| |
@@ -3,7 +3,7 @@
|
| |
Summary: An extensible library which provides authentication for applications
|
| |
Name: pam
|
| |
Version: 1.5.1
|
| |
- Release: 8%{?dist}
|
| |
+ Release: 9%{?dist}
|
| |
# The library is BSD licensed with option to relicense as GPLv2+
|
| |
# - this option is redundant as the BSD license allows that anyway.
|
| |
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
| |
@@ -11,6 +11,7 @@
|
| |
Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
|
| |
Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz.asc
|
| |
Source2: https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
|
| |
+ Source3: macros.%{name}
|
| |
Source5: other.pamd
|
| |
Source6: system-auth.pamd
|
| |
Source7: password-auth.pamd
|
| |
@@ -32,13 +33,7 @@
|
| |
# https://github.com/linux-pam/linux-pam/commit/ec0e724fe53188c5c762c34ca9db6681c0de01b8
|
| |
Patch5: pam-1.5.1-pam_filter_close_file_after_controlling_tty.patch
|
| |
|
| |
-
|
| |
- %global _pamlibdir %{_libdir}
|
| |
- %global _moduledir %{_libdir}/security
|
| |
- %global _secconfdir %{_sysconfdir}/security
|
| |
- %global _pamconfdir %{_sysconfdir}/pam.d
|
| |
- %global _pamvendordir %{_datadir}/pam.d
|
| |
- %global _systemdlibdir /usr/lib/systemd/system
|
| |
+ %{load:%{SOURCE3}}
|
| |
|
| |
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
|
| |
%global WITH_SELINUX 1
|
| |
@@ -72,6 +67,7 @@
|
| |
BuildRequires: linuxdoc-tools, elinks, libxslt
|
| |
BuildRequires: docbook-style-xsl, docbook-dtds
|
| |
BuildRequires: gcc
|
| |
+ BuildRequires: systemd
|
| |
|
| |
URL: http://www.linux-pam.org/
|
| |
|
| |
@@ -123,7 +119,7 @@
|
| |
%build
|
| |
%configure \
|
| |
--disable-rpath \
|
| |
- --libdir=%{_pamlibdir} \
|
| |
+ --libdir=%{_pam_libdir} \
|
| |
--includedir=%{_includedir}/security \
|
| |
--enable-vendordir=%{_datadir} \
|
| |
%if ! %{WITH_SELINUX}
|
| |
@@ -144,12 +140,15 @@
|
| |
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
|
| |
done
|
| |
|
| |
+ # Install the macros file
|
| |
+ install -D -m 644 %{SOURCE3} %{buildroot}%{_rpmconfigdir}/macros.d/macros.%{name}
|
| |
+
|
| |
# Install the binaries, libraries, and modules.
|
| |
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
|
| |
|
| |
%if %{WITH_SELINUX}
|
| |
# Temporary compat link
|
| |
- ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_moduledir}/pam_selinux_permit.so
|
| |
+ ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_selinux_permit.so
|
| |
%endif
|
| |
|
| |
# RPM uses docs from source tree
|
| |
@@ -158,16 +157,16 @@
|
| |
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
|
| |
|
| |
# Install default configuration files.
|
| |
- install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
|
| |
- install -d -m 755 $RPM_BUILD_ROOT%{_pamvendordir}
|
| |
- install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
|
| |
- install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
|
| |
- install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
|
| |
- install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
|
| |
- install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
|
| |
- install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
|
| |
- install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin
|
| |
- install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
|
| |
+ install -d -m 755 $RPM_BUILD_ROOT%{_pam_confdir}
|
| |
+ install -d -m 755 $RPM_BUILD_ROOT%{_pam_vendordir}
|
| |
+ install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pam_confdir}/other
|
| |
+ install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pam_confdir}/system-auth
|
| |
+ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pam_confdir}/password-auth
|
| |
+ install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pam_confdir}/fingerprint-auth
|
| |
+ install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pam_confdir}/smartcard-auth
|
| |
+ install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pam_confdir}/config-util
|
| |
+ install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pam_confdir}/postlogin
|
| |
+ install -m 600 /dev/null $RPM_BUILD_ROOT%{_pam_secconfdir}/opasswd
|
| |
install -d -m 755 $RPM_BUILD_ROOT/var/log
|
| |
install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock
|
| |
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/motd.d
|
| |
@@ -182,23 +181,23 @@
|
| |
|
| |
|
| |
for phase in auth acct passwd session ; do
|
| |
- ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so
|
| |
+ ln -sf pam_unix.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_unix_${phase}.so
