| # Copyright 1999-2020 Gentoo Authors |
| # Distributed under the terms of the GNU General Public License v2 |
| |
| EAPI=7 |
| |
| inherit autotools libtool pam |
| |
| DESCRIPTION="Utilities to deal with user accounts" |
| HOMEPAGE="https://github.com/shadow-maint/shadow" |
| SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz" |
| |
| LICENSE="BSD GPL-2" |
| SLOT="0" |
| KEYWORDS="*" |
| IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr" |
| # Taken from the man/Makefile.am file. |
| LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) |
| |
| REQUIRED_USE="?? ( cracklib pam )" |
| |
| BDEPEND=" |
| app-arch/xz-utils |
| sys-devel/gettext |
| " |
| COMMON_DEPEND=" |
| virtual/libcrypt:= |
| acl? ( sys-apps/acl:0= ) |
| audit? ( >=sys-process/audit-2.6:0= ) |
| cracklib? ( >=sys-libs/cracklib-2.7-r3:0= ) |
| nls? ( virtual/libintl ) |
| pam? ( sys-libs/pam:0= ) |
| skey? ( sys-auth/skey:0= ) |
| selinux? ( |
| >=sys-libs/libselinux-1.28:0= |
| sys-libs/libsemanage:0= |
| ) |
| xattr? ( sys-apps/attr:0= ) |
| " |
| DEPEND="${COMMON_DEPEND} |
| >=sys-kernel/linux-headers-4.14 |
| " |
| RDEPEND="${COMMON_DEPEND} |
| pam? ( >=sys-auth/pambase-20150213 ) |
| su? ( !sys-apps/util-linux[su(-)] ) |
| " |
| |
| PATCHES=( |
| # Lakitu: apply Fedora's patch on usernames, which entails the allowance of |
| # dots. |
| "${FILESDIR}"/shadow-4.11.1-goodname.patch |
| # Patch to fix this CVE can be removed once updated to or past 4.14.0 |
| "${FILESDIR}"/CVE-2023-4641.patch |
| ) |
| |
| src_prepare() { |
| default |
| eautoreconf |
| #elibtoolize |
| } |
| |
| src_configure() { |
| local myeconfargs=( |
| --disable-account-tools-setuid |
| --enable-shared=no |
| --enable-static=yes |
| --with-btrfs |
| --without-group-name-max-length |
| --without-tcb |
| $(use_enable nls) |
| $(use_with acl) |
| $(use_with audit) |
| $(use_with bcrypt) |
| $(use_with cracklib libcrack) |
| $(use_with elibc_glibc nscd) |
| $(use_with pam libpam) |
| $(use_with selinux) |
| $(use_with skey) |
| $(use_with su) |
| $(use_with xattr attr) |
| ) |
| econf "${myeconfargs[@]}" |
| |
| has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052 |
| |
| if use nls ; then |
| local l langs="po" # These are the pot files. |
| for l in ${LANGS[*]} ; do |
| has ${l} ${LINGUAS-${l}} && langs+=" ${l}" |
| done |
| sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die |
| fi |
| } |
| |
| set_login_opt() { |
| local comment="" opt=$1 val=$2 |
| if [[ -z ${val} ]]; then |
| comment="#" |
| sed -i \ |
| -e "/^${opt}\>/s:^:#:" \ |
| "${ED}"/etc/login.defs || die |
| else |
| sed -i -r \ |
| -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ |
| "${ED}"/etc/login.defs |
| fi |
| local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) |
| einfo "${res:-Unable to find ${opt} in /etc/login.defs}" |
| } |
| |
| src_install() { |
| emake DESTDIR="${D}" suidperms=4711 install |
| |
| # Remove libshadow and libmisc; see bug 37725 and the following |
| # comment from shadow's README.linux: |
| # Currently, libshadow.a is for internal use only, so if you see |
| # -lshadow in a Makefile of some other package, it is safe to |
| # remove it. |
| rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} |
| |
| insinto /etc |
| if ! use pam ; then |
| insopts -m0600 |
| doins etc/login.access etc/limits |
| fi |
| |
| # needed for 'useradd -D' |
| insinto /etc/default |
| insopts -m0600 |
| doins "${FILESDIR}"/default/useradd |
| |
| if use split-usr ; then |
| # move passwd to / to help recover broke systems #64441 |
| # We cannot simply remove this or else net-misc/scponly |
| # and other tools will break because of hardcoded passwd |
| # location |
| dodir /bin |
| mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die |
| dosym ../../bin/passwd /usr/bin/passwd |
| fi |
| |
| cd "${S}" || die |
| insinto /etc |
| insopts -m0644 |
| newins etc/login.defs login.defs |
| |
| set_login_opt CREATE_HOME yes |
| set_login_opt UMASK 027 |
| if ! use pam ; then |
| set_login_opt MAIL_CHECK_ENAB no |
| set_login_opt SU_WHEEL_ONLY yes |
| set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict |
| set_login_opt LOGIN_RETRIES 3 |
| set_login_opt ENCRYPT_METHOD SHA512 |
| set_login_opt CONSOLE |
| else |
| dopamd "${FILESDIR}"/pam.d-include/shadow |
| |
| for x in chsh shfn ; do |
| newpamd "${FILESDIR}"/pam.d-include/passwd ${x} |
| done |
| |
| for x in chpasswd newusers ; do |
| newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} |
| done |
| |
| newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems |
| |
| # comment out login.defs options that pam hates |
| local opt sed_args=() |
| for opt in \ |
| CHFN_AUTH \ |
| CONSOLE \ |
| CRACKLIB_DICTPATH \ |
| ENV_HZ \ |
| ENVIRON_FILE \ |
| FAILLOG_ENAB \ |
| FTMP_FILE \ |
| LASTLOG_ENAB \ |
| MAIL_CHECK_ENAB \ |
| MOTD_FILE \ |
| NOLOGINS_FILE \ |
| OBSCURE_CHECKS_ENAB \ |
| PASS_ALWAYS_WARN \ |
| PASS_CHANGE_TRIES \ |
| PASS_MIN_LEN \ |
| PORTTIME_CHECKS_ENAB \ |
| QUOTAS_ENAB \ |
| SU_WHEEL_ONLY |
| do |
| set_login_opt ${opt} |
| sed_args+=( -e "/^#${opt}\>/b pamnote" ) |
| done |
| sed -i "${sed_args[@]}" \ |
| -e 'b exit' \ |
| -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ |
| -e ': exit' \ |
| "${ED}"/etc/login.defs || die |
| |
| # remove manpages that pam will install for us |
| # and/or don't apply when using pam |
| find "${ED}"/usr/share/man -type f \ |
| '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ |
| -delete |
| |
| # Remove pam.d files provided by pambase. |
| rm "${ED}"/etc/pam.d/{login,passwd} || die |
| if use su ; then |
| rm "${ED}"/etc/pam.d/su || die |
| fi |
| fi |
| |
| # Remove manpages that are handled by other packages |
| find "${ED}"/usr/share/man \ |
| '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \ |
| -delete |
| |
| cd "${S}" || die |
| dodoc ChangeLog NEWS TODO |
| newdoc README README.download |
| cd doc || die |
| dodoc HOWTO README* WISHLIST *.txt |
| } |
| |
| pkg_preinst() { |
| rm -f "${EROOT}"/etc/pam.d/system-auth.new \ |
| "${EROOT}/etc/login.defs.new" |
| } |
| |
| pkg_postinst() { |
| # Enable shadow groups. |
| if [ ! -f "${EROOT}"/etc/gshadow ] ; then |
| if grpck -r -R "${EROOT}" 2>/dev/null ; then |
| grpconv -R "${EROOT}" |
| else |
| ewarn "Running 'grpck' returned errors. Please run it by hand, and then" |
| ewarn "run 'grpconv' afterwards!" |
| fi |
| fi |
| |
| [[ ! -f "${EROOT}"/etc/subgid ]] && |
| touch "${EROOT}"/etc/subgid |
| [[ ! -f "${EROOT}"/etc/subuid ]] && |
| touch "${EROOT}"/etc/subuid |
| |
| einfo "The 'adduser' symlink to 'useradd' has been dropped." |
| } |