archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2025-03-19 00:21:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

removed core/shadow

Browse source
This commit is contained in:
Kevin Mihelich 2024-07-04 15:41:34 +00:00
parent b1b604f90b
commit fac6f3ca29
13 changed files with 0 additions and 1976 deletions

70
core/shadow/.SRCINFO
View file

@ -1,70 +0,0 @@
pkgbase = shadow
pkgdesc = Password and account management tool suite with support for shadow files and PAM
pkgver = 4.15.1
pkgrel = 2
url = https://github.com/shadow-maint/shadow
arch = x86_64
license = BSD-3-Clause
makedepends = acl
makedepends = attr
makedepends = audit
makedepends = docbook-xsl
makedepends = itstool
makedepends = libcap
makedepends = libxcrypt
makedepends = libxslt
makedepends = pam
depends = glibc
options = !emptydirs
backup = etc/default/useradd
backup = etc/login.defs
backup = etc/pam.d/chpasswd
backup = etc/pam.d/groupmems
backup = etc/pam.d/newusers
backup = etc/pam.d/passwd
source = https://github.com/shadow-maint/shadow/releases/download/4.15.1/shadow-4.15.1.tar.xz
source = https://github.com/shadow-maint/shadow/releases/download/4.15.1/shadow-4.15.1.tar.xz.asc
source = 0001-Disable-replaced-tools-their-man-pages-and-PAM-integ.patch
source = 0002-Adapt-login.defs-for-PAM-and-util-linux.patch
source = 0003-Add-Arch-Linux-defaults-for-login.defs.patch
source = shadow.timer
source = shadow.service
source = shadow.sysusers
source = shadow.tmpfiles
source = useradd.defaults
validpgpkeys = 66D0387DB85D320F8408166DB175CFA98F192AF2
validpgpkeys = A9348594CE31283A826FBDD8D57633D441E25BB5
sha512sums = e3ae51bf53bfa1662d81bbe0150ada19c116514f1e56391d877045d48e16776326446561759edbf5006c0f97ab1d5f4bae63521bf1fae67e118ddda0d4a8f6cb
sha512sums = SKIP
sha512sums = 839b83a3824be89930207e635f7aaa10cf3660ba2f4a6e95b3366d083fe2c76295d1d54b108bdfe317e5ebb049a8bbbf7b5859907d201cee43af330abb2091b6
sha512sums = a3da00d0368a9397be00ce1fc06416e5261f2000b99f69bd83202cf56e7d0ebea34562fbf35fdf43e7cf52a82f6720f6299defed9fa1d6436648e2f29d10512b
sha512sums = c41e2cef30930a79a6ad4eb63a8106688fde49b3bfc22ec68833e1974d6932e856244dc5f0fbe63943dcd09c05d06db6aa71783aa09a25708f78898189436683
sha512sums = e4edf705dd04e088c6b561713eaa1afeb92f42ac13722bff037aede6ac5ad7d4d00828cfb677f7b1ff048db8b6788238c1ab6a71dfcfd3e02ef6cb78ae09a621
sha512sums = 2c8689b52029f6aa27d75b8b05b0b36e2fc322cab40fdfbb50cdbe331f61bc84e8db20f012cf9af3de8c4e7fdb10c2d5a4925ca1ba3b70eb5627772b94da84b3
sha512sums = 5afac4a96b599b0b8ed7be751e7160037c3beb191629928c6520bfd3f2adcd1c55c31029c92c2ff8543e6cd9e37e2cd515ba4e1789c6d66f9c93b4e7f209ee7a
sha512sums = 97a6a57c07502e02669dc1a91bffc447dba7d98d208b798d80e07de0d2fdf9d23264453978d2d3d1ba6652ca1f2e22cdadc4309c7b311e83fa71b00ad144f877
sha512sums = 706ba6e7fa8298475f2605a28daffef421c9fa8d269cbd5cbcf7f7cb795b40a24d52c20e8d0b73e29e6cd35cd7226b3e9738dc513703e87dde04c1d24087a69c
b2sums = a24f492cb2a7721b165c70237b1a9290acc0063bdf493f061752ca41d23a1154b26e16ee00dd96a19e825eff7f711391892eeb08a314d9277514d4d32a4adafe
b2sums = SKIP
b2sums = 8d49018484533f1e9d0a2bdc81d6550a1662b275ffb5bb6dbe3d3062aa7d25e7acd3234bcbd3eb3e00dd8cd3a480cab9753d72b6970c44dc6e814ca5b45b554c
b2sums = 5fa58287e123fac7ba2cde8c98e0dfd52cbff0d0d67306b359881ebc54997907fe64b59012880f8750a152d05c05063888a03e43c19eabc7a2de0590bae0b1df
b2sums = 0ae11bf0ded3e6d6be3d960f5b75fdc885d936f499d162944ef27f0c3997be4fd1fc4f08cba60be6f81eddefbbb576cc37aeaf13993d80bfc8d452e496d286f4
b2sums = 5cfc936555aa2b2e15f8830ff83764dad6e11a80e2a102c5f2bd3b7c83db22a5457a3afdd182e3648c9d7d5bca90fa550f59576d0ac47a11a31dfb636cb18f2b
b2sums = a69191ab966f146c35e7e911e7e57c29fffd54436ea014aa8ffe0dd46aaf57c635d0a652b35916745c75d82b3fca7234366ea5f810b622e94730b45ec86f122c
b2sums = 511c4ad9f3be530dc17dd68f2a3387d748dcdb84192d35f296b88f82442224477e2a74b1841ec3f107b39a5c41c2d961480e396a48d0578f8fd5f65dbe8d9f04
b2sums = d727923dc6ed02e90ef31f10b3427df50afbfe416bd03c6de0c341857d1bb33ab6168312bd4ba18d19d0653020fb332cbcfeeb24e668ae3916add9d01b89ccb4
b2sums = f743922062494fe342036b3acb8b747429eb33b1a13aa150daa4bb71a84e9c570cfcc8527a5f846e3ea7020e6f23c0b10d78cf2ba8363eea0224e4c34ea10161
pkgname = shadow
depends = glibc
depends = acl
depends = libacl.so
depends = attr
depends = libattr.so
depends = audit
depends = libaudit.so
depends = libxcrypt
depends = libcrypt.so
depends = pam
depends = libpam.so
depends = libpam_misc.so

5
core/shadow/.nvchecker.toml
View file

@ -1,5 +0,0 @@
[shadow]
source = "git"
git = "https://github.com/shadow-maint/shadow"
include_regex = "([\\d]+[.]+)()([\\d.]+)"
exclude_regex = ".*(dev|rc|RC|alpha|beta|bp).*"

727
core/shadow/0001-Disable-replaced-tools-their-man-pages-and-PAM-integ.patch
View file

