repo/system/pam.xibuild


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

#!/bin/sh

MAKEDEPS="make automake"
DEPS="musl audit libxcrypt"

PKG_VER=1.5.2
SOURCE=https://github.com/linux-pam/linux-pam/releases/download/v$PKG_VER/Linux-PAM-$PKG_VER.tar.xz
DESC="PAM (Pluggable Authentication Modules) library"

prepare () {
    # prevent install of an uneeded systemd file
    sed -e /service_DATA/d \
        -i modules/pam_namespace/Makefile.am &&
    autoreconf

}

build () {
    ./configure --prefix=/usr                        \
            --sbindir=/usr/sbin                  \
            --sysconfdir=/etc                    \
            --libdir=/usr/lib                    \
            --enable-securedir=/usr/lib/security \
            --docdir=/usr/share/doc/Linux-PAM-$PKG_VER &&
    make
}

package () {
    make DESTDIR=$PKG_DEST install
    install -m755 -d $PKG_DEST/etc/pam.d

    install -dm755 $PKG_DEST/etc/pam.d 
    cat > $PKG_DEST/etc/pam.d/system-account << "EOF" 
# Begin /etc/pam.d/system-account

account   required    pam_unix.so

# End /etc/pam.d/system-account
EOF

    cat > $PKG_DEST/etc/pam.d/system-auth << "EOF" 
# Begin /etc/pam.d/system-auth

auth      required    pam_unix.so

# End /etc/pam.d/system-auth
EOF

    cat > $PKG_DEST/etc/pam.d/system-session << "EOF"
# Begin /etc/pam.d/system-session

session   required    pam_unix.so

# End /etc/pam.d/system-session
EOF

    cat > $PKG_DEST/etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password

# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password  required    pam_unix.so       sha512 shadow try_first_pass

# End /etc/pam.d/system-password
EOF
    cat > $PKG_DEST/etc/pam.d/other << "EOF"
# Begin /etc/pam.d/other

auth        required        pam_warn.so
auth        required        pam_deny.so
account     required        pam_warn.so
account     required        pam_deny.so
password    required        pam_warn.so
password    required        pam_deny.so
session     required        pam_warn.so
session     required        pam_deny.so

# End /etc/pam.d/other
EOF

}