pam-config: add pam_deny module for password

[pti/rtp.git] / meta-stx / recipes-core / stx-config-files / config-files_1.0.0.bb

diff --git a/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb b/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
index 67b0e5e..82d1092 100644 (file)
--- a/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
+++ b/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
@@ -49,9 +49,10 @@ SRC_URI = " \
        file://util-linux-pam-postlogin.patch \
        file://syslog-ng-config-parse-err.patch \
        file://syslog-ng-config-systemd-service.patch \
-       file://syslog-ng-conf-fix-the-source.patch \
        file://syslog-ng-conf-replace-match-with-message.patch \
        file://lighttpd-init-script-chroot.patch \
+       file://nfsserver-remvoe-the-f-option-for-rpc.mountd.patch \
+       file://nfsserver.service-add-dependency-on-rpcbind.service.patch \
        "
 
 do_configure () {
@@ -147,7 +148,7 @@ RDEPENDS_audit-config += " \
        audit-python \
        "
 RDEPENDS_dhclient-config += "dhcp-client"
-RDEPENDS_dnsmasq-config += ""
+RDEPENDS_dnsmasq-config += "dnsmasq"
 RDEPENDS_docker-config += "docker-ce logrotate "
 RDEPENDS_initscripts-config += "initscripts"
 RDEPENDS_filesystem-scripts += ""
@@ -252,8 +253,8 @@ pkg_postinst_ontarget_audit-config() {
 }
 
 pkg_postinst_centos-release-config() {
-        sed 's/@PLATFORM_RELEASE@/${STX_REL}/' $D${datadir}/starlingx/config-files/centos-release-config/files/issue >> $D${sysconfdir}/issue
-        sed 's/@PLATFORM_RELEASE@/${STX_REL}/' $D${datadir}/starlingx/config-files/centos-release-config/files/issue.net >> $D${sysconfdir}/issue.net
+        sed 's/@PLATFORM_RELEASE@/${ORAN_REL}/' $D${datadir}/starlingx/config-files/centos-release-config/files/issue >> $D${sysconfdir}/issue
+        sed 's/@PLATFORM_RELEASE@/${ORAN_REL}/' $D${datadir}/starlingx/config-files/centos-release-config/files/issue.net >> $D${sysconfdir}/issue.net
         chmod 644 $D${sysconfdir}/issue
         chmod 644 $D${sysconfdir}/issue.net
 }
@@ -440,36 +441,39 @@ pkg_postinst_ontarget_net-snmp-config() {
 }
 
 
-pkg_postinst_ontarget_nfs-utils-config() {
+pkg_postinst_nfs-utils-config() {
 #      %description
 #      package customized configuration and service files of nfs-utils to system folder.
 
 
-       SRCPATH=${datadir}/starlingx/config-files/nfs-utils-config/files
+       SRCPATH=$D${datadir}/starlingx/config-files/nfs-utils-config/files
        
 
-       install -m 755 -p -D ${SRCPATH}/nfscommon               ${sysconfdir}/init.d
-       install -m 644 -p -D ${SRCPATH}/nfscommon.service       ${systemd_system_unitdir}/
-       install -m 755 -p -D ${SRCPATH}/nfsserver               ${sysconfdir}/init.d
-       install -m 644 -p -D ${SRCPATH}/nfsserver.service       ${systemd_system_unitdir}
-       install -m 644 -p -D ${SRCPATH}/nfsmount.conf           ${datadir}/starlingx/stx.nfsmount.conf
+       install -m 755 -p -D ${SRCPATH}/nfscommon               $D${sysconfdir}/init.d
+       install -m 644 -p -D ${SRCPATH}/nfscommon.service       $D${systemd_system_unitdir}/
+       install -m 755 -p -D ${SRCPATH}/nfsserver               $D${sysconfdir}/init.d
+       install -m 644 -p -D ${SRCPATH}/nfsserver.service       $D${systemd_system_unitdir}
+       install -m 644 -p -D ${SRCPATH}/nfsmount.conf           $D${datadir}/starlingx/stx.nfsmount.conf
        
-       cp -f ${datadir}/starlingx/stx.nfsmount.conf ${sysconfdir}/nfsmount.conf
-       chmod 644 ${sysconfdir}/nfsmount.conf
+       cp -f $D${datadir}/starlingx/stx.nfsmount.conf $D${sysconfdir}/nfsmount.conf
+       chmod 644 $D${sysconfdir}/nfsmount.conf
 
-       # STX - disable these service files as rpc-statd is started by nfscommon
-       /bin/systemctl disable rpc-statd.service
-       /bin/systemctl disable rpc-statd-notify.service
-       /bin/systemctl disable nfs-lock.service
-       /bin/systemctl disable nfslock.service 
-
-       /bin/systemctl enable nfscommon.service  >/dev/null 2>&1 || :
-       /bin/systemctl enable nfsserver.service  >/dev/null 2>&1 || :
+       # enable nfs services by default
+       OPTS=""
+       if [ -n "$D" ]; then
+               OPTS="--root=$D"
+       fi
+       if [ -z "$D" ]; then
+               systemctl daemon-reload
+       fi
 
-       # For now skiping the preun rule
-       #/bin/systemctl disable nfscommon.service >/dev/null 2>&1 || :
-       #/bin/systemctl disable nfsserver.service >/dev/null 2>&1 || :
+       systemctl $OPTS enable nfscommon.service
+       systemctl $OPTS enable nfsserver.service
 
+       if [ -z "$D" ]; then
+               systemctl --no-block restart nfscommon.service
+               systemctl --no-block restart nfsserver.service
+       fi
 }
 
 pkg_postinst_ontarget_ntp-config() {
@@ -529,7 +533,7 @@ pkg_postinst_openssh-config() {
        cp -f $D${datadir}/starlingx/ssh_config  $D${sysconfdir}/ssh/ssh_config
        cp -f $D${datadir}/starlingx/sshd_config $D${sysconfdir}/ssh/sshd_config
 
-       # enable syslog-ng service by default
+       # enable sshd service by default
        OPTS=""
        if [ -n "$D" ]; then
                OPTS="--root=$D"
@@ -576,6 +580,9 @@ pkg_postinst_ontarget_pam-config() {
        
        cp -f ${datadir}/starlingx/stx.system-auth ${sysconfdir}/pam.d/system-auth
        cp -f ${datadir}/starlingx/sshd.pam    ${sysconfdir}/pam.d/sshd
+
+       sed -i -e '/password .*pam_ldap.so/,/session .*revoke/ s/^$/password required pam_deny.so\n/g' \
+               ${sysconfdir}/pam.d/system-auth
 }
 
 pkg_postinst_ontarget_rabbitmq-server-config() {
@@ -687,15 +694,6 @@ pkg_postinst_syslog-ng-config() {
        if [ -z "$D" ]; then
                systemctl --no-block restart syslog-ng.service
        fi
-
-# TODO
-#preun:
-#      %systemd_preun syslog-ng.service 
-#postun:
-#      ldconfig
-#      %systemd_postun_with_restart syslog-ng.service 
-#      systemctl daemon-reload 2>&1 || :
-#      systemctl try-restart 
 }
 
 pkg_postinst_ontarget_systemd-config() {