diff --git a/meta/meta-openembedded/meta-oe/recipes-support/ccid/ccid_1.4.24.bb b/meta/meta-openembedded/meta-oe/recipes-support/ccid/ccid_1.4.24.bb index 00ccdb67d..31145d0ef 100644 --- a/meta/meta-openembedded/meta-oe/recipes-support/ccid/ccid_1.4.24.bb +++ b/meta/meta-openembedded/meta-oe/recipes-support/ccid/ccid_1.4.24.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://pcsclite.alioth.debian.org/ccid.html" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1" -DEPENDS = "pcsc-lite" +DEPENDS = "virtual/libusb0 pcsc-lite" RDEPENDS_${PN} = "pcsc-lite" SRC_URI = "https://alioth.debian.org/frs/download.php/file/4171/ccid-${PV}.tar.bz2 \ diff --git a/meta/meta-openembedded/meta-oe/recipes-support/openct/openct_0.6.20.bb b/meta/meta-openembedded/meta-oe/recipes-support/openct/openct_0.6.20.bb index e4e6e1fb6..d4ad9c1c4 100644 --- a/meta/meta-openembedded/meta-oe/recipes-support/openct/openct_0.6.20.bb +++ b/meta/meta-openembedded/meta-oe/recipes-support/openct/openct_0.6.20.bb @@ -7,7 +7,7 @@ so applications can use it with minimal overhead. \ OpenCT also has a primitive mechanism to export smart card \ readers to remote machines via TCP/IP." -DEPENDS += "libtool pcsc-lite" +DEPENDS += "libtool pcsc-lite libusb-compat" SRC_URI = " \ ${DEBIAN_MIRROR}/main/o/${BPN}/${BPN}_${PV}.orig.tar.gz \ diff --git a/meta/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch old mode 100755 new mode 100644 index 628db4213..a6f604b65 --- a/meta/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ b/meta/poky/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch @@ -1,52 +1,124 @@ -From 8b845fff891798a03bdf21354b52e4487c2c0200 Mon Sep 17 00:00:00 2001 -From: Richard Purdie -Date: Thu, 14 Apr 2022 23:11:53 +0000 -Subject: [PATCH] Disable use of syslog for shadow-native tools +From 8cf3454d567f77233023be49a39a33e9f0836f89 Mon Sep 17 00:00:00 2001 +From: Scott Garman +Date: Thu, 14 Apr 2016 12:28:57 +0200 +Subject: [PATCH] Disable use of syslog for sysroot Disable use of syslog to prevent sysroot user and group additions from writing entries to the host's syslog. This patch should only be used with the shadow-native recipe. -Upstream-Status: Inappropriate [OE specific configuration] -Signed-off-by: Richard Purdie +Upstream-Status: Inappropriate [disable feature] + +Signed-off-by: Scott Garman Signed-off-by: Peter Kjellerstedt - --- - configure.ac | 2 +- - src/login_nopam.c | 3 ++- - 2 files changed, 3 insertions(+), 2 deletions(-) + src/groupadd.c | 3 +++ + src/groupdel.c | 3 +++ + src/groupmems.c | 3 +++ + src/groupmod.c | 3 +++ + src/useradd.c | 3 +++ + src/userdel.c | 3 +++ + src/usermod.c | 3 +++ + 7 files changed, 21 insertions(+) -diff --git a/configure.ac b/configure.ac -index 5dcae19..b2c58f5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -204,7 +204,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", - [Path to passwd program.]) +diff --git a/src/groupadd.c b/src/groupadd.c +index 39b4ec0..f716f57 100644 +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -34,6 +34,9 @@ - dnl XXX - quick hack, should disappear before anyone notices :). --AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) -+#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) - if test "$ac_cv_func_ruserok" = "yes"; then - AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) - AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) -diff --git a/src/login_nopam.c b/src/login_nopam.c -index df6ba88..fc24e13 100644 ---- a/src/login_nopam.c -+++ b/src/login_nopam.c -@@ -29,7 +29,6 @@ - #ifndef USE_PAM #ident "$Id$" --#include "prototypes.h" - /* - * This module implements a simple but effective form of login access - * control based on login names and on host (or domain) names, internet -@@ -57,6 +56,8 @@ - #include - #include /* for inet_ntoa() */ - -+#include "prototypes.h" ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG + - #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) - #undef MAXHOSTNAMELEN - #define MAXHOSTNAMELEN 256 + #include + #include + #include +diff --git a/src/groupdel.c b/src/groupdel.c +index da99347..46a679c 100644 +--- a/src/groupdel.c ++++ b/src/groupdel.c +@@ -34,6 +34,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include + #include + #include +diff --git a/src/groupmems.c b/src/groupmems.c +index e4f107f..95cb073 100644 +--- a/src/groupmems.c ++++ b/src/groupmems.c +@@ -32,6 +32,9 @@ + + #include + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include + #include + #include +diff --git a/src/groupmod.c b/src/groupmod.c +index d9d3807..6229737 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -34,6 +34,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include + #include + #include +diff --git a/src/useradd.c b/src/useradd.c +index e1ebf50..25679d8 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -34,6 +34,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include + #include + #include +diff --git a/src/userdel.c b/src/userdel.c +index 19b12bc..a083929 100644 +--- a/src/userdel.c ++++ b/src/userdel.c +@@ -34,6 +34,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include + #include + #include +diff --git a/src/usermod.c b/src/usermod.c +index 685b50a..28e5cfc 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -34,6 +34,9 @@ + + #ident "$Id$" + ++/* Disable use of syslog since we're running this command against a sysroot */ ++#undef USE_SYSLOG ++ + #include + #include + #include +-- +2.1.0 + diff --git a/meta/poky/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/meta/poky/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch new file mode 100644 index 000000000..828b95a57 --- /dev/null +++ b/meta/poky/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch @@ -0,0 +1,46 @@ +From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001 +From: Peter Kjellerstedt +Date: Thu, 11 Sep 2014 15:11:23 +0200 +Subject: [PATCH] Do not read login.defs before doing chroot() + +If "useradd --root ..." was used, the login.defs file would still +be read from /etc/login.defs instead of /etc/login.defs. This was +due to getdef_ulong() being called before process_root_flag(). + +Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html] + +Signed-off-by: Peter Kjellerstedt +--- + src/useradd.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index a8a1f76..e1ebf50 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -1993,9 +1993,11 @@ int main (int argc, char **argv) + #endif /* USE_PAM */ + #endif /* ACCT_TOOLS_SETUID */ + ++#ifdef ENABLE_SUBIDS + /* Needed for userns check */ +- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); +- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); ++ uid_t uid_min; ++ uid_t uid_max; ++#endif + + /* + * Get my name so that I can use it to report errors. +@@ -2026,6 +2028,8 @@ int main (int argc, char **argv) + is_shadow_grp = sgr_file_present (); + #endif + #ifdef ENABLE_SUBIDS ++ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); ++ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); + is_sub_uid = sub_uid_file_present () && !rflg && + (!user_id || (user_id <= uid_max && user_id >= uid_min)); + is_sub_gid = sub_gid_file_present () && !rflg && +-- +1.9.0 + diff --git a/meta/poky/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch b/meta/poky/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch new file mode 100644 index 000000000..85dde8e1b --- /dev/null +++ b/meta/poky/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch @@ -0,0 +1,109 @@ +Upstream-Status: Inappropriate [OE specific] + +Subject: useradd.c: create parent directories when necessary + +Signed-off-by: Chen Qi +--- + src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 49 insertions(+), 23 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 4bd969d..cb5dd6c 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -1893,6 +1893,35 @@ static void usr_update (void) + } + + /* ++ * mkdir_p - create directories, including parent directories when needed ++ * ++ * similar to `mkdir -p' ++ */ ++void mkdir_p(const char *path) { ++ int len = strlen(path); ++ char newdir[len + 1]; ++ mode_t mode = 0755; ++ int i = 0; ++ ++ if (path[i] == '\0') { ++ return; ++ } ++ ++ /* skip the leading '/' */ ++ i++; ++ ++ while(path[i] != '\0') { ++ if (path[i] == '/') { ++ strncpy(newdir, path, i); ++ newdir[i] = '\0'; ++ mkdir(newdir, mode); ++ } ++ i++; ++ } ++ mkdir(path, mode); ++} ++ ++/* + * create_home - create the user's home directory + * + * create_home() creates the user's home directory if it does not +@@ -1907,36 +1936,33 @@ static void create_home (void) + fail_exit (E_HOMEDIR); + } + #endif +- /* XXX - create missing parent directories. --marekm */ +- if (mkdir (user_home, 0) != 0) { +- fprintf (stderr, +- _("%s: cannot create directory %s\n"), +- Prog, user_home); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_ADD_USER, Prog, +- "adding home directory", +- user_name, (unsigned int) user_id, +- SHADOW_AUDIT_FAILURE); +-#endif +- fail_exit (E_HOMEDIR); +- } +- chown (user_home, user_id, user_gid); +- chmod (user_home, +- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); +- home_added = true; ++ mkdir_p(user_home); ++ } ++ if (access (user_home, F_OK) != 0) { + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, + "adding home directory", + user_name, (unsigned int) user_id, +- SHADOW_AUDIT_SUCCESS); ++ SHADOW_AUDIT_FAILURE); + #endif +-#ifdef WITH_SELINUX +- /* Reset SELinux to create files with default contexts */ +- if (reset_selinux_file_context () != 0) { +- fail_exit (E_HOMEDIR); +- } ++ fail_exit (E_HOMEDIR); ++ } ++ chown (user_home, user_id, user_gid); ++ chmod (user_home, ++ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); ++ home_added = true; ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ADD_USER, Prog, ++ "adding home directory", ++ user_name, (unsigned int) user_id, ++ SHADOW_AUDIT_SUCCESS); + #endif ++#ifdef WITH_SELINUX ++ /* Reset SELinux to create files with default contexts */ ++ if (reset_selinux_file_context () != 0) { ++ fail_exit (E_HOMEDIR); + } ++#endif + } + + /* +-- +1.7.9.5 + diff --git a/meta/poky/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/poky/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch new file mode 100644 index 000000000..68da25f40 --- /dev/null +++ b/meta/poky/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch @@ -0,0 +1,201 @@ +Upstream-Status: Inappropriate [OE specific] + +Allow for setting password in clear text. + +Signed-off-by: Chen Qi +--- + src/Makefile.am | 8 ++++---- + src/groupadd.c | 8 +++++++- + src/groupmod.c | 8 +++++++- + src/useradd.c | 9 +++++++-- + src/usermod.c | 8 +++++++- + 5 files changed, 32 insertions(+), 9 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 25e288d..856b087 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) + chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) + gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) +-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) ++groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) + groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) + groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) +-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) ++groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) + grpck_LDADD = $(LDADD) $(LIBSELINUX) + grpconv_LDADD = $(LDADD) $(LIBSELINUX) + grpunconv_LDADD = $(LDADD) $(LIBSELINUX) +@@ -111,9 +111,9 @@ su_SOURCES = \ + suauth.c + su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) + sulogin_LDADD = $(LDADD) $(LIBCRYPT) +-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) ++useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) + userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) +-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) ++usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) + vipw_LDADD = $(LDADD) $(LIBSELINUX) + + install-am: all-am +diff --git a/src/groupadd.c b/src/groupadd.c +index f716f57..4e28c26 100644 +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status) + (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" + " (non-unique) GID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs ("\n", usageout); +@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv) + {"key", required_argument, NULL, 'K'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, + {NULL, 0, NULL, '\0'} + }; + +- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:", ++ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:", + long_options, NULL)) != -1) { + switch (c) { + case 'f': +@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv) + pflg = true; + group_passwd = optarg; + break; ++ case 'P': ++ pflg = true; ++ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ break; + case 'r': + rflg = true; + break; +diff --git a/src/groupmod.c b/src/groupmod.c +index d9d3807..68f49d1 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -127,6 +127,7 @@ static void usage (int status) + (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" + " PASSWORD\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs ("\n", usageout); + exit (status); +@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv) + {"new-name", required_argument, NULL, 'n'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"root", required_argument, NULL, 'R'}, + {NULL, 0, NULL, '\0'} + }; +- while ((c = getopt_long (argc, argv, "g:hn:op:R:", ++ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:", + long_options, NULL)) != -1) { + switch (c) { + case 'g': +@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv) + group_passwd = optarg; + pflg = true; + break; ++ case 'P': ++ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ pflg = true; ++ break; + case 'R': /* no-op, handled in process_root_flag () */ + break; + default: +diff --git a/src/useradd.c b/src/useradd.c +index b3bd451..4416f90 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -773,6 +773,7 @@ static void usage (int status) + (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" + " (non-unique) UID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); +@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv) + {"no-user-group", no_argument, NULL, 'N'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, + {"shell", required_argument, NULL, 's'}, +@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv) + }; + while ((c = getopt_long (argc, argv, + #ifdef WITH_SELINUX +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", ++ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:", + #else /* !WITH_SELINUX */ +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", ++ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U", + #endif /* !WITH_SELINUX */ + long_options, NULL)) != -1) { + switch (c) { +@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv) + } + user_pass = optarg; + break; ++ case 'P': /* set clear text password */ ++ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ break; + case 'r': + rflg = true; + break; +diff --git a/src/usermod.c b/src/usermod.c +index e7d4351..b79f7a3 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status) + " new