summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow
Commit message (Collapse)AuthorAgeFilesLines
* shadow: Disable the use of syslog() for the native toolsPeter Kjellerstedt2022-04-151-7/+37
| | | | | | | | | | | | An attempt to disable the use of syslog() was made in commit 8f181686 (shadow-native: Simplify and fix syslog disable patch). However, because the code checks if USE_SYSLOG is defined rather than checking if it evaluates to TRUE the patch did not work as intended. (From OE-Core rev: e1f21d0d3385f9d9f4316bf0039b287fd4b37fc8) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow-native: Simplify and fix syslog disable patchRichard Purdie2022-03-151-118/+16
| | | | | | | | | | Shadow is happily spamming the host syslog with messages and shouldn't be which suggests the patch isn't working. Redo it to work at the configure level which is simpler and hopefully more effective. (From OE-Core rev: 8f1816862b884f226c0ce7f5c89fd75b6791c007) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/scripts: Automated conversion of OE renamed variablesRichard Purdie2022-02-211-1/+1
| | | | | | (From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: upgrade 4.10 -> 4.11.1Alexander Kanavin2022-01-204-22/+22
| | | | | | | | | License-Update: license clarified to BSD-3-Clause only (From OE-Core rev: 79201206b5f7867ad7ffd462705f34179b33c0d7) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: upgrade 4.9 -> 4.10zhengruoqin2022-01-055-215/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch 0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch 0001-libsubid-link-to-PAM-libraries.patch removed since they're included in 4.10 License-Update: Delete the space at the end of the sentence. Changelog: ========== * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. (Iker Pedrosa) * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault (From OE-Core rev: b7215993cf00f668d7e33b7fbc98fb4d8636edac) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow-sysroot: sync license with shadowRoss Burton2021-09-041-1/+1
| | | | | | | | | | | This recipe is just a single data file from shadow, but as we can't easily tell what license that specific file is under just copy the full license statement. (From OE-Core rev: f0e2f3b1f855ea6e184bd1d8d796279fedcbfa33) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Use specific BSD license variantJoshua Watt2021-09-021-1/+1
| | | | | | | | | | | Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 65e3b23e1b266653fd30c90222e953f7e37fba0c) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: add /etc/default/useraddYi Zhao2021-08-202-0/+11
| | | | | | | | | | | | | | The shadow 4.9 stops shiping /etc/default/useradd[1] and uses built-in settings by default. Some settings are not consistent with previous shadow 4.8.1 in oe-core. e.g. The default shell is /bin/bash rather than /bin/sh. Per shadow 4.8.1 settings, add /etc/default/useradd back. [1] https://github.com/shadow-maint/shadow/commit/bbf4b79bc49fd1826eb41f6629669ef0b647267b (From OE-Core rev: 736d0b29c6246658a925ea9036ccfe6216d12837) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix default value in SHA_get_salt_rounds()Mingli Yu2021-08-172-0/+65
| | | | | | | | | | | | | Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for several minutes (10-20min) at 100% cpu usage though they finally terminate successfully. [1] https://github.com/shadow-maint/shadow/issues/393 (From OE-Core rev: ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: add PACKAGECONFIG for audit and selinuxYi Zhao2021-08-131-3/+3
| | | | | | | | | | | Add PACKAGECONFIG for audit and selinux rather than disable them directly. This is useful for selinux distro feature. (From OE-Core rev: 0a0c6cfc5a17ed442aad9e71e627e0fa39e60ead) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: update 4.8.1 -> 4.9Alexander Kanavin2021-08-027-335/+167
| | | | | | | | | | | | | | | | | Add a couple backports to fix builds. Drop 0002-Allow-for-setting-password-in-clear-text.patch; what it adds is horribly insecure and AB testing didn't reveal any regressions or use cases for it. Drop /etc/default/ tweaks as files are no longer installed there. Drop manpage alternatives as manpages are no longer installed. (From OE-Core rev: 759df7395908f18b3b68f28d043ac9ebd42dd0c8) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Convert to new override syntaxRichard Purdie2021-08-022-20/+20
| | | | | | | | | | | | This is the result of automated script conversion: scripts/contrib/convert-overrides.py <oe-core directory> converting the metadata to use ":" as the override character instead of "_". (From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: generate alternative links for chfn and chshRoss Burton2021-07-071-0/+2
| | | | | | | | | These can be provided by util-linux, so add alternative links for them. (From OE-Core rev: 953a91bd258dcb825df3837635ce7561331c049e) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/recipes-extended: Add HOMEPAGE / DESCRIPTIONDorinda2021-03-061-0/+1
| | | | | | | | | | | Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage [YOCTO #13471] (From OE-Core rev: cc6c7af900ae0196a62b7fa1375c55bbcd8e68b4) Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: whitelist CVE-2013-4235Purushottam Choudhary2021-03-061-2/+3
| | | | | | | | | | | | | | | This CVE is about TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees which had very low severity problem and marked as closed and won't fix. Therefore whitelisted CVE-2013-4235. Master, gatesgarth and dunfell all have shadow version 4.81. Hence, this is applicable for master, gatesgarth and dunfell. Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658 (From OE-Core rev: b1c6cd87bee6b019619dc5728fd6c36bc87ed696) Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Remove lastlog pam plugin on musl systemKhem Raj2021-01-031-0/+2
| | | | | | | | | lastlog needs logwtmp which musl does not provide (From OE-Core rev: f2b826fe5384dde4aa52ce862cd3098acb4feea2) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtools-cross/shadow-sysroot: Use nopackages inheritRichard Purdie2020-10-061-0/+2
| | | | | | | | | When testing pseudo changes I realised these recipes have packaging tasks but don't generate packages. Drop the packages tasks for cleanliness. (From OE-Core rev: ef9c11797b5d626bdb40b4509d8b2b0d461ff9ea) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow-sysroot: drop unused SRC_URI checksumsPaul Eggleton2020-06-231-3/+0
| | | | | | | | | | This recipe only fetches local files, so there's no need for a checksum. These have been present for some time and nobody noticed. (From OE-Core rev: 100bbc264cb54275ed2912d96f1fea9f6fd41fbf) Signed-off-by: Paul Eggleton <paul.eggleton@linux.microsoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: upgrade 4.8 -> 4.8.1Wang Mingyu2020-02-214-88/+2
| | | | | | | | | | | 0001-Do-not-check-for-validity-of-shell-executable.patch CVE-2019-19882.patch Removed since they are included in 4.8.1. (From OE-Core rev: de9cceb13e264434eb0b8393c3b0c0217b8d505e) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Security Advisory - shadow - CVE-2019-19882Li Zhou2020-01-032-0/+56
| | | | | | | | | | | Backport patch from <https://github.com/shadow-maint/shadow/pull/199/ commits/66b7bc0dcfda12d7f58eba993bd02872cae1d713> to solve CVE-2019-19882. (From OE-Core rev: a0de64cab692562d4bbd64f8bdcaa3fc6bc694bb) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: update 4.6 -> 4.8Alexander Kanavin2019-12-2810-333/+133
| | | | | | | | | | | | | | | | | | | | | Drop two backports. Remove 0001-useradd.c-create-parent-directories-when-necessary.patch as upstream has addressed the issue: https://github.com/shadow-maint/shadow/commit/b3b6d9d77c1d18b98670b97157777bb74092cd69 Rebase the rest of the paches. Add a patch to remove the check for validity of login shells which does not work in our environment. Disable sssd cache support as that needs Fedora-specific tooling. (From OE-Core rev: fee6c063dfb80425caa7080083c61d1544d929c6) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: update homepage and bugtrackerMaxime Roussin-Bélanger2019-10-152-7/+7
| | | | | | | | | | | The previous homepage and issue tracker is no longer available. Remove some trailing whitespace (From OE-Core rev: 1c60c5744b02c5c4eefb240923db5c4cd7959606) Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: use relaxed usernames for allLi Zhou2019-10-021-1/+1
| | | | | | | | | | | | | | | | | | | | The previous commit <shadow: use relaxed usernames> works only for target. When test with configuration: INHERIT += 'extrausers' EXTRA_USERS_PARAMS += "useradd -p '' aBcD; " and run "bitbake core-image-minimal", error occurs: NOTE: core-image-minimal: Performing useradd with [ -R .../build/tmp-glibc/work/qemux86_64-wrs-linux/core-image-minimal/1.0-r0/rootfs -p '' aBcD] useradd: invalid user name 'aBcD' Here move the patch for using relaxed usernames from class_target to the source code for all. (From OE-Core rev: 8adf98e63fefeaf2c841a038a4497f9845bc7b04) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Fix BSD license file checksumWes Lindauer2019-08-211-1/+1
| | | | | | | | | BSD license files must include the copyright notice. (From OE-Core rev: b57f10c08bef1005b4bb195b84e39cab0e251420) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: musl now supports secure_getenvAdrian Bunk2019-08-212-72/+0
| | | | | | | | | | This fixed a potential security vulnerability on musl and made the patch obsolete. (From OE-Core rev: 30b6ae3084f63df437a4d6dd859bca674ca01e12) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix configure error with dashYi Zhao2019-06-192-0/+37
| | | | | | | | | | | | | | A configure error occurs when /bin/sh -> dash: checking for is_selinux_enabled in -lselinux... yes checking for semanage_connect in -lsemanage... yes configure: 16322: test: yesyes: unexpected operator Use "=" instead of "==" since dash doesn't support the latter. (From OE-Core rev: a86da25d620aa9a2fd832ffe12816e7670b43633) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Backport last change reproducibilityAlex Kiernan2019-05-093-0/+162
| | | | | | | | | | | | | | The third field in the /etc/shadow file (sp_lstchg) contains the date of the last password change expressed as the number of days since Jan 1, 1970. Backport the upstream changes to honour SOURCE_DATE_EPOCH for build reproducibility. (From OE-Core rev: 4ad2cf5054618f2dd14fe40dac9aede66f2c0dd3) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: drop inappropriate patchYi Zhao2019-03-183-51/+5
| | | | | | | | | | | | | | | | | | | | | The 0001-useradd-copy-extended-attributes-of-home.patch (oe-core commit: eed66e85af5ca6bbdd80cc3d5cf8453e8d8880bc) introduced a runtime failure when enable SELinux. When enable SELinux, The directory /home/user will get the extended attributes of /etc/skel. However, the SELinux lable for /etc/skel is etc_t which is also copied to /home/user. It will cause the user can not write their home directory because the SELinux lable for /home/user should be user_home_dir_t. See discussion: http://lists.openembedded.org/pipermail/openembedded-core/2018-January/146039.html The solution at the moment is to drop this patch. (From OE-Core rev: 2a8b35226edde4cd49cb5ba68c5b47aa8379eca1) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* default-distrovars: Drop DISTRO_FEATURES_LIBCKhem Raj2019-02-282-2/+2
| | | | | | | | | | | After eglibc was merged into glibc, Kconfig support was also dropped so these libc features therefore are not effective anymore and can be removed (From OE-Core rev: c62b1cc06613a4cdddf53290e6203559f43fc62d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: improve reproducibility by hard-coding shell pathMartin Hundebøll2018-11-141-0/+2
| | | | | | | | | | | | | | | | | The shadow configure script tries really hard to detect the running shell to make sure it doesn't do unsupported calls. On my system the shell is detected as /bin/sh, while a build in an ubuntu docker it resolves to /bin/bash. And since the shell path is baked into the target binaries through config.h, the build becomes inreproducible. Fix reproducibility by hard-coding the shell to be /bin/sh (From OE-Core rev: 5e3e30446b6abd98d1d3e9bee818203a6a206634) Signed-off-by: Martin Hundebøll <martin@geanix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: upgrade 4.2.1 -> 4.6Chen Qi2018-07-3014-375/+209
| | | | | | | | | | | | | | | | | | | | | | The following patches are removed because problems have been fixed in this version. 0001-shadow-CVE-2017-12424 fix-installation-failure-with-subids-disabled.patch usermod-fix-compilation-failure-with-subids-disabled.patch CVE-2017-2616.patch check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch 0001-Do-not-read-login.defs-before-doing-chroot.patch The following patches are rebased. 0001-Disable-use-of-syslog-for-sysroot.patch 0001-useradd-copy-extended-attributes-of-home.patch 0001-useradd.c-create-parent-directories-when-necessary.patch allow-for-setting-password-in-clear-text.patch (From OE-Core rev: 79dd22729d5b8a2f2cf4294ff6b261c9d6ecd977) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix CVE-2017-2616Andrej Valek2018-07-262-0/+65
| | | | | | | | (From OE-Core rev: 94a1e2794df15f0f2cb62ae030cd81e6c0798b1f) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: update SRC_URI now Alioth is downRoss Burton2018-06-271-1/+3
| | | | | | | | | | | | | | | Alioth is dead so we can't use it for SRC_URI anymore. There is a shadow repository on GitHub which is the new upstream, but for some reason it is missing the 4.2.1 tag and tarball that we use. Also 4.2.1 was never uploaded into Debian itself, so we can't use their mirror network either. For now point SRC_URI at the Yocto Project source mirror and set UPSTREAM_CHECK_URI so that we get nagged to upgrade to 4.6. (From OE-Core rev: b3e246fef166030f327b5a852718ea907ada1759) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix pam configs for chpasswd, newusersyadi.hu@windriver.com2018-05-292-0/+4
| | | | | | | | | | | | | | | | | Fix below errors while pam is enabled on target: root@qemux86:~# newusers newusers: PAM: Authentication failure root@qemux86:~# chpasswd chpasswd: PAM: Authentication failure The configs copied from "chgpasswd" which command works with pam. (From OE-Core rev: f6efc1dbd1f3a0f68ee731ff2b5a5d798ecf2cf8) Signed-off-by: Hu <yadi.hu@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: update ownership and permission of /var/spool/mailKai Kang2018-05-291-1/+2
| | | | | | | | | | | | Update shadow to change ownership of /var/spool/mail from root:root to root:mail and permission from 0755 to 0775 just as in most popular distributions such as fedora and debian(It also set setgid bit in debian but we don't need it). (From OE-Core rev: b3ab5fe359c38cdd5cd86cb8ffe076d7a2baac18) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nativesdk-glibc: Split glibc and libcrypt to use libxcrypt insteadRichard Purdie2018-04-071-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fedora28[1] has decided to go ahead and use libxcrypt to replace libcrypt from glibc despite the change not having merged into glibc upstream yet. This breaks the use of uninative in OE on fedora28 since binaries there are now using new symbols only found in libxcrypt. libxcrypt is meant to be backwards compatible with libcrypt but not the reverse. Since this will impact OE in the next release cycle, this changes nativesdk only to use this new model and adds libxcrypt to work in that case. This allows us to build a uninative which is compatible with fedora28 and previous other OSes. In order to work, recipes will now need to depend on virtual/crypt where they use libcrypt since its now a separate library and we can't depend on it from glibc to preseve backwards compatibility since glibc needs to build first. For now, only the problematic nativesdk recipes have been fixed up. For target use, the default provider remains glibc for now. Assuming this change is merged into upstream glibc, we will need to roll this change out for the target but we will do this in the next release cycle when we can better deal with the resulting bugs. [1] https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt Original patch from Charles-Antoine Couret <charles-antoine.couret@essensium.com>, tweaked by RP to add virtual provides, SkipRecipe for libxcrypt and other minor tweaks. (From OE-Core rev: c1573cb7faeb296fe7077a60d02443d5ed5bded0) Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow.inc: run postinst only for targetMartin Jansa2018-03-251-1/+1
| | | | | | | | | | | | * fails for nativesdk-shadow with: pwconv: /etc/passwd.29063: No such file or directory pwconv: cannot lock /etc/passwd; try again later. (From OE-Core rev: c292945611d9f825051ac4938bb22a7d42fff994) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: fix CVE-2017-12424Chen Qi2017-08-182-0/+47
| | | | | | | | | | | | | | | | Backport a patch to fix CVE-2017-12424. In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Reference link: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 CVE: CVE-2017-12424 (From OE-Core rev: 896495d4d2a9751e6e013a3498293b2443d7d809) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Drop remnants of uclibc supportRichard Purdie2017-06-221-1/+0
| | | | | | | | | | | | | | uclibc support was removed a while ago and musl works much better. Start to remove the various overrides and patches related to uclibc which are no longer needed. uclibc support in a layer would still be possible. I have strong reasons to believe nobody is still using uclibc since patches are missing and I doubt the metadata even parses anymore. (From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* util-linux,shadow: Make 'nologin' alternative commandAmarnath Valluri2017-03-221-1/+2
| | | | | | | | | | | | Both shadow and util-linux packages provides 'nologin' binary in ${base_sbindir} and ${sbindir} respectively, this leads to conflict when 'usrmerge' feature is enabled, where ${sbindir} == ${base_sbindir}. Hance, handle this to alternative system to resolve the conflict. (From OE-Core rev: 07d6d0fb4dc689008bb0022d7d2ecc890c9159e5) Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: 'useradd' copies root's extended attributesJosé Bollo2017-03-174-7/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | The copy of extended attributes is interesting for Smack systems because it allows to set the security template of the user's home directories without modifying the tools (useradd here). But the version of useradd that copies the extended attributes doesn't copy the extended attributes of the root. This can make use of homes impossible! This patch corrects the issue by copying the extended attributes of the root directory: /home/user will get the extended attributes of /etc/skel. The patch is submitted upstream (see http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html) The existing patch specific to open-embedded is updated: 0001-useradd.c-create-parent-directories-when-necessary.patch Also, attr are activated for native tools. This is needed when users are created during image creation. (From OE-Core rev: eed66e85af5ca6bbdd80cc3d5cf8453e8d8880bc) Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: use config 'attr' if distro has 'xattr'José Bollo2017-03-101-1/+2
| | | | | | | | | | | When DISTRO_FEATURES has 'xattr' the shadow package now automatically activates its config 'attr'. (From OE-Core rev: 860c941741ca57bdc6fdbb67ea3ad94bb8d08c16) Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Add PACKAGE_WRITE_DEPS for postinstJussi Kukkonen2017-01-201-1/+1
| | | | | | | | | pwconv and grpconv are used in the postinstall script. (From OE-Core rev: 5a59e292d1382ea6858f6ccb532e48a9f1f4bea6) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: add nologin.8 to alternativesRoss Burton2016-11-061-1/+2
| | | | | | | | | | This manpage is also shipped in util-linux-doc as an alternative, so it needs to be managed as an alternative here too. (From OE-Core rev: 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: use relaxed usernamesShan Hai2016-09-162-0/+101
| | | | | | | | | | | | | | | | | The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from CentOS release 7.0 to relax the usernames restrictions to allow the upper case group names, and the relaxation is POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. (From OE-Core rev: 31c6c8150394de067085be5b0058037077860a8a) Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Fix rootfs creation errorsDai Caiyun2016-05-221-1/+2
| | | | | | | | | | | error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1 conflicts with file from package coreutils-doc-6.9-r5 (From OE-Core rev: 52d3d9e1ab0b510d93c4915baf2a85b9cc949205) Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow-sysroot: Use SYSROOT_DIRS to add dirs to stage in sysrootPeter Kjellerstedt2016-05-131-4/+2
| | | | | | (From OE-Core rev: 196e01cce6d76c72d8e76ad1441c1baed321c939) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: Disable syslog for more commandsPeter Kjellerstedt2016-04-153-36/+126
| | | | | | | | | | | | When building shadow-native, syslog was disabled for useradd and groupadd. This disables it also for groupdel, groupmems, groupmod, userdel and usermod (i.e., the use of syslog is now disabled for all commands supported by useradd_base.bbclass). (From OE-Core rev: 0791ba7ea82444729a1a7d1b2443f633bcba2002) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Update alternatives of man pagesKai Kang2015-07-081-1/+2
| | | | | | | | | | Update alternatives of man pages in several packages. (From OE-Core rev: 2cff20f423fb9e82b44c68504be605c223bd74fb) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>