diff options
| author | Johannes Schauer Marin Rodrigues <josch@debian.org> | 2022-07-26 17:25:42 +0200 |
|---|---|---|
| committer | Balint Reczey <balint@balintreczey.hu> | 2022-07-26 17:26:55 +0200 |
| commit | 8d8547f65fc0474fa335d04201ee9c2ccb9aa773 (patch) | |
| tree | d6ca2c4f5ba97b348e88853dc3df3d59be52e779 | |
| parent | bda4983ef69173ccae5e31031b9e3ebbf0ebd2aa (diff) | |
| download | shadow-8d8547f65fc0474fa335d04201ee9c2ccb9aa773.tar.gz | |
debian/shadowconfig: Support DPKG_ROOT without using chroot()
Closes: #1007758
| -rw-r--r-- | debian/shadowconfig | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/debian/shadowconfig b/debian/shadowconfig index 28df7512..b462597a 100644 --- a/debian/shadowconfig +++ b/debian/shadowconfig @@ -5,14 +5,35 @@ set -e shadowon () { set -e - pwck -q -r - grpck -r - pwconv - grpconv - chown root:root /etc/passwd /etc/group - chmod 644 /etc/passwd /etc/group - chown root:shadow /etc/shadow /etc/gshadow - chmod 640 /etc/shadow /etc/gshadow + + if [ -n "$DPKG_ROOT" ] \ + && cmp "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/usr/share/base-passwd/passwd.master" 2>/dev/null \ + && cmp "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/usr/share/base-passwd/group.master" 2>/dev/null; then + # If dpkg is run with --force-script-chrootless and if /etc/passwd + # and /etc/group are unchanged, we avoid the chroot() call by manually + # processing the files. This produces bit-by-bit identical results + # compared to the normal case as shown by the CI setup at + # https://salsa.debian.org/helmutg/dpkg-root-demo/-/jobs + for f in passwd group; do + cp -a "${DPKG_ROOT}/etc/$f" "${DPKG_ROOT}/etc/$f-" + done + chmod 600 "${DPKG_ROOT}/etc/passwd-" + sed -i 's/^\([^:]\+\):\*:/\1:x:/' "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/etc/passwd" + [ -n "$SOURCE_DATE_EPOCH" ] && epoch=$SOURCE_DATE_EPOCH || epoch=$(date +%s) + sed "s/^\([^:]\+\):.*/\1:*:$((epoch/60/60/24)):0:99999:7:::/" "${DPKG_ROOT}/etc/passwd" > "${DPKG_ROOT}/etc/shadow" + sed "s/^\([^:]\+\):.*/\1:*::/" "${DPKG_ROOT}/etc/group" > "${DPKG_ROOT}/etc/gshadow" + touch "${DPKG_ROOT}/etc/.pwd.lock" + chmod 600 "${DPKG_ROOT}/etc/.pwd.lock" + else + pwck -q -r + grpck -r + pwconv + grpconv + fi + chown root:root "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group" + chmod 644 "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group" + chown root:shadow "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow" + chmod 640 "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow" } shadowoff () { |