[OE-core] [PATCH] shadow: update to 4.7
Oleksandr Kravchuk
open.source at oleksandr-kravchuk.com
Wed Jul 3 02:46:21 UTC 2019
Chen -
Absolutely. Just explain me how I can reproduce it, please.
On 03/07/2019 04:27, ChenQi wrote:
> Could you please help check if the following failure is related to
> this patch?
> https://autobuilder.yoctoproject.org/typhoon/#/builders/57/builds/763/steps/7/logs/step1b
>
>
> Best Regards,
> Chen Qi
>
> On 07/03/2019 04:52 AM, Oleksandr Kravchuk wrote:
>> Removed patches were upstreamed.
>>
>> Signed-off-by: Oleksandr Kravchuk <open.source at oleksandr-kravchuk.com>
>> ---
>> ...chg-shadow-field-reproducible-re.-71.patch | 89 --------------
>> ...te-parent-directories-when-necessary.patch | 116 ------------------
>> ...ettime-Use-secure_getenv-over-getenv.patch | 71 -----------
>> ...curetty_4.6.bb => shadow-securetty_4.7.bb} | 0
>> ...w-sysroot_4.6.bb => shadow-sysroot_4.7.bb} | 0
>> meta/recipes-extended/shadow/shadow.inc | 7 +-
>> .../shadow/{shadow_4.6.bb => shadow_4.7.bb} | 0
>> 7 files changed, 2 insertions(+), 281 deletions(-)
>> delete mode 100644
>> meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch
>> delete mode 100644
>> meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch
>> delete mode 100644
>> meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
>> rename meta/recipes-extended/shadow/{shadow-securetty_4.6.bb =>
>> shadow-securetty_4.7.bb} (100%)
>> rename meta/recipes-extended/shadow/{shadow-sysroot_4.6.bb =>
>> shadow-sysroot_4.7.bb} (100%)
>> rename meta/recipes-extended/shadow/{shadow_4.6.bb =>
>> shadow_4.7.bb} (100%)
>>
>> diff --git
>> a/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch
>> b/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch
>>
>> deleted file mode 100644
>> index de0ba3ebb4..0000000000
>> ---
>> a/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch
>> +++ /dev/null
>> @@ -1,89 +0,0 @@
>> -From fe34a2a0e44bc80ff213bfd185046a5f10c94997 Mon Sep 17 00:00:00 2001
>> -From: Chris Lamb <chris at chris-lamb.co.uk>
>> -Date: Wed, 2 Jan 2019 18:06:16 +0000
>> -Subject: [PATCH 1/2] Make the sp_lstchg shadow field reproducible
>> (re. #71)
>> -
>> -From <https://github.com/shadow-maint/shadow/pull/71>:
>> -
>> -```
>> -The third field in the /etc/shadow file (sp_lstchg) contains the
>> date of
>> -the last password change expressed as the number of days since Jan
>> 1, 1970.
>> -As this is a relative time, creating a user today will result in:
>> -
>> -username:17238:0:99999:7:::
>> -whilst creating the same user tomorrow will result in:
>> -
>> -username:17239:0:99999:7:::
>> -This has an impact for the Reproducible Builds[0] project where we
>> aim to
>> -be independent of as many elements the build environment as possible,
>> -including the current date.
>> -
>> -This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
>> -environment variable (instead of Jan 1, 1970) if valid.
>> -```
>> -
>> -This updated PR adds some missing calls to gettime (). This was
>> originally
>> -filed by Johannes Schauer in Debian as #917773 [2].
>> -
>> -[0] https://reproducible-builds.org/
>> -[1] https://reproducible-builds.org/specs/source-date-epoch/
>> -[2] https://bugs.debian.org/917773
>> -
>> -Upstream-Status: Backport
>> -Signed-off-by: Alex Kiernan <alex.kiernan at gmail.com>
>> ----
>> - libmisc/pwd2spwd.c | 3 +--
>> - src/pwck.c | 2 +-
>> - src/pwconv.c | 2 +-
>> - 3 files changed, 3 insertions(+), 4 deletions(-)
>> -
>> -diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c
>> -index c1b9b29ac873..6799dd50d490 100644
>> ---- a/libmisc/pwd2spwd.c
>> -+++ b/libmisc/pwd2spwd.c
>> -@@ -40,7 +40,6 @@
>> - #include "prototypes.h"
>> - #include "defines.h"
>> - #include <pwd.h>
>> --extern time_t time (time_t *);
>> -
>> - /*
>> - * pwd_to_spwd - create entries for new spwd structure
>> -@@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
>> - */
>> - sp.sp_min = 0;
>> - sp.sp_max = (10000L * DAY) / SCALE;
>> -- sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
>> -+ sp.sp_lstchg = (long) gettime () / SCALE;
>> - if (0 == sp.sp_lstchg) {
>> - /* Better disable aging than requiring a password
>> - * change */
>> -diff --git a/src/pwck.c b/src/pwck.c
>> -index 0ffb711efb13..f70071b12500 100644
>> ---- a/src/pwck.c
>> -+++ b/src/pwck.c
>> -@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool
>> *changed)
>> - sp.sp_inact = -1;
>> - sp.sp_expire = -1;
>> - sp.sp_flag = SHADOW_SP_FLAG_UNSET;
>> -- sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
>> -+ sp.sp_lstchg = (long) gettime () / SCALE;
>> - if (0 == sp.sp_lstchg) {
>> - /* Better disable aging than
>> - * requiring a password change
>> -diff --git a/src/pwconv.c b/src/pwconv.c
>> -index 9c69fa131d8e..f932f266c59c 100644
>> ---- a/src/pwconv.c
>> -+++ b/src/pwconv.c
>> -@@ -267,7 +267,7 @@ int main (int argc, char **argv)
>> - spent.sp_flag = SHADOW_SP_FLAG_UNSET;
>> - }
>> - spent.sp_pwdp = pw->pw_passwd;
>> -- spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
>> -+ spent.sp_lstchg = (long) gettime () / SCALE;
>> - if (0 == spent.sp_lstchg) {
>> - /* Better disable aging than requiring a password
>> - * change */
>> ---
>> -2.17.1
>> -
>> diff --git
>> a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch
>> b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch
>>
>> deleted file mode 100644
>> index faa6f68ebe..0000000000
>> ---
>> a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch
>> +++ /dev/null
>> @@ -1,116 +0,0 @@
>> -Subject: [PATCH] useradd.c: create parent directories when necessary
>> -
>> -Upstream-Status: Inappropriate [OE specific]
>> -
>> -Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
>> ----
>> - src/useradd.c | 80
>> +++++++++++++++++++++++++++++++++++++++--------------------
>> - 1 file changed, 53 insertions(+), 27 deletions(-)
>> -
>> -diff --git a/src/useradd.c b/src/useradd.c
>> -index 00a3c30..9ecbb58 100644
>> ---- a/src/useradd.c
>> -+++ b/src/useradd.c
>> -@@ -2021,6 +2021,35 @@ static void usr_update (void)
>> - }
>> -
>> - /*
>> -+ * mkdir_p - create directories, including parent directories when
>> needed
>> -+ *
>> -+ * similar to `mkdir -p'
>> -+ */
>> -+void mkdir_p(const char *path) {
>> -+ int len = strlen(path);
>> -+ char newdir[len + 1];
>> -+ mode_t mode = 0755;
>> -+ int i = 0;
>> -+
>> -+ if (path[i] == '\0') {
>> -+ return;
>> -+ }
>> -+
>> -+ /* skip the leading '/' */
>> -+ i++;
>> -+
>> -+ while(path[i] != '\0') {
>> -+ if (path[i] == '/') {
>> -+ strncpy(newdir, path, i);
>> -+ newdir[i] = '\0';
>> -+ mkdir(newdir, mode);
>> -+ }
>> -+ i++;
>> -+ }
>> -+ mkdir(path, mode);
>> -+}
>> -+
>> -+/*
>> - * create_home - create the user's home directory
>> - *
>> - * create_home() creates the user's home directory if it does not
>> -@@ -2038,39 +2067,36 @@ static void create_home (void)
>> - fail_exit (E_HOMEDIR);
>> - }
>> - #endif
>> -- /* XXX - create missing parent directories. --marekm */
>> -- if (mkdir (prefix_user_home, 0) != 0) {
>> -- fprintf (stderr,
>> -- _("%s: cannot create directory %s\n"),
>> -- Prog, prefix_user_home);
>> -+ mkdir_p(user_home);
>> -+ }
>> -+ if (access (prefix_user_home, F_OK) != 0) {
>> - #ifdef WITH_AUDIT
>> -- audit_logger (AUDIT_ADD_USER, Prog,
>> -- "adding home directory",
>> -- user_name, (unsigned int) user_id,
>> -- SHADOW_AUDIT_FAILURE);
>> -+ audit_logger (AUDIT_ADD_USER, Prog,
>> -+ "adding home directory",
>> -+ user_name, (unsigned int) user_id,
>> -+ SHADOW_AUDIT_FAILURE);
>> - #endif
>> -- fail_exit (E_HOMEDIR);
>> -- }
>> -- (void) chown (prefix_user_home, user_id, user_gid);
>> -- chmod (prefix_user_home,
>> -- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
>> -- home_added = true;
>> -+ fail_exit (E_HOMEDIR);
>> -+ }
>> -+ (void) chown (prefix_user_home, user_id, user_gid);
>> -+ chmod (prefix_user_home,
>> -+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
>> -+ home_added = true;
>> - #ifdef WITH_AUDIT
>> -- audit_logger (AUDIT_ADD_USER, Prog,
>> -- "adding home directory",
>> -- user_name, (unsigned int) user_id,
>> -- SHADOW_AUDIT_SUCCESS);
>> -+ audit_logger (AUDIT_ADD_USER, Prog,
>> -+ "adding home directory",
>> -+ user_name, (unsigned int) user_id,
>> -+ SHADOW_AUDIT_SUCCESS);
>> - #endif
>> - #ifdef WITH_SELINUX
>> -- /* Reset SELinux to create files with default contexts */
>> -- if (reset_selinux_file_context () != 0) {
>> -- fprintf (stderr,
>> -- _("%s: cannot reset SELinux file creation
>> context\n"),
>> -- Prog);
>> -- fail_exit (E_HOMEDIR);
>> -- }
>> --#endif
>> -+ /* Reset SELinux to create files with default contexts */
>> -+ if (reset_selinux_file_context () != 0) {
>> -+ fprintf (stderr,
>> -+ _("%s: cannot reset SELinux file creation context\n"),
>> -+ Prog);
>> -+ fail_exit (E_HOMEDIR);
>> - }
>> -+#endif
>> - }
>> -
>> - /*
>> ---
>> -2.11.0
>> -
>> diff --git
>> a/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
>> b/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
>>
>> deleted file mode 100644
>> index 8c8234d038..0000000000
>> ---
>> a/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch
>> +++ /dev/null
>> @@ -1,71 +0,0 @@
>> -From 3d921155e0a761f61c8f1ec37328724aee1e2eda Mon Sep 17 00:00:00 2001
>> -From: Chris Lamb <chris at chris-lamb.co.uk>
>> -Date: Sun, 31 Mar 2019 15:59:45 +0100
>> -Subject: [PATCH 2/2] gettime: Use secure_getenv over getenv.
>> -
>> -Upstream-Status: Backport
>> -Signed-off-by: Alex Kiernan <alex.kiernan at gmail.com>
>> ----
>> - README | 1 +
>> - configure.ac | 3 +++
>> - lib/defines.h | 6 ++++++
>> - libmisc/gettime.c | 2 +-
>> - 4 files changed, 11 insertions(+), 1 deletion(-)
>> -
>> -diff --git a/README b/README
>> -index 952ac5787f06..26cfff1e8fa8 100644
>> ---- a/README
>> -+++ b/README
>> -@@ -51,6 +51,7 @@ Brian R. Gaeke <brg at dgate.org>
>> - Calle Karlsson <ckn at kash.se>
>> - Chip Rosenthal <chip at unicom.com>
>> - Chris Evans <lady0110 at sable.ox.ac.uk>
>> -+Chris Lamb <chris at chris-lamb.co.uk>
>> - Cristian Gafton <gafton at sorosis.ro>
>> - Dan Walsh <dwalsh at redhat.com>
>> - Darcy Boese <possum at chardonnay.niagara.com>
>> -diff --git a/configure.ac b/configure.ac
>> -index da236722766b..a738ad662cc3 100644
>> ---- a/configure.ac
>> -+++ b/configure.ac
>> -@@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
>> - AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
>> -
>> - AC_CHECK_FUNC(setpgrp)
>> -+AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
>> -+ 1,
>> -+ [Defined to 1 if you have
>> the declaration of 'secure_getenv'])])
>> -
>> - if test "$ac_cv_header_shadow_h" = "yes"; then
>> - AC_CACHE_CHECK(for working shadow group support,
>> -diff --git a/lib/defines.h b/lib/defines.h
>> -index cded1417fd12..2fb1b56eca6b 100644
>> ---- a/lib/defines.h
>> -+++ b/lib/defines.h
>> -@@ -382,4 +382,10 @@ extern char *strerror ();
>> - # endif
>> - #endif
>> -
>> -+#ifdef HAVE_SECURE_GETENV
>> -+# define shadow_getenv(name) secure_getenv(name)
>> -+# else
>> -+# define shadow_getenv(name) getenv(name)
>> -+#endif
>> -+
>> - #endif /* _DEFINES_H_ */
>> -diff --git a/libmisc/gettime.c b/libmisc/gettime.c
>> -index 53eaf51670bb..0e25a4b75061 100644
>> ---- a/libmisc/gettime.c
>> -+++ b/libmisc/gettime.c
>> -@@ -52,7 +52,7 @@
>> - unsigned long long epoch;
>> -
>> - fallback = time (NULL);
>> -- source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
>> -+ source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");
>> -
>> - if (!source_date_epoch)
>> - return fallback;
>> ---
>> -2.17.1
>> -
>> diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.6.bb
>> b/meta/recipes-extended/shadow/shadow-securetty_4.7.bb
>> similarity index 100%
>> rename from meta/recipes-extended/shadow/shadow-securetty_4.6.bb
>> rename to meta/recipes-extended/shadow/shadow-securetty_4.7.bb
>> diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
>> b/meta/recipes-extended/shadow/shadow-sysroot_4.7.bb
>> similarity index 100%
>> rename from meta/recipes-extended/shadow/shadow-sysroot_4.6.bb
>> rename to meta/recipes-extended/shadow/shadow-sysroot_4.7.bb
>> diff --git a/meta/recipes-extended/shadow/shadow.inc
>> b/meta/recipes-extended/shadow/shadow.inc
>> index 7f82d20826..219d0d276a 100644
>> --- a/meta/recipes-extended/shadow/shadow.inc
>> +++ b/meta/recipes-extended/shadow/shadow.inc
>> @@ -11,8 +11,6 @@ DEPENDS = "virtual/crypt"
>> UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
>> SRC_URI =
>> "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz
>> \
>> file://shadow-4.1.3-dots-in-usernames.patch \
>> -
>> file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch \
>> - file://0002-gettime-Use-secure_getenv-over-getenv.patch \
>>
>> file://0001-configure.ac-fix-configure-error-with-dash.patch \
>> ${@bb.utils.contains('PACKAGECONFIG', 'pam',
>> '${PAM_SRC_URI}', '', d)} \
>> "
>> @@ -27,14 +25,13 @@ SRC_URI_append_class-native = " \
>> file://0001-Disable-use-of-syslog-for-sysroot.patch \
>> file://allow-for-setting-password-in-clear-text.patch \
>>
>> file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
>> -
>> file://0001-useradd.c-create-parent-directories-when-necessary.patch \
>> "
>> SRC_URI_append_class-nativesdk = " \
>> file://0001-Disable-use-of-syslog-for-sysroot.patch \
>> "
>> -SRC_URI[md5sum] = "36feb15665338ae3de414f2a88e434db"
>> -SRC_URI[sha256sum] =
>> "4668f99bd087399c4a586084dc3b046b75f560720d83e92fd23bf7a89dda4d31"
>> +SRC_URI[md5sum] = "eb66cc4e5166fba8854eb805ec0bab63"
>> +SRC_URI[sha256sum] =
>> "5135b0ca2a361a218fab59e63d9c1720d2a8fc1faa520c819a654b638017286f"
>> # Additional Policy files for PAM
>> PAM_SRC_URI = "file://pam.d/chfn \
>> diff --git a/meta/recipes-extended/shadow/shadow_4.6.bb
>> b/meta/recipes-extended/shadow/shadow_4.7.bb
>> similarity index 100%
>> rename from meta/recipes-extended/shadow/shadow_4.6.bb
>> rename to meta/recipes-extended/shadow/shadow_4.7.bb
>
>
More information about the Openembedded-core
mailing list