1SUMMARY = "Tools to change and administer password and group data"
2HOMEPAGE = "http://github.com/shadow-maint/shadow"
3DESCRIPTION = "${SUMMARY}"
4BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
5SECTION = "base/utils"
6LICENSE = "BSD | Artistic-1.0"
7LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
8                    file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af"
9
10DEPENDS = "virtual/crypt"
11
12UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
13SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz \
14           file://shadow-4.1.3-dots-in-usernames.patch \
15           ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
16           file://shadow-relaxed-usernames.patch \
17           file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \
18           file://0001-libsubid-link-to-PAM-libraries.patch \
19           "
20
21SRC_URI:append:class-target = " \
22           file://login_defs_pam.sed \
23           file://shadow-update-pam-conf.patch \
24           "
25
26SRC_URI:append:class-native = " \
27           file://0001-Disable-use-of-syslog-for-sysroot.patch \
28           file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
29           "
30SRC_URI:append:class-nativesdk = " \
31           file://0001-Disable-use-of-syslog-for-sysroot.patch \
32           "
33
34SRC_URI[sha256sum] = "6c4627ff9c9422b96664517ae753c944f2902e92809d0698b65f5fef11985212"
35
36# Additional Policy files for PAM
37PAM_SRC_URI = "file://pam.d/chfn \
38               file://pam.d/chpasswd \
39               file://pam.d/chsh \
40               file://pam.d/login \
41               file://pam.d/newusers \
42               file://pam.d/passwd \
43               file://pam.d/su"
44
45inherit autotools gettext
46
47export CONFIG_SHELL="/bin/sh"
48
49EXTRA_OECONF += "--without-audit \
50                 --without-libcrack \
51                 --without-selinux \
52                 --with-group-name-max-length=24 \
53                 --enable-subordinate-ids=yes \
54                 --without-sssd \
55                 ${NSCDOPT}"
56
57NSCDOPT = ""
58NSCDOPT:class-native = "--without-nscd"
59NSCDOPT:class-nativesdk = "--without-nscd"
60NSCDOPT:libc-glibc = "--with-nscd"
61
62PAM_PLUGINS = "libpam-runtime \
63               pam-plugin-faildelay \
64               pam-plugin-securetty \
65               pam-plugin-nologin \
66               pam-plugin-env \
67               pam-plugin-group \
68               pam-plugin-limits \
69               pam-plugin-lastlog \
70               pam-plugin-motd \
71               pam-plugin-mail \
72               pam-plugin-shells \
73               pam-plugin-rootok"
74
75PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog"
76
77PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
78                   ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
79PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
80PACKAGECONFIG:class-nativesdk = ""
81PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}"
82PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr"
83PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
84
85RDEPENDS:${PN} = "shadow-securetty \
86                  base-passwd \
87                  util-linux-sulogin"
88RDEPENDS:${PN}:class-native = ""
89RDEPENDS:${PN}:class-nativesdk = ""
90
91do_install() {
92	oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install
93
94	# Info dir listing isn't interesting at this point so remove it if it exists.
95	if [ -e "${D}${infodir}/dir" ]; then
96		rm -f ${D}${infodir}/dir
97	fi
98
99	# Enable CREATE_HOME by default.
100	sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
101
102	# As we are on an embedded system, ensure the users mailbox is in
103	# ~/ not /var/spool/mail by default, as who knows where or how big
104	# /var is. The system MDA will set this later anyway.
105	sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
106	sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
107
108	# Disable checking emails.
109	sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
110
111	# Comment out SU_NAME to work correctly with busybox
112	# See Bug#5359 and Bug#7173
113	sed -i 's:^SU_NAME:#SU_NAME:g' ${D}${sysconfdir}/login.defs
114
115	# Use proper encryption for passwords
116	sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
117
118}
119
120do_install:append() {
121	# Ensure that the image has as a /var/spool/mail dir so shadow can
122	# put mailboxes there if the user reconfigures shadow to its
123	# defaults (see sed below).
124	install -m 0775 -d ${D}${localstatedir}/spool/mail
125	chown root:mail ${D}${localstatedir}/spool/mail
126
127	if [ -e ${WORKDIR}/pam.d ]; then
128		install -d ${D}${sysconfdir}/pam.d/
129		install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
130		# Remove defaults that are not used when supporting PAM.
131		sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
132	fi
133
134	install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
135
136	# Move binaries to the locations we want
137	rm ${D}${sbindir}/vigr
138	ln -sf vipw.${BPN} ${D}${base_sbindir}/vigr
139	if [ "${sbindir}" != "${base_sbindir}" ]; then
140		mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw
141	fi
142	if [ "${bindir}" != "${base_bindir}" ]; then
143		mv ${D}${bindir}/login ${D}${base_bindir}/login
144		mv ${D}${bindir}/su ${D}${base_bindir}/su
145	fi
146
147	# Handle link properly after rename, otherwise missing files would
148	# lead rpm failed dependencies.
149	ln -sf newgrp.${BPN} ${D}${bindir}/sg
150}
151
152PACKAGES =+ "${PN}-base"
153FILES:${PN}-base = "\
154    ${base_bindir}/login.shadow \
155    ${base_bindir}/su.shadow \
156    ${bindir}/sg \
157    ${bindir}/newgrp.shadow \
158    ${bindir}/groups.shadow \
159    ${sysconfdir}/pam.d/login \
160    ${sysconfdir}/pam.d/su \
161    ${sysconfdir}/login.defs \
162"
163RDEPENDS:${PN} += "${PN}-base"
164
165inherit update-alternatives
166
167ALTERNATIVE_PRIORITY = "200"
168
169ALTERNATIVE:${PN} = "passwd chfn chsh chpasswd vipw vigr nologin"
170ALTERNATIVE_LINK_NAME[chfn] = "${bindir}/chfn"
171ALTERNATIVE_LINK_NAME[chsh] = "${bindir}/chsh"
172ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd"
173ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw"
174ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr"
175ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
176
177ALTERNATIVE:${PN}-base = "newgrp groups login su"
178ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
179ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
180
181PACKAGE_WRITE_DEPS += "shadow-native"
182pkg_postinst:${PN}:class-target () {
183	if [ "x$D" != "x" ]; then
184	  rootarg="--root $D"
185	else
186	  rootarg=""
187	fi
188
189	pwconv $rootarg || exit 1
190	grpconv $rootarg || exit 1
191}
192