From 04ebdce888955069ae2288597a2e50339eda3f4b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 8 May 2020 21:25:24 +0000 Subject: Fri May 8 21:25:24 UTC 2020 a/shadow-4.8.1-x86_64-6.txz: Rebuilt. Include manpages for sulogin(8). a/util-linux-2.35.1-x86_64-5.txz: Rebuilt. ap/sysstat-12.3.3-x86_64-1.txz: Upgraded. d/bison-3.6-x86_64-1.txz: Upgraded. l/jansson-2.13.1-x86_64-1.txz: Upgraded. n/NetworkManager-1.24.0-x86_64-1.txz: Upgraded. n/fetchmail-6.4.5-x86_64-1.txz: Upgraded. testing/packages/PAM/shadow-4.8.1-x86_64-6_pam.txz: Rebuilt. Include manpages for sulogin(8). Use this version of /bin/su. testing/packages/PAM/util-linux-2.35.1-x86_64-5_pam.txz: Rebuilt. Don't use this version of /bin/su. --- source/a/shadow/doinst.sh | 2 +- source/a/shadow/pam.d-su/su | 11 +++++++++ source/a/shadow/pam.d-su/su-l | 6 +++++ source/a/shadow/shadow.SlackBuild | 28 +++++++++++++++++----- source/a/sysvinit-scripts/scripts/rc.M | 5 ++++ .../a/sysvinit-scripts/sysvinit-scripts.SlackBuild | 2 +- source/a/util-linux/pam.d-su/su | 11 +++++++++ source/a/util-linux/pam.d-su/su-l | 6 +++++ source/a/util-linux/pam.d/su | 11 --------- source/a/util-linux/pam.d/su-l | 6 ----- source/a/util-linux/util-linux.SlackBuild | 28 +++++++++++++++++----- 11 files changed, 85 insertions(+), 31 deletions(-) create mode 100644 source/a/shadow/pam.d-su/su create mode 100644 source/a/shadow/pam.d-su/su-l create mode 100644 source/a/util-linux/pam.d-su/su create mode 100644 source/a/util-linux/pam.d-su/su-l delete mode 100644 source/a/util-linux/pam.d/su delete mode 100644 source/a/util-linux/pam.d/su-l (limited to 'source/a') diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh index 98c8a92c5..28d3a436e 100644 --- a/source/a/shadow/doinst.sh +++ b/source/a/shadow/doinst.sh @@ -34,7 +34,7 @@ rm -f var/log/faillog.new if [ -r etc/login.access.new ]; then config etc/login.access.new fi -for configfile in chage.new chgpasswd.new chpasswd.new groupadd.new groupdel.new groupmems.new groupmod.new newusers.new other.new passwd.new postlogin.new system-auth.new useradd.new userdel.new usermod.new ; do +for configfile in chage.new chgpasswd.new chpasswd.new groupadd.new groupdel.new groupmems.new groupmod.new newusers.new other.new passwd.new postlogin.new su.new su-l.new system-auth.new useradd.new userdel.new usermod.new ; do if [ -r etc/pam.d/$configfile ]; then config etc/pam.d/$configfile fi diff --git a/source/a/shadow/pam.d-su/su b/source/a/shadow/pam.d-su/su new file mode 100644 index 000000000..c28a252ad --- /dev/null +++ b/source/a/shadow/pam.d-su/su @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session optional pam_xauth.so diff --git a/source/a/shadow/pam.d-su/su-l b/source/a/shadow/pam.d-su/su-l new file mode 100644 index 000000000..654dc24ed --- /dev/null +++ b/source/a/shadow/pam.d-su/su-l @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild index bf399b27a..c7c33a836 100755 --- a/source/a/shadow/shadow.SlackBuild +++ b/source/a/shadow/shadow.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=shadow VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5} +BUILD=${BUILD:-6} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -74,9 +74,13 @@ cd shadow-$VERSION if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then PAM_OPTIONS="--with-libpam" unset SHADOW_OPTIONS + # By default, use the shadow version of /bin/su: + SHIP_SU=${SHIP_SU:-YES} else unset PAM_OPTIONS SHADOW_OPTIONS="--enable-shadowgrp --without-libcrack" + # By default, use the shadow version of /bin/su: + SHIP_SU=${SHIP_SU:-YES} fi # Apply some patches taken from the svn trunk that @@ -151,12 +155,9 @@ mv $PKG/usr/sbin/nologin $PKG/sbin/nologin if [ ! -z "$PAM_OPTIONS" ]; then # Don't ship the login utilities. We'll be using the ones from util-linux: - for file in /bin/login /bin/su /sbin/runuser /usr/bin/chfn /usr/bin/chsh \ + for file in /bin/login /sbin/runuser /usr/bin/chfn /usr/bin/chsh \ /usr/man/man1/chfn.1.gz /usr/man/man1/chsh.1.gz /usr/man/man1/login.1.gz \ - /usr/man/man1/runuser.1.gz /usr/man/man1/su.1.gz \ - /usr/share/bash-completion/completions/chfn \ - /usr/share/bash-completion/completions/chsh \ - /usr/share/bash-completion/completions/su ; do + /usr/man/man1/runuser.1.gz ; do rm -f $PKG${file} done # Install config files in /etc/pam.d/. We'll use our own copies... I'm not @@ -166,6 +167,9 @@ if [ ! -z "$PAM_OPTIONS" ]; then for file in $CWD/pam.d/* ; do cp -a ${file} $PKG/etc/pam.d/ done + if [ "$SHIP_SU" = "YES" ]; then + cp -a $CWD/pam.d-su/* $PKG/etc/pam.d/ + fi # Ensure correct perms/ownership on files in /etc/pam.d/: chown root:root $PKG/etc/pam.d/* chmod 644 $PKG/etc/pam.d/* @@ -181,6 +185,13 @@ else # not using PAM zcat $CWD/login.defs.shadow.gz > $PKG/etc/login.defs.new fi +# If we aren't using this version of su, remove the files: +if [ "$SHIP_SU" = "NO" ]; then + rm $PKG/bin/su + find $PKG/usr/man -name su.1 | xargs rm + find $PKG/usr/man -name suauth.5 | xargs rm +fi + # /bin/groups is provided by coreutils. rm -f $PKG/bin/groups find $PKG -name groups.1 -exec rm {} \+ @@ -196,6 +207,11 @@ chmod 0755 $PKG/usr/sbin/adduser # Add sulogin to the package: cp -a src/sulogin $PKG/sbin ( cd $PKG/bin ; ln -s ../sbin/sulogin ) +cp -a ./man/zh_CN/man8/sulogin.8 $PKG/usr/man/zh_CN/man8/sulogin.8 || exit 1 +cp -a ./man/ru/man8/sulogin.8 $PKG/usr/man/ru/man8/sulogin.8 || exit 1 +cp -a ./man/de/man8/sulogin.8 $PKG/usr/man/de/man8/sulogin.8 || exit 1 +cp -a ./man/ja/man8/sulogin.8 $PKG/usr/man/ja/man8/sulogin.8 || exit 1 +cp -a ./man/man8/sulogin.8 $PKG/usr/man/man8/sulogin.8 || exit 1 # Add the empty faillog log file: mkdir -p $PKG/var/log diff --git a/source/a/sysvinit-scripts/scripts/rc.M b/source/a/sysvinit-scripts/scripts/rc.M index c0424ebe9..b3490eb58 100644 --- a/source/a/sysvinit-scripts/scripts/rc.M +++ b/source/a/sysvinit-scripts/scripts/rc.M @@ -366,6 +366,11 @@ if [ -x /etc/rc.d/rc.openldap ]; then /etc/rc.d/rc.openldap start fi +# Start local LDAP name service daemon (from nss-pam-ldapd): +if [ -x /etc/rc.d/rc.nslcd ]; then + /etc/rc.d/rc.nslcd start +fi + # Start Dovecot: if [ -x /etc/rc.d/rc.dovecot ]; then /etc/rc.d/rc.dovecot start diff --git a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild index 3f69fb4b8..07249e8e8 100755 --- a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild +++ b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=sysvinit-scripts VERSION=${VERSION:-2.1} ARCH=noarch -BUILD=${BUILD:-30} +BUILD=${BUILD:-31} # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information diff --git a/source/a/util-linux/pam.d-su/su b/source/a/util-linux/pam.d-su/su new file mode 100644 index 000000000..c28a252ad --- /dev/null +++ b/source/a/util-linux/pam.d-su/su @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session optional pam_xauth.so diff --git a/source/a/util-linux/pam.d-su/su-l b/source/a/util-linux/pam.d-su/su-l new file mode 100644 index 000000000..654dc24ed --- /dev/null +++ b/source/a/util-linux/pam.d-su/su-l @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su diff --git a/source/a/util-linux/pam.d/su b/source/a/util-linux/pam.d/su deleted file mode 100644 index c28a252ad..000000000 --- a/source/a/util-linux/pam.d/su +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -# Uncomment the following line to implicitly trust users in the "wheel" group. -#auth sufficient pam_wheel.so trust use_uid -# Uncomment the following line to require a user to be in the "wheel" group. -#auth required pam_wheel.so use_uid -auth include system-auth -account include system-auth -password include system-auth -session include system-auth -session optional pam_xauth.so diff --git a/source/a/util-linux/pam.d/su-l b/source/a/util-linux/pam.d/su-l deleted file mode 100644 index 654dc24ed..000000000 --- a/source/a/util-linux/pam.d/su-l +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth include su -account include su -password include su -session optional pam_keyinit.so force revoke -session include su diff --git a/source/a/util-linux/util-linux.SlackBuild b/source/a/util-linux/util-linux.SlackBuild index 294a657c2..381c89d19 100755 --- a/source/a/util-linux/util-linux.SlackBuild +++ b/source/a/util-linux/util-linux.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=util-linux VERSION=${VERSION:-$(echo util-linux*.tar.xz | cut -d - -f 3 | rev | cut -f 3- -d . | rev)} -BUILD=${BUILD:-4} +BUILD=${BUILD:-5} ADJTIMEXVERS=1.29 SETSERIALVERS=2.17 @@ -85,23 +85,32 @@ find . \ # Choose correct options depending on whether PAM is installed: if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then LOGIN_OPTIONS="" - # Add su default file to ensure using ENV_SUPATH with 'su': - mkdir -p $PKG/etc/default - cp -a $CWD/su.default $PKG/etc/default/su.new - chown root:root $PKG/etc/default/su.new - chmod 644 $PKG/etc/default/su.new + # By default, don't use the util-linux version of /bin/su: + SHIP_SU=${SHIP_SU:-NO} # Add /etc/pam.d config files: rm -rf $PKG/etc/pam.d mkdir -p $PKG/etc/pam.d for file in $CWD/pam.d/* ; do cp -a ${file} $PKG/etc/pam.d/ done + if [ "$SHIP_SU" = "YES" ]; then + # Add su default file to ensure using ENV_SUPATH with 'su': + mkdir -p $PKG/etc/default + cp -a $CWD/su.default $PKG/etc/default/su.new + chown root:root $PKG/etc/default/su.new + chmod 644 $PKG/etc/default/su.new + # Add su /etc/pam.d files: + cp -a $CWD/pam.d-su/* $PKG/etc/pam.d/ + fi # Ensure correct perms/ownership on files in /etc/pam.d/: chown root:root $PKG/etc/pam.d/* chmod 644 $PKG/etc/pam.d/* # Don't clobber existing config files: find $PKG/etc/pam.d -type f -exec mv {} {}.new \; else + # Don't use the util-linux version of /bin/su. + # It can't be built without PAM anyway. + SHIP_SU=NO LOGIN_OPTIONS="--disable-login" fi @@ -181,6 +190,13 @@ make $NUMJOBS \ # Remove all overlap with the shadow package, since --disable-login doesn't quite do that: rm $PKG/sbin/nologin $PKG/usr/man/man8/nologin.8 $PKG/sbin/sulogin $PKG/usr/man/man8/sulogin.8 +# If we aren't shipping su, remove the files: +if [ "$SHIP_SU" = "NO" ]; then + rm -f $PKG/bin/su + rm -f $PKG/usr/man/man1/su.1 + rm -f $PKG/usr/share/bash-completion/completions/su +fi + # Move the libblkid, libfdisk, libmount, libsmartcols, and # libuuid libraries to /lib${LIBSUFFIX}: mkdir -p $PKG/lib${LIBDIRSUFFIX} -- cgit v1.2.3-65-gdbad