From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7192512605249863680
X-Received: by 2002:a05:6512:33c2:b0:4cc:811f:e13f with SMTP id d2-20020a05651233c200b004cc811fe13fmr2836042lfg.235.1674637350104;
        Wed, 25 Jan 2023 01:02:30 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6512:214f:b0:4c8:8384:83f3 with SMTP id
 s15-20020a056512214f00b004c8838483f3ls9000565lfr.3.-pod-prod-gmail; Wed, 25
 Jan 2023 01:02:28 -0800 (PST)
X-Google-Smtp-Source: AMrXdXu+3hON8zgt/DyBlQl56ZT3n++N5mflBMqomhwBXesq45rdQe32AIVEcRQ1vXIWOF4kaV+X
X-Received: by 2002:a05:6512:23a6:b0:4b1:3960:4cf8 with SMTP id c38-20020a05651223a600b004b139604cf8mr10888033lfv.28.1674637348752;
        Wed, 25 Jan 2023 01:02:28 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1674637348; cv=pass;
        d=google.com; s=arc-20160816;
        b=ED7C+3vNnnozgGIejppPWvK5w+RO2TDsENdn/725u3K5G8ZhlQwNtLiXvKNN41Katy
         Ifq61K5tVkydRd8u7tIsRdzbPKGJHekM4jA/ePVkT0f9GcsmZ1G93idV1ihgKyLP+z0S
         hz59nt0v8zoYkoHhyVSwmSZ6vGrR7lskzYQfsAx6LoYlsVzN+iQaptIjO56s5Nx249w1
         9BS0TXDPIsDgZ5FiG6CXGGjjX/DA/TpyTyEMIM1cDzN/w/OC3CjiMjR2zKgmgNaJCQ2G
         BXwHzXbC+u80qU7hq+wRV8+jJOHHCcxfXeAismKqr3uLB1TEFnuKUH2KDey6JkV0k6VI
         1HrQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=mgzAY/E+en4yw6f6hhFTx0/23Gjo0hvE1YSTD4VEBtE=;
        b=SZaJeP8G5n3yNctcXVPQxwUYsBiImDXunXYsBE7OTxNEzWwrH0It1oEkf+IL2Kcogu
         CNsMUBgaOhgGo29GiDOtNezGM4peGj3nwFIUReZq8alMAPOBpdwLeEt8O88modh74X8Q
         N2X6HHAw4mNofKm6DGW2B3b5GQQW9jbLxoJCQa1zNDj4hPFe5xyc8ynLSYqF7PpU/kvr
         jPrqngdX+3F/UC60jFogtZTmNdzkE9AxU/9hodjyj+9MvxW32e7+ENQfE5VeCINOlU1B
         /k8dXyd1o5JsN+DS3ew7+jEnF3uAmaoZmPmzfz9DETo1FBCuYZCfla7JxqLgmOcvW7Z3
         y6ug==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=hO3lrl7n;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=temperror (google.com: error in processing during lookup of tobias.schaffner@siemens.com: DNS error) smtp.mailfrom=tobias.schaffner@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <tobias.schaffner@siemens.com>
Received: from EUR01-HE1-obe.outbound.protection.outlook.com ([40.107.13.82])
        by gmr-mx.google.com with ESMTPS id j5-20020a05651231c500b004ce3ceb0e80si214297lfe.5.2023.01.25.01.02.24
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 25 Jan 2023 01:02:24 -0800 (PST)
Received-SPF: temperror (google.com: error in processing during lookup of tobias.schaffner@siemens.com: DNS error) client-ip=40.107.13.82;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@siemens.com header.s=selector2 header.b=hO3lrl7n;
       arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com);
