13 files changed, 170 insertions, 113 deletions
diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
new file mode 100644
index 0000000000..e50efc9623
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
@@ -0,0 +1,26 @@
+From 8f3ace87df3aaad85946c22cae240532ea3e73b8 Mon Sep 17 00:00:00 2001
+From: Saul Wold <sgw@linux.intel.com>
+Date: Fri, 29 Apr 2022 13:32:27 +0000
+Subject: [PATCH] Add a shutdown group
+We need to have a shutdown group to allow the shutdown icon to work
+correctly. Any users that want to use shutdown like the xuser should
+be added to this group.
+Upstream-Status: Inappropriate [Embedded]
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+---
+ group.master | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/group.master b/group.master
+index ad1dd2d..1b5e2fb 100644
+--- a/group.master
+++ b/group.master
+@@ -35,5 +35,6 @@ sasl:*:45:
+ plugdev:*:46:
+ staff:*:50:
+ games:*:60:
+shutdown:*:70:
+ users:*:100:
+ nogroup:*:65534:
diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
new file mode 100644
index 0000000000..e1340e1b70
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
@@ -0,0 +1,30 @@
+From 9e57771d138ac423d5139b984b8c869122ce4976 Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alexk@zuma.ai>
+Date: Fri, 28 Jul 2023 10:28:57 +0100
+Subject: [PATCH] base-passwd: Add the sgx group
+To avoid errors from eudev/udev we need an sgx group, but if we add it
+via groupadd that causes shadow login to be brought into an image, which
+causes images which have CONFIG_MULTIUSER unset to fail with `setgid:
+Function not implemented` as shadow's login doesn't implement the
+heuristics which busybox has to handle this kernel configuration.
+Upstream-Status: Inappropriate [oe-specific]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+---
+ group.master | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/group.master b/group.master
+index d34d2b832d43..e54fd1d2c6dc 100644
+--- a/group.master
+++ b/group.master
+@@ -34,6 +34,7 @@ video:*:44:
+ sasl:*:45:
+ plugdev:*:46:
+ kvm:*:47:
+sgx:*:48:
+ staff:*:50:
+ games:*:60:
+ shutdown:*:70:
diff --git a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
new file mode 100644
index 0000000000..09f8cfea9c
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
@@ -0,0 +1,23 @@
+From 4411fc0df77566d52bee11ec0bad4be30a96e99e Mon Sep 17 00:00:00 2001
+From: Scott Garman <scott.a.garman@intel.com>
+Date: Fri, 29 Apr 2022 13:32:27 +0000
+Subject: [PATCH] Use /bin/sh instead of /bin/bash for the root user
+/bin/bash may not be included in some images such as minimal.
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+ passwd.master | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/passwd.master b/passwd.master
+index 7cd4e24..041685a 100644
+--- a/passwd.master
+++ b/passwd.master
+@@ -1,4 +1,4 @@
+-root:*:0:0:root:/root:/bin/bash
+root:*:0:0:root:/root:/bin/sh
+ daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+ bin:*:2:2:bin:/bin:/usr/sbin/nologin
+ sys:*:3:3:sys:/dev:/usr/sbin/nologin
diff --git a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
new file mode 100644
index 0000000000..06222ab04c
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
@@ -0,0 +1,21 @@
+From 13a1a284a134d18a454625a5b4485c0d99079ae9 Mon Sep 17 00:00:00 2001
+From: Scott Garman <scott.a.garman@intel.com>
+Date: Fri, 29 Apr 2022 13:32:28 +0000
+Subject: [PATCH] Remove "*" for root since we do not have an /etc/shadow
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+---
+ passwd.master | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/passwd.master b/passwd.master
+index 041685a..31a84d4 100644
+--- a/passwd.master
+++ b/passwd.master
+@@ -1,4 +1,4 @@
+-root:*:0:0:root:/root:/bin/sh
+root::0:0:root:/root:/bin/sh
+ daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+ bin:*:2:2:bin:/bin:/usr/sbin/nologin
+ sys:*:3:3:sys:/dev:/usr/sbin/nologin
diff --git a/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch
new file mode 100644
index 0000000000..394a0f01d3
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch
@@ -0,0 +1,23 @@
+From c5f012750f8102ff54af73ccc2d2b7bfa1f26db4 Mon Sep 17 00:00:00 2001
+From: Darren Hart <dvhart@linux.intel.com>
+Date: Fri, 29 Apr 2022 13:32:28 +0000
+Subject: [PATCH] Add an input group for the /dev/input/* devices
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Darren Hart <dvhart@linux.intel.com>
+---
+ group.master | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/group.master b/group.master
+index 1b5e2fb..cea9d60 100644
+--- a/group.master
+++ b/group.master
+@@ -12,6 +12,7 @@ uucp:*:10:
+ man:*:12:
+ proxy:*:13:
+ kmem:*:15:
+input:*:19:
+ dialout:*:20:
+ fax:*:21:
+ voice:*:22:
diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch
index 113d5151e7..72e6ee333c 100644
--- a/meta/recipes-core/base-passwd/base-passwd/kvm.patch
+++ b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch
@@ -1,4 +1,4 @@
-From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
+From 6cf19461fb31d7a7a3010629aae9aab49c26a01b Mon Sep 17 00:00:00 2001
 From: Jacob Kroon <jacob.kroon@gmail.com>
 Date: Wed, 30 Jan 2019 04:53:48 +0000
 Subject: [PATCH] Add kvm group
diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
new file mode 100644
index 0000000000..d77122789d
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
@@ -0,0 +1,20 @@
+We need to have a wheel group which has some system privileges to consult the
+systemd journal or manage printers with cups.
+Upstream says the group does not exist by default.
+Upstream-Status: Inappropriate [enable feature]
+Signed-off-by: Louis Rannou <lrannou@baylibre.com>
+Index: base-passwd-3.5.26/group.master
+===================================================================
+--- base-passwd-3.5.29.orig/group.master
+++ base-passwd-3.5.29/group.master
+@@ -38,5 +38,6 @@
+ staff:*:50:
+ games:*:60:
+ shutdown:*:70:
+wheel:*:80:
+ users:*:100:
+ nogroup:*:65534:
diff --git a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch b/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
deleted file mode 100644
index 5f357d8895..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-We need to have a shutdown group to allow the shutdown icon
-to work correctly. Any users that want to use shutdown like
-the xuser should be added to this group.
-Upstream-Status: Inappropriate [Embedded]
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-Index: base-passwd-3.5.26/group.master
-===================================================================
--- base-passwd-3.5.26.orig/group.master
-+++ base-passwd-3.5.26/group.master
-@@ -36,5 +36,6 @@ sasl:*:45:
- plugdev:*:46:
- staff:*:50:
- games:*:60:
-+shutdown:*:70:
- users:*:100:
- nogroup:*:65534:
diff --git a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch b/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
deleted file mode 100644
index 14c08b7484..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Disable documentation for now as it uses tools currently not supported
-by OE-Core. It uses sgmltools and po4a.
-Upstream-Status: Inappropriate [OE-Core specific]
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-Index: base-passwd-3.5.28/Makefile.in
-===================================================================
--- base-passwd-3.5.28.orig/Makefile.in
-+++ base-passwd-3.5.28/Makefile.in
-@@ -25,13 +25,10 @@ gen_configure       = config.cache config.stat
-                  confdefhs.h config.h Makefile
- 
- all: update-passwd
-       $(MAKE) -C doc all
-       $(MAKE) -C man all
- 
- install: all
-        mkdir -p $(DESTDIR)$(sbindir)
-        $(INSTALL) update-passwd $(DESTDIR)$(sbindir)/
-       $(MAKE) -C man install
- 
- update-passwd.o: version.h
- 
diff --git a/meta/recipes-core/base-passwd/base-passwd/input.patch b/meta/recipes-core/base-passwd/base-passwd/input.patch
deleted file mode 100644
index 3abbcad5d5..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/input.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Add an input group for the /dev/input/* devices.
