[Solved] Question about building shadow package on Debian

Need help with C, C++, perl, python, etc?

[Solved] Question about building shadow package on Debian

Postby p_linux » 2020-12-31 13:13

Hi debian team,

I am on a Debian 10.4 system. I am trying to compile the shadow-4.5 package due to changes in the source code.
Here is my procedure:

Code: Select all
$ apt-get source shadow/stable
$ apt-get build-dep shadow
$ export QUILT_PATCHES=debian/patches
$ export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
$ quilt push -a
$ quilt new xxx_test_patch
$ quilt add <file_changed>
$ < here my source code modifications ... >
$ quilt refresh
$ quilt pop -a


And, finally change version number and build my package :

Code: Select all
$ dch --local test
$ debuild -b -us -uc


My package is built without problem but the binaries contained in the generated .deb files do not contain my modifications.
However, when I manually compile the binaries (with configure and make), the binaries generated in the src directory of my source tree do contain my changes.
I have the impression that the package is not recompiled with "debuild".
I would like to generate the exact debian package (.deb) with just my modifications in addition using the tool recommended by debian "debuild".

I don't know if I forgot or did something wrong.

Thanks in advance for your answers.
P.
Last edited by p_linux on 2021-01-06 21:04, edited 2 times in total.
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Re: Question about building shadow package on Debian

Postby Head_on_a_Stick » 2020-12-31 13:28

Did you change into the package directory? I can't see it in your command list but I suppose you must have if dch & debuild worked. I also can't find a "shadow" package in Debian, can you elaborate?

Anyway, here's a simpler method:
Code: Select all
apt-get source shadow/stable
apt-get build-dep shadow
cd shadow*
< edit source code >
dpkg-source --commit
< edit patch name & description >
dch --local test
debuild -us -uc

I just use dpkg-source these days so I can't really remember how to use quilt properly but have you seen https://www.debian.org/doc/manuals/debmake-doc/ch03.en.html#quilt-setup?

And finally:
p_linux wrote:I am on a Debian 10.4

You really should update your system:
Code: Select all
$ cat /etc/debian_version                                                   
10.7
$
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Question about building shadow package on Debian

Postby p_linux » 2020-12-31 16:19

Thanks for your answer.

I have changed directory because otherwise the "debuild" command would not work.
Detail about shadow : https://packages.debian.org/source/buster/shadow

I try with dpkg-source but it's the same result.
I use this link for quilt procedure : https://wiki.debian.org/UsingQuilt

It's for a 10.4 version but I think that the functional procedure will be portable on 10.7.

I can put my exact changes in source code if you want to try.
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Re: Question about building shadow package on Debian

Postby Head_on_a_Stick » 2020-12-31 18:48

p_linux wrote:It's for a 10.4 version but I think that the functional procedure will be portable on 10.7

Yes, of course, my observation was incidental to the problem in hand.

p_linux wrote:I can put my exact changes in source code if you want to try.

Yes please.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Question about building shadow package on Debian

Postby p_linux » 2021-01-01 09:06

First of all, happy new year.

I'm particularly interested for the passwd binary from the shadow package :

Code: Select all
$ ls -al /usr/bin/passwd
-rwsr-xr-x 1 root root 63736 Jul 27  2018 /usr/bin/passwd

Here is my exhaustive edit / recompile procedure :

Code: Select all
$ apt-get source shadow/stable
$ apt-get build-dep shadow
$ cd shadow-4.5
$ export QUILT_PATCHES=debian/patches
$ export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
$ quilt push -a
$ quilt new xxx_test_patch
$ quilt add lib/commonio.c
$ quilt add lib/defines.h
$ sed -i 's/\/etc\/passwd/\/etc\/test\/passwd/g' lib/defines.h
$ sed -i 's/\/etc\/group/\/etc\/test\/group/g' lib/defines.h
$ sed -i 's/\/etc\/shadow/\/etc\/test\/shadow/g' lib/defines.h
$ sed -i 's/\/etc\/gshadow/\/etc\/test\/gshadow/g' lib/defines.h
$ quilt refresh
$ quilt pop -a
$ dch --local test
$ debuild -b -uc -us

I have my patch which appears in the shadow-4.5/debian/patches/ directory as well as in the shadow-4.5/debian/patches/series file.
However, when I extract the binaries from the .deb I get the same binary as the original :

Code: Select all
$ cd ..
$ dpkg --extract passwd_4.5-1.1test1_amd64.deb .
$ ls -al ./usr/bin/passwd
-rwsr-xr-x 1 debian debian 63736 Jan  1 10:20 ./usr/bin/passwd

Normally, the password change should be done in the /etc/test directory and not /etc/ (confirming the path via strace).

Code: Select all
$ sudo chown root: ./usr/bin/passwd
$ sudo ./usr/bin/passwd user_test
New password:
Retype new password:
passwd: password updated successfully

It works perfectly when it shouldn't.

Whereas, if I don't go through quilt and compile without debuild, it works :

Code: Select all
$ apt-get source shadow/stable
$ apt-get build-dep shadow
$ cd shadow-4.5
$ sed -i 's/\/etc\/passwd/\/etc\/test\/passwd/g' lib/defines.h
$ sed -i 's/\/etc\/group/\/etc\/test\/group/g' lib/defines.h
$ sed -i 's/\/etc\/shadow/\/etc\/test\/shadow/g' lib/defines.h
$ sed -i 's/\/etc\/gshadow/\/etc\/test\/gshadow/g' lib/defines.h
$ autogen.sh
$ make
$ sudo ./src/passwd user_test
Changing password for user_test
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
passwd: /etc/test/passwd.1276: No such file or directory
passwd: cannot lock /etc/test/passwd; try again later.

But I don't think it compiles with the same build options, I really need the exact debian package with just my changes.

I'm sorry for the length of the post but I had to be as descriptive as possible.
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Re: Question about building shadow package on Debian

Postby Head_on_a_Stick » 2021-01-01 13:04

At a guess the problem arises because debian/rules is over-riding the autogen.sh settings and so rendering your patch irrelevant.

I would investigate more but this is actually an XY problem: https://packages.debian.org/buster/libpam-pwquality ← install that package and edit /etc/pam.d/common-password

See also https://www.linuxtechi.com/enforce-pass ... tu-centos/
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Question about building shadow package on Debian

Postby p_linux » 2021-01-01 14:28

I don't want to make passwords more complex, for that the libpam-cracklib module does the trick very well :)

This is to change the directory to access the shadow password files that the passwd binary uses the /etc/test/shadow file rather than /etc/shadow.
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Re: Question about building shadow package on Debian

Postby Head_on_a_Stick » 2021-01-01 19:35

Why do you want to do that?
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 13450
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Question about building shadow package on Debian

Postby p_linux » 2021-01-01 20:42

I need this workaround because it is a read-only filesystem and I can't do an overlay on /etc/.

I really want to fix this problem with recompiling the shadow package (with debuild).
I know very well that this is not necessarily the right solution but this is the one I need.
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Re: Question about building shadow package on Debian

Postby stevepusser » 2021-01-02 02:42

Your build output should show what patches are being applied and unapplied during the build. If you use debuild from devscripts, you should get that in a .build text file. That's usually easier to search than in a terminal.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12345
Joined: 2009-10-06 05:53

Re: Question about building shadow package on Debian

Postby p_linux » 2021-01-02 18:46

When i use the "quilt pop -a" command at the end, I have lines that say "unapplied patches" and so the patches are ignored.
And when i use the "quilt push -a" command at the end, I don't have specific indications in the .build ... but the binaries in producted .deb do not contain my modification.
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Re: Question about building shadow package on Debian

Postby stevepusser » 2021-01-03 18:03

I specifically said the build command, not "quilt".

Look, I mean something like the output I just got from building obs-studio 26.1.0 on MX 17 testing (Stretch with a load of backports) using pbuilder:

Code: Select all
dpkg-checkbuilddeps: error: Unmet build dependencies: cmake libasound2-dev libavcodec-dev libavdevice-dev libavfilter-dev libavformat-dev libavutil-dev libcurl4-gnutls-dev | libcurl-dev libdbus-1-dev libfontconfig-dev libfreetype6-dev libjack-jackd2-dev libjansson-dev (>= 2.5) libluajit-5.1-dev libmbedtls-dev libpulse-dev libqt5svg5-dev libqt5x11extras5-dev libsimde-dev libspeexdsp-dev libswresample-dev libswscale-dev libudev-dev libv4l-dev libvlc-dev libx11-xcb-dev libx264-dev libxcb-randr0-dev libxcb-shm0-dev libxcb-xfixes0-dev libxcb-xinerama0-dev libxcb-xinput-dev libxcomposite-dev libxinerama-dev python3-dev swig
W: Unmet build-dependency in source
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying 0001-Use-common-license.patch
dpkg-source: info: applying 0002-Hide-internal-symbols.patch
dpkg-source: info: applying 0003-Use-path-in-usr-lib.patch
dpkg-source: info: applying 0004-Link-with-libm-and-libdl-to-fix-underlinking.patch
dpkg-source: info: applying 0005-Link-with-xcb-and-X-libraries-to-fix-underlinking.patch
dpkg-source: info: applying 0006-Add-SONAME.patch
dpkg-source: info: applying 0007-Do-not-build-with-SSE2-enabled-on-i386.patch
dpkg-source: info: applying 0008-Use-the-simd-everywhere-headers-from-libsimde-dev.patch
...


