diff options
-rw-r--r-- | PKGBUILD | 18 | ||||
-rw-r--r-- | arch-policy.patch | 59 |
2 files changed, 62 insertions, 15 deletions
@@ -42,9 +42,9 @@ backup=("etc/adduser.conf" "etc/deluser.conf") source=("https://salsa.debian.org/debian/adduser/-/archive/debian/${pkgver}/${_pkgname}-${pkgver}.tar.gz" "arch-license-path.patch" "arch-policy.patch") -sha256sums=("3ce6de32bce048d12429d9431b36d8437c1934266475b6a9f5235b3dff54f918" - "2bb01846f0f3206796a817aacc65bef7d216ef7e0a89132661abb4182f0ba7d6" - "1cdd9db5dc7b112eb24d2527a08bfbde05fe25f239d36ac03dc0babeb0ba40c4") +sha256sums=('3ce6de32bce048d12429d9431b36d8437c1934266475b6a9f5235b3dff54f918' + '2bb01846f0f3206796a817aacc65bef7d216ef7e0a89132661abb4182f0ba7d6' + 'dc39d3588a408ab9caf24bda5813a2ce832a41cc4852cd5f2a60924d0847eeab') prepare() { # Arch's UID/GID policy differs a little from Debian's. I've included a patch @@ -52,16 +52,16 @@ prepare() { # as well as the scripts themselves. These changes include the following: # * Automatically chosen system user/group IDs start at 500 instead of 100 # * Automatically chosen regular user/group IDs end at 60000 instead of 59999 + # * The regex defining which user names are allowed has been changed to + # `^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$` to match the Arch policy of "only lower + # and upper case letters, digits, underscores, or dashes" and "can end with + # a dollar sign". All other conditions seem to be covered by additional + # checks in `adduser` which cannot be customised by the user. + # * Arch does not automatically add non-system users to the `users` group # Sources: useradd(8) and /etc/login.defs # TODO: The translated manpages also need to be updated with the new default # options. I've neglected this for now because all of the translations for # adduser.conf(5) are currently rejected by `po4a` for being incomplete. - # TODO: Improve user name regex. According to useradd(8) Arch allows - # uppercase characters, underscores and numbers in the first character (but - # not dashes). It may be sufficient to just remove the regex entirely as the - # script includes additional non-configurable checks which seem to suffice. - # TODO: That covers all of the policy differences I've noticed, but there may - # be more that I didn't notice. patch -Np0 -d . -i arch-policy.patch # There are two problems with the output of `{add,del}user --version`. The diff --git a/arch-policy.patch b/arch-policy.patch index dd2124e7be9d..7af2225bfb89 100644 --- a/arch-policy.patch +++ b/arch-policy.patch @@ -1,6 +1,6 @@ diff '--color=auto' -rupN adduser-debian-3.131.orig/AdduserCommon.pm adduser-debian-3.131/AdduserCommon.pm ---- adduser-debian-3.131.orig/AdduserCommon.pm 2023-02-19 16:44:55.239704864 +1030 -+++ adduser-debian-3.131/AdduserCommon.pm 2023-02-19 21:37:36.388307790 +1030 +--- adduser-debian-3.131.orig/AdduserCommon.pm 2023-02-24 19:53:17.905070158 +1030 ++++ adduser-debian-3.131/AdduserCommon.pm 2023-02-24 19:54:36.937701982 +1030 @@ -286,14 +286,14 @@ sub preseed_config { backup => 0, backup_to => ".", @@ -20,9 +20,20 @@ diff '--color=auto' -rupN adduser-debian-3.131.orig/AdduserCommon.pm adduser-deb dhome => "/home", skel => "/etc/skel", usergroups => "yes", +@@ -306,8 +306,8 @@ sub preseed_config { + sys_dir_mode => "0755", + setgid_home => "no", + no_del_paths => "^/bin\$ ^/boot\$ ^/dev\$ ^/etc\$ ^/initrd ^/lib ^/lost+found\$ ^/media\$ ^/mnt\$ ^/opt\$ ^/proc\$ ^/root\$ ^/run\$ ^/sbin\$ ^/srv\$ ^/sys\$ ^/tmp\$ ^/usr\$ ^/var\$ ^/vmlinu", +- name_regex => "^[a-z][a-z0-9_-]*\\\$?\$", +- sys_name_regex => "^[a-z_][a-z0-9_-]*\\\$?\$", ++ name_regex => "^[a-zA-Z0-9_][a-zA-Z0-9_-]*\\\$?\$", ++ sys_name_regex => "^[a-zA-Z0-9_][a-zA-Z0-9_-]*\\\$?\$", + exclude_fstypes => "(proc|sysfs|usbfs|devpts|devtmpfs|devfs|afs)", + skel_ignore_regex => "\.(dpkg|ucf)-(old|new|dist)\$", + extra_groups => "users", diff '--color=auto' -rupN adduser-debian-3.131.orig/adduser.conf adduser-debian-3.131/adduser.conf ---- adduser-debian-3.131.orig/adduser.conf 2023-02-19 16:44:55.239704864 +1030 -+++ adduser-debian-3.131/adduser.conf 2023-02-19 21:37:33.024856943 +1030 +--- adduser-debian-3.131.orig/adduser.conf 2023-02-24 19:53:17.908403602 +1030 ++++ adduser-debian-3.131/adduser.conf 2023-02-24 19:55:05.871998859 +1030 @@ -21,21 +21,21 @@ # Specify inclusive ranges of UIDs and GIDs from which UIDs and GIDs # for system users, system groups, non-system users and non-system groups @@ -53,9 +64,27 @@ diff '--color=auto' -rupN adduser-debian-3.131.orig/adduser.conf adduser-debian- # Specify a file or a directory containing UID and GID pool. #UID_POOL=/etc/adduser-pool.conf +@@ -71,13 +71,13 @@ + + # Non-system user- and groupnames are checked against this regular + # expression. +-# Default: NAME_REGEX="^[a-z][-a-z0-9_]*\$?$" +-#NAME_REGEX="^[a-z][-a-z0-9_]*\$?$" ++# Default: NAME_REGEX="^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$" ++#NAME_REGEX="^[a-zA-Z0-9][-a-zA-Z0-9_]*\$?$" + + # System user- and groupnames are checked against this regular + # expression. +-# Default: SYS_NAME_REGEX="^[a-z_][-a-z0-9_]*\$?$" +-#SYS_NAME_REGEX="^[a-z_][-a-z0-9_]*\$?$" ++# Default: SYS_NAME_REGEX="^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$" ++#SYS_NAME_REGEX="^[a-zA-Z0-9_][-a-zA-Z0-9_]*\$?$" + + # When populating the newly created home directory of a non-system user, + # files in SKEL matching this regex are not copied. diff '--color=auto' -rupN adduser-debian-3.131.orig/doc/adduser.conf.5 adduser-debian-3.131/doc/adduser.conf.5 ---- adduser-debian-3.131.orig/doc/adduser.conf.5 2023-02-19 22:33:00.353721720 +1030 -+++ adduser-debian-3.131/doc/adduser.conf.5 2023-02-19 23:00:31.581333495 +1030 +--- adduser-debian-3.131.orig/doc/adduser.conf.5 2023-02-24 19:53:17.908403602 +1030 ++++ adduser-debian-3.131/doc/adduser.conf.5 2023-02-24 19:56:31.554852252 +1030 @@ -62,17 +62,17 @@ Defaults to \fIusers\fP. .B FIRST_SYSTEM_GID " and " LAST_SYSTEM_GID specify an inclusive range of GIDs from which GIDs @@ -86,3 +115,21 @@ diff '--color=auto' -rupN adduser-debian-3.131.orig/doc/adduser.conf.5 adduser-d .TP .B GID_POOL See \fBUID_POOL\fP. +@@ -113,7 +113,7 @@ user and group creation in \fBadduser\fR + unless \-\-allow\-bad\-names is set. + With \-\-allow\-bad\-names set, + weaker checks are performed. +-Defaults to the most conservative \fI^[a\-z][\-a\-z0\-9_]*$\fP. ++Defaults to the Arch policy \fI^[a\-zA\-Z0\-9_][\-a\-zA\-Z0\-9_]*\\$?$\fP. + See \fBSYS_NAME_REGXEX\fP and \fBValid names\fP, + below, for more information. + .TP +@@ -161,7 +161,7 @@ system user and group creation in adduse + unless \-\-allow\-bad\-names is set. + With \-\-allow\-bad\-names set, + weaker checks are performed. +-Defaults to the most conservative \fI^[a\-z_][\-a\-z0\-9_]*$\fP. ++Defaults to the Arch policy \fI^[a\-zA\-Z0\-9_][\-a\-zA\-Z0\-9_]*\\$?$\fP. + See \fBNAME_REGEX\fP, above, and \fBValid names\fP, + below, for more information. + .TP |