From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7216294651790098432 X-Received: by 2002:ac2:5322:0:b0:4eb:93a:41f0 with SMTP id f2-20020ac25322000000b004eb093a41f0mr5527548lfh.4.1680174529361; Thu, 30 Mar 2023 04:08:49 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:b8d2:0:b0:295:a3ad:f338 with SMTP id s18-20020a2eb8d2000000b00295a3adf338ls320024ljp.4.-pod-prod-gmail; Thu, 30 Mar 2023 04:08:47 -0700 (PDT) X-Google-Smtp-Source: AKy350bsgxhUPLKQl8k4uylVc9o5D3S06fJrdf6byXT4FBZ/VeoUC0v8HIWXUtaNmQWnxdvwPafQ X-Received: by 2002:a2e:a307:0:b0:2a6:18c0:2b3c with SMTP id l7-20020a2ea307000000b002a618c02b3cmr767692lje.0.1680174527761; Thu, 30 Mar 2023 04:08:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1680174527; cv=pass; d=google.com; s=arc-20160816; b=iitS42eR7LF53UwnkhWqoa8wrSHT5KfwZmyZx6lnd0PBKmRjCARdGJR9Fs0vA3eHEn IVV0OYsp5KmDwkWyIBQ5IygEsqL0n9UdSb47nq8Al1vbaK5CnYELguXxs/sgbwkjbIEl yV5T4xEnih6Mc64mhSRLEtrY19DHcB0mRUCafRRFbttsH3f6oTdx9SuAbLhzA37H4wc+ d7ZEMGAdV2JcHBmJIp29WkP72J1NMA8y3TUtjIiDQ2mc8Dy1bb1NavqN4dQoBLQ99PwX iZwaxBcBGnIH3cZg9iCTV9yLYxYj4AQ+psHDBzNC9Goa7tKuzYtUwQPs0kLsK7HbL5cg ndFQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=uARwBRHYZPSEG0bO22HJ/M5wXDtIb0615ZI3IO33rKI=; b=M3efIjWaFEhjBcgK7Y6Vwhl+S+T7lwV6GLThKDkY69wX8D4kHoCo9Qb+1gpfAInjtG SOEjWP/4ohnCvNFryqZdl97Mv+tYjDyszZdcwhZFRzmP7DihEh4fwThKtxpuMkreuu47 Td4hJcrFeQkwiwTRGEHc0fSx5t1pwLJcHoh+a7A5MPWWCOJhJdfs9ZhSfDBlfnmDH1of m74F45vR7X28E1Xj+i35mWXZsorpMEUEpkjMJRpHkVufQ5gnt3rEPJqo5t6rplk3ve6u eK9G8Z4sUgJL07KLdejndwKl/EtkpBhc+nCumSo0lF3friFqnlpohyBH393U2XDn4vR6 QcBA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="JedbJ/kz"; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7eaf::61b as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061b.outbound.protection.outlook.com. [2a01:111:f400:7eaf::61b]) by gmr-mx.google.com with ESMTPS id y4-20020a05651c154400b002a61d615a07si41868ljp.3.2023.03.30.04.08.47 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Mar 2023 04:08:47 -0700 (PDT) Received-SPF: pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7eaf::61b as permitted sender) client-ip=2a01:111:f400:7eaf::61b; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="JedbJ/kz"; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:7eaf::61b as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oTR3X9UgTol3wg9GSvrgsfgy6fI3JyRNNhcNevBa0UDAPpjXrqSkIGgum4hJOIc+6oFaDwbHqpQ0W0qOKnBNQuHmLfmksLKOGF/Uoi0eza1Vgf+q6pPT125c6g297IGV9CE+Rn0ZjQ7Za2uJltMdsAWL8m8kpk68tbJl8/T+ed2zHLh59PYLCPU9T9bChBghBW212ft07UvNgbO8A45xKEtSBqegvGktPVlGEqCDzdsQiBwKI9rLBMUE4alloiB3jC43FZmgeW1nR5Khu+apJrknAgXQ9BKMFEpMBenh0m6SRRW18OGA67M5QCVVdekSngufLgEBD5WEKJnOYeekrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uARwBRHYZPSEG0bO22HJ/M5wXDtIb0615ZI3IO33rKI=; b=auvA2yeMiDLzmkoOIUrfbL1gC0QfwZJMNXE921D6TrUTeaaXuyOZur4BNe4y1cc7MPIc8YieFYJVKZPOYyljroY46DTm6HOIl1NdjMRfuHQwkI9W1T1rE766T1ZKP1YcBka+GI1vsaTPQl7hY2aqYVb217Cpw7Gu3ah1tKJBxo4yOvKLpTyPdkbilj9LYCh3tQRjRy1nBuHFG5h2yqMMFIOtTDNpSw+382tYe5kET9hwZG851hnLpRiMhr1oHUPgx12RMJqcNCW+TLI1ibEWGR3CCxd0++sKEeWc4UkrVvEIIMEGyBY+o1Swi6Zjnncu6Zgv3QWMXUQOyzMQA+9CAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.76) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uARwBRHYZPSEG0bO22HJ/M5wXDtIb0615ZI3IO33rKI=; b=JedbJ/kzS9J0NnFpVSGb24oo+lZH2ZjaGH0tb0ORG/P2NsJ5/oRulzFxwD4NOicbxkEzuWA7L1cwxrhX6DqJmB+4tBqzRLL+kUpfFdN5r2Ty/Xc1ABF8EmN2masmBvFSiNE2gHDxZsETdMuD3hwHaUUX4A/MbbAz/DK58wb1duvrvYqmpcffg3nEFdq+/hUfc0XD5aqk85ChIaa+IinaWBbXAuPnjPHO6mWWTMrQBVoxqGZU3XPbUaULPdFpZtRjPUiZArbTvtccNdIIpSayyFiin8t3c6PfOMaHo194O1weGWVPpNAhw3MCwLGuqWYqg7di0+z8GarhNx+9mOTWFg== Received: from DB6PR0301CA0038.eurprd03.prod.outlook.com (2603:10a6:4:3e::48) by AS2PR10MB7299.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:605::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.20; Thu, 30 Mar 2023 11:08:46 +0000 Received: from DB5EUR01FT029.eop-EUR01.prod.protection.outlook.com (2603:10a6:4:3e:cafe::7e) by DB6PR0301CA0038.outlook.office365.com (2603:10a6:4:3e::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.42 via Frontend Transport; Thu, 30 Mar 2023 11:08:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.76) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com; Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.76 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C Received: from hybrid.siemens.com (194.138.21.76) by DB5EUR01FT029.mail.protection.outlook.com (10.152.4.241) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.22 via Frontend Transport; Thu, 30 Mar 2023 11:08:46 +0000 Received: from DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) by DEMCHDC8VSA.ad011.siemens.net (194.138.21.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Thu, 30 Mar 2023 13:08:44 +0200 Received: from L15-Gen2.fritz.box (139.25.0.85) by DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Thu, 30 Mar 2023 13:08:44 +0200 From: "T. Schaffner" To: CC: , , "Tobias Schaffner" Subject: [PATCH 1/4] simplify image-account-extension Date: Thu, 30 Mar 2023 13:08:01 +0200 Message-ID: <20230330110804.1016614-2-tobias.schaffner@siemens.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230330110804.1016614-1-tobias.schaffner@siemens.com> References: <20230330110804.1016614-1-tobias.schaffner@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Return-Path: tobias.schaffner@siemens.com X-Originating-IP: [139.25.0.85] X-ClientProxiedBy: DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) To DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB5EUR01FT029:EE_|AS2PR10MB7299:EE_ X-MS-Office365-Filtering-Correlation-Id: 638692bb-6561-4500-922e-08db310f2197 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kUHA8Jm4Doz626QaeJDSsqTkd+et6vy6+Zj6QJZm13imz4ZqXsvGWE5eIk8lEe6XgKS1gPvdP/AZe/WtBlIAEbXAUJHboDarykus69WkITCZA47WQE6h6LW5Isk1ld76cvBR5sCYNzOAhr9ZLiwU4gZmxxQmsQR9VJKiaN9F4tWzN/mRnrZejVnlMBi5CVzswzveXF0yiRd8cmg1vlVgeJEZoHKMl7nS9SyYlwAOpJY5iQVQQHQrXIAzKoMZcv5BU9Cud4SaN2roWRsq/kII01iQtR9nGy4A3xdF6MpE5wu63B7dqL9rjfN5oNHioLmgog8pRd/1CI14/QrhrGH3PHC6hOyDXr77cRulSeg8E01h9m8ab3hx8GH3k3wi4wUwFR70SYGOzOLvJptXYrZVKXzoX2a31uRUgv9vyYzyzfeDxyP5UOXBnv4kRsg/RLkdp2oO9OVnwFf1DhQpUqeEldfhZRbqmKXYotCGO1CKvchHPvYLWC8NepSfJbLwTr/U4aJQ+E/yo+APj+r0nBk/QrHBxAEJibrK12gX1yvRBSUgM4JxE2cQzIWiz7eZiGyj+Uc0Drg2x4VG1QOQPp4ug02kwCPtfwuXurHpse1S43oN1uhUqin/jTIs3PGlYg62Y7ZKgFTZFfw9rIxcf6mcdJt7pcUyHRObXDc0QeCJqwLzz0agMvzx3otPBnmd8+6VGJdX3iR2306o/nS1Tq5eBM6p+4I+7qmCUFsVvzNIb7RBf+S+bl29M6pBzC3Yy28eoBte8d51XG2qPN7ODuXiIg== X-Forefront-Antispam-Report: CIP:194.138.21.76;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(39860400002)(346002)(396003)(376002)(451199021)(36840700001)(46966006)(40470700004)(70586007)(26005)(1076003)(6666004)(107886003)(81166007)(82960400001)(356005)(82740400003)(30864003)(956004)(478600001)(47076005)(34020700004)(36860700001)(16526019)(186003)(336012)(15650500001)(40460700003)(5660300002)(2906002)(8936002)(2616005)(70206006)(36756003)(82310400005)(316002)(54906003)(41300700001)(6916009)(4326008)(86362001)(40480700001)(8676002)(83380400001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2023 11:08:46.0127 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 638692bb-6561-4500-922e-08db310f2197 X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR01FT029.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR10MB7299 X-TUID: k4ywYfxKfmLW From: Tobias Schaffner Do the complete user and group creation in python. This allows us to drop the encoding and parsing code that was used to make the user and group lists available in the shell function. Signed-off-by: Tobias Schaffner --- meta/classes/image-account-extension.bbclass | 368 +++++++------------ 1 file changed, 124 insertions(+), 244 deletions(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index 1a1f704d..d1133bb4 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -1,5 +1,5 @@ # This software is a part of ISAR. -# Copyright (C) Siemens AG, 2019 +# Copyright (C) Siemens AG, 2023 # # SPDX-License-Identifier: MIT # @@ -25,251 +25,131 @@ GROUPS ??= "" #GROUP_root[gid] = "" #GROUP_root[flags] = "system" -def gen_accounts_array(d, listname, entryname, flags, verb_flags=None): - from itertools import chain - - entries = (d.getVar(listname) or "").split() - return " ".join( - ":".join( - chain( - (entry,), - ( - (",".join( - ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - ).split() - ) if flag not in (verb_flags or []) else ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - )).replace(":","=") - for flag in flags - ), - ) - ) - for entry in entries - ) - -# List of space separated entries, where each entry has the format: -# username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 -IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', 'shell', 'groups', 'flags'], ['password', 'comment', 'home', 'shell'])}" - -# List of space separated entries, where each entry has the format: -# groupname:groupid:flag1,flag2 -IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'flags'])}" - -do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" -image_postprocess_accounts() { - # Create groups - # Add space to the end of the list: - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS').split())} ' - while true; do - # Pop first group entry: - list_rest="${list#*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - fi - - # Create or modify groups: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute groupmod (no changes)." - else - echo "Execute groupmod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupmod "$@" "$name" - fi - else - echo "Execute groupadd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupadd "$@" "$name" - fi - done - - # Create users - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS').split())} ' - while true; do - # Pop first user entry: - list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - password="${entry%%:*}" - entry="${entry#${password}:}" - - expire="${entry%%:*}" - entry="${entry#${expire}:}" - - inactive="${entry%%:*}" - entry="${entry#${inactive}:}" - - uid="${entry%%:*}" - entry="${entry#${uid}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - comment="${entry%%:*}" - entry="${entry#${comment}:}" - - home="${entry%%:*}" - entry="${entry#${home}:}" - - shell="${entry%%:*}" - entry="${entry#${shell}:}" - - groups="${entry%%:*}" - entry="${entry#${groups}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$expire" ]; then - set -- "$@" --expiredate "$expire" - fi - - if [ -n "$inactive" ]; then - set -- "$@" --inactive "$inactive" - fi - - if [ -n "$uid" ]; then - set -- "$@" --uid "$uid" - fi - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ -n "$comment" ]; then - set -- "$@" --comment "$comment" - fi - - if [ -n "$home" ]; then - if [ "y" = "$exists" ]; then - set -- "$@" --home "$home" --move-home - else - set -- "$@" --home-dir "$home" - fi - fi - - if [ -n "$shell" ]; then - set -- "$@" --shell "$shell" - fi - - if [ -n "$groups" ]; then - set -- "$@" --groups "$groups" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then - set -- "$@" --no-create-home - else - if [ "${flags}" != "${flags%*,create-home,*}" ]; then - set -- "$@" --create-home - fi - fi - fi - - # Create or modify users: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute usermod (no changes)." - else - echo "Execute usermod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/usermod "$@" "$name" - fi - else - echo "Execute useradd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/useradd "$@" "$name" - fi - - # Set password: - if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then - chpasswd_args="-e" - if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; then +def image_create_groups(d: "DataSmart") -> None: + """Creates the groups defined in the ``GROUPS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + entries = (d.getVar("GROUPS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + group_entry = "GROUP_{}".format(entry) + + with open("{}/etc/group".format(rootfsdir), "r") as group_file: + exists = any(line.startswith("{}:".format(entry)) for line in group_file) + + gid = d.getVarFlag(group_entry, "gid") or "" + if gid: + args.append("--gid") + args.append(gid) + + flags = (d.getVarFlag(group_entry, "flags") or "").split() + if "system" in flags: + args.append("--system") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/groupmod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) + + +def image_create_users(d: "DataSmart") -> None: + """Creates the users defined in the ``USERS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + import hashlib + import crypt + + entries = (d.getVar("USERS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + user_entry = "USER_{}".format(entry) + + with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: + exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) + + def add_user_option(option_name, flag_name): + flag_value = d.getVarFlag(user_entry, flag_name) or "" + if flag_value: + args.append(option_name) + args.append(flag_value) + + add_user_option("--expire", "expiredate") + add_user_option("--inactive", "inactive") + add_user_option("--uid", "uid") + add_user_option("--gid", "gid") + add_user_option("--comment", "comment") + add_user_option("--shell", "shell") + + groups = d.getVarFlag(user_entry, "groups") or "" + if groups: + args.append("--groups") + args.append(groups.replace(' ', ',')) + + flags = (d.getVarFlag(user_entry, "flags") or "").split() + + if exists: + add_user_option("--home", "home") + if d.getVarFlag(user_entry, "home") or "": + args.append("--move-home") + else: + add_user_option("--home-dir", "home") + + if "system" in flags: + args.append("--system") + if "no-create-home" in flags: + args.append("--no-create-home") + if "create-home" in flags: + args.append("--create-home") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/usermod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/useradd", *args, entry]) + + command = [*chroot, "/usr/sbin/chpasswd"] + password = d.getVarFlag(user_entry, "password") or "" + if password or "allow-empty-password" in flags: + if "clear-text-password" in flags: + # chpasswd adds a random salt when running against a clear-text password. # For reproducible images, we manually generate the password and use the # SOURCE_DATE_EPOCH to generate the salt in a deterministic way. - if [ -z "${SOURCE_DATE_EPOCH}" ]; then - chpasswd_args="" - else - salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum -z | cut -c 1-15)" - password="$(openssl passwd -6 -salt $salt "$password")" - fi - fi - printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ - /usr/sbin/chpasswd $chpasswd_args - fi - if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then - echo "Execute passwd to force password change on first boot for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/passwd --expire "$name" - fi - done + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") or "" + if source_date_epoch: + command.append("-e") + salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] + password = crypt.crypt(password, "$6${}".format(salt)) + + else: + command.append("-e") + + bb.process.run(command, "{}:{}".format(entry, password).encode()) + + if "force-passwd-change" in flags: + bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", entry]) + + +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +python image_postprocess_accounts() { + image_create_groups(d) + image_create_users(d) } -- 2.34.1