rpms
/
pam
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add macros file to allow other packages to stop hardcoding directory names 

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2021-07-22 12:43:20 +02:00
parent d335a7441d
commit 06d409fea6
2 changed files with 123 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
macros.pam Normal file
View File

@ -0,0 +1,5 @@
%_pam_libdir %{_libdir}
%_pam_moduledir %{_libdir}/security
%_pam_secconfdir %{_sysconfdir}/security
%_pam_confdir %{_sysconfdir}/pam.d
%_pam_vendordir %{_datadir}/pam.d

233
pam.spec
View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.5.1 Version: 1.5.1
Release: 8%{?dist} Release: 9%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -11,6 +11,7 @@ License: BSD and GPLv2+
Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz.asc Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz.asc
Source2: https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2 Source2: https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
Source3: macros.%{name}
Source5: other.pamd Source5: other.pamd
Source6: system-auth.pamd Source6: system-auth.pamd
Source7: password-auth.pamd Source7: password-auth.pamd
@ -32,13 +33,7 @@ Patch4: https://github.com/linux-pam/linux-pam/pull/368.patch#/pam-1.5.1-no_cryp
# https://github.com/linux-pam/linux-pam/commit/ec0e724fe53188c5c762c34ca9db6681c0de01b8 # https://github.com/linux-pam/linux-pam/commit/ec0e724fe53188c5c762c34ca9db6681c0de01b8
Patch5: pam-1.5.1-pam_filter_close_file_after_controlling_tty.patch Patch5: pam-1.5.1-pam_filter_close_file_after_controlling_tty.patch
%{load:%{SOURCE3}}
%global _pamlibdir %{_libdir}
%global _moduledir %{_libdir}/security
%global _secconfdir %{_sysconfdir}/security
%global _pamconfdir %{_sysconfdir}/pam.d
%global _pamvendordir %{_datadir}/pam.d
%global _systemdlibdir /usr/lib/systemd/system
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} %if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
%global WITH_SELINUX 1 %global WITH_SELINUX 1
@ -72,6 +67,7 @@ BuildRequires: libdb-devel
BuildRequires: linuxdoc-tools, elinks, libxslt BuildRequires: linuxdoc-tools, elinks, libxslt
BuildRequires: docbook-style-xsl, docbook-dtds BuildRequires: docbook-style-xsl, docbook-dtds
BuildRequires: gcc BuildRequires: gcc
BuildRequires: systemd
URL: http://www.linux-pam.org/ URL: http://www.linux-pam.org/
@ -123,7 +119,7 @@ autoreconf -i
%build %build
%configure \ %configure \
--disable-rpath \ --disable-rpath \
--libdir=%{_pamlibdir} \ --libdir=%{_pam_libdir} \
--includedir=%{_includedir}/security \ --includedir=%{_includedir}/security \
--enable-vendordir=%{_datadir} \ --enable-vendordir=%{_datadir} \
%if ! %{WITH_SELINUX} %if ! %{WITH_SELINUX}
@ -144,12 +140,15 @@ for readme in modules/pam_*/README ; do
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'` cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
done done
# Install the macros file
install -D -m 644 %{SOURCE3} %{buildroot}%{_rpmconfigdir}/macros.d/macros.%{name}
# Install the binaries, libraries, and modules. # Install the binaries, libraries, and modules.
make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=: make install DESTDIR=$RPM_BUILD_ROOT LDCONFIG=:
%if %{WITH_SELINUX} %if %{WITH_SELINUX}
# Temporary compat link # Temporary compat link
ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_moduledir}/pam_selinux_permit.so ln -sf pam_sepermit.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_selinux_permit.so
%endif %endif
# RPM uses docs from source tree # RPM uses docs from source tree
@ -158,16 +157,16 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
# Install default configuration files. # Install default configuration files.
install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir} install -d -m 755 $RPM_BUILD_ROOT%{_pam_confdir}
install -d -m 755 $RPM_BUILD_ROOT%{_pamvendordir} install -d -m 755 $RPM_BUILD_ROOT%{_pam_vendordir}
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pam_confdir}/other
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pam_confdir}/system-auth
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pam_confdir}/password-auth
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pam_confdir}/fingerprint-auth
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pam_confdir}/smartcard-auth
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pam_confdir}/config-util
install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pam_confdir}/postlogin
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd install -m 600 /dev/null $RPM_BUILD_ROOT%{_pam_secconfdir}/opasswd
install -d -m 755 $RPM_BUILD_ROOT/var/log install -d -m 755 $RPM_BUILD_ROOT/var/log
install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/motd.d install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/motd.d
@ -182,23 +181,23 @@ ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/smartcard-auth.5
for phase in auth acct passwd session ; do for phase in auth acct passwd session ; do
ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so ln -sf pam_unix.so $RPM_BUILD_ROOT%{_pam_moduledir}/pam_unix_${phase}.so
done done
# Remove .la files and make new .so links -- this depends on the value # Remove .la files and make new .so links -- this depends on the value
# of _libdir not changing, and *not* being /usr/lib. # of _libdir not changing, and *not* being /usr/lib.
for lib in libpam libpamc libpam_misc ; do for lib in libpam libpamc libpam_misc ; do
rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.la rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.la
done done
rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la rm -f $RPM_BUILD_ROOT%{_pam_moduledir}/*.la
%if "%{_pamlibdir}" != "%{_libdir}" %if "%{_pam_libdir}" != "%{_libdir}"
install -d -m 755 $RPM_BUILD_ROOT%{_libdir} install -d -m 755 $RPM_BUILD_ROOT%{_libdir}
for lib in libpam libpamc libpam_misc ; do for lib in libpam libpamc libpam_misc ; do
pushd $RPM_BUILD_ROOT%{_libdir} pushd $RPM_BUILD_ROOT%{_libdir}
ln -sf %{_pamlibdir}/${lib}.so.*.* ${lib}.so ln -sf %{_pam_libdir}/${lib}.so.*.* ${lib}.so
popd popd
rm -f $RPM_BUILD_ROOT%{_pamlibdir}/${lib}.so rm -f $RPM_BUILD_ROOT%{_pam_libdir}/${lib}.so
done done
%endif %endif
@ -221,7 +220,7 @@ if [ -d ${dir} ] ; then
%if ! %{WITH_AUDIT} %if ! %{WITH_AUDIT}
[ ${dir} = "modules/pam_tty_audit" ] && continue [ ${dir} = "modules/pam_tty_audit" ] && continue
%endif %endif
if ! ls -1 $RPM_BUILD_ROOT%{_moduledir}/`basename ${dir}`*.so ; then if ! ls -1 $RPM_BUILD_ROOT%{_pam_moduledir}/`basename ${dir}`*.so ; then
echo ERROR `basename ${dir}` did not build a module. echo ERROR `basename ${dir}` did not build a module.
exit 1 exit 1
fi fi
@ -230,9 +229,9 @@ done
# Check for module problems. Specifically, check that every module we just # Check for module problems. Specifically, check that every module we just
# installed can actually be loaded by a minimal PAM-aware application. # installed can actually be loaded by a minimal PAM-aware application.
/sbin/ldconfig -n $RPM_BUILD_ROOT%{_pamlibdir} /sbin/ldconfig -n $RPM_BUILD_ROOT%{_pam_libdir}
for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do for module in $RPM_BUILD_ROOT%{_pam_moduledir}/pam*.so ; do
if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pamlibdir} \ if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_pam_libdir} \
%{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT%{_libdir} ${module} ; then %{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT%{_libdir} ${module} ; then
echo ERROR module: ${module} cannot be loaded. echo ERROR module: ${module} cannot be loaded.
exit 1 exit 1
@ -242,21 +241,22 @@ done
%ldconfig_scriptlets %ldconfig_scriptlets
%files -f Linux-PAM.lang %files -f Linux-PAM.lang
%dir %{_pamconfdir} %dir %{_pam_confdir}
%dir %{_pamvendordir} %dir %{_pam_vendordir}
%config(noreplace) %{_pamconfdir}/other %config(noreplace) %{_pam_confdir}/other
%config(noreplace) %{_pamconfdir}/system-auth %config(noreplace) %{_pam_confdir}/system-auth
%config(noreplace) %{_pamconfdir}/password-auth %config(noreplace) %{_pam_confdir}/password-auth
%config(noreplace) %{_pamconfdir}/fingerprint-auth %config(noreplace) %{_pam_confdir}/fingerprint-auth
%config(noreplace) %{_pamconfdir}/smartcard-auth %config(noreplace) %{_pam_confdir}/smartcard-auth
%config(noreplace) %{_pamconfdir}/config-util %config(noreplace) %{_pam_confdir}/config-util
%config(noreplace) %{_pamconfdir}/postlogin %config(noreplace) %{_pam_confdir}/postlogin
%{_rpmconfigdir}/macros.d/macros.%{name}
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license Copyright %license Copyright
%license gpl-2.0.txt %license gpl-2.0.txt
%{_pamlibdir}/libpam.so.* %{_pam_libdir}/libpam.so.*
%{_pamlibdir}/libpamc.so.* %{_pam_libdir}/libpamc.so.*
%{_pamlibdir}/libpam_misc.so.* %{_pam_libdir}/libpam_misc.so.*
%{_sbindir}/pam_console_apply %{_sbindir}/pam_console_apply
%{_sbindir}/pam_namespace_helper %{_sbindir}/pam_namespace_helper
%{_sbindir}/faillock %{_sbindir}/faillock
@ -265,85 +265,85 @@ done
%attr(0700,root,root) %{_sbindir}/unix_update %attr(0700,root,root) %{_sbindir}/unix_update
%attr(0755,root,root) %{_sbindir}/mkhomedir_helper %attr(0755,root,root) %{_sbindir}/mkhomedir_helper
%attr(0755,root,root) %{_sbindir}/pwhistory_helper %attr(0755,root,root) %{_sbindir}/pwhistory_helper
%dir %{_moduledir} %dir %{_pam_moduledir}
%{_moduledir}/pam_access.so %{_pam_moduledir}/pam_access.so
%{_moduledir}/pam_chroot.so %{_pam_moduledir}/pam_chroot.so
%{_moduledir}/pam_console.so %{_pam_moduledir}/pam_console.so
%{_moduledir}/pam_debug.so %{_pam_moduledir}/pam_debug.so
%{_moduledir}/pam_deny.so %{_pam_moduledir}/pam_deny.so
%{_moduledir}/pam_echo.so %{_pam_moduledir}/pam_echo.so
%{_moduledir}/pam_env.so %{_pam_moduledir}/pam_env.so
%{_moduledir}/pam_exec.so %{_pam_moduledir}/pam_exec.so
%{_moduledir}/pam_faildelay.so %{_pam_moduledir}/pam_faildelay.so
%{_moduledir}/pam_faillock.so %{_pam_moduledir}/pam_faillock.so
%{_moduledir}/pam_filter.so %{_pam_moduledir}/pam_filter.so
%{_moduledir}/pam_ftp.so %{_pam_moduledir}/pam_ftp.so
%{_moduledir}/pam_group.so %{_pam_moduledir}/pam_group.so
%{_moduledir}/pam_issue.so %{_pam_moduledir}/pam_issue.so
%{_moduledir}/pam_keyinit.so %{_pam_moduledir}/pam_keyinit.so
%{_moduledir}/pam_lastlog.so %{_pam_moduledir}/pam_lastlog.so
%{_moduledir}/pam_limits.so %{_pam_moduledir}/pam_limits.so
%{_moduledir}/pam_listfile.so %{_pam_moduledir}/pam_listfile.so
%{_moduledir}/pam_localuser.so %{_pam_moduledir}/pam_localuser.so
%{_moduledir}/pam_loginuid.so %{_pam_moduledir}/pam_loginuid.so
%{_moduledir}/pam_mail.so %{_pam_moduledir}/pam_mail.so
%{_moduledir}/pam_mkhomedir.so %{_pam_moduledir}/pam_mkhomedir.so
%{_moduledir}/pam_motd.so %{_pam_moduledir}/pam_motd.so
%{_moduledir}/pam_namespace.so %{_pam_moduledir}/pam_namespace.so
%{_moduledir}/pam_nologin.so %{_pam_moduledir}/pam_nologin.so
%{_moduledir}/pam_permit.so %{_pam_moduledir}/pam_permit.so
%{_moduledir}/pam_postgresok.so %{_pam_moduledir}/pam_postgresok.so
%{_moduledir}/pam_pwhistory.so %{_pam_moduledir}/pam_pwhistory.so
%{_moduledir}/pam_rhosts.so %{_pam_moduledir}/pam_rhosts.so
%{_moduledir}/pam_rootok.so %{_pam_moduledir}/pam_rootok.so
%if %{WITH_SELINUX} %if %{WITH_SELINUX}
%{_moduledir}/pam_selinux.so %{_pam_moduledir}/pam_selinux.so
%{_moduledir}/pam_selinux_permit.so %{_pam_moduledir}/pam_selinux_permit.so
%{_moduledir}/pam_sepermit.so %{_pam_moduledir}/pam_sepermit.so
%endif %endif
%{_moduledir}/pam_securetty.so %{_pam_moduledir}/pam_securetty.so
%{_moduledir}/pam_setquota.so %{_pam_moduledir}/pam_setquota.so
%{_moduledir}/pam_shells.so %{_pam_moduledir}/pam_shells.so
%{_moduledir}/pam_stress.so %{_pam_moduledir}/pam_stress.so
%{_moduledir}/pam_succeed_if.so %{_pam_moduledir}/pam_succeed_if.so
%{_moduledir}/pam_time.so %{_pam_moduledir}/pam_time.so
%{_moduledir}/pam_timestamp.so %{_pam_moduledir}/pam_timestamp.so
%if %{WITH_AUDIT} %if %{WITH_AUDIT}
%{_moduledir}/pam_tty_audit.so %{_pam_moduledir}/pam_tty_audit.so
%endif %endif
%{_moduledir}/pam_umask.so %{_pam_moduledir}/pam_umask.so
%{_moduledir}/pam_unix.so %{_pam_moduledir}/pam_unix.so
%{_moduledir}/pam_unix_acct.so %{_pam_moduledir}/pam_unix_acct.so
%{_moduledir}/pam_unix_auth.so %{_pam_moduledir}/pam_unix_auth.so
%{_moduledir}/pam_unix_passwd.so %{_pam_moduledir}/pam_unix_passwd.so
%{_moduledir}/pam_unix_session.so %{_pam_moduledir}/pam_unix_session.so
%{_moduledir}/pam_userdb.so %{_pam_moduledir}/pam_userdb.so
%{_moduledir}/pam_usertype.so %{_pam_moduledir}/pam_usertype.so
%{_moduledir}/pam_warn.so %{_pam_moduledir}/pam_warn.so
%{_moduledir}/pam_wheel.so %{_pam_moduledir}/pam_wheel.so
%{_moduledir}/pam_xauth.so %{_pam_moduledir}/pam_xauth.so
%{_moduledir}/pam_filter %{_pam_moduledir}/pam_filter
%{_systemdlibdir}/pam_namespace.service %{_unitdir}/pam_namespace.service
%dir %{_secconfdir} %dir %{_pam_secconfdir}
%config(noreplace) %{_secconfdir}/access.conf %config(noreplace) %{_pam_secconfdir}/access.conf
%config(noreplace) %{_secconfdir}/chroot.conf %config(noreplace) %{_pam_secconfdir}/chroot.conf
%config %{_secconfdir}/console.perms %config %{_pam_secconfdir}/console.perms
%config(noreplace) %{_secconfdir}/console.handlers %config(noreplace) %{_pam_secconfdir}/console.handlers
%config(noreplace) %{_secconfdir}/faillock.conf %config(noreplace) %{_pam_secconfdir}/faillock.conf
%config(noreplace) %{_secconfdir}/group.conf %config(noreplace) %{_pam_secconfdir}/group.conf
%config(noreplace) %{_secconfdir}/limits.conf %config(noreplace) %{_pam_secconfdir}/limits.conf
%dir %{_secconfdir}/limits.d %dir %{_pam_secconfdir}/limits.d
%config(noreplace) %{_secconfdir}/namespace.conf %config(noreplace) %{_pam_secconfdir}/namespace.conf
%dir %{_secconfdir}/namespace.d %dir %{_pam_secconfdir}/namespace.d
%attr(755,root,root) %config(noreplace) %{_secconfdir}/namespace.init %attr(755,root,root) %config(noreplace) %{_pam_secconfdir}/namespace.init
%config(noreplace) %{_secconfdir}/pam_env.conf %config(noreplace) %{_pam_secconfdir}/pam_env.conf
%config(noreplace) %{_secconfdir}/time.conf %config(noreplace) %{_pam_secconfdir}/time.conf
%config(noreplace) %{_secconfdir}/opasswd %config(noreplace) %{_pam_secconfdir}/opasswd
%dir %{_secconfdir}/console.apps %dir %{_pam_secconfdir}/console.apps
%dir %{_secconfdir}/console.perms.d %dir %{_pam_secconfdir}/console.perms.d
%dir /var/run/console %dir /var/run/console
%if %{WITH_SELINUX} %if %{WITH_SELINUX}
%config(noreplace) %{_secconfdir}/sepermit.conf %config(noreplace) %{_pam_secconfdir}/sepermit.conf
%dir /var/run/sepermit %dir /var/run/sepermit
%endif %endif
%dir /var/run/faillock %dir /var/run/faillock
@ -384,6 +384,9 @@ test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \
exit 0 exit 0
%changelog %changelog
* Thu Jul 22 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-9
- Add macros file to allow other packages to stop hardcoding directory names
* Fri Jul 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-8 * Fri Jul 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-8
- Fix issues detected by covscan tool - Fix issues detected by covscan tool