diff options
Diffstat (limited to 'community/shadow/APKBUILD')
-rw-r--r-- | community/shadow/APKBUILD | 158 |
1 files changed, 108 insertions, 50 deletions
diff --git a/community/shadow/APKBUILD b/community/shadow/APKBUILD index bcc14261a24..6d39ef24970 100644 --- a/community/shadow/APKBUILD +++ b/community/shadow/APKBUILD @@ -1,22 +1,34 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Stuart Cardall <developer@it-offshore.co.uk> pkgname=shadow -pkgver=4.8.1 +pkgver=4.15.1 pkgrel=0 pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)" -url="http://pkg-shadow.alioth.debian.org/" +url="https://github.com/shadow-maint/shadow" arch="all" license="BSD-3-Clause" -makedepends="linux-pam-dev" -subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap" +options="suid setcap" +makedepends="linux-pam-dev libbsd-dev libcap-dev cmd:setcap" +install="$pkgname.post-upgrade" +subpackages=" + $pkgname-dbg + $pkgname-dev + $pkgname-libs + $pkgname-login + $pkgname-login-doc:_login_doc:noarch + $pkgname-doc + $pkgname-conv + $pkgname-subids + " source="https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz - chpasswd.pamd - login.pamd - defaults.patch - dots-in-usernames.patch - pam-useradd.patch + useradd-defaults.patch + chsh.pamd + shadow-utils.pamd " + # secfixes: +# 4.13-r4: +# - CVE-2023-29383 # 4.5-r0: # - CVE-2017-12424 # 4.2.1-r11: @@ -24,7 +36,8 @@ source="https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow- # 4.2.1-r7: # - CVE-2016-6252 -options="suid" +# login utils included in subpackage shadow-login. +_login_cmds='faillog lastlog login newgrp nologin sg su' build() { ./configure \ @@ -34,17 +47,20 @@ build() { --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ - --infodir=/usr/share/info \ --localstatedir=/var \ + --disable-account-tools-setuid \ --disable-nls \ - --with-libpam \ + --enable-lastlog \ --without-audit \ + --with-libpam \ --without-selinux \ --without-acl \ --without-attr \ --without-tcb \ + --with-yescrypt \ --without-nscd \ - --without-group-name-max-length + --without-group-name-max-length \ + --with-fcaps make } @@ -54,57 +70,99 @@ check() { package() { make DESTDIR="$pkgdir" install + make -C man DESTDIR="$pkgdir" install-man - # Do not install these pam.d files they are broken and outdated. + # Do not install shipped pam.d. rm "$pkgdir"/etc/pam.d/* - # install some pam.d files based on a patched useradd - for pamf in groupadd groupdel groupmems groupmod \ - useradd userdel usermod newusers - do - install -m0644 etc/pam.d/useradd \ - "$pkgdir/etc/pam.d/$pamf" + # Config uses "--disable-account-tools-setuid" so most binaries are not pam aware + # Add shadow-utils.pam and link only required configs + install -m644 "$srcdir"/shadow-utils.pamd "$pkgdir"/etc/pam.d/shadow-utils + for pam_aware in groupmems chpasswd chfn newusers; do + ln -s shadow-utils "$pkgdir"/etc/pam.d/"$pam_aware"; done - # nologin is provided by util-linux. - rm "$pkgdir"/sbin/nologin - rm "$pkgdir"/usr/share/man/man8/nologin.* - # avoid conlict with coreutils-doc - rm "$pkgdir"/usr/share/man/man1/groups.* + install -m644 "$srcdir"/chsh.pamd "$pkgdir"/etc/pam.d/chsh + + # passwd, login and su should work fine with 'linux-pam' config - # However, install our own for login. - cp "$srcdir"/login.pamd "$pkgdir"/etc/pam.d/login + cd "$pkgdir" - # Also install custom pam configuration for chpasswd (see bug #10209) - cp "$srcdir"/chpasswd.pamd "$pkgdir"/etc/pam.d/chpasswd + # Avoid conlict with coreutils-doc package. + rm usr/share/man/man1/groups.* + + # Avoid conflict with man-pages package. + rm usr/share/man/man3/getspnam.3* + rm usr/share/man/man5/passwd.5* # /etc/login.defs is not very useful - replace it with an *almost* blank file. - rm "$pkgdir"/etc/login.defs - echo "USERGROUPS_ENAB yes" > "$pkgdir"/etc/login.defs + rm etc/login.defs + echo "USERGROUPS_ENAB yes" > etc/login.defs - # Avoid conflict with man-pages. - rm "$pkgdir"/usr/share/man/man3/getspnam.3* \ - "$pkgdir"/usr/share/man/man5/passwd.5* + # Used e.g. for unprivileged LXC containers. + install -m644 /dev/null etc/subuid + install -m644 /dev/null etc/subgid } -uidmap() { - pkgdesc="Utilities for using subordinate UIDs and GIDs" +login() { + pkgdesc="Login utils from shadow package: ${_login_cmds// /, }" + # Commands in conflict with util-linux-login: newgrp login nologin su + provides="login-utils" + provider_priority=10 # lowest (other provider is util-linux-login) + replaces="$pkgname" # for backward compatibility (Alpine <3.16) + + cd "$pkgdir" + + local cmd dir + for cmd in $_login_cmds; do + for dir in bin sbin usr/bin usr/sbin; do + if [ -e $dir/$cmd ] || [ -L $dir/$cmd ]; then + amove $dir/$cmd + continue 2 + fi + done + error "file $cmd not found" + return 1 + done +} - mkdir -p "$subpkgdir" - cd "$subpkgdir" +_login_doc() { + pkgdesc="Login utils from shadow package (documentation)" + depends="!util-linux-login-doc" + replaces="$pkgname-doc" # for backward compatibility (Alpine <3.16) + install_if="docs $pkgname-login=$pkgver-r$pkgrel" - mkdir -p usr/bin - mv "$pkgdir"/usr/bin/new*idmap usr/bin/ - chmod 4711 usr/bin/new*idmap + local cmd; for cmd in $_login_cmds; do + amove usr/share/man/man*/$cmd.* + done - # Used e.g. for unprivileged LXC containers. - mkdir etc - touch etc/subuid etc/subgid + find "$subpkgdir"/usr/share/man -type f ! -name "*.gz" \ + -exec gzip -9 {} \; +} + +conv() { + pkgdesc="Utilities for converting to and from shadow passwords and groups" + replaces="$pkgname" # for backward compatibility + + local i; for i in pwconv pwunconv grpconv grpunconv; do + amove usr/sbin/$i + done +} + +subids() { + pkgdesc="Utilities for using subordinate UIDs and GIDs" + depends="" + provides="$pkgname-uidmap=$pkgver-r$pkgrel" # for backward compatibility (Alpine <3.16) + + amove bin/getsubids + amove usr/bin/new*idmap + amove etc/subuid + amove etc/subgid } -sha512sums="780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b shadow-4.8.1.tar.xz -38e78aade316350dc26000b35335a778f12f5deb0f54ea23f84000ad92a683c519c7814165b5ed7e63187d11677993082d35dc6c21f7f66c6aee8e3fd4b3694b chpasswd.pamd -46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd -999eb67be2c1d6bcf752ce217ddbed868e4415d3e60676872db1b3da79b1c7d7da6b5d03335297d6358c41e7d21c32ba2df1bd6834ac4ba364b999ed7170f846 defaults.patch -745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d dots-in-usernames.patch -0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1 pam-useradd.patch" +sha512sums=" +e3ae51bf53bfa1662d81bbe0150ada19c116514f1e56391d877045d48e16776326446561759edbf5006c0f97ab1d5f4bae63521bf1fae67e118ddda0d4a8f6cb shadow-4.15.1.tar.xz +f3da7c0508a65d52c2d3cb82328848f4e45648c27aa57af5866f7e41f9a509900075f2de29b06e13c125640d684894f8cff8f31ef39df984574972a9d569a412 useradd-defaults.patch +3bdad54ebb710bad43417b43f696d5d5c662c9f48e9feab590e307edafbaa3533d43e750d44c76ec154666822f30552c9b906ee1cfd935ef7cea717e8c5366c4 chsh.pamd +351c4930ef6c822bdc3363e7aca0a2b300d39cd9cfe42a220bf2090a4dbfd20565d5c7415602852cdb36966f37640c51a18a409c4a4dfa8f7c7095040e45760d shadow-utils.pamd +" |