From 3e6b39b18504cd49db16af4725d5799ab177ab23 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 6 Sep 2017 12:53:03 -0400 Subject: [PATCH 01/84] Replace file-based requirements with package-level ones: - /etc/pam.d/system-auth to 'pam' - /bin/chmod to 'coreutils' (bug #1488934) - /usr/bin/vi to vim-minimal - ... and make vim-minimal "recommends" instead of "requires", because other editors can be configured. --- sudo.spec | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/sudo.spec b/sudo.spec index e02eb5a..95ebbcb 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,16 +3,16 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.20p2 -Release: 3%{?dist} +Release: 4%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source1: sudoers Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: /etc/pam.d/system-auth -Requires: /usr/bin/vi -Requires(post): /bin/chmod +Requires: pam +Recommends: vim-minimal +Requires(post): coreutils BuildRequires: pam-devel BuildRequires: groff @@ -204,6 +204,14 @@ rm -rf $RPM_BUILD_ROOT %{_libexecdir}/sudo/libsudo_util.so %changelog +* Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 +- replace file-based requirements with package-level ones: +- /etc/pam.d/system-auth to 'pam' +- /bin/chmod to 'coreutils' (bug #1488934) +- /usr/bin/vi to vim-minimal +- ... and make vim-minimal "recommends" instead of "requires", because + other editors can be configured. + * Thu Aug 03 2017 Fedora Release Engineering - 1.8.20p2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 0c12737f71b2afa76592619e8427e0873f55abc4 Mon Sep 17 00:00:00 2001 From: Marek Tamaskovic Date: Fri, 29 Sep 2017 15:43:08 +0200 Subject: [PATCH 02/84] Update to sudo-1.8.21p2 Fix changelog --- .gitignore | 1 + sources | 2 +- sudo.spec | 10 +++++++--- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 4f59932..63000a2 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /sudo-1.8.20b1.tar.gz /sudo-1.8.20p1.tar.gz /sudo-1.8.20p2.tar.gz +/sudo-1.8.21p2.tar.gz diff --git a/sources b/sources index 21e6b4a..a15d86f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.20p2.tar.gz) = 8bf67e687f7a84605fdef8d547b5cd661141b6c8fd25820c33c7e37e97ca7f21f564c3bae691f8a8cd08df7d80338e36a8f06bb5086cc104509d71d6ab1bceda +SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c diff --git a/sudo.spec b/sudo.spec index 95ebbcb..0e3f504 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,8 +2,8 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.20p2 -Release: 4%{?dist} +Version: 1.8.21p2 +Release: 1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -178,6 +178,7 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? +%{_libexecdir}/sudo/libsudo_util.so %{_mandir}/man5/sudoers.5* %{_mandir}/man5/sudoers.ldap.5* %{_mandir}/man5/sudo.conf.5* @@ -201,9 +202,12 @@ rm -rf $RPM_BUILD_ROOT %doc plugins/sample/sample_plugin.c %{_includedir}/sudo_plugin.h %{_mandir}/man8/sudo_plugin.8* -%{_libexecdir}/sudo/libsudo_util.so %changelog +* Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 +- update to 1.8.21p2 +- Moved libsudo_util.so from the -devel sub-package to main package (1481225) + * Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 - replace file-based requirements with package-level ones: - /etc/pam.d/system-auth to 'pam' From 5199f377bb143a443967ad1345e9d978847aca0a Mon Sep 17 00:00:00 2001 From: Marek Tamaskovic Date: Fri, 29 Sep 2017 15:43:08 +0200 Subject: [PATCH 03/84] Update to sudo-1.8.21p2 --- .gitignore | 1 + sources | 2 +- sudo.spec | 10 +++++++--- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 4f59932..63000a2 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /sudo-1.8.20b1.tar.gz /sudo-1.8.20p1.tar.gz /sudo-1.8.20p2.tar.gz +/sudo-1.8.21p2.tar.gz diff --git a/sources b/sources index 21e6b4a..a15d86f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.20p2.tar.gz) = 8bf67e687f7a84605fdef8d547b5cd661141b6c8fd25820c33c7e37e97ca7f21f564c3bae691f8a8cd08df7d80338e36a8f06bb5086cc104509d71d6ab1bceda +SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c diff --git a/sudo.spec b/sudo.spec index e02eb5a..95e3801 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,8 +2,8 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.20p2 -Release: 3%{?dist} +Version: 1.8.21p2 +Release: 1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -178,6 +178,7 @@ rm -rf $RPM_BUILD_ROOT %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? +%{_libexecdir}/sudo/libsudo_util.so %{_mandir}/man5/sudoers.5* %{_mandir}/man5/sudoers.ldap.5* %{_mandir}/man5/sudo.conf.5* @@ -201,9 +202,12 @@ rm -rf $RPM_BUILD_ROOT %doc plugins/sample/sample_plugin.c %{_includedir}/sudo_plugin.h %{_mandir}/man8/sudo_plugin.8* -%{_libexecdir}/sudo/libsudo_util.so %changelog +* Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 +- update to 1.8.21p2 +- Moved libsudo_util.so from the -devel sub-package to main package (1481225) + * Thu Aug 03 2017 Fedora Release Engineering - 1.8.20p2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 60f7afa183b0e85ab4659dff3e12c359ea4734cc Mon Sep 17 00:00:00 2001 From: Rachel Sibley Date: Thu, 5 Oct 2017 15:32:54 -0400 Subject: [PATCH 04/84] Initial commit for downstream tests using standard test interface --- tests/fully-qualified-hostnames/Makefile | 71 ++ tests/fully-qualified-hostnames/PURPOSE | 3 + tests/fully-qualified-hostnames/runtest.sh | 106 ++ tests/fully-qualified-hostnames/ssh-sudo.exp | 20 + tests/run-as/Makefile | 68 ++ tests/run-as/PURPOSE | 3 + .../distribution/Library/Cleanup/Makefile | 59 ++ .../distribution/Library/Cleanup/lib.sh | 314 ++++++ .../Library/ConditionalPhases/Makefile | 59 ++ .../Library/ConditionalPhases/lib.sh | 166 ++++ .../run-as/distribution/Library/Log/Makefile | 48 + tests/run-as/distribution/Library/Log/lib.sh | 637 ++++++++++++ .../run-as/distribution/Library/opts/Makefile | 48 + tests/run-as/distribution/Library/opts/lib.sh | 338 +++++++ .../run-as/distribution/Library/tcf/Makefile | 60 ++ tests/run-as/distribution/Library/tcf/lib.sh | 903 ++++++++++++++++++ .../distribution/Library/testUser/Makefile | 60 ++ .../distribution/Library/testUser/lib.sh | 234 +++++ tests/run-as/runtest.sh | 163 ++++ tests/sudoers-options-sanity-test/Makefile | 67 ++ tests/sudoers-options-sanity-test/PURPOSE | 3 + .../distribution/Library/Cleanup/Makefile | 59 ++ .../distribution/Library/Cleanup/lib.sh | 314 ++++++ .../Library/ConditionalPhases/Makefile | 59 ++ .../Library/ConditionalPhases/lib.sh | 166 ++++ .../distribution/Library/Log/Makefile | 48 + .../distribution/Library/Log/lib.sh | 637 ++++++++++++ .../distribution/Library/opts/Makefile | 48 + .../distribution/Library/opts/lib.sh | 338 +++++++ .../distribution/Library/tcf/Makefile | 60 ++ .../distribution/Library/tcf/lib.sh | 903 ++++++++++++++++++ .../distribution/Library/testUser/Makefile | 60 ++ .../distribution/Library/testUser/lib.sh | 234 +++++ tests/sudoers-options-sanity-test/runtest.sh | 379 ++++++++ tests/tests.yml | 53 + .../Makefile | 70 ++ .../PURPOSE | 3 + .../runtest.sh | 80 ++ tests/use_pty-option/Makefile | 72 ++ tests/use_pty-option/PURPOSE | 4 + tests/use_pty-option/forker.sh | 5 + tests/use_pty-option/runtest.sh | 76 ++ tests/use_pty-option/ssh-sudo.exp | 20 + 43 files changed, 7118 insertions(+) create mode 100644 tests/fully-qualified-hostnames/Makefile create mode 100644 tests/fully-qualified-hostnames/PURPOSE create mode 100755 tests/fully-qualified-hostnames/runtest.sh create mode 100755 tests/fully-qualified-hostnames/ssh-sudo.exp create mode 100644 tests/run-as/Makefile create mode 100644 tests/run-as/PURPOSE create mode 100644 tests/run-as/distribution/Library/Cleanup/Makefile create mode 100644 tests/run-as/distribution/Library/Cleanup/lib.sh create mode 100644 tests/run-as/distribution/Library/ConditionalPhases/Makefile create mode 100644 tests/run-as/distribution/Library/ConditionalPhases/lib.sh create mode 100644 tests/run-as/distribution/Library/Log/Makefile create mode 100644 tests/run-as/distribution/Library/Log/lib.sh create mode 100644 tests/run-as/distribution/Library/opts/Makefile create mode 100644 tests/run-as/distribution/Library/opts/lib.sh create mode 100644 tests/run-as/distribution/Library/tcf/Makefile create mode 100644 tests/run-as/distribution/Library/tcf/lib.sh create mode 100644 tests/run-as/distribution/Library/testUser/Makefile create mode 100644 tests/run-as/distribution/Library/testUser/lib.sh create mode 100755 tests/run-as/runtest.sh create mode 100644 tests/sudoers-options-sanity-test/Makefile create mode 100644 tests/sudoers-options-sanity-test/PURPOSE create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/Cleanup/Makefile create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/Cleanup/lib.sh create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/Makefile create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/lib.sh create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/Log/Makefile create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/Log/lib.sh create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/opts/Makefile create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/opts/lib.sh create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/tcf/Makefile create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/tcf/lib.sh create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/testUser/Makefile create mode 100644 tests/sudoers-options-sanity-test/distribution/Library/testUser/lib.sh create mode 100755 tests/sudoers-options-sanity-test/runtest.sh create mode 100644 tests/tests.yml create mode 100644 tests/upstream-testsuite-execution-and-rebuild-test/Makefile create mode 100644 tests/upstream-testsuite-execution-and-rebuild-test/PURPOSE create mode 100755 tests/upstream-testsuite-execution-and-rebuild-test/runtest.sh create mode 100644 tests/use_pty-option/Makefile create mode 100644 tests/use_pty-option/PURPOSE create mode 100644 tests/use_pty-option/forker.sh create mode 100755 tests/use_pty-option/runtest.sh create mode 100755 tests/use_pty-option/ssh-sudo.exp diff --git a/tests/fully-qualified-hostnames/Makefile b/tests/fully-qualified-hostnames/Makefile new file mode 100644 index 0000000..101e635 --- /dev/null +++ b/tests/fully-qualified-hostnames/Makefile @@ -0,0 +1,71 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/sudo/Sanity/fully-qualified-hostnames +# Description: checks if sudo works correctly when FQDN is used in /etc/sudoers +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/sudo/Sanity/fully-qualified-hostnames +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE ssh-sudo.exp + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chmod a+x ssh-sudo.exp + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: checks if sudo works correctly when FQDN is used in /etc/sudoers" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 10m" >> $(METADATA) + @echo "RunFor: sudo" >> $(METADATA) + @echo "Requires: sudo" >> $(METADATA) + @echo "Requires: sed" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: mktemp" >> $(METADATA) + @echo "Requires: openssh-server" >> $(METADATA) + @echo "Requires: openssh-clients" >> $(METADATA) + @echo "Requires: expect" >> $(METADATA) + @echo "Requires: shadow-utils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/fully-qualified-hostnames/PURPOSE b/tests/fully-qualified-hostnames/PURPOSE new file mode 100644 index 0000000..c27b508 --- /dev/null +++ b/tests/fully-qualified-hostnames/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/sudo/Sanity/fully-qualified-hostnames +Description: checks if sudo works correctly when FQDN is used in /etc/sudoers +Author: Milos Malik diff --git a/tests/fully-qualified-hostnames/runtest.sh b/tests/fully-qualified-hostnames/runtest.sh new file mode 100755 index 0000000..db3a893 --- /dev/null +++ b/tests/fully-qualified-hostnames/runtest.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/sudo/Sanity/fully-qualified-hostnames +# Description: checks if sudo works correctly when FQDN is used in /etc/sudoers +# Author: Milos Malik +# Edit: Ales "alich" Marecek +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="sudo" +USER_NAME="user${RANDOM}" +USER_SECRET="s3kr3T${RANDOM}" +CONFIG_FILE="/etc/sudoers" +OUTPUT_FILE="sudo.log" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "cp ssh-sudo.exp ${TmpDir}" 0 "Copying expect file" + rlRun "pushd $TmpDir" + OUTPUT_FILE="${TmpDir}/${OUTPUT_FILE}" + rlFileBackup ${CONFIG_FILE} ~/.ssh + id ${USER_NAME} && userdel -r ${USER_NAME} + rlRun "useradd ${USER_NAME}" + rlRun "echo ${USER_SECRET} | passwd --stdin ${USER_NAME}" + rlRun "sed -i 's/^.*requiretty.*$//' ${CONFIG_FILE}" + rlRun "sed -i 's/^.*lecture.*$//' ${CONFIG_FILE}" + rlRun "echo \"Defaults !requiretty, !lecture\" >> ${CONFIG_FILE}" + rlRun "echo \"${USER_NAME} ${HOSTNAME} = (root) `which id`\" >> ${CONFIG_FILE}" + rlRun "> ~/.ssh/known_hosts" + rlPhaseEnd + + if rlIsRHEL 5; then + rlPhaseStartTest + rlRun "strings `which sudo` | grep fqdn" + rlPhaseEnd + fi + + if echo ${HOSTNAME} | grep -q '^localhost'; then + rlPhaseStartTest + rlLogInfo "skipping fqdn option enabled tests, cannot run with local-only host name ${HOSTNAME}" + rlPhaseEnd + else + rlPhaseStartTest "fqdn option is enabled, command is valid" + rlRun "sed -i 's/^.*fqdn.*$//' ${CONFIG_FILE}" + rlRun "echo \"Defaults fqdn\" >> ${CONFIG_FILE}" + rlRun "./ssh-sudo.exp ${USER_NAME} ${USER_SECRET} localhost id 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "uid=0.*gid=0.*groups=0" ${OUTPUT_FILE} + rlPhaseEnd + + rlPhaseStartTest "fqdn option is enabled, command is invalid" + rlRun "sed -i 's/^.*fqdn.*$//' ${CONFIG_FILE}" + rlRun "echo \"Defaults fqdn\" >> ${CONFIG_FILE}" + rlRun "./ssh-sudo.exp ${USER_NAME} ${USER_SECRET} localhost w 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "user.*is not allowed to execute" ${OUTPUT_FILE} + rlPhaseEnd + fi + + rlPhaseStartTest "fqdn option is disabled, command is valid" + rlRun "sed -i 's/^.*fqdn.*$//' ${CONFIG_FILE}" + rlRun "echo \"Defaults !fqdn\" >> ${CONFIG_FILE}" + rlRun "./ssh-sudo.exp ${USER_NAME} ${USER_SECRET} localhost id 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "uid=0.*gid=0.*groups=0" ${OUTPUT_FILE} + rlPhaseEnd + + rlPhaseStartTest "fqdn option is disabled, command is invalid" + rlRun "sed -i 's/^.*fqdn.*$//' ${CONFIG_FILE}" + rlRun "echo \"Defaults !fqdn\" >> ${CONFIG_FILE}" + rlRun "./ssh-sudo.exp ${USER_NAME} ${USER_SECRET} localhost w 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "user.*is not allowed to execute" ${OUTPUT_FILE} + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "userdel -rf ${USER_NAME}" + rlFileRestore + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/fully-qualified-hostnames/ssh-sudo.exp b/tests/fully-qualified-hostnames/ssh-sudo.exp new file mode 100755 index 0000000..44863e4 --- /dev/null +++ b/tests/fully-qualified-hostnames/ssh-sudo.exp @@ -0,0 +1,20 @@ +#!/usr/bin/expect -f +# usage: +# ./ssh-sudo.exp username password hostname command +set username [lrange $argv 0 0] +set password [lrange $argv 1 1] +set hostname [lrange $argv 2 2] +set command [lrange $argv 3 3] +set timeout 5 +spawn ssh -t $username@$hostname sudo $command +expect "*yes/no*" { + send -- "yes\r" +} +expect "*assword*" { + send -- "$password\r" +} +expect "*assword*" { + send -- "$password\r" +} +expect eof + diff --git a/tests/run-as/Makefile b/tests/run-as/Makefile new file mode 100644 index 0000000..411464b --- /dev/null +++ b/tests/run-as/Makefile @@ -0,0 +1,68 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/sudo/Sanity/run-as +# Description: Test feature 'run as'. This means -u, -g options. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/sudo/Sanity/run-as +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Test feature 'run as'. This means -u, -g options." >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: sudo" >> $(METADATA) + @echo "Requires: sudo" >> $(METADATA) + @echo "RhtsRequires: library(distribution/tcf)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Cleanup)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/testUser)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/ConditionalPhases)" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/run-as/PURPOSE b/tests/run-as/PURPOSE new file mode 100644 index 0000000..387bc5b --- /dev/null +++ b/tests/run-as/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/sudo/Sanity/run-as +Description: Test feature 'run as'. This means -u, -g options. +Author: Dalibor Pospisil diff --git a/tests/run-as/distribution/Library/Cleanup/Makefile b/tests/run-as/distribution/Library/Cleanup/Makefile new file mode 100644 index 0000000..3e5a8e1 --- /dev/null +++ b/tests/run-as/distribution/Library/Cleanup/Makefile @@ -0,0 +1,59 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/Cleanup +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/Cleanup +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Provides function to define cleanup stack which can do its work at any time of the test run." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "Provides: library(distribution/Cleanup)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/run-as/distribution/Library/Cleanup/lib.sh b/tests/run-as/distribution/Library/Cleanup/lib.sh new file mode 100644 index 0000000..c66d21c --- /dev/null +++ b/tests/run-as/distribution/Library/Cleanup/lib.sh @@ -0,0 +1,314 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = Cleanup +# library-version = 9 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_Cleanup_LIB_VERSION=9 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library Cleanup + +=head1 DESCRIPTION + +This file contains functions which provides cleanup stack functionality. + +=head1 USAGE + +To use this functionality you need to import library distribution/Cleanup and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/Cleanup)" >> $(METADATA) + +B + + rlJournalStart + rlPhaseStartSetup + rlImport 'distribution/Cleanup' + tmp=$(mktemp) + CleanupRegister " + rlLog 'Removing data' + rlRun \"rm -f ${tmp}\" + " + rlLog 'Creating some data' + rlRun "echo 'asdfalkjh' > $tmp" + + CleanupRegister " + rlLog 'just something to demonstrate unregistering' + " + ID1=$CleanupRegisterID + CleanupUnregister $ID1 + + CleanupRegister " + rlLog 'just something to demonstrate partial cleanup' + " + ID2=$CleanupRegisterID + CleanupRegister "rlLog 'cleanup some more things'" + # cleanup everything upto ID2 + CleanupDo $ID2 + + CleanupRegister --mark " + rlLog 'yet another something to demonstrate partial cleanup using internal ID saving' + " + CleanupRegister "rlLog 'cleanup some more things'" + # cleanup everything upto last mark + CleanupDo --mark + rlPhaseEnd + + rlPhaseStartCleanup + CleanupDo + rlPhaseEnd + + rlJournalPrintText + rlJournalEnd + +=head1 FUNCTIONS + +=cut + +echo -n "loading library Cleanup v$__INTERNAL_Cleanup_LIB_VERSION... " + +__INTERNAL_Cleanup_stack_file="$BEAKERLIB_DIR/Cleanup_stack" +touch "$__INTERNAL_Cleanup_stack_file" +chmod ug+rw "$__INTERNAL_Cleanup_stack_file" + +# CleanupRegister ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# CleanupRegister [--mark] CLEANUP_CODE +# --mark - also mark this position +CleanupRegister() { + local mark=0 + [[ "$1" == "--mark" ]] && { + mark=1 + shift + } + if ! CleanupGetStack; then + rlLogError "cannot continue, could not get cleanup stack" + return 1 + fi + CleanupRegisterID="${RANDOM}$(date +"%s%N")" + echo -n "Registering cleanup ID=$CleanupRegisterID" >&2 + if [[ $mark -eq 1 ]]; then + __INTERNAL_CleanupMark=( "$CleanupRegisterID" "${__INTERNAL_CleanupMark[@]}" ) + echo -n " with mark" >&2 + fi + echo " '$1'" >&2 + rlLogDebug "prepending '$1'" + local ID_tag="# ID='$CleanupRegisterID'" + __INTERNAL_Cleanup_stack="$ID_tag +$1 +$ID_tag +$__INTERNAL_Cleanup_stack" + if ! CleanupSetStack "$__INTERNAL_Cleanup_stack"; then + rlLogError "an error occured while registering the cleanup '$1'" + return 1 + fi + return 0 +}; # end of CleanupRegister }}} + + +# __INTERNAL_Cleanup_get_stack_part ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# 1: ID +# -ID - everything upto the ID +# 2: '' - return ID only +# 'rest' - return exact oposit +__INTERNAL_Cleanup_get_stack_part() { + rlLogDebug "__INTERNAL_Cleanup_get_stack_part(): $* begin" + local ID="$1" + local n='1 0 1' + local stack='' + [[ "${ID:0:1}" == "-" ]] && { + ID="${ID:1}" + n='0 0 1' + } + [[ "$2" == "rest" ]] && { + n="$(echo "${n//0/2}")" + n="$(echo "${n//1/0}")" + n="$(echo "${n//2/1}")" + } + n=($n) + [[ -n "$DEBUG" ]] && rlLogDebug "$(set | grep ^n=)" + local ID_tag="# ID='$ID'" + while IFS= read -r line; do + + [[ "$line" == "$ID_tag" ]] && { + n=( "${n[@]:1}" ) + continue + } + if [[ $n -eq 0 ]]; then + stack="$stack +$line" + fi + done < <(echo "$__INTERNAL_Cleanup_stack") + rlLogDebug "__INTERNAL_Cleanup_get_stack_part(): cleanup stack part is '${stack:1}'" + echo "${stack:1}" + rlLogDebug "__INTERNAL_Cleanup_get_stack_part(): $* end" +}; # end of __INTERNAL_Cleanup_get_stack_part }}} + +# CleanupUnregister ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupUnregister() { + local ID="$1" + rlLog "Unregistering cleanup ID='$ID'" + if ! CleanupGetStack; then + rlLogError "cannot continue, could not get cleanup stack" + return 1 + fi + rlLogDebug "removing ID='$ID'" + if ! CleanupSetStack "$(__INTERNAL_Cleanup_get_stack_part "$ID" 'rest')"; then + rlLogError "an error occured while registering the cleanup '$1'" + return 1 + fi + return 0 +}; # end of CleanupUnregister }}} + + +# CleanupMark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_CleanupMark=() +CleanupMark() { + echo -n "Setting cleanup mark" >&2 + CleanupRegister --mark '' 2>/dev/null + local res=$? + echo " ID='$CleanupRegisterID'" >&2 + return $res +}; # end of CleanupMark }}} + + +# CleanupDo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# 1: '' - cleanup all +# ID - cleanup ID only +# -ID - cleanup all upto ID, including +# mark - cleanup all unto last mark, including +CleanupDo() { + local ID="$1" + if ! CleanupGetStack; then + rlLogError "cannot continue, could not get cleanup stack" + return 1 + fi + local res tmp newstack='' + tmp="$(mktemp)" + if [[ "$ID" == "mark" || "$ID" == "--mark" ]]; then + echo "execute cleanup upto mark='$__INTERNAL_CleanupMark'" >&2 + __INTERNAL_Cleanup_get_stack_part "-$__INTERNAL_CleanupMark" | grep -v "^# ID='" > "$tmp" + newstack="$(__INTERNAL_Cleanup_get_stack_part "-$__INTERNAL_CleanupMark" 'rest')" + __INTERNAL_CleanupMark=("${__INTERNAL_CleanupMark[@]:1}") + elif [[ -n "$ID" ]]; then + echo "execute cleanup for ID='$ID'" >&2 + __INTERNAL_Cleanup_get_stack_part "$ID" | grep -v "^# ID='" > "$tmp" + newstack="$(__INTERNAL_Cleanup_get_stack_part "$ID" 'rest')" + else + CleanupTrapUnhook + trap "echo 'temporarily blocking ctrl+c until cleanup is done' >&2" SIGINT + cat "$__INTERNAL_Cleanup_stack_file" | grep -v "^# ID='" > "$tmp" + echo "execute whole cleanup stack" >&2 + fi + . "$tmp" + res=$? + [[ $res -ne 0 ]] && { + echo "cleanup code:" >&2 + cat -n "$tmp" >&2 + } + rm -f "$tmp" + echo "cleanup execution done" >&2 + if [[ -z "$ID" ]]; then + trap - SIGINT + fi + if ! CleanupSetStack "$newstack"; then + rlLogError "an error occured while cleaning the stack" + return 1 + fi + return $res +}; # end of CleanupDo }}} + + +# CleanupGetStack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupGetStack() { + rlLogDebug "getting cleanup stack" + if [[ -r "$__INTERNAL_Cleanup_stack_file" ]]; then + if __INTERNAL_Cleanup_stack="$(cat "$__INTERNAL_Cleanup_stack_file")"; then + rlLogDebug "cleanup stack is '$__INTERNAL_Cleanup_stack'" + return 0 + fi + fi + rlLogError "could not load cleanup stack" + return 1 +}; # end of CleanupGetStack }}} + + +# CleanupSetStack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupSetStack() { + rlLogDebug "setting cleanup stack to '$1'" + __INTERNAL_Cleanup_stack="$1" + if echo "$__INTERNAL_Cleanup_stack" > "$__INTERNAL_Cleanup_stack_file"; then + rlLogDebug "cleanup stack is now '$__INTERNAL_Cleanup_stack'" + return 0 + fi + rlLogError "could not set cleanup stack" + return 1 +}; # end of CleanupSetStack }}} + + +__INTERNAL_Cleanup_signals='' +__INTERNAL_Cleanup_trap_code='rlJournalStart; rlPhaseStartCleanup; CleanupDo; rlPhaseEnd; rlJournalPrintText; rlJournalEnd; exit' +# CleanupTrapHook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupTrapHook() { + rlLog "register cleanup trap" + __INTERNAL_Cleanup_signals="${1:-"SIGHUP SIGINT SIGTERM EXIT"}" + eval "trap \"${__INTERNAL_Cleanup_trap_code}\" $__INTERNAL_Cleanup_signals" +}; # end of CleanupTrapHook }}} + + +# CleanupTrapUnhook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupTrapUnhook() { + if [[ -n "$__INTERNAL_Cleanup_signals" ]]; then + rlLog "unregister cleanup trap" + eval trap - $__INTERNAL_Cleanup_signals + __INTERNAL_Cleanup_signals='' + fi +}; # end of CleanupTrapUnhook }}} + + +# CleanupLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupLibraryLoaded() { + CleanupTrapHook +}; # end of CleanupLibraryLoaded }}} + + +echo "done." + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + diff --git a/tests/run-as/distribution/Library/ConditionalPhases/Makefile b/tests/run-as/distribution/Library/ConditionalPhases/Makefile new file mode 100644 index 0000000..f017bcb --- /dev/null +++ b/tests/run-as/distribution/Library/ConditionalPhases/Makefile @@ -0,0 +1,59 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/ConditionalPhases +# Description: Implements conditional phases. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/ConditionalPhases +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Implements conditional phases." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "Provides: library(distribution/ConditionalPhases)" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/run-as/distribution/Library/ConditionalPhases/lib.sh b/tests/run-as/distribution/Library/ConditionalPhases/lib.sh new file mode 100644 index 0000000..39024d1 --- /dev/null +++ b/tests/run-as/distribution/Library/ConditionalPhases/lib.sh @@ -0,0 +1,166 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = ConditionalPhases +# library-version = 2 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_ConditionalPhases_LIB_VERSION=2 +__INTERNAL_ConditionalPhases_LIB_NAME='distribution/ConditionalPhases' +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library distribution/condpahses + +=head1 DESCRIPTION + +Implements conditional phases to eficiently select test phases to be execute +using white and black lists. + +To use this functionality you need to import library +distribution/ConditionalPhases and add following line to Makefile. + + @echo "RhtsRequires: library(distribution/ConditionalPhases)" >> $(METADATA) + +=head1 USAGE + +=head2 Conditional phases + +Each test phase can be conditionally skipped based on a bash regular expression +given in CONDITIONAL_PHASES_BL and/or CONDITIONAL_PHASES_WL variables. + +=over + +=item CONDITIONAL_PHASES_BL + +It is a black list. If match phase name the respective phase should be skipped. + +=item CONDITIONAL_PHASES_WL + +It is a white list. If does B match phase name the respective phase should +be skipped excluding phases contatning 'setup' or 'cleanup' in its name. Names +'setup' and 'cleanup' are matched case insenitively. + +=back + +Actual skipping has to be done in the test case itself by using return code of +functions I, I, I, and +I. + +Example: + + rlPhaseStartTest "phase name" && { + ... + rlPhaseEnd; } + +Evaluation of the phase relevancy works as follows: + 1. If CONDITIONAL_PHASES_BL is non-empty and matches phase name => return 2. + 2. If phase name contains word 'setup' or 'cleanup' or CONDITIONAL_PHASES_WL + is empty => return 0. + 3. If CONDITIONAL_PHASES_WL is non-empty and matches phase name => return 0 + otherwise return 1. + +Normaly Setup and Cleanup phases are not skipped unless hey are B +black-listed. + +To make the test work properly with conditional phases it is necessary to +surround phase code with curly brackets and make it conditionally executed +based on rlPhaseStart* function's exit code the same way as it is demostrated in +the example above. To make the process easy you can use following command: + + sed 's/rlPhaseStart[^{]*$/& \&\& {/;s/rlPhaseEnd[^}]*$/&; }/' + +This code can be embedded in Makefile by modifying build target to following +form: + + build: $(BUILT_FILES) + grep -Eq 'rlPhase(Start[^{]*|End[^}]*)$' runtest.sh && sed -i 's/rlPhaseStart[^{]*$/& \&\& {/;s/rlPhaseEnd[^}]*$/&; }/' testrun.sh + test -x runtest.sh || chmod a+x runtest.sh + + +=cut +#' +echo -n "loading library $__INTERNAL_ConditionalPhases_LIB_NAME v$__INTERNAL_ConditionalPhases_LIB_VERSION... " + + +# ConditionalPhasesLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +ConditionalPhasesLibraryLoaded() { + if [[ -n "$CONDITIONAL_PHASES_BL" || -n "$CONDITIONAL_PHASES_WL" ]]; then + __INTERNAL_ConditionalPhases_eval() { + # check phases black-list + [[ -n "$CONDITIONAL_PHASES_BL" && "$1" =~ $CONDITIONAL_PHASES_BL ]] && { + rlLogWarning "phase '$1' should be skipped as it is defined in \$CONDITIONAL_PHASES_BL='$CONDITIONAL_PHASES_BL'" + return 2 + } + # always execute Setup, Cleanup and if no PHASES (white-list) specified + [[ "$1" =~ $(echo "\<[Ss][Ee][Tt][Uu][Pp]\>") || "$1" =~ $(echo "\<[Cc][Ll][Ee][Aa][Nn][Uu][Pp]\>") ]] && { + rlLogInfo "phase '$1' will be executed as 'setup' and 'cleanup' phases are allowed by default, these can be black-listed" + return 0 + } + [[ -z "$CONDITIONAL_PHASES_WL" ]] && { + rlLogInfo "phase '$1' will be executed as there is no rule for it" + return 0 + } + [[ "$1" =~ $CONDITIONAL_PHASES_WL ]] && { + rlLogInfo "phase '$1' will be executed as it is defined in \$CONDITIONAL_PHASES_WL='$CONDITIONAL_PHASES_WL'" + return 0 + } || { + rlLogWarning "phase '$1' should be skipped as it is not defined in \$CONDITIONAL_PHASES_WL='$CONDITIONAL_PHASES_WL'" + return 1 + } + } + + rlLogInfo "replacing rlPhaseStart by modified function with conditional phases implemented" + :; rlPhaseStart() { + if [ "x$1" = "xFAIL" -o "x$1" = "xWARN" ] ; then + __INTERNAL_ConditionalPhases_eval "$2" && \ + rljAddPhase "$1" "$2" + return $? + else + rlLogError "rlPhaseStart: Unknown phase type: $1" + return 1 + fi + } + else + rlLogInfo "Neither CONDITIONAL_PHASES_WL nor CONDITIONAL_PHASES_BL is defined, not applying modifications" + fi +}; # end of ConditionalPhasesLibraryLoaded }}} + + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + +echo 'done.' diff --git a/tests/run-as/distribution/Library/Log/Makefile b/tests/run-as/distribution/Library/Log/Makefile new file mode 100644 index 0000000..3cf0e65 --- /dev/null +++ b/tests/run-as/distribution/Library/Log/Makefile @@ -0,0 +1,48 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/Log +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/Log +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Provides yet another logging facility that does not rely on beakerlib while it can integrate with it." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/opts)" >> $(METADATA) + @echo "Provides: library(distribution/Log)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/run-as/distribution/Library/Log/lib.sh b/tests/run-as/distribution/Library/Log/lib.sh new file mode 100644 index 0000000..ac1db3d --- /dev/null +++ b/tests/run-as/distribution/Library/Log/lib.sh @@ -0,0 +1,637 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = Log +# library-version = 11 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_Log_LIB_VERSION=11 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library Log + +=head1 DESCRIPTION + +This library provide logging capability which does not rely on beakerlib so it +can be used standalone. + +If it is used within beakerlib it automatically bypass all messages to the +beakerlib. + +Also this library provide journaling feature so the summary can be printed out +at the end. + +=head1 USAGE + +To use this functionality you need to import library distribution/Log and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + +=head1 FUNCTIONS + +=cut + +echo -n "loading library Log v$__INTERNAL_Log_LIB_VERSION... " + + +__INTERNAL_Log_prefix='' +__INTERNAL_Log_prefix2='' +__INTERNAL_Log_postfix='' +__INTERNAL_Log_default_level=3 +__INTERNAL_Log_level=$__INTERNAL_Log_default_level +LogSetDebugLevel() { + if [[ -n "$1" ]]; then + if [[ "$1" =~ ^[0-9]+$ ]]; then + let __INTERNAL_Log_level=$__INTERNAL_Log_default_level+$1; + else + __INTERNAL_Log_level=255 + fi + else + __INTERNAL_Log_level=$__INTERNAL_Log_default_level + fi +} +LogSetDebugLevel "$DEBUG" +let __INTERNAL_Log_level_LOG=0 +let __INTERNAL_Log_level_FATAL=0 +let __INTERNAL_Log_level_ERROR=1 +let __INTERNAL_Log_level_WARNING=2 +let __INTERNAL_Log_level_INFO=3 +let __INTERNAL_Log_level_DEBUG=4 +let __INTERNAL_Log_level_MORE=5 +let __INTERNAL_Log_level_MORE_=$__INTERNAL_Log_level_MORE+1 +let __INTERNAL_Log_level_MORE__=$__INTERNAL_Log_level_MORE_+1 +let __INTERNAL_Log_level_MORE___=$__INTERNAL_Log_level_MORE__+1 + +# Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +Log() { + LogMore___ -f "begin '$*'" + local pri=$2 message="${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + if [[ -n "$pri" ]]; then + LogPrintMessage "$pri" "$message" + LogjAddMessage "$pri" "$message" + else + LogPrintMessage "$(date +%H:%M:%S)" "$message" + LogjAddMessage "INFO" "$message" + fi + LogMore___ -f "end" + return 0 +}; # end of Log }}} + + +__INTERNAL_Log_condition() { + cat <&2 + return 0 +}; # end of LogPrintMessage }}} + + +# LogReport ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 LogReport + +Prints final report similar to breakerlib's rlJournalPrintText. This is useful +mainly if you use TCF without beakerlib. + + LogReport + +=cut +#' + +LogReport() { + echo -e "\n ====== Summary report begin ======" + local a p l i + for i in $(seq 0 2 $((${#__INTERNAL_Log_journal[@]}-1)) ); do + LogPrintMessage "${__INTERNAL_Log_journal[$i]}" "${__INTERNAL_Log_journal[$((++i))]}" + done + echo " ======= Summary report end =======" + __INTERNAL_Log_journal=() +}; # end of LogReport }}} + + +# LogFile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogFile() { + LogMore__ -f "begin '$*'" + local prio='' + [[ $# -ge 3 ]] && { + optsBegin + optsAdd 'prio|tag|p|t' --mandatory + optsDone; eval "${optsCode}" + } + cat $1 | while IFS= read line; do + Log "$line" "${prio:-$2}" + done + LogMore__ -f "end" +}; #}}} + + +# LogText ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogText() { + LogMore__ -f "begin '$*'" + local prio='' + [[ $# -ge 3 ]] && { + optsBegin + optsAdd 'prio|tag|p|t' --mandatory + optsDone; eval "${optsCode}" + } + { + if [[ "$1" == "-" ]]; then + cat - + else + echo "$1" + fi + } | while IFS= read line; do + Log "$line" "${prio:-$2}" + done + LogMore__ -f "end" +}; #}}} + + +# LogStrippedDiff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogStrippedDiff() { + LogMore__ -f "begin '$*'" + local prio='' + [[ $# -ge 3 ]] && { + optsBegin + optsAdd 'prio|tag|p|t' --mandatory + optsDone; eval "${optsCode}" + } + { + if [[ -n "$2" ]]; then + diff -U0 "$1" "$2" + else + cat $1 + fi + } | grep -v -e '^@@ ' -e '^--- ' -e '^+++ ' | while IFS= read line; do + Log "$line" "$prio" + done + LogMore__ -f "end" +}; #}}} + + +# LogRun ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogRun() { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}+1))" + } + LogMore + local dolog=$? + [[ $dolog -eq 0 ]] || { + local param params blacklist="[[:space:]]|>|<|\|" + [[ "${#@}" -eq 1 ]] && params="$1" || { + for param in "$@"; do + if [[ "$param" =~ $blacklist ]]; then + params="$params \"${param//\"/\\\"}\"" + else + params="$params $param" + fi + done + params="${params:1}" + } + LogDo $pref "executing >>>>> ${params} <<<<<" + } + eval "$@" + ret=$? + [[ $dolog -eq 0 ]] || LogMore $pref "execution >>>>> ${params} <<<<< returned '$ret'" + return $ret +}; # end of LogRun }}} + + +# LogDebugNext ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogDebugNext() { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebug '' ${1:-$__INTERNAL_Log_level_DEBUG} || { + __INTERNAL_Log_DEBUGING=0 + trap " + __INTERNAL_Log_DEBUGING_res=\$? + let __INTERNAL_Log_DEBUGING++ + if [[ \$__INTERNAL_Log_DEBUGING -eq 1 ]]; then + __INTERNAL_Log_DEBUGING_cmd=\"\$BASH_COMMAND\" + LogDebug $pref \"executing >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<<\" ${1:-$__INTERNAL_Log_level_DEBUG} + else + trap - DEBUG + LogDebug $pref \"execution >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<< returned \$__INTERNAL_Log_DEBUGING_res\" ${1:-$__INTERNAL_Log_level_DEBUG} + fi" DEBUG + } +}; # end of LogDebugNext }}} + + +# LogMoreNext ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogMoreNext() { + LogMore || { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebugNext $pref ${1:-$__INTERNAL_Log_level_MORE} + } +}; # end of LogMoreNext }}} +LogNext() { + LogMoreNext "$@" +} + + +# LogDebugOn ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogDebugOn() { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebug '' ${1:-$__INTERNAL_Log_level_DEBUG} || { + trap " + __INTERNAL_Log_DEBUGING_res=\$? + let __INTERNAL_Log_DEBUGING++ + if [[ -z \"\$__INTERNAL_Log_DEBUGING_cmd\" ]]; then + __INTERNAL_Log_DEBUGING_cmd=\"\$BASH_COMMAND\" + LogDebug $pref \"executing >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<<\" ${1:-$__INTERNAL_Log_level_DEBUG} + else + LogDebug $pref \"execution >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<< returned \$__INTERNAL_Log_DEBUGING_res\" ${1:-$__INTERNAL_Log_level_DEBUG} + __INTERNAL_Log_DEBUGING_cmd=\"\$BASH_COMMAND\" + if [[ \"\$__INTERNAL_Log_DEBUGING_cmd\" =~ LogDebugOff ]]; then + trap - DEBUG + else + LogDebug $pref \"executing >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<<\" ${1:-$__INTERNAL_Log_level_DEBUG} + fi + fi" DEBUG + } +}; # end of LogDebugOn }}} + + +# LogMoreOn ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogMoreOn() { + LogMore || { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebugOn $pref ${1:-$__INTERNAL_Log_level_MORE} + } +}; # end of LogMoreOn }}} + + +# LogDebugOff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogDebugOff() { + __INTERNAL_Log_DEBUGING_cmd='' +}; # end of LogDebugOff }}} + + +# LogVar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogVar() { + [[ -n "$DEBUG" ]] && { + echo -n 'eval ' + while [[ -n "$1" ]]; do + echo -n "LogDebug -f \"\$(set | grep -P '^$1=')\";" + shift + done + } +}; # end of LogVar }}} + + +# __INTERNAL_LogRedirectToBeakerlib ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_LogRedirectToBeakerlib() { + echo -e "\nrunning inside the beakerlib - redirect own logging functions to beakerlib ones" + true; LogjAddMessage() { + LogMore___ -f "begin $*" + rljAddMessage "$2" "$1" + LogMore___ -f "end $*" + } + true; Log() { + LogMore___ -f "begin $*" + case ${2} in + INFO) + LogjAddMessage "INFO" "$1" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + BEGIN) + LogjAddMessage "INFO" "$*:" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + WARNING|WARN|ERROR|FATAL) + LogjAddMessage "WARNING" "$1" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + SKIP|SKIPPING) + LogjAddMessage "WARNING" "$*:" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + FAIL) + rlFail "$*" + return $? + ;; + PASS) + rlPass "$*" + return $? + ;; + *) + rlLog "$*" + ;; + esac + LogMore___ -f "end $*" + return 0; + } +} +# end of __INTERNAL_LogRedirectToBeakerlib }}} + + +# LogLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogLibraryLoaded() { + declare -F rlDie > /dev/null && __INTERNAL_LogRedirectToBeakerlib + return 0 +}; # end of LogLibraryLoaded }}} + + +echo "done." + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + diff --git a/tests/run-as/distribution/Library/opts/Makefile b/tests/run-as/distribution/Library/opts/Makefile new file mode 100644 index 0000000..389fe25 --- /dev/null +++ b/tests/run-as/distribution/Library/opts/Makefile @@ -0,0 +1,48 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/opts +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/opts +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Provides simple way for defining script's or function's options including help" >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + @echo "Provides: library(distribution/opts)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/run-as/distribution/Library/opts/lib.sh b/tests/run-as/distribution/Library/opts/lib.sh new file mode 100644 index 0000000..180f7ba --- /dev/null +++ b/tests/run-as/distribution/Library/opts/lib.sh @@ -0,0 +1,338 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = opts +# library-version = 4 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_opts_LIB_VERSION=4 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library opts + +=head1 DESCRIPTION + +This library provides simple way for defining script's or function's option +agruments including help. + +=head1 USAGE + +To use this functionality you need to import library distribution/opts and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/opts)" >> $(METADATA) + +B + + testfunction() { + optsBegin -h "Usage: $0 [options] + + options: + " + optsAdd 'flag1' --flag + optsAdd 'optional1|o' --optional + optsAdd 'Optional2|O' "echo opt \$1" --optional --long --var-name opt + optsAdd 'mandatory1|m' "echo man \$1" --mandatory + optsDone; eval "${optsCode}" + echo "$optional1" + echo "$opt" + echo "$mandatory1" + } + +=head1 FUNCTIONS + +=cut + +echo -n "loading library opts v$__INTERNAL_opts_LIB_VERSION... " + +# optsAdd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsAdd() { + LogMoreMed -f "begin '$*'" + local GETOPT=$(getopt -q -o fomv:d:lh:l -l flag,opt,optional,mandatory,varname:,default:,local,help:,long -- "$@") + eval set -- "$GETOPT" + local type='f' var_name var_name_set default help long + while [[ -n "$@" ]]; do + case $1 in + --) + shift; break + ;; + -h|--help) + shift + help="$1" + ;; + -l|--long) + long=1 + ;; + -d|--default) + shift + default="$1" + ;; + -v|--varname|--var-name) + shift + var_name="$1" + var_name_set=1 + ;; + -f|--flag) + type='f' + ;; + -o|--opt|--optional) + type='o' + ;; + -m|--mandatory) + type='m' + ;; + *) + echo "unknown option '$1'" + return 1 + ;; + esac + shift; + done + [ -z "$var_name" ] && { + var_name=$(echo -n "$1" | cut -d '|' -f 1 | sed -e 's/-//g;s/^[0-9]/_\0/') + LogMoreHigh -f "constructing variable name '$var_name'" + } + local opts='' opts_help='' optsi='' + for optsi in $(echo -n "$1" | tr '|' ' '); do + if [[ ${#optsi} -ge 2 || $long -eq 1 ]]; then + opts="$opts|--$optsi" + opts_help="$opts_help|--$optsi[=ARG]" + __INTERNAL_opts_long="${__INTERNAL_opts_long},${optsi}" + LogMoreHigh -f "adding long option '$optsi'" + case $type in + m) + __INTERNAL_opts_long="${__INTERNAL_opts_long}:" + ;; + o) + __INTERNAL_opts_long="${__INTERNAL_opts_long}::" + ;; + esac + else + opts="$opts|-$optsi" + opts_help="$opts_help|-${optsi}[ARG]" + __INTERNAL_opts_short="${__INTERNAL_opts_short}${optsi}" + LogMoreHigh -f "adding short option '$optsi'" + case $type in + m) + __INTERNAL_opts_short="${__INTERNAL_opts_short}:" + ;; + o) + __INTERNAL_opts_short="${__INTERNAL_opts_short}::" + ;; + esac + fi + done + optsCode="${optsCode} + ${opts:1}) + optsPresent=\"\${optsPresent}$var_name \"" + LogMoreHigh -f "adding code for processing option '${opts:1}'" + __INTERNAL_opts_init_var="$__INTERNAL_opts_init_var +${__INTERNAL_opts_local}$var_name=()" + __INTERNAL_opts_default="$__INTERNAL_opts_default +[[ \"\$optsPresent\" =~ \$(echo \"\<${var_name}\>\") ]] || ${__INTERNAL_opts_local}$var_name='$default'" + case $type in + f) + [[ -z "$2" || -n "$var_name_set" ]] && { + local val=1 + [[ -n "$default" ]] && val='' + optsCode="$optsCode + $var_name+=( '$val' )" + } + __INTERNAL_opts_help="${__INTERNAL_opts_help} + ${opts:1}" + ;; + o|m) + optsCode="$optsCode + shift" + [[ -z "$2" || -n "$var_name_set" ]] && optsCode="$optsCode + $var_name+=( \"\$1\" )" + if [[ "$type" == "o" ]]; then + __INTERNAL_opts_help="${__INTERNAL_opts_help} + ${opts_help:1}" + else + __INTERNAL_opts_help="${__INTERNAL_opts_help} + ${opts:1} ARG" + fi + ;; + esac + [[ -n "$2" ]] && { + optsCode="$optsCode + $2" + } + optsCode="$optsCode + ;;" + + __INTERNAL_opts_help="${__INTERNAL_opts_help}${help:+ + $help +}" + LogMoreMed -f "end" +}; # end of optsAdd }}} + + +# optsBegin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsBegin() { + LogMoreMed -f "begin '$*'" + optsCode='' + optsPresent=' ' + __INTERNAL_opts_short='.' + __INTERNAL_opts_long='help' + __INTERNAL_opts_help='' + __INTERNAL_opts_local='' + __INTERNAL_opts_default='' + __INTERNAL_opts_init_var='' + [[ "${FUNCNAME[1]}" != "main" ]] && __INTERNAL_opts_local='local ' + while [[ -n "$1" ]]; do + case $1 in + --) + shift; break + ;; + -h|--help) + shift + __INTERNAL_opts_help="$1" + ;; + *) + echo "unknown option '$1'" + return 1 + ;; + esac + shift; + done + LogMoreMed -f "end" +}; # end of optsBegin }}} + + +# optsDone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsDone() { + LogMoreMed -f "begin '$*'" + optsCode="${__INTERNAL_opts_local}GETOPT=\$(getopt -o ${__INTERNAL_opts_short} -l ${__INTERNAL_opts_long} -- \"\$@\") +[[ \$? -ne 0 ]] && { + echo 'Exiting' + return 1 >& /dev/null + exit 1 +} +eval set -- \"\$GETOPT\" +${__INTERNAL_opts_init_var:1} +while [[ -n \"\$1\" ]]; do + case \$1 in + --) + shift; break + ;; +${optsCode} + + --help) + echo \"\$__INTERNAL_opts_help\" + return >& /dev/null + exit + ;; + *) + echo \"unknown option '\$1'\" + return 1 >& /dev/null + exit 1 + ;; + esac + shift +done +${__INTERNAL_opts_default:1} +unset optsCode __INTERNAL_opts_help __INTERNAL_opts_short __INTERNAL_opts_long __INTERNAL_opts_default __INTERNAL_opts_init_var __INTERNAL_opts_local +" + if ! echo "$optsCode" | grep -q -- '--help$'; then + __INTERNAL_opts_help="$__INTERNAL_opts_help + --help + Show this help." + fi + LogMoreHigh -f "optsCode:\n$optsCode" + LogMoreMed -f "end" +}; # end of optsDone }}} + + +# optsSelfCheck ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsSelfCheck() { + optsBegin -h "Usage: $0 [options] + + options: +" +# optsAdd 'help' -f 'echo help' + optsAdd 'flag' -f 'echo f' + optsAdd 'optional|o' -o "echo opt \$1" + optsAdd 'Optional|O' -o "echo opt \$1" --long + optsAdd 'mandatory|m' -m "echo man \$1" + optsDone + + echo "${optsCode}" + + echo ... + + eval "${optsCode}" + + echo ... + + fce() { + optsBegin -h "Usage: $0 [options] + + options: +" + # optsAdd 'help' -f 'echo help' + optsAdd 'flag' -f + optsAdd 'optional|o' -o "echo opt \$1" + optsAdd 'Optional|O' -o "echo opt \$1" --long + optsAdd 'mandatory|m' -m "echo man \$1" + optsDone + echo "${optsCode}" + + echo ... + + eval "${optsCode}" + + echo ... + } + + echo -e 'test for opts in function\n=========================' + fce --help +}; # end of optsSelfCheck }}} + + +# optsLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsLibraryLoaded() { + return 0 +}; # end of LogLibraryLoaded }}} + + +echo "done." + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + diff --git a/tests/run-as/distribution/Library/tcf/Makefile b/tests/run-as/distribution/Library/tcf/Makefile new file mode 100644 index 0000000..2566969 --- /dev/null +++ b/tests/run-as/distribution/Library/tcf/Makefile @@ -0,0 +1,60 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/tcf +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/tcf +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Block style coding with ability of skipping parts." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + @echo "Provides: library(distribution/tcf)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/run-as/distribution/Library/tcf/lib.sh b/tests/run-as/distribution/Library/tcf/lib.sh new file mode 100644 index 0000000..561b0ff --- /dev/null +++ b/tests/run-as/distribution/Library/tcf/lib.sh @@ -0,0 +1,903 @@ +#!/bin/bash +# try-check-final.sh +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = tcf +# library-version = 14 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_tcf_LIB_VERSION=14 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library Try-Check-Final + +=head1 DESCRIPTION + +This file contains functions which gives user the ability to define blocks of +code where some of the blocks can be automatically skipped if some of preceeding +blocks failed. + +ATTENTION +This plugin modifies some beakerlib functions! If you suspect that it breakes +some functionality set the environment variable TCF_NOHACK to nonempty value. + +=head1 USAGE + +To use this functionality you need to import library distribution/tcf and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/tcf)" >> $(METADATA) + +=head1 FUNCTIONS + +=cut + +echo -n "loading library try-check-final v$__INTERNAL_tcf_LIB_VERSION... " + + +let __INTERNAL_tcf_DEBUG_LEVEL_LOW=3 +let __INTERNAL_tcf_DEBUG_LEVEL_MED=$__INTERNAL_tcf_DEBUG_LEVEL_LOW+1 +let __INTERNAL_tcf_DEBUG_LEVEL_HIGH=$__INTERNAL_tcf_DEBUG_LEVEL_LOW+2 + +# global variables {{{ +__INTERNAL_tcf_result=0 +__INTERNAL_tcf_result_file="${BEAKERLIB_DIR:-"/var/tmp"}/tcf.result" +echo -n "$__INTERNAL_tcf_result" > "$__INTERNAL_tcf_result_file" +__INTERNAL_tcf_current_level_data=() +__INTERNAL_tcf_current_level_val=0 +__INTERNAL_tcf_journal=() +#}}} + + +# __INTERNAL_tcf_colorize ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_colorize() { + local a + case $1 in + PASS) + a="${__INTERNAL_tcf_color_green}${1}${__INTERNAL_tcf_color_reset}" + ;; + FAIL) + a="${__INTERNAL_tcf_color_red}${1}${__INTERNAL_tcf_color_reset}" + ;; + SKIPPING|WARNING) + a="${__INTERNAL_tcf_color_yellow}${1}${__INTERNAL_tcf_color_reset}" + ;; + BEGIN|INFO) + a="${__INTERNAL_tcf_color_blue}${1}${__INTERNAL_tcf_color_reset}" + ;; + *) + a=$1 + esac + echo -n "$a" +}; # end of __INTERNAL_tcf_colorize }}} + + +# __INTERNAL_tcf_colors_setup ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_colors_setup(){ + T="$TERM" + [[ -t 1 ]] || T="" + [[ -t 2 ]] || T="" + [[ "$1" == "--force" ]] && T="xterm" + case $T in + xterm|screen) + __INTERNAL_tcf_color_black="\e[0;30m" + __INTERNAL_tcf_color_dark_gray="\e[1;30m" + __INTERNAL_tcf_color_blue="\e[0;34m" + __INTERNAL_tcf_color_light_blue="\e[1;34m" + __INTERNAL_tcf_color_green="\e[0;32m" + __INTERNAL_tcf_color_light_green="\e[1;32m" + __INTERNAL_tcf_color_cyan="\e[0;36m" + __INTERNAL_tcf_color_light_cyan="\e[1;36m" + __INTERNAL_tcf_color_red="\e[0;31m" + __INTERNAL_tcf_color_light_red="\e[1;31m" + __INTERNAL_tcf_color_purple="\e[0;35m" + __INTERNAL_tcf_color_light_purple="\e[1;35m" + __INTERNAL_tcf_color_brown="\e[0;33m" + __INTERNAL_tcf_color_yellow="\e[1;33m" + __INTERNAL_tcf_color_light_gray="\e[0;37m" + __INTERNAL_tcf_color_white="\e[1;37m" + __INTERNAL_tcf_color_reset="\e[00m" + ;; + * ) + __INTERNAL_tcf_color_black="" + __INTERNAL_tcf_color_dark_gray="" + __INTERNAL_tcf_color_blue="" + __INTERNAL_tcf_color_light_blue="" + __INTERNAL_tcf_color_green="" + __INTERNAL_tcf_color_light_green="" + __INTERNAL_tcf_color_cyan="" + __INTERNAL_tcf_color_light_cyan="" + __INTERNAL_tcf_color_red="" + __INTERNAL_tcf_color_light_red="" + __INTERNAL_tcf_color_purple="" + __INTERNAL_tcf_color_light_purple="" + __INTERNAL_tcf_color_brown="" + __INTERNAL_tcf_color_yellow="" + __INTERNAL_tcf_color_light_gray="" + __INTERNAL_tcf_color_white="" + __INTERNAL_tcf_color_reset="" + ;; + esac +}; # end of __INTERNAL_tcf_colors_setup +__INTERNAL_tcf_colors_setup; # }}} + + +# __INTERNAL_tcf_copy_function ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_copy_function() { + declare -F $1 > /dev/null || return 1 + eval "$(echo -n "${2}() "; declare -f ${1} | tail -n +2)" +}; # end of __INTERNAL_tcf_copy_function }}} + + +# __INTERNAL_tcf_addE2R ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_addE2R() { + __INTERNAL_tcf_copy_function $1 TCF_orig_$1 + eval "${1}() { TCF_orig_${1} \"\$@\"; tcfE2R; }" +}; # end of __INTERNAL_tcf_addE2R }}} + + +# __INTERNAL_tcf_insertE2R ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_insertE2R() { + __INTERNAL_tcf_copy_function $1 TCF_orig_$1 + eval "$(echo -n "${1}() "; declare -f ${1} | tail -n +2 | sed -e 's/\(.*__INTERNAL_ConditionalAssert.*\)/\1\ntcfE2R;/')" +}; # end of __INTERNAL_tcf_insertE2R }}} + + +# __INTERNAL_tcf_get_current_level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_get_current_level() { + local l=$__INTERNAL_tcf_current_level_val + if [[ $1 ]]; then + l=$(($l+$1)) + fi + local i + for i in $(seq 1 $(($l*2)) ); do echo -n " "; done + return $l +}; # end of __INTERNAL_tcf_get_current_level }}} + + +# __INTERNAL_tcf_incr_current_level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_incr_current_level() { + let __INTERNAL_tcf_current_level_val++ + __INTERNAL_Log_prefix=$(__INTERNAL_tcf_get_current_level) +}; # end of __INTERNAL_tcf_incr_current_level }}} + + +# __INTERNAL_tcf_decr_current_level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_decr_current_level() { + let __INTERNAL_tcf_current_level_val-- + __INTERNAL_Log_prefix=$(__INTERNAL_tcf_get_current_level) +}; # end of __INTERNAL_tcf_decr_current_level }}} + + +# __INTERNAL_tcf_do_hack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_do_hack() { + LogDebug "TCF_NOHACK='$TCF_NOHACK'" + if [[ -z "$TCF_NOHACK" ]]; then + tcfChk "Apply TCF beakerlib hacks" && { + rlLog " injecting tcf hacks into the beakerlib functions" + echo -n "patching rlLog" + local rlL=$(declare -f rlLog | sed -e 's|\] ::|\0${__INTERNAL_Log_prefix}|;s|$3 $1"|${3:+"$3 "}$1"|') + eval "$rlL" + + echo -n ", rljAddTest" + __INTERNAL_tcf_copy_function rljAddTest __INTERNAL_tcf_orig_rljAddTest + true; rljAddTest() { + local a="${__INTERNAL_Log_prefix}$1"; shift + [[ "$1" != "FAIL" ]]; tcfE2R + __INTERNAL_tcf_journal=("${__INTERNAL_tcf_journal[@]}" "$1" "$a") + __INTERNAL_tcf_orig_rljAddTest "$a" "$@" + } + echo -n ", rljAddMessage" + __INTERNAL_tcf_copy_function rljAddMessage __INTERNAL_tcf_orig_rljAddMessage + true; rljAddMessage() { + local a="${__INTERNAL_Log_prefix}$1"; shift + __INTERNAL_tcf_journal=("${__INTERNAL_tcf_journal[@]}" "$1" "$a") + __INTERNAL_tcf_orig_rljAddMessage "$a" "$@" + } + echo -n ", __INTERNAL_LogAndJournalFail" + __INTERNAL_tcf_copy_function __INTERNAL_LogAndJournalFail __INTERNAL_tcf_orig___INTERNAL_LogAndJournalFail + true; __INTERNAL_LogAndJournalFail() { + tcfNOK + __INTERNAL_tcf_orig___INTERNAL_LogAndJournalFail "$@" + } + echo "." + tcfFin --no-assert --ignore; } + else + Log "skip hacking beakerlib functions" + fi +}; # end of __INTERNAL_tcf_do_hack }}} + + +# __INTERNAL_tcf_kill_old_plugin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_kill_old_plugin() { + tcfChk "Get rid of the old TCF implementation. removing" && { + local comma='' i + for i in Try Chk Fin E2R RES OK NOK NEG TCFcheckFinal TCFreport; do + echo -n "${comma}rl$i" + unset -f rl$i + comma=', ' + done + echo '.' + tcfFin --no-assert; } +}; # end of __INTERNAL_tcf_kill_old_plugin }}} + + +: <<'=cut' +=pod + +=head2 Block functions + +=cut + +# __INTERNAL_tcf_parse_params ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_parse_params() { + local GETOPT=$(getopt -q -o if: -l ignore,no-assert,fail-tag: -- "$@") + eval set -- "$GETOPT" + echo "local ignore noass title fail_tag" + echo "[ -z \"\$ignore\" ] && ignore=0" + echo "[ -z \"\$noass\" ] && noass=0" + echo "[ -z \"\$fail_tag\" ] && fail_tag='FAIL'" + while [[ -n "$@" ]]; do + case $1 in + --) + shift; break + ;; + --ignore|-i) + echo "ignore=1" + echo "noass=1" + ;; + --no-assert|-n) + echo "noass=1" + ;; + --fail-tag|-f) + shift + echo "fail_tag='$1'" + ;; + *) + echo "unknown option $1" + return 1 + ;; + esac + shift; + done + [[ -n "$1" ]] && echo "title=\"${1}\"" + echo "eval set -- \"$(echo "$GETOPT" | sed -e 's/.*-- //')\"" +}; # end of __INTERNAL_tcf_parse_params }}} + + +# tcfTry ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfTry + +Starting function of block which will be skipped if an error has been detected +by tcfFin function occurent before. + + tcfTry ["title"] [-i|--ignore] [--no-assert] [--fail-tag TAG] && { + + tcfFin; } + +If title is omitted than noting is printed out so no error will be reported (no +Assert is executed) thus at least the very top level tcfTry should have title. + +tcfTry and tcfChk blocks are stackable so you can organize them into a hierarchy +structure. + +Note that tcfFin has to be used otherwise the overall result will not be +accurate. + +=over + +=item title + +Text which will be displayed and logged at the beginning and the end (in tcfFin +function) of the block. + +=item -i, --ignore + +Do not propagate the actual result to the higher level result. + +=item -n, --no-assert + +Do not log error into the journal. + +=item -f, --fail-tag TAG + +If the result of the block is FAIL, use TAG instead ie. INFO or WARNING. + +=back + +Returns 1 if and error occured before, otherwise returns 0. + +=cut + +tcfTry() { + LogMoreLow -f "begin '$*'" + local vars=$(__INTERNAL_tcf_parse_params "$@") || { Log "$vars" FAIL; return 1; } + LogMoreMed -f "vars:\n$vars" + LogMoreLow -f "evaluating options start" + eval "$vars" + LogMoreLow -f "evaluating options end" + local incr= + local pp="SKIPPING" + tcfRES; # to set __INTERNAL_tcf_result + LogMoreLow -f "result was $__INTERNAL_tcf_result" + if [[ $__INTERNAL_tcf_result -eq 0 ]]; then + __INTERNAL_tcf_current_level_data=("$__INTERNAL_tcf_result" "$vars" "${__INTERNAL_tcf_current_level_data[@]}") + pp="BEGIN" + incr=1 + fi + if [[ -n "$title" ]]; then + Log "$title" "$pp" + [[ -n "$incr" ]] && { + LogMoreLow -f "increment indentation level" + __INTERNAL_tcf_incr_current_level + } + fi + LogMoreLow -f "end" + return $__INTERNAL_tcf_result +}; # end of tcfTry }}} + + +# tcfChk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfChk + +Starting function of block which will be always executed. + + tcfChk ["title"] [-i|--ignore] [--no-assert] [--fail-tag TAG] && { + + tcfFin; } + +If title is omitted than noting is printed out so no error will be reported (no +Assert is executed) thus at least the very top level tcfChk should have title. + +tcfTry and tcfChk blocks are stackable so you can organize them into a hierarchy +structure. + +Note that tcfFin has to be used otherwise the overall result will not be +accurate. + +For details about arguments see tcfTry. + +Returns 0. + +=cut + +tcfChk() { + LogMoreLow -f "begin '$*'" + tcfRES; # to set __INTERNAL_tcf_result + local res=$__INTERNAL_tcf_result + tcfRES 0 + tcfTry "$@" + __INTERNAL_tcf_current_level_data[0]=$res + LogMoreLow -f "end" + return $__INTERNAL_tcf_result +}; # end of tcfChk }}} + + +# tcfFin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfFin + +Ending function of block. It does some evaluation of previous local and global +results and puts it into the global result. + + tcfTry ["title"] && { + + tcfFin [-i|--ignore] [--no-assert] [--fail-tag TAG]; } + +Local result is actualy exit code of the last command int the body. + +Global result is an internal varibale hodning previous local results. +Respectively last error or 0. + +For details about arguments see tcfTry. + +Returns local result of the preceeding block. + +=cut + +tcfFin() { + local RES=$? + LogMoreLow -f "begin '$*'" + LogMoreMed -f "previous exit code was '$RES'" + local vars=$(__INTERNAL_tcf_parse_params "$@") || { Log "$vars" FAIL; return 1; } + LogMoreMed -f "vars:\n$vars" + LogMoreLow -f "evaluating options start" + eval "$vars" + LogMoreLow -f "evaluating options end" + tcfRES; # to set __INTERNAL_tcf_result + [[ $RES -ne 0 ]] && tcfRES $RES + RES=$__INTERNAL_tcf_result + LogMoreMed -f "overall result is '$RES'" + LogMoreMed -f "data:\n${__INTERNAL_tcf_current_level_data[1]}" + LogMoreLow -f "evaluating data start" + eval "${__INTERNAL_tcf_current_level_data[1]}" + LogMoreLow -f "evaluating data end" + if [[ -n "$title" ]]; then + __INTERNAL_tcf_decr_current_level + if [[ $ignore -eq 1 ]]; then + RES=0 + [[ $__INTERNAL_tcf_result -ne 0 ]] && title="$title - ignored" + fi + if [[ $noass -eq 0 ]]; then + tcfAssert0 "$title" $__INTERNAL_tcf_result "$fail_tag" + else + if [[ $__INTERNAL_tcf_result -eq 0 ]]; then + local pp="PASS" + LogInfo "$title - $pp" + else + local pp="${fail_tag:-FAIL}" + LogWarn "$title - $pp" + fi + fi + fi + if [[ $__INTERNAL_tcf_result -eq 0 || $ignore -eq 1 ]]; then + tcfRES ${__INTERNAL_tcf_current_level_data[0]} + fi + local i + for i in 0 1; do unset __INTERNAL_tcf_current_level_data[$i]; done + __INTERNAL_tcf_current_level_data=("${__INTERNAL_tcf_current_level_data[@]}") + LogMoreLow -f "end" + return $RES +}; # end of tcfFin }}} + +: <<'=cut' +=pod + +=head2 Functions for manipulation with the results + +=cut + + +# tcfRES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfRES + +Sets and return the global result. + + tcfRES [-p|--print] [number] + +=over + +=item -p --print + +Also print the result value. + +=item number + +If present the global result is set to this value. + +=back + +Returns global result. + +=cut + +tcfRES() { + local p=0 + while [[ -n "$1" ]]; do + case $1 in + --print|-p) + p=1 + ;; + *) + break + ;; + esac + shift + done + if [[ -n "$1" ]]; then + __INTERNAL_tcf_result=$1 + echo -n "$__INTERNAL_tcf_result" > "$__INTERNAL_tcf_result_file" + else + __INTERNAL_tcf_result="$(cat "$__INTERNAL_tcf_result_file")" + fi + [[ $p -eq 1 ]] && echo $__INTERNAL_tcf_result + return $__INTERNAL_tcf_result +}; # end of tcfRES }}} + + +# tcfOK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfOK + +Sets the global result to 0. + + tcfOK + +Returns global result. + +=cut + +tcfOK() { + tcfRES 0 +}; # end of tcfOK }}} + + +# tcfNOK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfNOK + +Sets the global result to 1 or given number. + + tcfNOK [number] + +=over + +=item number + +If present the global result is set to this value. + +=back + +Returns global result. + +=cut + +tcfNOK() { + if [[ -n "$1" ]]; then + [[ $1 -eq 0 ]] && echo "You have requested result '0'. You should use tcfOK instead." + tcfRES $1 + else + tcfRES 1 + fi +}; # end of tcfNOK }}} + + +# tcfE2R ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfE2R + +Converts exit code of previous command to local result if the exit code is not 0 +(zero). + + + tcfE2R [number] + +=over + +=item number + +If present use it instead of exit code. + +=back + +Returns original exit code or given number. + +=cut + +tcfE2R() { + local res=$? + [[ -n "$1" ]] && res=$1 + [[ $res -ne 0 ]] && tcfRES $res + return $res +}; # end of tcfE2R }}} + + +: <<'=cut' +=pod + +=head2 Functions for manipulation with the exit codes + +=cut + + +# tcfNEG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfNEG + +Negates exit code of previous command. + + + tcfNEG + +Returns 1 if original exit code was 0, otherwise returns 0. + +=cut + +tcfNEG() { + [[ $? -eq 0 ]] && return 1 || return 0 +}; # end of tcfNEG }}} + + +# tcfRun ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfRun + +Simmilar to rlRun but it also annouces the beginnign of the command. + + tcfRun [--fail-tag|-f TAG] command [exp_result [title]] + +Moreover if 'command not found' appears on STDERR it should produce WARNING. + +=over + +=item command + +Command to execute. + +=item exp_result + +Specification of expect resutl. + +It can be a list of values or intervals or * for any result. Also negation (!) can be used. + + Example: + + <=2,7,10-12,>252,!254 means following values 0,1,2,7,10,11,12,253,255 + +=item title + +Text which will be displayed and logged at the beginning and the end of command execution. + +=item --fail-tag | -f + +If the command fails use TAG instead of FAIL. + +=back + +Returns exit code of the executed command. + +=cut + +tcfRun() { + LogMore_ -f "begin $*" + optsBegin + optsAdd 'fail-tag|f' --mandatory + optsAdd 'timeout' --optional 'timeout="${1:-10}"' + optsAdd 'kill-timeout|kt' --mandatory --default 5 + optsAdd 'signal' --mandatory --default TERM + optsAdd 'check-code' --mandatory --default 'kill -0 $cmdpid >&/dev/null' + optsAdd 'kill-code' --mandatory --default '/bin/kill -$signal -- $cmdpid' + optsAdd 'allow-skip|as' --flag + optsAdd 'no-assert|n' --flag + optsDone; eval "${optsCode}" + LogMore_ -f "after opts $*" + [[ -z "$allowskip" ]] && tcfChk + local orig_expecode="${2:-0}" + local expecode="$orig_expecode" + [[ "$expecode" == "*" ]] && expecode="0-255" + local command="$1" + local comment="Running command '$command'" + [[ -n "$3" ]] && comment="$3" + [[ -n "$expecode" ]] && { + expecode=$(echo "$expecode" | tr ',-' '\n ' | sed -e 's/^!=/!/;s/^=//;s/^<=\(.\+\)$/0 \1/;s/^>=\(.\+\)$/\1 255/;s/^<\(.\+\)$/0 \$(( \1 - 1 ))/;s/^>\(.\+\)$/\$(( \1 + 1 )) 255/' | while read line; do [[ "$line" =~ ^[^\ ]+$ ]] && echo "$line" || eval seq $line; done; ) + tcfE2R + LogMoreLow -f "orig_expecode='$orig_expecode'" + LogMoreLow -f "expecode='$expecode'" + } + tcfTry ${noassert:+--no-assert} "$comment" && { + local errout=$(mktemp) + LogMoreLow -f "executing '$command'" + if [[ "$optsPresent" =~ $(echo "\") ]]; then + LogDebug -f "using watchdog feature" + local ec="$(mktemp)" + eval "$command; echo $? > $ec 2> >(tee $errout)" & + local cmdpid=$! + local time_start=$(date +%s) + local timeout_t=$(( $time_start + $timeout )) + while true; do + if ! eval "$checkcode"; then + Log "command finished in $(($(date +%s) - $time_start )) seconds" + local res="$(cat $ec)" + break + elif [[ $(date +%s) -ge $timeout_t ]]; then + echo + Log "command is still running, sending $signal signal" + eval "$killcode" + tcfNOK 255 + echo 255 > $ec + let timeout_t+=killtimeout + signal=KILL + fi + sleep 0.1 + done + rm -f $ec + else + eval "$command" 2> >(tee $errout) + local res=$? + fi + LogMoreLow -f "got '$res'" + local resmatch=$(echo "$expecode" | grep "^\!\?${res}$") + LogMoreLow -f "resmatch='$resmatch'" + [[ -n "$resmatch" && ! "$resmatch" =~ '!' ]] + if tcfE2R; then + ! grep -iq "command not found" $errout || { failtag='WARNING'; tcfNOK; } + else + Log "Expected result was '$orig_expecode', got '$res'!" + fi + tcfFin ${failtag:+--fail-tag "$failtag"}; } + rm -f $errout + [[ -z "$allowskip" ]] && tcfFin + LogMore_ -f "end $*" + return $res +}; # end of tcfRun }}} + + +: <<'=cut' +=pod + +=head2 Functions for logging + +=cut + + +# tcfAssert0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +tcfAssert0() { + LogMoreLow -f "begin '$*'" + local RES="${3:-FAIL}" + [[ $2 -eq 0 ]] && RES='PASS' + Log "$1" $RES + LogMoreLow -f "end" +}; # end of tcfAssert0 }}} + + +# tcfCheckFinal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfCheckFinal + +Check that all tcfTry / tcfChk functions have been close by tcfFin. + + tcfCheckFinal + +=cut + +tcfCheckFinal() { + tcfAssert0 "Check that TCF block cache is empty" ${#__INTERNAL_tcf_current_level_data[@]} + tcfAssert0 "Check that TCF current level is 0" $__INTERNAL_tcf_current_level_val +}; # end of tcfCheckFinal }}} + + +echo "done." + +: <<'=cut' +=pod + +=head2 Self check functions + +=cut + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# tcfSelfCheck {{{ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +: <<'=cut' +=pod + +=head3 tcfSelfCheck + +Does some basic functionality tests. + + tcfSelfCheck + +The function is called also by the following command: + + ./lib.sh selfcheck + +=cut + + +tcfSelfCheck() { + tcfChk "check 1" &&{ + tcfTry "try 1.1 - true" &&{ + true + tcfFin;} + tcfTry "try 1.2 - false" &&{ + false + tcfFin;} + tcfTry "try 1.3 - true" &&{ + true + tcfFin;} + tcfFin;} + tcfChk "check 2" &&{ + tcfTry "try 2.1 - true" &&{ + true + tcfFin;} + tcfTry "try 2.2 - true - ignore" &&{ + true + tcfFin -i;} + tcfTry "try 2.3 - true" &&{ + true + tcfFin;} + tcfFin;} + tcfChk "check 3" &&{ + tcfTry "try 3.1 - true" &&{ + true + tcfFin;} + tcfTry "try 3.2 - false - ignore" &&{ + false + tcfFin -i;} + tcfTry "try 3.3 - true" &&{ + true + tcfFin;} + tcfFin;} + tcfCheckFinal + tcfAssert0 "Overall result" $(tcfRES -p) + LogReport +} +if [[ "$1" == "selfcheck" ]]; then + tcfSelfCheck +fi; # end of tcfSelfCheck }}} + + +# tcfLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +tcfLibraryLoaded() { + rlImport distribution/Log + declare -F rlDie > /dev/null && { + #rlJournalStart + #rlPhaseStartSetup "TCF" + echo -e "\nrunning inside the beakerlib - using rlAssert0" + true; tcfAssert0() { + local text="$1" + [[ "$3" != "FAIL" && "$3" != "PASS" ]] && text="$text - $3" + __INTERNAL_ConditionalAssert "$text" "$2" + } + __INTERNAL_tcf_do_hack + #rlPhaseEnd + #rlJournalEnd + }; + if declare -F rlE2R >& /dev/null; then + __INTERNAL_tcf_kill_old_plugin + fi + true +}; # end of tcfLibraryLoaded }}} + + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + + diff --git a/tests/run-as/distribution/Library/testUser/Makefile b/tests/run-as/distribution/Library/testUser/Makefile new file mode 100644 index 0000000..037162e --- /dev/null +++ b/tests/run-as/distribution/Library/testUser/Makefile @@ -0,0 +1,60 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/testUser +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/testUser +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Setup/cleanup standard testing user." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + @echo "Provides: library(distribution/testUser)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/run-as/distribution/Library/testUser/lib.sh b/tests/run-as/distribution/Library/testUser/lib.sh new file mode 100644 index 0000000..24da7a6 --- /dev/null +++ b/tests/run-as/distribution/Library/testUser/lib.sh @@ -0,0 +1,234 @@ +#!/bin/bash +# try-check-final.sh +# Authors: Dalibor Pospíšil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = testUser +# library-version = 7 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library testUser + +=head1 DESCRIPTION + +This library provide s function for maintaining testing users. + +=head1 USAGE + +To use this functionality you need to import library distribution/testUser and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/testUser)" >> $(METADATA) + +=head1 VARIABLES + +=over + +=item testUser + +Array of testing user login names. + +=item testUserPasswd + +Array of testing users passwords. + +=item testUserUID + +Array of testing users UIDs. + +=item testUserGID + +Array of testing users primary GIDs. + +=item testUserGroup + +Array of testing users primary group names. + +=item testUserGIDs + +Array of space separated testing users all GIDs. + +=item testUserGroups + +Array of space separated testing users all group names. + +=item testUserGecos + +Array of testing users gecos fields. + +=item testUserHomeDir + +Array of testing users home directories. + +=item testUserShell + +Array of testing users default shells. + +=back + +=head1 FUNCTIONS + +=cut + +echo -n "loading library testUser... " + +: <<'=cut' +=pod + +=head3 testUserSetup, testUserCleanup + +Creates/removes testing user(s). + + rlPhaseStartSetup + testUserSetup [NUM] + rlPhaseEnd + + rlPhaseStartCleanup + testUserCleanup + rlPhaseEnd + +=over + +=item NUM + +Optional number of user to be created. If not specified one user is created. + +=back + +Returns 0 if success. + +=cut + + +testUserSetup() { + # parameter dictates how many users should be created, defaults to 1 + local res=0 + local count_created=0 + local count_wanted=${1:-"1"} + local index=0 + (( $count_wanted < 1 )) && return 1 + + while (( $count_created != $count_wanted ));do + let index++ + local newUser="testuser${index}" + local newUserPasswd="redhat" + id "$newUser" &> /dev/null && continue # if user with the name exists, try again + + # create + useradd -m $newUser >&2 || ((res++)) + echo "$newUserPasswd" | passwd --stdin $newUser || ((res++)) + + # save the users array + testUser+=($newUser) + testUserPasswd+=($newUserPasswd) + set | grep "^testUser=" > $__INTERNAL_testUser_users_file + set | grep "^testUserPasswd=" >> $__INTERNAL_testUser_users_file + ((count_created++)) + done + __INTERNAL_testUserRefillInfo || ((res++)) + + echo ${res} + [[ $res -eq 0 ]] +} + + +__INTERNAL_testUserRefillInfo() { + local res=0 + local user + testUserUID=() + testUserGID=() + testUserGroup=() + testUserGIDs=() + testUserGroups=() + testUserGecos=() + testUserHomeDir=() + testUserShell=() + + for user in ${testUser[@]}; do + local ent_passwd=$(getent passwd ${user}) || ((res++)) + local users_id="$(id ${user})" || ((res++)) + # testUser is filled during user creation - already present + # testUserPasswd is saved same way as testUser - already present + testUserUID+=("$(echo "$ent_passwd" | cut -d ':' -f 3)") + testUserGID+=("$(echo "$ent_passwd" | cut -d ':' -f 4)") + testUserGroup+=("$(echo "$users_id" | sed -r 's/.*gid=(\S+).*/\1/;s/[[:digit:]]+\(//g;s/\)//g;s/,/ /g')") + testUserGIDs+=("$(echo "$users_id" | sed -r 's/.*groups=(\S+).*/\1/;s/\([^\)]+\)//g;s/\)//g;s/,/ /g')") + testUserGroups+=("$(echo "$users_id" | sed -r 's/.*groups=(\S+).*/\1/;s/[[:digit:]]+\(//g;s/\)//g;s/,/ /g')") + testUserGecos+=("$(echo "$ent_passwd" | cut -d ':' -f 5)") + testUserHomeDir+=("$(echo "$ent_passwd" | cut -d ':' -f 6)") + testUserShell+=("$(echo "$ent_passwd" | cut -d ':' -f 7)") + done + + echo ${res} + [[ $res -eq 0 ]] +} + + +testUserCleanup() { + local res=0 + for user in ${testUser[@]}; do + userdel -rf "$user" >&2 || ((res++)) + done + unset testUser + __INTERNAL_testUserRefillInfo + rm -f $__INTERNAL_testUser_users_file >&2 || ((res++)) + + echo ${res} + [[ $res -eq 0 ]] +} + + + +# testUserLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +testUserLibraryLoaded() { + local res=0 + # necessary init steps + __INTERNAL_testUser_users_file="$BEAKERLIB_DIR/users" + + # try to fill in users array with previous data + [[ -f ${__INTERNAL_testUser_users_file} ]] && . ${__INTERNAL_testUser_users_file} >&2 + __INTERNAL_testUserRefillInfo >&2 || ((res++)) + + [[ $res -eq 0 ]] +}; # end of testUserLibraryLoaded }}} + + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + +echo "done." + diff --git a/tests/run-as/runtest.sh b/tests/run-as/runtest.sh new file mode 100755 index 0000000..13fcd5b --- /dev/null +++ b/tests/run-as/runtest.sh @@ -0,0 +1,163 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/sudo/Sanity/run-as +# Description: Test feature 'run as'. This means -u, -g options. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1151, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="sudo" + +rlJournalStart && { + rlPhaseStartSetup && { + [[ -z "$BEAKERLIB_LIBRARY_PATH" ]] && BEAKERLIB_LIBRARY_PATH="`dirname "$(readlink -f "$0")"`" + rlRun "rlImport --all" 0 "Import libraries" || rlDie "cannot continue" + tcfRun "rlCheckMakefileRequires" + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'" + CleanupRegister 'rlRun "popd"' + rlRun "pushd $TmpDir" + CleanupRegister 'tcfRun "testUserCleanup"' + tcfRun "testUserSetup 5" + CleanupRegister 'rlRun "rlFileRestore"' + rlRun "rlFileBackup --clean /etc/sudoers.d" + cat > /etc/sudoers.d/testing << EOF + Defaults !requiretty + $testUser ALL = (ALL:ALL) NOPASSWD: ALL + ${testUser[1]} ALL = ( ${testUser[0]} ) NOPASSWD: ALL + ${testUser[2]} ALL = ( ${testUser[0]}, ${testUser[1]} ) NOPASSWD: ALL + ${testUser[3]} ALL = ( : ${testUserGroup[1]}, ${testUser[0]} ) NOPASSWD: ALL + ${testUser[4]} ALL = ( ${testUser[0]} : ${testUserGroup[2]} ) NOPASSWD: ALL +EOF + rlRun "cat /etc/sudoers.d/testing" + rlPhaseEnd; } + + CMD='bash -c "ps -o user:15,group:15,ruser:15,rgroup:15,args --ppid $$"' + + tcfTry "Tests" --no-assert && { + test() { + local who="$1" as="$2" as_grp="$3" exp_res="$4" + if [[ -z "$exp_res" || "$exp_res" == "0" ]]; then + rlRun -s "su -l $who -c 'sudo ${as:+-u $as} ${as_grp:+-g $as_grp} $CMD'" + [[ -n "$as_grp" && -z "$as" ]] && as="$who" + as="${as:-root}" + as_grp="${as_grp:-$as}" + rlAssertGrep "$as\s+$as_grp\s+$as\s+$as_grp\s+" $rlRun_LOG -Eq + rm -f $rlRun_LOG + else + rlRun -s "su -l $who -c 'sudo ${as:+-u $as} ${as_grp:+-g $as_grp} $CMD'" 1 + [[ -n "$as_grp" && -z "$as" ]] && as="$who" + as="${as:-root}" + as_grp="${as_grp:-$as}" + rlAssertNotGrep "$as\s+$as_grp\s+$as\s+$as_grp\s+" $rlRun_LOG -Eq + rm -f $rlRun_LOG + fi + } + rlPhaseStartTest "run as a default user" && { + tcfChk "Test phase" && { + tcfChk "$testUser can run as all" && { + test $testUser "" "" "" 0 + tcfFin; } + tcfChk "${testUser[1]} cannot run as anyone" && { + test ${testUser[1]} "" "" 1 + tcfFin; } + tcfChk "${testUser[2]} cannot run as anyone" && { + test ${testUser[2]} "" "" 1 + tcfFin; } + tcfFin; } + rlPhaseEnd; } + + rlPhaseStartTest "run as a user (-u)" && { + tcfChk "Test phase" && { + tcfChk "$testUser can run as all" && { + test $testUser "root" "" 0 + test $testUser "${testUser[1]}" "" 0 + test $testUser "${testUser[2]}" "" 0 + tcfFin; } + tcfChk "${testUser[1]} can run as $testUser" && { + test ${testUser[1]} "root" "" 1 + test ${testUser[1]} "${testUser[0]}" "" 0 + test ${testUser[1]} "${testUser[2]}" "" 1 + tcfFin; } + tcfChk "${testUser[2]} can run as $testUser and ${testUser[1]}" && { + test ${testUser[2]} "root" "" 1 + test ${testUser[2]} "${testUser[0]}" "" 0 + test ${testUser[2]} "${testUser[1]}" "" 0 + tcfFin; } + tcfFin; } + rlPhaseEnd; } + + rlPhaseStartTest "run as a group (-g)" && { + tcfChk "Test phase" && { + tcfChk "$testUser can run as all" && { + test $testUser "" "root" 0 + test $testUser "" "${testUserGroup[1]}" 0 + test $testUser "" "${testUserGroup[2]}" 0 + tcfFin; } + tcfChk "${testUser[4]} can run as ${testUserGroup[2]}" && { + test ${testUser[4]} "" "root" 1 + test ${testUser[4]} "" "${testUserGroup[0]}" 1 + test ${testUser[4]} "" "${testUserGroup[2]}" 0 + tcfFin; } + #tcfChk "${testUser[2]} can run as ${testUserGroup[1]}" && { + # test ${testUser[2]} "" "root" 1 + # test ${testUser[2]} "" "${testUserGroup[1]}" 1 + # test ${testUser[2]} "" "${testUserGroup[2]}" 1 + #tcfFin; } + #tcfChk "${testUser[3]}" && { + # test ${testUser[2]} "" "root" 1 + # test ${testUser[2]} "" "${testUserGroup[1]}" 0 + # test ${testUser[2]} "" "${testUserGroup[2]}" 0 + #tcfFin; } + tcfFin; } + rlPhaseEnd; } + + rlPhaseStartTest "run as both user (-u) and group (-g)" && { + tcfChk "Test phase" && { + tcfChk "$testUser can run as all" && { + test $testUser "${testUser[1]}" "root" 0 + test $testUser "${testUser[2]}" "${testUserGroup[1]}" 0 + test $testUser "${testUser[1]}" "${testUserGroup[2]}" 0 + tcfFin; } + tcfChk "${testUser[4]} can run as ${testUser[0]} ${testUserGroup[2]}" && { + test ${testUser[4]} "${testUser[0]}" "root" 1 + test ${testUser[4]} "${testUser[0]}" "${testUserGroup[0]}" 0 + #test ${testUser[4]} "${testUser[0]}" "${testUserGroup[4]}" 0 + test ${testUser[4]} "${testUser[4]}" "${testUserGroup[4]}" 0 + test ${testUser[4]} "${testUser[0]}" "${testUserGroup[3]}" 1 + test ${testUser[4]} "${testUser[0]}" "${testUserGroup[2]}" 0 + tcfFin; } + tcfFin; } + rlPhaseEnd; } + tcfFin; } + + rlPhaseStartCleanup && { + CleanupDo + tcfCheckFinal + rlPhaseEnd; } + rlJournalPrintText +rlJournalEnd; } diff --git a/tests/sudoers-options-sanity-test/Makefile b/tests/sudoers-options-sanity-test/Makefile new file mode 100644 index 0000000..cc8a3bd --- /dev/null +++ b/tests/sudoers-options-sanity-test/Makefile @@ -0,0 +1,67 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/sudo/Sanity/sudoers-options-sanity-test +# Description: This sanity test checks pre-defined (some are commented) options (examples) in sudoers file. +# Author: Ales Marecek +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/sudo/Sanity/sudoers-options-sanity-test +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Ales Marecek " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/tcf)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Cleanup)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/ConditionalPhases)" >> $(METADATA) + @echo "RhtsRequires: library(distribution/testUser)" >> $(METADATA) + @echo "Description: This sanity test checks pre-defined (some are commented) options (examples) in sudoers file." >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 30m" >> $(METADATA) + @echo "RunFor: sudo" >> $(METADATA) + @echo "Requires: sudo grep coreutils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/sudoers-options-sanity-test/PURPOSE b/tests/sudoers-options-sanity-test/PURPOSE new file mode 100644 index 0000000..3bff2f9 --- /dev/null +++ b/tests/sudoers-options-sanity-test/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/sudo/Sanity/sudoers-options-sanity-test +Description: This sanity test checks pre-defined (some are commented) options (examples) in sudoers file. +Author: Ales Marecek diff --git a/tests/sudoers-options-sanity-test/distribution/Library/Cleanup/Makefile b/tests/sudoers-options-sanity-test/distribution/Library/Cleanup/Makefile new file mode 100644 index 0000000..3e5a8e1 --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/Cleanup/Makefile @@ -0,0 +1,59 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/Cleanup +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/Cleanup +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Provides function to define cleanup stack which can do its work at any time of the test run." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "Provides: library(distribution/Cleanup)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/sudoers-options-sanity-test/distribution/Library/Cleanup/lib.sh b/tests/sudoers-options-sanity-test/distribution/Library/Cleanup/lib.sh new file mode 100644 index 0000000..c66d21c --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/Cleanup/lib.sh @@ -0,0 +1,314 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = Cleanup +# library-version = 9 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_Cleanup_LIB_VERSION=9 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library Cleanup + +=head1 DESCRIPTION + +This file contains functions which provides cleanup stack functionality. + +=head1 USAGE + +To use this functionality you need to import library distribution/Cleanup and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/Cleanup)" >> $(METADATA) + +B + + rlJournalStart + rlPhaseStartSetup + rlImport 'distribution/Cleanup' + tmp=$(mktemp) + CleanupRegister " + rlLog 'Removing data' + rlRun \"rm -f ${tmp}\" + " + rlLog 'Creating some data' + rlRun "echo 'asdfalkjh' > $tmp" + + CleanupRegister " + rlLog 'just something to demonstrate unregistering' + " + ID1=$CleanupRegisterID + CleanupUnregister $ID1 + + CleanupRegister " + rlLog 'just something to demonstrate partial cleanup' + " + ID2=$CleanupRegisterID + CleanupRegister "rlLog 'cleanup some more things'" + # cleanup everything upto ID2 + CleanupDo $ID2 + + CleanupRegister --mark " + rlLog 'yet another something to demonstrate partial cleanup using internal ID saving' + " + CleanupRegister "rlLog 'cleanup some more things'" + # cleanup everything upto last mark + CleanupDo --mark + rlPhaseEnd + + rlPhaseStartCleanup + CleanupDo + rlPhaseEnd + + rlJournalPrintText + rlJournalEnd + +=head1 FUNCTIONS + +=cut + +echo -n "loading library Cleanup v$__INTERNAL_Cleanup_LIB_VERSION... " + +__INTERNAL_Cleanup_stack_file="$BEAKERLIB_DIR/Cleanup_stack" +touch "$__INTERNAL_Cleanup_stack_file" +chmod ug+rw "$__INTERNAL_Cleanup_stack_file" + +# CleanupRegister ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# CleanupRegister [--mark] CLEANUP_CODE +# --mark - also mark this position +CleanupRegister() { + local mark=0 + [[ "$1" == "--mark" ]] && { + mark=1 + shift + } + if ! CleanupGetStack; then + rlLogError "cannot continue, could not get cleanup stack" + return 1 + fi + CleanupRegisterID="${RANDOM}$(date +"%s%N")" + echo -n "Registering cleanup ID=$CleanupRegisterID" >&2 + if [[ $mark -eq 1 ]]; then + __INTERNAL_CleanupMark=( "$CleanupRegisterID" "${__INTERNAL_CleanupMark[@]}" ) + echo -n " with mark" >&2 + fi + echo " '$1'" >&2 + rlLogDebug "prepending '$1'" + local ID_tag="# ID='$CleanupRegisterID'" + __INTERNAL_Cleanup_stack="$ID_tag +$1 +$ID_tag +$__INTERNAL_Cleanup_stack" + if ! CleanupSetStack "$__INTERNAL_Cleanup_stack"; then + rlLogError "an error occured while registering the cleanup '$1'" + return 1 + fi + return 0 +}; # end of CleanupRegister }}} + + +# __INTERNAL_Cleanup_get_stack_part ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# 1: ID +# -ID - everything upto the ID +# 2: '' - return ID only +# 'rest' - return exact oposit +__INTERNAL_Cleanup_get_stack_part() { + rlLogDebug "__INTERNAL_Cleanup_get_stack_part(): $* begin" + local ID="$1" + local n='1 0 1' + local stack='' + [[ "${ID:0:1}" == "-" ]] && { + ID="${ID:1}" + n='0 0 1' + } + [[ "$2" == "rest" ]] && { + n="$(echo "${n//0/2}")" + n="$(echo "${n//1/0}")" + n="$(echo "${n//2/1}")" + } + n=($n) + [[ -n "$DEBUG" ]] && rlLogDebug "$(set | grep ^n=)" + local ID_tag="# ID='$ID'" + while IFS= read -r line; do + + [[ "$line" == "$ID_tag" ]] && { + n=( "${n[@]:1}" ) + continue + } + if [[ $n -eq 0 ]]; then + stack="$stack +$line" + fi + done < <(echo "$__INTERNAL_Cleanup_stack") + rlLogDebug "__INTERNAL_Cleanup_get_stack_part(): cleanup stack part is '${stack:1}'" + echo "${stack:1}" + rlLogDebug "__INTERNAL_Cleanup_get_stack_part(): $* end" +}; # end of __INTERNAL_Cleanup_get_stack_part }}} + +# CleanupUnregister ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupUnregister() { + local ID="$1" + rlLog "Unregistering cleanup ID='$ID'" + if ! CleanupGetStack; then + rlLogError "cannot continue, could not get cleanup stack" + return 1 + fi + rlLogDebug "removing ID='$ID'" + if ! CleanupSetStack "$(__INTERNAL_Cleanup_get_stack_part "$ID" 'rest')"; then + rlLogError "an error occured while registering the cleanup '$1'" + return 1 + fi + return 0 +}; # end of CleanupUnregister }}} + + +# CleanupMark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_CleanupMark=() +CleanupMark() { + echo -n "Setting cleanup mark" >&2 + CleanupRegister --mark '' 2>/dev/null + local res=$? + echo " ID='$CleanupRegisterID'" >&2 + return $res +}; # end of CleanupMark }}} + + +# CleanupDo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# 1: '' - cleanup all +# ID - cleanup ID only +# -ID - cleanup all upto ID, including +# mark - cleanup all unto last mark, including +CleanupDo() { + local ID="$1" + if ! CleanupGetStack; then + rlLogError "cannot continue, could not get cleanup stack" + return 1 + fi + local res tmp newstack='' + tmp="$(mktemp)" + if [[ "$ID" == "mark" || "$ID" == "--mark" ]]; then + echo "execute cleanup upto mark='$__INTERNAL_CleanupMark'" >&2 + __INTERNAL_Cleanup_get_stack_part "-$__INTERNAL_CleanupMark" | grep -v "^# ID='" > "$tmp" + newstack="$(__INTERNAL_Cleanup_get_stack_part "-$__INTERNAL_CleanupMark" 'rest')" + __INTERNAL_CleanupMark=("${__INTERNAL_CleanupMark[@]:1}") + elif [[ -n "$ID" ]]; then + echo "execute cleanup for ID='$ID'" >&2 + __INTERNAL_Cleanup_get_stack_part "$ID" | grep -v "^# ID='" > "$tmp" + newstack="$(__INTERNAL_Cleanup_get_stack_part "$ID" 'rest')" + else + CleanupTrapUnhook + trap "echo 'temporarily blocking ctrl+c until cleanup is done' >&2" SIGINT + cat "$__INTERNAL_Cleanup_stack_file" | grep -v "^# ID='" > "$tmp" + echo "execute whole cleanup stack" >&2 + fi + . "$tmp" + res=$? + [[ $res -ne 0 ]] && { + echo "cleanup code:" >&2 + cat -n "$tmp" >&2 + } + rm -f "$tmp" + echo "cleanup execution done" >&2 + if [[ -z "$ID" ]]; then + trap - SIGINT + fi + if ! CleanupSetStack "$newstack"; then + rlLogError "an error occured while cleaning the stack" + return 1 + fi + return $res +}; # end of CleanupDo }}} + + +# CleanupGetStack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupGetStack() { + rlLogDebug "getting cleanup stack" + if [[ -r "$__INTERNAL_Cleanup_stack_file" ]]; then + if __INTERNAL_Cleanup_stack="$(cat "$__INTERNAL_Cleanup_stack_file")"; then + rlLogDebug "cleanup stack is '$__INTERNAL_Cleanup_stack'" + return 0 + fi + fi + rlLogError "could not load cleanup stack" + return 1 +}; # end of CleanupGetStack }}} + + +# CleanupSetStack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupSetStack() { + rlLogDebug "setting cleanup stack to '$1'" + __INTERNAL_Cleanup_stack="$1" + if echo "$__INTERNAL_Cleanup_stack" > "$__INTERNAL_Cleanup_stack_file"; then + rlLogDebug "cleanup stack is now '$__INTERNAL_Cleanup_stack'" + return 0 + fi + rlLogError "could not set cleanup stack" + return 1 +}; # end of CleanupSetStack }}} + + +__INTERNAL_Cleanup_signals='' +__INTERNAL_Cleanup_trap_code='rlJournalStart; rlPhaseStartCleanup; CleanupDo; rlPhaseEnd; rlJournalPrintText; rlJournalEnd; exit' +# CleanupTrapHook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupTrapHook() { + rlLog "register cleanup trap" + __INTERNAL_Cleanup_signals="${1:-"SIGHUP SIGINT SIGTERM EXIT"}" + eval "trap \"${__INTERNAL_Cleanup_trap_code}\" $__INTERNAL_Cleanup_signals" +}; # end of CleanupTrapHook }}} + + +# CleanupTrapUnhook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupTrapUnhook() { + if [[ -n "$__INTERNAL_Cleanup_signals" ]]; then + rlLog "unregister cleanup trap" + eval trap - $__INTERNAL_Cleanup_signals + __INTERNAL_Cleanup_signals='' + fi +}; # end of CleanupTrapUnhook }}} + + +# CleanupLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +CleanupLibraryLoaded() { + CleanupTrapHook +}; # end of CleanupLibraryLoaded }}} + + +echo "done." + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + diff --git a/tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/Makefile b/tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/Makefile new file mode 100644 index 0000000..f017bcb --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/Makefile @@ -0,0 +1,59 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/ConditionalPhases +# Description: Implements conditional phases. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/ConditionalPhases +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Implements conditional phases." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "Provides: library(distribution/ConditionalPhases)" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/lib.sh b/tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/lib.sh new file mode 100644 index 0000000..39024d1 --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/ConditionalPhases/lib.sh @@ -0,0 +1,166 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = ConditionalPhases +# library-version = 2 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_ConditionalPhases_LIB_VERSION=2 +__INTERNAL_ConditionalPhases_LIB_NAME='distribution/ConditionalPhases' +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library distribution/condpahses + +=head1 DESCRIPTION + +Implements conditional phases to eficiently select test phases to be execute +using white and black lists. + +To use this functionality you need to import library +distribution/ConditionalPhases and add following line to Makefile. + + @echo "RhtsRequires: library(distribution/ConditionalPhases)" >> $(METADATA) + +=head1 USAGE + +=head2 Conditional phases + +Each test phase can be conditionally skipped based on a bash regular expression +given in CONDITIONAL_PHASES_BL and/or CONDITIONAL_PHASES_WL variables. + +=over + +=item CONDITIONAL_PHASES_BL + +It is a black list. If match phase name the respective phase should be skipped. + +=item CONDITIONAL_PHASES_WL + +It is a white list. If does B match phase name the respective phase should +be skipped excluding phases contatning 'setup' or 'cleanup' in its name. Names +'setup' and 'cleanup' are matched case insenitively. + +=back + +Actual skipping has to be done in the test case itself by using return code of +functions I, I, I, and +I. + +Example: + + rlPhaseStartTest "phase name" && { + ... + rlPhaseEnd; } + +Evaluation of the phase relevancy works as follows: + 1. If CONDITIONAL_PHASES_BL is non-empty and matches phase name => return 2. + 2. If phase name contains word 'setup' or 'cleanup' or CONDITIONAL_PHASES_WL + is empty => return 0. + 3. If CONDITIONAL_PHASES_WL is non-empty and matches phase name => return 0 + otherwise return 1. + +Normaly Setup and Cleanup phases are not skipped unless hey are B +black-listed. + +To make the test work properly with conditional phases it is necessary to +surround phase code with curly brackets and make it conditionally executed +based on rlPhaseStart* function's exit code the same way as it is demostrated in +the example above. To make the process easy you can use following command: + + sed 's/rlPhaseStart[^{]*$/& \&\& {/;s/rlPhaseEnd[^}]*$/&; }/' + +This code can be embedded in Makefile by modifying build target to following +form: + + build: $(BUILT_FILES) + grep -Eq 'rlPhase(Start[^{]*|End[^}]*)$' runtest.sh && sed -i 's/rlPhaseStart[^{]*$/& \&\& {/;s/rlPhaseEnd[^}]*$/&; }/' testrun.sh + test -x runtest.sh || chmod a+x runtest.sh + + +=cut +#' +echo -n "loading library $__INTERNAL_ConditionalPhases_LIB_NAME v$__INTERNAL_ConditionalPhases_LIB_VERSION... " + + +# ConditionalPhasesLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +ConditionalPhasesLibraryLoaded() { + if [[ -n "$CONDITIONAL_PHASES_BL" || -n "$CONDITIONAL_PHASES_WL" ]]; then + __INTERNAL_ConditionalPhases_eval() { + # check phases black-list + [[ -n "$CONDITIONAL_PHASES_BL" && "$1" =~ $CONDITIONAL_PHASES_BL ]] && { + rlLogWarning "phase '$1' should be skipped as it is defined in \$CONDITIONAL_PHASES_BL='$CONDITIONAL_PHASES_BL'" + return 2 + } + # always execute Setup, Cleanup and if no PHASES (white-list) specified + [[ "$1" =~ $(echo "\<[Ss][Ee][Tt][Uu][Pp]\>") || "$1" =~ $(echo "\<[Cc][Ll][Ee][Aa][Nn][Uu][Pp]\>") ]] && { + rlLogInfo "phase '$1' will be executed as 'setup' and 'cleanup' phases are allowed by default, these can be black-listed" + return 0 + } + [[ -z "$CONDITIONAL_PHASES_WL" ]] && { + rlLogInfo "phase '$1' will be executed as there is no rule for it" + return 0 + } + [[ "$1" =~ $CONDITIONAL_PHASES_WL ]] && { + rlLogInfo "phase '$1' will be executed as it is defined in \$CONDITIONAL_PHASES_WL='$CONDITIONAL_PHASES_WL'" + return 0 + } || { + rlLogWarning "phase '$1' should be skipped as it is not defined in \$CONDITIONAL_PHASES_WL='$CONDITIONAL_PHASES_WL'" + return 1 + } + } + + rlLogInfo "replacing rlPhaseStart by modified function with conditional phases implemented" + :; rlPhaseStart() { + if [ "x$1" = "xFAIL" -o "x$1" = "xWARN" ] ; then + __INTERNAL_ConditionalPhases_eval "$2" && \ + rljAddPhase "$1" "$2" + return $? + else + rlLogError "rlPhaseStart: Unknown phase type: $1" + return 1 + fi + } + else + rlLogInfo "Neither CONDITIONAL_PHASES_WL nor CONDITIONAL_PHASES_BL is defined, not applying modifications" + fi +}; # end of ConditionalPhasesLibraryLoaded }}} + + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + +echo 'done.' diff --git a/tests/sudoers-options-sanity-test/distribution/Library/Log/Makefile b/tests/sudoers-options-sanity-test/distribution/Library/Log/Makefile new file mode 100644 index 0000000..3cf0e65 --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/Log/Makefile @@ -0,0 +1,48 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/Log +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/Log +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Provides yet another logging facility that does not rely on beakerlib while it can integrate with it." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/opts)" >> $(METADATA) + @echo "Provides: library(distribution/Log)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/sudoers-options-sanity-test/distribution/Library/Log/lib.sh b/tests/sudoers-options-sanity-test/distribution/Library/Log/lib.sh new file mode 100644 index 0000000..ac1db3d --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/Log/lib.sh @@ -0,0 +1,637 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = Log +# library-version = 11 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_Log_LIB_VERSION=11 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library Log + +=head1 DESCRIPTION + +This library provide logging capability which does not rely on beakerlib so it +can be used standalone. + +If it is used within beakerlib it automatically bypass all messages to the +beakerlib. + +Also this library provide journaling feature so the summary can be printed out +at the end. + +=head1 USAGE + +To use this functionality you need to import library distribution/Log and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + +=head1 FUNCTIONS + +=cut + +echo -n "loading library Log v$__INTERNAL_Log_LIB_VERSION... " + + +__INTERNAL_Log_prefix='' +__INTERNAL_Log_prefix2='' +__INTERNAL_Log_postfix='' +__INTERNAL_Log_default_level=3 +__INTERNAL_Log_level=$__INTERNAL_Log_default_level +LogSetDebugLevel() { + if [[ -n "$1" ]]; then + if [[ "$1" =~ ^[0-9]+$ ]]; then + let __INTERNAL_Log_level=$__INTERNAL_Log_default_level+$1; + else + __INTERNAL_Log_level=255 + fi + else + __INTERNAL_Log_level=$__INTERNAL_Log_default_level + fi +} +LogSetDebugLevel "$DEBUG" +let __INTERNAL_Log_level_LOG=0 +let __INTERNAL_Log_level_FATAL=0 +let __INTERNAL_Log_level_ERROR=1 +let __INTERNAL_Log_level_WARNING=2 +let __INTERNAL_Log_level_INFO=3 +let __INTERNAL_Log_level_DEBUG=4 +let __INTERNAL_Log_level_MORE=5 +let __INTERNAL_Log_level_MORE_=$__INTERNAL_Log_level_MORE+1 +let __INTERNAL_Log_level_MORE__=$__INTERNAL_Log_level_MORE_+1 +let __INTERNAL_Log_level_MORE___=$__INTERNAL_Log_level_MORE__+1 + +# Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +Log() { + LogMore___ -f "begin '$*'" + local pri=$2 message="${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + if [[ -n "$pri" ]]; then + LogPrintMessage "$pri" "$message" + LogjAddMessage "$pri" "$message" + else + LogPrintMessage "$(date +%H:%M:%S)" "$message" + LogjAddMessage "INFO" "$message" + fi + LogMore___ -f "end" + return 0 +}; # end of Log }}} + + +__INTERNAL_Log_condition() { + cat <&2 + return 0 +}; # end of LogPrintMessage }}} + + +# LogReport ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 LogReport + +Prints final report similar to breakerlib's rlJournalPrintText. This is useful +mainly if you use TCF without beakerlib. + + LogReport + +=cut +#' + +LogReport() { + echo -e "\n ====== Summary report begin ======" + local a p l i + for i in $(seq 0 2 $((${#__INTERNAL_Log_journal[@]}-1)) ); do + LogPrintMessage "${__INTERNAL_Log_journal[$i]}" "${__INTERNAL_Log_journal[$((++i))]}" + done + echo " ======= Summary report end =======" + __INTERNAL_Log_journal=() +}; # end of LogReport }}} + + +# LogFile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogFile() { + LogMore__ -f "begin '$*'" + local prio='' + [[ $# -ge 3 ]] && { + optsBegin + optsAdd 'prio|tag|p|t' --mandatory + optsDone; eval "${optsCode}" + } + cat $1 | while IFS= read line; do + Log "$line" "${prio:-$2}" + done + LogMore__ -f "end" +}; #}}} + + +# LogText ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogText() { + LogMore__ -f "begin '$*'" + local prio='' + [[ $# -ge 3 ]] && { + optsBegin + optsAdd 'prio|tag|p|t' --mandatory + optsDone; eval "${optsCode}" + } + { + if [[ "$1" == "-" ]]; then + cat - + else + echo "$1" + fi + } | while IFS= read line; do + Log "$line" "${prio:-$2}" + done + LogMore__ -f "end" +}; #}}} + + +# LogStrippedDiff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogStrippedDiff() { + LogMore__ -f "begin '$*'" + local prio='' + [[ $# -ge 3 ]] && { + optsBegin + optsAdd 'prio|tag|p|t' --mandatory + optsDone; eval "${optsCode}" + } + { + if [[ -n "$2" ]]; then + diff -U0 "$1" "$2" + else + cat $1 + fi + } | grep -v -e '^@@ ' -e '^--- ' -e '^+++ ' | while IFS= read line; do + Log "$line" "$prio" + done + LogMore__ -f "end" +}; #}}} + + +# LogRun ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogRun() { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}+1))" + } + LogMore + local dolog=$? + [[ $dolog -eq 0 ]] || { + local param params blacklist="[[:space:]]|>|<|\|" + [[ "${#@}" -eq 1 ]] && params="$1" || { + for param in "$@"; do + if [[ "$param" =~ $blacklist ]]; then + params="$params \"${param//\"/\\\"}\"" + else + params="$params $param" + fi + done + params="${params:1}" + } + LogDo $pref "executing >>>>> ${params} <<<<<" + } + eval "$@" + ret=$? + [[ $dolog -eq 0 ]] || LogMore $pref "execution >>>>> ${params} <<<<< returned '$ret'" + return $ret +}; # end of LogRun }}} + + +# LogDebugNext ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogDebugNext() { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebug '' ${1:-$__INTERNAL_Log_level_DEBUG} || { + __INTERNAL_Log_DEBUGING=0 + trap " + __INTERNAL_Log_DEBUGING_res=\$? + let __INTERNAL_Log_DEBUGING++ + if [[ \$__INTERNAL_Log_DEBUGING -eq 1 ]]; then + __INTERNAL_Log_DEBUGING_cmd=\"\$BASH_COMMAND\" + LogDebug $pref \"executing >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<<\" ${1:-$__INTERNAL_Log_level_DEBUG} + else + trap - DEBUG + LogDebug $pref \"execution >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<< returned \$__INTERNAL_Log_DEBUGING_res\" ${1:-$__INTERNAL_Log_level_DEBUG} + fi" DEBUG + } +}; # end of LogDebugNext }}} + + +# LogMoreNext ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogMoreNext() { + LogMore || { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebugNext $pref ${1:-$__INTERNAL_Log_level_MORE} + } +}; # end of LogMoreNext }}} +LogNext() { + LogMoreNext "$@" +} + + +# LogDebugOn ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogDebugOn() { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebug '' ${1:-$__INTERNAL_Log_level_DEBUG} || { + trap " + __INTERNAL_Log_DEBUGING_res=\$? + let __INTERNAL_Log_DEBUGING++ + if [[ -z \"\$__INTERNAL_Log_DEBUGING_cmd\" ]]; then + __INTERNAL_Log_DEBUGING_cmd=\"\$BASH_COMMAND\" + LogDebug $pref \"executing >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<<\" ${1:-$__INTERNAL_Log_level_DEBUG} + else + LogDebug $pref \"execution >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<< returned \$__INTERNAL_Log_DEBUGING_res\" ${1:-$__INTERNAL_Log_level_DEBUG} + __INTERNAL_Log_DEBUGING_cmd=\"\$BASH_COMMAND\" + if [[ \"\$__INTERNAL_Log_DEBUGING_cmd\" =~ LogDebugOff ]]; then + trap - DEBUG + else + LogDebug $pref \"executing >>>>> \$__INTERNAL_Log_DEBUGING_cmd <<<<<\" ${1:-$__INTERNAL_Log_level_DEBUG} + fi + fi" DEBUG + } +}; # end of LogDebugOn }}} + + +# LogMoreOn ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogMoreOn() { + LogMore || { + local pref='' + [[ "$1" =~ ^-f([0-9]*) ]] && { + shift + pref="-f$((${BASH_REMATCH[1]:-1}))" + } + LogDebugOn $pref ${1:-$__INTERNAL_Log_level_MORE} + } +}; # end of LogMoreOn }}} + + +# LogDebugOff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +# log info about execution to Debug level +LogDebugOff() { + __INTERNAL_Log_DEBUGING_cmd='' +}; # end of LogDebugOff }}} + + +# LogVar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogVar() { + [[ -n "$DEBUG" ]] && { + echo -n 'eval ' + while [[ -n "$1" ]]; do + echo -n "LogDebug -f \"\$(set | grep -P '^$1=')\";" + shift + done + } +}; # end of LogVar }}} + + +# __INTERNAL_LogRedirectToBeakerlib ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_LogRedirectToBeakerlib() { + echo -e "\nrunning inside the beakerlib - redirect own logging functions to beakerlib ones" + true; LogjAddMessage() { + LogMore___ -f "begin $*" + rljAddMessage "$2" "$1" + LogMore___ -f "end $*" + } + true; Log() { + LogMore___ -f "begin $*" + case ${2} in + INFO) + LogjAddMessage "INFO" "$1" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + BEGIN) + LogjAddMessage "INFO" "$*:" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + WARNING|WARN|ERROR|FATAL) + LogjAddMessage "WARNING" "$1" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + SKIP|SKIPPING) + LogjAddMessage "WARNING" "$*:" + LogPrintMessage "$2" "${__INTERNAL_Log_prefix}${__INTERNAL_Log_prefix2}${1}${__INTERNAL_Log_postfix}" + ;; + FAIL) + rlFail "$*" + return $? + ;; + PASS) + rlPass "$*" + return $? + ;; + *) + rlLog "$*" + ;; + esac + LogMore___ -f "end $*" + return 0; + } +} +# end of __INTERNAL_LogRedirectToBeakerlib }}} + + +# LogLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +LogLibraryLoaded() { + declare -F rlDie > /dev/null && __INTERNAL_LogRedirectToBeakerlib + return 0 +}; # end of LogLibraryLoaded }}} + + +echo "done." + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + diff --git a/tests/sudoers-options-sanity-test/distribution/Library/opts/Makefile b/tests/sudoers-options-sanity-test/distribution/Library/opts/Makefile new file mode 100644 index 0000000..389fe25 --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/opts/Makefile @@ -0,0 +1,48 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/opts +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/opts +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Provides simple way for defining script's or function's options including help" >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + @echo "Provides: library(distribution/opts)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/sudoers-options-sanity-test/distribution/Library/opts/lib.sh b/tests/sudoers-options-sanity-test/distribution/Library/opts/lib.sh new file mode 100644 index 0000000..180f7ba --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/opts/lib.sh @@ -0,0 +1,338 @@ +#!/bin/bash +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = opts +# library-version = 4 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_opts_LIB_VERSION=4 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library opts + +=head1 DESCRIPTION + +This library provides simple way for defining script's or function's option +agruments including help. + +=head1 USAGE + +To use this functionality you need to import library distribution/opts and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/opts)" >> $(METADATA) + +B + + testfunction() { + optsBegin -h "Usage: $0 [options] + + options: + " + optsAdd 'flag1' --flag + optsAdd 'optional1|o' --optional + optsAdd 'Optional2|O' "echo opt \$1" --optional --long --var-name opt + optsAdd 'mandatory1|m' "echo man \$1" --mandatory + optsDone; eval "${optsCode}" + echo "$optional1" + echo "$opt" + echo "$mandatory1" + } + +=head1 FUNCTIONS + +=cut + +echo -n "loading library opts v$__INTERNAL_opts_LIB_VERSION... " + +# optsAdd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsAdd() { + LogMoreMed -f "begin '$*'" + local GETOPT=$(getopt -q -o fomv:d:lh:l -l flag,opt,optional,mandatory,varname:,default:,local,help:,long -- "$@") + eval set -- "$GETOPT" + local type='f' var_name var_name_set default help long + while [[ -n "$@" ]]; do + case $1 in + --) + shift; break + ;; + -h|--help) + shift + help="$1" + ;; + -l|--long) + long=1 + ;; + -d|--default) + shift + default="$1" + ;; + -v|--varname|--var-name) + shift + var_name="$1" + var_name_set=1 + ;; + -f|--flag) + type='f' + ;; + -o|--opt|--optional) + type='o' + ;; + -m|--mandatory) + type='m' + ;; + *) + echo "unknown option '$1'" + return 1 + ;; + esac + shift; + done + [ -z "$var_name" ] && { + var_name=$(echo -n "$1" | cut -d '|' -f 1 | sed -e 's/-//g;s/^[0-9]/_\0/') + LogMoreHigh -f "constructing variable name '$var_name'" + } + local opts='' opts_help='' optsi='' + for optsi in $(echo -n "$1" | tr '|' ' '); do + if [[ ${#optsi} -ge 2 || $long -eq 1 ]]; then + opts="$opts|--$optsi" + opts_help="$opts_help|--$optsi[=ARG]" + __INTERNAL_opts_long="${__INTERNAL_opts_long},${optsi}" + LogMoreHigh -f "adding long option '$optsi'" + case $type in + m) + __INTERNAL_opts_long="${__INTERNAL_opts_long}:" + ;; + o) + __INTERNAL_opts_long="${__INTERNAL_opts_long}::" + ;; + esac + else + opts="$opts|-$optsi" + opts_help="$opts_help|-${optsi}[ARG]" + __INTERNAL_opts_short="${__INTERNAL_opts_short}${optsi}" + LogMoreHigh -f "adding short option '$optsi'" + case $type in + m) + __INTERNAL_opts_short="${__INTERNAL_opts_short}:" + ;; + o) + __INTERNAL_opts_short="${__INTERNAL_opts_short}::" + ;; + esac + fi + done + optsCode="${optsCode} + ${opts:1}) + optsPresent=\"\${optsPresent}$var_name \"" + LogMoreHigh -f "adding code for processing option '${opts:1}'" + __INTERNAL_opts_init_var="$__INTERNAL_opts_init_var +${__INTERNAL_opts_local}$var_name=()" + __INTERNAL_opts_default="$__INTERNAL_opts_default +[[ \"\$optsPresent\" =~ \$(echo \"\<${var_name}\>\") ]] || ${__INTERNAL_opts_local}$var_name='$default'" + case $type in + f) + [[ -z "$2" || -n "$var_name_set" ]] && { + local val=1 + [[ -n "$default" ]] && val='' + optsCode="$optsCode + $var_name+=( '$val' )" + } + __INTERNAL_opts_help="${__INTERNAL_opts_help} + ${opts:1}" + ;; + o|m) + optsCode="$optsCode + shift" + [[ -z "$2" || -n "$var_name_set" ]] && optsCode="$optsCode + $var_name+=( \"\$1\" )" + if [[ "$type" == "o" ]]; then + __INTERNAL_opts_help="${__INTERNAL_opts_help} + ${opts_help:1}" + else + __INTERNAL_opts_help="${__INTERNAL_opts_help} + ${opts:1} ARG" + fi + ;; + esac + [[ -n "$2" ]] && { + optsCode="$optsCode + $2" + } + optsCode="$optsCode + ;;" + + __INTERNAL_opts_help="${__INTERNAL_opts_help}${help:+ + $help +}" + LogMoreMed -f "end" +}; # end of optsAdd }}} + + +# optsBegin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsBegin() { + LogMoreMed -f "begin '$*'" + optsCode='' + optsPresent=' ' + __INTERNAL_opts_short='.' + __INTERNAL_opts_long='help' + __INTERNAL_opts_help='' + __INTERNAL_opts_local='' + __INTERNAL_opts_default='' + __INTERNAL_opts_init_var='' + [[ "${FUNCNAME[1]}" != "main" ]] && __INTERNAL_opts_local='local ' + while [[ -n "$1" ]]; do + case $1 in + --) + shift; break + ;; + -h|--help) + shift + __INTERNAL_opts_help="$1" + ;; + *) + echo "unknown option '$1'" + return 1 + ;; + esac + shift; + done + LogMoreMed -f "end" +}; # end of optsBegin }}} + + +# optsDone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsDone() { + LogMoreMed -f "begin '$*'" + optsCode="${__INTERNAL_opts_local}GETOPT=\$(getopt -o ${__INTERNAL_opts_short} -l ${__INTERNAL_opts_long} -- \"\$@\") +[[ \$? -ne 0 ]] && { + echo 'Exiting' + return 1 >& /dev/null + exit 1 +} +eval set -- \"\$GETOPT\" +${__INTERNAL_opts_init_var:1} +while [[ -n \"\$1\" ]]; do + case \$1 in + --) + shift; break + ;; +${optsCode} + + --help) + echo \"\$__INTERNAL_opts_help\" + return >& /dev/null + exit + ;; + *) + echo \"unknown option '\$1'\" + return 1 >& /dev/null + exit 1 + ;; + esac + shift +done +${__INTERNAL_opts_default:1} +unset optsCode __INTERNAL_opts_help __INTERNAL_opts_short __INTERNAL_opts_long __INTERNAL_opts_default __INTERNAL_opts_init_var __INTERNAL_opts_local +" + if ! echo "$optsCode" | grep -q -- '--help$'; then + __INTERNAL_opts_help="$__INTERNAL_opts_help + --help + Show this help." + fi + LogMoreHigh -f "optsCode:\n$optsCode" + LogMoreMed -f "end" +}; # end of optsDone }}} + + +# optsSelfCheck ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsSelfCheck() { + optsBegin -h "Usage: $0 [options] + + options: +" +# optsAdd 'help' -f 'echo help' + optsAdd 'flag' -f 'echo f' + optsAdd 'optional|o' -o "echo opt \$1" + optsAdd 'Optional|O' -o "echo opt \$1" --long + optsAdd 'mandatory|m' -m "echo man \$1" + optsDone + + echo "${optsCode}" + + echo ... + + eval "${optsCode}" + + echo ... + + fce() { + optsBegin -h "Usage: $0 [options] + + options: +" + # optsAdd 'help' -f 'echo help' + optsAdd 'flag' -f + optsAdd 'optional|o' -o "echo opt \$1" + optsAdd 'Optional|O' -o "echo opt \$1" --long + optsAdd 'mandatory|m' -m "echo man \$1" + optsDone + echo "${optsCode}" + + echo ... + + eval "${optsCode}" + + echo ... + } + + echo -e 'test for opts in function\n=========================' + fce --help +}; # end of optsSelfCheck }}} + + +# optsLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +optsLibraryLoaded() { + return 0 +}; # end of LogLibraryLoaded }}} + + +echo "done." + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + diff --git a/tests/sudoers-options-sanity-test/distribution/Library/tcf/Makefile b/tests/sudoers-options-sanity-test/distribution/Library/tcf/Makefile new file mode 100644 index 0000000..2566969 --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/tcf/Makefile @@ -0,0 +1,60 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/tcf +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/tcf +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Block style coding with ability of skipping parts." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + @echo "Provides: library(distribution/tcf)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/sudoers-options-sanity-test/distribution/Library/tcf/lib.sh b/tests/sudoers-options-sanity-test/distribution/Library/tcf/lib.sh new file mode 100644 index 0000000..561b0ff --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/tcf/lib.sh @@ -0,0 +1,903 @@ +#!/bin/bash +# try-check-final.sh +# Authors: Dalibor Pospíšil +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = tcf +# library-version = 14 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +__INTERNAL_tcf_LIB_VERSION=14 +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library Try-Check-Final + +=head1 DESCRIPTION + +This file contains functions which gives user the ability to define blocks of +code where some of the blocks can be automatically skipped if some of preceeding +blocks failed. + +ATTENTION +This plugin modifies some beakerlib functions! If you suspect that it breakes +some functionality set the environment variable TCF_NOHACK to nonempty value. + +=head1 USAGE + +To use this functionality you need to import library distribution/tcf and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/tcf)" >> $(METADATA) + +=head1 FUNCTIONS + +=cut + +echo -n "loading library try-check-final v$__INTERNAL_tcf_LIB_VERSION... " + + +let __INTERNAL_tcf_DEBUG_LEVEL_LOW=3 +let __INTERNAL_tcf_DEBUG_LEVEL_MED=$__INTERNAL_tcf_DEBUG_LEVEL_LOW+1 +let __INTERNAL_tcf_DEBUG_LEVEL_HIGH=$__INTERNAL_tcf_DEBUG_LEVEL_LOW+2 + +# global variables {{{ +__INTERNAL_tcf_result=0 +__INTERNAL_tcf_result_file="${BEAKERLIB_DIR:-"/var/tmp"}/tcf.result" +echo -n "$__INTERNAL_tcf_result" > "$__INTERNAL_tcf_result_file" +__INTERNAL_tcf_current_level_data=() +__INTERNAL_tcf_current_level_val=0 +__INTERNAL_tcf_journal=() +#}}} + + +# __INTERNAL_tcf_colorize ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_colorize() { + local a + case $1 in + PASS) + a="${__INTERNAL_tcf_color_green}${1}${__INTERNAL_tcf_color_reset}" + ;; + FAIL) + a="${__INTERNAL_tcf_color_red}${1}${__INTERNAL_tcf_color_reset}" + ;; + SKIPPING|WARNING) + a="${__INTERNAL_tcf_color_yellow}${1}${__INTERNAL_tcf_color_reset}" + ;; + BEGIN|INFO) + a="${__INTERNAL_tcf_color_blue}${1}${__INTERNAL_tcf_color_reset}" + ;; + *) + a=$1 + esac + echo -n "$a" +}; # end of __INTERNAL_tcf_colorize }}} + + +# __INTERNAL_tcf_colors_setup ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_colors_setup(){ + T="$TERM" + [[ -t 1 ]] || T="" + [[ -t 2 ]] || T="" + [[ "$1" == "--force" ]] && T="xterm" + case $T in + xterm|screen) + __INTERNAL_tcf_color_black="\e[0;30m" + __INTERNAL_tcf_color_dark_gray="\e[1;30m" + __INTERNAL_tcf_color_blue="\e[0;34m" + __INTERNAL_tcf_color_light_blue="\e[1;34m" + __INTERNAL_tcf_color_green="\e[0;32m" + __INTERNAL_tcf_color_light_green="\e[1;32m" + __INTERNAL_tcf_color_cyan="\e[0;36m" + __INTERNAL_tcf_color_light_cyan="\e[1;36m" + __INTERNAL_tcf_color_red="\e[0;31m" + __INTERNAL_tcf_color_light_red="\e[1;31m" + __INTERNAL_tcf_color_purple="\e[0;35m" + __INTERNAL_tcf_color_light_purple="\e[1;35m" + __INTERNAL_tcf_color_brown="\e[0;33m" + __INTERNAL_tcf_color_yellow="\e[1;33m" + __INTERNAL_tcf_color_light_gray="\e[0;37m" + __INTERNAL_tcf_color_white="\e[1;37m" + __INTERNAL_tcf_color_reset="\e[00m" + ;; + * ) + __INTERNAL_tcf_color_black="" + __INTERNAL_tcf_color_dark_gray="" + __INTERNAL_tcf_color_blue="" + __INTERNAL_tcf_color_light_blue="" + __INTERNAL_tcf_color_green="" + __INTERNAL_tcf_color_light_green="" + __INTERNAL_tcf_color_cyan="" + __INTERNAL_tcf_color_light_cyan="" + __INTERNAL_tcf_color_red="" + __INTERNAL_tcf_color_light_red="" + __INTERNAL_tcf_color_purple="" + __INTERNAL_tcf_color_light_purple="" + __INTERNAL_tcf_color_brown="" + __INTERNAL_tcf_color_yellow="" + __INTERNAL_tcf_color_light_gray="" + __INTERNAL_tcf_color_white="" + __INTERNAL_tcf_color_reset="" + ;; + esac +}; # end of __INTERNAL_tcf_colors_setup +__INTERNAL_tcf_colors_setup; # }}} + + +# __INTERNAL_tcf_copy_function ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_copy_function() { + declare -F $1 > /dev/null || return 1 + eval "$(echo -n "${2}() "; declare -f ${1} | tail -n +2)" +}; # end of __INTERNAL_tcf_copy_function }}} + + +# __INTERNAL_tcf_addE2R ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_addE2R() { + __INTERNAL_tcf_copy_function $1 TCF_orig_$1 + eval "${1}() { TCF_orig_${1} \"\$@\"; tcfE2R; }" +}; # end of __INTERNAL_tcf_addE2R }}} + + +# __INTERNAL_tcf_insertE2R ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_insertE2R() { + __INTERNAL_tcf_copy_function $1 TCF_orig_$1 + eval "$(echo -n "${1}() "; declare -f ${1} | tail -n +2 | sed -e 's/\(.*__INTERNAL_ConditionalAssert.*\)/\1\ntcfE2R;/')" +}; # end of __INTERNAL_tcf_insertE2R }}} + + +# __INTERNAL_tcf_get_current_level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_get_current_level() { + local l=$__INTERNAL_tcf_current_level_val + if [[ $1 ]]; then + l=$(($l+$1)) + fi + local i + for i in $(seq 1 $(($l*2)) ); do echo -n " "; done + return $l +}; # end of __INTERNAL_tcf_get_current_level }}} + + +# __INTERNAL_tcf_incr_current_level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_incr_current_level() { + let __INTERNAL_tcf_current_level_val++ + __INTERNAL_Log_prefix=$(__INTERNAL_tcf_get_current_level) +}; # end of __INTERNAL_tcf_incr_current_level }}} + + +# __INTERNAL_tcf_decr_current_level ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_decr_current_level() { + let __INTERNAL_tcf_current_level_val-- + __INTERNAL_Log_prefix=$(__INTERNAL_tcf_get_current_level) +}; # end of __INTERNAL_tcf_decr_current_level }}} + + +# __INTERNAL_tcf_do_hack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_do_hack() { + LogDebug "TCF_NOHACK='$TCF_NOHACK'" + if [[ -z "$TCF_NOHACK" ]]; then + tcfChk "Apply TCF beakerlib hacks" && { + rlLog " injecting tcf hacks into the beakerlib functions" + echo -n "patching rlLog" + local rlL=$(declare -f rlLog | sed -e 's|\] ::|\0${__INTERNAL_Log_prefix}|;s|$3 $1"|${3:+"$3 "}$1"|') + eval "$rlL" + + echo -n ", rljAddTest" + __INTERNAL_tcf_copy_function rljAddTest __INTERNAL_tcf_orig_rljAddTest + true; rljAddTest() { + local a="${__INTERNAL_Log_prefix}$1"; shift + [[ "$1" != "FAIL" ]]; tcfE2R + __INTERNAL_tcf_journal=("${__INTERNAL_tcf_journal[@]}" "$1" "$a") + __INTERNAL_tcf_orig_rljAddTest "$a" "$@" + } + echo -n ", rljAddMessage" + __INTERNAL_tcf_copy_function rljAddMessage __INTERNAL_tcf_orig_rljAddMessage + true; rljAddMessage() { + local a="${__INTERNAL_Log_prefix}$1"; shift + __INTERNAL_tcf_journal=("${__INTERNAL_tcf_journal[@]}" "$1" "$a") + __INTERNAL_tcf_orig_rljAddMessage "$a" "$@" + } + echo -n ", __INTERNAL_LogAndJournalFail" + __INTERNAL_tcf_copy_function __INTERNAL_LogAndJournalFail __INTERNAL_tcf_orig___INTERNAL_LogAndJournalFail + true; __INTERNAL_LogAndJournalFail() { + tcfNOK + __INTERNAL_tcf_orig___INTERNAL_LogAndJournalFail "$@" + } + echo "." + tcfFin --no-assert --ignore; } + else + Log "skip hacking beakerlib functions" + fi +}; # end of __INTERNAL_tcf_do_hack }}} + + +# __INTERNAL_tcf_kill_old_plugin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_kill_old_plugin() { + tcfChk "Get rid of the old TCF implementation. removing" && { + local comma='' i + for i in Try Chk Fin E2R RES OK NOK NEG TCFcheckFinal TCFreport; do + echo -n "${comma}rl$i" + unset -f rl$i + comma=', ' + done + echo '.' + tcfFin --no-assert; } +}; # end of __INTERNAL_tcf_kill_old_plugin }}} + + +: <<'=cut' +=pod + +=head2 Block functions + +=cut + +# __INTERNAL_tcf_parse_params ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +__INTERNAL_tcf_parse_params() { + local GETOPT=$(getopt -q -o if: -l ignore,no-assert,fail-tag: -- "$@") + eval set -- "$GETOPT" + echo "local ignore noass title fail_tag" + echo "[ -z \"\$ignore\" ] && ignore=0" + echo "[ -z \"\$noass\" ] && noass=0" + echo "[ -z \"\$fail_tag\" ] && fail_tag='FAIL'" + while [[ -n "$@" ]]; do + case $1 in + --) + shift; break + ;; + --ignore|-i) + echo "ignore=1" + echo "noass=1" + ;; + --no-assert|-n) + echo "noass=1" + ;; + --fail-tag|-f) + shift + echo "fail_tag='$1'" + ;; + *) + echo "unknown option $1" + return 1 + ;; + esac + shift; + done + [[ -n "$1" ]] && echo "title=\"${1}\"" + echo "eval set -- \"$(echo "$GETOPT" | sed -e 's/.*-- //')\"" +}; # end of __INTERNAL_tcf_parse_params }}} + + +# tcfTry ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfTry + +Starting function of block which will be skipped if an error has been detected +by tcfFin function occurent before. + + tcfTry ["title"] [-i|--ignore] [--no-assert] [--fail-tag TAG] && { + + tcfFin; } + +If title is omitted than noting is printed out so no error will be reported (no +Assert is executed) thus at least the very top level tcfTry should have title. + +tcfTry and tcfChk blocks are stackable so you can organize them into a hierarchy +structure. + +Note that tcfFin has to be used otherwise the overall result will not be +accurate. + +=over + +=item title + +Text which will be displayed and logged at the beginning and the end (in tcfFin +function) of the block. + +=item -i, --ignore + +Do not propagate the actual result to the higher level result. + +=item -n, --no-assert + +Do not log error into the journal. + +=item -f, --fail-tag TAG + +If the result of the block is FAIL, use TAG instead ie. INFO or WARNING. + +=back + +Returns 1 if and error occured before, otherwise returns 0. + +=cut + +tcfTry() { + LogMoreLow -f "begin '$*'" + local vars=$(__INTERNAL_tcf_parse_params "$@") || { Log "$vars" FAIL; return 1; } + LogMoreMed -f "vars:\n$vars" + LogMoreLow -f "evaluating options start" + eval "$vars" + LogMoreLow -f "evaluating options end" + local incr= + local pp="SKIPPING" + tcfRES; # to set __INTERNAL_tcf_result + LogMoreLow -f "result was $__INTERNAL_tcf_result" + if [[ $__INTERNAL_tcf_result -eq 0 ]]; then + __INTERNAL_tcf_current_level_data=("$__INTERNAL_tcf_result" "$vars" "${__INTERNAL_tcf_current_level_data[@]}") + pp="BEGIN" + incr=1 + fi + if [[ -n "$title" ]]; then + Log "$title" "$pp" + [[ -n "$incr" ]] && { + LogMoreLow -f "increment indentation level" + __INTERNAL_tcf_incr_current_level + } + fi + LogMoreLow -f "end" + return $__INTERNAL_tcf_result +}; # end of tcfTry }}} + + +# tcfChk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfChk + +Starting function of block which will be always executed. + + tcfChk ["title"] [-i|--ignore] [--no-assert] [--fail-tag TAG] && { + + tcfFin; } + +If title is omitted than noting is printed out so no error will be reported (no +Assert is executed) thus at least the very top level tcfChk should have title. + +tcfTry and tcfChk blocks are stackable so you can organize them into a hierarchy +structure. + +Note that tcfFin has to be used otherwise the overall result will not be +accurate. + +For details about arguments see tcfTry. + +Returns 0. + +=cut + +tcfChk() { + LogMoreLow -f "begin '$*'" + tcfRES; # to set __INTERNAL_tcf_result + local res=$__INTERNAL_tcf_result + tcfRES 0 + tcfTry "$@" + __INTERNAL_tcf_current_level_data[0]=$res + LogMoreLow -f "end" + return $__INTERNAL_tcf_result +}; # end of tcfChk }}} + + +# tcfFin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfFin + +Ending function of block. It does some evaluation of previous local and global +results and puts it into the global result. + + tcfTry ["title"] && { + + tcfFin [-i|--ignore] [--no-assert] [--fail-tag TAG]; } + +Local result is actualy exit code of the last command int the body. + +Global result is an internal varibale hodning previous local results. +Respectively last error or 0. + +For details about arguments see tcfTry. + +Returns local result of the preceeding block. + +=cut + +tcfFin() { + local RES=$? + LogMoreLow -f "begin '$*'" + LogMoreMed -f "previous exit code was '$RES'" + local vars=$(__INTERNAL_tcf_parse_params "$@") || { Log "$vars" FAIL; return 1; } + LogMoreMed -f "vars:\n$vars" + LogMoreLow -f "evaluating options start" + eval "$vars" + LogMoreLow -f "evaluating options end" + tcfRES; # to set __INTERNAL_tcf_result + [[ $RES -ne 0 ]] && tcfRES $RES + RES=$__INTERNAL_tcf_result + LogMoreMed -f "overall result is '$RES'" + LogMoreMed -f "data:\n${__INTERNAL_tcf_current_level_data[1]}" + LogMoreLow -f "evaluating data start" + eval "${__INTERNAL_tcf_current_level_data[1]}" + LogMoreLow -f "evaluating data end" + if [[ -n "$title" ]]; then + __INTERNAL_tcf_decr_current_level + if [[ $ignore -eq 1 ]]; then + RES=0 + [[ $__INTERNAL_tcf_result -ne 0 ]] && title="$title - ignored" + fi + if [[ $noass -eq 0 ]]; then + tcfAssert0 "$title" $__INTERNAL_tcf_result "$fail_tag" + else + if [[ $__INTERNAL_tcf_result -eq 0 ]]; then + local pp="PASS" + LogInfo "$title - $pp" + else + local pp="${fail_tag:-FAIL}" + LogWarn "$title - $pp" + fi + fi + fi + if [[ $__INTERNAL_tcf_result -eq 0 || $ignore -eq 1 ]]; then + tcfRES ${__INTERNAL_tcf_current_level_data[0]} + fi + local i + for i in 0 1; do unset __INTERNAL_tcf_current_level_data[$i]; done + __INTERNAL_tcf_current_level_data=("${__INTERNAL_tcf_current_level_data[@]}") + LogMoreLow -f "end" + return $RES +}; # end of tcfFin }}} + +: <<'=cut' +=pod + +=head2 Functions for manipulation with the results + +=cut + + +# tcfRES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfRES + +Sets and return the global result. + + tcfRES [-p|--print] [number] + +=over + +=item -p --print + +Also print the result value. + +=item number + +If present the global result is set to this value. + +=back + +Returns global result. + +=cut + +tcfRES() { + local p=0 + while [[ -n "$1" ]]; do + case $1 in + --print|-p) + p=1 + ;; + *) + break + ;; + esac + shift + done + if [[ -n "$1" ]]; then + __INTERNAL_tcf_result=$1 + echo -n "$__INTERNAL_tcf_result" > "$__INTERNAL_tcf_result_file" + else + __INTERNAL_tcf_result="$(cat "$__INTERNAL_tcf_result_file")" + fi + [[ $p -eq 1 ]] && echo $__INTERNAL_tcf_result + return $__INTERNAL_tcf_result +}; # end of tcfRES }}} + + +# tcfOK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfOK + +Sets the global result to 0. + + tcfOK + +Returns global result. + +=cut + +tcfOK() { + tcfRES 0 +}; # end of tcfOK }}} + + +# tcfNOK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfNOK + +Sets the global result to 1 or given number. + + tcfNOK [number] + +=over + +=item number + +If present the global result is set to this value. + +=back + +Returns global result. + +=cut + +tcfNOK() { + if [[ -n "$1" ]]; then + [[ $1 -eq 0 ]] && echo "You have requested result '0'. You should use tcfOK instead." + tcfRES $1 + else + tcfRES 1 + fi +}; # end of tcfNOK }}} + + +# tcfE2R ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfE2R + +Converts exit code of previous command to local result if the exit code is not 0 +(zero). + + + tcfE2R [number] + +=over + +=item number + +If present use it instead of exit code. + +=back + +Returns original exit code or given number. + +=cut + +tcfE2R() { + local res=$? + [[ -n "$1" ]] && res=$1 + [[ $res -ne 0 ]] && tcfRES $res + return $res +}; # end of tcfE2R }}} + + +: <<'=cut' +=pod + +=head2 Functions for manipulation with the exit codes + +=cut + + +# tcfNEG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfNEG + +Negates exit code of previous command. + + + tcfNEG + +Returns 1 if original exit code was 0, otherwise returns 0. + +=cut + +tcfNEG() { + [[ $? -eq 0 ]] && return 1 || return 0 +}; # end of tcfNEG }}} + + +# tcfRun ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfRun + +Simmilar to rlRun but it also annouces the beginnign of the command. + + tcfRun [--fail-tag|-f TAG] command [exp_result [title]] + +Moreover if 'command not found' appears on STDERR it should produce WARNING. + +=over + +=item command + +Command to execute. + +=item exp_result + +Specification of expect resutl. + +It can be a list of values or intervals or * for any result. Also negation (!) can be used. + + Example: + + <=2,7,10-12,>252,!254 means following values 0,1,2,7,10,11,12,253,255 + +=item title + +Text which will be displayed and logged at the beginning and the end of command execution. + +=item --fail-tag | -f + +If the command fails use TAG instead of FAIL. + +=back + +Returns exit code of the executed command. + +=cut + +tcfRun() { + LogMore_ -f "begin $*" + optsBegin + optsAdd 'fail-tag|f' --mandatory + optsAdd 'timeout' --optional 'timeout="${1:-10}"' + optsAdd 'kill-timeout|kt' --mandatory --default 5 + optsAdd 'signal' --mandatory --default TERM + optsAdd 'check-code' --mandatory --default 'kill -0 $cmdpid >&/dev/null' + optsAdd 'kill-code' --mandatory --default '/bin/kill -$signal -- $cmdpid' + optsAdd 'allow-skip|as' --flag + optsAdd 'no-assert|n' --flag + optsDone; eval "${optsCode}" + LogMore_ -f "after opts $*" + [[ -z "$allowskip" ]] && tcfChk + local orig_expecode="${2:-0}" + local expecode="$orig_expecode" + [[ "$expecode" == "*" ]] && expecode="0-255" + local command="$1" + local comment="Running command '$command'" + [[ -n "$3" ]] && comment="$3" + [[ -n "$expecode" ]] && { + expecode=$(echo "$expecode" | tr ',-' '\n ' | sed -e 's/^!=/!/;s/^=//;s/^<=\(.\+\)$/0 \1/;s/^>=\(.\+\)$/\1 255/;s/^<\(.\+\)$/0 \$(( \1 - 1 ))/;s/^>\(.\+\)$/\$(( \1 + 1 )) 255/' | while read line; do [[ "$line" =~ ^[^\ ]+$ ]] && echo "$line" || eval seq $line; done; ) + tcfE2R + LogMoreLow -f "orig_expecode='$orig_expecode'" + LogMoreLow -f "expecode='$expecode'" + } + tcfTry ${noassert:+--no-assert} "$comment" && { + local errout=$(mktemp) + LogMoreLow -f "executing '$command'" + if [[ "$optsPresent" =~ $(echo "\") ]]; then + LogDebug -f "using watchdog feature" + local ec="$(mktemp)" + eval "$command; echo $? > $ec 2> >(tee $errout)" & + local cmdpid=$! + local time_start=$(date +%s) + local timeout_t=$(( $time_start + $timeout )) + while true; do + if ! eval "$checkcode"; then + Log "command finished in $(($(date +%s) - $time_start )) seconds" + local res="$(cat $ec)" + break + elif [[ $(date +%s) -ge $timeout_t ]]; then + echo + Log "command is still running, sending $signal signal" + eval "$killcode" + tcfNOK 255 + echo 255 > $ec + let timeout_t+=killtimeout + signal=KILL + fi + sleep 0.1 + done + rm -f $ec + else + eval "$command" 2> >(tee $errout) + local res=$? + fi + LogMoreLow -f "got '$res'" + local resmatch=$(echo "$expecode" | grep "^\!\?${res}$") + LogMoreLow -f "resmatch='$resmatch'" + [[ -n "$resmatch" && ! "$resmatch" =~ '!' ]] + if tcfE2R; then + ! grep -iq "command not found" $errout || { failtag='WARNING'; tcfNOK; } + else + Log "Expected result was '$orig_expecode', got '$res'!" + fi + tcfFin ${failtag:+--fail-tag "$failtag"}; } + rm -f $errout + [[ -z "$allowskip" ]] && tcfFin + LogMore_ -f "end $*" + return $res +}; # end of tcfRun }}} + + +: <<'=cut' +=pod + +=head2 Functions for logging + +=cut + + +# tcfAssert0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +tcfAssert0() { + LogMoreLow -f "begin '$*'" + local RES="${3:-FAIL}" + [[ $2 -eq 0 ]] && RES='PASS' + Log "$1" $RES + LogMoreLow -f "end" +}; # end of tcfAssert0 }}} + + +# tcfCheckFinal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +: <<'=cut' +=pod + +=head3 tcfCheckFinal + +Check that all tcfTry / tcfChk functions have been close by tcfFin. + + tcfCheckFinal + +=cut + +tcfCheckFinal() { + tcfAssert0 "Check that TCF block cache is empty" ${#__INTERNAL_tcf_current_level_data[@]} + tcfAssert0 "Check that TCF current level is 0" $__INTERNAL_tcf_current_level_val +}; # end of tcfCheckFinal }}} + + +echo "done." + +: <<'=cut' +=pod + +=head2 Self check functions + +=cut + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# tcfSelfCheck {{{ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +: <<'=cut' +=pod + +=head3 tcfSelfCheck + +Does some basic functionality tests. + + tcfSelfCheck + +The function is called also by the following command: + + ./lib.sh selfcheck + +=cut + + +tcfSelfCheck() { + tcfChk "check 1" &&{ + tcfTry "try 1.1 - true" &&{ + true + tcfFin;} + tcfTry "try 1.2 - false" &&{ + false + tcfFin;} + tcfTry "try 1.3 - true" &&{ + true + tcfFin;} + tcfFin;} + tcfChk "check 2" &&{ + tcfTry "try 2.1 - true" &&{ + true + tcfFin;} + tcfTry "try 2.2 - true - ignore" &&{ + true + tcfFin -i;} + tcfTry "try 2.3 - true" &&{ + true + tcfFin;} + tcfFin;} + tcfChk "check 3" &&{ + tcfTry "try 3.1 - true" &&{ + true + tcfFin;} + tcfTry "try 3.2 - false - ignore" &&{ + false + tcfFin -i;} + tcfTry "try 3.3 - true" &&{ + true + tcfFin;} + tcfFin;} + tcfCheckFinal + tcfAssert0 "Overall result" $(tcfRES -p) + LogReport +} +if [[ "$1" == "selfcheck" ]]; then + tcfSelfCheck +fi; # end of tcfSelfCheck }}} + + +# tcfLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +tcfLibraryLoaded() { + rlImport distribution/Log + declare -F rlDie > /dev/null && { + #rlJournalStart + #rlPhaseStartSetup "TCF" + echo -e "\nrunning inside the beakerlib - using rlAssert0" + true; tcfAssert0() { + local text="$1" + [[ "$3" != "FAIL" && "$3" != "PASS" ]] && text="$text - $3" + __INTERNAL_ConditionalAssert "$text" "$2" + } + __INTERNAL_tcf_do_hack + #rlPhaseEnd + #rlJournalEnd + }; + if declare -F rlE2R >& /dev/null; then + __INTERNAL_tcf_kill_old_plugin + fi + true +}; # end of tcfLibraryLoaded }}} + + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + + diff --git a/tests/sudoers-options-sanity-test/distribution/Library/testUser/Makefile b/tests/sudoers-options-sanity-test/distribution/Library/testUser/Makefile new file mode 100644 index 0000000..037162e --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/testUser/Makefile @@ -0,0 +1,60 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /distribution/Library/testUser +# Description: Block style coding with ability of skipping parts. +# Author: Dalibor Pospisil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/distribution/Library/testUser +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) lib.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Dalibor Pospisil " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Setup/cleanup standard testing user." >> $(METADATA) + @echo "Type: Library" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RhtsRequires: library(distribution/Log)" >> $(METADATA) + @echo "Provides: library(distribution/testUser)" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/sudoers-options-sanity-test/distribution/Library/testUser/lib.sh b/tests/sudoers-options-sanity-test/distribution/Library/testUser/lib.sh new file mode 100644 index 0000000..24da7a6 --- /dev/null +++ b/tests/sudoers-options-sanity-test/distribution/Library/testUser/lib.sh @@ -0,0 +1,234 @@ +#!/bin/bash +# try-check-final.sh +# Authors: Dalibor Pospíšil +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2012 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# library-prefix = testUser +# library-version = 7 +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +: <<'=cut' +=pod + +=head1 NAME + +BeakerLib library testUser + +=head1 DESCRIPTION + +This library provide s function for maintaining testing users. + +=head1 USAGE + +To use this functionality you need to import library distribution/testUser and add +following line to Makefile. + + @echo "RhtsRequires: library(distribution/testUser)" >> $(METADATA) + +=head1 VARIABLES + +=over + +=item testUser + +Array of testing user login names. + +=item testUserPasswd + +Array of testing users passwords. + +=item testUserUID + +Array of testing users UIDs. + +=item testUserGID + +Array of testing users primary GIDs. + +=item testUserGroup + +Array of testing users primary group names. + +=item testUserGIDs + +Array of space separated testing users all GIDs. + +=item testUserGroups + +Array of space separated testing users all group names. + +=item testUserGecos + +Array of testing users gecos fields. + +=item testUserHomeDir + +Array of testing users home directories. + +=item testUserShell + +Array of testing users default shells. + +=back + +=head1 FUNCTIONS + +=cut + +echo -n "loading library testUser... " + +: <<'=cut' +=pod + +=head3 testUserSetup, testUserCleanup + +Creates/removes testing user(s). + + rlPhaseStartSetup + testUserSetup [NUM] + rlPhaseEnd + + rlPhaseStartCleanup + testUserCleanup + rlPhaseEnd + +=over + +=item NUM + +Optional number of user to be created. If not specified one user is created. + +=back + +Returns 0 if success. + +=cut + + +testUserSetup() { + # parameter dictates how many users should be created, defaults to 1 + local res=0 + local count_created=0 + local count_wanted=${1:-"1"} + local index=0 + (( $count_wanted < 1 )) && return 1 + + while (( $count_created != $count_wanted ));do + let index++ + local newUser="testuser${index}" + local newUserPasswd="redhat" + id "$newUser" &> /dev/null && continue # if user with the name exists, try again + + # create + useradd -m $newUser >&2 || ((res++)) + echo "$newUserPasswd" | passwd --stdin $newUser || ((res++)) + + # save the users array + testUser+=($newUser) + testUserPasswd+=($newUserPasswd) + set | grep "^testUser=" > $__INTERNAL_testUser_users_file + set | grep "^testUserPasswd=" >> $__INTERNAL_testUser_users_file + ((count_created++)) + done + __INTERNAL_testUserRefillInfo || ((res++)) + + echo ${res} + [[ $res -eq 0 ]] +} + + +__INTERNAL_testUserRefillInfo() { + local res=0 + local user + testUserUID=() + testUserGID=() + testUserGroup=() + testUserGIDs=() + testUserGroups=() + testUserGecos=() + testUserHomeDir=() + testUserShell=() + + for user in ${testUser[@]}; do + local ent_passwd=$(getent passwd ${user}) || ((res++)) + local users_id="$(id ${user})" || ((res++)) + # testUser is filled during user creation - already present + # testUserPasswd is saved same way as testUser - already present + testUserUID+=("$(echo "$ent_passwd" | cut -d ':' -f 3)") + testUserGID+=("$(echo "$ent_passwd" | cut -d ':' -f 4)") + testUserGroup+=("$(echo "$users_id" | sed -r 's/.*gid=(\S+).*/\1/;s/[[:digit:]]+\(//g;s/\)//g;s/,/ /g')") + testUserGIDs+=("$(echo "$users_id" | sed -r 's/.*groups=(\S+).*/\1/;s/\([^\)]+\)//g;s/\)//g;s/,/ /g')") + testUserGroups+=("$(echo "$users_id" | sed -r 's/.*groups=(\S+).*/\1/;s/[[:digit:]]+\(//g;s/\)//g;s/,/ /g')") + testUserGecos+=("$(echo "$ent_passwd" | cut -d ':' -f 5)") + testUserHomeDir+=("$(echo "$ent_passwd" | cut -d ':' -f 6)") + testUserShell+=("$(echo "$ent_passwd" | cut -d ':' -f 7)") + done + + echo ${res} + [[ $res -eq 0 ]] +} + + +testUserCleanup() { + local res=0 + for user in ${testUser[@]}; do + userdel -rf "$user" >&2 || ((res++)) + done + unset testUser + __INTERNAL_testUserRefillInfo + rm -f $__INTERNAL_testUser_users_file >&2 || ((res++)) + + echo ${res} + [[ $res -eq 0 ]] +} + + + +# testUserLibraryLoaded ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {{{ +testUserLibraryLoaded() { + local res=0 + # necessary init steps + __INTERNAL_testUser_users_file="$BEAKERLIB_DIR/users" + + # try to fill in users array with previous data + [[ -f ${__INTERNAL_testUser_users_file} ]] && . ${__INTERNAL_testUser_users_file} >&2 + __INTERNAL_testUserRefillInfo >&2 || ((res++)) + + [[ $res -eq 0 ]] +}; # end of testUserLibraryLoaded }}} + + +: <<'=cut' +=pod + +=head1 AUTHORS + +=over + +=item * + +Dalibor Pospisil + +=back + +=cut + +echo "done." + diff --git a/tests/sudoers-options-sanity-test/runtest.sh b/tests/sudoers-options-sanity-test/runtest.sh new file mode 100755 index 0000000..b24299f --- /dev/null +++ b/tests/sudoers-options-sanity-test/runtest.sh @@ -0,0 +1,379 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/sudo/Sanity/sudoers-options-sanity-test +# Description: This sanity test checks pre-defined (some are commented) options (examples) in sudoers file. +# Author: Ales Marecek +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +rlJournalStart && { + rlPhaseStartSetup && { + [[ -z "$BEAKERLIB_LIBRARY_PATH" ]] && BEAKERLIB_LIBRARY_PATH="$(dirname "$(readlink -f "$0")")" + rlRun "rlImport --all" 0 "Import libraries" || rlDie "cannot continue" + tcfTry "Setup phase" && { + tcfRun "rlCheckMakefileRequires" + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + CleanupRegister "rlRun 'rm -r $TmpDir' 0 'Removing tmp directory'" + CleanupRegister 'rlRun "popd"' + rlRun "pushd $TmpDir" + CleanupRegister 'rlRun "rlFileRestore"' + rlRun "rlFileBackup --clean /etc/sudoers" + rpm -V sudo | grep /etc/sudoers && { + # we need clean config file that is shipped with package + rlRun "rm -rf /etc/sudoers" + rlRun "yum -y reinstall sudo" 0 "Reinstalling '${PACKAGE}' package" + }; : + CleanupRegister 'rlRun "testUserCleanup"' + rlRun "testUserSetup 2" + tcfFin; } + rlPhaseEnd; } + + tcfTry "Tests" --no-assert && { + rlPhaseStartTest "Active options test - active sudo settings" && { + if ( rlIsRHEL 6 && rlIsRHEL '>=6.8' ) || ( rlIsRHEL 7 && rlIsRHEL '>=7.3' ); then + _OPTIONS=("!visiblepw" "always_set_home" "env_reset") + elif rlIsRHEL; then + _OPTIONS=("requiretty" "!visiblepw" "always_set_home" "env_reset") + else + if rlIsFedora 20; then + _OPTIONS=("requiretty" "env_reset") + else + _OPTIONS=("!visiblepw" "env_reset") + fi + fi + for _OPTION in ${_OPTIONS[@]}; do + rlRun "grep '^Defaults\s\+${_OPTION}' /etc/sudoers" 0 "Test: '${_OPTION}' check" + done + rlPhaseEnd; } + + rlPhaseStartTest "Active options test - Evironment" && { + for _OPTION in DISPLAY HOSTNAME USERNAME LC_COLLATE LC_MESSAGES LC_TIME LC_ALL XAUTHORITY; do + rlRun "cat /etc/sudoers | grep '^Defaults\s\+env_keep' | grep '${_OPTION}'" 0 "Test: '${_OPTION}' check" + done + rlRun "grep '^Defaults\s\+secure_path\s\+=\s\+/sbin:/bin:/usr/sbin:/usr/bin' /etc/sudoers" 0 "Test: 'secure_path' check" + rlPhaseEnd; } + + rlPhaseStartTest "Commented options test - examples" && { + for _OPTION in "Host_Alias" "Cmnd_Alias" "User_Alias"; do + rlRun "grep \"^#.*${_OPTION}.*\" /etc/sudoers" 0 "Test: '${_OPTION}' check" + done + rlPhaseEnd; } + + rlPhaseStartTest "pam_service and pam_login_service" && { + CleanupRegister --mark 'rlRun "rlFileRestore --namespace pam_service"' + rlRun "rlFileBackup --namespace pam_service --clean /etc/pam.d/ /etc/sudoers" + rlRun "cat /etc/pam.d/sudo > /etc/pam.d/sudo2" + rlRun "cat /etc/pam.d/sudo-i > /etc/pam.d/sudo2-i" + rlRun "sed -i '/session.*pam_echo/d' /etc/pam.d/sudo" + rlRun "sed -i '/session.*pam_echo/d' /etc/pam.d/sudo-i" + rlRun "echo -e 'session\toptional\tpam_echo.so %%sudo pam_service' >> /etc/pam.d/sudo" + rlRun "echo -e 'session\toptional\tpam_echo.so %%sudo-i pam_login_service' >> /etc/pam.d/sudo-i" + rlRun "echo -e 'session\toptional\tpam_echo.so %%sudo2 pam_service' >> /etc/pam.d/sudo2" + rlRun "echo -e 'session\toptional\tpam_echo.so %%sudo2-i pam_login_service' >> /etc/pam.d/sudo2-i" + sudoers_file="$(cat /etc/sudoers)" + rlRun -s "sudo id" + rlAssertGrep '^%sudo pam_service' $rlRun_LOG + rm -f $rlRun_LOG + rlRun -s "sudo -i id" + rlAssertGrep '^%sudo-i pam_login_service' $rlRun_LOG + rm -f $rlRun_LOG + tcfChk "change pam service name" && { + echo "Defaults pam_service=sudo2" > /etc/sudoers + echo "Defaults pam_login_service=sudo2-i" >> /etc/sudoers + echo "$sudoers_file" >> /etc/sudoers + tcfFin; } + rlRun -s "sudo id" + rlAssertGrep '^%sudo2 pam_service' $rlRun_LOG + rm -f $rlRun_LOG + rlRun -s "sudo -i id" + rlAssertGrep '^%sudo2-i pam_login_service' $rlRun_LOG + rm -f $rlRun_LOG + CleanupDo --mark + rlPhaseEnd; } + + rlPhaseStartTest "User and Group settings" && { + rlRun "grep '^root\s\+ALL=(ALL)\s\+ALL' /etc/sudoers" 0 "Test: 'root' user check" + # specific "%wheel" command in RHEL-7 - allowing "wheel" group for super-trooper admin-needs by Anaconda + rlIsRHEL 4 5 6 + [ $? -eq 0 ] && rlRun "grep '^#.*%wheel\s\+ALL=(ALL)\s\+ALL' /etc/sudoers" 0 "Test: 'wheel' (commented) group check" || rlRun "grep '^%wheel\s\+ALL=(ALL)\s\+ALL' /etc/sudoers" 0 "Test: 'wheel' group check" + rlRun "grep '^#.*%sys' /etc/sudoers" 0 "Test: 'sys' (commented) group check" + rlPhaseEnd; } + + ! rlIsRHEL '<6' && rlPhaseStartTest 'env_check' && { + tcfChk "env_check" && { + tcfChk "setup phase" && { + rlRun "cat /etc/sudoers > sudoers" + CleanupRegister " + rlRun 'cat sudoers > /etc/sudoers' + rlRun \"export TZ='${TZ}'\" + " + clean_sudoers=$CleanupRegisterID + rlRun "echo 'Defaults env_check += \"TZ\"' >> /etc/sudoers" + rlRun "echo 'Defaults env_keep += \"TZ\"' >> /etc/sudoers" + rlRun "echo 'Defaults !authenticate' >> /etc/sudoers" + rlRun "sed -ri 's/(Defaults\s+)(requiretty)/\1!\2/' /etc/sudoers" + rlRun "cat -n /etc/sudoers | tr '\t' ' ' | grep -Pv '^ +[0-9]+ +(#|$)'" + tcfFin; } + tcfTry "test" && { + tcfChk "test allowed values" && { + for TZ in AB America/New_York /usr/share/zoneinfo/America/New_York; do + rlRun "export TZ='$TZ'" + rlRun -s "env" + rlAssertGrep "^TZ=$TZ" $rlRun_LOG + rm -f $rlRun_LOG + rlRun -s "sudo env" + rlAssertGrep "^TZ=$TZ" $rlRun_LOG + rm -f $rlRun_LOG + done + tcfFin; } + tcfChk "test wrong values" && { + for TZ in "A B" \ + /etc/hosts \ + /usr/share/zoneinfo/../zoneinfo/America/New_York \ + 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 \ + ; do + rlRun "export TZ='$TZ'" + rlRun -s "env" + rlAssertGrep "^TZ=$TZ" $rlRun_LOG + rm -f $rlRun_LOG + rlRun -s "sudo env" + rlAssertNotGrep "^TZ=$TZ" $rlRun_LOG + rm -f $rlRun_LOG + done + tcfFin; } + tcfFin; } + tcfChk "cleanup phase" && { + CleanupDo $clean_sudoers + tcfFin; } + tcfFin; } + rlPhaseEnd; } + + rlPhaseStartTest "test, requiretty" && { + tcfChk && { + tcfChk "setup" && { + CleanupRegister --mark 'rlRun "rlFileRestore --namespace requiretty"' + rlRun "rlFileBackup --clean --namespace requiretty /etc/sudoers" + rlRun "echo '$testUser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" + tcfFin; } + + tcfTry && { + tcfChk "test, requiretty" && { + rlRun "sed -i '/requiretty/d' /etc/sudoers" + rlRun "echo 'Defaults requiretty' >> /etc/sudoers" + rlRun -s "nohup su -l -c 'sudo id' $testUser > /dev/stdout" 1 + rlAssertGrep 'you must have a tty' $rlRun_LOG + rm -f $rlRun_LOG + tcfFin; } + + tcfChk "test, !requiretty" && { + rlRun "sed -i '/requiretty/d' /etc/sudoers" + rlRun "echo 'Defaults !requiretty' >> /etc/sudoers" + rlRun "nohup su -l -c 'sudo id' $testUser > /dev/stdout" + tcfFin; } + tcfFin; } + + tcfChk "cleanup" && { + CleanupDo --mark + tcfFin; } + tcfFin; } + rlPhaseEnd; } + + if ! rlIsRHEL '<7.4'; then + rlPhaseStartTest "test, iolog" && { + tcfChk && { + iolog_config() { + rlLog "create config" + cat > /etc/sudoers.d/iolog < /etc/sudoers.d/test <& /dev/null && { + postsuper -d ALL + } + [[ -e /var/spool/mqueue/ ]] && [[ -n "$(ls -1 /var/spool/mqueue/)" ]] && { + rm -rf /var/spool/mqueue/* + } + [[ -e /var/spool/clientmqueue/ ]] && [[ -n "$(ls -1 /var/spool/clientmqueue/)" ]] && { + rm -rf /var/spool/clientmqueue/* + } + [[ -e /var/spool/postfix/maildrop/ ]] && [[ -n "$(ls -1 /var/spool/postfix/maildrop/)" ]] && { + rm -rf /var/spool/postfix/maildrop/* + } + } + get_last_mail_log() { + sleep 1 + tail -n +$(($last_line_num + 1)) /var/log/maillog | grep -iv 'connection timed out' > last_mail.log + mailq >> last_mail.log + mailq -Ac >> last_mail.log + rlRun "cat last_mail.log" 0-255 + clean_mail_queue + last_line_num=`cat /var/log/maillog | wc -l` + } + tcfChk "setup" && { + CleanupRegister --mark 'rlRun "rlFileRestore --namespace MAIL"' + rlRun "rlFileBackup --clean --namespace MAIL /etc/sudoers.d/test" + clean_mail_queue + get_last_mail_log + tcfFin; } + + tcfTry "test" && { + + tcfChk "test, mail_always test" && { + create_config mail_always + rlRun "su -c 'sudo /bin/ls /' - $testUser" 0 + get_last_mail_log + rlAssertGrep 'emailto@domain.com' last_mail.log -iq + tcfFin; } + + tcfChk "test, NOMAIL test" && { + create_config mail_always NOMAIL: + last_line_num=`cat /var/log/maillog | wc -l` + rlRun "su -c 'sudo /bin/ls /' - $testUser" 0 + get_last_mail_log + rlAssertNotGrep 'emailto@domain.com' last_mail.log -iq + rlRun "su -c 'sudo /bin/ls /' - ${testUser[1]}" 0 + get_last_mail_log + rlAssertGrep 'emailto@domain.com' last_mail.log -iq + tcfFin; } + + tcfChk "test, MAIL test" && { + create_config '' MAIL: + last_line_num=`cat /var/log/maillog | wc -l` + rlRun "su -c 'sudo /bin/ls /' - $testUser" 0 + get_last_mail_log + rlAssertGrep 'emailto@domain.com' last_mail.log -iq + rlRun "su -c 'sudo /bin/ls /' - ${testUser[1]}" 0 + get_last_mail_log + rlAssertNotGrep 'emailto@domain.com' last_mail.log -iq + tcfFin; } + + tcfFin; } + + tcfChk "cleanup" && { + CleanupDo --mark + tcfFin; } + tcfFin; } + rlPhaseEnd; } + + rlPhaseStartTest "test mute unknown defaults" && { + CleanupRegister --mark 'rlRun "rlFileRestore --namespace mute_unknown"' + rlRun "rlFileBackup --clean --namespace mute_unknown /etc/sudoers.d/test" + cat > /etc/sudoers.d/test < /etc/sudoers.d/test < +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Ales Marecek " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution." >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 15m" >> $(METADATA) + @echo "RunFor: sudo" >> $(METADATA) + @echo "Requires: sudo" >> $(METADATA) + @echo "Requires: sed" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: rpm-build" >> $(METADATA) + @echo "Requires: yum-utils" >> $(METADATA) + @echo "Requires: make" >> $(METADATA) + @echo "Requires: libcap-devel" >> $(METADATA) + @echo "Requires: audit-libs-devel" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/upstream-testsuite-execution-and-rebuild-test/PURPOSE b/tests/upstream-testsuite-execution-and-rebuild-test/PURPOSE new file mode 100644 index 0000000..26ca2b6 --- /dev/null +++ b/tests/upstream-testsuite-execution-and-rebuild-test/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test +Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution. +Author: Ales Marecek diff --git a/tests/upstream-testsuite-execution-and-rebuild-test/runtest.sh b/tests/upstream-testsuite-execution-and-rebuild-test/runtest.sh new file mode 100755 index 0000000..8748a8c --- /dev/null +++ b/tests/upstream-testsuite-execution-and-rebuild-test/runtest.sh @@ -0,0 +1,80 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/sudo/Sanity/upstream-testsuite-execution-and-rebuild-test +# Description: This test rebuild sudo source rpm and checks that rebuild is OK. The second - main - part is about upstream testsuite execution. +# Author: Ales Marecek +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="sudo" +_SPEC_DIR="$(rpm --eval=%_specdir)" +_BUILD_DIR="$(rpm --eval=%_builddir)" +_LOG_REBUILD_F="${PACKAGE}-rebuild.log" +_LOG_TESTSUITE_F="${PACKAGE}-testsuite.log" + + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + # Source package is needed for code inspection + rlFetchSrcForInstalled "${PACKAGE}" || yumdownloader --source "${PACKAGE}" + rlRun "find . -size 0 -delete" 0 "Remove empty src.rpm-s" + rlRun "yum-builddep -y --nogpgcheck ${PACKAGE}-*.src.rpm" 0 "Installing build dependencies" + [ -d ${_BUILD_DIR} ] && rlRun "rm -rf ${_BUILD_DIR}/*" 0 "Cleaning build directory" + rlRun "rpm -ivh ${PACKAGE}-*.src.rpm" 0 "Installing source rpm" + rlPhaseEnd + + rlPhaseStartTest + rlRun "QA_RPATHS=0x0002 rpmbuild -ba ${_SPEC_DIR}/${PACKAGE}.spec" 0 "Test: Rebuild of source '${PACKAGE}' package" + rlGetPhaseState + if [ $? -eq 0 ]; then + cd ${_BUILD_DIR}/${PACKAGE}-* + rlRun -s "make check" 0 "Test: Upstream testsuite" + cd ${TmpDir} + while read -r I; do + if [[ "$I" =~ $(echo '([^:]+): .+ tests run, .+ errors, (.*)% success rate') ]]; then + [[ "${BASH_REMATCH[2]}" == "100" ]] + rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $? + elif [[ "$I" =~ $(echo "([^:]+): .+ tests passed; (.+)/.+ tests failed") ]]; then + [[ "${BASH_REMATCH[2]}" == "0" ]] + rlAssert0 "Test: Checking tests of '${BASH_REMATCH[1]}'" $? + fi + done < $rlRun_LOG + rm -f $rlRun_LOG + else + rlFail "Skipping testsuite part because rebuild part failed." + fi + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/use_pty-option/Makefile b/tests/use_pty-option/Makefile new file mode 100644 index 0000000..e0cb676 --- /dev/null +++ b/tests/use_pty-option/Makefile @@ -0,0 +1,72 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/sudo/Sanity/use_pty-option +# Description: checks if use_pty option in /etc/sudoers works as expected +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/sudo/Sanity/use_pty-option +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE forker.sh ssh-sudo.exp + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + chmod a+x ssh-sudo.exp + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: checks if use_pty option in /etc/sudoers works as expected" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 10m" >> $(METADATA) + @echo "RunFor: sudo" >> $(METADATA) + @echo "Requires: sudo" >> $(METADATA) + @echo "Requires: iputils" >> $(METADATA) + @echo "Requires: sed" >> $(METADATA) + @echo "Requires: grep" >> $(METADATA) + @echo "Requires: mktemp" >> $(METADATA) + @echo "Requires: openssh-server" >> $(METADATA) + @echo "Requires: openssh-clients" >> $(METADATA) + @echo "Requires: expect" >> $(METADATA) + @echo "Requires: shadow-utils" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/use_pty-option/PURPOSE b/tests/use_pty-option/PURPOSE new file mode 100644 index 0000000..ecc2748 --- /dev/null +++ b/tests/use_pty-option/PURPOSE @@ -0,0 +1,4 @@ +PURPOSE of /CoreOS/sudo/Sanity/use_pty-option +Description: checks if use_pty option in /etc/sudoers works as expected +Author: Milos Malik + diff --git a/tests/use_pty-option/forker.sh b/tests/use_pty-option/forker.sh new file mode 100644 index 0000000..0eecf07 --- /dev/null +++ b/tests/use_pty-option/forker.sh @@ -0,0 +1,5 @@ +#!/bin/bash +for i in `seq 1 10`; do + ( ping -c 10 -q www.redhat.com & ) +done + diff --git a/tests/use_pty-option/runtest.sh b/tests/use_pty-option/runtest.sh new file mode 100755 index 0000000..054d752 --- /dev/null +++ b/tests/use_pty-option/runtest.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/sudo/Sanity/use_pty-option +# Description: checks if use_pty option in /etc/sudoers works as expected +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2011 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh + +PACKAGE="sudo" +USER_NAME="user${RANDOM}" +USER_SECRET="s3kr3T${RANDOM}" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE} + OUTPUT_FILE=`mktemp` + rlFileBackup /etc/sudoers + rlFileBackup --clean ~/.ssh + + rlRun "useradd ${USER_NAME}" + rlRun "echo ${USER_SECRET} | passwd --stdin ${USER_NAME}" + rlRun "cp ./forker.sh /home/${USER_NAME}/" + rlRun "chown ${USER_NAME}:${USER_NAME} /home/${USER_NAME}/forker.sh" + rlRun "chmod u+x /home/${USER_NAME}/forker.sh" + rlRun "echo \"${USER_NAME} ALL = NOPASSWD: /home/${USER_NAME}/forker.sh\" >> /etc/sudoers" + rlRun "sed -i 's/^.*requiretty.*$//' /etc/sudoers" + rlRun "echo \"Defaults !requiretty\" >> /etc/sudoers" + rlRun "> ~/.ssh/known_hosts" + rlPhaseEnd + + rlPhaseStartTest "use_pty option is enabled" + rlRun "sed -i 's/^.*use_pty.*$//' /etc/sudoers" + rlRun "echo \"Defaults use_pty\" >> /etc/sudoers" + rlRun "./ssh-sudo.exp ${USER_NAME} ${USER_SECRET} localhost ./forker.sh 2>&1 | tee ${OUTPUT_FILE}" + rlAssertNotGrep "ping statistics" ${OUTPUT_FILE} + rlPhaseEnd + + rlPhaseStartTest "use_pty option is disabled" + rlRun "sed -i 's/^.*use_pty.*$//' /etc/sudoers" + rlRun "echo \"Defaults !use_pty\" >> /etc/sudoers" + rlRun "./ssh-sudo.exp ${USER_NAME} ${USER_SECRET} localhost ./forker.sh 2>&1 | tee ${OUTPUT_FILE}" + rlAssertGrep "ping statistics" ${OUTPUT_FILE} + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "userdel -rf ${USER_NAME}" + rlFileRestore + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/use_pty-option/ssh-sudo.exp b/tests/use_pty-option/ssh-sudo.exp new file mode 100755 index 0000000..afbac4c --- /dev/null +++ b/tests/use_pty-option/ssh-sudo.exp @@ -0,0 +1,20 @@ +#!/usr/bin/expect -f +# usage: +# ./ssh-sudo.exp username password hostname command +set username [lrange $argv 0 0] +set password [lrange $argv 1 1] +set hostname [lrange $argv 2 2] +set command [lrange $argv 3 3] +set timeout 15 +spawn ssh $username@$hostname sudo $command +expect "*yes/no*" { + send -- "yes\r" +} +expect "*assword*" { + send -- "$password\r" +} +expect "*assword*" { + send -- "$password\r" +} +expect eof + From ddbf4e5ddd54baf1171de317b779288b93509bfa Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Thu, 14 Dec 2017 12:08:51 +0100 Subject: [PATCH 05/84] Update to 1.8.22b1 - Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 --- .gitignore | 1 + sources | 2 +- sudo.spec | 12 ++++++++---- sudoers | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 63000a2..ae4cd94 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ /sudo-1.8.20p1.tar.gz /sudo-1.8.20p2.tar.gz /sudo-1.8.21p2.tar.gz +/sudo-1.8.22b1.tar.gz diff --git a/sources b/sources index a15d86f..f20f88b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c +SHA512 (sudo-1.8.22b1.tar.gz) = 2289e0203898feccb31529899230b7e1f5e634af5e71d252628dc9a6f1bc73257f3b44d0068f1cba244cc33fa677538c327fcd291537811ac57fd4b65dc5a4ea diff --git a/sudo.spec b/sudo.spec index 0e3f504..9e7bdf6 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,12 +2,12 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.21p2 -Release: 1%{?dist} +Version: 1.8.22 +Release: 0.1.b1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz Source1: sudoers Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam @@ -50,7 +50,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q +%setup -q -n sudo-1.8.22b1 %patch1 -p1 -b .strip @@ -204,6 +204,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sudo_plugin.8* %changelog +* Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 +- update to 1.8.22b1 +- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 + * Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 - update to 1.8.21p2 - Moved libsudo_util.so from the -devel sub-package to main package (1481225) diff --git a/sudoers b/sudoers index bc4d793..17afb17 100644 --- a/sudoers +++ b/sudoers @@ -61,7 +61,7 @@ Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" -Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin +Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple From 29adaddcb8dee31af57d698fe20dfb84ff6ba7c6 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 14 Dec 2017 10:36:14 -0500 Subject: [PATCH 06/84] Drop legacy %post chmod /etc/sudoers The RPM permissions have been set at `0440` for a long, long time. This `%post` invocation dates beyond the import from CVS in 2004. Further, this change will actually *undo* local admin changes to use e.g. `0600` or something if they want to harden it further. This is similar to: https://src.fedoraproject.org/rpms/nfs-utils/pull-request/1 I'm just making this change as it shows up as error spew when doing `rpm-ostree compose tree`. --- sudo.spec | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sudo.spec b/sudo.spec index 9e7bdf6..304096f 100644 --- a/sudo.spec +++ b/sudo.spec @@ -192,11 +192,6 @@ rm -rf $RPM_BUILD_ROOT %license doc/LICENSE %exclude %{_pkgdocdir}/ChangeLog - -# Make sure permissions are ok even if we're updating -%post -/bin/chmod 0440 /etc/sudoers || : - %files devel %defattr(-,root,root,-) %doc plugins/sample/sample_plugin.c From 41ef6145c08c27f7e1146fbce71bb0052f8273cd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 9 Feb 2018 17:52:13 +0000 Subject: [PATCH 07/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 9e7bdf6..e98e499 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.22 -Release: 0.1.b1%{?dist} +Release: 0.2.b1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -204,6 +204,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sudo_plugin.8* %changelog +* Fri Feb 09 2018 Fedora Release Engineering - 1.8.22-0.2.b1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 - update to 1.8.22b1 - Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 From 9bb27fa63d90d5fcefa2cab81adf9f6e4603ec16 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Wed, 14 Feb 2018 08:52:13 +0100 Subject: [PATCH 08/84] Remove %clean section None of currently supported distributions need that. Last one was EL5 which is EOL for a while. Signed-off-by: Igor Gnatenko --- sudo.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/sudo.spec b/sudo.spec index e98e499..a1b5c57 100644 --- a/sudo.spec +++ b/sudo.spec @@ -153,9 +153,6 @@ session include sudo EOF -%clean -rm -rf $RPM_BUILD_ROOT - %files -f sudo_all.lang %defattr(-,root,root) %attr(0440,root,root) %config(noreplace) /etc/sudoers From 81b76510d4b722fe399c2db0ab4618a1f5437cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= Date: Wed, 18 Apr 2018 12:54:42 +0200 Subject: [PATCH 09/84] update to 1.8.23b3 --- .gitignore | 1 + sources | 2 +- sudo.spec | 17 ++++++++++------- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index ae4cd94..06c8c3f 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ /sudo-1.8.20p2.tar.gz /sudo-1.8.21p2.tar.gz /sudo-1.8.22b1.tar.gz +/sudo-1.8.23b3.tar.gz diff --git a/sources b/sources index f20f88b..bba3c71 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.22b1.tar.gz) = 2289e0203898feccb31529899230b7e1f5e634af5e71d252628dc9a6f1bc73257f3b44d0068f1cba244cc33fa677538c327fcd291537811ac57fd4b65dc5a4ea +SHA512 (sudo-1.8.23b3.tar.gz) = ee1b93f5729e1000c13519ef716b22399884b029f4b1ce79420f8a1fe71b5456c37a475c6217397717d383d8bcb3896637673cc11bf7610d29a2c7cf798c1de4 diff --git a/sudo.spec b/sudo.spec index a1b5c57..37a4bea 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,12 +2,12 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.22 -Release: 0.2.b1%{?dist} +Version: 1.8.23 +Release: 0.1.b3%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b3.tar.gz Source1: sudoers Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam @@ -50,7 +50,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n sudo-1.8.22b1 +%setup -q -n sudo-1.8.23b3 %patch1 -p1 -b .strip @@ -111,9 +111,6 @@ rm -f sudo.conf chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files -# Remove execute permission on this script so we don't pull in perl deps -chmod -x $RPM_BUILD_ROOT%{_pkgdocdir}/sudoers2ldif - # Don't package LICENSE as a doc rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE @@ -167,6 +164,7 @@ EOF %{_bindir}/sudoedit %attr(0111,root,root) %{_bindir}/sudoreplay %attr(0755,root,root) %{_sbindir}/visudo +%{_bindir}/cvtsudoers %dir %{_libexecdir}/sudo %attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so @@ -183,6 +181,8 @@ EOF %{_mandir}/man8/sudoedit.8* %{_mandir}/man8/sudoreplay.8* %{_mandir}/man8/visudo.8* +%{_mandir}/man1/cvtsudoers.1.gz +%{_mandir}/man5/sudoers_timestamp.5.gz %dir %{_pkgdocdir}/ %{_pkgdocdir}/* %{!?_licensedir:%global license %%doc} @@ -201,6 +201,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 +- update to 1.8.23b3 + * Fri Feb 09 2018 Fedora Release Engineering - 1.8.22-0.2.b1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From 9d54237c1d47532b9bef9257d489de9b59a4ac90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= Date: Wed, 9 May 2018 13:48:35 +0200 Subject: [PATCH 10/84] update to 1.8.23 --- .gitignore | 1 + sources | 2 +- sudo.spec | 9 ++++++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 06c8c3f..aeb7960 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /sudo-1.8.21p2.tar.gz /sudo-1.8.22b1.tar.gz /sudo-1.8.23b3.tar.gz +/sudo-1.8.23.tar.gz diff --git a/sources b/sources index bba3c71..1aac8dc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.23b3.tar.gz) = ee1b93f5729e1000c13519ef716b22399884b029f4b1ce79420f8a1fe71b5456c37a475c6217397717d383d8bcb3896637673cc11bf7610d29a2c7cf798c1de4 +SHA512 (sudo-1.8.23.tar.gz) = a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342 diff --git a/sudo.spec b/sudo.spec index 37a4bea..fe6c25b 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,11 +3,11 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.23 -Release: 0.1.b3%{?dist} +Release: 1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b3.tar.gz +Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source1: sudoers Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam @@ -50,7 +50,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n sudo-1.8.23b3 +%setup -q %patch1 -p1 -b .strip @@ -201,6 +201,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Wed May 09 2018 Daniel Kopecek - 1.8.23-1 +- update to 1.8.23 + * Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 - update to 1.8.23b3 From f00f011f65f5c0a0d777ec9ac45c485ed6d3696f Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Thu, 14 Dec 2017 12:08:51 +0100 Subject: [PATCH 11/84] Update to 1.8.22b1 - Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 --- .gitignore | 1 + sources | 2 +- sudo.spec | 12 ++++++++---- sudoers | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 63000a2..ae4cd94 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ /sudo-1.8.20p1.tar.gz /sudo-1.8.20p2.tar.gz /sudo-1.8.21p2.tar.gz +/sudo-1.8.22b1.tar.gz diff --git a/sources b/sources index a15d86f..f20f88b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c +SHA512 (sudo-1.8.22b1.tar.gz) = 2289e0203898feccb31529899230b7e1f5e634af5e71d252628dc9a6f1bc73257f3b44d0068f1cba244cc33fa677538c327fcd291537811ac57fd4b65dc5a4ea diff --git a/sudo.spec b/sudo.spec index 95e3801..e180689 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,12 +2,12 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.21p2 -Release: 1%{?dist} +Version: 1.8.22 +Release: 0.1.b1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz Source1: sudoers Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: /etc/pam.d/system-auth @@ -50,7 +50,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q +%setup -q -n sudo-1.8.22b1 %patch1 -p1 -b .strip @@ -204,6 +204,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/sudo_plugin.8* %changelog +* Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 +- update to 1.8.22b1 +- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 + * Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 - update to 1.8.21p2 - Moved libsudo_util.so from the -devel sub-package to main package (1481225) diff --git a/sudoers b/sudoers index bc4d793..17afb17 100644 --- a/sudoers +++ b/sudoers @@ -61,7 +61,7 @@ Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" -Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin +Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple From 9816ce33713bb67ffa93eea5aed793e9c8493d4e Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Wed, 14 Feb 2018 08:52:13 +0100 Subject: [PATCH 12/84] Remove %clean section None of currently supported distributions need that. Last one was EL5 which is EOL for a while. Signed-off-by: Igor Gnatenko --- sudo.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/sudo.spec b/sudo.spec index e180689..890d98e 100644 --- a/sudo.spec +++ b/sudo.spec @@ -153,9 +153,6 @@ session include sudo EOF -%clean -rm -rf $RPM_BUILD_ROOT - %files -f sudo_all.lang %defattr(-,root,root) %attr(0440,root,root) %config(noreplace) /etc/sudoers From d2506f5e1bcfbda503ba096af79b10cc9c7f29d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= Date: Wed, 18 Apr 2018 12:54:42 +0200 Subject: [PATCH 13/84] update to 1.8.23b3 --- .gitignore | 1 + sources | 2 +- sudo.spec | 18 +++++++++++++----- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index ae4cd94..06c8c3f 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ /sudo-1.8.20p2.tar.gz /sudo-1.8.21p2.tar.gz /sudo-1.8.22b1.tar.gz +/sudo-1.8.23b3.tar.gz diff --git a/sources b/sources index f20f88b..bba3c71 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.22b1.tar.gz) = 2289e0203898feccb31529899230b7e1f5e634af5e71d252628dc9a6f1bc73257f3b44d0068f1cba244cc33fa677538c327fcd291537811ac57fd4b65dc5a4ea +SHA512 (sudo-1.8.23b3.tar.gz) = ee1b93f5729e1000c13519ef716b22399884b029f4b1ce79420f8a1fe71b5456c37a475c6217397717d383d8bcb3896637673cc11bf7610d29a2c7cf798c1de4 diff --git a/sudo.spec b/sudo.spec index 890d98e..2c1d0ba 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,12 +2,17 @@ Summary: Allows restricted root access for specified users Name: sudo +<<<<<<< HEAD Version: 1.8.22 Release: 0.1.b1%{?dist} +======= +Version: 1.8.23 +Release: 0.1.b3%{?dist} +>>>>>>> 81b7651... update to 1.8.23b3 License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b3.tar.gz Source1: sudoers Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: /etc/pam.d/system-auth @@ -50,7 +55,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n sudo-1.8.22b1 +%setup -q -n sudo-1.8.23b3 %patch1 -p1 -b .strip @@ -111,9 +116,6 @@ rm -f sudo.conf chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files -# Remove execute permission on this script so we don't pull in perl deps -chmod -x $RPM_BUILD_ROOT%{_pkgdocdir}/sudoers2ldif - # Don't package LICENSE as a doc rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE @@ -167,6 +169,7 @@ EOF %{_bindir}/sudoedit %attr(0111,root,root) %{_bindir}/sudoreplay %attr(0755,root,root) %{_sbindir}/visudo +%{_bindir}/cvtsudoers %dir %{_libexecdir}/sudo %attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so @@ -183,6 +186,8 @@ EOF %{_mandir}/man8/sudoedit.8* %{_mandir}/man8/sudoreplay.8* %{_mandir}/man8/visudo.8* +%{_mandir}/man1/cvtsudoers.1.gz +%{_mandir}/man5/sudoers_timestamp.5.gz %dir %{_pkgdocdir}/ %{_pkgdocdir}/* %{!?_licensedir:%global license %%doc} @@ -201,6 +206,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 +- update to 1.8.23b3 + * Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 - update to 1.8.22b1 - Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 From 7d0c79cb1076859942747eea4f3da4614949c5f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= Date: Wed, 9 May 2018 13:48:35 +0200 Subject: [PATCH 14/84] update to 1.8.23 --- .gitignore | 1 + sources | 2 +- sudo.spec | 14 ++++++-------- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 06c8c3f..aeb7960 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /sudo-1.8.21p2.tar.gz /sudo-1.8.22b1.tar.gz /sudo-1.8.23b3.tar.gz +/sudo-1.8.23.tar.gz diff --git a/sources b/sources index bba3c71..1aac8dc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.23b3.tar.gz) = ee1b93f5729e1000c13519ef716b22399884b029f4b1ce79420f8a1fe71b5456c37a475c6217397717d383d8bcb3896637673cc11bf7610d29a2c7cf798c1de4 +SHA512 (sudo-1.8.23.tar.gz) = a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342 diff --git a/sudo.spec b/sudo.spec index 2c1d0ba..00a3ed8 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,17 +2,12 @@ Summary: Allows restricted root access for specified users Name: sudo -<<<<<<< HEAD -Version: 1.8.22 -Release: 0.1.b1%{?dist} -======= Version: 1.8.23 -Release: 0.1.b3%{?dist} ->>>>>>> 81b7651... update to 1.8.23b3 +Release: 1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b3.tar.gz +Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source1: sudoers Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: /etc/pam.d/system-auth @@ -55,7 +50,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n sudo-1.8.23b3 +%setup -q %patch1 -p1 -b .strip @@ -206,6 +201,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Wed May 09 2018 Daniel Kopecek - 1.8.23-1 +- update to 1.8.23 + * Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 - update to 1.8.23b3 From 126b2225b3ad239a20c4a65b104493253ec0d09f Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 3 Jul 2018 16:12:49 -0400 Subject: [PATCH 15/84] defattr no longer needed https://fedoraproject.org/wiki/Packaging:Guidelines#File_Permissions --- sudo.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sudo.spec b/sudo.spec index fe6c25b..000a261 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.23 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -151,7 +151,6 @@ EOF %files -f sudo_all.lang -%defattr(-,root,root) %attr(0440,root,root) %config(noreplace) /etc/sudoers %attr(0750,root,root) %dir /etc/sudoers.d/ %config(noreplace) /etc/pam.d/sudo @@ -195,12 +194,14 @@ EOF /bin/chmod 0440 /etc/sudoers || : %files devel -%defattr(-,root,root,-) %doc plugins/sample/sample_plugin.c %{_includedir}/sudo_plugin.h %{_mandir}/man8/sudo_plugin.8* %changelog +* Tue Jul 03 2018 Matthew Miller - 1.8.23-2 +- remove defattr, as default is now sane + * Wed May 09 2018 Daniel Kopecek - 1.8.23-1 - update to 1.8.23 From 5d1426712a2adc8b3330e84f21bc3a3a72c902ce Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 14 Jul 2018 06:51:35 +0000 Subject: [PATCH 16/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 000a261..434b5be 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.23 -Release: 2%{?dist} +Release: 3%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -199,6 +199,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Sat Jul 14 2018 Fedora Release Engineering - 1.8.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Tue Jul 03 2018 Matthew Miller - 1.8.23-2 - remove defattr, as default is now sane From 4f41fcf52f2c0fc1485d4b6d7e5ef4f476824a6a Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 10 Sep 2018 13:08:04 +0200 Subject: [PATCH 17/84] Rebase sudo to latest stable version - install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968) --- .gitignore | 1 + sources | 2 +- sudo.spec | 14 +++++++++----- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index aeb7960..f0d2b79 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /sudo-1.8.22b1.tar.gz /sudo-1.8.23b3.tar.gz /sudo-1.8.23.tar.gz +/sudo-1.8.25.tar.gz diff --git a/sources b/sources index 1aac8dc..aa1032a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.23.tar.gz) = a9d61850a4857bfd075547a13efb13b054e4736e3ebe3c8a98a90a090b1d9b9688354ec9725fc99d1d256999b6f9c6ae6215ce9770fcdebd7f24731107b48342 +SHA512 (sudo-1.8.25.tar.gz) = f3f0c9e315484e5ba2d535f41ab722881343b1fa299f75cfad456bd41a555d80080369677e62626307df792aeabc29ba450e6f0b9c284ea2cfb8dc5e3568f46d diff --git a/sudo.spec b/sudo.spec index 434b5be..566efd7 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,8 +2,8 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.23 -Release: 3%{?dist} +Version: 1.8.25 +Release: 1%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -103,10 +103,10 @@ install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers #add sudo to protected packages -install -p -d -m 755 $RPM_BUILD_ROOT/etc/yum/protected.d/ +install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/ touch sudo.conf echo sudo > sudo.conf -install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/yum/protected.d/ +install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/ rm -f sudo.conf chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files @@ -156,7 +156,7 @@ EOF %config(noreplace) /etc/pam.d/sudo %config(noreplace) /etc/pam.d/sudo-i %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf -%attr(0644,root,root) /etc/yum/protected.d/sudo.conf +%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf %dir /var/db/sudo %dir /var/db/sudo/lectured %attr(4111,root,root) %{_bindir}/sudo @@ -199,6 +199,10 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Mon Sep 10 2018 Radovan Sroka 1.8.25-1 +- rebase sudo to latest stawble version +- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968) + * Sat Jul 14 2018 Fedora Release Engineering - 1.8.23-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 44df529c9604cace879b3ec84f32ac4c3caea652 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 1 Oct 2018 12:55:58 +0200 Subject: [PATCH 18/84] Rebase sudo to 1.8.25p1 --- .gitignore | 1 + sources | 2 +- sudo.spec | 5 ++++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index f0d2b79..5199bbf 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /sudo-1.8.23b3.tar.gz /sudo-1.8.23.tar.gz /sudo-1.8.25.tar.gz +/sudo-1.8.25p1.tar.gz diff --git a/sources b/sources index aa1032a..4a345d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.25.tar.gz) = f3f0c9e315484e5ba2d535f41ab722881343b1fa299f75cfad456bd41a555d80080369677e62626307df792aeabc29ba450e6f0b9c284ea2cfb8dc5e3568f46d +SHA512 (sudo-1.8.25p1.tar.gz) = b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72 diff --git a/sudo.spec b/sudo.spec index 566efd7..5baa011 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,7 +2,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.25 +Version: 1.8.25p1 Release: 1%{?dist} License: ISC Group: Applications/System @@ -199,6 +199,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Mon Oct 01 2018 Radovan Sroka 1.8.25p1-1 +- rebase sudo to 1.8.25p1 + * Mon Sep 10 2018 Radovan Sroka 1.8.25-1 - rebase sudo to latest stawble version - install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968) From 977357a694bb88b27d185f5ddfd1765188c164f3 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:18:26 +0100 Subject: [PATCH 19/84] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- sudo.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/sudo.spec b/sudo.spec index 5baa011..8992984 100644 --- a/sudo.spec +++ b/sudo.spec @@ -5,7 +5,6 @@ Name: sudo Version: 1.8.25p1 Release: 1%{?dist} License: ISC -Group: Applications/System URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source1: sudoers @@ -42,7 +41,6 @@ on many different machines. %package devel Summary: Development files for %{name} -Group: Development/Libraries Requires: %{name} = %{version}-%{release} %description devel From 9bdb7bba3be1f42d2488e3f7aa1b0a6c37fb9936 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Tue, 29 Jan 2019 05:36:33 +0100 Subject: [PATCH 20/84] Remove obsolete BuildRoot tag Signed-off-by: Igor Gnatenko --- sudo.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 8992984..70d6ff1 100644 --- a/sudo.spec +++ b/sudo.spec @@ -8,7 +8,6 @@ License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source1: sudoers -Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam Recommends: vim-minimal Requires(post): coreutils From bd4c63f292a8a8849a839f93aa6e9b362e63ea6f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 3 Feb 2019 08:47:43 +0000 Subject: [PATCH 21/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 70d6ff1..cc9a70a 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.25p1 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -196,6 +196,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Sun Feb 03 2019 Fedora Release Engineering - 1.8.25p1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Mon Oct 01 2018 Radovan Sroka 1.8.25p1-1 - rebase sudo to 1.8.25p1 From 906c92082e96954c7c06becd9e5f2dcf0d9a797a Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 11 Mar 2019 12:32:44 +0100 Subject: [PATCH 22/84] Rebase sudo to 1.8.27 --- .gitignore | 1 + sources | 2 +- sudo.spec | 7 +++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5199bbf..96963ea 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /sudo-1.8.23.tar.gz /sudo-1.8.25.tar.gz /sudo-1.8.25p1.tar.gz +/sudo-1.8.27.tar.gz diff --git a/sources b/sources index 4a345d9..c04905d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.25p1.tar.gz) = b1445be688d3c1dd7efbdfab68977a7a9b6fd6887191dc99ca717117eec0a550492642556cd55ca5873d054ddc5ccc2b87b2c34602e1ffc729ab6fbc4e523a72 +SHA512 (sudo-1.8.27.tar.gz) = 0480def650ab880ab9e6c51c606a06897fd638f0381e99c038f5aa47d064aaa2fb35b73eee7f86e73185e18d5dbb8b6ba49c616b1785a1edb2dd6d7b2fa4fcac diff --git a/sudo.spec b/sudo.spec index cc9a70a..f7c56fc 100644 --- a/sudo.spec +++ b/sudo.spec @@ -2,8 +2,8 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.25p1 -Release: 2%{?dist} +Version: 1.8.27 +Release: 1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -196,6 +196,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Mon Mar 11 2019 Radovan Sroka 1.8.27-1 +- rebase sudo to 1.8.27 + * Sun Feb 03 2019 Fedora Release Engineering - 1.8.25p1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 5ee35457d5f1286465c683f6fd8c6e15c18c41e9 Mon Sep 17 00:00:00 2001 From: Marek Tamaskovic Date: Sun, 31 Mar 2019 11:53:51 +0200 Subject: [PATCH 23/84] Edit sudoers resolves rhbz#1676925 --- sudo.spec | 6 +++++- sudoers | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/sudo.spec b/sudo.spec index f7c56fc..19e1e61 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.27 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -196,6 +196,10 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 +- resolves rhbz#1676925 +- Removed PS1, PS2 from sudoers + * Mon Mar 11 2019 Radovan Sroka 1.8.27-1 - rebase sudo to 1.8.27 diff --git a/sudoers b/sudoers index 17afb17..9d57af5 100644 --- a/sudoers +++ b/sudoers @@ -56,7 +56,7 @@ Defaults !visiblepw Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" -Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "MAIL QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" From 14fb2d74323e2b35d0d6f4a6511eb873550af4d6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jul 2019 00:22:59 +0000 Subject: [PATCH 24/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 19e1e61..2970bf7 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.27 -Release: 2%{?dist} +Release: 3%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -196,6 +196,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Sat Jul 27 2019 Fedora Release Engineering - 1.8.27-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 - resolves rhbz#1676925 - Removed PS1, PS2 from sudoers From 4e850fe0545246403704ad94fe3968cfed0aa487 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 15 Oct 2019 13:55:07 +0200 Subject: [PATCH 25/84] Rebase to 1.8.28 Resolves: rhbz#1761533 - set always_set_home by default Resolves: rhbz#1728687 - Sync sudoers options from rhel8 to fedora Resolves: rhbz#1761781 - CVE-2019-14287 Resolves: rhbz#1761584 --- .gitignore | 1 + sources | 2 +- sudo.spec | 16 ++++++++++++---- sudoers | 28 ++++++++++++++++++++++++++-- 4 files changed, 40 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 96963ea..7cafc1c 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ /sudo-1.8.25.tar.gz /sudo-1.8.25p1.tar.gz /sudo-1.8.27.tar.gz +/sudo-1.8.28.tar.gz diff --git a/sources b/sources index c04905d..68032d5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.27.tar.gz) = 0480def650ab880ab9e6c51c606a06897fd638f0381e99c038f5aa47d064aaa2fb35b73eee7f86e73185e18d5dbb8b6ba49c616b1785a1edb2dd6d7b2fa4fcac +SHA512 (sudo-1.8.28.tar.gz) = 09e589cdfd18d7c43b0859a0e11c008b3cb995ae4f8c89c717c5242db9e5696361eb574ebe74a0b5316afffb3a8037f7a7f3c249176e8ed9caffeb4cd860ddc7 diff --git a/sudo.spec b/sudo.spec index 4a1682a..f8b8822 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,9 +1,7 @@ -%global user millert - Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.27 -Release: 3%{?dist} +Version: 1.8.28 +Release: 1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -191,6 +189,16 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Tue Oct 15 2019 Radovan Sroka - 1.8.28-1 +- rebase to 1.8.28 +Resolves: rhbz#1761533 +- set always_set_home by default +Resolves: rhbz#1728687 +- Sync sudoers options from rhel8 to fedora +Resolves: rhbz#1761781 +- CVE-2019-14287 +Resolves: rhbz#1761584 + * Sat Jul 27 2019 Fedora Release Engineering - 1.8.27-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sudoers b/sudoers index 9d57af5..e68d56c 100644 --- a/sudoers +++ b/sudoers @@ -30,7 +30,7 @@ # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum ## Services -# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig +# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable ## Updating the locate database # Cmnd_Alias LOCATE = /usr/bin/updatedb @@ -54,13 +54,37 @@ # Defaults !visiblepw +# +# Preserving HOME has security implications since many programs +# use it when searching for configuration files. Note that HOME +# is already set when the the env_reset option is enabled, so +# this option is only effective for configurations where either +# env_reset is disabled or HOME is present in the env_keep list. +# +Defaults always_set_home +Defaults match_group_by_gid + +# Prior to version 1.8.15, groups listed in sudoers that were not +# found in the system group database were passed to the group +# plugin, if any. Starting with 1.8.15, only groups of the form +# %:group are resolved via the group plugin by default. +# We enable always_query_group_plugin to restore old behavior. +# Disable this option for new behavior. +Defaults always_query_group_plugin + Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" -Defaults env_keep += "MAIL QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" +# +# Adding HOME to env_keep may enable a user to run unrestricted +# commands via sudo. +# +# Defaults env_keep += "HOME" + Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ## Next comes the main part: which users can run what software on From cd84c5542cc481dd382f50720572fd350462c0e1 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 15 Oct 2019 14:05:33 +0200 Subject: [PATCH 26/84] Remove PS1 and PS2 from env_keep This was removed with in rhel8 -> fedora sync --- sudoers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudoers b/sudoers index e68d56c..29775ad 100644 --- a/sudoers +++ b/sudoers @@ -74,7 +74,7 @@ Defaults always_query_group_plugin Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" -Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "MAIL QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" From aebc79494c9dc133d0f7c64173330ec5f9bcff4e Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 22 Oct 2019 14:18:07 +0200 Subject: [PATCH 27/84] Rebase to 1.8.28p1 Resolves: rhbz#176235 --- .gitignore | 1 + sources | 2 +- sudo.spec | 6 +++++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7cafc1c..990cfee 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ /sudo-1.8.25p1.tar.gz /sudo-1.8.27.tar.gz /sudo-1.8.28.tar.gz +/sudo-1.8.28p1.tar.gz diff --git a/sources b/sources index 68032d5..e2745d3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.28.tar.gz) = 09e589cdfd18d7c43b0859a0e11c008b3cb995ae4f8c89c717c5242db9e5696361eb574ebe74a0b5316afffb3a8037f7a7f3c249176e8ed9caffeb4cd860ddc7 +SHA512 (sudo-1.8.28p1.tar.gz) = bda3de34c15fbb68fc29759542295560ccc1562b419d03709cea51613937e9b92ba689c79c3ef4858aeea90d3d1a4dc0148225b11b22cf82395ae1bad8cb1734 diff --git a/sudo.spec b/sudo.spec index f8b8822..5069365 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.28 +Version: 1.8.28p1 Release: 1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ @@ -189,6 +189,10 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Tue Oct 22 2019 Radovan Sroka - 1.8.28p1-1 +- rebase to 1.8.28p1 +Resolves: rhbz#1762350 + * Tue Oct 15 2019 Radovan Sroka - 1.8.28-1 - rebase to 1.8.28 Resolves: rhbz#1761533 From 514d3fed7f0bb14fda33f27452187846e8f13993 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 11 Nov 2019 15:57:10 +0100 Subject: [PATCH 28/84] Rebase to 1.8.29 Resolves: rhbz#1766233 --- .gitignore | 1 + sources | 2 +- sudo.spec | 6 +++++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 990cfee..cac4495 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ /sudo-1.8.27.tar.gz /sudo-1.8.28.tar.gz /sudo-1.8.28p1.tar.gz +/sudo-1.8.29.tar.gz diff --git a/sources b/sources index e2745d3..d6aec86 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.28p1.tar.gz) = bda3de34c15fbb68fc29759542295560ccc1562b419d03709cea51613937e9b92ba689c79c3ef4858aeea90d3d1a4dc0148225b11b22cf82395ae1bad8cb1734 +SHA512 (sudo-1.8.29.tar.gz) = ea780922b2afb47df4df4b533fb355fd916cb18a6bfd13c7ca36a25b03ef585d805648c6fa85692bea363b1f83664ac3bc622f99bcd149b3a86f70522eb4d340 diff --git a/sudo.spec b/sudo.spec index 5069365..c264151 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.28p1 +Version: 1.8.29 Release: 1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ @@ -189,6 +189,10 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Mon Nov 11 2019 Radovan Sroka - 1.8.29-1 +- rebase to 1.8.29 +Resolves: rhbz#1766233 + * Tue Oct 22 2019 Radovan Sroka - 1.8.28p1-1 - rebase to 1.8.28p1 Resolves: rhbz#1762350 From 709fe6b2d887ef4d00f101b75bfe11d317d6eb52 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 31 Jan 2020 00:29:35 +0000 Subject: [PATCH 29/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index c264151..f929cc0 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.29 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -189,6 +189,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Fri Jan 31 2020 Fedora Release Engineering - 1.8.29-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Mon Nov 11 2019 Radovan Sroka - 1.8.29-1 - rebase to 1.8.29 Resolves: rhbz#1766233 From 19b1d360de3b019307554190e9b54824b6818a00 Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 3 Mar 2020 12:48:10 +0100 Subject: [PATCH 30/84] Update to latest development version 1.9.0b1 --- .gitignore | 1 + sources | 2 +- sudo.spec | 32 ++++++++++++++++++++++++++++---- 3 files changed, 30 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index cac4495..0afd98f 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /sudo-1.8.28.tar.gz /sudo-1.8.28p1.tar.gz /sudo-1.8.29.tar.gz +/sudo-1.9.0b1.tar.gz diff --git a/sources b/sources index d6aec86..0811552 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.8.29.tar.gz) = ea780922b2afb47df4df4b533fb355fd916cb18a6bfd13c7ca36a25b03ef585d805648c6fa85692bea363b1f83664ac3bc622f99bcd149b3a86f70522eb4d340 +SHA512 (sudo-1.9.0b1.tar.gz) = 7459d398514b54c6898a3eaebca141f39af661cda51c007e068bea1cc1860df1bc66ea13c752da8f6bf3d574ba92e337874b20279e1400cfea99982a469f5435 diff --git a/sudo.spec b/sudo.spec index f929cc0..149038d 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,10 +1,10 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.8.29 -Release: 2%{?dist} +Version: 1.9.0 +Release: 0.1.b1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz Source1: sudoers Requires: pam Recommends: vim-minimal @@ -45,7 +45,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q +%setup -q -n sudo-1.9.0b1 %patch1 -p1 -b .strip @@ -152,6 +152,7 @@ EOF %config(noreplace) /etc/pam.d/sudo-i %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf %attr(0644,root,root) /etc/dnf/protected.d/sudo.conf +%attr(0644,root,root) /etc/sudo.conf %dir /var/db/sudo %dir /var/db/sudo/lectured %attr(4111,root,root) %{_bindir}/sudo @@ -160,6 +161,8 @@ EOF %attr(0755,root,root) %{_sbindir}/visudo %{_bindir}/cvtsudoers %dir %{_libexecdir}/sudo +%attr(0755,root,root) %{_sbindir}/sudo_logsrvd +%attr(0755,root,root) %{_sbindir}/sudo_sendlog %attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so @@ -177,6 +180,11 @@ EOF %{_mandir}/man8/visudo.8* %{_mandir}/man1/cvtsudoers.1.gz %{_mandir}/man5/sudoers_timestamp.5.gz +%{_mandir}/man5/sudo_logsrv.proto.5.gz +%{_mandir}/man5/sudo_logsrvd.conf.5.gz +%{_mandir}/man8/sudo_logsrvd.8.gz +%{_mandir}/man8/sudo_plugin_python.8.gz +%{_mandir}/man8/sudo_sendlog.8.gz %dir %{_pkgdocdir}/ %{_pkgdocdir}/* %{!?_licensedir:%global license %%doc} @@ -189,6 +197,22 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 +- update to latest development version 1.9.0b1 +- added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages +Resolves: rhbz#1787823 +- Stack based buffer overflow in when pwfeedback is enabled +Resolves: rhbz#1796945 +- fixes: CVE-2019-18634 +- By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account +Resolves: rhbz#1786709 +- fixes CVE-2019-19234 +- attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user +Resolves: rhbz#1786705 +- fixes CVE-2019-19232 +- setrlimit(RLIMIT_CORE): Operation not permitted warning message fix +Resolves: rhbz#1773148 + * Fri Jan 31 2020 Fedora Release Engineering - 1.8.29-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 94269e7c2044623024151e5ca41dfdb6cc35233f Mon Sep 17 00:00:00 2001 From: Jens Petersen Date: Tue, 24 Mar 2020 17:24:41 +0800 Subject: [PATCH 31/84] update to 1.9.0b4 --- sudo.spec | 49 ++++++++++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/sudo.spec b/sudo.spec index 149038d..b55d7a7 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,14 +1,16 @@ +%global patchlevel b4 +%global upstream_version %{version}%{patchlevel} + Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.0 -Release: 0.1.b1%{?dist} +Release: 0.1.%{patchlevel}%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{upstream_version}.tar.gz Source1: sudoers Requires: pam Recommends: vim-minimal -Requires(post): coreutils BuildRequires: pam-devel BuildRequires: groff @@ -45,7 +47,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n sudo-1.9.0b1 +%setup -q -n %{name}-%{upstream_version} %patch1 -p1 -b .strip @@ -92,7 +94,7 @@ make check rm -rf $RPM_BUILD_ROOT make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` -chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* +chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d @@ -166,7 +168,9 @@ EOF %attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so +%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so +%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? @@ -197,13 +201,17 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Tue Mar 24 2020 Jens Petersen - 1.9.0-0.1.b4 +- update to 1.9.0 beta4 +- https://www.sudo.ws/pipermail/sudo-workers/2020-March/001279.html + * Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 - update to latest development version 1.9.0b1 - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 -- fixes: CVE-2019-18634 +- fixes: CVE-2019-18634 - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 - fixes CVE-2019-19234 @@ -239,7 +247,7 @@ Resolves: rhbz#1761584 * Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 - resolves rhbz#1676925 -- Removed PS1, PS2 from sudoers +- Removed PS1, PS2 from sudoers * Mon Mar 11 2019 Radovan Sroka 1.8.27-1 - rebase sudo to 1.8.27 @@ -275,7 +283,7 @@ Resolves: rhbz#1761584 * Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 - update to 1.8.21p2 -- Moved libsudo_util.so from the -devel sub-package to main package (1481225) +- Moved libsudo_util.so from the -devel sub-package to main package (1481225) * Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 - replace file-based requirements with package-level ones: @@ -364,7 +372,7 @@ Resolves: rhbz#1761584 * Mon Aug 24 2015 Radovan Sroka 1.8.14p3-2 - add patch that resolves initialization problem before sudo_strsplit call -- add patch that resolves deadcode in visudo.c +- add patch that resolves deadcode in visudo.c - add patch that removes extra while in visudo.c and sudoers.c * Mon Jul 27 2015 Radovan Sroka 1.8.14p3-1 @@ -400,9 +408,9 @@ Resolves: rhbz#1761584 - major changes & fixes: - when running a command in the background, sudo will now forward SIGINFO to the command - - the passwords in ldap.conf and ldap.secret may now be encoded in base64. + - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - SELinux role changes are now audited. For sudoedit, we now audit - the actual editor being run, instead of just the sudoedit command. + the actual editor being run, instead of just the sudoedit command. - it is now possible to match an environment variable's value as well as its name using env_keep and env_check - new files created via sudoedit as a non-root user now have the proper group id @@ -502,7 +510,7 @@ Resolves: rhbz#1761584 * Thu May 17 2012 Daniel Kopecek - 1.8.5-1 - update to 1.8.5 - fixed CVE-2012-2337 -- temporarily disabled SSSD support +- temporarily disabled SSSD support * Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 - fixed problems with undefined symbols (rhbz#798517) @@ -521,7 +529,7 @@ Resolves: rhbz#1761584 * Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 - update to 1.8.3p1 -- disable output word wrapping if the output is piped +- disable output word wrapping if the output is piped * Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 - Remove execute bit from sample script in docs so we don't pull in perl @@ -656,7 +664,7 @@ Resolves: rhbz#1761584 - sparc64 needs to be in the -fPIE list with s390 * Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 -- fix complains about audit_log_user_command(): Connection +- fix complains about audit_log_user_command(): Connection refused (#401201) * Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 @@ -758,7 +766,7 @@ Resolves: rhbz#1761584 - rebuild * Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 -- added missing BuildRequires for libselinux-devel (#132883) +- added missing BuildRequires for libselinux-devel (#132883) * Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 - Fix missing param error in sesh @@ -785,7 +793,7 @@ Resolves: rhbz#1761584 exec of child with SELinux patch * Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 -- change to default to sysadm_r +- change to default to sysadm_r - Fix tty handling * Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 @@ -793,7 +801,7 @@ Resolves: rhbz#1761584 - replace /bin/bash -c with /bin/sesh * Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 -- Hard code to use "/bin/bash -c" for selinux +- Hard code to use "/bin/bash -c" for selinux * Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 - Eliminate closing and reopening of terminals, to match su. @@ -818,7 +826,7 @@ Resolves: rhbz#1761584 - Fix is_selinux_enabled call * Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 -- Clean up patch on failure +- Clean up patch on failure * Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 - Remove sudo.te for now. @@ -941,7 +949,7 @@ Resolves: rhbz#1761584 - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) * Thu Oct 08 1998 Michael Maher -- built package for 5.2 +- built package for 5.2 * Mon May 18 1998 Michael Maher - updated SPEC file @@ -953,10 +961,9 @@ Resolves: rhbz#1761584 - built for glibc, no problems * Fri Apr 25 1997 Michael Fulbright -- Fixed for 4.2 PowerTools +- Fixed for 4.2 PowerTools - Still need to be pamified - Still need to move stmp file to /var/log * Mon Feb 17 1997 Michael Fulbright - First version for PowerCD. - From bb269d08fa5b3d7d47e25cf5fd706d5ca7a6685d Mon Sep 17 00:00:00 2001 From: alakatos Date: Wed, 25 Mar 2020 16:10:12 +0100 Subject: [PATCH 32/84] Revert "update to 1.9.0b4" This reverts commit 94269e7c2044623024151e5ca41dfdb6cc35233f. --- sudo.spec | 49 +++++++++++++++++++++---------------------------- 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/sudo.spec b/sudo.spec index b55d7a7..149038d 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,16 +1,14 @@ -%global patchlevel b4 -%global upstream_version %{version}%{patchlevel} - Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.0 -Release: 0.1.%{patchlevel}%{?dist} +Release: 0.1.b1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{upstream_version}.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz Source1: sudoers Requires: pam Recommends: vim-minimal +Requires(post): coreutils BuildRequires: pam-devel BuildRequires: groff @@ -47,7 +45,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n %{name}-%{upstream_version} +%setup -q -n sudo-1.9.0b1 %patch1 -p1 -b .strip @@ -94,7 +92,7 @@ make check rm -rf $RPM_BUILD_ROOT make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` -chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* +chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d @@ -168,9 +166,7 @@ EOF %attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so -%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so -%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? @@ -201,17 +197,13 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog -* Tue Mar 24 2020 Jens Petersen - 1.9.0-0.1.b4 -- update to 1.9.0 beta4 -- https://www.sudo.ws/pipermail/sudo-workers/2020-March/001279.html - * Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 - update to latest development version 1.9.0b1 - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823 - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 -- fixes: CVE-2019-18634 +- fixes: CVE-2019-18634 - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 - fixes CVE-2019-19234 @@ -247,7 +239,7 @@ Resolves: rhbz#1761584 * Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 - resolves rhbz#1676925 -- Removed PS1, PS2 from sudoers +- Removed PS1, PS2 from sudoers * Mon Mar 11 2019 Radovan Sroka 1.8.27-1 - rebase sudo to 1.8.27 @@ -283,7 +275,7 @@ Resolves: rhbz#1761584 * Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 - update to 1.8.21p2 -- Moved libsudo_util.so from the -devel sub-package to main package (1481225) +- Moved libsudo_util.so from the -devel sub-package to main package (1481225) * Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 - replace file-based requirements with package-level ones: @@ -372,7 +364,7 @@ Resolves: rhbz#1761584 * Mon Aug 24 2015 Radovan Sroka 1.8.14p3-2 - add patch that resolves initialization problem before sudo_strsplit call -- add patch that resolves deadcode in visudo.c +- add patch that resolves deadcode in visudo.c - add patch that removes extra while in visudo.c and sudoers.c * Mon Jul 27 2015 Radovan Sroka 1.8.14p3-1 @@ -408,9 +400,9 @@ Resolves: rhbz#1761584 - major changes & fixes: - when running a command in the background, sudo will now forward SIGINFO to the command - - the passwords in ldap.conf and ldap.secret may now be encoded in base64. + - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - SELinux role changes are now audited. For sudoedit, we now audit - the actual editor being run, instead of just the sudoedit command. + the actual editor being run, instead of just the sudoedit command. - it is now possible to match an environment variable's value as well as its name using env_keep and env_check - new files created via sudoedit as a non-root user now have the proper group id @@ -510,7 +502,7 @@ Resolves: rhbz#1761584 * Thu May 17 2012 Daniel Kopecek - 1.8.5-1 - update to 1.8.5 - fixed CVE-2012-2337 -- temporarily disabled SSSD support +- temporarily disabled SSSD support * Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 - fixed problems with undefined symbols (rhbz#798517) @@ -529,7 +521,7 @@ Resolves: rhbz#1761584 * Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 - update to 1.8.3p1 -- disable output word wrapping if the output is piped +- disable output word wrapping if the output is piped * Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 - Remove execute bit from sample script in docs so we don't pull in perl @@ -664,7 +656,7 @@ Resolves: rhbz#1761584 - sparc64 needs to be in the -fPIE list with s390 * Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 -- fix complains about audit_log_user_command(): Connection +- fix complains about audit_log_user_command(): Connection refused (#401201) * Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 @@ -766,7 +758,7 @@ Resolves: rhbz#1761584 - rebuild * Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 -- added missing BuildRequires for libselinux-devel (#132883) +- added missing BuildRequires for libselinux-devel (#132883) * Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 - Fix missing param error in sesh @@ -793,7 +785,7 @@ Resolves: rhbz#1761584 exec of child with SELinux patch * Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 -- change to default to sysadm_r +- change to default to sysadm_r - Fix tty handling * Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 @@ -801,7 +793,7 @@ Resolves: rhbz#1761584 - replace /bin/bash -c with /bin/sesh * Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 -- Hard code to use "/bin/bash -c" for selinux +- Hard code to use "/bin/bash -c" for selinux * Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 - Eliminate closing and reopening of terminals, to match su. @@ -826,7 +818,7 @@ Resolves: rhbz#1761584 - Fix is_selinux_enabled call * Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 -- Clean up patch on failure +- Clean up patch on failure * Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 - Remove sudo.te for now. @@ -949,7 +941,7 @@ Resolves: rhbz#1761584 - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) * Thu Oct 08 1998 Michael Maher -- built package for 5.2 +- built package for 5.2 * Mon May 18 1998 Michael Maher - updated SPEC file @@ -961,9 +953,10 @@ Resolves: rhbz#1761584 - built for glibc, no problems * Fri Apr 25 1997 Michael Fulbright -- Fixed for 4.2 PowerTools +- Fixed for 4.2 PowerTools - Still need to be pamified - Still need to move stmp file to /var/log * Mon Feb 17 1997 Michael Fulbright - First version for PowerCD. + From 8fc22fffbc522c3baf214250a8814a9c28513e56 Mon Sep 17 00:00:00 2001 From: alakatos Date: Wed, 25 Mar 2020 16:47:47 +0100 Subject: [PATCH 33/84] Update to latest development version 1.9.0b4 Resolves: rhbz#1816593 --- .gitignore | 1 + sources | 2 +- sudo.spec | 15 ++++++++++++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 0afd98f..4aa0b81 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ /sudo-1.8.28p1.tar.gz /sudo-1.8.29.tar.gz /sudo-1.9.0b1.tar.gz +/sudo-1.9.0b4.tar.gz diff --git a/sources b/sources index 0811552..e6aeaa0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.0b1.tar.gz) = 7459d398514b54c6898a3eaebca141f39af661cda51c007e068bea1cc1860df1bc66ea13c752da8f6bf3d574ba92e337874b20279e1400cfea99982a469f5435 +SHA512 (sudo-1.9.0b4.tar.gz) = 8f9da58ebb53d751746e8b271d9089a98cbbeb6e82691c3905c5ac11255bc70c7f467c0097d8dab2980fd94ffb8c438d03326f1bc98f0b580ec6e5b06227f559 diff --git a/sudo.spec b/sudo.spec index 149038d..34f0d33 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,10 +1,13 @@ +%global patchlevel b4 +%global upstream_version %{version}%{patchlevel} + Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.0 -Release: 0.1.b1%{?dist} +Release: 0.1.%{patchlevel}%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{version}b1.tar.gz +Source0: https://www.sudo.ws/dist/beta/%{name}-%{upstream_version}.tar.gz Source1: sudoers Requires: pam Recommends: vim-minimal @@ -45,7 +48,7 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n sudo-1.9.0b1 +%setup -q -n %{name}-%{upstream_version} %patch1 -p1 -b .strip @@ -166,7 +169,9 @@ EOF %attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so +%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so +%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? @@ -197,6 +202,10 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Wed Mar 25 2020 Attila Lakatos - 1.9.0-0.1.b4 +- update to latest development version 1.9.0b4 +Resolves: rhbz#1816593 + * Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 - update to latest development version 1.9.0b1 - added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages From 5d1ef1f39f1a21269e9f81cb0f143afb10b0fb6a Mon Sep 17 00:00:00 2001 From: Jens Petersen Date: Thu, 26 Mar 2020 18:53:05 +0800 Subject: [PATCH 34/84] remove trailing whitespaces --- sudo.spec | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/sudo.spec b/sudo.spec index 34f0d33..613bf89 100644 --- a/sudo.spec +++ b/sudo.spec @@ -95,7 +95,7 @@ make check rm -rf $RPM_BUILD_ROOT make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` -chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* +chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d @@ -212,7 +212,7 @@ Resolves: rhbz#1816593 Resolves: rhbz#1787823 - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945 -- fixes: CVE-2019-18634 +- fixes: CVE-2019-18634 - By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709 - fixes CVE-2019-19234 @@ -248,7 +248,7 @@ Resolves: rhbz#1761584 * Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 - resolves rhbz#1676925 -- Removed PS1, PS2 from sudoers +- Removed PS1, PS2 from sudoers * Mon Mar 11 2019 Radovan Sroka 1.8.27-1 - rebase sudo to 1.8.27 @@ -284,7 +284,7 @@ Resolves: rhbz#1761584 * Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 - update to 1.8.21p2 -- Moved libsudo_util.so from the -devel sub-package to main package (1481225) +- Moved libsudo_util.so from the -devel sub-package to main package (1481225) * Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 - replace file-based requirements with package-level ones: @@ -373,7 +373,7 @@ Resolves: rhbz#1761584 * Mon Aug 24 2015 Radovan Sroka 1.8.14p3-2 - add patch that resolves initialization problem before sudo_strsplit call -- add patch that resolves deadcode in visudo.c +- add patch that resolves deadcode in visudo.c - add patch that removes extra while in visudo.c and sudoers.c * Mon Jul 27 2015 Radovan Sroka 1.8.14p3-1 @@ -409,9 +409,9 @@ Resolves: rhbz#1761584 - major changes & fixes: - when running a command in the background, sudo will now forward SIGINFO to the command - - the passwords in ldap.conf and ldap.secret may now be encoded in base64. + - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - SELinux role changes are now audited. For sudoedit, we now audit - the actual editor being run, instead of just the sudoedit command. + the actual editor being run, instead of just the sudoedit command. - it is now possible to match an environment variable's value as well as its name using env_keep and env_check - new files created via sudoedit as a non-root user now have the proper group id @@ -511,7 +511,7 @@ Resolves: rhbz#1761584 * Thu May 17 2012 Daniel Kopecek - 1.8.5-1 - update to 1.8.5 - fixed CVE-2012-2337 -- temporarily disabled SSSD support +- temporarily disabled SSSD support * Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 - fixed problems with undefined symbols (rhbz#798517) @@ -530,7 +530,7 @@ Resolves: rhbz#1761584 * Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 - update to 1.8.3p1 -- disable output word wrapping if the output is piped +- disable output word wrapping if the output is piped * Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 - Remove execute bit from sample script in docs so we don't pull in perl @@ -665,7 +665,7 @@ Resolves: rhbz#1761584 - sparc64 needs to be in the -fPIE list with s390 * Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 -- fix complains about audit_log_user_command(): Connection +- fix complains about audit_log_user_command(): Connection refused (#401201) * Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 @@ -767,7 +767,7 @@ Resolves: rhbz#1761584 - rebuild * Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 -- added missing BuildRequires for libselinux-devel (#132883) +- added missing BuildRequires for libselinux-devel (#132883) * Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 - Fix missing param error in sesh @@ -794,7 +794,7 @@ Resolves: rhbz#1761584 exec of child with SELinux patch * Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 -- change to default to sysadm_r +- change to default to sysadm_r - Fix tty handling * Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 @@ -802,7 +802,7 @@ Resolves: rhbz#1761584 - replace /bin/bash -c with /bin/sesh * Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 -- Hard code to use "/bin/bash -c" for selinux +- Hard code to use "/bin/bash -c" for selinux * Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 - Eliminate closing and reopening of terminals, to match su. @@ -827,7 +827,7 @@ Resolves: rhbz#1761584 - Fix is_selinux_enabled call * Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 -- Clean up patch on failure +- Clean up patch on failure * Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 - Remove sudo.te for now. @@ -950,7 +950,7 @@ Resolves: rhbz#1761584 - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) * Thu Oct 08 1998 Michael Maher -- built package for 5.2 +- built package for 5.2 * Mon May 18 1998 Michael Maher - updated SPEC file @@ -962,10 +962,9 @@ Resolves: rhbz#1761584 - built for glibc, no problems * Fri Apr 25 1997 Michael Fulbright -- Fixed for 4.2 PowerTools +- Fixed for 4.2 PowerTools - Still need to be pamified - Still need to move stmp file to /var/log * Mon Feb 17 1997 Michael Fulbright - First version for PowerCD. - From 72a557140c58070edcc5a7382baa7758d98f3c94 Mon Sep 17 00:00:00 2001 From: Jens Petersen Date: Thu, 26 Mar 2020 18:53:44 +0800 Subject: [PATCH 35/84] upstream patch for setrlimit(RLIMIT_CORE) rootless container warnings (#1773148) --- sudo-1.9-RLIMIT_CORE.patch | 149 +++++++++++++++++++++++++++++++++++++ sudo.spec | 7 +- 2 files changed, 154 insertions(+), 2 deletions(-) create mode 100644 sudo-1.9-RLIMIT_CORE.patch diff --git a/sudo-1.9-RLIMIT_CORE.patch b/sudo-1.9-RLIMIT_CORE.patch new file mode 100644 index 0000000..28027c4 --- /dev/null +++ b/sudo-1.9-RLIMIT_CORE.patch @@ -0,0 +1,149 @@ + changeset 12288:1064b906ca68 + +Ignore a failure to restore the RLIMIT_CORE resource limit. +Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY +if we set the limit to zero, even for root. This is not a problem +outside the container. +author Todd C. Miller +date Sat, 14 Mar 2020 11:13:55 -0600 +parents 72ca06a294b4 +children 40629e6fd692 +files src/limits.c +diffstat 1 files changed, 61 insertions(+), 10 deletions(-) [+] +line wrap: on + line diff + +--- a/src/limits.c Thu Mar 12 17:39:56 2020 -0600 ++++ b/src/limits.c Sat Mar 14 11:13:55 2020 -0600 +@@ -114,13 +114,21 @@ + + if (getrlimit(RLIMIT_CORE, &corelimit) == -1) + sudo_warn("getrlimit(RLIMIT_CORE)"); ++ sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_CORE [%lld, %lld] -> [0, 0]", ++ (long long)corelimit.rlim_cur, (long long)corelimit.rlim_max); + if (setrlimit(RLIMIT_CORE, &rl) == -1) + sudo_warn("setrlimit(RLIMIT_CORE)"); + #ifdef __linux__ + /* On Linux, also set PR_SET_DUMPABLE to zero (reset by execve). */ +- if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) ++ if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)"); + dumpflag = 0; +- (void) prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); ++ } ++ if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); ++ } + #endif /* __linux__ */ + coredump_disabled = true; + +@@ -136,10 +144,20 @@ + debug_decl(restore_coredump, SUDO_DEBUG_UTIL); + + if (coredump_disabled) { +- if (setrlimit(RLIMIT_CORE, &corelimit) == -1) +- sudo_warn("setrlimit(RLIMIT_CORE)"); ++ /* ++ * Linux containers don't allow RLIMIT_CORE to be set back to ++ * RLIM_INFINITY if we set the limit to zero, even for root. ++ */ ++ if (setrlimit(RLIMIT_CORE, &corelimit) == -1) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "setrlimit(RLIMIT_CORE, [%lld, %lld])", ++ (long long)corelimit.rlim_cur, (long long)corelimit.rlim_max); ++ } + #ifdef __linux__ +- (void) prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0); ++ if (prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0) == -1) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); ++ } + #endif /* __linux__ */ + } + debug_return; +@@ -162,8 +180,14 @@ + + if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0) + sudo_warn("getrlimit(RLIMIT_NPROC)"); ++ sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_NPROC [%lld, %lld] -> [inf, inf]", ++ (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max); + if (setrlimit(RLIMIT_NPROC, &rl) == -1) { + rl.rlim_cur = rl.rlim_max = nproclimit.rlim_max; ++ sudo_debug_printf(SUDO_DEBUG_INFO, ++ "RLIMIT_NPROC [%lld, %lld] -> [%lld, %lld]", ++ (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max, ++ (long long)rl.rlim_cur, (long long)rl.rlim_max); + if (setrlimit(RLIMIT_NPROC, &rl) != 0) + sudo_warn("setrlimit(RLIMIT_NPROC)"); + } +@@ -180,8 +204,11 @@ + #ifdef __linux__ + debug_decl(restore_nproc, SUDO_DEBUG_UTIL); + +- if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) +- sudo_warn("setrlimit(RLIMIT_NPROC)"); ++ if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "setrlimit(RLIMIT_NPROC, [%lld, %lld])", ++ (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max); ++ } + + debug_return; + #endif /* __linux__ */ +@@ -203,6 +230,11 @@ + struct saved_limit *lim = &saved_limits[idx]; + if (getrlimit(lim->resource, &lim->oldlimit) == -1) + continue; ++ sudo_debug_printf(SUDO_DEBUG_INFO, ++ "getrlimit(lim->name) -> [%lld, %lld]", ++ (long long)lim->oldlimit.rlim_cur, ++ (long long)lim->oldlimit.rlim_max); ++ + lim->saved = true; + if (lim->newlimit.rlim_cur != RLIM_INFINITY) { + /* Don't reduce the soft resource limit. */ +@@ -217,13 +249,28 @@ + lim->newlimit.rlim_max = lim->oldlimit.rlim_max; + } + if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { +- if (lim->fallback != NULL) +- rc = setrlimit(lim->resource, lim->fallback); ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "setrlimit(%s, [%lld, %lld])", lim->name, ++ (long long)lim->newlimit.rlim_cur, ++ (long long)lim->newlimit.rlim_max); ++ if (lim->fallback != NULL) { ++ if ((rc = setrlimit(lim->resource, lim->fallback)) == -1) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "setrlimit(%s, [%lld, %lld])", lim->name, ++ (long long)lim->fallback->rlim_cur, ++ (long long)lim->fallback->rlim_max); ++ } ++ } + if (rc == -1) { + /* Try setting new rlim_cur to old rlim_max. */ + lim->newlimit.rlim_cur = lim->oldlimit.rlim_max; + lim->newlimit.rlim_max = lim->oldlimit.rlim_max; +- rc = setrlimit(lim->resource, &lim->newlimit); ++ if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "setrlimit(%s, [%lld, %lld])", lim->name, ++ (long long)lim->newlimit.rlim_cur, ++ (long long)lim->newlimit.rlim_max); ++ } + } + if (rc == -1) + sudo_warn("setrlimit(%s)", lim->name); +@@ -254,6 +301,10 @@ + if (rc != -1 || errno != EINVAL) + break; + ++ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, ++ "setrlimit(%s, [%lld, %lld])", lim->name, ++ (long long)rl.rlim_cur, (long long)rl.rlim_max); ++ + /* + * Soft limit could be lower than current resource usage. + * This can be an issue on NetBSD with RLIMIT_STACK and ASLR. diff --git a/sudo.spec b/sudo.spec index 613bf89..bac08cd 100644 --- a/sudo.spec +++ b/sudo.spec @@ -27,6 +27,8 @@ BuildRequires: zlib-devel # don't strip Patch1: sudo-1.6.7p5-strip.patch +# https://www.sudo.ws/repos/sudo/rev/1064b906ca68 +Patch2: sudo-1.9-RLIMIT_CORE.