[ptxdist] [PATCH v2 0/4] PAM

[ptxdist] [PATCH v2 0/4] PAM

[Ladislav Michl]

Hi there!

Recently I found that for some projects the only remaining utility
I'm using from busybox is login. And that there is no alternative.

Until now... And now you can choose between Busybox' login, util-linux'
login and shadow-utils' login. That said, PTXdist can now build true
desktop disto ;-)

This patchset also introduces GLOBAL_PAM_OPTION and uses it for
new packages, but there's more to do: cifs-utils, cups, ecryptfs-utils,
inetutils, libcgroup, lighttpd, lxc, monit, openssh, openvpn,
policycoreutils, postgresql, proftpd, pureftpd, samba, strongswan,
sudo, systemd, weston and xorg-app-xdm.
Above packages could be easily modified once someone feels need to
do so.

Please note, that no common PAM policy is presented, so you can
use stupid PAM login rule as something to start playing with:
$ cat projectroot/etc/pam.d/login
auth    required        pam_permit.so
account required        pam_permit.so
session required        pam_permit.so

Changelog is provided on per patch basis.

Ladislav Michl (4):
  pam: new package
  Introduce global PAM option
  shadow: new package
  util-linux: optionally build login program

 rules/core-pam.in        |   8 +++
 rules/pam.in             |  10 ++++
 rules/pam.make           |  82 ++++++++++++++++++++++++++
 rules/pre/Rules.make     |   6 ++
 rules/shadow.in          |  26 +++++++++
 rules/shadow.make        | 121 +++++++++++++++++++++++++++++++++++++++
 rules/util-linux-ng.in   |  19 ++++++
 rules/util-linux-ng.make |   5 +-
 8 files changed, 276 insertions(+), 1 deletion(-)
 create mode 100644 rules/core-pam.in
 create mode 100644 rules/pam.in
 create mode 100644 rules/pam.make
 create mode 100644 rules/shadow.in
 create mode 100644 rules/shadow.make

-- 
2.25.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v2 1/4] pam: new package

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Note: Package states, that alternatively GPL can be used as a license.
 There is no GPL version specification and also some files claims LGPL
 can be used. Also without specifying version. Debian package references
 /usr/share/common-licenses/GPL which is symlink to actual GPL version
 (GPL-3). Based on package age, we could probably read license as
 GPL-2.0-or-later.
 
 Changes:
 - v2: Add license info, install_alternative config files individually

 rules/pam.in   | 10 ++++++
 rules/pam.make | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 rules/pam.in
 create mode 100644 rules/pam.make

diff --git a/rules/pam.in b/rules/pam.in
new file mode 100644
index 000000000..75d5ef42c
--- /dev/null
+++ b/rules/pam.in
@@ -0,0 +1,10 @@
+## SECTION=security
+
+config PAM
+	tristate
+	prompt "PAM"
+	select LIBC_CRYPT
+	help
+	  Linux-PAM (Pluggable Authentication Modules for Linux) is a suite
+	  of shared libraries that enable the local system administrator to
+	  choose how applications authenticate users.
diff --git a/rules/pam.make b/rules/pam.make
new file mode 100644
index 000000000..2ae37c40e
--- /dev/null
+++ b/rules/pam.make
@@ -0,0 +1,82 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2020 by Ladislav Michl <ladis@linux-mips.org>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_PAM) += pam
+
+#
+# Paths and names
+#
+PAM_VERSION	:= 1.3.1
+PAM_MD5		:= 558ff53b0fc0563ca97f79e911822165
+PAM		:= Linux-PAM-$(PAM_VERSION)
+PAM_SUFFIX	:= tar.xz
+PAM_URL		:= https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX)
+PAM_SOURCE	:= $(SRCDIR)/$(PAM).$(PAM_SUFFIX)
+PAM_DIR		:= $(BUILDDIR)/$(PAM)
+PAM_LICENSE	:= BSD-3-Clause OR GPL-2.0-or-later
+PAM_LICENSE_FILES := \
+	file://Copyright;md5=7eb5c1bf854e8881005d673599ee74d3 \
+	file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+PAM_CONF_TOOL	:= autoconf
+PAM_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	$(GLOBAL_LARGE_FILE_OPTION) \
+	--disable-lckpwdf \
+	--disable-cracklib \
+	--disable-audit \
+	--disable-db \
+	--disable-nis \
+	--disable-selinux \
+	--disable-regenerate-docu \
+	--disable-nls \
+	--disable-rpath
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/pam.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, pam)
+	@$(call install_fixup, pam,PRIORITY,optional)
+	@$(call install_fixup, pam,SECTION,base)
+	@$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
+	@$(call install_fixup, pam,DESCRIPTION,"Pluggable Authentication Modules for Linux")
+
+	@$(call install_lib, pam, 0, 0, 0644, libpamc)
+	@$(call install_lib, pam, 0, 0, 0644, libpam_misc)
+	@$(call install_lib, pam, 0, 0, 0644, libpam)
+
+	@$(call install_tree, pam, 0, 0, -, /usr/lib/security)
+
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/environment)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/access.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/group.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/limits.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/namespace.conf)
+	@$(call install_alternative, pam, 0, 0, 0755, /etc/security/namespace.init)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/pam_env.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/time.conf)
+
+	@$(call install_finish, pam)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
2.25.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2 1/4] pam: new package

