openembedded-core.git/meta/recipes-extended/shadow, branch uninative-1.5 Mirror of openembedded-core recipes: Make use of the new bb.utils.filter() function 2017-03-01T11:17:22+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2017-02-27T13:02:50+00:00 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: Add PACKAGE_WRITE_DEPS for postinst 2017-01-19T22:51:08+00:00 Jussi Kukkonen jussi.kukkonen@intel.com 2017-01-19T08:04:19+00:00 5a59e292d1382ea6858f6ccb532e48a9f1f4bea6 pwconv and grpconv are used in the postinstall script. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> 
pwconv and grpconv are used in the postinstall script.

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
shadow: add nologin.8 to alternatives 2016-11-06T23:35:17+00:00 Ross Burton ross.burton@intel.com 2016-11-01T15:06:45+00:00 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a This manpage is also shipped in util-linux-doc as an alternative, so it needs to be managed as an alternative here too. Signed-off-by: Ross Burton <ross.burton@intel.com> 
This manpage is also shipped in util-linux-doc as an alternative, so it needs to
be managed as an alternative here too.

Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow: use relaxed usernames 2016-09-16T14:15:32+00:00 Shan Hai shan.hai@windriver.com 2016-09-13T05:45:46+00:00 31c6c8150394de067085be5b0058037077860a8a The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from CentOS release 7.0 to relax the usernames restrictions to allow the upper case group names, and the relaxation is POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The groupadd from shadow does not allow upper case group names, the
same is true for the upstream shadow. But distributions like
Debian/Ubuntu/CentOS has their own way to cope with this problem,
this patch is picked up from CentOS release 7.0 to relax the usernames
restrictions to allow the upper case group names, and the relaxation is
POSIX compliant because POSIX indicate that usernames are composed of
characters from the portable filename character set [A-Za-z0-9._-].

Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow: Fix rootfs creation errors 2016-05-22T15:09:21+00:00 Dai Caiyun daicy.fnst@cn.fujitsu.com 2016-02-27T23:03:12+00:00 52d3d9e1ab0b510d93c4915baf2a85b9cc949205 error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1 conflicts with file from package coreutils-doc-6.9-r5 Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1
           conflicts with file from package coreutils-doc-6.9-r5

Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow-sysroot: Use SYSROOT_DIRS to add dirs to stage in sysroot 2016-05-13T12:40:49+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2016-05-12T08:37:53+00:00 196e01cce6d76c72d8e76ad1441c1baed321c939 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: Disable syslog for more commands 2016-04-15T05:57:47+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2016-04-14T11:36:39+00:00 0791ba7ea82444729a1a7d1b2443f633bcba2002 When building shadow-native, syslog was disabled for useradd and groupadd. This disables it also for groupdel, groupmems, groupmod, userdel and usermod (i.e., the use of syslog is now disabled for all commands supported by useradd_base.bbclass). Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
When building shadow-native, syslog was disabled for useradd and
groupadd. This disables it also for groupdel, groupmems, groupmod,
userdel and usermod (i.e., the use of syslog is now disabled for all
commands supported by useradd_base.bbclass).

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update alternatives of man pages 2015-07-07T22:57:13+00:00 Kai Kang kai.kang@windriver.com 2015-07-03T07:23:49+00:00 2cff20f423fb9e82b44c68504be605c223bd74fb Update alternatives of man pages in several packages. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Update alternatives of man pages in several packages.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
shadow: fix `su' behaviour 2015-04-24T10:05:58+00:00 Chen Qi Qi.Chen@windriver.com 2015-04-21T09:30:46+00:00 6820f05dad0b4f9b9bbcf7c2a0af8c34f66199ae 0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason. This patch is introduced to solve the 'su: applet not found' problem when executing `su -l xxx -c env'. The patch references codes of previous release of shadow. However, this patch introduces bug#5359. So it's not correct. Let's first look at the root cause of 'su: applet not found' problem. This problem appears when /bin/sh is provided by busybox. When executing `su -l xxx -c env' command, the following function is invoked. execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */]) Note that the argv[0] provided to new executable file (/bin/sh) is "-su". As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed. In busybox's appletlib.c, it would examine argv[0], try to find an applet that has the same name, and then try to execute the main function of the applet. This logic results in `su' applet from busybox to be executed. However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found. Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet is found. The whole behaviour is still not correct. Because 'su' from shadow takes higher priority than that from busybox, so 'su' from busybox should never be executed on such system unless it's specified clearly by the end user. The logic of busybox's appletlib.c is totally correct from the point of busybox itself. It's an integration problem. To solve the above problem, this patch comment out SU_NAME in /etc/login.defs so that the final function executed in shadow's su is as below. execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */]) [YOCTO #5359] [YOCTO #7137] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason.
This patch is introduced to solve the 'su: applet not found' problem when
executing `su -l xxx -c env'. The patch references codes of previous release
of shadow. However, this patch introduces bug#5359. So it's not correct.

Let's first look at the root cause of 'su: applet not found' problem.
This problem appears when /bin/sh is provided by busybox.
When executing `su -l xxx -c env' command, the following function is invoked.
    execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */])
Note that the argv[0] provided to new executable file (/bin/sh) is "-su".
As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed.
In busybox's appletlib.c, it would examine argv[0], try to find an applet
that has the same name, and then try to execute the main function of the
applet. This logic results in `su' applet from busybox to be executed.
However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found.
Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet
is found. The whole behaviour is still not correct. Because 'su' from shadow
takes higher priority than that from busybox, so 'su' from busybox should never
be executed on such system unless it's specified clearly by the end user.
The logic of busybox's appletlib.c is totally correct from the point of busybox
itself. It's an integration problem.

To solve the above problem, this patch comment out SU_NAME in /etc/login.defs
so that the final function executed in shadow's su is as below.
    execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */])

[YOCTO #5359]
[YOCTO #7137]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
shadow: split files needed for PAM use into separate package 2015-04-09T18:48:04+00:00 Matt Madison matt@madison.systems 2015-04-04T18:04:58+00:00 a7d8eaef04c9dd6ede8d4efd8c4b776efbe3c767 The rootfs creator automatically removes shadow for read-only root filesystems, which breaks use of PAM plugins for login and other process identity management utilities. Package those programs and config files separately, so they don't get removed. Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The rootfs creator automatically removes shadow for read-only
root filesystems, which breaks use of PAM plugins for login and
other process identity management utilities.  Package those programs
and config files separately, so they don't get removed.

Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>