[OE-core] [PATCH] shadow: improve reproducibility by hard-coding shell path
ChenQi
Qi.Chen at windriver.com
Wed Nov 7 09:15:49 UTC 2018
On 11/07/2018 04:00 PM, Martin Hundebøll wrote:
> The shadow configure script tries really hard to detect the running
> shell to make sure it doesn't do unsupported calls.
>
> On my system the shell is detected as /bin/sh, while a build in an
> ubuntu docker it resolves to /bin/bash. And since the shell path is
> baked into the target binaries through config.h, the build becomes
> inreproducible.
>
> Fix reproducibility by hard-coding the shell to be /bin/bash
>
> Signed-off-by: Martin Hundebøll <martin at geanix.com>
> ---
>
> I wasn't whether to use /bin/bash or /bin/sh; comments are welcome...
>
> meta/recipes-extended/shadow/shadow.inc | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
> index 0fa80a282a..8eacca6809 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -45,6 +45,8 @@ PAM_SRC_URI = "file://pam.d/chfn \
>
> inherit autotools gettext
>
> +export CONFIG_SHELL="/bin/bash"
> +
> EXTRA_OECONF += "--without-audit \
> --without-libcrack \
> --without-selinux \
I'd suggest we use '/bin/sh', as long as it does not bring in any problem.
I noticed that the recipe has substitution in do_install.
sed -i 's:/bin/bash:/bin/sh:g' ${D}${sysconfdir}/default/useradd
Best Regards,
Chen Qi
More information about the Openembedded-core
mailing list