summaryrefslogtreecommitdiff
path: root/meta/recipes-extended/shadow
AgeCommit message (Collapse)AuthorFiles
2016-11-16shadow: add nologin.8 to alternativesRoss Burton1
This manpage is also shipped in util-linux-doc as an alternative, so it needs to be managed as an alternative here too. (From OE-Core rev: 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-09-16shadow: use relaxed usernamesShan Hai2
The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from CentOS release 7.0 to relax the usernames restrictions to allow the upper case group names, and the relaxation is POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-22shadow: Fix rootfs creation errorsDai Caiyun1
error: file /usr/share/man/man1/su.1 from install of shadow-doc-4.2.1 conflicts with file from package coreutils-doc-6.9-r5 Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-13shadow-sysroot: Use SYSROOT_DIRS to add dirs to stage in sysrootPeter Kjellerstedt1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-15shadow: Disable syslog for more commandsPeter Kjellerstedt3
When building shadow-native, syslog was disabled for useradd and groupadd. This disables it also for groupdel, groupmems, groupmod, userdel and usermod (i.e., the use of syslog is now disabled for all commands supported by useradd_base.bbclass). Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-07Update alternatives of man pagesKai Kang1
Update alternatives of man pages in several packages. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-04-24shadow: fix `su' behaviourChen Qi2
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason. This patch is introduced to solve the 'su: applet not found' problem when executing `su -l xxx -c env'. The patch references codes of previous release of shadow. However, this patch introduces bug#5359. So it's not correct. Let's first look at the root cause of 'su: applet not found' problem. This problem appears when /bin/sh is provided by busybox. When executing `su -l xxx -c env' command, the following function is invoked. execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */]) Note that the argv[0] provided to new executable file (/bin/sh) is "-su". As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed. In busybox's appletlib.c, it would examine argv[0], try to find an applet that has the same name, and then try to execute the main function of the applet. This logic results in `su' applet from busybox to be executed. However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found. Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet is found. The whole behaviour is still not correct. Because 'su' from shadow takes higher priority than that from busybox, so 'su' from busybox should never be executed on such system unless it's specified clearly by the end user. The logic of busybox's appletlib.c is totally correct from the point of busybox itself. It's an integration problem. To solve the above problem, this patch comment out SU_NAME in /etc/login.defs so that the final function executed in shadow's su is as below. execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */]) [YOCTO #5359] [YOCTO #7137] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-09shadow: split files needed for PAM use into separate packageMatt Madison1
The rootfs creator automatically removes shadow for read-only root filesystems, which breaks use of PAM plugins for login and other process identity management utilities. Package those programs and config files separately, so they don't get removed. Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-09shadow: add 'util-linux-sulogin' to RDEPENDSChen Qi1
If shadow is installed, sulogin from busybox cannot work correctly because it still assumes that /etc/shadow is not there. This leads to the problem when booting into rescue mode in an image with shadow installed but not sulogin from util-linux. To fix this problem, we add 'util-linux-sulogin' to RDEPENDS of shadow. This runtime dependency is specific to OE, because we have to ensure that sulogin can work correctly and sulogin from busybox cannot because FEATURE_SHADOWPASSWORDS is not enabled by default. And we cannot enable it by default for busybox, because that would lead to utilities in busybox to assume the existence of /etc/shadow which is not always true in OE. [YOCTO #6698] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-01-28shadow: securetty: Add Xilinx Zynq SoCSoren Brinkmann1
Add Zynq's console devices to securetty. Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-01-23meta: set proper S valuePetter Mabäcker1
After removal of auto-creating S we must ensure that all recipes are using a proper value for S. Fix all recipes that only need to set S equals to WORKDIR. [YOCTO #5627] Signed-off-by: Petter Mabäcker <petter@technux.se>
2014-12-19shadow: disable nscd feature when glibc is not built with spawn posix functionsBaptiste DURAND1
shadow package configure step fails with this log output : | checking location of faillog/lastlog/wtmp... (cached) /var/log | checking location of the passwd program... (cached) /usr/bin | checking for posix_spawn... no | configure: error: posix_spawn is needed for nscd support | Configure failed. The contents of all config.log files follows to aid debugging | ERROR: oe_runconf failed Signed-off-by: Baptiste DURAND <baptiste.durand@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2014-11-20shadow-securetty: add ttyAM[0-3] serial portsJavier Viguera1
Old version of the ARM AMBA serial port driver creates those device nodes. Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2014-11-04man-pages/shadow: resolve man pages conflictionHongxu Jia1
Invoke smart/rpm to install man-pages and shadow-doc, there is a build failure: ... |error: file /usr/share/man/man5/passwd.5 from install of shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from package man-pages-3.70-r0.0.core2_64 |error: file /usr/share/man/man3/getspnam.3 from install of shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from package man-pages-3.70-r0.0.core2_64 ... Use alternatives mechanism to fix it. As README in man-pages said: "Note that sometimes these pages are duplicates of pages also distributed in other packages. Be careful not to overwrite more up-to-date versions. So we set man-pages with lower priority. [YOCTO #6769] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2014-11-04shadow: enable support for subordinate IDsBogdan Purcareata2
The subordinate IDs support in pkg-shadow allows unprivileged users to manage a set of UIDs and GIDs. These subordinate IDs are specified by root, and can be further used by the unprivileged user they have been assigned to. This user can then create an e.g. user namespace, where he is allowed to manage his own set of users and group from the pool of subordinate IDs. More details can be found at http://lwn.net/Articles/533617/. Pull a required change from upstream in order to make shadow cross-compile with subordinate IDs support. Enable flag in recipe. Changes since v1: - update changelog Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2014-09-16shadow: Make useradd work correctly with --root againPeter Kjellerstedt2
Even if useradd --root <root> is used it would still read login.defs before doing the chroot() and thus use the one provided by the host rather than the sysroot. (From OE-Core rev: b85917a4ebe636316fa7305017cd32a47b392039) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-09-10shadow: add Qualcomm and STMicroelectronics SoCsFathi Boudra1
Reported-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Reported-by: Peter Griffin <peter.griffin@linaro.org> Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-07-25shadow-securetty: add freescale lpuartStefan Agner1
Add Freescale lpuart tty's (ttyLPx) to securetty. Freescale Vybrid devices running upstream kernel use this driver. Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-07-23shadow: fix the behavior of suChen Qi2
In systems where bash is not installed and /bin/sh is provided by busybox. Commands like `su -l -c '/home/root/test' xuser' would fail complaining the the 'su' applet could not be found. This patch references the old version of shadow to keep the behaviour the way it was in old version so that we would avoid the problem mentioned above. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-07-21shadow: Add PACKAGECONFIG for acl/attrRichard Purdie1
Otherwise builds are not deterministic. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-07-17shadow: upgrade from 4.1.4.3 to 4.2.1Chen Qi19
Upgrade shadow from 4.1.4.3 to 4.2.1. Changes during this upgrade are as following. 1. Remove the "merged" patches. These patches are either merged or the same functionality has been implemented upstream. add_root_cmd_groupmems.patch add_root_cmd_options.patch fix-etc-gshadow-reading.patch shadow-4.1.4.2-env-reset-keep-locale.patch shadow-4.1.4.2-groupmod-pam-check.patch shadow-4.1.4.2-su_no_sanitize_env.patch shadow.automake-1.11.patch shadow_fix_for_automake-1.12.patch useradd.patch 2. Remove the unneeded patch. The following patch has been removed because the logic in the related codes of the new version has been changed. In specific, the codes now can handle the 'NULL' return value. So there's no need for the following patch. slackware_fix_for_glib-2.17_crypt.patch 3. Teak the current patch to match the new version. allow-for-setting-password-in-clear-text.patch 4. Add a patch to fix compilation failure. usermod-fix-compilation-failure-with-subids-disabled.patch 5. Add a patch to fix the installation failure. fix-installation-failure-with-subids-disabled.patch 5. Add a patch to fix the failure at rootfs time if extrausers is inherited. commonio.c-fix-unexpected-open-failure-in-chroot-env.patch 6. Fix the bad section in the recipe. 7. Disable the new subids feature in the new version as it doesn't support cross compilation for now. 8. Modify the pkg_postinst to `exit 1' if the `pwconv' or `grpconv' fails. Also, fix the arguments to use '--root $D' instead of '--root=$D'. 9. Add a patch for shadow-native to create parent directories when necessary. 0001-useradd.c-create-parent-directories-when-necessary.patch Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador2
The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-23shadow: fix building systemd with useradd-staticids.bbclass enabledAndreas Müller1
| groupadd: 'systemd-journal-gateway' is not a valid group name Without useradd-staticids enabled, group 'systemd-journal-gateway' is created by useradd and that seems not to care for GROUP_NAME_MAX_LENGTH which has 16 by default. Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-05recipes: bump PRsMartin Jansa2
* resolves following warnings: WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends) WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends) WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends) WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends) WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends) WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends) WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends) WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends) WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends) WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends) WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-01-10shadow: set correct entries for pseudo terminals in /etc/securettyAndreas Müller1
In commit 10cdd66fe800cffe3f2cbf5c95550b4f7902a311 Author: Ming Liu <ming.liu@windriver.com> Date: Thu Jul 18 10:04:22 2013 +0800 libpam: add a new 'nullok_secure' option support to pam_unix 'null_ok_secure' option was fixed. Since that commit 'su' stopped working in pseudo terminals (created in X environments) for root-accounts with empty password. Background: The PAM configuration for 'su' includes 'common-auth' which uses 'nullok_secure' option for pam_unix. Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-12-14shadow-native: allow for setting password in clear textChen Qi2
Allow user to set password in clear text. This is convenient when we're building out an image. This feature is mainly used by useradd.bbclass and extrausers.bbclass. This patch adds a new option '-P' to useradd, usermod, groupadd and groupmod commands provided by shadow-native. The shadow package on target and in SDK will not be affected. [YOCTO #5365] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-12-13shadow: change to use SHA512 password encryptionPaul Eggleton1
The default encryption method for shadow is DES, which limits passwords to 8 characters. Not only is this undesirable, it's also not how busybox works so we had different passwd/login length behaviour depending on whether shadow was installed in the image or not. Change it to SHA512 which is what most Linux distributions seem to be using currently. (SHA512 also matches up with how we are configuring PAM.) Fixes [YOCTO #5656]. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-12-09shadow: remove reference to locale env files from login and suQiang Chen2
/etc/default/locale missing message appears when login and running su <user> qemu0 login[4189]: pam_env(login:session): Unable to open env file: /etc/default/locale: No such file or directory qemu0 login[4189]: pam_unix(login:session): session opened for user root by LOGIN(uid=0) qemu0 su[999]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory qemu0 su[999]: pam_unix(su:session): session opened for user root by root(uid=0) This commit remove reference from pam.d/login and pam.d/su to /etc/default/locale env file to avoid the error messages as RHEL, fedora does. Signed-off-by: Qiang Chen <qiang.chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-12-03Don't set DESCRIPTION to the same value as SUMMARYPaul Eggleton3
Setting DESCRIPTION to the same value as SUMMARY doesn't do anything, since the value of DESCRIPTION will be derived from SUMMARY if not specified. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-09-26shadow: Add nativesdk to BBCLASSEXTENDDavid Nyström2
This is a second in a series of patches to enable offline rootfs creation from a package repository. Some postinstall cmds are Yocto specific and needed to create a rootfs with pre and post install hooks successfully run, using only the toolchain tarball + a package repo. End goal is to create a sandbox where users of a Yocto based distribution can customize a rootfs from a package feed with their package manager of choice. With this patch, I can successfully create packagegroup-core-boot with only the toolchain tarball(OPKG). More fixes for a few postinstall hooks outside of packagegroup-core-boot will come next. Signed-off-by: David Nyström <david.nystrom@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-09-24shadow: Turn shadow-native into a BBCLASSEXTENDRichard Purdie3
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-09-24shadow: Move common code to shadow.incRichard Purdie3
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-09-17shadow: move su to /bin for lsb command check testHongxu Jia1
In busybox, util-linux and shadow, su has been moved to /usr/bin/, but lsb cmdchk needs su in /bin. Move su to /bin could fix this issue. [YOCTO#5175] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-08-22shadow: backport a patch to make newgrp workRoy.Li2
Backport a Debian patch to fix the reading of the gshadow file in order to make newgrp work correctly. Signed-off-by: Roy.Li <rongqing.li@windriver.com> [sgw - tweaked commit message] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-08-02shadow: Fix build when DISTRO_FEATURES contains pam, libc-cryptRichard Tollerton1
shadow falsely assumes that if --enable-libpam is set, it doesn't need to link against libcrypt; this breaks chsh. (This same fix exists in Arch.) Signed-off-by: Richard Tollerton <rich.tollerton@ni.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-31shadow: use u-a for suHongxu Jia1
Use alternatives mechanism to prevent confliction of attempted installing su binary among busybox, shadow and util-linux. [YOCTO #4926] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-06-27shadow-native: Add --root option in groupmemsMikhail Durnev2
Patch add_root_cmd_groupmems.patch that we apply to shadow-native allows program groupmems from the shadow utility package to chroot() so it can be used to modify etc/passwd and etc/group if they are located in a sysroot. The --root option in groupmems is needed for class useradd. Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-05-02shadow-securetty: change to handle SERIAL_CONSOLESPaul Eggleton1
SERIAL_CONSOLES is now set from SERIAL_CONSOLE if not already set. This change also installs the file before modifying it in place, allowing do_install to re-execute properly. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-04-05shadow: add patch to fix crypt: Invalid ArgumentSaul Wold2
This patch came from Slackware and address a change in crypt()'s handling of an invalid seed, which in the past returned an encrypted string and now returns a NULL. [YOCTO #4097] related to tinylogin segfault Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-03-07shadow: add build dependency on shadow-nativeMartin Donnelly1
The postinst requires patched pwconv and grpconv from shadow-native, without these the rootfs creation uses the host binaries and fails. Signed-off-by: Martin Donnelly <martin.donnelly@ge.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-03-01shadow: remove grpconv argc checkMartin Donnelly1
The patched version of grpconv takes arguments but the check on argc was not removed. This patch removes this check which otherwise results in a spurious warning during rootfs creation. Signed-off-by: Martin Donnelly <martin.donnelly@ge.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-01-16shadow: fix license segment md5sum boundaryMarko Lindqvist2
Replaced incorrect "firstline" with correct "beginline" for telling where license segment in file begins. Old md5sum was calculated from the beginning of the file, not from beginning of the license segment. Signed-off-by: Marko Lindqvist <cazfi74@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-12-06shadow: add runtime dependency on base-passwdPaul Eggleton1
This fixes an issue where the shadow package was sometimes getting installed before base-passwd during rootfs construction with Smart, which meant the postinstall scripts could not find /etc/passwd and /etc/group and failed as a result. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-10-24shadow-securetty: add ARM AMBA serial portsMarcin Juszkiewicz2
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-09-12shadow-native: Ensure that ${sbindir} and ${base_sbindir} are respectedPhil Blundell1
These values need to be passed on the command line to "make install" otherwise shadow will use its own built-in idea of where those directories are located. Signed-off-by: Phil Blundell <pb@pbcl.net> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-09-12shadow: Fix various invalid assumptions about directory layoutPhil Blundell1
The makefiles in the shadow package have their own hard-coded paths for ${base_bindir} and ${base_sbindir} (known as "bindir" and "sbindir" in shadow-speak). Ensure that they install into our paths rather than their own. Also check that ${base_bindir} and ${bindir} are different before trying to move files from one to the other; likewise for ${base_sbindir} and ${sbindir}. Signed-off-by: Phil Blundell <pb@pbcl.net> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-08-15shadow: cleanup update-alternatives deprecated codeSaul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-07-26shadow: use 'users' group by defaultOtavio Salvador1
The rootfs has 'users' group at number 100 and without this fix it would assign to a non-existent group and if a group with gid as 1000 is created later it would own all files for users created. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-07-26shadow-native: use 'users' group by defaultOtavio Salvador1
The rootfs has 'users' group at number 100 and without this fix it would assign to a non-existent group and if a group with gid as 1000 is created later it would own all files for users created. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-06-08shadow-native: Disable nscd supportMark Hatle1
Disabling nscd support prevents error messages when shadow utilities attempt to trigger nscd to reload. This does nothing unless the user is root, and even if they are root, it's the wrong action to perform when creating a target fs. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>