[STABLE] Adding shadow recipes

[STABLE] Adding shadow recipes

[Marcin Juszkiewicz]

Recently I am working on rootfs which does not contains BusyBox. One
of components which I use is 'shadow' which got several improvements
in .dev tree.

[PATCH][STABLE] shadow: add 4.1.4

[Marcin Juszkiewicz]

From: Steve Sakoman <steve@sakoman.com>

---
 conf/checksums.ini             |    4 ++++
 recipes/shadow/shadow_4.1.4.bb |   11 +++++++++++
 2 files changed, 15 insertions(+), 0 deletions(-)
 create mode 100644 recipes/shadow/shadow_4.1.4.bb

diff --git a/conf/checksums.ini b/conf/checksums.ini
index a8b8cbf..952e9e3 100644
--- a/conf/checksums.ini
+++ b/conf/checksums.ini
@@ -23054,6 +23054,10 @@ sha256=7dc418c1d361123ffc5e45d61f1b97257940a8eb35d0bfbbc493381cc5b1f959
 md5=45f77f33a6b2a5c09c28511ebb733b87
 sha256=7fd6495d6c3e8dac7ba086c68abed4930c958a94afc15359223074614559e462
 
+[ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.tar.gz]
+md5=e1072df927bfb4410ee4dfe26dd81a17
+sha256=7e38a7826f6e71e89b55669e8343af05ae33ecfba99aad178cad45845d950a93
+
 [http://freedesktop.org/~hadess/shared-mime-info-0.20.tar.bz2]
 md5=62184241d497d34138285bc248b3fabc
 sha256=6febe616fb850f4319efa7017312abb796024e7ac20da37c4d2ce34afa41776c
diff --git a/recipes/shadow/shadow_4.1.4.bb b/recipes/shadow/shadow_4.1.4.bb
new file mode 100644
index 0000000..393edce
--- /dev/null
+++ b/recipes/shadow/shadow_4.1.4.bb
@@ -0,0 +1,11 @@
+DESCRIPTION = "login/password utilities"
+LICENSE = "GPL"
+
+inherit autotools
+
+SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.gz"
+
+S = "${WORKDIR}/shadow-${PV}"
+
+CFLAGS_append = " -I../include"
+
-- 
1.7.0.2

[PATCH][STABLE] shadow: Add version 4.1.4.2 and checksum.

[Marcin Juszkiewicz]

From: David-John Willis <John.Willis@Distant-earth.com>

* This version now has Linux-PAM support enabled in OE so will need some testing and maybe a little tweaking.
* Add pam.d config files for common shadow utils in addition to the default ones.
* Cleanup shadow defaults and make shadow 'play nice' with PAM.
* Update pam.d service files to suggested upstream Linux-PAM layout.
* TODO: Some Shadow default session files still use the older layout (incluse system-auth for everything). These will need newer files to be added to the pam.d folder in the recipe as they are found.
---
 conf/checksums.ini                      |    8 +++
 recipes/shadow/files/login_defs_pam.sed |   25 +++++++++
 recipes/shadow/files/pam.d/chfn         |   14 +++++
 recipes/shadow/files/pam.d/chpasswd     |    4 ++
 recipes/shadow/files/pam.d/chsh         |   19 +++++++
 recipes/shadow/files/pam.d/login        |   91 +++++++++++++++++++++++++++++++
 recipes/shadow/files/pam.d/newusers     |    4 ++
 recipes/shadow/files/pam.d/passwd       |    5 ++
 recipes/shadow/files/pam.d/su           |   60 ++++++++++++++++++++
 recipes/shadow/shadow_4.1.4.2.bb        |   52 ++++++++++++++++++
 10 files changed, 282 insertions(+), 0 deletions(-)
 create mode 100644 recipes/shadow/files/login_defs_pam.sed
 create mode 100644 recipes/shadow/files/pam.d/chfn
 create mode 100644 recipes/shadow/files/pam.d/chpasswd
 create mode 100644 recipes/shadow/files/pam.d/chsh
 create mode 100644 recipes/shadow/files/pam.d/login
 create mode 100644 recipes/shadow/files/pam.d/newusers
 create mode 100644 recipes/shadow/files/pam.d/passwd
 create mode 100644 recipes/shadow/files/pam.d/su
 create mode 100644 recipes/shadow/shadow_4.1.4.2.bb

diff --git a/conf/checksums.ini b/conf/checksums.ini
index 08166db..fa8d4b9 100644
--- a/conf/checksums.ini
+++ b/conf/checksums.ini
@@ -24126,6 +24126,10 @@ sha256=7dc418c1d361123ffc5e45d61f1b97257940a8eb35d0bfbbc493381cc5b1f959
 md5=45f77f33a6b2a5c09c28511ebb733b87
 sha256=7fd6495d6c3e8dac7ba086c68abed4930c958a94afc15359223074614559e462
 
+[ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.2.tar.bz2]
+md5=d593a9cab93c48ee0a6ba056db8c1997
+sha256=97987f6a7967a85e6aa0dba2a1d52db8bd69af5a717391de5693db768fb78990
+
 [ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.tar.gz]
 md5=e1072df927bfb4410ee4dfe26dd81a17
 sha256=7e38a7826f6e71e89b55669e8343af05ae33ecfba99aad178cad45845d950a93
@@ -29906,6 +29910,10 @@ sha256=86b176b6efc52557b1c7631bfdd5c17e7060a438e1e85ce15ec9657be356c50b
 md5=11080456822146ebc0118b15f4b911d9
 sha256=6b5b3ef58e6646f004a5f1cbc6be8f32b824cfbf78a30bf242e4f07083668770
 
+[ftp://ftp.x.org/R5contrib/xloadimage.4.1.tar.gz]
+md5=7331850fc04056ab8ae6b5725d1fb3d2
+sha256=400bc7d84dcfb3265a7a1ce51819679dc3adaeda231514bd89b0f932b78ff5c4
+
 [http://xorg.freedesktop.org/releases/individual/app/xlogo-1.0.1.tar.bz2]
 md5=4c5482552f38a7d42398a694cc9b2ee6
 sha256=de59f9be3d45fe93f445f39bec3cea09753a671e56863ce77e3a797d2df526b2
diff --git a/recipes/shadow/files/login_defs_pam.sed b/recipes/shadow/files/login_defs_pam.sed
new file mode 100644
index 0000000..655f115
--- /dev/null
+++ b/recipes/shadow/files/login_defs_pam.sed
@@ -0,0 +1,25 @@
+/^FAILLOG_ENAB/b comment
+/^LASTLOG_ENAB/b comment
+/^MAIL_CHECK_ENAB/b comment
+/^OBSCURE_CHECKS_ENAB/b comment
+/^PORTTIME_CHECKS_ENAB/b comment
+/^QUOTAS_ENAB/b comment
+/^MOTD_FILE/b comment
+/^FTMP_FILE/b comment
+/^NOLOGINS_FILE/b comment
+/^ENV_HZ/b comment
+/^PASS_MIN_LEN/b comment
+/^SU_WHEEL_ONLY/b comment
+/^CRACKLIB_DICTPATH/b comment
+/^PASS_CHANGE_TRIES/b comment
+/^PASS_ALWAYS_WARN/b comment
+/^CHFN_AUTH/b comment
+/^ENVIRON_FILE/b comment
+
+b exit
+
+: comment
+  s:^:#:
+
+: exit
+
diff --git a/recipes/shadow/files/pam.d/chfn b/recipes/shadow/files/pam.d/chfn
new file mode 100644
index 0000000..baf7698
--- /dev/null
+++ b/recipes/shadow/files/pam.d/chfn
@@ -0,0 +1,14 @@
+#
+# The PAM configuration file for the Shadow `chfn' service
+#
+
+# This allows root to change user infomation without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
diff --git a/recipes/shadow/files/pam.d/chpasswd b/recipes/shadow/files/pam.d/chpasswd
new file mode 100644
index 0000000..9e3efa6
--- /dev/null
+++ b/recipes/shadow/files/pam.d/chpasswd
@@ -0,0 +1,4 @@
+# The PAM configuration file for the Shadow 'chpasswd' service
+#
+
+password   include      common-password
diff --git a/recipes/shadow/files/pam.d/chsh b/recipes/shadow/files/pam.d/chsh
new file mode 100644
index 0000000..8fb169f
--- /dev/null
+++ b/recipes/shadow/files/pam.d/chsh
@@ -0,0 +1,19 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
new file mode 100644
index 0000000..2186d3e
--- /dev/null
+++ b/recipes/shadow/files/pam.d/login
@@ -0,0 +1,91 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth       optional   pam_faildelay.so  delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+# Note that it is included as a "requisite" module. No password prompts will
+# be displayed if this module fails to avoid having the root password
+# transmitted on unsecure ttys.
+# You can change it to a "required" module if you think it permits to
+# guess valid user names of your system (invalid user names are considered
+# as possibly being root).
+auth       requisite  pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# SELinux needs to be the first session rule. This ensures that any 
+# lingering context has been cleared. Without out this it is possible 
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon succesful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon succesful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon succesful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session    optional   pam_mail.so standard
+
+# Standard Un*x account and session
+account    include      common-account
+password   include      common-password
+session    include      common-session
diff --git a/recipes/shadow/files/pam.d/newusers b/recipes/shadow/files/pam.d/newusers
new file mode 100644
index 0000000..4aa3dde
--- /dev/null
+++ b/recipes/shadow/files/pam.d/newusers
@@ -0,0 +1,4 @@
+# The PAM configuration file for the Shadow 'newusers' service
+#
+
+password   include      common-password
diff --git a/recipes/shadow/files/pam.d/passwd b/recipes/shadow/files/pam.d/passwd
new file mode 100644
index 0000000..f534992
--- /dev/null
+++ b/recipes/shadow/files/pam.d/passwd
@@ -0,0 +1,5 @@
+#
+# The PAM configuration file for the Shadow `passwd' service
+#
+
+password   include      common-password
diff --git a/recipes/shadow/files/pam.d/su b/recipes/shadow/files/pam.d/su
new file mode 100644
index 0000000..8e35137
--- /dev/null
+++ b/recipes/shadow/files/pam.d/su
@@ -0,0 +1,60 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+
+# This allows root to su without passwords (normal operation)
+auth       sufficient pam_rootok.so
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo"
+# to the end of this line if you want to use a group other
+# than the default "root" (but this may have side effect of
+# denying "root" user, unless she's a member of "foo" or explicitly
+# permitted earlier by e.g. "sufficient pam_rootok.so").
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth       required   pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth       sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth       required   pam_wheel.so deny group=nosu
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# 
+# parsing /etc/environment needs "readenv=1"
+session       required   pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user 
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+#
+# "nopen" stands to avoid reporting new mail when su'ing to another user
+session    optional   pam_mail.so nopen
+
+# Sets up user limits, please uncomment and read /etc/security/limits.conf
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+# session    required   pam_limits.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
new file mode 100644
index 0000000..04887a0
--- /dev/null
+++ b/recipes/shadow/shadow_4.1.4.2.bb
@@ -0,0 +1,52 @@
+DESCRIPTION = "login/password and account utilities"
+LICENSE = "GPL"
+
+DEPEND = "libpam"
+RDEPEND = "${DEPEND}"
+
+PR = "r5"
+
+EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
+
+inherit autotools
+
+HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
+SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
+           file://login_defs_pam.sed \
+"
+
+# Additional Policy files for PAM
+SRC_URI_append = " \
+           file://pam.d/chfn \ 
+           file://pam.d/chpasswd \
+           file://pam.d/chsh \
+           file://pam.d/login \
+           file://pam.d/newusers \
+           file://pam.d/passwd \
+           file://pam.d/su \
+"
+
+S = "${WORKDIR}/shadow-${PV}"
+
+CFLAGS_append = " -I../include"
+
+do_install_append() {
+  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
+  # reconfigures Shadow to default (see sed below).
+  install -d ${D}${localstatedir}/spool/mail/  
+  
+  install -d ${D}${sysconfdir}/pam.d/  
+  install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+
+  # Remove defaults that are not used when supporting PAM
+  sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
+
+  # Enable CREATE_HOME by default.
+  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs 
+  
+  # As we are on an embedded system ensure the users mailbox is in ~/ not 
+  # /var/spool/mail by default as who knows where or how big /var is.
+  # The system MDA will set this later anyway.
+  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs 
+  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs 
+}
-- 
1.7.0.2

[PATCH][STABLE] shadow: try to fix serial-login issue

[Marcin Juszkiewicz]

From: Koen Kooi <koen@openembedded.org>

---
 recipes/shadow/files/pam.d/login |    2 +-
 recipes/shadow/files/securetty   |  167 ++++++++++++++++++++++++++++++++++++++
 recipes/shadow/shadow_4.1.4.2.bb |    5 +-
 3 files changed, 172 insertions(+), 2 deletions(-)
 create mode 100644 recipes/shadow/files/securetty

diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
index 2186d3e..65992c6 100644
--- a/recipes/shadow/files/pam.d/login
+++ b/recipes/shadow/files/pam.d/login
@@ -20,7 +20,7 @@ auth       optional   pam_faildelay.so  delay=3000000
 # You can change it to a "required" module if you think it permits to
 # guess valid user names of your system (invalid user names are considered
 # as possibly being root).
-auth       requisite  pam_securetty.so
+auth       [success=ok ignore=ignore user_unknown=ignore default=die]  pam_securetty.so
 
 # Disallows other than root logins when /etc/nologin exists
 # (Replaces the `NOLOGINS_FILE' option from login.defs)
diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
new file mode 100644
index 0000000..2705baa
--- /dev/null
+++ b/recipes/shadow/files/securetty
@@ -0,0 +1,167 @@
+# /etc/securetty: list of terminals on which root is allowed to login.
+# See securetty(5) and login(1).
+console
+
+# Standard serial ports
+ttyS0
+ttyS1
+
+# USB dongles
+ttyUSB0
+ttyUSB1
+ttyUSB2
+
+# Embedded MPC platforms
+ttyPSC0
+ttyPSC1
+ttyPSC2
+ttyPSC3
+ttyPSC4
+ttyPSC5
+
+# PA-RISC mux ports
+ttyB0
+ttyB1
+
+# Standard hypervisor virtual console
+hvc0
+
+# Oldstyle Xen console
+xvc0
+
+# Standard consoles
+tty1
+tty2
+tty3
+tty4
+tty5
+tty6
+tty7
+tty8
+tty9
+tty10
+tty11
+tty12
+tty13
+tty14
+tty15
+tty16
+tty17
+tty18
+tty19
+tty20
+tty21
+tty22
+tty23
+tty24
+tty25
+tty26
+tty27
+tty28
+tty29
+tty30
+tty31
+tty32
+tty33
+tty34
+tty35
+tty36
+tty37
+tty38
+tty39
+tty40
+tty41
+tty42
+tty43
+tty44
+tty45
+tty46
+tty47
+tty48
+tty49
+tty50
+tty51
+tty52
+tty53
+tty54
+tty55
+tty56
+tty57
+tty58
+tty59
+tty60
+tty61
+tty62
+tty63
+
+# devfs consoles
+# Note: On kernels greater than 2.6.12, this is not needed.
+
+# Standard serial ports, with devfs
+tts/0
+tts/1
+
+# Standard consoles, with devfs
+vc/1
+vc/2
+vc/3
+vc/4
+vc/5
+vc/6
+vc/7
+vc/8
+vc/9
+vc/10
+vc/11
+vc/12
+vc/13
+vc/14
+vc/15
+vc/16
+vc/17
+vc/18
+vc/19
+vc/20
+vc/21
+vc/22
+vc/23
+vc/24
+vc/25
+vc/26
+vc/27
+vc/28
+vc/29
+vc/30
+vc/31
+vc/32
+vc/33
+vc/34
+vc/35
+vc/36
+vc/37
+vc/38
+vc/39
+vc/40
+vc/41
+vc/42
+vc/43
+vc/44
+vc/45
+vc/46
+vc/47
+vc/48
+vc/49
+vc/50
+vc/51
+vc/52
+vc/53
+vc/54
+vc/55
+vc/56
+vc/57
+vc/58
+vc/59
+vc/60
+vc/61
+vc/62
+vc/63
diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
index 04887a0..7f64023 100644
--- a/recipes/shadow/shadow_4.1.4.2.bb
+++ b/recipes/shadow/shadow_4.1.4.2.bb
@@ -4,7 +4,7 @@ LICENSE = "GPL"
 DEPEND = "libpam"
 RDEPEND = "${DEPEND}"
 
-PR = "r5"
+PR = "r6"
 
 EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
 
@@ -24,6 +24,7 @@ SRC_URI_append = " \
            file://pam.d/newusers \
            file://pam.d/passwd \
            file://pam.d/su \
+           file://securetty \
 "
 
 S = "${WORKDIR}/shadow-${PV}"
@@ -49,4 +50,6 @@ do_install_append() {
   # The system MDA will set this later anyway.
   sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs 
   sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs 
+
+  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
 }
-- 
1.7.0.2

[PATCH][STABLE] shadow: unbork the dependencies.. its DEPENDS, not DEPEND.

[Marcin Juszkiewicz]

From: Chris Larson <clarson@mvista.com>

Signed-off-by: Chris Larson <clarson@mvista.com>
---
 recipes/shadow/shadow_4.1.4.2.bb |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
index 7f64023..b53f89f 100644
--- a/recipes/shadow/shadow_4.1.4.2.bb
+++ b/recipes/shadow/shadow_4.1.4.2.bb
@@ -1,8 +1,7 @@
 DESCRIPTION = "login/password and account utilities"
 LICENSE = "GPL"
 
-DEPEND = "libpam"
-RDEPEND = "${DEPEND}"
+DEPENDS = "libpam"
 
 PR = "r6"
 
-- 
1.7.0.2

[PATCH][STABLE] shadow: reorg into .inc, pull some mvl6 changes over, use a 'pam' distro feature.

[Marcin Juszkiewicz]

From: Chris Larson <clarson@mvista.com>

Signed-off-by: Chris Larson <clarson@mvista.com>
---
 recipes/shadow/shadow.inc        |   91 ++++++++++++++++++++++++++++++++++++++
 recipes/shadow/shadow_4.1.4.1.bb |    3 +
 recipes/shadow/shadow_4.1.4.2.bb |   55 +----------------------
 recipes/shadow/shadow_4.1.4.bb   |   12 +----
 4 files changed, 98 insertions(+), 63 deletions(-)
 create mode 100644 recipes/shadow/shadow.inc
 create mode 100644 recipes/shadow/shadow_4.1.4.1.bb

diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
new file mode 100644
index 0000000..83d06c3
--- /dev/null
+++ b/recipes/shadow/shadow.inc
@@ -0,0 +1,91 @@
+# Configuration parameters
+SHADOW_MAILFILE ?= "Mailbox"
+SHADOW_MAILDIR ?= "${localstatedir}/spool/mail"
+SHADOW_UTMPDIR ?= "${localstatedir}/utmp"
+SHADOW_LOGDIR ?= "${localstatedir}/log"
+
+# Metadata
+DESCRIPTION = "Tools to change and administer password and group data."
+HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
+LICENSE = "BSD"
+SECTION = "base"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+INC_PR = "r6"
+
+# Additional Policy files for PAM
+PAM_SRC_URI = " \
+           file://pam.d/chfn \
+           file://pam.d/chpasswd \
+           file://pam.d/chsh \
+           file://pam.d/login \
+           file://pam.d/newusers \
+           file://pam.d/passwd \
+           file://pam.d/su \
+"
+SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
+           file://login_defs_pam.sed \
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://securetty \
+"
+
+inherit autotools gettext
+
+EXTRA_OECONF += "\
+    --disable-account-tools-setuid \
+    --without-audit \
+    --without-selinux \
+    --without-libcrack \
+    ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
+"
+
+CFLAGS += "-I../include"
+
+do_configure_prepend () {
+    export CONFIG_SITE="${CONFIG_SITE} ${B}/cachedpaths"
+    cat <<END >${B}/cachedpaths
+shadow_cv_maildir=${SHADOW_MAILDIR}
+shadow_cv_mailfile=${SHADOW_MAILFILE}
+shadow_cv_utmpdir=${SHADOW_UTMPDIR}
+shadow_cv_logdir=${SHADOW_LOGDIR}
+shadow_cv_passwd_dir=${bindir}
+END
+}
+
+do_install_append() {
+  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
+  # reconfigures Shadow to default (see sed below).
+  install -d ${D}${SHADOW_MAILDIR}
+
+  if [ -e ${WORKDIR}/pam.d ]; then
+      install -d ${D}${sysconfdir}/pam.d/
+      install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+  fi
+
+  # Remove defaults that are not used when supporting PAM
+  ${@base_contains('DISTRO_FEATURES', 'pam', 'sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs', '', d)}
+
+  # Enable CREATE_HOME by default.
+  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
+
+  # As we are on an embedded system ensure the users mailbox is in ~/ not
+  # /var/spool/mail by default as who knows where or how big /var is.
+  # The system MDA will set this later anyway.
+  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
+  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
+
+  mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
+  mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
+
+  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
+}
+
+pkg_postinst_${PN} () {
+    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
+    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
+}
+
+pkg_prerm_${PN} () {
+    update-alternatives --remove passwd passwd.${PN}
+    update-alternatives --remove chpasswd chpasswd.${PN}
+}
diff --git a/recipes/shadow/shadow_4.1.4.1.bb b/recipes/shadow/shadow_4.1.4.1.bb
new file mode 100644
index 0000000..7f9d403
--- /dev/null
+++ b/recipes/shadow/shadow_4.1.4.1.bb
@@ -0,0 +1,3 @@
+require shadow.inc
+
+PR = "${INC_PR}.0"
diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
index b53f89f..7f9d403 100644
--- a/recipes/shadow/shadow_4.1.4.2.bb
+++ b/recipes/shadow/shadow_4.1.4.2.bb
@@ -1,54 +1,3 @@
-DESCRIPTION = "login/password and account utilities"
-LICENSE = "GPL"
+require shadow.inc
 
-DEPENDS = "libpam"
-
-PR = "r6"
-
-EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
-
-inherit autotools
-
-HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
-SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
-           file://login_defs_pam.sed \
-"
-
-# Additional Policy files for PAM
-SRC_URI_append = " \
-           file://pam.d/chfn \ 
-           file://pam.d/chpasswd \
-           file://pam.d/chsh \
-           file://pam.d/login \
-           file://pam.d/newusers \
-           file://pam.d/passwd \
-           file://pam.d/su \
-           file://securetty \
-"
-
-S = "${WORKDIR}/shadow-${PV}"
-
-CFLAGS_append = " -I../include"
-
-do_install_append() {
-  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
-  # reconfigures Shadow to default (see sed below).
-  install -d ${D}${localstatedir}/spool/mail/  
-  
-  install -d ${D}${sysconfdir}/pam.d/  
-  install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
-
-  # Remove defaults that are not used when supporting PAM
-  sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
-
-  # Enable CREATE_HOME by default.
-  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs 
-  
-  # As we are on an embedded system ensure the users mailbox is in ~/ not 
-  # /var/spool/mail by default as who knows where or how big /var is.
-  # The system MDA will set this later anyway.
-  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs 
-  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs 
-
-  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
-}
+PR = "${INC_PR}.0"
diff --git a/recipes/shadow/shadow_4.1.4.bb b/recipes/shadow/shadow_4.1.4.bb
index 393edce..7f9d403 100644
--- a/recipes/shadow/shadow_4.1.4.bb
+++ b/recipes/shadow/shadow_4.1.4.bb
@@ -1,11 +1,3 @@
-DESCRIPTION = "login/password utilities"
-LICENSE = "GPL"
-
-inherit autotools
-
-SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.gz"
-
-S = "${WORKDIR}/shadow-${PV}"
-
-CFLAGS_append = " -I../include"
+require shadow.inc
 
+PR = "${INC_PR}.0"
-- 
1.7.0.2

[PATCH][STABLE] shadow.inc: Correctly install /etc/securetty and add back support for creating /etc/skel as part of the recipe.

[Marcin Juszkiewicz]

From: David-John Willis <John.Willis@Distant-earth.com>

Signed-off-by: Chris Larson <clarson@mvista.com>
---
 recipes/shadow/shadow.inc |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
index 83d06c3..4a40151 100644
--- a/recipes/shadow/shadow.inc
+++ b/recipes/shadow/shadow.inc
@@ -11,7 +11,7 @@ LICENSE = "BSD"
 SECTION = "base"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-INC_PR = "r6"
+INC_PR = "r7"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = " \
@@ -23,6 +23,7 @@ PAM_SRC_URI = " \
            file://pam.d/passwd \
            file://pam.d/su \
 "
+
 SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
            file://login_defs_pam.sed \
            ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
@@ -53,6 +54,10 @@ END
 }
 
 do_install_append() {
+  # Ensure that /etc/skel is created so any default files that we want copied into new users home
+  # dirs can be put in there later (ideal for .xinitrc for example).
+  install -d ${D}${sysconfdir}/skel/  
+  
   # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
   # reconfigures Shadow to default (see sed below).
   install -d ${D}${SHADOW_MAILDIR}
@@ -77,7 +82,8 @@ do_install_append() {
   mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
   mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
 
-  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
+  # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
+  install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 
 }
 
 pkg_postinst_${PN} () {
-- 
1.7.0.2

[PATCH][STABLE] shadow: Extend securetty file to include more common ttys (inc. ones used on OMAP3 platforms). Small correction for login pam file.

[Marcin Juszkiewicz]

From: David-John Willis <John.Willis@Distant-earth.com>

Signed-off-by: Chris Larson <clarson@mvista.com>
---
 recipes/shadow/files/pam.d/login |    2 +-
 recipes/shadow/files/securetty   |   31 +++++++++++++++++++++++++++++--
 recipes/shadow/shadow.inc        |    2 +-
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
index 65992c6..e41eb04 100644
--- a/recipes/shadow/files/pam.d/login
+++ b/recipes/shadow/files/pam.d/login
@@ -44,7 +44,7 @@ session       required   pam_env.so readenv=1
 session       required   pam_env.so readenv=1 envfile=/etc/default/locale
 
 # Standard Un*x authentication.
-@include common-auth
+auth       include      common-auth
 
 # This allows certain extra groups to be granted to a user
 # based on things like time of day, tty, service, and user.
diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
index 2705baa..8fd26e0 100644
--- a/recipes/shadow/files/securetty
+++ b/recipes/shadow/files/securetty
@@ -5,12 +5,20 @@ console
 # Standard serial ports
 ttyS0
 ttyS1
+ttyS2
+ttyS3
 
 # USB dongles
 ttyUSB0
 ttyUSB1
 ttyUSB2
 
+# PowerMac
+ttyPZ0
+ttyPZ1
+ttyPZ2
+ttyPZ3
+
 # Embedded MPC platforms
 ttyPSC0
 ttyPSC1
@@ -94,8 +102,27 @@ tty61
 tty62
 tty63
 
-# devfs consoles
-# Note: On kernels greater than 2.6.12, this is not needed.
+# Local X displays (allows empty passwords with pam_unix's nullok_secure)
+:0
+:0.0
+:0.1
+:1
+:1.0
+:1.1
+:2
+:2.0
+:2.1
+:3
+:3.0
+:3.1
+
+# Embedded Freescale i.MX ports
+ttymxc0
+ttymxc1
+ttymxc2
+ttymxc3
+ttymxc4
+ttymxc5
 
 # Standard serial ports, with devfs
 tts/0
diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
index 4a40151..68381f0 100644
--- a/recipes/shadow/shadow.inc
+++ b/recipes/shadow/shadow.inc
@@ -11,7 +11,7 @@ LICENSE = "BSD"
 SECTION = "base"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-INC_PR = "r7"
+INC_PR = "r8"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = " \
-- 
1.7.0.2

[PATCH][STABLE] shadow: Fix issue that stopped shadow.inc from packaging /usr/bin/passwd correctly and bump INC_PR.

