[gnome-continuous-yocto/gnomeostree-3.28-rocko: 6781/8267] util-linux: fix "su -" and package su separately

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 6781/8267] util-linux: fix "su -" and package su separately
Date: Sun, 17 Dec 2017 05:19:36 +0000 (UTC)
commit 3ae1f267d4fd887e6b7039cada73b5de034a846d
Author: Patrick Ohly <patrick ohly intel com>
Date:   Wed Jul 12 10:44:11 2017 +0200

    util-linux: fix "su -" and package su separately
    
    "su -" == "su --login" was broken because it uses /etc/pam.d/su-l and
    lacking that, falls back to /etc/pam.d/other which denies the
    operation. The fix is to symlink "su-l" to the normal "su" pam config
    file.
    
    Because "su" usually comes from "shadow" and has been broken like this
    without anyone noticing, it probably is not used much and thus should
    be packaged separately so that it can be installed only when really
    needed. For backwards compatibility, "util-linux" still pulls it in.
    
    It is a bit strange that DISTRO_FEATURES are getting checked when
    deciding whether the packages should be defined. It is not wrong, the
    packages will be simply empty and thus probably not created when the
    distro feature is on and the package config is off. Perhaps there is a
    reason, so this is kept unchanged. The symlink however only gets
    created when su.util-linux really gets built.
    
    [YOCTO #11126]
    
    (From OE-Core rev: 1ad32536c2d4a3e55e698d27d827caee788cb0f7)
    
    Signed-off-by: Patrick Ohly <patrick ohly intel com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/recipes-core/util-linux/util-linux.inc |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)
---
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 1656e92..47c2839 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -35,7 +35,7 @@ PACKAGES =+ "util-linux-agetty util-linux-fdisk util-linux-cfdisk util-linux-sfd
              util-linux-partx util-linux-hwclock util-linux-mountpoint \
              util-linux-findfs util-linux-getopt util-linux-sulogin util-linux-prlimit"
 PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'pylibmount', 'util-linux-pylibmount', '', d)}"
-PACKAGES =+ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser', '', d)}"
+PACKAGES =+ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser util-linux-su', '', d)}"
 
 PACKAGES_DYNAMIC = "^util-linux-lib.*"
 
@@ -91,6 +91,8 @@ FILES_util-linux-findfs = "${sbindir}/findfs"
 FILES_util-linux-getopt = "${base_bindir}/getopt.${BPN}"
 FILES_util-linux-runuser = "${sbindir}/runuser"
 FILES_util-linux-prlimit = "${bindir}/prlimit"
+FILES_util-linux-su = "${bindir}/su.util-linux ${sysconfdir}/pam.d/su-l"
+CONFFILES_util-linux-su = "${sysconfdir}/pam.d/su-l"
 
 FILES_util-linux-pylibmount = "${PYTHON_SITEPACKAGES_DIR}/libmount/pylibmount.so \
                                ${PYTHON_SITEPACKAGES_DIR}/libmount/__init__.* \
@@ -116,9 +118,10 @@ RREPLACES_util-linux-blkid = "e2fsprogs-blkid"
 RDEPENDS_util-linux-reset += "ncurses"
 
 RDEPENDS_util-linux-runuser += "libpam"
+RDEPENDS_util-linux-su += "libpam"
 
 RDEPENDS_${PN} = "util-linux-umount util-linux-swaponoff util-linux-losetup util-linux-sulogin 
util-linux-lsblk"
-RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser', '', d)}"
+RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'util-linux-runuser util-linux-su', '', 
d)}"
 
 RRECOMMENDS_${PN} = "util-linux-fdisk util-linux-cfdisk util-linux-sfdisk util-linux-mount 
util-linux-readprofile util-linux-mkfs util-linux-mountpoint util-linux-prlimit"
 
@@ -182,6 +185,12 @@ do_install () {
                install -m 0644 ${WORKDIR}/runuser.pamd ${D}${sysconfdir}/pam.d/runuser
                install -m 0644 ${WORKDIR}/runuser-l.pamd ${D}${sysconfdir}/pam.d/runuser-l
        fi
+       if [ "${@bb.utils.filter('PACKAGECONFIG', 'pam', d)}" ]; then
+               # Required for "su -" aka "su --login" because
+               # otherwise it uses "other", which has "auth pam_deny.so"
+               # and thus prevents the operation.
+               ln -s su ${D}${sysconfdir}/pam.d/su-l
+       fi
 }
 
 # reset and nologin causes a conflict with ncurses-native and shadow-native
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]