jobcore/shadow/PKGBUILD

#!/usr/bin/bash
# JOBoRun		: Jwm OpenBox Obarun RUNit
# Maintainer	: Joe Bo Run <joborun@disroot.org>
# PkgSource		: url="https://gittea.disroot.org/joborun-pkg/jobcore/$pkgname"
# Website		: https://pozol.eu
#-----------------------------------------| DESCRIPTION |---------------------------------------

pkgname=shadow
pkgver=4.14.5
pkgrel=01
pkgdesc="Password and account management tool suite with support for shadow files and PAM w/o systemd"
url="https://github.com/shadow-maint/shadow"
depends=( glibc )
makedepends=(acl attr audit docbook-xsl itstool libcap  libxcrypt libxslt pam)
backup=(
  etc/default/useradd
  etc/login.defs
  etc/pam.d/chpasswd
  etc/pam.d/groupmems
  etc/pam.d/newusers
  etc/pam.d/passwd

# {chage,{,ch,chg}passwd,group{add,del,mems,mod},newusers,shadow,user{add,del,mod}}
)
#options=(debug !emptydirs)
options=('!emptydirs')
# NOTE: distribution patches are taken from https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/4.14.5.arch1
source=(
  $url/releases/download/$pkgver/$pkgname-$pkgver.tar.xz{,.asc}
  0001-Disable-replaced-tools-their-man-pages-and-PAM-integ.patch
  0002-Adapt-login.defs-for-PAM-and-util-linux.patch
  0003-Add-Arch-Linux-defaults-for-login.defs.patch
  shadow.{sysusers,tmpfiles}
  useradd.defaults
)
# install=shadow.install

prepare() {
  local filename

  cd $pkgname-$pkgver
  for filename in "${source[@]}"; do
    if [[ "$filename" =~ \.patch$ ]]; then
      printf "Applying patch %s\n" "${filename##*/}"
      patch -Np1 -i "$srcdir/${filename##*/}"
    fi
  done

  autoreconf -fiv
}

build() {
  local configure_options=(
    --prefix=/usr
    --bindir=/usr/bin
    --sbindir=/usr/bin
    --disable-account-tools-setuid  # no setuid for chgpasswd, chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod
    --enable-man
    --libdir=/usr/lib
    --mandir=/usr/share/man
    --sysconfdir=/etc
    --with-audit
    --with-fcaps  # use capabilities instead of setuid for setuidmap and setgidmap
    --with-group-name-max-length=32
    --with-yescrypt
    --with-libpam  # PAM integration for chpasswd, groupmems, newusers, passwd
    --without-libbsd  # shadow can use internal implementation for getting passphrase
    --without-nscd  # we do not ship nscd anymore
    --without-selinux
    --without-su
    --without-systemd
 )

  cd $pkgname-$pkgver
  # add extra check, preventing accidental deletion of other user's home dirs when using `userdel -r <user with home in />`
  export CFLAGS="$CFLAGS -DEXTRA_CHECK_HOME_DIR"
  ./configure "${configure_options[@]}"

  # prevent excessive overlinking due to libtool
  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
  make
}

package() {
  cd $pkgname-$pkgver
  depends=(acl libacl.so attr libattr.so audit libaudit.so libxcrypt libcrypt.so
           pam libpam.so libpam_misc.so)

  make DESTDIR="$pkgdir" install
  make DESTDIR="$pkgdir" -C man install

  # license
  install -vDm 644 COPYING -t "$pkgdir/usr/share/licenses/$pkgname/"

  # custom useradd(8) defaults (not provided by upstream)
  install -vDm 600 ../useradd.defaults "$pkgdir/etc/default/useradd"

  install -vDm 644 ../$pkgname.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
  install -vDm 644 ../$pkgname.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"

  # adapt executables to match the modes used by tmpfiles.d, so that pacman does not complain:
  chmod 750 "$pkgdir/usr/bin/groupmems"

  # manually add PAM config for chpasswd and newusers: https://github.com/shadow-maint/shadow/issues/810
  # install -vDm 644 etc/pam.d/{chpasswd,newusers} -t "$pkgdir/etc/pam.d/"
}

#---- arch license gpg-key & sha256sums ----

arch=(x86_64)

license=(BSD-3-Clause)

validpgpkeys=(66D0387DB85D320F8408166DB175CFA98F192AF2  # Serge Hallyn <sergeh@kernel.org>
	  A9348594CE31283A826FBDD8D57633D441E25BB5) # Alejandro Colomar <alx@kernel.org>

sha256sums=(cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23  # shadow-4.14.5.tar.xz
	8117982a631822eba6cc8877b58ff5892c5d54ea3af1482cf6bad83786939572  # shadow-4.14.5.tar.xz.asc
	98287eb9eb1033218dc6be82e27bb7a8735c4e1e4b67e79e5a907e2c80e06873  # 0001-Disable-replaced-tools-their-man-pages-and-PAM-integ.patch
	0f781d3085f710b1475940ee7dedebd50d70c1c6acbc38eb538c45f87c4b2b86  # 0002-Adapt-login.defs-for-PAM-and-util-linux.patch
	d4403593b0f1a3cce61a0f741dc4a62e45d92c18db2d2c06fea90219c4391bef  # 0003-Add-Arch-Linux-defaults-for-login.defs.patch
	29448220f2ecfeab0a1a7aae296f07ca522d0a75a5b20df30f83950f9d54531f  # shadow.sysusers
	c2faa81b894de452e6cd23660ad7e30a4e03d6a4eacb94ff209c6e578df05e61  # shadow.tmpfiles
	2d4b7b85ea1d5cddf93c2d636a11b0e76c1f484474449bdb018e3af0fcbd93c3) # useradd.defaults

##  964a818b4614d2b2e8ff84a0aa60c5fbad0e0089518cf8c894225c820330b3bf  shadow-4.14.5-01-x86_64.pkg.tar.lz