summaryrefslogblamecommitdiffstats
path: root/source/a/pam/pam.SlackBuild
blob: 23aad8bc51f983a604a6f1e4cdfec86bac0c42af (plain) (tree)




























                                                                                              
                 






























































































                                                                                                                              






                                      
                                                   























                                                                                

                                                       

                                       
                                     



































































                                                                                                                   
#!/bin/sh
 
# Copyright 2010  Vincent Batts, vbatts@hashbangbash.com
# Copyright 2010, 2011  Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

cd $(dirname $0) ; CWD=$(pwd)

SRCNAM=Linux-PAM
PKGNAM=pam
PAMRHVER=${PAMRHVER:-$(echo pam-redhat-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1}

# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
  case "$( uname -m )" in
    i?86) export ARCH=i586 ;;
    arm*) export ARCH=arm ;;
    # Unless $ARCH is already set, use uname -m for all other archs:
       *) export ARCH=$( uname -m ) ;;
  esac
fi

# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
  exit 0
fi

NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}

if [ "$ARCH" = "i586" ]; then
  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
  SLKCFLAGS="-O2"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"
  LIBDIRSUFFIX="64"
else
  SLKCFLAGS="-O2"
  LIBDIRSUFFIX=""
fi

TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM

rm -rf $PKG
mkdir -p $TMP $PKG

cd $TMP
rm -rf $SRCNAM-$VERSION
tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
cd $SRCNAM-$VERSION || exit 1

chown -R root:root .
find . \
 \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
 -exec chmod 755 {} \+ -o \
 \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
 -exec chmod 644 {} \+

# Better take the Red Hat added modules and patches, because that's very
# likely to be the most standard as far as PAM goes:
tar xvf $CWD/pam-redhat-$PAMRHVER.tar.?z || exit 1
for file in CHANGELOG COPYING README ; do
  mv pam-redhat-$PAMRHVER/${file}* ./${file}.pam-redhat
done
mv pam-redhat-$PAMRHVER/* modules
zcat $CWD/fedora-patches/pam-1.3.1-redhat-modules.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-noflex.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.1.3-nouserenv.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.1.6-limits-user.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.1.8-full-relro.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.0-pwhistory-helper.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.0-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-coverity.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-yescrypt.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-no-fallback.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-motd-multiple-paths.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1
zcat $CWD/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1

# pam_tally2 removed in recent redhat-modules.patch, but we'll keep it
# for now since system-auth in the shadow package uses it. Perhaps see if
# pam_faillock can replace the usage there?
zcat $CWD/patches/pam.pam_tally2.slackware.diff.gz | patch -p1 --verbose || exit 1

# Upstream git patch to prevent pam_tally2 from doing an fsync()
# with every failed login. This can cause system slowdowns, especially
# on Internet-connected machines that may endure endless dictionary
# attacks.
zcat $CWD/patches/pam.pam_tally2.no.fsync.patch.gz | patch -p1 --verbose || exit 1

# Improve the comments in /etc/environment:
zcat $CWD/patches/pam.etc.environment.better.comments.diff.gz | patch -p1 --verbose || exit 1

autoreconf -ivf || exit 1

CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
  --prefix=/ \
  --libdir=/lib${LIBDIRSUFFIX} \
  --sysconfdir=/etc \
  --includedir=/usr/include/security \
  --enable-securedir=/lib${LIBDIRSUFFIX}/security \
  --datarootdir=/usr/share \
  --localstatedir=/var \
  --mandir=/usr/man \
  --docdir=/usr/doc/$PKGNAM-$VERSION \
  --disable-regenerate-docu \
  --disable-audit \
  --disable-prelude \
  --disable-rpath \
  --disable-selinux \
  --disable-static \
  --build=$ARCH-slackware-linux || exit 1

# Make these man pages or the build falls over later
xmlto man modules/pam_faillock/faillock.8.xml -o modules/pam_faillock/
xmlto man modules/pam_faillock/pam_faillock.8.xml -o modules/pam_faillock/
xmlto man modules/pam_pwhistory/pwhistory_helper.8.xml -o modules/pam_pwhistory/

make -C po update-gmo
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1

# Don't ship .la files:
rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la

# The ones in /lib${LIBDIRSUFFIX}/security can also go:
rm -f $PKG/lib${LIBDIRSUFFIX}/security/*.la

# Add extra symlinks added by pam.spec:
( cd $PKG/lib${LIBDIRSUFFIX}/security
  for type in acct auth passwd session ; do
    ln -sf pam_unix.so pam_unix_${type}.so
  done
)

# This is a pam helper that can only be called from pam
chown root:root $PKG/sbin/unix_chkpwd
chmod 6755 $PKG/sbin/unix_chkpwd

# This package can own the /etc/pam.d/ directory
mkdir -p $PKG/etc/pam.d

# Strip binaries:
( cd $PKG
  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)

# Don't clobber config files:
find $PKG/etc -type f -exec mv {} {}.new \;

# Compress and if needed symlink the man pages:
if [ -d $PKG/usr/man ]; then
  ( cd $PKG/usr/man
    for manpagedir in $(find . -type d -name "man*") ; do
      ( cd $manpagedir
        for eachpage in $( find . -type l -maxdepth 1) ; do
          ln -s $( readlink $eachpage ).gz $eachpage.gz
          rm $eachpage
        done
        gzip -9 *.?
      )
    done
  )
fi

mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a \
  AUTHORS COPYING* Copyright NEWS README* \
  $PKG/usr/doc/$PKGNAM-$VERSION

# If there's a ChangeLog, installing at least part of the recent history
# is useful, but don't let it get totally out of control:
if [ -r ChangeLog ]; then
  DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
  cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
  touch -r ChangeLog $DOCSDIR/ChangeLog
fi
if [ -r CHANGELOG ]; then
  DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
  cat CHANGELOG | head -n 1000 > $DOCSDIR/CHANGELOG
  touch -r CHANGELOG $DOCSDIR/CHANGELOG
fi
rm -f $PKG/usr/doc/$PKGNAM-$VERSION/index.html

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh

# Append config statements to the install/doinst.sh:
( cd $PKG
  for i in $(find etc -type f -name "*.new") ; do
    echo "config $i" >> $PKG/install/doinst.sh ; 
  done
)

cd $PKG
/sbin/makepkg -p -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz