From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7231085468566159360 X-Received: by 2002:ac2:44ce:0:b0:4ea:8659:6deb with SMTP id d14-20020ac244ce000000b004ea86596debmr2185746lfm.0.1684738560960; Sun, 21 May 2023 23:56:00 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:545:b0:2ac:831f:b82f with SMTP id q5-20020a05651c054500b002ac831fb82fls48349ljp.0.-pod-prod-09-eu; Sun, 21 May 2023 23:55:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4+5vlNUtWHNlT46uguhH5DftmrqYLEowfkdhfMRhgYJ/7drGTvXYvpM8hu4NpbPR6i5BoB X-Received: by 2002:a2e:9d02:0:b0:2a0:3f9f:fec6 with SMTP id t2-20020a2e9d02000000b002a03f9ffec6mr3769331lji.37.1684738559527; Sun, 21 May 2023 23:55:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1684738559; cv=pass; d=google.com; s=arc-20160816; b=a39ConEgF6yCyt7NpkNpq0oCjPWyqC0tQV6/IQhzfCNr3O4IoC9mKs4JXUpCYxmyE0 K3+VtFKPlRj7Uus+uZadqBDbXct17Ofa2jClVl1jjgMFX9maT4VXE3ozJksyUucMoWT9 JM1N12gxkFBG89NTKGMJoyHLktsnJ8juKFLZ1e1BZkM8BcE85oC+Ur9mySz+uqbi0bW+ pesn2B6TW6r9yDT6zus+2C1gCaj7+JWjbDhMF9Ml7JT2wOTaCfS6YRtHKZka8m5iPKq+ ngPrtZvpP4eu5o7zgiLJ5kGQOy5LJ9dcmIUEpdW9eIe4pdi6+BBRsfglJJsqyL6HhhcJ L0Qw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=EexWQs+iqzfAHsMuMLN2st82VjDu97uRawPLPMDrkGo=; b=TI3hXTbXDaTsm0DEbg8lhBe/hggObQOMS6wOr3ZyiJt/Jq83pmj/DgbEDmnLQ3HnkJ cRqU0T+Kk4jzfA8fphallpCWJ3ragBjAI0JFIJsu4tYb0AKlOOST3EGyVVMwa5lopqnq t7GUIIlGQxXZVjVk7i94uq3bfuGCox/WUeEaqoTWDiMLwmC6In4XGqSzU6d1g11bP8iF MoYaQC2GFdWW2NczSgH30kSnjF/f2cUKCy+3QkbxQe9jtDhH50ZVNj9XYQ2Pb44zxALY eQDN3EKBQbskPZfDpP5A1bzhDg1CGkYakfzzayq1bjNqpIaeMRDLAY9eFwEUptGhUMSX UgxA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HJyPacEv; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:fe13::608 as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Return-Path: Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02on20608.outbound.protection.outlook.com. [2a01:111:f400:fe13::608]) by gmr-mx.google.com with ESMTPS id by12-20020a05651c1a0c00b002a77f4969bdsi343223ljb.5.2023.05.21.23.55.59 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 21 May 2023 23:55:59 -0700 (PDT) Received-SPF: pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:fe13::608 as permitted sender) client-ip=2a01:111:f400:fe13::608; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=HJyPacEv; arc=pass (i=1 spf=pass spfdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of tobias.schaffner@siemens.com designates 2a01:111:f400:fe13::608 as permitted sender) smtp.mailfrom=tobias.schaffner@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QDV2iHaZ3pTuO5xGRwd8D/+3tCJBjp2IjFiy7tlvmdsrWo7pKvPztYf48UTn6UNzkhohIlc5h5P3r98behgqU9QROCZ4/eOkP53GmEXss1o2suZx88NjDjW8Zvj6ANB3ulOMwICuw1QBf63wmYYxBuD8TYKy2WQGExiHkXb9vQPowTyEQ3cQu5Ha67DZJsRlEF4yWdKlg2fxuP8TP/0noLl2HumIVrTxdNPrwz94yO8rjtXbRTwjAY9M7d8cwcc36C9zMAviLQmBZuyEpaBY0y8Q/N+n8+bUFp+j1WEY8SiCB3fFEJNa0+dhgO45FM/yUnGXQnKz3QyM1aXfWj9H9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EexWQs+iqzfAHsMuMLN2st82VjDu97uRawPLPMDrkGo=; b=n6Mf2H8z8iQvC48gKmsROFAMw4hr/vNVsuyEeM72Z7vHlev2BXCI945ojGFEm7jN6oYNXn1cwm2/UUUMRrPzgGQTaded51IqfwJqj7bc9ZUHWHlXBEUXf9OD/s0yIV+7PkxftWLg4exGZ6EjdAejCHb2HFwViy7tenu32sf6PfucIdNsqR3RdR4hVHXmLOY9KFjkItm2pH8Q5Mb/aSziX2Bn/jCK0L5CYU7/I8bi99xZc0Etupa0e1+OxuaNTboe5/aGblMu7o4J98oLJuxm+nXvs925aJwFAFCvYGBeIUexcbww6U4UxapgnYFbhNIepLEcQKr0XDBr1S9x6XMBDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.138.21.76) smtp.rcpttodomain=googlegroups.com smtp.mailfrom=siemens.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=siemens.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EexWQs+iqzfAHsMuMLN2st82VjDu97uRawPLPMDrkGo=; b=HJyPacEv/Z7Xp3xETG1BwILS+tdFdZXLK2tFu3kj4OIYEt/UMUG599n+r1gRtkmw0NvKJ8CPSSgWqDxqVxv8loC4NPlI11SEL339OjO4isnLAkMV0rkYAM9guAqcvcf9WYL0hjLgBBHvR/dJwUKVb1/ROajYQlkXaYgc5yeKg+5o6kbm1Q1N8e0Xf9mZug4pUQ0gZnWkyIKHWJL4x0C/AWuDkSS8oKNnzmeteiBxztdE9dHdA98X1hl9TFiQxZT8HDhzK1q6rcjN3hmMbpuGUD7rCHTlGKA4Lcsv5IziJUes2M+cpjVOnVpcQ9dvLscEs9KN/IuaC5YSoiMWMSI68g== Received: from GVYP280CA0045.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f9::14) by AS8PR10MB7017.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5a4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28; Mon, 22 May 2023 06:55:57 +0000 Received: from HE1EUR01FT065.eop-EUR01.prod.protection.outlook.com (2603:10a6:150:f9:cafe::b2) by GVYP280CA0045.outlook.office365.com (2603:10a6:150:f9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.28 via Frontend Transport; Mon, 22 May 2023 06:55:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 194.138.21.76) smtp.mailfrom=siemens.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=siemens.com; Received-SPF: Pass (protection.outlook.com: domain of siemens.com designates 194.138.21.76 as permitted sender) receiver=protection.outlook.com; client-ip=194.138.21.76; helo=hybrid.siemens.com; pr=C Received: from hybrid.siemens.com (194.138.21.76) by HE1EUR01FT065.mail.protection.outlook.com (10.152.0.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.13 via Frontend Transport; Mon, 22 May 2023 06:55:57 +0000 Received: from DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) by DEMCHDC8VSA.ad011.siemens.net (194.138.21.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Mon, 22 May 2023 08:55:56 +0200 Received: from L15-Gen2.fritz.box (139.22.37.93) by DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.25; Mon, 22 May 2023 08:55:55 +0200 From: "T. Schaffner" To: CC: , , , Tobias Schaffner Subject: [PATCH v3 1/4] simplify image-account-extension Date: Mon, 22 May 2023 08:55:28 +0200 Message-ID: <20230522065531.2300448-2-tobias.schaffner@siemens.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230522065531.2300448-1-tobias.schaffner@siemens.com> References: <20230522065531.2300448-1-tobias.schaffner@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Return-Path: tobias.schaffner@siemens.com X-Originating-IP: [139.22.37.93] X-ClientProxiedBy: DEMCHDC8WAA.ad011.siemens.net (139.25.226.104) To DEMCHDC8WBA.ad011.siemens.net (139.25.226.105) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: HE1EUR01FT065:EE_|AS8PR10MB7017:EE_ X-MS-Office365-Filtering-Correlation-Id: 5f341c1e-b43e-4b49-dc5f-08db5a91983e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qL+hpBwPMlKE7vXdQpNCfYyoGzI01vZoqU/hnFmH+QY4ekrbTgyIpWS3w1h/zGfHgwOS0B7j9DnWqml4NxjDbqnhTvBu9ScOIrMc+QxMzOBEQoOto82HvV2gEFOoqzJkCYaX4M5J/GUEHF5dU5ft/lfJu3/wdrh8uATNIpRae3itffq51ERcyEyV4p05mjYodJYFtQcxSUBQzWBt0opWEo+WSHLNmfo6+EojdpVTcNRqbhEszEFRaol4OJIVakqnG9bmKbPRgzZUFr4CZ6upfUuJIpEAyttIPvvFmHM3MfkrBa0HDaY7yoOnjeTvvMvHRnnG03N7GZaaL0epSat3YoSNE216Qwrqf9XP7zC+lRZKWYY/t6gLEFMvWahM+8TfM3yW3O8RVNKnfqZrl4l1vpfH+HBBfBqlZEyAWqmamx5RAZ0AFtcyO8YBpekAABZ14gXrex3wl3py95aLqrml9DkVQPYWKMy4TU1wZfhwiPk/87JAzLAt3TeCAuLHw5AlK6IkhmKdz0hkjACLXDQ7QL42VbHzdQ/BQHyMFIL7FjIHBQKeZTFngf5vYIHBmIULNsLS/f7yZJWe0h8OvO5A6uiClavPKBBsFCi87uv4mvFdZ1bTnvY+0i4V8xFfvF8I0mVmhDSU0xofP46ocsmSwkR/6eZIuuyoXCHPpJmx3PRShSF9dhpBzCwiPVEAxji6AslC2OAF3fUI2VDc5jqY/Xf7GwGc5h4Pd/gjrI4uAZ4/OEkmMX0scHNUpBJk+Q25nZAtlw6dkQaozjYUYBInwg== X-Forefront-Antispam-Report: CIP:194.138.21.76;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:hybrid.siemens.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(376002)(39860400002)(396003)(451199021)(40470700004)(36840700001)(46966006)(15650500001)(5660300002)(41300700001)(82960400001)(40480700001)(82740400003)(6916009)(4326008)(40460700003)(316002)(8936002)(8676002)(70206006)(70586007)(86362001)(356005)(36756003)(83380400001)(6666004)(36860700001)(336012)(1076003)(956004)(26005)(186003)(16526019)(2616005)(47076005)(54906003)(30864003)(81166007)(2906002)(82310400005)(107886003)(478600001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2023 06:55:57.3068 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5f341c1e-b43e-4b49-dc5f-08db5a91983e X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;Ip=[194.138.21.76];Helo=[hybrid.siemens.com] X-MS-Exchange-CrossTenant-AuthSource: HE1EUR01FT065.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB7017 X-TUID: 6/eH9ZU7cJ9J From: Tobias Schaffner Do the complete user and group creation in python. This allows us to drop the encoding and parsing code that was used to make the user and group lists available in the shell function. Signed-off-by: Tobias Schaffner --- meta/classes/image-account-extension.bbclass | 368 +++++++------------ 1 file changed, 124 insertions(+), 244 deletions(-) diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index 1a1f704d..5080202d 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -1,5 +1,5 @@ # This software is a part of ISAR. -# Copyright (C) Siemens AG, 2019 +# Copyright (C) Siemens AG, 2019-2023 # # SPDX-License-Identifier: MIT # @@ -25,251 +25,131 @@ GROUPS ??= "" #GROUP_root[gid] = "" #GROUP_root[flags] = "system" -def gen_accounts_array(d, listname, entryname, flags, verb_flags=None): - from itertools import chain - - entries = (d.getVar(listname) or "").split() - return " ".join( - ":".join( - chain( - (entry,), - ( - (",".join( - ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - ).split() - ) if flag not in (verb_flags or []) else ( - d.getVarFlag(entryname + "_" + entry, flag, True) or "" - )).replace(":","=") - for flag in flags - ), - ) - ) - for entry in entries - ) - -# List of space separated entries, where each entry has the format: -# username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 -IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', 'shell', 'groups', 'flags'], ['password', 'comment', 'home', 'shell'])}" - -# List of space separated entries, where each entry has the format: -# groupname:groupid:flag1,flag2 -IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'flags'])}" - -do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} ${IMAGE_ACCOUNTS_USERS}" -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" -image_postprocess_accounts() { - # Create groups - # Add space to the end of the list: - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS').split())} ' - while true; do - # Pop first group entry: - list_rest="${list#*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - fi - - # Create or modify groups: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute groupmod (no changes)." - else - echo "Execute groupmod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupmod "$@" "$name" - fi - else - echo "Execute groupadd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/groupadd "$@" "$name" - fi - done - - # Create users - list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS').split())} ' - while true; do - # Pop first user entry: - list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" - entry="${list%%${list_rest}}" - list="${list_rest}" - - if [ -z "${entry}" ]; then - break - fi - - # Add colon to the end of the entry and remove trailing space: - entry="${entry% }:" - - # Decode entries: - name="${entry%%:*}" - entry="${entry#${name}:}" - - password="${entry%%:*}" - entry="${entry#${password}:}" - - expire="${entry%%:*}" - entry="${entry#${expire}:}" - - inactive="${entry%%:*}" - entry="${entry#${inactive}:}" - - uid="${entry%%:*}" - entry="${entry#${uid}:}" - - gid="${entry%%:*}" - entry="${entry#${gid}:}" - - comment="${entry%%:*}" - entry="${entry#${comment}:}" - - home="${entry%%:*}" - entry="${entry#${home}:}" - - shell="${entry%%:*}" - entry="${entry#${shell}:}" - - groups="${entry%%:*}" - entry="${entry#${groups}:}" - - flags="${entry%%:*}" - entry="${entry#${flags}:}" - - flags=",${flags}," # Needed for searching for substrings - - # Check if user already exists: - if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then - exists="y" - else - exists="n" - fi - - # Create arguments: - set -- # clear arguments - - if [ -n "$expire" ]; then - set -- "$@" --expiredate "$expire" - fi - - if [ -n "$inactive" ]; then - set -- "$@" --inactive "$inactive" - fi - - if [ -n "$uid" ]; then - set -- "$@" --uid "$uid" - fi - - if [ -n "$gid" ]; then - set -- "$@" --gid "$gid" - fi - - if [ -n "$comment" ]; then - set -- "$@" --comment "$comment" - fi - - if [ -n "$home" ]; then - if [ "y" = "$exists" ]; then - set -- "$@" --home "$home" --move-home - else - set -- "$@" --home-dir "$home" - fi - fi - - if [ -n "$shell" ]; then - set -- "$@" --shell "$shell" - fi - - if [ -n "$groups" ]; then - set -- "$@" --groups "$groups" - fi - - if [ "n" = "$exists" ]; then - if [ "${flags}" != "${flags%*,system,*}" ]; then - set -- "$@" --system - fi - if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then - set -- "$@" --no-create-home - else - if [ "${flags}" != "${flags%*,create-home,*}" ]; then - set -- "$@" --create-home - fi - fi - fi - - # Create or modify users: - if [ "y" = "$exists" ]; then - if [ -z "$@" ]; then - echo "Do not execute usermod (no changes)." - else - echo "Execute usermod with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/usermod "$@" "$name" - fi - else - echo "Execute useradd with \"$@\" for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/sbin/useradd "$@" "$name" - fi - - # Set password: - if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then - chpasswd_args="-e" - if [ "${flags}" != "${flags%*,clear-text-password,*}" ]; then +def image_create_groups(d: "DataSmart") -> None: + """Creates the groups defined in the ``GROUPS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + entries = (d.getVar("GROUPS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + group_entry = "GROUP_{}".format(entry) + + with open("{}/etc/group".format(rootfsdir), "r") as group_file: + exists = any(line.startswith("{}:".format(entry)) for line in group_file) + + gid = d.getVarFlag(group_entry, "gid") or "" + if gid: + args.append("--gid") + args.append(gid) + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/groupmod", *args, entry]) + else: + flags = (d.getVarFlag(group_entry, "flags") or "").split() + if "system" in flags: + args.append("--system") + + bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) + + +def image_create_users(d: "DataSmart") -> None: + """Creates the users defined in the ``USERS`` bitbake variable. + + Args: + d (DataSmart): The bitbake datastore. + + Returns: + None + """ + import hashlib + import crypt + + entries = (d.getVar("USERS") or "").split() + rootfsdir = d.getVar("ROOTFSDIR") + chroot = ["sudo", "-E", "chroot", rootfsdir] + + for entry in entries: + args = [] + user_entry = "USER_{}".format(entry) + + with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: + exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) + + def add_user_option(option_name, flag_name): + flag_value = d.getVarFlag(user_entry, flag_name) or "" + if flag_value: + args.append(option_name) + args.append(flag_value) + + add_user_option("--expire", "expiredate") + add_user_option("--inactive", "inactive") + add_user_option("--uid", "uid") + add_user_option("--gid", "gid") + add_user_option("--comment", "comment") + add_user_option("--shell", "shell") + + groups = d.getVarFlag(user_entry, "groups") or "" + if groups: + args.append("--groups") + args.append(groups.replace(' ', ',')) + + flags = (d.getVarFlag(user_entry, "flags") or "").split() + + if exists: + add_user_option("--home", "home") + if d.getVarFlag(user_entry, "home") or "": + args.append("--move-home") + else: + add_user_option("--home-dir", "home") + + if "system" in flags: + args.append("--system") + if "no-create-home" in flags: + args.append("--no-create-home") + if "create-home" in flags: + args.append("--create-home") + + if exists: + if args: + bb.process.run([*chroot, "/usr/sbin/usermod", *args, entry]) + else: + bb.process.run([*chroot, "/usr/sbin/useradd", *args, entry]) + + command = [*chroot, "/usr/sbin/chpasswd"] + password = d.getVarFlag(user_entry, "password") or "" + if password or "allow-empty-password" in flags: + if "clear-text-password" in flags: + # chpasswd adds a random salt when running against a clear-text password. # For reproducible images, we manually generate the password and use the # SOURCE_DATE_EPOCH to generate the salt in a deterministic way. - if [ -z "${SOURCE_DATE_EPOCH}" ]; then - chpasswd_args="" - else - salt="$(echo "${SOURCE_DATE_EPOCH}" | sha256sum -z | cut -c 1-15)" - password="$(openssl passwd -6 -salt $salt "$password")" - fi - fi - printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ - /usr/sbin/chpasswd $chpasswd_args - fi - if [ "${flags}" != "${flags%*,force-passwd-change,*}" ]; then - echo "Execute passwd to force password change on first boot for \"$name\"" - sudo -E chroot '${ROOTFSDIR}' \ - /usr/bin/passwd --expire "$name" - fi - done + source_date_epoch = d.getVar("SOURCE_DATE_EPOCH") or "" + if source_date_epoch: + command.append("-e") + salt = hashlib.sha256("{}\n".format(source_date_epoch).encode()).hexdigest()[0:15] + password = crypt.crypt(password, "$6${}".format(salt)) + + else: + command.append("-e") + + bb.process.run(command, "{}:{}".format(entry, password).encode()) + + if "force-passwd-change" in flags: + bb.process.run([*chroot, "/usr/sbin/passwd", "--expire", entry]) + + +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" +python image_postprocess_accounts() { + image_create_groups(d) + image_create_users(d) } -- 2.34.1