Patchwork [V5,0/2] shadow: upgrade from 4.1.4.3 to 4.2.1

login
register
mail settings
Submitter Qi.Chen@windriver.com
Date July 17, 2014, 7:53 a.m.
Message ID <cover.1405583236.git.Qi.Chen@windriver.com>
Download mbox
Permalink /patch/75885/
State Accepted
Commit 012a572e861d95d35c97a4da34dbad6d93cc9962
Headers show

Pull-request

git://git.openembedded.org/openembedded-core-contrib ChenQi/shadow-4.2.1

Comments

Qi.Chen@windriver.com - July 17, 2014, 7:53 a.m.
The following changes since commit 846bc50fde11bbb36c8eb5b2e3ae6bb644c037f3:

  ltp: use "foreign" automake strictness (2014-07-16 10:27:16 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib ChenQi/shadow-4.2.1
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=ChenQi/shadow-4.2.1

Chen Qi (2):
  shadow: upgrade from 4.1.4.3 to 4.2.1
  oeqa: fix return status in pam.py to match shadow-4.2.1

 meta/lib/oeqa/runtime/pam.py                       |    6 +-
 ...-create-parent-directories-when-necessary.patch |  109 ++
 .../shadow/files/add_root_cmd_groupmems.patch      |   75 --
 .../shadow/files/add_root_cmd_options.patch        | 1384 --------------------
 .../allow-for-setting-password-in-clear-text.patch |  215 ++-
 ...fix-unexpected-open-failure-in-chroot-env.patch |   46 +
 .../shadow/files/fix-etc-gshadow-reading.patch     |   36 -
 ...installation-failure-with-subids-disabled.patch |   28 +
 .../shadow-4.1.4.2-env-reset-keep-locale.patch     |   31 -
 .../files/shadow-4.1.4.2-groupmod-pam-check.patch  |   36 -
 .../files/shadow-4.1.4.2-su_no_sanitize_env.patch  |   31 -
 .../shadow/files/shadow.automake-1.11.patch        |  106 --
 .../files/shadow_fix_for_automake-1.12.patch       |   23 -
 .../files/slackware_fix_for_glib-2.17_crypt.patch  |   63 -
 meta/recipes-extended/shadow/files/useradd.patch   |   17 -
 ...-compilation-failure-with-subids-disabled.patch |   33 +
 ...uretty_4.1.4.3.bb => shadow-securetty_4.2.1.bb} |    0
 ...-sysroot_4.1.4.3.bb => shadow-sysroot_4.2.1.bb} |    0
 meta/recipes-extended/shadow/shadow.inc            |   36 +-
 .../shadow/{shadow_4.1.4.3.bb => shadow_4.2.1.bb}  |    0
 20 files changed, 336 insertions(+), 1939 deletions(-)
 create mode 100644 meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch
 delete mode 100644 meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch
 delete mode 100644 meta/recipes-extended/shadow/files/add_root_cmd_options.patch
 create mode 100644 meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
 delete mode 100644 meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch
 create mode 100644 meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
 delete mode 100644 meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch
 delete mode 100644 meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch
 delete mode 100644 meta/recipes-extended/shadow/files/useradd.patch
 create mode 100644 meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch
 rename meta/recipes-extended/shadow/{shadow-securetty_4.1.4.3.bb => shadow-securetty_4.2.1.bb} (100%)
 rename meta/recipes-extended/shadow/{shadow-sysroot_4.1.4.3.bb => shadow-sysroot_4.2.1.bb} (100%)
 rename meta/recipes-extended/shadow/{shadow_4.1.4.3.bb => shadow_4.2.1.bb} (100%)
Richard Purdie - July 21, 2014, 8:27 a.m.
On Thu, 2014-07-17 at 15:53 +0800, Chen Qi wrote:
> The following changes since commit 846bc50fde11bbb36c8eb5b2e3ae6bb644c037f3:
> 
>   ltp: use "foreign" automake strictness (2014-07-16 10:27:16 +0100)
> 
> are available in the git repository at:
> 
>   git://git.openembedded.org/openembedded-core-contrib ChenQi/shadow-4.2.1
>   http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=ChenQi/shadow-4.2.1
> 
> Chen Qi (2):
>   shadow: upgrade from 4.1.4.3 to 4.2.1
>   oeqa: fix return status in pam.py to match shadow-4.2.1

I think but am not 100% sure this has introduced another regression:

https://autobuilder.yoctoproject.org/main/builders/nightly-oecore/builds/177

The issue is that X doesn't start in oe-core built images. It does work
correctly in poky. The issue is that the /etc/init.d/xserver-nodm script
returns:

root@qemuarm:/etc# /etc/init.d/xserver-nodm start
Starting Xserver
su: applet not found

or to be more specific:

root@qemuarm:/etc# su -l -c '/etc/X11/Xserver&' xuser
su: applet not found


The poky images appear to work since we install bash. If you remove bash
from packagegroup-core-device-devel.bb, the poky images will show the
same error.

I think this is something to do with the none-suid busybox binary not
containing su support, but why su is being called there, I don't know.
su is being provided by shadow in the image. If I make su provided by
busybox the problem also goes away.

Cheers,

Richard
Gary Thomas - July 21, 2014, 10:59 a.m.
On 2014-07-21 02:27, Richard Purdie wrote:
> On Thu, 2014-07-17 at 15:53 +0800, Chen Qi wrote:
>> The following changes since commit 846bc50fde11bbb36c8eb5b2e3ae6bb644c037f3:
>>
>>    ltp: use "foreign" automake strictness (2014-07-16 10:27:16 +0100)
>>
>> are available in the git repository at:
>>
>>    git://git.openembedded.org/openembedded-core-contrib ChenQi/shadow-4.2.1
>>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=ChenQi/shadow-4.2.1
>>
>> Chen Qi (2):
>>    shadow: upgrade from 4.1.4.3 to 4.2.1
>>    oeqa: fix return status in pam.py to match shadow-4.2.1
>
> I think but am not 100% sure this has introduced another regression:
>
> https://autobuilder.yoctoproject.org/main/builders/nightly-oecore/builds/177
>
> The issue is that X doesn't start in oe-core built images. It does work
> correctly in poky. The issue is that the /etc/init.d/xserver-nodm script
> returns:
>
> root@qemuarm:/etc# /etc/init.d/xserver-nodm start
> Starting Xserver
> su: applet not found
>
> or to be more specific:
>
> root@qemuarm:/etc# su -l -c '/etc/X11/Xserver&' xuser
> su: applet not found
>
>
> The poky images appear to work since we install bash. If you remove bash
> from packagegroup-core-device-devel.bb, the poky images will show the
> same error.
>
> I think this is something to do with the none-suid busybox binary not
> containing su support, but why su is being called there, I don't know.
> su is being provided by shadow in the image. If I make su provided by
> busybox the problem also goes away.

The problem (reported last week on the Yocto list) is su.shadow
changed how it behaves.  The old version would end up passing
the script off by
   6761  execve("/bin/sh", ["/bin/sh", "-c", "/etc/X11/Xserver"], [/* 7 vars */]) = 0
whereas the new version does
   961   execve("/bin/sh", ["-su", "-c", "/etc/X11/Xserver"], [/* 7 vars */]) = 0

I still haven't figured out why su.shadow now behaves this way.
Richard Purdie - July 21, 2014, 6:16 p.m.
On Mon, 2014-07-21 at 04:59 -0600, Gary Thomas wrote:
> On 2014-07-21 02:27, Richard Purdie wrote:
> > On Thu, 2014-07-17 at 15:53 +0800, Chen Qi wrote:
> >> The following changes since commit 846bc50fde11bbb36c8eb5b2e3ae6bb644c037f3:
> >>
> >>    ltp: use "foreign" automake strictness (2014-07-16 10:27:16 +0100)
> >>
> >> are available in the git repository at:
> >>
> >>    git://git.openembedded.org/openembedded-core-contrib ChenQi/shadow-4.2.1
> >>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=ChenQi/shadow-4.2.1
> >>
> >> Chen Qi (2):
> >>    shadow: upgrade from 4.1.4.3 to 4.2.1
> >>    oeqa: fix return status in pam.py to match shadow-4.2.1
> >
> > I think but am not 100% sure this has introduced another regression:
> >
> > https://autobuilder.yoctoproject.org/main/builders/nightly-oecore/builds/177
> >
> > The issue is that X doesn't start in oe-core built images. It does work
> > correctly in poky. The issue is that the /etc/init.d/xserver-nodm script
> > returns:
> >
> > root@qemuarm:/etc# /etc/init.d/xserver-nodm start
> > Starting Xserver
> > su: applet not found
> >
> > or to be more specific:
> >
> > root@qemuarm:/etc# su -l -c '/etc/X11/Xserver&' xuser
> > su: applet not found
> >
> >
> > The poky images appear to work since we install bash. If you remove bash
> > from packagegroup-core-device-devel.bb, the poky images will show the
> > same error.
> >
> > I think this is something to do with the none-suid busybox binary not
> > containing su support, but why su is being called there, I don't know.
> > su is being provided by shadow in the image. If I make su provided by
> > busybox the problem also goes away.
> 
> The problem (reported last week on the Yocto list) is su.shadow
> changed how it behaves.  The old version would end up passing
> the script off by
>    6761  execve("/bin/sh", ["/bin/sh", "-c", "/etc/X11/Xserver"], [/* 7 vars */]) = 0
> whereas the new version does
>    961   execve("/bin/sh", ["-su", "-c", "/etc/X11/Xserver"], [/* 7 vars */]) = 0

Hmm, busybox is interpreting that "-su" as an argument to call su, which
busybox.nosuid doesn't have within it as an applet, hence the error
message.

> I still haven't figured out why su.shadow now behaves this way.

That does indeed look like what we need to figure out...

Cheers,

Richard