diff options
Diffstat (limited to 'meta/recipes-extended/shadow')
16 files changed, 192 insertions, 666 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch deleted file mode 100644 index ab317b9aa0..0000000000 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ /dev/null | |||
@@ -1,123 +0,0 @@ | |||
1 | From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Scott Garman <scott.a.garman@intel.com> | ||
3 | Date: Thu, 14 Apr 2016 12:28:57 +0200 | ||
4 | Subject: [PATCH] Disable use of syslog for sysroot | ||
5 | |||
6 | Disable use of syslog to prevent sysroot user and group additions from | ||
7 | writing entries to the host's syslog. This patch should only be used | ||
8 | with the shadow-native recipe. | ||
9 | |||
10 | Upstream-Status: Inappropriate [disable feature] | ||
11 | |||
12 | Signed-off-by: Scott Garman <scott.a.garman@intel.com> | ||
13 | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> | ||
14 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
15 | |||
16 | --- | ||
17 | src/groupadd.c | 3 +++ | ||
18 | src/groupdel.c | 3 +++ | ||
19 | src/groupmems.c | 3 +++ | ||
20 | src/groupmod.c | 3 +++ | ||
21 | src/useradd.c | 3 +++ | ||
22 | src/userdel.c | 3 +++ | ||
23 | src/usermod.c | 3 +++ | ||
24 | 7 files changed, 21 insertions(+) | ||
25 | |||
26 | diff --git a/src/groupadd.c b/src/groupadd.c | ||
27 | index 2dd8eec..e9c4bb7 100644 | ||
28 | --- a/src/groupadd.c | ||
29 | +++ b/src/groupadd.c | ||
30 | @@ -34,6 +34,9 @@ | ||
31 | |||
32 | #ident "$Id$" | ||
33 | |||
34 | +/* Disable use of syslog since we're running this command against a sysroot */ | ||
35 | +#undef USE_SYSLOG | ||
36 | + | ||
37 | #include <ctype.h> | ||
38 | #include <fcntl.h> | ||
39 | #include <getopt.h> | ||
40 | diff --git a/src/groupdel.c b/src/groupdel.c | ||
41 | index f941a84..5a70056 100644 | ||
42 | --- a/src/groupdel.c | ||
43 | +++ b/src/groupdel.c | ||
44 | @@ -34,6 +34,9 @@ | ||
45 | |||
46 | #ident "$Id$" | ||
47 | |||
48 | +/* Disable use of syslog since we're running this command against a sysroot */ | ||
49 | +#undef USE_SYSLOG | ||
50 | + | ||
51 | #include <ctype.h> | ||
52 | #include <fcntl.h> | ||
53 | #include <grp.h> | ||
54 | diff --git a/src/groupmems.c b/src/groupmems.c | ||
55 | index fc91c8b..2842514 100644 | ||
56 | --- a/src/groupmems.c | ||
57 | +++ b/src/groupmems.c | ||
58 | @@ -32,6 +32,9 @@ | ||
59 | |||
60 | #include <config.h> | ||
61 | |||
62 | +/* Disable use of syslog since we're running this command against a sysroot */ | ||
63 | +#undef USE_SYSLOG | ||
64 | + | ||
65 | #include <fcntl.h> | ||
66 | #include <getopt.h> | ||
67 | #include <grp.h> | ||
68 | diff --git a/src/groupmod.c b/src/groupmod.c | ||
69 | index 1dca5fc..bc14438 100644 | ||
70 | --- a/src/groupmod.c | ||
71 | +++ b/src/groupmod.c | ||
72 | @@ -34,6 +34,9 @@ | ||
73 | |||
74 | #ident "$Id$" | ||
75 | |||
76 | +/* Disable use of syslog since we're running this command against a sysroot */ | ||
77 | +#undef USE_SYSLOG | ||
78 | + | ||
79 | #include <ctype.h> | ||
80 | #include <fcntl.h> | ||
81 | #include <getopt.h> | ||
82 | diff --git a/src/useradd.c b/src/useradd.c | ||
83 | index 4af0f7c..1b7bf06 100644 | ||
84 | --- a/src/useradd.c | ||
85 | +++ b/src/useradd.c | ||
86 | @@ -34,6 +34,9 @@ | ||
87 | |||
88 | #ident "$Id$" | ||
89 | |||
90 | +/* Disable use of syslog since we're running this command against a sysroot */ | ||
91 | +#undef USE_SYSLOG | ||
92 | + | ||
93 | #include <assert.h> | ||
94 | #include <ctype.h> | ||
95 | #include <errno.h> | ||
96 | diff --git a/src/userdel.c b/src/userdel.c | ||
97 | index cc951e5..153e0be 100644 | ||
98 | --- a/src/userdel.c | ||
99 | +++ b/src/userdel.c | ||
100 | @@ -34,6 +34,9 @@ | ||
101 | |||
102 | #ident "$Id$" | ||
103 | |||
104 | +/* Disable use of syslog since we're running this command against a sysroot */ | ||
105 | +#undef USE_SYSLOG | ||
106 | + | ||
107 | #include <assert.h> | ||
108 | #include <errno.h> | ||
109 | #include <fcntl.h> | ||
110 | diff --git a/src/usermod.c b/src/usermod.c | ||
111 | index 05b9871..21c6da9 100644 | ||
112 | --- a/src/usermod.c | ||
113 | +++ b/src/usermod.c | ||
114 | @@ -34,6 +34,9 @@ | ||
115 | |||
116 | #ident "$Id$" | ||
117 | |||
118 | +/* Disable use of syslog since we're running this command against a sysroot */ | ||
119 | +#undef USE_SYSLOG | ||
120 | + | ||
121 | #include <assert.h> | ||
122 | #include <ctype.h> | ||
123 | #include <errno.h> | ||
diff --git a/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch new file mode 100644 index 0000000000..2e5503bfd4 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From af4b8cb780587aa736692a3baa76b60474f19c5d Mon Sep 17 00:00:00 2001 | ||
2 | From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> | ||
3 | Date: Mon, 18 Mar 2024 12:14:21 +0100 | ||
4 | Subject: [PATCH] lib/copydir:copy_entry(): use temporary stat buffer | ||
5 | |||
6 | There are no guarantees that fstatat() does not clobber the stat | ||
7 | buffer on errors. | ||
8 | |||
9 | Use a temporary buffer so that the following code sees correct | ||
10 | attributes of the source entry. | ||
11 | |||
12 | Upstream-Status: Submitted [https://github.com/shadow-maint/shadow/pull/974] | ||
13 | |||
14 | Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> | ||
15 | --- | ||
16 | lib/copydir.c | 3 ++- | ||
17 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
18 | |||
19 | --- a/lib/copydir.c | ||
20 | +++ b/lib/copydir.c | ||
21 | @@ -400,6 +400,7 @@ static int copy_entry (const struct path | ||
22 | { | ||
23 | int err = 0; | ||
24 | struct stat sb; | ||
25 | + struct stat tmp_sb; | ||
26 | struct link_name *lp; | ||
27 | struct timespec mt[2]; | ||
28 | |||
29 | @@ -423,7 +424,7 @@ static int copy_entry (const struct path | ||
30 | * If the destination already exists do nothing. | ||
31 | * This is after the copy_dir above to still iterate into subdirectories. | ||
32 | */ | ||
33 | - if (fstatat(dst->dirfd, dst->name, &sb, AT_SYMLINK_NOFOLLOW) != -1) { | ||
34 | + if (fstatat(dst->dirfd, dst->name, &tmp_sb, AT_SYMLINK_NOFOLLOW) != -1) { | ||
35 | return err; | ||
36 | } | ||
37 | |||
diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch deleted file mode 100644 index c6332e4f76..0000000000 --- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch +++ /dev/null | |||
@@ -1,301 +0,0 @@ | |||
1 | From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001 | ||
2 | From: Chen Qi <Qi.Chen@windriver.com> | ||
3 | Date: Sat, 16 Nov 2013 15:27:47 +0800 | ||
4 | Subject: [PATCH] Allow for setting password in clear text | ||
5 | |||
6 | Upstream-Status: Inappropriate [OE specific] | ||
7 | |||
8 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
9 | |||
10 | --- | ||
11 | src/Makefile.am | 8 ++++---- | ||
12 | src/groupadd.c | 20 +++++++++++++++----- | ||
13 | src/groupmod.c | 20 +++++++++++++++----- | ||
14 | src/useradd.c | 21 +++++++++++++++------ | ||
15 | src/usermod.c | 20 +++++++++++++++----- | ||
16 | 5 files changed, 64 insertions(+), 25 deletions(-) | ||
17 | |||
18 | diff --git a/src/Makefile.am b/src/Makefile.am | ||
19 | index f31fd7a..4a317a3 100644 | ||
20 | --- a/src/Makefile.am | ||
21 | +++ b/src/Makefile.am | ||
22 | @@ -103,10 +103,10 @@ chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) | ||
23 | chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) | ||
24 | expiry_LDADD = $(LDADD) $(LIBECONF) | ||
25 | gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) | ||
26 | -groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
27 | +groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT) | ||
28 | groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
29 | groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
30 | -groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
31 | +groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT) | ||
32 | grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
33 | grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
34 | grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
35 | @@ -127,9 +127,9 @@ su_SOURCES = \ | ||
36 | suauth.c | ||
37 | su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) | ||
38 | sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) | ||
39 | -useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) | ||
40 | +useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) | ||
41 | userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) | ||
42 | -usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) | ||
43 | +usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) | ||
44 | vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) | ||
45 | |||
46 | install-am: all-am | ||
47 | diff --git a/src/groupadd.c b/src/groupadd.c | ||
48 | index e9c4bb7..d572c00 100644 | ||
49 | --- a/src/groupadd.c | ||
50 | +++ b/src/groupadd.c | ||
51 | @@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status) | ||
52 | (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" | ||
53 | " (non-unique) GID\n"), usageout); | ||
54 | (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); | ||
55 | + (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); | ||
56 | (void) fputs (_(" -r, --system create a system account\n"), usageout); | ||
57 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | ||
58 | - (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout); | ||
59 | + (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout); | ||
60 | (void) fputs ("\n", usageout); | ||
61 | exit (status); | ||
62 | } | ||
63 | @@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv) | ||
64 | {"key", required_argument, NULL, 'K'}, | ||
65 | {"non-unique", no_argument, NULL, 'o'}, | ||
66 | {"password", required_argument, NULL, 'p'}, | ||
67 | + {"clear-password", required_argument, NULL, 'P'}, | ||
68 | {"system", no_argument, NULL, 'r'}, | ||
69 | {"root", required_argument, NULL, 'R'}, | ||
70 | - {"prefix", required_argument, NULL, 'P'}, | ||
71 | + {"prefix", required_argument, NULL, 'A'}, | ||
72 | {NULL, 0, NULL, '\0'} | ||
73 | }; | ||
74 | |||
75 | - while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:", | ||
76 | + while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:", | ||
77 | long_options, NULL)) != -1) { | ||
78 | switch (c) { | ||
79 | case 'f': | ||
80 | @@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv) | ||
81 | pflg = true; | ||
82 | group_passwd = optarg; | ||
83 | break; | ||
84 | + case 'P': | ||
85 | + pflg = true; | ||
86 | + group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); | ||
87 | + break; | ||
88 | case 'r': | ||
89 | rflg = true; | ||
90 | break; | ||
91 | case 'R': /* no-op, handled in process_root_flag () */ | ||
92 | break; | ||
93 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
94 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
95 | + fprintf (stderr, | ||
96 | + _("%s: -A is deliberately not supported \n"), | ||
97 | + Prog); | ||
98 | + exit (E_BAD_ARG); | ||
99 | break; | ||
100 | default: | ||
101 | usage (E_USAGE); | ||
102 | @@ -588,7 +598,7 @@ int main (int argc, char **argv) | ||
103 | (void) textdomain (PACKAGE); | ||
104 | |||
105 | process_root_flag ("-R", argc, argv); | ||
106 | - prefix = process_prefix_flag ("-P", argc, argv); | ||
107 | + prefix = process_prefix_flag ("-A", argc, argv); | ||
108 | |||
109 | OPENLOG ("groupadd"); | ||
110 | #ifdef WITH_AUDIT | ||
111 | diff --git a/src/groupmod.c b/src/groupmod.c | ||
112 | index bc14438..25ccb44 100644 | ||
113 | --- a/src/groupmod.c | ||
114 | +++ b/src/groupmod.c | ||
115 | @@ -138,8 +138,9 @@ static void usage (int status) | ||
116 | (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); | ||
117 | (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" | ||
118 | " PASSWORD\n"), usageout); | ||
119 | + (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); | ||
120 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | ||
121 | - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
122 | + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
123 | (void) fputs ("\n", usageout); | ||
124 | exit (status); | ||
125 | } | ||
126 | @@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv) | ||
127 | {"new-name", required_argument, NULL, 'n'}, | ||
128 | {"non-unique", no_argument, NULL, 'o'}, | ||
129 | {"password", required_argument, NULL, 'p'}, | ||
130 | + {"clear-password", required_argument, NULL, 'P'}, | ||
131 | {"root", required_argument, NULL, 'R'}, | ||
132 | - {"prefix", required_argument, NULL, 'P'}, | ||
133 | + {"prefix", required_argument, NULL, 'A'}, | ||
134 | {NULL, 0, NULL, '\0'} | ||
135 | }; | ||
136 | - while ((c = getopt_long (argc, argv, "g:hn:op:R:P:", | ||
137 | + while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:", | ||
138 | long_options, NULL)) != -1) { | ||
139 | switch (c) { | ||
140 | case 'g': | ||
141 | @@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv) | ||
142 | group_passwd = optarg; | ||
143 | pflg = true; | ||
144 | break; | ||
145 | + case 'P': | ||
146 | + group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); | ||
147 | + pflg = true; | ||
148 | + break; | ||
149 | case 'R': /* no-op, handled in process_root_flag () */ | ||
150 | break; | ||
151 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
152 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
153 | + fprintf (stderr, | ||
154 | + _("%s: -A is deliberately not supported \n"), | ||
155 | + Prog); | ||
156 | + exit (E_BAD_ARG); | ||
157 | break; | ||
158 | default: | ||
159 | usage (E_USAGE); | ||
160 | @@ -761,7 +771,7 @@ int main (int argc, char **argv) | ||
161 | (void) textdomain (PACKAGE); | ||
162 | |||
163 | process_root_flag ("-R", argc, argv); | ||
164 | - prefix = process_prefix_flag ("-P", argc, argv); | ||
