From fe34a2a0e44bc80ff213bfd185046a5f10c94997 Mon Sep 17 00:00:00 2001
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Wed, 2 Jan 2019 18:06:16 +0000
Subject: [PATCH 1/2] Make the sp_lstchg shadow field reproducible (re. #71)

From <https://github.com/shadow-maint/shadow/pull/71>:

```
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

username:17238:0:99999:7:::
whilst creating the same user tomorrow will result in:

username:17239:0:99999:7:::
This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.
```

This updated PR adds some missing calls to gettime (). This was originally
filed by Johannes Schauer in Debian as #917773 [2].

[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
[2] https://bugs.debian.org/917773
---
 libmisc/pwd2spwd.c | 3 +--
 src/pwck.c         | 2 +-
 src/pwconv.c       | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c
index c1b9b29a..6799dd50 100644
--- a/libmisc/pwd2spwd.c
+++ b/libmisc/pwd2spwd.c
@@ -40,7 +40,6 @@
 #include "prototypes.h"
 #include "defines.h"
 #include <pwd.h>
-extern time_t time (time_t *);
 
 /*
  * pwd_to_spwd - create entries for new spwd structure
@@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 		 */
 		sp.sp_min = 0;
 		sp.sp_max = (10000L * DAY) / SCALE;
-		sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+		sp.sp_lstchg = (long) gettime () / SCALE;
 		if (0 == sp.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */
diff --git a/src/pwck.c b/src/pwck.c
index 0ffb711e..f70071b1 100644
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
 					sp.sp_inact  = -1;
 					sp.sp_expire = -1;
 					sp.sp_flag   = SHADOW_SP_FLAG_UNSET;
-					sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+					sp.sp_lstchg = (long) gettime () / SCALE;
 					if (0 == sp.sp_lstchg) {
 						/* Better disable aging than
 						 * requiring a password change
diff --git a/src/pwconv.c b/src/pwconv.c
index 9c69fa13..f932f266 100644
--- a/src/pwconv.c
+++ b/src/pwconv.c
@@ -267,7 +267,7 @@ int main (int argc, char **argv)
 			spent.sp_flag   = SHADOW_SP_FLAG_UNSET;
 		}
 		spent.sp_pwdp = pw->pw_passwd;
-		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+		spent.sp_lstchg = (long) gettime () / SCALE;
 		if (0 == spent.sp_lstchg) {
 			/* Better disable aging than requiring a password
 			 * change */

From 3d921155e0a761f61c8f1ec37328724aee1e2eda Mon Sep 17 00:00:00 2001
From: Chris Lamb <chris@chris-lamb.co.uk>
Date: Sun, 31 Mar 2019 15:59:45 +0100
Subject: [PATCH 2/2] gettime: Use secure_getenv over getenv.

---
 README            | 1 +
 configure.ac      | 3 +++
 lib/defines.h     | 6 ++++++
 libmisc/gettime.c | 2 +-
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/README b/README
index 952ac578..26cfff1e 100644
--- a/README
+++ b/README
@@ -51,6 +51,7 @@ Brian R. Gaeke <brg@dgate.org>
 Calle Karlsson <ckn@kash.se>
 Chip Rosenthal <chip@unicom.com>
 Chris Evans <lady0110@sable.ox.ac.uk>
+Chris Lamb <chris@chris-lamb.co.uk>
 Cristian Gafton <gafton@sorosis.ro>
 Dan Walsh <dwalsh@redhat.com>
 Darcy Boese <possum@chardonnay.niagara.com>
diff --git a/configure.ac b/configure.ac
index da236722..a738ad66 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
 AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
 
 AC_CHECK_FUNC(setpgrp)
+AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
+                                        1,
+                                        [Defined to 1 if you have the declaration of 'secure_getenv'])])
 
 if test "$ac_cv_header_shadow_h" = "yes"; then
 	AC_CACHE_CHECK(for working shadow group support,
diff --git a/lib/defines.h b/lib/defines.h
index cded1417..2fb1b56e 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -382,4 +382,10 @@ extern char *strerror ();
 # endif
 #endif
 
+#ifdef HAVE_SECURE_GETENV
+#  define shadow_getenv(name) secure_getenv(name)
+# else
+#  define shadow_getenv(name) getenv(name)
+#endif
+
 #endif				/* _DEFINES_H_ */
diff --git a/libmisc/gettime.c b/libmisc/gettime.c
index 53eaf516..0e25a4b7 100644
--- a/libmisc/gettime.c
+++ b/libmisc/gettime.c
@@ -52,7 +52,7 @@
 	unsigned long long epoch;
 
 	fallback = time (NULL);
-	source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
+	source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");
 
 	if (!source_date_epoch)
 		return fallback;