@ -1,727 +0,0 @@
From fd7fac6b8488ddade1adbb18bdceeaf41a049e9f Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Sat, 5 Nov 2022 23:40:18 +0100
Subject: [PATCH 1/3] Disable replaced tools, their man pages and PAM
integration
etc/pam.d/Makefile.am:
Disable installation of PAM integration for chfn, chsh and login tools
as they are provided by util-linux.
man/Makefile.am, man/*/Makefile.am:
Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
vipw and su as they are either no longer used or replaced by util-linux.
src/Makefile.am:
Set usbindir to use bin instead of sbin, as Arch Linux is a /usr and bin
merge distribution.
Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
they are either not used or replaced by util-linux.
Move newgrp to replace sg (instead of it being a symlink).
---
etc/pam.d/Makefile.am | 3 ---
man/Makefile.am | 20 +++-----------------
man/cs/Makefile.am | 8 ++------
man/da/Makefile.am | 8 +-------
man/de/Makefile.am | 11 +----------
man/fi/Makefile.am | 5 +----
man/fr/Makefile.am | 11 +----------
man/hu/Makefile.am | 6 +-----
man/id/Makefile.am | 2 --
man/it/Makefile.am | 11 +----------
man/ja/Makefile.am | 10 +---------
man/ko/Makefile.am | 8 +-------
man/pl/Makefile.am | 7 +------
man/ru/Makefile.am | 11 +----------
man/sv/Makefile.am | 8 +-------
man/tr/Makefile.am | 3 ---
man/uk/Makefile.am | 11 +----------
man/zh_CN/Makefile.am | 11 +----------
man/zh_TW/Makefile.am | 4 ----
src/Makefile.am | 18 +++++++-----------
20 files changed, 25 insertions(+), 151 deletions(-)
diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
index b8e4321f..73d4554f 100644
--- a/etc/pam.d/Makefile.am
+++ b/etc/pam.d/Makefile.am
@@ -3,10 +3,7 @@
pamd_files = \
chpasswd \
- chfn \
- chsh \
groupmems \
- login \
newusers \
passwd
diff --git a/man/Makefile.am b/man/Makefile.am
index 83b1d688..e372a73f 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -8,10 +8,8 @@ endif
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chgpasswd.8 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -26,12 +24,9 @@ man_MANS = \
man8/grpconv.8 \
man8/grpunconv.8 \
man5/gshadow.5 \
- man1/login.1 \
+ man8/lastlog.8 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
@@ -43,9 +38,7 @@ man_MANS = \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
@@ -77,10 +70,8 @@ endif
man_XMANS = \
chage.1.xml \
- chfn.1.xml \
chgpasswd.8.xml \
chpasswd.8.xml \
- chsh.1.xml \
expiry.1.xml \
faillog.5.xml \
faillog.8.xml \
@@ -94,12 +85,9 @@ man_XMANS = \
grpck.8.xml \
gshadow.5.xml \
limits.5.xml \
- login.1.xml \
login.access.5.xml \
login.defs.5.xml \
- logoutd.8.xml \
newgidmap.1.xml \
- newgrp.1.xml \
newuidmap.1.xml \
newusers.8.xml \
nologin.8.xml \
@@ -111,14 +99,12 @@ man_XMANS = \
shadow.3.xml \
shadow.5.xml \
sg.1.xml \
- su.1.xml \
suauth.5.xml \
subgid.5.xml \
subuid.5.xml \
useradd.8.xml \
userdel.8.xml \
- usermod.8.xml \
- vipw.8.xml
+ usermod.8.xml
if ENABLE_LASTLOG
man_XMANS += lastlog.8.xml
diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
index 84407d71..c5ef7cf5 100644
--- a/man/cs/Makefile.am
+++ b/man/cs/Makefile.am
@@ -12,11 +12,8 @@ man_MANS = \
man1/groups.1 \
man8/grpck.8 \
man5/gshadow.5 \
- man8/nologin.8 \
man5/passwd.5 \
- man5/shadow.5 \
- man1/su.1 \
- man8/vipw.8
+ man5/shadow.5
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
@@ -24,6 +21,5 @@ endif
EXTRA_DIST = $(man_MANS) \
man1/id.1 \
- man8/groupmems.8 \
- man8/logoutd.8
+ man8/groupmems.8
diff --git a/man/da/Makefile.am b/man/da/Makefile.am
index a3b09224..e45bef66 100644
--- a/man/da/Makefile.am
+++ b/man/da/Makefile.am
@@ -3,16 +3,10 @@ mandir = @mandir@/da
# 2012.01.28 - activate manpages with more than 50% translated messages
man_MANS = \
- man1/chfn.1 \
man8/groupdel.8 \
man1/groups.1 \
man5/gshadow.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
- man8/nologin.8 \
- man1/sg.1 \
- man8/vigr.8 \
- man8/vipw.8
+ man1/sg.1
man_nopam =
diff --git a/man/de/Makefile.am b/man/de/Makefile.am
index 671432d3..333d5524 100644
--- a/man/de/Makefile.am
+++ b/man/de/Makefile.am
@@ -3,10 +3,8 @@ mandir = @mandir@/de
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chgpasswd.8 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -21,12 +19,8 @@ man_MANS = \
man8/grpconv.8 \
man8/grpunconv.8 \
man5/gshadow.5 \
- man1/login.1 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
@@ -35,13 +29,10 @@ man_MANS = \
man1/sg.1 \
man3/shadow.3 \
man5/shadow.5 \
- man1/su.1 \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
index 26a1a848..f02b92f3 100644
--- a/man/fi/Makefile.am
+++ b/man/fi/Makefile.am
@@ -1,10 +1,7 @@
mandir = @mandir@/fi
-man_MANS = \
- man1/chfn.1 \
- man1/chsh.1 \
- man1/su.1
+man_MANS =
# Outdated manpages
# passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
index 335e0298..9962c038 100644
--- a/man/fr/Makefile.am
+++ b/man/fr/Makefile.am
@@ -3,10 +3,8 @@ mandir = @mandir@/fr
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chgpasswd.8 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -21,12 +19,8 @@ man_MANS = \
man8/grpconv.8 \
man8/grpunconv.8 \
man5/gshadow.5 \
- man1/login.1 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
@@ -35,13 +29,10 @@ man_MANS = \
man1/sg.1 \
man3/shadow.3 \
man5/shadow.5 \
- man1/su.1 \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
index 205bb0a8..3d813179 100644
--- a/man/hu/Makefile.am
+++ b/man/hu/Makefile.am
@@ -2,15 +2,11 @@
mandir = @mandir@/hu
man_MANS = \
- man1/chsh.1 \
man1/gpasswd.1 \
man1/groups.1 \
- man1/login.1 \
- man1/newgrp.1 \
man1/passwd.1 \
man5/passwd.5 \
- man1/sg.1 \
- man1/su.1
+ man1/sg.1
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/id/Makefile.am b/man/id/Makefile.am
index 21f3dbe9..6d10b930 100644
--- a/man/id/Makefile.am
+++ b/man/id/Makefile.am
@@ -2,8 +2,6 @@
mandir = @mandir@/id
man_MANS = \
- man1/chsh.1 \
- man1/login.1 \
man8/useradd.8
EXTRA_DIST = $(man_MANS)
diff --git a/man/it/Makefile.am b/man/it/Makefile.am
index b76187fa..1f62e20e 100644
--- a/man/it/Makefile.am
+++ b/man/it/Makefile.am
@@ -3,10 +3,8 @@ mandir = @mandir@/it
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chgpasswd.8 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -21,12 +19,8 @@ man_MANS = \
man8/grpconv.8 \
man8/grpunconv.8 \
man5/gshadow.5 \
- man1/login.1 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
@@ -35,13 +29,10 @@ man_MANS = \
man1/sg.1 \
man3/shadow.3 \
man5/shadow.5 \
