[PATCH 00/10] works of adding packages pam support

[PATCH 00/10] works of adding packages pam support

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

Hi Scott,

This is the current work of adding pam supports. 

After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
doesn't have a pam configure file, import from Fedora.

The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:

  bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib kangkai/distro
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits

Kang Kai (5):
  libpam: update to 1.1.4 and add subpackage xtests
  cups: add pam support
  screen: add pam support
  sudo: add pam support
  shadow: update pam related configure files

Wenzong Fan (2):
  cronie: enable PAM support for cronie
  at: enable pam support

Xiaofeng Yan (3):
  dropbear: Support PAM
  openssh: Support PAM
  polkit: Support PAM

 .../openssh/openssh-5.8p2/sshd                     |   10 +
 meta/recipes-connectivity/openssh/openssh_5.8p2.bb |    7 +-
 meta/recipes-core/dropbear/dropbear.inc            |    6 +-
 .../dropbear/dropbear/dropbear-enable-pam.patch    |   21 +++
 .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 +++
 meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   16 ++
 meta/recipes-extended/at/at_3.1.12.bb              |   13 +-
 .../cronie/cronie/crond_pam_config.patch           |   13 ++
 meta/recipes-extended/cronie/cronie_1.4.7.bb       |    9 +-
 meta/recipes-extended/cups/cups_1.4.6.bb           |    8 +-
 .../pam/libpam/libpam-xtests.patch                 |   35 ++++
 .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}       |   14 +-
 .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 +++
 meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +-
 .../screen/screen-4.0.3/screen.pamd                |    2 +
 meta/recipes-extended/screen/screen_4.0.3.bb       |   14 +-
 .../shadow/files/shadow-update-pam-conf.patch      |  175 ++++++++++++++++++++
 meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
 meta/recipes-extended/sudo/files/sudo.pamd         |    6 +
 meta/recipes-extended/sudo/sudo_1.8.1p2.bb         |   11 +-
 20 files changed, 389 insertions(+), 28 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
 create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
 create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
 create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
 create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
 create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
 rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)
 create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
 create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
 create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
 create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd

-- 
1.7.5.1.300.gc565c

[PATCH 01/10] libpam: update to 1.1.4 and add subpackage xtests

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

Update libpam to 1.1.4, and add dependecy cracklib because run xtexts will
need pam-plugin-cracklib.
There are some additional checks under subdirectory xtests and make it
as a subpackage libpam-xtests.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../pam/libpam/libpam-xtests.patch                 |   35 ++++++++++++++++++++
 .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}       |   14 +++++---
 2 files changed, 44 insertions(+), 5 deletions(-)
 create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
 rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} (85%)

diff --git a/meta/recipes-extended/pam/libpam/libpam-xtests.patch b/meta/recipes-extended/pam/libpam/libpam-xtests.patch
new file mode 100644
index 0000000..be68745
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/libpam-xtests.patch
@@ -0,0 +1,35 @@
+This patch is used to create a new sub package libpam-xtests to do more checks.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+--- Linux-PAM-1.1.4/xtests/Makefile.am.orig	2011-07-19 17:00:09.619980001 +0800
++++ Linux-PAM-1.1.4/xtests/Makefile.am	2011-07-19 16:54:00.229979998 +0800
+@@ -7,7 +7,7 @@
+ AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \
+ 	-L$(top_builddir)/libpam_misc -lpam_misc
+ 
+-CLEANFILES = *~ $(XTESTS)
++CLEANFILES = *~
+ 
+ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ 	tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+@@ -51,3 +51,18 @@
+ 
+ xtests: $(XTESTS) run-xtests.sh
+ 	"$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
++
++all: $(XTESTS)
++
++install: install_xtests
++
++install_xtests:
++	$(INSTALL) -d $(DESTDIR)$(pkgdatadir)/xtests
++	for file in $(EXTRA_DIST) ; do \
++		$(INSTALL) $$file $(DESTDIR)$(pkgdatadir)/xtests ; \
++	done
++	for file in $(XTESTS); do \
++		$(INSTALL) .libs/$$file $(DESTDIR)$(pkgdatadir)/xtests ; \
++	done
++
++.PHONY: all install_xtests
diff --git a/meta/recipes-extended/pam/libpam_1.1.3.bb b/meta/recipes-extended/pam/libpam_1.1.4.bb
similarity index 85%
rename from meta/recipes-extended/pam/libpam_1.1.3.bb
rename to meta/recipes-extended/pam/libpam_1.1.4.bb
index b62e2f2..f2379e4 100644
--- a/meta/recipes-extended/pam/libpam_1.1.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.1.4.bb
@@ -11,18 +11,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ca0395de9a86191a078b8b79302e3083"
 
 PR = "r0"
 
-DEPENDS = "bison flex"
+DEPENDS = "bison flex cracklib"
 RDEPENDS_${PN}-runtime = "libpam pam-plugin-deny pam-plugin-permit pam-plugin-warn pam-plugin-unix"
+RDEPENDS_${PN}-xtests = "libpam pam-plugin-access pam-plugin-debug pam-plugin-cracklib pam-plugin-pwhistory \
+						pam-plugin-succeed-if pam-plugin-time coreutils"
 RRECOMMENDS_${PN} = "libpam-runtime"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \
            file://99_pam \
-           file://pam.d/*"
+           file://pam.d/* \
+		   file://libpam-xtests.patch"
 
 SRC_URI_append_libc-uclibc = " file://pam-no-innetgr.patch"
 
-SRC_URI[md5sum] = "6db7fcb5db6253350e3a4648ceac40e7"
-SRC_URI[sha256sum] = "17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652"
+SRC_URI[md5sum] = "e9af5fb27bb22edb55d077e2888b3ebc"
+SRC_URI[sha256sum] = "ccd89331914390b1e9e99c954471d65f19b660d81e15a46eeb96cee125d44056"
 
 EXTRA_OECONF = "--with-db-uniquename=_pam \
                 --includedir=${includedir}/security \
@@ -34,12 +37,13 @@ S = "${WORKDIR}/Linux-PAM-${PV}"
 
 inherit autotools gettext
 
-PACKAGES += "${PN}-runtime"
+PACKAGES += "${PN}-runtime ${PN}-xtests"
 FILES_${PN} = "${base_libdir}/lib*${SOLIBS}"
 FILES_${PN}-dbg += "${base_libdir}/security/.debug \
                     ${base_libdir}/security/pam_filter/.debug"
 FILES_${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
 FILES_${PN}-runtime = "${sysconfdir}"
+FILES_${PN}-xtests = "${datadir}/Linux-PAM/xtests"
 
 PACKAGES_DYNAMIC += " pam-plugin-*"
 
-- 
1.7.5.1.300.gc565c

[PATCH 02/10] dropbear: Support PAM

[Kang Kai]

From: Xiaofeng Yan <xiaofeng.yan@windriver.com>

I make a patch and some changes in dropbear.inc for supporting pam.
- Enable pam in configure
- Modify file option.h to open pam supporting

Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
 meta/recipes-core/dropbear/dropbear.inc            |    6 ++++-
 .../dropbear/dropbear/dropbear-enable-pam.patch    |   21 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletions(-)
 create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch

diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 1b51e1a..48cefb6 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
 
 DEPENDS = "zlib"
 RPROVIDES = "ssh sshd"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
 	         file://urandom-xauth-changes-to-options.h.patch \
 	         file://configure.patch \
 	         file://fix-2kb-keys.patch \
 	         file://allow-nopw.patch;apply=no \
-	         file://init"
+	         file://init \
+		 file://dropbear-enable-pam.patch "
 
 inherit autotools update-rc.d
 
@@ -28,6 +30,8 @@ LD = "${CC}"
 SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
 BINCOMMANDS = "dbclient ssh scp"
 EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+EXTRA_OECONF += "\
+	${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
 
 DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
 
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
new file mode 100644
index 0000000..b941db5
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
@@ -0,0 +1,21 @@
+dropbear: We need modify file option.h besides enabling pam in \
+configure if we want dropbear to support pam.
+
+Upstream-Status: Pending
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+
+--- a/options.h	2011-07-12 13:27:39.008819183 +0800
++++ b/options.h.new	2011-07-12 13:37:37.780819308 +0800
+@@ -149,9 +149,9 @@
+  * but there's an interface via a PAM module - don't bother using it otherwise.
+  * You can't enable both PASSWORD and PAM. */
+ 
+-#define ENABLE_SVR_PASSWORD_AUTH
++//#define ENABLE_SVR_PASSWORD_AUTH
+ /* PAM requires ./configure --enable-pam */
+-/*#define ENABLE_SVR_PAM_AUTH*/
++#define ENABLE_SVR_PAM_AUTH
+ #define ENABLE_SVR_PUBKEY_AUTH
+ 
+ /* Wether to ake public key options in authorized_keys file into account */
-- 
1.7.5.1.300.gc565c

[PATCH 03/10] openssh: Support PAM

[Kang Kai]

From: Xiaofeng Yan <xiaofeng.yan@windriver.com>

Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.

Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
 .../openssh/openssh-5.8p2/sshd                     |   10 ++++++++++
 meta/recipes-connectivity/openssh/openssh_5.8p2.bb |    7 +++++--
 2 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd

diff --git a/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
new file mode 100644
index 0000000..4882e58
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
@@ -0,0 +1,10 @@
+#%PAM-1.0
+
+auth       include      common-auth
+account    required     pam_nologin.so
+account    include      common-account
+password   include      common-password
+session    optional     pam_keyinit.so force revoke
+session    include      common-session
+session    required     pam_loginuid.so
+
diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
index e23069c..e0da936 100644
--- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=bae9a689be41581503bcf95d8fb42c4e"
 
-PR = "r0"
+PR = "r1"
 
 DEPENDS = "zlib openssl"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://sshd_config \
            file://ssh_config \
            file://init \
+           file://sshd \
           "
 SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
 SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
@@ -59,7 +60,9 @@ do_compile_append () {
 
 do_install_append () {
 	install -d ${D}${sysconfdir}/init.d
+	install -d ${D}${sysconfdir}/pam.d
 	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+	install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
 	mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
 	mv ${D}${bindir}/ssh ${D}${bindir}/ssh.${PN}
 	rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
@@ -71,7 +74,7 @@ ALLOW_EMPTY_${PN} = "1"
 PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
 FILES_${PN}-scp = "${bindir}/scp.${PN}"
 FILES_${PN}-ssh = "${bindir}/ssh.${PN} ${sysconfdir}/ssh/ssh_config"
-FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
+FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${sysconfdir}/pam.d/sshd"
 FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config"
 FILES_${PN}-sftp = "${bindir}/sftp"
 FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
-- 
1.7.5.1.300.gc565c

[PATCH 04/10] polkit: Support PAM

[Kang Kai]

From: Xiaofeng Yan <xiaofeng.yan@windriver.com>

Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.

Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
 .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++++++++++++++++
 meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +++-
 2 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch

diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
new file mode 100644
index 0000000..fa145ac
--- /dev/null
+++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
@@ -0,0 +1,23 @@
+polkit: No system-auth in poky, we can use common-* in place of it.
+
+Upstream-Status:Inappropriate [configuration]
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+
+--- a/configure.ac	2011-03-04 02:26:20.000000000 +0800
++++ b/configure.ac.new	2011-07-18 10:14:12.516818852 +0800
+@@ -350,10 +350,10 @@
+     PAM_FILE_INCLUDE_PASSWORD=system
+     PAM_FILE_INCLUDE_SESSION=system
+ else
+-   PAM_FILE_INCLUDE_AUTH=system-auth
+-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
+-   PAM_FILE_INCLUDE_PASSWORD=system-auth
+-   PAM_FILE_INCLUDE_SESSION=system-auth
++   PAM_FILE_INCLUDE_AUTH=common-auth
++   PAM_FILE_INCLUDE_ACCOUNT=common-account
++   PAM_FILE_INCLUDE_PASSWORD=common-password
++   PAM_FILE_INCLUDE_SESSION=common-session
+ fi
+ 
+ AC_SUBST(PAM_FILE_INCLUDE_AUTH)
diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
index 6769914..da1d581 100644
--- a/meta/recipes-extended/polkit/polkit_0.101.bb
+++ b/meta/recipes-extended/polkit/polkit_0.101.bb
@@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
                     file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
 
 SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
-           file://introspection.patch"
-PR = "r0"
+           file://introspection.patch \
+           file://polkit-1_pam.patch"
+
+PR = "r1"
 DEPENDS = "libpam expat dbus-glib eggdbus intltool"
 RDEPENDS_${PN} = "libpam"
 EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
-- 
1.7.5.1.300.gc565c

[PATCH 05/10] cups: add pam support

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

According to distro_feature then add pam support for cups or not.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 meta/recipes-extended/cups/cups_1.4.6.bb |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-extended/cups/cups_1.4.6.bb b/meta/recipes-extended/cups/cups_1.4.6.bb
index 86b5340..fd20dcc 100644
--- a/meta/recipes-extended/cups/cups_1.4.6.bb
+++ b/meta/recipes-extended/cups/cups_1.4.6.bb
@@ -1,7 +1,8 @@
 require cups14.inc
 
-PR = "r0"
-DEPENDS += "libusb"
+PR = "r1"
+DEPENDS += "libusb \
+       ${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=956e7600195e6139f12de8c2a5bbefa9"
 SRC_URI += " \
@@ -12,6 +13,7 @@ SRC_URI += " \
 SRC_URI[md5sum] = "de8fb5a29c36554925c0c6a6e2c0dae1"
 SRC_URI[sha256sum] = "f08711702a77b52c7150f96fe1f45482f6151cb95ef601268c528607fe6ad514"
 
-EXTRA_OECONF += " --disable-gssapi --enable-debug --disable-relro --enable-libusb"
+EXTRA_OECONF += " --disable-gssapi --enable-debug --disable-relro --enable-libusb \
+       ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
 
 CONFFILES_${PN} += "${sysconfdir}/cups/cupsd.conf"
-- 
1.7.5.1.300.gc565c

[PATCH 06/10] screen: add pam support

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

According to DISTRO_FEATURES then add screen pam support or not.
Press "Ctrl+a x" will lock the screen terminal, then unlock it will
use pam.
Add pam related configure file sceen.pamd from Fedora.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../screen/screen-4.0.3/screen.pamd                |    2 ++
 meta/recipes-extended/screen/screen_4.0.3.bb       |   14 ++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd

diff --git a/meta/recipes-extended/screen/screen-4.0.3/screen.pamd b/meta/recipes-extended/screen/screen-4.0.3/screen.pamd
new file mode 100644
index 0000000..ff657fa
--- /dev/null
+++ b/meta/recipes-extended/screen/screen-4.0.3/screen.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth       include      common-auth
diff --git a/meta/recipes-extended/screen/screen_4.0.3.bb b/meta/recipes-extended/screen/screen_4.0.3.bb
index dac2893..c5bdf78 100644
--- a/meta/recipes-extended/screen/screen_4.0.3.bb
+++ b/meta/recipes-extended/screen/screen_4.0.3.bb
@@ -10,12 +10,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=0774d66808b0f602e94448108f59448b \
                     file://screen.h;endline=23;md5=9a7ae69a2aafed891bf7c38ddf9f6b7d"
 
 SECTION = "console/utils"
-DEPENDS = "ncurses"
-PR = "r0"
+DEPENDS = "ncurses \
+		${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PR = "r1"
 
 SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz;name=tarball \
            ${DEBIAN_MIRROR}/main/s/screen/screen_4.0.3-11+lenny1.diff.gz;name=patch \
-           file://configure.patch"
+           file://configure.patch \
+		   file://screen.pamd"
 
 SRC_URI[tarball.md5sum] = "8506fd205028a96c741e4037de6e3c42"
 SRC_URI[tarball.sha256sum] = "78f0d5b1496084a5902586304d4a73954b2bfe33ea13edceecf21615c39e6c77"
@@ -25,5 +27,9 @@ SRC_URI[patch.sha256sum] = "19130d097e9ed897c84a2c640634dd36ee3233c17b0bf5d18549
 
 inherit autotools
 
-EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5"
+EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5 \
+                       ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
 
+do_install_append () {
+	install -D -m 644 ${WORKDIR}/screen.pamd ${D}/${sysconfdir}/pam.d/screen
+}
-- 
1.7.5.1.300.gc565c

[PATCH 07/10] sudo: add pam support

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

According to DISTRO_FEATURES to add pam support for sudo, and import
configure file from Fedora.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 meta/recipes-extended/sudo/files/sudo.pamd |    6 ++++++
 meta/recipes-extended/sudo/sudo_1.8.1p2.bb |   11 ++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd

diff --git a/meta/recipes-extended/sudo/files/sudo.pamd b/meta/recipes-extended/sudo/files/sudo.pamd
new file mode 100644
index 0000000..5bc26e7
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/sudo.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       include      common-auth
+account    include      common-account
+password   include      common-password
+session    required     pam_keyinit.so revoke
+session    required     pam_limits.so
diff --git a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
index 7eba307..529a44b 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.1p2.bb
@@ -1,11 +1,16 @@
 require sudo.inc
 
-PR = "r0"
+PR = "r1"
 
 SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
-           file://libtool.patch"
+           file://libtool.patch \
+           file://sudo.pamd"
 
 SRC_URI[md5sum] = "e8330f0e63b0ecb2e12b5c76922818cc"
 SRC_URI[sha256sum] = "281f90c80547cf22132e351e7f61c25ba4ba9cf393438468f318f9a7884026fb"
 
-EXTRA_OECONF += " --with-pam=no"
+EXTRA_OECONF += " ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)}"
+
+do_install_append () {
+	install -D -m 664 ${WORKDIR}/sudo.pamd ${D}/${sysconfdir}/pam.d/sudo
+}
-- 
1.7.5.1.300.gc565c

[PATCH 08/10] cronie: enable PAM support for cronie

[Kang Kai]

From: Wenzong Fan <wenzong.fan@windriver.com>

Enable PAM support for cronie and update its pam config file 'crond'.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../cronie/cronie/crond_pam_config.patch           |   13 +++++++++++++
 meta/recipes-extended/cronie/cronie_1.4.7.bb       |    9 +++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch

diff --git a/meta/recipes-extended/cronie/cronie/crond_pam_config.patch b/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
new file mode 100644
index 0000000..01884ce
--- /dev/null
+++ b/meta/recipes-extended/cronie/cronie/crond_pam_config.patch
@@ -0,0 +1,13 @@
+--- cronie-1.4.7/pam/crond.orig	2010-12-16 16:59:02.000000000 +0800
++++ cronie-1.4.7/pam/crond	2011-07-20 09:47:16.080819203 +0800
+@@ -4,7 +4,7 @@
+ #
+ # No PAM authentication called, auth modules not needed
+ account    required   pam_access.so
+-account    include    password-auth
++account    include    common-account
+ session    required   pam_loginuid.so
+-session    include    password-auth
+-auth       include    password-auth
++session    include    common-session-noninteractive
++auth       include    common-auth
diff --git a/meta/recipes-extended/cronie/cronie_1.4.7.bb b/meta/recipes-extended/cronie/cronie_1.4.7.bb
index 992b610..5107b8a 100644
--- a/meta/recipes-extended/cronie/cronie_1.4.7.bb
+++ b/meta/recipes-extended/cronie/cronie_1.4.7.bb
@@ -14,17 +14,22 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=963ea0772a2adbdcd607a9b2ec320c11 \
 
 SECTION = "utils"
 
-PR = "r2"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+PR = "r3"
 
 SRC_URI = "https://fedorahosted.org/releases/c/r/cronie/cronie-${PV}.tar.gz \
            file://crond.init \
-           file://crontab"
+           file://crontab \
+           file://crond_pam_config.patch"
 
 SRC_URI[md5sum] = "dfc26c47756d0c40ee27ae3c7ee98e0d"
 SRC_URI[sha256sum] = "83bae15ae5504454ba74f4142f5db3aa22be594327fea19d2534f65803137fbd"
 
 inherit autotools update-rc.d
 
+EXTRA_OECONF += "\
+				${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)}"
+
 INITSCRIPT_NAME = "crond"
 INITSCRIPT_PARAMS = "start 90 2 3 4 5 . stop 60 0 1 6 ."
 
-- 
1.7.5.1.300.gc565c

[PATCH 09/10] shadow: update pam related configure files

[Kang Kai]

From: Kang Kai <kai.kang@windriver.com>

add shadow-update-pam-conf.patch to update the pam related configure files
in Yocto way rather than Fedora.

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../shadow/files/shadow-update-pam-conf.patch      |  175 ++++++++++++++++++++
 meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
 2 files changed, 178 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch

diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
new file mode 100644
index 0000000..33789f5
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
@@ -0,0 +1,175 @@
+The system-auth in the configure files is from Fedora which put all the 4 pam type rules
+in one file. 
+In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
+common-password and common-session.
+So update them in Yocto way.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage
+--- shadow-4.1.4.3/etc/pam.d.orig/chage	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chage	2011-07-20 19:03:08.964844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chfn shadow-4.1.4.3/etc/pam.d/chfn
+--- shadow-4.1.4.3/etc/pam.d.orig/chfn	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chfn	2011-07-20 19:03:17.804844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd
+--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chgpasswd	2011-07-20 19:03:26.544844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chpasswd shadow-4.1.4.3/etc/pam.d/chpasswd
+--- shadow-4.1.4.3/etc/pam.d.orig/chpasswd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chpasswd	2011-07-20 19:03:42.724844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chsh shadow-4.1.4.3/etc/pam.d/chsh
+--- shadow-4.1.4.3/etc/pam.d.orig/chsh	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/chsh	2011-07-20 19:03:51.524844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd
+--- shadow-4.1.4.3/etc/pam.d.orig/groupadd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupadd	2011-07-20 19:04:08.124844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel
+--- shadow-4.1.4.3/etc/pam.d.orig/groupdel	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupdel	2011-07-20 19:04:26.114844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems
+--- shadow-4.1.4.3/etc/pam.d.orig/groupmems	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupmems	2011-07-20 19:04:35.074844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod
+--- shadow-4.1.4.3/etc/pam.d.orig/groupmod	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/groupmod	2011-07-20 19:04:44.864844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/login shadow-4.1.4.3/etc/pam.d/login
+--- shadow-4.1.4.3/etc/pam.d.orig/login	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/login	2011-07-20 19:05:36.924844958 +0800
+@@ -1,11 +1,11 @@
+ #%PAM-1.0
+ auth		required	pam_securetty.so
+-auth		include		system-auth
++auth		include		common-auth
+ account		required	pam_nologin.so
+-account		include		system-auth
+-password	include		system-auth
++account		include		common-account
++password	include		common-password
+ session		required	pam_selinux.so close
+-session		include		system-auth
++session		include		common-session
+ session		required	pam_loginuid.so
+ session		optional	pam_console.so
+ session		required	pam_selinux.so open
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/newusers shadow-4.1.4.3/etc/pam.d/newusers
+--- shadow-4.1.4.3/etc/pam.d.orig/newusers	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/newusers	2011-07-20 19:05:49.344844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/passwd shadow-4.1.4.3/etc/pam.d/passwd
+--- shadow-4.1.4.3/etc/pam.d.orig/passwd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/passwd	2011-07-20 19:06:29.014844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+-auth		include		system-auth
+-account		include		system-auth
+-password	include		system-auth
++auth		include		common-auth
++account		include		common-account
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/su shadow-4.1.4.3/etc/pam.d/su
+--- shadow-4.1.4.3/etc/pam.d.orig/su	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/su	2011-07-20 19:07:07.584844958 +0800
+@@ -4,10 +4,10 @@
+ #auth		sufficient	pam_wheel.so trust use_uid
+ # Uncomment the following line to require a user to be in the "wheel" group.
+ auth		required	pam_wheel.so use_uid
+-auth		include		system-auth
+-account		include		system-auth
+-password	include		system-auth
++auth		include		common-auth
++account		include		common-account
++password	include		common-password
+ session		required	pam_selinux.so close
+-session		include		system-auth
++session		include		common-session
+ session		required	pam_selinux.so open multiple
+ session		optional	pam_xauth.so
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd
+--- shadow-4.1.4.3/etc/pam.d.orig/useradd	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/useradd	2011-07-20 19:07:26.244844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel
+--- shadow-4.1.4.3/etc/pam.d.orig/userdel	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/userdel	2011-07-20 19:07:35.734844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
+diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod
+--- shadow-4.1.4.3/etc/pam.d.orig/usermod	2011-07-20 19:02:27.384844958 +0800
++++ shadow-4.1.4.3/etc/pam.d/usermod	2011-07-20 19:07:42.024844958 +0800
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+ account		required	pam_permit.so
+-password	include		system-auth
++password	include		common-password
diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
index 5731a26..0e6ba871 100644
--- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
+++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
 
 DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
-PR = "r2"
+PR = "r3"
 
 SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
            file://login_defs_pam.sed \
@@ -19,7 +19,8 @@ SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz
            file://shadow-4.1.3-dots-in-usernames.patch \
            file://shadow-4.1.4.2-env-reset-keep-locale.patch \
            file://shadow-4.1.4.2-groupmod-pam-check.patch \
-           file://shadow-4.1.4.2-su_no_sanitize_env.patch"
+           file://shadow-4.1.4.2-su_no_sanitize_env.patch \
+		   file://shadow-update-pam-conf.patch"
 
 SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
 SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
-- 
1.7.5.1.300.gc565c

[PATCH 10/10] at: enable pam support

[Kang Kai]

From: Wenzong Fan <wenzong.fan@windriver.com>

add patches to make at enable pam support

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
 .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 ++++++++++++++++++++
 meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   16 +++++++++++++
 meta/recipes-extended/at/at_3.1.12.bb              |   13 +++++++---
 3 files changed, 48 insertions(+), 4 deletions(-)
 create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
 create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch

diff --git a/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch b/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
new file mode 100644
index 0000000..1f73cdd
--- /dev/null
+++ b/meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
@@ -0,0 +1,23 @@
+--- at-3.1.12/configure.ac	2011-06-23 14:51:03.653572945 +0800
++++ at-3.1.12/configure.ac.new	2011-06-27 16:12:14.903572945 +0800
+@@ -81,10 +81,18 @@
+ AC_FUNC_VPRINTF
+ AC_FUNC_GETLOADAVG
+ AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
++
++AC_ARG_WITH([pam],
++  [AS_HELP_STRING([--without-pam], [without PAM support])])
++
++if test "x$with_pam" != xno; then
+ AC_CHECK_HEADERS(security/pam_appl.h, [
+   PAMLIB="-lpam"
+-  AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])
+-])
++  AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])],
++   [if test "x$with_pam" = xyes; then
++   AC_MSG_ERROR([PAM selected but security/pam_misc.h not found])
++   fi])
++fi
+
+ dnl Checking for programs
+
diff --git a/meta/recipes-extended/at/at-3.1.12/pam.conf.patch b/meta/recipes-extended/at/at-3.1.12/pam.conf.patch
new file mode 100644
index 0000000..4a80bbf
--- /dev/null
+++ b/meta/recipes-extended/at/at-3.1.12/pam.conf.patch
@@ -0,0 +1,16 @@
+--- at-3.1.12/pam.conf.orig	2009-11-23 23:11:52.000000000 +0800
++++ at-3.1.12/pam.conf	2011-07-15 11:14:04.132818950 +0800
+@@ -2,8 +2,8 @@
+ # The PAM configuration file for the at daemon
+ #
+
+-auth	required	pam_env.so
+-@include common-auth
+-@include common-account
+-@include common-session-noninteractive
+-session    required   pam_limits.so
++auth    required    pam_env.so
++auth    include     common-auth
++account include     common-account
++session include     common-session-noninteractive
++session required    pam_limits.so
diff --git a/meta/recipes-extended/at/at_3.1.12.bb b/meta/recipes-extended/at/at_3.1.12.bb
index 3a94497..16f428c 100644
--- a/meta/recipes-extended/at/at_3.1.12.bb
+++ b/meta/recipes-extended/at/at_3.1.12.bb
@@ -4,20 +4,23 @@ the system load levels drop to a particular level."
 SECTION = "base"
 LICENSE="GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4325afd396febcb659c36b49533135d4"
-DEPENDS = "flex libpam initscripts"
+DEPENDS = "flex libpam initscripts \
+	${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RCONFLICTS_${PN} = "atd"
 RREPLACES_${PN} = "atd"
-PR = "r4"
+PR = "r5"
 
 SRC_URI = "${DEBIAN_MIRROR}/main/a/at/at_${PV}.orig.tar.gz \
     file://configure.patch \
+    file://pam.conf.patch \
     file://use-ldflags.patch \
     file://nonstripbinaries.patch \
     file://fix_parallel_build_error.patch \
     file://posixtm.c \
     file://posixtm.h \
     file://file_replacement_with_gplv2.patch \
-    file://S99at"
+    file://S99at \
+	file://configure-add-enable-pam.patch"
 
 SRC_URI[md5sum] = "1e67991776148fb319fd77a2e599a765"
 SRC_URI[sha256sum] = "7c55c6ab4fbe8add9e68f31b2b0ebf3fe805c9a4e7cfb2623a3d8a4789cc18f3"
@@ -26,7 +29,8 @@ EXTRA_OECONF += "ac_cv_path_SENDMAIL=/bin/true \
                  --with-daemon_username=root \
                  --with-daemon_groupname=root \
                  --with-jobdir=/var/spool/at/jobs \
-                 --with-atspool=/var/spool/at/spool"
+                 --with-atspool=/var/spool/at/spool \
+				 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} "
 
 inherit autotools
 
@@ -41,6 +45,7 @@ do_install () {
 	install -d ${D}${sysconfdir}/rcS.d
 	install -m 0755    ${WORKDIR}/S99at		${D}${sysconfdir}/init.d/atd
 	ln -sf		../init.d/atd		${D}${sysconfdir}/rcS.d/S99at
+	install -D -m 0644 ${WORKDIR}/${P}/pam.conf ${D}${sysconfdir}/pam.d/atd
 }
 
 pkg_postinst_${PN} () {
-- 
1.7.5.1.300.gc565c

Re: [PATCH 00/10] works of adding packages pam support

[Kang Kai]

[-- Attachment #1: Type: text/plain, Size: 3486 bytes --]

On 2011?07?21? 16:00, Kang Kai wrote:
> From: Kang Kai<kai.kang@windriver.com>
>
> Hi Scott,
>
> This is the current work of adding pam supports.
>
> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
> doesn't have a pam configure file, import from Fedora.
>
> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>
>    bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib kangkai/distro
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits

sorry, the branch info is wrong, should be

*http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro*

>
> Kang Kai (5):
>    libpam: update to 1.1.4 and add subpackage xtests
>    cups: add pam support
>    screen: add pam support
>    sudo: add pam support
>    shadow: update pam related configure files
>
> Wenzong Fan (2):
>    cronie: enable PAM support for cronie
>    at: enable pam support
>
> Xiaofeng Yan (3):
>    dropbear: Support PAM
>    openssh: Support PAM
>    polkit: Support PAM
>
>   .../openssh/openssh-5.8p2/sshd                     |   10 +
>   meta/recipes-connectivity/openssh/openssh_5.8p2.bb |    7 +-
>   meta/recipes-core/dropbear/dropbear.inc            |    6 +-
>   .../dropbear/dropbear/dropbear-enable-pam.patch    |   21 +++
>   .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 +++
>   meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   16 ++
>   meta/recipes-extended/at/at_3.1.12.bb              |   13 +-
>   .../cronie/cronie/crond_pam_config.patch           |   13 ++
>   meta/recipes-extended/cronie/cronie_1.4.7.bb       |    9 +-
>   meta/recipes-extended/cups/cups_1.4.6.bb           |    8 +-
>   .../pam/libpam/libpam-xtests.patch                 |   35 ++++
>   .../pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb}       |   14 +-
>   .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 +++
>   meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +-
>   .../screen/screen-4.0.3/screen.pamd                |    2 +
>   meta/recipes-extended/screen/screen_4.0.3.bb       |   14 +-
>   .../shadow/files/shadow-update-pam-conf.patch      |  175 ++++++++++++++++++++
>   meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
>   meta/recipes-extended/sudo/files/sudo.pamd         |    6 +
>   meta/recipes-extended/sudo/sudo_1.8.1p2.bb         |   11 +-
>   20 files changed, 389 insertions(+), 28 deletions(-)
>   create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>   create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>   create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>   create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>   rename meta/recipes-extended/pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb} (85%)
>   create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>   create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>   create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>   create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>


[-- Attachment #2: Type: text/html, Size: 4169 bytes --]

Re: [PATCH 00/10] works of adding packages pam support

[Koen Kooi]

Op 21 jul. 2011, om 10:05 heeft Kang Kai het volgende geschreven:

> On 2011年07月21日 16:00, Kang Kai wrote:
>> From: Kang Kai <kai.kang@windriver.com>
>> 
>> 
>> Hi Scott,
>> 
>> This is the current work of adding pam supports. 
>> 
>> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
>> doesn't have a pam configure file, import from Fedora.
>> 
>> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>> 
>>   bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>> 
>> are available in the git repository at:
>>   git://git.pokylinux.org/poky-contrib kangkai/distro
>>   
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
> 
> sorry, the branch info is wrong, should be 
> 
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro

Is that against oe-core or against poky? If it's against poky please rebase it against oe-core since that make it possible to test it.

Re: [PATCH 02/10] dropbear: Support PAM

[Koen Kooi]

Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:

> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> 
> I make a patch and some changes in dropbear.inc for supporting pam.
> - Enable pam in configure
> - Modify file option.h to open pam supporting
> 
> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> ---
> meta/recipes-core/dropbear/dropbear.inc            |    6 ++++-
> .../dropbear/dropbear/dropbear-enable-pam.patch    |   21 ++++++++++++++++++++
> 2 files changed, 26 insertions(+), 1 deletions(-)
> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
> 
> diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
> index 1b51e1a..48cefb6 100644
> --- a/meta/recipes-core/dropbear/dropbear.inc
> +++ b/meta/recipes-core/dropbear/dropbear.inc
> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
> 
> DEPENDS = "zlib"
> RPROVIDES = "ssh sshd"
> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> 
> SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
> 	         file://urandom-xauth-changes-to-options.h.patch \
> 	         file://configure.patch \
> 	         file://fix-2kb-keys.patch \
> 	         file://allow-nopw.patch;apply=no \
> -	         file://init"
> +	         file://init \
> +		 file://dropbear-enable-pam.patch "
> 
> inherit autotools update-rc.d
> 
> @@ -28,6 +30,8 @@ LD = "${CC}"
> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
> BINCOMMANDS = "dbclient ssh scp"
> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
> +EXTRA_OECONF += "\
> +	${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
> 
> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"

That one is missing a PR bump

Re: [PATCH 03/10] openssh: Support PAM

[Koen Kooi]

Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:

> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> 
> Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.

Where did this file come from and why isn't openssh providing it on its own?

> 
> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> ---
> .../openssh/openssh-5.8p2/sshd                     |   10 ++++++++++
> meta/recipes-connectivity/openssh/openssh_5.8p2.bb |    7 +++++--
> 2 files changed, 15 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> 
> diff --git a/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> new file mode 100644
> index 0000000..4882e58
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> @@ -0,0 +1,10 @@
> +#%PAM-1.0
> +
> +auth       include      common-auth
> +account    required     pam_nologin.so
> +account    include      common-account
> +password   include      common-password
> +session    optional     pam_keyinit.so force revoke
> +session    include      common-session
> +session    required     pam_loginuid.so
> +
> diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> index e23069c..e0da936 100644
> --- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> @@ -7,7 +7,7 @@ SECTION = "console/network"
> LICENSE = "BSD"
> LIC_FILES_CHKSUM = "file://LICENCE;md5=bae9a689be41581503bcf95d8fb42c4e"
> 
> -PR = "r0"
> +PR = "r1"
> 
> DEPENDS = "zlib openssl"
> DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> @@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
>            file://sshd_config \
>            file://ssh_config \
>            file://init \
> +           file://sshd \
>           "
> SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
> SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
> @@ -59,7 +60,9 @@ do_compile_append () {
> 
> do_install_append () {
> 	install -d ${D}${sysconfdir}/init.d
> +	install -d ${D}${sysconfdir}/pam.d
> 	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
> +	install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
> 	mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
> 	mv ${D}${bindir}/ssh ${D}${bindir}/ssh.${PN}
> 	rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
> @@ -71,7 +74,7 @@ ALLOW_EMPTY_${PN} = "1"
> PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
> FILES_${PN}-scp = "${bindir}/scp.${PN}"
> FILES_${PN}-ssh = "${bindir}/ssh.${PN} ${sysconfdir}/ssh/ssh_config"
> -FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
> +FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${sysconfdir}/pam.d/sshd"
> FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config"
> FILES_${PN}-sftp = "${bindir}/sftp"
> FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
> -- 
> 1.7.5.1.300.gc565c
> 
> 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 09/10] shadow: update pam related configure files

[Koen Kooi]

Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:

> From: Kang Kai <kai.kang@windriver.com>
> 
> add shadow-update-pam-conf.patch to update the pam related configure files
> in Yocto way rather than Fedora.

I'm not entirely sure, but do the updated conf files need something like http://cgit.openembedded.org/cgit.cgi/openembedded-core/commit/?id=b90e9c2318fc421f37c57788ece54ce791a90b62 as well?


> 
> Signed-off-by: Kang Kai <kai.kang@windriver.com>
> ---
> .../shadow/files/shadow-update-pam-conf.patch      |  175 ++++++++++++++++++++
> meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
> 2 files changed, 178 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
> 
> diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
> new file mode 100644
> index 0000000..33789f5
> --- /dev/null
> +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
> @@ -0,0 +1,175 @@
> +The system-auth in the configure files is from Fedora which put all the 4 pam type rules
> +in one file. 
> +In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
> +common-password and common-session.
> +So update them in Yocto way.
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Kang Kai <kai.kang@windriver.com>
> +
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage
> +--- shadow-4.1.4.3/etc/pam.d.orig/chage	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chage	2011-07-20 19:03:08.964844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chfn shadow-4.1.4.3/etc/pam.d/chfn
> +--- shadow-4.1.4.3/etc/pam.d.orig/chfn	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chfn	2011-07-20 19:03:17.804844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd
> +--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chgpasswd	2011-07-20 19:03:26.544844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chpasswd shadow-4.1.4.3/etc/pam.d/chpasswd
> +--- shadow-4.1.4.3/etc/pam.d.orig/chpasswd	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chpasswd	2011-07-20 19:03:42.724844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chsh shadow-4.1.4.3/etc/pam.d/chsh
> +--- shadow-4.1.4.3/etc/pam.d.orig/chsh	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/chsh	2011-07-20 19:03:51.524844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupadd	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupadd	2011-07-20 19:04:08.124844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupdel	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupdel	2011-07-20 19:04:26.114844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmems	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupmems	2011-07-20 19:04:35.074844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod
> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmod	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/groupmod	2011-07-20 19:04:44.864844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/login shadow-4.1.4.3/etc/pam.d/login
> +--- shadow-4.1.4.3/etc/pam.d.orig/login	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/login	2011-07-20 19:05:36.924844958 +0800
> +@@ -1,11 +1,11 @@
> + #%PAM-1.0
> + auth		required	pam_securetty.so
> +-auth		include		system-auth
> ++auth		include		common-auth
> + account		required	pam_nologin.so
> +-account		include		system-auth
> +-password	include		system-auth
> ++account		include		common-account
> ++password	include		common-password
> + session		required	pam_selinux.so close
> +-session		include		system-auth
> ++session		include		common-session
> + session		required	pam_loginuid.so
> + session		optional	pam_console.so
> + session		required	pam_selinux.so open
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/newusers shadow-4.1.4.3/etc/pam.d/newusers
> +--- shadow-4.1.4.3/etc/pam.d.orig/newusers	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/newusers	2011-07-20 19:05:49.344844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/passwd shadow-4.1.4.3/etc/pam.d/passwd
> +--- shadow-4.1.4.3/etc/pam.d.orig/passwd	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/passwd	2011-07-20 19:06:29.014844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> +-auth		include		system-auth
> +-account		include		system-auth
> +-password	include		system-auth
> ++auth		include		common-auth
> ++account		include		common-account
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/su shadow-4.1.4.3/etc/pam.d/su
> +--- shadow-4.1.4.3/etc/pam.d.orig/su	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/su	2011-07-20 19:07:07.584844958 +0800
> +@@ -4,10 +4,10 @@
> + #auth		sufficient	pam_wheel.so trust use_uid
> + # Uncomment the following line to require a user to be in the "wheel" group.
> + auth		required	pam_wheel.so use_uid
> +-auth		include		system-auth
> +-account		include		system-auth
> +-password	include		system-auth
> ++auth		include		common-auth
> ++account		include		common-account
> ++password	include		common-password
> + session		required	pam_selinux.so close
> +-session		include		system-auth
> ++session		include		common-session
> + session		required	pam_selinux.so open multiple
> + session		optional	pam_xauth.so
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd
> +--- shadow-4.1.4.3/etc/pam.d.orig/useradd	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/useradd	2011-07-20 19:07:26.244844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel
> +--- shadow-4.1.4.3/etc/pam.d.orig/userdel	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/userdel	2011-07-20 19:07:35.734844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod
> +--- shadow-4.1.4.3/etc/pam.d.orig/usermod	2011-07-20 19:02:27.384844958 +0800
> ++++ shadow-4.1.4.3/etc/pam.d/usermod	2011-07-20 19:07:42.024844958 +0800
> +@@ -1,4 +1,4 @@
> + #%PAM-1.0
> + auth		sufficient	pam_rootok.so
> + account		required	pam_permit.so
> +-password	include		system-auth
> ++password	include		common-password
> diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> index 5731a26..0e6ba871 100644
> --- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> +++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
> 
> DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
> -PR = "r2"
> +PR = "r3"
> 
> SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
>            file://login_defs_pam.sed \
> @@ -19,7 +19,8 @@ SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz
>            file://shadow-4.1.3-dots-in-usernames.patch \
>            file://shadow-4.1.4.2-env-reset-keep-locale.patch \
>            file://shadow-4.1.4.2-groupmod-pam-check.patch \
> -           file://shadow-4.1.4.2-su_no_sanitize_env.patch"
> +           file://shadow-4.1.4.2-su_no_sanitize_env.patch \
> +		   file://shadow-update-pam-conf.patch"
> 
> SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
> SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
> -- 
> 1.7.5.1.300.gc565c
> 
> 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 04/10] polkit: Support PAM

[Koen Kooi]

Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:

> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> 
> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
> 
> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> ---
> .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++++++++++++++++
> meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +++-
> 2 files changed, 27 insertions(+), 2 deletions(-)
> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
> 
> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
> new file mode 100644
> index 0000000..fa145ac
> --- /dev/null
> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
> @@ -0,0 +1,23 @@
> +polkit: No system-auth in poky, we can use common-* in place of it.

Poky or oe-core? And can we provide system-auth instead of patching the world?


> +
> +Upstream-Status:Inappropriate [configuration]
> +
> +Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> +
> +--- a/configure.ac	2011-03-04 02:26:20.000000000 +0800
> ++++ b/configure.ac.new	2011-07-18 10:14:12.516818852 +0800
> +@@ -350,10 +350,10 @@
> +     PAM_FILE_INCLUDE_PASSWORD=system
> +     PAM_FILE_INCLUDE_SESSION=system
> + else
> +-   PAM_FILE_INCLUDE_AUTH=system-auth
> +-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
> +-   PAM_FILE_INCLUDE_PASSWORD=system-auth
> +-   PAM_FILE_INCLUDE_SESSION=system-auth
> ++   PAM_FILE_INCLUDE_AUTH=common-auth
> ++   PAM_FILE_INCLUDE_ACCOUNT=common-account
> ++   PAM_FILE_INCLUDE_PASSWORD=common-password
> ++   PAM_FILE_INCLUDE_SESSION=common-session
> + fi
> + 
> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
> index 6769914..da1d581 100644
> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
>                     file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
> 
> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
> -           file://introspection.patch"
> -PR = "r0"
> +           file://introspection.patch \
> +           file://polkit-1_pam.patch"
> +
> +PR = "r1"
> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
> RDEPENDS_${PN} = "libpam"
> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
> -- 
> 1.7.5.1.300.gc565c
> 
> 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 03/10] openssh: Support PAM

[Phil Blundell]

On Thu, 2011-07-21 at 16:00 +0800, Kang Kai wrote:
>  do_install_append () {
>  	install -d ${D}${sysconfdir}/init.d
> +	install -d ${D}${sysconfdir}/pam.d
>  	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
> +	install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd

I think this should be conditional on pam in DISTRO_FEATURES.

p.

Re: [PATCH 07/10] sudo: add pam support

[Phil Blundell]

On Thu, 2011-07-21 at 16:00 +0800, Kang Kai wrote:
> +do_install_append () {
> +	install -D -m 664 ${WORKDIR}/sudo.pamd ${D}/${sysconfdir}/pam.d/sudo
> +}

As with openssh, you don't want to install and ship this file if pam
isn't enabled.

p.

Re: [PATCH 00/10] works of adding packages pam support

[Kang Kai]

On 2011年07月21日 16:53, Koen Kooi wrote:
> Op 21 jul. 2011, om 10:05 heeft Kang Kai het volgende geschreven:
>
>> On 2011年07月21日 16:00, Kang Kai wrote:
>>> From: Kang Kai<kai.kang@windriver.com>
>>>
>>>
>>> Hi Scott,
>>>
>>> This is the current work of adding pam supports.
>>>
>>> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
>>> doesn't have a pam configure file, import from Fedora.
>>>
>>> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>
>>>    bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>>>
>>> are available in the git repository at:
>>>    git://git.pokylinux.org/poky-contrib kangkai/distro
>>>
>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>> sorry, the branch info is wrong, should be
>>
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro
> Is that against oe-core or against poky? If it's against poky please rebase it against oe-core since that make it possible to test it.

Koen,

I rebase against oe-core and push to

http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai%2Fpam-rebase-oe-core

Is that what you want?

Regards,
Kai

Re: [PATCH 07/10] sudo: add pam support

[Kang Kai]

On 2011年07月21日 17:06, Phil Blundell wrote:
> On Thu, 2011-07-21 at 16:00 +0800, Kang Kai wrote:
>> +do_install_append () {
>> +	install -D -m 664 ${WORKDIR}/sudo.pamd ${D}/${sysconfdir}/pam.d/sudo
>> +}
> As with openssh, you don't want to install and ship this file if pam
> isn't enabled.
>
> p.

ok, we'll try to do that.

Thanks,
Kai
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 04/10] polkit: Support PAM

[Kang Kai]

On 2011年07月21日 16:59, Koen Kooi wrote:
> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>
>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>
>> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
>>
>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>> ---
>> .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++++++++++++++++
>> meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +++-
>> 2 files changed, 27 insertions(+), 2 deletions(-)
>> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>
>> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>> new file mode 100644
>> index 0000000..fa145ac
>> --- /dev/null
>> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>> @@ -0,0 +1,23 @@
>> +polkit: No system-auth in poky, we can use common-* in place of it.
> Poky or oe-core? And can we provide system-auth instead of patching the world?

system-auth is the Fedora common pam configure file and auto generated 
by command authconfig. It contains all 4 types(auth, account, password 
and session) default config. But in Yocto we follow Debian/Ubuntu with 
separated files for default config: common-auth, common-account etc.
So that we didn't import the system-auth file .

>
>
>> +
>> +Upstream-Status:Inappropriate [configuration]
>> +
>> +Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>> +
>> +--- a/configure.ac	2011-03-04 02:26:20.000000000 +0800
>> ++++ b/configure.ac.new	2011-07-18 10:14:12.516818852 +0800
>> +@@ -350,10 +350,10 @@
>> +     PAM_FILE_INCLUDE_PASSWORD=system
>> +     PAM_FILE_INCLUDE_SESSION=system
>> + else
>> +-   PAM_FILE_INCLUDE_AUTH=system-auth
>> +-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
>> +-   PAM_FILE_INCLUDE_PASSWORD=system-auth
>> +-   PAM_FILE_INCLUDE_SESSION=system-auth
>> ++   PAM_FILE_INCLUDE_AUTH=common-auth
>> ++   PAM_FILE_INCLUDE_ACCOUNT=common-account
>> ++   PAM_FILE_INCLUDE_PASSWORD=common-password
>> ++   PAM_FILE_INCLUDE_SESSION=common-session
>> + fi
>> +
>> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
>> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
>> index 6769914..da1d581 100644
>> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
>> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
>> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
>>                      file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
>>
>> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
>> -           file://introspection.patch"
>> -PR = "r0"
>> +           file://introspection.patch \
>> +           file://polkit-1_pam.patch"
>> +
>> +PR = "r1"
>> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
>> RDEPENDS_${PN} = "libpam"
>> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
>> -- 
>> 1.7.5.1.300.gc565c
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 00/10] works of adding packages pam support

[Koen Kooi]

Yes, that'd be awesome

Op 21 jul. 2011, om 11:41 heeft Kang Kai het volgende geschreven:

> On 2011年07月21日 16:53, Koen Kooi wrote:
>> Op 21 jul. 2011, om 10:05 heeft Kang Kai het volgende geschreven:
>> 
>>> On 2011年07月21日 16:00, Kang Kai wrote:
>>>> From: Kang Kai<kai.kang@windriver.com>
>>>> 
>>>> 
>>>> Hi Scott,
>>>> 
>>>> This is the current work of adding pam supports.
>>>> 
>>>> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
>>>> doesn't have a pam configure file, import from Fedora.
>>>> 
>>>> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>> 
>>>>   bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>>>> 
>>>> are available in the git repository at:
>>>>   git://git.pokylinux.org/poky-contrib kangkai/distro
>>>> 
>>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>>> sorry, the branch info is wrong, should be
>>> 
>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/distro
>> Is that against oe-core or against poky? If it's against poky please rebase it against oe-core since that make it possible to test it.
> 
> Koen,
> 
> I rebase against oe-core and push to
> 
> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai%2Fpam-rebase-oe-core
> 
> Is that what you want?
> 
> Regards,
> Kai
> 

Re: [PATCH 04/10] polkit: Support PAM

[Koen Kooi]

Op 21 jul. 2011, om 11:49 heeft Kang Kai het volgende geschreven:

> On 2011年07月21日 16:59, Koen Kooi wrote:
>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>> 
>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>> 
>>> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
>>> 
>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>> ---
>>> .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++++++++++++++++
>>> meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +++-
>>> 2 files changed, 27 insertions(+), 2 deletions(-)
>>> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>> 
>>> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>> new file mode 100644
>>> index 0000000..fa145ac
>>> --- /dev/null
>>> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>> @@ -0,0 +1,23 @@
>>> +polkit: No system-auth in poky, we can use common-* in place of it.
>> Poky or oe-core? And can we provide system-auth instead of patching the world?
> 
> system-auth is the Fedora common pam configure file and auto generated by command authconfig. It contains all 4 types(auth, account, password and session) default config. But in Yocto

Hmm, poky, oe-core or yocto? Which is it :)

> we follow Debian/Ubuntu with separated files for default config: common-auth, common-account etc.
> So that we didn't import the system-auth file .
> 
>> 
>> 
>>> +
>>> +Upstream-Status:Inappropriate [configuration]
>>> +
>>> +Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>> +
>>> +--- a/configure.ac	2011-03-04 02:26:20.000000000 +0800
>>> ++++ b/configure.ac.new	2011-07-18 10:14:12.516818852 +0800
>>> +@@ -350,10 +350,10 @@
>>> +     PAM_FILE_INCLUDE_PASSWORD=system
>>> +     PAM_FILE_INCLUDE_SESSION=system
>>> + else
>>> +-   PAM_FILE_INCLUDE_AUTH=system-auth
>>> +-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
>>> +-   PAM_FILE_INCLUDE_PASSWORD=system-auth
>>> +-   PAM_FILE_INCLUDE_SESSION=system-auth
>>> ++   PAM_FILE_INCLUDE_AUTH=common-auth
>>> ++   PAM_FILE_INCLUDE_ACCOUNT=common-account
>>> ++   PAM_FILE_INCLUDE_PASSWORD=common-password
>>> ++   PAM_FILE_INCLUDE_SESSION=common-session
>>> + fi
>>> +
>>> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
>>> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
>>> index 6769914..da1d581 100644
>>> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
>>> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
>>> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
>>>                     file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
>>> 
>>> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
>>> -           file://introspection.patch"
>>> -PR = "r0"
>>> +           file://introspection.patch \
>>> +           file://polkit-1_pam.patch"
>>> +
>>> +PR = "r1"
>>> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
>>> RDEPENDS_${PN} = "libpam"
>>> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
>>> -- 
>>> 1.7.5.1.300.gc565c
>>> 
>>> 
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>> 
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
> 
> 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 00/10] works of adding packages pam support

[Saul Wold]

On 07/21/2011 01:00 AM, Kang Kai wrote:
> From: Kang Kai<kai.kang@windriver.com>
>
> Hi Scott,
>
> This is the current work of adding pam supports.
>
> After update libpam to 1.1.4, we enable the packages pam support. And if the pacakge
> doesn't have a pam configure file, import from Fedora.
>
Kai,

Thanks for this work, you have already gotten some feedback, I have a 
few general comments to add that are across many of these patches, so I 
will note them here.

Whitespace: you seem to be using tabs instead of spaces, please check 
that you have spaces and your items are lined up. Yocto uses 4 spaces 
for python and bb recipes and tabs for shell scripts and shell functions 
in bb recipes.

As has already been noted in a couple of places, ensure that you only 
install things pam specific when the pam DISTRO_FEATURE is enabled, 
there are multiple places that need this (not just the ones already noted).

Worth noting here also make sure you check all your PR bumps are correct.

Commit messages and comments for things to oe-core should talk about 
oe-core not yocto or poky as this upsets people ;-)

I am going to hold of on taking this series until you fix it up.

Sau!



