summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow
diff options
context:
space:
mode:
authorScott Garman <scott.a.garman@intel.com>2011-06-03 10:33:09 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2011-06-06 15:58:41 +0100
commit109aa5c860fa5ba453e2add8fc18096774a40e39 (patch)
tree8424f57a7688746a4c954ecd927cf06fe0471059 /meta/recipes-extended/shadow
parent1b817aa64a16ee9b6f13dc090a8c332e6afc9215 (diff)
downloadpoky-109aa5c860fa5ba453e2add8fc18096774a40e39.tar.gz
shadow: recipe and patch cleanup
Taking over maintenance of the shadow recipe. Cleaning it up in preparation of adding a -native version that will be used to add users/groups during preinstall. (From OE-Core rev: 254ca8c1667b8d35914555714239a09bfb4f43be) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/shadow')
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch4
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch4
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch4
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch4
-rw-r--r--meta/recipes-extended/shadow/files/shadow.automake-1.11.patch4
-rw-r--r--meta/recipes-extended/shadow/shadow.inc123
-rw-r--r--meta/recipes-extended/shadow/shadow_4.1.4.3.bb139
7 files changed, 151 insertions, 131 deletions
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
index 7a2ff2e24e..a7bb0a9290 100644
--- a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
@@ -9,6 +9,10 @@
9# 9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11 11
12Upstream-Status: Pending
13
14Signed-off-by: Scott Garman <scott.a.garman@intel.com>
15
12Index: shadow-4.1.4.2/libmisc/chkname.c 16Index: shadow-4.1.4.2/libmisc/chkname.c
13=================================================================== 17===================================================================
14--- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700 18--- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
index 124065c7f9..651474674b 100644
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
@@ -12,6 +12,10 @@
12http://bugs.gentoo.org/283725 12http://bugs.gentoo.org/283725
13https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480 13https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480
14 14
15Upstream-Status: Pending
16
17Signed-off-by: Scott Garman <scott.a.garman@intel.com>
18
15Index: shadow-4.1.4.2/libmisc/env.c 19Index: shadow-4.1.4.2/libmisc/env.c
16=================================================================== 20===================================================================
17--- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700 21--- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
index 6682fe8078..640200b796 100644
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
@@ -17,6 +17,10 @@ http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.h
17 * NEWS, src/groupmod.c: Fixed groupmod when configured with 17 * NEWS, src/groupmod.c: Fixed groupmod when configured with
18 --enable-account-tools-setuid. 18 --enable-account-tools-setuid.
19 19
20Upstream-Status: Pending
21
22Signed-off-by: Scott Garman <scott.a.garman@intel.com>
23
20Index: shadow-4.1.4.2/src/groupmod.c 24Index: shadow-4.1.4.2/src/groupmod.c
21=================================================================== 25===================================================================
22--- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700 26--- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
index f67251c840..0dc4d75b97 100644
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
+++ b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
@@ -12,6 +12,10 @@
12http://bugs.gentoo.org/show_bug.cgi?id=301957 12http://bugs.gentoo.org/show_bug.cgi?id=301957
13https://alioth.debian.org/scm/browser.php?group_id=30580 13https://alioth.debian.org/scm/browser.php?group_id=30580
14 14
15Upstream-Status: Pending
16
17Signed-off-by: Scott Garman <scott.a.garman@intel.com>
18
15Index: shadow-4.1.4.2/src/su.c 19Index: shadow-4.1.4.2/src/su.c
16=================================================================== 20===================================================================
17--- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700 21--- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700
diff --git a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
index 36d7be6fd0..a793f09a4e 100644
--- a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
+++ b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
@@ -11,6 +11,10 @@
11 11
12man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice 12man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice
13 13
14Upstream-Status: Pending
15
16Signed-off-by: Scott Garman <scott.a.garman@intel.com>
17
14diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am 18diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am
15--- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100 19--- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100
16+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200 20+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
deleted file mode 100644
index 35bd6a881b..0000000000
--- a/meta/recipes-extended/shadow/shadow.inc
+++ /dev/null
@@ -1,123 +0,0 @@
1DESCRIPTION = "Tools to change and administer password and group data."
2HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
3BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
4SECTION = "base utils"
5LICENSE = "BSD | Artistic"
6LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
7 file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe"
8
9PR = "r1"
10
11PAM_PLUGINS = " libpam-runtime \
12 pam-plugin-faildelay \
13 pam-plugin-securetty \
14 pam-plugin-nologin \
15 pam-plugin-env \
16 pam-plugin-group \
17 pam-plugin-limits \
18 pam-plugin-lastlog \
19 pam-plugin-motd \
20 pam-plugin-mail \
21 pam-plugin-shells \
22 pam-plugin-rootok"
23
24DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
25RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
26
27# since we deduce from ${SERIAL_CONSOLE}
28PACKAGE_ARCH = "${MACHINE_ARCH}"
29
30# Additional Policy files for PAM
31PAM_SRC_URI = "file://pam.d/chfn \
32 file://pam.d/chpasswd \
33 file://pam.d/chsh \
34 file://pam.d/login \
35 file://pam.d/newusers \
36 file://pam.d/passwd \
37 file://pam.d/su"
38
39SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
40 file://login_defs_pam.sed \
41 ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
42 file://securetty"
43
44inherit autotools gettext
45
46EXTRA_OECONF += "--without-audit \
47 --without-libcrack \
48 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
49 --without-selinux"
50
51do_install_append() {
52 # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
53 # reconfigures Shadow to default (see sed below).
54 install -d ${D}${localstatedir}/spool/mail
55
56 if [ -e ${WORKDIR}/pam.d ]; then
57 install -d ${D}${sysconfdir}/pam.d/
58 install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
59 # Remove defaults that are not used when supporting PAM
60 sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
61 fi
62
63 # Enable CREATE_HOME by default.
64 sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
65
66 # As we are on an embedded system ensure the users mailbox is in ~/ not
67 # /var/spool/mail by default as who knows where or how big /var is.
68 # The system MDA will set this later anyway.
69 sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
70 sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
71
72 # disable checking emails at all
73 sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
74
75 # now we don't have a mail system. disable mail creation for now
76 sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
77 sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
78
79 install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
80 for i in passwd chfn newgrp chsh ; do
81 mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN}
82 done
83
84 mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
85 mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN}
86 mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN}
87 mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN}
88
89 # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
90 if [ ! -z "${SERIAL_CONSOLE}" ]; then
91 # our SERIAL_CONSOLE contains baud rate too and sometime -L option as well.
92 # the following pearl :) takes that and converts it into newline sepated tty's and appends
93 # them into securetty. So if a machine has a weird looking console device node (e.g. ttyAMA0) that securetty
94 # does not know then it will get appended to securetty and root login will be allowed on
95 # that console.
96 echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]" >> ${WORKDIR}/securetty
97 fi
98 install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
99}
100
101pkg_postinst_${PN} () {
102 update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200
103 update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200
104 update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200
105 update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200
106 update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200
107 update-alternatives --install ${base_bindir}/login login login.${PN} 200
108 update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200
109 update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200
110
111 if [ "x$D" != "x" ]; then
112 exit 1
113 fi
114
115 pwconv
116 grpconv
117}
118
119pkg_prerm_${PN} () {
120 for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do
121 update-alternatives --remove $i $i.${PN}
122 done
123}
diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
index c8aa223b65..930ef3d04d 100644
--- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
+++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
@@ -1,14 +1,137 @@
1require shadow.inc 1SUMMARY = "Tools to change and administer password and group data"
2DESCRIPTION = "Tools to change and administer password and group data"
3HOMEPAGE = "http://pkg-shadow.alioth.debian.org"
4BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
5SECTION = "base utils"
6PRIORITY = "optional"
7LICENSE = "BSD | Artistic"
8LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
9 file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe"
2 10
3PR = "r1" 11DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
12RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
13PR = "r2"
4 14
5SRC_URI += "file://shadow.automake-1.11.patch \ 15SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
6 file://shadow-4.1.3-dots-in-usernames.patch \ 16 file://login_defs_pam.sed \
7 file://shadow-4.1.4.2-env-reset-keep-locale.patch \ 17 ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
8 file://shadow-4.1.4.2-groupmod-pam-check.patch \ 18 file://securetty \
9 file://shadow-4.1.4.2-su_no_sanitize_env.patch" 19 file://shadow.automake-1.11.patch \
20 file://shadow-4.1.3-dots-in-usernames.patch \
21 file://shadow-4.1.4.2-env-reset-keep-locale.patch \
22 file://shadow-4.1.4.2-groupmod-pam-check.patch \
23 file://shadow-4.1.4.2-su_no_sanitize_env.patch"
10 24
11SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" 25SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
12SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" 26SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
13 27
14EXTRA_OECONF_libc-uclibc += " --with-nscd=no " 28inherit autotools gettext
29
30# Since we deduce our arch from ${SERIAL_CONSOLE}
31PACKAGE_ARCH = "${MACHINE_ARCH}"
32
33EXTRA_OECONF += "--without-audit \
34 --without-libcrack \
35 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
36 --without-selinux"
37EXTRA_OECONF_libc-uclibc += "--with-nscd=no"
38
39PAM_PLUGINS = "libpam-runtime \
40 pam-plugin-faildelay \
41 pam-plugin-securetty \
42 pam-plugin-nologin \
43 pam-plugin-env \
44 pam-plugin-group \
45 pam-plugin-limits \
46 pam-plugin-lastlog \
47 pam-plugin-motd \
48 pam-plugin-mail \
49 pam-plugin-shells \
50 pam-plugin-rootok"
51
52# Additional Policy files for PAM
53PAM_SRC_URI = "file://pam.d/chfn \
54 file://pam.d/chpasswd \
55 file://pam.d/chsh \
56 file://pam.d/login \
57 file://pam.d/newusers \
58 file://pam.d/passwd \
59 file://pam.d/su"
60
61do_install_append() {
62 # Ensure that the image has as a /var/spool/mail dir so shadow can
63 # put mailboxes there if the user reconfigures shadow to its
64 # defaults (see sed below).
65 install -d ${D}${localstatedir}/spool/mail
66
67 if [ -e ${WORKDIR}/pam.d ]; then
68 install -d ${D}${sysconfdir}/pam.d/
69 install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
70 # Remove defaults that are not used when supporting PAM.
71 sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
72 fi
73
74 # Enable CREATE_HOME by default.
75 sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
76
77 # As we are on an embedded system, ensure the users mailbox is in
78 # ~/ not /var/spool/mail by default, as who knows where or how big
79 # /var is. The system MDA will set this later anyway.
80 sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
81 sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
82
83 # Disable checking emails.
84 sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
85
86 # Now we don't have a mail system. Disable mail creation for now.
87 sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
88 sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
89
90 install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
91 for i in passwd chfn newgrp chsh ; do
92 mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN}
93 done
94
95 mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
96 mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN}
97 mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN}
98 mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN}
99
100 # Ensure we add a suitable securetty file to the package that has
101 # most common embedded TTYs defined.
102 if [ ! -z "${SERIAL_CONSOLE}" ]; then
103 # Our SERIAL_CONSOLE contains a baud rate and sometimes a -L
104 # option as well. The following pearl :) takes that and converts
105 # it into newline-separated tty's and appends them into
106 # securetty. So if a machine has a weird looking console device
107 # node (e.g. ttyAMA0) that securetty does not know, it will get
108 # appended to securetty and root logins will be allowed on that
109 # console.
110 echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]" >> ${WORKDIR}/securetty
111 fi
112 install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
113}
114
115pkg_postinst_${PN} () {
116 update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200
117 update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200
118 update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200
119 update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200
120 update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200
121 update-alternatives --install ${base_bindir}/login login login.${PN} 200
122 update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200
123 update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200
124
125 if [ "x$D" != "x" ]; then
126 exit 1
127 fi
128
129 pwconv
130 grpconv
131}
132
133pkg_prerm_${PN} () {
134 for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do
135 update-alternatives --remove $i $i.${PN}
136 done
137}