- man1/su.1 \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
index 13f18da1..3401a085 100644
--- a/man/ja/Makefile.am
+++ b/man/ja/Makefile.am
@@ -3,9 +3,7 @@ mandir = @mandir@/ja
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -17,10 +15,7 @@ man_MANS = \
man8/grpck.8 \
man8/grpconv.8 \
man8/grpunconv.8 \
- man1/login.1 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
man1/passwd.1 \
man5/passwd.5 \
@@ -29,13 +24,10 @@ man_MANS = \
man8/pwunconv.8 \
man1/sg.1 \
man5/shadow.5 \
- man1/su.1 \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
index c269f0bb..9616cb3e 100644
--- a/man/ko/Makefile.am
+++ b/man/ko/Makefile.am
@@ -2,14 +2,8 @@
mandir = @mandir@/ko
man_MANS = \
- man1/chfn.1 \
- man1/chsh.1 \
man1/groups.1 \
- man1/login.1 \
- man5/passwd.5 \
- man1/su.1 \
- man8/vigr.8 \
- man8/vipw.8
+ man5/passwd.5
# newgrp.1 must be updated
# newgrp.1
diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
index b2f096f7..00817d37 100644
--- a/man/pl/Makefile.am
+++ b/man/pl/Makefile.am
@@ -4,7 +4,6 @@ mandir = @mandir@/pl
# 2012.01.28 - activate manpages with more than 50% translated messages
man_MANS = \
man1/chage.1 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -15,14 +14,10 @@ man_MANS = \
man8/groupmod.8 \
man1/groups.1 \
man8/grpck.8 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man1/sg.1 \
man3/shadow.3 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
index 84d55d9e..b65f4881 100644
--- a/man/ru/Makefile.am
+++ b/man/ru/Makefile.am
@@ -3,10 +3,8 @@ mandir = @mandir@/ru
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chgpasswd.8 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -21,12 +19,8 @@ man_MANS = \
man8/grpconv.8 \
man8/grpunconv.8 \
man5/gshadow.5 \
- man1/login.1 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
@@ -35,13 +29,10 @@ man_MANS = \
man1/sg.1 \
man3/shadow.3 \
man5/shadow.5 \
- man1/su.1 \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
index 70329edf..58fa80e5 100644
--- a/man/sv/Makefile.am
+++ b/man/sv/Makefile.am
@@ -3,7 +3,6 @@ mandir = @mandir@/sv
# 2012.01.28 - activate manpages with more than 50% translated messages
man_MANS = \
man1/chage.1 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -15,18 +14,13 @@ man_MANS = \
man1/groups.1 \
man8/grpck.8 \
man5/gshadow.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
man1/sg.1 \
man3/shadow.3 \
man5/suauth.5 \
- man8/userdel.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/userdel.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
index 8d8b9166..4fe3632a 100644
--- a/man/tr/Makefile.am
+++ b/man/tr/Makefile.am
@@ -2,15 +2,12 @@ mandir = @mandir@/tr
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/groupadd.8 \
man8/groupdel.8 \
man8/groupmod.8 \
- man1/login.1 \
man1/passwd.1 \
man5/passwd.5 \
man5/shadow.5 \
- man1/su.1 \
man8/useradd.8 \
man8/userdel.8 \
man8/usermod.8
diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
index 3fb5ffb3..e13c8fee 100644
--- a/man/uk/Makefile.am
+++ b/man/uk/Makefile.am
@@ -3,10 +3,8 @@ mandir = @mandir@/uk
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chgpasswd.8 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -21,12 +19,8 @@ man_MANS = \
man8/grpconv.8 \
man8/grpunconv.8 \
man5/gshadow.5 \
- man1/login.1 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
@@ -35,13 +29,10 @@ man_MANS = \
man1/sg.1 \
man3/shadow.3 \
man5/shadow.5 \
- man1/su.1 \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
index a8b93a56..42ad764d 100644
--- a/man/zh_CN/Makefile.am
+++ b/man/zh_CN/Makefile.am
@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
man_MANS = \
man1/chage.1 \
- man1/chfn.1 \
man8/chgpasswd.8 \
man8/chpasswd.8 \
- man1/chsh.1 \
man1/expiry.1 \
man5/faillog.5 \
man8/faillog.8 \
@@ -21,12 +19,8 @@ man_MANS = \
man8/grpconv.8 \
man8/grpunconv.8 \
man5/gshadow.5 \
- man1/login.1 \
man5/login.defs.5 \
- man8/logoutd.8 \
- man1/newgrp.1 \
man8/newusers.8 \
- man8/nologin.8 \
man1/passwd.1 \
man5/passwd.5 \
man8/pwck.8 \
@@ -35,13 +29,10 @@ man_MANS = \
man1/sg.1 \
man3/shadow.3 \
man5/shadow.5 \
- man1/su.1 \
man5/suauth.5 \
man8/useradd.8 \
man8/userdel.8 \
- man8/usermod.8 \
- man8/vigr.8 \
- man8/vipw.8
+ man8/usermod.8
if ENABLE_LASTLOG
man_MANS += man8/lastlog.8
diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
index c36ed2c7..26696b67 100644
--- a/man/zh_TW/Makefile.am
+++ b/man/zh_TW/Makefile.am
@@ -2,15 +2,11 @@
mandir = @mandir@/zh_TW
man_MANS = \
- man1/chfn.1 \
- man1/chsh.1 \
man8/chpasswd.8 \
- man1/newgrp.1 \
man8/groupadd.8 \
man8/groupdel.8 \
man8/groupmod.8 \
man5/passwd.5 \
- man1/su.1 \
man8/useradd.8 \
man8/userdel.8 \
man8/usermod.8
diff --git a/src/Makefile.am b/src/Makefile.am
index b6cb09ef..bfe73b09 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -3,7 +3,7 @@ EXTRA_DIST = \
.indent.pro
ubindir = ${prefix}/bin
-usbindir = ${prefix}/sbin
+usbindir = ${prefix}/bin
suidperms = 4755
sgidperms = 2755
@@ -26,9 +26,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
# and installation would be much simpler (just two directories,
# $prefix/bin and $prefix/sbin, no install-data hacks...)
-bin_PROGRAMS = groups login
-sbin_PROGRAMS = nologin
-ubin_PROGRAMS = faillog chage chfn chsh expiry gpasswd newgrp passwd
+bin_PROGRAMS = groups
+sbin_PROGRAMS =
+ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd
if ENABLE_SUBIDS
ubin_PROGRAMS += newgidmap newuidmap
endif
@@ -48,22 +48,20 @@ usbin_PROGRAMS = \
grpck \
grpconv \
grpunconv \
- logoutd \
newusers \
pwck \
pwconv \
pwunconv \
useradd \
userdel \
- usermod \
- vipw
+ usermod
# id and groups are from gnu, sulogin from sysvinit
noinst_PROGRAMS = id sulogin
suidusbins =
suidbins =
-suidubins = chage chfn chsh expiry gpasswd newgrp
+suidubins = chage expiry gpasswd newgrp
if WITH_SU
suidbins += su
endif
@@ -135,18 +133,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
install-am: all-am
$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
- ln -sf newgrp $(DESTDIR)$(ubindir)/sg
- ln -sf vipw $(DESTDIR)$(usbindir)/vigr
set -e; for i in $(suidbins); do \
chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
done
set -e; for i in $(suidubins); do \
chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
done
+ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg
set -e; for i in $(suidusbins); do \
chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
done
--
2.44.0

699
core/shadow/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
View file

@ -1,699 +0,0 @@
From 51121d5484938ec0e939deebf216f94402bf0552 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 31 Oct 2022 09:45:13 +0100
Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux
etc/login.defs:
Remove unused login.defs options, that are either irrelevant due to the
use of PAM or because the util-linux version of a binary does not
support them.
Modify all options that are ignored when using PAM, but are supported by
util-linux.
Removed options because they are part of PAMDEFS (options in PAMDEFS are
options silently ignored by shadow when built with PAM enabled):
* CHFN_AUTH
* CRACKLIB_DICTPATH
* ENV_HZ
* ENVIRON_FILE
* ENV_TZ
* FAILLOG_ENAB
* FTMP_FILE
* ISSUE_FILE
* LASTLOG_ENAB
* LOGIN_STRING
* MAIL_CHECK_ENAB
* NOLOGINS_FILE
* OBSCURE_CHECKS_ENAB
* PASS_ALWAYS_WARN
* PASS_CHANGE_TRIES
* PASS_MAX_LEN
* PASS_MIN_LEN
* PORTTIME_CHECKS_ENAB
* QUOTAS_ENAB
* SU_WHEEL_ONLY
* SYSLOG_SU_ENAB
* ULIMIT
Removed options because they are not availablbe with PAM enabled:
* BCRYPT_MIN_ROUNDS
* BCRYPT_MAX_ROUNDS
* CONSOLE_GROUPS
* CONSOLE
* MD5_CRYPT_ENAB
* PREVENT_NO_AUTH
Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
or not available with PAM:
* BCRYPT
* MD5
Removed options because they are not supported by login from util-linux:
* ERASECHAR
* KILLCHAR
* LOG_OK_LOGINS
* TTYTYPE_FILE
Removed options because they are not supported by su from util-linux:
* SULOG_FILE
* SU_NAME
Adapted options because they are in PAMDEFS but are supported by login
from util-linux:
* MOTD_FILE
man/login.defs.5.xml:
Remove unavailable options from man 5 login.defs.
---
etc/login.defs | 223 +------------------------------------------
man/login.defs.5.xml | 148 +---------------------------
2 files changed, 8 insertions(+), 363 deletions(-)
diff --git a/etc/login.defs b/etc/login.defs
index 33622c29..797ca6b3 100644
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -3,6 +3,8 @@
#
# $Id$
#
+# NOTE: This file is adapted for the use on Arch Linux!
+# Unsupported options due to the use of util-linux or PAM are removed.
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -11,26 +13,11 @@
#
FAIL_DELAY 3
-#
-# Enable logging and display of /var/log/faillog login(1) failure info.
-#
-FAILLOG_ENAB yes
-
#
# Enable display of unknown usernames when login(1) failures are recorded.
#
LOG_UNKFAIL_ENAB no
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS no
-
-#
-# Enable logging and display of /var/log/lastlog login(1) time info.
-#
-LASTLOG_ENAB yes
-
#
# Limit the highest user ID number for which the lastlog entries should
# be updated.
@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
#
#LASTLOG_UID_MAX
-#
-# Enable checking and display of mailbox status upon login.
-#
-# Disable if the shell startup files already check for mail
-# ("mailx -e" or equivalent).
-#
-MAIL_CHECK_ENAB yes
-
-#
-# Enable additional checks upon password changes.
-#
-OBSCURE_CHECKS_ENAB yes
-
-#
-# Enable checking of time restrictions specified in /etc/porttime.
-#
-PORTTIME_CHECKS_ENAB yes
-
-#
-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
-#
-QUOTAS_ENAB yes
-
-#
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
-#
-SYSLOG_SU_ENAB yes
-SYSLOG_SG_ENAB yes
-
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# from these devices.
-#
-CONSOLE /etc/securetty
-#CONSOLE console:tty01:tty02:tty03:tty04
-
-#
-# If defined, all su(1) activity is logged to this file.
-#
-#SULOG_FILE /var/log/sulog
-
#
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
-MOTD_FILE /etc/motd
+MOTD_FILE
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
-#
-# If defined, this file will be output before each login(1) prompt.
-#
-#ISSUE_FILE /etc/issue
-
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format similar to "vt100 tty01".
-#
-#TTYTYPE_FILE /etc/ttytype
-
-#
-# If defined, login(1) failures will be logged here in a utmp format.
-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, name of file whose presence will inhibit non-root
-# logins. The content of this file should be a message indicating
-# why logins are inhibited.
-#
-NOLOGINS_FILE /etc/nologin
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then ps(1) will display the
-# command as "-su". If not defined, then ps(1) will display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
#
# *REQUIRED*
# Directory where mailboxes reside, _or_ name of file, relative to the
@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
-#
-# If defined, either a TZ environment parameter spec or the
-# fully-rooted pathname of a file containing such a spec.
-#
-#ENV_TZ TZ=CST6CDT
-#ENV_TZ /etc/tzname
-
-#
-# If defined, an HZ environment parameter spec.
-#
-# for Linux/x86
-ENV_HZ HZ=100
-# For Linux/Alpha...
-#ENV_HZ HZ=1024
-
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
TTYGROUP tty
TTYPERM 0600
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# ULIMIT Default "ulimit" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-#ULIMIT 2097152
-
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
@@ -211,22 +91,12 @@ UMASK 022
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
-PASS_MIN_LEN 5
PASS_WARN_AGE 7
-#
-# If "yes", the user must be listed as a member of the first gid 0 group
-# in /etc/group (called "root" on most Linux systems) to be able to "su"
-# to uid 0 accounts. If the group doesn't exist or is empty, no one
-# will be able to "su" to uid 0.
-#
-SU_WHEEL_ONLY no
-
#
# Min/max values for automatic uid selection in useradd(8)
#
@@ -263,28 +133,6 @@ LOGIN_RETRIES 5
#
LOGIN_TIMEOUT 60
-#
-# Maximum number of attempts to change password if rejected (too easy)
-#
-PASS_CHANGE_TRIES 5
-
-#
-# Warn about weak passwords (but still allow them) if you are root.
-#
-PASS_ALWAYS_WARN yes
-
-#
-# Number of significant characters in the password for crypt().
-# Default is 8, don't change unless your crypt() is better.
-# Ignored if MD5_CRYPT_ENAB set to "yes".
-#
-#PASS_MAX_LEN 8
-
-#
-# Require password before chfn(1)/chsh(1) can make any changes.
-#
-CHFN_AUTH yes
-
#
# Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work
@@ -293,38 +141,13 @@ CHFN_AUTH yes
#
CHFN_RESTRICT rwh
-#
-# Password prompt (%s will be replaced by user name).
-#
-# XXX - it doesn't work correctly yet, for now leave it commented out
-# to use the default which is just "Password: ".
-#LOGIN_STRING "%s's Password: "
-
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# Note: If you use PAM, it is recommended to use a value consistent with
-# the PAM modules configuration.
-#
-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
-#
-#MD5_CRYPT_ENAB no
-
#
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
-# If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
-# Overrides the MD5_CRYPT_ENAB option
#
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
@@ -348,21 +171,6 @@ CHFN_RESTRICT rwh
#SHA_CRYPT_MIN_ROUNDS 5000
#SHA_CRYPT_MAX_ROUNDS 5000
-#
-# Only works if ENCRYPT_METHOD is set to BCRYPT.
-#
-# Define the number of BCRYPT rounds.
-# With a lot of rounds, it is more difficult to brute-force the password.
-# However, more CPU resources will be needed to authenticate users if
-# this value is increased.
-#
-# If not specified, 13 rounds will be attempted.
-# If only one of the MIN or MAX values is set, then this value will be used.
-# If MIN > MAX, the highest value will be used.
-#
-#BCRYPT_MIN_ROUNDS 13
-#BCRYPT_MAX_ROUNDS 13
-
#
# Only works if ENCRYPT_METHOD is set to YESCRYPT.
#
@@ -376,17 +184,6 @@ CHFN_RESTRICT rwh
#
#YESCRYPT_COST_FACTOR 5
-#
-# List of groups to add to the user's supplementary group set
-# when logging in from the console (as determined by the CONSOLE
-# setting). Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in from the console.
-# How to do it is left as an exercise for the reader...
-#
-#CONSOLE_GROUPS floppy:audio:cdrom
-
#
# Should login be allowed if we can't cd to the home directory?
# Default is no.
@@ -401,12 +198,6 @@ DEFAULT_HOME yes
#
NONEXISTENT /nonexistent
-#
-# If this file exists and is readable, login environment will be
-# read from it. Every line should be in the form name=value.
-#
-ENVIRON_FILE /etc/environment
-
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
#
#GRANT_AUX_GROUP_SUBIDS yes
-#
-# Prevents an empty password field to be interpreted as "no authentication
-# required".
-# Set to "yes" to prevent for all accounts
-# Set to "superuser" to prevent for UID 0 / root (default)
-# Set to "no" to not prevent for any account (dangerous, historical default)
-PREVENT_NO_AUTH superuser
-
#
# Select the HMAC cryptography algorithm.
# Used in pam_timestamp module to calculate the keyed-hash message
diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
index 05ef5125..1ddf537e 100644
--- a/man/login.defs.5.xml
+++ b/man/login.defs.5.xml
@@ -7,70 +7,38 @@
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
-<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
<!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
<!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
<!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
<!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
<!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
<!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
<!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
<!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
<!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
<!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
<!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
<!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
<!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
<!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
<!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
<!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
<!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
<!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
<!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
<!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
<!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
<!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
<!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
<!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
<!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
<!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
<!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
<!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
<!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
<!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
<!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
<!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
<!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
@@ -147,48 +115,25 @@
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
- &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
- &CHFN_AUTH;
&CHFN_RESTRICT;
- &CHSH_AUTH;
- &CONSOLE;
- &CONSOLE_GROUPS;
&CREATE_HOME;
&DEFAULT_HOME;
&ENCRYPT_METHOD;
- &ENV_HZ;
&ENV_PATH;
&ENV_SUPATH;
- &ENV_TZ;
- &ENVIRON_FILE;
- &ERASECHAR;
&FAIL_DELAY;
- &FAILLOG_ENAB;
- &FAKE_SHELL;
- &FTMP_FILE;
&GID_MAX; <!-- documents also GID_MIN -->
&HMAC_CRYPTO_ALGO;
&HOME_MODE;
&HUSHLOGIN_FILE;
- &ISSUE_FILE;
- &KILLCHAR;
- &LASTLOG_ENAB;
&LASTLOG_UID_MAX;
- &LOG_OK_LOGINS;
&LOG_UNKFAIL_ENAB;
&LOGIN_RETRIES;
- &LOGIN_STRING;
&LOGIN_TIMEOUT;
- &MAIL_CHECK_ENAB;
&MAIL_DIR;
&MAX_MEMBERS_PER_GROUP;
- &MD5_CRYPT_ENAB;
&MOTD_FILE;
- &NOLOGINS_FILE;
&NONEXISTENT;
- &OBSCURE_CHECKS_ENAB;
- &PASS_ALWAYS_WARN;
- &PASS_CHANGE_TRIES;
&PASS_MAX_DAYS;
&PASS_MIN_DAYS;
&PASS_WARN_AGE;
@@ -198,25 +143,16 @@
time of account creation. Any changes to these settings won't affect
existing accounts.
</para>
- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
- &PORTTIME_CHECKS_ENAB;
- &QUOTAS_ENAB;
&SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
- &SULOG_FILE;
- &SU_NAME;
- &SU_WHEEL_ONLY;
&SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
&SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
&SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
&SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
&SYSLOG_SG_ENAB;
- &SYSLOG_SU_ENAB;
&TCB_AUTH_GROUP;
&TCB_SYMLINKS;
&TTYGROUP;
- &TTYTYPE_FILE;
&UID_MAX; <!-- documents also UID_MIN -->
- &ULIMIT;
&UMASK;
&USERDEL_CMD;
&USERGROUPS_ENAB;
@@ -255,7 +191,7 @@
<para>
<phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
BCRYPT_MIN_ROUNDS</phrase>
- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
+ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase>
<phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
@@ -280,7 +216,7 @@
<term>chsh</term>
<listitem>
<para>
- CHSH_AUTH LOGIN_STRING
+ CHSH_AUTH
</para>
</listitem>
</varlistentry>
@@ -292,7 +228,7 @@
<para>
<phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
BCRYPT_MIN_ROUNDS</phrase>
- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
+ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase>
<phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
@@ -352,35 +288,6 @@
<para>LASTLOG_UID_MAX</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>login</term>
- <listitem>
- <para>
- <phrase condition="no_pam">CONSOLE</phrase>
- CONSOLE_GROUPS DEFAULT_HOME
- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
- ENV_TZ ENVIRON_FILE</phrase>
- ERASECHAR FAIL_DELAY
- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
- FAKE_SHELL
- <phrase condition="no_pam">FTMP_FILE</phrase>
- HUSHLOGIN_FILE
- <phrase condition="no_pam">ISSUE_FILE</phrase>
- KILLCHAR
- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
- LOGIN_RETRIES
- <phrase condition="no_pam">LOGIN_STRING</phrase>
- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
- QUOTAS_ENAB</phrase>
- TTYGROUP TTYPERM TTYTYPE_FILE
- <phrase condition="no_pam">ULIMIT UMASK</phrase>
- USERGROUPS_ENAB
- </para>
- </listitem>
- </varlistentry>
- <!-- logoutd: no variables -->
<varlistentry>
<term>newgrp / sg</term>
<listitem>
@@ -397,7 +304,7 @@
BCRYPT_MIN_ROUNDS</phrase>
ENCRYPT_METHOD
GID_MAX GID_MIN
- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
+ MAX_MEMBERS_PER_GROUP
HOME_MODE
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
@@ -417,8 +324,7 @@
<para>
<phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
BCRYPT_MIN_ROUNDS</phrase>
- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
+ ENCRYPT_METHOD
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
SHA_CRYPT_MIN_ROUNDS</phrase>
<phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
@@ -451,32 +357,6 @@
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>su</term>
- <listitem>
- <para>
- <phrase condition="no_pam">CONSOLE</phrase>
- CONSOLE_GROUPS DEFAULT_HOME
- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
- ENV_PATH ENV_SUPATH
- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
- SULOG_FILE SU_NAME
- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
- SYSLOG_SU_ENAB
- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry condition="no_pam">
- <term>sulogin</term>
- <listitem>
- <para>
- ENV_HZ
- ENV_TZ
- </para>
- </listitem>
- </varlistentry>
<varlistentry>
<term>useradd</term>
<listitem>
@@ -505,24 +385,6 @@
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>usermod</term>
- <listitem>
- <para>
- LASTLOG_UID_MAX
- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry condition="tcb">
- <term>vipw</term>
- <listitem>
- <para>
- <phrase condition="tcb">USE_TCB</phrase>
- </para>
- </listitem>
- </varlistentry>
</variablelist>
</refsect1>
--
2.44.0

73
core/shadow/0003-Add-Arch-Linux-defaults-for-login.defs.patch
View file

@ -1,73 +0,0 @@
From 3d08c402ec9ee72151c585de07b840a5dcb71c0b Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 31 Oct 2022 10:10:22 +0100
Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
etc/login.defs:
- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
/usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
bin merge distribution.
- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
while creating home directories in a privacy conserving manner.
- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
distribution added UIDs and GIDs of system users.
- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
than DES.
---
etc/login.defs | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/etc/login.defs b/etc/login.defs
index 797ca6b3..c4accbf8 100644
--- a/etc/login.defs
+++ b/etc/login.defs
@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH PATH=/bin:/usr/bin
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
#
# Terminal permissions
@@ -84,7 +84,7 @@ UMASK 022
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
-#HOME_MODE 0700
+HOME_MODE 0700
#
# Password aging controls:
@@ -103,7 +103,7 @@ PASS_WARN_AGE 7
UID_MIN 1000
UID_MAX 60000
# System accounts
-SYS_UID_MIN 101
+SYS_UID_MIN 500
SYS_UID_MAX 999
# Extra per user uids
SUB_UID_MIN 100000
@@ -116,7 +116,7 @@ SUB_UID_COUNT 65536
GID_MIN 1000
GID_MAX 60000
# System accounts
-SYS_GID_MIN 101
+SYS_GID_MIN 500
SYS_GID_MAX 999
# Extra per user group ids
SUB_GID_MIN 100000
@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD YESCRYPT
#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
--
2.44.0

149
core/shadow/PKGBUILD
View file

@ -1,149 +0,0 @@
# Maintainer: David Runge <dvzrv@archlinux.org>
# Contributor: Dave Reisner <dreisner@archlinux.org>
# Contributor: Aaron Griffin <aaron@archlinux.org>
# remove when bumped upstream
pkgname=shadow
pkgver=4.15.1
pkgrel=2.1
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
arch=(x86_64)
url="https://github.com/shadow-maint/shadow"
license=(BSD-3-Clause)
depends=(
glibc
)
makedepends=(
acl
attr
audit
docbook-xsl
itstool
libcap
libxcrypt
libxslt
pam
)
backup=(
etc/default/useradd
etc/login.defs
etc/pam.d/chpasswd
etc/pam.d/groupmems
etc/pam.d/newusers
etc/pam.d/passwd
)
options=(!emptydirs)
# NOTE: distribution patches are taken from https://gitlab.archlinux.org/archlinux/packaging/upstream/shadow/-/commits/4.15.1.arch1
source=(
$url/releases/download/$pkgver/$pkgname-$pkgver.tar.xz{,.asc}
0001-Disable-replaced-tools-their-man-pages-and-PAM-integ.patch
0002-Adapt-login.defs-for-PAM-and-util-linux.patch
0003-Add-Arch-Linux-defaults-for-login.defs.patch
shadow.{timer,service}
shadow.{sysusers,tmpfiles}
useradd.defaults
)
sha512sums=('e3ae51bf53bfa1662d81bbe0150ada19c116514f1e56391d877045d48e16776326446561759edbf5006c0f97ab1d5f4bae63521bf1fae67e118ddda0d4a8f6cb'
'SKIP'
'839b83a3824be89930207e635f7aaa10cf3660ba2f4a6e95b3366d083fe2c76295d1d54b108bdfe317e5ebb049a8bbbf7b5859907d201cee43af330abb2091b6'
'a3da00d0368a9397be00ce1fc06416e5261f2000b99f69bd83202cf56e7d0ebea34562fbf35fdf43e7cf52a82f6720f6299defed9fa1d6436648e2f29d10512b'
'c41e2cef30930a79a6ad4eb63a8106688fde49b3bfc22ec68833e1974d6932e856244dc5f0fbe63943dcd09c05d06db6aa71783aa09a25708f78898189436683'
'e4edf705dd04e088c6b561713eaa1afeb92f42ac13722bff037aede6ac5ad7d4d00828cfb677f7b1ff048db8b6788238c1ab6a71dfcfd3e02ef6cb78ae09a621'
'2c8689b52029f6aa27d75b8b05b0b36e2fc322cab40fdfbb50cdbe331f61bc84e8db20f012cf9af3de8c4e7fdb10c2d5a4925ca1ba3b70eb5627772b94da84b3'
'5afac4a96b599b0b8ed7be751e7160037c3beb191629928c6520bfd3f2adcd1c55c31029c92c2ff8543e6cd9e37e2cd515ba4e1789c6d66f9c93b4e7f209ee7a'
'97a6a57c07502e02669dc1a91bffc447dba7d98d208b798d80e07de0d2fdf9d23264453978d2d3d1ba6652ca1f2e22cdadc4309c7b311e83fa71b00ad144f877'
'706ba6e7fa8298475f2605a28daffef421c9fa8d269cbd5cbcf7f7cb795b40a24d52c20e8d0b73e29e6cd35cd7226b3e9738dc513703e87dde04c1d24087a69c')
b2sums=('a24f492cb2a7721b165c70237b1a9290acc0063bdf493f061752ca41d23a1154b26e16ee00dd96a19e825eff7f711391892eeb08a314d9277514d4d32a4adafe'
'SKIP'
'8d49018484533f1e9d0a2bdc81d6550a1662b275ffb5bb6dbe3d3062aa7d25e7acd3234bcbd3eb3e00dd8cd3a480cab9753d72b6970c44dc6e814ca5b45b554c'
'5fa58287e123fac7ba2cde8c98e0dfd52cbff0d0d67306b359881ebc54997907fe64b59012880f8750a152d05c05063888a03e43c19eabc7a2de0590bae0b1df'
'0ae11bf0ded3e6d6be3d960f5b75fdc885d936f499d162944ef27f0c3997be4fd1fc4f08cba60be6f81eddefbbb576cc37aeaf13993d80bfc8d452e496d286f4'
'5cfc936555aa2b2e15f8830ff83764dad6e11a80e2a102c5f2bd3b7c83db22a5457a3afdd182e3648c9d7d5bca90fa550f59576d0ac47a11a31dfb636cb18f2b'
'a69191ab966f146c35e7e911e7e57c29fffd54436ea014aa8ffe0dd46aaf57c635d0a652b35916745c75d82b3fca7234366ea5f810b622e94730b45ec86f122c'
'511c4ad9f3be530dc17dd68f2a3387d748dcdb84192d35f296b88f82442224477e2a74b1841ec3f107b39a5c41c2d961480e396a48d0578f8fd5f65dbe8d9f04'
'd727923dc6ed02e90ef31f10b3427df50afbfe416bd03c6de0c341857d1bb33ab6168312bd4ba18d19d0653020fb332cbcfeeb24e668ae3916add9d01b89ccb4'
'f743922062494fe342036b3acb8b747429eb33b1a13aa150daa4bb71a84e9c570cfcc8527a5f846e3ea7020e6f23c0b10d78cf2ba8363eea0224e4c34ea10161')
validpgpkeys=(
66D0387DB85D320F8408166DB175CFA98F192AF2 # Serge Hallyn <sergeh@kernel.org>
A9348594CE31283A826FBDD8D57633D441E25BB5 # Alejandro Colomar <alx@kernel.org>
)
prepare() {
local filename
cd $pkgname-$pkgver
for filename in "${source[@]}"; do
if [[ "$filename" =~ \.patch$ ]]; then
printf "Applying patch %s\n" "${filename##*/}"
patch -Np1 -i "$srcdir/${filename##*/}"
fi
done
autoreconf -fiv
}
build() {
local configure_options=(
--bindir=/usr/bin
--disable-account-tools-setuid # no setuid for chgpasswd, chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod
--enable-man
--libdir=/usr/lib
--mandir=/usr/share/man
--prefix=/usr
--sbindir=/usr/bin
--sysconfdir=/etc
--with-audit
--with-fcaps # use capabilities instead of setuid for setuidmap and setgidmap
--with-group-name-max-length=32
--with-libpam # PAM integration for chpasswd, groupmems, newusers, passwd
--with-yescrypt
--without-bcrypt
--without-libbsd # shadow can use internal implementation for getting passphrase
--without-nscd # we do not ship nscd anymore
--without-selinux
--without-su # su is provided by util-linux
)
cd $pkgname-$pkgver
# add extra check, preventing accidental deletion of other user's home dirs when using `userdel -r <user with home in />`
export CFLAGS="$CFLAGS -DEXTRA_CHECK_HOME_DIR"
./configure "${configure_options[@]}"
# prevent excessive overlinking due to libtool
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
make
}
package() {
depends+=(
acl libacl.so
attr libattr.so
audit libaudit.so
libxcrypt libcrypt.so
pam libpam.so libpam_misc.so
)
cd $pkgname-$pkgver
make DESTDIR="$pkgdir" install
make DESTDIR="$pkgdir" -C man install
# license
install -vDm 644 COPYING -t "$pkgdir/usr/share/licenses/$pkgname/"
# custom useradd(8) defaults (not provided by upstream)
install -vDm 600 ../useradd.defaults "$pkgdir/etc/default/useradd"
# systemd units
install -vDm 644 ../shadow.timer -t "$pkgdir/usr/lib/systemd/system/"
install -vDm 644 ../shadow.service -t "$pkgdir/usr/lib/systemd/system/"
install -vdm 755 "$pkgdir/usr/lib/systemd/system/timers.target.wants"
ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer"
install -vDm 644 ../$pkgname.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
install -vDm 644 ../$pkgname.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
# adapt executables to match the modes used by tmpfiles.d, so that pacman does not complain:
chmod 750 "$pkgdir/usr/bin/groupmems"
}

