diff options
Diffstat (limited to 'testing/source/PAM/a/pam/pam.SlackBuild')
-rwxr-xr-x | testing/source/PAM/a/pam/pam.SlackBuild | 232 |
1 files changed, 232 insertions, 0 deletions
diff --git a/testing/source/PAM/a/pam/pam.SlackBuild b/testing/source/PAM/a/pam/pam.SlackBuild new file mode 100755 index 00000000..ccd19e30 --- /dev/null +++ b/testing/source/PAM/a/pam/pam.SlackBuild @@ -0,0 +1,232 @@ +#!/bin/sh + +# Copyright 2010 Vincent Batts, vbatts@hashbangbash.com +# Copyright 2010, 2011 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +SRCNAM=Linux-PAM +PKGNAM=pam +PAMRHVER=${PAMRHVER:-$(echo pam-redhat-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +VERSION=${VERSION:-$(echo $SRCNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf $SRCNAM-$VERSION +tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 +cd $SRCNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Better take the Red Hat added modules and patches, because that's very +# likely to be the most standard as far as PAM goes: +tar xvf $CWD/pam-redhat-$PAMRHVER.tar.?z || exit 1 +for file in CHANGELOG COPYING README ; do + mv pam-redhat-$PAMRHVER/${file}* ./${file}.pam-redhat +done +mv pam-redhat-$PAMRHVER/* modules +zcat $CWD/fedora-patches/pam-1.3.1-redhat-modules.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-noflex.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.3-nouserenv.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.6-limits-user.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.8-full-relro.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.0-pwhistory-helper.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.1.8-audit-user-mgmt.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.0-unix-nomsg.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-coverity.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-remove-obsolete-_unix_read_password-prototype.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-bcrypt_b.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-gensalt-autoentropy.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-crypt_checksalt.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-yescrypt.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-no-fallback.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-motd-multiple-paths.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch.gz | patch -p1 --verbose || exit 1 + +# pam_tally2 removed in recent redhat-modules.patch, but we'll keep it +# for now since system-auth in the shadow package uses it. Perhaps see if +# pam_faillock can replace the usage there? +zcat $CWD/patches/pam.pam_tally2.slackware.diff.gz | patch -p1 --verbose || exit 1 + +# Upstream git patch to prevent pam_tally2 from doing an fsync() +# with every failed login. This can cause system slowdowns, especially +# on Internet-connected machines that may endure endless dictionary +# attacks. +zcat $CWD/patches/pam.pam_tally2.no.fsync.patch.gz | patch -p1 --verbose || exit 1 + +# Improve the comments in /etc/environment: +zcat $CWD/patches/pam.etc.environment.better.comments.diff.gz | patch -p1 --verbose || exit 1 + +autoreconf -ivf || exit 1 + +# Using --enable-securedir=/lib/security/ because some downstream software +# (last I checked) assumes this, so /lib64/security/ was a problem... +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/ \ + --libdir=/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --includedir=/usr/include/security \ + --enable-securedir=/lib/security \ + --datarootdir=/usr/share \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --disable-regenerate-docu \ + --disable-audit \ + --disable-prelude \ + --disable-rpath \ + --disable-selinux \ + --disable-static \ + --build=$ARCH-slackware-linux || exit 1 + +# Make these man pages or the build falls over later +xmlto man modules/pam_faillock/faillock.8.xml -o modules/pam_faillock/ +xmlto man modules/pam_faillock/pam_faillock.8.xml -o modules/pam_faillock/ +xmlto man modules/pam_pwhistory/pwhistory_helper.8.xml -o modules/pam_pwhistory/ + +make -C po update-gmo +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +# The ones in /lib/security can also go: +rm -f $PKG/lib/security/*.la + +# Add extra symlinks added by pam.spec: +( cd $PKG/lib/security + for type in acct auth passwd session ; do + ln -sf pam_unix.so pam_unix_${type}.so + done +) + +# This is a pam helper that can only be called from pam +chown root:root $PKG/sbin/unix_chkpwd +chmod 6755 $PKG/sbin/unix_chkpwd + +# This package can own the /etc/pam.d/ directory +mkdir -p $PKG/etc/pam.d + +# Strip binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Don't clobber config files: +find $PKG/etc -type f -exec mv {} {}.new \; + +# Compress and if needed symlink the man pages: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a \ + AUTHORS COPYING* Copyright NEWS README* \ + $PKG/usr/doc/$PKGNAM-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi +if [ -r CHANGELOG ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat CHANGELOG | head -n 1000 > $DOCSDIR/CHANGELOG + touch -r CHANGELOG $DOCSDIR/CHANGELOG +fi +rm -f $PKG/usr/doc/$PKGNAM-$VERSION/index.html + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +# Append config statements to the install/doinst.sh: +( cd $PKG + for i in $(find etc -type f -name "*.new") ; do + echo "config $i" >> $PKG/install/doinst.sh ; + done +) + +cd $PKG +/sbin/makepkg -p -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz |