From c035b2b83f0e94c4b2e82184f00bcef874e6276b Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 11 May 2024 00:01:23 +0100 Subject: gentoo auto-resync : 11:05:2024 - 00:01:22 --- sys-apps/shadow/Manifest | 5 +- sys-apps/shadow/shadow-4.14.6-r1.ebuild | 278 +++++++++++++++++++++++++++++++ sys-apps/shadow/shadow-4.14.6.ebuild | 280 -------------------------------- sys-apps/shadow/shadow-4.14.7.ebuild | 278 +++++++++++++++++++++++++++++++ 4 files changed, 560 insertions(+), 281 deletions(-) create mode 100644 sys-apps/shadow/shadow-4.14.6-r1.ebuild delete mode 100644 sys-apps/shadow/shadow-4.14.6.ebuild create mode 100644 sys-apps/shadow/shadow-4.14.7.ebuild (limited to 'sys-apps/shadow') diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index 570dfeca954d..1930db2cbdda 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -13,7 +13,10 @@ DIST shadow-4.14.2.tar.xz 1799548 BLAKE2B 419f0a516753616ef691f71ec9002eef6fd756 DIST shadow-4.14.2.tar.xz.asc 833 BLAKE2B 9e085c79ccd3aa77489eb92e947dd4875dea84be2dbcbd2b8443e70b3dc065d288171ee024f81c6c3bf44d0ebfcabbb69937a906fdb26b6622d5a369aa415e8e SHA512 47a2607fa782a48b0333e353343a32f358115bb40225ea962fab86d4a8dbed1df976eb6231baf5b95f34a13139b99d6b719521626e5d3e9c80fc4c685767d9b7 DIST shadow-4.14.6.tar.xz 1805900 BLAKE2B e910131eab6527c1222afadf02ebd7bd6a3460baf95c23cc9eefa7aa21ddb70c02e58e4f58db2cb24fa8e2996c82b11664420545a8b1af573e4e6a25ceb3f921 SHA512 994a81afbafb19622a1d0f84527f96a84b0955c4ffa5e826682ead82af7940b8e3a091514bd2075622ebdf7638643c9c6b6b7ac3e48d985278db896249d70ae6 DIST shadow-4.14.6.tar.xz.asc 833 BLAKE2B 2fdcbd073687de829006ed9eb3ffd0b5f1312a94fe81b9c6840b25807e1268c58136d378da87f481c3cb53dc262d7afb6d97c77528e14dfbf5d54212fa7f84f2 SHA512 41f8fa92379392d4caa83987f9ea513ec18103dacfc01461f7bfb67ee6738a67e097fe76e7aa1f6004dfe14d5c55973667037c683fdd8ebb082264cb62222d27 +DIST shadow-4.14.7.tar.xz 1805860 BLAKE2B 5cc525292b9ba8fb85ec476a866be0b07a0b113539ad9f11d33eb87a87b95315485900a497c24465ad3b1d40b8f3273b6044a82829444024cc06d656427f3932 SHA512 ec64210b96ca0633683825df076e048ecba8f4794e9ad60125965d1490078c86ad26030bbec2e2ec7b53992d3ca68e4e659d6c460509fc6debb07bb686678885 +DIST shadow-4.14.7.tar.xz.asc 833 BLAKE2B 05c75a1de641cb766860959f1c1ed4788be40a6b0533d73a701b138c1aaf3b70f1e2807b7dafb74e35369091c40edf402abd96c9a5526c18ee644c12c48cd320 SHA512 6d13ddc810f27efd1bb2c9ef61d260b84ba9ce4e5721d844bd1f910fba072ae424360f6d3672b69dfa88c9a0905d93b6de415909791515f8da00d6c17ca79f9a EBUILD shadow-4.13-r4.ebuild 6834 BLAKE2B da0e190f18aa68350ac8689505c0399252ab54036583ee2b4fa865433406f64469d6a43162f422da5e315cf7378e0accc595c8a2eaccf801353947cc504c3983 SHA512 dc4dad7bd7c4f4206f9cbc83166269dde3b868eca3a5a83f2698795efb7696c438468c8c22293963a52597735888efb8b959bccddb6d19b6eefc3cbeb5564dd7 EBUILD shadow-4.14.2.ebuild 7230 BLAKE2B 339fbc2f07bf21238b4b606d1a3c5abff09f3521eda90630a3bb3b0d14ac990ea33369cf8d5914f67a2982d3e6b503d90046b5da946c3288691c273426174154 SHA512 15f1a137409709d23a223db1b346f1dc04543870a29fbf28ab9dd6fda7ce290dbb6aaf2e02ad5f38016c90be733b900636e6592d8b0c13a0e66a1034b385aa31 -EBUILD shadow-4.14.6.ebuild 7238 BLAKE2B 49d886d595c257f2db3f8316a55ca8de5692041d533849ec1f43c49c62936cfc8ae6aef8f97e3b9b06ab17ac4b27634e207571b1305f87fa9e047ada8bfde6d2 SHA512 1a95d6948e5a035d81b3119c12001773c84ce4346af65f5e17b32ac29ebd3f1636182920f767f0aca0c77c0c94daa02ac18079da40fa427d6ae8325b6f52d597 +EBUILD shadow-4.14.6-r1.ebuild 7139 BLAKE2B 2cf98373dffc863ff6866f5b1f5e31efe8132eb7500a345605e72b7b746b6e90eb0f05550e51b12632cbaeab6a9b311b59ebfaf952a44ecb5fbfa0c2128c6ae3 SHA512 