lfs/BMLFS
1
0
Fork 0
mirror of https://github.com/dslm4515/BMLFS.git synced 2025-08-03 16:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
BMLFS/build-scripts/shadow.rebuild
dslm4515 a9d13b5e1a Updated shadow rebuild for 4.17.2
2025-06-15 14:41:13 -05:00

164 lines
5.9 KiB
Bash
Raw Permalink Blame History

#! /bin/bash
# Shadow Rebuild with PAM support
# Source: https://github.com/shadow-maint/shadow/releases/download/4.17.2/shadow-4.17.2.tar.xz
#
# $BUILD = Directory to temporarily install
# $PKGS = Directory to store built packages
#
# DEPS
# Required: Linux-PAM (for PAM support) and/or CrackLib (cracklib support)
# Optional: None
# If optimizing, use these flags with LTO (-flto=4)
export CFLAGS="-march=native -mtune=native -O3 -g -pipe -fno-semantic-interposition "
export CFLAGS+="-ffat-lto-objects -fstack-protector-strong -fzero-call-used-regs=used "
export LDFLAGS="-Wl,-O2 -Wl,--as-needed "
# Disable the installation of the groups program and its man pages,
# as Coreutils provides a better version
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \;
# Per LFS, Instead of using the default crypt method, use the more
# secure YESCRYPT method of password encryption, which also allows
# passwords longer than 8 characters. If libxcrypt was not installed,
# then set the default crypt method to SHA512.
# Also change the obsolete /var/spool/mail location for user
# mailboxes that Shadow uses by default to the /var/mail location
# used currently
sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' \
-e 's:/var/spool/mail:/var/mail:' \
-e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \
-i etc/login.defs
# Musl & shadow define ROUNDS_MAX differently. Musl defines it as
# 7 digits long but shadow defines it as 9 digits long. This means
# shadow can potentionally request a larger number of rounds than
# supported by musl. Change shadow's ROUND_MAX to match musl.
# https://github.com/dslm4515/Musl-LFS/issues/79
sed -i -e 's/^\(#define SHA_ROUNDS_MAX 9999999\)99/\1/' lib/salt.c
# Apply patch from Chimera linux for xstrdup
#patch -Np1 -i ../patches/shadow-chimera/xstrdup.patch
# Configure
LIBS="-lutmps -lskarnet" \
./configure --sysconfdir=/etc \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libdir=/usr/lib \
--with-group-name-max-length=32 \
--without-libbsd \
--enable-lastlog \
--with-acl -with-attr \
--without-nscd \
--disable-nls \
--enable-subordinate-ids \
--disable-account-tools-setuid \
--enable-shared \
--with-{b,yes}crypt $BUILDTRUPLE &&
read -p "Compile?" && make -j2 &&
read -p "Press Enter to install" &&
# if not using a package manager:
# make exec_prefix=/usr pamddir= install
# if using pkgtools from Slackware, then:
su -c "make DESTDIR=$BUILD exec_prefix=/usr pamddir= install"
su -c "mkdir -pv ${BUILD}/etc/default"
cat > /tmp/useradd << "EOF"
GROUP=999
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
EOF
su -c "mv /tmp/useradd ${BUILD}/etc/default/"
# move misplaces binaries
su -C "mkdir -pv ${BUILD}/{bin,sbin}"
for b in passwd login su
do
su -c "mv -v ${BUILD}/usr/bin/$b ${BUILD}/bin/"
done
su -c "mv -v ${BUILD}/usr/sbin/nologin ${BUILD}/sbin/"
for c in chage login passwd su
do
su -c "cp -v ../files/shadow-lfs/$c ${BUILD}/etc/pam.d/"
done
cd $BUILD && su -c "mkdir -v install" &&
su -c "install -v -m644 etc/login.defs etc/login.defs.orig" &&
for FUNCTION in FAIL_DELAY \
FAILLOG_ENAB \
LASTLOG_ENAB \
MAIL_CHECK_ENAB \
OBSCURE_CHECKS_ENAB \
PORTTIME_CHECKS_ENAB \
QUOTAS_ENAB \
CONSOLE MOTD_FILE \
FTMP_FILE NOLOGINS_FILE \
ENV_HZ PASS_MIN_LEN \
SU_WHEEL_ONLY \
CRACKLIB_DICTPATH \
PASS_CHANGE_TRIES \
PASS_ALWAYS_WARN \
CHFN_AUTH ENCRYPT_METHOD \
ENVIRON_FILE
do
su -c 'sed -i "s/^${FUNCTION}/# &/" etc/login.defs'
done
for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
groupmems groupmod newusers useradd userdel usermod
do
su -c "install -v -m644 etc/pam.d/chage etc/pam.d/${PROGRAM}"
su -c 'sed -i "s/chage/$PROGRAM/" etc/pam.d/${PROGRAM}'
done
cat > /tmp/slack-desc << "EOF"
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
# on the right side marks the last column you can put a character in. You must
# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
shadow: shadow (shadow password suite with Linux-Pam support)
shadow:
shadow: This set of login related programs utilizes an alternate, non-readable
shadow: file to contain the actual encrypted passwords. This is presumed to
shadow: increase system security by increasing the difficulty with which
shadow: system crackers obtain encrypted passwords. It was written by
shadow: Julianne Frances Haugh and the Linux port is maintained by Tomasz
shadow: Kloczko.
shadow:
shadow: Homepage: https://github.com/shadow-maint/shadow
shadow:
EOF
su -c "mv /tmp/slack-desc install/" &&
read -p "Enter to build package" &&
su -c "makepkg -l y -c n $PKGS/shadow-4.17.2-$PSUFFIX" &&
cp -v install/doinst.sh /tmp/
cat >> /tmp/doinst.sh << "EOF"
[ -f /etc/login.access ] && mv -v /etc/login.access{,.NOUSE}
[ -f /etc/limits ] && mv -v /etc/limits{,.NOUSE}
EOF
su -c "cp -v /tmp/doinst.sh install/"
su -c "makepkg -l y -c n $PKGS/shadow-4.17.2-$PSUFFIX" &&
su -c "rm -rf $BUILD/*"
Reference in New Issue View Git Blame Copy Permalink