[PATCH 0/3] Adding pam supporting

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [PATCH 0/3] Adding pam supporting
@ 2011-07-25  8:23 Xiaofeng Yan
  2011-07-25  8:23 ` [PATCH 1/3] openssh: Support PAM Xiaofeng Yan
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Xiaofeng Yan @ 2011-07-25  8:23 UTC (permalink / raw)
  To: openembedded-core

From: Xiaofeng Yan <xiaofeng.yan@windriver.com>

Hi Saul,

I modified my patches according to your suggestion.
- Using spaces instead of tab
- The patches can work only when pam is enabled
- Using OE-Core instead of poky


Pull URL: git://git.pokylinux.org/poky-contrib.git
  Branch: xiaofeng/pam
  Browse: http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=xiaofeng/pam

Thanks,
    Xiaofeng Yan <xiaofeng.yan@windriver.com>
---


Xiaofeng Yan (3):
  openssh: Support PAM
  polkit: Support pam
  dropbear: Support pam

 .../openssh/openssh-5.8p2/sshd                     |   10 +++
 meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   77 +++++++++++---------
 meta/recipes-core/dropbear/dropbear.inc            |   78 +++++++++++---------
 .../dropbear/dropbear/dropbear-enable-pam.patch    |   22 ++++++
 meta/recipes-core/dropbear/dropbear_0.52.bb        |    2 +-
 .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++
 meta/recipes-extended/polkit/polkit_0.101.bb       |    7 +-
 7 files changed, 146 insertions(+), 73 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
 create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
 create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/3] openssh: Support PAM
  2011-07-25  8:23 [PATCH 0/3] Adding pam supporting Xiaofeng Yan
@ 2011-07-25  8:23 ` Xiaofeng Yan
  2011-07-25 11:45   ` Richard Purdie
  2011-07-25  8:23 ` [PATCH 2/3] polkit: Support pam Xiaofeng Yan
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 7+ messages in thread
From: Xiaofeng Yan @ 2011-07-25  8:23 UTC (permalink / raw)
  To: openembedded-core

From: Xiaofeng Yan <xiaofeng.yan@windriver.com>

Change as follows:
* Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.
* Using four spaces instead of tab

Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
 .../openssh/openssh-5.8p2/sshd                     |   10 +++
 meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   77 +++++++++++---------
 2 files changed, 53 insertions(+), 34 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd

diff --git a/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
new file mode 100644
index 0000000..4882e58
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
@@ -0,0 +1,10 @@
+#%PAM-1.0
+
+auth       include      common-auth
+account    required     pam_nologin.so
+account    include      common-account
+password   include      common-password
+session    optional     pam_keyinit.so force revoke
+session    include      common-session
+session    required     pam_loginuid.so
+
diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
index e23069c..d5ccba1 100644
--- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
@@ -7,13 +7,11 @@ SECTION = "console/network"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=bae9a689be41581503bcf95d8fb42c4e"
 
-PR = "r0"
+PR = "r1"
 
 DEPENDS = "zlib openssl"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-
 RPROVIDES = "ssh sshd"
-
 CONFLICTS_${PN} = "dropbear"
 RCONFLICTS_${PN}-sshd = "dropbear"
 RCONFLICTS_${PN}-keygen = "ssh-keygen"
@@ -23,7 +21,9 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://sshd_config \
            file://ssh_config \
            file://init \
-          "
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+PAM_SRC_URI = "file://sshd"
 SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
 SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
 
@@ -47,23 +47,32 @@ EXTRA_OECONF = "--with-rand-helper=no \
 EXTRA_OECONF_append_libc-uclibc=" --without-pam"
 
 do_configure_prepend () {
-	if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
-		cp aclocal.m4 acinclude.m4
-	fi
+
+    if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
+        cp aclocal.m4 acinclude.m4
+    fi
 }
 
 do_compile_append () {
-	install -m 0644 ${WORKDIR}/sshd_config ${S}/
-	install -m 0644 ${WORKDIR}/ssh_config ${S}/
+    install -m 0644 ${WORKDIR}/sshd_config ${S}/
+    install -m 0644 ${WORKDIR}/ssh_config ${S}/
 }
 
 do_install_append () {
-	install -d ${D}${sysconfdir}/init.d
-	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
-	mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
-	mv ${D}${bindir}/ssh ${D}${bindir}/ssh.${PN}
-	rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
-	rmdir ${D}/var/run/sshd ${D}/var/run ${D}/var
+    for i in ${DISTRO_FEATURES};
+    do
+        if [ ${i} = "pam" ];  then
+            install -d ${D}${sysconfdir}/pam.d
+            install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+        fi
+    done
+    install -d ${D}${sysconfdir}/init.d
+    install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+    mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
+    mv ${D}${bindir}/ssh ${D}${bindir}/ssh.${PN}
+    rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
+    rmdir ${D}/var/run/sshd ${D}/var/run ${D}/var
+       
 }
 
