Signed-off-by: Pawel Zalewski pzalewski@thegoodpenguin.co.uk --- .../base-passwd/base-passwd-morello_3.5.29.bb | 128 ++++++++++++++++++ .../base-passwd/files/add_shutdown.patch | 19 +++ .../base-passwd/files/disable-docs.patch | 24 ++++ .../base-passwd/files/disable-shell.patch | 57 ++++++++ recipes-core/base-passwd/files/input.patch | 22 +++ recipes-core/base-passwd/files/kvm.patch | 23 ++++ recipes-core/base-passwd/files/nobash.patch | 15 ++ recipes-core/base-passwd/files/noshadow.patch | 14 ++ 8 files changed, 302 insertions(+) create mode 100644 recipes-core/base-passwd/base-passwd-morello_3.5.29.bb create mode 100644 recipes-core/base-passwd/files/add_shutdown.patch create mode 100644 recipes-core/base-passwd/files/disable-docs.patch create mode 100644 recipes-core/base-passwd/files/disable-shell.patch create mode 100644 recipes-core/base-passwd/files/input.patch create mode 100644 recipes-core/base-passwd/files/kvm.patch create mode 100644 recipes-core/base-passwd/files/nobash.patch create mode 100644 recipes-core/base-passwd/files/noshadow.patch
diff --git a/recipes-core/base-passwd/base-passwd-morello_3.5.29.bb b/recipes-core/base-passwd/base-passwd-morello_3.5.29.bb new file mode 100644 index 0000000..a65cebe --- /dev/null +++ b/recipes-core/base-passwd/base-passwd-morello_3.5.29.bb @@ -0,0 +1,128 @@ +inherit autotools purecap-sysroot + +MORELLO_SRC = "poky/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb" + +SUMMARY = "Base system master password/group files" +DESCRIPTION = "The master copies of the user database files (/etc/passwd and /etc/group). The update-passwd tool is also provided to keep the system databases synchronized with these master files." +HOMEPAGE = "https://launchpad.net/base-passwd" +SECTION = "base" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" + +TOOLCHAIN = "${MORELLO_TOOLCHAIN}" +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +BPNPASSWD = "base-passwd" +PVPASSWD = "3.5.29" + +RECIPE_NO_UPDATE_REASON = "Version 3.5.38 requires cdebconf for update-passwd utility" + +SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/%24%7BBPNPASSWD%7D_%24%... \ + file://add_shutdown.patch \ + file://nobash.patch \ + file://noshadow.patch \ + file://input.patch \ + file://disable-docs.patch \ + file://kvm.patch \ + file://disable-shell.patch \ + " + +S="${WORKDIR}/${BPNPASSWD}-${PVPASSWD}" + +SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421" +SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36" + +# the package is taken from launchpad; that source is static and goes stale +# so we check the latest upstream from a directory that does get updated +UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/" + +do_install () { + install -d -m 755 ${D}${sbindir} + install -o root -g root -p -m 755 ${B}/update-passwd ${D}${sbindir}/ + install -d -m 755 ${D}${mandir}/man8 ${D}${mandir}/pl/man8 + install -p -m 644 ${S}/man/update-passwd.8 ${D}${mandir}/man8/ + install -p -m 644 ${S}/man/update-passwd.pl.8 \ + ${D}${mandir}/pl/man8/update-passwd.8 + gzip -9 ${D}${mandir}/man8/* ${D}${mandir}/pl/man8/* + install -d -m 755 ${D}${datadir}/base-passwd + install -o root -g root -p -m 644 ${S}/passwd.master ${D}${datadir}/base-passwd/ + sed -i 's#:/root:#:${ROOT_HOME}:#' ${D}${datadir}/base-passwd/passwd.master + install -o root -g root -p -m 644 ${S}/group.master ${D}${datadir}/base-passwd/ + + install -d -m 755 ${D}${docdir}/${BPNPASSWD} + install -p -m 644 ${S}/debian/changelog ${D}${docdir}/${BPNPASSWD}/ + gzip -9 ${D}${docdir}/${BPNPASSWD}/* + install -p -m 644 ${S}/README ${D}${docdir}/${BPNPASSWD}/ + install -p -m 644 ${S}/debian/copyright ${D}${docdir}/${BPNPASSWD}/ +} + +basepasswd_sysroot_postinst() { +#!/bin/sh + +# Install passwd.master and group.master to sysconfdir +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir} +for i in passwd group; do + install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/$i.master \ + ${STAGING_DIR_TARGET}${sysconfdir}/$i +done + +# Run any useradd postinsts +for script in ${STAGING_DIR_TARGET}${bindir}/postinst-useradd-*; do + if [ -f $script ]; then + $script + fi +done +} + +SYSROOT_DIRS += "${sysconfdir}" +SYSROOT_PREPROCESS_FUNCS += "base_passwd_tweaksysroot" + +base_passwd_tweaksysroot () { + mkdir -p ${SYSROOT_DESTDIR}${bindir} + dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN} + echo "${basepasswd_sysroot_postinst}" > $dest + chmod 0755 $dest +} + +python populate_packages:prepend() { + # Add in the preinst function for ${PN} + # We have to do this here as prior to this, passwd/group.master + # would be unavailable. We need to create these files at preinst + # time before the files from the package may be available, hence + # storing the data from the files in the preinst directly. + + f = open(d.expand("${STAGING_DATADIR}/base-passwd/passwd.master"), 'r') + passwd = "".join(f.readlines()) + f.close() + f = open(d.expand("${STAGING_DATADIR}/base-passwd/group.master"), 'r') + group = "".join(f.readlines()) + f.close() + + preinst = """#!/bin/sh +mkdir -p $D${sysconfdir} +if [ ! -e $D${sysconfdir}/passwd ]; then +\tcat << 'EOF' > $D${sysconfdir}/passwd +""" + passwd + """EOF +fi +if [ ! -e $D${sysconfdir}/group ]; then +\tcat << 'EOF' > $D${sysconfdir}/group +""" + group + """EOF +fi +""" + d.setVar(d.expand('pkg_preinst:${PN}'), preinst) +} + +addtask do_package after do_populate_sysroot + +ALLOW_EMPTY:${PN} = "1" + +PACKAGES =+ "${PN}-update" +FILES:${PN}-update = "${sbindir}/* ${datadir}/${BPNPASSWD}" + +pkg_postinst:${PN}-update () { +#!/bin/sh +if [ -n "$D" ]; then + exit 0 +fi +${sbindir}/update-passwd +} diff --git a/recipes-core/base-passwd/files/add_shutdown.patch b/recipes-core/base-passwd/files/add_shutdown.patch new file mode 100644 index 0000000..5f357d8 --- /dev/null +++ b/recipes-core/base-passwd/files/add_shutdown.patch @@ -0,0 +1,19 @@ + +We need to have a shutdown group to allow the shutdown icon +to work correctly. Any users that want to use shutdown like +the xuser should be added to this group. + +Upstream-Status: Inappropriate [Embedded] + +Signed-off-by: Saul Wold sgw@linux.intel.com +Index: base-passwd-3.5.26/group.master +=================================================================== +--- base-passwd-3.5.26.orig/group.master ++++ base-passwd-3.5.26/group.master +@@ -36,5 +36,6 @@ sasl:*:45: + plugdev:*:46: + staff:*:50: + games:*:60: ++shutdown:*:70: + users:*:100: + nogroup:*:65534: diff --git a/recipes-core/base-passwd/files/disable-docs.patch b/recipes-core/base-passwd/files/disable-docs.patch new file mode 100644 index 0000000..14c08b7 --- /dev/null +++ b/recipes-core/base-passwd/files/disable-docs.patch @@ -0,0 +1,24 @@ +Disable documentation for now as it uses tools currently not supported +by OE-Core. It uses sgmltools and po4a. + +Upstream-Status: Inappropriate [OE-Core specific] +Signed-off-by: Saul Wold sgw@linux.intel.com + +Index: base-passwd-3.5.28/Makefile.in +=================================================================== +--- base-passwd-3.5.28.orig/Makefile.in ++++ base-passwd-3.5.28/Makefile.in +@@ -25,13 +25,10 @@ gen_configure = config.cache config.stat + confdefhs.h config.h Makefile + + all: update-passwd +- $(MAKE) -C doc all +- $(MAKE) -C man all + + install: all + mkdir -p $(DESTDIR)$(sbindir) + $(INSTALL) update-passwd $(DESTDIR)$(sbindir)/ +- $(MAKE) -C man install + + update-passwd.o: version.h + diff --git a/recipes-core/base-passwd/files/disable-shell.patch b/recipes-core/base-passwd/files/disable-shell.patch new file mode 100644 index 0000000..bfaa786 --- /dev/null +++ b/recipes-core/base-passwd/files/disable-shell.patch @@ -0,0 +1,57 @@ +From 91e0db96741359173ddf2be083aafcc1a3c32472 Mon Sep 17 00:00:00 2001 +From: Jiaqing Zhao jiaqing.zhao@linux.intel.com +Date: Mon, 18 Apr 2022 11:22:43 +0800 +Subject: [PATCH] Disable shell for default users + +Change the shell of all global static users other than root (which +retains /bin/sh) and sync (as /bin/sync is rather harmless) to +/sbin/nologin (as /usr/sbin/nologin does not exist in openembedded) + +Upstream-Status: Backport [https://launchpad.net/ubuntu/+source/base-passwd/3.5.30] +Signed-off-by: Jiaqing Zhao jiaqing.zhao@linux.intel.com +--- + passwd.master | 32 ++++++++++++++++---------------- + 1 file changed, 16 insertions(+), 16 deletions(-) + +diff --git a/passwd.master b/passwd.master +index e1c32ff..0cd5ffd 100644 +--- a/passwd.master ++++ b/passwd.master +@@ -1,18 +1,18 @@ + root::0:0:root:/root:/bin/sh +-daemon:*:1:1:daemon:/usr/sbin:/bin/sh +-bin:*:2:2:bin:/bin:/bin/sh +-sys:*:3:3:sys:/dev:/bin/sh ++daemon:*:1:1:daemon:/usr/sbin:/sbin/nologin ++bin:*:2:2:bin:/bin:/sbin/nologin ++sys:*:3:3:sys:/dev:/sbin/nologin + sync:*:4:65534:sync:/bin:/bin/sync +-games:*:5:60:games:/usr/games:/bin/sh +-man:*:6:12:man:/var/cache/man:/bin/sh +-lp:*:7:7:lp:/var/spool/lpd:/bin/sh +-mail:*:8:8:mail:/var/mail:/bin/sh +-news:*:9:9:news:/var/spool/news:/bin/sh +-uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh +-proxy:*:13:13:proxy:/bin:/bin/sh +-www-data:*:33:33:www-data:/var/www:/bin/sh +-backup:*:34:34:backup:/var/backups:/bin/sh +-list:*:38:38:Mailing List Manager:/var/list:/bin/sh +-irc:*:39:39:ircd:/var/run/ircd:/bin/sh +-gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh +-nobody:*:65534:65534:nobody:/nonexistent:/bin/sh ++games:*:5:60:games:/usr/games:/sbin/nologin ++man:*:6:12:man:/var/cache/man:/sbin/nologin ++lp:*:7:7:lp:/var/spool/lpd:/sbin/nologin ++mail:*:8:8:mail:/var/mail:/sbin/nologin ++news:*:9:9:news:/var/spool/news:/sbin/nologin ++uucp:*:10:10:uucp:/var/spool/uucp:/sbin/nologin ++proxy:*:13:13:proxy:/bin:/sbin/nologin ++www-data:*:33:33:www-data:/var/www:/sbin/nologin ++backup:*:34:34:backup:/var/backups:/sbin/nologin ++list:*:38:38:Mailing List Manager:/var/list:/sbin/nologin ++irc:*:39:39:ircd:/var/run/ircd:/sbin/nologin ++gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/sbin/nologin ++nobody:*:65534:65534:nobody:/nonexistent:/sbin/nologin +-- +2.32.0 + diff --git a/recipes-core/base-passwd/files/input.patch b/recipes-core/base-passwd/files/input.patch new file mode 100644 index 0000000..3abbcad --- /dev/null +++ b/recipes-core/base-passwd/files/input.patch @@ -0,0 +1,22 @@ +Add an input group for the /dev/input/* devices. + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Darren Hart dvhart@linux.intel.com + +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +Index: base-passwd-3.5.26/group.master +=================================================================== +--- base-passwd-3.5.26.orig/group.master ++++ base-passwd-3.5.26/group.master +@@ -12,6 +12,7 @@ uucp:*:10: + man:*:12: + proxy:*:13: + kmem:*:15: ++input:*:19: + dialout:*:20: + fax:*:21: + voice:*:22: diff --git a/recipes-core/base-passwd/files/kvm.patch b/recipes-core/base-passwd/files/kvm.patch new file mode 100644 index 0000000..113d515 --- /dev/null +++ b/recipes-core/base-passwd/files/kvm.patch @@ -0,0 +1,23 @@ +From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001 +From: Jacob Kroon jacob.kroon@gmail.com +Date: Wed, 30 Jan 2019 04:53:48 +0000 +Subject: [PATCH] Add kvm group + +Upstream-Status: Pending +Signed-off-by: Jacob Kroon jacob.kroon@gmail.com +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/group.master b/group.master +index cea9d60..5b62284 100644 +--- a/group.master ++++ b/group.master +@@ -34,6 +34,7 @@ utmp:*:43: + video:*:44: + sasl:*:45: + plugdev:*:46: ++kvm:*:47: + staff:*:50: + games:*:60: + shutdown:*:70: diff --git a/recipes-core/base-passwd/files/nobash.patch b/recipes-core/base-passwd/files/nobash.patch new file mode 100644 index 0000000..b5a6922 --- /dev/null +++ b/recipes-core/base-passwd/files/nobash.patch @@ -0,0 +1,15 @@ +use /bin/sh instead of /bin/bash, since the latter may not be included in +some images such as minimal + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Scott Garman scott.a.garman@intel.com + +--- base-passwd/passwd.master~nobash ++++ base-passwd/passwd.master +@@ -1,4 +1,4 @@ +-root:*:0:0:root:/root:/bin/bash ++root:*:0:0:root:/root:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/bin/sh + bin:*:2:2:bin:/bin:/bin/sh + sys:*:3:3:sys:/dev:/bin/sh diff --git a/recipes-core/base-passwd/files/noshadow.patch b/recipes-core/base-passwd/files/noshadow.patch new file mode 100644 index 0000000..e27bf7d --- /dev/null +++ b/recipes-core/base-passwd/files/noshadow.patch @@ -0,0 +1,14 @@ +remove "*" for root since we don't have a /etc/shadow so far. + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Scott Garman scott.a.garman@intel.com + +--- base-passwd/passwd.master~nobash ++++ base-passwd/passwd.master +@@ -1,4 +1,4 @@ +-root:*:0:0:root:/root:/bin/sh ++root::0:0:root:/root:/bin/sh + daemon:*:1:1:daemon:/usr/sbin:/bin/sh + bin:*:2:2:bin:/bin:/bin/sh + sys:*:3:3:sys:/dev:/bin/sh