ad1aae | 63 | BuildRequires: gdbm-devel >= 1.8.3-7 |
8d4d959f | 64 | BuildRequires: gettext-tools >= 0.18.3 |
57fed07b | 65 | BuildRequires: glibc-devel >= 6:2.10.1 |
be652228 | 66 | BuildRequires: libnsl-devel |
ce3569c4 | 67 | %{?with_prelude:BuildRequires: libprelude-devel >= 0.9.0} |
818d8684 | 68 | %{?with_selinux:BuildRequires: libselinux-devel >= 2.1.9} |
c044e6be JB |
69 | BuildRequires: libtirpc-devel |
70 | BuildRequires: libtool >= 2:2 | |
ce3569c4 | 71 | BuildRequires: libxcrypt-devel |
3895445c | 72 | %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1} |
c53831dc | 73 | BuildRequires: pkgconfig |
be652228 JB |
74 | BuildRequires: tar >= 1:1.22 |
75 | BuildRequires: xz | |
3895445c | 76 | BuildRequires: zlib-devel |
b4afc5a5 | 77 | %if %{with doc} |
57fed07b | 78 | BuildRequires: docbook-dtd412-xml |
7f8ab60d JR |
79 | BuildRequires: docbook-dtd43-xml |
80 | BuildRequires: docbook-dtd44-xml | |
81 | BuildRequires: docbook-style-xsl >= 1.69.1 | |
84871244 JR |
82 | # For building PDFs |
83 | #BuildRequires: fop | |
7f8ab60d JR |
84 | BuildRequires: libxml2-progs |
85 | BuildRequires: libxslt-progs | |
86 | BuildRequires: w3m | |
b4afc5a5 | 87 | %endif |
fe9df33a | 88 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
25846ece | 89 | %{?with_audit:Requires: audit-libs >= 1.0.8} |
c9ad1aae | 90 | Requires: awk |
25846ece | 91 | Requires: crypt(blowfish) |
25846ece | 92 | Requires: glibc >= 6:2.5-0.5 |
818d8684 | 93 | %{?with_selinux:Requires: libselinux >= 2.1.9} |
be652228 | 94 | %{?with_cracklib:Requires: pam-pam_cracklib = %{epoch}:%{version}-%{release}} |
1c7ad2f8 | 95 | %{?with_tally:Requires: pam-pam_tally = %{epoch}:%{version}-%{release}} |
eb400e74 | 96 | Suggests: make |
5a075d87 | 97 | Suggests: pam-pam_pwquality |
22604a87 | 98 | Suggests: pam-pam_userdb = %{epoch}:%{version}-%{release} |
73954d99 | 99 | Obsoletes: pam-doc |
25846ece ER |
100 | Obsoletes: pam-pam_opie |
101 | Obsoletes: pam-pam_pwdb | |
102 | Obsoletes: pam-pam_radius | |
103 | Obsoletes: pam-pam_skey | |
104 | Obsoletes: pam-pam_tcpd | |
c9ad1aae ER |
105 | Obsoletes: pam_make |
106 | Obsoletes: pamconfig | |
107 | Conflicts: dev < 3.4-4 | |
25846ece | 108 | Conflicts: pam < 0:0.80.1-2 |
c9ad1aae | 109 | Conflicts: udev < 1:138-5 |
28fa39c9 | 110 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
f0f219ac | 111 | |
37dd6f95 ER |
112 | %define _sbindir /sbin |
113 | ||
f0f219ac | 114 | %description |
faaf5eea | 115 | PAM (Pluggable Authentication Modules) is a powerful, flexible, |
116 | extensible authentication system which allows the system administrator | |
117 | to configure authentication services individually for every | |
118 | pam-compliant application without recompiling any of the applications. | |
f0f219ac | 119 | |
e2cbb18f JR |
120 | %description -l de.UTF-8 |
121 | PAM (Pluggable Authentication Modules) ist ein leistungsfähiges, | |
faaf5eea | 122 | flexibles und erweiterbares Authentifizierungssystem, mit dem der |
e2cbb18f | 123 | Systemverwalter Authentifizierungs-Dienste individuell für jede |
faaf5eea | 124 | pam-kompatible Anwendung konfigurieren kann, ohne diese neu |
e2cbb18f | 125 | kompilieren zu müssen. |
f0f219ac | 126 | |
e2cbb18f JR |
127 | %description -l es.UTF-8 |
128 | PAM (Módulos de Autenticación Plugables) es un potente, flexible y | |
129 | extensible sistema de autentificación, que permite al administrador | |
130 | del sistema configurar servicios de autentificación individualmente | |
131 | para cada aplicación pam compatible, sin la necesidad de recompilar | |
8797d11d JB |
132 | cualquier una de las aplicaciones. |
133 | ||
e2cbb18f JR |
134 | %description -l fr.UTF-8 |
135 | PAM (Pluggable Authentication Modules) est un systéme | |
136 | d'authentification puissant, souple et extensible permettant à | |
