summaryrefslogtreecommitdiff
path: root/source
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2018-06-13 21:55:19 +0000
committerEric Hameleers <alien@slackware.com>2018-06-14 08:58:07 +0200
commit11b00957be9f8661c4248d52bb20cdacdd442615 (patch)
treea72da2814f739ae52f52afbf34df4df751131901 /source
parentd8095c1e90c817c5c1bd4cbb892be7218946279b (diff)
downloadcurrent-11b00957be9f8661c4248d52bb20cdacdd442615.tar.gz
Wed Jun 13 21:55:19 UTC 201820180613215519
a/etc-15.0-x86_64-5.txz: Rebuilt. Don't hardcode passwd/shadow/group additions in doinst.sh - get them from the .new files. a/sysvinit-scripts-2.1-noarch-11.txz: Rebuilt. rc.S: don't start rc.haveged in this script - move it to rc.M. rc.M: start rc.haveged after seeding /dev/urandom in rc.S, and after starting syslogd, klogd, and udev in rc.M. rc.M: start rc.rndg (we don't ship it or rng-tools) after udev. H. Peter Anvin says that it's fine to run both haveged and rndg, and I trust his opinion on that. Thanks to GazL. ap/at-3.1.20-x86_64-4.txz: Rebuilt. Fixed wrong variable in rc.atd. Thanks to upnort. n/libgcrypt-1.8.3-x86_64-1.txz: Upgraded. Use blinding for ECDSA signing to mitigate a novel side-channel attack. For more information, see: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495 (* Security fix *)
Diffstat (limited to 'source')
-rw-r--r--source/a/etc/doinst.sh114
-rwxr-xr-xsource/a/etc/etc.SlackBuild16
-rw-r--r--source/a/etc/group.new54
-rw-r--r--source/a/etc/passwd.new33
-rw-r--r--source/a/etc/shadow.new33
-rw-r--r--source/a/sysvinit-scripts/scripts/rc.M10
-rw-r--r--source/a/sysvinit-scripts/scripts/rc.S6
-rwxr-xr-xsource/a/sysvinit-scripts/sysvinit-scripts.SlackBuild2
-rwxr-xr-xsource/ap/at/at.SlackBuild2
-rw-r--r--source/ap/at/rc.atd2
-rwxr-xr-xsource/n/libgcrypt/libgcrypt.SlackBuild2
11 files changed, 263 insertions, 11 deletions
diff --git a/source/a/etc/doinst.sh b/source/a/etc/doinst.sh
new file mode 100644
index 00000000..83376f57
--- /dev/null
+++ b/source/a/etc/doinst.sh
@@ -0,0 +1,114 @@
+#!/bin/sh
+config() {
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# First, make sure any new entries in passwd/shadow/group are added:
+if [ -r etc/passwd -a -r etc/passwd.new ]; then
+ cat etc/passwd.new | while read line ; do
+ if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/passwd ; then
+ echo $line >> etc/passwd
+ fi
+ done
+fi
+if [ -r etc/shadow -a -r etc/shadow.new ]; then
+ cat etc/shadow.new | while read line ; do
+ if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/shadow ; then
+ echo $line >> etc/shadow
+ fi
+ done
+fi
+if [ -r etc/group -a -r etc/group.new ]; then
+ cat etc/group.new | while read line ; do
+ if ! grep -q "^$(echo $line | cut -f 1 -d :):" etc/group ; then
+ echo $line >> etc/group
+ fi
+ done
+fi
+
+config etc/mtab.new
+config etc/motd.new
+config etc/group.new
+config etc/csh.login.new
+config etc/ld.so.conf.new
+config etc/profile.new
+config etc/hosts.new
+config etc/inputrc.new
+config etc/shadow.new
+config etc/passwd.new
+config etc/printcap.new
+config etc/networks.new
+config etc/HOSTNAME.new
+config etc/gshadow.new
+config etc/issue.new
+config etc/securetty.new
+config etc/shells.new
+config etc/services.new
+config etc/issue.net.new
+config etc/nsswitch.conf.new
+config etc/profile.d/lang.csh.new
+config etc/profile.d/lang.sh.new
+config etc/profile.d/z-dot-in-non-root-path.csh.new
+config etc/profile.d/z-dot-in-non-root-path.sh.new
+config var/log/lastlog.new
+config var/log/wtmp.new
+config var/run/utmp.new
+
+if [ -r etc/ld.so.conf.new -a -r etc/ld.so.conf ]; then
+ # Ensure that ld.so.conf contains the minimal set of paths:
+ cat etc/ld.so.conf | while read pathline ; do
+ if ! grep "^${pathline}$" etc/ld.so.conf.new 1> /dev/null 2> /dev/null ; then
+ echo "$pathline" >> etc/ld.so.conf.new
+ fi
+ done
+ cp etc/ld.so.conf.new etc/ld.so.conf
+fi
+
+# Clean up useless non-examples:
+rm -f etc/mtab.new
+rm -f etc/motd.new
+rm -f etc/ld.so.conf.new
+rm -f etc/hosts.new
+#rm -f etc/shadow.new
+rm -f etc/networks.new
+rm -f etc/HOSTNAME.new
+#rm -f etc/gshadow.new
+rm -f etc/shells.new
+rm -f etc/printcap.new
+rm -f etc/issue.new
+rm -f etc/issue.net.new
+#rm -f etc/profile.d/lang.csh.new
+#rm -f etc/profile.d/lang.sh.new
+rm -f var/run/utmp.new
+rm -f var/log/lastlog.new
+rm -f var/log/wtmp.new
+
+# Make sure $HOME is correct for user sddm:
+chroot . /usr/sbin/usermod -d /var/lib/sddm sddm > /dev/null 2> /dev/null
+# Make sure that sddm is a member of group video:
+chroot . /usr/sbin/usermod --groups video sddm > /dev/null 2> /dev/null
+
+# Also ensure ownerships/perms:
+chown root.utmp var/run/utmp var/log/wtmp
+chmod 664 var/run/utmp var/log/wtmp
+chown root.shadow etc/shadow etc/gshadow
+chmod 640 etc/shadow etc/gshadow
+
+# Match permissions on any leftover config z-dot-in-non-root-path scripts
+# to prevent anyone who turned them on from accidentally losing that setting
+# by moving the .new script into place:
+if [ -r etc/profile.d/z-dot-in-non-root-path.csh.new ]; then
+ touch -r etc/profile.d/z-dot-in-non-root-path.csh etc/profile.d/z-dot-in-non-root-path.csh.new
+fi
+if [ -r etc/profile.d/z-dot-in-non-root-path.sh.new ]; then
+ touch -r etc/profile.d/z-dot-in-non-root-path.sh etc/profile.d/z-dot-in-non-root-path.sh.new
+fi
+
diff --git a/source/a/etc/etc.SlackBuild b/source/a/etc/etc.SlackBuild
index 98bc581e..72c1f02c 100755
--- a/source/a/etc/etc.SlackBuild
+++ b/source/a/etc/etc.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=etc
VERSION=15.0
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-5}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -60,8 +60,22 @@ if [ "$ARCH" = "x86_64" ]; then
fi
zcat $CWD/nsswitch.conf.gz > $PKG/etc/nsswitch.conf.new
+# Check to make sure that shadow has the same number of entries
+# as passwd:
+if [ ! "$(cat $CWD/passwd.new | wc -l)" = "$(cat $CWD/shadow.new | wc -l)" ]; then
+ echo "#######################################################################################"
+ echo "# WARNING: /etc/passwd.new and /etc/shadow.new don't have the same number of entries. #"
+ echo "#######################################################################################"
+ sleep 60
+fi
+# Install default passwd/shadow/group (sorted):
+sort -n -t ':' -k3 $CWD/passwd.new > $PKG/etc/passwd.new
+awk -F':' 'NR==FNR{z[$1]=$0;next}{print z[$1]}' $CWD/shadow.new $PKG/etc/passwd.new > $PKG/etc/shadow.new
