xref: /OK3568_Linux_fs/yocto/poky/meta/recipes-extended/pam/libpam_1.5.2.bb (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1DISABLE_STATIC = ""
2SUMMARY = "Linux-PAM (Pluggable Authentication Modules)"
3DESCRIPTION = "Linux-PAM (Pluggable Authentication Modules for Linux), a flexible mechanism for authenticating users"
4HOMEPAGE = "https://fedorahosted.org/linux-pam/"
5BUGTRACKER = "https://fedorahosted.org/linux-pam/newticket"
6SECTION = "base"
7# PAM is dual licensed under GPL and BSD.
8# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
9# libpam-runtime-1.0.1 is GPL-2.0-or-later), by openembedded
10LICENSE = "GPL-2.0-or-later | BSD-3-Clause"
11LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
12                    file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
13                    "
14
15SRC_URI = "https://github.com/linux-pam/linux-pam/releases/download/v${PV}/Linux-PAM-${PV}.tar.xz \
16           file://99_pam \
17           file://pam.d/common-account \
18           file://pam.d/common-auth \
19           file://pam.d/common-password \
20           file://pam.d/common-session \
21           file://pam.d/common-session-noninteractive \
22           file://pam.d/other \
23           file://libpam-xtests.patch \
24           file://0001-run-xtests.sh-check-whether-files-exist.patch \
25           file://run-ptest \
26           file://pam-volatiles.conf \
27           file://CVE-2022-28321-0002.patch \
28           "
29
30SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"
31
32DEPENDS = "bison-native flex flex-native cracklib libxml2-native virtual/crypt"
33
34EXTRA_OECONF = "--includedir=${includedir}/security \
35                --libdir=${base_libdir} \
36                --with-systemdunitdir=${systemd_system_unitdir} \
37                --disable-nis \
38                --disable-regenerate-docu \
39                --disable-doc \
40		--disable-prelude"
41
42CFLAGS:append = " -fPIC "
43
44S = "${WORKDIR}/Linux-PAM-${PV}"
45
46inherit autotools gettext pkgconfig systemd ptest
47
48PACKAGECONFIG ??= ""
49PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit,"
50PACKAGECONFIG[userdb] = "--enable-db=db,--enable-db=no,db,"
51
52PACKAGES += "${PN}-runtime ${PN}-xtests"
53FILES:${PN} = "${base_libdir}/lib*${SOLIBS}"
54FILES:${PN}-dev += "${base_libdir}/security/*.la ${base_libdir}/*.la ${base_libdir}/lib*${SOLIBSDEV}"
55FILES:${PN}-runtime = "${sysconfdir} ${sbindir} ${systemd_system_unitdir}"
56FILES:${PN}-xtests = "${datadir}/Linux-PAM/xtests"
57
58PACKAGES_DYNAMIC += "^${MLPREFIX}pam-plugin-.*"
59
60def get_multilib_bit(d):
61    baselib = d.getVar('baselib') or ''
62    return baselib.replace('lib', '')
63
64libpam_suffix = "suffix${@get_multilib_bit(d)}"
65
66RPROVIDES:${PN} += "${PN}-${libpam_suffix}"
67RPROVIDES:${PN}-runtime += "${PN}-runtime-${libpam_suffix}"
68
69RDEPENDS:${PN}-runtime = "${PN}-${libpam_suffix} \
70    ${MLPREFIX}pam-plugin-deny-${libpam_suffix} \
71    ${MLPREFIX}pam-plugin-permit-${libpam_suffix} \
72    ${MLPREFIX}pam-plugin-warn-${libpam_suffix} \
73    ${MLPREFIX}pam-plugin-unix-${libpam_suffix} \
74    "
75RDEPENDS:${PN}-xtests = "${PN}-${libpam_suffix} \
76    ${MLPREFIX}pam-plugin-access-${libpam_suffix} \
77    ${MLPREFIX}pam-plugin-debug-${libpam_suffix} \
78    ${MLPREFIX}pam-plugin-pwhistory-${libpam_suffix} \
79    ${MLPREFIX}pam-plugin-succeed-if-${libpam_suffix} \
80    ${MLPREFIX}pam-plugin-time-${libpam_suffix} \
81    bash coreutils"
82
83# FIXME: Native suffix breaks here, disable it for now
84RRECOMMENDS:${PN} = "${PN}-runtime-${libpam_suffix}"
85RRECOMMENDS:${PN}:class-native = ""
86
87python populate_packages:prepend () {
88    def pam_plugin_hook(file, pkg, pattern, format, basename):
89        pn = d.getVar('PN')
90        libpam_suffix = d.getVar('libpam_suffix')
91
92        rdeps = d.getVar('RDEPENDS:' + pkg)
93        if rdeps:
94            rdeps = rdeps + " " + pn + "-" + libpam_suffix
95        else:
96            rdeps = pn + "-" + libpam_suffix
97        d.setVar('RDEPENDS:' + pkg, rdeps)
98
99        provides = d.getVar('RPROVIDES:' + pkg)
100        if provides:
101            provides = provides + " " + pkg + "-" + libpam_suffix
102        else:
103            provides = pkg + "-" + libpam_suffix
104        d.setVar('RPROVIDES:' + pkg, provides)
105
106    mlprefix = d.getVar('MLPREFIX') or ''
107    dvar = d.expand('${WORKDIR}/package')
108    pam_libdir = d.expand('${base_libdir}/security')
109    pam_sbindir = d.expand('${sbindir}')
110    pam_filterdir = d.expand('${base_libdir}/security/pam_filter')
111    pam_pkgname = mlprefix + 'pam-plugin%s'
112
113    do_split_packages(d, pam_libdir, r'^pam(.*)\.so$', pam_pkgname,
114                      'PAM plugin for %s', hook=pam_plugin_hook, extra_depends='')
115    do_split_packages(d, pam_filterdir, r'^(.*)$', 'pam-filter-%s', 'PAM filter for %s', extra_depends='')
116}
117
118do_compile_ptest() {
119        cd tests
120        sed -i -e 's/$(MAKE) $(AM_MAKEFLAGS) check-TESTS//' Makefile
121        oe_runmake check-am
122        cd -
123}
124
125do_install() {
126	autotools_do_install
127
128	# don't install /var/run when populating rootfs. Do it through volatile
129	rm -rf ${D}${localstatedir}
130
131        if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then
132            rm -rf ${D}${sysconfdir}/init.d/
133            rm -rf ${D}${sysconfdir}/rc*
134            install -d ${D}${sysconfdir}/tmpfiles.d
135            install -m 0644 ${WORKDIR}/pam-volatiles.conf \
136                    ${D}${sysconfdir}/tmpfiles.d/pam.conf
137        else
138            install -d ${D}${sysconfdir}/default/volatiles
139            install -m 0644 ${WORKDIR}/99_pam \
140                    ${D}${sysconfdir}/default/volatiles/
141        fi
142
143	install -d ${D}${sysconfdir}/pam.d/
144	install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
145
146	# The lsb requires unix_chkpwd has setuid permission
147	chmod 4755 ${D}${sbindir}/unix_chkpwd
148
149	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
150		echo "session optional pam_systemd.so" >> ${D}${sysconfdir}/pam.d/common-session
151	fi
152	if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','false','true',d)}; then
153		install -d ${D}/${libdir}/
154		mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir}/
155	fi
156}
157
158do_install_ptest() {
159    if [ ${PTEST_ENABLED} = "1" ]; then
160        mkdir -p ${D}${PTEST_PATH}/tests
161        install -m 0755 ${B}/tests/.libs/* ${D}${PTEST_PATH}/tests
162        install -m 0644 ${S}/tests/confdir ${D}${PTEST_PATH}/tests
163    fi
164}
165
166pkg_postinst:${PN}() {
167         if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
168                 /etc/init.d/populate-volatile.sh update
169         fi
170}
171
172inherit features_check
173REQUIRED_DISTRO_FEATURES = "pam"
174
175BBCLASSEXTEND = "nativesdk native"
176
177CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session"
178CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-auth"
179CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-password"
180CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-session-noninteractive"
181CONFFILES:${PN}-runtime += "${sysconfdir}/pam.d/common-account"
182CONFFILES:${PN}-runtime += "${sysconfdir}/security/limits.conf"
183
184UPSTREAM_CHECK_URI = "https://github.com/linux-pam/linux-pam/releases"
185
186CVE_PRODUCT = "linux-pam"
187