From patchwork Sat May 14 21:14:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Kjellerstedt X-Patchwork-Id: 8035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5473C433FE for ; Sat, 14 May 2022 21:15:04 +0000 (UTC) Received: from smtp2.axis.com (smtp2.axis.com [195.60.68.18]) by mx.groups.io with SMTP id smtpd.web11.10464.1652562897309316625 for ; Sat, 14 May 2022 14:14:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@axis.com header.s=axis-central1 header.b=mIkDteiQ; spf=pass (domain: axis.com, ip: 195.60.68.18, mailfrom: peter.kjellerstedt@axis.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axis.com; q=dns/txt; s=axis-central1; t=1652562898; x=1684098898; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=jSDnx5Ko9ug69fpk0fu1omE1Tmy1Hm/FBsSjkqmER5g=; b=mIkDteiQCM9BWWGP55FXvI+7Dng0q2+R3mAi+1c/8egJwNS4SAfYIg1U m6C8IWQ80i7Uo4we7BQWsEYhQRq9krh5OPjDbUHdbzy20AUIYm32OnPKB Y4bEZY0KSgOCCNNMiIIAHqo9rKEMWm166Cu6ezCNqrQ3kP4YjQpjR8gM2 wfCRQVNY/qtgglJeuDgFFJl77+LZqObeyYkEYthx3FeQfZyph3O4Krmzf yw1hudknVv64gxLtlCwktLCabYE5J3yy8wVsDSPEIZrQBLZyg+qql5G1X X+3qo4b5J+lKuhOJXSRkVFDkfS+n4OR56BDzV5+purvkzDHXcPdVHjXSV g==; From: Peter Kjellerstedt To: Subject: [PATCH 1/2] base-passwd: Regenerate the patches Date: Sat, 14 May 2022 23:14:49 +0200 Message-ID: <20220514211450.28115-1-pkj@axis.com> X-Mailer: git-send-email 2.21.3 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 May 2022 21:15:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165593 Signed-off-by: Peter Kjellerstedt --- .../0001-Add-a-shutdown-group.patch | 26 +++++++++++++++ ...nstead-of-bin-bash-for-the-root-user.patch | 23 +++++++++++++ ...t-since-we-do-not-have-an-etc-shadow.patch | 21 ++++++++++++ ...nput-group-for-the-dev-input-devices.patch | 23 +++++++++++++ .../{kvm.patch => 0005-Add-kvm-group.patch} | 2 +- ...006-Disable-shell-for-default-users.patch} | 5 +-- ...able-generation-of-the-documentation.patch | 32 +++++++++++++++++++ .../base-passwd/add_shutdown.patch | 19 ----------- .../base-passwd/disable-docs.patch | 24 -------------- .../base-passwd/base-passwd/input.patch | 22 ------------- .../base-passwd/base-passwd/nobash.patch | 15 --------- .../base-passwd/base-passwd/noshadow.patch | 14 -------- .../base-passwd/base-passwd_3.5.29.bb | 14 ++++---- 13 files changed, 134 insertions(+), 106 deletions(-) create mode 100644 meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch create mode 100644 meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch create mode 100644 meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch create mode 100644 meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch rename meta/recipes-core/base-passwd/base-passwd/{kvm.patch => 0005-Add-kvm-group.patch} (88%) rename meta/recipes-core/base-passwd/base-passwd/{disable-shell.patch => 0006-Disable-shell-for-default-users.patch} (96%) create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch delete mode 100644 meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch delete mode 100644 meta/recipes-core/base-passwd/base-passwd/disable-docs.patch delete mode 100644 meta/recipes-core/base-passwd/base-passwd/input.patch delete mode 100644 meta/recipes-core/base-passwd/base-passwd/nobash.patch delete mode 100644 meta/recipes-core/base-passwd/base-passwd/noshadow.patch diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch new file mode 100644 index 0000000000..e50efc9623 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0001-Add-a-shutdown-group.patch @@ -0,0 +1,26 @@ +From 8f3ace87df3aaad85946c22cae240532ea3e73b8 Mon Sep 17 00:00:00 2001 +From: Saul Wold +Date: Fri, 29 Apr 2022 13:32:27 +0000 +Subject: [PATCH] Add a shutdown group + +We need to have a shutdown group to allow the shutdown icon to work +correctly. Any users that want to use shutdown like the xuser should +be added to this group. + +Upstream-Status: Inappropriate [Embedded] +Signed-off-by: Saul Wold +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/group.master b/group.master +index ad1dd2d..1b5e2fb 100644 +--- a/group.master ++++ b/group.master +@@ -35,5 +35,6 @@ sasl:*:45: + plugdev:*:46: + staff:*:50: + games:*:60: ++shutdown:*:70: + users:*:100: + nogroup:*:65534: diff --git a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch new file mode 100644 index 0000000000..ea0256684b --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch @@ -0,0 +1,23 @@ +From 4411fc0df77566d52bee11ec0bad4be30a96e99e Mon Sep 17 00:00:00 2001 +From: Scott Garman +Date: Fri, 29 Apr 2022 13:32:27 +0000 +Subject: [PATCH] Use /bin/sh instead of /bin/bash for the root user + +/bin/bash may not be included in some images such as minimal. + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Scott Garman +--- + passwd.master | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/passwd.master b/passwd.master +index a01a6aa..b54ff51 100644 +--- a/passwd.master ++++ b/passwd.master +@@ -1,4 +1,4 @@ +-root:*:0:0:root:/root:/bin/bash ++root:*:0:0:root:/root:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/bin/sh + bin:*:2:2:bin:/bin:/bin/sh + sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch new file mode 100644 index 0000000000..88cc5be66c --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch @@ -0,0 +1,21 @@ +From 13a1a284a134d18a454625a5b4485c0d99079ae9 Mon Sep 17 00:00:00 2001 +From: Scott Garman +Date: Fri, 29 Apr 2022 13:32:28 +0000 +Subject: [PATCH] Remove "*" for root since we do not have an /etc/shadow + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Scott Garman +--- + passwd.master | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/passwd.master b/passwd.master +index b54ff51..e1c32ff 100644 +--- a/passwd.master ++++ b/passwd.master +@@ -1,4 +1,4 @@ +-root:*:0:0:root:/root:/bin/sh ++root::0:0:root:/root:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/bin/sh + bin:*:2:2:bin:/bin:/bin/sh + sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch new file mode 100644 index 0000000000..394a0f01d3 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0004-Add-an-input-group-for-the-dev-input-devices.patch @@ -0,0 +1,23 @@ +From c5f012750f8102ff54af73ccc2d2b7bfa1f26db4 Mon Sep 17 00:00:00 2001 +From: Darren Hart +Date: Fri, 29 Apr 2022 13:32:28 +0000 +Subject: [PATCH] Add an input group for the /dev/input/* devices + +Upstream-Status: Inappropriate [configuration] +Signed-off-by: Darren Hart +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/group.master b/group.master +index 1b5e2fb..cea9d60 100644 +--- a/group.master ++++ b/group.master +@@ -12,6 +12,7 @@ uucp:*:10: + man:*:12: + proxy:*:13: + kmem:*:15: ++input:*:19: + dialout:*:20: + fax:*:21: + voice:*:22: diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch similarity index 88% rename from meta/recipes-core/base-passwd/base-passwd/kvm.patch rename to meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch index 113d5151e7..72e6ee333c 100644 --- a/meta/recipes-core/base-passwd/base-passwd/kvm.patch +++ b/meta/recipes-core/base-passwd/base-passwd/0005-Add-kvm-group.patch @@ -1,4 +1,4 @@ -From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001 +From 6cf19461fb31d7a7a3010629aae9aab49c26a01b Mon Sep 17 00:00:00 2001 From: Jacob Kroon Date: Wed, 30 Jan 2019 04:53:48 +0000 Subject: [PATCH] Add kvm group diff --git a/meta/recipes-core/base-passwd/base-passwd/disable-shell.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch similarity index 96% rename from meta/recipes-core/base-passwd/base-passwd/disable-shell.patch rename to meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch index dddc93ca35..2bcb829d9c 100644 --- a/meta/recipes-core/base-passwd/base-passwd/disable-shell.patch +++ b/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch @@ -1,4 +1,4 @@ -From 91e0db96741359173ddf2be083aafcc1a3c32472 Mon Sep 17 00:00:00 2001 +From f35eb24213475d3024ad45297fd855c6abfbbac0 Mon Sep 17 00:00:00 2001 From: Jiaqing Zhao Date: Mon, 18 Apr 2022 11:22:43 +0800 Subject: [PATCH] Disable shell for default users @@ -52,6 +52,3 @@ index e1c32ff..0cd5ffd 100644 +irc:*:39:39:ircd:/var/run/ircd:/sbin/nologin +gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/sbin/nologin +nobody:*:65534:65534:nobody:/nonexistent:/sbin/nologin --- -2.32.0 - diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch new file mode 100644 index 0000000000..4a19f91c35 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch @@ -0,0 +1,32 @@ +From 7ccf8227cb10d78f1958a7a7feed75a390a6b133 Mon Sep 17 00:00:00 2001 +From: Saul Wold +Date: Fri, 29 Apr 2022 13:32:28 +0000 +Subject: [PATCH] Disable generation of the documentation + +It uses tools currently not supported by OE-Core. It uses sgmltools +and po4a. + +Upstream-Status: Inappropriate [OE-Core specific] +Signed-off-by: Saul Wold +--- + Makefile.in | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 9ba097c..d3ea47c 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -25,13 +25,10 @@ gen_configure = config.cache config.status config.log \ + confdefhs.h config.h Makefile + + all: update-passwd +- $(MAKE) -C doc all +- $(MAKE) -C man all + + install: all + mkdir -p $(DESTDIR)$(sbindir) + $(INSTALL) update-passwd $(DESTDIR)$(sbindir)/ +- $(MAKE) -C man install + + update-passwd.o: version.h + diff --git a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch b/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch deleted file mode 100644 index 5f357d8895..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/add_shutdown.patch +++ /dev/null @@ -1,19 +0,0 @@ - -We need to have a shutdown group to allow the shutdown icon -to work correctly. Any users that want to use shutdown like -the xuser should be added to this group. - -Upstream-Status: Inappropriate [Embedded] - -Signed-off-by: Saul Wold -Index: base-passwd-3.5.26/group.master -=================================================================== ---- base-passwd-3.5.26.orig/group.master -+++ base-passwd-3.5.26/group.master -@@ -36,5 +36,6 @@ sasl:*:45: - plugdev:*:46: - staff:*:50: - games:*:60: -+shutdown:*:70: - users:*:100: - nogroup:*:65534: diff --git a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch b/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch deleted file mode 100644 index 14c08b7484..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/disable-docs.patch +++ /dev/null @@ -1,24 +0,0 @@ -Disable documentation for now as it uses tools currently not supported -by OE-Core. It uses sgmltools and po4a. - -Upstream-Status: Inappropriate [OE-Core specific] -Signed-off-by: Saul Wold - -Index: base-passwd-3.5.28/Makefile.in -=================================================================== ---- base-passwd-3.5.28.orig/Makefile.in -+++ base-passwd-3.5.28/Makefile.in -@@ -25,13 +25,10 @@ gen_configure = config.cache config.stat - confdefhs.h config.h Makefile - - all: update-passwd -- $(MAKE) -C doc all -- $(MAKE) -C man all - - install: all - mkdir -p $(DESTDIR)$(sbindir) - $(INSTALL) update-passwd $(DESTDIR)$(sbindir)/ -- $(MAKE) -C man install - - update-passwd.o: version.h - diff --git a/meta/recipes-core/base-passwd/base-passwd/input.patch b/meta/recipes-core/base-passwd/base-passwd/input.patch deleted file mode 100644 index 3abbcad5d5..