> The following changes since commit fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>
>    bb-matrix: correct BB and PM number canonicalization (2011-07-14 22:23:09 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib kangkai/distro
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>
> Kang Kai (5):
>    libpam: update to 1.1.4 and add subpackage xtests
>    cups: add pam support
>    screen: add pam support
>    sudo: add pam support
>    shadow: update pam related configure files
>
> Wenzong Fan (2):
>    cronie: enable PAM support for cronie
>    at: enable pam support
>
> Xiaofeng Yan (3):
>    dropbear: Support PAM
>    openssh: Support PAM
>    polkit: Support PAM
>
>   .../openssh/openssh-5.8p2/sshd                     |   10 +
>   meta/recipes-connectivity/openssh/openssh_5.8p2.bb |    7 +-
>   meta/recipes-core/dropbear/dropbear.inc            |    6 +-
>   .../dropbear/dropbear/dropbear-enable-pam.patch    |   21 +++
>   .../at/at-3.1.12/configure-add-enable-pam.patch    |   23 +++
>   meta/recipes-extended/at/at-3.1.12/pam.conf.patch  |   16 ++
>   meta/recipes-extended/at/at_3.1.12.bb              |   13 +-
>   .../cronie/cronie/crond_pam_config.patch           |   13 ++
>   meta/recipes-extended/cronie/cronie_1.4.7.bb       |    9 +-
>   meta/recipes-extended/cups/cups_1.4.6.bb           |    8 +-
>   .../pam/libpam/libpam-xtests.patch                 |   35 ++++
>   .../pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb}       |   14 +-
>   .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 +++
>   meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +-
>   .../screen/screen-4.0.3/screen.pamd                |    2 +
>   meta/recipes-extended/screen/screen_4.0.3.bb       |   14 +-
>   .../shadow/files/shadow-update-pam-conf.patch      |  175 ++++++++++++++++++++
>   meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
>   meta/recipes-extended/sudo/files/sudo.pamd         |    6 +
>   meta/recipes-extended/sudo/sudo_1.8.1p2.bb         |   11 +-
>   20 files changed, 389 insertions(+), 28 deletions(-)
>   create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>   create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>   create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>   create mode 100644 meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>   create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>   rename meta/recipes-extended/pam/{libpam_1.1.3.bb =>  libpam_1.1.4.bb} (85%)
>   create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>   create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>   create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>   create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>

Re: [PATCH 02/10] dropbear: Support PAM

[Khem Raj]

On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi <koen@dominion.thruhere.net> wrote:
>
> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>
>> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
>>
>> I make a patch and some changes in dropbear.inc for supporting pam.
>> - Enable pam in configure
>> - Modify file option.h to open pam supporting
>>
>> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
>> ---
>> meta/recipes-core/dropbear/dropbear.inc            |    6 ++++-
>> .../dropbear/dropbear/dropbear-enable-pam.patch    |   21 ++++++++++++++++++++
>> 2 files changed, 26 insertions(+), 1 deletions(-)
>> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>
>> diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
>> index 1b51e1a..48cefb6 100644
>> --- a/meta/recipes-core/dropbear/dropbear.inc
>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>
>> DEPENDS = "zlib"
>> RPROVIDES = "ssh sshd"
>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>>
>> SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>>                file://urandom-xauth-changes-to-options.h.patch \
>>                file://configure.patch \
>>                file://fix-2kb-keys.patch \
>>                file://allow-nopw.patch;apply=no \
>> -              file://init"
>> +              file://init \
>> +              file://dropbear-enable-pam.patch "
>>
>> inherit autotools update-rc.d
>>
>> @@ -28,6 +30,8 @@ LD = "${CC}"
>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>> BINCOMMANDS = "dbclient ssh scp"
>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
>> +EXTRA_OECONF += "\
>> +     ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
>>
>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
>
> That one is missing a PR bump

And does this mean that it also needs libpam in DEPENDS ?
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>

Re: [PATCH 00/10] works of adding packages pam support

[Kang Kai]

On 2011年07月22日 01:02, Saul Wold wrote:
> On 07/21/2011 01:00 AM, Kang Kai wrote:
>> From: Kang Kai<kai.kang@windriver.com>
>>
>> Hi Scott,
>>
>> This is the current work of adding pam supports.
>>
>> After update libpam to 1.1.4, we enable the packages pam support. And 
>> if the pacakge
>> doesn't have a pam configure file, import from Fedora.
>>
> Kai,
>
> Thanks for this work, you have already gotten some feedback, I have a 
> few general comments to add that are across many of these patches, so 
> I will note them here.
>
> Whitespace: you seem to be using tabs instead of spaces, please check 
> that you have spaces and your items are lined up. Yocto uses 4 spaces 
> for python and bb recipes and tabs for shell scripts and shell 
> functions in bb recipes.
>
> As has already been noted in a couple of places, ensure that you only 
> install things pam specific when the pam DISTRO_FEATURE is enabled, 
> there are multiple places that need this (not just the ones already 
> noted).
>
> Worth noting here also make sure you check all your PR bumps are correct.
>

Hi Saul,

We will check the commits and send them again. Thanks for you comments.

> Commit messages and comments for things to oe-core should talk about 
> oe-core not yocto or poky as this upsets people ;-)

I am a little confused about this. Do you mean the commits about 
packages under directory meta/ should use word "oe-core" rather than 
Yocto? Would you like to tell me that how do you merge the commits, 
merge the commits to the oe-core master first and then merge the oe-core 
master to Yocto master or some branch?

At the same time, tests we did are based on core-image-sato/lsb. Should 
we test them again base on the image create by oe-core?

>
> I am going to hold of on taking this series until you fix it up.
>
> Sau!
>

Regards,
Kai

>
>
>> The following changes since commit 
>> fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>
>> bb-matrix: correct BB and PM number canonicalization (2011-07-14 
>> 22:23:09 +0100)
>>
>> are available in the git repository at:
>> git://git.pokylinux.org/poky-contrib kangkai/distro
>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>>
>> Kang Kai (5):
>> libpam: update to 1.1.4 and add subpackage xtests
>> cups: add pam support
>> screen: add pam support
>> sudo: add pam support
>> shadow: update pam related configure files
>>
>> Wenzong Fan (2):
>> cronie: enable PAM support for cronie
>> at: enable pam support
>>
>> Xiaofeng Yan (3):
>> dropbear: Support PAM
>> openssh: Support PAM
>> polkit: Support PAM
>>
>> .../openssh/openssh-5.8p2/sshd | 10 +
>> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
>> meta/recipes-core/dropbear/dropbear.inc | 6 +-
>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
>> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
>> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
>> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
>> .../cronie/cronie/crond_pam_config.patch | 13 ++
>> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
>> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
>> .../pam/libpam/libpam-xtests.patch | 35 ++++
>> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
>> .../screen/screen-4.0.3/screen.pamd | 2 +
>> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
>> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
>> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
>> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
>> 20 files changed, 389 insertions(+), 28 deletions(-)
>> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>> create mode 100644 
>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>> create mode 100644 
>> meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>> create mode 100644 
>> meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>> create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} 
>> (85%)
>> create mode 100644 
>> meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>> create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>> create mode 100644 
>> meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>>

Re: [PATCH 02/10] dropbear: Support PAM

[Kang Kai]

On 2011年07月22日 03:10, Khem Raj wrote:
> On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi<koen@dominion.thruhere.net>  wrote:
>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>
>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>
>>> I make a patch and some changes in dropbear.inc for supporting pam.
>>> - Enable pam in configure
>>> - Modify file option.h to open pam supporting
>>>
>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>> ---
>>> meta/recipes-core/dropbear/dropbear.inc            |    6 ++++-
>>> .../dropbear/dropbear/dropbear-enable-pam.patch    |   21 ++++++++++++++++++++
>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>> create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>
>>> diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
>>> index 1b51e1a..48cefb6 100644
>>> --- a/meta/recipes-core/dropbear/dropbear.inc
>>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>>
>>> DEPENDS = "zlib"
>>> RPROVIDES = "ssh sshd"
>>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>>>
>>> SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>>>                 file://urandom-xauth-changes-to-options.h.patch \
>>>                 file://configure.patch \
>>>                 file://fix-2kb-keys.patch \
>>>                 file://allow-nopw.patch;apply=no \
>>> -              file://init"
>>> +              file://init \
>>> +              file://dropbear-enable-pam.patch "
>>>
>>> inherit autotools update-rc.d
>>>
>>> @@ -28,6 +30,8 @@ LD = "${CC}"
>>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>>> BINCOMMANDS = "dbclient ssh scp"
>>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
>>> +EXTRA_OECONF += "\
>>> +     ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
>>>
>>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
>> That one is missing a PR bump
> And does this mean that it also needs libpam in DEPENDS ?

Yes, I think so. So add the

+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"


>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 02/10] dropbear: Support PAM

[Khem Raj]

On Thu, Jul 21, 2011 at 7:41 PM, Kang Kai <Kai.Kang@windriver.com> wrote:
> On 2011年07月22日 03:10, Khem Raj wrote:
>>
>> On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi<koen@dominion.thruhere.net>
>>  wrote:
>>>
>>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>>
>>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>
>>>> I make a patch and some changes in dropbear.inc for supporting pam.
>>>> - Enable pam in configure
>>>> - Modify file option.h to open pam supporting
>>>>
>>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>> ---
>>>> meta/recipes-core/dropbear/dropbear.inc            |    6 ++++-
>>>> .../dropbear/dropbear/dropbear-enable-pam.patch    |   21
>>>> ++++++++++++++++++++
>>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>>> create mode 100644
>>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>>
>>>> diff --git a/meta/recipes-core/dropbear/dropbear.inc
>>>> b/meta/recipes-core/dropbear/dropbear.inc
>>>> index 1b51e1a..48cefb6 100644
>>>> --- a/meta/recipes-core/dropbear/dropbear.inc
>>>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>>>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM =
>>>> "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>>>
>>>> DEPENDS = "zlib"
>>>> RPROVIDES = "ssh sshd"
>>>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '',
>>>> d)}"
>>>>
>>>> SRC_URI =
>>>> "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>>>>                file://urandom-xauth-changes-to-options.h.patch \
>>>>                file://configure.patch \
>>>>                file://fix-2kb-keys.patch \
>>>>                file://allow-nopw.patch;apply=no \
>>>> -              file://init"
>>>> +              file://init \
>>>> +              file://dropbear-enable-pam.patch "
>>>>
>>>> inherit autotools update-rc.d
>>>>
>>>> @@ -28,6 +30,8 @@ LD = "${CC}"
>>>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>>>> BINCOMMANDS = "dbclient ssh scp"
>>>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS}
>>>> ${BINCOMMANDS}"'
>>>> +EXTRA_OECONF += "\
>>>> +     ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam',
>>>> '--disable-pam', d)}"
>>>>
>>>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks",
>>>> "debug", "",d)}"
>>>
>>> That one is missing a PR bump
>>
>> And does this mean that it also needs libpam in DEPENDS ?
>
> Yes, I think so. So add the
>
> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"

and to all recipes which are modified

>
>
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>

Re: [PATCH 02/10] dropbear: Support PAM

[Kang Kai]

On 2011年07月22日 10:49, Khem Raj wrote:
> On Thu, Jul 21, 2011 at 7:41 PM, Kang Kai<Kai.Kang@windriver.com>  wrote:
>> On 2011年07月22日 03:10, Khem Raj wrote:
>>> On Thu, Jul 21, 2011 at 1:54 AM, Koen Kooi<koen@dominion.thruhere.net>
>>>   wrote:
>>>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>>>
>>>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>>
>>>>> I make a patch and some changes in dropbear.inc for supporting pam.
>>>>> - Enable pam in configure
>>>>> - Modify file option.h to open pam supporting
>>>>>
>>>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>> ---
>>>>> meta/recipes-core/dropbear/dropbear.inc            |    6 ++++-
>>>>> .../dropbear/dropbear/dropbear-enable-pam.patch    |   21
>>>>> ++++++++++++++++++++
>>>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>>>> create mode 100644
>>>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>>>
>>>>> diff --git a/meta/recipes-core/dropbear/dropbear.inc
>>>>> b/meta/recipes-core/dropbear/dropbear.inc
>>>>> index 1b51e1a..48cefb6 100644
>>>>> --- a/meta/recipes-core/dropbear/dropbear.inc
>>>>> +++ b/meta/recipes-core/dropbear/dropbear.inc
>>>>> @@ -9,13 +9,15 @@ LIC_FILES_CHKSUM =
>>>>> "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
>>>>>
>>>>> DEPENDS = "zlib"
>>>>> RPROVIDES = "ssh sshd"
>>>>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '',
>>>>> d)}"
>>>>>
>>>>> SRC_URI =
>>>>> "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
>>>>>                 file://urandom-xauth-changes-to-options.h.patch \
>>>>>                 file://configure.patch \
>>>>>                 file://fix-2kb-keys.patch \
>>>>>                 file://allow-nopw.patch;apply=no \
>>>>> -              file://init"
>>>>> +              file://init \
>>>>> +              file://dropbear-enable-pam.patch "
>>>>>
>>>>> inherit autotools update-rc.d
>>>>>
>>>>> @@ -28,6 +30,8 @@ LD = "${CC}"
>>>>> SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
>>>>> BINCOMMANDS = "dbclient ssh scp"
>>>>> EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS}
>>>>> ${BINCOMMANDS}"'
>>>>> +EXTRA_OECONF += "\
>>>>> +     ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam',
>>>>> '--disable-pam', d)}"
>>>>>
>>>>> DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks",
>>>>> "debug", "",d)}"
>>>> That one is missing a PR bump
>>> And does this mean that it also needs libpam in DEPENDS ?
>> Yes, I think so. So add the
>>
>> +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> and to all recipes which are modified

ok, I'll check all the modified recipes.

>
>>
>>>> _______________________________________________
>>>> Openembedded-core mailing list
>>>> Openembedded-core@lists.openembedded.org
>>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>>>
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 00/10] works of adding packages pam support

[Saul Wold]

On 07/21/2011 07:18 PM, Kang Kai wrote:
> On 2011年07月22日 01:02, Saul Wold wrote:
>> On 07/21/2011 01:00 AM, Kang Kai wrote:
>>> From: Kang Kai<kai.kang@windriver.com>
>>>
>>> Hi Scott,
>>>
>>> This is the current work of adding pam supports.
>>>
>>> After update libpam to 1.1.4, we enable the packages pam support. And
>>> if the pacakge
>>> doesn't have a pam configure file, import from Fedora.
>>>
>> Kai,
>>
>> Thanks for this work, you have already gotten some feedback, I have a
>> few general comments to add that are across many of these patches, so
>> I will note them here.
>>
>> Whitespace: you seem to be using tabs instead of spaces, please check
>> that you have spaces and your items are lined up. Yocto uses 4 spaces
>> for python and bb recipes and tabs for shell scripts and shell
>> functions in bb recipes.
>>
>> As has already been noted in a couple of places, ensure that you only
>> install things pam specific when the pam DISTRO_FEATURE is enabled,
>> there are multiple places that need this (not just the ones already
>> noted).
>>
>> Worth noting here also make sure you check all your PR bumps are correct.
>>
>
> Hi Saul,
>
> We will check the commits and send them again. Thanks for you comments.
>
>> Commit messages and comments for things to oe-core should talk about
>> oe-core not yocto or poky as this upsets people ;-)
>
> I am a little confused about this. Do you mean the commits about
> packages under directory meta/ should use word "oe-core" rather than
> Yocto? Would you like to tell me that how do you merge the commits,
> merge the commits to the oe-core master first and then merge the oe-core
> master to Yocto master or some branch?
>
Yocto uses oe-core, so it's merged to oe-core and the the Yocto pulls 
from oe-core.  For 1.2, we will have layering scripts that do some of this.

> At the same time, tests we did are based on core-image-sato/lsb. Should
> we test them again base on the image create by oe-core?
>
No need. your testing agains core-image-sato / lsb is fine.

Sau!

>>
>> I am going to hold of on taking this series until you fix it up.
>>
>> Sau!
>>
>
> Regards,
> Kai
>
>>
>>
>>> The following changes since commit
>>> fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>
>>> bb-matrix: correct BB and PM number canonicalization (2011-07-14
>>> 22:23:09 +0100)
>>>
>>> are available in the git repository at:
>>> git://git.pokylinux.org/poky-contrib kangkai/distro
>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits
>>>
>>>
>>> Kang Kai (5):
>>> libpam: update to 1.1.4 and add subpackage xtests
>>> cups: add pam support
>>> screen: add pam support
>>> sudo: add pam support
>>> shadow: update pam related configure files
>>>
>>> Wenzong Fan (2):
>>> cronie: enable PAM support for cronie
>>> at: enable pam support
>>>
>>> Xiaofeng Yan (3):
>>> dropbear: Support PAM
>>> openssh: Support PAM
>>> polkit: Support PAM
>>>
>>> .../openssh/openssh-5.8p2/sshd | 10 +
>>> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
>>> meta/recipes-core/dropbear/dropbear.inc | 6 +-
>>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
>>> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
>>> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
>>> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
>>> .../cronie/cronie/crond_pam_config.patch | 13 ++
>>> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
>>> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
>>> .../pam/libpam/libpam-xtests.patch | 35 ++++
>>> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
>>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
>>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
>>> .../screen/screen-4.0.3/screen.pamd | 2 +
>>> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
>>> .../shadow/files/shadow-update-pam-conf.patch | 175 ++++++++++++++++++++
>>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
>>> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
>>> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
>>> 20 files changed, 389 insertions(+), 28 deletions(-)
>>> create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>>> create mode 100644
>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>> create mode 100644
>>> meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>>> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>>> create mode 100644
>>> meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>>> create mode 100644 meta/recipes-extended/pam/libpam/libpam-xtests.patch
>>> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}
>>> (85%)
>>> create mode 100644
>>> meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>> create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>>> create mode 100644
>>> meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>>> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>>>
>
>

Re: [PATCH 00/10] works of adding packages pam support

[Kang Kai]

On 2011年07月22日 11:10, Saul Wold wrote:
> On 07/21/2011 07:18 PM, Kang Kai wrote:
>> On 2011年07月22日 01:02, Saul Wold wrote:
>>> On 07/21/2011 01:00 AM, Kang Kai wrote:
>>>> From: Kang Kai<kai.kang@windriver.com>
>>>>
>>>> Hi Scott,
>>>>
>>>> This is the current work of adding pam supports.
>>>>
>>>> After update libpam to 1.1.4, we enable the packages pam support. And
>>>> if the pacakge
>>>> doesn't have a pam configure file, import from Fedora.
>>>>
>>> Kai,
>>>
>>> Thanks for this work, you have already gotten some feedback, I have a
>>> few general comments to add that are across many of these patches, so
>>> I will note them here.
>>>
>>> Whitespace: you seem to be using tabs instead of spaces, please check
>>> that you have spaces and your items are lined up. Yocto uses 4 spaces
>>> for python and bb recipes and tabs for shell scripts and shell
>>> functions in bb recipes.
>>>
>>> As has already been noted in a couple of places, ensure that you only
>>> install things pam specific when the pam DISTRO_FEATURE is enabled,
>>> there are multiple places that need this (not just the ones already
>>> noted).
>>>
>>> Worth noting here also make sure you check all your PR bumps are 
>>> correct.
>>>
>>
>> Hi Saul,
>>
>> We will check the commits and send them again. Thanks for you comments.
>>
>>> Commit messages and comments for things to oe-core should talk about
>>> oe-core not yocto or poky as this upsets people ;-)
>>
>> I am a little confused about this. Do you mean the commits about
>> packages under directory meta/ should use word "oe-core" rather than
>> Yocto? Would you like to tell me that how do you merge the commits,
>> merge the commits to the oe-core master first and then merge the oe-core
>> master to Yocto master or some branch?
>>
> Yocto uses oe-core, so it's merged to oe-core and the the Yocto pulls 
> from oe-core.  For 1.2, we will have layering scripts that do some of 
> this.

Thanks, I got it.

>
>> At the same time, tests we did are based on core-image-sato/lsb. Should
>> we test them again base on the image create by oe-core?
>>
> No need. your testing agains core-image-sato / lsb is fine.
>
> Sau!
>
>>>
>>> I am going to hold of on taking this series until you fix it up.
>>>
>>> Sau!
>>>
>>
>> Regards,
>> Kai
>>
>>>
>>>
>>>> The following changes since commit
>>>> fa4bcfdb73167f8159b88e5a4d711c0d37627a70:
>>>>
>>>> bb-matrix: correct BB and PM number canonicalization (2011-07-14
>>>> 22:23:09 +0100)
>>>>
>>>> are available in the git repository at:
>>>> git://git.pokylinux.org/poky-contrib kangkai/distro
>>>> http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kangkai/pam-commits 
>>>>
>>>>
>>>>
>>>> Kang Kai (5):
>>>> libpam: update to 1.1.4 and add subpackage xtests
>>>> cups: add pam support
>>>> screen: add pam support
>>>> sudo: add pam support
>>>> shadow: update pam related configure files
>>>>
>>>> Wenzong Fan (2):
>>>> cronie: enable PAM support for cronie
>>>> at: enable pam support
>>>>
>>>> Xiaofeng Yan (3):
>>>> dropbear: Support PAM
>>>> openssh: Support PAM
>>>> polkit: Support PAM
>>>>
>>>> .../openssh/openssh-5.8p2/sshd | 10 +
>>>> meta/recipes-connectivity/openssh/openssh_5.8p2.bb | 7 +-
>>>> meta/recipes-core/dropbear/dropbear.inc | 6 +-
>>>> .../dropbear/dropbear/dropbear-enable-pam.patch | 21 +++
>>>> .../at/at-3.1.12/configure-add-enable-pam.patch | 23 +++
>>>> meta/recipes-extended/at/at-3.1.12/pam.conf.patch | 16 ++
>>>> meta/recipes-extended/at/at_3.1.12.bb | 13 +-
>>>> .../cronie/cronie/crond_pam_config.patch | 13 ++
>>>> meta/recipes-extended/cronie/cronie_1.4.7.bb | 9 +-
>>>> meta/recipes-extended/cups/cups_1.4.6.bb | 8 +-
>>>> .../pam/libpam/libpam-xtests.patch | 35 ++++
>>>> .../pam/{libpam_1.1.3.bb => libpam_1.1.4.bb} | 14 +-
>>>> .../polkit/polkit-0.101/polkit-1_pam.patch | 23 +++
>>>> meta/recipes-extended/polkit/polkit_0.101.bb | 6 +-
>>>> .../screen/screen-4.0.3/screen.pamd | 2 +
>>>> meta/recipes-extended/screen/screen_4.0.3.bb | 14 +-
>>>> .../shadow/files/shadow-update-pam-conf.patch | 175 
>>>> ++++++++++++++++++++
>>>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb | 5 +-
>>>> meta/recipes-extended/sudo/files/sudo.pamd | 6 +
>>>> meta/recipes-extended/sudo/sudo_1.8.1p2.bb | 11 +-
>>>> 20 files changed, 389 insertions(+), 28 deletions(-)
>>>> create mode 100644 
>>>> meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>>>> create mode 100644
>>>> meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>>>> create mode 100644
>>>> meta/recipes-extended/at/at-3.1.12/configure-add-enable-pam.patch
>>>> create mode 100644 meta/recipes-extended/at/at-3.1.12/pam.conf.patch
>>>> create mode 100644
>>>> meta/recipes-extended/cronie/cronie/crond_pam_config.patch
>>>> create mode 100644 
>>>> meta/recipes-extended/pam/libpam/libpam-xtests.patch
>>>> rename meta/recipes-extended/pam/{libpam_1.1.3.bb => libpam_1.1.4.bb}
>>>> (85%)
>>>> create mode 100644
>>>> meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>> create mode 100644 
>>>> meta/recipes-extended/screen/screen-4.0.3/screen.pamd
>>>> create mode 100644
>>>> meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>>>> create mode 100644 meta/recipes-extended/sudo/files/sudo.pamd
>>>>
>>
>>

Re: [PATCH 09/10] shadow: update pam related configure files

[Kang Kai]

On 2011年07月21日 16:58, Koen Kooi wrote:
> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>
>> From: Kang Kai<kai.kang@windriver.com>
>>
>> add shadow-update-pam-conf.patch to update the pam related configure files
>> in Yocto way rather than Fedora.
> I'm not entirely sure, but do the updated conf files need something like http://cgit.openembedded.org/cgit.cgi/openembedded-core/commit/?id=b90e9c2318fc421f37c57788ece54ce791a90b62 as well?

ok, I'll check the commits for module selinux

>
>
>> Signed-off-by: Kang Kai<kai.kang@windriver.com>
>> ---
>> .../shadow/files/shadow-update-pam-conf.patch      |  175 ++++++++++++++++++++
>> meta/recipes-extended/shadow/shadow_4.1.4.3.bb     |    5 +-
>> 2 files changed, 178 insertions(+), 2 deletions(-)
>> create mode 100644 meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>>
>> diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>> new file mode 100644
>> index 0000000..33789f5
>> --- /dev/null
>> +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
>> @@ -0,0 +1,175 @@
>> +The system-auth in the configure files is from Fedora which put all the 4 pam type rules
>> +in one file.
>> +In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
>> +common-password and common-session.
>> +So update them in Yocto way.
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Kang Kai<kai.kang@windriver.com>
>> +
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chage	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chage	2011-07-20 19:03:08.964844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chfn shadow-4.1.4.3/etc/pam.d/chfn
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chfn	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chfn	2011-07-20 19:03:17.804844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chgpasswd	2011-07-20 19:03:26.544844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chpasswd shadow-4.1.4.3/etc/pam.d/chpasswd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chpasswd	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chpasswd	2011-07-20 19:03:42.724844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chsh shadow-4.1.4.3/etc/pam.d/chsh
>> +--- shadow-4.1.4.3/etc/pam.d.orig/chsh	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/chsh	2011-07-20 19:03:51.524844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupadd	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupadd	2011-07-20 19:04:08.124844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupdel	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupdel	2011-07-20 19:04:26.114844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmems	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupmems	2011-07-20 19:04:35.074844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod
>> +--- shadow-4.1.4.3/etc/pam.d.orig/groupmod	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/groupmod	2011-07-20 19:04:44.864844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/login shadow-4.1.4.3/etc/pam.d/login
>> +--- shadow-4.1.4.3/etc/pam.d.orig/login	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/login	2011-07-20 19:05:36.924844958 +0800
>> +@@ -1,11 +1,11 @@
>> + #%PAM-1.0
>> + auth		required	pam_securetty.so
>> +-auth		include		system-auth
>> ++auth		include		common-auth
>> + account		required	pam_nologin.so
>> +-account		include		system-auth
>> +-password	include		system-auth
>> ++account		include		common-account
>> ++password	include		common-password
>> + session		required	pam_selinux.so close
>> +-session		include		system-auth
>> ++session		include		common-session
>> + session		required	pam_loginuid.so
>> + session		optional	pam_console.so
>> + session		required	pam_selinux.so open
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/newusers shadow-4.1.4.3/etc/pam.d/newusers
>> +--- shadow-4.1.4.3/etc/pam.d.orig/newusers	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/newusers	2011-07-20 19:05:49.344844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/passwd shadow-4.1.4.3/etc/pam.d/passwd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/passwd	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/passwd	2011-07-20 19:06:29.014844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> +-auth		include		system-auth
>> +-account		include		system-auth
>> +-password	include		system-auth
>> ++auth		include		common-auth
>> ++account		include		common-account
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/su shadow-4.1.4.3/etc/pam.d/su
>> +--- shadow-4.1.4.3/etc/pam.d.orig/su	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/su	2011-07-20 19:07:07.584844958 +0800
>> +@@ -4,10 +4,10 @@
>> + #auth		sufficient	pam_wheel.so trust use_uid
>> + # Uncomment the following line to require a user to be in the "wheel" group.
>> + auth		required	pam_wheel.so use_uid
>> +-auth		include		system-auth
>> +-account		include		system-auth
>> +-password	include		system-auth
>> ++auth		include		common-auth
>> ++account		include		common-account
>> ++password	include		common-password
>> + session		required	pam_selinux.so close
>> +-session		include		system-auth
>> ++session		include		common-session
>> + session		required	pam_selinux.so open multiple
>> + session		optional	pam_xauth.so
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd
>> +--- shadow-4.1.4.3/etc/pam.d.orig/useradd	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/useradd	2011-07-20 19:07:26.244844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel
>> +--- shadow-4.1.4.3/etc/pam.d.orig/userdel	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/userdel	2011-07-20 19:07:35.734844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> +diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod
>> +--- shadow-4.1.4.3/etc/pam.d.orig/usermod	2011-07-20 19:02:27.384844958 +0800
>> ++++ shadow-4.1.4.3/etc/pam.d/usermod	2011-07-20 19:07:42.024844958 +0800
>> +@@ -1,4 +1,4 @@
>> + #%PAM-1.0
>> + auth		sufficient	pam_rootok.so
>> + account		required	pam_permit.so
>> +-password	include		system-auth
>> ++password	include		common-password
>> diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
>> index 5731a26..0e6ba871 100644
>> --- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
>> +++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
>> @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
>>
>> DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
>> RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
>> -PR = "r2"
>> +PR = "r3"
>>
>> SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz2 \
>>             file://login_defs_pam.sed \
>> @@ -19,7 +19,8 @@ SRC_URI = "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-${PV}.tar.bz
>>             file://shadow-4.1.3-dots-in-usernames.patch \
>>             file://shadow-4.1.4.2-env-reset-keep-locale.patch \
>>             file://shadow-4.1.4.2-groupmod-pam-check.patch \
>> -           file://shadow-4.1.4.2-su_no_sanitize_env.patch"
>> +           file://shadow-4.1.4.2-su_no_sanitize_env.patch \
>> +		   file://shadow-update-pam-conf.patch"
>>
>> SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79"
>> SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778"
>> -- 
>> 1.7.5.1.300.gc565c
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 04/10] polkit: Support PAM

[Kang Kai]

On 2011年07月21日 17:59, Koen Kooi wrote:
> Op 21 jul. 2011, om 11:49 heeft Kang Kai het volgende geschreven:
>
>> On 2011年07月21日 16:59, Koen Kooi wrote:
>>> Op 21 jul. 2011, om 10:00 heeft Kang Kai het volgende geschreven:
>>>
>>>> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>>
>>>> Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.
>>>>
>>>> Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>> ---
>>>> .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++++++++++++++++
>>>> meta/recipes-extended/polkit/polkit_0.101.bb       |    6 +++-
>>>> 2 files changed, 27 insertions(+), 2 deletions(-)
>>>> create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>>
>>>> diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>> new file mode 100644
>>>> index 0000000..fa145ac
>>>> --- /dev/null
>>>> +++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>>>> @@ -0,0 +1,23 @@
>>>> +polkit: No system-auth in poky, we can use common-* in place of it.
>>> Poky or oe-core? And can we provide system-auth instead of patching the world?
>> system-auth is the Fedora common pam configure file and auto generated by command authconfig. It contains all 4 types(auth, account, password and session) default config. But in Yocto
> Hmm, poky, oe-core or yocto? Which is it :)

Sorry, I will care that :)

>
>> we follow Debian/Ubuntu with separated files for default config: common-auth, common-account etc.
>> So that we didn't import the system-auth file .
>>
>>>
>>>> +
>>>> +Upstream-Status:Inappropriate [configuration]
>>>> +
>>>> +Signed-off-by: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>>>> +
>>>> +--- a/configure.ac	2011-03-04 02:26:20.000000000 +0800
>>>> ++++ b/configure.ac.new	2011-07-18 10:14:12.516818852 +0800
>>>> +@@ -350,10 +350,10 @@
>>>> +     PAM_FILE_INCLUDE_PASSWORD=system
>>>> +     PAM_FILE_INCLUDE_SESSION=system
>>>> + else
>>>> +-   PAM_FILE_INCLUDE_AUTH=system-auth
>>>> +-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
>>>> +-   PAM_FILE_INCLUDE_PASSWORD=system-auth
>>>> +-   PAM_FILE_INCLUDE_SESSION=system-auth
>>>> ++   PAM_FILE_INCLUDE_AUTH=common-auth
>>>> ++   PAM_FILE_INCLUDE_ACCOUNT=common-account
>>>> ++   PAM_FILE_INCLUDE_PASSWORD=common-password
>>>> ++   PAM_FILE_INCLUDE_SESSION=common-session
>>>> + fi
>>>> +
>>>> + AC_SUBST(PAM_FILE_INCLUDE_AUTH)
>>>> diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
>>>> index 6769914..da1d581 100644
>>>> --- a/meta/recipes-extended/polkit/polkit_0.101.bb
>>>> +++ b/meta/recipes-extended/polkit/polkit_0.101.bb
>>>> @@ -7,8 +7,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
>>>>                      file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
>>>>
>>>> SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
>>>> -           file://introspection.patch"
>>>> -PR = "r0"
>>>> +           file://introspection.patch \
>>>> +           file://polkit-1_pam.patch"
>>>> +
>>>> +PR = "r1"
>>>> DEPENDS = "libpam expat dbus-glib eggdbus intltool"
>>>> RDEPENDS_${PN} = "libpam"
>>>> EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
>>>> -- 
>>>> 1.7.5.1.300.gc565c
>>>>
>>>>
>>>> _______________________________________________
>>>> Openembedded-core mailing list
>>>> Openembedded-core@lists.openembedded.org
>>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core