 ALLOW_EMPTY_${PN} = "1"
@@ -83,40 +92,40 @@ DEPENDS_${PN}-sshd += "update-rc.d"
 RDEPENDS_${PN}-sshd += "update-rc.d ${PN}-keygen"
 
 pkg_postinst_${PN}-sshd () {
-	if [ "x$D" != "x" ]; then
-		exit 1
-	else
-		addgroup sshd
-		adduser --system --home /var/run/sshd --no-create-home --disabled-password --ingroup sshd -s /bin/false sshd
-		update-rc.d sshd defaults 9
-	fi
+    if [ "x$D" != "x" ]; then
+        exit 1
+    else
+        addgroup sshd
+        adduser --system --home /var/run/sshd --no-create-home --disabled-password --ingroup sshd -s /bin/false sshd
+        update-rc.d sshd defaults 9
+    fi
 }
 
 pkg_postinst_${PN}-scp () {
-	update-alternatives --install ${bindir}/scp scp scp.${PN} 90
+    update-alternatives --install ${bindir}/scp scp scp.${PN} 90
 }
 
 pkg_postinst_${PN}-ssh () {
-	update-alternatives --install ${bindir}/ssh ssh ssh.${PN} 90
+    update-alternatives --install ${bindir}/ssh ssh ssh.${PN} 90
 }
 
 pkg_postrm_${PN}-ssh () {
-	update-alternatives --remove ${bindir}/ssh ssh.${PN}
+    update-alternatives --remove ${bindir}/ssh ssh.${PN}
 }
 
 pkg_postrm_${PN}-scp () {
-	update-alternatives --remove ${bindir}/scp scp.${PN}
+    update-alternatives --remove ${bindir}/scp scp.${PN}
 }
 
 pkg_postrm_${PN}-sshd () {
-	if [ "x$D" != "x" ]; then
-		exit 1
-	else
-		${sysconfdir}/init.d/sshd stop
-		deluser sshd
-		delgroup sshd
-		update-rc.d -f sshd remove
-	fi
+    if [ "x$D" != "x" ]; then
+        exit 1
+    else
+        ${sysconfdir}/init.d/sshd stop
+        deluser sshd
+        delgroup sshd
+        update-rc.d -f sshd remove
+    fi
 }
 
 CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
-- 
1.7.0.4




^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/3] openssh: Support PAM
  2011-07-25  8:23 ` [PATCH 1/3] openssh: Support PAM Xiaofeng Yan
@ 2011-07-25 11:45   ` Richard Purdie
  0 siblings, 0 replies; 7+ messages in thread
From: Richard Purdie @ 2011-07-25 11:45 UTC (permalink / raw)
  To: Patches and discussions about the oe-core layer

On Mon, 2011-07-25 at 16:34 +0800, Xiaofeng Yan wrote:
> From: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> 
> Change as follows:
> * Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.
> * Using four spaces instead of tab
> 
> Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
> ---
>  .../openssh/openssh-5.8p2/sshd                     |   10 +++
>  meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   77 +++++++++++---------
>  2 files changed, 53 insertions(+), 34 deletions(-)
>  create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> 
> diff --git a/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> new file mode 100644
> index 0000000..4882e58
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
> @@ -0,0 +1,10 @@
> +#%PAM-1.0
> +
> +auth       include      common-auth
> +account    required     pam_nologin.so
> +account    include      common-account
> +password   include      common-password
> +session    optional     pam_keyinit.so force revoke
> +session    include      common-session
> +session    required     pam_loginuid.so
> +
> diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> index e23069c..d5ccba1 100644
> --- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> @@ -7,13 +7,11 @@ SECTION = "console/network"
>  LICENSE = "BSD"
>  LIC_FILES_CHKSUM = "file://LICENCE;md5=bae9a689be41581503bcf95d8fb42c4e"
>  
> -PR = "r0"
> +PR = "r1"
>  
>  DEPENDS = "zlib openssl"
>  DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> -
>  RPROVIDES = "ssh sshd"
> -
>  CONFLICTS_${PN} = "dropbear"
>  RCONFLICTS_${PN}-sshd = "dropbear"
>  RCONFLICTS_${PN}-keygen = "ssh-keygen"
> @@ -23,7 +21,9 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
>             file://sshd_config \
>             file://ssh_config \
>             file://init \
> -          "
> +           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
> +
> +PAM_SRC_URI = "file://sshd"
>  SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
>  SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
>  
> @@ -47,23 +47,32 @@ EXTRA_OECONF = "--with-rand-helper=no \
>  EXTRA_OECONF_append_libc-uclibc=" --without-pam"
>  
>  do_configure_prepend () {
> -	if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
> -		cp aclocal.m4 acinclude.m4
> -	fi
> +
> +    if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
> +        cp aclocal.m4 acinclude.m4
> +    fi
>  }

Please resubmit this without changing the whitespace in the file!

Cheers,

Richard




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 2/3] polkit: Support pam
  2011-07-25  8:23 [PATCH 0/3] Adding pam supporting Xiaofeng Yan
  2011-07-25  8:23 ` [PATCH 1/3] openssh: Support PAM Xiaofeng Yan
@ 2011-07-25  8:23 ` Xiaofeng Yan
  2011-07-25  8:23 ` [PATCH 3/3] dropbear: " Xiaofeng Yan
  2011-07-25 16:20 ` [PATCH 0/3] Adding pam supporting Saul Wold
  3 siblings, 0 replies; 7+ messages in thread
From: Xiaofeng Yan @ 2011-07-25  8:23 UTC (permalink / raw)
  To: openembedded-core

From: Xiaofeng Yan <xiaofeng.yan@windriver.com>

Modify configuration "polkit-1" in /etc/pam.d/ for supporting pam.

Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
 .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++++++++++++++++
 meta/recipes-extended/polkit/polkit_0.101.bb       |    7 ++++-
 2 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch

diff --git a/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
new file mode 100644
index 0000000..74647ef
--- /dev/null
+++ b/meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
@@ -0,0 +1,23 @@
+polkit: No system-auth in OE-Core, we can use common-* in place of it.
+
+Upstream-Status:Inappropriate [configuration]
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+
+--- a/configure.ac	2011-03-04 02:26:20.000000000 +0800
++++ b/configure.ac.new	2011-07-18 10:14:12.516818852 +0800
+@@ -350,10 +350,10 @@
+     PAM_FILE_INCLUDE_PASSWORD=system
+     PAM_FILE_INCLUDE_SESSION=system
+ else
+-   PAM_FILE_INCLUDE_AUTH=system-auth
+-   PAM_FILE_INCLUDE_ACCOUNT=system-auth
+-   PAM_FILE_INCLUDE_PASSWORD=system-auth
+-   PAM_FILE_INCLUDE_SESSION=system-auth
++   PAM_FILE_INCLUDE_AUTH=common-auth
++   PAM_FILE_INCLUDE_ACCOUNT=common-account
++   PAM_FILE_INCLUDE_PASSWORD=common-password
++   PAM_FILE_INCLUDE_SESSION=common-session
+ fi
+ 
+ AC_SUBST(PAM_FILE_INCLUDE_AUTH)
diff --git a/meta/recipes-extended/polkit/polkit_0.101.bb b/meta/recipes-extended/polkit/polkit_0.101.bb
index 6769914..56ceca4 100644
--- a/meta/recipes-extended/polkit/polkit_0.101.bb
+++ b/meta/recipes-extended/polkit/polkit_0.101.bb
@@ -7,8 +7,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \
                     file://docs/polkit/html/license.html;md5=07ddbf5f29e44c80c99be19c1690ec1f"
 
 SRC_URI = "http://hal.freedesktop.org/releases/polkit-${PV}.tar.gz \
-           file://introspection.patch"
-PR = "r0"
+           file://introspection.patch \
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+PAM_SRC_URI = "file://polkit-1_pam.patch"
+PR = "r1"
 DEPENDS = "libpam expat dbus-glib eggdbus intltool"
 RDEPENDS_${PN} = "libpam"
 EXTRA_OECONF = "--with-authfw=pam --with-os-type=moblin --disable-man-pages --disable-gtk-doc --disable-introspection"
-- 
1.7.0.4




