summaryrefslogtreecommitdiff
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/packages/libcap/libcap.inc3
-rw-r--r--meta/packages/libcap/libcap_2.19.bb2
-rw-r--r--meta/packages/pam/libpam-1.1.1/99_pam (renamed from meta/packages/pam/pam-1.1.1/99_pam)0
-rw-r--r--meta/packages/pam/libpam-1.1.1/disable_crossbinary.patch (renamed from meta/packages/pam/pam-1.1.1/disable_crossbinary.patch)0
-rw-r--r--meta/packages/pam/libpam-1.1.1/pam.d/common-account25
-rw-r--r--meta/packages/pam/libpam-1.1.1/pam.d/common-auth18
-rw-r--r--meta/packages/pam/libpam-1.1.1/pam.d/common-password26
-rw-r--r--meta/packages/pam/libpam-1.1.1/pam.d/common-session19
-rw-r--r--meta/packages/pam/libpam-1.1.1/pam.d/common-session-noninteractive19
-rw-r--r--meta/packages/pam/libpam-1.1.1/pam.d/other27
-rw-r--r--meta/packages/pam/libpam_1.1.1.bb77
-rw-r--r--meta/packages/polkit/polkit_0.96.bb6
12 files changed, 216 insertions, 6 deletions
diff --git a/meta/packages/libcap/libcap.inc b/meta/packages/libcap/libcap.inc
index 7bdecd78a..16eaae690 100644
--- a/meta/packages/libcap/libcap.inc
+++ b/meta/packages/libcap/libcap.inc
@@ -5,8 +5,7 @@ HOMEPAGE = "http://sites.google.com/site/fullycapable/"
LICENSE = "BSD | GPL"
LIC_FILES_CHKSUM = "file://License;md5=731de803c1ccbcb05a9b3523279c8d7f"
-DEPENDS = "pam attr perl-native"
-PR = "r0"
+DEPENDS = "libpam attr perl-native"
SRC_URI = "${KERNELORG_MIRROR}/pub/linux/libs/security/linux-privs/libcap2/${BPN}-${PV}.tar.bz2"
diff --git a/meta/packages/libcap/libcap_2.19.bb b/meta/packages/libcap/libcap_2.19.bb
index 474d06056..eb861535e 100644
--- a/meta/packages/libcap/libcap_2.19.bb
+++ b/meta/packages/libcap/libcap_2.19.bb
@@ -1,3 +1,3 @@
require libcap.inc
-PR = "r0"
+PR = "r1"
diff --git a/meta/packages/pam/pam-1.1.1/99_pam b/meta/packages/pam/libpam-1.1.1/99_pam
index 97e990d10..97e990d10 100644
--- a/meta/packages/pam/pam-1.1.1/99_pam
+++ b/meta/packages/pam/libpam-1.1.1/99_pam
diff --git a/meta/packages/pam/pam-1.1.1/disable_crossbinary.patch b/meta/packages/pam/libpam-1.1.1/disable_crossbinary.patch
index 43359b08f..43359b08f 100644
--- a/meta/packages/pam/pam-1.1.1/disable_crossbinary.patch
+++ b/meta/packages/pam/libpam-1.1.1/disable_crossbinary.patch
diff --git a/meta/packages/pam/libpam-1.1.1/pam.d/common-account b/meta/packages/pam/libpam-1.1.1/pam.d/common-account
new file mode 100644
index 000000000..316b17337
--- /dev/null
+++ b/meta/packages/pam/libpam-1.1.1/pam.d/common-account
@@ -0,0 +1,25 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system. The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
+# here's the fallback if no module succeeds
+account requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
diff --git a/meta/packages/pam/libpam-1.1.1/pam.d/common-auth b/meta/packages/pam/libpam-1.1.1/pam.d/common-auth
new file mode 100644
index 000000000..460b69f19
--- /dev/null
+++ b/meta/packages/pam/libpam-1.1.1/pam.d/common-auth
@@ -0,0 +1,18 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
+# traditional Unix authentication mechanisms.
+
+# here are the per-package modules (the "Primary" block)
+auth [success=1 default=ignore] pam_unix.so nullok_secure
+# here's the fallback if no module succeeds
+auth requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
diff --git a/meta/packages/pam/libpam-1.1.1/pam.d/common-password b/meta/packages/pam/libpam-1.1.1/pam.d/common-password
new file mode 100644
index 000000000..389605732
--- /dev/null
+++ b/meta/packages/pam/libpam-1.1.1/pam.d/common-password
@@ -0,0 +1,26 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords. The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords. Without this option,
+# the default is Unix crypt. Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# here are the per-package modules (the "Primary" block)
+password [success=1 default=ignore] pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
diff --git a/meta/packages/pam/libpam-1.1.1/pam.d/common-session b/meta/packages/pam/libpam-1.1.1/pam.d/common-session
new file mode 100644
index 000000000..a594dd9d9
--- /dev/null
+++ b/meta/packages/pam/libpam-1.1.1/pam.d/common-session
@@ -0,0 +1,19 @@
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+#
+
+# here are the per-package modules (the "Primary" block)
+session [default=1] pam_permit.so
+# here's the fallback if no module succeeds
+session requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session required pam_unix.so
diff --git a/meta/packages/pam/libpam-1.1.1/pam.d/common-session-noninteractive b/meta/packages/pam/libpam-1.1.1/pam.d/common-session-noninteractive
new file mode 100644
index 000000000..b110bb2b4
--- /dev/null
+++ b/meta/packages/pam/libpam-1.1.1/pam.d/common-session-noninteractive
@@ -0,0 +1,19 @@
+#
+# /etc/pam.d/common-session-noninteractive - session-related modules
+# common to all non-interactive services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of all non-interactive sessions.
+#
+
+# here are the per-package modules (the "Primary" block)
+session [default=1] pam_permit.so
+# here's the fallback if no module succeeds
+session requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+session required pam_unix.so
diff --git a/meta/packages/pam/libpam-1.1.1/pam.d/other b/meta/packages/pam/libpam-1.1.1/pam.d/other
new file mode 100644
index 000000000..6e40cd0c0
--- /dev/null
+++ b/meta/packages/pam/libpam-1.1.1/pam.d/other
@@ -0,0 +1,27 @@
+#
+# /etc/pam.d/other - specify the PAM fallback behaviour
+#
+# Note that this file is used for any unspecified service; for example
+#if /etc/pam.d/cron specifies no session modules but cron calls
+#pam_open_session, the session module out of /etc/pam.d/other is
+#used.
+
+#If you really want nothing to happen then use pam_permit.so or
+#pam_deny.so as appropriate.
+
+# We use pam_warn.so to generate syslog notes that the 'other'
+#fallback rules are being used (as a hint to suggest you should setup
+#specific PAM rules for the service and aid to debugging). We then
+#fall back to the system default in /etc/pam.d/common-*
+
+auth required pam_warn.so
+auth include common-auth
+
+account required pam_warn.so
+account include common-account
+
+password required pam_warn.so
+password include common-password
+
+session required pam_warn.so
+session include common-session
diff --git a/meta/packages/pam/libpam_1.1.1.bb b/meta/packages/pam/libpam_1.1.1.bb
new file mode 100644
index 000000000..12c417227
--- /dev/null
+++ b/meta/packages/pam/libpam_1.1.1.bb
@@ -0,0 +1,77 @@
+DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), Basically, it is a flexible mechanism for authenticating users"
+HOMEPAGE = "http://www.kernel.org/pub/linux/libs/pam/"
+BUGTRACKER = "http://sourceforge.net/projects/pam/support"
+# PAM allows dual licensed under GPL and BSD.
+# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
+# libpam-runtime-1.0.1 is GPLv2+), by openembedded
+LICENSE = "GPLv2+ | BSD"
+PR = "r0"
+
+DEPENDS = "bison flex"
+RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
+RRECOMMENDS_${PN} = "libpam-runtime"
+
+SRC_URI = "http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \
+ file://disable_crossbinary.patch \
+ file://99_pam \
+ file://pam.d/*"
+
+EXTRA_OECONF = "--with-db-uniquename=_pam \
+ --includedir=${includedir}/security \
+ --libdir=${base_libdir} \
+ --disable-regenerate-docu"
+CFLAGS_append = " -fPIC "
+
+S = "${WORKDIR}/Linux-PAM-${PV}"
+
+inherit autotools gettext
+
+PACKAGES += "${PN}-runtime"
+FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
+FILES_${PN}-dbg += "${base_libdir}/security/.debug \
+ ${base_libdir}/security/pam_filter/.debug"
+FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
+FILES_${PN}-runtime = "${sysconfdir}"
+
+PACKAGES_DYNAMIC += " pam-plugin-*"
+
+python populate_packages_prepend () {
+ import os.path
+
+ def pam_plugin_append_file(pn, dir, file):
+ nf = os.path.join(dir, file)
+ of = bb.data.getVar('FILES_' + pn, d, True)
+ if of:
+ nf = of + " " + nf
+ bb.data.setVar('FILES_' + pn, nf, d)
+
+ dvar = bb.data.expand('${WORKDIR}/package', d, True)
+ pam_libdir = bb.data.expand('${base_libdir}/security', d)
+ pam_sbindir = bb.data.expand('${sbindir}', d)
+ pam_filterdir = bb.data.expand('${base_libdir}/security/pam_filter', d)
+
+ do_split_packages(d, pam_libdir, '^pam(.*)\.so$', 'pam-plugin%s', 'PAM plugin for %s', extra_depends='')
+ pam_plugin_append_file('pam-plugin-unix', pam_sbindir, 'unix_chkpwd')
+ pam_plugin_append_file('pam-plugin-unix', pam_sbindir, 'unix_update')
+ pam_plugin_append_file('pam-plugin-tally', pam_sbindir, 'pam_tally')
+ pam_plugin_append_file('pam-plugin-tally2', pam_sbindir, 'pam_tally2')
+ pam_plugin_append_file('pam-plugin-timestamp', pam_sbindir, 'pam_timestamp_check')
+ pam_plugin_append_file('pam-plugin-mkhomedir', pam_sbindir, 'mkhomedir_helper')
+ do_split_packages(d, pam_filterdir, '^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
+}
+
+do_install() {
+ autotools_do_install
+
+ # don't install /var/run when populating rootfs. Do it through volatile
+ rm -rf ${D}/var
+ install -d ${D}${sysconfdir}/default/volatiles
+ install -m 0644 ${WORKDIR}/99_pam ${D}/etc/default/volatiles
+
+ install -d ${D}${sysconfdir}/pam.d/
+ install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+}
+
+pkg_postinst_${PN} () {
+ /etc/init.d/populate-volatile.sh update
+}
diff --git a/meta/packages/polkit/polkit_0.96.bb b/meta/packages/polkit/polkit_0.96.bb
index e17dc93f8..e6e030b19 100644
--- a/meta/packages/polkit/polkit_0.96.bb
+++ b/meta/packages/polkit/polkit_0.96.bb
@@ -6,9 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
file://docs/polkit/html/license.html;md5=4c17ef1587e0f096c82157160d4e340e"
SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz"
-PR="r1"
-DEPENDS = "pam expat dbus-glib eggdbus intltool"
-RDEPENDS = "pam"
+PR = "r2"
+DEPENDS = "libpam expat dbus-glib eggdbus intltool"
+RDEPENDS = "libpam"
EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
inherit autotools pkgconfig