--- admin/PlamoBuild-template-20170415 2017-04-15 12:25:32.000000000 +0900 +++ plamo/00_base/linux_pam/PlamoBuild.linux_pam-1.1.8 2017-05-08 14:48:20.000000000 +0900 @@ -1,18 +1,21 @@ #!/bin/sh ###################################################################### -url="" +url="http://www.linux-pam.org/library/Linux-PAM-1.1.8.tar.bz2 + ftp://plamo.linet.gr.jp/pub/Plamo-src/plamo/00_base/linux_pam/pam-1.1.8-cve-2013-7041.patch + ftp://plamo.linet.gr.jp/pub/Plamo-src/plamo/00_base/linux_pam/pam-1.1.8-cve-2014-2583.patch" verify= digest= commitid= -pkgbase= -vers= +pkgbase=linux_pam +vers=1.1.8 arch=`uname -m` -build=P1 -src=$pkgbase-$vers -patchfiles="" -OPT_CONFIG="" -DOCS="README" +build=P4 +src=Linux-PAM-$vers +patchfiles="`echo pam-1.1.8-cve-{2013-7041,2014-2583}.patch`" +OPT_CONFIG="--enable-static --enable-read-both-confs --disable-nis" +DOCS="NEWS ABOUT-NLS Copyright README COPYING AUTHORS CHANGELOG + ChangeLog INSTALL ChangeLog-CVS" template=20170415 tmplurl=ftp://plamo.linet.gr.jp/pub/Plamo-src/admin ###################################################################### @@ -40,8 +43,9 @@ cd ${B[$i]} if [ -x configure ] ; then ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ - --libdir='${exec_prefix}'/$libdir --infodir='${prefix}'/share/info \ - --mandir='${prefix}'/share/man ${OPT_CONFIG[$i]} + --libdir=/usr/$libdir --infodir='${prefix}'/share/info \ + --mandir='${prefix}'/share/man ${OPT_CONFIG[$i]} \ + --sbindir=/$libdir/security --enable-securedir=/$libdir/security fi done fi @@ -64,16 +68,105 @@ make install DESTDIR=$P fi done + install -d $P/sbin + ln -s /$libdir/security/pam_tally $P/sbin + chmod 4755 $P/$libdir/security/unix_chkpwd + for i in libpam libpamc libpam_misc ; do + cp -p $P/usr/$libdir/$i.so.0.*.* $P/$libdir + ( cd $P/$libdir ; ln -s $i.so.0.*.* $i.so.0 ) + done + cat <<- "EOF" > $P/etc/security/console.handlers + console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9] + EOF + install -d $P/etc/pam.d + cat <<- "EOF" > $P/etc/pam.d/system-auth + #%PAM-1.0 + # + # The PAM configuration file for system authentication + # + + auth required pam_env.so + auth sufficient pam_unix.so try_first_pass nullok + auth required pam_deny.so + + account required pam_unix.so + + password sufficient pam_unix.so try_first_pass nullok md5 shadow + password required pam_deny.so + + session required pam_limits.so + session required pam_unix.so + EOF + for i in halt poweroff reboot ; do + cat <<- "EOF" > $P/etc/pam.d/$i + #%PAM-1.0 + # + # The PAM configuration file for shutdown/reboot operations + # + + auth sufficient pam_rootok.so + auth required pam_unix.so + + account required pam_permit.so + EOF + done + cat <<- "EOF" > $P/etc/pam.d/other + #%PAM-1.0 + # + # The PAM configuration file for other + # + + auth required pam_deny.so + auth required pam_warn.so + + account required pam_deny.so + account required pam_warn.so + + password required pam_deny.so + password required pam_warn.so + + session required pam_deny.so + session required pam_warn.so + EOF + ln -s system-auth $P/etc/pam.d/plamo-default + cat <<- "EOF" > $P/etc/securetty + # /etc/securetty: list of terminals on which root is allowed to login. + # See securetty(5) and login(1). + console + EOF + seq -f "tty%g" 12 >> $P/etc/securetty + seq -f "ttyp%g" 12 >> $P/etc/securetty + seq -f "ttyS%g" 0 3 >> $P/etc/securetty touch $W/i.et cd $W find $P ! -type l -newer i.st ! -newer i.et \ -exec touch -t `date '+%m%d0900'` {} \; compress + strip_libdir $P/$libdir/security + touch -t `date '+%m%d0900'` $P/$libdir/security setup_docdir + mv $docdir/Linux-PAM $docdir/$src/doc + mv $docdir/$src/{doc,{ABOUT-NLS,Copyright,README,COPYING,AUTHORS}.gz} $C + mv $docdir/$src/{CHANGELOG,ChangeLog,INSTALL,ChangeLog-CVS}.gz $C + mv $docdir/$src/{$func,$myname,$spec}.gz $C + mv $C/{doc,{ABOUT-NLS,Copyright,README,COPYING,AUTHORS}.gz} $docdir/$src + mv $C/{CHANGELOG,ChangeLog,INSTALL,ChangeLog-CVS}.gz $docdir/$src + mv $C/{$func,$myname,$spec}.gz $docdir/$src + touch -r $S $docdir/$src convert_links - tar cvpf $pkg.tar -C $P `cd $P ; find usr/bin | tail -n+2` - tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/man/man1 | tail -n+2` + prune_symlink $P/etc/pam.d + touch -t `date '+%m%d0900'` $P/etc/pam.d + tar cvpf $pkg.tar -C $P `cd $P ; find sbin | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find $libdir -maxdepth 1 | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/$libdir | tail -n+2` + tar rvpf $pkg.tar -C $P usr/include/security + tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/locale -name *.mo` + tar rvpf $pkg.tar -C $P etc/{security,environment,pam.d,securetty} + tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/man/man3 | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/man/man5 | tail -n+2` + tar rvpf $pkg.tar -C $P `cd $P ; find usr/share/man/man8 | tail -n+2` tar rvpf $pkg.tar -C $P usr/share/doc/$src + tar rvpf $pkg.tar -C $P install/doinst.sh touch -t `date '+%m%d0900'` $pkg.tar ; xz $pkg.tar ; touch $pkg.tar.xz mv $pkg.tar.xz $pkg.txz cleanup