2 if test -n "$flavor"; then
4 pp_kit_package="sudo_$flavor"
9 summary="Provide limited super-user privileges to specific users"
10 description="Sudo is a program designed to allow a sysadmin to give \
11 limited root privileges to users and log root activity. \
12 The basic philosophy is to give as few privileges as possible but \
13 still allow people to get their work done."
14 vendor="Todd C. Miller"
15 copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
16 sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"`
17 sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`
20 # AIX package summary is limited to 40 characters
21 summary="Configurable super-user privileges"
23 # Convert to 4 part version for AIX, including patch level
24 pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
28 # Strip off patchlevel for kit which only supports xyz versions
29 pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
34 pp_sd_vendor_tag="TCM"
38 pp_solaris_name="TCM${name}"
39 pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
43 # Convert patch level into release and remove from version
44 pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
45 pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
47 pp_rpm_url="http://www.sudo.ws/"
48 pp_rpm_group="Applications/System"
49 pp_rpm_packager="Todd C. Miller <Todd.Miller@courtesan.com>"
50 if test -n "$linux_audit"; then
51 pp_rpm_requires="audit-libs >= $linux_audit"
54 # For all but RPM and Debian we need to install sudoers with a different
55 # name and make a copy of it if there is no existing file.
56 mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
60 pp_deb_maintainer="$pp_rpm_packager"
61 pp_deb_release="$pp_rpm_release"
62 pp_deb_version="$pp_rpm_version"
64 install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright
65 install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
66 gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
67 printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
68 chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
69 gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
70 # Create lintian override file
71 mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides
72 cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF
73 # The sudo binary must be setuid root
74 $name: setuid-binary usr/bin/sudo 4755 root/root
75 # Sudo configuration and data dirs must not be world-readable
76 $name: non-standard-file-perm etc/sudoers 0440 != 0644
77 $name: non-standard-dir-perm etc/sudoers.d/ 0750 != 0755
78 $name: non-standard-dir-perm var/lib/sudo/ 0700 != 0755
79 # Sudo ships with debugging symbols
80 $name: unstripped-binary-or-object
82 chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name}
86 # Add distro info to release
87 osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
88 case "$pp_rpm_distro" in
90 pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
93 pp_rpm_release="$pp_rpm_release.sles$osrelease"
97 # Uncomment some Defaults in sudoers
98 # Note that the order must match that of sudoers.
99 case "$pp_rpm_distro" in
101 chmod u+w ${pp_destdir}${sudoersdir}/sudoers
102 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
103 /Locale settings/+1,s/^# //
104 /Desktop path settings/+1,s/^# //
108 chmod u-w ${pp_destdir}${sudoersdir}/sudoers
111 chmod u+w ${pp_destdir}${sudoersdir}/sudoers
112 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
113 /Locale settings/+1,s/^# //
114 /ConsoleKit session/+1,s/^# //
115 /allow any user to run sudo if they know the password/+2,s/^# //
116 /allow any user to run sudo if they know the password/+3,s/^# //
120 chmod u-w ${pp_destdir}${sudoersdir}/sudoers
124 # For RedHat the doc dir is expected to include version and release
125 case "$pp_rpm_distro" in
127 mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
128 docdir=${docdir}-${version}-${pp_rpm_release}
132 # Choose the correct PAM file by distro, must be tab indented for "<<-"
133 case "$pp_rpm_distro" in
135 mkdir -p ${pp_destdir}/etc/pam.d
136 if test $osrelease -lt 50; then
137 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
139 auth required pam_stack.so service=system-auth
140 account required pam_stack.so service=system-auth
141 password required pam_stack.so service=system-auth
142 session required pam_limits.so
145 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
147 auth include system-auth
148 account include system-auth
149 password include system-auth
150 session optional pam_keyinit.so revoke
151 session required pam_limits.so
153 cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
157 password include sudo
158 session optional pam_keyinit.so force revoke
159 session required pam_limits.so
164 mkdir -p ${pp_destdir}/etc/pam.d
165 if test $osrelease -lt 10; then
166 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
168 auth required pam_unix2.so
169 session required pam_limits.so
172 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
174 auth include common-auth
175 account include common-account
176 password include common-password
177 session include common-session
178 # session optional pam_xauth.so
186 # Uncomment some Defaults and the %sudo rule in sudoers
187 # Note that the order must match that of sudoers and be tab-indented.
188 chmod u+w ${pp_destdir}${sudoersdir}/sudoers
189 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
190 /Locale settings/+1,s/^# //
191 /X11 resource/+1,s/^# //
196 chmod u-w ${pp_destdir}${sudoersdir}/sudoers
197 mkdir -p ${pp_destdir}/etc/pam.d
198 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
202 @include common-account
204 session required pam_permit.so
205 session required pam_limits.so
210 pp_macos_pkg_type=flat
211 pp_macos_bundle_id=ws.sudo.pkg.sudo
212 pp_macos_pkg_license=doc/LICENSE
213 pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt
214 perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt
217 %if X"$aix_freeware" = X"true"
218 # Create links from /opt/freeware/{bin,sbin} -> /usr/{bin.sbin}
219 mkdir -p ${pp_destdir}/usr/bin ${pp_destdir}/usr/sbin
220 ln -s -f ${bindir}/sudo ${pp_destdir}/usr/bin
221 ln -s -f ${bindir}/sudoedit ${pp_destdir}/usr/bin
222 ln -s -f ${bindir}/sudoreplay ${pp_destdir}/usr/bin
223 ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin
226 # OS-level directories that should generally exist but might not.
227 extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
228 extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
229 test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir"
230 test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
231 for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
232 while test "$dir" != "/"; do
233 osdirs="${osdirs}${osdirs+ }$dir/"
237 osdirs=`echo $osdirs | tr " " "\n" | sort -u`
240 libc6, libpam0g, libpam-modules, zlib1g, libselinux1
243 # Add Conflicts, Replaces headers and add libldap depedency as needed.
244 if test -z "%{flavor}"; then
245 echo "Conflicts: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
246 echo "Replaces: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
247 elif test "%{flavor}" = "ldap"; then
248 echo "Conflicts: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
249 echo "Replaces: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
250 echo "Provides: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
251 cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$
252 sed 's/^\(Depends:.*\) *$/\1, libldap-2.4-2/' %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control
253 rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$
255 echo "Homepage: http://www.sudo.ws/sudo/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
256 echo "Bugs: http://www.sudo.ws/bugs/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
260 $bindir/sudo 4755 root:
261 $bindir/sudoedit 0755 root: symlink sudo
263 $bindir/sudoreplay 0755
264 $includedir/sudo_plugin.h 0644
265 $libexecdir/* $shlib_mode optional
266 $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
269 $docdir/sudoers2ldif 0755 optional,ignore-others
271 $docdir/LICENSE ignore,ignore-others
272 $docdir/ChangeLog ignore,ignore-others
275 $localedir/*/ - optional
276 $localedir/*/LC_MESSAGES/ - optional
277 $localedir/*/LC_MESSAGES/* 0644 optional
278 /etc/pam.d/* 0644 volatile,optional
280 $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
282 $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
284 %if X"$aix_freeware" = X"true"
285 # Links for binaries from /opt/freeware to /usr
286 /usr/bin/sudo 0755 root: symlink $bindir/sudo
287 /usr/bin/sudoedit 0755 root: symlink $bindir/sudoedit
288 /usr/bin/sudoreplay 0755 root: symlink $bindir/sudoreplay
289 /usr/sbin/visudo 0755 root: symlink $sbindir/visudo
293 $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target
297 # Some versions use catpages, some use manpages.
298 $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target
299 $mandir/cat*/* 0644 optional
300 $mandir/man*/* 0644 optional
303 if rpm -q %{name} >/dev/null 2>&1; then
304 echo "Another version of sudo is currently installed via rpm." 2>&1
305 echo "Please either uninstall the rpm version of sudo by running \"rpm -e sudo\"" 2>&1
306 echo "or upgrade the existing version of sudo using the .rpm packagae instead" 2>&1
307 echo "instead of the .bff package." 2>&1
309 echo "Note that you may need to pass rpm the --oldpackage flag when upgrading" 2>&1
310 echo "the AIX Toolbox version of sudo to the latest sudo rpm from sudo.ws." 2>&1
316 # Don't overwrite an existing sudoers file
318 sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir}
320 sudoersdir=%{sudoersdir}
322 if test ! -r $sudoersdir/sudoers; then
323 cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
324 chmod %{sudoers_mode} $sudoersdir/sudoers
325 chown %{sudoers_uid} $sudoersdir/sudoers
326 chgrp %{sudoers_gid} $sudoersdir/sudoers
332 # dpkg-deb does not maintain the mode on the sudoers file, and
333 # installs it 0640 when sudo requires 0440
334 chmod %{sudoers_mode} %{sudoersdir}/sudoers
336 # create symlink to ease transition to new path for ldap config
337 # if old config file exists and new one doesn't
338 if test X"%{flavor}" = X"ldap" -a \
339 -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
340 ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
343 # Debian uses a sudo group in its default sudoers file
345 exit 0 if getgrnam("sudo");
346 $gid = 27; # default debian sudo gid
348 while (getgrgid($gid)) { $gid++; }
350 print "On Debian we normally use gid 27 for \"sudo\".\n";
351 $gname = getgrgid(27);
352 print "However, on your system gid 27 is group \"$gname\".\n\n";
353 print "Would you like me to stop configuring sudo so that you can change this? [n] ";
355 if ($ans =~ /^[yY]/) {
356 print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
360 print "Creating group \"sudo\" with gid = $gid\n";
361 system("groupadd -g $gid sudo");
368 # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
369 # it matches what we created in the postinstall script.
370 if test X"%{flavor}" = X"ldap" -a \
371 X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
372 rm -f /etc/sudo-ldap.conf