Package init

2019-09-30 11:17:51 -04:00 · 2019-09-30 11:17:51 -04:00 · 3e34b4e3f9
commit 3e34b4e3f9
5 changed files with 257 additions and 0 deletions
--- a/7
+++ b/7
@ -0,0 +1,7 @@
+#%PAM-1.0
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+session    optional     pam_keyinit.so revoke
+session    required     pam_limits.so
+session    include      system-auth
--- a/sudo-1.8.27.tar.gz
+++ b/sudo-1.8.27.tar.gz
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       include      sudo
+account    include      sudo
+password   include      sudo
+session    optional     pam_keyinit.so force revoke
+session    include      sudo
--- a/sudo.spec
+++ b/sudo.spec
@ -0,0 +1,148 @@
+Name: sudo
+Version: 1.8.27
+Release: 1
+Summary: Allows restricted root access for specified users
+License: ISC
+URL: http://www.courtesan.com/sudo/
+
+Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
+Source1: sudoers
+Source2: sudo
+Source3: sudo-i
+
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Requires: pam
+Recommends: vim-minimal
+Requires(post): coreutils
+
+BuildRequires: pam-devel groff openldap-devel flex bison automake autoconf libtool
+BuildRequires: audit-libs-devel libcap-devel libselinux-devel sendmail gettext zlib-devel
+BuildRequires: chrpath git
+
+%description
+Sudo is a program designed to allow a sysadmin to give limited root privileges
+to users and log root activity.  The basic philosophy is to give as few
+privileges as possible but still allow people to get their work done.
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains header files developing sudo
+plugins that use %{name}.
+
+%package_help
+
+%prep
+%autosetup -n %{name}-%{version} -S git
+
+%build
+autoreconf -I m4 -fv --install
+export CFLAGS="$RPM_OPT_FLAGS -fpie" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
+%configure \
+        --prefix=%{_prefix} \
+        --sbindir=%{_sbindir} \
+        --libdir=%{_libdir} \
+        --docdir=%{_pkgdocdir} \
+        --disable-root-mailer \
+        --with-logging=syslog \
+        --with-logfac=authpriv \
+        --with-pam \
+        --with-pam-login \
+        --with-editor=/bin/vi \
+        --with-env-editor \
+        --with-ignore-dot \
+        --with-tty-tickets \
+        --with-ldap \
+        --with-selinux \
+        --with-passprompt="[sudo] password for %p: " \
+        --with-linux-audit \
+        --with-sssd
+
+%make_build
+
+%check
+make check
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
+
+chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* 
+install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
+install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
+install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
+install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
+install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
+
+touch sudo.conf
+echo sudo > sudo.conf
+install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
+rm -f sudo.conf
+
+chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so
+
+rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
+rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
+
+%delete_la
+
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
+
+%chrpath_delete
+mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
+echo "/usr/libexec/sudo" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
+
+%find_lang sudo
+%find_lang sudoers
+
+mkdir -p $RPM_BUILD_ROOT/etc/pam.d
+install -p -c -m 0644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sudo
+install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
+
+%post
+/bin/chmod 0440 /etc/sudoers || :
+/sbin/ldconfig || :
+
+%postun -p /sbin/ldconfig
+
+%files -f sudo.lang -f sudoers.lang
+%attr(0440,root,root) %config(noreplace) /etc/sudoers
+%attr(0750,root,root) %dir /etc/sudoers.d/
+%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
+%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf
+%attr(4111,root,root) %{_bindir}/sudo
+%attr(0111,root,root) %{_bindir}/sudoreplay
+%{_bindir}/sudoedit
+%{_bindir}/cvtsudoers
+%attr(0755,root,root) %{_sbindir}/visudo
+%attr(0755,root,root) %{_libexecdir}/sudo/sesh
+%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
+%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
+%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
+%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
+%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so*
+%dir /var/db/sudo
+%dir /var/db/sudo/lectured
+%dir %{_libexecdir}/sudo
+%config(noreplace) /etc/pam.d/sudo
+%config(noreplace) /etc/pam.d/sudo-i
+%config(noreplace) /etc/ld.so.conf.d/*
+%license doc/LICENSE
+
+%files devel
+%{_includedir}/sudo_plugin.h
+
+%files help
+%dir %{_pkgdocdir}/
+%{_mandir}/man5/*
+%{_mandir}/man8/*
+%{_mandir}/man1/*
+%{_pkgdocdir}/*
+%doc plugins/sample/sample_plugin.c
+%exclude %{_pkgdocdir}/ChangeLog
+
+%changelog
+* Tue Aug 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-1
+- Package init
--- a/96
+++ b/96
@ -0,0 +1,96 @@
+## Sudoers allows particular users to run various commands as
+## the root user, without needing the root password.
+##
+## Examples are provided at the bottom of the file for collections
+## of related commands, which can then be delegated out to particular
+## users or groups.
+## 
+## This file must be edited with the 'visudo' command.
+
+## Host Aliases
+## Groups of machines. You may prefer to use hostnames (perhaps using 
+## wildcards for entire domains) or IP addresses instead.
+# Host_Alias     FILESERVERS = fs1, fs2
+# Host_Alias     MAILSERVERS = smtp, smtp2
+
+## User Aliases
+## These aren't often necessary, as you can use regular groups
+## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
+## rather than USERALIAS
+# User_Alias ADMINS = jsmith, mikem
+
+
+## Command Aliases
+## These are groups of related commands...
+
+## Networking
+# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
+
+## Installation and management of software
+# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
+
+## Services
+# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
+
+## Updating the locate database
+# Cmnd_Alias LOCATE = /usr/bin/updatedb
+
+## Storage
+# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
+
+## Delegating permissions
+# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 
+
+## Processes
+# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
+
+## Drivers
+# Cmnd_Alias DRIVERS = /sbin/modprobe
+
+# Defaults specification
+
+#
+# Refuse to run if unable to disable echo on the tty.
+#
+Defaults   !visiblepw
+
+Defaults    env_reset
+Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
+Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
+
+Defaults    secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+## Next comes the main part: which users can run what software on 
+## which machines (the sudoers file can be shared between multiple
+## systems).
+## Syntax:
+##
+## 	user	MACHINE=COMMANDS
+##
+## The COMMANDS section may have other options added to it.
+##
+## Allow root to run any commands anywhere 
+root	ALL=(ALL) 	ALL
+
+## Allows members of the 'sys' group to run networking, software, 
+## service management apps and more.
+# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
+
+## Allows people in group wheel to run all commands
+%wheel	ALL=(ALL)	ALL
+
+## Same thing without a password
+# %wheel	ALL=(ALL)	NOPASSWD: ALL
+
+## Allows members of the users group to mount and unmount the 
+## cdrom as root
+# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
+
+## Allows members of the users group to shutdown this system
+# %users  localhost=/sbin/shutdown -h now
+
+## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
+#includedir /etc/sudoers.d