From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7192512605249863680 X-Received: by 2002:a1c:4c1a:0:b0:3da:25c7:ceb0 with SMTP id z26-20020a1c4c1a000000b003da25c7ceb0mr2036940wmf.17.1674637340152; Wed, 25 Jan 2023 01:02:20 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:cd91:0:b0:2bf:adc3:9107 with SMTP id q17-20020adfcd91000000b002bfadc39107ls490236wrj.0.-pod-prod-gmail; Wed, 25 Jan 2023 01:02:19 -0800 (PST) X-Google-Smtp-Source: AMrXdXtDeiFEmV8Ts9Zd+TcaCVZNEp0c9ktfKh3TUyW9DtU2bDjp2+jyl+bEBLdXoCIdT2WtVLfe X-Received: by 2002:a5d:62c7:0:b0:2bb:dbde:bde4 with SMTP id o7-20020a5d62c7000000b002bbdbdebde4mr25736785wrv.30.1674637338853; Wed, 25 Jan 2023 01:02:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1674637338; cv=pass; d=google.com; s=arc-20160816; b=q/aEjz9mzMnd6+jX1I5bwlSJJ3KCWrCZzr2eeZgHF2YwXxuTDAloRJU2nqf4LqVqE4 gO0ECiqrWAR8ii9dzmzGLuK14riDVk+ZP64NSEgsrkpNkMA7DUOcc9TEOkNf/l9FvAAv tImYn6TA9mFd77UyRvnrtVWbAickLsCIZTmJjzDjIEOiw4GWPMALZHBTIcRQCF1nQv27 6hZQpw3ni0Btz7MwFbYfDx8krS+Sni4bqJjMPk5mzFATj7SF9dgz8mGVLPAtNRm53u4i L/6LwyFEHGQ6CMDQQAkgplx/CkkdWW3t8ywo/WBDVnR87AkVR7XHVPpS2P2UuA0rgWhG j/mg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=v0aK+kwWzb+Q08Sib8G83Oemtt9h4qw+hu9c1WX31+E=; b=pz7X2YHthlSU6ah+GZIZiMXcZZDRrJ1SlcQPJ1BU0PtozsjsWzabrCCBQJgTBoV22M QWQTRkdBLfjCM72MlYhpaE/fLmTA5tKS3TduaOEVsSlG6ZR7r3OuhNuoXbekMRTgjDIm znxQNxlTnTGGjJEnSpanXA1bP/3VSP98rJzgTmX/bcF1d4qFNnvjvT2jsdFpIXQqVvaO Soz9/yKKxNtH/ou3Zppx9DJSqguI8lIkeP1zLzV8z7it+Ak3IlrbOJQUITTywRBVnAj7 S5iC9xc00g4u/zkesbcfHy+8FqiLZwuqJLb0E1b1TexAlCo72qkmG3govfjM38cR5gp6 vZ7g== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jtZbyZ1h; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 40.107.105.53 as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2053.outbound.protection.outlook.com. [40.107.105.53]) by gmr-mx.google.com with ESMTPS id bn18-20020a056000061200b002bf9650b759si206122wrb.2.2023.01.25.01.02.18 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jan 2023 01:02:18 -0800 (PST) Received-SPF: pass (google.com: domain of tobias.schaffner@siemens.com designates 40.107.105.53 as permitted sender) client-ip=40.107.105.53; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=jtZbyZ1h; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 40.107.105.53 as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HWIHNtPCm59Ti1+6ASL8hC90emovYvVkKzAGAwp1ks6kA0aR+hHMQS2qy4Z3WPfyQvaBemKYIFaz+81IeRgF+Hr8+Psxomxb4SytYqtvvg9YIzVfRNoS07WLlbaxJigp25z8nQiMJJ/4NsTdgvATdwSizigG280HbRZI6C93HHFhLxicoXO0eHX1r4f74sqz/KtaUyEDNBbP1cl/dnjps0EFm0jw74c6kGdUksTIfpkxHAYc/o1fypS5fuWeJPo/Ror5aodYTUZaxuBPvb3/K2qXh2tw6oqg95asIHFV3qywo0co3GOJSfJkXTOqR/maQBCcxql7P5yD68KJh7faQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v0aK+kwWzb+Q08Sib8G83Oemtt9h4qw+hu9c1WX31+E=; b=kWzxJMRXW+i8D0tB2bc8DzLxDggzYTFPn45TteTnMtjcMlR9uwiUmUAjSFcWil+v13uprAgUPuwIpIsx5pxG+rQQ832dfdJ4w+Z2C1zV5wtN/mZVlH44d1ho8JPgBi4APUC7wcJgyLzmxcEj6SXCtz1HR2xgZY1SXVR5fNn8lw6rLbYzbQUjYSORqEyhmt7ajLaynBI3+/XOv0WF4a+s62mieXa6bLwxxAW+eZoBjf6PCCxYITZoqP+Z7F9vKODm3r86IvvAyz7Zc3ucx3hj2B6Ny+bsO5nD+MXzioZsurxZ40f21a/4zrO47K7BdM5zUWkvmCfNkTuxESdLdjaRNg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.75) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v0aK+kwWzb+Q08Sib8G83Oemtt9h4qw+hu9c1WX31+E=; b=jtZbyZ1hqqgvcpUoVMksJKMWu9+BEBIqRMY/edjF+xEoG2Y9CCJlqoAU5yNNiv7rcZSglMdVchFwEPpl5pqzvQLta9R6e0WZCdhUR8wjbAU22GAdhXLtGorZuPXgmQt9cIHLdXaKyeHdp3L1TbECW7ME5Gvj8JFCcW1vIs/6ycIZaz8bxu3Olkvrk1Etn4Ouyu42CoGUok5NtFkroSrfbNmbkohSCwgxrLj1zjE6Alg0SPDfKhzgY6x5w6AG7rJFql7Xmn8oMvpJajyEVxEn31jaJt6XmmKKEj9mJ25Hoas4b3USm46LocC6PsRfS9s6QBBviJTeBX2YnRkc0FQViA== Received: from FR3P281CA0080.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1f::15) by DU0PR10MB5196.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:348::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan 2023 09:02:17 +0000 Received: from VE1EUR01FT056.eop-EUR01.prod.protection.outlook.com (2603:10a6:d10:1f:cafe::38) by FR3P281CA0080.outlook.office365.com (2603:10a6:d10:1f::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.17 via Frontend Transport; Wed, 25 Jan 2023 09:02:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.75) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com; Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.75 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.75; helo=hybrid.siemens.com; pr=C Received: from hybrid.siemens.com (194.138.21.75) by VE1EUR01FT056.mail.protection.outlook.com (10.152.3.115) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.17 via Frontend Transport; Wed, 25 Jan 2023 09:02:16 +0000 Received: from DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) by DEMCHDC8VRA.ad011.siemens.net (194.138.21.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.20; Wed, 25 Jan 2023 10:02:16 +0100 Received: from L15-Gen2.fritz.box (139.21.146.184) by DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.20; Wed, 25 Jan 2023 10:02:15 +0100 From: "T. Schaffner" To: CC: , , "Tobias Schaffner" Subject: [PATCH 1/5] simplify image-account-extension Date: Wed, 25 Jan 2023 10:01:52 +0100 Message-ID: <20230125090156.284309-2-tobias.schaffner@siemens.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230125090156.284309-1-tobias.schaffner@siemens.com> References: <20230125090156.284309-1-tobias.schaffner@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Return-Path: tobias.schaffner@siemens.com X-Originating-IP: [139.21.146.184] X-ClientProxiedBy: DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) To DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1EUR01FT056:EE_|DU0PR10MB5196:EE_ X-MS-Office365-Filtering-Correlation-Id: a6b3a361-c230-4e17-87be-08dafeb2dbaa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: l0IHwRWR+WLYoY/K9zz7fJO2h/HKdae5vY8L3WXZgL5WNkmUGHPPB8FtgjBDMzmK+C0FxOc0u9Gb+bXlWd8bExPg3zwD6Vf+PHPaxva5wwgDG7YK4u4llrdCU5QbZExWygU4T+Ttl7vbBY6gKAJYpWC2gJRJdfeU8jqvyfGzcV2Ht87cgysSu52h2zeZcPWXZIvogBwH++OQTgN/uWAY9bfdkagiHyf/nHup4YPv5tvtzmUsrnhb/Rmk078VCsY6Ddc1NsHCOuN7P7VeoypS7bFzhDlfMhj9ZlkbTRPS9FnSJHZCnZn5UgEfRdEll+qWwMGh+SJwOL7tpQvnE66V0BgdX70sk5Y2phSdsOwq7D7gXbY5n8f6RZHW0chi9vSg61tHDLM2Aj1Ii6W05LRQ3MXIqIz7NYnCzrIUS6t5V/zIYnC4qOztcV+I3YVkqM4pyf+fAMXtvajyB7zRP9HA4zjLLMAsti82QgxKg4fdppJlhzyze8z/2VJT3qI3MJ6OmIhTxnwQvbSyK7buvL4uXswiUDvDLxFGEERdvnZT9Q71p96VC8K6TYP7hWkxhjSe8fghEHSQPP2Tp94NyRhbhp+gJvK0Afy0Kwv0LZmkvvU6M2e20BV0UIxMzOu9qICEXH4AgF9J0J19oVAcHDcW+B9vjaaqaWVndAv3TFBFtbKOg1fBA+4tv6RttakfbIwbdF+qU6rsna67OtrkFgAiLtTBeRMbSqvkWc44WCPj+4M= X-Forefront-Antispam-Report: CIP:194.138.21.75;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230025)(4636009)(136003)(346002)(396003)(376002)(39860400002)(451199018)(36840700001)(40470700004)(46966006)(30864003)(83380400001)(316002)(2906002)(81166007)(41300700001)(107886003)(6666004)(8936002)(26005)(16526019)(478600001)(356005)(82960400001)(15650500001)(82310400005)(86362001)(82740400003)(186003)(70586007)(40460700003)(8676002)(5660300002)(6916009)(4326008)(36756003)(336012)(70206006)(47076005)(54906003)(40480700001)(36860700001)(956004)(2616005)(1076003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 09:02:16.7335 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a6b3a361-c230-4e17-87be-08dafeb2dbaa X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.75];Helo=[hybrid.siemens.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR01FT056.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB5196 X-TUID: +qQW2LIy2V3N From: Tobias Schaffner Do the complete user and group creation in python. This allows us to drop the encoding and parsing code that was used to make the user and group lists available in the shell function. Signed-off-by: Tobias Schaffner --- meta/classes/image-account-extension.bbclass | 368 +++++++------------ 1 file changed, 124 insertions(+), 244 deletions(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index cbc20a2..127732a 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -1,5 +1,5 @@ # This software is a part of ISAR. -# Copyright (C) Siemens AG, 2019 +# Copyright (C) Siemens AG, 2023 # # SPDX-License-Identifier: MIT # @@ -25,251 +25,131 @@ GROUPS ??= "" #GROUP_root[gid] = "" #GROUP_root[flags] = "system" -def gen_accounts_array(d, listname, entryname, flags, verb_flags=None): - from itertools import chain - - entries = (d.getVar(listname, True) or "").split() - return " ".join( - ":".join( - chain( - (entry,), - ( - (",".join( - ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - ).split() - ) if flag not in (verb_flags or []) else ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - )).replace(":","=") - for flag in flags - ), - ) - ) - for entry in entries - ) - -# List of space separated entries, where each entry has the format: -# username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 -IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', 'shell', 'groups', 'flags'], ['password', 'comment', 'home', 'shell'])}" - -# List of space separated entries, where each entry has the format: -# groupname:groupid:flag1,flag2 -IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'flags'])}" - -do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" -image_postprocess_accounts() { - # Create groups - # Add space to the end of the list: - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS', True).split())} ' - while true; do - # Pop first group entry: - list_rest="${list#*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - fi - - # Create or modify groups: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute groupmod (no changes)." - else - echo "Execute groupmod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupmod "$@" "$name" - fi - else - echo "Execute groupadd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupadd "$@" "$name" - fi - done - - # Create users - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS', True).split())} ' - while true; do - # Pop first user entry: - list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - password="${entry%%:*}" - entry="${entry#${password}:}" - - expire="${entry%%:*}" - entry="${entry#${expire}:}" - - inactive="${entry%%:*}" - entry="${entry#${inactive}:}" - - uid="${entry%%:*}" - entry="${entry#${uid}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - comment="${entry%%:*}" - entry="${entry#${comment}:}" - - home="${entry%%:*}" - entry="${entry#${home}:}" - - shell="${entry%%:*}" - entry="${entry#${shell}:}" - - groups="${entry%%:*}" - entry="${entry#${groups}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$expire" ]; then - set -- "$@" --expiredate "$expire" - fi - - if [ -n "$inactive" ]; then - set -- "$@" --inactive "$inactive" - fi - - if [ -n "$uid" ]; then - set -- "$@" --uid "$uid" - fi - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ -n "$comment" ]; then - set -- "$@" --comment "$comment" - fi - - if [ -n "$home" ]; then - if [ "y" = "$exists" ]; then - set -- "$@" --home "$home" --move-home - else - set -- "$@" --home-dir "$home" - fi - fi - - if [ -n "$shell" ]; then - set -- "$@" --shell "$shell" - fi - - if [ -n "$groups" ]; then - set -- "$@" --groups "$groups" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then - set -- "$@" --no-create-home - else - if [ "${flags}" != "${flags%*,create-home,*}" ]; then - set -- "$@" --create-home - fi - fi - fi - - # Create or modify users: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute usermod (no changes)." - else - echo "Execute usermod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/usermod "$@" "$name" - fi - else - echo "Execute useradd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/useradd "$@" "$name" - fi - - # Set password: - if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then - chpasswd_args="-e" - if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; then +def image_create_groups(d: "DataSmart") -> None: + """Creates the groups defined in the ``GROUPS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + entries = (d.getVar("GROUPS", True) or "").split() + rootfsdir = d.getVar("ROOTFSDIR", True) + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + group_entry = "GROUP_{}".format(entry) + + with open("{}/etc/group".format(rootfsdir), "r") as group_file: + exists = any(line.startswith("{}:".format(entry)) for line in group_file) + + gid = d.getVarFlag(group_entry, "gid", True) or "" + if gid: + args.append("--gid") + args.append(gid) + + flags = (d.getVarFlag(group_entry, "flags", True) or "").split() + if "system" in flags: + args.append("--system") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/groupmod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) + + +def image_create_users(d: "DataSmart") -> None: + """Creates the users defined in the ``USERS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + import hashlib + import crypt + + entries = (d.getVar("USERS", True) or "").split() + rootfsdir = d.getVar("ROOTFSDIR", True) + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + user_entry = "USER_{}".format(entry) + + with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: + exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) + + def add_user_option(option_name, flag_name): + flag_value = d.getVarFlag(user_entry, flag_name, True) or "" + if flag_value: + args.append(option_name) + args.append(flag_value) + + add_user_option("--expire", "expiredate") + add_user_option("--inactive", "inactive") + add_user_option("--uid", "uid") + add_user_option("--gid", "gid") + add_user_option("--comment", "comment") + add_user_option("--shell", "shell") + + groups = d.getVarFlag(user_entry, "groups", True) or "" + if groups: + args.append("--groups") + args.append(groups.replace(' ', ',')) + + flags = (d.getVarFlag(user_entry, "flags", True) or "").split() + + if exists: + add_user_option("--home", "home") + if d.getVarFlag(user_entry, "home", True) or "": + args.append("--move-home") + else: + add_user_option("--home-dir", "home") + + if "system" in flags: + args.append("--system") + if "no-create-home" in flags: + args.append("--no-create-home") + if "create-home" in flags: + args.append("--create-home") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/usermod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/useradd", *args, entry]) + + command = [*chroot, "/usr/sbin/chpasswd"] + password = d.getVarFlag(user_entry, "password", True) or "" + if password or "allow-empty-password" in flags: + if "clear-text-password" in flags: + # chpasswd adds a random salt when running against a clear-text password. # For reproducible images, we manually generate the password and use the # SOURCE_DATE_EPOCH to generate the salt in a deterministic way. - if [ -z "${SOURCE_DATE_EPOCH}" ]; then - chpasswd_args="" - else - salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum -z | cut -c 1-15)" - password="$(openssl passwd -6 -salt $salt "$password")" - fi - fi - printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ - /usr/sbin/chpasswd $chpasswd_args - fi - if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then - echo "Execute passwd to force password change on first boot for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/passwd --expire "$name" - fi - done + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH", True) or "" + if source_date_epoch: + command.append("-e") + salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] + password = crypt.crypt(password, "$6${}".format(salt)) + + else: + command.append("-e") + + bb.process.run(command, "{}:{}".format(entry, password).encode()) + + if "force-passwd-change" in flags: + bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", entry]) + + +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +python image_postprocess_accounts() { + image_create_groups(d) + image_create_users(d) } -- 2.34.1