From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7096466322200985600 X-Received: by 2002:a5d:5847:0:b0:20c:525b:49d0 with SMTP id i7-20020a5d5847000000b0020c525b49d0mr23334234wrf.13.1652281064454; Wed, 11 May 2022 07:57:44 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:1d96:b0:394:86e0:4174 with SMTP id p22-20020a05600c1d9600b0039486e04174ls1196840wms.3.gmail; Wed, 11 May 2022 07:57:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx27seTBMCQaIYehg40R+2blW2TrKa27QA/8syvfl0odEtoUJ+FcbbdDpQQzRWScjfjbnc4 X-Received: by 2002:a05:600c:220e:b0:394:2695:ce9b with SMTP id z14-20020a05600c220e00b003942695ce9bmr5320373wml.64.1652281063452; Wed, 11 May 2022 07:57:43 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652281063; cv=pass; d=google.com; s=arc-20160816; b=X/Q9fX3qIHrvXeiKhyLCG32BXPY51Uhist3qjJEuS7QtjammxrsI4BmuajtG5IOeAt /s79EBlCeFI/8r4Ue4+u1r7h+LIW3J2/fh8iUslkAw/dMNaTiyddobdXXhSAuCoK8LeL MrKiFDi0RwwvTqQdCZAuljmTL4lH0FDnR3ljKbsG9l6NqGFOY+YQf8S31R8ubAhF1kOu R912yTLC8tqVkSWw3QoThaJG//RdKjxuEioZG2co/rvLKhuirp+JtR4uUHQpldAY80N2 FIxhZp/Z6PqKNqTmONuuOcXtaVoKaZbOgvfyf7zMoFIacG5+qEJKpmSp/77xR+682WC6 0/Kg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=2Hgh7T1tVMxQSB6noeeypTT8k8eZ71x1dLx+WI+asMo=; b=nURhwBS8rh7B7pAwjcEajtmP0N8jfjX4V1V0OEY07yNUMWeOIbDcgJejF+SvZ5MrA5 l2zSTRidacKh+MGFDh2c+EnW6GWDruhcNYwbm8TuFx5uxM0uJgdL+p6TywgRjJofAUSG jWF1nUsgUqCoING6zwfvCoXBCZTnMNJ/MRL6TQrakmW2nCh5cjWi6XcCBZOPEwMppVPr 6d94y4PdedygznGhtEQzhoYlmIYB1Rzn1aCKjsqv05307WmxTOIxa8GjjGs1IEBVnqL7 Y7ywr/cPxX9BnvNddQdy5BBxtSAndLZtTdIZnhLHUaLozqccZixjs7o7vdWlwV5ptUrz s4tA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HxxVNTAh; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:7e1a::618 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20618.outbound.protection.outlook.com. [2a01:111:f400:7e1a::618]) by gmr-mx.google.com with ESMTPS id k6-20020a05600c1c8600b00393e98f67a1si8840wms.1.2022.05.11.07.57.43 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 May 2022 07:57:43 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:7e1a::618 as permitted sender) client-ip=2a01:111:f400:7e1a::618; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HxxVNTAh; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:7e1a::618 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mVpWxeL/vt0zf+puwmDPUD7GYawrcHF+gWMytF6Rb2oVw501Y0hhj1GWkXcQinLmZoX11C5h3gM2q/U3hrggHvZRPFupa8pHH64+4sHbXNODmX1AdKiPpSY9NcuEQkX3BnA4g6RHQ9qq3rnA0KFj0iYAFUkgGMmYRiTFMx+73PbVvUM6zIhdh+k0C9HHp6Nb+lrBfrzFute1vCz7qTOPacaXbGT1FtBGKHMqfK40/97AYFzeXzLM21Srz6X17pjk9viPQEgRDlUWCY9JBw/6uIJAwKusNUrYIjbRB+SuamfPL4X6JMt/FWsbuVRojVWz7irJF7B6b2z/P+AYqOBLsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2Hgh7T1tVMxQSB6noeeypTT8k8eZ71x1dLx+WI+asMo=; b=ECP7G56F6OaAdU2LfKuvu9AomynDoDpZIxSOYDPh1wGvirS3XG9cVsF1uEtDe9HcDke1ypBnfHRKOjdaS+4yzIBcoPglH6r7ll2lm3clt2VvlCz7SJHj78h2IdqNsACTB6UmJ7RrhBEPPREyUtIOCbzE0ocZTPPik/cAcb6VkUpNJlaHo/q/fbTppVmNtRsCrfRKQ+GSJK9O/N8B33/F8gRjV/VIgkuBWzw/RHdx+48zjuQYG8Ws0EGiUTEVv+/Nk8MFqSiTib5OrRpcWD93b7fGYRzW8uyoljRXkhKl9eRgAGyPJzBYHgELUn/y7KxNHT9pWkM924s6jQoTw9NrgA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2Hgh7T1tVMxQSB6noeeypTT8k8eZ71x1dLx+WI+asMo=; b=HxxVNTAhuyTHvMFF+55Bc8PKeJFq60xNttU08zaccpjyd3fO/iuRkdYVYiCFGVFMAi7Oomg0/HLuVRSFnDD6wRVAH9RQhfgdtr9qdgUwMuYSXQc1CA/l0qSffmm2wO67SleAV1fzz+y+csug6GXfdC570Tx4cPKKm8cHUaqNczQGjce2WMaxdXYbVbA+7QO2oivBeDqFdDVFP7QC9HrZE5P81FUSgyYeRdyj4x4PABFtW+EjtVfy413uY4jsYIv5U2cdLgiklKxPmTwG5ylNyEQn/vKGojpGGgZ4aroabdvFp6cEA/Tbgchlr3noWAzXALXfQUe1FAz5OmkGqrlYlw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) by PR3PR10MB4047.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:a4::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5227.20; Wed, 11 May 2022 14:57:42 +0000 Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::a852:a1:7888:f20f]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::a852:a1:7888:f20f%5]) with mapi id 15.20.5227.023; Wed, 11 May 2022 14:57:42 +0000 Date: Wed, 11 May 2022 16:57:40 +0200 From: Henning Schild To: Quirin Gylstorff Cc: jan.kiszka@siemens.com, isar-users@googlegroups.com Subject: Re: [PATCH 1/2] classes/image-account-extension:Move account configuration to post-process Message-ID: <20220511165740.18011f63@md1za8fc.ad001.siemens.net> In-Reply-To: <20220511131338.450234-2-Quirin.Gylstorff@siemens.com> References: <20220511131338.450234-1-Quirin.Gylstorff@siemens.com> <20220511131338.450234-2-Quirin.Gylstorff@siemens.com> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.31; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: AM7PR03CA0013.eurprd03.prod.outlook.com (2603:10a6:20b:130::23) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 44436cad-677d-48f0-973b-08da335e9996 X-MS-TrafficTypeDiagnostic: PR3PR10MB4047:EE_ X-LD-Processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: l49UWnnWjA3gs7npt9dws899pcsvGPvDicqlTndn8LMyp75JGlJkX1+8OROXloiNdFLJHnH/NqWaB3/ynR6APv1mVl4SfJZAZRhAaeXmDhLXMYBiXc/LMt7ODSw2jIDr3FMkM1QRZDjitA0NkeZ6umOs6sm1dtgCd3oJ7K7RghovDqbt60Clh+aTIeRViQEwG9m9I8lmPKtx8IHRA6OBJVWujGPRu+nXVcgmrXvG7wPn7g2htZ9tY3omE7YVtqSFW3GoyxxY31lFaRpUBfS+7Md4PW1scvP+k+SPLRf3XdGZLP4w+gVrYnskVFS614nmxguIicGzCbmHygO4UKp3tWxQoeU+2C/N9V8V/RUQ5MbkicepS91PKIAnU05gLqSzYxhS/vh1P/4JhzQjwLVTnTdJRZ4ZwlETWh/9QJmwATgG8w27gpr1QmC+O2988UKYVJXLKXOLAnBpWbVrjqrbiOvsMSUHnHGiVZUXL9TBQ5ZFLYm9sql8yq1TsqArAmZLAs9txl7k8K85F1kokrT5Pn9t4FwuGBsjpqq1ZAz3B/J6VHrv0UWUBAyV1Cijqt0uKwDbz9AZA8DCK08SyPwkLbeb7sDmkqAbQiUKuRzfGAKhCQKruHHhBV/oHGXgtxf7t6NQjh11Hutyb2gg9oyA3w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(5660300002)(508600001)(6506007)(86362001)(8936002)(6486002)(2906002)(15650500001)(44832011)(83380400001)(9686003)(26005)(6512007)(82960400001)(38100700002)(186003)(1076003)(316002)(66476007)(66946007)(66556008)(6862004)(6636002)(4326008)(8676002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?kfXdkD8oBEutrFiCZFmkSYz6XTA5mAcj0djkNt8HA3J1NCaWpFqOSj8vwFf/?= =?us-ascii?Q?PWPkDEELW4UPc1fIU1v/6oW1rDLLms48jFykADrJBdlLPMwBKDzGj9AgJhvB?= =?us-ascii?Q?RmmDIvnx1rOtAW3W4wxS3Ge/evQe+7b7jk7uEiHc4NgIDv8B8MyD1ZH+AlsA?= =?us-ascii?Q?DpVyiLJLsnOOZQsW8QxsEd5vwKgRXQv1PNX3Cgcima2X88JqfWujNxu6yVG+?= =?us-ascii?Q?YOm5K+BBB0TIAuL56sYsJln8prHZUcH7hVDpwWmJAFm/CfFQpxzL7AjmwAYp?= =?us-ascii?Q?QmmTzkrJYWHuu1ZkUtwU4JVGtgVEeLQFu0//3X7wTQSCC2C6BxSYl7CKqlim?= =?us-ascii?Q?JVlcpQ0xrlpTSF1RKPx08caUh2AEHqqkTim5/fzRcffGKfrnsiomQNCZQdI+?= =?us-ascii?Q?YhuMhusf9OhrYKkIhma93kTtw5t3cNE1kc5G4ekqebxr+awwHvgrWAcwn72Q?= =?us-ascii?Q?sLxPdF2Az7zTWzlY1cjge+RrKrFCDDgc4nPsW7RUgJdC+/v3+PllHC3o0p2t?= =?us-ascii?Q?D3MJytJ4vYi5JujSufeuj6bJJ5mqUnjuOu7zHDrRaIx4s/SSS84aT+YpCUPM?= =?us-ascii?Q?aA9ixLJuvGCiK/IGzQyq3MDQGzusS7XyOnmd8jkphV7NoQ9qiMgYBdMpjBQB?= =?us-ascii?Q?LACuw2uboeYtCBpWxZyjOVi9bW369jU6oeM7VG5y+rTwxwQqipPc9i/rDt3E?= =?us-ascii?Q?gLkOvYKrLmjCtqccYDII/6tymSSCfvBr0D8/LVn/H9nsiw1mInNT4BSJ3kju?= =?us-ascii?Q?vVnbakTeTaHuRX443Gt2fx/hsZsPbA485rgv6zW8vlRBPnYcIXVveRpndzVS?= =?us-ascii?Q?wSalCAya/hm/QX81cvxLN1VmMws/+sVOJpjPuM9jLS0WJtfqeamFm1iihzD0?= =?us-ascii?Q?SDFgxTwEtO1/Nx427RYKbRYtojI//a6rOoqEclU8sJzyLPVaRLMKDRE7XmhR?= =?us-ascii?Q?0VYYYXYB/EcEpAMyFAFip6uBZo6DuBTEEdHojhe56e2BCAc3aWFxzuQhw2wj?= =?us-ascii?Q?aLkrZ8OkxBrPRCKIMzXl39/T9BvjZWbwTMpeArwCF4ewF6wndjaGN3x/eQGD?= =?us-ascii?Q?c4lIIFQircqzEVB8GYJF+d2wuSqv7I2JOPbfSe+LyTRRKdpRkz6RN5WmQ66I?= =?us-ascii?Q?wk/zvEzR/sAw233zRlK34kADP04W7ZF5DtWXwl7JqjnHi0mUrQmlNg0NRROl?= =?us-ascii?Q?SDX1+9mnH4sB8yXKcfmYF3v//Mk8wDhlivJE+v2cUN81FQD8WmOeCGBtyck8?= =?us-ascii?Q?qOapFt3X3qYD47CmQdvObvIoglVQypuVl+PRXqj3OImryHpJJqy5+qTcWcNG?= =?us-ascii?Q?q4CMa3Z//b2X9N4G8GS/OLUfUGpPP7acNAG5yA5U3NdYLpt7EH2dqhH17O4+?= =?us-ascii?Q?+yKceGe9LEL1qOlasV8eBInA20lwjMVKPq3oDTqVOEPTnuCf6K268biKetjV?= =?us-ascii?Q?VxH8HtGEMdapfnyx1IfEhO/prsEWxM5axTDXgtlSxbgNJ/dSPUXxJtfW/XhR?= =?us-ascii?Q?jhuh8yiGqrrqpE9BXpLXjThe9qZD3N6oXyyGxWdHz56u0hiK1YdLYeP6NywJ?= =?us-ascii?Q?XH6QG0C7pY1oVf7RybfQQfO3CYKVEVkMbK59Km5XM5J0LBA/ZwcUvPyPYdrT?= =?us-ascii?Q?1sclWSEpU96x1uoKrt1uCiSwo0/uVWg8OKrsmeqL0rOhn8bQcB47BDfQpMWC?= =?us-ascii?Q?2S27X9Ljx3has9lvLyjV+5iRh8K5vhXcib6l2lhcd6jriP0auTpKd/uCApJ9?