137 | l'administrateur système de configurer les individuellement les | |
138 | services d'authentification pour chaque application conforme à PAM, | |
faaf5eea | 139 | sans recompiler aucune application. |
ac46f43b | 140 | |
e2cbb18f JR |
141 | %description -l pl.UTF-8 |
142 | PAM (Pluggable Authentication Modules) jest silnym i łatwo | |
143 | dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia | |
144 | administratorowi indywidualne konfigurowanie poszczególnych usług, | |
145 | które są dostosowane i skonsolidowane z bibliotekami PAM, bez | |
146 | późniejszej ich rekompilacji w momencie zmiany sposobu | |
147 | uwierzytelniania tychże usług. | |
b1babe47 | 148 | |
e2cbb18f JR |
149 | %description -l pt_BR.UTF-8 |
150 | PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e | |
151 | extensível sistema de autenticação, que permite o administrador do | |
152 | sistema configurar serviços de autenticação individualmente para cada | |
153 | aplicação pam compatível, sem necessidade de recompilar qualquer uma | |
154 | das aplicações. | |
51c8ab2d | 155 | |
e2cbb18f JR |
156 | %description -l uk.UTF-8 |
157 | PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до | |
158 | розширення система аутентикації, яка дозволяє системному | |
159 | адміністратору налагоджувати севіси авторизації доступу (аутентикації) | |
160 | індивідуально для кожної pam-сумісної програми без необхідності | |
161 | перекомпіляції самої програми. Це базовий механізм аутентикації в PLD | |
b440fddc | 162 | Linux. |
163 | ||
e2cbb18f JR |
164 | %description -l tr.UTF-8 |
165 | PAM (Pluggable Authentication Modules) sistem yöneticilerinin | |
166 | uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu | |
167 | uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan, | |
168 | güclü, esnek ve kapsamlı bir doğrulama sistemidir. | |
51c8ab2d | 169 | |
e2cbb18f JR |
170 | %description -l ru.UTF-8 |
171 | PAM (Pluggable Authentication Modules) - это мощная, гибкая, | |
172 | расширяемая система аутентикации, позволяющая системному | |
173 | администратору конфигурировать сервисы авторизации доступа | |
174 | (аутентикации) индивидуально для каждой pam-совместимой программы без | |
175 | необходимости перекомпилляции самой программы. Это базовый механизм | |
176 | аутентикации в PLD Linux. | |
b440fddc | 177 | |
fe9df33a | 178 | %package libs |
25846ece ER |
179 | Summary: PAM libraries |
180 | Summary(pl.UTF-8): Moduły PAM | |
fe9df33a | 181 | Group: Libraries |
0d216fbf | 182 | Requires: sed >= 4.0 |
fe9df33a ER |
183 | |
184 | %description libs | |
25846ece | 185 | PAM libraries. |
fe9df33a | 186 | |
e2cbb18f | 187 | %description libs -l pl.UTF-8 |
25846ece | 188 | Moduły PAM. |
b96eca5e | 189 | |
ac46f43b | 190 | %package devel |
abb00f9e | 191 | Summary: PAM header files |
b7025e7f ER |
192 | Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM |
193 | Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
194 | Summary(ru.UTF-8): Библиотеки разработчика для PAM | |
195 | Summary(uk.UTF-8): Бібліотеки програміста для PAM | |
0bb742f7 | 196 | Group: Development/Libraries |
c82e01c3 | 197 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
15909b27 | 198 | %{?with_audit:Requires: audit-libs-devel >= 1.0.8} |
a3ffb3a4 | 199 | Requires: filesystem >= 3.0-11 |
ac46f43b JR |
200 | |
201 | %description devel | |
202 | Header files for developing PAM based applications. | |
f0f219ac | 203 | |
e2cbb18f JR |
204 | %description devel -l pl.UTF-8 |
205 | Pliki nagłówkowe i dokumentacja programisty do PAM. | |
ac46f43b | 206 | |
e2cbb18f JR |
207 | %description devel -l pt_BR.UTF-8 |
208 | Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
51c8ab2d | 209 | |
e2cbb18f JR |
210 | %description devel -l ru.UTF-8 |
211 | Этот пакет содержит хедеры и библиотеки разработчика для PAM. | |
b440fddc | 212 | |
e2cbb18f JR |
213 | %description devel -l uk.UTF-8 |
214 | Цей пакет містить хедери та бібліотеки програміста для PAM. | |
b440fddc | 215 | |
ac46f43b | 216 | %package static |
abb00f9e | 217 | Summary: PAM static libraries |
b7025e7f ER |
218 | Summary(pl.UTF-8): Biblioteki statyczne PAM |
219 | Summary(ru.UTF-8): Статические библиотеки разработчика для PAM | |
220 | Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM | |
0bb742f7 | 221 | Group: Development/Libraries |
846d8fdc | 222 | Requires: %{name}-devel = %{epoch}:%{version}-%{release} |
ac46f43b JR |
223 | |
224 | %description static | |
225 | PAM static libraries. | |
b1babe47 | 226 | |
e2cbb18f | 227 | %description static -l pl.UTF-8 |
ac46f43b | 228 | Biblioteki statyczne PAM. |
b1babe47 | 229 | |
e2cbb18f JR |
230 | %description static -l ru.UTF-8 |
231 | Этот пакет содержит статические библиотеки разработчика для PAM. | |
b440fddc | 232 | |
e2cbb18f JR |
233 | %description static -l uk.UTF-8 |
234 | Цей пакет містить статичні бібліотеки програміста для PAM. | |
b440fddc | 235 | |
375c4d21 ER |
236 | %package pam_cracklib |
237 | Summary: PAM module to check the password against dictionary words | |
c82e01c3 | 238 | Summary(pl.UTF-8): Moduł PAM do sprawdzania haseł względem słów ze słownika |
375c4d21 | 239 | Group: Base |
c82e01c3 JB |
240 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
241 | Requires: cracklib >= 2.8.3 | |
242 | Requires: cracklib-dicts >= 2.8.3 | |
375c4d21 ER |
243 | |
244 | %description pam_cracklib | |
245 | PAM module to check the password against dictionary words. | |
246 | ||
c82e01c3 JB |
247 | %description pam_cracklib -l pl.UTF-8 |
248 | Moduł PAM do sprawdzania haseł względem słów ze słownika. | |
249 | ||
1fbc0597 JR |
250 | %package pam_selinux |
251 | Summary: PAM module - SELinux support | |
b7025e7f | 252 | Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa |
1fbc0597 | 253 | Group: Base |
c82e01c3 | 254 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
818d8684 | 255 | Requires: libselinux >= 2.1.9 |
1fbc0597 JR |
256 | |
257 | %description pam_selinux | |
258 | PAM module - SELinux support. | |
259 | ||
e2cbb18f JR |
260 | %description pam_selinux -l pl.UTF-8 |
261 | Moduł PAM pozwalający na zmianę kontekstów SELinuksa. | |
1fbc0597 | 262 | |
1c7ad2f8 ER |
263 | %package pam_tally |
264 | Summary: PAM module to check login counts (tallying) | |
bf3c1909 | 265 | Summary(pl.UTF-8): Moduł PAM do sprawdzania liczby logowań |
1c7ad2f8 ER |
266 | Group: Base |
267 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} | |
268 | ||
269 | %description pam_tally | |
270 | This module maintains a count of attempted accesses, can reset count | |
271 | on success, can deny access if too many attempts fail. | |
272 | ||
bf3c1909 JB |
273 | %description pam_tally -l pl.UTF-8 |
274 | Ten moduł utrzymuje licznik prób logowań, może zerować licznik przy | |
275 | udanym logowaniu, może też blokować dostęp przy zbyt wielu | |
276 | niepowodzeniach. | |
277 | ||
e5de221b | 278 | %package pam_userdb |
c82e01c3 JB |
279 | Summary: PAM module - authenticate against GDBM database |
280 | Summary(pl.UTF-8): Moduł PAM do uwierzytelniania względem bazy danych GDBM | |
e5de221b | 281 | Group: Base |
c82e01c3 | 282 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
e5de221b | 283 | Requires: gdbm >= 1.8.3-7 |
e5de221b ER |
284 | |
285 | %description pam_userdb | |
c82e01c3 JB |
286 | pam_userdb - PAM module to authenticate against GDBM database. |
287 | ||
288 | %description pam_userdb -l pl.UTF-8 | |
289 | pam_userdb - moduł PAM służący do uwierzytelniania względem bazy | |
290 | danych GDBM. | |
e5de221b | 291 | |
f0f219ac | 292 | %prep |
7f8ab60d | 293 | %setup -q -a2 -n Linux-PAM-%{version} |
3d3421d5 | 294 | %patch0 -p1 |
3675ad2d | 295 | %patch1 -p1 |
7f8ab60d JR |
296 | %patch2 -p1 |
297 | %patch3 -p1 | |
298 | %patch4 -p1 | |
299 | %patch5 -p1 | |
4f6939c8 ER |
300 | # upstream has similar approach for multiple files (not no exec): |
301 | # https://github.com/linux-pam/linux-pam/pull/48 | |
302 | #%patch6 -p1 | |
70821672 | 303 | %patch7 -p1 |
e523043b | 304 | |
ac46f43b | 305 | %build |
7796f9da | 306 | %{__libtoolize} |
fc1ef364 | 307 | %{__aclocal} -I m4 |
7796f9da | 308 | %{__autoconf} |
309 | %{__autoheader} | |
310 | %{__automake} | |
7edd7783 | 311 | %configure \ |
6dc76558 | 312 | ac_cv_path_FO2PDF= \ |
7f8ab60d JR |
313 | --enable-static \ |
314 | --enable-shared \ | |
315 | --libdir=/%{_lib} \ | |
316 | --includedir=%{_includedir}/security \ | |
be652228 JB |
317 | %{!?with_audit:--disable-audit} \ |
318 | %{?with_cracklib:--enable-cracklib} \ | |
b81508df | 319 | --enable-db=gdbm \ |
be652228 | 320 | --enable-isadir=../../%{_lib}/security \ |
1fbc0597 | 321 | %{!?with_prelude:--disable-prelude} \ |
be652228 | 322 | %{!?with_selinux:--disable-selinux} \ |
3aeeeeb3 ER |
323 | %{?with_tally:--enable-tally} \ |
324 | %{?with_tally:--enable-tally2} | |
c894cd9b | 325 | |
7f8ab60d JR |
326 | # we must explicitely update-gmo as we patch a po file |
327 | %{__make} -C po update-gmo | |
0c9926ce MB |
328 | %{__make} \ |
329 | DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE" | |
f0f219ac | 330 | |
331 | %install | |
4587144c | 332 | rm -rf $RPM_BUILD_ROOT |
d25ebb23 | 333 | install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/usr/lib/pam.d,/var/{log,run/sepermit}} \ |
0bc3c2f5 | 334 | $RPM_BUILD_ROOT%{systemdtmpfilesdir} |
4d13ca23 | 335 | |
4be82bfe | 336 | %{__make} install \ |
be652228 JB |
337 | DESTDIR=$RPM_BUILD_ROOT \ |
338 | servicedir=%{systemdunitdir} | |
4d13ca23 | 339 | |
848c50ae | 340 | %if %{with selinux} |
0bc3c2f5 ER |
341 | install -p modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir} |
342 | cp -p modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8 | |
343 | cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check | |
848c50ae | 344 | %endif |
7f8ab60d | 345 | |
0bc3c2f5 | 346 | cp -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf |
664ca91d | 347 | |
c9ad1aae | 348 | install -d doc/txts |
e5de221b ER |
349 | for r in modules/pam_*/README; do |
350 | cp -pf $r doc/txts/README.$(basename $(dirname $r)) | |
7f8ab60d | 351 | done |
c044e6be | 352 | %{__rm} doc/txts/README.pam_userdb |
375c4d21 | 353 | %{__rm} doc/txts/README.pam_cracklib |
c9ad1aae | 354 | install -d doc/html |
e5de221b | 355 | cp -pf doc/index.html doc/html/ |
7f8ab60d JR |
356 | |
357 | # fix PAM/pam man page | |
358 | echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8 | |
f0f219ac | 359 | |
157b3e1c | 360 | :> $RPM_BUILD_ROOT/etc/security/opasswd |
b43d0a9b | 361 | :> $RPM_BUILD_ROOT/etc/security/blacklist |
9e64e40d | 362 | |
3aeeeeb3 | 363 | %if %{with tally} |
7f8ab60d | 364 | :> $RPM_BUILD_ROOT/var/log/tallylog |
3aeeeeb3 | 365 | %endif |
508c2464 | 366 | |
c044e6be | 367 | %{__mv} $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir} |
508c2464 | 368 | |
c1d4fb20 | 369 | cd $RPM_BUILD_ROOT/%{_lib} |
a1307506 | 370 | for f in lib*.la ; do |
c044e6be JB |
371 | %{__sed} -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' \ |
372 | -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $f > $RPM_BUILD_ROOT%{_libdir}/$f | |
373 | %{__rm} $f | |
a1307506 | 374 | done |
c1d4fb20 AM |
375 | ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so |
376 | ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so | |
377 | ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so | |
7f8ab60d | 378 | cd - |
8ab52661 | 379 | |
0bc3c2f5 ER |
380 | cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other |
381 | cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth | |
382 | cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util | |
024572d7 | 383 | cp -p %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/postlogin |
7f8ab60d | 384 | |
0bc3c2f5 ER |
385 | cp -p %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5 |
386 | cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5 | |
c38ff42d | 387 | |
b81508df JR |
388 | # Make sure every module subdirectory gave us a module. Yes, this is hackish. |
389 | for dir in modules/pam_* ; do | |
df8313a3 | 390 | %if %{without selinux} |
f9ad2164 | 391 | [ ${dir} = "modules/pam_selinux" ] && continue |
85c2b5f9 | 392 | [ ${dir} = "modules/pam_sepermit" ] && continue |
6d7d9335 JK |
393 | %endif |
394 | %if %{without audit} | |
395 | [ ${dir} = "modules/pam_tty_audit" ] && continue | |
f9ad2164 | 396 | %endif |
b81508df JR |
397 | if [ -d ${dir} ] ; then |
398 | if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then | |
399 | echo ERROR `basename ${dir}` did not build a module. | |
400 | exit 1 | |
401 | fi | |
402 | fi | |
403 | done | |
404 | ||
405 | for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do | |
406 | # Check for module problems. Specifically, check that every module we just | |
407 | # installed can actually be loaded by a minimal PAM-aware application. | |
408 | if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \ | |
409 | ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then | |
410 | echo ERROR module: ${module} cannot be loaded. | |
411 | exit 1 | |
412 | fi | |
b81508df JR |
413 | done |
414 | ||
aae9c5e1 | 415 | # useless - shut up check-files |
c044e6be JB |
416 | %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a} |
417 | %{__rm} $RPM_BUILD_ROOT/%{_lib}/lib*.so | |
418 | %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/Linux-PAM | |
fe9df33a | 419 | |
df8313a3 | 420 | %if %{without selinux} |
fe9df33a ER |
421 | rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*} |
422 | %endif | |
aae9c5e1 | 423 | |
7f8ab60d JR |
424 | %find_lang Linux-PAM |
425 | ||
abb00f9e | 426 | %clean |
4587144c | 427 | rm -rf $RPM_BUILD_ROOT |
abb00f9e | 428 | |
5d252f91 | 429 | %triggerpostun libs -- %{name}-libs < 0.99.7.1 |
db255670 | 430 | for f in $(grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*); do |
a1307506 JR |
431 | case "$f" in |
432 | *rpmorig|*rpmnew|*rpmsave|*~|*.orig) | |
433 | continue | |
434 | ;; | |
435 | *) | |
234dfb8e JR |
436 | cp -f "$f" "$f.rpmorig" |
437 | sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \ | |
438 | -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f" | |
a1307506 JR |
439 | ;; |
440 | esac | |
441 | done | |
442 | if [ -d /var/lock/console -a -d /var/run/console ]; then | |
75f2161e | 443 | cp -a /var/lock/console/* /var/run/console/ 2> /dev/null |
234dfb8e | 444 | rm -rf /var/lock/console |
a1307506 | 445 | fi |
5d252f91 | 446 | |
37dd6f95 ER |
447 | %triggerin -- cronie,vixie-cron,hc-cron,fcron,mcron |
448 | # restart crond if pam is upgraded | |
449 | # (crond is linked with old libpam but tries to open modules linked with new libpam) | |
450 | if [ "$1" != 1 ]; then | |
451 | %service -q crond restart | |
452 | fi | |
d2d4c3b4 | 453 | exit 0 |
37dd6f95 | 454 | |
f1a6863d ER |
455 | %triggerpostun -- %{name} < 1:1.1.5-8 |
456 | # removed in 1.1.4 | |
457 | if grep -qs change_uid /etc/pam.d/system-auth; then | |
458 | %{__sed} -i -e '/session/ s/change_uid//' /etc/pam.d/system-auth | |
459 | fi | |
460 | ||
15d8e9b5 JR |
461 | # We want it added for painless upgarde even if it mean log pollution for non-systemd |
462 | # enabled systems, | |
463 | # If this module is not present on systemd enabled system then `systemctl restart sshd.service` | |
464 | # will kill all sessions. | |
465 | if ! grep -qs pam_systemd /etc/pam.d/system-auth; then | |
eb64f1e9 | 466 | echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth |
15d8e9b5 JR |
467 | fi |
468 | ||
1c7ad2f8 | 469 | %post pam_tally -p <lua> |
00005501 | 470 | fh, error = io.open("/var/log/tallylog") |
b8423a52 | 471 | if fh ~= nil then |
00005501 PZ |
472 | io.close(fh) |
473 | else | |
474 | fh = io.open("/var/log/tallylog", "w+") | |
475 | io.close(fh) | |
476 | posix.chmod("/var/log/tallylog", "rw-------") | |
477 | end | |
0607c402 | 478 | |
fe9df33a ER |
479 | %post libs -p /sbin/ldconfig |
480 | %postun libs -p /sbin/ldconfig | |
96ffe39f | 481 | |
7f8ab60d | 482 | %files -f Linux-PAM.lang |
abb00f9e | 483 | %defattr(644,root,root,755) |
a738676c | 484 | %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README* |
fe9df33a | 485 | %if %{with doc} |
a738676c | 486 | %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html |
fe9df33a | 487 | %endif |
c9ad1aae ER |
488 | %dir /etc/pam.d |
489 | %dir /etc/security/console.apps | |
490 | %dir /etc/security/console.perms.d | |
d25ebb23 | 491 | %dir /usr/lib/pam.d |
c9ad1aae | 492 | %dir /var/run/console |
3c20be82 | 493 | %{systemdtmpfilesdir}/%{name}.conf |
b81508df | 494 | %config(noreplace) %verify(not md5 mtime size) /etc/environment |
b2c6cf13 ER |
495 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other |
496 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth | |
7f8ab60d | 497 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util |
024572d7 | 498 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/postlogin |
b2c6cf13 | 499 | %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf |
b43d0a9b | 500 | %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist |
b81508df JR |
501 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers |
502 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms | |
be652228 | 503 | %config(noreplace) %verify(not md5 mtime size) /etc/security/faillock.conf |
b2c6cf13 ER |
504 | %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf |
505 | %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf | |
b81508df JR |
506 | %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf |
507 | %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init | |
508 | %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf | |
b2c6cf13 | 509 | %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf |
e6a1f162 ER |
510 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram |
511 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.en | |
e8c63aa7 | 512 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.de |
698e82b0 | 513 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.dk |
e8c63aa7 ER |
514 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.es |
515 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.fi | |
516 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.it | |
517 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.ja | |
518 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.no | |
519 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.pl | |
e6a1f162 | 520 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms.d/50-default.perms |
b2c6cf13 | 521 | %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd |
fe9df33a | 522 | %attr(755,root,root) %{_bindir}/pam_pwgen |
be652228 | 523 | %attr(755,root,root) %{_sbindir}/faillock |
57fed07b | 524 | %attr(755,root,root) %{_sbindir}/mkhomedir_helper |
7f8ab60d | 525 | %attr(755,root,root) %{_sbindir}/pam_console_apply |
be652228 | 526 | %attr(755,root,root) %{_sbindir}/pam_namespace_helper |
7f8ab60d | 527 | %attr(755,root,root) %{_sbindir}/pam_timestamp_check |
fe9df33a | 528 | %attr(755,root,root) %{_sbindir}/pwgen_trigram |
57fed07b JR |
529 | %attr(4755,root,root) %{_sbindir}/unix_chkpwd |
530 | %attr(4755,root,root) %{_sbindir}/unix_update | |
be652228 | 531 | %{systemdunitdir}/pam_namespace.service |
b378d3bb JB |
532 | %{_mandir}/man5/access.conf.5* |
533 | %{_mandir}/man5/config-util.5* | |
534 | %{_mandir}/man5/console.apps.5* | |
535 | %{_mandir}/man5/console.handlers.5* | |
536 | %{_mandir}/man5/console.perms.5* | |
c044e6be | 537 | %{_mandir}/man5/environment.5* |
be652228 | 538 | %{_mandir}/man5/faillock.conf.5* |
b378d3bb JB |
539 | %{_mandir}/man5/group.conf.5* |
540 | %{_mandir}/man5/limits.conf.5* | |
541 | %{_mandir}/man5/namespace.conf.5* | |
542 | %{_mandir}/man5/pam.conf.5* | |
543 | %{_mandir}/man5/pam.d.5* | |
544 | %{_mandir}/man5/pam_env.conf.5* | |
545 | %{_mandir}/man5/system-auth.5* | |
546 | %{_mandir}/man5/time.conf.5* | |
547 | %{_mandir}/man8/PAM.8* | |
be652228 | 548 | %{_mandir}/man8/faillock.8* |
57fed07b | 549 | %{_mandir}/man8/mkhomedir_helper.8* |
b378d3bb JB |
550 | %{_mandir}/man8/pam.8* |
551 | %{_mandir}/man8/pam_*.8* | |
552 | %{_mandir}/man8/unix_chkpwd.8* | |
553 | %{_mandir}/man8/unix_update.8* | |
be652228 JB |
554 | %if %{with cracklib} |
555 | %exclude %{_mandir}/man8/pam_cracklib.8* | |
556 | %endif | |
24c8c941 | 557 | %if %{with selinux} |
db255670 | 558 | %exclude %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 559 | %exclude %{_mandir}/man8/pam_sepermit.8* |
81eb0561 | 560 | %endif |
e5de221b | 561 | %exclude %{_mandir}/man8/pam_userdb.8* |
fe9df33a | 562 | |
25846ece | 563 | # PAM modules |
3bc02d41 JB |
564 | %attr(755,root,root) /%{_lib}/security/pam_access.so |
565 | %attr(755,root,root) /%{_lib}/security/pam_console.so | |
3bc02d41 JB |
566 | %attr(755,root,root) /%{_lib}/security/pam_debug.so |
567 | %attr(755,root,root) /%{_lib}/security/pam_deny.so | |
7f8ab60d | 568 | %attr(755,root,root) /%{_lib}/security/pam_echo.so |
3bc02d41 | 569 | %attr(755,root,root) /%{_lib}/security/pam_env.so |
7f8ab60d JR |
570 | %attr(755,root,root) /%{_lib}/security/pam_exec.so |
571 | %attr(755,root,root) /%{_lib}/security/pam_faildelay.so | |
be652228 | 572 | %attr(755,root,root) /%{_lib}/security/pam_faillock.so |
3bc02d41 | 573 | %attr(755,root,root) /%{_lib}/security/pam_filter.so |
7f8ab60d | 574 | %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER |
3bc02d41 JB |
575 | %attr(755,root,root) /%{_lib}/security/pam_ftp.so |
576 | %attr(755,root,root) /%{_lib}/security/pam_group.so | |
3bc02d41 | 577 | %attr(755,root,root) /%{_lib}/security/pam_issue.so |
7f8ab60d | 578 | %attr(755,root,root) /%{_lib}/security/pam_keyinit.so |
3bc02d41 JB |
579 | %attr(755,root,root) /%{_lib}/security/pam_lastlog.so |
580 | %attr(755,root,root) /%{_lib}/security/pam_limits.so | |
581 | %attr(755,root,root) /%{_lib}/security/pam_listfile.so | |
e1e49c86 | 582 | %attr(755,root,root) /%{_lib}/security/pam_localuser.so |
7f8ab60d | 583 | %attr(755,root,root) /%{_lib}/security/pam_loginuid.so |
3bc02d41 | 584 | %attr(755,root,root) /%{_lib}/security/pam_mail.so |
7f8ab60d | 585 | %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so |
3bc02d41 | 586 | %attr(755,root,root) /%{_lib}/security/pam_motd.so |
b81508df | 587 | %attr(755,root,root) /%{_lib}/security/pam_namespace.so |
3bc02d41 JB |
588 | %attr(755,root,root) /%{_lib}/security/pam_nologin.so |
589 | %attr(755,root,root) /%{_lib}/security/pam_permit.so | |
7f8ab60d | 590 | %attr(755,root,root) /%{_lib}/security/pam_pwexport.so |
3bc02d41 | 591 | %attr(755,root,root) /%{_lib}/security/pam_pwgen.so |
57fed07b | 592 | %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so |
3bc02d41 JB |
593 | %attr(755,root,root) /%{_lib}/security/pam_rhosts.so |
594 | %attr(755,root,root) /%{_lib}/security/pam_rootok.so | |
7f8ab60d | 595 | %attr(755,root,root) /%{_lib}/security/pam_rps.so |
3bc02d41 | 596 | %attr(755,root,root) /%{_lib}/security/pam_securetty.so |
be652228 | 597 | %attr(755,root,root) /%{_lib}/security/pam_setquota.so |
3bc02d41 JB |
598 | %attr(755,root,root) /%{_lib}/security/pam_shells.so |
599 | %attr(755,root,root) /%{_lib}/security/pam_stress.so | |
e1e49c86 | 600 | %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so |
3bc02d41 | 601 | %attr(755,root,root) /%{_lib}/security/pam_time.so |
7f8ab60d | 602 | %attr(755,root,root) /%{_lib}/security/pam_timestamp.so |
6d7d9335 | 603 | %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so} |
7f8ab60d | 604 | %attr(755,root,root) /%{_lib}/security/pam_umask.so |
3bc02d41 | 605 | %attr(755,root,root) /%{_lib}/security/pam_unix.so |
be652228 | 606 | %attr(755,root,root) /%{_lib}/security/pam_usertype.so |
3bc02d41 JB |
607 | %attr(755,root,root) /%{_lib}/security/pam_warn.so |
608 | %attr(755,root,root) /%{_lib}/security/pam_wheel.so | |
609 | %attr(755,root,root) /%{_lib}/security/pam_xauth.so | |
f0f219ac | 610 | |
25846ece ER |
611 | %files libs |
612 | %defattr(644,root,root,755) | |
613 | %dir /%{_lib}/security/pam_filter | |
614 | %attr(755,root,root) /%{_lib}/libpam.so.*.*.* | |
615 | %attr(755,root,root) %ghost /%{_lib}/libpam.so.0 | |
616 | %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.* | |
617 | %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0 | |
618 | %attr(755,root,root) /%{_lib}/libpamc.so.*.*.* | |
619 | %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0 | |
620 | ||
f0f219ac | 621 | %files devel |
abb00f9e | 622 | %defattr(644,root,root,755) |
964f5d32 | 623 | %if %{with doc} |
a738676c | 624 | %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html |
964f5d32 | 625 | %endif |
a738676c JB |
626 | %attr(755,root,root) %{_libdir}/libpam.so |
627 | %attr(755,root,root) %{_libdir}/libpam_misc.so | |
628 | %attr(755,root,root) %{_libdir}/libpamc.so | |
629 | %{_libdir}/libpam.la | |
630 | %{_libdir}/libpam_misc.la | |
631 | %{_libdir}/libpamc.la | |
632 | %{_includedir}/security/_pam_*.h | |
633 | %{_includedir}/security/pam*.h | |
634 | %{_mandir}/man3/misc_conv.3* | |
635 | %{_mandir}/man3/pam*.3* | |
e523043b | 636 | |
ac46f43b | 637 | %files static |
051aeb4a | 638 | %defattr(644,root,root,755) |
98b63014 JR |
639 | %{_libdir}/libpam.a |
640 | %{_libdir}/libpamc.a | |
641 | %{_libdir}/libpam_misc.a | |
7c2f893c | 642 | |
be652228 JB |
643 | %if %{with cracklib} |
644 | %files pam_cracklib | |
645 | %defattr(644,root,root,755) | |
646 | %doc modules/pam_cracklib/README | |
647 | %attr(755,root,root) /%{_lib}/security/pam_cracklib.so | |
648 | %{_mandir}/man8/pam_cracklib.8* | |
649 | %endif | |
650 | ||
1fbc0597 JR |
651 | %if %{with selinux} |
652 | %files pam_selinux | |
653 | %defattr(644,root,root,755) | |
1fbc0597 | 654 | %attr(755,root,root) /%{_lib}/security/pam_selinux.so |
85c2b5f9 | 655 | %attr(755,root,root) /%{_lib}/security/pam_sepermit.so |
1fbc0597 | 656 | %attr(755,root,root) %{_sbindir}/pam_selinux_check |
c9ad1aae ER |
657 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check |
658 | %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf | |
b378d3bb | 659 | %{_mandir}/man5/sepermit.conf.5* |
1fbc0597 | 660 | %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 661 | %{_mandir}/man8/pam_sepermit.8* |
52c22c8a | 662 | %dir /var/run/sepermit |
1fbc0597 | 663 | %endif |
e5de221b | 664 | |
1c7ad2f8 ER |
665 | %if %{with tally} |
666 | %files pam_tally | |
667 | %defattr(644,root,root,755) | |
668 | %attr(755,root,root) %{_sbindir}/pam_tally | |
669 | %attr(755,root,root) %{_sbindir}/pam_tally2 | |
670 | %attr(755,root,root) /%{_lib}/security/pam_tally.so | |
671 | %attr(755,root,root) /%{_lib}/security/pam_tally2.so | |
672 | %ghost %verify(not md5 mtime size) /var/log/tallylog | |
673 | %endif | |
bf3c1909 JB |
674 | |
675 | %files pam_userdb | |
676 | %defattr(644,root,root,755) | |
677 | %doc modules/pam_userdb/README | |
678 | %attr(755,root,root) /%{_lib}/security/pam_userdb.so | |
679 | %{_mandir}/man8/pam_userdb.8* |