diff --git a/.gitignore b/.gitignore index b0986fa..224d9ce 100644 --- a/.gitignore +++ b/.gitignore @@ -31,8 +31,3 @@ /sudo-1.9.11p3.tar.gz /sudo-1.9.12p2.tar.gz /sudo-1.9.13p2.tar.gz -/sudo-1.9.14p3.tar.gz -/sudo-1.9.15p4.tar.gz -/sudo-1.9.15p5.tar.gz -/sudo-1.9.17p1.tar.gz -/sudo-1.9.17p2.tar.gz diff --git a/sources b/sources index 54e59ea..d221fe6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.17p2.tar.gz) = c8abd6ca56e54a081c9ef1e9f6579d1db5b93ff857e60d1f58d1f425d7dc23c31c58d40b7819780688f66dfdf87a1f3bbe0a78387b007e2beb1b0e546203ea93 +SHA512 (sudo-1.9.13p2.tar.gz) = b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef diff --git a/sudo-1.6.7p5-strip.patch b/sudo-1.6.7p5-strip.patch new file mode 100644 index 0000000..f690659 --- /dev/null +++ b/sudo-1.6.7p5-strip.patch @@ -0,0 +1,11 @@ +--- sudo-1.6.7p5/scripts/install-sh.strip 2005-07-21 14:28:25.000000000 +0200 ++++ sudo-1.6.7p5/scripts/install-sh 2005-07-21 14:29:18.000000000 +0200 +@@ -138,7 +138,7 @@ + fi + ;; + X-s) +- STRIPIT=true ++ #STRIPIT=true + ;; + X--) + shift diff --git a/sudo.spec b/sudo.spec index be44d00..7a10271 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.17 +Version: 1.9.13 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version @@ -26,7 +26,7 @@ BuildRequires: bison BuildRequires: libtool BuildRequires: audit-libs-devel libcap-devel BuildRequires: libselinux-devel -BuildRequires: systemd-rpm-macros +BuildRequires: sendmail BuildRequires: gettext BuildRequires: zlib-devel @@ -70,18 +70,25 @@ BuildRequires: python3-devel %{name}-python-plugin allows using sudo plugins written in Python. %prep -%autosetup -p1 -n %{name}-%{version}%{?extraver} +%setup -q -n %{name}-%{version}%{?extraver} %build # Remove bundled copy of zlib rm -rf zlib/ +%ifarch s390 s390x sparc64 +F_PIE=-fPIE +%else +F_PIE=-fpie +%endif + +export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" + %configure \ --prefix=%{_prefix} \ --sbindir=%{_sbindir} \ --libdir=%{_libdir} \ --docdir=%{_pkgdocdir} \ - --enable-tmpfiles.d=%{_tmpfilesdir} \ --enable-openssl \ --disable-root-mailer \ --disable-intercept \ @@ -95,7 +102,6 @@ rm -rf zlib/ --with-tty-tickets \ --with-ldap \ --with-selinux \ - --with-sendmail=/usr/sbin/sendmail \ --with-passprompt="[sudo] password for %p: " \ --enable-python \ --enable-zlib=system \ @@ -103,28 +109,26 @@ rm -rf zlib/ --with-sssd # --without-kerb5 \ # --without-kerb4 -%make_build +make %check -%make_build check +make check %install -%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` +rm -rf $RPM_BUILD_ROOT +make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers -# Add sudo to protected packages. Old location for yum/dnf. -mkdir -p $RPM_BUILD_ROOT/etc/dnf/protected.d/ -echo "sudo" >$RPM_BUILD_ROOT/etc/dnf/protected.d/sudo.conf -# Add sudo to protected packages. New location for dnf5. -mkdir -p $RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/ -cat >$RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf < sudo.conf +install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/ +rm -f sudo.conf chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files @@ -168,6 +172,7 @@ EOF %files -f sudo_all.lang +%defattr(-,root,root) %attr(0440,root,root) %config(noreplace) /etc/sudoers %attr(0750,root,root) %dir /etc/sudoers.d/ %config(noreplace) /etc/pam.d/sudo @@ -175,9 +180,6 @@ EOF %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf %attr(0640,root,root) %config(noreplace) /etc/sudo.conf -%dir /usr/share/dnf5 -%dir /usr/share/dnf5/libdnf.conf.d -/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf %dir /var/db/sudo %dir /var/db/sudo/lectured %attr(4111,root,root) %{_bindir}/sudo