^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 3/3] dropbear: Support pam
  2011-07-25  8:23 [PATCH 0/3] Adding pam supporting Xiaofeng Yan
  2011-07-25  8:23 ` [PATCH 1/3] openssh: Support PAM Xiaofeng Yan
  2011-07-25  8:23 ` [PATCH 2/3] polkit: Support pam Xiaofeng Yan
@ 2011-07-25  8:23 ` Xiaofeng Yan
  2011-07-25 16:20 ` [PATCH 0/3] Adding pam supporting Saul Wold
  3 siblings, 0 replies; 7+ messages in thread
From: Xiaofeng Yan @ 2011-07-25  8:23 UTC (permalink / raw)
  To: openembedded-core

From: Xiaofeng Yan <xiaofeng.yan@windriver.com>

I make a patch and some changes in dropbear.inc for supporting pam.
- Enable pam in configure
- Modify file option.h to open pam supporting

Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
 meta/recipes-core/dropbear/dropbear.inc            |   78 +++++++++++---------
 .../dropbear/dropbear/dropbear-enable-pam.patch    |   22 ++++++
 meta/recipes-core/dropbear/dropbear_0.52.bb        |    2 +-
 3 files changed, 65 insertions(+), 37 deletions(-)
 create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch

diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 1b51e1a..df1c2a0 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -9,13 +9,17 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
 
 DEPENDS = "zlib"
 RPROVIDES = "ssh sshd"
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
-	         file://urandom-xauth-changes-to-options.h.patch \
-	         file://configure.patch \
-	         file://fix-2kb-keys.patch \
-	         file://allow-nopw.patch;apply=no \
-	         file://init"
+           file://urandom-xauth-changes-to-options.h.patch \
+           file://configure.patch \
+           file://fix-2kb-keys.patch \
+           file://allow-nopw.patch;apply=no \
+           file://init \
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} "
+
+PAM_SRC_URI = "file://dropbear-enable-pam.patch"
 
 inherit autotools update-rc.d
 
@@ -28,54 +32,56 @@ LD = "${CC}"
 SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
 BINCOMMANDS = "dbclient ssh scp"
 EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+EXTRA_OECONF += "\
+    ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
 
 DISTRO_TYPE = "${@base_contains("IMAGE_FEATURES", "debug-tweaks", "debug", "",d)}"
 
 do_debug_patch() {
-	if [ "${DISTRO_TYPE}" = "debug" ]; then
-		bbnote "WARNING: applying allow-nopw.patch which allows password-less logins!"
-		patch -p1 < ${WORKDIR}/allow-nopw.patch
-	fi
+    if [ "${DISTRO_TYPE}" = "debug" ]; then
+        bbnote "WARNING: applying allow-nopw.patch which allows password-less logins!"
+        patch -p1 < ${WORKDIR}/allow-nopw.patch
+    fi
 }
 
 addtask do_debug_patch after do_patch before do_configure
 
 do_install() {
-	install -d ${D}${sysconfdir} \
-		   ${D}${sysconfdir}/init.d \
-		   ${D}${sysconfdir}/default \
-		   ${D}${sysconfdir}/dropbear \
+    install -d ${D}${sysconfdir} \
+           ${D}${sysconfdir}/init.d \
+           ${D}${sysconfdir}/default \
+           ${D}${sysconfdir}/dropbear \
                    ${D}${bindir} \
-		   ${D}${sbindir} \
-		   ${D}${localstatedir}
+           ${D}${sbindir} \
+           ${D}${localstatedir}
 
-	install -m 0755 dropbearmulti ${D}${sbindir}/
-	ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
-	
-	for i in ${SBINCOMMANDS}
-	do
-		ln -s ./dropbearmulti ${D}${sbindir}/$i
-	done
-	cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \
-				  -e 's,/usr/sbin,${sbindir},g' \
-				  -e 's,/var,${localstatedir},g' \
-				  -e 's,/usr/bin,${bindir},g' \
-				  -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear
-	chmod 755 ${D}${sysconfdir}/init.d/dropbear
+    install -m 0755 dropbearmulti ${D}${sbindir}/
+    ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
+    
+    for i in ${SBINCOMMANDS}
+    do
+        ln -s ./dropbearmulti ${D}${sbindir}/$i
+    done
+    cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \
+                  -e 's,/usr/sbin,${sbindir},g' \
+                  -e 's,/var,${localstatedir},g' \
+                  -e 's,/usr/bin,${bindir},g' \
+                  -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear
+    chmod 755 ${D}${sysconfdir}/init.d/dropbear
 }
 
 pkg_postinst_${PN} () {
-	update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20
-	update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20
+    update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20
+    update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20
 }
 
 pkg_postrm_append_${PN} () {
-  if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
+    if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
         rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
-  fi
-  if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
+    fi
+    if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
         rm ${sysconfdir}/dropbear/dropbear_dss_host_key
-  fi
-  update-alternatives --remove ssh ${bindir}/dropbearmulti
-  update-alternatives --remove scp ${bindir}/dropbearmulti
+    fi
+    update-alternatives --remove ssh ${bindir}/dropbearmulti
+    update-alternatives --remove scp ${bindir}/dropbearmulti
 }
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
new file mode 100644
index 0000000..004d773
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
@@ -0,0 +1,22 @@
+dropbear: We need modify file option.h besides enabling pam in \
+configure if we want dropbear to support pam.
+
+Upstream-Status: Pending
+
+Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
+
+--- a/options.h	2011-07-12 13:27:39.008819183 +0800
++++ b/options.h.new	2011-07-12 13:37:37.780819308 +0800
+@@ -149,9 +149,9 @@
+  * but there's an interface via a PAM module - don't bother using it otherwise.
+  * You can't enable both PASSWORD and PAM. */
+ 
+-#define ENABLE_SVR_PASSWORD_AUTH
++//#define ENABLE_SVR_PASSWORD_AUTH
+ /* PAM requires ./configure --enable-pam */
+-/*#define ENABLE_SVR_PAM_AUTH*/
++#define ENABLE_SVR_PAM_AUTH
+ #define ENABLE_SVR_PUBKEY_AUTH
+ 
+ /* Wether to ake public key options in authorized_keys file into account */
+
diff --git a/meta/recipes-core/dropbear/dropbear_0.52.bb b/meta/recipes-core/dropbear/dropbear_0.52.bb
index 78d6cf1..4013c65 100644
--- a/meta/recipes-core/dropbear/dropbear_0.52.bb
+++ b/meta/recipes-core/dropbear/dropbear_0.52.bb
@@ -3,4 +3,4 @@ require dropbear.inc
 SRC_URI[md5sum] = "1c69ec674481d7745452f68f2ea5597e"
 SRC_URI[sha256sum] = "e3a2ca49ed85ce562240c0ac06e2f72826d7e52a83e80d91c067c8b97bf5c108"
 
-PR = "r2"
+PR = "r3"
-- 
1.7.0.4




^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH 0/3] Adding pam supporting
  2011-07-25  8:23 [PATCH 0/3] Adding pam supporting Xiaofeng Yan
                   ` (2 preceding siblings ...)
  2011-07-25  8:23 ` [PATCH 3/3] dropbear: " Xiaofeng Yan
@ 2011-07-25 16:20 ` Saul Wold
  3 siblings, 0 replies; 7+ messages in thread
From: Saul Wold @ 2011-07-25 16:20 UTC (permalink / raw)
  To: Patches and discussions about the oe-core layer

On 07/25/2011 01:23 AM, Xiaofeng Yan wrote:
> From: Xiaofeng Yan<xiaofeng.yan@windriver.com>
>
> Hi Saul,
>
> I modified my patches according to your suggestion.
> - Using spaces instead of tab

Xiaofeng,

As Richard already pointed out you changed the white space incorrectly, 
there are 2 types of white space used in recipe files.  For things that 
are shell commands, we use TAB (as the file originally was doing), for 
python fragments 4 spaces are used. For recipe metadata, spaces are used 
to line up indentation of lists (Such as SRC_URI, EXTRA_OEMAKE, ...)

Please review

https://wiki.yoctoproject.org/wiki/Best_Known_Methods_%28BKMs%29_for_Package_Updating#White_Space_Management

I am sorry that was not clear from my email.

Sau!

> - The patches can work only when pam is enabled
> - Using OE-Core instead of poky
>
>
> Pull URL: git://git.pokylinux.org/poky-contrib.git
>    Branch: xiaofeng/pam
>    Browse: http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=xiaofeng/pam
>
> Thanks,
>      Xiaofeng Yan<xiaofeng.yan@windriver.com>
> ---
>
>
> Xiaofeng Yan (3):
>    openssh: Support PAM
>    polkit: Support pam
>    dropbear: Support pam
>
>   .../openssh/openssh-5.8p2/sshd                     |   10 +++
>   meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   77 +++++++++++---------
>   meta/recipes-core/dropbear/dropbear.inc            |   78 +++++++++++---------
>   .../dropbear/dropbear/dropbear-enable-pam.patch    |   22 ++++++
>   meta/recipes-core/dropbear/dropbear_0.52.bb        |    2 +-
>   .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++
>   meta/recipes-extended/polkit/polkit_0.101.bb       |    7 +-
>   7 files changed, 146 insertions(+), 73 deletions(-)
>   create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
>   create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
>   create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>



