1

Re: [alpine-aports] [PATCH] testing/shadow: add debug build

Natanael Copa
Details
Message ID
<20150831110753.15d7911b@ncopa-desktop.alpinelinux.org>
Sender timestamp
1441012073
DKIM signature
missing
Download raw message
On Thu, 20 Aug 2015 23:45:33 +0000
Stuart Cardall <developer@it-offshore.co.uk> wrote:

> 2 patches from gentoo were also added
> 
> the segfault breaking unprivileged lxc containers is traced at:
> 
> http://bugs.alpinelinux.org/issues/4544
> ---
>  testing/shadow/APKBUILD                | 27 ++++++++++++++++------
>  testing/shadow/cross-size-checks.patch | 42 ++++++++++++++++++++++++++++++++++
>  testing/shadow/dots-in-usernames.patch | 11 +++++++++
>  3 files changed, 73 insertions(+), 7 deletions(-)
>  create mode 100644 testing/shadow/cross-size-checks.patch
>  create mode 100644 testing/shadow/dots-in-usernames.patch
> 
> diff --git a/testing/shadow/APKBUILD b/testing/shadow/APKBUILD
> index 2dd17de..5be9e70 100644
> --- a/testing/shadow/APKBUILD
> +++ b/testing/shadow/APKBUILD
> @@ -10,10 +10,12 @@ license="GPL"
>  depends=
>  depends_dev="linux-pam-dev"
>  makedepends="$depends_dev"
> -install=""
> -subpackages="$pkgname-doc"
> +subpackages="$pkgname-doc $pkgname-dbg"
>  source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
> -	login.pamd"
> +	login.pamd
> +	dots-in-usernames.patch
> +	cross-size-checks.patch
> +	"

why do we need the dots in usernames check?

>  options="suid"
>  
>  _builddir="$srcdir"/shadow-$pkgver
> @@ -29,14 +31,15 @@ prepare() {
>  
>  build() {
>  	cd "$_builddir"
> +	CFLAGS="$CFLAGS -O0"

why do we need to set -O0?


>  	./configure --prefix=/usr \
>  		--sysconfdir=/etc \
>  		--mandir=/usr/share/man \
>  		--infodir=/usr/share/info \
>  		--localstatedir=/var \
>  		--without-nscd \
> -		--without-nologin \
>  		--disable-nls \
> +		--without-group-name-max-length \

What has --without-group-name-max-lenght to do with this? Why is it
needed?

>  		|| return 1
>  	make || return 1
>  }
> @@ -61,11 +64,21 @@ package() {
>  	# avoid conflict with man-pages
>  	rm "$pkgdir"/usr/share/man/man3/getspnam.3* \
>  		"$pkgdir"/usr/share/man/man5/passwd.5* || return 1
> +
> +	# for unprivileged lxc containera
> +	touch "$pkgdir"/etc/subuid
> +	touch "$pkgdir"/etc/subgid
>  }
>  
>  md5sums="2bfafe7d4962682d31b5eba65dba4fc8  shadow-4.2.1.tar.xz
> -72dfc077a61ab7163e312640cc98bba8  login.pamd"
> +72dfc077a61ab7163e312640cc98bba8  login.pamd
> +f5fe3d7351d5e4046588b652c482c170  dots-in-usernames.patch
> +75bc0cafb44aa86075d2ec056816cc3e  cross-size-checks.patch"
>  sha256sums="3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41  shadow-4.2.1.tar.xz
> -c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd"
> +c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd
> +ee58c622d1e8283dc4b17e93cc5e68f4ea4336654ebcfb48e46e0efaa864b77f  dots-in-usernames.patch
> +fc3e32ddfc8eeb284412e8df7ad045ad27b742f5ee733db1a0bc14c97480e013  cross-size-checks.patch"
>  sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0  shadow-4.2.1.tar.xz
> -46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd"
> +46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd
> +745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d  dots-in-usernames.patch
> +c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4  cross-size-checks.patch"
> diff --git a/testing/shadow/cross-size-checks.patch b/testing/shadow/cross-size-checks.patch
> new file mode 100644
> index 0000000..bd451ba
> --- /dev/null
> +++ b/testing/shadow/cross-size-checks.patch
> @@ -0,0 +1,42 @@
> +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
> +From: James Le Cuirot <chewi@aura-online.co.uk>
> +Date: Sat, 23 Aug 2014 09:46:39 +0100
> +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
> +
> +This built-in check is simpler than the previous method and, most
> +importantly, works when cross-compiling.
> +
> +Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
> +---
> + configure.in | 14 ++++----------
> + 1 file changed, 4 insertions(+), 10 deletions(-)
> +
> +diff --git a/configure.in b/configure.in
> +index 1a3f841..4a4d6d0 100644
> +--- a/configure.in
> ++++ b/configure.in
> +@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
> + 	dnl
> + 	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
> + 	dnl
> +-	AC_RUN_IFELSE([AC_LANG_SOURCE([
> +-#include <sys/types.h>
> +-int main(void) {
> +-	uid_t u;
> +-	gid_t g;
> +-	return (sizeof u < 4) || (sizeof g < 4);
> +-}
> +-	])], [id32bit="yes"], [id32bit="no"])
> +-
> +-	if test "x$id32bit" = "xyes"; then
> ++	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
> ++	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
> ++
> ++	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
> + 		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
> + 		enable_subids="yes"
> + 	else
> +-- 
> +2.3.6
> +
> +
> diff --git a/testing/shadow/dots-in-usernames.patch b/testing/shadow/dots-in-usernames.patch
> new file mode 100644
> index 0000000..b684c9d
> --- /dev/null
> +++ b/testing/shadow/dots-in-usernames.patch
> @@ -0,0 +1,11 @@
> +--- shadow-4.1.3/libmisc/chkname.c
> ++++ shadow-4.1.3/libmisc/chkname.c
> +@@ -66,6 +66,7 @@
> + 		      ( ('0' <= *name) && ('9' >= *name) ) ||
> + 		      ('_' == *name) ||
> + 		      ('-' == *name) ||
> ++		      ('.' == *name) ||
> + 		      ( ('$' == *name) && ('\0' == *(name + 1)) )
> + 		     )) {
> + 			return false;
> +



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

Re: [alpine-aports] [PATCH] testing/shadow: add debug build

IT Developer
Details
Message ID
<55E4643A.5050709@it-offshore.co.uk>
In-Reply-To
<20150831110753.15d7911b@ncopa-desktop.alpinelinux.org> (view parent)
Sender timestamp
1441031226
DKIM signature
missing
Download raw message
The 2 patches are used by gentoo in shadow.

http://data.gpo.zugaina.org/gentoo/sys-apps/shadow/files/

The CFLAGS change is temporary & is to help find the segfault. It stops
"<optimized out>" appearing in GDB

Stuart.

On 31/08/15 10:07, Natanael Copa wrote:
> On Thu, 20 Aug 2015 23:45:33 +0000
> Stuart Cardall <developer@it-offshore.co.uk> wrote:
>
>> 2 patches from gentoo were also added
>>
>> the segfault breaking unprivileged lxc containers is traced at:
>>
>> http://bugs.alpinelinux.org/issues/4544
>> ---
>>  testing/shadow/APKBUILD                | 27 ++++++++++++++++------
>>  testing/shadow/cross-size-checks.patch | 42 ++++++++++++++++++++++++++++++++++
>>  testing/shadow/dots-in-usernames.patch | 11 +++++++++
>>  3 files changed, 73 insertions(+), 7 deletions(-)
>>  create mode 100644 testing/shadow/cross-size-checks.patch
>>  create mode 100644 testing/shadow/dots-in-usernames.patch
>>
>> diff --git a/testing/shadow/APKBUILD b/testing/shadow/APKBUILD
>> index 2dd17de..5be9e70 100644
>> --- a/testing/shadow/APKBUILD
>> +++ b/testing/shadow/APKBUILD
>> @@ -10,10 +10,12 @@ license="GPL"
>>  depends=
>>  depends_dev="linux-pam-dev"
>>  makedepends="$depends_dev"
>> -install=""
>> -subpackages="$pkgname-doc"
>> +subpackages="$pkgname-doc $pkgname-dbg"
>>  source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
>> -	login.pamd"
>> +	login.pamd
>> +	dots-in-usernames.patch
>> +	cross-size-checks.patch
>> +	"
> why do we need the dots in usernames check?
>
>>  options="suid"
>>  
>>  _builddir="$srcdir"/shadow-$pkgver
>> @@ -29,14 +31,15 @@ prepare() {
>>  
>>  build() {
>>  	cd "$_builddir"
>> +	CFLAGS="$CFLAGS -O0"
> why do we need to set -O0?
>
>
>>  	./configure --prefix=/usr \
>>  		--sysconfdir=/etc \
>>  		--mandir=/usr/share/man \
>>  		--infodir=/usr/share/info \
>>  		--localstatedir=/var \
>>  		--without-nscd \
>> -		--without-nologin \
>>  		--disable-nls \
>> +		--without-group-name-max-length \
> What has --without-group-name-max-lenght to do with this? Why is it
> needed?
>
>>  		|| return 1
>>  	make || return 1
>>  }
>> @@ -61,11 +64,21 @@ package() {
>>  	# avoid conflict with man-pages
>>  	rm "$pkgdir"/usr/share/man/man3/getspnam.3* \
>>  		"$pkgdir"/usr/share/man/man5/passwd.5* || return 1
>> +
>> +	# for unprivileged lxc containera
>> +	touch "$pkgdir"/etc/subuid
>> +	touch "$pkgdir"/etc/subgid
>>  }
>>  
>>  md5sums="2bfafe7d4962682d31b5eba65dba4fc8  shadow-4.2.1.tar.xz
>> -72dfc077a61ab7163e312640cc98bba8  login.pamd"
>> +72dfc077a61ab7163e312640cc98bba8  login.pamd
>> +f5fe3d7351d5e4046588b652c482c170  dots-in-usernames.patch
>> +75bc0cafb44aa86075d2ec056816cc3e  cross-size-checks.patch"
>>  sha256sums="3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41  shadow-4.2.1.tar.xz
>> -c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd"
>> +c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd
>> +ee58c622d1e8283dc4b17e93cc5e68f4ea4336654ebcfb48e46e0efaa864b77f  dots-in-usernames.patch
>> +fc3e32ddfc8eeb284412e8df7ad045ad27b742f5ee733db1a0bc14c97480e013  cross-size-checks.patch"
>>  sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0  shadow-4.2.1.tar.xz
>> -46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd"
>> +46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd
>> +745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d  dots-in-usernames.patch
>> +c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4  cross-size-checks.patch"
>> diff --git a/testing/shadow/cross-size-checks.patch b/testing/shadow/cross-size-checks.patch
>> new file mode 100644
>> index 0000000..bd451ba
>> --- /dev/null
>> +++ b/testing/shadow/cross-size-checks.patch
>> @@ -0,0 +1,42 @@
>> +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
>> +From: James Le Cuirot <chewi@aura-online.co.uk>
>> +Date: Sat, 23 Aug 2014 09:46:39 +0100
>> +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
>> +
>> +This built-in check is simpler than the previous method and, most
>> +importantly, works when cross-compiling.
>> +
>> +Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
>> +---
>> + configure.in | 14 ++++----------
>> + 1 file changed, 4 insertions(+), 10 deletions(-)
>> +
>> +diff --git a/configure.in b/configure.in
>> +index 1a3f841..4a4d6d0 100644
>> +--- a/configure.in
>> ++++ b/configure.in
>> +@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
>> + 	dnl
>> + 	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
>> + 	dnl
>> +-	AC_RUN_IFELSE([AC_LANG_SOURCE([
>> +-#include <sys/types.h>
>> +-int main(void) {
>> +-	uid_t u;
>> +-	gid_t g;
>> +-	return (sizeof u < 4) || (sizeof g < 4);
>> +-}
>> +-	])], [id32bit="yes"], [id32bit="no"])
>> +-
>> +-	if test "x$id32bit" = "xyes"; then
>> ++	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
>> ++	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
>> ++
>> ++	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
>> + 		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
>> + 		enable_subids="yes"
>> + 	else
>> +-- 
>> +2.3.6
>> +
>> +
>> diff --git a/testing/shadow/dots-in-usernames.patch b/testing/shadow/dots-in-usernames.patch
>> new file mode 100644
>> index 0000000..b684c9d
>> --- /dev/null
>> +++ b/testing/shadow/dots-in-usernames.patch
>> @@ -0,0 +1,11 @@
>> +--- shadow-4.1.3/libmisc/chkname.c
>> ++++ shadow-4.1.3/libmisc/chkname.c
>> +@@ -66,6 +66,7 @@
>> + 		      ( ('0' <= *name) && ('9' >= *name) ) ||
>> + 		      ('_' == *name) ||
>> + 		      ('-' == *name) ||
>> ++		      ('.' == *name) ||
>> + 		      ( ('$' == *name) && ('\0' == *(name + 1)) )
>> + 		     )) {
>> + 			return false;
>> +