Context Navigation

source: trunk/server/fedora/specs/nss_nonlocal.spec @ 2374

Last change on this file since 2374 was 1825, checked in by andersk, 15 years ago
Update nss_nonlocal to 2.0 - Fix errno saving and restoring. - Document nss-nonlocal-users and nss-local-users groups in README. - Allow local whitelisting of nonlocal user and group memberships, using the magic local ‘nss-nonlocal-users’ user and group.
File size: 2.0 KB

Rev	Line
[750]	1	Summary: nsswitch proxy module to prevent local account spoofing
	2	Group: System Environment/Libraries
	3	Name: nss_nonlocal
[1825]	4	Version: 2.0
[1508]	5	Release: 1
[750]	6	URL: http://debathena.mit.edu/nss_nonlocal/
[782]	7	BuildRequires: autoconf
	8	BuildRequires: automake
	9	BuildRequires: libtool
[1554]	10	License: LGPLv2+
[750]	11	Source: %{name}.tar.gz
	12	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
[1825]	13	Requires(pre): shadow-utils
[750]	14
	15	%description
	16	This nsswitch module acts as a proxy for other nsswitch modules like hesiod,
	17	but prevents non-local users from potentially gaining local privileges by
	18	spoofing local UIDs and GIDs.
	19
	20	%prep
	21	%setup -q -n %{name}
	22
[782]	23	cat >find_requires.sh <<EOF
	24	#!/bin/sh
	25	%{__find_requires} \| grep -v GLIBC_PRIVATE
	26	exit 0
	27	EOF
	28	chmod +x find_requires.sh
	29	%define _use_internal_dependency_generator 0
	30	%define __find_requires %{_builddir}/%{buildsubdir}/find_requires.sh
	31
[750]	32	%build
[782]	33	autoreconf -i
	34	%configure --libdir=/%{_lib}
	35	make
[750]	36
	37	%install
	38	[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
[782]	39	make install DESTDIR=$RPM_BUILD_ROOT
[750]	40
	41	%clean
	42	[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
	43
	44	%files
	45	%defattr(-, root, root)
	46	%doc README
[782]	47	/%{_lib}/libnss_nonlocal.so.*
[750]	48
	49	%pre
[1825]	50	getent passwd nss-nonlocal-users >/dev/null \|\| \
	51	useradd -r -g nobody -d / -s /sbin/nologin \
	52	-c 'Magic user for local group whitelist' nss-nonlocal-users
	53	getent group nss-local-users \|\| groupadd -r nss-local-users
	54	getent group nss-nonlocal-users \|\| groupadd -r nss-nonlocal-users
	55	exit 0
[750]	56
	57	%post
	58	/sbin/ldconfig
	59
	60	%postun
	61	/sbin/ldconfig
	62
	63	%changelog
	64
[1825]	65	* Tue Mar 29 2011 Anders Kaseorg <andersk@mit.edu> 2.0-1
	66	- New upstream version.
	67
[1553]	68	* Sun May 2 2010 Anders Kaseorg <andersk@mit.edu> 1.11-1
	69	- New upstream version.
	70
[1508]	71	* Fri Mar 12 2010 Mitchell Berger <mitchb@mit.edu> 1.9-1
	72	- Per Fedora packaging guidelines, don't ever remove groups.
	73	- Rebuild to ensure that the nss-nonlocal-users group is added, even if it was
	74	previously rejected by a buggy groupadd with an incorrect name length limit.
	75
[750]	76	* Thu May 8 2008 Anders Kaseorg <andersk@mit.edu> 1.6-0
	77	- Initial RPM release.

Note: See TracBrowser for help on using the repository browser.

Download in other formats: