From 1ad32536c2d4a3e55e698d27d827caee788cb0f7 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Wed, 12 Jul 2017 10:44:11 +0200 Subject: util-linux: fix "su -" and package su separately "su -" == "su --login" was broken because it uses /etc/pam.d/su-l and lacking that, falls back to /etc/pam.d/other which denies the operation. The fix is to symlink "su-l" to the normal "su" pam config file. Because "su" usually comes from "shadow" and has been broken like this without anyone noticing, it probably is not used much and thus should be packaged separately so that it can be installed only when really needed. For backwards compatibility, "util-linux" still pulls it in. It is a bit strange that DISTRO_FEATURES are getting checked when deciding whether the packages should be defined. It is not wrong, the packages will be simply empty and thus probably not created when the distro feature is on and the package config is off. Perhaps there is a reason, so this is kept unchanged. The symlink however only gets created when su.util-linux really gets built. [YOCTO #11126] Signed-off-by: Patrick Ohly Signed-off-by: Ross Burton --- meta/recipes-core/util-linux/util-linux.inc | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc index 1656e92a87..47c2839970 100644 --- a/meta/recipes-core/util-linux/util-linux.inc +++ b/meta/recipes-core/util-linux/util-linux.inc @@ -35,7 +35,7 @@ PACKAGES =+ "util-linux-agetty util-linux-fdisk util-linux-cfdisk util-linux-sfd util-linux-partx util-linux-hwclock util-linux-mountpoint \ util-linux-findfs util-linux-getopt util-linux-sulogin util-linux-prlimit" PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'pylibmount', 'util-linux-pylibmount', '', d)}" -PACKAGES =+ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser', '', d)}" +PACKAGES =+ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser util-linux-su', '', d)}" PACKAGES_DYNAMIC = "^util-linux-lib.*" @@ -91,6 +91,8 @@ FILES_util-linux-findfs = "${sbindir}/findfs" FILES_util-linux-getopt = "${base_bindir}/getopt.${BPN}" FILES_util-linux-runuser = "${sbindir}/runuser" FILES_util-linux-prlimit = "${bindir}/prlimit" +FILES_util-linux-su = "${bindir}/su.util-linux ${sysconfdir}/pam.d/su-l" +CONFFILES_util-linux-su = "${sysconfdir}/pam.d/su-l" FILES_util-linux-pylibmount = "${PYTHON_SITEPACKAGES_DIR}/libmount/pylibmount.so \ ${PYTHON_SITEPACKAGES_DIR}/libmount/__init__.* \ @@ -116,9 +118,10 @@ RREPLACES_util-linux-blkid = "e2fsprogs-blkid" RDEPENDS_util-linux-reset += "ncurses" RDEPENDS_util-linux-runuser += "libpam" +RDEPENDS_util-linux-su += "libpam" RDEPENDS_${PN} = "util-linux-umount util-linux-swaponoff util-linux-losetup util-linux-sulogin util-linux-lsblk" -RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser', '', d)}" +RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser util-linux-su', '', d)}" RRECOMMENDS_${PN} = "util-linux-fdisk util-linux-cfdisk util-linux-sfdisk util-linux-mount util-linux-readprofile util-linux-mkfs util-linux-mountpoint util-linux-prlimit" @@ -182,6 +185,12 @@ do_install () { install -m 0644 ${WORKDIR}/runuser.pamd ${D}${sysconfdir}/pam.d/runuser install -m 0644 ${WORKDIR}/runuser-l.pamd ${D}${sysconfdir}/pam.d/runuser-l fi + if [ "${@bb.utils.filter('PACKAGECONFIG', 'pam', d)}" ]; then + # Required for "su -" aka "su --login" because + # otherwise it uses "other", which has "auth pam_deny.so" + # and thus prevents the operation. + ln -s su ${D}${sysconfdir}/pam.d/su-l + fi } # reset and nologin causes a conflict with ncurses-native and shadow-native -- cgit 1.2.3-korg