sys-apps/shadow: bump to the upstream 4.5 ebuild

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/Manifest

@@ -1 +1 @@
-DIST shadow-4.4.tar.gz 3706812 SHA256 2398fe436e548786c17ec387b4c41f5339f72ec9ee2f3f7a6e0cc2cb240bb482 SHA512 c1e0f65a4fbd0f9d8de38e488b4a374cac5c476180e233269fc666988d9201c0dcc694605c5e54d54f81039c2e30c95b14c12f10adef749a45cc31f0b4b5d5a6 WHIRLPOOL a22fc0f90ec0623cbbcef253378a16ad605cf71345074880e3fd12fb5914058d3e721f378730c9684497cc597595b7defc7e710206268ae320a090c8c35fd41e
+DIST shadow-4.5.tar.gz 3804933 SHA256 ed2d53bd0e80cf32261e82b8d93684334e8809266dba1ec7a42bfa747605989e SHA512 02d6482a1159689e404dd49a68b4e2db85e9ffdcdfbacc8efcbd9043f14a1ec3fc4d749700df915d375df67d589219b6b0f57a6cfd9fb5b197012888a608913b WHIRLPOOL 73552aff621cf34ef977095a05d9b679b7b6ffa78979d69eeb43089564aca5cc1d841dc9cbb6f0fba4c4f712f0e89f6cc683b733ea1041e4633b5d9fe58b5499

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/login_defs_pam.sed

@@ -1,24 +0,0 @@
-/^FAILLOG_ENAB/b comment
-/^LASTLOG_ENAB/b comment
-/^MAIL_CHECK_ENAB/b comment
-/^OBSCURE_CHECKS_ENAB/b comment
-/^PORTTIME_CHECKS_ENAB/b comment
-/^QUOTAS_ENAB/b comment
-/^MOTD_FILE/b comment
-/^FTMP_FILE/b comment
-/^NOLOGINS_FILE/b comment
-/^ENV_HZ/b comment
-/^PASS_MIN_LEN/b comment
-/^SU_WHEEL_ONLY/b comment
-/^CRACKLIB_DICTPATH/b comment
-/^PASS_CHANGE_TRIES/b comment
-/^PASS_ALWAYS_WARN/b comment
-/^CHFN_AUTH/b comment
-/^ENVIRON_FILE/b comment
-
-b exit
-
-: comment
-  s:^:#:
-
-: exit

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-fix-root-defaults.patch

@@ -1,39 +0,0 @@
-From c6b0664f529673e83c24243edd985803b9791631 Mon Sep 17 00:00:00 2001
-From: David Michael <david.michael@coreos.com>
-Date: Wed, 8 Feb 2017 15:48:36 -0800
-Subject: [PATCH] useradd: Read defaults after changing root directories
-
-This reverts the behavior of "useradd --root" to using the settings
-from login.defs in the target root directory, not the root of the
-executed useradd command.
----
- src/useradd.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/useradd.c b/src/useradd.c
-index 1797229..d973ca3 100644
---- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -2047,8 +2047,8 @@ int main (int argc, char **argv)
- #endif				/* ACCT_TOOLS_SETUID */
- 
- #ifdef ENABLE_SUBIDS
--	uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
--	uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
-+	uid_t uid_min;
-+	uid_t uid_max;
- #endif
- 
- 	/*
-@@ -2085,6 +2085,8 @@ int main (int argc, char **argv)
- 	process_flags (argc, argv);
- 
- #ifdef ENABLE_SUBIDS
-+	uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-+	uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
- 	is_sub_uid = sub_uid_file_present () && !rflg &&
- 	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
- 	is_sub_gid = sub_gid_file_present () && !rflg &&
--- 
-2.7.4
-

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-load_defaults.patch

@@ -1,37 +0,0 @@
-From 507f96cdeb54079fb636c7ce21e371f7a16a520e Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 25 Aug 2016 11:20:34 +0200
-Subject: [PATCH] Fix regression in useradd not loading defaults properly.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The get_defaults() has to be called before processing the flags.
-
-Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
----
- src/useradd.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/useradd.c b/src/useradd.c
-index fefa234..6c43e7e 100644
---- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -2027,6 +2027,8 @@ int main (int argc, char **argv)
- 	is_shadow_grp = sgr_file_present ();
- #endif
- 
-+	get_defaults ();
-+
- 	process_flags (argc, argv);
- 
- #ifdef ENABLE_SUBIDS
-@@ -2036,8 +2038,6 @@ int main (int argc, char **argv)
- 	    (!user_id || (user_id <= uid_max && user_id >= uid_min));
- #endif				/* ENABLE_SUBIDS */
- 
--	get_defaults ();
--
- #ifdef ACCT_TOOLS_SETUID
- #ifdef USE_PAM
- 	{

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-prototypes.patch

@@ -1,42 +0,0 @@
-https://github.com/shadow-maint/shadow/pull/53
-
-From 32c0b283ef5d68b63e4ec05fb22ed0db938fea67 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Mon, 5 Dec 2016 17:15:29 -0500
-Subject: [PATCH] include getdef.h for getdef_bool prototype
-
-Otherwise we get build warnings like:
-sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
-shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
----
- lib/sgroupio.c | 1 +
- lib/shadowio.c | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/lib/sgroupio.c b/lib/sgroupio.c
-index f2685779a12b..5423626a01da 100644
---- a/lib/sgroupio.c
-+++ b/lib/sgroupio.c
-@@ -40,6 +40,7 @@
- #include "prototypes.h"
- #include "defines.h"
- #include "commonio.h"
-+#include "getdef.h"
- #include "sgroupio.h"
- 
- /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent)
-diff --git a/lib/shadowio.c b/lib/shadowio.c
-index 6e44ab24d69c..5fa3d312bbf9 100644
---- a/lib/shadowio.c
-+++ b/lib/shadowio.c
-@@ -40,6 +40,7 @@
- #include <shadow.h>
- #include <stdio.h>
- #include "commonio.h"
-+#include "getdef.h"
- #include "shadowio.h"
- #ifdef WITH_TCB
- #include <tcb.h>
--- 
-2.11.0.rc2
-

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch

@@ -1,29 +0,0 @@
-fix from upstream
-
-From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
-From: Serge Hallyn <serge@hallyn.com>
-Date: Sun, 18 Sep 2016 21:31:18 -0500
-Subject: [PATCH] su.c: fix missing length argument to snprintf
-
----
- src/su.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/su.c b/src/su.c
-index 0c50a9456afd..93ffd2fbe2b4 100644
---- a/src/su.c
-+++ b/src/su.c
-@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
- 		              stderr);
- 		(void) kill (-pid_child, caught);
- 
--		snprintf (kill_msg, _(" ...killed.\n"));
--		snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
-+		snprintf (kill_msg, 256, _(" ...killed.\n"));
-+		snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
- 
- 		(void) signal (SIGALRM, kill_child);
- 		(void) alarm (2);
--- 
-2.11.0.rc2
-

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/metadata.xml

@@ -1,12 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<herd>base-system</herd>
+	<maintainer type="project">
-<herd>pam</herd> <!-- only for USE=pam -->
+		<email>base-system@gentoo.org</email>
-<use>
+		<name>Gentoo Base System</name>
- <flag name='audit'>Enable support for <pkg>sys-process/audit</pkg></flag>
+	</maintainer>
-</use>
+	<maintainer type="project">
-<upstream>
+		<email>pam-bugs@gentoo.org</email>
- <remote-id type="cpe">cpe:/a:debian:shadow</remote-id>
+		<name>Pluggable Authentication Method maintenance</name>
-</upstream>
+	</maintainer>
+	<!-- only for USE=pam -->
+	<upstream>
+		<remote-id type="cpe">cpe:/a:debian:shadow</remote-id>
+		<remote-id type="github">shadow-maint/shadow</remote-id>
+	</upstream>
 </pkgmetadata>

sdk_container/src/third_party/coreos-overlay/sys-apps/shadow/shadow-4.5.ebuild

@@ -1,10 +1,9 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 
 EAPI="5"
 
-inherit eutils libtool pam multilib systemd
+inherit eutils libtool pam multilib
 
 DESCRIPTION="Utilities to deal with user accounts"
 HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/"
@@ -12,20 +11,23 @@ SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar
 
 LICENSE="BSD GPL-2"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
 IUSE="acl audit cracklib nls pam selinux skey xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})"
 
-RDEPEND="acl? ( sys-apps/acl )
+RDEPEND="acl? ( sys-apps/acl:0= )
-	audit? ( sys-process/audit )
+	audit? ( >=sys-process/audit-2.6:0= )
-	cracklib? ( >=sys-libs/cracklib-2.7-r3 )
+	cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
-	pam? ( virtual/pam )
+	pam? ( virtual/pam:0= )
-	skey? ( sys-auth/skey )
+	skey? ( sys-auth/skey:0= )
 	selinux? (
-		>=sys-libs/libselinux-1.28
+		>=sys-libs/libselinux-1.28:0=
-		sys-libs/libsemanage
+		sys-libs/libsemanage:0=
 	)
 	nls? ( virtual/libintl )
-	xattr? ( sys-apps/attr )"
+	xattr? ( sys-apps/attr:0= )"
 DEPEND="${RDEPEND}
 	app-arch/xz-utils
 	nls? ( sys-devel/gettext )"
@@ -34,20 +36,16 @@ RDEPEND="${RDEPEND}
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch
-	"${FILESDIR}"/${P}-su-snprintf.patch
-	"${FILESDIR}"/${P}-prototypes.patch
-	"${FILESDIR}"/${P}-load_defaults.patch
-	"${FILESDIR}"/${P}-fix-root-defaults.patch
 )
 
 src_prepare() {
 	epatch "${PATCHES[@]}"
 	epatch_user
+	#eautoreconf
 	elibtoolize
 }
 
 src_configure() {
-	tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
 	econf \
 		--without-group-name-max-length \
 		--without-tcb \
@@ -63,6 +61,14 @@ src_configure() {
 		$(use_with elibc_glibc nscd) \
 		$(use_with xattr attr)
 	has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+	if use nls ; then
+		local l langs="po" # These are the pot files.
+		for l in ${LANGS[*]} ; do
+			use linguas_${l} && langs+=" ${l}"
+		done
+		sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+	fi
 }
 
 set_login_opt() {
@@ -71,14 +77,14 @@ set_login_opt() {
 		comment="#"
 		sed -i \
 			-e "/^${opt}\>/s:^:#:" \
-			"${ED}"/usr/share/shadow/login.defs || die
+			"${ED}"/etc/login.defs || die
 	else
 		sed -i -r \
 			-e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
-			"${ED}"/usr/share/shadow/login.defs || die
+			"${ED}"/etc/login.defs
 	fi
-	local res=$(grep "^${comment}${opt}\>" "${ED}"/usr/share/shadow/login.defs)
+	local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
-	einfo ${res:-Unable to find ${opt} in /usr/share/shadow/login.defs}
+	einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
 }
 
 src_install() {
@@ -91,46 +97,25 @@ src_install() {
 	#   remove it.
 	rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
 
-	# Remove files from /etc, they will be symlinks to /usr instead.
+	insinto /etc
-	rm -f "${ED}"/etc/{limits,login.access,login.defs,securetty,default/useradd}
-
-	# CoreOS: break shadow.conf into two files so that we only have to apply
-	# etc-shadow.conf in the initrd.
-	systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/etc-shadow.conf
-	systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/var-shadow.conf
-
-	insinto /usr/share/shadow
-	# Using a securetty with devfs device names added
-	# (compat names kept for non-devfs compatibility)
-	insopts -m0600 ; doins "${FILESDIR}"/securetty
-	dosym ../usr/share/shadow/securetty /etc/securetty
 	if ! use pam ; then
 		insopts -m0600
 		doins etc/login.access etc/limits
-		dosym ../usr/share/shadow/login.access /etc/login.access
-		dosym ../usr/share/shadow/limits /etc/limits
-	fi
-	# Output arch-specific cruft
-	local devs
-	case $(tc-arch) in
-		ppc*)  devs="hvc0 hvsi0 ttyPSC0";;
-		hppa)  devs="ttyB0";;
-		arm)   devs="ttyFB0 ttySAC0 ttySAC1 ttySAC2 ttySAC3 ttymxc0 ttymxc1 ttymxc2 ttymxc3 ttyO0 ttyO1 ttyO2";;
-		sh)    devs="ttySC0 ttySC1";;
-		amd64|x86)	devs="hvc0";;
-	esac
-	if [[ -n ${devs} ]]; then
-		printf '%s\n' ${devs} >> "${ED}"/usr/share/shadow/securetty
 	fi
 
 	# needed for 'useradd -D'
+	insinto /etc/default
 	insopts -m0600
 	doins "${FILESDIR}"/default/useradd
-	dosym ../../usr/share/shadow/useradd /etc/default/useradd
 
+	# move passwd to / to help recover broke systems #64441
+	mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+	dosym /bin/passwd /usr/bin/passwd
+
+	cd "${S}"
+	insinto /etc
 	insopts -m0644
 	newins etc/login.defs login.defs
-	dosym ../usr/share/shadow/login.defs /etc/login.defs
 
 	set_login_opt CREATE_HOME yes
 	if ! use pam ; then
@@ -181,7 +166,7 @@ src_install() {
 			-e 'b exit' \
 			-e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
 			-e ': exit' \
-			"${ED}"/usr/share/shadow/login.defs || die
+			"${ED}"/etc/login.defs || die
 
 		# remove manpages that pam will install for us
 		# and/or don't apply when using pam
@@ -198,8 +183,28 @@ src_install() {
 		'(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
 		-delete
 
+	cd "${S}"
 	dodoc ChangeLog NEWS TODO
 	newdoc README README.download
 	cd doc
 	dodoc HOWTO README* WISHLIST *.txt
 }
+
+pkg_preinst() {
+	rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+		"${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+	# Enable shadow groups.
+	if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+		if grpck -r -R "${EROOT}" 2>/dev/null ; then
+			grpconv -R "${EROOT}"
+		else
+			ewarn "Running 'grpck' returned errors.  Please run it by hand, and then"
+			ewarn "run 'grpconv' afterwards!"
+		fi
+	fi
+
+	einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}