+sort -n -t ':' -k3 $CWD/group.new > $PKG/etc/group.new
+
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
# Build the package:
cd $PKG
diff --git a/source/a/etc/group.new b/source/a/etc/group.new
new file mode 100644
index 00000000..1fb3242c
--- /dev/null
+++ b/source/a/etc/group.new
@@ -0,0 +1,54 @@
+root:x:0:root
+bin:x:1:root,bin
+daemon:x:2:root,bin,daemon
+sys:x:3:root,bin,adm
+adm:x:4:root,adm,daemon
+tty:x:5:
+disk:x:6:root,adm
+lp:x:7:lp
+mem:x:8:
+kmem:x:9:
+wheel:x:10:root
+floppy:x:11:
+mail:x:12:mail
+news:x:13:news
+uucp:x:14:uucp
+man:x:15:
+dialout:x:16:uucp
+audio:x:17:root,pulse
+video:x:18:sddm
+cdrom:x:19:
+games:x:20:
+slocate:x:21:
+utmp:x:22:
+smmsp:x:25:smmsp
+tape:x:26:
+mysql:x:27:
+rpc:x:32:
+sshd:x:33:sshd
+cgred:x:41:
+gdm:x:42:
+shadow:x:43:
+ntp:x:44:
+ftp:x:50:
+oprofile:x:51:
+sddm:x:64:
+pulse:x:65:
+input:x:71:
+apache:x:80:
+messagebus:x:81:
+haldaemon:x:82:
+plugdev:x:83:
+power:x:84:
+netdev:x:86:
+polkitd:x:87:
+pop:x:90:pop
+postfix:x:91:
+postdrop:x:92:
+scanner:x:93:
+dovecot:x:94:
+dovenull:x:95:
+nobody:x:98:nobody
+nogroup:x:99:
+users:x:100:
+console:x:101:
diff --git a/source/a/etc/passwd.new b/source/a/etc/passwd.new
new file mode 100644
index 00000000..e2522017
--- /dev/null
+++ b/source/a/etc/passwd.new
@@ -0,0 +1,33 @@
+root:x:0:0::/root:/bin/bash
+bin:x:1:1:bin:/bin:/bin/false
+daemon:x:2:2:daemon:/sbin:/bin/false
+adm:x:3:4:adm:/var/log:/bin/false
+lp:x:4:7:lp:/var/spool/lpd:/bin/false
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/:/bin/false
+news:x:9:13:news:/usr/lib/news:/bin/false
+uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
+operator:x:11:0:operator:/root:/bin/bash
+games:x:12:100:games:/usr/games:/bin/false
+ftp:x:14:50::/home/ftp:/bin/false
+smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false
+mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false
+rpc:x:32:32:RPC portmap user:/:/bin/false
+sshd:x:33:33:sshd:/:/bin/false
+gdm:x:42:42:GDM:/var/lib/gdm:/sbin/nologin
+ntp:x:44:44:User for NTP:/:/bin/false
+oprofile:x:51:51:oprofile:/:/bin/false
+usbmux:x:52:83:User for usbmux daemon:/var/empty:/bin/false
+sddm:x:64:64:User for SDDM:/var/lib/sddm:/bin/false
+pulse:x:65:65:User for PulseAudio:/var/run/pulse:/bin/false
+apache:x:80:80:User for Apache:/srv/httpd:/bin/false
+messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
+haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
+polkitd:x:87:87:PolicyKit daemon owner:/var/lib/polkit:/bin/false
+pop:x:90:90:POP:/:/bin/false
+postfix:x:91:91:User for Postfix MTA:/dev/null:/bin/false
+dovecot:x:94:94:User for Dovecot processes:/dev/null:/bin/false
+dovenull:x:95:95:User for Dovecot login processing:/dev/null:/bin/false
+nobody:x:99:99:nobody:/:/bin/false
diff --git a/source/a/etc/shadow.new b/source/a/etc/shadow.new
new file mode 100644
index 00000000..fd3a87cc
--- /dev/null
+++ b/source/a/etc/shadow.new
@@ -0,0 +1,33 @@
+root::9804:0:::::
+bin:*:9797:0:::::
+daemon:*:9797:0:::::
+adm:*:9797:0:::::
+lp:*:9797:0:::::
+sync:*:9797:0:::::
+shutdown:*:9797:0:::::
+halt:*:9797:0:::::
+mail:*:9797:0:::::
+news:*:9797:0:::::
+uucp:*:9797:0:::::
+operator:*:9797:0:::::
+games:*:9797:0:::::
+ftp:*:9797:0:::::
+smmsp:*:9797:0:::::
+mysql:*:9797:0:::::
+rpc:*:9797:0:::::
+sshd:*:9797:0:::::
+gdm:*:9797:0:::::
+ntp:*:9797:0:::::
+oprofile:*:9797:0:::::
+usbmux:*:9797:0:::::
+sddm:*:9797:0:::::
+pulse:*:9797:0:::::
+apache:*:9797:0:::::
+messagebus:*:9797:0:::::
+haldaemon:*:9797:0:::::
+polkitd:*:9797:0:::::
+pop:*:9797:0:::::
+postfix:*:9797:0:::::
+dovecot:*:9797:0:::::
+dovenull:*:9797:0:::::
+nobody:*:9797:0:::::
diff --git a/source/a/sysvinit-scripts/scripts/rc.M b/source/a/sysvinit-scripts/scripts/rc.M
index 6bd667c5..30c85295 100644
--- a/source/a/sysvinit-scripts/scripts/rc.M
+++ b/source/a/sysvinit-scripts/scripts/rc.M
@@ -94,6 +94,16 @@ if grep -wq sysfs /proc/mounts && grep -q devtmpfs /proc/filesystems ; then
fi
fi
+# Start the haveged entropy daemon:
+if [ -x /etc/rc.d/rc.haveged ]; then
+ /etc/rc.d/rc.haveged start
+fi
+
+# Start the rngd entropy daemon:
+if [ -x /etc/rc.d/rc.rngd ]; then
+ /etc/rc.d/rc.rngd start
+fi
+
# Initialize the networking hardware.
if [ -x /etc/rc.d/rc.inet1 ]; then
/etc/rc.d/rc.inet1
diff --git a/source/a/sysvinit-scripts/scripts/rc.S b/source/a/sysvinit-scripts/scripts/rc.S
index c53548f4..793d9585 100644
--- a/source/a/sysvinit-scripts/scripts/rc.S
+++ b/source/a/sysvinit-scripts/scripts/rc.S
@@ -73,11 +73,6 @@ if grep -wq cgroup /proc/filesystems ; then
fi
fi
-# Start the haveged entropy daemon:
-if [ -x /etc/rc.d/rc.haveged ]; then
- /etc/rc.d/rc.haveged start
-fi
-
# Initialize the Logical Volume Manager.
# This won't start unless we find /etc/lvmtab (LVM1) or
# /etc/lvm/backup/ (LVM2). This is created by /sbin/vgscan, so to
@@ -446,4 +441,3 @@ else
dd if=/dev/urandom of=/etc/random-seed count=1 bs=512 2> /dev/null
fi
chmod 600 /etc/random-seed
-
diff --git a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild
index 6e47bc03..34ef07a7 100755
--- a/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild
+++ b/source/a/sysvinit-scripts/sysvinit-scripts.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=sysvinit-scripts
VERSION=${VERSION:-2.1}
ARCH=noarch
-BUILD=${BUILD:-10}
+BUILD=${BUILD:-11}
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
diff --git a/source/ap/at/at.SlackBuild b/source/ap/at/at.SlackBuild
index 6d8af558..dac04f7f 100755
--- a/source/ap/at/at.SlackBuild
+++ b/source/ap/at/at.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=at
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/ap/at/rc.atd b/source/ap/at/rc.atd
index 2e06f169..fdc42d70 100644
--- a/source/ap/at/rc.atd
+++ b/source/ap/at/rc.atd
@@ -9,7 +9,7 @@ fi
start_atd() {
if ! /usr/bin/pgrep --ns $$ --exact atd 1> /dev/null 2> /dev/null ; then
echo "Starting atd: /usr/sbin/atd $ATD_OPTS"
- /usr/sbin/atd $CROND_OPTS
+ /usr/sbin/atd $ATD_OPTS
fi
}
diff --git a/source/n/libgcrypt/libgcrypt.SlackBuild b/source/n/libgcrypt/libgcrypt.SlackBuild
index 9441d67b..d78103cc 100755
--- a/source/n/libgcrypt/libgcrypt.SlackBuild
+++ b/source/n/libgcrypt/libgcrypt.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libgcrypt
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.bz2 | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then