From 5427f3afdc949bd93cef8d82b5a9b446fc13215d Mon Sep 17 00:00:00 2001
From: Michael Shigorin <mike@altlinux.org>
Date: Mon, 16 Nov 2015 20:24:25 +0300
Subject: [PATCH] image.in, stage2: reworked TCB fixup hook

The issue at hand is that:

/etc/tcb/USER/shadow gets USER:auth ownership (OK);
/etc/tcb/USER/shadow- backup file is root:root (broken);
/etc/tcb/USER/shadow.lock file is also root:root (broken).

This is observed for all pseudousers created by package installation
process within working chroots as well as for users created by deflogin
feature; the problem is that e.g. echo USER:PASS | chpasswd will break.

Looks like the cuplrit might be fakeroot/faked.
---
 image.in/image-scripts.d/09-tcb-fix      | 8 --------
 image.in/image-scripts.d/99-tcb-fix      | 5 +++++
 sub.in/stage2/image-scripts.d/99-tcb-fix | 5 +++++
 3 files changed, 10 insertions(+), 8 deletions(-)
 delete mode 100755 image.in/image-scripts.d/09-tcb-fix
 create mode 100755 image.in/image-scripts.d/99-tcb-fix
 create mode 100755 sub.in/stage2/image-scripts.d/99-tcb-fix

diff --git a/image.in/image-scripts.d/09-tcb-fix b/image.in/image-scripts.d/09-tcb-fix
deleted file mode 100755
index b50652ed..00000000
--- a/image.in/image-scripts.d/09-tcb-fix
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh -e
-# /etc/tcb/<user>/shadow* permissions can be wrong
-# if an account was created from installed package
-
-cd /etc/tcb
-for u in *; do
-	chown "$u":auth "$u"/shadow*
-done
diff --git a/image.in/image-scripts.d/99-tcb-fix b/image.in/image-scripts.d/99-tcb-fix
new file mode 100755
index 00000000..83bd59ee
--- /dev/null
+++ b/image.in/image-scripts.d/99-tcb-fix
@@ -0,0 +1,5 @@
+#!/bin/sh -e
+# drop intermediate files not needed in the image
+# which receive broken permissions in fakeroot environment
+
+rm -f /etc/tcb/*/shadow{-,.lock}
diff --git a/sub.in/stage2/image-scripts.d/99-tcb-fix b/sub.in/stage2/image-scripts.d/99-tcb-fix
new file mode 100755
index 00000000..83bd59ee
--- /dev/null
+++ b/sub.in/stage2/image-scripts.d/99-tcb-fix
@@ -0,0 +1,5 @@
+#!/bin/sh -e
+# drop intermediate files not needed in the image
+# which receive broken permissions in fakeroot environment
+
+rm -f /etc/tcb/*/shadow{-,.lock}