On Thu, Dec 5, 2019 at 3:46 PM Alexander Kanavin <[email protected]> wrote: > > Drop two backports. > > Refactor 0001-useradd.c-create-parent-directories-when-necessary.patch > to make the changes less invasive (and easier to rebase). >
Is that change even needed any more? https://github.com/shadow-maint/shadow/commit/b3b6d9d77c1d18b98670b97157777bb74092cd69 Looks like it ought to be doing the same thing. > Rebase the rest of the paches. > > Add a patch to remove the check for validity of login shells > which does not work in our environment. > > Signed-off-by: Alexander Kanavin <[email protected]> > --- > ...01-Disable-use-of-syslog-for-sysroot.patch | 18 ++- > ...eck-for-validity-of-shell-executable.patch | 29 +++++ > ...chg-shadow-field-reproducible-re.-71.patch | 89 -------------- > ...ure.ac-fix-configure-error-with-dash.patch | 36 ------ > ...te-parent-directories-when-necessary.patch | 116 ------------------ > ...-for-setting-password-in-clear-text.patch} | 101 +++++++-------- > ...te-parent-directories-when-necessary.patch | 63 ++++++++++ > ...nexpected-open-failure-in-chroot-env.patch | 15 ++- > .../files/shadow-relaxed-usernames.patch | 51 +++++--- > meta/recipes-extended/shadow/shadow.inc | 11 +- > .../shadow/{shadow_4.6.bb => shadow_4.8.bb} | 0 > 11 files changed, 196 insertions(+), 333 deletions(-) > create mode 100644 > meta/recipes-extended/shadow/files/0001-Do-not-check-for-validity-of-shell-executable.patch > delete mode 100644 > meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch > delete mode 100644 > meta/recipes-extended/shadow/files/0001-configure.ac-fix-configure-error-with-dash.patch > delete mode 100644 > meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch > rename > meta/recipes-extended/shadow/files/{allow-for-setting-password-in-clear-text.patch > => 0002-Allow-for-setting-password-in-clear-text.patch} (81%) > create mode 100644 > meta/recipes-extended/shadow/files/0004-useradd.c-create-parent-directories-when-necessary.patch > rename meta/recipes-extended/shadow/{shadow_4.6.bb => shadow_4.8.bb} (100%) > > diff --git > a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > > b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > index aac2d42b12a..ab317b9aa03 100644 > --- > a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > +++ > b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch > @@ -1,4 +1,4 @@ > -From 8cf3454d567f77233023be49a39a33e9f0836f89 Mon Sep 17 00:00:00 2001 > +From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001 > From: Scott Garman <[email protected]> > Date: Thu, 14 Apr 2016 12:28:57 +0200 > Subject: [PATCH] Disable use of syslog for sysroot > @@ -12,6 +12,7 @@ Upstream-Status: Inappropriate [disable feature] > Signed-off-by: Scott Garman <[email protected]> > Signed-off-by: Peter Kjellerstedt <[email protected]> > Signed-off-by: Chen Qi <[email protected]> > + > --- > src/groupadd.c | 3 +++ > src/groupdel.c | 3 +++ > @@ -23,7 +24,7 @@ Signed-off-by: Chen Qi <[email protected]> > 7 files changed, 21 insertions(+) > > diff --git a/src/groupadd.c b/src/groupadd.c > -index 63e1c48..a596c49 100644 > +index 2dd8eec..e9c4bb7 100644 > --- a/src/groupadd.c > +++ b/src/groupadd.c > @@ -34,6 +34,9 @@ > @@ -37,7 +38,7 @@ index 63e1c48..a596c49 100644 > #include <fcntl.h> > #include <getopt.h> > diff --git a/src/groupdel.c b/src/groupdel.c > -index 70bed01..ababd81 100644 > +index f941a84..5a70056 100644 > --- a/src/groupdel.c > +++ b/src/groupdel.c > @@ -34,6 +34,9 @@ > @@ -65,7 +66,7 @@ index fc91c8b..2842514 100644 > #include <getopt.h> > #include <grp.h> > diff --git a/src/groupmod.c b/src/groupmod.c > -index 72daf2c..8965f9d 100644 > +index 1dca5fc..bc14438 100644 > --- a/src/groupmod.c > +++ b/src/groupmod.c > @@ -34,6 +34,9 @@ > @@ -79,7 +80,7 @@ index 72daf2c..8965f9d 100644 > #include <fcntl.h> > #include <getopt.h> > diff --git a/src/useradd.c b/src/useradd.c > -index 3aaf45c..1ab9174 100644 > +index 4af0f7c..1b7bf06 100644 > --- a/src/useradd.c > +++ b/src/useradd.c > @@ -34,6 +34,9 @@ > @@ -93,7 +94,7 @@ index 3aaf45c..1ab9174 100644 > #include <ctype.h> > #include <errno.h> > diff --git a/src/userdel.c b/src/userdel.c > -index c8de1d3..24d3ea9 100644 > +index cc951e5..153e0be 100644 > --- a/src/userdel.c > +++ b/src/userdel.c > @@ -34,6 +34,9 @@ > @@ -107,7 +108,7 @@ index c8de1d3..24d3ea9 100644 > #include <errno.h> > #include <fcntl.h> > diff --git a/src/usermod.c b/src/usermod.c > -index ccfbb99..24fb60d 100644 > +index 05b9871..21c6da9 100644 > --- a/src/usermod.c > +++ b/src/usermod.c > @@ -34,6 +34,9 @@ > @@ -120,6 +121,3 @@ index ccfbb99..24fb60d 100644 > #include <assert.h> > #include <ctype.h> > #include <errno.h> > --- > -2.11.0 > - > diff --git > a/meta/recipes-extended/shadow/files/0001-Do-not-check-for-validity-of-shell-executable.patch > > b/meta/recipes-extended/shadow/files/0001-Do-not-check-for-validity-of-shell-executable.patch > new file mode 100644 > index 00000000000..2d15ff0673a > --- /dev/null > +++ > b/meta/recipes-extended/shadow/files/0001-Do-not-check-for-validity-of-shell-executable.patch > @@ -0,0 +1,29 @@ > +From 0d0aded7307a9f4ee0d299951512acd18b3e029e Mon Sep 17 00:00:00 2001 > +From: Alexander Kanavin <[email protected]> > +Date: Wed, 4 Dec 2019 19:28:48 +0100 > +Subject: [PATCH] Do not check for validity of shell executable. > + > +This kind of check fails when building a rootfs. > + > +Upstream-Status: Inappropriate [oe-core specific] > +Signed-off-by: Alexander Kanavin <[email protected]> > +--- > + src/useradd.c | 5 +---- > + 1 file changed, 1 insertion(+), 4 deletions(-) > + > +diff --git a/src/useradd.c b/src/useradd.c > +index 4af0f7c..898fe02 100644 > +--- a/src/useradd.c > ++++ b/src/useradd.c > +@@ -1328,10 +1328,7 @@ static void process_flags (int argc, char **argv) > + if ( ( !VALID (optarg) ) > + || ( ('\0' != optarg[0]) > + && ('/' != optarg[0]) > +- && ('*' != optarg[0]) ) > +- || (stat(optarg, &st) != 0) > +- || (S_ISDIR(st.st_mode)) > +- || (access(optarg, X_OK) != 0)) { > ++ && ('*' != optarg[0]) )) { > + fprintf (stderr, > + _("%s: invalid shell > '%s'\n"), > + Prog, optarg); > diff --git > a/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch > > b/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch > deleted file mode 100644 > index de0ba3ebb42..00000000000 > --- > a/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch > +++ /dev/null > @@ -1,89 +0,0 @@ > -From fe34a2a0e44bc80ff213bfd185046a5f10c94997 Mon Sep 17 00:00:00 2001 > -From: Chris Lamb <[email protected]> > -Date: Wed, 2 Jan 2019 18:06:16 +0000 > -Subject: [PATCH 1/2] Make the sp_lstchg shadow field reproducible (re. #71) > - > -From <https://github.com/shadow-maint/shadow/pull/71>: > - > -``` > -The third field in the /etc/shadow file (sp_lstchg) contains the date of > -the last password change expressed as the number of days since Jan 1, 1970. > -As this is a relative time, creating a user today will result in: > - > -username:17238:0:99999:7::: > -whilst creating the same user tomorrow will result in: > - > -username:17239:0:99999:7::: > -This has an impact for the Reproducible Builds[0] project where we aim to > -be independent of as many elements the build environment as possible, > -including the current date. > - > -This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1] > -environment variable (instead of Jan 1, 1970) if valid. > -``` > - > -This updated PR adds some missing calls to gettime (). This was originally > -filed by Johannes Schauer in Debian as #917773 [2]. > - > -[0] https://reproducible-builds.org/ > -[1] https://reproducible-builds.org/specs/source-date-epoch/ > -[2] https://bugs.debian.org/917773 > - > -Upstream-Status: Backport > -Signed-off-by: Alex Kiernan <[email protected]> > ---- > - libmisc/pwd2spwd.c | 3 +-- > - src/pwck.c | 2 +- > - src/pwconv.c | 2 +- > - 3 files changed, 3 insertions(+), 4 deletions(-) > - > -diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c > -index c1b9b29ac873..6799dd50d490 100644 > ---- a/libmisc/pwd2spwd.c > -+++ b/libmisc/pwd2spwd.c > -@@ -40,7 +40,6 @@ > - #include "prototypes.h" > - #include "defines.h" > - #include <pwd.h> > --extern time_t time (time_t *); > - > - /* > - * pwd_to_spwd - create entries for new spwd structure > -@@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw) > - */ > - sp.sp_min = 0; > - sp.sp_max = (10000L * DAY) / SCALE; > -- sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; > -+ sp.sp_lstchg = (long) gettime () / SCALE; > - if (0 == sp.sp_lstchg) { > - /* Better disable aging than requiring a password > - * change */ > -diff --git a/src/pwck.c b/src/pwck.c > -index 0ffb711efb13..f70071b12500 100644 > ---- a/src/pwck.c > -+++ b/src/pwck.c > -@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed) > - sp.sp_inact = -1; > - sp.sp_expire = -1; > - sp.sp_flag = SHADOW_SP_FLAG_UNSET; > -- sp.sp_lstchg = (long) time ((time_t > *) 0) / SCALE; > -+ sp.sp_lstchg = (long) gettime () / > SCALE; > - if (0 == sp.sp_lstchg) { > - /* Better disable aging than > - * requiring a password change > -diff --git a/src/pwconv.c b/src/pwconv.c > -index 9c69fa131d8e..f932f266c59c 100644 > ---- a/src/pwconv.c > -+++ b/src/pwconv.c > -@@ -267,7 +267,7 @@ int main (int argc, char **argv) > - spent.sp_flag = SHADOW_SP_FLAG_UNSET; > - } > - spent.sp_pwdp = pw->pw_passwd; > -- spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; > -+ spent.sp_lstchg = (long) gettime () / SCALE; > - if (0 == spent.sp_lstchg) { > - /* Better disable aging than requiring a password > - * change */ > --- > -2.17.1 > - > diff --git > a/meta/recipes-extended/shadow/files/0001-configure.ac-fix-configure-error-with-dash.patch > > b/meta/recipes-extended/shadow/files/0001-configure.ac-fix-configure-error-with-dash.patch > deleted file mode 100644 > index a74cbb0c0e7..00000000000 > --- > a/meta/recipes-extended/shadow/files/0001-configure.ac-fix-configure-error-with-dash.patch > +++ /dev/null > @@ -1,36 +0,0 @@ > -From 3c52a84ff8775590e7e9da9c0d4408c23494305e Mon Sep 17 00:00:00 2001 > -From: Yi Zhao <[email protected]> > -Date: Mon, 17 Jun 2019 15:36:34 +0800 > -Subject: [PATCH] configure.ac: fix configure error with dash > - > -A configure error occurs when /bin/sh -> dash: > - checking for is_selinux_enabled in -lselinux... yes > - checking for semanage_connect in -lsemanage... yes > - configure: 16322: test: yesyes: unexpected operator > - > -Use "=" instead of "==" since dash doesn't support this operator. > - > -Upstream-Status: Backport > -[https://github.com/shadow-maint/shadow/commit/3c52a84ff8775590e7e9da9c0d4408c23494305e] > - > -Signed-off-by: Yi Zhao <[email protected]> > ---- > - configure.ac | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/configure.ac b/configure.ac > -index 6762556..1907afb 100644 > ---- a/configure.ac > -+++ b/configure.ac > -@@ -500,7 +500,7 @@ if test "$with_selinux" != "no"; then > - AC_MSG_ERROR([libsemanage not found]) > - fi > - > -- if test "$selinux_lib$semanage_lib" == "yesyes" ; then > -+ if test "$selinux_lib$semanage_lib" = "yesyes" ; then > - AC_DEFINE(WITH_SELINUX, 1, > - [Build shadow with SELinux support]) > - LIBSELINUX="-lselinux" > --- > -2.7.4 > - > diff --git > a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch > > b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch > deleted file mode 100644 > index faa6f68ebe2..00000000000 > --- > a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch > +++ /dev/null > @@ -1,116 +0,0 @@ > -Subject: [PATCH] useradd.c: create parent directories when necessary > - > -Upstream-Status: Inappropriate [OE specific] > - > -Signed-off-by: Chen Qi <[email protected]> > ---- > - src/useradd.c | 80 > +++++++++++++++++++++++++++++++++++++++-------------------- > - 1 file changed, 53 insertions(+), 27 deletions(-) > - > -diff --git a/src/useradd.c b/src/useradd.c > -index 00a3c30..9ecbb58 100644 > ---- a/src/useradd.c > -+++ b/src/useradd.c > -@@ -2021,6 +2021,35 @@ static void usr_update (void) > - } > - > - /* > -+ * mkdir_p - create directories, including parent directories when needed > -+ * > -+ * similar to `mkdir -p' > -+ */ > -+void mkdir_p(const char *path) { > -+ int len = strlen(path); > -+ char newdir[len + 1]; > -+ mode_t mode = 0755; > -+ int i = 0; > -+ > -+ if (path[i] == '\0') { > -+ return; > -+ } > -+ > -+ /* skip the leading '/' */ > -+ i++; > -+ > -+ while(path[i] != '\0') { > -+ if (path[i] == '/') { > -+ strncpy(newdir, path, i); > -+ newdir[i] = '\0'; > -+ mkdir(newdir, mode); > -+ } > -+ i++; > -+ } > -+ mkdir(path, mode); > -+} > -+ > -+/* > - * create_home - create the user's home directory > - * > - * create_home() creates the user's home directory if it does not > -@@ -2038,39 +2067,36 @@ static void create_home (void) > - fail_exit (E_HOMEDIR); > - } > - #endif > -- /* XXX - create missing parent directories. --marekm */ > -- if (mkdir (prefix_user_home, 0) != 0) { > -- fprintf (stderr, > -- _("%s: cannot create directory %s\n"), > -- Prog, prefix_user_home); > -+ mkdir_p(user_home); > -+ } > -+ if (access (prefix_user_home, F_OK) != 0) { > - #ifdef WITH_AUDIT > -- audit_logger (AUDIT_ADD_USER, Prog, > -- "adding home directory", > -- user_name, (unsigned int) user_id, > -- SHADOW_AUDIT_FAILURE); > -+ audit_logger (AUDIT_ADD_USER, Prog, > -+ "adding home directory", > -+ user_name, (unsigned int) user_id, > -+ SHADOW_AUDIT_FAILURE); > - #endif > -- fail_exit (E_HOMEDIR); > -- } > -- (void) chown (prefix_user_home, user_id, user_gid); > -- chmod (prefix_user_home, > -- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); > -- home_added = true; > -+ fail_exit (E_HOMEDIR); > -+ } > -+ (void) chown (prefix_user_home, user_id, user_gid); > -+ chmod (prefix_user_home, > -+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); > -+ home_added = true; > - #ifdef WITH_AUDIT > -- audit_logger (AUDIT_ADD_USER, Prog, > -- "adding home directory", > -- user_name, (unsigned int) user_id, > -- SHADOW_AUDIT_SUCCESS); > -+ audit_logger (AUDIT_ADD_USER, Prog, > -+ "adding home directory", > -+ user_name, (unsigned int) user_id, > -+ SHADOW_AUDIT_SUCCESS); > - #endif > - #ifdef WITH_SELINUX > -- /* Reset SELinux to create files with default contexts */ > -- if (reset_selinux_file_context () != 0) { > -- fprintf (stderr, > -- _("%s: cannot reset SELinux file creation > context\n"), > -- Prog); > -- fail_exit (E_HOMEDIR); > -- } > --#endif > -+ /* Reset SELinux to create files with default contexts */ > -+ if (reset_selinux_file_context () != 0) { > -+ fprintf (stderr, > -+ _("%s: cannot reset SELinux file creation > context\n"), > -+ Prog); > -+ fail_exit (E_HOMEDIR); > - } > -+#endif > - } > - > - /* > --- > -2.11.0 > - > diff --git > a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch > > b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch > similarity index 81% > rename from > meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch > rename to > meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch > index fa7eb07aa51..c6332e4f766 100644 > --- > a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch > +++ > b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch > @@ -1,8 +1,12 @@ > +From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001 > +From: Chen Qi <[email protected]> > +Date: Sat, 16 Nov 2013 15:27:47 +0800 > Subject: [PATCH] Allow for setting password in clear text > > Upstream-Status: Inappropriate [OE specific] > > Signed-off-by: Chen Qi <[email protected]> > + > --- > src/Makefile.am | 8 ++++---- > src/groupadd.c | 20 +++++++++++++++----- > @@ -12,39 +16,39 @@ Signed-off-by: Chen Qi <[email protected]> > 5 files changed, 64 insertions(+), 25 deletions(-) > > diff --git a/src/Makefile.am b/src/Makefile.am > -index 3c98a8d..b8093d5 100644 > +index f31fd7a..4a317a3 100644 > --- a/src/Makefile.am > +++ b/src/Makefile.am > -@@ -93,10 +93,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) > $(LIBCRYPT) > - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) > $(LIBSKEY) $(LIBMD) > - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) > - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) > --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBCRYPT) > - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) > --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBCRYPT) > - grpck_LDADD = $(LDADD) $(LIBSELINUX) > - grpconv_LDADD = $(LDADD) $(LIBSELINUX) > - grpunconv_LDADD = $(LDADD) $(LIBSELINUX) > -@@ -117,9 +117,9 @@ su_SOURCES = \ > +@@ -103,10 +103,10 @@ chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) > $(LIBSELINUX) $(LIBCRYPT_NOPAM) > + chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) > $(LIBECONF) > + expiry_LDADD = $(LDADD) $(LIBECONF) > + gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) > +-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBECONF) > ++groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBECONF) $(LIBCRYPT) > + groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBECONF) > + groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) > +-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBECONF) > ++groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBECONF) $(LIBCRYPT) > + grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) > + grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) > + grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) > +@@ -127,9 +127,9 @@ su_SOURCES = \ > suauth.c > - su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) > $(LIBSKEY) $(LIBMD) > - sulogin_LDADD = $(LDADD) $(LIBCRYPT) > --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) > -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) > - userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) > --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) > -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) > - vipw_LDADD = $(LDADD) $(LIBSELINUX) > + su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) > $(LIBSKEY) $(LIBMD) $(LIBECONF) > + sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) > +-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) > ++useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) > + userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBECONF) > +-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) > ++usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) > $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) > + vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) > > install-am: all-am > diff --git a/src/groupadd.c b/src/groupadd.c > -index b57006c..63e1c48 100644 > +index e9c4bb7..d572c00 100644 > --- a/src/groupadd.c > +++ b/src/groupadd.c > -@@ -123,9 +123,10 @@ static /*@noreturn@*/void usage (int status) > +@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status) > (void) fputs (_(" -o, --non-unique allow to create > groups with duplicate\n" > " (non-unique) > GID\n"), usageout); > (void) fputs (_(" -p, --password PASSWORD use this encrypted > password for the new group\n"), usageout); > @@ -56,7 +60,7 @@ index b57006c..63e1c48 100644 > (void) fputs ("\n", usageout); > exit (status); > } > -@@ -387,13 +388,14 @@ static void process_flags (int argc, char **argv) > +@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv) > {"key", required_argument, NULL, 'K'}, > {"non-unique", no_argument, NULL, 'o'}, > {"password", required_argument, NULL, 'p'}, > @@ -73,7 +77,7 @@ index b57006c..63e1c48 100644 > long_options, NULL)) != -1) { > switch (c) { > case 'f': > -@@ -445,12 +447,20 @@ static void process_flags (int argc, char **argv) > +@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv) > pflg = true; > group_passwd = optarg; > break; > @@ -95,7 +99,7 @@ index b57006c..63e1c48 100644 > break; > default: > usage (E_USAGE); > -@@ -584,7 +594,7 @@ int main (int argc, char **argv) > +@@ -588,7 +598,7 @@ int main (int argc, char **argv) > (void) textdomain (PACKAGE); > > process_root_flag ("-R", argc, argv); > @@ -105,10 +109,10 @@ index b57006c..63e1c48 100644 > OPENLOG ("groupadd"); > #ifdef WITH_AUDIT > diff --git a/src/groupmod.c b/src/groupmod.c > -index b293b98..72daf2c 100644 > +index bc14438..25ccb44 100644 > --- a/src/groupmod.c > +++ b/src/groupmod.c > -@@ -134,8 +134,9 @@ static void usage (int status) > +@@ -138,8 +138,9 @@ static void usage (int status) > (void) fputs (_(" -o, --non-unique allow to use a > duplicate (non-unique) GID\n"), usageout); > (void) fputs (_(" -p, --password PASSWORD change the password > to this (encrypted)\n" > " PASSWORD\n"), > usageout); > @@ -119,7 +123,7 @@ index b293b98..72daf2c 100644 > (void) fputs ("\n", usageout); > exit (status); > } > -@@ -383,11 +384,12 @@ static void process_flags (int argc, char **argv) > +@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv) > {"new-name", required_argument, NULL, 'n'}, > {"non-unique", no_argument, NULL, 'o'}, > {"password", required_argument, NULL, 'p'}, > @@ -134,7 +138,7 @@ index b293b98..72daf2c 100644 > long_options, NULL)) != -1) { > switch (c) { > case 'g': > -@@ -414,9 +416,17 @@ static void process_flags (int argc, char **argv) > +@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv) > group_passwd = optarg; > pflg = true; > break; > @@ -153,7 +157,7 @@ index b293b98..72daf2c 100644 > break; > default: > usage (E_USAGE); > -@@ -757,7 +767,7 @@ int main (int argc, char **argv) > +@@ -761,7 +771,7 @@ int main (int argc, char **argv) > (void) textdomain (PACKAGE); > > process_root_flag ("-R", argc, argv); > @@ -163,10 +167,10 @@ index b293b98..72daf2c 100644 > OPENLOG ("groupmod"); > #ifdef WITH_AUDIT > diff --git a/src/useradd.c b/src/useradd.c > -index c74e491..7214e72 100644 > +index 1b7bf06..44f09e2 100644 > --- a/src/useradd.c > +++ b/src/useradd.c > -@@ -829,9 +829,10 @@ static void usage (int status) > +@@ -853,9 +853,10 @@ static void usage (int status) > (void) fputs (_(" -o, --non-unique allow to create > users with duplicate\n" > " (non-unique) > UID\n"), usageout); > (void) fputs (_(" -p, --password PASSWORD encrypted password > of the new account\n"), usageout); > @@ -178,7 +182,7 @@ index c74e491..7214e72 100644 > (void) fputs (_(" -s, --shell SHELL login shell of the > new account\n"), usageout); > (void) fputs (_(" -u, --uid UID user ID of the new > account\n"), usageout); > (void) fputs (_(" -U, --user-group create a group with > the same name as the user\n"), usageout); > -@@ -1104,9 +1105,10 @@ static void process_flags (int argc, char **argv) > +@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv) > {"no-user-group", no_argument, NULL, 'N'}, > {"non-unique", no_argument, NULL, 'o'}, > {"password", required_argument, NULL, 'p'}, > @@ -190,7 +194,7 @@ index c74e491..7214e72 100644 > {"shell", required_argument, NULL, 's'}, > {"uid", required_argument, NULL, 'u'}, > {"user-group", no_argument, NULL, 'U'}, > -@@ -1117,9 +1119,9 @@ static void process_flags (int argc, char **argv) > +@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv) > }; > while ((c = getopt_long (argc, argv, > #ifdef WITH_SELINUX > @@ -202,7 +206,7 @@ index c74e491..7214e72 100644 > #endif /* !WITH_SELINUX */ > long_options, NULL)) != -1) { > switch (c) { > -@@ -1285,12 +1287,19 @@ static void process_flags (int argc, char **argv) > +@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv) > } > user_pass = optarg; > break; > @@ -223,7 +227,7 @@ index c74e491..7214e72 100644 > break; > case 's': > if ( ( !VALID (optarg) ) > -@@ -2148,7 +2157,7 @@ int main (int argc, char **argv) > +@@ -2257,7 +2266,7 @@ int main (int argc, char **argv) > > process_root_flag ("-R", argc, argv); > > @@ -233,10 +237,10 @@ index c74e491..7214e72 100644 > OPENLOG ("useradd"); > #ifdef WITH_AUDIT > diff --git a/src/usermod.c b/src/usermod.c > -index e571426..ccfbb99 100644 > +index 21c6da9..cffdb3e 100644 > --- a/src/usermod.c > +++ b/src/usermod.c > -@@ -424,8 +424,9 @@ static /*@noreturn@*/void usage (int status) > +@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status) > " new location (use > only with -d)\n"), usageout); > (void) fputs (_(" -o, --non-unique allow using > duplicate (non-unique) UID\n"), usageout); > (void) fputs (_(" -p, --password PASSWORD use encrypted > password for the new password\n"), usageout); > @@ -247,7 +251,7 @@ index e571426..ccfbb99 100644 > (void) fputs (_(" -s, --shell SHELL new login shell for > the user account\n"), usageout); > (void) fputs (_(" -u, --uid UID new UID for the user > account\n"), usageout); > (void) fputs (_(" -U, --unlock unlock the user > account\n"), usageout); > -@@ -1002,8 +1003,9 @@ static void process_flags (int argc, char **argv) > +@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv) > {"move-home", no_argument, NULL, 'm'}, > {"non-unique", no_argument, NULL, 'o'}, > {"password", required_argument, NULL, 'p'}, > @@ -258,16 +262,16 @@ index e571426..ccfbb99 100644 > {"shell", required_argument, NULL, 's'}, > {"uid", required_argument, NULL, 'u'}, > {"unlock", no_argument, NULL, 'U'}, > -@@ -1019,7 +1021,7 @@ static void process_flags (int argc, char **argv) > +@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv) > {NULL, 0, NULL, '\0'} > }; > while ((c = getopt_long (argc, argv, > -- "ac:d:e:f:g:G:hl:Lmop:R:s:u:UP:" > -+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:" > +- "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:" > ++ "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:" > #ifdef ENABLE_SUBIDS > "v:w:V:W:" > #endif /* ENABLE_SUBIDS */ > -@@ -1119,9 +1121,17 @@ static void process_flags (int argc, char **argv) > +@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv) > user_pass = optarg; > pflg = true; > break; > @@ -286,7 +290,7 @@ index e571426..ccfbb99 100644 > break; > case 's': > if (!VALID (optarg)) { > -@@ -2098,7 +2108,7 @@ int main (int argc, char **argv) > +@@ -2127,7 +2137,7 @@ int main (int argc, char **argv) > (void) textdomain (PACKAGE); > > process_root_flag ("-R", argc, argv); > @@ -295,6 +299,3 @@ index e571426..ccfbb99 100644 > > OPENLOG ("usermod"); > #ifdef WITH_AUDIT > --- > -2.11.0 > - > diff --git > a/meta/recipes-extended/shadow/files/0004-useradd.c-create-parent-directories-when-necessary.patch > > b/meta/recipes-extended/shadow/files/0004-useradd.c-create-parent-directories-when-necessary.patch > new file mode 100644 > index 00000000000..77357027764 > --- /dev/null > +++ > b/meta/recipes-extended/shadow/files/0004-useradd.c-create-parent-directories-when-necessary.patch > @@ -0,0 +1,63 @@ > +From b406a7f4c3d6472885b75320ea63f140e021ff03 Mon Sep 17 00:00:00 2001 > +From: Chen Qi <[email protected]> > +Date: Thu, 17 Jul 2014 15:53:34 +0800 > +Subject: [PATCH] useradd.c: create parent directories when necessary > + > +Upstream-Status: Inappropriate [OE specific] > + > +Signed-off-by: Chen Qi <[email protected]> > + > +--- > + src/useradd.c | 32 +++++++++++++++++++++++++++++++- > + 1 file changed, 31 insertions(+), 1 deletion(-) > + > +diff --git a/src/useradd.c b/src/useradd.c > +index 44f09e2..fec0986 100644 > +--- a/src/useradd.c > ++++ b/src/useradd.c > +@@ -2065,6 +2065,36 @@ static void usr_update (void) > + } > + } > + > ++/* > ++ * mkdir_p - create directories, including parent directories when needed > ++ * > ++ * similar to `mkdir -p' > ++ */ > ++int mkdir_p(const char *path) { > ++ int len = strlen(path); > ++ char newdir[len + 1]; > ++ mode_t mode = 0755; > ++ int i = 0; > ++ > ++ if (path[i] == '\0') { > ++ return 0; > ++ } > ++ > ++ /* skip the leading '/' */ > ++ i++; > ++ > ++ while(path[i] != '\0') { > ++ if (path[i] == '/') { > ++ strncpy(newdir, path, i); > ++ newdir[i] = '\0'; > ++ mkdir(newdir, mode); > ++ } > ++ i++; > ++ } > ++ mkdir(path, mode); > ++ return 0; > ++} > ++ > + /* > + * create_home - create the user's home directory > + * > +@@ -2137,7 +2167,7 @@ static void create_home (void) > + } > + else > + #endif > +- if (mkdir (path, 0) != 0) { > ++ if ((mkdir_p (path) == 0) && (access > (prefix_user_home, F_OK) != 0)) { > + fprintf (stderr, > + _("%s: cannot create > directory %s\n"), > + Prog, path); > diff --git > a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > > b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > index 4fa3d184edf..98252163692 100644 > --- > a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > +++ > b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > @@ -1,3 +1,8 @@ > +From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001 > +From: Chen Qi <[email protected]> > +Date: Thu, 17 Jul 2014 15:53:34 +0800 > +Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env > + > Upstream-Status: Inappropriate [OE specific] > > commonio.c: fix unexpected open failure in chroot environment > @@ -10,15 +15,16 @@ Note that this patch doesn't change the logic in the > code, it just expands > the codes. > > Signed-off-by: Chen Qi <[email protected]> > + > --- > - lib/commonio.c | 16 ++++++++++++---- > + lib/commonio.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/lib/commonio.c b/lib/commonio.c > -index cc536bf..51cafd9 100644 > +index 16fa7e7..d6bc297 100644 > --- a/lib/commonio.c > +++ b/lib/commonio.c > -@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode) > +@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode) > db->cursor = NULL; > db->changed = false; > > @@ -41,6 +47,3 @@ index cc536bf..51cafd9 100644 > db->fp = NULL; > if (fd >= 0) { > #ifdef WITH_TCB > --- > -1.7.9.5 > - > diff --git > a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch > b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch > index 1af04d5fe89..cc833362e9a 100644 > --- a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch > +++ b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch > @@ -1,26 +1,37 @@ > +From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001 > +From: Shan Hai <[email protected]> > +Date: Tue, 13 Sep 2016 13:45:46 +0800 > +Subject: [PATCH] shadow: use relaxed usernames > > The groupadd from shadow does not allow upper case group names, the > same is true for the upstream shadow. But distributions like > Debian/Ubuntu/CentOS has their own way to cope with this problem, > this patch is picked up from CentOS release 7.0 to relax the usernames > restrictions to allow the upper case group names, and the relaxation is > -POSIX compliant because POSIX indicate that usernames are composed of > +POSIX compliant because POSIX indicate that usernames are composed of > characters from the portable filename character set [A-Za-z0-9._-]. > > Upstream-Status: Pending > > -Signed-off-by: Shan Hai <[email protected]> > +Signed-off-by: Shan Hai <[email protected]> > > -diff -urpN a/libmisc/chkname.c b/libmisc/chkname.c > -index 5089112..f40a0da 100644 > +--- > + libmisc/chkname.c | 30 ++++++++++++++++++------------ > + man/groupadd.8.xml | 6 ------ > + man/useradd.8.xml | 8 +------- > + 3 files changed, 19 insertions(+), 25 deletions(-) > + > +diff --git a/libmisc/chkname.c b/libmisc/chkname.c > +index 90f185c..65762b4 100644 > --- a/libmisc/chkname.c > +++ b/libmisc/chkname.c > -@@ -49,21 +49,28 @@ > - static bool is_valid_name (const char *name) > - { > +@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name) > + } > + > /* > - * User/group names must match [a-z_][a-z0-9_-]*[$] > - */ > +- > - if (('\0' == *name) || > - !