* [ptxdist] [RFC 0/2] PAM @ 2019-11-26 22:44 Ladislav Michl 2019-11-26 22:45 ` [ptxdist] [RFC 1/2] pam: new package Ladislav Michl 2019-11-26 22:47 ` [ptxdist] [RFC 2/2] util-linux: enable login Ladislav Michl 0 siblings, 2 replies; 7+ messages in thread From: Ladislav Michl @ 2019-11-26 22:44 UTC (permalink / raw) To: ptxdist Hi there! Recently I found that for some projects the only remaining utility I'm using from busybox is login. And that there is no alternative. Until now... But as util-linux' login needs PAM and PAM is pretty complex comparing to busybox login I suggest incremental approach. You can find basic support in two patches (well RFCs) sent as a reply to this mail. Later we can introduce GLOBAL_PAM_OPTION (similar to GLOBAL_SELINUX_OPTION) and make packages use it - brief list is: cifs-utils, cups, ecryptfs-utils, inetutils, libcgroup, lighttpd, lxc, monit, openssh, openvpn, policycoreutils, postgresql, proftpd, pureftpd, samba, strongswan, sudo, systemd, weston and xorg-app-xdm. Comments welcome. Ladislav Michl (2): pam: new package util-linux: enable login rules/libuuid.in | 4 +- rules/pam.in | 11 ++++++ rules/pam.make | 85 ++++++++++++++++++++++++++++++++++++++++ rules/util-linux-ng.in | 11 ++++++ rules/util-linux-ng.make | 5 ++- 5 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 rules/pam.in create mode 100644 rules/pam.make -- 2.24.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* [ptxdist] [RFC 1/2] pam: new package 2019-11-26 22:44 [ptxdist] [RFC 0/2] PAM Ladislav Michl @ 2019-11-26 22:45 ` Ladislav Michl 2020-01-06 10:24 ` Michael Olbrich 2019-11-26 22:47 ` [ptxdist] [RFC 2/2] util-linux: enable login Ladislav Michl 1 sibling, 1 reply; 7+ messages in thread From: Ladislav Michl @ 2019-11-26 22:45 UTC (permalink / raw) To: ptxdist --- rules/pam.in | 11 +++++++ rules/pam.make | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 rules/pam.in create mode 100644 rules/pam.make diff --git a/rules/pam.in b/rules/pam.in new file mode 100644 index 000000000..4af292030 --- /dev/null +++ b/rules/pam.in @@ -0,0 +1,11 @@ +## SECTION=security + +config PAM + tristate + prompt "pam" + select LIBC_CRYPT + select LIBSELINUX if GLOBAL_SELINUX + help + Linux-PAM (Pluggable Authentication Modules for Linux) is a suite + of shared libraries that enable the local system administrator to + choose how applications authenticate users. diff --git a/rules/pam.make b/rules/pam.make new file mode 100644 index 000000000..3b3eafc19 --- /dev/null +++ b/rules/pam.make @@ -0,0 +1,85 @@ +# -*-makefile-*- +# +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org> +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +PACKAGES-$(PTXCONF_PAM) += pam + +# +# Paths and names +# +PAM_VERSION := 1.3.1 +PAM_MD5 := 558ff53b0fc0563ca97f79e911822165 +PAM := Linux-PAM-$(PAM_VERSION) +PAM_SUFFIX := tar.xz +PAM_URL := https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX) +PAM_SOURCE := $(SRCDIR)/$(PAM).$(PAM_SUFFIX) +PAM_DIR := $(BUILDDIR)/$(PAM) +PAM_LICENSE := unknown + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +# +# autoconf +# +PAM_CONF_TOOL := autoconf +PAM_CONF_OPT := \ + $(CROSS_AUTOCONF_USR) \ + $(GLOBAL_LARGE_FILE_OPTION) \ + --disable-lckpwdf \ + --disable-cracklib \ + --disable-audit \ + --enable-db=no \ + --disable-nis \ + $(GLOBAL_SELINUX_OPTION) \ + --disable-regenerate-docu \ + --disable-nls \ + --disable-rpath + +# ---------------------------------------------------------------------------- +# Install +# ---------------------------------------------------------------------------- + +$(STATEDIR)/pam.install: + @$(call targetinfo) + @$(call world/install, PAM) + @install -vD -m 0644 $(PAM_DIR)/conf/pam.conf \ + $(PAM_PKGDIR)/etc/pam.conf + @$(call touch) + +# ---------------------------------------------------------------------------- +# Target-Install +# ---------------------------------------------------------------------------- + +$(STATEDIR)/pam.targetinstall: + @$(call targetinfo) + + @$(call install_init, pam) + @$(call install_fixup, pam,PRIORITY,optional) + @$(call install_fixup, pam,SECTION,base) + @$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>") + @$(call install_fixup, pam,DESCRIPTION,missing) + + @$(call install_lib, pam, 0, 0, 0644, libpamc) + @$(call install_lib, pam, 0, 0, 0644, libpam_misc) + @$(call install_lib, pam, 0, 0, 0644, libpam) + + @$(call install_tree, pam, 0, 0, -, /usr/lib/security) + + @$(call install_alternative, pam, 0, 0, 0644, /etc/pam.conf) + @$(call install_alternative, pam, 0, 0, 0644, /etc/environment) + @$(call install_alternative_tree, pam, 0, 0, /etc/security) + + @$(call install_finish, pam) + + @$(call touch) + +# vim: syntax=make -- 2.24.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ptxdist] [RFC 1/2] pam: new package 2019-11-26 22:45 ` [ptxdist] [RFC 1/2] pam: new package Ladislav Michl @ 2020-01-06 10:24 ` Michael Olbrich 0 siblings, 0 replies; 7+ messages in thread From: Michael Olbrich @ 2020-01-06 10:24 UTC (permalink / raw) To: ptxdist On Tue, Nov 26, 2019 at 11:45:30PM +0100, Ladislav Michl wrote: > --- > rules/pam.in | 11 +++++++ > rules/pam.make | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 96 insertions(+) > create mode 100644 rules/pam.in > create mode 100644 rules/pam.make > > diff --git a/rules/pam.in b/rules/pam.in > new file mode 100644 > index 000000000..4af292030 > --- /dev/null > +++ b/rules/pam.in > @@ -0,0 +1,11 @@ > +## SECTION=security > + > +config PAM > + tristate > + prompt "pam" > + select LIBC_CRYPT > + select LIBSELINUX if GLOBAL_SELINUX > + help > + Linux-PAM (Pluggable Authentication Modules for Linux) is a suite > + of shared libraries that enable the local system administrator to > + choose how applications authenticate users. > diff --git a/rules/pam.make b/rules/pam.make > new file mode 100644 > index 000000000..3b3eafc19 > --- /dev/null > +++ b/rules/pam.make > @@ -0,0 +1,85 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2019 by Ladislav Michl <ladis@linux-mips.org> > +# > +# For further information about the PTXdist project and license conditions > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_PAM) += pam > + > +# > +# Paths and names > +# > +PAM_VERSION := 1.3.1 > +PAM_MD5 := 558ff53b0fc0563ca97f79e911822165 > +PAM := Linux-PAM-$(PAM_VERSION) > +PAM_SUFFIX := tar.xz > +PAM_URL := https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX) > +PAM_SOURCE := $(SRCDIR)/$(PAM).$(PAM_SUFFIX) > +PAM_DIR := $(BUILDDIR)/$(PAM) > +PAM_LICENSE := unknown Real license? > + > +# ---------------------------------------------------------------------------- > +# Prepare > +# ---------------------------------------------------------------------------- > + > +# > +# autoconf > +# > +PAM_CONF_TOOL := autoconf > +PAM_CONF_OPT := \ > + $(CROSS_AUTOCONF_USR) \ > + $(GLOBAL_LARGE_FILE_OPTION) \ > + --disable-lckpwdf \ > + --disable-cracklib \ > + --disable-audit \ > + --enable-db=no \ --disable-db ? > + --disable-nis \ > + $(GLOBAL_SELINUX_OPTION) \ > + --disable-regenerate-docu \ > + --disable-nls \ > + --disable-rpath > + > +# ---------------------------------------------------------------------------- > +# Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/pam.install: > + @$(call targetinfo) > + @$(call world/install, PAM) > + @install -vD -m 0644 $(PAM_DIR)/conf/pam.conf \ > + $(PAM_PKGDIR)/etc/pam.conf > + @$(call touch) > + > +# ---------------------------------------------------------------------------- > +# Target-Install > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/pam.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, pam) > + @$(call install_fixup, pam,PRIORITY,optional) > + @$(call install_fixup, pam,SECTION,base) > + @$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>") > + @$(call install_fixup, pam,DESCRIPTION,missing) > + > + @$(call install_lib, pam, 0, 0, 0644, libpamc) > + @$(call install_lib, pam, 0, 0, 0644, libpam_misc) > + @$(call install_lib, pam, 0, 0, 0644, libpam) > + > + @$(call install_tree, pam, 0, 0, -, /usr/lib/security) > + > + @$(call install_alternative, pam, 0, 0, 0644, /etc/pam.conf) > + @$(call install_alternative, pam, 0, 0, 0644, /etc/environment) > + @$(call install_alternative_tree, pam, 0, 0, /etc/security) Hmmm, I'm not sure if install_alternative_tree is a good idea. I think it would be useful, if the files there can be replaced individually. So I think they should be installed individually. Michael > + > + @$(call install_finish, pam) > + > + @$(call touch) > + > +# vim: syntax=make > -- > 2.24.0 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* [ptxdist] [RFC 2/2] util-linux: enable login 2019-11-26 22:44 [ptxdist] [RFC 0/2] PAM Ladislav Michl 2019-11-26 22:45 ` [ptxdist] [RFC 1/2] pam: new package Ladislav Michl @ 2019-11-26 22:47 ` Ladislav Michl 2020-01-06 10:34 ` Michael Olbrich 1 sibling, 1 reply; 7+ messages in thread From: Ladislav Michl @ 2019-11-26 22:47 UTC (permalink / raw) To: ptxdist ...that circular UTIL_LINUX_NG dependency needs to be yet solved... --- rules/libuuid.in | 4 ++-- rules/util-linux-ng.in | 11 +++++++++++ rules/util-linux-ng.make | 5 ++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/rules/libuuid.in b/rules/libuuid.in index f14106044..022e4b39e 100644 --- a/rules/libuuid.in +++ b/rules/libuuid.in @@ -3,8 +3,8 @@ config LIBUUID tristate select VIRTUAL - select UTIL_LINUX_NG - select UTIL_LINUX_NG_LIBUUID +# select UTIL_LINUX_NG +# select UTIL_LINUX_NG_LIBUUID help Helper to select the target packet containing a recent libuuid.so library and its header. diff --git a/rules/util-linux-ng.in b/rules/util-linux-ng.in index 4f230bc60..81e11b287 100644 --- a/rules/util-linux-ng.in +++ b/rules/util-linux-ng.in @@ -7,6 +7,7 @@ menuconfig UTIL_LINUX_NG select UTIL_LINUX_NG_LIBBLKID select UTIL_LINUX_NG_LIBUUID if UTIL_LINUX_NG_MKSWAP_UUID select NCURSES if UTIL_LINUX_NG_USES_NCURSES + select PAM if UTIL_LINUX_NG_LOGIN if UTIL_LINUX_NG @@ -441,4 +442,14 @@ config UTIL_LINUX_NG_LSCPU help lscpu shows information about the CPU architecture +config UTIL_LINUX_NG_LOGIN + bool + depends on !BUSYBOX_LOGIN || ALLYES + prompt "login" + help + ... + +comment "BusyBox' login is selected!" + depends on BUSYBOX_LOGIN + endif diff --git a/rules/util-linux-ng.make b/rules/util-linux-ng.make index cda06a4a6..cc09e13d3 100644 --- a/rules/util-linux-ng.make +++ b/rules/util-linux-ng.make @@ -115,7 +115,7 @@ UTIL_LINUX_NG_CONF_OPT := \ --disable-chfn-chsh-password \ --disable-chfn-chsh \ --disable-chsh-only-listed \ - --disable-login \ + --$(call ptx/endis, PTXCONF_UTIL_LINUX_NG_LOGIN)-login \ --disable-login-chown-vcs \ --disable-login-stat-mail \ --disable-nologin \ @@ -312,6 +312,9 @@ endif ifdef PTXCONF_UTIL_LINUX_NG_LSCPU @$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/lscpu) endif +ifdef PTXCONF_UTIL_LINUX_NG_LOGIN + @$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/login) +endif @$(call install_finish, util-linux-ng) -- 2.24.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ptxdist] [RFC 2/2] util-linux: enable login 2019-11-26 22:47 ` [ptxdist] [RFC 2/2] util-linux: enable login Ladislav Michl @ 2020-01-06 10:34 ` Michael Olbrich 2020-01-06 10:57 ` Ladislav Michl 0 siblings, 1 reply; 7+ messages in thread From: Michael Olbrich @ 2020-01-06 10:34 UTC (permalink / raw) To: ptxdist On Tue, Nov 26, 2019 at 11:47:30PM +0100, Ladislav Michl wrote: > ...that circular UTIL_LINUX_NG dependency needs to be yet solved... Maybe drop the selinux support in PAM for now? That should help. All selinux stuff is in staging anyways right now and horribly outdated. Michael > > --- > rules/libuuid.in | 4 ++-- > rules/util-linux-ng.in | 11 +++++++++++ > rules/util-linux-ng.make | 5 ++++- > 3 files changed, 17 insertions(+), 3 deletions(-) > > diff --git a/rules/libuuid.in b/rules/libuuid.in > index f14106044..022e4b39e 100644 > --- a/rules/libuuid.in > +++ b/rules/libuuid.in > @@ -3,8 +3,8 @@ > config LIBUUID > tristate > select VIRTUAL > - select UTIL_LINUX_NG > - select UTIL_LINUX_NG_LIBUUID > +# select UTIL_LINUX_NG > +# select UTIL_LINUX_NG_LIBUUID > help > Helper to select the target packet containing a recent libuuid.so > library and its header. > diff --git a/rules/util-linux-ng.in