summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--abs/core/shadow/PKGBUILD75
-rw-r--r--abs/core/shadow/lastlog.tmpfiles1
-rw-r--r--abs/core/shadow/login.defs9
-rw-r--r--abs/core/shadow/shadow-strncpy-usage.patch25
-rwxr-xr-xabs/core/shadow/shadow.cron.daily6
-rw-r--r--abs/core/shadow/shadow.install27
-rw-r--r--abs/core/shadow/shadow.service11
-rw-r--r--abs/core/shadow/shadow.timer7
-rw-r--r--abs/core/shadow/useradd.defaults2
-rw-r--r--abs/core/shadow/xstrdup.patch9
10 files changed, 77 insertions, 95 deletions
diff --git a/abs/core/shadow/PKGBUILD b/abs/core/shadow/PKGBUILD
index 0ca6f54..de451df 100644
--- a/abs/core/shadow/PKGBUILD
+++ b/abs/core/shadow/PKGBUILD
@@ -1,24 +1,25 @@
-# $Id: PKGBUILD 197840 2013-10-30 11:06:53Z allan $
# Maintainer: Dave Reisner <dreisner@archlinux.org>
# Maintainer: Aaron Griffin <aaron@archlinux.org>
pkgname=shadow
-pkgver=4.1.5.1
-pkgrel=7
+pkgver=4.8.1
+pkgrel=4
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
-arch=('i686' 'x86_64')
-url='http://pkg-shadow.alioth.debian.org/'
+arch=('x86_64')
+url='https://github.com/shadow-maint/shadow'
license=('BSD')
-groups=('base')
-depends=('bash' 'pam' 'acl')
+# libcap-ng needed by install scriptlet for 'filecap'
+depends=('pam' 'acl' 'libacl.so' 'audit' 'libaudit.so' 'libcap-ng' 'libcap-ng.so'
+ 'libxcrypt' 'libcrypt.so')
backup=(etc/login.defs
etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel}
etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
etc/pam.d/{chgpasswd,groupmems}
etc/default/useradd)
options=(strip debug)
-install='shadow.install'
-source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig}
+validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8' # Christian Perrier
+ 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D') # Serge Hallyn
+source=("https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz"{,.asc}
LICENSE
chgpasswd
chpasswd
@@ -26,52 +27,38 @@ source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{
login.defs
newusers
passwd
- shadow.cron.daily
- useradd.defaults
- xstrdup.patch
- shadow-strncpy-usage.patch
- lastlog.tmpfiles)
-sha1sums=('81f38720b953ef9c2c100c43d02dfe19cafd6c30'
+ shadow.{timer,service}
+ useradd.defaults)
+install=shadow.install
+sha1sums=('63457a0ba58dc4e81b2663b839dc6c89d3343f12'
'SKIP'
'33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
'4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
- 'e92045fb75e0c21a3f294a00de0bd2cd252e9463'
+ '81a02eadb5f605fef5c75b6d8a03713a7041864b'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'611be25d91c3f8f307c7fe2485d5f781e5dee75f'
- '98f4919014b1a9eb9f01ca7731e04b1d973cedd5'
- '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
- '6010fffeed1fc6673ad9875492e1193b1a847b53'
- '21e12966a6befb25ec123b403cd9b5c492fe5b16'
- 'f57ecde3f72b4738fad75c097d19cf46a412350f')
+ 'a154a94b47a3d0c6c287253b98c0d10b861226d0'
+ 'b5540736f5acbc23b568973eb5645604762db3dd'
+ 'c173208c5cf34528602f9931468a67b7f68abad3')
build() {
cd "$pkgname-$pkgver"
- # avoid transitive linking issues with binutils 2.22
- sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am
-
- # link to glibc's crypt(3)
- export LIBS="-lcrypt"
-
- # need to offer these upstream
- patch -Np1 <"$srcdir/xstrdup.patch"
- patch -Np1 <"$srcdir/shadow-strncpy-usage.patch"
-
- # supress etc/pam.d/*, we provide our own
- sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in
-
+ autoreconf -fsiv
./configure \
--prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/bin \
- --libdir=/lib \
+ --libdir=/usr/lib \
--mandir=/usr/share/man \
--sysconfdir=/etc \
+ --disable-account-tools-setuid \
--with-libpam \
- --without-selinux \
- --with-group-name-max-length=32
+ --with-group-name-max-length=32 \
+ --with-audit \
+ --without-selinux
make
}
@@ -85,16 +72,19 @@ package() {
install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE"
# useradd defaults
- install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd"
+ install -Dm600 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd"
- # cron job
- install -Dm744 "$srcdir/shadow.cron.daily" "$pkgdir/etc/cron.daily/shadow"
+ # systemd units
+ install -D -m644 "$srcdir/shadow.timer" "$pkgdir/usr/lib/systemd/system/shadow.timer"
+ install -D -m644 "$srcdir/shadow.service" "$pkgdir/usr/lib/systemd/system/shadow.service"
+ install -d -m755 "$pkgdir/usr/lib/systemd/system/timers.target.wants"
+ ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer"
# login.defs
install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
# PAM config - custom
- install -dm755 "$pkgdir/etc/pam.d"
+ rm "$pkgdir/etc/pam.d"/*
install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers}
# PAM config - from tarball
@@ -106,9 +96,6 @@ package() {
install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file"
done
- # lastlog log file creation
- install -Dm644 "$srcdir/lastlog.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/lastlog.conf"
-
# Remove evil/broken tools
rm "$pkgdir"/usr/sbin/logoutd
diff --git a/abs/core/shadow/lastlog.tmpfiles b/abs/core/shadow/lastlog.tmpfiles
deleted file mode 100644
index 9c07b39..0000000
--- a/abs/core/shadow/lastlog.tmpfiles
+++ /dev/null
@@ -1 +0,0 @@
-f /var/log/lastlog 0644 root root
diff --git a/abs/core/shadow/login.defs b/abs/core/shadow/login.defs
index 5913671..a0afbc1 100644
--- a/abs/core/shadow/login.defs
+++ b/abs/core/shadow/login.defs
@@ -81,8 +81,8 @@ HUSHLOGIN_FILE .hushlogin
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/usr/bin
-ENV_PATH PATH=/usr/bin
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
#
# Terminal permissions
@@ -201,3 +201,8 @@ USERGROUPS_ENAB yes
# file.
#
MOTD_FILE
+
+#
+# Hash shadow passwords with SHA512.
+#
+ENCRYPT_METHOD SHA512
diff --git a/abs/core/shadow/shadow-strncpy-usage.patch b/abs/core/shadow/shadow-strncpy-usage.patch
deleted file mode 100644
index 5aba8fa..0000000
--- a/abs/core/shadow/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c
---- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500
-+++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
-diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c
---- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500
-+++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/abs/core/shadow/shadow.cron.daily b/abs/core/shadow/shadow.cron.daily
deleted file mode 100755
index 1373ecd..0000000
--- a/abs/core/shadow/shadow.cron.daily
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-# Verify integrity of password and group files
-/usr/bin/pwck -r
-/usr/bin/grpck -r
-
diff --git a/abs/core/shadow/shadow.install b/abs/core/shadow/shadow.install
index 14384c3..83d9ab7 100644
--- a/abs/core/shadow/shadow.install
+++ b/abs/core/shadow/shadow.install
@@ -1,9 +1,22 @@
+setcaps() {
+ _setcap() {
+ if filecap "$1" "$2"; then
+ chmod -s "$1"
+ fi
+ }
+
+ # shadow ships these as setuid, but if we can apply file caps, use those instead.
+ # 'filecap' insists on absolute paths
+ _setcap /usr/bin/newuidmap setuid
+ _setcap /usr/bin/newgidmap setgid
+}
+
+post_install() {
+ setcaps
+}
+
post_upgrade() {
- grpck -r >/dev/null 2>&1
- if [ $? -eq 2 ]; then
- printf '%s\n' \
- "==> Warning: /etc/group or /etc/gshadow are inconsistent." \
- " Run 'grpck' to correct this."
- fi
- return 0
+ setcaps
}
+
+# vim:set ts=2 sw=2 et:
diff --git a/abs/core/shadow/shadow.service b/abs/core/shadow/shadow.service
new file mode 100644
index 0000000..39025d9
--- /dev/null
+++ b/abs/core/shadow/shadow.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Verify integrity of password and group files
+After=systemd-sysusers.service
+
+[Service]
+Type=simple
+# Always run both checks, but fail the service if either fails
+ExecStart=/bin/sh -c '/usr/bin/pwck -r || r=1; /usr/bin/grpck -r && exit $r'
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
diff --git a/abs/core/shadow/shadow.timer b/abs/core/shadow/shadow.timer
new file mode 100644
index 0000000..9cc6baa
--- /dev/null
+++ b/abs/core/shadow/shadow.timer
@@ -0,0 +1,7 @@
+[Unit]
+Description=Daily verification of password and group files
+
+[Timer]
+OnCalendar=daily
+AccuracySec=12h
+Persistent=true
diff --git a/abs/core/shadow/useradd.defaults b/abs/core/shadow/useradd.defaults
index b800b17..e07fe27 100644
--- a/abs/core/shadow/useradd.defaults
+++ b/abs/core/shadow/useradd.defaults
@@ -1,6 +1,6 @@
# useradd defaults file for ArchLinux
# original changes by TomK
-GROUP=100
+GROUP=users
HOME=/home
INACTIVE=-1
EXPIRE=
diff --git a/abs/core/shadow/xstrdup.patch b/abs/core/shadow/xstrdup.patch
deleted file mode 100644
index bce4342..0000000
--- a/abs/core/shadow/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- shadow-4.1.2.1/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ shadow-4.1.2.1/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }