[Buildroot] [PATCH v7 09/22] linux-pam: selinux support
Clayton Shotwell
clayton.shotwell at rockwellcollins.com
Fri Jul 10 19:13:38 UTC 2015
Samuel,
Thanks,
Clayton
Clayton Shotwell
Senior Software Engineer, Rockwell Collins
clayton.shotwell at rockwellcollins.com
On Sat, Jun 20, 2015 at 12:08 PM, Samuel Martin <s.martin49 at gmail.com> wrote:
> Hi Clayton,
>
> On Tue, Jun 2, 2015 at 3:28 PM, Clayton Shotwell
> <clayton.shotwell at rockwellcollins.com> wrote:
> [...]
>> +# Use the host-pam pam_conv1 app to create the pam.d files
>> +define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
>> + ( \
>> + if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
>> + mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
>> + fi; \
>> + cd $(TARGET_DIR)/etc/ && \
>> + cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1; \
>> + if [ -d pam.d.orig ]; then \
>> + cp -a pam.d/* pam.d.orig/; \
>> + rm -rf pam.d/; \
>> + mv pam.d.orig/ pam.d/; \
>> + fi; \
>> + )
>> + $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd $(TARGET_DIR)/etc/pam.d/system-auth
>> +endef
> Funny, I think the sub-shell is not needed here.
> Also, in the former if-block, paths are absolute (via
> $(TARGET_DIR)/...), whereas in the latter, they are relative to where
> the cd command goes...
> It could be rewrite like this:
>
> define LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
> if [ -d $(TARGET_DIR)/etc/pam.d/ ]; then \
> mv $(TARGET_DIR)/etc/pam.d/ $(TARGET_DIR)/etc/pam.d.orig/; \
> fi
> cd $(TARGET_DIR)/etc/ && \
> cat $(@D)/conf/pam.conf | $(HOST_DIR)/usr/bin/pam_conv1
> if [ -d $(TARGET_DIR)/etc/pam.d.orig ]; then \
> cp -a $(TARGET_DIR)/etc/pam.d/* $(TARGET_DIR)/etc/pam.d.orig/; \
> rm -rf $(TARGET_DIR)/etc/pam.d/; \
> mv $(TARGET_DIR)/etc/pam.d.orig/ $(TARGET_DIR)/etc/pam.d/; \
> fi
> $(INSTALL) -D -m 0644 package/linux-pam/system-auth.pamd
> $(TARGET_DIR)/etc/pam.d/system-auth
> endef
>
>> +
>> +LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_CONFIG_FILE_TARGET_INSTALL
>> LINUX_PAM_POST_INSTALL_TARGET_HOOKS += LINUX_PAM_INSTALL_CONFIG
>>
>> +HOST_LINUX_PAM_DEPENDENCIES = host-flex host-pkgconf
>> +
>> +HOST_LINUX_PAM_CONF_OPTS = --disable-rpath \
>> + --enable-read-both-confs \
>> + --disable-regenerate-docu \
>> + --disable-isadir \
>> + --disable-nis \
>> + --enable-securedir=/lib/security \
>> + --disable-prelude \
>> + --disable-cracklib \
>> + --disable-lckpwdf \
>> + --enable-db=no \
> Why using --enable-db=no and not --disable-db, the target *_CONF_OPTS
> uses --disable-db
>
>> + --disable-selinux \
>> + --disable-audit \
>> +
> [...]
>
> [1] http://git.buildroot.net/buildroot/tree/package/linux-pam/linux-pam.mk#n15
>
> Regards,
>
> --
> Samuel
More information about the buildroot
mailing list