1SUMMARY = "Tools to change and administer password and group data"
2HOMEPAGE = "http://pkg-shadow.alioth.debian.org"
3BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
4SECTION = "base/utils"
5LICENSE = "BSD | Artistic-1.0"
6LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
7                    file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661"
8
9DEPENDS = "virtual/crypt"
10
11SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
12           file://shadow-4.1.3-dots-in-usernames.patch \
13           file://usermod-fix-compilation-failure-with-subids-disabled.patch \
14           file://fix-installation-failure-with-subids-disabled.patch \
15           file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
16           file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
17           file://0001-useradd-copy-extended-attributes-of-home.patch \
18           file://0001-shadow-CVE-2017-12424 \
19           ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
20           "
21
22SRC_URI_append_class-target = " \
23           file://login_defs_pam.sed \
24           file://shadow-update-pam-conf.patch \
25           file://shadow-relaxed-usernames.patch \
26           "
27
28SRC_URI_append_class-native = " \
29           file://0001-Disable-use-of-syslog-for-sysroot.patch \
30           file://allow-for-setting-password-in-clear-text.patch \
31           file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
32           file://0001-useradd.c-create-parent-directories-when-necessary.patch \
33           "
34SRC_URI_append_class-nativesdk = " \
35           file://0001-Disable-use-of-syslog-for-sysroot.patch \
36           "
37
38SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8"
39SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41"
40
41# Additional Policy files for PAM
42PAM_SRC_URI = "file://pam.d/chfn \
43               file://pam.d/chpasswd \
44               file://pam.d/chsh \
45               file://pam.d/login \
46               file://pam.d/newusers \
47               file://pam.d/passwd \
48               file://pam.d/su"
49
50inherit autotools gettext
51
52EXTRA_OECONF += "--without-audit \
53                 --without-libcrack \
54                 --without-selinux \
55                 --with-group-name-max-length=24 \
56                 --enable-subordinate-ids=yes \
57                 ${NSCDOPT}"
58
59NSCDOPT = ""
60NSCDOPT_class-native = "--without-nscd"
61NSCDOPT_class-nativesdk = "--without-nscd"
62NSCDOPT_libc-glibc = "${@bb.utils.contains('DISTRO_FEATURES', 'libc-spawn', '--with-nscd', '--without-nscd', d)}"
63
64PAM_PLUGINS = "libpam-runtime \
65               pam-plugin-faildelay \
66               pam-plugin-securetty \
67               pam-plugin-nologin \
68               pam-plugin-env \
69               pam-plugin-group \
70               pam-plugin-limits \
71               pam-plugin-lastlog \
72               pam-plugin-motd \
73               pam-plugin-mail \
74               pam-plugin-shells \
75               pam-plugin-rootok"
76
77PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
78                   ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
79PACKAGECONFIG_class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}"
80PACKAGECONFIG_class-nativesdk = ""
81PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}"
82PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr"
83PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
84
85RDEPENDS_${PN} = "shadow-securetty \
86                  base-passwd \
87                  util-linux-sulogin"
88RDEPENDS_${PN}_class-native = ""
89RDEPENDS_${PN}_class-nativesdk = ""
90
91do_install() {
92	oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install
93
94	# Info dir listing isn't interesting at this point so remove it if it exists.
95	if [ -e "${D}${infodir}/dir" ]; then
96		rm -f ${D}${infodir}/dir
97	fi
98
99	# Enable CREATE_HOME by default.
100	sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
101
102	# As we are on an embedded system, ensure the users mailbox is in
103	# ~/ not /var/spool/mail by default, as who knows where or how big
104	# /var is. The system MDA will set this later anyway.
105	sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
106	sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
107
108	# Disable checking emails.
109	sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
110
111	# Comment out SU_NAME to work correctly with busybox
112	# See Bug#5359 and Bug#7173
113	sed -i 's:^SU_NAME:#SU_NAME:g' ${D}${sysconfdir}/login.defs
114
115	# Use proper encryption for passwords
116	sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
117
118	# Now we don't have a mail system. Disable mail creation for now.
119	sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
120	sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
121
122	# Use users group by default
123	sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd
124}
125
126do_install_append() {
127	# Ensure that the image has as a /var/spool/mail dir so shadow can
128	# put mailboxes there if the user reconfigures shadow to its
129	# defaults (see sed below).
130	install -d ${D}${localstatedir}/spool/mail
131
132	if [ -e ${WORKDIR}/pam.d ]; then
133		install -d ${D}${sysconfdir}/pam.d/
134		install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
135		# Remove defaults that are not used when supporting PAM.
136		sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
137	fi
138
139	install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
140
141	# Move binaries to the locations we want
142	rm ${D}${sbindir}/vigr
143	ln -sf vipw.${BPN} ${D}${base_sbindir}/vigr
144	if [ "${sbindir}" != "${base_sbindir}" ]; then
145		mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw
146	fi
147	if [ "${bindir}" != "${base_bindir}" ]; then
148		mv ${D}${bindir}/login ${D}${base_bindir}/login
149		mv ${D}${bindir}/su ${D}${base_bindir}/su
150	fi
151
152	# Handle link properly after rename, otherwise missing files would
153	# lead rpm failed dependencies.
154	ln -sf newgrp.${BPN} ${D}${bindir}/sg
155}
156
157PACKAGES =+ "${PN}-base"
158FILES_${PN}-base = "\
159    ${base_bindir}/login.shadow \
160    ${base_bindir}/su.shadow \
161    ${bindir}/sg \
162    ${bindir}/newgrp.shadow \
163    ${bindir}/groups.shadow \
164    ${sysconfdir}/pam.d/login \
165    ${sysconfdir}/pam.d/su \
166    ${sysconfdir}/login.defs \
167"
168RDEPENDS_${PN} += "${PN}-base"
169
170inherit update-alternatives
171
172ALTERNATIVE_PRIORITY = "200"
173
174ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr nologin"
175ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd"
176ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw"
177ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr"
178ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin"
179
180ALTERNATIVE_${PN}-base = "newgrp groups login su"
181ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
182ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
183
184ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8"
185ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
186ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
187ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
188ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1"
189ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8"
190
191PACKAGE_WRITE_DEPS += "shadow-native"
192pkg_postinst_${PN}_class-target () {
193	if [ "x$D" != "x" ]; then
194	  rootarg="--root $D"
195	else
196	  rootarg=""
197	fi
198
199	pwconv $rootarg || exit 1
200	grpconv $rootarg || exit 1
201}
202