From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7096466320318791680 X-Received: by 2002:a17:907:3f0a:b0:6fe:34a2:1368 with SMTP id hq10-20020a1709073f0a00b006fe34a21368mr9370484ejc.130.1652791036259; Tue, 17 May 2022 05:37:16 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6402:2741:b0:41f:7eee:e393 with SMTP id z1-20020a056402274100b0041f7eeee393ls932287edd.3.gmail; Tue, 17 May 2022 05:37:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzevDN6BOJsq692czZapoSVgahw9ZKODEIf3Exx2kfc4APPeSgFC2wFY5s3r/OlZTDR43zh X-Received: by 2002:a05:6402:1113:b0:428:679e:f73f with SMTP id u19-20020a056402111300b00428679ef73fmr18939308edv.378.1652791035278; Tue, 17 May 2022 05:37:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652791035; cv=none; d=google.com; s=arc-20160816; b=hcAVjoDFewK6To6MNto1Ew9nuRn3Js0YYF6c8QWdUV7Nfz85dz4LjriO5rbCqNg2yP CBODEWeEUjPk9GsVwIXDuFUNJTP/fyug5T6eCJtP8QkgyGvrpi9C3Oy05Jtfha7qboyq DVFkDs+IZqiQ8UXDXkOhGXNMCG9TUCXliSx23srDmZ75bfZyCey+YpHGPlE8bwTEGUVE bQ00g+goKbGaJXA+GS3HSD9EVzYqWmEFtQZp9UUYY4+6YRjF2sL5FXADngRfE+oPmKCu wfx3GS/rbHKzt5X17Opv/L8L42Q9eZg/ITxv2lfbG0HSBPBcsx5R7KBKAvsii1Kg2YJ4 6PKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:to:from:dkim-signature; bh=zioeJZdFyjIiby9fFjwbuarp4aC2ZKlDP8vumMCeb3I=; b=y1hqrj9zjuIWeJqoPRcIUKHFLEyPx/jyEgk+NFgBuAcBvakIBET5vozO6Y2/WuMz8k FYVMyP+g36SOAi5K1xzeJ/UdRQy9FBWqz2WXDyhzd7eY0NLm3TlFUI6A1n/fRXftAcDU CVijdfJ8RqWZ0g7z1TVope+QzYvsmw/896ZktkVV/NPx2u0EkkSG5Pgx75Xr1YzTudid tgEMq0n99kwcFZe4TzKlErR6xct6H24A5lThIDCWLdUpSPQ/en4M5sDv7hZN53/88dUH qlwsngUu2BhGp5YxtNAhp8SK7Wa6Rv7f8otkydP5xA1FPzFPD3m8yJJkHxe07eJzLpX4 xe0w== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a5rUOtY5; spf=pass (google.com: domain of fm-51332-20220517123714a3f4aa50ed092db7b6-zldy5c@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220517123714a3f4aa50ed092db7b6-ZLDY5C@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from mta-64-227.siemens.flowmailer.net (mta-64-227.siemens.flowmailer.net. [185.136.64.227]) by gmr-mx.google.com with ESMTPS id b22-20020a50e796000000b0041cf5333d81si763431edn.4.2022.05.17.05.37.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 May 2022 05:37:15 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-51332-20220517123714a3f4aa50ed092db7b6-zldy5c@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) client-ip=185.136.64.227; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a5rUOtY5; spf=pass (google.com: domain of fm-51332-20220517123714a3f4aa50ed092db7b6-zldy5c@rts-flowmailer.siemens.com designates 185.136.64.227 as permitted sender) smtp.mailfrom=fm-51332-20220517123714a3f4aa50ed092db7b6-ZLDY5C@rts-flowmailer.siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id 20220517123714a3f4aa50ed092db7b6 for ; Tue, 17 May 2022 14:37:15 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=Quirin.Gylstorff@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:References:In-Reply-To; bh=zioeJZdFyjIiby9fFjwbuarp4aC2ZKlDP8vumMCeb3I=; b=a5rUOtY5zSwHRGvBwVrlui2yASRZUhUSh3eh9XcVfOMWV6fuNH8TC2Yl33x6GBl72phIYE 4l9fLIF+5pEsb9dMRbtKfL1IRZRMkoAdAsMazyfQuDQUgpn4Q04PJ2iuFAlYgPQwIId9LYaf Uvs56k4NOKnQs/cuAPWj2ExkHimJM=; From: Quirin Gylstorff To: jan.kiszka@siemens.com, isar-users@googlegroups.com, henning.schild@siemens.com Subject: [PATCH v3 1/2] classes/image-account-extension:Move account configuration to post-process Date: Tue, 17 May 2022 14:37:12 +0200 Message-Id: <20220517123713.675215-2-Quirin.Gylstorff@siemens.com> In-Reply-To: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> References: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-51332:519-21489:flowmailer X-TUID: lJ7urJ1xKAmO From: Quirin Gylstorff If the root account is deactivate during rootfs configuration , e.g. by setting 'USER_root[expire]="01-01-1970"', the following error occurs if a packages tries to create/modifies a user account. ``` Setting up systemd (247.3-7) ... Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service -> /lib/systemd/system/getty@.service. Created symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target -> /lib/systemd/system/remote-fs.target. Created symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> /lib/systemd/system/systemd-pstore.service. Initializing machine ID from random generator. Your account has expired; please contact your system administrator. chfn: PAM: Authentication failure adduser: `/bin/chfn -f systemd Network Management systemd-network' returned error code 1. Exiting. dpkg: error processing package systemd (--configure): installed systemd package post-installation script subprocess returned error exit status 1 Setting up dmsetup (2:1.02.175-2.1) ... Errors were encountered while processing: systemd E: Sub-process /usr/bin/dpkg returned an error code (1) WARNING: exit code 100 from a shell command. ``` This move also allows /etc/skel modification to be applicable to all users. Signed-off-by: Quirin Gylstorff --- RECIPE-API-CHANGELOG.md | 6 ++++++ meta/classes/image-account-extension.bbclass | 5 ++--- meta/classes/image.bbclass | 9 +++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md index f3b30351..d1ed6792 100644 --- a/RECIPE-API-CHANGELOG.md +++ b/RECIPE-API-CHANGELOG.md @@ -397,3 +397,9 @@ New conversions can be added by defining CONVERSION_CMD_type. - the conversions appends its own type, e.g. the output file of a conversion `xz` would be ${IMAGE_FULLNAME}.${type}.xz - a final chown is appended automatically + +### Handling of variables USERS and GROUPS is moved to image post processing + +The user and groups defined by the variables `USERS` and `GROUPS` +was moved from image configuration to image post processing. The users and +groups are now created after all packages are installed. diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index c9bebe85..c64ba769 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -58,9 +58,8 @@ IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'f do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts" -image_configure_accounts[weight] = "3" -image_configure_accounts() { +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +image_postprocess_accounts() { # Create groups # Add space to the end of the list: list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS', True).split())} ' diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index aa6c510c..0da56b7a 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -440,6 +440,15 @@ do_rootfs_quality_check() { args="${args} ! -path ${ROOTFSDIR}/etc/os-release";; image_postprocess_machine_id) args="${args} ! -path ${ROOTFSDIR}/etc/machine-id";; + image_postprocess_accounts) + args="${args} ! -path ${ROOTFSDIR}/etc/passwd \ + ! -path ${ROOTFSDIR}/etc/subgid \ + ! -path ${ROOTFSDIR}/etc/subuid \ + ! -path ${ROOTFSDIR}/etc/shadow- \ + ! -path ${ROOTFSDIR}/etc/gshadow \ + ! -path ${ROOTFSDIR}/etc/shadow \ + ! -path ${ROOTFSDIR}/etc/group" + ;; esac done found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp $args ) -- 2.35.1