1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
|
%set
name="sudo-logsrvd"
summary="Sudo event and I/O log server"
description="The sudo_logsrvd daemon collects event and I/O logs \
from sudo clients.
This makes it possible to have all sudo I/O logs on a central server."
vendor="Todd C. Miller"
copyright="(c) 2019-2021 Todd C. Miller"
%if [aix]
# Convert to 4 part version for AIX, including patch level
pp_aix_version=`echo $version|sed -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)p\([0-9]*\)$/\1.\2/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)[^0-9\.].*$/\1/' -e 's/^\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/'`
# Don't allow sudo to prompt for a password
pp_aix_sudo="sudo -n"
%endif
%if [sd]
pp_sd_vendor_tag="TCM"
%endif
%if [solaris]
pp_solaris_name="TCM${name}"
pp_solaris_pstamp=`/usr/bin/date "+%B %d, %Y"`
%endif
%if [macos]
# System Integrity Protection on macOS won't allow us to write
# directly to /etc or /var. We must install in /private instead.
case "$sysconfdir" in
/etc|/etc/*)
mkdir -p ${pp_destdir}/private
chmod 755 ${pp_destdir}/private
if test -d ${pp_destdir}/etc; then
mv ${pp_destdir}/etc ${pp_destdir}/private/etc
fi
sysconfdir="/private${sysconfdir}"
;;
esac
case "$vardir" in
/var|/var/*)
mkdir -p ${pp_destdir}/private
chmod 755 ${pp_destdir}/private
if test -d ${pp_destdir}/var; then
mv ${pp_destdir}/var ${pp_destdir}/private/var
fi
vardir="/private${vardir}"
;;
esac
case "$rundir" in
/var|/var/*)
mkdir -p ${pp_destdir}/private
chmod 755 ${pp_destdir}/private
if test -d ${pp_destdir}/var; then
mv ${pp_destdir}/var ${pp_destdir}/private/var
fi
rundir="/private${rundir}"
;;
esac
%endif
%if [rpm,deb]
# Convert patch level into release and remove from version
pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)$' \| 0 \) + 1`"
pp_rpm_version="`expr \( $version : '\(.*\)p[0-9][0-9]*$' \| $version \)`"
pp_rpm_license="BSD"
pp_rpm_url="https://www.sudo.ws"
pp_rpm_group="Applications/System"
pp_rpm_packager="Todd C. Miller <Todd.Miller@sudo.ws>"
%else
# We install sudo_logsrvd.conf from the example dir during post-install
rm -f ${pp_destdir}$sysconfdir/sudo_logsrvd.conf
%endif
# Stash original docdir and exampledir
odocdir="${docdir}"
oexampledir="${exampledir}"
# docdir and exampledir are installed with "sudo" as the package
# name which may not be correct.
docdir="`echo \"${docdir}\" | sed 's#/sudo$#/'\"${name}\"'#'`"
if test "${exampledir}" = "${odocdir}/examples"; then
exampledir="${docdir}/examples"
else
exampledir="`echo \"${exampledir}\" | sed 's#/sudo$#/'\"${name}\"'#'`"
fi
# For RedHat the doc dir is expected to include version and release
case "$pp_rpm_distro" in
centos*|rhel*|f[0-9]*)
docdir="${docdir}-${pp_rpm_version}-${pp_rpm_release}"
exampledir="${docdir}/examples"
;;
esac
# Copy docdir and exampledir to new names if needed
if test ! -d "${pp_destdir}${docdir}"; then
cp -R ${pp_destdir}${odocdir} ${pp_destdir}${docdir}
find ${pp_destdir}${docdir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup
fi
if test ! -d "${pp_destdir}${exampledir}"; then
cp -R ${pp_destdir}${oexampledir} ${pp_destdir}${exampledir}
find ${pp_destdir}${exampledir} -depth | sed "s#^${pp_destdir}##" >> ${pp_wrkdir}/pp_cleanup
fi
%if [deb]
pp_deb_maintainer="$pp_rpm_packager"
pp_deb_release="$pp_rpm_release"
pp_deb_version="$pp_rpm_version"
pp_deb_section=admin
install -D -m 644 ${pp_destdir}$docdir/LICENSE.md ${pp_wrkdir}/${name}/usr/share/doc/${name}/copyright
install -D -m 644 ${pp_destdir}$docdir/ChangeLog ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog
printf "$name ($pp_deb_version-$pp_deb_release) admin; urgency=low\n\n * see upstream changelog\n\n -- $pp_deb_maintainer `date '+%a, %d %b %Y %T %z'`\n" > ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
chmod 644 ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
gzip -9f ${pp_wrkdir}/${name}/usr/share/doc/${name}/changelog.Debian
# Create lintian override file
mkdir -p ${pp_wrkdir}/${name}/usr/share/lintian/overrides
cat >${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name} <<-EOF
# Sudo ships with debugging symbols
$name: unstripped-binary-or-object
EOF
chmod 644 ${pp_wrkdir}/${name}/usr/share/lintian/overrides/${name}
# If libssl_dep not passed in, try to figure it out
if test -z "$libssl_dep"; then
libssl_dep="`ldd $libexecdir/sudo/sudoers.so 2>&1 | sed -n 's/^[ ]*libssl\.so\([0-9.]*\).*/libssl\1/p'`"
