Accepting request 872327 from Base:System

OBS-URL: https://build.opensuse.org/request/show/872327 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=42
2021-04-15 14:56:33 +00:00 · 2021-04-15 14:56:33 +00:00 · c2abc15313
commit c2abc15313
parent 2ab464b379 451a55ed1d
4 changed files with 238 additions and 29 deletions
--- a/shadow.changes
+++ b/shadow.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Thu Jan 28 22:28:02 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
+
+- Do not require libeconf-devel on products without /usr/etc.
+
+-------------------------------------------------------------------
+Thu Jan 21 06:52:30 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
+
+- Split login.defs configuration file into own sub-package, which
+  allows to install util-linux or pam on small embedded/edge
+  systems or container without the need to pull in the full shadow
+  suite.
+
+-------------------------------------------------------------------
+Wed Nov 11 14:38:13 UTC 2020 - Fabian Vogt <fvogt@suse.com>
+
+- Amend patches/useradd-userkeleton.patch to also write into
+  existing directories and prefer files from /etc
+
+-------------------------------------------------------------------
+Wed Nov 11 11:28:09 UTC 2020 - Dr. Werner Fink <werner@suse.de>
+
+- Add patch useradd-userkeleton.patch to extend original C code
+  of useradd to handle /usr/etc/skel (boo#1173321)
+- Remove /usr/etc/skel support in useradd.local script
+
 -------------------------------------------------------------------
 Mon Nov  2 15:54:02 UTC 2020 - Dr. Werner Fink <werner@suse.de>

@ -169,7 +195,7 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
  * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
  * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
  * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
-  * Fix segfault in useradd (Tomas Mraz)
+  * Fix segfault in useradd (bsc#1141113, Tomas Mraz)
  * Coverity issues (Tomas Mraz)
  * Flush sssd caches (Jakub Hrozek)
  * Log UID in nologin (Vladimir Ivanov)
@ -186,6 +212,9 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
  upstreamed https://github.com/shadow-maint/shadow/pull/112
 - Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
  upstreamed https://github.com/shadow-maint/shadow/issues/110
+- Remove shadow-4.6-bsc1141113-useradd-segfault.patch
+  (SLE15 SP3 and openSUSE Leap 15.3 only)
+  upstreamed https://github.com/shadow-maint/shadow/issues/125
 - Rebase userdel-script.patch
 - Rebase useradd-script.patch
 - Rebase shadow-util-linux.patch
--- a/shadow.spec
+++ b/shadow.spec
@ -1,7 +1,7 @@
 #
 # spec file for package shadow
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -61,6 +61,8 @@ Patch7:         shadow-4.1.5.1-logmsg.patch
 Patch13:        shadow-login_defs-comments.patch
 # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
 Patch14:        shadow-login_defs-suse.patch
+# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321)
+Patch15:        useradd-userkeleton.patch
 # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
 Patch20:        disable_new_audit_function.patch
 BuildRequires:  audit-devel > 2.3
@ -68,7 +70,10 @@ BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libacl-devel
 BuildRequires:  libattr-devel
+# It should be %%if %%{defined no_config}, but OBS cannot handle it:
+%if 0%{?suse_version} >= 1550
 BuildRequires:  libeconf-devel
+%endif
 BuildRequires:  libselinux-devel
 BuildRequires:  libsemanage-devel
 BuildRequires:  libtool
@ -80,6 +85,18 @@ Requires(pre):  permissions
 Requires(pre):  user(root)
 Provides:       pwdutils = 3.2.20
 Obsoletes:      pwdutils <= 3.2.19
+Requires:       login_defs >= %{version}
+Provides:       useradd_or_adduser_dep
+
+%description
+This package includes the necessary programs for converting plain
+password files to the shadow password format and to manage user and
+group accounts.
+
+%package -n login_defs
+Summary:        login.defs configuration file
+Group:          System/Base
+BuildArch:      noarch
 # Virtual provides for supported variables in login.defs.
 # It prevents references to unknown variables.
 # Upgrade them only if shadow-util-linux.patch or
@ -87,12 +104,10 @@ Obsoletes:      pwdutils <= 3.2.19
 # Call shadow-login_defs-check.sh before!
 Provides:       login_defs-support-for-pam = 1.3.1
 Provides:       login_defs-support-for-util-linux = 2.36
-Provides:       useradd_or_adduser_dep

-%description
-This package includes the necessary programs for converting plain
-password files to the shadow password format and to manage user and
-group accounts.
+%description -n login_defs
+This package contains the default login.defs configuration file
+as used by util-linux, pam and shadow.

 %prep
 %setup -q -a 1
@ -106,6 +121,7 @@ group accounts.
 %patch7
 %patch13
 %patch14
+%patch15
 %if 0%{?suse_version} < 1330
 %patch20 -p1
 %endif
@ -215,10 +231,13 @@ fi

 %pre
 %service_add_pre shadow.service shadow.timer
-for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
 done

+%pre -n login_defs
+test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||:
+
 %post
 %set_permissions %{_bindir}/chage
 %set_permissions %{_bindir}/chfn
@ -250,19 +269,22 @@ done
 %service_del_postun shadow.service shadow.timer

 %posttrans
+%if %{defined no_config}
 # Migration to /usr/etc
-for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
  test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
 done
+%endif
+
+%posttrans -n login_defs
+# rpmsave file can be created by
+# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
+# - Migration to /usr/etc (after SLE15 and Leap 15)
+test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||:

 %files -f shadow.lang
 %license COPYING
 %doc NEWS doc/HOWTO README README.changes-pwdutils
-%if %{defined no_config}
-%attr(0644,root,root) %{_distconfdir}/login.defs
-%else
-%attr(0644,root,root) %config %{_sysconfdir}/login.defs
-%endif
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
@ -332,7 +354,6 @@ done
 %{_mandir}/man1/passwd.1%{?ext_man}
 %{_mandir}/man1/sg.1%{?ext_man}
 %{_mandir}/man3/shadow.3%{?ext_man}
-%{_mandir}/man5/login.defs.5%{?ext_man}
 %{_mandir}/man5/shadow.5%{?ext_man}
 %{_mandir}/man8/chpasswd.8%{?ext_man}
 %{_mandir}/man8/groupadd.8%{?ext_man}
@ -356,4 +377,12 @@ done

 %{_unitdir}/*

+%files -n login_defs
+%if %{defined no_config}
+%attr(0644,root,root) %{_distconfdir}/login.defs
+%else
+%attr(0644,root,root) %config %{_sysconfdir}/login.defs
+%endif
+%{_mandir}/man5/login.defs.5%{?ext_man}
+
 %changelog
--- a/useradd-userkeleton.patch
+++ b/useradd-userkeleton.patch
@ -0,0 +1,165 @@
+Copy also skeleton files from /usr/etc/skel (boo#1173321)
+
+---
+ etc/useradd   |    1 +
+ src/useradd.c |   37 +++++++++++++++++++++++++++++++++++++
+ 2 files changed, 38 insertions(+)
+
+Index: etc/useradd
+===================================================================
+--- etc/useradd.orig
+++ etc/useradd
+@@ -5,4 +5,5 @@ INACTIVE=-1
+ EXPIRE=
+ SHELL=/bin/bash
+ SKEL=/etc/skel
+USRSKEL=/usr/etc/skel
+ CREATE_MAIL_SPOOL=yes
+Index: src/useradd.c
+===================================================================
+--- src/useradd.c.orig
+++ src/useradd.c
+@@ -78,6 +78,9 @@
+ #ifndef SKEL_DIR
+ #define SKEL_DIR "/etc/skel"
+ #endif
+#ifndef USRSKELDIR
+#define USRSKELDIR "/usr/etc/skel"
+#endif
+ #ifndef USER_DEFAULTS_FILE
+ #define USER_DEFAULTS_FILE "/etc/default/useradd"
+ #define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
+@@ -101,6 +104,7 @@ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "";
+ static const char *def_template = SKEL_DIR;
+static const char *def_usrtemplate = USRSKELDIR;
+ static const char *def_create_mail_spool = "no";
+ 
+ static long def_inactive = -1;
+@@ -202,6 +206,7 @@ static bool home_added = false;
+ #define DINACT			"INACTIVE="
+ #define DEXPIRE			"EXPIRE="
+ #define DSKEL			"SKEL="
+#define DUSRSKEL		"USRSKEL="
+ #define DCREATE_MAIL_SPOOL	"CREATE_MAIL_SPOOL="
+ 
+ /* local function prototypes */
+@@ -469,6 +474,29 @@ static void get_defaults (void)
+ 		}
+ 
+ 		/*
+		 * Default Usr Skeleton information
+		 */
+		else if (MATCH (buf, DUSRSKEL)) {
+			if ('\0' == *cp) {
+				cp = USRSKELDIR;	/* XXX warning: const */
+			}
+			
+			if(prefix[0]) {
+				size_t len;
+				int wlen;
+				char* _def_usrtemplate; /* avoid const warning */
+
+				len = strlen(prefix) + strlen(cp) + 2;
+				_def_usrtemplate = xmalloc(len);
+				wlen = snprintf(_def_usrtemplate, len, "%s/%s", prefix, cp);
+				assert (wlen == (int) len -1);
+				def_usrtemplate = _def_usrtemplate;
+			}
+			else {
+				def_usrtemplate = xstrdup (cp);
+			}
+		}
+		/*
+ 		 * Create by default user mail spool or not ?
+ 		 */
+ 		else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
+@@ -500,6 +528,7 @@ static void show_defaults (void)
+ 	printf ("EXPIRE=%s\n", def_expire);
+ 	printf ("SHELL=%s\n", def_shell);
+ 	printf ("SKEL=%s\n", def_template);
+	printf ("USRSKEL=%s\n", def_usrtemplate);
+ 	printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
+ }
+ 
+@@ -526,6 +555,7 @@ static int set_defaults (void)
+ 	bool out_expire = false;
+ 	bool out_shell = false;
+ 	bool out_skel = false;
+	bool out_usrskel = false;
+ 	bool out_create_mail_spool = false;
+ 	size_t len;
+ 	int ret = -1;
+@@ -620,6 +650,9 @@ static int set_defaults (void)
+ 		} else if (!out_skel && MATCH (buf, DSKEL)) {
+ 			fprintf (ofp, DSKEL "%s\n", def_template);
+ 			out_skel = true;
+		} else if (!out_usrskel && MATCH (buf, DUSRSKEL)) {
+			fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
+			out_usrskel = true;
+ 		} else if (!out_create_mail_spool
+ 			   && MATCH (buf, DCREATE_MAIL_SPOOL)) {
+ 			fprintf (ofp,
+@@ -649,6 +682,8 @@ static int set_defaults (void)
+ 		fprintf (ofp, DSHELL "%s\n", def_shell);
+ 	if (!out_skel)
+ 		fprintf (ofp, DSKEL "%s\n", def_template);
+	if (!out_usrskel)
+		fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
+ 
+ 	if (!out_create_mail_spool)
+ 		fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
+@@ -2507,6 +2542,8 @@ int main (int argc, char **argv)
+ 		if (home_added) {
+ 			copy_tree (def_template, prefix_user_home, false, false,
+ 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
+			copy_tree (def_usrtemplate, prefix_user_home, false, false,
+			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ 		} else {
+ 			fprintf (stderr,
+ 			         _("%s: warning: the home directory %s already exists.\n"
+Index: libmisc/copydir.c
+===================================================================
+--- libmisc/copydir.c.orig
+++ libmisc/copydir.c
+@@ -416,6 +416,14 @@ static int copy_entry (const char *src,
+ 			                old_uid, new_uid, old_gid, new_gid);
+ 		}
+ 
+		/*
+		 * If the destination already exists do nothing.
+		 * This is after the copy_dir above to still iterate into subdirectories.
+		 */
+		if (LSTAT (dst, &sb) != -1) {
+			return 0;
+		}
+
+ #ifdef	S_IFLNK
+ 		/*
+ 		 * Copy any symbolic links
+@@ -477,6 +485,7 @@ static int copy_dir (const char *src, co
+                      gid_t old_gid, gid_t new_gid)
+ {
+ 	int err = 0;
+	struct stat dst_sb;
+ 
+ 	/*
+ 	 * Create a new target directory, make it owned by
+@@ -488,6 +497,16 @@ static int copy_dir (const char *src, co
+ 		return -1;
+ 	}
+ #endif				/* WITH_SELINUX */
+
+	/*
+	 * If the destination is already a directory, don't change it
+	 * but copy into it (recursively).
+	 */
+	if (LSTAT (dst, &dst_sb) == 0 && S_ISDIR(dst_sb.st_mode)) {
+		return (copy_tree (src, dst, false, reset_selinux,
+	                   old_uid, new_uid, old_gid, new_gid) != 0);
+	}
+
+ 	if (   (mkdir (dst, statp->st_mode) != 0)
+ 	    || (chown_if_needed (dst, statp,
+ 	                         old_uid, new_uid, old_gid, new_gid) != 0)
--- a/useradd.local
+++ b/useradd.local
@ -37,20 +37,6 @@ fi
 # Main useradd tool creates this if specified on command line
 [ -d $HOMEDIR ] || exit 0

-#
-# Copy also skeleton files from /usr/etc/skel (boo#1173321)
-#
-USRSKELDIR=/usr/etc/skel
-if [ -d $USRSKELDIR ] ; then
-  for file in $(ls -A $USRSKELDIR); do
-    # Only copy if not exist yet, i.e. does *not* exist in /etc/skel, which is still
-    # being preferred ...
-    test -e $HOMEDIR/$file && continue
-    cp -a $USRSKELDIR/$file $HOMEDIR
-    chown -R $USER.$GID $HOMEDIR/$file
-  done
-fi
-
 # If SELinux is enabled, we have to run restorecon to assign
 # appropriate fcontexts to the respective $HOME and files under it
 if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then