[Marcin Juszkiewicz]

From: David-John Willis <John.Willis@Distant-earth.com>

Signed-off-by: Chris Larson <clarson@mvista.com>
---
 recipes/shadow/shadow.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
index 68381f0..9da5845 100644
--- a/recipes/shadow/shadow.inc
+++ b/recipes/shadow/shadow.inc
@@ -11,7 +11,7 @@ LICENSE = "BSD"
 SECTION = "base"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-INC_PR = "r8"
+INC_PR = "r9"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = " \
@@ -79,8 +79,8 @@ do_install_append() {
   sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
   sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
 
+  mv ${D}${bindir}/passwd ${D}${bindir}/passwd.${PN}
   mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
-  mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
 
   # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
   install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 
-- 
1.7.0.2

[PATCH][STABLE] shadow: run pwconv and grpconv in postinst

[Marcin Juszkiewicz]

From: Koen Kooi <koen@openembedded.org>

* this converts oldstyle formats to the proper one
---
 recipes/shadow/shadow.inc |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
index 9da5845..5e3d2f2 100644
--- a/recipes/shadow/shadow.inc
+++ b/recipes/shadow/shadow.inc
@@ -11,7 +11,7 @@ LICENSE = "BSD"
 SECTION = "base"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-INC_PR = "r9"
+INC_PR = "r10"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = " \
@@ -89,6 +89,11 @@ do_install_append() {
 pkg_postinst_${PN} () {
     update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
     update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
+    if [ "x$D" != "x" ]; then
+        exit 1
+    fi  
+	pwconv
+	grpconv
 }
 
 pkg_prerm_${PN} () {
-- 
1.7.0.2

[PATCH][STABLE] shadow: use u-a on binaries that conflict with util-linux-ng

[Marcin Juszkiewicz]

From: Koen Kooi <koen@openembedded.org>

---
 recipes/shadow/shadow.inc |   27 +++++++++++++++++++++------
 1 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
index 5e3d2f2..30bd92f 100644
--- a/recipes/shadow/shadow.inc
+++ b/recipes/shadow/shadow.inc
@@ -11,7 +11,7 @@ LICENSE = "BSD"
 SECTION = "base"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-INC_PR = "r10"
+INC_PR = "r13"
 
 # Additional Policy files for PAM
 PAM_SRC_URI = " \
@@ -79,16 +79,30 @@ do_install_append() {
   sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
   sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
 
-  mv ${D}${bindir}/passwd ${D}${bindir}/passwd.${PN}
+  install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} 
+  for i in passwd chfn newgrp chsh ; do
+    mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN}
+  done
+
   mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
+  mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN}
+  mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN}
+  mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN}
 
   # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
   install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 
+
 }
 
 pkg_postinst_${PN} () {
-    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
-    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
+    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200
+    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200
+    update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200
+    update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200
+    update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200
+    update-alternatives --install ${base_bindir}/login login login.${PN} 200
+    update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200
+    update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200
     if [ "x$D" != "x" ]; then
         exit 1
     fi  
@@ -97,6 +111,7 @@ pkg_postinst_${PN} () {
 }
 
 pkg_prerm_${PN} () {
-    update-alternatives --remove passwd passwd.${PN}
-    update-alternatives --remove chpasswd chpasswd.${PN}
+    for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do
+        update-alternatives --remove $i $i.${PN}
+    done
 }
-- 
1.7.0.2

Re: [PATCH][STABLE] shadow: run pwconv and grpconv in postinst

[Koen Kooi]

Acked-by: <koen@openembedded.org>

Op 22 mrt 2010, om 12:06 heeft Marcin Juszkiewicz het volgende geschreven:

> From: Koen Kooi <koen@openembedded.org>
> 
> * this converts oldstyle formats to the proper one
> ---
> recipes/shadow/shadow.inc |    7 ++++++-
> 1 files changed, 6 insertions(+), 1 deletions(-)
> 
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 9da5845..5e3d2f2 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
> SECTION = "base"
> DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> 
> -INC_PR = "r9"
> +INC_PR = "r10"
> 
> # Additional Policy files for PAM
> PAM_SRC_URI = " \
> @@ -89,6 +89,11 @@ do_install_append() {
> pkg_postinst_${PN} () {
>     update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
>     update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
> +    if [ "x$D" != "x" ]; then
> +        exit 1
> +    fi  
> +	pwconv
> +	grpconv
> }
> 
> pkg_prerm_${PN} () {
> -- 
> 1.7.0.2
> 
> 
> 
> 

Re: [PATCH][STABLE] shadow: use u-a on binaries that conflict with util-linux-ng

[Koen Kooi]

Acked-by: <koen@openembedded.org>

Op 22 mrt 2010, om 12:06 heeft Marcin Juszkiewicz het volgende geschreven:

> From: Koen Kooi <koen@openembedded.org>
> 
> ---
> recipes/shadow/shadow.inc |   27 +++++++++++++++++++++------
> 1 files changed, 21 insertions(+), 6 deletions(-)
> 
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 5e3d2f2..30bd92f 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
> SECTION = "base"
> DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> 
> -INC_PR = "r10"
> +INC_PR = "r13"
> 
> # Additional Policy files for PAM
> PAM_SRC_URI = " \
> @@ -79,16 +79,30 @@ do_install_append() {
>   sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
>   sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> 
> -  mv ${D}${bindir}/passwd ${D}${bindir}/passwd.${PN}
> +  install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} 
> +  for i in passwd chfn newgrp chsh ; do
> +    mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN}
> +  done
> +
>   mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
> +  mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN}
> +  mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN}
> +  mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN}
> 
>   # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
>   install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 
> +
> }
> 
> pkg_postinst_${PN} () {
> -    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
> -    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
> +    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200
> +    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200
> +    update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200
> +    update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200
> +    update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200
> +    update-alternatives --install ${base_bindir}/login login login.${PN} 200
> +    update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200
> +    update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200
>     if [ "x$D" != "x" ]; then
>         exit 1
>     fi  
> @@ -97,6 +111,7 @@ pkg_postinst_${PN} () {
> }
> 
> pkg_prerm_${PN} () {
> -    update-alternatives --remove passwd passwd.${PN}
> -    update-alternatives --remove chpasswd chpasswd.${PN}
> +    for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do
> +        update-alternatives --remove $i $i.${PN}
> +    done
> }
> -- 
> 1.7.0.2
> 
> 
> 
> 

Re: [PATCH][STABLE] shadow: try to fix serial-login issue

[Koen Kooi]

Acked-by: <koen@openembedded.org>

Op 22 mrt 2010, om 12:06 heeft Marcin Juszkiewicz het volgende geschreven:

> From: Koen Kooi <koen@openembedded.org>
> 
> ---
> recipes/shadow/files/pam.d/login |    2 +-
> recipes/shadow/files/securetty   |  167 ++++++++++++++++++++++++++++++++++++++
> recipes/shadow/shadow_4.1.4.2.bb |    5 +-
> 3 files changed, 172 insertions(+), 2 deletions(-)
> create mode 100644 recipes/shadow/files/securetty
> 
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> index 2186d3e..65992c6 100644
> --- a/recipes/shadow/files/pam.d/login
> +++ b/recipes/shadow/files/pam.d/login
> @@ -20,7 +20,7 @@ auth       optional   pam_faildelay.so  delay=3000000
> # You can change it to a "required" module if you think it permits to
> # guess valid user names of your system (invalid user names are considered
> # as possibly being root).
> -auth       requisite  pam_securetty.so
> +auth       [success=ok ignore=ignore user_unknown=ignore default=die]  pam_securetty.so
> 
> # Disallows other than root logins when /etc/nologin exists
> # (Replaces the `NOLOGINS_FILE' option from login.defs)
> diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
> new file mode 100644
> index 0000000..2705baa
> --- /dev/null
> +++ b/recipes/shadow/files/securetty
> @@ -0,0 +1,167 @@
> +# /etc/securetty: list of terminals on which root is allowed to login.
> +# See securetty(5) and login(1).
> +console
> +
> +# Standard serial ports
> +ttyS0
> +ttyS1
> +
> +# USB dongles
> +ttyUSB0
> +ttyUSB1
> +ttyUSB2
> +
> +# Embedded MPC platforms
> +ttyPSC0
> +ttyPSC1
> +ttyPSC2
> +ttyPSC3
> +ttyPSC4
> +ttyPSC5
> +
> +# PA-RISC mux ports
> +ttyB0
> +ttyB1
> +
> +# Standard hypervisor virtual console
> +hvc0
> +
> +# Oldstyle Xen console
> +xvc0
> +
> +# Standard consoles
> +tty1
> +tty2
> +tty3
> +tty4
> +tty5
> +tty6
> +tty7
> +tty8
> +tty9
> +tty10
> +tty11
> +tty12
> +tty13
> +tty14
> +tty15
> +tty16
> +tty17
> +tty18
> +tty19
> +tty20
> +tty21
> +tty22
> +tty23
> +tty24
> +tty25
> +tty26
> +tty27
> +tty28
> +tty29
> +tty30
> +tty31
> +tty32
> +tty33
> +tty34
> +tty35
> +tty36
> +tty37
> +tty38
> +tty39
> +tty40
> +tty41
> +tty42
> +tty43
> +tty44
> +tty45
> +tty46
> +tty47
> +tty48
> +tty49
> +tty50
> +tty51
> +tty52
> +tty53
> +tty54
> +tty55
> +tty56
> +tty57
> +tty58
> +tty59
> +tty60
> +tty61
> +tty62
> +tty63
> +
> +# devfs consoles
> +# Note: On kernels greater than 2.6.12, this is not needed.
> +
> +# Standard serial ports, with devfs
> +tts/0
> +tts/1
> +
> +# Standard consoles, with devfs
> +vc/1
> +vc/2
> +vc/3
> +vc/4
> +vc/5
> +vc/6
> +vc/7
> +vc/8
> +vc/9
> +vc/10
> +vc/11
> +vc/12
> +vc/13
> +vc/14
> +vc/15
> +vc/16
> +vc/17
> +vc/18
> +vc/19
> +vc/20
> +vc/21
> +vc/22
> +vc/23
> +vc/24
> +vc/25
> +vc/26
> +vc/27
> +vc/28
> +vc/29
> +vc/30
> +vc/31
> +vc/32
> +vc/33
> +vc/34
> +vc/35
> +vc/36
> +vc/37
> +vc/38
> +vc/39
> +vc/40
> +vc/41
> +vc/42
> +vc/43
> +vc/44
> +vc/45
> +vc/46
> +vc/47
> +vc/48
> +vc/49
> +vc/50
> +vc/51
> +vc/52
> +vc/53
> +vc/54
> +vc/55
> +vc/56
> +vc/57
> +vc/58
> +vc/59
> +vc/60
> +vc/61
> +vc/62
> +vc/63
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index 04887a0..7f64023 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -4,7 +4,7 @@ LICENSE = "GPL"
> DEPEND = "libpam"
> RDEPEND = "${DEPEND}"
> 
> -PR = "r5"
> +PR = "r6"
> 
> EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
> 
> @@ -24,6 +24,7 @@ SRC_URI_append = " \
>            file://pam.d/newusers \
>            file://pam.d/passwd \
>            file://pam.d/su \
> +           file://securetty \
> "
> 
> S = "${WORKDIR}/shadow-${PV}"
> @@ -49,4 +50,6 @@ do_install_append() {
>   # The system MDA will set this later anyway.
>   sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs 
>   sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs 
> +
> +  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> }
> -- 
> 1.7.0.2
> 
> 
> 
> 

Re: [PATCH][STABLE] shadow.inc: Correctly install /etc/securetty and add back support for creating /etc/skel as part of the recipe.

[Koen Kooi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 22-03-10 12:06, Marcin Juszkiewicz wrote:
> From: David-John Willis <John.Willis@Distant-earth.com>
> 
> Signed-off-by: Chris Larson <clarson@mvista.com>
> ---
>  recipes/shadow/shadow.inc |   10 ++++++++--
>  1 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 83d06c3..4a40151 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>  SECTION = "base"
>  DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>  
> -INC_PR = "r6"
> +INC_PR = "r7"
>  
>  # Additional Policy files for PAM
>  PAM_SRC_URI = " \
> @@ -23,6 +23,7 @@ PAM_SRC_URI = " \
>             file://pam.d/passwd \
>             file://pam.d/su \
>  "
> +
>  SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
>             file://login_defs_pam.sed \
>             ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> @@ -53,6 +54,10 @@ END
>  }
>  
>  do_install_append() {
> +  # Ensure that /etc/skel is created so any default files that we want copied into new users home
> +  # dirs can be put in there later (ideal for .xinitrc for example).
> +  install -d ${D}${sysconfdir}/skel/  
> +  
>    # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
>    # reconfigures Shadow to default (see sed below).
>    install -d ${D}${SHADOW_MAILDIR}
> @@ -77,7 +82,8 @@ do_install_append() {
>    mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
>    mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
>  
> -  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> +  # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
> +  install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 
>  }
>  
>  pkg_postinst_${PN} () {

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD4DBQFLp2PwMkyGM64RGpERAhTHAJiaGQ51nWL46FMwHFNAE1RvlZl2AJ4rycS6
0sJk+0OiMu4dSpm658xJDg==
=GHy8
-----END PGP SIGNATURE-----

Re: [PATCH][STABLE] shadow: add 4.1.4

[Koen Kooi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 22-03-10 12:06, Marcin Juszkiewicz wrote:
> From: Steve Sakoman <steve@sakoman.com>
> 
> ---
>  conf/checksums.ini             |    4 ++++
>  recipes/shadow/shadow_4.1.4.bb |   11 +++++++++++
>  2 files changed, 15 insertions(+), 0 deletions(-)
>  create mode 100644 recipes/shadow/shadow_4.1.4.bb
> 
> diff --git a/conf/checksums.ini b/conf/checksums.ini
> index a8b8cbf..952e9e3 100644
> --- a/conf/checksums.ini
> +++ b/conf/checksums.ini
> @@ -23054,6 +23054,10 @@ sha256=7dc418c1d361123ffc5e45d61f1b97257940a8eb35d0bfbbc493381cc5b1f959
>  md5=45f77f33a6b2a5c09c28511ebb733b87
>  sha256=7fd6495d6c3e8dac7ba086c68abed4930c958a94afc15359223074614559e462
>  
> +[ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.tar.gz]
> +md5=e1072df927bfb4410ee4dfe26dd81a17
> +sha256=7e38a7826f6e71e89b55669e8343af05ae33ecfba99aad178cad45845d950a93
> +
>  [http://freedesktop.org/~hadess/shared-mime-info-0.20.tar.bz2]
>  md5=62184241d497d34138285bc248b3fabc
>  sha256=6febe616fb850f4319efa7017312abb796024e7ac20da37c4d2ce34afa41776c
> diff --git a/recipes/shadow/shadow_4.1.4.bb b/recipes/shadow/shadow_4.1.4.bb
> new file mode 100644
> index 0000000..393edce
> --- /dev/null
> +++ b/recipes/shadow/shadow_4.1.4.bb
> @@ -0,0 +1,11 @@
> +DESCRIPTION = "login/password utilities"
> +LICENSE = "GPL"
> +
> +inherit autotools
> +
> +SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.gz"
> +
> +S = "${WORKDIR}/shadow-${PV}"
> +
> +CFLAGS_append = " -I../include"
> +

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFLp2QSMkyGM64RGpERAi7gAKCqs18U9Sbktfxj+l8/orJfONcENwCgtl+b
l6NnUQcztgMQY2gPPEr4zw4=
=lumw
-----END PGP SIGNATURE-----

Re: [PATCH][STABLE] shadow: Add version 4.1.4.2 and checksum.

[Koen Kooi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 22-03-10 12:06, Marcin Juszkiewicz wrote:
> From: David-John Willis <John.Willis@Distant-earth.com>
> 
> * This version now has Linux-PAM support enabled in OE so will need some testing and maybe a little tweaking.
> * Add pam.d config files for common shadow utils in addition to the default ones.
> * Cleanup shadow defaults and make shadow 'play nice' with PAM.
> * Update pam.d service files to suggested upstream Linux-PAM layout.
> * TODO: Some Shadow default session files still use the older layout (incluse system-auth for everything). These will need newer files to be added to the pam.d folder in the recipe as they are found.
> ---
>  conf/checksums.ini                      |    8 +++
>  recipes/shadow/files/login_defs_pam.sed |   25 +++++++++
>  recipes/shadow/files/pam.d/chfn         |   14 +++++
>  recipes/shadow/files/pam.d/chpasswd     |    4 ++
>  recipes/shadow/files/pam.d/chsh         |   19 +++++++
>  recipes/shadow/files/pam.d/login        |   91 +++++++++++++++++++++++++++++++
>  recipes/shadow/files/pam.d/newusers     |    4 ++
>  recipes/shadow/files/pam.d/passwd       |    5 ++
>  recipes/shadow/files/pam.d/su           |   60 ++++++++++++++++++++
>  recipes/shadow/shadow_4.1.4.2.bb        |   52 ++++++++++++++++++
>  10 files changed, 282 insertions(+), 0 deletions(-)
>  create mode 100644 recipes/shadow/files/login_defs_pam.sed
>  create mode 100644 recipes/shadow/files/pam.d/chfn
>  create mode 100644 recipes/shadow/files/pam.d/chpasswd
>  create mode 100644 recipes/shadow/files/pam.d/chsh
>  create mode 100644 recipes/shadow/files/pam.d/login
>  create mode 100644 recipes/shadow/files/pam.d/newusers
>  create mode 100644 recipes/shadow/files/pam.d/passwd
>  create mode 100644 recipes/shadow/files/pam.d/su
>  create mode 100644 recipes/shadow/shadow_4.1.4.2.bb
> 
> diff --git a/conf/checksums.ini b/conf/checksums.ini
> index 08166db..fa8d4b9 100644
> --- a/conf/checksums.ini
> +++ b/conf/checksums.ini
> @@ -24126,6 +24126,10 @@ sha256=7dc418c1d361123ffc5e45d61f1b97257940a8eb35d0bfbbc493381cc5b1f959
>  md5=45f77f33a6b2a5c09c28511ebb733b87
>  sha256=7fd6495d6c3e8dac7ba086c68abed4930c958a94afc15359223074614559e462
>  
> +[ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.2.tar.bz2]
> +md5=d593a9cab93c48ee0a6ba056db8c1997
> +sha256=97987f6a7967a85e6aa0dba2a1d52db8bd69af5a717391de5693db768fb78990
> +
>  [ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.tar.gz]
>  md5=e1072df927bfb4410ee4dfe26dd81a17
>  sha256=7e38a7826f6e71e89b55669e8343af05ae33ecfba99aad178cad45845d950a93
> @@ -29906,6 +29910,10 @@ sha256=86b176b6efc52557b1c7631bfdd5c17e7060a438e1e85ce15ec9657be356c50b
>  md5=11080456822146ebc0118b15f4b911d9
>  sha256=6b5b3ef58e6646f004a5f1cbc6be8f32b824cfbf78a30bf242e4f07083668770
>  
> +[ftp://ftp.x.org/R5contrib/xloadimage.4.1.tar.gz]
> +md5=7331850fc04056ab8ae6b5725d1fb3d2
> +sha256=400bc7d84dcfb3265a7a1ce51819679dc3adaeda231514bd89b0f932b78ff5c4
> +
>  [http://xorg.freedesktop.org/releases/individual/app/xlogo-1.0.1.tar.bz2]
>  md5=4c5482552f38a7d42398a694cc9b2ee6
>  sha256=de59f9be3d45fe93f445f39bec3cea09753a671e56863ce77e3a797d2df526b2
> diff --git a/recipes/shadow/files/login_defs_pam.sed b/recipes/shadow/files/login_defs_pam.sed
> new file mode 100644
> index 0000000..655f115
> --- /dev/null
> +++ b/recipes/shadow/files/login_defs_pam.sed
> @@ -0,0 +1,25 @@
> +/^FAILLOG_ENAB/b comment
> +/^LASTLOG_ENAB/b comment
> +/^MAIL_CHECK_ENAB/b comment
> +/^OBSCURE_CHECKS_ENAB/b comment
> +/^PORTTIME_CHECKS_ENAB/b comment
> +/^QUOTAS_ENAB/b comment
> +/^MOTD_FILE/b comment
> +/^FTMP_FILE/b comment
> +/^NOLOGINS_FILE/b comment
> +/^ENV_HZ/b comment
> +/^PASS_MIN_LEN/b comment
> +/^SU_WHEEL_ONLY/b comment
> +/^CRACKLIB_DICTPATH/b comment
> +/^PASS_CHANGE_TRIES/b comment
> +/^PASS_ALWAYS_WARN/b comment
> +/^CHFN_AUTH/b comment
> +/^ENVIRON_FILE/b comment
> +
> +b exit
> +
> +: comment
> +  s:^:#:
> +
> +: exit
> +
> diff --git a/recipes/shadow/files/pam.d/chfn b/recipes/shadow/files/pam.d/chfn
> new file mode 100644
> index 0000000..baf7698
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/chfn
> @@ -0,0 +1,14 @@
> +#
> +# The PAM configuration file for the Shadow `chfn' service
> +#
> +
> +# This allows root to change user infomation without being
> +# prompted for a password
> +auth		sufficient	pam_rootok.so
> +
> +# The standard Unix authentication modules, used with
> +# NIS (man nsswitch) as well as normal /etc/passwd and
> +# /etc/shadow entries.
> +auth       include      common-auth
> +account    include      common-account
> +session    include      common-session
> diff --git a/recipes/shadow/files/pam.d/chpasswd b/recipes/shadow/files/pam.d/chpasswd
> new file mode 100644
> index 0000000..9e3efa6
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/chpasswd
> @@ -0,0 +1,4 @@
> +# The PAM configuration file for the Shadow 'chpasswd' service
> +#
> +
> +password   include      common-password
> diff --git a/recipes/shadow/files/pam.d/chsh b/recipes/shadow/files/pam.d/chsh
> new file mode 100644
> index 0000000..8fb169f
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/chsh
> @@ -0,0 +1,19 @@
> +#
> +# The PAM configuration file for the Shadow `chsh' service
> +#
> +
> +# This will not allow a user to change their shell unless
> +# their current one is listed in /etc/shells. This keeps
> +# accounts with special shells from changing them.
> +auth       required   pam_shells.so
> +
> +# This allows root to change user shell without being
> +# prompted for a password
> +auth		sufficient	pam_rootok.so
> +
> +# The standard Unix authentication modules, used with
> +# NIS (man nsswitch) as well as normal /etc/passwd and
> +# /etc/shadow entries.
> +auth       include      common-auth
> +account    include      common-account
> +session    include      common-session
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> new file mode 100644
> index 0000000..2186d3e
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/login
> @@ -0,0 +1,91 @@
> +#
> +# The PAM configuration file for the Shadow `login' service
> +#
> +
> +# Enforce a minimal delay in case of failure (in microseconds).
> +# (Replaces the `FAIL_DELAY' setting from login.defs)
> +# Note that other modules may require another minimal delay. (for example,
> +# to disable any delay, you should add the nodelay option to pam_unix)
> +auth       optional   pam_faildelay.so  delay=3000000
> +
> +# Outputs an issue file prior to each login prompt (Replaces the
> +# ISSUE_FILE option from login.defs). Uncomment for use
> +# auth       required   pam_issue.so issue=/etc/issue
> +
> +# Disallows root logins except on tty's listed in /etc/securetty
> +# (Replaces the `CONSOLE' setting from login.defs)
> +# Note that it is included as a "requisite" module. No password prompts will
> +# be displayed if this module fails to avoid having the root password
> +# transmitted on unsecure ttys.
> +# You can change it to a "required" module if you think it permits to
> +# guess valid user names of your system (invalid user names are considered
> +# as possibly being root).
> +auth       requisite  pam_securetty.so
> +
> +# Disallows other than root logins when /etc/nologin exists
> +# (Replaces the `NOLOGINS_FILE' option from login.defs)
> +auth       requisite  pam_nologin.so
> +
> +# SELinux needs to be the first session rule. This ensures that any 
> +# lingering context has been cleared. Without out this it is possible 
> +# that a module could execute code in the wrong domain.
> +# When the module is present, "required" would be sufficient (When SELinux
> +# is disabled, this returns success.)
> +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
> +
> +# This module parses environment configuration file(s)
> +# and also allows you to use an extended config
> +# file /etc/security/pam_env.conf.
> +# 
> +# parsing /etc/environment needs "readenv=1"
> +session       required   pam_env.so readenv=1
> +# locale variables are also kept into /etc/default/locale in etch
> +# reading this file *in addition to /etc/environment* does not hurt
> +session       required   pam_env.so readenv=1 envfile=/etc/default/locale
> +
> +# Standard Un*x authentication.
> +@include common-auth
> +
> +# This allows certain extra groups to be granted to a user
> +# based on things like time of day, tty, service, and user.
> +# Please edit /etc/security/group.conf to fit your needs
> +# (Replaces the `CONSOLE_GROUPS' option in login.defs)
> +auth       optional   pam_group.so
> +
> +# Uncomment and edit /etc/security/time.conf if you need to set
> +# time restrainst on logins.
> +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
> +# as well as /etc/porttime)
> +# account    requisite  pam_time.so
> +
> +# Uncomment and edit /etc/security/access.conf if you need to
> +# set access limits.
> +# (Replaces /etc/login.access file)
> +# account  required       pam_access.so
> +
> +# Sets up user limits according to /etc/security/limits.conf
> +# (Replaces the use of /etc/limits in old login)
> +session    required   pam_limits.so
> +
> +# Prints the last login info upon succesful login
> +# (Replaces the `LASTLOG_ENAB' option from login.defs)
> +session    optional   pam_lastlog.so
> +
> +# Prints the motd upon succesful login
> +# (Replaces the `MOTD_FILE' option in login.defs)
> +session    optional   pam_motd.so
> +
> +# Prints the status of the user's mailbox upon succesful login
> +# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
> +#
> +# This also defines the MAIL environment variable
> +# However, userdel also needs MAIL_DIR and MAIL_FILE variables
> +# in /etc/login.defs to make sure that removing a user 
> +# also removes the user's mail spool file.
> +# See comments in /etc/login.defs
> +session    optional   pam_mail.so standard
> +
> +# Standard Un*x account and session
> +account    include      common-account
> +password   include      common-password
> +session    include      common-session
> diff --git a/recipes/shadow/files/pam.d/newusers b/recipes/shadow/files/pam.d/newusers
> new file mode 100644
> index 0000000..4aa3dde
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/newusers
> @@ -0,0 +1,4 @@
> +# The PAM configuration file for the Shadow 'newusers' service
> +#
> +
> +password   include      common-password
> diff --git a/recipes/shadow/files/pam.d/passwd b/recipes/shadow/files/pam.d/passwd
> new file mode 100644
> index 0000000..f534992
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/passwd
> @@ -0,0 +1,5 @@
> +#
> +# The PAM configuration file for the Shadow `passwd' service
> +#
> +
> +password   include      common-password
> diff --git a/recipes/shadow/files/pam.d/su b/recipes/shadow/files/pam.d/su
> new file mode 100644
> index 0000000..8e35137
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/su
> @@ -0,0 +1,60 @@
> +#
> +# The PAM configuration file for the Shadow `su' service
> +#
> +
> +# This allows root to su without passwords (normal operation)
> +auth       sufficient pam_rootok.so
> +
> +# Uncomment this to force users to be a member of group root
> +# before they can use `su'. You can also add "group=foo"
> +# to the end of this line if you want to use a group other
> +# than the default "root" (but this may have side effect of
> +# denying "root" user, unless she's a member of "foo" or explicitly
> +# permitted earlier by e.g. "sufficient pam_rootok.so").
> +# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
> +# auth       required   pam_wheel.so
> +
> +# Uncomment this if you want wheel members to be able to
> +# su without a password.
> +# auth       sufficient pam_wheel.so trust
> +
> +# Uncomment this if you want members of a specific group to not
> +# be allowed to use su at all.
> +# auth       required   pam_wheel.so deny group=nosu
> +
> +# Uncomment and edit /etc/security/time.conf if you need to set
> +# time restrainst on su usage.
> +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
> +# as well as /etc/porttime)
> +# account    requisite  pam_time.so
> +
> +# This module parses environment configuration file(s)
> +# and also allows you to use an extended config
> +# file /etc/security/pam_env.conf.
> +# 
> +# parsing /etc/environment needs "readenv=1"
> +session       required   pam_env.so readenv=1
> +# locale variables are also kept into /etc/default/locale in etch
> +# reading this file *in addition to /etc/environment* does not hurt
> +session       required   pam_env.so readenv=1 envfile=/etc/default/locale
> +
> +# Defines the MAIL environment variable
> +# However, userdel also needs MAIL_DIR and MAIL_FILE variables
> +# in /etc/login.defs to make sure that removing a user 
> +# also removes the user's mail spool file.
> +# See comments in /etc/login.defs
> +#
> +# "nopen" stands to avoid reporting new mail when su'ing to another user
> +session    optional   pam_mail.so nopen
> +
> +# Sets up user limits, please uncomment and read /etc/security/limits.conf
> +# to enable this functionality.
> +# (Replaces the use of /etc/limits in old login)
> +# session    required   pam_limits.so
> +
> +# The standard Unix authentication modules, used with
> +# NIS (man nsswitch) as well as normal /etc/passwd and
> +# /etc/shadow entries.
> +auth       include      common-auth
> +account    include      common-account
> +session    include      common-session
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> new file mode 100644
> index 0000000..04887a0
> --- /dev/null
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -0,0 +1,52 @@
> +DESCRIPTION = "login/password and account utilities"
> +LICENSE = "GPL"
> +
> +DEPEND = "libpam"
> +RDEPEND = "${DEPEND}"
> +
> +PR = "r5"
> +
> +EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
> +
> +inherit autotools
> +
> +HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
> +SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
> +           file://login_defs_pam.sed \
> +"
> +
> +# Additional Policy files for PAM
> +SRC_URI_append = " \
> +           file://pam.d/chfn \ 
> +           file://pam.d/chpasswd \
> +           file://pam.d/chsh \
> +           file://pam.d/login \
> +           file://pam.d/newusers \
> +           file://pam.d/passwd \
> +           file://pam.d/su \
> +"
> +
> +S = "${WORKDIR}/shadow-${PV}"
> +
> +CFLAGS_append = " -I../include"
> +
> +do_install_append() {
> +  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
> +  # reconfigures Shadow to default (see sed below).
> +  install -d ${D}${localstatedir}/spool/mail/  
> +  
> +  install -d ${D}${sysconfdir}/pam.d/  
> +  install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
> +
> +  # Remove defaults that are not used when supporting PAM
> +  sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
> +
> +  # Enable CREATE_HOME by default.
> +  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs 
> +  
> +  # As we are on an embedded system ensure the users mailbox is in ~/ not 
> +  # /var/spool/mail by default as who knows where or how big /var is.
> +  # The system MDA will set this later anyway.
> +  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs 
> +  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs 
> +}

