| Message ID | 20231124141108.1397342-5-joakim.tjernlund@infinera.com |
|---|---|
| State | New, archived |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | Add sub dir for passwd files | expand |
> -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via lists.openembedded.org > Sent: den 24 november 2023 15:11 > To: openembedded-core@lists.openembedded.org > Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com> > Subject: [OE-core] [kirkstone][PATCH 4/4] shadow: Add PW_SUBDIR > > Add support for creating passwd files in a /etc subdir > Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb > > Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com> > --- > .../0001-Define-SUBUID_FILE-SUBGID_FILE.patch | 92 +++++++++++++++++++ > meta/recipes-extended/shadow/shadow.inc | 30 +++++- > 2 files changed, 118 insertions(+), 4 deletions(-) > create mode 100644 meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch > > diff --git a/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch > new file mode 100644 > index 0000000000..9f85159e97 > --- /dev/null > +++ b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch > @@ -0,0 +1,92 @@ > +From f605fb315faef7ddcad70d638f3b3aa16ea98fc0 Mon Sep 17 00:00:00 2001 > +From: Joakim Tjernlund <joakim.tjernlund@infinera.com> > +Date: Thu, 2 Nov 2023 00:27:10 +0100 > +Subject: [PATCH] Define SUBUID_FILE/SUBGID_FILE > + > +Upstream-Status: Backport, https://github.com/shadow-maint/shadow/commit/ee3a79c6952f8ca649c286c7f76639d9d1dedaad Follow the recommended syntax: Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/ee3a79c6952f8ca649c286c7f76639d9d1dedaad] > + > +These where hard coded, make them definable like SHADOW_FILE > + > +Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com> > +--- [cut] > diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc > index 3c1dd2f98e..bcb9b09a49 100644 > --- a/meta/recipes-extended/shadow/shadow.inc > +++ b/meta/recipes-extended/shadow/shadow.inc > @@ -18,6 +18,7 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP} > file://useradd \ > file://CVE-2023-29383.patch \ > file://0001-Overhaul-valid_field.patch \ > + file://0001-Define-SUBUID_FILE-SUBGID_FILE.patch \ > " > > SRC_URI:append:class-target = " \ > @@ -46,6 +47,21 @@ PAM_SRC_URI = "file://pam.d/chfn \ > file://pam.d/passwd \ > file://pam.d/su" > > +#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb > +PW_SUBDIR ?= "" > +PWPRE = "/etc/${PW_SUBDIR}" Use ${sysconfdir} instead of /etc. > +CFLAGS:append = ' -DPASSWD_FILE=\\"${PWPRE}/passwd\\"' > +CFLAGS:append = ' -DSHADOW_FILE=\\"${PWPRE}/shadow\\"' > +CFLAGS:append = ' -DGROUP_FILE=\\"${PWPRE}/group\\"' > +CFLAGS:append = ' -DSGROUP_FILE=\\"${PWPRE}/gshadow\\"' > +CFLAGS:append = ' -DSUBUID_FILE=\\"${PWPRE}/subuid\\"' > +CFLAGS:append = ' -DSUBGID_FILE=\\"${PWPRE}/subgid\\"' Use `CFLAGS += ...` instead of `CFLAGS:append = ...`: CFLAGS += ' \ -DPASSWD_FILE=\\"${PWPRE}/passwd\\" \ -DSHADOW_FILE=\\"${PWPRE}/shadow\\" \ -DGROUP_FILE=\\"${PWPRE}/group\\" \ -DSGROUP_FILE=\\"${PWPRE}/gshadow\\" \ -DSUBUID_FILE=\\"${PWPRE}/subuid\\" \ -DSUBGID_FILE=\\"${PWPRE}/subgid\\" \ ' > + > +#shadow has it own impl. that uses whatever dir passwd files are in > +do_configure:prepend () { > + sed -i -e 's/lckpwdf//' ${S}/configure.ac Use tabs to indent shell code. However, this should really be a patch... > +} > + > inherit autotools gettext > > export CONFIG_SHELL="/bin/sh" > @@ -157,9 +173,9 @@ do_install:append() { > # usermod requires the subuid/subgid files to be in place before being > # able to use the -v/-V flags otherwise it fails: > # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V > - install -d ${D}${sysconfdir} > - touch ${D}${sysconfdir}/subuid > - touch ${D}${sysconfdir}/subgid > + install -d ${D}${sysconfdir}/${PW_SUBDIR} > + touch ${D}${sysconfdir}/${PW_SUBDIR}/subuid > + touch ${D}${sysconfdir}/${PW_SUBDIR}/subgid > } > > PACKAGES =+ "${PN}-base" > @@ -193,12 +209,18 @@ ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" > > PACKAGE_WRITE_DEPS += "shadow-native" > pkg_postinst:${PN}:class-target () { > + install -d $D${sysconfdir}/${PW_SUBDIR} > if [ "x$D" != "x" ]; then > rootarg="--root $D" > else > rootarg="" > fi > - > + if [ -n "${PW_SUBDIR}" ]; then > + ln -fs ${PW_SUBDIR}/subuid $D${sysconfdir}/subuid > + ln -fs ${PW_SUBDIR}/subgid $D${sysconfdir}/subgid > + ln -fs ${PW_SUBDIR}/shadow $D${sysconfdir}/shadow > + ln -fs ${PW_SUBDIR}/gshadow $D${sysconfdir}/gshadow Inconsistent indentation (mix of tabs and spaces). This also applies to the old code above, but with a different number of spaces... > + fi > pwconv $rootarg || exit 1 > grpconv $rootarg || exit 1 > } > -- > 2.41.0 //Peter
diff --git a/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch new file mode 100644 index 0000000000..9f85159e97 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch @@ -0,0 +1,92 @@ +From f605fb315faef7ddcad70d638f3b3aa16ea98fc0 Mon Sep 17 00:00:00 2001 +From: Joakim Tjernlund <joakim.tjernlund@infinera.com> +Date: Thu, 2 Nov 2023 00:27:10 +0100 +Subject: [PATCH] Define SUBUID_FILE/SUBGID_FILE + +Upstream-Status: Backport, https://github.com/shadow-maint/shadow/commit/ee3a79c6952f8ca649c286c7f76639d9d1dedaad + +These where hard coded, make them definable like SHADOW_FILE + +Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com> +--- + lib/defines.h | 8 ++++++++ + lib/subordinateio.c | 6 +++--- + libmisc/prefix_flag.c | 8 ++++---- + 3 files changed, 15 insertions(+), 7 deletions(-) + +diff --git a/lib/defines.h b/lib/defines.h +index fc1521c..27b220f 100644 +--- a/lib/defines.h ++++ b/lib/defines.h +@@ -312,6 +312,14 @@ char *strchr (), *strrchr (), *strtok (); + #define SHADOW_FILE "/etc/shadow" + #endif + ++#ifndef SUBUID_FILE ++#define SUBUID_FILE "/etc/subuid" ++#endif ++ ++#ifndef SUBGID_FILE ++#define SUBGID_FILE "/etc/subgid" ++#endif ++ + #ifdef SHADOWGRP + #ifndef SGROUP_FILE + #define SGROUP_FILE "/etc/gshadow" +diff --git a/lib/subordinateio.c b/lib/subordinateio.c +index 9ca70b8..9ddc5e1 100644 +--- a/lib/subordinateio.c ++++ b/lib/subordinateio.c +@@ -206,7 +206,7 @@ static const struct subordinate_range *find_range(struct commonio_db *db, + /* + * We only do special handling for these two files + */ +- if ((0 != strcmp(db->filename, "/etc/subuid")) && (0 != strcmp(db->filename, "/etc/subgid"))) ++ if ((0 != strcmp(db->filename, SUBUID_FILE)) && (0 != strcmp(db->filename, SUBGID_FILE))) + return NULL; + + /* +@@ -554,7 +554,7 @@ static int remove_range (struct commonio_db *db, + } + + static struct commonio_db subordinate_uid_db = { +- "/etc/subuid", /* filename */ ++ SUBUID_FILE, /* filename */ + &subordinate_ops, /* ops */ + NULL, /* fp */ + #ifdef WITH_SELINUX +@@ -650,7 +650,7 @@ uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count) + } + + static struct commonio_db subordinate_gid_db = { +- "/etc/subgid", /* filename */ ++ SUBGID_FILE, /* filename */ + &subordinate_ops, /* ops */ + NULL, /* fp */ + #ifdef WITH_SELINUX +diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c +index d4dfbc2..0e7dfa7 100644 +--- a/libmisc/prefix_flag.c ++++ b/libmisc/prefix_flag.c +@@ -120,14 +120,14 @@ extern const char* process_prefix_flag (const char* short_opt, int argc, char ** + spw_setdbname(spw_db_file); + + #ifdef ENABLE_SUBIDS +- len = strlen(prefix) + strlen("/etc/subuid") + 2; ++ len = strlen(prefix) + strlen(SUBUID_FILE) + 2; + suid_db_file = xmalloc(len); +- snprintf(suid_db_file, len, "%s/%s", prefix, "/etc/subuid"); ++ snprintf(suid_db_file, len, "%s/%s", prefix, SUBUID_FILE); + sub_uid_setdbname(suid_db_file); + +- len = strlen(prefix) + strlen("/etc/subgid") + 2; ++ len = strlen(prefix) + strlen(SUBGID_FILE) + 2; + sgid_db_file = xmalloc(len); +- snprintf(sgid_db_file, len, "%s/%s", prefix, "/etc/subgid"); ++ snprintf(sgid_db_file, len, "%s/%s", prefix, SUBGID_FILE); + sub_gid_setdbname(sgid_db_file); + #endif + +-- +2.41.0 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 3c1dd2f98e..bcb9b09a49 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -18,6 +18,7 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP} file://useradd \ file://CVE-2023-29383.patch \ file://0001-Overhaul-valid_field.patch \ + file://0001-Define-SUBUID_FILE-SUBGID_FILE.patch \ " SRC_URI:append:class-target = " \ @@ -46,6 +47,21 @@ PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/passwd \ file://pam.d/su" +#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb +PW_SUBDIR ?= "" +PWPRE = "/etc/${PW_SUBDIR}" +CFLAGS:append = ' -DPASSWD_FILE=\\"${PWPRE}/passwd\\"' +CFLAGS:append = ' -DSHADOW_FILE=\\"${PWPRE}/shadow\\"' +CFLAGS:append = ' -DGROUP_FILE=\\"${PWPRE}/group\\"' +CFLAGS:append = ' -DSGROUP_FILE=\\"${PWPRE}/gshadow\\"' +CFLAGS:append = ' -DSUBUID_FILE=\\"${PWPRE}/subuid\\"' +CFLAGS:append = ' -DSUBGID_FILE=\\"${PWPRE}/subgid\\"' + +#shadow has it own impl. that uses whatever dir passwd files are in +do_configure:prepend () { + sed -i -e 's/lckpwdf//' ${S}/configure.ac +} + inherit autotools gettext export CONFIG_SHELL="/bin/sh" @@ -157,9 +173,9 @@ do_install:append() { # usermod requires the subuid/subgid files to be in place before being # able to use the -v/-V flags otherwise it fails: # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V - install -d ${D}${sysconfdir} - touch ${D}${sysconfdir}/subuid - touch ${D}${sysconfdir}/subgid + install -d ${D}${sysconfdir}/${PW_SUBDIR} + touch ${D}${sysconfdir}/${PW_SUBDIR}/subuid + touch ${D}${sysconfdir}/${PW_SUBDIR}/subgid } PACKAGES =+ "${PN}-base" @@ -193,12 +209,18 @@ ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" PACKAGE_WRITE_DEPS += "shadow-native" pkg_postinst:${PN}:class-target () { + install -d $D${sysconfdir}/${PW_SUBDIR} if [ "x$D" != "x" ]; then rootarg="--root $D" else rootarg="" fi - + if [ -n "${PW_SUBDIR}" ]; then + ln -fs ${PW_SUBDIR}/subuid $D${sysconfdir}/subuid + ln -fs ${PW_SUBDIR}/subgid $D${sysconfdir}/subgid + ln -fs ${PW_SUBDIR}/shadow $D${sysconfdir}/shadow + ln -fs ${PW_SUBDIR}/gshadow $D${sysconfdir}/gshadow + fi pwconv $rootarg || exit 1 grpconv $rootarg || exit 1 }
Add support for creating passwd files in a /etc subdir Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com> --- .../0001-Define-SUBUID_FILE-SUBGID_FILE.patch | 92 +++++++++++++++++++ meta/recipes-extended/shadow/shadow.inc | 30 +++++- 2 files changed, 118 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch