|
|
206108f |
|
|
|
206108f |
# comment out if no extra version
|
|
|
85d95cb |
#global extraver p2
|
|
|
206108f |
|
|
|
4940ab8 |
Summary: Allows restricted root access for specified users
|
|
cvsdist |
3703e23 |
Name: sudo
|
|
|
85d95cb |
Version: 1.9.9
|
|
|
206108f |
# use "-p -e % {?extraver}" when beta
|
|
|
206108f |
# use "-e % {?extraver}"" when patch version
|
|
|
206108f |
# use nothing special when normal version
|
|
|
85d95cb |
Release: %autorelease %{?extraver:-e %{extraver}}
|
|
dnk |
520e07d |
License: ISC
|
|
|
47a5b50 |
URL: https://www.sudo.ws
|
|
|
206108f |
Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz
|
|
|
ffcdc7d |
Source1: sudoers
|
|
|
3e6b39b |
Requires: pam
|
|
|
b9a4f24 |
Recommends: nano
|
|
|
e30e387 |
Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release}
|
|
|
474d0dd |
|
|
|
f6041d8 |
BuildRequires: make
|
|
|
474d0dd |
BuildRequires: pam-devel
|
|
|
474d0dd |
BuildRequires: groff
|
|
|
474d0dd |
BuildRequires: openldap-devel
|
|
|
4616de0 |
BuildRequires: flex
|
|
|
4616de0 |
BuildRequires: bison
|
|
|
d8c0683 |
BuildRequires: libtool
|
|
|
e25038b |
BuildRequires: audit-libs-devel libcap-devel
|
|
|
2c73738 |
BuildRequires: libselinux-devel
|
|
|
eca3e72 |
BuildRequires: sendmail
|
|
|
0894814 |
BuildRequires: gettext
|
|
|
3928123 |
BuildRequires: zlib-devel
|
|
cvsdist |
63abc0a |
|
|
cvsdist |
3703e23 |
%description
|
|
cvsdist |
3703e23 |
Sudo (superuser do) allows a system administrator to give certain
|
|
cvsdist |
3703e23 |
users (or groups of users) the ability to run some (or all) commands
|
|
cvsdist |
3703e23 |
as root while logging all commands and arguments. Sudo operates on a
|
|
cvsdist |
3703e23 |
per-command basis. It is not a replacement for the shell. Features
|
|
cvsdist |
3703e23 |
include: the ability to restrict what commands a user may run on a
|
|
cvsdist |
3703e23 |
per-host basis, copious logging of each command (providing a clear
|
|
cvsdist |
3703e23 |
audit trail of who did what), a configurable timeout of the sudo
|
|
cvsdist |
3703e23 |
command, and the ability to use the same configuration file (sudoers)
|
|
cvsdist |
3703e23 |
on many different machines.
|
|
cvsdist |
3703e23 |
|
|
|
269d3c7 |
%package devel
|
|
|
269d3c7 |
Summary: Development files for %{name}
|
|
|
269d3c7 |
Requires: %{name} = %{version}-%{release}
|
|
|
269d3c7 |
|
|
|
269d3c7 |
%description devel
|
|
|
269d3c7 |
The %{name}-devel package contains header files developing sudo
|
|
|
269d3c7 |
plugins that use %{name}.
|
|
|
269d3c7 |
|
|
|
35c555c |
|
|
|
35c555c |
%package logsrvd
|
|
|
35c555c |
Summary: High-performance log server for %{name}
|
|
|
35c555c |
Requires: %{name} = %{version}-%{release}
|
|
|
35c555c |
BuildRequires: openssl-devel
|
|
|
35c555c |
|
|
|
35c555c |
|
|
|
35c555c |
%description logsrvd
|
|
|
35c555c |
%{name}-logsrvd is a high-performance log server that accepts event and I/O logs from sudo.
|
|
|
35c555c |
It can be used to implement centralized logging of sudo logs.
|
|
|
35c555c |
|
|
|
e30e387 |
%package python-plugin
|
|
|
e30e387 |
Summary: Python plugin for %{name}
|
|
|
e30e387 |
Requires: %{name} = %{version}-%{release}
|
|
|
e30e387 |
BuildRequires: python3-devel
|
|
|
e30e387 |
|
|
|
e30e387 |
|
|
|
e30e387 |
%description python-plugin
|
|
|
e30e387 |
%{name}-python-plugin allows using sudo plugins written in Python.
|
|
|
e30e387 |
|
|
cvsdist |
3703e23 |
%prep
|
|
|
6e1d3c4 |
%autosetup -n %{name}-%{version}%{?extraver}
|
|
|
911d5c1 |
|
|
cvsdist |
3703e23 |
%build
|
|
|
fbec0ab |
# Remove bundled copy of zlib
|
|
|
fbec0ab |
rm -rf zlib/
|
|
|
05534ca |
|
|
|
6e1d3c4 |
# Set all build hardening flags
|
|
|
6e1d3c4 |
%set_build_flags
|
|
cvsdist |
63abc0a |
|
|
cvsdist |
3703e23 |
%configure \
|
|
|
e3e8515 |
--prefix=%{_prefix} \
|
|
|
e3e8515 |
--sbindir=%{_sbindir} \
|
|
|
e3e8515 |
--libdir=%{_libdir} \
|
|
|
8729726 |
--docdir=%{_pkgdocdir} \
|
|
|
35c555c |
--enable-openssl \
|
|
|
3859d5e |
--disable-root-mailer \
|
|
|
206108f |
--disable-intercept \
|
|
|
e3e8515 |
--with-logging=syslog \
|
|
|
e3e8515 |
--with-logfac=authpriv \
|
|
|
e3e8515 |
--with-pam \
|
|
|
3928123 |
--with-pam-login \
|
|
|
b9a4f24 |
--with-editor=%{_bindir}/nano:%{_bindir}/vim:%{_bindir}/vi \
|
|
|
e3e8515 |
--with-env-editor \
|
|
|
e3e8515 |
--with-ignore-dot \
|
|
|
e3e8515 |
--with-tty-tickets \
|
|
|
0fe071d |
--with-ldap \
|
|
|
3928123 |
--with-selinux \
|
|
|
3928123 |
--with-passprompt="[sudo] password for %p: " \
|
|
|
68203ed |
--enable-python \
|
|
|
d8c0683 |
--enable-zlib=system \
|
|
|
3928123 |
--with-linux-audit \
|
|
|
3928123 |
--with-sssd
|
|
|
3928123 |
# --without-kerb5 \
|
|
|
3928123 |
# --without-kerb4
|
|
|
6e1d3c4 |
%make_build
|
|
cvsdist |
3703e23 |
|
|
|
2c03b0a |
%check
|
|
|
2c03b0a |
make check
|
|
|
2c03b0a |
|
|
cvsdist |
3703e23 |
%install
|
|
|
6e1d3c4 |
%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
|
|
|
6e1d3c4 |
|
|
|
6e1d3c4 |
chmod 755 %{buildroot}%{_bindir}/* %{buildroot}%{_sbindir}/*
|
|
|
6e1d3c4 |
install -p -d -m 700 %{buildroot}/var/db/sudo
|
|
|
6e1d3c4 |
install -p -d -m 700 %{buildroot}/var/db/sudo/lectured
|
|
|
6e1d3c4 |
install -p -d -m 750 %{buildroot}/etc/sudoers.d
|
|
|
6e1d3c4 |
install -p -c -m 0440 %{SOURCE1} %{buildroot}/etc/sudoers
|
|
|
e431039 |
#add sudo to protected packages
|
|
|
6e1d3c4 |
install -p -d -m 755 %{buildroot}/etc/dnf/protected.d/
|
|
|
e431039 |
touch sudo.conf
|
|
|
e431039 |
echo sudo > sudo.conf
|
|
|
6e1d3c4 |
install -p -c -m 0644 sudo.conf %{buildroot}/etc/dnf/protected.d/
|
|
|
e431039 |
rm -f sudo.conf
|
|
cvsdist |
3703e23 |
|
|
|
6e1d3c4 |
chmod +x %{buildroot}%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
|
|
|
3928123 |
|
|
|
85d95cb |
# Don't package LICENSE.md as a doc
|
|
|
85d95cb |
rm -f %{buildroot}%{_pkgdocdir}/LICENSE.md
|
|
|
8f687c7 |
|
|
|
200fa94 |
# Remove examples; Examples can be found in man pages too.
|
|
|
6e1d3c4 |
rm -rf %{buildroot}%{_datadir}/examples/sudo
|
|
|
200fa94 |
|
|
|
9047d52 |
#Remove all .la files
|
|
|
6e1d3c4 |
find %{buildroot} -name '*.la' -exec rm -f {} ';'
|
|
|
9047d52 |
|
|
|
ababf7b |
# Remove sudoers.dist
|
|
|
6e1d3c4 |
rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
|
|
|
ababf7b |
|
|
|
0894814 |
%find_lang sudo
|
|
|
0894814 |
%find_lang sudoers
|
|
|
0894814 |
|
|
|
0894814 |
cat sudo.lang sudoers.lang > sudo_all.lang
|
|
|
0894814 |
rm sudo.lang sudoers.lang
|
|
|
0894814 |
|
|
|
6e1d3c4 |
mkdir -p %{buildroot}/etc/pam.d
|
|
|
6e1d3c4 |
cat > %{buildroot}/etc/pam.d/sudo << EOF
|
|
|
3928123 |
#%%PAM-1.0
|
|
|
e3e8515 |
auth include system-auth
|
|
|
e3e8515 |
account include system-auth
|
|
|
e3e8515 |
password include system-auth
|
|
|
e3e8515 |
session optional pam_keyinit.so revoke
|
|
|
e3e8515 |
session required pam_limits.so
|
|
|
a5f9360 |
session include system-auth
|
|
|
4616de0 |
EOF
|
|
|
4616de0 |
|
|
|
6e1d3c4 |
cat > %{buildroot}/etc/pam.d/sudo-i << EOF
|
|
|
3928123 |
#%%PAM-1.0
|
|
|
e3e8515 |
auth include sudo
|
|
|
e3e8515 |
account include sudo
|
|
|
e3e8515 |
password include sudo
|
|
|
e3e8515 |
session optional pam_keyinit.so force revoke
|
|
|
a5f9360 |
session include sudo
|
|
cvsdist |
3703e23 |
EOF
|
|
cvsdist |
cadae3b |
|
|
cvsdist |
3703e23 |
|
|
|
0894814 |
%files -f sudo_all.lang
|
|
cvsdist |
91f6747 |
%attr(0440,root,root) %config(noreplace) /etc/sudoers
|
|
|
a9a317e |
%attr(0750,root,root) %dir /etc/sudoers.d/
|
|
cvsdist |
3703e23 |
%config(noreplace) /etc/pam.d/sudo
|
|
|
4616de0 |
%config(noreplace) /etc/pam.d/sudo-i
|
|
|
9047d52 |
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
|
|
|
306df89 |
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
|
|
|
306df89 |
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
|
|
|
e273750 |
%dir /var/db/sudo
|
|
|
932e467 |
%dir /var/db/sudo/lectured
|
|
cvsdist |
3703e23 |
%attr(4111,root,root) %{_bindir}/sudo
|
|
|
9047d52 |
%{_bindir}/sudoedit
|
|
dnk |
520e07d |
%attr(0111,root,root) %{_bindir}/sudoreplay
|
|
cvsdist |
3703e23 |
%attr(0755,root,root) %{_sbindir}/visudo
|
|
|
81b7651 |
%{_bindir}/cvtsudoers
|
|
|
0477581 |
%dir %{_libexecdir}/sudo
|
|
|
8729726 |
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
|
|
|
8729726 |
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
|
|
|
8729726 |
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
|
|
|
8fc22ff |
%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so
|
|
|
8729726 |
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
|
|
|
8fc22ff |
%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so
|
|
|
8729726 |
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
|
|
|
9047d52 |
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
|
|
|
9047d52 |
%{_libexecdir}/sudo/libsudo_util.so.?
|
|
Marek Tamaskovic |
0c12737 |
%{_libexecdir}/sudo/libsudo_util.so
|
|
cvsdist |
3703e23 |
%{_mandir}/man5/sudoers.5*
|
|
|
ac43db5 |
%{_mandir}/man5/sudoers.ldap.5*
|
|
|
8729726 |
%{_mandir}/man5/sudo.conf.5*
|
|
cvsdist |
3703e23 |
%{_mandir}/man8/sudo.8*
|
|
|
d610fe7 |
%{_mandir}/man8/sudoedit.8*
|
|
dnk |
520e07d |
%{_mandir}/man8/sudoreplay.8*
|
|
cvsdist |
3703e23 |
%{_mandir}/man8/visudo.8*
|
|
|
81b7651 |
%{_mandir}/man1/cvtsudoers.1.gz
|
|
|
81b7651 |
%{_mandir}/man5/sudoers_timestamp.5.gz
|
|
|
6e1d3c4 |
%{_pkgdocdir}/
|
|
|
85d95cb |
%license LICENSE.md
|
|
cvsdist |
3703e23 |
|
|
|
269d3c7 |
%files devel
|
|
|
bbce9a9 |
%doc plugins/sample/sample_plugin.c
|
|
|
269d3c7 |
%{_includedir}/sudo_plugin.h
|
|
|
269d3c7 |
%{_mandir}/man8/sudo_plugin.8*
|
|
|
269d3c7 |
|
|
|
35c555c |
%files logsrvd
|
|
|
35c555c |
%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf
|
|
|
35c555c |
%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
|
|
|
35c555c |
%attr(0755,root,root) %{_sbindir}/sudo_sendlog
|
|
|
35c555c |
%{_mandir}/man5/sudo_logsrv.proto.5.gz
|
|
|
35c555c |
%{_mandir}/man5/sudo_logsrvd.conf.5.gz
|
|
|
35c555c |
%{_mandir}/man8/sudo_logsrvd.8.gz
|
|
|
35c555c |
%{_mandir}/man8/sudo_sendlog.8.gz
|
|
|
35c555c |
|
|
|
e30e387 |
%files python-plugin
|
|
|
e30e387 |
%{_mandir}/man8/sudo_plugin_python.8.gz
|
|
|
e30e387 |
%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
|
|
|
e30e387 |
|
|
cvsdist |
3703e23 |
%changelog
|
|
|
f02ed1c |
%autochangelog
|