* [ptxdist] [PATCH 0/4] PAM
@ 2019-12-10 20:08 Ladislav Michl
2019-12-10 20:09 ` [ptxdist] [PATCH 1/4] pam: new package Ladislav Michl
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Ladislav Michl @ 2019-12-10 20:08 UTC (permalink / raw)
To: ptxdist
Hi there!
Recently I found that for some projects the only remaining utility
I'm using from busybox is login. And that there is no alternative.
Until now... And now you can choose between Busybox' login, util-linux'
login and shadow-utils' login. And yes, we'll need some clever way
to prevent conflicts.
This time GLOBAL_PAM_OPTION was introduced and we are using it, but
there's more to do: cifs-utils, cups, ecryptfs-utils, inetutils,
libcgroup, lighttpd, lxc, monit, openssh, openvpn, policycoreutils,
postgresql, proftpd, pureftpd, samba, strongswan, sudo, systemd,
weston and xorg-app-xdm.
Above packages could be easily modified once someone feels need to
do so.
This patchset enables you to build decent desktop distribution
for your favourite machine you might found in garage, but there's
still common PAM policy missing. That's why my BSP still contains:
$ cat projectroot/etc/pam.d/login
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
That circular dependency problem "solved" itself by moving selinux
into staging, so I disabled global selinux option for pam. Let's
see how many people are interested in selinux support in PTXdist -
and applogies for not trying to fix it properly.
Comments welcome.
Ladislav Michl (4):
pam: new package
Introduce global PAM option
util-linux: optionally build login program
shadow: new package
rules/core-pam.in | 8 ++
rules/pam.in | 10 +++
rules/pam.make | 73 ++++++++++++++++++
rules/pre/Rules.make | 6 ++
rules/shadow.in | 148 ++++++++++++++++++++++++++++++++++++
rules/shadow.make | 157 +++++++++++++++++++++++++++++++++++++++
rules/util-linux-ng.in | 16 ++++
rules/util-linux-ng.make | 5 +-
8 files changed, 422 insertions(+), 1 deletion(-)
create mode 100644 rules/core-pam.in
create mode 100644 rules/pam.in
create mode 100644 rules/pam.make
create mode 100644 rules/shadow.in
create mode 100644 rules/shadow.make
--
2.24.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 7+ messages in thread* [ptxdist] [PATCH 1/4] pam: new package 2019-12-10 20:08 [ptxdist] [PATCH 0/4] PAM Ladislav Michl @ 2019-12-10 20:09 ` Ladislav Michl 2020-01-06 11:10 ` Michael Olbrich 2019-12-10 20:09 ` [ptxdist] [PATCH 2/4] Introduce global PAM option Ladislav Michl ` (2 subsequent siblings) 3 siblings, 1 reply; 7+ messages in thread From: Ladislav Michl @ 2019-12-10 20:09 UTC (permalink / raw) To: ptxdist Signed-off-by: Ladislav Michl <ladis@linux-mips.org> --- rules/pam.in | 10 +++++++ rules/pam.make | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 rules/pam.in create mode 100644 rules/pam.make diff --git a/rules/pam.in b/rules/pam.in new file mode 100644 index 000000000..75d5ef42c --- /dev/null +++ b/rules/pam.in @@ -0,0 +1,10 @@ +## SECTION=security + +config PAM + tristate + prompt "PAM" + select LIBC_CRYPT + help + Linux-PAM (Pluggable Authentication Modules for Linux) is a suite + of shared libraries that enable the local system administrator to + choose how applications authenticate users. diff --git a/rules/pam.make b/rules/pam.make new file mode 100644 index 000000000..130744db8 --- /dev/null +++ b/rules/pam.make @@ -0,0 +1,73 @@ +# -*-makefile-*- +# +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org> +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +PACKAGES-$(PTXCONF_PAM) += pam + +# +# Paths and names +# +PAM_VERSION := 1.3.1 +PAM_MD5 := 558ff53b0fc0563ca97f79e911822165 +PAM := Linux-PAM-$(PAM_VERSION) +PAM_SUFFIX := tar.xz +PAM_URL := https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX) +PAM_SOURCE := $(SRCDIR)/$(PAM).