[OE-core] [PATCH 1/1] glibc: re-package for libnss-db

Khem Raj raj.khem at gmail.com
Fri Aug 17 00:35:33 UTC 2018 


On 8/16/18 3:37 AM, Chen Qi wrote:
> On other distros like ubuntu/centos, libnss-db usually provides:
> - The libraries
> - The Makefile to create database
>   (in /var/db for centos, /var/lib/misc/ for ubuntu)
> - The makedb command (it's in glibc-common for centos7)
> 
> What we had is:
> - The libraries are in glibc-extra-nss
> - The Makefile is removed
> - The makedb command is in glibc-utils (lack of dependency)
> 
> So when glibc-extra-nss is installed but glibc-utils is not,
> we see error like:
> nscd[165]: 165 checking for monitored file `/var/db/group.db': No such file or directory
> nscd[165]: 165 checking for monitored file `/var/db/passwd.db': No such file or directory
> 
> And there is not an easy way to create these databases.
> 
> To fix the issue:
> - Re-package the libraries into libnss-db
> - Don't remove the Makefile and add it in libnss-db
> - Add RDEPENDS for libnss-db on glibc-utils
> - Provide a shell script, makedbs.sh, to generate the db files.
>   This is to avoid dependency on 'make'.
> 
> Notes:
> 1. For external toolchain, an extra package 'libnss-db' need to be provided
>    If replacing glibc from core.
> 2. I've check the git history of nss/db-Makefile, the last two functionality
>    fix is as below.
>    - fix non-portable `echo -n` usage   --  Date:   Thu Aug 6 04:14:20 2015 -0400
>    - Fix db makefile rule for group.db  --  Date:   Fri Nov 11 14:43:36 2011 +0100
>    So I think this file is stable enough. And using makedbs.sh which is crafted according
>    to that file is not likely to cause maintanence problem.


using a shell script instead of Makefile is worthwhile change to submit
upstream. Please go ahead and submit it to glibc mailing lists.

Overall the changes look ok to me.
> 
> Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
> ---
>  meta/recipes-core/glibc/glibc-package.inc |   6 +-
>  meta/recipes-core/glibc/glibc/makedbs.sh  | 177 ++++++++++++++++++++++++++++++
>  meta/recipes-core/glibc/glibc_2.28.bb     |   1 +
>  3 files changed, 182 insertions(+), 2 deletions(-)
>  create mode 100755 meta/recipes-core/glibc/glibc/makedbs.sh
> 
> diff --git a/meta/recipes-core/glibc/glibc-package.inc b/meta/recipes-core/glibc/glibc-package.inc
> index 07ce75d..9ea41b7 100644
> --- a/meta/recipes-core/glibc/glibc-package.inc
> +++ b/meta/recipes-core/glibc/glibc-package.inc
> @@ -1,6 +1,6 @@
>  INHIBIT_SYSROOT_STRIP = "1"
>  
> -PACKAGES = "${PN}-dbg catchsegv sln nscd ldd tzcode glibc-thread-db ${PN}-pic libcidn libmemusage libsegfault ${PN}-pcprofile libsotruss ${PN} ${PN}-utils glibc-extra-nss ${PN}-dev ${PN}-staticdev ${PN}-doc"
> +PACKAGES = "${PN}-dbg catchsegv sln nscd ldd tzcode glibc-thread-db ${PN}-pic libcidn libmemusage libnss-db libsegfault ${PN}-pcprofile libsotruss ${PN} ${PN}-utils glibc-extra-nss ${PN}-dev ${PN}-staticdev ${PN}-doc"
>  
>  # The ld.so in this glibc supports the GNU_HASH
>  RPROVIDES_${PN} = "eglibc rtld(GNU_HASH)"
> @@ -23,6 +23,8 @@ FILES_ldd = "${bindir}/ldd"
>  FILES_libsegfault = "${base_libdir}/libSegFault*"
>  FILES_libcidn = "${base_libdir}/libcidn-*.so ${base_libdir}/libcidn.so.*"
>  FILES_libmemusage = "${base_libdir}/libmemusage.so"
> +FILES_libnss-db = "${base_libdir}/libnss_db.so.* ${base_libdir}/libnss_db-*.so ${localstatedir}/db/Makefile ${localstatedir}/db/makedbs.sh"
> +RDEPENDS_libnss-db = "${PN}-utils"
>  FILES_glibc-extra-nss = "${base_libdir}/libnss_*-*.so ${base_libdir}/libnss_*.so.*"
>  FILES_sln = "${base_sbindir}/sln"
>  FILES_${PN}-pic = "${libdir}/*_pic.a ${libdir}/*_pic.map ${libdir}/libc_pic/*.o"
> @@ -59,7 +61,6 @@ inherit libc-common multilib_header
>  
>  do_install_append () {
>  	rm -f ${D}${sysconfdir}/localtime
> -	rm -rf ${D}${localstatedir}
>  
>  	# remove empty glibc dir
>  	if [ -d ${D}${libexecdir} ]; then
> @@ -95,6 +96,7 @@ do_install_append () {
>  	install -d ${D}${localstatedir}/db/nscd
>  	install -m 0755 ${S}/nscd/nscd.init ${D}${sysconfdir}/init.d/nscd
>  	install -m 0755 ${S}/nscd/nscd.conf ${D}${sysconfdir}/nscd.conf
> +	install -m 0755 ${WORKDIR}/makedbs.sh ${D}${localstatedir}/db
>  	sed -i "s%daemon%start-stop-daemon --start --exec%g" ${D}${sysconfdir}/init.d/nscd
>  	sed -i "s|\(enable-cache\t\+netgroup\t\+\)yes|\1no|" ${D}${sysconfdir}/nscd.conf
>  
> diff --git a/meta/recipes-core/glibc/glibc/makedbs.sh b/meta/recipes-core/glibc/glibc/makedbs.sh
> new file mode 100755
> index 0000000..7d51a67
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/makedbs.sh
> @@ -0,0 +1,177 @@
> +#!/bin/sh
> +
> +#
> +# Make passwd.db, group.db, etc.
> +#
> +
> +VAR_DB=/var/db
> +
> +# Use make if available
> +if [ -x /usr/bin/make -o -x /bin/make ]; then
> +	make -C $VAR_DB
> +	exit 0
> +fi
> +
> +# No make available, do it in hard way
> +
> +# passwd.db
> +if [ -e /etc/passwd ]; then
> +target=$VAR_DB/passwd.db
> +echo -n "passwd... "
> +awk 'BEGIN { FS=":"; OFS=":" } \
> + /^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { printf ".%s ", $$1; print; \
> +	   printf "=%s ", $$3; print }' /etc/passwd | \
> +makedb --quiet -o $target -
> +echo "done."
> +fi
> +
> +# group.db
> +if [ -e /etc/group ]; then
> +target=$VAR_DB/group.db
> +echo -n "group... "
> +awk 'BEGIN { FS=":"; OFS=":" } \
> + /^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { printf ".%s ", $$1; print; \
> +	   printf "=%s ", $$3; print; \
> +	   if ($$4 != "") { \
> +	     split($$4, grmems, ","); \
> +	     for (memidx in grmems) { \
> +	       mem=grmems[memidx]; \
> +	       if (members[mem] == "") \
> +		 members[mem]=$$3; \
> +	       else \
> +		 members[mem]=members[mem] "," $$3; \
> +	     } \
> +	     delete grmems; } } \
> + END { for (mem in members) \
> +	 printf ":%s %s %s\n", mem, mem, members[mem]; }' /etc/group | \
> +makedb --quiet -o $target -
> +echo "done."
> +fi
> +
> +# ethers.db
> +if [ -e /etc/ethers ]; then
> +target=$VAR_DB/ethers.db
> +echo -n "ethers... "
> +awk '/^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { printf ".%s ", $$1; print; \
> +	   printf "=%s ", $$2; print }' /etc/ethers | \
> +makedb --quiet -o $target -
> +echo "done."
> +fi
> +
> +# protocols.db
> +if [ -e /etc/protocols ]; then
> +target=$VAR_DB/protocols.db
> +echo -n "protocols... "
> +awk '/^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { printf ".%s ", $$1; print; \
> +	   printf "=%s ", $$2; print; \
> +	   for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
> +	     { printf ".%s ", $$i; print } }' /etc/protocols | \
> +makedb --quiet -o $target -
> +echo "done."
> +fi
> +
> +# rpc.db
> +if [ -e /etc/rpc ]; then
> +target=$VAR_DB/rpc.db
> +echo -n "rpc... "
> +awk '/^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { printf ".%s ", $$1; print; \
> +	   printf "=%s ", $$2; print; \
> +	   for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
> +	     { printf ".%s ", $$i; print } }' /etc/rpc | \
> +makedb --quiet -o $target -
> +echo "done."
> +fi
> +
> +# services.db
> +if [ -e /etc/services ]; then
> +target=$VAR_DB/services.db
> +echo -n "services... "
> +awk 'BEGIN { FS="[ \t/]+" } \
> + /^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { sub(/[ \t]*#.*$$/, "");\
> +	   printf ":%s/%s ", $$1, $$3; print; \
> +	   printf ":%s/ ", $$1; print; \
> +	   printf "=%s/%s ", $$2, $$3; print; \
> +	   printf "=%s/ ", $$2; print; \
> +	   for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \
> +	     { printf ":%s/%s ", $$i, $$3; print; \
> +	       printf ":%s/ ", $$i; print } }' /etc/services | \
> +makedb --quiet -o $target -
> +echo "done."
> +fi
> +
> +# shadow.db
> +if [ -e /etc/shadow ]; then
> +target=$VAR_DB/shadow.db
> +echo -n "shadow... "
> +awk 'BEGIN { FS=":"; OFS=":" } \
> + /^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { printf ".%s ", $$1; print }' /etc/shadow | \
> +(umask 077 && makedb --quiet -o $target -)
> +echo "done."
> +if chgrp shadow $target 2>/dev/null; then
> +	chmod g+r $target
> +else
> +	chown 0 $target; chgrp 0 $target; chmod 600 $target;
> +	echo
> +	echo "Warning: The shadow password database $target"
> +	echo "has been set to be readable only by root.  You may want"
> +	echo "to make it readable by the \`shadow' group depending"
> +	echo "on your configuration."
> +	echo
> +fi
> +fi
> +
> +# gshadow.db
> +if [ -e /etc/gshadow ]; then
> +target=$VAR_DB/gshadow.db
> +echo -n "gshadow... "
> +awk 'BEGIN { FS=":"; OFS=":" } \
> + /^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { printf ".%s ", $$1; print }' /etc/gshadow | \
> +(umask 077 && makedb --quiet -o $target -)
> +echo "done."
> +if chgrp shadow $target 2>/dev/null; then
> +	chmod g+r $target
> +else
> +	chown 0 $target; chgrp 0 $target; chmod 600 $target
> +	echo
> +	echo "Warning: The shadow group database $target"
> +	echo "has been set to be readable only by root.  You may want"
> +	echo "to make it readable by the \`shadow' group depending"
> +	echo "on your configuration."
> +	echo
> +fi
> +fi
> +
> +# netgroup.db
> +if [ -e /etc/netgroup ]; then
> +target=$VAR_DB/netgroup.db
> +echo -n "netgroup... "
> +awk 'BEGIN { ini=1 } \
> + /^[ \t]*$$/ { next } \
> + /^[ \t]*#/ { next } \
> + /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \
> +	   else end=""; \
> +	   gsub(/[ \t]+/, " "); \
> +	   sub(/^[ \t]*/, ""); \
> +	   if (ini == 0) printf "%s%s", $$0, end; \
> +	   else printf ".%s %s%s", $$1, $$0, end; \
> +	   ini=end == "" ? 0 : 1; } \
> + END { if (ini==0) printf "\n" }' /etc/netgroup | \
> +makedb --quiet -o $target
> +echo "done."
> +fi
> diff --git a/meta/recipes-core/glibc/glibc_2.28.bb b/meta/recipes-core/glibc/glibc_2.28.bb
> index 95e333d..0ebbaf9 100644
> --- a/meta/recipes-core/glibc/glibc_2.28.bb
> +++ b/meta/recipes-core/glibc/glibc_2.28.bb
> @@ -17,6 +17,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)"
>  SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
>             file://etc/ld.so.conf \
>             file://generate-supported.mk \
> +           file://makedbs.sh \
>             \
>             ${NATIVESDKFIXES} \
>             file://0006-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch \
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20180816/32ece405/attachment-0002.sig>

More information about the Openembedded-core mailing list