diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.8-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.8-r5.ebuild index f5d73554c9..b04fd057bc 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.8-r5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.8-r5.ebuild @@ -3,7 +3,7 @@ EAPI=7 -inherit autotools libtool pam systemd +inherit autotools libtool pam DESCRIPTION="Utilities to deal with user accounts" HOMEPAGE="https://github.com/shadow-maint/shadow" @@ -93,14 +93,14 @@ set_login_opt() { comment="#" sed -i \ -e "/^${opt}\>/s:^:#:" \ - "${ED}"/usr/share/shadow/login.defs || die + "${ED}"/etc/login.defs || die else sed -i -r \ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \ - "${ED}"/usr/share/shadow/login.defs + "${ED}"/etc/login.defs fi - local res=$(grep "^${comment}${opt}\>" "${ED}"/usr/share/shadow/login.defs) - einfo "${res:-Unable to find ${opt} in /usr/share/shadow/login.defs}" + local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs) + einfo "${res:-Unable to find ${opt} in /etc/login.defs}" } src_install() { @@ -113,41 +113,29 @@ src_install() { # remove it. rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} - # Remove files from /etc, they will be symlinks to /usr instead. - rm -f "${ED}"/etc/{limits,login.access,login.defs,securetty,default/useradd} - - # CoreOS: break shadow.conf into two files so that we only have to apply - # etc-shadow.conf in the initrd. - systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/etc-shadow.conf - systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/var-shadow.conf - # Package the symlinks for the SDK and containers. - systemd-tmpfiles --create --root="${ED}" "${FILESDIR}"/tmpfiles.d/* - - insinto /usr/share/shadow + insinto /etc if ! use pam ; then insopts -m0600 doins etc/login.access etc/limits fi - # Using a securetty with devfs device names added - # (compat names kept for non-devfs compatibility) - insopts -m0600 ; doins "${FILESDIR}"/securetty - # Output arch-specific cruft - local devs - case $(tc-arch) in - ppc*) devs="hvc0 hvsi0 ttyPSC0";; - hppa) devs="ttyB0";; - arm) devs="ttyFB0 ttySAC0 ttySAC1 ttySAC2 ttySAC3 ttymxc0 ttymxc1 ttymxc2 ttymxc3 ttyO0 ttyO1 ttyO2";; - sh) devs="ttySC0 ttySC1";; - amd64|x86) devs="hvc0";; - esac - if [[ -n ${devs} ]]; then - printf '%s\n' ${devs} >> "${ED}"/usr/share/shadow/securetty - fi # needed for 'useradd -D' + insinto /etc/default insopts -m0600 doins "${FILESDIR}"/default/useradd + if use split-usr ; then + # move passwd to / to help recover broke systems #64441 + # We cannot simply remove this or else net-misc/scponly + # and other tools will break because of hardcoded passwd + # location + dodir /bin + mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die + dosym ../../bin/passwd /usr/bin/passwd + fi + + cd "${S}" || die + insinto /etc insopts -m0644 newins etc/login.defs login.defs @@ -201,7 +189,7 @@ src_install() { -e 'b exit' \ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \ -e ': exit' \ - "${ED}"/usr/share/shadow/login.defs || die + "${ED}"/etc/login.defs || die # remove manpages that pam will install for us # and/or don't apply when using pam @@ -232,3 +220,22 @@ pkg_preinst() { rm -f "${EROOT}"/etc/pam.d/system-auth.new \ "${EROOT}/etc/login.defs.new" } + +pkg_postinst() { + # Enable shadow groups. + if [ ! -f "${EROOT}"/etc/gshadow ] ; then + if grpck -r -R "${EROOT}" 2>/dev/null ; then + grpconv -R "${EROOT}" + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + [[ ! -f "${EROOT}"/etc/subgid ]] && + touch "${EROOT}"/etc/subgid + [[ ! -f "${EROOT}"/etc/subuid ]] && + touch "${EROOT}"/etc/subuid + + einfo "The 'adduser' symlink to 'useradd' has been dropped." +}