From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7216294651790098432 X-Received: by 2002:a05:600c:280e:b0:3ed:cc22:23c4 with SMTP id m14-20020a05600c280e00b003edcc2223c4mr5749687wmb.1.1680206113345; Thu, 30 Mar 2023 12:55:13 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:600c:1907:b0:3ed:c6c6:d96a with SMTP id j7-20020a05600c190700b003edc6c6d96als1545962wmq.3.-pod-control-gmail; Thu, 30 Mar 2023 12:55:11 -0700 (PDT) X-Google-Smtp-Source: AK7set/qV5nkod8WYsnxcAs7rwHLzcvfphMiKbeEDtb6zfYEol6Q/qpE4e+ynyu+T3tCDHedOX9W X-Received: by 2002:a05:600c:218d:b0:3ed:9576:34ce with SMTP id e13-20020a05600c218d00b003ed957634cemr18404045wme.9.1680206111454; Thu, 30 Mar 2023 12:55:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1680206111; cv=pass; d=google.com; s=arc-20160816; b=ZeEs4eG2mtgqMAipHTw8Og5vAbMaSU+rri5MT+eHUTNpxMHRkkyzYl1c+c69QqZv+A hPzBNmzP+sJh77P2uu5WeKQdX3ZMkkXs8llDX+vD0EJbRwjDI/9HbAGRa4lCEPFjQPZj epEUQWlVKLhclET/PkANUbGsxOWBRh9ZthLWq/15OI/FXJFwGAtGGZL3uRTDC1J1Y/P5 TzVDrZgR+K4V5ecJIn/pPVIC+YLHVXq1SNY3oQIFWsLrq5tpfkuU7NxGox3lWS+ge5it p3IA40jdSEniZ3qMwNJX9MaLEM/Kat8pMYDBGHHqoQbvAbOa9gqjRt9N+KFQBOGvNBuI D6JQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=coDnhy+NZPPPcYjrNPCjtZpvIQTT8UN010w+LL3KaPg=; b=JlSd6KF8NKSLidZTbJB5V3cuLAwUSfCImO23kOZw+Uld/ZxyGPGaoCT7M1sCjPHUXP 3XK9k1VU3BkZWTPU+Bj6LR46EdVvhvRTLHPAyxHETdthNroQLFfsaJLnq1tXVjBqu8vU iYeUsKsoTuHBgsdtHj3RuVXNGv0vq8KpfsYZkiQRbZgvwbTRCQvTV2TpkGkUVFWnG9OX 5/apI4htv+uWdABbpFwO2fXGu/z0lFBduMjXD2JOKg9KiWDilUv/FBsGymKJdcMvRFD5 Yg+5OwduFtTEpG22DBzn20ezM2GGARa7Q/EM+UyiFKD3VmM1PFSlKX4we/JsqYub4DnJ xtwQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ap4uJSC8; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:7eaf::615 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20615.outbound.protection.outlook.com. [2a01:111:f400:7eaf::615]) by gmr-mx.google.com with ESMTPS id s15-20020a05600c45cf00b003ede640bce5si498250wmo.0.2023.03.30.12.55.11 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Mar 2023 12:55:11 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:7eaf::615 as permitted sender) client-ip=2a01:111:f400:7eaf::615; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=ap4uJSC8; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 2a01:111:f400:7eaf::615 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Kyj86zN3fJ1enWRQqrruMgwMwUZya9aH8KHE6sM4j2dg7IDH3r9MGtatfQUah0HpAbdzSA7HODChE1VhDrFrulEbyB5+BKHuafkza4l9HGbe+C14U9Fc0ZmB1TSvNItY6ERp6fVmS1U7EGSHLvAOHgNOUPJ7Q7o+D7abYrKX34ReC83/GqEokgg4fYdOgotdzNNf6iJbSVcq0m2Q+AvDKT2Gj08PNv4ocaz9yC5ATMK4kE8oDXL3xfUQ4Flzuk7KnNsu+qD5D9w2HN0w8i5ggCzTzURoH22P4FdM2kZ8C3HYU5Lmusi0MiSZkywMzohO2mUU+sZeZErvG2k2KAXbHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=coDnhy+NZPPPcYjrNPCjtZpvIQTT8UN010w+LL3KaPg=; b=mPgRoZg3jTSBs03DcWbAtaT6zzfMYKf0I+oAUhnTEUZfPILF5ChbC8FH+Wqlvc+2I0lkshYvPcn+bPWFSqZCkeJhheqbDkVxe+hSuFiJmNGU86tD8VFjGygxOcNKVgvXxULbHxV/hOqfjOZYdgp/EtHQK5M9P1u/iM8ssK22TMdMGzBfEgWHFlByEEZlwvfecNbI0hnUJzyyIUA6plMi0U1ueUQwL4ZygHmEdFoWymGbV2YpqhdumpOJ4NXSraWr7Iba7ozv8HNAKvAktHZ2mPTF9gcVybyt13HD+WCPVhuYqojYnrEmJDX8J+Uie3Y1i/JIfGzZKEpSMEgADVz2dw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=coDnhy+NZPPPcYjrNPCjtZpvIQTT8UN010w+LL3KaPg=; b=ap4uJSC86yxab28uXyOPbgqvKolsgm2zpfop0gtsu7vp4JchAv+3kQab/Iyyr/0fHG7XK54d+BeLZ5Fe9xBX4A4zC1Z5BM1Fa0BkWVDqpY7Q0du+YrVZKaX1HQvKOYRbd0UFy6vN9gwphPLrORrO+NeVGKoVVlXkDiRpKYIkbt4c0EMOWsQyUITPW1K+spFnbLQEG825GHDmjTdFQmGPPuEQBhjv/HDj4Dyh5zCl5aRQ1z4cjON7KWtalAPkzQ9moU7rnaiFfI+LXN9UCBYMkSHWuZ5mgvOVtsLmpedqfHbcPMI4ancxUuJzDvwT0xPZc2MfvxxAVnoB8MEEPPpS1g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) by AM7PR10MB3575.