location (use only with -d)\n"), usageout); + (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); + (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); +@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv) + {"move-home", no_argument, NULL, 'm'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"root", required_argument, NULL, 'R'}, + {"shell", required_argument, NULL, 's'}, + {"uid", required_argument, NULL, 'u'}, +@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv) + {NULL, 0, NULL, '\0'} + }; + while ((c = getopt_long (argc, argv, +- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U" ++ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U" + #ifdef ENABLE_SUBIDS + "v:w:V:W:" + #endif /* ENABLE_SUBIDS */ +@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv) + user_pass = optarg; + pflg = true; + break; ++ case 'P': ++ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ pflg = true; ++ break; + case 'R': /* no-op, handled in process_root_flag () */ + break; + case 's': +-- +1.7.9.5 + diff --git a/meta/poky/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/poky/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch new file mode 100644 index 000000000..185590cab --- /dev/null +++ b/meta/poky/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch @@ -0,0 +1,41 @@ +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 +From: James Le Cuirot +Date: Sat, 23 Aug 2014 09:46:39 +0100 +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF + +This built-in check is simpler than the previous method and, most +importantly, works when cross-compiling. + +Upstream-Status: Accepted +[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f] + +Signed-off-by: Serge Hallyn +--- + configure.in | 14 ++++---------- + 1 file changed, 4 insertions(+), 10 deletions(-) + +diff --git a/configure.in b/configure.in +index 1a3f841..4a4d6d0 100644 +--- a/configure.in ++++ b/configure.in +@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then + dnl + dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc + dnl +- AC_RUN_IFELSE([AC_LANG_SOURCE([ +-#include +-int main(void) { +- uid_t u; +- gid_t g; +- return (sizeof u < 4) || (sizeof g < 4); +-} +- ])], [id32bit="yes"], [id32bit="no"]) +- +- if test "x$id32bit" = "xyes"; then ++ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) ++ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) ++ ++ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then + AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) + enable_subids="yes" + else diff --git a/meta/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch old mode 100755 new mode 100644 index 173e8a937..4fa3d184e --- a/meta/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/poky/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,8 +1,3 @@ -From d767f776e631f1493fd7b266f2026d630ecf70fe Mon Sep 17 00:00:00 2001 -From: Chen Qi -Date: Thu, 17 Jul 2014 15:53:34 +0800 -Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env - Upstream-Status: Inappropriate [OE specific] commonio.c: fix unexpected open failure in chroot environment @@ -15,16 +10,15 @@ Note that this patch doesn't change the logic in the code, it just expands the codes. Signed-off-by: Chen Qi - --- - lib/commonio.c | 16 ++++++++++++---- + lib/commonio.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index 9e0fde6..7c3a1da 100644 +index cc536bf..51cafd9 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -624,10 +624,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; @@ -47,3 +41,6 @@ index 9e0fde6..7c3a1da 100644 db->fp = NULL; if (fd >= 0) { #ifdef WITH_TCB +-- +1.7.9.5 + diff --git a/meta/poky/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/meta/poky/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch new file mode 100644 index 000000000..02cb91aaf --- /dev/null +++ b/meta/poky/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch @@ -0,0 +1,28 @@ +Upstream-Status: Pending + +Subject: fix installation failure with subids disabled + +Signed-off-by: Chen Qi +--- + src/Makefile.am | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 25e288d..076f8ef 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -52,7 +52,10 @@ usbin_PROGRAMS = \ + noinst_PROGRAMS = id sulogin + + suidbins = su +-suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap ++suidubins = chage chfn chsh expiry gpasswd newgrp passwd ++if ENABLE_SUBIDS ++suidubins += newgidmap newuidmap ++endif + if ACCT_TOOLS_SETUID + suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod + endif +-- +1.7.9.5 + diff --git a/meta/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd b/meta/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd old mode 100755 new mode 100644 index b769d92ba..9e3efa68b --- a/meta/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd +++ b/meta/poky/meta/recipes-extended/shadow/files/pam.d/chpasswd @@ -1,6 +1,4 @@ # The PAM configuration file for the Shadow 'chpasswd' service # -auth sufficient pam_rootok.so -account required pam_permit.so password include common-password diff --git a/meta/poky/meta/recipes-extended/shadow/files/pam.d/newusers b/meta/poky/meta/recipes-extended/shadow/files/pam.d/newusers old mode 100755 new mode 100644 index 4c59dfa47..4aa3dde48 --- a/meta/poky/meta/recipes-extended/shadow/files/pam.d/newusers +++ b/meta/poky/meta/recipes-extended/shadow/files/pam.d/newusers @@ -1,6 +1,4 @@ # The PAM configuration file for the Shadow 'newusers' service # -auth sufficient pam_rootok.so -account required pam_permit.so password include common-password diff --git a/meta/poky/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch b/meta/poky/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch old mode 100755 new mode 100644 index cc833362e..1af04d5fe --- a/meta/poky/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch +++ b/meta/poky/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch @@ -1,37 +1,26 @@ -From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001 -From: Shan Hai -Date: Tue, 13 Sep 2016 13:45:46 +0800 -Subject: [PATCH] shadow: use relaxed usernames The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from CentOS release 7.0 to relax the usernames restrictions to allow the upper case group names, and the relaxation is -POSIX compliant because POSIX indicate that usernames are composed of +POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. Upstream-Status: Pending -Signed-off-by: Shan Hai +Signed-off-by: Shan Hai ---- - libmisc/chkname.c | 30 ++++++++++++++++++------------ - man/groupadd.8.xml | 6 ------ - man/useradd.8.xml | 8 +------- - 3 files changed, 19 insertions(+), 25 deletions(-) - -diff --git a/libmisc/chkname.c b/libmisc/chkname.c -index 90f185c..65762b4 100644 +diff -urpN a/libmisc/chkname.c b/libmisc/chkname.c +index 5089112..f40a0da 100644 --- a/libmisc/chkname.c +++ b/libmisc/chkname.c -@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name) - } - +@@ -49,21 +49,28 @@ + static bool is_valid_name (const char *name) + { /* - * User/group names must match [a-z_][a-z0-9_-]*[$] - */ -- - if (('\0' == *name) || - !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + * User/group names must match gnu e-regex: @@ -66,28 +55,28 @@ index 90f185c..65762b4 100644 return false; } } -diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml -index 1e58f09..d804b61 100644 +diff -urpN a/man/groupadd.8.xml b/man/groupadd.8.xml +index 230fd0c..94f7807 100644 --- a/man/groupadd.8.xml +++ b/man/groupadd.8.xml -@@ -272,12 +272,6 @@ - +@@ -222,12 +222,6 @@ CAVEATS -- + - Groupnames must start with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - - +- Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. -diff --git a/man/useradd.8.xml b/man/useradd.8.xml -index a16d730..c0bd777 100644 + +diff -urpN a/man/useradd.8.xml b/man/useradd.8.xml +index 5dec989..fe623b9 100644 --- a/man/useradd.8.xml +++ b/man/useradd.8.xml -@@ -366,7 +366,7 @@ +@@ -336,7 +336,7 @@ @@ -96,16 +85,16 @@ index a16d730..c0bd777 100644 wide setting from /etc/login.defs () is set to yes. -@@ -660,12 +660,6 @@ - the user account creation request. +@@ -607,12 +607,6 @@ -- + - Usernames must start with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - - +- Usernames may only be up to 32 characters long. + diff --git a/meta/poky/meta/recipes-extended/shadow/files/useradd b/meta/poky/meta/recipes-extended/shadow/files/useradd deleted file mode 100755 index 782aeef41..000000000 --- a/meta/poky/meta/recipes-extended/shadow/files/useradd +++ /dev/null @@ -1,8 +0,0 @@ -# useradd defaults file -GROUP=100 -HOME=/home -INACTIVE=-1 -EXPIRE= -SHELL=/bin/sh -SKEL=/etc/skel -CREATE_MAIL_SPOOL=no diff --git a/meta/poky/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/meta/poky/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch new file mode 100644 index 000000000..37dc153fc --- /dev/null +++ b/meta/poky/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch @@ -0,0 +1,33 @@ +Upstream-Status: Pending + +usermod: fix compilation failure with subids disabled + +Signed-off-by: Chen Qi +--- + src/usermod.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/usermod.c b/src/usermod.c +index e7d4351..685b50a 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv) + Prog, (unsigned long) user_newid); + exit (E_UID_IN_USE); + } +- ++#ifdef ENABLE_SUBIDS + if ( (vflg || Vflg) + && !is_sub_uid) { + fprintf (stderr, +@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv) + Prog, sub_gid_dbname (), "-w", "-W"); + exit (E_USAGE); + } ++#endif + } + + /* +-- +1.7.9.5 + diff --git a/meta/poky/meta/recipes-extended/shadow/shadow-securetty_4.6.bb b/meta/poky/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb old mode 100755 new mode 100644 similarity index 100% rename from meta/poky/meta/recipes-extended/shadow/shadow-securetty_4.6.bb rename to meta/poky/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb diff --git a/meta/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/poky/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb old mode 100755 new mode 100644 similarity index 72% rename from meta/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb rename to meta/poky/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb index e05fa237a..ef014628f --- a/meta/poky/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/meta/poky/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb @@ -1,8 +1,8 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass" -HOMEPAGE = "http://github.com/shadow-maint/shadow" -BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" +HOMEPAGE = "http://pkg-shadow.alioth.debian.org" +BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" SECTION = "base utils" -LICENSE = "BSD-3-Clause | Artistic-1.0" +LICENSE = "BSD | Artistic-1.0" LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" DEPENDS = "base-passwd" @@ -14,6 +14,9 @@ PR = "r3" # can add custom users/groups for recipes that use inherit useradd. SRC_URI = "file://login.defs_shadow-sysroot" +SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" +SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" + S = "${WORKDIR}" do_install() { @@ -24,8 +27,6 @@ do_install() { SYSROOT_DIRS += "${sysconfdir}" # don't create any packages -# otherwise: dbus-dev depends on shadow-sysroot-dev which depends on shadow-sysroot +# otherwise: dbus-dev depends on shadow-sysroot-dev which depends on shadow-sysroot # and this has another copy of /etc/login.defs already provided by shadow PACKAGES = "" - -inherit nopackages diff --git a/meta/poky/meta/recipes-extended/shadow/shadow.inc b/meta/poky/meta/recipes-extended/shadow/shadow.inc old mode 100755 new mode 100644 index 0f3af3f4d..f79565b35 --- a/meta/poky/meta/recipes-extended/shadow/shadow.inc +++ b/meta/poky/meta/recipes-extended/shadow/shadow.inc @@ -1,36 +1,42 @@ SUMMARY = "Tools to change and administer password and group data" -HOMEPAGE = "http://github.com/shadow-maint/shadow" -DESCRIPTION = "${SUMMARY}" -BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" +HOMEPAGE = "http://pkg-shadow.alioth.debian.org" +BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" SECTION = "base/utils" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=c9a450b7be84eac23e6353efecb60b5b \ - file://src/passwd.c;beginline=2;endline=30;md5=758c26751513b6795395275969dd3be1 \ - " +LICENSE = "BSD | Artistic-1.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ + file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661" +DEPENDS = "shadow-native" +DEPENDS_class-native = "" +DEPENDS_class-nativesdk = "" -UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" -SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}.tar.gz \ +SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://shadow-4.1.3-dots-in-usernames.patch \ + file://usermod-fix-compilation-failure-with-subids-disabled.patch \ + file://fix-installation-failure-with-subids-disabled.patch \ + file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ + file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://shadow-relaxed-usernames.patch \ - file://useradd \ " SRC_URI_append_class-target = " \ file://login_defs_pam.sed \ file://shadow-update-pam-conf.patch \ + file://shadow-relaxed-usernames.patch \ " SRC_URI_append_class-native = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ + file://allow-for-setting-password-in-clear-text.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ + file://0001-useradd.c-create-parent-directories-when-necessary.patch \ " SRC_URI_append_class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ " -SRC_URI[sha256sum] = "f262089be6a1011d50ec7849e14571b7b2e788334368f3dccb718513f17935ed" +SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8" +SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -43,19 +49,19 @@ PAM_SRC_URI = "file://pam.d/chfn \ inherit autotools gettext -export CONFIG_SHELL="/bin/sh" - -EXTRA_OECONF += "--without-libcrack \ +EXTRA_OECONF += "--without-audit \ + --without-libcrack \ + --without-selinux \ --with-group-name-max-length=24 \ --enable-subordinate-ids=yes \ - --without-sssd \ ${NSCDOPT}" NSCDOPT = "" NSCDOPT_class-native = "--without-nscd" NSCDOPT_class-nativesdk = "--without-nscd" -NSCDOPT_libc-glibc = "--with-nscd" - +NSCDOPT_libc-uclibc = " --without-nscd" +NSCDOPT_libc-glibc = "${@bb.utils.contains('DISTRO_FEATURES', 'libc-spawn', '--with-nscd', '--without-nscd', d)}" + PAM_PLUGINS = "libpam-runtime \ pam-plugin-faildelay \ pam-plugin-securetty \ @@ -69,17 +75,12 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-shells \ pam-plugin-rootok" -PAM_PLUGINS_remove_libc-musl = "pam-plugin-lastlog" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" -PACKAGECONFIG_class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" +PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" +PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" PACKAGECONFIG[acl] = "--with-acl,--without-acl,acl" -PACKAGECONFIG[audit] = "--with-audit,--without-audit,audit" -PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux libsemanage" RDEPENDS_${PN} = "shadow-securetty \ base-passwd \ @@ -114,16 +115,19 @@ do_install() { # Use proper encryption for passwords sed -i 's/^#ENCRYPT_METHOD.*$/ENCRYPT_METHOD SHA512/' ${D}${sysconfdir}/login.defs - install -d ${D}${sysconfdir}/default - install -m 0644 ${WORKDIR}/useradd ${D}${sysconfdir}/default + # Now we don't have a mail system. Disable mail creation for now. + sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd + sed -i '/^CREATE_MAIL_SPOOL/ s:^:#:' ${D}${sysconfdir}/default/useradd + + # Use users group by default + sed -i 's,^GROUP=1000,GROUP=100,g' ${D}${sysconfdir}/default/useradd } do_install_append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -m 0775 -d ${D}${localstatedir}/spool/mail - chown root:mail ${D}${localstatedir}/spool/mail + install -d ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ @@ -132,7 +136,7 @@ do_install_append() { sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs fi - install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} + install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} # Move binaries to the locations we want rm ${D}${sbindir}/vigr @@ -167,20 +171,23 @@ inherit update-alternatives ALTERNATIVE_PRIORITY = "200" -ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr nologin" -ALTERNATIVE_LINK_NAME[chfn] = "${bindir}/chfn" -ALTERNATIVE_LINK_NAME[chsh] = "${bindir}/chsh" +ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr" ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" -ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" ALTERNATIVE_${PN}-base = "newgrp groups login su" ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" -PACKAGE_WRITE_DEPS += "shadow-native" -pkg_postinst_${PN}_class-target () { +ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8" +ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5" +ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3" +ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1" +ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1" +ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8" + +pkg_postinst_${PN} () { if [ "x$D" != "x" ]; then rootarg="--root $D" else diff --git a/meta/poky/meta/recipes-extended/shadow/shadow_4.11.1.bb b/meta/poky/meta/recipes-extended/shadow/shadow_4.2.1.bb old mode 100755 new mode 100644 similarity index 70% rename from meta/poky/meta/recipes-extended/shadow/shadow_4.11.1.bb rename to meta/poky/meta/recipes-extended/shadow/shadow_4.2.1.bb index a095f5373..5675cb8cc --- a/meta/poky/meta/recipes-extended/shadow/shadow_4.11.1.bb +++ b/meta/poky/meta/recipes-extended/shadow/shadow_4.2.1.bb @@ -6,6 +6,5 @@ BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p BBCLASSEXTEND = "native nativesdk" -# Severity is low and marked as closed and won't fix. -# https://bugzilla.redhat.com/show_bug.cgi?id=884658 -CVE_CHECK_IGNORE += "CVE-2013-4235" + + diff --git a/meta/poky/meta/recipes-support/libusb/libusb-compat/0001-usb.h-Include-sys-types.h.patch b/meta/poky/meta/recipes-support/libusb/libusb-compat/0001-usb.h-Include-sys-types.h.patch new file mode 100644 index 000000000..b88440dec --- /dev/null +++ b/meta/poky/meta/recipes-support/libusb/libusb-compat/0001-usb.h-Include-sys-types.h.patch @@ -0,0 +1,30 @@ +From 340f911f9e3f4ff6b01682c5341c959060782af2 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Thu, 2 Apr 2015 19:18:45 -0700 +Subject: [PATCH] usb.h: Include sys/types.h + +We need the definitions for things like u_intX_t + +Upstream-Status: Pending + +Signed-off-by: Khem Raj +--- + libusb/usb.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libusb/usb.h b/libusb/usb.h +index 84e730f..caffae2 100644 +--- a/libusb/usb.h ++++ b/libusb/usb.h +@@ -31,6 +31,8 @@ + + #include + ++#include ++ + /* + * USB spec information + * +-- +2.1.4 + diff --git a/meta/poky/meta/recipes-support/libusb/libusb-compat_0.1.5.bb b/meta/poky/meta/recipes-support/libusb/libusb-compat_0.1.5.bb new file mode 100644 index 000000000..1ddbe238f --- /dev/null +++ b/meta/poky/meta/recipes-support/libusb/libusb-compat_0.1.5.bb @@ -0,0 +1,42 @@ +SUMMARY = "libusb-0.1 compatibility layer for libusb1" +DESCRIPTION = "libusb-0.1 compatible layer for libusb1, a drop-in replacement \ +that aims to look, feel and behave exactly like libusb-0.1" +HOMEPAGE = "http://www.libusb.org/" +BUGTRACKER = "http://www.libusb.org/report" +SECTION = "libs" + +LICENSE = "LGPLv2.1+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f2ac5f3ac4835e8f91324a26a590a423" +DEPENDS = "libusb1" + +# Few packages are known not to work with libusb-compat (e.g. libmtp-1.0.0), +# so here libusb-0.1 is removed completely instead of adding virtual/libusb0. +# Besides, libusb-0.1 uses a per 1ms polling that hurts a lot to power +# consumption. +PROVIDES = "libusb virtual/libusb0" +BBCLASSEXTEND = "native nativesdk" + +PE = "1" + +SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-compat-${PV}.tar.bz2 \ + file://0001-usb.h-Include-sys-types.h.patch \ + " + +SRC_URI[md5sum] = "2780b6a758a1e2c2943bdbf7faf740e4" +SRC_URI[sha256sum] = "404ef4b6b324be79ac1bfb3d839eac860fbc929e6acb1ef88793a6ea328bc55a" + +UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libusb/files/libusb-compat-0.1/" +UPSTREAM_CHECK_REGEX = "/libusb-compat-(?P(\d+[\.\-_]*)+)/$" + +BINCONFIG = "${bindir}/libusb-config" + +inherit autotools pkgconfig binconfig-disabled lib_package + +EXTRA_OECONF = "--libdir=${base_libdir}" + +do_install_append() { + install -d ${D}${libdir} + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + mv ${D}${base_libdir}/pkgconfig ${D}${libdir} + fi +} diff --git a/meta/poky/meta/recipes-support/libusb/libusb1/no-dll.patch b/meta/poky/meta/recipes-support/libusb/libusb1/no-dll.patch new file mode 100644 index 000000000..6e6bb83d1 --- /dev/null +++ b/meta/poky/meta/recipes-support/libusb/libusb1/no-dll.patch @@ -0,0 +1,19 @@ +As all invokes all-recursive which uses sub-makes to invoke all-am, the +resulting makefile wants to build libusb-1.0.la twice. In non-parallel builds +the second attempt is skipped as the target already exists, but in highly +parallel builds it's likely that two makes will be building libusb-1.0.la at the +same time. + +Solve this by removing the explicit all target, which as libusb-1.0.dll isn't +built under Linux is redundant anyway. + +Upstream-Status: Pending +Signed-off-by: Ross Burton + +diff --git a/libusb/Makefile.am b/libusb/Makefile.am +index 0cab0a0..c880213 100644 +--- a/libusb/Makefile.am ++++ b/libusb/Makefile.am +@@ -1,2 +0,0 @@ +-all: libusb-1.0.la libusb-1.0.dll +- diff --git a/meta/poky/meta/recipes-support/libusb/libusb1/run-ptest b/meta/poky/meta/recipes-support/libusb/libusb1/run-ptest deleted file mode 100755 index eaa47a2bc..000000000 --- a/meta/poky/meta/recipes-support/libusb/libusb1/run-ptest +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -echo -echo "---------------------------- libusb1 tests ---------------------------" -echo - -./stress | { \ -while read -r str -do - echo "$str" - if [ "${str#*Starting test run:}" != "$str" ] - then - name="${str#Starting test run: }" - name="${name%...}" - else - case "$str" in - "Success (0)") - echo "PASS: $name" - ;; - "Failure (1)" | "Error (2)") - echo "FAIL: $name" - ;; - "Skip (3)") - echo "SKIP: $name" - ;; - esac - fi -done -} diff --git a/meta/poky/meta/recipes-support/libusb/libusb1_1.0.20.bb b/meta/poky/meta/recipes-support/libusb/libusb1_1.0.20.bb new file mode 100644 index 000000000..4cad2d4be --- /dev/null +++ b/meta/poky/meta/recipes-support/libusb/libusb1_1.0.20.bb @@ -0,0 +1,35 @@ +SUMMARY = "Userspace library to access USB (version 1.0)" +HOMEPAGE = "http://libusb.sf.net" +BUGTRACKER = "http://www.libusb.org/report" +SECTION = "libs" + +LICENSE = "LGPLv2.1+" +LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" + +BBCLASSEXTEND = "native nativesdk" + +SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ + file://no-dll.patch \ + " + +SRC_URI[md5sum] = "1d4eb194eaaa2bcfbba28102768c7dbf" +SRC_URI[sha256sum] = "cb057190ba0a961768224e4dc6883104c6f945b2bf2ef90d7da39e7c1834f7ff" + +S = "${WORKDIR}/libusb-${PV}" + +inherit autotools pkgconfig + +# Don't configure udev by default since it will cause a circular +# dependecy with udev package, which depends on libusb +EXTRA_OECONF = "--libdir=${base_libdir} --disable-udev" + +do_install_append() { + install -d ${D}${libdir} + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + mv ${D}${base_libdir}/pkgconfig ${D}${libdir} + fi +} + +FILES_${PN} += "${base_libdir}/*.so.*" + +FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la" diff --git a/meta/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb b/meta/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb deleted file mode 100755 index 04dd4fb8b..000000000 --- a/meta/poky/meta/recipes-support/libusb/libusb1_1.0.26.bb +++ /dev/null @@ -1,47 +0,0 @@ -SUMMARY = "Userspace library to access USB (version 1.0)" -DESCRIPTION = "A cross-platform library to access USB devices from Linux, \ -macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace." -HOMEPAGE = "https://libusb.info" -BUGTRACKER = "http://www.libusb.org/report" -SECTION = "libs" - -LICENSE = "LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" - -BBCLASSEXTEND = "native nativesdk" - -SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \ - file://run-ptest \ - " - -UPSTREAM_CHECK_URI = "https://github.com/libusb/libusb/releases" - -SRC_URI[sha256sum] = "12ce7a61fc9854d1d2a1ffe095f7b5fac19ddba095c259e6067a46500381b5a5" - -S = "${WORKDIR}/libusb-${PV}" - -inherit autotools pkgconfig ptest - -PACKAGECONFIG_class-target ??= "udev" -PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" - -EXTRA_OECONF = "--libdir=${base_libdir}" - -do_install_append() { - install -d ${D}${libdir} - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - mv ${D}${base_libdir}/pkgconfig ${D}${libdir} - fi -} - -do_compile_ptest() { - oe_runmake -C tests stress -} - -do_install_ptest() { - install -m 755 ${B}/tests/.libs/stress ${D}${PTEST_PATH} -} - -FILES_${PN} += "${base_libdir}/*.so.*" - -FILES_${PN}-dev += "${base_libdir}/*.so ${base_libdir}/*.la"