isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create template tmpfiles.d/sudo.conf for installation instead of

Browse Source 
creating one via echo commands in the Makefile.

Add --enable-tmpfiles.d configure option to enable/disable use of
tmpfiles.d and override the default directory.

Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore
tmpfiles.d/sudo.conf in sudo.pp.
This commit is contained in:
Todd C. Miller
2015-04-07 15:35:01 -06:00
parent d297f5fd84
commit fa3552fa76
9 changed files with 77 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.hgignore
View File

@@ -23,6 +23,7 @@ Makefile$
^doc/varsub$ ^doc/varsub$
^init.d/.*.sh$ ^init.d/.*.sh$
^init.d/sudo.conf$
^pathnames\.h$ ^pathnames\.h$
^src/sudo$ ^src/sudo$

24
INSTALL
View File

@@ -198,14 +198,6 @@ Compilation options:
binary itself. This will also disable the noexec option binary itself. This will also disable the noexec option
as it too relies on dynamic shared object support. as it too relies on dynamic shared object support.
--enable-static-sudoers
By default, the sudoers plugin is built and installed as a
dynamic shared object. When the --enable-static-sudoers
option is specified, the sudoers plugin is compiled directly
into the sudo binary. Unlike --disable-shared, this does
not prevent other plugins from being used and the noexec
option will continue to function.
--disable-shared-libutil --disable-shared-libutil
Disable the use of the dynamic libsudo_util library. By Disable the use of the dynamic libsudo_util library. By
default, sudo, the sudoers plugin and the associated sudo default, sudo, the sudoers plugin and the associated sudo
@@ -215,6 +207,22 @@ Compilation options:
instead. This option may only be used in conjunction with instead. This option may only be used in conjunction with
the --enable-static-sudoers option. the --enable-static-sudoers option.
--enable-static-sudoers
By default, the sudoers plugin is built and installed as a
dynamic shared object. When the --enable-static-sudoers
option is specified, the sudoers plugin is compiled directly
into the sudo binary. Unlike --disable-shared, this does
not prevent other plugins from being used and the noexec
option will continue to function.
--enable-tmpfiles.d=DIR
Set the directory to be used when installing the sudo
tmpfiles.d file. This is used to create (or clear) the
sudo time stamp directory on operating systems that use
systemd. If this option is not specified, configure will
use the /usr/lib/tmpfiles.d directory if the file
/usr/lib/tmpfiles.d/systemd.conf exists.
--disable-weak-symbols --disable-weak-symbols
Disable the use of weak symbols in the libsudo_util library. Disable the use of weak symbols in the libsudo_util library.
By default, libsudo_util will provide weak symbols for the By default, libsudo_util will provide weak symbols for the

1
MANIFEST
View File

@@ -76,6 +76,7 @@ include/sudo_util.h
indent.pro indent.pro
init.d/aix.sh.in init.d/aix.sh.in
init.d/hpux.sh.in init.d/hpux.sh.in
init.d/sudo.conf.in
install-sh install-sh
lib/util/Makefile.in lib/util/Makefile.in
lib/util/aix.c lib/util/aix.c

4
Makefile.in
View File

@@ -326,8 +326,8 @@ distclean: config.status
for d in $(SUBDIRS) $(SAMPLES); do \ for d in $(SUBDIRS) $(SAMPLES); do \
(cd $$d && exec $(MAKE) $@); \ (cd $$d && exec $(MAKE) $@); \
done done
-rm -rf Makefile pathnames.h config.h config.status config.cache \ -rm -rf autom4te.cache config.cache config.h config.log config.status \
config.log libtool stamp-* autom4te.cache init.d/*.sh init.d/*.sh init.d/sudo.conf libtool Makefile pathnames.h stamp-*
cleandir: distclean cleandir: distclean

25
configure vendored
View File

@@ -724,6 +724,7 @@ vardir
rundir rundir
iolog_dir iolog_dir
exampledir exampledir
TMPFILES_D
COMPAT_EXP COMPAT_EXP
RC_LINK RC_LINK
INIT_DIR INIT_DIR
@@ -951,6 +952,7 @@ enable_rpath
enable_static_sudoers enable_static_sudoers
enable_shared_libutil enable_shared_libutil
enable_weak_symbols enable_weak_symbols
enable_tmpfiles_d
with_selinux with_selinux
enable_gss_krb5_ccache_name enable_gss_krb5_ccache_name
enable_shared enable_shared
@@ -1628,6 +1630,7 @@ Optional Features:
Disable use of the libsudo_util shared library. Disable use of the libsudo_util shared library.
--disable-weak-symbols Disable use of weak symbols in the libsudo_util --disable-weak-symbols Disable use of weak symbols in the libsudo_util
shared library. shared library.
--enable-tmpfiles.d=DIR Set the path to the systemd tmpfiles.d directory.
--enable-gss-krb5-ccache-name --enable-gss-krb5-ccache-name
Use GSS-API to set the Kerberos V cred cache name Use GSS-API to set the Kerberos V cred cache name
--enable-shared[=PKGS] build shared libraries [default=yes] --enable-shared[=PKGS] build shared libraries [default=yes]
@@ -2843,6 +2846,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
# #
@@ -2930,6 +2934,7 @@ WEAK_ALIAS=no
CHECKSHADOW=true CHECKSHADOW=true
shadow_funcs= shadow_funcs=
shadow_libs= shadow_libs=
TMPFILES_D=
CONFIGURE_ARGS="$@" CONFIGURE_ARGS="$@"
RTLD_PRELOAD_VAR="LD_PRELOAD" RTLD_PRELOAD_VAR="LD_PRELOAD"
@@ -5699,6 +5704,22 @@ else
fi fi
# Check whether --enable-tmpfiles.d was given.
if test "${enable_tmpfiles_d+set}" = set; then :
enableval=$enable_tmpfiles_d; case $enableval in
yes) TMPFILES_D=/usr/lib/tmpfiles.d
;;
no) TMPFILES_D=
;;
*) TMPFILES_D="$enableval"
esac
else
test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d
fi
# Check whether --with-selinux was given. # Check whether --with-selinux was given.
if test "${with_selinux+set}" = set; then : if test "${with_selinux+set}" = set; then :
@@ -24552,6 +24573,9 @@ test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/
if test X"$INIT_SCRIPT" != X""; then if test X"$INIT_SCRIPT" != X""; then
ac_config_files="$ac_config_files init.d/$INIT_SCRIPT" ac_config_files="$ac_config_files init.d/$INIT_SCRIPT"
elif test X"$TMPFILES_D" != X""; then
ac_config_files="$ac_config_files init.d/sudo.conf"
fi fi
ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" ac_config_files="$ac_config_files Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers"
@@ -25544,6 +25568,7 @@ do
"lib/zlib/zconf.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/zlib/zconf.h" ;; "lib/zlib/zconf.h") CONFIG_HEADERS="$CONFIG_HEADERS lib/zlib/zconf.h" ;;
"lib/zlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/zlib/Makefile" ;; "lib/zlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/zlib/Makefile" ;;
"init.d/$INIT_SCRIPT") CONFIG_FILES="$CONFIG_FILES init.d/$INIT_SCRIPT" ;; "init.d/$INIT_SCRIPT") CONFIG_FILES="$CONFIG_FILES init.d/$INIT_SCRIPT" ;;
"init.d/sudo.conf") CONFIG_FILES="$CONFIG_FILES init.d/sudo.conf" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
"examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;; "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;;

16
configure.ac
View File

@@ -90,6 +90,7 @@ AC_SUBST([INIT_SCRIPT])
AC_SUBST([INIT_DIR]) AC_SUBST([INIT_DIR])
AC_SUBST([RC_LINK]) AC_SUBST([RC_LINK])
AC_SUBST([COMPAT_EXP]) AC_SUBST([COMPAT_EXP])
AC_SUBST([TMPFILES_D])
AC_SUBST([exampledir]) AC_SUBST([exampledir])
dnl dnl
dnl Variables that get substituted in docs (not overridden by environment) dnl Variables that get substituted in docs (not overridden by environment)
@@ -226,6 +227,7 @@ WEAK_ALIAS=no
CHECKSHADOW=true CHECKSHADOW=true
shadow_funcs= shadow_funcs=
shadow_libs= shadow_libs=
TMPFILES_D=
CONFIGURE_ARGS="$@" CONFIGURE_ARGS="$@"
dnl dnl
@@ -1478,6 +1480,18 @@ AC_ARG_ENABLE(weak_symbols,
[AS_HELP_STRING([--disable-weak-symbols], [Disable use of weak symbols in the libsudo_util shared library.])], [AS_HELP_STRING([--disable-weak-symbols], [Disable use of weak symbols in the libsudo_util shared library.])],
[], [enable_weak_symbols=yes]) [], [enable_weak_symbols=yes])
AC_ARG_ENABLE(tmpfiles.d,
[AS_HELP_STRING([--enable-tmpfiles.d=DIR], [Set the path to the systemd tmpfiles.d directory.])],
[case $enableval in
yes) TMPFILES_D=/usr/lib/tmpfiles.d
;;
no) TMPFILES_D=
;;
*) TMPFILES_D="$enableval"
esac], [
test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d
])
AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in [case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] " yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
@@ -4182,6 +4196,8 @@ dnl Substitute into the Makefile and man pages
dnl dnl
if test X"$INIT_SCRIPT" != X""; then if test X"$INIT_SCRIPT" != X""; then
AC_CONFIG_FILES([init.d/$INIT_SCRIPT]) AC_CONFIG_FILES([init.d/$INIT_SCRIPT])
elif test X"$TMPFILES_D" != X""; then
AC_CONFIG_FILES([init.d/sudo.conf])
fi fi
AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile include/Makefile lib/util/Makefile lib/util/util.exp src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT AC_OUTPUT

3
mkpkg
View File

@@ -300,6 +300,9 @@ case "$osversion" in
;; ;;
esac esac
# The postinstall script will create tmpfiles.d/sudo.conf for us
configure_opts="${configure_opts}${configure_opts+$tab}--disable-tmpfiles.d"
# Remove spaces from IFS when setting $@ so that passprompt may include them # Remove spaces from IFS when setting $@ so that passprompt may include them
OIFS="$IFS" OIFS="$IFS"
IFS=" $nl" IFS=" $nl"

25
src/Makefile.in
View File

@@ -73,6 +73,7 @@ localedir = @localedir@
localstatedir = @localstatedir@ localstatedir = @localstatedir@
noexecfile = @NOEXECFILE@ noexecfile = @NOEXECFILE@
noexecdir = @NOEXECDIR@ noexecdir = @NOEXECDIR@
tmpfiles_d = @TMPFILES_D@
# User and group ids the installed files should be "owned" by # User and group ids the installed files should be "owned" by
install_uid = 0 install_uid = 0
@@ -147,21 +148,20 @@ install: install-binaries install-rc @INSTALL_NOEXEC@
install-dirs: install-dirs:
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \
$(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir) $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir)
@if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then \ if test -n "$(INIT_SCRIPT)"; then \
mkdir -p $(DESTDIR)/usr/lib/tmpfiles.d; \
fi
install-rc:
@if [ -n "$(INIT_SCRIPT)" ]; then \
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(INIT_DIR) \ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(INIT_DIR) \
`echo $(DESTDIR)$(RC_LINK) | $(SED) 's,/[^/]*$$,,'`; \ `echo $(DESTDIR)$(RC_LINK) | $(SED) 's,/[^/]*$$,,'`; \
elif test -n "$(tmpfiles_d)"; then \
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(tmpfiles_d); \
fi
install-rc: install-dirs
if [ -n "$(INIT_SCRIPT)" ]; then \
$(INSTALL) $(INSTALL_OWNER) -m 0755 $(top_srcdir)/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \ $(INSTALL) $(INSTALL_OWNER) -m 0755 $(top_srcdir)/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \
rm -f $(DESTDIR)$(RC_LINK); \ rm -f $(DESTDIR)$(RC_LINK); \
ln -s $(INIT_DIR)/sudo $(DESTDIR)$(RC_LINK); \ ln -s $(INIT_DIR)/sudo $(DESTDIR)$(RC_LINK); \
fi elif test -n "$(tmpfiles_d)"; then \
@if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then \ $(INSTALL) $(INSTALL_OWNER) -m 0644 $(top_srcdir)/init.d/sudo.conf $(DESTDIR)$(tmpfiles_d)/sudo.conf; \
echo "d $(DESTDIR)$(rundir) 0711 root root" > $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf; \
echo "D $(DESTDIR)$(rundir)/ts 0700 root root" >> $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf; \
fi fi
install-binaries: install-dirs $(PROGS) install-binaries: install-dirs $(PROGS)
@@ -190,9 +190,8 @@ uninstall:
$(DESTDIR)$(libexecdir)/sudo/sesh~ \ $(DESTDIR)$(libexecdir)/sudo/sesh~ \
$(DESTDIR)$(noexecdir)/sudo_noexec.so~ \ $(DESTDIR)$(noexecdir)/sudo_noexec.so~ \
$(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf $(DESTDIR)/usr/lib/tmpfiles.d/sudo.conf
@if [ -n "$(INIT_SCRIPT)" ]; then \ -test -n "$(INIT_SCRIPT)" && \
rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo; \ rm -f $(DESTDIR)$(RC_LINK) $(DESTDIR)$(INIT_DIR)/sudo
fi
cppcheck: cppcheck:
cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I. -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c

6
sudo.pp
View File

@@ -320,10 +320,6 @@ still allow people to get their work done."
/sbin/init.d/ ignore /sbin/init.d/ ignore
/sbin/init.d/sudo 0755 root: /sbin/init.d/sudo 0755 root:
%endif %endif
%if -d ${pp_destdir}/usr/lib/tmpfiles.d
/usr/lib/tmpfiles.d/ ignore
/usr/lib/tmpfiles.d/* ignore
%endif
%files [!aix] %files [!aix]
$mandir/man*/* 0644 $mandir/man*/* 0644
@@ -411,7 +407,7 @@ still allow people to get their work done."
%post [rpm,deb] %post [rpm,deb]
# Create /usr/lib/tmpfiles.d/sudo.conf if systemd is configured. # Create /usr/lib/tmpfiles.d/sudo.conf if systemd is configured.
if [ -r /usr/lib/tmpfiles.d/systemd.conf ]; then if [ -f /usr/lib/tmpfiles.d/systemd.conf ]; then
cat > /usr/lib/tmpfiles.d/sudo.conf <<-EOF cat > /usr/lib/tmpfiles.d/sudo.conf <<-EOF
d %{rundir} 0711 root root d %{rundir} 0711 root root
D %{rundir}/ts 0700 root root D %{rundir}/ts 0700 root root