From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 7 Apr 2015 21:35:01 +0000 (-0600)
Subject: Create template tmpfiles.d/sudo.conf for installation instead of
X-Git-Tag: SUDO_1_8_14^2~171
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fa3552fa7663e25ec2bdc25ed34bf8a425c5e9b9;p=sudo

Create template tmpfiles.d/sudo.conf for installation instead of
creating one via echo commands in the Makefile.

Add --enable-tmpfiles.d configure option to enable/disable use of
tmpfiles.d and override the default directory.

Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore
tmpfiles.d/sudo.conf in sudo.pp.
---

diff --git a/.hgignore b/.hgignore
index 1d974406b..4c62d7033 100644
--- a/.hgignore
+++ b/.hgignore
@@ -23,6 +23,7 @@ Makefile$
 ^doc/varsub$
 
 ^init.d/.*.sh$
+^init.d/sudo.conf$
 
 ^pathnames\.h$
 ^src/sudo$
diff --git a/INSTALL b/INSTALL
index ae6916aca..b3d50d718 100644
--- a/INSTALL
+++ b/INSTALL
@@ -198,14 +198,6 @@ Compilation options:
         binary itself.  This will also disable the noexec option
         as it too relies on dynamic shared object support.
 
-  --enable-static-sudoers
-        By default, the sudoers plugin is built and installed as a
-        dynamic shared object.  When the --enable-static-sudoers
-        option is specified, the sudoers plugin is compiled directly
-        into the sudo binary.  Unlike --disable-shared, this does
-        not prevent other plugins from being used and the noexec
-        option will continue to function.
-
   --disable-shared-libutil
         Disable the use of the dynamic libsudo_util library.  By
         default, sudo, the sudoers plugin and the associated sudo
@@ -215,6 +207,22 @@ Compilation options:
         instead.  This option may only be used in conjunction with
         the --enable-static-sudoers option.
 
+  --enable-static-sudoers
+        By default, the sudoers plugin is built and installed as a
+        dynamic shared object.  When the --enable-static-sudoers
+        option is specified, the sudoers plugin is compiled directly
+        into the sudo binary.  Unlike --disable-shared, this does
+        not prevent other plugins from being used and the noexec
+        option will continue to function.
+
+  --enable-tmpfiles.d=DIR
+        Set the directory to be used when installing the sudo
+        tmpfiles.d file.  This is used to create (or clear) the
+        sudo time stamp directory on operating systems that use
+        systemd.  If this option is not specified, configure will
+        use the /usr/lib/tmpfiles.d directory if the file
+        /usr/lib/tmpfiles.d/systemd.conf exists.
+
   --disable-weak-symbols
         Disable the use of weak symbols in the libsudo_util library.
         By default, libsudo_util will provide weak symbols for the
diff --git a/MANIFEST b/MANIFEST
index 4a73dfd47..1a34aa0c6 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -76,6 +76,7 @@ include/sudo_util.h
 indent.pro
 init.d/aix.sh.in
 init.d/hpux.sh.in
+init.d/sudo.conf.in
 install-sh
 lib/util/Makefile.in
 lib/util/aix.c
diff --git a/Makefile.in b/Makefile.in
index 76ca6a7e0..4098f5200 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -326,8 +326,8 @@ distclean: config.status
 	for d in $(SUBDIRS) $(SAMPLES); do \
 	    (cd $$d && exec $(MAKE) $@); \
 	done
-	-rm -rf Makefile pathnames.h config.h config.status config.cache \
-		config.log libtool stamp-* autom4te.cache init.d/*.sh
+	-rm -rf autom4te.cache config.cache config.h config.log config.status \
+	    init.d/*.sh init.d/sudo.conf libtool Makefile pathnames.h stamp-*
 
 cleandir: distclean
 
diff --git a/configure b/configure
index b47b75759..d3ee17e35 100755
--- a/configure
+++ b/configure
@@ -724,6 +724,7 @@ vardir
 rundir
 iolog_dir
 exampledir
+TMPFILES_D
 COMPAT_EXP
 RC_LINK
 INIT_DIR
@@ -951,6 +952,7 @@ enable_rpath
 enable_static_sudoers
 enable_shared_libutil
 enable_weak_symbols
+enable_tmpfiles_d
 with_selinux
 enable_gss_krb5_ccache_name
 enable_shared
@@ -1628,6 +1630,7 @@ Optional Features:
                           Disable use of the libsudo_util shared library.
   --disable-weak-symbols  Disable use of weak symbols in the libsudo_util
                           shared library.
+  --enable-tmpfiles.d=DIR Set the path to the systemd tmpfiles.d directory.
   --enable-gss-krb5-ccache-name
                           Use GSS-API to set the Kerberos V cred cache name
   --enable-shared[=PKGS]  build shared libraries [default=yes]
@@ -2843,6 +2846,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
 
 
 
+
 
 
 #
@@ -2930,6 +2934,7 @@ WEAK_ALIAS=no
 CHECKSHADOW=true
 shadow_funcs=
 shadow_libs=
+TMPFILES_D=
 CONFIGURE_ARGS="$@"
 
 RTLD_PRELOAD_VAR="LD_PRELOAD"
@@ -5699,6 +5704,22 @@ else
 fi
 
 
+# Check whether --enable-tmpfiles.d was given.
+if test "${enable_tmpfiles_d+set}" = set; then :
+  enableval=$enable_tmpfiles_d; case $enableval in
+    yes)	TMPFILES_D=/usr/lib/tmpfiles.d
+		;;
+    no)		TMPFILES_D=
+		;;
+    *)		TMPFILES_D="$enableval"
+esac
+else
+
+    test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d
+
+fi
+
+
 
 # Check whether --with-selinux was given.
 if test "${with_selinux+set}" = set; then :
@@ -24552,6 +24573,9 @@ test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/
 if test X"$INIT_SCRIPT" != X""; then
     ac_config_files="$ac_config_files init.d/$INIT_SCRIPT"
 
+elif test X"$TMPFILES_D" != X""; then
+    ac_config_files="$ac_config_files init.d/sudo.conf"
+
 fi
 ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers"
 
@@ -25544,6 +25568,7 @@ do
     "lib/zlib/zconf.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/zlib/zconf.h" ;;
     "lib/zlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/zlib/Makefile" ;;
     "init.d/$INIT_SCRIPT") CONFIG_FILES="$CONFIG_FILES init.d/$INIT_SCRIPT" ;;
+    "init.d/sudo.conf") CONFIG_FILES="$CONFIG_FILES init.d/sudo.conf" ;;
     "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
     "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
     "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;;
diff --git a/configure.ac b/configure.ac
index 6dc147b64..83e2488e8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -90,6 +90,7 @@ AC_SUBST([INIT_SCRIPT])
 AC_SUBST([INIT_DIR])
 AC_SUBST([RC_LINK])
 AC_SUBST([COMPAT_EXP])
+AC_SUBST([TMPFILES_D])
 AC_SUBST([exampledir])
 dnl
 dnl Variables that get substituted in docs (not overridden by environment)
@@ -226,6 +227,7 @@ WEAK_ALIAS=no
 CHECKSHADOW=true
 shadow_funcs=
 shadow_libs=
+TMPFILES_D=
 CONFIGURE_ARGS="$@"
 
 dnl
@@ -1478,6 +1480,18 @@ AC_ARG_ENABLE(weak_symbols,
 [AS_HELP_STRING([--disable-weak-symbols], [Disable use of weak symbols in the libsudo_util shared library.])],
 [], [enable_weak_symbols=yes])
 
+AC_ARG_ENABLE(tmpfiles.d,
+[AS_HELP_STRING([--enable-tmpfiles.d=DIR], [Set the path to the systemd tmpfiles.d directory.])],
+[case $enableval in
+    yes)	TMPFILES_D=/usr/lib/tmpfiles.d
+		;;
+    no)		TMPFILES_D=
+		;;
+    *)		TMPFILES_D="$enableval"
+esac], [
+    test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d
+])
+
 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
 [case $with_selinux in
     yes)	SELINUX_USAGE="[[-r role]] [[-t type]] "
@@ -4182,6 +4196,8 @@ dnl Substitute into the Makefile and man pages
 dnl
 if test X"$INIT_SCRIPT" != X""; then
     AC_CONFIG_FILES([init.d/$INIT_SCRIPT])
+elif test X"$TMPFILES_D" != X""; then
+    AC_CONFIG_FILES([init.d/sudo.conf])
 fi
 AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
 AC_OUTPUT
diff --git a/mkpkg b/mkpkg
index abd6585a4..2d35fad02 100755
--- a/mkpkg
+++ b/mkpkg
@@ -300,6 +300,9 @@ case "$osversion" in
 	;;
 esac
 
+# The postinstall script will create tmpfiles.d/sudo.conf for us
+configure_opts="${configure_opts}${configure_opts+$tab}--disable-tmpfiles.d"
+
 # Remove spaces from IFS when setting $@ so that passprompt may include them
 OIFS="$IFS"
 IFS="	$nl"
diff --git a/src/Makefile.in b/src/Makefile.in
index b4f4feebd..0258eb2b5 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -73,6 +73,7 @@ localedir = @localedir@
 localstatedir = @localstatedir@
 noexecfile = @NOEXECFILE@
 noexecdir = @NOEXECDIR@
+tmpfiles_d = @TMPFILES_D@
 
 # User and group ids the installed files should be "owned" by
 install_uid = 0
@@ -147,21 +148,20 @@ install: install-binaries install-rc @INSTALL_NOEXEC@
 install-dirs:
 	$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \
 	    $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir)
-	@if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then \
-	    mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d; \
-	fi
-
-install-rc:
-	@if [ -n "$(INIT_SCRIPT)" ]; then \
+	if test -n "$(INIT_SCRIPT)"; then \
 	    $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(INIT_DIR) \
 		`echo $(DESTDIR)$(RC_LINK) | $(SED) 's,/[^/]*$$,,'`; \
+	elif test -n "$(tmpfiles_d)"; then \
+	    $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(tmpfiles_d); \
+	fi
+
+install-rc: install-dirs
+	if [ -n "$(INIT_SCRIPT)" ]; then \
 	    $(INSTALL) $(INSTALL_OWNER) -m 0755 $(top_srcdir)/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \
 	    rm -f $(DESTDIR)$(RC_LINK); \
 	    ln -s $(INIT_DIR)/sudo $(DESTDIR)$(RC_LINK); \
-	fi
-	@if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then \
-	    echo "d $(DESTDIR)$(rundir) 0711 root root" > $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf; \
-	    echo "D $(DESTDIR)$(rundir)/ts 0700 root root" >> $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf; \
+	elif test -n "$(tmpfiles_d)"; then \
+	    $(INSTALL) $(INSTALL_OWNER) -m 0644 $(top_srcdir)/init.d/sudo.conf $(DESTDIR)$(tmpfiles_d)/sudo.conf; \
 	fi
 
 install-binaries: install-dirs $(PROGS)
@@ -190,9 +190,8 @@ uninstall:
 		$(DESTDIR)$(libexecdir)/sudo/sesh~ \
 		$(DESTDIR)$(noexecdir)/sudo_noexec.so~ \
 		$(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf
-	@if [ -n "$(INIT_SCRIPT)" ]; then \
-	    rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo; \
-	fi
+	-test -n "$(INIT_SCRIPT)" && \
+	    rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo
 
 cppcheck:
 	cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c
diff --git a/sudo.pp b/sudo.pp
index 6563de85b..6c72b5085 100644
--- a/sudo.pp
+++ b/sudo.pp
@@ -320,10 +320,6 @@ still allow people to get their work done."
 	/sbin/init.d/		ignore
 	/sbin/init.d/sudo	0755 root:
 %endif
-%if -d ${pp_destdir}/usr/lib/tmpfiles.d
-	/usr/lib/tmpfiles.d/	ignore
-	/usr/lib/tmpfiles.d/*	ignore
-%endif
 
 %files [!aix]
 	$mandir/man*/*		0644
@@ -411,7 +407,7 @@ still allow people to get their work done."
 
 %post [rpm,deb]
 	# Create /usr/lib/tmpfiles.d/sudo.conf if systemd is configured.
-	if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then
+	if [ -f /usr/lib/tmpfiles.d/systemd.conf ]; then
 		cat > /usr/lib/tmpfiles.d/sudo.conf <<-EOF
 		d %{rundir} 0711 root root
 		D %{rundir}/ts 0700 root root