From a7b82788a9dc902d5a66b7223d44c189f4c72ddc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Diego=20Elio=20Petten=C3=B2?= Date: Sun, 12 Mar 2006 23:47:08 +0000 Subject: [PATCH] Merge pam-login back into shadow, as 4.x version was already being used; this means that upgrade from 4.0.14-r1 requires to remove pam-login before. Package-Manager: portage-2.1_pre6-r1 --- sys-apps/shadow/ChangeLog | 9 +- sys-apps/shadow/Manifest | 24 +- sys-apps/shadow/files/digest-shadow-4.0.14-r2 | 3 + sys-apps/shadow/files/login.defs | 212 ++++++++++++++ sys-apps/shadow/files/login.pamd | 30 ++ sys-apps/shadow/shadow-4.0.14-r2.ebuild | 261 ++++++++++++++++++ 6 files changed, 532 insertions(+), 7 deletions(-) create mode 100644 sys-apps/shadow/files/digest-shadow-4.0.14-r2 create mode 100644 sys-apps/shadow/files/login.defs create mode 100644 sys-apps/shadow/files/login.pamd create mode 100644 sys-apps/shadow/shadow-4.0.14-r2.ebuild diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog index 323eb29ec073..b57e9fadc18b 100644 --- a/sys-apps/shadow/ChangeLog +++ b/sys-apps/shadow/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/shadow # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.130 2006/03/11 07:44:02 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.131 2006/03/12 23:47:08 flameeyes Exp $ + +*shadow-4.0.14-r2 (12 Mar 2006) + + 12 Mar 2006; Diego Pettenò +files/login.defs, + +files/login.pamd, +shadow-4.0.14-r2.ebuild: + Merge pam-login back into shadow, as 4.x version was already being used; + this means that upgrade from 4.0.14-r1 requires to remove pam-login before. 11 Mar 2006; Mike Frysinger shadow-4.0.11.1-r1.ebuild, shadow-4.0.11.1-r2.ebuild, shadow-4.0.12.ebuild, shadow-4.0.13.ebuild, diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index b393cd4cd5fb..ce5593db70d4 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -1,9 +1,9 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -MD5 f4b2aa7a4fe6eaa57aafb59a5f3f64b8 ChangeLog 24315 -RMD160 3b19d194f7f44f2189d2b8ff1a89e8ed404e2256 ChangeLog 24315 -SHA256 197b62725a4b10c1ee8f4c0bf7c79ea856f4f023e634afab4469116f2fe04bcd ChangeLog 24315 +MD5 4cf1e3e22a51cc7ced00ce697e60a1b5 ChangeLog 24624 +RMD160 135ef82845403c5bed04c034118cf5f95868b4aa ChangeLog 24624 +SHA256 b6a575ecb3e0352621467010160c65347cc3e6cca9267f62d628ab42dc1e08b5 ChangeLog 24624 MD5 6e0bc0211949c624da0ea08d994a7038 files/default/useradd 96 RMD160 55c38953c800c6aae1ebe4312028560f77e7414f files/default/useradd 96 SHA256 31aa2cbe4a34a9f7d4d134c1fecd007c9bbf4d40e19d0dcddbcd396f1853b490 files/default/useradd 96 @@ -22,9 +22,18 @@ SHA256 76f9c442acc143a966bf3da9170c52583e70a4f86912c3e72a83d0ba78474160 files/di MD5 2b6cc6ba67673510780c1c4474587e62 files/digest-shadow-4.0.14-r1 67 RMD160 46cef7289437c7f0c43bf56cd03e1c6716287f65 files/digest-shadow-4.0.14-r1 67 SHA256 40f7ed35551b6f856a45fff826cdaf231e0dc458b5d5431b92f022d560419d80 files/digest-shadow-4.0.14-r1 67 +MD5 e762a86e8069be90d8d92c729a7ea723 files/digest-shadow-4.0.14-r2 247 +RMD160 538a905f79791302dcdccc7b0ea73a31bbe89f6b files/digest-shadow-4.0.14-r2 247 +SHA256 1902d92c71601c84369242225380eea36c18bc3b7b9f676f1806f85e387614cd files/digest-shadow-4.0.14-r2 247 MD5 46c2be2ed8b26ec007e3ed1f476491d8 files/digest-shadow-4.0.7-r4 66 RMD160 6b4e254fe2230dd1ad173f02310fea6b7a87d7ab files/digest-shadow-4.0.7-r4 66 SHA256 d736922bcacc93c8394219cff03d1a22dffa8b4db05bd6b188db2a2110a33ad2 files/digest-shadow-4.0.7-r4 66 +MD5 b1efe75ceba3c645eaab09c580809342 files/login.defs 6254 +RMD160 1daa093f13d56126833e6e97d6dd60498a68304a files/login.defs 6254 +SHA256 b7bfd7b1c34ce3d35865b572abc69d278dea4eef4f349c26b238735547c4ac22 files/login.defs 6254 +MD5 e01e197ed3b6d2ec6ae83d23b33088b8 files/login.pamd 1019 +RMD160 062e018d7c0e6c3b9963f695051322f762809edc files/login.pamd 1019 +SHA256 4d1844dbfc9292ae82789c26767190b6ca2cad0f77a55fee86dbf292444762e0 files/login.pamd 1019 MD5 4b7d75b12f1bea9f349dff4c48c18b8b files/pam.d-include/login 245 RMD160 100e5514b65603d1fa0001cc0dce5dd2caaf232f files/pam.d-include/login 245 SHA256 39bbe2ed696a22c7549a39a7cfd47c16e347e5af4fd71b8c01ec87fce59ba0a0 files/pam.d-include/login 245 @@ -193,13 +202,16 @@ SHA256 a47d6fcfa1d07c8855670b259bcc97d20cb8e171183ea9bafa937dc4122671f7 shadow-4 MD5 5dbd60f9f583f3f25d1969d8cdc2a964 shadow-4.0.14-r1.ebuild 7121 RMD160 969f1b92aaa895e055bb8516d89d0b7c6888deef shadow-4.0.14-r1.ebuild 7121 SHA256 e14582ffe4958c2af59f81cf3c2d787fb3da62853e8b5fb295b4bb92ad3076ac shadow-4.0.14-r1.ebuild 7121 +MD5 eaa9a3cb90a0c5c444bc518cc3f20a1f shadow-4.0.14-r2.ebuild 7671 +RMD160 16fe54ebbd36a5551053fe924df528a6b753df4f shadow-4.0.14-r2.ebuild 7671 +SHA256 aa038dad4842cd329eafb84000f509f4fb880c9b01270fde4f06ffb96a1cb9b1 shadow-4.0.14-r2.ebuild 7671 MD5 b2f49d9316731f342a8aee3d826cece9 shadow-4.0.7-r4.ebuild 7174 RMD160 7a795cc523e6d543a33837b4aa9618fe7fbea171 shadow-4.0.7-r4.ebuild 7174 SHA256 0554fbb6eb37686d54ef27c1be211595976b390f3a1a549a807225c91fc3e72a shadow-4.0.7-r4.ebuild 7174 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) -iD8DBQFEEoAt2+ySkm8kpY0RAh6tAKCtu64HMqh4MaCY4aIYlzd/twSuOQCfViiL -/MqMdO+SU02HOFREtCaIJ74= -=iwPD +iD8DBQFEFLMKAiZjviIA2XgRArGQAJ0SY+8Y3f0elxnezyuaS5HOdjYKDQCg62bY +oEdvSdRDZkKECVFrdZ9DNLo= +=QhxN -----END PGP SIGNATURE----- diff --git a/sys-apps/shadow/files/digest-shadow-4.0.14-r2 b/sys-apps/shadow/files/digest-shadow-4.0.14-r2 new file mode 100644 index 000000000000..ac9830b87acc --- /dev/null +++ b/sys-apps/shadow/files/digest-shadow-4.0.14-r2 @@ -0,0 +1,3 @@ +MD5 903f55cf05bbe082617d3337743792fb shadow-4.0.14.tar.bz2 1246902 +RMD160 555bb154ba73b9e322ddd17517a77470cdfb7902 shadow-4.0.14.tar.bz2 1246902 +SHA256 e9beb4edf8689f94c32e9a8f53d1c6c542ef1a5678e8037d4c452c53dfbeb0ae shadow-4.0.14.tar.bz2 1246902 diff --git a/sys-apps/shadow/files/login.defs b/sys-apps/shadow/files/login.defs new file mode 100644 index 000000000000..4aa7044bec22 --- /dev/null +++ b/sys-apps/shadow/files/login.defs @@ -0,0 +1,212 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# $Id: login.defs,v 1.6 2006/03/12 23:47:08 flameeyes Exp $ +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# +# Delay in seconds before being allowed another attempt after a login failure +# +FAIL_DELAY 3 + +# +# Enable display of unknown usernames when login failures are recorded. +# +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +CONSOLE /etc/securetty +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# +MAIL_DIR /var/spool/mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin +ENV_PATH PATH=/bin:/usr/bin + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# The ULIMIT is used only if the system supports it. +# (now it works with