From: Anders Kaseorg Date: Thu, 13 Jun 2013 03:24:34 +0000 (-0400) Subject: Merge tag '2.1' into debian X-Git-Tag: debian/2.1-0debathena1~4 X-Git-Url: http://andersk.mit.edu/gitweb/nss_nonlocal.git/commitdiff_plain/27dad42dc185c20117c403f95cf3e288701c4132?hp=3efc20b85dd7b4f3a9032ecc6c2b81afb8a68d2d Merge tag '2.1' into debian nss_nonlocal 2.1 --- diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..c4ef464 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,177 @@ +libnss-nonlocal (2.0-0debathena2) unstable; urgency=low + + * Pre-Depend adduser. + * Don’t Build-Depend debhelper 9. + + -- Anders Kaseorg Thu, 16 Aug 2012 20:38:35 -0400 + +libnss-nonlocal (2.0-0debathena1) unstable; urgency=low + + * New upstream release. + - Fix errno saving and restoring. + - Document nss-nonlocal-users and nss-local-users groups in README. + - Allow local whitelisting of nonlocal user and group memberships, + using the magic local ‘nss-nonlocal-users’ user and group. + * Create magic ‘nss-nonlocal-users’ user. + * Remove obsolete exclusion of glibc-private dependency. + * Use automake 1.10 and autoconf 2.61. + * Add multiarch support for distros from the future. + * Disable dh_buildinfo, which currently fails at multiarch. + + -- Anders Kaseorg Wed, 30 Mar 2011 04:57:36 -0400 + +libnss-nonlocal (1.11-0debathena3) unstable; urgency=low + + * Remove the workaround for buggy CDBS $(CC) splitting (fixed upstream). + * Fix cross-compiling on karmic and lucid. + + -- Anders Kaseorg Wed, 23 Jun 2010 21:17:50 -0400 + +libnss-nonlocal (1.11-0debathena2) unstable; urgency=low + + * Install lib32nss-nonlocal to the right place on Ubuntu. + + -- Anders Kaseorg Wed, 23 Jun 2010 03:50:33 -0400 + +libnss-nonlocal (1.11-0debathena1) unstable; urgency=low + + * New upstream release. + - Check that a nonlocal lookup by id returns the right id. + - Update licensing to LGPLv2.1+. + - Change syslog priority when removing local groups from non-local + users + * Update build flags for biarch packages (fixes lib32nss-nonlocal path + on squeeze). + * Fix FTBFS on squeeze due to CDBS’s buggy splitting of multiword + $(CC) (Debian bug #576967). + * Disable CDBS cross-building logic, to fix a mysterious FTBFS where + configure --host fails to find nm. + * Bump Standards-Version to 3.8.4 (no changes required). + * Bump Debhelper compatibility level to 6. + * Set maintainer to me. + + -- Anders Kaseorg Mon, 03 May 2010 00:45:14 -0400 + +libnss-nonlocal (1.10-0debathena1) unstable; urgency=low + + * New upstream version. + - Disallow numeric nonlocal user/group names that look like local + uid/gids. + + -- Anders Kaseorg Fri, 23 Oct 2009 13:49:43 -0400 + +libnss-nonlocal (1.9-0debathena2) unstable; urgency=low + + * Also build a biarch lib32nss-nonlocal or lib64nss-nonlocal package. + + -- Anders Kaseorg Fri, 19 Jun 2009 23:54:38 -0400 + +libnss-nonlocal (1.9-0debathena1) unstable; urgency=low + + * New upstream version. + - Corrects an out-of-memory error in the presence of very large local + groups. + + -- Anders Kaseorg Sun, 24 May 2009 17:30:08 -0400 + +libnss-nonlocal (1.8-0debathena4) unstable; urgency=low + + * Only exclude glibc-private for new enough libc6, because old + dpkg-shlibdeps does not support -x. + + -- Anders Kaseorg Thu, 05 Feb 2009 01:59:08 -0500 + +libnss-nonlocal (1.8-0debathena3) unstable; urgency=low + + * Force exclusion of glibc-private dependency. This is necessary for + libnss-nonlocal to build and install with libc6 2.9 in Ubuntu Jaunty + and Debian experimental, which now generates an invalid dependency on + glibc-private for uses of private glibc symbols. + + -- Anders Kaseorg Sun, 01 Feb 2009 00:26:31 -0500 + +libnss-nonlocal (1.8-0debathena2) unstable; urgency=low + + * Change "Debian-Athena Project" to "Debathena Project". + * Remove debian/control from version control. + * Clean up debian/copyright. + + -- Tim Abbott Sat, 24 Jan 2009 18:03:22 -0500 + +libnss-nonlocal (1.8-0debathena1) unstable; urgency=low + + * Correct the buffer size passed to realloc. + + -- Anders Kaseorg Sat, 09 Aug 2008 22:41:57 -0400 + +libnss-nonlocal (1.7-0debathena1) unstable; urgency=low + + * Replace the magic buflen hack with explicit iteration over the nss + chain, so that getpwent/getgrent works with nscd enabled. + * Fix some memory leaks. + * Autotoolfiscate. + * Code cleanup. + + -- Anders Kaseorg Tue, 29 Jul 2008 06:57:53 -0400 + +libnss-nonlocal (1.6-0debathena1) unstable; urgency=low + + * Use a version script to hide internal symbols. + + -- Anders Kaseorg Sat, 15 Mar 2008 06:42:02 -0400 + +libnss-nonlocal (1.5-0debathena1) unstable; urgency=low + + * Add support for NSS_NONLOCAL_IGNORE environment variable, which + causes nss_nonlocal to pretend there are no nonlocal users. This + allows us to support letting adduser add users and groups with the + same name as a nonlocal user/group. + + -- Tim Abbott Mon, 25 Feb 2008 19:12:30 -0500 + +libnss-nonlocal (1.4-0debathena1) unstable; urgency=low + + * Bug fixes and cleanups. + + -- Anders Kaseorg Fri, 15 Feb 2008 21:39:50 -0500 + +libnss-nonlocal (1.3-0debathena2) unstable; urgency=low + + * Set maintainer to debathena@mit.edu. + + -- Tim Abbott Tue, 29 Jan 2008 22:18:25 -0500 + +libnss-nonlocal (1.3-0debathena1) unstable; urgency=low + + * Have initgroups() only add nonlocal groups to nonlocal users. + * If a group called nss-local-users exists, add local users to it. + * If a group called nss-nonlocal-users exists, add nonlocal users to it. + * Create nss-local-users and nss-nonlocal-users at installation. + + -- Tim Abbott Tue, 29 Jan 2008 22:11:37 -0500 + +libnss-nonlocal (1.2) unstable; urgency=low + + * Use a magic buflen instead of thread-local variables, to avoid + strange problems on sarge. + * Don't link with pthread. + + -- Anders Kaseorg Tue, 07 Aug 2007 22:00:28 -0400 + +libnss-nonlocal (1.1) unstable; urgency=low + + * Link with pthread to be safe. + + -- Anders Kaseorg Fri, 03 Aug 2007 21:24:17 -0400 + +libnss-nonlocal (1.0-0debathena2) unstable; urgency=low + + * Section: debathena/libs. + + -- Anders Kaseorg Mon, 23 Jul 2007 14:14:46 -0400 + +libnss-nonlocal (1.0-0debathena1) unstable; urgency=low + + * Initial release. + + -- Anders Kaseorg Thu, 19 Jul 2007 21:07:50 -0400 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..1e8b314 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +6 diff --git a/debian/control.in b/debian/control.in new file mode 100644 index 0000000..ac7feb9 --- /dev/null +++ b/debian/control.in @@ -0,0 +1,41 @@ +Source: libnss-nonlocal +Section: debathena/libs +Priority: optional +Maintainer: Anders Kaseorg +Vcs-Git: git://andersk.mit.edu/nss_nonlocal.git +Vcs-Browser: http://andersk.mit.edu/gitweb/nss_nonlocal.git +Standards-Version: 3.8.4 +Build-Depends: @cdbs@, gcc-multilib [amd64 i386] | gcc-4.1 (<< 4.1.2) [amd64 i386], libc6-dev-i386 [amd64], libc6-dev-amd64 [i386], lsb-release + +Package: libnss-nonlocal +Architecture: any +Pre-Depends: ${misc:Pre-Depends}, adduser +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: nsswitch proxy module to prevent local account spoofing + This nsswitch module acts as a proxy for other nsswitch modules like + hesiod, but prevents non-local users from potentially gaining local + privileges by spoofing local UIDs and GIDs. + +Package: lib32nss-nonlocal +Architecture: amd64 +Pre-Depends: ${misc:Pre-Depends}, adduser +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: nsswitch proxy module to prevent local account spoofing (32-bit library) + This nsswitch module acts as a proxy for other nsswitch modules like + hesiod, but prevents non-local users from potentially gaining local + privileges by spoofing local UIDs and GIDs. + . + This package contains a 32-bit version of the library for compatibility + on 64-bit architectures. + +Package: lib64nss-nonlocal +Architecture: i386 +Pre-Depends: ${misc:Pre-Depends}, adduser +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: nsswitch proxy module to prevent local account spoofing (64-bit library) + This nsswitch module acts as a proxy for other nsswitch modules like + hesiod, but prevents non-local users from potentially gaining local + privileges by spoofing local UIDs and GIDs. + . + This package contains a 64-bit version of the library for compatibility + on 32-bit architectures. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..1f85f2e --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ +This package was created as part of the Debathena Project + of the MIT Student Information Processing +Board. + +The source code was obtained from the Git repository at +, and is licensed as follows: + + Copyright © 2007–2010 Anders Kaseorg and Tim + Abbott + + nss_nonlocal is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + nss_nonlocal is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with nss_nonlocal; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA + +On Debian systems, the complete text of the GNU Lesser General Public +License can be found in /usr/share/common-licenses/LGPL-2.1 . + +The Debian packaging is Copyright © 2007–2010 Tim Abbott and Anders +Kaseorg, and has the same license as the original software. diff --git a/debian/lib64nss-nonlocal.install b/debian/lib64nss-nonlocal.install new file mode 100644 index 0000000..9017449 --- /dev/null +++ b/debian/lib64nss-nonlocal.install @@ -0,0 +1 @@ +lib64/* diff --git a/debian/libnss-nonlocal.install b/debian/libnss-nonlocal.install new file mode 100644 index 0000000..cdecab1 --- /dev/null +++ b/debian/libnss-nonlocal.install @@ -0,0 +1 @@ +lib/* diff --git a/debian/libnss-nonlocal.postrm b/debian/libnss-nonlocal.postrm new file mode 100644 index 0000000..88c224f --- /dev/null +++ b/debian/libnss-nonlocal.postrm @@ -0,0 +1,51 @@ +#!/bin/sh +# postrm script for libnss-nonlocal +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + if getent passwd nss-nonlocal-users >/dev/null; then + deluser --system nss-nonlocal-users || : + fi + if getent group nss-local-users >/dev/null; then + delgroup --system nss-local-users || : + fi + if getent group nss-nonlocal-users >/dev/null; then + delgroup --system nss-nonlocal-users || : + fi + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/libnss-nonlocal.preinst b/debian/libnss-nonlocal.preinst new file mode 100644 index 0000000..d1815fa --- /dev/null +++ b/debian/libnss-nonlocal.preinst @@ -0,0 +1,50 @@ +#!/bin/sh +# preinst script for libnss-nonlocal +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + if ! getent passwd nss-nonlocal-users >/dev/null; then + adduser --system --no-create-home --home /nonexistent \ + --gecos 'Magic user for local group whitelist' \ + nss-nonlocal-users + fi + if ! getent group nss-local-users >/dev/null; then + addgroup --system nss-local-users + fi + if ! getent group nss-nonlocal-users >/dev/null; then + addgroup --system nss-nonlocal-users + fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + + + diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..9664c6b --- /dev/null +++ b/debian/rules @@ -0,0 +1,90 @@ +#!/usr/bin/make -f + +DEB_AUTO_UPDATE_AUTOCONF = 2.61 +DEB_AUTO_UPDATE_AUTOHEADER = 2.61 +DEB_AUTO_UPDATE_AUTOMAKE = 1.10 +DEB_AUTO_UPDATE_ACLOCAL = 1.10 +DEB_AUTO_UPDATE_LIBTOOL = pre + +# dh_buildinfo fails at multiarch: http://bugs.debian.org/620104 +CDBS_BUILD_DEPENDS_rules_debhelper_buildinfo = + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk + +DEB_DESTDIR = $(CURDIR)/debian/tmp/ +DEB_DH_INSTALL_SOURCEDIR = $(DEB_DESTDIR) +DEB_CONFIGURE_PREFIX = / + +ifneq ($(DEB_HOST_MULTIARCH),) + CDBS_BUILD_DEPENDS := $(CDBS_BUILD_DEPENDS) + export DH_COMPAT = 9 + DEB_CONFIGURE_EXTRA_FLAGS += $(MULTIARCH_CONFIGURE_FLAGS) + MULTIARCH_CONFIGURE_FLAGS = --libdir='$${prefix}/lib/$(DEB_HOST_MULTIARCH)' + DEB_DH_GENCONTROL_ARGS_libnss-nonlocal += -- -DMulti-Arch=same +endif + +IS_UBUNTU := $(if $(filter Ubuntu,$(shell lsb_release -is)),y) +LIBC6_VERSION := $(shell dpkg-query --showformat='$${Version}' --show libc6) +libc6_ge = $(shell dpkg --compare-versions '$(LIBC6_VERSION)' ge '$(1)' && echo y) + +debian/stamp-autotools-files: DEB_AUTO_UPDATE_AUTOMAKE += --foreign --add-missing + +debian/stamp-autotools-files: aclocal.m4 +aclocal.m4: + touch $@ + +DEB_BUILDDIR = $(or $(DEB_BUILDDIR_$(cdbs_curpkg)),debian/build) + +REAL_DEB_HOST_GNU_TYPE := $(DEB_HOST_GNU_TYPE) + +DEB_BUILDDIR_lib32nss-nonlocal = debian/build_32 +cleanbuilddir/lib32nss-nonlocal:: clean/lib32nss-nonlocal +configure/lib32nss-nonlocal:: MULTIARCH_CONFIGURE_FLAGS = +configure/lib32nss-nonlocal:: cdbs_crossbuild = +# i386_configure_target in eglibc/debian/sysdeps/amd64.mk +ifeq ($(or $(IS_UBUNTU),$(call libc6_ge,2.8+20080809)),y) +configure/lib32nss-nonlocal:: DEB_BUILD_GNU_TYPE = i686-linux +else +configure/lib32nss-nonlocal:: DEB_BUILD_GNU_TYPE = i486-linux +endif +# i386_CC in eglibc/debian/sysdeps/amd64.mk +configure/lib32nss-nonlocal:: CC += -m32 +# i386_slibdir in eglibc/debian/sysdeps/amd64.mk +ifeq ($(or $(IS_UBUNTU),$(call libc6_ge,2.9-14~)),y) +configure/lib32nss-nonlocal:: DEB_CONFIGURE_EXTRA_FLAGS += --libdir="\$${prefix}/lib32" +binary-install/lib32nss-nonlocal:: DEB_DH_INSTALL_ARGS = 'lib32/*' +else +configure/lib32nss-nonlocal:: DEB_CONFIGURE_PREFIX = /emul/ia32-linux +binary-install/lib32nss-nonlocal:: DEB_DH_INSTALL_ARGS = 'emul/ia32-linux/lib/*' +endif + +DEB_BUILDDIR_lib64nss-nonlocal = debian/build_64 +cleanbuilddir/lib64nss-nonlocal:: clean/lib64nss-nonlocal +configure/lib64nss-nonlocal:: MULTIARCH_CONFIGURE_FLAGS = +configure/lib64nss-nonlocal:: cdbs_crossbuild = +# amd64_configure_target in eglibc/debian/sysdeps/i386.mk +configure/lib64nss-nonlocal:: DEB_BUILD_GNU_TYPE = x86_64-linux +# amd64_CC in eglibc/debian/sysdeps/i386.mk +configure/lib64nss-nonlocal:: CC += -m64 -D__x86_64__ +# amd64_slibdir in eglibc/debian/sysdeps/i386.mk +configure/lib64nss-nonlocal:: DEB_CONFIGURE_EXTRA_FLAGS += --libdir="\$${prefix}/lib64" + +# Fix for CDBS ≥ 0.4.59ubuntu4, < 0.4.83ubuntu1 (karmic and lucid). +configure/lib32nss-nonlocal configure/lib64nss-nonlocal:: DEB_CONFIGURE_SCRIPT_ENV += CC="$(CC)" + +configure/lib32nss-nonlocal configure/lib64nss-nonlocal:: + $(DEB_CONFIGURE_INVOKE) $(cdbs_configure_flags) $(DEB_CONFIGURE_EXTRA_FLAGS) $(DEB_CONFIGURE_USER_FLAGS) + +build/lib32nss-nonlocal build/lib64nss-nonlocal:: + +$(DEB_MAKE_INVOKE) $(DEB_MAKE_BUILD_TARGET) + +install/lib32nss-nonlocal install/lib64nss-nonlocal:: + +$(DEB_MAKE_INVOKE) $(DEB_MAKE_INSTALL_TARGET) + +clean/lib32nss-nonlocal clean/lib64nss-nonlocal:: + +-$(DEB_MAKE_INVOKE) -k $(DEB_MAKE_CLEAN_TARGET) + +clean:: + rm -f aclocal.m4 config.guess config.sub install-sh ltmain.sh \ + configure config.h.in missing depcomp Makefile.in