* [PATCH 1/8] busybox: remove the postinst part of the recipe
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
@ 2013-06-07 6:13 ` Qi.Chen
2013-06-07 12:32 ` Otavio Salvador
2013-06-07 6:13 ` [PATCH 2/8] busybox: add support for CONFIG_FEATURE_INDIVIDUAL Qi.Chen
` (6 subsequent siblings)
7 siblings, 1 reply; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:13 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
Remove the pkg_postinst_${PN} from this recipe, as it's redundant.
It basically wants to do the same thing as the update-alternatives
does. But it doesn't do it well.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
meta/recipes-core/busybox/busybox.inc | 8 --------
1 file changed, 8 deletions(-)
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index c8908b0..f4efeb8 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -265,14 +265,6 @@ python do_package_prepend () {
f.close()
}
-pkg_postinst_${PN} () {
- # If we are not making an image we create links for the utilities that doesn't exist
- # so the update-alternatives script will get the utilities it needs
- # (update-alternatives have no problem replacing links later anyway)
- test -n 2> /dev/null || alias test='busybox test'
- if test "x$D" = "x"; then while read link; do if test ! -h "$link"; then case "$link" in /*/*/*) to="../../bin/busybox";; /bin/*) to="busybox";; /*/*) to="../bin/busybox";; esac; busybox ln -s $to $link; fi; done </etc/busybox.links; fi
-}
-
pkg_prerm_${PN} () {
# This is so you can make busybox commit suicide - removing busybox with no other packages
# providing its files, this will make update-alternatives work, but the update-rc.d part
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 2/8] busybox: add support for CONFIG_FEATURE_INDIVIDUAL
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
2013-06-07 6:13 ` [PATCH 1/8] busybox: remove the postinst part of the recipe Qi.Chen
@ 2013-06-07 6:13 ` Qi.Chen
2013-06-07 12:33 ` Otavio Salvador
2013-06-07 6:13 ` [PATCH 3/8] busybox: add a config fragment to enable login utilities Qi.Chen
` (5 subsequent siblings)
7 siblings, 1 reply; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:13 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
Previously, if CONFIG_FEATURE_INDIVIDUAL was enabled for busybox,
yocto-based systems could start correctly.
This is because if busybox is built as individual apps, '/bin/busybox'
may not be present, so setting the default ALTERNATIVE_TARGET to
'/bin/busybox' is not appropriate and could lead to errors.
This patch fixes this problem by checking the existence of '/bin/busybox'
before setting the ALTERNATIVE_TARGET to '/bin/busybox'.
After this change, if busybox is built as individual apps, we'll have
links like '/bin/ls -> /bin/ls.busybox', otherwise, we'll have links
like '/bin/ls -> /bin/busybox'.
Note there's a grep expression change in this patch. The old expression
doesn't work well, it has an unwanted underscore, so I changed it to make
it work.
[YOCTO #4570]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
meta/recipes-core/busybox/busybox.inc | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index f4efeb8..99d4e99 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -171,7 +171,7 @@ do_install () {
install -m 0755 "0_lib/$NAME" "${D}$FILE.${BPN}"
done
# add suid bit where needed
- for i in `grep -E "APPLET.*_BB_SUID_((MAYBE|REQUIRE))" include/applets.h | grep -v _BB_SUID_DROP | cut -f 3 -d '(' | cut -f 1 -d ','`; do
+ for i in `grep -E "APPLET.*BB_SUID_((MAYBE|REQUIRE))" include/applets.h | grep -v _BB_SUID_DROP | cut -f 3 -d '(' | cut -f 1 -d ','`; do
find ${D} -name $i.${BPN} -exec chmod a+s {} \;
done
install -m 0755 0_lib/libbusybox.so.${PV} ${D}${libdir}/libbusybox.so.${PV}
@@ -242,8 +242,6 @@ ALTERNATIVE_TARGET[syslog-init] = "${sysconfdir}/init.d/syslog.${BPN}"
ALTERNATIVE_LINK_NAME[syslog-startup-conf] = "${sysconfdir}/syslog-startup.conf"
ALTERNATIVE_TARGET[syslog-startup-conf] = "${sysconfdir}/syslog-startup.conf.${BPN}"
-ALTERNATIVE_TARGET = "/bin/busybox"
-
python do_package_prepend () {
# We need to load the full set of busybox provides from the /etc/busybox.links
# Use this to see the update-alternatives with the right information
@@ -252,6 +250,9 @@ python do_package_prepend () {
pn = d.getVar('PN', True)
f = open('%s/etc/busybox.links' % (dvar), 'r')
+ if os.path.exists('%s/bin/busybox' % (dvar)):
+ d.setVar('ALTERNATIVE_TARGET', "/bin/busybox")
+
for alt_link_name in f:
alt_link_name = alt_link_name.strip()
alt_name = os.path.basename(alt_link_name)
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 3/8] busybox: add a config fragment to enable login utilities
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
2013-06-07 6:13 ` [PATCH 1/8] busybox: remove the postinst part of the recipe Qi.Chen
2013-06-07 6:13 ` [PATCH 2/8] busybox: add support for CONFIG_FEATURE_INDIVIDUAL Qi.Chen
@ 2013-06-07 6:13 ` Qi.Chen
2013-06-07 6:13 ` [PATCH 4/8] busybox: add the ability to split the busybox binary Qi.Chen
` (4 subsequent siblings)
7 siblings, 0 replies; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:13 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
Create a config fragment to enable the login/passwd utilities of busybox.
[YOCTO #4207]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../busybox/busybox-1.20.2/login-utilities.cfg | 13 +++++++++++++
meta/recipes-core/busybox/busybox_1.20.2.bb | 3 ++-
2 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-core/busybox/busybox-1.20.2/login-utilities.cfg
diff --git a/meta/recipes-core/busybox/busybox-1.20.2/login-utilities.cfg b/meta/recipes-core/busybox/busybox-1.20.2/login-utilities.cfg
new file mode 100644
index 0000000..cc9b2db
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox-1.20.2/login-utilities.cfg
@@ -0,0 +1,13 @@
+CONFIG_FEATURE_SHADOWPASSWDS=y
+CONFIG_ADDUSER=y
+CONFIG_FEATURE_ADDUSER_LONG_OPTIONS=y
+CONFIG_ADDGROUP=y
+CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS=y
+CONFIG_DELUSER=y
+CONFIG_DELGROUP=y
+CONFIG_GETTY=y
+CONFIG_LOGIN=y
+CONFIG_PASSWD=y
+CONFIG_SU=y
+CONFIG_SULOGIN=y
+CONFIG_VLOCK=y
diff --git a/meta/recipes-core/busybox/busybox_1.20.2.bb b/meta/recipes-core/busybox/busybox_1.20.2.bb
index 07d722d..3ff8a88 100644
--- a/meta/recipes-core/busybox/busybox_1.20.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.20.2.bb
@@ -35,7 +35,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://fail_on_no_media.patch \
file://busybox-sulogin-empty-root-password.patch \
file://inetd.conf \
- file://inetd"
+ file://inetd \
+ file://login-utilities.cfg"
SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"
SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 4/8] busybox: add the ability to split the busybox binary
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
` (2 preceding siblings ...)
2013-06-07 6:13 ` [PATCH 3/8] busybox: add a config fragment to enable login utilities Qi.Chen
@ 2013-06-07 6:13 ` Qi.Chen
2013-06-11 20:26 ` Bernhard Reutner-Fischer
2013-06-07 6:13 ` [PATCH 5/8] packagegroup-core-boot: use busybox as the default login manager Qi.Chen
` (3 subsequent siblings)
7 siblings, 1 reply; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:13 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
This patch enables us to split the busybox into two binaries, one
containing suid applications, and the other containing nosuid apps.
Add a variable, BUSYBOX_SPLIT_SUID, to control whether to split the
busybox binary into two parts. We default it to "1" to enable the
splitting, but users could still override it to disable the splitting.
After all, busybox has no internal support for this suid apps splitting,
so there might be users out there who want just one busybox binary.
Add a configuration file, suid_config_list, to control which applications
should be splitted into the suid binary. The list is first obtained from
the information in include/applets.h. Some extra config items are also
added to the list as they are related to the suid apps. I choose to use
a configuration file here because if some config item is missed, we could
add it to the list easily.
[YOCTO #4207]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../busybox/busybox-1.20.2/suid_config_list | 48 +++++++++
meta/recipes-core/busybox/busybox.inc | 104 +++++++++++++++-----
meta/recipes-core/busybox/busybox_1.20.2.bb | 3 +-
3 files changed, 127 insertions(+), 28 deletions(-)
create mode 100644 meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
diff --git a/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list b/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
new file mode 100644
index 0000000..16a0b76
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
@@ -0,0 +1,48 @@
+# This file lists all config items which are related to suid apps in busybox.
+# The following list is obtained with the command below (splitted into two lines for readability).
+# for i in `grep -E "APPLET.*BB_SUID_((MAYBE|REQUIRE))" include/applets.h | grep -v _BB_SUID_DROP |
+# cut -f 3 -d '(' | cut -f 1 -d ','`; do grep -i -E "config_(feature_|)$i(_| )" .config; done | cut -d' ' -f2
+CONFIG_PING
+CONFIG_PING6
+CONFIG_CRONTAB
+CONFIG_FINDFS
+CONFIG_LOGIN
+CONFIG_LOGIN_SESSION_AS_CHILD
+CONFIG_LOGIN_SCRIPTS
+CONFIG_MOUNT
+CONFIG_FEATURE_MOUNT_FAKE
+CONFIG_FEATURE_MOUNT_VERBOSE
+CONFIG_FEATURE_MOUNT_HELPERS
+CONFIG_FEATURE_MOUNT_LABEL
+CONFIG_FEATURE_MOUNT_NFS
+CONFIG_FEATURE_MOUNT_CIFS
+CONFIG_FEATURE_MOUNT_FLAGS
+CONFIG_FEATURE_MOUNT_FSTAB
+CONFIG_FEATURE_MOUNT_LOOP
+CONFIG_FEATURE_MOUNT_LOOP_CREATE
+CONFIG_PASSWD
+CONFIG_FEATURE_PASSWD_WEAK_CHECK
+CONFIG_SU
+CONFIG_FEATURE_SU_SYSLOG
+CONFIG_FEATURE_SU_CHECKS_SHELLS
+CONFIG_TRACEROUTE
+CONFIG_FEATURE_TRACEROUTE_VERBOSE
+CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE
+CONFIG_FEATURE_TRACEROUTE_USE_ICMP
+CONFIG_TRACEROUTE6
+CONFIG_VLOCK
+CONFIG_WALL
+
+# The following list is obtained by examining the Config.in file in busybox manually.
+# These config items are also related to suid apps.
+CONFIG_FEATURE_FANCY_PING
+CONFIG_FEATURE_SHADOWPASSWDS
+CONFIG_USE_BB_PWD_GRP
+CONFIG_USE_BB_SHADOW
+CONFIG_USE_BB_CRYPT
+CONFIG_USE_BB_CRYPT_SHA
+CONFIG_PAM
+CONFIG_FEATURE_NOLOGIN
+CONFIG_FEATURE_SECURETTY
+CONFIG_CRYPTPW
+CONFIG_CHPASSWD
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 99d4e99..9984c5a 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -12,6 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb"
SECTION = "base"
+# Whether to split the suid apps into a seperate binary
+BUSYBOX_SPLIT_SUID ?= "1"
+
export EXTRA_CFLAGS = "${CFLAGS}"
export EXTRA_LDFLAGS = "${LDFLAGS}"
@@ -136,19 +139,52 @@ do_configure () {
do_compile() {
unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
- oe_runmake busybox_unstripped
- cp busybox_unstripped busybox
+ if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then
+ # split the .config into two parts, and make two busybox binaries
+ cp .config .config.orig
+ oe_runmake allnoconfig
+ cp .config .config.allno
+ for item in `grep 'CONFIG_' ${WORKDIR}/suid_config_list`; do
+ echo "# $item is not set" >> .config.nosuid.tmp
+ grep -w "$item" .config.orig >> .config.suid.tmp
+ done
+ merge_config.sh -m .config.orig .config.nosuid.tmp
+ cp .config .config.nosuid
+ merge_config.sh -m .config.allno .config.suid.tmp
+ cp .config .config.suid
+
+ # compile with no suid apps
+ cp .config.nosuid .config
+ oe_runmake busybox_unstripped
+ cp busybox_unstripped busybox.nosuid
+ oe_runmake busybox.links
+ cp busybox.links busybox.links.nosuid
+
+ # compile with suid apps
+ cp .config.suid .config
+ oe_runmake busybox_unstripped
+ cp busybox_unstripped busybox.suid
+ oe_runmake busybox.links
+ cp busybox.links busybox.links.suid
+
+ # copy .config.orig back to .config, because the install process may check this file
+ cp .config.orig .config
+
+ # cleanup
+ rm .config.orig .config.nosuid.tmp .config.allno .config.suid.tmp .config.nosuid .config.suid
+ else
+ oe_runmake busybox_unstripped
+ cp busybox_unstripped busybox
+ oe_runmake busybox.links
+ fi
}
do_install () {
- oe_runmake busybox.links
if [ "${prefix}" != "/usr" ]; then
- sed "s:^/usr/:${prefix}/:" busybox.links > busybox.links.new
- mv busybox.links.new busybox.links
+ sed -i "s:^/usr/:${prefix}/:" busybox.links*
fi
if [ "${base_sbindir}" != "/sbin" ]; then
- sed "s:^/sbin/:${base_sbindir}/:" busybox.links > busybox.links.new
- mv busybox.links.new busybox.links
+ sed "s:^/sbin/:${base_sbindir}/:" busybox.links*
fi
install -d ${D}${sysconfdir}/init.d
@@ -157,12 +193,21 @@ do_install () {
# Install /bin/busybox, and the /bin/sh link so the postinst script
# can run. Let update-alternatives handle the rest.
install -d ${D}${base_bindir}
- if grep -q "CONFIG_FEATURE_SUID=y" ${B}/.config; then
- install -m 4755 ${B}/busybox ${D}${base_bindir}
+ if [ "${BUSYBOX_SPLIT_SUID}" = "1" ]; then
+ install -m 4755 ${B}/busybox.suid ${D}${base_bindir}
+ install -m 0755 ${B}/busybox.nosuid ${D}${base_bindir}
+ install -m 0644 ${S}/busybox.links.suid ${D}${sysconfdir}
+ install -m 0644 ${S}/busybox.links.nosuid ${D}${sysconfdir}
+ ln -sf busybox.nosuid ${D}${base_bindir}/sh
else
- install -m 0755 ${B}/busybox ${D}${base_bindir}
+ if grep -q "CONFIG_FEATURE_SUID=y" ${B}/.config; then
+ install -m 4755 ${B}/busybox ${D}${base_bindir}
+ else
+ install -m 0755 ${B}/busybox ${D}${base_bindir}
+ fi
+ install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
+ ln -sf busybox ${D}${base_bindir}/sh
fi
- ln -sf busybox ${D}${base_bindir}/sh
else
install -d ${D}${base_bindir} ${D}${base_sbindir}
install -d ${D}${libdir} ${D}${bindir} ${D}${sbindir}
@@ -181,6 +226,7 @@ do_install () {
if [ -f ${D}/linuxrc.${BPN} ]; then
mv ${D}/linuxrc.${BPN} ${D}/linuxrc
fi
+ install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
fi
if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then
@@ -217,7 +263,6 @@ do_install () {
install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf
fi
fi
- install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -d ${D}${systemd_unitdir}/system
@@ -248,22 +293,27 @@ python do_package_prepend () {
dvar = d.getVar('D', True)
pn = d.getVar('PN', True)
- f = open('%s/etc/busybox.links' % (dvar), 'r')
-
- if os.path.exists('%s/bin/busybox' % (dvar)):
- d.setVar('ALTERNATIVE_TARGET', "/bin/busybox")
-
- for alt_link_name in f:
- alt_link_name = alt_link_name.strip()
- alt_name = os.path.basename(alt_link_name)
-
- # Match coreutils
- if alt_name == '[':
- alt_name = 'lbracket'
- d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
- d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
- f.close()
+ def set_alternative_vars(links, target):
+ f = open('%s%s' % (dvar, links), 'r')
+ for alt_link_name in f:
+ alt_link_name = alt_link_name.strip()
+ alt_name = os.path.basename(alt_link_name)
+ # Match coreutils
+ if alt_name == '[':
+ alt_name = 'lbracket'
+ d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
+ d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
+ if os.path.exists('%s%s' % (dvar, target)):
+ d.setVarFlag('ALTERNATIVE_TARGET', alt_name, target)
+ f.close()
+ return
+
+ if os.path.exists('%s/etc/busybox.links' % (dvar)):
+ set_alternative_vars("/etc/busybox.links", "/bin/busybox")
+ else:
+ set_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid")
+ set_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid")
}
pkg_prerm_${PN} () {
diff --git a/meta/recipes-core/busybox/busybox_1.20.2.bb b/meta/recipes-core/busybox/busybox_1.20.2.bb
index 3ff8a88..511f1f8 100644
--- a/meta/recipes-core/busybox/busybox_1.20.2.bb
+++ b/meta/recipes-core/busybox/busybox_1.20.2.bb
@@ -36,7 +36,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://busybox-sulogin-empty-root-password.patch \
file://inetd.conf \
file://inetd \
- file://login-utilities.cfg"
+ file://login-utilities.cfg \
+ file://suid_config_list"
SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"
SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 5/8] packagegroup-core-boot: use busybox as the default login manager
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
` (3 preceding siblings ...)
2013-06-07 6:13 ` [PATCH 4/8] busybox: add the ability to split the busybox binary Qi.Chen
@ 2013-06-07 6:13 ` Qi.Chen
2013-06-07 6:14 ` [PATCH 6/8] packagegroup-core-basic: set " Qi.Chen
` (2 subsequent siblings)
7 siblings, 0 replies; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:13 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
tinylogin has been deprecated and the functionality ported into busybox,
so we switch to using busybox as the default login manager.
[YOCTO #4207]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../packagegroups/packagegroup-core-boot.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/packagegroups/packagegroup-core-boot.bb b/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
index 9306a34..d69c41d 100644
--- a/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-core-boot.bb
@@ -25,7 +25,7 @@ RCONFLICTS_${PN} = "task-core-boot"
# Distro can override the following VIRTUAL-RUNTIME providers:
VIRTUAL-RUNTIME_dev_manager ?= "udev"
-VIRTUAL-RUNTIME_login_manager ?= "tinylogin"
+VIRTUAL-RUNTIME_login_manager ?= "busybox"
VIRTUAL-RUNTIME_init_manager ?= "sysvinit"
VIRTUAL-RUNTIME_initscripts ?= "initscripts"
VIRTUAL-RUNTIME_keymaps ?= "keymaps"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 6/8] packagegroup-core-basic: set the default login manager
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
` (4 preceding siblings ...)
2013-06-07 6:13 ` [PATCH 5/8] packagegroup-core-boot: use busybox as the default login manager Qi.Chen
@ 2013-06-07 6:14 ` Qi.Chen
2013-06-07 6:14 ` [PATCH 7/8] mingetty: lower the ALTERNATIVE_PRIORITY Qi.Chen
2013-06-07 6:14 ` [PATCH 8/8] tinylogin: remove recipe Qi.Chen
7 siblings, 0 replies; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:14 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
Set the default login manager to 'busybox', drop the mingetty in
the RDEPENDS, use ${VIRTUAL-RUNTIME_login_manager} instead.
mingetty doesn't work with serial consoles, so if the login console
is ttyS0 for example, we get error messages on screen and cannot login
on ttyS0.
The login manager, no matter it's tinylogin or busybox, provides
getty, so we can just rdepend on it.
[YOCTO #4207]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../packagegroups/packagegroup-core-basic.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended/packagegroups/packagegroup-core-basic.bb b/meta/recipes-extended/packagegroups/packagegroup-core-basic.bb
index 31cac33..00405d6 100644
--- a/meta/recipes-extended/packagegroups/packagegroup-core-basic.bb
+++ b/meta/recipes-extended/packagegroups/packagegroup-core-basic.bb
@@ -92,11 +92,12 @@ RDEPENDS_packagegroup-core-dev-utils = "\
VIRTUAL-RUNTIME_initscripts ?= "initscripts"
VIRTUAL-RUNTIME_init_manager ?= "sysvinit"
+VIRTUAL-RUNTIME_login_manager ?= "busybox"
RDEPENDS_packagegroup-core-initscripts = "\
${VIRTUAL-RUNTIME_initscripts} \
${VIRTUAL-RUNTIME_init_manager} \
ethtool \
- mingetty \
+ ${VIRTUAL-RUNTIME_login_manager} \
sysklogd \
"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 7/8] mingetty: lower the ALTERNATIVE_PRIORITY
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
` (5 preceding siblings ...)
2013-06-07 6:14 ` [PATCH 6/8] packagegroup-core-basic: set " Qi.Chen
@ 2013-06-07 6:14 ` Qi.Chen
2013-06-07 6:14 ` [PATCH 8/8] tinylogin: remove recipe Qi.Chen
7 siblings, 0 replies; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:14 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
mingetty doesn't work with serial consoles. Currently, it has the
same ALTERNATIVE_PRIORITY with busybox. So if it is installed with
busybox together, it's possible that the getty is linked to the
mingetty, causing failures when we login to the serial consoles.
Lower the its ALTERNATIVE_PRIORITY to solve this problem.
[YOCTO #4207]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
meta/recipes-extended/mingetty/mingetty_1.08.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/mingetty/mingetty_1.08.bb b/meta/recipes-extended/mingetty/mingetty_1.08.bb
index 6c53957..fbd9cb4 100644
--- a/meta/recipes-extended/mingetty/mingetty_1.08.bb
+++ b/meta/recipes-extended/mingetty/mingetty_1.08.bb
@@ -25,4 +25,4 @@ inherit update-alternatives
ALTERNATIVE_${PN} = "getty"
ALTERNATIVE_LINK_NAME[getty] = "${base_sbindir}/getty"
ALTERNATIVE_TARGET[getty] = "${base_sbindir}/mingetty"
-ALTERNATIVE_PRIORITY = "50"
+ALTERNATIVE_PRIORITY = "10"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [PATCH 8/8] tinylogin: remove recipe
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
` (6 preceding siblings ...)
2013-06-07 6:14 ` [PATCH 7/8] mingetty: lower the ALTERNATIVE_PRIORITY Qi.Chen
@ 2013-06-07 6:14 ` Qi.Chen
7 siblings, 0 replies; 16+ messages in thread
From: Qi.Chen @ 2013-06-07 6:14 UTC (permalink / raw)
To: openembedded-core; +Cc: qingtao.cao
From: Chen Qi <Qi.Chen@windriver.com>
tinylogin has been deprecated and the functionality ported into busybox.
We now use busybox as the login manager, so the tinylogin recipe could
be deleted.
[YOCTO #4207]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../tinylogin/tinylogin-1.4/add-system.patch | 117 ---
.../tinylogin-1.4/adduser-empty_pwd.patch | 45 --
.../tinylogin/tinylogin-1.4/avoid_static.patch | 33 -
.../tinylogin/tinylogin-1.4/cvs-20040608.patch | 823 --------------------
.../tinylogin/tinylogin-1.4/glibc_crypt_fix.patch | 23 -
.../tinylogin-1.4/passwd_rotate_check.patch | 41 -
.../tinylogin/tinylogin-1.4/remove-index.patch | 13 -
.../tinylogin/tinylogin-1.4/use_O2_option.patch | 21 -
meta/recipes-core/tinylogin/tinylogin_1.4.bb | 45 --
9 files changed, 1161 deletions(-)
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/add-system.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/adduser-empty_pwd.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/avoid_static.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/cvs-20040608.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/remove-index.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/use_O2_option.patch
delete mode 100644 meta/recipes-core/tinylogin/tinylogin_1.4.bb
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/add-system.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/add-system.patch
deleted file mode 100644
index 0a97974..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/add-system.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-Upstream-Status: Backport
-
-? add-system.patch
-? cvs-20040608.patch
-? familiar
-? pod2htmd.tmp
-? pod2htmi.tmp
-? system.diff
-? tinylogin_1.4-20030620.1_arm.ipk
-? tinylogin_1.4-20030620.1_arm.ipk.asc
-? tinylogin_1.4-20030620.1_arm.ipk.upload.html
-? tinylogin_1.4-20030620.2_arm.ipk
-? tinylogin_1.4-20030620.2_arm.ipk.asc
-? tinylogin_1.4-20030620.2_arm.ipk.upload.html
-? tinylogin_1.4-20030620_arm.ipk
-? tinylogin_1.4-20030620_arm.ipk.asc
-? tinylogin_1.4-20030620_arm.ipk.upload.html
-? tmp
-Index: addgroup.c
-===================================================================
-RCS file: /var/cvs/tinylogin/addgroup.c,v
-retrieving revision 1.23
-diff -u -r1.23 addgroup.c
---- a/addgroup.c 9 Jan 2003 18:43:29 -0000 1.23
-+++ b/addgroup.c 8 Jun 2004 08:56:08 -0000
-@@ -31,6 +31,7 @@
- #include <sys/stat.h>
- #include <sys/types.h>
- #include <unistd.h>
-+#include <getopt.h>
- #include "tinylogin.h"
-
- #define GROUP_FILE "/etc/group"
-@@ -124,6 +125,11 @@
- return 0;
- }
-
-+static struct option long_options[] = {
-+ { "system", 0, NULL, 'S' },
-+ { 0, 0, 0, 0 }
-+};
-+
- /*
- * addgroup will take a login_name as its first parameter.
- *
-@@ -136,14 +142,19 @@
- int opt;
- char *group;
- char *user;
-+ int option_index = -1;
- gid_t gid = 0;
-+ int system = 0;
-
- /* get remaining args */
-- while ((opt = getopt (argc, argv, "g:")) != -1) {
-+ while ((opt = getopt_long (argc, argv, "g:S", long_options, &option_index)) != -1) {
- switch (opt) {
- case 'g':
- gid = strtol(optarg, NULL, 10);
- break;
-+ case 'S':
-+ system = 1;
-+ break;
- default:
- show_usage();
- break;
-Index: adduser.c
-===================================================================
-RCS file: /var/cvs/tinylogin/adduser.c,v
-retrieving revision 1.38
-diff -u -r1.38 adduser.c
---- a/adduser.c 21 Jun 2003 19:35:42 -0000 1.38
-+++ b/adduser.c 8 Jun 2004 08:56:09 -0000
-@@ -66,13 +66,13 @@
-
- /* remix */
- /* EDR recoded such that the uid may be passed in *p */
--static int passwd_study(const char *filename, struct passwd *p)
-+static int passwd_study(const char *filename, struct passwd *p, int system)
- {
- struct passwd *pw;
- FILE *passwd;
-
-- const int min = 500;
-- const int max = 65000;
-+ const int min = system ? 10 : 500;
-+ const int max = system ? 99 : 65000;
-
- passwd = wfopen(filename, "r");
- if (!passwd)
-@@ -142,7 +142,7 @@
- }
-
- /* putpwent(3) remix */
--static int adduser(const char *filename, struct passwd *p, int makehome, int setpass)
-+static int adduser(const char *filename, struct passwd *p, int makehome, int setpass, int system)
- {
- FILE *passwd;
- int r;
-@@ -165,7 +165,7 @@
- fseek(passwd, 0, SEEK_END);
-
- /* if (passwd_study(filename, p) == 0) { */
-- r = passwd_study(filename, p);
-+ r = passwd_study(filename, p, system);
- if (r) {
- if (r == 1)
- error_msg("%s: login already in use", p->pw_name);
-@@ -357,7 +357,7 @@
- }
-
- /* grand finale */
-- return adduser(PASSWD_FILE, &pw, makehome, setpass);
-+ return adduser(PASSWD_FILE, &pw, makehome, setpass, system);
- }
-
- /* $Id: adduser.c,v 1.38 2003/06/21 19:35:42 andersen Exp $ */
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/adduser-empty_pwd.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/adduser-empty_pwd.patch
deleted file mode 100644
index 3a4c6d7..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/adduser-empty_pwd.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Inappropriate [embedded specific]
-
---- tinylogin-1.4/adduser.c.orig 2004-09-30 18:01:46.000000000 +0200
-+++ tinylogin-1.4/adduser.c 2004-09-30 18:07:01.000000000 +0200
-@@ -249,6 +249,7 @@
- struct option long_options[] = {
- { "home", 1, NULL, 'h' },
- { "disabled-password", 0, NULL, 'D' },
-+ { "empty-password", 0, NULL, 'E' },
- { "system", 0, NULL, 'S' },
- { "ingroup", 1, NULL, 'G' },
- { "no-create-home", 0, NULL, 'H' },
-@@ -287,7 +288,7 @@
- shell = default_shell;
-
- /* get args */
-- while ((opt = getopt_long (argc, argv, "h:g:s:G:DSH", long_options, &option_index)) != -1) {
-+ while ((opt = getopt_long (argc, argv, "h:g:s:G:DESH", long_options, &option_index)) != -1) {
- switch (opt) {
- case 'h':
- home = optarg;
-@@ -304,6 +305,9 @@
- case 'D':
- setpass = 0;
- break;
-+ case 'E':
-+ setpass = -1;
-+ break;
- case 'S':
- system = 1;
- break;
-@@ -338,7 +342,12 @@
-
- /* create a passwd struct */
- pw.pw_name = (char *)login;
-- pw.pw_passwd = (char *)default_passwd;
-+ if (setpass != -1)
-+ pw.pw_passwd = (char *)default_passwd;
-+ else {
-+ pw.pw_passwd = (char *)"";
-+ setpass = 0;
-+ }
- pw.pw_uid = 0;
- pw.pw_gid = 0;
- pw.pw_gecos = (char *)gecos;
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/avoid_static.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/avoid_static.patch
deleted file mode 100644
index 8a06af0..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/avoid_static.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-tinylogin: Do not link statically when building debug
-
-For some reason if DODEBUG was enabled (to prevent stripping) the binary was
-also statically linked. This patch prevents that behavior.
-
-Upstream-Status: Inappropriate [no upstream]
-
-Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-
-diff -ur tinylogin-1.4.orig/Makefile tinylogin-1.4/Makefile
---- tinylogin-1.4.orig/Makefile 2011-06-18 11:00:23.073927349 -0500
-+++ tinylogin-1.4/Makefile 2011-06-18 11:03:26.394849372 -0500
-@@ -123,20 +123,6 @@
- LDFLAGS += -s -Wl,-warn-common
- STRIP = $(STRIPTOOL) --remove-section=.note --remove-section=.comment $(PROG)
- endif
--ifeq ($(strip $(DODEBUG)),true)
-- LDFLAGS += --static
-- #
-- #use '-ffunction-sections -fdata-sections' and '--gc-sections' (if they
-- # work) to try and strip out any unused junk. Doesn't do much for me,
-- # but you may want to give it a shot...
