openembedded-core.git/meta/recipes-extended/shadow, branch 2016-10 Mirror of openembedded-core shadow: use relaxed usernames 2016-09-16T14:15:32+00:00 Shan Hai shan.hai@windriver.com 2016-09-13T05:45:46+00:00 31c6c8150394de067085be5b0058037077860a8a The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from CentOS release 7.0 to relax the usernames restrictions to allow the upper case group names, and the relaxation is POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The groupadd from shadow does not allow upper case group names, the
same is true for the upstream shadow. But distributions like
Debian/Ubuntu/CentOS has their own way to cope with this problem,
this patch is picked up from CentOS release 7.0 to relax the usernames
restrictions to allow the upper case group names, and the relaxation is
POSIX compliant because POSIX indicate that usernames are composed of
characters from the portable filename character set [A-Za-z0-9._-].

Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow: Fix rootfs creation errors 2016-05-22T15:09:21+00:00 Dai Caiyun daicy.fnst@cn.fujitsu.com 2016-02-27T23:03:12+00:00 52d3d9e1ab0b510d93c4915baf2a85b9cc949205 error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1 conflicts with file from package coreutils-doc-6.9-r5 Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1
           conflicts with file from package coreutils-doc-6.9-r5

Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow-sysroot: Use SYSROOT_DIRS to add dirs to stage in sysroot 2016-05-13T12:40:49+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2016-05-12T08:37:53+00:00 196e01cce6d76c72d8e76ad1441c1baed321c939 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: Disable syslog for more commands 2016-04-15T05:57:47+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2016-04-14T11:36:39+00:00 0791ba7ea82444729a1a7d1b2443f633bcba2002 When building shadow-native, syslog was disabled for useradd and groupadd. This disables it also for groupdel, groupmems, groupmod, userdel and usermod (i.e., the use of syslog is now disabled for all commands supported by useradd_base.bbclass). Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
When building shadow-native, syslog was disabled for useradd and
groupadd. This disables it also for groupdel, groupmems, groupmod,
userdel and usermod (i.e., the use of syslog is now disabled for all
commands supported by useradd_base.bbclass).

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update alternatives of man pages 2015-07-07T22:57:13+00:00 Kai Kang kai.kang@windriver.com 2015-07-03T07:23:49+00:00 2cff20f423fb9e82b44c68504be605c223bd74fb Update alternatives of man pages in several packages. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Update alternatives of man pages in several packages.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow: fix `su' behaviour 2015-04-24T10:05:58+00:00 Chen Qi Qi.Chen@windriver.com 2015-04-21T09:30:46+00:00 6820f05dad0b4f9b9bbcf7c2a0af8c34f66199ae 0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason. This patch is introduced to solve the 'su: applet not found' problem when executing `su -l xxx -c env'. The patch references codes of previous release of shadow. However, this patch introduces bug#5359. So it's not correct. Let's first look at the root cause of 'su: applet not found' problem. This problem appears when /bin/sh is provided by busybox. When executing `su -l xxx -c env' command, the following function is invoked. execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */]) Note that the argv[0] provided to new executable file (/bin/sh) is "-su". As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed. In busybox's appletlib.c, it would examine argv[0], try to find an applet that has the same name, and then try to execute the main function of the applet. This logic results in `su' applet from busybox to be executed. However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found. Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet is found. The whole behaviour is still not correct. Because 'su' from shadow takes higher priority than that from busybox, so 'su' from busybox should never be executed on such system unless it's specified clearly by the end user. The logic of busybox's appletlib.c is totally correct from the point of busybox itself. It's an integration problem. To solve the above problem, this patch comment out SU_NAME in /etc/login.defs so that the final function executed in shadow's su is as below. execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */]) [YOCTO #5359] [YOCTO #7137] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason.
This patch is introduced to solve the 'su: applet not found' problem when
executing `su -l xxx -c env'. The patch references codes of previous release
of shadow. However, this patch introduces bug#5359. So it's not correct.

