File sudo.spec of Package sudo.511
#
# spec file for package sudo
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: sudo
BuildRequires: openldap2-devel pam-devel postfix
BuildRequires: libselinux-devel
PreReq: coreutils
Version: 1.7.6p2
Release: 0.<RELEASE7>
Group: System/Base
License: BSD3c(or similar)
Url: http://www.sudo.ws/
Summary: Execute some commands as root
Source0: http://sudo.ws/sudo/dist/%{name}-%{version}.tar.bz2
Source1: %{name}.pamd
Source2: README.SUSE
Patch1: %{name}-defaults.diff
Patch2: %{name}-sudoers.diff
Patch3: %{name}-__P.diff
Patch5: %{name}-secure_path.diff
Patch6: %{name}-ldap.diff
Patch7: %{name}-env.diff
Patch8: sudo-1.7.6p2-manpage.patch
Patch9: sudo-1.7.6p2-ldap_search_escape.patch
# PATCH-FIX-UPSTREAM CVE-2012-2337 (bnc#762327)
Patch10: sudo-1.8.2-CVE-2012-2337.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Sudo is a command that allows users to execute some commands as root.
The /etc/sudoers file (edited with 'visudo') specifies which users have
access to sudo and which commands they can run. Sudo logs all its
activities to syslogd, so the system administrator can keep an eye on
things. Sudo asks for the password for initializing a check period of a
given time N (where N is defined at installation and is set to 5
minutes by default).
Authors:
--------
Jeff Nieusma <nieusma@rootgroup.com>
David Hieb <davehieb@rootgroup.com>
Ian McCloghrie <ian@ucsd.edu>
%prep
%setup -q
%patch1
%patch2
%patch3
%patch5
%patch6
%patch7
%patch8 -p1
%patch9 -p1
%patch10 -p0
cp %{S:1} %{S:2} .
%build
%ifarch s390 s390x %sparc
F_PIE=-fPIE
%else
F_PIE=-fpie
%endif
export CFLAGS="$RPM_OPT_FLAGS -Wall $F_PIE -DLDAP_DEPRECATED"
export LDFLAGS="-pie"
%configure \
--libexecdir=%{_libexecdir}/sudo \
--docdir=%{_docdir}/%{name} \
--with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
--with-selinux \
--with-logfac=auth \
--with-insults \
--with-all-insults \
--with-ignore-dot \
--with-tty-tickets \
--enable-shell-sets-home \
--with-sudoers-mode=0440 \
--with-pam \
--with-ldap \
--with-env-editor \
--without-secure-path \
--with-passprompt='%%p\x27s password:'
make %{?_smp_mflags}
%install
make DESTDIR=$RPM_BUILD_ROOT install
install -d -m 700 $RPM_BUILD_ROOT/var/lib/sudo
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
install -m 644 sudo.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo
install -m 755 sudoers2ldif $RPM_BUILD_ROOT%{_sbindir}/sudoers2ldif
rm -f $RPM_BUILD_ROOT%{_bindir}/sudoedit
ln -sf %{_bindir}/sudo $RPM_BUILD_ROOT%{_bindir}/sudoedit
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema
install -m 644 schema.OpenLDAP $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/sudo.schema
%post
chmod 0440 %{_sysconfdir}/sudoers
#bnc#712434
rm -rf /var/run/sudo
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc ChangeLog HISTORY LICENSE PORTING README README.LDAP README.SUSE TROUBLESHOOTING *.pod NEWS
%doc %{_mandir}/man?/*
%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
%config %{_sysconfdir}/pam.d/sudo
%attr(4755,root,root) %{_bindir}/sudo
%dir %{_sysconfdir}/openldap
%dir %{_sysconfdir}/openldap/schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema
%{_bindir}/sudoedit
%{_bindir}/sudoreplay
%{_sbindir}/*
%{_libexecdir}/sudo
/var/lib/sudo
%changelog
