#! /bin/bash # Shadow Rebuild with PAM support # Source: https://github.com/shadow-maint/shadow/releases/download/4.17.2/shadow-4.17.2.tar.xz # # $BUILD = Directory to temporarily install # $PKGS = Directory to store built packages # # DEPS # Required: Linux-PAM (for PAM support) and/or CrackLib (cracklib support) # Optional: None # If optimizing, use these flags with LTO (-flto=4) export CFLAGS="-march=native -mtune=native -O3 -g -pipe -fno-semantic-interposition " export CFLAGS+="-ffat-lto-objects -fstack-protector-strong -fzero-call-used-regs=used " export LDFLAGS="-Wl,-O2 -Wl,--as-needed " # Disable the installation of the groups program and its man pages, # as Coreutils provides a better version sed -i 's/groups$(EXEEXT) //' src/Makefile.in find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \; find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \; # Per LFS, Instead of using the default crypt method, use the more # secure YESCRYPT method of password encryption, which also allows # passwords longer than 8 characters. If libxcrypt was not installed, # then set the default crypt method to SHA512. # Also change the obsolete /var/spool/mail location for user # mailboxes that Shadow uses by default to the /var/mail location # used currently sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' \ -e 's:/var/spool/mail:/var/mail:' \ -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ -i etc/login.defs # Musl & shadow define ROUNDS_MAX differently. Musl defines it as # 7 digits long but shadow defines it as 9 digits long. This means # shadow can potentionally request a larger number of rounds than # supported by musl. Change shadow's ROUND_MAX to match musl. # https://github.com/dslm4515/Musl-LFS/issues/79 sed -i -e 's/^\(#define SHA_ROUNDS_MAX 9999999\)99/\1/' lib/salt.c # Apply patch from Chimera linux for xstrdup #patch -Np1 -i ../patches/shadow-chimera/xstrdup.patch # Configure LIBS="-lutmps -lskarnet" \ ./configure --sysconfdir=/etc \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libdir=/usr/lib \ --with-group-name-max-length=32 \ --without-libbsd \ --enable-lastlog \ --with-acl -with-attr \ --without-nscd \ --disable-nls \ --enable-subordinate-ids \ --disable-account-tools-setuid \ --enable-shared \ --with-{b,yes}crypt $BUILDTRUPLE && read -p "Compile?" && make -j2 && read -p "Press Enter to install" && # if not using a package manager: # make exec_prefix=/usr pamddir= install # if using pkgtools from Slackware, then: su -c "make DESTDIR=$BUILD exec_prefix=/usr pamddir= install" su -c "mkdir -pv ${BUILD}/etc/default" cat > /tmp/useradd << "EOF" GROUP=999 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=no EOF su -c "mv /tmp/useradd ${BUILD}/etc/default/" # move misplaces binaries su -C "mkdir -pv ${BUILD}/{bin,sbin}" for b in passwd login su do su -c "mv -v ${BUILD}/usr/bin/$b ${BUILD}/bin/" done su -c "mv -v ${BUILD}/usr/sbin/nologin ${BUILD}/sbin/" for c in chage login passwd su do su -c "cp -v ../files/shadow-lfs/$c ${BUILD}/etc/pam.d/" done cd $BUILD && su -c "mkdir -v install" && su -c "install -v -m644 etc/login.defs etc/login.defs.orig" && for FUNCTION in FAIL_DELAY \ FAILLOG_ENAB \ LASTLOG_ENAB \ MAIL_CHECK_ENAB \ OBSCURE_CHECKS_ENAB \ PORTTIME_CHECKS_ENAB \ QUOTAS_ENAB \ CONSOLE MOTD_FILE \ FTMP_FILE NOLOGINS_FILE \ ENV_HZ PASS_MIN_LEN \ SU_WHEEL_ONLY \ CRACKLIB_DICTPATH \ PASS_CHANGE_TRIES \ PASS_ALWAYS_WARN \ CHFN_AUTH ENCRYPT_METHOD \ ENVIRON_FILE do su -c 'sed -i "s/^${FUNCTION}/# &/" etc/login.defs' done for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \ groupmems groupmod newusers useradd userdel usermod do su -c "install -v -m644 etc/pam.d/chage etc/pam.d/${PROGRAM}" su -c 'sed -i "s/chage/$PROGRAM/" etc/pam.d/${PROGRAM}' done cat > /tmp/slack-desc << "EOF" # HOW TO EDIT THIS FILE: # The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' # on the right side marks the last column you can put a character in. You must # make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| shadow: shadow (shadow password suite with Linux-Pam support) shadow: shadow: This set of login related programs utilizes an alternate, non-readable shadow: file to contain the actual encrypted passwords. This is presumed to shadow: increase system security by increasing the difficulty with which shadow: system crackers obtain encrypted passwords. It was written by shadow: Julianne Frances Haugh and the Linux port is maintained by Tomasz shadow: Kloczko. shadow: shadow: Homepage: https://github.com/shadow-maint/shadow shadow: EOF su -c "mv /tmp/slack-desc install/" && read -p "Enter to build package" && su -c "makepkg -l y -c n $PKGS/shadow-4.17.2-$PSUFFIX" && cp -v install/doinst.sh /tmp/ cat >> /tmp/doinst.sh << "EOF" [ -f /etc/login.access ] && mv -v /etc/login.access{,.NOUSE} [ -f /etc/limits ] && mv -v /etc/limits{,.NOUSE} EOF su -c "cp -v /tmp/doinst.sh install/" su -c "makepkg -l y -c n $PKGS/shadow-4.17.2-$PSUFFIX" && su -c "rm -rf $BUILD/*"