I'd like to add <http://code.google.com/p/hardened-shadow/> to the tree. It is an alternative implementation of shadow utilities (passwd, su, login, etc) based on ideas from Openwall's tcb.
Earlier I tried upstreaming the Openwall's shadow patches, and you can see a log of those efforts at <http://comments.gmane.org/gmane.linux.debian.alioth.pkg-shadow/881> In the end shadow-4.1.5 has some experimental support for tcb, but 1) It's incomplete (I didn't manage to upstream all Openwall's patches). 2) It's ugly (even more "special cases" in the already #ifdef-heavy codebase). 3) It requires sys-auth/tcb, which doesn't work with vanilla glibc (I'm maintaining tcb in Gentoo and have special patch for that, reviewed by upstream), and is broken with recent glibc (<https://bugs.gentoo.org/show_bug.cgi?id=371167>). And now we have <http://code.google.com/p/hardened-shadow/> which is a small alternative implementation, possibly going even further (the file system layout is a bit different than with tcb). I'd like to add virtual/shadow-0, with the following dependencies: DEPEND="" RDEPEND="|| ( >=sys-apps/shadow-4.1 sys-apps/hardened-shadow )" hardened-shadow package is not yet in the tree, I'm going to be its maintainer (base-system or anyone else is welcome to join), and the ebuild is going to be very simple. And then convert profiles to the new virtual (the relevant files; below are all occurrences of sys-apps/shadow): $ grep 'sys-apps/shadow' -r /usr/portage/profiles/ /usr/portage/profiles/ChangeLog-2011: Added sys-apps/shadow to packages.build as we need it on stage1. /usr/portage/profiles/prefix/packages:-*>=sys-apps/shadow-4.1 /usr/portage/profiles/prefix/package.provided:sys-apps/shadow-0 /usr/portage/profiles/base/packages:*>=sys-apps/shadow-4.1 /usr/portage/profiles/uclibc/packages.build:sys-apps/shadow /usr/portage/profiles/default/bsd/ChangeLog: Add -*>=sys-apps/shadow-4.1 /usr/portage/profiles/default/bsd/package.mask:sys-apps/shadow /usr/portage/profiles/default/bsd/packages:-*>=sys-apps/shadow-4.1 /usr/portage/profiles/default/linux/packages.build:sys-apps/shadow /usr/portage/profiles/use.local.desc:sys-apps/shadow:audit - Enable support for sys-process/audit /usr/portage/profiles/use.local.desc:sys-apps/shadow:tcb - Enable support for sys-auth/tcb And any reverse dependencies (after testing): <http://tinderbox.dev.gentoo.org/misc/dindex/sys-apps/shadow> What do you think?
signature.asc
Description: OpenPGP digital signature
