diff options
-rw-r--r-- | .SRCINFO | 41 | ||||
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | PKGBUILD | 94 | ||||
-rw-r--r-- | lastlog.tmpfiles | 1 | ||||
-rw-r--r-- | login.defs | 4 | ||||
-rw-r--r-- | shadow-strncpy-usage.patch | 25 | ||||
-rw-r--r-- | shadow.install | 27 | ||||
-rw-r--r-- | shadow.service | 3 | ||||
-rw-r--r-- | useradd.defaults | 2 | ||||
-rw-r--r-- | xstrdup.patch | 9 |
10 files changed, 78 insertions, 129 deletions
@@ -1,20 +1,20 @@ pkgbase = shadow-relaxed - pkgdesc = The official Arch shadow package with Debian's 506_relaxed_usernames patch - pkgver = 4.4 - pkgrel = 3 + pkgdesc = The official Arch shadow package with Fedora's shadow-4.8-goodname.patch + pkgver = 4.8.1 + pkgrel = 4 url = https://github.com/shadow-maint/shadow install = shadow.install - arch = i686 arch = x86_64 - groups = base license = BSD - makedepends = git - makedepends = libxslt - makedepends = docbook-xsl - makedepends = gnome-doc-utils - depends = bash depends = pam depends = acl + depends = libacl.so + depends = audit + depends = libaudit.so + depends = libcap-ng + depends = libcap-ng.so + depends = libxcrypt + depends = libcrypt.so provides = shadow conflicts = shadow options = strip @@ -34,8 +34,9 @@ pkgbase = shadow-relaxed backup = etc/pam.d/chgpasswd backup = etc/pam.d/groupmems backup = etc/default/useradd - source = git+https://github.com/shadow-maint/shadow.git#tag=4.4 - source = 506_relaxed_usernames::https://anonscm.debian.org/git/pkg-shadow/shadow.git/plain/debian/patches/506_relaxed_usernames?id=f9176c3be3740a49b0c3372f6296e13604941f2f + source = https://github.com/shadow-maint/shadow/releases/download/4.8.1/shadow-4.8.1.tar.xz + source = https://github.com/shadow-maint/shadow/releases/download/4.8.1/shadow-4.8.1.tar.xz.asc + source = shadow-4.8-goodname.patch::https://src.fedoraproject.org/rpms/shadow-utils/raw/f33/f/shadow-4.8-goodname.patch source = LICENSE source = chgpasswd source = chpasswd @@ -46,25 +47,21 @@ pkgbase = shadow-relaxed source = shadow.timer source = shadow.service source = useradd.defaults - source = xstrdup.patch - source = shadow-strncpy-usage.patch - source = lastlog.tmpfiles validpgpkeys = D5C2F9BFCA128BBA22A77218872F702C4D6E25A8 + validpgpkeys = F1D08DB778185BF784002DFFE9FEEA06A85E3F9D + sha1sums = 63457a0ba58dc4e81b2663b839dc6c89d3343f12 sha1sums = SKIP - sha1sums = ed3d9cb0f03772d69274952f5912604444f44d4a + sha1sums = 3a26667844689c69a26fc964b798586f652d3df5 sha1sums = 33a6cf1e44a1410e5c9726c89e5de68b78f5f922 sha1sums = 4ad0e059406a305c8640ed30d93c2a1f62c2f4ad sha1sums = 12427b1ca92a9b85ca8202239f0d9f50198b818f sha1sums = 0e56fed7fc93572c6bf0d8f3b099166558bb46f1 - sha1sums = bb3509087947d08bfb6e5d1b5c033856b9146ad9 + sha1sums = 81a02eadb5f605fef5c75b6d8a03713a7041864b sha1sums = 12427b1ca92a9b85ca8202239f0d9f50198b818f sha1sums = 611be25d91c3f8f307c7fe2485d5f781e5dee75f sha1sums = a154a94b47a3d0c6c287253b98c0d10b861226d0 - sha1sums = 7372dfd8a3030bee4ec39c79bad4f9b9c6f8687a - sha1sums = 9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19 - sha1sums = 6010fffeed1fc6673ad9875492e1193b1a847b53 - sha1sums = 21e12966a6befb25ec123b403cd9b5c492fe5b16 - sha1sums = f57ecde3f72b4738fad75c097d19cf46a412350f + sha1sums = b5540736f5acbc23b568973eb5645604762db3dd + sha1sums = c173208c5cf34528602f9931468a67b7f68abad3 pkgname = shadow-relaxed diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 72e8ffc0db8a..000000000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -* @@ -1,27 +1,29 @@ -# Maintainer: Alec Larsen <aleclarsen42@gmail.com> +# Maintainer: Alec Larsen <hello@alec.ninja> +# Contributor: Dave Reisner <dreisner@archlinux.org> +# Contributor: Aaron Griffin <aaron@archlinux.org> pkgname=shadow-relaxed -pkgver=4.4 -pkgrel=3 -pkgdesc="The official Arch shadow package with Debian's 506_relaxed_usernames patch" -arch=('i686' 'x86_64') +pkgver=4.8.1 +pkgrel=4 +pkgdesc="The official Arch shadow package with Fedora's shadow-4.8-goodname.patch" +arch=('x86_64') url='https://github.com/shadow-maint/shadow' license=('BSD') -groups=('base') -depends=('bash' 'pam' 'acl') +# libcap-ng needed by install scriptlet for 'filecap' +depends=('pam' 'acl' 'libacl.so' 'audit' 'libaudit.so' 'libcap-ng' 'libcap-ng.so' + 'libxcrypt' 'libcrypt.so') conflicts=('shadow') provides=('shadow') -makedepends=('git' 'libxslt' 'docbook-xsl' 'gnome-doc-utils') backup=(etc/login.defs etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel} etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod} etc/pam.d/{chgpasswd,groupmems} etc/default/useradd) options=(strip debug) -install='shadow.install' -validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8') # Christian Perrier -source=("git+https://github.com/shadow-maint/shadow.git#tag=$pkgver" - "506_relaxed_usernames::https://anonscm.debian.org/git/pkg-shadow/shadow.git/plain/debian/patches/506_relaxed_usernames?id=f9176c3be3740a49b0c3372f6296e13604941f2f" +validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8' # Christian Perrier + 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D') # Serge Hallyn +source=("https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz"{,.asc} + "shadow-4.8-goodname.patch::https://src.fedoraproject.org/rpms/shadow-utils/raw/f33/f/shadow-4.8-goodname.patch" LICENSE chgpasswd chpasswd @@ -30,72 +32,47 @@ source=("git+https://github.com/shadow-maint/shadow.git#tag=$pkgver" newusers passwd shadow.{timer,service} - useradd.defaults - xstrdup.patch - shadow-strncpy-usage.patch - lastlog.tmpfiles) -sha1sums=('SKIP' - 'ed3d9cb0f03772d69274952f5912604444f44d4a' + useradd.defaults) +install=shadow.install +sha1sums=('63457a0ba58dc4e81b2663b839dc6c89d3343f12' + 'SKIP' + '3a26667844689c69a26fc964b798586f652d3df5' '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' '12427b1ca92a9b85ca8202239f0d9f50198b818f' '0e56fed7fc93572c6bf0d8f3b099166558bb46f1' - 'bb3509087947d08bfb6e5d1b5c033856b9146ad9' + '81a02eadb5f605fef5c75b6d8a03713a7041864b' '12427b1ca92a9b85ca8202239f0d9f50198b818f' '611be25d91c3f8f307c7fe2485d5f781e5dee75f' 'a154a94b47a3d0c6c287253b98c0d10b861226d0' - '7372dfd8a3030bee4ec39c79bad4f9b9c6f8687a' - '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' - '6010fffeed1fc6673ad9875492e1193b1a847b53' - '21e12966a6befb25ec123b403cd9b5c492fe5b16' - 'f57ecde3f72b4738fad75c097d19cf46a412350f') - -pkgver() { - cd "shadow" - - git describe -} - -prepare() { - cd "shadow" - - # need to offer these upstream - patch -Np1 <"$srcdir/xstrdup.patch" - patch -Np1 <"$srcdir/shadow-strncpy-usage.patch" - - # Fix regression in useradd not loading defaults properly. - git cherry-pick -n '507f96cdeb54079fb636c7ce21e371f7a16a520e' - - # apply Debian's 506_relaxed_usernames - patch -Np1 <"$srcdir/506_relaxed_usernames" - - autoreconf -v -f --install - - # supress etc/pam.d/*, we provide our own - sed -i '/^SUBDIRS/s/pam\.d//' etc/Makefile.in -} + 'b5540736f5acbc23b568973eb5645604762db3dd' + 'c173208c5cf34528602f9931468a67b7f68abad3') build() { - cd "shadow" + cd "shadow-$pkgver" + + # apply Fedora's shadow-utils/raw/f33/f/shadow-4.8-goodname.patch + patch -Np1 <"$srcdir/shadow-4.8-goodname.patch" + autoreconf -fsiv ./configure \ - LIBS="-lcrypt" \ --prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/bin \ --libdir=/usr/lib \ --mandir=/usr/share/man \ - --enable-man \ --sysconfdir=/etc \ + --disable-account-tools-setuid \ --with-libpam \ --with-group-name-max-length=32 \ + --with-audit \ --without-selinux make } package() { - cd "shadow" + cd "shadow-$pkgver" make DESTDIR="$pkgdir" install @@ -103,11 +80,11 @@ package() { install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE" # useradd defaults - install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd" + install -Dm600 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd" - # systemd timer + # systemd units install -D -m644 "$srcdir/shadow.timer" "$pkgdir/usr/lib/systemd/system/shadow.timer" - install -D -m644 "$srcdir/shadow.service" $pkgdir/usr/lib/systemd/system/shadow.service + install -D -m644 "$srcdir/shadow.service" "$pkgdir/usr/lib/systemd/system/shadow.service" install -d -m755 "$pkgdir/usr/lib/systemd/system/timers.target.wants" ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer" @@ -115,7 +92,7 @@ package() { install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" # PAM config - custom - install -dm755 "$pkgdir/etc/pam.d" + rm "$pkgdir/etc/pam.d"/* install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers} # PAM config - from tarball @@ -127,9 +104,6 @@ package() { install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file" done - # lastlog log file creation - install -Dm644 "$srcdir/lastlog.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/lastlog.conf" - # Remove evil/broken tools rm "$pkgdir"/usr/sbin/logoutd diff --git a/lastlog.tmpfiles b/lastlog.tmpfiles deleted file mode 100644 index 9c07b39f2e83..000000000000 --- a/lastlog.tmpfiles +++ /dev/null @@ -1 +0,0 @@ -f /var/log/lastlog 0644 root root diff --git a/login.defs b/login.defs index 5c888285b9e2..a0afbc1e9b68 100644 --- a/login.defs +++ b/login.defs @@ -81,8 +81,8 @@ HUSHLOGIN_FILE .hushlogin # *REQUIRED* The default PATH settings, for superuser and normal users. # # (they are minimal, add the rest in the shell startup files) -ENV_SUPATH PATH=/usr/bin -ENV_PATH PATH=/usr/bin +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin +ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin # # Terminal permissions diff --git a/shadow-strncpy-usage.patch b/shadow-strncpy-usage.patch deleted file mode 100644 index 5aba8fa01f94..000000000000 --- a/shadow-strncpy-usage.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c ---- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500 -+++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500 -@@ -182,7 +182,7 @@ - struct tm *tp; - - if (date < 0) { -- strncpy (buf, "never", maxsize); -+ strncpy (buf, "never", maxsize - 1); - } else { - time_t t = (time_t) date; - tp = gmtime (&t); -diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c ---- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500 -+++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500 -@@ -752,7 +752,8 @@ - _("%s login: "), hostn); - } else { - strncpy (loginprompt, _("login: "), -- sizeof (loginprompt)); -+ sizeof (loginprompt) - 1); -+ loginprompt[sizeof (loginprompt) - 1] = '\0'; - } - - retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); diff --git a/shadow.install b/shadow.install index 14384c3330e8..83d9ab7d3177 100644 --- a/shadow.install +++ b/shadow.install @@ -1,9 +1,22 @@ +setcaps() { + _setcap() { + if filecap "$1" "$2"; then + chmod -s "$1" + fi + } + + # shadow ships these as setuid, but if we can apply file caps, use those instead. + # 'filecap' insists on absolute paths + _setcap /usr/bin/newuidmap setuid + _setcap /usr/bin/newgidmap setgid +} + +post_install() { + setcaps +} + post_upgrade() { - grpck -r >/dev/null 2>&1 - if [ $? -eq 2 ]; then - printf '%s\n' \ - "==> Warning: /etc/group or /etc/gshadow are inconsistent." \ - " Run 'grpck' to correct this." - fi - return 0 + setcaps } + +# vim:set ts=2 sw=2 et: diff --git a/shadow.service b/shadow.service index 82da5c41d962..39025d90e1cb 100644 --- a/shadow.service +++ b/shadow.service @@ -4,7 +4,8 @@ After=systemd-sysusers.service [Service] Type=simple -ExecStart=/bin/sh -c '/usr/bin/pwck -r ; /usr/bin/grpck -r' +# Always run both checks, but fail the service if either fails +ExecStart=/bin/sh -c '/usr/bin/pwck -r || r=1; /usr/bin/grpck -r && exit $r' Nice=19 IOSchedulingClass=best-effort IOSchedulingPriority=7 diff --git a/useradd.defaults b/useradd.defaults index b800b17773e1..e07fe271ca3b 100644 --- a/useradd.defaults +++ b/useradd.defaults @@ -1,6 +1,6 @@ # useradd defaults file for ArchLinux # original changes by TomK -GROUP=100 +GROUP=users HOME=/home INACTIVE=-1 EXPIRE= diff --git a/xstrdup.patch b/xstrdup.patch deleted file mode 100644 index bce434264cd0..000000000000 --- a/xstrdup.patch +++ /dev/null @@ -1,9 +0,0 @@ ---- shadow-4.1.2.1/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500 -+++ shadow-4.1.2.1/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500 -@@ -61,5 +61,6 @@ - - char *xstrdup (const char *str) - { -+ if(str == NULL) return NULL; - return strcpy (xmalloc (strlen (str) + 1), str); - } |