Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 1 | From fe34a2a0e44bc80ff213bfd185046a5f10c94997 Mon Sep 17 00:00:00 2001 |
| 2 | From: Chris Lamb <chris@chris-lamb.co.uk> |
| 3 | Date: Wed, 2 Jan 2019 18:06:16 +0000 |
| 4 | Subject: [PATCH 1/2] Make the sp_lstchg shadow field reproducible (re. #71) |
| 5 | |
| 6 | From <https://github.com/shadow-maint/shadow/pull/71>: |
| 7 | |
| 8 | ``` |
| 9 | The third field in the /etc/shadow file (sp_lstchg) contains the date of |
| 10 | the last password change expressed as the number of days since Jan 1, 1970. |
| 11 | As this is a relative time, creating a user today will result in: |
| 12 | |
| 13 | username:17238:0:99999:7::: |
| 14 | whilst creating the same user tomorrow will result in: |
| 15 | |
| 16 | username:17239:0:99999:7::: |
| 17 | This has an impact for the Reproducible Builds[0] project where we aim to |
| 18 | be independent of as many elements the build environment as possible, |
| 19 | including the current date. |
| 20 | |
| 21 | This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1] |
| 22 | environment variable (instead of Jan 1, 1970) if valid. |
| 23 | ``` |
| 24 | |
| 25 | This updated PR adds some missing calls to gettime (). This was originally |
| 26 | filed by Johannes Schauer in Debian as #917773 [2]. |
| 27 | |
| 28 | [0] https://reproducible-builds.org/ |
| 29 | [1] https://reproducible-builds.org/specs/source-date-epoch/ |
| 30 | [2] https://bugs.debian.org/917773 |
| 31 | |
| 32 | Upstream-Status: Backport |
| 33 | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> |
| 34 | --- |
| 35 | libmisc/pwd2spwd.c | 3 +-- |
| 36 | src/pwck.c | 2 +- |
| 37 | src/pwconv.c | 2 +- |
| 38 | 3 files changed, 3 insertions(+), 4 deletions(-) |
| 39 | |
| 40 | diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c |
| 41 | index c1b9b29ac873..6799dd50d490 100644 |
| 42 | --- a/libmisc/pwd2spwd.c |
| 43 | +++ b/libmisc/pwd2spwd.c |
| 44 | @@ -40,7 +40,6 @@ |
| 45 | #include "prototypes.h" |
| 46 | #include "defines.h" |
| 47 | #include <pwd.h> |
| 48 | -extern time_t time (time_t *); |
| 49 | |
| 50 | /* |
| 51 | * pwd_to_spwd - create entries for new spwd structure |
| 52 | @@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw) |
| 53 | */ |
| 54 | sp.sp_min = 0; |
| 55 | sp.sp_max = (10000L * DAY) / SCALE; |
| 56 | - sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; |
| 57 | + sp.sp_lstchg = (long) gettime () / SCALE; |
| 58 | if (0 == sp.sp_lstchg) { |
| 59 | /* Better disable aging than requiring a password |
| 60 | * change */ |
| 61 | diff --git a/src/pwck.c b/src/pwck.c |
| 62 | index 0ffb711efb13..f70071b12500 100644 |
| 63 | --- a/src/pwck.c |
| 64 | +++ b/src/pwck.c |
| 65 | @@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed) |
| 66 | sp.sp_inact = -1; |
| 67 | sp.sp_expire = -1; |
| 68 | sp.sp_flag = SHADOW_SP_FLAG_UNSET; |
| 69 | - sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; |
| 70 | + sp.sp_lstchg = (long) gettime () / SCALE; |
| 71 | if (0 == sp.sp_lstchg) { |
| 72 | /* Better disable aging than |
| 73 | * requiring a password change |
| 74 | diff --git a/src/pwconv.c b/src/pwconv.c |
| 75 | index 9c69fa131d8e..f932f266c59c 100644 |
| 76 | --- a/src/pwconv.c |
| 77 | +++ b/src/pwconv.c |
| 78 | @@ -267,7 +267,7 @@ int main (int argc, char **argv) |
| 79 | spent.sp_flag = SHADOW_SP_FLAG_UNSET; |
| 80 | } |
| 81 | spent.sp_pwdp = pw->pw_passwd; |
| 82 | - spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; |
| 83 | + spent.sp_lstchg = (long) gettime () / SCALE; |
| 84 | if (0 == spent.sp_lstchg) { |
| 85 | /* Better disable aging than requiring a password |
| 86 | * change */ |
| 87 | -- |
| 88 | 2.17.1 |
| 89 | |