1 files changed, 170 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam_1.7.1.bb b/meta/recipes-extended/pam/libpam_1.7.1.bb
new file mode 100644
index 0000000000..565b00c264
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam_1.7.1.bb
@@ -0,0 +1,170 @@
+DISABLE_STATIC = ""
+SUMMARY = "Linux-PAM (Pluggable Authentication Modules)"
+DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users"
+HOMEPAGE = "https://fedorahosted.org/linux-pam/"
+BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket"
+SECTION = "base"
+# PAM is dual licensed under GPL and BSD.
+# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
+# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded
+LICENSE = "GPL-2.0-or-later | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
+                    file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
+                    "
+SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
+           file://99_pam \
+           file://pam.d/common-account \
+           file://pam.d/common-auth \
+           file://pam.d/common-password \
+           file://pam.d/common-session \
+           file://pam.d/common-session-noninteractive \
+           file://pam.d/other \
+           file://run-ptest \
+           file://pam-volatiles.conf \
+           "
+SRC_URI[sha256sum] = "21dbcec6e01dd578f14789eac9024a18941e6f2702a05cf91b28c232eeb26ab0"
+DEPENDS = "bison-native flex-native libxml2-native virtual/crypt"
+EXTRA_OEMESON = "-Ddocs=disabled -Dsecuredir=${base_libdir}/security"
+S = "${UNPACKDIR}/Linux-PAM-${PV}"
+inherit meson gettext pkgconfig systemd ptest github-releases
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit,"
+PACKAGECONFIG[userdb] = "-Dpam_userdb=enabled -Ddb=gdbm,-Dpam_userdb=disabled,gdbm,"
+PACKAGECONFIG[selinux] = "-Dselinux=enabled,-Dselinux=disabled,libselinux,"
+PACKAGES += "${PN}-runtime ${PN}-xtests"
+FILES:${PN} = " \
+    ${libdir}/lib*${SOLIBS} \
+    ${nonarch_libdir}/tmpfiles.d/*.conf \
+"
+FILES:${PN}-dev += "${base_libdir}/security/*.la ${libdir}/*.la ${libdir}/lib*${SOLIBSDEV}"
+FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${nonarch_libdir}/systemd/system"
+FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
+# libpam installs /etc/environment for use with the pam_env plugin. Make sure it is
+# packaged with the pam-plugin-env package to avoid breaking installations which
+# install that file via other packages
+FILES:pam-plugin-env = "${sysconfdir}/environment"
+PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
+def get_multilib_bit(d):
+    baselib = d.getVar('baselib') or ''
+    return baselib.replace('lib', '')
+libpam_suffix = "suffix${@get_multilib_bit(d)}"
+RPROVIDES:${PN} += "${PN}-${libpam_suffix}"
+RPROVIDES:${PN}-runtime += "${PN}-runtime-${libpam_suffix}"
+RDEPENDS:${PN}-runtime = "${PN}-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-deny-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-permit-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-warn-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-unix-${libpam_suffix} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'selinux', '${MLPREFIX}pam-plugin-selinux-${libpam_suffix}', '', d)} \
+    "
+RDEPENDS:${PN}-xtests = "${PN}-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-access-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-debug-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \
+    ${MLPREFIX}pam-plugin-time-${libpam_suffix} \
+    bash coreutils"
+# FIXME: Native suffix breaks here, disable it for now
+RRECOMMENDS:${PN} = "${PN}-runtime-${libpam_suffix}"
+RRECOMMENDS:${PN}:class-native = ""
+python populate_packages:prepend () {
+    def pam_plugin_hook(file, pkg, pattern, format, basename):
+        pn = d.getVar('PN')
+        libpam_suffix = d.getVar('libpam_suffix')
+        rdeps = d.getVar('RDEPENDS:' + pkg)
+        if rdeps:
+            rdeps = rdeps + " " + pn + "-" + libpam_suffix
+        else:
+            rdeps = pn + "-" + libpam_suffix
+        d.setVar('RDEPENDS:' + pkg, rdeps)
+        provides = d.getVar('RPROVIDES:' + pkg)
+        if provides:
+            provides = provides + " " + pkg + "-" + libpam_suffix
+        else:
+            provides = pkg + "-" + libpam_suffix
+        d.setVar('RPROVIDES:' + pkg, provides)
+    mlprefix = d.getVar('MLPREFIX') or ''
+    dvar = d.expand('${WORKDIR}/package')
+    pam_libdir = d.expand('${base_libdir}/security')
+    pam_sbindir = d.expand('${sbindir}')
+    pam_filterdir = d.expand('${base_libdir}/security/pam_filter')
+    pam_pkgname = mlprefix + 'pam-plugin%s'
+    do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname,
+                      'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='', prepend=True)
+    do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
+}
+do_install:append() {
+        # don't install /var/run when populating rootfs. Do it through volatile
+        rm -rf ${D}${localstatedir}
+        if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
+            rm -rf ${D}${sysconfdir}/init.d/
+            rm -rf ${D}${sysconfdir}/rc*
+            install -d ${D}${nonarch_libdir}/tmpfiles.d
+            install -m 0644 ${UNPACKDIR}/pam-volatiles.conf \
+                    ${D}${nonarch_libdir}/tmpfiles.d/pam.conf
+        else
+            install -d ${D}${sysconfdir}/default/volatiles
+            install -m 0644 ${UNPACKDIR}/99_pam \
+                    ${D}${sysconfdir}/default/volatiles/
+        fi
+        install -d ${D}${sysconfdir}/pam.d/
+        install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+        # The lsb requires unix_chkpwd has setuid permission
+        chmod 4755 ${D}${sbindir}/unix_chkpwd
+        if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+                echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session
+        fi
+}
+do_install_ptest() {
+    mkdir -p ${D}${PTEST_PATH}/tests
+    find ${B}/tests -maxdepth 1 -type f -exec cp {} ${D}${PTEST_PATH}/tests \;
+    install -m 0644 ${S}/tests/confdir ${D}${PTEST_PATH}/tests
+}
+pkg_postinst:${PN}() {
+         if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
+                 /etc/init.d/populate-volatile.sh update
+         fi
+}
+inherit features_check
+ANY_OF_DISTRO_FEATURES = "pam systemd"
+BBCLASSEXTEND = "nativesdk native"
+CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session"
+CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-auth"
+CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-password"
+CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session-noninteractive"
+CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-account"
+CONFFILES:${PN}-runtime += "${sysconfdir}/security/limits.conf"
+GITHUB_BASE_URI = "https://github.com/linux-pam/linux-pam/releases"
+CVE_PRODUCT = "linux-pam"

diff --git a/meta/recipes-extended/pam/libpam_1.7.1.bb b/meta/recipes-extended/pam/libpam_1.7.1.bb new file mode 100644 index 0000000000..565b00c264 --- /dev/null +++ b/meta/recipes-extended/pam/libpam_1.7.1.bb
@@ -0,0 +1,170 @@
	1	DISABLE_STATIC = ""
	2	SUMMARY = "Linux-PAM (Pluggable Authentication Modules)"
	3	DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users"
	4	HOMEPAGE = "https://fedorahosted.org/linux-pam/"
	5	BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket"
	6	SECTION = "base"
	7	# PAM is dual licensed under GPL and BSD.
	8	# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
	9	# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded
	10	LICENSE = "GPL-2.0-or-later \| BSD-3-Clause"
	11	LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
	12	file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
	13	"
	14
	15	SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
	16	file://99_pam \
	17	file://pam.d/common-account \
	18	file://pam.d/common-auth \
	19	file://pam.d/common-password \
	20	file://pam.d/common-session \
	21	file://pam.d/common-session-noninteractive \
	22	file://pam.d/other \
	23	file://run-ptest \
	24	file://pam-volatiles.conf \
	25	"
	26
	27	SRC_URI[sha256sum] = "21dbcec6e01dd578f14789eac9024a18941e6f2702a05cf91b28c232eeb26ab0"
	28
	29	DEPENDS = "bison-native flex-native libxml2-native virtual/crypt"
	30
	31	EXTRA_OEMESON = "-Ddocs=disabled -Dsecuredir=${base_libdir}/security"
	32
	33	S = "${UNPACKDIR}/Linux-PAM-${PV}"
	34
	35	inherit meson gettext pkgconfig systemd ptest github-releases
	36
	37	PACKAGECONFIG ??= ""
	38	PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit,"
	39	PACKAGECONFIG[userdb] = "-Dpam_userdb=enabled -Ddb=gdbm,-Dpam_userdb=disabled,gdbm,"
	40	PACKAGECONFIG[selinux] = "-Dselinux=enabled,-Dselinux=disabled,libselinux,"
	41
	42	PACKAGES += "${PN}-runtime ${PN}-xtests"
	43	FILES:${PN} = " \
	44	${libdir}/lib*${SOLIBS} \
	45	${nonarch_libdir}/tmpfiles.d/*.conf \
	46	"
	47	FILES:${PN}-dev += "${base_libdir}/security/.la ${libdir}/.la ${libdir}/lib*${SOLIBSDEV}"
	48	FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${nonarch_libdir}/systemd/system"
	49	FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
	50
	51	# libpam installs /etc/environment for use with the pam_env plugin. Make sure it is
	52	# packaged with the pam-plugin-env package to avoid breaking installations which
	53	# install that file via other packages
	54	FILES:pam-plugin-env = "${sysconfdir}/environment"
	55
	56	PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
	57
	58	def get_multilib_bit(d):
	59	baselib = d.getVar('baselib') or ''
	60	return baselib.replace('lib', '')
	61
	62	libpam_suffix = "suffix${@get_multilib_bit(d)}"
	63
	64	RPROVIDES:${PN} += "${PN}-${libpam_suffix}"
	65	RPROVIDES:${PN}-runtime += "${PN}-runtime-${libpam_suffix}"
	66
	67	RDEPENDS:${PN}-runtime = "${PN}-${libpam_suffix} \
	68	${MLPREFIX}pam-plugin-deny-${libpam_suffix} \
	69	${MLPREFIX}pam-plugin-permit-${libpam_suffix} \
	70	${MLPREFIX}pam-plugin-warn-${libpam_suffix} \
	71	${MLPREFIX}pam-plugin-unix-${libpam_suffix} \
	72	${@bb.utils.contains('PACKAGECONFIG', 'selinux', '${MLPREFIX}pam-plugin-selinux-${libpam_suffix}', '', d)} \
	73	"
	74	RDEPENDS:${PN}-xtests = "${PN}-${libpam_suffix} \
	75	${MLPREFIX}pam-plugin-access-${libpam_suffix} \
	76	${MLPREFIX}pam-plugin-debug-${libpam_suffix} \
	77	${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \
	78	${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \
	79	${MLPREFIX}pam-plugin-time-${libpam_suffix} \
	80	bash coreutils"
	81
	82	# FIXME: Native suffix breaks here, disable it for now
	83	RRECOMMENDS:${PN} = "${PN}-runtime-${libpam_suffix}"
	84	RRECOMMENDS:${PN}:class-native = ""
	85
	86	python populate_packages:prepend () {
	87	def pam_plugin_hook(file, pkg, pattern, format, basename):
	88	pn = d.getVar('PN')
	89	libpam_suffix = d.getVar('libpam_suffix')
	90
	91	rdeps = d.getVar('RDEPENDS:' + pkg)
	92	if rdeps:
	93	rdeps = rdeps + " " + pn + "-" + libpam_suffix
	94	else:
	95	rdeps = pn + "-" + libpam_suffix
	96	d.setVar('RDEPENDS:' + pkg, rdeps)
	97
	98	provides = d.getVar('RPROVIDES:' + pkg)
	99	if provides:
	100	provides = provides + " " + pkg + "-" + libpam_suffix
	101	else:
	102	provides = pkg + "-" + libpam_suffix
	103	d.setVar('RPROVIDES:' + pkg, provides)
	104
	105	mlprefix = d.getVar('MLPREFIX') or ''
	106	dvar = d.expand('${WORKDIR}/package')
	107	pam_libdir = d.expand('${base_libdir}/security')
	108	pam_sbindir = d.expand('${sbindir}')
	109	pam_filterdir = d.expand('${base_libdir}/security/pam_filter')
	110	pam_pkgname = mlprefix + 'pam-plugin%s'
	111
	112	do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname,
	113	'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='', prepend=True)
	114	do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
	115	}
	116
	117	do_install:append() {
	118	# don't install /var/run when populating rootfs. Do it through volatile
	119	rm -rf ${D}${localstatedir}
	120
	121	if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
	122	rm -rf ${D}${sysconfdir}/init.d/
	123	rm -rf ${D}${sysconfdir}/rc*
	124	install -d ${D}${nonarch_libdir}/tmpfiles.d
	125	install -m 0644 ${UNPACKDIR}/pam-volatiles.conf \
	126	${D}${nonarch_libdir}/tmpfiles.d/pam.conf
	127	else
	128	install -d ${D}${sysconfdir}/default/volatiles
	129	install -m 0644 ${UNPACKDIR}/99_pam \
	130	${D}${sysconfdir}/default/volatiles/
	131	fi
	132
	133	install -d ${D}${sysconfdir}/pam.d/
	134	install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
	135
	136	# The lsb requires unix_chkpwd has setuid permission
	137	chmod 4755 ${D}${sbindir}/unix_chkpwd
	138
	139	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
	140	echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session
	141	fi
	142	}
	143
	144	do_install_ptest() {
	145	mkdir -p ${D}${PTEST_PATH}/tests
	146	find ${B}/tests -maxdepth 1 -type f -exec cp {} ${D}${PTEST_PATH}/tests \;
	147	install -m 0644 ${S}/tests/confdir ${D}${PTEST_PATH}/tests
	148	}
	149
	150	pkg_postinst:${PN}() {
	151	if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
	152	/etc/init.d/populate-volatile.sh update
	153	fi
	154	}
	155
	156	inherit features_check
	157	ANY_OF_DISTRO_FEATURES = "pam systemd"
	158
	159	BBCLASSEXTEND = "nativesdk native"
	160
	161	CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session"
	162	CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-auth"
	163	CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-password"
	164	CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session-noninteractive"
	165	CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-account"
	166	CONFFILES:${PN}-runtime += "${sysconfdir}/security/limits.conf"
	167
	168	GITHUB_BASE_URI = "https://github.com/linux-pam/linux-pam/releases"
	169
	170	CVE_PRODUCT = "linux-pam"