From patchwork Mon Dec 2 10:53:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Markus Volk X-Patchwork-Id: 53453 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BCBAD78308 for ; Mon, 2 Dec 2024 10:53:58 +0000 (UTC) Received: from mailout09.t-online.de (mailout09.t-online.de [194.25.134.84]) by mx.groups.io with SMTP id smtpd.web10.170637.1733136829924705463 for ; Mon, 02 Dec 2024 02:53:50 -0800 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: t-online.de, ip: 194.25.134.84, mailfrom: f_l_k@t-online.de) Received: from fwd88.aul.t-online.de (fwd88.aul.t-online.de [10.223.144.114]) by mailout09.t-online.de (Postfix) with SMTP id 03463563 for ; Mon, 2 Dec 2024 11:53:48 +0100 (CET) Received: from intel-corei7-64.fritz.box ([84.154.160.60]) by fwd88.t-online.de with (TLSv1.3:TLS_AES_256_GCM_SHA384 encrypted) esmtp id 1tI43n-3JMmbh0; Mon, 2 Dec 2024 11:53:47 +0100 From: Markus Volk To: openembedded-core@lists.openembedded.org Subject: [RFC][oe-core][PATCH] pam: update 1.6.1 -> 1.7.0 Date: Mon, 2 Dec 2024 11:53:39 +0100 Message-ID: <20241202105339.58026-1-f_l_k@t-online.de> X-Mailer: git-send-email 2.47.0 MIME-Version: 1.0 X-TOI-EXPURGATEID: 150726::1733136827-F4FFFC42-8B1B6C63/0/0 CLEAN NORMAL X-TOI-MSGID: f5d13991-d1b4-4b83-866c-8da11aea4040 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Dec 2024 10:53:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/208137 - switch to meson build system I've been testing this patch for a few days now. In libpam the autotools buildsystem was removed. This patch switches to meson. The libpam recipe was split into two parts and now compiles twice. First only the libs are packaged and afterwards the libpam modules. This breaks a dependency loop and makes it possible to link against systemd to enable 'logind' support for the modules. The patch is invasive, but my tests so far are promising. It compiles for x86-64/arm/arm64 and mutlilib and it seems to fix the build for libpam-native (and a missing DISTRO_FEATURES issue). Although not yet compilable, it also reduces the dependency loops between systemd<->shadow and should allow to build pam without systemd in DISTRO_FEATURES One file is still packed into libpam-modules. This should be moved to the appropriate module, but I'm not sure what the /run/sepermit directory is needed for. There is also a patch added that fixes a problem in meson when checking for keyring. But when I wanted to send it upstream, I saw that the problem was already solved and submitted nicer by Alexander Kanavin The ptest part is also still missing. When xtests is enabled, the tests compile without errors, but by default they are neither built nor installed. So I wanted to ask first, what of this is still needed? Signed-off-by: Markus Volk --- meta/conf/distro/include/maintainers.inc | 1 + .../0001-meson.build-fix-keyring-check.patch | 39 ++++ .../pam/{libpam => files}/99_pam | 0 .../pam/{libpam => files}/libpam-xtests.patch | 0 .../pam/{libpam => files}/pam-volatiles.conf | 0 .../{libpam => files}/pam.d/common-account | 0 .../pam/{libpam => files}/pam.d/common-auth | 0 .../{libpam => files}/pam.d/common-password | 0 .../{libpam => files}/pam.d/common-session | 0 .../pam.d/common-session-noninteractive | 0 .../pam/{libpam => files}/pam.d/other | 0 .../pam/{libpam => files}/run-ptest | 0 meta/recipes-extended/pam/libpam-modules.bb | 110 ++++++++++ meta/recipes-extended/pam/libpam.bb | 16 ++ meta/recipes-extended/pam/libpam.inc | 56 ++++++ meta/recipes-extended/pam/libpam_1.6.1.bb | 190 ------------------ 16 files changed, 222 insertions(+), 190 deletions(-) create mode 100644 meta/recipes-extended/pam/files/0001-meson.build-fix-keyring-check.patch rename meta/recipes-extended/pam/{libpam => files}/99_pam (100%) rename meta/recipes-extended/pam/{libpam => files}/libpam-xtests.patch (100%) rename meta/recipes-extended/pam/{libpam => files}/pam-volatiles.conf (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-account (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-auth (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-password (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-session (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-session-noninteractive (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/other (100%) rename meta/recipes-extended/pam/{libpam => files}/run-ptest (100%) create mode 100644 meta/recipes-extended/pam/libpam-modules.bb create mode 100644 meta/recipes-extended/pam/libpam.bb create mode 100644 meta/recipes-extended/pam/libpam.inc delete mode 100644 meta/recipes-extended/pam/libpam_1.6.1.bb diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 9151a348ee..0f375c146e 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -370,6 +370,7 @@ RECIPE_MAINTAINER:pn-libnss-mdns = "Alexander Kanavin " RECIPE_MAINTAINER:pn-libnss-nis = "Khem Raj " RECIPE_MAINTAINER:pn-libogg = "Anuj Mittal " RECIPE_MAINTAINER:pn-libpam = "Anuj Mittal " +RECIPE_MAINTAINER:pn-libpam-modules = "Unassigned " RECIPE_MAINTAINER:pn-libpcap = "Anuj Mittal " RECIPE_MAINTAINER:pn-libpciaccess = "Wang Mingyu " RECIPE_MAINTAINER:pn-libpcre = "Yi Zhao " diff --git a/meta/recipes-extended/pam/files/0001-meson.build-fix-keyring-check.patch b/meta/recipes-extended/pam/files/0001-meson.build-fix-keyring-check.patch new file mode 100644 index 0000000000..6cd3ab4724 --- /dev/null +++ b/meta/recipes-extended/pam/files/0001-meson.build-fix-keyring-check.patch @@ -0,0 +1,39 @@ +From 5dbe719b22e9e779ef44cbe5b01a4235eaf02132 Mon Sep 17 00:00:00 2001 +From: Markus Volk +Date: Sat, 30 Nov 2024 13:53:49 +0100 +Subject: [PATCH] meson.build: fix keyring check + +The check for enable_pam_keyinit fails with -1 + +Signed-off-by: Markus Volk + +Upstream-Status: Pending [] +--- + meson.build | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 2be21282..444e626c 100644 +--- a/meson.build ++++ b/meson.build +@@ -198,7 +198,16 @@ foreach ident: check_functions + endif + endforeach + +-enable_pam_keyinit = cc.sizeof('__NR_keyctl', prefix: '#include ') > 0 ++enable_pam_keyinit = \ ++ cc.compiles(''' ++ #include ++ #include ++ #include ++ #include ++ #include ++ int main(void) { ++ return syscall(__NR_keyctl, KEYCTL_READ, 0, NULL, NULL, 0); ++ }''') + + if get_option('mailspool') != '' + cdata.set_quoted('PAM_PATH_MAILDIR', get_option('mailspool')) +-- +2.47.0 + diff --git a/meta/recipes-extended/pam/libpam/99_pam b/meta/recipes-extended/pam/files/99_pam similarity index 100% rename from meta/recipes-extended/pam/libpam/99_pam rename to meta/recipes-extended/pam/files/99_pam diff --git a/meta/recipes-extended/pam/libpam/libpam-xtests.patch b/meta/recipes-extended/pam/files/libpam-xtests.patch similarity index 100% rename from meta/recipes-extended/pam/libpam/libpam-xtests.patch rename to meta/recipes-extended/pam/files/libpam-xtests.patch diff --git a/meta/recipes-extended/pam/libpam/pam-volatiles.conf b/meta/recipes-extended/pam/files/pam-volatiles.conf similarity index 100% rename from meta/recipes-extended/pam/libpam/pam-volatiles.conf rename to meta/recipes-extended/pam/files/pam-volatiles.conf diff --git a/meta/recipes-extended/pam/libpam/pam.d/common-account b/meta/recipes-extended/pam/files/pam.d/common-account similarity index 100% rename from meta/recipes-extended/pam/libpam/pam.d/common-account rename to meta/recipes-extended/pam/files/pam.d/common-account diff --git a/meta/recipes-extended/pam/libpam/pam.d/common-auth b/meta/recipes-extended/pam/files/pam.d/common-auth similarity index 100% rename from meta/recipes-extended/pam/libpam/pam.d/common-auth rename to meta/recipes-extended/pam/files/pam.d/common-auth diff --git a/meta/recipes-extended/pam/libpam/pam.d/common-password b/meta/recipes-extended/pam/files/pam.d/common-password similarity index 100% rename from meta/recipes-extended/pam/libpam/pam.d/common-password rename to meta/recipes-extended/pam/files/pam.d/common-password diff --git a/meta/recipes-extended/pam/libpam/pam.d/common-session b/meta/recipes-extended/pam/files/pam.d/common-session similarity index 100% rename from meta/recipes-extended/pam/libpam/pam.d/common-session rename to meta/recipes-extended/pam/files/pam.d/common-session diff --git a/meta/recipes-extended/pam/libpam/pam.d/common-session-noninteractive b/meta/recipes-extended/pam/files/pam.d/common-session-noninteractive similarity index 100% rename from meta/recipes-extended/pam/libpam/pam.d/common-session-noninteractive rename to meta/recipes-extended/pam/files/pam.d/common-session-noninteractive diff --git a/meta/recipes-extended/pam/libpam/pam.d/other b/meta/recipes-extended/pam/files/pam.d/other similarity index 100% rename from meta/recipes-extended/pam/libpam/pam.d/other rename to meta/recipes-extended/pam/files/pam.d/other diff --git a/meta/recipes-extended/pam/libpam/run-ptest b/meta/recipes-extended/pam/files/run-ptest similarity index 100% rename from meta/recipes-extended/pam/libpam/run-ptest rename to meta/recipes-extended/pam/files/run-ptest diff --git a/meta/recipes-extended/pam/libpam-modules.bb b/meta/recipes-extended/pam/libpam-modules.bb new file mode 100644 index 0000000000..7903c6d6f8 --- /dev/null +++ b/meta/recipes-extended/pam/libpam-modules.bb @@ -0,0 +1,110 @@ +require libpam.inc + +PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" + +PACKAGES += "libpam-runtime" + +FILES:${PN} = " \ + ${nonarch_libdir}/tmpfiles.d/*.conf \ +" +FILES:${PN}-dev += "${nonarch_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}" +FILES:libpam-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}" + +# libpam installs /etc/environment for use with the pam_env plugin. Make sure it is +# packaged with the pam-plugin-env package to avoid breaking installations which +# install that file via other packages +FILES:pam-plugin-env = "${sysconfdir}/environment" + +PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*" + +def get_multilib_bit(d): + baselib = d.getVar('baselib') or '' + return baselib.replace('lib', '') + +libpam_suffix = "suffix${@get_multilib_bit(d)}" + +RPROVIDES:${PN} += "libpam-modules-${libpam_suffix} libpam-runtime" +RPROVIDES:libpam-runtime += "libpam-runtime-${libpam_suffix}" + +RDEPENDS:libpam-runtime = "${MLPREFIX}libpam libpam-modules-${libpam_suffix} \ + ${MLPREFIX}pam-plugin-deny-${libpam_suffix} \ + ${MLPREFIX}pam-plugin-permit-${libpam_suffix} \ + ${MLPREFIX}pam-plugin-warn-${libpam_suffix} \ + ${MLPREFIX}pam-plugin-unix-${libpam_suffix} \ + " + +# FIXME: Native suffix breaks here, disable it for now +RDEPENDS:${MLPREFIX}${PN} += "${MLPREFIX}libpam libpam-runtime-${libpam_suffix}" +RDEPENDS:${MLPREFIX}pam-filter-upperlower += "${MLPREFIX}libpam" +RRECOMMENDS:${PN}:class-native += "" + +python populate_packages:prepend () { + def pam_plugin_hook(file, pkg, pattern, format, basename): + pn = d.getVar('PN') + libpam_suffix = d.getVar('libpam_suffix') + + rdeps = "${MLPREFIX}libpam" + if rdeps: + rdeps = rdeps + " " + pn + "-" + libpam_suffix + else: + rdeps = pn + "-" + libpam_suffix + d.setVar('RDEPENDS:' + pkg, rdeps) + + provides = d.getVar('RPROVIDES:' + pkg) + if provides: + provides = provides + " " + pkg + "-" + libpam_suffix + else: + provides = pkg + "-" + libpam_suffix + d.setVar('RPROVIDES:' + pkg, provides) + + mlprefix = d.getVar('MLPREFIX') or '' + dvar = d.expand('${WORKDIR}/package') + pam_libdir = d.expand('${nonarch_libdir}/security') + pam_sbindir = d.expand('${sbindir}') + pam_filterdir = d.expand('${nonarch_libdir}/security/pam_filter') + pam_pkgname = mlprefix + 'pam-plugin%s' + + do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname, + 'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='', prepend=True) + do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='') +} + +do_install:append() { + + rm -rf ${D}${includedir}/security ${D}${libdir}/pkgconfig ${D}${libdir}/*.so* + + if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then + install -d ${D}${nonarch_libdir}/tmpfiles.d + install -m 0644 ${UNPACKDIR}/pam-volatiles.conf \ + ${D}${nonarch_libdir}/tmpfiles.d/pam.conf + else + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${UNPACKDIR}/99_pam \ + ${D}${sysconfdir}/default/volatiles/ + fi + + install -d ${D}${sysconfdir}/pam.d/ + install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ + + # The lsb requires unix_chkpwd has setuid permission + chmod 4755 ${D}${sbindir}/unix_chkpwd + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session + fi +} + +pkg_postinst:${PN}() { + if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then + /etc/init.d/populate-volatile.sh update + fi +} + +BBCLASSEXTEND = "nativesdk native" + +CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-session" +CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-auth" +CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-password" +CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-session-noninteractive" +CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-account" +CONFFILES:libpam-runtime += "${sysconfdir}/security/limits.conf" diff --git a/meta/recipes-extended/pam/libpam.bb b/meta/recipes-extended/pam/libpam.bb new file mode 100644 index 0000000000..781595ac72 --- /dev/null +++ b/meta/recipes-extended/pam/libpam.bb @@ -0,0 +1,16 @@ +require libpam.inc + +do_install() { + install -d ${D}${libdir}/pkgconfig ${D}${includedir}/security + for file in ${B}/libpam/libpam.so* ${B}/libpamc/libpamc.so* ${B}/libpam_misc/libpam_misc.so*; do + if ! [ -d "$file" ]; then + cp -fd "$file" ${D}${libdir} + fi + done + for file in ${S}/libpam/include/security/*.h ${S}/libpamc/include/security/*.h ${S}/libpam_misc/include/security/*.h; do + install -m644 "$file" ${D}${includedir}/security + done + cp ${B}/meson-private/*.pc ${D}${nonarch_libdir}/pkgconfig +} + +BBCLASSEXTEND += "native nativesdk" diff --git a/meta/recipes-extended/pam/libpam.inc b/meta/recipes-extended/pam/libpam.inc new file mode 100644 index 0000000000..bb6776dcca --- /dev/null +++ b/meta/recipes-extended/pam/libpam.inc @@ -0,0 +1,56 @@ +DISABLE_STATIC = "" +SUMMARY = "Linux-PAM (Pluggable Authentication Modules)" +DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users" +HOMEPAGE = "https://fedorahosted.org/linux-pam/" +BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket" +SECTION = "base" +# PAM is dual licensed under GPL and BSD. +# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time +# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded +LICENSE = "GPL-2.0-or-later | BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \ + file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \ + " + +SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ + file://99_pam \ + file://pam.d/common-account \ + file://pam.d/common-auth \ + file://pam.d/common-password \ + file://pam.d/common-session \ + file://pam.d/common-session-noninteractive \ + file://pam.d/other \ + file://libpam-xtests.patch;apply=no \ + file://run-ptest \ + file://pam-volatiles.conf \ + file://0001-meson.build-fix-keyring-check.patch \ + " + +SRC_URI[sha256sum] = "57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697" +PV = "1.7.0" + +DEPENDS = "bison-native flex-native libxml2-native virtual/crypt" + +EXTRA_OEMESON = " \ + -Dsystemdunitdir=${systemd_system_unitdir} \ + -Dnis=disabled \ + -Ddocs=disabled \ +" + +S = "${WORKDIR}/Linux-PAM-${PV}" + +inherit meson gettext pkgconfig github-releases features_check + +PACKAGECONFIG ??= "" +PACKAGECONFIG[systemd] = "-Dlogind=enabled,-Dlogind=disabled,systemd" +PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit" +PACKAGECONFIG[userdb] = "-Ddb=db,-Dpam_userdb=disabled,db" +PACKAGECONFIG[xtests] = "-Dxtests=true,-Dxtests=false" +PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl" +PACKAGECONFIG[examples] = "-Dexamples=true,-Dexamples=false" + +REQUIRED_DISTRO_FEATURES:class-target = "pam" + +GITHUB_BASE_URI = "https://github.com/linux-pam/linux-pam/releases" + +CVE_PRODUCT = "linux-pam" diff --git a/meta/recipes-extended/pam/libpam_1.6.1.bb b/meta/recipes-extended/pam/libpam_1.6.1.bb deleted file mode 100644 index a48f78187b..0000000000 --- a/meta/recipes-extended/pam/libpam_1.6.1.bb +++ /dev/null @@ -1,190 +0,0 @@ -DISABLE_STATIC = "" -SUMMARY = "Linux-PAM (Pluggable Authentication Modules)" -DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users" -HOMEPAGE = "https://fedorahosted.org/linux-pam/" -BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket" -SECTION = "base" -# PAM is dual licensed under GPL and BSD. -# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time -# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded -LICENSE = "GPL-2.0-or-later | BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \ - file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \ - " - -SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ - file://99_pam \ - file://pam.d/common-account \ - file://pam.d/common-auth \ - file://pam.d/common-password \ - file://pam.d/common-session \ - file://pam.d/common-session-noninteractive \ - file://pam.d/other \ - file://libpam-xtests.patch \ - file://run-ptest \ - file://pam-volatiles.conf \ - " - -SRC_URI[sha256sum] = "f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e" - -DEPENDS = "bison-native flex-native libxml2-native virtual/crypt" - -EXTRA_OECONF = "--includedir=${includedir}/security \ - --libdir=${base_libdir} \ - --with-systemdunitdir=${systemd_system_unitdir} \ - --disable-nis \ - --disable-regenerate-docu \ - --disable-doc \ - --disable-prelude" - -CFLAGS += "-fPIC " - -S = "${WORKDIR}/Linux-PAM-${PV}" - -inherit autotools gettext pkgconfig systemd ptest github-releases - -PACKAGECONFIG ??= "" -PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit," -PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db," - -PACKAGES += "${PN}-runtime ${PN}-xtests" -FILES:${PN} = " \ - ${base_libdir}/lib*${SOLIBS} \ - ${nonarch_libdir}/tmpfiles.d/*.conf \ -" -FILES:${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}" -FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}" -FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests" - -# libpam installs /etc/environment for use with the pam_env plugin. Make sure it is -# packaged with the pam-plugin-env package to avoid breaking installations which -# install that file via other packages -FILES:pam-plugin-env = "${sysconfdir}/environment" - -PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*" - -def get_multilib_bit(d): - baselib = d.getVar('baselib') or '' - return baselib.replace('lib', '') - -libpam_suffix = "suffix${@get_multilib_bit(d)}" - -RPROVIDES:${PN} += "${PN}-${libpam_suffix}" -RPROVIDES:${PN}-runtime += "${PN}-runtime-${libpam_suffix}" - -RDEPENDS:${PN}-runtime = "${PN}-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-deny-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-permit-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-warn-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-unix-${libpam_suffix} \ - " -RDEPENDS:${PN}-xtests = "${PN}-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-access-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-debug-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \ - ${MLPREFIX}pam-plugin-time-${libpam_suffix} \ - bash coreutils" - -# FIXME: Native suffix breaks here, disable it for now -RRECOMMENDS:${PN} = "${PN}-runtime-${libpam_suffix}" -RRECOMMENDS:${PN}:class-native = "" - -python populate_packages:prepend () { - def pam_plugin_hook(file, pkg, pattern, format, basename): - pn = d.getVar('PN') - libpam_suffix = d.getVar('libpam_suffix') - - rdeps = d.getVar('RDEPENDS:' + pkg) - if rdeps: - rdeps = rdeps + " " + pn + "-" + libpam_suffix - else: - rdeps = pn + "-" + libpam_suffix - d.setVar('RDEPENDS:' + pkg, rdeps) - - provides = d.getVar('RPROVIDES:' + pkg) - if provides: - provides = provides + " " + pkg + "-" + libpam_suffix - else: - provides = pkg + "-" + libpam_suffix - d.setVar('RPROVIDES:' + pkg, provides) - - mlprefix = d.getVar('MLPREFIX') or '' - dvar = d.expand('${WORKDIR}/package') - pam_libdir = d.expand('${base_libdir}/security') - pam_sbindir = d.expand('${sbindir}') - pam_filterdir = d.expand('${base_libdir}/security/pam_filter') - pam_pkgname = mlprefix + 'pam-plugin%s' - - do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname, - 'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='', prepend=True) - do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='') -} - -do_compile_ptest() { - cd tests - sed -i -e 's/$(MAKE) $(AM_MAKEFLAGS) check-TESTS//' Makefile - oe_runmake check-am - cd - -} - -do_install() { - autotools_do_install - - # don't install /var/run when populating rootfs. Do it through volatile - rm -rf ${D}${localstatedir} - - if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then - rm -rf ${D}${sysconfdir}/init.d/ - rm -rf ${D}${sysconfdir}/rc* - install -d ${D}${nonarch_libdir}/tmpfiles.d - install -m 0644 ${UNPACKDIR}/pam-volatiles.conf \ - ${D}${nonarch_libdir}/tmpfiles.d/pam.conf - else - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${UNPACKDIR}/99_pam \ - ${D}${sysconfdir}/default/volatiles/ - fi - - install -d ${D}${sysconfdir}/pam.d/ - install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ - - # The lsb requires unix_chkpwd has setuid permission - chmod 4755 ${D}${sbindir}/unix_chkpwd - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session - fi - if [ "${base_libdir}" != "${libdir}" ]; then - install -d ${D}/${libdir}/ - mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir}/ - fi -} - -do_install_ptest() { - mkdir -p ${D}${PTEST_PATH}/tests - install -m 0755 ${B}/tests/.libs/* ${D}${PTEST_PATH}/tests - install -m 0644 ${S}/tests/confdir ${D}${PTEST_PATH}/tests -} - -pkg_postinst:${PN}() { - if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then - /etc/init.d/populate-volatile.sh update - fi -} - -inherit features_check -ANY_OF_DISTRO_FEATURES = "pam systemd" - -BBCLASSEXTEND = "nativesdk native" - -CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session" -CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-auth" -CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-password" -CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session-noninteractive" -CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-account" -CONFFILES:${PN}-runtime += "${sysconfdir}/security/limits.conf" - -GITHUB_BASE_URI = "https://github.com/linux-pam/linux-pam/releases" - -CVE_PRODUCT = "linux-pam"