fi
%endif
%if [rpm]
# Add distro info to release
osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'`
case "$pp_rpm_distro" in
centos*|rhel*|f[0-9]*)
# CentOS Stream has a single-digit version
if test $osrelease -lt 10; then
osrelease="${osrelease}0"
fi
pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
;;
sles*)
pp_rpm_release="$pp_rpm_release.sles$osrelease"
;;
esac
%endif
%if [macos]
pp_macos_pkg_type=flat
pp_macos_bundle_id=ws.sudo.pkg.sudo-logsrvd
pp_macos_pkg_background=${srcdir}/etc/macos-background.png
pp_macos_pkg_background_dark=${srcdir}/etc/macos-background.png
pp_macos_pkg_license=${pp_destdir}$docdir/LICENSE.md
pp_macos_pkg_readme=${pp_wrkdir}/ReadMe.txt
perl -pe 'last if (/^What/i && $seen++)' ${pp_destdir}$docdir/NEWS > ${pp_wrkdir}/ReadMe.txt
%endif
%if X"$aix_freeware" = X"true"
# Create links from /opt/freeware/sbin -> /usr/sbin
mkdir -p ${pp_destdir}/usr/sbin
ln -s -f ${sbindir}/sudo_logsrvd ${pp_destdir}/usr/sbin
%endif
%if [!rpm,deb]
# Package parent directories when not installing under /usr
if test "${prefix}" != "/usr"; then
extradirs=`echo ${pp_destdir}${mandir}/[mc]* | sed "s#${pp_destdir}##g"`
extradirs="$extradirs `dirname $docdir` `dirname $rundir`"
test "`dirname $exampledir`" != "$docdir" && extradirs="$extradirs `dirname $exampledir`"
for dir in $sbindir $extradirs; do
while test "$dir" != "/"; do
parentdirs="${parentdirs}${parentdirs+ }$dir/"
dir=`dirname $dir`
done
done
parentdirs=`echo $parentdirs | tr " " "\n" | sort -u`
fi
%endif
%depend [deb]
libc6, zlib1g, sudo
%fixup [deb]
if test -n "%{libssl_dep}"; then
DEPENDS="%{libssl_dep}"
cp -p %{pp_wrkdir}/%{name}/DEBIAN/control %{pp_wrkdir}/%{name}/DEBIAN/control.$$
sed "s/^\(Depends:.*\) *$/\1, ${DEPENDS}/" %{pp_wrkdir}/%{name}/DEBIAN/control.$$ > %{pp_wrkdir}/%{name}/DEBIAN/control
rm -f %{pp_wrkdir}/%{name}/DEBIAN/control.$$
fi
echo "Homepage: https://www.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control
echo "Bugs: https://bugzilla.sudo.ws" >> %{pp_wrkdir}/%{name}/DEBIAN/control
%fixup [rpm]
cat > %{pp_wrkdir}/${name}.spec.sed <<-'EOF'
/^%files/ {
i\
%clean\
:\
}
EOF
mv %{pp_wrkdir}/${name}.spec %{pp_wrkdir}/${name}.spec.bak
sed -f %{pp_wrkdir}/${name}.spec.sed %{pp_wrkdir}/${name}.spec.bak > %{pp_wrkdir}/${name}.spec
%files
/** ignore
%if X"$parentdirs" != X""
$parentdirs - ignore-others
%endif
$sbindir/sudo_logsrvd 0755 ignore-others
$mandir/man*/*logsrv* 0644 ignore-others
$rundir/ 0711 root: ignore-others
$docdir/ 0755 ignore-others
$exampledir/ 0755 ignore-others
$exampledir/*logsrv* 0644 ignore-others
%if [rpm,deb]
$sysconfdir/sudo_logsrvd.conf 0644 root: volatile,ignore-others
%endif
%if X"$aix_freeware" = X"true"
# Links for binaries from /opt/freeware to /usr
/usr/sbin/sudo_logsrvd 0755 root: symlink,ignore-others $sbindir/logsrvd
%endif
%post [!rpm,deb]
# Don't overwrite existing sudo_logsrvd.conf files
%if [solaris]
sysconfdir=${PKG_INSTALL_ROOT}%{sysconfdir}
exampledir=${PKG_INSTALL_ROOT}%{exampledir}
%else
sysconfdir=%{sysconfdir}
exampledir=%{exampledir}
%endif
if test ! -r $sysconfdir/sudo_logsrvd.conf; then
cp $exampledir/sudo_logsrvd.conf $sysconfdir/sudo_logsrvd.conf
chmod 644 $sysconfdir/sudo_logsrvd.conf
chown root $sysconfdir/sudo_logsrvd.conf
fi
%service sudo_logsrvd
%if [aix,macos]
cmd="${sbindir}/sudo_logsrvd -n"
%else
cmd=${sbindir}/sudo_logsrvd
pidfile=${rundir}/sudo_logsrvd.pid
%endif
%if [macos]
pp_macos_service_id=ws.sudo.sudo_logsrvd
%endif
%if [rpm,deb]
# Only include systemd support if it exists on the build machine.
# This assumes that we are building on the same distro that the
# package will be installed on (which is the case for sudo).
if test -d /etc/systemd; then
for d in `pkg-config systemd --variable=systemdsystemunitdir 2>/dev/null` /lib/systemd/system /usr/lib/systemd/system; do
if test -d "$d"; then
break
fi
done
pp_systemd_service_description="Sudo central log server"
pp_systemd_service_dir="$d"
pp_systemd_service_exec="${cmd}"
pp_systemd_service_exec_args="-n"
pp_systemd_service_man="man:sudo_logsrvd(8) man:sudo_logsrvd.conf(5)"
pp_systemd_service_documentation="https://www.sudo.ws/man.html"
pp_systemd_service_after="syslog.target network.target auditd.service"
pp_systemd_service_killmode="process"
pp_systemd_service_type="exec"
pp_systemd_system_target="multi-user.target"
else
# No systemd support
pp_systemd_disabled=true
fi
%endif
|
