%bcond_with skey # skey (onetime passwords) support (conflicts with PAM)
%bcond_without sssd # SSSD support plugin
%bcond_without tests # do not perform "make check"
+%bcond_without apparmor # AppArmor support
%if "%{pld_release}" == "ac"
%define pam_ver 0.80.1
Summary(ru.UTF-8): Позволяет определенным пользователям исполнять команды от имени root
Summary(uk.UTF-8): Дозволяє вказаним користувачам виконувати команди від імені root
Name: sudo
-# please see doc/UPGRADE for important changes each time updating sudo
-Version: 1.8.19p2
-Release: 1
+# please see docs/UPGRADE.md for important changes each time updating sudo
+Version: 1.9.11p1
+Release: 3
Epoch: 1
License: BSD
Group: Applications/System
-Source0: ftp://ftp.sudo.ws/pub/sudo/%{name}-%{version}.tar.gz
-# Source0-md5: 31a6090ed1d0946fa22cba19e86aafef
+Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
+# Source0-md5: 8cd373aec6cde5e93a646d2950bf8df6
Source1: %{name}.pamd
Source2: %{name}-i.pamd
Patch0: %{name}-env.patch
Patch1: config.patch
+Patch2: %{name}-sh.patch
+Patch3: x32.patch
URL: http://www.sudo.ws/sudo/
%{?with_audit:BuildRequires: audit-libs-devel}
BuildRequires: autoconf >= 2.53
BuildRequires: gettext-devel
BuildRequires: groff
%{?with_kerberos5:BuildRequires: heimdal-devel}
+%{?with_apparmor:BuildRequires: libapparmor-devel}
%{?with_selinux:BuildRequires: libselinux-devel}
BuildRequires: libtool >= 2:2.2.6
%{?with_ldap:BuildRequires: openldap-devel >= 2.3.0}
%{?with_pam:BuildRequires: pam-devel}
BuildRequires: rpm >= 4.4.9-56
-BuildRequires: rpmbuild(macros) >= 1.595
+BuildRequires: rpmbuild(macros) >= 1.752
%{?with_skey:BuildRequires: skey-devel >= 2.2-11}
BuildRequires: zlib-devel
+%if "%{pld_release}" != "ac"
+# uses /run
+Requires: FHS >= 3.0
+%endif
Requires: pam >= %{pam_ver}
Obsoletes: cu-sudo
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
Requires(post,postun): sed >= 4.0
Requires: openldap-servers
Requires: sed >= 4.0
-%if "%{_rpmversion}" >= "5"
BuildArch: noarch
-%endif
%description -n openldap-schema-sudo
This package contains sudo.schema for openldap.
%description -n openldap-schema-sudo -l pl.UTF-8
Ten pakiet zawiera sudo.schema dla pakietu openldap.
+%package logsrvd
+Summary: High-performance log server for sudo
+Summary(pl.UTF-8): Wysoko wydajny serwer logujący dla sudo
+Group: Daemons
+Requires: %{name} = %{epoch}:%{version}-%{release}
+
+%description logsrvd
+sudo-logsrvd is a high-performance log server that accepts event
+and I/O logs from sudo. It can be used to implement centralized
+logging of sudo logs.
+
+%description logsrvd -l pl.UTF-8
+sudo-logsrvd to wysoko wydajny serwer logujący przyjmyjący logi
+zdarzeń i we/wy z sudo. Może byc używany do zaimplementowania
+scentralizowanego logowania z sudo.
+
%prep
%setup -q
# only local macros
-mv aclocal.m4 acinclude.m4
+%{__mv} aclocal.m4 acinclude.m4
# do not load libtool macros from acinclude
cp -p acinclude.m4 acinclude.m4.orig
%{__sed} -i -e '/Pull in libtool macros/,$d' acinclude.m4
%patch0 -p1
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
! [ -f m4/ax_sys_weak_alias.m4 ] # provide own copy only until it is there
cp %{_aclocaldir}/ax_sys_weak_alias.m4 m4
%build
-%{__mv} install-sh install-custom-sh
%{__libtoolize}
-%{__mv} install-custom-sh install-sh
cp -f /usr/share/automake/config.sub .
