From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7192512605249863680 X-Received: by 2002:a5d:4b4e:0:b0:2bd:e14f:c387 with SMTP id w14-20020a5d4b4e000000b002bde14fc387mr1373596wrs.317.1674664161621; Wed, 25 Jan 2023 08:29:21 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:3d06:b0:3cf:9be3:73dd with SMTP id bh6-20020a05600c3d0600b003cf9be373ddls1440181wmb.3.-pod-canary-gmail; Wed, 25 Jan 2023 08:29:20 -0800 (PST) X-Google-Smtp-Source: AMrXdXvhqEzmS3VlcPXNXHbhiutjzXEjgcyiuLH9bAS6hw3W34wr0Qzkez6CYtCXzZkfNGd5jMv6 X-Received: by 2002:a05:600c:539a:b0:3d9:ef72:190d with SMTP id hg26-20020a05600c539a00b003d9ef72190dmr31502905wmb.19.1674664160622; Wed, 25 Jan 2023 08:29:20 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1674664160; cv=pass; d=google.com; s=arc-20160816; b=ppFdI5OWwSc4uwKW25st8VBe0BnQVHf9stpy2AmDBwPSmWXQd1v6znix3M0ezBxesN r0oVb3SFclD9SkklGF8ZkfK4GBYTLrlpWB92y5UaW4rx9S4fsHuecRAiL5WFnOQMJdm5 hStmRVDsFdGYv2CFhOcv4IzWB7+6XopWPngyNm9mWrhvA07n1J5HZ3/JCvxhi/YGyY4J Yvirx5cMfTzzbPXCcYpM6/zIf2F4wQgcFx1pCEfIl9aWZeacPGkC6/UzhlSaq6CZeVsv 38MyZKriyR4WVtJeVcxVzNW4st39PoOtkOaBN42Wq5eiiTIMWBCbBv54FPnbWlWl/5/0 fl7Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=CJgDMLMe3mQ0VxeCDjzx16jL5F++FeLz491mVz76g64=; b=PFl/5UAeptgzH+LoKgHAIQjfNIjo/TyGylP/4UVPVqzu2gKqgT4UltZfPH4w5JtmuQ hDco0q0+UioXFAtiN83QQuI06BH9oJ+pfiWSQlbvT1a/sDQ028J+drs0rsC1dVSUFJuK pakgoqbcmhOWFVRAaURVgKJe7o5KEKCcyWg9viECzKDRPKp0eWb7Ygxn2KtwkGYMZQlF 2lDkoxBm7aQG8sdiSg5gCYmTzqyMwwxLaPwu73X9QA83xps367RMFMq80/0Jpx/iNP3Y mCtv0okZ3t3ZT7lie2ISXkB07SFSJcsWJQmmjcXJ7XL/g1j3300fYkHjTqZ+DnaMK1xA BWLQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SbHirRsI; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.104.78 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2078.outbound.protection.outlook.com. [40.107.104.78]) by gmr-mx.google.com with ESMTPS id az9-20020a05600c600900b003da01357361si164014wmb.0.2023.01.25.08.29.20 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Jan 2023 08:29:20 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 40.107.104.78 as permitted sender) client-ip=40.107.104.78; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=SbHirRsI; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.104.78 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FqAaIV6mq7+TAogxrEr+njkjCS7ToSyCNBmgY/biO34C2xkFqvBT09zSDwatMd+hkarPe/K7GyJw4Cc2cB6rLnoup9oeM3RErpWYiR2QhUWZXIgxAR7+f/Na9XI97QLy/FcT6IOlwDnArCFMCpBm/J2NTUg11g0x4xrrStu0kXYoydfe4RG/ieplirnD8nHBHRe33vI+PlAuCqMZ4wfWJynunwT6+6xtkic9ib3IK5CMNwX3tb2bN8kfdm/CzcRqiYoH2IEMYnuSf8pNhzdnKl39AvN2KfUPC5d7+JhGArZflx55w3/qk1uMnUAn6ILdMOZCFgdAcnsmqXfMze+z7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CJgDMLMe3mQ0VxeCDjzx16jL5F++FeLz491mVz76g64=; b=ag2Xs18/z26lBOAX0w2P1PahCKB5x7FK6ffw3fstIW5j7+/RF4rmwZLK/oIWDVx26R3OhayTW9nXy2Bt5K1tIFMVfZEz56iMqbUuMCPtedyignhvx+wcjhNoppg4gaCf7TyhSj2/G5KjJ8dRGu6DaSpocxTGgPpxyKiIaIEBdXFXcUT3YLlnaPxeXGVn4CTChrt6BYU9yFdfzHJR8Ri6TO2kqmvEzUrF8B8CIi/PCpSBY1NhksT4H4eJE4FsNYTqysDUH2idJbRaPtqp2eT86tY0ksFYuz8/HTHPlG6r3GJJF6fTMESJGqbF2tRON7UuIzhsMVGDRnZCrpcEVEJAQg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CJgDMLMe3mQ0VxeCDjzx16jL5F++FeLz491mVz76g64=; b=SbHirRsIsVPE3/RAsgRNyW2V2wFT9/CPBE7OGTaIUhHuDGC8tZBi9TA3hpdxsNesZmZo2h9qd4Ye9ISekNsznWPidT+7j2EYJUFibPTGvobgoim2ivYWfHPTGoCYU/rg2MXsmeeRTxwbn6NBF5Utztf0RpRlLaYGAWU2KGRbQqhWXLaaCjDEkKsVlUK7sgQxtyd5WG/6gS2X+ER7JKBa4Wtm8RHIQ6kqu41k3ByX4SjUr6HvolsQTvgMGPJF7NnYXiZdt+uZhMYW4Pz5AqMX/coQZAvffBH/n8cFNFOs1v8hGFShWskhxSwdPyOD9DADa8E2p06AQS44Gc110NyX8g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) by DB9PR10MB6450.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3d9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Wed, 25 Jan 2023 16:29:19 +0000 Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::bdf0:fdeb:f955:bc79]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::bdf0:fdeb:f955:bc79%4]) with mapi id 15.20.6002.033; Wed, 25 Jan 2023 16:29:19 +0000 Date: Wed, 25 Jan 2023 17:29:16 +0100 From: Henning Schild To: Gylstorff Quirin Cc: "T. Schaffner" , isar-users@googlegroups.com, michael.adler@siemens.com Subject: Re: [PATCH 0/5] allow creation of users/groups before rootfs creation Message-ID: <20230125172916.0d49528f@md1za8fc.ad001.siemens.net> In-Reply-To: References: <20230125090156.284309-1-tobias.schaffner@siemens.com> <20230125142901.597613d7@md1za8fc.ad001.siemens.net> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.35; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR3P281CA0149.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:95::20) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PA4PR10MB5780:EE_|DB9PR10MB6450:EE_ X-MS-Office365-Filtering-Correlation-Id: 09f9bccb-9f43-4aff-126f-08dafef14eb3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: j//sTaoJhBmqiz6qYgeNBQ1q6nGnvS9bHEZCpLlhMmAUOWzf1+XtcNRnv8Q6DCPh7aLWvAQDIaSBlkJtZBUd5jMkOOwbaAu/bPkMCufShQrdOaHEbTTiXlrJ5MmUnsUskodIBkAgIQpGkkOMiy2bK5IhOT5Z3elDE26Bp+RlJnCZmQcjQDrdb/uKYT5bz69b8jiehd4+kvZeDWTnAbJ5fj7NoT6ZUnraIP8lbbIdUbe6NmJiD9mn1jSEUR5AUoc4vOutOC5PMWige4T/KmaL5vaAFs060mfWyuwO+LMHQw+Ru/DFiUN9xBiUojwz/niqfVwqjuviyLSaAKZOqcN2x5imIpqP2GQ7OXyr2r9tekM4hfPTk2kbN72p1QIvJ4pyp/8vZax4c4+xOqdIKrT5o/F2KZMcXdHOpKNRK2AzT6NGE+8g9fSqFqw7zSqhFmP1TZXr65S6Y+yzOI8LRGK357PSzMg4Mm1SznbYis+1aSFyUUTK+bWZVt5Sl/psv+bk5EOsvCUU6f7NUNValG4S6F0DmpuqxutFfCcapX/ZnhEXyiUW89YRUOl6zAOVAmr5e1Au6uwR1rF2/Wb5bwBSocaaC0tW3+ei7mS6HEyoFYiL33wBBzNYYHi2L5mZIpgxvsOzEpyNq3gqugC0k/j7IhI4imUrpcmM9xzcxi21aQiBaEqVlcg45HgiGugSrY93 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230025)(4636009)(39860400002)(346002)(366004)(136003)(396003)(376002)(451199018)(6862004)(86362001)(2906002)(6636002)(82960400001)(4326008)(83380400001)(966005)(8936002)(44832011)(5660300002)(66476007)(316002)(478600001)(6486002)(6512007)(9686003)(186003)(8676002)(6506007)(38100700002)(66946007)(53546011)(1076003)(6666004)(107886003)(66556008)(41300700001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?5pE1AkfGLa/m+QA9Z+FLw+gvwwk3GsOAmGWytB/6Wib67xp/KmSeeKZ5eFam?= =?us-ascii?Q?5k0Il/FLHFpkUytPckI9AvC6wkCLRJxJVVeDlQuuahZ1/F++7eFtUe9Jz8pd?= =?us-ascii?Q?xZsz7Ju3Hj9GpuvJoi3S9yDI0Sn3lFt+XIEgwBOA+O8xVrZcUcLrjhyfjjoF?= =?us-ascii?Q?sVQ/CkHaBAa4N063FV9rYKMWOx7TPC3VeNtYPn70Y2cZH79+Yq6T6zyyoG2Q?= =?us-ascii?Q?vlgnYq+VijnzLuYSY/HEzfHcRkjS5E1GxNJ+gVNNhJwqjtf3tLFaI74kgbyw?= =?us-ascii?Q?cXJZIdy4WzJB024M9O48UmLo7hxp5fLoZurMv2Rfg2rIhMquh8jHzIy8vJGf?= =?us-ascii?Q?GCU3q9h27pxFvOk/Lwcn53wYE2hA2mNGIMoLALRGS1oO+Lbeh2EILABZa5/p?= =?us-ascii?Q?NO5OLMeef0TqROHF7bWCO7PkQmaBpr45JUrtTjTclEL3DKFuSZVxiKtWZt/e?= =?us-ascii?Q?7ETIjlJUKGHfJEO11JG7IGkZjITJa+lZqGD/uUhFmPwbfKCejqYitJI2zgNR?= =?us-ascii?Q?hymmzIK4dFSgDo30RVlSz09mAWXWKwuF8E8/bK/Yt6FC7MJWYRa3jNSEZvX4?= =?us-ascii?Q?/RgyijJCpElFwxQmwSvIpQVyJnI8TO4F4+6pG93CFFzlGUVMTMzQM2cdxoUd?= =?us-ascii?Q?ZEJc2X6zZOHNKmMwvTRNmSNihp+GxHEJ0kT2v8OJmfXjUb7o6ty50/w6Q/Kl?= =?us-ascii?Q?AIPNoHAbuXbPq2hONYwimXkbf6tyU9EdW+lYeUST2QUJZ6o4DluYsjZoL3iX?= =?us-ascii?Q?XPwvrSkvatYVmLUYV719Ves7E7vYlS5uimSxT03YqyLMzGmr5bXXfBfcfLY7?= =?us-ascii?Q?qLNR+npLKLR4PKZRxl1CjABIVK95dl67SuDn22lItiXdClkLjncPPWigVfLT?= =?us-ascii?Q?r6kvNNHx9qUgKYxdhBPqzdqEY2++igiBYm0i8U6ig8p2rh0ucAiw+f0GbxZU?= =?us-ascii?Q?QZKTXrCtR1cmUuBFmTMe9dvd92E6GJ4d3AzKCtFcK1o90eIYT2szRZ71eUkE?= =?us-ascii?Q?jzfD3muIO28//WbgjRVKJg/0z2llaChNHVzm2G7JgCn6v+/tioNEvRnmeZjh?= =?us-ascii?Q?yiqhPBIrx30+M1K16KHpgDLCGM9+8aolepPKxzFznJScGw9Yl8REMI7fvLDN?= =?us-ascii?Q?bDMJ8nnHDmBvvOL0GioBn7RoQebmqZKuF43r6YDKoikc/dUH2IM62UWWwyr9?= =?us-ascii?Q?kbv0kMBeJbxcyzkD3CEc4c3aUk7Ux4DjkuxaEPGplwVWtvRaaZUdNUu9zTSc?= =?us-ascii?Q?E/c8RSz85sUuP//jBg/3JokyQkXDHw5U3NRRO5LdRUTaHpzFHslMkwqcBFIq?= =?us-ascii?Q?QubE0ttLLFCoc1o/zQIqRyQPizHgPCr+Fsp2/j/OQw5OEWkYR0cCsL5UHT4V?= =?us-ascii?Q?1uYxJMyVcXvN7Oswp88aJKjBvSly8ge6hkfr1ETCE8uHMVfatq3qWdc3ZBtq?= =?us-ascii?Q?dAvXlbEZqe/lJ2qTM21QGwmUusExtVM+bRCtZFbeoqipjAjGui3MYZYYmjPg?= =?us-ascii?Q?Q+rQ4QtWyz5zo7+hH8ADOdRCopDbTP0y0XDhbaSOXBhwiAjIGwVXrqd+QBDP?= =?us-ascii?Q?hxRxZrgQlwrBB+lu6rCWGZQ9+JbMzGkC7I32gg4s9YWQaLETgQUyJH3vLsPQ?= =?us-ascii?Q?m4Wv73dAPEwBsM451L4zDi6Cfuv4uaDAkjCNH5GfXlAuXkuvpm3BRYHQ62PD?= =?us-ascii?Q?GATS1A=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 09f9bccb-9f43-4aff-126f-08dafef14eb3 X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jan 2023 16:29:18.9153 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: z41bM9ZnJ/xAiUQO1sacyyQ4Q52tuWTagQM26XXgbJGIVSi+liaDy6/wjdjGIHc7SrjT/LLZ46DvDV6NsZOtc+AZbxNpM0bKQJF2372LC+Y= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB6450 X-TUID: 6aPboxafYCls Am Wed, 25 Jan 2023 14:44:40 +0100 schrieb Gylstorff Quirin : > On 1/25/23 14:29, Henning Schild wrote: > > Am Wed, 25 Jan 2023 10:01:51 +0100 > > schrieb "T. Schaffner" : > > > >> From: Tobias Schaffner > >> > >> This patch series will allow to specify a `pre` flag for the USER_ > >> and GROUP_ bitbake variables. If this flag is set to `true` the > >> given user or group will be created in the rootfs configuration > >> step instead of on rootfs postprocessing. This is helpful when a > >> specific id should be used which would otherwise be picked by a > >> user or group created by one of the installed packages. > > > > While i do understand the reason i am not sure how relevant that is. > > Why would anything only function with a fixed ID? Whoever provided > > that thing should maybe fix it. > > Specific IDs are necessary for Updating an A/B rootfs system with a > persistent partition. In this case you do not want to change any IDs > as this can lead to wrong file permissions. I see, that is much more understandable. It also goes into the reproducible build direction. But if that is the case the solution does not seem to be good enough because it only considers users/groups created by isar. Not the ones created by installing debian packages. Where the order could be potentially random. Say you DEBIAN_DEPENDS or IMAGE_PREINSTALL "ftpd wwwd" which will craete users "ftp www" where the two deamons do not have any dep on