$(PAM_SUFFIX) +PAM_DIR := $(BUILDDIR)/$(PAM) +PAM_LICENSE := unknown + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +# +# autoconf +# +PAM_CONF_TOOL := autoconf +PAM_CONF_OPT := \ + $(CROSS_AUTOCONF_USR) \ + $(GLOBAL_LARGE_FILE_OPTION) \ + --disable-lckpwdf \ + --disable-cracklib \ + --disable-audit \ + --enable-db=no \ + --disable-nis \ + --disable-selinux \ + --disable-regenerate-docu \ + --disable-nls \ + --disable-rpath + +# ---------------------------------------------------------------------------- +# Target-Install +# ---------------------------------------------------------------------------- + +$(STATEDIR)/pam.targetinstall: + @$(call targetinfo) + + @$(call install_init, pam) + @$(call install_fixup, pam,PRIORITY,optional) + @$(call install_fixup, pam,SECTION,base) + @$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>") + @$(call install_fixup, pam,DESCRIPTION,missing) + + @$(call install_lib, pam, 0, 0, 0644, libpamc) + @$(call install_lib, pam, 0, 0, 0644, libpam_misc) + @$(call install_lib, pam, 0, 0, 0644, libpam) + + @$(call install_tree, pam, 0, 0, -, /usr/lib/security) + + @$(call install_alternative, pam, 0, 0, 0644, /etc/environment) + @$(call install_alternative_tree, pam, 0, 0, /etc/security) + + @$(call install_finish, pam) + + @$(call touch) + +# vim: syntax=make -- 2.24.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ptxdist] [PATCH 1/4] pam: new package 2019-12-10 20:09 ` [ptxdist] [PATCH 1/4] pam: new package Ladislav Michl @ 2020-01-06 11:10 ` Michael Olbrich 0 siblings, 0 replies; 7+ messages in thread From: Michael Olbrich @ 2020-01-06 11:10 UTC (permalink / raw) To: ptxdist On Tue, Dec 10, 2019 at 09:09:05PM +0100, Ladislav Michl wrote: > Signed-off-by: Ladislav Michl <ladis@linux-mips.org> See my comments for the last version. Michael > --- > rules/pam.in | 10 +++++++ > rules/pam.make | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 83 insertions(+) > create mode 100644 rules/pam.in > create mode 100644 rules/pam.make > > diff --git a/rules/pam.in b/rules/pam.in > new file mode 100644 > index 000000000..75d5ef42c > --- /dev/null > +++ b/rules/pam.in > @@ -0,0 +1,10 @@ > +## SECTION=security > + > +config PAM > + tristate > + prompt "PAM" > + select LIBC_CRYPT > + help > + Linux-PAM (Pluggable Authentication Modules for Linux) is a suite > + of shared libraries that enable the local system administrator to > + choose how applications authenticate users. > diff --git a/rules/pam.make b/rules/pam.make > new file mode 100644 > index 000000000..130744db8 > --- /dev/null > +++ b/rules/pam.make > @@ -0,0 +1,73 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org> > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_PAM) += pam > + > +# > +# Paths and names > +# > +PAM_VERSION := 1.3.1 > +PAM_MD5 := 558ff53b0fc0563ca97f79e911822165 > +PAM := Linux-PAM-$(PAM_VERSION) > +PAM_SUFFIX := tar.xz > +PAM_URL := https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX) > +PAM_SOURCE := $(SRCDIR)/$(PAM).$(PAM_SUFFIX) > +PAM_DIR := $(BUILDDIR)/$(PAM) > +PAM_LICENSE := unknown > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +# > +# autoconf > +# > +PAM_CONF_TOOL := autoconf > +PAM_CONF_OPT := \ > + $(CROSS_AUTOCONF_USR) \ > + $(GLOBAL_LARGE_FILE_OPTION) \ > + --disable-lckpwdf \ > + --disable-cracklib \ > + --disable-audit \ > + --enable-db=no \ > + --disable-nis \ > + --disable-selinux \ > + --disable-regenerate-docu \ > + --disable-nls \ > + --disable-rpath > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/pam.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, pam) > + @$(call install_fixup, pam,PRIORITY,optional) > + @$(call install_fixup, pam,SECTION,base) > + @$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>") > + @$(call install_fixup, pam,DESCRIPTION,missing) > + > + @$(call install_lib, pam, 0, 0, 0644, libpamc) > + @$(call install_lib, pam, 0, 0, 0644, libpam_misc) > + @$(call install_lib, pam, 0, 0, 0644, libpam) > + > + @$(call install_tree, pam, 0, 0, -, /usr/lib/security) > + > + @$(call install_alternative, pam, 0, 0, 0644, /etc/environment) > + @$(call install_alternative_tree, pam, 0, 0, /etc/security) > + > + @$(call install_finish, pam) > + > + @$(call touch) > + > +# vim: syntax=make > -- > 2.24.0 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* [ptxdist] [PATCH 2/4] Introduce global PAM option 2019-12-10 20:08 [ptxdist] [PATCH 0/4] PAM Ladislav Michl 2019-12-10 20:09 ` [ptxdist] [PATCH 1/4] pam: new package Ladislav Michl @ 2019-12-10 20:09 ` Ladislav Michl 2019-12-10 20:10 ` [ptxdist] [PATCH 3/4] util-linux: optionally build login program Ladislav Michl 2019-12-10 20:11 ` [ptxdist] [PATCH 4/4] shadow: new package Ladislav Michl 3 siblings, 0 replies; 7+ messages in thread From: Ladislav Michl @ 2019-12-10 20:09 UTC (permalink / raw) To: ptxdist Signed-off-by: Ladislav Michl <ladis@linux-mips.org> --- rules/core-pam.in | 8 ++++++++ rules/pre/Rules.make | 6 ++++++ 2 files changed, 14 insertions(+) create mode 100644 rules/core-pam.in diff --git a/rules/core-pam.in b/rules/core-pam.in new file mode 100644 index 000000000..0e2c983a5 --- /dev/null +++ b/rules/core-pam.in @@ -0,0 +1,8 @@ +## SECTION=core + +config GLOBAL_PAM + bool + prompt "PAM support" + help + This will enable PAM for all packages with optional + PAM support. diff --git a/rules/pre/Rules.make b/rules/pre/Rules.make index 2924c8d34..64093ddc5 100644 --- a/rules/pre/Rules.make +++ b/rules/pre/Rules.make @@ -271,6 +271,12 @@ else GLOBAL_LARGE_FILE_OPTION := --disable-largefile endif +ifdef PTXCONF_GLOBAL_PAM +GLOBAL_PAM_OPTION := --enable-pam +else +GLOBAL_PAM_OPTION := --disable-pam +endif + ifdef PTXCONF_GLOBAL_SELINUX GLOBAL_SELINUX_OPTION := --enable-selinux else -- 2.24.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* [ptxdist] [PATCH 3/4] util-linux: optionally build login program 2019-12-10 20:08 [ptxdist] [PATCH 0/4] PAM Ladislav Michl 2019-12-10 20:09 ` [ptxdist] [PATCH 1/4] pam: new package Ladislav Michl 2019-12-10 20:09 ` [ptxdist] [PATCH 2/4] Introduce global PAM option Ladislav Michl @ 2019-12-10 20:10 ` Ladislav Michl 2019-12-10 20:11 ` [ptxdist] [PATCH 4/4] shadow: new package Ladislav Michl 3 siblings, 0 replies; 7+ messages in thread From: Ladislav Michl @ 2019-12-10 20:10 UTC (permalink / raw) To: ptxdist Signed-off-by: Ladislav Michl <ladis@linux-mips.org> --- rules/util-linux-ng.in | 16 ++++++++++++++++ rules/util-linux-ng.make | 5 ++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/rules/util-linux-ng.in b/rules/util-linux-ng.in index 4f230bc60..1178cbfff 100644 --- a/rules/util-linux-ng.in +++ b/rules/util-linux-ng.in @@ -7,6 +7,7 @@ menuconfig UTIL_LINUX_NG select UTIL_LINUX_NG_LIBBLKID select UTIL_LINUX_NG_LIBUUID if UTIL_LINUX_NG_MKSWAP_UUID select NCURSES if UTIL_LINUX_NG_USES_NCURSES + select PAM if UTIL_LINUX_NG_USES_PAM if UTIL_LINUX_NG @@ -32,6 +33,9 @@ config UTIL_LINUX_NG_FDISKS config UTIL_LINUX_NG_USES_NCURSES bool +config UTIL_LINUX_NG_USES_PAM + bool + config UTIL_LINUX_NG_PARTX_TOOLS select UTIL_LINUX_NG_LIBBLKID select UTIL_LINUX_NG_LIBSMARTCOLS @@ -441,4 +445,16 @@ config UTIL_LINUX_NG_LSCPU help lscpu shows information about the CPU architecture +config UTIL_LINUX_NG_LOGIN + bool + select UTIL_LINUX_NG_USES_PAM + depends on GLOBAL_PAM && (!BUSYBOX_LOGIN || ALLYES) + prompt "login" + help + The login program is used to establish a new session with + the system. + +comment "BusyBox' login is selected!" + depends on BUSYBOX_LOGIN + endif diff --git a/rules/util-linux-ng.make b/rules/util-linux-ng.make index cda06a4a6..cc09e13d3 100644 --- a/rules/util-linux-ng.make +++ b/rules/util-linux-ng.make @@ -115,7 +115,7 @@ UTIL_LINUX_NG_CONF_OPT := \ --disable-chfn-chsh-password \ --disable-chfn-chsh \ --disable-chsh-only-listed \ - --disable-login \ + --$(call ptx/endis, PTXCONF_UTIL_LINUX_NG_LOGIN)-login \ --disable-login-chown-vcs \ --disable-login-stat-mail \ --disable-nologin \ @@ -312,6 +312,9 @@ endif ifdef PTXCONF_UTIL_LINUX_NG_LSCPU @$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/lscpu) endif +ifdef PTXCONF_UTIL_LINUX_NG_LOGIN + @$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/login) +endif @$(call install_finish, util-linux-ng) -- 2.24.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* [ptxdist] [PATCH 4/4] shadow: new package 2019-12-10 20:08 [ptxdist] [PATCH 0/4] PAM Ladislav Michl ` (2 preceding siblings ...) 2019-12-10 20:10 ` [ptxdist] [PATCH 3/4] util-linux: optionally build login program Ladislav Michl @ 2019-12-10 20:11 ` Ladislav Michl 2020-01-06 11:15 ` Michael Olbrich 3 siblings, 1 reply; 7+ messages in thread From: Ladislav Michl @ 2019-12-10 20:11 UTC (permalink / raw) To: ptxdist Signed-off-by: Ladislav Michl <ladis@linux-mips.org> --- rules/shadow.in | 148 +++++++++++++++++++++++++++++++++++++++++++ rules/shadow.make | 157 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 305 insertions(+) create mode 100644 rules/shadow.in create mode 100644 rules/shadow.make diff --git a/rules/shadow.in b/rules/shadow.in new file mode 100644 index 000000000..d2fbbb478 --- /dev/null +++ b/rules/shadow.in @@ -0,0 +1,148 @@ +## SECTION=shell_and_console + +menuconfig SHADOW + tristate + depends on GLOBAL_PAM + select LIBC_CRYPT + select LIBSELINUX if GLOBAL_SELINUX + select PAM + prompt "shadow " + help + Password and account management tool suite with support + for shadow files and PAM. + +if SHADOW + +config SHADOW_CHGPASSWD + bool + prompt "chgpasswd" + +config SHADOW_CHPASSWD + bool + prompt "chpasswd" + +config SHADOW_GROUPADD + bool + prompt "groupadd" + +config SHADOW_GROUPDEL + bool + prompt "groupdel" + +config SHADOW_GROUPMEMS + bool + prompt "groupmems" + +config SHADOW_GROUPMOD + bool + prompt "groupmod" + +config SHADOW_GRPCK + bool + prompt "grpck" + +config SHADOW_GRPCONV + bool + prompt "grpconv" + +config SHADOW_GRPUNCONV + bool + prompt "grpunconv" + +config SHADOW_LOGOUTD + bool + prompt "logoutd" + +config SHADOW_NEWUSERS + bool + prompt "newusers" + +config SHADOW_NOLOGIN + bool + prompt "nologin" + +config SHADOW_PWCK + bool + prompt "pwck" + +config SHADOW_PWCONV + bool + prompt "pwconv" + +config SHADOW_PWUNCONV + bool + prompt "pwunconv" + +config SHADOW_USERADD + bool + prompt "useradd" + +config SHADOW_USERDEL + bool + prompt "userdel" + +config SHADOW_USERMOD + bool + prompt "usermod" + +config SHADOW_VIPW + bool + prompt "vipw" + +config SHADOW_CHAGE + bool + prompt "chage" + +config SHADOW_CHFN + bool + prompt "chfn" + +config SHADOW_CHSH + bool + prompt "chsh" + +config SHADOW_EXPIRY + bool + prompt "expiry" + +config SHADOW_FAILLOG + bool + prompt "faillog" + +config SHADOW_GPASSWD + bool + prompt "gpasswd" + +config SHADOW_GROUPS + bool + prompt "groups" + +config SHADOW_LASTLOG + bool + prompt "lastlog" + +config SHADOW_LOGIN + bool + prompt "login" + +config SHADOW_NEWGIDMAP + bool + prompt "newgidmap" + +config SHADOW_NEWGRP + bool + prompt "newgrp" + +config SHADOW_NEWUIDMAP + bool + prompt "newuidmap" + +config SHADOW_PASSWD + bool + prompt "passwd" + +config SHADOW_SU + bool + prompt "su" + +endif diff --git a/rules/shadow.make b/rules/shadow.make new file mode 100644 index 000000000..d969adcd0 --- /dev/null +++ b/rules/shadow.make @@ -0,0 +1,157 @@ +# -*-makefile-*- +# +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org> +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +PACKAGES-$(PTXCONF_SHADOW) += shadow + +# +# Paths and names +# +SHADOW_VERSION := 4.6 +SHADOW_MD5 := b491fecbf1232632c32ff8f1437fd60e +SHADOW := shadow-$(SHADOW_VERSION) +SHADOW_SUFFIX := tar.xz +SHADOW_URL := https://github.com/shadow-maint/shadow/releases/download/$(SHADOW_VERSION)/$(SHADOW).$(SHADOW_SUFFIX) +SHADOW_SOURCE := $(SRCDIR)/$(SHADOW).$(SHADOW_SUFFIX) +SHADOW_DIR := $(BUILDDIR)/$(SHADOW) +SHADOW_LICENSE := BSD-3-Clause + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +# +# autoconf +# +SHADOW_CONF_TOOL := autoconf +SHADOW_CONF_OPT := \ + $(CROSS_AUTOCONF_USR) \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + $(GLOBAL_LARGE_FILE_OPTION) \ + --enable-shadowgrp \ + --disable-man \ + --$(call ptx/endis, PTXCONF_GLOBAL_PAM)-account-tools-setuid \ + --disable-utmpx \ + --enable-subordinate-ids \ + --disable-nls \ + --disable-rpath \ + --without-audit \ + --$(call ptx/wwo, PTXCONF_GLOBAL_PAM)-libpam \ + --$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \ + --without-acl \ + --without-attr \ + --without-skey \ + --without-tcb \ + --without-libcrack \ + --with-sha-crypt \ + --without-nscd + +# ---------------------------------------------------------------------------- +# Target-Install +# ---------------------------------------------------------------------------- + +SHADOW_PROGS_TARGET_y := +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHGPASSWD) += chgpasswd +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHPASSWD) += chpasswd +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPADD) += groupadd +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPDEL) += groupdel +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMEMS) += groupmems +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMOD) += groupmod +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCK) += grpck +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCONV) += grpconv +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPUNCONV) += grpunconv +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_LOGOUTD) += logoutd +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NEWUSERS) += newusers +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NOLOGIN) += nologin +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCK) += pwck +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCONV) += pwconv +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWUNCONV) += pwunconv +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERADD) += useradd +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERDEL) += userdel +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERMOD) += usermod +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_VIPW) += vipw + +SHADOW_PERMS := $(if $(strip $(GPSD_PROGS-y)),4755,0755) + +$(STATEDIR)/shadow.targetinstall: + @$(call targetinfo) + + @$(call install_init, shadow) + @$(call install_fixup, shadow,PRIORITY,optional) + @$(call install_fixup, shadow,SECTION,base) + @$(call install_fixup, shadow,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>") + @$(call install_fixup, shadow,DESCRIPTION,missing) +ifdef PTXCONF_SHADOW_CHAGE + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chage) +endif +ifdef PTXCONF_SHADOW_CHFN + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chfn) + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chfn) +endif +ifdef PTXCONF_SHADOW_CHSH + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chsh) + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chsh) +endif +ifdef PTXCONF_SHADOW_EXPIRY + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/expiry) +endif +ifdef PTXCONF_SHADOW_FAILLOG + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/faillog) +endif +ifdef PTXCONF_SHADOW_GPASSWD + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/gpasswd) +endif +ifdef PTXCONF_SHADOW_GROUPS + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/groups) +endif +ifdef PTXCONF_SHADOW_LASTLOG + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/lastlog) +endif +ifdef PTXCONF_SHADOW_LOGIN + @$(call install_alternative, shadow, 0, 0, 0644, /etc/login.defs) + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/login) + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/login) +endif +ifdef PTXCONF_SHADOW_NEWGIDMAP + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgidmap) +endif +ifdef PTXCONF_SHADOW_NEWGRP + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgrp) + @$(call install_link, shadow, newgrp, /usr/bin/sg) +endif +ifdef PTXCONF_SHADOW_NEWUIDMAP + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newuidmap) +endif +ifdef PTXCONF_SHADOW_PASSWD + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/passwd) + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/passwd) +endif +ifdef PTXCONF_SHADOW_SU + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/su) + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/su) +endif + @$(foreach prog, $(SHADOW_PROGS_TARGET_y), \ + $(call install_copy, shadow, 0, 0, 0755, -, \ + /usr/sbin/$(prog));) +ifdef PTXCONF_SHADOW_VIPW + @$(call install_link, shadow, vipw, /usr/sbin/wigr) +endif +ifdef PTXCONF_SHADOW_USERADD + @$(call install_alternative, shadow, 0, 0, 0644, /etc/default/useradd) +endif +ifdef PTXCONF_SHADOW_GROUPMEMS + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/groupmems) +endif + @$(call install_finish, shadow) + + @$(call touch) + +# vim: syntax=make -- 2.24.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ptxdist] [PATCH 4/4] shadow: new package 2019-12-10 20:11 ` [ptxdist] [PATCH 4/4] shadow: new package Ladislav Michl @ 2020-01-06 11:15 ` Michael Olbrich 0 siblings, 0 replies; 7+ messages in thread From: Michael Olbrich @ 2020-01-06 11:15 UTC (permalink / raw) To: ptxdist On Tue, Dec 10, 2019 at 09:11:28PM +0100, Ladislav Michl wrote: > Signed-off-by: Ladislav Michl <ladis@linux-mips.org> > --- > rules/shadow.in | 148 +++++++++++++++++++++++++++++++++++++++++++ > rules/shadow.make | 157 ++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 305 insertions(+) > create mode 100644 rules/shadow.in > create mode 100644 rules/shadow.make > > diff --git a/rules/shadow.in b/rules/shadow.in > new file mode 100644 > index 000000000..d2fbbb478 > --- /dev/null > +++ b/rules/shadow.in > @@ -0,0 +1,148 @@ > +## SECTION=shell_and_console > + > +menuconfig SHADOW > + tristate > + depends on GLOBAL_PAM > + select LIBC_CRYPT > + select LIBSELINUX if GLOBAL_SELINUX > + select PAM > + prompt "shadow " > + help > + Password and account management tool suite with support > + for shadow files and PAM. > + > +if SHADOW > + > +config SHADOW_CHGPASSWD > + bool > + prompt "chgpasswd" > + > +config SHADOW_CHPASSWD > + bool > + prompt "chpasswd" > + > +config SHADOW_GROUPADD > + bool > + prompt "groupadd" > + > +config SHADOW_GROUPDEL > + bool > + prompt "groupdel" > + > +config SHADOW_GROUPMEMS > + bool > + prompt "groupmems" > + > +config SHADOW_GROUPMOD > + bool > + prompt "groupmod" > + > +config SHADOW_GRPCK > + bool > + prompt "grpck" > + > +config SHADOW_GRPCONV > + bool > + prompt "grpconv" > + > +config SHADOW_GRPUNCONV > + bool > + prompt "grpunconv" > + > +config SHADOW_LOGOUTD > + bool > + prompt "logoutd" > + > +config SHADOW_NEWUSERS > + bool > + prompt "newusers" > + > +config SHADOW_NOLOGIN > + bool > + prompt "nologin" > + > +config SHADOW_PWCK > + bool > + prompt "pwck" > + > +config SHADOW_PWCONV > + bool > + prompt "pwconv" > + > +config SHADOW_PWUNCONV > + bool > + prompt "pwunconv" > + > +config SHADOW_USERADD > + bool > + prompt "useradd" > + > +config SHADOW_USERDEL > + bool > + prompt "userdel" > + > +config SHADOW_USERMOD > + bool > + prompt "usermod" > + > +config SHADOW_VIPW > + bool > + prompt "vipw" > + > +config SHADOW_CHAGE > + bool > + prompt "chage" > + > +config SHADOW_CHFN > + bool > + prompt "chfn" > + > +config SHADOW_CHSH > + bool > + prompt "chsh" > + > +config SHADOW_EXPIRY > + bool > + prompt "expiry" > + > +config SHADOW_FAILLOG > + bool > + prompt "faillog" > + > +config SHADOW_GPASSWD > + bool > + prompt "gpasswd" > + > +config SHADOW_GROUPS > + bool > + prompt "groups" > + > +config SHADOW_LASTLOG > + bool > + prompt "lastlog" > + > +config SHADOW_LOGIN > + bool > + prompt "login" > + > +config SHADOW_NEWGIDMAP > + bool > + prompt "newgidmap" > + > +config SHADOW_NEWGRP > + bool > + prompt "newgrp" > + > +config SHADOW_NEWUIDMAP > + bool > + prompt "newuidmap" > + > +config SHADOW_PASSWD > + bool > + prompt "passwd" > + > +config SHADOW_SU > + bool > + prompt "su" Hmmm, I thinks this package is only used for 'bigger' systems, right? I expect that these binaries are pretty small, so maybe just install them unconditionally, or maybe two groups: - tools that are used at runtime that don't modify things, such as 'login', 'su', etc. - tools that change the configuration, such as 'groupadd' etc. > + > +endif > diff --git a/rules/shadow.make b/rules/shadow.make > new file mode 100644 > index 000000000..d969adcd0 > --- /dev/null > +++ b/rules/shadow.make > @@ -0,0 +1,157 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org> > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_SHADOW) += shadow > + > +# > +# Paths and names > +# > +SHADOW_VERSION := 4.6 > +SHADOW_MD5 := b491fecbf1232632c32ff8f1437fd60e > +SHADOW := shadow-$(SHADOW_VERSION) > +SHADOW_SUFFIX := tar.xz > +SHADOW_URL := https://github.com/shadow-maint/shadow/releases/download/$(SHADOW_VERSION)/$(SHADOW).$(SHADOW_SUFFIX) > +SHADOW_SOURCE := $(SRCDIR)/$(SHADOW).$(SHADOW_SUFFIX) > +SHADOW_DIR := $(BUILDDIR)/$(SHADOW) > +SHADOW_LICENSE := BSD-3-Clause > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +# > +# autoconf > +# > +SHADOW_CONF_TOOL := autoconf > +SHADOW_CONF_OPT := \ > + $(CROSS_AUTOCONF_USR) \ > + --bindir=/usr/bin \ > + --sbindir=/usr/sbin \ > + $(GLOBAL_LARGE_FILE_OPTION) \ > + --enable-shadowgrp \ > + --disable-man \ > + --$(call ptx/endis, PTXCONF_GLOBAL_PAM)-account-tools-setuid \ > + --disable-utmpx \ > + --enable-subordinate-ids \ > + --disable-nls \ > + --disable-rpath \ > + --without-audit \ > + --$(call ptx/wwo, PTXCONF_GLOBAL_PAM)-libpam \ > + --$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \ > + --without-acl \ > + --without-attr \ > + --without-skey \ > + --without-tcb \ > + --without-libcrack \ > + --with-sha-crypt \ > + --without-nscd > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +SHADOW_PROGS_TARGET_y := > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHGPASSWD) += chgpasswd > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_CHPASSWD) += chpasswd > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPADD) += groupadd > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPDEL) += groupdel > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMEMS) += groupmems > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GROUPMOD) += groupmod > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCK) += grpck > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPCONV) += grpconv > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_GRPUNCONV) += grpunconv > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_LOGOUTD) += logoutd > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NEWUSERS) += newusers > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_NOLOGIN) += nologin > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCK) += pwck > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWCONV) += pwconv > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_PWUNCONV) += pwunconv > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERADD) += useradd > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERDEL) += userdel > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_USERMOD) += usermod > +SHADOW_PROGS_TARGET_$(PTXCONF_SHADOW_VIPW) += vipw > + > +SHADOW_PERMS := $(if $(strip $(GPSD_PROGS-y)),4755,0755) > + > +$(STATEDIR)/shadow.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, shadow) > + @$(call install_fixup, shadow,PRIORITY,optional) > + @$(call install_fixup, shadow,SECTION,base) > + @$(call install_fixup, shadow,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>") > + @$(call install_fixup, shadow,DESCRIPTION,missing) > +ifdef PTXCONF_SHADOW_CHAGE > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chage) > +endif > +ifdef PTXCONF_SHADOW_CHFN > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chfn) > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chfn) > +endif > +ifdef PTXCONF_SHADOW_CHSH > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/chsh) > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/chsh) > +endif > +ifdef PTXCONF_SHADOW_EXPIRY > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/expiry) > +endif > +ifdef PTXCONF_SHADOW_FAILLOG > + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/faillog) > +endif > +ifdef PTXCONF_SHADOW_GPASSWD > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/gpasswd) > +endif > +ifdef PTXCONF_SHADOW_GROUPS > + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/groups) > +endif > +ifdef PTXCONF_SHADOW_LASTLOG > + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/lastlog) > +endif > +ifdef PTXCONF_SHADOW_LOGIN > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/login.defs) > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/login) > + @$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/login) > +endif > +ifdef PTXCONF_SHADOW_NEWGIDMAP > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgidmap) > +endif > +ifdef PTXCONF_SHADOW_NEWGRP > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newgrp) > + @$(call install_link, shadow, newgrp, /usr/bin/sg) > +endif > +ifdef PTXCONF_SHADOW_NEWUIDMAP > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/newuidmap) > +endif > +ifdef PTXCONF_SHADOW_PASSWD > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/passwd) > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/passwd) > +endif > +ifdef PTXCONF_SHADOW_SU > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/su) > + @$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/su) > +endif > + @$(foreach prog, $(SHADOW_PROGS_TARGET_y), \ > + $(call install_copy, shadow, 0, 0, 0755, -, \ > + /usr/sbin/$(prog));) > +ifdef PTXCONF_SHADOW_VIPW > + @$(call install_link, shadow, vipw, /usr/sbin/wigr) > +endif Maybe use a foreach loop for the binaries? Michael > +ifdef PTXCONF_SHADOW_USERADD > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/default/useradd) > +endif > +ifdef PTXCONF_SHADOW_GROUPMEMS > + @$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/groupmems) > +endif > + @$(call install_finish, shadow) > + > + @$(call touch) > + > +# vim: syntax=make > -- > 2.24.0 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-01-06 11:15 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-12-10 20:08 [ptxdist] [PATCH 0/4] PAM Ladislav Michl 2019-12-10 20:09 ` [ptxdist] [PATCH 1/4] pam: new package Ladislav Michl 2020-01-06 11:10 ` Michael Olbrich 2019-12-10 20:09 ` [ptxdist] [PATCH 2/4] Introduce global PAM option Ladislav Michl 2019-12-10 20:10 ` [ptxdist] [PATCH 3/4] util-linux: optionally build login program Ladislav Michl 2019-12-10 20:11 ` [ptxdist] [PATCH 4/4] shadow: new package Ladislav Michl 2020-01-06 11:15 ` Michael Olbrich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox