FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 03-08-2012, 12:23 PM
"Paweł Hajdan, Jr."
 
Default RFC: virtual/shadow

I'd like to add <http://code.google.com/p/hardened-shadow/> to the tree.
It is an alternative implementation of shadow utilities (passwd, su,
login, etc) based on ideas from Openwall's tcb.

Earlier I tried upstreaming the Openwall's shadow patches, and you can
see a log of those efforts at
<http://comments.gmane.org/gmane.linux.debian.alioth.pkg-shadow/881>

In the end shadow-4.1.5 has some experimental support for tcb, but

1) It's incomplete (I didn't manage to upstream all Openwall's patches).
2) It's ugly (even more "special cases" in the already #ifdef-heavy
codebase).
3) It requires sys-auth/tcb, which doesn't work with vanilla glibc (I'm
maintaining tcb in Gentoo and have special patch for that, reviewed by
upstream), and is broken with recent glibc
(<https://bugs.gentoo.org/show_bug.cgi?id=371167>).

And now we have <http://code.google.com/p/hardened-shadow/> which is a
small alternative implementation, possibly going even further (the file
system layout is a bit different than with tcb).

I'd like to add virtual/shadow-0, with the following dependencies:

DEPEND=""
RDEPEND="|| ( >=sys-apps/shadow-4.1 sys-apps/hardened-shadow )"

hardened-shadow package is not yet in the tree, I'm going to be its
maintainer (base-system or anyone else is welcome to join), and the
ebuild is going to be very simple.

And then convert profiles to the new virtual (the relevant files; below
are all occurrences of sys-apps/shadow):

$ grep 'sys-apps/shadow' -r /usr/portage/profiles/
/usr/portage/profiles/ChangeLog-2011: Added sys-apps/shadow to
packages.build as we need it on stage1.
/usr/portage/profiles/prefix/packages:-*>=sys-apps/shadow-4.1
/usr/portage/profiles/prefix/package.provided:sys-apps/shadow-0
/usr/portage/profiles/base/packages:*>=sys-apps/shadow-4.1
/usr/portage/profiles/uclibc/packages.build:sys-apps/shadow
/usr/portage/profiles/default/bsd/ChangeLog: Add -*>=sys-apps/shadow-4.1
/usr/portage/profiles/default/bsd/package.mask:sys-apps/shadow
/usr/portage/profiles/default/bsd/packages:-*>=sys-apps/shadow-4.1
/usr/portage/profiles/default/linux/packages.build:sys-apps/shadow
/usr/portage/profiles/use.local.desc:sys-apps/shadow:audit - Enable
support for sys-process/audit
/usr/portage/profiles/use.local.desc:sys-apps/shadow:tcb - Enable
support for sys-auth/tcb

And any reverse dependencies (after testing):

<http://tinderbox.dev.gentoo.org/misc/dindex/sys-apps/shadow>

What do you think?
 
Old 03-12-2012, 08:16 AM
"Paweł Hajdan, Jr."
 
Default RFC: virtual/shadow

On 3/8/12 2:23 PM, "Paweł Hajdan, Jr." wrote:
> And then convert profiles to the new virtual (the relevant files; below
> are all occurrences of sys-apps/shadow):

Because of no comments, I went ahead and checked in
sys-apps/hardened-shadow and virtual/shadow, and now made changes in
profiles/

Please let me know if you see any problems after those changes,
especially related to stage generation, prefix, bsd, and uclibc.
 
Old 03-12-2012, 09:27 AM
Fabian Groffen
 
Default RFC: virtual/shadow

On 12-03-2012 10:16:12 +0100, "Paweł Hajdan, Jr." wrote:
> On 3/8/12 2:23 PM, "Paweł Hajdan, Jr." wrote:
> > And then convert profiles to the new virtual (the relevant files; below
> > are all occurrences of sys-apps/shadow):
>
> Because of no comments, I went ahead and checked in
> sys-apps/hardened-shadow and virtual/shadow, and now made changes in
> profiles/
>
> Please let me know if you see any problems after those changes,
> especially related to stage generation, prefix, bsd, and uclibc.

My rsync0 now spits out this message:

Virtual package in package.provided: virtual/shadow-0
See portage(5) for correct package.provided usage.

I did not forsee this happening, but each and every Prefix user now gets
this complaint on each and every emerge invocation. It does not seem to
block any operation, but could we perhaps hold back further changes
until I can sort this out with Zac?

Thanks

--
Fabian Groffen
Gentoo on a different level
 
Old 03-12-2012, 09:35 AM
"Paweł Hajdan, Jr."
 
Default RFC: virtual/shadow

On 3/12/12 11:27 AM, Fabian Groffen wrote:
> My rsync0 now spits out this message:
>
> Virtual package in package.provided: virtual/shadow-0
> See portage(5) for correct package.provided usage.
>
> I did not forsee this happening, but each and every Prefix user now gets
> this complaint on each and every emerge invocation. It does not seem to
> block any operation, but could we perhaps hold back further changes
> until I can sort this out with Zac?

Ah, I read portage(5) now and adding a virtual to package.provided is
indeed explicitly prohibited.

I removed it, but some further changes might be required for prefix
(i.e. version number >= 4.1 in package.provided to satisfy the virtual),
and I'll indeed hold back further changes in that area,
and preferably just let you do any necessary fixes for prefix.
 
Old 03-12-2012, 09:38 AM
Fabian Groffen
 
Default RFC: virtual/shadow

On 12-03-2012 11:35:43 +0100, "Paweł Hajdan, Jr." wrote:
> On 3/12/12 11:27 AM, Fabian Groffen wrote:
> > My rsync0 now spits out this message:
> >
> > Virtual package in package.provided: virtual/shadow-0
> > See portage(5) for correct package.provided usage.
> >
> > I did not forsee this happening, but each and every Prefix user now gets
> > this complaint on each and every emerge invocation. It does not seem to
> > block any operation, but could we perhaps hold back further changes
> > until I can sort this out with Zac?
>
> Ah, I read portage(5) now and adding a virtual to package.provided is
> indeed explicitly prohibited.
>
> I removed it, but some further changes might be required for prefix
> (i.e. version number >= 4.1 in package.provided to satisfy the virtual),
> and I'll indeed hold back further changes in that area,
> and preferably just let you do any necessary fixes for prefix.

Thanks a lot for your swift actions!


--
Fabian Groffen
Gentoo on a different level
 

Thread Tools




All times are GMT. The time now is 09:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org