aboutsummaryrefslogtreecommitdiffstats
path: root/community/shadow/APKBUILD
blob: 3264772979edd6ef1097deb9c8f70c30408d9919 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=shadow
pkgver=4.2.1
pkgrel=11
pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)"
url="http://pkg-shadow.alioth.debian.org/"
arch="all"
license="GPL"
depends=""
makedepends="linux-pam-dev"
subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap"
source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
	login.pamd
	dots-in-usernames.patch
	cross-size-checks.patch
	verbose-error-when-uid-doesnt-match.patch
	301-CVE-2017-2616-su-properly-clear-child-PID.patch
	302-CVE-2016-6252-fix-integer-overflow.patch
	303-Reset-pid_child-only-if-waitpid-was-successful.patch
	useradd-usergroups.patch
	pam-useradd.patch
	"
# secfixes:
#     - CVE-2016-6252
#     - CVE-2017-2616 (+ regression fix)

options="suid"
builddir="$srcdir/shadow-$pkgver"

build() {
	cd "$builddir"

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--target=$CTARGET \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--localstatedir=/var \
		--disable-nls \
		--with-libpam \
		--without-audit \
		--without-selinux \
		--without-acl \
		--without-attr \
		--without-tcb \
		--without-nscd \
		--without-group-name-max-length \
		|| return 1
	make || return 1
}

check() {
	cd "$builddir"
	make check
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install || return 1

	# Do not install these pam.d files they are broken and outdated.
	rm "$pkgdir"/etc/pam.d/* || return 1

	# install some pam.d files based on a patched useradd
	for pamf in groupadd groupdel groupmems groupmod \
		 useradd userdel usermod
	do
		install -m0644 etc/pam.d/useradd \
			"$pkgdir/etc/pam.d/$pamf" || return 1
	done
	# nologin is provided by util-linux.
	rm "$pkgdir"/sbin/nologin  || return 1

	# However, install our own for login.
	cp "$srcdir"/login.pamd "$pkgdir"/etc/pam.d/login || return 1

	# /etc/login.defs is not very useful - replace it with an *almost* blank file.
	rm "$pkgdir"/etc/login.defs
	echo "USERGROUPS_ENAB yes" > "$pkgdir"/etc/login.defs

	# Avoid conflict with man-pages.
	rm "$pkgdir"/usr/share/man/man3/getspnam.3* \
		"$pkgdir"/usr/share/man/man5/passwd.5* || return 1
}

uidmap() {
	pkgdesc="Utilities for using subordinate UIDs and GIDs"

	mkdir -p "$subpkgdir"
	cd "$subpkgdir"

	mkdir -p usr/bin
	mv "$pkgdir"/usr/bin/new*idmap usr/bin/ || return 1
	chmod 4711 usr/bin/new*idmap || return 1

	# Used e.g. for unprivileged LXC containers.
	mkdir etc
	touch etc/subuid etc/subgid
}

sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0  shadow-4.2.1.tar.xz
46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd
745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d  dots-in-usernames.patch
c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4  cross-size-checks.patch
1b3513772a7a0294b587723213e4464cc5a1a42ae6a79e9b9f9ea20083684a21d81e362f44d87ce2e6de2daf396d8422b39019923c0b0cbb44fa4c4c24613c0c  verbose-error-when-uid-doesnt-match.patch
0954920ce9307948848d8f9ca5ea5bba4db8394793ef314ab5c6770948e96071748192b52ba8c31d543fe71ce0e6e2a7f3a2a92862966a940639a19df1048634  301-CVE-2017-2616-su-properly-clear-child-PID.patch
36f494347cb980d85ea82331ec620a949be45f5f2c400a3b13f409a8d9c932c0f822cb0baa2ee78c6f356e7bf93de51c1b0f20730e8f3af36a746a5632d19bbe  302-CVE-2016-6252-fix-integer-overflow.patch
e36d54759b71d48c62aefc4032e63deccafa69d22f8bae772b4c0ca135b431db9cd35a1a2a2adf5c76996e76e13ab82e1cf19bba70c6ca4414b3979a43c292c2  303-Reset-pid_child-only-if-waitpid-was-successful.patch
49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56  useradd-usergroups.patch
0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1  pam-useradd.patch"