From e2db47eaae00ec33f8971db44b68645c5d3b9590 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 17 Aug 2021 11:36:49 +0100 Subject: gentoo resync : 17.08.2021 --- sys-apps/shadow/Manifest | 3 +- sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch | 57 +++++ sys-apps/shadow/shadow-4.9-r1.ebuild | 253 --------------------- sys-apps/shadow/shadow-4.9-r2.ebuild | 254 ++++++++++++++++++++++ 4 files changed, 313 insertions(+), 254 deletions(-) create mode 100644 sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch delete mode 100644 sys-apps/shadow/shadow-4.9-r1.ebuild create mode 100644 sys-apps/shadow/shadow-4.9-r2.ebuild (limited to 'sys-apps/shadow') diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index efe97ce72cd8..7775d1c0e689 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -4,11 +4,12 @@ AUX pam.d-include/passwd 144 BLAKE2B 95e159c70416218950ad5cdc41c83b52f8d2ec042d3 AUX pam.d-include/shadow 152 BLAKE2B 82d1f678abc60586ea873da7e2f4907349d77a64085cc475fa09c47cb008b41a7a00a7de2816b2c5cb2f48452d1b07523be35f8dd29026736ba8fbd3ae3d7c56 SHA512 d07611c350d0d6f3386db5080c80a84e4135cf33e44fd3a390cb1092e034f9bd2a69495fadd4bda6ede9962e9658e77f2c8e12d3189cdcda6c7b3c607336f0c3 AUX pam.d-include/shadow-r1 116 BLAKE2B bc7baa8e224cb90b6ef79762941b3b7505fcf4b8ed8c5da06a33a8a7fefa91098e4ac0c0f915eeca4a19714d60a2bf43e3922805347e3dfe0ccc80f210bf88e4 SHA512 ddecc5cc8f667f9931ddf5d98d89a986712c5a6e44826add1e1d9ead37064758a3879f6afd1fc45c89c216956593852051e2ef3abc52e2ab58a0e191adfe75d1 AUX shadow-4.1.3-dots-in-usernames.patch 302 BLAKE2B a83f463be9267c3a704997b98d67cd0daddf8ee05debf447d091530517a855078bd53ce28c87045643b2b8c467dd09caad06a4eb0a6568c271e6a42b49a54dcc SHA512 ad20fb3f4f0292f39b5da796e41df71e9e8b1b81dd11a99b2d988440c1b435b0061333a0a5a37a909598d5a840a75946e8c59c74426bae7452de88cf673a5f7d +AUX shadow-4.9-SHA-rounds.patch 1714 BLAKE2B 71dbc5189486cded95e34aa5d1b1a2af836004d42c0ccaf4b0fed7bdf525e87aaa73fd40ceb29b19eabc0043e20843aab846eaebce3e9d84d67a3106af8c3252 SHA512 f7b332818a2eb5b4c72021ca6f4befb5d067277599d9e57a5f68fa92dadfc40b6c3286627e42d237468ab3c41868b607ae35c08e2e60439ad5d08627318bfe4f AUX shadow-4.9-libcrack.patch 738 BLAKE2B 7ba0fd5e2c9c81bbefa75b2f1e29ed94ae32f302cf81c9ff978319bdb81a905248a638a535131df92c401383c184b22aff174d1a366e37a9dbb8756c9f7975ba SHA512 c967227926a5bd2c511ecc9d4e39b39aef50615404c79ad30d1e7bb967e09d52669ac9e2047d7d5039cdfad9b2dcf53f2de17a6d917cecbf9c8a72a77f1c0a10 AUX shadow-4.9-libsubid_oot_build.patch 2933 BLAKE2B 9bc638bd1d0733c6e51b54ab1f1db132bd4499a24b33efc76c58c306267015ebd9e2e927e774c3631cfa94490bb249b4d2267a163ae85f9f6ba18b964fcc81d4 SHA512 7f42cd84cb606fde19750f26883c4650642499dc6cb0078bc733d5d61a51b39c9f1c3898000e2df8ceb84eaecadbab6ae502178bf51d205fe644bb8c58a62bfa AUX shadow-4.9-libsubid_pam_linking.patch 706 BLAKE2B 8d9b3f6ab2aea004275e6347568013b0092beb57d08a51e6bbca0480773525518febd0ec975dd37a9c071c5ec17d56541586b9afa12010081a392dc60cee4c13 SHA512 49a40045520358d1fb29daae30f9fef1f8aab4516596f16781d3702642ef70592959536d69f4755d57689fc6e30d029c5dfc545d95362e811a284900cb628b6b DIST shadow-4.8.1.tar.xz 1611196 BLAKE2B 952707cdd55dc6c00dcbc60dbc3bf84ac618dbe916b36d993802b3ce42594de332a9bc22933a28881af3d317a340eab017ada55511b4e4fbc3ca6b422c4bc254 SHA512 780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b DIST shadow-4.9.tar.xz 1627008 BLAKE2B 7a9a6a489115c7a20520cfec61f008fc0f70f7f50aaf539e94dfdcb20035d2de88ab3198e76812a4e3eb944b92c76c0ca2e85e35f4342537711c2c033248a72b SHA512 254cda49bb14505a7604821e7fa898bf4bf317d648e9ddc881ab80a6860d52053dfffacad6feab87c7d16608c35ed6b6cee99e7757eac930da3a7b31cdcd4b95 EBUILD shadow-4.8.1-r4.ebuild 6134 BLAKE2B a3effe54f52408bfee5ed17134a58806e005aab38391d4ff78888e3ae18c86f0d76dd946c2494bc92901e8400e7b98db0e4045f004a8880cb6c437acff28d560 SHA512 2e7375dd6c94bdc85eabfe8cb65d0c7df4bb1bc9b2aff418824046a8af80493f3a481476f63bdc91abca4aefcc61105b2aa6c551e8b260b8da1db2d0587b56fb -EBUILD shadow-4.9-r1.ebuild 6340 BLAKE2B ebe11dd7bb7776f9580ee2de30cd5a16dc1aa166f4780ba9235d216f4832cdde995a1be0f20c973318ca0c393d9fd7b1ae7c5cab41a84d3547de12773315f036 SHA512 46f7ef1b3be5cb224e787f1fa1cff5e30bdcc55ab7268d3ac376ba5e570f7746debf714a290ebfe82277d2c669272d67e0429b21f06aaa1cb8113bf71d0896f5 +EBUILD shadow-4.9-r2.ebuild 6383 BLAKE2B 4e457a262c781c84d479b19a34ae898f2052aef9f40f930d55abc4e30fc12b74175852a2cf69e58dd0d638169da7c66db29fd1c06d0f10fa752c26d57166c638 SHA512 24419419aaaf358b92fcc7bdb0c40771e1f22ddcc19bd8bc4b109c39d4f594171763cc4347c10cc7ce12d78cb8684c6a9cfbe143a4ae0cbfc66491f068021ffe MISC metadata.xml 562 BLAKE2B 7ea54e53f53a91898e5cb5975e9f1aa37639b0ca887213e389c85e0b46cc2dcdf6a1a80795ecd3a74ecc1c4b76d600af563b8d26ce618de1030914ae04f4b152 SHA512 35e207e3d5e3de3f93c8c4a580ec7109bbb778d2d424eef76c5c6b25f8b47d68480a55e9d2b15f9be4f27a273443d6220752337eb538dc05517c0c5a004722e7 diff --git a/sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch b/sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch new file mode 100644 index 000000000000..05be7adc1b19 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.9-SHA-rounds.patch @@ -0,0 +1,57 @@ +From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sat, 14 Aug 2021 13:24:34 -0400 +Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds() + +If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified, +use SHA_ROUNDS_DEFAULT. + +Previously, the code fell through, calling shadow_random(-1, -1). This +ultimately set rounds = (unsigned long) -1, which ends up being a very +large number! This then got capped to SHA_ROUNDS_MAX later in the +function. + +The new behavior matches BCRYPT_get_salt_rounds(). + +Bug: https://bugs.gentoo.org/808195 +Fixes: https://github.com/shadow-maint/shadow/issues/393 +--- + libmisc/salt.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/libmisc/salt.c b/libmisc/salt.c +index 91d528fd..30eefb9c 100644 +--- a/libmisc/salt.c ++++ b/libmisc/salt.c +@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre + if ((-1 == min_rounds) && (-1 == max_rounds)) { + rounds = SHA_ROUNDS_DEFAULT; + } ++ else { ++ if (-1 == min_rounds) { ++ min_rounds = max_rounds; ++ } + +- if (-1 == min_rounds) { +- min_rounds = max_rounds; +- } ++ if (-1 == max_rounds) { ++ max_rounds = min_rounds; ++ } + +- if (-1 == max_rounds) { +- max_rounds = min_rounds; +- } ++ if (min_rounds > max_rounds) { ++ max_rounds = min_rounds; ++ } + +- if (min_rounds > max_rounds) { +- max_rounds = min_rounds; ++ rounds = (unsigned long) shadow_random (min_rounds, max_rounds); + } +- +- rounds = (unsigned long) shadow_random (min_rounds, max_rounds); + } else if (0 == *prefered_rounds) { + rounds = SHA_ROUNDS_DEFAULT; + } else { diff --git a/sys-apps/shadow/shadow-4.9-r1.ebuild b/sys-apps/shadow/shadow-4.9-r1.ebuild deleted file mode 100644 index 545c8cb652b1..000000000000 --- a/sys-apps/shadow/shadow-4.9-r1.ebuild +++ /dev/null @@ -1,253 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools pam - -DESCRIPTION="Utilities to deal with user accounts" -HOMEPAGE="https://github.com/shadow-maint/shadow" -SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr" -# Taken from the man/Makefile.am file. -LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) - -REQUIRED_USE="?? ( cracklib pam )" - -BDEPEND=" - app-arch/xz-utils - sys-devel/gettext -" -COMMON_DEPEND=" - virtual/libcrypt:= - acl? ( sys-apps/acl:0= ) - audit? ( >=sys-process/audit-2.6:0= ) - cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) - nls? ( virtual/libintl ) - pam? ( sys-libs/pam:0= ) - skey? ( sys-auth/skey:0= ) - selinux? ( - >=sys-libs/libselinux-1.28:0= - sys-libs/libsemanage:0= - ) - xattr? ( sys-apps/attr:0= ) -" -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-4.14 -" -RDEPEND="${COMMON_DEPEND} - !=sys-auth/pambase-20150213 ) - su? ( !sys-apps/util-linux[su(-)] ) -" - -PATCHES=( - "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch" - "${FILESDIR}/${P}-libsubid_pam_linking.patch" - "${FILESDIR}/${P}-libsubid_oot_build.patch" - "${FILESDIR}/shadow-4.9-libcrack.patch" -) - -src_prepare() { - default - eautoreconf - #elibtoolize -} - -src_configure() { - local myeconfargs=( - --disable-account-tools-setuid - --with-btrfs - --without-group-name-max-length - --without-tcb - $(use_enable nls) - $(use_with acl) - $(use_with audit) - $(use_with bcrypt) - $(use_with cracklib libcrack) - $(use_with elibc_glibc nscd) - $(use_with pam libpam) - $(use_with selinux) - $(use_with skey) - $(use_with su) - $(use_with xattr attr) - ) - econf "${myeconfargs[@]}" - - has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052 - - if use nls ; then - local l langs="po" # These are the pot files. - for l in ${LANGS[*]} ; do - has ${l} ${LINGUAS-${l}} && langs+=" ${l}" - done - sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die - fi -} - -set_login_opt() { - local comment="" opt=${1} val=${2} - if [[ -z ${val} ]]; then - comment="#" - sed -i \ - -e "/^${opt}\>/s:^:#:" \ - "${ED}"/etc/login.defs || die - else - sed -i -r \ - -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ - "${ED}"/etc/login.defs - fi - local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) - einfo "${res:-Unable to find ${opt} in /etc/login.defs}" -} - -src_install() { - emake DESTDIR="${D}" suidperms=4711 install - - # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389 - emake DESTDIR="${D}" -C man install - - # Remove libshadow and libmisc; see bug 37725 and the following - # comment from shadow's README.linux: - # Currently, libshadow.a is for internal use only, so if you see - # -lshadow in a Makefile of some other package, it is safe to - # remove it. - rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} - - insinto /etc - if ! use pam ; then - insopts -m0600 - doins etc/login.access etc/limits - fi - - # needed for 'useradd -D' - insinto /etc/default - insopts -m0600 - doins "${FILESDIR}"/default/useradd - - if use split-usr ; then - # move passwd to / to help recover broke systems #64441 - # We cannot simply remove this or else net-misc/scponly - # and other tools will break because of hardcoded passwd - # location - dodir /bin - mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die - dosym ../../bin/passwd /usr/bin/passwd - fi - - cd "${S}" || die - insinto /etc - insopts -m0644 - newins etc/login.defs login.defs - - set_login_opt CREATE_HOME yes - if ! use pam ; then - set_login_opt MAIL_CHECK_ENAB no - set_login_opt SU_WHEEL_ONLY yes - set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict - set_login_opt LOGIN_RETRIES 3 - set_login_opt ENCRYPT_METHOD SHA512 - set_login_opt CONSOLE - else - dopamd "${FILESDIR}"/pam.d-include/shadow - - for x in chsh shfn ; do - newpamd "${FILESDIR}"/pam.d-include/passwd ${x} - done - - for x in chpasswd newusers ; do - newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} - done - - newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems - - # comment out login.defs options that pam hates - local opt sed_args=() - for opt in \ - CHFN_AUTH \ - CONSOLE \ - CRACKLIB_DICTPATH \ - ENV_HZ \ - ENVIRON_FILE \ - FAILLOG_ENAB \ - FTMP_FILE \ - LASTLOG_ENAB \ - MAIL_CHECK_ENAB \ - MOTD_FILE \ - NOLOGINS_FILE \ - OBSCURE_CHECKS_ENAB \ - PASS_ALWAYS_WARN \ - PASS_CHANGE_TRIES \ - PASS_MIN_LEN \ - PORTTIME_CHECKS_ENAB \ - QUOTAS_ENAB \ - SU_WHEEL_ONLY - do - set_login_opt ${opt} - sed_args+=( -e "/^#${opt}\>/b pamnote" ) - done - sed -i "${sed_args[@]}" \ - -e 'b exit' \ - -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ - -e ': exit' \ - "${ED}"/etc/login.defs || die - - # remove manpages that pam will install for us - # and/or don't apply when using pam - find "${ED}"/usr/share/man -type f \ - '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ - -delete - - # Remove pam.d files provided by pambase. - rm "${ED}"/etc/pam.d/{login,passwd} || die - if use su ; then - rm "${ED}"/etc/pam.d/su || die - fi - fi - - # Remove manpages that are handled by other packages - find "${ED}"/usr/share/man -type f \ - '(' -name id.1 -o -name getspnam.3 ')' \ - -delete - - cd "${S}" || die - dodoc ChangeLog NEWS TODO - newdoc README README.download - cd doc || die - dodoc HOWTO README* WISHLIST *.txt -} - -pkg_preinst() { - rm -f "${EROOT}"/etc/pam.d/system-auth.new \ - "${EROOT}/etc/login.defs.new" -} - -pkg_postinst() { - # Enable shadow groups. - if [ ! -f "${EROOT}"/etc/gshadow ] ; then - if grpck -r -R "${EROOT}" 2>/dev/null ; then - grpconv -R "${EROOT}" - else - ewarn "Running 'grpck' returned errors. Please run it by hand, and then" - ewarn "run 'grpconv' afterwards!" - fi - fi - - [[ ! -f "${EROOT}"/etc/subgid ]] && - touch "${EROOT}"/etc/subgid - [[ ! -f "${EROOT}"/etc/subuid ]] && - touch "${EROOT}"/etc/subuid - - einfo "The 'adduser' symlink to 'useradd' has been dropped." -} diff --git a/sys-apps/shadow/shadow-4.9-r2.ebuild b/sys-apps/shadow/shadow-4.9-r2.ebuild new file mode 100644 index 000000000000..8ce94660aad6 --- /dev/null +++ b/sys-apps/shadow/shadow-4.9-r2.ebuild @@ -0,0 +1,254 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools pam + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="https://github.com/shadow-maint/shadow" +SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr" +# Taken from the man/Makefile.am file. +LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) + +REQUIRED_USE="?? ( cracklib pam )" + +BDEPEND=" + app-arch/xz-utils + sys-devel/gettext +" +COMMON_DEPEND=" + virtual/libcrypt:= + acl? ( sys-apps/acl:0= ) + audit? ( >=sys-process/audit-2.6:0= ) + cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) + nls? ( virtual/libintl ) + pam? ( sys-libs/pam:0= ) + skey? ( sys-auth/skey:0= ) + selinux? ( + >=sys-libs/libselinux-1.28:0= + sys-libs/libsemanage:0= + ) + xattr? ( sys-apps/attr:0= ) +" +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-4.14 +" +RDEPEND="${COMMON_DEPEND} + !=sys-auth/pambase-20150213 ) + su? ( !sys-apps/util-linux[su(-)] ) +" + +PATCHES=( + "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch" + "${FILESDIR}/${P}-libsubid_pam_linking.patch" + "${FILESDIR}/${P}-libsubid_oot_build.patch" + "${FILESDIR}/shadow-4.9-libcrack.patch" + "${FILESDIR}/shadow-4.9-SHA-rounds.patch" +) + +src_prepare() { + default + eautoreconf + #elibtoolize +} + +src_configure() { + local myeconfargs=( + --disable-account-tools-setuid + --with-btrfs + --without-group-name-max-length + --without-tcb + $(use_enable nls) + $(use_with acl) + $(use_with audit) + $(use_with bcrypt) + $(use_with cracklib libcrack) + $(use_with elibc_glibc nscd) + $(use_with pam libpam) + $(use_with selinux) + $(use_with skey) + $(use_with su) + $(use_with xattr attr) + ) + econf "${myeconfargs[@]}" + + has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052 + + if use nls ; then + local l langs="po" # These are the pot files. + for l in ${LANGS[*]} ; do + has ${l} ${LINGUAS-${l}} && langs+=" ${l}" + done + sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die + fi +} + +set_login_opt() { + local comment="" opt=${1} val=${2} + if [[ -z ${val} ]]; then + comment="#" + sed -i \ + -e "/^${opt}\>/s:^:#:" \ + "${ED}"/etc/login.defs || die + else + sed -i -r \ + -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ + "${ED}"/etc/login.defs + fi + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" +} + +src_install() { + emake DESTDIR="${D}" suidperms=4711 install + + # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389 + emake DESTDIR="${D}" -C man install + + # Remove libshadow and libmisc; see bug 37725 and the following + # comment from shadow's README.linux: + # Currently, libshadow.a is for internal use only, so if you see + # -lshadow in a Makefile of some other package, it is safe to + # remove it. + rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} + + insinto /etc + if ! use pam ; then + insopts -m0600 + doins etc/login.access etc/limits + fi + + # needed for 'useradd -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + if use split-usr ; then + # move passwd to / to help recover broke systems #64441 + # We cannot simply remove this or else net-misc/scponly + # and other tools will break because of hardcoded passwd + # location + dodir /bin + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym ../../bin/passwd /usr/bin/passwd + fi + + cd "${S}" || die + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + + set_login_opt CREATE_HOME yes + if ! use pam ; then + set_login_opt MAIL_CHECK_ENAB no + set_login_opt SU_WHEEL_ONLY yes + set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict + set_login_opt LOGIN_RETRIES 3 + set_login_opt ENCRYPT_METHOD SHA512 + set_login_opt CONSOLE + else + dopamd "${FILESDIR}"/pam.d-include/shadow + + for x in chsh shfn ; do + newpamd "${FILESDIR}"/pam.d-include/passwd ${x} + done + + for x in chpasswd newusers ; do + newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} + done + + newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems + + # comment out login.defs options that pam hates + local opt sed_args=() + for opt in \ + CHFN_AUTH \ + CONSOLE \ + CRACKLIB_DICTPATH \ + ENV_HZ \ + ENVIRON_FILE \ + FAILLOG_ENAB \ + FTMP_FILE \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + MOTD_FILE \ + NOLOGINS_FILE \ + OBSCURE_CHECKS_ENAB \ + PASS_ALWAYS_WARN \ + PASS_CHANGE_TRIES \ + PASS_MIN_LEN \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + SU_WHEEL_ONLY + do + set_login_opt ${opt} + sed_args+=( -e "/^#${opt}\>/b pamnote" ) + done + sed -i "${sed_args[@]}" \ + -e 'b exit' \ + -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ + -e ': exit' \ + "${ED}"/etc/login.defs || die + + # remove manpages that pam will install for us + # and/or don't apply when using pam + find "${ED}"/usr/share/man -type f \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -delete + + # Remove pam.d files provided by pambase. + rm "${ED}"/etc/pam.d/{login,passwd} || die + if use su ; then + rm "${ED}"/etc/pam.d/su || die + fi + fi + + # Remove manpages that are handled by other packages + find "${ED}"/usr/share/man -type f \ + '(' -name id.1 -o -name getspnam.3 ')' \ + -delete + + cd "${S}" || die + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc || die + dodoc HOWTO README* WISHLIST *.txt +} + +pkg_preinst() { + rm -f "${EROOT}"/etc/pam.d/system-auth.new \ + "${EROOT}/etc/login.defs.new" +} + +pkg_postinst() { + # Enable shadow groups. + if [ ! -f "${EROOT}"/etc/gshadow ] ; then + if grpck -r -R "${EROOT}" 2>/dev/null ; then + grpconv -R "${EROOT}" + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + [[ ! -f "${EROOT}"/etc/subgid ]] && + touch "${EROOT}"/etc/subgid + [[ ! -f "${EROOT}"/etc/subuid ]] && + touch "${EROOT}"/etc/subuid + + einfo "The 'adduser' symlink to 'useradd' has been dropped." +} -- cgit v1.2.3