| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
This manpage is also shipped in util-linux-doc as an alternative, so it needs to
be managed as an alternative here too.
(From OE-Core rev: 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The groupadd from shadow does not allow upper case group names, the
same is true for the upstream shadow. But distributions like
Debian/Ubuntu/CentOS has their own way to cope with this problem,
this patch is picked up from CentOS release 7.0 to relax the usernames
restrictions to allow the upper case group names, and the relaxation is
POSIX compliant because POSIX indicate that usernames are composed of
characters from the portable filename character set [A-Za-z0-9._-].
(From OE-Core rev: 31c6c8150394de067085be5b0058037077860a8a)
Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1
conflicts with file from package coreutils-doc-6.9-r5
(From OE-Core rev: 52d3d9e1ab0b510d93c4915baf2a85b9cc949205)
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 196e01cce6d76c72d8e76ad1441c1baed321c939)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building shadow-native, syslog was disabled for useradd and
groupadd. This disables it also for groupdel, groupmems, groupmod,
userdel and usermod (i.e., the use of syslog is now disabled for all
commands supported by useradd_base.bbclass).
(From OE-Core rev: 0791ba7ea82444729a1a7d1b2443f633bcba2002)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Update alternatives of man pages in several packages.
(From OE-Core rev: 2cff20f423fb9e82b44c68504be605c223bd74fb)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason.
This patch is introduced to solve the 'su: applet not found' problem when
executing `su -l xxx -c env'. The patch references codes of previous release
of shadow. However, this patch introduces bug#5359. So it's not correct.
Let's first look at the root cause of 'su: applet not found' problem.
This problem appears when /bin/sh is provided by busybox.
When executing `su -l xxx -c env' command, the following function is invoked.
execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */])
Note that the argv[0] provided to new executable file (/bin/sh) is "-su".
As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed.
In busybox's appletlib.c, it would examine argv[0], try to find an applet
that has the same name, and then try to execute the main function of the
applet. This logic results in `su' applet from busybox to be executed.
However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found.
Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet
is found. The whole behaviour is still not correct. Because 'su' from shadow
takes higher priority than that from busybox, so 'su' from busybox should never
be executed on such system unless it's specified clearly by the end user.
The logic of busybox's appletlib.c is totally correct from the point of busybox
itself. It's an integration problem.
To solve the above problem, this patch comment out SU_NAME in /etc/login.defs
so that the final function executed in shadow's su is as below.
execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */])
[YOCTO #5359]
[YOCTO #7137]
(From OE-Core rev: 6820f05dad0b4f9b9bbcf7c2a0af8c34f66199ae)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The rootfs creator automatically removes shadow for read-only
root filesystems, which breaks use of PAM plugins for login and
other process identity management utilities. Package those programs
and config files separately, so they don't get removed.
(From OE-Core rev: a7d8eaef04c9dd6ede8d4efd8c4b776efbe3c767)
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If shadow is installed, sulogin from busybox cannot work correctly because
it still assumes that /etc/shadow is not there. This leads to the problem
when booting into rescue mode in an image with shadow installed but not
sulogin from util-linux.
To fix this problem, we add 'util-linux-sulogin' to RDEPENDS of shadow.
This runtime dependency is specific to OE, because we have to ensure
that sulogin can work correctly and sulogin from busybox cannot because
FEATURE_SHADOWPASSWORDS is not enabled by default. And we cannot enable
it by default for busybox, because that would lead to utilities in busybox
to assume the existence of /etc/shadow which is not always true in OE.
[YOCTO #6698]
(From OE-Core rev: 9b45b990d2fc870df556f05908dcb48b9ebcfc02)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add Zynq's console devices to securetty.
(From OE-Core rev: 82f5fd5f39b1c665098dd5ca567cbb2b5d955924)
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
After removal of auto-creating S we must ensure that all recipes are
using a proper value for S.
Fix all recipes that only need to set S equals to WORKDIR.
[YOCTO #5627]
(From OE-Core rev: 9d220b1bfe4589736604dd5a7129e3699377d830)
Signed-off-by: Petter Mabäcker <petter@technux.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
shadow package configure step fails with this log output :
| checking location of faillog/lastlog/wtmp... (cached) /var/log
| checking location of the passwd program... (cached) /usr/bin
| checking for posix_spawn... no
| configure: error: posix_spawn is needed for nscd support
| Configure failed. The contents of all config.log files follows to aid debugging
| ERROR: oe_runconf failed
(From OE-Core rev: 3678e504cf81f45bd0b0ab315f9cc4da87a633b5)
Signed-off-by: Baptiste DURAND <baptiste.durand@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Old version of the ARM AMBA serial port driver creates those device nodes.
(From OE-Core rev: fa17b9ea435f5c49e3bea56524152b21d915d464)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Invoke smart/rpm to install man-pages and shadow-doc, there
is a build failure:
...
|error: file /usr/share/man/man5/passwd.5 from install of
shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from
package man-pages-3.70-r0.0.core2_64
|error: file /usr/share/man/man3/getspnam.3 from install of
shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from
package man-pages-3.70-r0.0.core2_64
...
Use alternatives mechanism to fix it.
As README in man-pages said: "Note that sometimes these
pages are duplicates of pages also distributed in other
packages. Be careful not to overwrite more up-to-date
versions. So we set man-pages with lower priority.
[YOCTO #6769]
(From OE-Core rev: 32357da67fa640bc0c14048af1d7b8dbbe8e775e)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The subordinate IDs support in pkg-shadow allows unprivileged users to manage a
set of UIDs and GIDs. These subordinate IDs are specified by root, and can be
further used by the unprivileged user they have been assigned to. This user can
then create an e.g. user namespace, where he is allowed to manage his own set of
users and group from the pool of subordinate IDs. More details can be found at
http://lwn.net/Articles/533617/.
Pull a required change from upstream in order to make shadow cross-compile with
subordinate IDs support. Enable flag in recipe.
Changes since v1:
- update changelog
(From OE-Core rev: 8548868c05e52700fd4712298b1705b8ec7ae446)
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Even if useradd --root <root> is used it would still read login.defs
before doing the chroot() and thus use the one provided by the host
rather than the sysroot.
(From OE-Core rev: b85917a4ebe636316fa7305017cd32a47b392039)
(From OE-Core rev: 0af59a04135f067f0e01883defa77c6f714eab2e)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Reported-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Reported-by: Peter Griffin <peter.griffin@linaro.org>
(From OE-Core rev: 8c811541125fff75429d09249299add5ffe80912)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add Freescale lpuart tty's (ttyLPx) to securetty. Freescale Vybrid
devices running upstream kernel use this driver.
(From OE-Core rev: 1732ea461f1d0afe254e36a8bfe84a6675a42e66)
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In systems where bash is not installed and /bin/sh is provided by
busybox. Commands like `su -l -c '/home/root/test' xuser' would fail
complaining the the 'su' applet could not be found.
This patch references the old version of shadow to keep the behaviour
the way it was in old version so that we would avoid the problem mentioned
above.
(From OE-Core rev: ab0115d1b8a0cb0b25bdb14fd2a3e6c6bb9a44f8)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
Otherwise builds are not deterministic.
(From OE-Core rev: 11e02c05da6945c24092ec06493cdafa2dcdbe0d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade shadow from 4.1.4.3 to 4.2.1.
Changes during this upgrade are as following.
1. Remove the "merged" patches. These patches are either merged or
the same functionality has been implemented upstream.
add_root_cmd_groupmems.patch
add_root_cmd_options.patch
fix-etc-gshadow-reading.patch
shadow-4.1.4.2-env-reset-keep-locale.patch
shadow-4.1.4.2-groupmod-pam-check.patch
shadow-4.1.4.2-su_no_sanitize_env.patch
shadow.automake-1.11.patch
shadow_fix_for_automake-1.12.patch
useradd.patch
2. Remove the unneeded patch.
The following patch has been removed because the logic in the related
codes of the new version has been changed. In specific, the codes now
can handle the 'NULL' return value. So there's no need for the following
patch.
slackware_fix_for_glib-2.17_crypt.patch
3. Teak the current patch to match the new version.
allow-for-setting-password-in-clear-text.patch
4. Add a patch to fix compilation failure.
usermod-fix-compilation-failure-with-subids-disabled.patch
5. Add a patch to fix the installation failure.
fix-installation-failure-with-subids-disabled.patch
5. Add a patch to fix the failure at rootfs time if extrausers is inherited.
commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
6. Fix the bad section in the recipe.
7. Disable the new subids feature in the new version as it doesn't support
cross compilation for now.
8. Modify the pkg_postinst to `exit 1' if the `pwconv' or `grpconv' fails.
Also, fix the arguments to use '--root $D' instead of '--root=$D'.
9. Add a patch for shadow-native to create parent directories when necessary.
0001-useradd.c-create-parent-directories-when-necessary.patch
(From OE-Core rev: b73e5cd51551556f9e6a4f7d9e7deec4d9d661bd)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
(From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
| groupadd: 'systemd-journal-gateway' is not a valid group name
Without useradd-staticids enabled, group 'systemd-journal-gateway' is created
by useradd and that seems not to care for GROUP_NAME_MAX_LENGTH which has 16 by
default.
(From OE-Core rev: 33c7892326de296cc6d143577be5b395ac887d91)
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* resolves following warnings:
WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends)
WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends)
(From OE-Core rev: c6825ec6e92e20bb64a051d1576f363c16e98d68)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In
commit 10cdd66fe800cffe3f2cbf5c95550b4f7902a311
Author: Ming Liu <ming.liu@windriver.com>
Date: Thu Jul 18 10:04:22 2013 +0800
libpam: add a new 'nullok_secure' option support to pam_unix
'null_ok_secure' option was fixed. Since that commit 'su' stopped working in
pseudo terminals (created in X environments) for root-accounts with empty
password.
Background: The PAM configuration for 'su' includes 'common-auth' which uses
'nullok_secure' option for pam_unix.
(From OE-Core rev: d28eba07553020bf9bfb1419663c1d18ab36ab66)
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow user to set password in clear text. This is convenient when
we're building out an image.
This feature is mainly used by useradd.bbclass and extrausers.bbclass.
This patch adds a new option '-P' to useradd, usermod, groupadd and groupmod
commands provided by shadow-native. The shadow package on target and in SDK
will not be affected.
[YOCTO #5365]
(From OE-Core rev: 31dee7946340bf0f1e94e4e714191d3d6ca3bf6a)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default encryption method for shadow is DES, which limits passwords
to 8 characters. Not only is this undesirable, it's also not how busybox
works so we had different passwd/login length behaviour depending on
whether shadow was installed in the image or not. Change it to SHA512
which is what most Linux distributions seem to be using currently.
(SHA512 also matches up with how we are configuring PAM.)
Fixes [YOCTO #5656].
(From OE-Core rev: a9e072f9f0da774411e07abf47dd4bd8c6d685d7)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/etc/default/locale missing message appears when login
and running su <user>
qemu0 login[4189]: pam_env(login:session): Unable to open env file: /etc/default/locale: No such file or directory
qemu0 login[4189]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
qemu0 su[999]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory
qemu0 su[999]: pam_unix(su:session): session opened for user root by root(uid=0)
This commit remove reference from pam.d/login and pam.d/su
to /etc/default/locale env file to avoid the error messages
as RHEL, fedora does.
(From OE-Core rev: 010ffabfb8631bd4894cc3f1f6f0834f3279f30c)
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Setting DESCRIPTION to the same value as SUMMARY doesn't do anything,
since the value of DESCRIPTION will be derived from SUMMARY if not
specified.
(From OE-Core rev: e1e888585c84175580ad822d4a6c93f62e5ce16c)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a second in a series of patches to enable
offline rootfs creation from a package repository.
Some postinstall cmds are Yocto specific and needed to create a
rootfs with pre and post install hooks successfully run,
using only the toolchain tarball + a package repo.
End goal is to create a sandbox where users of a Yocto
based distribution can customize a rootfs from a package feed
with their package manager of choice.
With this patch, I can successfully create packagegroup-core-boot
with only the toolchain tarball(OPKG). More fixes for a few postinstall
hooks outside of packagegroup-core-boot will come next.
(From OE-Core rev: f90e1a45a042468e4e9a0fc91b57c6dba6f7adc9)
Signed-off-by: David Nyström <david.nystrom@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 44fafdb5eca1fc8766bf649bc78e770e1d18979d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: ec64632d312a099c7c544af63b25e2defde0038e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In busybox, util-linux and shadow, su has been moved to /usr/bin/,
but lsb cmdchk needs su in /bin.
Move su to /bin could fix this issue.
[YOCTO#5175]
(From OE-Core rev: 464d274e45bb94d9990577d85aa5ad02eb5da99c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a Debian patch to fix the reading of the
gshadow file in order to make newgrp work correctly.
(From OE-Core rev: 3ef8db6217f7c40a9eb063d21ce6f25b16d88d53)
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
[sgw - tweaked commit message]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
shadow falsely assumes that if --enable-libpam is set, it doesn't need to link
against libcrypt; this breaks chsh. (This same fix exists in Arch.)
(From OE-Core rev: f68eccd67a3f9ed0d62e5ab75545891bd724daa3)
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use alternatives mechanism to prevent confliction of attempted
installing su binary among busybox, shadow and util-linux.
[YOCTO #4926]
(From OE-Core rev: 8d509edcd874e8d43b6fb6c4701c450edbbdef87)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch add_root_cmd_groupmems.patch that we apply to shadow-native
allows program groupmems from the shadow utility package to chroot()
so it can be used to modify etc/passwd and etc/group if they are
located in a sysroot.
The --root option in groupmems is needed for class useradd.
(From OE-Core rev: ae7aa0ef68372c15224c0c518cb90ba7350137b4)
Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
SERIAL_CONSOLES is now set from SERIAL_CONSOLE if not already set. This
change also installs the file before modifying it in place, allowing
do_install to re-execute properly.
(From OE-Core rev: 013a1e304e6845eda97b94d133ad75bbccff0b9a)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch came from Slackware and address a change in crypt()'s handling
of an invalid seed, which in the past returned an encrypted string and now
returns a NULL.
[YOCTO #4097] related to tinylogin segfault
(From OE-Core rev: a7f7e6da8383b4bde6d8ce951e5c3c955073c0bd)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The postinst requires patched pwconv and grpconv from shadow-native,
without these the rootfs creation uses the host binaries and fails.
(From OE-Core rev: 4baf25420bafb1f3c063efb053d653bd37e01a62)
Signed-off-by: Martin Donnelly <martin.donnelly@ge.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The patched version of grpconv takes arguments but the check on
argc was not removed. This patch removes this check which
otherwise results in a spurious warning during rootfs creation.
(From OE-Core rev: 845a24e78835e93807cfb810fa99715ac4d14e21)
Signed-off-by: Martin Donnelly <martin.donnelly@ge.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replaced incorrect "firstline" with correct "beginline" for telling
where license segment in file begins. Old md5sum was calculated from
the beginning of the file, not from beginning of the license segment.
(From OE-Core rev: 9aefa35859413a635fb4e122d59a703e95a9b5bb)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes an issue where the shadow package was sometimes getting
installed before base-passwd during rootfs construction with Smart,
which meant the postinstall scripts could not find /etc/passwd and
/etc/group and failed as a result.
(From OE-Core rev: 6a660d39250cc635f7c1b6ae437f8fb40b7aec12)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 77cc57b88a7377e40361428dba52cf35fb7e9e58)
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
These values need to be passed on the command line to "make install" otherwise
shadow will use its own built-in idea of where those directories are located.
(From OE-Core rev: 2b4b5f3259be4b790c098fc98cae0275ac6804a0)
Signed-off-by: Phil Blundell <pb@pbcl.net>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The makefiles in the shadow package have their own hard-coded paths
for ${base_bindir} and ${base_sbindir} (known as "bindir" and "sbindir"
in shadow-speak). Ensure that they install into our paths rather than
their own.
Also check that ${base_bindir} and ${bindir} are different before trying
to move files from one to the other; likewise for ${base_sbindir} and
${sbindir}.
(From OE-Core rev: d4e62e164ef73b47c178edcbc2579f5358934afc)
Signed-off-by: Phil Blundell <pb@pbcl.net>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 3c9361606e458ffe3fec1eef621998ab887894c2)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The rootfs has 'users' group at number 100 and without this fix it
would assign to a non-existent group and if a group with gid as 1000
is created later it would own all files for users created.
(From OE-Core rev: a67d77d25cbab0d88b9ff76e3f28429d4ac4f34b)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The rootfs has 'users' group at number 100 and without this fix it
would assign to a non-existent group and if a group with gid as 1000
is created later it would own all files for users created.
(From OE-Core rev: e06414092c7aa4fce1173f00e610a33a0deca9cd)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Disabling nscd support prevents error messages when shadow utilities attempt
to trigger nscd to reload. This does nothing unless the user is root, and even
if they are root, it's the wrong action to perform when creating a target fs.
(From OE-Core rev: eb6fb917b7a6745b296c8ae0a5bf66f498bf3576)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
