2013-09-23 20:57:20 +00:00
|
|
|
SUMMARY = "Tools to change and administer password and group data"
|
|
|
|
|
HOMEPAGE = "http://pkg-shadow.alioth.debian.org"
|
|
|
|
|
BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
|
2014-07-17 07:53:34 +00:00
|
|
|
SECTION = "base/utils"
|
2013-09-23 20:57:20 +00:00
|
|
|
LICENSE = "BSD | Artistic-1.0"
|
2014-07-17 07:53:34 +00:00
|
|
|
LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
|
2013-09-23 20:57:20 +00:00
|
|
|
file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661"
|
|
|
|
|
|
2013-09-23 21:40:28 +00:00
|
|
|
DEPENDS = "shadow-native"
|
|
|
|
|
DEPENDS_class-native = ""
|
2013-09-25 11:52:22 +00:00
|
|
|
DEPENDS_class-nativesdk = ""
|
2013-09-23 21:40:28 +00:00
|
|
|
|
2014-07-17 07:53:34 +00:00
|
|
|
SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
|
2013-09-23 20:57:20 +00:00
|
|
|
file://shadow-4.1.3-dots-in-usernames.patch \
|
2014-07-17 07:53:34 +00:00
|
|
|
file://usermod-fix-compilation-failure-with-subids-disabled.patch \
|
|
|
|
|
file://fix-installation-failure-with-subids-disabled.patch \
|
2014-09-12 15:05:00 +00:00
|
|
|
file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
|
2014-10-27 15:51:34 +00:00
|
|
|
file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
|
2014-04-24 18:59:20 +00:00
|
|
|
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
|
2013-09-23 21:40:28 +00:00
|
|
|
"
|
|
|
|
|
|
|
|
|
|
SRC_URI_append_class-target = " \
|
|
|
|
|
file://login_defs_pam.sed \
|
|
|
|
|
file://shadow-update-pam-conf.patch \
|
|
|
|
|
"
|
|
|
|
|
|
|
|
|
|
SRC_URI_append_class-native = " \
|
2016-04-14 11:36:39 +00:00
|
|
|
file://0001-Disable-use-of-syslog-for-sysroot.patch \
|
2013-11-16 07:27:47 +00:00
|
|
|
file://allow-for-setting-password-in-clear-text.patch \
|
2014-07-17 07:53:34 +00:00
|
|
|
file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
|
|
|
|
|
file://0001-useradd.c-create-parent-directories-when-necessary.patch \
|
2013-09-23 20:57:20 +00:00
|
|
|
"
|
2013-09-25 11:52:22 +00:00
|
|
|
SRC_URI_append_class-nativesdk = " \
|
2016-04-14 11:36:39 +00:00
|
|
|
file://0001-Disable-use-of-syslog-for-sysroot.patch \
|
2013-09-25 11:52:22 +00:00
|
|
|
"
|
2013-09-23 20:57:20 +00:00
|
|
|
|
2014-07-17 07:53:34 +00:00
|
|
|
SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8"
|
|
|
|
|
SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41"
|
2013-09-23 21:40:28 +00:00
|
|
|
|
|
|
|
|
# Additional Policy files for PAM
|
|
|
|
|
PAM_SRC_URI = "file://pam.d/chfn \
|
|
|
|
|
file://pam.d/chpasswd \
|
|
|
|
|
file://pam.d/chsh \
|
|
|
|
|
file://pam.d/login \
|
|
|
|
|
file://pam.d/newusers \
|
|
|
|
|
file://pam.d/passwd \
|
|
|
|
|
file://pam.d/su"
|
|
|
|
|
|
2013-09-23 20:57:20 +00:00
|
|
|
inherit autotools gettext
|
|
|
|
|
|
|
|
|
|
EXTRA_OECONF += "--without-audit \
|
|
|
|
|
--without-libcrack \
|
2013-09-23 21:40:28 +00:00
|
|
|
--without-selinux \
|
2014-04-10 18:07:48 +00:00
|
|
|
--with-group-name-max-length=24 \
|
2014-10-27 15:51:34 +00:00
|
|
|
--enable-subordinate-ids=yes \
|
2013-09-23 21:40:28 +00:00
|
|
|
${NSCDOPT}"
|
|
|
|
|
|
|
|
|
|
NSCDOPT = ""
|
|
|
|
|
NSCDOPT_class-native = "--without-nscd"
|
2013-09-25 11:52:22 +00:00
|
|
|
NSCDOPT_class-nativesdk = "--without-nscd"
|
2013-09-23 21:40:28 +00:00
|
|
|
NSCDOPT_libc-uclibc = " --without-nscd"
|
2014-12-05 14:40:16 +00:00
|
|
|
NSCDOPT_libc-glibc = "${@bb.utils.contains('DISTRO_FEATURES', 'libc-spawn', '--with-nscd', '--without-nscd', d)}"
|
2013-09-23 21:40:28 +00:00
|
|
|
|
|
|
|
|
PAM_PLUGINS = "libpam-runtime \
|
|
|
|
|
pam-plugin-faildelay \
|
|
|
|
|
pam-plugin-securetty \
|
|
|
|
|
pam-plugin-nologin \
|
|
|
|
|
pam-plugin-env \
|
|
|
|
|
pam-plugin-group \
|
|
|
|
|
pam-plugin-limits \
|
|
|
|
|
pam-plugin-lastlog \
|
|
|
|
|
pam-plugin-motd \
|
|
|
|
|
pam-plugin-mail \
|
|
|
|
|
pam-plugin-shells \
|
|
|
|
|
pam-plugin-rootok"
|
|
|
|
|
|
2014-04-24 18:59:20 +00:00
|
|
|
PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}"
|
2013-09-23 21:40:28 +00:00
|
|
|
PACKAGECONFIG_class-native = ""
|
2013-09-25 11:52:22 +00:00
|
|
|
PACKAGECONFIG_class-nativesdk = ""
|
2013-09-23 21:40:28 +00:00
|
|
|
PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}"
|
2014-07-21 08:31:12 +00:00
|
|
|
PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr"
|
|
|
|
|
PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl"
|
2013-09-23 21:40:28 +00:00
|
|
|
|
|
|
|
|
RDEPENDS_${PN} = "shadow-securetty \
|
2015-04-09 05:49:29 +00:00
|
|
|
base-passwd \
|
|
|
|
|
util-linux-sulogin"
|
2013-09-23 21:40:28 +00:00
|
|
|
RDEPENDS_${PN}_class-native = ""
|
2013-09-25 11:52:22 +00:00
|
|
|
RDEPENDS_${PN}_class-nativesdk = ""
|
2013-09-23 21:40:28 +00:00
|
|
|
|
2013-09-23 20:57:20 +00:00
|
|
|
do_install() {
|
|
|
|
|
oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install
|
|
|
|
|
|
|
|
|
|
# Info dir listing isn't interesting at this point so remove it if it exists.
|
|
|
|
|
if [ -e "${D}${infodir}/dir" ]; then
|
|
|
|
|
rm -f ${D}${infodir}/dir
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Enable CREATE_HOME by default.
|
|
|
|
|
sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs
|
|
|
|
|
|
|
|
|
|
# As we are on an embedded system, ensure the users mailbox is in
|
|
|
|
|
# ~/ not /var/spool/mail by default, as who knows where or how big
|
|
|
|
|
# /var is. The system MDA will set this later anyway.
|
|
|
|
|
sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
|
|
|
|
|
sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
|
|
|
|
|
|
|
|
|
|
# Disable checking emails.
|
|
|
|
|
sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs
|
|
|
|
|
|
shadow: fix `su' behaviour
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason.
This patch is introduced to solve the 'su: applet not found' problem when
executing `su -l xxx -c env'. The patch references codes of previous release
of shadow. However, this patch introduces bug#5359. So it's not correct.
Let's first look at the root cause of 'su: applet not found' problem.
This problem appears when /bin/sh is provided by busybox.
When executing `su -l xxx -c env' command, the following function is invoked.
execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */])
Note that the argv[0] provided to new executable file (/bin/sh) is "-su".
As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed.
In busybox's appletlib.c, it would examine argv[0], try to find an applet
that has the same name, and then try to execute the main function of the
applet. This logic results in `su' applet from busybox to be executed.
However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found.
Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet
is found. The whole behaviour is still not correct. Because 'su' from shadow
takes higher priority than that from busybox, so 'su' from busybox should never
be executed on such system unless it's specified clearly by the end user.
The logic of busybox's appletlib.c is totally correct from the point of busybox
itself. It's an integration problem.
To solve the above problem, this patch comment out SU_NAME in /etc/login.defs
so that the final function executed in shadow's su is as below.
execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */])
[YOCTO #5359]
[YOCTO #7137]
(From OE-Core rev: 6820f05dad0b4f9b9bbcf7c2a0af8c34f66199ae)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-21 09:30:46 +00:00
|
|
|
# Comment out SU_NAME to work correctly with busybox
|
|
|
|
|
# See Bug#5359 and Bug#7173
|
|
|
|
|
sed -i 's:^SU_NAME:#SU_NAME:g' ${D}${sysconfdir}/login.defs
|
|
|
|
|
|
2013-12-13 14:42:46 +00:00
|
|
|
# Use proper encryption for passwords
|
|
|
|
|
sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs
|
|
|
|
|
|
2013-09-23 20:57:20 +00:00
|
|
|
# Now we don't have a mail system. Disable mail creation for now.
|
|
|
|
|
sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
|
|
|
|
|
sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd
|
|
|
|
|
|
|
|
|
|
# Use users group by default
|
|
|
|
|
sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-23 21:40:28 +00:00
|
|
|
do_install_append() {
|
|
|
|
|
# Ensure that the image has as a /var/spool/mail dir so shadow can
|
|
|
|
|
# put mailboxes there if the user reconfigures shadow to its
|
|
|
|
|
# defaults (see sed below).
|
|
|
|
|
install -d ${D}${localstatedir}/spool/mail
|
|
|
|
|
|
|
|
|
|
if [ -e ${WORKDIR}/pam.d ]; then
|
|
|
|
|
install -d ${D}${sysconfdir}/pam.d/
|
|
|
|
|
install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/
|
|
|
|
|
# Remove defaults that are not used when supporting PAM.
|
|
|
|
|
sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir}
|
|
|
|
|
|
|
|
|
|
# Move binaries to the locations we want
|
|
|
|
|
rm ${D}${sbindir}/vigr
|
|
|
|
|
ln -sf vipw.${BPN} ${D}${base_sbindir}/vigr
|
|
|
|
|
if [ "${sbindir}" != "${base_sbindir}" ]; then
|
|
|
|
|
mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw
|
|
|
|
|
fi
|
|
|
|
|
if [ "${bindir}" != "${base_bindir}" ]; then
|
|
|
|
|
mv ${D}${bindir}/login ${D}${base_bindir}/login
|
|
|
|
|
mv ${D}${bindir}/su ${D}${base_bindir}/su
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Handle link properly after rename, otherwise missing files would
|
|
|
|
|
# lead rpm failed dependencies.
|
|
|
|
|
ln -sf newgrp.${BPN} ${D}${bindir}/sg
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-04 18:04:58 +00:00
|
|
|
PACKAGES =+ "${PN}-base"
|
|
|
|
|
FILES_${PN}-base = "\
|
|
|
|
|
${base_bindir}/login.shadow \
|
|
|
|
|
${base_bindir}/su.shadow \
|
|
|
|
|
${bindir}/sg \
|
|
|
|
|
${bindir}/newgrp.shadow \
|
|
|
|
|
${bindir}/groups.shadow \
|
|
|
|
|
${sysconfdir}/pam.d/login \
|
|
|
|
|
${sysconfdir}/pam.d/su \
|
|
|
|
|
${sysconfdir}/login.defs \
|
|
|
|
|
"
|
|
|
|
|
RDEPENDS_${PN} += "${PN}-base"
|
|
|
|
|
|
2013-09-23 21:40:28 +00:00
|
|
|
inherit update-alternatives
|
|
|
|
|
|
|
|
|
|
ALTERNATIVE_PRIORITY = "200"
|
|
|
|
|
|
2015-04-04 18:04:58 +00:00
|
|
|
ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr"
|
2013-09-23 21:40:28 +00:00
|
|
|
ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd"
|
|
|
|
|
ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw"
|
|
|
|
|
ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr"
|
2015-04-04 18:04:58 +00:00
|
|
|
|
|
|
|
|
ALTERNATIVE_${PN}-base = "newgrp groups login su"
|
|
|
|
|
ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login"
|
2013-09-23 21:40:28 +00:00
|
|
|
ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
|
|
|
|
|
|
2015-07-03 07:23:49 +00:00
|
|
|
ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1"
|
2014-10-29 05:54:49 +00:00
|
|
|
ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5"
|
|
|
|
|
ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3"
|
2015-07-03 07:23:49 +00:00
|
|
|
ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1"
|
2014-10-29 05:54:49 +00:00
|
|
|
|
2013-09-23 21:40:28 +00:00
|
|
|
pkg_postinst_${PN} () {
|
|
|
|
|
if [ "x$D" != "x" ]; then
|
2014-07-17 07:53:34 +00:00
|
|
|
rootarg="--root $D"
|
2013-09-23 21:40:28 +00:00
|
|
|
else
|
|
|
|
|
rootarg=""
|
|
|
|
|
fi
|
|
|
|
|
|
2014-07-17 07:53:34 +00:00
|
|
|
pwconv $rootarg || exit 1
|
|
|
|
|
grpconv $rootarg || exit 1
|
2013-09-23 21:40:28 +00:00
|
|
|
}
|
