1SUMMARY = "Tools to change and administer password and group data" 2HOMEPAGE = "http://pkg-shadow.alioth.debian.org" 3BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" 4SECTION = "base/utils" 5LICENSE = "BSD | Artistic-1.0" 6LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ 7 file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661" 8 9DEPENDS = "virtual/crypt" 10 11SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ 12 file://shadow-4.1.3-dots-in-usernames.patch \ 13 file://usermod-fix-compilation-failure-with-subids-disabled.patch \ 14 file://fix-installation-failure-with-subids-disabled.patch \ 15 file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ 16 file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ 17 file://0001-useradd-copy-extended-attributes-of-home.patch \ 18 file://0001-shadow-CVE-2017-12424 \ 19 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ 20 " 21 22SRC_URI_append_class-target = " \ 23 file://login_defs_pam.sed \ 24 file://shadow-update-pam-conf.patch \ 25 file://shadow-relaxed-usernames.patch \ 26 " 27 28SRC_URI_append_class-native = " \ 29 file://0001-Disable-use-of-syslog-for-sysroot.patch \ 30 file://allow-for-setting-password-in-clear-text.patch \ 31 file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ 32 file://0001-useradd.c-create-parent-directories-when-necessary.patch \ 33 " 34SRC_URI_append_class-nativesdk = " \ 35 file://0001-Disable-use-of-syslog-for-sysroot.patch \ 36 " 37 38SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8" 39SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41" 40 41# Additional Policy files for PAM 42PAM_SRC_URI = "file://pam.d/chfn \ 43 file://pam.d/chpasswd \ 44 file://pam.d/chsh \ 45 file://pam.d/login \ 46 file://pam.d/newusers \ 47 file://pam.d/passwd \ 48 file://pam.d/su" 49 50inherit autotools gettext 51 52EXTRA_OECONF += "--without-audit \ 53 --without-libcrack \ 54 --without-selinux \ 55 --with-group-name-max-length=24 \ 56 --enable-subordinate-ids=yes \ 57 ${NSCDOPT}" 58 59NSCDOPT = "" 60NSCDOPT_class-native = "--without-nscd" 61NSCDOPT_class-nativesdk = "--without-nscd" 62NSCDOPT_libc-glibc = "${@bb.utils.contains('DISTRO_FEATURES', 'libc-spawn', '--with-nscd', '--without-nscd', d)}" 63 64PAM_PLUGINS = "libpam-runtime \ 65 pam-plugin-faildelay \ 66 pam-plugin-securetty \ 67 pam-plugin-nologin \ 68 pam-plugin-env \ 69 pam-plugin-group \ 70 pam-plugin-limits \ 71 pam-plugin-lastlog \ 72 pam-plugin-motd \ 73 pam-plugin-mail \ 74 pam-plugin-shells \ 75 pam-plugin-rootok" 76 77PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ 78 ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" 79PACKAGECONFIG_class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" 80PACKAGECONFIG_class-nativesdk = "" 81PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" 82PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" 83PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" 84 85RDEPENDS_${PN} = "shadow-securetty \ 86 base-passwd \ 87 util-linux-sulogin" 88RDEPENDS_${PN}_class-native = "" 89RDEPENDS_${PN}_class-nativesdk = "" 90 91do_install() { 92 oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install 93 94 # Info dir listing isn't interesting at this point so remove it if it exists. 95 if [ -e "${D}${infodir}/dir" ]; then 96 rm -f ${D}${infodir}/dir 97 fi 98 99 # Enable CREATE_HOME by default. 100 sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs 101 102 # As we are on an embedded system, ensure the users mailbox is in 103 # ~/ not /var/spool/mail by default, as who knows where or how big 104 # /var is. The system MDA will set this later anyway. 105 sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs 106 sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs 107 108 # Disable checking emails. 109 sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs 110 111 # Comment out SU_NAME to work correctly with busybox 112 # See Bug#5359 and Bug#7173 113 sed -i 's:^SU_NAME:#SU_NAME:g' ${D}${sysconfdir}/login.defs 114 115 # Use proper encryption for passwords 116 sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs 117 118 # Now we don't have a mail system. Disable mail creation for now. 119 sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd 120 sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd 121 122 # Use users group by default 123 sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd 124} 125 126do_install_append() { 127 # Ensure that the image has as a /var/spool/mail dir so shadow can 128 # put mailboxes there if the user reconfigures shadow to its 129 # defaults (see sed below). 130 install -d ${D}${localstatedir}/spool/mail 131 132 if [ -e ${WORKDIR}/pam.d ]; then 133 install -d ${D}${sysconfdir}/pam.d/ 134 install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ 135 # Remove defaults that are not used when supporting PAM. 136 sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs 137 fi 138 139 install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} 140 141 # Move binaries to the locations we want 142 rm ${D}${sbindir}/vigr 143 ln -sf vipw.${BPN} ${D}${base_sbindir}/vigr 144 if [ "${sbindir}" != "${base_sbindir}" ]; then 145 mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw 146 fi 147 if [ "${bindir}" != "${base_bindir}" ]; then 148 mv ${D}${bindir}/login ${D}${base_bindir}/login 149 mv ${D}${bindir}/su ${D}${base_bindir}/su 150 fi 151 152 # Handle link properly after rename, otherwise missing files would 153 # lead rpm failed dependencies. 154 ln -sf newgrp.${BPN} ${D}${bindir}/sg 155} 156 157PACKAGES =+ "${PN}-base" 158FILES_${PN}-base = "\ 159 ${base_bindir}/login.shadow \ 160 ${base_bindir}/su.shadow \ 161 ${bindir}/sg \ 162 ${bindir}/newgrp.shadow \ 163 ${bindir}/groups.shadow \ 164 ${sysconfdir}/pam.d/login \ 165 ${sysconfdir}/pam.d/su \ 166 ${sysconfdir}/login.defs \ 167" 168RDEPENDS_${PN} += "${PN}-base" 169 170inherit update-alternatives 171 172ALTERNATIVE_PRIORITY = "200" 173 174ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr nologin" 175ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" 176ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" 177ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" 178ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" 179 180ALTERNATIVE_${PN}-base = "newgrp groups login su" 181ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" 182ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" 183 184ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8" 185ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5" 186ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3" 187ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1" 188ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1" 189ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8" 190 191PACKAGE_WRITE_DEPS += "shadow-native" 192pkg_postinst_${PN}_class-target () { 193 if [ "x$D" != "x" ]; then 194 rootarg="--root $D" 195 else 196 rootarg="" 197 fi 198 199 pwconv $rootarg || exit 1 200 grpconv $rootarg || exit 1 201} 202