%define set_tcbver 0.7
%define major 0
%define libname %mklibname %{name} %{major}
%define develname %mklibname %{name} -d
%define libpamname %mklibname pam 0
Summary: Libraries and tools implementing the tcb password shadowing scheme
Name: tcb
Version: 1.0.6
Release: %mkrel 0
License: BSD or GPL
Group: System/Libraries
URL: http://www.openwall.com/tcb/
Source0: ftp://ftp.openwall.com/pub/projects/tcb/%{name}-%{version}.tar.gz
Source1: ftp://ftp.openwall.com/pub/projects/tcb/%{name}-%{version}.tar.gz.sign
Source2: set_tcb-%{set_tcbver}.tar.bz2
Patch0: tcb-1.0.2-assume_shadow.patch
Patch2: set_tcb-0.7-nofork.patch
# Fix handling of negative fields in /etc/shadow on x86_64 with recent glibc (#52330)
Patch3: tcb-1.0.3-warn.patch
# Use translations from pam for the available messages (#59331)
Patch4: tcb-1.0.3-i18n.patch
BuildRequires: glibc-crypt_blowfish-devel
BuildRequires: pam-devel
Requires: %{libname} >= %{version}
Requires: pam_tcb = %{version}
Requires: nss_tcb = %{version}
Requires: shadow-utils >= 4.0.12-10mdv
BuildRoot: %{_tmppath}/%{name}-%{version}
%description
The tcb package consists of three components: pam_tcb, libnss_tcb, and
libtcb. pam_tcb is a PAM module which supersedes pam_unix and pam_pwdb.
It also implements the tcb password shadowing scheme (see tcb(5) for
details). The tcb scheme allows many core system utilities (passwd(1)
being the primary example) to operate with little privilege. libnss_tcb
is the accompanying NSS module. libtcb contains code shared by the
PAM and NSS modules and is also used by programs from the shadow-utils
package.
%package -n %{libname}
Summary: Libraries and tools implementing the tcb password shadowing scheme
Group: System/Libraries
Requires: glibc-crypt_blowfish
Requires(pre): setup
%description -n %{libname}
libtcb contains code shared by the PAM and NSS modules and is also used
by programs from the shadow-utils package.
%package -n pam_tcb
Summary: PAM module for TCB
Group: System/Libraries
Requires: %{libname} >= %{version}
%description -n pam_tcb
pam_tcb is a PAM module which supersedes pam_unix and pam_pwdb.
It also implements the tcb password shadowing scheme (see tcb(5) for
details). The tcb scheme allows many core system utilities (passwd(1)
being the primary example) to operate with little privilege.
%package -n nss_tcb
Summary: NSS library for TCB
Group: System/Libraries
Requires(post): rpm-helper
Requires(postun): rpm-helper
Requires: %{libname} = %{version}
%description -n nss_tcb
libnss_tcb is the accompanying NSS module for pam_tcb.
%package -n %{develname}
Summary: Libraries and header files for building tcb-aware applications
Group: Development/Other
Requires: %{libname} >= %{version}
Provides: %{name}-devel = %{version}-%{release}
%description -n %{develname}
This package contains static libraries and header files needed for
building tcb-aware applications.
%prep
%setup -q -a2
%patch0 -p1
%patch2 -p0
%patch3 -p1
%patch4 -p1
cat Make.defs | sed -e "s|LIBEXECDIR = /usr/libexec|LIBEXECDIR = %{_libdir}|" >Make.defs.new
cat Make.defs.new | sed -e "s|/lib$|/%{_lib}|g" >Make.defs
%build
%serverbuild
CFLAGS="%{optflags} -DENABLE_SETFSUGID" %make
%install
rm -rf %{buildroot}
make install-non-root install-pam_pwdb \
DESTDIR=%{buildroot} \
MANDIR=%{_mandir} \
LIBDIR=%{_libdir} \
LIBEXECDIR=%{_libdir} \
SLIBDIR=/%{_lib}
mkdir -p %{buildroot}%{_sbindir}
install -m 0750 set_tcb-%{set_tcbver}/set_tcb %{buildroot}%{_sbindir}/
install -m 0644 set_tcb-%{set_tcbver}/set_tcb.8 %{buildroot}%{_mandir}/man8/
%post -n nss_tcb
if [ -f %{_initrddir}/nscd ]; then
%_post_service nscd
fi
%postun -n nss_tcb
if [ -f %{_initrddir}/nscd ]; then
%_preun_service nscd
fi
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc LICENSE
/sbin/tcb_convert
/sbin/tcb_unconvert
%{_sbindir}/set_tcb
%{_mandir}/man8/tcb_convert.8*
%{_mandir}/man8/tcb_unconvert.8*
%{_mandir}/man8/set_tcb.8*
%files -n %{libname}
%defattr(-,root,root)
/%{_lib}/libtcb.so.%{major}*
%attr(0755,root,chkpwd) %verify(not mode group) %dir %{_libdir}/chkpwd
%attr(2755,root,shadow) %verify(not mode group) %{_libdir}/chkpwd/tcb_chkpwd
%{_mandir}/man5/tcb.5*
%files -n nss_tcb
%defattr(-,root,root)
/%{_lib}/libnss_tcb.so.2
%files -n pam_tcb
%defattr(-,root,root)
/%{_lib}/security/pam_pwdb.so
/%{_lib}/security/pam_tcb.so
%{_mandir}/man8/pam_pwdb.8*
%{_mandir}/man8/pam_tcb.8*
%files -n %{develname}
%defattr(-,root,root)
%{_includedir}/tcb.h
%{_libdir}/libtcb.a
%{_libdir}/libtcb.so
%changelog
* Tue Jan 11 2011 pterjan <pterjan> 1.0.6-0.mga1
+ Revision: 5882
- Drop old stuff
- imported package tcb
* Sun Dec 05 2010 Oden Eriksson <oeriksson@mandriva.com> 1.0.6-0mdv2011.0
+ Revision: 609635
- 1.0.6
- drop P5, it's applied upstream
- spec file massage
* Fri Dec 03 2010 Oden Eriksson <oeriksson@mandriva.com> 1.0.3-7mdv2011.0
+ Revision: 607982
- rebuild
* Fri Jun 04 2010 Pascal Terjan <pterjan@mandriva.org> 1.0.3-6mdv2010.1
+ Revision: 547106
- fix tcb_is_suspect (breaks at least on btrfs) (#59588)
- translate more strings
* Fri May 21 2010 Pascal Terjan <pterjan@mandriva.org> 1.0.3-4mdv2010.1
+ Revision: 545602
- Use translations from pam for available messages (#59331)
* Thu Dec 17 2009 Pascal Terjan <pterjan@mandriva.org> 1.0.3-3mdv2010.1
+ Revision: 479732
- Fix handling of negative fields in /etc/shadow on x86_64 with recent glibc (#52330)
* Thu Sep 03 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.0.3-2mdv2010.0
+ Revision: 427284
- rebuild
* Thu Apr 09 2009 Oden Eriksson <oeriksson@mandriva.com> 1.0.3-1mdv2009.1
+ Revision: 365388
- 1.0.3
- drop the exit patch, it's implemented upstream (P1)
* Tue Mar 31 2009 Pascal Terjan <pterjan@mandriva.org> 1.0.2-21mdv2009.1
+ Revision: 362887
- Do not set fork option
* Mon Mar 30 2009 Pascal Terjan <pterjan@mandriva.org> 1.0.2-20mdv2009.1
+ Revision: 362228
- Don't call atexit signals in child process (#43106)
* Thu Dec 18 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-19mdv2009.1
+ Revision: 315404
- set_tcb 0.7; should fix some issues with changing password hashes
* Wed Aug 27 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-18mdv2009.0
+ Revision: 276450
- set_tcb 0.6
* Mon Aug 25 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-17mdv2009.0
+ Revision: 275953
- relax permissions of the password checker
* Tue Aug 12 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-16mdv2009.0
+ Revision: 271142
- remove the %%trigger script, due to install ordering it will never be run so put it in the pam package instead
* Sun Aug 10 2008 Olivier Blin <oblin@mandriva.com> 1.0.2-15mdv2009.0
+ Revision: 270204
- conflict with pam and libpam0 < 0.99.8.1-13
(or else we can end up with no pam_unix on the system)
* Sat Aug 09 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-14mdv2009.0
+ Revision: 270080
- set_tcb 0.5
don't install pam_unix compat symlinks
call set_tcb to migrate login.defs and system-auth
* Fri Aug 08 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-13mdv2009.0
+ Revision: 269005
- set_tcb 0.3
* Sat Jul 19 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-12mdv2009.0
+ Revision: 238837
- set_tcb 0.2
* Mon Jul 14 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-11mdv2009.0
+ Revision: 234436
- include the set_tcb script
* Sat Jun 14 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-10mdv2009.0
+ Revision: 219107
- really fix the nscd restart
* Wed Jun 11 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-9mdv2009.0
+ Revision: 218049
- make the nscd test exit 0 if the nscd initscript doesn't exist
* Mon Jun 09 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-8mdv2009.0
+ Revision: 217264
- make sure the nscd initscript exists before trying to restart it
+ Pixel <pixel@mandriva.com>
- do not call ldconfig in %%post/%%postun, it is now handled by filetriggers
* Sat May 31 2008 Frederik Himpe <fhimpe@mandriva.org> 1.0.2-7mdv2009.0
+ Revision: 213851
- Fix conflicts to make it upgrade without conflicts from 2008.1
* Fri May 30 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-6mdv2009.0
+ Revision: 213352
- make /usr/lib/chkpwd world-executable so gnome-screensaver will work (as we cannot make it sgid chkpwd)
* Fri May 23 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-5mdv2009.0
+ Revision: 210386
- further make fixes
* Fri May 23 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-4mdv2009.0
+ Revision: 210180
- fix where pam_tcb is finding it's password helper
* Wed May 21 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-3mdv2009.0
+ Revision: 209784
- added assume_shadow.patch: pam_unix assumes that 'shadow' is set always,
but pam_tcb only assumes this for account, so add it to the other pam types
* Mon May 19 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-2mdv2009.0
+ Revision: 209102
- add conflicts on old pre-TCB-aware pam
- requires TCB-aware shadow-utils
* Sun May 18 2008 Vincent Danen <vdanen@mandriva.com> 1.0.2-1mdv2009.0
+ Revision: 208802
- fix group on the -devel package
- import tcb from Annvix