^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 0/3] Adding patches to support pam
@ 2011-07-26 10:08 Xiaofeng Yan
  2011-07-26 10:08 ` [PATCH 1/3] openssh: Support PAM Xiaofeng Yan
  0 siblings, 1 reply; 7+ messages in thread
From: Xiaofeng Yan @ 2011-07-26 10:08 UTC (permalink / raw)
  To: openembedded-core

Hi Saul & Richard,

I modified my patches about how to whitespace and tab in .bb file according to your suggestion.

Pull URL: git://git.pokylinux.org/poky-contrib.git
  Branch: xiaofeng/pam
  Browse: http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=xiaofeng/pam

Thanks,
    Xiaofeng Yan <xiaofeng.yan@windriver.com>
---


Xiaofeng Yan (3):
  openssh: Support PAM
  dropbear: Support pam
  polkit: Support pam

 .../openssh/openssh-5.8p2/sshd                     |   10 ++++++++
 meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   13 +++++++++-
 meta/recipes-core/dropbear/dropbear.inc            |    8 ++++++-
 .../dropbear/dropbear/dropbear-enable-pam.patch    |   22 +++++++++++++++++++
 meta/recipes-core/dropbear/dropbear_0.52.bb        |    2 +-
 .../polkit/polkit-0.101/polkit-1_pam.patch         |   23 ++++++++++++++++++++
 meta/recipes-extended/polkit/polkit_0.101.bb       |    7 ++++-
 7 files changed, 79 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
 create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-enable-pam.patch
 create mode 100644 meta/recipes-extended/polkit/polkit-0.101/polkit-1_pam.patch




^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/3] openssh: Support PAM
  2011-07-26 10:08 [PATCH 0/3] Adding patches to support pam Xiaofeng Yan
@ 2011-07-26 10:08 ` Xiaofeng Yan
  0 siblings, 0 replies; 7+ messages in thread
From: Xiaofeng Yan @ 2011-07-26 10:08 UTC (permalink / raw)
  To: openembedded-core

Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.

Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
---
 .../openssh/openssh-5.8p2/sshd                     |   10 ++++++++++
 meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   13 +++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/openssh/openssh-5.8p2/sshd

diff --git a/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
new file mode 100644
index 0000000..4882e58
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.8p2/sshd
@@ -0,0 +1,10 @@
+#%PAM-1.0
+
+auth       include      common-auth
+account    required     pam_nologin.so
+account    include      common-account
+password   include      common-password
+session    optional     pam_keyinit.so force revoke
+session    include      common-session
+session    required     pam_loginuid.so
+
diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
index e23069c..89b011d 100644
--- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=bae9a689be41581503bcf95d8fb42c4e"
 
-PR = "r0"
+PR = "r1"
 
 DEPENDS = "zlib openssl"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -23,7 +23,9 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://sshd_config \
            file://ssh_config \
            file://init \
-          "
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+
+PAM_SRC_URI = "file://sshd"
 SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
 SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
 
@@ -58,6 +60,13 @@ do_compile_append () {
 }
 
 do_install_append () {
+	for i in ${DISTRO_FEATURES};
+	do
+		if [ ${i} = "pam" ];  then
+			install -d ${D}${sysconfdir}/pam.d
+			install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+		fi
+	done
 	install -d ${D}${sysconfdir}/init.d
 	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
 	mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
-- 
1.7.0.4




^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2011-07-26 10:19 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-25  8:23 [PATCH 0/3] Adding pam supporting Xiaofeng Yan
2011-07-25  8:23 ` [PATCH 1/3] openssh: Support PAM Xiaofeng Yan
2011-07-25 11:45   ` Richard Purdie
2011-07-25  8:23 ` [PATCH 2/3] polkit: Support pam Xiaofeng Yan
2011-07-25  8:23 ` [PATCH 3/3] dropbear: " Xiaofeng Yan
2011-07-25 16:20 ` [PATCH 0/3] Adding pam supporting Saul Wold
  -- strict thread matches above, loose matches on Subject: below --
2011-07-26 10:08 [PATCH 0/3] Adding patches to support pam Xiaofeng Yan
2011-07-26 10:08 ` [PATCH 1/3] openssh: Support PAM Xiaofeng Yan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox