diff options
7 files changed, 151 insertions, 131 deletions
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch index 7a2ff2e24..a7bb0a929 100644 --- a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch +++ b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch @@ -9,6 +9,10 @@ # # comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 +Upstream-Status: Pending + +Signed-off-by: Scott Garman <scott.a.garman@intel.com> + Index: shadow-4.1.4.2/libmisc/chkname.c =================================================================== --- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700 diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch index 124065c7f..651474674 100644 --- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch +++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch @@ -12,6 +12,10 @@ http://bugs.gentoo.org/283725 https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480 +Upstream-Status: Pending + +Signed-off-by: Scott Garman <scott.a.garman@intel.com> + Index: shadow-4.1.4.2/libmisc/env.c =================================================================== --- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700 diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch index 6682fe807..640200b79 100644 --- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch +++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch @@ -17,6 +17,10 @@ http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.h * NEWS, src/groupmod.c: Fixed groupmod when configured with --enable-account-tools-setuid. +Upstream-Status: Pending + +Signed-off-by: Scott Garman <scott.a.garman@intel.com> + Index: shadow-4.1.4.2/src/groupmod.c =================================================================== --- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700 diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch index f67251c84..0dc4d75b9 100644 --- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch +++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch @@ -12,6 +12,10 @@ http://bugs.gentoo.org/show_bug.cgi?id=301957 https://alioth.debian.org/scm/browser.php?group_id=30580 +Upstream-Status: Pending + +Signed-off-by: Scott Garman <scott.a.garman@intel.com> + Index: shadow-4.1.4.2/src/su.c =================================================================== --- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700 diff --git a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch index 36d7be6fd..a793f09a4 100644 --- a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch +++ b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch @@ -11,6 +11,10 @@ man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice +Upstream-Status: Pending + +Signed-off-by: Scott Garman <scott.a.garman@intel.com> + diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am --- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100 +++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200 diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc deleted file mode 100644 index 35bd6a881..000000000 --- a/meta/recipes-extended/shadow/shadow.inc +++ /dev/null @@ -1,123 +0,0 @@ -DESCRIPTION = "Tools to change and administer password and group data." -HOMEPAGE = "http://pkg-shadow.alioth.debian.org/" -BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" -SECTION = "base utils" -LICENSE = "BSD | Artistic" -LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \ - file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe" - -PR = "r1" - -PAM_PLUGINS = " libpam-runtime \ - pam-plugin-faildelay \ - pam-plugin-securetty \ - pam-plugin-nologin \ - pam-plugin-env \ - pam-plugin-group \ - pam-plugin-limits \ - pam-plugin-lastlog \ - pam-plugin-motd \ - pam-plugin-mail \ - pam-plugin-shells \ - pam-plugin-rootok" - -DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}" - -# since we deduce from ${SERIAL_CONSOLE} -PACKAGE_ARCH = "${MACHINE_ARCH}" - -# Additional Policy files for PAM -PAM_SRC_URI = "file://pam.d/chfn \ - file://pam.d/chpasswd \ - file://pam.d/chsh \ - file://pam.d/login \ - file://pam.d/newusers \ - file://pam.d/passwd \ - file://pam.d/su" - -SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \ - file://login_defs_pam.sed \ - ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://securetty" - -inherit autotools gettext - -EXTRA_OECONF += "--without-audit \ - --without-libcrack \ - ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \ - --without-selinux" - -do_install_append() { - # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user - # reconfigures Shadow to default (see sed below). - install -d ${D}${localstatedir}/spool/mail - - if [ -e ${WORKDIR}/pam.d ]; then - install -d ${D}${sysconfdir}/pam.d/ - install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ - # Remove defaults that are not used when supporting PAM - sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs - fi - - # Enable CREATE_HOME by default. - sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs - - # As we are on an embedded system ensure the users mailbox is in ~/ not - # /var/spool/mail by default as who knows where or how big /var is. - # The system MDA will set this later anyway. - sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs - sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs - - # disable checking emails at all - sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs - - # now we don't have a mail system. disable mail creation for now - sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd - sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd - - install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} - for i in passwd chfn newgrp chsh ; do - mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN} - done - - mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN} - mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN} - mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN} - mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN} - - # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined. - if [ ! -z "${SERIAL_CONSOLE}" ]; then - # our SERIAL_CONSOLE contains baud rate too and sometime -L option as well. - # the following pearl :) takes that and converts it into newline sepated tty's and appends - # them into securetty. So if a machine has a weird looking console device node (e.g. ttyAMA0) that securetty - # does not know then it will get appended to securetty and root login will be allowed on - # that console. - echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]" >> ${WORKDIR}/securetty - fi - install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty -} - -pkg_postinst_${PN} () { - update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200 - update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200 - update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200 - update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200 - update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200 - update-alternatives --install ${base_bindir}/login login login.