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -51,6 +53,7 @@ plugins that use %{name}. %setup -q -n %{name}-%{upstream_version} %patch1 -p1 -b .strip +%patch2 -p1 -b .orig %build # Remove bundled copy of zlib @@ -205,6 +208,8 @@ EOF * Wed Mar 25 2020 Attila Lakatos - 1.9.0-0.1.b4 - update to latest development version 1.9.0b4 Resolves: rhbz#1816593 +- setrlimit(RLIMIT_CORE): Operation not permitted warning message fix +Resolves: rhbz#1773148 * Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 - update to latest development version 1.9.0b1 @@ -219,8 +224,6 @@ Resolves: rhbz#1786709 - attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user Resolves: rhbz#1786705 - fixes CVE-2019-19232 -- setrlimit(RLIMIT_CORE): Operation not permitted warning message fix -Resolves: rhbz#1773148 * Fri Jan 31 2020 Fedora Release Engineering - 1.8.29-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 306df891f5c3e911a02ad4d8d11e4e524f807efc Mon Sep 17 00:00:00 2001 From: alakatos Date: Fri, 10 Jul 2020 09:44:22 +0200 Subject: [PATCH 36/84] Rebase to 1.9.1 Resolves: rhbz#1848788 - fix rpmlint warnings Resolves: rhbz#1817139 --- .gitignore | 1 + sources | 2 +- sudo-1.9-RLIMIT_CORE.patch | 149 ------------------------------------- sudo.rpmlintrc | 16 ++++ sudo.spec | 26 ++++--- 5 files changed, 32 insertions(+), 162 deletions(-) delete mode 100644 sudo-1.9-RLIMIT_CORE.patch create mode 100644 sudo.rpmlintrc diff --git a/.gitignore b/.gitignore index 4aa0b81..e7db9cd 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /sudo-1.8.29.tar.gz /sudo-1.9.0b1.tar.gz /sudo-1.9.0b4.tar.gz +/sudo-1.9.1.tar.gz diff --git a/sources b/sources index e6aeaa0..35fc51b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.0b4.tar.gz) = 8f9da58ebb53d751746e8b271d9089a98cbbeb6e82691c3905c5ac11255bc70c7f467c0097d8dab2980fd94ffb8c438d03326f1bc98f0b580ec6e5b06227f559 +SHA512 (sudo-1.9.1.tar.gz) = 7994c7d8f020188eda51787bb5f6fe7668518cc89b711e7840470db7e5bac1219490ffccc73854fecb14ceb3ffaf0fc605f3438c87b83f27921ea3626365105c diff --git a/sudo-1.9-RLIMIT_CORE.patch b/sudo-1.9-RLIMIT_CORE.patch deleted file mode 100644 index 28027c4..0000000 --- a/sudo-1.9-RLIMIT_CORE.patch +++ /dev/null @@ -1,149 +0,0 @@ - changeset 12288:1064b906ca68 - -Ignore a failure to restore the RLIMIT_CORE resource limit. -Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY -if we set the limit to zero, even for root. This is not a problem -outside the container. -author Todd C. Miller -date Sat, 14 Mar 2020 11:13:55 -0600 -parents 72ca06a294b4 -children 40629e6fd692 -files src/limits.c -diffstat 1 files changed, 61 insertions(+), 10 deletions(-) [+] -line wrap: on - line diff - ---- a/src/limits.c Thu Mar 12 17:39:56 2020 -0600 -+++ b/src/limits.c Sat Mar 14 11:13:55 2020 -0600 -@@ -114,13 +114,21 @@ - - if (getrlimit(RLIMIT_CORE, &corelimit) == -1) - sudo_warn("getrlimit(RLIMIT_CORE)"); -+ sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_CORE [%lld, %lld] -> [0, 0]", -+ (long long)corelimit.rlim_cur, (long long)corelimit.rlim_max); - if (setrlimit(RLIMIT_CORE, &rl) == -1) - sudo_warn("setrlimit(RLIMIT_CORE)"); - #ifdef __linux__ - /* On Linux, also set PR_SET_DUMPABLE to zero (reset by execve). */ -- if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) -+ if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) { -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)"); - dumpflag = 0; -- (void) prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); -+ } -+ if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) { -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); -+ } - #endif /* __linux__ */ - coredump_disabled = true; - -@@ -136,10 +144,20 @@ - debug_decl(restore_coredump, SUDO_DEBUG_UTIL); - - if (coredump_disabled) { -- if (setrlimit(RLIMIT_CORE, &corelimit) == -1) -- sudo_warn("setrlimit(RLIMIT_CORE)"); -+ /* -+ * Linux containers don't allow RLIMIT_CORE to be set back to -+ * RLIM_INFINITY if we set the limit to zero, even for root. -+ */ -+ if (setrlimit(RLIMIT_CORE, &corelimit) == -1) { -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "setrlimit(RLIMIT_CORE, [%lld, %lld])", -+ (long long)corelimit.rlim_cur, (long long)corelimit.rlim_max); -+ } - #ifdef __linux__ -- (void) prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0); -+ if (prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0) == -1) { -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag); -+ } - #endif /* __linux__ */ - } - debug_return; -@@ -162,8 +180,14 @@ - - if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0) - sudo_warn("getrlimit(RLIMIT_NPROC)"); -+ sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_NPROC [%lld, %lld] -> [inf, inf]", -+ (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max); - if (setrlimit(RLIMIT_NPROC, &rl) == -1) { - rl.rlim_cur = rl.rlim_max = nproclimit.rlim_max; -+ sudo_debug_printf(SUDO_DEBUG_INFO, -+ "RLIMIT_NPROC [%lld, %lld] -> [%lld, %lld]", -+ (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max, -+ (long long)rl.rlim_cur, (long long)rl.rlim_max); - if (setrlimit(RLIMIT_NPROC, &rl) != 0) - sudo_warn("setrlimit(RLIMIT_NPROC)"); - } -@@ -180,8 +204,11 @@ - #ifdef __linux__ - debug_decl(restore_nproc, SUDO_DEBUG_UTIL); - -- if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) -- sudo_warn("setrlimit(RLIMIT_NPROC)"); -+ if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) { -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "setrlimit(RLIMIT_NPROC, [%lld, %lld])", -+ (long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max); -+ } - - debug_return; - #endif /* __linux__ */ -@@ -203,6 +230,11 @@ - struct saved_limit *lim = &saved_limits[idx]; - if (getrlimit(lim->resource, &lim->oldlimit) == -1) - continue; -+ sudo_debug_printf(SUDO_DEBUG_INFO, -+ "getrlimit(lim->name) -> [%lld, %lld]", -+ (long long)lim->oldlimit.rlim_cur, -+ (long long)lim->oldlimit.rlim_max); -+ - lim->saved = true; - if (lim->newlimit.rlim_cur != RLIM_INFINITY) { - /* Don't reduce the soft resource limit. */ -@@ -217,13 +249,28 @@ - lim->newlimit.rlim_max = lim->oldlimit.rlim_max; - } - if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { -- if (lim->fallback != NULL) -- rc = setrlimit(lim->resource, lim->fallback); -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "setrlimit(%s, [%lld, %lld])", lim->name, -+ (long long)lim->newlimit.rlim_cur, -+ (long long)lim->newlimit.rlim_max); -+ if (lim->fallback != NULL) { -+ if ((rc = setrlimit(lim->resource, lim->fallback)) == -1) { -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "setrlimit(%s, [%lld, %lld])", lim->name, -+ (long long)lim->fallback->rlim_cur, -+ (long long)lim->fallback->rlim_max); -+ } -+ } - if (rc == -1) { - /* Try setting new rlim_cur to old rlim_max. */ - lim->newlimit.rlim_cur = lim->oldlimit.rlim_max; - lim->newlimit.rlim_max = lim->oldlimit.rlim_max; -- rc = setrlimit(lim->resource, &lim->newlimit); -+ if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) { -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "setrlimit(%s, [%lld, %lld])", lim->name, -+ (long long)lim->newlimit.rlim_cur, -+ (long long)lim->newlimit.rlim_max); -+ } - } - if (rc == -1) - sudo_warn("setrlimit(%s)", lim->name); -@@ -254,6 +301,10 @@ - if (rc != -1 || errno != EINVAL) - break; - -+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, -+ "setrlimit(%s, [%lld, %lld])", lim->name, -+ (long long)rl.rlim_cur, (long long)rl.rlim_max); -+ - /* - * Soft limit could be lower than current resource usage. - * This can be an issue on NetBSD with RLIMIT_STACK and ASLR. diff --git a/sudo.rpmlintrc b/sudo.rpmlintrc new file mode 100644 index 0000000..d7c57d7 --- /dev/null +++ b/sudo.rpmlintrc @@ -0,0 +1,16 @@ +# Sudo allows restricted root access for specified users. In other words, +# it is a special package, which requires special permissions on on some +# of the installed files. +addFilter("missing-call-to-setgroups-before-setuid (/usr/bin/sudo|/usr/bin/sudoreplay|/usr/sbin/sudo_logsrvd|/usr/sbin/sudo_sendlog|/usr/libexec/sudo/sudoers.so|)$") + +addFilter("non-readable (/etc/sudo.conf|/etc/sudo_logsrvd.conf|/etc/sudoers|/usr/bin/sudoreplay) .*$") + +addFilter("non-standard-dir-perm (/etc/sudoers.d|/var/db/sudo|/var/db/sudo/lectured) .*$") + +addFilter("setuid-binary /usr/bin/sudo .*$") + +addFilter("non-standard-executable-perm (/usr/bin/sudo|/usr/bin/sudoreplay) .*$") + +addFilter("wrong-file-end-of-line-encoding /usr/share/doc/sudo/schema.ActiveDirectory$") + +addFilter("non-standard-dir-in-var db$") diff --git a/sudo.spec b/sudo.spec index bac08cd..af5f14d 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,13 +1,10 @@ -%global patchlevel b4 -%global upstream_version %{version}%{patchlevel} - Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.0 -Release: 0.1.%{patchlevel}%{?dist} +Version: 1.9.1 +Release: 1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/beta/%{name}-%{upstream_version}.tar.gz +Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source1: sudoers Requires: pam Recommends: vim-minimal @@ -27,8 +24,6 @@ BuildRequires: zlib-devel # don't strip Patch1: sudo-1.6.7p5-strip.patch -# https://www.sudo.ws/repos/sudo/rev/1064b906ca68 -Patch2: sudo-1.9-RLIMIT_CORE.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -50,10 +45,9 @@ The %{name}-devel package contains header files developing sudo plugins that use %{name}. %prep -%setup -q -n %{name}-%{upstream_version} +%setup -q %patch1 -p1 -b .strip -%patch2 -p1 -b .orig %build # Remove bundled copy of zlib @@ -152,13 +146,15 @@ EOF %files -f sudo_all.lang +%defattr(-,root,root) %attr(0440,root,root) %config(noreplace) /etc/sudoers %attr(0750,root,root) %dir /etc/sudoers.d/ %config(noreplace) /etc/pam.d/sudo %config(noreplace) /etc/pam.d/sudo-i %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf -%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf -%attr(0644,root,root) /etc/sudo.conf +%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf +%attr(0640,root,root) %config(noreplace) /etc/sudo.conf +%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf %dir /var/db/sudo %dir /var/db/sudo/lectured %attr(4111,root,root) %{_bindir}/sudo @@ -205,6 +201,12 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Wed Jul 08 2020 Attila Lakatos - 1.9.1-1 +- rebase to 1.9.1 +Resolves: rhbz#1848788 +- fix rpmlint errors +Resolves: rhbz#1817139 + * Wed Mar 25 2020 Attila Lakatos - 1.9.0-0.1.b4 - update to latest development version 1.9.0b4 Resolves: rhbz#1816593 From c5932df566ecf6acb9f85b8d71964ee41f7c2937 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 29 Jul 2020 11:37:20 +0000 Subject: [PATCH 37/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index af5f14d..560e0ef 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.1 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -201,6 +201,9 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Wed Jul 29 2020 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jul 08 2020 Attila Lakatos - 1.9.1-1 - rebase to 1.9.1 Resolves: rhbz#1848788 From 845456e9a79f728323f9f6d8927c5ac7f1481ed4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 1 Aug 2020 09:14:45 +0000 Subject: [PATCH 38/84] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 560e0ef..7381722 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.1 -Release: 2%{?dist} +Release: 3%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -201,6 +201,10 @@ EOF %{_mandir}/man8/sudo_plugin.8* %changelog +* Sat Aug 01 2020 Fedora Release Engineering - 1.9.1-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jul 29 2020 Fedora Release Engineering - 1.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 35c555c44a10f64ddf2ce568ccbe4e219034d893 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 15 Sep 2020 16:49:29 +0200 Subject: [PATCH 39/84] Rebase to 1.9.2 Resolves: rhbz#1859577 - added logsrvd subpackage - added openssl-devel buildrequires Resolves: rhbz#1860653 - fixed sudo runstatedir path - it was generated as /sudo instead of /run/sudo Resolves: rhbz#1868215 - added /var/lib/snapd/snap/bin to secure_path variable Resolves: rhbz#1691996 Signed-off-by: Radovan Sroka --- .gitignore | 1 + configure-runstatedir.patch | 43 ++++++++++++++++++++++++++++++++++ sources | 2 +- sudo.spec | 46 +++++++++++++++++++++++++++++-------- sudoers | 2 +- 5 files changed, 83 insertions(+), 11 deletions(-) create mode 100644 configure-runstatedir.patch diff --git a/.gitignore b/.gitignore index e7db9cd..4c5f1eb 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ /sudo-1.9.0b1.tar.gz /sudo-1.9.0b4.tar.gz /sudo-1.9.1.tar.gz +/sudo-1.9.2.tar.gz diff --git a/configure-runstatedir.patch b/configure-runstatedir.patch new file mode 100644 index 0000000..980e767 --- /dev/null +++ b/configure-runstatedir.patch @@ -0,0 +1,43 @@ +From 0d7a041f18c5016abb78b74f3cfa505797e704ee Mon Sep 17 00:00:00 2001 +From: Evan Anderson +Date: Sun, 6 Sep 2020 14:30:54 -0500 +Subject: [PATCH] configure: Fix runstatedir handling for distros that do not + support it + +runstatedir was added in yet-to-be released autoconf 2.70. Some distros +are shipping this addition in their autoconf packages, but others, such as Fedora, +are not. This causes the rundir variable to be set incorrectly if the configure script +is regenerated with an unpatched autoconf since the runstatedir variable set is deleted +after regeneration. This change works around that problem by checking that runstatedir +is non-empty before potentially using it to set the rundir variable +--- + configure | 2 +- + m4/sudo.m4 | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure b/configure +index 0f6ceb16c..2e0838e01 100755 +--- a/configure ++++ b/configure +@@ -26718,7 +26718,7 @@ EOF + $as_echo_n "checking for sudo run dir location... " >&6; } + if test -n "$with_rundir"; then + rundir="$with_rundir" +-elif test "$runstatedir" != '${localstatedir}/run'; then ++elif test -n "$runstatedir" && test "$runstatedir" != '${localstatedir}/run'; then + rundir="$runstatedir/sudo" + else + # No --with-rundir or --runstatedir specified +diff --git a/m4/sudo.m4 b/m4/sudo.m4 +index a5a972b3c..b3a40b208 100644 +--- a/m4/sudo.m4 ++++ b/m4/sudo.m4 +@@ -120,7 +120,7 @@ dnl + AC_DEFUN([SUDO_RUNDIR], [AC_MSG_CHECKING(for sudo run dir location) + if test -n "$with_rundir"; then + rundir="$with_rundir" +-elif test "$runstatedir" != '${localstatedir}/run'; then ++elif test -n "$runstatedir" && test "$runstatedir" != '${localstatedir}/run'; then + rundir="$runstatedir/sudo" + else + # No --with-rundir or --runstatedir specified diff --git a/sources b/sources index 35fc51b..5185f4c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.1.tar.gz) = 7994c7d8f020188eda51787bb5f6fe7668518cc89b711e7840470db7e5bac1219490ffccc73854fecb14ceb3ffaf0fc605f3438c87b83f27921ea3626365105c +SHA512 (sudo-1.9.2.tar.gz) = 20afdf2604b1c93395157382b24f225cd1ff88d3a892362e2d69fecd240c4e7171f05032c08be1778cd1dea6e460025e4241f57272fac0ea3550e220b6d73d21 diff --git a/sudo.spec b/sudo.spec index 7381722..050f34a 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.1 -Release: 3%{?dist} +Version: 1.9.2 +Release: 1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz @@ -24,6 +24,7 @@ BuildRequires: zlib-devel # don't strip Patch1: sudo-1.6.7p5-strip.patch +Patch2: configure-runstatedir.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -44,10 +45,22 @@ Requires: %{name} = %{version}-%{release} The %{name}-devel package contains header files developing sudo plugins that use %{name}. + +%package logsrvd +Summary: High-performance log server for %{name} +Requires: %{name} = %{version}-%{release} +BuildRequires: openssl-devel + + +%description logsrvd +%{name}-logsrvd is a high-performance log server that accepts event and I/O logs from sudo. +It can be used to implement centralized logging of sudo logs. + %prep %setup -q %patch1 -p1 -b .strip +%patch2 -p1 -b .runstatedir %build # Remove bundled copy of zlib @@ -67,6 +80,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --sbindir=%{_sbindir} \ --libdir=%{_libdir} \ --docdir=%{_pkgdocdir} \ + --enable-openssl \ --disable-root-mailer \ --with-logging=syslog \ --with-logfac=authpriv \ @@ -154,7 +168,6 @@ EOF %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf %attr(0640,root,root) %config(noreplace) /etc/sudo.conf -%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf %dir /var/db/sudo %dir /var/db/sudo/lectured %attr(4111,root,root) %{_bindir}/sudo @@ -163,8 +176,6 @@ EOF %attr(0755,root,root) %{_sbindir}/visudo %{_bindir}/cvtsudoers %dir %{_libexecdir}/sudo -%attr(0755,root,root) %{_sbindir}/sudo_logsrvd -%attr(0755,root,root) %{_sbindir}/sudo_sendlog %attr(0755,root,root) %{_libexecdir}/sudo/sesh %attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so @@ -184,11 +195,7 @@ EOF %{_mandir}/man8/visudo.8* %{_mandir}/man1/cvtsudoers.1.gz %{_mandir}/man5/sudoers_timestamp.5.gz -%{_mandir}/man5/sudo_logsrv.proto.5.gz -%{_mandir}/man5/sudo_logsrvd.conf.5.gz -%{_mandir}/man8/sudo_logsrvd.8.gz %{_mandir}/man8/sudo_plugin_python.8.gz -%{_mandir}/man8/sudo_sendlog.8.gz %dir %{_pkgdocdir}/ %{_pkgdocdir}/* %{!?_licensedir:%global license %%doc} @@ -200,7 +207,28 @@ EOF %{_includedir}/sudo_plugin.h %{_mandir}/man8/sudo_plugin.8* +%files logsrvd +%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf +%attr(0755,root,root) %{_sbindir}/sudo_logsrvd +%attr(0755,root,root) %{_sbindir}/sudo_sendlog +%{_mandir}/man5/sudo_logsrv.proto.5.gz +%{_mandir}/man5/sudo_logsrvd.conf.5.gz +%{_mandir}/man8/sudo_logsrvd.8.gz +%{_mandir}/man8/sudo_sendlog.8.gz + %changelog +* Tue Sep 15 2020 Radovan Sroka - 1.9.2-1 +- rebase to 1.9.2 +Resolves: rhbz#1859577 +- added logsrvd subpackage +- added openssl-devel buildrequires +Resolves: rhbz#1860653 +- fixed sudo runstatedir path +- it was generated as /sudo instead of /run/sudo +Resolves: rhbz#1868215 +- added /var/lib/snapd/snap/bin to secure_path variable +Resolves: rhbz#1691996 + * Sat Aug 01 2020 Fedora Release Engineering - 1.9.1-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sudoers b/sudoers index 29775ad..5f621a8 100644 --- a/sudoers +++ b/sudoers @@ -85,7 +85,7 @@ Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY # # Defaults env_keep += "HOME" -Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin ## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple From 68203ed1a2fac7aff1b57189e8c217db89e5fe4a Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 5 Oct 2020 13:34:24 +0200 Subject: [PATCH 40/84] Rebase to 1.9.3p1 Signed-off-by: Radovan Sroka --- .gitignore | 1 + configure-runstatedir.patch | 43 ------------------------------------- sources | 2 +- sudo.spec | 12 ++++++++--- 4 files changed, 11 insertions(+), 47 deletions(-) delete mode 100644 configure-runstatedir.patch diff --git a/.gitignore b/.gitignore index 4c5f1eb..cbf6389 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ /sudo-1.9.0b4.tar.gz /sudo-1.9.1.tar.gz /sudo-1.9.2.tar.gz +/sudo-1.9.3p1.tar.gz diff --git a/configure-runstatedir.patch b/configure-runstatedir.patch deleted file mode 100644 index 980e767..0000000 --- a/configure-runstatedir.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0d7a041f18c5016abb78b74f3cfa505797e704ee Mon Sep 17 00:00:00 2001 -From: Evan Anderson -Date: Sun, 6 Sep 2020 14:30:54 -0500 -Subject: [PATCH] configure: Fix runstatedir handling for distros that do not - support it - -runstatedir was added in yet-to-be released autoconf 2.70. Some distros -are shipping this addition in their autoconf packages, but others, such as Fedora, -are not. This causes the rundir variable to be set incorrectly if the configure script -is regenerated with an unpatched autoconf since the runstatedir variable set is deleted -after regeneration. This change works around that problem by checking that runstatedir -is non-empty before potentially using it to set the rundir variable ---- - configure | 2 +- - m4/sudo.m4 | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure b/configure -index 0f6ceb16c..2e0838e01 100755 ---- a/configure -+++ b/configure -@@ -26718,7 +26718,7 @@ EOF - $as_echo_n "checking for sudo run dir location... " >&6; } - if test -n "$with_rundir"; then - rundir="$with_rundir" --elif test "$runstatedir" != '${localstatedir}/run'; then -+elif test -n "$runstatedir" && test "$runstatedir" != '${localstatedir}/run'; then - rundir="$runstatedir/sudo" - else - # No --with-rundir or --runstatedir specified -diff --git a/m4/sudo.m4 b/m4/sudo.m4 -index a5a972b3c..b3a40b208 100644 ---- a/m4/sudo.m4 -+++ b/m4/sudo.m4 -@@ -120,7 +120,7 @@ dnl - AC_DEFUN([SUDO_RUNDIR], [AC_MSG_CHECKING(for sudo run dir location) - if test -n "$with_rundir"; then - rundir="$with_rundir" --elif test "$runstatedir" != '${localstatedir}/run'; then -+elif test -n "$runstatedir" && test "$runstatedir" != '${localstatedir}/run'; then - rundir="$runstatedir/sudo" - else - # No --with-rundir or --runstatedir specified diff --git a/sources b/sources index 5185f4c..2a74432 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.2.tar.gz) = 20afdf2604b1c93395157382b24f225cd1ff88d3a892362e2d69fecd240c4e7171f05032c08be1778cd1dea6e460025e4241f57272fac0ea3550e220b6d73d21 +SHA512 (sudo-1.9.3p1.tar.gz) = 3ad13fd03e5b371fd6bf7909731ffc11431d2182a744b654f7e5d4b810e47955d49bc78f551afe13ec56acbce694139c33a15bc022cea41b17af5496b8b7f89f diff --git a/sudo.spec b/sudo.spec index 050f34a..0089dfe 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.2 +Version: 1.9.3p1 Release: 1%{?dist} License: ISC URL: http://www.courtesan.com/sudo/ @@ -21,10 +21,10 @@ BuildRequires: libselinux-devel BuildRequires: sendmail BuildRequires: gettext BuildRequires: zlib-devel +BuildRequires: python3-devel # don't strip Patch1: sudo-1.6.7p5-strip.patch -Patch2: configure-runstatedir.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -60,7 +60,6 @@ It can be used to implement centralized logging of sudo logs. %setup -q %patch1 -p1 -b .strip -%patch2 -p1 -b .runstatedir %build # Remove bundled copy of zlib @@ -93,6 +92,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --with-ldap \ --with-selinux \ --with-passprompt="[sudo] password for %p: " \ + --enable-python \ --with-linux-audit \ --with-sssd # --without-kerb5 \ @@ -181,6 +181,7 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so %attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so +%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? @@ -217,6 +218,11 @@ EOF %{_mandir}/man8/sudo_sendlog.8.gz %changelog +* Mon Oct 05 2020 Radovan Sroka - 1.9.3p1-1 +- rebase to 1.9.3p1 +- enable python modules +Resolves: rhbz#1881112 + * Tue Sep 15 2020 Radovan Sroka - 1.9.2-1 - rebase to 1.9.2 Resolves: rhbz#1859577 From 47a5b50ae2e3559901b5d2068a6e27b9f1219644 Mon Sep 17 00:00:00 2001 From: Michel Alexandre Salim Date: Thu, 3 Dec 2020 16:09:48 -0800 Subject: [PATCH 41/84] Update sudo URL http://www.courtesan.com/sudo/ redirects to https://www.sudo.ws/sudo/ (which is identical to https://www.sudo.ws). The latter is also the website referenced in the tarball's README. Signed-off-by: Michel Alexandre Salim --- sudo.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sudo.spec b/sudo.spec index 0089dfe..156d1b8 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,8 +3,8 @@ Name: sudo Version: 1.9.3p1 Release: 1%{?dist} License: ISC -URL: http://www.courtesan.com/sudo/ -Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz +URL: https://www.sudo.ws +Source0: %{url}/dist/%{name}-%{version}.tar.gz Source1: sudoers Requires: pam Recommends: vim-minimal From f6041d82cfc1be91f4fb7895b9a1bd4fb649f094 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Fri, 8 Jan 2021 22:03:13 +0000 Subject: [PATCH 42/84] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- sudo.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/sudo.spec b/sudo.spec index 156d1b8..4fde64f 100644 --- a/sudo.spec +++ b/sudo.spec @@ -10,6 +10,7 @@ Requires: pam Recommends: vim-minimal Requires(post): coreutils +BuildRequires: make BuildRequires: pam-devel BuildRequires: groff BuildRequires: openldap-devel From e30e387ccfdc7d03e9dbbff6cbf746352b30d52d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 13 Jan 2021 13:51:24 -0500 Subject: [PATCH 43/84] Split out -python-plugin subpackage This will allow environments where Python is not desirable to still make use of sudo, such as Fedora CoreOS and other variants which value minimalism. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1909299 --- sudo.spec | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/sudo.spec b/sudo.spec index 4fde64f..78843a0 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,13 +1,14 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.3p1 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz Source1: sudoers Requires: pam Recommends: vim-minimal +Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} Requires(post): coreutils BuildRequires: make @@ -22,7 +23,6 @@ BuildRequires: libselinux-devel BuildRequires: sendmail BuildRequires: gettext BuildRequires: zlib-devel -BuildRequires: python3-devel # don't strip Patch1: sudo-1.6.7p5-strip.patch @@ -57,6 +57,15 @@ BuildRequires: openssl-devel %{name}-logsrvd is a high-performance log server that accepts event and I/O logs from sudo. It can be used to implement centralized logging of sudo logs. +%package python-plugin +Summary: Python plugin for %{name} +Requires: %{name} = %{version}-%{release} +BuildRequires: python3-devel + + +%description python-plugin +%{name}-python-plugin allows using sudo plugins written in Python. + %prep %setup -q @@ -182,7 +191,6 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so %attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so -%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? @@ -197,7 +205,6 @@ EOF %{_mandir}/man8/visudo.8* %{_mandir}/man1/cvtsudoers.1.gz %{_mandir}/man5/sudoers_timestamp.5.gz -%{_mandir}/man8/sudo_plugin_python.8.gz %dir %{_pkgdocdir}/ %{_pkgdocdir}/* %{!?_licensedir:%global license %%doc} @@ -218,7 +225,15 @@ EOF %{_mandir}/man8/sudo_logsrvd.8.gz %{_mandir}/man8/sudo_sendlog.8.gz +%files python-plugin +%{_mandir}/man8/sudo_plugin_python.8.gz +%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so + %changelog +* Wed Jan 13 2021 Jonathan Lebon - 1.9.3p1-2 +- split out Python modules into separate subpackage +Resolves: rhbz#1909299 + * Mon Oct 05 2020 Radovan Sroka - 1.9.3p1-1 - rebase to 1.9.3p1 - enable python modules From a0dc0e6d59bb356662e4bd11a804d109619a2a45 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 18 Jan 2021 21:07:57 +0100 Subject: [PATCH 44/84] Rebase to 1.9.5p1 Resolves: rhbz#1902758 - fixed double free in sss_to_sudoers Resolves: rhbz#1885874 - fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit Resolves: rhbz#1915055 - fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit Resolves: rhbz#1915054 Signed-off-by: Radovan Sroka --- .gitignore | 1 + sources | 2 +- sudo.spec | 14 ++++++++++++-- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index cbf6389..9ea49f6 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /sudo-1.9.1.tar.gz /sudo-1.9.2.tar.gz /sudo-1.9.3p1.tar.gz +/sudo-1.9.5p1.tar.gz diff --git a/sources b/sources index 2a74432..9d9c821 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.3p1.tar.gz) = 3ad13fd03e5b371fd6bf7909731ffc11431d2182a744b654f7e5d4b810e47955d49bc78f551afe13ec56acbce694139c33a15bc022cea41b17af5496b8b7f89f +SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878 diff --git a/sudo.spec b/sudo.spec index 78843a0..779cfc9 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.3p1 -Release: 2%{?dist} +Version: 1.9.5p1 +Release: 1%{?dist} License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz @@ -230,6 +230,16 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog +* Mon Jan 18 2021 Radovan Sroka - 1.9.5p1-1 +- rebase to 1.9.5p1 +Resolves: rhbz#1902758 +- fixed double free in sss_to_sudoers +Resolves: rhbz#1885874 +- fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit +Resolves: rhbz#1915055 +- fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit +Resolves: rhbz#1915054 + * Wed Jan 13 2021 Jonathan Lebon - 1.9.3p1-2 - split out Python modules into separate subpackage Resolves: rhbz#1909299 From 36f24bedc668548d167e5236825983c1155bdc6a Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 26 Jan 2021 14:00:13 -0500 Subject: [PATCH 45/84] update to 1.9.5p2 to address bug 1920618 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing --- .gitignore | 1 + sources | 2 +- sudo.spec | 6 +++++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 9ea49f6..eb540df 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ /sudo-1.9.2.tar.gz /sudo-1.9.3p1.tar.gz /sudo-1.9.5p1.tar.gz +/sudo-1.9.5p2.tar.gz diff --git a/sources b/sources index 9d9c821..e39bcb4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.5p1.tar.gz) = 0168f0b61a6c2d2f60a92b5b4d3c3254aed4116decabac3821d9ac2fd7f74bb7b019e35bb8955335315b3b00ddf4e4acd82540df0addc1d9bf4f44b60447a878 +SHA512 (sudo-1.9.5p2.tar.gz) = f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27 diff --git a/sudo.spec b/sudo.spec index 779cfc9..ed546f3 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.5p1 +Version: 1.9.5p2 Release: 1%{?dist} License: ISC URL: https://www.sudo.ws @@ -230,6 +230,10 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog +* Tue Jan 26 2021 Matthew Miller - 1.9.5p2-1 +- rebase to 1.9.5p2 +Resolves: 1920618 + * Mon Jan 18 2021 Radovan Sroka - 1.9.5p1-1 - rebase to 1.9.5p1 Resolves: rhbz#1902758 From 571662fc2efb75cca738d11d48fe95bf6a86a483 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 26 Jan 2021 14:52:06 -0500 Subject: [PATCH 46/84] update rhbz entries in changelog --- sudo.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index ed546f3..446b638 100644 --- a/sudo.spec +++ b/sudo.spec @@ -232,7 +232,9 @@ EOF %changelog * Tue Jan 26 2021 Matthew Miller - 1.9.5p2-1 - rebase to 1.9.5p2 -Resolves: 1920618 +Resolves: rhbz#1920611 +- fixed CVE-2021-3156 sudo: Heap buffer overflow in argument parsing +Resolves: rhbz#1920618 * Mon Jan 18 2021 Radovan Sroka - 1.9.5p1-1 - rebase to 1.9.5p1 From 5590a6628da4a613e991c45f576e95729bd33568 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 4 Jun 2021 21:15:47 +0200 Subject: [PATCH 47/84] Rebuilt for Python 3.10 --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 446b638..421a2a8 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.5p2 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz @@ -230,6 +230,9 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog +* Fri Jun 04 2021 Python Maint - 1.9.5p2-2 +- Rebuilt for Python 3.10 + * Tue Jan 26 2021 Matthew Miller - 1.9.5p2-1 - rebase to 1.9.5p2 Resolves: rhbz#1920611 From e9983f0902856ed85921077d5493e5afa8ce2a20 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 23 Jul 2021 18:25:32 +0000 Subject: [PATCH 48/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- sudo.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 421a2a8..e1e3e6e 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.5p2 -Release: 2%{?dist} +Release: 3%{?dist} License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz @@ -230,6 +230,9 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog +* Fri Jul 23 2021 Fedora Release Engineering - 1.9.5p2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Fri Jun 04 2021 Python Maint - 1.9.5p2-2 - Rebuilt for Python 3.10 From d8c0683b917be33ef9d9440b20ef9ba92204f4ff Mon Sep 17 00:00:00 2001 From: Peter Czanik Date: Thu, 5 Aug 2021 08:25:56 +0200 Subject: [PATCH 49/84] - update to 1.9.7p2 - follow up path change in strip patch - added --enable-zlib=system configure parameter, so sudo uses system zlib, autoconf is no more needed Signed-off-by: Peter Czanik --- sudo-1.6.7p5-strip.patch | 4 ++-- sudo.spec | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/sudo-1.6.7p5-strip.patch b/sudo-1.6.7p5-strip.patch index f9e2faa..f690659 100644 --- a/sudo-1.6.7p5-strip.patch +++ b/sudo-1.6.7p5-strip.patch @@ -1,5 +1,5 @@ ---- sudo-1.6.7p5/install-sh.strip 2005-07-21 14:28:25.000000000 +0200 -+++ sudo-1.6.7p5/install-sh 2005-07-21 14:29:18.000000000 +0200 +--- sudo-1.6.7p5/scripts/install-sh.strip 2005-07-21 14:28:25.000000000 +0200 ++++ sudo-1.6.7p5/scripts/install-sh 2005-07-21 14:29:18.000000000 +0200 @@ -138,7 +138,7 @@ fi ;; diff --git a/sudo.spec b/sudo.spec index e1e3e6e..ceb4c24 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.5p2 -Release: 3%{?dist} +Version: 1.9.7p2 +Release: 1%{?dist} License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz @@ -17,7 +17,8 @@ BuildRequires: groff BuildRequires: openldap-devel BuildRequires: flex BuildRequires: bison -BuildRequires: automake autoconf libtool +# BuildRequires: automake autoconf libtool +BuildRequires: libtool BuildRequires: audit-libs-devel libcap-devel BuildRequires: libselinux-devel BuildRequires: sendmail @@ -74,7 +75,7 @@ BuildRequires: python3-devel %build # Remove bundled copy of zlib rm -rf zlib/ -autoreconf -I m4 -fv --install +#autoreconf -I m4 -fv --install %ifarch s390 s390x sparc64 F_PIE=-fPIE @@ -103,6 +104,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --with-selinux \ --with-passprompt="[sudo] password for %p: " \ --enable-python \ + --enable-zlib=system \ --with-linux-audit \ --with-sssd # --without-kerb5 \ @@ -230,6 +232,12 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog +* Fri Jul 30 2021 Peter Czanik - 1.9.7p2-1 +- update to 1.9.7p2 +- follow up path change in strip patch +- added --enable-zlib=system configure parameter, so sudo uses system zlib, + autoconf is no more needed + * Fri Jul 23 2021 Fedora Release Engineering - 1.9.5p2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From dd1363faa35f510c1556d506257c06ae7a83bce9 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Sat, 7 Aug 2021 12:43:08 -0400 Subject: [PATCH 50/84] update sources file for previous PR --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index e39bcb4..3bae7ed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.5p2.tar.gz) = f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27 +SHA512 (sudo-1.9.7p2.tar.gz) = 39184127122014d0d1d194d455644191009835ffdcc0efda3a99028fe346ca3ff6b15341016f85029556e9f1f9deeaf83b52160effc47d1a5713affb36b99386 From 442af28d89abad6b461155b5d38dfacaf68cba99 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Sat, 7 Aug 2021 12:49:06 -0400 Subject: [PATCH 51/84] - drop obsolete requirement for post script that doesn't exist anymore (thanks @scfc) - remove commented-out lines from prior PR --- sudo.spec | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sudo.spec b/sudo.spec index ceb4c24..d2e2cd9 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.7p2 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz @@ -9,7 +9,6 @@ Source1: sudoers Requires: pam Recommends: vim-minimal Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} -Requires(post): coreutils BuildRequires: make BuildRequires: pam-devel @@ -17,7 +16,6 @@ BuildRequires: groff BuildRequires: openldap-devel BuildRequires: flex BuildRequires: bison -# BuildRequires: automake autoconf libtool BuildRequires: libtool BuildRequires: audit-libs-devel libcap-devel BuildRequires: libselinux-devel @@ -75,7 +73,6 @@ BuildRequires: python3-devel %build # Remove bundled copy of zlib rm -rf zlib/ -#autoreconf -I m4 -fv --install %ifarch s390 s390x sparc64 F_PIE=-fPIE @@ -232,6 +229,11 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog +* Sat Aug 7 2021 Matthew Miller - 1.9.7p2-2 +- drop obsolete requirement for post script that doesn't exist anymore + (thanks @scfc) +- remove commented-out lines from prior PR + * Fri Jul 30 2021 Peter Czanik - 1.9.7p2-1 - update to 1.9.7p2 - follow up path change in strip patch From f02ed1c65ea5e8e513344d1b251e0dcdd8188ac0 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 25 Aug 2021 11:03:18 -0400 Subject: [PATCH 52/84] enable rpmautospec (https://docs.pagure.org/Fedora-Infra.rpmautospec/) --- changelog | 833 +++++++++++++++++++++++++++++++++++++++++++++++++++++ sudo.spec | 836 +----------------------------------------------------- 2 files changed, 835 insertions(+), 834 deletions(-) create mode 100644 changelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..2345722 --- /dev/null +++ b/changelog @@ -0,0 +1,833 @@ +* Sat Aug 7 2021 Matthew Miller - 1.9.7p2-2 +- drop obsolete requirement for post script that doesn't exist anymore + (thanks @scfc) +- remove commented-out lines from prior PR + +* Fri Jul 30 2021 Peter Czanik - 1.9.7p2-1 +- update to 1.9.7p2 +- follow up path change in strip patch +- added --enable-zlib=system configure parameter, so sudo uses system zlib, + autoconf is no more needed + +* Fri Jul 23 2021 Fedora Release Engineering - 1.9.5p2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 1.9.5p2-2 +- Rebuilt for Python 3.10 + +* Tue Jan 26 2021 Matthew Miller - 1.9.5p2-1 +- rebase to 1.9.5p2 +Resolves: rhbz#1920611 +- fixed CVE-2021-3156 sudo: Heap buffer overflow in argument parsing +Resolves: rhbz#1920618 + +* Mon Jan 18 2021 Radovan Sroka - 1.9.5p1-1 +- rebase to 1.9.5p1 +Resolves: rhbz#1902758 +- fixed double free in sss_to_sudoers +Resolves: rhbz#1885874 +- fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit +Resolves: rhbz#1915055 +- fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit +Resolves: rhbz#1915054 + +* Wed Jan 13 2021 Jonathan Lebon - 1.9.3p1-2 +- split out Python modules into separate subpackage +Resolves: rhbz#1909299 + +* Mon Oct 05 2020 Radovan Sroka - 1.9.3p1-1 +- rebase to 1.9.3p1 +- enable python modules +Resolves: rhbz#1881112 + +* Tue Sep 15 2020 Radovan Sroka - 1.9.2-1 +- rebase to 1.9.2 +Resolves: rhbz#1859577 +- added logsrvd subpackage +- added openssl-devel buildrequires +Resolves: rhbz#1860653 +- fixed sudo runstatedir path +- it was generated as /sudo instead of /run/sudo +Resolves: rhbz#1868215 +- added /var/lib/snapd/snap/bin to secure_path variable +Resolves: rhbz#1691996 + +* Sat Aug 01 2020 Fedora Release Engineering - 1.9.1-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 08 2020 Attila Lakatos - 1.9.1-1 +- rebase to 1.9.1 +Resolves: rhbz#1848788 +- fix rpmlint errors +Resolves: rhbz#1817139 + +* Wed Mar 25 2020 Attila Lakatos - 1.9.0-0.1.b4 +- update to latest development version 1.9.0b4 +Resolves: rhbz#1816593 +- setrlimit(RLIMIT_CORE): Operation not permitted warning message fix +Resolves: rhbz#1773148 + +* Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 +- update to latest development version 1.9.0b1 +- added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages +Resolves: rhbz#1787823 +- Stack based buffer overflow in when pwfeedback is enabled +Resolves: rhbz#1796945 +- fixes: CVE-2019-18634 +- By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account +Resolves: rhbz#1786709 +- fixes CVE-2019-19234 +- attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user +Resolves: rhbz#1786705 +- fixes CVE-2019-19232 + +* Fri Jan 31 2020 Fedora Release Engineering - 1.8.29-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Nov 11 2019 Radovan Sroka - 1.8.29-1 +- rebase to 1.8.29 +Resolves: rhbz#1766233 + +* Tue Oct 22 2019 Radovan Sroka - 1.8.28p1-1 +- rebase to 1.8.28p1 +Resolves: rhbz#1762350 + +* Tue Oct 15 2019 Radovan Sroka - 1.8.28-1 +- rebase to 1.8.28 +Resolves: rhbz#1761533 +- set always_set_home by default +Resolves: rhbz#1728687 +- Sync sudoers options from rhel8 to fedora +Resolves: rhbz#1761781 +- CVE-2019-14287 +Resolves: rhbz#1761584 + +* Sat Jul 27 2019 Fedora Release Engineering - 1.8.27-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 +- resolves rhbz#1676925 +- Removed PS1, PS2 from sudoers + +* Mon Mar 11 2019 Radovan Sroka 1.8.27-1 +- rebase sudo to 1.8.27 + +* Sun Feb 03 2019 Fedora Release Engineering - 1.8.25p1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Oct 01 2018 Radovan Sroka 1.8.25p1-1 +- rebase sudo to 1.8.25p1 + +* Mon Sep 10 2018 Radovan Sroka 1.8.25-1 +- rebase sudo to latest stawble version +- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968) + +* Sat Jul 14 2018 Fedora Release Engineering - 1.8.