Message ID | 20170405124234.7035-1-stefan.sorensen@spectralink.com |
---|---|
State | Superseded |
Headers | show |
Stefan, On Wed, Apr 5, 2017 at 8:42 AM, Stefan Sørensen <stefan.sorensen@spectralink.com> wrote: > Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> > --- > > Changes since v1: > > * Update DEVELOPERS file > * Use SPDX license codes > * Use the tools from host-cracklib for generating dictionary files > > DEVELOPERS | 1 + > package/Config.in | 1 + > package/cracklib/Config.in | 28 ++++++++++++++++++++++++++++ > package/cracklib/cracklib.hash | 3 +++ > package/cracklib/cracklib.mk | 41 +++++++++++++++++++++++++++++++++++++++++ > 5 files changed, 74 insertions(+) > create mode 100644 package/cracklib/Config.in > create mode 100644 package/cracklib/cracklib.hash > create mode 100644 package/cracklib/cracklib.mk > > diff --git a/DEVELOPERS b/DEVELOPERS > index 37c610e..c31b410 100644 > --- a/DEVELOPERS > +++ b/DEVELOPERS > @@ -1467,6 +1467,7 @@ F: package/proxychains-ng/ > F: package/yasm/ > > N: Stefan Sørensen <stefan.sorensen@spectralink.com> > +F: package/cracklib/ > F: package/libscrypt/ > > N: Stephan Hoffmann <sho@relinux.de> > diff --git a/package/Config.in b/package/Config.in > index 71bd44a..66e9201 100644 > --- a/package/Config.in > +++ b/package/Config.in > @@ -1338,6 +1338,7 @@ menu "Other" > source "package/clapack/Config.in" > source "package/classpath/Config.in" > source "package/cppcms/Config.in" > + source "package/cracklib/Config.in" > source "package/dawgdic/Config.in" > source "package/ding-libs/Config.in" > source "package/eigen/Config.in" > diff --git a/package/cracklib/Config.in b/package/cracklib/Config.in > new file mode 100644 > index 0000000..cf428fd > --- /dev/null > +++ b/package/cracklib/Config.in > @@ -0,0 +1,28 @@ > +config BR2_PACKAGE_CRACKLIB > + bool "cracklib" > + help > + CrackLib tests passwords to determine whether they match > + certain security-oriented characteristics, with the purpose > + of stopping users from choosing passwords that are easy to > + guess. CrackLib performs several tests on passwords: it > + tries to generate words from a username and gecos entry and > + checks those words against the password; it checks for > + simplistic patterns in passwords; and it checks for the > + password in a dictionary. > + > + https://github.com/cracklib/cracklib > + > +if BR2_PACKAGE_CRACKLIB > + > +config BR2_PACKAGE_CRACKLIB_TOOLS > + bool "install tools" > + help > + Install cracklib command line tools for creating dicts. > + > +config BR2_PACKAGE_CRACKLIB_FULL_DICT > + bool "full dict" > + help > + Install the full cracklib dict (requires about 8Mb extra target > + space). > + > +endif > diff --git a/package/cracklib/cracklib.hash b/package/cracklib/cracklib.hash > new file mode 100644 > index 0000000..3038a47 > --- /dev/null > +++ b/package/cracklib/cracklib.hash > @@ -0,0 +1,3 @@ > +# Locally calculated > +sha256 17cf76943de272fd579ed831a1fd85339b393f8d00bf9e0d17c91e972f583343 cracklib-2.9.6.tar.gz > +sha256 27973245225eeb9d0090e97f3dea4197dec99b64d9d3a791a60298f3b021824c cracklib-words-2.9.6.gz > diff --git a/package/cracklib/cracklib.mk b/package/cracklib/cracklib.mk > new file mode 100644 > index 0000000..4e816a8 > --- /dev/null > +++ b/package/cracklib/cracklib.mk > @@ -0,0 +1,41 @@ > +################################################################################ > +# > +# cracklib > +# > +################################################################################ > + > +CRACKLIB_VERSION = 2.9.6 > +CRACKLIB_SITE = https://github.com/cracklib/cracklib/releases/download/cracklib-$(CRACKLIB_VERSION) > +CRACKLIB_LICENSE = LGPL-2.1 > +CRACKLIB_LICENSE_FILES = COPYING.LIB > +CRACKLIB_INSTALL_STAGING = YES > +CRACKLIB_DEPENDENCIES = host-cracklib > +ifeq ($(BR2_PACKAGE_CRACKLIB_FULL_DICT),y) > +CRACKLIB_EXTRA_DOWNLOADS = cracklib-words-$(CRACKLIB_VERSION).gz > +endif You could move the CRACKLIB_EXTRA_DOWNLOADS assignment down to the if-BR2_PACKAGE_CRACKLIB_FULL_DICT below, where cracklib-words is actually used, and eliminate an if. > + > +ifeq ($(BR2_PACKAGE_CRACKLIB_TOOLS),) > +define CRACKLIB_REMOVE_TOOLS > + rm -f $(TARGET_DIR)/usr/sbin/*cracklib* > +endef > + > +CRACKLIB_POST_INSTALL_TARGET_HOOKS += CRACKLIB_REMOVE_TOOLS > +endif > + > +ifeq ($(BR2_PACKAGE_CRACKLIB_FULL_DICT),y) > +CRACKLIB_DICT_SOURCE = $(DL_DIR)/cracklib-words-$(CRACKLIB_VERSION).gz > +else > +CRACKLIB_DICT_SOURCE = $(@D)/dicts/cracklib-small > +endif > + > +define CRACKLIB_BUILD_DICT > + $(HOST_DIR)/usr/sbin/cracklib-format $(CRACKLIB_DICT_SOURCE) | \ > + $(HOST_DIR)/usr/sbin/cracklib-packer \ > + $(TARGET_DIR)/usr/share/cracklib/pw_dict Maybe it would be wise to preface this line with a $(HOST_MAKE_ENV) just in case cracklib-format or cracklib-packer make use of any other cracklib tools? No need to mkdir -p $(TARGET_DIR)/usr/share/cracklib first? Regards, Danomi - > + rm $(TARGET_DIR)/usr/share/cracklib/cracklib-small > +endef > + > +CRACKLIB_POST_INSTALL_TARGET_HOOKS += CRACKLIB_BUILD_DICT > + > +$(eval $(autotools-package)) > +$(eval $(host-autotools-package)) > -- > 2.9.3 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
Hello Stefan, On Wed, 5 Apr 2017 14:42:33 +0200, Stefan Sørensen wrote: > Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> > --- I still see the same behavior: /home/thomas/projets/buildroot/output/host/usr/sbin/cracklib-format /home/thomas/dl/cracklib-words-2.9.6.gz | /home/thomas/projets/buildroot/output/host/usr/sbin/cracklib-packer /home/thomas/projets/buildroot/output/target/usr/share/cracklib/pw_dict skipping line: 1 4 3 rm /home/thomas/projets/buildroot/output/target/usr/share/cracklib/cracklib-small And then in the target: $ ls -l output/target/usr/share/cracklib/* -rw-r--r-- 1 thomas thomas 360 avril 6 17:17 output/target/usr/share/cracklib/cracklib.magic -rw-r--r-- 1 thomas thomas 1024 avril 6 17:17 output/target/usr/share/cracklib/pw_dict.hwm -rw-r--r-- 1 thomas thomas 50 avril 6 17:17 output/target/usr/share/cracklib/pw_dict.pwd -rw-r--r-- 1 thomas thomas 16 avril 6 17:17 output/target/usr/share/cracklib/pw_dict.pwi i.e, the dictionary is empty (size is ridiculously small). Thomas
On Thu, Apr 6, 2017 at 11:19 AM, Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote: > Hello Stefan, > > On Wed, 5 Apr 2017 14:42:33 +0200, Stefan Sørensen wrote: >> Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> >> --- > > I still see the same behavior: > > /home/thomas/projets/buildroot/output/host/usr/sbin/cracklib-format /home/thomas/dl/cracklib-words-2.9.6.gz | /home/thomas/projets/buildroot/output/host/usr/sbin/cracklib-packer /home/thomas/projets/buildroot/output/target/usr/share/cracklib/pw_dict > skipping line: 1 > 4 3 > rm /home/thomas/projets/buildroot/output/target/usr/share/cracklib/cracklib-small > > And then in the target: > > $ ls -l output/target/usr/share/cracklib/* > -rw-r--r-- 1 thomas thomas 360 avril 6 17:17 output/target/usr/share/cracklib/cracklib.magic > -rw-r--r-- 1 thomas thomas 1024 avril 6 17:17 output/target/usr/share/cracklib/pw_dict.hwm > -rw-r--r-- 1 thomas thomas 50 avril 6 17:17 output/target/usr/share/cracklib/pw_dict.pwd > -rw-r--r-- 1 thomas thomas 16 avril 6 17:17 output/target/usr/share/cracklib/pw_dict.pwi > > i.e, the dictionary is empty (size is ridiculously small). FWIW - it looks to me like the grep call in cracklib-format is concluding that cracklib-words is a binary file: buildroot/output/host/usr/sbin/cracklib-format cracklib-words-2.9.6.gz ] ]] binaryfilestandardinputmatches If the grep is patched to have a -a to force the file to be treated as text, then you get big numbers: skipping line: 1 warning: input out of order: 'ghabcdefghabcdefghabcdefghabcd' should not follow 'habcdefghabcdefghabcdefghabcde' (line 55362) warning: input out of order: 'fghabcdefghabcdefghabcdefghabc' should not follow 'ghabcdefghabcdefghabcdefghabcd' (line 55363) warning: input out of order: 'efghabcdefghabcdefghabcdefghab' should not follow 'fghabcdefghabcdefghabcdefghabc' (line 55364) warning: input out of order: 'fghabcdefghabcdefghabcdefghabc' should not follow 'ghabcdefghabcdefghabcdefghabcd' (line 55366) warning: input out of order: 'abcdefghi' should not follow 'fghabcdefghabcdefghabcdefghabc' (line 55367) 1911513 1911512 Or, if you use an older cracklib-words, like http://downloads.sourceforge.net/cracklib/cracklib-words-20080507.gz, then this problem is also avoided. Danomi - > > Thomas > -- > Thomas Petazzoni, CTO, Free Electrons > Embedded Linux, Kernel and Android engineering > http://free-electrons.com > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
diff --git a/DEVELOPERS b/DEVELOPERS index 37c610e..c31b410 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -1467,6 +1467,7 @@ F: package/proxychains-ng/ F: package/yasm/ N: Stefan Sørensen <stefan.sorensen@spectralink.com> +F: package/cracklib/ F: package/libscrypt/ N: Stephan Hoffmann <sho@relinux.de> diff --git a/package/Config.in b/package/Config.in index 71bd44a..66e9201 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1338,6 +1338,7 @@ menu "Other" source "package/clapack/Config.in" source "package/classpath/Config.in" source "package/cppcms/Config.in" + source "package/cracklib/Config.in" source "package/dawgdic/Config.in" source "package/ding-libs/Config.in" source "package/eigen/Config.in" diff --git a/package/cracklib/Config.in b/package/cracklib/Config.in new file mode 100644 index 0000000..cf428fd --- /dev/null +++ b/package/cracklib/Config.in @@ -0,0 +1,28 @@ +config BR2_PACKAGE_CRACKLIB + bool "cracklib" + help + CrackLib tests passwords to determine whether they match + certain security-oriented characteristics, with the purpose + of stopping users from choosing passwords that are easy to + guess. CrackLib performs several tests on passwords: it + tries to generate words from a username and gecos entry and + checks those words against the password; it checks for + simplistic patterns in passwords; and it checks for the + password in a dictionary. + + https://github.com/cracklib/cracklib + +if BR2_PACKAGE_CRACKLIB + +config BR2_PACKAGE_CRACKLIB_TOOLS + bool "install tools" + help + Install cracklib command line tools for creating dicts. + +config BR2_PACKAGE_CRACKLIB_FULL_DICT + bool "full dict" + help + Install the full cracklib dict (requires about 8Mb extra target + space). + +endif diff --git a/package/cracklib/cracklib.hash b/package/cracklib/cracklib.hash new file mode 100644 index 0000000..3038a47 --- /dev/null +++ b/package/cracklib/cracklib.hash @@ -0,0 +1,3 @@ +# Locally calculated +sha256 17cf76943de272fd579ed831a1fd85339b393f8d00bf9e0d17c91e972f583343 cracklib-2.9.6.tar.gz +sha256 27973245225eeb9d0090e97f3dea4197dec99b64d9d3a791a60298f3b021824c cracklib-words-2.9.6.gz diff --git a/package/cracklib/cracklib.mk b/package/cracklib/cracklib.mk new file mode 100644 index 0000000..4e816a8 --- /dev/null +++ b/package/cracklib/cracklib.mk @@ -0,0 +1,41 @@ +################################################################################ +# +# cracklib +# +################################################################################ + +CRACKLIB_VERSION = 2.9.6 +CRACKLIB_SITE = https://github.com/cracklib/cracklib/releases/download/cracklib-$(CRACKLIB_VERSION) +CRACKLIB_LICENSE = LGPL-2.1 +CRACKLIB_LICENSE_FILES = COPYING.LIB +CRACKLIB_INSTALL_STAGING = YES +CRACKLIB_DEPENDENCIES = host-cracklib +ifeq ($(BR2_PACKAGE_CRACKLIB_FULL_DICT),y) +CRACKLIB_EXTRA_DOWNLOADS = cracklib-words-$(CRACKLIB_VERSION).gz +endif + +ifeq ($(BR2_PACKAGE_CRACKLIB_TOOLS),) +define CRACKLIB_REMOVE_TOOLS + rm -f $(TARGET_DIR)/usr/sbin/*cracklib* +endef + +CRACKLIB_POST_INSTALL_TARGET_HOOKS += CRACKLIB_REMOVE_TOOLS +endif + +ifeq ($(BR2_PACKAGE_CRACKLIB_FULL_DICT),y) +CRACKLIB_DICT_SOURCE = $(DL_DIR)/cracklib-words-$(CRACKLIB_VERSION).gz +else +CRACKLIB_DICT_SOURCE = $(@D)/dicts/cracklib-small +endif + +define CRACKLIB_BUILD_DICT + $(HOST_DIR)/usr/sbin/cracklib-format $(CRACKLIB_DICT_SOURCE) | \ + $(HOST_DIR)/usr/sbin/cracklib-packer \ + $(TARGET_DIR)/usr/share/cracklib/pw_dict + rm $(TARGET_DIR)/usr/share/cracklib/cracklib-small +endef + +CRACKLIB_POST_INSTALL_TARGET_HOOKS += CRACKLIB_BUILD_DICT + +$(eval $(autotools-package)) +$(eval $(host-autotools-package))
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com> --- Changes since v1: * Update DEVELOPERS file * Use SPDX license codes * Use the tools from host-cracklib for generating dictionary files DEVELOPERS | 1 + package/Config.in | 1 + package/cracklib/Config.in | 28 ++++++++++++++++++++++++++++ package/cracklib/cracklib.hash | 3 +++ package/cracklib/cracklib.mk | 41 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 74 insertions(+) create mode 100644 package/cracklib/Config.in create mode 100644 package/cracklib/cracklib.hash create mode 100644 package/cracklib/cracklib.mk