From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7096466320318791680 X-Received: by 2002:ac2:46c1:0:b0:494:6d30:eaaf with SMTP id p1-20020ac246c1000000b004946d30eaafmr7120827lfo.532.1662111479272; Fri, 02 Sep 2022 02:37:59 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:150f:b0:25f:dcd4:53b4 with SMTP id e15-20020a05651c150f00b0025fdcd453b4ls726193ljf.3.-pod-prod-gmail; Fri, 02 Sep 2022 02:37:57 -0700 (PDT) X-Google-Smtp-Source: AA6agR6yUHm+H/fmrmUsOGU3L53haCAP5drgyweM97i/x8nEe3RAOM28esAK04jA57Yafbm6TLZ4 X-Received: by 2002:a2e:a547:0:b0:25f:eb8f:99dc with SMTP id e7-20020a2ea547000000b0025feb8f99dcmr10936143ljn.245.1662111477368; Fri, 02 Sep 2022 02:37:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662111477; cv=none; d=google.com; s=arc-20160816; b=uFZZeoeHUPK3+i545kvb1hjEVYTq9m/qJvOu+Pib4rbjeC91sLBYYzNQxX7iKuEPnf 81mo/rjbqP4X3SifbATR6vCAGux3ke8SZlSFHl+cdi1W5QnAkuDlD3dUSjttSczYc4tc ZX0o2toqcykf+Mpbt8PjzOBng695t39ml2crF4pkIZFHbihNpFRoheHFe2OvmO43MgFP VOCLeeePNsVTJdFMX6q8yiDtNZ7DqEzW5rTix4q8VD6YiMtsEDvy0eM5hNYy6fhfps8k CkOvyZ0QP+Sso5ensp7yROC5Io+q3M0rTBVGBT2q9PBwuov1VfJ0SdS1XSj4XtxhZZ4j 5tRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from; bh=jUlgYLRKgCdip4BzWCjw4D5hgKtIg8USRkUyvZT0H3c=; b=upJ9zmXJRaZRIn1wJk/050ABTuLJgljkld1Ay0pV82uH1DM6mS2R2TE6Aa6mjZseEP 4NGSyCPMYGigYf4YTcIPomYQpFZCXJzE4ja8l2J1vZVcXmzeD3al61wO3uyfhMIF8NI4 yYz2U/avh6uWwAGDsmvzJ8jCGkK6xMKRx0kSwsMiI1AeL6TZdyS6VUq9CP0ToML6NAIu dxkVkMv1BMMGKtzEdb13YRN2Clw36/JGCKWCoxT9344R8TMsS6WAa0ruPW5C2SJ/ldSG SfJmMPhDshEx1Quud3pM5GTkueGdFdxWpcknxslJtu+L7u7UO2Q5n0KVLd3wJeBDEwED trTw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id g28-20020a2ea4bc000000b00268b15f80absi79250ljm.5.2022.09.02.02.37.57 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 02 Sep 2022 02:37:57 -0700 (PDT) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from home.localnet (44-208-124-178-static.mgts.by [178.124.208.44] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 2829btCn007721 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 2 Sep 2022 11:37:56 +0200 From: Uladzimir Bely To: isar-users@googlegroups.com, Quirin Gylstorff Subject: Re: [PATCH v3 1/2] classes/image-account-extension:Move account configuration to post-process Date: Fri, 02 Sep 2022 12:37:29 +0300 Message-ID: <6790411.9J7NaK4W3v@home> In-Reply-To: <20220517123713.675215-2-Quirin.Gylstorff@siemens.com> References: <20220517123713.675215-1-Quirin.Gylstorff@siemens.com> <20220517123713.675215-2-Quirin.Gylstorff@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: g4ERMOxp6UBe During debugging the downstream I've found that this patch breaks build in case we want to have some specific homedir for 'root'. E.g., if we have the following in local.conf: USERS += "root" USER_root[home] = "/home/root" it comes to "/usr/sbin/usermod --home /home/root --move-home root" execution under chroot and it fails with an error "usermod: user root is currently used by process NNN", where NNN seems to be PID of 'usermod' itself. It looks a bit weird for me, because exactly the same thing was executed before the patch was applied, but with no any errors. In default local.conf we don't change default root's homedir, so this issue was not caught earlier. Any ideas how that could be properly fixed without reverting? In the email from Tuesday, 17 May 2022 15:37:12 +03 user Quirin Gylstorff wrote: > From: Quirin Gylstorff > > If the root account is deactivate during rootfs configuration > , e.g. by setting 'USER_root[expire]="01-01-1970"', the following error > occurs if a packages tries to create/modifies a user account. > > ``` > Setting up systemd (247.3-7) ... > Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service -> > /lib/systemd/system/getty@.service. Created symlink > /etc/systemd/system/multi-user.target.wants/remote-fs.target -> > /lib/systemd/system/remote-fs.target. Created symlink > /etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> > /lib/systemd/system/systemd-pstore.service. Initializing machine ID from > random generator. > Your account has expired; please contact your system administrator. > chfn: PAM: Authentication failure > adduser: `/bin/chfn -f systemd Network Management systemd-network' returned > error code 1. Exiting. dpkg: error processing package systemd > (--configure): > installed systemd package post-installation script subprocess returned error > exit status 1 Setting up dmsetup (2:1.02.175-2.1) ... > Errors were encountered while processing: > systemd > E: Sub-process /usr/bin/dpkg returned an error code (1) > WARNING: exit code 100 from a shell command. > ``` > > This move also allows /etc/skel modification to be applicable to > all users. > > Signed-off-by: Quirin Gylstorff > --- > RECIPE-API-CHANGELOG.md | 6 ++++++ > meta/classes/image-account-extension.bbclass | 5 ++--- > meta/classes/image.bbclass | 9 +++++++++ > 3 files changed, 17 insertions(+), 3 deletions(-) > > diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md > index f3b30351..d1ed6792 100644 > --- a/RECIPE-API-CHANGELOG.md > +++ b/RECIPE-API-CHANGELOG.md > @@ -397,3 +397,9 @@ New conversions can be added by defining > CONVERSION_CMD_type. - the conversions appends its own type, e.g. the > output file of a conversion `xz` would be ${IMAGE_FULLNAME}.${type}.xz > - a final chown is appended automatically > + > +### Handling of variables USERS and GROUPS is moved to image post > processing + > +The user and groups defined by the variables `USERS` and `GROUPS` > +was moved from image configuration to image post processing. The users and > +groups are now created after all packages are installed. > diff --git a/meta/classes/image-account-extension.bbclass > b/meta/classes/image-account-extension.bbclass index c9bebe85..c64ba769 > 100644 > --- a/meta/classes/image-account-extension.bbclass > +++ b/meta/classes/image-account-extension.bbclass > @@ -58,9 +58,8 @@ IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, > 'GROUPS', 'GROUP', ['gid', 'f > > do_rootfs_install[vardeps] += "${IMAGE_ACCOUNTS_GROUPS} > ${IMAGE_ACCOUNTS_USERS}" > > -ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts" > -image_configure_accounts[weight] = "3" > -image_configure_accounts() { > +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" > +image_postprocess_accounts() { > # Create groups > # Add space to the end of the list: > list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS', True).split())} ' > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > index aa6c510c..0da56b7a 100644 > --- a/meta/classes/image.bbclass > +++ b/meta/classes/image.bbclass > @@ -440,6 +440,15 @@ do_rootfs_quality_check() { > args="${args} ! -path ${ROOTFSDIR}/etc/os-release";; > image_postprocess_machine_id) > args="${args} ! -path ${ROOTFSDIR}/etc/machine-id";; > + image_postprocess_accounts) > + args="${args} ! -path ${ROOTFSDIR}/etc/passwd \ > + ! -path ${ROOTFSDIR}/etc/subgid \ > + ! -path ${ROOTFSDIR}/etc/subuid \ > + ! -path ${ROOTFSDIR}/etc/shadow- \ > + ! -path ${ROOTFSDIR}/etc/gshadow \ > + ! -path ${ROOTFSDIR}/etc/shadow \ > + ! -path ${ROOTFSDIR}/etc/group" > + ;; > esac > done > found=$( sudo find ${ROOTFSDIR} -type f -newer $rootfs_install_stamp > $args ) -- Uladzimir Bely