The basic philosophy is to give as few privileges as possible but \
still allow people to get their work done."
vendor="Todd C. Miller"
- copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
+ copyright="(c) 1993-1996,1998-2013 Todd C. Miller"
+ sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"`
+ sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`
%if [aix]
# AIX package summary is limited to 40 characters
pp_rpm_license="BSD"
pp_rpm_url="http://www.sudo.ws/"
pp_rpm_group="Applications/System"
- pp_rpm_packager="Todd.Miller@courtesan.com"
+ pp_rpm_packager="Todd C. Miller <Todd.Miller@courtesan.com>"
if test -n "$linux_audit"; then
pp_rpm_requires="audit-libs >= $linux_audit"
fi
-
- pp_deb_maintainer="$pp_rpm_packager"
- pp_deb_release="$pp_rpm_release"
- pp_deb_version="$pp_rpm_version"
%else
# For all but RPM and Debian we need to install sudoers with a different
# name and make a copy of it if there is no existing file.
mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
%endif
+%if [deb]
+ pp_deb_maintainer="$pp_rpm_packager"
+ pp_deb_release="$pp_rpm_release"
+ pp_deb_version="$pp_rpm_version"
+ pp_deb_section=admin
+ install -D -m 644 ${pp_destdir}$docdir/LICENSE ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright
+ install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
+ gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
+ printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
+ chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
+ gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
+ # Create lintian override file
+ mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides
+ cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF
+ # The sudo binary must be setuid root
+ $name: setuid-binary usr/bin/sudo 4755 root/root
+ # Sudo configuration and data dirs must not be world-readable
+ $name: non-standard-file-perm etc/sudoers 0440 != 0644
+ $name: non-standard-dir-perm etc/sudoers.d/ 0750 != 0755
+ $name: non-standard-dir-perm var/lib/sudo/ 0700 != 0755
+ # Sudo ships with debugging symbols
+ $name: unstripped-binary-or-object
+ EOF
+ chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name}
+%endif
+
%if [rpm]
# Add distro info to release
osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
perl -pe 'last if (/^What/i && $seen++)' NEWS > ${pp_wrkdir}/ReadMe.txt
%endif
+%if X"$aix_freeware" = X"true"
+ # Create links from /opt/freeware/{bin,sbin} -> /usr/{bin.sbin}
+ mkdir -p ${pp_destdir}/usr/bin ${pp_destdir}/usr/sbin
+ ln -s -f ${bindir}/sudo ${pp_destdir}/usr/bin
+ ln -s -f ${bindir}/sudoedit ${pp_destdir}/usr/bin
+ ln -s -f ${bindir}/sudoreplay ${pp_destdir}/usr/bin
+ ln -s -f ${sbindir}/visudo ${pp_destdir}/usr/sbin
+%endif
+
# OS-level directories that should generally exist but might not.
extradirs=`echo ${pp_destdir}/${mandir}/[mc]* | sed "s#${pp_destdir}/##g"`
extradirs="$extradirs `dirname $docdir` `dirname $timedir`"
+ test -d ${pp_destdir}${localedir} && extradirs="$extradirs $localedir"
test -d ${pp_destdir}/etc/pam.d && extradirs="${extradirs} /etc/pam.d"
for dir in $bindir $sbindir $libexecdir $includedir $extradirs; do
while test "$dir" != "/"; do
done
osdirs=`echo $osdirs | tr " " "\n" | sort -u`
+%depend [deb]
+ libc6, libpam0g, libpam-modules, zlib1g, libselinux1
+
+%fixup [deb]
+ # Add Conflicts, Replaces headers and add libldap depedency as needed.
+ if test -z "%{flavor}"; then
+ echo "Conflicts: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
+ echo "Replaces: sudo-ldap" >> %{pp_wrkdir}/%{name}/DEBIAN/control
+ elif test "%{flavor}" = "ldap"; then
+ echo "Conflicts: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
+ echo "Replaces: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
+ echo "Provides: sudo" >> %{pp_wrkdir}/%{name}/DEBIAN/control
+ cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$
+ sed 's/^\(Depends:.*\) *$/\1, libldap-2.4-2/' %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control
+ rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$
+ fi
+ echo "Homepage: http://www.sudo.ws/sudo/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
+ echo "Bugs: http://www.sudo.ws/bugs/" >> %{pp_wrkdir}/%{name}/DEBIAN/control
+
%files
$osdirs -
- $bindir/sudo 4111 root:
- $bindir/sudoedit 4111 root:
- $sbindir/visudo 0111
- $bindir/sudoreplay 0111
- $includedir/sudo_plugin.h 0444
- $libexecdir/* 0755 optional
+ $bindir/sudo 4755 root:
+ $bindir/sudoedit 0755 root: symlink sudo
+ $sbindir/visudo 0755
+ $bindir/sudoreplay 0755
+ $includedir/sudo_plugin.h 0644
+ $libexecdir/sudo/ 0755
+ $libexecdir/sudo/sesh 0755 optional,ignore-others
+ $libexecdir/sudo/* $shlib_mode optional
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
$timedir/ 0700 root:
$docdir/ 0755
- $docdir/sudoers2ldif 0555 optional,ignore-others
- $docdir/* 0444
- $localedir/ - optional
- $localedir/** 0444 optional
- /etc/pam.d/* 0444 volatile,optional
+ $docdir/sudoers2ldif 0755 optional,ignore-others
+%if [deb]
+ $docdir/LICENSE ignore,ignore-others
+ $docdir/ChangeLog ignore,ignore-others
+%endif
+ $docdir/* 0644
+ $localedir/*/ - optional
+ $localedir/*/LC_MESSAGES/ - optional
+ $localedir/*/LC_MESSAGES/* 0644 optional
+ /etc/pam.d/* 0644 volatile,optional
%if [rpm,deb]
$sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
%else
$sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
%endif
+%if X"$aix_freeware" = X"true"
+ # Links for binaries from /opt/freeware to /usr
+ /usr/bin/sudo 0755 root: symlink $bindir/sudo
+ /usr/bin/sudoedit 0755 root: symlink $bindir/sudoedit
+ /usr/bin/sudoreplay 0755 root: symlink $bindir/sudoreplay
+ /usr/sbin/visudo 0755 root: symlink $sbindir/visudo
+%endif
%files [!aix]
- $mandir/man*/*
+ $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target
+ $mandir/man*/* 0644
%files [aix]
# Some versions use catpages, some use manpages.
- $mandir/cat*/* optional
- $mandir/man*/* optional
+ $sudoedit_man 0644 symlink,ignore-others $sudoedit_man_target
+ $mandir/cat*/* 0644 optional
+ $mandir/man*/* 0644 optional
+
+%pre [aix]
+ if rpm -q %{name} >/dev/null 2>&1; then
+ echo "Another version of sudo is currently installed via rpm." 2>&1
+ echo "Please either uninstall the rpm version of sudo by running \"rpm -e sudo\"" 2>&1
+ echo "or upgrade the existing version of sudo using the .rpm packagae instead" 2>&1
+ echo "instead of the .bff package." 2>&1
+ echo "" 2>&1
+ echo "Note that you may need to pass rpm the --oldpackage flag when upgrading" 2>&1
+ echo "the AIX Toolbox version of sudo to the latest sudo rpm from sudo.ws." 2>&1
+ echo "" 2>&1
+ exit 1
+ fi
%post [!rpm,deb]
# Don't overwrite an existing sudoers file
fi
%post [deb]
+ set -e
+
# dpkg-deb does not maintain the mode on the sudoers file, and
# installs it 0640 when sudo requires 0440
chmod %{sudoers_mode} %{sudoersdir}/sudoers
'
%preun [deb]
+ set -e
+
# Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
# it matches what we created in the postinstall script.
if test X"%{flavor}" = X"ldap" -a \