-Upstream-Status: Inappropriate [configuration]
-Signed-off-by: Darren Hart <dvhart@linux.intel.com>
---
- group.master |    1 +
- 1 file changed, 1 insertion(+)
-Index: base-passwd-3.5.26/group.master
-===================================================================
--- base-passwd-3.5.26.orig/group.master
-+++ base-passwd-3.5.26/group.master
-@@ -12,6 +12,7 @@ uucp:*:10:
- man:*:12:
- proxy:*:13:
- kmem:*:15:
-+input:*:19:
- dialout:*:20:
- fax:*:21:
- voice:*:22:
diff --git a/meta/recipes-core/base-passwd/base-passwd/nobash.patch b/meta/recipes-core/base-passwd/base-passwd/nobash.patch
deleted file mode 100644
index b5a692295b..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/nobash.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-use /bin/sh instead of /bin/bash, since the latter may not be included in
-some images such as minimal
-Upstream-Status: Inappropriate [configuration]
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
--- base-passwd/passwd.master~nobash
-+++ base-passwd/passwd.master
-@@ -1,4 +1,4 @@
-root:*:0:0:root:/root:/bin/bash
-+root:*:0:0:root:/root:/bin/sh
- daemon:*:1:1:daemon:/usr/sbin:/bin/sh
- bin:*:2:2:bin:/bin:/bin/sh
- sys:*:3:3:sys:/dev:/bin/sh
diff --git a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch b/meta/recipes-core/base-passwd/base-passwd/noshadow.patch
deleted file mode 100644
index e27bf7d9be..0000000000
--- a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-remove "*" for root since we don't have a /etc/shadow so far.
-Upstream-Status: Inappropriate [configuration]
-Signed-off-by: Scott Garman <scott.a.garman@intel.com>
--- base-passwd/passwd.master~nobash
-+++ base-passwd/passwd.master
-@@ -1,4 +1,4 @@
-root:*:0:0:root:/root:/bin/sh
-+root::0:0:root:/root:/bin/sh
- daemon:*:1:1:daemon:/usr/sbin:/bin/sh
- bin:*:2:2:bin:/bin:/bin/sh
- sys:*:3:3:sys:/dev:/bin/sh
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
index 65b3cd778d..bf50b01fd5 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
@@ -2,29 +2,36 @@ SUMMARY = "Base system master password/group files"
 DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group).  The update-passwd tool is also provided to keep the system databases synchronized with these master files."
 HOMEPAGE = "https://launchpad.net/base-passwd"
 SECTION = "base"
-LICENSE = "GPLv2"
+LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
-RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility"
+SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.xz \
+           file://0001-Add-a-shutdown-group.patch \
-SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.gz \
+           file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \
-           file://add_shutdown.patch \
+           file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \
-           file://nobash.patch \
+           file://0004-Add-an-input-group-for-the-dev-input-devices.patch \
-           file://noshadow.patch \
+           file://0005-Add-kvm-group.patch \
-           file://input.patch \
+           file://0007-Add-wheel-group.patch \
-           file://disable-docs.patch \
+           file://0001-base-passwd-Add-the-sgx-group.patch \
-           file://kvm.patch \
           "
-SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
+SRC_URI[sha256sum] = "83575327d8318a419caf2d543341215c046044073d1afec2acc0ac4d8095ff39"
-SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
 # the package is taken from launchpad; that source is static and goes stale
 # so we check the latest upstream from a directory that does get updated
 UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
+S = "${WORKDIR}/work"
+PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
+PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux"
 inherit autotools
+EXTRA_OECONF += "--disable-debconf --disable-docs"
+NOLOGIN ?= "${base_sbindir}/nologin"
 do_install () {
        install -d -m 755 ${D}${sbindir}
        install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/
@@ -36,6 +43,7 @@ do_install () {
        install -d -m 755 ${D}${datadir}/base-passwd
        install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/
        sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master
+        sed -i 's#/usr/sbin/nologin#${NOLOGIN}#' ${D}${datadir}/base-passwd/passwd.master
        install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/
        install -d -m 755 ${D}${docdir}/${BPN}
@@ -46,7 +54,7 @@ do_install () {
 }
 basepasswd_sysroot_postinst() {
-#!/bin/sh
+#!/bin/sh -e
 # Install passwd.master and group.master to sysconfdir
 install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
@@ -73,7 +81,7 @@ base_passwd_tweaksysroot () {
        chmod 0755 $dest
 }
-python populate_packages_prepend() {
+python populate_packages:prepend() {
    # Add in the preinst function for ${PN}
    # We have to do this here as prior to this, passwd/group.master
    # would be unavailable. We need to create these files at preinst
@@ -98,17 +106,17 @@ if [ ! -e $D${sysconfdir}/group ]; then
 """ + group + """EOF
 fi
 """
-    d.setVar(d.expand('pkg_preinst_${PN}'), preinst)
+    d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
 }
 addtask do_package after do_populate_sysroot
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 PACKAGES =+ "${PN}-update"
-FILES_${PN}-update = "${sbindir}/* ${datadir}/${PN}"
+FILES:${PN}-update = "${sbindir}/* ${datadir}/${PN}"
-pkg_postinst_${PN}-update () {
+pkg_postinst:${PN}-update () {
 #!/bin/sh
 if [ -n "$D" ]; then
        exit 0

diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch new file mode 100644 index 0000000000..e50efc9623 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch
@@ -0,0 +1,26 @@
		1	From 8f3ace87df3aaad85946c22cae240532ea3e73b8 Mon Sep 17 00:00:00 2001
		2	From: Saul Wold <sgw@linux.intel.com>
		3	Date: Fri, 29 Apr 2022 13:32:27 +0000
		4	Subject: [PATCH] Add a shutdown group
		5
		6	We need to have a shutdown group to allow the shutdown icon to work
		7	correctly. Any users that want to use shutdown like the xuser should
		8	be added to this group.
		9
		10	Upstream-Status: Inappropriate [Embedded]
		11	Signed-off-by: Saul Wold <sgw@linux.intel.com>
		12	---
		13	group.master \| 1 +
		14	1 file changed, 1 insertion(+)
		15
		16	diff --git a/group.master b/group.master
		17	index ad1dd2d..1b5e2fb 100644
		18	--- a/group.master
		19	+++ b/group.master
		20	@@ -35,5 +35,6 @@ sasl:*:45:
		21	plugdev:*:46:
		22	staff:*:50:
		23	games:*:60:
		24	+shutdown:*:70:
		25	users:*:100:
		26	nogroup:*:65534:


diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch new file mode 100644 index 0000000000..e1340e1b70 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch
@@ -0,0 +1,30 @@
		1	From 9e57771d138ac423d5139b984b8c869122ce4976 Mon Sep 17 00:00:00 2001
		2	From: Alex Kiernan <alexk@zuma.ai>
		3	Date: Fri, 28 Jul 2023 10:28:57 +0100
		4	Subject: [PATCH] base-passwd: Add the sgx group
		5
		6	To avoid errors from eudev/udev we need an sgx group, but if we add it
		7	via groupadd that causes shadow login to be brought into an image, which
		8	causes images which have CONFIG_MULTIUSER unset to fail with `setgid:
		9	Function not implemented` as shadow's login doesn't implement the
		10	heuristics which busybox has to handle this kernel configuration.
		11
		12	Upstream-Status: Inappropriate [oe-specific]
		13
		14	Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
		15	---
		16	group.master \| 1 +
		17	1 file changed, 1 insertion(+)
		18
		19	diff --git a/group.master b/group.master
		20	index d34d2b832d43..e54fd1d2c6dc 100644
		21	--- a/group.master
		22	+++ b/group.master
		23	@@ -34,6 +34,7 @@ video:*:44:
		24	sasl:*:45:
		25	plugdev:*:46:
		26	kvm:*:47:
		27	+sgx:*:48:
		28	staff:*:50:
		29	games:*:60:
		30	shutdown:*:70:


diff --git a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch new file mode 100644 index 0000000000..09f8cfea9c --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch
@@ -0,0 +1,23 @@
		1	From 4411fc0df77566d52bee11ec0bad4be30a96e99e Mon Sep 17 00:00:00 2001
		2	From: Scott Garman <scott.a.garman@intel.com>
		3	Date: Fri, 29 Apr 2022 13:32:27 +0000
		4	Subject: [PATCH] Use /bin/sh instead of /bin/bash for the root user
		5
		6	/bin/bash may not be included in some images such as minimal.
		7
		8	Upstream-Status: Inappropriate [configuration]
		9	Signed-off-by: Scott Garman <scott.a.garman@intel.com>
		10	---
		11	passwd.master \| 2 +-
		12	1 file changed, 1 insertion(+), 1 deletion(-)
		13
		14	diff --git a/passwd.master b/passwd.master
		15	index 7cd4e24..041685a 100644
		16	--- a/passwd.master
		17	+++ b/passwd.master
		18	@@ -1,4 +1,4 @@
		19	-root:*:0:0:root:/root:/bin/bash
		20	+root:*:0:0:root:/root:/bin/sh
		21	daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
		22	bin:*:2:2:bin:/bin:/usr/sbin/nologin
		23	sys:*:3:3:sys:/dev:/usr/sbin/nologin


diff --git a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch new file mode 100644 index 0000000000..06222ab04c --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch
@@ -0,0 +1,21 @@
		1	From 13a1a284a134d18a454625a5b4485c0d99079ae9 Mon Sep 17 00:00:00 2001
		2	From: Scott Garman <scott.a.garman@intel.com>
		3	Date: Fri, 29 Apr 2022 13:32:28 +0000
		4	Subject: [PATCH] Remove "*" for root since we do not have an /etc/shadow
		5
		6	Upstream-Status: Inappropriate [configuration]
		7	Signed-off-by: Scott Garman <scott.a.garman@intel.com>
		8	---
		9	passwd.master \| 2 +-
		10	1 file changed, 1 insertion(+), 1 deletion(-)
		11
		12	diff --git a/passwd.master b/passwd.master
		13	index 041685a..31a84d4 100644
		14	--- a/passwd.master
		15	+++ b/passwd.master
		16	@@ -1,4 +1,4 @@
		17	-root:*:0:0:root:/root:/bin/sh
		18	+root::0:0:root:/root:/bin/sh
		19	daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
		20	bin:*:2:2:bin:/bin:/usr/sbin/nologin
		21	sys:*:3:3:sys:/dev:/usr/sbin/nologin


diff --git a/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch new file mode 100644 index 0000000000..394a0f01d3 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch
@@ -0,0 +1,23 @@
		1	From c5f012750f8102ff54af73ccc2d2b7bfa1f26db4 Mon Sep 17 00:00:00 2001
		2	From: Darren Hart <dvhart@linux.intel.com>
		3	Date: Fri, 29 Apr 2022 13:32:28 +0000
		4	Subject: [PATCH] Add an input group for the /dev/input/* devices
		5
		6	Upstream-Status: Inappropriate [configuration]
		7	Signed-off-by: Darren Hart <dvhart@linux.intel.com>
		8	---
		9	group.master \| 1 +
		10	1 file changed, 1 insertion(+)
		11
		12	diff --git a/group.master b/group.master
		13	index 1b5e2fb..cea9d60 100644
		14	--- a/group.master
		15	+++ b/group.master
		16	@@ -12,6 +12,7 @@ uucp:*:10:
		17	man:*:12:
		18	proxy:*:13:
		19	kmem:*:15:
		20	+input:*:19:
		21	dialout:*:20:
		22	fax:*:21:
		23	voice:*:22:


diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch index 113d5151e7..72e6ee333c 100644 --- a/meta/recipes-core/base-passwd/base-passwd/kvm.patch +++ b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch
@@ -1,4 +1,4 @@
1	From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001	1	From 6cf19461fb31d7a7a3010629aae9aab49c26a01b Mon Sep 17 00:00:00 2001
2	From: Jacob Kroon <jacob.kroon@gmail.com>	2	From: Jacob Kroon <jacob.kroon@gmail.com>
3	Date: Wed, 30 Jan 2019 04:53:48 +0000	3	Date: Wed, 30 Jan 2019 04:53:48 +0000
4	Subject: [PATCH] Add kvm group	4	Subject: [PATCH] Add kvm group


diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch new file mode 100644 index 0000000000..d77122789d --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch
@@ -0,0 +1,20 @@
		1
		2	We need to have a wheel group which has some system privileges to consult the
		3	systemd journal or manage printers with cups.
		4
		5	Upstream says the group does not exist by default.
		6
		7	Upstream-Status: Inappropriate [enable feature]
		8
		9	Signed-off-by: Louis Rannou <lrannou@baylibre.com>
		10	Index: base-passwd-3.5.26/group.master
		11	===================================================================
		12	--- base-passwd-3.5.29.orig/group.master
		13	+++ base-passwd-3.5.29/group.master
		14	@@ -38,5 +38,6 @@
		15	staff:*:50:
		16	games:*:60:
		17	shutdown:*:70:
		18	+wheel:*:80:
		19	users:*:100:
		20	nogroup:*:65534:


diff --git a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch b/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch deleted file mode 100644 index 5f357d8895..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch +++ /dev/null
@@ -1,19 +0,0 @@
1
2	We need to have a shutdown group to allow the shutdown icon
3	to work correctly. Any users that want to use shutdown like
4	the xuser should be added to this group.
5
6	Upstream-Status: Inappropriate [Embedded]
7
8	Signed-off-by: Saul Wold <sgw@linux.intel.com>
9	Index: base-passwd-3.5.26/group.master
10	===================================================================
11	--- base-passwd-3.5.26.orig/group.master
12	+++ base-passwd-3.5.26/group.master
13	@@ -36,5 +36,6 @@ sasl:*:45:
14	plugdev:*:46:
15	staff:*:50:
16	games:*:60:
17	+shutdown:*:70:
18	users:*:100:
19	nogroup:*:65534:


diff --git a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch b/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch deleted file mode 100644 index 14c08b7484..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch +++ /dev/null
@@ -1,24 +0,0 @@
1	Disable documentation for now as it uses tools currently not supported
2	by OE-Core. It uses sgmltools and po4a.
3
4	Upstream-Status: Inappropriate [OE-Core specific]
5	Signed-off-by: Saul Wold <sgw@linux.intel.com>
6
7	Index: base-passwd-3.5.28/Makefile.in
8	===================================================================
9	--- base-passwd-3.5.28.orig/Makefile.in
10	+++ base-passwd-3.5.28/Makefile.in
11	@@ -25,13 +25,10 @@ gen_configure = config.cache config.stat
12	confdefhs.h config.h Makefile
13
14	all: update-passwd
15	- $(MAKE) -C doc all
16	- $(MAKE) -C man all
17
18	install: all
19	mkdir -p $(DESTDIR)$(sbindir)
20	$(INSTALL) update-passwd $(DESTDIR)$(sbindir)/
21	- $(MAKE) -C man install
22
23	update-passwd.o: version.h
24


diff --git a/meta/recipes-core/base-passwd/base-passwd/input.patch b/meta/recipes-core/base-passwd/base-passwd/input.patch deleted file mode 100644 index 3abbcad5d5..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/input.patch +++ /dev/null
@@ -1,22 +0,0 @@
1	Add an input group for the /dev/input/* devices.
2
3	Upstream-Status: Inappropriate [configuration]
4
5	Signed-off-by: Darren Hart <dvhart@linux.intel.com>
6
7	---
8	group.master \| 1 +
9	1 file changed, 1 insertion(+)
10
11	Index: base-passwd-3.5.26/group.master
12	===================================================================
13	--- base-passwd-3.5.26.orig/group.master
14	+++ base-passwd-3.5.26/group.master
15	@@ -12,6 +12,7 @@ uucp:*:10:
16	man:*:12:
17	proxy:*:13:
18	kmem:*:15:
19	+input:*:19:
20	dialout:*:20:
21	fax:*:21:
22	voice:*:22:


diff --git a/meta/recipes-core/base-passwd/base-passwd/nobash.patch b/meta/recipes-core/base-passwd/base-passwd/nobash.patch deleted file mode 100644 index b5a692295b..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/nobash.patch +++ /dev/null
@@ -1,15 +0,0 @@
1	use /bin/sh instead of /bin/bash, since the latter may not be included in
2	some images such as minimal
3
4	Upstream-Status: Inappropriate [configuration]
5
6	Signed-off-by: Scott Garman <scott.a.garman@intel.com>
7
8	--- base-passwd/passwd.master~nobash
9	+++ base-passwd/passwd.master
10	@@ -1,4 +1,4 @@
11	-root:*:0:0:root:/root:/bin/bash
12	+root:*:0:0:root:/root:/bin/sh
13	daemon:*:1:1:daemon:/usr/sbin:/bin/sh
14	bin:*:2:2:bin:/bin:/bin/sh
15	sys:*:3:3:sys:/dev:/bin/sh


diff --git a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch b/meta/recipes-core/base-passwd/base-passwd/noshadow.patch deleted file mode 100644 index e27bf7d9be..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch +++ /dev/null
@@ -1,14 +0,0 @@
1	remove "*" for root since we don't have a /etc/shadow so far.
2
3	Upstream-Status: Inappropriate [configuration]
4
5	Signed-off-by: Scott Garman <scott.a.garman@intel.com>
6
7	--- base-passwd/passwd.master~nobash
8	+++ base-passwd/passwd.master
9	@@ -1,4 +1,4 @@
10	-root:*:0:0:root:/root:/bin/sh
11	+root::0:0:root:/root:/bin/sh
12	daemon:*:1:1:daemon:/usr/sbin:/bin/sh
13	bin:*:2:2:bin:/bin:/bin/sh
14	sys:*:3:3:sys:/dev:/bin/sh


diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb index 65b3cd778d..bf50b01fd5 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.3.bb
@@ -2,29 +2,36 @@ SUMMARY = "Base system master password/group files"
2	DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group). The update-passwd tool is also provided to keep the system databases synchronized with these master files."	2	DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group). The update-passwd tool is also provided to keep the system databases synchronized with these master files."
3	HOMEPAGE = "https://launchpad.net/base-passwd"	3	HOMEPAGE = "https://launchpad.net/base-passwd"
4	SECTION = "base"	4	SECTION = "base"
5	LICENSE = "GPLv2"	5	LICENSE = "GPL-2.0-only"
6	LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"	6	LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
7		7
8	RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility"	8	SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.xz \
9		9	file://0001-Add-a-shutdown-group.patch \
10	SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.gz \	10	file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \
11	file://add_shutdown.patch \	11	file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \
12	file://nobash.patch \	12	file://0004-Add-an-input-group-for-the-dev-input-devices.patch \
13	file://noshadow.patch \	13	file://0005-Add-kvm-group.patch \
14	file://input.patch \	14	file://0007-Add-wheel-group.patch \
15	file://disable-docs.patch \	15	file://0001-base-passwd-Add-the-sgx-group.patch \
16	file://kvm.patch \
17	"	16	"
18		17
19	SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"	18	SRC_URI[sha256sum] = "83575327d8318a419caf2d543341215c046044073d1afec2acc0ac4d8095ff39"
20	SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
21		19
22	# the package is taken from launchpad; that source is static and goes stale	20	# the package is taken from launchpad; that source is static and goes stale
23	# so we check the latest upstream from a directory that does get updated	21	# so we check the latest upstream from a directory that does get updated
24	UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"	22	UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
25		23
		24	S = "${WORKDIR}/work"
		25
		26	PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
		27	PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux"
		28
26	inherit autotools	29	inherit autotools
27		30
		31	EXTRA_OECONF += "--disable-debconf --disable-docs"
		32
		33	NOLOGIN ?= "${base_sbindir}/nologin"
		34
28	do_install () {	35	do_install () {
29	install -d -m 755 ${D}${sbindir}	36	install -d -m 755 ${D}${sbindir}
30	install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/	37	install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/
@@ -36,6 +43,7 @@ do_install () {
36	install -d -m 755 ${D}${datadir}/base-passwd	43	install -d -m 755 ${D}${datadir}/base-passwd
37	install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/	44	install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/
38	sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master	45	sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master
		46	sed -i 's#/usr/sbin/nologin#${NOLOGIN}#' ${D}${datadir}/base-passwd/passwd.master
39	install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/	47	install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/
40		48
41	install -d -m 755 ${D}${docdir}/${BPN}	49	install -d -m 755 ${D}${docdir}/${BPN}
@@ -46,7 +54,7 @@ do_install () {
46	}	54	}
47		55
48	basepasswd_sysroot_postinst() {	56	basepasswd_sysroot_postinst() {
49	#!/bin/sh	57	#!/bin/sh -e
50		58
51	# Install passwd.master and group.master to sysconfdir	59	# Install passwd.master and group.master to sysconfdir
52	install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}	60	install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
@@ -73,7 +81,7 @@ base_passwd_tweaksysroot () {
73	chmod 0755 $dest	81	chmod 0755 $dest
74	}	82	}
75		83
76	python populate_packages_prepend() {	84	python populate_packages:prepend() {
77	# Add in the preinst function for ${PN}	85	# Add in the preinst function for ${PN}
78	# We have to do this here as prior to this, passwd/group.master	86	# We have to do this here as prior to this, passwd/group.master
79	# would be unavailable. We need to create these files at preinst	87	# would be unavailable. We need to create these files at preinst
@@ -98,17 +106,17 @@ if [ ! -e $D${sysconfdir}/group ]; then
98	""" + group + """EOF	106	""" + group + """EOF
99	fi	107	fi
100	"""	108	"""
101	d.setVar(d.expand('pkg_preinst_${PN}'), preinst)	109	d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
102	}	110	}
103		111
104	addtask do_package after do_populate_sysroot	112	addtask do_package after do_populate_sysroot
105		113
106	ALLOW_EMPTY_${PN} = "1"	114	ALLOW_EMPTY:${PN} = "1"
107		115
108	PACKAGES =+ "${PN}-update"	116	PACKAGES =+ "${PN}-update"
109	FILES_${PN}-update = "${sbindir}/* ${datadir}/${PN}"	117	FILES:${PN}-update = "${sbindir}/* ${datadir}/${PN}"
110		118
111	pkg_postinst_${PN}-update () {	119	pkg_postinst:${PN}-update () {
112	#!/bin/sh	120	#!/bin/sh
113	if [ -n "$D" ]; then	121	if [ -n "$D" ]; then
114	exit 0	122	exit 0