= =?us-ascii?Q?yt5FMJiZr5O+UMIRRX0KQ/f4ltAB4Rw=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 44436cad-677d-48f0-973b-08da335e9996 X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2022 14:57:42.4165 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WQHgKuDXrfSbbOZjJHVtAo0W8yyLuO5nlD1CTjwbEgt/2yPeF7IT7Q0Kzbzn91nqAtohEUd5mibiAbRrrOMxTSpp3F7OJtr6XvmBxOcFQBc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR10MB4047 X-TUID: WLFyEAxA/iWR I once had this in the context of adding users to groups which are coming from packages. i.e. the docker group In order to add a user to that group one will also have to add the group, and essentially copy that group creation from the postinst from the group creating package. Like what type of group, or a fixed gid and things like that. So moving the user creation into postinst is imho a really good idea. However a significant change that might be worth a changelog entry. I would have to drop group creation of "docker" or "www" and things like that from some layers. regards, Henning Am Wed, 11 May 2022 15:13:37 +0200 schrieb Quirin Gylstorff : > From: Quirin Gylstorff > > If the root account is deactivate during rootfs configuration > , e.g. by setting 'USER_root[expire]="01-01-1970"', the following > error occurs if a packages tries to create/modifies a user account. > > ``` > Setting up systemd (247.3-7) ... > Created symlink > /etc/systemd/system/getty.target.wants/getty@tty1.service -> > /lib/systemd/system/getty@.service. Created symlink > /etc/systemd/system/multi-user.target.wants/remote-fs.target -> > /lib/systemd/system/remote-fs.target. Created symlink > /etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> > /lib/systemd/system/systemd-pstore.service. Initializing machine ID > from random generator. Your account has expired; please contact your > system administrator. chfn: PAM: Authentication failure adduser: > `/bin/chfn -f systemd Network Management systemd-network' returned > error code 1. Exiting. dpkg: error processing package systemd > (--configure): installed systemd package post-installation script > subprocess returned error exit status 1 Setting up dmsetup > (2:1.02.175-2.1) ... Errors were encountered while processing: > systemd E: Sub-process /usr/bin/dpkg returned an error code (1) > WARNING: exit code 100 from a shell command. ``` > > This move also allows /etc/skel modification to be applicable to > all users. > > Signed-off-by: Quirin Gylstorff > --- > meta/classes/image-account-extension.bbclass | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/meta/classes/image-account-extension.bbclass > b/meta/classes/image-account-extension.bbclass index > c9bebe85..caa962a0 100644 --- > a/meta/classes/image-account-extension.bbclass +++ > b/meta/classes/image-account-extension.bbclass @@ -58,8 +58,7 @@ > IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', > ['gid', 'f do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} > ${IMAGE_ACCOUNTS_USERS}" > -ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts" > -image_configure_accounts[weight] = "3" > +ROOTFS_POSTPROCESS_COMMAND += "image_configure_accounts" > image_configure_accounts() { > # Create groups > # Add space to the end of the list: