slackware-current/source/a/shadow/shadow.SlackBuild
Patrick J Volkerding 7cde3ca9e7 Sat Feb 15 02:42:28 UTC 2020
a/kernel-generic-5.4.20-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.4.20-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.4.20-x86_64-1.txz:  Upgraded.
a/shadow-4.8.1-x86_64-3.txz:  Rebuilt.
a/util-linux-2.35.1-x86_64-3.txz:  Rebuilt.
d/kernel-headers-5.4.20-x86-1.txz:  Upgraded.
k/kernel-source-5.4.20-noarch-1.txz:  Upgraded.
l/ConsoleKit2-1.2.1-x86_64-2.txz:  Rebuilt.
l/dconf-editor-3.34.4-x86_64-1.txz:  Upgraded.
l/libxkbcommon-0.10.0-x86_64-1.txz:  Added.
l/openal-soft-1.19.1-x86_64-1.txz:  Added.
l/qt5-5.13.2-x86_64-1.txz:  Added.
  Thanks to alienBOB.
n/openssh-8.2p1-x86_64-1.txz:  Upgraded.
  Potentially incompatible changes:
  * ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted
    CASignatureAlgorithms list.
  * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
    from the default key exchange proposal for both the client and
    server.
  * ssh-keygen(1): the command-line options related to the generation
    and screening of safe prime numbers used by the
    diffie-hellman-group-exchange-* key exchange algorithms have
    changed. Most options have been folded under the -O flag.
  * sshd(8): the sshd listener process title visible to ps(1) has
    changed to include information about the number of connections that
    are currently attempting authentication and the limits configured
    by MaxStartups.
x/mesa-19.3.4-x86_64-2.txz:  Rebuilt.
  Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with
  an illegal instruction on some hardware.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz:  Rebuilt.
  Rebuilt with --disable-libcgmanager to fix setting limits on PAM.
  Thanks to gattocarlo.
testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz:  Upgraded.
testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz:  Rebuilt.
  Moved some of the /etc/pam.d/ file to the util-linux package where they
  more properly belong.
testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz:  Rebuilt.
  Added some /etc/pam.d/ files previously in the shadow package.
  Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them.
  Added /etc/pam.d/{runuser,runuser-l}.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
2020-02-15 08:59:47 +01:00

239 lines
7.4 KiB
Bash
Executable file

#!/bin/bash
# Copyright 2005-2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=shadow
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-3}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
TMP=${TMP:-/tmp}
PKG=$TMP/package-shadow
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf shadow-$VERSION
tar xvf $CWD/shadow-$VERSION.tar.xz || exit 1
cd shadow-$VERSION
# Choose correct options depending on whether PAM is installed:
if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
PAM_OPTIONS="--with-libpam"
unset SHADOW_OPTIONS
else
unset PAM_OPTIONS
SHADOW_OPTIONS="--enable-shadowgrp --without-libcrack"
fi
# Apply some patches taken from the svn trunk that
# fix some of the more serious bugs in 4.1.4.3:
for patch in $CWD/patches/*.diff.gz ; do
zcat $patch | patch -p0 --verbose || exit 1
done
# Relax the restrictions on "su -c" when it is used to become root.
# It's not likely that root is going to try to inject commands back into
# the user's shell to hack it, and the unnecessary restriction is causing
# breakage:
zcat $CWD/shadow.CVE-2005-4890.relax.diff.gz | patch -p1 --verbose || exit 1
# Even if gethostname() returns the FQDN (long hostname), just display the
# short version up to the first '.' on the login prompt:
zcat $CWD/shadow.login.display.short.hostname.diff.gz | patch -p1 --verbose || exit 1
# Add missing file:
if [ ! -r man/login.defs.d/HOME_MODE.xml ]; then
zcat $CWD/HOME_MODE.xml.gz > man/login.defs.d/HOME_MODE.xml
fi
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
if [ ! -r ./configure ]; then
./autogen.sh
fi
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
--sbindir=/usr/sbin \
--bindir=/usr/bin \
--sysconfdir=/etc \
--mandir=/usr/man \
--docdir=/usr/doc/shadow-$VERSION \
--enable-man \
--enable-subordinate-ids \
--disable-shared \
$SHADOW_OPTIONS \
$PAM_OPTIONS \
--build=$ARCH-slackware-linux
# --enable-utmpx # defaults to 'no'
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1
# Fix user group = 100:
zcat $CWD/useradd.gz > $PKG/etc/default/useradd
mv $PKG/etc/default/useradd $PKG/etc/default/useradd.new
# Put some stuff back in "old" locations and make symlinks for compat
mkdir -p $PKG/bin $PKG/sbin
( cd $PKG/usr/bin
mv groups ../../bin
mv login ../../bin
mv su ../../bin
mv faillog ../sbin
mv lastlog ../sbin
ln -s ../sbin/faillog
ln -s ../sbin/lastlog
)
mv $PKG/usr/sbin/nologin $PKG/sbin/nologin
if [ ! -z "$PAM_OPTIONS" ]; then
# Don't ship the login utilities. We'll be using the ones from util-linux:
for file in /bin/login /bin/su /sbin/runuser /usr/bin/chfn /usr/bin/chsh \
/usr/man/man1/chfn.1.gz /usr/man/man1/chsh.1.gz /usr/man/man1/login.1.gz \
/usr/man/man1/runuser.1.gz /usr/man/man1/su.1.gz \
/usr/share/bash-completion/completions/chfn \
/usr/share/bash-completion/completions/chsh \
/usr/share/bash-completion/completions/su ; do
rm -f $PKG${file}
done
# Install config files in /etc/pam.d/. We'll use our own copies... I'm not
# sure that I trust upstream enough to let them handle this stuff.
rm -rf $PKG/etc/pam.d
mkdir -p $PKG/etc/pam.d
for file in $CWD/pam.d/* ; do
cp -a ${file} $PKG/etc/pam.d/
done
# Ensure correct perms/ownership on files in /etc/pam.d/:
chown root:root $PKG/etc/pam.d/*
chmod 644 $PKG/etc/pam.d/*
# Don't clobber existing config files:
find $PKG/etc/pam.d -type f -exec mv {} {}.new \;
# Install a login.defs with unsurprising defaults:
rm -f $PKG/etc/login.defs
zcat $CWD/login.defs.pam.gz > $PKG/etc/login.defs.new
else # not using PAM
mv $PKG/etc/login.access $PKG/etc/login.access.new
# Install a login.defs with unsurprising defaults:
rm -f $PKG/etc/login.defs
zcat $CWD/login.defs.shadow.gz > $PKG/etc/login.defs.new
fi
# /bin/groups is provided by coreutils.
rm -f $PKG/bin/groups
find $PKG -name groups.1 -exec rm {} \+
# I don't think this works well enough to recommend it.
#mv $PKG/etc/limits $PKG/etc/limits.new
rm -f $PKG/etc/limits
# Add the friendly 'adduser' script:
cat $CWD/adduser > $PKG/usr/sbin/adduser
chmod 0755 $PKG/usr/sbin/adduser
# Add sulogin to the package:
cp -a src/sulogin $PKG/sbin
( cd $PKG/bin ; ln -s ../sbin/sulogin )
# Add the empty faillog log file:
mkdir -p $PKG/var/log
touch $PKG/var/log/faillog.new
# Use 4711 rather than 4755 permissions where setuid root is required:
find $PKG -type f -perm 4755 -exec chmod 4711 "{}" \+
# Compress and if needed symlink the man pages:
if [ -d $PKG/usr/man ]; then
( cd $PKG/usr/man
for manpagedir in $(find . -type d -name "man*") ; do
( cd $manpagedir
for eachpage in $( find . -type l -maxdepth 1) ; do
ln -s $( readlink $eachpage ).gz $eachpage.gz
rm $eachpage
done
gzip -9 *.?
)
done
)
fi
mkdir -p $PKG/usr/doc/shadow-$VERSION
cp -a \
COPYING* NEWS README* TODO doc/{README*,HOWTO,WISHLIST,*.txt} \
$PKG/usr/doc/shadow-$VERSION
# If there's a ChangeLog, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r ChangeLog ]; then
DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
touch -r ChangeLog $DOCSDIR/ChangeLog
fi
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz