From 23531b759fd31a50fbd1dcb84a4b004a8afa745f Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Fri, 13 Feb 2015 15:28:06 +0300 Subject: [PATCH 1/8] fix unpackaged faillock --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 51a9685..ce5f86f 100644 --- a/pam.spec +++ b/pam.spec @@ -141,12 +141,12 @@ having to recompile programs that handle authentication. %config %{_sysconfdir}/pam.d/postlogin /sbin/pam_console_apply /sbin/pam_tally2 +/sbin/faillock %attr(4755,root,root) /sbin/pam_timestamp_check %attr(0755,root,root) /sbin/pwhistory_helper %attr(4755,root,root) /sbin/unix_chkpwd %attr(0700,root,root) /sbin/unix_update %attr(0755,root,root) /sbin/mkhomedir_helper -%{_sbindir}/faillock %config(noreplace) %{_sysconfdir}/security/access.conf %config(noreplace) %{_sysconfdir}/security/chroot.conf %config(noreplace) %{_sysconfdir}/security/console.perms From 9901e7ddc805d56ee2fd37183714bea9f8c22f73 Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Fri, 13 Feb 2015 15:47:38 +0300 Subject: [PATCH 2/8] mark /var/run/console as ghost --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index ce5f86f..4a20dd5 100644 --- a/pam.spec +++ b/pam.spec @@ -168,7 +168,7 @@ having to recompile programs that handle authentication. /%{_lib}/security/*.so /%{_lib}/security/pam_filter /usr/lib/tmpfiles.d/pam.conf -%dir /var/run/console +%ghost %dir /var/run/console %ghost /var/log/tallylog %{_mandir}/man5/* %{_mandir}/man8/* From 3d6dab8cdbd606fea05348079eccb853c4410bdb Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Sun, 15 Feb 2015 21:17:48 +0300 Subject: [PATCH 3/8] set epoch --- pam.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pam.spec b/pam.spec index 4a20dd5..3e81cb6 100644 --- a/pam.spec +++ b/pam.spec @@ -13,6 +13,8 @@ %define pam_redhat_version 0.99.10-1 +Epoch: 1 + Summary: A security tool which provides authentication for applications Name: pam Version: 1.1.8 From 4ca18bcd8d114204af93363ed230d3db23447905 Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Sun, 15 Feb 2015 21:33:13 +0300 Subject: [PATCH 4/8] add pwquality and smartcard auth pam.d conf; --- pam.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 3e81cb6..17df153 100644 --- a/pam.spec +++ b/pam.spec @@ -18,7 +18,7 @@ Epoch: 1 Summary: A security tool which provides authentication for applications Name: pam Version: 1.1.8 -Release: 22 +Release: 23 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, License: BSD and GPLv2+ @@ -36,6 +36,8 @@ Source11: postlogin.pamd Source12: postlogin.5 Source13: pamtmp.conf Source14: 90-nproc.conf +Source15: password-auth.pamd +Source16: smartcard-auth.pamd #add missing documentation Source501: pam_tty_audit.8 Source502: README @@ -141,6 +143,8 @@ having to recompile programs that handle authentication. %attr(0644,root,shadow) %config(noreplace) %{_sysconfdir}/pam.d/system-auth-default %config %{_sysconfdir}/pam.d/config-util %config %{_sysconfdir}/pam.d/postlogin +%config %{_sysconfdir}/pam.d/password-auth +%config %{_sysconfdir}/pam.d/smartcard-auth /sbin/pam_console_apply /sbin/pam_tally2 /sbin/faillock @@ -310,6 +314,8 @@ install -m 644 %{SOURCE5} %{buildroot}/etc/pam.d/other install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/system-auth install -m 644 %{SOURCE7} %{buildroot}/etc/pam.d/config-util install -m 644 %{SOURCE11} %{buildroot}/etc/pam.d/postlogin +install -m 644 %{SOURCE15} %{buildroot}/etc/pam.d/password-auth +install -m 644 %{SOURCE16} %{buildroot}/etc/pam.d/smartcard-auth install -m 600 /dev/null %{buildroot}%{_sysconfdir}/security/opasswd install -d -m 755 %{buildroot}/var/log install -m 600 /dev/null %{buildroot}/var/log/tallylog From 4a820b637f43bb4250a198a06a211808020f5c28 Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Sun, 15 Feb 2015 22:38:11 +0300 Subject: [PATCH 5/8] bootstrap build --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 17df153..528f76c 100644 --- a/pam.spec +++ b/pam.spec @@ -6,7 +6,7 @@ %bcond_with prelude -%bcond_with bootstrap +%bcond_without bootstrap # Distro-specific default value is defined in branding-configs package %{?build_selinux}%{?!build_selinux:%bcond_with selinux} From 080556a4a5d3e65c0de39be5e5125cb76841e723 Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Sun, 15 Feb 2015 23:24:48 +0300 Subject: [PATCH 6/8] cleanup BR --- pam.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pam.spec b/pam.spec index 528f76c..b41d3ba 100644 --- a/pam.spec +++ b/pam.spec @@ -102,8 +102,6 @@ BuildRequires: flex # this pulls in the mega texlive load BuildRequires: linuxdoc-tools %endif -BuildRequires: db_nss-devel -BuildRequires: glibc-crypt_blowfish-devel BuildRequires: cracklib-devel BuildRequires: libaudit-devel BuildRequires: gettext-devel @@ -118,8 +116,6 @@ BuildRequires: prelude-devel >= 0.9.0 %else BuildConflicts: pkgconfig(libprelude) %endif -BuildRequires: pkgconfig(libtirpc) -BuildRequires: pkgconfig(openssl) Requires: cracklib-dicts Requires: setup >= 2.7.12-2 Requires(pre): rpm-helper From 831c7ebf92b596f8bef9e378eb681fe2a8bd1de0 Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Mon, 16 Feb 2015 00:08:16 +0300 Subject: [PATCH 7/8] build without bootstrap --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index b41d3ba..35eebff 100644 --- a/pam.spec +++ b/pam.spec @@ -6,7 +6,7 @@ %bcond_with prelude -%bcond_without bootstrap +%bcond_with bootstrap # Distro-specific default value is defined in branding-configs package %{?build_selinux}%{?!build_selinux:%bcond_with selinux} From 629d992ed6ca1e9eec87c57bae6ccd01263f5d34 Mon Sep 17 00:00:00 2001 From: "din (Dmitry Fedorov)" Date: Mon, 16 Feb 2015 00:11:46 +0300 Subject: [PATCH 8/8] fix BR --- pam.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pam.spec b/pam.spec index 35eebff..9e11977 100644 --- a/pam.spec +++ b/pam.spec @@ -104,6 +104,7 @@ BuildRequires: linuxdoc-tools %endif BuildRequires: cracklib-devel BuildRequires: libaudit-devel +BuildRequires: db_nss-devel BuildRequires: gettext-devel BuildRequires: pkgconfig(libtirpc) BuildRequires: db-devel