[Roland Hieber]

On Mon, Jan 27, 2020 at 09:52:30AM +0100, Ladislav Michl wrote:
> Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
> ---
>  Note: Package states, that alternatively GPL can be used as a license.
>  There is no GPL version specification and also some files claims LGPL
>  can be used. Also without specifying version. Debian package references
>  /usr/share/common-licenses/GPL which is symlink to actual GPL version
>  (GPL-3). Based on package age, we could probably read license as
>  GPL-2.0-or-later.

Yeah, I think we can use GPL-2.0-or-later here, given that there are
some PAM modules that specifically mention this version (e.g.
modules/pam_loginuid/).  Please also include AND LGPL-2.0-or-later
because of modules/pam_mkhomedir/ and modules/pam_issue/.

Otherwise looks fine to me. Thanks!

 - Roland

>  
>  Changes:
>  - v2: Add license info, install_alternative config files individually
> 
>  rules/pam.in   | 10 ++++++
>  rules/pam.make | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 92 insertions(+)
>  create mode 100644 rules/pam.in
>  create mode 100644 rules/pam.make
> 
> diff --git a/rules/pam.in b/rules/pam.in
> new file mode 100644
> index 000000000..75d5ef42c
> --- /dev/null
> +++ b/rules/pam.in
> @@ -0,0 +1,10 @@
> +## SECTION=security
> +
> +config PAM
> +	tristate
> +	prompt "PAM"
> +	select LIBC_CRYPT
> +	help
> +	  Linux-PAM (Pluggable Authentication Modules for Linux) is a suite
> +	  of shared libraries that enable the local system administrator to
> +	  choose how applications authenticate users.
> diff --git a/rules/pam.make b/rules/pam.make
> new file mode 100644
> index 000000000..2ae37c40e
> --- /dev/null
> +++ b/rules/pam.make
> @@ -0,0 +1,82 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2020 by Ladislav Michl <ladis@linux-mips.org>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_PAM) += pam
> +
> +#
> +# Paths and names
> +#
> +PAM_VERSION	:= 1.3.1
> +PAM_MD5		:= 558ff53b0fc0563ca97f79e911822165
> +PAM		:= Linux-PAM-$(PAM_VERSION)
> +PAM_SUFFIX	:= tar.xz
> +PAM_URL		:= https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX)
> +PAM_SOURCE	:= $(SRCDIR)/$(PAM).$(PAM_SUFFIX)
> +PAM_DIR		:= $(BUILDDIR)/$(PAM)
> +PAM_LICENSE	:= BSD-3-Clause OR GPL-2.0-or-later
> +PAM_LICENSE_FILES := \
> +	file://Copyright;md5=7eb5c1bf854e8881005d673599ee74d3 \
> +	file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +PAM_CONF_TOOL	:= autoconf
> +PAM_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	$(GLOBAL_LARGE_FILE_OPTION) \
> +	--disable-lckpwdf \
> +	--disable-cracklib \
> +	--disable-audit \
> +	--disable-db \
> +	--disable-nis \
> +	--disable-selinux \
> +	--disable-regenerate-docu \
> +	--disable-nls \
> +	--disable-rpath
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/pam.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, pam)
> +	@$(call install_fixup, pam,PRIORITY,optional)
> +	@$(call install_fixup, pam,SECTION,base)
> +	@$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
> +	@$(call install_fixup, pam,DESCRIPTION,"Pluggable Authentication Modules for Linux")
> +
> +	@$(call install_lib, pam, 0, 0, 0644, libpamc)
> +	@$(call install_lib, pam, 0, 0, 0644, libpam_misc)
> +	@$(call install_lib, pam, 0, 0, 0644, libpam)
> +
> +	@$(call install_tree, pam, 0, 0, -, /usr/lib/security)
> +
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/environment)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/access.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/group.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/limits.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/namespace.conf)
> +	@$(call install_alternative, pam, 0, 0, 0755, /etc/security/namespace.init)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/pam_env.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/time.conf)
> +
> +	@$(call install_finish, pam)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 2.25.0
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Roland Hieber, Pengutronix e.K.          | r.hieber@pengutronix.de     |
Steuerwalder Str. 21                     | https://www.pengutronix.de/ |
31137 Hildesheim, Germany                | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686         | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2 1/4] pam: new package

[Ladislav Michl]

On Mon, Jan 27, 2020 at 10:57:48AM +0100, Roland Hieber wrote:
> On Mon, Jan 27, 2020 at 09:52:30AM +0100, Ladislav Michl wrote:
> > Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
> > ---
> >  Note: Package states, that alternatively GPL can be used as a license.
> >  There is no GPL version specification and also some files claims LGPL
> >  can be used. Also without specifying version. Debian package references
> >  /usr/share/common-licenses/GPL which is symlink to actual GPL version
> >  (GPL-3). Based on package age, we could probably read license as
> >  GPL-2.0-or-later.
> 
> Yeah, I think we can use GPL-2.0-or-later here, given that there are
> some PAM modules that specifically mention this version (e.g.
> modules/pam_loginuid/).  Please also include AND LGPL-2.0-or-later
> because of modules/pam_mkhomedir/ and modules/pam_issue/.

Hmm, do we expect C operator precedence or better write it like this:
PAM_LICENSE := BSD-3-Clause OR (GPL-2.0-or-later AND LGPL-2.0-or-later)

I wouldn't use extra parentheses...

> Otherwise looks fine to me. Thanks!
> 
>  - Roland

	ladis

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v2 1/4] pam: new package

[Roland Hieber]

On Mon, Jan 27, 2020 at 04:57:12PM +0100, Ladislav Michl wrote:
> On Mon, Jan 27, 2020 at 10:57:48AM +0100, Roland Hieber wrote:
> > On Mon, Jan 27, 2020 at 09:52:30AM +0100, Ladislav Michl wrote:
> > > Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
> > > ---
> > >  Note: Package states, that alternatively GPL can be used as a license.
> > >  There is no GPL version specification and also some files claims LGPL
> > >  can be used. Also without specifying version. Debian package references
> > >  /usr/share/common-licenses/GPL which is symlink to actual GPL version
> > >  (GPL-3). Based on package age, we could probably read license as
> > >  GPL-2.0-or-later.
> > 
> > Yeah, I think we can use GPL-2.0-or-later here, given that there are
> > some PAM modules that specifically mention this version (e.g.
> > modules/pam_loginuid/).  Please also include AND LGPL-2.0-or-later
> > because of modules/pam_mkhomedir/ and modules/pam_issue/.
> 
> Hmm, do we expect C operator precedence or better write it like this:
> PAM_LICENSE := BSD-3-Clause OR (GPL-2.0-or-later AND LGPL-2.0-or-later)
> 
> I wouldn't use extra parentheses...

I think SPDX syntax requires parentheses in any case, but I'm not sure.
Too many parentheses are not wrong however, and better readable.

 - Roland

-- 
Roland Hieber, Pengutronix e.K.          | r.hieber@pengutronix.de     |
Steuerwalder Str. 21                     | https://www.pengutronix.de/ |
31137 Hildesheim, Germany                | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686         | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v3] pam: new package

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Changes:
 - v2: Add license info, install_alternative config files individually
 - v3: Specify GPL-2.0-or-later AND LGPL-2.0-or-later

 rules/pam.in   | 10 ++++++
 rules/pam.make | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 rules/pam.in
 create mode 100644 rules/pam.make

diff --git a/rules/pam.in b/rules/pam.in
new file mode 100644
index 000000000..75d5ef42c
--- /dev/null
+++ b/rules/pam.in
@@ -0,0 +1,10 @@
+## SECTION=security
+
+config PAM
+	tristate
+	prompt "PAM"
+	select LIBC_CRYPT
+	help
+	  Linux-PAM (Pluggable Authentication Modules for Linux) is a suite
+	  of shared libraries that enable the local system administrator to
+	  choose how applications authenticate users.
diff --git a/rules/pam.make b/rules/pam.make
new file mode 100644
index 000000000..b665ce147
--- /dev/null
+++ b/rules/pam.make
@@ -0,0 +1,82 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2020 by Ladislav Michl <ladis@linux-mips.org>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_PAM) += pam
+
+#
+# Paths and names
+#
+PAM_VERSION	:= 1.3.1
+PAM_MD5		:= 558ff53b0fc0563ca97f79e911822165
+PAM		:= Linux-PAM-$(PAM_VERSION)
+PAM_SUFFIX	:= tar.xz
+PAM_URL		:= https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX)
+PAM_SOURCE	:= $(SRCDIR)/$(PAM).$(PAM_SUFFIX)
+PAM_DIR		:= $(BUILDDIR)/$(PAM)
+PAM_LICENSE	:= BSD-3-Clause OR (GPL-2.0-or-later AND LGPL-2.0-or-later)
+PAM_LICENSE_FILES := \
+	file://Copyright;md5=7eb5c1bf854e8881005d673599ee74d3 \
+	file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+PAM_CONF_TOOL	:= autoconf
+PAM_CONF_OPT	:= \
+	$(CROSS_AUTOCONF_USR) \
+	$(GLOBAL_LARGE_FILE_OPTION) \
+	--disable-lckpwdf \
+	--disable-cracklib \
+	--disable-audit \
+	--disable-db \
+	--disable-nis \
+	--disable-selinux \
+	--disable-regenerate-docu \
+	--disable-nls \
+	--disable-rpath
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/pam.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, pam)
+	@$(call install_fixup, pam,PRIORITY,optional)
+	@$(call install_fixup, pam,SECTION,base)
+	@$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
+	@$(call install_fixup, pam,DESCRIPTION,"Pluggable Authentication Modules for Linux")
+
+	@$(call install_lib, pam, 0, 0, 0644, libpamc)
+	@$(call install_lib, pam, 0, 0, 0644, libpam_misc)
+	@$(call install_lib, pam, 0, 0, 0644, libpam)
+
+	@$(call install_tree, pam, 0, 0, -, /usr/lib/security)
+
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/environment)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/access.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/group.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/limits.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/namespace.conf)
+	@$(call install_alternative, pam, 0, 0, 0755, /etc/security/namespace.init)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/pam_env.conf)
+	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/time.conf)
+
+	@$(call install_finish, pam)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
2.25.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

Re: [ptxdist] [PATCH v3] pam: new package

[Roland Hieber]

On Tue, Jan 28, 2020 at 08:48:39PM +0100, Ladislav Michl wrote:
> Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
> ---
>  Changes:
>  - v2: Add license info, install_alternative config files individually
>  - v3: Specify GPL-2.0-or-later AND LGPL-2.0-or-later

Reviewed-by: Roland Hieber <rhi@pengutronix.de>

> 
>  rules/pam.in   | 10 ++++++
>  rules/pam.make | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 92 insertions(+)
>  create mode 100644 rules/pam.in
>  create mode 100644 rules/pam.make
> 
> diff --git a/rules/pam.in b/rules/pam.in
> new file mode 100644
> index 000000000..75d5ef42c
> --- /dev/null
> +++ b/rules/pam.in
> @@ -0,0 +1,10 @@
> +## SECTION=security
> +
> +config PAM
> +	tristate
> +	prompt "PAM"
> +	select LIBC_CRYPT
> +	help
> +	  Linux-PAM (Pluggable Authentication Modules for Linux) is a suite
> +	  of shared libraries that enable the local system administrator to
> +	  choose how applications authenticate users.
> diff --git a/rules/pam.make b/rules/pam.make
> new file mode 100644
> index 000000000..b665ce147
> --- /dev/null
> +++ b/rules/pam.make
> @@ -0,0 +1,82 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2020 by Ladislav Michl <ladis@linux-mips.org>
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_PAM) += pam
> +
> +#
> +# Paths and names
> +#
> +PAM_VERSION	:= 1.3.1
> +PAM_MD5		:= 558ff53b0fc0563ca97f79e911822165
> +PAM		:= Linux-PAM-$(PAM_VERSION)
> +PAM_SUFFIX	:= tar.xz
> +PAM_URL		:= https://github.com/linux-pam/linux-pam/releases/download/v$(PAM_VERSION)/$(PAM).$(PAM_SUFFIX)
> +PAM_SOURCE	:= $(SRCDIR)/$(PAM).$(PAM_SUFFIX)
> +PAM_DIR		:= $(BUILDDIR)/$(PAM)
> +PAM_LICENSE	:= BSD-3-Clause OR (GPL-2.0-or-later AND LGPL-2.0-or-later)
> +PAM_LICENSE_FILES := \
> +	file://Copyright;md5=7eb5c1bf854e8881005d673599ee74d3 \
> +	file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +PAM_CONF_TOOL	:= autoconf
> +PAM_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	$(GLOBAL_LARGE_FILE_OPTION) \
> +	--disable-lckpwdf \
> +	--disable-cracklib \
> +	--disable-audit \
> +	--disable-db \
> +	--disable-nis \
> +	--disable-selinux \
> +	--disable-regenerate-docu \
> +	--disable-nls \
> +	--disable-rpath
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/pam.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, pam)
> +	@$(call install_fixup, pam,PRIORITY,optional)
> +	@$(call install_fixup, pam,SECTION,base)
> +	@$(call install_fixup, pam,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
> +	@$(call install_fixup, pam,DESCRIPTION,"Pluggable Authentication Modules for Linux")
> +
> +	@$(call install_lib, pam, 0, 0, 0644, libpamc)
> +	@$(call install_lib, pam, 0, 0, 0644, libpam_misc)
> +	@$(call install_lib, pam, 0, 0, 0644, libpam)
> +
> +	@$(call install_tree, pam, 0, 0, -, /usr/lib/security)
> +
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/environment)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/access.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/group.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/limits.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/namespace.conf)
> +	@$(call install_alternative, pam, 0, 0, 0755, /etc/security/namespace.init)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/pam_env.conf)
> +	@$(call install_alternative, pam, 0, 0, 0644, /etc/security/time.conf)
> +
> +	@$(call install_finish, pam)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 2.25.0
> 
> 

-- 
Roland Hieber, Pengutronix e.K.          | r.hieber@pengutronix.de     |
Steuerwalder Str. 21                     | https://www.pengutronix.de/ |
31137 Hildesheim, Germany                | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686         | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v2 2/4] Introduce global PAM option

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Changes:
 v2: None

 rules/core-pam.in    | 8 ++++++++
 rules/pre/Rules.make | 6 ++++++
 2 files changed, 14 insertions(+)
 create mode 100644 rules/core-pam.in

diff --git a/rules/core-pam.in b/rules/core-pam.in
new file mode 100644
index 000000000..0e2c983a5
--- /dev/null
+++ b/rules/core-pam.in
@@ -0,0 +1,8 @@
+## SECTION=core
+
+config GLOBAL_PAM
+	bool
+	prompt "PAM support"
+	help
+	  This will enable PAM for all packages with optional
+	  PAM support.
diff --git a/rules/pre/Rules.make b/rules/pre/Rules.make
index 5597c64ec..8ca41f5c6 100644
--- a/rules/pre/Rules.make
+++ b/rules/pre/Rules.make
@@ -271,6 +271,12 @@ else
 GLOBAL_LARGE_FILE_OPTION := --disable-largefile
 endif
 
+ifdef PTXCONF_GLOBAL_PAM
+GLOBAL_PAM_OPTION := --enable-pam
+else
+GLOBAL_PAM_OPTION := --disable-pam
+endif
+
 ifdef PTXCONF_GLOBAL_SELINUX
 GLOBAL_SELINUX_OPTION := --enable-selinux
 else
-- 
2.25.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v2 3/4] shadow: new package

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Changes:
 -v2: Avoid conflicting with Busybox, simplify menuconfig

 rules/shadow.in   |  26 ++++++++++
 rules/shadow.make | 121 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 147 insertions(+)
 create mode 100644 rules/shadow.in
 create mode 100644 rules/shadow.make

diff --git a/rules/shadow.in b/rules/shadow.in
new file mode 100644
index 000000000..8e1fa2270
--- /dev/null
+++ b/rules/shadow.in
@@ -0,0 +1,26 @@
+## SECTION=shell_and_console
+comment "BusyBox' loginutils selected!"
+        depends on BUSYBOX_ADDUSER || BUSYBOX_ADDGROUP || BUSYBOX_LOGIN || BUSYBOX_PASSWD || BUSYBOX_SU
+
+menuconfig SHADOW
+	tristate
+	depends on (!BUSYBOX_ADDUSER && !BUSYBOX_ADDGROUP && !BUSYBOX_LOGIN && !BUSYBOX_PASSWD && !BUSYBOX_SU) || ALLYES
+	select LIBC_CRYPT
+	select LIBSELINUX	if GLOBAL_SELINUX
+	select PAM		if GLOBAL_PAM
+	prompt "shadow                        "
+	help
+	  Password and account management tool suite with support
+	  for shadow files and PAM.
+
+if SHADOW
+
+config SHADOW_ADMIN
+	bool
+	prompt "install account administration commands"
+	help
+	  Enable this option if you want to install commands
+	  which manipulate user accout (administer /etc/passwd,
+	  /etc/shadow and /etc/group, /etc/gshadow ...)
+
+endif
diff --git a/rules/shadow.make b/rules/shadow.make
new file mode 100644
index 000000000..d9319806f
--- /dev/null
+++ b/rules/shadow.make
@@ -0,0 +1,121 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2020 by Ladislav Michl <ladis@linux-mips.org>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_SHADOW) += shadow
+
+#
+# Paths and names
+#
+SHADOW_VERSION	:= 4.8.1
+SHADOW_MD5	:= 4b05eff8a427cf50e615bda324b5bc45
+SHADOW		:= shadow-$(SHADOW_VERSION)
+SHADOW_SUFFIX	:= tar.xz
+SHADOW_URL	:= https://github.com/shadow-maint/shadow/releases/download/$(SHADOW_VERSION)/$(SHADOW).$(SHADOW_SUFFIX)
+SHADOW_SOURCE	:= $(SRCDIR)/$(SHADOW).$(SHADOW_SUFFIX)
+SHADOW_DIR	:= $(BUILDDIR)/$(SHADOW)
+SHADOW_LICENSE	:= BSD-3-Clause
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+SHADOW_CONF_TOOL	:= autoconf
+SHADOW_CONF_OPT		:= \
+	$(CROSS_AUTOCONF_USR) \
+	--bindir=/usr/bin \
+	--sbindir=/usr/sbin \
+	$(GLOBAL_LARGE_FILE_OPTION) \
+	--enable-shadowgrp \
+	--disable-man \
+	--$(call ptx/endis, PTXCONF_GLOBAL_PAM)-account-tools-setuid \
+	--disable-utmpx \
+	--enable-subordinate-ids \
+	--disable-nls \
+	--disable-rpath \
+	--without-audit \
+	--$(call ptx/wwo, PTXCONF_GLOBAL_PAM)-libpam \
+	--without-btrfs \
+	--$(call ptx/wwo, PTXCONF_GLOBAL_SELINUX)-selinux \
+	--without-acl \
+  	--without-attr \
+	--without-skey \
+	--without-tcb \
+	--without-libcrack \
+	--with-sha-crypt \
+	--without-nscd \
+	--without-sssd \
+	--with-su \
+	--without-fcaps
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+SHADOW_ADMIN_BIN_PROGS	:= \
+	chage chfn chsh expiry gpasswd newgidmap newgrp newuidmap passwd
+SHADOW_ADMIN_SBIN_PROGS	:= \
+	chgpasswd chpasswd \
+	groupadd groupdel groupmems groupmod grpck grpconv grpunconv \
+	newusers pwck pwconv pwunconv useradd userdel usermod vipw
+SHADOW_ADMIN_PAMD	:= \
+	chage chfn chgpasswd chpasswd chsh \
+	groupadd groupdel groupmems groupmod \
+	newusers passwd useradd userdel usermod
+
+$(STATEDIR)/shadow.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, shadow)
+	@$(call install_fixup, shadow,PRIORITY,optional)
+	@$(call install_fixup, shadow,SECTION,base)
+	@$(call install_fixup, shadow,AUTHOR,"Ladislav Michl <ladis@linux-mips.org>")
+	@$(call install_fixup, shadow,DESCRIPTION,missing)
+
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/faillog)
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/groups)
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/lastlog)
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/bin/login)
+	@$(call install_copy, shadow, 0, 0, 4755, -, /usr/bin/su)
+	@$(call install_copy, shadow, 0, 0, 0755, -, /usr/sbin/nologin)
+
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/login.defs)
+ifdef PTXCONF_GLOBAL_PAM
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/login)
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/pam.d/su)
+endif
+
+ifdef PTXCONF_SHADOW_ADMIN
+	@$(foreach prog, $(SHADOW_ADMIN_BIN_PROGS), \
+		$(call install_copy, shadow, 0, 0, 4755, -, \
+			/usr/bin/$(prog))$(ptx/nl))
+	@$(call install_link, shadow, newgrp, /usr/bin/sg)
+
+	@$(foreach prog, $(SHADOW_ADMIN_SBIN_PROGS), \
+		$(call install_copy, shadow, 0, 0, 0755, -, \
+			/usr/sbin/$(prog))$(ptx/nl))
+	@$(call install_link, shadow, vipw, /usr/sbin/wigr)
+
+	@$(call install_alternative, shadow, 0, 0, 0644, /etc/default/useradd)
+ifdef PTXCONF_GLOBAL_PAM
+	@$(foreach pam, $(SHADOW_ADMIN_PAMD), \
+		$(call install_alternative, shadow, 0, 0, 0644, \
+			/etc/pam.d/$(pam))$(ptx/nl))
+endif
+endif
+
+	@$(call install_finish, shadow)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
2.25.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

[ptxdist] [PATCH v2 4/4] util-linux: optionally build login program

[Ladislav Michl]

Signed-off-by: Ladislav Michl <ladis@linux-mips.org>
---
 Changes:
 -v2: Avoid conflicting with Busybox and shadow.

 rules/util-linux-ng.in   | 19 +++++++++++++++++++
 rules/util-linux-ng.make |  5 ++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/rules/util-linux-ng.in b/rules/util-linux-ng.in
index 4f230bc60..9c139be6b 100644
--- a/rules/util-linux-ng.in
+++ b/rules/util-linux-ng.in
@@ -7,6 +7,7 @@ menuconfig UTIL_LINUX_NG
 	select UTIL_LINUX_NG_LIBBLKID
 	select UTIL_LINUX_NG_LIBUUID		if UTIL_LINUX_NG_MKSWAP_UUID
 	select NCURSES				if UTIL_LINUX_NG_USES_NCURSES
+	select PAM				if UTIL_LINUX_NG_USES_PAM
 
 if UTIL_LINUX_NG
 
@@ -32,6 +33,9 @@ config UTIL_LINUX_NG_FDISKS
 config UTIL_LINUX_NG_USES_NCURSES
 	bool
 
+config UTIL_LINUX_NG_USES_PAM
+	bool
+
 config UTIL_LINUX_NG_PARTX_TOOLS
 	select UTIL_LINUX_NG_LIBBLKID
 	select UTIL_LINUX_NG_LIBSMARTCOLS
@@ -441,4 +445,19 @@ config UTIL_LINUX_NG_LSCPU
 	help
 	  lscpu shows information about the CPU architecture
 
+config UTIL_LINUX_NG_LOGIN
+	bool
+	select UTIL_LINUX_NG_USES_PAM
+	depends on GLOBAL_PAM && ((!BUSYBOX_LOGIN && !SHADOW) || ALLYES)
+	prompt "login"
+	help
+	  The login program is used to establish a new session with
+	  the system.
+
+comment "BusyBox' login is selected!"
+	depends on BUSYBOX_LOGIN
+
+comment "Shadow package is selected!"
+	depends on SHADOW
+
 endif
diff --git a/rules/util-linux-ng.make b/rules/util-linux-ng.make
index cda06a4a6..cc09e13d3 100644
--- a/rules/util-linux-ng.make
+++ b/rules/util-linux-ng.make
@@ -115,7 +115,7 @@ UTIL_LINUX_NG_CONF_OPT	:= \
 	--disable-chfn-chsh-password \
 	--disable-chfn-chsh \
 	--disable-chsh-only-listed \
-	--disable-login \
+	--$(call ptx/endis, PTXCONF_UTIL_LINUX_NG_LOGIN)-login \
 	--disable-login-chown-vcs \
 	--disable-login-stat-mail \
 	--disable-nologin \
@@ -312,6 +312,9 @@ endif
 ifdef PTXCONF_UTIL_LINUX_NG_LSCPU
 	@$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/lscpu)
 endif
+ifdef PTXCONF_UTIL_LINUX_NG_LOGIN
+	@$(call install_copy, util-linux-ng, 0, 0, 0755, -, /usr/bin/login)
+endif
 
 	@$(call install_finish, util-linux-ng)
 
-- 
2.25.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de