Context Navigation

nss_nonlocal.spec @ 2001

Last change on this file since 2001 was 1878, checked in by achernya, 14 years ago
Merge r1803-1877 from trunk to branches/fc15-dev
File size: 2.0 KB

Line
1	Summary: nsswitch proxy module to prevent local account spoofing
2	Group: System Environment/Libraries
3	Name: nss_nonlocal
4	Version: 2.0
5	Release: 1
6	URL: http://debathena.mit.edu/nss_nonlocal/
7	BuildRequires: autoconf
8	BuildRequires: automake
9	BuildRequires: libtool
10	License: LGPLv2+
11	Source: %{name}.tar.gz
12	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
13	Requires(pre): shadow-utils
14
15	%description
16	This nsswitch module acts as a proxy for other nsswitch modules like hesiod,
17	but prevents non-local users from potentially gaining local privileges by
18	spoofing local UIDs and GIDs.
19
20	%prep
21	%setup -q -n %{name}
22
23	cat >find_requires.sh <<EOF
24	#!/bin/sh
25	%{__find_requires} \| grep -v GLIBC_PRIVATE
26	exit 0
27	EOF
28	chmod +x find_requires.sh
29	%define _use_internal_dependency_generator 0
30	%define __find_requires %{_builddir}/%{buildsubdir}/find_requires.sh
31
32	%build
33	autoreconf -i
34	%configure --libdir=/%{_lib}
35	make
36
37	%install
38	[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
39	make install DESTDIR=$RPM_BUILD_ROOT
40
41	%clean
42	[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
43
44	%files
45	%defattr(-, root, root)
46	%doc README
47	/%{_lib}/libnss_nonlocal.so.*
48
49	%pre
50	getent passwd nss-nonlocal-users >/dev/null \|\| \
51	useradd -r -g nobody -d / -s /sbin/nologin \
52	-c 'Magic user for local group whitelist' nss-nonlocal-users
53	getent group nss-local-users \|\| groupadd -r nss-local-users
54	getent group nss-nonlocal-users \|\| groupadd -r nss-nonlocal-users
55	exit 0
56
57	%post
58	/sbin/ldconfig
59
60	%postun
61	/sbin/ldconfig
62
63	%changelog
64
65	* Tue Mar 29 2011 Anders Kaseorg <andersk@mit.edu> 2.0-1
66	- New upstream version.
67
68	* Sun May 2 2010 Anders Kaseorg <andersk@mit.edu> 1.11-1
69	- New upstream version.
70
71	* Fri Mar 12 2010 Mitchell Berger <mitchb@mit.edu> 1.9-1
72	- Per Fedora packaging guidelines, don't ever remove groups.
73	- Rebuild to ensure that the nss-nonlocal-users group is added, even if it was
74	previously rejected by a buggy groupadd with an incorrect name length limit.
75
76	* Thu May 8 2008 Anders Kaseorg <andersk@mit.edu> 1.6-0
77	- Initial RPM release.

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/fc15-dev/server/fedora/specs/nss_nonlocal.spec @ 2001

Download in other formats: