| Age | Commit message (Collapse) | Author | Files |
|---|
|
In systems where bash is not installed and /bin/sh is provided by
busybox. Commands like `su -l -c '/home/root/test' xuser' would fail
complaining the the 'su' applet could not be found.
This patch references the old version of shadow to keep the behaviour
the way it was in old version so that we would avoid the problem mentioned
above.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise builds are not deterministic.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade shadow from 4.1.4.3 to 4.2.1.
Changes during this upgrade are as following.
1. Remove the "merged" patches. These patches are either merged or
the same functionality has been implemented upstream.
add_root_cmd_groupmems.patch
add_root_cmd_options.patch
fix-etc-gshadow-reading.patch
shadow-4.1.4.2-env-reset-keep-locale.patch
shadow-4.1.4.2-groupmod-pam-check.patch
shadow-4.1.4.2-su_no_sanitize_env.patch
shadow.automake-1.11.patch
shadow_fix_for_automake-1.12.patch
useradd.patch
2. Remove the unneeded patch.
The following patch has been removed because the logic in the related
codes of the new version has been changed. In specific, the codes now
can handle the 'NULL' return value. So there's no need for the following
patch.
slackware_fix_for_glib-2.17_crypt.patch
3. Teak the current patch to match the new version.
allow-for-setting-password-in-clear-text.patch
4. Add a patch to fix compilation failure.
usermod-fix-compilation-failure-with-subids-disabled.patch
5. Add a patch to fix the installation failure.
fix-installation-failure-with-subids-disabled.patch
5. Add a patch to fix the failure at rootfs time if extrausers is inherited.
commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
6. Fix the bad section in the recipe.
7. Disable the new subids feature in the new version as it doesn't support
cross compilation for now.
8. Modify the pkg_postinst to `exit 1' if the `pwconv' or `grpconv' fails.
Also, fix the arguments to use '--root $D' instead of '--root=$D'.
9. Add a patch for shadow-native to create parent directories when necessary.
0001-useradd.c-create-parent-directories-when-necessary.patch
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
| groupadd: 'systemd-journal-gateway' is not a valid group name
Without useradd-staticids enabled, group 'systemd-journal-gateway' is created
by useradd and that seems not to care for GROUP_NAME_MAX_LENGTH which has 16 by
default.
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* resolves following warnings:
WARNING: Use of PRINC 17 was detected in the recipe meta-openembedded/meta-systemd/recipes-core/systemd/systemd-machine-units_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_0.12.10.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-gpe/recipes-support/fbreader/fbreader_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-multimedia/recipes-multimedia/sox/sox_14.4.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer-common.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe meta-smartphone/meta-android/recipes-bsp/chroot-script/chroot-script_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-connectivity/bind/bind_9.8.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-serialgetty.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-core/sysvinit/sysvinit-inittab_2.88dsf.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/screen/screen_4.0.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-extended/shadow/shadow_4.1.4.3.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/libsdl/libsdl_1.2.15.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11-xserver.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-kernel/modutils-initscripts/modutils-initscripts.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb (or one of its .bbappends)
WARNING: Use of PRINC 1 was detected in the recipe openembedded-core/meta/recipes-support/libcap/libcap_2.22.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-bsp/keymaps/keymaps_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 11 was detected in the recipe openembedded-core/meta/recipes-core/systemd/systemd-compat-units.bb (or one of its .bbappends)
WARNING: Use of PRINC 12 was detected in the recipe openembedded-core/meta/recipes-core/initscripts/initscripts_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 13 was detected in the recipe openembedded-core/meta/recipes-core/base-files/base-files_3.0.14.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/navit/navit_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.02.97.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-connectivity/portmap/portmap_6.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-extended/pam/libpam_1.1.6.bb (or one of its .bbappends)
WARNING: Use of PRINC 2 was detected in the recipe openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-x11.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-efl/recipes-efl/efl/entrance_svn.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe meta-openembedded/meta-oe/recipes-multimedia/mplayer/mplayer2_git.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-bsp/formfactor/formfactor_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/avahi/avahi_0.6.31.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-connectivity/dhcp/dhcp_4.2.5-P1.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 3 was detected in the recipe openembedded-core/meta/recipes-graphics/xinput-calibrator/pointercal-xinput_0.0.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb (or one of its .bbappends)
WARNING: Use of PRINC 5 was detected in the recipe openembedded-core/meta/recipes-connectivity/bluez/bluez4_4.101.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-base.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-core/packagegroups/packagegroup-core-boot.bb (or one of its .bbappends)
WARNING: Use of PRINC 6 was detected in the recipe openembedded-core/meta/recipes-graphics/xorg-xserver/xserver-xf86-config_0.1.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe meta-openembedded/meta-oe/recipes-navigation/gpsd/gpsd_3.7.bb (or one of its .bbappends)
WARNING: Use of PRINC 7 was detected in the recipe openembedded-core/meta/recipes-core/udev/udev-extraconf_1.0.bb (or one of its .bbappends)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In
commit 10cdd66fe800cffe3f2cbf5c95550b4f7902a311
Author: Ming Liu <ming.liu@windriver.com>
Date: Thu Jul 18 10:04:22 2013 +0800
libpam: add a new 'nullok_secure' option support to pam_unix
'null_ok_secure' option was fixed. Since that commit 'su' stopped working in
pseudo terminals (created in X environments) for root-accounts with empty
password.
Background: The PAM configuration for 'su' includes 'common-auth' which uses
'nullok_secure' option for pam_unix.
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Allow user to set password in clear text. This is convenient when
we're building out an image.
This feature is mainly used by useradd.bbclass and extrausers.bbclass.
This patch adds a new option '-P' to useradd, usermod, groupadd and groupmod
commands provided by shadow-native. The shadow package on target and in SDK
will not be affected.
[YOCTO #5365]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The default encryption method for shadow is DES, which limits passwords
to 8 characters. Not only is this undesirable, it's also not how busybox
works so we had different passwd/login length behaviour depending on
whether shadow was installed in the image or not. Change it to SHA512
which is what most Linux distributions seem to be using currently.
(SHA512 also matches up with how we are configuring PAM.)
Fixes [YOCTO #5656].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
/etc/default/locale missing message appears when login
and running su <user>
qemu0 login[4189]: pam_env(login:session): Unable to open env file: /etc/default/locale: No such file or directory
qemu0 login[4189]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
qemu0 su[999]: pam_env(su:session): Unable to open env file: /etc/default/locale: No such file or directory
qemu0 su[999]: pam_unix(su:session): session opened for user root by root(uid=0)
This commit remove reference from pam.d/login and pam.d/su
to /etc/default/locale env file to avoid the error messages
as RHEL, fedora does.
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Setting DESCRIPTION to the same value as SUMMARY doesn't do anything,
since the value of DESCRIPTION will be derived from SUMMARY if not
specified.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a second in a series of patches to enable
offline rootfs creation from a package repository.
Some postinstall cmds are Yocto specific and needed to create a
rootfs with pre and post install hooks successfully run,
using only the toolchain tarball + a package repo.
End goal is to create a sandbox where users of a Yocto
based distribution can customize a rootfs from a package feed
with their package manager of choice.
With this patch, I can successfully create packagegroup-core-boot
with only the toolchain tarball(OPKG). More fixes for a few postinstall
hooks outside of packagegroup-core-boot will come next.
Signed-off-by: David Nyström <david.nystrom@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In busybox, util-linux and shadow, su has been moved to /usr/bin/,
but lsb cmdchk needs su in /bin.
Move su to /bin could fix this issue.
[YOCTO#5175]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a Debian patch to fix the reading of the
gshadow file in order to make newgrp work correctly.
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
[sgw - tweaked commit message]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
shadow falsely assumes that if --enable-libpam is set, it doesn't need to link
against libcrypt; this breaks chsh. (This same fix exists in Arch.)
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Use alternatives mechanism to prevent confliction of attempted
installing su binary among busybox, shadow and util-linux.
[YOCTO #4926]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Patch add_root_cmd_groupmems.patch that we apply to shadow-native
allows program groupmems from the shadow utility package to chroot()
so it can be used to modify etc/passwd and etc/group if they are
located in a sysroot.
The --root option in groupmems is needed for class useradd.
Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
SERIAL_CONSOLES is now set from SERIAL_CONSOLE if not already set. This
change also installs the file before modifying it in place, allowing
do_install to re-execute properly.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This patch came from Slackware and address a change in crypt()'s handling
of an invalid seed, which in the past returned an encrypted string and now
returns a NULL.
[YOCTO #4097] related to tinylogin segfault
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The postinst requires patched pwconv and grpconv from shadow-native,
without these the rootfs creation uses the host binaries and fails.
Signed-off-by: Martin Donnelly <martin.donnelly@ge.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The patched version of grpconv takes arguments but the check on
argc was not removed. This patch removes this check which
otherwise results in a spurious warning during rootfs creation.
Signed-off-by: Martin Donnelly <martin.donnelly@ge.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Replaced incorrect "firstline" with correct "beginline" for telling
where license segment in file begins. Old md5sum was calculated from
the beginning of the file, not from beginning of the license segment.
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This fixes an issue where the shadow package was sometimes getting
installed before base-passwd during rootfs construction with Smart,
which meant the postinstall scripts could not find /etc/passwd and
/etc/group and failed as a result.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
These values need to be passed on the command line to "make install" otherwise
shadow will use its own built-in idea of where those directories are located.
Signed-off-by: Phil Blundell <pb@pbcl.net>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The makefiles in the shadow package have their own hard-coded paths
for ${base_bindir} and ${base_sbindir} (known as "bindir" and "sbindir"
in shadow-speak). Ensure that they install into our paths rather than
their own.
Also check that ${base_bindir} and ${bindir} are different before trying
to move files from one to the other; likewise for ${base_sbindir} and
${sbindir}.
Signed-off-by: Phil Blundell <pb@pbcl.net>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The rootfs has 'users' group at number 100 and without this fix it
would assign to a non-existent group and if a group with gid as 1000
is created later it would own all files for users created.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The rootfs has 'users' group at number 100 and without this fix it
would assign to a non-existent group and if a group with gid as 1000
is created later it would own all files for users created.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Disabling nscd support prevents error messages when shadow utilities attempt
to trigger nscd to reload. This does nothing unless the user is root, and even
if they are root, it's the wrong action to perform when creating a target fs.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
|
|
Switch to using ALTERNATIVE_LINKS to ensure the update-alternatives are setup
properly, along with the package provides.
[RP: Fix links so as not to need the bbclass changes]
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Disable use of syslog to prevent sysroot user and group additions
from writing entries to the host's syslog.
This fixes [YOCTO #2012]
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Existing tty list does not include ttyGS0, add it
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently if shadow-sysroot is installed from a sstate package,
shadow_sysroot_sstate_postinst is looking in ${D} for login.defs which
isn't a valid for an install from sstate.
The easiest and most correct way to fix this is to override the standard
sysroot_stage_all function to install the files correctly and then
sstate installs work as expected. This simplifies the code as an added
bonus.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The securetty file is machine specific whilst the rest of the shadow recipe
is not. Unfortunately making the recipce machine specific is both inefficient
and also causes dependency problems since parts of the system such as the useradd
code depend upon it and this introduces a machine specific element to sstate
checksums which should not be machine specific.
To resolve this, this patch separates out the file into a separate recipe
meaning the machine specific components are isolated.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* otherwise coreutils upgrade fails with
update-alternatives: Error: not linking //usr/bin/groups to groups.coreutils since //usr/bin/groups exists and is not a link
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With the recent changes to the shadow-native package support "--root",
we can now convert the passwd/group files to their shadow forms while
doing the rootfs install, instead of waiting to run on the target.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The add_root_cmd_options.patch that we apply to shadow-native allow the
various programs from the shadow utility package to chroot() so they can
be used to modify etc/passwd and etc/group if they are located in a
sysroot.
Some of the shadow programs (gpasswd, useradd and usermod) need to parse
the command line in two passes. But we can't use getopt_long() twice
because getopt_long() reorders the command line arguments, and
consequently corrupts the option parsing during the second pass.
This patch fixes this issue by replacing the first pass by a very simple
manual walk of the command line to handle the --root argument.
This change is a patch of another patch, I apologize if it is
difficult to read. But IMHO it wouldn't make sense to put the patch for
this issue in another separated file.
The --root options in groupadd and useradd are needed to make the
useradd class work, and this issue was preventing to use useradd and
groupadd long options while using the class.
Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes (or, at least, papers over) a failure in do_install for recipes which
inherit useradd.bbclass. Rewinding optind in this way is not entirely portable
but in practice it seems to work on GNU-ish build hosts at least.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are some links become invalid after rename, so that failed dependencies
detected when install rpm package. This commit update links to resolve it.
[YOCTO #1158] got fixed.
Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Swith the SRC_URI to the one referenced on the sources section of the
utilities download page (http://pkg-shadow.alioth.debian.org/download.php).
Signed-off-by: Joshua Lock <josh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
add shadow-update-pam-conf.patch to update the pam related configure files
in oe way rather than Fedora.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
|
