summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--PKGBUILD18
-rw-r--r--arch-policy.patch59
2 files changed, 62 insertions, 15 deletions
diff --git a/PKGBUILD b/PKGBUILD
index 7e9d2afac3a0..8610d07ae16b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -42,9 +42,9 @@ backup=("etc/adduser.conf" "etc/deluser.conf")
source=("https://salsa.debian.org/debian/adduser/-/archive/debian/${pkgver}/${_pkgname}-${pkgver}.tar.gz"
"arch-license-path.patch"
"arch-policy.patch")
-sha256sums=("3ce6de32bce048d12429d9431b36d8437c1934266475b6a9f5235b3dff54f918"
- "2bb01846f0f3206796a817aacc65bef7d216ef7e0a89132661abb4182f0ba7d6"
- "1cdd9db5dc7b112eb24d2527a08bfbde05fe25f239d36ac03dc0babeb0ba40c4")
+sha256sums=('3ce6de32bce048d12429d9431b36d8437c1934266475b6a9f5235b3dff54f918'
+ '2bb01846f0f3206796a817aacc65bef7d216ef7e0a89132661abb4182f0ba7d6'
+ 'dc39d3588a408ab9caf24bda5813a2ce832a41cc4852cd5f2a60924d0847eeab')
prepare() {
# Arch's UID/GID policy differs a little from Debian's. I've included a patch
@@ -52,16 +52,16 @@ prepare() {
# as well as the scripts themselves. These changes include the following:
# * Automatically chosen system user/group IDs start at 500 instead of 100
# * Automatically chosen regular user/group IDs end at 60000 instead of 59999
+ # * The regex defining which user names are allowed has been changed to
+ # `^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$` to match the Arch policy of "only lower
+ # and upper case letters, digits, underscores, or dashes" and "can end with
+ # a dollar sign". All other conditions seem to be covered by additional
+ # checks in `adduser` which cannot be customised by the user.
+ # * Arch does not automatically add non-system users to the `users` group
# Sources: useradd(8) and /etc/login.defs
# TODO: The translated manpages also need to be updated with the new default
# options. I've neglected this for now because all of the translations for
# adduser.conf(5) are currently rejected by `po4a` for being incomplete.
- # TODO: Improve user name regex. According to useradd(8) Arch allows
- # uppercase characters, underscores and numbers in the first character (but
- # not dashes). It may be sufficient to just remove the regex entirely as the
- # script includes additional non-configurable checks which seem to suffice.
- # TODO: That covers all of the policy differences I've noticed, but there may
- # be more that I didn't notice.
patch -Np0 -d . -i arch-policy.patch
# There are two problems with the output of `{add,del}user --version`. The
diff --git a/arch-policy.patch b/arch-policy.patch
index dd2124e7be9d..7af2225bfb89 100644
--- a/arch-policy.patch
+++ b/arch-policy.patch
@@ -1,6 +1,6 @@
diff '--color=auto' -rupN adduser-debian-3.131.orig/AdduserCommon.pm adduser-debian-3.131/AdduserCommon.pm
---- adduser-debian-3.131.orig/AdduserCommon.pm 2023-02-19 16:44:55.239704864 +1030
-+++ adduser-debian-3.131/AdduserCommon.pm 2023-02-19 21:37:36.388307790 +1030
+--- adduser-debian-3.131.orig/AdduserCommon.pm 2023-02-24 19:53:17.905070158 +1030
++++ adduser-debian-3.131/AdduserCommon.pm 2023-02-24 19:54:36.937701982 +1030
@@ -286,14 +286,14 @@ sub preseed_config {
backup => 0,
backup_to => ".",
@@ -20,9 +20,20 @@ diff '--color=auto' -rupN adduser-debian-3.131.orig/AdduserCommon.pm adduser-deb
dhome => "/home",
skel => "/etc/skel",
usergroups => "yes",
+@@ -306,8 +306,8 @@ sub preseed_config {
+ sys_dir_mode => "0755",
+ setgid_home => "no",
+ no_del_paths => "^/bin\$ ^/boot\$ ^/dev\$ ^/etc\$ ^/initrd ^/lib ^/lost+found\$ ^/media\$ ^/mnt\$ ^/opt\$ ^/proc\$ ^/root\$ ^/run\$ ^/sbin\$ ^/srv\$ ^/sys\$ ^/tmp\$ ^/usr\$ ^/var\$ ^/vmlinu",
+- name_regex => "^[a-z][a-z0-9_-]*\\\$?\$",
+- sys_name_regex => "^[a-z_][a-z0-9_-]*\\\$?\$",
++ name_regex => "^[a-zA-Z0-9_][a-zA-Z0-9_-]*\\\$?\$",
++ sys_name_regex => "^[a-zA-Z0-9_][a-zA-Z0-9_-]*\\\$?\$",
+ exclude_fstypes => "(proc|sysfs|usbfs|devpts|devtmpfs|devfs|afs)",
+ skel_ignore_regex => "\.(dpkg|ucf)-(old|new|dist)\$",
+ extra_groups => "users",
diff '--color=auto' -rupN adduser-debian-3.131.orig/adduser.conf adduser-debian-3.131/adduser.conf
---- adduser-debian-3.131.orig/adduser.conf 2023-02-19 16:44:55.239704864 +1030
-+++ adduser-debian-3.131/adduser.conf 2023-02-19 21:37:33.024856943 +1030
+--- adduser-debian-3.131.orig/adduser.conf 2023-02-24 19:53:17.908403602 +1030
++++ adduser-debian-3.131/adduser.conf 2023-02-24 19:55:05.871998859 +1030
@@ -21,21 +21,21 @@
# Specify inclusive ranges of UIDs and GIDs from which UIDs and GIDs
# for system users, system groups, non-system users and non-system groups
@@ -53,9 +64,27 @@ diff '--color=auto' -rupN adduser-debian-3.131.orig/adduser.conf adduser-debian-
# Specify a file or a directory containing UID and GID pool.
#UID_POOL=/etc/adduser-pool.conf
+@@ -71,13 +71,13 @@
+
+ # Non-system user- and groupnames are checked against this regular
+ # expression.
+-# Default: NAME_REGEX="^[a-z][-a-z0-9_]*\$?$"
+-#NAME_REGEX="^[a-z][-a-z0-9_]*\$?$"
++# Default: NAME_REGEX="^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$"
++#NAME_REGEX="^[a-zA-Z0-9][-a-zA-Z0-9_]*\$?$"
+
+ # System user- and groupnames are checked against this regular
+ # expression.
+-# Default: SYS_NAME_REGEX="^[a-z_][-a-z0-9_]*\$?$"
+-#SYS_NAME_REGEX="^[a-z_][-a-z0-9_]*\$?$"
++# Default: SYS_NAME_REGEX="^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$"
++#SYS_NAME_REGEX="^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$"
+
+ # When populating the newly created home directory of a non-system user,
+ # files in SKEL matching this regex are not copied.
diff '--color=auto' -rupN adduser-debian-3.131.orig/doc/adduser.conf.5 adduser-debian-3.131/doc/adduser.conf.5
---- adduser-debian-3.131.orig/doc/adduser.conf.5 2023-02-19 22:33:00.353721720 +1030
-+++ adduser-debian-3.131/doc/adduser.conf.5 2023-02-19 23:00:31.581333495 +1030
+--- adduser-debian-3.131.orig/doc/adduser.conf.5 2023-02-24 19:53:17.908403602 +1030
++++ adduser-debian-3.131/doc/adduser.conf.5 2023-02-24 19:56:31.554852252 +1030
@@ -62,17 +62,17 @@ Defaults to \fIusers\fP.
.B FIRST_SYSTEM_GID " and " LAST_SYSTEM_GID
specify an inclusive range of GIDs from which GIDs
@@ -86,3 +115,21 @@ diff '--color=auto' -rupN adduser-debian-3.131.orig/doc/adduser.conf.5 adduser-d
.TP
.B GID_POOL
See \fBUID_POOL\fP.
+@@ -113,7 +113,7 @@ user and group creation in \fBadduser\fR
+ unless \-\-allow\-bad\-names is set.
+ With \-\-allow\-bad\-names set,
+ weaker checks are performed.
+-Defaults to the most conservative \fI^[a\-z][\-a\-z0\-9_]*$\fP.
++Defaults to the Arch policy \fI^[a\-zA\-Z0\-9_][\-a\-zA\-Z0\-9_]*\\$?$\fP.
+ See \fBSYS_NAME_REGXEX\fP and \fBValid names\fP,
+ below, for more information.
+ .TP
+@@ -161,7 +161,7 @@ system user and group creation in adduse
+ unless \-\-allow\-bad\-names is set.
+ With \-\-allow\-bad\-names set,
+ weaker checks are performed.
+-Defaults to the most conservative \fI^[a\-z_][\-a\-z0\-9_]*$\fP.
++Defaults to the Arch policy \fI^[a\-zA\-Z0\-9_][\-a\-zA\-Z0\-9_]*\\$?$\fP.
+ See \fBNAME_REGEX\fP, above, and \fBValid names\fP,
+ below, for more information.
+ .TP