[OE-core] [PATCH] shadow: Split securetty into a separate recipe

Martin Jansa martin.jansa at gmail.com
Wed Jan 25 13:56:48 UTC 2012 

On Tue, Jan 24, 2012 at 05:10:23PM +0000, Richard Purdie wrote:
> The securetty file is machine specific whilst the rest of the shadow recipe
> is not. Unfortunately making the recipce machine specific is both inefficient
> and also causes dependency problems since parts of the system such as the useradd
> code depend upon it and this introduces a machine specific element to sstate
> checksums which should not be machine specific.
> 
> To resolve this, this patch separates out the file into a separate recipe
> meaning the machine specific components are isolated.
> 
> Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

Acked-by: Martin Jansa <Martin.Jansa at gmail.com>

> ---
> diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb
> new file mode 100644
> index 0000000..e391d24
> --- a/dev/null
> +++ b/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb
> @@ -0,0 +1,29 @@
> +SUMMARY = "Provider of the machine specific securetty file"
> +DESCRIPTION = "Provider of the machine specific securetty file"
> +SECTION = "base utils"
> +LICENSE = "MIT"
> +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
> +
> +INHIBIT_DEFAULT_DEPS = "1"
> +
> +SRC_URI = "file://securetty"
> +
> +# Since we deduce our arch from ${SERIAL_CONSOLE}
> +PACKAGE_ARCH = "${MACHINE_ARCH}"
> +
> +do_install () {
> +	# Ensure we add a suitable securetty file to the package that has
> +	# most common embedded TTYs defined.
> +	if [ ! -z "${SERIAL_CONSOLE}" ]; then
> +		# Our SERIAL_CONSOLE contains a baud rate and sometimes a -L
> +		# option as well. The following pearl :) takes that and converts
> +		# it into newline-separated tty's and appends them into
> +		# securetty. So if a machine has a weird looking console device
> +		# node (e.g. ttyAMA0) that securetty does not know, it will get
> +		# appended to securetty and root logins will be allowed on that
> +		# console.
> +		echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]"  >> ${WORKDIR}/securetty
> +	fi
> +	install -d ${D}${sysconfdir}
> +	install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 
> +}
> diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> index dddac2c..a69eb7c 100644
> --- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> +++ b/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
> @@ -8,13 +8,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \
>                      file://src/passwd.c;firstline=8;endline=30;md5=2899a045e90511d0e043b85a7db7e2fe"
>  
>  DEPENDS = "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> -RDEPENDS_${PN} = "${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
> -PR = "r6"
> +RDEPENDS_${PN} = "shadow-securetty ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
> +PR = "r7"
>  
>  SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.bz2 \
>             file://login_defs_pam.sed \
>             ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> -           file://securetty \
>             file://shadow.automake-1.11.patch \
>             file://shadow-4.1.3-dots-in-usernames.patch \
>             file://shadow-4.1.4.2-env-reset-keep-locale.patch \
> @@ -27,9 +26,6 @@ SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9
>  
>  inherit autotools gettext
>  
> -# Since we deduce our arch from ${SERIAL_CONSOLE}
> -PACKAGE_ARCH = "${MACHINE_ARCH}"
> -
>  EXTRA_OECONF += "--without-audit \
>                   --without-libcrack \
>                   ${@base_contains('DISTRO_FEATURES', 'pam', '--with-libpam', '--without-libpam', d)} \
> @@ -101,20 +97,6 @@ do_install_append() {
>  	# lead rpm failed dependencies.
>  	ln -sf vipw.${PN} ${D}${base_sbindir}/vigr.${PN}
>  	ln -sf newgrp.${PN} ${D}${bindir}/sg
> -
> -	# Ensure we add a suitable securetty file to the package that has
> -	# most common embedded TTYs defined.
> -	if [ ! -z "${SERIAL_CONSOLE}" ]; then
> -		# Our SERIAL_CONSOLE contains a baud rate and sometimes a -L
> -		# option as well. The following pearl :) takes that and converts
> -		# it into newline-separated tty's and appends them into
> -		# securetty. So if a machine has a weird looking console device
> -		# node (e.g. ttyAMA0) that securetty does not know, it will get
> -		# appended to securetty and root logins will be allowed on that
> -		# console.
> -		echo "${SERIAL_CONSOLE}" | sed -e 's/[0-9][0-9]\|\-L//g'|tr "[ ]" "[\n]"  >> ${WORKDIR}/securetty
> -	fi
> -	install -m 0400 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty 
>  }
>  
>  pkg_postinst_${PN} () {
> 
> 
> 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20120125/70e6cdf6/attachment-0002.sig>

More information about the Openembedded-core mailing list