Merge pull request #376 from Dennisbonke/shadow

bootstrap.d/app-shells.yml

@@ -26,7 +26,7 @@ packages:
       - ncurses
       - readline
       - libiconv
-    revision: 9
+    revision: 10
     configure:
       - args:
         - '@THIS_SOURCE_DIR@/configure'

bootstrap.d/meta-pkgs.yml

@@ -49,7 +49,8 @@ packages:
       - dhcpcd
       - procps
       - htop
-    revision: 6
+      - shadow
+    revision: 7
     configure: []
     build: []
 

bootstrap.d/sys-apps.yml

@@ -751,6 +751,72 @@ packages:
         environ:
           DESTDIR: '@THIS_COLLECT_DIR@'
 
+  - name: shadow
+    labels: [aarch64]
+    architecture: '@OPTION:arch@'
+    metadata:
+      summary: Utilities to deal with user accounts
+      description: The package contains programs for handling passwords in a secure way.
+      spdx: 'BSD-2-Clause BSD-3-Clause BSD-4-Clause 0BSD Unlicense GPL-2.0-or-later'
+      website: 'https://github.com/shadow-maint/shadow'
+      maintainer: "Dennis Bonke <dennis@managarm.org>"
+      categories: ['sys-apps']
+    source:
+      subdir: ports
+      git: 'https://github.com/shadow-maint/shadow.git'
+      tag: '4.8.1'
+      version: '4.8.1'
+      tools_required:
+        - host-autoconf-v2.69
+        - host-automake-v1.15
+        - host-pkg-config
+        - host-libtool
+        - host-gettext
+      regenerate:
+        - args: ['./autogen.sh']
+    tools_required:
+      - system-gcc
+    pkgs_required:
+      - mlibc
+      - libxcrypt
+      - libiconv
+      - libintl
+    revision: 1
+    configure:
+      - args:
+        - '@THIS_SOURCE_DIR@/configure'
+        - '--host=x86_64-managarm'
+        - '--prefix=/usr'
+        - '--exec-prefix=/usr'
+        - '--sysconfdir=/etc'
+        - '--disable-static'
+        - '--enable-shared'
+        - '--disable-nls'
+        - '--without-audit'
+        - '--without-libpam'
+        - '--without-btrfs'
+        - '--without-selinux'
+        - '--without-acl'
+        - '--without-attr'
+        - '--without-skey'
+        - '--without-tcb'
+        - '--without-libcrack'
+        - '--without-nscd'
+        - '--without-sssd'
+        - '--with-group-name-max-length=32'
+        - '--disable-man'
+        - '--with-bcrypt'
+        - '--with-yescrypt'
+        - '--without-libbsd'
+        environ:
+          ac_cv_func_fsync: 'no'
+          ac_cv_header_sys_capability_h: 'no'
+    build:
+      - args: ['make', '-j@PARALLELISM@']
+      - args: ['make', 'pamddir=', 'exec_prefix=/usr', 'install']
+        environ:
+          DESTDIR: '@THIS_COLLECT_DIR@'
+
   - name: ripgrep
     stability_level: 'broken' # Rust updates?
     architecture: '@OPTION:arch@'

bootstrap.yml

@@ -975,7 +975,7 @@ packages:
     source:
       subdir: meta-sources
       version: '1.0'
-    revision: 8
+    revision: 9
     configure: []
     build:
       # Create initial directories
@@ -1010,6 +1010,8 @@ packages:
       # Install a default passwd, group and resolv.conf
       - args: ['cp', '@SOURCE_ROOT@/extrafiles/passwd', '@THIS_COLLECT_DIR@/etc']
       - args: ['cp', '@SOURCE_ROOT@/extrafiles/group', '@THIS_COLLECT_DIR@/etc']
+      - args: ['cp', '@SOURCE_ROOT@/extrafiles/shadow', '@THIS_COLLECT_DIR@/etc']
+      - args: ['cp', '@SOURCE_ROOT@/extrafiles/gshadow', '@THIS_COLLECT_DIR@/etc']
       - args: ['cp', '@SOURCE_ROOT@/extrafiles/resolv.conf', '@THIS_COLLECT_DIR@/etc']
       # Link /bin, /lib and /sbin to their /usr counterparts
       - args: ['ln', '-svf', 'usr/bin', '@THIS_COLLECT_DIR@/bin']
@@ -1775,7 +1777,7 @@ packages:
       - libdrm
       - libtsm
       - eudev
-    revision: 6
+    revision: 7
     configure:
       - args:
         - 'meson'

extrafiles/.bashrc

@@ -21,5 +21,29 @@ fi
 
 # Edit from here
 
-LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
-export LS_COLORS
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# enable color support of ls and also add handy aliases
+#if [ -x /usr/bin/dircolors ]; then
+#    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    alias dir='dir --color=auto'
+    alias vdir='vdir --color=auto'
+
+    alias grep='grep --color=auto'
+    alias fgrep='fgrep --color=auto'
+    alias egrep='egrep --color=auto'
+#fi

extrafiles/gshadow

@@ -0,0 +1,17 @@
+root:x::
+bin:x::daemon
+tty:x::
+disk:x::
+daemon:x::
+lp:x::
+kmem:x::
+messagebus:x::
+lpadmin:x::
+dialout:x::
+cdrom:x::
+tape:x::
+audio:x::
+video:x::
+nogroup:x::
+input:x::
+managarm:x::

extrafiles/kmscon.conf

@@ -1,4 +1,4 @@
 seats=seat0
-login=/usr/bin/bash
+login=/usr/bin/login
 font-engine=unifont
 render-engine=bblit

extrafiles/passwd

@@ -2,6 +2,6 @@ root:x:0:0:root:/root:/bin/bash
 bin:x:1:1:bin:/dev/null:/bin/false
 daemon:x:8:8:Daemon User:/dev/null:/bin/false
 lp:x:9:9:Print Service User:/var/spool/cups:/bin/false
-messagebus:x:18:18:D-Bus Message Daemon User:/run/dbus:/usr/bin/false
+messagebus:x:18:18:D-Bus Message Daemon User:/run/dbus:/bin/false
 nobody:x:99:99:Unprivileged User:/dev/null:/bin/false
 managarm:x:1000:1000:Managarm:/home/managarm:/bin/bash

extrafiles/shadow

@@ -0,0 +1,7 @@
+root:4T1CNB2BgzJeI:19971:0:99999:7:::
+bin:x:19971:0:99999:7:::
+daemon:x:19971:0:99999:7:::
+lp:x:19971:0:99999:7:::
+messagebus:x:19971:0:99999:7:::
+nobody:x:19971:0:99999:7:::
+managarm:WJg36EZUlJ96k:19971:0:99999:7:::

patches/shadow/0001-Add-Managarm-support.patch

@@ -0,0 +1,141 @@
+From 3ac0eb16ceed2fe416b5af55f4b24db454cfcec4 Mon Sep 17 00:00:00 2001
+From: Dennis Bonke <admin@dennisbonke.com>
+Date: Thu, 5 Sep 2024 00:27:05 +0200
+Subject: [PATCH] Add Managarm support
+
+Signed-off-by: Dennis Bonke <admin@dennisbonke.com>
+---
+ Makefile.am     |  2 +-
+ autogen.sh      |  2 ++
+ lib/encrypt.c   |  1 +
+ libmisc/utmp.c  |  3 +++
+ src/Makefile.am | 10 ++++------
+ src/login.c     |  6 ++++++
+ 6 files changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 8851f5d..5a58c54 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2,5 +2,5 @@
+
+ EXTRA_DIST = NEWS README TODO shadow.spec.in
+
+-SUBDIRS = po man libmisc lib src \
++SUBDIRS = po libmisc lib src \
+ 	contrib doc etc
+diff --git a/autogen.sh b/autogen.sh
+index 336463c..12393e0 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -2,6 +2,8 @@
+
+ autoreconf -v -f --install || exit 1
+
++exit 0
++
+ ./configure \
+ 	CFLAGS="-O2 -Wall" \
+ 	--enable-man \
+diff --git a/lib/encrypt.c b/lib/encrypt.c
+index 4247f24..2486f6b 100644
+--- a/lib/encrypt.c
++++ b/lib/encrypt.c
+@@ -34,6 +34,7 @@
+
+ #ident "$Id$"
+
++#include <crypt.h>
+ #include <unistd.h>
+ #include <stdio.h>
+
+diff --git a/libmisc/utmp.c b/libmisc/utmp.c
+index ba69cf6..51277cd 100644
+--- a/libmisc/utmp.c
++++ b/libmisc/utmp.c
+@@ -47,6 +47,9 @@
+ #include <netdb.h>
+ #include <stdio.h>
+
++#include <fcntl.h>
++#include <netinet/in.h>
++
+ #ident "$Id$"
+
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index f175928..9c24dc5 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -23,14 +23,12 @@ AM_CPPFLAGS = \
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS   = groups login
+-sbin_PROGRAMS  = nologin
+-ubin_PROGRAMS  = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
++ubin_PROGRAMS  = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd groups login
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+ if WITH_SU
+-bin_PROGRAMS  += su
++ubin_PROGRAMS  += su
+ endif
+ usbin_PROGRAMS = \
+ 	chgpasswd \
+@@ -44,6 +42,7 @@ usbin_PROGRAMS = \
+ 	grpunconv \
+ 	logoutd \
+ 	newusers \
++	nologin \
+ 	pwck \
+ 	pwconv \
+ 	pwunconv \
+@@ -56,10 +55,9 @@ usbin_PROGRAMS = \
+ noinst_PROGRAMS = id sulogin
+
+ suidusbins     =
+-suidbins       =
+ suidubins      = chage chfn chsh expiry gpasswd newgrp
+ if WITH_SU
+-suidbins      += su
++suidubins      += su
+ endif
+ if !WITH_TCB
+ suidubins += passwd
+diff --git a/src/login.c b/src/login.c
+index 00508cd..af876c9 100644
+--- a/src/login.c
++++ b/src/login.c
+@@ -713,6 +713,8 @@ int main (int argc, char **argv)
+ 	}
+
+       top:
++// This triggers a frigg assert?
++#ifndef __managarm__
+ 	/* only allow ALARM sec. for login */
+ 	timeout = getdef_unum ("LOGIN_TIMEOUT", ALARM);
+ 	snprintf (tmsg, sizeof tmsg,
+@@ -721,6 +723,7 @@ int main (int argc, char **argv)
+ 	if (timeout > 0) {
+ 		(void) alarm (timeout);
+ 	}
++#endif
+
+ 	environ = newenvp;	/* make new environment active */
+ 	delay   = getdef_unum ("FAIL_DELAY", 1);
+@@ -1109,7 +1112,10 @@ int main (int argc, char **argv)
+ 	assert (NULL != username);
+ 	assert (NULL != pwd);
+
++// Broken, see above
++#ifndef __managarm__
+ 	(void) alarm (0);		/* turn off alarm clock */
++#endif
+
+ #ifndef USE_PAM			/* PAM does this */
+ 	/*
+-- 
+2.45.2
+