[Buildroot] [PATCH v7 09/22] linux-pam: selinux support
Samuel Martin
s.martin49 at gmail.com
Sat Jun 20 17:08:19 UTC 2015
Hi Clayton,
On Tue, Jun 2, 2015 at 3:28 PM, Clayton Shotwell
<clayton.shotwell at rockwellcollins.com> wrote:
[...]
> +# Use the host-pam pam_conv1 app to create the pam.d files
> +define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
> + ( \
> + if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
> + mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
> + fi; \
> + cd $(TARGET_DIR)/etc/ && \
> + cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1; \
> + if [ -d pam.d.orig ]; then \
> + cp -a pam.d/* pam.d.orig/; \
> + rm -rf pam.d/; \
> + mv pam.d.orig/ pam.d/; \
> + fi; \
> + )
> + $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd $(TARGET_DIR)/etc/pam.d/system-auth
> +endef
Funny, I think the sub-shell is not needed here.
Also, in the former if-block, paths are absolute (via
$(TARGET_DIR)/...), whereas in the latter, they are relative to where
the cd command goes...
It could be rewrite like this:
define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
fi
cd $(TARGET_DIR)/etc/ && \
cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1
if [ -d $(TARGET_DIR)/etc/pam.d.orig ]; then \
cp -a $(TARGET_DIR)/etc/pam.d/* $(TARGET_DIR)/etc/pam.d.orig/; \
rm -rf $(TARGET_DIR)/etc/pam.d/; \
mv $(TARGET_DIR)/etc/pam.d.orig/ $(TARGET_DIR)/etc/pam.d/; \
fi
$(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd
$(TARGET_DIR)/etc/pam.d/system-auth
endef
> +
> +LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
> LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG
>
> +HOST_LINUX_PAM_DEPENDENCIES = host-flex host-pkgconf
> +
> +HOST_LINUX_PAM_CONF_OPTS = --disable-rpath \
> + --enable-read-both-confs \
> + --disable-regenerate-docu \
> + --disable-isadir \
> + --disable-nis \
> + --enable-securedir=/lib/security \
> + --disable-prelude \
> + --disable-cracklib \
> + --disable-lckpwdf \
> + --enable-db=no \
Why using --enable-db=no and not --disable-db, the target *_CONF_OPTS
uses --disable-db
> + --disable-selinux \
> + --disable-audit \
> +
[...]
[1] http://git.buildroot.net/buildroot/tree/package/linux-pam/linux-pam.mk#n15
Regards,
--
Samuel
More information about the buildroot
mailing list