Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Generate /etc/shadow and /etc/gshadow files instead of copying them.
These files are not accessible by regular users in properly configured
build system, so copying them from should fail.
Hence, they should be just generated in %{buildroot}
from /etc/passwd and /etc/group files, not copied.

Signed-off-by: Oleg Girko <oleg.girko@jolla.com>
  • Loading branch information
Oleg Girko authored and Islam Amer committed Jun 18, 2014
1 parent afe8f07 commit a492d3b
Show file tree
Hide file tree
Showing 10 changed files with 84 additions and 0 deletions.
9 changes: 9 additions & 0 deletions sb2-tools-aarch64.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-armv6l.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-armv7hl.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-armv7l.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-armv7thl.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-armv7tnhl.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-i486.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-mipsel.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down
3 changes: 3 additions & 0 deletions sb2-tools-template.changes
@@ -1,3 +1,6 @@
* Tue Jun 10 2014 Oleg Girko <oleg.girko@jolla.com> - 1.0
- Generate /etc/shadow and /etc/gshadow files instead of copying them

* Wed Mar 19 2014 Islam Amer <islam.amer@jollamobile.com> - 1.0
- Add libicu as new sqlite links against it and rpm links against sqlite

Expand Down
9 changes: 9 additions & 0 deletions sb2-tools-template.spec
Expand Up @@ -41,6 +41,8 @@ It is not intended to be used in a normal system!
mkdir -p %buildroot
rpm -ql %packages_in_tools %cross_compilers > filestoinclude1
cat > filestoignore << EOF
/etc/shadow
/etc/gshadow
/usr/share/man
/root
/var/lib/rpm
Expand All @@ -62,6 +64,11 @@ EOF
grep -vf filestoignore filestoinclude1 | sort | uniq > filestoinclude2
tar --no-recursion -T filestoinclude2 -cpf - | ( cd %buildroot && fakeroot tar -xvpf - )

sed 's|:.*$|:*:16229:0:99999:7:::|' < /etc/passwd > %{buildroot}/etc/shadow
sed 's|:.*$|:*::|' < /etc/group > %{buildroot}/etc/gshadow
chmod 0400 %buildroot/etc/shadow
chmod 0400 %buildroot/etc/gshadow

mkdir -p %buildroot/root/
mkdir -p %buildroot/var/lib/rpm/
mkdir -p %buildroot/etc/
Expand Down Expand Up @@ -118,6 +125,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/rpm/
%dir /var/cache/ldconfig/
/etc/securetty
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/shadow
%verify(not md5 size mtime) %attr(0400,root,root) %config(noreplace) /etc/gshadow

%files dependency
%defattr(-,root,root)
Expand Down

0 comments on commit a492d3b

Please sign in to comment.