80
core/shadow/keys/pgp/66D0387DB85D320F8408166DB175CFA98F192AF2.asc
View file

@ -1,80 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBE+oKZQBCACz5WylGAr+eitZjuSigzR+y30W3E+gkU0DSNlBB3WlorOtmzMX
9F2d+z+ozJuez4NPqwfQ5y2ExKSbL8i1rwYmExZIzTDpm1Q6N3hG+vLbxwbrbsKT
qW9rPiXriU5yRwuvVJl4NOU6T/Pau3/VD8iFN7U4mVpNFVPlB8vCvDJ+07Z0xIH9
MXe8uaERG3v2EL7Mv8L5w05XEeuTT/CJiw6NdzwjZc1FymVoFjntetl8HaJ+5JCB
2ylAbnw/wZJHORgsLxZhOL6/zrJRG8GvjgB+1l8izgl4n0DOqjyyoQIZJ+mfuHR0
6wDqwvP5F9RZqCh8Md4hYujop5a0BKfAzLfdABEBAAG0IFNlcmdlIEhhbGx5biA8
c2VyZ2VoQGtlcm5lbC5vcmc+iQFOBBMBCgA4FiEEZtA4fbhdMg+ECBZtsXXPqY8Z
KvIFAl2r0d0CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQsXXPqY8ZKvIM
nAgAiTpLlXuzyD4C+9I/yCA9N/BqK43jnMfJOl/Ky56vgJ/WbrFJLuO3wubMlRLD
3jurC6SK2g0TpygyoX2MjwZVT60Sq3ZcgIh71yyWHhtZ29NuUiKsKnajb9IlP+AM
1V0g9py41YdDUmAuC/5crqyK+8u1CVrB/is7Eym598gIl9nyGvaZrzgjG1cRCjzf
ZU8pRG+VPMr5Xla8rDKBZl+LcusV90eAUa0E/KVFS5N1dQ6HKckYXPSBN3DKHZy+
qKa1k7Dq0CnkTjQmjaMu3j5sdOXg4QUfhCHeLDFAtadNdP04I6g5KZRvC44XdQ1A
bxFMLyObhCsq/QxSh/nYrKsw0rQsU2VyZ2UgSGFsbHluIChrZXJuZWwub3JnKSA8
c2VyZ2VAaGFsbHluLmNvbT6JATgEEwECACIFAk+oKZQCGwMGCwkIBwMCBhUIAgkK
CwQWAgMBAh4BAheAAAoJELF1z6mPGSryYfEIAJviOHYwzXjnHWrsbQQ75rJq2wQ4
NlM5FRljskufCXtIz/DUpKKT3aqG3y7ywtEwl4ePofJmLbC0O5bZF9blgSSCV02z
zGdeUosAJsxumYHVi9CRHWsiAaNMX8gif9vePqz/iY/caPS4w4gBXJK8vLwvxToI
4CZDwIlMkMov//3HQ5v5OKfeqbA1rnsGI74vUw9Zt/Sqgudz5bY65693OqeRRWU6
tOH8zo4HkFew26Ydh80qAn1R7ALnk68zwfXj8vdyR9f05dEqbg/4thZWcjWC/Frn
QOjcTwKu5DnUCE937a1MPzt4t1FCYUHrqcLN99uzGuOD42o9/S+JAa2HWhe5AQ0E
XavhqwEIAMKECc/f8f0/CenKkz3wXGEtlG46YLjtTt2tWYXdt9Z04ihVaYePanFt
vuujyO3I3jUQNv2foU1CtOuVyfZqX+TXqs0BUPXWwTCkMOyc/fEQ5u0BFJjWYtmr
2sZY4Ag1juJsmzI7g3cnMLL9LbjpbHRruFIT5rnv9NwG7PURn1XnCt9tdZ/d0h7v
EaNkD37j67rjy8UElVVcwVGhsCR8CkqwZ6ZwpQxE9wyq/Txb+v8qEJcohc5SWbYl
70AtzHObokkW6cvRjNz+BcEpnPfu10lbPO/8a16B96VDdjDGPj2shfNsFLaT8MtF
fDAdjZRGlrfv3Wp4qFRlSUGrjInvOLMAEQEAAYkBNgQYAQoAIBYhBGbQOH24XTIP
hAgWbbF1z6mPGSryBQJdq+GrAhsgAAoJELF1z6mPGSryW4wH/3Xk9x+WUxeJNtm+
5hOfe/KBsXQUbBz+JHGFjd9YQw98jUvPNN1RfgtKf31b+FDKbk/cu+9bNLSfhKDz
2AEREViogKRcVjJDy9XmmWQd1oo+M4GHNYhpIt5ZK1d3CROIiqisLQsih64/gl9g
boMcsUuHRkc3hVKUb2umCZPG37hUdAvOmOMS7/0KCGS5pXnfsX+zegSKjps12siE
xYXiRpkxbF9MW7er6/6ukvHLx4jHpgiZ5Sjt/9OqUiAOgUSQfhpAUJlaLxe9E3nj
+ABs7LV+FOjtI64skqgqbYo5VXobFSJhqFTog1+KmMznfsdKaOZQuZh3v3TtGUzk
xoMUHPe5AQ0EXavhYgEIAMd+iVOTx6FC3Ghv2PASeXsnxtb9Af+aBjNf0m8WKTLg
IS9xQbxgNJctG6AEptkBfAStRLIA5qOa0iYIpkJynEPbonJ12qvtlJ6b6g1h3ATh
YXQBjTQ89X+rlFzVGQsieqanjI+fiSNbDarOLQUbeJOrkfFukr34o5xloKENL/kw
u1lDG/Y2GMxZRLe1aVJUXQg4FiEiaE+LNFbrUHxdNR2PE4XuJHetneHEiT/zXpvE
F4MCisjJTGAHEC43rl7OqHU/GDdcW0udyf9v33LCFWTRLlgKKHVyUrHVhVzbB2z1
+xnxxh/bQXjgttIP3Zqn8LXiLnUNU5+ejJiuAwdwcn8AEQEAAYkBNgQYAQoAIBYh
BGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+FiAhsMAAoJELF1z6mPGSry9/UH/0vO
oYu6b57UxsJNR5dCMhsPYV7FFIX9uj5XIDo/bQt2RTMa2PuKMbcDGINsDqHXqOFp
Zq5WDHhq0cEoIqhlkgj1uC77LLGw7mWyiaMbITQDlRzP9c9Qj3NkGNKW6FTwR7LP
h43kgXygO1StVADIdHapiw9hI52rF8FrNYy4oNRXhUcDPfn03akuIbF75saCHaYO
/xoQeEqE+0qV82V/FT5tISMygkzgq+9zUhiA4XQjxiVhSK2cAi0iUTXZecyEueLk
6zZ9vkD8JZagSirTFgxtLrnhVpUBJMOgffv5jmO/Sun4s+3JbAdicmsFqw90hWmG
Nwa0F5HZ20rEVAwkdt25AQ0EXavgpgEIAOk8dMgYu4Q7hU461EC/MtxIiwSD8i7l
izUB8SzxFPnyWgkvG2Fik5lUiDJmEstLdCm3dpapiJudzcTgl9Abo4xgoq+VbKRC
Pk0017JE2bNSbF3TmxhaHAHiBvhU/U+kRz+lDnUE1SmhzGd1yn1kCvmG9MmWjiQP
kG9vLx3d46DBnqHO6wn1AFeKiKuyCs1igvtT2qz+2+izY9tyd+s2O95+1CDQslqQ
8IQNP00cFTJljsk3dmZXQb6SkxxTNG+E/2vMdUZhUbb7UIFUOmFekZvGZMIf9sNM
JGCVIN+vyMMhE1MA17iJGxtAFVqeMN4wA9+MA4z5udkegdbxnWxLtg0AEQEAAYkC
bAQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+CmAhsCAUAJELF1z6mP
GSrywHQgBBkBCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAl2r4KYACgkQNXDa
FycKziT2fAf+PgS08m9Uiks9LWAp9BpaiVn0SXx/XYhTJmRr78UrCHogZstAET2h
aLqWwMIoyOpie5Vutxi2WXQtzsJ1BHV9LB/NP3nFT/P9asZXzFtBBRQsDwxW5ii2
0hkHKG10M2+QGiC0ssfi1zjQFKbaOpxvou5Pi+zBQuT1RQ65NQrFYQI4zdyLbnni
X2EZpDipLFJeGs881HQt7RjwSUtAjXW9M/pQQDp/JWEjp6D3R4ys0/Y4cJblCci5
rM8Un/aVvXYGBqEpsddhH9xGpk0JTWtGAfw1a0ovRv39D1uwG8uXTQiUDTGGlllX
hzpLkcJBtT8VeogiAGZC99pbNW5BU8cbFyOHB/9Q/HBmIqmj5MYvQZCQ//cf9Af9
gc+o2YA4/Kg2pSf9GKZizd3J8NO05O6YSsXqIsBr2lIGjw4klkE7GyRd/KVMQOxr
FY9vFcdSxQuklnFUeiH73RFP3nsdzw+MRr4Hcpbm9F0fCnB6aU1gqf74e/6Qiv6d
2pq7Dzyzx7ZCm8BRLT2HZbFeYQ6GsdOIYgWzWXqurk/68rlE1D7Fo9KK9lmrLOwr
r7ez1pOLHA8pPDhZhxI5D3ZhDsLUux3caCUfFdP/VpaJijGNc1HYt8mk4U1Qb6Zl
afTYb75F9d61v8/M/HATZ5KpT9gr0aGkfwptzCwlBJ8ypcRI9AuUUDCTAXIGuQEN
BE+oKZQBCADc9sYSnWAj3y6QE9sGNDUFaKpAFUsprpQ8LeA05nh3RUxYDd75qc0e
wtGR1+SlgpehKQfSXVQT254jM5lJanNDPYffk9k9lMwgSVoTP2QaszfDgir7WKKQ
uj3dBwnmYHdIY2mq+eaAh/1cCU//ggdaATo4ENQhKTAIiuviGKBpYX/zHAlPIvyF
jERsBmq0woQKvDGsoQEObx1zu1GaTWeTSIEnHyRhajMQrKUAxSCh9Th2Vj6xOhvx
9TK6li+ecxYuuBVP0Xllg1GdoQBC8KWITDOrU18suj1vEGK4YOzQQPxANs6I81Sv
Vddd2bh71cyAjhHr1kugw3PWQvLe4yHHABEBAAGJAR8EGAECAAkFAk+oKZQCGwwA
CgkQsXXPqY8ZKvJrVAgAi7CVXJt8mZiN+yzwiZVlzrkRQduB2cgvGZD6Hm3MJc1a
VA3Gh0tJcLo+SdutCOzKSmPRSsnWT19EKxpDMrc9j97Pi9SDrGyUOx7Bz8gKjTI6
BcfPNAhAyIr5Gr9SDyTx6tUduSmmErrvjYWP1/Jz7spInN2wQd5ZVRSvS/rNZGh1
NU31oeWlbpkU0JpGbZkMXv4JIy+1caH5zzrcRMC9JFxfm/bYdaq+jHhMufnSy0Qa
3QgJkKvzxzvlIG9BaUmuNeR+XoA9ISEMQzAYXqxJQSL28Er9IVaNgtz5mqCMf8vu
DTPGpkYyqGnOjtQNF695wiA7CAr3/WTeiEl6kKsBFg==
=YnIc
-----END PGP PUBLIC KEY BLOCK-----

100
core/shadow/keys/pgp/A9348594CE31283A826FBDD8D57633D441E25BB5.asc
View file

@ -1,100 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGI/tA8BEACYC5fPDOMDrT8SxNlsB9fRj9YAZt7okGtbCIlVuSPs81YMkeJm
BxtPPnps5Vw2whZS13zaoyPykMg6k+komDWctWQKIF0VgpVYtIuezq4q8kMNmKLc
MnHiZRKRh8dOqlK6jHcUlF8rBgQhk+RUBUPOqFEYeTveoZ9qqVmWhOVce5uUX01k
iU2SjoGAGkNDBqmOkhhVUSQg/AVcc4web6Gu184VUbOXx7J5MPpRmXE610fAUeeJ
1VzyB8U/hgPLrbZX3jQMJbcCSM+Qdxdr/gsptfx1XIm4NsvKXTUOpWg1DQFiQYTJ
FN6Kz0NKN6MV/3AqbKGtWDqKhFt3u3a7T+uUP/qzi9jma+DruQuzQztI6xnthZCb
RjFkQ/iUUtuGgmpOB14HrgwNaRjKWddzab+A7BL971Q3fFqDsvrntD+koYVUgTfq
ErcQo9ZdGRAUL5icyyDg4cC6xgjdmYfnX1s4Rlo3cXJXTZpIOx5AvZV6HYNNm9pu
EoPm5gjNtk4F+FENNjkB3c2ntFr2prpoxaN9ceNd8a1tkWAgh6ueFVA/tkd1hy+2
bP7e5+Nk9NjsWLvnL2slep1cX38DU9hx91t21+x/8hCxN4gqtvDJY/eqUZ2d0uAR
KhPEDZ8GzchxVtX9bGx1HSAVcdnkSzKIGFOJi3ivYqUEihXd5WQE57UovQARAQAB
tCJBbGVqYW5kcm8gQ29sb21hciA8YWx4QGtlcm5lbC5vcmc+iQJOBBMBCgA4FiEE
qTSFlM4xKDqCb73Y1XYz1EHiW7UFAmNDAAYCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQ1XYz1EHiW7Vm4g/+NDfrYWHAHSMBkQnTZdhrOFCR1tJsWTLABwe1
fMLBW7djLZMZweDMU76UBrucAEsarKkIHyhqpBES5EXwmlvKSnEhzPjXZ+PoHmM0
M8Lq7QFZ5IEbrhuJbvpfTCa0gleHKIVYCCeaf2AUpgwX1XMkG2mmRdvUDQ2M8NMH
ljM/OZ+6tBGpw7zvx1kYsSfBerlHxmLXlRxHrr9nWi7zXa+HrHZQAhopuufIb1we
8lI/gdfywq7s/e5Xelk4dnr/pEFx56G1vh0bc+zU36+C9gX5IXOJv2WrTmOfG3Am
gaJgWZapJQlPFEByk+2oJf5UOgPRhdX7qLR8mVnQ4EHM1sr9B6UGwcySZpVwag9n
51WhjgdqYoSPt9dpPSNfNavLJDR+paM0aEHi3/t3mGJSyOPM4E6ejrYk7791fOJF
0J3VhKr9KR1rMxQpE1kMs7qO1uUJvnF+opzrueMELffwTfDDyvY1bV/ZNou/MPi4
EbUJyZDvsq2shaKj/NB4nzYJIoGbUzUrz008buTagf+WZ+uTDIdOJbaVPcUUjtzr
21KifSWxcokNhqSIrsCLzCJkbiKEK7nUoOvl9q3Wl9L5CWAOflr5499iyGqxlJ+E
7xzerWy1ZqgQHJ3Zp0wVMgHTKvPsmDvwaXBvEZkrUQ4PnInWTNJ2yiNxJU/we7Xx
kxo4Qk20MUFsZWphbmRybyBDb2xvbWFyIEFuZHJlcyA8YWx4Lm1hbnBhZ2VzQGdt
YWlsLmNvbT6JAk4EEwEKADgWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCYj+0DwIb
AQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDVdjPUQeJbtTdsD/97XSXo3Dqb
eaAWhjreKTwO9sPh9n79tS5CZMne44jvC7OCNGeFYq/MGyk0aDPcfN27dO4YSJXN
d82t2K5vC85W5+tbnREN+OTNy8b6U4XxpeQhHP7jr5xeQt0aTkUH3Eo+0mzUq4fS
hxMMch4FuDvMcohkOQs6LMKyvNo0jXAM3nE6nJeRipBjG5d8KKlx9dqmS5Zee9FA
YayikSFp77aSGIvWFejTS3YDaN/APotN1SheEWHtGRY1zvbPbGKJKMy/k8O0b0TJ
gGGe0RzFmPaQSCc/ZlpG2jk5BrnnspCDTq1I/2zcpgdwcR3/3Iuw2VAlOU48w7Qs
fZecvYw+8zlrsJlB/NNU6s1YzeTi37jo43aqgyw4E7iev18f14W2ZQuIQY36hUmf
4z49hAliWcoq7SZL6tsdmeQPjYWJb1lxds8s+iEH1PUsGObWUkjy1iIfJ+gXCe8E
uKZKPGY7RWwYoSBliCVVXfgmD2XQja9i3pjRiJ6S7sYjZnugNwFaVbeptHE8NL4J
Y3eRJpZdGizW58zTfxhvU/AjjDMhqqshW8ZSbAIRI05eGxzwk82qGq+cUVxsBeU8
7i9DbqNOF50cYyltYVVJ9qPAxO+5sBtW6rq+yxkLArjTlpIRJsrXSiFJFqAp7FkC
pUx66xvV8LgAVMKeD2o+Ae8mCTmYJfiCabkCDQRj2/4qARAAw4VXqcdlHsnCDqcC
x5U+nHDOMsyEqG7F8mivt9covXkGUGoLI3ZlGU/5EoRwQB91uHJMU9zJwumQ4tLs
szhOB/CNBSDZ4XTCcEej+dhQounRIdbY+DcXn4dVdx/mYCFPVb7OtUe68m6vyiai
2KG288QbjnkzNA222caPQNDy6NsIGh8V5WDKCa7Jk0Zti+tTdi+vhkFjk7+brh5I
qzahfuk/uVDWBUVT3OiNRywtouTBdfT33JhQyRqSMty6gjkkYyxX0QD5r5EIVrtr
gre6aBWw3dy64pVs9nxVBhVCH4h6PwReXFB4kfjgw82Q1/DkF/ZMsH8bPPtvjI1N
Yz+TMaLcUQX7fWlW7YbQSXSwF4mUSMYgdOZ8CTNQjKmpnpVhHYuL67cG26ev/+T4
OrcT103j/InLipKvYUC3HwFMbq2P/9edqf85d/Nl1KMdByJ3qVVFMuXjiJr0uf1K
oc7nfP3mqkPUHEdjsHnQnpNWZPBr5xs8iNtGmgltnJE2jacXFqtvJ6M9ugrMauoK
s5sNMhqvf/zyZiLWkcZ8bWi6cGl/JD1RS66ViFFmVeg5xpVgspUAsADCZLneTCAW
46DJ2Esq92afIVSz/AUtVjLUJyZIOBaVzY2JXR9s5/ePJAd4T42cg1Kdrdsi0dPY
MOwPjQBpiuetA4dCWeL5qucnSAUAEQEAAYkCPAQYAQoAJhYhBKk0hZTOMSg6gm+9
2NV2M9RB4lu1BQJj2/4qAhsMBQkB4TOAAAoJENV2M9RB4lu17J0P/3LN+ueOR4q4
G5KOnLA5+u1y84d0LI16Z43iAm2NyAWCNkvjGj3RqQD8ZwFmckulf05mhvLOcwxE
i8aAnEcsK4YfsGjgQRDJIChPnZCfssCkFVjfTyEcMgI4sr8hBjbp+ULL4LOnHu4B
LjWjeWc48dtVQ7qcetVw7u9ZABfRBPxVBgY8Idxv1qVOQE13P2sPzbYKsFz+2mH5
54VnMO64zqCbecxgV4NRFcTeNUaDgl6D7zNlNmh4j6c7sKjoEzYIVizApM4xMtOB
syL4fGXRcNtenuBDc/1/PeHdDhqGGlZds1RmTLJm+gCzVio4z5EXPJMKjAVBHapM
NMl4TiTay6gMG6QJMwkgVmS2F28wxj9KztkdnC+2YWJdWDeM07Le231X2hnRQE/D
epN4MouHofOB3I3WY+sSR2KUik9WceL+ICIvUisCNk3GvXVg6hYXIukN8ZR4Sf3A
rRPpePofDK0vZeWIGt6ZksVY9A3GQc0cMagqgCTK0gUxeDk/tPH8xyz/VvRZPGaC
GlzeSQ1giSwgNXX1FDfnGOdn/rJh/aoDl1PzTBjyZcZ15s9HSPA6h36TMgCrSCai
kWjbk8mOJhIhTbxclyI9JLu2AeKu+zP41Gi0AEEGkhFKZ9cG6cGG7AuSsiZ3OqOu
sym/ZKz1uuXGo1iJJgkZ2yiq3ox7KHMZuQINBGI/t3UBEACr9ldxakkNdKp/Pc8+
fRznR/+b29CfQWjOEv2njByhQa5CU18jMT6DIOokv2vU7xwaNJviBouaKWAIe5iy
a3BWHhRpk6e2WnST/X3Zxmm8NjBZAMVl1JXS/vDEDhUu76y/Z82YcHZi52fRXRr3
jwza/jGFyjLwem04G/CrS+tUHiWd3cbeh09LlQ/zN7cO8oOoYZWyoX0GNtXbUovy
ssdUt1RODrSVde+8ec7AQm8fg7mRt3HCXhjwrdLxvqVRgG3wYCR3TnzL+rGuhYxa
TEmbcjPLrKqSfZatsmVir1JJ2Cn8O9Ns5ROsqnulYa0foTo4LDwgqR82uel8mEaZ
EQh4B7ob8mvqPLKBHbQXVeRTxuqLdyd3W/2yu5nIUi7kA6CIm5mdK8MT6CiHqYYx
QD33HTN4OtFqrf3TbyjBG5wlzCD2mSrGB52FYgrkfSiKXBOxiqoFo++SpK1wSuHN
a2ge1hkIdlE8wEPDBDSRqPta8t8ZazNPuc5tR6g0B/JUTIa6r8bDk5NgNj8jrGqv
MvTWl+txcQ5uYo5OlvdiwHy2/YzEDhWcb1ls0faQQHn2CYFr6S9Ad9dOsMJZ2E29
K4v/apGnGEjLqqqXWfIxPBq01bZY1pQI8fy+PJkp8IHZfQ2RrmUFaSOufLOgQE7c
w8j/SxlSdbFrBZA7cMfGLPLT0QARAQABiQRsBBgBCgAgFiEEqTSFlM4xKDqCb73Y
1XYz1EHiW7UFAmI/t3UCGwICQAkQ1XYz1EHiW7XBdCAEGQEKAB0WIQTqOofwpOug
MORd8kCejBr7vv/bMgUCYj+3dQAKCRCejBr7vv/bMkq3D/48Y7jLfIB5jY9dzVCm
ikbuexOAb0YDSZQS3Pt6GnPryIm1gLaRt0jw8HWVI80bMRvTKvJ7D7+kc6GCLK90
MjxMBdlL/BfBFj8jNuVeaNfI7dTbon0kri56bMI3Ad/G7jryRcnPrRZo/nzGKcMD
WxV3tgZkamh0pHYWjSttt0fr8t2qXzK74XO3PnU1RkGY1QAlMa89FJXUyW+veFpy
AJWNW9zYVatjPKPyMLr8I7t9KLjviJBBWwE2fbXgvT58IqhqADKt+YJdXlNiD1Mn
ZaBbbBCO7Mn+aG+yAJBJKPqmjoN1dOXy1FtuNrHHnTYIHyoRD/IR1DtEwlIYHlhZ
+8uy2rXPMA/I8hSCxFgMEJaY8IzfP49sPvwFMfGgnEFk7jmTAczP7rwSeDuvRnWQ
ztJqu9PQp3Wmek/ea7WV93rBmI6Vipl8P69m3CzQErnuIZUutsjP0BaiU+hENoXu
ZmlV0MtnNix0j28sTIe49vtb5UTVRJjIwwI1BDGtM4Ukij9tNkDkntrTkpBE3MFk
9SYi8aAN99kBCNmkwRdY0opwNhGFJwBEwycv7I7d7s/Y79ZSuZBrjB6nB5gU+Xh1
tDdQZxzHLctnZ2cAjE8BcU2wrgZghWiRZ7YlI0bozXl6/VJaAVhZU7f6ebklXSYF
JwTrCwam8VbcgoiukMsdv831NmkPD/4sjSJfoqdE4kGHHX/S/N/Q8LiflefYivLX
X/WtGyRguuYH+8YDqGaCGco8IKmlRDhaME1achjMp/O808B2rxogpsLWu08AF4PJ
97w01RfjBr8aA5qvZXnCfAnmpRzQjDrjIuNOle834dXvOAANugR22dBbjv7MRtOp
Xn1whyAEJIwBeAgKe+p1zwWyQNv2Gq+9C0IQ2w4uJsodjNi6YzFnTvm3HulnNr4s
L+x/i+24iuz0Gf2KbGiR2FtCyKIek0N2NAhPquoI7L0HEP2FKh3OeEH0aCdFcZf/
Dw19fjqEROaJhVvSgTvXIVh3dnB4e7qlYsMSNQxqCcKQD4D79kjFrOygySU+6xMp
vUQvOiF46MrPx8KtfiuPTuEji0Y0F9qz1u5vqwelsg5vpoa12h9qSdX/uWKbRqqQ
x5gHERLoTXT7aMKYuDU3UAMxEEEOaXnOtWNlr3n4H7zMrZ3qvkTRRmGiH8iGkSFn
w2WO3rr/flfIQAJLSUH5lTmR4j/XBNtOGSAWKaRU3N5cX2zHcS5YxkaBx3u4Ew+D
qnBNL6oazpe1iaIoxsyC8MOFyoWHmv/ivv7FbpkWFHgN+R2nenIMiHuHQd/62/RC
PVEoGmaL+XCfSpmstYz9phejRW7LacBt4BMCV7ghqD6vYCR0QBoENp0V5mKyXQ6P
R2OsYRFGGw==
=oO0E
-----END PGP PUBLIC KEY BLOCK-----

37
core/shadow/shadow.service
View file

@ -1,37 +0,0 @@
[Unit]
Description=Verify integrity of password and group files
After=systemd-sysusers.service
[Service]
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
# Always run both checks, but fail the service if either fails
ExecStart=/bin/sh -c '/usr/bin/pwck -qr || r=1; /usr/bin/grpck -r && exit $r'
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
PrivateTmp=yes
ProcSubset=pid
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=read-only
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictSUIDSGID=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@resources
SystemCallFilter=~@privileged
UMask=0077

1
core/shadow/shadow.sysusers
View file

@ -1 +0,0 @@
g groups - -

7
core/shadow/shadow.timer
View file

@ -1,7 +0,0 @@
[Unit]
Description=Daily verification of password and group files
[Timer]
OnCalendar=daily
AccuracySec=12h
Persistent=true

1
core/shadow/shadow.tmpfiles
View file

@ -1 +0,0 @@
z /usr/bin/groupmems 2750 root groups - -

27
core/shadow/useradd.defaults
View file

@ -1,27 +0,0 @@
# Default values for useradd(8)
#
# The SHELL variable specifies the default login shell on your
# system.
SHELL=/usr/bin/bash
# The default group for users
GROUP=users
# The default home directory.
HOME=/home
# The number of days after a password expires until the account is permanently
# disabled
INACTIVE=-1
# The default expire date
EXPIRE=
# The SKEL variable specifies the directory containing "skeletal" user files;
# in other words, files such as a sample .profile that will be copied to the
# new user's home directory when it is created.
SKEL=/etc/skel
# Defines whether the mail spool should be created while
# creating the account
CREATE_MAIL_SPOOL=no