setrlimit too; ulimit is in 512-byte units) +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad +# +LOGIN_RETRIES 3 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# When prompting for password without echo, getpass() can optionally +# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' +# characters for each character typed. This feature is designed to +# confuse people looking over your shoulder when you enter a password :-). +# Also, the new getpass() accepts both Backspace (8) and Delete (127) +# keys to delete previous character (to cope with different terminal +# types), Control-U to delete all characters, and beeps when there are +# no more characters to delete, or too many characters entered. +# +# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - +# exactly one '*' displayed for each character typed. +# +# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, +# Delete, Control-U and beep continue to work as described above). +# +# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() +# without any new features. This is the default. +# +GETPASS_ASTERISKS 0 + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + diff --git a/sys-apps/shadow/files/login.pamd b/sys-apps/shadow/files/login.pamd new file mode 100644 index 000000000000..f8f1f86fbc8e --- /dev/null +++ b/sys-apps/shadow/files/login.pamd @@ -0,0 +1,30 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth include system-auth +auth required pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root +auth required pam_shells.so +auth required pam_nologin.so + +account required pam_access.so +account include system-auth +account required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root + +password include system-auth + +@selinux@# pam_selinux.so close should be the first session rule +@selinux@session required pam_selinux.so close +@selinux@ +session include system-auth +session required pam_env.so +session optional pam_lastlog.so +session optional pam_motd.so motd=/etc/motd +session optional pam_mail.so + +# If you want to enable pam_console, uncomment the following line +# and read carefully README.pam_console in /usr/share/doc/pam* +#session optional pam_console.so + +@selinux@# pam_selinux.so open should be the last session rule +@selinux@session required pam_selinux.so multiple open +@selinux@ diff --git a/sys-apps/shadow/shadow-4.0.14-r2.ebuild b/sys-apps/shadow/shadow-4.0.14-r2.ebuild new file mode 100644 index 000000000000..76554b14382c --- /dev/null +++ b/sys-apps/shadow/shadow-4.0.14-r2.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.14-r2.ebuild,v 1.1 2006/03/12 23:47:08 flameeyes Exp $ + +inherit eutils libtool toolchain-funcs flag-o-matic autotools pam + +# We should remove this login after pam-0.78 goes stable. +FORCE_SYSTEMAUTH_UPDATE="no" + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="http://shadow.pld.org.pl/" +SRC_URI="ftp://ftp.pld.org.pl/software/${PN}/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="nls pam selinux skey nousuid" + +RDEPEND=">=sys-libs/cracklib-2.7-r3 + pam? ( virtual/pam ) + !sys-apps/pam-login + skey? ( app-admin/skey ) + selinux? ( >=sys-libs/libselinux-1.28 ) + nls? ( virtual/libintl )" +DEPEND="${RDEPEND} + >=sys-apps/portage-2.0.51-r2 + nls? ( sys-devel/gettext )" + +src_unpack() { + unpack ${A} + cd "${S}" + + # uclibc