[Buildroot] [PATCH] PAM support in Busybox if linux-pam is built

[Buildroot] [PATCH] PAM support in Busybox if linux-pam is built

[Dmitry]

Signed-off-by: Dmitry <golubovsky@gmail.com>
---
 package/busybox/Config.in  |   11 +++++++++++
 package/busybox/busybox.mk |   12 ++++++++++++
 2 files changed, 23 insertions(+), 0 deletions(-)

diff --git a/package/busybox/Config.in b/package/busybox/Config.in
index dedcf18..3e9f56d 100644
--- a/package/busybox/Config.in
+++ b/package/busybox/Config.in
@@ -62,6 +62,17 @@ config BR2_PACKAGE_BUSYBOX_WATCHDOG
 	  Install the watchdog daemon startup script,
 	  that just start at the boot the busybox watchdog daemon.
 
+config BR2_PACKAGE_BUSYBOX_PAM
+	bool "Enable PAM support in Busybox"
+	default y
+	depends on BR2_PACKAGE_LINUX_PAM
+	help
+	  PAM support in Busybox is enabled by default if package 
+	  linux-pam is selected. Make sure that files /etc/pam.d/default
+	  and/or /etc/pam.d/login exist and contain valid authentication
+	  stack. Otherwise you will not be able to log into the booted
+	  system. If unsure unselect this item.
+
 if BR2_PACKAGE_BUSYBOX_WATCHDOG
 
 config BR2_PACKAGE_BUSYBOX_WATCHDOG_PERIOD
diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
index 17ee50a..c97ce77 100644
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -161,6 +161,17 @@ define BUSYBOX_INSTALL_WATCHDOG_SCRIPT
 endef
 endif
 
+ifeq ($(BR2_PACKAGE_BUSYBOX_PAM),y)
+BUSYBOX_DEPENDENCIES += linux-pam
+define BUSYBOX_ENABLE_PAM
+	$(call KCONFIG_ENABLE_OPT,CONFIG_PAM,$(BUSYBOX_BUILD_CONFIG))
+endef
+else
+define BUSYBOX_ENABLE_PAM
+	$(call KCONFIG_DISABLE_OPT,CONFIG_PAM,$(BUSYBOX_BUILD_CONFIG))
+endef
+endif
+
 # We do this here to avoid busting a modified .config in configure
 BUSYBOX_POST_EXTRACT_HOOKS += BUSYBOX_COPY_CONFIG
 
@@ -176,6 +187,7 @@ define BUSYBOX_CONFIGURE_CMDS
 	$(BUSYBOX_DISABLE_MMU_APPLETS)
 	$(BUSYBOX_SET_INIT)
 	$(BUSYBOX_SET_WATCHDOG)
+	$(BUSYBOX_ENABLE_PAM)
 	@yes "" | $(MAKE) ARCH=$(KERNEL_ARCH) CROSS_COMPILE="$(TARGET_CROSS)" \
 		-C $(@D) oldconfig
 endef
-- 
1.7.2.5

[Buildroot] [PATCH] PAM support in Busybox if linux-pam is built

[Baruch Siach]

Hi Dmitry,

On Sat, Aug 11, 2012 at 11:03:43PM -0400, Dmitry wrote:

[snip]

> +config BR2_PACKAGE_BUSYBOX_PAM
> +	bool "Enable PAM support in Busybox"
> +	default y
> +	depends on BR2_PACKAGE_LINUX_PAM
> +	help
> +	  PAM support in Busybox is enabled by default if package 
> +	  linux-pam is selected. Make sure that files /etc/pam.d/default
> +	  and/or /etc/pam.d/login exist and contain valid authentication
> +	  stack. Otherwise you will not be able to log into the booted
> +	  system. If unsure unselect this item.

The last help sentence seems to contradict the 'default y' enable by default 
above.

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

[Buildroot] [PATCH] PAM support in Busybox if linux-pam is built

[Dmitry Golubovsky]

Baruch,


On Sun, Aug 12, 2012 at 10:17 AM, Baruch Siach <baruch@tkos.co.il> wrote:

>> +     help
>> +       PAM support in Busybox is enabled by default if package
>> +       linux-pam is selected. Make sure that files /etc/pam.d/default
>> +       and/or /etc/pam.d/login exist and contain valid authentication
>> +       stack. Otherwise you will not be able to log into the booted
>> +       system. If unsure unselect this item.
>
> The last help sentence seems to contradict the 'default y' enable by default
> above.

My approach would be to disable it by default. However from the prior
discussion I concluded that the preferred way in Buildroot is to
enable something by default as new feature appears. So I am trying a
reasonable compromise: to make PAM enabled in busybox, but to provide
a fast way to disable it if anything goes wrong.

What would you suggest: to drop "if unsure..." or to make PAM disabled
by default in busybox?

Thanks.

-- 
Dmitry Golubovsky

Anywhere on the Web

[Buildroot] [PATCH] PAM support in Busybox if linux-pam is built

[Thomas Petazzoni]

Le Sun, 12 Aug 2012 10:25:46 -0400,
Dmitry Golubovsky <golubovsky@gmail.com> a ?crit :

> What would you suggest: to drop "if unsure..." or to make PAM disabled
> by default in busybox?

Make PAM disabled by default *and* provide basically working versions
of the /etc/pam.d/ files that are needed to make the login process
working if Busybox is built with PAM support. That's something we
generally try to do with Buildroot: ensure that when a package is built
and installed, it has default configuration files that allow it to work
in at least a basic way.

Best regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com