165 | + prefix = process_prefix_flag ("-A", argc, argv); | ||
166 | |||
167 | OPENLOG ("groupmod"); | ||
168 | #ifdef WITH_AUDIT | ||
169 | diff --git a/src/useradd.c b/src/useradd.c | ||
170 | index 1b7bf06..44f09e2 100644 | ||
171 | --- a/src/useradd.c | ||
172 | +++ b/src/useradd.c | ||
173 | @@ -853,9 +853,10 @@ static void usage (int status) | ||
174 | (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" | ||
175 | " (non-unique) UID\n"), usageout); | ||
176 | (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); | ||
177 | + (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); | ||
178 | (void) fputs (_(" -r, --system create a system account\n"), usageout); | ||
179 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | ||
180 | - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
181 | + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
182 | (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); | ||
183 | (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout); | ||
184 | (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout); | ||
185 | @@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv) | ||
186 | {"no-user-group", no_argument, NULL, 'N'}, | ||
187 | {"non-unique", no_argument, NULL, 'o'}, | ||
188 | {"password", required_argument, NULL, 'p'}, | ||
189 | + {"clear-password", required_argument, NULL, 'P'}, | ||
190 | {"system", no_argument, NULL, 'r'}, | ||
191 | {"root", required_argument, NULL, 'R'}, | ||
192 | - {"prefix", required_argument, NULL, 'P'}, | ||
193 | + {"prefix", required_argument, NULL, 'A'}, | ||
194 | {"shell", required_argument, NULL, 's'}, | ||
195 | {"uid", required_argument, NULL, 'u'}, | ||
196 | {"user-group", no_argument, NULL, 'U'}, | ||
197 | @@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv) | ||
198 | }; | ||
199 | while ((c = getopt_long (argc, argv, | ||
200 | #ifdef WITH_SELINUX | ||
201 | - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", | ||
202 | + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:", | ||
203 | #else /* !WITH_SELINUX */ | ||
204 | - "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", | ||
205 | + "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U", | ||
206 | #endif /* !WITH_SELINUX */ | ||
207 | long_options, NULL)) != -1) { | ||
208 | switch (c) { | ||
209 | @@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv) | ||
210 | } | ||
211 | user_pass = optarg; | ||
212 | break; | ||
213 | + case 'P': /* set clear text password */ | ||
214 | + user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); | ||
215 | + break; | ||
216 | case 'r': | ||
217 | rflg = true; | ||
218 | break; | ||
219 | case 'R': /* no-op, handled in process_root_flag () */ | ||
220 | break; | ||
221 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
222 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
223 | + fprintf (stderr, | ||
224 | + _("%s: -A is deliberately not supported \n"), | ||
225 | + Prog); | ||
226 | + exit (E_BAD_ARG); | ||
227 | break; | ||
228 | case 's': | ||
229 | if ( ( !VALID (optarg) ) | ||
230 | @@ -2257,7 +2266,7 @@ int main (int argc, char **argv) | ||
231 | |||
232 | process_root_flag ("-R", argc, argv); | ||
233 | |||
234 | - prefix = process_prefix_flag("-P", argc, argv); | ||
235 | + prefix = process_prefix_flag("-A", argc, argv); | ||
236 | |||
237 | OPENLOG ("useradd"); | ||
238 | #ifdef WITH_AUDIT | ||
239 | diff --git a/src/usermod.c b/src/usermod.c | ||
240 | index 21c6da9..cffdb3e 100644 | ||
241 | --- a/src/usermod.c | ||
242 | +++ b/src/usermod.c | ||
243 | @@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status) | ||
244 | " new location (use only with -d)\n"), usageout); | ||
245 | (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); | ||
246 | (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); | ||
247 | + (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); | ||
248 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | ||
249 | - (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
250 | + (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); | ||
251 | (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); | ||
252 | (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); | ||
253 | (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout); | ||
254 | @@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv) | ||
255 | {"move-home", no_argument, NULL, 'm'}, | ||
256 | {"non-unique", no_argument, NULL, 'o'}, | ||
257 | {"password", required_argument, NULL, 'p'}, | ||
258 | + {"clear-password", required_argument, NULL, 'P'}, | ||
259 | {"root", required_argument, NULL, 'R'}, | ||
260 | - {"prefix", required_argument, NULL, 'P'}, | ||
261 | + {"prefix", required_argument, NULL, 'A'}, | ||
262 | {"shell", required_argument, NULL, 's'}, | ||
263 | {"uid", required_argument, NULL, 'u'}, | ||
264 | {"unlock", no_argument, NULL, 'U'}, | ||
265 | @@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv) | ||
266 | {NULL, 0, NULL, '\0'} | ||
267 | }; | ||
268 | while ((c = getopt_long (argc, argv, | ||
269 | - "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:" | ||
270 | + "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:" | ||
271 | #ifdef ENABLE_SUBIDS | ||
272 | "v:w:V:W:" | ||
273 | #endif /* ENABLE_SUBIDS */ | ||
274 | @@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv) | ||
275 | user_pass = optarg; | ||
276 | pflg = true; | ||
277 | break; | ||
278 | + case 'P': | ||
279 | + user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); | ||
280 | + pflg = true; | ||
281 | + break; | ||
282 | case 'R': /* no-op, handled in process_root_flag () */ | ||
283 | break; | ||
284 | - case 'P': /* no-op, handled in process_prefix_flag () */ | ||
285 | + case 'A': /* no-op, handled in process_prefix_flag () */ | ||
286 | + fprintf (stderr, | ||
287 | + _("%s: -A is deliberately not supported \n"), | ||
288 | + Prog); | ||
289 | + exit (E_BAD_ARG); | ||
290 | break; | ||
291 | case 's': | ||
292 | if (!VALID (optarg)) { | ||
293 | @@ -2127,7 +2137,7 @@ int main (int argc, char **argv) | ||
294 | (void) textdomain (PACKAGE); | ||
295 | |||
296 | process_root_flag ("-R", argc, argv); | ||
297 | - prefix = process_prefix_flag ("-P", argc, argv); | ||
298 | + prefix = process_prefix_flag ("-A", argc, argv); | ||
299 | |||
300 | OPENLOG ("usermod"); | ||
301 | #ifdef WITH_AUDIT | ||
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index 9825216369..cd99aad135 100644 --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001 | 1 | From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001 |
2 | From: Chen Qi <Qi.Chen@windriver.com> | 2 | From: Chen Qi <Qi.Chen@windriver.com> |
3 | Date: Thu, 17 Jul 2014 15:53:34 +0800 | 3 | Date: Thu, 17 Jul 2014 15:53:34 +0800 |
4 | Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env | 4 | Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env |
@@ -15,32 +15,31 @@ Note that this patch doesn't change the logic in the code, it just expands | |||
15 | the codes. | 15 | the codes. |
16 | 16 | ||
17 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | 17 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> |
18 | |||
19 | --- | 18 | --- |
20 | lib/commonio.c | 16 ++++++++++++---- | 19 | lib/commonio.c | 16 ++++++++++++---- |
21 | 1 file changed, 12 insertions(+), 4 deletions(-) | 20 | 1 file changed, 12 insertions(+), 4 deletions(-) |
22 | 21 | ||
23 | diff --git a/lib/commonio.c b/lib/commonio.c | 22 | diff --git a/lib/commonio.c b/lib/commonio.c |
24 | index 16fa7e7..d6bc297 100644 | 23 | index 01a26c9..82b2868 100644 |
25 | --- a/lib/commonio.c | 24 | --- a/lib/commonio.c |
26 | +++ b/lib/commonio.c | 25 | +++ b/lib/commonio.c |
27 | @@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode) | 26 | @@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode) |
28 | db->cursor = NULL; | 27 | db->cursor = NULL; |
29 | db->changed = false; | 28 | db->changed = false; |
30 | 29 | ||
31 | - fd = open (db->filename, | 30 | - fd = open (db->filename, |
32 | - (db->readonly ? O_RDONLY : O_RDWR) | 31 | - (db->readonly ? O_RDONLY : O_RDWR) |
33 | - | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); | 32 | - | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); |
34 | - saved_errno = errno; | 33 | - saved_errno = errno; |
35 | + if (db->readonly) { | 34 | + if (db->readonly) { |
36 | + fd = open (db->filename, | 35 | + fd = open (db->filename, |
37 | + (true ? O_RDONLY : O_RDWR) | 36 | + (true ? O_RDONLY : O_RDWR) |
38 | + | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); | 37 | + | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); |
39 | + saved_errno = errno; | 38 | + saved_errno = errno; |
40 | + } else { | 39 | + } else { |
41 | + fd = open (db->filename, | 40 | + fd = open (db->filename, |
42 | + (false ? O_RDONLY : O_RDWR) | 41 | + (false ? O_RDONLY : O_RDWR) |
43 | + | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); | 42 | + | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC); |
44 | + saved_errno = errno; | 43 | + saved_errno = errno; |
45 | + } | 44 | + } |
46 | + | 45 | + |
diff --git a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot index 8a68dd341a..09df77d2e7 100644 --- a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot +++ b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot | |||
@@ -1,3 +1,4 @@ | |||
1 | # SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0 | ||
1 | # | 2 | # |
2 | # /etc/login.defs - Configuration control definitions for the shadow package. | 3 | # /etc/login.defs - Configuration control definitions for the shadow package. |
3 | # | 4 | # |
diff --git a/meta/recipes-extended/shadow/files/pam.d/login b/meta/recipes-extended/shadow/files/pam.d/login index b340058539..d39e09b1ea 100644 --- a/meta/recipes-extended/shadow/files/pam.d/login +++ b/meta/recipes-extended/shadow/files/pam.d/login | |||
@@ -57,10 +57,6 @@ auth optional pam_group.so | |||
57 | # (Replaces the use of /etc/limits in old login) | 57 | # (Replaces the use of /etc/limits in old login) |
58 | session required pam_limits.so | 58 | session required pam_limits.so |
59 | 59 | ||
60 | # Prints the last login info upon succesful login | ||
61 | # (Replaces the `LASTLOG_ENAB' option from login.defs) | ||
62 | session optional pam_lastlog.so | ||
63 | |||
64 | # Prints the motd upon succesful login | 60 | # Prints the motd upon succesful login |
65 | # (Replaces the `MOTD_FILE' option in login.defs) | 61 | # (Replaces the `MOTD_FILE' option in login.defs) |
66 | session optional pam_motd.so | 62 | session optional pam_motd.so |
diff --git a/meta/recipes-extended/shadow/files/securetty b/meta/recipes-extended/shadow/files/securetty index 2be341a216..820728faa6 100644 --- a/meta/recipes-extended/shadow/files/securetty +++ b/meta/recipes-extended/shadow/files/securetty | |||
@@ -7,6 +7,7 @@ ttyS0 | |||
7 | ttyS1 | 7 | ttyS1 |
8 | ttyS2 | 8 | ttyS2 |
9 | ttyS3 | 9 | ttyS3 |
10 | ttyS4 | ||
10 | 11 | ||
11 | # ARM AMBA SoCs | 12 | # ARM AMBA SoCs |
12 | ttyAM0 | 13 | ttyAM0 |
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch deleted file mode 100644 index a7bb0a9290..0000000000 --- a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | # commit message copied from openembedded: | ||
2 | # commit 246c80637b135f3a113d319b163422f98174ee6c | ||
3 | # Author: Khem Raj <raj.khem@gmail.com> | ||
4 | # Date: Wed Jun 9 13:37:03 2010 -0700 | ||
5 | # | ||
6 | # shadow-4.1.4.2: Add patches to support dots in login id. | ||
7 | # | ||
8 | # Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
9 | # | ||
10 | # comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 | ||
11 | |||
12 | Upstream-Status: Pending | ||
13 | |||
14 | Signed-off-by: Scott Garman <scott.a.garman@intel.com> | ||
15 | |||
16 | Index: shadow-4.1.4.2/libmisc/chkname.c | ||
17 | =================================================================== | ||
18 | --- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700 | ||
19 | +++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700 | ||
20 | @@ -61,6 +61,7 @@ static bool is_valid_name (const char *n | ||
21 | ( ('0' <= *name) && ('9' >= *name) ) || | ||
22 | ('_' == *name) || | ||
23 | ('-' == *name) || | ||
24 | + ('.' == *name) || | ||
25 | ( ('$' == *name) && ('\0' == *(name + 1)) ) | ||
26 | )) { | ||
27 | return false; | ||
diff --git a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch deleted file mode 100644 index cc833362e9..0000000000 --- a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch +++ /dev/null | |||
@@ -1,111 +0,0 @@ | |||
1 | From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001 | ||
2 | From: Shan Hai <shan.hai@windriver.com> | ||
3 | Date: Tue, 13 Sep 2016 13:45:46 +0800 | ||
4 | Subject: [PATCH] shadow: use relaxed usernames | ||
5 | |||
6 | The groupadd from shadow does not allow upper case group names, the | ||
7 | same is true for the upstream shadow. But distributions like | ||
8 | Debian/Ubuntu/CentOS has their own way to cope with this problem, | ||
9 | this patch is picked up from CentOS release 7.0 to relax the usernames | ||
10 | restrictions to allow the upper case group names, and the relaxation is | ||
11 | POSIX compliant because POSIX indicate that usernames are composed of | ||
12 | characters from the portable filename character set [A-Za-z0-9._-]. | ||
13 | |||
14 | Upstream-Status: Pending | ||
15 | |||
16 | Signed-off-by: Shan Hai <shan.hai@windriver.com> | ||
17 | |||
18 | --- | ||
19 | libmisc/chkname.c | 30 ++++++++++++++++++------------ | ||
20 | man/groupadd.8.xml | 6 ------ | ||
21 | man/useradd.8.xml | 8 +------- | ||
22 | 3 files changed, 19 insertions(+), 25 deletions(-) | ||
23 | |||
24 | diff --git a/libmisc/chkname.c b/libmisc/chkname.c | ||
