1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
#!/usr/bin/make -f
export DH_VERBOSE=1
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
CFLAGS = `dpkg-buildflags --get CFLAGS`
CFLAGS += -Wall -Wno-comment
LDFLAGS = `dpkg-buildflags --get LDFLAGS`
CPPFLAGS = `dpkg-buildflags --get CPPFLAGS`
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
ifeq ($(DEB_HOST_ARCH_OS),linux)
configure_args += --with-selinux --with-linux-audit --enable-tmpfiles.d=yes
endif
reconf-stamp:
cp -f /usr/share/misc/config.sub config.sub
cp -f /usr/share/misc/config.guess config.guess
autoconf -I m4
touch $@
configure: configure-stamp
configure-stamp: reconf-stamp
dh_testdir
cp -f /usr/share/misc/config.sub config.sub
cp -f /usr/share/misc/config.guess config.guess
# simple version
NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \
CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \
dh_auto_configure --builddirectory=build-simple -- \
-v \
--with-all-insults \
--with-pam \
--with-fqdn \
--with-logging=syslog \
--with-logfac=authpriv \
--with-env-editor \
--with-editor=/usr/bin/editor \
--with-exampledir=/usr/share/doc/sudo/examples \
--with-timeout=15 \
--with-password-timeout=0 \
--with-passprompt="[sudo] password for %p: " \
--disable-root-mailer \
--with-sendmail=/usr/sbin/sendmail \
--with-rundir=/run/sudo \
--libexecdir=/usr/lib/sudo \
--with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
$(configure_args)
# LDAP version
NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \
CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" \
dh_auto_configure --builddirectory=build-ldap -- \
-v \
--with-all-insults \
--with-pam \
--with-ldap \
--with-fqdn \
--with-logging=syslog \
--with-logfac=authpriv \
--with-env-editor \
--with-editor=/usr/bin/editor \
--with-exampledir=/usr/share/doc/sudo-ldap/examples \
--with-timeout=15 \
--with-password-timeout=0 \
--with-passprompt="[sudo] password for %p: " \
--disable-root-mailer \
--disable-setresuid \
--with-sendmail=/usr/sbin/sendmail \
--with-rundir=/run/sudo \
--with-ldap-conf-file=/etc/sudo-ldap.conf \
--libexecdir=/usr/lib/sudo \
--with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
$(configure_args)
touch configure-stamp
build: build-arch build-indep
build-arch: build-stamp
build-indep: build-stamp
build-stamp: configure-stamp
dh_testdir
$(MAKE) -C build-simple
$(MAKE) -C build-ldap
ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
$(MAKE) -C build-simple check
endif
touch build-stamp
clean:
dh_testdir
dh_testroot
rm -f configure-stamp build-stamp
rm -rf build-simple build-ldap
rm -f config.cache
dh_clean
install: build-stamp
dh_testdir
dh_testroot
dh_prep
dh_installdirs
$(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo
$(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap
# remove stuff we don't want
rm -f debian/sudo*/etc/sudoers \
debian/sudo*/usr/share/doc/sudo/LICENSE* \
debian/sudo*/usr/share/doc/sudo/ChangeLog
# provide upstream sudoers.dist as an alternate example
mv debian/sudo/etc/sudoers.dist \
debian/sudo/usr/share/doc/sudo/examples/sudoers.dist
mv debian/sudo-ldap/etc/sudoers.dist \
debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers.dist
# /run/sudo directory is created at boot time and shouldn't be in the
# package
rm -rf debian/sudo*/run
# move upstream-installed docs to the right place for ldap package
mv debian/sudo-ldap/usr/share/doc/sudo/* \
debian/sudo-ldap/usr/share/doc/sudo-ldap/
rmdir debian/sudo-ldap/usr/share/doc/sudo
# and install things we do want that make install doesn't know about
install -o root -g root -m 0644 debian/sudo.pam \
debian/sudo/etc/pam.d/sudo
install -o root -g root -m 0644 debian/sudo.pam \
debian/sudo-ldap/etc/pam.d/sudo
install -o root -g root -m 0644 debian/sudo.lintian \
debian/sudo/usr/share/lintian/overrides/sudo
install -o root -g root -m 0644 debian/sudo-ldap.lintian \
debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
install -o root -g root -m 0440 debian/sudoers \
debian/sudo/etc/sudoers
install -o root -g root -m 0440 debian/sudoers \
debian/sudo-ldap/etc/sudoers
install -o root -g root -m 0440 debian/README \
debian/sudo/etc/sudoers.d/README
install -o root -g root -m 0440 debian/README \
debian/sudo-ldap/etc/sudoers.d/README
# we don't want the initscript to run, the creation of the rundir and
# the cleanup the stamp files is now done by tmpfiles when using
# systemd
ln -s /dev/null debian/sudo/lib/systemd/system/sudo.service
ln -s /dev/null debian/sudo-ldap/lib/systemd/system/sudo.service
binary-indep: build install
binary-arch: build install
dh_testdir
dh_testroot
dh_installdocs -A
dh_installinit -psudo --name=sudo
dh_installinit -psudo-ldap --name=sudo-ldap
dh_installman -A
dh_installinfo -A
dh_installchangelogs ChangeLog
# clear dependency_libs field in .la files
sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'`
dh_strip
dh_compress
dh_fixperms
chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
chmod 0440 debian/sudo/etc/sudoers.d/README \
debian/sudo-ldap/etc/sudoers.d/README
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
binary: binary-indep binary-arch
.PHONY: configure build-indep build-arch build clean binary-indep binary-arch binary install
|