-- #
-- #ifeq ($(shell $(CC) -ffunction-sections -fdata-sections -S \
-- # -o /dev/null -xc /dev/null 2>/dev/null && $(LD) \
-- # --gc-sections -v >/dev/null && echo 1),1)
-- # CFLAGS += -ffunction-sections -fdata-sections
-- # LDFLAGS += --gc-sections
-- #endif
--endif
- ifeq ($(strip $(DOSTATIC)),true)
- LDFLAGS += --static
- #
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/cvs-20040608.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/cvs-20040608.patch
deleted file mode 100644
index 33bc301..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/cvs-20040608.patch
+++ /dev/null
@@ -1,823 +0,0 @@
-Upstream-Status: Backport
-
-Index: Config.h
-===================================================================
-RCS file: /var/cvs/tinylogin/Config.h,v
-retrieving revision 1.10
-retrieving revision 1.12
-diff -u -r1.10 -r1.12
---- a/Config.h 23 Jun 2002 03:09:07 -0000 1.10
-+++ b/Config.h 17 Feb 2003 11:51:55 -0000 1.12
-@@ -27,15 +27,11 @@
- // Enable checking of /etc/securetty by login
- #define CONFIG_FEATURE_SECURETTY
- //
--// Enable using sha passwords
--#define CONFIG_FEATURE_SHA1_PASSWORDS
--//
- // Enable use of a wheel group
- #define CONFIG_WHEEL_GROUP
- //
--// This compiles out everything but the most
--// trivial --help usage information (i.e. reduces binary size)
--#define CONFIG_FEATURE_TRIVIAL_HELP
-+// Show verbose usage messages
-+//#define CONFIG_FEATURE_VERBOSE_USAGE
- //
- // Enable 'tinylogin --install [-s]' to allow tinylogin
- // to create links (or symlinks) at runtime for all the
-@@ -48,10 +44,6 @@
- // Nothing beyond this point should ever be touched by
- // mere mortals so leave this stuff alone.
- //
--#ifdef CONFIG_FEATURE_SHA1_PASSWORDS
--#define CONFIG_SHA1
--#endif
--//
- #ifdef CONFIG_FEATURE_SHADOWPASSWDS
- #define CONFIG_SHADOW
- #endif
-Index: addgroup.c
-===================================================================
-RCS file: /var/cvs/tinylogin/addgroup.c,v
-retrieving revision 1.22
-retrieving revision 1.23
-diff -u -r1.22 -r1.23
---- a/addgroup.c 12 Dec 2002 08:46:03 -0000 1.22
-+++ b/addgroup.c 9 Jan 2003 18:43:29 -0000 1.23
-@@ -133,23 +133,33 @@
- * ________________________________________________________________________ */
- int addgroup_main(int argc, char **argv)
- {
-+ int opt;
- char *group;
- char *user;
- gid_t gid = 0;
-
-- if (argc < 2) {
-- show_usage();
-+ /* get remaining args */
-+ while ((opt = getopt (argc, argv, "g:")) != -1) {
-+ switch (opt) {
-+ case 'g':
-+ gid = strtol(optarg, NULL, 10);
-+ break;
-+ default:
-+ show_usage();
-+ break;
-+ }
- }
-
-- if (strncmp(argv[1], "-g", 2) == 0) {
-- gid = strtol(argv[2], NULL, 10);
-- group = argv[2];
-+ if (optind < argc) {
-+ group = argv[optind];
-+ optind++;
- } else {
- show_usage();
- }
--
-- if (argc == 4) {
-- user = argv[3];
-+
-+ if (optind < argc) {
-+ user = argv[optind];
-+ optind++;
- } else {
- user = "";
- }
-@@ -163,4 +173,4 @@
- return addgroup(GROUP_FILE, group, gid, user);
- }
-
--/* $Id: addgroup.c,v 1.22 2002/12/12 08:46:03 andersen Exp $ */
-+/* $Id: addgroup.c,v 1.23 2003/01/09 18:43:29 andersen Exp $ */
-Index: adduser.c
-===================================================================
-RCS file: /var/cvs/tinylogin/adduser.c,v
-retrieving revision 1.37
-retrieving revision 1.38
-diff -u -r1.37 -r1.38
---- a/adduser.c 12 Dec 2002 08:46:03 -0000 1.37
-+++ b/adduser.c 21 Jun 2003 19:35:42 -0000 1.38
-@@ -21,6 +21,9 @@
- *
- */
-
-+#ifndef _GNU_SOURCE
-+#define _GNU_SOURCE
-+#endif
- #include <errno.h>
- #include <fcntl.h>
- #include <stdarg.h>
-@@ -29,6 +32,7 @@
- #include <string.h>
- #include <time.h>
- #include <unistd.h>
-+#include <getopt.h>
- #include <sys/param.h>
- #include <sys/stat.h>
- #include <sys/types.h>
-@@ -93,21 +97,23 @@
- }
- }
-
-- /* EDR check for an already existing gid */
-- while (getgrgid(p->pw_uid) != NULL)
-- p->pw_uid++;
--
-- /* EDR also check for an existing group definition */
-- if (getgrnam(p->pw_name) != NULL)
-- return 3;
-+ if (p->pw_gid == 0) {
-+ /* EDR check for an already existing gid */
-+ while (getgrgid(p->pw_uid) != NULL)
-+ p->pw_uid++;
-+
-+ /* EDR also check for an existing group definition */
-+ if (getgrnam(p->pw_name) != NULL)
-+ return 3;
-+
-+ /* EDR create new gid always = uid */
-+ p->pw_gid = p->pw_uid;
-+ }
-
- /* EDR bounds check */
- if ((p->pw_uid > max) || (p->pw_uid < min))
- return 2;
-
-- /* EDR create new gid always = uid */
-- p->pw_gid = p->pw_uid;
--
- /* return 1; */
- return 0;
- }
-@@ -136,7 +142,7 @@
- }
-
- /* putpwent(3) remix */
--static int adduser(const char *filename, struct passwd *p)
-+static int adduser(const char *filename, struct passwd *p, int makehome, int setpass)
- {
- FILE *passwd;
- int r;
-@@ -144,6 +150,11 @@
- FILE *shadow;
- struct spwd *sp;
- #endif
-+ int new_group = 1;
-+
-+ /* if using a pre-existing group, don't create one */
-+ if (p->pw_gid != 0)
-+ new_group = 0;
-
- /* make sure everything is kosher and setup uid && gid */
- passwd = wfopen(filename, "a");
-@@ -194,29 +205,36 @@
- }
- #endif
-
-- /* add to group */
-- /* addgroup should be responsible for dealing w/ gshadow */
-- addgroup_wrapper(p->pw_name, p->pw_gid);
-+ if (new_group) {
-+ /* add to group */
-+ /* addgroup should be responsible for dealing w/ gshadow */
-+ addgroup_wrapper(p->pw_name, p->pw_gid);
-+ }
-
- /* Clear the umask for this process so it doesn't
- * * screw up the permissions on the mkdir and chown. */
- umask(0);
-
-- /* mkdir */
-- if (mkdir(p->pw_dir, 0755)) {
-- perror_msg("%s", p->pw_dir);
-- }
-- /* Set the owner and group so it is owned by the new user. */
-- if (chown(p->pw_dir, p->pw_uid, p->pw_gid)) {
-- perror_msg("%s", p->pw_dir);
-- }
-- /* Now fix up the permissions to 2755. Can't do it before now
-- * since chown will clear the setgid bit */
-- if (chmod(p->pw_dir, 02755)) {
-- perror_msg("%s", p->pw_dir);
-+ if (makehome) {
-+ /* mkdir */
-+ if (mkdir(p->pw_dir, 0755)) {
-+ perror_msg("%s", p->pw_dir);
-+ }
-+ /* Set the owner and group so it is owned by the new user. */
-+ if (chown(p->pw_dir, p->pw_uid, p->pw_gid)) {
-+ perror_msg("%s", p->pw_dir);
-+ }
-+ /* Now fix up the permissions to 2755. Can't do it before now
-+ * since chown will clear the setgid bit */
-+ if (chmod(p->pw_dir, 02755)) {
-+ perror_msg("%s", p->pw_dir);
-+ }
-+ }
-+
-+ if (setpass) {
-+ /* interactively set passwd */
-+ passwd_wrapper(p->pw_name);
- }
-- /* interactively set passwd */
-- passwd_wrapper(p->pw_name);
-
- return 0;
- }
-@@ -228,6 +246,15 @@
- return geteuid();
- }
-
-+struct option long_options[] = {
-+ { "home", 1, NULL, 'h' },
-+ { "disabled-password", 0, NULL, 'D' },
-+ { "system", 0, NULL, 'S' },
-+ { "ingroup", 1, NULL, 'G' },
-+ { "no-create-home", 0, NULL, 'H' },
-+ { 0, 0, 0, 0 }
-+};
-+
- /*
- * adduser will take a login_name as its first parameter.
- *
-@@ -244,6 +271,11 @@
- const char *gecos;
- const char *home = NULL;
- const char *shell;
-+ const char *usegroup = NULL;
-+ int option_index = -1;
-+ int setpass = 1;
-+ int makehome = 1;
-+ int system = 0;
-
- struct passwd pw;
-
-@@ -255,7 +287,7 @@
- shell = default_shell;
-
- /* get args */
-- while ((opt = getopt (argc, argv, "h:g:s:")) != -1) {
-+ while ((opt = getopt_long (argc, argv, "h:g:s:G:DSH", long_options, &option_index)) != -1) {
- switch (opt) {
- case 'h':
- home = optarg;
-@@ -266,6 +298,18 @@
- case 's':
- shell = optarg;
- break;
-+ case 'H':
-+ makehome = 0;
-+ break;
-+ case 'D':
-+ setpass = 0;
-+ break;
-+ case 'S':
-+ system = 1;
-+ break;
-+ case 'G':
-+ usegroup = optarg;
-+ break;
- default:
- show_usage ();
- break;
-@@ -301,8 +345,19 @@
- pw.pw_dir = (char *)home;
- pw.pw_shell = (char *)shell;
-
-+ if (usegroup) {
-+ /* Add user to a group that already exists */
-+ struct group *g;
-+
-+ g = getgrnam(usegroup);
-+ if (g == NULL)
-+ error_msg_and_die("group %s does not exist", usegroup);
-+
-+ pw.pw_gid = g->gr_gid;
-+ }
-+
- /* grand finale */
-- return adduser(PASSWD_FILE, &pw);
-+ return adduser(PASSWD_FILE, &pw, makehome, setpass);
- }
-
--/* $Id: adduser.c,v 1.37 2002/12/12 08:46:03 andersen Exp $ */
-+/* $Id: adduser.c,v 1.38 2003/06/21 19:35:42 andersen Exp $ */
-Index: install.sh
-===================================================================
-RCS file: /var/cvs/tinylogin/install.sh,v
-retrieving revision 1.10
-retrieving revision 1.11
-diff -u -r1.10 -r1.11
---- a/install.sh 23 Jun 2002 03:09:07 -0000 1.10
-+++ b/install.sh 6 Mar 2003 19:29:17 -0000 1.11
-@@ -21,11 +21,11 @@
- h=`sort tinylogin.links | uniq`
-
-
--mkdir -p $prefix/bin || exit 1
-+install -d -m 0755 $prefix/bin || exit 1
-
- for i in $h ; do
- appdir=`dirname $i`
-- mkdir -p $prefix/$appdir || exit 1
-+ install -d -m 0755 $prefix/$appdir || exit 1
- if [ "$2" = "--hardlinks" ]; then
- bb_path="$prefix/bin/tinylogin"
- else
-Index: passwd.c
-===================================================================
-RCS file: /var/cvs/tinylogin/passwd.c,v
-retrieving revision 1.19
-retrieving revision 1.20
-diff -u -r1.19 -r1.20
---- a/passwd.c 7 Nov 2002 02:34:15 -0000 1.19
-+++ b/passwd.c 17 Feb 2003 11:51:55 -0000 1.20
-@@ -25,10 +25,6 @@
- {
- int x = 0; /* standart: DES */
-
--#ifdef CONFIG_FEATURE_SHA1_PASSWORDS
-- if (strcasecmp(a, "sha1") == 0)
-- x = 2;
--#endif
- if (strcasecmp(a, "md5") == 0)
- x = 1;
- return x;
-@@ -394,11 +390,6 @@
- bzero(cp, strlen(cp));
- bzero(orig, sizeof(orig));
-
--#ifdef CONFIG_FEATURE_SHA1_PASSWORDS
-- if (algo == 2) {
-- cp = pw_encrypt(pass, "$2$");
-- } else
--#endif
- if (algo == 1) {
- cp = pw_encrypt(pass, "$1$");
- } else
-Index: sha1.c
-===================================================================
-RCS file: sha1.c
-diff -N sha1.c
---- a/sha1.c 20 Dec 2000 21:54:28 -0000 1.2
-+++ /dev/null 1 Jan 1970 00:00:00 -0000
-@@ -1,187 +0,0 @@
--/* vi: set sw=4 ts=4: */
--/*
-- Implements the Secure Hash Algorithm (SHA1)
--
-- Copyright (C) 1999 Scott G. Miller
--
-- Released under the terms of the GNU General Public License v2
-- see file COPYING for details
--
-- Credits:
-- Robert Klep <robert@ilse.nl> -- Expansion function fix
-- ---
-- FIXME: This source takes int to be a 32 bit integer. This
-- may vary from system to system. I'd use autoconf if I was familiar
-- with it. Anyone want to help me out?
--*/
--
--void sha_hash(int *, int *);
--void sha_init(int *);
--char *sprint_hash(int *);
--void do_sha_hash(int *, int *);
--
--/*
-- added 3 functions for sha passowrd stuff (mainly inspired from stuff seen in main.c from shasum-1.3 package)
--*/
--#include <stdio.h>
--#include <string.h>
--#include <stdlib.h>
--
--#include <endian.h>
--/* On big endian machines, we need to reverse the input to process
-- the blocks correctly */
--
--#define switch_endianness(x) (x<<24 & 0xff000000) | \
-- (x<<8 & 0x00ff0000) | \
-- (x>>8 & 0x0000ff00) | \
-- (x>>24 & 0x000000ff)
--
--/* Initial hash values */
--#define Ai 0x67452301
--#define Bi 0xefcdab89
--#define Ci 0x98badcfe
--#define Di 0x10325476
--#define Ei 0xc3d2e1f0
--
--/* SHA1 round constants */
--#define K1 0x5a827999
--#define K2 0x6ed9eba1
--#define K3 0x8f1bbcdc
--#define K4 0xca62c1d6
--
--/* Round functions. Note that f2() is used in both rounds 2 and 4 */
--#define f1(B,C,D) ((B & C) | ((~B) & D))
--#define f2(B,C,D) (B ^ C ^ D)
--#define f3(B,C,D) ((B & C) | (B & D) | (C & D))
--
--/* left circular shift functions (rotate left) */
--#define rol1(x) ((x<<1) | ((x>>31) & 1))
--#define rol5(A) ((A<<5) | ((A>>27) & 0x1f))
--#define rol30(B) ((B<<30) | ((B>>2) & 0x3fffffff))
--
--/*
-- Hashes 'data', which should be a pointer to 512 bits of data (sixteen
-- 32 bit ints), into the ongoing 160 bit hash value (five 32 bit ints)
-- 'hash'
--*/
--void sha_hash(int *data, int *hash)
--{
-- int W[80];
-- unsigned int A = hash[0], B = hash[1], C = hash[2], D = hash[3], E =
-- hash[4];
-- unsigned int t, x, TEMP;
--
-- for (t = 0; t < 16; t++) {
--#ifdef BIG_ENDIAN
-- W[t] = switch_endianness(data[t]);
--#else
-- W[t] = data[t];
--#endif
-- }
--
--
-- /* SHA1 Data expansion */
-- for (t = 16; t < 80; t++) {
-- x = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
-- W[t] = rol1(x);
-- }
--
-- /* SHA1 main loop (t=0 to 79)
-- This is broken down into four subloops in order to use
-- the correct round function and constant */
-- for (t = 0; t < 20; t++) {
-- TEMP = rol5(A) + f1(B, C, D) + E + W[t] + K1;
-- E = D;
-- D = C;
-- C = rol30(B);
-- B = A;
-- A = TEMP;
-- }
-- for (; t < 40; t++) {
-- TEMP = rol5(A) + f2(B, C, D) + E + W[t] + K2;
-- E = D;
-- D = C;
-- C = rol30(B);
-- B = A;
-- A = TEMP;
-- }
-- for (; t < 60; t++) {
-- TEMP = rol5(A) + f3(B, C, D) + E + W[t] + K3;
-- E = D;
-- D = C;
-- C = rol30(B);
-- B = A;
-- A = TEMP;
-- }
-- for (; t < 80; t++) {
-- TEMP = rol5(A) + f2(B, C, D) + E + W[t] + K4;
-- E = D;
-- D = C;
-- C = rol30(B);
-- B = A;
-- A = TEMP;
-- }
-- hash[0] += A;
-- hash[1] += B;
-- hash[2] += C;
-- hash[3] += D;
-- hash[4] += E;
--}
--
--/*
-- Takes a pointer to a 160 bit block of data (five 32 bit ints) and
-- intializes it to the start constants of the SHA1 algorithm. This
-- must be called before using hash in the call to sha_hash
--*/
--void sha_init(int *hash)
--{
-- hash[0] = Ai;
-- hash[1] = Bi;
-- hash[2] = Ci;
-- hash[3] = Di;
-- hash[4] = Ei;
--}
--
--
--/*
-- * write the hash to a string
-- */
--char *sprint_sha1_hash(int *hashval)
--{
-- int x = 0;
-- char *out = NULL;
--
-- if ((out = malloc(43)) == NULL)
-- return NULL;
-- memset(out, 0x00, 43);
-- strcpy(out, "$2$");
-- for (x = 0; x < 5; x++) {
-- sprintf(out + (x * 8) + 3, "%08x", hashval[x]);
-- }
-- out[43] = 0;
-- return out;
--}
--
--
--/*
-- * hash the password
-- */
--void do_sha_hash(int *hashval, int *pw)
--{
-- sha_init(hashval);
-- sha_hash(pw, hashval);
--}
--
--
--/*
-- * hash a charakter string and return the 160bit integer in hex as a character string
-- */
--char *sha1_crypt(const char *pw)
--{
-- int hashval[20];
--
-- memset(hashval, 0x00, sizeof(hashval));
-- do_sha_hash(hashval, (int *) ((char *) pw + 3));
--
-- return sprint_sha1_hash(hashval);
--}
-Index: vlock.c
-===================================================================
-RCS file: /var/cvs/tinylogin/vlock.c,v
-retrieving revision 1.13
-retrieving revision 1.14
-diff -u -r1.13 -r1.14
---- a/vlock.c 19 Sep 2002 03:50:31 -0000 1.13
-+++ b/vlock.c 17 Feb 2003 11:51:56 -0000 1.14
-@@ -26,7 +26,7 @@
- * minimalistic vlock.
- */
- /* Fixed by Erik Andersen to do passwords the tinylogin way...
-- * It now works with md5, sha1, etc passwords. */
-+ * It now works with md5, etc passwords. */
-
- #include "tinylogin.h"
- #include <stdio.h>
-Index: docs/tinylogin.busybox.net/index.html
-===================================================================
-RCS file: /var/cvs/tinylogin/docs/tinylogin.busybox.net/index.html,v
-retrieving revision 1.23
-retrieving revision 1.25
-diff -u -r1.23 -r1.25
---- a/docs/tinylogin.busybox.net/index.html 3 Jan 2003 10:56:32 -0000 1.23
-+++ b/docs/tinylogin.busybox.net/index.html 3 Jan 2003 11:21:53 -0000 1.25
-@@ -56,6 +56,9 @@
- Erik Andersen</a>, and licensed under the
- <a href="http://www.gnu.org/copyleft/gpl.html">GNU GENERAL PUBLIC LICENSE</a>.
-
-+<h3>Mailing List Information</h3>
-+Here are the Tinylogin <a href="/lists/tinylogin/">mailing list archives</a><br>
-+To subscribe, go and visit <a href= "/mailman/listinfo/tinylogin">this page</a>.
-
- <!-- Begin Download section -->
-
-@@ -222,19 +225,19 @@
- <ul>
- <li> <A HREF="http://freshmeat.net/projects/tinylogin/?highlight=tinylogin">
- Freshmeat AppIndex record for TinyLogin</A>
-+ <p>
-
- <li><a href="http://www.busybox.net/">BusyBox</a>
- combines tiny versions of many common UNIX utilities into a single small
- executable. It provides minimalist replacements for most of the utilities
- you usually find on a standard Linux system.
--
- <p>
-+
- <li><a href="http://uclibc.org/uClibc.html">uClibc</a>
- is a C library for embedded systems. You can actually statically link
- a "Hello World" application under x86 that only takes 4k (as opposed to
- 200k under GNU libc). It can do dynamic linking too and works nicely with
- BusyBox to create very small embedded systems.
--
- <p>
-
- </ul>
-Index: include/libbb.h
-===================================================================
-RCS file: /var/cvs/tinylogin/include/libbb.h,v
-retrieving revision 1.1
-retrieving revision 1.2
-diff -u -r1.1 -r1.2
---- a/include/libbb.h 23 Jun 2002 03:09:10 -0000 1.1
-+++ b/include/libbb.h 17 Feb 2003 11:51:57 -0000 1.2
-@@ -39,9 +39,6 @@
- #ifdef CONFIG_FEATURE_SHADOWPASSWDS
- #include "shadow_.h"
- #endif
--#ifdef CONFIG_FEATURE_SHA1_PASSWORDS
--# include "sha1.h"
--#endif
-
- #if (__GNU_LIBRARY__ < 5) && (!defined __dietlibc__)
- /* libc5 doesn't define socklen_t */
-Index: include/sha1.h
-===================================================================
-RCS file: include/sha1.h
-diff -N include/sha1.h
---- a/include/sha1.h 23 Jun 2002 03:09:10 -0000 1.1
-+++ /dev/null 1 Jan 1970 00:00:00 -0000
-@@ -1,3 +0,0 @@
--/* SHA1.H - header file for SHA1.C */
--
--char *sha1_crypt(const char *pw);
-Index: include/usage.h
-===================================================================
-RCS file: /var/cvs/tinylogin/include/usage.h,v
-retrieving revision 1.2
-retrieving revision 1.3
-diff -u -r1.2 -r1.3
---- a/include/usage.h 3 Jul 2002 05:57:00 -0000 1.2
-+++ b/include/usage.h 17 Feb 2003 11:51:57 -0000 1.3
-@@ -33,11 +33,6 @@
- "\t-h\tName of the remote host for this login.\n" \
- "\t-p\tPreserve environment."
-
--#ifdef CONFIG_FEATURE_SHA1_PASSWORDS
-- #define PASSWORD_ALG_TYPES(a) a
--#else
-- #define PASSWORD_ALG_TYPES(a)
--#endif
- #define passwd_trivial_usage \
- "[OPTION] [name]"
- #define passwd_full_usage \
-@@ -46,7 +41,6 @@
- "Options:\n" \
- "\t-a\tDefine which algorithm shall be used for the password.\n" \
- "\t\t\t(Choices: des, md5" \
-- PASSWORD_ALG_TYPES(", sha1") \
- ")\n\t-d\tDelete the password for the specified user account.\n" \
- "\t-l\tLocks (disables) the specified user account.\n" \
- "\t-u\tUnlocks (re-enables) the specified user account."
-Index: libbb/obscure.c
-===================================================================
-RCS file: /var/cvs/tinylogin/libbb/obscure.c,v
-retrieving revision 1.2
-retrieving revision 1.3
-diff -u -r1.2 -r1.3
---- a/libbb/obscure.c 23 Jun 2002 04:05:59 -0000 1.2
-+++ b/libbb/obscure.c 30 Jul 2003 08:41:33 -0000 1.3
-@@ -44,7 +44,7 @@
- * can't be a palindrome - like `R A D A R' or `M A D A M'
- */
-
--static int palindrome(const char *old, const char *newval)
-+static int palindrome(const char *newval)
- {
- int i, j;
-
-@@ -79,24 +79,25 @@
- * a nice mix of characters.
- */
-
--static int simple(const char *old, const char *newval)
-+static int simple(const char *newval)
- {
- int digits = 0;
- int uppers = 0;
- int lowers = 0;
- int others = 0;
-+ int c;
- int size;
- int i;
-
-- for (i = 0; newval[i]; i++) {
-- if (isdigit(newval[i]))
-- digits++;
-- else if (isupper(newval[i]))
-- uppers++;
-- else if (islower(newval[i]))
-- lowers++;
-+ for (i = 0; (c = *newval++) != 0; i++) {
-+ if (isdigit(c))
-+ digits = c;
-+ else if (isupper(c))
-+ uppers = c;
-+ else if (islower(c))
-+ lowers = c;
- else
-- others++;
-+ others = c;
- }
-
- /*
-@@ -129,49 +130,53 @@
- return string;
- }
-
--static char *password_check(const char *old, const char *newval, const struct passwd *pwdp)
-+static const char *
-+password_check(const char *old, const char *newval, const struct passwd *pwdp)
- {
-- char *msg = NULL;
-- char *oldmono, *newmono, *wrapped;
-+ const char *msg;
-+ char *newmono, *wrapped;
-+ int lenwrap;
-
- if (strcmp(newval, old) == 0)
- return "no change";
-+ if (simple(newval))
-+ return "too simple";
-
-+ msg = NULL;
- newmono = str_lower(xstrdup(newval));
-- oldmono = str_lower(xstrdup(old));
-- wrapped = (char *) xmalloc(strlen(oldmono) * 2 + 1);
-- strcpy(wrapped, oldmono);
-- strcat(wrapped, oldmono);
-+ lenwrap = strlen(old) * 2 + 1;
-+ wrapped = (char *) xmalloc(lenwrap);
-+ str_lower(strcpy(wrapped, old));
-
-- if (palindrome(oldmono, newmono))
-+ if (palindrome(newmono))
- msg = "a palindrome";
-
-- if (!msg && strcmp(oldmono, newmono) == 0)
-+ else if (strcmp(wrapped, newmono) == 0)
- msg = "case changes only";
-
-- if (!msg && similiar(oldmono, newmono))
-+ else if (similiar(wrapped, newmono))
- msg = "too similiar";
-
-- if (!msg && simple(old, newval))
-- msg = "too simple";
--
-- if (!msg && strstr(wrapped, newmono))
-- msg = "rotated";
-+ else {
-+ safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
-+ if (strstr(wrapped, newmono))
-+ msg = "rotated";
-+ }
-
- bzero(newmono, strlen(newmono));
-- bzero(oldmono, strlen(oldmono));
-- bzero(wrapped, strlen(wrapped));
-+ bzero(wrapped, lenwrap);
- free(newmono);
-- free(oldmono);
- free(wrapped);
-
- return msg;
- }
-
--static char *obscure_msg(const char *old, const char *newval, const struct passwd *pwdp)
-+static const char *
-+obscure_msg(const char *old, const char *newval, const struct passwd *pwdp)
- {
- int maxlen, oldlen, newlen;
-- char *new1, *old1, *msg;
-+ char *new1, *old1;
-+ const char *msg;
-
- oldlen = strlen(old);
- newlen = strlen(newval);
-@@ -233,7 +238,7 @@
-
- extern int obscure(const char *old, const char *newval, const struct passwd *pwdp)
- {
-- char *msg = obscure_msg(old, newval, pwdp);
-+ const char *msg = obscure_msg(old, newval, pwdp);
-
- /* if (msg) { */
- if (msg != NULL) {
-Index: libbb/pw_encrypt.c
-===================================================================
-RCS file: /var/cvs/tinylogin/libbb/pw_encrypt.c,v
-retrieving revision 1.1
-retrieving revision 1.2
-diff -u -r1.1 -r1.2
---- a/libbb/pw_encrypt.c 23 Jun 2002 03:09:12 -0000 1.1
-+++ b/libbb/pw_encrypt.c 17 Feb 2003 11:51:58 -0000 1.2
-@@ -30,11 +30,6 @@
- static char cipher[128];
- char *cp;
-
--#ifdef CONFIG_FEATURE_SHA1_PASSWORDS
-- if (strncmp(salt, "$2$", 3) == 0) {
-- return sha1_crypt(clear);
-- }
--#endif
- cp = (char *) crypt(clear, salt);
- /* if crypt (a nonstandard crypt) returns a string too large,
- truncate it so we don't overrun buffers and hope there is
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
deleted file mode 100644
index 0a24656..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-
-staring from glibc 2.17 the crypt() function will error out and return
-NULL if the seed or "correct" is invalid. The failure case for this is
-an unknown user which tinylogin assigns '!' for the password. crypt()
-now expects a minimum of 2 valid characters. If we get a NULL return
-value from the crypt, assume we fail and return 0.
-
-Upstream-Status: Inappropriate [tinylogin depercated]
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-
-Index: tinylogin-1.4/libbb/correct_password.c
-===================================================================
---- tinylogin-1.4.orig/libbb/correct_password.c
-+++ tinylogin-1.4/libbb/correct_password.c
-@@ -74,5 +74,8 @@ int correct_password ( const struct pass
- }
- encrypted = crypt ( unencrypted, correct );
- memset ( unencrypted, 0, xstrlen ( unencrypted ));
-+ if ( !encrypted )
-+ return 0;
-+
- return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0;
- }
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
deleted file mode 100644
index 513ee5e..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-Status: Inappropriate [legacy version]
-
-Fix rotate check logic
-
-Rotate passwd checking code has logic error, which writes data into
-un-allocated memory. This patch fixes the issue.
-
-Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
-
-diff --git a/libbb/obscure.c b/libbb/obscure.c
-index 750b611..4a07b5f 100644
---- a/libbb/obscure.c
-+++ b/libbb/obscure.c
-@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
- {
- const char *msg;
- char *newmono, *wrapped;
-- int lenwrap;
-+ int lenold, lenwrap;
-
- if (strcmp(newval, old) == 0)
- return "no change";
-@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
-
- msg = NULL;
- newmono = str_lower(xstrdup(newval));
-- lenwrap = strlen(old) * 2 + 1;
-+ lenold = strlen(old);
-+ lenwrap = lenold * 2 + 1;
- wrapped = (char *) xmalloc(lenwrap);
- str_lower(strcpy(wrapped, old));
-
-@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
- msg = "too similiar";
-
- else {
-- safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
-+ safe_strncpy(wrapped + lenold, wrapped, lenold + 1);
- if (strstr(wrapped, newmono))
- msg = "rotated";
- }
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/remove-index.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/remove-index.patch
deleted file mode 100644
index 9d3c324..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/remove-index.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Upstream-Status: Inappropriate [legacy version]
-
---- /tmp/deluser.c 2007-05-13 10:38:19.000000000 +0200
-+++ tinylogin-1.4/deluser.c 2007-05-13 10:38:50.185251000 +0200
-@@ -60,7 +60,7 @@
- }
- start++;
-
-- stop = index(start, '\n'); /* index is a BSD-ism */
-+ stop = strchr(start, '\n'); /* index is a BSD-ism, strchr hopefully isn't */
- b.start = start - buffer;
- b.stop = stop - buffer;
- return b;
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/use_O2_option.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/use_O2_option.patch
deleted file mode 100644
index 5b88060..0000000
--- a/meta/recipes-core/tinylogin/tinylogin-1.4/use_O2_option.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-tinylogin will meet segment fault if compiled by gcc-4.5.0 when enable both
-frename-registers and Os options. Use O2 instead.
-
-Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
-
-diff -ruN tinylogin-1.4-orig/Makefile tinylogin-1.4/Makefile
---- tinylogin-1.4-orig/Makefile 2010-09-16 13:02:06.302192295 +0800
-+++ tinylogin-1.4/Makefile 2010-09-16 13:02:34.634167846 +0800
-@@ -97,9 +97,7 @@
- #--------------------------------------------------------
-
-
--# use '-Os' optimization if available, else use -O2
--OPTIMIZATION = $(shell if $(CC) -Os -S -o /dev/null -xc /dev/null >/dev/null 2>&1; \
-- then echo "-Os"; else echo "-O2" ; fi)
-+OPTIMIZATION = -O2
-
- WARNINGS = -Wall
-
diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
deleted file mode 100644
index d1da0e2..0000000
--- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb
+++ /dev/null
@@ -1,45 +0,0 @@
-SECTION = "base"
-SUMMARY = "Tiny versions of many common login, authentication and related utilities."
-DESCRIPTION = "TinyLogin is a suite of tiny UNIX \
-utilities for handling logins, user authentication, \
-changing passwords, and otherwise maintaining users \
-and groups on an embedded system."
-HOMEPAGE = "http://tinylogin.busybox.net/"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269"
-PR = "r9"
-
-inherit update-alternatives
-
-SRC_URI = "http://www.angstrom-distribution.org/unstable/sources/tinylogin-${PV}.tar.bz2 \
- file://cvs-20040608.patch \
- file://add-system.patch \
- file://adduser-empty_pwd.patch \
- file://remove-index.patch \
- file://use_O2_option.patch \
- file://passwd_rotate_check.patch \
- file://avoid_static.patch \
- file://glibc_crypt_fix.patch \
- "
-
-SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
-SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"
-
-EXTRA_OEMAKE = ""
-
-do_compile () {
- oe_runmake 'CC=${CC}' 'CROSS=${HOST_PREFIX}' 'DODEBUG=true'
-}
-
-do_install () {
- install -d ${D}${base_bindir}
- install -m 4755 tinylogin ${D}${base_bindir}/tinylogin
- for i in `cat tinylogin.links`; do
- mkdir -p ${D}/`dirname $i`
- ln -sf /bin/tinylogin ${D}$i
- done
-}
-
-ALTERNATIVE_${PN} = "getty"
-ALTERNATIVE_LINK_NAME[getty] = "${base_sbindir}/getty"
-ALTERNATIVE_PRIORITY = "80"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH 1/8] busybox: remove the postinst part of the recipe
2013-06-07 6:13 ` [PATCH 1/8] busybox: remove the postinst part of the recipe Qi.Chen
@ 2013-06-07 12:32 ` Otavio Salvador
2013-06-08 2:10 ` ChenQi
0 siblings, 1 reply; 16+ messages in thread
From: Otavio Salvador @ 2013-06-07 12:32 UTC (permalink / raw)
To: ChenQi; +Cc: qingtao.cao, Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 687 bytes --]
On Fri, Jun 7, 2013 at 3:13 AM, <Qi.Chen@windriver.com> wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
>
> Remove the pkg_postinst_${PN} from this recipe, as it's redundant.
> It basically wants to do the same thing as the update-alternatives
> does. But it doesn't do it well.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>
Instead of removing it, please convert it here for update-alternatives so
it keeps working on this commit and allow bisect in future if need.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://projetos.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
[-- Attachment #2: Type: text/html, Size: 1283 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 2/8] busybox: add support for CONFIG_FEATURE_INDIVIDUAL
2013-06-07 6:13 ` [PATCH 2/8] busybox: add support for CONFIG_FEATURE_INDIVIDUAL Qi.Chen
@ 2013-06-07 12:33 ` Otavio Salvador
0 siblings, 0 replies; 16+ messages in thread
From: Otavio Salvador @ 2013-06-07 12:33 UTC (permalink / raw)
To: ChenQi; +Cc: qingtao.cao, Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 1298 bytes --]
On Fri, Jun 7, 2013 at 3:13 AM, <Qi.Chen@windriver.com> wrote:
> From: Chen Qi <Qi.Chen@windriver.com>
>
> Previously, if CONFIG_FEATURE_INDIVIDUAL was enabled for busybox,
> yocto-based systems could start correctly.
>
> This is because if busybox is built as individual apps, '/bin/busybox'
> may not be present, so setting the default ALTERNATIVE_TARGET to
> '/bin/busybox' is not appropriate and could lead to errors.
>
> This patch fixes this problem by checking the existence of '/bin/busybox'
> before setting the ALTERNATIVE_TARGET to '/bin/busybox'.
>
> After this change, if busybox is built as individual apps, we'll have
> links like '/bin/ls -> /bin/ls.busybox', otherwise, we'll have links
> like '/bin/ls -> /bin/busybox'.
>
> Note there's a grep expression change in this patch. The old expression
> doesn't work well, it has an unwanted underscore, so I changed it to make
> it work.
>
> [YOCTO #4570]
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>
Please rework 1/8 and reduce the changes here. This will be easier to test
and review this way.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://projetos.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
[-- Attachment #2: Type: text/html, Size: 1993 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/8] busybox: remove the postinst part of the recipe
2013-06-07 12:32 ` Otavio Salvador
@ 2013-06-08 2:10 ` ChenQi
2013-06-09 12:03 ` Otavio Salvador
0 siblings, 1 reply; 16+ messages in thread
From: ChenQi @ 2013-06-08 2:10 UTC (permalink / raw)
To: Otavio Salvador
Cc: qingtao.cao, Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 1109 bytes --]
On 06/07/2013 08:32 PM, Otavio Salvador wrote:
>
>
>
> On Fri, Jun 7, 2013 at 3:13 AM, <Qi.Chen@windriver.com
> <mailto:Qi.Chen@windriver.com>> wrote:
>
> From: Chen Qi <Qi.Chen@windriver.com <mailto:Qi.Chen@windriver.com>>
>
> Remove the pkg_postinst_${PN} from this recipe, as it's redundant.
> It basically wants to do the same thing as the update-alternatives
> does. But it doesn't do it well.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com
> <mailto:Qi.Chen@windriver.com>>
>
>
> Instead of removing it, please convert it here for update-alternatives
> so it keeps working on this commit and allow bisect in future if need.
>
Hi Otavio,
Thanks for your review and comments.
Sorry but I don't understand it :(
What do you mean by "convert it for update-alternatives"?
Could you please give me a little more explanation?
Best Regards,
Chen Qi
> --
> Otavio Salvador O.S. Systems
> http://www.ossystems.com.br http://projetos.ossystems.com.br
> Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
[-- Attachment #2: Type: text/html, Size: 3059 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 1/8] busybox: remove the postinst part of the recipe
2013-06-08 2:10 ` ChenQi
@ 2013-06-09 12:03 ` Otavio Salvador
0 siblings, 0 replies; 16+ messages in thread
From: Otavio Salvador @ 2013-06-09 12:03 UTC (permalink / raw)
To: ChenQi; +Cc: qingtao.cao, Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 1209 bytes --]
On Fri, Jun 7, 2013 at 11:10 PM, ChenQi <Qi.Chen@windriver.com> wrote:
> On 06/07/2013 08:32 PM, Otavio Salvador wrote:
>
>
>
>
> On Fri, Jun 7, 2013 at 3:13 AM, <Qi.Chen@windriver.com> wrote:
>
>> From: Chen Qi <Qi.Chen@windriver.com>
>>
>> Remove the pkg_postinst_${PN} from this recipe, as it's redundant.
>> It basically wants to do the same thing as the update-alternatives
>> does. But it doesn't do it well.
>>
>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>>
>
> Instead of removing it, please convert it here for update-alternatives
> so it keeps working on this commit and allow bisect in future if need.
>
> Hi Otavio,
>
> Thanks for your review and comments.
> Sorry but I don't understand it :(
> What do you mean by "convert it for update-alternatives"?
> Could you please give me a little more explanation?
>
Yes, add the update-alternatives support here as well so we can remove the
postinst and add the new code in same patch; it allows for bisect :)
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://projetos.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
[-- Attachment #2: Type: text/html, Size: 2712 bytes --]
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 4/8] busybox: add the ability to split the busybox binary
2013-06-07 6:13 ` [PATCH 4/8] busybox: add the ability to split the busybox binary Qi.Chen
@ 2013-06-11 20:26 ` Bernhard Reutner-Fischer
2013-06-13 6:46 ` ChenQi
0 siblings, 1 reply; 16+ messages in thread
From: Bernhard Reutner-Fischer @ 2013-06-11 20:26 UTC (permalink / raw)
To: Qi.Chen; +Cc: qingtao.cao, Denys Vlasenko, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 11601 bytes --]
On Fri, Jun 07, 2013 at 02:13:58PM +0800, Qi.Chen@windriver.com wrote:
>From: Chen Qi <Qi.Chen@windriver.com>
>
>This patch enables us to split the busybox into two binaries, one
>containing suid applications, and the other containing nosuid apps.
>
>Add a variable, BUSYBOX_SPLIT_SUID, to control whether to split the
>busybox binary into two parts. We default it to "1" to enable the
>splitting, but users could still override it to disable the splitting.
>After all, busybox has no internal support for this suid apps splitting,
>so there might be users out there who want just one busybox binary.
>
>Add a configuration file, suid_config_list, to control which applications
>should be splitted into the suid binary. The list is first obtained from
>the information in include/applets.h. Some extra config items are also
>added to the list as they are related to the suid apps. I choose to use
>a configuration file here because if some config item is missed, we could
>add it to the list easily.
>
>[YOCTO #4207]
>
>Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>---
> .../busybox/busybox-1.20.2/suid_config_list | 48 +++++++++
> meta/recipes-core/busybox/busybox.inc | 104 +++++++++++++++-----
> meta/recipes-core/busybox/busybox_1.20.2.bb | 3 +-
> 3 files changed, 127 insertions(+), 28 deletions(-)
> create mode 100644 meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
>
>diff --git a/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list b/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
>new file mode 100644
>index 0000000..16a0b76
>--- /dev/null
>+++ b/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
>@@ -0,0 +1,48 @@
>+# This file lists all config items which are related to suid apps in busybox.
>+# The following list is obtained with the command below (splitted into two lines for readability).
>+# for i in `grep -E "APPLET.*BB_SUID_((MAYBE|REQUIRE))" include/applets.h | grep -v _BB_SUID_DROP |
>+# cut -f 3 -d '(' | cut -f 1 -d ','`; do grep -i -E "config_(feature_|)$i(_| )" .config; done | cut -d' ' -f2
>+CONFIG_PING
>+CONFIG_PING6
>+CONFIG_CRONTAB
>+CONFIG_FINDFS
>+CONFIG_LOGIN
>+CONFIG_LOGIN_SESSION_AS_CHILD
>+CONFIG_LOGIN_SCRIPTS
>+CONFIG_MOUNT
>+CONFIG_FEATURE_MOUNT_FAKE
>+CONFIG_FEATURE_MOUNT_VERBOSE
>+CONFIG_FEATURE_MOUNT_HELPERS
>+CONFIG_FEATURE_MOUNT_LABEL
>+CONFIG_FEATURE_MOUNT_NFS
>+CONFIG_FEATURE_MOUNT_CIFS
>+CONFIG_FEATURE_MOUNT_FLAGS
>+CONFIG_FEATURE_MOUNT_FSTAB
>+CONFIG_FEATURE_MOUNT_LOOP
>+CONFIG_FEATURE_MOUNT_LOOP_CREATE
>+CONFIG_PASSWD
>+CONFIG_FEATURE_PASSWD_WEAK_CHECK
>+CONFIG_SU
>+CONFIG_FEATURE_SU_SYSLOG
>+CONFIG_FEATURE_SU_CHECKS_SHELLS
>+CONFIG_TRACEROUTE
>+CONFIG_FEATURE_TRACEROUTE_VERBOSE
>+CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE
>+CONFIG_FEATURE_TRACEROUTE_USE_ICMP
>+CONFIG_TRACEROUTE6
>+CONFIG_VLOCK
>+CONFIG_WALL
>+
>+# The following list is obtained by examining the Config.in file in busybox manually.
>+# These config items are also related to suid apps.
>+CONFIG_FEATURE_FANCY_PING
>+CONFIG_FEATURE_SHADOWPASSWDS
>+CONFIG_USE_BB_PWD_GRP
>+CONFIG_USE_BB_SHADOW
>+CONFIG_USE_BB_CRYPT
>+CONFIG_USE_BB_CRYPT_SHA
>+CONFIG_PAM
>+CONFIG_FEATURE_NOLOGIN
>+CONFIG_FEATURE_SECURETTY
>+CONFIG_CRYPTPW
>+CONFIG_CHPASSWD
>diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
>index 99d4e99..9984c5a 100644
>--- a/meta/recipes-core/busybox/busybox.inc
>+++ b/meta/recipes-core/busybox/busybox.inc
>@@ -12,6 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb"
>
> SECTION = "base"
>
>+# Whether to split the suid apps into a seperate binary
>+BUSYBOX_SPLIT_SUID ?= "1"
>+
> export EXTRA_CFLAGS = "${CFLAGS}"
> export EXTRA_LDFLAGS = "${LDFLAGS}"
>
>@@ -136,19 +139,52 @@ do_configure () {
>
> do_compile() {
> unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
>- oe_runmake busybox_unstripped
>- cp busybox_unstripped busybox
>+ if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then
>+ # split the .config into two parts, and make two busybox binaries
cat .config > .config-oe-full
# it would be nice to 'for s in suid nosuid'
# but that would mean operating on ${s}_config_list which bitbake (IIRC)
# ruins. Better rename the files to config_list.suid to be able to loop.
#
for s in suid nosuid; do
egrep ^CONFIG_ ${WORKDIR}/config_list.$s | while read i; do
grep -w "$i" .config
done > .config.$s
# populate the config, default everything else to no
KCONFIG_ALLCONFIG=config.$s make allnoconfig
oe_runmake busybox_unstripped busybox.links
mv busybox_unstripped busybox.$s
mv busybox.links busybox.links.$s
done
cat .config-oe-full > .config
I would much prefer to make the generation of the suid cfg stuff more
robust. Could you live with the attached helper thing (untested)?
That would make it a prepended oe_runmake busybox.applets.suid to
generate the list busybox.applets.suid. If that suits your needs we can
apply it to busybox for general use..
The other possibility is, obviously, to fit all this in busybox' build
itself, but given that we do have a seemingly working, bugless suid
handling this might be better suited to be dealt with by the user as you
suggest here.
Thoughts?
thanks,
>+ cp .config .config.orig
>+ oe_runmake allnoconfig
>+ cp .config .config.allno
>+ for item in `grep 'CONFIG_' ${WORKDIR}/suid_config_list`; do
>+ echo "# $item is not set" >> .config.nosuid.tmp
>+ grep -w "$item" .config.orig >> .config.suid.tmp
>+ done
>+ merge_config.sh -m .config.orig .config.nosuid.tmp
>+ cp .config .config.nosuid
>+ merge_config.sh -m .config.allno .config.suid.tmp
>+ cp .config .config.suid
>+
>+ # compile with no suid apps
>+ cp .config.nosuid .config
>+ oe_runmake busybox_unstripped
>+ cp busybox_unstripped busybox.nosuid
>+ oe_runmake busybox.links
>+ cp busybox.links busybox.links.nosuid
>+
>+ # compile with suid apps
>+ cp .config.suid .config
>+ oe_runmake busybox_unstripped
>+ cp busybox_unstripped busybox.suid
>+ oe_runmake busybox.links
>+ cp busybox.links busybox.links.suid
>+
>+ # copy .config.orig back to .config, because the install process may check this file
>+ cp .config.orig .config
>+
>+ # cleanup
>+ rm .config.orig .config.nosuid.tmp .config.allno .config.suid.tmp .config.nosuid .config.suid
>+ else
>+ oe_runmake busybox_unstripped
>+ cp busybox_unstripped busybox
>+ oe_runmake busybox.links
>+ fi
> }
>
> do_install () {
>- oe_runmake busybox.links
> if [ "${prefix}" != "/usr" ]; then
>- sed "s:^/usr/:${prefix}/:" busybox.links > busybox.links.new
>- mv busybox.links.new busybox.links
>+ sed -i "s:^/usr/:${prefix}/:" busybox.links*
> fi
> if [ "${base_sbindir}" != "/sbin" ]; then
>- sed "s:^/sbin/:${base_sbindir}/:" busybox.links > busybox.links.new
>- mv busybox.links.new busybox.links
>+ sed "s:^/sbin/:${base_sbindir}/:" busybox.links*
> fi
>
> install -d ${D}${sysconfdir}/init.d
>@@ -157,12 +193,21 @@ do_install () {
> # Install /bin/busybox, and the /bin/sh link so the postinst script
> # can run. Let update-alternatives handle the rest.
> install -d ${D}${base_bindir}
>- if grep -q "CONFIG_FEATURE_SUID=y" ${B}/.config; then
>- install -m 4755 ${B}/busybox ${D}${base_bindir}
>+ if [ "${BUSYBOX_SPLIT_SUID}" = "1" ]; then
>+ install -m 4755 ${B}/busybox.suid ${D}${base_bindir}
>+ install -m 0755 ${B}/busybox.nosuid ${D}${base_bindir}
>+ install -m 0644 ${S}/busybox.links.suid ${D}${sysconfdir}
>+ install -m 0644 ${S}/busybox.links.nosuid ${D}${sysconfdir}
>+ ln -sf busybox.nosuid ${D}${base_bindir}/sh
> else
>- install -m 0755 ${B}/busybox ${D}${base_bindir}
>+ if grep -q "CONFIG_FEATURE_SUID=y" ${B}/.config; then
>+ install -m 4755 ${B}/busybox ${D}${base_bindir}
>+ else
>+ install -m 0755 ${B}/busybox ${D}${base_bindir}
>+ fi
>+ install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
>+ ln -sf busybox ${D}${base_bindir}/sh
> fi
>- ln -sf busybox ${D}${base_bindir}/sh
> else
> install -d ${D}${base_bindir} ${D}${base_sbindir}
> install -d ${D}${libdir} ${D}${bindir} ${D}${sbindir}
>@@ -181,6 +226,7 @@ do_install () {
> if [ -f ${D}/linuxrc.${BPN} ]; then
> mv ${D}/linuxrc.${BPN} ${D}/linuxrc
> fi
>+ install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
> fi
>
> if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then
>@@ -217,7 +263,6 @@ do_install () {
> install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf
> fi
> fi
>- install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
>
> if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
> install -d ${D}${systemd_unitdir}/system
>@@ -248,22 +293,27 @@ python do_package_prepend () {
>
> dvar = d.getVar('D', True)
> pn = d.getVar('PN', True)
>- f = open('%s/etc/busybox.links' % (dvar), 'r')
>-
>- if os.path.exists('%s/bin/busybox' % (dvar)):
>- d.setVar('ALTERNATIVE_TARGET', "/bin/busybox")
>-
>- for alt_link_name in f:
>- alt_link_name = alt_link_name.strip()
>- alt_name = os.path.basename(alt_link_name)
>-
>- # Match coreutils
>- if alt_name == '[':
>- alt_name = 'lbracket'
>
>- d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
>- d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
>- f.close()
>+ def set_alternative_vars(links, target):
>+ f = open('%s%s' % (dvar, links), 'r')
>+ for alt_link_name in f:
>+ alt_link_name = alt_link_name.strip()
>+ alt_name = os.path.basename(alt_link_name)
>+ # Match coreutils
>+ if alt_name == '[':
>+ alt_name = 'lbracket'
>+ d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
>+ d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
>+ if os.path.exists('%s%s' % (dvar, target)):
>+ d.setVarFlag('ALTERNATIVE_TARGET', alt_name, target)
>+ f.close()
>+ return
>+
>+ if os.path.exists('%s/etc/busybox.links' % (dvar)):
>+ set_alternative_vars("/etc/busybox.links", "/bin/busybox")
>+ else:
>+ set_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid")
>+ set_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid")
> }
>
> pkg_prerm_${PN} () {
>diff --git a/meta/recipes-core/busybox/busybox_1.20.2.bb b/meta/recipes-core/busybox/busybox_1.20.2.bb
>index 3ff8a88..511f1f8 100644
>--- a/meta/recipes-core/busybox/busybox_1.20.2.bb
>+++ b/meta/recipes-core/busybox/busybox_1.20.2.bb
>@@ -36,7 +36,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
> file://busybox-sulogin-empty-root-password.patch \
> file://inetd.conf \
> file://inetd \
>- file://login-utilities.cfg"
>+ file://login-utilities.cfg \
>+ file://suid_config_list"
>
> SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"
> SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"
>--
>1.7.9.5
>
>_______________________________________________
>Openembedded-core mailing list
>Openembedded-core@lists.openembedded.org
>http://lists.openembedded.org/mailman/listinfo/openembedded-core
[-- Attachment #2: 0001-buildsys-Add-helper-to-list-suid-applets.patch --]
[-- Type: text/x-diff, Size: 6649 bytes --]
From f2fd4b0cd08860c1e81f03516faef2b489b2a794 Mon Sep 17 00:00:00 2001
From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Date: Tue, 11 Jun 2013 22:08:22 +0200
Subject: [PATCH] buildsys: Add helper to list suid applets
Add a helper script that lists all applets that do NOT drop suid
privileges.
Some setups prefer to build two busybox binaries, one that is suid which
contains all applets that do or may require suid privileges, and a
second one for all the rest (which drops suid). To ease splitting these
two binaries, generate a list of CONFIG_ items for the suid binary.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
---
Makefile.custom | 5 ++++-
applets/busybox.mksuid | 39 +++++++++++++++++++++++++++++++++++++++
include/applets.src.h | 9 ++++++++-
scripts/kconfig/confdata.c | 24 ++++++++++++++++++++----
4 files changed, 71 insertions(+), 6 deletions(-)
create mode 100755 applets/busybox.mksuid
diff --git a/Makefile.custom b/Makefile.custom
index 6da79e6..41c351f 100644
--- a/Makefile.custom
+++ b/Makefile.custom
@@ -3,7 +3,10 @@
# ==========================================================================
busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
- $(Q)-$(SHELL) $^ >$@
+ $(Q)-$(SHELL) $^ > $@
+
+busybox.applets.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+ $(Q)-$(SHELL) $^ > $@
.PHONY: install
ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
new file mode 100755
index 0000000..4235d89
--- /dev/null
+++ b/applets/busybox.mksuid
@@ -0,0 +1,39 @@
+#!/bin/sh
+# Make busybox list of applets that do NOT drop suid permissions
+
+# input $1: full path to autoconf.h
+# input $2: full path to applets.h
+# input $3: full path to .config
+# output (stdout): list of CONFIG_ that do or may require suid
+
+# Maintainer: Bernhard Reutner-Fischer
+
+export LC_ALL=POSIX
+export LC_CTYPE=POSIX
+
+CONFIG_H=${1:-include/autoconf.h}
+APPLETS_H=${2:-include/applets.h}
+DOT_CONFIG=${3:-.config}
+$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
+ awk '
+ /^SUID[ \t]/{
+ if ($2 == "BB_SUID_DROP") next
+ cfg = $NF
+ gsub("\"", "", cfg)
+ cfg = substr(cfg, 8)
+ s[i++] = "CONFIG_" cfg
+ s[i++] = "CONFIG_FEATURE_" cfg "_.*"
+ }
+ END{
+ while (getline < ARGV[2]) {
+ for (j in s) {
+ if ($0 ~ "^" s[j] "=y$") {
+ sub(/=.*/, "")
+ print
+ if (s[j] !~ /\*$/) delete s[j] # can drop this applet now
+ }
+ }
+ }
+ }
+' - $DOT_CONFIG
+
diff --git a/include/applets.src.h b/include/applets.src.h
index 00172b1..aa319bb 100644
--- a/include/applets.src.h
+++ b/include/applets.src.h
@@ -52,6 +52,12 @@ s - suid type:
# define APPLET_NOEXEC(name,main,l,s,name2) LINK l name
# define APPLET_NOFORK(name,main,l,s,name2) LINK l name
+#elif defined(MAKE_SUID)
+# define APPLET(name,l,s) SUID s l name
+# define APPLET_ODDNAME(name,main,l,s,name2) SUID s l name
+# define APPLET_NOEXEC(name,main,l,s,name2) SUID s l name
+# define APPLET_NOFORK(name,main,l,s,name2) SUID s l name
+
#else
static struct bb_applet applets[] = { /* name, main, location, need_suid */
# define APPLET(name,l,s) { #name, #name, l, s },
@@ -415,7 +421,8 @@ IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
IF_GUNZIP(APPLET_ODDNAME(zcat, gunzip, BB_DIR_BIN, BB_SUID_DROP, zcat))
IF_ZCIP(APPLET(zcip, BB_DIR_SBIN, BB_SUID_DROP))
-#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE)
+#if !defined(PROTOTYPES) && !defined(NAME_MAIN_CNAME) && !defined(MAKE_USAGE) \
+ && !defined(MAKE_LINKS) && !defined(MAKE_SUID)
};
#endif
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index bd2d70e..303df0b 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -474,7 +474,11 @@ int conf_write(const char *name)
fprintf(out_h, "#define CONFIG_%s 1\n", sym->name);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;
@@ -506,7 +510,11 @@ int conf_write(const char *name)
fputs("\"\n", out_h);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;
@@ -518,7 +526,11 @@ int conf_write(const char *name)
fprintf(out_h, "#define CONFIG_%s 0x%s\n", sym->name, str);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;
@@ -532,7 +544,11 @@ int conf_write(const char *name)
fprintf(out_h, "#define CONFIG_%s %s\n", sym->name, str);
/* bbox */
fprintf(out_h, "#define ENABLE_%s 1\n", sym->name);
- fprintf(out_h, "#define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#ifdef MAKE_SUID\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__ \"CONFIG_%s\"\n", sym->name, sym->name);
+ fprintf(out_h, "#else\n");
+ fprintf(out_h, "# define IF_%s(...) __VA_ARGS__\n", sym->name);
+ fprintf(out_h, "#endif\n");
fprintf(out_h, "#define IF_NOT_%s(...)\n", sym->name);
}
break;
--
1.7.10.4
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH 4/8] busybox: add the ability to split the busybox binary
2013-06-11 20:26 ` Bernhard Reutner-Fischer
@ 2013-06-13 6:46 ` ChenQi
2013-06-14 12:04 ` Bernhard Reutner-Fischer
0 siblings, 1 reply; 16+ messages in thread
From: ChenQi @ 2013-06-13 6:46 UTC (permalink / raw)
To: Bernhard Reutner-Fischer; +Cc: qingtao.cao, Denys Vlasenko, openembedded-core
On 06/12/2013 04:26 AM, Bernhard Reutner-Fischer wrote:
> On Fri, Jun 07, 2013 at 02:13:58PM +0800, Qi.Chen@windriver.com wrote:
>> From: Chen Qi <Qi.Chen@windriver.com>
>>
>> This patch enables us to split the busybox into two binaries, one
>> containing suid applications, and the other containing nosuid apps.
>>
>> Add a variable, BUSYBOX_SPLIT_SUID, to control whether to split the
>> busybox binary into two parts. We default it to "1" to enable the
>> splitting, but users could still override it to disable the splitting.
>> After all, busybox has no internal support for this suid apps splitting,
>> so there might be users out there who want just one busybox binary.
>>
>> Add a configuration file, suid_config_list, to control which applications
>> should be splitted into the suid binary. The list is first obtained from
>> the information in include/applets.h. Some extra config items are also
>> added to the list as they are related to the suid apps. I choose to use
>> a configuration file here because if some config item is missed, we could
>> add it to the list easily.
>>
>> [YOCTO #4207]
>>
>> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
>> ---
>> .../busybox/busybox-1.20.2/suid_config_list | 48 +++++++++
>> meta/recipes-core/busybox/busybox.inc | 104 +++++++++++++++-----
>> meta/recipes-core/busybox/busybox_1.20.2.bb | 3 +-
>> 3 files changed, 127 insertions(+), 28 deletions(-)
>> create mode 100644 meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
>>
>> diff --git a/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list b/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
>> new file mode 100644
>> index 0000000..16a0b76
>> --- /dev/null
>> +++ b/meta/recipes-core/busybox/busybox-1.20.2/suid_config_list
>> @@ -0,0 +1,48 @@
>> +# This file lists all config items which are related to suid apps in busybox.
>> +# The following list is obtained with the command below (splitted into two lines for readability).
>> +# for i in `grep -E "APPLET.*BB_SUID_((MAYBE|REQUIRE))" include/applets.h | grep -v _BB_SUID_DROP |
>> +# cut -f 3 -d '(' | cut -f 1 -d ','`; do grep -i -E "config_(feature_|)$i(_| )" .config; done | cut -d' ' -f2
>> +CONFIG_PING
>> +CONFIG_PING6
>> +CONFIG_CRONTAB
>> +CONFIG_FINDFS
>> +CONFIG_LOGIN
>> +CONFIG_LOGIN_SESSION_AS_CHILD
>> +CONFIG_LOGIN_SCRIPTS
>> +CONFIG_MOUNT
>> +CONFIG_FEATURE_MOUNT_FAKE
>> +CONFIG_FEATURE_MOUNT_VERBOSE
>> +CONFIG_FEATURE_MOUNT_HELPERS
>> +CONFIG_FEATURE_MOUNT_LABEL
>> +CONFIG_FEATURE_MOUNT_NFS
>> +CONFIG_FEATURE_MOUNT_CIFS
>> +CONFIG_FEATURE_MOUNT_FLAGS
>> +CONFIG_FEATURE_MOUNT_FSTAB
>> +CONFIG_FEATURE_MOUNT_LOOP
>> +CONFIG_FEATURE_MOUNT_LOOP_CREATE
>> +CONFIG_PASSWD
>> +CONFIG_FEATURE_PASSWD_WEAK_CHECK
>> +CONFIG_SU
>> +CONFIG_FEATURE_SU_SYSLOG
>> +CONFIG_FEATURE_SU_CHECKS_SHELLS
>> +CONFIG_TRACEROUTE
>> +CONFIG_FEATURE_TRACEROUTE_VERBOSE
>> +CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE
>> +CONFIG_FEATURE_TRACEROUTE_USE_ICMP
>> +CONFIG_TRACEROUTE6
>> +CONFIG_VLOCK
>> +CONFIG_WALL
>> +
>> +# The following list is obtained by examining the Config.in file in busybox manually.
>> +# These config items are also related to suid apps.
>> +CONFIG_FEATURE_FANCY_PING
>> +CONFIG_FEATURE_SHADOWPASSWDS
>> +CONFIG_USE_BB_PWD_GRP
>> +CONFIG_USE_BB_SHADOW
>> +CONFIG_USE_BB_CRYPT
>> +CONFIG_USE_BB_CRYPT_SHA
>> +CONFIG_PAM
>> +CONFIG_FEATURE_NOLOGIN
>> +CONFIG_FEATURE_SECURETTY
>> +CONFIG_CRYPTPW
>> +CONFIG_CHPASSWD
>> diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
>> index 99d4e99..9984c5a 100644
>> --- a/meta/recipes-core/busybox/busybox.inc
>> +++ b/meta/recipes-core/busybox/busybox.inc
>> @@ -12,6 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=de10de48642ab74318e893a61105afbb"
>>
>> SECTION = "base"
>>
>> +# Whether to split the suid apps into a seperate binary
>> +BUSYBOX_SPLIT_SUID ?= "1"
>> +
>> export EXTRA_CFLAGS = "${CFLAGS}"
>> export EXTRA_LDFLAGS = "${LDFLAGS}"
>>
>> @@ -136,19 +139,52 @@ do_configure () {
>>
>> do_compile() {
>> unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS
>> - oe_runmake busybox_unstripped
>> - cp busybox_unstripped busybox
>> + if [ "${BUSYBOX_SPLIT_SUID}" = "1" -a x`grep "CONFIG_FEATURE_INDIVIDUAL=y" .config` = x ]; then
>> + # split the .config into two parts, and make two busybox binaries
Hi Bernhard,
Thank you very much for your review and suggestions!
I went through your methods below very carefully and I tried your patch out.
Here are two problems.
1) The config_list.suid could be derived by renaming the `original
suid_config_list' file, but what about the config_list.nosuid? We have a
suid_config_list, because compared with the non-suid apps, the amount of
config items for suid apps or related to suid apps are relatively small.
It seems that config_list.nosuid will be a very long list.
2) Your patch in the attachment worked out well. `make
busybox.applets.suid' generates a file named busybox.applets.suid which
contains the following config items.
CONFIG_LOGIN
CONFIG_PASSWD
CONFIG_FEATURE_PASSWD_WEAK_CHECK
CONFIG_SU
CONFIG_FEATURE_SU_SYSLOG
CONFIG_FEATURE_SU_CHECKS_SHELLS
CONFIG_VLOCK
CONFIG_FINDFS
CONFIG_MOUNT
CONFIG_FEATURE_MOUNT_FAKE
CONFIG_FEATURE_MOUNT_VERBOSE
CONFIG_FEATURE_MOUNT_LABEL
CONFIG_FEATURE_MOUNT_CIFS
CONFIG_FEATURE_MOUNT_FLAGS
CONFIG_FEATURE_MOUNT_FSTAB
CONFIG_FEATURE_MOUNT_LOOP
CONFIG_FEATURE_MOUNT_LOOP_CREATE
CONFIG_CRONTAB
CONFIG_WALL
CONFIG_PING
CONFIG_PING6
CONFIG_TRACEROUTE
CONFIG_TRACEROUTE6
CONFIG_FEATURE_TRACEROUTE_VERBOSE
You see, this is a subset of the suid_config_list. As stated in the
file's comments, part of the list is obtained from a command, and part
of it is obtained by manually examine the Config.in files to find out
the config items that are related to suid apps.
Best Regards,
Chen Qi
> cat .config > .config-oe-full
> # it would be nice to 'for s in suid nosuid'
> # but that would mean operating on ${s}_config_list which bitbake (IIRC)
> # ruins. Better rename the files to config_list.suid to be able to loop.
> #
> for s in suid nosuid; do
> egrep ^CONFIG_ ${WORKDIR}/config_list.$s | while read i; do
> grep -w "$i" .config
> done > .config.$s
>
> # populate the config, default everything else to no
> KCONFIG_ALLCONFIG=config.$s make allnoconfig
> oe_runmake busybox_unstripped busybox.links
> mv busybox_unstripped busybox.$s
> mv busybox.links busybox.links.$s
> done
> cat .config-oe-full > .config
>
> I would much prefer to make the generation of the suid cfg stuff more
> robust. Could you live with the attached helper thing (untested)?
> That would make it a prepended oe_runmake busybox.applets.suid to
> generate the list busybox.applets.suid. If that suits your needs we can
> apply it to busybox for general use..
> The other possibility is, obviously, to fit all this in busybox' build
> itself, but given that we do have a seemingly working, bugless suid
> handling this might be better suited to be dealt with by the user as you
> suggest here.
>
> Thoughts?
> thanks,
>> + cp .config .config.orig
>> + oe_runmake allnoconfig
>> + cp .config .config.allno
>> + for item in `grep 'CONFIG_' ${WORKDIR}/suid_config_list`; do
>> + echo "# $item is not set" >> .config.nosuid.tmp
>> + grep -w "$item" .config.orig >> .config.suid.tmp
>> + done
>> + merge_config.sh -m .config.orig .config.nosuid.tmp
>> + cp .config .config.nosuid
>> + merge_config.sh -m .config.allno .config.suid.tmp
>> + cp .config .config.suid
>> +
>> + # compile with no suid apps
>> + cp .config.nosuid .config
>> + oe_runmake busybox_unstripped
>> + cp busybox_unstripped busybox.nosuid
>> + oe_runmake busybox.links
>> + cp busybox.links busybox.links.nosuid
>> +
>> + # compile with suid apps
>> + cp .config.suid .config
>> + oe_runmake busybox_unstripped
>> + cp busybox_unstripped busybox.suid
>> + oe_runmake busybox.links
>> + cp busybox.links busybox.links.suid
>> +
>> + # copy .config.orig back to .config, because the install process may check this file
>> + cp .config.orig .config
>> +
>> + # cleanup
>> + rm .config.orig .config.nosuid.tmp .config.allno .config.suid.tmp .config.nosuid .config.suid
>> + else
>> + oe_runmake busybox_unstripped
>> + cp busybox_unstripped busybox
>> + oe_runmake busybox.links
>> + fi
>> }
>>
>> do_install () {
>> - oe_runmake busybox.links
>> if [ "${prefix}" != "/usr" ]; then
>> - sed "s:^/usr/:${prefix}/:" busybox.links > busybox.links.new
>> - mv busybox.links.new busybox.links
>> + sed -i "s:^/usr/:${prefix}/:" busybox.links*
>> fi
>> if [ "${base_sbindir}" != "/sbin" ]; then
>> - sed "s:^/sbin/:${base_sbindir}/:" busybox.links > busybox.links.new
>> - mv busybox.links.new busybox.links
>> + sed "s:^/sbin/:${base_sbindir}/:" busybox.links*
>> fi
>>
>> install -d ${D}${sysconfdir}/init.d
>> @@ -157,12 +193,21 @@ do_install () {
>> # Install /bin/busybox, and the /bin/sh link so the postinst script
>> # can run. Let update-alternatives handle the rest.
>> install -d ${D}${base_bindir}
>> - if grep -q "CONFIG_FEATURE_SUID=y" ${B}/.config; then
>> - install -m 4755 ${B}/busybox ${D}${base_bindir}
>> + if [ "${BUSYBOX_SPLIT_SUID}" = "1" ]; then
>> + install -m 4755 ${B}/busybox.suid ${D}${base_bindir}
>> + install -m 0755 ${B}/busybox.nosuid ${D}${base_bindir}
>> + install -m 0644 ${S}/busybox.links.suid ${D}${sysconfdir}
>> + install -m 0644 ${S}/busybox.links.nosuid ${D}${sysconfdir}
>> + ln -sf busybox.nosuid ${D}${base_bindir}/sh
>> else
>> - install -m 0755 ${B}/busybox ${D}${base_bindir}
>> + if grep -q "CONFIG_FEATURE_SUID=y" ${B}/.config; then
>> + install -m 4755 ${B}/busybox ${D}${base_bindir}
>> + else
>> + install -m 0755 ${B}/busybox ${D}${base_bindir}
>> + fi
>> + install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
>> + ln -sf busybox ${D}${base_bindir}/sh
>> fi
>> - ln -sf busybox ${D}${base_bindir}/sh
>> else
>> install -d ${D}${base_bindir} ${D}${base_sbindir}
>> install -d ${D}${libdir} ${D}${bindir} ${D}${sbindir}
>> @@ -181,6 +226,7 @@ do_install () {
>> if [ -f ${D}/linuxrc.${BPN} ]; then
>> mv ${D}/linuxrc.${BPN} ${D}/linuxrc
>> fi
>> + install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
>> fi
>>
>> if grep -q "CONFIG_SYSLOGD=y" ${B}/.config; then
>> @@ -217,7 +263,6 @@ do_install () {
>> install -m 644 ${WORKDIR}/mdev.conf ${D}${sysconfdir}/mdev.conf
>> fi
>> fi
>> - install -m 0644 ${S}/busybox.links ${D}${sysconfdir}
>>
>> if ${@base_contains('DISTRO_FEATURES','systemd','true','false',d)}; then
>> install -d ${D}${systemd_unitdir}/system
>> @@ -248,22 +293,27 @@ python do_package_prepend () {
>>
>> dvar = d.getVar('D', True)
>> pn = d.getVar('PN', True)
>> - f = open('%s/etc/busybox.links' % (dvar), 'r')
>> -
>> - if os.path.exists('%s/bin/busybox' % (dvar)):
>> - d.setVar('ALTERNATIVE_TARGET', "/bin/busybox")
>> -
>> - for alt_link_name in f:
>> - alt_link_name = alt_link_name.strip()
>> - alt_name = os.path.basename(alt_link_name)
>> -
>> - # Match coreutils
>> - if alt_name == '[':
>> - alt_name = 'lbracket'
>>
>> - d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
>> - d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
>> - f.close()
>> + def set_alternative_vars(links, target):
>> + f = open('%s%s' % (dvar, links), 'r')
>> + for alt_link_name in f:
>> + alt_link_name = alt_link_name.strip()
>> + alt_name = os.path.basename(alt_link_name)
>> + # Match coreutils
>> + if alt_name == '[':
>> + alt_name = 'lbracket'
>> + d.appendVar('ALTERNATIVE_%s' % (pn), ' ' + alt_name)
>> + d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link_name)
>> + if os.path.exists('%s%s' % (dvar, target)):
>> + d.setVarFlag('ALTERNATIVE_TARGET', alt_name, target)
>> + f.close()
>> + return
>> +
>> + if os.path.exists('%s/etc/busybox.links' % (dvar)):
>> + set_alternative_vars("/etc/busybox.links", "/bin/busybox")
>> + else:
>> + set_alternative_vars("/etc/busybox.links.nosuid", "/bin/busybox.nosuid")
>> + set_alternative_vars("/etc/busybox.links.suid", "/bin/busybox.suid")
>> }
>>
>> pkg_prerm_${PN} () {
>> diff --git a/meta/recipes-core/busybox/busybox_1.20.2.bb b/meta/recipes-core/busybox/busybox_1.20.2.bb
>> index 3ff8a88..511f1f8 100644
>> --- a/meta/recipes-core/busybox/busybox_1.20.2.bb
>> +++ b/meta/recipes-core/busybox/busybox_1.20.2.bb
>> @@ -36,7 +36,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
>> file://busybox-sulogin-empty-root-password.patch \
>> file://inetd.conf \
>> file://inetd \
>> - file://login-utilities.cfg"
>> + file://login-utilities.cfg \
>> + file://suid_config_list"
>>
>> SRC_URI[tarball.md5sum] = "e025414bc6cd79579cc7a32a45d3ae1c"
>> SRC_URI[tarball.sha256sum] = "eb13ff01dae5618ead2ef6f92ba879e9e0390f9583bd545d8789d27cf39b6882"
>> --
>> 1.7.9.5
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PATCH 4/8] busybox: add the ability to split the busybox binary
2013-06-13 6:46 ` ChenQi
@ 2013-06-14 12:04 ` Bernhard Reutner-Fischer
2013-06-17 5:52 ` ChenQi
0 siblings, 1 reply; 16+ messages in thread
From: Bernhard Reutner-Fischer @ 2013-06-14 12:04 UTC (permalink / raw)
To: ChenQi; +Cc: qingtao.cao, Denys Vlasenko, oe-core
[-- Attachment #1: Type: text/plain, Size: 5735 bytes --]
On 13 June 2013 08:46, ChenQi <Qi.Chen@windriver.com> wrote:
> On 06/12/2013 04:26 AM, Bernhard Reutner-Fischer wrote:
>>
>> On Fri, Jun 07, 2013 at 02:13:58PM +0800, Qi.Chen@windriver.com wrote:
> Hi Bernhard,
>
> Thank you very much for your review and suggestions!
> I went through your methods below very carefully and I tried your patch out.
>
> Here are two problems.
>
> 1) The config_list.suid could be derived by renaming the `original
> suid_config_list' file, but what about the config_list.nosuid? We have a
> suid_config_list, because compared with the non-suid apps, the amount of
> config items for suid apps or related to suid apps are relatively small. It
> seems that config_list.nosuid will be a very long list.
yes. You can derive the nosuid by subtracting the suid from the full .config.
If that is inconvenient, see the attached on top to generate both
busybox.cfg.nosuid and busybox.cfg.suid .
see below.
>
> 2) Your patch in the attachment worked out well. `make busybox.applets.suid'
> generates a file named busybox.applets.suid which contains the following
> config items.
> CONFIG_LOGIN
> CONFIG_PASSWD
> CONFIG_FEATURE_PASSWD_WEAK_CHECK
> CONFIG_SU
> CONFIG_FEATURE_SU_SYSLOG
> CONFIG_FEATURE_SU_CHECKS_SHELLS
> CONFIG_VLOCK
> CONFIG_FINDFS
> CONFIG_MOUNT
> CONFIG_FEATURE_MOUNT_FAKE
> CONFIG_FEATURE_MOUNT_VERBOSE
> CONFIG_FEATURE_MOUNT_LABEL
> CONFIG_FEATURE_MOUNT_CIFS
> CONFIG_FEATURE_MOUNT_FLAGS
> CONFIG_FEATURE_MOUNT_FSTAB
> CONFIG_FEATURE_MOUNT_LOOP
> CONFIG_FEATURE_MOUNT_LOOP_CREATE
> CONFIG_CRONTAB
> CONFIG_WALL
> CONFIG_PING
> CONFIG_PING6
> CONFIG_TRACEROUTE
> CONFIG_TRACEROUTE6
> CONFIG_FEATURE_TRACEROUTE_VERBOSE
>
> You see, this is a subset of the suid_config_list. As stated in the file's
> comments, part of the list is obtained from a command, and part of it is
> obtained by manually examine the Config.in files to find out the config
> items that are related to suid apps.
Yes, i know. Do you have suggestions there?
I think what we/you want is to build:
- busybox.suid with all nosuid *applets* turned off, but the
non-applet CONFIG_ as per full.config
- busybox.nosuid with all suid *applets* turned off, but the
non-applet CONFIG_ as per full.config
I.e. take busybox.cfg.nosuid (contains only applets), take
busybox.cfg.suid (also contains only applets)
subtract these -> non-applet_part_of_full.config.
merge non-applet_part_of_full.config + suid -> bb.suid
merge non-applet_part_of_full.config + nosuid -> bb.nosuid
Didn't try that, but you get the idea.
Would that work out for you?
cheers,
>
> Best Regards,
> Chen Qi
>
>> cat .config > .config-oe-full
>> # it would be nice to 'for s in suid nosuid'
>> # but that would mean operating on ${s}_config_list which bitbake (IIRC)
>> # ruins. Better rename the files to config_list.suid to be able to loop.
>> #
>> for s in suid nosuid; do
>> egrep ^CONFIG_ ${WORKDIR}/config_list.$s | while read i; do
>> grep -w "$i" .config
>> done > .config.$s
>>
>> # populate the config, default everything else to no
>> KCONFIG_ALLCONFIG=config.$s make allnoconfig
>> oe_runmake busybox_unstripped busybox.links
>> mv busybox_unstripped busybox.$s
>> mv busybox.links busybox.links.$s
>> done
>> cat .config-oe-full > .config
>>
>> I would much prefer to make the generation of the suid cfg stuff more
>> robust. Could you live with the attached helper thing (untested)?
>> That would make it a prepended oe_runmake busybox.applets.suid to
>> generate the list busybox.applets.suid. If that suits your needs we can
>> apply it to busybox for general use..
>> The other possibility is, obviously, to fit all this in busybox' build
>> itself, but given that we do have a seemingly working, bugless suid
>> handling this might be better suited to be dealt with by the user as you
>> suggest here.
>>
>> Thoughts?
>> thanks,
>>>
>>> + cp .config .config.orig
>>> + oe_runmake allnoconfig
>>> + cp .config .config.allno
>>> + for item in `grep 'CONFIG_' ${WORKDIR}/suid_config_list`;
>>> do
>>> + echo "# $item is not set" >> .config.nosuid.tmp
>>> + grep -w "$item" .config.orig >> .config.suid.tmp
>>> + done
>>> + merge_config.sh -m .config.orig .config.nosuid.tmp
>>> + cp .config .config.nosuid
>>> + merge_config.sh -m .config.allno .config.suid.tmp
>>> + cp .config .config.suid
>>> +
>>> + # compile with no suid apps
>>> + cp .config.nosuid .config
>>> + oe_runmake busybox_unstripped
>>> + cp busybox_unstripped busybox.nosuid
>>> + oe_runmake busybox.links
>>> + cp busybox.links busybox.links.nosuid
>>> +
>>> + # compile with suid apps
>>> + cp .config.suid .config
>>> + oe_runmake busybox_unstripped
>>> + cp busybox_unstripped busybox.suid
>>> + oe_runmake busybox.links
>>> + cp busybox.links busybox.links.suid
>>> +
>>> + # copy .config.orig back to .config, because the install
>>> process may check this file
>>> + cp .config.orig .config
>>> +
>>> + # cleanup
>>> + rm .config.orig .config.nosuid.tmp .config.allno
>>> .config.suid.tmp .config.nosuid .config.suid
>>> + else
>>> + oe_runmake busybox_unstripped
>>> + cp busybox_unstripped busybox
>>> + oe_runmake busybox.links
>>> + fi
>>> }
[-- Attachment #2: bb-suid-lists-both.00.patch --]
[-- Type: application/octet-stream, Size: 2071 bytes --]
diff --git a/Makefile.custom b/Makefile.custom
index 41c351f..3561e57 100644
--- a/Makefile.custom
+++ b/Makefile.custom
@@ -5,8 +5,10 @@
busybox.links: $(srctree)/applets/busybox.mkll $(objtree)/include/autoconf.h include/applets.h
$(Q)-$(SHELL) $^ > $@
-busybox.applets.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
- $(Q)-$(SHELL) $^ > $@
+busybox.cfg.suid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+ $(Q)-SUID="yes" $(SHELL) $^ > $@
+busybox.cfg.nosuid: $(srctree)/applets/busybox.mksuid $(objtree)/include/autoconf.h include/applets.h
+ $(Q)-SUID="DROP" $(SHELL) $^ > $@
.PHONY: install
ifeq ($(CONFIG_INSTALL_APPLET_SYMLINKS),y)
diff --git a/applets/busybox.mksuid b/applets/busybox.mksuid
index 4235d89..6492c07 100755
--- a/applets/busybox.mksuid
+++ b/applets/busybox.mksuid
@@ -1,11 +1,16 @@
#!/bin/sh
-# Make busybox list of applets that do NOT drop suid permissions
+# Make list of configuration variables regarding suid handling
# input $1: full path to autoconf.h
# input $2: full path to applets.h
# input $3: full path to .config
# output (stdout): list of CONFIG_ that do or may require suid
+# If the environment variable SUID is not set or set to DROP,
+# lists all config options that do not require suid permissions.
+# Otherwise, lists all config options for applets that DO or MAY require
+# suid permissions.
+
# Maintainer: Bernhard Reutner-Fischer
export LC_ALL=POSIX
@@ -14,10 +19,20 @@ export LC_CTYPE=POSIX
CONFIG_H=${1:-include/autoconf.h}
APPLETS_H=${2:-include/applets.h}
DOT_CONFIG=${3:-.config}
+
+case ${SUID:-DROP} in
+[dD][rR][oO][pP]) USE="DROP" ;;
+*) USE="suid" ;;
+esac
+
$HOSTCC -E -DMAKE_SUID -include $CONFIG_H $APPLETS_H |
- awk '
+ awk -v USE=${USE} '
/^SUID[ \t]/{
- if ($2 == "BB_SUID_DROP") next
+ if (USE == "DROP") {
+ if ($2 != "BB_SUID_DROP") next
+ } else {
+ if ($2 == "BB_SUID_DROP") next
+ }
cfg = $NF
gsub("\"", "", cfg)
cfg = substr(cfg, 8)
^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: [PATCH 4/8] busybox: add the ability to split the busybox binary
2013-06-14 12:04 ` Bernhard Reutner-Fischer
@ 2013-06-17 5:52 ` ChenQi
0 siblings, 0 replies; 16+ messages in thread
From: ChenQi @ 2013-06-17 5:52 UTC (permalink / raw)
To: Bernhard Reutner-Fischer; +Cc: qingtao.cao, Denys Vlasenko, oe-core
Thanks for your patience and all your explanations.
Now a version 2 has been sent out, containing changes from your
suggestions and the patch you wrote.
Please help review it if convenient.
Best Regards,
Chen Qi
On 06/14/2013 08:04 PM, Bernhard Reutner-Fischer wrote:
> On 13 June 2013 08:46, ChenQi <Qi.Chen@windriver.com> wrote:
>> On 06/12/2013 04:26 AM, Bernhard Reutner-Fischer wrote:
>>> On Fri, Jun 07, 2013 at 02:13:58PM +0800, Qi.Chen@windriver.com wrote:
>> Hi Bernhard,
>>
>> Thank you very much for your review and suggestions!
>> I went through your methods below very carefully and I tried your patch out.
>>
>> Here are two problems.
>>
>> 1) The config_list.suid could be derived by renaming the `original
>> suid_config_list' file, but what about the config_list.nosuid? We have a
>> suid_config_list, because compared with the non-suid apps, the amount of
>> config items for suid apps or related to suid apps are relatively small. It
>> seems that config_list.nosuid will be a very long list.
> yes. You can derive the nosuid by subtracting the suid from the full .config.
> If that is inconvenient, see the attached on top to generate both
> busybox.cfg.nosuid and busybox.cfg.suid .
> see below.
>> 2) Your patch in the attachment worked out well. `make busybox.applets.suid'
>> generates a file named busybox.applets.suid which contains the following
>> config items.
>> CONFIG_LOGIN
>> CONFIG_PASSWD
>> CONFIG_FEATURE_PASSWD_WEAK_CHECK
>> CONFIG_SU
>> CONFIG_FEATURE_SU_SYSLOG
>> CONFIG_FEATURE_SU_CHECKS_SHELLS
>> CONFIG_VLOCK
>> CONFIG_FINDFS
>> CONFIG_MOUNT
>> CONFIG_FEATURE_MOUNT_FAKE
>> CONFIG_FEATURE_MOUNT_VERBOSE
>> CONFIG_FEATURE_MOUNT_LABEL
>> CONFIG_FEATURE_MOUNT_CIFS
>> CONFIG_FEATURE_MOUNT_FLAGS
>> CONFIG_FEATURE_MOUNT_FSTAB
>> CONFIG_FEATURE_MOUNT_LOOP
>> CONFIG_FEATURE_MOUNT_LOOP_CREATE
>> CONFIG_CRONTAB
>> CONFIG_WALL
>> CONFIG_PING
>> CONFIG_PING6
>> CONFIG_TRACEROUTE
>> CONFIG_TRACEROUTE6
>> CONFIG_FEATURE_TRACEROUTE_VERBOSE
>>
>> You see, this is a subset of the suid_config_list. As stated in the file's
>> comments, part of the list is obtained from a command, and part of it is
>> obtained by manually examine the Config.in files to find out the config
>> items that are related to suid apps.
> Yes, i know. Do you have suggestions there?
> I think what we/you want is to build:
> - busybox.suid with all nosuid *applets* turned off, but the
> non-applet CONFIG_ as per full.config
> - busybox.nosuid with all suid *applets* turned off, but the
> non-applet CONFIG_ as per full.config
>
> I.e. take busybox.cfg.nosuid (contains only applets), take
> busybox.cfg.suid (also contains only applets)
> subtract these -> non-applet_part_of_full.config.
> merge non-applet_part_of_full.config + suid -> bb.suid
> merge non-applet_part_of_full.config + nosuid -> bb.nosuid
>
> Didn't try that, but you get the idea.
> Would that work out for you?
>
> cheers,
>> Best Regards,
>> Chen Qi
>>
>>> cat .config > .config-oe-full
>>> # it would be nice to 'for s in suid nosuid'
>>> # but that would mean operating on ${s}_config_list which bitbake (IIRC)
>>> # ruins. Better rename the files to config_list.suid to be able to loop.
>>> #
>>> for s in suid nosuid; do
>>> egrep ^CONFIG_ ${WORKDIR}/config_list.$s | while read i; do
>>> grep -w "$i" .config
>>> done > .config.$s
>>>
>>> # populate the config, default everything else to no
>>> KCONFIG_ALLCONFIG=config.$s make allnoconfig
>>> oe_runmake busybox_unstripped busybox.links
>>> mv busybox_unstripped busybox.$s
>>> mv busybox.links busybox.links.$s
>>> done
>>> cat .config-oe-full > .config
>>>
>>> I would much prefer to make the generation of the suid cfg stuff more
>>> robust. Could you live with the attached helper thing (untested)?
>>> That would make it a prepended oe_runmake busybox.applets.suid to
>>> generate the list busybox.applets.suid. If that suits your needs we can
>>> apply it to busybox for general use..
>>> The other possibility is, obviously, to fit all this in busybox' build
>>> itself, but given that we do have a seemingly working, bugless suid
>>> handling this might be better suited to be dealt with by the user as you
>>> suggest here.
>>>
>>> Thoughts?
>>> thanks,
>>>> + cp .config .config.orig
>>>> + oe_runmake allnoconfig
>>>> + cp .config .config.allno
>>>> + for item in `grep 'CONFIG_' ${WORKDIR}/suid_config_list`;
>>>> do
>>>> + echo "# $item is not set" >> .config.nosuid.tmp
>>>> + grep -w "$item" .config.orig >> .config.suid.tmp
>>>> + done
>>>> + merge_config.sh -m .config.orig .config.nosuid.tmp
>>>> + cp .config .config.nosuid
>>>> + merge_config.sh -m .config.allno .config.suid.tmp
>>>> + cp .config .config.suid
>>>> +
>>>> + # compile with no suid apps
>>>> + cp .config.nosuid .config
>>>> + oe_runmake busybox_unstripped
>>>> + cp busybox_unstripped busybox.nosuid
>>>> + oe_runmake busybox.links
>>>> + cp busybox.links busybox.links.nosuid
>>>> +
>>>> + # compile with suid apps
>>>> + cp .config.suid .config
>>>> + oe_runmake busybox_unstripped
>>>> + cp busybox_unstripped busybox.suid
>>>> + oe_runmake busybox.links
>>>> + cp busybox.links busybox.links.suid
>>>> +
>>>> + # copy .config.orig back to .config, because the install
>>>> process may check this file
>>>> + cp .config.orig .config
>>>> +
>>>> + # cleanup
>>>> + rm .config.orig .config.nosuid.tmp .config.allno
>>>> .config.suid.tmp .config.nosuid .config.suid
>>>> + else
>>>> + oe_runmake busybox_unstripped
>>>> + cp busybox_unstripped busybox
>>>> + oe_runmake busybox.links
>>>> + fi
>>>> }
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2013-06-17 5:52 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <cover.1370585547.git.Qi.Chen@windriver.com>
2013-06-07 6:13 ` [PATCH 1/8] busybox: remove the postinst part of the recipe Qi.Chen
2013-06-07 12:32 ` Otavio Salvador
2013-06-08 2:10 ` ChenQi
2013-06-09 12:03 ` Otavio Salvador
2013-06-07 6:13 ` [PATCH 2/8] busybox: add support for CONFIG_FEATURE_INDIVIDUAL Qi.Chen
2013-06-07 12:33 ` Otavio Salvador
2013-06-07 6:13 ` [PATCH 3/8] busybox: add a config fragment to enable login utilities Qi.Chen
2013-06-07 6:13 ` [PATCH 4/8] busybox: add the ability to split the busybox binary Qi.Chen
2013-06-11 20:26 ` Bernhard Reutner-Fischer
2013-06-13 6:46 ` ChenQi
2013-06-14 12:04 ` Bernhard Reutner-Fischer
2013-06-17 5:52 ` ChenQi
2013-06-07 6:13 ` [PATCH 5/8] packagegroup-core-boot: use busybox as the default login manager Qi.Chen
2013-06-07 6:14 ` [PATCH 6/8] packagegroup-core-basic: set " Qi.Chen
2013-06-07 6:14 ` [PATCH 7/8] mingetty: lower the ALTERNATIVE_PRIORITY Qi.Chen
2013-06-07 6:14 ` [PATCH 8/8] tinylogin: remove recipe Qi.Chen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.