summaryrefslogtreecommitdiff
path: root/source
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2020-02-07 22:32:38 +0000
committerEric Hameleers <alien@slackware.com>2020-02-08 08:59:48 +0100
commit080300e1e7dec7bb1a6297b5a4406e2c0be46048 (patch)
tree4ca397920d9a177af9eb3ca6781e2c8498b3672d /source
parent194ec853e8f20fd32d5a91eec74ff77383093f4e (diff)
downloadcurrent-080300e1e7dec7bb1a6297b5a4406e2c0be46048.tar.gz
Fri Feb 7 22:32:38 UTC 202020200207223238
a/kernel-firmware-20200206_5351afe-noarch-1.txz: Upgraded. ap/ghostscript-9.50-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. ap/gutenprint-5.3.3-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. ap/nano-4.8-x86_64-1.txz: Upgraded. ap/screen-4.8.0-x86_64-1.txz: Upgraded. ap/vim-8.2.0224-x86_64-1.txz: Upgraded. d/cvs-1.11.23-x86_64-4.txz: Rebuilt. Recompiled against krb5-1.17.1. d/strace-5.5-x86_64-1.txz: Upgraded. kde/kdelibs-4.14.38-x86_64-6.txz: Rebuilt. Recompiled against krb5-1.17.1. l/gtk+2-2.24.32-x86_64-3.txz: Rebuilt. Recompiled against krb5-1.17.1. l/gtk+3-3.24.13-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. l/libsoup-2.68.3-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. l/libssh-0.9.3-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. l/loudmouth-1.5.3-x86_64-4.txz: Rebuilt. Recompiled against krb5-1.17.1. l/neon-0.30.2-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. n/cifs-utils-6.10-x86_64-2.txz: Rebuilt. Recompiled to build cifs.upcall. n/curl-7.68.0-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. n/cyrus-sasl-2.1.27-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. xap/vim-gvim-8.2.0224-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source')
-rwxr-xr-xsource/a/libcgroup/libcgroup.SlackBuild12
-rw-r--r--source/a/shadow/doinst.sh23
-rw-r--r--source/a/shadow/login.defs.pam287
-rw-r--r--source/a/shadow/login.defs.shadow (renamed from source/a/shadow/login.defs)0
-rw-r--r--source/a/shadow/pam.d/chage4
-rw-r--r--source/a/shadow/pam.d/chfn4
-rw-r--r--source/a/shadow/pam.d/chgpasswd4
-rw-r--r--source/a/shadow/pam.d/chpasswd4
-rw-r--r--source/a/shadow/pam.d/chsh4
-rw-r--r--source/a/shadow/pam.d/groupadd4
-rw-r--r--source/a/shadow/pam.d/groupdel4
-rw-r--r--source/a/shadow/pam.d/groupmems4
-rw-r--r--source/a/shadow/pam.d/groupmod4
-rw-r--r--source/a/shadow/pam.d/login11
-rw-r--r--source/a/shadow/pam.d/newusers4
-rw-r--r--source/a/shadow/pam.d/other6
-rw-r--r--source/a/shadow/pam.d/passwd5
-rw-r--r--source/a/shadow/pam.d/postlogin4
-rw-r--r--source/a/shadow/pam.d/su11
-rw-r--r--source/a/shadow/pam.d/su-l6
-rw-r--r--source/a/shadow/pam.d/system-auth96
-rw-r--r--source/a/shadow/pam.d/useradd4
-rw-r--r--source/a/shadow/pam.d/userdel4
-rw-r--r--source/a/shadow/pam.d/usermod4
-rwxr-xr-xsource/a/shadow/shadow.SlackBuild55
-rw-r--r--source/a/shadow/shadow.login.display.short.hostname.diff24
-rw-r--r--source/a/shadow/slack-desc12
-rwxr-xr-xsource/a/util-linux/util-linux.SlackBuild13
-rwxr-xr-xsource/ap/cups/cups.SlackBuild19
-rw-r--r--source/ap/cups/doinst.sh3
-rwxr-xr-xsource/ap/ghostscript/ghostscript.SlackBuild2
-rwxr-xr-xsource/ap/gutenprint/gutenprint.SlackBuild2
-rwxr-xr-xsource/ap/hplip/hplip.SlackBuild9
-rwxr-xr-xsource/ap/lxc/lxc.SlackBuild2
-rw-r--r--source/ap/screen/doinst.sh19
-rwxr-xr-xsource/ap/screen/screen.SlackBuild44
-rw-r--r--source/ap/screen/screen.pam5
-rwxr-xr-xsource/ap/sudo/sudo.SlackBuild13
-rwxr-xr-xsource/d/cvs/cvs.SlackBuild2
-rw-r--r--source/kde/build/kdelibs2
-rw-r--r--source/kde/doinst.sh/kde-workspace9
-rw-r--r--source/kde/post-install/kde-workspace.post-install1
-rwxr-xr-xsource/l/ConsoleKit2/ConsoleKit2.SlackBuild14
-rwxr-xr-xsource/l/glibc/glibc.SlackBuild10
-rwxr-xr-xsource/l/gnome-keyring/gnome-keyring.SlackBuild5
-rwxr-xr-xsource/l/gtk+2/gtk+2.SlackBuild2
-rwxr-xr-xsource/l/gtk+3/gtk+3.SlackBuild2
-rwxr-xr-xsource/l/libsoup/libsoup.SlackBuild2
-rwxr-xr-xsource/l/libssh/libssh.SlackBuild2
-rwxr-xr-xsource/l/loudmouth/loudmouth.SlackBuild2
-rwxr-xr-xsource/l/neon/neon.SlackBuild2
-rw-r--r--source/l/polkit/doinst.sh3
-rwxr-xr-xsource/l/polkit/polkit.SlackBuild17
-rwxr-xr-xsource/l/system-config-printer/system-config-printer.SlackBuild10
-rwxr-xr-xsource/n/cifs-utils/cifs-utils.SlackBuild2
-rwxr-xr-xsource/n/curl/curl.SlackBuild5
-rwxr-xr-xsource/n/cyrus-sasl/cyrus-sasl.SlackBuild2
-rwxr-xr-xsource/n/dovecot/dovecot.SlackBuild6
-rw-r--r--source/n/netatalk/doinst.sh4
-rwxr-xr-xsource/n/netatalk/netatalk.SlackBuild23
-rw-r--r--source/n/openssh/doinst.sh3
-rwxr-xr-xsource/n/openssh/openssh.SlackBuild28
-rw-r--r--source/n/openssh/sshd.pam14
-rw-r--r--source/n/openssh/sshd_config-pam.diff12
-rwxr-xr-xsource/n/openvpn/openvpn.SlackBuild21
-rwxr-xr-xsource/n/popa3d/popa3d.SlackBuild7
-rw-r--r--source/n/popa3d/popa3d.pam.diff66
-rw-r--r--source/n/popa3d/popa3d.shadow.diff (renamed from source/n/popa3d/popa3d.diff)0
-rw-r--r--source/n/ppp/doinst.sh5
-rwxr-xr-xsource/n/ppp/ppp.SlackBuild14
-rwxr-xr-xsource/n/samba/samba.SlackBuild14
-rw-r--r--source/n/vsftpd/doinst.sh3
-rwxr-xr-xsource/n/vsftpd/vsftpd.SlackBuild9
-rw-r--r--source/x/x11/configure/xdm19
-rw-r--r--source/x/x11/doinst.sh/xdm5
-rw-r--r--source/x/x11/post-install/xdm.post-install5
-rw-r--r--source/x/x11/post-install/xdm/xdm.pamd9
-rw-r--r--source/xap/xlockmore/doinst.sh4
-rw-r--r--source/xap/xscreensaver/doinst.sh5
79 files changed, 1010 insertions, 95 deletions
diff --git a/source/a/libcgroup/libcgroup.SlackBuild b/source/a/libcgroup/libcgroup.SlackBuild
index 00fc2be8..e5ff9b4c 100755
--- a/source/a/libcgroup/libcgroup.SlackBuild
+++ b/source/a/libcgroup/libcgroup.SlackBuild
@@ -80,6 +80,15 @@ zcat $CWD/libcgroup.conf.diff.gz | patch -p1 --verbose || exit 1
# Apply combined patches from git, including for an infinate loop bug:
zcat $CWD/libcgroup.loop.diff.gz | patch -p1 --verbose || exit 1
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--enable-pam --enable-pam-module-dir=/lib/security"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--disable-pam"
+fi
+
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
@@ -97,7 +106,8 @@ CFLAGS="$SLKCFLAGS" \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--mandir=/usr/man \
--infodir=/usr/info \
- --disable-pam \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--disable-static \
--build=$ARCH-slackware-linux || exit 1
diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh
index a7bf2ee4..ce3e8116 100644
--- a/source/a/shadow/doinst.sh
+++ b/source/a/shadow/doinst.sh
@@ -10,8 +10,29 @@ config() {
# Otherwise, we leave the .new copy for the admin to consider...
}
+# First, check for PAM:
+if [ -r etc/pam.d/login.new ]; then
+ # If there's an existing /etc/login.defs that contains an obsolete option
+ # intended for a non-pam system, rename it to back it up and allow the
+ # pam-enabled login.defs to be installed automatically:
+ if grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then
+ mv etc/login.defs etc/login.defs.non-pam.backup
+ fi
+else # Same thing, but in reverse for a non-pam system:
+ if ! grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then
+ mv etc/login.defs etc/login.defs.pam.backup
+ fi
+fi
+
config etc/default/useradd.new
-config etc/login.access.new
config etc/login.defs.new
config var/log/faillog.new
rm -f var/log/faillog.new
+if [ -r etc/login.access.new ]; then
+ config etc/login.access.new
+fi
+for configfile in chage.new chfn.new chgpasswd.new chpasswd.new chsh.new groupadd.new groupdel.new groupmems.new groupmod.new login.new newusers.new other.new passwd.new postlogin.new su-l.new su.new system-auth.new useradd.new userdel.new usermod.new ; do
+ if [ -r etc/pam.d/$configfile ]; then
+ config etc/pam.d/$configfile
+ fi
+done
diff --git a/source/a/shadow/login.defs.pam b/source/a/shadow/login.defs.pam
new file mode 100644
index 00000000..cc15db6a
--- /dev/null
+++ b/source/a/shadow/login.defs.pam
@@ -0,0 +1,287 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+# $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+#
+FAIL_DELAY 3
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB yes
+SYSLOG_SG_ENAB yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names. Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE /etc/securetty
+#CONSOLE console:tty01:tty02:tty03:tty04
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE /var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100 tty01".
+#
+#TTYTYPE_FILE /etc/ttytype
+
+#
+# If defined, the command name to display when running "su -". For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su". If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME su
+
+#
+# *REQUIRED*
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR /var/spool/mail
+#MAIL_FILE .mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence. If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file. If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE /etc/hushlogins
+
+#
+# *REQUIRED* The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin
+
+#
+# Terminal permissions
+#
+# TTYGROUP Login tty will be assigned this group ownership.
+# TTYPERM Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP tty
+TTYPERM 0620
+
+#
+# Login configuration initializations:
+#
+# ERASECHAR Terminal ERASE character ('\010' = backspace).
+# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# (now it works with setrlimit too; ulimit is in 512-byte units)
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR 0177
+KILLCHAR 025
+
+#
+# Default initial "umask" value used by login(1) on non-PAM enabled systems.
+# Default "umask" value for pam_umask(8) on PAM enabled systems.
+# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+# home directories if HOME_MODE is not set.
+# 022 is the default value, but 027, or even 077, could be considered
+# for increased privacy. There is no One True Answer here: each sysadmin
+# must make up their mind.
+UMASK 022
+
+#
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+# If HOME_MODE is not set, the value of UMASK is used to create the mode.
+#HOME_MODE 0700
+
+#
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS 99999
+PASS_MIN_DAYS 0
+PASS_WARN_AGE 7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN 1000
+UID_MAX 60000
+# System accounts
+SYS_UID_MIN 101
+SYS_UID_MAX 999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN 1000
+GID_MAX 60000
+# System accounts
+SYS_GID_MIN 101
+SYS_GID_MAX 999
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES 5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT 60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone). If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT frwh
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm. Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB no
+
+#
+# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+ENCRYPT_METHOD SHA256
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# Only works if ENCRYPT_METHOD is set to BCRYPT.
+#
+# Define the number of BCRYPT rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, 13 rounds will be attempted.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#BCRYPT_MIN_ROUNDS 13
+#BCRYPT_MAX_ROUNDS 13
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting). Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# Most of these groups are self-explanatory, but in the case of
+# "lp", it is because group lp is needed to use a scanner that
+# is part of a multifunction printer.
+#
+# Note that users are added to these default groups only when
+# logging into a shell with /bin/login, not when using a login
+# manager such as kdm. In that case, users who should have
+# hardware access must be added to the appropriate groups
+# when the user is added with adduser or useradd, or by editing
+# /etc/group directly, preferably using "vigr"
+#
+CONSOLE_GROUPS floppy:audio:cdrom:video:lp:scanner
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
+#
+# If set to a non-nul number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permit to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP 0
+
+#
+# If useradd should create home directories for users by default (non
+# system users only)
+# This option is overridden with the -M or -m flags on the useradd command
+# line.
+#
+#CREATE_HOME yes
+
diff --git a/source/a/shadow/login.defs b/source/a/shadow/login.defs.shadow
index 022dd36f..022dd36f 100644
--- a/source/a/shadow/login.defs
+++ b/source/a/shadow/login.defs.shadow
diff --git a/source/a/shadow/pam.d/chage b/source/a/shadow/pam.d/chage
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/chage
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/chfn b/source/a/shadow/pam.d/chfn
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/chfn
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/chgpasswd b/source/a/shadow/pam.d/chgpasswd
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/chgpasswd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/chpasswd b/source/a/shadow/pam.d/chpasswd
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/chpasswd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/chsh b/source/a/shadow/pam.d/chsh
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/chsh
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/groupadd b/source/a/shadow/pam.d/groupadd
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/groupadd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/groupdel b/source/a/shadow/pam.d/groupdel
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/groupdel
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/groupmems b/source/a/shadow/pam.d/groupmems
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/groupmems
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/groupmod b/source/a/shadow/pam.d/groupmod
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/groupmod
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/login b/source/a/shadow/pam.d/login
new file mode 100644
index 00000000..eb312199
--- /dev/null
+++ b/source/a/shadow/pam.d/login
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth required pam_securetty.so
+auth include system-auth
+auth include postlogin
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session include postlogin
+session required pam_loginuid.so
+session optional pam_ck_connector.so nox11
diff --git a/source/a/shadow/pam.d/newusers b/source/a/shadow/pam.d/newusers
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/newusers
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/other b/source/a/shadow/pam.d/other
new file mode 100644
index 00000000..57282493
--- /dev/null
+++ b/source/a/shadow/pam.d/other
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
diff --git a/source/a/shadow/pam.d/passwd b/source/a/shadow/pam.d/passwd
new file mode 100644
index 00000000..67f8ff54
--- /dev/null
+++ b/source/a/shadow/pam.d/passwd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
diff --git a/source/a/shadow/pam.d/postlogin b/source/a/shadow/pam.d/postlogin
new file mode 100644
index 00000000..9777b897
--- /dev/null
+++ b/source/a/shadow/pam.d/postlogin
@@ -0,0 +1,4 @@
+#%PAM-1.0
+session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+session [default=1] pam_lastlog.so nowtmp showfailed
+session optional pam_lastlog.so silent noupdate showfailed
diff --git a/source/a/shadow/pam.d/su b/source/a/shadow/pam.d/su
new file mode 100644
index 00000000..c7c81487
--- /dev/null
+++ b/source/a/shadow/pam.d/su
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth sufficient pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth required pam_wheel.so use_uid
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
+session optional pam_xauth.so
diff --git a/source/a/shadow/pam.d/su-l b/source/a/shadow/pam.d/su-l
new file mode 100644
index 00000000..656a139a
--- /dev/null
+++ b/source/a/shadow/pam.d/su-l
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth include su
+account include su
+password include su
+session optional pam_keyinit.so force revoke
+session include su
diff --git a/source/a/shadow/pam.d/system-auth b/source/a/shadow/pam.d/system-auth
new file mode 100644
index 00000000..5fa10c80
--- /dev/null
+++ b/source/a/shadow/pam.d/system-auth
@@ -0,0 +1,96 @@
+#%PAM-1.0
+#
+# Most of these PAM modules have man pages included, like
+# PAM_UNIX(8) for example.
+#
+
+##################
+# Authentication #
+##################
+#
+# To set a limit on failed authentications, the tallying modules
+# can be enabled.
+#
+auth required pam_env.so
+auth required pam_tally2.so
+#
+auth sufficient pam_unix.so likeauth nullok
+auth required pam_deny.so
+auth optional pam_gnome_keyring.so
+
+##################
+# Account checks #
+##################
+#
+# Only root can login if file /etc/nologin exists.
+# This is equivalent to NOLOGINS_FILE on login.defs
+#
+account required pam_nologin.so
+#
+# Enable restrictions by time, specified in /etc/security/time.conf
+# This is equivalent to PORTTIME_CHECKS_ENAB on login.defs
+#
+account required pam_time.so
+account required pam_unix.so
+account sufficient pam_succeed_if.so uid < 100 quiet
+account required pam_permit.so
+
+#####################
+# Password handling #
+#####################
+#
+# If you have CrackLib installed and enabled
+#
+# Passwords will be checked against a huge dictionary and need to
+# have at least 6 characters (cracklib can't use 5). Some options
+# of cracklib modules are:
+#
+# difok Number of characters that needs to be different
+# between old and new characters
+# minlen Password minimal length
+# retry How many times the user can try bad new passwords
+# dcredit,ocredit,ucredit,lcredit
+# Digiti, Others, Uppercase, Lowercase characters
+# Positive numbers marks the max number of credits given
+# by one character class. With dcredit=5 and minlen=6, you
+# can't use a full numeric password because more than 5
+# digit characters doesn't count credits to achieve the
+# minimal length
+# Negative numbers determine that a password needs to have
+# at least N characters
+#
+# You can see many other pam_cracklib options at pam_cracklib(8) manpage
+#
+# Also, the "use_authtok" option for pam_unix is for working with pam_cracklib
+# in sharing the password stack. See pam_unix(8) for more details.
+#
+# If you need to use CrackLib to enforce your passwords, uncomment
+# two statements:
+#password requisite pam_cracklib.so retry=3 minlen=6 \
+# difok=1 dcredit=5 ocredit=5 ucredit=5 lcredit=5
+#password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok
+#
+# --
+# A less intense option for cracklib, is:
+#password requisite pam_cracklib.so retry=3
+#password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok
+# --
+# The default is the "traditional" way without CrackLib.
+# Passwords need to have at least 8 characters. If you are using Cracklib,
+# please comment the next statement.
+password sufficient pam_unix.so nullok sha512 shadow minlen=8
+
+# ATTENTION: keep the line for pam_deny.so
+password required pam_deny.so
+
+#########################
+# Session Configuration #
+#########################
+#
+# This applies the limits specified in /etc/security/limits.conf
+#
+session required pam_limits.so
+session required pam_unix.so
+#session required pam_lastlog.so showfailed
+#session optional pam_mail.so standard
+session optional pam_gnome_keyring.so auto_start
diff --git a/source/a/shadow/pam.d/useradd b/source/a/shadow/pam.d/useradd
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/useradd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/userdel b/source/a/shadow/pam.d/userdel
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/userdel
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/pam.d/usermod b/source/a/shadow/pam.d/usermod
new file mode 100644
index 00000000..8f49f5cc
--- /dev/null
+++ b/source/a/shadow/pam.d/usermod
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index 4264a24d..360da370 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -51,12 +51,16 @@ PKG=$TMP/package-shadow
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
fi
rm -rf $PKG
@@ -66,6 +70,15 @@ rm -rf shadow-$VERSION
tar xvf $CWD/shadow-$VERSION.tar.xz || exit 1
cd shadow-$VERSION
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--with-libpam"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--enable-shadowgrp --without-libcrack"
+fi
+
# Apply some patches taken from the svn trunk that
# fix some of the more serious bugs in 4.1.4.3:
for patch in $CWD/patches/*.diff.gz ; do
@@ -109,7 +122,8 @@ CFLAGS="$SLKCFLAGS" \
--enable-man \
--enable-subordinate-ids \
--disable-shared \
- --without-libcrack \
+ $SHADOW_OPTIONS \
+ $PAM_OPTIONS \
--build=$ARCH-slackware-linux
# --enable-utmpx # defaults to 'no'
@@ -134,16 +148,42 @@ mkdir -p $PKG/bin $PKG/sbin
)
mv $PKG/usr/sbin/nologin $PKG/sbin/nologin
+if [ ! -z "$PAM_OPTIONS" ]; then
+ # Don't ship the login utilities. We'll be using the ones from util-linux:
+ for file in /bin/login /bin/su /sbin/runuser /usr/bin/chfn /usr/bin/chsh \
+ /usr/man/man1/chfn.1.gz /usr/man/man1/chsh.1.gz /usr/man/man1/login.1.gz \
+ /usr/man/man1/runuser.1.gz /usr/man/man1/su.1.gz \
+ /usr/share/bash-completion/completions/chfn \
+ /usr/share/bash-completion/completions/chsh \
+ /usr/share/bash-completion/completions/su ; do
+ rm -f $PKG${file}
+ done
+ # Install config files in /etc/pam.d/. We'll use our own copies... I'm not
+ # sure that I trust upstream enough to let them handle this stuff.
+ rm -rf $PKG/etc/pam.d
+ mkdir -p $PKG/etc/pam.d
+ for file in $CWD/pam.d/* ; do
+ cp -a ${file} $PKG/etc/pam.d/
+ done
+ # Ensure correct perms/ownership on files in /etc/pam.d/:
+ chown root:root $PKG/etc/pam.d/*
+ chmod 644 $PKG/etc/pam.d/*
+ # Don't clobber existing config files:
+ find $PKG/etc/pam.d -type f -exec mv {} {}.new \;
+ # Install a login.defs with unsurprising defaults:
+ rm -f $PKG/etc/login.defs
+ zcat $CWD/login.defs.pam.gz > $PKG/etc/login.defs.new
+else # not using PAM
+ mv $PKG/etc/login.access $PKG/etc/login.access.new
+ # Install a login.defs with unsurprising defaults:
+ rm -f $PKG/etc/login.defs
+ zcat $CWD/login.defs.shadow.gz > $PKG/etc/login.defs.new
+fi
+
# /bin/groups is provided by coreutils.
rm -f $PKG/bin/groups
find $PKG -name groups.1 -exec rm {} \+
-# Install a login.defs with unsurprising defaults:
-rm -f $PKG/etc/login.defs
-zcat $CWD/login.defs.gz > $PKG/etc/login.defs.new
-
-mv $PKG/etc/login.access $PKG/etc/login.access.new
-
# I don't think this works well enough to recommend it.
#mv $PKG/etc/limits $PKG/etc/limits.new
rm -f $PKG/etc/limits
@@ -197,4 +237,3 @@ zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz
-
diff --git a/source/a/shadow/shadow.login.display.short.hostname.diff b/source/a/shadow/shadow.login.display.short.hostname.diff
index ad5c3eba..53a22f8b 100644
--- a/source/a/shadow/shadow.login.display.short.hostname.diff
+++ b/source/a/shadow/shadow.login.display.short.hostname.diff
@@ -1,5 +1,6 @@
---- ./libmisc/loginprompt.c.orig 2014-03-01 12:59:51.000000000 -0600
-+++ ./libmisc/loginprompt.c 2017-11-21 18:17:27.492000123 -0600
+diff -u -r --new-file shadow-4.8.1.orig/libmisc/loginprompt.c shadow-4.8.1/libmisc/loginprompt.c
+--- shadow-4.8.1.orig/libmisc/loginprompt.c 2019-07-23 10:26:08.000000000 -0500
++++ shadow-4.8.1/libmisc/loginprompt.c 2020-02-06 17:29:43.386954096 -0600
@@ -99,6 +99,15 @@
}
}
@@ -16,3 +17,22 @@
printf (prompt, buf);
(void) fflush (stdout);
}
+diff -u -r --new-file shadow-4.8.1.orig/src/login.c shadow-4.8.1/src/login.c
+--- shadow-4.8.1.orig/src/login.c 2020-01-12 07:58:49.000000000 -0600
++++ shadow-4.8.1/src/login.c 2020-02-06 17:29:33.191954722 -0600
+@@ -761,6 +761,15 @@
+
+ /* Make the login prompt look like we want it */
+ if (gethostname (hostn, sizeof (hostn)) == 0) {
++ /* Trim away everything after the first '.': */
++ int i = 0;
++ while (hostn[i] != '\0' && i < sizeof(hostn) - 1) {
++ if (hostn[i] == '.') {
++ hostn[i] = '\0';
++ break;
++ }
++ i++;
++ }
+ snprintf (loginprompt,
+ sizeof (loginprompt),
+ _("%s login: "), hostn);
diff --git a/source/a/shadow/slack-desc b/source/a/shadow/slack-desc
index 7263ee77..cb249741 100644
--- a/source/a/shadow/slack-desc
+++ b/source/a/shadow/slack-desc
@@ -8,12 +8,12 @@
|-----handy-ruler------------------------------------------------------|
shadow: shadow (shadow password suite)
shadow:
-shadow: This set of login related programs utilizes an alternate, non-readable
-shadow: file to contain the actual encrypted passwords. This is presumed to
-shadow: increase system security by increasing the difficulty with which
-shadow: system crackers obtain encrypted passwords. It was written by
-shadow: Julianne Frances Haugh and the Linux port is maintained by Tomasz
-shadow: Kloczko.
+shadow: This package includes the necessary programs for handling account
+shadow: information in the shadow password format, plus programs for managing
+shadow: user and group accounts. It was written by Julianne Frances Haugh and
+shadow: the Linux port is maintained by Tomasz Kloczko.
shadow:
shadow: Homepage: https://github.com/shadow-maint/shadow
shadow:
+shadow:
+shadow:
diff --git a/source/a/util-linux/util-linux.SlackBuild b/source/a/util-linux/util-linux.SlackBuild
index 8d6ff21c..662eb75c 100755
--- a/source/a/util-linux/util-linux.SlackBuild
+++ b/source/a/util-linux/util-linux.SlackBuild
@@ -82,6 +82,13 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ LOGIN_OPTIONS=""
+else
+ LOGIN_OPTIONS="--disable-login"
+fi
+
# Changing the fdisk -l output (this was done prior to util-linux-ng) broke
# our installation scripts, so we have changed the name of partition type
# 83 back to "Linux swap":
@@ -119,7 +126,7 @@ configure_with_python(){
--enable-pg \
--enable-raw \
--enable-rename \
- --disable-login \
+ $LOGIN_OPTIONS \
--enable-schedutils \
--enable-wall \
--enable-write \
@@ -136,13 +143,13 @@ CFLAGS="$SLKCFLAGS" \
configure_with_python 2 || exit 1
make $NUMJOBS || make || exit 1
-make install DESTDIR=$PKG || exit 1
+make install $NUMJOBS DESTDIR=$PKG || exit 1
# Build python3 bindings for libmount:
make clean
CFLAGS="$SLKCFLAGS" \
configure_with_python 3 || exit 1
-make \
+make $NUMJOBS \
install-pylibmountexecLTLIBRARIES \
install-pylibmountexecPYTHON \
DESTDIR=$PKG || exit 1
diff --git a/source/ap/cups/cups.SlackBuild b/source/ap/cups/cups.SlackBuild
index de09891b..60ff31fc 100755
--- a/source/ap/cups/cups.SlackBuild
+++ b/source/ap/cups/cups.SlackBuild
@@ -81,6 +81,15 @@ cd cups-$VERSION || exit 1
sed -i.orig -e 's#$exec_prefix/lib/cups#$libdir/cups#g' configure
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--enable-pam"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--disable-pam"
+fi
+
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
@@ -89,7 +98,8 @@ CXXFLAGS="$SLKCFLAGS" \
--enable-gnutls=yes \
--enable-cdsassl=no \
--docdir=/usr/doc \
- --disable-pam \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--disable-avahi \
--disable-dnssd \
--build=$ARCH-slackware-linux || exit 1
@@ -97,6 +107,13 @@ CXXFLAGS="$SLKCFLAGS" \
make $NUMJOBS || exit 1
make BUILDROOT=$PKG install || exit 1
+if [ ! -z "$PAM_OPTIONS" ]; then
+ # Allow pam config files to be edited by root:
+ chmod 644 $PKG/etc/pam.d/*
+ # Make PAM file .new:
+ mv $PKG/etc/pam.d/cups $PKG/etc/pam.d/cups.new
+fi
+
# Blacklist the usblp module just to make sure that it doesn't cause
# any problems:
mkdir -p $PKG/lib/modprobe.d
diff --git a/source/ap/cups/doinst.sh b/source/ap/cups/doinst.sh
index 6807cc3a..d0349bca 100644
--- a/source/ap/cups/doinst.sh
+++ b/source/ap/cups/doinst.sh
@@ -13,6 +13,9 @@ for file in etc/cups/*.new ; do
config $file
done
config etc/dbus-1/system.d/cups.conf.new
+if [ -r etc/pam.d/cups.new ]; then
+ config etc/pam.d/cups.new
+fi
# This file will just have to go. It appeared for a while during a -current
# devel period and has never been part of a stable release.
diff --git a/source/ap/ghostscript/ghostscript.SlackBuild b/source/ap/ghostscript/ghostscript.SlackBuild
index 614896e0..ae199f6b 100755
--- a/source/ap/ghostscript/ghostscript.SlackBuild
+++ b/source/ap/ghostscript/ghostscript.SlackBuild
@@ -27,7 +27,7 @@ if [ -r gnu-ghostscript-*.tar.?z ]; then
SRCPREFIX="gnu-"
fi
VERSION=${VERSION:-$(echo $SRCPREFIX$PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/ap/gutenprint/gutenprint.SlackBuild b/source/ap/gutenprint/gutenprint.SlackBuild
index bd952390..75fb110e 100755
--- a/source/ap/gutenprint/gutenprint.SlackBuild
+++ b/source/ap/gutenprint/gutenprint.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=gutenprint
VERSION=${VERSION:-$(echo gutenprint-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/ap/hplip/hplip.SlackBuild b/source/ap/hplip/hplip.SlackBuild
index cf0d963f..a6882040 100755
--- a/source/ap/hplip/hplip.SlackBuild
+++ b/source/ap/hplip/hplip.SlackBuild
@@ -83,6 +83,13 @@ zcat $CWD/setup.py.lc_all.c.diff.gz | patch -p1 --verbose || exit 1
# Fix a few .py files lacking #!/usr/bin/python3:
zcat $CWD/hplip.python3.shebang.diff.gz | patch -p1 --verbose || exit 1
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ unset SHADOW_OPTIONS
+else
+ SHADOW_OPTIONS="--enable-shadow-build"
+fi
+
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
@@ -133,7 +140,7 @@ PYTHON=/usr/bin/python3 \
--with-hpppddir=/usr/share/ppd/HP \
--with-drvdir=/usr/share/cups/drv/HP \
--enable-hpijs-install \
- --enable-shadow-build \
+ $SHADOW_OPTIONS \
--enable-scan-build \
--enable-gui-build \
--enable-fax-build \
diff --git a/source/ap/lxc/lxc.SlackBuild b/source/ap/lxc/lxc.SlackBuild
index d44f5a88..589e3ca6 100755
--- a/source/ap/lxc/lxc.SlackBuild
+++ b/source/ap/lxc/lxc.SlackBuild
@@ -193,7 +193,7 @@ fi
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
-cat $CWD/doinst.sh > $PKG/install/doinst.sh
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$(echo $VERSION | tr - _)-$ARCH-$BUILD.txz
diff --git a/source/ap/screen/doinst.sh b/source/ap/screen/doinst.sh
new file mode 100644
index 00000000..c71460ad
--- /dev/null
+++ b/source/ap/screen/doinst.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+config etc/screenrc.new
+config etc/skel/.screenrc.new
+if [ -r etc/pam.d/screen.new ]; then
+ config etc/pam.d/screen.new
+fi
+# This is probably safer than leaving the hidden .new file... maybe?
+rm -f etc/skel/.screenrc.new
diff --git a/source/ap/screen/screen.SlackBuild b/source/ap/screen/screen.SlackBuild
index dc7f2ded..ee5b24ae 100755
--- a/source/ap/screen/screen.SlackBuild
+++ b/source/ap/screen/screen.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2010, 2011, 2013, 2014, 2015, 2016, 2018, 2019 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2008, 2009, 2010, 2011, 2013, 2014, 2015, 2016, 2018, 2019, 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -46,12 +46,16 @@ fi
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
fi
TMP=${TMP:-/tmp}
@@ -86,6 +90,15 @@ done
# the console from being properly cleared when detaching from a screen session:
zcat $CWD/60-revert-screenrc-change.diff.gz | patch -p1 --verbose || exit 1
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--enable-pam"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--disable-pam"
+fi
+
# Configure:
CFLAGS="$SLKCFLAGS" \
./configure \
@@ -97,7 +110,8 @@ CFLAGS="$SLKCFLAGS" \
--with-sys-screenrc=/etc/screenrc \
--with-pty-mode=0620 \
--with-pty-group=5 \
- --disable-pam \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--enable-telnet \
--disable-socket-dir \
--enable-use-locale \
@@ -125,6 +139,12 @@ chmod 755 $PKG/usr/bin/screen-$VERSION
mkdir -p $PKG/etc/skel
cat etc/etcscreenrc > $PKG/etc/screenrc.new
cat etc/screenrc > $PKG/etc/skel/.screenrc.new
+
+if [ ! -z "$PAM_OPTIONS" ]; then
+ mkdir -p $PKG/etc/pam.d
+ cat $CWD/screen.pam > $PKG/etc/pam.d/screen.new
+fi
+
rm -f $PKG/usr/info/dir
gzip -9 $PKG/usr/info/*
gzip -9 $PKG/usr/man/man1/*
@@ -135,26 +155,8 @@ cp -a COPYING ChangeLog HACKING INSTALL NEWS README TODO \
$PKG/usr/doc/screen-$VERSION
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
-cat << EOF > $PKG/install/doinst.sh
-#!/bin/bash
-config() {
- NEW="\$1"
- OLD="\$(dirname \$NEW)/\$(basename \$NEW .new)"
- # If there's no config file by that name, mv it over:
- if [ ! -r \$OLD ]; then
- mv \$NEW \$OLD
- elif [ "\$(cat \$OLD | md5sum)" = "\$(cat \$NEW | md5sum)" ]; then # toss the redundant copy
- rm \$NEW
- fi
- # Otherwise, we leave the .new copy for the admin to consider...
-}
-config etc/screenrc.new
-config etc/skel/.screenrc.new
-# This is probably safer than leaving the hidden .new file... maybe?
-rm -f etc/skel/.screenrc.new
-EOF
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
# Build package:
cd $PKG
makepkg -l y -c n $TMP/screen-$VERSION-$ARCH-$BUILD.txz
-
diff --git a/source/ap/screen/screen.pam b/source/ap/screen/screen.pam
new file mode 100644
index 00000000..d286fe2a
--- /dev/null
+++ b/source/ap/screen/screen.pam
@@ -0,0 +1,5 @@
+#%PAM-1.0
+
+auth required pam_securetty.so debug
+auth include system-auth
+
diff --git a/source/ap/sudo/sudo.SlackBuild b/source/ap/sudo/sudo.SlackBuild
index 9bdcb652..a47e63e6 100755
--- a/source/ap/sudo/sudo.SlackBuild
+++ b/source/ap/sudo/sudo.SlackBuild
@@ -74,6 +74,15 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--enable-pam-session --with-pam=yes"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--disable-pam-session --with-pam=no"
+fi
+
CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
@@ -81,8 +90,8 @@ CFLAGS="$SLKCFLAGS" \
--mandir=/usr/man \
--docdir=/usr/doc/sudo-$VERSION \
--with-env-editor \
- --disable-pam-session \
- --with-pam=no \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--with-rundir=/run/sudo \
--with-vardir=/var/db/sudo \
--with-insults \
diff --git a/source/d/cvs/cvs.SlackBuild b/source/d/cvs/cvs.SlackBuild
index 491ff48a..3a11f439 100755
--- a/source/d/cvs/cvs.SlackBuild
+++ b/source/d/cvs/cvs.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cvs
VERSION=1.11.23
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/kde/build/kdelibs b/source/kde/build/kdelibs
index 7ed6ff82..1e8b3149 100644
--- a/source/kde/build/kdelibs
+++ b/source/kde/build/kdelibs
@@ -1 +1 @@
-5
+6
diff --git a/source/kde/doinst.sh/kde-workspace b/source/kde/doinst.sh/kde-workspace
index 5834cc55..796b2956 100644
--- a/source/kde/doinst.sh/kde-workspace
+++ b/source/kde/doinst.sh/kde-workspace
@@ -13,6 +13,12 @@ config() {
# Otherwise, we leave the .new copy for the admin to consider...
}
+config etc/kde/kdm/backgroundrc.new
+config etc/kde/kdm/kdmrc.new
+if [ -r etc/pam.d/kde.new ]; then
+ config etc/pam.d/kde.new
+fi
+
if [ -x usr/bin/update-desktop-database ]; then
usr/bin/update-desktop-database usr/share/applications >/dev/null 2>&1
fi
@@ -20,6 +26,3 @@ fi
if [ -x usr/bin/update-mime-database ]; then
usr/bin/update-mime-database usr/share/mime >/dev/null 2>&1
fi
-
-config etc/kde/kdm/backgroundrc.new
-config etc/kde/kdm/kdmrc.new
diff --git a/source/kde/post-install/kde-workspace.post-install b/source/kde/post-install/kde-workspace.post-install
index f6e0c236..8dbc910d 100644
--- a/source/kde/post-install/kde-workspace.post-install
+++ b/source/kde/post-install/kde-workspace.post-install
@@ -45,7 +45,6 @@ if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
cp -a $CWD/post-install/kde-workspace/config/kde.pamd $PKG/etc/pam.d/kde.new
chown root:root $PKG/etc/pam.d/kde.new
chmod 644 $PKG/etc/pam.d/kde.new
- echo "config etc/pam.d/kde.new" >> $PKG/install/doinst.sh
fi
# Move the KDM files someplace FHS compliant:
diff --git a/source/l/ConsoleKit2/ConsoleKit2.SlackBuild b/source/l/ConsoleKit2/ConsoleKit2.SlackBuild
index 2a7df01c..ea604833 100755
--- a/source/l/ConsoleKit2/ConsoleKit2.SlackBuild
+++ b/source/l/ConsoleKit2/ConsoleKit2.SlackBuild
@@ -4,7 +4,7 @@
# Copyright 2009, 2015 Robby Workman, Northport, Alabama, USA
# Copyright 2010, 2015 Eric Hameleers, Eindhoven, NL
-# Copyright 2010, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2010, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -102,6 +102,15 @@ find . \
autoreconf -vif
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--enable-pam-module=yes"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--enable-pam-module=no"
+fi
+
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
@@ -114,7 +123,8 @@ CXXFLAGS="$SLKCFLAGS" \
--with-rundir=/var/run \
--with-pid-file=/var/run/ConsoleKit/pid \
--enable-docbook-docs \
- --enable-pam-module=no \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--enable-udev-acl \
--disable-static \
--build=$TARGET || exit 1
diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild
index f9366001..8074f3d8 100755
--- a/source/l/glibc/glibc.SlackBuild
+++ b/source/l/glibc/glibc.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -242,11 +242,13 @@ CFLAGS="-g $OPTIMIZ" \
--without-cvs \
$TARGET-slackware-linux
-make $NUMJOBS || make || exit 1
-make install install_root=$PKG || exit 1
+make $NUMJOBS || exit 1
+make $NUMJOBS install install_root=$PKG || exit 1
# Don't use this, as it makes the i18n package WAY bigger:
#make localedata/install-locale-files DESTDIR=$PKG || exit 1
-make localedata/install-locales install_root=$PKG DESTDIR=$PKG || exit 1
+# This is ugly run in parallel, and seems to hang at the end. But it actually
+# completes much faster. :)
+make $NUMJOBS localedata/install-locales install_root=$PKG DESTDIR=$PKG || exit 1
# We've always had an sln symlink in /bin, so let's make sure it
# remains there so as not to break any scripts that might need it:
diff --git a/source/l/gnome-keyring/gnome-keyring.SlackBuild b/source/l/gnome-keyring/gnome-keyring.SlackBuild
index dcef5be1..ea20ec8b 100755
--- a/source/l/gnome-keyring/gnome-keyring.SlackBuild
+++ b/source/l/gnome-keyring/gnome-keyring.SlackBuild
@@ -103,6 +103,11 @@ for i in $( find $PKG/usr/man -type l ) ; do
rm $i
done
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ # Handle launching via pam_gnome_keyring.so instead:
+ rm $PKG/etc/xdg/autostart/gnome-keyring-*.desktop
+fi
+
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a \
AUTHORS README* COPYING* HACKING INSTALL NEWS \
diff --git a/source/l/gtk+2/gtk+2.SlackBuild b/source/l/gtk+2/gtk+2.SlackBuild
index 7eff8c4c..c21fefc1 100755
--- a/source/l/gtk+2/gtk+2.SlackBuild
+++ b/source/l/gtk+2/gtk+2.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=gtk+2
VERSION=${VERSION:-$(echo gtk+-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/gtk+3/gtk+3.SlackBuild b/source/l/gtk+3/gtk+3.SlackBuild
index d5985a8d..17ce4676 100755
--- a/source/l/gtk+3/gtk+3.SlackBuild
+++ b/source/l/gtk+3/gtk+3.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=gtk+3
VERSION=${VERSION:-$(echo gtk+-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/libsoup/libsoup.SlackBuild b/source/l/libsoup/libsoup.SlackBuild
index 63d04f5a..9881d8b9 100755
--- a/source/l/libsoup/libsoup.SlackBuild
+++ b/source/l/libsoup/libsoup.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libsoup
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
diff --git a/source/l/libssh/libssh.SlackBuild b/source/l/libssh/libssh.SlackBuild
index 12176d97..778f67f6 100755
--- a/source/l/libssh/libssh.SlackBuild
+++ b/source/l/libssh/libssh.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libssh
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/loudmouth/loudmouth.SlackBuild b/source/l/loudmouth/loudmouth.SlackBuild
index d51cdcc4..b12ab603 100755
--- a/source/l/loudmouth/loudmouth.SlackBuild
+++ b/source/l/loudmouth/loudmouth.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=loudmouth
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
diff --git a/source/l/neon/neon.SlackBuild b/source/l/neon/neon.SlackBuild
index 10d9b2e1..0d7becd3 100755
--- a/source/l/neon/neon.SlackBuild
+++ b/source/l/neon/neon.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=neon
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/l/polkit/doinst.sh b/source/l/polkit/doinst.sh
index 887bb792..ebcfef74 100644
--- a/source/l/polkit/doinst.sh
+++ b/source/l/polkit/doinst.sh
@@ -11,6 +11,9 @@ config() {
}
config etc/polkit-1/rules.d/20-plugdev-group-mount-override.rules.new
config etc/polkit-1/rules.d/10-org.freedesktop.NetworkManager.rules.new
+if [ -r etc/pam.d/polkit-1.new ]; then
+ config etc/pam.d/polkit-1.new
+fi
# Make sure the polkitd user and group exist:
if ! grep -q "^polkitd:" etc/passwd ; then
diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild
index 6de6b565..a9a21576 100755
--- a/source/l/polkit/polkit.SlackBuild
+++ b/source/l/polkit/polkit.SlackBuild
@@ -89,6 +89,15 @@ if ! grep -q "^polkitd:" /etc/passwd ; then
useradd -c "PolicyKit daemon owner" -d /var/lib/polkit -u 87 -g polkitd -s /bin/false polkitd
fi
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--with-authfw=pam --with-pam-module-dir=/lib/security"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--with-authfw=shadow"
+fi
+
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
@@ -105,7 +114,8 @@ CXXFLAGS="$SLKCFLAGS" \
--enable-introspection \
--enable-libsystemd-login=no \
--enable-libelogind=no \
- --with-authfw=shadow \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--enable-verbose-mode \
--with-os-type=Slackware \
--build=$ARCH-slackware-linux || exit 1
@@ -125,6 +135,11 @@ mkdir -p $PKG/var/lib/polkit
cat $CWD/10-org.freedesktop.NetworkManager.rules > $PKG/etc/polkit-1/rules.d/10-org.freedesktop.NetworkManager.rules.new
cat $CWD/20-plugdev-group-mount-override.rules > $PKG/etc/polkit-1/rules.d/20-plugdev-group-mount-override.rules.new
+if [ ! -z "$PAM_OPTIONS" ]; then
+ # Make the PAM file .new:
+ mv $PKG/etc/pam.d/polkit-1 $PKG/etc/pam.d/polkit-1.new
+fi
+
# Strip binaries:
find $PKG | xargs file | grep -e "executable" -e "shared object" \
| grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
diff --git a/source/l/system-config-printer/system-config-printer.SlackBuild b/source/l/system-config-printer/system-config-printer.SlackBuild
index 498f1d3b..795febb1 100755
--- a/source/l/system-config-printer/system-config-printer.SlackBuild
+++ b/source/l/system-config-printer/system-config-printer.SlackBuild
@@ -1,7 +1,7 @@
#!/bin/bash
# Copyright 2010, 2011, 2012 Eric Hameleers, Eindhoven, NL
-# Copyright 2010, 2011, 2012, 2013, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2010, 2011, 2012, 2013, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Permission to use, copy, modify, and distribute this software for
@@ -122,9 +122,11 @@ python3 -O -m compileall "${PKG}/usr/share/system-config-printer"
mkdir -p $PKG/lib
mv $PKG/etc/udev $PKG/lib/
-# Slackware does not use PAM. Instead, your user must be in group 'lp'.
-sed -i -e 's/at_console="true"/group="lp"/g' \
- $PKG/etc/dbus-1/system.d/com.redhat.NewPrinterNotification.conf
+if [ ! -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ # Looks like PAM is not installed. Instead, your user must be in group 'lp'.
+ sed -i -e 's/at_console="true"/group="lp"/g' \
+ $PKG/etc/dbus-1/system.d/com.redhat.NewPrinterNotification.conf
+fi
# Don't clobber the configuration file:
mv $PKG/etc/dbus-1/system.d/com.redhat.NewPrinterNotification.conf{,.new}
diff --git a/source/n/cifs-utils/cifs-utils.SlackBuild b/source/n/cifs-utils/cifs-utils.SlackBuild
index a73c85fd..58a2c8a4 100755
--- a/source/n/cifs-utils/cifs-utils.SlackBuild
+++ b/source/n/cifs-utils/cifs-utils.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cifs-utils
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/curl/curl.SlackBuild b/source/n/curl/curl.SlackBuild
index bb4f4c6d..a286ac6d 100755
--- a/source/n/curl/curl.SlackBuild
+++ b/source/n/curl/curl.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2010, 2011, 2013, 2014, 2016, 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2011, 2013, 2014, 2016, 2017, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=curl
VERSION=${VERSION:-$(echo curl-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -87,6 +87,7 @@ CFLAGS="$SLKCFLAGS" \
--mandir=/usr/man \
--with-ca-bundle=/usr/share/curl/ca-bundle.crt \
--with-libssh2 \
+ --with-gssapi \
--enable-static=no \
$SSLOPT || exit 1
diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
index d833a63b..fbdb54b4 100755
--- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
+++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=cyrus-sasl
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | cut -f 3- -d - | rev | cut -f 3- -d . | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/dovecot/dovecot.SlackBuild b/source/n/dovecot/dovecot.SlackBuild
index b3e65db8..ac457aa7 100755
--- a/source/n/dovecot/dovecot.SlackBuild
+++ b/source/n/dovecot/dovecot.SlackBuild
@@ -93,8 +93,10 @@ rm -rf $PKGNAM-ce-$VERSION
tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
cd $PKGNAM-$VERSION || exit 1
-# Ship config set up for authentication from /etc/passwd and /etc/shadow.
-zcat $CWD/dovecot.default.shadow.auth.diff.gz | patch -p1 --verbose || exit 1
+if [ ! -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then # no PAM
+ # Ship config set up for authentication from /etc/passwd and /etc/shadow.
+ zcat $CWD/dovecot.default.shadow.auth.diff.gz | patch -p1 --verbose || exit 1
+fi
# Since this package installs working config files in /etc/dovecot, there isn't
# any need to send people to /usr/doc. Also, make sure that TLS is recommended.
diff --git a/source/n/netatalk/doinst.sh b/source/n/netatalk/doinst.sh
index 939e530f..6cc08633 100644
--- a/source/n/netatalk/doinst.sh
+++ b/source/n/netatalk/doinst.sh
@@ -22,3 +22,7 @@ config etc/rc.d/rc.atalk.new
config etc/netatalk/afp.conf.new
config etc/netatalk/dbus-session.conf.new
config etc/netatalk/extmap.conf.new
+
+if [ -r etc/pam.d/netatalk.new ]; then
+ config etc/pam.d/netatalk.new
+fi
diff --git a/source/n/netatalk/netatalk.SlackBuild b/source/n/netatalk/netatalk.SlackBuild
index 8e77c3ed..7295fdd2 100755
--- a/source/n/netatalk/netatalk.SlackBuild
+++ b/source/n/netatalk/netatalk.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2012, 2015, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2012, 2015, 2018, 2019, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -28,8 +28,6 @@ PKGNAM=netatalk
VERSION=${VERSION:-$(echo netatalk-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-2}
-NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
-
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
@@ -48,6 +46,8 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
exit 0
fi
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
@@ -78,6 +78,15 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--with-pam-confdir=/etc/pam.d --with-pam --enable-ddp"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--with-shadow"
+fi
+
# use the system libevent, because the internal one won't compile
# with openssl 1.1. Also skip pam and kerberos (for now).
CFLAGS="$SLKCFLAGS" \
@@ -89,8 +98,8 @@ CFLAGS="$SLKCFLAGS" \
--libexecdir=/usr/sbin \
--localstatedir=/var \
--disable-static \
- --with-shadow \
- --disable-static \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--with-libevent=system \
--with-dbus-sysconf-dir=/etc/dbus-1/system.d/ \
--with-dbus-daemon=/usr/bin/dbus-daemon \
@@ -132,6 +141,10 @@ cat $CWD/slack-desc > $PKG/install/slack-desc
done
)
+if [ ! -z "$PAM_OPTIONS" ]; then
+ mv $PKG/etc/pam.d/netatalk $PKG/etc/pam.d/netatalk.new
+fi
+
mkdir -p $PKG/usr/doc/netatalk-$VERSION
cp -a \
AUTHORS CONTRIBUTORS COPYING* COPYRIGHT NEWS VERSION \
diff --git a/source/n/openssh/doinst.sh b/source/n/openssh/doinst.sh
index 08536ff6..ba1d1cdd 100644
--- a/source/n/openssh/doinst.sh
+++ b/source/n/openssh/doinst.sh
@@ -21,6 +21,9 @@ preserve_perms() {
config ${NEW}
}
+if [ -r etc/pam.d/sshd.new ]; then
+ config etc/pam.d/sshd.new
+fi
config etc/default/sshd.new
config etc/ssh/ssh_config.new
config etc/ssh/sshd_config.new
diff --git a/source/n/openssh/openssh.SlackBuild b/source/n/openssh/openssh.SlackBuild
index 6b634a23..3c614d87 100755
--- a/source/n/openssh/openssh.SlackBuild
+++ b/source/n/openssh/openssh.SlackBuild
@@ -2,7 +2,7 @@
# Copyright 2000 BSDi, Inc. Concord, CA, USA
# Copyright 2001, 2002, 2003, 2004 Slackware Linux, Inc. Concord, CA, USA
-# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -54,16 +54,22 @@ fi
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
elif [ "$ARCH" = "arm" ]; then
SLKCFLAGS="-O2 -march=armv4 -mtune=xscale"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "armel" ]; then
SLKCFLAGS="-O2 -march=armv4t"
+ LIBDIRSUFFIX=""
else
SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
fi
# Clean target location:
@@ -80,6 +86,17 @@ chown -R root:root .
# Restore support for tcpwrappers:
zcat $CWD/openssh.tcp_wrappers.diff.gz | patch -p1 --verbose || exit 1
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--with-pam --with-kerberos5"
+ unset SHADOW_OPTIONS
+ # Enable PAM in sshd_config:
+ zcat $CWD/sshd_config-pam.diff.gz | patch -p1 --verbose || exit 1
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--without-pam"
+fi
+
autoreconf -vif
# Compile package:
@@ -88,7 +105,8 @@ CFLAGS="$SLKCFLAGS" \
--prefix=/usr \
--mandir=/usr/man \
--sysconfdir=/etc/ssh \
- --without-pam \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--with-md5-passwords \
--with-libedit \
--with-tcp-wrappers \
@@ -170,6 +188,12 @@ fi
cat $CWD/rc.sshd > etc/rc.d/rc.sshd.new
chmod 755 etc/rc.d/rc.sshd.new
+ if [ ! -z "$PAM_OPTIONS" ]; then
+ # Add the pam stuff:
+ mkdir -p etc/pam.d
+ cat $CWD/sshd.pam > etc/pam.d/sshd.new
+ fi
+
# Copy runtime installation files:
mkdir -p install
zcat $CWD/doinst.sh.gz > install/doinst.sh
diff --git a/source/n/openssh/sshd.pam b/source/n/openssh/sshd.pam
new file mode 100644
index 00000000..0c465192
--- /dev/null
+++ b/source/n/openssh/sshd.pam
@@ -0,0 +1,14 @@
+#%PAM-1.0
+# pam_securetty.so is commented out since sshd already does a good job of
+# protecting itself. You may uncomment it if you like, but then you may
+# need to add additional consoles to /etc/securetty if you want to allow
+# root logins on them, such as: ssh, pts/0, :0, etc
+#auth required pam_securetty.so
+auth include system-auth
+auth include postlogin
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session include postlogin
+session required pam_loginuid.so
diff --git a/source/n/openssh/sshd_config-pam.diff b/source/n/openssh/sshd_config-pam.diff
new file mode 100644
index 00000000..d5198c2f
--- /dev/null
+++ b/source/n/openssh/sshd_config-pam.diff
@@ -0,0 +1,12 @@
+diff -Nur openssh-6.6p1.orig/sshd_config openssh-6.6p1/sshd_config
+--- openssh-6.6p1.orig/sshd_config 2014-01-12 02:20:47.000000000 -0600
++++ openssh-6.6p1/sshd_config 2014-07-26 17:28:35.993833123 -0500
+@@ -94,7 +94,7 @@
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
+-#UsePAM no
++UsePAM yes
+
+ #AllowAgentForwarding yes
+ #AllowTcpForwarding yes
diff --git a/source/n/openvpn/openvpn.SlackBuild b/source/n/openvpn/openvpn.SlackBuild
index ca2eb028..21406b8b 100755
--- a/source/n/openvpn/openvpn.SlackBuild
+++ b/source/n/openvpn/openvpn.SlackBuild
@@ -81,6 +81,15 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--enable-plugin-auth-pam"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--disable-plugin-auth-pam"
+fi
+
if [ ! -x configure ]; then
autoreconf -vif
fi
@@ -96,12 +105,22 @@ CXXFLAGS="$SLKCFLAGS" \
--docdir=/usr/doc/openvpn-${VERSION} \
--enable-lzo \
--enable-iproute2 \
- --disable-plugin-auth-pam \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--build=$ARCH-slackware-linux || exit 1
make $NUMJOBS || make || exit 1
make install-strip DESTDIR=$PKG || exit 1
+if [ ! -z "$PAM_OPTIONS" ]; then
+ # Make openvpn-auth-pam.so:
+ make -C plugin/auth-pam
+ strip --strip-unneeded plugin/auth-pam/openvpn-auth-pam.so
+ mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}
+ cp -a plugin/auth-pam/openvpn-auth-pam.so $PKG/usr/lib${LIBDIRSUFFIX}/
+ mv plugin/auth-pam/README plugin/auth-pam/README.pam
+fi
+
# Create a decent config directory. openvpn doesn't have one by
# default, nor does it have a single config file.
mkdir -p $PKG/etc/openvpn/{certs,keys}
diff --git a/source/n/popa3d/popa3d.SlackBuild b/source/n/popa3d/popa3d.SlackBuild
index be51f237..511b8aa9 100755
--- a/source/n/popa3d/popa3d.SlackBuild
+++ b/source/n/popa3d/popa3d.SlackBuild
@@ -56,7 +56,12 @@ rm -rf popa3d-$VERSION
tar xvf $CWD/popa3d-$VERSION.tar.?z || exit 1
cd popa3d-$VERSION || exit 1
-zcat $CWD/popa3d.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ zcat $CWD/popa3d.pam.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1
+else
+ zcat $CWD/popa3d.shadow.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1
+fi
chown -R root:root .
find . \
diff --git a/source/n/popa3d/popa3d.pam.diff b/source/n/popa3d/popa3d.pam.diff
new file mode 100644
index 00000000..c0b64384
--- /dev/null
+++ b/source/n/popa3d/popa3d.pam.diff
@@ -0,0 +1,66 @@
+diff -up ../popa3d-1.0.3.orig/Makefile ./Makefile
+--- ../popa3d-1.0.3.orig/Makefile 2006-03-05 05:36:54.000000000 -0500
++++ ./Makefile 2018-09-18 12:56:05.412312376 -0400
+@@ -5,26 +5,26 @@ MKDIR = mkdir -p
+ INSTALL = install -c
+ CFLAGS = -Wall -O2 -fomit-frame-pointer
+ # You may use OpenSSL's MD5 routines instead of the ones supplied here
+-#CFLAGS += -DHAVE_OPENSSL
++CFLAGS += -DHAVE_OPENSSL
+ LDFLAGS = -s
+ LIBS =
+ # Linux with glibc, FreeBSD, NetBSD
+-#LIBS += -lcrypt
++LIBS += -lcrypt
+ # HP-UX trusted system
+ #LIBS += -lsec
+ # Solaris (POP_STANDALONE, POP_VIRTUAL)
+ #LIBS += -lsocket -lnsl
+ # PAM
+-#LIBS += -lpam
++LIBS += -lpam
+ # TCP wrappers
+ #LIBS += -lwrap
+ # libwrap may also want this
+ #LIBS += -lnsl
+ # OpenSSL (-DHAVE_OPENSSL)
+-#LIBS += -lcrypto
++LIBS += -lcrypto
+
+ DESTDIR =
+-PREFIX = /usr/local
++PREFIX = /usr
+ SBINDIR = $(PREFIX)/sbin
+ MANDIR = $(PREFIX)/man
+
+Common subdirectories: ../popa3d-1.0.3.orig/md5 and ./md5
+diff -up ../popa3d-1.0.3.orig/params.h ./params.h
+--- ../popa3d-1.0.3.orig/params.h 2006-03-05 08:18:32.000000000 -0500
++++ ./params.h 2018-09-18 12:55:55.953210742 -0400
+@@ -13,7 +13,7 @@
+ /*
+ * Are we going to be a standalone server or start via an inetd clone?
+ */
+-#define POP_STANDALONE 0
++#define POP_STANDALONE 1
+
+ #if POP_STANDALONE
+
+@@ -103,7 +103,7 @@
+ * A pseudo-user to run as before authentication. The user and its UID
+ * must not be used for any other purpose.
+ */
+-#define POP_USER POP_SERVER
++#define POP_USER "pop"
+
+ /*
+ * An empty directory to chroot to before authentication. The directory
+@@ -191,7 +191,7 @@
+ *
+ * #undef this for qmail-style $HOME/Mailbox mailboxes.
+ */
+-#define MAIL_SPOOL_PATH "/var/mail"
++#define MAIL_SPOOL_PATH "/var/spool/mail"
+
+ #ifndef MAIL_SPOOL_PATH
+ /*
diff --git a/source/n/popa3d/popa3d.diff b/source/n/popa3d/popa3d.shadow.diff
index 773f9085..773f9085 100644
--- a/source/n/popa3d/popa3d.diff
+++ b/source/n/popa3d/popa3d.shadow.diff
diff --git a/source/n/ppp/doinst.sh b/source/n/ppp/doinst.sh
index 54facc41..3a74db67 100644
--- a/source/n/ppp/doinst.sh
+++ b/source/n/ppp/doinst.sh
@@ -10,6 +10,11 @@ config() {
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
+
+if [ -r etc/pam.d/ppp.new ]; then
+ config etc/pam.d/ppp.new
+fi
+
config etc/ppp/chap-secrets.new
config etc/ppp/options.new
config etc/ppp/pap-secrets.new
diff --git a/source/n/ppp/ppp.SlackBuild b/source/n/ppp/ppp.SlackBuild
index 8c1a9dd9..13b21fb3 100755
--- a/source/n/ppp/ppp.SlackBuild
+++ b/source/n/ppp/ppp.SlackBuild
@@ -86,13 +86,25 @@ zcat $CWD/0028-pppoe-include-netinet-in.h-before-linux-in.h.patch.gz | patch -p1
zcat $CWD/ppp.glibc228.diff.gz | patch -p1 --verbose || exit 1
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="USE_PAM=y"
+else
+ unset PAM_OPTIONS
+fi
+
./configure \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} || exit 1
-make $NUMJOBS || make || exit 1
+make $PAM_OPTIONS $NUMJOBS || make || exit 1
make install DESTDIR=$PKG/usr || exit 1
+if [ ! -z "$PAM_OPTIONS" ]; then
+ mkdir -p $PKG/etc/pam.d
+ cat pppd/ppp.pam > $PKG/etc/pam.d/ppp.new
+fi
+
# Install PPP config files:
mkdir -p $PKG/etc/ppp
cp -a etc.ppp/* $PKG/etc/ppp
diff --git a/source/n/samba/samba.SlackBuild b/source/n/samba/samba.SlackBuild
index 76bc3c47..c7e364d4 100755
--- a/source/n/samba/samba.SlackBuild
+++ b/source/n/samba/samba.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2008, 2009, 2010, 2012, 2013, 2015, 2016, 2017, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2008, 2009, 2010, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -100,6 +100,15 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ PAM_OPTIONS="--with-pam --with-pammodulesdir=/lib/security --with-system-mitkrb5 --with-experimental-mit-ad-dc"
+ unset SHADOW_OPTIONS
+else
+ unset PAM_OPTIONS
+ SHADOW_OPTIONS="--without-pam"
+fi
+
# Some of these options could be auto-detected, but declaring them
# here doesn't hurt and helps document what features we're trying to
# build in.
@@ -133,7 +142,8 @@ CFLAGS="$SLKCFLAGS" \
--with-winbind \
--with-ldap \
--with-ads \
- --without-pam \
+ $PAM_OPTIONS \
+ $SHADOW_OPTIONS \
--build=$TARGET || exit 1
# Gives errors:
#--builtin-libraries=replace,ccan \
diff --git a/source/n/vsftpd/doinst.sh b/source/n/vsftpd/doinst.sh
index f915774f..25161226 100644
--- a/source/n/vsftpd/doinst.sh
+++ b/source/n/vsftpd/doinst.sh
@@ -9,6 +9,9 @@ config() {
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
+if [ -r etc/pam.d/vsftpd.new ]; then
+ config etc/pam.d/vsftpd.new
+fi
config etc/vsftpd.conf.new
config etc/logrotate.d/vsftpd.new
rm -f etc/logrotate.d/vsftpd.new
diff --git a/source/n/vsftpd/vsftpd.SlackBuild b/source/n/vsftpd/vsftpd.SlackBuild
index 870050f2..2f7f1209 100755
--- a/source/n/vsftpd/vsftpd.SlackBuild
+++ b/source/n/vsftpd/vsftpd.SlackBuild
@@ -26,8 +26,6 @@ PKGNAM=vsftpd
VERSION=${VERSION:-$(echo ${PKGNAM}-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-5}
-NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
-
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
@@ -46,6 +44,8 @@ if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
exit 0
fi
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
if [ "$ARCH" = "x86_64" ]; then
LIBDIRSUFFIX="64"
else
@@ -92,6 +92,11 @@ cat vsftpd.8 | gzip -9c > $PKG/usr/man/man8/vsftpd.8.gz
mkdir -p $PKG/etc
cat vsftpd.conf > $PKG/etc/vsftpd.conf.new
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ mkdir -p $PKG/etc/pam.d
+ cat RedHat/vsftpd.pam > $PKG/etc/pam.d/vsftpd.new
+fi
+
mkdir -p $PKG/etc/logrotate.d
zcat $CWD/vsftpd.log.gz > $PKG/etc/logrotate.d/vsftpd.new
diff --git a/source/x/x11/configure/xdm b/source/x/x11/configure/xdm
new file mode 100644
index 00000000..1c7dc7cc
--- /dev/null
+++ b/source/x/x11/configure/xdm
@@ -0,0 +1,19 @@
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ XDM_PAM_OPTION="--with-pam"
+else
+ unset XDM_PAM_OPTION
+fi
+
+CFLAGS=$SLKCFLAGS \
+CXXFLAGS=$SLKCFLAGS \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --infodir=/usr/info \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/${PKGNAME}-${MODULAR_PACKAGE_VERSION} \
+ $XDM_PAM_OPTION \
+ --disable-static \
+ --build=$ARCH-slackware-linux
diff --git a/source/x/x11/doinst.sh/xdm b/source/x/x11/doinst.sh/xdm
index 871a3897..68c356c5 100644
--- a/source/x/x11/doinst.sh/xdm
+++ b/source/x/x11/doinst.sh/xdm
@@ -9,6 +9,11 @@ config() {
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
+
+if [ -r etc/pam.d/xdm.new ]; then
+ config etc/pam.d/xdm.new
+fi
+
for conffile in \
Xaccess Xreset Xresources Xservers Xsession Xsetup_0 Xstartup Xwilling \
GiveConsole TakeConsole xdm-config ../app-defaults/Chooser ;
diff --git a/source/x/x11/post-install/xdm.post-install b/source/x/x11/post-install/xdm.post-install
index 8410a8fa..31b390d8 100644
--- a/source/x/x11/post-install/xdm.post-install
+++ b/source/x/x11/post-install/xdm.post-install
@@ -14,6 +14,11 @@ mv $PKG/etc/X11/xdm/Xsetup_0 $PKG/usr/doc/xdm-$MODULAR_PACKAGE_VERSION/Xsetup_0.
cp -a $CWD/post-install/xdm/Xsession $PKG/etc/X11/xdm/Xsession
cp -a $CWD/post-install/xdm/Xsetup_0 $PKG/etc/X11/xdm/Xsetup_0
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+ mkdir -p $PKG/etc/pam.d
+ cat $CWD/post-install/xdm/xdm.pamd > $PKG/etc/pam.d/xdm.new
+fi
+
chown root:root $PKG/etc/X11/xdm/Xsession $PKG/etc/X11/xdm/Xsetup_0
chmod 0755 $PKG/etc/X11/xdm/Xsession $PKG/etc/X11/xdm/Xsetup_0
diff --git a/source/x/x11/post-install/xdm/xdm.pamd b/source/x/x11/post-install/xdm/xdm.pamd
new file mode 100644
index 00000000..a3b9decf
--- /dev/null
+++ b/source/x/x11/post-install/xdm/xdm.pamd
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth include system-auth
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session required pam_loginuid.so
+session optional pam_ck_connector.so
+session include postlogin
diff --git a/source/xap/xlockmore/doinst.sh b/source/xap/xlockmore/doinst.sh
index 3c7968d9..0b372dbc 100644
--- a/source/xap/xlockmore/doinst.sh
+++ b/source/xap/xlockmore/doinst.sh
@@ -11,4 +11,6 @@ config() {
# Otherwise, we leave the .new copy for the admin to consider...
}
-config etc/pam.d/xlock.new
+if [ -r etc/pam.d/xlock.new ]; then
+ config etc/pam.d/xlock.new
+fi
diff --git a/source/xap/xscreensaver/doinst.sh b/source/xap/xscreensaver/doinst.sh
index f2744d09..8f79143c 100644
--- a/source/xap/xscreensaver/doinst.sh
+++ b/source/xap/xscreensaver/doinst.sh
@@ -11,5 +11,6 @@ config() {
# Otherwise, we leave the .new copy for the admin to consider...
}
-config etc/pam.d/xscreensaver.new
-
+if [ -r etc/pam.d/xscreensaver.new ]; then
+ config etc/pam.d/xscreensaver.new
+fi