Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: "Paweł Hajdan, Jr." <phajdan.jr@g.o>
Subject: RFC: virtual/shadow
Date: Thu, 08 Mar 2012 14:23:19 +0100
I'd like to add <http://code.google.com/p/hardened-shadow/> to the tree.
It is an alternative implementation of shadow utilities (passwd, su,
login, etc) based on ideas from Openwall's tcb.

Earlier I tried upstreaming the Openwall's shadow patches, and you can
see a log of those efforts at
<http://comments.gmane.org/gmane.linux.debian.alioth.pkg-shadow/881>

In the end shadow-4.1.5 has some experimental support for tcb, but

1) It's incomplete (I didn't manage to upstream all Openwall's patches).
2) It's ugly (even more "special cases" in the already #ifdef-heavy
codebase).
3) It requires sys-auth/tcb, which doesn't work with vanilla glibc (I'm
maintaining tcb in Gentoo and have special patch for that, reviewed by
upstream), and is broken with recent glibc
(<https://bugs.gentoo.org/show_bug.cgi?id=371167>).

And now we have <http://code.google.com/p/hardened-shadow/> which is a
small alternative implementation, possibly going even further (the file
system layout is a bit different than with tcb).

I'd like to add virtual/shadow-0, with the following dependencies:

DEPEND=""
RDEPEND="|| ( >=sys-apps/shadow-4.1 sys-apps/hardened-shadow )"

hardened-shadow package is not yet in the tree, I'm going to be its
maintainer (base-system or anyone else is welcome to join), and the
ebuild is going to be very simple.

And then convert profiles to the new virtual (the relevant files; below
are all occurrences of sys-apps/shadow):

$ grep 'sys-apps/shadow' -r /usr/portage/profiles/
/usr/portage/profiles/ChangeLog-2011:  Added sys-apps/shadow to
packages.build as we need it on stage1.
/usr/portage/profiles/prefix/packages:-*>=sys-apps/shadow-4.1
/usr/portage/profiles/prefix/package.provided:sys-apps/shadow-0
/usr/portage/profiles/base/packages:*>=sys-apps/shadow-4.1
/usr/portage/profiles/uclibc/packages.build:sys-apps/shadow
/usr/portage/profiles/default/bsd/ChangeLog:  Add -*>=sys-apps/shadow-4.1
/usr/portage/profiles/default/bsd/package.mask:sys-apps/shadow
/usr/portage/profiles/default/bsd/packages:-*>=sys-apps/shadow-4.1
/usr/portage/profiles/default/linux/packages.build:sys-apps/shadow
/usr/portage/profiles/use.local.desc:sys-apps/shadow:audit - Enable
support for sys-process/audit
/usr/portage/profiles/use.local.desc:sys-apps/shadow:tcb - Enable
support for sys-auth/tcb

And any reverse dependencies (after testing):

<http://tinderbox.dev.gentoo.org/misc/dindex/sys-apps/shadow>

What do you think?

Attachment:
signature.asc (OpenPGP digital signature)
Replies:
Re: RFC: virtual/shadow
-- Paweł Hajdan, Jr.
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [gentoo-dev-announce] Submit project ideas NOW for Google Summer of Code 2012
Next by thread:
Re: RFC: virtual/shadow
Previous by date:
Re: Re: [gentoo-dev-announce] Submit project ideas NOW for Google Summer of Code 2012
Next by date:
Re: RFD: EAPI specification in ebuilds


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.