diff options
| author |   Martin Schlemmer <azarah@gentoo.org> | 2003-05-18 12:55:49 +0000 |
|---|---|---|
| committer | Martin Schlemmer <azarah@gentoo.org> | 2003-05-18 12:55:49 +0000 |
| commit | db1b0cbedcb7a1545418ae41c3ee336a8dd06fc8 (patch) | |
| tree | a805395a81517a69f5d6dd83bd6e7c87df12a38d /sys-apps/shadow | |
| parent | add selinux support back (diff) | |
| download | historical-db1b0cbedcb7a1545418ae41c3ee336a8dd06fc8.tar.gz historical-db1b0cbedcb7a1545418ae41c3ee336a8dd06fc8.tar.bz2 historical-db1b0cbedcb7a1545418ae41c3ee336a8dd06fc8.zip | |
add selinux support back
Diffstat (limited to 'sys-apps/shadow')
| -rw-r--r-- | sys-apps/shadow/Manifest | 4 | ||||
| -rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.3-r6 | 2 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.0.3-r6.ebuild | 188 |
3 files changed, 192 insertions, 2 deletions
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index 3975df91461a..9c593b514a3e 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -1,8 +1,8 @@ -MD5 127ffbeb4eb8b39cc714d04fd0e78191 ChangeLog 6882 +MD5 f78b1de531395e3a16e868ee25d62abc ChangeLog 7064 MD5 30c77e651f99dcb1d87124902fdf9fbf shadow-4.0.3-r3.ebuild 4859 MD5 b602d0c8438778c551980c98dd60edbd shadow-4.0.3-r5.ebuild 4943 MD5 1a2a50a92e21cfb5821dea16ce3b9969 shadow-4.0.3-r4.ebuild 4865 -MD5 d3e482a6bc4499fdc64546173c9c6dbc shadow-4.0.3-r6.ebuild 5236 +MD5 78a0a4996bbbd463f9d45d1d7913893d shadow-4.0.3-r6.ebuild 5236 MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r5 65 MD5 03fbcf7c3c68fbd445550092e4df9933 files/digest-shadow-4.0.3-r6 140 MD5 e70a5f61d37c3c67a4b860d8a6191dbc files/securetty 230 diff --git a/sys-apps/shadow/files/digest-shadow-4.0.3-r6 b/sys-apps/shadow/files/digest-shadow-4.0.3-r6 new file mode 100644 index 000000000000..22f2eeb1284a --- /dev/null +++ b/sys-apps/shadow/files/digest-shadow-4.0.3-r6 @@ -0,0 +1,2 @@ +MD5 873e49fcde0d665e916414722ecb0d72 shadow-4.0.3.tar.gz 1055089 +MD5 15e586eb8cec9a84683679fe7d093f2e shadow-4.0.3-selinux.patch.bz2 150543 diff --git a/sys-apps/shadow/shadow-4.0.3-r6.ebuild b/sys-apps/shadow/shadow-4.0.3-r6.ebuild new file mode 100644 index 000000000000..cde958a724a5 --- /dev/null +++ b/sys-apps/shadow/shadow-4.0.3-r6.ebuild @@ -0,0 +1,188 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.3-r6.ebuild,v 1.1 2003/05/18 12:54:01 azarah Exp $ + +IUSE="selinux" + +inherit eutils libtool gnuconfig + +FORCE_SYSTEMAUTH_UPDATE="yes" + +S="${WORKDIR}/${P}" +HOMEPAGE="http://shadow.pld.org.pl/" +DESCRIPTION="Utilities to deal with user accounts" +SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.gz + selinux? mirror://gentoo/${P}-selinux.patch.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="x86 ppc sparc alpha mips hppa arm" + +DEPEND=">=sys-libs/pam-0.75-r4 + >=sys-libs/cracklib-2.7-r3 + sys-devel/gettext + selinux? ( sys-apps/selinux-small )" + +RDEPEND=">=sys-libs/pam-0.75-r4 + >=sys-libs/cracklib-2.7-r3" + + +pkg_preinst() { + rm -f ${ROOT}/etc/pam.d/system-auth.new +} + +src_unpack() { + unpack ${A} + + cd ${S} + # Get su to call pam_open_session(), and also set DISPLAY and XAUTHORITY, + # else the session entries in /etc/pam.d/su never get executed, and + # pam_xauth for one, is then never used. This should close bug #8831. + # + # <azarah@gentoo.org> (19 Oct 2002) + use selinux || epatch ${FILESDIR}/${P}-su-pam_open_session.patch-v2 + # (selinux doesn't like this patch. may fix later.) + + # If su should not simulate a login shell, use '/bin/sh' as shell to enable + # running of commands as user with /bin/false as shell, closing bug #15015. + # + # <azarah@gentoo.org> (23 Feb 2003) +# This one could be a security hole ... +# cd ${S}; epatch ${FILESDIR}/${P}-nologin-run-sh.patch + + # Patch the useradd manpage to be a bit