diff options
author | Alexander Kanavin <alex.kanavin@gmail.com> | 2020-12-28 21:04:25 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-12-31 11:53:26 +0000 |
commit | b0384720a46fb25c4ad180e3f256ffdeb53dc8a6 (patch) | |
tree | cdd8ae2541d6492d07d833cd9c27472b44741a98 /meta/recipes-extended/pam/libpam_1.5.1.bb | |
parent | 8df315fcf67270572891dec9c4aa94fbacdf58bd (diff) | |
download | poky-b0384720a46fb25c4ad180e3f256ffdeb53dc8a6.tar.gz |
libpam: update 1.3.1 -> 1.5.1
Remove crypt_configure.patch, issue fixed upstream.
Remove pam-security-abstract-securetty-handling.patch and
pam-unix-nullok-secure.patch, patches coming from debian,
difficult to rebase, and their purpose is unclear.
Disable doc generation, as libpam messes up native and target
compiler options.
Adjust dependencies and packaging.
(From OE-Core rev: 43e3d014748b1ccff25c232b1e6d9345859c0f29)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/pam/libpam_1.5.1.bb')
-rw-r--r-- | meta/recipes-extended/pam/libpam_1.5.1.bb | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam_1.5.1.bb b/meta/recipes-extended/pam/libpam_1.5.1.bb new file mode 100644 index 0000000000..6af1d43c60 --- /dev/null +++ b/meta/recipes-extended/pam/libpam_1.5.1.bb | |||
@@ -0,0 +1,165 @@ | |||
1 | DISABLE_STATIC = "" | ||
2 | SUMMARY = "Linux-PAM (Pluggable Authentication Modules)" | ||
3 | DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users" | ||
4 | HOMEPAGE = "https://fedorahosted.org/linux-pam/" | ||
5 | BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket" | ||
6 | SECTION = "base" | ||
7 | # PAM is dual licensed under GPL and BSD. | ||
8 | # /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time | ||
9 | # libpam-runtime-1.0.1 is GPLv2+), by openembedded | ||
10 | LICENSE = "GPLv2+ | BSD" | ||
11 | LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \ | ||
12 | file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \ | ||
13 | " | ||
14 | |||
15 | SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux-PAM-${PV}.tar.xz \ | ||
16 | file://99_pam \ | ||
17 | file://pam.d/common-account \ | ||
18 | file://pam.d/common-auth \ | ||
19 | file://pam.d/common-password \ | ||
20 | file://pam.d/common-session \ | ||
21 | file://pam.d/common-session-noninteractive \ | ||
22 | file://pam.d/other \ | ||
23 | file://libpam-xtests.patch \ | ||
24 | file://0001-modules-pam_namespace-Makefile.am-correctly-install-.patch \ | ||
25 | " | ||
26 | |||
27 | SRC_URI[sha256sum] = "201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc" | ||
28 | |||
29 | SRC_URI_append_libc-musl = " file://0001-Add-support-for-defining-missing-funcitonality.patch \ | ||
30 | file://include_paths_header.patch \ | ||
31 | " | ||
32 | |||
33 | DEPENDS = "bison-native flex flex-native cracklib libxml2-native virtual/crypt" | ||
34 | |||
35 | EXTRA_OECONF = "--includedir=${includedir}/security \ | ||
36 | --libdir=${base_libdir} \ | ||
37 | --disable-nis \ | ||
38 | --disable-regenerate-docu \ | ||
39 | --disable-doc \ | ||
40 | --disable-prelude" | ||
41 | |||
42 | CFLAGS_append = " -fPIC " | ||
43 | |||
44 | S = "${WORKDIR}/Linux-PAM-${PV}" | ||
45 | |||
46 | inherit autotools gettext pkgconfig systemd | ||
47 | |||
48 | PACKAGECONFIG ??= "" | ||
49 | PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit," | ||
50 | PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db," | ||
51 | |||
52 | PACKAGES += "${PN}-runtime ${PN}-xtests" | ||
53 | FILES_${PN} = "${base_libdir}/lib*${SOLIBS}" | ||
54 | FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}" | ||
55 | FILES_${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}" | ||
56 | FILES_${PN}-xtests = "${datadir}/Linux-PAM/xtests" | ||
57 | |||
58 | PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*" | ||
59 | |||
60 | def get_multilib_bit(d): | ||
61 | baselib = d.getVar('baselib') or '' | ||
62 | return baselib.replace('lib', '') | ||
63 | |||
64 | libpam_suffix = "suffix${@get_multilib_bit(d)}" | ||
65 | |||
66 | RPROVIDES_${PN} += "${PN}-${libpam_suffix}" | ||
67 | RPROVIDES_${PN}-runtime += "${PN}-runtime-${libpam_suffix}" | ||
68 | |||
69 | RDEPENDS_${PN}-runtime = "${PN}-${libpam_suffix} \ | ||
70 | ${MLPREFIX}pam-plugin-deny-${libpam_suffix} \ | ||
71 | ${MLPREFIX}pam-plugin-permit-${libpam_suffix} \ | ||
72 | ${MLPREFIX}pam-plugin-warn-${libpam_suffix} \ | ||
73 | ${MLPREFIX}pam-plugin-unix-${libpam_suffix} \ | ||
74 | " | ||
75 | RDEPENDS_${PN}-xtests = "${PN}-${libpam_suffix} \ | ||
76 | ${MLPREFIX}pam-plugin-access-${libpam_suffix} \ | ||
77 | ${MLPREFIX}pam-plugin-debug-${libpam_suffix} \ | ||
78 | ${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \ | ||
79 | ${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \ | ||
80 | ${MLPREFIX}pam-plugin-time-${libpam_suffix} \ | ||
81 | bash coreutils" | ||
82 | |||
83 | # FIXME: Native suffix breaks here, disable it for now | ||
84 | RRECOMMENDS_${PN} = "${PN}-runtime-${libpam_suffix}" | ||
85 | RRECOMMENDS_${PN}_class-native = "" | ||
86 | |||
87 | python populate_packages_prepend () { | ||
88 | def pam_plugin_append_file(pn, dir, file): | ||
89 | nf = os.path.join(dir, file) | ||
90 | of = d.getVar('FILES_' + pn) | ||
91 | if of: | ||
92 | nf = of + " " + nf | ||
93 | d.setVar('FILES_' + pn, nf) | ||
94 | |||
95 | def pam_plugin_hook(file, pkg, pattern, format, basename): | ||
96 | pn = d.getVar('PN') | ||
97 | libpam_suffix = d.getVar('libpam_suffix') | ||
98 | |||
99 | rdeps = d.getVar('RDEPENDS_' + pkg) | ||
100 | if rdeps: | ||
101 | rdeps = rdeps + " " + pn + "-" + libpam_suffix | ||
102 | else: | ||
103 | rdeps = pn + "-" + libpam_suffix | ||
104 | d.setVar('RDEPENDS_' + pkg, rdeps) | ||
105 | |||
106 | provides = d.getVar('RPROVIDES_' + pkg) | ||
107 | if provides: | ||
108 | provides = provides + " " + pkg + "-" + libpam_suffix | ||
109 | else: | ||
110 | provides = pkg + "-" + libpam_suffix | ||
111 | d.setVar('RPROVIDES_' + pkg, provides) | ||
112 | |||
113 | mlprefix = d.getVar('MLPREFIX') or '' | ||
114 | dvar = d.expand('${WORKDIR}/package') | ||
115 | pam_libdir = d.expand('${base_libdir}/security') | ||
116 | pam_sbindir = d.expand('${sbindir}') | ||
117 | pam_filterdir = d.expand('${base_libdir}/security/pam_filter') | ||
118 | pam_pkgname = mlprefix + 'pam-plugin%s' | ||
119 | |||
120 | do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname, | ||
121 | 'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='') | ||
122 | pam_plugin_append_file('%spam-plugin-unix' % mlprefix, pam_sbindir, 'unix_chkpwd') | ||
123 | pam_plugin_append_file('%spam-plugin-unix' % mlprefix, pam_sbindir, 'unix_update') | ||
124 | pam_plugin_append_file('%spam-plugin-tally' % mlprefix, pam_sbindir, 'pam_tally') | ||
125 | pam_plugin_append_file('%spam-plugin-tally2' % mlprefix, pam_sbindir, 'pam_tally2') | ||
126 | pam_plugin_append_file('%spam-plugin-timestamp' % mlprefix, pam_sbindir, 'pam_timestamp_check') | ||
127 | pam_plugin_append_file('%spam-plugin-mkhomedir' % mlprefix, pam_sbindir, 'mkhomedir_helper') | ||
128 | pam_plugin_append_file('%spam-plugin-console' % mlprefix, pam_sbindir, 'pam_console_apply') | ||
129 | do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='') | ||
130 | } | ||
131 | |||
132 | do_install() { | ||
133 | autotools_do_install | ||
134 | |||
135 | # don't install /var/run when populating rootfs. Do it through volatile | ||
136 | rm -rf ${D}${localstatedir} | ||
137 | install -d ${D}${sysconfdir}/default/volatiles | ||
138 | install -m 0644 ${WORKDIR}/99_pam ${D}${sysconfdir}/default/volatiles | ||
139 | |||
140 | install -d ${D}${sysconfdir}/pam.d/ | ||
141 | install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ | ||
142 | |||
143 | # The lsb requires unix_chkpwd has setuid permission | ||
144 | chmod 4755 ${D}${sbindir}/unix_chkpwd | ||
145 | |||
146 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then | ||
147 | echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session | ||
148 | fi | ||
149 | } | ||
150 | |||
151 | inherit features_check | ||
152 | REQUIRED_DISTRO_FEATURES = "pam" | ||
153 | |||
154 | BBCLASSEXTEND = "nativesdk native" | ||
155 | |||
156 | CONFFILES_${PN}-runtime += "${sysconfdir}/pam.d/common-session" | ||
157 | CONFFILES_${PN}-runtime += "${sysconfdir}/pam.d/common-auth" | ||
158 | CONFFILES_${PN}-runtime += "${sysconfdir}/pam.d/common-password" | ||
159 | CONFFILES_${PN}-runtime += "${sysconfdir}/pam.d/common-session-noninteractive" | ||
160 | CONFFILES_${PN}-runtime += "${sysconfdir}/pam.d/common-account" | ||
161 | CONFFILES_${PN}-runtime += "${sysconfdir}/security/limits.conf" | ||
162 | |||
163 | UPSTREAM_CHECK_URI = "https://github.com/linux-pam/linux-pam/releases" | ||
164 | |||
165 | CVE_PRODUCT = "linux-pam" | ||