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 03 2018 Matthew Miller - 1.8.23-2 +- remove defattr, as default is now sane + +* Wed May 09 2018 Daniel Kopecek - 1.8.23-1 +- update to 1.8.23 + +* Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 +- update to 1.8.23b3 + +* Fri Feb 09 2018 Fedora Release Engineering - 1.8.22-0.2.b1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 +- update to 1.8.22b1 +- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 + +* Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 +- update to 1.8.21p2 +- Moved libsudo_util.so from the -devel sub-package to main package (1481225) + +* Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 +- replace file-based requirements with package-level ones: +- /etc/pam.d/system-auth to 'pam' +- /bin/chmod to 'coreutils' (bug #1488934) +- /usr/bin/vi to vim-minimal +- ... and make vim-minimal "recommends" instead of "requires", because + other editors can be configured. + +* Thu Aug 03 2017 Fedora Release Engineering - 1.8.20p2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 1.8.20p2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jun 01 2017 Daniel Kopecek 1.8.20p2-1 +- update to 1.8.20p2 + +* Wed May 31 2017 Daniel Kopecek 1.8.20p1-1 +- update to 1.8.20p1 +- fixes CVE-2017-1000367 + Resolves: rhbz#1456884 + +* Fri Apr 07 2017 Jiri Vymazal - 1.8.20-0.1.b1 +- update to latest development version 1.8.20b1 +- added sudo to dnf/yum protected packages + Resolves: rhbz#1418756 + +* Mon Feb 13 2017 Tomas Sykora - 1.8.19p2-1 +- update to 1.8.19p2 + +* Sat Feb 11 2017 Fedora Release Engineering - 1.8.19-0.3.20161108git738c3cb +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Nov 08 2016 Daniel Kopecek 1.8.19-0.2.20161108git738c3cb +- update to latest development version +- fixes CVE-2016-7076 + +* Fri Sep 23 2016 Radovan Sroka 1.8.19-0.1.20160923git90e4538 +- we were not able to update from rc and beta versions to stable one +- so this is a new snapshot package which resolves it + +* Wed Sep 21 2016 Radovan Sroka 1.8.18-1 +- update to 1.8.18 + +* Fri Sep 16 2016 Radovan Sroka 1.8.18rc4-1 +- update to 1.8.18rc4 + +* Wed Sep 14 2016 Radovan Sroka 1.8.18rc2-1 +- update to 1.8.18rc2 +- dropped sudo-1.8.14p1-ldapconfpatch.patch + upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html + +* Fri Aug 26 2016 Radovan Sroka 1.8.18b2-1 +- update to 1.8.18b2 +- added --disable-root-mailer as configure option + Resolves: rhbz#1324091 + +* Fri Jun 24 2016 Daniel Kopecek 1.8.17p1-1 +- update to 1.8.17p1 +- install the /var/db/sudo/lectured + Resolves: rhbz#1321414 + +* Tue May 31 2016 Daniel Kopecek 1.8.16-4 +- removed INPUTRC from env_keep to prevent a possible info leak + Resolves: rhbz#1340701 + +* Fri May 13 2016 Daniel Kopecek 1.8.16-3 +- fixed upstream patch for rhbz#1328735 + +* Thu May 12 2016 Daniel Kopecek 1.8.16-2 +- fixed invalid sesh argument array construction + +* Mon Apr 04 2016 Daniel Kopecek 1.8.16-1 +- update to 1.8.16 + +* Fri Feb 05 2016 Fedora Release Engineering - 1.8.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Nov 5 2015 Daniel Kopecek 1.8.15-1 +- update to 1.8.15 +- fixes CVE-2015-5602 + +* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-3 +- enable upstream test suite + +* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-2 +- add patch that resolves initialization problem before sudo_strsplit call +- add patch that resolves deadcode in visudo.c +- add patch that removes extra while in visudo.c and sudoers.c + +* Mon Jul 27 2015 Radovan Sroka 1.8.14p3-1 +- update to 1.8.14p3 + +* Mon Jul 20 2015 Radovan Sroka 1.8.14p1-1 +- update to 1.8.14p1-1 +- rebase sudo-1.8.14b3-ldapconfpatch.patch -> sudo-1.8.14p1-ldapconfpatch.patch +- rebase sudo-1.8.14b4-docpassexpire.patch -> sudo-1.8.14p1-docpassexpire.patch + +* Tue Jul 14 2015 Radovan Sroka 1.8.12-2 +- add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time +- Resolves: rhbz#1162070 + +* Fri Jul 10 2015 Radovan Sroka - 1.8.14b4-1 +- Update to 1.8.14b4 +- Add own %%{_tmpfilesdir}/sudo.conf + +* Fri Jun 19 2015 Fedora Release Engineering - 1.8.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Feb 18 2015 Daniel Kopecek - 1.8.12 +- update to 1.8.12 +- fixes CVE-2014-9680 + +* Mon Nov 3 2014 Daniel Kopecek - 1.8.11p2-1 +- update to 1.8.11p2 +- added patch to fix upstream bug #671 -- exiting immediately + when audit is disabled + +* Tue Sep 30 2014 Daniel Kopecek - 1.8.11-1 +- update to 1.8.11 +- major changes & fixes: + - when running a command in the background, sudo will now forward + SIGINFO to the command + - the passwords in ldap.conf and ldap.secret may now be encoded in base64. + - SELinux role changes are now audited. For sudoedit, we now audit + the actual editor being run, instead of just the sudoedit command. + - it is now possible to match an environment variable's value as well as + its name using env_keep and env_check + - new files created via sudoedit as a non-root user now have the proper group id + - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support + - it is now possible to disable network interface probing in sudo.conf by + changing the value of the probe_interfaces setting + - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt + for the user's password even if the targetpw, rootpw or runaspw options are set. + - the new use_netgroups sudoers option can be used to explicitly enable or disable + netgroups support + - visudo can now export a sudoers file in JSON format using the new -x flag +- added patch to read ldap.conf more closely to nss_ldap +- require /usr/bin/vi instead of vim-minimal +- include pam.d/system-auth in PAM session phase from pam.d/sudo +- include pam.d/sudo in PAM session phase from pam.d/sudo-i + +* Tue Aug 5 2014 Tom Callaway - 1.8.8-6 +- fix license handling + +* Sun Jun 08 2014 Fedora Release Engineering - 1.8.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat May 31 2014 Peter Robinson 1.8.8-4 +- Drop ChangeLog, we ship NEWS + +* Mon Mar 10 2014 Daniel Kopecek - 1.8.8-3 +- remove bundled copy of zlib before compilation +- drop the requiretty Defaults setting from sudoers + +* Sat Jan 25 2014 Ville Skyttä - 1.8.8-2 +- Own the %%{_libexecdir}/sudo dir. + +* Mon Sep 30 2013 Daniel Kopecek - 1.8.8-1 +- update to 1.8.8 +- major changes & fixes: + - LDAP SASL support now works properly with Kerberos + - root may no longer change its SELinux role without entering a password + - user messages are now always displayed in the user's locale, even when + the same message is being logged or mailed in a different locale. + - log files created by sudo now explicitly have the group set to group + ID 0 rather than relying on BSD group semantics + - sudo now stores its libexec files in a sudo subdirectory instead of in + libexec itself + - system_group and group_file sudoers group provider plugins are now + installed by default + - the paths to ldap.conf and ldap.secret may now be specified as arguments + to the sudoers plugin in the sudo.conf file + - ...and many new features and settings. See the upstream ChangeLog for the + full list. +- several sssd support fixes +- added patch to make uid/gid specification parsing more strict (don't accept + an invalid number as uid/gid) +- use the _pkgdocdir macro + (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs) +- fixed several bugs found by the clang static analyzer +- added %%post dependency on chmod + +* Sun Aug 04 2013 Fedora Release Engineering - 1.8.6p7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 28 2013 Daniel Kopecek - 1.8.6p7-1 +- update to 1.8.6p7 +- fixes CVE-2013-1775 and CVE-2013-1776 +- fixed several packaging issues (thanks to ville.skytta@iki.fi) + - build with system zlib. + - let rpmbuild strip libexecdir/*.so. + - own the %%{_docdir}/sudo-* dir. + - fix some rpmlint warnings (spaces vs tabs, unescaped macros). + - fix bogus %%changelog dates. + +* Fri Feb 15 2013 Fedora Release Engineering - 1.8.6p3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Daniel Kopecek - 1.8.6p3-2 +- added upstream patch for a regression +- don't include arch specific files in the -devel subpackage +- ship only one sample plugin in the -devel subpackage + +* Tue Sep 25 2012 Daniel Kopecek - 1.8.6p3-1 +- update to 1.8.6p3 +- drop -pipelist patch (fixed in upstream) + +* Thu Sep 6 2012 Daniel Kopecek - 1.8.6-1 +- update to 1.8.6 + +* Thu Jul 26 2012 Daniel Kopecek - 1.8.5-4 +- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) +- re-enabled SSSD support +- removed libsss_sudo dependency + +* Tue Jul 24 2012 Bill Nottingham - 1.8.5-3 +- flip sudoers2ldif executable bit after make install, not in setup + +* Sat Jul 21 2012 Fedora Release Engineering - 1.8.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu May 17 2012 Daniel Kopecek - 1.8.5-1 +- update to 1.8.5 +- fixed CVE-2012-2337 +- temporarily disabled SSSD support + +* Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 +- fixed problems with undefined symbols (rhbz#798517) + +* Wed Feb 22 2012 Daniel Kopecek - 1.8.3p1-5 +- SSSD patch update + +* Tue Feb 7 2012 Daniel Kopecek - 1.8.3p1-4 +- added SSSD support + +* Thu Jan 26 2012 Daniel Kopecek - 1.8.3p1-3 +- added patch for CVE-2012-0809 + +* Sat Jan 14 2012 Fedora Release Engineering - 1.8.3p1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 +- update to 1.8.3p1 +- disable output word wrapping if the output is piped + +* Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 +- Remove execute bit from sample script in docs so we don't pull in perl + +* Tue Jul 12 2011 Daniel Kopecek - 1.8.1p2-1 +- rebase to 1.8.1p2 +- removed .sudoi patch +- fixed typo: RELPRO -> RELRO +- added -devel subpackage for the sudo_plugin.h header file +- use default ldap configuration files again + +* Fri Jun 3 2011 Daniel Kopecek - 1.7.4p5-4 +- build with RELRO + +* Wed Feb 09 2011 Fedora Release Engineering - 1.7.4p5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Daniel Kopecek - 1.7.4p5-2 +- rebase to 1.7.4p5 +- fixed sudo-1.7.4p4-getgrouplist.patch +- fixes CVE-2011-0008, CVE-2011-0010 + +* Tue Nov 30 2010 Daniel Kopecek - 1.7.4p4-5 +- anybody in the wheel group has now root access (using password) (rhbz#656873) +- sync configuration paths with the nss_ldap package (rhbz#652687) + +* Wed Sep 29 2010 Daniel Kopecek - 1.7.4p4-4 +- added upstream patch to fix rhbz#638345 + +* Mon Sep 20 2010 Daniel Kopecek - 1.7.4p4-3 +- added patch for #635250 +- /var/run/sudo -> /var/db/sudo in .spec + +* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-2 +- sudo now uses /var/db/sudo for timestamps + +* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-1 +- update to new upstream version +- new command available: sudoreplay +- use native audit support +- corrected license field value: BSD -> ISC + +* Wed Jun 2 2010 Daniel Kopecek - 1.7.2p6-2 +- added patch that fixes insufficient environment sanitization issue (#598154) + +* Wed Apr 14 2010 Daniel Kopecek - 1.7.2p6-1 +- update to new upstream version +- merged .audit and .libaudit patch +- added sudoers.ldap.5* to files + +* Mon Mar 1 2010 Daniel Kopecek - 1.7.2p5-2 +- update to new upstream version + +* Tue Feb 16 2010 Daniel Kopecek - 1.7.2p2-5 +- fixed no valid sudoers sources found (#558875) + +* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-4 +- audit related Makefile.in and configure.in corrections +- added --with-audit configure option +- removed call to libtoolize + +* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-3 +- fixed segfault when #include directive is used in cycles (#561336) + +* Fri Jan 8 2010 Ville Skyttä - 1.7.2p2-2 +- Add /etc/sudoers.d dir and use it in default config (#551470). +- Drop *.pod man page duplicates from docs. + +* Thu Jan 07 2010 Daniel Kopecek - 1.7.2p2-1 +- new upstream version 1.7.2p2-1 +- commented out unused aliases in sudoers to make visudo happy (#550239) + +* Fri Aug 21 2009 Tomas Mraz - 1.7.1-7 +- rebuilt with new audit + +* Thu Aug 20 2009 Daniel Kopecek 1.7.1-6 +- moved secure_path from compile-time option to sudoers file (#517428) + +* Sun Jul 26 2009 Fedora Release Engineering - 1.7.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 09 2009 Daniel Kopecek 1.7.1-4 +- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch) +- epoch number sync + +* Mon Jun 22 2009 Daniel Kopecek 1.7.1-1 +- updated sudo to version 1.7.1 +- fixed small bug in configure.in (sudo-1.7.1-conffix.patch) + +* Tue Feb 24 2009 Daniel Kopecek 1.6.9p17-6 +- fixed building with new libtool +- fix for incorrect handling of groups in Runas_User +- added /usr/local/sbin to secure-path + +* Tue Jan 13 2009 Daniel Kopecek 1.6.9p17-3 +- build with sendmail installed +- Added /usr/local/bin to secure-path + +* Tue Sep 02 2008 Peter Vrabec 1.6.9p17-2 +- adjust audit patch, do not scream when kernel is + compiled without audit netlink support (#401201) + +* Fri Jul 04 2008 Peter Vrabec 1.6.9p17-1 +- upgrade + +* Wed Jun 18 2008 Peter Vrabec 1.6.9p13-7 +- build with newer autoconf-2.62 (#449614) + +* Tue May 13 2008 Peter Vrabec 1.6.9p13-6 +- compiled with secure path (#80215) + +* Mon May 05 2008 Peter Vrabec 1.6.9p13-5 +- fix path to updatedb in /etc/sudoers (#445103) + +* Mon Mar 31 2008 Peter Vrabec 1.6.9p13-4 +- include ldap files in rpm package (#439506) + +* Thu Mar 13 2008 Peter Vrabec 1.6.9p13-3 +- include [sudo] in password prompt (#437092) + +* Tue Mar 04 2008 Peter Vrabec 1.6.9p13-2 +- audit support improvement + +* Thu Feb 21 2008 Peter Vrabec 1.6.9p13-1 +- upgrade to the latest upstream release + +* Wed Feb 06 2008 Peter Vrabec 1.6.9p12-1 +- upgrade to the latest upstream release +- add selinux support + +* Mon Feb 04 2008 Dennis Gilmore 1.6.9p4-6 +- sparc64 needs to be in the -fPIE list with s390 + +* Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 +- fix complains about audit_log_user_command(): Connection + refused (#401201) + +* Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 +- Rebuild for deps + +* Wed Dec 05 2007 Release Engineering - 1.6.9p4-3 +- Rebuild for openssl bump + +* Thu Aug 30 2007 Peter Vrabec 1.6.9p4-2 +- fix autotools stuff and add audit support + +* Mon Aug 20 2007 Peter Vrabec 1.6.9p4-1 +- upgrade to upstream release + +* Thu Apr 12 2007 Peter Vrabec 1.6.8p12-14 +- also use getgrouplist() to determine group membership (#235915) + +* Mon Feb 26 2007 Peter Vrabec 1.6.8p12-13 +- fix some spec file issues + +* Thu Dec 14 2006 Peter Vrabec 1.6.8p12-12 +- fix rpmlint issue + +* Thu Oct 26 2006 Peter Vrabec 1.6.8p12-11 +- fix typo in sudoers file (#212308) + +* Sun Oct 01 2006 Jesse Keating - 1.6.8p12-10 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Thu Sep 21 2006 Peter Vrabec 1.6.8p12-9 +- fix sudoers file, X apps didn't work (#206320) + +* Tue Aug 08 2006 Peter Vrabec 1.6.8p12-8 +- use Red Hat specific default sudoers file + +* Sun Jul 16 2006 Karel Zak 1.6.8p12-7 +- fix #198755 - make login processes (sudo -i) initialise session keyring + (thanks for PAM config files to David Howells) +- add IPv6 support (patch by Milan Zazrivec) + +* Wed Jul 12 2006 Jesse Keating - 1.6.8p12-6.1 +- rebuild + +* Mon May 29 2006 Karel Zak 1.6.8p12-6 +- fix #190062 - "ssh localhost sudo su" will show the password in clear + +* Tue May 23 2006 Karel Zak 1.6.8p12-5 +- add LDAP support (#170848) + +* Fri Feb 10 2006 Jesse Keating - 1.6.8p12-4.1 +- bump again for double-long bug on ppc(64) + +* Wed Feb 8 2006 Karel Zak 1.6.8p12-4 +- reset env. by default + +* Tue Feb 07 2006 Jesse Keating - 1.6.8p12-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Jan 23 2006 Dan Walsh 1.6.8p12-3 +- Remove selinux patch. It has been decided that the SELinux patch for sudo is +- no longer necessary. In tageted policy it had no effect. In strict/MLS policy +- We require the person using sudo to execute newrole before using sudo. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Nov 25 2005 Karel Zak 1.6.8p12-1 +- new upstream version 1.6.8p12 + +* Tue Nov 8 2005 Karel Zak 1.6.8p11-1 +- new upstream version 1.6.8p11 + +* Thu Oct 13 2005 Tomas Mraz 1.6.8p9-6 +- use include instead of pam_stack in pam config + +* Tue Oct 11 2005 Karel Zak 1.6.8p9-5 +- enable interfaces in selinux patch +- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch + +* Mon Sep 19 2005 Karel Zak 1.6.8p9-4 +- fix debuginfo + +* Mon Sep 19 2005 Karel Zak 1.6.8p9-3 +- fix #162623 - sesh hangs when child suspends + +* Mon Aug 1 2005 Dan Walsh 1.6.8p9-2 +- Add back in interfaces call, SELinux has been fixed to work around + +* Tue Jun 21 2005 Karel Zak 1.6.8p9-1 +- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution) + +* Tue May 24 2005 Karel Zak 1.6.8p8-2 +- fix #154511 - sudo does not use limits.conf + +* Mon Apr 4 2005 Thomas Woerner 1.6.8p8-1 +- new version 1.6.8p8: new sudoedit and sudo_noexec + +* Wed Feb 9 2005 Thomas Woerner 1.6.7p5-31 +- rebuild + +* Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 +- added missing BuildRequires for libselinux-devel (#132883) + +* Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 +- Fix missing param error in sesh + +* Mon Sep 27 2004 Dan Walsh 1.6.7p5-29 +- Remove full patch check from sesh + +* Thu Jul 8 2004 Dan Walsh 1.6.7p5-28 +- Fix selinux patch to switch to root user + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Apr 13 2004 Dan Walsh 1.6.7p5-26 +- Eliminate tty handling from selinux + +* Thu Apr 1 2004 Thomas Woerner 1.6.7p5-25 +- fixed spec file: sesh in file section with selinux flag (#119682) + +* Tue Mar 30 2004 Colin Walters 1.6.7p5-24 +- Enhance sesh.c to fork/exec children itself, to avoid + having sudo reap all domains. +- Only reinstall default signal handlers immediately before + exec of child with SELinux patch + +* Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 +- change to default to sysadm_r +- Fix tty handling + +* Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 +- Add /bin/sesh to run selinux code. +- replace /bin/bash -c with /bin/sesh + +* Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 +- Hard code to use "/bin/bash -c" for selinux + +* Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 +- Eliminate closing and reopening of terminals, to match su. + +* Mon Mar 15 2004 Dan Walsh 1.6.7p5-19 +- SELinux fixes to make transitions work properly + +* Fri Mar 5 2004 Thomas Woerner 1.6.7p5-18 +- pied sudo + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Jan 27 2004 Dan Walsh 1.6.7p5-16 +- Eliminate interfaces call, since this requires big SELinux privs +- and it seems to be useless. + +* Tue Jan 27 2004 Karsten Hopp 1.6.7p5-15 +- visudo requires vim-minimal or setting EDITOR to something useful (#68605) + +* Mon Jan 26 2004 Dan Walsh 1.6.7p5-14 +- Fix is_selinux_enabled call + +* Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 +- Clean up patch on failure + +* Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 +- Remove sudo.te for now. + +* Fri Jan 2 2004 Dan Walsh 1.6.7p5-11 +- Fix usage message + +* Mon Dec 22 2003 Dan Walsh 1.6.7p5-10 +- Clean up sudo.te to not blow up if pam.te not present + +* Thu Dec 18 2003 Thomas Woerner +- added missing BuildRequires for groff + +* Tue Dec 16 2003 Jeremy Katz 1.6.7p5-9 +- remove left-over debugging code + +* Tue Dec 16 2003 Dan Walsh 1.6.7p5-8 +- Fix terminal handling that caused Sudo to exit on non selinux machines. + +* Mon Dec 15 2003 Dan Walsh 1.6.7p5-7 +- Remove sudo_var_run_t which is now pam_var_run_t + +* Fri Dec 12 2003 Dan Walsh 1.6.7p5-6 +- Fix terminal handling and policy + +* Thu Dec 11 2003 Dan Walsh 1.6.7p5-5 +- Fix policy + +* Thu Nov 13 2003 Dan Walsh 1.6.7p5-4.sel +- Turn on SELinux support + +* Tue Jul 29 2003 Dan Walsh 1.6.7p5-3 +- Add support for SELinux + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Mon May 19 2003 Thomas Woerner 1.6.7p5-1 + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Nov 12 2002 Nalin Dahyabhai 1.6.6-2 +- remove absolute path names from the PAM configuration, ensuring that the + right modules get used for whichever arch we're built for +- don't try to install the FAQ, which isn't there any more + +* Thu Jun 27 2002 Bill Nottingham 1.6.6-1 +- update to 1.6.6 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Thu Apr 18 2002 Bernhard Rosenkraenzer 1.6.5p2-2 +- Fix bug #63768 + +* Thu Mar 14 2002 Bernhard Rosenkraenzer 1.6.5p2-1 +- 1.6.5p2 + +* Fri Jan 18 2002 Bernhard Rosenkraenzer 1.6.5p1-1 +- 1.6.5p1 +- Hope this "a new release per day" madness stops ;) + +* Thu Jan 17 2002 Bernhard Rosenkraenzer 1.6.5-1 +- 1.6.5 + +* Tue Jan 15 2002 Bernhard Rosenkraenzer 1.6.4p1-1 +- 1.6.4p1 + +* Mon Jan 14 2002 Bernhard Rosenkraenzer 1.6.4-1 +- Update to 1.6.4 + +* Mon Jul 23 2001 Bernhard Rosenkraenzer 1.6.3p7-2 +- Add build requirements (#49706) +- s/Copyright/License/ +- bzip2 source + +* Sat Jun 16 2001 Than Ngo +- update to 1.6.3p7 +- use %%{_tmppath} + +* Fri Feb 23 2001 Bernhard Rosenkraenzer +- 1.6.3p6, fixes buffer overrun + +* Tue Oct 10 2000 Bernhard Rosenkraenzer +- 1.6.3p5 + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Tue Jun 06 2000 Karsten Hopp +- fixed owner of sudo and visudo + +* Thu Jun 1 2000 Nalin Dahyabhai +- modify PAM setup to use system-auth +- clean up buildrooting by using the makeinstall macro + +* Tue Apr 11 2000 Bernhard Rosenkraenzer +- initial build in main distrib +- update to 1.6.3 +- deal with compressed man pages + +* Tue Dec 14 1999 Preston Brown +- updated to 1.6.1 for Powertools 6.2 +- config files are now noreplace. + +* Thu Jul 22 1999 Tim Powers +- updated to 1.5.9p2 for Powertools 6.1 + +* Wed May 12 1999 Bill Nottingham +- sudo is configured with pam. There's no pam.d file. Oops. + +* Mon Apr 26 1999 Preston Brown +- upgraded to 1.59p1 for powertools 6.0 + +* Tue Oct 27 1998 Preston Brown +- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) + +* Thu Oct 08 1998 Michael Maher +- built package for 5.2 + +* Mon May 18 1998 Michael Maher +- updated SPEC file + +* Thu Jan 29 1998 Otto Hammersmith +- updated to 1.5.4 + +* Tue Nov 18 1997 Otto Hammersmith +- built for glibc, no problems + +* Fri Apr 25 1997 Michael Fulbright +- Fixed for 4.2 PowerTools +- Still need to be pamified +- Still need to move stmp file to /var/log + +* Mon Feb 17 1997 Michael Fulbright +- First version for PowerCD. diff --git a/sudo.spec b/sudo.spec index d2e2cd9..762cc13 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.9.7p2 -Release: 2%{?dist} +Release: %autorelease License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz @@ -229,836 +229,4 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog -* Sat Aug 7 2021 Matthew Miller - 1.9.7p2-2 -- drop obsolete requirement for post script that doesn't exist anymore - (thanks @scfc) -- remove commented-out lines from prior PR - -* Fri Jul 30 2021 Peter Czanik - 1.9.7p2-1 -- update to 1.9.7p2 -- follow up path change in strip patch -- added --enable-zlib=system configure parameter, so sudo uses system zlib, - autoconf is no more needed - -* Fri Jul 23 2021 Fedora Release Engineering - 1.9.5p2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Fri Jun 04 2021 Python Maint - 1.9.5p2-2 -- Rebuilt for Python 3.10 - -* Tue Jan 26 2021 Matthew Miller - 1.9.5p2-1 -- rebase to 1.9.5p2 -Resolves: rhbz#1920611 -- fixed CVE-2021-3156 sudo: Heap buffer overflow in argument parsing -Resolves: rhbz#1920618 - -* Mon Jan 18 2021 Radovan Sroka - 1.9.5p1-1 -- rebase to 1.9.5p1 -Resolves: rhbz#1902758 -- fixed double free in sss_to_sudoers -Resolves: rhbz#1885874 -- fixed CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit -Resolves: rhbz#1915055 -- fixed CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit -Resolves: rhbz#1915054 - -* Wed Jan 13 2021 Jonathan Lebon - 1.9.3p1-2 -- split out Python modules into separate subpackage -Resolves: rhbz#1909299 - -* Mon Oct 05 2020 Radovan Sroka - 1.9.3p1-1 -- rebase to 1.9.3p1 -- enable python modules -Resolves: rhbz#1881112 - -* Tue Sep 15 2020 Radovan Sroka - 1.9.2-1 -- rebase to 1.9.2 -Resolves: rhbz#1859577 -- added logsrvd subpackage -- added openssl-devel buildrequires -Resolves: rhbz#1860653 -- fixed sudo runstatedir path -- it was generated as /sudo instead of /run/sudo -Resolves: rhbz#1868215 -- added /var/lib/snapd/snap/bin to secure_path variable -Resolves: rhbz#1691996 - -* Sat Aug 01 2020 Fedora Release Engineering - 1.9.1-3 -- Second attempt - Rebuilt for - https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 29 2020 Fedora Release Engineering - 1.9.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 08 2020 Attila Lakatos - 1.9.1-1 -- rebase to 1.9.1 -Resolves: rhbz#1848788 -- fix rpmlint errors -Resolves: rhbz#1817139 - -* Wed Mar 25 2020 Attila Lakatos - 1.9.0-0.1.b4 -- update to latest development version 1.9.0b4 -Resolves: rhbz#1816593 -- setrlimit(RLIMIT_CORE): Operation not permitted warning message fix -Resolves: rhbz#1773148 - -* Mon Feb 24 2020 Attila Lakatos - 1.9.0-0.1.b1 -- update to latest development version 1.9.0b1 -- added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages -Resolves: rhbz#1787823 -- Stack based buffer overflow in when pwfeedback is enabled -Resolves: rhbz#1796945 -- fixes: CVE-2019-18634 -- By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account -Resolves: rhbz#1786709 -- fixes CVE-2019-19234 -- attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user -Resolves: rhbz#1786705 -- fixes CVE-2019-19232 - -* Fri Jan 31 2020 Fedora Release Engineering - 1.8.29-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Mon Nov 11 2019 Radovan Sroka - 1.8.29-1 -- rebase to 1.8.29 -Resolves: rhbz#1766233 - -* Tue Oct 22 2019 Radovan Sroka - 1.8.28p1-1 -- rebase to 1.8.28p1 -Resolves: rhbz#1762350 - -* Tue Oct 15 2019 Radovan Sroka - 1.8.28-1 -- rebase to 1.8.28 -Resolves: rhbz#1761533 -- set always_set_home by default -Resolves: rhbz#1728687 -- Sync sudoers options from rhel8 to fedora -Resolves: rhbz#1761781 -- CVE-2019-14287 -Resolves: rhbz#1761584 - -* Sat Jul 27 2019 Fedora Release Engineering - 1.8.27-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Sun Mar 31 2019 Marek Tamaskovic 1.8.27-2 -- resolves rhbz#1676925 -- Removed PS1, PS2 from sudoers - -* Mon Mar 11 2019 Radovan Sroka 1.8.27-1 -- rebase sudo to 1.8.27 - -* Sun Feb 03 2019 Fedora Release Engineering - 1.8.25p1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Oct 01 2018 Radovan Sroka 1.8.25p1-1 -- rebase sudo to 1.8.25p1 - -* Mon Sep 10 2018 Radovan Sroka 1.8.25-1 -- rebase sudo to latest stawble version -- install /etc/dnf/protected.d/sudo instead of /etc/yum/protected.d/sudo (1626968) - -* Sat Jul 14 2018 Fedora Release Engineering - 1.8.23-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jul 03 2018 Matthew Miller - 1.8.23-2 -- remove defattr, as default is now sane - -* Wed May 09 2018 Daniel Kopecek - 1.8.23-1 -- update to 1.8.23 - -* Wed Apr 18 2018 Daniel Kopecek - 1.8.23-0.1.b3 -- update to 1.8.23b3 - -* Fri Feb 09 2018 Fedora Release Engineering - 1.8.22-0.2.b1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Dec 14 2017 Radovan Sroka - 1.8.22b1-1 -- update to 1.8.22b1 -- Added /usr/local/sbin and /usr/local/bin to secure path rhbz#1166185 - -* Thu Sep 21 2017 Marek Tamaskovic - 1.8.21p2-1 -- update to 1.8.21p2 -- Moved libsudo_util.so from the -devel sub-package to main package (1481225) - -* Wed Sep 06 2017 Matthew Miller - 1.8.20p2-4 -- replace file-based requirements with package-level ones: -- /etc/pam.d/system-auth to 'pam' -- /bin/chmod to 'coreutils' (bug #1488934) -- /usr/bin/vi to vim-minimal -- ... and make vim-minimal "recommends" instead of "requires", because - other editors can be configured. - -* Thu Aug 03 2017 Fedora Release Engineering - 1.8.20p2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 1.8.20p2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Thu Jun 01 2017 Daniel Kopecek 1.8.20p2-1 -- update to 1.8.20p2 - -* Wed May 31 2017 Daniel Kopecek 1.8.20p1-1 -- update to 1.8.20p1 -- fixes CVE-2017-1000367 - Resolves: rhbz#1456884 - -* Fri Apr 07 2017 Jiri Vymazal - 1.8.20-0.1.b1 -- update to latest development version 1.8.20b1 -- added sudo to dnf/yum protected packages - Resolves: rhbz#1418756 - -* Mon Feb 13 2017 Tomas Sykora - 1.8.19p2-1 -- update to 1.8.19p2 - -* Sat Feb 11 2017 Fedora Release Engineering - 1.8.19-0.3.20161108git738c3cb -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Nov 08 2016 Daniel Kopecek 1.8.19-0.2.20161108git738c3cb -- update to latest development version -- fixes CVE-2016-7076 - -* Fri Sep 23 2016 Radovan Sroka 1.8.19-0.1.20160923git90e4538 -- we were not able to update from rc and beta versions to stable one -- so this is a new snapshot package which resolves it - -* Wed Sep 21 2016 Radovan Sroka 1.8.18-1 -- update to 1.8.18 - -* Fri Sep 16 2016 Radovan Sroka 1.8.18rc4-1 -- update to 1.8.18rc4 - -* Wed Sep 14 2016 Radovan Sroka 1.8.18rc2-1 -- update to 1.8.18rc2 -- dropped sudo-1.8.14p1-ldapconfpatch.patch - upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html - -* Fri Aug 26 2016 Radovan Sroka 1.8.18b2-1 -- update to 1.8.18b2 -- added --disable-root-mailer as configure option - Resolves: rhbz#1324091 - -* Fri Jun 24 2016 Daniel Kopecek 1.8.17p1-1 -- update to 1.8.17p1 -- install the /var/db/sudo/lectured - Resolves: rhbz#1321414 - -* Tue May 31 2016 Daniel Kopecek 1.8.16-4 -- removed INPUTRC from env_keep to prevent a possible info leak - Resolves: rhbz#1340701 - -* Fri May 13 2016 Daniel Kopecek 1.8.16-3 -- fixed upstream patch for rhbz#1328735 - -* Thu May 12 2016 Daniel Kopecek 1.8.16-2 -- fixed invalid sesh argument array construction - -* Mon Apr 04 2016 Daniel Kopecek 1.8.16-1 -- update to 1.8.16 - -* Fri Feb 05 2016 Fedora Release Engineering - 1.8.15-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Thu Nov 5 2015 Daniel Kopecek 1.8.15-1 -- update to 1.8.15 -- fixes CVE-2015-5602 - -* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-3 -- enable upstream test suite - -* Mon Aug 24 2015 Radovan Sroka 1.8.14p3-2 -- add patch that resolves initialization problem before sudo_strsplit call -- add patch that resolves deadcode in visudo.c -- add patch that removes extra while in visudo.c and sudoers.c - -* Mon Jul 27 2015 Radovan Sroka 1.8.14p3-1 -- update to 1.8.14p3 - -* Mon Jul 20 2015 Radovan Sroka 1.8.14p1-1 -- update to 1.8.14p1-1 -- rebase sudo-1.8.14b3-ldapconfpatch.patch -> sudo-1.8.14p1-ldapconfpatch.patch -- rebase sudo-1.8.14b4-docpassexpire.patch -> sudo-1.8.14p1-docpassexpire.patch - -* Tue Jul 14 2015 Radovan Sroka 1.8.12-2 -- add patch3 sudo.1.8.14b4-passexpire.patch that makes change in documentation about timestamp_time -- Resolves: rhbz#1162070 - -* Fri Jul 10 2015 Radovan Sroka - 1.8.14b4-1 -- Update to 1.8.14b4 -- Add own %%{_tmpfilesdir}/sudo.conf - -* Fri Jun 19 2015 Fedora Release Engineering - 1.8.12-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Wed Feb 18 2015 Daniel Kopecek - 1.8.12 -- update to 1.8.12 -- fixes CVE-2014-9680 - -* Mon Nov 3 2014 Daniel Kopecek - 1.8.11p2-1 -- update to 1.8.11p2 -- added patch to fix upstream bug #671 -- exiting immediately - when audit is disabled - -* Tue Sep 30 2014 Daniel Kopecek - 1.8.11-1 -- update to 1.8.11 -- major changes & fixes: - - when running a command in the background, sudo will now forward - SIGINFO to the command - - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - - SELinux role changes are now audited. For sudoedit, we now audit - the actual editor being run, instead of just the sudoedit command. - - it is now possible to match an environment variable's value as well as - its name using env_keep and env_check - - new files created via sudoedit as a non-root user now have the proper group id - - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support - - it is now possible to disable network interface probing in sudo.conf by - changing the value of the probe_interfaces setting - - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt - for the user's password even if the targetpw, rootpw or runaspw options are set. - - the new use_netgroups sudoers option can be used to explicitly enable or disable - netgroups support - - visudo can now export a sudoers file in JSON format using the new -x flag -- added patch to read ldap.conf more closely to nss_ldap -- require /usr/bin/vi instead of vim-minimal -- include pam.d/system-auth in PAM session phase from pam.d/sudo -- include pam.d/sudo in PAM session phase from pam.d/sudo-i - -* Tue Aug 5 2014 Tom Callaway - 1.8.8-6 -- fix license handling - -* Sun Jun 08 2014 Fedora Release Engineering - 1.8.8-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Sat May 31 2014 Peter Robinson 1.8.8-4 -- Drop ChangeLog, we ship NEWS - -* Mon Mar 10 2014 Daniel Kopecek - 1.8.8-3 -- remove bundled copy of zlib before compilation -- drop the requiretty Defaults setting from sudoers - -* Sat Jan 25 2014 Ville Skyttä - 1.8.8-2 -- Own the %%{_libexecdir}/sudo dir. - -* Mon Sep 30 2013 Daniel Kopecek - 1.8.8-1 -- update to 1.8.8 -- major changes & fixes: - - LDAP SASL support now works properly with Kerberos - - root may no longer change its SELinux role without entering a password - - user messages are now always displayed in the user's locale, even when - the same message is being logged or mailed in a different locale. - - log files created by sudo now explicitly have the group set to group - ID 0 rather than relying on BSD group semantics - - sudo now stores its libexec files in a sudo subdirectory instead of in - libexec itself - - system_group and group_file sudoers group provider plugins are now - installed by default - - the paths to ldap.conf and ldap.secret may now be specified as arguments - to the sudoers plugin in the sudo.conf file - - ...and many new features and settings. See the upstream ChangeLog for the - full list. -- several sssd support fixes -- added patch to make uid/gid specification parsing more strict (don't accept - an invalid number as uid/gid) -- use the _pkgdocdir macro - (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs) -- fixed several bugs found by the clang static analyzer -- added %%post dependency on chmod - -* Sun Aug 04 2013 Fedora Release Engineering - 1.8.6p7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Thu Feb 28 2013 Daniel Kopecek - 1.8.6p7-1 -- update to 1.8.6p7 -- fixes CVE-2013-1775 and CVE-2013-1776 -- fixed several packaging issues (thanks to ville.skytta@iki.fi) - - build with system zlib. - - let rpmbuild strip libexecdir/*.so. - - own the %%{_docdir}/sudo-* dir. - - fix some rpmlint warnings (spaces vs tabs, unescaped macros). - - fix bogus %%changelog dates. - -* Fri Feb 15 2013 Fedora Release Engineering - 1.8.6p3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Mon Nov 12 2012 Daniel Kopecek - 1.8.6p3-2 -- added upstream patch for a regression -- don't include arch specific files in the -devel subpackage -- ship only one sample plugin in the -devel subpackage - -* Tue Sep 25 2012 Daniel Kopecek - 1.8.6p3-1 -- update to 1.8.6p3 -- drop -pipelist patch (fixed in upstream) - -* Thu Sep 6 2012 Daniel Kopecek - 1.8.6-1 -- update to 1.8.6 - -* Thu Jul 26 2012 Daniel Kopecek - 1.8.5-4 -- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) -- re-enabled SSSD support -- removed libsss_sudo dependency - -* Tue Jul 24 2012 Bill Nottingham - 1.8.5-3 -- flip sudoers2ldif executable bit after make install, not in setup - -* Sat Jul 21 2012 Fedora Release Engineering - 1.8.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu May 17 2012 Daniel Kopecek - 1.8.5-1 -- update to 1.8.5 -- fixed CVE-2012-2337 -- temporarily disabled SSSD support - -* Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 -- fixed problems with undefined symbols (rhbz#798517) - -* Wed Feb 22 2012 Daniel Kopecek - 1.8.3p1-5 -- SSSD patch update - -* Tue Feb 7 2012 Daniel Kopecek - 1.8.3p1-4 -- added SSSD support - -* Thu Jan 26 2012 Daniel Kopecek - 1.8.3p1-3 -- added patch for CVE-2012-0809 - -* Sat Jan 14 2012 Fedora Release Engineering - 1.8.3p1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 -- update to 1.8.3p1 -- disable output word wrapping if the output is piped - -* Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 -- Remove execute bit from sample script in docs so we don't pull in perl - -* Tue Jul 12 2011 Daniel Kopecek - 1.8.1p2-1 -- rebase to 1.8.1p2 -- removed .sudoi patch -- fixed typo: RELPRO -> RELRO -- added -devel subpackage for the sudo_plugin.h header file -- use default ldap configuration files again - -* Fri Jun 3 2011 Daniel Kopecek - 1.7.4p5-4 -- build with RELRO - -* Wed Feb 09 2011 Fedora Release Engineering - 1.7.4p5-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Mon Jan 17 2011 Daniel Kopecek - 1.7.4p5-2 -- rebase to 1.7.4p5 -- fixed sudo-1.7.4p4-getgrouplist.patch -- fixes CVE-2011-0008, CVE-2011-0010 - -* Tue Nov 30 2010 Daniel Kopecek - 1.7.4p4-5 -- anybody in the wheel group has now root access (using password) (rhbz#656873) -- sync configuration paths with the nss_ldap package (rhbz#652687) - -* Wed Sep 29 2010 Daniel Kopecek - 1.7.4p4-4 -- added upstream patch to fix rhbz#638345 - -* Mon Sep 20 2010 Daniel Kopecek - 1.7.4p4-3 -- added patch for #635250 -- /var/run/sudo -> /var/db/sudo in .spec - -* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-2 -- sudo now uses /var/db/sudo for timestamps - -* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-1 -- update to new upstream version -- new command available: sudoreplay -- use native audit support -- corrected license field value: BSD -> ISC - -* Wed Jun 2 2010 Daniel Kopecek - 1.7.2p6-2 -- added patch that fixes insufficient environment sanitization issue (#598154) - -* Wed Apr 14 2010 Daniel Kopecek - 1.7.2p6-1 -- update to new upstream version -- merged .audit and .libaudit patch -- added sudoers.ldap.5* to files - -* Mon Mar 1 2010 Daniel Kopecek - 1.7.2p5-2 -- update to new upstream version - -* Tue Feb 16 2010 Daniel Kopecek - 1.7.2p2-5 -- fixed no valid sudoers sources found (#558875) - -* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-4 -- audit related Makefile.in and configure.in corrections -- added --with-audit configure option -- removed call to libtoolize - -* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-3 -- fixed segfault when #include directive is used in cycles (#561336) - -* Fri Jan 8 2010 Ville Skyttä - 1.7.2p2-2 -- Add /etc/sudoers.d dir and use it in default config (#551470). -- Drop *.pod man page duplicates from docs. - -* Thu Jan 07 2010 Daniel Kopecek - 1.7.2p2-1 -- new upstream version 1.7.2p2-1 -- commented out unused aliases in sudoers to make visudo happy (#550239) - -* Fri Aug 21 2009 Tomas Mraz - 1.7.1-7 -- rebuilt with new audit - -* Thu Aug 20 2009 Daniel Kopecek 1.7.1-6 -- moved secure_path from compile-time option to sudoers file (#517428) - -* Sun Jul 26 2009 Fedora Release Engineering - 1.7.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Thu Jul 09 2009 Daniel Kopecek 1.7.1-4 -- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch) -- epoch number sync - -* Mon Jun 22 2009 Daniel Kopecek 1.7.1-1 -- updated sudo to version 1.7.1 -- fixed small bug in configure.in (sudo-1.7.1-conffix.patch) - -* Tue Feb 24 2009 Daniel Kopecek 1.6.9p17-6 -- fixed building with new libtool -- fix for incorrect handling of groups in Runas_User -- added /usr/local/sbin to secure-path - -* Tue Jan 13 2009 Daniel Kopecek 1.6.9p17-3 -- build with sendmail installed -- Added /usr/local/bin to secure-path - -* Tue Sep 02 2008 Peter Vrabec 1.6.9p17-2 -- adjust audit patch, do not scream when kernel is - compiled without audit netlink support (#401201) - -* Fri Jul 04 2008 Peter Vrabec 1.6.9p17-1 -- upgrade - -* Wed Jun 18 2008 Peter Vrabec 1.6.9p13-7 -- build with newer autoconf-2.62 (#449614) - -* Tue May 13 2008 Peter Vrabec 1.6.9p13-6 -- compiled with secure path (#80215) - -* Mon May 05 2008 Peter Vrabec 1.6.9p13-5 -- fix path to updatedb in /etc/sudoers (#445103) - -* Mon Mar 31 2008 Peter Vrabec 1.6.9p13-4 -- include ldap files in rpm package (#439506) - -* Thu Mar 13 2008 Peter Vrabec 1.6.9p13-3 -- include [sudo] in password prompt (#437092) - -* Tue Mar 04 2008 Peter Vrabec 1.6.9p13-2 -- audit support improvement - -* Thu Feb 21 2008 Peter Vrabec 1.6.9p13-1 -- upgrade to the latest upstream release - -* Wed Feb 06 2008 Peter Vrabec 1.6.9p12-1 -- upgrade to the latest upstream release -- add selinux support - -* Mon Feb 04 2008 Dennis Gilmore 1.6.9p4-6 -- sparc64 needs to be in the -fPIE list with s390 - -* Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 -- fix complains about audit_log_user_command(): Connection - refused (#401201) - -* Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 -- Rebuild for deps - -* Wed Dec 05 2007 Release Engineering - 1.6.9p4-3 -- Rebuild for openssl bump - -* Thu Aug 30 2007 Peter Vrabec 1.6.9p4-2 -- fix autotools stuff and add audit support - -* Mon Aug 20 2007 Peter Vrabec 1.6.9p4-1 -- upgrade to upstream release - -* Thu Apr 12 2007 Peter Vrabec 1.6.8p12-14 -- also use getgrouplist() to determine group membership (#235915) - -* Mon Feb 26 2007 Peter Vrabec 1.6.8p12-13 -- fix some spec file issues - -* Thu Dec 14 2006 Peter Vrabec 1.6.8p12-12 -- fix rpmlint issue - -* Thu Oct 26 2006 Peter Vrabec 1.6.8p12-11 -- fix typo in sudoers file (#212308) - -* Sun Oct 01 2006 Jesse Keating - 1.6.8p12-10 -- rebuilt for unwind info generation, broken in gcc-4.1.1-21 - -* Thu Sep 21 2006 Peter Vrabec 1.6.8p12-9 -- fix sudoers file, X apps didn't work (#206320) - -* Tue Aug 08 2006 Peter Vrabec 1.6.8p12-8 -- use Red Hat specific default sudoers file - -* Sun Jul 16 2006 Karel Zak 1.6.8p12-7 -- fix #198755 - make login processes (sudo -i) initialise session keyring - (thanks for PAM config files to David Howells) -- add IPv6 support (patch by Milan Zazrivec) - -* Wed Jul 12 2006 Jesse Keating - 1.6.8p12-6.1 -- rebuild - -* Mon May 29 2006 Karel Zak 1.6.8p12-6 -- fix #190062 - "ssh localhost sudo su" will show the password in clear - -* Tue May 23 2006 Karel Zak 1.6.8p12-5 -- add LDAP support (#170848) - -* Fri Feb 10 2006 Jesse Keating - 1.6.8p12-4.1 -- bump again for double-long bug on ppc(64) - -* Wed Feb 8 2006 Karel Zak 1.6.8p12-4 -- reset env. by default - -* Tue Feb 07 2006 Jesse Keating - 1.6.8p12-3.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Mon Jan 23 2006 Dan Walsh 1.6.8p12-3 -- Remove selinux patch. It has been decided that the SELinux patch for sudo is -- no longer necessary. In tageted policy it had no effect. In strict/MLS policy -- We require the person using sudo to execute newrole before using sudo. - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Fri Nov 25 2005 Karel Zak 1.6.8p12-1 -- new upstream version 1.6.8p12 - -* Tue Nov 8 2005 Karel Zak 1.6.8p11-1 -- new upstream version 1.6.8p11 - -* Thu Oct 13 2005 Tomas Mraz 1.6.8p9-6 -- use include instead of pam_stack in pam config - -* Tue Oct 11 2005 Karel Zak 1.6.8p9-5 -- enable interfaces in selinux patch -- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch - -* Mon Sep 19 2005 Karel Zak 1.6.8p9-4 -- fix debuginfo - -* Mon Sep 19 2005 Karel Zak 1.6.8p9-3 -- fix #162623 - sesh hangs when child suspends - -* Mon Aug 1 2005 Dan Walsh 1.6.8p9-2 -- Add back in interfaces call, SELinux has been fixed to work around - -* Tue Jun 21 2005 Karel Zak 1.6.8p9-1 -- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution) - -* Tue May 24 2005 Karel Zak 1.6.8p8-2 -- fix #154511 - sudo does not use limits.conf - -* Mon Apr 4 2005 Thomas Woerner 1.6.8p8-1 -- new version 1.6.8p8: new sudoedit and sudo_noexec - -* Wed Feb 9 2005 Thomas Woerner 1.6.7p5-31 -- rebuild - -* Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 -- added missing BuildRequires for libselinux-devel (#132883) - -* Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 -- Fix missing param error in sesh - -* Mon Sep 27 2004 Dan Walsh 1.6.7p5-29 -- Remove full patch check from sesh - -* Thu Jul 8 2004 Dan Walsh 1.6.7p5-28 -- Fix selinux patch to switch to root user - -* Tue Jun 15 2004 Elliot Lee -- rebuilt - -* Tue Apr 13 2004 Dan Walsh 1.6.7p5-26 -- Eliminate tty handling from selinux - -* Thu Apr 1 2004 Thomas Woerner 1.6.7p5-25 -- fixed spec file: sesh in file section with selinux flag (#119682) - -* Tue Mar 30 2004 Colin Walters 1.6.7p5-24 -- Enhance sesh.c to fork/exec children itself, to avoid - having sudo reap all domains. -- Only reinstall default signal handlers immediately before - exec of child with SELinux patch - -* Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 -- change to default to sysadm_r -- Fix tty handling - -* Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 -- Add /bin/sesh to run selinux code. -- replace /bin/bash -c with /bin/sesh - -* Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 -- Hard code to use "/bin/bash -c" for selinux - -* Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 -- Eliminate closing and reopening of terminals, to match su. - -* Mon Mar 15 2004 Dan Walsh 1.6.7p5-19 -- SELinux fixes to make transitions work properly - -* Fri Mar 5 2004 Thomas Woerner 1.6.7p5-18 -- pied sudo - -* Fri Feb 13 2004 Elliot Lee -- rebuilt - -* Tue Jan 27 2004 Dan Walsh 1.6.7p5-16 -- Eliminate interfaces call, since this requires big SELinux privs -- and it seems to be useless. - -* Tue Jan 27 2004 Karsten Hopp 1.6.7p5-15 -- visudo requires vim-minimal or setting EDITOR to something useful (#68605) - -* Mon Jan 26 2004 Dan Walsh 1.6.7p5-14 -- Fix is_selinux_enabled call - -* Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 -- Clean up patch on failure - -* Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 -- Remove sudo.te for now. - -* Fri Jan 2 2004 Dan Walsh 1.6.7p5-11 -- Fix usage message - -* Mon Dec 22 2003 Dan Walsh 1.6.7p5-10 -- Clean up sudo.te to not blow up if pam.te not present - -* Thu Dec 18 2003 Thomas Woerner -- added missing BuildRequires for groff - -* Tue Dec 16 2003 Jeremy Katz 1.6.7p5-9 -- remove left-over debugging code - -* Tue Dec 16 2003 Dan Walsh 1.6.7p5-8 -- Fix terminal handling that caused Sudo to exit on non selinux machines. - -* Mon Dec 15 2003 Dan Walsh 1.6.7p5-7 -- Remove sudo_var_run_t which is now pam_var_run_t - -* Fri Dec 12 2003 Dan Walsh 1.6.7p5-6 -- Fix terminal handling and policy - -* Thu Dec 11 2003 Dan Walsh 1.6.7p5-5 -- Fix policy - -* Thu Nov 13 2003 Dan Walsh 1.6.7p5-4.sel -- Turn on SELinux support - -* Tue Jul 29 2003 Dan Walsh 1.6.7p5-3 -- Add support for SELinux - -* Wed Jun 04 2003 Elliot Lee -- rebuilt - -* Mon May 19 2003 Thomas Woerner 1.6.7p5-1 - -* Wed Jan 22 2003 Tim Powers -- rebuilt - -* Tue Nov 12 2002 Nalin Dahyabhai 1.6.6-2 -- remove absolute path names from the PAM configuration, ensuring that the - right modules get used for whichever arch we're built for -- don't try to install the FAQ, which isn't there any more - -* Thu Jun 27 2002 Bill Nottingham 1.6.6-1 -- update to 1.6.6 - -* Fri Jun 21 2002 Tim Powers -- automated rebuild - -* Thu May 23 2002 Tim Powers -- automated rebuild - -* Thu Apr 18 2002 Bernhard Rosenkraenzer 1.6.5p2-2 -- Fix bug #63768 - -* Thu Mar 14 2002 Bernhard Rosenkraenzer 1.6.5p2-1 -- 1.6.5p2 - -* Fri Jan 18 2002 Bernhard Rosenkraenzer 1.6.5p1-1 -- 1.6.5p1 -- Hope this "a new release per day" madness stops ;) - -* Thu Jan 17 2002 Bernhard Rosenkraenzer 1.6.5-1 -- 1.6.5 - -* Tue Jan 15 2002 Bernhard Rosenkraenzer 1.6.4p1-1 -- 1.6.4p1 - -* Mon Jan 14 2002 Bernhard Rosenkraenzer 1.6.4-1 -- Update to 1.6.4 - -* Mon Jul 23 2001 Bernhard Rosenkraenzer 1.6.3p7-2 -- Add build requirements (#49706) -- s/Copyright/License/ -- bzip2 source - -* Sat Jun 16 2001 Than Ngo -- update to 1.6.3p7 -- use %%{_tmppath} - -* Fri Feb 23 2001 Bernhard Rosenkraenzer -- 1.6.3p6, fixes buffer overrun - -* Tue Oct 10 2000 Bernhard Rosenkraenzer -- 1.6.3p5 - -* Wed Jul 12 2000 Prospector -- automatic rebuild - -* Tue Jun 06 2000 Karsten Hopp -- fixed owner of sudo and visudo - -* Thu Jun 1 2000 Nalin Dahyabhai -- modify PAM setup to use system-auth -- clean up buildrooting by using the makeinstall macro - -* Tue Apr 11 2000 Bernhard Rosenkraenzer -- initial build in main distrib -- update to 1.6.3 -- deal with compressed man pages - -* Tue Dec 14 1999 Preston Brown -- updated to 1.6.1 for Powertools 6.2 -- config files are now noreplace. - -* Thu Jul 22 1999 Tim Powers -- updated to 1.5.9p2 for Powertools 6.1 - -* Wed May 12 1999 Bill Nottingham -- sudo is configured with pam. There's no pam.d file. Oops. - -* Mon Apr 26 1999 Preston Brown -- upgraded to 1.59p1 for powertools 6.0 - -* Tue Oct 27 1998 Preston Brown -- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) - -* Thu Oct 08 1998 Michael Maher -- built package for 5.2 - -* Mon May 18 1998 Michael Maher -- updated SPEC file - -* Thu Jan 29 1998 Otto Hammersmith -- updated to 1.5.4 - -* Tue Nov 18 1997 Otto Hammersmith -- built for glibc, no problems - -* Fri Apr 25 1997 Michael Fulbright -- Fixed for 4.2 PowerTools -- Still need to be pamified -- Still need to move stmp file to /var/log - -* Mon Feb 17 1997 Michael Fulbright -- First version for PowerCD. +%autochangelog From 9c56ac9403da53f8578cfaa1422f2e14063b2dd2 Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:15:57 +0200 Subject: [PATCH 53/84] Rebuilt with OpenSSL 3.0.0 From bf29ad1a05ee6269f683e63afeb7291fd9f84f0a Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Sun, 3 Oct 2021 15:51:02 -0400 Subject: [PATCH 54/84] Update to 1.9.8p2, and include new sudo_intercept.so --- .gitignore | 1 + sources | 2 +- sudo.spec | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index eb540df..95a08a0 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ /sudo-1.9.3p1.tar.gz /sudo-1.9.5p1.tar.gz /sudo-1.9.5p2.tar.gz +/sudo-1.9.8p2.tar.gz diff --git a/sources b/sources index 3bae7ed..0004df8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.7p2.tar.gz) = 39184127122014d0d1d194d455644191009835ffdcc0efda3a99028fe346ca3ff6b15341016f85029556e9f1f9deeaf83b52160effc47d1a5713affb36b99386 +SHA512 (sudo-1.9.8p2.tar.gz) = 899b252e8c219226f658dff3dd34c97b07d42004998b45175b4c0c4de42a6bf9f909598e99b4056fa1171e63378e203854b0f8608b0f5c1b00e9d3677818f6d3 diff --git a/sudo.spec b/sudo.spec index 762cc13..6028dd8 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.7p2 +Version: 1.9.8p2 Release: %autorelease License: ISC URL: https://www.sudo.ws @@ -192,6 +192,7 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so %attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so +%attr(0644,root,root) %{_libexecdir}/sudo/sudo_intercept.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? %{_libexecdir}/sudo/libsudo_util.so From b9a4f24d9542bfb531b285113b77a6bf31525db7 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Sun, 3 Oct 2021 16:18:20 -0400 Subject: [PATCH 55/84] rhbz#1328973 -- make nano the default with fallback to vim and vi in that order and make nano the "Recommends" instead of vim-minimal. --- sudo.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sudo.spec b/sudo.spec index 6028dd8..bb95586 100644 --- a/sudo.spec +++ b/sudo.spec @@ -7,7 +7,7 @@ URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}.tar.gz Source1: sudoers Requires: pam -Recommends: vim-minimal +Recommends: nano Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} BuildRequires: make @@ -93,7 +93,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --with-logfac=authpriv \ --with-pam \ --with-pam-login \ - --with-editor=/bin/vi \ + --with-editor=%{_bindir}/nano:%{_bindir}/vim:%{_bindir}/vi \ --with-env-editor \ --with-ignore-dot \ --with-tty-tickets \ From 206108fe35cd653fae69a004bb8e16bfea25b29c Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 6 Oct 2021 17:15:52 +0200 Subject: [PATCH 56/84] Set up update workflow with %autorelease macro - removed stri patch that was not relevant - intercept feature is not compatible with selinux rbac support so we do not build it anymore Signed-off-by: Radovan Sroka --- sudo.spec | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/sudo.spec b/sudo.spec index bb95586..fbadf99 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,10 +1,18 @@ + +# comment out if no extra version +%global extraver p2 + Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.8p2 -Release: %autorelease +Version: 1.9.8 +# remove -b 3 after rebase !!! +# use "-p -e % {?extraver}" when beta +# use "-e % {?extraver}"" when patch version +# use nothing special when normal version +Release: %autorelease -b 3 License: ISC URL: https://www.sudo.ws -Source0: %{url}/dist/%{name}-%{version}.tar.gz +Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz Source1: sudoers Requires: pam Recommends: nano @@ -23,9 +31,6 @@ BuildRequires: sendmail BuildRequires: gettext BuildRequires: zlib-devel -# don't strip -Patch1: sudo-1.6.7p5-strip.patch - %description Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands @@ -66,9 +71,7 @@ BuildRequires: python3-devel %{name}-python-plugin allows using sudo plugins written in Python. %prep -%setup -q - -%patch1 -p1 -b .strip +%setup -q -n %{name}-%{version}%{?extraver} %build # Remove bundled copy of zlib @@ -89,6 +92,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --docdir=%{_pkgdocdir} \ --enable-openssl \ --disable-root-mailer \ + --disable-intercept \ --with-logging=syslog \ --with-logfac=authpriv \ --with-pam \ @@ -192,7 +196,6 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so %attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so -%attr(0644,root,root) %{_libexecdir}/sudo/sudo_intercept.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? %{_libexecdir}/sudo/libsudo_util.so From c3febb3692e207c7ab11d3be865d4714baf3fa66 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 6 Oct 2021 19:17:44 +0200 Subject: [PATCH 57/84] Rebuild. previously built with wrong version Signed-off-by: Radovan Sroka --- sudo.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index fbadf99..ba67a9b 100644 --- a/sudo.spec +++ b/sudo.spec @@ -9,7 +9,7 @@ Version: 1.9.8 # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version # use nothing special when normal version -Release: %autorelease -b 3 +Release: %autorelease -e %{?extraver} -b 3 License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz From 23fd9b0822dcfce0a854779b1f43beaa434a5991 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jan 2022 01:48:40 +0000 Subject: [PATCH 58/84] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 4a2b9f551b84a3192c65d99bc43e912166466ed4 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Mon, 6 Jun 2022 12:54:31 -0400 Subject: [PATCH 59/84] recommend system-default-editor instead of nano specifically --- sudo.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index ba67a9b..1f35743 100644 --- a/sudo.spec +++ b/sudo.spec @@ -15,7 +15,7 @@ URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz Source1: sudoers Requires: pam -Recommends: nano +Recommends: system-default-editor Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} BuildRequires: make From 7a172559a329f8ea21cd73e2547d3729abd3b4cb Mon Sep 17 00:00:00 2001 From: Python Maint Date: Mon, 13 Jun 2022 15:38:33 +0200 Subject: [PATCH 60/84] Rebuilt for Python 3.11 From d9475dd3d99b30ca954ca330510e09a701ebb887 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 22 Jun 2022 15:57:57 +0200 Subject: [PATCH 61/84] Update to 1.9.11p3 Resolves: rhbz#2047541 Resolves: rhbz#2062150 Signed-off-by: Radovan Sroka --- .gitignore | 1 + sources | 2 +- sudo.spec | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 95a08a0..fe1779d 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ /sudo-1.9.5p1.tar.gz /sudo-1.9.5p2.tar.gz /sudo-1.9.8p2.tar.gz +/sudo-1.9.11p3.tar.gz diff --git a/sources b/sources index 0004df8..88162bb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.8p2.tar.gz) = 899b252e8c219226f658dff3dd34c97b07d42004998b45175b4c0c4de42a6bf9f909598e99b4056fa1171e63378e203854b0f8608b0f5c1b00e9d3677818f6d3 +SHA512 (sudo-1.9.11p3.tar.gz) = ad5c3d623547d1e3016e1a721676fee6d6b7348e77b2c234041e0af40c7220e8934c8c27beef0d12fa6df11708d37de711dacfefc135d26de46abca7f91c55d1 diff --git a/sudo.spec b/sudo.spec index 1f35743..703e52c 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,10 +1,10 @@ # comment out if no extra version -%global extraver p2 +%global extraver p3 Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.8 +Version: 1.9.11 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version @@ -211,13 +211,13 @@ EOF %dir %{_pkgdocdir}/ %{_pkgdocdir}/* %{!?_licensedir:%global license %%doc} -%license doc/LICENSE +%license LICENSE.md %exclude %{_pkgdocdir}/ChangeLog %files devel %doc plugins/sample/sample_plugin.c %{_includedir}/sudo_plugin.h -%{_mandir}/man8/sudo_plugin.8* +%{_mandir}/man5/sudo_plugin.5* %files logsrvd %attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf @@ -229,7 +229,7 @@ EOF %{_mandir}/man8/sudo_sendlog.8.gz %files python-plugin -%{_mandir}/man8/sudo_plugin_python.8.gz +%{_mandir}/man5/sudo_plugin_python.5.gz %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog From e56d19d93d738b690fef4cb9a0ee5a40d8de6733 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 09:34:59 +0000 Subject: [PATCH 62/84] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 61dacac7f9af6e92bb128db8df856009cbd4c5be Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Thu, 19 Jan 2023 14:19:32 +0100 Subject: [PATCH 63/84] Rebase to sudo 1.9.12p2 - sudo-1.9.12p2 is available Resolves: rhbz#2137775 - sudo: arbitrary file write with privileges of the RunAs user Resolves: CVE-2023-22809 Signed-off-by: Radovan Sroka --- .gitignore | 1 + sources | 2 +- sudo.spec | 14 ++++++-------- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index fe1779d..3d050b5 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ /sudo-1.9.5p2.tar.gz /sudo-1.9.8p2.tar.gz /sudo-1.9.11p3.tar.gz +/sudo-1.9.12p2.tar.gz diff --git a/sources b/sources index 88162bb..f68ca42 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.11p3.tar.gz) = ad5c3d623547d1e3016e1a721676fee6d6b7348e77b2c234041e0af40c7220e8934c8c27beef0d12fa6df11708d37de711dacfefc135d26de46abca7f91c55d1 +SHA512 (sudo-1.9.12p2.tar.gz) = 5e035246137d5820691f7ddfc13faec3886e3cf1563ed56633667d86ab4f1306f34cc0e27808f56790b6c6a4614826e54c5b7e47b31eb009b96dde3e52170c45 diff --git a/sudo.spec b/sudo.spec index 703e52c..f0f1e53 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,15 +1,14 @@ - # comment out if no extra version -%global extraver p3 +%global extraver p2 Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.11 +Version: 1.9.12 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version # use nothing special when normal version -Release: %autorelease -e %{?extraver} -b 3 +Release: %autorelease -e %{?extraver} License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz @@ -90,7 +89,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --sbindir=%{_sbindir} \ --libdir=%{_libdir} \ --docdir=%{_pkgdocdir} \ - --enable-openssl \ + --enable-openssl \ --disable-root-mailer \ --disable-intercept \ --with-logging=syslog \ @@ -104,8 +103,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --with-ldap \ --with-selinux \ --with-passprompt="[sudo] password for %p: " \ - --enable-python \ - --enable-zlib=system \ + --enable-python \ + --enable-zlib=system \ --with-linux-audit \ --with-sssd # --without-kerb5 \ @@ -194,7 +193,6 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so %attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so %attr(0644,root,root) %{_libexecdir}/sudo/group_file.so -%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.? %{_libexecdir}/sudo/libsudo_util.so.? From 8d3c03b4da2e952682b05abc69fe7f7ba121a000 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 1 Mar 2023 17:42:19 +0100 Subject: [PATCH 64/84] Rebase to sudo 1.9.13p2 - sudo-1.9.13p2 is available Resolves: rhbz#2169840 - sudo: double free with per-command chroot sudoers rules Resolves: CVE-2023-27320 Signed-off-by: Radovan Sroka --- .gitignore | 1 + sources | 2 +- sudo.spec | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 3d050b5..224d9ce 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ /sudo-1.9.8p2.tar.gz /sudo-1.9.11p3.tar.gz /sudo-1.9.12p2.tar.gz +/sudo-1.9.13p2.tar.gz diff --git a/sources b/sources index f68ca42..d221fe6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.12p2.tar.gz) = 5e035246137d5820691f7ddfc13faec3886e3cf1563ed56633667d86ab4f1306f34cc0e27808f56790b6c6a4614826e54c5b7e47b31eb009b96dde3e52170c45 +SHA512 (sudo-1.9.13p2.tar.gz) = b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef diff --git a/sudo.spec b/sudo.spec index f0f1e53..7a10271 100644 --- a/sudo.spec +++ b/sudo.spec @@ -3,7 +3,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.12 +Version: 1.9.13 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version From 025901c345374ddb0c882308c8c02fb702b306ed Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 26 Apr 2023 11:41:20 +0200 Subject: [PATCH 65/84] Port configure script to C99 Related to: --- sudo-configure-c99.patch | 65 ++++++++++++++++++++++++++++++++++++++++ sudo.spec | 3 +- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 sudo-configure-c99.patch diff --git a/sudo-configure-c99.patch b/sudo-configure-c99.patch new file mode 100644 index 0000000..69a0cd2 --- /dev/null +++ b/sudo-configure-c99.patch @@ -0,0 +1,65 @@ +Avoid implicit function declarations, so that the configure probe +results do not change with future compilers. + +Submitted upstream for discussion: + + + + +diff --git a/configure b/configure +index d406eb77a22d3c3c..29483788443d2b21 100755 +--- a/configure ++++ b/configure +@@ -31220,10 +31220,13 @@ else case e in #( + /* end confdefs.h. */ + #include + #include ++ ++void *volatile ptr; ++ + int + main (void) + { +-(void)ldap_init(0, 0) ++ptr = (void *) ldap_msgfree + ; + return 0; + } +@@ -33914,7 +33917,7 @@ then : + else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ +- ++#include + + int + main (void) +diff --git a/m4/hardening.m4 b/m4/hardening.m4 +index f7d2a8c2911ed9d6..1ebfd9fdaf461285 100644 +--- a/m4/hardening.m4 ++++ b/m4/hardening.m4 +@@ -10,7 +10,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [ + [sudo_cv_use_fortify_source], + [AC_LINK_IFELSE([ + AC_LANG_PROGRAM( +- [[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]] ++ [[#include ]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]] + )], + [sudo_cv_use_fortify_source=yes], + [sudo_cv_use_fortify_source=no] +diff --git a/m4/ldap.m4 b/m4/ldap.m4 +index 78c21e0bc0a1f65f..a6361df044d84f92 100644 +--- a/m4/ldap.m4 ++++ b/m4/ldap.m4 +@@ -52,7 +52,10 @@ AC_DEFUN([SUDO_CHECK_LDAP], [ + #include ]) + AC_CACHE_CHECK([whether lber.h is needed when including ldap.h], [sudo_cv_header_lber_h], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include +-#include ]], [[(void)ldap_init(0, 0)]])], [ ++#include ++ ++void *volatile ptr; ++]], [[ptr = (void *) ldap_msgfree]])], [ + # No need to explicitly include lber.h when including ldap.h. + sudo_cv_header_lber_h=no + ], [ diff --git a/sudo.spec b/sudo.spec index 7a10271..315ea49 100644 --- a/sudo.spec +++ b/sudo.spec @@ -13,6 +13,7 @@ License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz Source1: sudoers +Patch0: sudo-configure-c99.patch Requires: pam Recommends: system-default-editor Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} @@ -70,7 +71,7 @@ BuildRequires: python3-devel %{name}-python-plugin allows using sudo plugins written in Python. %prep -%setup -q -n %{name}-%{version}%{?extraver} +%autosetup -p1 -n %{name}-%{version}%{?extraver} %build # Remove bundled copy of zlib From 85dfa5defb283f16ce10eeab0e334265cdd65d51 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Tue, 13 Jun 2023 20:59:29 +0200 Subject: [PATCH 66/84] Rebuilt for Python 3.12 From 06544f1ab28b4ec2d854755252fa7b1aa72ca14a Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 20 Jun 2023 14:59:34 +0200 Subject: [PATCH 67/84] - migrated to SPDX license Signed-off-by: Radovan Sroka From 328503ded5ac0f20a51309a87f0f65e09ee3c7ab Mon Sep 17 00:00:00 2001 From: Leigh Scott Date: Thu, 6 Jul 2023 14:20:50 +0100 Subject: [PATCH 68/84] Rebuilt for Python 3.12 From 347c83287d756eddc76727ff8915a92c96c33aa2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 02:42:07 +0000 Subject: [PATCH 69/84] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering From da01b87507f57dc956dcba8e559ca01d2f955458 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 24 Jul 2023 22:07:19 -0400 Subject: [PATCH 70/84] Rebase to 1.9.14p3 - sudo-1_9_14p2 is available Resolves: rhbz#2175672 - sudo fails to build with Python 3.12: FAILED: testcase check_example_group_plugin_is_able_to_debug() Resolves: rhbz#2186412 Signed-off-by: Yaakov Selkowitz --- .gitignore | 1 + sources | 2 +- sudo-configure-c99.patch | 65 ---------------------------------------- sudo.spec | 5 ++-- 4 files changed, 4 insertions(+), 69 deletions(-) delete mode 100644 sudo-configure-c99.patch diff --git a/.gitignore b/.gitignore index 224d9ce..01b9ff5 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ /sudo-1.9.11p3.tar.gz /sudo-1.9.12p2.tar.gz /sudo-1.9.13p2.tar.gz +/sudo-1.9.14p3.tar.gz diff --git a/sources b/sources index d221fe6..fc05228 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.13p2.tar.gz) = b3015a114fd518afd644c9934f2461046f1116506723217603af1a952bdb436689761b4d009dfe32b725bad2e0ebcaf19db72febfaa63895ba004256fea12bef +SHA512 (sudo-1.9.14p3.tar.gz) = d4af836e3316c35d8b81a2c869ca199e8f2d5cb26dbd98b8ad031f29be62b154452afdf5a506ddabad21b80e5988a49f1f7c8f1ec44718ffcbd7e89ccbdef612 diff --git a/sudo-configure-c99.patch b/sudo-configure-c99.patch deleted file mode 100644 index 69a0cd2..0000000 --- a/sudo-configure-c99.patch +++ /dev/null @@ -1,65 +0,0 @@ -Avoid implicit function declarations, so that the configure probe -results do not change with future compilers. - -Submitted upstream for discussion: - - - - -diff --git a/configure b/configure -index d406eb77a22d3c3c..29483788443d2b21 100755 ---- a/configure -+++ b/configure -@@ -31220,10 +31220,13 @@ else case e in #( - /* end confdefs.h. */ - #include - #include -+ -+void *volatile ptr; -+ - int - main (void) - { --(void)ldap_init(0, 0) -+ptr = (void *) ldap_msgfree - ; - return 0; - } -@@ -33914,7 +33917,7 @@ then : - else case e in #( - e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext - /* end confdefs.h. */ -- -+#include - - int - main (void) -diff --git a/m4/hardening.m4 b/m4/hardening.m4 -index f7d2a8c2911ed9d6..1ebfd9fdaf461285 100644 ---- a/m4/hardening.m4 -+++ b/m4/hardening.m4 -@@ -10,7 +10,7 @@ AC_DEFUN([SUDO_CHECK_HARDENING], [ - [sudo_cv_use_fortify_source], - [AC_LINK_IFELSE([ - AC_LANG_PROGRAM( -- [[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]] -+ [[#include ]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]] - )], - [sudo_cv_use_fortify_source=yes], - [sudo_cv_use_fortify_source=no] -diff --git a/m4/ldap.m4 b/m4/ldap.m4 -index 78c21e0bc0a1f65f..a6361df044d84f92 100644 ---- a/m4/ldap.m4 -+++ b/m4/ldap.m4 -@@ -52,7 +52,10 @@ AC_DEFUN([SUDO_CHECK_LDAP], [ - #include ]) - AC_CACHE_CHECK([whether lber.h is needed when including ldap.h], [sudo_cv_header_lber_h], [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include --#include ]], [[(void)ldap_init(0, 0)]])], [ -+#include -+ -+void *volatile ptr; -+]], [[ptr = (void *) ldap_msgfree]])], [ - # No need to explicitly include lber.h when including ldap.h. - sudo_cv_header_lber_h=no - ], [ diff --git a/sudo.spec b/sudo.spec index 315ea49..3237084 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,9 +1,9 @@ # comment out if no extra version -%global extraver p2 +%global extraver p3 Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.13 +Version: 1.9.14 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version @@ -13,7 +13,6 @@ License: ISC URL: https://www.sudo.ws Source0: %{url}/dist/%{name}-%{version}%{?extraver}.tar.gz Source1: sudoers -Patch0: sudo-configure-c99.patch Requires: pam Recommends: system-default-editor Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} From 462f43c97aa9bd80e22243a82d454b8ad949c6fd Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 24 Jan 2024 10:59:51 +0100 Subject: [PATCH 71/84] Rabase to 1.9.15p5 - sudo-1_9_15p5 is available Resolves: rhbz#2248505 - TRIAGE CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: rhbz#2255569 Signed-off-by: Radovan Sroka --- .gitignore | 2 ++ sources | 2 +- sudo-1.6.7p5-strip.patch | 11 ----------- sudo.spec | 4 ++-- 4 files changed, 5 insertions(+), 14 deletions(-) delete mode 100644 sudo-1.6.7p5-strip.patch diff --git a/.gitignore b/.gitignore index 01b9ff5..842ab45 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,5 @@ /sudo-1.9.12p2.tar.gz /sudo-1.9.13p2.tar.gz /sudo-1.9.14p3.tar.gz +/sudo-1.9.15p4.tar.gz +/sudo-1.9.15p5.tar.gz diff --git a/sources b/sources index fc05228..a9b6cfd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.14p3.tar.gz) = d4af836e3316c35d8b81a2c869ca199e8f2d5cb26dbd98b8ad031f29be62b154452afdf5a506ddabad21b80e5988a49f1f7c8f1ec44718ffcbd7e89ccbdef612 +SHA512 (sudo-1.9.15p5.tar.gz) = ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a diff --git a/sudo-1.6.7p5-strip.patch b/sudo-1.6.7p5-strip.patch deleted file mode 100644 index f690659..0000000 --- a/sudo-1.6.7p5-strip.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- sudo-1.6.7p5/scripts/install-sh.strip 2005-07-21 14:28:25.000000000 +0200 -+++ sudo-1.6.7p5/scripts/install-sh 2005-07-21 14:29:18.000000000 +0200 -@@ -138,7 +138,7 @@ - fi - ;; - X-s) -- STRIPIT=true -+ #STRIPIT=true - ;; - X--) - shift diff --git a/sudo.spec b/sudo.spec index 3237084..e755179 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,9 +1,9 @@ # comment out if no extra version -%global extraver p3 +%global extraver p5 Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.14 +Version: 1.9.15 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version From df275faeadacae6c625a5ec30f448b01a698ddea Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Thu, 8 Feb 2024 16:46:56 -0500 Subject: [PATCH 72/84] Avoid sendmail build dependency sudo should be compatible with any MTA, any of which in Fedora provide /usr/sbin/sendmail, and is used at build time only to determine its location. Instead of generalizing the build requirement (e.g. for RHEL 10 which includes only postfix), we can just tell sudo its location during configure, in which case it is not needed at all to build. However, doing so uncovered that systemd's presence was being relied upon without being specified. This too can be avoided by using the macros to define the proper tmpfiles location during configure. --- sudo.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index e755179..e2c4ba9 100644 --- a/sudo.spec +++ b/sudo.spec @@ -26,7 +26,7 @@ BuildRequires: bison BuildRequires: libtool BuildRequires: audit-libs-devel libcap-devel BuildRequires: libselinux-devel -BuildRequires: sendmail +BuildRequires: systemd-rpm-macros BuildRequires: gettext BuildRequires: zlib-devel @@ -89,6 +89,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --sbindir=%{_sbindir} \ --libdir=%{_libdir} \ --docdir=%{_pkgdocdir} \ + --enable-tmpfiles.d=%{_tmpfilesdir} \ --enable-openssl \ --disable-root-mailer \ --disable-intercept \ @@ -102,6 +103,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --with-tty-tickets \ --with-ldap \ --with-selinux \ + --with-sendmail=/usr/sbin/sendmail \ --with-passprompt="[sudo] password for %p: " \ --enable-python \ --enable-zlib=system \ From 545c191f72083b8ef9b7ce26706e8a17ca537d20 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 2 May 2024 23:09:47 -0700 Subject: [PATCH 73/84] Backport upstream fix for tests with Python 3.13+ --- ...traces-use-in-addition-to-when-under.patch | 41 +++++++++++++++++++ sudo.spec | 6 +++ 2 files changed, 47 insertions(+) create mode 100644 0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch diff --git a/0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch b/0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch new file mode 100644 index 0000000..2c9ce75 --- /dev/null +++ b/0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch @@ -0,0 +1,41 @@ +From 89918caf5a349cac4e2a56ba503d7476c6f16067 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Thu, 2 May 2024 20:02:43 -0600 +Subject: [PATCH] Python 3.12 backtraces use '~' in addition to '^' when + underlining. GitHub issue #374 + +--- + plugins/python/regress/testhelpers.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/plugins/python/regress/testhelpers.c b/plugins/python/regress/testhelpers.c +index ee55fb901..0f28d01e9 100644 +--- a/plugins/python/regress/testhelpers.c ++++ b/plugins/python/regress/testhelpers.c +@@ -27,19 +27,19 @@ struct TestData data; + + /* + * Starting with Python 3.11, backtraces may contain a line with +- * '^' characters to bring attention to the important part of the +- * line. ++ * '~' and '^' characters to bring attention to the important part ++ * of the line. + */ + static void + remove_underline(char *output) + { + char *cp, *ep; + +- // Remove lines that only consist of '^' and white space. ++ // Remove lines that only consist of '~', '^' and white space. + cp = output; + ep = output + strlen(output); + for (;;) { +- size_t len = strspn(cp, "^ \t"); ++ size_t len = strspn(cp, "~^ \t"); + if (len > 0 && cp[len] == '\n') { + /* Prune out lines that are "underlining". */ + memmove(cp, cp + len + 1, (size_t)(ep - cp)); +-- +2.44.0 + diff --git a/sudo.spec b/sudo.spec index e2c4ba9..6f483cb 100644 --- a/sudo.spec +++ b/sudo.spec @@ -17,6 +17,12 @@ Requires: pam Recommends: system-default-editor Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} +# https://github.com/sudo-project/sudo/commit/89918caf5a349cac4e2a56ba503d7476c6f16067 +# https://github.com/sudo-project/sudo/issues/374 +# https://bugzilla.redhat.com/show_bug.cgi?id=2245820 +# Fix tests with Python 3.13+ +Patch: 0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch + BuildRequires: make BuildRequires: pam-devel BuildRequires: groff From 47db28a6937258900d879ee298e681ff7708d750 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 7 Jun 2024 09:11:33 +0200 Subject: [PATCH 74/84] Rebuilt for Python 3.13 From f5682491133aea55fb176ca8c381afd8bb1dc411 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 06:36:47 +0000 Subject: [PATCH 75/84] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From ac16a17374c5799d7f570330d5e9c72291bb8466 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 11:50:30 +0000 Subject: [PATCH 76/84] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From e2e397029e0d35046a4cf891e075d24c7540da4f Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 26 Feb 2025 12:59:14 -0500 Subject: [PATCH 77/84] Fix build with GCC 15 GCC 15 defaults to C23, which changes the interpretation of function declarations without parameters to be `void` rather than of an unknown number and type (as in K&R). The sudoers plugin relies on the older behaviour for its hook functions. --- sudo.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudo.spec b/sudo.spec index 6f483cb..4175d8c 100644 --- a/sudo.spec +++ b/sudo.spec @@ -88,7 +88,7 @@ F_PIE=-fPIE F_PIE=-fpie %endif -export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" +export CFLAGS="$RPM_OPT_FLAGS $F_PIE -std=gnu17" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" %configure \ --prefix=%{_prefix} \ From 770b8e2647c61512b8508c61bb3a55318f31d9b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 24 Sep 2024 16:46:11 +0200 Subject: [PATCH 78/84] Move yum/dnf protection removal config file under /usr https://github.com/uapi-group/specifications/issues/76 Actually, add a new file under /usr, but keep the old file in /etc because it's still needed for dnf. The new file in the new location is useful because it means that we get the correct behaviour even when /etc is emptied (on systems with new dnf version). dnf5 reads the new location: https://github.com/rpm-software-management/dnf5/issues/1107 https://github.com/rpm-software-management/dnf5/pull/1110 --- sudo.spec | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/sudo.spec b/sudo.spec index 6f483cb..63fb36f 100644 --- a/sudo.spec +++ b/sudo.spec @@ -131,12 +131,15 @@ install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers -#add sudo to protected packages -install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/ -touch sudo.conf -echo sudo > sudo.conf -install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/ -rm -f sudo.conf +# Add sudo to protected packages. Old location for yum/dnf. +mkdir -p $RPM_BUILD_ROOT/etc/dnf/protected.d/ +echo "sudo" >$RPM_BUILD_ROOT/etc/dnf/protected.d/sudo.conf +# Add sudo to protected packages. New location for dnf5. +mkdir -p $RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/ +cat >$RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf < Date: Mon, 2 Jun 2025 20:53:02 +0200 Subject: [PATCH 79/84] Rebuilt for Python 3.14 From 9641cbaa6b0934d03f4e0398261eef8509f282dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 5 Jul 2025 11:46:27 +0200 Subject: [PATCH 80/84] Rebase to sudo 1.9.17p1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - sudo-1_9_16p2 is available Resolves: rhbz#2309626 - sudo: LPE via host option Resolves: CVE-2025-32462 - Properly apply system buildflags - Use new build macros, drop unneeded %%defattr Signed-off-by: Björn Esser --- .gitignore | 1 + ...traces-use-in-addition-to-when-under.patch | 41 ------------------- sources | 2 +- sudo.spec | 26 +++--------- 4 files changed, 7 insertions(+), 63 deletions(-) delete mode 100644 0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch diff --git a/.gitignore b/.gitignore index 842ab45..e4940ce 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ /sudo-1.9.14p3.tar.gz /sudo-1.9.15p4.tar.gz /sudo-1.9.15p5.tar.gz +/sudo-1.9.17p1.tar.gz diff --git a/0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch b/0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch deleted file mode 100644 index 2c9ce75..0000000 --- a/0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 89918caf5a349cac4e2a56ba503d7476c6f16067 Mon Sep 17 00:00:00 2001 -From: "Todd C. Miller" -Date: Thu, 2 May 2024 20:02:43 -0600 -Subject: [PATCH] Python 3.12 backtraces use '~' in addition to '^' when - underlining. GitHub issue #374 - ---- - plugins/python/regress/testhelpers.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/plugins/python/regress/testhelpers.c b/plugins/python/regress/testhelpers.c -index ee55fb901..0f28d01e9 100644 ---- a/plugins/python/regress/testhelpers.c -+++ b/plugins/python/regress/testhelpers.c -@@ -27,19 +27,19 @@ struct TestData data; - - /* - * Starting with Python 3.11, backtraces may contain a line with -- * '^' characters to bring attention to the important part of the -- * line. -+ * '~' and '^' characters to bring attention to the important part -+ * of the line. - */ - static void - remove_underline(char *output) - { - char *cp, *ep; - -- // Remove lines that only consist of '^' and white space. -+ // Remove lines that only consist of '~', '^' and white space. - cp = output; - ep = output + strlen(output); - for (;;) { -- size_t len = strspn(cp, "^ \t"); -+ size_t len = strspn(cp, "~^ \t"); - if (len > 0 && cp[len] == '\n') { - /* Prune out lines that are "underlining". */ - memmove(cp, cp + len + 1, (size_t)(ep - cp)); --- -2.44.0 - diff --git a/sources b/sources index a9b6cfd..86f8d45 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.15p5.tar.gz) = ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a +SHA512 (sudo-1.9.17p1.tar.gz) = 1a9fb27a117b54adf5c99443b3375f7e0eaaf3a2d5a3d409f7c7b10c43432eb301d721df93fb1a8a2e45bf4a4957288d4f153359fc018af00973be57f62a1ebc diff --git a/sudo.spec b/sudo.spec index 4175d8c..73b3930 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,9 +1,9 @@ # comment out if no extra version -%global extraver p5 +%global extraver p1 Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.15 +Version: 1.9.17 # remove -b 3 after rebase !!! # use "-p -e % {?extraver}" when beta # use "-e % {?extraver}"" when patch version @@ -17,12 +17,6 @@ Requires: pam Recommends: system-default-editor Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release} -# https://github.com/sudo-project/sudo/commit/89918caf5a349cac4e2a56ba503d7476c6f16067 -# https://github.com/sudo-project/sudo/issues/374 -# https://bugzilla.redhat.com/show_bug.cgi?id=2245820 -# Fix tests with Python 3.13+ -Patch: 0001-Python-3.12-backtraces-use-in-addition-to-when-under.patch - BuildRequires: make BuildRequires: pam-devel BuildRequires: groff @@ -82,14 +76,6 @@ BuildRequires: python3-devel # Remove bundled copy of zlib rm -rf zlib/ -%ifarch s390 s390x sparc64 -F_PIE=-fPIE -%else -F_PIE=-fpie -%endif - -export CFLAGS="$RPM_OPT_FLAGS $F_PIE -std=gnu17" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" - %configure \ --prefix=%{_prefix} \ --sbindir=%{_sbindir} \ @@ -117,14 +103,13 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE -std=gnu17" LDFLAGS="-pie -Wl,-z,relro -Wl, --with-sssd # --without-kerb5 \ # --without-kerb4 -make +%make_build %check -make check +%make_build check %install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` +%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo @@ -180,7 +165,6 @@ EOF %files -f sudo_all.lang -%defattr(-,root,root) %attr(0440,root,root) %config(noreplace) /etc/sudoers %attr(0750,root,root) %dir /etc/sudoers.d/ %config(noreplace) /etc/pam.d/sudo From 04179b541723d5914c5ce01021dd7a2a7a68eaf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sat, 5 Jul 2025 12:22:08 +0200 Subject: [PATCH 81/84] Re-apply changes from commit e2e397029e0d35046a4cf891e075d24c7540da4f MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- sudo.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sudo.spec b/sudo.spec index 73b3930..9e72bb5 100644 --- a/sudo.spec +++ b/sudo.spec @@ -76,6 +76,8 @@ BuildRequires: python3-devel # Remove bundled copy of zlib rm -rf zlib/ +export CFLAGS="$RPM_OPT_FLAGS -std=gnu17" + %configure \ --prefix=%{_prefix} \ --sbindir=%{_sbindir} \ From 1899e2aa8d10783369a1d840c2fc30cf86a6e782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Mon, 7 Jul 2025 13:10:49 +0200 Subject: [PATCH 82/84] Drop '-std=gnu17' from CFLAGS, as C23 builds fine now MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was introduced in commit e2e397029e0d35046a4cf891e075d24c7540da4f for an older version of sudo that was FTBFS for GCC 15 defaulting to C23. Signed-off-by: Björn Esser --- sudo.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/sudo.spec b/sudo.spec index 9e72bb5..73b3930 100644 --- a/sudo.spec +++ b/sudo.spec @@ -76,8 +76,6 @@ BuildRequires: python3-devel # Remove bundled copy of zlib rm -rf zlib/ -export CFLAGS="$RPM_OPT_FLAGS -std=gnu17" - %configure \ --prefix=%{_prefix} \ --sbindir=%{_sbindir} \ From 81e84c1f0692ac90603c7cbeaeeb2b891a852e45 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 18:50:05 +0000 Subject: [PATCH 83/84] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 2ead99a2b1915e06b2918b5547d0587fbe678e0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Tue, 21 Oct 2025 10:16:55 +0200 Subject: [PATCH 84/84] Rebase to 1.9.17p2 - sudo-1.9.17p2 is available Resolves: rhbz#2383665 --- .gitignore | 1 + sources | 2 +- sudo.spec | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index e4940ce..b0986fa 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ /sudo-1.9.15p4.tar.gz /sudo-1.9.15p5.tar.gz /sudo-1.9.17p1.tar.gz +/sudo-1.9.17p2.tar.gz diff --git a/sources b/sources index 86f8d45..54e59ea 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (sudo-1.9.17p1.tar.gz) = 1a9fb27a117b54adf5c99443b3375f7e0eaaf3a2d5a3d409f7c7b10c43432eb301d721df93fb1a8a2e45bf4a4957288d4f153359fc018af00973be57f62a1ebc +SHA512 (sudo-1.9.17p2.tar.gz) = c8abd6ca56e54a081c9ef1e9f6579d1db5b93ff857e60d1f58d1f425d7dc23c31c58d40b7819780688f66dfdf87a1f3bbe0a78387b007e2beb1b0e546203ea93 diff --git a/sudo.spec b/sudo.spec index e321ec4..be44d00 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,5 +1,5 @@ # comment out if no extra version -%global extraver p1 +%global extraver p2 Summary: Allows restricted root access for specified users Name: sudo