diff options
author | Peter Kjellerstedt <peter.kjellerstedt@axis.com> | 2022-10-02 19:56:36 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-10-26 12:28:37 +0100 |
commit | 95cf9e6f2e0e76e1a47f49f33ef9098639b13517 (patch) | |
tree | d8db1400b44ab76cbe55ad14069ea674a7721169 | |
parent | f70cd330e3ae5860bf9619c1343b4fbb7c82f589 (diff) | |
download | poky-95cf9e6f2e0e76e1a47f49f33ef9098639b13517.tar.gz |
base-passwd: Update to 3.6.1
Add a patch to support configuring whether SELinux is enabled or not.
Also add a PACKAGECONFIG for SELinux support and enable it if the
"selinux" distro feature is enabled.
Remove two patches that have been applied upstream.
Changes since 3.5.52:
* 5928e85: German (thanks, Helge Kreutzmann)
* 72cb6a6: Remove constraints unnecessary since buster
* 2f71444: Merge branch 'scrub-obsolete' into 'master'
* 5a578e7: Drop Build-Depends: dpkg
* 44f28e1: Apply wrap-and-sort -at
* 1fe0338: Upgrade to debhelper v13
* d77d38c: Simplify some debhelper overrides slightly
* 2143651: Implement SELinux awareness when updating
/etc/{passwd,group,shadow}
* 0b824ad: improve enforcing handling
* e2f0c03: update-passwd.c: use raw selinux labeles
* 8d45264: selinux_prepare_create_file: return error from
setfscreatecon_raw
* 2f23448: selinux_after_create_file: save errno
* 6953dd1: update-passwd.c: replace goto error handling
* 32fbf59: cleanup
* 3c3eb67: fixup goto
* 585126f: implement feedback
* 02a366b: users-and-groups: Update copyright years
* 7849c61: users-and-groups: Rename ssh group to _ssh
* 06ed6f4: update-passwd.c: set walk to walk->next before removing
* ef6baea: users-and-groups: Document libvirt group
* 68e02a3: Stop creating the gnats user and group on new installations
* cb6e2a9: Restore Build-Depends sorting
* 0e1afc1: Tidy up whitespace
* 6005a06: Merge branch 'selinux' into 'master'
* 24046cb: Bump version to 3.6.0
* c72aa5d: Make it possible to build without debconf support
* 2a6d16e: Make it possible to disable the generation of the
documentation
* 60ece0c: Merge branch 'master' into 'master'
* 63d0f94: Add changelog entry
* cbae4a5: update-passwd: add format attribute
* b71eb04: update-passwd: use strict prototypes
* df48ea8: update-passwd: silence potential null dereference
* cddc9df: update-passwd: print filename on fclose error
* d05f8a3: update-passwd: use correct filename in copy_filemodes
* 11e6466: update-passwd: drop t flag from fopen
* 347aeb6: update-passwd: open temporary file exclusively
* a697493: d/salsa-ci.yml: add standard salsa ci configuration
* 2f622f4: configure: replace obsolete macro
* 43ebe64: Add changelog entry
* e1a186b: frozen the group id for crontab, in order to fix #1012622
* 5ce7773: frozen the group id for crontab, closes: #1012622
* 670c2be: Revert "frozen the group id for crontab, closes: #1012622"
* bc1ad19: Revert "Revert "frozen the group id for crontab, closes:
#1012622""
* 12122c6: Revert "frozen the group id for crontab, in order to fix
#1012622"
* 0145e8a: Revert "frozen the group id for crontab, closes: #1012622"
* c8125ff: releasing package base-passwd version 3.6.0
* dc157c6: passwd.master: Add _apt user
* e50024c: Merge branch 'misc' into 'master'
* 7fb5ad8: debian/postinst: Fix several shellcheck issues
* 8f07b66: releasing package base-passwd version 3.6.1
(From OE-Core rev: 41a9eb6c3afc6de000eaeb0fbe0c691b6c8d1285)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch | 129 | ||||
-rw-r--r-- | meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch | 35 | ||||
-rw-r--r-- | meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch | 46 | ||||
-rw-r--r-- | meta/recipes-core/base-passwd/base-passwd_3.6.1.bb (renamed from meta/recipes-core/base-passwd/base-passwd_3.5.52.bb) | 8 |
4 files changed, 40 insertions, 178 deletions
diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch deleted file mode 100644 index 6e236993f5..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch +++ /dev/null | |||
@@ -1,129 +0,0 @@ | |||
1 | From 236d6c8c0dd7e15d9a9795813b94bc87ce09eec5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | ||
3 | Date: Fri, 29 Apr 2022 19:32:29 +0200 | ||
4 | Subject: [PATCH] Make it possible to build without debconf support | ||
5 | |||
6 | Not all systems have the debconfclient library available. | ||
7 | |||
8 | Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/c72aa5dd25a952da25e307761f4526db2c8c39ec] | ||
9 | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | ||
10 | --- | ||
11 | Makefile.am | 1 - | ||
12 | configure.ac | 13 +++++++++++++ | ||
13 | update-passwd.c | 15 +++++++++++++++ | ||
14 | 3 files changed, 28 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/Makefile.am b/Makefile.am | ||
17 | index 223916f..4bdd769 100644 | ||
18 | --- a/Makefile.am | ||
19 | +++ b/Makefile.am | ||
20 | @@ -3,7 +3,6 @@ SUBDIRS = doc man | ||
21 | sbin_PROGRAMS = update-passwd | ||
22 | |||
23 | update_passwd_SOURCES = update-passwd.c | ||
24 | -update_passwd_LDADD = -ldebconfclient | ||
25 | |||
26 | pkgdata_DATA = passwd.master group.master | ||
27 | |||
28 | diff --git a/configure.ac b/configure.ac | ||
29 | index 9d1ace5..1e35ad1 100644 | ||
30 | --- a/configure.ac | ||
31 | +++ b/configure.ac | ||
32 | @@ -14,6 +14,19 @@ AC_SYS_LARGEFILE | ||
33 | dnl Scan for things we need | ||
34 | AC_CHECK_FUNCS([putgrent]) | ||
35 | |||
36 | +dnl Check for debconf | ||
37 | +AC_MSG_CHECKING([whether to enable debconf support]) | ||
38 | +AC_ARG_ENABLE([debconf], | ||
39 | + [AS_HELP_STRING([--disable-debconf], [disable support for debconf])], | ||
40 | + [], | ||
41 | + [enable_debconf=yes]) | ||
42 | +AC_MSG_RESULT($enable_debconf) | ||
43 | +AS_IF([test "x$enable_debconf" != xno], | ||
44 | + [AC_CHECK_LIB([debconfclient], [debconfclient_new], [], | ||
45 | + [AC_MSG_ERROR( | ||
46 | + [debconf support not available (use --disable-debconf to disable)])]) | ||
47 | + AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])]) | ||
48 | + | ||
49 | dnl Finally output everything | ||
50 | AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile]) | ||
51 | AC_OUTPUT | ||
52 | diff --git a/update-passwd.c b/update-passwd.c | ||
53 | index 3f3dffa..5b49740 100644 | ||
54 | --- a/update-passwd.c | ||
55 | +++ b/update-passwd.c | ||
56 | @@ -39,7 +39,9 @@ | ||
57 | #include <stdarg.h> | ||
58 | #include <ctype.h> | ||
59 | |||
60 | +#ifdef HAVE_DEBCONF | ||
61 | #include <cdebconf/debconfclient.h> | ||
62 | +#endif | ||
63 | |||
64 | #define DEFAULT_PASSWD_MASTER "/usr/share/base-passwd/passwd.master" | ||
65 | #define DEFAULT_GROUP_MASTER "/usr/share/base-passwd/group.master" | ||
66 | @@ -143,6 +145,7 @@ int flag_debconf = 0; | ||
67 | const char* user_domain = DEFAULT_DEBCONF_DOMAIN; | ||
68 | const char* group_domain = DEFAULT_DEBCONF_DOMAIN; | ||
69 | |||
70 | +#ifdef HAVE_DEBCONF | ||
71 | struct debconfclient* debconf = NULL; | ||
72 | |||
73 | /* Abort the program if talking to debconf fails. Use ret exactly once. */ | ||
74 | @@ -162,6 +165,10 @@ struct debconfclient* debconf = NULL; | ||
75 | DEBCONF_CHECK(debconf_register(debconf, (template), (question))) | ||
76 | #define DEBCONF_SUBST(question, var, value) \ | ||
77 | DEBCONF_CHECK(debconf_subst(debconf, (question), (var), (value))) | ||
78 | +#else | ||
79 | +#define DEBCONF_REGISTER(template, question) | ||
80 | +#define DEBCONF_SUBST(question, var, value) | ||
81 | +#endif | ||
82 | |||
83 | |||
84 | /* malloc() with out-of-memory checking. | ||
85 | @@ -621,6 +628,7 @@ void version() { | ||
86 | * flag. Aborts the problem on any failure. | ||
87 | */ | ||
88 | int ask_debconf(const char* priority, const char* question) { | ||
89 | +#ifdef HAVE_DEBCONF | ||
90 | int ret; | ||
91 | const char* response; | ||
92 | |||
93 | @@ -640,6 +648,9 @@ int ask_debconf(const char* priority, const char* question) { | ||
94 | return 1; | ||
95 | else | ||
96 | return 0; | ||
97 | +#else | ||
98 | + return 0; | ||
99 | +#endif | ||
100 | } | ||
101 | |||
102 | |||
103 | @@ -1427,6 +1438,7 @@ int main(int argc, char** argv) { | ||
104 | /* If DEBIAN_HAS_FRONTEND is set in the environment, we're running under | ||
105 | * debconf. Enable debconf prompting unless --dry-run was also given. | ||
106 | */ | ||
107 | +#ifdef HAVE_DEBCONF | ||
108 | if (getenv("DEBIAN_HAS_FRONTEND")!=NULL && !opt_dryrun) { | ||
109 | debconf=debconfclient_new(); | ||
110 | if (debconf==NULL) { | ||
111 | @@ -1435,6 +1447,7 @@ int main(int argc, char** argv) { | ||
112 | } | ||
113 | flag_debconf=1; | ||
114 | } | ||
115 | +#endif | ||
116 | |||
117 | if (read_passwd(&master_accounts, master_passwd)!=0) | ||
118 | return 2; | ||
119 | @@ -1480,8 +1493,10 @@ int main(int argc, char** argv) { | ||
120 | if (!unlock_files()) | ||
121 | return 5; | ||
122 | |||
123 | +#ifdef HAVE_DEBCONF | ||
124 | if (debconf!=NULL) | ||
125 | debconfclient_delete(debconf); | ||
126 | +#endif | ||
127 | |||
128 | if (opt_dryrun) | ||
129 | return flag_dirty; | ||
diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch new file mode 100644 index 0000000000..2cc6174e2a --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 25e3bf09bbbb04aa930ea0fd9f28809a24fb7194 Mon Sep 17 00:00:00 2001 | ||
2 | From: Peter Kjellerstedt <pkj@axis.com> | ||
3 | Date: Sun, 2 Oct 2022 17:47:29 +0200 | ||
4 | Subject: [PATCH] Make it possible to configure whether to use SELinux or not | ||
5 | |||
6 | Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/396c41bb35e03c5dcc727aa9f74218a45874ac1f] | ||
7 | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | ||
8 | --- | ||
9 | configure.ac | 13 ++++++++++++- | ||
10 | 1 file changed, 12 insertions(+), 1 deletion(-) | ||
11 | |||
12 | diff --git a/configure.ac b/configure.ac | ||
13 | index 589df88..e46403b 100644 | ||
14 | --- a/configure.ac | ||
15 | +++ b/configure.ac | ||
16 | @@ -13,7 +13,18 @@ AC_SYS_LARGEFILE | ||
17 | |||
18 | dnl Scan for things we need | ||
19 | AC_CHECK_FUNCS([putgrent]) | ||
20 | -AC_CHECK_LIB([selinux], [is_selinux_enabled]) | ||
21 | + | ||
22 | +dnl Check for SELinux | ||
23 | +AC_MSG_CHECKING([whether to enable SELinux support]) | ||
24 | +AC_ARG_ENABLE([selinux], | ||
25 | + [AS_HELP_STRING([--disable-selinux], [disable support for SELinux])], | ||
26 | + [], | ||
27 | + [enable_selinux=yes]) | ||
28 | +AC_MSG_RESULT($enable_selinux) | ||
29 | +AS_IF([test "x$enable_selinux" != xno], | ||
30 | + [AC_CHECK_LIB([selinux], [is_selinux_enabled], [], | ||
31 | + [AC_MSG_ERROR( | ||
32 | + [SELinux support not available (use --disable-selinux to disable)])])]) | ||
33 | |||
34 | dnl Check for debconf | ||
35 | AC_MSG_CHECKING([whether to enable debconf support]) | ||
diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch deleted file mode 100644 index 5c63599143..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | From 63e8270141a296843cfe1daba38e1969ac6d75ae Mon Sep 17 00:00:00 2001 | ||