       spf=temperror (google.com: error in processing during lookup of tobias.schaffner@siemens.com: DNS error) smtp.mailfrom=tobias.schaffner@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ZuZQYrSDP+XKwugw2M/tNg2yxIEyQOvLlvaOvi7vozUh8lysf3V6U2bWpfRafHNPd7BZWamzDNcXxmHEXstCTkYYp5ZpFQW2NAERo51pvh2DbPC6FUsjBJ+anqk1QfgYSdNW+53WYDcqKocjWU5ocyLqXT2B8CeECeEfiWesRcL/0DDgqexj2KAm6J3wkYe9hpyfNb48mSTvmljwyQE6QbeJy+UuM5ULgw5VGMACcJDbWOZqw7tM1kaYRc5m0GiYxkhHfLmDNyy6G/OaCFnekMnZ+6ElOFyg5SsSDHwQOlxbTeg3M+GyEH6Zmg6ywh7jur1j2w9TIBKH9M5QRLtfxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=mgzAY/E+en4yw6f6hhFTx0/23Gjo0hvE1YSTD4VEBtE=;
 b=Px20CmEImsCtatA9TvNYJr014DfbLmT33vC5GlSJa3nnUgoQf4kDRI79faK6ZPAe18rJD56JJj0EHEA8nEVIZokB7yMfar/iL3/GkKsXT4+qZTwElEuGTCdwXvxGXnasN+LSmS2Iryw8PEjT/D3F8Zdx8h8K2hU8+Z1NhNqrm2BzfiScqTr1P7ioNUFzYlx9zNES6p1B2IzC7iPMpwafQ927A4ayjbkUnAsIUZpRq/fI8crGtbFA+Z2Qc4gWHWCk3FJsncIhfcQd0gfRjqOYpCACNVAEDBGa5qv4Dfkw59qAlrBiwQ0eGDFrEa/5LLLe3LH/dgbrUn+l1Km3nVfvYQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 194.138.21.74) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com;
 dmarc=pass (p=none sp=none pct=100) action=none header.from=siemens.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=mgzAY/E+en4yw6f6hhFTx0/23Gjo0hvE1YSTD4VEBtE=;
 b=hO3lrl7n4BF73rdASWJ8ZfTHF8y0Fx4NV2vSNmeFqmF+1hv0KHlvo2bBaoHc4xJPVOWb/v3Y1tdytrUvMYuGTCXZIQEFWeQgB2g7Iw4BSiaN+2a6SJdCM2XkgH7M4WslSplxI/0GS/lgval24ihkWcWwiBb4Wr77IhaO7OFXMTzaF7AEBkSASoeevaZ+0hXQwVhBxvOutjNAF4QhxFb5P8IypGGELoznVIFQEsjksz0nAhK8t+gS+8W6BxCshWcXV6WjsZ9QHzH1fqoEzw2oOE4R81JewI0pXe1x1TLIDZluXtS+86p6g6WAM2iY7675xBp/U650tH2PC4vyfMdZQA==
Received: from AM0PR04CA0120.eurprd04.prod.outlook.com (2603:10a6:208:55::25)
 by PAVPR10MB6911.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:326::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan
 2023 09:02:18 +0000
Received: from VE1EUR01FT082.eop-EUR01.prod.protection.outlook.com
 (2603:10a6:208:55:cafe::b5) by AM0PR04CA0120.outlook.office365.com
 (2603:10a6:208:55::25) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33 via Frontend
 Transport; Wed, 25 Jan 2023 09:02:17 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.74)
 smtp.mailfrom=siemens.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=siemens.com;
Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates
 194.138.21.74 as permitted sender) receiver=protection.outlook.com;
 client-ip=194.138.21.74; helo=hybrid.siemens.com; pr=C
Received: from hybrid.siemens.com (194.138.21.74) by
 VE1EUR01FT082.mail.protection.outlook.com (10.152.3.71) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6043.17 via Frontend Transport; Wed, 25 Jan 2023 09:02:17 +0000
Received: from DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) by
 DEMCHDC8VQA.ad011.siemens.net (194.138.21.74) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.20; Wed, 25 Jan 2023 10:02:16 +0100
Received: from L15-Gen2.fritz.box (139.21.146.184) by
 DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.20; Wed, 25 Jan 2023 10:02:16 +0100
From: "T. Schaffner" <tobias.schaffner@siemens.com>
To: <isar-users@googlegroups.com>
CC: <quirin.gylstorff@siemens.com>, <michael.adler@siemens.com>, "Tobias
 Schaffner" <tobias.schaffner@siemens.com>
Subject: [PATCH 2/5] allow creation of users/groups before rootfs creation
Date: Wed, 25 Jan 2023 10:01:53 +0100
Message-ID: <20230125090156.284309-3-tobias.schaffner@siemens.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230125090156.284309-1-tobias.schaffner@siemens.com>
References: <20230125090156.284309-1-tobias.schaffner@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Return-Path: tobias.schaffner@siemens.com
X-Originating-IP: [139.21.146.184]
X-ClientProxiedBy: DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) To
 DEMCHDC8WAA.ad011.siemens.net (139.25.226.104)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: VE1EUR01FT082:EE_|PAVPR10MB6911:EE_
X-MS-Office365-Filtering-Correlation-Id: 8d7ce091-8306-4fd0-f88b-08dafeb2dc2c
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	20zJyoAO5uitXV2JmdW6tu93ZgOnXF4q5eLgo5Zek7OuN/YEIzxMO62IBR5PErLFibH1KndeSZjlpb1Av56PMqFdx7DiCZ0jtBGfe4oJ2iC019Mgop++GOuRJ5xsBv2MMsk4Ui/bwCi1+D0EK27amnv4NIewVvRv2hx5tgKT9s8VL7cR2Ykmh14mjPD5ltC2DxNURXu9EZlgd18Iu+oMUpiVGzMuLHOZrIyV258IMeNGtp7SEZFvW/rapOkF1nnaF37z70KKVUFZQW22TFO2kLEVAzVIuRebrW+vscwD3QQ6xp9FwF53kCrNKiaZ7V12LLZUIaWiW9A3wvXEpRDbooh4nzRzHOMC2uQ6EwJ67gxGPH6j8o5m9INnAF8PLkfcxvpNftiW005pqWeKdiWnWozVNZvU/JkLYv3dul4zcOnVoY6BO4tjLWI8ODDDmq3C51mr4otRFGIIo1/jwANv7UXpYWc0i2PJ7cJCKbr79ytzzlZHQV174ZZZMRppQRaAXulLTiHSg62HSNpe7GJVMoY4648IqBsZQCajo/HgWyuPYaj61XhfN5bVtMq9yDj9C/xiliDInEpRjA3Oza+Qpbc+179CUmiYhwsjciuFyx1CROUEcYq+eMERJ26tRGTh7td7SexvJk93uQQf5PFt59M9JdnEIcyc8yKM30DmgNWdmrKUy+xKA11KNL7Dv4DdrTRkMfnpRgBFwpuBg/3m4g==
X-Forefront-Antispam-Report:
	CIP:194.138.21.74;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:hybrid.siemens.com;CAT:NONE;SFS:(13230025)(4636009)(396003)(346002)(39860400002)(376002)(136003)(451199018)(36840700001)(40470700004)(46966006)(5660300002)(478600001)(82740400003)(6666004)(86362001)(107886003)(2616005)(47076005)(356005)(956004)(83380400001)(82310400005)(41300700001)(336012)(16526019)(26005)(36860700001)(2906002)(1076003)(186003)(7596003)(7636003)(40460700003)(4326008)(70206006)(40480700001)(36756003)(8676002)(6916009)(54906003)(82960400001)(70586007)(316002)(8936002);DIR:OUT;SFP:1101;
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 09:02:17.5898
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d7ce091-8306-4fd0-f88b-08dafeb2dc2c
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.74];Helo=[hybrid.siemens.com]
X-MS-Exchange-CrossTenant-AuthSource:
	VE1EUR01FT082.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR10MB6911
X-TUID: jt6055ByCSfv

