openembedded-core.git/meta/recipes-extended/shadow, branch uninative-1.0 Mirror of openembedded-core shadow-sysroot: Use SYSROOT_DIRS to add dirs to stage in sysroot 2016-05-13T12:40:49+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2016-05-12T08:37:53+00:00 196e01cce6d76c72d8e76ad1441c1baed321c939 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: Disable syslog for more commands 2016-04-15T05:57:47+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2016-04-14T11:36:39+00:00 0791ba7ea82444729a1a7d1b2443f633bcba2002 When building shadow-native, syslog was disabled for useradd and groupadd. This disables it also for groupdel, groupmems, groupmod, userdel and usermod (i.e., the use of syslog is now disabled for all commands supported by useradd_base.bbclass). Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
When building shadow-native, syslog was disabled for useradd and
groupadd. This disables it also for groupdel, groupmems, groupmod,
userdel and usermod (i.e., the use of syslog is now disabled for all
commands supported by useradd_base.bbclass).

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update alternatives of man pages 2015-07-07T22:57:13+00:00 Kai Kang kai.kang@windriver.com 2015-07-03T07:23:49+00:00 2cff20f423fb9e82b44c68504be605c223bd74fb Update alternatives of man pages in several packages. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Update alternatives of man pages in several packages.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow: fix `su' behaviour 2015-04-24T10:05:58+00:00 Chen Qi Qi.Chen@windriver.com 2015-04-21T09:30:46+00:00 6820f05dad0b4f9b9bbcf7c2a0af8c34f66199ae 0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason. This patch is introduced to solve the 'su: applet not found' problem when executing `su -l xxx -c env'. The patch references codes of previous release of shadow. However, this patch introduces bug#5359. So it's not correct. Let's first look at the root cause of 'su: applet not found' problem. This problem appears when /bin/sh is provided by busybox. When executing `su -l xxx -c env' command, the following function is invoked. execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */]) Note that the argv[0] provided to new executable file (/bin/sh) is "-su". As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed. In busybox's appletlib.c, it would examine argv[0], try to find an applet that has the same name, and then try to execute the main function of the applet. This logic results in `su' applet from busybox to be executed. However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found. Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet is found. The whole behaviour is still not correct. Because 'su' from shadow takes higher priority than that from busybox, so 'su' from busybox should never be executed on such system unless it's specified clearly by the end user. The logic of busybox's appletlib.c is totally correct from the point of busybox itself. It's an integration problem. To solve the above problem, this patch comment out SU_NAME in /etc/login.defs so that the final function executed in shadow's su is as below. execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */]) [YOCTO #5359] [YOCTO #7137] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason.
This patch is introduced to solve the 'su: applet not found' problem when
executing `su -l xxx -c env'. The patch references codes of previous release
of shadow. However, this patch introduces bug#5359. So it's not correct.

Let's first look at the root cause of 'su: applet not found' problem.
This problem appears when /bin/sh is provided by busybox.
When executing `su -l xxx -c env' command, the following function is invoked.
    execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */])
Note that the argv[0] provided to new executable file (/bin/sh) is "-su".
As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed.
In busybox's appletlib.c, it would examine argv[0], try to find an applet
that has the same name, and then try to execute the main function of the
applet. This logic results in `su' applet from busybox to be executed.
However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found.
Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet
is found. The whole behaviour is still not correct. Because 'su' from shadow
takes higher priority than that from busybox, so 'su' from busybox should never
be executed on such system unless it's specified clearly by the end user.
The logic of busybox's appletlib.c is totally correct from the point of busybox
itself. It's an integration problem.

To solve the above problem, this patch comment out SU_NAME in /etc/login.defs
so that the final function executed in shadow's su is as below.
    execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */])

[YOCTO #5359]
[YOCTO #7137]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: split files needed for PAM use into separate package 2015-04-09T18:48:04+00:00 Matt Madison matt@madison.systems 2015-04-04T18:04:58+00:00 a7d8eaef04c9dd6ede8d4efd8c4b776efbe3c767 The rootfs creator automatically removes shadow for read-only root filesystems, which breaks use of PAM plugins for login and other process identity management utilities. Package those programs and config files separately, so they don't get removed. Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The rootfs creator automatically removes shadow for read-only
root filesystems, which breaks use of PAM plugins for login and
other process identity management utilities.  Package those programs
and config files separately, so they don't get removed.

Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: add 'util-linux-sulogin' to RDEPENDS 2015-04-09T18:48:01+00:00 Chen Qi Qi.Chen@windriver.com 2015-04-09T05:49:29+00:00 9b45b990d2fc870df556f05908dcb48b9ebcfc02 If shadow is installed, sulogin from busybox cannot work correctly because it still assumes that /etc/shadow is not there. This leads to the problem when booting into rescue mode in an image with shadow installed but not sulogin from util-linux. To fix this problem, we add 'util-linux-sulogin' to RDEPENDS of shadow. This runtime dependency is specific to OE, because we have to ensure that sulogin can work correctly and sulogin from busybox cannot because FEATURE_SHADOWPASSWORDS is not enabled by default. And we cannot enable it by default for busybox, because that would lead to utilities in busybox to assume the existence of /etc/shadow which is not always true in OE. [YOCTO #6698] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
If shadow is installed, sulogin from busybox cannot work correctly because
it still assumes that /etc/shadow is not there. This leads to the problem
when booting into rescue mode in an image with shadow installed but not
sulogin from util-linux.

To fix this problem, we add 'util-linux-sulogin' to RDEPENDS of shadow.
This runtime dependency is specific to OE, because we have to ensure
that sulogin can work correctly and sulogin from busybox cannot because
FEATURE_SHADOWPASSWORDS is not enabled by default. And we cannot enable
it by default for busybox, because that would lead to utilities in busybox
to assume the existence of /etc/shadow which is not always true in OE.

[YOCTO #6698]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: securetty: Add Xilinx Zynq SoC 2015-01-28T21:22:21+00:00 Soren Brinkmann soren.brinkmann@xilinx.com 2015-01-08T22:59:43+00:00 82f5fd5f39b1c665098dd5ca567cbb2b5d955924 Add Zynq's console devices to securetty. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Add Zynq's console devices to securetty.

Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta: set proper S value 2015-01-23T11:35:25+00:00 Petter Mabäcker petter@technux.se 2015-01-06T21:29:04+00:00 9d220b1bfe4589736604dd5a7129e3699377d830 After removal of auto-creating S we must ensure that all recipes are using a proper value for S. Fix all recipes that only need to set S equals to WORKDIR. [YOCTO #5627] Signed-off-by: Petter Mabäcker <petter@technux.se> 
After removal of auto-creating S we must ensure that all recipes are
using a proper value for S.

Fix all recipes that only need to set S equals to WORKDIR.

[YOCTO #5627]

Signed-off-by: Petter Mabäcker <petter@technux.se>
shadow: disable nscd feature when glibc is not built with spawn posix functions 2014-12-19T17:54:13+00:00 Baptiste DURAND baptiste.durand@gmail.com 2014-12-05T14:40:16+00:00 3678e504cf81f45bd0b0ab315f9cc4da87a633b5 shadow package configure step fails with this log output : | checking location of faillog/lastlog/wtmp... (cached) /var/log | checking location of the passwd program... (cached) /usr/bin | checking for posix_spawn... no | configure: error: posix_spawn is needed for nscd support | Configure failed. The contents of all config.log files follows to aid debugging | ERROR: oe_runconf failed Signed-off-by: Baptiste DURAND <baptiste.durand@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
shadow package  configure step fails with this log output :
| checking location of faillog/lastlog/wtmp... (cached) /var/log
| checking location of the passwd program... (cached) /usr/bin
| checking for posix_spawn... no
| configure: error: posix_spawn is needed for nscd support
| Configure failed. The contents of all config.log files follows to aid debugging
| ERROR: oe_runconf failed

Signed-off-by: Baptiste DURAND <baptiste.durand@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow-securetty: add ttyAM[0-3] serial ports 2014-11-20T14:06:31+00:00 Javier Viguera javier.viguera@digi.com 2014-11-13T15:48:56+00:00 fa17b9ea435f5c49e3bea56524152b21d915d464 Old version of the ARM AMBA serial port driver creates those device nodes. Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Old version of the ARM AMBA serial port driver creates those device nodes.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>