* [PATCH 00/10] works of adding packages pam support
@ 2011-07-21 8:00 Kang Kai
2011-07-21 8:00 ` [PATCH 01/10] libpam: update to 1.1.4 and add subpackage xtests Kang Kai
` (11 more replies)
0 siblings, 12 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Kang Kai <kai.kang@windriver.com>
Hi Scott,
This is the current work of adding pam supports.
After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
doesn't have a pam configure file, import from Fedora.
The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib kangkai/distro
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
Kang Kai (5):
libpam: update to 1.1.4 and add subpackage xtests
cups: add pam support
screen: add pam support
sudo: add pam support
shadow: update pam related configure files
Wenzong Fan (2):
cronie: enable PAM support for cronie
at: enable pam support
Xiaofeng Yan (3):
dropbear: Support PAM
openssh: Support PAM
polkit: Support PAM
.../openssh/openssh-5.8p2/sshd | 10 +
meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
meta/recipes-core/dropbear/dropbear.inc | 6 +-
.../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
.../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
meta/recipes-extended/at/at_3.1.12.bb | 13 +-
.../cronie/cronie/crond_pam_config.patch | 13 ++
meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
.../pam/libpam/libpam-xtests.patch | 35 ++++
.../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
.../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
.../screen/screen-4.0.3/screen.pamd | 2 +
meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
.../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
meta/recipes-extended/sudo/files/sudo.pamd | 6 +
meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
20 files changed, 389 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)
create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
--
1.7.5.1.300.gc565c
^ permalink raw reply [flat|nested] 34+ messages in thread
* [PATCH 01/10] libpam: update to 1.1.4 and add subpackage xtests
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:00 ` [PATCH 02/10] dropbear: Support PAM Kang Kai
` (10 subsequent siblings)
11 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Kang Kai <kai.kang@windriver.com>
Update libpam to 1.1.4, and add dependecy cracklib because run xtexts will
need pam-plugin-cracklib.
There are some additional checks under subdirectory xtests and make it
as a subpackage libpam-xtests.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
.../pam/libpam/libpam-xtests.patch | 35 ++++++++++++++++++++
.../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +++++---
2 files changed, 44 insertions(+), 5 deletions(-)
create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)
diff --git a/meta/recipes-extended/pam/libpam/libpam-xtests.patch b/meta/recipes-extended/pam/libpam/libpam-xtests.patch
new file mode 100644
index 0000000..be68745
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/libpam-xtests.patch
@@ -0,0 +1,35 @@
+This patch is used to create a new sub package libpam-xtests to do more checks.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+--- Linux-PAM-1.1.4/xtests/Makefile.am.orig 2011-07-19 17:00:09.619980001 +0800
++++ Linux-PAM-1.1.4/xtests/Makefile.am 2011-07-19 16:54:00.229979998 +0800
+@@ -7,7 +7,7 @@
+ AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \
+ -L$(top_builddir)/libpam_misc -lpam_misc
+
+-CLEANFILES = *~ $(XTESTS)
++CLEANFILES = *~
+
+ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+@@ -51,3 +51,18 @@
+
+ xtests: $(XTESTS) run-xtests.sh
+ "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
++
++all: $(XTESTS)
++
++install: install_xtests
++
++install_xtests:
++ $(INSTALL) -d $(DESTDIR)$(pkgdatadir)/xtests
++ for file in $(EXTRA_DIST) ; do \
++ $(INSTALL) $$file $(DESTDIR)$(pkgdatadir)/xtests ; \
++ done
++ for file in $(XTESTS); do \
++ $(INSTALL) .libs/$$file $(DESTDIR)$(pkgdatadir)/xtests ; \
++ done
++
++.PHONY: all install_xtests
diff --git a/meta/recipes-extended/pam/libpam_1.1.3.bb b/meta/recipes-extended/pam/libpam_1.1.4.bb
similarity index 85%
rename from meta/recipes-extended/pam/libpam_1.1.3.bb
rename to meta/recipes-extended/pam/libpam_1.1.4.bb
index b62e2f2..f2379e4 100644
--- a/meta/recipes-extended/pam/libpam_1.1.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.1.4.bb
@@ -11,18 +11,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ca0395de9a86191a078b8b79302e3083"
PR = "r0"
-DEPENDS = "bison flex"
+DEPENDS = "bison flex cracklib"
RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
+RDEPENDS_${PN}-xtests = "libpam pam-plugin-access pam-plugin-debug pam-plugin-cracklib pam-plugin-pwhistory \
+ pam-plugin-succeed-if pam-plugin-time coreutils"
RRECOMMENDS_${PN} = "libpam-runtime"
SRC_URI = "${KERNELORG_MIRROR}/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \
file://99_pam \
- file://pam.d/*"
+ file://pam.d/* \
+ file://libpam-xtests.patch"
SRC_URI_append_libc-uclibc = " file://pam-no-innetgr.patch"
-SRC_URI[md5sum] = "6db7fcb5db6253350e3a4648ceac40e7"
-SRC_URI[sha256sum] = "17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652"
+SRC_URI[md5sum] = "e9af5fb27bb22edb55d077e2888b3ebc"
+SRC_URI[sha256sum] = "ccd89331914390b1e9e99c954471d65f19b660d81e15a46eeb96cee125d44056"
EXTRA_OECONF = "--with-db-uniquename=_pam \
--includedir=${includedir}/security \
@@ -34,12 +37,13 @@ S = "${WORKDIR}/Linux-PAM-${PV}"
inherit autotools gettext
-PACKAGES += "${PN}-runtime"
+PACKAGES += "${PN}-runtime ${PN}-xtests"
FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
FILES_${PN}-dbg += "${base_libdir}/security/.debug \
${base_libdir}/security/pam_filter/.debug"
FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
FILES_${PN}-runtime = "${sysconfdir}"
+FILES_${PN}-xtests = "${datadir}/Linux-PAM/xtests"
PACKAGES_DYNAMIC += " pam-plugin-*"
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 02/10] dropbear: Support PAM
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
2011-07-21 8:00 ` [PATCH 01/10] libpam: update to 1.1.4 and add subpackage xtests Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:54 ` Koen Kooi
2011-07-21 8:00 ` [PATCH 03/10] openssh: " Kang Kai
` (9 subsequent siblings)
11 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
I make a patch and some changes in dropbear.inc for supporting pam.
- Enable pam in configure
- Modify file option.h to open pam supporting
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
meta/recipes-core/dropbear/dropbear.inc | 6 ++++-
.../dropbear/dropbear/dropbear-enable-pam.patch | 21 ++++++++++++++++++++
2 files changed, 26 insertions(+), 1 deletions(-)
create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 1b51e1a..48cefb6 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
DEPENDS = "zlib"
RPROVIDES = "ssh sshd"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
file://urandom-xauth-changes-to-options.h.patch \
file://configure.patch \
file://fix-2kb-keys.patch \
file://allow-nopw.patch;apply=no \
- file://init"
+ file://init \
+ file://dropbear-enable-pam.patch "
inherit autotools update-rc.d
@@ -28,6 +30,8 @@ LD = "${CC}"
SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
BINCOMMANDS = "dbclient ssh scp"
EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+EXTRA_OECONF += "\
+ ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
new file mode 100644
index 0000000..b941db5
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
@@ -0,0 +1,21 @@
+dropbear: We need modify file option.h besides enabling pam in \
+configure if we want dropbear to support pam.
+
+Upstream-Status: Pending
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+
+--- a/options.h 2011-07-12 13:27:39.008819183 +0800
++++ b/options.h.new 2011-07-12 13:37:37.780819308 +0800
+@@ -149,9 +149,9 @@
+ * but there's an interface via a PAM module - don't bother using it otherwise.
+ * You can't enable both PASSWORD and PAM. */
+
+-#define ENABLE_SVR_PASSWORD_AUTH
++//#define ENABLE_SVR_PASSWORD_AUTH
+ /* PAM requires ./configure --enable-pam */
+-/*#define ENABLE_SVR_PAM_AUTH*/
++#define ENABLE_SVR_PAM_AUTH
+ #define ENABLE_SVR_PUBKEY_AUTH
+
+ /* Wether to ake public key options in authorized_keys file into account */
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 03/10] openssh: Support PAM
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
2011-07-21 8:00 ` [PATCH 01/10] libpam: update to 1.1.4 and add subpackage xtests Kang Kai
2011-07-21 8:00 ` [PATCH 02/10] dropbear: Support PAM Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:55 ` Koen Kooi
2011-07-21 9:05 ` Phil Blundell
2011-07-21 8:00 ` [PATCH 04/10] polkit: " Kang Kai
` (8 subsequent siblings)
11 siblings, 2 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
.../openssh/openssh-5.8p2/sshd | 10 ++++++++++
meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +++++--
2 files changed, 15 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
diff --git a/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
new file mode 100644
index 0000000..4882e58
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
@@ -0,0 +1,10 @@
+#%PAM-1.0
+
+auth include common-auth
+account required pam_nologin.so
+account include common-account
+password include common-password
+session optional pam_keyinit.so force revoke
+session include common-session
+session required pam_loginuid.so
+
diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
index e23069c..e0da936 100644
--- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://LICENCE;md5=bae9a689be41581503bcf95d8fb42c4e"
-PR = "r0"
+PR = "r1"
DEPENDS = "zlib openssl"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
file://sshd_config \
file://ssh_config \
file://init \
+ file://sshd \
"
SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
@@ -59,7 +60,9 @@ do_compile_append () {
do_install_append () {
install -d ${D}${sysconfdir}/init.d
+ install -d ${D}${sysconfdir}/pam.d
install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+ install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
mv ${D}${bindir}/ssh ${D}${bindir}/ssh.${PN}
rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
@@ -71,7 +74,7 @@ ALLOW_EMPTY_${PN} = "1"
PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
FILES_${PN}-scp = "${bindir}/scp.${PN}"
FILES_${PN}-ssh = "${bindir}/ssh.${PN} ${sysconfdir}/ssh/ssh_config"
-FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
+FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${sysconfdir}/pam.d/sshd"
FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config"
FILES_${PN}-sftp = "${bindir}/sftp"
FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 04/10] polkit: Support PAM
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (2 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 03/10] openssh: " Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:59 ` Koen Kooi
2011-07-21 8:00 ` [PATCH 05/10] cups: add pam support Kang Kai
` (7 subsequent siblings)
11 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
.../polkit/polkit-0.101/polkit-1_pam.patch | 23 ++++++++++++++++++++
meta/recipes-extended/polkit/polkit_0.101.bb | 6 +++-
2 files changed, 27 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
new file mode 100644
index 0000000..fa145ac
--- /dev/null
+++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
@@ -0,0 +1,23 @@
+polkit: No system-auth in poky, we can use common-* in place of it.
+
+Upstream-Status:Inappropriate [configuration]
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+
+--- a/configure.ac 2011-03-04 02:26:20.000000000 +0800
++++ b/configure.ac.new 2011-07-18 10:14:12.516818852 +0800
+@@ -350,10 +350,10 @@
+ PAM_FILE_INCLUDE_PASSWORD=system
+ PAM_FILE_INCLUDE_SESSION=system
+ else
+- PAM_FILE_INCLUDE_AUTH=system-auth
+- PAM_FILE_INCLUDE_ACCOUNT=system-auth
+- PAM_FILE_INCLUDE_PASSWORD=system-auth
+- PAM_FILE_INCLUDE_SESSION=system-auth
++ PAM_FILE_INCLUDE_AUTH=common-auth
++ PAM_FILE_INCLUDE_ACCOUNT=common-account
++ PAM_FILE_INCLUDE_PASSWORD=common-password
++ PAM_FILE_INCLUDE_SESSION=common-session
+ fi
+
+ AC_SUBST(PAM_FILE_INCLUDE_AUTH)
diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
index 6769914..da1d581 100644
--- a/meta/recipes-extended/polkit/polkit_0.101.bb
+++ b/meta/recipes-extended/polkit/polkit_0.101.bb
@@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
- file://introspection.patch"
-PR = "r0"
+ file://introspection.patch \
+ file://polkit-1_pam.patch"
+
+PR = "r1"
DEPENDS = "libpam expat dbus-glib eggdbus intltool"
RDEPENDS_${PN} = "libpam"
EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 05/10] cups: add pam support
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (3 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 04/10] polkit: " Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:00 ` [PATCH 06/10] screen: " Kang Kai
` (6 subsequent siblings)
11 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Kang Kai <kai.kang@windriver.com>
According to distro_feature then add pam support for cups or not.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
meta/recipes-extended/cups/cups_1.4.6.bb | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/cups/cups_1.4.6.bb b/meta/recipes-extended/cups/cups_1.4.6.bb
index 86b5340..fd20dcc 100644
--- a/meta/recipes-extended/cups/cups_1.4.6.bb
+++ b/meta/recipes-extended/cups/cups_1.4.6.bb
@@ -1,7 +1,8 @@
require cups14.inc
-PR = "r0"
-DEPENDS += "libusb"
+PR = "r1"
+DEPENDS += "libusb \
+ ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=956e7600195e6139f12de8c2a5bbefa9"
SRC_URI += " \
@@ -12,6 +13,7 @@ SRC_URI += " \
SRC_URI[md5sum] = "de8fb5a29c36554925c0c6a6e2c0dae1"
SRC_URI[sha256sum] = "f08711702a77b52c7150f96fe1f45482f6151cb95ef601268c528607fe6ad514"
-EXTRA_OECONF += " --disable-gssapi --enable-debug --disable-relro --enable-libusb"
+EXTRA_OECONF += " --disable-gssapi --enable-debug --disable-relro --enable-libusb \
+ ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
CONFFILES_${PN} += "${sysconfdir}/cups/cupsd.conf"
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 06/10] screen: add pam support
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (4 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 05/10] cups: add pam support Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:00 ` [PATCH 07/10] sudo: " Kang Kai
` (5 subsequent siblings)
11 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Kang Kai <kai.kang@windriver.com>
According to DISTRO_FEATURES then add screen pam support or not.
Press "Ctrl+a x" will lock the screen terminal, then unlock it will
use pam.
Add pam related configure file sceen.pamd from Fedora.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
.../screen/screen-4.0.3/screen.pamd | 2 ++
meta/recipes-extended/screen/screen_4.0.3.bb | 14 ++++++++++----
2 files changed, 12 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
diff --git a/meta/recipes-extended/screen/screen-4.0.3/screen.pamd b/meta/recipes-extended/screen/screen-4.0.3/screen.pamd
new file mode 100644
index 0000000..ff657fa
--- /dev/null
+++ b/meta/recipes-extended/screen/screen-4.0.3/screen.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth include common-auth
diff --git a/meta/recipes-extended/screen/screen_4.0.3.bb b/meta/recipes-extended/screen/screen_4.0.3.bb
index dac2893..c5bdf78 100644
--- a/meta/recipes-extended/screen/screen_4.0.3.bb
+++ b/meta/recipes-extended/screen/screen_4.0.3.bb
@@ -10,12 +10,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0774d66808b0f602e94448108f59448b \
file://screen.h;endline=23;md5=9a7ae69a2aafed891bf7c38ddf9f6b7d"
SECTION = "console/utils"
-DEPENDS = "ncurses"
-PR = "r0"
+DEPENDS = "ncurses \
+ ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PR = "r1"
SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz;name=tarball \
${DEBIAN_MIRROR}/main/s/screen/screen_4.0.3-11+lenny1.diff.gz;name=patch \
- file://configure.patch"
+ file://configure.patch \
+ file://screen.pamd"
SRC_URI[tarball.md5sum] = "8506fd205028a96c741e4037de6e3c42"
SRC_URI[tarball.sha256sum] = "78f0d5b1496084a5902586304d4a73954b2bfe33ea13edceecf21615c39e6c77"
@@ -25,5 +27,9 @@ SRC_URI[patch.sha256sum] = "19130d097e9ed897c84a2c640634dd36ee3233c17b0bf5d18549
inherit autotools
-EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5"
+EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5 \
+ ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
+do_install_append () {
+ install -D -m 644 ${WORKDIR}/screen.pamd ${D}/${sysconfdir}/pam.d/screen
+}
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 07/10] sudo: add pam support
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (5 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 06/10] screen: " Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 9:06 ` Phil Blundell
2011-07-21 8:00 ` [PATCH 08/10] cronie: enable PAM support for cronie Kang Kai
` (4 subsequent siblings)
11 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Kang Kai <kai.kang@windriver.com>
According to DISTRO_FEATURES to add pam support for sudo, and import
configure file from Fedora.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
meta/recipes-extended/sudo/files/sudo.pamd | 6 ++++++
meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 ++++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
diff --git a/meta/recipes-extended/sudo/files/sudo.pamd b/meta/recipes-extended/sudo/files/sudo.pamd
new file mode 100644
index 0000000..5bc26e7
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/sudo.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth include common-auth
+account include common-account
+password include common-password
+session required pam_keyinit.so revoke
+session required pam_limits.so
diff --git a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
index 7eba307..529a44b 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
@@ -1,11 +1,16 @@
require sudo.inc
-PR = "r0"
+PR = "r1"
SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
- file://libtool.patch"
+ file://libtool.patch \
+ file://sudo.pamd"
SRC_URI[md5sum] = "e8330f0e63b0ecb2e12b5c76922818cc"
SRC_URI[sha256sum] = "281f90c80547cf22132e351e7f61c25ba4ba9cf393438468f318f9a7884026fb"
-EXTRA_OECONF += " --with-pam=no"
+EXTRA_OECONF += " ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)}"
+
+do_install_append () {
+ install -D -m 664 ${WORKDIR}/sudo.pamd ${D}/${sysconfdir}/pam.d/sudo
+}
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 08/10] cronie: enable PAM support for cronie
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (6 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 07/10] sudo: " Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:00 ` [PATCH 09/10] shadow: update pam related configure files Kang Kai
` (3 subsequent siblings)
11 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Wenzong Fan <wenzong.fan@windriver.com>
Enable PAM support for cronie and update its pam config file 'crond'.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../cronie/cronie/crond_pam_config.patch | 13 +++++++++++++
meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +++++++--
2 files changed, 20 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
diff --git a/meta/recipes-extended/cronie/cronie/crond_pam_config.patch b/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
new file mode 100644
index 0000000..01884ce
--- /dev/null
+++ b/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
@@ -0,0 +1,13 @@
+--- cronie-1.4.7/pam/crond.orig 2010-12-16 16:59:02.000000000 +0800
++++ cronie-1.4.7/pam/crond 2011-07-20 09:47:16.080819203 +0800
+@@ -4,7 +4,7 @@
+ #
+ # No PAM authentication called, auth modules not needed
+ account required pam_access.so
+-account include password-auth
++account include common-account
+ session required pam_loginuid.so
+-session include password-auth
+-auth include password-auth
++session include common-session-noninteractive
++auth include common-auth
diff --git a/meta/recipes-extended/cronie/cronie_1.4.7.bb b/meta/recipes-extended/cronie/cronie_1.4.7.bb
index 992b610..5107b8a 100644
--- a/meta/recipes-extended/cronie/cronie_1.4.7.bb
+++ b/meta/recipes-extended/cronie/cronie_1.4.7.bb
@@ -14,17 +14,22 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=963ea0772a2adbdcd607a9b2ec320c11 \
SECTION = "utils"
-PR = "r2"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PR = "r3"
SRC_URI = "https://fedorahosted.org/releases/c/r/cronie/cronie-${PV}.tar.gz \
file://crond.init \
- file://crontab"
+ file://crontab \
+ file://crond_pam_config.patch"
SRC_URI[md5sum] = "dfc26c47756d0c40ee27ae3c7ee98e0d"
SRC_URI[sha256sum] = "83bae15ae5504454ba74f4142f5db3aa22be594327fea19d2534f65803137fbd"
inherit autotools update-rc.d
+EXTRA_OECONF += "\
+ ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)}"
+
INITSCRIPT_NAME = "crond"
INITSCRIPT_PARAMS = "start 90 2 3 4 5 . stop 60 0 1 6 ."
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 09/10] shadow: update pam related configure files
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (7 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 08/10] cronie: enable PAM support for cronie Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:58 ` Koen Kooi
2011-07-21 8:00 ` [PATCH 10/10] at: enable pam support Kang Kai
` (2 subsequent siblings)
11 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Kang Kai <kai.kang@windriver.com>
add shadow-update-pam-conf.patch to update the pam related configure files
in Yocto way rather than Fedora.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
.../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
2 files changed, 178 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
new file mode 100644
index 0000000..33789f5
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
@@ -0,0 +1,175 @@
+The system-auth in the configure files is from Fedora which put all the 4 pam type rules
+in one file.
+In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
+common-password and common-session.
