diff options
Diffstat (limited to 'meta/recipes-core/base-passwd')
13 files changed, 172 insertions, 115 deletions
diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch new file mode 100644 index 0000000000..33b0b5820d --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch @@ -0,0 +1,26 @@ +From 49371dfc984ac895d658d01108e8bf58675ce8c9 Mon Sep 17 00:00:00 2001 +From: Saul Wold <sgw@linux.intel.com> +Date: Fri, 29 Apr 2022 13:32:27 +0000 +Subject: [PATCH] Add a shutdown group + +We need to have a shutdown group to allow the shutdown icon to work +correctly. Any users that want to use shutdown like the xuser should +be added to this group. + +Upstream-Status: Inappropriate [Embedded] +Signed-off-by: Saul Wold <sgw@linux.intel.com> +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/group.master b/group.master +index 3e7bf1c..72108a8 100644 +--- a/group.master ++++ b/group.master +@@ -34,5 +34,6 @@ sasl:*:45: + plugdev:*:46: + staff:*:50: + games:*:60: ++shutdown:*:70: + users:*:100: + nogroup:*:65534: diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch new file mode 100644 index 0000000000..e1340e1b70 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch @@ -0,0 +1,30 @@ +From 9e57771d138ac423d5139b984b8c869122ce4976 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alexk@zuma.ai> +Date: Fri, 28 Jul 2023 10:28:57 +0100 +Subject: [PATCH] base-passwd: Add the sgx group + +To avoid errors from eudev/udev we need an sgx group, but if we add it +via groupadd that causes shadow login to be brought into an image, which +causes images which have CONFIG_MULTIUSER unset to fail with `setgid: +Function not implemented` as shadow's login doesn't implement the +heuristics which busybox has to handle this kernel configuration. + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/group.master b/group.master +index d34d2b832d43..e54fd1d2c6dc 100644 +--- a/group.master ++++ b/group.master +@@ -34,6 +34,7 @@ video:*:44: + sasl:*:45: + plugdev:*:46: + kvm:*:47: ++sgx:*:48: + staff:*:50: + games:*:60: + shutdown:*:70: diff --git a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch new file mode 100644 index 0000000000..09f8cfea9c --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch @@ -0,0 +1,23 @@ +From 4411fc0df77566d52bee11ec0bad4be30a96e99e Mon Sep 17 00:00:00 2001 +From: Scott Garman <scott.a.garman@intel.com> +Date: Fri, 29 Apr 2022 13:32:27 +0000 +Subject: [PATCH] Use /bin/sh instead of /bin/bash for the root user + +/bin/bash may not be included in some images such as minimal. + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Scott Garman <scott.a.garman@intel.com> +--- + passwd.master | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/passwd.master b/passwd.master +index 7cd4e24..041685a 100644 +--- a/passwd.master ++++ b/passwd.master +@@ -1,4 +1,4 @@ +-root:*:0:0:root:/root:/bin/bash ++root:*:0:0:root:/root:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin + bin:*:2:2:bin:/bin:/usr/sbin/nologin + sys:*:3:3:sys:/dev:/usr/sbin/nologin diff --git a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch new file mode 100644 index 0000000000..06222ab04c --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch @@ -0,0 +1,21 @@ +From 13a1a284a134d18a454625a5b4485c0d99079ae9 Mon Sep 17 00:00:00 2001 +From: Scott Garman <scott.a.garman@intel.com> +Date: Fri, 29 Apr 2022 13:32:28 +0000 +Subject: [PATCH] Remove "*" for root since we do not have an /etc/shadow + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Scott Garman <scott.a.garman@intel.com> +--- + passwd.master | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/passwd.master b/passwd.master +index 041685a..31a84d4 100644 +--- a/passwd.master ++++ b/passwd.master +@@ -1,4 +1,4 @@ +-root:*:0:0:root:/root:/bin/sh ++root::0:0:root:/root:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin + bin:*:2:2:bin:/bin:/usr/sbin/nologin + sys:*:3:3:sys:/dev:/usr/sbin/nologin diff --git a/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch new file mode 100644 index 0000000000..394a0f01d3 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch @@ -0,0 +1,23 @@ +From c5f012750f8102ff54af73ccc2d2b7bfa1f26db4 Mon Sep 17 00:00:00 2001 +From: Darren Hart <dvhart@linux.intel.com> +Date: Fri, 29 Apr 2022 13:32:28 +0000 +Subject: [PATCH] Add an input group for the /dev/input/* devices + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Darren Hart <dvhart@linux.intel.com> +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/group.master b/group.master +index 1b5e2fb..cea9d60 100644 +--- a/group.master ++++ b/group.master +@@ -12,6 +12,7 @@ uucp:*:10: + man:*:12: + proxy:*:13: + kmem:*:15: ++input:*:19: + dialout:*:20: + fax:*:21: + voice:*:22: diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch index 113d5151e7..0101637e9e 100644 --- a/meta/recipes-core/base-passwd/base-passwd/kvm.patch +++ b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch @@ -1,4 +1,4 @@ -From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001 +From 74fc91ee809bc902f79144ee2277fa3e368c30d0 Mon Sep 17 00:00:00 2001 From: Jacob Kroon <jacob.kroon@gmail.com> Date: Wed, 30 Jan 2019 04:53:48 +0000 Subject: [PATCH] Add kvm group @@ -10,10 +10,10 @@ Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> 1 file changed, 1 insertion(+) diff --git a/group.master b/group.master -index cea9d60..5b62284 100644 +index 7d794b2..7fdd8bf 100644 --- a/group.master +++ b/group.master -@@ -34,6 +34,7 @@ utmp:*:43: +@@ -33,6 +33,7 @@ utmp:*:43: video:*:44: sasl:*:45: plugdev:*:46: diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch new file mode 100644 index 0000000000..d77122789d --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch @@ -0,0 +1,20 @@ + +We need to have a wheel group which has some system privileges to consult the +systemd journal or manage printers with cups. + +Upstream says the group does not exist by default. + +Upstream-Status: Inappropriate [enable feature] + +Signed-off-by: Louis Rannou <lrannou@baylibre.com> +Index: base-passwd-3.5.26/group.master +=================================================================== +--- base-passwd-3.5.29.orig/group.master ++++ base-passwd-3.5.29/group.master +@@ -38,5 +38,6 @@ + staff:*:50: + games:*:60: + shutdown:*:70: ++wheel:*:80: + users:*:100: + nogroup:*:65534: diff --git a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch b/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch deleted file mode 100644 index 5f357d8895..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch +++ /dev/null @@ -1,19 +0,0 @@ - -We need to have a shutdown group to allow the shutdown icon -to work correctly. Any users that want to use shutdown like -the xuser should be added to this group. - -Upstream-Status: Inappropriate [Embedded] - -Signed-off-by: Saul Wold <sgw@linux.intel.com> -Index: base-passwd-3.5.26/group.master -=================================================================== ---- base-passwd-3.5.26.orig/group.master -+++ base-passwd-3.5.26/group.master -@@ -36,5 +36,6 @@ sasl:*:45: - plugdev:*:46: - staff:*:50: - games:*:60: -+shutdown:*:70: - users:*:100: - nogroup:*:65534: diff --git a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch b/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch deleted file mode 100644 index 14c08b7484..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch +++ /dev/null @@ -1,24 +0,0 @@ -Disable documentation for now as it uses tools currently not supported -by OE-Core. It uses sgmltools and po4a. - -Upstream-Status: Inappropriate [OE-Core specific] -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: base-passwd-3.5.28/Makefile.in -=================================================================== ---- base-passwd-3.5.28.orig/Makefile.in -+++ base-passwd-3.5.28/Makefile.in -@@ -25,13 +25,10 @@ gen_configure = config.cache config.stat - confdefhs.h config.h Makefile - - all: update-passwd -- $(MAKE) -C doc all -- $(MAKE) -C man all - - install: all - mkdir -p $(DESTDIR)$(sbindir) - $(INSTALL) update-passwd $(DESTDIR)$(sbindir)/ -- $(MAKE) -C man install - - update-passwd.o: version.h - diff --git a/meta/recipes-core/base-passwd/base-passwd/input.patch b/meta/recipes-core/base-passwd/base-passwd/input.patch deleted file mode 100644 index 3abbcad5d5..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/input.patch +++ /dev/null @@ -1,22 +0,0 @@ -Add an input group for the /dev/input/* devices. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Darren Hart <dvhart@linux.intel.com> - ---- - group.master | 1 + - 1 file changed, 1 insertion(+) - -Index: base-passwd-3.5.26/group.master -=================================================================== ---- base-passwd-3.5.26.orig/group.master -+++ base-passwd-3.5.26/group.master -@@ -12,6 +12,7 @@ uucp:*:10: - man:*:12: - proxy:*:13: - kmem:*:15: -+input:*:19: - dialout:*:20: - fax:*:21: - voice:*:22: diff --git a/meta/recipes-core/base-passwd/base-passwd/nobash.patch b/meta/recipes-core/base-passwd/base-passwd/nobash.patch deleted file mode 100644 index b5a692295b..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/nobash.patch +++ /dev/null @@ -1,15 +0,0 @@ -use /bin/sh instead of /bin/bash, since the latter may not be included in -some images such as minimal - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - ---- base-passwd/passwd.master~nobash -+++ base-passwd/passwd.master -@@ -1,4 +1,4 @@ --root:*:0:0:root:/root:/bin/bash -+root:*:0:0:root:/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch b/meta/recipes-core/base-passwd/base-passwd/noshadow.patch deleted file mode 100644 index e27bf7d9be..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch +++ /dev/null @@ -1,14 +0,0 @@ -remove "*" for root since we don't have a /etc/shadow so far. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - ---- base-passwd/passwd.master~nobash -+++ base-passwd/passwd.master -@@ -1,4 +1,4 @@ --root:*:0:0:root:/root:/bin/sh -+root::0:0:root:/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.4.bb index 65b3cd778d..df4889f220 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.4.bb @@ -2,29 +2,36 @@ SUMMARY = "Base system master password/group files" DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group). The update-passwd tool is also provided to keep the system databases synchronized with these master files." HOMEPAGE = "https://launchpad.net/base-passwd" SECTION = "base" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" -RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility" - -SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.gz \ - file://add_shutdown.patch \ - file://nobash.patch \ - file://noshadow.patch \ - file://input.patch \ - file://disable-docs.patch \ - file://kvm.patch \ +SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.xz \ + file://0001-Add-a-shutdown-group.patch \ + file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \ + file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \ + file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ + file://0005-Add-kvm-group.patch \ + file://0007-Add-wheel-group.patch \ + file://0001-base-passwd-Add-the-sgx-group.patch \ " -SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421" -SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36" +SRC_URI[sha256sum] = "4b5232c5910932215b87bbde6f3c6c9a97021fe7902bd837b1ede8cc0be84a65" # the package is taken from launchpad; that source is static and goes stale # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/" +S = "${WORKDIR}/work" + +PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" +PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux" + inherit autotools +EXTRA_OECONF += "--disable-debconf --disable-docs" + +NOLOGIN ?= "${base_sbindir}/nologin" + do_install () { install -d -m 755 ${D}${sbindir} install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/ @@ -36,6 +43,7 @@ do_install () { install -d -m 755 ${D}${datadir}/base-passwd install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/ sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master + sed -i 's#/usr/sbin/nologin#${NOLOGIN}#' ${D}${datadir}/base-passwd/passwd.master install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/ install -d -m 755 ${D}${docdir}/${BPN} @@ -46,7 +54,7 @@ do_install () { } basepasswd_sysroot_postinst() { -#!/bin/sh +#!/bin/sh -e # Install passwd.master and group.master to sysconfdir install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir} @@ -73,7 +81,7 @@ base_passwd_tweaksysroot () { chmod 0755 $dest } -python populate_packages_prepend() { +python populate_packages:prepend() { # Add in the preinst function for ${PN} # We have to do this here as prior to this, passwd/group.master # would be unavailable. We need to create these files at preinst @@ -98,17 +106,17 @@ if [ ! -e $D${sysconfdir}/group ]; then """ + group + """EOF fi """ - d.setVar(d.expand('pkg_preinst_${PN}'), preinst) + d.setVar(d.expand('pkg_preinst:${PN}'), preinst) } addtask do_package after do_populate_sysroot -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" PACKAGES =+ "${PN}-update" -FILES_${PN}-update = "${sbindir}/* ${datadir}/${PN}" +FILES:${PN}-update = "${sbindir}/* ${datadir}/${PN}" -pkg_postinst_${PN}-update () { +pkg_postinst:${PN}-update () { #!/bin/sh if [ -n "$D" ]; then exit 0 |