summaryrefslogtreecommitdiffstats
path: root/meta-lsb
diff options
context:
space:
mode:
authorKevin Tian <kevin.tian@intel.com>2010-08-06 10:34:29 +0800
committerRichard Purdie <rpurdie@linux.intel.com>2010-08-13 13:36:02 +0100
commitf6535ea12ab7f4d99adbe78919a7ed252175565f (patch)
treefcab0f6719ab5f17d1ce9fdd7ba0e376e418c2ac /meta-lsb
parent44d7c5678f52593d55c23f16d0da6c188734b026 (diff)
downloadpoky-f6535ea12ab7f4d99adbe78919a7ed252175565f.tar.gz
shadow: add new recipe 4.1.4.2
(borrow from OpenEmbedded with below tweaks) Enhance login_defs_pam.sed according to shadow source, to ensuer we don't leave any unknown definitions in /etc/login.defs when pam is enabled no need for --disable-account-tools-setuid which is detected upon pam automatically, and no specific CFLAGS append move shadow site options to generic site files adjust indention RDEPENDS on a list of pam-plugins since they're separately packaged test with both pam enabled and pam disabled. when pam is enabled, tried some same tweak with desired effect. Signed-off-by: Kevin Tian <kevin.tian@intel.com>
Diffstat (limited to 'meta-lsb')
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/login_defs_pam.sed32
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chfn14
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chpasswd4
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chsh19
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/login91
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/newusers4
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/passwd5
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/su60
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/securetty206
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch23
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch27
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch32
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch27
-rw-r--r--meta-lsb/packages/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch102
-rw-r--r--meta-lsb/packages/shadow/shadow.inc121
-rw-r--r--meta-lsb/packages/shadow/shadow_4.1.4.2.bb11
16 files changed, 778 insertions, 0 deletions
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/login_defs_pam.sed b/meta-lsb/packages/shadow/shadow-4.1.4.2/login_defs_pam.sed
new file mode 100644
index 0000000000..0a1f3be4af
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/login_defs_pam.sed
@@ -0,0 +1,32 @@
1/^FAILLOG_ENAB/b comment
2/^LASTLOG_ENAB/b comment
3/^MAIL_CHECK_ENAB/b comment
4/^OBSCURE_CHECKS_ENAB/b comment
5/^PORTTIME_CHECKS_ENAB/b comment
6/^QUOTAS_ENAB/b comment
7/^MOTD_FILE/b comment
8/^FTMP_FILE/b comment
9/^NOLOGINS_FILE/b comment
10/^ENV_HZ/b comment
11/^ENV_TZ/b comment
12/^PASS_MIN_LEN/b comment
13/^SU_WHEEL_ONLY/b comment
14/^CRACKLIB_DICTPATH/b comment
15/^PASS_CHANGE_TRIES/b comment
16/^PASS_ALWAYS_WARN/b comment
17/^PASS_MAX_LEN/b comment
18/^PASS_MIN_LEN/b comment
19/^CHFN_AUTH/b comment
20/^CHSH_AUTH/b comment
21/^ISSUE_FILE/b comment
22/^LOGIN_STRING/b comment
23/^ULIMIT/b comment
24/^ENVIRON_FILE/b comment
25
26b exit
27
28: comment
29 s:^:#:
30
31: exit
32
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chfn b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chfn
new file mode 100644
index 0000000000..baf7698bba
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chfn
@@ -0,0 +1,14 @@
1#
2# The PAM configuration file for the Shadow `chfn' service
3#
4
5# This allows root to change user infomation without being
6# prompted for a password
7auth sufficient pam_rootok.so
8
9# The standard Unix authentication modules, used with
10# NIS (man nsswitch) as well as normal /etc/passwd and
11# /etc/shadow entries.
12auth include common-auth
13account include common-account
14session include common-session
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chpasswd b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chpasswd
new file mode 100644
index 0000000000..9e3efa68ba
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chpasswd
@@ -0,0 +1,4 @@
1# The PAM configuration file for the Shadow 'chpasswd' service
2#
3
4password include common-password
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chsh b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chsh
new file mode 100644
index 0000000000..8fb169f64e
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/chsh
@@ -0,0 +1,19 @@
1#
2# The PAM configuration file for the Shadow `chsh' service
3#
4
5# This will not allow a user to change their shell unless
6# their current one is listed in /etc/shells. This keeps
7# accounts with special shells from changing them.
8auth required pam_shells.so
9
10# This allows root to change user shell without being
11# prompted for a password
12auth sufficient pam_rootok.so
13
14# The standard Unix authentication modules, used with
15# NIS (man nsswitch) as well as normal /etc/passwd and
16# /etc/shadow entries.
17auth include common-auth
18account include common-account
19session include common-session
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/login b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/login
new file mode 100644
index 0000000000..e41eb04ec1
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/login
@@ -0,0 +1,91 @@
1#
2# The PAM configuration file for the Shadow `login' service
3#
4
5# Enforce a minimal delay in case of failure (in microseconds).
6# (Replaces the `FAIL_DELAY' setting from login.defs)
7# Note that other modules may require another minimal delay. (for example,
8# to disable any delay, you should add the nodelay option to pam_unix)
9auth optional pam_faildelay.so delay=3000000
10
11# Outputs an issue file prior to each login prompt (Replaces the
12# ISSUE_FILE option from login.defs). Uncomment for use
13# auth required pam_issue.so issue=/etc/issue
14
15# Disallows root logins except on tty's listed in /etc/securetty
16# (Replaces the `CONSOLE' setting from login.defs)
17# Note that it is included as a "requisite" module. No password prompts will
18# be displayed if this module fails to avoid having the root password
19# transmitted on unsecure ttys.
20# You can change it to a "required" module if you think it permits to
21# guess valid user names of your system (invalid user names are considered
22# as possibly being root).
23auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so
24
25# Disallows other than root logins when /etc/nologin exists
26# (Replaces the `NOLOGINS_FILE' option from login.defs)
27auth requisite pam_nologin.so
28
29# SELinux needs to be the first session rule. This ensures that any
30# lingering context has been cleared. Without out this it is possible
31# that a module could execute code in the wrong domain.
32# When the module is present, "required" would be sufficient (When SELinux
33# is disabled, this returns success.)
34session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
35
36# This module parses environment configuration file(s)
37# and also allows you to use an extended config
38# file /etc/security/pam_env.conf.
39#
40# parsing /etc/environment needs "readenv=1"
41session required pam_env.so readenv=1
42# locale variables are also kept into /etc/default/locale in etch
43# reading this file *in addition to /etc/environment* does not hurt
44session required pam_env.so readenv=1 envfile=/etc/default/locale
45
46# Standard Un*x authentication.
47auth include common-auth
48
49# This allows certain extra groups to be granted to a user
50# based on things like time of day, tty, service, and user.
51# Please edit /etc/security/group.conf to fit your needs
52# (Replaces the `CONSOLE_GROUPS' option in login.defs)
53auth optional pam_group.so
54
55# Uncomment and edit /etc/security/time.conf if you need to set
56# time restrainst on logins.
57# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
58# as well as /etc/porttime)
59# account requisite pam_time.so
60
61# Uncomment and edit /etc/security/access.conf if you need to
62# set access limits.
63# (Replaces /etc/login.access file)
64# account required pam_access.so
65
66# Sets up user limits according to /etc/security/limits.conf
67# (Replaces the use of /etc/limits in old login)
68session required pam_limits.so
69
70# Prints the last login info upon succesful login
71# (Replaces the `LASTLOG_ENAB' option from login.defs)
72session optional pam_lastlog.so
73
74# Prints the motd upon succesful login
75# (Replaces the `MOTD_FILE' option in login.defs)
76session optional pam_motd.so
77
78# Prints the status of the user's mailbox upon succesful login
79# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
80#
81# This also defines the MAIL environment variable
82# However, userdel also needs MAIL_DIR and MAIL_FILE variables
83# in /etc/login.defs to make sure that removing a user
84# also removes the user's mail spool file.
85# See comments in /etc/login.defs
86session optional pam_mail.so standard
87
88# Standard Un*x account and session
89account include common-account
90password include common-password
91session include common-session
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/newusers b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/newusers
new file mode 100644
index 0000000000..4aa3dde48b
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/newusers
@@ -0,0 +1,4 @@
1# The PAM configuration file for the Shadow 'newusers' service
2#
3
4password include common-password
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/passwd b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/passwd
new file mode 100644
index 0000000000..f534992435
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/passwd
@@ -0,0 +1,5 @@
1#
2# The PAM configuration file for the Shadow `passwd' service
3#
4
5password include common-password
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/su b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/su
new file mode 100644
index 0000000000..8e35137f37
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/pam.d/su
@@ -0,0 +1,60 @@
1#
2# The PAM configuration file for the Shadow `su' service
3#
4
5# This allows root to su without passwords (normal operation)
6auth sufficient pam_rootok.so
7
8# Uncomment this to force users to be a member of group root
9# before they can use `su'. You can also add "group=foo"
10# to the end of this line if you want to use a group other
11# than the default "root" (but this may have side effect of
12# denying "root" user, unless she's a member of "foo" or explicitly
13# permitted earlier by e.g. "sufficient pam_rootok.so").
14# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
15# auth required pam_wheel.so
16
17# Uncomment this if you want wheel members to be able to
18# su without a password.
19# auth sufficient pam_wheel.so trust
20
21# Uncomment this if you want members of a specific group to not
22# be allowed to use su at all.
23# auth required pam_wheel.so deny group=nosu
24
25# Uncomment and edit /etc/security/time.conf if you need to set
26# time restrainst on su usage.
27# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
28# as well as /etc/porttime)
29# account requisite pam_time.so
30
31# This module parses environment configuration file(s)
32# and also allows you to use an extended config
33# file /etc/security/pam_env.conf.
34#
35# parsing /etc/environment needs "readenv=1"
36session required pam_env.so readenv=1
37# locale variables are also kept into /etc/default/locale in etch
38# reading this file *in addition to /etc/environment* does not hurt
39session required pam_env.so readenv=1 envfile=/etc/default/locale
40
41# Defines the MAIL environment variable
42# However, userdel also needs MAIL_DIR and MAIL_FILE variables
43# in /etc/login.defs to make sure that removing a user
44# also removes the user's mail spool file.
45# See comments in /etc/login.defs
46#
47# "nopen" stands to avoid reporting new mail when su'ing to another user
48session optional pam_mail.so nopen
49
50# Sets up user limits, please uncomment and read /etc/security/limits.conf
51# to enable this functionality.
52# (Replaces the use of /etc/limits in old login)
53# session required pam_limits.so
54
55# The standard Unix authentication modules, used with
56# NIS (man nsswitch) as well as normal /etc/passwd and
57# /etc/shadow entries.
58auth include common-auth
59account include common-account
60session include common-session
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/securetty b/meta-lsb/packages/shadow/shadow-4.1.4.2/securetty
new file mode 100644
index 0000000000..28fa0afb72
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/securetty
@@ -0,0 +1,206 @@
1# /etc/securetty: list of terminals on which root is allowed to login.
2# See securetty(5) and login(1).
3console
4
5# Standard serial ports
6ttyS0
7ttyS1
8ttyS2
9ttyS3
10
11# Samsung ARM SoCs
12ttySAC0
13ttySAC1
14ttySAC2
15ttySAC3
16
17# TI OMAP SoCs
18ttyO0
19ttyO1
20ttyO2
21ttyO3
22
23# USB dongles
24ttyUSB0
25ttyUSB1
26ttyUSB2
27
28# PowerMac
29ttyPZ0
30ttyPZ1
31ttyPZ2
32ttyPZ3
33
34# Embedded MPC platforms
35ttyPSC0
36ttyPSC1
37ttyPSC2
38ttyPSC3
39ttyPSC4
40ttyPSC5
41
42# PA-RISC mux ports
43ttyB0
44ttyB1
45
46# Standard hypervisor virtual console
47hvc0
48
49# Oldstyle Xen console
50xvc0
51
52# Standard consoles
53tty1
54tty2
55tty3
56tty4
57tty5
58tty6
59tty7
60tty8
61tty9
62tty10
63tty11
64tty12
65tty13
66tty14
67tty15
68tty16
69tty17
70tty18
71tty19
72tty20
73tty21
74tty22
75tty23
76tty24
77tty25
78tty26
79tty27
80tty28
81tty29
82tty30
83tty31
84tty32
85tty33
86tty34
87tty35
88tty36
89tty37
90tty38
91tty39
92tty40
93tty41
94tty42
95tty43
96tty44
97tty45
98tty46
99tty47
100tty48
101tty49
102tty50
103tty51
104tty52
105tty53
106tty54
107tty55
108tty56
109tty57
110tty58
111tty59
112tty60
113tty61
114tty62
115tty63
116
117# Local X displays (allows empty passwords with pam_unix's nullok_secure)
118:0
119:0.0
120:0.1
121:1
122:1.0
123:1.1
124:2
125:2.0
126:2.1
127:3
128:3.0
129:3.1
130
131# Embedded Freescale i.MX ports
132ttymxc0
133ttymxc1
134ttymxc2
135ttymxc3
136ttymxc4
137ttymxc5
138
139# Standard serial ports, with devfs
140tts/0
141tts/1
142
143# Standard consoles, with devfs
144vc/1
145vc/2
146vc/3
147vc/4
148vc/5
149vc/6
150vc/7
151vc/8
152vc/9
153vc/10
154vc/11
155vc/12
156vc/13
157vc/14
158vc/15
159vc/16
160vc/17
161vc/18
162vc/19
163vc/20
164vc/21
165vc/22
166vc/23
167vc/24
168vc/25
169vc/26
170vc/27
171vc/28
172vc/29
173vc/30
174vc/31
175vc/32
176vc/33
177vc/34
178vc/35
179vc/36
180vc/37
181vc/38
182vc/39
183vc/40
184vc/41
185vc/42
186vc/43
187vc/44
188vc/45
189vc/46
190vc/47
191vc/48
192vc/49
193vc/50
194vc/51
195vc/52
196vc/53
197vc/54
198vc/55
199vc/56
200vc/57
201vc/58
202vc/59
203vc/60
204vc/61
205vc/62
206vc/63
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch
new file mode 100644
index 0000000000..7a2ff2e24e
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.3-dots-in-usernames.patch
@@ -0,0 +1,23 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12Index: shadow-4.1.4.2/libmisc/chkname.c
13===================================================================
14--- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700
15+++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700
16@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n
17 ( ('0' <= *name) && ('9' >= *name) ) ||
18 ('_' == *name) ||
19 ('-' == *name) ||
20+ ('.' == *name) ||
21 ( ('$' == *name) && ('\0' == *(name + 1)) )
22 )) {
23 return false;
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch
new file mode 100644
index 0000000000..124065c7f9
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-env-reset-keep-locale.patch
@@ -0,0 +1,27 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12http://bugs.gentoo.org/283725
13https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480
14
15Index: shadow-4.1.4.2/libmisc/env.c
16===================================================================
17--- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700
18+++ shadow-4.1.4.2/libmisc/env.c 2010-06-03 17:44:51.456408474 -0700
19@@ -251,7 +251,7 @@ void sanitize_env (void)
20 if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
21 continue;
22 }
23- if (strchr (*cur, '/') != NULL) {
24+ if (strchr (*cur, '/') == NULL) {
25 continue; /* OK */
26 }
27 for (move = cur; NULL != *move; move++) {
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch
new file mode 100644
index 0000000000..6682fe8078
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-groupmod-pam-check.patch
@@ -0,0 +1,32 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12http://bugs.gentoo.org/300790
13http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
14
152009-11-05 Nicolas François <nicolas.francois@centraliens.net>
16
17 * NEWS, src/groupmod.c: Fixed groupmod when configured with
18 --enable-account-tools-setuid.
19
20Index: shadow-4.1.4.2/src/groupmod.c
21===================================================================
22--- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700
23+++ shadow-4.1.4.2/src/groupmod.c 2010-06-03 17:45:43.828952613 -0700
24@@ -720,7 +720,7 @@ int main (int argc, char **argv)
25 {
26 struct passwd *pampw;
27 pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
28- if (NULL == pamh) {
29+ if (NULL == pampw) {
30 fprintf (stderr,
31 _("%s: Cannot determine your user name.\n"),
32 Prog);
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch
new file mode 100644
index 0000000000..f67251c840
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow-4.1.4.2-su_no_sanitize_env.patch
@@ -0,0 +1,27 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12http://bugs.gentoo.org/show_bug.cgi?id=301957
13https://alioth.debian.org/scm/browser.php?group_id=30580
14
15Index: shadow-4.1.4.2/src/su.c
16===================================================================
17--- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700
18+++ shadow-4.1.4.2/src/su.c 2010-06-03 17:46:47.718944010 -0700
19@@ -378,7 +378,7 @@ int main (int argc, char **argv)
20 #endif
21 #endif /* !USE_PAM */
22
23- sanitize_env ();
24+ /* sanitize_env (); */
25
26 (void) setlocale (LC_ALL, "");
27 (void) bindtextdomain (PACKAGE, LOCALEDIR);
diff --git a/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch
new file mode 100644
index 0000000000..36d7be6fd0
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow-4.1.4.2/shadow.automake-1.11.patch
@@ -0,0 +1,102 @@
1# patch is from openembedded:
2# commit 2db61370333f7a2fc1dbb86385734883387e0217
3# Author: Martin Jansa <Martin.Jansa@gmail.com>
4# Date: Fri Apr 2 07:34:46 2010 +0200
5#
6# shadow: fix do_install with automake-1.11
7#
8# Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>
11
12man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice
13
14diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am
15--- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100
16+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200
17@@ -163,7 +163,6 @@
18 $(man_MANS) \
19 $(man_XMANS) \
20 $(addprefix login.defs.d/,$(login_defs_v)) \
21- $(man_nopam) \
22 id.1 \
23 id.1.xml \
24 sulogin.8 \
25diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am
26--- shadow-4.1.4.2.orig/man/fr/Makefile.am 2008-09-06 18:44:45.000000000 +0200
27+++ shadow-4.1.4.2/man/fr/Makefile.am 2010-04-02 07:42:11.000000000 +0200
28@@ -52,7 +52,6 @@
29
30 EXTRA_DIST = \
31 $(man_MANS) \
32- $(man_nopam) \
33 id.1
34
35 include ../generate_translations.mak
36diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am
37--- shadow-4.1.4.2.orig/man/it/Makefile.am 2008-09-06 18:44:45.000000000 +0200
38+++ shadow-4.1.4.2/man/it/Makefile.am 2010-04-02 07:42:20.000000000 +0200
39@@ -46,7 +46,6 @@
40
41 EXTRA_DIST = \
42 $(man_MANS) \
43- $(man_nopam) \
44 id.1 \
45 logoutd.8
46
47diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am
48--- shadow-4.1.4.2.orig/man/ja/Makefile.am 2007-12-31 17:48:28.000000000 +0100
49+++ shadow-4.1.4.2/man/ja/Makefile.am 2010-04-02 07:42:17.000000000 +0200
50@@ -49,7 +49,6 @@
51
52 EXTRA_DIST = \
53 $(man_MANS) \
54- $(man_nopam) \
55 id.1 \
56 shadow.3 \
57 sulogin.8
58diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am
59--- shadow-4.1.4.2.orig/man/pl/Makefile.am 2008-09-06 18:44:45.000000000 +0200
60+++ shadow-4.1.4.2/man/pl/Makefile.am 2010-04-02 07:42:07.000000000 +0200
61@@ -49,7 +49,6 @@
62
63 EXTRA_DIST = \
64 $(man_MANS) \
65- $(man_nopam) \
66 getspnam.3 \
67 id.1 \
68 shadow.3 \
69diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am
70--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:39:00.000000000 +0200
71+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:42:01.000000000 +0200
72@@ -54,7 +54,6 @@
73
74 EXTRA_DIST = \
75 $(man_MANS) \
76- $(man_nopam) \
77 id.1 \
78 sulogin.8
79
80diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am
81--- shadow-4.1.4.2.orig/man/sv/Makefile.am 2008-09-06 18:44:45.000000000 +0200
82+++ shadow-4.1.4.2/man/sv/Makefile.am 2010-04-02 07:42:24.000000000 +0200
83@@ -53,8 +53,7 @@
84 endif
85
86 EXTRA_DIST = \
87- $(man_MANS) \
88- $(man_nopam)
89+ $(man_MANS)
90
91 include ../generate_translations.mak
92
93--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:54:09.000000000 +0200
94+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:51:57.000000000 +0200
95@@ -1,7 +1,6 @@
96 mandir = @mandir@/ru
97
98 man_MANS = \
99- $(man_nopam) \
100 chage.1 \
101 chfn.1 \
102 chgpasswd.8 \
diff --git a/meta-lsb/packages/shadow/shadow.inc b/meta-lsb/packages/shadow/shadow.inc
new file mode 100644
index 0000000000..fcbcb3eb75
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow.inc
@@ -0,0 +1,121 @@
1DESCRIPTION = "Tools to change and administer password and group data."
2HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
3BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
4SECTION = "base utils"
5LICENSE = "BSD | Artistic"
6LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
7 file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe"
8
9PAM_PLUGINS = " libpam-runtime \
10 pam-plugin-faildelay \
11 pam-plugin-securetty \
12 pam-plugin-nologin \
13 pam-plugin-env \
14 pam-plugin-group \
15 pam-plugin-limits \
16 pam-plugin-lastlog \
17 pam-plugin-motd \
18 pam-plugin-mail \
19 pam-plugin-shells \
20 pam-plugin-rootok"
21
22DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
23RDEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
24
25# since we deduce from ${SERIAL_CONSOLE}
26PACKAGE_ARCH = "${MACHINE_ARCH}"
27
28# Additional Policy files for PAM
29PAM_SRC_URI = "file://pam.d/chfn \
30 file://pam.d/chpasswd \
31 file://pam.d/chsh \
32 file://pam.d/login \
33 file://pam.d/newusers \
34 file://pam.d/passwd \
35 file://pam.d/su"
36
37SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
38 file://login_defs_pam.sed \
39 ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
40 file://securetty"
41
42inherit autotools gettext
43
44EXTRA_OECONF += "--without-audit \
45 --without-libcrack \
46 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
47 --without-selinux"
48
49do_install_append() {
50 # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
51 # reconfigures Shadow to default (see sed below).
52 install -d ${D}${localstatedir}/spool/mail
53
54 if [ -e ${WORKDIR}/pam.d ]; then
55 install -d ${D}${sysconfdir}/pam.d/
56 install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
57 # Remove defaults that are not used when supporting PAM
58 sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
59 fi
60
61 # Enable CREATE_HOME by default.
62 sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
63
64 # As we are on an embedded system ensure the users mailbox is in ~/ not
65 # /var/spool/mail by default as who knows where or how big /var is.
66 # The system MDA will set this later anyway.
67 sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
68 sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
69
70 # disable checking emails at all
71 sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
72
73 # now we don't have a mail system. disable mail creation for now
74 sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
75 sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
76
77 install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
78 for i in passwd chfn newgrp chsh ; do
79 mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN}
80 done
81
82 mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
83 mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN}
84 mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN}
85 mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN}
86
87 # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
88 if [ ! -z "${SERIAL_CONSOLE}" ]; then
89 # our SERIAL_CONSOLE contains baud rate too and sometime -L option as well.
90 # the following pearl :) takes that and converts it into newline sepated tty's and appends
91 # them into securetty. So if a machine has a weird looking console device node (e.g. ttyAMA0) that securetty
92 # does not know then it will get appended to securetty and root login will be allowed on
93 # that console.
94 echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]" >> ${WORKDIR}/securetty
95 fi
96 install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
97}
98
99pkg_postinst_${PN} () {
100 update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200
101 update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200
102 update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200
103 update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200
104 update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200
105 update-alternatives --install ${base_bindir}/login login login.${PN} 200
106 update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200
107 update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200
108
109 if [ "x$D" != "x" ]; then
110 exit 1
111 fi
112
113 pwconv
114 grpconv
115}
116
117pkg_prerm_${PN} () {
118 for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do
119 update-alternatives --remove $i $i.${PN}
120 done
121}
diff --git a/meta-lsb/packages/shadow/shadow_4.1.4.2.bb b/meta-lsb/packages/shadow/shadow_4.1.4.2.bb
new file mode 100644
index 0000000000..bc00c099bf
--- /dev/null
+++ b/meta-lsb/packages/shadow/shadow_4.1.4.2.bb
@@ -0,0 +1,11 @@
1require shadow.inc
2
3PR = "r0"
4
5SRC_URI += "file://shadow.automake-1.11.patch \
6 file://shadow-4.1.3-dots-in-usernames.patch \
7 file://shadow-4.1.4.2-env-reset-keep-locale.patch \
8 file://shadow-4.1.4.2-groupmod-pam-check.patch \
9 file://shadow-4.1.4.2-su_no_sanitize_env.patch"
10
11EXTRA_OECONF_libc-uclibc += " --with-nscd=no "