# use fakeroot -ba sudo.spec to build! %define pre 0 %define build_71 0 %if %build_71 %define _sysconfdir /etc %endif Summary: Allows command execution as root for specified users Name: sudo Version: 1.6.9p5 Release: %mkrel 1 Epoch: 1 License: GPL Group: System/Base URL: http://www.sudo.ws/sudo %if %pre Source: http://www.sudo.ws/sudo/dist/%name-%version%pre.tar.gz Source1: http://www.sudo.ws/sudo/dist/%name-%version%pre.tar.gz.sig %else Source: http://www.sudo.ws/sudo/dist/%name-%version.tar.gz Source1: http://www.sudo.ws/sudo/dist/%name-%version.tar.gz.sig Source2: sudo.pamd %endif Patch1: sudo-1.6.8_p9-nss_ldap.patch BuildRequires: pam-devel BuildRequires: openldap-devel BuildRoot: %_tmppath/%name-%version %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %prep %if %pre %setup -q -n %name-%version%pre %else %setup -q -n %name-%version %endif %patch1 -p1 -b .nss_ldap %build %serverbuild %configure --with-logging=both \ --with-logpath=/var/log/sudo.log \ --with-editor=/bin/vi \ --enable-log-host \ --disable-log-wrap \ --with-pam \ --with-env-editor \ --with-noexec=no \ --with-ldap \ --with-secure-path="/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin" \ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" %make %install rm -rf %{buildroot} mkdir -p %{buildroot}/usr %if %build_71 make prefix=%{buildroot}/usr sysconfdir=%{buildroot}/etc \ install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g) \ install make prefix=%{buildroot}/usr sysconfdir=%{buildroot}/etc \ install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g) \ install-sudoers %else %makeinstall \ install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g) %endif mkdir -p %{buildroot}/var/run/sudo chmod 700 %{buildroot}/var/run/sudo install -D -m644 %{SOURCE2} %{buildroot}/etc/pam.d/sudo # Installing logrotated file mkdir -p %{buildroot}/etc/logrotate.d cat <<END >%{buildroot}/etc/logrotate.d/sudo /var/log/sudo.log { missingok monthly compress } END chmod 755 %{buildroot}/usr/bin/sudo chmod 755 %{buildroot}/usr/sbin/visudo install -m 755 sudoers2ldif %{buildroot}%{_bindir} %clean rm -rf %{buildroot} %files %defattr(-,root,root) %doc BUGS CHANGES HISTORY INSTALL PORTING README README.LDAP %doc TROUBLESHOOTING UPGRADE sample.sudoers %attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers %config(noreplace) %{_sysconfdir}/logrotate.d/sudo %config(noreplace) %{_sysconfdir}/pam.d/sudo %{_bindir}/sudoers2ldif %attr(4111,root,root) %{_bindir}/sudo %attr(4111,root,root) %{_bindir}/sudoedit %attr(0111,root,root) %{_sbindir}/visudo %{_mandir}/*/* /var/run/sudo %changelog * Thu Sep 13 2007 Marcelo Ricardo Leitner <mrl@mandriva.com> 1.6.9p5-1mdv2008.0 + Revision: 85183 - Upstream's TODO file doesn't exist anymore. + Tomasz Pawel Gajc <tpg@mandriva.org> - new version * Sat Aug 18 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p4-1mdv2008.0 + Revision: 65404 - new version - correct url * Fri Aug 03 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p3-1mdv2008.0 + Revision: 58394 - new version * Thu Aug 02 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p2-1mdv2008.0 + Revision: 57903 - new version - remove /usr/X11R6/bin from the secure path * Fri Jul 27 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p1-2mdv2008.0 + Revision: 56323 - new version (bugfixes) * Mon Jul 23 2007 Andreas Hasenack <andreas@mandriva.com> 1:1.6.9-2mdv2008.0 + Revision: 54662 - %%{optflags} doesn't include the security flags set by %%serverbuild * Sun Jul 22 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9-1mdv2008.0 + Revision: 54403 - remove patch 0 - new version * Wed Jun 27 2007 Andreas Hasenack <andreas@mandriva.com> 1:1.6.8p12-8mdv2008.0 + Revision: 45062 - using new serverbuild macro (-fstack-protector) * Fri Jun 22 2007 Andreas Hasenack <andreas@mandriva.com> 1:1.6.8p12-7mdv2008.0 + Revision: 43263 - use -fstack-protector * Tue Feb 27 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.6.8p12-6mdv2007.0 + Revision: 126251 - no ugly and unjustified file requires on /etc/pam.d/system-auth - spec cleanup - use patch from gentoo to fix nss issue (fix #23421) * Fri Feb 23 2007 Thierry Vignaud <tvignaud@mandriva.com> 1:1.6.8p12-5mdv2007.1 + Revision: 125075 - Import sudo * Fri Feb 23 2007 Thierry Vignaud <tvignaud@mandrakesoft.com> 1.6.8p12-5mdv2007.1 - update patch 0: whitelist GP_LANG & GP_LANGUAGE (#25419) * Fri Sep 01 2006 Warly <warly@mandriva.com> 1:1.6.8p12-4mdv2007.0 - make sudo use a whitelist rather than blacklist * Tue May 02 2006 Stefan van der Eijk <stefan@eijk.nu> 1:1.6.8p12-3mdk - rebuild for sparc * Tue Jan 31 2006 Olivier Blin <oblin@mandriva.com> 1.6.8p12-2mdk - use "include" directive instead of deprecated pam_stack module (and remove hardcoded library path) - move pam.d config in Source2 * Thu Dec 22 2005 Oden Eriksson <oeriksson@mandriva.com> 1.6.8p12-1mdk - 1.6.8p12 - merged bits from the sudo-1.6.8p8-CVE-2005-2959_4158.patch * Thu Oct 06 2005 Pascal Terjan <pterjan@mandriva.org> 1.6.8p9-1mdk - 1.6.8p9 * Wed Aug 31 2005 Oden Eriksson <oeriksson@mandriva.com> 1.6.8p8-2mdk - rebuilt against new openldap-2.3.6 libs * Mon Jun 06 2005 Pascal TErjan <pterjan@mandriva.org> 1:1.6.8p8-1mdk - 1.6.8p8 - summary-ended-with-dot * Fri Feb 04 2005 Buchan Milne <bgmilne@linux-mandrake.com> 1.6.8p1-2mdk - rebuild for ldap2.2_7 * Wed Sep 22 2004 Olivier Blin <blino@mandrake.org> 1.6.8p1-1mdk - 1.6.8p1 * Sun Aug 29 2004 Olivier Blin <blino@mandrake.org> 1.6.8-2mdk - ldap support - add README.ldap and sudoers2ldif in package * Sat Aug 28 2004 Olivier Blin <blino@mandrake.org> 1.6.8-1mdk - 1.6.8 - spec file fixes for stable versions - do not build sudo_noexec - ship sudoedit * Tue Aug 03 2004 Olivier Blin <blino@mandrake.org> 1.6.7-0.p5.3mdk - define a sane secure path (fix bug 448)