commit: c356f80263dd19e9bbe3379ee96afa8b0f8cc7e6 Author: Christopher Bayliss <cjbdev <AT> icloud <DOT> com> AuthorDate: Fri May 24 00:55:35 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Tue May 28 01:52:34 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c356f802
sys-apps/shadow: drop 4.13-r4 Signed-off-by: Christopher Bayliss <cjbdev <AT> icloud.com> Signed-off-by: Sam James <sam <AT> gentoo.org> sys-apps/shadow/Manifest | 2 - .../shadow/files/shadow-4.13-CVE-2023-29383.patch | 100 -------- .../files/shadow-4.13-configure-clang16.patch | 38 --- .../shadow/files/shadow-4.13-password-leak.patch | 135 ---------- .../files/shadow-4.13-usermod-prefix-gid.patch | 33 --- sys-apps/shadow/shadow-4.13-r4.ebuild | 272 --------------------- 6 files changed, 580 deletions(-) diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index 072a4174ec3d..bfea88df0e8c 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -1,5 +1,3 @@ -DIST shadow-4.13.tar.xz 1762908 BLAKE2B 315ab8a7e598aeefb50c11293e20cfa0982c3c3ae21c35ae243d09a4facf97a13c1d672990876e74ef94f5284402acf14997663743e2aaefa6cfc4369b7d24dc SHA512 2949a728c3312bef13d23138d6b79caf402781b1cb179e33b5be546c1790971ec20778d0e9cd3dbe09691d928ffcbe88e60da42fab58c69a90d5ebe5e3e2ab8e -DIST shadow-4.13.tar.xz.asc 488 BLAKE2B de1f8285c5713a772343a2a7c638d1d13429dd4fa867d4f91d4922aa0d083b4a3110d38e8a8ab82137fdf4fecb12ba3677f3fb235401fc6438ae663fbd9bfbd2 SHA512 f8549c4e699c65721d53946d61b6127712572f7ad9ee13018ef3a25307002992aa727471c948d1bb22dcddf112715bed387d28f436123f30e153ae6bc0cd3648 DIST shadow-4.14.2.tar.xz 1799548 BLAKE2B 419f0a516753616ef691f71ec9002eef6fd7568c013ac71900d7481eff1bd9165c69d9587b7ca25800543a2eac58cfb7ce4224063e8af7b278f589640485c28f SHA512 b417dbe0fbbeced1022e64efe9dcd8b41d14779c45163e6de63891ac63f837d43f3e559f99f884099aa45282299ceb4dcb9fd29d21c9925687ff8462fe6ead2f DIST shadow-4.14.2.tar.xz.asc 833 BLAKE2B 9e085c79ccd3aa77489eb92e947dd4875dea84be2dbcbd2b8443e70b3dc065d288171ee024f81c6c3bf44d0ebfcabbb69937a906fdb26b6622d5a369aa415e8e SHA512 47a2607fa782a48b0333e353343a32f358115bb40225ea962fab86d4a8dbed1df976eb6231baf5b95f34a13139b99d6b719521626e5d3e9c80fc4c685767d9b7 DIST shadow-4.14.6.tar.xz 1805900 BLAKE2B e910131eab6527c1222afadf02ebd7bd6a3460baf95c23cc9eefa7aa21ddb70c02e58e4f58db2cb24fa8e2996c82b11664420545a8b1af573e4e6a25ceb3f921 SHA512 994a81afbafb19622a1d0f84527f96a84b0955c4ffa5e826682ead82af7940b8e3a091514bd2075622ebdf7638643c9c6b6b7ac3e48d985278db896249d70ae6 diff --git a/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch b/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch deleted file mode 100644 index 49868ba67c96..000000000000 --- a/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch +++ /dev/null @@ -1,100 +0,0 @@ -From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 -From: tomspiderlabs <[email protected]> -Date: Thu, 23 Mar 2023 23:39:38 +0000 -Subject: [PATCH] Added control character check - -Added control character check, returning -1 (to "err") if control characters are present. ---- - lib/fields.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index 640be931f..fb51b5829 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -21,9 +21,9 @@ - * - * The supplied field is scanned for non-printable and other illegal - * characters. -- * + -1 is returned if an illegal character is present. -- * + 1 is returned if no illegal characters are present, but the field -- * contains a non-printable character. -+ * + -1 is returned if an illegal or control character is present. -+ * + 1 is returned if no illegal or control characters are present, -+ * but the field contains a non-printable character. - * + 0 is returned otherwise. - */ - int valid_field (const char *field, const char *illegal) -@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) - } - - if (0 == err) { -- /* Search if there are some non-printable characters */ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { - if (!isprint (*cp)) { - err = 1; -+ } -+ if (!iscntrl (*cp)) { -+ err = -1; - break; - } - } -From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <[email protected]> -Date: Fri, 31 Mar 2023 14:46:50 +0200 -Subject: [PATCH] Overhaul valid_field() - -e5905c4b ("Added control character check") introduced checking for -control characters but had the logic inverted, so it rejects all -characters that are not control ones. - -Cast the character to `unsigned char` before passing to the character -checking functions to avoid UB. - -Use strpbrk(3) for the illegal character test and return early. ---- - lib/fields.c | 24 ++++++++++-------------- - 1 file changed, 10 insertions(+), 14 deletions(-) - -diff --git a/lib/fields.c b/lib/fields.c -index fb51b5829..539292485 100644 ---- a/lib/fields.c -+++ b/lib/fields.c -@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) - - /* For each character of field, search if it appears in the list - * of illegal characters. */ -+ if (illegal && NULL != strpbrk (field, illegal)) { -+ return -1; -+ } -+ -+ /* Search if there are non-printable or control characters */ - for (cp = field; '\0' != *cp; cp++) { -- if (strchr (illegal, *cp) != NULL) { -+ unsigned char c = *cp; -+ if (!isprint (c)) { -+ err = 1; -+ } -+ if (iscntrl (c)) { - err = -1; - break; - } - } - -- if (0 == err) { -- /* Search if there are non-printable or control characters */ -- for (cp = field; '\0' != *cp; cp++) { -- if (!isprint (*cp)) { -- err = 1; -- } -- if (!iscntrl (*cp)) { -- err = -1; -- break; -- } -- } -- } -- - return err; - } - diff --git a/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch b/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch deleted file mode 100644 index 4e703db93a6c..000000000000 --- a/sys-apps/shadow/files/shadow-4.13-configure-clang16.patch +++ /dev/null @@ -1,38 +0,0 @@ -https://github.com/shadow-maint/shadow/commit/a281f241b592aec636d1b93a99e764499d68c7ef -https://github.com/shadow-maint/shadow/pull/595 - -From a281f241b592aec636d1b93a99e764499d68c7ef Mon Sep 17 00:00:00 2001 -From: Florian Weimer <[email protected]> -Date: Mon, 21 Nov 2022 11:52:45 +0100 -Subject: [PATCH] Fix HAVE_SHADOWGRP configure check - -The missing #include <gshadow.h> causes the configure check to fail -spuriously, resulting in HAVE_SHADOWGRP not being defined even -on systems that actually have sgetsgent (such as current glibc). ---- a/configure.ac -+++ b/configure.ac -@@ -116,6 +116,10 @@ if test "$ac_cv_header_shadow_h" = "yes"; then - ac_cv_libc_shadowgrp, - AC_RUN_IFELSE([AC_LANG_SOURCE([ - #include <shadow.h> -+ #ifdef HAVE_GSHADOW_H -+ #include <gshadow.h> -+ #endif -+ int - main() - { - struct sgrp *sg = sgetsgent("test:x::"); - ---- a/configure -+++ b/configure -@@ -15684,6 +15684,10 @@ else $as_nop - /* end confdefs.h. */ - - #include <shadow.h> -+ #ifdef HAVE_GSHADOW_H -+ #include <gshadow.h> -+ #endif -+ int - main() - { - struct sgrp *sg = sgetsgent("test:x::"); diff --git a/sys-apps/shadow/files/shadow-4.13-password-leak.patch b/sys-apps/shadow/files/shadow-4.13-password-leak.patch deleted file mode 100644 index 25b5ec39c5f8..000000000000 --- a/sys-apps/shadow/files/shadow-4.13-password-leak.patch +++ /dev/null @@ -1,135 +0,0 @@ -https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 - -From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001 -From: Alejandro Colomar <[email protected]> -Date: Sat, 10 Jun 2023 16:20:05 +0200 -Subject: [PATCH] gpasswd(1): Fix password leak - -How to trigger this password leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -When gpasswd(1) asks for the new password, it asks twice (as is usual -for confirming the new password). Each of those 2 password prompts -uses agetpass() to get the password. If the second agetpass() fails, -the first password, which has been copied into the 'static' buffer -'pass' via STRFCPY(), wasn't being zeroed. - -agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and -can fail for any of the following reasons: - -- malloc(3) or readpassphrase(3) failure. - - These are going to be difficult to trigger. Maybe getting the system - to the limits of memory utilization at that exact point, so that the - next malloc(3) gets ENOMEM, and possibly even the OOM is triggered. - About readpassphrase(3), ENFILE and EINTR seem the only plausible - ones, and EINTR probably requires privilege or being the same user; - but I wouldn't discard ENFILE so easily, if a process starts opening - files. - -- The password is longer than PASS_MAX. - - The is plausible with physical access. However, at that point, a - keylogger will be a much simpler attack. - -And, the attacker must be able to know when the second password is being -introduced, which is not going to be easy. - -How to read the password after the leak? -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Provoking the leak yourself at the right point by entering a very long -password is easy, and inspecting the process stack at that point should -be doable. Try to find some consistent patterns. - -Then, search for those patterns in free memory, right after the victim -leaks their password. - -Once you get the leak, a program should read all the free memory -searching for patterns that gpasswd(1) leaves nearby the leaked -password. - -On 6/10/23 03:14, Seth Arnold wrote: -> An attacker process wouldn't be able to use malloc(3) for this task. -> There's a handful of tools available for userspace to allocate memory: -> -> - brk / sbrk -> - mmap MAP_ANONYMOUS -> - mmap /dev/zero -> - mmap some other file -> - shm_open -> - shmget -> -> Most of these return only pages of zeros to a process. Using mmap of an -> existing file, you can get some of the contents of the file demand-loaded -> into the memory space on the first use. -> -> The MAP_UNINITIALIZED flag only works if the kernel was compiled with -> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare. -> -> malloc(3) doesn't zero memory, to our collective frustration, but all the -> garbage in the allocations is from previous allocations in the current -> process. It isn't leftover from other processes. -> -> The avenues available for reading the memory: -> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot) -> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA) -> - ptrace (requires ptrace privileges, mediated by YAMA) -> - causing memory to be swapped to disk, and then inspecting the swap -> -> These all require a certain amount of privileges. - -How to fix it? -~~~~~~~~~~~~~ - -memzero(), which internally calls explicit_bzero(3), or whatever -alternative the system provides with a slightly different name, will -make sure that the buffer is zeroed in memory, and optimizations are not -allowed to impede this zeroing. - -This is not really 100% effective, since compilers may place copies of -the string somewhere hidden in the stack. Those copies won't get zeroed -by explicit_bzero(3). However, that's arguably a compiler bug, since -compilers should make everything possible to avoid optimizing strings -that are later passed to explicit_bzero(3). But we all know that -sometimes it's impossible to have perfect knowledge in the compiler, so -this is plausible. Nevertheless, there's nothing we can do against such -issues, except minimizing the time such passwords are stored in plain -text. - -Security concerns -~~~~~~~~~~~~~~~~ - -We believe this isn't easy to exploit. Nevertheless, and since the fix -is trivial, this fix should probably be applied soon, and backported to -all supported distributions, to prevent someone else having more -imagination than us to find a way. - -Affected versions -~~~~~~~~~~~~~~~~ - -All. Bug introduced in shadow 19990709. That's the second commit in -the git history. - -Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)") -Reported-by: Alejandro Colomar <[email protected]> -Cc: Serge Hallyn <[email protected]> -Cc: Iker Pedrosa <[email protected]> -Cc: Seth Arnold <[email protected]> -Cc: Christian Brauner <[email protected]> -Cc: Balint Reczey <[email protected]> -Cc: Sam James <[email protected]> -Cc: David Runge <[email protected]> -Cc: Andreas Jaeger <[email protected]> -Cc: <~hallyn/[email protected]> -Signed-off-by: Alejandro Colomar <[email protected]> ---- a/src/gpasswd.c -+++ b/src/gpasswd.c -@@ -898,6 +898,7 @@ static void change_passwd (struct group *gr) - erase_pass (cp); - cp = agetpass (_("Re-enter new password: ")); - if (NULL == cp) { -+ memzero (pass, sizeof pass); - exit (1); - } - diff --git a/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch b/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch deleted file mode 100644 index 50cbe699d15e..000000000000 --- a/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://bugs.gentoo.org/903083 -https://github.com/shadow-maint/shadow/pull/691 -https://github.com/shadow-maint/shadow/commit/bd2d0079c90241f24671a7946a3ad175dc1a3aeb - -From fcb04de38a0ddc263288a1c450b35bfb1503d523 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <[email protected]> -Date: Sat, 25 Mar 2023 21:16:55 -0400 -Subject: [PATCH] usermod: respect --prefix for --gid option - -The --gid option accepts a group name or id. When a name is provided, it -is resolved to an id by looking up the name in the group database -(/etc/group). - -The --prefix option overides the location of the passwd and group -databases. I suspect the --gid option was overlooked when wiring up the ---prefix option. - -useradd --gid already respects --prefix; this change makes usermod -behave the same way. - -Fixes: b6b2c756c91806b1c3e150ea0ee4721c6cdaf9d0 -Signed-off-by: Mike Gilbert <[email protected]> ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -1072,7 +1072,7 @@ static void process_flags (int argc, char **argv) - fflg = true; - break; - case 'g': -- grp = getgr_nam_gid (optarg); -+ grp = prefix_getgr_nam_gid (optarg); - if (NULL == grp) { - fprintf (stderr, - _("%s: group '%s' does not exist\n"), diff --git a/sys-apps/shadow/shadow-4.13-r4.ebuild b/sys-apps/shadow/shadow-4.13-r4.ebuild deleted file mode 100644 index b2cbba68a664..000000000000 --- a/sys-apps/shadow/shadow-4.13-r4.ebuild +++ /dev/null @@ -1,272 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Upstream sometimes pushes releases as pre-releases before marking them -# official. Don't keyword the pre-releases! -# Check https://github.com/shadow-maint/shadow/releases. - -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/sergehallyn.asc -inherit libtool pam verify-sig - -DESCRIPTION="Utilities to deal with user accounts" -HOMEPAGE="https://github.com/shadow-maint/shadow"; -SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz"; -SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )" - -LICENSE="BSD GPL-2" -# Subslot is for libsubid's SONAME. -SLOT="0/4" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su xattr" -# Taken from the man/Makefile.am file. -LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW ) - -REQUIRED_USE="?? ( cracklib pam )" - -COMMON_DEPEND=" - virtual/libcrypt:= - acl? ( sys-apps/acl:= ) - audit? ( >=sys-process/audit-2.6:= ) - cracklib? ( >=sys-libs/cracklib-2.7-r3:= ) - nls? ( virtual/libintl ) - pam? ( sys-libs/pam:= ) - skey? ( sys-auth/skey:= ) - selinux? ( - >=sys-libs/libselinux-1.28:= - sys-libs/libsemanage:= - ) - xattr? ( sys-apps/attr:= ) -" -DEPEND=" - ${COMMON_DEPEND} - >=sys-kernel/linux-headers-4.14 -" -RDEPEND=" - ${COMMON_DEPEND} - !<sys-apps/man-pages-5.11-r1 - !=sys-apps/man-pages-5.12-r0 - !=sys-apps/man-pages-5.12-r1 - nls? ( - !<app-i18n/man-pages-it-5.06-r1 - !<app-i18n/man-pages-ja-20180315-r1 - !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1 - ) - pam? ( >=sys-auth/pambase-20150213 ) - su? ( !sys-apps/util-linux[su(-)] ) -" -BDEPEND=" - app-arch/xz-utils - sys-devel/gettext - verify-sig? ( sec-keys/openpgp-keys-sergehallyn ) -" - -PATCHES=( - "${FILESDIR}"/${P}-configure-clang16.patch - "${FILESDIR}"/${P}-CVE-2023-29383.patch - "${FILESDIR}"/${P}-usermod-prefix-gid.patch - "${FILESDIR}"/${P}-password-leak.patch -) - -src_prepare() { - default - - elibtoolize -} - -src_configure() { - local myeconfargs=( - --disable-account-tools-setuid - --disable-static - --with-btrfs - --without-group-name-max-length - --without-tcb - $(use_enable nls) - $(use_with acl) - $(use_with audit) - $(use_with bcrypt) - $(use_with cracklib libcrack) - $(use_with elibc_glibc nscd) - $(use_with pam libpam) - $(use_with selinux) - $(use_with skey) - $(use_with su) - $(use_with xattr attr) - ) - - econf "${myeconfargs[@]}" - - if use nls ; then - local l langs="po" # These are the pot files. - for l in ${LANGS[*]} ; do - has ${l} ${LINGUAS-${l}} && langs+=" ${l}" - done - sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die - fi -} - -set_login_opt() { - local comment="" opt=${1} val=${2} - if [[ -z ${val} ]]; then - comment="#" - sed -i \ - -e "/^${opt}\>/s:^:#:" \ - "${ED}"/etc/login.defs || die - else - sed -i -r \ - -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ - "${ED}"/etc/login.defs - fi - local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) - einfo "${res:-Unable to find ${opt} in /etc/login.defs}" -} - -src_install() { - emake DESTDIR="${D}" suidperms=4711 install - - # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389 - emake DESTDIR="${D}" -C man install - - find "${ED}" -name '*.la' -type f -delete || die - - insinto /etc - if ! use pam ; then - insopts -m0600 - doins etc/login.access etc/limits - fi - - # needed for 'useradd -D' - insinto /etc/default - insopts -m0600 - doins "${FILESDIR}"/default/useradd - - if use split-usr ; then - # move passwd to / to help recover broke systems #64441 - # We cannot simply remove this or else net-misc/scponly - # and other tools will break because of hardcoded passwd - # location - dodir /bin - mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die - dosym ../../bin/passwd /usr/bin/passwd - fi - - cd "${S}" || die - insinto /etc - insopts -m0644 - newins etc/login.defs login.defs - - set_login_opt CREATE_HOME yes - if ! use pam ; then - set_login_opt MAIL_CHECK_ENAB no - set_login_opt SU_WHEEL_ONLY yes - set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict - set_login_opt LOGIN_RETRIES 3 - set_login_opt ENCRYPT_METHOD SHA512 - set_login_opt CONSOLE - else - dopamd "${FILESDIR}"/pam.d-include/shadow - - for x in chsh chfn ; do - newpamd "${FILESDIR}"/pam.d-include/passwd ${x} - done - - for x in chpasswd newusers ; do - newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x} - done - - newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems - - # Comment out login.defs options that pam hates - local opt sed_args=() - for opt in \ - CHFN_AUTH \ - CONSOLE \ - CRACKLIB_DICTPATH \ - ENV_HZ \ - ENVIRON_FILE \ - FAILLOG_ENAB \ - FTMP_FILE \ - LASTLOG_ENAB \ - MAIL_CHECK_ENAB \ - MOTD_FILE \ - NOLOGINS_FILE \ - OBSCURE_CHECKS_ENAB \ - PASS_ALWAYS_WARN \ - PASS_CHANGE_TRIES \ - PASS_MIN_LEN \ - PORTTIME_CHECKS_ENAB \ - QUOTAS_ENAB \ - SU_WHEEL_ONLY - do - set_login_opt ${opt} - sed_args+=( -e "/^#${opt}\>/b pamnote" ) - done - sed -i "${sed_args[@]}" \ - -e 'b exit' \ - -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ - -e ': exit' \ - "${ED}"/etc/login.defs || die - - # Remove manpages that pam will install for us - # and/or don't apply when using pam - find "${ED}"/usr/share/man -type f \ - '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ - -delete - - # Remove pam.d files provided by pambase. - rm "${ED}"/etc/pam.d/{login,passwd} || die - if use su ; then - rm "${ED}"/etc/pam.d/su || die - fi - fi - - # Remove manpages that are handled by other packages - find "${ED}"/usr/share/man -type f \ - '(' -name id.1 -o -name getspnam.3 ')' \ - -delete || die - - if ! use su ; then - find "${ED}"/usr/share/man -type f -name su.1 -delete || die - fi - - cd "${S}" || die - dodoc ChangeLog NEWS TODO - newdoc README README.download - cd doc || die - dodoc HOWTO README* WISHLIST *.txt - - if use elibc_musl; then - QA_CONFIG_IMPL_DECL_SKIP+=( sgetsgent ) - fi -} - -pkg_preinst() { - rm -f "${EROOT}"/etc/pam.d/system-auth.new \ - "${EROOT}/etc/login.defs.new" -} - -pkg_postinst() { - # Missing entries from /etc/passwd can cause odd system blips. - # See bug #829872. - if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then - ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors." - fi - - # Enable shadow groups. - if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then - if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then - grpconv -R "${EROOT:-/}" - else - ewarn "Running 'grpck' returned errors. Please run it by hand, and then" - ewarn "run 'grpconv' afterwards!" - fi - fi - - [[ ! -f "${EROOT}"/etc/subgid ]] && - touch "${EROOT}"/etc/subgid - [[ ! -f "${EROOT}"/etc/subuid ]] && - touch "${EROOT}"/etc/subuid - - einfo "The 'adduser' symlink to 'useradd' has been dropped." -}
