diff --git a/filesystem/PKGBUILD b/filesystem/PKGBUILD index 8c02c42..26b6978 100644 --- a/filesystem/PKGBUILD +++ b/filesystem/PKGBUILD @@ -6,8 +6,8 @@ #-----------------------------------------| DESCRIPTION |--------------------------------------- pkgname=filesystem -pkgver=2023.09.11 -pkgrel=01 +pkgver=2023.09.18 +pkgrel=02 pkgdesc='Base joborun Linux filesystem' groups=( jobbot base ) url='https://pozol.eu' @@ -134,11 +134,11 @@ sha256sums=(e03bede3d258d680548696623d5979c6edf03272e801a813c81ba5a5c64f4f82 # b3f9aca43fd990384741213c747f856ae166b254475bb42c4dac676bd7fdde5a # nsswitch.conf fd10f9659e690070a921223d380a109962a411926fdf2d9860e1eed92d53447c # os-release eac657125eb0e80c6cc79bac04f4c9b317dcea2d2d5436c03f26d73310bca6e6 # passwd - 5e4088ad8d0853d390fa303f6be8c3f69c33834200cba9e90f7849f1993ca8d0 # profile + 8f08231922fe185d3132f9aedded5cd688fb7c482a6f6f272402ded82fa4849a # profile 66d732ad4cbdc7b3180f4750a5e74163d5c9a6797916a91311697cde95c2762b # resolv.conf d88be2b45b43605ff31dd83d6a138069b6c2e92bc8989b7b9ab9eba8da5f8c7b # securetty b302b2e8b06d27d078c5ad68655d441e2a07357b925a867dcf6a33f3a5464b3a # shadow - 14f8c9d3af89091ae0a6ce0f54eb1efd4b620c3fb72c2ba36f07f5a58fa31510 # shells + 38ea9a181c4bca9e921a5ca2710530c56accf04b483e6b43b72a118e8a3bdbc7 # shells e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # subgid e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # subuid e7c1a8ca1216879597348a553a7d5ebf0fa0de66179e3bae697935dc86aa3958 # sysusers @@ -148,3 +148,4 @@ sha256sums=(e03bede3d258d680548696623d5979c6edf03272e801a813c81ba5a5c64f4f82 # 673953e0ad7fc53247f4feadc2c2d4506396840d1f8796526f48d47333ac7652) # jobo-release ## + diff --git a/filesystem/PKGBUILD-arch b/filesystem/PKGBUILD-arch index b375bd0..7267778 100644 --- a/filesystem/PKGBUILD-arch +++ b/filesystem/PKGBUILD-arch @@ -2,11 +2,11 @@ # Contributor: Tom Gundersen pkgname=filesystem -pkgver=2023.01.31 +pkgver=2023.09.18 pkgrel=1 pkgdesc='Base Arch Linux files' -arch=('x86_64') -license=('GPL') +arch=('any') +license=('GPL-3.0-or-later') url='https://archlinux.org' depends=('iana-etc') backup=('etc/crypttab' 'etc/fstab' 'etc/group' 'etc/gshadow' 'etc/host.conf' @@ -30,12 +30,12 @@ sha256sums=('e03bede3d258d680548696623d5979c6edf03272e801a813c81ba5a5c64f4f82' '8ca2d8eef6fb5143c9ef7e9174ccfef59ac7ad2deee243574cd10c763156cc10' 'c8ee7a9faf798caab178ec51afae4146f1efd8a716b7acedf28345b6c75f9697' '46108f7e84f5d5994678133d412d5ec6222c53f28e6bf7ac66cc07788a7ee66d' - '5e4088ad8d0853d390fa303f6be8c3f69c33834200cba9e90f7849f1993ca8d0' + '8f08231922fe185d3132f9aedded5cd688fb7c482a6f6f272402ded82fa4849a' '5e06477834f51abf42ea4e8dc199632afc6afbfd8c44354685a271e9a48d2c0a' '5557d8e601b17a80d1ea7de78a9869be69637cb6a02fbfe334e22fdf64e61d4c' 'd88be2b45b43605ff31dd83d6a138069b6c2e92bc8989b7b9ab9eba8da5f8c7b' '6e13705ac4d6f69cdba118c6b70c722346fd3c45224133e6bbfe28aca719563c' - '0d9ad0a063e74e6b88db52b2f0a93e7b8f6faf1395981edebac493a13d0b59b3' + 'ec289c03aa0d150e90e8287f001c8e6552ab9dd54f450bdb5c2d2254e477965b' '89e43a0b7028f52d5c8e7fb961d962c4b4f4e9595880a6157274ddb2c7c0b6b4' '30b97e8f5965744138f7a394e04454db6d509fb89e0a9b615bcd9037df3d6f2a' '5d8e61479f0093852365090e84d8d95b1e7fccfab068274ee25863bde6ff3e07' diff --git a/filesystem/deps b/filesystem/deps index 6995371..139597f 100644 --- a/filesystem/deps +++ b/filesystem/deps @@ -1,4 +1,2 @@ -iana-etc - diff --git a/filesystem/profile b/filesystem/profile index ef3f9f6..78ed69f 100644 --- a/filesystem/profile +++ b/filesystem/profile @@ -1,8 +1,5 @@ # /etc/profile -# Set our umask -umask 022 - # Append "$1" to $PATH when not already in. # This function API is accessible to scripts in /etc/profile.d append_path () { diff --git a/filesystem/shells b/filesystem/shells index 58c5d86..b42896f 100644 --- a/filesystem/shells +++ b/filesystem/shells @@ -1,8 +1,11 @@ # Pathnames of valid login shells. # See shells(5) for details. +/bin/sh +/bin/bash +/bin/rbash +/bin/zsh /usr/bin/sh /usr/bin/bash -/usr/bin/zsh /usr/bin/rbash -#/bin/ash # after you install busybox-alpinevariant which provides it +/usr/bin/zsh diff --git a/pambase/PKGBUILD b/pambase/PKGBUILD index 1896b4e..9b43b59 100644 --- a/pambase/PKGBUILD +++ b/pambase/PKGBUILD @@ -6,12 +6,11 @@ #-----------------------------------------| DESCRIPTION |--------------------------------------- pkgname=pambase -pkgver=20221020 +pkgver=20230918 pkgrel=01 pkgdesc="Base PAM configuration for services" arch=('any') url="https://www.archlinux.org" - source=('system-auth' 'system-local-login' 'system-login' @@ -35,12 +34,14 @@ package() { sha256sums=(a) -license=('GPL') +license=(GPL-3.0-or-later) sha256sums=(d3f6c7465198415df7bc3b365595642c7255dd69f2d7db548eb071123f43164c # system-auth 005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9 # system-local-login - 37bc2532a587a140bad9d25c0146ee8d58f66b10d020ae171cd68780a878d7ef # system-login + 86365d603d4a50f30252888b6db8f0bb4b398900903ac61fca66385561e509e5 # system-login 005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9 # system-remote-login 6eb1acdd3fa9f71a7f93fbd529be57ea65bcafc6e3a98a06af4d88013fc6a567 # system-services d5ed59ec2157c19c87964a162f7ca84d53c19fb2bd68d3fbc1671ba8d906346f) # other +## 743aaca14134bf4a9ce8d137d04e6a672264f22e9d2171ebb826251575a2604c pambase-20230918-01-any.pkg.tar.lz + diff --git a/pambase/PKGBUILD-arch b/pambase/PKGBUILD-arch index c2b51dc..0aedb7b 100644 --- a/pambase/PKGBUILD-arch +++ b/pambase/PKGBUILD-arch @@ -2,12 +2,12 @@ # Contributor: Dave Reisner pkgname=pambase -pkgver=20221020 +pkgver=20230918 pkgrel=1 pkgdesc="Base PAM configuration for services" arch=(any) url="https://www.archlinux.org" -license=(GPL) +license=(GPL-3.0-or-later) backup=( etc/pam.d/system-auth etc/pam.d/system-local-login @@ -24,15 +24,15 @@ source=( system-services other ) -sha512sums=('881f2d76cd5f621b46cc710e9f63269b801b6e03fd3cacf0b31bd1ec2b846c1e610891e2f7a52bfc67917336f411005927a9a6a01f6173143c4ef89a034dc604' +sha512sums=('af25e6428930c3e915d9052d091f8bd5db050bcc4f07eb05fe84c101589d2817ad4fbd1471a7ab5da366e89f9bdab8e2113b3932bd4bfe888a1301f027b2ae1a' '83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1' - 'caa11946510c20d7d6429a941952f4831091c89e018cbcbedadf9a563f364c060b8d88abc1331db8cc62d0f0b52cd9b106a99a994602f140a5f04f3124d6ae36' + 'aebf4dcbc2df04bba551a921355f545ebf3ba5b1ee949de8e151ee1f42884d5a2e5e7cbe866238c60e4b16a6e0d919ab84b57ad54cb430ff3c9a20ddb3222ea6' '83cc3d84ef5afded9afd4d347132901b9adcbd8b21be45b80d010370a2082e8388a713eb78d052944bc47b07fd7383edf18e2674d9d0545215cc45e14a2e14b1' '5c2947f8644803783d19cc97ddc19fdaa234dac41a939edd32c9452e78bb2a4751bceeb4737d0791fb122ca932b8b941aab869b6dec3146bf90e94517d31724a' 'df554f70f017dd3f6023a3c62b95d19123eaf41c08deaac0c4bc343fcce6eeefcf468910f7cb9ba58ee2846abb88091d18d718eb0228e38f6ce26ebced94c407') -b2sums=('2120f15bca3092ce6ed672a3244c1f2d9f13601db3fda83442029d1ceca3a5622b9ce8e215d821ac1e68d30f20556d3ad463fed9f3670778e4b87f4813d7df1b' +b2sums=('189fb86628a959e53512e16ac506b4e925d0005f4cd19289f23c0c7c70ac961f7750f784ae3d7948d0d3320813af1ad53044f8f763c66fd4a1e403f2e8e7bd0c' '900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6' - '0b9e817d51ee4fcb25ac769693ecc557ede1cd3ec502d41b90cb7f0a505967dc3803231cf860e2f1c58aeb7395719fd6f30bd89702dfda40a61b55e720c4958f' + '46a76303623e08fbcada2fdf868b8885afc540c5db88da6d941f29f845e7a9c97fbc6d03002133b7a0117cb9c9c13749745384e25b72408812d01706c4fa6a2f' '900a5250f5a9e464c1c3ab8fc112475c99f4d76b597abf362041b661707dcc458cd385fd2cfeecf1ba9e3e831176ca8d183cffc9a913fb79e8ddcaa68223a7e6' 'e11e8959c961036a384016096f0fce0696d8a3ecc63d0d12d8016cc7c27a7afc80f8580ab639c97360aed0d49af3159462d85260b4404b9d65963f440eb77243' '3de32ccd196fecaf0a3cce8e61867f93f85fff651044519d8521a28d9f8d6ddaf51f3e30eac4979884c505f9f52d01f458e5bccc5d5adc4f1d7d372068dd02da') diff --git a/pambase/system-login b/pambase/system-login index 364fa06..e48136d 100644 --- a/pambase/system-login +++ b/pambase/system-login @@ -15,5 +15,6 @@ session optional pam_keyinit.so force revoke session include system-auth session optional pam_motd.so session optional pam_mail.so dir=/var/spool/mail standard quiet +session optional pam_umask.so -session optional pam_systemd.so session required pam_env.so diff --git a/shadow/0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch b/shadow/0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch new file mode 100644 index 0000000..98d36b6 --- /dev/null +++ b/shadow/0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch @@ -0,0 +1,727 @@ +From c6fe55f198b1e3bd3087f9213193d94f5c1c3d31 Mon Sep 17 00:00:00 2001 +From: David Runge +Date: Sat, 5 Nov 2022 23:40:18 +0100 +Subject: [PATCH 1/3] Disable replaced tools and their man pages and PAM + integration + +etc/pam.d/Makefile.am: +Disable installation of PAM integration for chfn, chsh and login tools +as they are provided by util-linux. + +man/Makefile.am, man/*/Makefile.am: +Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr, +vipw and su as they are either no longer used or replaced by util-linux. + +src/Makefile.am: +Set usbindir to use bin instead of sbin, as Arch Linux is a /usr and bin +merge distribution. +Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as +they are either not used or replaced by util-linux. +Move newgrp to replace sg (instead of it being a symlink). +--- + etc/pam.d/Makefile.am | 3 --- + man/Makefile.am | 20 +++----------------- + man/cs/Makefile.am | 8 ++------ + man/da/Makefile.am | 8 +------- + man/de/Makefile.am | 11 +---------- + man/fi/Makefile.am | 5 +---- + man/fr/Makefile.am | 11 +---------- + man/hu/Makefile.am | 6 +----- + man/id/Makefile.am | 2 -- + man/it/Makefile.am | 11 +---------- + man/ja/Makefile.am | 10 +--------- + man/ko/Makefile.am | 8 +------- + man/pl/Makefile.am | 7 +------ + man/ru/Makefile.am | 11 +---------- + man/sv/Makefile.am | 8 +------- + man/tr/Makefile.am | 3 --- + man/uk/Makefile.am | 11 +---------- + man/zh_CN/Makefile.am | 11 +---------- + man/zh_TW/Makefile.am | 4 ---- + src/Makefile.am | 18 +++++++----------- + 20 files changed, 25 insertions(+), 151 deletions(-) + +diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am +index 38ff26ae..a19ad431 100644 +--- a/etc/pam.d/Makefile.am ++++ b/etc/pam.d/Makefile.am +@@ -2,10 +2,7 @@ + # and also cooperate to make a distribution for `make dist' + + pamd_files = \ +- chfn \ +- chsh \ + groupmems \ +- login \ + passwd + + pamd_acct_tools_files = \ +diff --git a/man/Makefile.am b/man/Makefile.am +index 89d97937..d2741036 100644 +--- a/man/Makefile.am ++++ b/man/Makefile.am +@@ -8,10 +8,8 @@ endif + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chgpasswd.8 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -26,12 +24,9 @@ man_MANS = \ + man8/grpconv.8 \ + man8/grpunconv.8 \ + man5/gshadow.5 \ +- man1/login.1 \ ++ man8/lastlog.8 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ +@@ -43,9 +38,7 @@ man_MANS = \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +@@ -77,10 +70,8 @@ endif + + man_XMANS = \ + chage.1.xml \ +- chfn.1.xml \ + chgpasswd.8.xml \ + chpasswd.8.xml \ +- chsh.1.xml \ + expiry.1.xml \ + faillog.5.xml \ + faillog.8.xml \ +@@ -94,12 +85,9 @@ man_XMANS = \ + grpck.8.xml \ + gshadow.5.xml \ + limits.5.xml \ +- login.1.xml \ + login.access.5.xml \ + login.defs.5.xml \ +- logoutd.8.xml \ + newgidmap.1.xml \ +- newgrp.1.xml \ + newuidmap.1.xml \ + newusers.8.xml \ + nologin.8.xml \ +@@ -111,14 +99,12 @@ man_XMANS = \ + shadow.3.xml \ + shadow.5.xml \ + sg.1.xml \ +- su.1.xml \ + suauth.5.xml \ + subgid.5.xml \ + subuid.5.xml \ + useradd.8.xml \ + userdel.8.xml \ +- usermod.8.xml \ +- vipw.8.xml ++ usermod.8.xml + + if ENABLE_LASTLOG + man_XMANS += lastlog.8.xml +diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am +index 84407d71..c5ef7cf5 100644 +--- a/man/cs/Makefile.am ++++ b/man/cs/Makefile.am +@@ -12,11 +12,8 @@ man_MANS = \ + man1/groups.1 \ + man8/grpck.8 \ + man5/gshadow.5 \ +- man8/nologin.8 \ + man5/passwd.5 \ +- man5/shadow.5 \ +- man1/su.1 \ +- man8/vipw.8 ++ man5/shadow.5 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +@@ -24,6 +21,5 @@ endif + + EXTRA_DIST = $(man_MANS) \ + man1/id.1 \ +- man8/groupmems.8 \ +- man8/logoutd.8 ++ man8/groupmems.8 + +diff --git a/man/da/Makefile.am b/man/da/Makefile.am +index a3b09224..e45bef66 100644 +--- a/man/da/Makefile.am ++++ b/man/da/Makefile.am +@@ -3,16 +3,10 @@ mandir = @mandir@/da + + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = \ +- man1/chfn.1 \ + man8/groupdel.8 \ + man1/groups.1 \ + man5/gshadow.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ +- man8/nologin.8 \ +- man1/sg.1 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man1/sg.1 + + man_nopam = + +diff --git a/man/de/Makefile.am b/man/de/Makefile.am +index 671432d3..333d5524 100644 +--- a/man/de/Makefile.am ++++ b/man/de/Makefile.am +@@ -3,10 +3,8 @@ mandir = @mandir@/de + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chgpasswd.8 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -21,12 +19,8 @@ man_MANS = \ + man8/grpconv.8 \ + man8/grpunconv.8 \ + man5/gshadow.5 \ +- man1/login.1 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ +@@ -35,13 +29,10 @@ man_MANS = \ + man1/sg.1 \ + man3/shadow.3 \ + man5/shadow.5 \ +- man1/su.1 \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am +index 26a1a848..f02b92f3 100644 +--- a/man/fi/Makefile.am ++++ b/man/fi/Makefile.am +@@ -1,10 +1,7 @@ + + mandir = @mandir@/fi + +-man_MANS = \ +- man1/chfn.1 \ +- man1/chsh.1 \ +- man1/su.1 ++man_MANS = + + # Outdated manpages + # passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024) +diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am +index 335e0298..9962c038 100644 +--- a/man/fr/Makefile.am ++++ b/man/fr/Makefile.am +@@ -3,10 +3,8 @@ mandir = @mandir@/fr + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chgpasswd.8 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -21,12 +19,8 @@ man_MANS = \ + man8/grpconv.8 \ + man8/grpunconv.8 \ + man5/gshadow.5 \ +- man1/login.1 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ +@@ -35,13 +29,10 @@ man_MANS = \ + man1/sg.1 \ + man3/shadow.3 \ + man5/shadow.5 \ +- man1/su.1 \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am +index 205bb0a8..3d813179 100644 +--- a/man/hu/Makefile.am ++++ b/man/hu/Makefile.am +@@ -2,15 +2,11 @@ + mandir = @mandir@/hu + + man_MANS = \ +- man1/chsh.1 \ + man1/gpasswd.1 \ + man1/groups.1 \ +- man1/login.1 \ +- man1/newgrp.1 \ + man1/passwd.1 \ + man5/passwd.5 \ +- man1/sg.1 \ +- man1/su.1 ++ man1/sg.1 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/id/Makefile.am b/man/id/Makefile.am +index 21f3dbe9..6d10b930 100644 +--- a/man/id/Makefile.am ++++ b/man/id/Makefile.am +@@ -2,8 +2,6 @@ + mandir = @mandir@/id + + man_MANS = \ +- man1/chsh.1 \ +- man1/login.1 \ + man8/useradd.8 + + EXTRA_DIST = $(man_MANS) +diff --git a/man/it/Makefile.am b/man/it/Makefile.am +index b76187fa..1f62e20e 100644 +--- a/man/it/Makefile.am ++++ b/man/it/Makefile.am +@@ -3,10 +3,8 @@ mandir = @mandir@/it + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chgpasswd.8 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -21,12 +19,8 @@ man_MANS = \ + man8/grpconv.8 \ + man8/grpunconv.8 \ + man5/gshadow.5 \ +- man1/login.1 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ +@@ -35,13 +29,10 @@ man_MANS = \ + man1/sg.1 \ + man3/shadow.3 \ + man5/shadow.5 \ +- man1/su.1 \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am +index 13f18da1..3401a085 100644 +--- a/man/ja/Makefile.am ++++ b/man/ja/Makefile.am +@@ -3,9 +3,7 @@ mandir = @mandir@/ja + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -17,10 +15,7 @@ man_MANS = \ + man8/grpck.8 \ + man8/grpconv.8 \ + man8/grpunconv.8 \ +- man1/login.1 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ + man1/passwd.1 \ + man5/passwd.5 \ +@@ -29,13 +24,10 @@ man_MANS = \ + man8/pwunconv.8 \ + man1/sg.1 \ + man5/shadow.5 \ +- man1/su.1 \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am +index c269f0bb..9616cb3e 100644 +--- a/man/ko/Makefile.am ++++ b/man/ko/Makefile.am +@@ -2,14 +2,8 @@ + mandir = @mandir@/ko + + man_MANS = \ +- man1/chfn.1 \ +- man1/chsh.1 \ + man1/groups.1 \ +- man1/login.1 \ +- man5/passwd.5 \ +- man1/su.1 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man5/passwd.5 + # newgrp.1 must be updated + # newgrp.1 + +diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am +index b2f096f7..00817d37 100644 +--- a/man/pl/Makefile.am ++++ b/man/pl/Makefile.am +@@ -4,7 +4,6 @@ mandir = @mandir@/pl + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = \ + man1/chage.1 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -15,14 +14,10 @@ man_MANS = \ + man8/groupmod.8 \ + man1/groups.1 \ + man8/grpck.8 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man1/sg.1 \ + man3/shadow.3 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am +index 84d55d9e..b65f4881 100644 +--- a/man/ru/Makefile.am ++++ b/man/ru/Makefile.am +@@ -3,10 +3,8 @@ mandir = @mandir@/ru + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chgpasswd.8 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -21,12 +19,8 @@ man_MANS = \ + man8/grpconv.8 \ + man8/grpunconv.8 \ + man5/gshadow.5 \ +- man1/login.1 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ +@@ -35,13 +29,10 @@ man_MANS = \ + man1/sg.1 \ + man3/shadow.3 \ + man5/shadow.5 \ +- man1/su.1 \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am +index 70329edf..58fa80e5 100644 +--- a/man/sv/Makefile.am ++++ b/man/sv/Makefile.am +@@ -3,7 +3,6 @@ mandir = @mandir@/sv + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = \ + man1/chage.1 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -15,18 +14,13 @@ man_MANS = \ + man1/groups.1 \ + man8/grpck.8 \ + man5/gshadow.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ + man1/sg.1 \ + man3/shadow.3 \ + man5/suauth.5 \ +- man8/userdel.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/userdel.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am +index 8d8b9166..4fe3632a 100644 +--- a/man/tr/Makefile.am ++++ b/man/tr/Makefile.am +@@ -2,15 +2,12 @@ mandir = @mandir@/tr + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +- man1/login.1 \ + man1/passwd.1 \ + man5/passwd.5 \ + man5/shadow.5 \ +- man1/su.1 \ + man8/useradd.8 \ + man8/userdel.8 \ + man8/usermod.8 +diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am +index 3fb5ffb3..e13c8fee 100644 +--- a/man/uk/Makefile.am ++++ b/man/uk/Makefile.am +@@ -3,10 +3,8 @@ mandir = @mandir@/uk + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chgpasswd.8 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -21,12 +19,8 @@ man_MANS = \ + man8/grpconv.8 \ + man8/grpunconv.8 \ + man5/gshadow.5 \ +- man1/login.1 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ +@@ -35,13 +29,10 @@ man_MANS = \ + man1/sg.1 \ + man3/shadow.3 \ + man5/shadow.5 \ +- man1/su.1 \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am +index a8b93a56..42ad764d 100644 +--- a/man/zh_CN/Makefile.am ++++ b/man/zh_CN/Makefile.am +@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN + + man_MANS = \ + man1/chage.1 \ +- man1/chfn.1 \ + man8/chgpasswd.8 \ + man8/chpasswd.8 \ +- man1/chsh.1 \ + man1/expiry.1 \ + man5/faillog.5 \ + man8/faillog.8 \ +@@ -21,12 +19,8 @@ man_MANS = \ + man8/grpconv.8 \ + man8/grpunconv.8 \ + man5/gshadow.5 \ +- man1/login.1 \ + man5/login.defs.5 \ +- man8/logoutd.8 \ +- man1/newgrp.1 \ + man8/newusers.8 \ +- man8/nologin.8 \ + man1/passwd.1 \ + man5/passwd.5 \ + man8/pwck.8 \ +@@ -35,13 +29,10 @@ man_MANS = \ + man1/sg.1 \ + man3/shadow.3 \ + man5/shadow.5 \ +- man1/su.1 \ + man5/suauth.5 \ + man8/useradd.8 \ + man8/userdel.8 \ +- man8/usermod.8 \ +- man8/vigr.8 \ +- man8/vipw.8 ++ man8/usermod.8 + + if ENABLE_LASTLOG + man_MANS += man8/lastlog.8 +diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am +index c36ed2c7..26696b67 100644 +--- a/man/zh_TW/Makefile.am ++++ b/man/zh_TW/Makefile.am +@@ -2,15 +2,11 @@ + mandir = @mandir@/zh_TW + + man_MANS = \ +- man1/chfn.1 \ +- man1/chsh.1 \ + man8/chpasswd.8 \ +- man1/newgrp.1 \ + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ + man5/passwd.5 \ +- man1/su.1 \ + man8/useradd.8 \ + man8/userdel.8 \ + man8/usermod.8 +diff --git a/src/Makefile.am b/src/Makefile.am +index 585a0b7e..69ec939a 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -3,7 +3,7 @@ EXTRA_DIST = \ + .indent.pro + + ubindir = ${prefix}/bin +-usbindir = ${prefix}/sbin ++usbindir = ${prefix}/bin + suidperms = 4755 + sgidperms = 2755 + +@@ -27,9 +27,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS) + # and installation would be much simpler (just two directories, + # $prefix/bin and $prefix/sbin, no install-data hacks...) + +-bin_PROGRAMS = groups login +-sbin_PROGRAMS = nologin +-ubin_PROGRAMS = faillog chage chfn chsh expiry gpasswd newgrp passwd ++bin_PROGRAMS = groups ++sbin_PROGRAMS = ++ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd + if ENABLE_SUBIDS + ubin_PROGRAMS += newgidmap newuidmap + endif +@@ -49,22 +49,20 @@ usbin_PROGRAMS = \ + grpck \ + grpconv \ + grpunconv \ +- logoutd \ + newusers \ + pwck \ + pwconv \ + pwunconv \ + useradd \ + userdel \ +- usermod \ +- vipw ++ usermod + + # id and groups are from gnu, sulogin from sysvinit + noinst_PROGRAMS = id sulogin + + suidusbins = + suidbins = +-suidubins = chage chfn chsh expiry gpasswd newgrp ++suidubins = chage expiry gpasswd newgrp + if WITH_SU + suidbins += su + endif +@@ -137,18 +135,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) + useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl + userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl + usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl +-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) + + install-am: all-am + $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +- ln -sf newgrp $(DESTDIR)$(ubindir)/sg +- ln -sf vipw $(DESTDIR)$(usbindir)/vigr + set -e; for i in $(suidbins); do \ + chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \ + done + set -e; for i in $(suidubins); do \ + chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \ + done ++ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg + set -e; for i in $(suidusbins); do \ + chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \ + done +-- +2.42.0 + diff --git a/shadow/PKGBUILD b/shadow/PKGBUILD index b9f06ce..1bc1a67 100644 --- a/shadow/PKGBUILD +++ b/shadow/PKGBUILD @@ -6,8 +6,8 @@ #-----------------------------------------| DESCRIPTION |--------------------------------------- pkgname=shadow -pkgver=4.13 -pkgrel=03 +pkgver=4.14.0 +pkgrel=02 pkgdesc="Password and account management tool suite with support for shadow files and PAM w/o systemd" url='https://github.com/shadow-maint/shadow' depends=( @@ -22,23 +22,29 @@ makedepends=(docbook-xsl itstool libcap libxslt) backup=( etc/default/useradd etc/login.defs - etc/pam.d/{chage,{,ch,chg}passwd,group{add,del,mems,mod},newusers,shadow,user{add,del,mod}} + etc/pam.d/chpasswd + etc/pam.d/groupmems + etc/pam.d/newusers + etc/pam.d/passwd + +# {chage,{,ch,chg}passwd,group{add,del,mems,mod},newusers,shadow,user{add,del,mod}} ) #options=(debug !emptydirs) options=('!emptydirs') # NOTE: distribution patches are taken from https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/v4.13.0.arch1 source=( https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz{,.asc} - 0001-Disable-replaced-tools-and-man-pages.patch + 0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch 0002-Adapt-login.defs-for-PAM-and-util-linux.patch 0003-Add-Arch-Linux-defaults-for-login.defs.patch - 0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch +# 0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch # chgpasswd # chpasswd # defaults.pam # login.defs # newusers # passwd + shadow.{sysusers,tmpfiles} useradd.defaults ) # install=shadow.install @@ -62,24 +68,27 @@ build() { --prefix=/usr --bindir=/usr/bin --sbindir=/usr/bin + --disable-account-tools-setuid # no setuid for chgpasswd, chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod + --enable-man --libdir=/usr/lib --mandir=/usr/share/man --sysconfdir=/etc - --disable-account-tools-setuid - --enable-man - --with-fcaps - --with-libpam - --with-group-name-max-length=32 --with-audit - --with-bcrypt - --with-yescrypt + --with-fcaps # use capabilities instead of setuid for setuidmap and setgidmap + --with-group-name-max-length=32 + --with-libpam # PAM integration for chpasswd, groupmems, newusers, passwd + --without-libbsd # shadow can use internal implementation for getting passphrase --without-selinux - --without-systemd - --disable-dependency-tracking --without-su - ) - + --without-systemd + ) +# --with-bcrypt +# --disable-dependency-tracking +# --with-yescrypt +# cd $pkgname-$pkgver + # add extra check, preventing accidental deletion of other user's home dirs when using `userdel -r ` + export CFLAGS="$CFLAGS -DEXTRA_CHECK_HOME_DIR" ./configure "${configure_options[@]}" # prevent excessive overlinking due to libtool @@ -99,22 +108,28 @@ package() { # custom useradd(8) defaults (not provided by upstream) install -vDm 600 ../useradd.defaults "$pkgdir/etc/default/useradd" + install -vDm 644 ../$pkgname.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" + install -vDm 644 ../$pkgname.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" + + # manually add PAM config for chpasswd and newusers: https://github.com/shadow-maint/shadow/issues/810 + install -vDm 644 etc/pam.d/{chpasswd,newusers} -t "$pkgdir/etc/pam.d/" } #---- arch license gpg-key & sha256sums ---- arch=(x86_64) -license=('BSD') +license=(BSD-3-Clause) validpgpkeys=(66D0387DB85D320F8408166DB175CFA98F192AF2) # Serge Hallyn -sha256sums=(9afe245d79a2e7caac5f1ed62519b17416b057ec89df316df1c3935502f9dd2c # shadow-4.13.tar.xz - 65a1f0907b9c26040b21f6a638be1fc39d2ff5ace5b0b631deb3aca67c28db64 # shadow-4.13.tar.xz.asc - 774c7b4941489a2a9da99f9d391356fb21fd400be02a4bbc678438edfabf17df # 0001-Disable-replaced-tools-and-man-pages.patch +sha256sums=(87e1c5cc10109536132f1b4e29b6df6edc99b70f36f71ff042c2783f2fa01d4f # shadow-4.14.0.tar.xz + 2c5c21deaa2852ade2f96703779ba2980e45d08948899644b24e6fc986519aa6 # shadow-4.14.0.tar.xz.asc + 7598d70f8fc71ff2a07a78b501fcc94d371b273f0cf47123a82807cca11be245 # 0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch 986562e197f1efef60b4ebab5316c388d630d171fdca74237bff864db0bf4970 # 0002-Adapt-login.defs-for-PAM-and-util-linux.patch 85e22497e1a7e3be04233090d12866b5d2b9752ddba08f9aa63bc938a0b8b780 # 0003-Add-Arch-Linux-defaults-for-login.defs.patch - 7bce13c1a28c7dbcf5aff13e30601f9cf1d4763c2952f7bea1e99515c7e10da5 # 0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch + 29448220f2ecfeab0a1a7aae296f07ca522d0a75a5b20df30f83950f9d54531f # shadow.sysusers + 92cbb5eabdef4639066e3f17195191beb43de0a83c9f447fdd4525e6592b52f2 # shadow.tmpfiles c7ae1086e00248915cf67d361482510ec00e728d21714d4e2b56b90cc9adac91) # useradd.defaults -## 79ec5274f7935bc4a1cc3207458ae8bf692bbfb1f5a6ccdf25d550318138316e shadow-4.13-03-x86_64.pkg.tar.lz +## 5e38433cb08e0455b342f75ffa85c6fced0da90635a31818f0d362a262eb854e shadow-4.14.0-02-x86_64.pkg.tar.lz diff --git a/shadow/PKGBUILD-arch b/shadow/PKGBUILD-arch index ac90fd2..a08e875 100644 --- a/shadow/PKGBUILD-arch +++ b/shadow/PKGBUILD-arch @@ -3,12 +3,12 @@ # Contributor: Aaron Griffin pkgname=shadow -pkgver=4.13 -pkgrel=3 +pkgver=4.14.0 +pkgrel=2 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=(x86_64) url="https://github.com/shadow-maint/shadow" -license=(BSD) +license=(BSD-3-Clause) depends=( acl libacl.so attr libattr.so @@ -17,40 +17,50 @@ depends=( libxcrypt libcrypt.so pam libpam.so libpam_misc.so ) -makedepends=(docbook-xsl itstool libcap libxslt) +makedepends=( + docbook-xsl + itstool + libcap + libxslt +) backup=( etc/default/useradd etc/login.defs - etc/pam.d/{chage,{,ch,chg}passwd,group{add,del,mems,mod},newusers,shadow,user{add,del,mod}} + etc/pam.d/chpasswd + etc/pam.d/groupmems + etc/pam.d/newusers + etc/pam.d/passwd ) options=(!emptydirs) -# NOTE: distribution patches are taken from https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/v4.13.0.arch1 +# NOTE: distribution patches are taken from https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/v4.14.0.arch1 source=( - https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz{,.asc} - 0001-Disable-replaced-tools-and-man-pages.patch + $url/releases/download/$pkgver/$pkgname-$pkgver.tar.xz{,.asc} + 0001-Disable-replaced-tools-and-their-man-pages-and-PAM-i.patch 0002-Adapt-login.defs-for-PAM-and-util-linux.patch 0003-Add-Arch-Linux-defaults-for-login.defs.patch - 0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch shadow.{timer,service} + shadow.{sysusers,tmpfiles} useradd.defaults ) -sha512sums=('2949a728c3312bef13d23138d6b79caf402781b1cb179e33b5be546c1790971ec20778d0e9cd3dbe09691d928ffcbe88e60da42fab58c69a90d5ebe5e3e2ab8e' +sha512sums=('ff960481d576f9db5a9f10becc4e1a74c03de484ecfdcd7f1ea735fded683d7ba0f9cd895dc6a431b77e5a633752273178b1bcda4cefaa5adbf0f143c9a0c86f' 'SKIP' - '23215dbc4efa5cb321f32442be30b92f79f1e008c7418ee5daac27540785c1674e790a5e4ee755e9a5a086589be8437e25efbee4a4668918b14337b86309192b' - '26160ba1bc42619077dd826fc6e472196e47f4f2e29f9a70d68373a73df9d6187e3a2671369a223e230b05b42af113c38aacf24cd6cb99fbc00b8baca71ab6b7' - '3b8bec1dc5dfdc5a3b7b3a4579c05d7fc71ac80c87bdb35031820c2442efcae5dfcc97c763ca9430c1dc3f5d3827dc391999cb67e89d3758d31bdc694dff4601' - 'fcedd59f0c1294ca03ff2553591058295073e9c795500f66e571e34635016898b999afa816c5994846e459bf743d2c7a358a5be1f561a86a75846df2112194e1' + 'ac119fd4a7867021923c54d54612499313686bb2faa957133f63c77700b8777dd87628fd4f36d4e4c1160700624a776510bc5d450ef5be1adc128552edfcb062' + '57166e14262df3ddcf03008a34ef603a624a31b6d40b18b9fc4d8be50fb857540dea2ffc9dab81c91bcd87bbb3b0dee381219ebd3e68f71864c64a33d5ec7b15' + '14a0527164b5c60bdba0db4ad23d6a2269ce39527bf34adc73abd0716aeced2b9873b60dcb24bd5b8eebd302c1adcbe301f3add7ecd532a873e51fd8bcbb7788' 'e4edf705dd04e088c6b561713eaa1afeb92f42ac13722bff037aede6ac5ad7d4d00828cfb677f7b1ff048db8b6788238c1ab6a71dfcfd3e02ef6cb78ae09a621' '2c8689b52029f6aa27d75b8b05b0b36e2fc322cab40fdfbb50cdbe331f61bc84e8db20f012cf9af3de8c4e7fdb10c2d5a4925ca1ba3b70eb5627772b94da84b3' + '5afac4a96b599b0b8ed7be751e7160037c3beb191629928c6520bfd3f2adcd1c55c31029c92c2ff8543e6cd9e37e2cd515ba4e1789c6d66f9c93b4e7f209ee7a' + '08a56b16673f282404f3ee026236f3d361045b4448bad7d3cc5d7cbeaf06a1d66a3a3e0848accaebde206741a7998699b9f18bd56a44d93422370567fe8cb180' 'e9ffea021ee4031b9ad3a534bfb94dbf9d0dfd45a55ecac5dedb2453ea0c17fb80bbb9ad039686bc1f3349dc371977eb548e3a665c56531469c22f29fc4eced8') -b2sums=('315ab8a7e598aeefb50c11293e20cfa0982c3c3ae21c35ae243d09a4facf97a13c1d672990876e74ef94f5284402acf14997663743e2aaefa6cfc4369b7d24dc' +b2sums=('6e9a6108f856953ec91c597e46ad4f912101a829c7b3ff3389510be43f56f0a70425bd562119282d73df269df45af354e626741ad748f9c1e6f27b74a462a62c' 'SKIP' - 'e109e09f7709270e6042389f74ee59f44d95c3bd02aa57fedbe27f1e111d36fdb2fc4bb9f837916bfd83ebfa7d1d0859a50d6fefe573da3fd6f849cfd61a0187' - '9d3490810bc94c8809442e9e3928fd4dfc62a22e7134ecc63098a1e2ab5db6c64867f6f067641bb7bccf712a7269b67c36434d2ae3ed3e0a206ac66eef299dc9' - '92474c0a9cd8bc4df08984a304c73122a9711f1e4c036361e1dcbc027b1e43e007d1e35cdd5db4295829603a097ab360adb66289c4b479a5d5ccee4947f72da7' - 'aee9aaadae6d49872b4eb98334fbffee7a49b1625b81019927908ac79753364fdac4d87433fcd5d2d2327d7b65eddcfc2edabe7c6a2a67ad7b101ab0bf6deaad' + '77b6e4bc6dc070b992728440fc29a8ed04e8f51cc7e58628f294c68bec7f102c8a80af6a41cf9a3c37d33e7a40ead4f4729f2e68412ab5606e6ecbd3008f5048' + 'e6359de24e563564979fd0b7915a3227239a84f175cb188392097394d4d41c782100655cbd0a779b6dfde7eddcf8b314ab15eb15ca891287a820547551d54c04' + '98f21ed043ea0dbec9150b54dc45ca7a596828706ccaa4d34b2590b2e90f8555793e9ceaaa6f8bda5b9560c9141395ba280cf08212c2b3ed0ac15fad493604f5' '5cfc936555aa2b2e15f8830ff83764dad6e11a80e2a102c5f2bd3b7c83db22a5457a3afdd182e3648c9d7d5bca90fa550f59576d0ac47a11a31dfb636cb18f2b' 'a69191ab966f146c35e7e911e7e57c29fffd54436ea014aa8ffe0dd46aaf57c635d0a652b35916745c75d82b3fca7234366ea5f810b622e94730b45ec86f122c' + '511c4ad9f3be530dc17dd68f2a3387d748dcdb84192d35f296b88f82442224477e2a74b1841ec3f107b39a5c41c2d961480e396a48d0578f8fd5f65dbe8d9f04' + 'b425e7b3d48de694114dfdf378e66175b1ef32cb773be2506813ace8a6dfd1035e7d10c30efb6791df2ae920bdec3aa7cb862ed93bac4cde713c549bd896d1b2' 'd5bea0cfc2e6d3d1749c65440ca911533d41b6f8117fe09e9efec23524637cfa823d230303a7fbb45d3cd251bf8036d48b9b21049ced208f7ed191fcbd75e879') validpgpkeys=(66D0387DB85D320F8408166DB175CFA98F192AF2) # Serge Hallyn @@ -70,25 +80,26 @@ prepare() { build() { local configure_options=( - --prefix=/usr --bindir=/usr/bin - --sbindir=/usr/bin + --disable-account-tools-setuid # no setuid for chgpasswd, chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod + --enable-man --libdir=/usr/lib --mandir=/usr/share/man + --prefix=/usr + --sbindir=/usr/bin --sysconfdir=/etc - --disable-account-tools-setuid - --enable-man - --with-fcaps - --with-libpam - --with-group-name-max-length=32 --with-audit - --with-bcrypt - --with-yescrypt + --with-fcaps # use capabilities instead of setuid for setuidmap and setgidmap + --with-group-name-max-length=32 + --with-libpam # PAM integration for chpasswd, groupmems, newusers, passwd + --without-libbsd # shadow can use internal implementation for getting passphrase --without-selinux - --without-su + --without-su # su is provided by util-linux ) cd $pkgname-$pkgver + # add extra check, preventing accidental deletion of other user's home dirs when using `userdel -r ` + export CFLAGS="$CFLAGS -DEXTRA_CHECK_HOME_DIR" ./configure "${configure_options[@]}" # prevent excessive overlinking due to libtool @@ -113,4 +124,10 @@ package() { install -vDm 644 ../shadow.service -t "$pkgdir/usr/lib/systemd/system/" install -vdm 755 "$pkgdir/usr/lib/systemd/system/timers.target.wants" ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer" + + install -vDm 644 ../$pkgname.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" + install -vDm 644 ../$pkgname.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" + + # manually add PAM config for chpasswd and newusers: https://github.com/shadow-maint/shadow/issues/810 + install -vDm 644 etc/pam.d/{chpasswd,newusers} -t "$pkgdir/etc/pam.d/" } diff --git a/shadow/shadow.sysusers b/shadow/shadow.sysusers new file mode 100644 index 0000000..fc536aa --- /dev/null +++ b/shadow/shadow.sysusers @@ -0,0 +1 @@ +g groups - - diff --git a/shadow/shadow.tmpfiles b/shadow/shadow.tmpfiles new file mode 100644 index 0000000..837b763 --- /dev/null +++ b/shadow/shadow.tmpfiles @@ -0,0 +1 @@ +z /usr/bin/groupmems 2710 root groups - -