diff --git a/trunk/085d04c3ddfb817ba5f13269b604384c260be84f.patch b/trunk/085d04c3ddfb817ba5f13269b604384c260be84f.patch
new file mode 100644
index 0000000..72a04fd
--- /dev/null
+++ b/trunk/085d04c3ddfb817ba5f13269b604384c260be84f.patch
@@ -0,0 +1,49 @@
+diff --git a/man/login.defs.d/HOME_MODE.xml b/man/login.defs.d/HOME_MODE.xml
+new file mode 100644
+index 000000000..21aa55f71
+--- /dev/null
++++ b/man/login.defs.d/HOME_MODE.xml
+@@ -0,0 +1,43 @@
++
++
++ (number)
++
++
++ The mode for new home directories. If not specified,
++ the is used to create the mode.
++
++
++ useradd and newusers use this
++ to set the mode of the home directory they create.
++
++
++
diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
index de451df..b4825c4 100644
--- a/trunk/PKGBUILD
+++ b/trunk/PKGBUILD
@@ -11,6 +11,7 @@ license=('BSD')
# libcap-ng needed by install scriptlet for 'filecap'
depends=('pam' 'acl' 'libacl.so' 'audit' 'libaudit.so' 'libcap-ng' 'libcap-ng.so'
'libxcrypt' 'libcrypt.so')
+makedepends=('docbook-xsl' 'itstool')
backup=(etc/login.defs
etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel}
etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
@@ -20,11 +21,14 @@ options=(strip debug)
validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8' # Christian Perrier
'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D') # Serge Hallyn
source=("https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz"{,.asc}
+ 085d04c3ddfb817ba5f13269b604384c260be84f.patch
+ b2753b146a6d98389587c43d6f003404bf0dec12.patch
+ options.patch
+ login.defs-arch.patch
LICENSE
chgpasswd
chpasswd
defaults.pam
- login.defs
newusers
passwd
shadow.{timer,service}
@@ -32,17 +36,28 @@ source=("https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow
install=shadow.install
sha1sums=('63457a0ba58dc4e81b2663b839dc6c89d3343f12'
'SKIP'
+ '15889c5843b65638a8fd1ee46b90fb0dac8b1a5e'
+ 'dd515df3fcf60ea03a7b7a688c9b255febee37ed'
+ 'a0f4c1ab8bc0c6b5128aadf7c8df3ac97c6b5d76'
+ '42f23894acfb9450601fff94e27b548293146fc8'
'33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
'4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
- '81a02eadb5f605fef5c75b6d8a03713a7041864b'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'611be25d91c3f8f307c7fe2485d5f781e5dee75f'
'a154a94b47a3d0c6c287253b98c0d10b861226d0'
'b5540736f5acbc23b568973eb5645604762db3dd'
'c173208c5cf34528602f9931468a67b7f68abad3')
+prepare() {
+ cd "$pkgname-$pkgver"
+ patch -p1 -i ../085d04c3ddfb817ba5f13269b604384c260be84f.patch # Add man/login.defs.d/HOME_MODE.xml missing from tarball
+ patch -p1 -i ../b2753b146a6d98389587c43d6f003404bf0dec12.patch # patch man/Makefile.am to use HOME_MODE.xml
+ patch -p1 -i ../options.patch # Remove uptions not supported due to use of pam from login.defs and related man page.
+ patch -p1 -i ../login.defs-arch.patch # set Arch defaults
+}
+
build() {
cd "$pkgname-$pkgver"
@@ -58,9 +73,11 @@ build() {
--with-libpam \
--with-group-name-max-length=32 \
--with-audit \
- --without-selinux
+ --without-selinux \
+ --enable-man
make
+ make man
}
package() {
@@ -81,7 +98,7 @@ package() {
ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer"
# login.defs
- install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
+ install -Dm644 etc/login.defs "$pkgdir/etc/login.defs"
# PAM config - custom
rm "$pkgdir/etc/pam.d"/*
diff --git a/trunk/b2753b146a6d98389587c43d6f003404bf0dec12.patch b/trunk/b2753b146a6d98389587c43d6f003404bf0dec12.patch
new file mode 100644
index 0000000..fbad30b
--- /dev/null
+++ b/trunk/b2753b146a6d98389587c43d6f003404bf0dec12.patch
@@ -0,0 +1,24 @@
+From b2753b146a6d98389587c43d6f003404bf0dec12 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn
+Date: Wed, 26 Feb 2020 19:41:54 -0600
+Subject: [PATCH] man/Makefile.am: add HOME_MODE.xml
+
+Closes #217
+
+Signed-off-by: Serge Hallyn
+---
+ man/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index 8b64febaf..5d7cc2a47 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -136,6 +136,7 @@ login_defs_v = \
+ FAKE_SHELL.xml \
+ FTMP_FILE.xml \
+ GID_MAX.xml \
++ HOME_MODE.xml \
+ HUSHLOGIN_FILE.xml \
+ ISSUE_FILE.xml \
+ KILLCHAR.xml \
diff --git a/trunk/login.defs-arch.patch b/trunk/login.defs-arch.patch
new file mode 100644
index 0000000..de4a8a9
--- /dev/null
+++ b/trunk/login.defs-arch.patch
@@ -0,0 +1,67 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index 6f8e19c1..9359535e 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -1,8 +1,14 @@
+ #
+ # /etc/login.defs - Configuration control definitions for the shadow package.
+ #
+-# $Id$
++# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
++# If unspecified, some arbitrary (and possibly incorrect) value will
++# be assumed. All other items are optional - if not specified then
++# the described action or option will be inhibited.
+ #
++# Comment lines (lines beginning with "#") and blank lines are ignored.
++#
++# Modified for Linux. --marekm
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -85,8 +91,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -129,7 +135,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -148,7 +154,7 @@ PASS_WARN_AGE 7
+ UID_MIN 1000
+ UID_MAX 60000
+ # System accounts
+-SYS_UID_MIN 101
++SYS_UID_MIN 500
+ SYS_UID_MAX 999
+ # Extra per user uids
+ SUB_UID_MIN 100000
+@@ -161,7 +167,7 @@ SUB_UID_COUNT 65536
+ GID_MIN 1000
+ GID_MAX 60000
+ # System accounts
+-SYS_GID_MIN 101
++SYS_GID_MIN 500
+ SYS_GID_MAX 999
+ # Extra per user group ids
+ SUB_GID_MIN 100000
+@@ -213,7 +219,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD SHA512
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff --git a/trunk/options.patch b/trunk/options.patch
new file mode 100644
index 0000000..b4fb603
--- /dev/null
+++ b/trunk/options.patch
@@ -0,0 +1,354 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index a2f8cd50..6f8e19c1 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -11,11 +11,6 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+@@ -26,11 +21,6 @@ LOG_UNKFAIL_ENAB no
+ #
+ LOG_OK_LOGINS no
+
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,29 +30,6 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+ #
+ # Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+ # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+@@ -83,37 +50,12 @@ CONSOLE /etc/securetty
+ #
+ #SULOG_FILE /var/log/sulog
+
+-#
+-# If defined, ":" delimited list of "message of the day" files to
+-# be displayed upon login.
+-#
+-MOTD_FILE /etc/motd
+-#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+-
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+ #
+ # If defined, file which maps tty line to TERM environment parameter.
+ # Each line of the file is in a format similar to "vt100 tty01".
+ #
+ #TTYTYPE_FILE /etc/ttytype
+
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+ #
+ # If defined, the command name to display when running "su -". For
+ # example, if this is defined as "su" then ps(1) will display the
+@@ -139,21 +81,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -180,7 +107,6 @@ TTYPERM 0600
+ #
+ # ERASECHAR Terminal ERASE character ('\010' = backspace).
+ # KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+ #
+ # The ERASECHAR and KILLCHAR are used only on System V machines.
+ # The ULIMIT is used only if the system supports it.
+@@ -190,7 +116,6 @@ TTYPERM 0600
+ #
+ ERASECHAR 0177
+ KILLCHAR 025
+-#ULIMIT 2097152
+
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+@@ -211,27 +136,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +178,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,13 +186,6 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+ #
+ # Only works if compiled with MD5_CRYPT defined:
+ # If set to "yes", new passwords will be encrypted using the MD5-based
+@@ -382,12 +263,6 @@ CHFN_RESTRICT rwh
+ #
+ DEFAULT_HOME yes
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 9e95da20..4a1e4a44 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -31,55 +31,35 @@
+ -->
+
+
+-
+
+
+
+
+
+-
+
+
+-
+-
+
+
+-
+
+-
+
+
+
+-
+
+-
+
+
+
+
+-
+
+-
+
+
+
+-
+-
+-
+-
+-
+-
+
+
+
+-
+-
+
+
+
+-
+
+
+
+@@ -91,7 +71,6 @@
+
+
+
+-
+
+
+
+@@ -167,45 +146,29 @@
+ The following configuration items are provided:
+
+
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+ &CONSOLE;
+ &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+ &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+ &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+ &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+ &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+ &MD5_CRYPT_ENAB;
+- &MOTD_FILE;
+- &NOLOGINS_FILE;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -215,13 +178,9 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+
+- &PASS_MAX_LEN;
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS;
+ &SULOG_FILE;
+ &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT;
+ &SUB_UID_COUNT;
+ &SYS_GID_MAX;
+@@ -233,7 +192,6 @@
+ &TTYGROUP;
+ &TTYTYPE_FILE;
+ &UID_MAX;
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;