each other and apt-get could install them in any order. That order might in reality not change too often but it could i.e. when you move from debian11 to debian12 or when you bring the third (or 10th) user-adding package into your new firmware. So what you maybe really want is giving isar an /etc/passwd /etc/group pair. Every new firmware is build with the given layer code and that file-pair from the first release. Where you inject those files between bootstrap and install ... hoping that bootstrap will always be the same. Maybe one can inject before bootstrap ... or write a postproc function that will find all different ids and all files and fix up. Or at least start with an assertion in postproc that looks at the old database. Is the problem of uid/gid depend on install order known in the debian community and how do others solve it? Gentoo has moved from such dynamic allocation to static some years ago, probably for similar reasons. Henning > > > > So i am willing to say that this is super-niche! And it deserves a > > niche-solution in its layer, not a feature in Isar. > > > > You could hook in a task between bootstrap and image_install. Or you > > could rebuild a bootstrap package to have reserved ids. You could > > run "the thing" in namespaces ... > > > > So is that really relevant? Please go into detail. > > > > Whatever happens i think the python rewrite is cool. But the code > > may have been coming/inspired from OE ... in which case it would > > not be cool, because it would fork away further. > > > OE uses a complete different implementation than to original: > https://git.openembedded.org/openembedded-core/tree/meta/classes/useradd.bbclass > > see also: > > https://git.openembedded.org/openembedded-core/tree/meta-skeleton/recipes-skeleton/useradd/useradd-example.bb > > > > Quirin > > > > Henning > > > >> A rewrite of the image-account-extension in python was done on the > >> way. This allows us to drop a lot of encoding and parsing code that > >> was used to transition to shell and therefore made it easier to > >> read and maintain. > >> > >> Using python functions for more complex tasks allows us the usage > >> of unittests. A very basic infrastructure for unittesting using > >> the build in python unittest and the bb.parse module was added. > >> This was used to test the re-implementation of the > >> image-account-extension as a first showcase. > >> > >> Tobias Schaffner (5): > >> simplify image-account-extension > >> allow creation of users/groups before rootfs creation > >> create a minimal python unittest infrastructure > >> add unittests for the image-account-extension > >> set minimal python version in user_manual to 3.5 > >> > >> doc/user_manual.md | 4 +- > >> meta/classes/image-account-extension.bbclass | 391 > >> +++++++----------- testsuite/unittests/README.md | > >> 28 ++ testsuite/unittests/bitbake.py | 37 ++ > >> testsuite/unittests/rootfs.py | 45 ++ > >> .../unittests/test_image_account_extension.py | 175 ++++++++ > >> 6 files changed, 434 insertions(+), 246 deletions(-) > >> create mode 100644 testsuite/unittests/README.md > >> create mode 100644 testsuite/unittests/bitbake.py > >> create mode 100644 testsuite/unittests/rootfs.py > >> create mode 100644 > >> testsuite/unittests/test_image_account_extension.py > >> > > > > > >