diff options
author | Jakub Jirutka <jakub@jirutka.cz> | 2016-08-17 21:26:45 +0200 |
---|---|---|
committer | Jakub Jirutka <jakub@jirutka.cz> | 2016-08-17 21:26:45 +0200 |
commit | c95b4aa8b02aed915ec840f8f291073157816b97 (patch) | |
tree | 1a501600f70c6033207e89ee9d1f16cb14bdbce4 /testing | |
parent | 6896ed31feda6db35c99fc916f6ce9835694c98e (diff) | |
download | aports-c95b4aa8b02aed915ec840f8f291073157816b97.tar.bz2 aports-c95b4aa8b02aed915ec840f8f291073157816b97.tar.xz |
community/shadow: move from testing
Diffstat (limited to 'testing')
-rw-r--r-- | testing/shadow/APKBUILD | 96 | ||||
-rw-r--r-- | testing/shadow/cross-size-checks.patch | 42 | ||||
-rw-r--r-- | testing/shadow/dots-in-usernames.patch | 11 | ||||
-rw-r--r-- | testing/shadow/login.pamd | 6 | ||||
-rw-r--r-- | testing/shadow/verbose-error-when-uid-doesnt-match.patch | 75 |
5 files changed, 0 insertions, 230 deletions
diff --git a/testing/shadow/APKBUILD b/testing/shadow/APKBUILD deleted file mode 100644 index c5ac99edb4..0000000000 --- a/testing/shadow/APKBUILD +++ /dev/null @@ -1,96 +0,0 @@ -# Contributor: William Pitcock <nenolod@dereferenced.org> -# Contributor: Jakub Jirutka <jakub@jirutka.cz> -# Maintainer: Stuart Cardall <developer@it-offshore.co.uk> -pkgname=shadow -pkgver=4.2.1 -pkgrel=6 -pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)" -url="http://pkg-shadow.alioth.debian.org/" -arch="all" -license="GPL" -depends="" -makedepends="linux-pam-dev" -subpackages="$pkgname-doc $pkgname-dbg $pkgname-uidmap" -source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz - login.pamd - dots-in-usernames.patch - cross-size-checks.patch - verbose-error-when-uid-doesnt-match.patch - " -options="suid" -builddir="$srcdir/shadow-$pkgver" - -build() { - cd "$builddir" - - ./configure --prefix=/usr \ - --sysconfdir=/etc \ - --mandir=/usr/share/man \ - --infodir=/usr/share/info \ - --localstatedir=/var \ - --disable-nls \ - --with-libpam \ - --without-audit \ - --without-selinux \ - --without-acl \ - --without-attr \ - --without-tcb \ - --without-nscd \ - --without-group-name-max-length \ - || return 1 - make || return 1 -} - -package() { - cd "$builddir" - - make DESTDIR="$pkgdir" install || return 1 - - # Do not install these pam.d files they are broken and outdated. - # nologin is provided by util-linux. - rm "$pkgdir"/etc/pam.d/* \ - "$pkgdir"/sbin/nologin \ - || return 1 - - # However, install our own for login. - cp "$srcdir"/login.pamd "$pkgdir"/etc/pam.d/login || return 1 - - # /etc/login.defs is not very useful - replace it with a blank file. - rm "$pkgdir"/etc/login.defs - touch "$pkgdir"/etc/login.defs - - # Avoid conflict with man-pages. - rm "$pkgdir"/usr/share/man/man3/getspnam.3* \ - "$pkgdir"/usr/share/man/man5/passwd.5* || return 1 -} - -uidmap() { - pkgdesc="Utilities for using subordinate UIDs and GIDs" - - mkdir -p "$subpkgdir" - cd "$subpkgdir" - - mkdir -p usr/bin - mv "$pkgdir"/usr/bin/new*idmap usr/bin/ || return 1 - chmod 4711 usr/bin/new*idmap || return 1 - - # Used e.g. for unprivileged LXC containers. - mkdir etc - touch etc/subuid etc/subgid -} - -md5sums="2bfafe7d4962682d31b5eba65dba4fc8 shadow-4.2.1.tar.xz -72dfc077a61ab7163e312640cc98bba8 login.pamd -f5fe3d7351d5e4046588b652c482c170 dots-in-usernames.patch -75bc0cafb44aa86075d2ec056816cc3e cross-size-checks.patch -6d938a758cba620dde3b9e4ce6e87703 verbose-error-when-uid-doesnt-match.patch" -sha256sums="3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41 shadow-4.2.1.tar.xz -c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0 login.pamd -ee58c622d1e8283dc4b17e93cc5e68f4ea4336654ebcfb48e46e0efaa864b77f dots-in-usernames.patch -fc3e32ddfc8eeb284412e8df7ad045ad27b742f5ee733db1a0bc14c97480e013 cross-size-checks.patch -7d9156d39afa3a937fc64130b1bfe0ddc1dd593caa629f29410ebbf84c258568 verbose-error-when-uid-doesnt-match.patch" -sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0 shadow-4.2.1.tar.xz -46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd -745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d dots-in-usernames.patch -c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4 cross-size-checks.patch -1b3513772a7a0294b587723213e4464cc5a1a42ae6a79e9b9f9ea20083684a21d81e362f44d87ce2e6de2daf396d8422b39019923c0b0cbb44fa4c4c24613c0c verbose-error-when-uid-doesnt-match.patch" diff --git a/testing/shadow/cross-size-checks.patch b/testing/shadow/cross-size-checks.patch deleted file mode 100644 index bd451ba1bb..0000000000 --- a/testing/shadow/cross-size-checks.