[ptxdist] [PATCH 0/4] PAM

[ptxdist] [PATCH 0/4] PAM

[Ladislav Michl]

Hi there!

Recently I found that for some projects the only remaining utility
I'm using from busybox is login. And that there is no alternative.

Until now... And now you can choose between Busybox' login, util-linux'
login and shadow-utils' login. And yes, we'll need some clever way
to prevent conflicts.

This time GLOBAL_PAM_OPTION was introduced and we are using it, but
there's more to do: cifs-utils, cups, ecryptfs-utils, inetutils,
libcgroup, lighttpd, lxc, monit, openssh, openvpn, policycoreutils,
postgresql, proftpd, pureftpd, samba, strongswan, sudo, systemd,
weston and xorg-app-xdm.
Above packages could be easily modified once someone feels need to
do so.

This patchset enables you to build decent desktop distribution
for your favourite machine you might found in garage, but there's
still common PAM policy missing. That's why my BSP still contains:
$ cat projectroot/etc/pam.d/login 
auth	required	pam_permit.so
account	required	pam_permit.so
session	required	pam_permit.so

That circular dependency problem "solved" itself by moving selinux
into staging, so I disabled global selinux option for pam. Let's
see how many people are interested in selinux support in PTXdist -
and applogies for not trying to fix it properly.

Comments welcome.

Ladislav Michl (4):
  pam: new package
  Introduce global PAM option
  util-linux: optionally build login program
  shadow: new package

 rules/core-pam.in        |   8 ++
 rules/pam.in             |  10 +++
 rules/pam.make           |  73 ++++++++++++++++++
 rules/pre/Rules.make     |   6 ++
 rules/shadow.in          | 148 ++++++++++++++++++++++++++++++++++++
 rules/shadow.make        | 157 +++++++++++++++++++++++++++++++++++++++
 rules/util-linux-ng.in   |  16 ++++
 rules/util-linux-ng.make |   5 +-
 8 files changed, 422 insertions(+), 1 deletion(-)
 create mode 100644 rules/core-pam.in
 create mode 100644 rules/pam.in
 create mode 100644 rules/pam.make
 create mode 100644 rules/shadow.in
 create mode 100644 rules/shadow.make

-- 
2.24.0

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 1/4] pam: new package

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 rules/pam.in   | 10 +++++++
 rules/pam.make | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 rules/pam.in
 create mode 100644 rules/pam.make

diff --git a/rules/pam.in b/rules/pam.in
new file mode 100644
index 000000000..75d5ef42c
--- /dev/null
+++ b/rules/pam.in
@@ -0,0 +1,10 @@
+## SECTION=security
+
+config PAM
+	tristate
+	prompt "PAM"
+	select LIBC_CRYPT
+	help
+	  Linux-PAM (Pluggable Authentication Modules for Linux) is a suite
+	  of shared libraries that enable the local system administrator to
+	  choose how applications authenticate users.
diff --git a/rules/pam.make b/rules/pam.make
new file mode 100644
index 000000000..130744db8
--- /dev/null
+++ b/rules/pam.make
@@ -0,0 +1,73 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_PAM) += pam
+
+#
+# Paths and names
+#
+PAM_VERSION	:= 1.3.1
+PAM_MD5		:= 558ff53b0fc0563ca97f79e911822165
+PAM		:= Linux-PAM-$(PAM_VERSION)
+PAM_SUFFIX	:= tar.xz
+PAM_URL		:= https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX)
+PAM_SOURCE	:= $(SRCDIR)/$(PAM).$(PAM_SUFFIX)
+PAM_DIR		:= $(BUILDDIR)/$(PAM)
+PAM_LICENSE	:= unknown
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+PAM_CONF_TOOL	:= autoconf
+PAM_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	$(GLOBAL_LARGE_FILE_OPTION) \
+	--disable-lckpwdf \
+	--disable-cracklib \
+	--disable-audit \
+	--enable-db=no \
+	--disable-nis \
+	--disable-selinux \
+	--disable-regenerate-docu \
+	--disable-nls \
+	--disable-rpath
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/pam.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, pam)
+	@$(call install_fixup, pam,PRIORITY,optional)
+	@$(call install_fixup, pam,SECTION,base)
+	@$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
+	@$(call install_fixup, pam,DESCRIPTION,missing)
+
+	@$(call install_lib, pam, 0, 0, 0644, libpamc)
+	@$(call install_lib, pam, 0, 0, 0644, libpam_misc)
+	@$(call install_lib, pam, 0, 0, 0644, libpam)
+
+	@$(call install_tree, pam, 0, 0, -, /usr/lib/security)
+
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/environment)
+	@$(call install_alternative_tree, pam, 0, 0, /etc/security)
+
+	@$(call install_finish, pam)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
2.24.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 2/4] Introduce global PAM option

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 rules/core-pam.in    | 8 ++++++++
 rules/pre/Rules.make | 6 ++++++
 2 files changed, 14 insertions(+)
 create mode 100644 rules/core-pam.in

diff --git a/rules/core-pam.in b/rules/core-pam.in
new file mode 100644
index 000000000..0e2c983a5
--- /dev/null
+++ b/rules/core-pam.in
@@ -0,0 +1,8 @@
+## SECTION=core
+
+config GLOBAL_PAM
+	bool
+	prompt "PAM support"
+	help
+	  This will enable PAM for all packages with optional
+	  PAM support.
diff --git a/rules/pre/Rules.make b/rules/pre/Rules.make
index 2924c8d34..64093ddc5 100644
--- a/rules/pre/Rules.make
+++ b/rules/pre/Rules.make
@@ -271,6 +271,12 @@ else
 GLOBAL_LARGE_FILE_OPTION := --disable-largefile
 endif
 
+ifdef PTXCONF_GLOBAL_PAM
+GLOBAL_PAM_OPTION := --enable-pam
+else
+GLOBAL_PAM_OPTION := --disable-pam
+endif
+
 ifdef PTXCONF_GLOBAL_SELINUX
 GLOBAL_SELINUX_OPTION := --enable-selinux
 else
-- 
2.24.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 3/4] util-linux: optionally build login program

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 rules/util-linux-ng.in   | 16 ++++++++++++++++
 rules/util-linux-ng.make |  5 ++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/rules/util-linux-ng.in b/rules/util-linux-ng.in
index 4f230bc60..1178cbfff 100644
--- a/rules/util-linux-ng.in
+++ b/rules/util-linux-ng.in
@@ -7,6 +7,7 @@ menuconfig UTIL_LINUX_NG
 	select UTIL_LINUX_NG_LIBBLKID
 	select UTIL_LINUX_NG_LIBUUID		if UTIL_LINUX_NG_MKSWAP_UUID
 	select NCURSES				if UTIL_LINUX_NG_USES_NCURSES
+	select PAM				if UTIL_LINUX_NG_USES_PAM
 
 if UTIL_LINUX_NG
 
@@ -32,6 +33,9 @@ config UTIL_LINUX_NG_FDISKS
 config UTIL_LINUX_NG_USES_NCURSES
 	bool
 
+config UTIL_LINUX_NG_USES_PAM
+	bool
+
 config UTIL_LINUX_NG_PARTX_TOOLS
 	select UTIL_LINUX_NG_LIBBLKID
 	select UTIL_LINUX_NG_LIBSMARTCOLS
@@ -441,4 +445,16 @@ config UTIL_LINUX_NG_LSCPU
 	help
 	  lscpu shows information about the CPU architecture
 
+config UTIL_LINUX_NG_LOGIN
+	bool
+	select UTIL_LINUX_NG_USES_PAM
+	depends on GLOBAL_PAM && (!BUSYBOX_LOGIN || ALLYES)
+	prompt "login"
+	help
+	  The login program is used to establish a new session with
+	  the system.
+
+comment "BusyBox' login is selected!"
+	depends on BUSYBOX_LOGIN
+
 endif
diff --git a/rules/util-linux-ng.make b/rules/util-linux-ng.make
index cda06a4a6..cc09e13d3 100644
--- a/rules/util-linux-ng.make
+++ b/rules/util-linux-ng.make
@@ -115,7 +115,7 @@ UTIL_LINUX_NG_CONF_OPT	:= \
 	--disable-chfn-chsh-password \
 	--disable-chfn-chsh \
 	--disable-chsh-only-listed \
-	--disable-login \
+	--$(call ptx/endis, PTXCONF_UTIL_LINUX_NG_LOGIN)-login \
 	--disable-login-chown-vcs \
 	--disable-login-stat-mail \
 	--disable-nologin \
@@ -312,6 +312,9 @@ endif
 ifdef PTXCONF_UTIL_LINUX_NG_LSCPU
 	@$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/lscpu)
 endif
+ifdef PTXCONF_UTIL_LINUX_NG_LOGIN
+	@$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/login)
+endif
 
 	@$(call install_finish, util-linux-ng)
 
-- 
2.24.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH 4/4] shadow: new package

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 rules/shadow.in   | 148 +++++++++++++++++++++++++++++++++++++++++++
 rules/shadow.make | 157 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 305 insertions(+)
 create mode 100644 rules/shadow.in
 create mode 100644 rules/shadow.make

diff --git a/rules/shadow.in b/rules/shadow.in
new file mode 100644
index 000000000..d2fbbb478
--- /dev/null
+++ b/rules/shadow.in
@@ -0,0 +1,148 @@
+## SECTION=shell_and_console
+
+menuconfig SHADOW
+	tristate
+	depends on GLOBAL_PAM
+	select LIBC_CRYPT
+	select LIBSELINUX	if GLOBAL_SELINUX
+	select PAM
+	prompt "shadow                        "
+	help
+	  Password and account management tool suite with support
+	  for shadow files and PAM.
+
+if SHADOW
+
+config SHADOW_CHGPASSWD
+	bool
+	prompt "chgpasswd"
+
+config SHADOW_CHPASSWD
+	bool
+	prompt "chpasswd"
+
+config SHADOW_GROUPADD
+	bool
+	prompt "groupadd"
+
+config SHADOW_GROUPDEL
+	bool
+	prompt "groupdel"
+
+config SHADOW_GROUPMEMS
+	bool
+	prompt "groupmems"
+
+config SHADOW_GROUPMOD
+	bool
+	prompt "groupmod"
+
+config SHADOW_GRPCK
+	bool
+	prompt "grpck"
+
+config SHADOW_GRPCONV
+	bool
+	prompt "grpconv"
+
+config SHADOW_GRPUNCONV
+	bool
+	prompt "grpunconv"
+
+config SHADOW_LOGOUTD
+	bool
+	prompt "logoutd"
+
+config SHADOW_NEWUSERS
+	bool
+	prompt "newusers"
+
+config SHADOW_NOLOGIN
+	bool
+	prompt "nologin"
+
+config SHADOW_PWCK
+	bool
+	prompt "pwck"
+
+config SHADOW_PWCONV
+	bool
+	prompt "pwconv"
+
+config SHADOW_PWUNCONV
+	bool
+	prompt "pwunconv"
+
+config SHADOW_USERADD
+	bool
+	prompt "useradd"
+
+config SHADOW_USERDEL
+	bool
+	prompt "userdel"
+
+config SHADOW_USERMOD
+	bool
+	prompt "usermod"
+
+config SHADOW_VIPW
+	bool
+	prompt "vipw"
+
+config SHADOW_CHAGE
+	bool
+	prompt "chage"
+
+config SHADOW_CHFN
+	bool
+	prompt "chfn"
+
+config SHADOW_CHSH
+	bool
+	prompt "chsh"
+
+config SHADOW_EXPIRY
+	bool
+	prompt "expiry"
+
+config SHADOW_FAILLOG
+	bool
+	prompt "faillog"
+
+config SHADOW_GPASSWD
+	bool
+	prompt "gpasswd"
+
+config SHADOW_GROUPS
+	bool
+	prompt "groups"
+
+config SHADOW_LASTLOG
+	bool
+	prompt "lastlog"
+
+config SHADOW_LOGIN
+	bool
+	prompt "login"
+
+config SHADOW_NEWGIDMAP
+	bool
+	prompt "newgidmap"
+
+config SHADOW_NEWGRP
+	bool
+	prompt "newgrp"
+
+config SHADOW_NEWUIDMAP
+	bool
+	prompt "newuidmap"
+
+config SHADOW_PASSWD
+	bool
+	prompt "passwd"
+
+config SHADOW_SU
+	bool
+	prompt "su"
+
+endif
diff --git a/rules/shadow.make b/rules/shadow.make
new file mode 100644
index 000000000..d969adcd0
--- /dev/null
+++ b/rules/shadow.make
@@ -0,0 +1,157 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_SHADOW) += shadow
+
+#
+# Paths and names
+#
+SHADOW_VERSION	:= 4.6
+SHADOW_MD5	:= b491fecbf1232632c32ff8f1437fd60e
+SHADOW		:= shadow-$(SHADOW_VERSION)
+SHADOW_SUFFIX	:= tar.xz
+SHADOW_URL	:= https://github.com/shadow-maint/shadow/releases/download/$(SHADOW_VERSION)/$(SHADOW).$(SHADOW_SUFFIX)
+SHADOW_SOURCE	:= $(SRCDIR)/$(SHADOW).$(SHADOW_SUFFIX)
+SHADOW_DIR	:= $(BUILDDIR)/$(SHADOW)
+SHADOW_LICENSE	:= BSD-3-Clause
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+SHADOW_CONF_TOOL	:= autoconf
+SHADOW_CONF_OPT		:= \
+	$(CROSS_AUTOCONF_USR) \
+	--bindir=/usr/bin \
+	--sbindir=/usr/sbin \
+	$(GLOBAL_LARGE_FILE_OPTION) \
+	--enable-shadowgrp \
+	--disable-man \
+	--$(call ptx/endis, PTXCONF_GLOBAL_PAM)-account-tools-setuid \
+	--disable-utmpx \
+	--enable-subordinate-ids \
+	--disable-nls \
+	--disable-rpath \
+	--without-audit \
+	--$(call ptx/wwo, PTXCONF_GLOBAL_PAM)-libpam \
+	--$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \
+	--without-acl \
+  	--without-attr \
+	--without-skey \
+	--without-tcb \
+	--without-libcrack \
+	--with-sha-crypt \
+  	--without-nscd
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+SHADOW_PROGS_TARGET_y				:=
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHGPASSWD)	+= chgpasswd
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHPASSWD)	+= chpasswd
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPADD)	+= groupadd
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPDEL)	+= groupdel
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMEMS)	+= groupmems
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMOD)	+= groupmod
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCK)	+= grpck
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCONV)	+= grpconv
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPUNCONV)	+= grpunconv
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_LOGOUTD)	+= logoutd
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NEWUSERS)	+= newusers
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NOLOGIN)	+= nologin
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCK)	+= pwck
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCONV)	+= pwconv
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWUNCONV)	+= pwunconv
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERADD)	+= useradd
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERDEL)	+= userdel
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERMOD)	+= usermod
+SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_VIPW)	+= vipw
+
+SHADOW_PERMS := $(if $(strip $(GPSD_PROGS-y)),4755,0755)
+
+$(STATEDIR)/shadow.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, shadow)
+	@$(call install_fixup, shadow,PRIORITY,optional)
+	@$(call install_fixup, shadow,SECTION,base)
+	@$(call install_fixup, shadow,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
+	@$(call install_fixup, shadow,DESCRIPTION,missing)
+ifdef PTXCONF_SHADOW_CHAGE
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chage)
+endif
+ifdef PTXCONF_SHADOW_CHFN
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chfn)
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chfn)
+endif
+ifdef PTXCONF_SHADOW_CHSH
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chsh)
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chsh)
+endif
+ifdef PTXCONF_SHADOW_EXPIRY
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/expiry)
+endif
+ifdef PTXCONF_SHADOW_FAILLOG
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/faillog)
+endif
+ifdef PTXCONF_SHADOW_GPASSWD
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/gpasswd)
+endif
+ifdef PTXCONF_SHADOW_GROUPS
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/groups)
+endif
+ifdef PTXCONF_SHADOW_LASTLOG
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/lastlog)
+endif
+ifdef PTXCONF_SHADOW_LOGIN
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/login.defs)
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/login)
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/login)
+endif
+ifdef PTXCONF_SHADOW_NEWGIDMAP
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgidmap)
+endif
+ifdef PTXCONF_SHADOW_NEWGRP
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgrp)
+	@$(call install_link, shadow, newgrp, /usr/bin/sg)
+endif
+ifdef PTXCONF_SHADOW_NEWUIDMAP
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newuidmap)
+endif
+ifdef PTXCONF_SHADOW_PASSWD
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/passwd)
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/passwd)
+endif
+ifdef PTXCONF_SHADOW_SU
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/su)
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/su)
+endif
+	@$(foreach prog, $(SHADOW_PROGS_TARGET_y), \
+		$(call install_copy, shadow, 0, 0, 0755, -, \
+			/usr/sbin/$(prog));)
+ifdef PTXCONF_SHADOW_VIPW
+	@$(call install_link, shadow, vipw, /usr/sbin/wigr)
+endif
+ifdef PTXCONF_SHADOW_USERADD
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/default/useradd)
+endif
+ifdef PTXCONF_SHADOW_GROUPMEMS
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/groupmems)
+endif
+	@$(call install_finish, shadow)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
2.24.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH 1/4] pam: new package

[Michael Olbrich]

On Tue, Dec 10, 2019 at 09:09:05PM +0100, Ladislav Michl wrote:
> Signed-off-by: Ladislav Michl <ladis@linux-mips.org>

See my comments for the last version.

Michael

> ---
>  rules/pam.in   | 10 +++++++
>  rules/pam.make | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 83 insertions(+)
>  create mode 100644 rules/pam.in
>  create mode 100644 rules/pam.make
> 
> diff --git a/rules/pam.in b/rules/pam.in
> new file mode 100644
> index 000000000..75d5ef42c
> --- /dev/null
> +++ b/rules/pam.in
> @@ -0,0 +1,10 @@
> +## SECTION=security
> +
> +config PAM
> +	tristate
> +	prompt "PAM"
> +	select LIBC_CRYPT
> +	help
> +	  Linux-PAM (Pluggable Authentication Modules for Linux) is a suite
> +	  of shared libraries that enable the local system administrator to
> +	  choose how applications authenticate users.
> diff --git a/rules/pam.make b/rules/pam.make
> new file mode 100644
> index 000000000..130744db8
> --- /dev/null
> +++ b/rules/pam.make
> @@ -0,0 +1,73 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_PAM) += pam
> +
> +#
> +# Paths and names
> +#
> +PAM_VERSION	:= 1.3.1
> +PAM_MD5		:= 558ff53b0fc0563ca97f79e911822165
> +PAM		:= Linux-PAM-$(PAM_VERSION)
> +PAM_SUFFIX	:= tar.xz
> +PAM_URL		:= https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX)
> +PAM_SOURCE	:= $(SRCDIR)/$(PAM).$(PAM_SUFFIX)
> +PAM_DIR		:= $(BUILDDIR)/$(PAM)
> +PAM_LICENSE	:= unknown
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +PAM_CONF_TOOL	:= autoconf
> +PAM_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	$(GLOBAL_LARGE_FILE_OPTION) \
> +	--disable-lckpwdf \
> +	--disable-cracklib \
> +	--disable-audit \
> +	--enable-db=no \
> +	--disable-nis \
> +	--disable-selinux \
> +	--disable-regenerate-docu \
> +	--disable-nls \
> +	--disable-rpath
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/pam.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, pam)
> +	@$(call install_fixup, pam,PRIORITY,optional)
> +	@$(call install_fixup, pam,SECTION,base)
> +	@$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
> +	@$(call install_fixup, pam,DESCRIPTION,missing)
> +
> +	@$(call install_lib, pam, 0, 0, 0644, libpamc)
> +	@$(call install_lib, pam, 0, 0, 0644, libpam_misc)
> +	@$(call install_lib, pam, 0, 0, 0644, libpam)
> +
> +	@$(call install_tree, pam, 0, 0, -, /usr/lib/security)
> +
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/environment)
> +	@$(call install_alternative_tree, pam, 0, 0, /etc/security)
> +
> +	@$(call install_finish, pam)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 2.24.0
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH 4/4] shadow: new package

[Michael Olbrich]