debuild should provide you something similar.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12345
Joined: 2009-10-06 05:53

Re: Question about building shadow package on Debian

Postby p_linux » 2021-01-04 13:33

Yes, debuild command returns something like that.
But the output is different in if the patches are unloaded (quilt pop -a) :

Code: Select all
dpkg-deb: building package 'passwd-dbgsym' in '../passwd-dbgsym_4.5-5_amd64.deb'.
dpkg-deb: building package 'passwd' in '../passwd_4.5-5_amd64.deb'.
dh_gencontrol -plogin
dh_md5sums -plogin
dh_builddeb -plogin
dpkg-deb: building package 'login-dbgsym' in '../login-dbgsym_4.5-5_amd64.deb'.
dpkg-deb: building package 'login' in '../login_4.5-5_amd64.deb'.
dh_gencontrol -puidmap
dh_md5sums -puidmap
dh_builddeb -puidmap
dpkg-deb: building package 'uidmap-dbgsym' in '../uidmap-dbgsym_4.5-5_amd64.deb'.
dpkg-deb: building package 'uidmap' in '../uidmap_4.5-5_amd64.deb'.
dpkg-genbuildinfo
dpkg-genchanges  >../shadow_4.5-5_amd64.changes
dpkg-genchanges: info: pas d'inclusion du code source original dans l'envoi (« upload »)
dpkg-source --after-build .
dpkg-source: info: retrait de 600_test_patch
dpkg-source: info: retrait de 501_commonio_group_shadow
dpkg-source: info: retrait de 505_useradd_recommend_adduser
dpkg-source: info: retrait de 508_nologin_in_usr_sbin
dpkg-source: info: retrait de 463_login_delay_obeys_to_PAM
dpkg-source: info: retrait de 542_useradd-O_option
dpkg-source: info: retrait de 506_relaxed_usernames
dpkg-source: info: retrait de 402_cppw_selinux
dpkg-source: info: retrait de 401_cppw_src.dpatch
dpkg-source: info: retrait de 429_login_FAILLOG_ENAB
dpkg-source: info: retrait de 008_login_log_failure_in_FTMP
dpkg-source: info: retrait de 503_shadowconfig.8
dpkg-buildpackage: info: envoi d'un binaire et du fichier de différences (aucune inclusion du code source d'origine)

Or, if the patches are loaded (quilt push -a) :

Code: Select all
dpkg-deb: building package 'passwd-dbgsym' in '../passwd-dbgsym_4.5-1.1_amd64.deb'.
dpkg-deb: building package 'passwd' in '../passwd_4.5-1.1_amd64.deb'.
dh_gencontrol -plogin
dh_md5sums -plogin
dh_builddeb -plogin
dpkg-deb: building package 'login-dbgsym' in '../login-dbgsym_4.5-1.1_amd64.deb'.
dpkg-deb: building package 'login' in '../login_4.5-1.1_amd64.deb'.
dh_gencontrol -puidmap
dh_md5sums -puidmap
dh_builddeb -puidmap
dpkg-deb: building package 'uidmap-dbgsym' in '../uidmap-dbgsym_4.5-1.1_amd64.deb'.
dpkg-deb: building package 'uidmap' in '../uidmap_4.5-1.1_amd64.deb'.
dpkg-genbuildinfo
dpkg-genchanges  >../shadow_4.5-1.1_amd64.changes
dpkg-genchanges: info: pas d'inclusion du code source original dans l'envoi (« upload »)
dpkg-source --after-build .
dpkg-buildpackage: info: envoi d'un binaire et du fichier de différences (aucune inclusion du code source d'origine)

In the first case, the patches are not applied, and in the second, there is no mention of the application of the patches as in your example.
[*]Sorry for the french returns of terminal command
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Re: Question about building shadow package on Debian

Postby stevepusser » 2021-01-04 20:24

You have no reason to use quilt any longer, it's been built into dpkg since version 7.0.50. Please use "dpkg-source --commit" to convert your source code changes to a patch as HOAS said. You're making this a lot more difficult than it needs to be with your insistence on using quilt.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 12345
Joined: 2009-10-06 05:53

Re: Question about building shadow package on Debian

Postby p_linux » 2021-01-05 09:44

I have tried with dpkg --commit and get the same result.
However, after modifying the version (with dch command), we can see that the package has been recompiled because the date of binary is up to date :

Code: Select all
$ dpkg --contents passwd_4.5-1.2_amd64.deb | grep bin/passwd
-rwsr-xr-x root/root     63736 2021-01-05 11:16 ./usr/bin/passwd

At each recompilation, I get the same binary which is the same size (63736) and which does not contain any modifications
p_linux
 
Posts: 9
Joined: 2020-12-31 12:52

Next

Return to Programming

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable