diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2016-08-17 22:31:25 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2016-08-22 19:43:26 +0300 |
commit | 60f9d69e016b11c468c98ea75ba0a60c44afbbc4 (patch) | |
tree | ecb49581a9e41a37943c22cd9ef3f63451b20ee7 /yocto-poky/meta/recipes-extended/shadow | |
parent | e18c61205e0234b03697129c20cc69c9b3940efc (diff) | |
download | openbmc-60f9d69e016b11c468c98ea75ba0a60c44afbbc4.tar.xz |
yocto-poky: Move to import-layers subdir
We are going to import additional layers, so create a subdir to
hold all of the layers that we import with git-subtree.
Change-Id: I6f732153a22be8ca663035c518837e3cc5ec0799
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'yocto-poky/meta/recipes-extended/shadow')
24 files changed, 0 insertions, 1864 deletions
diff --git a/yocto-poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/yocto-poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch deleted file mode 100644 index a6f604b65..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 8cf3454d567f77233023be49a39a33e9f0836f89 Mon Sep 17 00:00:00 2001 -From: Scott Garman <scott.a.garman@intel.com> -Date: Thu, 14 Apr 2016 12:28:57 +0200 -Subject: [PATCH] Disable use of syslog for sysroot - -Disable use of syslog to prevent sysroot user and group additions from -writing entries to the host's syslog. This patch should only be used -with the shadow-native recipe. - -Upstream-Status: Inappropriate [disable feature] - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - src/groupadd.c | 3 +++ - src/groupdel.c | 3 +++ - src/groupmems.c | 3 +++ - src/groupmod.c | 3 +++ - src/useradd.c | 3 +++ - src/userdel.c | 3 +++ - src/usermod.c | 3 +++ - 7 files changed, 21 insertions(+) - -diff --git a/src/groupadd.c b/src/groupadd.c -index 39b4ec0..f716f57 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <getopt.h> -diff --git a/src/groupdel.c b/src/groupdel.c -index da99347..46a679c 100644 ---- a/src/groupdel.c -+++ b/src/groupdel.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <grp.h> -diff --git a/src/groupmems.c b/src/groupmems.c -index e4f107f..95cb073 100644 ---- a/src/groupmems.c -+++ b/src/groupmems.c -@@ -32,6 +32,9 @@ - - #include <config.h> - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <fcntl.h> - #include <getopt.h> - #include <grp.h> -diff --git a/src/groupmod.c b/src/groupmod.c -index d9d3807..6229737 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <getopt.h> -diff --git a/src/useradd.c b/src/useradd.c -index e1ebf50..25679d8 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <assert.h> - #include <ctype.h> - #include <errno.h> -diff --git a/src/userdel.c b/src/userdel.c -index 19b12bc..a083929 100644 ---- a/src/userdel.c -+++ b/src/userdel.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <errno.h> - #include <fcntl.h> - #include <getopt.h> -diff --git a/src/usermod.c b/src/usermod.c -index 685b50a..28e5cfc 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <errno.h> - #include <fcntl.h> --- -2.1.0 - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/yocto-poky/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch deleted file mode 100644 index 828b95a57..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <pkj@axis.com> -Date: Thu, 11 Sep 2014 15:11:23 +0200 -Subject: [PATCH] Do not read login.defs before doing chroot() - -If "useradd --root <root> ..." was used, the login.defs file would still -be read from /etc/login.defs instead of <root>/etc/login.defs. This was -due to getdef_ulong() being called before process_root_flag(). - -Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html] - -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - src/useradd.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/useradd.c b/src/useradd.c -index a8a1f76..e1ebf50 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1993,9 +1993,11 @@ int main (int argc, char **argv) - #endif /* USE_PAM */ - #endif /* ACCT_TOOLS_SETUID */ - -+#ifdef ENABLE_SUBIDS - /* Needed for userns check */ -- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); -- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); -+ uid_t uid_min; -+ uid_t uid_max; -+#endif - - /* - * Get my name so that I can use it to report errors. -@@ -2026,6 +2028,8 @@ int main (int argc, char **argv) - is_shadow_grp = sgr_file_present (); - #endif - #ifdef ENABLE_SUBIDS -+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); -+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); - is_sub_uid = sub_uid_file_present () && !rflg && - (!user_id || (user_id <= uid_max && user_id >= uid_min)); - is_sub_gid = sub_gid_file_present () && !rflg && --- -1.9.0 - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch b/yocto-poky/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch deleted file mode 100644 index 85dde8e1b..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch +++ /dev/null @@ -1,109 +0,0 @@ -Upstream-Status: Inappropriate [OE specific] - -Subject: useradd.c: create parent directories when necessary - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------ - 1 file changed, 49 insertions(+), 23 deletions(-) - -diff --git a/src/useradd.c b/src/useradd.c -index 4bd969d..cb5dd6c 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1893,6 +1893,35 @@ static void usr_update (void) - } - - /* -+ * mkdir_p - create directories, including parent directories when needed -+ * -+ * similar to `mkdir -p' -+ */ -+void mkdir_p(const char *path) { -+ int len = strlen(path); -+ char newdir[len + 1]; -+ mode_t mode = 0755; -+ int i = 0; -+ -+ if (path[i] == '\0') { -+ return; -+ } -+ -+ /* skip the leading '/' */ -+ i++; -+ -+ while(path[i] != '\0') { -+ if (path[i] == '/') { -+ strncpy(newdir, path, i); -+ newdir[i] = '\0'; -+ mkdir(newdir, mode); -+ } -+ i++; -+ } -+ mkdir(path, mode); -+} -+ -+/* - * create_home - create the user's home directory - * - * create_home() creates the user's home directory if it does not -@@ -1907,36 +1936,33 @@ static void create_home (void) - fail_exit (E_HOMEDIR); - } - #endif -- /* XXX - create missing parent directories. --marekm */ -- if (mkdir (user_home, 0) != 0) { -- fprintf (stderr, -- _("%s: cannot create directory %s\n"), -- Prog, user_home); --#ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -- "adding home directory", -- user_name, (unsigned int) user_id, -- SHADOW_AUDIT_FAILURE); --#endif -- fail_exit (E_HOMEDIR); -- } -- chown (user_home, user_id, user_gid); -- chmod (user_home, -- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -- home_added = true; -+ mkdir_p(user_home); -+ } -+ if (access (user_home, F_OK) != 0) { - #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", - user_name, (unsigned int) user_id, -- SHADOW_AUDIT_SUCCESS); -+ SHADOW_AUDIT_FAILURE); - #endif --#ifdef WITH_SELINUX -- /* Reset SELinux to create files with default contexts */ -- if (reset_selinux_file_context () != 0) { -- fail_exit (E_HOMEDIR); -- } -+ fail_exit (E_HOMEDIR); -+ } -+ chown (user_home, user_id, user_gid); -+ chmod (user_home, -+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -+ home_added = true; -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "adding home directory", -+ user_name, (unsigned int) user_id, -+ SHADOW_AUDIT_SUCCESS); - #endif -+#ifdef WITH_SELINUX -+ /* Reset SELinux to create files with default contexts */ -+ if (reset_selinux_file_context () != 0) { -+ fail_exit (E_HOMEDIR); - } -+#endif - } - - /* --- -1.7.9.5 - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/yocto-poky/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch deleted file mode 100644 index 68da25f40..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch +++ /dev/null @@ -1,201 +0,0 @@ -Upstream-Status: Inappropriate [OE specific] - -Allow for setting password in clear text. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/Makefile.am | 8 ++++---- - src/groupadd.c | 8 +++++++- - src/groupmod.c | 8 +++++++- - src/useradd.c | 9 +++++++-- - src/usermod.c | 8 +++++++- - 5 files changed, 32 insertions(+), 9 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 25e288d..856b087 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - grpck_LDADD = $(LDADD) $(LIBSELINUX) - grpconv_LDADD = $(LDADD) $(LIBSELINUX) - grpunconv_LDADD = $(LDADD) $(LIBSELINUX) -@@ -111,9 +111,9 @@ su_SOURCES = \ - suauth.c - su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - sulogin_LDADD = $(LDADD) $(LIBCRYPT) --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) - userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) - vipw_LDADD = $(LDADD) $(LIBSELINUX) - - install-am: all-am -diff --git a/src/groupadd.c b/src/groupadd.c -index f716f57..4e28c26 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" - " (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs ("\n", usageout); -@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv) - {"key", required_argument, NULL, 'K'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; - -- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:", -+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:", - long_options, NULL)) != -1) { - switch (c) { - case 'f': -@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv) - pflg = true; - group_passwd = optarg; - break; -+ case 'P': -+ pflg = true; -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; -diff --git a/src/groupmod.c b/src/groupmod.c -index d9d3807..68f49d1 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -127,6 +127,7 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" - " PASSWORD\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs ("\n", usageout); - exit (status); -@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv) - {"new-name", required_argument, NULL, 'n'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; -- while ((c = getopt_long (argc, argv, "g:hn:op:R:", -+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:", - long_options, NULL)) != -1) { - switch (c) { - case 'g': -@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv) - group_passwd = optarg; - pflg = true; - break; -+ case 'P': -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; - default: -diff --git a/src/useradd.c b/src/useradd.c -index b3bd451..4416f90 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -773,6 +773,7 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" - " (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); -@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv) - {"no-user-group", no_argument, NULL, 'N'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, - {"shell", required_argument, NULL, 's'}, -@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv) - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:", - #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U", - #endif /* !WITH_SELINUX */ - long_options, NULL)) != -1) { - switch (c) { -@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv) - } - user_pass = optarg; - break; -+ case 'P': /* set clear text password */ -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; -diff --git a/src/usermod.c b/src/usermod.c -index e7d4351..b79f7a3 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status) - " new location (use only with -d)\n"), usageout); - (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); - (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); -@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv) - {"move-home", no_argument, NULL, 'm'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {"shell", required_argument, NULL, 's'}, - {"uid", required_argument, NULL, 'u'}, -@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv) - {NULL, 0, NULL, '\0'} - }; - while ((c = getopt_long (argc, argv, -- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U" -+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U" - #ifdef ENABLE_SUBIDS - "v:w:V:W:" - #endif /* ENABLE_SUBIDS */ -@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv) - user_pass = optarg; - pflg = true; - break; -+ case 'P': -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; - case 's': --- -1.7.9.5 - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/yocto-poky/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch deleted file mode 100644 index 185590cab..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 -From: James Le Cuirot <chewi@aura-online.co.uk> -Date: Sat, 23 Aug 2014 09:46:39 +0100 -Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF - -This built-in check is simpler than the previous method and, most -importantly, works when cross-compiling. - -Upstream-Status: Accepted -[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f] - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> ---- - configure.in | 14 ++++---------- - 1 file changed, 4 insertions(+), 10 deletions(-) - -diff --git a/configure.in b/configure.in -index 1a3f841..4a4d6d0 100644 ---- a/configure.in -+++ b/configure.in -@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then - dnl - dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc - dnl -- AC_RUN_IFELSE([AC_LANG_SOURCE([ --#include <sys/types.h> --int main(void) { -- uid_t u; -- gid_t g; -- return (sizeof u < 4) || (sizeof g < 4); --} -- ])], [id32bit="yes"], [id32bit="no"]) -- -- if test "x$id32bit" = "xyes"; then -+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) -+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) -+ -+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then - AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) - enable_subids="yes" - else diff --git a/yocto-poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/yocto-poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch deleted file mode 100644 index 4fa3d184e..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ /dev/null @@ -1,46 +0,0 @@ -Upstream-Status: Inappropriate [OE specific] - -commonio.c: fix unexpected open failure in chroot environment - -When using commands with '-R <newroot>' option in our pseudo environment, -we would usually get the 'Pemission Denied' error. This patch serves as -a workaround to this problem. - -Note that this patch doesn't change the logic in the code, it just expands -the codes. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - lib/commonio.c | 16 ++++++++++++---- - 1 file changed, 12 insertions(+), 4 deletions(-) - -diff --git a/lib/commonio.c b/lib/commonio.c -index cc536bf..51cafd9 100644 ---- a/lib/commonio.c -+++ b/lib/commonio.c -@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode) - db->cursor = NULL; - db->changed = false; - -- fd = open (db->filename, -- (db->readonly ? O_RDONLY : O_RDWR) -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); -- saved_errno = errno; -+ if (db->readonly) { -+ fd = open (db->filename, -+ (true ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); -+ saved_errno = errno; -+ } else { -+ fd = open (db->filename, -+ (false ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); -+ saved_errno = errno; -+ } -+ - db->fp = NULL; - if (fd >= 0) { - #ifdef WITH_TCB --- -1.7.9.5 - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/yocto-poky/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch deleted file mode 100644 index 02cb91aaf..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch +++ /dev/null @@ -1,28 +0,0 @@ -Upstream-Status: Pending - -Subject: fix installation failure with subids disabled - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/Makefile.am | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 25e288d..076f8ef 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -52,7 +52,10 @@ usbin_PROGRAMS = \ - noinst_PROGRAMS = id sulogin - - suidbins = su --suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap -+suidubins = chage chfn chsh expiry gpasswd newgrp passwd -+if ENABLE_SUBIDS -+suidubins += newgidmap newuidmap -+endif - if ACCT_TOOLS_SETUID - suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod - endif --- -1.7.9.5 - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/yocto-poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot deleted file mode 100644 index 8a68dd341..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot +++ /dev/null @@ -1,386 +0,0 @@ -# -# /etc/login.defs - Configuration control definitions for the shadow package. -# -# $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $ -# - -# -# Delay in seconds before being allowed another attempt after a login failure -# Note: When PAM is used, some modules may enfore a minimal delay (e.g. -# pam_unix enforces a 2s delay) -# -FAIL_DELAY 3 - -# -# Enable logging and display of /var/log/faillog login failure info. -# -#FAILLOG_ENAB yes - -# -# Enable display of unknown usernames when login failures are recorded. -# -LOG_UNKFAIL_ENAB no - -# -# Enable logging of successful logins -# -LOG_OK_LOGINS no - -# -# Enable logging and display of /var/log/lastlog login time info. -# -#LASTLOG_ENAB yes - -# -# Enable checking and display of mailbox status upon login. -# -# Disable if the shell startup files already check for mail -# ("mailx -e" or equivalent). -# -##MAIL_CHECK_ENAB yes - -# -# Enable additional checks upon password changes. -# -#OBSCURE_CHECKS_ENAB yes - -# -# Enable checking of time restrictions specified in /etc/porttime. -# -#PORTTIME_CHECKS_ENAB yes - -# -# Enable setting of ulimit, umask, and niceness from passwd gecos field. -# -#QUOTAS_ENAB yes - -# -# Enable "syslog" logging of su activity - in addition to sulog file logging. -# SYSLOG_SG_ENAB does the same for newgrp and sg. -# -SYSLOG_SU_ENAB yes -SYSLOG_SG_ENAB yes - -# -# If defined, either full pathname of a file containing device names or -# a ":" delimited list of device names. Root logins will be allowed only -# upon these devices. -# -CONSOLE /etc/securetty -#CONSOLE console:tty01:tty02:tty03:tty04 - -# -# If defined, all su activity is logged to this file. -# -#SULOG_FILE /var/log/sulog - -# -# If defined, ":" delimited list of "message of the day" files to -# be displayed upon login. -# -#MOTD_FILE /etc/motd -#MOTD_FILE /etc/motd:/usr/lib/news/news-motd - -# -# If defined, this file will be output before each login prompt. -# -#ISSUE_FILE /etc/issue - -# -# If defined, file which maps tty line to TERM environment parameter. -# Each line of the file is in a format something like "vt100 tty01". -# -#TTYTYPE_FILE /etc/ttytype - -# -# If defined, login failures will be logged here in a utmp format. -# last, when invoked as lastb, will read /var/log/btmp, so... -# -#FTMP_FILE /var/log/btmp - -# -# If defined, name of file whose presence which will inhibit non-root -# logins. The contents of this file should be a message indicating -# why logins are inhibited. -# -#NOLOGINS_FILE /etc/nologin - -# -# If defined, the command name to display when running "su -". For -# example, if this is defined as "su" then a "ps" will display the -# command is "-su". If not defined, then "ps" would display the -# name of the shell actually being run, e.g. something like "-sh". -# -SU_NAME su - -# -# *REQUIRED* -# Directory where mailboxes reside, _or_ name of file, relative to the -# home directory. If you _do_ define both, #MAIL_DIR takes precedence. -# -#MAIL_DIR /var/spool/mail -MAIL_FILE .mail - -# -# If defined, file which inhibits all the usual chatter during the login -# sequence. If a full pathname, then hushed mode will be enabled if the -# user's name or shell are found in the file. If not a full pathname, then -# hushed mode will be enabled if the file exists in the user's home directory. -# -HUSHLOGIN_FILE .hushlogin -#HUSHLOGIN_FILE /etc/hushlogins - -# -# If defined, either a TZ environment parameter spec or the -# fully-rooted pathname of a file containing such a spec. -# -#ENV_TZ TZ=CST6CDT -#ENV_TZ /etc/tzname - -# -# If defined, an HZ environment parameter spec. -# -# for Linux/x86 -#ENV_HZ HZ=100 -# For Linux/Alpha... -#ENV_HZ HZ=1024 - -# -# *REQUIRED* The default PATH settings, for superuser and normal users. -# -# (they are minimal, add the rest in the shell startup files) -ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin -ENV_PATH PATH=/bin:/usr/bin - -# -# Terminal permissions -# -# TTYGROUP Login tty will be assigned this group ownership. -# TTYPERM Login tty will be set to this permission. -# -# If you have a "write" program which is "setgid" to a special group -# which owns the terminals, define TTYGROUP to the group number and -# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign -# TTYPERM to either 622 or 600. -# -TTYGROUP tty -TTYPERM 0600 - -# -# Login configuration initializations: -# -# ERASECHAR Terminal ERASE character ('\010' = backspace). -# KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# ULIMIT Default "ulimit" value. -# -# The ERASECHAR and KILLCHAR are used only on System V machines. -# The ULIMIT is used only if the system supports it. -# (now it works with setrlimit too; ulimit is in 512-byte units) -# -# Prefix these values with "0" to get octal, "0x" to get hexadecimal. -# -ERASECHAR 0177 -KILLCHAR 025 -#ULIMIT 2097152 - -# Default initial "umask" value for non-PAM enabled systems. -# UMASK is also used by useradd and newusers to set the mode of new home -# directories. -# 022 is the default value, but 027, or even 077, could be considered -# better for privacy. There is no One True Answer here: each sysadmin -# must make up her mind. -UMASK 022 - -# -# Password aging controls: -# -# PASS_MAX_DAYS Maximum number of days a password may be used. -# PASS_MIN_DAYS Minimum number of days allowed between password changes. -# PASS_MIN_LEN Minimum acceptable password length. -# PASS_WARN_AGE Number of days warning given before a password expires. -# -PASS_MAX_DAYS 99999 -PASS_MIN_DAYS 0 -#PASS_MIN_LEN 5 -PASS_WARN_AGE 7 - -# -# If "yes", the user must be listed as a member of the first gid 0 group -# in /etc/group (called "root" on most Linux systems) to be able to "su" -# to uid 0 accounts. If the group doesn't exist or is empty, no one -# will be able to "su" to uid 0. -# -#SU_WHEEL_ONLY no - -# -# If compiled with cracklib support, where are the dictionaries -# -#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict - -# -# Min/max values for automatic uid selection in useradd -# -UID_MIN 1000 -UID_MAX 60000 -# System accounts -SYS_UID_MIN 101 -SYS_UID_MAX 999 - -# -# Min/max values for automatic gid selection in groupadd -# -GID_MIN 1000 -GID_MAX 60000 -# System accounts -SYS_GID_MIN 101 -SYS_GID_MAX 999 - -# -# Max number of login retries if password is bad -# -LOGIN_RETRIES 5 - -# -# Max time in seconds for login -# -LOGIN_TIMEOUT 60 - -# -# Maximum number of attempts to change password if rejected (too easy) -# -#PASS_CHANGE_TRIES 5 - -# -# Warn about weak passwords (but still allow them) if you are root. -# -#PASS_ALWAYS_WARN yes - -# -# Number of significant characters in the password for crypt(). -# Default is 8, don't change unless your crypt() is better. -# Ignored if MD5_CRYPT_ENAB set to "yes". -# -#PASS_MAX_LEN 8 - -# -# Require password before chfn/chsh can make any changes. -# -#CHFN_AUTH yes - -# -# Which fields may be changed by regular users using chfn - use -# any combination of letters "frwh" (full name, room number, work -# phone, home phone). If not defined, no changes are allowed. -# For backward compatibility, "yes" = "rwh" and "no" = "frwh". -# -CHFN_RESTRICT rwh - -# -# Password prompt (%s will be replaced by user name). -# -# XXX - it doesn't work correctly yet, for now leave it commented out -# to use the default which is just "Password: ". -#LOGIN_STRING "%s's Password: " - -# -# Only works if compiled with MD5_CRYPT defined: -# If set to "yes", new passwords will be encrypted using the MD5-based -# algorithm compatible with the one used by recent releases of FreeBSD. -# It supports passwords of unlimited length and longer salt strings. -# Set to "no" if you need to copy encrypted passwords to other systems -# which don't understand the new algorithm. Default is "no". -# -# Note: If you use PAM, it is recommended to use a value consistent with -# the PAM modules configuration. -# -# This variable is deprecated. You should use ENCRYPT_METHOD. -# -#MD5_CRYPT_ENAB no - -# -# Only works if compiled with ENCRYPTMETHOD_SELECT defined: -# If set to MD5 , MD5-based algorithm will be used for encrypting password -# If set to SHA256, SHA256-based algorithm will be used for encrypting password -# If set to SHA512, SHA512-based algorithm will be used for encrypting password -# If set to DES, DES-based algorithm will be used for encrypting password (default) -# Overrides the MD5_CRYPT_ENAB option -# -# Note: If you use PAM, it is recommended to use a value consistent with -# the PAM modules configuration. -# -#ENCRYPT_METHOD DES - -# -# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -# -# Define the number of SHA rounds. -# With a lot of rounds, it is more difficult to brute forcing the password. -# But note also that it more CPU resources will be needed to authenticate -# users. -# -# If not specified, the libc will choose the default number of rounds (5000). -# The values must be inside the 1000-999999999 range. -# If only one of the MIN or MAX values is set, then this value will be used. -# If MIN > MAX, the highest value will be used. -# -# SHA_CRYPT_MIN_ROUNDS 5000 -# SHA_CRYPT_MAX_ROUNDS 5000 - -# -# List of groups to add to the user's supplementary group set -# when logging in on the console (as determined by the CONSOLE -# setting). Default is none. -# -# Use with caution - it is possible for users to gain permanent -# access to these groups, even when not logged in on the console. -# How to do it is left as an exercise for the reader... -# -#CONSOLE_GROUPS floppy:audio:cdrom - -# -# Should login be allowed if we can't cd to the home directory? -# Default in no. -# -DEFAULT_HOME yes - -# -# If this file exists and is readable, login environment will be -# read from it. Every line should be in the form name=value. -# -#ENVIRON_FILE /etc/environment - -# -# If defined, this command is run when removing a user. -# It should remove any at/cron/print jobs etc. owned by -# the user to be removed (passed as the first argument). -# -#USERDEL_CMD /usr/sbin/userdel_local - -# -# Enable setting of the umask group bits to be the same as owner bits -# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is -# the same as gid, and username is the same as the primary group name. -# -# This also enables userdel to remove user groups if no members exist. -# -USERGROUPS_ENAB yes - -# -# If set to a non-nul number, the shadow utilities will make sure that -# groups never have more than this number of users on one line. -# This permit to support split groups (groups split into multiple lines, -# with the same group ID, to avoid limitation of the line length in the -# group file). -# -# 0 is the default value and disables this feature. -# -#MAX_MEMBERS_PER_GROUP 0 - -# -# If useradd should create home directories for users by default (non -# system users only) -# This option is overridden with the -M or -m flags on the useradd command -# line. -# -CREATE_HOME yes - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/login_defs_pam.sed b/yocto-poky/meta/recipes-extended/shadow/files/login_defs_pam.sed deleted file mode 100644 index 0a1f3be4a..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/login_defs_pam.sed +++ /dev/null @@ -1,32 +0,0 @@ -/^FAILLOG_ENAB/b comment -/^LASTLOG_ENAB/b comment -/^MAIL_CHECK_ENAB/b comment -/^OBSCURE_CHECKS_ENAB/b comment -/^PORTTIME_CHECKS_ENAB/b comment -/^QUOTAS_ENAB/b comment -/^MOTD_FILE/b comment -/^FTMP_FILE/b comment -/^NOLOGINS_FILE/b comment -/^ENV_HZ/b comment -/^ENV_TZ/b comment -/^PASS_MIN_LEN/b comment -/^SU_WHEEL_ONLY/b comment -/^CRACKLIB_DICTPATH/b comment -/^PASS_CHANGE_TRIES/b comment -/^PASS_ALWAYS_WARN/b comment -/^PASS_MAX_LEN/b comment -/^PASS_MIN_LEN/b comment -/^CHFN_AUTH/b comment -/^CHSH_AUTH/b comment -/^ISSUE_FILE/b comment -/^LOGIN_STRING/b comment -/^ULIMIT/b comment -/^ENVIRON_FILE/b comment - -b exit - -: comment - s:^:#: - -: exit - diff --git a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chfn b/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chfn deleted file mode 100644 index baf7698bb..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chfn +++ /dev/null @@ -1,14 +0,0 @@ -# -# The PAM configuration file for the Shadow `chfn' service -# - -# This allows root to change user infomation without being -# prompted for a password -auth sufficient pam_rootok.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -auth include common-auth -account include common-account -session include common-session diff --git a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chpasswd b/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chpasswd deleted file mode 100644 index 9e3efa68b..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chpasswd +++ /dev/null @@ -1,4 +0,0 @@ -# The PAM configuration file for the Shadow 'chpasswd' service -# - -password include common-password diff --git a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chsh b/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chsh deleted file mode 100644 index 8fb169f64..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/chsh +++ /dev/null @@ -1,19 +0,0 @@ -# -# The PAM configuration file for the Shadow `chsh' service -# - -# This will not allow a user to change their shell unless -# their current one is listed in /etc/shells. This keeps -# accounts with special shells from changing them. -auth required pam_shells.so - -# This allows root to change user shell without being -# prompted for a password -auth sufficient pam_rootok.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -auth include common-auth -account include common-account -session include common-session diff --git a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/login b/yocto-poky/meta/recipes-extended/shadow/files/pam.d/login deleted file mode 100644 index b34005853..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/login +++ /dev/null @@ -1,81 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# Note that it is included as a "requisite" module. No password prompts will -# be displayed if this module fails to avoid having the root password -# transmitted on unsecure ttys. -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root). -auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 - -# Standard Un*x authentication. -auth include common-auth - -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -session required pam_limits.so - -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Prints the status of the user's mailbox upon succesful login -# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). -# -# This also defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -session optional pam_mail.so standard - -# Standard Un*x account and session -account include common-account -password include common-password -session include common-session diff --git a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/newusers b/yocto-poky/meta/recipes-extended/shadow/files/pam.d/newusers deleted file mode 100644 index 4aa3dde48..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/newusers +++ /dev/null @@ -1,4 +0,0 @@ -# The PAM configuration file for the Shadow 'newusers' service -# - -password include common-password diff --git a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/passwd b/yocto-poky/meta/recipes-extended/shadow/files/pam.d/passwd deleted file mode 100644 index f53499243..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/passwd +++ /dev/null @@ -1,5 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -password include common-password diff --git a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/su b/yocto-poky/meta/recipes-extended/shadow/files/pam.d/su deleted file mode 100644 index 8d590a32e..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/pam.d/su +++ /dev/null @@ -1,57 +0,0 @@ -# -# The PAM configuration file for the Shadow `su' service -# - -# This allows root to su without passwords (normal operation) -auth sufficient pam_rootok.so - -# Uncomment this to force users to be a member of group root -# before they can use `su'. You can also add "group=foo" -# to the end of this line if you want to use a group other -# than the default "root" (but this may have side effect of -# denying "root" user, unless she's a member of "foo" or explicitly -# permitted earlier by e.g. "sufficient pam_rootok.so"). -# (Replaces the `SU_WHEEL_ONLY' option from login.defs) -# auth required pam_wheel.so - -# Uncomment this if you want wheel members to be able to -# su without a password. -# auth sufficient pam_wheel.so trust - -# Uncomment this if you want members of a specific group to not -# be allowed to use su at all. -# auth required pam_wheel.so deny group=nosu - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on su usage. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 - -# Defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -# -# "nopen" stands to avoid reporting new mail when su'ing to another user -session optional pam_mail.so nopen - -# Sets up user limits, please uncomment and read /etc/security/limits.conf -# to enable this functionality. -# (Replaces the use of /etc/limits in old login) -# session required pam_limits.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -auth include common-auth -account include common-account -session include common-session diff --git a/yocto-poky/meta/recipes-extended/shadow/files/securetty b/yocto-poky/meta/recipes-extended/shadow/files/securetty deleted file mode 100644 index 2be341a21..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/securetty +++ /dev/null @@ -1,238 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). -console - -# Standard serial ports -ttyS0 -ttyS1 -ttyS2 -ttyS3 - -# ARM AMBA SoCs -ttyAM0 -ttyAM1 -ttyAM2 -ttyAM3 -ttyAMA0 -ttyAMA1 -ttyAMA2 -ttyAMA3 - -# QCOM Socs -ttyHSL0 -ttyHSL1 -ttyHSL2 -ttyHSL3 -ttyMSM0 -ttyMSM1 -ttyMSM2 - -# Samsung ARM SoCs -ttySAC0 -ttySAC1 -ttySAC2 -ttySAC3 - -# STM SoCs -ttyAS0 -ttyAS1 -ttyAS2 -ttyAS3 - -# TI OMAP SoCs -ttyO0 -ttyO1 -ttyO2 -ttyO3 - -# Xilinx Zynq SoC -ttyPS0 -ttyPS1 - -# USB dongles -ttyUSB0 -ttyUSB1 -ttyUSB2 - -# USB serial gadget -ttyGS0 - -# PowerMac -ttyPZ0 -ttyPZ1 -ttyPZ2 -ttyPZ3 - -# Embedded MPC platforms -ttyPSC0 -ttyPSC1 -ttyPSC2 -ttyPSC3 -ttyPSC4 -ttyPSC5 - -# PA-RISC mux ports -ttyB0 -ttyB1 - -# Standard hypervisor virtual console -hvc0 - -# Oldstyle Xen console -xvc0 - -# Standard consoles -tty1 -tty2 -tty3 -tty4 -tty5 -tty6 -tty7 -tty8 -tty9 -tty10 -tty11 -tty12 -tty13 -tty14 -tty15 -tty16 -tty17 -tty18 -tty19 -tty20 -tty21 -tty22 -tty23 -tty24 -tty25 -tty26 -tty27 -tty28 -tty29 -tty30 -tty31 -tty32 -tty33 -tty34 -tty35 -tty36 -tty37 -tty38 -tty39 -tty40 -tty41 -tty42 -tty43 -tty44 -tty45 -tty46 -tty47 -tty48 -tty49 -tty50 -tty51 -tty52 -tty53 -tty54 -tty55 -tty56 -tty57 -tty58 -tty59 -tty60 -tty61 -tty62 -tty63 - -# Local X displays (allows empty passwords with pam_unix's nullok_secure) -pts/0 -pts/1 -pts/2 -pts/3 - -# Embedded Freescale i.MX ports -ttymxc0 -ttymxc1 -ttymxc2 -ttymxc3 -ttymxc4 -ttymxc5 - -# Freescale lpuart ports -ttyLP0 -ttyLP1 -ttyLP2 -ttyLP3 -ttyLP4 -ttyLP5 - -# Standard serial ports, with devfs -tts/0 -tts/1 - -# Standard consoles, with devfs -vc/1 -vc/2 -vc/3 -vc/4 -vc/5 -vc/6 -vc/7 -vc/8 -vc/9 -vc/10 -vc/11 -vc/12 -vc/13 -vc/14 -vc/15 -vc/16 -vc/17 -vc/18 -vc/19 -vc/20 -vc/21 -vc/22 -vc/23 -vc/24 -vc/25 -vc/26 -vc/27 -vc/28 -vc/29 -vc/30 -vc/31 -vc/32 -vc/33 -vc/34 -vc/35 -vc/36 -vc/37 -vc/38 -vc/39 -vc/40 -vc/41 -vc/42 -vc/43 -vc/44 -vc/45 -vc/46 -vc/47 -vc/48 -vc/49 -vc/50 -vc/51 -vc/52 -vc/53 -vc/54 -vc/55 -vc/56 -vc/57 -vc/58 -vc/59 -vc/60 -vc/61 -vc/62 -vc/63 diff --git a/yocto-poky/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/yocto-poky/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch deleted file mode 100644 index a7bb0a929..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch +++ /dev/null @@ -1,27 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj <raj.khem@gmail.com> -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj <raj.khem@gmail.com> -# -# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 - -Upstream-Status: Pending - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -Index: shadow-4.1.4.2/libmisc/chkname.c -=================================================================== ---- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700 -+++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700 -@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n - ( ('0' <= *name) && ('9' >= *name) ) || - ('_' == *name) || - ('-' == *name) || -+ ('.' == *name) || - ( ('$' == *name) && ('\0' == *(name + 1)) ) - )) { - return false; diff --git a/yocto-poky/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/yocto-poky/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch deleted file mode 100644 index 15f8044fa..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch +++ /dev/null @@ -1,91 +0,0 @@ -The system-auth in the configure files is from Fedora which put all the 4 pam type rules -in one file. -In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, -common-password and common-session. -So update them with oe way. - -Upstream-Status: Pending - -Signed-off-by: Kang Kai <kai.kang@windriver.com> - -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage ---- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd ---- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd ---- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel ---- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems ---- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod ---- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd ---- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel ---- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod ---- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 -@@ -1,4 +1,4 @@ - #%PAM-1.0 - auth sufficient pam_rootok.so - account required pam_permit.so --password include system-auth -+password include common-password diff --git a/yocto-poky/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/yocto-poky/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch deleted file mode 100644 index 37dc153fc..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch +++ /dev/null @@ -1,33 +0,0 @@ -Upstream-Status: Pending - -usermod: fix compilation failure with subids disabled - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/usermod.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/usermod.c b/src/usermod.c -index e7d4351..685b50a 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv) - Prog, (unsigned long) user_newid); - exit (E_UID_IN_USE); - } -- -+#ifdef ENABLE_SUBIDS - if ( (vflg || Vflg) - && !is_sub_uid) { - fprintf (stderr, -@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv) - Prog, sub_gid_dbname (), "-w", "-W"); - exit (E_USAGE); - } -+#endif - } - - /* --- -1.7.9.5 - diff --git a/yocto-poky/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb b/yocto-poky/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb deleted file mode 100644 index c78f888cf..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb +++ /dev/null @@ -1,38 +0,0 @@ -SUMMARY = "Provider of the machine specific securetty file" -SECTION = "base utils" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" - -INHIBIT_DEFAULT_DEPS = "1" - -PR = "r3" - -SRC_URI = "file://securetty" - -S = "${WORKDIR}" - -# Since SERIAL_CONSOLES is likely to be set from the machine configuration -PACKAGE_ARCH = "${MACHINE_ARCH}" - -do_install () { - # Ensure we add a suitable securetty file to the package that has - # most common embedded TTYs defined. - install -d ${D}${sysconfdir} - install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty - if [ ! -z "${SERIAL_CONSOLES}" ]; then - # Our SERIAL_CONSOLES contains a baud rate and sometimes extra - # options as well. The following pearl :) takes that and converts - # it into newline-separated tty's and appends them into - # securetty. So if a machine has a weird looking console device - # node (e.g. ttyAMA0) that securetty does not know, it will get - # appended to securetty and root logins will be allowed on that - # console. - tmp="${SERIAL_CONSOLES}" - for entry in $tmp ; do - ttydev=`echo "$entry" | sed -e 's/^[0-9]*\;//' -e 's/\;.*//'` - if ! grep -q $ttydev ${D}${sysconfdir}/securetty; then - echo $ttydev >> ${D}${sysconfdir}/securetty - fi - done - fi -} diff --git a/yocto-poky/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb b/yocto-poky/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb deleted file mode 100644 index 697569c47..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb +++ /dev/null @@ -1,34 +0,0 @@ -SUMMARY = "Shadow utils requirements for useradd.bbclass" -HOMEPAGE = "http://pkg-shadow.alioth.debian.org" -BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" -SECTION = "base utils" -LICENSE = "BSD | Artistic-1.0" -LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" - -DEPENDS = "base-passwd" - -PR = "r3" - -# The sole purpose of this recipe is to provide the /etc/login.defs -# file for the target sysroot - needed so the shadow-native utilities -# can add custom users/groups for recipes that use inherit useradd. -SRC_URI = "file://login.defs_shadow-sysroot" - -SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" -SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" - -S = "${WORKDIR}" - -do_install() { - install -d ${D}${sysconfdir} - install -p -m 755 ${S}/login.defs_shadow-sysroot ${D}${sysconfdir}/login.defs -} - -sysroot_stage_all() { - sysroot_stage_dir ${D} ${SYSROOT_DESTDIR} -} - -# don't create any packages -# otherwise: dbus-dev depends on shadow-sysroot-dev which depends on shadow-sysroot -# and this has another copy of /etc/login.defs already provided by shadow -PACKAGES = "" diff --git a/yocto-poky/meta/recipes-extended/shadow/shadow.inc b/yocto-poky/meta/recipes-extended/shadow/shadow.inc deleted file mode 100644 index d024b01dc..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/shadow.inc +++ /dev/null @@ -1,196 +0,0 @@ -SUMMARY = "Tools to change and administer password and group data" -HOMEPAGE = "http://pkg-shadow.alioth.debian.org" -BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" -SECTION = "base/utils" -LICENSE = "BSD | Artistic-1.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ - file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661" - -DEPENDS = "shadow-native" -DEPENDS_class-native = "" -DEPENDS_class-nativesdk = "" - -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ - file://shadow-4.1.3-dots-in-usernames.patch \ - file://usermod-fix-compilation-failure-with-subids-disabled.patch \ - file://fix-installation-failure-with-subids-disabled.patch \ - file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ - file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ - ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ - " - -SRC_URI_append_class-target = " \ - file://login_defs_pam.sed \ - file://shadow-update-pam-conf.patch \ - " - -SRC_URI_append_class-native = " \ - file://0001-Disable-use-of-syslog-for-sysroot.patch \ - file://allow-for-setting-password-in-clear-text.patch \ - file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ - file://0001-useradd.c-create-parent-directories-when-necessary.patch \ - " -SRC_URI_append_class-nativesdk = " \ - file://0001-Disable-use-of-syslog-for-sysroot.patch \ - " - -SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8" -SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41" - -# Additional Policy files for PAM -PAM_SRC_URI = "file://pam.d/chfn \ - file://pam.d/chpasswd \ - file://pam.d/chsh \ - file://pam.d/login \ - file://pam.d/newusers \ - file://pam.d/passwd \ - file://pam.d/su" - -inherit autotools gettext - -EXTRA_OECONF += "--without-audit \ - --without-libcrack \ - --without-selinux \ - --with-group-name-max-length=24 \ - --enable-subordinate-ids=yes \ - ${NSCDOPT}" - -NSCDOPT = "" -NSCDOPT_class-native = "--without-nscd" -NSCDOPT_class-nativesdk = "--without-nscd" -NSCDOPT_libc-uclibc = " --without-nscd" -NSCDOPT_libc-glibc = "${@bb.utils.contains('DISTRO_FEATURES', 'libc-spawn', '--with-nscd', '--without-nscd', d)}" - -PAM_PLUGINS = "libpam-runtime \ - pam-plugin-faildelay \ - pam-plugin-securetty \ - pam-plugin-nologin \ - pam-plugin-env \ - pam-plugin-group \ - pam-plugin-limits \ - pam-plugin-lastlog \ - pam-plugin-motd \ - pam-plugin-mail \ - pam-plugin-shells \ - pam-plugin-rootok" - -PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" -PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" -PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" -PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" - -RDEPENDS_${PN} = "shadow-securetty \ - base-passwd \ - util-linux-sulogin" -RDEPENDS_${PN}_class-native = "" -RDEPENDS_${PN}_class-nativesdk = "" - -do_install() { - oe_runmake DESTDIR="${D}" sbindir="${base_sbindir}" usbindir="${sbindir}" install - - # Info dir listing isn't interesting at this point so remove it if it exists. - if [ -e "${D}${infodir}/dir" ]; then - rm -f ${D}${infodir}/dir - fi - - # Enable CREATE_HOME by default. - sed -i 's/#CREATE_HOME/CREATE_HOME/g' ${D}${sysconfdir}/login.defs - - # As we are on an embedded system, ensure the users mailbox is in - # ~/ not /var/spool/mail by default, as who knows where or how big - # /var is. The system MDA will set this later anyway. - sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs - sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs - - # Disable checking emails. - sed -i 's/MAIL_CHECK_ENAB/#MAIL_CHECK_ENAB/g' ${D}${sysconfdir}/login.defs - - # Comment out SU_NAME to work correctly with busybox - # See Bug#5359 and Bug#7173 - sed -i 's:^SU_NAME:#SU_NAME:g' ${D}${sysconfdir}/login.defs - - # Use proper encryption for passwords - sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs - - # Now we don't have a mail system. Disable mail creation for now. - sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd - sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd - - # Use users group by default - sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd -} - -do_install_append() { - # Ensure that the image has as a /var/spool/mail dir so shadow can - # put mailboxes there if the user reconfigures shadow to its - # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail - - if [ -e ${WORKDIR}/pam.d ]; then - install -d ${D}${sysconfdir}/pam.d/ - install -m 0644 ${WORKDIR}/pam.d/* ${D}${sysconfdir}/pam.d/ - # Remove defaults that are not used when supporting PAM. - sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs - fi - - install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} - - # Move binaries to the locations we want - rm ${D}${sbindir}/vigr - ln -sf vipw.${BPN} ${D}${base_sbindir}/vigr - if [ "${sbindir}" != "${base_sbindir}" ]; then - mv ${D}${sbindir}/vipw ${D}${base_sbindir}/vipw - fi - if [ "${bindir}" != "${base_bindir}" ]; then - mv ${D}${bindir}/login ${D}${base_bindir}/login - mv ${D}${bindir}/su ${D}${base_bindir}/su - fi - - # Handle link properly after rename, otherwise missing files would - # lead rpm failed dependencies. - ln -sf newgrp.${BPN} ${D}${bindir}/sg -} - -PACKAGES =+ "${PN}-base" -FILES_${PN}-base = "\ - ${base_bindir}/login.shadow \ - ${base_bindir}/su.shadow \ - ${bindir}/sg \ - ${bindir}/newgrp.shadow \ - ${bindir}/groups.shadow \ - ${sysconfdir}/pam.d/login \ - ${sysconfdir}/pam.d/su \ - ${sysconfdir}/login.defs \ -" -RDEPENDS_${PN} += "${PN}-base" - -inherit update-alternatives - -ALTERNATIVE_PRIORITY = "200" - -ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr" -ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" -ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" -ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" - -ALTERNATIVE_${PN}-base = "newgrp groups login su" -ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" -ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" - -ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1" -ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5" -ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3" -ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1" - -pkg_postinst_${PN} () { - if [ "x$D" != "x" ]; then - rootarg="--root $D" - else - rootarg="" - fi - - pwconv $rootarg || exit 1 - grpconv $rootarg || exit 1 -} diff --git a/yocto-poky/meta/recipes-extended/shadow/shadow_4.2.1.bb b/yocto-poky/meta/recipes-extended/shadow/shadow_4.2.1.bb deleted file mode 100644 index 5675cb8cc..000000000 --- a/yocto-poky/meta/recipes-extended/shadow/shadow_4.2.1.bb +++ /dev/null @@ -1,10 +0,0 @@ -require shadow.inc - -# Build falsely assumes that if --enable-libpam is set, we don't need to link against -# libcrypt. This breaks chsh. -BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', bb.utils.contains('DISTRO_FEATURES', 'libc-crypt', '-lcrypt', '', d), '', d)}" - -BBCLASSEXTEND = "native nativesdk" - - - |