fce593403db55462ca87d7efe2f08a1fe2355f85890b781c119030071a701d1e1003ae9bac9f159fb733bc07c090550c2be8124e7e2f456632e63162519425f8 +EBUILD shadow-4.14.7.ebuild 7139 BLAKE2B 2cf98373dffc863ff6866f5b1f5e31efe8132eb7500a345605e72b7b746b6e90eb0f05550e51b12632cbaeab6a9b311b59ebfaf952a44ecb5fbfa0c2128c6ae3 SHA512 fce593403db55462ca87d7efe2f08a1fe2355f85890b781c119030071a701d1e1003ae9bac9f159fb733bc07c090550c2be8124e7e2f456632e63162519425f8 MISC metadata.xml 606 BLAKE2B 2b14042f4702a908f8250c3fb6499ea33d8a8c44072707aa44881a36e3cc710256a821f8cd82c5214b32e9f5632745db4fdf00dd722f6fb7401e2f6b0bfbb4fd SHA512 694e039ae781982e8cbe6670b4e9c93b43455715ce4b9830a5fa61e6bf3eb91abcc284bf29c64fab055ba9754edaeab5d2da8140dbb2794fc1f534e2ccbb2b16 diff --git a/sys-apps/shadow/shadow-4.14.6-r1.ebuild b/sys-apps/shadow/shadow-4.14.6-r1.ebuild new file mode 100644 index 000000000000..2cfb43e405bd --- /dev/null +++ b/sys-apps/shadow/shadow-4.14.6-r1.ebuild @@ -0,0 +1,278 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Upstream sometimes pushes releases as pre-releases before marking them +# official. Don't keyword the pre-releases! +# Check https://github.com/shadow-maint/shadow/releases. + +inherit libtool pam verify-sig + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="https://github.com/shadow-maint/shadow" +SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz" +SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )" + +LICENSE="BSD GPL-2" +# Subslot is for libsubid's SONAME. +SLOT="0/4" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="acl audit cracklib nls pam selinux skey split-usr su systemd xattr" +# Taken from the man/Makefile.am file. +LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) + +REQUIRED_USE="?? ( cracklib pam )" + +COMMON_DEPEND=" + virtual/libcrypt:= + acl? ( sys-apps/acl:= ) + audit? ( >=sys-process/audit-2.6:= ) + cracklib? ( >=sys-libs/cracklib-2.7-r3:= ) + nls? ( virtual/libintl ) + pam? ( sys-libs/pam:= ) + skey? ( sys-auth/skey:= ) + selinux? ( + >=sys-libs/libselinux-1.28:= + sys-libs/libsemanage:= + ) + systemd? ( sys-apps/systemd:= ) + xattr? ( sys-apps/attr:= ) +" +DEPEND=" + ${COMMON_DEPEND} + >=sys-kernel/linux-headers-4.14 +" +RDEPEND=" + ${COMMON_DEPEND} + !=sys-auth/pambase-20150213 ) + su? ( !sys-apps/util-linux[su(-)] ) +" +BDEPEND=" + app-arch/xz-utils + sys-devel/gettext +" + +if [[ ${PV} == *.0 ]]; then + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-sergehallyn )" + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sergehallyn.asc +else + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-alejandro-colomar )" + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/alejandro-colomar.asc +fi + +src_prepare() { + default + elibtoolize +} + +src_configure() { + local myeconfargs=( + # Negate new upstream default of disabling for now + --enable-lastlog + --disable-account-tools-setuid + --disable-static + --with-btrfs + # Use bundled replacements for readpassphrase and freezero + --without-libbsd + --without-group-name-max-length + --without-tcb + --with-bcrypt + --with-yescrypt + $(use_enable nls) + # TODO: wire up upstream for elogind too (bug #931119) + $(use_enable systemd logind) + $(use_with acl) + $(use_with audit) + $(use_with cracklib libcrack) + $(use_with elibc_glibc nscd) + $(use_with pam libpam) + $(use_with selinux) + $(use_with skey) + $(use_with su) + $(use_with xattr attr) + ) + + econf "${myeconfargs[@]}" + + if use nls ; then + local l langs="po" # These are the pot files. + for l in ${LANGS[*]} ; do + has ${l} ${LINGUAS-${l}} && langs+=" ${l}" + done + sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die + fi +} + +set_login_opt() { + local comment="" opt=${1} val=${2} + if [[ -z ${val} ]]; then + comment="#" + sed -i \ + -e "/^${opt}\>/s:^:#:" \ + "${ED}"/etc/login.defs || die + else + sed -i -r \ + -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ + "${ED}"/etc/login.defs + fi + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" +} + +src_install() { + emake DESTDIR="${D}" suidperms=4711 install + + # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389 + emake DESTDIR="${D}" -C man install + + find "${ED}" -name '*.la' -type f -delete || die + + insinto /etc + if ! use pam ; then + insopts -m0600 + doins etc/login.access etc/limits + fi + + # needed for 'useradd -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + if use split-usr ; then + # move passwd to / to help recover broke systems #64441 + # We cannot simply remove this or else net-misc/scponly + # and other tools will break because of hardcoded passwd + # location + dodir /bin + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym ../../bin/passwd /usr/bin/passwd + fi + + cd "${S}" || die + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + + set_login_opt CREATE_HOME yes + if ! use pam ; then + set_login_opt MAIL_CHECK_ENAB no + set_login_opt SU_WHEEL_ONLY yes + set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict + set_login_opt LOGIN_RETRIES 3 + set_login_opt ENCRYPT_METHOD SHA512 + set_login_opt CONSOLE + else + dopamd "${FILESDIR}"/pam.d-include/shadow + + for x in chsh chfn ; do + newpamd "${FILESDIR}"/pam.d-include/passwd ${x} + done + + for x in chpasswd newusers ; do + newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} + done + + newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems + + # Comment out login.defs options that pam hates + local opt sed_args=() + for opt in \ + CHFN_AUTH \ + CONSOLE \ + CRACKLIB_DICTPATH \ + ENV_HZ \ + ENVIRON_FILE \ + FAILLOG_ENAB \ + FTMP_FILE \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + MOTD_FILE \ + NOLOGINS_FILE \ + OBSCURE_CHECKS_ENAB \ + PASS_ALWAYS_WARN \ + PASS_CHANGE_TRIES \ + PASS_MIN_LEN \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + SU_WHEEL_ONLY + do + set_login_opt ${opt} + sed_args+=( -e "/^#${opt}\>/b pamnote" ) + done + sed -i "${sed_args[@]}" \ + -e 'b exit' \ + -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ + -e ': exit' \ + "${ED}"/etc/login.defs || die + + # Remove manpages that pam will install for us + # and/or don't apply when using pam + find "${ED}"/usr/share/man -type f \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -delete + + # Remove pam.d files provided by pambase. + rm "${ED}"/etc/pam.d/{login,passwd} || die + if use su ; then + rm "${ED}"/etc/pam.d/su || die + fi + fi + + # Remove manpages that are handled by other packages + find "${ED}"/usr/share/man -type f \ + '(' -name id.1 -o -name getspnam.3 ')' \ + -delete || die + + if ! use su ; then + find "${ED}"/usr/share/man -type f -name su.1 -delete || die + fi + + cd "${S}" || die + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc || die + dodoc HOWTO README* WISHLIST *.txt + + if use elibc_musl; then + QA_CONFIG_IMPL_DECL_SKIP+=( sgetsgent ) + fi +} + +pkg_preinst() { + rm -f "${EROOT}"/etc/pam.d/system-auth.new \ + "${EROOT}/etc/login.defs.new" +} + +pkg_postinst() { + # Missing entries from /etc/passwd can cause odd system blips. + # See bug #829872. + if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then + ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors." + fi + + # Enable shadow groups. + if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then + if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then + grpconv -R "${EROOT:-/}" + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + [[ ! -f "${EROOT}"/etc/subgid ]] && + touch "${EROOT}"/etc/subgid + [[ ! -f "${EROOT}"/etc/subuid ]] && + touch "${EROOT}"/etc/subuid + + einfo "The 'adduser' symlink to 'useradd' has been dropped." +} diff --git a/sys-apps/shadow/shadow-4.14.6.ebuild b/sys-apps/shadow/shadow-4.14.6.ebuild deleted file mode 100644 index 60ab0fa7c897..000000000000 --- a/sys-apps/shadow/shadow-4.14.6.ebuild +++ /dev/null @@ -1,280 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Upstream sometimes pushes releases as pre-releases before marking them -# official. Don't keyword the pre-releases! -# Check https://github.com/shadow-maint/shadow/releases. - -inherit libtool pam verify-sig - -DESCRIPTION="Utilities to deal with user accounts" -HOMEPAGE="https://github.com/shadow-maint/shadow" -SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz" -SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )" - -LICENSE="BSD GPL-2" -# Subslot is for libsubid's SONAME. -SLOT="0/4" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -IUSE="acl audit cracklib nls pam selinux skey split-usr su systemd xattr" -# Taken from the man/Makefile.am file. -LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) - -REQUIRED_USE="?? ( cracklib pam )" - -# TODO: Revisit libbsd dep once glibc-2.28 is stable as it provides strlcpy. -COMMON_DEPEND=" - dev-libs/libbsd - virtual/libcrypt:= - acl? ( sys-apps/acl:= ) - audit? ( >=sys-process/audit-2.6:= ) - cracklib? ( >=sys-libs/cracklib-2.7-r3:= ) - nls? ( virtual/libintl ) - pam? ( sys-libs/pam:= ) - skey? ( sys-auth/skey:= ) - selinux? ( - >=sys-libs/libselinux-1.28:= - sys-libs/libsemanage:= - ) - systemd? ( sys-apps/systemd:= ) - xattr? ( sys-apps/attr:= ) -" -DEPEND=" - ${COMMON_DEPEND} - >=sys-kernel/linux-headers-4.14 -" -RDEPEND=" - ${COMMON_DEPEND} - !=sys-auth/pambase-20150213 ) - su? ( !sys-apps/util-linux[su(-)] ) -" -BDEPEND=" - app-arch/xz-utils - sys-devel/gettext -" - -if [[ ${PV} == *.0 ]]; then - BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-sergehallyn )" - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sergehallyn.asc -else - BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-alejandro-colomar )" - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/alejandro-colomar.asc -fi - -src_prepare() { - default - elibtoolize -} - -src_configure() { - local myeconfargs=( - # Negate new upstream default of disabling for now - --enable-lastlog - --disable-account-tools-setuid - --disable-static - --with-btrfs - # shadow uses a bundled copy of readpassphrase if --without-libbsd - --with-libbsd - --without-group-name-max-length - --without-tcb - --with-bcrypt - --with-yescrypt - $(use_enable nls) - # TODO: wire up upstream for elogind too (bug #931119) - $(use_enable systemd logind) - $(use_with acl) - $(use_with audit) - $(use_with cracklib libcrack) - $(use_with elibc_glibc nscd) - $(use_with pam libpam) - $(use_with selinux) - $(use_with skey) - $(use_with su) - $(use_with xattr attr) - ) - - econf "${myeconfargs[@]}" - - if use nls ; then - local l langs="po" # These are the pot files. - for l in ${LANGS[*]} ; do - has ${l} ${LINGUAS-${l}} && langs+=" ${l}" - done - sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die - fi -} - -set_login_opt() { - local comment="" opt=${1} val=${2} - if [[ -z ${val} ]]; then - comment="#" - sed -i \ - -e "/^${opt}\>/s:^:#:" \ - "${ED}"/etc/login.defs || die - else - sed -i -r \ - -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ - "${ED}"/etc/login.defs - fi - local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) - einfo "${res:-Unable to find ${opt} in /etc/login.defs}" -} - -src_install() { - emake DESTDIR="${D}" suidperms=4711 install - - # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389 - emake DESTDIR="${D}" -C man install - - find "${ED}" -name '*.la' -type f -delete || die - - insinto /etc - if ! use pam ; then - insopts -m0600 - doins etc/login.access etc/limits - fi - - # needed for 'useradd -D' - insinto /etc/default - insopts -m0600 - doins "${FILESDIR}"/default/useradd - - if use split-usr ; then - # move passwd to / to help recover broke systems #64441 - # We cannot simply remove this or else net-misc/scponly - # and other tools will break because of hardcoded passwd - # location - dodir /bin - mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die - dosym ../../bin/passwd /usr/bin/passwd - fi - - cd "${S}" || die - insinto /etc - insopts -m0644 - newins etc/login.defs login.defs - - set_login_opt CREATE_HOME yes - if ! use pam ; then - set_login_opt MAIL_CHECK_ENAB no - set_login_opt SU_WHEEL_ONLY yes - set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict - set_login_opt LOGIN_RETRIES 3 - set_login_opt ENCRYPT_METHOD SHA512 - set_login_opt CONSOLE - else - dopamd "${FILESDIR}"/pam.d-include/shadow - - for x in chsh chfn ; do - newpamd "${FILESDIR}"/pam.d-include/passwd ${x} - done - - for x in chpasswd newusers ; do - newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} - done - - newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems - - # Comment out login.defs options that pam hates - local opt sed_args=() - for opt in \ - CHFN_AUTH \ - CONSOLE \ - CRACKLIB_DICTPATH \ - ENV_HZ \ - ENVIRON_FILE \ - FAILLOG_ENAB \ - FTMP_FILE \ - LASTLOG_ENAB \ - MAIL_CHECK_ENAB \ - MOTD_FILE \ - NOLOGINS_FILE \ - OBSCURE_CHECKS_ENAB \ - PASS_ALWAYS_WARN \ - PASS_CHANGE_TRIES \ - PASS_MIN_LEN \ - PORTTIME_CHECKS_ENAB \ - QUOTAS_ENAB \ - SU_WHEEL_ONLY - do - set_login_opt ${opt} - sed_args+=( -e "/^#${opt}\>/b pamnote" ) - done - sed -i "${sed_args[@]}" \ - -e 'b exit' \ - -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ - -e ': exit' \ - "${ED}"/etc/login.defs || die - - # Remove manpages that pam will install for us - # and/or don't apply when using pam - find "${ED}"/usr/share/man -type f \ - '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ - -delete - - # Remove pam.d files provided by pambase. - rm "${ED}"/etc/pam.d/{login,passwd} || die - if use su ; then - rm "${ED}"/etc/pam.d/su || die - fi - fi - - # Remove manpages that are handled by other packages - find "${ED}"/usr/share/man -type f \ - '(' -name id.1 -o -name getspnam.3 ')' \ - -delete || die - - if ! use su ; then - find "${ED}"/usr/share/man -type f -name su.1 -delete || die - fi - - cd "${S}" || die - dodoc ChangeLog NEWS TODO - newdoc README README.download - cd doc || die - dodoc HOWTO README* WISHLIST *.txt - - if use elibc_musl; then - QA_CONFIG_IMPL_DECL_SKIP+=( sgetsgent ) - fi -} - -pkg_preinst() { - rm -f "${EROOT}"/etc/pam.d/system-auth.new \ - "${EROOT}/etc/login.defs.new" -} - -pkg_postinst() { - # Missing entries from /etc/passwd can cause odd system blips. - # See bug #829872. - if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then - ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors." - fi - - # Enable shadow groups. - if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then - if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then - grpconv -R "${EROOT:-/}" - else - ewarn "Running 'grpck' returned errors. Please run it by hand, and then" - ewarn "run 'grpconv' afterwards!" - fi - fi - - [[ ! -f "${EROOT}"/etc/subgid ]] && - touch "${EROOT}"/etc/subgid - [[ ! -f "${EROOT}"/etc/subuid ]] && - touch "${EROOT}"/etc/subuid - - einfo "The 'adduser' symlink to 'useradd' has been dropped." -} diff --git a/sys-apps/shadow/shadow-4.14.7.ebuild b/sys-apps/shadow/shadow-4.14.7.ebuild new file mode 100644 index 000000000000..2cfb43e405bd --- /dev/null +++ b/sys-apps/shadow/shadow-4.14.7.ebuild @@ -0,0 +1,278 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Upstream sometimes pushes releases as pre-releases before marking them +# official. Don't keyword the pre-releases! +# Check https://github.com/shadow-maint/shadow/releases. + +inherit libtool pam verify-sig + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="https://github.com/shadow-maint/shadow" +SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz" +SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )" + +LICENSE="BSD GPL-2" +# Subslot is for libsubid's SONAME. +SLOT="0/4" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="acl audit cracklib nls pam selinux skey split-usr su systemd xattr" +# Taken from the man/Makefile.am file. +LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) + +REQUIRED_USE="?? ( cracklib pam )" + +COMMON_DEPEND=" + virtual/libcrypt:= + acl? ( sys-apps/acl:= ) + audit? ( >=sys-process/audit-2.6:= ) + cracklib? ( >=sys-libs/cracklib-2.7-r3:= ) + nls? ( virtual/libintl ) + pam? ( sys-libs/pam:= ) + skey? ( sys-auth/skey:= ) + selinux? ( + >=sys-libs/libselinux-1.28:= + sys-libs/libsemanage:= + ) + systemd? ( sys-apps/systemd:= ) + xattr? ( sys-apps/attr:= ) +" +DEPEND=" + ${COMMON_DEPEND} + >=sys-kernel/linux-headers-4.14 +" +RDEPEND=" + ${COMMON_DEPEND} + !=sys-auth/pambase-20150213 ) + su? ( !sys-apps/util-linux[su(-)] ) +" +BDEPEND=" + app-arch/xz-utils + sys-devel/gettext +" + +if [[ ${PV} == *.0 ]]; then + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-sergehallyn )" + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sergehallyn.asc +else + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-alejandro-colomar )" + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/alejandro-colomar.asc +fi + +src_prepare() { + default + elibtoolize +} + +src_configure() { + local myeconfargs=( + # Negate new upstream default of disabling for now + --enable-lastlog + --disable-account-tools-setuid + --disable-static + --with-btrfs + # Use bundled replacements for readpassphrase and freezero + --without-libbsd + --without-group-name-max-length + --without-tcb + --with-bcrypt + --with-yescrypt + $(use_enable nls) + # TODO: wire up upstream for elogind too (bug #931119) + $(use_enable systemd logind) + $(use_with acl) + $(use_with audit) + $(use_with cracklib libcrack) + $(use_with elibc_glibc nscd) + $(use_with pam libpam) + $(use_with selinux) + $(use_with skey) + $(use_with su) + $(use_with xattr attr) + ) + + econf "${myeconfargs[@]}" + + if use nls ; then + local l langs="po" # These are the pot files. + for l in ${LANGS[*]} ; do + has ${l} ${LINGUAS-${l}} && langs+=" ${l}" + done + sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die + fi +} + +set_login_opt() { + local comment="" opt=${1} val=${2} + if [[ -z ${val} ]]; then + comment="#" + sed -i \ + -e "/^${opt}\>/s:^:#:" \ + "${ED}"/etc/login.defs || die + else + sed -i -r \ + -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ + "${ED}"/etc/login.defs + fi + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" +} + +src_install() { + emake