diff --git a/mkpkg b/mkpkg index 915603762..2a2cc2620 100755 --- a/mkpkg +++ b/mkpkg @@ -110,30 +110,55 @@ fi # Choose configure options by osversion. # We use the same configure options as vendor packages when possible. case "$osversion" in - centos*|rhel*|fc*) - if [ $osrelease -ge 40 ]; then - # RHEL 4 and up support SELinux + centos*|rhel*|f[0-9]*) + case "$osversion" in + centos*|rhel*) + if [ $osrelease -ge 40 ]; then + # RHEL 4 and up support SELinux + with_selinux=true + if [ $osrelease -ge 50 ]; then + # RHEL 5 and up has audit support and uses a + # separate PAM config file for "sudo -i". + with_linux_audit=true + with_pam_login=true + if [ $osrelease -ge 60 ]; then + # RHEL 6 and above builds sudo with SSSD support + with_sssd=true + # RHEL 6 and above use /etc/sudo-ldap.conf + with_sudo_ldap_conf=true + fi + fi + fi + ;; + f[0-9]*) + # XXX - investigate which features were in which fedora version + with_selinux=true + with_linux_audit=true + with_pam_login=true + with_sssd=true + with_sudo_ldap_conf=true + ;; + esac + + if [ X"$with_selinux" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi - if [ $osrelease -ge 50 ]; then - # RHEL 5 and up has audit support and uses a separate PAM - # config file for "sudo -i". + if [ X"$with_linux_audit" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit" - configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" PPVARS="${PPVARS}${PPVARS+$space}linux_audit=1.4.0" fi - if [ $osrelease -ge 60 ]; then - # RHEL 6 and above builds sudo with SSSD support + if [ X"$with_pam_login" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-pam-login" + fi + if [ X"$with_sssd" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd" if test "`getconf LONG_BIT`" = "64"; then # SSSD backend needs to know where to find the sssd lib configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib64" fi - # RHEL 6 and above use /etc/sudo-ldap.conf - if test "$flavor" = "ldap"; then - configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap - --with-ldap-conf-file=/etc/sudo-ldap.conf" - fi + fi + if [ X"$with_sudo_ldap_conf" = X"true" ]; then + configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap-conf-file=/etc/sudo-ldap.conf" fi # Note, must indent with tabs, not spaces due to IFS trickery configure_opts="--prefix=/usr diff --git a/sudo.pp b/sudo.pp index 9ec9ed3f1..295458d70 100644 --- a/sudo.pp +++ b/sudo.pp @@ -44,7 +44,7 @@ still allow people to get their work done." pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`" pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`" pp_rpm_license="BSD" - pp_rpm_url="https://www.sudo.ws/" + pp_rpm_url="https://www.sudo.ws" pp_rpm_group="Applications/System" pp_rpm_packager="Todd C. Miller " if test -n "$linux_audit"; then @@ -86,7 +86,7 @@ still allow people to get their work done." # Add distro info to release osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" ;; sles*) @@ -97,7 +97,7 @@ still allow people to get their work done." # Uncomment some Defaults in sudoers # Note that the order must match that of sudoers. case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) chmod u+w ${pp_destdir}${sudoersdir}/sudoers /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF' /Locale settings/+1,s/^# // @@ -124,7 +124,7 @@ still allow people to get their work done." # For RedHat the doc dir is expected to include version and release case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*|f[0-9]*) rhel_docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}" if test "`dirname ${exampledir}`" = "${docdir}"; then exampledir="${rhel_docdir}/`basename ${exampledir}`" @@ -136,7 +136,7 @@ still allow people to get their work done." # Choose the correct PAM file by distro, must be tab indented for "<<-" case "$pp_rpm_distro" in - centos*|rhel*|fc*) + centos*|rhel*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 50; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF @@ -165,7 +165,27 @@ still allow people to get their work done." EOF fi ;; - sles*) + f[0-9]*) + # XXX - share with rhel + mkdir -p ${pp_destdir}/etc/pam.d + cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF + #%PAM-1.0 + auth include system-auth + account include system-auth + password include system-auth + session optional pam_keyinit.so revoke + session required pam_limits.so + EOF + cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF + #%PAM-1.0 + auth include sudo + account include sudo + password include sudo + session optional pam_keyinit.so force revoke + session required pam_limits.so + EOF + ;; + sles*) mkdir -p ${pp_destdir}/etc/pam.d if test $osrelease -lt 10; then cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF @@ -263,7 +283,7 @@ still allow people to get their work done." cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$ sed "s/^\(Depends:.*\) *$/\1, ${DEPENDS}/" %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$ - echo "Homepage: https://www.sudo.ws/" >> %{pp_wrkdir}/%{name}/DEBIAN/control + echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control %files