more clear, closing bug #13203. + # Thanks to Guy <guycad@mindspring.com>. + epatch ${FILESDIR}/${P}-useradd-manpage-update.patch + + # Necessary selinux patch + use selinux && epatch ${DISTDIR}/${P}-selinux.patch.bz2 +} + +src_compile() { + # Allows shadow configure detect mips systems properly + gnuconfig_update + + elibtoolize + + local myconf="" + use nls || myconf="${myconf} --disable-nls" + + ./configure --disable-desrpc \ + --with-libcrypt \ + --with-libcrack \ + --with-libpam \ + --enable-shared=no \ + --enable-static=yes \ + --host=${CHOST} \ + ${myconf} || die "bad configure" + + # Parallel make fails sometimes + make || die "compile problem" +} + +src_install() { + dodir /etc/default /etc/skel + + make prefix=${D}/usr \ + exec_prefix=${D} \ + mandir=${D}/usr/share/man \ + install || die "install problem" + + # Do not install this login, but rather the one from + # pam-login, as this one have a serious root exploit + # with pam_limits in use. + # (selinux will use this login for now at least) + use selinux || rm ${D}/bin/login + + mv ${D}/lib ${D}/usr + dosed "s:/lib':/usr/lib':g" /usr/lib/libshadow.la + dosed "s:/lib/:/usr/lib/:g" /usr/lib/libshadow.la + dosed "s:/lib':/usr/lib':g" /usr/lib/libmisc.la + dosed "s:/lib/:/usr/lib/:g" /usr/lib/libmisc.la + dosym /usr/bin/newgrp /usr/bin/sg + dosym /usr/sbin/useradd /usr/sbin/adduser + dosym /usr/sbin/vipw /usr/sbin/vigr + # Remove dead links + rm -f ${D}/bin/{sg,vipw} + + insinto /etc + # Using a securetty with devfs device names added + # (compat names kept for non-devfs compatibility) + insopts -m0600 ; doins ${FILESDIR}/securetty + insopts -m0600 ; doins ${S}/etc/login.access + insopts -m0644 ; doins ${S}/etc/limits + + # needed for 'adduser -D' + insinto /etc/default + insopts -m0600 + doins ${FILESDIR}/default/useradd +# From sys-apps/pam-login now +# insopts -m0644 ; doins ${FILESDIR}/login.defs + + insinto /etc/pam.d ; insopts -m0644 + for x in ${FILESDIR}/pam.d/* + do + [ -f ${x} ] && doins ${x} + done + + cd ${FILESDIR}/pam.d + newins system-auth system-auth.new + newins shadow chage + newins shadow chsh + newins shadow chfn + newins shadow useradd + newins shadow groupadd + + cd ${S} + # The manpage install is beyond my comprehension, and + # also broken. Just do it over. + rm -rf ${D}/usr/share/man/* + for x in man/*.[0-9] + do + [ -f ${x} ] && doman ${x} + done + + # Dont install the manpage, since we dont use + # login with shadow + # (selinux does, so we install the man pages in that case) + use selinux || rm -f ${D}/usr/share/man/man1/login.* + # We use pam, so this is not applicable. + rm -f ${D}/usr/share/man/man5/suauth.* + + cd ${S}/doc + dodoc ANNOUNCE INSTALL LICENSE README WISHLIST + docinto txt + dodoc HOWTO LSM README.* *.txt + + # Fix sparc serial console + if [ "${ARCH}" = "sparc" -o "${ARCH}" = "" ] + then + # ttyS0 and its devfsd counterpart (Sparc serial port "A") + dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty + dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty + fi +} + +pkg_postinst() { + local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)" + local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)" + + if [ "${CHECK1}" != "${CHECK2}" -a "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ] + then + ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " + ewarn "is being updated automatically. Your old " + ewarn "system-auth will be backed up as:" + ewarn + ewarn " ${ROOT}etc/pam.d/system-auth.bak" + echo + + cp -a ${ROOT}/etc/pam.d/system-auth \ + ${ROOT}/etc/pam.d/system-auth.bak; + mv -f ${ROOT}/etc/pam.d/system-auth.new \ + ${ROOT}/etc/pam.d/system-auth + rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth + else + rm -f ${ROOT}/etc/pam.d/system-auth.new + fi +} + |