]>
Commit | Line | Data |
---|---|---|
39c2efed ER |
1 | # TODO |
2 | # - check and package docs: https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.8-docs.tar.bz2 | |
c9ad1aae | 3 | # |
d11ce12e | 4 | # Conditional build: |
b4afc5a5 | 5 | %bcond_without doc # don't build documentation |
b378d3bb | 6 | %bcond_with prelude # build with Prelude IDS support (in libpam) |
846d8fdc | 7 | %bcond_without selinux # build without SELinux support |
84871244 | 8 | %bcond_without audit # build with Linux Auditing library support |
37dd6f95 | 9 | |
48ec83cd | 10 | %define pam_pld_version 1.1.2-1 |
abb00f9e | 11 | Summary: Pluggable Authentication Modules: modular, incremental authentication |
b7025e7f ER |
12 | Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung |
13 | Summary(es.UTF-8): Módulos de autentificación plugables (PAM) | |
14 | Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication | |
15 | Summary(pl.UTF-8): Modularny system uwierzytelniania | |
16 | Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM) | |
17 | Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений | |
18 | Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri | |
19 | Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм | |
abb00f9e | 20 | Name: pam |
6235593e | 21 | Version: 1.1.8 |
39a5e7e4 | 22 | Release: 4 |
e6e4b559 | 23 | Epoch: 1 |
c96a8fe2 | 24 | License: GPL or BSD |
abb00f9e | 25 | Group: Base |
d9e597ca | 26 | Source0: http://www.linux-pam.org/library/Linux-PAM-%{version}.tar.bz2 |
6235593e | 27 | # Source0-md5: 35b6091af95981b1b2cd60d813b5e4ee |
c9ad1aae | 28 | Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz |
48ec83cd | 29 | # Source2-md5: f9ec6fcafcf1801bf318e60040244f2e |
7f8ab60d JR |
30 | Source3: other.pamd |
31 | Source4: system-auth.pamd | |
32 | Source5: config-util.pamd | |
c9ad1aae | 33 | Source6: %{name}_selinux_check.pamd |
7f8ab60d JR |
34 | Source7: system-auth.5 |
35 | Source8: config-util.5 | |
664ca91d | 36 | Source9: %{name}.tmpfiles |
7f8ab60d | 37 | Patch0: %{name}-pld-modules.patch |
57fed07b JR |
38 | Patch2: %{name}-tally-fail-close.patch |
39 | Patch3: %{name}-mkhomedir-notfound.patch | |
40 | Patch4: %{name}-db-gdbm.patch | |
41 | Patch5: %{name}-exec-failok.patch | |
3c20be82 | 42 | Patch6: update-motd.patch |
d9e597ca | 43 | URL: http://www.linux-pam.org/ |
85c2b5f9 | 44 | %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9} |
ce3569c4 | 45 | BuildRequires: autoconf >= 2.61 |
b8f360f2 | 46 | BuildRequires: automake |
1dc7ef6b | 47 | BuildRequires: bison |
234dfb8e | 48 | BuildRequires: cracklib-devel >= 2.8.3 |
b81508df | 49 | # gdbm due to db pulling libpthread |
de5c0104 | 50 | BuildRequires: flex |
c9ad1aae | 51 | BuildRequires: gdbm-devel >= 1.8.3-7 |
ce3569c4 | 52 | BuildRequires: gettext-devel >= 0.15 |
57fed07b | 53 | BuildRequires: glibc-devel >= 6:2.10.1 |
8ea60c4a | 54 | BuildRequires: glibc-misc |
ce3569c4 | 55 | %{?with_prelude:BuildRequires: libprelude-devel >= 0.9.0} |
7f8ab60d | 56 | %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2} |
ce3569c4 | 57 | #BuildRequires: libtirpc-devel |
0a855cc1 | 58 | BuildRequires: libtool >= 2:1.5 |
ce3569c4 | 59 | BuildRequires: libxcrypt-devel |
3895445c | 60 | %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1} |
61 | BuildRequires: zlib-devel | |
b4afc5a5 | 62 | %if %{with doc} |
57fed07b | 63 | BuildRequires: docbook-dtd412-xml |
7f8ab60d JR |
64 | BuildRequires: docbook-dtd43-xml |
65 | BuildRequires: docbook-dtd44-xml | |
66 | BuildRequires: docbook-style-xsl >= 1.69.1 | |
84871244 JR |
67 | # For building PDFs |
68 | #BuildRequires: fop | |
7f8ab60d JR |
69 | BuildRequires: libxml2-progs |
