[Buildroot] [PATCH v2 1/2] cracklib: New package

Danomi Manchego danomimanchego123 at gmail.com
Wed Apr 5 14:31:16 UTC 2017 

Stefan,

On Wed, Apr 5, 2017 at 8:42 AM, Stefan Sørensen
<stefan.sorensen at spectralink.com> wrote:
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> ---
>
> Changes since v1:
>
>  * Update DEVELOPERS file
>  * Use SPDX license codes
>  * Use the tools from host-cracklib for generating dictionary files
>
>  DEVELOPERS                     |  1 +
>  package/Config.in              |  1 +
>  package/cracklib/Config.in     | 28 ++++++++++++++++++++++++++++
>  package/cracklib/cracklib.hash |  3 +++
>  package/cracklib/cracklib.mk   | 41 +++++++++++++++++++++++++++++++++++++++++
>  5 files changed, 74 insertions(+)
>  create mode 100644 package/cracklib/Config.in
>  create mode 100644 package/cracklib/cracklib.hash
>  create mode 100644 package/cracklib/cracklib.mk
>
> diff --git a/DEVELOPERS b/DEVELOPERS
> index 37c610e..c31b410 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -1467,6 +1467,7 @@ F:        package/proxychains-ng/
>  F:     package/yasm/
>
>  N:     Stefan Sørensen <stefan.sorensen at spectralink.com>
> +F:     package/cracklib/
>  F:     package/libscrypt/
>
>  N:     Stephan Hoffmann <sho at relinux.de>
> diff --git a/package/Config.in b/package/Config.in
> index 71bd44a..66e9201 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -1338,6 +1338,7 @@ menu "Other"
>         source "package/clapack/Config.in"
>         source "package/classpath/Config.in"
>         source "package/cppcms/Config.in"
> +       source "package/cracklib/Config.in"
>         source "package/dawgdic/Config.in"
>         source "package/ding-libs/Config.in"
>         source "package/eigen/Config.in"
> diff --git a/package/cracklib/Config.in b/package/cracklib/Config.in
> new file mode 100644
> index 0000000..cf428fd
> --- /dev/null
> +++ b/package/cracklib/Config.in
> @@ -0,0 +1,28 @@
> +config BR2_PACKAGE_CRACKLIB
> +       bool "cracklib"
> +       help
> +         CrackLib tests passwords to determine whether they match
> +         certain security-oriented characteristics, with the purpose
> +         of stopping users from choosing passwords that are easy to
> +         guess. CrackLib performs several tests on passwords: it
> +         tries to generate words from a username and gecos entry and
> +         checks those words against the password; it checks for
> +         simplistic patterns in passwords; and it checks for the
> +         password in a dictionary.
> +
> +         https://github.com/cracklib/cracklib
> +
> +if BR2_PACKAGE_CRACKLIB
> +
> +config BR2_PACKAGE_CRACKLIB_TOOLS
> +       bool "install tools"
> +       help
> +         Install cracklib command line tools for creating dicts.
> +
> +config BR2_PACKAGE_CRACKLIB_FULL_DICT
> +       bool "full dict"
> +       help
> +         Install the full cracklib dict (requires about 8Mb extra target
> +         space).
> +
> +endif
> diff --git a/package/cracklib/cracklib.hash b/package/cracklib/cracklib.hash
> new file mode 100644
> index 0000000..3038a47
> --- /dev/null
> +++ b/package/cracklib/cracklib.hash
> @@ -0,0 +1,3 @@
> +# Locally calculated
> +sha256 17cf76943de272fd579ed831a1fd85339b393f8d00bf9e0d17c91e972f583343        cracklib-2.9.6.tar.gz
> +sha256 27973245225eeb9d0090e97f3dea4197dec99b64d9d3a791a60298f3b021824c        cracklib-words-2.9.6.gz
> diff --git a/package/cracklib/cracklib.mk b/package/cracklib/cracklib.mk
> new file mode 100644
> index 0000000..4e816a8
> --- /dev/null
> +++ b/package/cracklib/cracklib.mk
> @@ -0,0 +1,41 @@
> +################################################################################
> +#
> +# cracklib
> +#
> +################################################################################
> +
> +CRACKLIB_VERSION = 2.9.6
> +CRACKLIB_SITE = https://github.com/cracklib/cracklib/releases/download/cracklib-$(CRACKLIB_VERSION)
> +CRACKLIB_LICENSE = LGPL-2.1
> +CRACKLIB_LICENSE_FILES = COPYING.LIB
> +CRACKLIB_INSTALL_STAGING = YES
> +CRACKLIB_DEPENDENCIES = host-cracklib
> +ifeq ($(BR2_PACKAGE_CRACKLIB_FULL_DICT),y)
> +CRACKLIB_EXTRA_DOWNLOADS = cracklib-words-$(CRACKLIB_VERSION).gz
> +endif

You could move the CRACKLIB_EXTRA_DOWNLOADS assignment down to the
if-BR2_PACKAGE_CRACKLIB_FULL_DICT below, where cracklib-words is
actually used, and eliminate an if.

> +
> +ifeq ($(BR2_PACKAGE_CRACKLIB_TOOLS),)
> +define CRACKLIB_REMOVE_TOOLS
> +       rm -f $(TARGET_DIR)/usr/sbin/*cracklib*
> +endef
> +
> +CRACKLIB_POST_INSTALL_TARGET_HOOKS += CRACKLIB_REMOVE_TOOLS
> +endif
> +
> +ifeq ($(BR2_PACKAGE_CRACKLIB_FULL_DICT),y)
> +CRACKLIB_DICT_SOURCE = $(DL_DIR)/cracklib-words-$(CRACKLIB_VERSION).gz
> +else
> +CRACKLIB_DICT_SOURCE = $(@D)/dicts/cracklib-small
> +endif
> +
> +define CRACKLIB_BUILD_DICT
> +       $(HOST_DIR)/usr/sbin/cracklib-format $(CRACKLIB_DICT_SOURCE) | \
> +               $(HOST_DIR)/usr/sbin/cracklib-packer \
> +               $(TARGET_DIR)/usr/share/cracklib/pw_dict

Maybe it would be wise to preface this line with a $(HOST_MAKE_ENV)
just in case cracklib-format or cracklib-packer make use of any other
cracklib tools?

No need to mkdir -p $(TARGET_DIR)/usr/share/cracklib first?

Regards,
Danomi -


> +       rm $(TARGET_DIR)/usr/share/cracklib/cracklib-small
> +endef
> +
> +CRACKLIB_POST_INSTALL_TARGET_HOOKS += CRACKLIB_BUILD_DICT
> +
> +$(eval $(autotools-package))
> +$(eval $(host-autotools-package))
> --
> 2.9.3
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

More information about the buildroot mailing list