Message ID | 1344740623-29446-1-git-send-email-golubovsky@gmail.com |
---|---|
State | Rejected |
Headers | show |
Hi Dmitry, On Sat, Aug 11, 2012 at 11:03:43PM -0400, Dmitry wrote: [snip] > +config BR2_PACKAGE_BUSYBOX_PAM > + bool "Enable PAM support in Busybox" > + default y > + depends on BR2_PACKAGE_LINUX_PAM > + help > + PAM support in Busybox is enabled by default if package > + linux-pam is selected. Make sure that files /etc/pam.d/default > + and/or /etc/pam.d/login exist and contain valid authentication > + stack. Otherwise you will not be able to log into the booted > + system. If unsure unselect this item. The last help sentence seems to contradict the 'default y' enable by default above. baruch
Baruch, On Sun, Aug 12, 2012 at 10:17 AM, Baruch Siach <baruch@tkos.co.il> wrote: >> + help >> + PAM support in Busybox is enabled by default if package >> + linux-pam is selected. Make sure that files /etc/pam.d/default >> + and/or /etc/pam.d/login exist and contain valid authentication >> + stack. Otherwise you will not be able to log into the booted >> + system. If unsure unselect this item. > > The last help sentence seems to contradict the 'default y' enable by default > above. My approach would be to disable it by default. However from the prior discussion I concluded that the preferred way in Buildroot is to enable something by default as new feature appears. So I am trying a reasonable compromise: to make PAM enabled in busybox, but to provide a fast way to disable it if anything goes wrong. What would you suggest: to drop "if unsure..." or to make PAM disabled by default in busybox? Thanks.
Le Sun, 12 Aug 2012 10:25:46 -0400, Dmitry Golubovsky <golubovsky@gmail.com> a écrit : > What would you suggest: to drop "if unsure..." or to make PAM disabled > by default in busybox? Make PAM disabled by default *and* provide basically working versions of the /etc/pam.d/ files that are needed to make the login process working if Busybox is built with PAM support. That's something we generally try to do with Buildroot: ensure that when a package is built and installed, it has default configuration files that allow it to work in at least a basic way. Best regards, Thomas
diff --git a/package/busybox/Config.in b/package/busybox/Config.in index dedcf18..3e9f56d 100644 --- a/package/busybox/Config.in +++ b/package/busybox/Config.in @@ -62,6 +62,17 @@ config BR2_PACKAGE_BUSYBOX_WATCHDOG Install the watchdog daemon startup script, that just start at the boot the busybox watchdog daemon. +config BR2_PACKAGE_BUSYBOX_PAM + bool "Enable PAM support in Busybox" + default y + depends on BR2_PACKAGE_LINUX_PAM + help + PAM support in Busybox is enabled by default if package + linux-pam is selected. Make sure that files /etc/pam.d/default + and/or /etc/pam.d/login exist and contain valid authentication + stack. Otherwise you will not be able to log into the booted + system. If unsure unselect this item. + if BR2_PACKAGE_BUSYBOX_WATCHDOG config BR2_PACKAGE_BUSYBOX_WATCHDOG_PERIOD diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk index 17ee50a..c97ce77 100644 --- a/package/busybox/busybox.mk +++ b/package/busybox/busybox.mk @@ -161,6 +161,17 @@ define BUSYBOX_INSTALL_WATCHDOG_SCRIPT endef endif +ifeq ($(BR2_PACKAGE_BUSYBOX_PAM),y) +BUSYBOX_DEPENDENCIES += linux-pam +define BUSYBOX_ENABLE_PAM + $(call KCONFIG_ENABLE_OPT,CONFIG_PAM,$(BUSYBOX_BUILD_CONFIG)) +endef +else +define BUSYBOX_ENABLE_PAM + $(call KCONFIG_DISABLE_OPT,CONFIG_PAM,$(BUSYBOX_BUILD_CONFIG)) +endef +endif + # We do this here to avoid busting a modified .config in configure BUSYBOX_POST_EXTRACT_HOOKS += BUSYBOX_COPY_CONFIG @@ -176,6 +187,7 @@ define BUSYBOX_CONFIGURE_CMDS $(BUSYBOX_DISABLE_MMU_APPLETS) $(BUSYBOX_SET_INIT) $(BUSYBOX_SET_WATCHDOG) + $(BUSYBOX_ENABLE_PAM) @yes "" | $(MAKE) ARCH=$(KERNEL_ARCH) CROSS_COMPILE="$(TARGET_CROSS)" \ -C $(@D) oldconfig endef
Signed-off-by: Dmitry <golubovsky@gmail.com> --- package/busybox/Config.in | 11 +++++++++++ package/busybox/busybox.mk | 12 ++++++++++++ 2 files changed, 23 insertions(+), 0 deletions(-)