2 if test -n "$flavor"; then
4 pp_kit_package="sudo_$flavor"
9 summary="Provide limited super-user privileges to specific users"
10 description="Sudo is a program designed to allow a sysadmin to give \
11 limited root privileges to users and log root activity. \
12 The basic philosophy is to give as few privileges as possible but \
13 still allow people to get their work done."
14 vendor="Todd C. Miller"
15 copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
18 # AIX package summary is limited to 40 characters
19 summary="Configurable super-user privileges"
21 # Convert to 4 part version for AIX, including patch level
22 pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
26 # Strip off patchlevel for kit which only supports xyz versions
27 pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/[^0-9][^0-9]*[0-9][0-9]*$//'`"
32 pp_sd_vendor_tag="TCM"
36 pp_solaris_name="TCM${name}"
37 pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
41 # Convert patch level into release and remove from version
42 pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) + 1`"
43 pp_rpm_version="`expr $version : '\(.*\)p[0-9][0-9]*'`"
45 pp_rpm_url="http://www.sudo.ws/"
46 pp_rpm_group="Applications/System"
47 pp_rpm_packager="Todd.Miller@courtesan.com"
48 if test -n "$linux_audit"; then
49 pp_rpm_requires="audit-libs >= $linux_audit"
52 pp_deb_maintainer="$pp_rpm_packager"
53 pp_deb_release="$pp_rpm_release"
54 pp_deb_version="$pp_rpm_version"
56 # For all but RPM and Debian we need to install sudoers with a different
57 # name and make a copy of it if there is no existing file.
58 mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
62 # Add distro info to release
63 osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
64 case "$pp_rpm_distro" in
66 pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
69 pp_rpm_release="$pp_rpm_release.sles$osrelease"
73 # Uncomment some Defaults in sudoers
74 # Note that the order must match that of sudoers.
75 case "$pp_rpm_distro" in
77 chmod u+w ${pp_destdir}${sudoersdir}/sudoers
78 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
79 /Locale settings/+1,s/^# //
80 /Desktop path settings/+1,s/^# //
84 chmod u-w ${pp_destdir}${sudoersdir}/sudoers
87 chmod u+w ${pp_destdir}${sudoersdir}/sudoers
88 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
89 /Locale settings/+1,s/^# //
90 /ConsoleKit session/+1,s/^# //
91 /allow any user to run sudo if they know the password/+2,s/^# //
92 /allow any user to run sudo if they know the password/+3,s/^# //
96 chmod u-w ${pp_destdir}${sudoersdir}/sudoers
100 # For RedHat the doc dir is expected to include version and release
101 case "$pp_rpm_distro" in
103 mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
104 docdir=${docdir}-${version}-${pp_rpm_release}
108 # Choose the correct PAM file by distro, must be tab indented for "<<-"
109 case "$pp_rpm_distro" in
111 mkdir -p ${pp_destdir}/etc/pam.d
112 if test $osrelease -lt 50; then
113 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
115 auth required pam_stack.so service=system-auth
116 account required pam_stack.so service=system-auth
117 password required pam_stack.so service=system-auth
118 session required pam_limits.so
121 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
123 auth include system-auth
124 account include system-auth
125 password include system-auth
126 session optional pam_keyinit.so revoke
127 session required pam_limits.so
129 cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
133 password include sudo
134 session optional pam_keyinit.so force revoke
135 session required pam_limits.so
140 mkdir -p ${pp_destdir}/etc/pam.d
141 if test $osrelease -lt 10; then
142 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
144 auth required pam_unix2.so
145 session required pam_limits.so
148 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
150 auth include common-auth
151 account include common-account
152 password include common-password
153 session include common-session
154 # session optional pam_xauth.so
162 # Uncomment some Defaults and the %sudo rule in sudoers
163 # Note that the order must match that of sudoers and be tab-indented.
164 chmod u+w ${pp_destdir}${sudoersdir}/sudoers
165 /bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
166 /Locale settings/+1,s/^# //
167 /X11 resource/+1,s/^# //
172 chmod u-w ${pp_destdir}${sudoersdir}/sudoers
173 mkdir -p ${pp_destdir}/etc/pam.d
174 cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
178 @include common-account
180 session required pam_permit.so
181 session required pam_limits.so
186 pp_macos_pkg_type=flat
187 pp_macos_bundle_id=ws.sudo.pkg.sudo
188 pp_macos_pkg_license=doc/LICENSE
189 pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt
190 perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt
193 # OS-level directories that should generally exist but might not.
194 extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
195 extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
196 test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
197 for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
198 while test "$dir" != "/"; do
199 osdirs="${osdirs}${osdirs+ }$dir/"
203 osdirs=`echo $osdirs | tr " " "\n" | sort -u`
207 $bindir/sudo 4111 root:
208 $bindir/sudoedit 4111 root:
210 $bindir/sudoreplay 0111
211 $includedir/sudo_plugin.h 0444
212 $libexecdir/* 0755 optional
213 $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
216 $docdir/sudoers2ldif 0555 optional,ignore-others
218 $localedir/ - optional
219 $localedir/** 0444 optional
220 /etc/pam.d/* 0444 volatile,optional
222 $sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
224 $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
231 # Some versions use catpages, some use manpages.
232 $mandir/cat*/* optional
233 $mandir/man*/* optional
236 # Don't overwrite an existing sudoers file
238 sudoersdir=${PKG_INSTALL_ROOT}%{sudoersdir}
240 sudoersdir=%{sudoersdir}
242 if test ! -r $sudoersdir/sudoers; then
243 cp $sudoersdir/sudoers.dist $sudoersdir/sudoers
244 chmod %{sudoers_mode} $sudoersdir/sudoers
245 chown %{sudoers_uid} $sudoersdir/sudoers
246 chgrp %{sudoers_gid} $sudoersdir/sudoers
250 # dpkg-deb does not maintain the mode on the sudoers file, and
251 # installs it 0640 when sudo requires 0440
252 chmod %{sudoers_mode} %{sudoersdir}/sudoers
254 # create symlink to ease transition to new path for ldap config
255 # if old config file exists and new one doesn't
256 if test X"%{flavor}" = X"ldap" -a \
257 -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
258 ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
261 # Debian uses a sudo group in its default sudoers file
263 exit 0 if getgrnam("sudo");
264 $gid = 27; # default debian sudo gid
266 while (getgrgid($gid)) { $gid++; }
268 print "On Debian we normally use gid 27 for \"sudo\".\n";
269 $gname = getgrgid(27);
270 print "However, on your system gid 27 is group \"$gname\".\n\n";
271 print "Would you like me to stop configuring sudo so that you can change this? [n] ";
273 if ($ans =~ /^[yY]/) {
274 print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
278 print "Creating group \"sudo\" with gid = $gid\n";
279 system("groupadd -g $gid sudo");
284 # Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
285 # it matches what we created in the postinstall script.
286 if test X"%{flavor}" = X"ldap" -a \
287 X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
288 rm -f /etc/sudo-ldap.conf