Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
>
jailkit
> jailkit.spec
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File jailkit.spec of Package jailkit
# norootforbuild %if 0%{?suse_version} == 0 %define has_cap 1 %else %if 0%{?suse_version} >= 1010 %define has_cap 1 %else %define has_cap 0 %endif %endif Name: jailkit Version: 2.10 Release: 1 Summary: Utilities for limited User Accounts Source: http://olivier.sessink.nl/jailkit/jailkit-%{version}.tar.bz2 Patch1: jailkit-fix_suse_init_script.patch Patch2: jailkit-fix_lib_order.patch URL: http://olivier.sessink.nl/jailkit/ Group: Productivity/Security License: BSD license (revised) BuildRoot: %{_tmppath}/build-%{name}-%{version} BuildRequires: python python-devel procmail %if %has_cap BuildRequires: libcap-devel %else PreReq: permissions %endif BuildRequires: gcc make glibc-devel BuildRequires: autoconf automake libtool Requires: /usr/bin/python Requires: /usr/bin/procmail PreReq: %insserv_prereq %description Jailkit is a set of utilities to limit user accounts to specific files using chroot() and or specific commands. Setting up a chroot shell, a shell limited to some specific command, or a daemon inside a chroot jail is a lot easier and can be automated using these utilities. Jailkit is used in network security appliances from several well known manufacturers, internet servers from several large enterprise organisations, servers from internet service providers, as well as many smaller companies and private users that need to secure cvs, sftp, shell or daemon processes. Authors: -------- Olivier Sessink <jailkit-dev@nongnu.org> %prep %setup -q %patch1 %patch2 %build %configure %__make %{?jobs:-j%{jobs}} %install %makeinstall %if !%has_cap # remove SUID bits and install permissions file %__install -d "%{buildroot}/etc/permissions.d" >"%{buildroot}/etc/permissions.d/%{name}" >"%{buildroot}/etc/permissions.d/%{name}.secure" %endif for f in "%{_sbindir}/jk_chrootsh" \ "%{_sbindir}/jk_procmailwrapper" \ "%{_bindir}/jk_uchroot" \ ; do %__chmod -s "%{buildroot}/$f" %if !%has_cap echo -e "$f\t\troot.root 4755" >> "%{buildroot}/etc/permissions.d/%{name}" echo -e "$f\t\troot.root 0755" >> "%{buildroot}/etc/permissions.d/%{name}.secure" %endif done %__install -D -m0755 extra/jailkit.suse \ "%{buildroot}/etc/init.d/jailkit" %__install -d "%{buildroot}/usr/sbin" %__ln_s ../../etc/init.d/jailkit "%{buildroot}/usr/sbin/rcjailkit" %post %if !%has_cap %run_permissions %endif %{fillup_and_insserv -f jailkit} %if !%has_cap %verifyscript %verify_permissions -e %{_sbindir}/jk_chrootsh %verify_permissions -e %{_sbindir}/jk_procmailwrapper %verify_permissions -e %{_bindir}/jk_uchroot %endif %preun %stop_on_removal jailkit %postun %restart_on_update jailkit %insserv_cleanup %clean %__rm -rf "%{buildroot}" %files %defattr(-,root,root) %doc COPYRIGHT README.txt %dir %{_sysconfdir}/jailkit %config(noreplace) %{_sysconfdir}/jailkit/jk_*.ini /etc/init.d/jailkit /usr/sbin/rcjailkit %if %has_cap %{_bindir}/jk_uchroot %{_sbindir}/jk_chrootsh %{_sbindir}/jk_procmailwrapper %else %config /etc/permissions.d/%{name} %config /etc/permissions.d/%{name}.secure %verify(not mode) %{_bindir}/jk_uchroot %verify(not mode) %{_sbindir}/jk_chrootsh %verify(not mode) %{_sbindir}/jk_procmailwrapper %endif %{_sbindir}/jk_addjailuser %{_sbindir}/jk_check %{_sbindir}/jk_chrootlaunch %{_sbindir}/jk_cp %{_sbindir}/jk_init %{_sbindir}/jk_jailuser %{_sbindir}/jk_list %{_sbindir}/jk_lsh %{_sbindir}/jk_socketd %{_sbindir}/jk_update %{_datadir}/jailkit %doc %{_mandir}/man8/jailkit.8* %doc %{_mandir}/man8/jk_*.8* %c angelog * Thu Oct 22 2009 Carsten Schoene <cs@linux-administrator.com> - 2.10-1 - update to 2.10 * fixes from 2.9 caused an incompatibility with jk_jailuser * this release fixes some compiler warnings * Thu Oct 15 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.9 - update to 2.9: * fixes symlink handling issues in previous versions, where symlinks in the jail that point to the real system caused jk_init and jk_cp to write to the real system instead of the jail * bugfix: ISPConfig users detected a serious issue on 64-bit Linux machines where files in the /lib64 directory could become overwritten - changes from 2.8: * capabilities are supported: on capability-enabled systems, you no longer need the setuid root bit on jk_chrootsh and jk_uchroot * Mon Apr 6 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.7 - update to 2.7: * fixes a regression in Jailkit 2.6 that may hang jk_chrootsh and jk_uchroot in a certain situation with chroot'ed interactive shells * Thu Apr 2 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.6 - update to 2.6: * this maintenance update includes some small code cleanups * Mon Mar 16 2009 Pascal Bleser <pascal.bleser@opensuse.org> 2.5 - new package # vim: set sw=3 ts=3 noet: # Local Variables: # mode: rpm-spec # tab-width: 3 # End:
