[OE-core] [PATCH 1/2] util-linux: fix "su -" and package su separately
Patrick Ohly
patrick.ohly at intel.com
Wed Jul 12 08:44:11 UTC 2017
"su -" == "su --login" was broken because it uses /etc/pam.d/su-l and
lacking that, falls back to /etc/pam.d/other which denies the
operation. The fix is to symlink "su-l" to the normal "su" pam config
file.
Because "su" usually comes from "shadow" and has been broken like this
without anyone noticing, it probably is not used much and thus should
be packaged separately so that it can be installed only when really
needed. For backwards compatibility, "util-linux" still pulls it in.
It is a bit strange that DISTRO_FEATURES are getting checked when
deciding whether the packages should be defined. It is not wrong, the
packages will be simply empty and thus probably not created when the
distro feature is on and the package config is off. Perhaps there is a
reason, so this is kept unchanged. The symlink however only gets
created when su.util-linux really gets built.
[YOCTO #11126]
Signed-off-by: Patrick Ohly <patrick.ohly at intel.com>
---
meta/recipes-core/util-linux/util-linux.inc | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 1656e92..47c2839 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -35,7 +35,7 @@ PACKAGES =+ "util-linux-agetty util-linux-fdisk util-linux-cfdisk util-linux-sfd
util-linux-partx util-linux-hwclock util-linux-mountpoint \
util-linux-findfs util-linux-getopt util-linux-sulogin util-linux-prlimit"
PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'pylibmount', 'util-linux-pylibmount', '', d)}"
-PACKAGES =+ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser', '', d)}"
+PACKAGES =+ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser util-linux-su', '', d)}"
PACKAGES_DYNAMIC = "^util-linux-lib.*"
@@ -91,6 +91,8 @@ FILES_util-linux-findfs = "${sbindir}/findfs"
FILES_util-linux-getopt = "${base_bindir}/getopt.${BPN}"
FILES_util-linux-runuser = "${sbindir}/runuser"
FILES_util-linux-prlimit = "${bindir}/prlimit"
+FILES_util-linux-su = "${bindir}/su.util-linux ${sysconfdir}/pam.d/su-l"
+CONFFILES_util-linux-su = "${sysconfdir}/pam.d/su-l"
FILES_util-linux-pylibmount = "${PYTHON_SITEPACKAGES_DIR}/libmount/pylibmount.so \
${PYTHON_SITEPACKAGES_DIR}/libmount/__init__.* \
@@ -116,9 +118,10 @@ RREPLACES_util-linux-blkid = "e2fsprogs-blkid"
RDEPENDS_util-linux-reset += "ncurses"
RDEPENDS_util-linux-runuser += "libpam"
+RDEPENDS_util-linux-su += "libpam"
RDEPENDS_${PN} = "util-linux-umount util-linux-swaponoff util-linux-losetup util-linux-sulogin util-linux-lsblk"
-RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser', '', d)}"
+RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser util-linux-su', '', d)}"
RRECOMMENDS_${PN} = "util-linux-fdisk util-linux-cfdisk util-linux-sfdisk util-linux-mount util-linux-readprofile util-linux-mkfs util-linux-mountpoint util-linux-prlimit"
@@ -182,6 +185,12 @@ do_install () {
install -m 0644 ${WORKDIR}/runuser.pamd ${D}${sysconfdir}/pam.d/runuser
install -m 0644 ${WORKDIR}/runuser-l.pamd ${D}${sysconfdir}/pam.d/runuser-l
fi
+ if [ "${@bb.utils.filter('PACKAGECONFIG', 'pam', d)}" ]; then
+ # Required for "su -" aka "su --login" because
+ # otherwise it uses "other", which has "auth pam_deny.so"
+ # and thus prevents the operation.
+ ln -s su ${D}${sysconfdir}/pam.d/su-l
+ fi
}
# reset and nologin causes a conflict with ncurses-native and shadow-native
--
git-series 0.9.1
More information about the Openembedded-core
mailing list