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFLp2QeMkyGM64RGpERAqTOAJ9Szo3Jx9CU3Zlgz7oeTz2bRcainACfXfCk
R+fn76SabKh/Q2u6741adJY=
=/lJz
-----END PGP SIGNATURE-----

Re: [PATCH][STABLE] shadow: unbork the dependencies.. its DEPENDS, not DEPEND.

[Koen Kooi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 22-03-10 12:06, Marcin Juszkiewicz wrote:
> From: Chris Larson <clarson@mvista.com>
> 
> Signed-off-by: Chris Larson <clarson@mvista.com>
> ---
>  recipes/shadow/shadow_4.1.4.2.bb |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index 7f64023..b53f89f 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -1,8 +1,7 @@
>  DESCRIPTION = "login/password and account utilities"
>  LICENSE = "GPL"
>  
> -DEPEND = "libpam"
> -RDEPEND = "${DEPEND}"
> +DEPENDS = "libpam"
>  
>  PR = "r6"
>  

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFLp2Q9MkyGM64RGpERAjVjAKC6frmaee5nyrip4nz3Ox4li2A0mwCfXUAg
b1lFuH0Oh/Bblnk5R9sXYOg=
=1pka
-----END PGP SIGNATURE-----

Re: [PATCH][STABLE] shadow: reorg into .inc, pull some mvl6 changes over, use a 'pam' distro feature.

[Koen Kooi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 22-03-10 12:06, Marcin Juszkiewicz wrote:
> From: Chris Larson <clarson@mvista.com>
> 
> Signed-off-by: Chris Larson <clarson@mvista.com>
> ---
>  recipes/shadow/shadow.inc        |   91 ++++++++++++++++++++++++++++++++++++++
>  recipes/shadow/shadow_4.1.4.1.bb |    3 +
>  recipes/shadow/shadow_4.1.4.2.bb |   55 +----------------------
>  recipes/shadow/shadow_4.1.4.bb   |   12 +----
>  4 files changed, 98 insertions(+), 63 deletions(-)
>  create mode 100644 recipes/shadow/shadow.inc
>  create mode 100644 recipes/shadow/shadow_4.1.4.1.bb
> 
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> new file mode 100644
> index 0000000..83d06c3
> --- /dev/null
> +++ b/recipes/shadow/shadow.inc
> @@ -0,0 +1,91 @@
> +# Configuration parameters
> +SHADOW_MAILFILE ?= "Mailbox"
> +SHADOW_MAILDIR ?= "${localstatedir}/spool/mail"
> +SHADOW_UTMPDIR ?= "${localstatedir}/utmp"
> +SHADOW_LOGDIR ?= "${localstatedir}/log"
> +
> +# Metadata
> +DESCRIPTION = "Tools to change and administer password and group data."
> +HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
> +LICENSE = "BSD"
> +SECTION = "base"
> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> +
> +INC_PR = "r6"
> +
> +# Additional Policy files for PAM
> +PAM_SRC_URI = " \
> +           file://pam.d/chfn \
> +           file://pam.d/chpasswd \
> +           file://pam.d/chsh \
> +           file://pam.d/login \
> +           file://pam.d/newusers \
> +           file://pam.d/passwd \
> +           file://pam.d/su \
> +"
> +SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
> +           file://login_defs_pam.sed \
> +           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> +           file://securetty \
> +"
> +
> +inherit autotools gettext
> +
> +EXTRA_OECONF += "\
> +    --disable-account-tools-setuid \
> +    --without-audit \
> +    --without-selinux \
> +    --without-libcrack \
> +    ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
> +"
> +
> +CFLAGS += "-I../include"
> +
> +do_configure_prepend () {
> +    export CONFIG_SITE="${CONFIG_SITE} ${B}/cachedpaths"
> +    cat <<END >${B}/cachedpaths
> +shadow_cv_maildir=${SHADOW_MAILDIR}
> +shadow_cv_mailfile=${SHADOW_MAILFILE}
> +shadow_cv_utmpdir=${SHADOW_UTMPDIR}
> +shadow_cv_logdir=${SHADOW_LOGDIR}
> +shadow_cv_passwd_dir=${bindir}
> +END
> +}
> +
> +do_install_append() {
> +  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
> +  # reconfigures Shadow to default (see sed below).
> +  install -d ${D}${SHADOW_MAILDIR}
> +
> +  if [ -e ${WORKDIR}/pam.d ]; then
> +      install -d ${D}${sysconfdir}/pam.d/
> +      install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
> +  fi
> +
> +  # Remove defaults that are not used when supporting PAM
> +  ${@base_contains('DISTRO_FEATURES', 'pam', 'sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs', '', d)}
> +
> +  # Enable CREATE_HOME by default.
> +  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
> +
> +  # As we are on an embedded system ensure the users mailbox is in ~/ not
> +  # /var/spool/mail by default as who knows where or how big /var is.
> +  # The system MDA will set this later anyway.
> +  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
> +  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> +
> +  mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
> +  mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
> +
> +  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> +}
> +
> +pkg_postinst_${PN} () {
> +    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
> +    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
> +}
> +
> +pkg_prerm_${PN} () {
> +    update-alternatives --remove passwd passwd.${PN}
> +    update-alternatives --remove chpasswd chpasswd.${PN}
> +}
> diff --git a/recipes/shadow/shadow_4.1.4.1.bb b/recipes/shadow/shadow_4.1.4.1.bb
> new file mode 100644
> index 0000000..7f9d403
> --- /dev/null
> +++ b/recipes/shadow/shadow_4.1.4.1.bb
> @@ -0,0 +1,3 @@
> +require shadow.inc
> +
> +PR = "${INC_PR}.0"
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index b53f89f..7f9d403 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -1,54 +1,3 @@
> -DESCRIPTION = "login/password and account utilities"
> -LICENSE = "GPL"
> +require shadow.inc
>  
> -DEPENDS = "libpam"
> -
> -PR = "r6"
> -
> -EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
> -
> -inherit autotools
> -
> -HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
> -SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
> -           file://login_defs_pam.sed \
> -"
> -
> -# Additional Policy files for PAM
> -SRC_URI_append = " \
> -           file://pam.d/chfn \ 
> -           file://pam.d/chpasswd \
> -           file://pam.d/chsh \
> -           file://pam.d/login \
> -           file://pam.d/newusers \
> -           file://pam.d/passwd \
> -           file://pam.d/su \
> -           file://securetty \
> -"
> -
> -S = "${WORKDIR}/shadow-${PV}"
> -
> -CFLAGS_append = " -I../include"
> -
> -do_install_append() {
> -  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
> -  # reconfigures Shadow to default (see sed below).
> -  install -d ${D}${localstatedir}/spool/mail/  
> -  
> -  install -d ${D}${sysconfdir}/pam.d/  
> -  install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
> -
> -  # Remove defaults that are not used when supporting PAM
> -  sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
> -
> -  # Enable CREATE_HOME by default.
> -  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs 
> -  
> -  # As we are on an embedded system ensure the users mailbox is in ~/ not 
> -  # /var/spool/mail by default as who knows where or how big /var is.
> -  # The system MDA will set this later anyway.
> -  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs 
> -  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs 
> -
> -  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> -}
> +PR = "${INC_PR}.0"
> diff --git a/recipes/shadow/shadow_4.1.4.bb b/recipes/shadow/shadow_4.1.4.bb
> index 393edce..7f9d403 100644
> --- a/recipes/shadow/shadow_4.1.4.bb
> +++ b/recipes/shadow/shadow_4.1.4.bb
> @@ -1,11 +1,3 @@
> -DESCRIPTION = "login/password utilities"
> -LICENSE = "GPL"
> -
> -inherit autotools
> -
> -SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.gz"
> -
> -S = "${WORKDIR}/shadow-${PV}"
> -
> -CFLAGS_append = " -I../include"
> +require shadow.inc
>  
> +PR = "${INC_PR}.0"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFLp2RGMkyGM64RGpERAiENAJwNpH/y/n4VbGrqgdstL96ptIp+agCfQeOi
MVAUkD2m+LpAwyMygi/g7C4=
=PoQ8
-----END PGP SIGNATURE-----

Re: [PATCH][STABLE] shadow: Extend securetty file to include more common ttys (inc. ones used on OMAP3 platforms). Small correction for login pam file.

