@@ -370,6 +370,7 @@ RECIPE_MAINTAINER:pn-libnss-mdns = "Alexander Kanavin <alex.kanavin@gmail.com>"
RECIPE_MAINTAINER:pn-libnss-nis = "Khem Raj <raj.khem@gmail.com>"
RECIPE_MAINTAINER:pn-libogg = "Anuj Mittal <anuj.mittal@intel.com>"
RECIPE_MAINTAINER:pn-libpam = "Anuj Mittal <anuj.mittal@intel.com>"
+RECIPE_MAINTAINER:pn-libpam-modules = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-libpcap = "Anuj Mittal <anuj.mittal@intel.com>"
RECIPE_MAINTAINER:pn-libpciaccess = "Wang Mingyu <wangmy@fujitsu.com>"
RECIPE_MAINTAINER:pn-libpcre = "Yi Zhao <yi.zhao@windriver.com>"
similarity index 100%
rename from meta/recipes-extended/pam/libpam/0001-meson.build-correct-check-for-existence-of-two-prepr.patch
rename to meta/recipes-extended/pam/files/0001-meson.build-correct-check-for-existence-of-two-prepr.patch
similarity index 100%
rename from meta/recipes-extended/pam/libpam/99_pam
rename to meta/recipes-extended/pam/files/99_pam
similarity index 100%
rename from meta/recipes-extended/pam/libpam/pam-volatiles.conf
rename to meta/recipes-extended/pam/files/pam-volatiles.conf
similarity index 100%
rename from meta/recipes-extended/pam/libpam/pam.d/common-account
rename to meta/recipes-extended/pam/files/pam.d/common-account
similarity index 100%
rename from meta/recipes-extended/pam/libpam/pam.d/common-auth
rename to meta/recipes-extended/pam/files/pam.d/common-auth
similarity index 100%
rename from meta/recipes-extended/pam/libpam/pam.d/common-password
rename to meta/recipes-extended/pam/files/pam.d/common-password
similarity index 100%
rename from meta/recipes-extended/pam/libpam/pam.d/common-session
rename to meta/recipes-extended/pam/files/pam.d/common-session
similarity index 100%
rename from meta/recipes-extended/pam/libpam/pam.d/common-session-noninteractive
rename to meta/recipes-extended/pam/files/pam.d/common-session-noninteractive
similarity index 100%
rename from meta/recipes-extended/pam/libpam/pam.d/other
rename to meta/recipes-extended/pam/files/pam.d/other
similarity index 100%
rename from meta/recipes-extended/pam/libpam/run-ptest
rename to meta/recipes-extended/pam/files/run-ptest
new file mode 100644
@@ -0,0 +1,112 @@
+require libpam.inc
+
+PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+
+PACKAGES += "libpam-runtime ${PN}-xtests"
+
+FILES:${PN} = ""
+FILES:${PN}-dev = ""
+FILES:libpam-runtime += "${sysconfdir} ${sbindir} ${systemd_system_unitdir} ${nonarch_libdir}/tmpfiles.d/pam.conf"
+FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
+
+# libpam installs /etc/environment for use with the pam_env plugin. Make sure it is
+# packaged with the pam-plugin-env package to avoid breaking installations which
+# install that file via other packages
+FILES:pam-plugin-env += "${sysconfdir}/environment"
+
+PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
+
+RPROVIDES:${PN} += "libpam-modules-${libpam_suffix} libpam-runtime"
+RPROVIDES:libpam-runtime += "libpam-runtime-${libpam_suffix}"
+
+RDEPENDS:libpam-runtime += "${MLPREFIX}libpam-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-deny-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-permit-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-warn-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-unix-${libpam_suffix} \
+ "
+
+RDEPENDS:${PN}-xtests = "${MLPREFIX}libpam-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-access-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-debug-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \
+ ${MLPREFIX}pam-plugin-time-${libpam_suffix} \
+ bash coreutils"
+# FIXME: Native suffix breaks here, disable it for now
+RDEPENDS:${PN} += "${MLPREFIX}libpam-${libpam_suffix}"
+RRECOMMENDS:${PN} += "${MLPREFIX}libpam-runtime-${libpam_suffix}"
+RRECOMMENDS:${PN}:class-native = ""
+
+python populate_packages:prepend () {
+ def pam_plugin_hook(file, pkg, pattern, format, basename):
+ pn = d.getVar('PN')
+ libpam_suffix = d.getVar('libpam_suffix')
+
+ rdeps = d.getVar('RDEPENDS:' + pkg)
+ if rdeps:
+ rdeps = rdeps + " " + "${MLPREFIX}libpam" + "-" + libpam_suffix
+ else:
+ rdeps = "${MLPREFIX}libpam" + "-" + libpam_suffix
+ d.setVar('RDEPENDS:' + pkg, rdeps)
+
+ provides = d.getVar('RPROVIDES:' + pkg)
+ if provides:
+ provides = provides + " " + pkg + "-" + libpam_suffix
+ else:
+ provides = pkg + "-" + libpam_suffix
+ d.setVar('RPROVIDES:' + pkg, provides)
+
+ mlprefix = d.getVar('MLPREFIX') or ''
+ dvar = d.expand('${WORKDIR}/package')
+ pam_libdir = d.expand('${nonarch_libdir}/security')
+ pam_sbindir = d.expand('${sbindir}')
+ pam_filterdir = d.expand('${nonarch_libdir}/security/pam_filter')
+ pam_pkgname = mlprefix + 'pam-plugin%s'
+
+ do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname,
+ 'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='', prepend=True)
+ do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
+}
+
+do_install:append() {
+
+ rm -rf ${D}${includedir} ${D}${libdir}/pkgconfig ${D}${libdir}/*.so* ${D}${localstatedir}
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
+ rm -rf ${D}${sysconfdir}/init.d/
+ rm -rf ${D}${sysconfdir}/rc*
+ install -d ${D}${nonarch_libdir}/tmpfiles.d
+ install -m 0644 ${UNPACKDIR}/pam-volatiles.conf \
+ ${D}${nonarch_libdir}/tmpfiles.d/pam.conf
+ else
+ install -d ${D}${sysconfdir}/default/volatiles
+ install -m 0644 ${UNPACKDIR}/99_pam \
+ ${D}${sysconfdir}/default/volatiles/
+ fi
+
+ install -d ${D}${sysconfdir}/pam.d/
+ install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
+
+ # The lsb requires unix_chkpwd has setuid permission
+ chmod 4755 ${D}${sbindir}/unix_chkpwd
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session
+ fi
+}
+
+pkg_postinst:${PN}() {
+ if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
+ /etc/init.d/populate-volatile.sh update
+ fi
+}
+
+BBCLASSEXTEND = "nativesdk native"
+
+CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-session"
+CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-auth"
+CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-password"
+CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-session-noninteractive"
+CONFFILES:libpam-runtime += "${sysconfdir}/pam.d/common-account"
+CONFFILES:libpam-runtime += "${sysconfdir}/security/limits.conf"
new file mode 100644
@@ -0,0 +1,17 @@
+require libpam.inc
+
+do_install() {
+ install -d ${D}${libdir}/pkgconfig ${D}${includedir}/security
+ for file in ${B}/libpam/libpam.so* ${B}/libpamc/libpamc.so* ${B}/libpam_misc/libpam_misc.so*; do
+ if ! [ -d "$file" ]; then
+ cp -rfd "$file" ${D}${libdir}
+ fi
+ done
+ for file in ${S}/libpam/include/security/*.h ${S}/libpamc/include/security/*.h ${S}/libpam_misc/include/security/*.h; do
+ install -m644 "$file" ${D}${includedir}/security
+ done
+ cp ${B}/meson-private/*.pc ${D}${nonarch_libdir}/pkgconfig
+}
+
+RPROVIDES:${PN} += "libpam-${libpam_suffix}"
+BBCLASSEXTEND += "native nativesdk"
new file mode 100644
@@ -0,0 +1,57 @@
+DISABLE_STATIC = ""
+SUMMARY = "Linux-PAM (Pluggable Authentication Modules)"
+DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users"
+HOMEPAGE = "https://fedorahosted.org/linux-pam/"
+BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket"
+SECTION = "base"
+# PAM is dual licensed under GPL and BSD.
+# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
+# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded
+LICENSE = "GPL-2.0-or-later | BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
+ file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
+ "
+
+SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
+ file://99_pam \
+ file://pam.d/common-account \
+ file://pam.d/common-auth \
+ file://pam.d/common-password \
+ file://pam.d/common-session \
+ file://pam.d/common-session-noninteractive \
+ file://pam.d/other \
+ file://pam-volatiles.conf \
+ file://0001-meson.build-correct-check-for-existence-of-two-prepr.patch \
+ "
+
+SRC_URI[sha256sum] = "57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697"
+PV = "1.7.0"
+
+DEPENDS = "bison-native flex-native libxml2-native virtual/crypt"
+
+EXTRA_OEMESON = "-Ddocs=disabled"
+
+S = "${WORKDIR}/Linux-PAM-${PV}"
+
+inherit meson gettext pkgconfig systemd github-releases features_check
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit,"
+PACKAGECONFIG[examples] = "-Dexamples=true,-Dexamples=false"
+PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"
+PACKAGECONFIG[selinux] = "-Dselinux=enabled,-Dselinux=disabled,libselinux"
+PACKAGECONFIG[systemd] = "-Dlogind=enabled,-Dlogind=disabled,systemd"
+PACKAGECONFIG[userdb] = "-Dpam_userdb=enabled -Ddb=gdbm,-Dpam_userdb=disabled,gdbm,"
+PACKAGECONFIG[xtests] = "-Dxtests=true,-Dxtests=false"
+
+def get_multilib_bit(d):
+ baselib = d.getVar('baselib') or ''
+ return baselib.replace('lib', '')
+
+libpam_suffix = "suffix${@get_multilib_bit(d)}"
+
+REQUIRED_DISTRO_FEATURES:class-target = "pam"
+
+GITHUB_BASE_URI = "https://github.com/linux-pam/linux-pam/releases"
+
+CVE_PRODUCT = "linux-pam"
deleted file mode 100644
@@ -1,168 +0,0 @@
-DISABLE_STATIC = ""
-SUMMARY = "Linux-PAM (Pluggable Authentication Modules)"
-DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users"
-HOMEPAGE = "https://fedorahosted.org/linux-pam/"
-BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket"
-SECTION = "base"
-# PAM is dual licensed under GPL and BSD.
-# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
-# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded
-LICENSE = "GPL-2.0-or-later | BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
- file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
- "
-
-SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
- file://99_pam \
- file://pam.d/common-account \
- file://pam.d/common-auth \
- file://pam.d/common-password \
- file://pam.d/common-session \
- file://pam.d/common-session-noninteractive \
- file://pam.d/other \
- file://run-ptest \
- file://pam-volatiles.conf \
- file://0001-meson.build-correct-check-for-existence-of-two-prepr.patch \
- "
-
-SRC_URI[sha256sum] = "57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697"
-
-DEPENDS = "bison-native flex-native libxml2-native virtual/crypt"
-
-EXTRA_OEMESON = "-Ddocs=disabled"
-
-S = "${WORKDIR}/Linux-PAM-${PV}"
-
-inherit meson gettext pkgconfig systemd ptest github-releases
-
-PACKAGECONFIG ?= ""
-PACKAGECONFIG[audit] = "-Daudit=enabled,-Daudit=disabled,audit,"
-PACKAGECONFIG[examples] = "-Dexamples=true,-Dexamples=false"
-PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"
-PACKAGECONFIG[selinux] = "-Dselinux=enabled,-Dselinux=disabled,libselinux"
-PACKAGECONFIG[systemd] = "-Dlogind=enabled,-Dlogind=disabled,systemd"
-PACKAGECONFIG[userdb] = "-Dpam_userdb=enabled -Ddb=gdbm,-Dpam_userdb=disabled,gdbm,"
-PACKAGECONFIG[xtests] = "-Dxtests=true,-Dxtests=false"
-
-PACKAGES += "${PN}-runtime ${PN}-xtests"
-FILES:${PN} = " \
- ${libdir}/lib*${SOLIBS} \
- ${nonarch_libdir}/tmpfiles.d/*.conf \
-"
-FILES:${PN}-dev += "${libdir}/security/*.la ${libdir}/*.la ${libdir}/lib*${SOLIBSDEV}"
-FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${nonarch_libdir}/systemd/system"
-FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
-
-# libpam installs /etc/environment for use with the pam_env plugin. Make sure it is
-# packaged with the pam-plugin-env package to avoid breaking installations which
-# install that file via other packages
-FILES:pam-plugin-env = "${sysconfdir}/environment"
-
-PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
-
-def get_multilib_bit(d):
- baselib = d.getVar('baselib') or ''
- return baselib.replace('lib', '')
-
-libpam_suffix = "suffix${@get_multilib_bit(d)}"
-
-RPROVIDES:${PN} += "${PN}-${libpam_suffix}"
-RPROVIDES:${PN}-runtime += "${PN}-runtime-${libpam_suffix}"
-
-RDEPENDS:${PN}-runtime = "${PN}-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-deny-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-permit-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-warn-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-unix-${libpam_suffix} \
- "
-RDEPENDS:${PN}-xtests = "${PN}-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-access-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-debug-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \
- ${MLPREFIX}pam-plugin-time-${libpam_suffix} \
- bash coreutils"
-
-# FIXME: Native suffix breaks here, disable it for now
-RRECOMMENDS:${PN} = "${PN}-runtime-${libpam_suffix}"
-RRECOMMENDS:${PN}:class-native = ""
-
-python populate_packages:prepend () {
- def pam_plugin_hook(file, pkg, pattern, format, basename):
- pn = d.getVar('PN')
- libpam_suffix = d.getVar('libpam_suffix')
-
- rdeps = d.getVar('RDEPENDS:' + pkg)
- if rdeps:
- rdeps = rdeps + " " + pn + "-" + libpam_suffix
- else:
- rdeps = pn + "-" + libpam_suffix
- d.setVar('RDEPENDS:' + pkg, rdeps)
-
- provides = d.getVar('RPROVIDES:' + pkg)
- if provides:
- provides = provides + " " + pkg + "-" + libpam_suffix
- else:
- provides = pkg + "-" + libpam_suffix
- d.setVar('RPROVIDES:' + pkg, provides)
-
- mlprefix = d.getVar('MLPREFIX') or ''
- dvar = d.expand('${WORKDIR}/package')
- pam_libdir = d.expand('${libdir}/security')
- pam_sbindir = d.expand('${sbindir}')
- pam_filterdir = d.expand('${libdir}/security/pam_filter')
- pam_pkgname = mlprefix + 'pam-plugin%s'
-
- do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname,
- 'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='', prepend=True)
- do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
-}
-
-do_install:append() {
- # don't install /var/run when populating rootfs. Do it through volatile
- rm -rf ${D}${localstatedir}
-
- if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
- rm -rf ${D}${sysconfdir}/init.d/
- rm -rf ${D}${sysconfdir}/rc*
- install -d ${D}${nonarch_libdir}/tmpfiles.d
- install -m 0644 ${UNPACKDIR}/pam-volatiles.conf \
- ${D}${nonarch_libdir}/tmpfiles.d/pam.conf
- else
- install -d ${D}${sysconfdir}/default/volatiles
- install -m 0644 ${UNPACKDIR}/99_pam \
- ${D}${sysconfdir}/default/volatiles/
- fi
-
- install -d ${D}${sysconfdir}/pam.d/
- install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
-
- # The lsb requires unix_chkpwd has setuid permission
- chmod 4755 ${D}${sbindir}/unix_chkpwd
-
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session
- fi
-}
-
-pkg_postinst:${PN}() {
- if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
- /etc/init.d/populate-volatile.sh update
- fi
-}
-
-inherit features_check
-ANY_OF_DISTRO_FEATURES = "pam systemd"
-
-BBCLASSEXTEND = "nativesdk native"
-
-CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session"
-CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-auth"
-CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-password"
-CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session-noninteractive"
-CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-account"
-CONFFILES:${PN}-runtime += "${sysconfdir}/security/limits.conf"
-
-GITHUB_BASE_URI = "https://github.com/linux-pam/linux-pam/releases"
-
-CVE_PRODUCT = "linux-pam"
This commit splits the libpam recipe and now compiles twice. First only the libs are packaged and afterwards the libpam modules. This breaks a dependency loop and makes it possible to link against systemd to enable 'logind' support for the modules. It compiles for x86-64/arm/arm64 and mutlilib and it seems to fix the build for libpam-native (and a missing DISTRO_FEATURES issue). Although not yet compilable, it also reduces the dependency loops between systemd<->shadow and should allow to build pam without systemd in DISTRO_FEATURES Signed-off-by: Markus Volk <f_l_k@t-online.de> --- meta/conf/distro/include/maintainers.inc | 1 + ...ect-check-for-existence-of-two-prepr.patch | 0 .../pam/{libpam => files}/99_pam | 0 .../pam/{libpam => files}/pam-volatiles.conf | 0 .../{libpam => files}/pam.d/common-account | 0 .../pam/{libpam => files}/pam.d/common-auth | 0 .../{libpam => files}/pam.d/common-password | 0 .../{libpam => files}/pam.d/common-session | 0 .../pam.d/common-session-noninteractive | 0 .../pam/{libpam => files}/pam.d/other | 0 .../pam/{libpam => files}/run-ptest | 0 meta/recipes-extended/pam/libpam-modules.bb | 112 ++++++++++++ meta/recipes-extended/pam/libpam.bb | 17 ++ meta/recipes-extended/pam/libpam.inc | 57 ++++++ meta/recipes-extended/pam/libpam_1.7.0.bb | 168 ------------------ 15 files changed, 187 insertions(+), 168 deletions(-) rename meta/recipes-extended/pam/{libpam => files}/0001-meson.build-correct-check-for-existence-of-two-prepr.patch (100%) rename meta/recipes-extended/pam/{libpam => files}/99_pam (100%) rename meta/recipes-extended/pam/{libpam => files}/pam-volatiles.conf (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-account (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-auth (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-password (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-session (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/common-session-noninteractive (100%) rename meta/recipes-extended/pam/{libpam => files}/pam.d/other (100%) rename meta/recipes-extended/pam/{libpam => files}/run-ptest (100%) create mode 100644 meta/recipes-extended/pam/libpam-modules.bb create mode 100644 meta/recipes-extended/pam/libpam.bb create mode 100644 meta/recipes-extended/pam/libpam.inc delete mode 100644 meta/recipes-extended/pam/libpam_1.7.0.bb