jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
void-packages/srcpkgs/shadow/template
Duncaen e095c789e2 shadow: reduce the number of suid programs 
The defaults for what programs contained in shadow have the setuid bit
has changed in version 4.7, when using pam most of those tools don't
need setuid bits so explicitly disable them.

References:
* https://github.com/shadow-maint/shadow/pull/199
* https://bugs.archlinux.org/task/64836
* https://bugs.gentoo.org/702252
2019-12-18 16:52:20 +01:00

85 lines
2.5 KiB
Bash
Raw Blame History

# Template file for 'shadow'
pkgname=shadow
version=4.8
revision=2
build_style=gnu-configure
configure_args="--enable-shared --disable-static
--with-libpam --without-selinux --with-acl --with-attr
--disable-nls --enable-subordinate-ids --disable-account-tools-setuid"
hostmakedepends="automake gettext-devel libtool"
makedepends="acl-devel pam-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
checksum=64b46683b9c1f35b2cd2da9fa87a1383917666e85a56b35e081c7257d10dac64
conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
pre_configure() {
autoreconf -fi
case "$XBPS_TARGET_MACHINE" in
# Completely disable unportable ruserok().
*-musl) sed '/RUSEROK/d' -i configure;;
esac
}
do_build() {
# Don't install groups(1), we use the one from coreutils.
sed -i 's/groups$(EXEEXT) //' src/Makefile
for f in $(find man -name Makefile); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
# Install our pam files not the ones supplied with shadow.
rm -f ${DESTDIR}/etc/pam.d/*
for f in chage passwd; do
install -m644 ${FILESDIR}/${f}.pam ${DESTDIR}/etc/pam.d/${f}
done
for f in chpasswd chgpasswd groupadd groupdel groupmems \
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
# Disable creating mailbox files by default.
sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
# Change default group to the users gid (100).
sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
${DESTDIR}/etc/cron.daily/shadow
# Remove groups.1 manpage provided by coreutils.
rm -f ${DESTDIR}/usr/share/man/man1/groups.1
# Remove utilities provided by util-linux and logoutd.
mv ${DESTDIR}/usr/bin/{newgrp,sg}
rm \
$DESTDIR/usr/bin/{login,su,chsh,chfn} \
$DESTDIR/usr/bin/{nologin,logoutd,vipw,vigr}
# ...and their many man pages
find $DESTDIR/usr/share/man \
'(' -name 'chsh.1' -o \
-name 'chfn.1' -o \
-name 'su.1' -o \
-name 'login.1' -o \
-name 'vipw.8' -o \
-name 'vigr.8' -o \
-name 'logoutd.8' -o \
-name 'nologin.8' -o \
-name 'newgrp.1' ')' \
-delete
vlicense $FILESDIR/LICENSE
}
Reference in a new issue View git blame Copy permalink