# enable tests by default %define dotests 1 # enable LDAP by default. %define IDSLDAP 1 Summary: Allows restricted root access for specified users. Summary(ja): »ØÄê¥æ¡Œ¥¶€ËÀ©žÂÉÕ€Îrootž¢žÂ€òµö²Ä€¹€ë Name: sudo_ids Version: 1.8.27 Release: 1 Group: Applications/System License: IBM_ILA Source: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz Source1: IBM_ILA URL: http://www.sudo.ws Prefix: %{_prefix} BuildRoot: /var/tmp/%{name}-%{version}-%{release}-root Conflicts: sudo Requires: gettext >= 0.19.7-1 %description Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. This sudo is built with ibm idsldap. One has to make sure appropriate symbolic links are created in /usr/lib for idsldap libraries (through idslink command provided by idsldap filesets) followed by "updtvpkg" before installing the rpm. %description -l ja sudo (superuser do) €È€Ï¥·¥¹¥Æ¥àŽÉÍýŒÔ€¬¡¢¿®Íрǀ­€ë¥æ¡Œ¥¶(€Þ€¿€Ï¥°¥ë¡Œ¥×)€ËÂÐ €·€Æ¡¢€€€¯€Ä€«(€â€·€¯€ÏÁŽ€Æ)€Î¥³¥Þ¥ó¥É€ò root €È€·€ÆŒÂ¹Ô€Ç€­€ë€è€Š¡¢€œ€Î¥³¥Þ¥ó ¥É€ÎŒÂ¹ÔÍúÎò€Î¥í¥°€ò€È€ê€Ä€Äµö²Ä€¹€ë»ÅÁȀ߀ǀ¹¡£sudo €Ï¥³¥Þ¥ó¥É°ì¹Ôñ°Ì€ÇÆ°ºî €·€Þ€¹¡£¥·¥§¥ë€ÎÃÖ€­Ž¹€š€Ç€Ï€¢€ê€Þ€»€ó¡£°Ê²Œ€Îµ¡Çœ€òÆ⢀·€Æ€€€Þ€¹¡£¥Û¥¹¥Èñ°Ì €Ç¡¢€œ€Î¥³¥Þ¥ó¥É€òŒÂ¹Ô²ÄÇœ€Ê¥æ¡Œ¥¶€òÀ©žÂ€¹€ëµ¡Çœ¡¢³Æ¥³¥Þ¥ó¥É€Ë€Ä€€€Æ€Î(€Ê €Ë€òŒÂ¹Ô€·€¿€«€Îº¯À×€ò»Ä€¹€¿€á€Î)Ë­ÉÙ€Ê¥í¥®¥ó¥°µ¡Çœ¡¢sudo ¥³¥Þ¥ó¥É€Î¥¿¥€¥à¥¢¥Š ¥È»þŽÖ€òÀßÄê²ÄÇœ¡¢Ê£¿ô€Î¥Þ¥·¥ó€ÇƱ°ì€ÎÀßÄê¥Õ¥¡¥€¥ë(sudoers)€ò¶ŠÍ­€¹€ëµ¡Çœ¡¢€¬ tat¢€ê€Þ€¹¡£ %prep %setup -q -n sudo-%{version} # Add license info cat $RPM_SOURCE_DIR/IBM_ILA > doc/LICENSE.new cat doc/LICENSE >> doc/LICENSE.new mv doc/LICENSE.new doc/LICENSE %build export CC="gcc -maix32" export OBJECT_MODE=32 export CFLAGS="$RPM_OPT_FLAGS -fstack-check" export LDFLAGS="-L/usr/lib -Wl,-blibpath:/usr/lib:/lib:/opt/freeware/libexec/sudo:/opt/freeware/lib -Wl,-bmaxdata:0x80000000" export AR="/usr/bin/ar -X32" ./configure \ --prefix=%{_prefix} \ --sbindir=%{_prefix}/sbin \ --mandir=%{_mandir} \ --docdir=%{_datadir}/doc/%{name}-%{version} \ --libdir=%{_libdir} \ --with-logging=syslog \ --with-aixauth \ --with-logfac=auth \ --without-pam \ --with-env-editor \ --with-ignore-dot \ --with-tty-tickets \ %if %{IDSLDAP} == 1 --with-ldap \ --with-ldap-conf-file=/etc/sudo-ldap.conf %endif make if [ "%{dotests}" == 1 ] then ( gmake -k check || true ) /usr/sbin/slibclean fi %install rm -rf $RPM_BUILD_ROOT mkdir $RPM_BUILD_ROOT sed -e 's/-o $(sudoers_uid) -g $(sudoers_gid) / /g' \ -e 's/-o $(install_uid) -g $(install_gid) / /g' \ -e 's/-m 4111//' -e 's/-m 0111//' Makefile > Makefile.$$ mv Makefile.$$ Makefile CFLAGS="$RPM_OPT_FLAGS" \ make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` /usr/bin/strip ${RPM_BUILD_ROOT}%{_bindir}/* || : /usr/bin/strip ${RPM_BUILD_ROOT}%{_sbindir}/* || : chmod 0755 ${RPM_BUILD_ROOT}%{_sbindir}/* /opt/freeware/bin/install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo (cd $RPM_BUILD_ROOT for dir in bin sbin include do mkdir -p usr/$dir cd usr/$dir ln -sf ../..%{_prefix}/$dir/* . cd - done ) cd $RPM_BUILD_ROOT mkdir -p etc/rc.d/rc2.d ln -s /etc/rc.d/init.d/sudo etc/rc.d/rc2.d/S90sudo %post echo "This sudo is built with /etc/sudo-ldap.conf as the ldap configuration file. Run \"sudo -V\" to check build configure options" %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,system) %doc INSTALL NEWS doc/HISTORY doc/LICENSE README README.LDAP doc/TROUBLESHOOTING doc/UPGRADE %{_datadir}/doc/%{name}-%{version}/* %config(noreplace) %attr(0440,root,system) /etc/sudoers %attr(0750,root,system) %dir /etc/sudoers.d %attr(0711,root,system) %dir /var/lib/sudo %attr(0711,root,system) %dir /var/lib/sudo/lectured %attr(0700,root,system) %dir /var/run/sudo %attr(4111,root,system) %{prefix}/bin/sudo %attr(4111,root,system) %{prefix}/bin/sudoreplay %attr(4111,root,system) %{prefix}/bin/sudoedit %attr(0111,root,system) %{prefix}/sbin/visudo /usr/bin/sudo /usr/bin/sudoreplay /usr/bin/sudoedit /usr/sbin/visudo %{_libexecdir}/sudo /etc/rc.d/init.d/* /etc/rc.d/rc2.d/* %{_datadir}/locale/*/LC_MESSAGES/* %{_mandir}/man5/* %{_mandir}/man8/sudo.8* %{_mandir}/man8/sudoedit.8* %{_mandir}/man8/sudoreplay.8* %{_mandir}/man8/visudo.8* %{_includedir}/* /usr/include/* %changelog * Mon Mar 18 2019 Ravi Hirekurabar - sudo_ids-1.8.27-1 - Updated to 1.8.17 * Fri Mar 2 2018 Harshita Jain sudo_ods-1.8.21p2-1 - update to 1.8.21p2 * Fri Dec 15 2017 Ayappan P sudo_ids-1.8.20p2-3 - Include necessary files like sudoers2ldif and correct post-install - message to show /etc/sudo-ldap.conf as the conf file. * Tue Nov 14 2017 Ayappan P sudo_ids-1.8.20p2-2 - Fixes regarding proper ldap conf file & gettext dependency - rectify rpm_share errors due to improper symlinks * Wed Sep 27 2017 Ravi Hirekurabar sudo_ids-1.8.20p2-1 - Build with IBMLDAP. * Fri Jul 14 2017 Sangamesh Mallayya 1.8.20p2-3 - Update to include CVE fixes. - Build with -fstack-check & maxdata. * Sat Jul 02 2016 Sangamesh Mallayya 1.8.15-2 - Rebuild with ldap support. * Thu Mar 17 2016 Sangamesh Mallayya 1.8.15-1 - Update to 1.8.15 * Tue Apr 7 2015 Sangamesh Mallayya 1.8.13-1 - Update to 1.8.13 * Thu Nov 11 2011 Sangamesh Mallayya 1.6.9p23 - Update to 1.6.9p23 * Fri Aug 22 2008 Garrick Trowsdale - Move BuildRequires: openldap-devel inside conditional block * Tue Jul 29 2008 Reza Arbab 1.6.9p15-2noldap - Create a non-LDAP enabled release. Build with --define 'noldap 1'. * Wed Jul 2 2008 Reza Arbab 1.6.9p15-2 - Change the order of the libpath encoded in the sudo binary. * Fri May 2 2008 Reza Arbab 1.6.9p15-1 - Update to 1.6.9p15. - Configure with-ldap and with-noexec. Require openldap. * Tue Apr 27 2004 David Clissold 1.6.7p5-2 - Make sure /etc/sudoers installs with 0440 permissions. - Thanks to Leigh Brown (leigh@solinno.co.uk) for pointing this out. * Wed May 21 2003 David Clissold 1.6.7p5-1 - New version, 1.6.7p5. (Includes earlier security fix; separate - patch no longer required). * Fri Nov 22 2002 David Clissold - Add IBM ILA license. * Wed Jul 17 2002 David Clissold - New version, 1.6.5p2. Security patch still required. * Thu Apr 25 2002 David Clissold - Security patch announced today; added. * Fri Feb 08 2002 Marc Stephenson - New version * Tue Oct 23 2001 David Clissold - No functional change. Remove unneccessary libtool use. * Thu Oct 11 2001 Marc Stephenson - Use configure with-authenticate * Fri Apr 20 2001 Marc Stephenson - Build for AIX Toolbox for Linux Distributions * Mon Mar 5 2001 Hirofumi Takeda - update to 1.6.3p7 * Thu Feb 22 2001 Hirofumi Takeda - update to 1.6.3p6 * Sat Dec 30 2000 Roger Luethi - 1.6.3p5-2: libtoolized build * Thu Sep 21 2000 Hirofumi Takeda - rewrite spec file for FHS 2.1 - updated to 1.6.3p5 o Fixed a case where a string was used after it had been freed. o Fixed a bug that prevented the -H option from working. o Fixed targetpw, rootpw, and runaspw options when used with non-passwd file authentication (PAM, etc). o When the targetpw flag is set, use the target username as part of the timestamp path. o The listpw and verifypw options had no effect. * Mon Jul 17 2000 SL Baur - alpha port * Mon Mar 27 2000 Takeshi Aihana - updated to 1.6.3 - patch pathname of libpam * Sat Mar 25 2000 Hirofumi Takeda - update to 1.6.2p3 * Fri Feb 4 2000 Hirofumi Takeda - Repackaged for TurboLinux Workstation 6.0J * Sun Jan 9 2000 Takaaki Tabuchi - be able to rebuild non-root user. * Sun Dec 19 1999 Taichi Nakamura - update to 1.6.1 * Tue Dec 14 1999 Tenkou N. Hattori - change /etc/sudoers to noreplace. * Tue Nov 30 1999 Tenkou N. Hattori - updated to 1.6 - be a NoSrc :-P * Thu Jul 22 1999 Tim Powers - updated to 1.5.9p2 for Powertools 6.1 * Wed May 12 1999 Bill Nottingham - sudo is configured with pam. There's no pam.d file. Oops. * Mon Apr 26 1999 Preston Brown - upgraded to 1.59p1 for powertools 6.0 * Tue Oct 27 1998 Preston Brown - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) * Fri Oct 08 1998 Michael Maher - built package for 5.2 * Mon May 18 1998 Michael Maher - updated SPEC file. * Thu Jan 29 1998 Otto Hammersmith - updated to 1.5.4 * Tue Nov 18 1997 Otto Hammersmith - built for glibc, no problems * Fri Apr 25 1997 Michael Fulbright - Fixed for 4.2 PowerTools - Still need to be pamified - Still need to move stmp file to /var/log * Mon Feb 17 1997 Michael Fulbright - First version for PowerCD.