%{__aclocal} -I m4
%{__autoconf}
%configure \
NROFFPROG=nroff \
--enable-zlib=system \
+ %{__with_without apparmor} \
--with-env-editor \
--with-ignore-dot \
--with-incpath=/usr/include/security \
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir}/{sudoers.d,pam.d},%{_mandir}/man8} \
- $RPM_BUILD_ROOT{%{systemdtmpfilesdir},/var/log/sudo-io,/var/run/sudo/ts}
+install -d $RPM_BUILD_ROOT{/etc/pam.d,/var/log/sudo-io}
%{__make} -j1 install \
DESTDIR=$RPM_BUILD_ROOT \
sudoers_gid=$(id -g) \
shlib_mode="0755"
+%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
+
cp -p %{SOURCE1} $RPM_BUILD_ROOT/etc/pam.d/sudo
cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
%{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sudo*
%endif
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/sudo/*.la
+%{__rm} $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.la
%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}
%if %{with ldap}
install -d $RPM_BUILD_ROOT%{schemadir}
-cp -p doc/schema.OpenLDAP $RPM_BUILD_ROOT%{schemadir}/sudo.schema
+cp -p docs/schema.OpenLDAP $RPM_BUILD_ROOT%{schemadir}/sudo.schema
%endif
# sudo,sudoers domains
%files -f %{name}.lang
%defattr(644,root,root,755)
-%doc ChangeLog NEWS README doc/{CONTRIBUTORS,HISTORY,LICENSE,TROUBLESHOOTING,UPGRADE}
-%{?with_ldap:%doc README.LDAP plugins/sudoers/sudoers2ldif}
+%doc ChangeLog LICENSE.md NEWS README.md docs/{CONTRIBUTORS,HISTORY,TROUBLESHOOTING,UPGRADE}.md
+%{?with_ldap:%doc README.LDAP.md}
%attr(550,root,root) %dir %{_sysconfdir}/sudoers.d
%attr(440,root,root) %verify(not md5 mtime size) %config(noreplace) %{_sysconfdir}/sudoers
+%attr(640,root,root) %verify(not md5 mtime size) %config(noreplace) %{_sysconfdir}/sudo.conf
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sudo
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sudo-i
+%attr(755,root,root) %{_bindir}/cvtsudoers
%attr(4755,root,root) %{_bindir}/sudo
%attr(4755,root,root) %{_bindir}/sudoedit
%attr(755,root,root) %{_bindir}/sudoreplay
%attr(755,root,root) %{_sbindir}/visudo
-%dir %{_libdir}/sudo
-%attr(755,root,root) %{_libdir}/sudo/libsudo_util.so.*.*.*
-%attr(755,root,root) %{_libdir}/sudo/libsudo_util.so.0
-%attr(755,root,root) %{_libdir}/sudo/libsudo_util.so
-%{?with_selinux:%attr(755,root,root) %{_libdir}/sudo/sesh}
-%attr(755,root,root) %{_libdir}/sudo/group_file.so
-%attr(755,root,root) %{_libdir}/sudo/sudo_noexec.so
-%attr(755,root,root) %{_libdir}/sudo/sudoers.so
-%attr(755,root,root) %{_libdir}/sudo/system_group.so
+%dir %{_libexecdir}/sudo
+%attr(755,root,root) %{_libexecdir}/sudo/libsudo_util.so.*.*.*
+%attr(755,root,root) %{_libexecdir}/sudo/libsudo_util.so.0
+%attr(755,root,root) %{_libexecdir}/sudo/libsudo_util.so
+%{?with_selinux:%attr(755,root,root) %{_libexecdir}/sudo/sesh}
+%attr(755,root,root) %{_libexecdir}/sudo/audit_json.so
+%attr(755,root,root) %{_libexecdir}/sudo/group_file.so
+%attr(755,root,root) %{_libexecdir}/sudo/sample_approval.so
+%attr(755,root,root) %{_libexecdir}/sudo/sudo_intercept.so
+%attr(755,root,root) %{_libexecdir}/sudo/sudo_noexec.so
+%attr(755,root,root) %{_libexecdir}/sudo/sudoers.so
+%attr(755,root,root) %{_libexecdir}/sudo/system_group.so
+%{_mandir}/man1/cvtsudoers.1*
+%{_mandir}/man5/sudo_plugin.5*
%{_mandir}/man5/sudoers.5*
+%{_mandir}/man5/sudoers_timestamp.5*
%{_mandir}/man5/sudo.conf.5*
%{?with_ldap:%{_mandir}/man5/sudoers.ldap.5*}
%{_mandir}/man8/sudo.8*
-%{_mandir}/man8/sudo_plugin.8*
%{_mandir}/man8/sudoedit.8*
%{_mandir}/man8/sudoreplay.8*
%{_mandir}/man8/visudo.8*
%{_examplesdir}/%{name}-%{version}
%attr(700,root,root) /var/log/sudo-io
%attr(700,root,root) %dir /var/db/sudo
-%dir %attr(711,root,root) /var/run/sudo
-%dir %attr(700,root,root) /var/run/sudo/ts
%files devel
%defattr(644,root,root,755)
%defattr(644,root,root,755)
%{schemadir}/sudo.schema
%endif
+
+%files logsrvd
+%defattr(644,root,root,755)
+%attr(640,root,root) %verify(not md5 mtime size) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
+%attr(755,root,root) %{_sbindir}/sudo_logsrvd
+%attr(755,root,root) %{_sbindir}/sudo_sendlog
+%{_mandir}/man5/sudo_logsrv.proto.5*
+%{_mandir}/man5/sudo_logsrvd.conf.5*
+%{_mandir}/man8/sudo_logsrvd.8*
+%{_mandir}/man8/sudo_sendlog.8*