${PN} 200 - update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200 - update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200 - - if [ "x$D" != "x" ]; then - exit 1 - fi - - pwconv - grpconv -} - -pkg_prerm_${PN} () { - for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do - update-alternatives --remove $i $i.${PN} - done -} diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb index c8aa223b6..930ef3d04 100644 --- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb +++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb @@ -1,14 +1,137 @@ -require shadow.inc +SUMMARY = "Tools to change and administer password and group data" +DESCRIPTION = "Tools to change and administer password and group data" +HOMEPAGE = "http://pkg-shadow.alioth.debian.org" +BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" +SECTION = "base utils" +PRIORITY = "optional" +LICENSE = "BSD | Artistic" +LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \ + file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe" -PR = "r1" +DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}" +PR = "r2" -SRC_URI += "file://shadow.automake-1.11.patch \ - file://shadow-4.1.3-dots-in-usernames.patch \ - file://shadow-4.1.4.2-env-reset-keep-locale.patch \ - file://shadow-4.1.4.2-groupmod-pam-check.patch \ - file://shadow-4.1.4.2-su_no_sanitize_env.patch" +SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \ + file://login_defs_pam.sed \ + ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://securetty \ + file://shadow.automake-1.11.patch \ + file://shadow-4.1.3-dots-in-usernames.patch \ + file://shadow-4.1.4.2-env-reset-keep-locale.patch \ + file://shadow-4.1.4.2-groupmod-pam-check.patch \ + file://shadow-4.1.4.2-su_no_sanitize_env.patch" SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" -EXTRA_OECONF_libc-uclibc += " --with-nscd=no " +inherit autotools gettext + +# Since we deduce our arch from ${SERIAL_CONSOLE} +PACKAGE_ARCH = "${MACHINE_ARCH}" + +EXTRA_OECONF += "--without-audit \ + --without-libcrack \ + ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \ + --without-selinux" +EXTRA_OECONF_libc-uclibc += "--with-nscd=no" + +PAM_PLUGINS = "libpam-runtime \ + pam-plugin-faildelay \ + pam-plugin-securetty \ + pam-plugin-nologin \ + pam-plugin-env \ + pam-plugin-group \ + pam-plugin-limits \ + pam-plugin-lastlog \ + pam-plugin-motd \ + pam-plugin-mail \ + pam-plugin-shells \ + pam-plugin-rootok" + +# Additional Policy files for PAM +PAM_SRC_URI = "file://pam.d/chfn \ + file://pam.d/chpasswd \ + file://pam.d/chsh \ + file://pam.d/login \ + file://pam.d/newusers \ + file://pam.d/passwd \ + file://pam.d/su" + +do_install_append() { + # Ensure that the image has as a /var/spool/mail dir so shadow can + # put mailboxes there if the user reconfigures shadow to its + # defaults (see sed below). + install -d ${D}${localstatedir}/spool/mail + + if [ -e ${WORKDIR}/pam.d ]; then + install -d ${D}${sysconfdir}/pam.d/ + install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ + # Remove defaults that are not used when supporting PAM. + sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs + fi + + # Enable CREATE_HOME by default. + sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs + + # As we are on an embedded system, ensure the users mailbox is in + # ~/ not /var/spool/mail by default, as who knows where or how big + # /var is. The system MDA will set this later anyway. + sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs + sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs + + # Disable checking emails. + sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs + + # Now we don't have a mail system. Disable mail creation for now. + sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd + sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd + + install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} + for i in passwd chfn newgrp chsh ; do + mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN} + done + + mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN} + mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN} + mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN} + mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN} + + # Ensure we add a suitable securetty file to the package that has + # most common embedded TTYs defined. + if [ ! -z "${SERIAL_CONSOLE}" ]; then + # Our SERIAL_CONSOLE contains a baud rate and sometimes a -L + # option as well. The following pearl :) takes that and converts + # it into newline-separated tty's and appends them into + # securetty. So if a machine has a weird looking console device + # node (e.g. ttyAMA0) that securetty does not know, it will get + # appended to securetty and root logins will be allowed on that + # console. + echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]" >> ${WORKDIR}/securetty + fi + install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty +} + +pkg_postinst_${PN} () { + update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200 + update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200 + update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200 + update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200 + update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200 + update-alternatives --install ${base_bindir}/login login login.${PN} 200 + update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200 + update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200 + + if [ "x$D" != "x" ]; then + exit 1 + fi + + pwconv + grpconv +} + +pkg_prerm_${PN} () { + for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do + update-alternatives --remove $i $i.${PN} + done +} |