File rush.spec of Package rush

#
# spec file for package rush
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           rush
Version:        2.4
Release:        0
Summary:        Restricted User Shell
License:        GPL-3.0-or-later
Group:          System/Shells
URL:            https://www.gnu.org/software/rush/
Source:         https://ftp.gnu.org/pub/gnu/rush/%{name}-%{version}.tar.xz
Source2:        https://ftp.gnu.org/pub/gnu/rush/%{name}-%{version}.tar.xz.sig
# 0x325F650C4C2B6AD58807327A3602B07F55D0C732
Source3:        https://puszcza.gnu.org.ua/people/viewgpg.php?user_id=101#/%{name}.keyring
Source4:        system-group-rush.conf
# pending audit
Source10:       %{name}-rpmlintrc
Source11:       rush.permissions
Source12:       rush.permissions.easy
Source13:       rush.permissions.secure
Source14:       rush.permissions.paranoid
#
BuildRequires:  sysuser-tools
PreReq:         permissions
Provides:       group(rush)
%sysusers_requires

%description
GNU Rush is a Restricted User Shell, designed for sites providing limited
remote access to their resources. Using a flexible configuration file,
GNU Rush gives administrator complete control over the command lines that
users execute, and allows to tune the usage of system resources, such as
virtual memory, CPU time, etc. on a per-user basis.

In particular, GNU Rush allows to run remote programs in a chrooted
environment, which helps tighten security when offering access over such
programs as sftp-server or scp, that access the entire file system by
default.

Another important feature of rush is notification. It allows to notify
another processes via an INET or UNIX socket about termination of the user
session.

All accesses via rush are monitored. GNU Rush includes two programs that
help visualize the history of accesses: rushwho, which displays the list
of currently logged in users, and rushlast, which shows the history of
accesses. The output format of both utilities is configurable.

Note that for security reasons, only the users in the group "rush" may
use %{_sbindir}/rush as a shell, so make sure to add them to that group.

%lang_package

%prep
%autosetup -p1

%build
%configure
%make_build
%sysusers_generate_pre %{SOURCE4} rush system-group-rush.conf

%install
%make_install
# pending audit
install -D -m0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/permissions.d/%{name}
install -D -m0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/permissions.d/%{name}.easy
install -D -m0644 %{SOURCE13} %{buildroot}%{_sysconfdir}/permissions.d/%{name}.secure
install -D -m0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/permissions.d/%{name}.paranoid
#
%find_lang rush
mkdir -p %{buildroot}%{_sysusersdir}
install -m 0644 %{SOURCE4} %{buildroot}/%{_sysusersdir}/

%verifyscript
%verify_permissions -e %{_sbindir}/rush

%check
%make_build check || ( cat tests/testsuite.log; exit 42 )

%pre -f rush.pre
%post
%set_permissions %{_sbindir}/rush

%files
%license COPYING
%doc AUTHORS ChangeLog NEWS README THANKS
%config(noreplace) %{_sysconfdir}/rush.rc
%verify(not mode group) %attr(4750,root,rush) %{_sbindir}/rush
%{_bindir}/*
%{_mandir}/man?/*.gz
%{_infodir}/*.info%{?ext_info}
# pending audit
%config(noreplace) %{_sysconfdir}/permissions.d/%{name}*
#
%{_sysusersdir}/system-group-rush.conf

%files lang -f rush.lang
%license COPYING

%changelog