SPECS: pam.spec - rel 0.3 - use gdbm for pam_userdb (db pulls libp...
baggins
baggins at pld-linux.org
Tue Feb 6 02:20:31 CET 2007
Author: baggins Date: Tue Feb 6 01:20:31 2007 GMT
Module: SPECS Tag: HEAD
---- Log message:
- rel 0.3
- use gdbm for pam_userdb (db pulls libpthread and This Is Bad)
- BR/R glibc that knows about recent syscalls (for pam_namespace)
- add build checks for modules correctness
---- Files affected:
SPECS:
pam.spec (1.250 -> 1.251)
---- Diffs:
================================================================
Index: SPECS/pam.spec
diff -u SPECS/pam.spec:1.250 SPECS/pam.spec:1.251
--- SPECS/pam.spec:1.250 Mon Feb 5 01:08:49 2007
+++ SPECS/pam.spec Tue Feb 6 02:20:25 2007
@@ -12,7 +12,9 @@
%bcond_without selinux # build without SELinux support
%bcond_without audit # build with Linux Auditing library support
#
-%define pam_pld_version 0.99.7.1-1
+%define pam_pld_version 0.99.7.1-2
+#
+%define _sbindir /sbin
#
Summary: Pluggable Authentication Modules: modular, incremental authentication
Summary(de): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
@@ -25,7 +27,7 @@
Summary(uk): śÎÓÔŇŐÍĹÎÔ, ÝĎ ÚÁÂĹÚĐĹŢŐ¤ ÁŐÔĹÎÔÉĆŚËÁĂŚŔ ÄĚŃ ĐŇĎÇŇÁÍ
Name: pam
Version: 0.99.7.1
-Release: 0.1
+Release: 0.3
License: GPL or BSD
Group: Base
Source0: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -33,7 +35,7 @@
Source1: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
# Source1-md5: 259c57009369eda92a00d1a153776ac6
Source2: ftp://ftp.pld-linux.org/software/pam/pam-pld-%{pam_pld_version}.tar.gz
-# Source2-md5: 62ee3a41c59000c78a3d6aa024ee55bd
+# Source2-md5: 27f96a6baf0a31f82ef0d4b0f7f75e95
Source3: other.pamd
Source4: system-auth.pamd
Source5: config-util.pamd
@@ -57,14 +59,17 @@
Patch14: %{name}-unix-nullcheck.patch
Patch15: %{name}-unix-blowfish.patch
Patch16: %{name}-mkhomedir-new-features.patch
+Patch17: %{name}-db-gdbm.patch
URL: http://www.kernel.org/pub/linux/libs/pam/
%{?with_audit:BuildRequires: audit-libs-devel >= 1.0.8}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
BuildRequires: cracklib-devel
-BuildRequires: db-devel
+# gdbm due to db pulling libpthread
+BuildRequires: gdbm-devel
BuildRequires: flex
+BuildRequires: glibc-devel >= 2.5-0.4
%{?with_prelude:BuildRequires: libprelude-devel}
%{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
BuildRequires: libtool >= 2:1.5
@@ -89,10 +94,6 @@
Obsoletes: pam-doc
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
-%define specflags -fno-strict-aliasing
-
-%define _sbindir /sbin
-
%description
PAM (Pluggable Authentication Modules) is a powerful, flexible,
extensible authentication system which allows the system administrator
@@ -162,6 +163,7 @@
Summary(pl): Moduły i biblioteki PAM
Group: Libraries
Conflicts: pam < 0:0.80.1-2
+Requires: glibc >= 2.5-0.4
%{?with_audit:Requires: audit-libs >= 1.0.8}
%{?with_selinux:Requires: libselinux >= 1.33.2}
@@ -246,6 +248,7 @@
%patch14 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
%build
%{__libtoolize}
@@ -259,6 +262,7 @@
--libdir=/%{_lib} \
--includedir=%{_includedir}/security \
--enable-isadir=../../%{_lib}/security \
+ --enable-db=gdbm \
%{!?with_selinux:--disable-selinux} \
%{!?with_prelude:--disable-prelude} \
%{!?with_audit:--disable-audit}
@@ -309,6 +313,35 @@
install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
+# Make sure every module subdirectory gave us a module. Yes, this is hackish.
+for dir in modules/pam_* ; do
+ if [ -d ${dir} ] ; then
+ if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
+ echo ERROR `basename ${dir}` did not build a module.
+ exit 1
+ fi
+ fi
+done
+
+for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
+# Check for module problems. Specifically, check that every module we just
+# installed can actually be loaded by a minimal PAM-aware application.
+ if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
+ ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
+ echo ERROR module: ${module} cannot be loaded.
+ exit 1
+ fi
+# And for good measure, make sure that none of the modules pull in threading
+# libraries, which if loaded in a non-threaded application, can cause Very
+# Bad Things to happen.
+ if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
+ LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
+ fgrep -q libpthread ; then
+ echo ERROR module: ${module} pulls threading libraries.
+ exit 1
+ fi
+done
+
# useless - shut up check-files
rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
@@ -351,20 +384,22 @@
%dir %attr(755,root,root) /etc/security/console.apps
%dir %attr(755,root,root) /etc/security/console.perms.d
%dir %attr(755,root,root) /var/run/console
-%config /etc/security/console.perms.d/50-default.perms
+%config(noreplace) %verify(not md5 mtime size) /etc/environment
%config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
%config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
%config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
%config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
-%config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
+%config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
+%config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
+%config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
%config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
%config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
+%config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
+%attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
+%config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
%config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
-%config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
-%config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
%config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
-%config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
-%config(noreplace) %verify(not md5 mtime size) /etc/environment
+%config /etc/security/console.perms.d/50-default.perms
%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
%attr(4755,root,root) /sbin/unix_chkpwd
%attr(755,root,root) %{_bindir}/pam_pwgen
@@ -411,6 +446,7 @@
%attr(755,root,root) /%{_lib}/security/pam_mail.so
%attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
%attr(755,root,root) /%{_lib}/security/pam_motd.so
+%attr(755,root,root) /%{_lib}/security/pam_namespace.so
%attr(755,root,root) /%{_lib}/security/pam_nologin.so
%attr(755,root,root) /%{_lib}/security/pam_permit.so
%attr(755,root,root) /%{_lib}/security/pam_pwexport.so
@@ -466,6 +502,12 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.251 2007/02/06 01:20:25 baggins
+- rel 0.3
+- use gdbm for pam_userdb (db pulls libpthread and This Is Bad)
+- BR/R glibc that knows about recent syscalls (for pam_namespace)
+- add build checks for modules correctness
+
Revision 1.250 2007/02/05 00:08:49 baggins
- moved developers documentation to devel package
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SPECS/pam.spec?r1=1.250&r2=1.251&f=u
More information about the pld-cvs-commit
mailing list