. ${BUILDFILE%/*}/common.sh
pkgver=20180910

package() {
preamble
# #### users

depends+=(sudo shadow)

# `/etc/sudoers.d/00-wheel` gives sudo access to everyone in the
# `wheel` group.
install -d etc
install -dm750 etc/sudoers.d
add-file etc/sudoers.d/00-wheel <<-'EOF'
	%wheel ALL=(ALL) ALL
	EOF

# The `shadow.service` has been extended to:
#
# - sort the files if they otherwise are ok. This makes dealing with
#   pacman updates and such easier
# - check that all users require a password, if login is enabled
#
# This could have been done in very long one-liner in `ExecStart=`,
# but at some point it became easier to just move it to a real script
# file.
add-file etc/systemd/system/shadow.service.d/extra.conf <<-'EOF'
	[Service]
	ExecStart=
	ExecStart=/etc/systemd/system/shadow
	EOF
add-file -m755 etc/systemd/system/shadow <<-'EOF'
	#!/bin/sh
	r=0
	set -x

	# Always run all checks, but fail the service if any fail
	# Extra: Sort the files if the integrity checks pass
	/usr/bin/pwck  -r && /usr/bin/pwck  -s || r=1
	/usr/bin/grpck -r && /usr/bin/grpck -s || r=1
	# Extra: Check that all users require a password, if login is enabled
	/usr/bin/grep '^[^:]*::' /etc/passwd /etc/shadow && r=1

	exit $r
	EOF

postamble
}