--- fgetty-0.6.orig/debian/diff/cvs-20041118.diff +++ fgetty-0.6/debian/diff/cvs-20041118.diff @@ -0,0 +1,534 @@ +diff -urNxCVS -xdebian ../../fgetty/CHANGES ./CHANGES +--- ../../fgetty/CHANGES 2004-02-16 10:07:34.000000000 +0000 ++++ ./CHANGES 2004-11-17 13:33:22.000000000 +0000 +@@ -1,8 +1,22 @@ ++0.7: ++ You can now run fgetty as "fgetty 1" and it will try "/dev/vc/1" and ++ "/dev/tty1" before giving up. That means, the same fgetty line can ++ be run with and without devfs. Your boot sequence may fail but at ++ least you get a getty! ++ call setsid in case your init does not do it. Minit and sysvinit do. ++ Now you can run fgetty under runit, and maybe even directly from ++ the console. Patch by John Palkovic. ++ checkpassword now gives an error message if stdout is a TTY. ++ fgetty now works (a little) if it can't set the controlling TTY. ++ checkpassword now also accepts an empty password if the password ++ field in /etc/passwd or /etc/shadow is empty. ++ fix bug if someone left descriptors open in login.c (Florian Westphal) ++ + 0.6: + the utmp code was broken. It only looked for the PID, not for the + "line" (device). So utmp grew needlessly. + fixed make install +- add man page from Tino Reichard ++ add man page from Tino Reichardt + Enrico Scholz sent a patch that adds --long-hostname and adds error + checking for gethostname when it is not \0-terminated. + +diff -urNxCVS -xdebian ../../fgetty/Makefile ./Makefile +--- ../../fgetty/Makefile 2004-10-06 11:50:44.000000000 +0000 ++++ ./Makefile 2003-12-05 16:47:51.000000000 +0000 +@@ -13,22 +13,24 @@ + # gcc -march=i386 -mcpu=i386 -pipe -Os -fomit-frame-pointer -I../dietlibc/include -c $^ -DTEST + $(DIET) $(CROSS)gcc -pipe -Os -fomit-frame-pointer -I../dietlibc/include -c $^ -DTEST + # gcc -march=i386 -mcpu=i386 -pipe -g -I../dietlibc/include -DTEST -c $^ +- strip -x -R .comment -R .note $@ ++ $(CROSS)strip -x -R .comment -R .note $@ + + %: %.o +- $(DIET) $(CROSS)gcc -nostdlib -o $@ $^ $(LDFLAGS) ++ $(DIET) $(CROSS)gcc -o $@ $^ $(LDFLAGS) + + fgetty: fgetty.o fmt_ulong.o + + login: login.o + login2: login2.o + checkpassword: checkpassword.o ++checkpassword-pam: checkpassword-pam.o checkpassword-pam2.o ++ $(CROSS)gcc -o $@ $^ -lmisc $(LDFLAGS) + + debug: fgetty.c fmt_ulong.o + gcc -g -o debug fgetty.c fmt_ulong.o -DDEBUG + + install: +- install -d $(DESTDIR)/bin $(DESTDIR)/sbin ++ install -d $(DESTDIR)/bin $(DESTDIR)/sbin $(DESTDIR)/usr/man/man8 + install login $(DESTDIR)/bin/login1 + install login2 $(DESTDIR)/bin + install fgetty $(DESTDIR)/sbin +@@ -46,7 +48,7 @@ + %.sig: % + gpg --detach-sign $< + +-VERSION=fgetty-$(shell head -1 CHANGES|sed 's/://') ++VERSION=fgetty-$(shell head -n 1 CHANGES|sed 's/://') + CURNAME=$(notdir $(shell pwd)) + + tar: clean rename +diff -urNxCVS -xdebian ../../fgetty/README.PAM ./README.PAM +--- ../../fgetty/README.PAM 1970-01-01 00:00:00.000000000 +0000 ++++ ./README.PAM 2006-11-13 14:31:37.000000000 +0000 +@@ -0,0 +1,28 @@ ++I received an email and a patch on Sep 15 2002. I incorporated the ++patch, here is the email. ++ ++ From: ++ To: ++ Subject: fgetty-0.6: a checkpassword with PAM support ++ ++ Hi Felix, ++ ++ I put together a checkpassword-pam program. I understand that ++ you don't like PAM, but nevertheless it could be useful to ++ someone else besides me. It is based on your checkpassword program ++ and the routines found in support-pam.c of the checkpassword-pam-0.95 ++ program. ++ ++ Feel free to edit/distribute/(or even ignore it) :-) ++ ++ Thanks for writing/sharing such great non-bloated tools. ++ ++ - J ++ ++To build it, say ++ ++ $ make checkpassword-pam ++ ++Please note that you can't link checkpassword-pam with the diet libc, ++and I could not test the patch because I don't have PAM installed on any ++box. +diff -urNxCVS -xdebian ../../fgetty/checkpassword-pam.c ./checkpassword-pam.c +--- ../../fgetty/checkpassword-pam.c 1970-01-01 00:00:00.000000000 +0000 ++++ ./checkpassword-pam.c 2006-11-13 14:31:37.000000000 +0000 +@@ -0,0 +1,74 @@ ++#include ++#include ++#include ++ ++extern char** environ; ++ ++unsigned int fmt_ulong(char *dest,unsigned long i) { ++ register unsigned long len,tmp,len2; ++ /* first count the number of bytes needed */ ++ for (len=1, tmp=i; tmp>9; ++len) tmp/=10; ++ if (dest) ++ for (tmp=i, dest+=len, len2=len+1; --len2; tmp/=10) ++ *--dest = (tmp%10)+'0'; ++ return len; ++} ++ ++int main(int argc,char* argv[]) { ++ char buf[513]; ++ char* last; ++ int len; ++ char *login,*ptr; ++ struct passwd *pw; ++ ++ if (!argv[1]) return 2; ++ for (len=0; len<512; ) { ++ int tmp; ++ tmp=read(3,buf+len,512-len); ++ if (tmp==-1) return 111; ++ if (tmp==0) break; ++ len+=tmp; ++ } ++ close(3); ++ buf[len]=0; last=buf+len; ++ login=buf; ++ if ((pw=getpwnam(login))) { ++ ptr=login+strlen(login)+1; ++ if (!authenticate_using_pam("login", login, ptr)) { ++ char **env,**ep, *eptty; ++ char buf[100]; ++ for (len=0; environ[len]; ++len) ; ++ env=alloca((len+4)*sizeof(char*)); ++ ep=env; ++ for (len=0; environ[len]; ++len) { ++ if (!strncmp(environ[len],"USER=",5)) continue; ++ if (!strncmp(environ[len],"HOME=",5)) continue; ++ if (!strncmp(environ[len],"SHELL=",6)) continue; ++ if (!strncmp(environ[len],"UID=",4)) continue; ++ *ep=environ[len]; ++ep; ++ } ++ *ep=alloca(strlen(pw->pw_shell)+7); strcat(strcpy(*ep,"SHELL="),pw->pw_shell); ++ep; ++ *ep=alloca(strlen(login)+6); strcat(strcpy(*ep,"USER="),login); ++ep; ++ *ep=alloca(strlen(pw->pw_dir)+7); strcat(strcpy(*ep,"HOME="),pw->pw_dir); ++ep; ++ strcpy(buf,"UID="); ++ buf[4+fmt_ulong(buf+4,pw->pw_uid)]=0; ++ *ep=buf; ++ep; ++ *ep=0; ++ ++ ptr+=strlen(ptr)+1; /* skip password */ ++ ++ if (initgroups(pw->pw_name,pw->pw_gid)==-1) return 1; ++/* if (setgroups(1,&pw->pw_gid)==-1) return 1; */ ++ if (setgid(pw->pw_gid)==-1) return 1; ++ if (ptr) { ++ ptr+=strlen(ptr)+1; /* skip timestamp */ ++ if (ptr>=last) ptr=0; ++ } ++ if (!ptr || strcmp(ptr,"nosetuid")) if (setuid(pw->pw_uid)==-1) return -1; ++ if (chdir(pw->pw_dir)==-1) return 111; ++ execve(argv[1],argv+1,env); ++ return 111; ++ } ++ } ++ return 1; ++} +diff -urNxCVS -xdebian ../../fgetty/checkpassword-pam2.c ./checkpassword-pam2.c +--- ../../fgetty/checkpassword-pam2.c 1970-01-01 00:00:00.000000000 +0000 ++++ ./checkpassword-pam2.c 2006-11-13 14:31:37.000000000 +0000 +@@ -0,0 +1,131 @@ ++/* ++ PAM support for a fgetty-style checkpasswd ++ ++ This file is a (slightly modified) concatenation of the files ++ pam-support.[ch] that come with Alexey Mahotkin's fine ++ "checkpassword-pam". Only the essential stuff has been kept, ie. ++ only what is needed to build a "checkpassword" compatible with the ++ one that is distributed with "fgetty". ++ ++ Thanks, Alexey! ++*/ ++/* ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License as ++ published by the Free Software Foundation; either version 2, or (at ++ your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ Copyright (c) Alexey Mahotkin 2002 ++ ++ PAM support for checkpassword-pam ++ ++*/ ++#include ++#include ++ ++static const char* global_password; ++ ++static int ++conversation (int num_msg, const struct pam_message **msgs, ++ struct pam_response **resp, void *appdata_ptr) ++{ ++ int i; ++ struct pam_response* responses; ++ (void) appdata_ptr; ++ ++ /* safety check */ ++ if (num_msg <= 0) { ++ return PAM_CONV_ERR; ++ } ++ ++ /* allocate array of responses */ ++ responses = calloc(num_msg, sizeof(struct pam_response)); ++ if (!responses) { ++ return PAM_CONV_ERR; ++ } ++ ++ for (i = 0; i < num_msg; i++) { ++ const struct pam_message *msg = msgs[i]; ++ struct pam_response* response = &(responses[i]); ++ char* style = NULL; ++ switch (msg->msg_style) { ++ case PAM_PROMPT_ECHO_OFF: style = "PAM_PROMPT_ECHO_OFF"; break; ++ case PAM_PROMPT_ECHO_ON: style = "PAM_PROMPT_ECHO_ON"; break; ++ case PAM_ERROR_MSG: style = "PAM_ERROR_MSG"; break; ++ case PAM_TEXT_INFO: style = "PAM_TEXT_INFO"; break; ++ } ++ ++ switch (msg->msg_style) { ++ case PAM_PROMPT_ECHO_OFF: ++ /* reply with password */ ++ response->resp = strdup(global_password); ++ if (!response->resp) ++ return PAM_CONV_ERR; ++ break; ++ ++ default: ++ return PAM_CONV_ERR; ++ } ++ response->resp_retcode = 0; ++ } ++ ++ *resp = responses; ++ ++ return PAM_SUCCESS; ++} ++ ++ ++ ++int ++authenticate_using_pam (const char* service_name, ++ const char* username, ++ const char* password) ++{ ++ struct pam_conv pam_conversation = { conversation, NULL }; ++ pam_handle_t* pamh; ++ int retval; ++ ++ /* to be used later from conversation() */ ++ global_password = password; ++ ++ /* initialize the PAM library */ ++ retval = pam_start(service_name, username, &pam_conversation, &pamh); ++ if (retval != PAM_SUCCESS) { ++ return 111; ++ } ++ ++ /* PAM_TTY is needed by the securetty module */ ++ retval = pam_set_item(pamh, PAM_TTY, (void *)getenv("TTY")); ++ if (retval != PAM_SUCCESS) { ++ return 1; ++ } ++ ++ /* Authenticate the user */ ++ retval = pam_authenticate(pamh, 0); ++ if (retval != PAM_SUCCESS) { ++ return 1; ++ } ++ ++ retval = pam_acct_mgmt(pamh, 0); ++ if (retval != PAM_SUCCESS) { ++ return 1; ++ } ++ ++ retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); ++ if (retval != PAM_SUCCESS) { ++ return 1; ++ } ++ ++ /* terminate the PAM library */ ++ retval = pam_end(pamh, retval); ++ if (retval != PAM_SUCCESS) { ++ return 1; ++ } ++ ++ return 0; ++} +diff -urNxCVS -xdebian ../../fgetty/checkpassword.c ./checkpassword.c +--- ../../fgetty/checkpassword.c 2004-10-06 11:50:44.000000000 +0000 ++++ ./checkpassword.c 2004-03-26 13:40:49.000000000 +0000 +@@ -2,6 +2,14 @@ + #include + #include + #include ++#include ++#ifdef __dietlibc__ ++#include ++#else ++inline void __write2(const char* message) { ++ write(2,message,strlen(message)); ++} ++#endif + + extern char** environ; + +@@ -38,7 +46,8 @@ + passwd=pw->pw_passwd; + if ((spw=getspnam(login))) + passwd=spw->sp_pwdp; +- if (*passwd && !strcmp(crypt(ptr=login+strlen(login)+1,passwd),passwd)) { ++ ptr=login+strlen(login)+1; ++ if (!*passwd || !strcmp(crypt(ptr,passwd),passwd)) { + char **env,**ep; + char buf[100]; + for (len=0; environ[len]; ++len) ; +@@ -74,5 +83,9 @@ + return 111; + } + } ++ if (isatty(0) && isatty(1)) { ++ __write2("checkpassword: wrong password.\n"); ++ sleep(5); ++ } + return 1; + } +diff -urNxCVS -xdebian ../../fgetty/fgetty.c ./fgetty.c +--- ../../fgetty/fgetty.c 2006-11-13 14:31:07.000000000 +0000 ++++ ./fgetty.c 2005-10-04 11:45:26.000000000 +0000 +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + + #include "fmt.h" + +@@ -21,8 +22,12 @@ + + static int noclear=0; + +-void error(char *message,int exitcode) { ++void whine(const char* message) { + write(2,message,strlen(message)); ++} ++ ++void error(char *message,int exitcode) { ++ whine(message); + exit(exitcode); + } + +@@ -77,22 +82,26 @@ + struct sigaction sa; + int fd; + if (chown(tty,0,0) || chmod(tty,0600)) +- error("could not chown/chmod tty device\n",1); ++ error("fgetty: could not chown/chmod tty device\n",1); + sa.sa_handler=SIG_IGN; + sa.sa_flags=0; + sigemptyset(&sa.sa_mask); + sigaction(SIGHUP,&sa,NULL); + sa.sa_handler=sigquit_handler; + sigaction(SIGQUIT,&sa,NULL); +- if ((fd=open(tty, O_RDWR, 0))<0 || ioctl (fd, TIOCSCTTY, (void *)1)==-1) +- error("could not open tty device\n",3); ++ setsid(); ++ if ((fd=open(tty, O_RDWR, 0))<0) ++ error("fgetty: could not open tty device\n",3); + if (!isatty(fd)) +- error("\"not a typewriter\" ;-)\n",4); +- if (vhangup()) /* linux specific */ +- error("vhangup failed\n",5); ++ error("fgetty: \"not a typewriter\" ;-)\n",4); ++ if (ioctl (fd, TIOCSCTTY, (void *)1)==0) { ++ if (vhangup()) /* linux specific */ ++ error("fgetty: vhangup failed\n",5); ++ } else ++ whine("fgetty: warning: could not set controlling tty!\n"); + close(2); close(1); close(0); close(fd); + if (open(tty,O_RDWR,0) != 0) +- error("could not open tty\n",6); ++ error("fgetty: could not open tty\n",6); + if (dup(0) != 1 || dup(0) != 2) + error("could not dup stdout and stderr\n",7); + if (!noclear) +@@ -211,7 +220,7 @@ + write(1," login: ",8); + } + +-static inline int isprint(char c) { ++static inline int _isprint(char c) { + return ((c>='A' && c<='Z') || + (c>='a' && c<='z') || + (c>='0' && c<='9') || +@@ -233,7 +242,7 @@ + if (*c == '\n' || *c == '\r') { + *c=0; + break; +- } else if (!isprint(*c)) ++ } else if (!_isprint(*c)) + error("unprintable character in login name\n",10); + else if (c-logname >= sizeof(logname)-1) + error("login name too long\n",11); +@@ -260,9 +269,20 @@ + int i; + char hostname_end='.'; + tty=argv[1]; ++ if (!tty) ++ error("usage: fgetty 1\n" ++ " fgetty vc/1\n" ++ " fgetty /dev/tty1\n",111); + if (tty[0]=='/') + strncpy(ttybuf,tty,15); +- else ++ else if (isdigit(tty[0])) { ++ struct stat ss; ++ /* try prepending /dev/vc/1 and /dev/tty1 */ ++ strcpy(ttybuf,"/dev/vc/"); strncpy(ttybuf+8,tty,3); ++ if (stat(ttybuf,&ss) && errno==ENOENT) { ++ ttybuf[5]=ttybuf[6]='t'; ttybuf[7]='y'; ++ } ++ } else + strncpy(ttybuf+5,tty,10); + tty=ttybuf; + strcpy(ttybuf2+4,ttybuf); +diff -urNxCVS -xdebian ../../fgetty/login.c ./login.c +--- ../../fgetty/login.c 2004-09-09 10:09:41.000000000 +0000 ++++ ./login.c 2004-11-17 13:33:23.000000000 +0000 +@@ -35,10 +35,10 @@ + #include + #include + #include ++#include + + void die(const char *message) { +- write(2,message,strlen(message)); +- write(2,"\n",1); ++ __write2(message); __write2("\n"); + exit(1); + } + +@@ -82,7 +82,7 @@ + write(0,host,len+1); + host[len]=0; + } +- write(0,"login: ",7); ++ __write1("login: "); + pwlen=read(0,__username,9); + if (pwlen<0) die("read failed"); + __username[pwlen-1]=0; /* skip newline */ +@@ -92,14 +92,14 @@ + buf=alloca(strlen(username)+20); + strcpy(buf,username); + strcat(buf,"'s password: "); +- write(1,buf,strlen(buf)); ++ __write1(buf); + } + echo_off(); + pwlen=read(0,password,99); + if (pwlen<0) die("read failed"); + password[pwlen-1]=0; + echo_on(); +- write(1,"\n",1); ++ __write1("\n"); + + if (pipe(filedes)) + die("pipe failed"); +@@ -132,10 +132,14 @@ + default: + close(4); + utmpfd=open(_PATH_UTMP,O_RDWR); ++ if (utmpfd==-1) utmpfd=open("/dev/null",O_RDWR); ++ if (utmpfd>0 && utmpfd!=4) { dup2(utmpfd,4); close(utmpfd); utmpfd=4; }; + wtmpfd=open(_PATH_WTMP,O_APPEND|O_WRONLY); ++ if (wtmpfd==-1) wtmpfd=open("/dev/null",O_WRONLY); ++ if (wtmpfd>0 && wtmpfd!=5) { dup2(wtmpfd,5); close(wtmpfd); wtmpfd=5; }; + if (utmpfd!=4 || wtmpfd!=5) { + close(utmpfd); close(wtmpfd); +- write(2,"utmpfd!=4 || wtmpfd!=5\n",24); ++ __write2("utmpfd!=4 || wtmpfd!=5\n"); + } + execve(CHECKPASSWORD,Argv,environ); + if (errno==ENOENT) +diff -urNxCVS -xdebian ../../fgetty/login2.c ./login2.c +--- ../../fgetty/login2.c 2004-02-16 10:07:34.000000000 +0000 ++++ ./login2.c 2002-06-20 21:34:59.000000000 +0000 +@@ -15,12 +15,12 @@ + #include + #include + #include ++#include + + #include + + void die(const char *message) { +- write(2,message,strlen(message)); +- write(2,"\n",1); ++ __write2(message); __write2("\n"); + exit(1); + } + +@@ -74,7 +74,7 @@ + /* if it fails, too bad. checkpassword should already have made + * sure no additional groups are there */ + setuid(u); +- if (u && getuid()!=u) return 2; ++ if (u && getuid()!=u) { die("getuid() != u!\n"); return 2; } + } else return 2; + } + close(11); --- fgetty-0.6.orig/debian/diff/fgetty-login.diff +++ fgetty-0.6/debian/diff/fgetty-login.diff @@ -0,0 +1,32 @@ +Index: fgetty.c +=================================================================== +RCS file: /var/lib/cvs/fgetty/fgetty.c,v +retrieving revision 1.1.1.1 +diff -u -r1.1.1.1 fgetty.c +--- fgetty.c 16 Feb 2004 10:07:55 -0000 1.1.1.1 ++++ fgetty.c 16 Feb 2004 10:28:26 -0000 +@@ -311,7 +311,7 @@ + loginargv[2]=logname; + echo_off(); + #ifdef TEST +- execve("/bin/login1", loginargv, environ); ++ execve("/bin/fgetty-login", loginargv, environ); + #else + execve("/bin/login", loginargv, environ); + #endif +Index: login.c +=================================================================== +RCS file: /var/lib/cvs/fgetty/login.c,v +retrieving revision 1.1.1.1 +diff -u -r1.1.1.1 login.c +--- login.c 16 Feb 2004 10:07:56 -0000 1.1.1.1 ++++ login.c 16 Feb 2004 10:28:26 -0000 +@@ -25,7 +25,7 @@ + + #define CHECKPASSWORD "/bin/checkpassword.login" + #define FALLBACKCHECKPASSWORD "/bin/checkpassword" +-#define LOGIN2 "/bin/login2" ++#define LOGIN2 "/bin/fgetty-login2" + + #include + #include --- fgetty-0.6.orig/debian/diff/nostrip.diff +++ fgetty-0.6/debian/diff/nostrip.diff @@ -0,0 +1,16 @@ +Index: Makefile +=================================================================== +RCS file: /cvs/fgetty/Makefile,v +retrieving revision 1.11 +diff -u -r1.11 Makefile +--- Makefile 5 Dec 2003 16:47:51 -0000 1.11 ++++ Makefile 13 Nov 2006 14:33:12 -0000 +@@ -13,7 +13,7 @@ + # gcc -march=i386 -mcpu=i386 -pipe -Os -fomit-frame-pointer -I../dietlibc/include -c $^ -DTEST + $(DIET) $(CROSS)gcc -pipe -Os -fomit-frame-pointer -I../dietlibc/include -c $^ -DTEST + # gcc -march=i386 -mcpu=i386 -pipe -g -I../dietlibc/include -DTEST -c $^ +- $(CROSS)strip -x -R .comment -R .note $@ ++# $(CROSS)strip -x -R .comment -R .note $@ + + %: %.o + $(DIET) $(CROSS)gcc -o $@ $^ $(LDFLAGS) --- fgetty-0.6.orig/debian/diff/ro-dev.diff +++ fgetty-0.6/debian/diff/ro-dev.diff @@ -0,0 +1,22 @@ +Index: fgetty.c +=================================================================== +RCS file: /cvs/fgetty/fgetty.c,v +retrieving revision 1.9 +diff -u -r1.9 fgetty.c +--- fgetty.c 4 Oct 2005 11:45:26 -0000 1.9 ++++ fgetty.c 13 Nov 2006 20:35:21 -0000 +@@ -81,8 +81,12 @@ + void open_tty() { + struct sigaction sa; + int fd; +- if (chown(tty,0,0) || chmod(tty,0600)) +- error("fgetty: could not chown/chmod tty device\n",1); ++ if (chown(tty,0,0) || chmod(tty,0600)) { ++ if (errno==EROFS) ++ whine("fgetty: warning: could not chown/chmod tty device: readonly filesystem"); ++ else ++ error("fgetty: could not chown/chmod tty device\n",1); ++ } + sa.sa_handler=SIG_IGN; + sa.sa_flags=0; + sigemptyset(&sa.sa_mask); --- fgetty-0.6.orig/debian/control +++ fgetty-0.6/debian/control @@ -0,0 +1,17 @@ +Source: fgetty +Section: admin +Priority: optional +Maintainer: Gerrit Pape +Build-Depends: dietlibc-dev (>> 0.28-0) +Standards-Version: 3.6.1.0 + +Package: fgetty +Architecture: any +Description: very small, efficient, console-only getty and login + fgetty is a small, efficient, console-only getty for Linux. It is derived + from mingetty but hacked until it would link against diet libc to produce + the smallest memory footprint possible for a simple yet complete getty. + . + fgetty includes a login program that supports the checkpassword + authentication interface, and also a checkpassword program that uses the + standard C library interface to passwd and shadow. --- fgetty-0.6.orig/debian/rules +++ fgetty-0.6/debian/rules @@ -0,0 +1,64 @@ +#!/usr/bin/make -f + +STRIP =strip + +ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + STRIP =: nostrip +endif + +DIR =$(shell pwd)/debian/fgetty + +patch: deb-checkdir patch-stamp +patch-stamp: + for i in `ls -1 debian/diff/*.diff || :`; do \ + patch -p0 <$$i || exit 1; \ + done + touch patch-stamp + +build: deb-checkdir build-stamp +build-stamp: patch-stamp + $(MAKE) LDFLAGS= DIET='diet -v -Os' + touch build-stamp + +clean: deb-checkdir deb-checkuid + $(MAKE) clean + test ! -e patch-stamp || \ + for i in `ls -1r debian/diff/*.diff || :`; do \ + patch -p0 -R <$$i; \ + done + rm -f build-stamp patch-stamp + rm -rf '$(DIR)' '$(DIR)'-run + rm -f debian/files changelog + +install: deb-checkdir deb-checkuid build-stamp + rm -rf '$(DIR)' + install -d -m0755 '$(DIR)'/sbin + install -d -m0755 '$(DIR)'/bin + install -m0755 login '$(DIR)'/bin/fgetty-login + install -m0755 login2 '$(DIR)'/bin/fgetty-login2 + install -m0755 checkpassword '$(DIR)'/bin/ + install -m0755 fgetty '$(DIR)'/sbin/ + $(STRIP) -R .comment -R .note '$(DIR)'/sbin/* '$(DIR)'/bin/* + # man pages + install -d -m0755 '$(DIR)'/usr/share/man/man8 + install -m0644 fgetty.8 debian/checkpassword.8 \ + '$(DIR)'/usr/share/man/man8/ + gzip -9 '$(DIR)'/usr/share/man/man8/*.8 + # lintian overrides + install -m0755 -d '$(DIR)'/usr/share/lintian/overrides + install -m0644 debian/fgetty.lintian \ + '$(DIR)'/usr/share/lintian/overrides/fgetty + # changelog + rm -f changelog && ln -s CHANGES changelog + +binary-indep: + +binary-arch: install fgetty.deb + dpkg-gencontrol -isp -pfgetty -P'$(DIR)' + dpkg -b '$(DIR)' .. + +binary: binary-indep binary-arch + +.PHONY: patch build clean install binary-indep binary-arch binary + +include debian/implicit --- fgetty-0.6.orig/debian/interface.html +++ fgetty-0.6/debian/interface.html @@ -0,0 +1,82 @@ + + +D. J. Bernstein +
Internet mail +
checkpassword +

The checkpassword interface

+
+     checkpassword prog
+
+checkpassword +reads descriptor 3 through end of file +and then closes descriptor 3. +There must be at most 512 bytes of data before end of file. +

+The information supplied on descriptor 3 +is a login name terminated by \0, +a password terminated by \0, +a timestamp terminated by \0, +and possibly more data. +There are no other restrictions +on the form of the login name, password, and timestamp. +

+If the password is unacceptable, +checkpassword exits 1. +If checkpassword is misused, it may instead exit 2. +If there is a temporary problem checking the password, +checkpassword exits 111. +

+If the password is acceptable, +checkpassword runs prog. +prog consists of one or more arguments. +

Compatible tools

+There are other tools that offer the same interface as checkpassword. +Applications that use checkpassword +are encouraged to take the checkpassword name +as an argument, +so that they can be used with different tools. +

+Note that these tools do not follow the getopt interface. +Optional features are controlled through +(1) the tool name and (2) environment variables. +

The password database

+checkpassword checks the login name and password +against /etc/passwd, +using the operating system's getpwnam and crypt functions, +supplemented by getuserpw and getspnam if necessary. +It rejects accounts with empty passwords. +It ignores the timestamp. +

+Other checkpassword-compatible tools +have different interpretations of login names, passwords, and timestamps. +Both the login name and the password +should be treated as secrets by the application calling checkpassword; +the only distinction is for administrative convenience. +The timestamp should include +any other information that the password is based on; +for example, the challenge in a challenge-response system such as APOP. +

+WARNING: +getpwnam is inherently unreliable. +It fails to distinguish between temporary errors +and nonexistent users. +Future versions of getpwnam should return ETXTBSY +to indicate temporary errors +and ESRCH to indicate nonexistent users. +

Process-state changes

+Before invoking prog, +checkpassword sets up +$USER, +$HOME, +$SHELL, +its supplementary groups, +its gid, +its uid, +and its working directory. +

+Other checkpassword-compatible tools +may make different changes to the process state. +It is crucial for these effects to be documented; +different applications have different requirements. + + --- fgetty-0.6.orig/debian/changelog +++ fgetty-0.6/debian/changelog @@ -0,0 +1,47 @@ +fgetty (0.6-5build1) hardy; urgency=low + + * Rebuild against new dietlibc. + + -- Luca Falavigna Fri, 14 Mar 2008 16:23:44 +0100 + +fgetty (0.6-5) unstable; urgency=low + + * debian/implicit: add proper dependencies to support 'parallel build' + through make -j (thx Daniel Schepler for the patch). + * debian/rules: target build: pass LDFLAGS= to make to prevent upstream + install target to strip programs (closes: #436834). + + -- Gerrit Pape Tue, 11 Dec 2007 10:50:49 +0000 + +fgetty (0.6-4) unstable; urgency=low + + * debian/diff/cvs-20041118.diff: new; upstream CVS from 20041118. + * debian/diff/fgetty-login.diff, debian/diff/nostrip.diff: adapt. + * debian/diff/ro-dev.diff: print warning if chown/chmod of tty device + fails due to readonly filesystem. + + -- Gerrit Pape Mon, 13 Nov 2006 20:36:35 +0000 + +fgetty (0.6-3) unstable; urgency=low + + * debian/rules: cleanup. + * debian/implicit: update to revision 1.10. + * debian/copyright: update upstream URL. + * debian/control: Build-Depends: dietlibc-dev (>> 0.28-0) to make diet + compiled programs work with a kernel with stack protection (thx Csillag + Tamas, closes: 299550). + + -- Gerrit Pape Sun, 20 Mar 2005 19:50:33 +0000 + +fgetty (0.6-2) unstable; urgency=low + + * debian/rules: use 'diet -v -Os' instead of 'diet' to compile package + (fixes build failure on sparc). + + -- Gerrit Pape Tue, 24 Feb 2004 19:59:17 +0000 + +fgetty (0.6-1) unstable; urgency=low + + * initial debian package (closes: #232647). + + -- Gerrit Pape Mon, 16 Feb 2004 12:07:06 +0000 --- fgetty-0.6.orig/debian/checkpassword.8 +++ fgetty-0.6/debian/checkpassword.8 @@ -0,0 +1,103 @@ +.TH checkpassword 8 +.SH NAME +checkpassword \- check a password +.SH SYNOPSIS +.B checkpassword +.I prog +.SH DESCRIPTION +.B checkpassword +reads descriptor 3 through end of file and then closes descriptor 3. +There must be at most 512 bytes of data before end of file. +.P +The information supplied on descriptor 3 is a login name terminated by \e0, +a password terminated by \e0, a timestamp terminated by \e0, and possibly +more data. +There are no other restrictions on the form of the login name, password, +and timestamp. +.P +If the password is unacceptable, +.B checkpassword +exits 1. +If +.B checkpassword +is misused, +it may instead exit 2. +If there is a temporary problem checking the password, +.B checkpassword +exits 111. +.P +If the password is acceptable, +.B checkpassword +runs +.IR prog . +.I prog +consists of one or more arguments. +.SH COMPATIBLE TOOLS +There are other tools that offer the same interface as +.BR checkpassword . +Applications that use +.B checkpassword +are encouraged to take the +.B checkpassword +name as an argument, +so that they can be used with different tools. +.P +Note that these tools do not follow the +.BR getopt (3) +interface. +Optional features are controlled through (1) the tool name and (2) +environment variables. +.SH THE PASSWORD DATABASE +.B checkpassword +checks the login name and password against +.IR /etc/passwd , +using the operating system's +.BR getpwnam (3) +and +.BR crypt (3) +functions, supplemented by +.BR getspnam . +It rejects accounts with empty passwords. +It ignores the timestamp. +.P +Other +.BR checkpassword -compatible +tools have different interpretations of login names, passwords, and +timestamps. +Both the login name and the password should be treated as secrets by the +application calling +.BR checkpassword ; +the only distinction is for administrative convenience. +The timestamp should include any other information that the password is +based on; for example, the challenge in a challenge-response system such as +APOP. +.P +.B WARNING: +.B getpwnam +is inherently unreliable. +It fails to distinguish between temporary errors and nonexistent users. +Future versions of +.BR getpwnam (3) +should return ETXTBSY to indicate temporary errors and ESRCH to indicate +nonexistent users. +.SH PROCESS-STATE CHANGES +Before invoking +.IR prog , +.B checkpassword +sets up +.BR $USER , +.BR $HOME , +.BR $SHELL , +its supplementary groups, +its gid, +its uid, +and its working directory. +.P +Other +.BR checkpassword -compatible +tools may make different changes to the process state. +It is crucial for these effects to be documented; different applications +have different requirements. +.SH "SEE ALSO" +getpwnam(3), +crypt(3) --- fgetty-0.6.orig/debian/copyright +++ fgetty-0.6/debian/copyright @@ -0,0 +1,13 @@ +This package was debianized by Gerrit Pape on +Mon, 16 Feb 2004. + +It was downloaded from: http://www.fefe.de/fgetty/ + +Upstream Author: Felix von Leitner + +Copyright: + +GPL2 + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in ``/usr/share/common-licenses/GPL''. --- fgetty-0.6.orig/debian/implicit +++ fgetty-0.6/debian/implicit @@ -0,0 +1,93 @@ +# $Id: 60d9070435b8d5608f20f60bc44e081960b6e39d $ + +.PHONY: deb-checkdir deb-checkuid + +deb-checkdir: + @test -e debian/control || sh -cx '! : wrong directory' +deb-checkuid: + @test "`id -u`" -eq 0 || sh -cx '! : need root privileges' + +%.deb: %.deb-docs %.deb-DEBIAN + @rm -f $*.deb $*.deb-checkdir $*.deb-docs $*.deb-docs-base \ + $*.deb-docs-docs $*.deb-docs-examples $*.deb-DEBIAN \ + $*.deb-DEBIAN-dir $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums + +%.udeb: %.deb-DEBIAN + @rm -f $*.deb $*.deb-checkdir $*.deb-DEBIAN $*.deb-DEBIAN-dir \ + $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums + +%.deb-checkdir: install + @test -d debian/$* || sh -cx '! : directory debian/$* missing' + @test "`id -u`" -eq 0 || sh -cx '! : need root privileges' + +%.deb-docs-base: install + : implicit + @rm -f debian/$*/usr/share/doc/$*/* || : + @install -d -m0755 debian/$*/usr/share/doc/$* + : debian/$*/usr/share/doc/$*/ + @sh -cx 'install -m0644 debian/copyright debian/$*/usr/share/doc/$*/' + @sh -cx 'install -m0644 debian/changelog \ + debian/$*/usr/share/doc/$*/changelog.Debian' + @test ! -r changelog || \ + sh -cx 'install -m0644 changelog debian/$*/usr/share/doc/$*/' + @test -r debian/$*/usr/share/doc/$*/changelog || \ + sh -cx 'mv debian/$*/usr/share/doc/$*/changelog.Debian \ + debian/$*/usr/share/doc/$*/changelog' + @test -s debian/$*/usr/share/doc/$*/changelog || \ + sh -cx 'rm -f debian/$*/usr/share/doc/$*/changelog' + @gzip -9 debian/$*/usr/share/doc/$*/changelog* +%.deb-docs-docs: %.deb-docs-base + @for i in `cat debian/$*.docs 2>/dev/null || :`; do \ + if test -d $$i; then \ + sh -cx "install -d -m0755 debian/$*/usr/share/doc/$*/$${i##*/}" && \ + for j in $$i/*; do \ + sh -cx "install -m0644 $$j \ + debian/$*/usr/share/doc/$*/$${i##*/}/" || exit 1; \ + done || exit 1; \ + continue; \ + fi; \ + sh -cx "install -m0644 $$i debian/$*/usr/share/doc/$*/" || exit 1; \ + done + @test ! -r debian/$*.README.Debian || \ + sh -cx 'install -m0644 debian/$*.README.Debian \ + debian/$*/usr/share/doc/$*/README.Debian' + @if test -r debian/$*.NEWS.Debian; then \ + sh -cx 'install -m0644 debian/$*.NEWS.Debian \ + debian/$*/usr/share/doc/$*/NEWS.Debian && \ + gzip -9 debian/$*/usr/share/doc/$*/NEWS.Debian'; \ + fi +%.deb-docs-examples: %.deb-docs-docs + @rm -rf debian/$*/usr/share/doc/$*/examples + : debian/$*/usr/share/doc/$*/examples/ + @test ! -r debian/$*.examples || \ + install -d -m0755 debian/$*/usr/share/doc/$*/examples + @for i in `cat debian/$*.examples 2>/dev/null || :`; do \ + sh -cx "install -m0644 $$i debian/$*/usr/share/doc/$*/examples/" \ + || exit 1; \ + done +%.deb-docs: %.deb-checkdir %.deb-docs-base %.deb-docs-docs %.deb-docs-examples + : debian/$*/usr/share/doc/$*/ ok + +%.deb-DEBIAN-base: install + @rm -rf debian/$*/DEBIAN + : debian/$*/DEBIAN/ + @install -d -m0755 debian/$*/DEBIAN + @for i in conffiles shlibs templates; do \ + test ! -r debian/$*.$$i || \ + sh -cx "install -m0644 debian/$*.$$i debian/$*/DEBIAN/$$i" \ + || exit 1; \ + done +%.deb-DEBIAN-scripts: %.deb-DEBIAN-base + @for i in preinst prerm postinst postrm config; do \ + test ! -r debian/$*.$$i || \ + sh -cx "install -m0755 debian/$*.$$i debian/$*/DEBIAN/$$i" \ + || exit 1; \ + done +%.deb-DEBIAN-md5sums: %.deb-DEBIAN-base %.deb-docs + : debian/$*/DEBIAN/md5sums + @rm -f debian/$*/DEBIAN/md5sums + @cd debian/$* && find * -path 'DEBIAN' -prune -o \ + -type f -exec md5sum {} >>DEBIAN/md5sums \; +%.deb-DEBIAN: %.deb-checkdir %.deb-DEBIAN-base %.deb-DEBIAN-scripts \ + %.deb-DEBIAN-md5sums + : debian/$*/DEBIAN/ ok --- fgetty-0.6.orig/debian/fgetty.README.Debian +++ fgetty-0.6/debian/fgetty.README.Debian @@ -0,0 +1,13 @@ +fgetty for Debian +----------------- + +The login and login2 programs from the fgetty package are installed as +fgetty-login and fgetty-login2 into /bin/. fgetty is changed to run +/bin/fgetty-login instead of /bin/login, and fgetty-login is changed +to run /bin/fgetty-login2 instead of /bin/login2. + +By default fgetty-login uses /bin/checkpassword (provided by this package) +to authenticate a user, but, for your convenience, it looks first for +/bin/checkpassword.login and uses this program if it exists. + + -- Gerrit Pape , Mon, 16 Feb 2004 12:06:08 +0000 --- fgetty-0.6.orig/debian/fgetty.lintian +++ fgetty-0.6/debian/fgetty.lintian @@ -0,0 +1 @@ +fgetty: statically-linked-binary --- fgetty-0.6.orig/debian/fgetty.docs +++ fgetty-0.6/debian/fgetty.docs @@ -0,0 +1,2 @@ +README +debian/interface.html