summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow/shadow.inc
Commit message (Collapse)AuthorAgeFilesLines
* shadow: fix CVE-2017-12424Chen Qi2017-08-181-0/+1
| | | | | | | | | | | | | | | | Backport a patch to fix CVE-2017-12424. In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Reference link: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 CVE: CVE-2017-12424 (From OE-Core rev: 896495d4d2a9751e6e013a3498293b2443d7d809) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Drop remnants of uclibc supportRichard Purdie2017-06-221-1/+0
| | | | | | | | | | | | | | uclibc support was removed a while ago and musl works much better. Start to remove the various overrides and patches related to uclibc which are no longer needed. uclibc support in a layer would still be possible. I have strong reasons to believe nobody is still using uclibc since patches are missing and I doubt the metadata even parses anymore. (From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* util-linux,shadow: Make 'nologin' alternative commandAmarnath Valluri2017-03-221-1/+2
| | | | | | | | | | | | Both shadow and util-linux packages provides 'nologin' binary in ${base_sbindir} and ${sbindir} respectively, this leads to conflict when 'usrmerge' feature is enabled, where ${sbindir} == ${base_sbindir}. Hance, handle this to alternative system to resolve the conflict. (From OE-Core rev: 07d6d0fb4dc689008bb0022d7d2ecc890c9159e5) Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: 'useradd' copies root's extended attributesJosé Bollo2017-03-171-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The copy of extended attributes is interesting for Smack systems because it allows to set the security template of the user's home directories without modifying the tools (useradd here). But the version of useradd that copies the extended attributes doesn't copy the extended attributes of the root. This can make use of homes impossible! This patch corrects the issue by copying the extended attributes of the root directory: /home/user will get the extended attributes of /etc/skel. The patch is submitted upstream (see http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html) The existing patch specific to open-embedded is updated: 0001-useradd.c-create-parent-directories-when-necessary.patch Also, attr are activated for native tools. This is needed when users are created during image creation. (From OE-Core rev: eed66e85af5ca6bbdd80cc3d5cf8453e8d8880bc) Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: use config 'attr' if distro has 'xattr'José Bollo2017-03-101-1/+2
| | | | | | | | | | | When DISTRO_FEATURES has 'xattr' the shadow package now automatically activates its config 'attr'. (From OE-Core rev: 860c941741ca57bdc6fdbb67ea3ad94bb8d08c16) Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Add PACKAGE_WRITE_DEPS for postinstJussi Kukkonen2017-01-201-1/+1
| | | | | | | | | pwconv and grpconv are used in the postinstall script. (From OE-Core rev: 5a59e292d1382ea6858f6ccb532e48a9f1f4bea6) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: add nologin.8 to alternativesRoss Burton2016-11-061-1/+2
| | | | | | | | | | This manpage is also shipped in util-linux-doc as an alternative, so it needs to be managed as an alternative here too. (From OE-Core rev: 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: use relaxed usernamesShan Hai2016-09-161-0/+1
| | | | | | | | | | | | | | | | | The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from CentOS release 7.0 to relax the usernames restrictions to allow the upper case group names, and the relaxation is POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. (From OE-Core rev: 31c6c8150394de067085be5b0058037077860a8a) Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Fix rootfs creation errorsDai Caiyun2016-05-221-1/+2
| | | | | | | | | | | error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1 conflicts with file from package coreutils-doc-6.9-r5 (From OE-Core rev: 52d3d9e1ab0b510d93c4915baf2a85b9cc949205) Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Disable syslog for more commandsPeter Kjellerstedt2016-04-151-2/+2
| | | | | | | | | | | | When building shadow-native, syslog was disabled for useradd and groupadd. This disables it also for groupdel, groupmems, groupmod, userdel and usermod (i.e., the use of syslog is now disabled for all commands supported by useradd_base.bbclass). (From OE-Core rev: 0791ba7ea82444729a1a7d1b2443f633bcba2002) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Update alternatives of man pagesKai Kang2015-07-081-1/+2
| | | | | | | | | | Update alternatives of man pages in several packages. (From OE-Core rev: 2cff20f423fb9e82b44c68504be605c223bd74fb) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix `su' behaviourChen Qi2015-04-241-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason. This patch is introduced to solve the 'su: applet not found' problem when executing `su -l xxx -c env'. The patch references codes of previous release of shadow. However, this patch introduces bug#5359. So it's not correct. Let's first look at the root cause of 'su: applet not found' problem. This problem appears when /bin/sh is provided by busybox. When executing `su -l xxx -c env' command, the following function is invoked. execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */]) Note that the argv[0] provided to new executable file (/bin/sh) is "-su". As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed. In busybox's appletlib.c, it would examine argv[0], try to find an applet that has the same name, and then try to execute the main function of the applet. This logic results in `su' applet from busybox to be executed. However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found. Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet is found. The whole behaviour is still not correct. Because 'su' from shadow takes higher priority than that from busybox, so 'su' from busybox should never be executed on such system unless it's specified clearly by the end user. The logic of busybox's appletlib.c is totally correct from the point of busybox itself. It's an integration problem. To solve the above problem, this patch comment out SU_NAME in /etc/login.defs so that the final function executed in shadow's su is as below. execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */]) [YOCTO #5359] [YOCTO #7137] (From OE-Core rev: 6820f05dad0b4f9b9bbcf7c2a0af8c34f66199ae) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: split files needed for PAM use into separate packageMatt Madison2015-04-101-2/+17
| | | | | | | | | | | | The rootfs creator automatically removes shadow for read-only root filesystems, which breaks use of PAM plugins for login and other process identity management utilities. Package those programs and config files separately, so they don't get removed. (From OE-Core rev: a7d8eaef04c9dd6ede8d4efd8c4b776efbe3c767) Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: add 'util-linux-sulogin' to RDEPENDSChen Qi2015-04-101-1/+2
| | | | | | | | | | | | | | | | | | | | | If shadow is installed, sulogin from busybox cannot work correctly because it still assumes that /etc/shadow is not there. This leads to the problem when booting into rescue mode in an image with shadow installed but not sulogin from util-linux. To fix this problem, we add 'util-linux-sulogin' to RDEPENDS of shadow. This runtime dependency is specific to OE, because we have to ensure that sulogin can work correctly and sulogin from busybox cannot because FEATURE_SHADOWPASSWORDS is not enabled by default. And we cannot enable it by default for busybox, because that would lead to utilities in busybox to assume the existence of /etc/shadow which is not always true in OE. [YOCTO #6698] (From OE-Core rev: 9b45b990d2fc870df556f05908dcb48b9ebcfc02) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: disable nscd feature when glibc is not built with spawn posix functionsBaptiste DURAND2014-12-191-0/+1
| | | | | | | | | | | | | | | | shadow package configure step fails with this log output : | checking location of faillog/lastlog/wtmp... (cached) /var/log | checking location of the passwd program... (cached) /usr/bin | checking for posix_spawn... no | configure: error: posix_spawn is needed for nscd support | Configure failed. The contents of all config.log files follows to aid debugging | ERROR: oe_runconf failed (From OE-Core rev: 3678e504cf81f45bd0b0ab315f9cc4da87a633b5) Signed-off-by: Baptiste DURAND <baptiste.durand@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* man-pages/shadow: resolve man pages conflictionHongxu Jia2014-11-041-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | Invoke smart/rpm to install man-pages and shadow-doc, there is a build failure: ... |error: file /usr/share/man/man5/passwd.5 from install of shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from package man-pages-3.70-r0.0.core2_64 |error: file /usr/share/man/man3/getspnam.3 from install of shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from package man-pages-3.70-r0.0.core2_64 ... Use alternatives mechanism to fix it. As README in man-pages said: "Note that sometimes these pages are duplicates of pages also distributed in other packages. Be careful not to overwrite more up-to-date versions. So we set man-pages with lower priority. [YOCTO #6769] (From OE-Core rev: 32357da67fa640bc0c14048af1d7b8dbbe8e775e) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: enable support for subordinate IDsBogdan Purcareata2014-11-041-1/+2