+So update them in Yocto way.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage
+--- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chfn shadow-4.1.4.3/etc/pam.d/chfn
+--- shadow-4.1.4.3/etc/pam.d.orig/chfn 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chfn 2011-07-20 19:03:17.804844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd
+--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chpasswd shadow-4.1.4.3/etc/pam.d/chpasswd
+--- shadow-4.1.4.3/etc/pam.d.orig/chpasswd 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chpasswd 2011-07-20 19:03:42.724844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chsh shadow-4.1.4.3/etc/pam.d/chsh
+--- shadow-4.1.4.3/etc/pam.d.orig/chsh 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chsh 2011-07-20 19:03:51.524844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd
+--- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel
+--- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems
+--- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod
+--- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/login shadow-4.1.4.3/etc/pam.d/login
+--- shadow-4.1.4.3/etc/pam.d.orig/login 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/login 2011-07-20 19:05:36.924844958 +0800
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ auth required pam_securetty.so
+-auth include system-auth
++auth include common-auth
+ account required pam_nologin.so
+-account include system-auth
+-password include system-auth
++account include common-account
++password include common-password
+ session required pam_selinux.so close
+-session include system-auth
++session include common-session
+ session required pam_loginuid.so
+ session optional pam_console.so
+ session required pam_selinux.so open
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/newusers shadow-4.1.4.3/etc/pam.d/newusers
+--- shadow-4.1.4.3/etc/pam.d.orig/newusers 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/newusers 2011-07-20 19:05:49.344844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/passwd shadow-4.1.4.3/etc/pam.d/passwd
+--- shadow-4.1.4.3/etc/pam.d.orig/passwd 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/passwd 2011-07-20 19:06:29.014844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+-auth include system-auth
+-account include system-auth
+-password include system-auth
++auth include common-auth
++account include common-account
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/su shadow-4.1.4.3/etc/pam.d/su
+--- shadow-4.1.4.3/etc/pam.d.orig/su 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/su 2011-07-20 19:07:07.584844958 +0800
+@@ -4,10 +4,10 @@
+ #auth sufficient pam_wheel.so trust use_uid
+ # Uncomment the following line to require a user to be in the "wheel" group.
+ auth required pam_wheel.so use_uid
+-auth include system-auth
+-account include system-auth
+-password include system-auth
++auth include common-auth
++account include common-account
++password include common-password
+ session required pam_selinux.so close
+-session include system-auth
++session include common-session
+ session required pam_selinux.so open multiple
+ session optional pam_xauth.so
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd
+--- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel
+--- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod
+--- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+ account required pam_permit.so
+-password include system-auth
++password include common-password
diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
index 5731a26..0e6ba871 100644
--- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
+++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
-PR = "r2"
+PR = "r3"
SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
file://login_defs_pam.sed \
@@ -19,7 +19,8 @@ SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz
file://shadow-4.1.3-dots-in-usernames.patch \
file://shadow-4.1.4.2-env-reset-keep-locale.patch \
file://shadow-4.1.4.2-groupmod-pam-check.patch \
- file://shadow-4.1.4.2-su_no_sanitize_env.patch"
+ file://shadow-4.1.4.2-su_no_sanitize_env.patch \
+ file://shadow-update-pam-conf.patch"
SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH 10/10] at: enable pam support
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (8 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 09/10] shadow: update pam related configure files Kang Kai
@ 2011-07-21 8:00 ` Kang Kai
2011-07-21 8:05 ` [PATCH 00/10] works of adding packages " Kang Kai
2011-07-21 17:02 ` Saul Wold
11 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:00 UTC (permalink / raw)
To: scott.a.garman; +Cc: Wenzong, openembedded-core
From: Wenzong Fan <wenzong.fan@windriver.com>
add patches to make at enable pam support
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
.../at/at-3.1.12/configure-add-enable-pam.patch | 23 ++++++++++++++++++++
meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 +++++++++++++
meta/recipes-extended/at/at_3.1.12.bb | 13 +++++++---
3 files changed, 48 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
diff --git a/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch b/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
new file mode 100644
index 0000000..1f73cdd
--- /dev/null
+++ b/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
@@ -0,0 +1,23 @@
+--- at-3.1.12/configure.ac 2011-06-23 14:51:03.653572945 +0800
++++ at-3.1.12/configure.ac.new 2011-06-27 16:12:14.903572945 +0800
+@@ -81,10 +81,18 @@
+ AC_FUNC_VPRINTF
+ AC_FUNC_GETLOADAVG
+ AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
++
++AC_ARG_WITH([pam],
++ [AS_HELP_STRING([--without-pam], [without PAM support])])
++
++if test "x$with_pam" != xno; then
+ AC_CHECK_HEADERS(security/pam_appl.h, [
+ PAMLIB="-lpam"
+- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])
+-])
++ AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])],
++ [if test "x$with_pam" = xyes; then
++ AC_MSG_ERROR([PAM selected but security/pam_misc.h not found])
++ fi])
++fi
+
+ dnl Checking for programs
+
diff --git a/meta/recipes-extended/at/at-3.1.12/pam.conf.patch b/meta/recipes-extended/at/at-3.1.12/pam.conf.patch
new file mode 100644
index 0000000..4a80bbf
--- /dev/null
+++ b/meta/recipes-extended/at/at-3.1.12/pam.conf.patch
@@ -0,0 +1,16 @@
+--- at-3.1.12/pam.conf.orig 2009-11-23 23:11:52.000000000 +0800
++++ at-3.1.12/pam.conf 2011-07-15 11:14:04.132818950 +0800
+@@ -2,8 +2,8 @@
+ # The PAM configuration file for the at daemon
+ #
+
+-auth required pam_env.so
+-@include common-auth
+-@include common-account
+-@include common-session-noninteractive
+-session required pam_limits.so
++auth required pam_env.so
++auth include common-auth
++account include common-account
++session include common-session-noninteractive
++session required pam_limits.so
diff --git a/meta/recipes-extended/at/at_3.1.12.bb b/meta/recipes-extended/at/at_3.1.12.bb
index 3a94497..16f428c 100644
--- a/meta/recipes-extended/at/at_3.1.12.bb
+++ b/meta/recipes-extended/at/at_3.1.12.bb
@@ -4,20 +4,23 @@ the system load levels drop to a particular level."
SECTION = "base"
LICENSE="GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4"
-DEPENDS = "flex libpam initscripts"
+DEPENDS = "flex libpam initscripts \
+ ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RCONFLICTS_${PN} = "atd"
RREPLACES_${PN} = "atd"
-PR = "r4"
+PR = "r5"
SRC_URI = "${DEBIAN_MIRROR}/main/a/at/at_${PV}.orig.tar.gz \
file://configure.patch \
+ file://pam.conf.patch \
file://use-ldflags.patch \
file://nonstripbinaries.patch \
file://fix_parallel_build_error.patch \
file://posixtm.c \
file://posixtm.h \
file://file_replacement_with_gplv2.patch \
- file://S99at"
+ file://S99at \
+ file://configure-add-enable-pam.patch"
SRC_URI[md5sum] = "1e67991776148fb319fd77a2e599a765"
SRC_URI[sha256sum] = "7c55c6ab4fbe8add9e68f31b2b0ebf3fe805c9a4e7cfb2623a3d8a4789cc18f3"
@@ -26,7 +29,8 @@ EXTRA_OECONF += "ac_cv_path_SENDMAIL=/bin/true \
--with-daemon_username=root \
--with-daemon_groupname=root \
--with-jobdir=/var/spool/at/jobs \
- --with-atspool=/var/spool/at/spool"
+ --with-atspool=/var/spool/at/spool \
+ ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} "
inherit autotools
@@ -41,6 +45,7 @@ do_install () {
install -d ${D}${sysconfdir}/rcS.d
install -m 0755 ${WORKDIR}/S99at ${D}${sysconfdir}/init.d/atd
ln -sf ../init.d/atd ${D}${sysconfdir}/rcS.d/S99at
+ install -D -m 0644 ${WORKDIR}/${P}/pam.conf ${D}${sysconfdir}/pam.d/atd
}
pkg_postinst_${PN} () {
--
1.7.5.1.300.gc565c
^ permalink raw reply related [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (9 preceding siblings ...)
2011-07-21 8:00 ` [PATCH 10/10] at: enable pam support Kang Kai
@ 2011-07-21 8:05 ` Kang Kai
2011-07-21 8:53 ` Koen Kooi
2011-07-21 17:02 ` Saul Wold
11 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-21 8:05 UTC (permalink / raw)
To: Kang Kai; +Cc: openembedded-core, scott.a.garman
[-- Attachment #1: Type: text/plain, Size: 3486 bytes --]
On 2011?07?21? 16:00, Kang Kai wrote:
> From: Kang Kai<kai.kang@windriver.com>
>
> Hi Scott,
>
> This is the current work of adding pam supports.
>
> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
> doesn't have a pam configure file, import from Fedora.
>
> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>
> bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>
> are available in the git repository at:
> git://git.pokylinux.org/poky-contrib kangkai/distro
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
sorry, the branch info is wrong, should be
*http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro*
>
> Kang Kai (5):
> libpam: update to 1.1.4 and add subpackage xtests
> cups: add pam support
> screen: add pam support
> sudo: add pam support
> shadow: update pam related configure files
>
> Wenzong Fan (2):
> cronie: enable PAM support for cronie
> at: enable pam support
>
> Xiaofeng Yan (3):
> dropbear: Support PAM
> openssh: Support PAM
> polkit: Support PAM
>
> .../openssh/openssh-5.8p2/sshd | 10 +
> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
> meta/recipes-core/dropbear/dropbear.inc | 6 +-
> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
> .../cronie/cronie/crond_pam_config.patch | 13 ++
> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
> .../pam/libpam/libpam-xtests.patch | 35 ++++
> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
> .../screen/screen-4.0.3/screen.pamd | 2 +
> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
> 20 files changed, 389 insertions(+), 28 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
> create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
> create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
> create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)
> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
> create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
> create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>
[-- Attachment #2: Type: text/html, Size: 4169 bytes --]
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-21 8:05 ` [PATCH 00/10] works of adding packages " Kang Kai
@ 2011-07-21 8:53 ` Koen Kooi
2011-07-21 9:41 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Koen Kooi @ 2011-07-21 8:53 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: scott.a.garman
Op 21 jul. 2011, om 10:05 heeft Kang Kai het volgende geschreven:
> On 2011年07月21日 16:00, Kang Kai wrote:
>> From: Kang Kai <kai.kang@windriver.com>
>>
>>
>> Hi Scott,
>>
>> This is the current work of adding pam supports.
>>
>> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
>> doesn't have a pam configure file, import from Fedora.
>>
>> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>
>> bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>>
>> are available in the git repository at:
>> git://git.pokylinux.org/poky-contrib kangkai/distro
>>
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>
> sorry, the branch info is wrong, should be
>
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro
Is that against oe-core or against poky? If it's against poky please rebase it against oe-core since that make it possible to test it.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 02/10] dropbear: Support PAM
2011-07-21 8:00 ` [PATCH 02/10] dropbear: Support PAM Kang Kai
@ 2011-07-21 8:54 ` Koen Kooi
2011-07-21 19:10 ` Khem Raj
0 siblings, 1 reply; 34+ messages in thread
From: Koen Kooi @ 2011-07-21 8:54 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Scott Garman
Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
>
> I make a patch and some changes in dropbear.inc for supporting pam.
> - Enable pam in configure
> - Modify file option.h to open pam supporting
>
> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> ---
> meta/recipes-core/dropbear/dropbear.inc | 6 ++++-
> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 ++++++++++++++++++++
> 2 files changed, 26 insertions(+), 1 deletions(-)
> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>
> diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
> index 1b51e1a..48cefb6 100644
> --- a/meta/recipes-core/dropbear/dropbear.inc
> +++ b/meta/recipes-core/dropbear/dropbear.inc
> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>
> DEPENDS = "zlib"
> RPROVIDES = "ssh sshd"
> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>
> SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
> file://urandom-xauth-changes-to-options.h.patch \
> file://configure.patch \
> file://fix-2kb-keys.patch \
> file://allow-nopw.patch;apply=no \
> - file://init"
> + file://init \
> + file://dropbear-enable-pam.patch "
>
> inherit autotools update-rc.d
>
> @@ -28,6 +30,8 @@ LD = "${CC}"
> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
> BINCOMMANDS = "dbclient ssh scp"
> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
> +EXTRA_OECONF += "\
> + ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
>
> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
That one is missing a PR bump
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 03/10] openssh: Support PAM
2011-07-21 8:00 ` [PATCH 03/10] openssh: " Kang Kai
@ 2011-07-21 8:55 ` Koen Kooi
2011-07-21 9:05 ` Phil Blundell
1 sibling, 0 replies; 34+ messages in thread
From: Koen Kooi @ 2011-07-21 8:55 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Scott Garman
Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
>
> Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.
Where did this file come from and why isn't openssh providing it on its own?
>
> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> ---
> .../openssh/openssh-5.8p2/sshd | 10 ++++++++++
> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +++++--
> 2 files changed, 15 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>
> diff --git a/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> new file mode 100644
> index 0000000..4882e58
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> @@ -0,0 +1,10 @@
> +#%PAM-1.0
> +
> +auth include common-auth
> +account required pam_nologin.so
> +account include common-account
> +password include common-password
> +session optional pam_keyinit.so force revoke
> +session include common-session
> +session required pam_loginuid.so
> +
> diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> index e23069c..e0da936 100644
> --- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> @@ -7,7 +7,7 @@ SECTION = "console/network"
> LICENSE = "BSD"
> LIC_FILES_CHKSUM = "file://LICENCE;md5=bae9a689be41581503bcf95d8fb42c4e"
>
> -PR = "r0"
> +PR = "r1"
>
> DEPENDS = "zlib openssl"
> DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> @@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
> file://sshd_config \
> file://ssh_config \
> file://init \
> + file://sshd \
> "
> SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
> SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
> @@ -59,7 +60,9 @@ do_compile_append () {
>
> do_install_append () {
> install -d ${D}${sysconfdir}/init.d
> + install -d ${D}${sysconfdir}/pam.d
> install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
> + install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
> mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
> mv ${D}${bindir}/ssh ${D}${bindir}/ssh.${PN}
> rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
> @@ -71,7 +74,7 @@ ALLOW_EMPTY_${PN} = "1"
> PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
> FILES_${PN}-scp = "${bindir}/scp.${PN}"
> FILES_${PN}-ssh = "${bindir}/ssh.${PN} ${sysconfdir}/ssh/ssh_config"
> -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
> +FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${sysconfdir}/pam.d/sshd"
> FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config"
> FILES_${PN}-sftp = "${bindir}/sftp"
> FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
> --
> 1.7.5.1.300.gc565c
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 09/10] shadow: update pam related configure files
2011-07-21 8:00 ` [PATCH 09/10] shadow: update pam related configure files Kang Kai
@ 2011-07-21 8:58 ` Koen Kooi
2011-07-22 3:16 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Koen Kooi @ 2011-07-21 8:58 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Scott Garman
Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
> From: Kang Kai <kai.kang@windriver.com>
>
> add shadow-update-pam-conf.patch to update the pam related configure files
> in Yocto way rather than Fedora.
I'm not entirely sure, but do the updated conf files need something like http://cgit.openembedded.org/cgit.cgi/openembedded-core/commit/?id=b90e9c2318fc421f37c57788ece54ce791a90b62 as well?
>
> Signed-off-by: Kang Kai <kai.kang@windriver.com>
> ---
> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
> 2 files changed, 178 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>
> diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
> new file mode 100644
> index 0000000..33789f5
> --- /dev/null
> +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
> @@ -0,0 +1,175 @@
> +The system-auth in the configure files is from Fedora which put all the 4 pam type rules
> +in one file.
> +In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
> +common-password and common-session.
> +So update them in Yocto way.
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Kang Kai <kai.kang@windriver.com>
> +
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage
> +--- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chfn shadow-4.1.4.3/etc/pam.d/chfn
> +--- shadow-4.1.4.3/etc/pam.d.orig/chfn 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chfn 2011-07-20 19:03:17.804844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd
> +--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chpasswd shadow-4.1.4.3/etc/pam.d/chpasswd
> +--- shadow-4.1.4.3/etc/pam.d.orig/chpasswd 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chpasswd 2011-07-20 19:03:42.724844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chsh shadow-4.1.4.3/etc/pam.d/chsh
> +--- shadow-4.1.4.3/etc/pam.d.orig/chsh 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chsh 2011-07-20 19:03:51.524844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/login shadow-4.1.4.3/etc/pam.d/login
> +--- shadow-4.1.4.3/etc/pam.d.orig/login 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/login 2011-07-20 19:05:36.924844958 +0800
> +@@ -1,11 +1,11 @@
> + #%PAM-1.0
> + auth required pam_securetty.so
> +-auth include system-auth
> ++auth include common-auth
> + account required pam_nologin.so
> +-account include system-auth
> +-password include system-auth
> ++account include common-account
> ++password include common-password
> + session required pam_selinux.so close
> +-session include system-auth
> ++session include common-session
> + session required pam_loginuid.so
> + session optional pam_console.so
> + session required pam_selinux.so open
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/newusers shadow-4.1.4.3/etc/pam.d/newusers
> +--- shadow-4.1.4.3/etc/pam.d.orig/newusers 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/newusers 2011-07-20 19:05:49.344844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/passwd shadow-4.1.4.3/etc/pam.d/passwd
> +--- shadow-4.1.4.3/etc/pam.d.orig/passwd 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/passwd 2011-07-20 19:06:29.014844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> +-auth include system-auth
> +-account include system-auth
> +-password include system-auth
> ++auth include common-auth
> ++account include common-account
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/su shadow-4.1.4.3/etc/pam.d/su
> +--- shadow-4.1.4.3/etc/pam.d.orig/su 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/su 2011-07-20 19:07:07.584844958 +0800
> +@@ -4,10 +4,10 @@
> + #auth sufficient pam_wheel.so trust use_uid
> + # Uncomment the following line to require a user to be in the "wheel" group.
> + auth required pam_wheel.so use_uid
> +-auth include system-auth
> +-account include system-auth
> +-password include system-auth
> ++auth include common-auth
> ++account include common-account
> ++password include common-password
> + session required pam_selinux.so close
> +-session include system-auth
> ++session include common-session
> + session required pam_selinux.so open multiple
> + session optional pam_xauth.so
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd
> +--- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel
> +--- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod
> +--- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth sufficient pam_rootok.so
> + account required pam_permit.so
> +-password include system-auth
> ++password include common-password
> diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> index 5731a26..0e6ba871 100644
> --- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> +++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
>
> DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
> -PR = "r2"
> +PR = "r3"
>
> SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
> file://login_defs_pam.sed \
> @@ -19,7 +19,8 @@ SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz
> file://shadow-4.1.3-dots-in-usernames.patch \
> file://shadow-4.1.4.2-env-reset-keep-locale.patch \
> file://shadow-4.1.4.2-groupmod-pam-check.patch \
> - file://shadow-4.1.4.2-su_no_sanitize_env.patch"
> + file://shadow-4.1.4.2-su_no_sanitize_env.patch \
> + file://shadow-update-pam-conf.patch"
>
> SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
> SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
> --
> 1.7.5.1.300.gc565c
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 04/10] polkit: Support PAM
2011-07-21 8:00 ` [PATCH 04/10] polkit: " Kang Kai
@ 2011-07-21 8:59 ` Koen Kooi
2011-07-21 9:49 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Koen Kooi @ 2011-07-21 8:59 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Scott Garman
Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
>
> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
>
> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> ---
> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 ++++++++++++++++++++
> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +++-
> 2 files changed, 27 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>
> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
> new file mode 100644
> index 0000000..fa145ac
> --- /dev/null
> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
> @@ -0,0 +1,23 @@
> +polkit: No system-auth in poky, we can use common-* in place of it.
Poky or oe-core? And can we provide system-auth instead of patching the world?
> +
> +Upstream-Status:Inappropriate [configuration]
> +
> +Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> +
> +--- a/configure.ac 2011-03-04 02:26:20.000000000 +0800
> ++++ b/configure.ac.new 2011-07-18 10:14:12.516818852 +0800
> +@@ -350,10 +350,10 @@
> + PAM_FILE_INCLUDE_PASSWORD=system
> + PAM_FILE_INCLUDE_SESSION=system
> + else
> +- PAM_FILE_INCLUDE_AUTH=system-auth
> +- PAM_FILE_INCLUDE_ACCOUNT=system-auth
> +- PAM_FILE_INCLUDE_PASSWORD=system-auth
> +- PAM_FILE_INCLUDE_SESSION=system-auth
> ++ PAM_FILE_INCLUDE_AUTH=common-auth
> ++ PAM_FILE_INCLUDE_ACCOUNT=common-account
> ++ PAM_FILE_INCLUDE_PASSWORD=common-password
> ++ PAM_FILE_INCLUDE_SESSION=common-session
> + fi
> +
> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
> index 6769914..da1d581 100644
> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
> file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
>
> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
> - file://introspection.patch"
> -PR = "r0"
> + file://introspection.patch \
> + file://polkit-1_pam.patch"
> +
> +PR = "r1"
> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
> RDEPENDS_${PN} = "libpam"
> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
> --
> 1.7.5.1.300.gc565c
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 03/10] openssh: Support PAM
2011-07-21 8:00 ` [PATCH 03/10] openssh: " Kang Kai
2011-07-21 8:55 ` Koen Kooi
@ 2011-07-21 9:05 ` Phil Blundell
1 sibling, 0 replies; 34+ messages in thread
From: Phil Blundell @ 2011-07-21 9:05 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
On Thu, 2011-07-21 at 16:00 +0800, Kang Kai wrote:
> do_install_append () {
> install -d ${D}${sysconfdir}/init.d
> + install -d ${D}${sysconfdir}/pam.d
> install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
> + install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
I think this should be conditional on pam in DISTRO_FEATURES.
p.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 07/10] sudo: add pam support
2011-07-21 8:00 ` [PATCH 07/10] sudo: " Kang Kai
@ 2011-07-21 9:06 ` Phil Blundell
2011-07-21 9:42 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Phil Blundell @ 2011-07-21 9:06 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
On Thu, 2011-07-21 at 16:00 +0800, Kang Kai wrote:
> +do_install_append () {
> + install -D -m 664 ${WORKDIR}/sudo.pamd ${D}/${sysconfdir}/pam.d/sudo
> +}
As with openssh, you don't want to install and ship this file if pam
isn't enabled.
p.
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-21 8:53 ` Koen Kooi
@ 2011-07-21 9:41 ` Kang Kai
2011-07-21 9:58 ` Koen Kooi
0 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-21 9:41 UTC (permalink / raw)
To: Koen Kooi; +Cc: scott.a.garman, Patches and discussions about the oe-core layer
On 2011年07月21日 16:53, Koen Kooi wrote:
> Op 21 jul. 2011, om 10:05 heeft Kang Kai het volgende geschreven:
>
>> On 2011年07月21日 16:00, Kang Kai wrote:
>>> From: Kang Kai<kai.kang@windriver.com>
>>>
>>>
>>> Hi Scott,
>>>
>>> This is the current work of adding pam supports.
>>>
>>> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
>>> doesn't have a pam configure file, import from Fedora.
>>>
>>> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>
>>> bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>>>
>>> are available in the git repository at:
>>> git://git.pokylinux.org/poky-contrib kangkai/distro
>>>
>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>> sorry, the branch info is wrong, should be
>>
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro
> Is that against oe-core or against poky? If it's against poky please rebase it against oe-core since that make it possible to test it.
Koen,
I rebase against oe-core and push to
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai%2Fpam-rebase-oe-core
Is that what you want?
Regards,
Kai
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 07/10] sudo: add pam support
2011-07-21 9:06 ` Phil Blundell
@ 2011-07-21 9:42 ` Kang Kai
0 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-21 9:42 UTC (permalink / raw)
To: openembedded-core
On 2011年07月21日 17:06, Phil Blundell wrote:
> On Thu, 2011-07-21 at 16:00 +0800, Kang Kai wrote:
>> +do_install_append () {
>> + install -D -m 664 ${WORKDIR}/sudo.pamd ${D}/${sysconfdir}/pam.d/sudo
>> +}
> As with openssh, you don't want to install and ship this file if pam
> isn't enabled.
>
> p.
ok, we'll try to do that.
Thanks,
Kai
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 04/10] polkit: Support PAM
2011-07-21 8:59 ` Koen Kooi
@ 2011-07-21 9:49 ` Kang Kai
2011-07-21 9:59 ` Koen Kooi
0 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-21 9:49 UTC (permalink / raw)
To: openembedded-core
On 2011年07月21日 16:59, Koen Kooi wrote:
> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>
>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>
>> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
>>
>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>> ---
>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 ++++++++++++++++++++
>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +++-
>> 2 files changed, 27 insertions(+), 2 deletions(-)
>> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>
>> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>> new file mode 100644
>> index 0000000..fa145ac
>> --- /dev/null
>> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>> @@ -0,0 +1,23 @@
>> +polkit: No system-auth in poky, we can use common-* in place of it.
> Poky or oe-core? And can we provide system-auth instead of patching the world?
system-auth is the Fedora common pam configure file and auto generated
by command authconfig. It contains all 4 types(auth, account, password
and session) default config. But in Yocto we follow Debian/Ubuntu with
separated files for default config: common-auth, common-account etc.
So that we didn't import the system-auth file .
>
>
>> +
>> +Upstream-Status:Inappropriate [configuration]
>> +
>> +Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>> +
>> +--- a/configure.ac 2011-03-04 02:26:20.000000000 +0800
>> ++++ b/configure.ac.new 2011-07-18 10:14:12.516818852 +0800
>> +@@ -350,10 +350,10 @@
>> + PAM_FILE_INCLUDE_PASSWORD=system
>> + PAM_FILE_INCLUDE_SESSION=system
>> + else
>> +- PAM_FILE_INCLUDE_AUTH=system-auth
>> +- PAM_FILE_INCLUDE_ACCOUNT=system-auth
>> +- PAM_FILE_INCLUDE_PASSWORD=system-auth
>> +- PAM_FILE_INCLUDE_SESSION=system-auth
>> ++ PAM_FILE_INCLUDE_AUTH=common-auth
>> ++ PAM_FILE_INCLUDE_ACCOUNT=common-account
>> ++ PAM_FILE_INCLUDE_PASSWORD=common-password
>> ++ PAM_FILE_INCLUDE_SESSION=common-session
>> + fi
>> +
>> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
>> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
>> index 6769914..da1d581 100644
>> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
>> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
>> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
>> file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
>>
>> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
>> - file://introspection.patch"
>> -PR = "r0"
>> + file://introspection.patch \
>> + file://polkit-1_pam.patch"
>> +
>> +PR = "r1"
>> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
>> RDEPENDS_${PN} = "libpam"
>> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
>> --
>> 1.7.5.1.300.gc565c
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-21 9:41 ` Kang Kai
@ 2011-07-21 9:58 ` Koen Kooi
0 siblings, 0 replies; 34+ messages in thread
From: Koen Kooi @ 2011-07-21 9:58 UTC (permalink / raw)
To: Kang Kai; +Cc: scott.a.garman, Patches and discussions about the oe-core layer
Yes, that'd be awesome
Op 21 jul. 2011, om 11:41 heeft Kang Kai het volgende geschreven:
> On 2011年07月21日 16:53, Koen Kooi wrote:
>> Op 21 jul. 2011, om 10:05 heeft Kang Kai het volgende geschreven:
>>
>>> On 2011年07月21日 16:00, Kang Kai wrote:
>>>> From: Kang Kai<kai.kang@windriver.com>
>>>>
>>>>
>>>> Hi Scott,
>>>>
>>>> This is the current work of adding pam supports.
>>>>
>>>> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
>>>> doesn't have a pam configure file, import from Fedora.
>>>>
>>>> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>>
>>>> bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>>>>
>>>> are available in the git repository at:
>>>> git://git.pokylinux.org/poky-contrib kangkai/distro
>>>>
>>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>>> sorry, the branch info is wrong, should be
>>>
>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro
>> Is that against oe-core or against poky? If it's against poky please rebase it against oe-core since that make it possible to test it.
>
> Koen,
>
> I rebase against oe-core and push to
>
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai%2Fpam-rebase-oe-core
>
> Is that what you want?
>
> Regards,
> Kai
>
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 04/10] polkit: Support PAM
2011-07-21 9:49 ` Kang Kai
@ 2011-07-21 9:59 ` Koen Kooi
2011-07-22 3:21 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Koen Kooi @ 2011-07-21 9:59 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
Op 21 jul. 2011, om 11:49 heeft Kang Kai het volgende geschreven:
> On 2011年07月21日 16:59, Koen Kooi wrote:
>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>
>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>
>>> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
>>>
>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>> ---
>>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 ++++++++++++++++++++
>>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +++-
>>> 2 files changed, 27 insertions(+), 2 deletions(-)
>>> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>
>>> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>> new file mode 100644
>>> index 0000000..fa145ac
>>> --- /dev/null
>>> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>> @@ -0,0 +1,23 @@
>>> +polkit: No system-auth in poky, we can use common-* in place of it.
>> Poky or oe-core? And can we provide system-auth instead of patching the world?
>
> system-auth is the Fedora common pam configure file and auto generated by command authconfig. It contains all 4 types(auth, account, password and session) default config. But in Yocto
Hmm, poky, oe-core or yocto? Which is it :)
> we follow Debian/Ubuntu with separated files for default config: common-auth, common-account etc.
> So that we didn't import the system-auth file .
>
>>
>>
>>> +
>>> +Upstream-Status:Inappropriate [configuration]
>>> +
>>> +Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>> +
>>> +--- a/configure.ac 2011-03-04 02:26:20.000000000 +0800
>>> ++++ b/configure.ac.new 2011-07-18 10:14:12.516818852 +0800
>>> +@@ -350,10 +350,10 @@
>>> + PAM_FILE_INCLUDE_PASSWORD=system
>>> + PAM_FILE_INCLUDE_SESSION=system
>>> + else
>>> +- PAM_FILE_INCLUDE_AUTH=system-auth
>>> +- PAM_FILE_INCLUDE_ACCOUNT=system-auth
>>> +- PAM_FILE_INCLUDE_PASSWORD=system-auth
>>> +- PAM_FILE_INCLUDE_SESSION=system-auth
>>> ++ PAM_FILE_INCLUDE_AUTH=common-auth
>>> ++ PAM_FILE_INCLUDE_ACCOUNT=common-account
>>> ++ PAM_FILE_INCLUDE_PASSWORD=common-password
>>> ++ PAM_FILE_INCLUDE_SESSION=common-session
>>> + fi
>>> +
>>> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
>>> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
>>> index 6769914..da1d581 100644
>>> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
>>> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
>>> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
>>> file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
>>>
>>> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
>>> - file://introspection.patch"
>>> -PR = "r0"
>>> + file://introspection.patch \
>>> + file://polkit-1_pam.patch"
>>> +
>>> +PR = "r1"
>>> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
>>> RDEPENDS_${PN} = "libpam"
>>> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
>>> --
>>> 1.7.5.1.300.gc565c
>>>
>>>
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
` (10 preceding siblings ...)
2011-07-21 8:05 ` [PATCH 00/10] works of adding packages " Kang Kai
@ 2011-07-21 17:02 ` Saul Wold
2011-07-22 2:18 ` Kang Kai
11 siblings, 1 reply; 34+ messages in thread
From: Saul Wold @ 2011-07-21 17:02 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
On 07/21/2011 01:00 AM, Kang Kai wrote:
> From: Kang Kai<kai.kang@windriver.com>
>
> Hi Scott,
>
> This is the current work of adding pam supports.
>
> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
> doesn't have a pam configure file, import from Fedora.
>
Kai,
Thanks for this work, you have already gotten some feedback, I have a
few general comments to add that are across many of these patches, so I
will note them here.
Whitespace: you seem to be using tabs instead of spaces, please check
that you have spaces and your items are lined up. Yocto uses 4 spaces
for python and bb recipes and tabs for shell scripts and shell functions
in bb recipes.
As has already been noted in a couple of places, ensure that you only
install things pam specific when the pam DISTRO_FEATURE is enabled,
there are multiple places that need this (not just the ones already noted).
Worth noting here also make sure you check all your PR bumps are correct.
