diff options
Diffstat (limited to 'meta/recipes-extended/shadow')
| -rw-r--r-- | meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch | 52 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch | 37 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch | 13 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/login.defs_shadow-sysroot | 1 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/pam.d/login | 4 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch | 79 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/shadow-securetty_4.6.bb | 3 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/shadow-sysroot_4.6.bb | 3 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/shadow.inc | 58 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/shadow_4.15.0.bb (renamed from meta/recipes-extended/shadow/shadow_4.13.bb) | 6 |
10 files changed, 140 insertions, 116 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch deleted file mode 100644 index fa1532c831..0000000000 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 85d0444229ee3d14fefcf10d093f49c862826f82 Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Thu, 14 Apr 2022 23:11:53 +0000 -Subject: [PATCH] Disable use of syslog for shadow-native tools - -Disable use of syslog to prevent sysroot user and group additions from -writing entries to the host's syslog. This patch should only be used -with the shadow-native recipe. - -Upstream-Status: Inappropriate [OE specific configuration] -Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> - ---- - configure.ac | 2 +- - src/login_nopam.c | 3 ++- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 924254a..603af81 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -191,7 +191,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", - [Path to passwd program.]) - - dnl XXX - quick hack, should disappear before anyone notices :). --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) - if test "$ac_cv_func_ruserok" = "yes"; then - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) -diff --git a/src/login_nopam.c b/src/login_nopam.c -index df6ba88..fc24e13 100644 ---- a/src/login_nopam.c -+++ b/src/login_nopam.c -@@ -29,7 +29,6 @@ - #ifndef USE_PAM - #ident "$Id$" - --#include "prototypes.h" - /* - * This module implements a simple but effective form of login access - * control based on login names and on host (or domain) names, internet -@@ -57,6 +56,8 @@ - #include <netinet/in.h> - #include <arpa/inet.h> /* for inet_ntoa() */ - -+#include "prototypes.h" -+ - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) - #undef MAXHOSTNAMELEN - #define MAXHOSTNAMELEN 256 diff --git a/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch new file mode 100644 index 0000000000..2e5503bfd4 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch @@ -0,0 +1,37 @@ +From af4b8cb780587aa736692a3baa76b60474f19c5d Mon Sep 17 00:00:00 2001 +From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> +Date: Mon, 18 Mar 2024 12:14:21 +0100 +Subject: [PATCH] lib/copydir:copy_entry(): use temporary stat buffer + +There are no guarantees that fstatat() does not clobber the stat +buffer on errors. + +Use a temporary buffer so that the following code sees correct +attributes of the source entry. + +Upstream-Status: Submitted [https://github.com/shadow-maint/shadow/pull/974] + +Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> +--- + lib/copydir.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/lib/copydir.c ++++ b/lib/copydir.c +@@ -400,6 +400,7 @@ static int copy_entry (const struct path + { + int err = 0; + struct stat sb; ++ struct stat tmp_sb; + struct link_name *lp; + struct timespec mt[2]; + +@@ -423,7 +424,7 @@ static int copy_entry (const struct path + * If the destination already exists do nothing. + * This is after the copy_dir above to still iterate into subdirectories. + */ +- if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { ++ if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) { + return err; + } + diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index 85d9175105..cd99aad135 100644 --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,4 +1,4 @@ -From 21583da072aa66901d859ac00ce209bac87ddecc Mon Sep 17 00:00:00 2001 +From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Thu, 17 Jul 2014 15:53:34 +0800 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env @@ -15,32 +15,31 @@ Note that this patch doesn't change the logic in the code, it just expands the codes. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - --- lib/commonio.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index 9a02ce1..61384ec 100644 +index 01a26c9..82b2868 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -616,10 +616,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; - fd = open (db->filename, - (db->readonly ? O_RDONLY : O_RDWR) -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); - saved_errno = errno; + if (db->readonly) { + fd = open (db->filename, + (true ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); + saved_errno = errno; + } else { + fd = open (db->filename, + (false ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC); + saved_errno = errno; + } + diff --git a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot index 8a68dd341a..09df77d2e7 100644 --- a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot +++ b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0 # # /etc/login.defs - Configuration control definitions for the shadow package. # diff --git a/meta/recipes-extended/shadow/files/pam.d/login b/meta/recipes-extended/shadow/files/pam.d/login index b340058539..d39e09b1ea 100644 --- a/meta/recipes-extended/shadow/files/pam.d/login +++ b/meta/recipes-extended/shadow/files/pam.d/login @@ -57,10 +57,6 @@ auth optional pam_group.so # (Replaces the use of /etc/limits in old login) session required pam_limits.so -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - # Prints the motd upon succesful login # (Replaces the `MOTD_FILE' option in login.defs) session optional pam_motd.so diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch index 3b61b75e5b..1eacb8a53f 100644 --- a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch @@ -1,3 +1,8 @@ +From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001 +From: Kang Kai <kai.kang@windriver.com> +Date: Wed, 20 Jul 2011 19:18:14 +0800 +Subject: [PATCH] shadow: update pam related configure files + The system-auth in the configure files is from Fedora which put all the 4 pam type rules in one file. In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, @@ -9,82 +14,102 @@ See meta/recipes-extended/pam/libpam/pam.d/common-password Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Kang Kai <kai.kang@windriver.com> +--- + etc/pam.d/chage | 2 +- + etc/pam.d/chgpasswd | 2 +- + etc/pam.d/groupadd | 2 +- + etc/pam.d/groupdel | 2 +- + etc/pam.d/groupmems | 2 +- + etc/pam.d/groupmod | 2 +- + etc/pam.d/useradd | 2 +- + etc/pam.d/userdel | 2 +- + etc/pam.d/usermod | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage ---- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 +diff --git a/etc/pam.d/chage b/etc/pam.d/chage +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/chage ++++ b/etc/pam.d/chage @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd ---- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 +diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/chgpasswd ++++ b/etc/pam.d/chgpasswd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd ---- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 +diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupadd ++++ b/etc/pam.d/groupadd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel ---- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 +diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupdel ++++ b/etc/pam.d/groupdel @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems ---- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 +diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupmems ++++ b/etc/pam.d/groupmems @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod ---- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 +diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupmod ++++ b/etc/pam.d/groupmod @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd ---- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 +diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/useradd ++++ b/etc/pam.d/useradd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel ---- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 +diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/userdel ++++ b/etc/pam.d/userdel @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod ---- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 +diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/usermod ++++ b/etc/pam.d/usermod @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb index c78f888cf4..85c04b6af1 100644 --- a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb +++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb @@ -5,7 +5,6 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 INHIBIT_DEFAULT_DEPS = "1" -PR = "r3" SRC_URI = "file://securetty" @@ -18,7 +17,7 @@ do_install () { # Ensure we add a suitable securetty file to the package that has # most common embedded TTYs defined. install -d ${D}${sysconfdir} - install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty + install -m 0400 ${S}/securetty ${D}${sysconfdir}/securetty if [ ! -z "${SERIAL_CONSOLES}" ]; then # Our SERIAL_CONSOLES contains a baud rate and sometimes extra # options as well. The following pearl :) takes that and converts diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index e05fa237a2..00ab58b38c 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -3,11 +3,10 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" LICENSE = "BSD-3-Clause | Artistic-1.0" -LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" +LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed" DEPENDS = "base-passwd" -PR = "r3" # The sole purpose of this recipe is to provide the /etc/login.defs # file for the target sysroot - needed so the shadow-native utilities diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 2c70a2d00e..25930b64c1 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -5,13 +5,14 @@ BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ + file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010d4863fce3fc5 \ " DEPENDS = "virtual/crypt" GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ + file://0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ file://useradd \ " @@ -22,14 +23,9 @@ SRC_URI:append:class-target = " \ " SRC_URI:append:class-native = " \ - file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ " -SRC_URI:append:class-nativesdk = " \ - file://0001-Disable-use-of-syslog-for-sysroot.patch \ - " -SRC_URI[sha256sum] = "813057047499c7fe81108adcf0cffa3ad4ec75e19a80151f9cbaa458ff2e86cd" - +SRC_URI[sha256sum] = "377fe0d7c1a0aa5e3514c08fdf5ddc70c9dcbb391678c2134445ed97326bcc26" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -40,16 +36,18 @@ PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/passwd \ file://pam.d/su" -inherit autotools gettext github-releases +inherit autotools gettext github-releases pkgconfig export CONFIG_SHELL="/bin/sh" -EXTRA_OECONF += "--without-libcrack \ +EXTRA_OECONF += " \ --with-group-name-max-length=24 \ --enable-subordinate-ids=yes \ --without-sssd \ ${NSCDOPT}" +CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" + NSCDOPT = "" NSCDOPT:class-native = "--without-nscd" NSCDOPT:class-nativesdk = "--without-nscd" @@ -62,23 +60,22 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-env \ pam-plugin-group \ pam-plugin-limits \ - pam-plugin-lastlog \ pam-plugin-motd \ pam-plugin-mail \ pam-plugin-shells \ pam-plugin-rootok" -PAM_PLUGINS:remove:libc-musl = "pam-plugin-lastlog" - PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" -PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" +PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" PACKAGECONFIG:class-nativesdk = "" PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" +PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" +PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd" RDEPENDS:${PN} = "shadow-securetty \ base-passwd \ @@ -114,7 +111,7 @@ do_install() { sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/useradd ${D}${sysconfdir}/default + install -m 0644 ${UNPACKDIR}/useradd ${D}${sysconfdir}/default } do_install:append() { @@ -124,11 +121,11 @@ do_install:append() { install -m 0775 -d ${D}${localstatedir}/spool/mail chown root:mail ${D}${localstatedir}/spool/mail - if [ -e ${WORKDIR}/pam.d ]; then + if [ -e ${UNPACKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ - install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ + install -m 0644 ${UNPACKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ # Remove defaults that are not used when supporting PAM. - sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs + sed -i -f ${UNPACKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs fi install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} @@ -156,6 +153,29 @@ do_install:append() { touch ${D}${sysconfdir}/subgid } +# Make executables look for dynamically linked libraries in a custom location, and install +# the needed libraries there. That way we can use them from sstate +# in setscene tasks without worrying about the dependency libraries being available. +do_install:append:class-native() { + binaries=$(find ${D}${base_bindir}/ ${D}${base_sbindir}/ ${D}${bindir}/ ${D}${sbindir}/ -executable -type f) + chrpath -k -r ${STAGING_DIR_NATIVE}/lib-shadow-deps $binaries + mkdir -p ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ + libattr=${@bb.utils.contains('DISTRO_FEATURES', 'xattr', "${STAGING_LIBDIR_NATIVE}/libattr.so.*", '', d)} + install $libattr ${STAGING_LIBDIR_NATIVE}/libbsd.so.* ${STAGING_LIBDIR_NATIVE}/libmd.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ + install ${D}${libdir}/*.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ +} + +SYSROOT_DIRS:append:class-native = " ${STAGING_DIR_NATIVE}/lib-shadow-deps/" +INSANE_SKIP:${PN}:class-native = "already-stripped" + +do_install:append:class-nativesdk() { + oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man +} + +do_install:append:class-target() { + oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man +} + PACKAGES =+ "${PN}-base" FILES:${PN}-base = "\ ${base_bindir}/login.shadow \ @@ -181,6 +201,10 @@ ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" +ALTERNATIVE:${PN}-doc = "chfn.1 chsh.1" +ALTERNATIVE_LINK_NAME[chfn.1] = "${mandir}/man1/chfn.1" +ALTERNATIVE_LINK_NAME[chsh.1] = "${mandir}/man1/chsh.1" + ALTERNATIVE:${PN}-base = "newgrp groups login su" ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb b/meta/recipes-extended/shadow/shadow_4.15.0.bb index d1a3fd5593..e57676c1da 100644 --- a/meta/recipes-extended/shadow/shadow_4.13.bb +++ b/meta/recipes-extended/shadow/shadow_4.15.0.bb @@ -6,9 +6,5 @@ BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p BBCLASSEXTEND = "native nativesdk" -# Severity is low and marked as closed and won't fix. # https://bugzilla.redhat.com/show_bug.cgi?id=884658 -CVE_CHECK_IGNORE += "CVE-2013-4235" - -# This is an issue for a different shadow -CVE_CHECK_IGNORE += "CVE-2016-15024" +CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix." |