|
| |
done
|
| |
|
| |
# Remove .la files and make new .so links -- this depends on the value
|
| |
# of _libdir not changing, and *not* being /usr/lib.
|
| |
for lib in libpam libpamc libpam_misc ; do
|
| |
- rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.la
|
| |
+ rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.la
|
| |
done
|
| |
- rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la
|
| |
+ rm -f $RPM_BUILD_ROOT%{_pam_moduledir}/*.la
|
| |
|
| |
- %if "%{_pamlibdir}" != "%{_libdir}"
|
| |
+ %if "%{_pam_libdir}" != "%{_libdir}"
|
| |
install -d -m 755 $RPM_BUILD_ROOT%{_libdir}
|
| |
for lib in libpam libpamc libpam_misc ; do
|
| |
pushd $RPM_BUILD_ROOT%{_libdir}
|
| |
- ln -sf %{_pamlibdir}/${lib}.so.*.* ${lib}.so
|
| |
+ ln -sf %{_pam_libdir}/${lib}.so.*.* ${lib}.so
|
| |
popd
|
| |
- rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.so
|
| |
+ rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.so
|
| |
done
|
| |
%endif
|
| |
|
| |
@@ -221,7 +220,7 @@
|
| |
%if ! %{WITH_AUDIT}
|
| |
[ ${dir} = "modules/pam_tty_audit" ] && continue
|
| |
%endif
|
| |
- if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then
|
| |
+ if ! ls -1 $RPM_BUILD_ROOT%{_pam_moduledir}/`basename ${dir}`*.so ; then
|
| |
echo ERROR `basename ${dir}` did not build a module.
|
| |
exit 1
|
| |
fi
|
| |
@@ -230,9 +229,9 @@
|
| |
|
| |
# Check for module problems. Specifically, check that every module we just
|
| |
# installed can actually be loaded by a minimal PAM-aware application.
|
| |
- /sbin/ldconfig -n $RPM_BUILD_ROOT%{_pamlibdir}
|
| |
- for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
|
| |
- if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pamlibdir} \
|
| |
+ /sbin/ldconfig -n $RPM_BUILD_ROOT%{_pam_libdir}
|
| |
+ for module in $RPM_BUILD_ROOT%{_pam_moduledir}/pam*.so ; do
|
| |
+ if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pam_libdir} \
|
| |
%{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT%{_libdir} ${module} ; then
|
| |
echo ERROR module: ${module} cannot be loaded.
|
| |
exit 1
|
| |
@@ -242,21 +241,22 @@
|
| |
%ldconfig_scriptlets
|
| |
|
| |
%files -f Linux-PAM.lang
|
| |
- %dir %{_pamconfdir}
|
| |
- %dir %{_pamvendordir}
|
| |
- %config(noreplace) %{_pamconfdir}/other
|
| |
- %config(noreplace) %{_pamconfdir}/system-auth
|
| |
- %config(noreplace) %{_pamconfdir}/password-auth
|
| |
- %config(noreplace) %{_pamconfdir}/fingerprint-auth
|
| |
- %config(noreplace) %{_pamconfdir}/smartcard-auth
|
| |
- %config(noreplace) %{_pamconfdir}/config-util
|
| |
- %config(noreplace) %{_pamconfdir}/postlogin
|
| |
+ %dir %{_pam_confdir}
|
| |
+ %dir %{_pam_vendordir}
|
| |
+ %config(noreplace) %{_pam_confdir}/other
|
| |
+ %config(noreplace) %{_pam_confdir}/system-auth
|
| |
+ %config(noreplace) %{_pam_confdir}/password-auth
|
| |
+ %config(noreplace) %{_pam_confdir}/fingerprint-auth
|
| |
+ %config(noreplace) %{_pam_confdir}/smartcard-auth
|
| |
+ %config(noreplace) %{_pam_confdir}/config-util
|
| |
+ %config(noreplace) %{_pam_confdir}/postlogin
|
| |
+ %{_rpmconfigdir}/macros.d/macros.%{name}
|
| |
%{!?_licensedir:%global license %%doc}
|
| |
%license Copyright
|
| |
%license gpl-2.0.txt
|
| |
- %{_pamlibdir}/libpam.so.*
|
| |
- %{_pamlibdir}/libpamc.so.*
|
| |
- %{_pamlibdir}/libpam_misc.so.*
|
| |
+ %{_pam_libdir}/libpam.so.*
|
| |
+ %{_pam_libdir}/libpamc.so.*
|
| |
+ %{_pam_libdir}/libpam_misc.so.*
|
| |
%{_sbindir}/pam_console_apply
|
| |
%{_sbindir}/pam_namespace_helper
|
| |
%{_sbindir}/faillock
|
| |
@@ -265,85 +265,85 @@
|
| |
%attr(0700,root,root) %{_sbindir}/unix_update
|
| |
%attr(0755,root,root) %{_sbindir}/mkhomedir_helper
|
| |
%attr(0755,root,root) %{_sbindir}/pwhistory_helper
|
| |
- %dir %{_moduledir}
|
| |
- %{_moduledir}/pam_access.so
|
| |
- %{_moduledir}/pam_chroot.so
|
| |
- %{_moduledir}/pam_console.so
|
| |
- %{_moduledir}/pam_debug.so
|
| |
- %{_moduledir}/pam_deny.so
|
| |
- %{_moduledir}/pam_echo.so
|
| |
- %{_moduledir}/pam_env.so
|
| |
- %{_moduledir}/pam_exec.so
|
| |
- %{_moduledir}/pam_faildelay.so
|
| |
- %{_moduledir}/pam_faillock.so
|
| |
- %{_moduledir}/pam_filter.so
|
| |
- %{_moduledir}/pam_ftp.so
|
| |
- %{_moduledir}/pam_group.so
|
| |
- %{_moduledir}/pam_issue.so
|
| |
- %{_moduledir}/pam_keyinit.so
|
| |
- %{_moduledir}/pam_lastlog.so
|
| |
- %{_moduledir}/pam_limits.so
|
| |
- %{_moduledir}/pam_listfile.so
|
| |
- %{_moduledir}/pam_localuser.so
|
| |
- %{_moduledir}/pam_loginuid.so
|
| |
- %{_moduledir}/pam_mail.so
|
| |
- %{_moduledir}/pam_mkhomedir.so
|
| |
- %{_moduledir}/pam_motd.so
|
| |
- %{_moduledir}/pam_namespace.so
|
| |
- %{_moduledir}/pam_nologin.so
|
| |
- %{_moduledir}/pam_permit.so
|
| |
- %{_moduledir}/pam_postgresok.so
|
| |
- %{_moduledir}/pam_pwhistory.so
|
| |
- %{_moduledir}/pam_rhosts.so
|
| |
- %{_moduledir}/pam_rootok.so
|
| |
+ %dir %{_pam_moduledir}
|
| |
+ %{_pam_moduledir}/pam_access.so