Commit messages and comments for things to oe-core should talk about
oe-core not yocto or poky as this upsets people ;-)
I am going to hold of on taking this series until you fix it up.
Sau!
> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>
> bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>
> are available in the git repository at:
> git://git.pokylinux.org/poky-contrib kangkai/distro
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>
> Kang Kai (5):
> libpam: update to 1.1.4 and add subpackage xtests
> cups: add pam support
> screen: add pam support
> sudo: add pam support
> shadow: update pam related configure files
>
> Wenzong Fan (2):
> cronie: enable PAM support for cronie
> at: enable pam support
>
> Xiaofeng Yan (3):
> dropbear: Support PAM
> openssh: Support PAM
> polkit: Support PAM
>
> .../openssh/openssh-5.8p2/sshd | 10 +
> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
> meta/recipes-core/dropbear/dropbear.inc | 6 +-
> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
> .../cronie/cronie/crond_pam_config.patch | 13 ++
> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
> .../pam/libpam/libpam-xtests.patch | 35 ++++
> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
> .../screen/screen-4.0.3/screen.pamd | 2 +
> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
> 20 files changed, 389 insertions(+), 28 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
> create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
> create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
> create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)
> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
> create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
> create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 02/10] dropbear: Support PAM
2011-07-21 8:54 ` Koen Kooi
@ 2011-07-21 19:10 ` Khem Raj
2011-07-22 2:41 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Khem Raj @ 2011-07-21 19:10 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Scott Garman
On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi <koen@dominion.thruhere.net> wrote:
>
> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>
>> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
>>
>> I make a patch and some changes in dropbear.inc for supporting pam.
>> - Enable pam in configure
>> - Modify file option.h to open pam supporting
>>
>> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
>> ---
>> meta/recipes-core/dropbear/dropbear.inc | 6 ++++-
>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 ++++++++++++++++++++
>> 2 files changed, 26 insertions(+), 1 deletions(-)
>> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>
>> diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
>> index 1b51e1a..48cefb6 100644
>> --- a/meta/recipes-core/dropbear/dropbear.inc
>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>
>> DEPENDS = "zlib"
>> RPROVIDES = "ssh sshd"
>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>>
>> SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>> file://urandom-xauth-changes-to-options.h.patch \
>> file://configure.patch \
>> file://fix-2kb-keys.patch \
>> file://allow-nopw.patch;apply=no \
>> - file://init"
>> + file://init \
>> + file://dropbear-enable-pam.patch "
>>
>> inherit autotools update-rc.d
>>
>> @@ -28,6 +30,8 @@ LD = "${CC}"
>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>> BINCOMMANDS = "dbclient ssh scp"
>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
>> +EXTRA_OECONF += "\
>> + ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
>>
>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
>
> That one is missing a PR bump
And does this mean that it also needs libpam in DEPENDS ?
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-21 17:02 ` Saul Wold
@ 2011-07-22 2:18 ` Kang Kai
2011-07-22 3:10 ` Saul Wold
0 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-22 2:18 UTC (permalink / raw)
To: Saul Wold; +Cc: oe-core
On 2011年07月22日 01:02, Saul Wold wrote:
> On 07/21/2011 01:00 AM, Kang Kai wrote:
>> From: Kang Kai<kai.kang@windriver.com>
>>
>> Hi Scott,
>>
>> This is the current work of adding pam supports.
>>
>> After update libpam to 1.1.4, we enable the packages pam support. And
>> if the pacakge
>> doesn't have a pam configure file, import from Fedora.
>>
> Kai,
>
> Thanks for this work, you have already gotten some feedback, I have a
> few general comments to add that are across many of these patches, so
> I will note them here.
>
> Whitespace: you seem to be using tabs instead of spaces, please check
> that you have spaces and your items are lined up. Yocto uses 4 spaces
> for python and bb recipes and tabs for shell scripts and shell
> functions in bb recipes.
>
> As has already been noted in a couple of places, ensure that you only
> install things pam specific when the pam DISTRO_FEATURE is enabled,
> there are multiple places that need this (not just the ones already
> noted).
>
> Worth noting here also make sure you check all your PR bumps are correct.
>
Hi Saul,
We will check the commits and send them again. Thanks for you comments.
> Commit messages and comments for things to oe-core should talk about
> oe-core not yocto or poky as this upsets people ;-)
I am a little confused about this. Do you mean the commits about
packages under directory meta/ should use word "oe-core" rather than
Yocto? Would you like to tell me that how do you merge the commits,
merge the commits to the oe-core master first and then merge the oe-core
master to Yocto master or some branch?
At the same time, tests we did are based on core-image-sato/lsb. Should
we test them again base on the image create by oe-core?
>
> I am going to hold of on taking this series until you fix it up.
>
> Sau!
>
Regards,
Kai
>
>
>> The following changes since commit
>> fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>
>> bb-matrix: correct BB and PM number canonicalization (2011-07-14
>> 22:23:09 +0100)
>>
>> are available in the git repository at:
>> git://git.pokylinux.org/poky-contrib kangkai/distro
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>>
>> Kang Kai (5):
>> libpam: update to 1.1.4 and add subpackage xtests
>> cups: add pam support
>> screen: add pam support
>> sudo: add pam support
>> shadow: update pam related configure files
>>
>> Wenzong Fan (2):
>> cronie: enable PAM support for cronie
>> at: enable pam support
>>
>> Xiaofeng Yan (3):
>> dropbear: Support PAM
>> openssh: Support PAM
>> polkit: Support PAM
>>
>> .../openssh/openssh-5.8p2/sshd | 10 +
>> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
>> meta/recipes-core/dropbear/dropbear.inc | 6 +-
>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
>> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
>> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
>> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
>> .../cronie/cronie/crond_pam_config.patch | 13 ++
>> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
>> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
>> .../pam/libpam/libpam-xtests.patch | 35 ++++
>> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
>> .../screen/screen-4.0.3/screen.pamd | 2 +
>> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
>> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
>> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
>> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
>> 20 files changed, 389 insertions(+), 28 deletions(-)
>> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>> create mode 100644
>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>> create mode 100644
>> meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>> create mode 100644
>> meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>> create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}
>> (85%)
>> create mode 100644
>> meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>> create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>> create mode 100644
>> meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>>
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 02/10] dropbear: Support PAM
2011-07-21 19:10 ` Khem Raj
@ 2011-07-22 2:41 ` Kang Kai
2011-07-22 2:49 ` Khem Raj
0 siblings, 1 reply; 34+ messages in thread
From: Kang Kai @ 2011-07-22 2:41 UTC (permalink / raw)
To: openembedded-core
On 2011年07月22日 03:10, Khem Raj wrote:
> On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi<koen@dominion.thruhere.net> wrote:
>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>
>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>
>>> I make a patch and some changes in dropbear.inc for supporting pam.
>>> - Enable pam in configure
>>> - Modify file option.h to open pam supporting
>>>
>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>> ---
>>> meta/recipes-core/dropbear/dropbear.inc | 6 ++++-
>>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 ++++++++++++++++++++
>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>
>>> diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
>>> index 1b51e1a..48cefb6 100644
>>> --- a/meta/recipes-core/dropbear/dropbear.inc
>>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>>
>>> DEPENDS = "zlib"
>>> RPROVIDES = "ssh sshd"
>>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>>>
>>> SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>>> file://urandom-xauth-changes-to-options.h.patch \
>>> file://configure.patch \
>>> file://fix-2kb-keys.patch \
>>> file://allow-nopw.patch;apply=no \
>>> - file://init"
>>> + file://init \
>>> + file://dropbear-enable-pam.patch "
>>>
>>> inherit autotools update-rc.d
>>>
>>> @@ -28,6 +30,8 @@ LD = "${CC}"
>>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>>> BINCOMMANDS = "dbclient ssh scp"
>>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
>>> +EXTRA_OECONF += "\
>>> + ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
>>>
>>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
>> That one is missing a PR bump
> And does this mean that it also needs libpam in DEPENDS ?
Yes, I think so. So add the
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 02/10] dropbear: Support PAM
2011-07-22 2:41 ` Kang Kai
@ 2011-07-22 2:49 ` Khem Raj
2011-07-22 2:56 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Khem Raj @ 2011-07-22 2:49 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
On Thu, Jul 21, 2011 at 7:41 PM, Kang Kai <Kai.Kang@windriver.com> wrote:
> On 2011年07月22日 03:10, Khem Raj wrote:
>>
>> On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi<koen@dominion.thruhere.net>
>> wrote:
>>>
>>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>>
>>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>
>>>> I make a patch and some changes in dropbear.inc for supporting pam.
>>>> - Enable pam in configure
>>>> - Modify file option.h to open pam supporting
>>>>
>>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>> ---
>>>> meta/recipes-core/dropbear/dropbear.inc | 6 ++++-
>>>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21
>>>> ++++++++++++++++++++
>>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>>> create mode 100644
>>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>>
>>>> diff --git a/meta/recipes-core/dropbear/dropbear.inc
>>>> b/meta/recipes-core/dropbear/dropbear.inc
>>>> index 1b51e1a..48cefb6 100644
>>>> --- a/meta/recipes-core/dropbear/dropbear.inc
>>>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>>>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM =
>>>> "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>>>
>>>> DEPENDS = "zlib"
>>>> RPROVIDES = "ssh sshd"
>>>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '',
>>>> d)}"
>>>>
>>>> SRC_URI =
>>>> "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>>>> file://urandom-xauth-changes-to-options.h.patch \
>>>> file://configure.patch \
>>>> file://fix-2kb-keys.patch \
>>>> file://allow-nopw.patch;apply=no \
>>>> - file://init"
>>>> + file://init \
>>>> + file://dropbear-enable-pam.patch "
>>>>
>>>> inherit autotools update-rc.d
>>>>
>>>> @@ -28,6 +30,8 @@ LD = "${CC}"
>>>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>>>> BINCOMMANDS = "dbclient ssh scp"
>>>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS}
>>>> ${BINCOMMANDS}"'
>>>> +EXTRA_OECONF += "\
>>>> + ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam',
>>>> '--disable-pam', d)}"
>>>>
>>>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks",
>>>> "debug", "",d)}"
>>>
>>> That one is missing a PR bump
>>
>> And does this mean that it also needs libpam in DEPENDS ?
>
> Yes, I think so. So add the
>
> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
and to all recipes which are modified
>
>
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 02/10] dropbear: Support PAM
2011-07-22 2:49 ` Khem Raj
@ 2011-07-22 2:56 ` Kang Kai
0 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-22 2:56 UTC (permalink / raw)
To: openembedded-core
On 2011年07月22日 10:49, Khem Raj wrote:
> On Thu, Jul 21, 2011 at 7:41 PM, Kang Kai<Kai.Kang@windriver.com> wrote:
>> On 2011年07月22日 03:10, Khem Raj wrote:
>>> On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi<koen@dominion.thruhere.net>
>>> wrote:
>>>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>>>
>>>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>>
>>>>> I make a patch and some changes in dropbear.inc for supporting pam.