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:134::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.19; Thu, 30 Mar 2023 19:55:09 +0000 Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::f777:d35e:83f2:6148]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::f777:d35e:83f2:6148%5]) with mapi id 15.20.6254.020; Thu, 30 Mar 2023 19:55:09 +0000 Date: Thu, 30 Mar 2023 21:55:01 +0200 From: Henning Schild To: "T. Schaffner" Cc: , Subject: Re: [PATCH 1/4] simplify image-account-extension Message-ID: <20230330215501.6f7cafb7@md1za8fc.ad001.siemens.net> In-Reply-To: <20230330110804.1016614-2-tobias.schaffner@siemens.com> References: <20230330110804.1016614-1-tobias.schaffner@siemens.com> <20230330110804.1016614-2-tobias.schaffner@siemens.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.35; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH2PR14CA0023.namprd14.prod.outlook.com (2603:10b6:610:60::33) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PA4PR10MB5780:EE_|AM7PR10MB3575:EE_ X-MS-Office365-Filtering-Correlation-Id: 458d130b-b0d8-4419-f5ae-08db3158aa58 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1aANZphQKo2A2D9f0ykY25qmF59MGDd/3uiQ4I+lU4dp1zR++0Avn8tMUb7sNyhEQb73Qz3CXwuw7oGFUl4DmQXJWVjMQDkOJJ6sDpqkCkuy34pN3KdGX9BkY8QUpZAICt+VH1V58Yaw9C+TzNkmkGw0UyLTJEoGwD3v9BU0YE7M4hveyzP6ek+TM7ytphSzOjcDaQXozVIJAVPYo6XrUMZOT9B1Y5JSmOito/MJU3KZs9/6yMllGrsPTyfKRmR14V/T9QhI+upqyEBY5qhsDfMWvfd3xX174SygV338NSwbvHohayxUDvUGu9plX9jDcVrOeXHGL5VXbdWlDrLA5w3Xhm/SIXTqXMLpc9Pwc7EpP91X9Yyh8mghMiWBFfWqkQ1ZkThmb2rkZ3zr1zVQieMiMY64sml0NIzE7gxQ34hOHhVDX1I/ydOw/RCQnwHkAFVJZ/x9dTS3MQvJZNe1aJdmhO6A2WfkkZYtBW7lYHYvcSCo5/XyiI8qzX5jMxUtKAGA4oYNeDK3caDpfVNQLNroLB7A5Fxbr6dZyM4NBhC+aANgBluWAxxGbaoEg2pS X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230028)(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(451199021)(86362001)(6486002)(4326008)(66476007)(8676002)(41300700001)(316002)(66946007)(54906003)(478600001)(66556008)(5660300002)(15650500001)(44832011)(30864003)(6862004)(8936002)(9686003)(82960400001)(38100700002)(186003)(6506007)(107886003)(6666004)(6512007)(1076003)(6636002)(2906002)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?L4sEsf4ScdruUHVkJjXaWIhgfy8Ur98K6iMg3ysRr7lYb5rCrwKl2SUR9GG/?= =?us-ascii?Q?l+54Psitu26S9MhZd2Fntld4utq31Ra68G32BBWmCjc3kHs2jmGiWvExUJmS?= =?us-ascii?Q?x3m6jATFhSV4+axWSoVlG6lelrzLK65yyd+Q9t9tK+vvpeIKm8G8BaR/X/Aw?= =?us-ascii?Q?3BI7py5OcN38pNAPltb8u0G/4tuy7o71pxomDx4NTOdwyVLCz6sQidVOZUXF?= =?us-ascii?Q?ejX9IMy97L1HRhbNl9A699L09pSmoW6h8E9GFEhkw83A1eaxqVk/07bUtG6t?= =?us-ascii?Q?zeIfgj32d8Sfd/cwI2gz/E9kSP4akwFiQoh56bTCVkHXSzIvuJQr+jN7Bj62?= =?us-ascii?Q?LDa7/uwHa5oXwgRqFVgor9+XKUbemZ7rPRpkQVPnaDsN0OXHyzaNhEUGejgt?= =?us-ascii?Q?YvP7RRFTSgenqGrkrM227DcMTp+V+dOL7V230BFkd9MNgdSCQldvmVxPoHpb?= =?us-ascii?Q?aL9EC3FeEgvJNBbihQCNe2dOY9ylEADcCUJrzJpjhsYsOXN4N2RTd/zk8a/g?= =?us-ascii?Q?3Vbq+AxM/LR6y2/QU7t80nH/h32TyBHT8p/W5ReuvPqse6vBjqkEEqlpi2EJ?= =?us-ascii?Q?TfelR+lIK6jgaNpJtoGVPfm1Uft7CELTT2BlmGN+mplQ/Q15oM+txrlRDwbX?= =?us-ascii?Q?wy34J2Ktx/HO4R1GH++4qq6jtNQnZM9kXLATCMfoZ4/t2AOstunZMlzHzDyp?= =?us-ascii?Q?vbyTeYDIhQMHjvCime/rrJFQS6MSAFatXGthjoM0zW58NB1mlOUJZOeaf18D?= =?us-ascii?Q?jdU8dkQm36HvhzYRQHWcuwTCFiALw2Liz0PAuDm39yufrUn8PrgulRxRcINN?= =?us-ascii?Q?Jy/dDdJyyxsYzofi/iacjsW48Wckl/NcUaymdPVHXEhnopy31ieN7AyHIZGJ?= =?us-ascii?Q?vwf8W7sbzNrvVjo4SSaLelx4g87TIaxyaxn3WO1GhKhqOdDz05iRJ3GuntmE?= =?us-ascii?Q?83qgWA8+iPZ758wXCyiVP1fUfqDnc0QrolTJep/m1VGGdvTNGrBqPgVOpFJz?= =?us-ascii?Q?lBPL2jJTgvbhZmZjh0CD3NEBl8MHxNXe2RSY9UtLXQoSJfInTm03XlSRdhBc?= =?us-ascii?Q?q8WBONhHyZWpHXapjpPWKDE6fEkcGtyIKvosTdwfhdz8ysTNu061I6wmQp2d?= =?us-ascii?Q?q3jzQxjv6fxSb1jI0jRjNu+9GeVlmP4sdySIm1iIMPUSHGZqe57fh1eFDA5d?= =?us-ascii?Q?nFze2y3StP4CgHN6uQfViUZBK5K7a+IC6XzUHX7fQtlX/qKYwBcMWMpox9ri?= =?us-ascii?Q?AjaIxZ4UpcjcYxwhyu/5FdrMy1pUU2CFdqaf+6lLgwwV9HjXRyzjFWMKbLbS?= =?us-ascii?Q?ma4BdxO1a7xIXiz3O1ftrIP8ABeWDZxxK6jZQDZ0WrUlb8vxf7EoL59+utKp?= =?us-ascii?Q?QodTE/PSow5A1rFkoFqdf9VB7ZliwXIBiuwSF1TmDqw8y2ytRWn3EkrZaeKS?= =?us-ascii?Q?t+y4GeA9HT9bsuDHpjc+Q65O4+4SssHFlOr3Fu9u3xH211u1vquqajwt6fWm?= =?us-ascii?Q?1SWmoAriaoix7QGHqimSbDSqF6G4dVx6HaL2iMxBD2nwbaR/nBw4Q0p+0Q1g?= =?us-ascii?Q?FpgVnQ0bLCK65RhEh6PuMRg9sjMywdEMZD4bTNM50oUxw9sgAmP2n6cE3/hT?= =?us-ascii?Q?DSFcA5l9FKFrbZSV8LXOUkoRHH+GHM4/V+/sgCL1jg/u9Y5CkZycyonpqsMf?= =?us-ascii?Q?DIUZZw=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 458d130b-b0d8-4419-f5ae-08db3158aa58 X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2023 19:55:09.5883 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zPfpWOsoTPRf7x+rz5THSwWQcK8oYmwHom7rA/86y8/FnxrhHtkssRCLY5xDWYTpZ3sfWCcb4HOjyEAjXHcjrglQdrlItcdIbVzlJpIuNss= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3575 X-TUID: zs/hREDD0lA3 Am Thu, 30 Mar 2023 13:08:01 +0200 schrieb "T. Schaffner" : > From: Tobias Schaffner > > Do the complete user and group creation in python. This allows us to > drop the encoding and parsing code that was used to make the user and > group lists available in the shell function. > > Signed-off-by: Tobias Schaffner > --- > meta/classes/image-account-extension.bbclass | 368 > +++++++------------ 1 file changed, 124 insertions(+), 244 > deletions(-) > > diff --git a/meta/classes/image-account-extension.bbclass > b/meta/classes/image-account-extension.bbclass index > 1a1f704d..d1133bb4 100644 --- > a/meta/classes/image-account-extension.bbclass +++ > b/meta/classes/image-account-extension.bbclass @@ -1,5 +1,5 @@ > # This software is a part of ISAR. > -# Copyright (C) Siemens AG, 2019 > +# Copyright (C) Siemens AG, 2023 2019-2023 did not look at the rest, this feels like it should be tried out ... functional review, which i would try to do please make sure that would pass flake8 ... might be hard since it is "embedded code" a long time ago we had contributions from Harald Seiler, who managed to somehow lint python code inside bb code. Henning > # > # SPDX-License-Identifier: MIT > # > @@ -25,251 +25,131 @@ GROUPS ??= "" > #GROUP_root[gid] = "" > #GROUP_root[flags] = "system" > > -def gen_accounts_array(d, listname, entryname, flags, > verb_flags=None): > - from itertools import chain > - > - entries = (d.getVar(listname) or "").split() > - return " ".join( > - ":".join( > - chain( > - (entry,), > - ( > - (",".join( > - ( > - d.getVarFlag(entryname + "_" + entry, > flag, True) or "" > - ).split() > - ) if flag not in (verb_flags or []) else ( > - d.getVarFlag(entryname + "_" + entry, flag, > True) or "" > - )).replace(":","=") > - for flag in flags > - ), > - ) > - ) > - for entry in entries > - ) > - > -# List of space separated entries, where each entry has the format: > -# > username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 > -IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', > ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', > 'shell', 'groups', 'flags'], ['password', 'comment', 'home', > 'shell'])}" - -# List of space separated entries, where each entry > has the format: -# groupname:groupid:flag1,flag2 > -IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', > 'GROUP', ['gid', 'flags'])}" - -do_rootfs_install[vardeps] += > "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" > -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" > -image_postprocess_accounts() { > - # Create groups > - # Add space to the end of the list: > - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS').split())} ' > - while true; do > - # Pop first group entry: > - list_rest="${list#*:*:* }" > - entry="${list%%${list_rest}}" > - list="${list_rest}" > - > - if [ -z "${entry}" ]; then > - break > - fi > - > - # Add colon to the end of the entry and remove trailing > space: > - entry="${entry% }:" > - > - # Decode entries: > - name="${entry%%:*}" > - entry="${entry#${name}:}" > - > - gid="${entry%%:*}" > - entry="${entry#${gid}:}" > - > - flags="${entry%%:*}" > - entry="${entry#${flags}:}" > - > - flags=",${flags}," # Needed for searching for substrings > - > - # Check if user already exists: > - if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then > - exists="y" > - else > - exists="n" > - fi > - > - # Create arguments: > - set -- # clear arguments > - > - if [ -n "$gid" ]; then > - set -- "$@" --gid "$gid" > - fi > - > - if [ "n" = "$exists" ]; then > - if [ "${flags}" != "${flags%*,system,*}" ]; then > - set -- "$@" --system > - fi > - fi > - > - # Create or modify groups: > - if [ "y" = "$exists" ]; then > - if [ -z "$@" ]; then > - echo "Do not execute groupmod (no changes)." > - else > - echo "Execute groupmod with \"$@\" for \"$name\"" > - sudo -E chroot '${ROOTFSDIR}' \ > - /usr/sbin/groupmod "$@" "$name" > - fi > - else > - echo "Execute groupadd with \"$@\" for \"$name\"" > - sudo -E chroot '${ROOTFSDIR}' \ > - /usr/sbin/groupadd "$@" "$name" > - fi > - done > - > - # Create users > - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS').split())} ' > - while true; do > - # Pop first user entry: > - list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" > - entry="${list%%${list_rest}}" > - list="${list_rest}" > - > - if [ -z "${entry}" ]; then > - break > - fi > - > - # Add colon to the end of the entry and remove trailing > space: > - entry="${entry% }:" > - > - # Decode entries: > - name="${entry%%:*}" > - entry="${entry#${name}:}" > - > - password="${entry%%:*}" > - entry="${entry#${password}:}" > - > - expire="${entry%%:*}" > - entry="${entry#${expire}:}" > - > - inactive="${entry%%:*}" > - entry="${entry#${inactive}:}" > - > - uid="${entry%%:*}" > - entry="${entry#${uid}:}" > - > - gid="${entry%%:*}" > - entry="${entry#${gid}:}" > - > - comment="${entry%%:*}" > - entry="${entry#${comment}:}" > - > - home="${entry%%:*}" > - entry="${entry#${home}:}" > - > - shell="${entry%%:*}" > - entry="${entry#${shell}:}" > - > - groups="${entry%%:*}" > - entry="${entry#${groups}:}" > - > - flags="${entry%%:*}" > - entry="${entry#${flags}:}" > - > - flags=",${flags}," # Needed for searching for substrings > - > - # Check if user already exists: > - if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then > - exists="y" > - else > - exists="n" > - fi > - > - # Create arguments: > - set -- # clear arguments > - > - if [ -n "$expire" ]; then > - set -- "$@" --expiredate "$expire" > - fi > - > - if [ -n "$inactive" ]; then > - set -- "$@" --inactive "$inactive" > - fi > - > - if [ -n "$uid" ]; then > - set -- "$@" --uid "$uid" > - fi > - > - if [ -n "$gid" ]; then > - set -- "$@" --gid "$gid" > - fi > - > - if [ -n "$comment" ]; then > - set -- "$@" --comment "$comment" > - fi > - > - if [ -n "$home" ]; then > - if [ "y" = "$exists" ]; then > - set -- "$@" --home "$home" --move-home > - else > - set -- "$@" --home-dir "$home" > - fi > - fi > - > - if [ -n "$shell" ]; then > - set -- "$@" --shell "$shell" > - fi > - > - if [ -n "$groups" ]; then > - set -- "$@" --groups "$groups" > - fi > - > - if [ "n" = "$exists" ]; then > - if [ "${flags}" != "${flags%*,system,*}" ]; then > - set -- "$@" --system > - fi > - if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then > - set -- "$@" --no-create-home > - else > - if [ "${flags}" != "${flags%*,create-home,*}" ]; then > - set -- "$@" --create-home > - fi > - fi > - fi > - > - # Create or modify users: > - if [ "y" = "$exists" ]; then > - if [ -z "$@" ]; then > - echo "Do not execute usermod (no changes)." > - else > - echo "Execute usermod with \"$@\" for \"$name\"" > - sudo -E chroot '${ROOTFSDIR}' \ > - /usr/sbin/usermod "$@" "$name" > - fi > - else > - echo "Execute useradd with \"$@\" for \"$name\"" > - sudo -E chroot '${ROOTFSDIR}' \ > - /usr/sbin/useradd "$@" "$name" > - fi > - > - # Set password: > - if [ -n "$password" -o "${flags}" != > "${flags%*,allow-empty-password,*}" ]; then > - chpasswd_args="-e" > - if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; > then +def image_create_groups(d: "DataSmart") -> None: > + """Creates the groups defined in the ``GROUPS`` bitbake variable. > + > + Args: > + d (DataSmart): The bitbake datastore. > + > + Returns: > + None > + """ > + entries = (d.getVar("GROUPS") or "").split() > + rootfsdir = d.getVar("ROOTFSDIR") > + chroot = ["sudo", "-E", "chroot", rootfsdir] > + > + for entry in entries: > + args = [] > + group_entry = "GROUP_{}".format(entry) > + > + with open("{}/etc/group".format(rootfsdir), "r") as > group_file: > + exists = any(line.startswith("{}:".format(entry)) for > line in group_file) + > + gid = d.getVarFlag(group_entry, "gid") or "" > + if gid: > + args.append("--gid") > + args.append(gid) > + > + flags = (d.getVarFlag(group_entry, "flags") or "").split() > + if "system" in flags: > + args.append("--system") > + > + if exists: > + if args: > + bb.process.run([*chroot, "/usr/sbin/groupmod", > *args, entry]) > + else: > + bb.process.run([*chroot, "/usr/sbin/groupadd", *args, > entry]) + > + > +def image_create_users(d: "DataSmart") -> None: > + """Creates the users defined in the ``USERS`` bitbake variable. > + > + Args: > + d (DataSmart): The bitbake datastore. > + > + Returns: > + None > + """ > + import hashlib > + import crypt > + > + entries = (d.getVar("USERS") or "").split() > + rootfsdir = d.getVar("ROOTFSDIR") > + chroot = ["sudo", "-E", "chroot", rootfsdir] > + > + for entry in entries: > + args = [] > + user_entry = "USER_{}".format(entry) > + > + with open("{}/etc/passwd".format(rootfsdir), "r") as > passwd_file: > + exists = any(line.startswith("{}:".format(entry)) for > line in passwd_file) + > + def add_user_option(option_name, flag_name): > + flag_value = d.getVarFlag(user_entry, flag_name) or "" > + if flag_value: > + args.append(option_name) > + args.append(flag_value) > + > + add_user_option("--expire", "expiredate") > + add_user_option("--inactive", "inactive") > + add_user_option("--uid", "uid") > + add_user_option("--gid", "gid") > + add_user_option("--comment", "comment") > + add_user_option("--shell", "shell") > + > + groups = d.getVarFlag(user_entry, "groups") or "" > + if groups: > + args.append("--groups") > + args.append(groups.replace(' ', ',')) > + > + flags = (d.getVarFlag(user_entry, "flags") or "").split() > + > + if exists: > + add_user_option("--home", "home") > + if d.getVarFlag(user_entry, "home") or "": > + args.append("--move-home") > + else: > + add_user_option("--home-dir", "home") > + > + if "system" in flags: > + args.append("--system") > + if "no-create-home" in flags: > + args.append("--no-create-home") > + if "create-home" in flags: > + args.append("--create-home") > + > + if exists: > + if args: > + bb.process.run([*chroot, "/usr/sbin/usermod", *args, > entry]) > + else: > + bb.process.run([*chroot, "/usr/sbin/useradd", *args, > entry]) + > + command = [*chroot, "/usr/sbin/chpasswd"] > + password = d.getVarFlag(user_entry, "password") or "" > + if password or "allow-empty-password" in flags: > + if "clear-text-password" in flags: > + > # chpasswd adds a random salt when running against a > clear-text password. # For reproducible images, we manually generate > the password and use the # SOURCE_DATE_EPOCH to generate the salt in > a deterministic way. > - if [ -z "${SOURCE_DATE_EPOCH}" ]; then > - chpasswd_args="" > - else > - salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum > -z | cut -c 1-15)" > - password="$(openssl passwd -6 -salt $salt > "$password")" > - fi > - fi > - printf '%s:%s' "$name" "$password" | sudo chroot > '${ROOTFSDIR}' \ > - /usr/sbin/chpasswd $chpasswd_args > - fi > - if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then > - echo "Execute passwd to force password change on first > boot for \"$name\"" > - sudo -E chroot '${ROOTFSDIR}' \ > - /usr/bin/passwd --expire "$name" > - fi > - done > + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") or > "" > + if source_date_epoch: > + command.append("-e") > + salt = > hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] > + password = crypt.crypt(password, > "$6${}".format(salt)) + > + else: > + command.append("-e") > + > + bb.process.run(command, "{}:{}".format(entry, > password).encode()) + > + if "force-passwd-change" in flags: > + bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", > entry]) + > + > +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" > +python image_postprocess_accounts() { > + image_create_groups(d) > + image_create_users(d) > }