NAME=shadow # shadow-4.0.18.1_cvs20070218.tar.gz is from CVS with these modifications: # - Applied a patch from Brandon Peirce to fix "useradd -g". # - Removed ja.po temporarily because it seemed to be broken at the # moment. AFAIK, Tukaani doesn't have any Japanese users at the moment; # if I'm wrong, please complain. ;^) VERSION=( 4.0.18.1_cvs20070218 2.8.9 ) SOURCE=(ftp://ftp.pld.org.pl/software/shadow/shadow-$VERSION.tar.gz $MIRROR_SF/cracklib/cracklib-${VERSION[1]}.tar.gz adduser doinst.sh ) PATCH=shadow.login.defs.diff.gz BUILD=${BUILD:-1} OPTIMIZE=${OPTIMIZE:-"-Os -pipe"} ROOT_REQUIRED=1 build() { cat ${SOURCE[3]} > $PKG/install/doinst.sh ############ # cracklib # ############ _explode 1 cd $TMP/cracklib-* # If someone wants the Python module, tell Larhzu. _configure \ --disable-static \ --without-python make make DESTDIR=$PKG install _doc 0 cracklib-${VERSION[1]} AUTHORS COPYING NEWS README* # We do not include any dictionary in the shadow package: rm -f $PKG$DATADIR/cracklib/pw_dict* # This should be put into the file used by file(1) command by # distro maintainer(s). It's useless here: rm -f $PKG$DATADIR/cracklib/cracklib.magic # Install cracklib to filesystem: _chfix _chgrp_bin _tmp_pkg 0 ########## # shadow # ########## _explode 0 cd $TMP/shadow-* # Change some defaults in /etc/login.defs. Compared to Slackware # we have changed these: # # # Minimum length of password (root can still set what he wants): # PASS_MIN_LEN 8 # # # Only users in the group "wheel" can "su" to "root". Using "su" # # to change to any other user is not restricted. # SU_WHEEL_ONLY yes # # # Set the cracklib dictionary path but comment it out by default. # # Because the dictionary is huge, we ship it in a separate package. # # If a dictionary file is not present and this setting is not # # commented out, passwd won't allow changing passwords. # CRACKLIB_DICTPATH /usr/share/cracklib/pw_dict # # # Disable CONSOLE_GROUPS. It is much better to either add users permanently # # to groups "floppy", "audio", "video" and "cdrom" or not at all. # #CONSOLE_GROUPS _patch 0 -p0 # Don't use _configure, shadow has specialities that put some # files in /bin and /sbin and rest to /usr. ./configure \ --prefix=$PREFIX \ --libdir=$LIBDIR \ --sysconfdir=$SYSCONFDIR \ --localstatedir=$LOCALSTATEDIR \ --build=$CONFIGURE_TRIPLET \ --disable-shared \ --without-audit \ --without-libpam \ --without-selinux \ --with-libcrack make make DESTDIR=$PKG install # These things aren't needed when using glibc, as it # supplies its own shadow functions: rm $PKG$LIBDIR/libshadow.* # We use the groups command from coreutils. find $PKG$MANDIR -name groups.1 -exec rm -f {} \; rm -f $PKG$BINDIR/groups $PKG/bin/groups cat << "EOF" > $PKG$SYSCONFDIR/limits ######################################################################## # # NOTE! # # This file is read *ONLY* when users login via console. This file is # *NOT* read when users login via SSH or gdm/kdm/xdm. # # Note that while /etc/profile and /etc/csh.login are always read on # login, applying resource limits there is not safe since execution # of /etc/profile can be aborted using Ctrl-c. # # It would be nice if someone wrote a patch for kdm (and why not # gdm and xdm too) to read /etc/limits. # ######################################################################## EOF cat etc/limits >> $PKG$SYSCONFDIR/limits _new 0 ${SYSCONFDIR#/}/{login.defs,login.access,limits,default/useradd} cat ${SOURCE[2]} > $PKG$SBINDIR/adduser chmod 0755 $PKG$SBINDIR/adduser _doc 0 shadow-$VERSION ABOUT-NLS ChangeLog NEWS README TODO \ doc/HOWTO doc/LICENSE doc/LSM doc/README.limits \ doc/README.linux doc/README.nls doc/README.pam \ doc/WISHLIST # Make setuid binaries executable only by root and group "users". find $PKG -type f -perm +4000 -exec \ sh -c 'chown root:users {} ; chmod 4710 {}' \; # This file contains only ".so shadow.3" and conflicts with # man-page package so it is wise to remove it here: rm -f $PKG$MANDIR/man3/getspnam.3 # Initial faillog with sane permissions: mkdir -p $PKG$LOCALSTATEDIR/log : > $PKG$LOCALSTATEDIR/log/faillog _new_delete 0 ${LOCALSTATEDIR#/}/log/faillog }