diff --git a/base/base-passwd/debian/meta_data.yaml b/base/base-passwd/debian/meta_data.yaml
new file mode 100644
index 000000000..255494415
--- /dev/null
+++ b/base/base-passwd/debian/meta_data.yaml
@@ -0,0 +1,9 @@
+---
+debver: 3.5.51
+dl_path:
+  name: base-passwd-debian-3.5.51.tar.gz
+  url: https://salsa.debian.org/debian/base-passwd/-/archive/debian/3.5.51/base-passwd-debian-3.5.51.tar.gz
+  md5sum: 2866586c3c11fb7bfb269b1bb2a005e9
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true
diff --git a/base/base-passwd/debian/patches/0001-Change-group-passwd.patch b/base/base-passwd/debian/patches/0001-Change-group-passwd.patch
new file mode 100644
index 000000000..101b96b33
--- /dev/null
+++ b/base/base-passwd/debian/patches/0001-Change-group-passwd.patch
@@ -0,0 +1,104 @@
+From 1d06f74733c8728fc1f0cb21f519ae84beb03b67 Mon Sep 17 00:00:00 2001
+From: Al Bailey <Al.Bailey@windriver.com>
+Date: Thu, 24 Oct 2019 11:53:01 -0500
+Subject: [PATCH] Change group,passwd
+
+Porthing this patch from 'setup' package of CentOS. Removing the
+change of uidgid, because no such file in base-passwd, and Debian
+system. The file is installed into /usr/share/doc/setup-2.8.71/uidgid
+in CentOS, which is just a doc file, so ignore it.
+
+Signed-off-by: Andy Ning <andy.ning@windriver.com>
+Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+---
+ group.master  | 19 ++++++++++++-------
+ passwd.master | 16 +++++++++++-----
+ 2 files changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/group.master b/group.master
+index ad1dd2d..748ca76 100644
+--- a/group.master
++++ b/group.master
+@@ -1,15 +1,11 @@
+ root:*:0:
+-daemon:*:1:
+-bin:*:2:
+ sys:*:3:
+ adm:*:4:
+ tty:*:5:
+ disk:*:6:
+-lp:*:7:
+ mail:*:8:
+ news:*:9:
+ uucp:*:10:
+-man:*:12:
+ proxy:*:13:
+ kmem:*:15:
+ dialout:*:20:
+@@ -19,7 +15,6 @@ cdrom:*:24:
+ floppy:*:25:
+ tape:*:26:
+ sudo:*:27:
+-audio:*:29:
+ dip:*:30:
+ www-data:*:33:
+ backup:*:34:
+@@ -30,10 +25,20 @@ src:*:40:
+ gnats:*:41:
+ shadow:*:42:
+ utmp:*:43:
+-video:*:44:
+ sasl:*:45:
+ plugdev:*:46:
+ staff:*:50:
+-games:*:60:
+ users:*:100:
+ nogroup:*:65534:
++postgres:x:120:
++nova:x:162:nova
++barbican:x:978:barbican
++keystone:x:42424:keystone
++neutron:x:164:neutron
++ceilometer:x:166:ceilometer
++sysinv:x:168:sysinv
++snmpd:x:169:snmpd,fm
++fm:x:195:fm
++libvirt:x:991:nova
++ironic:x:1874:ironic
++www:x:1877:www
+diff --git a/passwd.master b/passwd.master
+index f1e69a4..18f5e05 100644
+--- a/passwd.master
++++ b/passwd.master
+@@ -1,12 +1,7 @@
+ root:*:0:0:root:/root:/bin/bash
+-daemon:*:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+-bin:*:2:2:bin:/bin:/usr/sbin/nologin
+ sys:*:3:3:sys:/dev:/usr/sbin/nologin
+ sync:*:4:65534:sync:/bin:/bin/sync
+-games:*:5:60:games:/usr/games:/usr/sbin/nologin
+ man:*:6:12:man:/var/cache/man:/usr/sbin/nologin
+-lp:*:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+-mail:*:8:8:mail:/var/mail:/usr/sbin/nologin
+ news:*:9:9:news:/var/spool/news:/usr/sbin/nologin
+ uucp:*:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+ proxy:*:13:13:proxy:/bin:/usr/sbin/nologin
+@@ -16,3 +11,14 @@ list:*:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+ irc:*:39:39:ircd:/run/ircd:/usr/sbin/nologin
+ gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
+ nobody:*:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
++postgres:x:120:120:PostgreSQL Server:/var/lib/pgsql:/bin/sh
++neutron:x:164:164:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
++sysinv:x:168:168:sysinv Daemons:/var/lib/sysinv:/sbin/nologin
++snmpd:x:169:169:net-snmp:/usr/share/snmp:/sbin/nologin
++fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
++barbican:x:982:978:Barbican Key Manager user account.:/var/lib/barbican:/sbin/nologin
++ceilometer:x:991:166:OpenStack ceilometer Daemons:/var/lib/ceilometer:/sbin/nologin
++keystone:x:42424:42424:OpenStack Keystone Daemons:/var/lib/keystone:/sbin/nologin
++nova:x:994:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin
++ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin
++www:x:1877:1877:www:/home/www:/sbin/nologin
+-- 
+2.25.1
+
diff --git a/base/base-passwd/debian/patches/0002-update-passwd.c-set-walk-to-walk-next-before-removin.patch b/base/base-passwd/debian/patches/0002-update-passwd.c-set-walk-to-walk-next-before-removin.patch
new file mode 100644
index 000000000..e7884d644
--- /dev/null
+++ b/base/base-passwd/debian/patches/0002-update-passwd.c-set-walk-to-walk-next-before-removin.patch
@@ -0,0 +1,69 @@
+From a2a96fa28fe132e34185ab1646b1f1ea4baf4942 Mon Sep 17 00:00:00 2001
+From: Yue Tao <Yue.Tao@windriver.com>
+Date: Thu, 25 Nov 2021 10:14:45 +0800
+Subject: [PATCH] update-passwd.c: set walk to walk->next before removing
+
+update-passwd only removes once and exits even more
+than one items need to be removed. Root cause is walk
+is set to walk->next after remove_node(), in which the
+walk has been cleaned, so the while(walk) is terminated.
+
+Without the fix, the output of update-passwd
+$update-passwd --verbose
+Adding group "postgres" (120)
+Adding group "nova" (162)
+Adding group "barbican" (978)
+Adding group "keystone" (42424)
+Adding group "neutron" (164)
+Adding group "ceilometer" (166)
+Adding group "sysinv" (168)
+Adding group "snmpd" (169)
+Adding group "fm" (195)
+Adding group "libvirt" (991)
+Adding group "ironic" (1874)
+Adding group "www" (1877)
+Removing group "daemon" (1)
+Adding user "postgres" (120)
+Adding user "neutron" (164)
+Adding user "sysinv" (168)
+Adding user "snmpd" (169)
+Adding user "fm" (195)
+Adding user "barbican" (982)
+Adding user "ceilometer" (991)
+Adding user "keystone" (42424)
+Adding user "nova" (994)
+Adding user "ironic" (1874)
+Adding user "www" (1877)
+Removing user "daemon" (1)
+25 changes have been made, rewriting files
+Writing passwd-file to /etc/passwd
+Writing shadow-file to /etc/shadow
+Writing group-file to /etc/group
+
+Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
+---
+ update-passwd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/update-passwd.c b/update-passwd.c
+index 3f3dffa..1a56ed9 100644
+--- a/update-passwd.c
++++ b/update-passwd.c
+@@ -806,13 +806,13 @@ void process_old_entries(const struct _info* lst, struct _node** passwd, struct
+ 		free(id);
+ 	    }
+ 
++	    walk=walk->next;
+ 	    if (make_change) {
+ 		if (opt_verbose)
+ 		    printf("Removing %s \"%s\" (%u)\n", descr, oldnode->name, oldnode->id);
+ 		remove_node(passwd, oldnode);
+ 		flag_dirty++;
+ 	    }
+-	    walk=walk->next;
+ 	    continue;
+ 	}
+ 	walk=walk->next;
+-- 
+2.25.1
+
diff --git a/base/base-passwd/debian/patches/series b/base/base-passwd/debian/patches/series
new file mode 100644
index 000000000..5fc50b5cf
--- /dev/null
+++ b/base/base-passwd/debian/patches/series
@@ -0,0 +1,2 @@
+0001-Change-group-passwd.patch
+0002-update-passwd.c-set-walk-to-walk-next-before-removin.patch