25 | index 90f185c..65762b4 100644 | ||
26 | --- a/libmisc/chkname.c | ||
27 | +++ b/libmisc/chkname.c | ||
28 | @@ -55,22 +55,28 @@ static bool is_valid_name (const char *name) | ||
29 | } | ||
30 | |||
31 | /* | ||
32 | - * User/group names must match [a-z_][a-z0-9_-]*[$] | ||
33 | - */ | ||
34 | - | ||
35 | - if (('\0' == *name) || | ||
36 | - !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { | ||
37 | + * User/group names must match gnu e-regex: | ||
38 | + * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? | ||
39 | + * | ||
40 | + * as a non-POSIX, extension, allow "$" as the last char for | ||
41 | + * sake of Samba 3.x "add machine script" | ||
42 | + */ | ||
43 | + if ( ('\0' == *name) || | ||
44 | + !((*name >= 'a' && *name <= 'z') || | ||
45 | + (*name >= 'A' && *name <= 'Z') || | ||
46 | + (*name >= '0' && *name <= '9') || | ||
47 | + (*name == '_') || (*name == '.') | ||
48 | + )) { | ||
49 | return false; | ||
50 | } | ||
51 | |||
52 | while ('\0' != *++name) { | ||
53 | - if (!(( ('a' <= *name) && ('z' >= *name) ) || | ||
54 | - ( ('0' <= *name) && ('9' >= *name) ) || | ||
55 | - ('_' == *name) || | ||
56 | - ('-' == *name) || | ||
57 | - ('.' == *name) || | ||
58 | - ( ('$' == *name) && ('\0' == *(name + 1)) ) | ||
59 | - )) { | ||
60 | + if (!( (*name >= 'a' && *name <= 'z') || | ||
61 | + (*name >= 'A' && *name <= 'Z') || | ||
62 | + (*name >= '0' && *name <= '9') || | ||
63 | + (*name == '_') || (*name == '.') || (*name == '-') || | ||
64 | + (*name == '$' && *(name + 1) == '\0') | ||
65 | + )) { | ||
66 | return false; | ||
67 | } | ||
68 | } | ||
69 | diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml | ||
70 | index 1e58f09..d804b61 100644 | ||
71 | --- a/man/groupadd.8.xml | ||
72 | +++ b/man/groupadd.8.xml | ||
73 | @@ -272,12 +272,6 @@ | ||
74 | |||
75 | <refsect1 id='caveats'> | ||
76 | <title>CAVEATS</title> | ||
77 | - <para> | ||
78 | - Groupnames must start with a lower case letter or an underscore, | ||
79 | - followed by lower case letters, digits, underscores, or dashes. | ||
80 | - They can end with a dollar sign. | ||
81 | - In regular expression terms: [a-z_][a-z0-9_-]*[$]? | ||
82 | - </para> | ||
83 | <para> | ||
84 | Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. | ||
85 | </para> | ||
86 | diff --git a/man/useradd.8.xml b/man/useradd.8.xml | ||
87 | index a16d730..c0bd777 100644 | ||
88 | --- a/man/useradd.8.xml | ||
89 | +++ b/man/useradd.8.xml | ||
90 | @@ -366,7 +366,7 @@ | ||
91 | </term> | ||
92 | <listitem> | ||
93 | <para> | ||
94 | - Do no create the user's home directory, even if the system | ||
95 | + Do not create the user's home directory, even if the system | ||
96 | wide setting from <filename>/etc/login.defs</filename> | ||
97 | (<option>CREATE_HOME</option>) is set to | ||
98 | <replaceable>yes</replaceable>. | ||
99 | @@ -660,12 +660,6 @@ | ||
100 | the user account creation request. | ||
101 | </para> | ||
102 | |||
103 | - <para> | ||
104 | - Usernames must start with a lower case letter or an underscore, | ||
105 | - followed by lower case letters, digits, underscores, or dashes. | ||
106 | - They can end with a dollar sign. | ||
107 | - In regular expression terms: [a-z_][a-z0-9_-]*[$]? | ||
108 | - </para> | ||
109 | <para> | ||
110 | Usernames may only be up to 32 characters long. | ||
111 | </para> | ||
diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch index 15f8044fa2..1eacb8a53f 100644 --- a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch | |||
@@ -1,88 +1,115 @@ | |||
1 | From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001 | ||
2 | From: Kang Kai <kai.kang@windriver.com> | ||
3 | Date: Wed, 20 Jul 2011 19:18:14 +0800 | ||
4 | Subject: [PATCH] shadow: update pam related configure files | ||
5 | |||
1 | The system-auth in the configure files is from Fedora which put all the 4 pam type rules | 6 | The system-auth in the configure files is from Fedora which put all the 4 pam type rules |
2 | in one file. | 7 | in one file. |
3 | In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, | 8 | In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, |
4 | common-password and common-session. | 9 | common-password and common-session. |
5 | So update them with oe way. | 10 | So update them with oe way. |
6 | 11 | ||
7 | Upstream-Status: Pending | 12 | See meta/recipes-extended/pam/libpam/pam.d/common-password |
13 | |||
14 | Upstream-Status: Inappropriate [oe-core specific] | ||
8 | 15 | ||
9 | Signed-off-by: Kang Kai <kai.kang@windriver.com> | 16 | Signed-off-by: Kang Kai <kai.kang@windriver.com> |
17 | --- | ||
18 | etc/pam.d/chage | 2 +- | ||
19 | etc/pam.d/chgpasswd | 2 +- | ||
20 | etc/pam.d/groupadd | 2 +- | ||
21 | etc/pam.d/groupdel | 2 +- | ||
22 | etc/pam.d/groupmems | 2 +- | ||
23 | etc/pam.d/groupmod | 2 +- | ||
24 | etc/pam.d/useradd | 2 +- | ||
25 | etc/pam.d/userdel | 2 +- | ||
26 | etc/pam.d/usermod | 2 +- | ||
27 | 9 files changed, 9 insertions(+), 9 deletions(-) | ||
10 | 28 | ||
11 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage | 29 | diff --git a/etc/pam.d/chage b/etc/pam.d/chage |
12 | --- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 | 30 | index 8f49f5c..b1f365d 100644 |
13 | +++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 | 31 | --- a/etc/pam.d/chage |
32 | +++ b/etc/pam.d/chage | ||
14 | @@ -1,4 +1,4 @@ | 33 | @@ -1,4 +1,4 @@ |
15 | #%PAM-1.0 | 34 | #%PAM-1.0 |
16 | auth sufficient pam_rootok.so | 35 | auth sufficient pam_rootok.so |
17 | account required pam_permit.so | 36 | account required pam_permit.so |
18 | -password include system-auth | 37 | -password include system-auth |
19 | +password include common-password | 38 | +password include common-password |
20 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd | 39 | diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd |
21 | --- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 | 40 | index 8f49f5c..b1f365d 100644 |
22 | +++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 | 41 | --- a/etc/pam.d/chgpasswd |
42 | +++ b/etc/pam.d/chgpasswd | ||
23 | @@ -1,4 +1,4 @@ | 43 | @@ -1,4 +1,4 @@ |
24 | #%PAM-1.0 | 44 | #%PAM-1.0 |
25 | auth sufficient pam_rootok.so | 45 | auth sufficient pam_rootok.so |
26 | account required pam_permit.so | 46 | account required pam_permit.so |
27 | -password include system-auth | 47 | -password include system-auth |
28 | +password include common-password | 48 | +password include common-password |
29 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd | 49 | diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd |
30 | --- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 | 50 | index 8f49f5c..b1f365d 100644 |
31 | +++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 | 51 | --- a/etc/pam.d/groupadd |
52 | +++ b/etc/pam.d/groupadd | ||
32 | @@ -1,4 +1,4 @@ | 53 | @@ -1,4 +1,4 @@ |
33 | #%PAM-1.0 | 54 | #%PAM-1.0 |
34 | auth sufficient pam_rootok.so | 55 | auth sufficient pam_rootok.so |
35 | account required pam_permit.so | 56 | account required pam_permit.so |
36 | -password include system-auth | 57 | -password include system-auth |
37 | +password include common-password | 58 | +password include common-password |
38 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel | 59 | diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel |
39 | --- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 | 60 | index 8f49f5c..b1f365d 100644 |
40 | +++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 | 61 | --- a/etc/pam.d/groupdel |
62 | +++ b/etc/pam.d/groupdel | ||
41 | @@ -1,4 +1,4 @@ | 63 | @@ -1,4 +1,4 @@ |
42 | #%PAM-1.0 | 64 | #%PAM-1.0 |
43 | auth sufficient pam_rootok.so | 65 | auth sufficient pam_rootok.so |
44 | account required pam_permit.so | 66 | account required pam_permit.so |
45 | -password include system-auth | 67 | -password include system-auth |
46 | +password include common-password | 68 | +password include common-password |
47 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems | 69 | diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems |
48 | --- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 | 70 | index 8f49f5c..b1f365d 100644 |
49 | +++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 | 71 | --- a/etc/pam.d/groupmems |
72 | +++ b/etc/pam.d/groupmems | ||
50 | @@ -1,4 +1,4 @@ | 73 | @@ -1,4 +1,4 @@ |
51 | #%PAM-1.0 | 74 | #%PAM-1.0 |
52 | auth sufficient pam_rootok.so | 75 | auth sufficient pam_rootok.so |
53 | account required pam_permit.so | 76 | account required pam_permit.so |
54 | -password include system-auth | 77 | -password include system-auth |
55 | +password include common-password | 78 | +password include common-password |
56 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod | 79 | diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod |
57 | --- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 | 80 | index 8f49f5c..b1f365d 100644 |
58 | +++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 | 81 | --- a/etc/pam.d/groupmod |
82 | +++ b/etc/pam.d/groupmod | ||
59 | @@ -1,4 +1,4 @@ | 83 | @@ -1,4 +1,4 @@ |
60 | #%PAM-1.0 | 84 | #%PAM-1.0 |
61 | auth sufficient pam_rootok.so | 85 | auth sufficient pam_rootok.so |
62 | account required pam_permit.so | 86 | account required pam_permit.so |
63 | -password include system-auth | 87 | -password include system-auth |
64 | +password include common-password | 88 | +password include common-password |
65 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd | 89 | diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd |
66 | --- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 | 90 | index 8f49f5c..b1f365d 100644 |
67 | +++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 | 91 | --- a/etc/pam.d/useradd |
92 | +++ b/etc/pam.d/useradd | ||
68 | @@ -1,4 +1,4 @@ | 93 | @@ -1,4 +1,4 @@ |
69 | #%PAM-1.0 | 94 | #%PAM-1.0 |
70 | auth sufficient pam_rootok.so | 95 | auth sufficient pam_rootok.so |
71 | account required pam_permit.so | 96 | account required pam_permit.so |
72 | -password include system-auth | 97 | -password include system-auth |
73 | +password include common-password | 98 | +password include common-password |
74 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel | 99 | diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel |
75 | --- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 | 100 | index 8f49f5c..b1f365d 100644 |
76 | +++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 | 101 | --- a/etc/pam.d/userdel |
102 | +++ b/etc/pam.d/userdel | ||
77 | @@ -1,4 +1,4 @@ | 103 | @@ -1,4 +1,4 @@ |
78 | #%PAM-1.0 | 104 | #%PAM-1.0 |
79 | auth sufficient pam_rootok.so | 105 | auth sufficient pam_rootok.so |
80 | account required pam_permit.so | 106 | account required pam_permit.so |
81 | -password include system-auth | 107 | -password include system-auth |
82 | +password include common-password | 108 | +password include common-password |
83 | diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod | 109 | diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod |
84 | --- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 | 110 | index 8f49f5c..b1f365d 100644 |
85 | +++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 | 111 | --- a/etc/pam.d/usermod |
112 | +++ b/etc/pam.d/usermod | ||
86 | @@ -1,4 +1,4 @@ | 113 | @@ -1,4 +1,4 @@ |
87 | #%PAM-1.0 | 114 | #%PAM-1.0 |
88 | auth sufficient pam_rootok.so | 115 | auth sufficient pam_rootok.so |
diff --git a/meta/recipes-extended/shadow/files/useradd b/meta/recipes-extended/shadow/files/useradd new file mode 100644 index 0000000000..782aeef418 --- /dev/null +++ b/meta/recipes-extended/shadow/files/useradd | |||
@@ -0,0 +1,8 @@ | |||
1 | # useradd defaults file | ||
2 | GROUP=100 | ||
3 | HOME=/home | ||
4 | INACTIVE=-1 | ||
5 | EXPIRE= | ||
6 | SHELL=/bin/sh | ||
7 | SKEL=/etc/skel | ||
8 | CREATE_MAIL_SPOOL=no | ||
diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb index c78f888cf4..fe51ea1874 100644 --- a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb +++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb | |||
@@ -5,7 +5,6 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 | |||
5 | 5 | ||
6 | INHIBIT_DEFAULT_DEPS = "1" | 6 | INHIBIT_DEFAULT_DEPS = "1" |
7 | 7 | ||
8 | PR = "r3" | ||
9 | 8 | ||
10 | SRC_URI = "file://securetty" | 9 | SRC_URI = "file://securetty" |
11 | 10 | ||
diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index 1f6232e43c..00ab58b38c 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb | |||
@@ -2,12 +2,11 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass" | |||
2 | HOMEPAGE = "http://github.com/shadow-maint/shadow" | 2 | HOMEPAGE = "http://github.com/shadow-maint/shadow" |
3 | BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" | 3 | BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" |
4 | SECTION = "base utils" | 4 | SECTION = "base utils" |
5 | LICENSE = "BSD | Artistic-1.0" | 5 | LICENSE = "BSD-3-Clause | Artistic-1.0" |
6 | LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" | 6 | LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;endline=1;md5=ceddfb61608e4db87012499555184aed" |
7 | 7 | ||
8 | DEPENDS = "base-passwd" | 8 | DEPENDS = "base-passwd" |
9 | 9 | ||
10 | PR = "r3" | ||
11 | 10 | ||
12 | # The sole purpose of this recipe is to provide the /etc/login.defs | 11 | # The sole purpose of this recipe is to provide the /etc/login.defs |
13 | # file for the target sysroot - needed so the shadow-native utilities | 12 | # file for the target sysroot - needed so the shadow-native utilities |
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 4ae7a78c52..c15715fc77 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc | |||
@@ -1,36 +1,31 @@ | |||
1 | SUMMARY = "Tools to change and administer password and group data" | 1 | SUMMARY = "Tools to change and administer password and group data" |
2 | HOMEPAGE = "http://github.com/shadow-maint/shadow" | 2 | HOMEPAGE = "http://github.com/shadow-maint/shadow" |
3 | DESCRIPTION = "${SUMMARY}" | ||
3 | BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" | 4 | BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" |
4 | SECTION = "base/utils" | 5 | SECTION = "base/utils" |
5 | LICENSE = "BSD | Artistic-1.0" | 6 | LICENSE = "BSD-3-Clause" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ | 7 | LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ |
7 | file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af" | 8 | file://src/passwd.c;beginline=2;endline=7;md5=67bcf314687820b2f010d4863fce3fc5 \ |
9 | " | ||
8 | 10 | ||
9 | DEPENDS = "virtual/crypt" | 11 | DEPENDS = "virtual/crypt" |
10 | 12 | ||
11 | UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" | 13 | GITHUB_BASE_URI = "https://github.com/shadow-maint/shadow/releases" |
12 | SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ | 14 | SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \ |
13 | file://shadow-4.1.3-dots-in-usernames.patch \ | 15 | file://0001-lib-copydir-copy_entry-use-temporary-stat-buffer.patch \ |
14 | ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ | 16 | ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ |
15 | file://shadow-relaxed-usernames.patch \ | 17 | file://useradd \ |
16 | " | 18 | " |
17 | 19 | ||
18 | SRC_URI_append_class-target = " \ | 20 | SRC_URI:append:class-target = " \ |
19 | file://login_defs_pam.sed \ | 21 | file://login_defs_pam.sed \ |
20 | file://shadow-update-pam-conf.patch \ | 22 | file://shadow-update-pam-conf.patch \ |
21 | " | 23 | " |
22 | 24 | ||
23 | SRC_URI_append_class-native = " \ | 25 | SRC_URI:append:class-native = " \ |
24 | file://0001-Disable-use-of-syslog-for-sysroot.patch \ | ||
25 | file://0002-Allow-for-setting-password-in-clear-text.patch \ | ||
26 | file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ | 26 | file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ |
27 | " | 27 | " |
28 | SRC_URI_append_class-nativesdk = " \ | 28 | SRC_URI[sha256sum] = "377fe0d7c1a0aa5e3514c08fdf5ddc70c9dcbb391678c2134445ed97326bcc26" |
29 | file://0001-Disable-use-of-syslog-for-sysroot.patch \ | ||
30 | " | ||
31 | |||
32 | SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480" | ||
33 | SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a" | ||
34 | 29 | ||
35 | # Additional Policy files for PAM | 30 | # Additional Policy files for PAM |
36 | PAM_SRC_URI = "file://pam.d/chfn \ | 31 | PAM_SRC_URI = "file://pam.d/chfn \ |
@@ -41,22 +36,22 @@ PAM_SRC_URI = "file://pam.d/chfn \ | |||
41 | file://pam.d/passwd \ | 36 | file://pam.d/passwd \ |
42 | file://pam.d/su" | 37 | file://pam.d/su" |
43 | 38 | ||
44 | inherit autotools gettext | 39 | inherit autotools gettext github-releases pkgconfig |
45 | 40 | ||
46 | export CONFIG_SHELL="/bin/sh" | 41 | export CONFIG_SHELL="/bin/sh" |
47 | 42 | ||
48 | EXTRA_OECONF += "--without-audit \ | 43 | EXTRA_OECONF += " \ |
49 | --without-libcrack \ | ||
50 | --without-selinux \ | ||
51 | --with-group-name-max-length=24 \ | 44 | --with-group-name-max-length=24 \ |
52 | --enable-subordinate-ids=yes \ | 45 | --enable-subordinate-ids=yes \ |
53 | --without-sssd \ | 46 | --without-sssd \ |
54 | ${NSCDOPT}" | 47 | ${NSCDOPT}" |
55 | 48 | ||
49 | CFLAGS:append:libc-musl = " -DLIBBSD_OVERLAY" | ||
50 | |||
56 | NSCDOPT = "" | 51 | NSCDOPT = "" |
57 | NSCDOPT_class-native = "--without-nscd" | 52 | NSCDOPT:class-native = "--without-nscd" |
58 | NSCDOPT_class-nativesdk = "--without-nscd" | 53 | NSCDOPT:class-nativesdk = "--without-nscd" |
59 | NSCDOPT_libc-glibc = "--with-nscd" | 54 | NSCDOPT:libc-glibc = "--with-nscd" |
60 | 55 | ||
61 | PAM_PLUGINS = "libpam-runtime \ | 56 | PAM_PLUGINS = "libpam-runtime \ |
62 | pam-plugin-faildelay \ | 57 | pam-plugin-faildelay \ |
@@ -65,27 +60,28 @@ PAM_PLUGINS = "libpam-runtime \ | |||
65 | pam-plugin-env \ | 60 | pam-plugin-env \ |
66 | pam-plugin-group \ | 61 | pam-plugin-group \ |
67 | pam-plugin-limits \ | 62 | pam-plugin-limits \ |
68 | pam-plugin-lastlog \ | ||
69 | pam-plugin-motd \ | 63 | pam-plugin-motd \ |
70 | pam-plugin-mail \ | 64 | pam-plugin-mail \ |
71 | pam-plugin-shells \ | 65 | pam-plugin-shells \ |
72 | pam-plugin-rootok" | 66 | pam-plugin-rootok" |
73 | 67 | ||
74 | PAM_PLUGINS_remove_libc-musl = "pam-plugin-lastlog" | ||
75 | |||
76 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ | 68 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ |
77 | ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" | 69 | ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" |
78 | PACKAGECONFIG_class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" | 70 | PACKAGECONFIG:class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)} libbsd" |
79 | PACKAGECONFIG_class-nativesdk = "" | 71 | PACKAGECONFIG:class-nativesdk = "" |
80 | PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" | 72 | PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" |
81 | PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" | 73 | PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" |
82 | PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" | 74 | PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" |
75 | PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" | ||
76 | PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" | ||
77 | PACKAGECONFIG[libbsd] = "--with-libbsd,--without-libbsd,libbsd" | ||
78 | PACKAGECONFIG[logind] = "--enable-logind,--disable-logind,systemd" | ||
83 | 79 | ||
84 | RDEPENDS_${PN} = "shadow-securetty \ | 80 | RDEPENDS:${PN} = "shadow-securetty \ |
85 | base-passwd \ | 81 | base-passwd \ |
86 | util-linux-sulogin" | 82 | util-linux-sulogin" |
87 | RDEPENDS_${PN}_class-native = "" | 83 | RDEPENDS:${PN}:class-native = "" |
88 | RDEPENDS_${PN}_class-nativesdk = "" | 84 | RDEPENDS:${PN}:class-nativesdk = "" |
89 | 85 | ||
90 | do_install() { | 86 | do_install() { |
91 | oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install | 87 | oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install |
@@ -114,15 +110,11 @@ do_install() { | |||
114 | # Use proper encryption for passwords | 110 | # Use proper encryption for passwords |
115 | sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs | 111 | sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs |
116 | 112 | ||
117 | # Now we don't have a mail system. Disable mail creation for now. | 113 | install -d ${D}${sysconfdir}/default |
118 | sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd | 114 | install -m 0644 ${WORKDIR}/useradd ${D}${sysconfdir}/default |
119 | sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd | ||
120 | |||
121 | # Use users group by default | ||
122 | sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd | ||
123 | } | 115 | } |
124 | 116 | ||
125 | do_install_append() { | 117 | do_install:append() { |
126 | # Ensure that the image has as a /var/spool/mail dir so shadow can | 118 | # Ensure that the image has as a /var/spool/mail dir so shadow can |
127 | # put mailboxes there if the user reconfigures shadow to its | 119 | # put mailboxes there if the user reconfigures shadow to its |
128 | # defaults (see sed below). | 120 | # defaults (see sed below). |
@@ -152,10 +144,40 @@ do_install_append() { | |||
152 | # Handle link properly after rename, otherwise missing files would | 144 | # Handle link properly after rename, otherwise missing files would |
153 | # lead rpm failed dependencies. | 145 | # lead rpm failed dependencies. |
154 | ln -sf newgrp.${BPN} ${D}${bindir}/sg | 146 | ln -sf newgrp.${BPN} ${D}${bindir}/sg |
147 | |||
148 | # usermod requires the subuid/subgid files to be in place before being | ||
149 | # able to use the -v/-V flags otherwise it fails: | ||
150 | # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V | ||
151 | install -d ${D}${sysconfdir} | ||
152 | touch ${D}${sysconfdir}/subuid | ||
153 | touch ${D}${sysconfdir}/subgid | ||
154 | } | ||
155 | |||
156 | # Make executables look for dynamically linked libraries in a custom location, and install | ||
157 | # the needed libraries there. That way we can use them from sstate | ||
158 | # in setscene tasks without worrying about the dependency libraries being available. | ||
159 | do_install:append:class-native() { | ||
160 | binaries=$(find ${D}${base_bindir}/ ${D}${base_sbindir}/ ${D}${bindir}/ ${D}${sbindir}/ -executable -type f) | ||
161 | chrpath -k -r ${STAGING_DIR_NATIVE}/lib-shadow-deps $binaries | ||
162 | mkdir -p ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ | ||
163 | libattr=${@bb.utils.contains('DISTRO_FEATURES', 'xattr', "${STAGING_LIBDIR_NATIVE}/libattr.so.*", '', d)} | ||
164 | install $libattr ${STAGING_LIBDIR_NATIVE}/libbsd.so.* ${STAGING_LIBDIR_NATIVE}/libmd.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ | ||
165 | install ${D}${libdir}/*.so.* ${D}${STAGING_DIR_NATIVE}/lib-shadow-deps/ | ||
166 | } | ||
167 | |||
168 | SYSROOT_DIRS:append:class-native = " ${STAGING_DIR_NATIVE}/lib-shadow-deps/" | ||
169 | INSANE_SKIP:${PN}:class-native = "already-stripped" | ||
170 | |||
171 | do_install:append:class-nativesdk() { | ||
172 | oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man | ||
173 | } | ||
174 | |||
175 | do_install:append:class-target() { | ||
176 | oe_runmake -C ${B}/man DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install-man | ||
155 | } | 177 | } |
156 | 178 | ||
157 | PACKAGES =+ "${PN}-base" | 179 | PACKAGES =+ "${PN}-base" |
158 | FILES_${PN}-base = "\ | 180 | FILES:${PN}-base = "\ |
159 | ${base_bindir}/login.shadow \ | 181 | ${base_bindir}/login.shadow \ |
160 | ${base_bindir}/su.shadow \ | 182 | ${base_bindir}/su.shadow \ |
161 | ${bindir}/sg \ | 183 | ${bindir}/sg \ |
@@ -165,31 +187,30 @@ FILES_${PN}-base = "\ | |||
165 | ${sysconfdir}/pam.d/su \ | 187 | ${sysconfdir}/pam.d/su \ |
166 | ${sysconfdir}/login.defs \ | 188 | ${sysconfdir}/login.defs \ |
167 | " | 189 | " |
168 | RDEPENDS_${PN} += "${PN}-base" | 190 | RDEPENDS:${PN} += "${PN}-base" |
169 | 191 | ||
170 | inherit update-alternatives | 192 | inherit update-alternatives |
171 | 193 | ||
172 | ALTERNATIVE_PRIORITY = "200" | 194 | ALTERNATIVE_PRIORITY = "200" |
173 | 195 | ||
174 | ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr nologin" | 196 | ALTERNATIVE:${PN} = "passwd chfn chsh chpasswd vipw vigr nologin" |
197 | ALTERNATIVE_LINK_NAME[chfn] = "${bindir}/chfn" | ||
198 | ALTERNATIVE_LINK_NAME[chsh] = "${bindir}/chsh" | ||
175 | ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" | 199 | ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" |
176 | ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" | 200 | ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" |
177 | ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" | 201 | ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" |
178 | ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" | 202 | ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" |
179 | 203 | ||
180 | ALTERNATIVE_${PN}-base = "newgrp groups login su" | 204 | ALTERNATIVE:${PN}-doc = "chfn.1 chsh.1" |
205 | ALTERNATIVE_LINK_NAME[chfn.1] = "${mandir}/man1/chfn.1" | ||
206 | ALTERNATIVE_LINK_NAME[chsh.1] = "${mandir}/man1/chsh.1" | ||
207 | |||
208 | ALTERNATIVE:${PN}-base = "newgrp groups login su" | ||
181 | ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" | 209 | ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" |
182 | ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" | 210 | ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" |
183 | 211 | ||
184 | ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8" | ||
185 | ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5" | ||
186 | ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3" | ||
187 | ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1" | ||
188 | ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1" | ||
189 | ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8" | ||
190 | |||
191 | PACKAGE_WRITE_DEPS += "shadow-native" | 212 | PACKAGE_WRITE_DEPS += "shadow-native" |
192 | pkg_postinst_${PN}_class-target () { | 213 | pkg_postinst:${PN}:class-target () { |
193 | if [ "x$D" != "x" ]; then | 214 | if [ "x$D" != "x" ]; then |
194 | rootarg="--root $D" | 215 | rootarg="--root $D" |
195 | else | 216 | else |
diff --git a/meta/recipes-extended/shadow/shadow_4.15.0.bb b/meta/recipes-extended/shadow/shadow_4.15.0.bb new file mode 100644 index 0000000000..e57676c1da --- /dev/null +++ b/meta/recipes-extended/shadow/shadow_4.15.0.bb | |||
@@ -0,0 +1,10 @@ | |||
1 | require shadow.inc | ||
2 | |||
3 | # Build falsely assumes that if --enable-libpam is set, we don't need to link against | ||
4 | # libcrypt. This breaks chsh. | ||
5 | BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}" | ||
6 | |||
7 | BBCLASSEXTEND = "native nativesdk" | ||
8 | |||
9 | # https://bugzilla.redhat.com/show_bug.cgi?id=884658 | ||
10 | CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix." | ||
diff --git a/meta/recipes-extended/shadow/shadow_4.8.1.bb b/meta/recipes-extended/shadow/shadow_4.8.1.bb deleted file mode 100644 index c975395ff8..0000000000 --- a/meta/recipes-extended/shadow/shadow_4.8.1.bb +++ /dev/null | |||
@@ -1,10 +0,0 @@ | |||
1 | require shadow.inc | ||
2 | |||
3 | # Build falsely assumes that if --enable-libpam is set, we don't need to link against | ||
4 | # libcrypt. This breaks chsh. | ||
5 | BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}" | ||
6 | |||
7 | BBCLASSEXTEND = "native nativesdk" | ||
8 | |||
9 | |||
10 | |||