| | | | | | | | | | | | | | | | | | | | | The subordinate IDs support in pkg-shadow allows unprivileged users to manage a set of UIDs and GIDs. These subordinate IDs are specified by root, and can be further used by the unprivileged user they have been assigned to. This user can then create an e.g. user namespace, where he is allowed to manage his own set of users and group from the pool of subordinate IDs. More details can be found at http://lwn.net/Articles/533617/. Pull a required change from upstream in order to make shadow cross-compile with subordinate IDs support. Enable flag in recipe. Changes since v1: - update changelog (From OE-Core rev: 8548868c05e52700fd4712298b1705b8ec7ae446) Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Make useradd work correctly with --root againPeter Kjellerstedt2014-09-161-0/+1
| | | | | | | | | | | | | Even if useradd --root <root> is used it would still read login.defs before doing the chroot() and thus use the one provided by the host rather than the sysroot. (From OE-Core rev: b85917a4ebe636316fa7305017cd32a47b392039) (From OE-Core rev: 0af59a04135f067f0e01883defa77c6f714eab2e) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix the behavior of suChen Qi2014-07-231-0/+1
| | | | | | | | | | | | | | | In systems where bash is not installed and /bin/sh is provided by busybox. Commands like `su -l -c '/home/root/test' xuser' would fail complaining the the 'su' applet could not be found. This patch references the old version of shadow to keep the behaviour the way it was in old version so that we would avoid the problem mentioned above. (From OE-Core rev: ab0115d1b8a0cb0b25bdb14fd2a3e6c6bb9a44f8) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Add PACKAGECONFIG for acl/attrRichard Purdie2014-07-211-0/+2
| | | | | | | | Otherwise builds are not deterministic. (From OE-Core rev: 11e02c05da6945c24092ec06493cdafa2dcdbe0d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: upgrade from 4.1.4.3 to 4.2.1Chen Qi2014-07-171-23/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade shadow from 4.1.4.3 to 4.2.1. Changes during this upgrade are as following. 1. Remove the "merged" patches. These patches are either merged or the same functionality has been implemented upstream. add_root_cmd_groupmems.patch add_root_cmd_options.patch fix-etc-gshadow-reading.patch shadow-4.1.4.2-env-reset-keep-locale.patch shadow-4.1.4.2-groupmod-pam-check.patch shadow-4.1.4.2-su_no_sanitize_env.patch shadow.automake-1.11.patch shadow_fix_for_automake-1.12.patch useradd.patch 2. Remove the unneeded patch. The following patch has been removed because the logic in the related codes of the new version has been changed. In specific, the codes now can handle the 'NULL' return value. So there's no need for the following patch. slackware_fix_for_glib-2.17_crypt.patch 3. Teak the current patch to match the new version. allow-for-setting-password-in-clear-text.patch 4. Add a patch to fix compilation failure. usermod-fix-compilation-failure-with-subids-disabled.patch 5. Add a patch to fix the installation failure. fix-installation-failure-with-subids-disabled.patch 5. Add a patch to fix the failure at rootfs time if extrausers is inherited. commonio.c-fix-unexpected-open-failure-in-chroot-env.patch 6. Fix the bad section in the recipe. 7. Disable the new subids feature in the new version as it doesn't support cross compilation for now. 8. Modify the pkg_postinst to `exit 1' if the `pwconv' or `grpconv' fails. Also, fix the arguments to use '--root $D' instead of '--root=$D'. 9. Add a patch for shadow-native to create parent directories when necessary. 0001-useradd.c-create-parent-directories-when-necessary.patch (From OE-Core rev: b73e5cd51551556f9e6a4f7d9e7deec4d9d661bd) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador2014-04-251-2/+2
| | | | | | | | | | | The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. (From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix building systemd with useradd-staticids.bbclass enabledAndreas Müller2014-04-231-0/+1
| | | | | | | | | | | | | | groupadd: 'systemd-journal-gateway' is not a valid group name Without useradd-staticids enabled, group 'systemd-journal-gateway' is created by useradd and that seems not to care for GROUP_NAME_MAX_LENGTH which has 16 by default. (From OE-Core rev: 33c7892326de296cc6d143577be5b395ac887d91) Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: bump PRsMartin Jansa2014-03-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * resolves following warnings: WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends) WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends) WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends) WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends) WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends) WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends) WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends) (From OE-Core rev: c6825ec6e92e20bb64a051d1576f363c16e98d68) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow-native: allow for setting password in clear textChen Qi2013-12-141-0/+1
| | | | | | | | | | | | | | | | | | | Allow user to set password in clear text. This is convenient when we're building out an image. This feature is mainly used by useradd.bbclass and extrausers.bbclass. This patch adds a new option '-P' to useradd, usermod, groupadd and groupmod commands provided by shadow-native. The shadow package on target and in SDK will not be affected. [YOCTO #5365] (From OE-Core rev: 31dee7946340bf0f1e94e4e714191d3d6ca3bf6a) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: change to use SHA512 password encryptionPaul Eggleton2013-12-131-0/+3
| | | | | | | | | | | | | | | | The default encryption method for shadow is DES, which limits passwords to 8 characters. Not only is this undesirable, it's also not how busybox works so we had different passwd/login length behaviour depending on whether shadow was installed in the image or not. Change it to SHA512 which is what most Linux distributions seem to be using currently. (SHA512 also matches up with how we are configuring PAM.) Fixes [YOCTO #5656]. (From OE-Core rev: a9e072f9f0da774411e07abf47dd4bd8c6d685d7) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Don't set DESCRIPTION to the same value as SUMMARYPaul Eggleton2013-12-031-1/+0
| | | | | | | | | | | | Setting DESCRIPTION to the same value as SUMMARY doesn't do anything, since the value of DESCRIPTION will be derived from SUMMARY if not specified. (From OE-Core rev: e1e888585c84175580ad822d4a6c93f62e5ce16c) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Add nativesdk to BBCLASSEXTENDDavid Nyström2013-09-261-0/+10
| | | | | | | | | | | | | | | | | | | | | | | This is a second in a series of patches to enable offline rootfs creation from a package repository. Some postinstall cmds are Yocto specific and needed to create a rootfs with pre and post install hooks successfully run, using only the toolchain tarball + a package repo. End goal is to create a sandbox where users of a Yocto based distribution can customize a rootfs from a package feed with their package manager of choice. With this patch, I can successfully create packagegroup-core-boot with only the toolchain tarball(OPKG). More fixes for a few postinstall hooks outside of packagegroup-core-boot will come next. (From OE-Core rev: f90e1a45a042468e4e9a0fc91b57c6dba6f7adc9) Signed-off-by: David Nyström <david.nystrom@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Turn shadow-native into a BBCLASSEXTENDRichard Purdie2013-09-241-2/+111
| | | | | | (From OE-Core rev: 44fafdb5eca1fc8766bf649bc78e770e1d18979d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Move common code to shadow.incRichard Purdie2013-09-241-0/+53
| | | | | | (From OE-Core rev: ec64632d312a099c7c544af63b25e2defde0038e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: recipe and patch cleanupScott Garman2011-06-061-123/+0
| | | | | | | | | | | Taking over maintenance of the shadow recipe. Cleaning it up in preparation of adding a -native version that will be used to add users/groups during preinstall. (From OE-Core rev: 254ca8c1667b8d35914555714239a09bfb4f43be) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: remove selinux entry from pam.d/loginKoen Kooi2011-06-021-0/+2
| | | | | | | | | | | | SElinux has been disabled in the recipe, leading to messages like this: [ 167.643218] login[312]: PAM unable to dlopen(/lib/security/pam_selinux.so): /lib/security/pam_selinux.so: cannot open shared object file: No such file or directory [ 167.670837] login[312]: PAM adding faulty module: /lib/security/pam_selinux.so (From OE-Core rev: b90e9c2318fc421f37c57788ece54ce791a90b62) Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* RDEPENDS, RRECOMMENDS -> RDPEPENDS_${PN}, RRECOMMENDS_${PN}Koen Kooi2010-12-301-1/+1
| | | | | | | For these recipes the dependencies listed in RDEPENDS and RRECOMMENDS only apply to ${PN} Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
* Major layout change to the packages directoryRichard Purdie2010-08-271-0/+121
Having one monolithic packages directory makes it hard to find things and is generally overwhelming. This commit splits it into several logical sections roughly based on function, recipes.txt gives more information about the classifications used. The opportunity is also used to switch from "packages" to "recipes" as used in OpenEmbedded as the term "packages" can be confusing to people and has many different meanings. Not all recipes have been classified yet, this is just a first pass at separating things out. Some packages are moved to meta-extras as they're no longer actively used or maintained. Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>