Make the sp_lstchg shadow field reproducible (re. #71)

From <https://github.com/shadow-maint/shadow/pull/71>:

```
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

username:17238:0:99999:7:::
whilst creating the same user tomorrow will result in:

username:17239:0:99999:7:::
This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.
```

This updated PR adds some missing calls to gettime (). This was originally
filed by Johannes Schauer in Debian as #917773 [2].

[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
[2] https://bugs.debian.org/917773
This commit is contained in:
Chris Lamb 2019-01-02 18:06:16 +00:00
parent e24deea4c9
commit fe34a2a0e4
3 changed files with 3 additions and 4 deletions

View File

@ -40,7 +40,6 @@
#include "prototypes.h"
#include "defines.h"
#include <pwd.h>
extern time_t time (time_t *);
/*
* pwd_to_spwd - create entries for new spwd structure
@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
*/
sp.sp_min = 0;
sp.sp_max = (10000L * DAY) / SCALE;
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
sp.sp_lstchg = (long) gettime () / SCALE;
if (0 == sp.sp_lstchg) {
/* Better disable aging than requiring a password
* change */

View File

@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
sp.sp_inact = -1;
sp.sp_expire = -1;
sp.sp_flag = SHADOW_SP_FLAG_UNSET;
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
sp.sp_lstchg = (long) gettime () / SCALE;
if (0 == sp.sp_lstchg) {
/* Better disable aging than
* requiring a password change

View File

@ -267,7 +267,7 @@ int main (int argc, char **argv)
spent.sp_flag = SHADOW_SP_FLAG_UNSET;
}
spent.sp_pwdp = pw->pw_passwd;
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent.sp_lstchg = (long) gettime () / SCALE;
if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password
* change */