support, corrects NIS usage + epatch "${FILESDIR}"/${PN}-4.0.13-nonis.patch + + # If su should not simulate a login shell, use '/bin/sh' as shell to enable + # running of commands as user with /bin/false as shell, closing bug #15015. + # *** This one could be a security hole; disable for now *** + #epatch "${FILESDIR}"/${P}-nologin-run-sh.patch + + # don't install manpages if USE=-nls + epatch "${FILESDIR}"/${PN}-4.0.14-nls-manpages.patch + + # tweak the default login.defs + epatch "${FILESDIR}"/${PN}-4.0.13-login.defs.patch + + # skeychallenge call needs updating #69741 + epatch "${FILESDIR}"/shadow-4.0.5-skey.patch + + # Make user/group names more flexible #3485 / #22920 + epatch "${FILESDIR}"/${PN}-4.0.13-dots-in-usernames.patch + epatch "${FILESDIR}"/${PN}-4.0.13-long-groupnames.patch + + # Fix compiling with gcc-2.95.x + epatch "${FILESDIR}"/${PN}-4.0.12-gcc2.patch + + # Patch from upstream enables the new environment too early for PAM + epatch "${FILESDIR}"/${PN}-4.0.14-su-fix-environment.patch + + # Patch from upstream fixes `su -c ls` #118342 + epatch "${FILESDIR}"/${P}-su-cvs.patch + + # Some UCLIBC patches + epatch "${FILESDIR}"/${PN}-4.0.11.1-uclibc-missing-l64a.patch + + # lock down setuid perms #47208 + epatch "${FILESDIR}"/${PN}-4.0.11.1-perms.patch + + # Needed by the UCLIBC patches + eautoconf || die + + elibtoolize + epunt_cxx +} + +src_compile() { + append-ldflags $(bindnow-flags) + tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes + econf \ + --disable-desrpc \ + --with-libcrypt \ + --with-libcrack \ + --enable-shared=no \ + --enable-static=yes \ + $(use_with pam libpam) \ + $(use_with skey) \ + $(use_with selinux) \ + $(use_enable nls) \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + local perms=4711 + use nousuid && perms=711 + make DESTDIR=${D} suiduperms=${perms} install || die "install problem" + dosym useradd /usr/sbin/adduser + + # Remove libshadow and libmisc; see bug 37725 and the following + # comment from shadow's README.linux: + # Currently, libshadow.a is for internal use only, so if you see + # -lshadow in a Makefile of some other package, it is safe to + # remove it. + rm -f "${D}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} + + insinto /etc + # Using a securetty with devfs device names added + # (compat names kept for non-devfs compatibility) + insopts -m0600 ; doins "${FILESDIR}"/securetty + if ! use pam; then + insopts -m0600 + doins etc/login.access etc/limits + else + newpamd "${FILESDIR}/login.pamd" login + use selinux || sed -i -e '/@selinux@/d' ${D}/etc/pam.d/login + use selinux && sed -i -e 's:@selinux@::g' ${D}/etc/pam.d/login + + insinto /etc + insopts -m0644 + newins "${FILESDIR}/login.defs" login.defs + + # Also install another one that we can use to check if + # we need to update it if FORCE_LOGIN_DEFS = "yes" + [ "${FORCE_LOGIN_DEFS}" = "yes" ] \ + && newins "${FILESDIR}/login.defs" login.defs.new + fi + # Output arch-specific cruft + case $(tc-arch) in + ppc*) echo "hvc0" >> "${D}"/etc/securetty + echo "hvsi0" >> "${D}"/etc/securetty;; + hppa) echo "ttyB0" >> "${D}"/etc/securetty;; + arm) echo "ttyFB0" >> "${D}"/etc/securetty;; + esac + + # needed for 'adduser -D' + insinto /etc/default + insopts -m0600 + doins "${FILESDIR}"/default/useradd + + # move passwd to / to help recover broke systems #64441 + mv "${D}"/usr/bin/passwd "${D}"/bin/ + dosym /bin/passwd /usr/bin/passwd + + if use pam ; then + local INSTALL_SYSTEM_PAMD="yes" + + # Do not install below pam.d files if we have pam-0.78 or later + portageq has_version / '>=sys-libs/pam-0.78' && \ + INSTALL_SYSTEM_PAMD="no" + + for x in "${FILESDIR}"/pam.d-include/*; do + case "${x##*/}" in + "login") + # We do no longer install this one, as its from + # pam-login now. + ;; + "system-auth"|"system-auth-1.1"|"other") + # These we only install if we do not have pam-0.78 + # or later. + [ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \ + dopamd ${x} + ;; + "su") + # Disable support for pam_env and pam_wheel on openpam + has_version sys-libs/pam && dopamd ${x} + ;; + "su-openpam") + has_version sys-libs/openpam && newpamd ${x} su + ;; + *) + [ -f ${x} ] && dopamd ${x} + ;; + esac + done + for x in chage chsh chfn chpasswd newusers \ + user{add,del,mod} group{add,del,mod} ; do + newpamd "${FILESDIR}"/pam.d-include/shadow ${x} + done + + # Only add this one if needed. + if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then + newpamd "${FILESDIR}"/pam.d-include/system-auth-1.1 system-auth.new || \ + die "Failed to install system-auth.new!" + fi + + # remove manpages that pam will install for us + # and/or don't apply when using pam + + find "${D}"/usr/share/man \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -exec rm {} \; + else + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + fi + + # Remove manpages that are handled by other packages + find "${D}"/usr/share/man \ + '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \ + -exec rm {} \; + + cd "${S}" + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc + dodoc HOWTO LSM README* WISHLIST *.txt +} + +pkg_preinst() { + rm -f "${ROOT}"/etc/pam.d/system-auth.new \ + "${ROOT}/etc/login.defs.new" +} + +pkg_postinst() { + use pam || return 0 + + if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then + local CHECK1=$(md5sum "${ROOT}"/etc/pam.d/system-auth | cut -d ' ' -f 1) + local CHECK2=$(md5sum "${ROOT}"/etc/pam.d/system-auth.new | cut -d ' ' -f 1) + + if [ "${CHECK1}" != "${CHECK2}" ]; then + ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " + ewarn "is being updated automatically. Your old " + ewarn "system-auth will be backed up as:" + ewarn + ewarn " ${ROOT}etc/pam.d/system-auth.bak" + echo + + cp -pPR "${ROOT}"/etc/pam.d/system-auth \ + "${ROOT}"/etc/pam.d/system-auth.bak; + mv -f "${ROOT}"/etc/pam.d/system-auth.new \ + "${ROOT}"/etc/pam.d/system-auth + rm -f "${ROOT}"/etc/pam.d/._cfg????_system-auth + else + rm -f "${ROOT}"/etc/pam.d/system-auth.new + fi + fi + + [ "${FORCE_LOGIN_DEFS}" != "yes" ] && return 0 + + ewarn "Due to a compatibility issue, ${ROOT}etc/login.defs " + ewarn "is being updated automatically. Your old login.defs" + ewarn "will be backed up as: ${ROOT}etc/login.defs.bak" + echo + + local CHECK1="`md5sum ${ROOT}/etc/login.defs | cut -d ' ' -f 1`" + local CHECK2="`md5sum ${ROOT}/etc/login.defs.new | cut -d ' ' -f 1`" + + if [ "${CHECK1}" != "${CHECK2}" ] + then + cp -pPR ${ROOT}/etc/login.defs ${ROOT}/etc/login.defs.bak + mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs + elif [ ! -f ${ROOT}/etc/login.defs ] + then + mv -f ${ROOT}/etc/login.defs.new ${ROOT}/etc/login.defs + else + rm -f ${ROOT}/etc/login.defs.new + fi +} + -- 2.26.2