Date: Sunday, November 6, 2022 @ 13:08:11
Author: dvzrv
Revision: 460776
archrelease: copy trunk to testing-x86_64
Added:
shadow/repos/testing-x86_64/
shadow/repos/testing-x86_64/0001-Disable-replaced-tools-and-man-pages.patch
(from rev 460775,
shadow/trunk/0001-Disable-replaced-tools-and-man-pages.patch)
shadow/repos/testing-x86_64/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
(from rev 460775,
shadow/trunk/0002-Adapt-login.defs-for-PAM-and-util-linux.patch)
shadow/repos/testing-x86_64/0003-Add-Arch-Linux-defaults-for-login.defs.patch
(from rev 460775,
shadow/trunk/0003-Add-Arch-Linux-defaults-for-login.defs.patch)
shadow/repos/testing-x86_64/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
(from rev 460775,
shadow/trunk/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch)
shadow/repos/testing-x86_64/PKGBUILD
(from rev 460775, shadow/trunk/PKGBUILD)
shadow/repos/testing-x86_64/keys/
shadow/repos/testing-x86_64/shadow.service
(from rev 460775, shadow/trunk/shadow.service)
shadow/repos/testing-x86_64/shadow.timer
(from rev 460775, shadow/trunk/shadow.timer)
shadow/repos/testing-x86_64/useradd.defaults
(from rev 460775, shadow/trunk/useradd.defaults)
----------------------------------------------------+
0001-Disable-replaced-tools-and-man-pages.patch | 658 ++++++++++++++++++
0002-Adapt-login.defs-for-PAM-and-util-linux.patch | 692 +++++++++++++++++++
0003-Add-Arch-Linux-defaults-for-login.defs.patch | 73 ++
0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch | 201 +++++
PKGBUILD | 116 +++
shadow.service | 11
shadow.timer | 7
useradd.defaults | 27
8 files changed, 1785 insertions(+)
Copied:
shadow/repos/testing-x86_64/0001-Disable-replaced-tools-and-man-pages.patch
(from rev 460775, shadow/trunk/0001-Disable-replaced-tools-and-man-pages.patch)
===================================================================
--- testing-x86_64/0001-Disable-replaced-tools-and-man-pages.patch
(rev 0)
+++ testing-x86_64/0001-Disable-replaced-tools-and-man-pages.patch
2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,658 @@
+From e0394dfa98a4b4a1b86a19f39a1a982adc1bb7fa Mon Sep 17 00:00:00 2001
+From: David Runge <[email protected]>
+Date: Sat, 5 Nov 2022 23:40:18 +0100
+Subject: [PATCH 1/4] Disable replaced tools and man pages
+
+man/Makefile.am, man/*/Makefile.am:
+Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
+vipw and su as they are either no longer used or replaced by util-linux.
+
+src/Makefile.am:
+Set usbindir to use bin instead of sbin, as Arch Linux is a /usr and bin
+merge distribution.
+Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
+they are either not used or replaced by util-linux.
+Move newgrp to replace sg (instead of it being a symlink).
+---
+ man/Makefile.am | 19 ++-----------------
+ man/cs/Makefile.am | 8 ++------
+ man/da/Makefile.am | 8 +-------
+ man/de/Makefile.am | 11 +----------
+ man/fi/Makefile.am | 5 +----
+ man/fr/Makefile.am | 11 +----------
+ man/hu/Makefile.am | 6 +-----
+ man/id/Makefile.am | 2 --
+ man/it/Makefile.am | 11 +----------
+ man/ja/Makefile.am | 10 +---------
+ man/ko/Makefile.am | 8 +-------
+ man/pl/Makefile.am | 7 +------
+ man/ru/Makefile.am | 11 +----------
+ man/sv/Makefile.am | 8 +-------
+ man/tr/Makefile.am | 3 ---
+ man/zh_CN/Makefile.am | 11 +----------
+ man/zh_TW/Makefile.am | 4 ----
+ src/Makefile.am | 18 +++++++-----------
+ 18 files changed, 23 insertions(+), 138 deletions(-)
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index e9cab28a..7168625c 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -8,10 +8,8 @@ endif
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -27,12 +25,8 @@ man_MANS = \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -44,9 +38,7 @@ man_MANS = \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/limits.5 \
+@@ -74,10 +66,8 @@ endif
+
+ man_XMANS = \
+ chage.1.xml \
+- chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+- chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+@@ -92,12 +82,9 @@ man_XMANS = \
+ gshadow.5.xml \
+ lastlog.8.xml \
+ limits.5.xml \
+- login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+- logoutd.8.xml \
+ newgidmap.1.xml \
+- newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+@@ -109,14 +96,12 @@ man_XMANS = \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+- su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+- usermod.8.xml \
+- vipw.8.xml
++ usermod.8.xml
+
+ login_defs_v = \
+ CHFN_AUTH.xml \
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 3b2be0ce..50290f4a 100644
+--- a/man/cs/Makefile.am
++++ b/man/cs/Makefile.am
+@@ -13,14 +13,10 @@ man_MANS = \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man8/nologin.8 \
+ man5/passwd.5 \
+- man5/shadow.5 \
+- man1/su.1 \
+- man8/vipw.8
++ man5/shadow.5
+
+ EXTRA_DIST = $(man_MANS) \
+ man1/id.1 \
+- man8/groupmems.8 \
+- man8/logoutd.8
++ man8/groupmems.8
+
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index a3b09224..e45bef66 100644
+--- a/man/da/Makefile.am
++++ b/man/da/Makefile.am
+@@ -3,16 +3,10 @@ mandir = @mandir@/da
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+- man1/chfn.1 \
+ man8/groupdel.8 \
+ man1/groups.1 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+- man1/sg.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man1/sg.1
+
+ man_nopam =
+
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index 3cd302ee..dee3e2a1 100644
+--- a/man/de/Makefile.am
++++ b/man/de/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/de
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -22,12 +20,8 @@ man_MANS = \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -36,13 +30,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/limits.5 \
+diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
+index 26a1a848..f02b92f3 100644
+--- a/man/fi/Makefile.am
++++ b/man/fi/Makefile.am
+@@ -1,10 +1,7 @@
+
+ mandir = @mandir@/fi
+
+-man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+- man1/su.1
++man_MANS =
+
+ # Outdated manpages
+ # passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 230d2126..1955e94a 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/fr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -22,12 +20,8 @@ man_MANS = \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -36,13 +30,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/limits.5 \
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index e659aef1..ae80da49 100644
+--- a/man/hu/Makefile.am
++++ b/man/hu/Makefile.am
+@@ -2,16 +2,12 @@
+ mandir = @mandir@/hu
+
+ man_MANS = \
+- man1/chsh.1 \
+ man1/gpasswd.1 \
+ man1/groups.1 \
+ man8/lastlog.8 \
+- man1/login.1 \
+- man1/newgrp.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+- man1/sg.1 \
+- man1/su.1
++ man1/sg.1
+
+ EXTRA_DIST = $(man_MANS)
+
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe9..6d10b930 100644
+--- a/man/id/Makefile.am
++++ b/man/id/Makefile.am
+@@ -2,8 +2,6 @@
+ mandir = @mandir@/id
+
+ man_MANS = \
+- man1/chsh.1 \
+- man1/login.1 \
+ man8/useradd.8
+
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index 94460aac..ecf5bd18 100644
+--- a/man/it/Makefile.am
++++ b/man/it/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/it
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -22,12 +20,8 @@ man_MANS = \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -36,13 +30,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/limits.5 \
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index ffb75a98..b88c490a 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -3,9 +3,7 @@ mandir = @mandir@/ja
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -18,10 +16,7 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man8/lastlog.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+@@ -30,13 +25,10 @@ man_MANS = \
+ man8/pwunconv.8 \
+ man1/sg.1 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/limits.5 \
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index c269f0bb..9616cb3e 100644
+--- a/man/ko/Makefile.am
++++ b/man/ko/Makefile.am
+@@ -2,14 +2,8 @@
+ mandir = @mandir@/ko
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man5/passwd.5 \
+- man1/su.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man5/passwd.5
+ # newgrp.1 must be updated
+ # newgrp.1
+
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index 724d25f3..fa6675b9 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -4,7 +4,6 @@ mandir = @mandir@/pl
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -16,14 +15,10 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man8/lastlog.8 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/porttime.5
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 8a776a87..29e1b843 100644
+--- a/man/ru/Makefile.am
++++ b/man/ru/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/ru
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -22,12 +20,8 @@ man_MANS = \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -36,13 +30,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/limits.5 \
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index e64b7bc8..fbb2a716 100644
+--- a/man/sv/Makefile.am
++++ b/man/sv/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/sv
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -16,18 +15,13 @@ man_MANS = \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/suauth.5 \
+- man8/userdel.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/userdel.8
+
+ man_nopam = \
+ man5/limits.5 \
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b9166..4fe3632a 100644
+--- a/man/tr/Makefile.am
++++ b/man/tr/Makefile.am
+@@ -2,15 +2,12 @@ mandir = @mandir@/tr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+- man1/login.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index e9d8f2c2..c2e6cdfd 100644
+--- a/man/zh_CN/Makefile.am
++++ b/man/zh_CN/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -22,12 +20,8 @@ man_MANS = \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -36,13 +30,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ man_nopam = \
+ man5/limits.5 \
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c7..26696b67 100644
+--- a/man/zh_TW/Makefile.am
++++ b/man/zh_TW/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/zh_TW
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man8/chpasswd.8 \
+- man1/newgrp.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+ man5/passwd.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index a1a2e4e3..53cd7953 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ EXTRA_DIST = \
+ .indent.pro
+
+ ubindir = ${prefix}/bin
+-usbindir = ${prefix}/sbin
++usbindir = ${prefix}/bin
+ suidperms = 4755
+ sgidperms = 2755
+
+@@ -24,9 +24,9 @@ AM_CPPFLAGS = \
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS = groups login
+-sbin_PROGRAMS = nologin
+-ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
++bin_PROGRAMS = groups
++sbin_PROGRAMS =
++ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+@@ -43,22 +43,20 @@ usbin_PROGRAMS = \
+ grpck \
+ grpconv \
+ grpunconv \
+- logoutd \
+ newusers \
+ pwck \
+ pwconv \
+ pwunconv \
+ useradd \
+ userdel \
+- usermod \
+- vipw
++ usermod
+
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+
+ suidusbins =
+ suidbins =
+-suidubins = chage chfn chsh expiry gpasswd newgrp
++suidubins = chage expiry gpasswd newgrp
+ if WITH_SU
+ suidbins += su
+ endif
+@@ -131,18 +129,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
+ useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
$(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+ userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
$(LIBSEMANAGE) $(LIBECONF) -ldl
+ usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
$(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+
+ install-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+- ln -sf newgrp $(DESTDIR)$(ubindir)/sg
+- ln -sf vipw $(DESTDIR)$(usbindir)/vigr
+ set -e; for i in $(suidbins); do \
+ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+ done
+ set -e; for i in $(suidubins); do \
+ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+ done
++ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg
+ set -e; for i in $(suidusbins); do \
+ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
+ done
+--
+2.38.1
+
Copied:
shadow/repos/testing-x86_64/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
(from rev 460775,
shadow/trunk/0002-Adapt-login.defs-for-PAM-and-util-linux.patch)
===================================================================
--- testing-x86_64/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
(rev 0)
+++ testing-x86_64/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,692 @@
+From 07fba2b985f29e49643cb1e543e625f02f218db9 Mon Sep 17 00:00:00 2001
+From: David Runge <[email protected]>
+Date: Mon, 31 Oct 2022 09:45:13 +0100
+Subject: [PATCH 2/4] Adapt login.defs for PAM and util-linux
+
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 212 +------------------------------------------
+ man/login.defs.5.xml | 150 +-----------------------------
+ 2 files changed, 8 insertions(+), 354 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 114dbcd9..7c633a57 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Arch Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file
logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,38 +141,14 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting
password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting
password
+ # If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting
password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting
password
+ # If set to DES, DES-based algorithm will be used for encrypting password
(default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for
recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -381,17 +200,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -406,12 +214,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -459,14 +261,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index ab62fa86..d82c47f1 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,69 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM
"login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -145,47 +114,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -195,25 +142,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -239,9 +177,7 @@
+ <term>chfn</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">CHFN_AUTH</phrase>
+ CHFN_RESTRICT
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -249,7 +185,7 @@
+ <term>chgpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -259,8 +195,6 @@
+ <term>chpasswd</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">ENCRYPT_METHOD
+- MD5_CRYPT_ENAB </phrase>
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -270,7 +204,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -280,7 +214,7 @@
+ <term>gpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -339,35 +273,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -382,7 +287,7 @@
+ <para>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -399,8 +304,7 @@
+ <term>passwd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -432,32 +336,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- <phrase condition="no_pam">ENV_TZ</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -486,24 +364,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.38.1
+
Copied:
shadow/repos/testing-x86_64/0003-Add-Arch-Linux-defaults-for-login.defs.patch
(from rev 460775,
shadow/trunk/0003-Add-Arch-Linux-defaults-for-login.defs.patch)
===================================================================
--- testing-x86_64/0003-Add-Arch-Linux-defaults-for-login.defs.patch
(rev 0)
+++ testing-x86_64/0003-Add-Arch-Linux-defaults-for-login.defs.patch
2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,73 @@
+From ea4efaa94e473474b9cba0d38de414c9e4cbca69 Mon Sep 17 00:00:00 2001
+From: David Runge <[email protected]>
+Date: Mon, 31 Oct 2022 10:10:22 +0100
+Subject: [PATCH 3/4] Add Arch Linux defaults for login.defs
+
+etc/login.defs:
+Change ENV_SUPATH and ENV_SUPATH to only use
+/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr merge
+and bin merge distribution.
+Change UMASK to 077 as it is considered a more privacy conserving
+default than 022.
+Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
+distribution added UIDs and GIDs.
+Change ENCRYPT_METHOD to SHA512 as it is a safer hashing algorithm than
+DES.
+---
+ etc/login.defs | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 7c633a57..ea841257 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -79,7 +79,7 @@ TTYPERM 0600
+ # 022 is the default value, but 027, or even 077, could be considered
+ # for increased privacy. There is no One True Answer here: each sysadmin
+ # must make up their mind.
+-UMASK 022
++UMASK 077
+
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+@@ -103,7 +103,7 @@ PASS_WARN_AGE 7
+ UID_MIN 1000
+ UID_MAX 60000
+ # System accounts
+-SYS_UID_MIN 101
++SYS_UID_MIN 500
+ SYS_UID_MAX 999
+ # Extra per user uids
+ SUB_UID_MIN 100000
+@@ -116,7 +116,7 @@ SUB_UID_COUNT 65536
+ GID_MIN 1000
+ GID_MAX 60000
+ # System accounts
+-SYS_GID_MIN 101
++SYS_GID_MIN 500
+ SYS_GID_MAX 999
+ # Extra per user group ids
+ SUB_GID_MIN 100000
+@@ -153,7 +153,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD SHA512
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.38.1
+
Copied:
shadow/repos/testing-x86_64/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
(from rev 460775, shadow/trunk/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch)
===================================================================
--- testing-x86_64/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
(rev 0)
+++ testing-x86_64/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,201 @@
+From 440f7bcaad147729629640ddb06bc9e82f173efc Mon Sep 17 00:00:00 2001
+From: David Runge <[email protected]>
+Date: Sat, 5 Nov 2022 22:52:58 +0100
+Subject: [PATCH 4/4] Add Arch Linux defaults for /etc/pam.d/
+
+etc/pam.d/Makefile.am:
+Disable chfn, chsh and login.
+Enable shadow.
+Always install the PAM integration for the account tools (even if they
+are not setuid).
+
+etc/pam.d/{chage,chpasswd,group{add,del,mod},newusers,passwd,shadow,user{add,del,mod}}:
+Add distribution defaults for Arch Linux.
+
+s
+---
+ etc/pam.d/Makefile.am | 7 ++-----
+ etc/pam.d/chage | 6 ++++--
+ etc/pam.d/chpasswd | 6 ++++--
+ etc/pam.d/groupadd | 6 ++++--
+ etc/pam.d/groupdel | 6 ++++--
+ etc/pam.d/groupmod | 6 ++++--
+ etc/pam.d/newusers | 6 ++++--
+ etc/pam.d/passwd | 4 +---
+ etc/pam.d/shadow | 6 ++++++
+ etc/pam.d/useradd | 6 ++++--
+ etc/pam.d/userdel | 6 ++++--
+ etc/pam.d/usermod | 6 ++++--
+ 12 files changed, 45 insertions(+), 26 deletions(-)
+ create mode 100644 etc/pam.d/shadow
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index 38ff26ae..41e43e01 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -2,10 +2,8 @@
+ # and also cooperate to make a distribution for `make dist'
+
+ pamd_files = \
+- chfn \
+- chsh \
+ groupmems \
+- login \
++ shadow \
+ passwd
+
+ pamd_acct_tools_files = \
+@@ -23,10 +21,9 @@ pamd_acct_tools_files = \
+ if USE_PAM
+ pamddir = $(sysconfdir)/pam.d
+ pamd_DATA = $(pamd_files)
+-if ACCT_TOOLS_SETUID
++# NOTE: we are always installing the PAM integration for the account tools
+ pamd_DATA += $(pamd_acct_tools_files)
+ endif
+-endif
+
+ if WITH_SU
+ pamd_files += su
+diff --git a/etc/pam.d/chage b/etc/pam.d/chage
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/chage
++++ b/etc/pam.d/chage
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/chpasswd b/etc/pam.d/chpasswd
+index 8f49f5cc..5d447985 100644
+--- a/etc/pam.d/chpasswd
++++ b/etc/pam.d/chpasswd
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_unix.so sha512 shadow
+diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/groupadd
++++ b/etc/pam.d/groupadd
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/groupdel
++++ b/etc/pam.d/groupdel
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/groupmod
++++ b/etc/pam.d/groupmod
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/newusers b/etc/pam.d/newusers
+index 8f49f5cc..5d447985 100644
+--- a/etc/pam.d/newusers
++++ b/etc/pam.d/newusers
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_unix.so sha512 shadow
+diff --git a/etc/pam.d/passwd b/etc/pam.d/passwd
+index 731c0d36..08d819b2 100644
+--- a/etc/pam.d/passwd
++++ b/etc/pam.d/passwd
+@@ -1,4 +1,2 @@
+ #%PAM-1.0
+-auth include system-auth
+-account include system-auth
+-password include system-auth
++password required pam_unix.so sha512 shadow nullok
+diff --git a/etc/pam.d/shadow b/etc/pam.d/shadow
+new file mode 100644
+index 00000000..a7bf8a4a
+--- /dev/null
++++ b/etc/pam.d/shadow
+@@ -0,0 +1,6 @@
++#%PAM-1.0
++auth sufficient pam_rootok.so
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/useradd
++++ b/etc/pam.d/useradd
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/userdel
++++ b/etc/pam.d/userdel
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/usermod
++++ b/etc/pam.d/usermod
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+--
+2.38.1
+
Copied: shadow/repos/testing-x86_64/PKGBUILD (from rev 460775,
shadow/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,116 @@
+# Maintainer: David Runge <[email protected]>
+# Contributor: Dave Reisner <[email protected]>
+# Contributor: Aaron Griffin <[email protected]>
+
+pkgname=shadow
+pkgver=4.11.1
+pkgrel=4
+pkgdesc="Password and account management tool suite with support for shadow
files and PAM"
+arch=(x86_64)
+url="https://github.com/shadow-maint/shadow";
+license=(BSD)
+depends=(
+ acl libacl.so
+ attr libattr.so
+ audit libaudit.so
+ glibc
+ libxcrypt libcrypt.so
+ pam libpam.so libpam_misc.so
+)
+makedepends=(docbook-xsl git itstool libcap libxslt)
+backup=(
+ etc/default/useradd
+ etc/login.defs
+
etc/pam.d/{chage,{,ch,chg}passwd,group{add,del,mems,mod},newusers,shadow,user{add,del,mod}}
+)
+options=(debug !emptydirs)
+# NOTE: distribution patches are taken from
https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/v4.11.1.arch2
+source=(
+
https://github.com/shadow-maint/shadow/releases/download/v$pkgver/shadow-$pkgver.tar.xz{,.asc}
+ 0001-Disable-replaced-tools-and-man-pages.patch
+ 0002-Adapt-login.defs-for-PAM-and-util-linux.patch
+ 0003-Add-Arch-Linux-defaults-for-login.defs.patch
+ 0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
+ shadow.{timer,service}
+ useradd.defaults
+)
+sha512sums=('12fbe4d6ac929ad3c21525ed0f1026b5b678ccec9762f2ec7e611d9c180934def506325f2835fb750dd30af035b592f827ff151cd6e4c805aaaf8e01425c279f'
+ 'SKIP'
+
'495edd2eb2c6ed36121fd5a73e112e5a7c7c15b10c00fc5cf31c8c8671a2317581f9d4468871b69d8302e18decf91e0ed4c37ea875e00a83a3bc14e7edcdd168'
+
'f6c6ecf958714df3dd74cfef3e33f6d8def82645fdccbed034e330eeffe87a54491e774a237b18fb097695ed9314bb29f7ca39d8d93e642557f558daa0d0e9c3'
+
'9aaddc6919b513adff5e07ba9f4cfefe294aa98ba60274d90cf56ba4bb0df8f4205e04aa7752bcd830d48d96bd30e4640a10cdaf1bb8472e87e1d4b67a313eb9'
+
'a3d39d452a8ad51e8801be09f54b11ee18c1d8b1625c78e190b649923429c98ad6f06237a1fbfb2ccabbd8656dd46419444bf2b51bf433e3d89f14d9e2723270'
+
'e4edf705dd04e088c6b561713eaa1afeb92f42ac13722bff037aede6ac5ad7d4d00828cfb677f7b1ff048db8b6788238c1ab6a71dfcfd3e02ef6cb78ae09a621'
+
'67a49415f676a443f81021bfa29d198462008da1224086f8c549b19c2fd21514ca3302d5ac23edec28b9c724fef921596586423ebe41e852ebfbe7216af727e6'
+
'e9ffea021ee4031b9ad3a534bfb94dbf9d0dfd45a55ecac5dedb2453ea0c17fb80bbb9ad039686bc1f3349dc371977eb548e3a665c56531469c22f29fc4eced8')
+b2sums=('d459a1e0ffb342b6b455caf65e6af60b32eee72d4a9b1ab126485fb4632503a42061d3f0b960554c8155af6dc0564c585335b27aecca6538b394a0d58d927588'
+ 'SKIP'
+
'1df7f3b7a7637f2977ee581fefa4a56f92ad57585d140bdd4aeef90e51a36568d7624657fdb81aa53b8114ca9d0bd8ba1eb67110c4bc8d36a4c26229b5170c0a'
+
'2e17e67bd9671aeb6897c116b8ecf69acd0da073515ecc14fb42a83bafded0ad3532ddafcbed3e303d3f8511f7c5430bd50a9b8b808f578952eab476bdc46dfb'
+
'c3145b63e42d2e25d702c59787889ebd13acdb1e97416119dd8dd5a6035f6c5f52c32f46c282f0ba4401c43c92bcc5fdb237c7b1d04c3a53da63e9774bf42a61'
+
'85009831f3e2ad74801393b7d6351f0a553517706b2bd0a72daf379b903768ffcaa9696340abcbc489f3364e50ca5d287430b72cef0cf504d5e25728fe0dc8a4'
+
'5cfc936555aa2b2e15f8830ff83764dad6e11a80e2a102c5f2bd3b7c83db22a5457a3afdd182e3648c9d7d5bca90fa550f59576d0ac47a11a31dfb636cb18f2b'
+
'4a9cb6fe6658f2182655d42761d9d669654c6f0e891610e1b7fd256ce32a561f05e71daf8e473d98f16f5ee9d16d46a097a2d0de42eac58b4ce3be1525a74856'
+
'd5bea0cfc2e6d3d1749c65440ca911533d41b6f8117fe09e9efec23524637cfa823d230303a7fbb45d3cd251bf8036d48b9b21049ced208f7ed191fcbd75e879')
+validpgpkeys=(66D0387DB85D320F8408166DB175CFA98F192AF2) # Serge Hallyn
<[email protected]>
+
+prepare() {
+ local filename
+
+ cd $pkgname-$pkgver
+ for filename in "${source[@]}"; do
+ if [[ "$filename" =~ \.patch$ ]]; then
+ printf "Applying patch %s\n" "${filename##*/}"
+ patch -Np1 -i "$srcdir/${filename##*/}"
+ fi
+ done
+
+ autoreconf -fiv
+}
+
+build() {
+ local configure_options=(
+ --prefix=/usr
+ --bindir=/usr/bin
+ --sbindir=/usr/bin
+ --libdir=/usr/lib
+ --mandir=/usr/share/man
+ --sysconfdir=/etc
+ --disable-account-tools-setuid
+ --enable-man
+ --with-fcaps
+ --with-libpam
+ --with-group-name-max-length=32
+ --with-audit
+ --with-bcrypt
+ --with-yescrypt
+ --without-selinux
+ --without-su
+ )
+
+ cd $pkgname-$pkgver
+ ./configure "${configure_options[@]}"
+
+ # prevent excessive overlinking due to libtool
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
+}
+
+package() {
+ cd $pkgname-$pkgver
+
+ make DESTDIR="$pkgdir" install
+ make DESTDIR="$pkgdir" -C man install
+
+ # license
+ install -vDm 644 COPYING -t "$pkgdir/usr/share/licenses/$pkgname/"
+
+ # custom useradd(8) defaults (not provided by upstream)
+ install -vDm 600 ../useradd.defaults "$pkgdir/etc/default/useradd"
+
+ # systemd units
+ install -vDm 644 ../shadow.timer -t "$pkgdir/usr/lib/systemd/system/"
+ install -vDm 644 ../shadow.service -t "$pkgdir/usr/lib/systemd/system/"
+ install -vdm 755 "$pkgdir/usr/lib/systemd/system/timers.target.wants"
+ ln -s ../shadow.timer
"$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer"
+}
Copied: shadow/repos/testing-x86_64/shadow.service (from rev 460775,
shadow/trunk/shadow.service)
===================================================================
--- testing-x86_64/shadow.service (rev 0)
+++ testing-x86_64/shadow.service 2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,11 @@
+[Unit]
+Description=Verify integrity of password and group files
+After=systemd-sysusers.service
+
+[Service]
+Type=simple
+# Always run both checks, but fail the service if either fails
+ExecStart=/bin/sh -c '/usr/bin/pwck -r || r=1; /usr/bin/grpck -r && exit $r'
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
Copied: shadow/repos/testing-x86_64/shadow.timer (from rev 460775,
shadow/trunk/shadow.timer)
===================================================================
--- testing-x86_64/shadow.timer (rev 0)
+++ testing-x86_64/shadow.timer 2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,7 @@
+[Unit]
+Description=Daily verification of password and group files
+
+[Timer]
+OnCalendar=daily
+AccuracySec=12h
+Persistent=true
Copied: shadow/repos/testing-x86_64/useradd.defaults (from rev 460775,
shadow/trunk/useradd.defaults)
===================================================================
--- testing-x86_64/useradd.defaults (rev 0)
+++ testing-x86_64/useradd.defaults 2022-11-06 13:08:11 UTC (rev 460776)
@@ -0,0 +1,27 @@
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+SHELL=/bin/bash
+
+# The default group for users
+GROUP=users
+
+# The default home directory.
+HOME=/home
+
+# The number of days after a password expires until the account is permanently
+# disabled
+INACTIVE=-1
+
+# The default expire date
+EXPIRE=
+
+# The SKEL variable specifies the directory containing "skeletal" user files;
+# in other words, files such as a sample .profile that will be copied to the
+# new user's home directory when it is created.
+SKEL=/etc/skel
+
+# Defines whether the mail spool should be created while
+# creating the account
+CREATE_MAIL_SPOOL=no