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { > + * User/group names must match gnu e-regex: > @@ -55,28 +66,28 @@ index 5089112..f40a0da 100644 > return false; > } > } > -diff -urpN a/man/groupadd.8.xml b/man/groupadd.8.xml > -index 230fd0c..94f7807 100644 > +diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml > +index 1e58f09..d804b61 100644 > --- a/man/groupadd.8.xml > +++ b/man/groupadd.8.xml > -@@ -222,12 +222,6 @@ > +@@ -272,12 +272,6 @@ > + > <refsect1 id='caveats'> > <title>CAVEATS</title> > - <para> > +- <para> > - Groupnames must start with a lower case letter or an underscore, > - followed by lower case letters, digits, underscores, or dashes. > - They can end with a dollar sign. > - In regular expression terms: [a-z_][a-z0-9_-]*[$]? > - </para> > -- <para> > + <para> > Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. > </para> > - <para> > -diff -urpN a/man/useradd.8.xml b/man/useradd.8.xml > -index 5dec989..fe623b9 100644 > +diff --git a/man/useradd.8.xml b/man/useradd.8.xml > +index a16d730..c0bd777 100644 > --- a/man/useradd.8.xml > +++ b/man/useradd.8.xml > -@@ -336,7 +336,7 @@ > +@@ -366,7 +366,7 @@ > </term> > <listitem> > <para> > @@ -85,16 +96,16 @@ index 5dec989..fe623b9 100644 > wide setting from <filename>/etc/login.defs</filename> > (<option>CREATE_HOME</option>) is set to > <replaceable>yes</replaceable>. > -@@ -607,12 +607,6 @@ > +@@ -660,12 +660,6 @@ > + the user account creation request. > </para> > > - <para> > +- <para> > - Usernames must start with a lower case letter or an underscore, > - followed by lower case letters, digits, underscores, or dashes. > - They can end with a dollar sign. > - In regular expression terms: [a-z_][a-z0-9_-]*[$]? > - </para> > -- <para> > + <para> > Usernames may only be up to 32 characters long. > </para> > - </refsect1> > diff --git a/meta/recipes-extended/shadow/shadow.inc > b/meta/recipes-extended/shadow/shadow.inc > index 770c239e96d..d07b507532f 100644 > --- a/meta/recipes-extended/shadow/shadow.inc > +++ b/meta/recipes-extended/shadow/shadow.inc > @@ -11,8 +11,6 @@ DEPENDS = "virtual/crypt" > UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"; > SRC_URI = > "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ > file://shadow-4.1.3-dots-in-usernames.patch \ > - > file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch \ > - file://0001-configure.ac-fix-configure-error-with-dash.patch \ > ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', > '', d)} \ > file://shadow-relaxed-usernames.patch \ > " > @@ -24,16 +22,17 @@ SRC_URI_append_class-target = " \ > > SRC_URI_append_class-native = " \ > file://0001-Disable-use-of-syslog-for-sysroot.patch \ > - file://allow-for-setting-password-in-clear-text.patch \ > + file://0002-Allow-for-setting-password-in-clear-text.patch \ > file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch > \ > - > file://0001-useradd.c-create-parent-directories-when-necessary.patch \ > + > file://0004-useradd.c-create-parent-directories-when-necessary.patch \ > + file://0001-Do-not-check-for-validity-of-shell-executable.patch \ > " > SRC_URI_append_class-nativesdk = " \ > file://0001-Disable-use-of-syslog-for-sysroot.patch \ > " > > -SRC_URI[md5sum] = "36feb15665338ae3de414f2a88e434db" > -SRC_URI[sha256sum] = > "4668f99bd087399c4a586084dc3b046b75f560720d83e92fd23bf7a89dda4d31" > +SRC_URI[md5sum] = "017ac773ba370bc28e157cee30dad71a" > +SRC_URI[sha256sum] = > "82016d65317555fc8ce9e669eb187984d8d4b1f8ecda0769f4bc5412aed326e4" > > # Additional Policy files for PAM > PAM_SRC_URI = "file://pam.d/chfn \ > diff --git a/meta/recipes-extended/shadow/shadow_4.6.bb > b/meta/recipes-extended/shadow/shadow_4.8.bb > similarity index 100% > rename from meta/recipes-extended/shadow/shadow_4.6.bb > rename to meta/recipes-extended/shadow/shadow_4.8.bb > -- > 2.17.1 > > -- > _______________________________________________ > Openembedded-core mailing list > [email protected] > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Alex Kiernan -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
