diff options
Diffstat (limited to 'meta/recipes-extended/shadow')
18 files changed, 327 insertions, 574 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch new file mode 100644 index 0000000000..4d6f6d68ec --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch @@ -0,0 +1,124 @@ +From 531cd5ca6eadef29b4799459f1bcfc002ecbd424 Mon Sep 17 00:00:00 2001 +From: Scott Garman <scott.a.garman@intel.com> +Date: Thu, 14 Apr 2016 12:28:57 +0200 +Subject: [PATCH] Disable use of syslog for sysroot + +Disable use of syslog to prevent sysroot user and group additions from +writing entries to the host's syslog. This patch should only be used +with the shadow-native recipe. + +Upstream-Status: Inappropriate [disable feature] + +Signed-off-by: Scott Garman <scott.a.garman@intel.com> +Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + +--- + src/groupadd.c | 3 +++ + src/groupdel.c | 3 +++ + src/groupmems.c | 3 +++ + src/groupmod.c | 3 +++ + src/useradd.c | 3 +++ + src/userdel.c | 4 ++++ + src/usermod.c | 3 +++ + 7 files changed, 22 insertions(+) + +diff --git a/src/groupadd.c b/src/groupadd.c +index 66ccb53..776ea51 100644 +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -11,6 +11,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include <ctype.h> + #include <fcntl.h> + #include <getopt.h> +diff --git a/src/groupdel.c b/src/groupdel.c +index c84faa7..1076f4b 100644 +--- a/src/groupdel.c ++++ b/src/groupdel.c +@@ -11,6 +11,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include <ctype.h> + #include <fcntl.h> + #include <grp.h> +diff --git a/src/groupmems.c b/src/groupmems.c +index a0e3266..6540cb1 100644 +--- a/src/groupmems.c ++++ b/src/groupmems.c +@@ -9,6 +9,9 @@ + + #include <config.h> + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include <fcntl.h> + #include <getopt.h> + #include <grp.h> +diff --git a/src/groupmod.c b/src/groupmod.c +index 006eca1..78b1ad6 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -11,6 +11,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include <ctype.h> + #include <fcntl.h> + #include <getopt.h> +diff --git a/src/useradd.c b/src/useradd.c +index 456b9de..2b0d703 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -11,6 +11,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include <assert.h> + #include <ctype.h> + #include <errno.h> +diff --git a/src/userdel.c b/src/userdel.c +index 7012b0e..08bb5d1 100644 +--- a/src/userdel.c ++++ b/src/userdel.c +@@ -8,6 +8,10 @@ + */ + + #include <config.h> ++ ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include <assert.h> + #include <dirent.h> + #include <errno.h> +diff --git a/src/usermod.c b/src/usermod.c +index 9473a7d..7d4f7b5 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -11,6 +11,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include <assert.h> + #include <ctype.h> + #include <errno.h> diff --git a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch deleted file mode 100644 index 828b95a572..0000000000 --- a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <pkj@axis.com> -Date: Thu, 11 Sep 2014 15:11:23 +0200 -Subject: [PATCH] Do not read login.defs before doing chroot() - -If "useradd --root <root> ..." was used, the login.defs file would still -be read from /etc/login.defs instead of <root>/etc/login.defs. This was -due to getdef_ulong() being called before process_root_flag(). - -Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html] - -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - src/useradd.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/useradd.c b/src/useradd.c -index a8a1f76..e1ebf50 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1993,9 +1993,11 @@ int main (int argc, char **argv) - #endif /* USE_PAM */ - #endif /* ACCT_TOOLS_SETUID */ - -+#ifdef ENABLE_SUBIDS - /* Needed for userns check */ -- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); -- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); -+ uid_t uid_min; -+ uid_t uid_max; -+#endif - - /* - * Get my name so that I can use it to report errors. -@@ -2026,6 +2028,8 @@ int main (int argc, char **argv) - is_shadow_grp = sgr_file_present (); - #endif - #ifdef ENABLE_SUBIDS -+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); -+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); - is_sub_uid = sub_uid_file_present () && !rflg && - (!user_id || (user_id <= uid_max && user_id >= uid_min)); - is_sub_gid = sub_gid_file_present () && !rflg && --- -1.9.0 - diff --git a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch deleted file mode 100644 index 85dde8e1bb..0000000000 --- a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch +++ /dev/null @@ -1,109 +0,0 @@ -Upstream-Status: Inappropriate [OE specific] - -Subject: useradd.c: create parent directories when necessary - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------ - 1 file changed, 49 insertions(+), 23 deletions(-) - -diff --git a/src/useradd.c b/src/useradd.c -index 4bd969d..cb5dd6c 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1893,6 +1893,35 @@ static void usr_update (void) - } - - /* -+ * mkdir_p - create directories, including parent directories when needed -+ * -+ * similar to `mkdir -p' -+ */ -+void mkdir_p(const char *path) { -+ int len = strlen(path); -+ char newdir[len + 1]; -+ mode_t mode = 0755; -+ int i = 0; -+ -+ if (path[i] == '\0') { -+ return; -+ } -+ -+ /* skip the leading '/' */ -+ i++; -+ -+ while(path[i] != '\0') { -+ if (path[i] == '/') { -+ strncpy(newdir, path, i); -+ newdir[i] = '\0'; -+ mkdir(newdir, mode); -+ } -+ i++; -+ } -+ mkdir(path, mode); -+} -+ -+/* - * create_home - create the user's home directory - * - * create_home() creates the user's home directory if it does not -@@ -1907,36 +1936,33 @@ static void create_home (void) - fail_exit (E_HOMEDIR); - } - #endif -- /* XXX - create missing parent directories. --marekm */ -- if (mkdir (user_home, 0) != 0) { -- fprintf (stderr, -- _("%s: cannot create directory %s\n"), -- Prog, user_home); --#ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -- "adding home directory", -- user_name, (unsigned int) user_id, -- SHADOW_AUDIT_FAILURE); --#endif -- fail_exit (E_HOMEDIR); -- } -- chown (user_home, user_id, user_gid); -- chmod (user_home, -- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -- home_added = true; -+ mkdir_p(user_home); -+ } -+ if (access (user_home, F_OK) != 0) { - #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", - user_name, (unsigned int) user_id, -- SHADOW_AUDIT_SUCCESS); -+ SHADOW_AUDIT_FAILURE); - #endif --#ifdef WITH_SELINUX -- /* Reset SELinux to create files with default contexts */ -- if (reset_selinux_file_context () != 0) { -- fail_exit (E_HOMEDIR); -- } -+ fail_exit (E_HOMEDIR); -+ } -+ chown (user_home, user_id, user_gid); -+ chmod (user_home, -+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -+ home_added = true; -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "adding home directory", -+ user_name, (unsigned int) user_id, -+ SHADOW_AUDIT_SUCCESS); - #endif -+#ifdef WITH_SELINUX -+ /* Reset SELinux to create files with default contexts */ -+ if (reset_selinux_file_context () != 0) { -+ fail_exit (E_HOMEDIR); - } -+#endif - } - - /* --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch deleted file mode 100644 index 68da25f406..0000000000 --- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch +++ /dev/null @@ -1,201 +0,0 @@ -Upstream-Status: Inappropriate [OE specific] - -Allow for setting password in clear text. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/Makefile.am | 8 ++++---- - src/groupadd.c | 8 +++++++- - src/groupmod.c | 8 +++++++- - src/useradd.c | 9 +++++++-- - src/usermod.c | 8 +++++++- - 5 files changed, 32 insertions(+), 9 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 25e288d..856b087 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - grpck_LDADD = $(LDADD) $(LIBSELINUX) - grpconv_LDADD = $(LDADD) $(LIBSELINUX) - grpunconv_LDADD = $(LDADD) $(LIBSELINUX) -@@ -111,9 +111,9 @@ su_SOURCES = \ - suauth.c - su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - sulogin_LDADD = $(LDADD) $(LIBCRYPT) --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) - userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) - vipw_LDADD = $(LDADD) $(LIBSELINUX) - - install-am: all-am -diff --git a/src/groupadd.c b/src/groupadd.c -index f716f57..4e28c26 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" - " (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs ("\n", usageout); -@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv) - {"key", required_argument, NULL, 'K'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; - -- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:", -+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:", - long_options, NULL)) != -1) { - switch (c) { - case 'f': -@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv) - pflg = true; - group_passwd = optarg; - break; -+ case 'P': -+ pflg = true; -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; -diff --git a/src/groupmod.c b/src/groupmod.c -index d9d3807..68f49d1 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -127,6 +127,7 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" - " PASSWORD\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs ("\n", usageout); - exit (status); -@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv) - {"new-name", required_argument, NULL, 'n'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; -- while ((c = getopt_long (argc, argv, "g:hn:op:R:", -+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:", - long_options, NULL)) != -1) { - switch (c) { - case 'g': -@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv) - group_passwd = optarg; - pflg = true; - break; -+ case 'P': -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; - default: -diff --git a/src/useradd.c b/src/useradd.c -index b3bd451..4416f90 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -773,6 +773,7 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" - " (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); -@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv) - {"no-user-group", no_argument, NULL, 'N'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, - {"shell", required_argument, NULL, 's'}, -@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv) - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:", - #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U", - #endif /* !WITH_SELINUX */ - long_options, NULL)) != -1) { - switch (c) { -@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv) - } - user_pass = optarg; - break; -+ case 'P': /* set clear text password */ -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; -diff --git a/src/usermod.c b/src/usermod.c -index e7d4351..b79f7a3 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status) - " new location (use only with -d)\n"), usageout); - (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); - (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); -@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv) - {"move-home", no_argument, NULL, 'm'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {"shell", required_argument, NULL, 's'}, - {"uid", required_argument, NULL, 'u'}, -@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv) - {NULL, 0, NULL, '\0'} - }; - while ((c = getopt_long (argc, argv, -- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U" -+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U" - #ifdef ENABLE_SUBIDS - "v:w:V:W:" - #endif /* ENABLE_SUBIDS */ -@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv) - user_pass = optarg; - pflg = true; - break; -+ case 'P': -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; - case 's': --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch deleted file mode 100644 index 185590cabd..0000000000 --- a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 -From: James Le Cuirot <chewi@aura-online.co.uk> -Date: Sat, 23 Aug 2014 09:46:39 +0100 -Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF - -This built-in check is simpler than the previous method and, most -importantly, works when cross-compiling. - -Upstream-Status: Accepted -[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f] - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> ---- - configure.in | 14 ++++---------- - 1 file changed, 4 insertions(+), 10 deletions(-) - -diff --git a/configure.in b/configure.in -index 1a3f841..4a4d6d0 100644 ---- a/configure.in -+++ b/configure.in -@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then - dnl - dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc - dnl -- AC_RUN_IFELSE([AC_LANG_SOURCE([ --#include <sys/types.h> --int main(void) { -- uid_t u; -- gid_t g; -- return (sizeof u < 4) || (sizeof g < 4); --} -- ])], [id32bit="yes"], [id32bit="no"]) -- -- if test "x$id32bit" = "xyes"; then -+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) -+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) -+ -+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then - AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) - enable_subids="yes" - else diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index 4fa3d184ed..173e8a937d 100644 --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,3 +1,8 @@ +From d767f776e631f1493fd7b266f2026d630ecf70fe Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 17 Jul 2014 15:53:34 +0800 +Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env + Upstream-Status: Inappropriate [OE specific] commonio.c: fix unexpected open failure in chroot environment @@ -10,15 +15,16 @@ Note that this patch doesn't change the logic in the code, it just expands the codes. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + --- - lib/commonio.c | 16 ++++++++++++---- + lib/commonio.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index cc536bf..51cafd9 100644 +index 9e0fde6..7c3a1da 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -624,10 +624,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; @@ -41,6 +47,3 @@ index cc536bf..51cafd9 100644 db->fp = NULL; if (fd >= 0) { #ifdef WITH_TCB --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/disable-syslog.patch b/meta/recipes-extended/shadow/files/disable-syslog.patch deleted file mode 100644 index 1943fd6faf..0000000000 --- a/meta/recipes-extended/shadow/files/disable-syslog.patch +++ /dev/null @@ -1,34 +0,0 @@ -Disable use of syslog to prevent sysroot user and group additions from -writing entries to the host's syslog. This patch should only be used -with the shadow-native recipe. - -Upstream-Status: Inappropriate [disable feature] - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3/src/groupadd.c ---- shadow-4.1.4.3.orig//src/groupadd.c 2011-02-13 09:58:16.000000000 -0800 -+++ shadow-4.1.4.3/src/groupadd.c 2012-04-05 10:05:59.440001758 -0700 -@@ -34,6 +34,9 @@ - - #ident "$Id: groupadd.c 3015 2009-06-05 22:16:56Z nekral-guest $" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <getopt.h> -diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3/src/useradd.c ---- shadow-4.1.4.3.orig//src/useradd.c 2011-02-13 09:58:16.000000000 -0800 -+++ shadow-4.1.4.3/src/useradd.c 2012-04-05 10:06:25.076001315 -0700 -@@ -34,6 +34,9 @@ - - #ident "$Id: useradd.c 3015 2009-06-05 22:16:56Z nekral-guest $" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <assert.h> - #include <ctype.h> - #include <errno.h> diff --git a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch deleted file mode 100644 index 02cb91aafd..0000000000 --- a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch +++ /dev/null @@ -1,28 +0,0 @@ -Upstream-Status: Pending - -Subject: fix installation failure with subids disabled - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/Makefile.am | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 25e288d..076f8ef 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -52,7 +52,10 @@ usbin_PROGRAMS = \ - noinst_PROGRAMS = id sulogin - - suidbins = su --suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap -+suidubins = chage chfn chsh expiry gpasswd newgrp passwd -+if ENABLE_SUBIDS -+suidubins += newgidmap newuidmap -+endif - if ACCT_TOOLS_SETUID - suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod - endif --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/pam.d/chpasswd b/meta/recipes-extended/shadow/files/pam.d/chpasswd index 9e3efa68ba..b769d92ba4 100644 --- a/meta/recipes-extended/shadow/files/pam.d/chpasswd +++ b/meta/recipes-extended/shadow/files/pam.d/chpasswd @@ -1,4 +1,6 @@ # The PAM configuration file for the Shadow 'chpasswd' service # +auth sufficient pam_rootok.so +account required pam_permit.so password include common-password diff --git a/meta/recipes-extended/shadow/files/pam.d/newusers b/meta/recipes-extended/shadow/files/pam.d/newusers index 4aa3dde48b..4c59dfa478 100644 --- a/meta/recipes-extended/shadow/files/pam.d/newusers +++ b/meta/recipes-extended/shadow/files/pam.d/newusers @@ -1,4 +1,6 @@ # The PAM configuration file for the Shadow 'newusers' service # +auth sufficient pam_rootok.so +account required pam_permit.so password include common-password diff --git a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch new file mode 100644 index 0000000000..cc833362e9 --- /dev/null +++ b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch @@ -0,0 +1,111 @@ +From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001 +From: Shan Hai <shan.hai@windriver.com> +Date: Tue, 13 Sep 2016 13:45:46 +0800 +Subject: [PATCH] shadow: use relaxed usernames + +The groupadd from shadow does not allow upper case group names, the +same is true for the upstream shadow. But distributions like +Debian/Ubuntu/CentOS has their own way to cope with this problem, +this patch is picked up from CentOS release 7.0 to relax the usernames +restrictions to allow the upper case group names, and the relaxation is +POSIX compliant because POSIX indicate that usernames are composed of +characters from the portable filename character set [A-Za-z0-9._-]. + +Upstream-Status: Pending + +Signed-off-by: Shan Hai <shan.hai@windriver.com> + +--- + libmisc/chkname.c | 30 ++++++++++++++++++------------ + man/groupadd.8.xml | 6 ------ + man/useradd.8.xml | 8 +------- + 3 files changed, 19 insertions(+), 25 deletions(-) + +diff --git a/libmisc/chkname.c b/libmisc/chkname.c +index 90f185c..65762b4 100644 +--- a/libmisc/chkname.c ++++ b/libmisc/chkname.c +@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name) + } + + /* +- * User/group names must match [a-z_][a-z0-9_-]*[$] +- */ +- +- if (('\0' == *name) || +- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { ++ * User/group names must match gnu e-regex: ++ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? ++ * ++ * as a non-POSIX, extension, allow "$" as the last char for ++ * sake of Samba 3.x "add machine script" ++ */ ++ if ( ('\0' == *name) || ++ !((*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') ++ )) { + return false; + } + + while ('\0' != *++name) { +- if (!(( ('a' <= *name) && ('z' >= *name) ) || +- ( ('0' <= *name) && ('9' >= *name) ) || +- ('_' == *name) || +- ('-' == *name) || +- ('.' == *name) || +- ( ('$' == *name) && ('\0' == *(name + 1)) ) +- )) { ++ if (!( (*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') || (*name == '-') || ++ (*name == '$' && *(name + 1) == '\0') ++ )) { + return false; + } + } +diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml +index 1e58f09..d804b61 100644 +--- a/man/groupadd.8.xml ++++ b/man/groupadd.8.xml +@@ -272,12 +272,6 @@ + + <refsect1 id='caveats'> + <title>CAVEATS</title> +- <para> +- Groupnames must start with a lower case letter or an underscore, +- followed by lower case letters, digits, underscores, or dashes. +- They can end with a dollar sign. +- In regular expression terms: [a-z_][a-z0-9_-]*[$]? +- </para> + <para> + Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. + </para> +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index a16d730..c0bd777 100644 +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -366,7 +366,7 @@ + </term> + <listitem> + <para> +- Do no create the user's home directory, even if the system ++ Do not create the user's home directory, even if the system + wide setting from <filename>/etc/login.defs</filename> + (<option>CREATE_HOME</option>) is set to + <replaceable>yes</replaceable>. +@@ -660,12 +660,6 @@ + the user account creation request. + </para> + +- <para> +- Usernames must start with a lower case letter or an underscore, +- followed by lower case letters, digits, underscores, or dashes. +- They can end with a dollar sign. +- In regular expression terms: [a-z_][a-z0-9_-]*[$]? +- </para> + <para> + Usernames may only be up to 32 characters long. + </para> diff --git a/meta/recipes-extended/shadow/files/useradd b/meta/recipes-extended/shadow/files/useradd new file mode 100644 index 0000000000..782aeef418 --- /dev/null +++ b/meta/recipes-extended/shadow/files/useradd @@ -0,0 +1,8 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/sh +SKEL=/etc/skel +CREATE_MAIL_SPOOL=no diff --git a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch deleted file mode 100644 index 37dc153fca..0000000000 --- a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch +++ /dev/null @@ -1,33 +0,0 @@ -Upstream-Status: Pending - -usermod: fix compilation failure with subids disabled - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/usermod.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/usermod.c b/src/usermod.c -index e7d4351..685b50a 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv) - Prog, (unsigned long) user_newid); - exit (E_UID_IN_USE); - } -- -+#ifdef ENABLE_SUBIDS - if ( (vflg || Vflg) - && !is_sub_uid) { - fprintf (stderr, -@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv) - Prog, sub_gid_dbname (), "-w", "-W"); - exit (E_USAGE); - } -+#endif - } - - /* --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb index c78f888cf4..c78f888cf4 100644 --- a/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index 697569c47e..e05fa237a2 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -1,8 +1,8 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass" -HOMEPAGE = "http://pkg-shadow.alioth.debian.org" -BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" +HOMEPAGE = "http://github.com/shadow-maint/shadow" +BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" -LICENSE = "BSD | Artistic-1.0" +LICENSE = "BSD-3-Clause | Artistic-1.0" LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" DEPENDS = "base-passwd" @@ -14,21 +14,18 @@ PR = "r3" # can add custom users/groups for recipes that use inherit useradd. SRC_URI = "file://login.defs_shadow-sysroot" -SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" -SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" - S = "${WORKDIR}" do_install() { install -d ${D}${sysconfdir} - install -p -m 755 ${S}/login.defs_shadow-sysroot ${D}${sysconfdir}/login.defs + install -p -m 644 ${S}/login.defs_shadow-sysroot ${D}${sysconfdir}/login.defs } -sysroot_stage_all() { - sysroot_stage_dir ${D} ${SYSROOT_DESTDIR} -} +SYSROOT_DIRS += "${sysconfdir}" # don't create any packages -# otherwise: dbus-dev depends on shadow-sysroot-dev which depends on shadow-sysroot +# otherwise: dbus-dev depends on shadow-sysroot-dev which depends on shadow-sysroot # and this has another copy of /etc/login.defs already provided by shadow PACKAGES = "" + +inherit nopackages diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 4313ffe952..f5fdf436f7 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -1,41 +1,37 @@ SUMMARY = "Tools to change and administer password and group data" -HOMEPAGE = "http://pkg-shadow.alioth.debian.org" -BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" +HOMEPAGE = "http://github.com/shadow-maint/shadow" +DESCRIPTION = "${SUMMARY}" +BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" -LICENSE = "BSD | Artistic-1.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ - file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ + file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ + " -DEPENDS = "shadow-native" -DEPENDS_class-native = "" -DEPENDS_class-nativesdk = "" +DEPENDS = "virtual/crypt" -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ +UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" +SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz \ file://shadow-4.1.3-dots-in-usernames.patch \ - file://usermod-fix-compilation-failure-with-subids-disabled.patch \ - file://fix-installation-failure-with-subids-disabled.patch \ - file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ - file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://shadow-relaxed-usernames.patch \ + file://useradd \ " -SRC_URI_append_class-target = " \ +SRC_URI:append:class-target = " \ file://login_defs_pam.sed \ file://shadow-update-pam-conf.patch \ " -SRC_URI_append_class-native = " \ - file://disable-syslog.patch \ - file://allow-for-setting-password-in-clear-text.patch \ +SRC_URI:append:class-native = " \ + file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ - file://0001-useradd.c-create-parent-directories-when-necessary.patch \ " -SRC_URI_append_class-nativesdk = " \ - file://disable-syslog.patch \ +SRC_URI:append:class-nativesdk = " \ + file://0001-Disable-use-of-syslog-for-sysroot.patch \ " -SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8" -SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41" +SRC_URI[sha256sum] = "f262089be6a1011d50ec7849e14571b7b2e788334368f3dccb718513f17935ed" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -48,19 +44,19 @@ PAM_SRC_URI = "file://pam.d/chfn \ inherit autotools gettext -EXTRA_OECONF += "--without-audit \ - --without-libcrack \ - --without-selinux \ +export CONFIG_SHELL="/bin/sh" + +EXTRA_OECONF += "--without-libcrack \ --with-group-name-max-length=24 \ --enable-subordinate-ids=yes \ + --without-sssd \ ${NSCDOPT}" NSCDOPT = "" -NSCDOPT_class-native = "--without-nscd" -NSCDOPT_class-nativesdk = "--without-nscd" -NSCDOPT_libc-uclibc = " --without-nscd" -NSCDOPT_libc-glibc = "${@bb.utils.contains('DISTRO_FEATURES', 'libc-spawn', '--with-nscd', '--without-nscd', d)}" - +NSCDOPT:class-native = "--without-nscd" +NSCDOPT:class-nativesdk = "--without-nscd" +NSCDOPT:libc-glibc = "--with-nscd" + PAM_PLUGINS = "libpam-runtime \ pam-plugin-faildelay \ pam-plugin-securetty \ @@ -74,18 +70,23 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-shells \ pam-plugin-rootok" -PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" +PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" +PACKAGECONFIG:class-nativesdk = "" PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" +PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" -RDEPENDS_${PN} = "shadow-securetty \ +RDEPENDS:${PN} = "shadow-securetty \ base-passwd \ util-linux-sulogin" -RDEPENDS_${PN}_class-native = "" -RDEPENDS_${PN}_class-nativesdk = "" +RDEPENDS:${PN}:class-native = "" +RDEPENDS:${PN}:class-nativesdk = "" do_install() { oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install @@ -114,19 +115,16 @@ do_install() { # Use proper encryption for passwords sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs - # Now we don't have a mail system. Disable mail creation for now. - sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd - sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd - - # Use users group by default - sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd + install -d ${D}${sysconfdir}/default + install -m 0644 ${WORKDIR}/useradd ${D}${sysconfdir}/default } -do_install_append() { +do_install:append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail + install -m 0775 -d ${D}${localstatedir}/spool/mail + chown root:mail ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ @@ -135,7 +133,7 @@ do_install_append() { sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs fi - install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} + install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} # Move binaries to the locations we want rm ${D}${sbindir}/vigr @@ -154,7 +152,7 @@ do_install_append() { } PACKAGES =+ "${PN}-base" -FILES_${PN}-base = "\ +FILES:${PN}-base = "\ ${base_bindir}/login.shadow \ ${base_bindir}/su.shadow \ ${bindir}/sg \ @@ -164,27 +162,26 @@ FILES_${PN}-base = "\ ${sysconfdir}/pam.d/su \ ${sysconfdir}/login.defs \ " -RDEPENDS_${PN} += "${PN}-base" +RDEPENDS:${PN} += "${PN}-base" inherit update-alternatives ALTERNATIVE_PRIORITY = "200" -ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr" +ALTERNATIVE:${PN} = "passwd chfn chsh chpasswd vipw vigr nologin" +ALTERNATIVE_LINK_NAME[chfn] = "${bindir}/chfn" +ALTERNATIVE_LINK_NAME[chsh] = "${bindir}/chsh" ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" +ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" -ALTERNATIVE_${PN}-base = "newgrp groups login su" +ALTERNATIVE:${PN}-base = "newgrp groups login su" ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" -ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1" -ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5" -ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3" -ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1" - -pkg_postinst_${PN} () { +PACKAGE_WRITE_DEPS += "shadow-native" +pkg_postinst:${PN}:class-target () { if [ "x$D" != "x" ]; then rootarg="--root $D" else diff --git a/meta/recipes-extended/shadow/shadow_4.11.1.bb b/meta/recipes-extended/shadow/shadow_4.11.1.bb new file mode 100644 index 0000000000..40b11345c9 --- /dev/null +++ b/meta/recipes-extended/shadow/shadow_4.11.1.bb @@ -0,0 +1,11 @@ +require shadow.inc + +# Build falsely assumes that if --enable-libpam is set, we don't need to link against +# libcrypt. This breaks chsh. +BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}" + +BBCLASSEXTEND = "native nativesdk" + +# Severity is low and marked as closed and won't fix. +# https://bugzilla.redhat.com/show_bug.cgi?id=884658 +CVE_CHECK_IGNORE += "CVE-2013-4235" diff --git a/meta/recipes-extended/shadow/shadow_4.2.1.bb b/meta/recipes-extended/shadow/shadow_4.2.1.bb deleted file mode 100644 index 5675cb8cc9..0000000000 --- a/meta/recipes-extended/shadow/shadow_4.2.1.bb +++ /dev/null @@ -1,10 +0,0 @@ -require shadow.inc - -# Build falsely assumes that if --enable-libpam is set, we don't need to link against -# libcrypt. This breaks chsh. -BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', bb.utils.contains('DISTRO_FEATURES', 'libc-crypt', '-lcrypt', '', d), '', d)}" - -BBCLASSEXTEND = "native nativesdk" - - - |