PR#18: Add macros file to allow other packages to stop hardcoding directory names - rpms/pam

rpms / pam

#18 Add macros file to allow other packages to stop hardcoding directory names

Merged 2 years ago by besser82. Opened 2 years ago by ipedrosa.

rpms/ ipedrosa/pam pam_macros into rawhide

Add macros file to allow other packages to stop hardcoding directory names

Iker Pedrosa • 2 years ago

06d409f

macros.pam

file added

		`@@ -0,0 +1,5 @@`
		`+ %_pam_libdir %{_libdir}`
		`+ %_pam_moduledir %{_libdir}/security`
		`+ %_pam_secconfdir %{_sysconfdir}/security`
		`+ %_pam_confdir %{_sysconfdir}/pam.d`
		`+ %_pam_vendordir %{_datadir}/pam.d`

pam.spec

file modified

+118 -115

		`@@ -3,7 +3,7 @@`
		`Summary: An extensible library which provides authentication for applications`
		`Name: pam`
		`Version: 1.5.1`
		`- Release: 8%{?dist}`
		`+ Release: 9%{?dist}`
		`# The library is BSD licensed with option to relicense as GPLv2+`
		`# - this option is redundant as the BSD license allows that anyway.`
		`# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.`
		`@@ -11,6 +11,7 @@`
		`Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz`
		`Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz.asc`
		`Source2: https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2`
		`+ Source3: macros.%{name}`
		`Source5: other.pamd`
		`Source6: system-auth.pamd`
		`Source7: password-auth.pamd`
		`@@ -32,13 +33,7 @@`
		`# https://github.com/linux-pam/linux-pam/commit/ec0e724fe53188c5c762c34ca9db6681c0de01b8`
		`Patch5: pam-1.5.1-pam_filter_close_file_after_controlling_tty.patch`

		`-`
		`- %global _pamlibdir %{_libdir}`
		`- %global _moduledir %{_libdir}/security`
		`- %global _secconfdir %{_sysconfdir}/security`
		`- %global _pamconfdir %{_sysconfdir}/pam.d`
		`- %global _pamvendordir %{_datadir}/pam.d`
		`- %global _systemdlibdir /usr/lib/systemd/system`
		`+ %{load:%{SOURCE3}}`

		`%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}`
		`%global WITH_SELINUX 1`
		`@@ -72,6 +67,7 @@`
		`BuildRequires: linuxdoc-tools, elinks, libxslt`
		`BuildRequires: docbook-style-xsl, docbook-dtds`
		`BuildRequires: gcc`
		`+ BuildRequires: systemd`

		`URL: http://www.linux-pam.org/`

		`@@ -123,7 +119,7 @@`
		`%build`
		`%configure \`
		`--disable-rpath \`
		`- --libdir=%{_pamlibdir} \`
		`+ --libdir=%{_pam_libdir} \`
		`--includedir=%{_includedir}/security \`
		`--enable-vendordir=%{_datadir} \`
		`%if ! %{WITH_SELINUX}`
		`@@ -144,12 +140,15 @@`
		cp -f ${readme} doc/txts/README.`dirname ${readme} \| sed -e 's\|^modules/\|\|'`
		`done`

		`+ # Install the macros file`
		`+ install -D -m 644 %{SOURCE3} %{buildroot}%{_rpmconfigdir}/macros.d/macros.%{name}`
		`+`
		`# Install the binaries, libraries, and modules.`
		`make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:`

		`%if %{WITH_SELINUX}`
		`# Temporary compat link`
		`- ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_moduledir}/pam_selinux_permit.so`
		`+ ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_selinux_permit.so`
		`%endif`

		`# RPM uses docs from source tree`
		`@@ -158,16 +157,16 @@`
		`rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment`

		`# Install default configuration files.`
		`- install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}`
		`- install -d -m 755 $RPM_BUILD_ROOT%{_pamvendordir}`
		`- install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other`
		`- install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth`
		`- install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth`
		`- install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth`
		`- install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth`
		`- install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util`
		`- install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin`
		`- install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd`
		`+ install -d -m 755 $RPM_BUILD_ROOT%{_pam_confdir}`
		`+ install -d -m 755 $RPM_BUILD_ROOT%{_pam_vendordir}`
		`+ install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pam_confdir}/other`
		`+ install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pam_confdir}/system-auth`
		`+ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pam_confdir}/password-auth`
		`+ install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pam_confdir}/fingerprint-auth`
		`+ install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pam_confdir}/smartcard-auth`
		`+ install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pam_confdir}/config-util`
		`+ install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pam_confdir}/postlogin`
		`+ install -m 600 /dev/null $RPM_BUILD_ROOT%{_pam_secconfdir}/opasswd`
		`install -d -m 755 $RPM_BUILD_ROOT/var/log`
		`install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock`
		`install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/motd.d`
		`@@ -182,23 +181,23 @@`


		`for phase in auth acct passwd session ; do`
		`- ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so`
		`+ ln -sf pam_unix.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_unix_${phase}.so`
		`done`

		`# Remove .la files and make new .so links -- this depends on the value`
		`# of _libdir not changing, and not being /usr/lib.`
		`for lib in libpam libpamc libpam_misc ; do`
		`- rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.la`
		`+ rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.la`
		`done`
		`- rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la`
		`+ rm -f $RPM_BUILD_ROOT%{_pam_moduledir}/*.la`

		`- %if "%{_pamlibdir}" != "%{_libdir}"`
		`+ %if "%{_pam_libdir}" != "%{_libdir}"`
		`install -d -m 755 $RPM_BUILD_ROOT%{_libdir}`
		`for lib in libpam libpamc libpam_misc ; do`
		`pushd $RPM_BUILD_ROOT%{_libdir}`
		`- ln -sf %{_pamlibdir}/${lib}.so.. ${lib}.so`
		`+ ln -sf %{_pam_libdir}/${lib}.so.. ${lib}.so`
		`popd`
		`- rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.so`
		`+ rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.so`
		`done`
		`%endif`

		`@@ -221,7 +220,7 @@`
		`%if ! %{WITH_AUDIT}`
		`[ ${dir} = "modules/pam_tty_audit" ] && continue`
		`%endif`
		- if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
		+ if ! ls -1 $RPM_BUILD_ROOT%{_pam_moduledir}/`basename ${dir}`*.so ; then
		echo ERROR `basename ${dir}` did not build a module.
		`exit 1`
		`fi`
		`@@ -230,9 +229,9 @@`

		`# Check for module problems. Specifically, check that every module we just`
		`# installed can actually be loaded by a minimal PAM-aware application.`
		`- /sbin/ldconfig -n $RPM_BUILD_ROOT%{_pamlibdir}`
		`- for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do`
		`- if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pamlibdir} \`
		`+ /sbin/ldconfig -n $RPM_BUILD_ROOT%{_pam_libdir}`
		`+ for module in $RPM_BUILD_ROOT%{_pam_moduledir}/pam*.so ; do`
		`+ if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pam_libdir} \`
		`%{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT%{_libdir} ${module} ; then`
		`echo ERROR module: ${module} cannot be loaded.`
		`exit 1`
		`@@ -242,21 +241,22 @@`
		`%ldconfig_scriptlets`

		`%files -f Linux-PAM.lang`
		`- %dir %{_pamconfdir}`
		`- %dir %{_pamvendordir}`
		`- %config(noreplace) %{_pamconfdir}/other`
		`- %config(noreplace) %{_pamconfdir}/system-auth`
		`- %config(noreplace) %{_pamconfdir}/password-auth`
		`- %config(noreplace) %{_pamconfdir}/fingerprint-auth`
		`- %config(noreplace) %{_pamconfdir}/smartcard-auth`
		`- %config(noreplace) %{_pamconfdir}/config-util`
		`- %config(noreplace) %{_pamconfdir}/postlogin`
		`+ %dir %{_pam_confdir}`
		`+ %dir %{_pam_vendordir}`
		`+ %config(noreplace) %{_pam_confdir}/other`
		`+ %config(noreplace) %{_pam_confdir}/system-auth`
		`+ %config(noreplace) %{_pam_confdir}/password-auth`
		`+ %config(noreplace) %{_pam_confdir}/fingerprint-auth`
		`+ %config(noreplace) %{_pam_confdir}/smartcard-auth`
		`+ %config(noreplace) %{_pam_confdir}/config-util`
		`+ %config(noreplace) %{_pam_confdir}/postlogin`
		`+ %{_rpmconfigdir}/macros.d/macros.%{name}`
besser82 commented 2 years ago From my POV the macros file should be located in the pam-devel package, as there is no need for it for run-time. Besides that, LGTM.
		`%{!?_licensedir:%global license %%doc}`
		`%license Copyright`
		`%license gpl-2.0.txt`
		`- %{_pamlibdir}/libpam.so.*`
		`- %{_pamlibdir}/libpamc.so.*`
		`- %{_pamlibdir}/libpam_misc.so.*`
		`+ %{_pam_libdir}/libpam.so.*`
		`+ %{_pam_libdir}/libpamc.so.*`
		`+ %{_pam_libdir}/libpam_misc.so.*`
		`%{_sbindir}/pam_console_apply`
		`%{_sbindir}/pam_namespace_helper`
		`%{_sbindir}/faillock`
		`@@ -265,85 +265,85 @@`
		`%attr(0700,root,root) %{_sbindir}/unix_update`
		`%attr(0755,root,root) %{_sbindir}/mkhomedir_helper`
		`%attr(0755,root,root) %{_sbindir}/pwhistory_helper`
		`- %dir %{_moduledir}`
		`- %{_moduledir}/pam_access.so`
		`- %{_moduledir}/pam_chroot.so`
		`- %{_moduledir}/pam_console.so`
		`- %{_moduledir}/pam_debug.so`
		`- %{_moduledir}/pam_deny.so`
		`- %{_moduledir}/pam_echo.so`
		`- %{_moduledir}/pam_env.so`
		`- %{_moduledir}/pam_exec.so`
		`- %{_moduledir}/pam_faildelay.so`
		`- %{_moduledir}/pam_faillock.so`
		`- %{_moduledir}/pam_filter.so`
		`- %{_moduledir}/pam_ftp.so`
		`- %{_moduledir}/pam_group.so`
		`- %{_moduledir}/pam_issue.so`
		`- %{_moduledir}/pam_keyinit.so`
		`- %{_moduledir}/pam_lastlog.so`
		`- %{_moduledir}/pam_limits.so`
		`- %{_moduledir}/pam_listfile.so`
		`- %{_moduledir}/pam_localuser.so`
		`- %{_moduledir}/pam_loginuid.so`
		`- %{_moduledir}/pam_mail.so`
		`- %{_moduledir}/pam_mkhomedir.so`
		`- %{_moduledir}/pam_motd.so`
		`- %{_moduledir}/pam_namespace.so`
		`- %{_moduledir}/pam_nologin.so`
		`- %{_moduledir}/pam_permit.so`
		`- %{_moduledir}/pam_postgresok.so`
		`- %{_moduledir}/pam_pwhistory.so`
		`- %{_moduledir}/pam_rhosts.so`
		`- %{_moduledir}/pam_rootok.so`
		`+ %dir %{_pam_moduledir}`
		`+ %{_pam_moduledir}/pam_access.so`
		`+ %{_pam_moduledir}/pam_chroot.so`
		`+ %{_pam_moduledir}/pam_console.so`
		`+ %{_pam_moduledir}/pam_debug.so`
		`+ %{_pam_moduledir}/pam_deny.so`
		`+ %{_pam_moduledir}/pam_echo.so`
		`+ %{_pam_moduledir}/pam_env.so`
		`+ %{_pam_moduledir}/pam_exec.so`
		`+ %{_pam_moduledir}/pam_faildelay.so`
		`+ %{_pam_moduledir}/pam_faillock.so`
		`+ %{_pam_moduledir}/pam_filter.so`
		`+ %{_pam_moduledir}/pam_ftp.so`
		`+ %{_pam_moduledir}/pam_group.so`
		`+ %{_pam_moduledir}/pam_issue.so`
		`+ %{_pam_moduledir}/pam_keyinit.so`
		`+ %{_pam_moduledir}/pam_lastlog.so`
		`+ %{_pam_moduledir}/pam_limits.so`
		`+ %{_pam_moduledir}/pam_listfile.so`
		`+ %{_pam_moduledir}/pam_localuser.so`
		`+ %{_pam_moduledir}/pam_loginuid.so`
		`+ %{_pam_moduledir}/pam_mail.so`
		`+ %{_pam_moduledir}/pam_mkhomedir.so`
		`+ %{_pam_moduledir}/pam_motd.so`
		`+ %{_pam_moduledir}/pam_namespace.so`
		`+ %{_pam_moduledir}/pam_nologin.so`
		`+ %{_pam_moduledir}/pam_permit.so`
		`+ %{_pam_moduledir}/pam_postgresok.so`
		`+ %{_pam_moduledir}/pam_pwhistory.so`
		`+ %{_pam_moduledir}/pam_rhosts.so`
		`+ %{_pam_moduledir}/pam_rootok.so`
		`%if %{WITH_SELINUX}`
		`- %{_moduledir}/pam_selinux.so`
		`- %{_moduledir}/pam_selinux_permit.so`
		`- %{_moduledir}/pam_sepermit.so`
		`+ %{_pam_moduledir}/pam_selinux.so`
		`+ %{_pam_moduledir}/pam_selinux_permit.so`
		`+ %{_pam_moduledir}/pam_sepermit.so`
		`%endif`
		`- %{_moduledir}/pam_securetty.so`
		`- %{_moduledir}/pam_setquota.so`
		`- %{_moduledir}/pam_shells.so`
		`- %{_moduledir}/pam_stress.so`
		`- %{_moduledir}/pam_succeed_if.so`
		`- %{_moduledir}/pam_time.so`
		`- %{_moduledir}/pam_timestamp.so`
		`+ %{_pam_moduledir}/pam_securetty.so`
		`+ %{_pam_moduledir}/pam_setquota.so`
		`+ %{_pam_moduledir}/pam_shells.so`
		`+ %{_pam_moduledir}/pam_stress.so`
		`+ %{_pam_moduledir}/pam_succeed_if.so`
		`+ %{_pam_moduledir}/pam_time.so`
		`+ %{_pam_moduledir}/pam_timestamp.so`
		`%if %{WITH_AUDIT}`
		`- %{_moduledir}/pam_tty_audit.so`
		`+ %{_pam_moduledir}/pam_tty_audit.so`
		`%endif`
		`- %{_moduledir}/pam_umask.so`
		`- %{_moduledir}/pam_unix.so`
		`- %{_moduledir}/pam_unix_acct.so`
		`- %{_moduledir}/pam_unix_auth.so`
		`- %{_moduledir}/pam_unix_passwd.so`
		`- %{_moduledir}/pam_unix_session.so`
		`- %{_moduledir}/pam_userdb.so`
		`- %{_moduledir}/pam_usertype.so`
		`- %{_moduledir}/pam_warn.so`
		`- %{_moduledir}/pam_wheel.so`
		`- %{_moduledir}/pam_xauth.so`
		`- %{_moduledir}/pam_filter`
		`- %{_systemdlibdir}/pam_namespace.service`
		`- %dir %{_secconfdir}`
		`- %config(noreplace) %{_secconfdir}/access.conf`
		`- %config(noreplace) %{_secconfdir}/chroot.conf`
		`- %config %{_secconfdir}/console.perms`
		`- %config(noreplace) %{_secconfdir}/console.handlers`
		`- %config(noreplace) %{_secconfdir}/faillock.conf`
		`- %config(noreplace) %{_secconfdir}/group.conf`
		`- %config(noreplace) %{_secconfdir}/limits.conf`
		`- %dir %{_secconfdir}/limits.d`
		`- %config(noreplace) %{_secconfdir}/namespace.conf`
		`- %dir %{_secconfdir}/namespace.d`
		`- %attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init`
		`- %config(noreplace) %{_secconfdir}/pam_env.conf`
		`- %config(noreplace) %{_secconfdir}/time.conf`
		`- %config(noreplace) %{_secconfdir}/opasswd`
		`- %dir %{_secconfdir}/console.apps`
		`- %dir %{_secconfdir}/console.perms.d`
		`+ %{_pam_moduledir}/pam_umask.so`
		`+ %{_pam_moduledir}/pam_unix.so`
		`+ %{_pam_moduledir}/pam_unix_acct.so`
		`+ %{_pam_moduledir}/pam_unix_auth.so`
		`+ %{_pam_moduledir}/pam_unix_passwd.so`
		`+ %{_pam_moduledir}/pam_unix_session.so`
		`+ %{_pam_moduledir}/pam_userdb.so`
		`+ %{_pam_moduledir}/pam_usertype.so`
		`+ %{_pam_moduledir}/pam_warn.so`
		`+ %{_pam_moduledir}/pam_wheel.so`
		`+ %{_pam_moduledir}/pam_xauth.so`
		`+ %{_pam_moduledir}/pam_filter`
		`+ %{_unitdir}/pam_namespace.service`
		`+ %dir %{_pam_secconfdir}`
		`+ %config(noreplace) %{_pam_secconfdir}/access.conf`
		`+ %config(noreplace) %{_pam_secconfdir}/chroot.conf`
		`+ %config %{_pam_secconfdir}/console.perms`
		`+ %config(noreplace) %{_pam_secconfdir}/console.handlers`
		`+ %config(noreplace) %{_pam_secconfdir}/faillock.conf`
		`+ %config(noreplace) %{_pam_secconfdir}/group.conf`
		`+ %config(noreplace) %{_pam_secconfdir}/limits.conf`
		`+ %dir %{_pam_secconfdir}/limits.d`
		`+ %config(noreplace) %{_pam_secconfdir}/namespace.conf`
		`+ %dir %{_pam_secconfdir}/namespace.d`
		`+ %attr(755,root,root) %config(noreplace) %{_pam_secconfdir}/namespace.init`
		`+ %config(noreplace) %{_pam_secconfdir}/pam_env.conf`
		`+ %config(noreplace) %{_pam_secconfdir}/time.conf`
		`+ %config(noreplace) %{_pam_secconfdir}/opasswd`
		`+ %dir %{_pam_secconfdir}/console.apps`
		`+ %dir %{_pam_secconfdir}/console.perms.d`
		`%dir /var/run/console`
		`%if %{WITH_SELINUX}`
		`- %config(noreplace) %{_secconfdir}/sepermit.conf`
		`+ %config(noreplace) %{_pam_secconfdir}/sepermit.conf`
		`%dir /var/run/sepermit`
		`%endif`
		`%dir /var/run/faillock`
		`@@ -384,6 +384,9 @@`
		`exit 0`

		`%changelog`
		`+ * Thu Jul 22 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-9`
		`+ - Add macros file to allow other packages to stop hardcoding directory names`
		`+`
		`* Fri Jul 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-8`
		`- Fix issues detected by covscan tool`

ipedrosa commented 2 years ago

Change agreed with SUSE engineer to provide a macros file to allow other packages to stop hardcoding directory names. openSUSE already has merged this changes.

ipedrosa commented 2 years ago

@besser82 can you take a look at it?

besser82 commented on line 168 of pam.spec 2 years ago

From my POV the macros file should be located in the pam-devel package, as there is no need for it for run-time. Besides that, LGTM.

zuul commented 2 years ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

check-for-arches : SUCCESS in 1m 23s
rpm-scratch-build : SUCCESS in 11m 45s
rpm-scratch-build-s390x : SKIPPED (non-voting)
rpm-scratch-build-ppc64le : SKIPPED (non-voting)
rpm-scratch-build-i686 : SKIPPED (non-voting)
rpm-scratch-build-armv7hl : SKIPPED (non-voting)
rpm-scratch-build-aarch64 : SKIPPED (non-voting)
rpm-linter : FAILURE in 3m 43s
rpm-rpminspect : FAILURE in 6m 15s (non-voting)
check-for-tests : SUCCESS in 1m 35s
check-for-fmf-tests : SUCCESS in 48s
rpm-install-test : SKIPPED
rpm-test : FAILURE in 5m 55s
rpm-tmt-test : SKIPPED

tmraz commented 2 years ago

I'd keep the macros in the main pam package as it should be always present when pam is installed. IMO the macros can be used even by packages that do not necessarily need pam-devel to build.

tmraz commented 2 years ago

So LGTM

besser82 commented 2 years ago

I'd keep the macros in the main pam package as it should be always present when pam is installed. IMO the macros can be used even by packages that do not necessarily need pam-devel to build.

Okay, that's a rationale. Fine to merge, then.

Pull-Request has been merged by besser82

2 years ago

besser82 commented 2 years ago

Built into f35-rebuild: https://koji.fedoraproject.org/koji/taskinfo?taskID=72402681, so the build will be picked up for the mass-rebuild without another bump.

Edited 2 years ago by besser82

ipedrosa commented 2 years ago

Thank you for the reviews and the merge.

besser82 commented 2 years ago

You're welcome! =)