On Fri, Jul 28, 2023 at 1:52 PM Jon Mason <[email protected]> wrote: > > On Fri, Jul 28, 2023 at 5:40 AM Alex Kiernan <[email protected]> wrote: > > > > To avoid errors from eudev/udev we need an sgx group, but if we add it > > via groupadd that causes shadow login to be brought into an image, which > > causes images which have CONFIG_MULTIUSER unset to fail with `setgid: > > Function not implemented` as shadow's login doesn't implement the > > heuristics which busybox has to handle this kernel configuration. > > Firstly, thank you very much for fixing this. I was having lots of > trouble with it. > > I just wanted to point out that the underlying sgx issue is unique to > Intel/x86. So, it might make sense to only apply this patch in this > case. >
You get the noise from eudev on everything (I'm deploying onto aarch64), I guess because it fails at parse time and everyone gets the same rules. Obviously we could try for an sgx only rule on x86, but tbh that feels like way too much effort! I think we want something like this on poky-tiny so this doesn't regress: diff --git a/meta-poky/conf/distro/poky-tiny.conf b/meta-poky/conf/distro/poky-tiny.conf index f65d2dabf3af..728d161d59af 100644 --- a/meta-poky/conf/distro/poky-tiny.conf +++ b/meta-poky/conf/distro/poky-tiny.conf @@ -122,3 +122,7 @@ SKIP_RECIPE[core-image-weston] = "not buildable with poky-tiny" # Disable python usage in opkg-utils since it won't build with tiny config PACKAGECONFIG:remove:pn-opkg-utils = "python" + +# If shadow-base is brought into the image, logins will fail because it +# doesn't have the heuristics to work when CONFIG_MULTIUSER is unset. +PACKAGE_EXCLUDE:poky-tiny = "shadow-base" > Thanks, > Jon > > > Signed-off-by: Alex Kiernan <[email protected]> > > --- > > > > .../0001-base-passwd-Add-the-sgx-group.patch | 30 +++++++++++++++++++ > > .../base-passwd/base-passwd_3.6.1.bb | 1 + > > 2 files changed, 31 insertions(+) > > create mode 100644 > > meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch > > > > diff --git > > a/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch > > > > b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch > > new file mode 100644 > > index 000000000000..e1340e1b70cf > > --- /dev/null > > +++ > > b/meta/recipes-core/base-passwd/base-passwd/0001-base-passwd-Add-the-sgx-group.patch > > @@ -0,0 +1,30 @@ > > +From 9e57771d138ac423d5139b984b8c869122ce4976 Mon Sep 17 00:00:00 2001 > > +From: Alex Kiernan <[email protected]> > > +Date: Fri, 28 Jul 2023 10:28:57 +0100 > > +Subject: [PATCH] base-passwd: Add the sgx group > > + > > +To avoid errors from eudev/udev we need an sgx group, but if we add it > > +via groupadd that causes shadow login to be brought into an image, which > > +causes images which have CONFIG_MULTIUSER unset to fail with `setgid: > > +Function not implemented` as shadow's login doesn't implement the > > +heuristics which busybox has to handle this kernel configuration. > > + > > +Upstream-Status: Inappropriate [oe-specific] > > + > > +Signed-off-by: Alex Kiernan <[email protected]> > > +--- > > + group.master | 1 + > > + 1 file changed, 1 insertion(+) > > + > > +diff --git a/group.master b/group.master > > +index d34d2b832d43..e54fd1d2c6dc 100644 > > +--- a/group.master > > ++++ b/group.master > > +@@ -34,6 +34,7 @@ video:*:44: > > + sasl:*:45: > > + plugdev:*:46: > > + kvm:*:47: > > ++sgx:*:48: > > + staff:*:50: > > + games:*:60: > > + shutdown:*:70: > > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb > > b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb > > index 204016b3e72e..44bcfb019930 100644 > > --- a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb > > +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb > > @@ -13,6 +13,7 @@ SRC_URI = > > "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar > > file://0005-Add-kvm-group.patch \ > > > > file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \ > > file://0007-Add-wheel-group.patch \ > > + file://0001-base-passwd-Add-the-sgx-group.patch \ > > " > > > > SRC_URI[sha256sum] = > > "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af" > > -- > > 2.39.0 > > > > > > > > -- Alex Kiernan
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185031): https://lists.openembedded.org/g/openembedded-core/message/185031 Mute This Topic: https://lists.openembedded.org/mt/100407464/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
