From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6987789901979713536 X-Received: by 2002:a7b:c4cb:: with SMTP id g11mr10669992wmk.40.1626978435938; Thu, 22 Jul 2021 11:27:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:a141:: with SMTP id r1ls2155627wrr.3.gmail; Thu, 22 Jul 2021 11:27:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkwu5DcfYDWzYRlNoeo8HshsU/kN/+HoUzOwUnO7TUo+3k6ABNZTObcN7mHNRQAKUvx90d X-Received: by 2002:adf:fb05:: with SMTP id c5mr1284347wrr.55.1626978434810; Thu, 22 Jul 2021 11:27:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626978434; cv=none; d=google.com; s=arc-20160816; b=bc8Xw2AbGxY8CUqVUR1i78DyljLP+Sr7eQ5XN85AjS6uP1NcKdkzXrZ96FvN0KR+Ii RdkKNueGzJl0y2Q+4YcuS3RwvUENjiLqN5JMbDLhvgPehhcwievPlLf+zDasXsMbUyX4 QeqQmsezUu+MCXyZCwdjmwh4UvEzhDjohhA4f9qLKXtAmiEasICJ/R841riwjeBU6ma0 iz3EIgwzJ2TslrUAmWsjki9DMIaeEaggsIMpkkvFV0/bTgMYPZD6ESBQAVgl4Qj6oy7e oK5+hsIetzeDI9fE64v4p1cx+RE/SAb656+JVbOYyz6VIzClP8FhuRXruTzLF7yUWfPe pCiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject; bh=Tg3ikEbxULZPowxSUGwJyme8SvMXwWEA12mlsh+Kt+8=; b=x9vdPSkPaFERezSZpll1sfzrnaXLu3pzS5GkLjyxo0teVoefgIoWCM39jqpCHW0kn+ YTqRleiCBMbhxq1IsOzdBTRGED2rRXe07gJo192ADmpWsqko7KAEFPM6p23Biw15xUYT VqqmZ6OwSl+2+3jkqANxBOOAQkXPFY1x6h54teakrNFxckI2HBo4wBJ5pWb0FXW/CuUj tkWx7OKN3goXI85zaxsMTEvnVWAAZGOcAHnFewU6b09r/m8/6zK/g6jNM0CgNfrcyz+/ 34m4bNu2HkbTG2PaHWpwSFJBdIi+MNHiRKHTl+sXIx2KrSizgXAEgjKGoIUtXIBMLgc/ wbwQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id b15si278356wru.0.2021.07.22.11.27.14 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Jul 2021 11:27:14 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 16MIR8Y4008743 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 22 Jul 2021 20:27:08 +0200 Received: from [167.87.241.235] ([167.87.241.235]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 16MIR8Se025272; Thu, 22 Jul 2021 20:27:08 +0200 Subject: Re: putting users into groups (created by packages) To: Henning Schild , isar-users@googlegroups.com, Claudius Heine References: <20210722183337.5ac359d2@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: <2ed2675d-f7f3-486a-665b-884611f55822@siemens.com> Date: Thu, 22 Jul 2021 20:27:08 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210722183337.5ac359d2@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: O9LMYG19sgct On 22.07.21 18:33, Henning Schild wrote: > Hi, > > i just had a need to install docker and join a user into that group. > But even though the package would create the group ... i found myself > having to create the group anyways. Because we run > "ROOTFS_CONFIGURE_COMMAND" before installing packages. > > So i need > > +IMAGE_PREINSTALL += "docker.io ca-certificates apparmor" > + > +USER_admin[groups] += "docker" > > and > > +GROUPS += "docker" > +GROUPS_docker[flags] = "system" > > Would it not be nice to move "image_configure_accounts" into > ROOTFS_POSTPROCESS_COMMAND? So these last two lines would not be > needed. Especiall the last one is nasty ... because i have to mimic the > flags of a postinst. > When does debian preseed apply account settings, before or after installing packages? I would be surprised if they did that upfront but I also didn't check. Jan PS: As we are discussing wishlists: Would be nice to also accept clear-text passwords (just like preseed does) to allow picking them up from upcoming "kas menu". Yes, security implications are understood. -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux