Use http://rc.quest.com/topics/polypkg/ for packaging

Makefile.in

@@ -20,11 +20,31 @@ devdir = @devdir@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 
+# Installation paths for package building
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sbindir = @sbindir@
+sysconfdir = @sysconfdir@
+libexecdir = @libexecdir@
+includedir = @includedir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+mandir = @mandir@
+timedir = @timedir@
+
+# sudoers owner and mode for package building
+sudoersdir = $(sysconfdir)
+sudoers_uid = @SUDOERS_UID@
+sudoers_gid = @SUDOERS_GID@
+sudoers_mode = @SUDOERS_MODE@
+
 SUBDIRS = compat common src plugins/sudoers include doc
 
 SAMPLES = plugins/sample plugins/sample_group
 
 VERSION = @PACKAGE_VERSION@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
 
 LIBTOOL_DEPS = @LIBTOOL_DEPS@
 
@@ -40,7 +60,7 @@ autoconf:
 	autoconf -I m4
 
 ChangeLog:
-	hg log --style=changelog -b default > $@
+	test -d $(srcdir)/.hg && hg log --style=changelog -b default > $@
 
 check:
 	@echo nothing to check
@@ -55,18 +75,42 @@ libtool: $(LIBTOOL_DEPS)
 	$(SHELL) ./config.status --recheck
 
 dist: ChangeLog $(srcdir)/MANIFEST
-	pax -w -x ustar -s '/^/sudo-$(VERSION)\//' -f ../sudo-$(VERSION).tar \
+	pax -w -x ustar -s '/^/$(PACKAGE_TARNAME)-$(VERSION)\//' \
+	    -f ../$(PACKAGE_TARNAME)-$(VERSION).tar \
 	    `sed 's/[ 	].*//' $(srcdir)/MANIFEST`
-	gzip -9f ../sudo-$(VERSION).tar
+	gzip -9f ../$(PACKAGE_TARNAME)-$(VERSION).tar
-	ls -l ../sudo-$(VERSION).tar.gz
+	ls -l ../$(PACKAGE_TARNAME)-$(VERSION).tar.gz
+
+package: sudo.pp
+	DESTDIR=`cd $(top_builddir) && pwd`/destdir; rm -rf $$DESTDIR; \
+	$(SHELL) $(srcdir)/mkinstalldirs $$DESTDIR/$(timedir) && \
+	$(MAKE) install DESTDIR=$$DESTDIR && \
+	mv $$DESTDIR/$(sudoersdir)/sudoers \
+	    $$DESTDIR/$(sudoersdir)/sudoers.dist && \
+	$(SHELL) $(srcdir)/pp \
+	    --destdir=$$DESTDIR \
+	    $(srcdir)/sudo.pp   \
+	    bindir=$(bindir) \
+	    sbindir=$(sbindir) \
+	    libexecdir=$(libexecdir) \
+	    includedir=$(includedir) \
+	    timedir=$(timedir) \
+	    mandir=$(mandir) \
+	    docdir=$(docdir) \
+	    sysconfdir=$(sysconfdir) \
+	    sudoersdir=$(sudoersdir) \
+	    sudoers_uid=$(sudoers_uid) \
+	    sudoers_gid=$(sudoers_gid) \
+	    sudoers_mode=$(sudoers_mode) \
+	    version=$(VERSION)
 
 clean: config.status
-	for d in $(SUBDIRS); do (cd $$d && $(MAKE) $@); done
+	for d in $(SUBDIRS) $(SAMPLES); do (cd $$d && $(MAKE) $@); done
 
 mostlyclean: clean
 
 distclean: config.status
-	for d in $(SUBDIRS); do (cd $$d && $(MAKE) $@); done
+	for d in $(SUBDIRS) $(SAMPLES); do (cd $$d && $(MAKE) $@); done
 	-rm -rf Makefile pathnames.h config.h config.status config.cache \
 		config.log libtool stamp-* autom4te.cache ChangeLog
 

doc/Makefile.in

@@ -20,6 +20,7 @@
 #### Start of system configuration section. ####
 
 srcdir = @srcdir@
+docdir = @docdir@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 
@@ -61,7 +62,13 @@ DOCS =	sudo.man visudo.man sudoers.man sudoers.ldap.man sudoers.man \
 @DEV@		$(srcdir)/sudo_plugin.man.in $(srcdir)/sudo_plugin.cat \
 @DEV@		$(srcdir)/HISTORY $(srcdir)/LICENSE
 
+OTHER_DOCS= $(top_srcdir)/ChangeLog $(top_srcdir)/README* \
+	    $(top_srcdir)/WHATSNEW $(srcdir)/HISTORY $(srcdir)/LICENSE \
+	    $(srcdir)/TROUBLESHOOTING $(srcdir)/UPGRADE $(srcdir)/sample.* \
+	    $(srcdir)/schema.*
+
 VERSION = @PACKAGE_VERSION@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
 
 all: $(DEVDOCS) $(DOCS)
 
@@ -133,7 +140,7 @@ LICENSE: $(srcdir)/license.pod
 install: install-dirs install-man
 
 install-dirs:
-	$(SHELL) $(top_srcdir)/mkinstalldirs \
+	$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(docdir) \
 	    $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform)
 
 install-binaries:
@@ -141,6 +148,7 @@ install-binaries:
 install-includes:
 
 install-man: install-dirs
+	for f in $(OTHER_DOCS); do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
 	@rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
 	ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)

include/Makefile.in

@@ -22,6 +22,7 @@
 srcdir = @srcdir@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+includedir = @includedir@
 
 # Our install program supports extra flags...
 INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
@@ -45,19 +46,19 @@ all:
 install: install-dirs install-includes
 
 install-dirs:
-	$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(prefix)/include
+	$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(includedir)
 
 install-binaries:
 
 install-man:
 
 install-includes: install-dirs
-	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $(srcdir)/sudo_plugin.h $(DESTDIR)$(prefix)/include
+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $(srcdir)/sudo_plugin.h $(DESTDIR)$(includedir)
 
 install-plugin:
 
 uninstall:
-	-rm -f $(DESTDIR)$(prefix)/include/sudo_plugin.h
+	-rm -f $(DESTDIR)$(includedir)/sudo_plugin.h
 
 check:
 	@echo nothing to check

mkpkg

@@ -0,0 +1,153 @@
+#!/bin/sh
+
+IFS=
+
+top_srcdir=`dirname $0`
+
+platform=`$top_srcdir/pp --probe` || exit 1
+
+# Default paths
+prefix=/usr/local
+
+# Choose configure options by platform.
+# We use the same configure options as vendor packages when possible.
+case "$platform" in
+    centos4*|rhel4*)
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	prefix=/usr
+	configure_opts="
+		--prefix=$prefix
+		--with-logging=syslog
+		--with-logfac=authpriv
+		--with-pam
+		--with-pam-login
+		--with-editor=/bin/vi
+		--with-env-editor
+		--with-ignore-dot
+		--with-tty-tickets
+		--with-ldap
+		--with-selinux
+		--with-passprompt=[sudo] password for %p: "
+	;;
+    centos5*|rhel5*)
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	prefix=/usr
+	configure_opts="
+		--prefix=$prefix
+		--with-logging=syslog
+		--with-logfac=authpriv
+		--with-pam
+		--with-pam-login
+		--with-editor=/bin/vi
+		--with-env-editor
+		--with-ignore-dot
+		--with-tty-tickets
+		--with-ldap
+		--with-selinux
+		--with-linux-audit
+		--with-passprompt=[sudo] password for %p: "
+	export CFLAGS="-fpie" LDFLAGS="-pie"
+	;;
+    sles9*)
+	prefix=/usr
+	# SuSE doesn't have /usr/libexec
+	case "$platform" in
+	    *64*)	libexec=lib64;;
+	    *)		libexec=lib;;
+	esac
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	configure_opts="
+		--prefix=$prefix
+		--libexecdir=$prefix/$libexec/sudo
+		--with-logging=syslog
+		--with-logfac=auth
+		--with-insults=disabled
+		--with-all-insults
+		--with-ignore-dot
+		--with-tty-tickets
+		--enable-shell-sets-home
+		--with-sudoers-mode=0440
+		--with-pam
+		--with-ldap
+		--with-env-editor
+		--with-passprompt=%p\'s password: "
+
+	make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
+	;;
+    sles10*)
+	prefix=/usr
+	# SuSE doesn't have /usr/libexec
+	case "$platform" in
+	    *64*)	libexec=lib64;;
+	    *)		libexec=lib;;
+	esac
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	# XXX - SuSE uses secure path only for env_reset
+	configure_opts="
+		--prefix=$prefix
+		--libexecdir=$prefix/$libexec/sudo
+		--with-logging=syslog
+		--with-logfac=auth
+		--with-insults=disabled
+		--with-all-insults
+		--with-ignore-dot
+		--with-tty-tickets
+		--enable-shell-sets-home
+		--with-sudoers-mode=0440
+		--with-pam
+		--with-ldap
+		--with-env-editor
+		--with-passprompt=%p\'s password: "
+
+	make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
+	export CFLAGS="-fpie" LDFLAGS="-pie"
+	;;
+    sles11*)
+	prefix=/usr
+	# SuSE doesn't have /usr/libexec
+	case "$platform" in
+	    *64*)	libexec=lib64;;
+	    *)		libexec=lib;;
+	esac
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	# XXX - SuSE uses secure path only for env_reset
+	configure_opts="
+		--prefix=$prefix
+		--libexecdir=$prefix/$libexec/sudo
+		--with-selinux
+		--with-logging=syslog
+		--with-logfac=auth
+		--with-insults=disabled
+		--with-all-insults
+		--with-ignore-dot
+		--with-tty-tickets
+		--enable-shell-sets-home
+		--with-sudoers-mode=0440
+		--with-pam
+		--with-ldap
+		--with-env-editor
+		--with-passprompt=%p\'s password: "
+
+	make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
+	export CFLAGS="-fpie" LDFLAGS="-pie"
+	;;
+    *)
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	configure_opts="
+		--prefix=$prefix
+		--with-insults=disabled
+		--with-logging=syslog
+		--with-logfac=auth
+		--with-editor=/usr/bin/vim:/usr/bin/vi:/bin/vi
+		--with-env-editor"
+	;;
+esac
+
+# Remove spaces from IFS when setting $@ so that passprompt may include them
+OIFS="$IFS"
+IFS="	
+"
+set -- $configure_opts
+IFS="$OIFS"
+$top_srcdir/configure "$@" || exit 1
+make $make_opts && make $make_opts package

plugins/sudoers/Makefile.in

@@ -259,12 +259,15 @@ install-binaries: visudo sudoreplay install-dirs
 
 install-includes:
 
+# XXX - install sudoers2ldif in docdir
 install-man:
 
 install-plugin: sudoers.la install-dirs
 	$(LIBTOOL) --mode=install --quiet $(INSTALL) sudoers.la $(DESTDIR)$(plugindir)
 
 install-sudoers: install-dirs
+	$(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \
+	    $(DESTDIR)$(sudoersdir)/sudoers.d
 	test -f $(DESTDIR)$(sudoersdir)/sudoers || \
 	    $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
 		$(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers

src/Makefile.in

@@ -127,7 +127,7 @@ install-dirs:
 	    $(DESTDIR)$(noexecdir)
 
 install-binaries: install-dirs $(PROGS)
-	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 sudo $(DESTDIR)$(bindir)/sudo
+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(bindir)/sudo
 	rm -f $(DESTDIR)$(bindir)/sudoedit
 	ln $(DESTDIR)$(bindir)/sudo $(DESTDIR)$(bindir)/sudoedit
 	if [ -f sesh ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi

sudo.pp

@@ -0,0 +1,136 @@
+%set
+  name="sudo"
+  summary="Provide limited super-user priveleges to specific users"
+  description="Sudo is a program designed to allow a sysadmin to give \
+limited root privileges to users and log root activity.  \
+The basic philosophy is to give as few privileges as possible but \
+still allow people to get their work done."
+  vendor="Todd C. Miller"
+  copyright="(c) 1993-1996,1998-2010 Todd C. Miller"
+  pp_rpm_release="1"
+  pp_rpm_license="BSD"
+  pp_rpm_url="http://www.sudo.ws/"
+  pp_rpm_group="Applications/System"
+  pp_rpm_packager="Todd.Miller@courtesan.com"
+  pp_deb_maintainer="Todd.Miller@courtesan.com"
+  pp_sd_vendor_tag="TCM"
+  pp_solaris_name="TCMsudo"
+
+%set [rpm]
+  # Add distro info to release
+  case "$pp_rpm_distro" in
+    centos*|rhel*)
+	d=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/[^0-9].*$//'`
+	if test -n "$d"; then
+	    pp_rpm_release="$pp_rpm_release.el$d"
+	fi
+	;;
+    sles*)
+	d=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/[^0-9].*$//'`
+	if test -n "$d"; then
+	    pp_rpm_release="$pp_rpm_release.sles$d"
+	fi
+	;;
+  esac
+
+  # For RedHat the doc dir is expected to include version and release
+  case "$pp_rpm_distro" in
+    centos*|rhel*)
+      mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-1
+      docdir=${docdir}-${version}-1
+      ;;
+  esac
+
+  # Choose the correct PAM file by distro
+  case "$pp_rpm_distro" in
+    centos4*|rhel4*)
+        mkdir -p ${pp_destdir}/etc/pam.d
+	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+	#%PAM-1.0
+	auth       required	pam_stack.so service=system-auth
+	account    required	pam_stack.so service=system-auth
+	password   required	pam_stack.so service=system-auth
+	session    required	pam_limits.so
+	EOF
+	;;
+    centos5*|rhel5*)
+        mkdir -p ${pp_destdir}/etc/pam.d
+	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+	#%PAM-1.0
+	auth       include	system-auth
+	account    include	system-auth
+	password   include	system-auth
+	session    optional	pam_keyinit.so revoke
+	session    required	pam_limits.so
+	EOF
+	cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
+	#%PAM-1.0
+	auth       include	sudo
+	account    include	sudo
+	password   include	sudo
+	session    optional	pam_keyinit.so force revoke
+	session    required	pam_limits.so
+	EOF
+	;;
+    sles9*)
+        mkdir -p ${pp_destdir}/etc/pam.d
+	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+	#%PAM-1.0
+	auth     required       pam_unix2.so
+	session  required       pam_limits.so
+	EOF
+	;;
+    sles10*|sles11*)
+        mkdir -p ${pp_destdir}/etc/pam.d
+	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+	#%PAM-1.0
+	auth     include	common-auth
+	account  include	common-account
+	password include	common-password
+	session  include	common-session
+	# session  optional	pam_xauth.so
+	EOF
+	;;
+  esac
+
+%set [aix]
+  pp_aix_version=`echo $version | sed -e 's,\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\)p\([0-9][0-9]*\)q\([0-9][0-9]*\),\1.\2.\3.\4,'`
+  summary="Configurable super-user privileges"
+
+%files
+  $bindir/sudo        4111 root:
+  $bindir/sudoedit    4111 root:
+  $sbindir/visudo     0111
+  $bindir/sudoreplay  0111
+  $libexecdir/*
+  $sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
+  $sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
+  $timedir/	      0700 root:
+  $docdir/
+  $docdir/*
+  $includedir/sudo_plugin.h
+
+%files [!aix]
+  $mandir/man*/*
+
+%files [aix]
+  # Some versions use catpages, some use manpages.
+  $mandir/cat*/* optional
+  $mandir/man*/* optional
+
+%files [rpm]
+  /etc/pam.d/* volatile,optional
+
+%post
+  # Don't overwrite an existing sudoers file
+  sysconfdir=%{sysconfdir}
+  if test ! -r $sysconfdir/sudoers; then
+    cp -p $sysconfdir/sudoers.dist $sysconfdir/sudoers
+  fi
+
+%post [deb]
+  # dpkg-deb does not maintain the mode on the sudoers file, and
+  # installs it 0640 when sudo requires 0440
+  chmod %{sudoers_mode} %{sudoersdir}/sudoers
+
+# vim:ts=2:sw=2:et