>>>>> - Enable pam in configure
>>>>> - Modify file option.h to open pam supporting
>>>>>
>>>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>> ---
>>>>> meta/recipes-core/dropbear/dropbear.inc | 6 ++++-
>>>>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21
>>>>> ++++++++++++++++++++
>>>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>>>> create mode 100644
>>>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>>>
>>>>> diff --git a/meta/recipes-core/dropbear/dropbear.inc
>>>>> b/meta/recipes-core/dropbear/dropbear.inc
>>>>> index 1b51e1a..48cefb6 100644
>>>>> --- a/meta/recipes-core/dropbear/dropbear.inc
>>>>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>>>>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM =
>>>>> "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>>>>
>>>>> DEPENDS = "zlib"
>>>>> RPROVIDES = "ssh sshd"
>>>>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '',
>>>>> d)}"
>>>>>
>>>>> SRC_URI =
>>>>> "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>>>>> file://urandom-xauth-changes-to-options.h.patch \
>>>>> file://configure.patch \
>>>>> file://fix-2kb-keys.patch \
>>>>> file://allow-nopw.patch;apply=no \
>>>>> - file://init"
>>>>> + file://init \
>>>>> + file://dropbear-enable-pam.patch "
>>>>>
>>>>> inherit autotools update-rc.d
>>>>>
>>>>> @@ -28,6 +30,8 @@ LD = "${CC}"
>>>>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>>>>> BINCOMMANDS = "dbclient ssh scp"
>>>>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS}
>>>>> ${BINCOMMANDS}"'
>>>>> +EXTRA_OECONF += "\
>>>>> + ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam',
>>>>> '--disable-pam', d)}"
>>>>>
>>>>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks",
>>>>> "debug", "",d)}"
>>>> That one is missing a PR bump
>>> And does this mean that it also needs libpam in DEPENDS ?
>> Yes, I think so. So add the
>>
>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> and to all recipes which are modified
ok, I'll check all the modified recipes.
>
>>
>>>> _______________________________________________
>>>> Openembedded-core mailing list
>>>> Openembedded-core@lists.openembedded.org
>>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>>>
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-22 2:18 ` Kang Kai
@ 2011-07-22 3:10 ` Saul Wold
2011-07-22 3:14 ` Kang Kai
0 siblings, 1 reply; 34+ messages in thread
From: Saul Wold @ 2011-07-22 3:10 UTC (permalink / raw)
To: Kang Kai; +Cc: oe-core
On 07/21/2011 07:18 PM, Kang Kai wrote:
> On 2011年07月22日 01:02, Saul Wold wrote:
>> On 07/21/2011 01:00 AM, Kang Kai wrote:
>>> From: Kang Kai<kai.kang@windriver.com>
>>>
>>> Hi Scott,
>>>
>>> This is the current work of adding pam supports.
>>>
>>> After update libpam to 1.1.4, we enable the packages pam support. And
>>> if the pacakge
>>> doesn't have a pam configure file, import from Fedora.
>>>
>> Kai,
>>
>> Thanks for this work, you have already gotten some feedback, I have a
>> few general comments to add that are across many of these patches, so
>> I will note them here.
>>
>> Whitespace: you seem to be using tabs instead of spaces, please check
>> that you have spaces and your items are lined up. Yocto uses 4 spaces
>> for python and bb recipes and tabs for shell scripts and shell
>> functions in bb recipes.
>>
>> As has already been noted in a couple of places, ensure that you only
>> install things pam specific when the pam DISTRO_FEATURE is enabled,
>> there are multiple places that need this (not just the ones already
>> noted).
>>
>> Worth noting here also make sure you check all your PR bumps are correct.
>>
>
> Hi Saul,
>
> We will check the commits and send them again. Thanks for you comments.
>
>> Commit messages and comments for things to oe-core should talk about
>> oe-core not yocto or poky as this upsets people ;-)
>
> I am a little confused about this. Do you mean the commits about
> packages under directory meta/ should use word "oe-core" rather than
> Yocto? Would you like to tell me that how do you merge the commits,
> merge the commits to the oe-core master first and then merge the oe-core
> master to Yocto master or some branch?
>
Yocto uses oe-core, so it's merged to oe-core and the the Yocto pulls
from oe-core. For 1.2, we will have layering scripts that do some of this.
> At the same time, tests we did are based on core-image-sato/lsb. Should
> we test them again base on the image create by oe-core?
>
No need. your testing agains core-image-sato / lsb is fine.
Sau!
>>
>> I am going to hold of on taking this series until you fix it up.
>>
>> Sau!
>>
>
> Regards,
> Kai
>
>>
>>
>>> The following changes since commit
>>> fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>
>>> bb-matrix: correct BB and PM number canonicalization (2011-07-14
>>> 22:23:09 +0100)
>>>
>>> are available in the git repository at:
>>> git://git.pokylinux.org/poky-contrib kangkai/distro
>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>>>
>>>
>>> Kang Kai (5):
>>> libpam: update to 1.1.4 and add subpackage xtests
>>> cups: add pam support
>>> screen: add pam support
>>> sudo: add pam support
>>> shadow: update pam related configure files
>>>
>>> Wenzong Fan (2):
>>> cronie: enable PAM support for cronie
>>> at: enable pam support
>>>
>>> Xiaofeng Yan (3):
>>> dropbear: Support PAM
>>> openssh: Support PAM
>>> polkit: Support PAM
>>>
>>> .../openssh/openssh-5.8p2/sshd | 10 +
>>> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
>>> meta/recipes-core/dropbear/dropbear.inc | 6 +-
>>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
>>> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
>>> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
>>> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
>>> .../cronie/cronie/crond_pam_config.patch | 13 ++
>>> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
>>> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
>>> .../pam/libpam/libpam-xtests.patch | 35 ++++
>>> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
>>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
>>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
>>> .../screen/screen-4.0.3/screen.pamd | 2 +
>>> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
>>> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
>>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
>>> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
>>> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
>>> 20 files changed, 389 insertions(+), 28 deletions(-)
>>> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>>> create mode 100644
>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>> create mode 100644
>>> meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>>> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>>> create mode 100644
>>> meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>>> create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>>> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}
>>> (85%)
>>> create mode 100644
>>> meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>> create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>>> create mode 100644
>>> meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>>> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>>>
>
>
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 00/10] works of adding packages pam support
2011-07-22 3:10 ` Saul Wold
@ 2011-07-22 3:14 ` Kang Kai
0 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-22 3:14 UTC (permalink / raw)
To: Saul Wold; +Cc: oe-core
On 2011年07月22日 11:10, Saul Wold wrote:
> On 07/21/2011 07:18 PM, Kang Kai wrote:
>> On 2011年07月22日 01:02, Saul Wold wrote:
>>> On 07/21/2011 01:00 AM, Kang Kai wrote:
>>>> From: Kang Kai<kai.kang@windriver.com>
>>>>
>>>> Hi Scott,
>>>>
>>>> This is the current work of adding pam supports.
>>>>
>>>> After update libpam to 1.1.4, we enable the packages pam support. And
>>>> if the pacakge
>>>> doesn't have a pam configure file, import from Fedora.
>>>>
>>> Kai,
>>>
>>> Thanks for this work, you have already gotten some feedback, I have a
>>> few general comments to add that are across many of these patches, so
>>> I will note them here.
>>>
>>> Whitespace: you seem to be using tabs instead of spaces, please check
>>> that you have spaces and your items are lined up. Yocto uses 4 spaces
>>> for python and bb recipes and tabs for shell scripts and shell
>>> functions in bb recipes.
>>>
>>> As has already been noted in a couple of places, ensure that you only
>>> install things pam specific when the pam DISTRO_FEATURE is enabled,
>>> there are multiple places that need this (not just the ones already
>>> noted).
>>>
>>> Worth noting here also make sure you check all your PR bumps are
>>> correct.
>>>
>>
>> Hi Saul,
>>
>> We will check the commits and send them again. Thanks for you comments.
>>
>>> Commit messages and comments for things to oe-core should talk about
>>> oe-core not yocto or poky as this upsets people ;-)
>>
>> I am a little confused about this. Do you mean the commits about
>> packages under directory meta/ should use word "oe-core" rather than
>> Yocto? Would you like to tell me that how do you merge the commits,
>> merge the commits to the oe-core master first and then merge the oe-core
>> master to Yocto master or some branch?
>>
> Yocto uses oe-core, so it's merged to oe-core and the the Yocto pulls
> from oe-core. For 1.2, we will have layering scripts that do some of
> this.
Thanks, I got it.
>
>> At the same time, tests we did are based on core-image-sato/lsb. Should
>> we test them again base on the image create by oe-core?
>>
> No need. your testing agains core-image-sato / lsb is fine.
>
> Sau!
>
>>>
>>> I am going to hold of on taking this series until you fix it up.
>>>
>>> Sau!
>>>
>>
>> Regards,
>> Kai
>>
>>>
>>>
>>>> The following changes since commit
>>>> fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>>
>>>> bb-matrix: correct BB and PM number canonicalization (2011-07-14
>>>> 22:23:09 +0100)
>>>>
>>>> are available in the git repository at:
>>>> git://git.pokylinux.org/poky-contrib kangkai/distro
>>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>>>>
>>>>
>>>>
>>>> Kang Kai (5):
>>>> libpam: update to 1.1.4 and add subpackage xtests
>>>> cups: add pam support
>>>> screen: add pam support
>>>> sudo: add pam support
>>>> shadow: update pam related configure files
>>>>
>>>> Wenzong Fan (2):
>>>> cronie: enable PAM support for cronie
>>>> at: enable pam support
>>>>
>>>> Xiaofeng Yan (3):
>>>> dropbear: Support PAM
>>>> openssh: Support PAM
>>>> polkit: Support PAM
>>>>
>>>> .../openssh/openssh-5.8p2/sshd | 10 +
>>>> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
>>>> meta/recipes-core/dropbear/dropbear.inc | 6 +-
>>>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
>>>> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
>>>> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
>>>> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
>>>> .../cronie/cronie/crond_pam_config.patch | 13 ++
>>>> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
>>>> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
>>>> .../pam/libpam/libpam-xtests.patch | 35 ++++
>>>> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
>>>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
>>>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
>>>> .../screen/screen-4.0.3/screen.pamd | 2 +
>>>> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
>>>> .../shadow/files/shadow-update-pam-conf.patch | 175
>>>> ++++++++++++++++++++
>>>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
>>>> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
>>>> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
>>>> 20 files changed, 389 insertions(+), 28 deletions(-)
>>>> create mode 100644
>>>> meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>>>> create mode 100644
>>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>> create mode 100644
>>>> meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>>>> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>>>> create mode 100644
>>>> meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>>>> create mode 100644
>>>> meta/recipes-extended/pam/libpam/libpam-xtests.patch
>>>> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}
>>>> (85%)
>>>> create mode 100644
>>>> meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>> create mode 100644
>>>> meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>>>> create mode 100644
>>>> meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>>>> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>>>>
>>
>>
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 09/10] shadow: update pam related configure files
2011-07-21 8:58 ` Koen Kooi
@ 2011-07-22 3:16 ` Kang Kai
0 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-22 3:16 UTC (permalink / raw)
To: openembedded-core
On 2011年07月21日 16:58, Koen Kooi wrote:
> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>
>> From: Kang Kai<kai.kang@windriver.com>
>>
>> add shadow-update-pam-conf.patch to update the pam related configure files
>> in Yocto way rather than Fedora.
> I'm not entirely sure, but do the updated conf files need something like http://cgit.openembedded.org/cgit.cgi/openembedded-core/commit/?id=b90e9c2318fc421f37c57788ece54ce791a90b62 as well?
ok, I'll check the commits for module selinux
>
>
>> Signed-off-by: Kang Kai<kai.kang@windriver.com>
>> ---
>> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
>> 2 files changed, 178 insertions(+), 2 deletions(-)
>> create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>>
>> diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>> new file mode 100644
>> index 0000000..33789f5
>> --- /dev/null
>> +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>> @@ -0,0 +1,175 @@
>> +The system-auth in the configure files is from Fedora which put all the 4 pam type rules
>> +in one file.
>> +In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
>> +common-password and common-session.
>> +So update them in Yocto way.
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Kang Kai<kai.kang@windriver.com>
>> +
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chfn shadow-4.1.4.3/etc/pam.d/chfn
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chfn 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chfn 2011-07-20 19:03:17.804844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chpasswd shadow-4.1.4.3/etc/pam.d/chpasswd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chpasswd 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chpasswd 2011-07-20 19:03:42.724844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chsh shadow-4.1.4.3/etc/pam.d/chsh
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chsh 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chsh 2011-07-20 19:03:51.524844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/login shadow-4.1.4.3/etc/pam.d/login
>> +--- shadow-4.1.4.3/etc/pam.d.orig/login 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/login 2011-07-20 19:05:36.924844958 +0800
>> +@@ -1,11 +1,11 @@
>> + #%PAM-1.0
>> + auth required pam_securetty.so
>> +-auth include system-auth
>> ++auth include common-auth
>> + account required pam_nologin.so
>> +-account include system-auth
>> +-password include system-auth
>> ++account include common-account
>> ++password include common-password
>> + session required pam_selinux.so close
>> +-session include system-auth
>> ++session include common-session
>> + session required pam_loginuid.so
>> + session optional pam_console.so
>> + session required pam_selinux.so open
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/newusers shadow-4.1.4.3/etc/pam.d/newusers
>> +--- shadow-4.1.4.3/etc/pam.d.orig/newusers 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/newusers 2011-07-20 19:05:49.344844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/passwd shadow-4.1.4.3/etc/pam.d/passwd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/passwd 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/passwd 2011-07-20 19:06:29.014844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> +-auth include system-auth
>> +-account include system-auth
>> +-password include system-auth
>> ++auth include common-auth
>> ++account include common-account
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/su shadow-4.1.4.3/etc/pam.d/su
>> +--- shadow-4.1.4.3/etc/pam.d.orig/su 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/su 2011-07-20 19:07:07.584844958 +0800
>> +@@ -4,10 +4,10 @@
>> + #auth sufficient pam_wheel.so trust use_uid
>> + # Uncomment the following line to require a user to be in the "wheel" group.
>> + auth required pam_wheel.so use_uid
>> +-auth include system-auth
>> +-account include system-auth
>> +-password include system-auth
>> ++auth include common-auth
>> ++account include common-account
>> ++password include common-password
>> + session required pam_selinux.so close
>> +-session include system-auth
>> ++session include common-session
>> + session required pam_selinux.so open multiple
>> + session optional pam_xauth.so
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel
>> +--- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod
>> +--- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth sufficient pam_rootok.so
>> + account required pam_permit.so
>> +-password include system-auth
>> ++password include common-password
>> diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
>> index 5731a26..0e6ba871 100644
>> --- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
>> +++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
>> @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
>>
>> DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>> RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
>> -PR = "r2"
>> +PR = "r3"
>>
>> SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
>> file://login_defs_pam.sed \
>> @@ -19,7 +19,8 @@ SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz
>> file://shadow-4.1.3-dots-in-usernames.patch \
>> file://shadow-4.1.4.2-env-reset-keep-locale.patch \
>> file://shadow-4.1.4.2-groupmod-pam-check.patch \
>> - file://shadow-4.1.4.2-su_no_sanitize_env.patch"
>> + file://shadow-4.1.4.2-su_no_sanitize_env.patch \
>> + file://shadow-update-pam-conf.patch"
>>
>> SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
>> SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
>> --
>> 1.7.5.1.300.gc565c
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [PATCH 04/10] polkit: Support PAM
2011-07-21 9:59 ` Koen Kooi
@ 2011-07-22 3:21 ` Kang Kai
0 siblings, 0 replies; 34+ messages in thread
From: Kang Kai @ 2011-07-22 3:21 UTC (permalink / raw)
To: openembedded-core
On 2011年07月21日 17:59, Koen Kooi wrote:
> Op 21 jul. 2011, om 11:49 heeft Kang Kai het volgende geschreven:
>
>> On 2011年07月21日 16:59, Koen Kooi wrote:
>>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>>
>>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>
>>>> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
>>>>
>>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>> ---
>>>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 ++++++++++++++++++++
>>>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +++-
>>>> 2 files changed, 27 insertions(+), 2 deletions(-)
>>>> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>>
>>>> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>> new file mode 100644
>>>> index 0000000..fa145ac
>>>> --- /dev/null
>>>> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>> @@ -0,0 +1,23 @@
>>>> +polkit: No system-auth in poky, we can use common-* in place of it.
>>> Poky or oe-core? And can we provide system-auth instead of patching the world?
>> system-auth is the Fedora common pam configure file and auto generated by command authconfig. It contains all 4 types(auth, account, password and session) default config. But in Yocto
> Hmm, poky, oe-core or yocto? Which is it :)
Sorry, I will care that :)
>
>> we follow Debian/Ubuntu with separated files for default config: common-auth, common-account etc.
>> So that we didn't import the system-auth file .
>>
>>>
>>>> +
>>>> +Upstream-Status:Inappropriate [configuration]
>>>> +
>>>> +Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>> +
>>>> +--- a/configure.ac 2011-03-04 02:26:20.000000000 +0800
>>>> ++++ b/configure.ac.new 2011-07-18 10:14:12.516818852 +0800
>>>> +@@ -350,10 +350,10 @@
>>>> + PAM_FILE_INCLUDE_PASSWORD=system
>>>> + PAM_FILE_INCLUDE_SESSION=system
>>>> + else
>>>> +- PAM_FILE_INCLUDE_AUTH=system-auth
>>>> +- PAM_FILE_INCLUDE_ACCOUNT=system-auth
>>>> +- PAM_FILE_INCLUDE_PASSWORD=system-auth
>>>> +- PAM_FILE_INCLUDE_SESSION=system-auth
>>>> ++ PAM_FILE_INCLUDE_AUTH=common-auth
>>>> ++ PAM_FILE_INCLUDE_ACCOUNT=common-account
>>>> ++ PAM_FILE_INCLUDE_PASSWORD=common-password
>>>> ++ PAM_FILE_INCLUDE_SESSION=common-session
>>>> + fi
>>>> +
>>>> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
>>>> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
>>>> index 6769914..da1d581 100644
>>>> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
>>>> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
>>>> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
>>>> file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
>>>>
>>>> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
>>>> - file://introspection.patch"
>>>> -PR = "r0"
>>>> + file://introspection.patch \
>>>> + file://polkit-1_pam.patch"
>>>> +
>>>> +PR = "r1"
>>>> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
>>>> RDEPENDS_${PN} = "libpam"
>>>> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
>>>> --
>>>> 1.7.5.1.300.gc565c
>>>>
>>>>
>>>> _______________________________________________
>>>> Openembedded-core mailing list
>>>> Openembedded-core@lists.openembedded.org
>>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2011-07-22 3:25 UTC | newest]
Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-21 8:00 [PATCH 00/10] works of adding packages pam support Kang Kai
2011-07-21 8:00 ` [PATCH 01/10] libpam: update to 1.1.4 and add subpackage xtests Kang Kai
2011-07-21 8:00 ` [PATCH 02/10] dropbear: Support PAM Kang Kai
2011-07-21 8:54 ` Koen Kooi
2011-07-21 19:10 ` Khem Raj
2011-07-22 2:41 ` Kang Kai
2011-07-22 2:49 ` Khem Raj
2011-07-22 2:56 ` Kang Kai
2011-07-21 8:00 ` [PATCH 03/10] openssh: " Kang Kai
2011-07-21 8:55 ` Koen Kooi
2011-07-21 9:05 ` Phil Blundell
2011-07-21 8:00 ` [PATCH 04/10] polkit: " Kang Kai
2011-07-21 8:59 ` Koen Kooi
2011-07-21 9:49 ` Kang Kai
2011-07-21 9:59 ` Koen Kooi
2011-07-22 3:21 ` Kang Kai
2011-07-21 8:00 ` [PATCH 05/10] cups: add pam support Kang Kai
2011-07-21 8:00 ` [PATCH 06/10] screen: " Kang Kai
2011-07-21 8:00 ` [PATCH 07/10] sudo: " Kang Kai
2011-07-21 9:06 ` Phil Blundell
2011-07-21 9:42 ` Kang Kai
2011-07-21 8:00 ` [PATCH 08/10] cronie: enable PAM support for cronie Kang Kai
2011-07-21 8:00 ` [PATCH 09/10] shadow: update pam related configure files Kang Kai
2011-07-21 8:58 ` Koen Kooi
2011-07-22 3:16 ` Kang Kai
2011-07-21 8:00 ` [PATCH 10/10] at: enable pam support Kang Kai
2011-07-21 8:05 ` [PATCH 00/10] works of adding packages " Kang Kai
2011-07-21 8:53 ` Koen Kooi
2011-07-21 9:41 ` Kang Kai
2011-07-21 9:58 ` Koen Kooi
2011-07-21 17:02 ` Saul Wold
2011-07-22 2:18 ` Kang Kai
2011-07-22 3:10 ` Saul Wold
2011-07-22 3:14 ` Kang Kai
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.