|
| |
+ %{_pam_moduledir}/pam_chroot.so
|
| |
+ %{_pam_moduledir}/pam_console.so
|
| |
+ %{_pam_moduledir}/pam_debug.so
|
| |
+ %{_pam_moduledir}/pam_deny.so
|
| |
+ %{_pam_moduledir}/pam_echo.so
|
| |
+ %{_pam_moduledir}/pam_env.so
|
| |
+ %{_pam_moduledir}/pam_exec.so
|
| |
+ %{_pam_moduledir}/pam_faildelay.so
|
| |
+ %{_pam_moduledir}/pam_faillock.so
|
| |
+ %{_pam_moduledir}/pam_filter.so
|
| |
+ %{_pam_moduledir}/pam_ftp.so
|
| |
+ %{_pam_moduledir}/pam_group.so
|
| |
+ %{_pam_moduledir}/pam_issue.so
|
| |
+ %{_pam_moduledir}/pam_keyinit.so
|
| |
+ %{_pam_moduledir}/pam_lastlog.so
|
| |
+ %{_pam_moduledir}/pam_limits.so
|
| |
+ %{_pam_moduledir}/pam_listfile.so
|
| |
+ %{_pam_moduledir}/pam_localuser.so
|
| |
+ %{_pam_moduledir}/pam_loginuid.so
|
| |
+ %{_pam_moduledir}/pam_mail.so
|
| |
+ %{_pam_moduledir}/pam_mkhomedir.so
|
| |
+ %{_pam_moduledir}/pam_motd.so
|
| |
+ %{_pam_moduledir}/pam_namespace.so
|
| |
+ %{_pam_moduledir}/pam_nologin.so
|
| |
+ %{_pam_moduledir}/pam_permit.so
|
| |
+ %{_pam_moduledir}/pam_postgresok.so
|
| |
+ %{_pam_moduledir}/pam_pwhistory.so
|
| |
+ %{_pam_moduledir}/pam_rhosts.so
|
| |
+ %{_pam_moduledir}/pam_rootok.so
|
| |
%if %{WITH_SELINUX}
|
| |
- %{_moduledir}/pam_selinux.so
|
| |
- %{_moduledir}/pam_selinux_permit.so
|
| |
- %{_moduledir}/pam_sepermit.so
|
| |
+ %{_pam_moduledir}/pam_selinux.so
|
| |
+ %{_pam_moduledir}/pam_selinux_permit.so
|
| |
+ %{_pam_moduledir}/pam_sepermit.so
|
| |
%endif
|
| |
- %{_moduledir}/pam_securetty.so
|
| |
- %{_moduledir}/pam_setquota.so
|
| |
- %{_moduledir}/pam_shells.so
|
| |
- %{_moduledir}/pam_stress.so
|
| |
- %{_moduledir}/pam_succeed_if.so
|
| |
- %{_moduledir}/pam_time.so
|
| |
- %{_moduledir}/pam_timestamp.so
|
| |
+ %{_pam_moduledir}/pam_securetty.so
|
| |
+ %{_pam_moduledir}/pam_setquota.so
|
| |
+ %{_pam_moduledir}/pam_shells.so
|
| |
+ %{_pam_moduledir}/pam_stress.so
|
| |
+ %{_pam_moduledir}/pam_succeed_if.so
|
| |
+ %{_pam_moduledir}/pam_time.so
|
| |
+ %{_pam_moduledir}/pam_timestamp.so
|
| |
%if %{WITH_AUDIT}
|
| |
- %{_moduledir}/pam_tty_audit.so
|
| |
+ %{_pam_moduledir}/pam_tty_audit.so
|
| |
%endif
|
| |
- %{_moduledir}/pam_umask.so
|
| |
- %{_moduledir}/pam_unix.so
|
| |
- %{_moduledir}/pam_unix_acct.so
|
| |
- %{_moduledir}/pam_unix_auth.so
|
| |
- %{_moduledir}/pam_unix_passwd.so
|
| |
- %{_moduledir}/pam_unix_session.so
|
| |
- %{_moduledir}/pam_userdb.so
|
| |
- %{_moduledir}/pam_usertype.so
|
| |
- %{_moduledir}/pam_warn.so
|
| |
- %{_moduledir}/pam_wheel.so
|
| |
- %{_moduledir}/pam_xauth.so
|
| |
- %{_moduledir}/pam_filter
|
| |
- %{_systemdlibdir}/pam_namespace.service
|
| |
- %dir %{_secconfdir}
|
| |
- %config(noreplace) %{_secconfdir}/access.conf
|
| |
- %config(noreplace) %{_secconfdir}/chroot.conf
|
| |
- %config %{_secconfdir}/console.perms
|
| |
- %config(noreplace) %{_secconfdir}/console.handlers
|
| |
- %config(noreplace) %{_secconfdir}/faillock.conf
|
| |
- %config(noreplace) %{_secconfdir}/group.conf
|
| |
- %config(noreplace) %{_secconfdir}/limits.conf
|
| |
- %dir %{_secconfdir}/limits.d
|
| |
- %config(noreplace) %{_secconfdir}/namespace.conf
|
| |
- %dir %{_secconfdir}/namespace.d
|
| |
- %attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init
|
| |
- %config(noreplace) %{_secconfdir}/pam_env.conf
|
| |
- %config(noreplace) %{_secconfdir}/time.conf
|
| |
- %config(noreplace) %{_secconfdir}/opasswd
|
| |
- %dir %{_secconfdir}/console.apps
|
| |
- %dir %{_secconfdir}/console.perms.d
|
| |
+ %{_pam_moduledir}/pam_umask.so
|
| |
+ %{_pam_moduledir}/pam_unix.so
|
| |
+ %{_pam_moduledir}/pam_unix_acct.so
|
| |
+ %{_pam_moduledir}/pam_unix_auth.so
|
| |
+ %{_pam_moduledir}/pam_unix_passwd.so
|
| |
+ %{_pam_moduledir}/pam_unix_session.so
|
| |
+ %{_pam_moduledir}/pam_userdb.so
|
| |
+ %{_pam_moduledir}/pam_usertype.so
|
| |
+ %{_pam_moduledir}/pam_warn.so
|
| |
+ %{_pam_moduledir}/pam_wheel.so
|
| |
+ %{_pam_moduledir}/pam_xauth.so
|
| |
+ %{_pam_moduledir}/pam_filter
|
| |
+ %{_unitdir}/pam_namespace.service
|
| |
+ %dir %{_pam_secconfdir}
|
| |
+ %config(noreplace) %{_pam_secconfdir}/access.conf
|
| |
+ %config(noreplace) %{_pam_secconfdir}/chroot.conf
|
| |
+ %config %{_pam_secconfdir}/console.perms
|
| |
+ %config(noreplace) %{_pam_secconfdir}/console.handlers
|
| |
+ %config(noreplace) %{_pam_secconfdir}/faillock.conf
|
| |
+ %config(noreplace) %{_pam_secconfdir}/group.conf
|
| |
+ %config(noreplace) %{_pam_secconfdir}/limits.conf
|
| |
+ %dir %{_pam_secconfdir}/limits.d
|
| |
+ %config(noreplace) %{_pam_secconfdir}/namespace.conf
|
| |
+ %dir %{_pam_secconfdir}/namespace.d
|
| |
+ %attr(755,root,root) %config(noreplace) %{_pam_secconfdir}/namespace.init
|
| |
+ %config(noreplace) %{_pam_secconfdir}/pam_env.conf
|
| |
+ %config(noreplace) %{_pam_secconfdir}/time.conf
|
| |
+ %config(noreplace) %{_pam_secconfdir}/opasswd
|
| |
+ %dir %{_pam_secconfdir}/console.apps
|
| |
+ %dir %{_pam_secconfdir}/console.perms.d
|
| |
%dir /var/run/console
|
| |
%if %{WITH_SELINUX}
|
| |
- %config(noreplace) %{_secconfdir}/sepermit.conf
|
| |
+ %config(noreplace) %{_pam_secconfdir}/sepermit.conf
|
| |
%dir /var/run/sepermit
|
| |
%endif
|
| |
%dir /var/run/faillock
|
| |
@@ -384,6 +384,9 @@
|
| |
exit 0
|
| |
|
| |
%changelog
|
| |
+ * Thu Jul 22 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-9
|
| |
+ - Add macros file to allow other packages to stop hardcoding directory names
|
| |
+
|
| |
* Fri Jul 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-8
|
| |
- Fix issues detected by covscan tool
|
| |
|
| |
From my POV the macros file should be located in the pam-devel package, as there is no need for it for run-time. Besides that, LGTM.