X-Original-To: alpine-aports@mail.alpinelinux.org
Delivered-To: alpine-aports@mail.alpinelinux.org
Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1])
	by mail.alpinelinux.org (Postfix) with ESMTP id E3638DC78B5;
	Mon, 31 Aug 2015 09:07:59 +0000 (UTC)
Received: from ncopa-desktop.alpinelinux.org (unknown [79.160.13.133])
	(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: n@tanael.org)
	by mail.alpinelinux.org (Postfix) with ESMTPSA id 4A8D8DC03E1;
	Mon, 31 Aug 2015 09:07:58 +0000 (UTC)
Date: Mon, 31 Aug 2015 11:07:53 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: Stuart Cardall <developer@it-offshore.co.uk>
Cc: alpine-aports@lists.alpinelinux.org
Subject: Re: [alpine-aports] [PATCH] testing/shadow: add debug build
Message-ID: <20150831110753.15d7911b@ncopa-desktop.alpinelinux.org>
In-Reply-To: <1440114333-36985-1-git-send-email-developer@it-offshore.co.uk>
References: <1440114333-36985-1-git-send-email-developer@it-offshore.co.uk>
X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; x86_64-alpine-linux-musl)
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP

On Thu, 20 Aug 2015 23:45:33 +0000
Stuart Cardall <developer@it-offshore.co.uk> wrote:

> 2 patches from gentoo were also added
> 
> the segfault breaking unprivileged lxc containers is traced at:
> 
> http://bugs.alpinelinux.org/issues/4544
> ---
>  testing/shadow/APKBUILD                | 27 ++++++++++++++++------
>  testing/shadow/cross-size-checks.patch | 42 ++++++++++++++++++++++++++++++++++
>  testing/shadow/dots-in-usernames.patch | 11 +++++++++
>  3 files changed, 73 insertions(+), 7 deletions(-)
>  create mode 100644 testing/shadow/cross-size-checks.patch
>  create mode 100644 testing/shadow/dots-in-usernames.patch
> 
> diff --git a/testing/shadow/APKBUILD b/testing/shadow/APKBUILD
> index 2dd17de..5be9e70 100644
> --- a/testing/shadow/APKBUILD
> +++ b/testing/shadow/APKBUILD
> @@ -10,10 +10,12 @@ license="GPL"
>  depends=
>  depends_dev="linux-pam-dev"
>  makedepends="$depends_dev"
> -install=""
> -subpackages="$pkgname-doc"
> +subpackages="$pkgname-doc $pkgname-dbg"
>  source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
> -	login.pamd"
> +	login.pamd
> +	dots-in-usernames.patch
> +	cross-size-checks.patch
> +	"

why do we need the dots in usernames check?

>  options="suid"
>  
>  _builddir="$srcdir"/shadow-$pkgver
> @@ -29,14 +31,15 @@ prepare() {
>  
>  build() {
>  	cd "$_builddir"
> +	CFLAGS="$CFLAGS -O0"

why do we need to set -O0?


>  	./configure --prefix=/usr \
>  		--sysconfdir=/etc \
>  		--mandir=/usr/share/man \
>  		--infodir=/usr/share/info \
>  		--localstatedir=/var \
>  		--without-nscd \
> -		--without-nologin \
>  		--disable-nls \
> +		--without-group-name-max-length \

What has --without-group-name-max-lenght to do with this? Why is it
needed?

>  		|| return 1
>  	make || return 1
>  }
> @@ -61,11 +64,21 @@ package() {
>  	# avoid conflict with man-pages
>  	rm "$pkgdir"/usr/share/man/man3/getspnam.3* \
>  		"$pkgdir"/usr/share/man/man5/passwd.5* || return 1
> +
> +	# for unprivileged lxc containera
> +	touch "$pkgdir"/etc/subuid
> +	touch "$pkgdir"/etc/subgid
>  }
>  
>  md5sums="2bfafe7d4962682d31b5eba65dba4fc8  shadow-4.2.1.tar.xz
> -72dfc077a61ab7163e312640cc98bba8  login.pamd"
> +72dfc077a61ab7163e312640cc98bba8  login.pamd
> +f5fe3d7351d5e4046588b652c482c170  dots-in-usernames.patch
> +75bc0cafb44aa86075d2ec056816cc3e  cross-size-checks.patch"
>  sha256sums="3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41  shadow-4.2.1.tar.xz
> -c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd"
> +c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd
> +ee58c622d1e8283dc4b17e93cc5e68f4ea4336654ebcfb48e46e0efaa864b77f  dots-in-usernames.patch
> +fc3e32ddfc8eeb284412e8df7ad045ad27b742f5ee733db1a0bc14c97480e013  cross-size-checks.patch"
>  sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0  shadow-4.2.1.tar.xz
> -46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd"
> +46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd
> +745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d  dots-in-usernames.patch
> +c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4  cross-size-checks.patch"
> diff --git a/testing/shadow/cross-size-checks.patch b/testing/shadow/cross-size-checks.patch
> new file mode 100644
> index 0000000..bd451ba
> --- /dev/null
> +++ b/testing/shadow/cross-size-checks.patch
> @@ -0,0 +1,42 @@
> +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
> +From: James Le Cuirot <chewi@aura-online.co.uk>
> +Date: Sat, 23 Aug 2014 09:46:39 +0100
> +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
> +
> +This built-in check is simpler than the previous method and, most
> +importantly, works when cross-compiling.
> +
> +Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
> +---
> + configure.in | 14 ++++----------
> + 1 file changed, 4 insertions(+), 10 deletions(-)
> +
> +diff --git a/configure.in b/configure.in
> +index 1a3f841..4a4d6d0 100644
> +--- a/configure.in
> ++++ b/configure.in
> +@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
> + 	dnl
> + 	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
> + 	dnl
> +-	AC_RUN_IFELSE([AC_LANG_SOURCE([
> +-#include <sys/types.h>
> +-int main(void) {
> +-	uid_t u;
> +-	gid_t g;
> +-	return (sizeof u < 4) || (sizeof g < 4);
> +-}
> +-	])], [id32bit="yes"], [id32bit="no"])
> +-
> +-	if test "x$id32bit" = "xyes"; then
> ++	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
> ++	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
> ++
> ++	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
> + 		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
> + 		enable_subids="yes"
> + 	else
> +-- 
> +2.3.6
> +
> +
> diff --git a/testing/shadow/dots-in-usernames.patch b/testing/shadow/dots-in-usernames.patch
> new file mode 100644
> index 0000000..b684c9d
> --- /dev/null
> +++ b/testing/shadow/dots-in-usernames.patch
> @@ -0,0 +1,11 @@
> +--- shadow-4.1.3/libmisc/chkname.c
> ++++ shadow-4.1.3/libmisc/chkname.c
> +@@ -66,6 +66,7 @@
> + 		      ( ('0' <= *name) && ('9' >= *name) ) ||
> + 		      ('_' == *name) ||
> + 		      ('-' == *name) ||
> ++		      ('.' == *name) ||
> + 		      ( ('$' == *name) && ('\0' == *(name + 1)) )
> + 		     )) {
> + 			return false;
> +



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---