source: trunk/server/fedora/specs/nss_nonlocal.spec @ 2322

Last change on this file since 2322 was 1825, checked in by andersk, 15 years ago
Update nss_nonlocal to 2.0 - Fix errno saving and restoring. - Document nss-nonlocal-users and nss-local-users groups in README. - Allow local whitelisting of nonlocal user and group memberships, using the magic local ‘nss-nonlocal-users’ user and group.
File size: 2.0 KB
RevLine 
[750]1Summary: nsswitch proxy module to prevent local account spoofing
2Group: System Environment/Libraries
3Name: nss_nonlocal
[1825]4Version: 2.0
[1508]5Release: 1
[750]6URL: http://debathena.mit.edu/nss_nonlocal/
[782]7BuildRequires: autoconf
8BuildRequires: automake
9BuildRequires: libtool
[1554]10License: LGPLv2+
[750]11Source: %{name}.tar.gz
12BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
[1825]13Requires(pre): shadow-utils
[750]14
15%description
16This nsswitch module acts as a proxy for other nsswitch modules like hesiod,
17but prevents non-local users from potentially gaining local privileges by
18spoofing local UIDs and GIDs.
19
20%prep
21%setup -q -n %{name}
22
[782]23cat >find_requires.sh <<EOF
24#!/bin/sh
25%{__find_requires} | grep -v GLIBC_PRIVATE
26exit 0
27EOF
28chmod +x find_requires.sh
29%define _use_internal_dependency_generator 0
30%define __find_requires %{_builddir}/%{buildsubdir}/find_requires.sh
31
[750]32%build
[782]33autoreconf -i
34%configure --libdir=/%{_lib}
35make
[750]36
37%install
38[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
[782]39make install DESTDIR=$RPM_BUILD_ROOT
[750]40
41%clean
42[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
43
44%files
45%defattr(-, root, root)
46%doc README
[782]47/%{_lib}/libnss_nonlocal.so.*
[750]48
49%pre
[1825]50getent passwd nss-nonlocal-users >/dev/null || \
51    useradd -r -g nobody -d / -s /sbin/nologin \
52    -c 'Magic user for local group whitelist' nss-nonlocal-users
53getent group nss-local-users || groupadd -r nss-local-users
54getent group nss-nonlocal-users || groupadd -r nss-nonlocal-users
55exit 0
[750]56
57%post
58/sbin/ldconfig
59
60%postun
61/sbin/ldconfig
62
63%changelog
64
[1825]65* Tue Mar 29 2011 Anders Kaseorg <andersk@mit.edu> 2.0-1
66- New upstream version.
67
[1553]68* Sun May  2 2010 Anders Kaseorg <andersk@mit.edu> 1.11-1
69- New upstream version.
70
[1508]71* Fri Mar 12 2010 Mitchell Berger <mitchb@mit.edu> 1.9-1
72- Per Fedora packaging guidelines, don't ever remove groups.
73- Rebuild to ensure that the nss-nonlocal-users group is added, even if it was
74  previously rejected by a buggy groupadd with an incorrect name length limit.
75
[750]76* Thu May  8 2008 Anders Kaseorg <andersk@mit.edu> 1.6-0
77- Initial RPM release.
Note: See TracBrowser for help on using the repository browser.