diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-08-17 09:31:54 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-08-17 09:31:54 +0100 |
| commit | 5a21cec0c36dba03507dcbd5e8ab6698d00b39bf (patch) | |
| tree | aa76c2f85f9c77c2f9a5af47ae0aa6509585770a /sys-apps/shadow | |
| parent | 280d9db9f9470686aae5ce1fa4cfa57b26e9beb2 (diff) | |
gentoo auto-resync : 17:08:2023 - 09:31:54
Diffstat (limited to 'sys-apps/shadow')
| -rw-r--r-- | sys-apps/shadow/Manifest | 3 | ||||
| -rw-r--r-- | sys-apps/shadow/shadow-4.14.0.ebuild | 270 |
2 files changed, 273 insertions, 0 deletions
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index 51dfe8dbb925..c3e891e89677 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -9,6 +9,9 @@ AUX shadow-4.13-password-leak.patch 5271 BLAKE2B 9f47502e0463e7c00d29c0a42071c49 AUX shadow-4.13-usermod-prefix-gid.patch 1206 BLAKE2B 8efa85ab6c4eee199b5cd21f706d39910393ae9f2bd8af9a2e49d058be6ec41bd37d1624ec85a94b6adb24597bc599f3b0e624286c10aa8b1e0022795cd1b89a SHA512 e38332b073497f53ccafff1d8c31910b3d9b692ac267758536585499f6ce68bed45097558689f3dbda6ddeaf762bf20072de6124ef053fbe807aa3543553142f DIST shadow-4.13.tar.xz 1762908 BLAKE2B 315ab8a7e598aeefb50c11293e20cfa0982c3c3ae21c35ae243d09a4facf97a13c1d672990876e74ef94f5284402acf14997663743e2aaefa6cfc4369b7d24dc SHA512 2949a728c3312bef13d23138d6b79caf402781b1cb179e33b5be546c1790971ec20778d0e9cd3dbe09691d928ffcbe88e60da42fab58c69a90d5ebe5e3e2ab8e DIST shadow-4.13.tar.xz.asc 488 BLAKE2B de1f8285c5713a772343a2a7c638d1d13429dd4fa867d4f91d4922aa0d083b4a3110d38e8a8ab82137fdf4fecb12ba3677f3fb235401fc6438ae663fbd9bfbd2 SHA512 f8549c4e699c65721d53946d61b6127712572f7ad9ee13018ef3a25307002992aa727471c948d1bb22dcddf112715bed387d28f436123f30e153ae6bc0cd3648 +DIST shadow-4.14.0.tar.xz 1787892 BLAKE2B 6e9a6108f856953ec91c597e46ad4f912101a829c7b3ff3389510be43f56f0a70425bd562119282d73df269df45af354e626741ad748f9c1e6f27b74a462a62c SHA512 ff960481d576f9db5a9f10becc4e1a74c03de484ecfdcd7f1ea735fded683d7ba0f9cd895dc6a431b77e5a633752273178b1bcda4cefaa5adbf0f143c9a0c86f +DIST shadow-4.14.0.tar.xz.asc 488 BLAKE2B e9ccdb38f130088ba2193e40a4ef7ccce3a592972bc7cb4e50cd8ad768c152b9bbb61432abbfe6ccc0cbed3979b4f54b8da68d1c58cb25bdb668bf5427b5a628 SHA512 d011a732d73b4b066ca8d204c0420303f925c87efc7655feb5c5f60b619d67da450e220ee44f6c86929ae79cbd4343136fe9c20d25b39fa0a228a48e57636309 EBUILD shadow-4.13-r3.ebuild 6691 BLAKE2B d0c7fc3f67abff01e1d4e837e48070f7e2ffb9d1c207ddfa0473fce913f5696dad249392a86d4c0e7f4d2d549544b2496707d5070138eee3a2921c102b385197 SHA512 933cf33c7134e40bd1d3f8802590605a2df5c0c6943358098b9e7cb62a97e7f89e4aa8a903a92c64182f92aca888dbbd2c326b8ea4eb5501f2805c36f70c74ef EBUILD shadow-4.13-r4.ebuild 6774 BLAKE2B e43e76ca053076eae533bad9fbeca0e40e386383c924c2fe99f93741f7c6c27a8d5daebd7a95849a4c4dc8c9183b8d565ccc8d420bd07eeed46ac24d94fe44bf SHA512 206084e1875222e99c683c17e76aca9b246169d12ce3294b6da507d85b1708b0e1b32522ea277c0d72427c66d148244b3f3807330f8a052beb9fe50a1abb0754 +EBUILD shadow-4.14.0.ebuild 6963 BLAKE2B 72ceccee31b8c6377a1590197113cdaf5e2869928b7710a256bedb4fbbeb7c9262864abaa20d1302a6ff7955e507afdf6650659f55dcd9181a25845ab738f3e0 SHA512 048ee553df8600ac3d2a86e941a76e25eee13dcd25c59743f5f2d104159998129814d9be82cc674214d5235e48a5c674502116f402138c8a2061e0a5628e0eec MISC metadata.xml 606 BLAKE2B 2b14042f4702a908f8250c3fb6499ea33d8a8c44072707aa44881a36e3cc710256a821f8cd82c5214b32e9f5632745db4fdf00dd722f6fb7401e2f6b0bfbb4fd SHA512 694e039ae781982e8cbe6670b4e9c93b43455715ce4b9830a5fa61e6bf3eb91abcc284bf29c64fab055ba9754edaeab5d2da8140dbb2794fc1f534e2ccbb2b16 diff --git a/sys-apps/shadow/shadow-4.14.0.ebuild b/sys-apps/shadow/shadow-4.14.0.ebuild new file mode 100644 index 000000000000..cd807483b88c --- /dev/null +++ b/sys-apps/shadow/shadow-4.14.0.ebuild @@ -0,0 +1,270 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Upstream sometimes pushes releases as pre-releases before marking them +# official. Don't keyword the pre-releases! +# Check https://github.com/shadow-maint/shadow/releases. + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sergehallyn.asc +inherit libtool pam verify-sig + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="https://github.com/shadow-maint/shadow" +SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz" +SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )" + +LICENSE="BSD GPL-2" +# Subslot is for libsubid's SONAME. +SLOT="0/4" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su systemd xattr" +# Taken from the man/Makefile.am file. +LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) + +REQUIRED_USE="?? ( cracklib pam )" + +# TODO: Revisit libbsd dep once glibc-2.28 is stable as it provides strlcpy. +COMMON_DEPEND=" + dev-libs/libbsd + virtual/libcrypt:= + acl? ( sys-apps/acl:= ) + audit? ( >=sys-process/audit-2.6:= ) + cracklib? ( >=sys-libs/cracklib-2.7-r3:= ) + nls? ( virtual/libintl ) + pam? ( sys-libs/pam:= ) + skey? ( sys-auth/skey:= ) + selinux? ( + >=sys-libs/libselinux-1.28:= + sys-libs/libsemanage:= + ) + systemd? ( sys-apps/systemd:= ) + xattr? ( sys-apps/attr:= ) +" +DEPEND=" + ${COMMON_DEPEND} + >=sys-kernel/linux-headers-4.14 +" +RDEPEND=" + ${COMMON_DEPEND} + !<sys-apps/man-pages-5.11-r1 + !=sys-apps/man-pages-5.12-r0 + !=sys-apps/man-pages-5.12-r1 + nls? ( + !<app-i18n/man-pages-it-5.06-r1 + !<app-i18n/man-pages-ja-20180315-r1 + !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1 + ) + pam? ( >=sys-auth/pambase-20150213 ) + su? ( !sys-apps/util-linux[su(-)] ) +" +BDEPEND=" + app-arch/xz-utils + sys-devel/gettext + verify-sig? ( sec-keys/openpgp-keys-sergehallyn ) +" + +src_prepare() { + default + + elibtoolize +} + +src_configure() { + local myeconfargs=( + # Negate new upstream default of disabling for now + --enable-lastlog + --disable-account-tools-setuid + --disable-static + --with-btrfs + # shadow uses a bundled copy of readpassphrase if --without-libbsd + --with-libbsd + --without-group-name-max-length + --without-tcb + $(use_enable nls) + # TODO: wire up upstream for elogind too + $(use_enable systemd logind) + $(use_with acl) + $(use_with audit) + $(use_with bcrypt) + $(use_with cracklib libcrack) + $(use_with elibc_glibc nscd) + $(use_with pam libpam) + $(use_with selinux) + $(use_with skey) + $(use_with su) + $(use_with xattr attr) + ) + + econf "${myeconfargs[@]}" + + if use nls ; then + local l langs="po" # These are the pot files. + for l in ${LANGS[*]} ; do + has ${l} ${LINGUAS-${l}} && langs+=" ${l}" + done + sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die + fi +} + +set_login_opt() { + local comment="" opt=${1} val=${2} + if [[ -z ${val} ]]; then + comment="#" + sed -i \ + -e "/^${opt}\>/s:^:#:" \ + "${ED}"/etc/login.defs || die + else + sed -i -r \ + -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ + "${ED}"/etc/login.defs + fi + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" +} + +src_install() { + emake DESTDIR="${D}" suidperms=4711 install + + # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389 + emake DESTDIR="${D}" -C man install + + find "${ED}" -name '*.la' -type f -delete || die + + insinto /etc + if ! use pam ; then + insopts -m0600 + doins etc/login.access etc/limits + fi + + # needed for 'useradd -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + if use split-usr ; then + # move passwd to / to help recover broke systems #64441 + # We cannot simply remove this or else net-misc/scponly + # and other tools will break because of hardcoded passwd + # location + dodir /bin + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym ../../bin/passwd /usr/bin/passwd + fi + + cd "${S}" || die + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + + set_login_opt CREATE_HOME yes + if ! use pam ; then + set_login_opt MAIL_CHECK_ENAB no + set_login_opt SU_WHEEL_ONLY yes + set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict + set_login_opt LOGIN_RETRIES 3 + set_login_opt ENCRYPT_METHOD SHA512 + set_login_opt CONSOLE + else + dopamd "${FILESDIR}"/pam.d-include/shadow + + for x in chsh chfn ; do + newpamd "${FILESDIR}"/pam.d-include/passwd ${x} + done + + for x in chpasswd newusers ; do + newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} + done + + newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems + + # Comment out login.defs options that pam hates + local opt sed_args=() + for opt in \ + CHFN_AUTH \ + CONSOLE \ + CRACKLIB_DICTPATH \ + ENV_HZ \ + ENVIRON_FILE \ + FAILLOG_ENAB \ + FTMP_FILE \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + MOTD_FILE \ + NOLOGINS_FILE \ + OBSCURE_CHECKS_ENAB \ + PASS_ALWAYS_WARN \ + PASS_CHANGE_TRIES \ + PASS_MIN_LEN \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + SU_WHEEL_ONLY + do + set_login_opt ${opt} + sed_args+=( -e "/^#${opt}\>/b pamnote" ) + done + sed -i "${sed_args[@]}" \ + -e 'b exit' \ + -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ + -e ': exit' \ + "${ED}"/etc/login.defs || die + + # Remove manpages that pam will install for us + # and/or don't apply when using pam + find "${ED}"/usr/share/man -type f \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -delete + + # Remove pam.d files provided by pambase. + rm "${ED}"/etc/pam.d/{login,passwd} || die + if use su ; then + rm "${ED}"/etc/pam.d/su || die + fi + fi + + # Remove manpages that are handled by other packages + find "${ED}"/usr/share/man -type f \ + '(' -name id.1 -o -name getspnam.3 ')' \ + -delete || die + + if ! use su ; then + find "${ED}"/usr/share/man -type f -name su.1 -delete || die + fi + + cd "${S}" || die + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc || die + dodoc HOWTO README* WISHLIST *.txt +} + +pkg_preinst() { + rm -f "${EROOT}"/etc/pam.d/system-auth.new \ + "${EROOT}/etc/login.defs.new" +} + +pkg_postinst() { + # Missing entries from /etc/passwd can cause odd system blips. + # See bug #829872. + if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then + ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors." + fi + + # Enable shadow groups. + if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then + if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then + grpconv -R "${EROOT:-/}" + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + [[ ! -f "${EROOT}"/etc/subgid ]] && + touch "${EROOT}"/etc/subgid + [[ ! -f "${EROOT}"/etc/subuid ]] && + touch "${EROOT}"/etc/subuid + + einfo "The 'adduser' symlink to 'useradd' has been dropped." +} |