#!/bin/bash # Copyright 2005-2018 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is # permitted provided that the following conditions are met: # # 1. Redistributions of this script must retain the above copyright # notice, this list of conditions and the following disclaimer. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. cd $(dirname $0) ; CWD=$(pwd) PKGNAM=shadow VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} BUILD=${BUILD:-5} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) export ARCH=i586 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; esac fi # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information # could be useful to other scripts. if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" exit 0 fi NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} TMP=${TMP:-/tmp} PKG=$TMP/package-shadow if [ "$ARCH" = "i586" ]; then SLKCFLAGS="-O2 -march=i586 -mtune=i686" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2 -fPIC" else SLKCFLAGS="-O2" fi rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf shadow-$VERSION tar xvf $CWD/shadow-$VERSION.tar.xz || exit 1 cd shadow-$VERSION # Apply some patches taken from the svn trunk that # fix some of the more serious bugs in 4.1.4.3: for patch in $CWD/patches/*.diff.gz ; do zcat $patch | patch -p0 --verbose || exit 1 done # Relax the restrictions on "su -c" when it is used to become root. # It's not likely that root is going to try to inject commands back into # the user's shell to hack it, and the unnecessary restriction is causing # breakage: zcat $CWD/shadow.CVE-2005-4890.relax.diff.gz | patch -p1 --verbose || exit 1 # Patch a race condition that allows a user to kill processes that they don't # own. Note that the bug requires that shadow is using PAM, which is not yet # the case on Slackware. So we're unaffected, but patching this anyway in # -current, because you never know... zcat $CWD/shadow.CVE-2017-2616.diff.gz | patch -p1 --verbose || exit 1 # Re-run automake because of r3299 patch to man/ru/Makefile.am: # (not used because it doesn't work... above patch does the intended fix) #automake -f # Even if gethostname() returns the FQDN (long hostname), just display the # short version up to the first '.' on the login prompt: zcat $CWD/shadow.login.display.short.hostname.diff.gz | patch -p1 --verbose || exit 1 chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ -exec chmod 755 {} \; -o \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/man \ --docdir=/usr/doc/shadow-$VERSION \ --enable-subordinate-ids \ --disable-shared \ --without-libcrack \ --build=$ARCH-slackware-linux # --enable-utmpx # defaults to 'no' make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 # Fix user group = 100: zcat $CWD/useradd.gz > $PKG/etc/default/useradd # /bin/groups is provided by coreutils. rm -f $PKG/bin/groups find $PKG -name groups.1 -exec rm {} \; # Install a login.defs with unsurprising defaults: rm -f $PKG/etc/login.defs zcat $CWD/login.defs.gz > $PKG/etc/login.defs.new mv $PKG/etc/login.access $PKG/etc/login.access.new # I don't think this works well enough to recommend it. #mv $PKG/etc/limits $PKG/etc/limits.new rm -f $PKG/etc/limits # Add the friendly 'adduser' script: cat $CWD/adduser > $PKG/usr/sbin/adduser chmod 0755 $PKG/usr/sbin/adduser # Add sulogin to the package: cp -a src/sulogin $PKG/sbin ( cd $PKG/bin ; ln -s ../sbin/sulogin ) # Add the empty faillog log file: mkdir -p $PKG/var/log touch $PKG/var/log/faillog.new # Put some stuff back in "old" locations and make symlinks for compat ( cd $PKG/usr/bin mv faillog ../sbin mv lastlog ../sbin ln -s ../sbin/faillog ln -s ../sbin/lastlog ) # Use 4711 rather than 4755 permissions where setuid root is required: find $PKG -type f -perm 4755 -exec chmod 4711 "{}" \; # Compress and if needed symlink the man pages: if [ -d $PKG/usr/man ]; then ( cd $PKG/usr/man for manpagedir in $(find . -type d -name "man*") ; do ( cd $manpagedir for eachpage in $( find . -type l -maxdepth 1) ; do ln -s $( readlink $eachpage ).gz $eachpage.gz rm $eachpage done gzip -9 *.? ) done ) fi mkdir -p $PKG/usr/doc/shadow-$VERSION cp -a \ COPYING* NEWS README* TODO doc/{README*,HOWTO,WISHLIST,*.txt} \ $PKG/usr/doc/shadow-$VERSION # If there's a ChangeLog, installing at least part of the recent history # is useful, but don't let it get totally out of control: if [ -r ChangeLog ]; then DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog touch -r ChangeLog $DOCSDIR/ChangeLog fi mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh cd $PKG /sbin/makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz