sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity

shadow: add new recipe 4.1.4.2 

(borrow from OpenEmbedded with below tweaks)

Enhance login_defs_pam.sed according to shadow source, to ensuer we don't
leave any unknown definitions in /etc/login.defs when pam is enabled

no need for --disable-account-tools-setuid which is detected upon pam
automatically, and no specific CFLAGS append

move shadow site options to generic site files

adjust indention

RDEPENDS on a list of pam-plugins since they're separately packaged

test with both pam enabled and pam disabled. when pam is enabled, tried
some same tweak with desired effect.

Signed-off-by: Kevin Tian <kevin.tian@intel.com>
This commit is contained in:
Kevin Tian 2010-08-06 10:34:29 +08:00 committed by Richard Purdie
parent 44d7c5678f
commit f6535ea12a
17 changed files with 786 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
meta-lsb/packages/shadow/shadow-4.1.4.2/login_defs_pam.sed vendored Normal file
View File

@ -0,0 +1,32 @@
/^FAILLOG_ENAB/b comment
/^LASTLOG_ENAB/b comment
/^MAIL_CHECK_ENAB/b comment
/^OBSCURE_CHECKS_ENAB/b comment
/^PORTTIME_CHECKS_ENAB/b comment
/^QUOTAS_ENAB/b comment
/^MOTD_FILE/b comment
/^FTMP_FILE/b comment
/^NOLOGINS_FILE/b comment
/^ENV_HZ/b comment
/^ENV_TZ/b comment
/^PASS_MIN_LEN/b comment
/^SU_WHEEL_ONLY/b comment
/^CRACKLIB_DICTPATH/b comment
/^PASS_CHANGE_TRIES/b comment
/^PASS_ALWAYS_WARN/b comment
/^PASS_MAX_LEN/b comment
/^PASS_MIN_LEN/b comment
/^CHFN_AUTH/b comment
/^CHSH_AUTH/b comment
/^ISSUE_FILE/b comment
/^LOGIN_STRING/b comment
/^ULIMIT/b comment
/^ENVIRON_FILE/b comment
b exit
: comment
s:^:#:
: exit

14
meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chfn vendored Normal file
View File

@ -0,0 +1,14 @@
#
# The PAM configuration file for the Shadow `chfn' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth include common-auth
account include common-account
session include common-session

4
meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chpasswd vendored Normal file
View File

@ -0,0 +1,4 @@
# The PAM configuration file for the Shadow 'chpasswd' service
#
password include common-password

19
meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chsh vendored Normal file
View File

@ -0,0 +1,19 @@
#
# The PAM configuration file for the Shadow `chsh' service
#
# This will not allow a user to change their shell unless
# their current one is listed in /etc/shells. This keeps
# accounts with special shells from changing them.
auth required pam_shells.so
# This allows root to change user shell without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth include common-auth
account include common-account
session include common-session

91
meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/login vendored Normal file
View File

@ -0,0 +1,91 @@
#
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
# Note that it is included as a "requisite" module. No password prompts will
# be displayed if this module fails to avoid having the root password
# transmitted on unsecure ttys.
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root).
auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without out this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
auth include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
# Standard Un*x account and session
account include common-account
password include common-password
session include common-session

4
meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/newusers vendored Normal file
View File

@ -0,0 +1,4 @@
# The PAM configuration file for the Shadow 'newusers' service
#
password include common-password

5
meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/passwd vendored Normal file
View File

@ -0,0 +1,5 @@
#
# The PAM configuration file for the Shadow `passwd' service
#
password include common-password

60
meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/su vendored Normal file
View File

@ -0,0 +1,60 @@
#
# The PAM configuration file for the Shadow `su' service
#
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
# Uncomment this to force users to be a member of group root
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "root" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth required pam_wheel.so
# Uncomment this if you want wheel members to be able to
# su without a password.
# auth sufficient pam_wheel.so trust
# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth required pam_wheel.so deny group=nosu
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on su usage.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
#
# "nopen" stands to avoid reporting new mail when su'ing to another user
session optional pam_mail.so nopen
# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session required pam_limits.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth include common-auth
account include common-account
session include common-session

206
meta-lsb/packages/shadow/shadow-4.1.4.2/securetty vendored Normal file
View File

@ -0,0 +1,206 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
# Standard serial ports
ttyS0
ttyS1
ttyS2
ttyS3
# Samsung ARM SoCs
ttySAC0
ttySAC1
ttySAC2
ttySAC3
# TI OMAP SoCs
ttyO0
ttyO1
ttyO2
ttyO3
# USB dongles
ttyUSB0
ttyUSB1
ttyUSB2
# PowerMac
ttyPZ0
ttyPZ1
ttyPZ2
ttyPZ3
# Embedded MPC platforms
ttyPSC0
ttyPSC1
ttyPSC2
ttyPSC3
ttyPSC4
ttyPSC5
# PA-RISC mux ports
ttyB0
ttyB1
# Standard hypervisor virtual console
hvc0
# Oldstyle Xen console
xvc0
# Standard consoles
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tty13
tty14
tty15
tty16
tty17
tty18
tty19
tty20
tty21
tty22
tty23
tty24
tty25
tty26
tty27
tty28
tty29
tty30
tty31
tty32
tty33
tty34
tty35
tty36
tty37
tty38
tty39
tty40
tty41
tty42
tty43
tty44
tty45
tty46
tty47
tty48
tty49
tty50
tty51
tty52
tty53
tty54
tty55
tty56
tty57
tty58
tty59
tty60
tty61
tty62
tty63
# Local X displays (allows empty passwords with pam_unix's nullok_secure)
:0
:0.0
:0.1
:1
:1.0
:1.1
:2
:2.0
:2.1
:3
:3.0
:3.1
# Embedded Freescale i.MX ports
ttymxc0
ttymxc1
ttymxc2
ttymxc3
ttymxc4
ttymxc5
# Standard serial ports, with devfs
tts/0
tts/1
# Standard consoles, with devfs
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
vc/12
vc/13
vc/14
vc/15
vc/16
vc/17
vc/18
vc/19
vc/20
vc/21
vc/22
vc/23
vc/24
vc/25
vc/26
vc/27
vc/28
vc/29
vc/30
vc/31
vc/32
vc/33
vc/34
vc/35
vc/36
vc/37
vc/38
vc/39
vc/40
vc/41
vc/42
vc/43
vc/44
vc/45
vc/46
vc/47
vc/48
vc/49
vc/50
vc/51
vc/52
vc/53
vc/54
vc/55
vc/56
vc/57
vc/58
vc/59
vc/60
vc/61
vc/62
vc/63

23
meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch vendored Normal file
View File

@ -0,0 +1,23 @@
# commit message copied from openembedded:
# commit 246c80637b135f3a113d319b163422f98174ee6c
# Author: Khem Raj <raj.khem@gmail.com>
# Date: Wed Jun 9 13:37:03 2010 -0700
#
# shadow-4.1.4.2: Add patches to support dots in login id.
#
# Signed-off-by: Khem Raj <raj.khem@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
Index: shadow-4.1.4.2/libmisc/chkname.c
===================================================================
--- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700
+++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700
@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n
( ('0' <= *name) && ('9' >= *name) ) ||
('_' == *name) ||
('-' == *name) ||
+ ('.' == *name) ||
( ('$' == *name) && ('\0' == *(name + 1)) )
)) {
return false;

27
meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch vendored Normal file
View File

@ -0,0 +1,27 @@
# commit message copied from openembedded:
# commit 246c80637b135f3a113d319b163422f98174ee6c
# Author: Khem Raj <raj.khem@gmail.com>
# Date: Wed Jun 9 13:37:03 2010 -0700
#
# shadow-4.1.4.2: Add patches to support dots in login id.
#
# Signed-off-by: Khem Raj <raj.khem@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
http://bugs.gentoo.org/283725
https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480
Index: shadow-4.1.4.2/libmisc/env.c
===================================================================
--- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700
+++ shadow-4.1.4.2/libmisc/env.c 2010-06-03 17:44:51.456408474 -0700
@@ -251,7 +251,7 @@ void sanitize_env (void)
if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
continue;
}
- if (strchr (*cur, '/') != NULL) {
+ if (strchr (*cur, '/') == NULL) {
continue; /* OK */
}
for (move = cur; NULL != *move; move++) {

32
meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch vendored Normal file
View File

@ -0,0 +1,32 @@
# commit message copied from openembedded:
# commit 246c80637b135f3a113d319b163422f98174ee6c
# Author: Khem Raj <raj.khem@gmail.com>
# Date: Wed Jun 9 13:37:03 2010 -0700
#
# shadow-4.1.4.2: Add patches to support dots in login id.
#
# Signed-off-by: Khem Raj <raj.khem@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
http://bugs.gentoo.org/300790
http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
2009-11-05 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/groupmod.c: Fixed groupmod when configured with
--enable-account-tools-setuid.
Index: shadow-4.1.4.2/src/groupmod.c
===================================================================
--- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700
+++ shadow-4.1.4.2/src/groupmod.c 2010-06-03 17:45:43.828952613 -0700
@@ -720,7 +720,7 @@ int main (int argc, char **argv)
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (NULL == pamh) {
+ if (NULL == pampw) {
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);

27
meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch vendored Normal file
View File

@ -0,0 +1,27 @@
# commit message copied from openembedded:
# commit 246c80637b135f3a113d319b163422f98174ee6c
# Author: Khem Raj <raj.khem@gmail.com>
# Date: Wed Jun 9 13:37:03 2010 -0700
#
# shadow-4.1.4.2: Add patches to support dots in login id.
#
# Signed-off-by: Khem Raj <raj.khem@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
http://bugs.gentoo.org/show_bug.cgi?id=301957
https://alioth.debian.org/scm/browser.php?group_id=30580
Index: shadow-4.1.4.2/src/su.c
===================================================================
--- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700
+++ shadow-4.1.4.2/src/su.c 2010-06-03 17:46:47.718944010 -0700
@@ -378,7 +378,7 @@ int main (int argc, char **argv)
#endif
#endif /* !USE_PAM */
- sanitize_env ();
+ /* sanitize_env (); */
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);

102
meta-lsb/packages/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch vendored Normal file
View File

@ -0,0 +1,102 @@
# patch is from openembedded:
# commit 2db61370333f7a2fc1dbb86385734883387e0217
# Author: Martin Jansa <Martin.Jansa@gmail.com>
# Date: Fri Apr 2 07:34:46 2010 +0200
#
# shadow: fix do_install with automake-1.11
#
# Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
#
# comment added by Kevin Tian <kevin.tian@intel.com>
man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice
diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am
--- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100
+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200
@@ -163,7 +163,6 @@
$(man_MANS) \
$(man_XMANS) \
$(addprefix login.defs.d/,$(login_defs_v)) \
- $(man_nopam) \
id.1 \
id.1.xml \
sulogin.8 \
diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am
--- shadow-4.1.4.2.orig/man/fr/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/fr/Makefile.am 2010-04-02 07:42:11.000000000 +0200
@@ -52,7 +52,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1
include ../generate_translations.mak
diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am
--- shadow-4.1.4.2.orig/man/it/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/it/Makefile.am 2010-04-02 07:42:20.000000000 +0200
@@ -46,7 +46,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1 \
logoutd.8
diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am
--- shadow-4.1.4.2.orig/man/ja/Makefile.am 2007-12-31 17:48:28.000000000 +0100
+++ shadow-4.1.4.2/man/ja/Makefile.am 2010-04-02 07:42:17.000000000 +0200
@@ -49,7 +49,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1 \
shadow.3 \
sulogin.8
diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am
--- shadow-4.1.4.2.orig/man/pl/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/pl/Makefile.am 2010-04-02 07:42:07.000000000 +0200
@@ -49,7 +49,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
getspnam.3 \
id.1 \
shadow.3 \
diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am
--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:39:00.000000000 +0200
+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:42:01.000000000 +0200
@@ -54,7 +54,6 @@
EXTRA_DIST = \
$(man_MANS) \
- $(man_nopam) \
id.1 \
sulogin.8
diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am
--- shadow-4.1.4.2.orig/man/sv/Makefile.am 2008-09-06 18:44:45.000000000 +0200
+++ shadow-4.1.4.2/man/sv/Makefile.am 2010-04-02 07:42:24.000000000 +0200
@@ -53,8 +53,7 @@
endif
EXTRA_DIST = \
- $(man_MANS) \
- $(man_nopam)
+ $(man_MANS)
include ../generate_translations.mak
--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:54:09.000000000 +0200
+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:51:57.000000000 +0200
@@ -1,7 +1,6 @@
mandir = @mandir@/ru
man_MANS = \
- $(man_nopam) \
chage.1 \
chfn.1 \
chgpasswd.8 \

121
meta-lsb/packages/shadow/shadow.inc Normal file
View File

@ -0,0 +1,121 @@
DESCRIPTION = "Tools to change and administer password and group data."
HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
SECTION = "base utils"
LICENSE = "BSD | Artistic"
LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe"
PAM_PLUGINS = " libpam-runtime \
pam-plugin-faildelay \
pam-plugin-securetty \
pam-plugin-nologin \
pam-plugin-env \
pam-plugin-group \
pam-plugin-limits \
pam-plugin-lastlog \
pam-plugin-motd \
pam-plugin-mail \
pam-plugin-shells \
pam-plugin-rootok"
DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
# since we deduce from ${SERIAL_CONSOLE}
PACKAGE_ARCH = "${MACHINE_ARCH}"
# Additional Policy files for PAM
PAM_SRC_URI = "file://pam.d/chfn \
file://pam.d/chpasswd \
file://pam.d/chsh \
file://pam.d/login \
file://pam.d/newusers \
file://pam.d/passwd \
file://pam.d/su"
SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
file://login_defs_pam.sed \
${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
file://securetty"
inherit autotools gettext
EXTRA_OECONF += "--without-audit \
--without-libcrack \
${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
--without-selinux"
do_install_append() {
# Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
# reconfigures Shadow to default (see sed below).
install -d ${D}${localstatedir}/spool/mail
if [ -e ${WORKDIR}/pam.d ]; then
install -d ${D}${sysconfdir}/pam.d/
install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
# Remove defaults that are not used when supporting PAM
sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
fi
# Enable CREATE_HOME by default.
sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
# As we are on an embedded system ensure the users mailbox is in ~/ not
# /var/spool/mail by default as who knows where or how big /var is.
# The system MDA will set this later anyway.
sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
# disable checking emails at all
sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
# now we don't have a mail system. disable mail creation for now
sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
for i in passwd chfn newgrp chsh ; do
mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN}
done
mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN}
mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN}
mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN}
# Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
if [ ! -z "${SERIAL_CONSOLE}" ]; then
# our SERIAL_CONSOLE contains baud rate too and sometime -L option as well.
# the following pearl :) takes that and converts it into newline sepated tty's and appends
# them into securetty. So if a machine has a weird looking console device node (e.g. ttyAMA0) that securetty
# does not know then it will get appended to securetty and root login will be allowed on
# that console.
echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]" >> ${WORKDIR}/securetty
fi
install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
}
pkg_postinst_${PN} () {
update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200
update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200
update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200
update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200
update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200
update-alternatives --install ${base_bindir}/login login login.${PN} 200
update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200
update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200
if [ "x$D" != "x" ]; then
exit 1
fi
pwconv
grpconv
}
pkg_prerm_${PN} () {
for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do
update-alternatives --remove $i $i.${PN}
done
}

11
meta-lsb/packages/shadow/shadow_4.1.4.2.bb Normal file
View File

@ -0,0 +1,11 @@
require shadow.inc
PR = "r0"
SRC_URI += "file://shadow.automake-1.11.patch \
file://shadow-4.1.3-dots-in-usernames.patch \
file://shadow-4.1.4.2-env-reset-keep-locale.patch \
file://shadow-4.1.4.2-groupmod-pam-check.patch \
file://shadow-4.1.4.2-su_no_sanitize_env.patch"
EXTRA_OECONF_libc-uclibc += " --with-nscd=no "

8
meta/site/common
View File

@ -7,3 +7,11 @@ ac_cv_file__dev_random=${ac_cv_file__dev_random=yes}
# Avoid sudo to assume void for unsetenv in cross environment, or else it conflicts with
# target stdlib.h prototype which follows POSIX compiliance. Mark for upstream.
sudo_cv_func_unsetenv_void=no
# shadow dir info, to avoid searching build system
shadow_cv_maildir=${localstatedir}/spool/mail
shadow_cv_mailfile=Mailbox
shadow_cv_utmpdir=${localstatedir}/run
shadow_cv_logdir=${localstatedir}/log
shadow_cv_passwd_dir=${bindir}