On Tue, Dec 10, 2019 at 09:11:28PM +0100, Ladislav Michl wrote:
> Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
> ---
>  rules/shadow.in   | 148 +++++++++++++++++++++++++++++++++++++++++++
>  rules/shadow.make | 157 ++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 305 insertions(+)
>  create mode 100644 rules/shadow.in
>  create mode 100644 rules/shadow.make
> 
> diff --git a/rules/shadow.in b/rules/shadow.in
> new file mode 100644
> index 000000000..d2fbbb478
> --- /dev/null
> +++ b/rules/shadow.in
> @@ -0,0 +1,148 @@
> +## SECTION=shell_and_console
> +
> +menuconfig SHADOW
> +	tristate
> +	depends on GLOBAL_PAM
> +	select LIBC_CRYPT
> +	select LIBSELINUX	if GLOBAL_SELINUX
> +	select PAM
> +	prompt "shadow                        "
> +	help
> +	  Password and account management tool suite with support
> +	  for shadow files and PAM.
> +
> +if SHADOW
> +
> +config SHADOW_CHGPASSWD
> +	bool
> +	prompt "chgpasswd"
> +
> +config SHADOW_CHPASSWD
> +	bool
> +	prompt "chpasswd"
> +
> +config SHADOW_GROUPADD
> +	bool
> +	prompt "groupadd"
> +
> +config SHADOW_GROUPDEL
> +	bool
> +	prompt "groupdel"
> +
> +config SHADOW_GROUPMEMS
> +	bool
> +	prompt "groupmems"
> +
> +config SHADOW_GROUPMOD
> +	bool
> +	prompt "groupmod"
> +
> +config SHADOW_GRPCK
> +	bool
> +	prompt "grpck"
> +
> +config SHADOW_GRPCONV
> +	bool
> +	prompt "grpconv"
> +
> +config SHADOW_GRPUNCONV
> +	bool
> +	prompt "grpunconv"
> +
> +config SHADOW_LOGOUTD
> +	bool
> +	prompt "logoutd"
> +
> +config SHADOW_NEWUSERS
> +	bool
> +	prompt "newusers"
> +
> +config SHADOW_NOLOGIN
> +	bool
> +	prompt "nologin"
> +
> +config SHADOW_PWCK
> +	bool
> +	prompt "pwck"
> +
> +config SHADOW_PWCONV
> +	bool
> +	prompt "pwconv"
> +
> +config SHADOW_PWUNCONV
> +	bool
> +	prompt "pwunconv"
> +
> +config SHADOW_USERADD
> +	bool
> +	prompt "useradd"
> +
> +config SHADOW_USERDEL
> +	bool
> +	prompt "userdel"
> +
> +config SHADOW_USERMOD
> +	bool
> +	prompt "usermod"
> +
> +config SHADOW_VIPW
> +	bool
> +	prompt "vipw"
> +
> +config SHADOW_CHAGE
> +	bool
> +	prompt "chage"
> +
> +config SHADOW_CHFN
> +	bool
> +	prompt "chfn"
> +
> +config SHADOW_CHSH
> +	bool
> +	prompt "chsh"
> +
> +config SHADOW_EXPIRY
> +	bool
> +	prompt "expiry"
> +
> +config SHADOW_FAILLOG
> +	bool
> +	prompt "faillog"
> +
> +config SHADOW_GPASSWD
> +	bool
> +	prompt "gpasswd"
> +
> +config SHADOW_GROUPS
> +	bool
> +	prompt "groups"
> +
> +config SHADOW_LASTLOG
> +	bool
> +	prompt "lastlog"
> +
> +config SHADOW_LOGIN
> +	bool
> +	prompt "login"
> +
> +config SHADOW_NEWGIDMAP
> +	bool
> +	prompt "newgidmap"
> +
> +config SHADOW_NEWGRP
> +	bool
> +	prompt "newgrp"
> +
> +config SHADOW_NEWUIDMAP
> +	bool
> +	prompt "newuidmap"
> +
> +config SHADOW_PASSWD
> +	bool
> +	prompt "passwd"
> +
> +config SHADOW_SU
> +	bool
> +	prompt "su"

Hmmm, I thinks this package is only used for 'bigger' systems, right? I
expect that these binaries are pretty small, so maybe just install them
unconditionally, or maybe two groups:
- tools that are used at runtime that don't modify things, such as
  'login', 'su', etc.
- tools that change the configuration, such as 'groupadd' etc.

> +
> +endif
> diff --git a/rules/shadow.make b/rules/shadow.make
> new file mode 100644
> index 000000000..d969adcd0
> --- /dev/null
> +++ b/rules/shadow.make
> @@ -0,0 +1,157 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_SHADOW) += shadow
> +
> +#
> +# Paths and names
> +#
> +SHADOW_VERSION	:= 4.6
> +SHADOW_MD5	:= b491fecbf1232632c32ff8f1437fd60e
> +SHADOW		:= shadow-$(SHADOW_VERSION)
> +SHADOW_SUFFIX	:= tar.xz
> +SHADOW_URL	:= https://github.com/shadow-maint/shadow/releases/download/$(SHADOW_VERSION)/$(SHADOW).$(SHADOW_SUFFIX)
> +SHADOW_SOURCE	:= $(SRCDIR)/$(SHADOW).$(SHADOW_SUFFIX)
> +SHADOW_DIR	:= $(BUILDDIR)/$(SHADOW)
> +SHADOW_LICENSE	:= BSD-3-Clause
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +SHADOW_CONF_TOOL	:= autoconf
> +SHADOW_CONF_OPT		:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	--bindir=/usr/bin \
> +	--sbindir=/usr/sbin \
> +	$(GLOBAL_LARGE_FILE_OPTION) \
> +	--enable-shadowgrp \
> +	--disable-man \
> +	--$(call ptx/endis, PTXCONF_GLOBAL_PAM)-account-tools-setuid \
> +	--disable-utmpx \
> +	--enable-subordinate-ids \
> +	--disable-nls \
> +	--disable-rpath \
> +	--without-audit \
> +	--$(call ptx/wwo, PTXCONF_GLOBAL_PAM)-libpam \
> +	--$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \
> +	--without-acl \
> +  	--without-attr \
> +	--without-skey \
> +	--without-tcb \
> +	--without-libcrack \
> +	--with-sha-crypt \
> +  	--without-nscd
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +SHADOW_PROGS_TARGET_y				:=
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHGPASSWD)	+= chgpasswd
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHPASSWD)	+= chpasswd
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPADD)	+= groupadd
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPDEL)	+= groupdel
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMEMS)	+= groupmems
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMOD)	+= groupmod
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCK)	+= grpck
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCONV)	+= grpconv
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPUNCONV)	+= grpunconv
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_LOGOUTD)	+= logoutd
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NEWUSERS)	+= newusers
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NOLOGIN)	+= nologin
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCK)	+= pwck
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCONV)	+= pwconv
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWUNCONV)	+= pwunconv
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERADD)	+= useradd
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERDEL)	+= userdel
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERMOD)	+= usermod
> +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_VIPW)	+= vipw
> +
> +SHADOW_PERMS := $(if $(strip $(GPSD_PROGS-y)),4755,0755)
> +
> +$(STATEDIR)/shadow.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, shadow)
> +	@$(call install_fixup, shadow,PRIORITY,optional)
> +	@$(call install_fixup, shadow,SECTION,base)
> +	@$(call install_fixup, shadow,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
> +	@$(call install_fixup, shadow,DESCRIPTION,missing)
> +ifdef PTXCONF_SHADOW_CHAGE
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chage)
> +endif
> +ifdef PTXCONF_SHADOW_CHFN
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chfn)
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chfn)
> +endif
> +ifdef PTXCONF_SHADOW_CHSH
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chsh)
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chsh)
> +endif
> +ifdef PTXCONF_SHADOW_EXPIRY
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/expiry)
> +endif
> +ifdef PTXCONF_SHADOW_FAILLOG
> +	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/faillog)
> +endif
> +ifdef PTXCONF_SHADOW_GPASSWD
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/gpasswd)
> +endif
> +ifdef PTXCONF_SHADOW_GROUPS
> +	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/groups)
> +endif
> +ifdef PTXCONF_SHADOW_LASTLOG
> +	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/lastlog)
> +endif
> +ifdef PTXCONF_SHADOW_LOGIN
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/login.defs)
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/login)
> +	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/login)
> +endif
> +ifdef PTXCONF_SHADOW_NEWGIDMAP
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgidmap)
> +endif
> +ifdef PTXCONF_SHADOW_NEWGRP
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgrp)
> +	@$(call install_link, shadow, newgrp, /usr/bin/sg)
> +endif
> +ifdef PTXCONF_SHADOW_NEWUIDMAP
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newuidmap)
> +endif
> +ifdef PTXCONF_SHADOW_PASSWD
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/passwd)
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/passwd)
> +endif
> +ifdef PTXCONF_SHADOW_SU
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/su)
> +	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/su)
> +endif
> +	@$(foreach prog, $(SHADOW_PROGS_TARGET_y), \
> +		$(call install_copy, shadow, 0, 0, 0755, -, \
> +			/usr/sbin/$(prog));)
> +ifdef PTXCONF_SHADOW_VIPW
> +	@$(call install_link, shadow, vipw, /usr/sbin/wigr)
> +endif

Maybe use a foreach loop for the binaries?

Michael

> +ifdef PTXCONF_SHADOW_USERADD
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/default/useradd)
> +endif
> +ifdef PTXCONF_SHADOW_GROUPMEMS
> +	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/groupmems)
> +endif
> +	@$(call install_finish, shadow)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 2.24.0
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de