[Koen Kooi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 22-03-10 12:06, Marcin Juszkiewicz wrote:
> From: David-John Willis <John.Willis@Distant-earth.com>
> 
> Signed-off-by: Chris Larson <clarson@mvista.com>
> ---
>  recipes/shadow/files/pam.d/login |    2 +-
>  recipes/shadow/files/securetty   |   31 +++++++++++++++++++++++++++++--
>  recipes/shadow/shadow.inc        |    2 +-
>  3 files changed, 31 insertions(+), 4 deletions(-)
> 
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> index 65992c6..e41eb04 100644
> --- a/recipes/shadow/files/pam.d/login
> +++ b/recipes/shadow/files/pam.d/login
> @@ -44,7 +44,7 @@ session       required   pam_env.so readenv=1
>  session       required   pam_env.so readenv=1 envfile=/etc/default/locale
>  
>  # Standard Un*x authentication.
> -@include common-auth
> +auth       include      common-auth
>  
>  # This allows certain extra groups to be granted to a user
>  # based on things like time of day, tty, service, and user.
> diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
> index 2705baa..8fd26e0 100644
> --- a/recipes/shadow/files/securetty
> +++ b/recipes/shadow/files/securetty
> @@ -5,12 +5,20 @@ console
>  # Standard serial ports
>  ttyS0
>  ttyS1
> +ttyS2
> +ttyS3
>  
>  # USB dongles
>  ttyUSB0
>  ttyUSB1
>  ttyUSB2
>  
> +# PowerMac
> +ttyPZ0
> +ttyPZ1
> +ttyPZ2
> +ttyPZ3
> +
>  # Embedded MPC platforms
>  ttyPSC0
>  ttyPSC1
> @@ -94,8 +102,27 @@ tty61
>  tty62
>  tty63
>  
> -# devfs consoles
> -# Note: On kernels greater than 2.6.12, this is not needed.
> +# Local X displays (allows empty passwords with pam_unix's nullok_secure)
> +:0
> +:0.0
> +:0.1
> +:1
> +:1.0
> +:1.1
> +:2
> +:2.0
> +:2.1
> +:3
> +:3.0
> +:3.1
> +
> +# Embedded Freescale i.MX ports
> +ttymxc0
> +ttymxc1
> +ttymxc2
> +ttymxc3
> +ttymxc4
> +ttymxc5
>  
>  # Standard serial ports, with devfs
>  tts/0
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 4a40151..68381f0 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>  SECTION = "base"
>  DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>  
> -INC_PR = "r7"
> +INC_PR = "r8"
>  
>  # Additional Policy files for PAM
>  PAM_SRC_URI = " \

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFLp2ROMkyGM64RGpERAm6OAJ9Kjoc0X35EFEUSVlylx4hSVJljPACfcaai
ZSCwFkDGNKbGcaAWM8/ku8M=
=6NuH
-----END PGP SIGNATURE-----

Re: [PATCH][STABLE] shadow: Fix issue that stopped shadow.inc from packaging /usr/bin/passwd correctly and bump INC_PR.

[Koen Kooi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Acked-by: Koen Kooi <koen@openembedded.org>

On 22-03-10 12:06, Marcin Juszkiewicz wrote:
> From: David-John Willis <John.Willis@Distant-earth.com>
> 
> Signed-off-by: Chris Larson <clarson@mvista.com>
> ---
>  recipes/shadow/shadow.inc |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 68381f0..9da5845 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>  SECTION = "base"
>  DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>  
> -INC_PR = "r8"
> +INC_PR = "r9"
>  
>  # Additional Policy files for PAM
>  PAM_SRC_URI = " \
> @@ -79,8 +79,8 @@ do_install_append() {
>    sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
>    sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
>  
> +  mv ${D}${bindir}/passwd ${D}${bindir}/passwd.${PN}
>    mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
> -  mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
>  
>    # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
>    install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFLp2RXMkyGM64RGpERAvmXAJ9Prb5ZlP1XsguMEUWiRVyLnGpVHQCfcD2o
YPJcEJPhmheyY8ZheIbWwyc=
=Eriq
-----END PGP SIGNATURE-----

Re: [PATCH][STABLE] shadow: add 4.1.4

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Steve Sakoman<steve@sakoman.com>
>
> ---
>   conf/checksums.ini             |    4 ++++
>   recipes/shadow/shadow_4.1.4.bb |   11 +++++++++++
>   2 files changed, 15 insertions(+), 0 deletions(-)
>   create mode 100644 recipes/shadow/shadow_4.1.4.bb
>
> diff --git a/conf/checksums.ini b/conf/checksums.ini
> index a8b8cbf..952e9e3 100644
> --- a/conf/checksums.ini
> +++ b/conf/checksums.ini
> @@ -23054,6 +23054,10 @@ sha256=7dc418c1d361123ffc5e45d61f1b97257940a8eb35d0bfbbc493381cc5b1f959
>   md5=45f77f33a6b2a5c09c28511ebb733b87
>   sha256=7fd6495d6c3e8dac7ba086c68abed4930c958a94afc15359223074614559e462
>
> +[ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.tar.gz]
> +md5=e1072df927bfb4410ee4dfe26dd81a17
> +sha256=7e38a7826f6e71e89b55669e8343af05ae33ecfba99aad178cad45845d950a93
> +
>   [http://freedesktop.org/~hadess/shared-mime-info-0.20.tar.bz2]
>   md5=62184241d497d34138285bc248b3fabc
>   sha256=6febe616fb850f4319efa7017312abb796024e7ac20da37c4d2ce34afa41776c
> diff --git a/recipes/shadow/shadow_4.1.4.bb b/recipes/shadow/shadow_4.1.4.bb
> new file mode 100644
> index 0000000..393edce
> --- /dev/null
> +++ b/recipes/shadow/shadow_4.1.4.bb
> @@ -0,0 +1,11 @@
> +DESCRIPTION = "login/password utilities"
> +LICENSE = "GPL"
> +
> +inherit autotools
> +
> +SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.gz"
> +
> +S = "${WORKDIR}/shadow-${PV}"
> +
> +CFLAGS_append = " -I../include"
> +

Re: [PATCH][STABLE] shadow: Add version 4.1.4.2 and checksum.

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: David-John Willis<John.Willis@Distant-earth.com>
>
> * This version now has Linux-PAM support enabled in OE so will need some testing and maybe a little tweaking.
> * Add pam.d config files for common shadow utils in addition to the default ones.
> * Cleanup shadow defaults and make shadow 'play nice' with PAM.
> * Update pam.d service files to suggested upstream Linux-PAM layout.
> * TODO: Some Shadow default session files still use the older layout (incluse system-auth for everything). These will need newer files to be added to the pam.d folder in the recipe as they are found.
> ---
>   conf/checksums.ini                      |    8 +++
>   recipes/shadow/files/login_defs_pam.sed |   25 +++++++++
>   recipes/shadow/files/pam.d/chfn         |   14 +++++
>   recipes/shadow/files/pam.d/chpasswd     |    4 ++
>   recipes/shadow/files/pam.d/chsh         |   19 +++++++
>   recipes/shadow/files/pam.d/login        |   91 +++++++++++++++++++++++++++++++
>   recipes/shadow/files/pam.d/newusers     |    4 ++
>   recipes/shadow/files/pam.d/passwd       |    5 ++
>   recipes/shadow/files/pam.d/su           |   60 ++++++++++++++++++++
>   recipes/shadow/shadow_4.1.4.2.bb        |   52 ++++++++++++++++++
>   10 files changed, 282 insertions(+), 0 deletions(-)
>   create mode 100644 recipes/shadow/files/login_defs_pam.sed
>   create mode 100644 recipes/shadow/files/pam.d/chfn
>   create mode 100644 recipes/shadow/files/pam.d/chpasswd
>   create mode 100644 recipes/shadow/files/pam.d/chsh
>   create mode 100644 recipes/shadow/files/pam.d/login
>   create mode 100644 recipes/shadow/files/pam.d/newusers
>   create mode 100644 recipes/shadow/files/pam.d/passwd
>   create mode 100644 recipes/shadow/files/pam.d/su
>   create mode 100644 recipes/shadow/shadow_4.1.4.2.bb
>
> diff --git a/conf/checksums.ini b/conf/checksums.ini
> index 08166db..fa8d4b9 100644
> --- a/conf/checksums.ini
> +++ b/conf/checksums.ini
> @@ -24126,6 +24126,10 @@ sha256=7dc418c1d361123ffc5e45d61f1b97257940a8eb35d0bfbbc493381cc5b1f959
>   md5=45f77f33a6b2a5c09c28511ebb733b87
>   sha256=7fd6495d6c3e8dac7ba086c68abed4930c958a94afc15359223074614559e462
>
> +[ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.2.tar.bz2]
> +md5=d593a9cab93c48ee0a6ba056db8c1997
> +sha256=97987f6a7967a85e6aa0dba2a1d52db8bd69af5a717391de5693db768fb78990
> +
>   [ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.tar.gz]
>   md5=e1072df927bfb4410ee4dfe26dd81a17
>   sha256=7e38a7826f6e71e89b55669e8343af05ae33ecfba99aad178cad45845d950a93
> @@ -29906,6 +29910,10 @@ sha256=86b176b6efc52557b1c7631bfdd5c17e7060a438e1e85ce15ec9657be356c50b
>   md5=11080456822146ebc0118b15f4b911d9
>   sha256=6b5b3ef58e6646f004a5f1cbc6be8f32b824cfbf78a30bf242e4f07083668770
>
> +[ftp://ftp.x.org/R5contrib/xloadimage.4.1.tar.gz]
> +md5=7331850fc04056ab8ae6b5725d1fb3d2
> +sha256=400bc7d84dcfb3265a7a1ce51819679dc3adaeda231514bd89b0f932b78ff5c4
> +
>   [http://xorg.freedesktop.org/releases/individual/app/xlogo-1.0.1.tar.bz2]
>   md5=4c5482552f38a7d42398a694cc9b2ee6
>   sha256=de59f9be3d45fe93f445f39bec3cea09753a671e56863ce77e3a797d2df526b2
> diff --git a/recipes/shadow/files/login_defs_pam.sed b/recipes/shadow/files/login_defs_pam.sed
> new file mode 100644
> index 0000000..655f115
> --- /dev/null
> +++ b/recipes/shadow/files/login_defs_pam.sed
> @@ -0,0 +1,25 @@
> +/^FAILLOG_ENAB/b comment
> +/^LASTLOG_ENAB/b comment
> +/^MAIL_CHECK_ENAB/b comment
> +/^OBSCURE_CHECKS_ENAB/b comment
> +/^PORTTIME_CHECKS_ENAB/b comment
> +/^QUOTAS_ENAB/b comment
> +/^MOTD_FILE/b comment
> +/^FTMP_FILE/b comment
> +/^NOLOGINS_FILE/b comment
> +/^ENV_HZ/b comment
> +/^PASS_MIN_LEN/b comment
> +/^SU_WHEEL_ONLY/b comment
> +/^CRACKLIB_DICTPATH/b comment
> +/^PASS_CHANGE_TRIES/b comment
> +/^PASS_ALWAYS_WARN/b comment
> +/^CHFN_AUTH/b comment
> +/^ENVIRON_FILE/b comment
> +
> +b exit
> +
> +: comment
> +  s:^:#:
> +
> +: exit
> +
> diff --git a/recipes/shadow/files/pam.d/chfn b/recipes/shadow/files/pam.d/chfn
> new file mode 100644
> index 0000000..baf7698
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/chfn
> @@ -0,0 +1,14 @@
> +#
> +# The PAM configuration file for the Shadow `chfn' service
> +#
> +
> +# This allows root to change user infomation without being
> +# prompted for a password
> +auth		sufficient	pam_rootok.so
> +
> +# The standard Unix authentication modules, used with
> +# NIS (man nsswitch) as well as normal /etc/passwd and
> +# /etc/shadow entries.
> +auth       include      common-auth
> +account    include      common-account
> +session    include      common-session
> diff --git a/recipes/shadow/files/pam.d/chpasswd b/recipes/shadow/files/pam.d/chpasswd
> new file mode 100644
> index 0000000..9e3efa6
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/chpasswd
> @@ -0,0 +1,4 @@
> +# The PAM configuration file for the Shadow 'chpasswd' service
> +#
> +
> +password   include      common-password
> diff --git a/recipes/shadow/files/pam.d/chsh b/recipes/shadow/files/pam.d/chsh
> new file mode 100644
> index 0000000..8fb169f
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/chsh
> @@ -0,0 +1,19 @@
> +#
> +# The PAM configuration file for the Shadow `chsh' service
> +#
> +
> +# This will not allow a user to change their shell unless
> +# their current one is listed in /etc/shells. This keeps
> +# accounts with special shells from changing them.
> +auth       required   pam_shells.so
> +
> +# This allows root to change user shell without being
> +# prompted for a password
> +auth		sufficient	pam_rootok.so
> +
> +# The standard Unix authentication modules, used with
> +# NIS (man nsswitch) as well as normal /etc/passwd and
> +# /etc/shadow entries.
> +auth       include      common-auth
> +account    include      common-account
> +session    include      common-session
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> new file mode 100644
> index 0000000..2186d3e
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/login
> @@ -0,0 +1,91 @@
> +#
> +# The PAM configuration file for the Shadow `login' service
> +#
> +
> +# Enforce a minimal delay in case of failure (in microseconds).
> +# (Replaces the `FAIL_DELAY' setting from login.defs)
> +# Note that other modules may require another minimal delay. (for example,
> +# to disable any delay, you should add the nodelay option to pam_unix)
> +auth       optional   pam_faildelay.so  delay=3000000
> +
> +# Outputs an issue file prior to each login prompt (Replaces the
> +# ISSUE_FILE option from login.defs). Uncomment for use
> +# auth       required   pam_issue.so issue=/etc/issue
> +
> +# Disallows root logins except on tty's listed in /etc/securetty
> +# (Replaces the `CONSOLE' setting from login.defs)
> +# Note that it is included as a "requisite" module. No password prompts will
> +# be displayed if this module fails to avoid having the root password
> +# transmitted on unsecure ttys.
> +# You can change it to a "required" module if you think it permits to
> +# guess valid user names of your system (invalid user names are considered
> +# as possibly being root).
> +auth       requisite  pam_securetty.so
> +
> +# Disallows other than root logins when /etc/nologin exists
> +# (Replaces the `NOLOGINS_FILE' option from login.defs)
> +auth       requisite  pam_nologin.so
> +
> +# SELinux needs to be the first session rule. This ensures that any
> +# lingering context has been cleared. Without out this it is possible
> +# that a module could execute code in the wrong domain.
> +# When the module is present, "required" would be sufficient (When SELinux
> +# is disabled, this returns success.)
> +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
> +
> +# This module parses environment configuration file(s)
> +# and also allows you to use an extended config
> +# file /etc/security/pam_env.conf.
> +#
> +# parsing /etc/environment needs "readenv=1"
> +session       required   pam_env.so readenv=1
> +# locale variables are also kept into /etc/default/locale in etch
> +# reading this file *in addition to /etc/environment* does not hurt
> +session       required   pam_env.so readenv=1 envfile=/etc/default/locale
> +
> +# Standard Un*x authentication.
> +@include common-auth
> +
> +# This allows certain extra groups to be granted to a user
> +# based on things like time of day, tty, service, and user.
> +# Please edit /etc/security/group.conf to fit your needs
> +# (Replaces the `CONSOLE_GROUPS' option in login.defs)
> +auth       optional   pam_group.so
> +
> +# Uncomment and edit /etc/security/time.conf if you need to set
> +# time restrainst on logins.
> +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
> +# as well as /etc/porttime)
> +# account    requisite  pam_time.so
> +
> +# Uncomment and edit /etc/security/access.conf if you need to
> +# set access limits.
> +# (Replaces /etc/login.access file)
> +# account  required       pam_access.so
> +
> +# Sets up user limits according to /etc/security/limits.conf
> +# (Replaces the use of /etc/limits in old login)
> +session    required   pam_limits.so
> +
> +# Prints the last login info upon succesful login
> +# (Replaces the `LASTLOG_ENAB' option from login.defs)
> +session    optional   pam_lastlog.so
> +
> +# Prints the motd upon succesful login
> +# (Replaces the `MOTD_FILE' option in login.defs)
> +session    optional   pam_motd.so
> +
> +# Prints the status of the user's mailbox upon succesful login
> +# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
> +#
> +# This also defines the MAIL environment variable
> +# However, userdel also needs MAIL_DIR and MAIL_FILE variables
> +# in /etc/login.defs to make sure that removing a user
> +# also removes the user's mail spool file.
> +# See comments in /etc/login.defs
> +session    optional   pam_mail.so standard
> +
> +# Standard Un*x account and session
> +account    include      common-account
> +password   include      common-password
> +session    include      common-session
> diff --git a/recipes/shadow/files/pam.d/newusers b/recipes/shadow/files/pam.d/newusers
> new file mode 100644
> index 0000000..4aa3dde
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/newusers
> @@ -0,0 +1,4 @@
> +# The PAM configuration file for the Shadow 'newusers' service
> +#
> +
> +password   include      common-password
> diff --git a/recipes/shadow/files/pam.d/passwd b/recipes/shadow/files/pam.d/passwd
> new file mode 100644
> index 0000000..f534992
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/passwd
> @@ -0,0 +1,5 @@
> +#
> +# The PAM configuration file for the Shadow `passwd' service
> +#
> +
> +password   include      common-password
> diff --git a/recipes/shadow/files/pam.d/su b/recipes/shadow/files/pam.d/su
> new file mode 100644
> index 0000000..8e35137
> --- /dev/null
> +++ b/recipes/shadow/files/pam.d/su
> @@ -0,0 +1,60 @@
> +#
> +# The PAM configuration file for the Shadow `su' service
> +#
> +
> +# This allows root to su without passwords (normal operation)
> +auth       sufficient pam_rootok.so
> +
> +# Uncomment this to force users to be a member of group root
> +# before they can use `su'. You can also add "group=foo"
> +# to the end of this line if you want to use a group other
> +# than the default "root" (but this may have side effect of
> +# denying "root" user, unless she's a member of "foo" or explicitly
> +# permitted earlier by e.g. "sufficient pam_rootok.so").
> +# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
> +# auth       required   pam_wheel.so
> +
> +# Uncomment this if you want wheel members to be able to
> +# su without a password.
> +# auth       sufficient pam_wheel.so trust
> +
> +# Uncomment this if you want members of a specific group to not
> +# be allowed to use su at all.
> +# auth       required   pam_wheel.so deny group=nosu
> +
> +# Uncomment and edit /etc/security/time.conf if you need to set
> +# time restrainst on su usage.
> +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
> +# as well as /etc/porttime)
> +# account    requisite  pam_time.so
> +
> +# This module parses environment configuration file(s)
> +# and also allows you to use an extended config
> +# file /etc/security/pam_env.conf.
> +#
> +# parsing /etc/environment needs "readenv=1"
> +session       required   pam_env.so readenv=1
> +# locale variables are also kept into /etc/default/locale in etch
> +# reading this file *in addition to /etc/environment* does not hurt
> +session       required   pam_env.so readenv=1 envfile=/etc/default/locale
> +
> +# Defines the MAIL environment variable
> +# However, userdel also needs MAIL_DIR and MAIL_FILE variables
> +# in /etc/login.defs to make sure that removing a user
> +# also removes the user's mail spool file.
> +# See comments in /etc/login.defs
> +#
> +# "nopen" stands to avoid reporting new mail when su'ing to another user
> +session    optional   pam_mail.so nopen
> +
> +# Sets up user limits, please uncomment and read /etc/security/limits.conf
> +# to enable this functionality.
> +# (Replaces the use of /etc/limits in old login)
> +# session    required   pam_limits.so
> +
> +# The standard Unix authentication modules, used with
> +# NIS (man nsswitch) as well as normal /etc/passwd and
> +# /etc/shadow entries.
> +auth       include      common-auth
> +account    include      common-account
> +session    include      common-session
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> new file mode 100644
> index 0000000..04887a0
> --- /dev/null
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -0,0 +1,52 @@
> +DESCRIPTION = "login/password and account utilities"
> +LICENSE = "GPL"
> +
> +DEPEND = "libpam"
> +RDEPEND = "${DEPEND}"
> +
> +PR = "r5"
> +
> +EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
> +
> +inherit autotools
> +
> +HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
> +SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
> +           file://login_defs_pam.sed \
> +"
> +
> +# Additional Policy files for PAM
> +SRC_URI_append = " \
> +           file://pam.d/chfn \
> +           file://pam.d/chpasswd \
> +           file://pam.d/chsh \
> +           file://pam.d/login \
> +           file://pam.d/newusers \
> +           file://pam.d/passwd \
> +           file://pam.d/su \
> +"
> +
> +S = "${WORKDIR}/shadow-${PV}"
> +
> +CFLAGS_append = " -I../include"
> +
> +do_install_append() {
> +  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
> +  # reconfigures Shadow to default (see sed below).
> +  install -d ${D}${localstatedir}/spool/mail/
> +
> +  install -d ${D}${sysconfdir}/pam.d/
> +  install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
> +
> +  # Remove defaults that are not used when supporting PAM
> +  sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
> +
> +  # Enable CREATE_HOME by default.
> +  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
> +
> +  # As we are on an embedded system ensure the users mailbox is in ~/ not
> +  # /var/spool/mail by default as who knows where or how big /var is.
> +  # The system MDA will set this later anyway.
> +  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
> +  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> +}

Re: [PATCH][STABLE] shadow: try to fix serial-login issue

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Koen Kooi<koen@openembedded.org>
>
> ---
>   recipes/shadow/files/pam.d/login |    2 +-
>   recipes/shadow/files/securetty   |  167 ++++++++++++++++++++++++++++++++++++++
>   recipes/shadow/shadow_4.1.4.2.bb |    5 +-
>   3 files changed, 172 insertions(+), 2 deletions(-)
>   create mode 100644 recipes/shadow/files/securetty
>
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> index 2186d3e..65992c6 100644
> --- a/recipes/shadow/files/pam.d/login
> +++ b/recipes/shadow/files/pam.d/login
> @@ -20,7 +20,7 @@ auth       optional   pam_faildelay.so  delay=3000000
>   # You can change it to a "required" module if you think it permits to
>   # guess valid user names of your system (invalid user names are considered
>   # as possibly being root).
> -auth       requisite  pam_securetty.so
> +auth       [success=ok ignore=ignore user_unknown=ignore default=die]  pam_securetty.so
>
>   # Disallows other than root logins when /etc/nologin exists
>   # (Replaces the `NOLOGINS_FILE' option from login.defs)
> diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
> new file mode 100644
> index 0000000..2705baa
> --- /dev/null
> +++ b/recipes/shadow/files/securetty
> @@ -0,0 +1,167 @@
> +# /etc/securetty: list of terminals on which root is allowed to login.
> +# See securetty(5) and login(1).
> +console
> +
> +# Standard serial ports
> +ttyS0
> +ttyS1
> +
> +# USB dongles
> +ttyUSB0
> +ttyUSB1
> +ttyUSB2
> +
> +# Embedded MPC platforms
> +ttyPSC0
> +ttyPSC1
> +ttyPSC2
> +ttyPSC3
> +ttyPSC4
> +ttyPSC5
> +
> +# PA-RISC mux ports
> +ttyB0
> +ttyB1
> +
> +# Standard hypervisor virtual console
> +hvc0
> +
> +# Oldstyle Xen console
> +xvc0
> +
> +# Standard consoles
> +tty1
> +tty2
> +tty3
> +tty4
> +tty5
> +tty6
> +tty7
> +tty8
> +tty9
> +tty10
> +tty11
> +tty12
> +tty13
> +tty14
> +tty15
> +tty16
> +tty17
> +tty18
> +tty19
> +tty20
> +tty21
> +tty22
> +tty23
> +tty24
> +tty25
> +tty26
> +tty27
> +tty28
> +tty29
> +tty30
> +tty31
> +tty32
> +tty33
> +tty34
> +tty35
> +tty36
> +tty37
> +tty38
> +tty39
> +tty40
> +tty41
> +tty42
> +tty43
> +tty44
> +tty45
> +tty46
> +tty47
> +tty48
> +tty49
> +tty50
> +tty51
> +tty52
> +tty53
> +tty54
> +tty55
> +tty56
> +tty57
> +tty58
> +tty59
> +tty60
> +tty61
> +tty62
> +tty63
> +
> +# devfs consoles
> +# Note: On kernels greater than 2.6.12, this is not needed.
> +
> +# Standard serial ports, with devfs
> +tts/0
> +tts/1
> +
> +# Standard consoles, with devfs
> +vc/1
> +vc/2
> +vc/3
> +vc/4
> +vc/5
> +vc/6
> +vc/7
> +vc/8
> +vc/9
> +vc/10
> +vc/11
> +vc/12
> +vc/13
> +vc/14
> +vc/15
> +vc/16
> +vc/17
> +vc/18
> +vc/19
> +vc/20
> +vc/21
> +vc/22
> +vc/23
> +vc/24
> +vc/25
> +vc/26
> +vc/27
> +vc/28
> +vc/29
> +vc/30
> +vc/31
> +vc/32
> +vc/33
> +vc/34
> +vc/35
> +vc/36
> +vc/37
> +vc/38
> +vc/39
> +vc/40
> +vc/41
> +vc/42
> +vc/43
> +vc/44
> +vc/45
> +vc/46
> +vc/47
> +vc/48
> +vc/49
> +vc/50
> +vc/51
> +vc/52
> +vc/53
> +vc/54
> +vc/55
> +vc/56
> +vc/57
> +vc/58
> +vc/59
> +vc/60
> +vc/61
> +vc/62
> +vc/63
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index 04887a0..7f64023 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -4,7 +4,7 @@ LICENSE = "GPL"
>   DEPEND = "libpam"
>   RDEPEND = "${DEPEND}"
>
> -PR = "r5"
> +PR = "r6"
>
>   EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
>
> @@ -24,6 +24,7 @@ SRC_URI_append = " \
>              file://pam.d/newusers \
>              file://pam.d/passwd \
>              file://pam.d/su \
> +           file://securetty \
>   "
>
>   S = "${WORKDIR}/shadow-${PV}"
> @@ -49,4 +50,6 @@ do_install_append() {
>     # The system MDA will set this later anyway.
>     sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
>     sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> +
> +  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
>   }

Re: [PATCH][STABLE] shadow: unbork the dependencies.. its DEPENDS, not DEPEND.

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Chris Larson<clarson@mvista.com>
>
> Signed-off-by: Chris Larson<clarson@mvista.com>
> ---
>   recipes/shadow/shadow_4.1.4.2.bb |    3 +--
>   1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index 7f64023..b53f89f 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -1,8 +1,7 @@
>   DESCRIPTION = "login/password and account utilities"
>   LICENSE = "GPL"
>
> -DEPEND = "libpam"
> -RDEPEND = "${DEPEND}"
> +DEPENDS = "libpam"
>
>   PR = "r6"
>

Re: [PATCH][STABLE] shadow: reorg into .inc, pull some mvl6 changes over, use a 'pam' distro feature.

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Chris Larson<clarson@mvista.com>
>
> Signed-off-by: Chris Larson<clarson@mvista.com>
> ---
>   recipes/shadow/shadow.inc        |   91 ++++++++++++++++++++++++++++++++++++++
>   recipes/shadow/shadow_4.1.4.1.bb |    3 +
>   recipes/shadow/shadow_4.1.4.2.bb |   55 +----------------------
>   recipes/shadow/shadow_4.1.4.bb   |   12 +----
>   4 files changed, 98 insertions(+), 63 deletions(-)
>   create mode 100644 recipes/shadow/shadow.inc
>   create mode 100644 recipes/shadow/shadow_4.1.4.1.bb
>
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> new file mode 100644
> index 0000000..83d06c3
> --- /dev/null
> +++ b/recipes/shadow/shadow.inc
> @@ -0,0 +1,91 @@
> +# Configuration parameters
> +SHADOW_MAILFILE ?= "Mailbox"
> +SHADOW_MAILDIR ?= "${localstatedir}/spool/mail"
> +SHADOW_UTMPDIR ?= "${localstatedir}/utmp"
> +SHADOW_LOGDIR ?= "${localstatedir}/log"
> +
> +# Metadata
> +DESCRIPTION = "Tools to change and administer password and group data."
> +HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
> +LICENSE = "BSD"
> +SECTION = "base"
> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> +
> +INC_PR = "r6"
> +
> +# Additional Policy files for PAM
> +PAM_SRC_URI = " \
> +           file://pam.d/chfn \
> +           file://pam.d/chpasswd \
> +           file://pam.d/chsh \
> +           file://pam.d/login \
> +           file://pam.d/newusers \
> +           file://pam.d/passwd \
> +           file://pam.d/su \
> +"
> +SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
> +           file://login_defs_pam.sed \
> +           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> +           file://securetty \
> +"
> +
> +inherit autotools gettext
> +
> +EXTRA_OECONF += "\
> +    --disable-account-tools-setuid \
> +    --without-audit \
> +    --without-selinux \
> +    --without-libcrack \
> +    ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
> +"
> +
> +CFLAGS += "-I../include"
> +
> +do_configure_prepend () {
> +    export CONFIG_SITE="${CONFIG_SITE} ${B}/cachedpaths"
> +    cat<<END>${B}/cachedpaths
> +shadow_cv_maildir=${SHADOW_MAILDIR}
> +shadow_cv_mailfile=${SHADOW_MAILFILE}
> +shadow_cv_utmpdir=${SHADOW_UTMPDIR}
> +shadow_cv_logdir=${SHADOW_LOGDIR}
> +shadow_cv_passwd_dir=${bindir}
> +END
> +}
> +
> +do_install_append() {
> +  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
> +  # reconfigures Shadow to default (see sed below).
> +  install -d ${D}${SHADOW_MAILDIR}
> +
> +  if [ -e ${WORKDIR}/pam.d ]; then
> +      install -d ${D}${sysconfdir}/pam.d/
> +      install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
> +  fi
> +
> +  # Remove defaults that are not used when supporting PAM
> +  ${@base_contains('DISTRO_FEATURES', 'pam', 'sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs', '', d)}
> +
> +  # Enable CREATE_HOME by default.
> +  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
> +
> +  # As we are on an embedded system ensure the users mailbox is in ~/ not
> +  # /var/spool/mail by default as who knows where or how big /var is.
> +  # The system MDA will set this later anyway.
> +  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
> +  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> +
> +  mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
> +  mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
> +
> +  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> +}
> +
> +pkg_postinst_${PN} () {
> +    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
> +    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
> +}
> +
> +pkg_prerm_${PN} () {
> +    update-alternatives --remove passwd passwd.${PN}
> +    update-alternatives --remove chpasswd chpasswd.${PN}
> +}
> diff --git a/recipes/shadow/shadow_4.1.4.1.bb b/recipes/shadow/shadow_4.1.4.1.bb
> new file mode 100644
> index 0000000..7f9d403
> --- /dev/null
> +++ b/recipes/shadow/shadow_4.1.4.1.bb
> @@ -0,0 +1,3 @@
> +require shadow.inc
> +
> +PR = "${INC_PR}.0"
> diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
> index b53f89f..7f9d403 100644
> --- a/recipes/shadow/shadow_4.1.4.2.bb
> +++ b/recipes/shadow/shadow_4.1.4.2.bb
> @@ -1,54 +1,3 @@
> -DESCRIPTION = "login/password and account utilities"
> -LICENSE = "GPL"
> +require shadow.inc
>
> -DEPENDS = "libpam"
> -
> -PR = "r6"
> -
> -EXTRA_OECONF += " --enable-shared  --enable-static --with-libpam --without-libcrack"
> -
> -inherit autotools
> -
> -HOMEPAGE = "http://pkg-shadow.alioth.debian.org/"
> -SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
> -           file://login_defs_pam.sed \
> -"
> -
> -# Additional Policy files for PAM
> -SRC_URI_append = " \
> -           file://pam.d/chfn \
> -           file://pam.d/chpasswd \
> -           file://pam.d/chsh \
> -           file://pam.d/login \
> -           file://pam.d/newusers \
> -           file://pam.d/passwd \
> -           file://pam.d/su \
> -           file://securetty \
> -"
> -
> -S = "${WORKDIR}/shadow-${PV}"
> -
> -CFLAGS_append = " -I../include"
> -
> -do_install_append() {
> -  # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
> -  # reconfigures Shadow to default (see sed below).
> -  install -d ${D}${localstatedir}/spool/mail/
> -
> -  install -d ${D}${sysconfdir}/pam.d/
> -  install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
> -
> -  # Remove defaults that are not used when supporting PAM
> -  sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
> -
> -  # Enable CREATE_HOME by default.
> -  sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
> -
> -  # As we are on an embedded system ensure the users mailbox is in ~/ not
> -  # /var/spool/mail by default as who knows where or how big /var is.
> -  # The system MDA will set this later anyway.
> -  sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
> -  sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
> -
> -  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> -}
> +PR = "${INC_PR}.0"
> diff --git a/recipes/shadow/shadow_4.1.4.bb b/recipes/shadow/shadow_4.1.4.bb
> index 393edce..7f9d403 100644
> --- a/recipes/shadow/shadow_4.1.4.bb
> +++ b/recipes/shadow/shadow_4.1.4.bb
> @@ -1,11 +1,3 @@
> -DESCRIPTION = "login/password utilities"
> -LICENSE = "GPL"
> -
> -inherit autotools
> -
> -SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.gz"
> -
> -S = "${WORKDIR}/shadow-${PV}"
> -
> -CFLAGS_append = " -I../include"
> +require shadow.inc
>
> +PR = "${INC_PR}.0"

Re: [PATCH][STABLE] shadow.inc: Correctly install /etc/securetty and add back support for creating /etc/skel as part of the recipe.

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: David-John Willis<John.Willis@Distant-earth.com>
>
> Signed-off-by: Chris Larson<clarson@mvista.com>
> ---
>   recipes/shadow/shadow.inc |   10 ++++++++--
>   1 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 83d06c3..4a40151 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>   SECTION = "base"
>   DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> -INC_PR = "r6"
> +INC_PR = "r7"
>
>   # Additional Policy files for PAM
>   PAM_SRC_URI = " \
> @@ -23,6 +23,7 @@ PAM_SRC_URI = " \
>              file://pam.d/passwd \
>              file://pam.d/su \
>   "
> +
>   SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
>              file://login_defs_pam.sed \
>              ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> @@ -53,6 +54,10 @@ END
>   }
>
>   do_install_append() {
> +  # Ensure that /etc/skel is created so any default files that we want copied into new users home
> +  # dirs can be put in there later (ideal for .xinitrc for example).
> +  install -d ${D}${sysconfdir}/skel/
> +
>     # Ensure that the image has as /var/spool/mail dir so shadow can put mailboxes there if the user
>     # reconfigures Shadow to default (see sed below).
>     install -d ${D}${SHADOW_MAILDIR}
> @@ -77,7 +82,8 @@ do_install_append() {
>     mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
>     mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
>
> -  install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> +  # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
> +  install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
>   }
>
>   pkg_postinst_${PN} () {

Re: [PATCH][STABLE] shadow: Extend securetty file to include more common ttys (inc. ones used on OMAP3 platforms). Small correction for login pam file.

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: David-John Willis<John.Willis@Distant-earth.com>
>
> Signed-off-by: Chris Larson<clarson@mvista.com>
> ---
>   recipes/shadow/files/pam.d/login |    2 +-
>   recipes/shadow/files/securetty   |   31 +++++++++++++++++++++++++++++--
>   recipes/shadow/shadow.inc        |    2 +-
>   3 files changed, 31 insertions(+), 4 deletions(-)
>
> diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
> index 65992c6..e41eb04 100644
> --- a/recipes/shadow/files/pam.d/login
> +++ b/recipes/shadow/files/pam.d/login
> @@ -44,7 +44,7 @@ session       required   pam_env.so readenv=1
>   session       required   pam_env.so readenv=1 envfile=/etc/default/locale
>
>   # Standard Un*x authentication.
> -@include common-auth
> +auth       include      common-auth
>
>   # This allows certain extra groups to be granted to a user
>   # based on things like time of day, tty, service, and user.
> diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
> index 2705baa..8fd26e0 100644
> --- a/recipes/shadow/files/securetty
> +++ b/recipes/shadow/files/securetty
> @@ -5,12 +5,20 @@ console
>   # Standard serial ports
>   ttyS0
>   ttyS1
> +ttyS2
> +ttyS3
>
>   # USB dongles
>   ttyUSB0
>   ttyUSB1
>   ttyUSB2
>
> +# PowerMac
> +ttyPZ0
> +ttyPZ1
> +ttyPZ2
> +ttyPZ3
> +
>   # Embedded MPC platforms
>   ttyPSC0
>   ttyPSC1
> @@ -94,8 +102,27 @@ tty61
>   tty62
>   tty63
>
> -# devfs consoles
> -# Note: On kernels greater than 2.6.12, this is not needed.
> +# Local X displays (allows empty passwords with pam_unix's nullok_secure)
> +:0
> +:0.0
> +:0.1
> +:1
> +:1.0
> +:1.1
> +:2
> +:2.0
> +:2.1
> +:3
> +:3.0
> +:3.1
> +
> +# Embedded Freescale i.MX ports
> +ttymxc0
> +ttymxc1
> +ttymxc2
> +ttymxc3
> +ttymxc4
> +ttymxc5
>
>   # Standard serial ports, with devfs
>   tts/0
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 4a40151..68381f0 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>   SECTION = "base"
>   DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> -INC_PR = "r7"
> +INC_PR = "r8"
>
>   # Additional Policy files for PAM
>   PAM_SRC_URI = " \

Re: [PATCH][STABLE] shadow: Fix issue that stopped shadow.inc from packaging /usr/bin/passwd correctly and bump INC_PR.

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: David-John Willis<John.Willis@Distant-earth.com>
>
> Signed-off-by: Chris Larson<clarson@mvista.com>
> ---
>   recipes/shadow/shadow.inc |    4 ++--
>   1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 68381f0..9da5845 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>   SECTION = "base"
>   DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> -INC_PR = "r8"
> +INC_PR = "r9"
>
>   # Additional Policy files for PAM
>   PAM_SRC_URI = " \
> @@ -79,8 +79,8 @@ do_install_append() {
>     sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
>     sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
>
> +  mv ${D}${bindir}/passwd ${D}${bindir}/passwd.${PN}
>     mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
> -  mv ${D}${bindir}/passwd ${D}${bindir}/chpasswd.${PN}
>
>     # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
>     install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty

Re: [PATCH][STABLE] shadow: run pwconv and grpconv in postinst

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Koen Kooi<koen@openembedded.org>
>
> * this converts oldstyle formats to the proper one
> ---
>   recipes/shadow/shadow.inc |    7 ++++++-
>   1 files changed, 6 insertions(+), 1 deletions(-)
>
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 9da5845..5e3d2f2 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>   SECTION = "base"
>   DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> -INC_PR = "r9"
> +INC_PR = "r10"
>
>   # Additional Policy files for PAM
>   PAM_SRC_URI = " \
> @@ -89,6 +89,11 @@ do_install_append() {
>   pkg_postinst_${PN} () {
>       update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
>       update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
> +    if [ "x$D" != "x" ]; then
> +        exit 1
> +    fi
> +	pwconv
> +	grpconv
>   }
>
>   pkg_prerm_${PN} () {

Re: [PATCH][STABLE] shadow: use u-a on binaries that conflict with util-linux-ng

[Philip Balister]

Acked-by: Philip Balister <philip@balister.org>


On 03/22/2010 07:06 AM, Marcin Juszkiewicz wrote:
> From: Koen Kooi<koen@openembedded.org>
>
> ---
>   recipes/shadow/shadow.inc |   27 +++++++++++++++++++++------
>   1 files changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/recipes/shadow/shadow.inc b/recipes/shadow/shadow.inc
> index 5e3d2f2..30bd92f 100644
> --- a/recipes/shadow/shadow.inc
> +++ b/recipes/shadow/shadow.inc
> @@ -11,7 +11,7 @@ LICENSE = "BSD"
>   SECTION = "base"
>   DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> -INC_PR = "r10"
> +INC_PR = "r13"
>
>   # Additional Policy files for PAM
>   PAM_SRC_URI = " \
> @@ -79,16 +79,30 @@ do_install_append() {
>     sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
>     sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
>
> -  mv ${D}${bindir}/passwd ${D}${bindir}/passwd.${PN}
> +  install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
> +  for i in passwd chfn newgrp chsh ; do
> +    mv ${D}${bindir}/$i ${D}${bindir}/$i.${PN}
> +  done
> +
>     mv ${D}${sbindir}/chpasswd ${D}${sbindir}/chpasswd.${PN}
> +  mv ${D}${sbindir}/vigr ${D}${base_sbindir}/vigr.${PN}
> +  mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw.${PN}
> +  mv ${D}${bindir}/login ${D}${base_bindir}/login.${PN}
>
>     # Ensure we add a suitable securetty file to the package that has most common embedded TTYs defined.
>     install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty
> +
>   }
>
>   pkg_postinst_${PN} () {
> -    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 100
> -    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 100
> +    update-alternatives --install ${bindir}/passwd passwd passwd.${PN} 200
> +    update-alternatives --install ${sbindir}/chpasswd chpasswd chpasswd.${PN} 200
> +    update-alternatives --install ${bindir}/chfn chfn chfn.${PN} 200
> +    update-alternatives --install ${bindir}/newgrp newgrp newgrp.${PN} 200
> +    update-alternatives --install ${bindir}/chsh chsh chsh.${PN} 200
> +    update-alternatives --install ${base_bindir}/login login login.${PN} 200
> +    update-alternatives --install ${base_sbindir}/vipw vipw vipw.${PN} 200
> +    update-alternatives --install ${base_sbindir}/vigr vigr vigr.${PN} 200
>       if [ "x$D" != "x" ]; then
>           exit 1
>       fi
> @@ -97,6 +111,7 @@ pkg_postinst_${PN} () {
>   }
>
>   pkg_prerm_${PN} () {
> -    update-alternatives --remove passwd passwd.${PN}
> -    update-alternatives --remove chpasswd chpasswd.${PN}
> +    for i in passwd chpasswd chfn newgrp chsh login vipw vigr ; do
> +        update-alternatives --remove $i $i.${PN}
> +    done
>   }