From 24ab592d15cec5fdc269043e69c8c7b9eb17df19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Sun, 23 Nov 2025 14:19:23 +0100 Subject: [PATCH 1/2] Add core::linux-pam version 1.7.1 Supply a minimal pam configuration so that at least login is supposed to work. --- recipes/core/linux-pam.yaml | 39 ++++++++++++++++++++++++++++++++++++ recipes/core/linux-pam/login | 10 +++++++++ recipes/core/linux-pam/other | 7 +++++++ 3 files changed, 56 insertions(+) create mode 100644 recipes/core/linux-pam.yaml create mode 100644 recipes/core/linux-pam/login create mode 100644 recipes/core/linux-pam/other diff --git a/recipes/core/linux-pam.yaml b/recipes/core/linux-pam.yaml new file mode 100644 index 0000000..e1e13e6 --- /dev/null +++ b/recipes/core/linux-pam.yaml @@ -0,0 +1,39 @@ +inherit: [meson] + +metaEnvironment: + PKG_VERSION: "1.7.1" + PKG_LICENSE: BSD-3-Clause + +depends: + - libs::libxcrypt-dev + + - use: [] + depends: + - libs::libxcrypt-tgt + +checkoutSCM: + scm: url + url: "$GITHUB_MIRROR/linux-pam/linux-pam/releases/download/v${PKG_VERSION}/Linux-PAM-${PKG_VERSION}.tar.xz" + digestSHA256: "21dbcec6e01dd578f14789eac9024a18941e6f2702a05cf91b28c232eeb26ab0" + stripComponents: 1 + +buildScript: | + mesonBuild "$1" \ + -Ddocs=disabled \ + -Dexamples=false \ + -Disadir=/usr/lib/security \ + -Dnis=disabled \ + -Dpam_userdb=disabled + +multiPackage: + dev: + packageScript: mesonPackageDev + provideDeps: [ "*-dev" ] + + tgt: + packageScript: | + mesonPackageTgt + install -m 0644 -D $<> etc/pam.d/login + install -m 0644 -D $<> etc/pam.d/other + + provideDeps: [ "*-tgt" ] diff --git a/recipes/core/linux-pam/login b/recipes/core/linux-pam/login new file mode 100644 index 0000000..9546f9f --- /dev/null +++ b/recipes/core/linux-pam/login @@ -0,0 +1,10 @@ +auth required pam_unix.so nullok + +account required pam_unix.so + +password required pam_unix.so nullok + +session required pam_limits.so +session required pam_env.so +session required pam_unix.so +-session optional pam_systemd.so diff --git a/recipes/core/linux-pam/other b/recipes/core/linux-pam/other new file mode 100644 index 0000000..a198aa2 --- /dev/null +++ b/recipes/core/linux-pam/other @@ -0,0 +1,7 @@ +auth required pam_deny.so + +account required pam_deny.so + +password required pam_deny.so + +session required pam_deny.so From f0b5772b9190eaac0a467233a0bb9eb8a6e3721e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kl=C3=B6tzke?= Date: Sun, 23 Nov 2025 14:20:51 +0100 Subject: [PATCH 2/2] core::util-linux: add option to enable su utility Enabling su requires to have libpam. To keep compatibility, leave it off by default. --- recipes/core/util-linux.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/recipes/core/util-linux.yaml b/recipes/core/util-linux.yaml index 44709fc..b087d3d 100644 --- a/recipes/core/util-linux.yaml +++ b/recipes/core/util-linux.yaml @@ -7,6 +7,11 @@ metaEnvironment: PKG_LICENSE_PATH: util-linux:README.licensing +Config: + UTIL_LINUX_SU: + type: bool + default: False + depends: - libs::ncurses-dev - libs::zlib-dev @@ -16,6 +21,12 @@ depends: - libs::ncurses-tgt - libs::zlib-tgt + - if: "$UTIL_LINUX_SU" + depends: + - core::linux-pam-dev + - use: [] + name: core::linux-pam-tgt + checkoutSCM: scm: url url: ${KERNEL_MIRROR}/linux/utils/util-linux/v${PKG_VERSION_MAJOR}/util-linux-${PKG_VERSION}.tar.xz