[OE-core] [kirkstone][PATCH 4/4] shadow: Add PW_SUBDIR

Joakim Tjernlund via lists.openembedded.org Fri, 24 Nov 2023 06:11:26 -0800

Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd files in /etc/pwdb


Signed-off-by: Joakim Tjernlund <joakim.tjernl...@infinera.com>
---
 .../0001-Define-SUBUID_FILE-SUBGID_FILE.patch | 92 +++++++++++++++++++
 meta/recipes-extended/shadow/shadow.inc       | 30 +++++-
 2 files changed, 118 insertions(+), 4 deletions(-)
 create mode 100644 
meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch

diff --git 
a/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch 
b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
new file mode 100644
index 0000000000..9f85159e97
--- /dev/null
+++ 
b/meta/recipes-extended/shadow/files/0001-Define-SUBUID_FILE-SUBGID_FILE.patch
@@ -0,0 +1,92 @@
+From f605fb315faef7ddcad70d638f3b3aa16ea98fc0 Mon Sep 17 00:00:00 2001
+From: Joakim Tjernlund <joakim.tjernl...@infinera.com>
+Date: Thu, 2 Nov 2023 00:27:10 +0100
+Subject: [PATCH] Define SUBUID_FILE/SUBGID_FILE
+
+Upstream-Status: Backport, 
https://github.com/shadow-maint/shadow/commit/ee3a79c6952f8ca649c286c7f76639d9d1dedaad
+
+These where hard coded, make them definable like SHADOW_FILE
+
+Signed-off-by: Joakim Tjernlund <joakim.tjernl...@infinera.com>
+---
+ lib/defines.h         | 8 ++++++++
+ lib/subordinateio.c   | 6 +++---
+ libmisc/prefix_flag.c | 8 ++++----
+ 3 files changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/lib/defines.h b/lib/defines.h
+index fc1521c..27b220f 100644
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -312,6 +312,14 @@ char *strchr (), *strrchr (), *strtok ();
+ #define SHADOW_FILE "/etc/shadow"
+ #endif
+ 
++#ifndef SUBUID_FILE
++#define SUBUID_FILE "/etc/subuid"
++#endif
++
++#ifndef SUBGID_FILE
++#define SUBGID_FILE "/etc/subgid"
++#endif
++
+ #ifdef SHADOWGRP
+ #ifndef SGROUP_FILE
+ #define SGROUP_FILE "/etc/gshadow"
+diff --git a/lib/subordinateio.c b/lib/subordinateio.c
+index 9ca70b8..9ddc5e1 100644
+--- a/lib/subordinateio.c
++++ b/lib/subordinateio.c
+@@ -206,7 +206,7 @@ static const struct subordinate_range *find_range(struct 
commonio_db *db,
+         /*
+          * We only do special handling for these two files
+          */
+-        if ((0 != strcmp(db->filename, "/etc/subuid")) && (0 != 
strcmp(db->filename, "/etc/subgid")))
++        if ((0 != strcmp(db->filename, SUBUID_FILE)) && (0 != 
strcmp(db->filename, SUBGID_FILE)))
+                 return NULL;
+ 
+         /*
+@@ -554,7 +554,7 @@ static int remove_range (struct commonio_db *db,
+ }
+ 
+ static struct commonio_db subordinate_uid_db = {
+-      "/etc/subuid",          /* filename */
++      SUBUID_FILE,            /* filename */
+       &subordinate_ops,       /* ops */
+       NULL,                   /* fp */
+ #ifdef WITH_SELINUX
+@@ -650,7 +650,7 @@ uid_t sub_uid_find_free_range(uid_t min, uid_t max, 
unsigned long count)
+ }
+ 
+ static struct commonio_db subordinate_gid_db = {
+-      "/etc/subgid",          /* filename */
++      SUBGID_FILE,            /* filename */
+       &subordinate_ops,       /* ops */
+       NULL,                   /* fp */
+ #ifdef WITH_SELINUX
+diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
+index d4dfbc2..0e7dfa7 100644
+--- a/libmisc/prefix_flag.c
++++ b/libmisc/prefix_flag.c
+@@ -120,14 +120,14 @@ extern const char* process_prefix_flag (const char* 
short_opt, int argc, char **
+               spw_setdbname(spw_db_file);
+ 
+ #ifdef ENABLE_SUBIDS
+-              len = strlen(prefix) + strlen("/etc/subuid") + 2;
++              len = strlen(prefix) + strlen(SUBUID_FILE) + 2;
+               suid_db_file = xmalloc(len);
+-              snprintf(suid_db_file, len, "%s/%s", prefix, "/etc/subuid");
++              snprintf(suid_db_file, len, "%s/%s", prefix, SUBUID_FILE);
+               sub_uid_setdbname(suid_db_file);
+ 
+-              len = strlen(prefix) + strlen("/etc/subgid") + 2;
++              len = strlen(prefix) + strlen(SUBGID_FILE) + 2;
+               sgid_db_file = xmalloc(len);
+-              snprintf(sgid_db_file, len, "%s/%s", prefix, "/etc/subgid");
++              snprintf(sgid_db_file, len, "%s/%s", prefix, SUBGID_FILE);
+               sub_gid_setdbname(sgid_db_file);
+ #endif
+ 
+-- 
+2.41.0
+
diff --git a/meta/recipes-extended/shadow/shadow.inc 
b/meta/recipes-extended/shadow/shadow.inc
index 3c1dd2f98e..bcb9b09a49 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -18,6 +18,7 @@ SRC_URI = 
"https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}
            file://useradd \
            file://CVE-2023-29383.patch \
            file://0001-Overhaul-valid_field.patch \
+           file://0001-Define-SUBUID_FILE-SUBGID_FILE.patch \
            "
 
 SRC_URI:append:class-target = " \
@@ -46,6 +47,21 @@ PAM_SRC_URI = "file://pam.d/chfn \
                file://pam.d/passwd \
                file://pam.d/su"
 
+#Set PW_SUBDIR to pwdb to get passwd files in /etc/pwdb
+PW_SUBDIR ?= ""
+PWPRE = "/etc/${PW_SUBDIR}"
+CFLAGS:append = ' -DPASSWD_FILE=\\"${PWPRE}/passwd\\"'
+CFLAGS:append = ' -DSHADOW_FILE=\\"${PWPRE}/shadow\\"'
+CFLAGS:append = ' -DGROUP_FILE=\\"${PWPRE}/group\\"'
+CFLAGS:append = ' -DSGROUP_FILE=\\"${PWPRE}/gshadow\\"'
+CFLAGS:append = ' -DSUBUID_FILE=\\"${PWPRE}/subuid\\"'
+CFLAGS:append = ' -DSUBGID_FILE=\\"${PWPRE}/subgid\\"'
+
+#shadow has it own impl. that uses whatever dir passwd files are in
+do_configure:prepend () {
+    sed -i -e 's/lckpwdf//' ${S}/configure.ac
+}
+
 inherit autotools gettext
 
 export CONFIG_SHELL="/bin/sh"
@@ -157,9 +173,9 @@ do_install:append() {
        # usermod requires the subuid/subgid files to be in place before being
        # able to use the -v/-V flags otherwise it fails:
        # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
-       install -d ${D}${sysconfdir}
-       touch ${D}${sysconfdir}/subuid
-       touch ${D}${sysconfdir}/subgid
+       install -d ${D}${sysconfdir}/${PW_SUBDIR}
+       touch ${D}${sysconfdir}/${PW_SUBDIR}/subuid
+       touch ${D}${sysconfdir}/${PW_SUBDIR}/subgid
 }
 
 PACKAGES =+ "${PN}-base"
@@ -193,12 +209,18 @@ ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
 
 PACKAGE_WRITE_DEPS += "shadow-native"
 pkg_postinst:${PN}:class-target () {
+       install -d $D${sysconfdir}/${PW_SUBDIR}
        if [ "x$D" != "x" ]; then
          rootarg="--root $D"
        else
          rootarg=""
        fi
-
+       if [ -n "${PW_SUBDIR}" ]; then
+           ln -fs ${PW_SUBDIR}/subuid $D${sysconfdir}/subuid
+           ln -fs ${PW_SUBDIR}/subgid $D${sysconfdir}/subgid
+           ln -fs ${PW_SUBDIR}/shadow $D${sysconfdir}/shadow
+           ln -fs ${PW_SUBDIR}/gshadow $D${sysconfdir}/gshadow
+       fi
        pwconv $rootarg || exit 1
        grpconv $rootarg || exit 1
 }
-- 
2.41.0

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#191200): 
https://lists.openembedded.org/g/openembedded-core/message/191200
Mute This Topic: https://lists.openembedded.org/mt/102780970/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [kirkstone][PATCH 4/4] shadow: Add PW_SUBDIR

Reply via email to