[arch-commits] Commit in shadow/trunk (PKGBUILD shadow.install)
Date: Sunday, July 12, 2020 @ 14:10:45 Author: dreisner Revision: 391755 upgpkg: shadow 4.8.1-2 - use libcap-ng to set filecaps rather than libcap (FS#63920) Modified: shadow/trunk/PKGBUILD shadow/trunk/shadow.install + PKGBUILD |5 +++-- shadow.install | 11 +-- 2 files changed, 12 insertions(+), 4 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-07-12 13:02:37 UTC (rev 391754) +++ PKGBUILD2020-07-12 14:10:45 UTC (rev 391755) @@ -3,12 +3,13 @@ pkgname=shadow pkgver=4.8.1 -pkgrel=1 +pkgrel=2 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('x86_64') url='https://github.com/shadow-maint/shadow' license=('BSD') -depends=('pam' 'acl' 'audit' 'libaudit.so') +# libcap-ng needed by install scriptlet for 'filecap' +depends=('pam' 'acl' 'audit' 'libaudit.so' 'libcap-ng') makedepends=('git' 'itstool' 'libxslt' 'docbook-xsl') backup=(etc/login.defs etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel} Modified: shadow.install === --- shadow.install 2020-07-12 13:02:37 UTC (rev 391754) +++ shadow.install 2020-07-12 14:10:45 UTC (rev 391755) @@ -1,7 +1,14 @@ setcaps() { + _setcap() { +if filecap "$1" "$2"; then + chmod -s "$1" +fi + } + # shadow ships these as setuid, but if we can apply file caps, use those instead. - setcap cap_setuid+ep usr/bin/newuidmap 2>/dev/null && chmod -s usr/bin/newuidmap - setcap cap_setgid+ep usr/bin/newgidmap 2>/dev/null && chmod -s usr/bin/newgidmap + # 'filecap' insists on absolute paths + _setcap /usr/bin/newuidmap setuid + _setcap /usr/bin/newgidmap setgid } post_install() {
[arch-commits] Commit in shadow/trunk (PKGBUILD shadow.install)
Date: Thursday, August 1, 2019 @ 18:04:21 Author: dreisner Revision: 358862 upgpkg: shadow 4.7-2 - apply filecaps to newuidmap/newgidmap instead of setuid (FS#63248) Added: shadow/trunk/shadow.install Modified: shadow/trunk/PKGBUILD + PKGBUILD |3 ++- shadow.install | 15 +++ 2 files changed, 17 insertions(+), 1 deletion(-) Modified: PKGBUILD === --- PKGBUILD2019-08-01 14:12:28 UTC (rev 358861) +++ PKGBUILD2019-08-01 18:04:21 UTC (rev 358862) @@ -3,7 +3,7 @@ pkgname=shadow pkgver=4.7 -pkgrel=1 +pkgrel=2 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('x86_64') url='https://github.com/shadow-maint/shadow' @@ -28,6 +28,7 @@ passwd shadow.{timer,service} useradd.defaults) +install=shadow.install sha1sums=('SKIP' '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' Added: shadow.install === --- shadow.install (rev 0) +++ shadow.install 2019-08-01 18:04:21 UTC (rev 358862) @@ -0,0 +1,15 @@ +setcaps() { + # shadow ships these as setuid, but if we can apply file caps, use those instead. + setcap cap_setuid+ep usr/bin/newuidmap 2>/dev/null && chmod -s usr/bin/newuidmap + setcap cap_setgid+ep usr/bin/newgidmap 2>/dev/null && chmod -s usr/bin/newgidmap +} + +post_install() { + setcaps +} + +post_upgrade() { + setcaps +} + +# vim:set ts=2 sw=2 et:
[arch-commits] Commit in shadow/trunk (PKGBUILD shadow.install)
Date: Sunday, June 30, 2019 @ 19:48:28 Author: dreisner Revision: 357127 upgpkg: shadow 4.7-1 - drop shadow.install, duplicates things from shadow.service - drop bash dependency, probably had it historically for adduser (and scriptlet?) Modified: shadow/trunk/PKGBUILD Deleted: shadow/trunk/shadow.install + PKGBUILD | 13 +++-- shadow.install |9 - 2 files changed, 3 insertions(+), 19 deletions(-) Modified: PKGBUILD === --- PKGBUILD2019-06-30 19:25:57 UTC (rev 357126) +++ PKGBUILD2019-06-30 19:48:28 UTC (rev 357127) @@ -2,14 +2,14 @@ # Maintainer: Aaron Griffin pkgname=shadow -pkgver=4.6 -pkgrel=3 +pkgver=4.7 +pkgrel=1 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('x86_64') url='https://github.com/shadow-maint/shadow' license=('BSD') groups=('base') -depends=('bash' 'pam' 'acl' 'audit' 'libaudit.so') +depends=('pam' 'acl' 'audit' 'libaudit.so') makedepends=('git' 'libxslt' 'docbook-xsl' 'gnome-doc-utils') backup=(etc/login.defs etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel} @@ -17,7 +17,6 @@ etc/pam.d/{chgpasswd,groupmems} etc/default/useradd) options=(strip debug) -install='shadow.install' validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8') # Christian Perrier source=("git+https://github.com/shadow-maint/shadow.git#tag=$pkgver"; LICENSE @@ -51,12 +50,6 @@ cd "$pkgname" local backports=( -# Fix usermod crash -73a876a05612c278da747faeaeea40c3b8d34a53 -# usermod: prevent a segv -48dcf7852e51b9d8e7926737cc7f7823978b7d7d -# https://github.com/shadow-maint/shadow/issues/125 -10e388efc2c786d1ec4ed007891bfefa8826b6fd ) for commit in "${backports[@]}"; do Deleted: shadow.install === --- shadow.install 2019-06-30 19:25:57 UTC (rev 357126) +++ shadow.install 2019-06-30 19:48:28 UTC (rev 357127) @@ -1,9 +0,0 @@ -post_upgrade() { - grpck -r >/dev/null 2>&1 - if [ $? -eq 2 ]; then -printf '%s\n' \ - "==> Warning: /etc/group or /etc/gshadow are inconsistent." \ - "Run 'grpck' to correct this." - fi - return 0 -}
[arch-commits] Commit in shadow/trunk (PKGBUILD shadow.install)
Date: Saturday, December 3, 2011 @ 20:15:57 Author: dreisner Revision: 144102 upgpkg: shadow 4.1.4.3-5 - remove bashism from install scriptlet - remove auto-fixit if grpck exit with 2 (FS#27270) Modified: shadow/trunk/PKGBUILD shadow/trunk/shadow.install + PKGBUILD |2 +- shadow.install |7 --- 2 files changed, 5 insertions(+), 4 deletions(-) Modified: PKGBUILD === --- PKGBUILD2011-12-03 22:12:51 UTC (rev 144101) +++ PKGBUILD2011-12-04 01:15:57 UTC (rev 144102) @@ -4,7 +4,7 @@ pkgname=shadow pkgver=4.1.4.3 -pkgrel=4 +pkgrel=5 pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('i686' 'x86_64') url='http://pkg-shadow.alioth.debian.org/' Modified: shadow.install === --- shadow.install 2011-12-03 22:12:51 UTC (rev 144101) +++ shadow.install 2011-12-04 01:15:57 UTC (rev 144102) @@ -1,8 +1,9 @@ post_upgrade() { - grpck -r &>/dev/null + grpck -r >/dev/null 2>&1 if [ $? -eq 2 ]; then -echo "Fixing gshadow file ..." -while :; do echo "y"; done | grpck &>/dev/null +printf '%s\n' \ + "==> Warning: /etc/group or /etc/gshadow are inconsistant." \ + "Run 'grpck' to correct this." fi return 0 }