From: Todd C. Miller Date: Mon, 1 Feb 2016 18:07:10 +0000 (-0700) Subject: Fedora dropped "core" from the name some time ago so just match on X-Git-Tag: SUDO_1_8_16^2~22 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9b19ea440cd58b8971b159f8a31942c945f4e186;p=sudo Fedora dropped "core" from the name some time ago so just match on f[0-9] for the rpm distro name provided by pp. Since the version numbers of Fedora and RHEL are so different switch to defining variables to indicate which features should be enabled. Works for Fedora 23. --- diff --git a/mkpkg b/mkpkg index 915603762..2a2cc2620 100755 --- a/mkpkg +++ b/mkpkg @@ -110,30 +110,55 @@ fi # Choose configure options by osversion. # We use the same configure options as vendor packages when possible. case "$osversion" in - centos*|rhel*|fc*) - if [ $osrelease -ge 40 ]; then - # RHEL 4 and up support SELinux + centos*|rhel*|f[0-9]*) + case "$osversion" in + centos*|rhel*) + if [ $osrelease -ge 40 ]; then + # RHEL 4 and up support SELinux + with_selinux=true + if [ $osrelease -ge 50 ]; then + # RHEL 5 and up has audit support and uses a + # separate PAM config file for "sudo -i". + with_linux_audit=true + with_pam_login=true + if [ $osrelease -ge 60 ]; then + # RHEL 6 and above builds sudo with SSSD support + with_sssd=true + # RHEL 6 and above use /etc/sudo-ldap.conf + with_sudo_ldap_conf=true + fi + fi + fi + ;; + f[0-9]*) + # XXX - investigate which features were in which fedora version + with_selinux=true + with_linux_audit=true + with_pam_login=true + with_sssd=true + with_sudo_ldap_conf=true + ;; + esac + + if [ X"$with_selinux" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi - if [ $osrelease -ge 50 ]; then - # RHEL 5 and up has audit support and uses a separate PAM - # config file for "sudo -i". + if [ X"$with_linux_audit" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit" - configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0" fi - if [ $osrelease -ge 60 ]; then - # RHEL 6 and above builds sudo with SSSD support + if [ X"$with_pam_login" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" + fi + if [ X"$with_sssd" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" if test "`getconf LONG_BIT`" = "64"; then # SSSD backend needs to know where to find the sssd lib configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib64" fi - # RHEL 6 and above use /etc/sudo-ldap.conf - if test "$flavor" = "ldap"; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap - --with-ldap-conf-file=/etc/sudo-ldap.conf" - fi + fi + if [ X"$with_sudo_ldap_conf" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap-conf-file=/etc/sudo-ldap.conf" fi # Note, must indent with tabs, not spaces due to IFS trickery configure_opts="--prefix=/usr diff --git a/sudo.pp b/sudo.pp index 9ec9ed3f1..295458d70 100644 --- a/sudo.pp +++ b/sudo.pp @@ -44,7 +44,7 @@ still allow people to get their work done." pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`" pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`" pp_rpm_license="BSD" - pp_rpm_url="https://www.sudo.ws/" + pp_rpm_url="https://www.sudo.ws" pp_rpm_group="Applications/System" pp_rpm_packager="Todd C. Miller " if test -n "$linux_audit"; then @@ -86,7 +86,7 @@ still allow people to get their work done." # Add distro info to release osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" ;; sles*) @@ -97,7 +97,7 @@ still allow people to get their work done." # Uncomment some Defaults in sudoers # Note that the order must match that of sudoers. case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // @@ -124,7 +124,7 @@ still allow people to get their work done." # For RedHat the doc dir is expected to include version and release case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) rhel_docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}" if test "`dirname ${exampledir}`" = "${docdir}"; then exampledir="${rhel_docdir}/`basename ${exampledir}`" @@ -136,7 +136,7 @@ still allow people to get their work done." # Choose the correct PAM file by distro, must be tab indented for "<<-" case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 50; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF @@ -165,7 +165,27 @@ still allow people to get their work done." EOF fi ;; - sles*) + f[0-9]*) + # XXX - share with rhel + mkdir -p ${pp_destdir}/etc/pam.d + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth include system-auth + account include system-auth + password include system-auth + session optional pam_keyinit.so revoke + session required pam_limits.so + EOF + cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF + #%PAM-1.0 + auth include sudo + account include sudo + password include sudo + session optional pam_keyinit.so force revoke + session required pam_limits.so + EOF + ;; + sles*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 10; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF @@ -263,7 +283,7 @@ still allow people to get their work done." cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$ sed "s/^\(Depends:.*\) *$/\1, ${DEPENDS}/" %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$ - echo "Homepage: https://www.sudo.ws/" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control %files