X-Original-To: alpine-aports@mail.alpinelinux.org Delivered-To: alpine-aports@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id A48DCDC62EA for ; Mon, 31 Aug 2015 14:26:34 +0000 (UTC) Received: from apollo.thewebhostserver.com (apollomail.thewebhostserver.com [46.23.65.248]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 34495DC1429 for ; Mon, 31 Aug 2015 14:26:33 +0000 (UTC) Received: from [2.220.229.21] (port=46177 helo=[192.168.0.17]) by apollo.thewebhostserver.com with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from ) id 1ZWQ2X-002Px6-2M; Mon, 31 Aug 2015 15:26:29 +0100 Reply-To: developer@it-offshore.co.uk Subject: Re: [alpine-aports] [PATCH] testing/shadow: add debug build References: <1440114333-36985-1-git-send-email-developer@it-offshore.co.uk> <20150831110753.15d7911b@ncopa-desktop.alpinelinux.org> To: Natanael Copa Cc: alpine-aports@lists.alpinelinux.org From: IT Developer X-Enigmail-Draft-Status: N1110 Organization: IT Offshore Message-ID: <55E4643A.5050709@it-offshore.co.uk> Date: Mon, 31 Aug 2015 15:27:06 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 In-Reply-To: <20150831110753.15d7911b@ncopa-desktop.alpinelinux.org> Content-Type: multipart/alternative; boundary="------------070602040402010207040902" X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - apollo.thewebhostserver.com X-AntiAbuse: Original Domain - lists.alpinelinux.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - it-offshore.co.uk X-Get-Message-Sender-Via: apollo.thewebhostserver.com: authenticated_id: developer@it-offshore.co.uk X-Source: X-Source-Args: X-Source-Dir: X-Virus-Scanned: ClamAV using ClamSMTP This is a multi-part message in MIME format. --------------070602040402010207040902 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable The 2 patches are used by gentoo in shadow. http://data.gpo.zugaina.org/gentoo/sys-apps/shadow/files/ The CFLAGS change is temporary & is to help find the segfault. It stops "" appearing in GDB Stuart. On 31/08/15 10:07, Natanael Copa wrote: > On Thu, 20 Aug 2015 23:45:33 +0000 > Stuart Cardall wrote: > >> 2 patches from gentoo were also added >> >> the segfault breaking unprivileged lxc containers is traced at: >> >> http://bugs.alpinelinux.org/issues/4544 >> --- >> testing/shadow/APKBUILD | 27 ++++++++++++++++------ >> testing/shadow/cross-size-checks.patch | 42 +++++++++++++++++++++++++= +++++++++ >> testing/shadow/dots-in-usernames.patch | 11 +++++++++ >> 3 files changed, 73 insertions(+), 7 deletions(-) >> create mode 100644 testing/shadow/cross-size-checks.patch >> create mode 100644 testing/shadow/dots-in-usernames.patch >> >> diff --git a/testing/shadow/APKBUILD b/testing/shadow/APKBUILD >> index 2dd17de..5be9e70 100644 >> --- a/testing/shadow/APKBUILD >> +++ b/testing/shadow/APKBUILD >> @@ -10,10 +10,12 @@ license=3D"GPL" >> depends=3D >> depends_dev=3D"linux-pam-dev" >> makedepends=3D"$depends_dev" >> -install=3D"" >> -subpackages=3D"$pkgname-doc" >> +subpackages=3D"$pkgname-doc $pkgname-dbg" >> source=3D"http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver= =2Etar.xz >> - login.pamd" >> + login.pamd >> + dots-in-usernames.patch >> + cross-size-checks.patch >> + " > why do we need the dots in usernames check? > >> options=3D"suid" >> =20 >> _builddir=3D"$srcdir"/shadow-$pkgver >> @@ -29,14 +31,15 @@ prepare() { >> =20 >> build() { >> cd "$_builddir" >> + CFLAGS=3D"$CFLAGS -O0" > why do we need to set -O0? > > >> ./configure --prefix=3D/usr \ >> --sysconfdir=3D/etc \ >> --mandir=3D/usr/share/man \ >> --infodir=3D/usr/share/info \ >> --localstatedir=3D/var \ >> --without-nscd \ >> - --without-nologin \ >> --disable-nls \ >> + --without-group-name-max-length \ > What has --without-group-name-max-lenght to do with this? Why is it > needed? > >> || return 1 >> make || return 1 >> } >> @@ -61,11 +64,21 @@ package() { >> # avoid conflict with man-pages >> rm "$pkgdir"/usr/share/man/man3/getspnam.3* \ >> "$pkgdir"/usr/share/man/man5/passwd.5* || return 1 >> + >> + # for unprivileged lxc containera >> + touch "$pkgdir"/etc/subuid >> + touch "$pkgdir"/etc/subgid >> } >> =20 >> md5sums=3D"2bfafe7d4962682d31b5eba65dba4fc8 shadow-4.2.1.tar.xz >> -72dfc077a61ab7163e312640cc98bba8 login.pamd" >> +72dfc077a61ab7163e312640cc98bba8 login.pamd >> +f5fe3d7351d5e4046588b652c482c170 dots-in-usernames.patch >> +75bc0cafb44aa86075d2ec056816cc3e cross-size-checks.patch" >> sha256sums=3D"3b0893d1476766868cd88920f4f1231c4795652aa407569faff802b= cda0f3d41 shadow-4.2.1.tar.xz >> -c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0 log= in.pamd" >> +c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0 log= in.pamd >> +ee58c622d1e8283dc4b17e93cc5e68f4ea4336654ebcfb48e46e0efaa864b77f dot= s-in-usernames.patch >> +fc3e32ddfc8eeb284412e8df7ad045ad27b742f5ee733db1a0bc14c97480e013 cro= ss-size-checks.patch" >> sha512sums=3D"7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05= cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0= shadow-4.2.1.tar.xz >> -46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d9= 84510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd" >> +46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d9= 84510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d login.pamd >> +745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350d= a0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d dots-in-user= names.patch >> +c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7= e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4 cross-size-c= hecks.patch" >> diff --git a/testing/shadow/cross-size-checks.patch b/testing/shadow/c= ross-size-checks.patch >> new file mode 100644 >> index 0000000..bd451ba >> --- /dev/null >> +++ b/testing/shadow/cross-size-checks.patch >> @@ -0,0 +1,42 @@ >> +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 200= 1 >> +From: James Le Cuirot >> +Date: Sat, 23 Aug 2014 09:46:39 +0100 >> +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF >> + >> +This built-in check is simpler than the previous method and, most >> +importantly, works when cross-compiling. >> + >> +Signed-off-by: Serge Hallyn >> +--- >> + configure.in | 14 ++++---------- >> + 1 file changed, 4 insertions(+), 10 deletions(-) >> + >> +diff --git a/configure.in b/configure.in >> +index 1a3f841..4a4d6d0 100644 >> +--- a/configure.in >> ++++ b/configure.in >> +@@ -335,16 +335,10 @@ if test "$enable_subids" !=3D "no"; then >> + dnl >> + dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc >> + dnl >> +- AC_RUN_IFELSE([AC_LANG_SOURCE([ >> +-#include >> +-int main(void) { >> +- uid_t u; >> +- gid_t g; >> +- return (sizeof u < 4) || (sizeof g < 4); >> +-} >> +- ])], [id32bit=3D"yes"], [id32bit=3D"no"]) >> +- >> +- if test "x$id32bit" =3D "xyes"; then >> ++ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) >> ++ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) >> ++ >> ++ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -= ge 4; then >> + AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs= =2E]) >> + enable_subids=3D"yes" >> + else >> +--=20 >> +2.3.6 >> + >> + >> diff --git a/testing/shadow/dots-in-usernames.patch b/testing/shadow/d= ots-in-usernames.patch >> new file mode 100644 >> index 0000000..b684c9d >> --- /dev/null >> +++ b/testing/shadow/dots-in-usernames.patch >> @@ -0,0 +1,11 @@ >> +--- shadow-4.1.3/libmisc/chkname.c >> ++++ shadow-4.1.3/libmisc/chkname.c >> +@@ -66,6 +66,7 @@ >> + ( ('0' <=3D *name) && ('9' >=3D *name) ) || >> + ('_' =3D=3D *name) || >> + ('-' =3D=3D *name) || >> ++ ('.' =3D=3D *name) || >> + ( ('$' =3D=3D *name) && ('\0' =3D=3D *(name + 1)) ) >> + )) { >> + return false; >> + --------------070602040402010207040902 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit The 2 patches are used by gentoo in shadow.

http://data.gpo.zugaina.org/gentoo/sys-apps/shadow/files/

The CFLAGS change is temporary & is to help find the segfault. It stops "<optimized out>" appearing in GDB

Stuart.

On 31/08/15 10:07, Natanael Copa wrote:
On Thu, 20 Aug 2015 23:45:33 +0000
Stuart Cardall <developer@it-offshore.co.uk> wrote:


2 patches from gentoo were also added

the segfault breaking unprivileged lxc containers is traced at:

http://bugs.alpinelinux.org/issues/4544
---
 testing/shadow/APKBUILD                | 27 ++++++++++++++++------
 testing/shadow/cross-size-checks.patch | 42 ++++++++++++++++++++++++++++++++++
 testing/shadow/dots-in-usernames.patch | 11 +++++++++
 3 files changed, 73 insertions(+), 7 deletions(-)
 create mode 100644 testing/shadow/cross-size-checks.patch
 create mode 100644 testing/shadow/dots-in-usernames.patch

diff --git a/testing/shadow/APKBUILD b/testing/shadow/APKBUILD
index 2dd17de..5be9e70 100644
--- a/testing/shadow/APKBUILD
+++ b/testing/shadow/APKBUILD
@@ -10,10 +10,12 @@ license="GPL"
 depends=
 depends_dev="linux-pam-dev"
 makedepends="$depends_dev"
-install=""
-subpackages="$pkgname-doc"
+subpackages="$pkgname-doc $pkgname-dbg"
 source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
-	login.pamd"
+	login.pamd
+	dots-in-usernames.patch
+	cross-size-checks.patch
+	"

why do we need the dots in usernames check?


 options="suid"
 
 _builddir="$srcdir"/shadow-$pkgver
@@ -29,14 +31,15 @@ prepare() {
 
 build() {
 	cd "$_builddir"
+	CFLAGS="$CFLAGS -O0"

why do we need to set -O0?



 	./configure --prefix=/usr \
 		--sysconfdir=/etc \
 		--mandir=/usr/share/man \
 		--infodir=/usr/share/info \
 		--localstatedir=/var \
 		--without-nscd \
-		--without-nologin \
 		--disable-nls \
+		--without-group-name-max-length \

What has --without-group-name-max-lenght to do with this? Why is it
needed?


 		|| return 1
 	make || return 1
 }
@@ -61,11 +64,21 @@ package() {
 	# avoid conflict with man-pages
 	rm "$pkgdir"/usr/share/man/man3/getspnam.3* \
 		"$pkgdir"/usr/share/man/man5/passwd.5* || return 1
+
+	# for unprivileged lxc containera
+	touch "$pkgdir"/etc/subuid
+	touch "$pkgdir"/etc/subgid
 }
 
 md5sums="2bfafe7d4962682d31b5eba65dba4fc8  shadow-4.2.1.tar.xz
-72dfc077a61ab7163e312640cc98bba8  login.pamd"
+72dfc077a61ab7163e312640cc98bba8  login.pamd
+f5fe3d7351d5e4046588b652c482c170  dots-in-usernames.patch
+75bc0cafb44aa86075d2ec056816cc3e  cross-size-checks.patch"
 sha256sums="3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41  shadow-4.2.1.tar.xz
-c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd"
+c0d0f2f77133b0663c5a578afeba45d5a9c703ff6f3f6aba3727dfe01877dac0  login.pamd
+ee58c622d1e8283dc4b17e93cc5e68f4ea4336654ebcfb48e46e0efaa864b77f  dots-in-usernames.patch
+fc3e32ddfc8eeb284412e8df7ad045ad27b742f5ee733db1a0bc14c97480e013  cross-size-checks.patch"
 sha512sums="7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0  shadow-4.2.1.tar.xz
-46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd"
+46a6f83f3698e101b58b8682852da749619412f75dfa85cecad03d0847f6c3dc452d984510db7094220e4570a0565b83b0556e16198ad894a3ec84b3e513d58d  login.pamd
+745eea04c054226feba165b635dbb8570b8a04537d41e914400a4c54633c3a9cf350da0aabfec754fb8cf3e58fc1c8cf597b895506312f19469071760c11f31d  dots-in-usernames.patch
+c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27853d6ab6d7392543dbaf70bb26f164519e92f677da7851a4  cross-size-checks.patch"
diff --git a/testing/shadow/cross-size-checks.patch b/testing/shadow/cross-size-checks.patch
new file mode 100644
index 0000000..bd451ba
--- /dev/null
+++ b/testing/shadow/cross-size-checks.patch
@@ -0,0 +1,42 @@
+From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <chewi@aura-online.co.uk>
+Date: Sat, 23 Aug 2014 09:46:39 +0100
+Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
+
+This built-in check is simpler than the previous method and, most
+importantly, works when cross-compiling.
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+---
+ configure.in | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 1a3f841..4a4d6d0 100644
+--- a/configure.in
++++ b/configure.in
+@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
+ 	dnl
+ 	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
+ 	dnl
+-	AC_RUN_IFELSE([AC_LANG_SOURCE([
+-#include <sys/types.h>
+-int main(void) {
+-	uid_t u;
+-	gid_t g;
+-	return (sizeof u < 4) || (sizeof g < 4);
+-}
+-	])], [id32bit="yes"], [id32bit="no"])
+-
+-	if test "x$id32bit" = "xyes"; then
++	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
++	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
++
++	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
+ 		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
+ 		enable_subids="yes"
+ 	else
+-- 
+2.3.6
+
+
diff --git a/testing/shadow/dots-in-usernames.patch b/testing/shadow/dots-in-usernames.patch
new file mode 100644
index 0000000..b684c9d
--- /dev/null
+++ b/testing/shadow/dots-in-usernames.patch
@@ -0,0 +1,11 @@
+--- shadow-4.1.3/libmisc/chkname.c
++++ shadow-4.1.3/libmisc/chkname.c
+@@ -66,6 +66,7 @@
+ 		      ( ('0' <= *name) && ('9' >= *name) ) ||
+ 		      ('_' == *name) ||
+ 		      ('-' == *name) ||
++		      ('.' == *name) ||
+ 		      ( ('$' == *name) && ('\0' == *(name + 1)) )
+ 		     )) {
+ 			return false;
+


    

    

  


--------------070602040402010207040902--


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---