From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Fri, 19 Jun 2026 14:37:21 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pg1-f192.google.com (mail-pg1-f192.google.com [209.85.215.192]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 65JCbIHO002471 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 19 Jun 2026 14:37:19 +0200 Received: by mail-pg1-f192.google.com with SMTP id 41be03b00d2f7-c8a247a74b7sf968854a12.2 for ; Fri, 19 Jun 2026 05:37:19 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1781872633; cv=pass; d=google.com; s=arc-20240605; b=S/+2i7t3DC7cTNr3JouYWnBszVakYjHcQ8btNFJNm7nBlKbOzLClUXBfE7XrohiYGN ZdHUH8Sh54krovi0kf1ClXMNfqZ3ccDG89B/uWSsja3I2roi5FQeYzijBLC32Gc5sRLB aI92xlBRX8zTjAcfvITvigi4npa4jDHjnYf1FQLfsr5VYea7rcmqSD1LIINazL6FABjh ke82X9zhWpgWoqHRmo16LD+c2VK/N5dlFkaUf0dOKfprt6lEsf3XmMKKrCJeTxAzDI96 ybUsoo+ZZR0JOuF8Hl34LUOMOShi6A64m4HjmoyoZK4pRt95RpI0A62cgg79fhePXI9i NvqA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:in-reply-to :autocrypt:content-language:from:references:to:subject:user-agent :date:message-id:dkim-signature; bh=gJJuZFIi/amXq/j+vmn+yCHheA0rUncnqOHOMBHmZyo=; fh=FEHmlFPvpQVyuKazr1pJxB91YDTs8eDfTwBS/MeJhUg=; b=f/b0rEGJ3Awg8iObcbXkj453uegVnYQU7luTga0fPvZ04YZcZj0oXP6WpcKWj7HN8G 8l/DpycV4ubx/mqkFhy7riuOCyj1Pp+06wAYJEg22jLWOM7FXYLFTyFoToFPwDK3dor1 /gl55YoR2awm4Ox/oI/LYgFAJHO9NhG0t9LfyAPYrAh6I1Xmkz9slRqDX4spgM3SsraT lJjnjhbDpRVZpSstQEzEBVgMOV5WtKsyeTBMU4vZFGAp3rS0/2AggSYCsumzT1SND1nk XMMSkWOJ32wlQyEOpq0kfwewNsGp+XB+hZmKCkY8SCq15+uOmBBQG4mmbIf9DOh5YG1T RWcg==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=XdPQpeN0; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1781872633; x=1782477433; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:from:references:to:subject :user-agent:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=gJJuZFIi/amXq/j+vmn+yCHheA0rUncnqOHOMBHmZyo=; b=xzc4E3p11kBrrD01DZyQ1I3/h6o+ntmAUJOu34IuDbtTaqENwo0I+0udBxP5ANxNfa 5MhLbWF5MUyy624Qayu76nPNsPj1m9Oz7lzZSfEjoCkW9lARuX8F1l4wY0xK0Bik+tZA Hjcg8WgfozHAHGiRWc5+UvjEE6McL1sWOHFF1aUxIQp+XaL+3mWrVdlTgXFI1StTPGgQ +J+9KXBHV1KbTxmFZkvrsqgSNgv7Ge9G9zXLiAgq72qQ3IM76xBkuHAs/yUwXyYiq7sF ciPnFGUszGVQ5gU+mv1R4rDMkwYv9i2+bCrC2KPS+BYh/waOjlXN4so/Re7f+C0g5Q2Q OPcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781872633; x=1782477433; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:from:references:to:subject :user-agent:date:message-id:x-beenthere:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=gJJuZFIi/amXq/j+vmn+yCHheA0rUncnqOHOMBHmZyo=; b=Jhhiy5qmrafMz+ds/LBifY4K5T3zWu6nuJZhgZSmss5woivJfsMReqbpZekYF3vBzg QI2JXQjpdwIFM1iyyWJdceb8GsqCCCuGfgZx4qMMIkp1NG4+L7TWjQ9/Y1YQVKfzKjXa KLSwM2pWlKcbRfDM1Q1a4+Id4FcwnkWVr87IAougmyE7Kf63pj2JP1lqiCnPudkYSJVT llPRFZXVgysUtczQ4vaBeeQWDEUaYj/fKxdRWDh6BmmLzBLHmKjuVA9tgS2Hj14pzsnf 3QEc1qUEGAhrZYTY7oZZT5b1zJcTbwgQR+QFyKKHRcYzHptZrA/UmBjUgqhZyyxd6d2L FDMg== X-Forwarded-Encrypted: i=3; AFNElJ9Cc9xX0wQuwwC790c4oUFVjXW+AoyqVHKiU4WtRY3SEgwTYkSA9LtB4wytNBz0YH0N3gcS@ilbers.de X-Gm-Message-State: AOJu0Yyn7tBusgfnVVk3z/YvAFp0k7xUTnn4DIW2FZup4OMGilSMTd0U u/Zlt5A05WKF0nJwc8Z5kvF//fLt9T8IPrVNE4z9wLDk8s90/fqQtQT7 X-Received: by 2002:a17:90b:4d06:b0:36b:9835:cf96 with SMTP id 98e67ed59e1d1-37d1e7fd10amr2471546a91.2.1781872632626; Fri, 19 Jun 2026 05:37:12 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AX0PUUdfX8HI2u2ZYgzrZBixZPOsO2Uz6LVKE3k+blfbt/NLbg==" Received: by 2002:a17:90b:4d89:b0:367:fe67:da3f with SMTP id 98e67ed59e1d1-37d14e3f2bels1348562a91.1.-pod-prod-02-us; Fri, 19 Jun 2026 05:37:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AFNElJ8ya38tMz+mzpmVrDHS3xLkSqbSOtoIs07/4BoEW+PlAzmRjInOwsMvpauuC1WOfagi3R8tFP1rAX8K@googlegroups.com X-Received: by 2002:a17:90b:57eb:b0:37c:18e0:90dc with SMTP id 98e67ed59e1d1-37d1e8b32a9mr2681805a91.16.1781872630685; Fri, 19 Jun 2026 05:37:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1781872630; cv=pass; d=google.com; s=arc-20260327; b=e5bJFymNqUsDd3ehe7jTV2k84SdFoTU5izx9BcXK7PbaBx6966BmPWQlpeMtnFebcV uvE1mRPpDkxpRK7NjvvKZ5NDXCuo9O5DRukPbdJ28vg0NmYGwnHpKjbePimD9IFsRh+4 Yx+FtYXx0px1UpjQ8qqy28mStsZiLXJTPPlYQbcm0DXMbXWrUvJRGkSnpQDLb6GSDRy+ PoE6Xux0XQmveBIo2DZ8DvuwPoRqE/UAX8RMyrZTKboXkj8rMNxGW0/ZsESJmayWD3Y7 srxhcoNabRDTRxdihbggF5QZW2m8ObnnWQy/eQUEkBy0GBK4wdgFteq+uNAQSmu+1pHv AnMw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=mime-version:content-transfer-encoding:in-reply-to:autocrypt :content-language:from:references:to:subject:user-agent:date :message-id:dkim-signature; bh=pHPyN3Ve4VOKTZUBt37Wcf7BKKfRJDOXUTr37zqkBtk=; fh=hOoA06SSbIOnocoja325HTYmmxyff75ETYi874d+7DU=; b=p8E6RKEMxSKZ8OQTAzXsTVfOVhirYYYiJlFcdj9iMPZaJN8dX3Oysgs+p7MNJePQv+ +lVgc4etLnUvhKTwzT0jOwbJFW/QC1A+KHl8F76mceAfhvZR6J1pSLMrFKrH5l4lnSl+ o1Pkt3N4p5k6yS98sPqhby36zEMNE0AH5nVm487b9fE536lv2aLeJiGPJtJqe+swLUAV PYiQ3ukNH0C5MCSSNEHyPhkM8T8XrLyiV2YrmiZpEjoHr/2XH5LuWrjXT9cUMNapCpqA tvNmrBhWB4uwU1Q+zjEW2M7kYyVVJ6VMIT3WCisjlrKov0irmSRvhXQ6p6oCKe96pmVj xrrA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=XdPQpeN0; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazlp170120005.outbound.protection.outlook.com. [2a01:111:f403:c200::5]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-37d1a9b6433si40698a91.2.2026.06.19.05.37.