b/rules/util-linux-ng.in > index 4f230bc60..81e11b287 100644 > --- a/rules/util-linux-ng.in > +++ b/rules/util-linux-ng.in > @@ -7,6 +7,7 @@ menuconfig UTIL_LINUX_NG > select UTIL_LINUX_NG_LIBBLKID > select UTIL_LINUX_NG_LIBUUID if UTIL_LINUX_NG_MKSWAP_UUID > select NCURSES if UTIL_LINUX_NG_USES_NCURSES > + select PAM if UTIL_LINUX_NG_LOGIN > > if UTIL_LINUX_NG > > @@ -441,4 +442,14 @@ config UTIL_LINUX_NG_LSCPU > help > lscpu shows information about the CPU architecture > > +config UTIL_LINUX_NG_LOGIN > + bool > + depends on !BUSYBOX_LOGIN || ALLYES > + prompt "login" > + help > + ... > + > +comment "BusyBox' login is selected!" > + depends on BUSYBOX_LOGIN > + > endif > diff --git a/rules/util-linux-ng.make b/rules/util-linux-ng.make > index cda06a4a6..cc09e13d3 100644 > --- a/rules/util-linux-ng.make > +++ b/rules/util-linux-ng.make > @@ -115,7 +115,7 @@ UTIL_LINUX_NG_CONF_OPT := \ > --disable-chfn-chsh-password \ > --disable-chfn-chsh \ > --disable-chsh-only-listed \ > - --disable-login \ > + --$(call ptx/endis, PTXCONF_UTIL_LINUX_NG_LOGIN)-login \ > --disable-login-chown-vcs \ > --disable-login-stat-mail \ > --disable-nologin \ > @@ -312,6 +312,9 @@ endif > ifdef PTXCONF_UTIL_LINUX_NG_LSCPU > @$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/lscpu) > endif > +ifdef PTXCONF_UTIL_LINUX_NG_LOGIN > + @$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/login) > +endif > > @$(call install_finish, util-linux-ng) > > -- > 2.24.0 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ptxdist] [RFC 2/2] util-linux: enable login 2020-01-06 10:34 ` Michael Olbrich @ 2020-01-06 10:57 ` Ladislav Michl 2020-01-06 11:08 ` Michael Olbrich 0 siblings, 1 reply; 7+ messages in thread From: Ladislav Michl @ 2020-01-06 10:57 UTC (permalink / raw) To: ptxdist On Mon, Jan 06, 2020 at 11:34:08AM +0100, Michael Olbrich wrote: > On Tue, Nov 26, 2019 at 11:47:30PM +0100, Ladislav Michl wrote: > > ...that circular UTIL_LINUX_NG dependency needs to be yet solved... > > Maybe drop the selinux support in PAM for now? That should help. All > selinux stuff is in staging anyways right now and horribly outdated. Well, I actually did that in later revision. But as I also updated selinux to recent version, this question bumped up again :) Also note, that all those patches - even their later versions sent to the list are still experimental - unfinished and released to get more feedback. Consider them as ask for a usecase. ladis _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ptxdist] [RFC 2/2] util-linux: enable login 2020-01-06 10:57 ` Ladislav Michl @ 2020-01-06 11:08 ` Michael Olbrich 0 siblings, 0 replies; 7+ messages in thread From: Michael Olbrich @ 2020-01-06 11:08 UTC (permalink / raw) To: ptxdist On Mon, Jan 06, 2020 at 11:57:42AM +0100, Ladislav Michl wrote: > On Mon, Jan 06, 2020 at 11:34:08AM +0100, Michael Olbrich wrote: > > On Tue, Nov 26, 2019 at 11:47:30PM +0100, Ladislav Michl wrote: > > > ...that circular UTIL_LINUX_NG dependency needs to be yet solved... > > > > Maybe drop the selinux support in PAM for now? That should help. All > > selinux stuff is in staging anyways right now and horribly outdated. > > Well, I actually did that in later revision. But as I also updated > selinux to recent version, this question bumped up again :) I just noticed that myself. I'm still catching up with my mail backlog... > Also note, that all those patches - even their later versions sent > to the list are still experimental - unfinished and released to > get more feedback. Consider them as ask for a usecase. ok. Michael -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-01-06 11:08 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-11-26 22:44 [ptxdist] [RFC 0/2] PAM Ladislav Michl 2019-11-26 22:45 ` [ptxdist] [RFC 1/2] pam: new package Ladislav Michl 2020-01-06 10:24 ` Michael Olbrich 2019-11-26 22:47 ` [ptxdist] [RFC 2/2] util-linux: enable login Ladislav Michl 2020-01-06 10:34 ` Michael Olbrich 2020-01-06 10:57 ` Ladislav Michl 2020-01-06 11:08 ` Michael Olbrich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox