diff options
-rw-r--r-- | .SRCINFO | 26 | ||||
-rw-r--r-- | PKGBUILD | 60 | ||||
-rw-r--r-- | system-auth | 7 | ||||
-rw-r--r-- | system-login | 3 |
4 files changed, 57 insertions, 39 deletions
@@ -1,13 +1,13 @@ pkgbase = pambase-selinux pkgdesc = SELinux aware base PAM configuration for services - pkgver = 20211111 + pkgver = 20230918 pkgrel = 1 url = https://www.archlinux.org arch = any groups = selinux - license = GPL - provides = pambase=20211111-1 - provides = selinux-pambase=20211111-1 + license = GPL-3.0-or-later + provides = pambase=20230918-1 + provides = selinux-pambase=20230918-1 conflicts = pambase conflicts = selinux-pambase conflicts = pam-selinux<1.4.0 @@ -23,11 +23,17 @@ pkgbase = pambase-selinux source = system-remote-login source = system-services source = other - sha256sums = e9aedc66bfe06aa0e62e4539525b23dcdf98e373e6930a2a8b2be06045355fee - sha256sums = 005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9 - sha256sums = faa98a6c4c501d34709f46081f73f110473e93183ecebf21070c7590a4045d80 - sha256sums = 005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9 - sha256sums = 6eb1acdd3fa9f71a7f93fbd529be57ea65bcafc6e3a98a06af4d88013fc6a567 - sha256sums = d5ed59ec2157c19c87964a162f7ca84d53c19fb2bd68d3fbc1671ba8d906346f + sha512sums = af25e6428930c3e915d9052d091f8bd5db050bcc4f07eb05fe84c101589d2817ad4fbd1471a7ab5da366e89f9bdab8e2113b3932bd4bfe888a1301f027b2ae1a + sha512sums = 83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1 + sha512sums = 14207afee8b3f286ef3676fc925f75f110e42d8461771ddcaff483a4b29df3b7d4eafa7b7d869bc31872fca1efc76434f54f8ed01303574eebd8ff39a839b644 + sha512sums = 83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1 + sha512sums = 5c2947f8644803783d19cc97ddc19fdaa234dac41a939edd32c9452e78bb2a4751bceeb4737d0791fb122ca932b8b941aab869b6dec3146bf90e94517d31724a + sha512sums = df554f70f017dd3f6023a3c62b95d19123eaf41c08deaac0c4bc343fcce6eeefcf468910f7cb9ba58ee2846abb88091d18d718eb0228e38f6ce26ebced94c407 + b2sums = 189fb86628a959e53512e16ac506b4e925d0005f4cd19289f23c0c7c70ac961f7750f784ae3d7948d0d3320813af1ad53044f8f763c66fd4a1e403f2e8e7bd0c + b2sums = 900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6 + b2sums = 55c606bf9dc6410606a6046b3520848b79260ba35e95990a81d0f539e234ad63aeec1ea157e25fbf86d2b3350b0cfe414ed96ca3c37b5f2f7478f15deee787d9 + b2sums = 900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6 + b2sums = e11e8959c961036a384016096f0fce0696d8a3ecc63d0d12d8016cc7c27a7afc80f8580ab639c97360aed0d49af3159462d85260b4404b9d65963f440eb77243 + b2sums = 3de32ccd196fecaf0a3cce8e61867f93f85fff651044519d8521a28d9f8d6ddaf51f3e30eac4979884c505f9f52d01f458e5bccc5d5adc4f1d7d372068dd02da pkgname = pambase-selinux @@ -1,4 +1,5 @@ -# Maintainer: Dave Reisner <dreisner@archlinux.org> +# Maintainer: David Runge <dvzrv@archlinux.org> +# Contributor: Dave Reisner <dreisner@archlinux.org> # SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org) # SELinux Contributor: Timothée Ravier <tim@siosm.fr> # SELinux Contributor: Nicky726 (Nicky726 <at> gmail <dot> com) @@ -7,38 +8,47 @@ # If you want to help keep it up to date, please open a Pull Request there. pkgname=pambase-selinux -pkgver=20211111 +pkgver=20230918 pkgrel=1 pkgdesc="SELinux aware base PAM configuration for services" -arch=('any') +arch=(any) url="https://www.archlinux.org" -license=('GPL') -groups=('selinux') +license=(GPL-3.0-or-later) +groups=(selinux) conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}" 'pam-selinux<1.4.0') provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") -source=('system-auth' - 'system-local-login' - 'system-login' - 'system-remote-login' - 'system-services' - 'other') -backup=('etc/pam.d/system-auth' - 'etc/pam.d/system-local-login' - 'etc/pam.d/system-login' - 'etc/pam.d/system-remote-login' - 'etc/pam.d/system-services' - 'etc/pam.d/other') -sha256sums=('e9aedc66bfe06aa0e62e4539525b23dcdf98e373e6930a2a8b2be06045355fee' - '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9' - 'faa98a6c4c501d34709f46081f73f110473e93183ecebf21070c7590a4045d80' - '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9' - '6eb1acdd3fa9f71a7f93fbd529be57ea65bcafc6e3a98a06af4d88013fc6a567' - 'd5ed59ec2157c19c87964a162f7ca84d53c19fb2bd68d3fbc1671ba8d906346f') +backup=( + etc/pam.d/system-auth + etc/pam.d/system-local-login + etc/pam.d/system-login + etc/pam.d/system-remote-login + etc/pam.d/system-services + etc/pam.d/other +) +source=( + system-auth + system-local-login + system-login + system-remote-login + system-services + other +) +sha512sums=('af25e6428930c3e915d9052d091f8bd5db050bcc4f07eb05fe84c101589d2817ad4fbd1471a7ab5da366e89f9bdab8e2113b3932bd4bfe888a1301f027b2ae1a' + '83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1' + '14207afee8b3f286ef3676fc925f75f110e42d8461771ddcaff483a4b29df3b7d4eafa7b7d869bc31872fca1efc76434f54f8ed01303574eebd8ff39a839b644' + '83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1' + '5c2947f8644803783d19cc97ddc19fdaa234dac41a939edd32c9452e78bb2a4751bceeb4737d0791fb122ca932b8b941aab869b6dec3146bf90e94517d31724a' + 'df554f70f017dd3f6023a3c62b95d19123eaf41c08deaac0c4bc343fcce6eeefcf468910f7cb9ba58ee2846abb88091d18d718eb0228e38f6ce26ebced94c407') +b2sums=('189fb86628a959e53512e16ac506b4e925d0005f4cd19289f23c0c7c70ac961f7750f784ae3d7948d0d3320813af1ad53044f8f763c66fd4a1e403f2e8e7bd0c' + '900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6' + '55c606bf9dc6410606a6046b3520848b79260ba35e95990a81d0f539e234ad63aeec1ea157e25fbf86d2b3350b0cfe414ed96ca3c37b5f2f7478f15deee787d9' + '900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6' + 'e11e8959c961036a384016096f0fce0696d8a3ecc63d0d12d8016cc7c27a7afc80f8580ab639c97360aed0d49af3159462d85260b4404b9d65963f440eb77243' + '3de32ccd196fecaf0a3cce8e61867f93f85fff651044519d8521a28d9f8d6ddaf51f3e30eac4979884c505f9f52d01f458e5bccc5d5adc4f1d7d372068dd02da') package() { - install -dm755 "$pkgdir/etc/pam.d" - install -m644 -t "$pkgdir/etc/pam.d" "${source[@]}" + install -vDm 644 "${source[@]}" -t "$pkgdir/etc/pam.d/" } # vim:set ts=2 sw=2 et: diff --git a/system-auth b/system-auth index 240a244df9a1..5785ce8acbcf 100644 --- a/system-auth +++ b/system-auth @@ -3,8 +3,8 @@ auth required pam_faillock.so preauth # Optionally use requisite above if you do not want to prompt for the password # on locked accounts. -auth [success=2 default=ignore] pam_unix.so try_first_pass nullok --auth [success=1 default=ignore] pam_systemd_home.so +-auth [success=2 default=ignore] pam_systemd_home.so +auth [success=1 default=bad] pam_unix.so try_first_pass nullok auth [default=die] pam_faillock.so authfail auth optional pam_permit.so auth required pam_env.so @@ -18,9 +18,10 @@ account optional pam_permit.so account required pam_time.so -password [success=1 default=ignore] pam_systemd_home.so -password required pam_unix.so try_first_pass nullok shadow sha512 +password required pam_unix.so try_first_pass nullok shadow password optional pam_permit.so +-session optional pam_systemd_home.so session required pam_limits.so session required pam_unix.so session optional pam_permit.so diff --git a/system-login b/system-login index 8bc1a9816c45..492365e350e5 100644 --- a/system-login +++ b/system-login @@ -19,5 +19,6 @@ session include system-auth session required pam_selinux.so open session optional pam_motd.so session optional pam_mail.so dir=/var/spool/mail standard quiet +session optional pam_umask.so -session optional pam_systemd.so -session required pam_env.so user_readenv=1 +session required pam_env.so |