elaborate on the editor selection of the programs

debian/changelog

@@ -1,15 +1,8 @@
-shadow (1:4.13+dfsg1-5) unstable; urgency=medium
+shadow (1:4.13+dfsg1-4.1) unstable; urgency=medium
 
-  * Add myself to Uploaders, per discussion with Serge Hallyn
-  * Apply wrap-and-sort -kas style
-  * Use debputy to avoid Rules-Requires-Root: binary-targets
-  * libsubid4: tighten package-internal dependencies
+  * Enhance the manpage for vipw (closes #1064940).
 
-  [ Serge Hallyn ]
-  * Drop pam_lastlog.so from config. (Closes: #1068229)
-  * Stop installing lastlog binary.
-
- -- Chris Hofstaedtler <zeha@debian.org>  Sun, 02 Jun 2024 20:01:51 +0200
+ -- Toni Mueller <toni@debian.org>  Thu, 29 Feb 2024 16:37:32 +0000
 
 shadow (1:4.13+dfsg1-4) unstable; urgency=medium
 

debian/control

@@ -1,39 +1,35 @@
 Source: shadow
 Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
-Uploaders:
- Serge Hallyn <serge@hallyn.com>,
- Chris Hofstaedtler <zeha@debian.org>
+Uploaders: Serge Hallyn <serge@hallyn.com>
 Section: admin
 Priority: required
-Build-Depends:
- bison,
- debhelper-compat (= 13),
- dh-sequence-zz-debputy-rrr (>= 0.1.23~),
- docbook-xml <!nodoc>,
- docbook-xsl <!nodoc>,
- gettext,
- itstool <!nodoc>,
- libaudit-dev [linux-any],
- libcrypt-dev,
- libpam0g-dev,
- libselinux1-dev [linux-any],
- libsemanage-dev [linux-any],
- libxml2-utils <!nodoc>,
- quilt,
- xsltproc <!nodoc>
+Build-Depends: debhelper-compat (= 13),
+               gettext,
+               libcrypt-dev,
+               libpam0g-dev,
+               quilt,
+               xsltproc <!nodoc>,
+               docbook-xsl <!nodoc>,
+               docbook-xml <!nodoc>,
+               libxml2-utils <!nodoc>,
+               libselinux1-dev [linux-any],
+               libsemanage-dev [linux-any],
+               itstool <!nodoc>,
+               bison,
+               libaudit-dev [linux-any]
 Standards-Version: 4.6.1
 Vcs-Git: https://salsa.debian.org/debian/shadow.git -b master
 Vcs-Browser: https://salsa.debian.org/debian/shadow
 Homepage: https://github.com/shadow-maint/shadow
-Rules-Requires-Root: no
+Rules-Requires-Root: binary-targets
 
 Package: passwd
 Architecture: any
 Multi-Arch: foreign
-Depends:
- libpam-modules
-Recommends:
- sensible-utils
+Depends: ${shlibs:Depends},
+         ${misc:Depends},
+         libpam-modules
+Recommends: sensible-utils
 Description: change and administer password and group data
  This package includes passwd, chsh, chfn, and many other programs to
  maintain password and group data.
@@ -44,15 +40,13 @@ Package: login
 Architecture: any
 Multi-Arch: foreign
 Essential: yes
-Pre-Depends:
- libpam-modules,
- libpam-runtime
-Breaks:
- hurd (<< 20140206~) [hurd-any]
-Conflicts:
- python-4suite (<< 0.99cvs20060405-1)
-Replaces:
- hurd (<< 20140206~) [hurd-any]
+Pre-Depends: ${shlibs:Depends},
+             ${misc:Depends},
+             libpam-runtime,
+             libpam-modules
+Breaks: hurd (<< 20140206~) [hurd-any]
+Conflicts: python-4suite (<< 0.99cvs20060405-1)
+Replaces: hurd (<< 20140206~) [hurd-any]
 Description: system login tools
  This package provides some required infrastructure for logins and for
  changing effective user or group IDs, including:
@@ -63,6 +57,8 @@ Package: uidmap
 Architecture: any
 Multi-Arch: foreign
 Priority: optional
+Depends: ${shlibs:Depends},
+         ${misc:Depends}
 Description: programs to help use subuids
  These programs help unprivileged users to create uid and gid mappings in
  user namespaces.
@@ -72,6 +68,8 @@ Section: libs
 Priority: optional
 Architecture: any
 Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: subordinate id handling library -- shared library
  The library provides an interface for querying, granding and ungranting
  subordinate user and group ids.
@@ -81,8 +79,7 @@ Section: libdevel
 Priority: optional
 Architecture: any
 Multi-Arch: same
-Depends:
- libsubid4 (= ${binary:Version})
+Depends: ${misc:Depends}, libsubid4 (= ${binary:Version})
 Description: subordinate id handling library -- shared library
  The library provides an interface for querying, granding and ungranting
  subordinate user and group ids.

debian/debputy.manifest

@@ -1,37 +0,0 @@
-manifest-version: '0.1'
-packages:
-  passwd:
-    transformations:
-    - path-metadata:
-        path: usr/bin/chfn
-        mode: "u=rwxs,go=rx"
-    - path-metadata:
-        path: usr/bin/chsh
-        mode: "u=rwxs,go=rx"
-    - path-metadata:
-        path: usr/bin/gpasswd
-        mode: "u=rwxs,go=rx"
-    - path-metadata:
-        path: usr/bin/passwd
-        mode: "u=rwxs,go=rx"
-    - path-metadata:
-        path: usr/bin/chage
-        group: "shadow"
-        mode: "u=rwx,go=rxs"
-    - path-metadata:
-        path: usr/bin/expiry
-        group: "shadow"
-        mode: "u=rwx,go=rxs"
-  login:
-    transformations:
-    - path-metadata:
-        path: usr/bin/newgrp
-        mode: "u=rwxs,go=rx"
-  uidmap:
-    transformations:
-    - path-metadata:
-        path: usr/bin/newgidmap
-        mode: "u=rwxs,go=rx"
-    - path-metadata:
-        path: usr/bin/newuidmap
-        mode: "u=rwxs,go=rx"

debian/login.install

@@ -1,6 +1,7 @@
-bin/login usr/bin
 debian/login.defs etc
+usr/share/locale/*/LC_MESSAGES/shadow.mo
 sbin/nologin usr/sbin
 usr/bin/faillog
+usr/bin/lastlog
 usr/bin/newgrp
-usr/share/locale/*/LC_MESSAGES/shadow.mo
+bin/login usr/bin

debian/login.manpages

@@ -4,6 +4,7 @@ usr/share/man/*/man1/sg.1
 usr/share/man/*/man5/faillog.5
 usr/share/man/*/man5/login.defs.5
 usr/share/man/*/man8/faillog.8
+usr/share/man/*/man8/lastlog.8
 usr/share/man/*/man8/nologin.8
 usr/share/man/man1/login.1
 usr/share/man/man1/newgrp.1
@@ -11,4 +12,5 @@ usr/share/man/man1/sg.1
 usr/share/man/man5/faillog.5
 usr/share/man/man5/login.defs.5
 usr/share/man/man8/faillog.8
+usr/share/man/man8/lastlog.8
 usr/share/man/man8/nologin.8

debian/login.pam

@@ -77,6 +77,10 @@ auth       optional   pam_group.so
 # (Replaces the use of /etc/limits in old login)
 session    required   pam_limits.so
 
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
 # Prints the status of the user's mailbox upon successful login
 # (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
 #

debian/not-installed

@@ -15,7 +15,6 @@ etc/pam.d/passwd
 etc/pam.d/useradd
 etc/pam.d/userdel
 etc/pam.d/usermod
-usr/bin/lastlog
 usr/bin/sg
 usr/lib/*/libsubid.la
 usr/sbin/logoutd
@@ -26,7 +25,6 @@ usr/share/man/*/man1/su.1
 usr/share/man/*/man3/getspnam.3
 usr/share/man/*/man3/shadow.3
 usr/share/man/*/man5/suauth.5
-usr/share/man/*/man8/lastlog.8
 usr/share/man/*/man8/logoutd.8
 usr/share/man/man1/groups.1
 usr/share/man/man1/logoutd.1
@@ -34,6 +32,5 @@ usr/share/man/man1/su.1
 usr/share/man/man3/getspnam.3
 usr/share/man/man3/shadow.3
 usr/share/man/man5/suauth.5
-usr/share/man/man8/lastlog.8
 usr/share/man/man8/logoutd.8
 

debian/passwd.dirs

@@ -1,2 +1,2 @@
-etc/default
 usr/share/lintian/overrides
+etc/default

debian/passwd.install

@@ -6,13 +6,13 @@ usr/bin/chsh
 usr/bin/expiry
 usr/bin/gpasswd
 usr/bin/passwd
-usr/sbin/chgpasswd
 usr/sbin/chpasswd
+usr/sbin/chgpasswd
 usr/sbin/cppw
 usr/sbin/groupadd
 usr/sbin/groupdel
-usr/sbin/groupmems
 usr/sbin/groupmod
+usr/sbin/groupmems
 usr/sbin/grpck
 usr/sbin/grpconv
 usr/sbin/grpunconv

debian/passwd.links

@@ -1,2 +1,2 @@
-usr/sbin/cppw usr/sbin/cpgr
 usr/sbin/vipw usr/sbin/vigr
+usr/sbin/cppw usr/sbin/cpgr

debian/passwd.manpages

@@ -6,17 +6,17 @@ usr/share/man/*/man1/chsh.1
 usr/share/man/*/man1/expiry.1
 usr/share/man/*/man1/gpasswd.1
 usr/share/man/*/man1/passwd.1
-usr/share/man/*/man5/gshadow.5
 usr/share/man/*/man5/passwd.5
-usr/share/man/*/man5/shadow.5
 usr/share/man/*/man5/subgid.5
 usr/share/man/*/man5/subuid.5
-usr/share/man/*/man8/chgpasswd.8
+usr/share/man/*/man5/shadow.5
+usr/share/man/*/man5/gshadow.5
 usr/share/man/*/man8/chpasswd.8
+usr/share/man/*/man8/chgpasswd.8
 usr/share/man/*/man8/groupadd.8
 usr/share/man/*/man8/groupdel.8
-usr/share/man/*/man8/groupmems.8
 usr/share/man/*/man8/groupmod.8
+usr/share/man/*/man8/groupmems.8
 usr/share/man/*/man8/grpck.8
 usr/share/man/*/man8/grpconv.8
 usr/share/man/*/man8/grpunconv.8
@@ -35,11 +35,11 @@ usr/share/man/man1/chsh.1
 usr/share/man/man1/expiry.1
 usr/share/man/man1/gpasswd.1
 usr/share/man/man1/passwd.1
-usr/share/man/man5/gshadow.5
 usr/share/man/man5/passwd.5
 usr/share/man/man5/shadow.5
-usr/share/man/man5/subgid.5
+usr/share/man/man5/gshadow.5
 usr/share/man/man5/subuid.5
+usr/share/man/man5/subgid.5
 usr/share/man/man8/chgpasswd.8
 usr/share/man/man8/chpasswd.8
 usr/share/man/man8/groupadd.8

debian/rules

@@ -55,6 +55,25 @@ override_dh_installpam:
 	dh_installpam -p passwd --name=chpasswd
 	dh_installpam -p passwd --name=newusers
 
+override_dh_builddeb-arch:
+	# uidmap
+	chmod u+s debian/uidmap/usr/bin/newuidmap
+	chmod u+s debian/uidmap/usr/bin/newgidmap
+	# login
+	# No real need for login to be setuid root
+	# chmod u+s debian/login/bin/login
+	chmod u+s debian/login/usr/bin/newgrp
+	# passwd
+	chmod u+s debian/passwd/usr/bin/chfn
+	chmod u+s debian/passwd/usr/bin/chsh
+	chmod u+s debian/passwd/usr/bin/gpasswd
+	chmod u+s debian/passwd/usr/bin/passwd
+	chgrp shadow debian/passwd/usr/bin/chage
+	chgrp shadow debian/passwd/usr/bin/expiry
+	chmod g+s debian/passwd/usr/bin/chage
+	chmod g+s debian/passwd/usr/bin/expiry
+	dh_builddeb -a
+
 override_dh_auto_clean:
 	sed -i 's/# Linux only # //' debian/login.pam
 	dh_auto_clean

debian/shlibs.local

@@ -1 +0,0 @@
-deb: libsubid 4 libsubid4 (= ${binary:Version})

debian/uidmap.install

@@ -1,3 +1,3 @@
 bin/getsubids usr/bin
-usr/bin/newgidmap
 usr/bin/newuidmap
+usr/bin/newgidmap

man/vipw.8.xml

@@ -73,10 +73,20 @@
       the appropriate locks to prevent file corruption. When looking for an
       editor, the programs will first try the environment variable
       <envar>$VISUAL</envar>, then the environment variable
-      <envar>$EDITOR</envar>, and finally the default editor,
+      <envar>$EDITOR</envar>, then the editor from
+      <filename>~/.selected_editor</filename>, and finally
+      <command>nano</command>.
       <citerefentry><refentrytitle>vi</refentrytitle>
       <manvolnum>1</manvolnum></citerefentry>.
     </para>
+    <para>
+        On the first run, if the environment variables <envar>$VISUAL</envar>
+        and <envar>$EDITOR</envar> are both unset, this program asks you for
+        an editor and stores your selection in
+        <filename>~/.selected_editor</filename>. If the editor mentioned
+        therein does not exist on your system, the program will fall back
+        to using <command>nano</command>.
+    </para>
   </refsect1>
 
   <refsect1 id='options'>
@@ -210,6 +220,9 @@
       <citerefentry>
 	<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>
+      <citerefentry>
+          <refentrytitle>~/.selected_editor</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>
       <citerefentry condition="tcb">
 	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>,