[Buildroot] [PATCH v7 09/22] linux-pam: selinux support

Samuel Martin s.martin49 at gmail.com
Sat Jun 20 17:08:19 UTC 2015


Hi Clayton,

On Tue, Jun 2, 2015 at 3:28 PM, Clayton Shotwell
<clayton.shotwell at rockwellcollins.com> wrote:
[...]
> +# Use the host-pam pam_conv1 app to create the pam.d files
> +define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
> +       ( \
> +               if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
> +                       mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
> +               fi; \
> +               cd $(TARGET_DIR)/etc/ && \
> +               cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1; \
> +               if [ -d pam.d.orig ]; then \
> +                       cp -a pam.d/* pam.d.orig/; \
> +                       rm -rf pam.d/; \
> +                       mv pam.d.orig/ pam.d/; \
> +               fi; \
> +       )
> +       $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd $(TARGET_DIR)/etc/pam.d/system-auth
> +endef
Funny, I think the sub-shell is not needed here.
Also, in the former if-block, paths are absolute (via
$(TARGET_DIR)/...), whereas in the latter, they are relative to where
the cd command goes...
It could be rewrite like this:

define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
    if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
        mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
    fi
    cd $(TARGET_DIR)/etc/ && \
        cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1
    if [ -d $(TARGET_DIR)/etc/pam.d.orig ]; then \
        cp -a $(TARGET_DIR)/etc/pam.d/* $(TARGET_DIR)/etc/pam.d.orig/; \
        rm -rf $(TARGET_DIR)/etc/pam.d/; \
        mv $(TARGET_DIR)/etc/pam.d.orig/ $(TARGET_DIR)/etc/pam.d/; \
    fi
    $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd
$(TARGET_DIR)/etc/pam.d/system-auth
endef

> +
> +LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
>  LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG
>
> +HOST_LINUX_PAM_DEPENDENCIES = host-flex host-pkgconf
> +
> +HOST_LINUX_PAM_CONF_OPTS = --disable-rpath \
> +               --enable-read-both-confs \
> +               --disable-regenerate-docu \
> +               --disable-isadir \
> +               --disable-nis \
> +               --enable-securedir=/lib/security \
> +               --disable-prelude \
> +               --disable-cracklib \
> +               --disable-lckpwdf \
> +               --enable-db=no \
Why using --enable-db=no and not --disable-db, the target *_CONF_OPTS
uses --disable-db

> +               --disable-selinux \
> +               --disable-audit \
> +
[...]

[1] http://git.buildroot.net/buildroot/tree/package/linux-pam/linux-pam.mk#n15

Regards,

-- 
Samuel



More information about the buildroot mailing list