From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7096466320318791680
X-Received: by 2002:a05:6512:280b:b0:496:16b4:868e with SMTP id cf11-20020a056512280b00b0049616b4868emr2203520lfb.323.1662375698270;
        Mon, 05 Sep 2022 04:01:38 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:651c:150f:b0:25f:dcd4:53b4 with SMTP id
 e15-20020a05651c150f00b0025fdcd453b4ls1530151ljf.3.-pod-prod-gmail; Mon, 05
 Sep 2022 04:01:36 -0700 (PDT)
X-Google-Smtp-Source: AA6agR6fVjZcEQ3ouhyY6GkbCw/JOFocTQqHdHylT6T2QJE4gKa2fIWUctVQJyXyus3D8Bfc97cd
X-Received: by 2002:a05:651c:a0e:b0:268:84b6:418a with SMTP id k14-20020a05651c0a0e00b0026884b6418amr6682561ljq.250.1662375696642;
        Mon, 05 Sep 2022 04:01:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1662375696; cv=none;
        d=google.com; s=arc-20160816;
        b=gzh9mxERolRn8InA/Uc0J2lEda6F1asrgFQRBLi1vXt7w2I1+dA4iup27dVda3CkXH
         ByqKWZpH9Ua2xacQNFwOY1cGAc2aWkg9M/b5ZW9sBBLKyw1bF7SxzdU1S+WEncjrozqv
         3ZWa/TJ1ey6yT951S9TxkL6A/eMQqN/EUnEYLab3wvQG6Jlea9F8afSSCeHHUJaoEmFk
         vGqNCIQU5vegwSrGMaMbqYcK7OsC8lPPQwu/kaLDq6H81tXakyMJv0bFt6vG5Dqz1I96
         IbpUnW/CNMyS82UmS6K//qOkJsEfP5wlegeVSnVSElMAwH+RZuMjDrPTCY6igUU5lgKJ
         eS5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from;
        bh=BU+DefWFjhbnOq5SDDfRKImBJWPE6/1/aDt1LniV3P0=;
        b=0AXZpPV8JNxmR2INiUh2ptDeZmydoDDwaWdH9ba6BieWOz1Pzbf0wcOpGZptkTVM06
         n4Ycb8cBdj1dSTtimSPN/9maSryLo4nPmwtbVUVihRPHcr5OXN035FP+tAS+7TzRYcGQ
         l3PBcfF10DdTEjf0nX+6WYjdYGUU+SL/bxckzsCejogYqW+Ck3Os6l4Pkn233mJPoth7
         4Yu2HbT0yz2tjSla29UdsQZVOsrHYCATuT50WUZQbP4BUbQYVzB5oKHelrw9DflTbrqr
         bdw3ju8fKctvk/lMRkkKRTfYkndvte+RH5SOBysR0J4r9Vesc+BY+GYgWJyoosyJgpSB
         fENg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Return-Path: <ubely@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id x20-20020a056512079400b00492ea683e72si338943lfr.2.2022.09.05.04.01.36
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 05 Sep 2022 04:01:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Received: from home.localnet (44-208-124-178-static.mgts.by [178.124.208.44] (may be forged))
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 285B1YtL021156
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 5 Sep 2022 13:01:35 +0200
From: Uladzimir Bely <ubely@ilbers.de>
To: isar-users@googlegroups.com,
        Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
Subject: Re: [PATCH v3 1/2] classes/image-account-extension:Move account configuration to post-process
Date: Mon, 05 Sep 2022 14:01:05 +0300
Message-ID: <25582074.1r3eYUQgxm@home>
In-Reply-To: <6790411.9J7NaK4W3v@home>
References: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> <20220517123713.675215-2-Quirin.Gylstorff@siemens.com> <6790411.9J7NaK4W3v@home>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: ZPA3EOR+DONG

In the email from Friday, 2 September 2022 12:37:29 +03 user Uladzimir Bely 
wrote:
> During debugging the downstream I've found that this patch breaks build in
> case we want to have some specific homedir for 'root'.
> 
> E.g., if we have the following in local.conf:
> 
> USERS += "root"
> USER_root[home] = "/home/root"
> 
> it comes to "/usr/sbin/usermod --home /home/root --move-home root" execution
> under chroot and it fails with an error "usermod: user root is currently
> used by process NNN", where NNN seems to be PID of 'usermod' itself.
> 
> It looks a bit weird for me, because exactly the same thing was executed
> before the patch was applied, but with no any errors.
> 
> In default local.conf we don't change default root's homedir, so this issue
> was not caught earlier.
> 

After some investigations I found, that the issue is related to the mounted "/
proc" in case usermod is executed in chroot during "image post processing" 
stage. This leads to the error when attempting to change the current root's 
home directory.