DESTDIR="${D}" suidperms=4711 install + + # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389 + emake DESTDIR="${D}" -C man install + + find "${ED}" -name '*.la' -type f -delete || die + + insinto /etc + if ! use pam ; then + insopts -m0600 + doins etc/login.access etc/limits + fi + + # needed for 'useradd -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + if use split-usr ; then + # move passwd to / to help recover broke systems #64441 + # We cannot simply remove this or else net-misc/scponly + # and other tools will break because of hardcoded passwd + # location + dodir /bin + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym ../../bin/passwd /usr/bin/passwd + fi + + cd "${S}" || die + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + + set_login_opt CREATE_HOME yes + if ! use pam ; then + set_login_opt MAIL_CHECK_ENAB no + set_login_opt SU_WHEEL_ONLY yes + set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict + set_login_opt LOGIN_RETRIES 3 + set_login_opt ENCRYPT_METHOD SHA512 + set_login_opt CONSOLE + else + dopamd "${FILESDIR}"/pam.d-include/shadow + + for x in chsh chfn ; do + newpamd "${FILESDIR}"/pam.d-include/passwd ${x} + done + + for x in chpasswd newusers ; do + newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} + done + + newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems + + # Comment out login.defs options that pam hates + local opt sed_args=() + for opt in \ + CHFN_AUTH \ + CONSOLE \ + CRACKLIB_DICTPATH \ + ENV_HZ \ + ENVIRON_FILE \ + FAILLOG_ENAB \ + FTMP_FILE \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + MOTD_FILE \ + NOLOGINS_FILE \ + OBSCURE_CHECKS_ENAB \ + PASS_ALWAYS_WARN \ + PASS_CHANGE_TRIES \ + PASS_MIN_LEN \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + SU_WHEEL_ONLY + do + set_login_opt ${opt} + sed_args+=( -e "/^#${opt}\>/b pamnote" ) + done + sed -i "${sed_args[@]}" \ + -e 'b exit' \ + -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ + -e ': exit' \ + "${ED}"/etc/login.defs || die + + # Remove manpages that pam will install for us + # and/or don't apply when using pam + find "${ED}"/usr/share/man -type f \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -delete + + # Remove pam.d files provided by pambase. + rm "${ED}"/etc/pam.d/{login,passwd} || die + if use su ; then + rm "${ED}"/etc/pam.d/su || die + fi + fi + + # Remove manpages that are handled by other packages + find "${ED}"/usr/share/man -type f \ + '(' -name id.1 -o -name getspnam.3 ')' \ + -delete || die + + if ! use su ; then + find "${ED}"/usr/share/man -type f -name su.1 -delete || die + fi + + cd "${S}" || die + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc || die + dodoc HOWTO README* WISHLIST *.txt + + if use elibc_musl; then + QA_CONFIG_IMPL_DECL_SKIP+=( sgetsgent ) + fi +} + +pkg_preinst() { + rm -f "${EROOT}"/etc/pam.d/system-auth.new \ + "${EROOT}/etc/login.defs.new" +} + +pkg_postinst() { + # Missing entries from /etc/passwd can cause odd system blips. + # See bug #829872. + if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then + ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors." + fi + + # Enable shadow groups. + if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then + if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then + grpconv -R "${EROOT:-/}" + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + [[ ! -f "${EROOT}"/etc/subgid ]] && + touch "${EROOT}"/etc/subgid + [[ ! -f "${EROOT}"/etc/subuid ]] && + touch "${EROOT}"/etc/subuid + + einfo "The 'adduser' symlink to 'useradd' has been dropped." +} -- cgit v1.2.3