upg filesystem shadow
This commit is contained in:
parent
c3e4d1882f
commit
359361c06c
10 changed files with 108 additions and 51 deletions
|
@ -147,5 +147,4 @@ sha256sums=(e03bede3d258d680548696623d5979c6edf03272e801a813c81ba5a5c64f4f82 #
|
|||
90fb123aa8c0176bc144322b585bb889181c437542ddbe546af43e11b95be6ab # modprobe.d.usb-load-ehci-first
|
||||
673953e0ad7fc53247f4feadc2c2d4506396840d1f8796526f48d47333ac7652) # jobo-release
|
||||
|
||||
##
|
||||
|
||||
## afc8f4c9ab21301b62ad8a0daed6b754c73de498bb00bb25a8eecc9249aa767d filesystem-2023.09.18-02-x86_64.pkg.tar.lz
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
post_install() {
|
||||
|
||||
if ! getent passwd s6log >/dev/null; then
|
||||
useradd -u 19 -g 19 -d / -c "S6 log user" -s /usr/bin/nologin s6log
|
||||
fi
|
||||
}
|
||||
|
||||
post_upgrade() {
|
||||
|
||||
post_install
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
root:x:0:root
|
||||
nobody:x:99:
|
||||
users:x:100:
|
|
@ -1 +0,0 @@
|
|||
root:x:0:root
|
|
@ -1,24 +1,24 @@
|
|||
From 09850623c6c5c4e4738088c80de82952f9f48c27 Mon Sep 17 00:00:00 2001
|
||||
From 2642dcf11171a701f1997dcd19a769bb5baec410 Mon Sep 17 00:00:00 2001
|
||||
From: David Runge <dvzrv@archlinux.org>
|
||||
Date: Mon, 31 Oct 2022 10:10:22 +0100
|
||||
Subject: [PATCH 3/4] Add Arch Linux defaults for login.defs
|
||||
Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
|
||||
|
||||
etc/login.defs:
|
||||
Change ENV_SUPATH and ENV_SUPATH to only use
|
||||
/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr merge
|
||||
and bin merge distribution.
|
||||
Change UMASK to 077 as it is considered a more privacy conserving
|
||||
default than 022.
|
||||
Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
|
||||
distribution added UIDs and GIDs.
|
||||
Change ENCRYPT_METHOD to SHA512 as it is a safer hashing algorithm than
|
||||
DES.
|
||||
- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
|
||||
/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
|
||||
bin merge distribution.
|
||||
- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
|
||||
while creating home directories in a privacy conserving manner.
|
||||
- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
|
||||
distribution added UIDs and GIDs of system users.
|
||||
- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
|
||||
than DES.
|
||||
---
|
||||
etc/login.defs | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/etc/login.defs b/etc/login.defs
|
||||
index 7c633a57..ea841257 100644
|
||||
index 797ca6b3..c4accbf8 100644
|
||||
--- a/etc/login.defs
|
||||
+++ b/etc/login.defs
|
||||
@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
|
||||
|
@ -32,15 +32,15 @@ index 7c633a57..ea841257 100644
|
|||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -79,7 +79,7 @@ TTYPERM 0600
|
||||
# 022 is the default value, but 027, or even 077, could be considered
|
||||
# for increased privacy. There is no One True Answer here: each sysadmin
|
||||
# must make up their mind.
|
||||
-UMASK 022
|
||||
+UMASK 077
|
||||
|
||||
@@ -84,7 +84,7 @@ UMASK 022
|
||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
||||
-#HOME_MODE 0700
|
||||
+HOME_MODE 0700
|
||||
|
||||
#
|
||||
# Password aging controls:
|
||||
@@ -103,7 +103,7 @@ PASS_WARN_AGE 7
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
|
@ -59,15 +59,15 @@ index 7c633a57..ea841257 100644
|
|||
SYS_GID_MAX 999
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
@@ -153,7 +153,7 @@ CHFN_RESTRICT rwh
|
||||
@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
-#ENCRYPT_METHOD DES
|
||||
+ENCRYPT_METHOD SHA512
|
||||
+ENCRYPT_METHOD YESCRYPT
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
--
|
||||
2.38.1
|
||||
2.42.0
|
||||
|
||||
|
|
73
shadow/0003-Add-Arch-Linux-defaults-for-login.defs.patch.0
Normal file
73
shadow/0003-Add-Arch-Linux-defaults-for-login.defs.patch.0
Normal file
|
@ -0,0 +1,73 @@
|
|||
From 09850623c6c5c4e4738088c80de82952f9f48c27 Mon Sep 17 00:00:00 2001
|
||||
From: David Runge <dvzrv@archlinux.org>
|
||||
Date: Mon, 31 Oct 2022 10:10:22 +0100
|
||||
Subject: [PATCH 3/4] Add Arch Linux defaults for login.defs
|
||||
|
||||
etc/login.defs:
|
||||
Change ENV_SUPATH and ENV_SUPATH to only use
|
||||
/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr merge
|
||||
and bin merge distribution.
|
||||
Change UMASK to 077 as it is considered a more privacy conserving
|
||||
default than 022.
|
||||
Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
|
||||
distribution added UIDs and GIDs.
|
||||
Change ENCRYPT_METHOD to SHA512 as it is a safer hashing algorithm than
|
||||
DES.
|
||||
---
|
||||
etc/login.defs | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/etc/login.defs b/etc/login.defs
|
||||
index 7c633a57..ea841257 100644
|
||||
--- a/etc/login.defs
|
||||
+++ b/etc/login.defs
|
||||
@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
-ENV_PATH PATH=/bin:/usr/bin
|
||||
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
||||
+ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -79,7 +79,7 @@ TTYPERM 0600
|
||||
# 022 is the default value, but 027, or even 077, could be considered
|
||||
# for increased privacy. There is no One True Answer here: each sysadmin
|
||||
# must make up their mind.
|
||||
-UMASK 022
|
||||
+UMASK 077
|
||||
|
||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
@@ -103,7 +103,7 @@ PASS_WARN_AGE 7
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
-SYS_UID_MIN 101
|
||||
+SYS_UID_MIN 500
|
||||
SYS_UID_MAX 999
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
@@ -116,7 +116,7 @@ SUB_UID_COUNT 65536
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
-SYS_GID_MIN 101
|
||||
+SYS_GID_MIN 500
|
||||
SYS_GID_MAX 999
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
@@ -153,7 +153,7 @@ CHFN_RESTRICT rwh
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
-#ENCRYPT_METHOD DES
|
||||
+ENCRYPT_METHOD SHA512
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
--
|
||||
2.38.1
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
pkgname=shadow
|
||||
pkgver=4.14.0
|
||||
pkgrel=02
|
||||
pkgrel=03
|
||||
pkgdesc="Password and account management tool suite with support for shadow files and PAM w/o systemd"
|
||||
url='https://github.com/shadow-maint/shadow'
|
||||
depends=(
|
||||
|
@ -127,9 +127,9 @@ sha256sums=(87e1c5cc10109536132f1b4e29b6df6edc99b70f36f71ff042c2783f2fa01d4f #
|
|||
2c5c21deaa2852ade2f96703779ba2980e45d08948899644b24e6fc986519aa6 # shadow-4.14.0.tar.xz.asc
|
||||
7598d70f8fc71ff2a07a78b501fcc94d371b273f0cf47123a82807cca11be245 # 0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch
|
||||
986562e197f1efef60b4ebab5316c388d630d171fdca74237bff864db0bf4970 # 0002-Adapt-login.defs-for-PAM-and-util-linux.patch
|
||||
85e22497e1a7e3be04233090d12866b5d2b9752ddba08f9aa63bc938a0b8b780 # 0003-Add-Arch-Linux-defaults-for-login.defs.patch
|
||||
5cf3e9c0313f6b0c9f1d56e69ec51522f64f002fc0843fc6172fbfa97b8495e2 # 0003-Add-Arch-Linux-defaults-for-login.defs.patch
|
||||
29448220f2ecfeab0a1a7aae296f07ca522d0a75a5b20df30f83950f9d54531f # shadow.sysusers
|
||||
92cbb5eabdef4639066e3f17195191beb43de0a83c9f447fdd4525e6592b52f2 # shadow.tmpfiles
|
||||
c7ae1086e00248915cf67d361482510ec00e728d21714d4e2b56b90cc9adac91) # useradd.defaults
|
||||
2d4b7b85ea1d5cddf93c2d636a11b0e76c1f484474449bdb018e3af0fcbd93c3) # useradd.defaults
|
||||
|
||||
## 5e38433cb08e0455b342f75ffa85c6fced0da90635a31818f0d362a262eb854e shadow-4.14.0-02-x86_64.pkg.tar.lz
|
||||
## d925945caa3ca2da40a5c3aa5c4101b06f660c5596d4e4d94c2ab8680ad8b0a9 shadow-4.14.0-03-x86_64.pkg.tar.lz
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
pkgname=shadow
