diff options
Diffstat (limited to 'meta/recipes-extended/shadow/shadow.inc')
-rw-r--r-- | meta/recipes-extended/shadow/shadow.inc | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc new file mode 100644 index 0000000000..fcbcb3eb75 --- /dev/null +++ b/meta/recipes-extended/shadow/shadow.inc | |||
@@ -0,0 +1,121 @@ | |||
1 | DESCRIPTION = "Tools to change and administer password and group data." | ||
2 | HOMEPAGE = "http://pkg-shadow.alioth.debian.org/" | ||
3 | BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" | ||
4 | SECTION = "base utils" | ||
5 | LICENSE = "BSD | Artistic" | ||
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \ | ||
7 | file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe" | ||
8 | |||
9 | PAM_PLUGINS = " libpam-runtime \ | ||
10 | pam-plugin-faildelay \ | ||
11 | pam-plugin-securetty \ | ||
12 | pam-plugin-nologin \ | ||
13 | pam-plugin-env \ | ||
14 | pam-plugin-group \ | ||
15 | pam-plugin-limits \ | ||
16 | pam-plugin-lastlog \ | ||
17 | pam-plugin-motd \ | ||
18 | pam-plugin-mail \ | ||
19 | pam-plugin-shells \ | ||
20 | pam-plugin-rootok" | ||
21 | |||
22 | DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | ||
23 | RDEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}" | ||
24 | |||
25 | # since we deduce from ${SERIAL_CONSOLE} | ||
26 | PACKAGE_ARCH = "${MACHINE_ARCH}" | ||
27 | |||
28 | # Additional Policy files for PAM | ||
29 | PAM_SRC_URI = "file://pam.d/chfn \ | ||
30 | file://pam.d/chpasswd \ | ||
31 | file://pam.d/chsh \ | ||
32 | file://pam.d/login \ | ||
33 | file://pam.d/newusers \ | ||
34 | file://pam.d/passwd \ | ||
35 | file://pam.d/su" | ||
36 | |||
37 | SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \ | ||
38 | file://login_defs_pam.sed \ | ||
39 | ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | ||
40 | file://securetty" | ||
41 | |||
42 | inherit autotools gettext | ||
43 | |||
44 | EXTRA_OECONF += "--without-audit \ | ||
45 | --without-libcrack \ | ||
46 | ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \ | ||
47 | --without-selinux" | ||
48 | |||
49 | do_install_append() { | ||
50 | # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user | ||
51 | # reconfigures Shadow to default (see sed below). | ||
52 | install -d ${D}${localstatedir}/spool/mail | ||
53 | |||
54 | if [ -e ${WORKDIR}/pam.d ]; then | ||
55 | install -d ${D}${sysconfdir}/pam.d/ | ||
56 | install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ | ||
57 | # Remove defaults that are not used when supporting PAM | ||
58 | sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs | ||
59 | fi | ||
60 | |||
61 | # Enable CREATE_HOME by default. | ||
62 | sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs | ||
63 | |||
64 | # As we are on an embedded system ensure the users mailbox is in ~/ not | ||
65 | # /var/spool/mail by default as who knows where or how big /var is. | ||
66 | # The system MDA will set this later anyway. | ||
67 | sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs | ||
68 | sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs | ||
69 | |||
70 | # disable checking emails at all | ||
71 | sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs | ||
72 | |||
73 | # now we don't have a mail system. disable mail creation for now | ||
74 | sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd | ||
75 | sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd | ||
76 | |||
77 | install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} | ||
78 | for i in passwd chfn newgrp chsh ; do | ||
79 | mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN} | ||
80 | done | ||
81 | |||
82 | mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN} | ||
83 | mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN} | ||
84 | mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN} | ||
85 | mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN} | ||
86 | |||
87 | # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined. | ||
88 | if [ ! -z "${SERIAL_CONSOLE}" ]; then | ||
89 | # our SERIAL_CONSOLE contains baud rate too and sometime -L option as well. | ||
90 | # the following pearl :) takes that and converts it into newline sepated tty's and appends | ||
91 | # them into securetty. So if a machine has a weird looking console device node (e.g. ttyAMA0) that securetty | ||
92 | # does not know then it will get appended to securetty and root login will be allowed on | ||
93 | # that console. | ||
94 | echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]" >> ${WORKDIR}/securetty | ||
95 | fi | ||
96 | install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty | ||
97 | } | ||
98 | |||
99 | pkg_postinst_${PN} () { | ||
100 | update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200 | ||
101 | update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200 | ||
102 | update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200 | ||
103 | update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200 | ||
104 | update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200 | ||
105 | update-alternatives --install ${base_bindir}/login login login.${PN} 200 | ||
106 | update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200 | ||
107 | update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200 | ||
108 | |||
109 | if [ "x$D" != "x" ]; then | ||
110 | exit 1 | ||
111 | fi | ||
112 | |||
113 | pwconv | ||
114 | grpconv | ||
115 | } | ||
116 | |||
117 | pkg_prerm_${PN} () { | ||
118 | for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do | ||
119 | update-alternatives --remove $i $i.${PN} | ||
120 | done | ||
121 | } | ||