Summary: Programs for handling passwords in a secure way
Name: shadow
Version: 4.6
Release: 3%{?dist}
URL: https://github.com/shadow-maint/
License: BSD
Group: Applications/System
Vendor: VMware, Inc.
Distribution: Photon
Source0: https://github.com/shadow-maint/shadow/releases/download/4.6/%{name}-%{version}.tar.xz
%define sha1 shadow=0b84eb1010fda5edca2a9d1733f9480200e02de6
Source1: chage
Source2: chpasswd
Source3: login
Source4: other
Source5: passwd
Source6: sshd
Source7: su
Source8: system-account
Source9: system-auth
Source10: system-password
Source11: system-session
Patch1: chkname-allowcase.patch
BuildRequires: cracklib
BuildRequires: cracklib-devel
Requires: cracklib
BuildRequires: Linux-PAM-devel
Requires: Linux-PAM
Requires: (%{name}-tools = %{version}-%{release} or toybox)
%description
The Shadow package contains programs for handling passwords
in a secure way.
%package tools
Summary: Contains subset of tools which might be replaced by toybox
Group: Applications/System
Requires: %{name} = %{version}-%{release}
Conflicts: toybox
%description tools
Contains subset of tools which might be replaced by toybox
%package lang
Summary: Additional language files for shadow
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description lang
These are the additional language files of shadow.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p1
sed -i 's/groups$(EXEEXT) //' src/Makefile.in
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
-e 's@/var/spool/mail@/var/mail@' etc/login.defs
sed -i 's@DICTPATH.*@DICTPATH\t/usr/share/cracklib/pw_dict@' \
etc/login.defs
%build
%configure --sysconfdir=/etc --with-libpam \
--with-libcrack --with-group-name-max-length=32
make %{?_smp_mflags}
%install
make DESTDIR=%{buildroot} install
install -vdm 755 %{buildroot}/bin
mv -v %{buildroot}%{_bindir}/passwd %{buildroot}/bin
sed -i 's/yes/no/' %{buildroot}/etc/default/useradd
# Use group id 100(users) by default
sed -i 's/GROUP.*/GROUP=100/' %{buildroot}/etc/default/useradd
# Disable usergroups. Use "users" group by default (see /etc/default/useradd)
# for all nonroot users.
sed -i 's/USERGROUPS_ENAB.*/USERGROUPS_ENAB no/' %{buildroot}/etc/login.defs
cp etc/{limits,login.access} %{buildroot}/etc
for FUNCTION in FAIL_DELAY \
FAILLOG_ENAB \
LASTLOG_ENAB \
MAIL_CHECK_ENAB \
OBSCURE_CHECKS_ENAB \
PORTTIME_CHECKS_ENAB \
QUOTAS_ENAB \
CONSOLE MOTD_FILE \
FTMP_FILE NOLOGINS_FILE \
ENV_HZ PASS_MIN_LEN \
SU_WHEEL_ONLY \
CRACKLIB_DICTPATH \
PASS_CHANGE_TRIES \
PASS_ALWAYS_WARN \
CHFN_AUTH ENCRYPT_METHOD \
ENVIRON_FILE
do
sed -i "s/^${FUNCTION}/# &/" %{buildroot}/etc/login.defs
done
sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" %{buildroot}/etc/login.defs
install -vm644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/
install -vm644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pam.d/
for PROGRAM in chfn chgpasswd chsh groupadd groupdel \
groupmems groupmod newusers useradd userdel usermod
do
install -v -m644 %{buildroot}%{_sysconfdir}/pam.d/chage %{buildroot}%{_sysconfdir}/pam.d/${PROGRAM}
sed -i "s/chage/$PROGRAM/" %{buildroot}%{_sysconfdir}/pam.d/${PROGRAM}
done
%find_lang %{name}
%check
make %{?_smp_mflags} check
%post
%{_sbindir}/pwconv
%{_sbindir}/grpconv
%files
%defattr(-,root,root)
%config(noreplace) /etc/login.defs
%config(noreplace) /etc/login.access
%config(noreplace) /etc/default/useradd
%config(noreplace) /etc/limits
%{_bindir}/*
%{_sbindir}/*
%{_mandir}/man1
%{_mandir}/man5
%{_mandir}/man8
%exclude %{_bindir}/su
%exclude %{_bindir}/login
%exclude %{_mandir}/cs
%exclude %{_mandir}/da
%exclude %{_mandir}/de
%exclude %{_mandir}/fi
%exclude %{_mandir}/fr
%exclude %{_mandir}/hu
%exclude %{_mandir}/id
%exclude %{_mandir}/it
%exclude %{_mandir}/ja
%exclude %{_mandir}/ko
%exclude %{_mandir}/man3
%exclude %{_mandir}/pl
%exclude %{_mandir}/pt_BR
%exclude %{_mandir}/ru
%exclude %{_mandir}/sv
%exclude %{_mandir}/tr
%exclude %{_mandir}/zh_CN
%exclude %{_mandir}/zh_TW
%config(noreplace) %{_sysconfdir}/pam.d/*
%files tools
%defattr(-,root,root)
/bin/passwd
%{_bindir}/su
%{_bindir}/login
%files lang -f %{name}.lang
%defattr(-,root,root)
%changelog
* Wed Oct 24 2018 Michelle Wang <michellew@vmware.com> 4.6-3
- Add su and login into shadow-tool.
* Tue Oct 2 2018 Michelle Wang <michellew@vmware.com> 4.6-2
- Add conflict toybox for shadow-tools.
* Wed Sep 19 2018 Srinidhi Rao <srinidhir@vmware.com> 4.6-1
- Upgrading the version to 4.6.
* Mon Jul 30 2018 Tapas Kundu <tkundu@vmware.com> 4.2.1-16
- Added fix for CVE-2018-7169.
* Fri Apr 20 2018 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-15
- Move pam.d config file to here for better tracking.
- Add pam_loginuid module as optional in a session.
* Tue Oct 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-14
- Added -tools subpackage.
- Main package requires -tools or toybox.
* Tue Aug 15 2017 Anish Swaminathan <anishs@vmware.com> 4.2.1-13
- Added fix for CVE-2017-12424, CVE-2016-6252.
* Thu Apr 27 2017 Divya Thaluru <dthaluru@vmware.com> 4.2.1-12
- Allow '.' in username.
* Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 4.2.1-11
- BuildRequires Linux-PAM-devel.
* Wed Nov 23 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-10
- Added -lang subpackage.
* Tue Oct 04 2016 ChangLee <changlee@vmware.com> 4.2.1-9
- Modified %check.
* Tue Jun 21 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-8
- Added logic to not replace pam.d conf files in upgrade scenario.
* Fri May 27 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-7
- Adding pam_cracklib module as requisite to pam password configuration.
* Wed May 25 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-6
- Modifying pam_systemd module as optional in a session.
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.2.1-5
- GA Bump release of all rpms.
* Mon May 2 2016 Xiaolin Li <xiaolinl@vmware.com> 4.2.1-4
- Enabling pam_systemd module in a session.
* Fri Apr 29 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-3
- Setting password aging limits to 90 days.
* Wed Apr 27 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-3
- Setting password aging limits to 365 days.
* Wed Mar 23 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-2
- Enabling pam_limits module in a session.
* Tue Jan 12 2016 Anish Swaminathan <anishs@vmware.com> 4.2.1-1
- Update version.
* Wed Dec 2 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-6
- Fixed PAM Configuration file for passwd.
* Mon Oct 26 2015 Sharath George <sharathg@vmware.com> 4.1.5.1-5
- Allow mixed case in username.
* Mon Jun 29 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-4
- Fixed PAM Configuration file for chpasswd.
* Tue Jun 16 2015 Alexey Makhalov <amakhalov@vmware.com> 4.1.5.1-3
- Use group id 100(users) by default.
* Wed May 27 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-2
- Adding PAM support.
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-1
- Initial build First version.