70 | BuildRequires: libxslt-progs | |
71 | BuildRequires: w3m | |
b4afc5a5 | 72 | %endif |
fe9df33a | 73 | Requires: %{name}-libs = %{epoch}:%{version}-%{release} |
25846ece | 74 | %{?with_audit:Requires: audit-libs >= 1.0.8} |
c9ad1aae | 75 | Requires: awk |
25846ece ER |
76 | Requires: cracklib >= 2.8.3 |
77 | Requires: cracklib-dicts >= 2.8.3 | |
78 | Requires: crypt(blowfish) | |
25846ece | 79 | Requires: glibc >= 6:2.5-0.5 |
e5de221b ER |
80 | # for migration purposes. drop at some point |
81 | Requires: pam-pam_userdb = %{epoch}:%{version}-%{release} | |
eb400e74 | 82 | Suggests: make |
73954d99 | 83 | Obsoletes: pam-doc |
25846ece ER |
84 | Obsoletes: pam-pam_opie |
85 | Obsoletes: pam-pam_pwdb | |
86 | Obsoletes: pam-pam_radius | |
87 | Obsoletes: pam-pam_skey | |
88 | Obsoletes: pam-pam_tcpd | |
c9ad1aae ER |
89 | Obsoletes: pam_make |
90 | Obsoletes: pamconfig | |
91 | Conflicts: dev < 3.4-4 | |
25846ece | 92 | Conflicts: pam < 0:0.80.1-2 |
c9ad1aae | 93 | Conflicts: udev < 1:138-5 |
28fa39c9 | 94 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
f0f219ac | 95 | |
37dd6f95 ER |
96 | %define _sbindir /sbin |
97 | ||
f0f219ac | 98 | %description |
faaf5eea | 99 | PAM (Pluggable Authentication Modules) is a powerful, flexible, |
100 | extensible authentication system which allows the system administrator | |
101 | to configure authentication services individually for every | |
102 | pam-compliant application without recompiling any of the applications. | |
f0f219ac | 103 | |
e2cbb18f JR |
104 | %description -l de.UTF-8 |
105 | PAM (Pluggable Authentication Modules) ist ein leistungsfähiges, | |
faaf5eea | 106 | flexibles und erweiterbares Authentifizierungssystem, mit dem der |
e2cbb18f | 107 | Systemverwalter Authentifizierungs-Dienste individuell für jede |
faaf5eea | 108 | pam-kompatible Anwendung konfigurieren kann, ohne diese neu |
e2cbb18f | 109 | kompilieren zu müssen. |
f0f219ac | 110 | |
e2cbb18f JR |
111 | %description -l es.UTF-8 |
112 | PAM (Módulos de Autenticación Plugables) es un potente, flexible y | |
113 | extensible sistema de autentificación, que permite al administrador | |
114 | del sistema configurar servicios de autentificación individualmente | |
115 | para cada aplicación pam compatible, sin la necesidad de recompilar | |
8797d11d JB |
116 | cualquier una de las aplicaciones. |
117 | ||
e2cbb18f JR |
118 | %description -l fr.UTF-8 |
119 | PAM (Pluggable Authentication Modules) est un systéme | |
120 | d'authentification puissant, souple et extensible permettant à | |
121 | l'administrateur système de configurer les individuellement les | |
122 | services d'authentification pour chaque application conforme à PAM, | |
faaf5eea | 123 | sans recompiler aucune application. |
ac46f43b | 124 | |
e2cbb18f JR |
125 | %description -l pl.UTF-8 |
126 | PAM (Pluggable Authentication Modules) jest silnym i łatwo | |
127 | dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia | |
128 | administratorowi indywidualne konfigurowanie poszczególnych usług, | |
129 | które są dostosowane i skonsolidowane z bibliotekami PAM, bez | |
130 | późniejszej ich rekompilacji w momencie zmiany sposobu | |
131 | uwierzytelniania tychże usług. | |
b1babe47 | 132 | |
e2cbb18f JR |
133 | %description -l pt_BR.UTF-8 |
134 | PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e | |
135 | extensível sistema de autenticação, que permite o administrador do | |
136 | sistema configurar serviços de autenticação individualmente para cada | |
137 | aplicação pam compatível, sem necessidade de recompilar qualquer uma | |
138 | das aplicações. | |
51c8ab2d | 139 | |
e2cbb18f JR |
140 | %description -l uk.UTF-8 |
141 | PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до | |
142 | розширення система аутентикації, яка дозволяє системному | |
143 | адміністратору налагоджувати севіси авторизації доступу (аутентикації) | |
144 | індивідуально для кожної pam-сумісної програми без необхідності | |
145 | перекомпіляції самої програми. Це базовий механізм аутентикації в PLD | |
b440fddc | 146 | Linux. |
147 | ||
e2cbb18f JR |
148 | %description -l tr.UTF-8 |
149 | PAM (Pluggable Authentication Modules) sistem yöneticilerinin | |
150 | uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu | |
151 | uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan, | |
152 | güclü, esnek ve kapsamlı bir doğrulama sistemidir. | |
51c8ab2d | 153 | |
e2cbb18f JR |
154 | %description -l ru.UTF-8 |
155 | PAM (Pluggable Authentication Modules) - это мощная, гибкая, | |
156 | расширяемая система аутентикации, позволяющая системному | |
157 | администратору конфигурировать сервисы авторизации доступа | |
158 | (аутентикации) индивидуально для каждой pam-совместимой программы без | |
159 | необходимости перекомпилляции самой программы. Это базовый механизм | |
160 | аутентикации в PLD Linux. | |
b440fddc | 161 | |
fe9df33a | 162 | %package libs |
25846ece ER |
163 | Summary: PAM libraries |
164 | Summary(pl.UTF-8): Moduły PAM | |
fe9df33a | 165 | Group: Libraries |
234dfb8e | 166 | Requires(triggerpostun): sed >= 4.0 |
fe9df33a ER |
167 | |
168 | %description libs | |
25846ece | 169 | PAM libraries. |
fe9df33a | 170 | |
e2cbb18f | 171 | %description libs -l pl.UTF-8 |
25846ece | 172 | Moduły PAM. |
b96eca5e | 173 | |
ac46f43b | 174 | %package devel |
abb00f9e | 175 | Summary: PAM header files |
b7025e7f ER |
176 | Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM |
177 | Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
178 | Summary(ru.UTF-8): Библиотеки разработчика для PAM | |
179 | Summary(uk.UTF-8): Бібліотеки програміста для PAM | |
0bb742f7 | 180 | Group: Development/Libraries |
846d8fdc | 181 | Requires: %{name} = %{epoch}:%{version}-%{release} |
15909b27 | 182 | %{?with_audit:Requires: audit-libs-devel >= 1.0.8} |
a3ffb3a4 | 183 | Requires: filesystem >= 3.0-11 |
ac46f43b JR |
184 | |
185 | %description devel | |
186 | Header files for developing PAM based applications. | |
f0f219ac | 187 | |
e2cbb18f JR |
188 | %description devel -l pl.UTF-8 |
189 | Pliki nagłówkowe i dokumentacja programisty do PAM. | |
ac46f43b | 190 | |
e2cbb18f JR |
191 | %description devel -l pt_BR.UTF-8 |
192 | Bibliotecas e arquivos de inclusão para desenvolvimento com PAM | |
51c8ab2d | 193 | |
e2cbb18f JR |
194 | %description devel -l ru.UTF-8 |
195 | Этот пакет содержит хедеры и библиотеки разработчика для PAM. | |
b440fddc | 196 | |
e2cbb18f JR |
197 | %description devel -l uk.UTF-8 |
198 | Цей пакет містить хедери та бібліотеки програміста для PAM. | |
b440fddc | 199 | |
ac46f43b | 200 | %package static |
abb00f9e | 201 | Summary: PAM static libraries |
b7025e7f ER |
202 | Summary(pl.UTF-8): Biblioteki statyczne PAM |
203 | Summary(ru.UTF-8): Статические библиотеки разработчика для PAM | |
204 | Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM | |
0bb742f7 | 205 | Group: Development/Libraries |
846d8fdc | 206 | Requires: %{name}-devel = %{epoch}:%{version}-%{release} |
ac46f43b JR |
207 | |
208 | %description static | |
209 | PAM static libraries. | |
b1babe47 | 210 | |
e2cbb18f | 211 | %description static -l pl.UTF-8 |
ac46f43b | 212 | Biblioteki statyczne PAM. |
b1babe47 | 213 | |
e2cbb18f JR |
214 | %description static -l ru.UTF-8 |
215 | Этот пакет содержит статические библиотеки разработчика для PAM. | |
b440fddc | 216 | |
e2cbb18f JR |
217 | %description static -l uk.UTF-8 |
218 | Цей пакет містить статичні бібліотеки програміста для PAM. | |
b440fddc | 219 | |
1fbc0597 JR |
220 | %package pam_selinux |
221 | Summary: PAM module - SELinux support | |
b7025e7f | 222 | Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa |
1fbc0597 | 223 | Group: Base |
25846ece | 224 | Requires: libselinux >= 1.33.2 |
1fbc0597 JR |
225 | |
226 | %description pam_selinux | |
227 | PAM module - SELinux support. | |
228 | ||
e2cbb18f JR |
229 | %description pam_selinux -l pl.UTF-8 |
230 | Moduł PAM pozwalający na zmianę kontekstów SELinuksa. | |
1fbc0597 | 231 | |
e5de221b ER |
232 | %package pam_userdb |
233 | Summary: PAM module - authenticate against db database | |
234 | Group: Base | |
235 | Requires: gdbm >= 1.8.3-7 | |
236 | Conflicts: pam-libs < 1:1.1.8-3.1 | |
237 | ||
238 | %description pam_userdb | |
239 | pam_userdb - PAM module to authenticate against a Berkeley DB database | |
240 | ||
f0f219ac | 241 | %prep |
7f8ab60d | 242 | %setup -q -a2 -n Linux-PAM-%{version} |
3d3421d5 | 243 | %patch0 -p1 |
7f8ab60d JR |
244 | %patch2 -p1 |
245 | %patch3 -p1 | |
246 | %patch4 -p1 | |
247 | %patch5 -p1 | |
3c20be82 | 248 | %patch6 -p1 |
e523043b | 249 | |
ac46f43b | 250 | %build |
7796f9da | 251 | %{__libtoolize} |
fc1ef364 | 252 | %{__aclocal} -I m4 |
7796f9da | 253 | %{__autoconf} |
254 | %{__autoheader} | |
255 | %{__automake} | |
7edd7783 | 256 | %configure \ |
7f8ab60d JR |
257 | --enable-static \ |
258 | --enable-shared \ | |
259 | --libdir=/%{_lib} \ | |
260 | --includedir=%{_includedir}/security \ | |
261 | --enable-isadir=../../%{_lib}/security \ | |
b81508df | 262 | --enable-db=gdbm \ |
1fbc0597 JR |
263 | %{!?with_selinux:--disable-selinux} \ |
264 | %{!?with_prelude:--disable-prelude} \ | |
7f8ab60d | 265 | %{!?with_audit:--disable-audit} |
c894cd9b | 266 | |
7f8ab60d JR |
267 | # we must explicitely update-gmo as we patch a po file |
268 | %{__make} -C po update-gmo | |
0c9926ce MB |
269 | %{__make} \ |
270 | DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE" | |
f0f219ac | 271 | |
272 | %install | |
4587144c | 273 | rm -rf $RPM_BUILD_ROOT |
e58dd313 | 274 | install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/{log,run/sepermit}} \ |
0bc3c2f5 | 275 | $RPM_BUILD_ROOT%{systemdtmpfilesdir} |
4d13ca23 | 276 | |
4be82bfe JB |
277 | %{__make} install \ |
278 | DESTDIR=$RPM_BUILD_ROOT | |
4d13ca23 | 279 | |
848c50ae | 280 | %if %{with selinux} |
0bc3c2f5 ER |
281 | install -p modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir} |
282 | cp -p modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8 | |
283 | cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check | |
848c50ae | 284 | %endif |
7f8ab60d | 285 | |
0bc3c2f5 | 286 | cp -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf |
664ca91d | 287 | |
c9ad1aae | 288 | install -d doc/txts |
e5de221b ER |
289 | for r in modules/pam_*/README; do |
290 | cp -pf $r doc/txts/README.$(basename $(dirname $r)) | |
7f8ab60d | 291 | done |
e5de221b | 292 | rm doc/txts/README.pam_userdb |
c9ad1aae | 293 | install -d doc/html |
e5de221b | 294 | cp -pf doc/index.html doc/html/ |
7f8ab60d JR |
295 | |
296 | # fix PAM/pam man page | |
297 | echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8 | |
f0f219ac | 298 | |
157b3e1c | 299 | :> $RPM_BUILD_ROOT/etc/security/opasswd |
b43d0a9b | 300 | :> $RPM_BUILD_ROOT/etc/security/blacklist |
9e64e40d | 301 | |
7f8ab60d | 302 | :> $RPM_BUILD_ROOT/var/log/tallylog |
508c2464 | 303 | |
1107ace3 | 304 | mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir} |
508c2464 | 305 | |
c1d4fb20 | 306 | cd $RPM_BUILD_ROOT/%{_lib} |
a1307506 | 307 | for f in lib*.la ; do |
1107ace3 | 308 | sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f |
a1307506 | 309 | rm -f $f |
2a5c157a | 310 | sed -i -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $RPM_BUILD_ROOT%{_libdir}/$f |
a1307506 | 311 | done |
c1d4fb20 AM |
312 | ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so |
313 | ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so | |
314 | ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so | |
7f8ab60d | 315 | cd - |
8ab52661 | 316 | |
0bc3c2f5 ER |
317 | cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other |
318 | cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth | |
319 | cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util | |
7f8ab60d | 320 | |
0bc3c2f5 ER |
321 | cp -p %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5 |
322 | cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5 | |
c38ff42d | 323 | |
b81508df JR |
324 | # Make sure every module subdirectory gave us a module. Yes, this is hackish. |
325 | for dir in modules/pam_* ; do | |
df8313a3 | 326 | %if %{without selinux} |
f9ad2164 | 327 | [ ${dir} = "modules/pam_selinux" ] && continue |
85c2b5f9 | 328 | [ ${dir} = "modules/pam_sepermit" ] && continue |
6d7d9335 JK |
329 | %endif |
330 | %if %{without audit} | |
331 | [ ${dir} = "modules/pam_tty_audit" ] && continue | |
f9ad2164 | 332 | %endif |
b81508df JR |
333 | if [ -d ${dir} ] ; then |
334 | if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then | |
335 | echo ERROR `basename ${dir}` did not build a module. | |
336 | exit 1 | |
337 | fi | |
338 | fi | |
339 | done | |
340 | ||
341 | for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do | |
342 | # Check for module problems. Specifically, check that every module we just | |
343 | # installed can actually be loaded by a minimal PAM-aware application. | |
344 | if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \ | |
345 | ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then | |
346 | echo ERROR module: ${module} cannot be loaded. | |
347 | exit 1 | |
348 | fi | |
b81508df JR |
349 | done |
350 | ||
aae9c5e1 | 351 | # useless - shut up check-files |
c1d4fb20 | 352 | rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a} |
a738676c | 353 | rm -f $RPM_BUILD_ROOT/%{_lib}/lib*.so |
0bc3c2f5 | 354 | rm -rf $RPM_BUILD_ROOT%{_docdir}/Linux-PAM |
fe9df33a | 355 | |
df8313a3 | 356 | %if %{without selinux} |
fe9df33a ER |
357 | rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*} |
358 | %endif | |
aae9c5e1 | 359 | |
7f8ab60d JR |
360 | %find_lang Linux-PAM |
361 | ||
abb00f9e | 362 | %clean |
4587144c | 363 | rm -rf $RPM_BUILD_ROOT |
abb00f9e | 364 | |
5d252f91 | 365 | %triggerpostun libs -- %{name}-libs < 0.99.7.1 |
db255670 | 366 | for f in $(grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*); do |
a1307506 JR |
367 | case "$f" in |
368 | *rpmorig|*rpmnew|*rpmsave|*~|*.orig) | |
369 | continue | |
370 | ;; | |
371 | *) | |
234dfb8e JR |
372 | cp -f "$f" "$f.rpmorig" |
373 | sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \ | |
374 | -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f" | |
a1307506 JR |
375 | ;; |
376 | esac | |
377 | done | |
378 | if [ -d /var/lock/console -a -d /var/run/console ]; then | |
75f2161e | 379 | cp -a /var/lock/console/* /var/run/console/ 2> /dev/null |
234dfb8e | 380 | rm -rf /var/lock/console |
a1307506 | 381 | fi |
5d252f91 | 382 | |
37dd6f95 ER |
383 | %triggerin -- cronie,vixie-cron,hc-cron,fcron,mcron |
384 | # restart crond if pam is upgraded | |
385 | # (crond is linked with old libpam but tries to open modules linked with new libpam) | |
386 | if [ "$1" != 1 ]; then | |
387 | %service -q crond restart | |
388 | fi | |
d2d4c3b4 | 389 | exit 0 |
37dd6f95 | 390 | |
f1a6863d ER |
391 | %triggerpostun -- %{name} < 1:1.1.5-8 |
392 | # removed in 1.1.4 | |
393 | if grep -qs change_uid /etc/pam.d/system-auth; then | |
394 | %{__sed} -i -e '/session/ s/change_uid//' /etc/pam.d/system-auth | |
395 | fi | |
396 | ||
15d8e9b5 JR |
397 | # We want it added for painless upgarde even if it mean log pollution for non-systemd |
398 | # enabled systems, | |
399 | # If this module is not present on systemd enabled system then `systemctl restart sshd.service` | |
400 | # will kill all sessions. | |
401 | if ! grep -qs pam_systemd /etc/pam.d/system-auth; then | |
eb64f1e9 | 402 | echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth |
15d8e9b5 JR |
403 | fi |
404 | ||
00005501 PZ |
405 | %post -p <lua> |
406 | fh, error = io.open("/var/log/tallylog") | |
b8423a52 | 407 | if fh ~= nil then |
00005501 PZ |
408 | io.close(fh) |
409 | else | |
410 | fh = io.open("/var/log/tallylog", "w+") | |
411 | io.close(fh) | |
412 | posix.chmod("/var/log/tallylog", "rw-------") | |
413 | end | |
0607c402 | 414 | |
fe9df33a ER |
415 | %post libs -p /sbin/ldconfig |
416 | %postun libs -p /sbin/ldconfig | |
96ffe39f | 417 | |
7f8ab60d | 418 | %files -f Linux-PAM.lang |
abb00f9e | 419 | %defattr(644,root,root,755) |
a738676c | 420 | %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README* |
fe9df33a | 421 | %if %{with doc} |
a738676c | 422 | %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html |
fe9df33a | 423 | %endif |
c9ad1aae ER |
424 | %dir /etc/pam.d |
425 | %dir /etc/security/console.apps | |
426 | %dir /etc/security/console.perms.d | |
427 | %dir /var/run/console | |
3c20be82 | 428 | %{systemdtmpfilesdir}/%{name}.conf |
b81508df | 429 | %config(noreplace) %verify(not md5 mtime size) /etc/environment |
b2c6cf13 ER |
430 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other |
431 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth | |
7f8ab60d | 432 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util |
b2c6cf13 | 433 | %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf |
b43d0a9b | 434 | %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist |
b81508df JR |
435 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers |
436 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms | |
b2c6cf13 ER |
437 | %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf |
438 | %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf | |
b81508df JR |
439 | %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf |
440 | %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init | |
441 | %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf | |
b2c6cf13 | 442 | %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf |
e6a1f162 ER |
443 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram |
444 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.en | |
e8c63aa7 | 445 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.de |
698e82b0 | 446 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.dk |
e8c63aa7 ER |
447 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.es |
448 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.fi | |
449 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.it | |
450 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.ja | |
451 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.no | |
452 | %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.pl | |
e6a1f162 | 453 | %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms.d/50-default.perms |
b2c6cf13 | 454 | %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd |
fe9df33a | 455 | %attr(755,root,root) %{_bindir}/pam_pwgen |
57fed07b | 456 | %attr(755,root,root) %{_sbindir}/mkhomedir_helper |
7f8ab60d | 457 | %attr(755,root,root) %{_sbindir}/pam_console_apply |
fe9df33a | 458 | %attr(755,root,root) %{_sbindir}/pam_tally |
7f8ab60d JR |
459 | %attr(755,root,root) %{_sbindir}/pam_tally2 |
460 | %attr(755,root,root) %{_sbindir}/pam_timestamp_check | |
fe9df33a | 461 | %attr(755,root,root) %{_sbindir}/pwgen_trigram |
57fed07b JR |
462 | %attr(4755,root,root) %{_sbindir}/unix_chkpwd |
463 | %attr(4755,root,root) %{_sbindir}/unix_update | |
b378d3bb JB |
464 | %{_mandir}/man5/access.conf.5* |
465 | %{_mandir}/man5/config-util.5* | |
466 | %{_mandir}/man5/console.apps.5* | |
467 | %{_mandir}/man5/console.handlers.5* | |
468 | %{_mandir}/man5/console.perms.5* | |
469 | %{_mandir}/man5/group.conf.5* | |
470 | %{_mandir}/man5/limits.conf.5* | |
471 | %{_mandir}/man5/namespace.conf.5* | |
472 | %{_mandir}/man5/pam.conf.5* | |
473 | %{_mandir}/man5/pam.d.5* | |
474 | %{_mandir}/man5/pam_env.conf.5* | |
475 | %{_mandir}/man5/system-auth.5* | |
476 | %{_mandir}/man5/time.conf.5* | |
477 | %{_mandir}/man8/PAM.8* | |
57fed07b | 478 | %{_mandir}/man8/mkhomedir_helper.8* |
b378d3bb JB |
479 | %{_mandir}/man8/pam.8* |
480 | %{_mandir}/man8/pam_*.8* | |
481 | %{_mandir}/man8/unix_chkpwd.8* | |
482 | %{_mandir}/man8/unix_update.8* | |
24c8c941 | 483 | %if %{with selinux} |
db255670 | 484 | %exclude %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 485 | %exclude %{_mandir}/man8/pam_sepermit.8* |
81eb0561 | 486 | %endif |
e5de221b | 487 | %exclude %{_mandir}/man8/pam_userdb.8* |
c9ad1aae | 488 | %ghost %verify(not md5 mtime size) /var/log/tallylog |
fe9df33a | 489 | |
25846ece | 490 | # PAM modules |
3bc02d41 JB |
491 | %attr(755,root,root) /%{_lib}/security/pam_access.so |
492 | %attr(755,root,root) /%{_lib}/security/pam_console.so | |
493 | %attr(755,root,root) /%{_lib}/security/pam_cracklib.so | |
494 | %attr(755,root,root) /%{_lib}/security/pam_debug.so | |
495 | %attr(755,root,root) /%{_lib}/security/pam_deny.so | |
7f8ab60d | 496 | %attr(755,root,root) /%{_lib}/security/pam_echo.so |
3bc02d41 | 497 | %attr(755,root,root) /%{_lib}/security/pam_env.so |
7f8ab60d JR |
498 | %attr(755,root,root) /%{_lib}/security/pam_exec.so |
499 | %attr(755,root,root) /%{_lib}/security/pam_faildelay.so | |
3bc02d41 | 500 | %attr(755,root,root) /%{_lib}/security/pam_filter.so |
7f8ab60d | 501 | %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER |
3bc02d41 JB |
502 | %attr(755,root,root) /%{_lib}/security/pam_ftp.so |
503 | %attr(755,root,root) /%{_lib}/security/pam_group.so | |
3bc02d41 | 504 | %attr(755,root,root) /%{_lib}/security/pam_issue.so |
7f8ab60d | 505 | %attr(755,root,root) /%{_lib}/security/pam_keyinit.so |
3bc02d41 JB |
506 | %attr(755,root,root) /%{_lib}/security/pam_lastlog.so |
507 | %attr(755,root,root) /%{_lib}/security/pam_limits.so | |
508 | %attr(755,root,root) /%{_lib}/security/pam_listfile.so | |
e1e49c86 | 509 | %attr(755,root,root) /%{_lib}/security/pam_localuser.so |
7f8ab60d | 510 | %attr(755,root,root) /%{_lib}/security/pam_loginuid.so |
3bc02d41 | 511 | %attr(755,root,root) /%{_lib}/security/pam_mail.so |
7f8ab60d | 512 | %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so |
3bc02d41 | 513 | %attr(755,root,root) /%{_lib}/security/pam_motd.so |
b81508df | 514 | %attr(755,root,root) /%{_lib}/security/pam_namespace.so |
3bc02d41 JB |
515 | %attr(755,root,root) /%{_lib}/security/pam_nologin.so |
516 | %attr(755,root,root) /%{_lib}/security/pam_permit.so | |
7f8ab60d | 517 | %attr(755,root,root) /%{_lib}/security/pam_pwexport.so |
3bc02d41 | 518 | %attr(755,root,root) /%{_lib}/security/pam_pwgen.so |
57fed07b | 519 | %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so |
3bc02d41 JB |
520 | %attr(755,root,root) /%{_lib}/security/pam_rhosts.so |
521 | %attr(755,root,root) /%{_lib}/security/pam_rootok.so | |
7f8ab60d | 522 | %attr(755,root,root) /%{_lib}/security/pam_rps.so |
3bc02d41 JB |
523 | %attr(755,root,root) /%{_lib}/security/pam_securetty.so |
524 | %attr(755,root,root) /%{_lib}/security/pam_shells.so | |
525 | %attr(755,root,root) /%{_lib}/security/pam_stress.so | |
e1e49c86 | 526 | %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so |
7f8ab60d | 527 | %attr(755,root,root) /%{_lib}/security/pam_tally2.so |
3bc02d41 JB |
528 | %attr(755,root,root) /%{_lib}/security/pam_tally.so |
529 | %attr(755,root,root) /%{_lib}/security/pam_time.so | |
7f8ab60d | 530 | %attr(755,root,root) /%{_lib}/security/pam_timestamp.so |
6d7d9335 | 531 | %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so} |
7f8ab60d | 532 | %attr(755,root,root) /%{_lib}/security/pam_umask.so |
3bc02d41 | 533 | %attr(755,root,root) /%{_lib}/security/pam_unix.so |
3bc02d41 JB |
534 | %attr(755,root,root) /%{_lib}/security/pam_warn.so |
535 | %attr(755,root,root) /%{_lib}/security/pam_wheel.so | |
536 | %attr(755,root,root) /%{_lib}/security/pam_xauth.so | |
f0f219ac | 537 | |
25846ece ER |
538 | %files libs |
539 | %defattr(644,root,root,755) | |
540 | %dir /%{_lib}/security/pam_filter | |
541 | %attr(755,root,root) /%{_lib}/libpam.so.*.*.* | |
542 | %attr(755,root,root) %ghost /%{_lib}/libpam.so.0 | |
543 | %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.* | |
544 | %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0 | |
545 | %attr(755,root,root) /%{_lib}/libpamc.so.*.*.* | |
546 | %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0 | |
547 | ||
f0f219ac | 548 | %files devel |
abb00f9e | 549 | %defattr(644,root,root,755) |
964f5d32 | 550 | %if %{with doc} |
a738676c | 551 | %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html |
964f5d32 | 552 | %endif |
a738676c JB |
553 | %attr(755,root,root) %{_libdir}/libpam.so |
554 | %attr(755,root,root) %{_libdir}/libpam_misc.so | |
555 | %attr(755,root,root) %{_libdir}/libpamc.so | |
556 | %{_libdir}/libpam.la | |
557 | %{_libdir}/libpam_misc.la | |
558 | %{_libdir}/libpamc.la | |
559 | %{_includedir}/security/_pam_*.h | |
560 | %{_includedir}/security/pam*.h | |
561 | %{_mandir}/man3/misc_conv.3* | |
562 | %{_mandir}/man3/pam*.3* | |
e523043b | 563 | |
ac46f43b | 564 | %files static |
051aeb4a | 565 | %defattr(644,root,root,755) |
98b63014 JR |
566 | %{_libdir}/libpam.a |
567 | %{_libdir}/libpamc.a | |
568 | %{_libdir}/libpam_misc.a | |
7c2f893c | 569 | |
1fbc0597 JR |
570 | %if %{with selinux} |
571 | %files pam_selinux | |
572 | %defattr(644,root,root,755) | |
1fbc0597 | 573 | %attr(755,root,root) /%{_lib}/security/pam_selinux.so |
85c2b5f9 | 574 | %attr(755,root,root) /%{_lib}/security/pam_sepermit.so |
1fbc0597 | 575 | %attr(755,root,root) %{_sbindir}/pam_selinux_check |
c9ad1aae ER |
576 | %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check |
577 | %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf | |
b378d3bb | 578 | %{_mandir}/man5/sepermit.conf.5* |
1fbc0597 | 579 | %{_mandir}/man8/pam_selinux*.8* |
b378d3bb | 580 | %{_mandir}/man8/pam_sepermit.8* |
52c22c8a | 581 | %dir /var/run/sepermit |
1fbc0597 | 582 | %endif |
e5de221b ER |
583 | |
584 | %files pam_userdb | |
585 | %defattr(644,root,root,755) | |
586 | %doc modules/pam_userdb/README | |
587 | %attr(755,root,root) /%{_lib}/security/pam_userdb.so | |
588 | %{_mandir}/man8/pam_userdb.8* |