2 | From: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | ||
3 | Date: Sat, 30 Apr 2022 00:35:34 +0200 | ||
4 | Subject: [PATCH] Make it possible to disable the generation of the | ||
5 | documentation | ||
6 | |||
7 | Not all systems have docbook and po4a available. | ||
8 | |||
9 | Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/2a6d16e595c93084e279d0dcbef37d960b44fd1a] | ||
10 | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | ||
11 | --- | ||
12 | Makefile.am | 2 ++ | ||
13 | configure.ac | 9 +++++++++ | ||
14 | 2 files changed, 11 insertions(+) | ||
15 | |||
16 | diff --git a/Makefile.am b/Makefile.am | ||
17 | index 4bdd769..97b4f42 100644 | ||
18 | --- a/Makefile.am | ||
19 | +++ b/Makefile.am | ||
20 | @@ -1,4 +1,6 @@ | ||
21 | +if ENABLE_DOCS | ||
22 | SUBDIRS = doc man | ||
23 | +endif | ||
24 | |||
25 | sbin_PROGRAMS = update-passwd | ||
26 | |||
27 | diff --git a/configure.ac b/configure.ac | ||
28 | index 1e35ad1..b98374e 100644 | ||
29 | --- a/configure.ac | ||
30 | +++ b/configure.ac | ||
31 | @@ -27,6 +27,15 @@ AS_IF([test "x$enable_debconf" != xno], | ||
32 | [debconf support not available (use --disable-debconf to disable)])]) | ||
33 | AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])]) | ||
34 | |||
35 | +dnl Check whether to build the documentation | ||
36 | +AC_MSG_CHECKING([whether to build the documentation]) | ||
37 | +AC_ARG_ENABLE([docs], | ||
38 | + [AC_HELP_STRING([--disable-docs], [do not build and install documentation])], | ||
39 | + [], | ||
40 | + [enable_docs=yes]) | ||
41 | +AC_MSG_RESULT($enable_docs) | ||
42 | +AM_CONDITIONAL(ENABLE_DOCS, test "x$enable_docs" = xyes) | ||
43 | + | ||
44 | dnl Finally output everything | ||
45 | AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile]) | ||
46 | AC_OUTPUT | ||
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb index f89752c077..853717176d 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb | |||
@@ -11,11 +11,10 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar | |||
11 | file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \ | 11 | file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \ |
12 | file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ | 12 | file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ |
13 | file://0005-Add-kvm-group.patch \ | 13 | file://0005-Add-kvm-group.patch \ |
14 | file://0006-Make-it-possible-to-build-without-debconf-support.patch \ | 14 | file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \ |
15 | file://0007-Make-it-possible-to-disable-the-generation-of-the-do.patch \ | ||
16 | " | 15 | " |
17 | 16 | ||
18 | SRC_URI[sha256sum] = "5dfec6556b5a16ecf14dd3f7c95b591d929270289268123f31a3d6317f95ccea" | 17 | SRC_URI[sha256sum] = "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af" |
19 | 18 | ||
20 | # the package is taken from launchpad; that source is static and goes stale | 19 | # the package is taken from launchpad; that source is static and goes stale |
21 | # so we check the latest upstream from a directory that does get updated | 20 | # so we check the latest upstream from a directory that does get updated |
@@ -23,6 +22,9 @@ UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/" | |||
23 | 22 | ||
24 | S = "${WORKDIR}/work" | 23 | S = "${WORKDIR}/work" |
25 | 24 | ||
25 | PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" | ||
26 | PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux" | ||
27 | |||
26 | inherit autotools | 28 | inherit autotools |
27 | 29 | ||
28 | EXTRA_OECONF += "--disable-debconf --disable-docs" | 30 | EXTRA_OECONF += "--disable-debconf --disable-docs" |