core/shadow/shadow-4.13-r2.smage2

# $Id$

PNAME="shadow"
PVER="4.13"
PBUILD="r2"

PCAT="sys-apps"

DESCRIPTION="Utilities to deal with user accounts, with pam support."
HOMEPAGE="https://github.com/shadow-maint/shadow/"

DEPEND=">= virtual/glibc
	>= sys-apps/base-files-0.7
	>= app-shells/bash-5
	>= sys-libs/pam-1.1
	>= sys-libs/readline-8.2
	>= sys-libs/libxcrypt-4.4
	>= sys-apps/coreutils-9.3"

SDEPEND=">= sys-dev/autoconf-5
	>= sys-dev/automake-4
	>= sys-dev/libtool-2.4"

SRCFILE="${PNAME}-${PVER}.tar.xz"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

sminclude mtools

PAMD_CHAGE_REV=1.3
PAMD_LOGIN_REV=1.4
PAMD_SU_REV=1.3

SRC_URI=(
	https://github.com/shadow-maint/${PNAME}/releases/download/${PVER}/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/pamd-systemauth/chage-${PAMD_CHAGE_REV}
	mirror://${PNAME}/pamd-systemauth/login-${PAMD_LOGIN_REV}
	mirror://${PNAME}/pamd-systemauth/su-${PAMD_SU_REV}
	mirror://${PNAME}/pamd-systemauth/passwd
)

UP2DATE="updatecmd ${HOMEPAGE} | grep 'New release' | sed 's/.*: \(.*\).*/\1/;q'"

src_prepare()
{
	munpack ${SRCFILE} || die
	cd ${SRCDIR}

	# do not build 'groups'; coreutils provide a better version
	sed -i 's/groups$(EXEEXT) //' src/Makefile.in || die
	sed -i '/groups/d' man/Makefile.in || die
}

src_compile()
{
	cd ${SRCDIR}

	# configures shadow with pam
	mconfigure \
		--bindir=/usr/bin \
		--sbindir=/usr/sbin \
		--enable-shared \
		--with-libpam \
		--with-libbcrypt \
		--with-libyescrypt \
		--enable-nls \
		--without-selinux \
		--with-group-name-max-length=32 \
		|| die

	mmake || die
}

src_install()
{
	cd ${SRCDIR}

	# added exec_prefix for better bin location
	mmake DESTDIR=${BINDIR} install || die

	minstalletc etc/login.access login.access || die

	# install pam related configuration files
	minstallpam login-${PAMD_LOGIN_REV} login || die
	minstallpam su-${PAMD_SU_REV} su || die
	local i
	for i in chgpasswd chpasswd passwd
	do
		minstallpam passwd ${i} || die
	done
	for i in chage chfn chsh \
		groupadd groupdel groupmems groupmod \
		newusers useradd userdel usermod
	do
		minstallpam chage-${PAMD_CHAGE_REV} ${i} || die
	done

	# disable these checks as pam controls them now
	sed -e "s/^DIALUPS_CHECK_ENAB/# &/" \
		-e "s/^LASTLOG_ENAB/# &/" \
		-e "s/^MAIL_CHECK_ENAB/# &/" \
		-e "s/^PORTTIME_CHECKS_ENAB/# &/" \
		-e "s/^CONSOLE/# &/" \
		-e "s/^MOTD_FILE/# &/" \
		-e "s/^NOLOGINS_FILE/# &/" \
		-e "s/^PASS_MIN_LEN/# &/" \
		-e "s/^SU_WHEEL_ONLY/# &/" \
		-e "s/^CONSOLE_GROUPS/# &/" \
		-e "s/^ENVIRON_FILE/# &/" \
		-e "s/^OBSCURE_CHECKS_ENAB/# &/" \
		-e "s/^CRACKLIB_DICTPATH/# &/" \
		-e "s/^PASS_CHANGE_TRIES/# &/" \
		-e "s/^PASS_ALWAYS_WARN/# &/" \
		-e "s/^FAILLOG_ENAB/# &/" \
		-e "s/^QUOTAS_ENAB/# &/" \
		-e "s/^FTMP_FILE/# &/" \
		-e "s/^ENV_HZ/# &/" \
		-e "s/^CHFN_AUTH/# &/" \
		etc/login.defs > ${BINDIR}/etc/login.defs || die

	# fix some pathes in login.defs
	# md5crypt is also controlled by pam !
	sed -i -e "s/^MD5_CRYPT_ENAB/# &/" \
		-e 's%/var/spool/mail%/var/mail%' \
		-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' \
		${BINDIR}/etc/login.defs || die

	# remove /bin adn /sbin from path, as these are symlinks
	sed -i '/PATH=/{s@/sbin:@@;s@/bin:@@}'  ${BINDIR}/etc/login.defs || die

	# use much secure yescrypt
	sed -i 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' ${BINDIR}/etc/login.defs || die

	# generate useradd default settings file
	minstalldir /etc/default || die
	cat > ${BINDIR}/etc/default/useradd << EOF
# The default group for users
GROUP=users

# The default home directory.
HOME=/home

# Number of days after a password expires after the account was disabled
INACTIVE=-1

# Default account expire date in days
EXPIRE=

# The default login shell
SHELL=/bin/bash

# Location of user skeleton files
SKEL=/etc/skel

# Defines wether a mail spool should be created while creating an account
CREATE_MAIL_SPOOL=no
EOF
}

postinstall()
{
	if [[ -z ${MROOT} ]] || [[ ${MROOT} = / ]]
	then
		/usr/sbin/pwconv
		/usr/sbin/grpconv
	elif [[ -x $(type -P chroot) ]] && [[ -d ${MROOT} ]]
	then
		chroot ${MROOT} /usr/sbin/pwconv || die
		chroot ${MROOT} /usr/sbin/grpconv || die
	else
		echo
		echo "pwconv and grpconv could not run in MROOT='${MROOT}'."
		echo "PAM is not usable without any shadow/gshadow files."
		echo "Please chroot in your systemroot and run them by hand."
		echo
	fi

	# pam handles limits from now on
	if [[ -f ${MROOT}/etc/limits ]]
	then
		echo
		echo "/etc/limits found and will be removed!"
		echo "PAM handles all system limitations from now on."
		echo "Please edit /etc/security/limits.conf accordingly."
		echo
		rm ${MROOT}/etc/limits
	fi
}
1	# $Id$
2
3	PNAME="shadow"
4	PVER="4.13"
5	PBUILD="r2"
6
7	PCAT="sys-apps"
8
9	DESCRIPTION="Utilities to deal with user accounts, with pam support."
10	HOMEPAGE="https://github.com/shadow-maint/shadow/"
11
12	DEPEND=">= virtual/glibc
13	>= sys-apps/base-files-0.7
14	>= app-shells/bash-5
15	>= sys-libs/pam-1.1
16	>= sys-libs/readline-8.2
17	>= sys-libs/libxcrypt-4.4
18	>= sys-apps/coreutils-9.3"
19
20	SDEPEND=">= sys-dev/autoconf-5
21	>= sys-dev/automake-4
22	>= sys-dev/libtool-2.4"
23
24	SRCFILE="${PNAME}-${PVER}.tar.xz"
25	SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"
26
27	sminclude mtools
28
29	PAMD_CHAGE_REV=1.3
30	PAMD_LOGIN_REV=1.4
31	PAMD_SU_REV=1.3
32
33	SRC_URI=(
34	https://github.com/shadow-maint/${PNAME}/releases/download/${PVER}/${SRCFILE}
35	mirror://${PNAME}/${SRCFILE}
36	mirror://${PNAME}/pamd-systemauth/chage-${PAMD_CHAGE_REV}
37	mirror://${PNAME}/pamd-systemauth/login-${PAMD_LOGIN_REV}
38	mirror://${PNAME}/pamd-systemauth/su-${PAMD_SU_REV}
39	mirror://${PNAME}/pamd-systemauth/passwd
40	)
41
42	UP2DATE="updatecmd ${HOMEPAGE} \| grep 'New release' \| sed 's/.: \(.\).*/\1/;q'"
43
44	src_prepare()
45	{
46	munpack ${SRCFILE} \|\| die
47	cd ${SRCDIR}
48
49	# do not build 'groups'; coreutils provide a better version
50	sed -i 's/groups$(EXEEXT) //' src/Makefile.in \|\| die
51	sed -i '/groups/d' man/Makefile.in \|\| die
52	}
53
54	src_compile()
55	{
56	cd ${SRCDIR}
57
58	# configures shadow with pam
59	mconfigure \
60	--bindir=/usr/bin \
61	--sbindir=/usr/sbin \
62	--enable-shared \
63	--with-libpam \
64	--with-libbcrypt \
65	--with-libyescrypt \
66	--enable-nls \
67	--without-selinux \
68	--with-group-name-max-length=32 \
69	\|\| die
70
71	mmake \|\| die
72	}
73
74	src_install()
75	{
76	cd ${SRCDIR}
77
78	# added exec_prefix for better bin location
79	mmake DESTDIR=${BINDIR} install \|\| die
80
81	minstalletc etc/login.access login.access \|\| die
82
83	# install pam related configuration files
84	minstallpam login-${PAMD_LOGIN_REV} login \|\| die
85	minstallpam su-${PAMD_SU_REV} su \|\| die
86	local i
87	for i in chgpasswd chpasswd passwd
88	do
89	minstallpam passwd ${i} \|\| die
90	done
91	for i in chage chfn chsh \
92	groupadd groupdel groupmems groupmod \
93	newusers useradd userdel usermod
94	do
95	minstallpam chage-${PAMD_CHAGE_REV} ${i} \|\| die
96	done
97
98	# disable these checks as pam controls them now
99	sed -e "s/^DIALUPS_CHECK_ENAB/# &/" \
100	-e "s/^LASTLOG_ENAB/# &/" \
101	-e "s/^MAIL_CHECK_ENAB/# &/" \
102	-e "s/^PORTTIME_CHECKS_ENAB/# &/" \
103	-e "s/^CONSOLE/# &/" \
104	-e "s/^MOTD_FILE/# &/" \
105	-e "s/^NOLOGINS_FILE/# &/" \
106	-e "s/^PASS_MIN_LEN/# &/" \
107	-e "s/^SU_WHEEL_ONLY/# &/" \
108	-e "s/^CONSOLE_GROUPS/# &/" \
109	-e "s/^ENVIRON_FILE/# &/" \
110	-e "s/^OBSCURE_CHECKS_ENAB/# &/" \
111	-e "s/^CRACKLIB_DICTPATH/# &/" \
112	-e "s/^PASS_CHANGE_TRIES/# &/" \
113	-e "s/^PASS_ALWAYS_WARN/# &/" \
114	-e "s/^FAILLOG_ENAB/# &/" \
115	-e "s/^QUOTAS_ENAB/# &/" \
116	-e "s/^FTMP_FILE/# &/" \
117	-e "s/^ENV_HZ/# &/" \
118	-e "s/^CHFN_AUTH/# &/" \
119	etc/login.defs > ${BINDIR}/etc/login.defs \|\| die
120
121	# fix some pathes in login.defs
122	# md5crypt is also controlled by pam !
123	sed -i -e "s/^MD5_CRYPT_ENAB/# &/" \
124	-e 's%/var/spool/mail%/var/mail%' \
125	-e 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' \
126	${BINDIR}/etc/login.defs \|\| die
127
128	# remove /bin adn /sbin from path, as these are symlinks
129	sed -i '/PATH=/{s@/sbin:@@;s@/bin:@@}' ${BINDIR}/etc/login.defs \|\| die
130
131	# use much secure yescrypt
132	sed -i 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' ${BINDIR}/etc/login.defs \|\| die
133
134	# generate useradd default settings file
135	minstalldir /etc/default \|\| die
136	cat > ${BINDIR}/etc/default/useradd << EOF
137	# The default group for users
138	GROUP=users
139
140	# The default home directory.
141	HOME=/home
142
143	# Number of days after a password expires after the account was disabled
144	INACTIVE=-1
145
146	# Default account expire date in days
147	EXPIRE=
148
149	# The default login shell
150	SHELL=/bin/bash
151
152	# Location of user skeleton files
153	SKEL=/etc/skel
154
155	# Defines wether a mail spool should be created while creating an account
156	CREATE_MAIL_SPOOL=no
157	EOF
158	}
159
160	postinstall()
161	{
162	if [[ -z ${MROOT} ]] \|\| [[ ${MROOT} = / ]]
163	then
164	/usr/sbin/pwconv
165	/usr/sbin/grpconv
166	elif [[ -x $(type -P chroot) ]] && [[ -d ${MROOT} ]]
167	then
168	chroot ${MROOT} /usr/sbin/pwconv \|\| die
169	chroot ${MROOT} /usr/sbin/grpconv \|\| die
170	else
171	echo
172	echo "pwconv and grpconv could not run in MROOT='${MROOT}'."
173	echo "PAM is not usable without any shadow/gshadow files."
174	echo "Please chroot in your systemroot and run them by hand."
175	echo
176	fi
177
178	# pam handles limits from now on
179	if [[ -f ${MROOT}/etc/limits ]]
180	then
181	echo
182	echo "/etc/limits found and will be removed!"
183	echo "PAM handles all system limitations from now on."
184	echo "Please edit /etc/security/limits.conf accordingly."
185	echo
186	rm ${MROOT}/etc/limits
187	fi
188	}