Bug#917773: shadow: doesn't respect SOURCE_DATE_EPOCH

[Johannes Schauer]

Control: tag -1 + patch

On Sun, 30 Dec 2018 01:58:46 +0100 Johannes 'josch' Schauer <jo...@debian.org> 
wrote:
> the /etc/shadow as created by debootstrap does not respect the
> SOURCE_DATE_EPOCH environment variable anymore. This bug was formerly
> fixed in #857803. Steps to reproduce:
> 
> $ sudo SOURCE_DATE_EPOCH=0 debootstrap --variant=minbase unstable 
> debian-unstable
> $ sudo cat debian-unstable/etc/shadow
> root:*:17895:0:99999:7:::
> daemon:*:17895:0:99999:7:::
> bin:*:17895:0:99999:7:::
> sys:*:17895:0:99999:7:::
> sync:*:17895:0:99999:7:::
> games:*:17895:0:99999:7:::
> man:*:17895:0:99999:7:::
> lp:*:17895:0:99999:7:::
> mail:*:17895:0:99999:7:::
> news:*:17895:0:99999:7:::
> uucp:*:17895:0:99999:7:::
> proxy:*:17895:0:99999:7:::
> www-data:*:17895:0:99999:7:::
> backup:*:17895:0:99999:7:::
> list:*:17895:0:99999:7:::
> irc:*:17895:0:99999:7:::
> gnats:*:17895:0:99999:7:::
> nobody:*:17895:0:99999:7:::
> _apt:*::0:99999:7:::
> 
> So some parts of shadow respect SOURCE_DATE_EPOCH (the user _apt is
> created with a lastchange field of zero) but other parts do not (the
> remaining users).

I now have a patch (attached) which fixes the problem.

Thanks!

cheers, josch

From: Johannes 'josch' Schauer <jo...@debian.org>
Date: Sun, 30 Dec 2018 08:45:45 +0100
X-Dgit-Generated: 1:4.5-1.2 ba0c424d08504fab9ef49548461c40b7c967b803
Subject: wip


---

--- shadow-4.5.orig/libmisc/pwd2spwd.c
+++ shadow-4.5/libmisc/pwd2spwd.c
@@ -66,7 +66,7 @@ struct spwd *pwd_to_spwd (const struct p
 		 */
 		sp.sp_min = 0;
 		sp.sp_max = (10000L * DAY) / SCALE;
-		sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+		sp.sp_lstchg = (long) gettime () / SCALE;
 		if (0 == sp.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
--- shadow-4.5.orig/src/pwck.c
+++ shadow-4.5/src/pwck.c
@@ -608,7 +608,7 @@ static void check_pw_file (int *errors,
 					sp.sp_inact  = -1;
 					sp.sp_expire = -1;
 					sp.sp_flag   = SHADOW_SP_FLAG_UNSET;
-					sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+					sp.sp_lstchg = (long) gettime () / SCALE;
 					if (0 == sp.sp_lstchg) {
 						/* Better disable aging than
 						 * requiring a password change
--- shadow-4.5.orig/src/pwconv.c
+++ shadow-4.5/src/pwconv.c
@@ -265,7 +265,7 @@ int main (int argc, char **argv)
 			spent.sp_flag   = SHADOW_SP_FLAG_UNSET;
 		}
 		spent.sp_pwdp = pw->pw_passwd;
-		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+		spent.sp_lstchg = (long) gettime () / SCALE;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */

signature.asc
Description: signature