3 %bcond_without doc # don't build documentation
4 %bcond_with prelude # build with Prelude IDS support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without audit # build with Linux Auditing library support
8 %define pam_pld_version 0.99.7.1-3
10 %define _sbindir /sbin
12 Summary: Pluggable Authentication Modules: modular, incremental authentication
13 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
14 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
15 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
16 Summary(pl.UTF-8): Modularny system uwierzytelniania
17 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
18 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
19 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
20 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
26 Source0: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
27 # Source0-md5: 385458dfb4633071594e255a6ebec9da
28 Source1: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
29 # Source1-md5: 259c57009369eda92a00d1a153776ac6
30 Source2: ftp://ftp.pld-linux.org/software/pam/pam-pld-%{pam_pld_version}.tar.gz
31 # Source2-md5: 04d42fee1701f78bdd115c0944a34238
33 Source4: system-auth.pamd
34 Source5: config-util.pamd
35 Source6: pam_selinux_check.pamd
36 Source7: system-auth.5
37 Source8: config-util.5
38 Patch0: %{name}-pld-modules.patch
39 Patch1: %{name}-modutil_mem_limit.patch
40 Patch2: %{name}-cracklib-try-first-pass.patch
41 Patch3: %{name}-cracklib-enforce.patch
42 Patch4: %{name}-tally-fail-close.patch
43 Patch5: %{name}-selinux-nofail.patch
44 Patch6: %{name}-selinux-drop-multiple.patch
45 Patch7: %{name}-selinux-keycreate.patch
46 Patch8: %{name}-selinux-select-context.patch
47 Patch9: %{name}-selinux-use-current-range.patch
48 Patch10: %{name}-namespace-no-unmount.patch
49 Patch11: %{name}-namespace-preserve-uid.patch
50 Patch12: %{name}-namespace-level.patch
51 Patch13: %{name}-namespace-unmnt-override.patch
52 Patch14: %{name}-unix-nullcheck.patch
53 Patch15: %{name}-unix-blowfish.patch
54 Patch16: %{name}-mkhomedir-new-features.patch
55 Patch17: %{name}-db-gdbm.patch
56 Patch18: %{name}-exec-failok.patch
57 URL: http://www.kernel.org/pub/linux/libs/pam/
58 %{?with_audit:BuildRequires: audit-libs-devel >= 1.0.8}
59 BuildRequires: autoconf
60 BuildRequires: automake
62 BuildRequires: cracklib-devel >= 2.8.3
63 # gdbm due to db pulling libpthread
64 BuildRequires: gdbm-devel >= 1.8.3-7
66 BuildRequires: glibc-devel >= 6:2.5-0.5
67 %{?with_prelude:BuildRequires: libprelude-devel}
68 %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
69 BuildRequires: libtool >= 2:1.5
71 BuildRequires: docbook-dtd43-xml
72 BuildRequires: docbook-dtd44-xml
73 BuildRequires: docbook-style-xsl >= 1.69.1
76 BuildRequires: libxml2-progs
77 BuildRequires: libxslt-progs
80 Requires(post): coreutils
81 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
83 Requires: /usr/bin/make
88 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
91 PAM (Pluggable Authentication Modules) is a powerful, flexible,
92 extensible authentication system which allows the system administrator
93 to configure authentication services individually for every
94 pam-compliant application without recompiling any of the applications.
96 %description -l de.UTF-8
97 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
98 flexibles und erweiterbares Authentifizierungssystem, mit dem der
99 Systemverwalter Authentifizierungs-Dienste individuell für jede
100 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
101 kompilieren zu müssen.
103 %description -l es.UTF-8
104 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
105 extensible sistema de autentificación, que permite al administrador
106 del sistema configurar servicios de autentificación individualmente
107 para cada aplicación pam compatible, sin la necesidad de recompilar
108 cualquier una de las aplicaciones.
110 %description -l fr.UTF-8
111 PAM (Pluggable Authentication Modules) est un systéme
112 d'authentification puissant, souple et extensible permettant à
113 l'administrateur système de configurer les individuellement les
114 services d'authentification pour chaque application conforme à PAM,
115 sans recompiler aucune application.
117 %description -l pl.UTF-8
118 PAM (Pluggable Authentication Modules) jest silnym i łatwo
119 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
120 administratorowi indywidualne konfigurowanie poszczególnych usług,
121 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
122 późniejszej ich rekompilacji w momencie zmiany sposobu
123 uwierzytelniania tychże usług.
125 %description -l pt_BR.UTF-8
126 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
127 extensível sistema de autenticação, que permite o administrador do
128 sistema configurar serviços de autenticação individualmente para cada
129 aplicação pam compatível, sem necessidade de recompilar qualquer uma
132 %description -l uk.UTF-8
133 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
134 розширення система аутентикації, яка дозволяє системному
135 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
136 індивідуально для кожної pam-сумісної програми без необхідності
137 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
140 %description -l tr.UTF-8
141 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
142 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
143 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
144 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
146 %description -l ru.UTF-8
147 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
148 расширяемая система аутентикации, позволяющая системному
149 администратору конфигурировать сервисы авторизации доступа
150 (аутентикации) индивидуально для каждой pam-совместимой программы без
151 необходимости перекомпилляции самой программы. Это базовый механизм
152 аутентикации в PLD Linux.
155 Summary: PAM modules and libraries
156 Summary(pl.UTF-8): Moduły i biblioteki PAM
158 Conflicts: pam < 0:0.80.1-2
159 Requires(triggerpostun): sed >= 4.0
160 Requires: cracklib >= 2.8.3
161 Requires: cracklib-dicts >= 2.8.3
162 Requires: gdbm >= 1.8.3-7
163 Requires: glibc >= 6:2.5-0.5
164 %{?with_audit:Requires: audit-libs >= 1.0.8}
165 %{?with_selinux:Requires: libselinux >= 1.33.2}
168 Core PAM modules and libraries.
170 %description libs -l pl.UTF-8
171 Moduły i biblioteki PAM.
174 Summary: PAM header files
175 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
176 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
177 Summary(ru.UTF-8): Библиотеки разработчика для PAM
178 Summary(uk.UTF-8): Бібліотеки програміста для PAM
179 Group: Development/Libraries
180 Requires: %{name} = %{epoch}:%{version}-%{release}
181 Requires: filesystem >= 3.0-11
184 Header files for developing PAM based applications.
186 %description devel -l pl.UTF-8
187 Pliki nagłówkowe i dokumentacja programisty do PAM.
189 %description devel -l pt_BR.UTF-8
190 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
192 %description devel -l ru.UTF-8
193 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
195 %description devel -l uk.UTF-8
196 Цей пакет містить хедери та бібліотеки програміста для PAM.
199 Summary: PAM static libraries
200 Summary(pl.UTF-8): Biblioteki statyczne PAM
201 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
202 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
203 Group: Development/Libraries
204 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
207 PAM static libraries.
209 %description static -l pl.UTF-8
210 Biblioteki statyczne PAM.
212 %description static -l ru.UTF-8
213 Этот пакет содержит статические библиотеки разработчика для PAM.
215 %description static -l uk.UTF-8
216 Цей пакет містить статичні бібліотеки програміста для PAM.
219 Summary: PAM module - SELinux support
220 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
223 %description pam_selinux
224 PAM module - SELinux support.
226 %description pam_selinux -l pl.UTF-8
227 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
230 %setup -q -a2 -n Linux-PAM-%{version}
261 --includedir=%{_includedir}/security \
262 --enable-isadir=../../%{_lib}/security \
264 %{!?with_selinux:--disable-selinux} \
265 %{!?with_prelude:--disable-prelude} \
266 %{!?with_audit:--disable-audit}
268 # we must explicitely update-gmo as we patch a po file
269 %{__make} -C po update-gmo
273 rm -rf $RPM_BUILD_ROOT
274 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/log}
277 DESTDIR=$RPM_BUILD_ROOT
280 install modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
281 install modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
282 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
286 for r in modules/pam_*/README ; do
287 cp -f $r doc/txts/README.$(basename $(dirname $r))
290 cp -f doc/index.html doc/html/
292 # fix PAM/pam man page
293 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
295 :> $RPM_BUILD_ROOT/etc/security/opasswd
297 #:> $RPM_BUILD_ROOT/var/log/faillog
298 :> $RPM_BUILD_ROOT/var/log/tallylog
300 mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT/%{_libdir}
302 cd $RPM_BUILD_ROOT/%{_lib}
303 for f in lib*.la ; do
304 sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT/%{_libdir}/$f
307 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
308 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
309 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
312 install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
313 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
314 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
316 install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
317 install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
319 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
320 for dir in modules/pam_* ; do
321 %if %{without selinux}
322 [ ${dir} = "modules/pam_selinux" ] && continue
324 if [ -d ${dir} ] ; then
325 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
326 echo ERROR `basename ${dir}` did not build a module.
332 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
333 # Check for module problems. Specifically, check that every module we just
334 # installed can actually be loaded by a minimal PAM-aware application.
335 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
336 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
337 echo ERROR module: ${module} cannot be loaded.
340 # And for good measure, make sure that none of the modules pull in threading
341 # libraries, which if loaded in a non-threaded application, can cause Very
342 # Bad Things to happen.
343 if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
344 LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
345 fgrep -q libpthread ; then
346 echo ERROR module: ${module} pulls threading libraries.
351 # useless - shut up check-files
352 rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
353 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
355 %if %{without selinux}
356 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
362 rm -rf $RPM_BUILD_ROOT
364 %triggerpostun libs -- %{name}-libs < 0.99.7.1
365 for f in `grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*` ; do
367 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
371 cp -f "$f" "$f.rpmorig"
372 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
373 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
377 if [ -d /var/lock/console -a -d /var/run/console ]; then
378 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
379 rm -rf /var/lock/console
383 #if [ ! -a /var/log/faillog ] ; then
384 # touch /var/log/faillog
385 # chmod 600 /var/log/faillog
387 if [ ! -a /var/log/tallylog ] ; then
388 touch /var/log/tallylog
389 chmod 600 /var/log/tallylog
392 %post libs -p /sbin/ldconfig
393 %postun libs -p /sbin/ldconfig
395 %files -f Linux-PAM.lang
396 %defattr(644,root,root,755)
397 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS
398 %doc doc/txts/README*
401 %doc doc/sag/Linux-PAM_*.txt
404 %dir %attr(755,root,root) /etc/pam.d
405 %dir %attr(755,root,root) /etc/security/console.apps
406 %dir %attr(755,root,root) /etc/security/console.perms.d
407 %dir %attr(755,root,root) /var/run/console
408 %config(noreplace) %verify(not md5 mtime size) /etc/environment
409 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
410 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
411 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
412 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
413 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
414 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
415 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
416 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
417 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
418 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
419 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
420 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
421 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
422 %config /etc/security/console.perms.d/50-default.perms
423 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
424 %attr(4755,root,root) /sbin/unix_chkpwd
425 %attr(755,root,root) %{_bindir}/pam_pwgen
426 %attr(755,root,root) %{_sbindir}/pam_console_apply
427 %attr(755,root,root) %{_sbindir}/pam_tally
428 %attr(755,root,root) %{_sbindir}/pam_tally2
429 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
430 %attr(755,root,root) %{_sbindir}/pwgen_trigram
432 %{_mandir}/man8/PAM.*
433 %{_mandir}/man8/pam.*
434 %{_mandir}/man8/pam_[a-r]*
435 %{_mandir}/man8/pam_securetty*
436 %{_mandir}/man8/pam_shells*
437 %{_mandir}/man8/pam_succeed_if*
438 %{_mandir}/man8/pam_[t-x]*
439 %{_mandir}/man8/unix_chkpwd*
440 #%ghost %verify(not md5 size mtime) /var/log/faillog
441 %ghost %verify(not md5 size mtime) /var/log/tallylog
444 %defattr(644,root,root,755)
445 %dir /%{_lib}/security/pam_filter
446 %attr(755,root,root) /%{_lib}/lib*.so.*.*
447 %attr(755,root,root) /%{_lib}/security/pam_access.so
448 %attr(755,root,root) /%{_lib}/security/pam_console.so
449 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
450 %attr(755,root,root) /%{_lib}/security/pam_debug.so
451 %attr(755,root,root) /%{_lib}/security/pam_deny.so
452 %attr(755,root,root) /%{_lib}/security/pam_echo.so
453 %attr(755,root,root) /%{_lib}/security/pam_env.so
454 %attr(755,root,root) /%{_lib}/security/pam_exec.so
455 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
456 %attr(755,root,root) /%{_lib}/security/pam_filter.so
457 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
458 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
459 %attr(755,root,root) /%{_lib}/security/pam_group.so
460 %attr(755,root,root) /%{_lib}/security/pam_issue.so
461 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
462 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
463 %attr(755,root,root) /%{_lib}/security/pam_limits.so
464 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
465 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
466 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
467 %attr(755,root,root) /%{_lib}/security/pam_mail.so
468 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
469 %attr(755,root,root) /%{_lib}/security/pam_motd.so
470 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
471 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
472 %attr(755,root,root) /%{_lib}/security/pam_permit.so
473 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
474 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
475 %attr(755,root,root) /%{_lib}/security/pam_rhosts_auth.so
476 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
477 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
478 %attr(755,root,root) /%{_lib}/security/pam_rps.so
479 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
480 %attr(755,root,root) /%{_lib}/security/pam_shells.so
481 %attr(755,root,root) /%{_lib}/security/pam_stress.so
482 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
483 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
484 %attr(755,root,root) /%{_lib}/security/pam_tally.so
485 %attr(755,root,root) /%{_lib}/security/pam_time.so
486 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
487 %attr(755,root,root) /%{_lib}/security/pam_umask.so
488 %attr(755,root,root) /%{_lib}/security/pam_unix.so
489 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
490 %attr(755,root,root) /%{_lib}/security/pam_warn.so
491 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
492 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
495 %defattr(644,root,root,755)
497 %doc doc/{adg,mwg}/Linux-PAM_*.txt
498 %doc doc/{adg,mwg,}/html
500 %attr(755,root,root) %{_libdir}/lib*.so
502 %{_includedir}/security/*.h
506 %defattr(644,root,root,755)
509 %{_libdir}/libpam_misc.a
513 %defattr(644,root,root,755)
514 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
515 %attr(755,root,root) %{_sbindir}/pam_selinux_check
516 %config(noreplace) %verify(not size mtime md5) /etc/pam.d/pam_selinux_check
517 %{_mandir}/man8/pam_selinux*.8*