diff options
Diffstat (limited to 'meta/recipes-core/base-passwd/base-passwd')
4 files changed, 50 insertions, 175 deletions
diff --git a/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch new file mode 100644 index 0000000000..e1340e1b70 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch @@ -0,0 +1,30 @@ +From 9e57771d138ac423d5139b984b8c869122ce4976 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alexk@zuma.ai> +Date: Fri, 28 Jul 2023 10:28:57 +0100 +Subject: [PATCH] base-passwd: Add the sgx group + +To avoid errors from eudev/udev we need an sgx group, but if we add it +via groupadd that causes shadow login to be brought into an image, which +causes images which have CONFIG_MULTIUSER unset to fail with `setgid: +Function not implemented` as shadow's login doesn't implement the +heuristics which busybox has to handle this kernel configuration. + +Upstream-Status: Inappropriate [oe-specific] + +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + group.master | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/group.master b/group.master +index d34d2b832d43..e54fd1d2c6dc 100644 +--- a/group.master ++++ b/group.master +@@ -34,6 +34,7 @@ video:*:44: + sasl:*:45: + plugdev:*:46: + kvm:*:47: ++sgx:*:48: + staff:*:50: + games:*:60: + shutdown:*:70: diff --git a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch b/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch deleted file mode 100644 index 6e236993f5..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/0006-Make-it-possible-to-build-without-debconf-support.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 236d6c8c0dd7e15d9a9795813b94bc87ce09eec5 Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <peter.kjellerstedt@axis.com> -Date: Fri, 29 Apr 2022 19:32:29 +0200 -Subject: [PATCH] Make it possible to build without debconf support - -Not all systems have the debconfclient library available. - -Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/c72aa5dd25a952da25e307761f4526db2c8c39ec] -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - Makefile.am | 1 - - configure.ac | 13 +++++++++++++ - update-passwd.c | 15 +++++++++++++++ - 3 files changed, 28 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index 223916f..4bdd769 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -3,7 +3,6 @@ SUBDIRS = doc man - sbin_PROGRAMS = update-passwd - - update_passwd_SOURCES = update-passwd.c --update_passwd_LDADD = -ldebconfclient - - pkgdata_DATA = passwd.master group.master - -diff --git a/configure.ac b/configure.ac -index 9d1ace5..1e35ad1 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -14,6 +14,19 @@ AC_SYS_LARGEFILE - dnl Scan for things we need - AC_CHECK_FUNCS([putgrent]) - -+dnl Check for debconf -+AC_MSG_CHECKING([whether to enable debconf support]) -+AC_ARG_ENABLE([debconf], -+ [AS_HELP_STRING([--disable-debconf], [disable support for debconf])], -+ [], -+ [enable_debconf=yes]) -+AC_MSG_RESULT($enable_debconf) -+AS_IF([test "x$enable_debconf" != xno], -+ [AC_CHECK_LIB([debconfclient], [debconfclient_new], [], -+ [AC_MSG_ERROR( -+ [debconf support not available (use --disable-debconf to disable)])]) -+ AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])]) -+ - dnl Finally output everything - AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile]) - AC_OUTPUT -diff --git a/update-passwd.c b/update-passwd.c -index 3f3dffa..5b49740 100644 ---- a/update-passwd.c -+++ b/update-passwd.c -@@ -39,7 +39,9 @@ - #include <stdarg.h> - #include <ctype.h> - -+#ifdef HAVE_DEBCONF - #include <cdebconf/debconfclient.h> -+#endif - - #define DEFAULT_PASSWD_MASTER "/usr/share/base-passwd/passwd.master" - #define DEFAULT_GROUP_MASTER "/usr/share/base-passwd/group.master" -@@ -143,6 +145,7 @@ int flag_debconf = 0; - const char* user_domain = DEFAULT_DEBCONF_DOMAIN; - const char* group_domain = DEFAULT_DEBCONF_DOMAIN; - -+#ifdef HAVE_DEBCONF - struct debconfclient* debconf = NULL; - - /* Abort the program if talking to debconf fails. Use ret exactly once. */ -@@ -162,6 +165,10 @@ struct debconfclient* debconf = NULL; - DEBCONF_CHECK(debconf_register(debconf, (template), (question))) - #define DEBCONF_SUBST(question, var, value) \ - DEBCONF_CHECK(debconf_subst(debconf, (question), (var), (value))) -+#else -+#define DEBCONF_REGISTER(template, question) -+#define DEBCONF_SUBST(question, var, value) -+#endif - - - /* malloc() with out-of-memory checking. -@@ -621,6 +628,7 @@ void version() { - * flag. Aborts the problem on any failure. - */ - int ask_debconf(const char* priority, const char* question) { -+#ifdef HAVE_DEBCONF - int ret; - const char* response; - -@@ -640,6 +648,9 @@ int ask_debconf(const char* priority, const char* question) { - return 1; - else - return 0; -+#else -+ return 0; -+#endif - } - - -@@ -1427,6 +1438,7 @@ int main(int argc, char** argv) { - /* If DEBIAN_HAS_FRONTEND is set in the environment, we're running under - * debconf. Enable debconf prompting unless --dry-run was also given. - */ -+#ifdef HAVE_DEBCONF - if (getenv("DEBIAN_HAS_FRONTEND")!=NULL && !opt_dryrun) { - debconf=debconfclient_new(); - if (debconf==NULL) { -@@ -1435,6 +1447,7 @@ int main(int argc, char** argv) { - } - flag_debconf=1; - } -+#endif - - if (read_passwd(&master_accounts, master_passwd)!=0) - return 2; -@@ -1480,8 +1493,10 @@ int main(int argc, char** argv) { - if (!unlock_files()) - return 5; - -+#ifdef HAVE_DEBCONF - if (debconf!=NULL) - debconfclient_delete(debconf); -+#endif - - if (opt_dryrun) - return flag_dirty; diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch new file mode 100644 index 0000000000..d77122789d --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch @@ -0,0 +1,20 @@ + +We need to have a wheel group which has some system privileges to consult the +systemd journal or manage printers with cups. + +Upstream says the group does not exist by default. + +Upstream-Status: Inappropriate [enable feature] + +Signed-off-by: Louis Rannou <lrannou@baylibre.com> +Index: base-passwd-3.5.26/group.master +=================================================================== +--- base-passwd-3.5.29.orig/group.master ++++ base-passwd-3.5.29/group.master +@@ -38,5 +38,6 @@ + staff:*:50: + games:*:60: + shutdown:*:70: ++wheel:*:80: + users:*:100: + nogroup:*:65534: diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch deleted file mode 100644 index 5c63599143..0000000000 --- a/meta/recipes-core/base-passwd/base-passwd/0007-Make-it-possible-to-disable-the-generation-of-the-do.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 63e8270141a296843cfe1daba38e1969ac6d75ae Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <peter.kjellerstedt@axis.com> -Date: Sat, 30 Apr 2022 00:35:34 +0200 -Subject: [PATCH] Make it possible to disable the generation of the - documentation - -Not all systems have docbook and po4a available. - -Upstream-Status: Backport [https://salsa.debian.org/debian/base-passwd/-/commit/2a6d16e595c93084e279d0dcbef37d960b44fd1a] -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - Makefile.am | 2 ++ - configure.ac | 9 +++++++++ - 2 files changed, 11 insertions(+) - -diff --git a/Makefile.am b/Makefile.am -index 4bdd769..97b4f42 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -1,4 +1,6 @@ -+if ENABLE_DOCS - SUBDIRS = doc man -+endif - - sbin_PROGRAMS = update-passwd - -diff --git a/configure.ac b/configure.ac -index 1e35ad1..b98374e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -27,6 +27,15 @@ AS_IF([test "x$enable_debconf" != xno], - [debconf support not available (use --disable-debconf to disable)])]) - AC_DEFINE([HAVE_DEBCONF], [1], [Define if you have libdebconfclient])]) - -+dnl Check whether to build the documentation -+AC_MSG_CHECKING([whether to build the documentation]) -+AC_ARG_ENABLE([docs], -+ [AC_HELP_STRING([--disable-docs], [do not build and install documentation])], -+ [], -+ [enable_docs=yes]) -+AC_MSG_RESULT($enable_docs) -+AM_CONDITIONAL(ENABLE_DOCS, test "x$enable_docs" = xyes) -+ - dnl Finally output everything - AC_CONFIG_FILES([Makefile doc/Makefile man/Makefile]) - AC_OUTPUT |