|
||||
pkgver=4.14.0
|
||||
pkgrel=2
|
||||
pkgrel=3
|
||||
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
|
||||
arch=(x86_64)
|
||||
url="https://github.com/shadow-maint/shadow"
|
||||
|
@ -32,7 +32,7 @@ backup=(
|
|||
etc/pam.d/passwd
|
||||
)
|
||||
options=(!emptydirs)
|
||||
# NOTE: distribution patches are taken from https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/v4.14.0.arch1
|
||||
# NOTE: distribution patches are taken from https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/v4.14.0.arch2
|
||||
source=(
|
||||
$url/releases/download/$pkgver/$pkgname-$pkgver.tar.xz{,.asc}
|
||||
0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch
|
||||
|
@ -46,7 +46,7 @@ sha512sums=('ff960481d576f9db5a9f10becc4e1a74c03de484ecfdcd7f1ea735fded683d7ba0f
|
|||
'SKIP'
|
||||
'ac119fd4a7867021923c54d54612499313686bb2faa957133f63c77700b8777dd87628fd4f36d4e4c1160700624a776510bc5d450ef5be1adc128552edfcb062'
|
||||
'57166e14262df3ddcf03008a34ef603a624a31b6d40b18b9fc4d8be50fb857540dea2ffc9dab81c91bcd87bbb3b0dee381219ebd3e68f71864c64a33d5ec7b15'
|
||||
'14a0527164b5c60bdba0db4ad23d6a2269ce39527bf34adc73abd0716aeced2b9873b60dcb24bd5b8eebd302c1adcbe301f3add7ecd532a873e51fd8bcbb7788'
|
||||
'16c00e8ae1e4f86c9075e08b420ddd5e948345db5611390167ce08d7e3e4ec469954b255b3384d855484803ce3fa5d78c88ff8ae722c0215b692b9dece2ed6f6'
|
||||
'e4edf705dd04e088c6b561713eaa1afeb92f42ac13722bff037aede6ac5ad7d4d00828cfb677f7b1ff048db8b6788238c1ab6a71dfcfd3e02ef6cb78ae09a621'
|
||||
'2c8689b52029f6aa27d75b8b05b0b36e2fc322cab40fdfbb50cdbe331f61bc84e8db20f012cf9af3de8c4e7fdb10c2d5a4925ca1ba3b70eb5627772b94da84b3'
|
||||
'5afac4a96b599b0b8ed7be751e7160037c3beb191629928c6520bfd3f2adcd1c55c31029c92c2ff8543e6cd9e37e2cd515ba4e1789c6d66f9c93b4e7f209ee7a'
|
||||
|
@ -56,7 +56,7 @@ b2sums=('6e9a6108f856953ec91c597e46ad4f912101a829c7b3ff3389510be43f56f0a70425bd5
|
|||
'SKIP'
|
||||
'77b6e4bc6dc070b992728440fc29a8ed04e8f51cc7e58628f294c68bec7f102c8a80af6a41cf9a3c37d33e7a40ead4f4729f2e68412ab5606e6ecbd3008f5048'
|
||||
'e6359de24e563564979fd0b7915a3227239a84f175cb188392097394d4d41c782100655cbd0a779b6dfde7eddcf8b314ab15eb15ca891287a820547551d54c04'
|
||||
'98f21ed043ea0dbec9150b54dc45ca7a596828706ccaa4d34b2590b2e90f8555793e9ceaaa6f8bda5b9560c9141395ba280cf08212c2b3ed0ac15fad493604f5'
|
||||
'fe88e173ea5531c083c1f3fb640cad1de463ce5446cb097bd30bc54e9082ba0540a57a9effd11c0779196583cf58bfc7066ab10ef4088f78c7d74928a73889b2'
|
||||
'5cfc936555aa2b2e15f8830ff83764dad6e11a80e2a102c5f2bd3b7c83db22a5457a3afdd182e3648c9d7d5bca90fa550f59576d0ac47a11a31dfb636cb18f2b'
|
||||
'a69191ab966f146c35e7e911e7e57c29fffd54436ea014aa8ffe0dd46aaf57c635d0a652b35916745c75d82b3fca7234366ea5f810b622e94730b45ec86f122c'
|
||||
'511c4ad9f3be530dc17dd68f2a3387d748dcdb84192d35f296b88f82442224477e2a74b1841ec3f107b39a5c41c2d961480e396a48d0578f8fd5f65dbe8d9f04'
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
|
||||
real 5m9.255s
|
||||
user 4m54.931s
|
||||
sys 0m15.969s
|
||||
real 3m44.477s
|
||||
user 3m24.431s
|
||||
sys 0m21.421s
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
#
|
||||
# The SHELL variable specifies the default login shell on your
|
||||
# system.
|
||||
SHELL=/bin/bash
|
||||
SHELL=/usr/bin/zsh
|
||||
|
||||
# The default group for users
|
||||
GROUP=users
|
||||
|
|
Loading…
Reference in a new issue