Hello again,
a python solution could be one below.
Also, I found that most of users/groups defined there are redundant as
they already exist (such as root). I guess they are defined from
base-passwd. I am not sure which recipe (base-passwd or systemd) should
have the precedence on this. If it's base-passwd, perhaps this
postcommand should check first if the user does already exist.
Regards,
Louis
---
meta/classes/rootfs-postcommands.bbclass | 69 ++++++++++++++++--------
1 file changed, 46 insertions(+), 23 deletions(-)
diff --git a/meta/classes/rootfs-postcommands.bbclass
b/meta/classes/rootfs-postcommands.bbclass
index 5c0b3ec37c..1741919918 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -61,29 +61,52 @@ python () {
d.appendVar('ROOTFS_POSTPROCESS_COMMAND', 'rootfs_reproducible;')
}
-systemd_create_users () {
- for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/*.conf; do
- [ -e $conffile ] || continue
- grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id
comment; do
- if [ "$type" = "u" ]; then
- useradd_params="--shell /sbin/nologin"
- [ "$id" != "-" ] && useradd_params="$useradd_params --uid
$id"
- [ "$comment" != "-" ] && useradd_params="$useradd_params --comment
$comment"
- useradd_params="$useradd_params --system $name"
- eval useradd --root ${IMAGE_ROOTFS} $useradd_params ||
true
- elif [ "$type" = "g" ]; then
- groupadd_params=""
- [ "$id" != "-" ] && groupadd_params="$groupadd_params --gid
$id"
- groupadd_params="$groupadd_params --system $name"
- eval groupadd --root ${IMAGE_ROOTFS} $groupadd_params
|| true
- elif [ "$type" = "m" ]; then
- group=$id
- eval groupadd --root ${IMAGE_ROOTFS} --system $group ||
true
- eval useradd --root ${IMAGE_ROOTFS} --shell /sbin/nologin --system
$name --no-user-group || true
- eval usermod --root ${IMAGE_ROOTFS} -a -G $group $name
- fi
- done
- done
+python systemd_create_users() {
+ import glob
+ import re
+ import subprocess
+
+ pattern_comment = r'(-|\"[^:\"]+\")'
+ pattern_word = r'[^\s]+'
+ pattern_line = r'(' + pattern_word + r')\s+(' + pattern_word +
r')\s+(' + pattern_word + r')(\s+' \
+ + pattern_comment + r')?' + r'(\s+(' + pattern_word + r'))?' +
r'(\s+(' + pattern_word + r'))?'
+
+ IMAGE_ROOTFS = d.getVar('IMAGE_ROOTFS')
+
+ for conffile in glob.glob(os.path.join(IMAGE_ROOTFS,
'usr/lib/sysusers.d/*.conf')):
+ with open(conffile, 'r') as f:
+ for line in f:
+ line = line.strip()
+ if not len(line) or line[0] == '#': continue
+ ret = re.fullmatch(pattern_line, line.strip())
+ if not ret: continue
+ (stype, sname, sid, _, scomment, _, shomedir, _,
sshell) = ret.groups()
+ if stype == 'u':
+ useradd_command = ['useradd']
+ if sid != '-':
+ useradd_command.extend(['--uid', sid])
+ if scomment and scomment != '-':
+ useradd_command.extend(['--comment', scomment])
+ if shomedir and shomedir != '-':
+ useradd_command.extend(['--root', IMAGE_ROOTFS
+ shomedir])
+ else:
+ useradd_command.extend(['--root', IMAGE_ROOTFS])
+ if sshell and sshell != '-':
+ useradd_command.extend(['--shell', sshell])
+ else:
+ useradd_command.extend(['--shell',
'/sbin/nologin'])
+ useradd_command.extend(['--system', sname])
+ subprocess.run(useradd_command)
+ elif stype == 'g':
+ groupadd_command = ['groupadd']
+ if sid != '-':
+ groupadd_command.extend(['--gid', sid])
+ groupadd_command.extend(['--system', sname])
+ subprocess.run(groupadd_command)
+ elif stype == 'm':
+ subprocess.run(['groupadd', '--root', IMAGE_ROOTFS,
'--system', sid])
+ subprocess.run(['useradd', '--root', IMAGE_ROOTFS,
'--shell', '/sbin/nologin', '--system', name, 'no-user-group'])
+ subprocess.run(['usermod', '-a', '-G', sid, sname])
}
#
On 05/06/2023 17:55, Louis Rannou wrote:> Hello,
>
> I have found an issue in the rootfs routine. The
> rootfs-postcommands.bbclass has a funtion systemd_create_users that
> reads /etc/sysusers.d/*.conf files and parses lines as 'type name id
> comment'.
>
> However, the sysusers.d manual says, those lines can be 'type name id
> comment home_dir shell'. If a home directory of shell is defined, they
> are considered as part of the comment, and we run incorrect commands
> such as the one below :
>
> useradd --shell /sbin/nologin --uid 0 --comment "Super User" /root
> --system root
>
> To fix that, we require a stronger parsing. Several options look
> possible to me, but I am not sure which one is preferred.
>
> 1. sed with a regular expression that returns something that still needs
> parsing
> 2. awk with a step by step script that returns something that still
> needs to be parsed
> 3. use python and regexp module
>
> Also I don't know if the parsing should completely check the sysusers
> syntax as said in the manual (first field is [urgm], second is
> alphanum_-, etc.). In my opinion it should not as this will be made by
> the useradd command.
>
> Do you think it worth to add some testing about that ? I am not sure how
> to do that.
>
> Regards,
> Louis Rannou
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#182477):
https://lists.openembedded.org/g/openembedded-core/message/182477
Mute This Topic: https://lists.openembedded.org/mt/99343510/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
