From 9b19ea440cd58b8971b159f8a31942c945f4e186 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 1 Feb 2016 11:07:10 -0700 Subject: [PATCH] Fedora dropped "core" from the name some time ago so just match on f[0-9] for the rpm distro name provided by pp. Since the version numbers of Fedora and RHEL are so different switch to defining variables to indicate which features should be enabled. Works for Fedora 23. --- mkpkg | 53 +++++++++++++++++++++++++++++++++++++++-------------- sudo.pp | 34 +++++++++++++++++++++++++++------- 2 files changed, 66 insertions(+), 21 deletions(-) diff --git a/mkpkg b/mkpkg index 915603762..2a2cc2620 100755 --- a/mkpkg +++ b/mkpkg @@ -110,30 +110,55 @@ fi # Choose configure options by osversion. # We use the same configure options as vendor packages when possible. case "$osversion" in - centos*|rhel*|fc*) - if [ $osrelease -ge 40 ]; then - # RHEL 4 and up support SELinux + centos*|rhel*|f[0-9]*) + case "$osversion" in + centos*|rhel*) + if [ $osrelease -ge 40 ]; then + # RHEL 4 and up support SELinux + with_selinux=true + if [ $osrelease -ge 50 ]; then + # RHEL 5 and up has audit support and uses a + # separate PAM config file for "sudo -i". + with_linux_audit=true + with_pam_login=true + if [ $osrelease -ge 60 ]; then + # RHEL 6 and above builds sudo with SSSD support + with_sssd=true + # RHEL 6 and above use /etc/sudo-ldap.conf + with_sudo_ldap_conf=true + fi + fi + fi + ;; + f[0-9]*) + # XXX - investigate which features were in which fedora version + with_selinux=true + with_linux_audit=true + with_pam_login=true + with_sssd=true + with_sudo_ldap_conf=true + ;; + esac + + if [ X"$with_selinux" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi - if [ $osrelease -ge 50 ]; then - # RHEL 5 and up has audit support and uses a separate PAM - # config file for "sudo -i". + if [ X"$with_linux_audit" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit" - configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0" fi - if [ $osrelease -ge 60 ]; then - # RHEL 6 and above builds sudo with SSSD support + if [ X"$with_pam_login" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" + fi + if [ X"$with_sssd" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" if test "`getconf LONG_BIT`" = "64"; then # SSSD backend needs to know where to find the sssd lib configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib64" fi - # RHEL 6 and above use /etc/sudo-ldap.conf - if test "$flavor" = "ldap"; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap - --with-ldap-conf-file=/etc/sudo-ldap.conf" - fi + fi + if [ X"$with_sudo_ldap_conf" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap-conf-file=/etc/sudo-ldap.conf" fi # Note, must indent with tabs, not spaces due to IFS trickery configure_opts="--prefix=/usr diff --git a/sudo.pp b/sudo.pp index 9ec9ed3f1..295458d70 100644 --- a/sudo.pp +++ b/sudo.pp @@ -44,7 +44,7 @@ still allow people to get their work done." pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`" pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`" pp_rpm_license="BSD" - pp_rpm_url="https://www.sudo.ws/" + pp_rpm_url="https://www.sudo.ws" pp_rpm_group="Applications/System" pp_rpm_packager="Todd C. Miller " if test -n "$linux_audit"; then @@ -86,7 +86,7 @@ still allow people to get their work done." # Add distro info to release osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" ;; sles*) @@ -97,7 +97,7 @@ still allow people to get their work done." # Uncomment some Defaults in sudoers # Note that the order must match that of sudoers. case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // @@ -124,7 +124,7 @@ still allow people to get their work done." # For RedHat the doc dir is expected to include version and release case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) rhel_docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}" if test "`dirname ${exampledir}`" = "${docdir}"; then exampledir="${rhel_docdir}/`basename ${exampledir}`" @@ -136,7 +136,7 @@ still allow people to get their work done." # Choose the correct PAM file by distro, must be tab indented for "<<-" case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 50; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF @@ -165,7 +165,27 @@ still allow people to get their work done." EOF fi ;; - sles*) + f[0-9]*) + # XXX - share with rhel + mkdir -p ${pp_destdir}/etc/pam.d + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth include system-auth + account include system-auth + password include system-auth + session optional pam_keyinit.so revoke + session required pam_limits.so + EOF + cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF + #%PAM-1.0 + auth include sudo + account include sudo + password include sudo + session optional pam_keyinit.so force revoke + session required pam_limits.so + EOF + ;; + sles*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 10; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF @@ -263,7 +283,7 @@ still allow people to get their work done." cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$ sed "s/^\(Depends:.*\) *$/\1, ${DEPENDS}/" %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$ - echo "Homepage: https://www.sudo.ws/" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control %files -- 2.40.0