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 -From: James Le Cuirot <chewi@aura-online.co.uk> -Date: Sat, 23 Aug 2014 09:46:39 +0100 -Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF - -This built-in check is simpler than the previous method and, most -importantly, works when cross-compiling. - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> ---- - configure.in | 14 ++++---------- - 1 file changed, 4 insertions(+), 10 deletions(-) - -diff --git a/configure.in b/configure.in -index 1a3f841..4a4d6d0 100644 ---- a/configure.in -+++ b/configure.in -@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then - dnl - dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc - dnl -- AC_RUN_IFELSE([AC_LANG_SOURCE([ --#include <sys/types.h> --int main(void) { -- uid_t u; -- gid_t g; -- return (sizeof u < 4) || (sizeof g < 4); --} -- ])], [id32bit="yes"], [id32bit="no"]) -- -- if test "x$id32bit" = "xyes"; then -+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) -+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) -+ -+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then - AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) - enable_subids="yes" - else --- -2.3.6 - - diff --git a/testing/shadow/dots-in-usernames.patch b/testing/shadow/dots-in-usernames.patch deleted file mode 100644 index b684c9d02f..0000000000 --- a/testing/shadow/dots-in-usernames.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- shadow-4.1.3/libmisc/chkname.c -+++ shadow-4.1.3/libmisc/chkname.c -@@ -66,6 +66,7 @@ - ( ('0' <= *name) && ('9' >= *name) ) || - ('_' == *name) || - ('-' == *name) || -+ ('.' == *name) || - ( ('$' == *name) && ('\0' == *(name + 1)) ) - )) { - return false; - diff --git a/testing/shadow/login.pamd b/testing/shadow/login.pamd deleted file mode 100644 index ad45558094..0000000000 --- a/testing/shadow/login.pamd +++ /dev/null @@ -1,6 +0,0 @@ -# /bin/login opens an interactive session. - -auth include base-auth -account include base-account -password include base-password -session include base-session diff --git a/testing/shadow/verbose-error-when-uid-doesnt-match.patch b/testing/shadow/verbose-error-when-uid-doesnt-match.patch deleted file mode 100644 index 6f104b438c..0000000000 --- a/testing/shadow/verbose-error-when-uid-doesnt-match.patch +++ /dev/null @@ -1,75 +0,0 @@ -From: Hank Leininger <hlein@korelogic.com> -Date: Mon, 6 Apr 2015 08:22:48 -0500 -Subject: [PATCH] Expand the error message when newuidmap / newgidmap do not - like the user/group ownership of their target process. - -Currently the error is just: - -newuidmap: Target [pid] is owned by a different user - -With this patch it will be like: - -newuidmap: Target [pid] is owned by a different user: uid:0 pw_uid:0 st_uid:0, gid:0 pw_gid:0 st_gid:99 - -Why is this useful? Well, in my case... - -The grsecurity kernel-hardening patch includes an option to make parts -of /proc unreadable, such as /proc/pid/ dirs for processes not owned by -the current uid. This comes with an option to make /proc/pid/ -directories readable by a specific gid; sysadmins and the like are then -put into that group so they can see a full 'ps'. - -This means that the check in new[ug]idmap fails, as in the above quoted -error - /proc/[targetpid] is owned by root, but the group is 99 so that -users in group 99 can see the process. - -Some Googling finds dozens of people hitting this problem, but not -*knowing* that they have hit this problem, because the errors and -circumstances are non-obvious. - -Some graceful way of handling this and not failing, will be next ;) But -in the meantime it'd be nice to have new[ug]idmap emit a more useful -error, so that it's easier to troubleshoot. - -Thanks! - -Signed-off-by: Hank Leininger <hlein@korelogic.com> -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> ---- - src/newgidmap.c | 6 ++++-- - src/newuidmap.c | 6 ++++-- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/newgidmap.c b/src/newgidmap.c -index a532b45..451c6a6 100644 ---- a/src/newgidmap.c -+++ b/src/newgidmap.c -@@ -161,8 +161,10 @@ int main(int argc, char **argv) - (getgid() != pw->pw_gid) || - (pw->pw_uid != st.st_uid) || - (pw->pw_gid != st.st_gid)) { -- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ), -- Prog, target); -+ fprintf(stderr, _( "%s: Target %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ), -+ Prog, target, -+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid, -+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid); - return EXIT_FAILURE; - } - -diff --git a/src/newuidmap.c b/src/newuidmap.c -index 5150078..9c8bc1b 100644 ---- a/src/newuidmap.c -+++ b/src/newuidmap.c -@@ -161,8 +161,10 @@ int main(int argc, char **argv) - (getgid() != pw->pw_gid) || - (pw->pw_uid != st.st_uid) || - (pw->pw_gid != st.st_gid)) { -- fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ), -- Prog, target); -+ fprintf(stderr, _( "%s: Target process %u is owned by a different user: uid:%lu pw_uid:%lu st_uid:%lu, gid:%lu pw_gid:%lu st_gid:%lu\n" ), -+ Prog, target, -+ (unsigned long int)getuid(), (unsigned long int)pw->pw_uid, (unsigned long int)st.st_uid, -+ (unsigned long int)getgid(), (unsigned long int)pw->pw_gid, (unsigned long int)st.st_gid); - return EXIT_FAILURE; - }
\ No newline at end of file |