From: Todd C. Miller Date: Tue, 7 Apr 2015 21:35:01 +0000 (-0600) Subject: Create template tmpfiles.d/sudo.conf for installation instead of X-Git-Tag: SUDO_1_8_14^2~171 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fa3552fa7663e25ec2bdc25ed34bf8a425c5e9b9;p=sudo Create template tmpfiles.d/sudo.conf for installation instead of creating one via echo commands in the Makefile. Add --enable-tmpfiles.d configure option to enable/disable use of tmpfiles.d and override the default directory. Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore tmpfiles.d/sudo.conf in sudo.pp. --- diff --git a/.hgignore b/.hgignore index 1d974406b..4c62d7033 100644 --- a/.hgignore +++ b/.hgignore @@ -23,6 +23,7 @@ Makefile$ ^doc/varsub$ ^init.d/.*.sh$ +^init.d/sudo.conf$ ^pathnames\.h$ ^src/sudo$ diff --git a/INSTALL b/INSTALL index ae6916aca..b3d50d718 100644 --- a/INSTALL +++ b/INSTALL @@ -198,14 +198,6 @@ Compilation options: binary itself. This will also disable the noexec option as it too relies on dynamic shared object support. - --enable-static-sudoers - By default, the sudoers plugin is built and installed as a - dynamic shared object. When the --enable-static-sudoers - option is specified, the sudoers plugin is compiled directly - into the sudo binary. Unlike --disable-shared, this does - not prevent other plugins from being used and the noexec - option will continue to function. - --disable-shared-libutil Disable the use of the dynamic libsudo_util library. By default, sudo, the sudoers plugin and the associated sudo @@ -215,6 +207,22 @@ Compilation options: instead. This option may only be used in conjunction with the --enable-static-sudoers option. + --enable-static-sudoers + By default, the sudoers plugin is built and installed as a + dynamic shared object. When the --enable-static-sudoers + option is specified, the sudoers plugin is compiled directly + into the sudo binary. Unlike --disable-shared, this does + not prevent other plugins from being used and the noexec + option will continue to function. + + --enable-tmpfiles.d=DIR + Set the directory to be used when installing the sudo + tmpfiles.d file. This is used to create (or clear) the + sudo time stamp directory on operating systems that use + systemd. If this option is not specified, configure will + use the /usr/lib/tmpfiles.d directory if the file + /usr/lib/tmpfiles.d/systemd.conf exists. + --disable-weak-symbols Disable the use of weak symbols in the libsudo_util library. By default, libsudo_util will provide weak symbols for the diff --git a/MANIFEST b/MANIFEST index 4a73dfd47..1a34aa0c6 100644 --- a/MANIFEST +++ b/MANIFEST @@ -76,6 +76,7 @@ include/sudo_util.h indent.pro init.d/aix.sh.in init.d/hpux.sh.in +init.d/sudo.conf.in install-sh lib/util/Makefile.in lib/util/aix.c diff --git a/Makefile.in b/Makefile.in index 76ca6a7e0..4098f5200 100644 --- a/Makefile.in +++ b/Makefile.in @@ -326,8 +326,8 @@ distclean: config.status for d in $(SUBDIRS) $(SAMPLES); do \ (cd $$d && exec $(MAKE) $@); \ done - -rm -rf Makefile pathnames.h config.h config.status config.cache \ - config.log libtool stamp-* autom4te.cache init.d/*.sh + -rm -rf autom4te.cache config.cache config.h config.log config.status \ + init.d/*.sh init.d/sudo.conf libtool Makefile pathnames.h stamp-* cleandir: distclean diff --git a/configure b/configure index b47b75759..d3ee17e35 100755 --- a/configure +++ b/configure @@ -724,6 +724,7 @@ vardir rundir iolog_dir exampledir +TMPFILES_D COMPAT_EXP RC_LINK INIT_DIR @@ -951,6 +952,7 @@ enable_rpath enable_static_sudoers enable_shared_libutil enable_weak_symbols +enable_tmpfiles_d with_selinux enable_gss_krb5_ccache_name enable_shared @@ -1628,6 +1630,7 @@ Optional Features: Disable use of the libsudo_util shared library. --disable-weak-symbols Disable use of weak symbols in the libsudo_util shared library. + --enable-tmpfiles.d=DIR Set the path to the systemd tmpfiles.d directory. --enable-gss-krb5-ccache-name Use GSS-API to set the Kerberos V cred cache name --enable-shared[=PKGS] build shared libraries [default=yes] @@ -2843,6 +2846,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + # @@ -2930,6 +2934,7 @@ WEAK_ALIAS=no CHECKSHADOW=true shadow_funcs= shadow_libs= +TMPFILES_D= CONFIGURE_ARGS="$@" RTLD_PRELOAD_VAR="LD_PRELOAD" @@ -5699,6 +5704,22 @@ else fi +# Check whether --enable-tmpfiles.d was given. +if test "${enable_tmpfiles_d+set}" = set; then : + enableval=$enable_tmpfiles_d; case $enableval in + yes) TMPFILES_D=/usr/lib/tmpfiles.d + ;; + no) TMPFILES_D= + ;; + *) TMPFILES_D="$enableval" +esac +else + + test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d + +fi + + # Check whether --with-selinux was given. if test "${with_selinux+set}" = set; then : @@ -24552,6 +24573,9 @@ test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/ if test X"$INIT_SCRIPT" != X""; then ac_config_files="$ac_config_files init.d/$INIT_SCRIPT" +elif test X"$TMPFILES_D" != X""; then + ac_config_files="$ac_config_files init.d/sudo.conf" + fi ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" @@ -25544,6 +25568,7 @@ do "lib/zlib/zconf.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/zlib/zconf.h" ;; "lib/zlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/zlib/Makefile" ;; "init.d/$INIT_SCRIPT") CONFIG_FILES="$CONFIG_FILES init.d/$INIT_SCRIPT" ;; + "init.d/sudo.conf") CONFIG_FILES="$CONFIG_FILES init.d/sudo.conf" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;; diff --git a/configure.ac b/configure.ac index 6dc147b64..83e2488e8 100644 --- a/configure.ac +++ b/configure.ac @@ -90,6 +90,7 @@ AC_SUBST([INIT_SCRIPT]) AC_SUBST([INIT_DIR]) AC_SUBST([RC_LINK]) AC_SUBST([COMPAT_EXP]) +AC_SUBST([TMPFILES_D]) AC_SUBST([exampledir]) dnl dnl Variables that get substituted in docs (not overridden by environment) @@ -226,6 +227,7 @@ WEAK_ALIAS=no CHECKSHADOW=true shadow_funcs= shadow_libs= +TMPFILES_D= CONFIGURE_ARGS="$@" dnl @@ -1478,6 +1480,18 @@ AC_ARG_ENABLE(weak_symbols, [AS_HELP_STRING([--disable-weak-symbols], [Disable use of weak symbols in the libsudo_util shared library.])], [], [enable_weak_symbols=yes]) +AC_ARG_ENABLE(tmpfiles.d, +[AS_HELP_STRING([--enable-tmpfiles.d=DIR], [Set the path to the systemd tmpfiles.d directory.])], +[case $enableval in + yes) TMPFILES_D=/usr/lib/tmpfiles.d + ;; + no) TMPFILES_D= + ;; + *) TMPFILES_D="$enableval" +esac], [ + test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d +]) + AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " @@ -4182,6 +4196,8 @@ dnl Substitute into the Makefile and man pages dnl if test X"$INIT_SCRIPT" != X""; then AC_CONFIG_FILES([init.d/$INIT_SCRIPT]) +elif test X"$TMPFILES_D" != X""; then + AC_CONFIG_FILES([init.d/sudo.conf]) fi AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT diff --git a/mkpkg b/mkpkg index abd6585a4..2d35fad02 100755 --- a/mkpkg +++ b/mkpkg @@ -300,6 +300,9 @@ case "$osversion" in ;; esac +# The postinstall script will create tmpfiles.d/sudo.conf for us +configure_opts="${configure_opts}${configure_opts+$tab}--disable-tmpfiles.d" + # Remove spaces from IFS when setting $@ so that passprompt may include them OIFS="$IFS" IFS=" $nl" diff --git a/src/Makefile.in b/src/Makefile.in index b4f4feebd..0258eb2b5 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -73,6 +73,7 @@ localedir = @localedir@ localstatedir = @localstatedir@ noexecfile = @NOEXECFILE@ noexecdir = @NOEXECDIR@ +tmpfiles_d = @TMPFILES_D@ # User and group ids the installed files should be "owned" by install_uid = 0 @@ -147,21 +148,20 @@ install: install-binaries install-rc @INSTALL_NOEXEC@ install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \ $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir) - @if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then \ - mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d; \ - fi - -install-rc: - @if [ -n "$(INIT_SCRIPT)" ]; then \ + if test -n "$(INIT_SCRIPT)"; then \ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(INIT_DIR) \ `echo $(DESTDIR)$(RC_LINK) | $(SED) 's,/[^/]*$$,,'`; \ + elif test -n "$(tmpfiles_d)"; then \ + $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(tmpfiles_d); \ + fi + +install-rc: install-dirs + if [ -n "$(INIT_SCRIPT)" ]; then \ $(INSTALL) $(INSTALL_OWNER) -m 0755 $(top_srcdir)/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \ rm -f $(DESTDIR)$(RC_LINK); \ ln -s $(INIT_DIR)/sudo $(DESTDIR)$(RC_LINK); \ - fi - @if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then \ - echo "d $(DESTDIR)$(rundir) 0711 root root" > $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf; \ - echo "D $(DESTDIR)$(rundir)/ts 0700 root root" >> $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf; \ + elif test -n "$(tmpfiles_d)"; then \ + $(INSTALL) $(INSTALL_OWNER) -m 0644 $(top_srcdir)/init.d/sudo.conf $(DESTDIR)$(tmpfiles_d)/sudo.conf; \ fi install-binaries: install-dirs $(PROGS) @@ -190,9 +190,8 @@ uninstall: $(DESTDIR)$(libexecdir)/sudo/sesh~ \ $(DESTDIR)$(noexecdir)/sudo_noexec.so~ \ $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf - @if [ -n "$(INIT_SCRIPT)" ]; then \ - rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo; \ - fi + -test -n "$(INIT_SCRIPT)" && \ + rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo cppcheck: cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c diff --git a/sudo.pp b/sudo.pp index 6563de85b..6c72b5085 100644 --- a/sudo.pp +++ b/sudo.pp @@ -320,10 +320,6 @@ still allow people to get their work done." /sbin/init.d/ ignore /sbin/init.d/sudo 0755 root: %endif -%if -d ${pp_destdir}/usr/lib/tmpfiles.d - /usr/lib/tmpfiles.d/ ignore - /usr/lib/tmpfiles.d/* ignore -%endif %files [!aix] $mandir/man*/* 0644 @@ -411,7 +407,7 @@ still allow people to get their work done." %post [rpm,deb] # Create /usr/lib/tmpfiles.d/sudo.conf if systemd is configured. - if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then + if [ -f /usr/lib/tmpfiles.d/systemd.conf ]; then cat > /usr/lib/tmpfiles.d/sudo.conf <<-EOF d %{rundir} 0711 root root D %{rundir}/ts 0700 root root