Let's first look at the root cause of 'su: applet not found' problem.
This problem appears when /bin/sh is provided by busybox.
When executing `su -l xxx -c env' command, the following function is invoked.
    execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */])
Note that the argv[0] provided to new executable file (/bin/sh) is "-su".
As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed.
In busybox's appletlib.c, it would examine argv[0], try to find an applet
that has the same name, and then try to execute the main function of the
applet. This logic results in `su' applet from busybox to be executed.
However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found.
Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet
is found. The whole behaviour is still not correct. Because 'su' from shadow
takes higher priority than that from busybox, so 'su' from busybox should never
be executed on such system unless it's specified clearly by the end user.
The logic of busybox's appletlib.c is totally correct from the point of busybox
itself. It's an integration problem.

To solve the above problem, this patch comment out SU_NAME in /etc/login.defs
so that the final function executed in shadow's su is as below.
    execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */])

[YOCTO #5359]
[YOCTO #7137]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: split files needed for PAM use into separate package 2015-04-09T18:48:04+00:00 Matt Madison matt@madison.systems 2015-04-04T18:04:58+00:00 a7d8eaef04c9dd6ede8d4efd8c4b776efbe3c767 The rootfs creator automatically removes shadow for read-only root filesystems, which breaks use of PAM plugins for login and other process identity management utilities. Package those programs and config files separately, so they don't get removed. Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The rootfs creator automatically removes shadow for read-only
root filesystems, which breaks use of PAM plugins for login and
other process identity management utilities.  Package those programs
and config files separately, so they don't get removed.

Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: add 'util-linux-sulogin' to RDEPENDS 2015-04-09T18:48:01+00:00 Chen Qi Qi.Chen@windriver.com 2015-04-09T05:49:29+00:00 9b45b990d2fc870df556f05908dcb48b9ebcfc02 If shadow is installed, sulogin from busybox cannot work correctly because it still assumes that /etc/shadow is not there. This leads to the problem when booting into rescue mode in an image with shadow installed but not sulogin from util-linux. To fix this problem, we add 'util-linux-sulogin' to RDEPENDS of shadow. This runtime dependency is specific to OE, because we have to ensure that sulogin can work correctly and sulogin from busybox cannot because FEATURE_SHADOWPASSWORDS is not enabled by default. And we cannot enable it by default for busybox, because that would lead to utilities in busybox to assume the existence of /etc/shadow which is not always true in OE. [YOCTO #6698] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
If shadow is installed, sulogin from busybox cannot work correctly because
it still assumes that /etc/shadow is not there. This leads to the problem
when booting into rescue mode in an image with shadow installed but not
sulogin from util-linux.

To fix this problem, we add 'util-linux-sulogin' to RDEPENDS of shadow.
This runtime dependency is specific to OE, because we have to ensure
that sulogin can work correctly and sulogin from busybox cannot because
FEATURE_SHADOWPASSWORDS is not enabled by default. And we cannot enable
it by default for busybox, because that would lead to utilities in busybox
to assume the existence of /etc/shadow which is not always true in OE.

[YOCTO #6698]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: securetty: Add Xilinx Zynq SoC 2015-01-28T21:22:21+00:00 Soren Brinkmann soren.brinkmann@xilinx.com 2015-01-08T22:59:43+00:00 82f5fd5f39b1c665098dd5ca567cbb2b5d955924 Add Zynq's console devices to securetty. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Add Zynq's console devices to securetty.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta: set proper S value 2015-01-23T11:35:25+00:00 Petter Mabäcker petter@technux.se 2015-01-06T21:29:04+00:00 9d220b1bfe4589736604dd5a7129e3699377d830 After removal of auto-creating S we must ensure that all recipes are using a proper value for S. Fix all recipes that only need to set S equals to WORKDIR. [YOCTO #5627] Signed-off-by: Petter Mabäcker <petter@technux.se> 
After removal of auto-creating S we must ensure that all recipes are
using a proper value for S.

Fix all recipes that only need to set S equals to WORKDIR.

[YOCTO #5627]

Signed-off-by: Petter Mabäcker <petter@technux.se>