From 1c8040ef1c5f9fcb1ff0b119497a7390283cc360 Mon Sep 17 00:00:00 2001 From: Bogdan Purcareata Date: Mon, 27 Oct 2014 11:51:34 -0400 Subject: shadow: enable support for subordinate IDs The subordinate IDs support in pkg-shadow allows unprivileged users to manage a set of UIDs and GIDs. These subordinate IDs are specified by root, and can be further used by the unprivileged user they have been assigned to. This user can then create an e.g. user namespace, where he is allowed to manage his own set of users and group from the pool of subordinate IDs. More details can be found at http://lwn.net/Articles/533617/. Pull a required change from upstream in order to make shadow cross-compile with subordinate IDs support. Enable flag in recipe. Changes since v1: - update changelog (From OE-Core rev: 8548868c05e52700fd4712298b1705b8ec7ae446) Signed-off-by: Bogdan Purcareata Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- ..._of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch | 41 ++++++++++++++++++++++ meta/recipes-extended/shadow/shadow.inc | 3 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch (limited to 'meta/recipes-extended/shadow') diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch new file mode 100644 index 0000000000..185590cabd --- /dev/null +++ b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch @@ -0,0 +1,41 @@ +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Sat, 23 Aug 2014 09:46:39 +0100 +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF + +This built-in check is simpler than the previous method and, most +importantly, works when cross-compiling. + +Upstream-Status: Accepted +[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f] + +Signed-off-by: Serge Hallyn +--- + configure.in | 14 ++++---------- + 1 file changed, 4 insertions(+), 10 deletions(-) + +diff --git a/configure.in b/configure.in +index 1a3f841..4a4d6d0 100644 +--- a/configure.in ++++ b/configure.in +@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then + dnl + dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc + dnl +- AC_RUN_IFELSE([AC_LANG_SOURCE([ +-#include +-int main(void) { +- uid_t u; +- gid_t g; +- return (sizeof u < 4) || (sizeof g < 4); +-} +- ])], [id32bit="yes"], [id32bit="no"]) +- +- if test "x$id32bit" = "xyes"; then ++ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) ++ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) ++ ++ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then + AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) + enable_subids="yes" + else diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 6a769dfc5c..131e541d29 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://fix-installation-failure-with-subids-disabled.patch \ file://0001-su.c-fix-to-exec-command-correctly.patch \ file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ + file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " @@ -52,7 +53,7 @@ EXTRA_OECONF += "--without-audit \ --without-libcrack \ --without-selinux \ --with-group-name-max-length=24 \ - --enable-subordinate-ids=no \ + --enable-subordinate-ids=yes \ ${NSCDOPT}" NSCDOPT = "" -- cgit v1.2.3-54-g00ecf