From fda3df9834dfc55796085cb174b8c70de4e4dbb2 Mon Sep 17 00:00:00 2001 From: Jonathan Maw Date: Wed, 22 Apr 2015 15:22:09 +0000 Subject: Fix linux-pam This involves: * Reordering the chunks linux-pam, acl, attr and libcap2 - this means moving them into the 'core' stratum, and fixing errors that occur because of the move. * Configuring pam correctly. * Fix acl failing to build in core. * Fix shadow to build against pam and reconfigure shadow to not do things covered by pam. * Fix tar not building - I am not sure what caused this to fail to build, but fixing it involved stopping it from trying to init submodules that were already checked out. Move linux-pam, acl, and attr into core and make shadow depend on them Change-Id: I1b00ca0158c31ce5f31c11fe60816434508a05a1 --- strata/core.morph | 77 +++++++++++++++++++---- strata/core/acl.morph | 6 ++ strata/core/attr.morph | 18 ++++++ strata/core/libcap2.morph | 6 ++ strata/core/linux-pam.morph | 125 ++++++++++++++++++++++++++++++++++++++ strata/core/shadow.morph | 29 ++++++++- strata/coreutils-common/tar.morph | 3 +- strata/foundation.morph | 30 --------- strata/foundation/acl.morph | 6 -- strata/foundation/attr.morph | 18 ------ strata/foundation/libcap2.morph | 6 -- strata/foundation/linux-pam.morph | 15 ----- 12 files changed, 251 insertions(+), 88 deletions(-) create mode 100644 strata/core/acl.morph create mode 100644 strata/core/attr.morph create mode 100644 strata/core/libcap2.morph create mode 100644 strata/core/linux-pam.morph delete mode 100644 strata/foundation/acl.morph delete mode 100644 strata/foundation/attr.morph delete mode 100644 strata/foundation/libcap2.morph delete mode 100644 strata/foundation/linux-pam.morph diff --git a/strata/core.morph b/strata/core.morph index cfdc52eb..fbdda5ca 100644 --- a/strata/core.morph +++ b/strata/core.morph @@ -234,25 +234,55 @@ chunks: - autoconf-tarball - automake - libtool-tarball -- name: util-linux - morph: strata/core/util-linux.morph - repo: upstream:util-linux - ref: b567c9cbc854a36da0a198e4dcc463e134d26a25 - unpetrify-ref: v2.25.2 +- name: attr + morph: strata/core/attr.morph + repo: upstream:attr + ref: 4b005410f865895d4dcd56e2c135278a7a315877 + unpetrify-ref: baserock/morph + build-depends: + - autoconf-tarball + - automake + - gettext-tarball + - libtool-tarball +- name: acl + morph: strata/core/acl.morph + repo: upstream:acl + ref: f13e09bd54fd4a501c4952f002ed2752bdd9f93b + unpetrify-ref: v2.2.52 + build-depends: + - autoconf-tarball + - automake + - gettext-tarball + - libtool-tarball + - attr +- name: linux-pam + morph: strata/core/linux-pam.morph + repo: upstream:linux-pam + ref: b1521c97e73b10469f7b34c0571d51c647eca83c + unpetrify-ref: Linux-PAM-1.1.8 build-depends: - autoconf-tarball - automake - gettext-tarball - - git - libtool-tarball - pkg-config -- name: bc - repo: upstream:bc-tarball - ref: 0956d119432ff6a2e85bae1fa336df799cad70b0 + - flex + - attr + - acl +- name: libcap2 + morph: strata/core/libcap2.morph + repo: upstream:libcap2 + ref: 4f7cca1bc9c2a274edb39d351b65747010d3ba7b unpetrify-ref: baserock/morph build-depends: - - flex - - texinfo-tarball + - autoconf-tarball + - automake + - gettext-tarball + - libtool-tarball + - pkg-config + - attr + - acl + - linux-pam - name: shadow morph: strata/core/shadow.morph repo: upstream:shadow @@ -264,6 +294,31 @@ chunks: - gettext-tarball - libtool-tarball - bison + - attr + - acl + - linux-pam + - libcap2 +- name: util-linux + morph: strata/core/util-linux.morph + repo: upstream:util-linux + ref: b567c9cbc854a36da0a198e4dcc463e134d26a25 + unpetrify-ref: v2.25.2 + build-depends: + - autoconf-tarball + - automake + - gettext-tarball + - git + - libtool-tarball + - pkg-config + - linux-pam + - shadow +- name: bc + repo: upstream:bc-tarball + ref: 0956d119432ff6a2e85bae1fa336df799cad70b0 + unpetrify-ref: baserock/morph + build-depends: + - flex + - texinfo-tarball - name: patch morph: strata/core/patch.morph repo: upstream:patch diff --git a/strata/core/acl.morph b/strata/core/acl.morph new file mode 100644 index 00000000..23f08c1f --- /dev/null +++ b/strata/core/acl.morph @@ -0,0 +1,6 @@ +name: acl +kind: chunk +build-commands: +- make +install-commands: +- make DESTDIR="$DESTDIR" install-lib install-dev diff --git a/strata/core/attr.morph b/strata/core/attr.morph new file mode 100644 index 00000000..46d0b9c0 --- /dev/null +++ b/strata/core/attr.morph @@ -0,0 +1,18 @@ +name: attr +kind: chunk +build-system: autotools +configure-commands: +- make configure +- | + ./configure --prefix="$PREFIX" \ + --exec-prefix="$PREFIX" \ + --sbindir="$PREFIX"/sbin \ + --bindir="$PREFIX"/bin \ + --libdir="$PREFIX"/lib \ + --libexecdir="$PREFIX"/lib \ + --enable-lib64=yes \ + --includedir="$PREFIX"/include \ + --mandir="$PREFIX"/share/man \ + --datadir="$PREFIX"/share +install-commands: +- make DESTDIR="$DESTDIR" install-lib install-dev diff --git a/strata/core/libcap2.morph b/strata/core/libcap2.morph new file mode 100644 index 00000000..3e4f205e --- /dev/null +++ b/strata/core/libcap2.morph @@ -0,0 +1,6 @@ +name: libcap2 +kind: chunk +build-commands: +- make prefix="$PREFIX" +install-commands: +- make prefix="$PREFIX" DESTDIR="$DESTDIR" RAISE_SETFCAP=no install lib=lib diff --git a/strata/core/linux-pam.morph b/strata/core/linux-pam.morph new file mode 100644 index 00000000..6c4959b0 --- /dev/null +++ b/strata/core/linux-pam.morph @@ -0,0 +1,125 @@ +name: linux-pam +kind: chunk +build-system: autotools +pre-configure-commands: +- autoreconf -ivf +configure-commands: +- ./configure --prefix=/usr --libdir=/lib +post-install-commands: +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-account <<'EOF' + #%PAM-1.0 + # Empty passwords are allowed + account required pam_unix.so + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-auth <<'EOF' + #%PAM-1.0 + # Empty passwords are allowed + auth required pam_unix.so nullok + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-passwd <<'EOF' + #%PAM-1.0 + password required pam_unix.so sha512 shadow try_first_pass + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-session <<'EOF' + #%PAM-1.0 + session required pam_unix.so + session optional pam_systemd.so + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/login <<'EOF' + #%PAM-1.0 + # Set failure delay before next prompt to 3 seconds + auth optional pam_faildelay.so delay=3000000 + + # Check to make sure that the user is allowed to login + auth requisite pam_nologin.so + + # Check to make sure that root is allowed to login + # Disabled by default. You will need to create /etc/securetty + # file for this module to function. See man 5 securetty. + #auth required pam_securetty.so + + # Additional group memberships - disabled by default + #auth optional pam_group.so + + # include the default auth settings + auth include system-auth + + # check access for the user + account required pam_access.so + + # include the default account settings + account include system-account + + # Set default environment variables for the user + session required pam_env.so + + # Set resource limits for the user + session required pam_limits.so + + # Display date of last login - Disabled by default + #session optional pam_lastlog.so + + # Display the message of the day - Disabled by default + #session optional pam_motd.so + + # Check user's mail - Disabled by default + #session optional pam_mail.so standard quiet + + # include the default session and password settings + session include system-session + password include system-passwd + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/passwd <<'EOF' + #%PAM-1.0 + password include system-passwd + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/su <<'EOF' + #%PAM-1.0 + # always allow root + auth sufficient pam_rootok.so + auth include system-auth + + # include the default account settings + account include system-account + + # Set default environment variables for the service user + session required pam_env.so + + # include system session defaults + session include system-session + EOF +- | + install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/chage <<'EOF' + #%PAM-1.0 + # always allow root + auth sufficient pam_rootok.so + + # include system defaults for auth account and session + auth include system-auth + account include system-account + session include system-session + + # Always permit for authentication updates + password required pam_permit.so + EOF +- | + for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel groupmems \ + groupmod newusers useradd userdel usermod + do + install -m 0644 "$DESTDIR/etc/pam.d/chage" "$DESTDIR/etc/pam.d/${PROGRAM}" + done +- | + install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/pam.d/other + #%PAM-1.0 + auth include system-auth + account include system-account + password include system-passwd + session include system-session + EOF diff --git a/strata/core/shadow.morph b/strata/core/shadow.morph index 6887a6b3..f75d0c51 100644 --- a/strata/core/shadow.morph +++ b/strata/core/shadow.morph @@ -2,4 +2,31 @@ name: shadow kind: chunk build-system: autotools configure-commands: -- ./autogen.sh --with-selinux=no --sysconfdir=/etc +- ./autogen.sh --with-selinux=no --sysconfdir=/etc --with-pam=yes +post-install-commands: +# Disable things handled by pam instead +- rm "$DESTDIR/etc/limits" +- rm "$DESTDIR/etc/login.access" +- | + for OPTION in FAIL_DELAY \ + FAILLOG_ENAB \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + OBSCURE_CHECKS_ENAB \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + CONSOLE MOTD_FILE \ + FTMP_FILE \ + NOLOGINS_FILE \ + ENV_HZ \ + PASS_MIN_LEN \ + SU_WHEEL_ONLY \ + CRACKLIB_DICTPATH \ + PASS_CHANGE_TRIES \ + PASS_ALWAYS_WARN \ + CHFN_AUTH \ + ENCRYPT_METHOD \ + ENVIRON_FILE + do + sed -i "s/^${OPTION}/# &/" "$DESTDIR/etc/login.defs" + done diff --git a/strata/coreutils-common/tar.morph b/strata/coreutils-common/tar.morph index d9ee3a36..17d6a597 100644 --- a/strata/coreutils-common/tar.morph +++ b/strata/coreutils-common/tar.morph @@ -2,7 +2,8 @@ name: tar kind: chunk build-system: autotools pre-configure-commands: -- bash bootstrap --skip-po +- rm .gitmodules +- bash bootstrap --skip-po --gnulib-srcdir="$(pwd)/gnulib" --paxutils-srcdir="$(pwd)/paxutils" configure-commands: # Configure flag notes: # 1. Needed to run configure as root diff --git a/strata/foundation.morph b/strata/foundation.morph index 3de24fee..b90bf239 100644 --- a/strata/foundation.morph +++ b/strata/foundation.morph @@ -8,11 +8,6 @@ chunks: repo: upstream:bash-completion ref: 3085c7e12179817a02a611016606391295c69942 unpetrify-ref: 2.1 -- name: attr - morph: strata/foundation/attr.morph - repo: upstream:attr - ref: 4b005410f865895d4dcd56e2c135278a7a315877 - unpetrify-ref: baserock/morph - name: groff morph: strata/foundation/groff.morph repo: upstream:groff-git @@ -28,13 +23,6 @@ chunks: repo: upstream:tz ref: a0782484f101ac55c916568bc1c490d7761fc904 unpetrify-ref: 2015a -- name: libcap2 - morph: strata/foundation/libcap2.morph - repo: upstream:libcap2 - ref: 4f7cca1bc9c2a274edb39d351b65747010d3ba7b - unpetrify-ref: baserock/morph - build-depends: - - attr - name: libffi morph: strata/foundation/libffi.morph repo: upstream:libffi @@ -72,11 +60,6 @@ chunks: ref: 412eed473b557ed2172d81d76fa1e1f53c973a67 build-depends: - libgpg-error -- name: linux-pam - morph: strata/foundation/linux-pam.morph - repo: upstream:linux-pam - ref: b1521c97e73b10469f7b34c0571d51c647eca83c - unpetrify-ref: Linux-PAM-1.1.8 - name: systemd morph: strata/foundation/systemd.morph repo: upstream:systemd @@ -86,9 +69,7 @@ chunks: - dbus-pre - gobject-introspection - kmod - - libcap2 - libgcrypt - - linux-pam - name: libusb repo: upstream:libusb ref: e11525c66c7dd2db466c8f5785ff0b37d6a99ec9 @@ -111,13 +92,6 @@ chunks: repo: upstream:fuse ref: d69e627e79862e2df4ff9ff1ddb0363c4520d8a8 unpetrify-ref: baserock/morph -- name: acl - morph: strata/foundation/acl.morph - repo: upstream:acl - ref: f13e09bd54fd4a501c4952f002ed2752bdd9f93b - unpetrify-ref: v2.2.52 - build-depends: - - attr - name: e2fsprogs morph: strata/foundation/e2fsprogs.morph repo: upstream:e2fsprogs @@ -129,8 +103,6 @@ chunks: ref: 563ff3b07d85517e3589a1f2e6f45a8265e3f071 unpetrify-ref: v3.18.2 build-depends: - - attr - - acl - lzo - e2fsprogs - name: dbus @@ -153,8 +125,6 @@ chunks: repo: baserock:baserock/tbdiff ref: 47fb728f2432929868666afc915dbc5a64836c08 unpetrify-ref: master - build-depends: - - attr - name: dbus-glib repo: upstream:dbus-glib ref: 397e8297d433547c9bf4150ddd2b9e0b4c39628c diff --git a/strata/foundation/acl.morph b/strata/foundation/acl.morph deleted file mode 100644 index c742d8ae..00000000 --- a/strata/foundation/acl.morph +++ /dev/null @@ -1,6 +0,0 @@ -name: acl -kind: chunk -build-commands: -- make -install-commands: -- make DESTDIR="$DESTDIR" install-dev diff --git a/strata/foundation/attr.morph b/strata/foundation/attr.morph deleted file mode 100644 index 46d0b9c0..00000000 --- a/strata/foundation/attr.morph +++ /dev/null @@ -1,18 +0,0 @@ -name: attr -kind: chunk -build-system: autotools -configure-commands: -- make configure -- | - ./configure --prefix="$PREFIX" \ - --exec-prefix="$PREFIX" \ - --sbindir="$PREFIX"/sbin \ - --bindir="$PREFIX"/bin \ - --libdir="$PREFIX"/lib \ - --libexecdir="$PREFIX"/lib \ - --enable-lib64=yes \ - --includedir="$PREFIX"/include \ - --mandir="$PREFIX"/share/man \ - --datadir="$PREFIX"/share -install-commands: -- make DESTDIR="$DESTDIR" install-lib install-dev diff --git a/strata/foundation/libcap2.morph b/strata/foundation/libcap2.morph deleted file mode 100644 index 3e4f205e..00000000 --- a/strata/foundation/libcap2.morph +++ /dev/null @@ -1,6 +0,0 @@ -name: libcap2 -kind: chunk -build-commands: -- make prefix="$PREFIX" -install-commands: -- make prefix="$PREFIX" DESTDIR="$DESTDIR" RAISE_SETFCAP=no install lib=lib diff --git a/strata/foundation/linux-pam.morph b/strata/foundation/linux-pam.morph deleted file mode 100644 index 0dfbe759..00000000 --- a/strata/foundation/linux-pam.morph +++ /dev/null @@ -1,15 +0,0 @@ -name: linux-pam -kind: chunk -build-system: autotools -pre-configure-commands: -- autoreconf -ivf -post-install-commands: -# sudo command is expecting this file. -- | - install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/pam.d/other - #%PAM-1.0 - auth required pam_unix.so - account required pam_unix.so - password required pam_unix.so - session required pam_unix.so - EOF -- cgit v1.2.1