Earlier, when it was done during "image configuration" stage, "/proc" was not 
yet mounted and we simply didn't see an error.

> Any ideas how that could be properly fixed without reverting?
> 
> In the email from Tuesday, 17 May 2022 15:37:12 +03 user Quirin Gylstorff
> 
> wrote:
> > From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> > 
> > If the root account is deactivate during rootfs configuration
> > , e.g. by setting 'USER_root[expire]="01-01-1970"', the following error
> > occurs if a packages tries to create/modifies a user account.
> > 
> > ```
> > Setting up systemd (247.3-7) ...
> > Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service
> > -> /lib/systemd/system/getty@.service. Created symlink
> > /etc/systemd/system/multi-user.target.wants/remote-fs.target ->
> > /lib/systemd/system/remote-fs.target. Created symlink
> > /etc/systemd/system/sysinit.target.wants/systemd-pstore.service ->
> > /lib/systemd/system/systemd-pstore.service. Initializing machine ID from
> > random generator.
> > Your account has expired; please contact your system administrator.
> > chfn: PAM: Authentication failure
> > adduser: `/bin/chfn -f systemd Network Management systemd-network'
> > returned
> > error code 1. Exiting. dpkg: error processing package systemd
> > (--configure):
> > installed systemd package post-installation script subprocess returned
> > error exit status 1 Setting up dmsetup (2:1.02.175-2.1) ...
> > Errors were encountered while processing:
> > systemd
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
> > WARNING: exit code 100 from a shell command.
> > ```
> > 
> > This move also allows  /etc/skel modification to be applicable to
> > all users.
> > 
> > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> > ---
> > 
> >  RECIPE-API-CHANGELOG.md                      | 6 ++++++
> >  meta/classes/image-account-extension.bbclass | 5 ++---
> >  meta/classes/image.bbclass                   | 9 +++++++++
> >  3 files changed, 17 insertions(+), 3 deletions(-)
> > 
> > diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md
> > index f3b30351..d1ed6792 100644
> > --- a/RECIPE-API-CHANGELOG.md
> > +++ b/RECIPE-API-CHANGELOG.md
> > @@ -397,3 +397,9 @@ New conversions can be added by defining
> > CONVERSION_CMD_type. - the conversions appends its own type, e.g. the
> > output file of a conversion `xz` would be ${IMAGE_FULLNAME}.${type}.xz
> > 
> >      - a final chown is appended automatically
> > 
> > +
> > +### Handling of variables USERS and GROUPS is moved to image post
> > processing +
> > +The user and groups defined by the variables `USERS` and `GROUPS`
> > +was moved from image configuration to image post processing. The users
> > and
> > +groups are now created after all packages are installed.
> > diff --git a/meta/classes/image-account-extension.bbclass
> > b/meta/classes/image-account-extension.bbclass index c9bebe85..c64ba769
> > 100644
> > --- a/meta/classes/image-account-extension.bbclass
> > +++ b/meta/classes/image-account-extension.bbclass
> > @@ -58,9 +58,8 @@ IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d,
> > 'GROUPS', 'GROUP', ['gid', 'f
> > 
> >  do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS}
> > 
> > ${IMAGE_ACCOUNTS_USERS}"
> > 
> > -ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts"
> > -image_configure_accounts[weight] = "3"
> > -image_configure_accounts() {
> > +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts"
> > +image_postprocess_accounts() {
> > 
> >      # Create groups
> >      # Add space to the end of the list:
> >      list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS', True).split())} '
> > 
> > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
> > index aa6c510c..0da56b7a 100644
> > --- a/meta/classes/image.bbclass
> > +++ b/meta/classes/image.bbclass
> > @@ -440,6 +440,15 @@ do_rootfs_quality_check() {
> > 
> >  	        args="${args} ! -path ${ROOTFSDIR}/etc/os-release";;
> >  	    
> >  	    image_postprocess_machine_id)
> >  	    
> >  	        args="${args} ! -path ${ROOTFSDIR}/etc/machine-id";;
> > 
> > +	    image_postprocess_accounts)
> > +	        args="${args} ! -path ${ROOTFSDIR}/etc/passwd \
> > +                          ! -path ${ROOTFSDIR}/etc/subgid \
> > +                          ! -path ${ROOTFSDIR}/etc/subuid \
> > +                          ! -path ${ROOTFSDIR}/etc/shadow- \
> > +                          ! -path ${ROOTFSDIR}/etc/gshadow \
> > +                          ! -path ${ROOTFSDIR}/etc/shadow \
> > +                          ! -path ${ROOTFSDIR}/etc/group"
> > +            ;;
> > 
> >  	esac
> >  	
> >      done
> >      found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp
> > 
> > $args )


-- 
Uladzimir Bely