# # spec file for package libcap # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libcap Summary: Library for Capabilities (linux-privs) Support License: BSD-3-Clause and GPL-2.0 Group: Development/Libraries/C and C++ Version: 2.25 Release: 4.9 Source: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-%{version}.tar.xz Source2: baselibs.conf Url: https://sites.google.com/site/fullycapable/ BuildRequires: fdupes BuildRequires: pam-devel BuildRequires: pkg-config %description Capabilities are a measure to limit the omnipotence of the superuser. Currently a program started by root or setuid root has the power to do anything. Capabilities (Linux-Privs) provide a more fine-grained access control. Without kernel patches, you can use this library to drop capabilities within setuid binaries. If you use patches, this can be done automatically by the kernel. %package -n libcap2 Summary: Library for Capabilities (linux-privs) Support Group: System/Libraries %description -n libcap2 Capabilities are a measure to limit the omnipotence of the superuser. Currently a program started by root or setuid root has the power to do anything. Capabilities (Linux-Privs) provide a more fine-grained access control. Without kernel patches, you can use this library to drop capabilities within setuid binaries. If you use patches, this can be done automatically by the kernel. %package devel Summary: Development files for libcap Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcap2 = %{version} %description devel Development files (Headers, libraries for static linking, etc) for libcap. libcap is a library for getting and setting POSIX.1e (formerly POSIX 6) draft 15 capabilities. Install libcap-devel if you want to develop or compile applications using libcap. %package progs Summary: Libcap utility programs Group: System/Filesystems %description progs This package contains utility programs handling capabilities via libcap. %package -n pam_cap Summary: PAM Module for Capabilities Support Group: System/Libraries %description -n pam_cap A PAM module for per-session capabilities manipulation. %prep %setup -q %build make prefix=%{_prefix} lib=%{_lib} LIBDIR=%{_libdir} SBINDIR=%{_sbindir} \ INCDIR=%{_includedir} MANDIR=%{_mandir} DEBUG="-g %{optflags}" %install make install RAISE_SETFCAP=no \ DESTDIR=%{buildroot} \ LIBDIR=/%{_libdir} \ SBINDIR=/%{_sbindir} \ INCDIR=/%{_includedir} \ MANDIR=/%{_mandir}/ \ PKGCONFIGDIR=%{_libdir}/pkgconfig/ find %{buildroot} -type f -name '*.la' -print -delete # do not provide static libs rm %{buildroot}%{_libdir}/libcap.a mkdir -p %{buildroot}/%{_lib}/security mv %{buildroot}%{_libdir}/security/pam_cap.so %{buildroot}/%{_lib}/security/pam_cap.so install -D pam_cap/capability.conf %{buildroot}%{_sysconfdir}/security/capability.conf %fdupes -s $RPM_BUILD_ROOT %post -n libcap2 -p /sbin/ldconfig %postun -n libcap2 -p /sbin/ldconfig %files -n libcap2 %defattr(-,root,root) %license License %{_libdir}/libcap.so.* %files progs %defattr(-,root,root) %{_mandir}/man1/* %{_mandir}/man8/* %{_sbindir}/* %files devel %defattr(-,root,root) %license License %doc README CHANGELOG %{_includedir}/sys/capability.h %{_libdir}/*.so %{_libdir}/pkgconfig/%{name}.pc %{_mandir}/man3/* %files -n pam_cap %defattr(-,root,root) %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/security/capability.conf /%{_lib}/security/pam_cap.so %changelog * Thu Feb 22 2018 fvogt@suse.com - Use %%license (boo#1082318) * Tue Jan 31 2017 matwey.kornilov@gmail.com - Enable PAM pam_cap.so module * Sun Jan 1 2017 jengelh@inai.de - RPM group association fix * Mon Aug 29 2016 dimstar@opensuse.org - Update to versison 2.25: + Recover gperf detection in make rules. + Man page typo fix. + Tweak make rules to make packaging more straightforward. + Fix error explanation in setcap. + Drop need to link with libattr. It turns out libcap wasn't actually using any code from that library, so linking to it was superfluous. - Drop libcap-nolibattr.patch: fixed upstream. - No longer add %%{buildroot} to all variables for make install the Makefile learned about the meaning of DESTDIR. * Sat Jan 31 2015 p.drouand@gmail.com - Update to version 2.24 * Fix compilation problems (note to self, make distclean && make, before release) * Some make rule changes to make uploading a release to kernel.org easier for me. * Tidied up some documented links. - Update libcap-nolibattr.patch - Add pkg-config build requirement; libcap now provides a pkgconfig file - Clean up specfile - Move libraries and binaries to /usr because of #UsrMove * Thu Jun 19 2014 crrodriguez@opensuse.org - libcap-nolibattr.patch Do not link to libattr, it is a bogus dependency. application uses sys/xattr from libc. * Fri Feb 1 2013 coolo@suse.com - update license to new format * Tue Sep 20 2011 aj@suse.de - Cleanup specfile a bit: Remove old tags. * Tue Sep 20 2011 aj@suse.de - Update to libcap 2.22 - libcap 2.22 includes: * Clarified License file (with version 2 of the GPL) * Support getting/setting capabilities on large files * After --chroot command, change working directory to "/". - libcap 2.21 includes: * Introduce cap_get_bound() and cap_drop_bound() functions. also include a macro CAP_IS_SUPPORTED(cap) for capabilities - libcap 2.20 includes: * Latest kernel capabilites supported: now includes CAP_SYSLOG * $(CFLAGS) Makefile fixes * Default to installing setcap with an inheritable capability. * Thu Dec 2 2010 meissner@suse.de - updated to libcap-2.19 * more stuff in capsh.c * sys/capability.h header clean up and fixes. * Thu Dec 2 2010 meissner@suse.de - fixed build on ppc64 (needs to get linux/types.h included first). * Mon Jun 28 2010 jengelh@medozas.de - use %%_smp_mflags * Wed Jun 9 2010 chris@computersalat.de - fix deps for fdupes * Sat Dec 12 2009 jengelh@medozas.de - add baselibs.conf as a source * Wed Mar 18 2009 tiwai@suse.de - fix a typo in the previous patch (__le64) (bnc#487453) - don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453) * Tue Mar 10 2009 tiwai@suse.de - fix build error on i386 due to missing __u64 definition in sys/capability.h * Wed Jan 7 2009 tiwai@suse.de - updated to libcap-2.15: * Makefile fixes - updated to libcap-2.16: * stop using sed for parsing capability.h * Mon Oct 27 2008 tiwai@suse.de - updated to libcap-2.14: * add -v mode to setcap - updated to libcap-2.13: * fix a corner case of cap_to_text() - updated to libcap-2.12: * man page fixes * remove never used codes for sysfs check * Wed Oct 22 2008 mrueckert@suse.de - fix debug_packages_requires define * Wed Aug 6 2008 tiwai@suse.de - updated to libcap-2.11: * makefile fixes, minor clean-ups * fix cap_copy_int(), new cap_get_pid() and cap_compare() * fix cap_copy_ext() - fix build with libcap-2.11. * Sun Aug 3 2008 ro@suse.de - fix requires for debuginfo package * Wed Jun 11 2008 tiwai@suse.de - updated to libcap-2.10: v3 capabilities, documantation fixes, misc fixes * Wed Apr 23 2008 tiwai@suse.de - updated to libcap-2.08 properly supporting the recent 2.6 kernels * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Mon Apr 16 2007 tiwai@suse.de - follow library packaging policy * move docs to devel package * move binaries and man pages to progs sub package * fix *.so symlink in libdir * Wed Jan 24 2007 tiwai@suse.de - fix the access over array range in cap_extint.c (#237943). * Tue Dec 19 2006 tiwai@suse.de - update to libcap-1.10 to support fscaps (#229722, FATE#301748) * Wed May 24 2006 schwab@suse.de - Don't strip binaries. * Thu May 11 2006 tiwai@suse.de - fix invalid calls of free() (#174561) * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Fri Aug 19 2005 kukuk@suse.de - Create -devel subpackage * Thu Jun 23 2005 meissner@suse.de - use RPM_OPT_FLAGS. * Wed May 25 2005 tiwai@suse.de - fixed memory leak (#85659) * Wed Jan 19 2005 tiwai@suse.de - fixed compile warnings with gcc-4.0. * Thu Mar 25 2004 thomas@suse.de - added EAL3 man-page patch * Tue Jan 27 2004 kukuk@suse.de - Remove capget.2/capset.2 from package (version from man-pages is newer). * Sun Jan 11 2004 adrian@suse.de - add %%run_ldconfig * Mon Feb 24 2003 schwab@suse.de - Don't include kernel headers, instead copy the contents here. * Thu Feb 6 2003 garloff@suse.de - Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324]. - Use BuildRoot. * Wed Nov 27 2002 coolo@suse.de - link the library with the compiler so the depedencies are tracked correctly (#21996) * Tue Sep 17 2002 ro@suse.de - removed bogus self-provides * Wed Sep 4 2002 sf@suse.de - fix biarch error (added patch to Make.Rules) * Sun Aug 11 2002 kukuk@suse.de - Remove kernel-source from neededforbuild * Sat Apr 20 2002 garloff@suse.de - Include capfaq-0.2.txt - Disable syscall wrapper (capset/capget); it's defined in glibc. * Sat Apr 20 2002 garloff@suse.de - Compile syscall wrapper without -fPIC * Tue Apr 9 2002 ro@suse.de - apply gcc-3 fixes only for gcc-3 * Mon Mar 25 2002 stepan@suse.de - remove -ansi, as it forbids inline. (gcc3) - use -fpic for building libraries (gcc3) * Wed Sep 5 2001 ro@suse.de - updated neededforbuild and updated specfile (man and doc relocation) * Tue Sep 28 1999 garloff@suse.de - Initial check in of libcap. - Kernel patches are provided within the docdir.