1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# nss_cdb-Makefile: Makefile to create cdb-indexed files
# for nss_cdb module from /etc/group, /etc/passwd, /etc/shadow.
#
# This file is a part of tinycdb package.
# Copyright (C) 2001-2023 Michael Tokarev <mjt+cdb@corpit.ru>
# Tinycdb is licensed under MIT license.
AWK = awk
SRC = .
DST = .
all: $(DST)/passwd.cdb $(DST)/group.cdb $(DST)/shadow.cdb
$(DST)/passwd.cdb: $(SRC)/passwd
umask 022; $(AWK) -F: '\
/^#/ { next } \
NF == 7 { print $$1" "$$0; print ":"$$3" "$$1 } \
' $(SRC)/passwd > $@.in
cdb -c -m $@ $@.in
rm -f $@.in
$(DST)/group.cdb: $(SRC)/group
umask 022; $(AWK) -F: '\
/^#/ { next } \
NF == 4 { print $$1" "$$0; print ":"$$3" "$$1 } \
' $(SRC)/group > $@.in
cdb -c -m $@ $@.in
rm -f $@.in
# for shadow, we first create all files with mode 0600,
# and only when everything's done, right before final
# rename (which is done explicitly), we change permissions
# and ownership to the right values. Assuming parent dirs
# have proper permissions (so no symlink attacks etc are
# possible)
$(DST)/shadow.cdb: $(SRC)/shadow
set -e; \
umask 077; \
rm -f $@.in; \
$(AWK) -F: '\
/^#/ { next } \
NF == 9 { print $$1" "$$0 } \
' $(SRC)/shadow > $@.in
cdb -c -m -t $@.tmp -p 0600 $@.tmp2 $@.in
rm -f $@.in
chown --reference=$(SRC)/shadow $@.tmp2
chmod --reference=$(SRC)/shadow $@.tmp2
mv -f $@.tmp2 $@
|