From: Tobias Schaffner <tobias.schaffner@siemens.com>

Allow the user to specify that a user or group should be created before
rootfs creation instead of in the postprocessing step.

If a user or group is tagged with `USER_x[pre] = "true"` it will be
created in the rootfs configuration step instead.

Signed-off-by: Tobias Schaffner <tobias.schaffner@siemens.com>
---
 doc/user_manual.md                           |  2 ++
 meta/classes/image-account-extension.bbclass | 25 ++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/doc/user_manual.md b/doc/user_manual.md
index ec639e7..1d209b3 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -661,6 +661,7 @@ The `GROUP_<groupname>` variable contains the settings of a group named `groupna
  - `gid` - The numeric group id.
  - `flags` - A list of additional flags of the group. Those are the currently recognized flags:
    - `system` - The group is created using the `--system` parameter.
+ - `pre` - Creates the group in the rootfs configuration instead of the postprocessing step if set to `true`.
 
 The `USERS` and `USER_<username>` variable works similar to the `GROUPS` and `GROUP_<groupname>` variable. The difference are the accepted flags of the `USER_<username>` variable. It accepts the following flags:
 
@@ -680,6 +681,7 @@ The `USERS` and `USER_<username>` variable works similar to the `GROUPS` and `GR
    - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password.
    - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it.
    - `force-passwd-change` - Force the user to change to password on first login.
+ - `pre` - Creates the user in the rootfs configuration instead of the postprocessing step if set to `true`.
 
 #### Home directory contents prefilling
 
diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass
index 127732a..c0f2269 100644
--- a/meta/classes/image-account-extension.bbclass
+++ b/meta/classes/image-account-extension.bbclass
@@ -18,19 +18,23 @@ USERS ??= ""
 #USER_root[shell] = "/bin/sh"
 #USER_root[groups] = "audio video"
 #USER_root[flags] = "no-create-home create-home system allow-empty-password clear-text-password force-passwd-change"
+#USER_root[pre] = ""
 
 GROUPS ??= ""
 
 #GROUPS += "root"
 #GROUP_root[gid] = ""
 #GROUP_root[flags] = "system"
+#GROUP_root[pre] = ""
 
 
-def image_create_groups(d: "DataSmart") -> None:
+def image_create_groups(d: "DataSmart", pre: bool = False) -> None:
     """Creates the groups defined in the ``GROUPS`` bitbake variable.
 
     Args:
         d (DataSmart): The bitbake datastore.
+        pre (bool): Creates only the entries tagged with GROUP_x[pre] = "true" if True or all others
+            if set to False (default).
 
     Returns:
         None
@@ -43,6 +47,10 @@ def image_create_groups(d: "DataSmart") -> None:
         args = []
         group_entry = "GROUP_{}".format(entry)
 
+        pre_flag = (d.getVarFlag(group_entry, "pre", True) or "") == "true"
+        if pre_flag != pre:
+            continue
+
         with open("{}/etc/group".format(rootfsdir), "r") as group_file:
             exists = any(line.startswith("{}:".format(entry)) for line in group_file)
 
@@ -62,11 +70,13 @@ def image_create_groups(d: "DataSmart") -> None:
             bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry])
 
 
-def image_create_users(d: "DataSmart") -> None:
+def image_create_users(d: "DataSmart", pre: bool = False) -> None:
     """Creates the users defined in the ``USERS`` bitbake variable.
 
     Args:
         d (DataSmart): The bitbake datastore.
+        pre (bool): Creates only the entries tagged with USER_x[pre] = "true" if True or all others
+            if set to False (default).
 
     Returns:
         None
@@ -82,6 +92,10 @@ def image_create_users(d: "DataSmart") -> None:
         args = []
         user_entry = "USER_{}".format(entry)
 
+        pre_flag = (d.getVarFlag(user_entry, "pre", True) or "") == "true"
+        if pre_flag != pre:
+            continue
+
         with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file:
             exists = any(line.startswith("{}:".format(entry)) for line in passwd_file)
 
@@ -148,6 +162,13 @@ def image_create_users(d: "DataSmart") -> None:
             bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", entry])
 
 
+ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts"
+image_configure_accounts[weight] = "3"
+python image_configure_accounts() {
+    image_create_groups(d, True)
+    image_create_users(d, True)
+}
+
 ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts"
 python image_postprocess_accounts() {
     image_create_groups(d)
-- 
2.34.1