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/input.patch +++ /dev/null @@ -1,22 +0,0 @@ -Add an input group for the /dev/input/* devices. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Darren Hart - ---- - group.master | 1 + - 1 file changed, 1 insertion(+) - -Index: base-passwd-3.5.26/group.master -=================================================================== ---- base-passwd-3.5.26.orig/group.master -+++ base-passwd-3.5.26/group.master -@@ -12,6 +12,7 @@ uucp:*:10: - man:*:12: - proxy:*:13: - kmem:*:15: -+input:*:19: - dialout:*:20: - fax:*:21: - voice:*:22: diff --git a/meta/recipes-core/base-passwd/base-passwd/nobash.patch b/meta/recipes-core/base-passwd/base-passwd/nobash.patch deleted file mode 100644 index b5a692295b..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/nobash.patch +++ /dev/null @@ -1,15 +0,0 @@ -use /bin/sh instead of /bin/bash, since the latter may not be included in -some images such as minimal - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Scott Garman - ---- base-passwd/passwd.master~nobash -+++ base-passwd/passwd.master -@@ -1,4 +1,4 @@ --root:*:0:0:root:/root:/bin/bash -+root:*:0:0:root:/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch b/meta/recipes-core/base-passwd/base-passwd/noshadow.patch deleted file mode 100644 index e27bf7d9be..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/noshadow.patch +++ /dev/null @@ -1,14 +0,0 @@ -remove "*" for root since we don't have a /etc/shadow so far. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Scott Garman - ---- base-passwd/passwd.master~nobash -+++ base-passwd/passwd.master -@@ -1,4 +1,4 @@ --root:*:0:0:root:/root:/bin/sh -+root::0:0:root:/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb index ef7792ae49..e561599136 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb @@ -8,13 +8,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility" SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.gz \ - file://add_shutdown.patch \ - file://nobash.patch \ - file://noshadow.patch \ - file://input.patch \ - file://disable-docs.patch \ - file://kvm.patch \ - file://disable-shell.patch \ + file://0001-Add-a-shutdown-group.patch \ + file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \ + file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \ + file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ + file://0005-Add-kvm-group.patch \ + file://0006-Disable-shell-for-default-users.patch \ + file://0007-Disable-generation-of-the-documentation.patch \ " SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421" From patchwork Sat May 14 21:14:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Kjellerstedt X-Patchwork-Id: 8036 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4879C433EF for ; Sat, 14 May 2022 21:15:04 +0000 (UTC) Received: from smtp2.axis.com (smtp2.axis.com [195.60.68.18]) by mx.groups.io with SMTP id smtpd.web11.10464.1652562897309316625 for ; Sat, 14 May 2022 14:14:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@axis.com header.s=axis-central1 header.b=Io7vvzMP; spf=pass (domain: axis.com, ip: 195.60.68.18, mailfrom: peter.kjellerstedt@axis.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axis.com; q=dns/txt; s=axis-central1; t=1652562899; x=1684098899; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=gKUfe9nzmY40FbLiM+7mPkLVZwon6ckdbWTKi9tiDo0=; b=Io7vvzMPk5pV3LAA1XIhw/hihstQmewXCR+593cLL2wc0A4ADyD70Q3v CI0GWf5gF+wr+KwGdt9D3wkeEBRWNy95QUyBkqxapeLkEpL3T5ePRj6bW F+7/kN5sJWUug9g1dzxqKEH/oTuklPWdu9k3MKhFcOCIWwdA3Gzn/XRQ9 zRRb2R5SYR/tcBandtVsejjUEczxWBWWWbAqcbyV2KgXkjPxt2X7QNzta FFINEgc1HAx6baD7l9/2YjJru24AVm6M0OS3+sNwtoon9Bnh2wfBQiu10 fOS1q3p5QcWr7kAQSKPc/azZak7rYedN4lHTfhnZzhvOwBfFI3bQetlpW w==; From: Peter Kjellerstedt To: Subject: [PATCH 2/2] base-passwd: Update to 3.5.52 Date: Sat, 14 May 2022 23:14:50 +0200 Message-ID: <20220514211450.28115-2-pkj@axis.com> X-Mailer: git-send-email 2.21.3 In-Reply-To: <20220514211450.28115-1-pkj@axis.com> References: <20220514211450.28115-1-pkj@axis.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 May 2022 21:15:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/165594 * Add a patch to allow the use of debconf to be disabled. * Replace 0007-Disable-generation-of-the-documentation.patch with a new patch to disable the generation of the documentation using a configuration option. * Replace 0006-Disable-shell-for-default-users.patch with a sed expression that uses a variable, NOLOGIN, to specify what command to use for users that are not expected to login. This allows to use some other command than "nologin", e.g., "false". Also, by using ${base_sbindir}, it adheres to usrmerge being configured. Signed-off-by: Peter Kjellerstedt --- ...nstead-of-bin-bash-for-the-root-user.patch | 8 +- ...t-since-we-do-not-have-an-etc-shadow.patch | 8 +- ...0006-Disable-shell-for-default-users.patch | 54 -------- ...ble-to-build-without-debconf-support.patch | 129 ++++++++++++++++++ ...able-generation-of-the-documentation.patch | 32 ----- ...-to-disable-the-generation-of-the-do.patch | 46 +++++++ ...passwd_3.5.29.bb => base-passwd_3.5.52.bb} | 18 ++- 7 files changed, 194 insertions(+), 101 deletions(-) delete mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch create mode 100644 meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch delete mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch create mode 100644 meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch rename meta/recipes-core/base-passwd/{base-passwd_3.5.29.bb => base-passwd_3.5.52.bb} (89%) diff --git a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch index ea0256684b..09f8cfea9c 100644 --- a/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch +++ b/meta/recipes-core/base-passwd/base-passwd/0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch @@ -12,12 +12,12 @@ Signed-off-by: Scott Garman 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/passwd.master b/passwd.master -index a01a6aa..b54ff51 100644 +index 7cd4e24..041685a 100644 --- a/passwd.master +++ b/passwd.master @@ -1,4 +1,4 @@ -root:*:0:0:root:/root:/bin/bash +root:*:0:0:root:/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin + bin:*:2:2:bin:/bin:/usr/sbin/nologin + sys:*:3:3:sys:/dev:/usr/sbin/nologin diff --git a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch index 88cc5be66c..06222ab04c 100644 --- a/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch +++ b/meta/recipes-core/base-passwd/base-passwd/0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch @@ -10,12 +10,12 @@ Signed-off-by: Scott Garman 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/passwd.master b/passwd.master -index b54ff51..e1c32ff 100644 +index 041685a..31a84d4 100644 --- a/passwd.master +++ b/passwd.master @@ -1,4 +1,4 @@ -root:*:0:0:root:/root:/bin/sh +root::0:0:root:/root:/bin/sh - daemon:*:1:1:daemon:/usr/sbin:/bin/sh - bin:*:2:2:bin:/bin:/bin/sh - sys:*:3:3:sys:/dev:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin + bin:*:2:2:bin:/bin:/usr/sbin/nologin + sys:*:3:3:sys:/dev:/usr/sbin/nologin diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch deleted file mode 100644 index 2bcb829d9c..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/0006-Disable-shell-for-default-users.patch +++ /dev/null @@ -1,54 +0,0 @@ -From f35eb24213475d3024ad45297fd855c6abfbbac0 Mon Sep 17 00:00:00 2001 -From: Jiaqing Zhao -Date: Mon, 18 Apr 2022 11:22:43 +0800 -Subject: [PATCH] Disable shell for default users - -Change the shell of all global static users other than root (which -retains /bin/sh) and sync (as /bin/sync is rather harmless) to -/sbin/nologin (as /usr/sbin/nologin does not exist in openembedded) - -Upstream-Status: Backport [https://launchpad.net/ubuntu/+source/base-passwd/3.5.30] -Signed-off-by: Jiaqing Zhao ---- - passwd.master | 32 ++++++++++++++++---------------- - 1 file changed, 16 insertions(+), 16 deletions(-) - -diff --git a/passwd.master b/passwd.master -index e1c32ff..0cd5ffd 100644 ---- a/passwd.master -+++ b/passwd.master -@@ -1,18 +1,18 @@ - root::0:0:root:/root:/bin/sh --daemon:*:1:1:daemon:/usr/sbin:/bin/sh --bin:*:2:2:bin:/bin:/bin/sh --sys:*:3:3:sys:/dev:/bin/sh -+daemon:*:1:1:daemon:/usr/sbin:/sbin/nologin -+bin:*:2:2:bin:/bin:/sbin/nologin -+sys:*:3:3:sys:/dev:/sbin/nologin - sync:*:4:65534:sync:/bin:/bin/sync --games:*:5:60:games:/usr/games:/bin/sh --man:*:6:12:man:/var/cache/man:/bin/sh --lp:*:7:7:lp:/var/spool/lpd:/bin/sh --mail:*:8:8:mail:/var/mail:/bin/sh --news:*:9:9:news:/var/spool/news:/bin/sh --uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh --proxy:*:13:13:proxy:/bin:/bin/sh --www-data:*:33:33:www-data:/var/www:/bin/sh --backup:*:34:34:backup:/var/backups:/bin/sh --list:*:38:38:Mailing List Manager:/var/list:/bin/sh --irc:*:39:39:ircd:/var/run/ircd:/bin/sh --gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh --nobody:*:65534:65534:nobody:/nonexistent:/bin/sh -+games:*:5:60:games:/usr/games:/sbin/nologin -+man:*:6:12:man:/var/cache/man:/sbin/nologin -+lp:*:7:7:lp:/var/spool/lpd:/sbin/nologin -+mail:*:8:8:mail:/var/mail:/sbin/nologin -+news:*:9:9:news:/var/spool/news:/sbin/nologin -+uucp:*:10:10:uucp:/var/spool/uucp:/sbin/nologin -+proxy:*:13:13:proxy:/bin:/sbin/nologin -+www-data:*:33:33:www-data:/var/www:/sbin/nologin -+backup:*:34:34:backup:/var/backups:/sbin/nologin -+list:*:38:38:Mailing List Manager:/var/list:/sbin/nologin -+irc:*:39:39:ircd:/var/run/ircd:/sbin/nologin -+gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/sbin/nologin -+nobody:*:65534:65534:nobody:/nonexistent:/sbin/nologin diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch new file mode 100644 index 0000000000..61ed1641a1 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch @@ -0,0 +1,129 @@ +From 236d6c8c0dd7e15d9a9795813b94bc87ce09eec5 Mon Sep 17 00:00:00 2001 +From: Peter Kjellerstedt +Date: Fri, 29 Apr 2022 19:32:29 +0200 +Subject: [PATCH] Make it possible to build without debconf support + +Not all systems have the debconfclient library available. + +Upstream-Status: Submitted [https://salsa.debian.org/debian/base-passwd/-/merge_requests/11] +Signed-off-by: Peter Kjellerstedt +--- + Makefile.am | 1 - + configure.ac | 13 +++++++++++++ + update-passwd.c | 15 +++++++++++++++ + 3 files changed, 28 insertions(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 223916f..4bdd769 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -3,7 +3,6 @@ SUBDIRS = doc man + sbin_PROGRAMS = update-passwd + + update_passwd_SOURCES = update-passwd.c +-update_passwd_LDADD = -ldebconfclient + + pkgdata_DATA = passwd.master group.master + +diff --git a/configure.ac b/configure.ac +index 9d1ace5..1e35ad1 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -14,6 +14,19 @@ AC_SYS_LARGEFILE + dnl Scan for things we need + AC_CHECK_FUNCS([putgrent]) + ++dnl Check for debconf ++AC_MSG_CHECKING([whether to enable debconf support]) ++AC_ARG_ENABLE([debconf], ++ [AS_HELP_STRING([--disable-debconf], [disable support for debconf])], ++ [], ++ [enable_debconf=yes]) ++AC_MSG_RESULT($enable_debconf) ++AS_IF([test "x$enable_debconf" != xno], ++ [AC_CHECK_LIB([debconfclient], [debconfclient_new], [], ++ [AC_MSG_ERROR( ++ [debconf support not available (use --disable-debconf to disable)])]) ++ AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])]) ++ + dnl Finally output everything + AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile]) + AC_OUTPUT +diff --git a/update-passwd.c b/update-passwd.c +index 3f3dffa..5b49740 100644 +--- a/update-passwd.c ++++ b/update-passwd.c +@@ -39,7 +39,9 @@ + #include + #include + ++#ifdef HAVE_DEBCONF + #include ++#endif + + #define DEFAULT_PASSWD_MASTER "/usr/share/base-passwd/passwd.master" + #define DEFAULT_GROUP_MASTER "/usr/share/base-passwd/group.master" +@@ -143,6 +145,7 @@ int flag_debconf = 0; + const char* user_domain = DEFAULT_DEBCONF_DOMAIN; + const char* group_domain = DEFAULT_DEBCONF_DOMAIN; + ++#ifdef HAVE_DEBCONF + struct debconfclient* debconf = NULL; + + /* Abort the program if talking to debconf fails. Use ret exactly once. */ +@@ -162,6 +165,10 @@ struct debconfclient* debconf = NULL; + DEBCONF_CHECK(debconf_register(debconf, (template), (question))) + #define DEBCONF_SUBST(question, var, value) \ + DEBCONF_CHECK(debconf_subst(debconf, (question), (var), (value))) ++#else ++#define DEBCONF_REGISTER(template, question) ++#define DEBCONF_SUBST(question, var, value) ++#endif + + + /* malloc() with out-of-memory checking. +@@ -621,6 +628,7 @@ void version() { + * flag. Aborts the problem on any failure. + */ + int ask_debconf(const char* priority, const char* question) { ++#ifdef HAVE_DEBCONF + int ret; + const char* response; + +@@ -640,6 +648,9 @@ int ask_debconf(const char* priority, const char* question) { + return 1; + else + return 0; ++#else ++ return 0; ++#endif + } + + +@@ -1427,6 +1438,7 @@ int main(int argc, char** argv) { + /* If DEBIAN_HAS_FRONTEND is set in the environment, we're running under + * debconf. Enable debconf prompting unless --dry-run was also given. + */ ++#ifdef HAVE_DEBCONF + if (getenv("DEBIAN_HAS_FRONTEND")!=NULL && !opt_dryrun) { + debconf=debconfclient_new(); + if (debconf==NULL) { +@@ -1435,6 +1447,7 @@ int main(int argc, char** argv) { + } + flag_debconf=1; + } ++#endif + + if (read_passwd(&master_accounts, master_passwd)!=0) + return 2; +@@ -1480,8 +1493,10 @@ int main(int argc, char** argv) { + if (!unlock_files()) + return 5; + ++#ifdef HAVE_DEBCONF + if (debconf!=NULL) + debconfclient_delete(debconf); ++#endif + + if (opt_dryrun) + return flag_dirty; diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch deleted file mode 100644 index 4a19f91c35..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/0007-Disable-generation-of-the-documentation.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7ccf8227cb10d78f1958a7a7feed75a390a6b133 Mon Sep 17 00:00:00 2001 -From: Saul Wold -Date: Fri, 29 Apr 2022 13:32:28 +0000 -Subject: [PATCH] Disable generation of the documentation - -It uses tools currently not supported by OE-Core. It uses sgmltools -and po4a. - -Upstream-Status: Inappropriate [OE-Core specific] -Signed-off-by: Saul Wold ---- - Makefile.in | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 9ba097c..d3ea47c 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -25,13 +25,10 @@ gen_configure = config.cache config.status config.log \ - confdefhs.h config.h Makefile - - all: update-passwd -- $(MAKE) -C doc all -- $(MAKE) -C man all - - install: all - mkdir -p $(DESTDIR)$(sbindir) - $(INSTALL) update-passwd $(DESTDIR)$(sbindir)/ -- $(MAKE) -C man install - - update-passwd.o: version.h - diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch new file mode 100644 index 0000000000..2bec065cdb --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch @@ -0,0 +1,46 @@ +From 63e8270141a296843cfe1daba38e1969ac6d75ae Mon Sep 17 00:00:00 2001 +From: Peter Kjellerstedt +Date: Sat, 30 Apr 2022 00:35:34 +0200 +Subject: [PATCH] Make it possible to disable the generation of the + documentation + +Not all systems have docbook and po4a available. + +Upstream-Status: Submitted [https://salsa.debian.org/debian/base-passwd/-/merge_requests/11] +Signed-off-by: Peter Kjellerstedt +--- + Makefile.am | 2 ++ + configure.ac | 9 +++++++++ + 2 files changed, 11 insertions(+) + +diff --git a/Makefile.am b/Makefile.am +index 4bdd769..97b4f42 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,4 +1,6 @@ ++if ENABLE_DOCS + SUBDIRS = doc man ++endif + + sbin_PROGRAMS = update-passwd + +diff --git a/configure.ac b/configure.ac +index 1e35ad1..b98374e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -27,6 +27,15 @@ AS_IF([test "x$enable_debconf" != xno], + [debconf support not available (use --disable-debconf to disable)])]) + AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])]) + ++dnl Check whether to build the documentation ++AC_MSG_CHECKING([whether to build the documentation]) ++AC_ARG_ENABLE([docs], ++ [AC_HELP_STRING([--disable-docs], [do not build and install documentation])], ++ [], ++ [enable_docs=yes]) ++AC_MSG_RESULT($enable_docs) ++AM_CONDITIONAL(ENABLE_DOCS, test "x$enable_docs" = xyes) ++ + dnl Finally output everything + AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile]) + AC_OUTPUT diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb similarity index 89% rename from meta/recipes-core/base-passwd/base-passwd_3.5.29.bb rename to meta/recipes-core/base-passwd/base-passwd_3.5.52.bb index e561599136..f89752c077 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.52.bb @@ -5,27 +5,30 @@ SECTION = "base" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" -RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility" - -SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.gz \ +SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar.xz \ file://0001-Add-a-shutdown-group.patch \ file://0002-Use-bin-sh-instead-of-bin-bash-for-the-root-user.patch \ file://0003-Remove-for-root-since-we-do-not-have-an-etc-shadow.patch \ file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ file://0005-Add-kvm-group.patch \ - file://0006-Disable-shell-for-default-users.patch \ - file://0007-Disable-generation-of-the-documentation.patch \ + file://0006-Make-it-possible-to-build-without-debconf-support.patch \ + file://0007-Make-it-possible-to-disable-the-generation-of-the-do.patch \ " -SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421" -SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36" +SRC_URI[sha256sum] = "5dfec6556b5a16ecf14dd3f7c95b591d929270289268123f31a3d6317f95ccea" # the package is taken from launchpad; that source is static and goes stale # so we check the latest upstream from a directory that does get updated UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/" +S = "${WORKDIR}/work" + inherit autotools +EXTRA_OECONF += "--disable-debconf --disable-docs" + +NOLOGIN ?= "${base_sbindir}/nologin" + do_install () { install -d -m 755 ${D}${sbindir} install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/ @@ -37,6 +40,7 @@ do_install () { install -d -m 755 ${D}${datadir}/base-passwd install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/ sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master + sed -i 's#/usr/sbin/nologin#${NOLOGIN}#' ${D}${datadir}/base-passwd/passwd.master install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/ install -d -m 755 ${D}${docdir}/${BPN}