From patchwork Wed Apr 20 11:54:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Kjellerstedt X-Patchwork-Id: 6892 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADD53C48BD2 for ; Thu, 21 Apr 2022 16:46:07 +0000 (UTC) Received: from smtp1.axis.com (smtp1.axis.com [195.60.68.17]) by mx.groups.io with SMTP id smtpd.web12.6676.1650455671295916355 for ; Wed, 20 Apr 2022 04:54:32 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@axis.com header.s=axis-central1 header.b=f+Zvryis; spf=pass (domain: axis.com, ip: 195.60.68.17, mailfrom: peter.kjellerstedt@axis.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axis.com; q=dns/txt; s=axis-central1; t=1650455671; x=1681991671; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=rzTcBlpuE/znAvjq0s6kFnTu++iCBej8VAyA7Fv0Ct0=; b=f+Zvryis0e4Fzv7BC3nUOJWtZdGHk8sLvSjmWe7X4KjQKH+QrDc9Vgp7 Og/5Meo8z8PoR7kRjYO7sXMtrmmTzzSC39zf/ktPfJDhx2Z/K5k2gQ0Qk TPwU+vN48ffHffDVgcCWAaa0n6axX2+dfBuYU9N4ENtUBwWs3RXwbLLZf 6rjOb6KlrfmffwoRo4vfsOlmDuqe+4cRG8VQKWDFBwLUZX1nRN6CT+fUp 6ye83tkRKKWc+BgcygQGk/+xESz0Q/z8/QbR/m5YFEdIF7zRigTT8xIwu X0Irahqs+bGdpTtlbtG5J3Kr5jcfk9i5cvrx71kSr9um+Nb9qmI+YE4ML A==; From: Peter Kjellerstedt To: Subject: [honister][PATCH] shadow-native: Simplify and fix syslog disable patch Date: Wed, 20 Apr 2022 13:54:23 +0200 Message-ID: <20220420115423.27955-1-pkj@axis.com> X-Mailer: git-send-email 2.21.3 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 21 Apr 2022 16:46:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/164665 From: Richard Purdie Shadow is happily spamming the host syslog with messages and shouldn't be which suggests the patch isn't working. Redo it to work at the configure level which is simpler and hopefully more effective. This is a squashed cherry-pick of commit 8f181686 (shadow-native: Simplify and fix syslog disable patch) and commit e1f21d0d (shadow: Disable the use of syslog() for the native tools). Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie --- ...01-Disable-use-of-syslog-for-sysroot.patch | 150 +++++------------- 1 file changed, 39 insertions(+), 111 deletions(-) diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch index 95728bcd3f..628db42136 100644 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch @@ -1,124 +1,52 @@ -From 30a3906a0a21120fa6bbc918b6258ab9303fbeaa Mon Sep 17 00:00:00 2001 -From: Scott Garman -Date: Thu, 14 Apr 2016 12:28:57 +0200 -Subject: [PATCH] Disable use of syslog for sysroot +From 8b845fff891798a03bdf21354b52e4487c2c0200 Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Thu, 14 Apr 2022 23:11:53 +0000 +Subject: [PATCH] Disable use of syslog for shadow-native tools Disable use of syslog to prevent sysroot user and group additions from writing entries to the host's syslog. This patch should only be used with the shadow-native recipe. -Upstream-Status: Inappropriate [disable feature] - -Signed-off-by: Scott Garman +Upstream-Status: Inappropriate [OE specific configuration] +Signed-off-by: Richard Purdie Signed-off-by: Peter Kjellerstedt -Signed-off-by: Chen Qi --- - src/groupadd.c | 3 +++ - src/groupdel.c | 3 +++ - src/groupmems.c | 3 +++ - src/groupmod.c | 3 +++ - src/useradd.c | 3 +++ - src/userdel.c | 4 ++++ - src/usermod.c | 3 +++ - 7 files changed, 22 insertions(+) + configure.ac | 2 +- + src/login_nopam.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) -diff --git a/src/groupadd.c b/src/groupadd.c -index d7f68b1..5fe5f43 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include - #include - #include -diff --git a/src/groupdel.c b/src/groupdel.c -index 5c89312..2aefc5a 100644 ---- a/src/groupdel.c -+++ b/src/groupdel.c -@@ -34,6 +34,9 @@ - +diff --git a/configure.ac b/configure.ac +index 5dcae19..b2c58f5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -204,7 +204,7 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd", + [Path to passwd program.]) + + dnl XXX - quick hack, should disappear before anyone notices :). +-AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) ++#AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().]) + if test "$ac_cv_func_ruserok" = "yes"; then + AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.]) + AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).]) +diff --git a/src/login_nopam.c b/src/login_nopam.c +index df6ba88..fc24e13 100644 +--- a/src/login_nopam.c ++++ b/src/login_nopam.c +@@ -29,7 +29,6 @@ + #ifndef USE_PAM #ident "$Id$" -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include - #include - #include -diff --git a/src/groupmems.c b/src/groupmems.c -index 654a8f3..6b2026b 100644 ---- a/src/groupmems.c -+++ b/src/groupmems.c -@@ -32,6 +32,9 @@ - - #include - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include - #include - #include -diff --git a/src/groupmod.c b/src/groupmod.c -index acd6f35..a2c5247 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include - #include - #include -diff --git a/src/useradd.c b/src/useradd.c -index 127177e..b80e505 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include - #include - #include -diff --git a/src/userdel.c b/src/userdel.c -index 79a7c89..c1e010a 100644 ---- a/src/userdel.c -+++ b/src/userdel.c -@@ -31,6 +31,10 @@ - */ - - #include -+ -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include - #include - #include -diff --git a/src/usermod.c b/src/usermod.c -index 03bb9b9..e15fdd4 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" +-#include "prototypes.h" + /* + * This module implements a simple but effective form of login access + * control based on login names and on host (or domain) names, internet +@@ -57,6 +56,8 @@ + #include + #include /* for inet_ntoa() */ -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG ++#include "prototypes.h" + - #include - #include - #include + #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) + #undef MAXHOSTNAMELEN + #define MAXHOSTNAMELEN 256