Update base and switch to Fedora patch

author: Alec Larsen 2020-12-22 02:55:11 -0800
committer: Alec Larsen 2020-12-22 02:57:53 -0800
commit: 65703ba2b298420b9f26d3de641a9e07afc07ae2 (patch)
tree: 69ca4ec88dda3eef3af1aedac815a2ca75f9f86f
parent: 136bb3ccf00766db4de850ef3215ec1bb7ba4360 (diff)
download: aur-65703ba2b298420b9f26d3de641a9e07afc07ae2.tar.gz
10 files changed, 78 insertions, 129 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 5485304d2eea..2e05a76d14f3 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,20 +1,20 @@
 pkgbase = shadow-relaxed
-	pkgdesc = The official Arch shadow package with Debian's 506_relaxed_usernames patch
-	pkgver = 4.4
-	pkgrel = 3
+	pkgdesc = The official Arch shadow package with Fedora's shadow-4.8-goodname.patch
+	pkgver = 4.8.1
+	pkgrel = 4
 	url = https://github.com/shadow-maint/shadow
 	install = shadow.install
-	arch = i686
 	arch = x86_64
-	groups = base
 	license = BSD
-	makedepends = git
-	makedepends = libxslt
-	makedepends = docbook-xsl
-	makedepends = gnome-doc-utils
-	depends = bash
 	depends = pam
 	depends = acl
+	depends = libacl.so
+	depends = audit
+	depends = libaudit.so
+	depends = libcap-ng
+	depends = libcap-ng.so
+	depends = libxcrypt
+	depends = libcrypt.so
 	provides = shadow
 	conflicts = shadow
 	options = strip
@@ -34,8 +34,9 @@ pkgbase = shadow-relaxed
 	backup = etc/pam.d/chgpasswd
 	backup = etc/pam.d/groupmems
 	backup = etc/default/useradd
-	source = git+https://github.com/shadow-maint/shadow.git#tag=4.4
-	source = 506_relaxed_usernames::https://anonscm.debian.org/git/pkg-shadow/shadow.git/plain/debian/patches/506_relaxed_usernames?id=f9176c3be3740a49b0c3372f6296e13604941f2f
+	source = https://github.com/shadow-maint/shadow/releases/download/4.8.1/shadow-4.8.1.tar.xz
+	source = https://github.com/shadow-maint/shadow/releases/download/4.8.1/shadow-4.8.1.tar.xz.asc
+	source = shadow-4.8-goodname.patch::https://src.fedoraproject.org/rpms/shadow-utils/raw/f33/f/shadow-4.8-goodname.patch
 	source = LICENSE
 	source = chgpasswd
 	source = chpasswd
@@ -46,25 +47,21 @@ pkgbase = shadow-relaxed
 	source = shadow.timer
 	source = shadow.service
 	source = useradd.defaults
-	source = xstrdup.patch
-	source = shadow-strncpy-usage.patch
-	source = lastlog.tmpfiles
 	validpgpkeys = D5C2F9BFCA128BBA22A77218872F702C4D6E25A8
+	validpgpkeys = F1D08DB778185BF784002DFFE9FEEA06A85E3F9D
+	sha1sums = 63457a0ba58dc4e81b2663b839dc6c89d3343f12
 	sha1sums = SKIP
-	sha1sums = ed3d9cb0f03772d69274952f5912604444f44d4a
+	sha1sums = 3a26667844689c69a26fc964b798586f652d3df5
 	sha1sums = 33a6cf1e44a1410e5c9726c89e5de68b78f5f922
 	sha1sums = 4ad0e059406a305c8640ed30d93c2a1f62c2f4ad
 	sha1sums = 12427b1ca92a9b85ca8202239f0d9f50198b818f
 	sha1sums = 0e56fed7fc93572c6bf0d8f3b099166558bb46f1
-	sha1sums = bb3509087947d08bfb6e5d1b5c033856b9146ad9
+	sha1sums = 81a02eadb5f605fef5c75b6d8a03713a7041864b
 	sha1sums = 12427b1ca92a9b85ca8202239f0d9f50198b818f
 	sha1sums = 611be25d91c3f8f307c7fe2485d5f781e5dee75f
 	sha1sums = a154a94b47a3d0c6c287253b98c0d10b861226d0
-	sha1sums = 7372dfd8a3030bee4ec39c79bad4f9b9c6f8687a
-	sha1sums = 9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19
-	sha1sums = 6010fffeed1fc6673ad9875492e1193b1a847b53
-	sha1sums = 21e12966a6befb25ec123b403cd9b5c492fe5b16
-	sha1sums = f57ecde3f72b4738fad75c097d19cf46a412350f
+	sha1sums = b5540736f5acbc23b568973eb5645604762db3dd
+	sha1sums = c173208c5cf34528602f9931468a67b7f68abad3
 
 pkgname = shadow-relaxed
 
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 72e8ffc0db8a..000000000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-*
diff --git a/PKGBUILD b/PKGBUILD
index 4260389d5332..63fe4f1bcd60 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,27 +1,29 @@
-# Maintainer: Alec Larsen <aleclarsen42@gmail.com>
+# Maintainer: Alec Larsen <hello@alec.ninja>
+# Contributor: Dave Reisner <dreisner@archlinux.org>
+# Contributor: Aaron Griffin <aaron@archlinux.org>
 
 pkgname=shadow-relaxed
-pkgver=4.4
-pkgrel=3
-pkgdesc="The official Arch shadow package with Debian's 506_relaxed_usernames patch"
-arch=('i686' 'x86_64')
+pkgver=4.8.1
+pkgrel=4
+pkgdesc="The official Arch shadow package with Fedora's shadow-4.8-goodname.patch"
+arch=('x86_64')
 url='https://github.com/shadow-maint/shadow'
 license=('BSD')
-groups=('base')
-depends=('bash' 'pam' 'acl')
+# libcap-ng needed by install scriptlet for 'filecap'
+depends=('pam' 'acl' 'libacl.so' 'audit' 'libaudit.so' 'libcap-ng' 'libcap-ng.so'
+         'libxcrypt' 'libcrypt.so')
 conflicts=('shadow')
 provides=('shadow')
-makedepends=('git' 'libxslt' 'docbook-xsl' 'gnome-doc-utils')
 backup=(etc/login.defs
         etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel}
         etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
         etc/pam.d/{chgpasswd,groupmems}
         etc/default/useradd)
 options=(strip debug)
-install='shadow.install'
-validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8')  # Christian Perrier
-source=("git+https://github.com/shadow-maint/shadow.git#tag=$pkgver"
-	"506_relaxed_usernames::https://anonscm.debian.org/git/pkg-shadow/shadow.git/plain/debian/patches/506_relaxed_usernames?id=f9176c3be3740a49b0c3372f6296e13604941f2f"
+validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8'   # Christian Perrier
+              'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D')  # Serge Hallyn
+source=("https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz"{,.asc}
+	"shadow-4.8-goodname.patch::https://src.fedoraproject.org/rpms/shadow-utils/raw/f33/f/shadow-4.8-goodname.patch"
         LICENSE
         chgpasswd
         chpasswd
@@ -30,72 +32,47 @@ source=("git+https://github.com/shadow-maint/shadow.git#tag=$pkgver"
         newusers
         passwd
         shadow.{timer,service}
-        useradd.defaults
-        xstrdup.patch
-        shadow-strncpy-usage.patch
-	lastlog.tmpfiles)
-sha1sums=('SKIP'
-          'ed3d9cb0f03772d69274952f5912604444f44d4a'
+        useradd.defaults)
+install=shadow.install
+sha1sums=('63457a0ba58dc4e81b2663b839dc6c89d3343f12'
+	  'SKIP'
+	  '3a26667844689c69a26fc964b798586f652d3df5'
           '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
           '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
           '12427b1ca92a9b85ca8202239f0d9f50198b818f'
           '0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
-          'bb3509087947d08bfb6e5d1b5c033856b9146ad9'
+          '81a02eadb5f605fef5c75b6d8a03713a7041864b'
           '12427b1ca92a9b85ca8202239f0d9f50198b818f'
           '611be25d91c3f8f307c7fe2485d5f781e5dee75f'
           'a154a94b47a3d0c6c287253b98c0d10b861226d0'
-          '7372dfd8a3030bee4ec39c79bad4f9b9c6f8687a'
-          '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
-          '6010fffeed1fc6673ad9875492e1193b1a847b53'
-          '21e12966a6befb25ec123b403cd9b5c492fe5b16'
-          'f57ecde3f72b4738fad75c097d19cf46a412350f')
-
-pkgver() {
-  cd "shadow"
-
-  git describe
-}
-
-prepare() {
-  cd "shadow"
-
-  # need to offer these upstream
-  patch -Np1 <"$srcdir/xstrdup.patch"
-  patch -Np1 <"$srcdir/shadow-strncpy-usage.patch"
-
-  # Fix regression in useradd not loading defaults properly.
-  git cherry-pick -n '507f96cdeb54079fb636c7ce21e371f7a16a520e'
-
-  # apply Debian's 506_relaxed_usernames
-  patch -Np1 <"$srcdir/506_relaxed_usernames"
-
-  autoreconf -v -f --install
-
-  # supress etc/pam.d/*, we provide our own
-  sed -i '/^SUBDIRS/s/pam\.d//' etc/Makefile.in
-}
+          'b5540736f5acbc23b568973eb5645604762db3dd'
+          'c173208c5cf34528602f9931468a67b7f68abad3')
 
 build() {
-  cd "shadow"
+  cd "shadow-$pkgver"
+
+  # apply Fedora's shadow-utils/raw/f33/f/shadow-4.8-goodname.patch
+  patch -Np1 <"$srcdir/shadow-4.8-goodname.patch"
 
+  autoreconf -fsiv
   ./configure \
-    LIBS="-lcrypt" \
     --prefix=/usr \
     --bindir=/usr/bin \
     --sbindir=/usr/bin \
     --libdir=/usr/lib \
     --mandir=/usr/share/man \
-    --enable-man \
     --sysconfdir=/etc \
+    --disable-account-tools-setuid \
     --with-libpam \
     --with-group-name-max-length=32 \
+    --with-audit \
     --without-selinux
 
   make
 }
 
 package() {
-  cd "shadow"
+  cd "shadow-$pkgver"
 
   make DESTDIR="$pkgdir" install
 
@@ -103,11 +80,11 @@ package() {
   install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE"
 
   # useradd defaults
-  install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd"
+  install -Dm600 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd"
 
-  # systemd timer
+  # systemd units
   install -D -m644 "$srcdir/shadow.timer" "$pkgdir/usr/lib/systemd/system/shadow.timer"
-  install -D -m644 "$srcdir/shadow.service" $pkgdir/usr/lib/systemd/system/shadow.service
+  install -D -m644 "$srcdir/shadow.service" "$pkgdir/usr/lib/systemd/system/shadow.service"
   install -d -m755 "$pkgdir/usr/lib/systemd/system/timers.target.wants"
   ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer"
 
@@ -115,7 +92,7 @@ package() {
   install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
 
   # PAM config - custom
-  install -dm755 "$pkgdir/etc/pam.d"
+  rm "$pkgdir/etc/pam.d"/*
   install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers}
 
   # PAM config - from tarball
@@ -127,9 +104,6 @@ package() {
     install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file"
   done
 
-  # lastlog log file creation
-  install -Dm644 "$srcdir/lastlog.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/lastlog.conf"
-
   # Remove evil/broken tools
   rm "$pkgdir"/usr/sbin/logoutd
 
diff --git a/lastlog.tmpfiles b/lastlog.tmpfiles
deleted file mode 100644
index 9c07b39f2e83..000000000000
--- a/lastlog.tmpfiles
+++ /dev/null
@@ -1 +0,0 @@
-f /var/log/lastlog 0644 root root
diff --git a/login.defs b/login.defs
index 5c888285b9e2..a0afbc1e9b68 100644
--- a/login.defs
+++ b/login.defs
@@ -81,8 +81,8 @@ HUSHLOGIN_FILE	.hushlogin
 # *REQUIRED*  The default PATH settings, for superuser and normal users.
 #
 # (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH	PATH=/usr/bin
-ENV_PATH	PATH=/usr/bin
+ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+ENV_PATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
 
 #
 # Terminal permissions
diff --git a/shadow-strncpy-usage.patch b/shadow-strncpy-usage.patch
deleted file mode 100644
index 5aba8fa01f94..000000000000
--- a/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c
---- shadow-4.1.5/src/usermod.c.orig	2012-02-13 08:19:43.792146449 -0500
-+++ shadow-4.1.5/src/usermod.c	2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- 	struct tm *tp;
- 
- 	if (date < 0) {
--		strncpy (buf, "never", maxsize);
-+		strncpy (buf, "never", maxsize - 1);
- 	} else {
- 		time_t t = (time_t) date;
- 		tp = gmtime (&t);
-diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c
---- shadow-4.1.5/src/login.c.orig	2012-02-13 08:19:50.951994454 -0500
-+++ shadow-4.1.5/src/login.c	2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- 			          _("%s login: "), hostn);
- 		} else {
- 			strncpy (loginprompt, _("login: "),
--			         sizeof (loginprompt));
-+			         sizeof (loginprompt) - 1);
-+			loginprompt[sizeof (loginprompt) - 1] = '\0';
- 		}
- 
- 		retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/shadow.install b/shadow.install
index 14384c3330e8..83d9ab7d3177 100644
--- a/shadow.install
+++ b/shadow.install
@@ -1,9 +1,22 @@
+setcaps() {
+  _setcap() {
+    if filecap "$1" "$2"; then
+      chmod -s "$1"
+    fi
+  }
+
+  # shadow ships these as setuid, but if we can apply file caps, use those instead.
+  # 'filecap' insists on absolute paths
+  _setcap /usr/bin/newuidmap setuid
+  _setcap /usr/bin/newgidmap setgid
+}
+
+post_install() {
+  setcaps
+}
+
 post_upgrade() {
-  grpck -r >/dev/null 2>&1
-  if [ $? -eq 2 ]; then
-    printf '%s\n' \
-      "==> Warning: /etc/group or /etc/gshadow are inconsistent." \
-      "    Run 'grpck' to correct this."
-  fi
-  return 0
+  setcaps
 }
+
+# vim:set ts=2 sw=2 et:
diff --git a/shadow.service b/shadow.service
index 82da5c41d962..39025d90e1cb 100644
--- a/shadow.service
+++ b/shadow.service
@@ -4,7 +4,8 @@ After=systemd-sysusers.service
 
 [Service]
 Type=simple
-ExecStart=/bin/sh -c '/usr/bin/pwck -r ; /usr/bin/grpck -r'
+# Always run both checks, but fail the service if either fails
+ExecStart=/bin/sh -c '/usr/bin/pwck -r || r=1; /usr/bin/grpck -r && exit $r'
 Nice=19
 IOSchedulingClass=best-effort
 IOSchedulingPriority=7
diff --git a/useradd.defaults b/useradd.defaults
index b800b17773e1..e07fe271ca3b 100644
--- a/useradd.defaults
+++ b/useradd.defaults
@@ -1,6 +1,6 @@
 # useradd defaults file for ArchLinux
 # original changes by TomK
-GROUP=100
+GROUP=users
 HOME=/home
 INACTIVE=-1
 EXPIRE=
diff --git a/xstrdup.patch b/xstrdup.patch
deleted file mode 100644
index bce434264cd0..000000000000
--- a/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- shadow-4.1.2.1/libmisc/xmalloc.c	2008-08-30 21:55:44.000000000 -0500
-+++ shadow-4.1.2.1/libmisc/xmalloc.c.new	2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
- 
- char *xstrdup (const char *str)
- {
-+	if(str == NULL) return NULL;
- 	return strcpy (xmalloc (strlen (str) + 1), str);
- }
author	Alec Larsen	2020-12-22 02:55:11 -0800
committer	Alec Larsen	2020-12-22 02:57:53 -0800
commit	65703ba2b298420b9f26d3de641a9e07afc07ae2 (patch)
tree	69ca4ec88dda3eef3af1aedac815a2ca75f9f86f
parent	136bb3ccf00766db4de850ef3215ec1bb7ba4360 (diff)
download	aur-65703ba2b298420b9f26d3de641a9e07afc07ae2.tar.gz