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jun 2026 05:37:10 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) client-ip=2a01:111:f403:c200::5; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EAN8gR2+T2QkNWpIfI0E1+eqX/pglz2sL7+mqEjVOaxegS5xAhjbdz9N9BBMoGnIo43lrJj6bJmMBhHKHRFDQWk9PbZMhlfU/MzygQGoKLtFrgyt1ALEdXtqo9PfXzhmicIilMUsRcE9wO71BvpDtqhk6ea1x7zpl3T8xefgGl6XdjBbKzbsdFtL4uUOG4jflQnwCYA87XRSOm2x4MGemXLp7PFOIsC9qxEo1Y7DDQ/P7uhRGFXPsw5zx5GYkUj6IoLumA3GtEFjgSXCSOJprCzI7Q3CblZ1f34zngxO59GD4KQ919QXUXpYs0PFR16+1C/WcA3Qoc63i0kklgBmeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pHPyN3Ve4VOKTZUBt37Wcf7BKKfRJDOXUTr37zqkBtk=; b=M6p2TP1qaVkLoRIeBv9AQcgxcRoQOtd4vtGuvygyNS3P2KU5S3N9ZVls1+T+2AO2VSwHT+DTm9n6z/UvAI0/0P4DlP1snIZ6eFXHCAN26HH+p9MdJhNvCx0PQLq8nVDj6tLBOyimRg7Ge3Eiav0Q/s8CEAC8PRwpJ9u9spnhWMfjGQzhkAPiu7zeO60Gh6SPTR42PT/99G0ZMmMnABuQxVwI1ccnXpw4bsqBwhUTRObNh1+/X1QpXicDmx78mD2ddInxxohLwGDjaekfTxtnM3Xc5BWbW6fAxoLAqJpGkP9bfMTsylhjHcq43zdeusKo2Cw9cRvf53QyIBDz8QdJwA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by VI1PR10MB3279.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:803:136::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.139.11; Fri, 19 Jun 2026 12:37:07 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1%3]) with mapi id 15.21.0139.009; Fri, 19 Jun 2026 12:37:07 +0000 Message-ID: <715387b2-1738-498c-9ec1-38920e1d6ff6@siemens.com> Date: Fri, 19 Jun 2026 14:37:06 +0200 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH v2] image-account-extension: configure adduser UID/GID pools To: Cedric Hombourger , isar-users@googlegroups.com, Felix Moessbauer References: <20260521184852.1455458-1-cedric.hombourger@siemens.com> From: "'Jan Kiszka' via isar-users" Content-Language: en-US Autocrypt: addr=jan.kiszka@siemens.com; keydata= xsFNBGZY+hkBEACkdtFD81AUVtTVX+UEiUFs7ZQPQsdFpzVmr6R3D059f+lzr4Mlg6KKAcNZ uNUqthIkgLGWzKugodvkcCK8Wbyw+1vxcl4Lw56WezLsOTfu7oi7Z0vp1XkrLcM0tofTbClW xMA964mgUlBT2m/J/ybZd945D0wU57k/smGzDAxkpJgHBrYE/iJWcu46jkGZaLjK4xcMoBWB I6hW9Njxx3Ek0fpLO3876bszc8KjcHOulKreK+ezyJ01Hvbx85s68XWN6N2ulLGtk7E/sXlb 79hylHy5QuU9mZdsRjjRGJb0H9Buzfuz0XrcwOTMJq7e7fbN0QakjivAXsmXim+s5dlKlZjr L3ILWte4ah7cGgqc06nFb5jOhnGnZwnKJlpuod3pc/BFaFGtVHvyoRgxJ9tmDZnjzMfu8YrA +MVv6muwbHnEAeh/f8e9O+oeouqTBzgcaWTq81IyS56/UD6U5GHet9Pz1MB15nnzVcyZXIoC roIhgCUkcl+5m2Z9G56bkiUcFq0IcACzjcRPWvwA09ZbRHXAK/ao/+vPAIMnU6OTx3ejsbHn oh6VpHD3tucIt+xA4/l3LlkZMt5FZjFdkZUuAVU6kBAwElNBCYcrrLYZBRkSGPGDGYZmXAW/ VkNUVTJkRg6MGIeqZmpeoaV2xaIGHBSTDX8+b0c0hT/Bgzjv8QARAQABzSNKYW4gS2lzemth IDxqYW4ua2lzemthQHNpZW1lbnMuY29tPsLBlAQTAQoAPhYhBABMZH11cs99cr20+2mdhQqf QXvYBQJmWPvXAhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGmdhQqfQXvY zPAP/jGiVJ2VgPcRWt2P8FbByfrJJAPCsos+SZpncRi7tl9yTEpS+t57h7myEKPdB3L+kxzg K3dt1UhYp4FeIHA3jpJYaFvD7kNZJZ1cU55QXrJI3xu/xfB6VhCs+VAUlt7XhOsOmTQqCpH7 pRcZ5juxZCOxXG2fTQTQo0gfF5+PQwQYUp0NdTbVox5PTx5RK3KfPqmAJsBKdwEaIkuY9FbM 9lGg8XBNzD2R/13cCd4hRrZDtyegrtocpBAruVqOZhsMb/h7Wd0TGoJ/zJr3w3WnDM08c+RA 5LHMbiA29MXq1KxlnsYDfWB8ts3HIJ3ROBvagA20mbOm26ddeFjLdGcBTrzbHbzCReEtN++s gZneKsYiueFDTxXjUOJgp8JDdVPM+++axSMo2js8TwVefTfCYt0oWMEqlQqSqgQwIuzpRO6I ik7HAFq8fssy2cY8Imofbj77uKz0BNZC/1nGG1OI9cU2jHrqsn1i95KaS6fPu4EN6XP/Gi/O 0DxND+HEyzVqhUJkvXUhTsOzgzWAvW9BlkKRiVizKM6PLsVm/XmeapGs4ir/U8OzKI+SM3R8 VMW8eovWgXNUQ9F2vS1dHO8eRn2UqDKBZSo+qCRWLRtsqNzmU4N0zuGqZSaDCvkMwF6kIRkD ZkDjjYQtoftPGchLBTUzeUa2gfOr1T4xSQUHhPL8zsFNBGZY+hkBEADb5quW4M0eaWPIjqY6 aC/vHCmpELmS/HMa5zlA0dWlxCPEjkchN8W4PB+NMOXFEJuKLLFs6+s5/KlNok/kGKg4fITf Vcd+BQd/YRks3qFifckU+kxoXpTc2bksTtLuiPkcyFmjBph/BGms35mvOA0OaEO6fQbauiHa QnYrgUQM+YD4uFoQOLnWTPmBjccoPuiJDafzLxwj4r+JH4fA/4zzDa5OFbfVq3ieYGqiBrtj tBFv5epVvGK1zoQ+Rc+h5+dCWPwC2i3cXTUVf0woepF8mUXFcNhY+Eh8vvh1lxfD35z2CJeY txMcA44Lp06kArpWDjGJddd+OTmUkFWeYtAdaCpj/GItuJcQZkaaTeiHqPPrbvXM361rtvaw XFUzUlvoW1Sb7/SeE/BtWoxkeZOgsqouXPTjlFLapvLu5g9MPNimjkYqukASq/+e8MMKP+EE v3BAFVFGvNE3UlNRh+ppBqBUZiqkzg4q2hfeTjnivgChzXlvfTx9M6BJmuDnYAho4BA6vRh4 Dr7LYTLIwGjguIuuQcP2ENN+l32nidy154zCEp5/Rv4K8SYdVegrQ7rWiULgDz9VQWo2zAjo TgFKg3AE3ujDy4V2VndtkMRYpwwuilCDQ+Bpb5ixfbFyZ4oVGs6F3jhtWN5Uu43FhHSCqUv8 FCzl44AyGulVYU7hTQARAQABwsF8BBgBCgAmFiEEAExkfXVyz31yvbT7aZ2FCp9Be9gFAmZY +hkCGwwFCQWjmoAACgkQaZ2FCp9Be9hN3g/8CdNqlOfBZGCFNZ8Kf4tpRpeN3TGmekGRpohU bBMvHYiWW8SvmCgEuBokS+Lx3pyPJQCYZDXLCq47gsLdnhVcQ2ZKNCrr9yhrj6kHxe1Sqv1S MhxD8dBqW6CFe/mbiK9wEMDIqys7L0Xy/lgCFxZswlBW3eU2Zacdo0fDzLiJm9I0C9iPZzkJ gITjoqsiIi/5c3eCY2s2OENL9VPXiH1GPQfHZ23ouiMf+ojVZ7kycLjz+nFr5A14w/B7uHjz uL6tnA+AtGCredDne66LSK3HD0vC7569sZ/j8kGKjlUtC+zm0j03iPI6gi8YeCn9b4F8sLpB lBdlqo9BB+uqoM6F8zMfIfDsqjB0r/q7WeJaI8NKfFwNOGPuo93N+WUyBi2yYCXMOgBUifm0 T6Hbf3SHQpbA56wcKPWJqAC2iFaxNDowcJij9LtEqOlToCMtDBekDwchRvqrWN1mDXLg+av8 qH4kDzsqKX8zzTzfAWFxrkXA/kFpR3JsMzNmvextkN2kOLCCHkym0zz5Y3vxaYtbXG2wTrqJ 8WpkWIE8STUhQa9AkezgucXN7r6uSrzW8IQXxBInZwFIyBgM0f/fzyNqzThFT15QMrYUqhhW ZffO4PeNJOUYfXdH13A6rbU0y6xE7Okuoa01EqNi9yqyLA8gPgg/DhOpGtK8KokCsdYsTbk= In-Reply-To: <20260521184852.1455458-1-cedric.hombourger@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: FR4P281CA0335.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:ea::15) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|VI1PR10MB3279:EE_ X-MS-Office365-Filtering-Correlation-Id: 055d7559-5e4e-4412-e52f-08decdff7964 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|23010399003|18002099003|8126099003|22082099003|55112099003|5023799004|4143699003|3023799007|56012099006|11063799006|6133799003; X-Microsoft-Antispam-Message-Info: GFyNKBXPu0M8g9YJFzN3AnkGV+f0T1UZozi0oLmdH5oSNAZw8DVSHIwODMQ2kU/tssjq28btgySk3+BA7lK5+oDmhKpwESaqrzENFuj+wghcA1+pnybSmvXoVIwks1YuH050ckRwTzH1bI3lST5uf9QgnMgiHyygG03cXjSb0B9Exb2YfJqkcVRGDOjJPPMr4spiVbehbAhrWsz+FvXhn6vXaSp/nZ6cZZda2LTh6OmKnmBjacM80+UBo1Cv26A7zahHauEpaHyyBVneD3Rk3yzcW4pH+1/JSe2SYzMzSLI9BDrJ+WsSk6yCnCU3gSKIX15/nu7rjqSUWdGMVOy92nrzKfJHT+rijc9M+b4Y50LI4okL3BdvVl3hJ6Bik5gD1WZEM5tN3v9Nmo8S5+Rzv/KfPWE3zt4c2l0Qr0lm1KDJ39hZhEbI4f/WdDUJibu/IQyJiOaUHmi+2pRVOJWkR5zJyUSBa9ogpzQ6BNUtrmn5pzOSaBB6cuOJ7Y+eLusqvxi1fEScjymCC1+lrGuzy1i9/ZlcDSaTQnlBn+tRgl0A6+JW1PIjAZ83iQRgh4Th4wSp3ovM6HtsiA4BYKL9M0OwssJ84fS4t215/tqGfNaomowrtk/0nCUjdI+wXAb726PTCRWy+WvCgR20OiCMLbY8b0B6c8TbW7mRdGTnBws= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(23010399003)(18002099003)(8126099003)(22082099003)(55112099003)(5023799004)(4143699003)(3023799007)(56012099006)(11063799006)(6133799003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Z29rb1EzRjlVbU5OSjRDK0g2V1U3L2JZNHJUQjdtWmwxRlZIQVZWTEZxQ2xz?= =?utf-8?B?TWFlaXFwRnp2aTdVaE5DZkFvWUw0bVEyb2F2cndSQUJiNTNnYUdkcUpmeSsr?= =?utf-8?B?Q0ozWWUvTW42WnZibitOL2dWSlpENjZXV3ROakVrZ2ZwWlVGVk9GOFMxbFps?= =?utf-8?B?OGNNc1pzU0hrYTFtYnNrc2s5N0JROXV6OG43VVhYMVRMdFQ1MTRwcGl5YjRn?= =?utf-8?B?TlFtK3phTzIvc1dUT2kwQ0Rkc0VhV2dNYlFhQ2N1SW41QmdHbHZKdDhnRVlJ?= =?utf-8?B?amhNcE9TWktWSlpCK3ZJcDBsL3RaWjJVTlp4SkVpRDE1VGFDaEVIZ25LNzdz?= =?utf-8?B?bG8rcGpGZ2FGOEhuRklzT2VUcUtRR2dNd3Y5QU5qQVFSZGdaVUVscG9rWXlF?= =?utf-8?B?M0d4ZmV1UUhzcjV2NXJrelVkS1cvVjFBVGhPdG9rSk5SSDh0a3JIZUpJUFBC?= =?utf-8?B?ZGVYaThNRWI3MjNtNUdVYVYyZ1VXWVVKOUxkelBhQk5pVE0xNU5PSDNQdit3?= =?utf-8?B?M2FJRWNSYzlLZ29YZWsyaGYwL2dMaEI0K3hRbHZFbFBSQ2t0azBUUWoxbUJV?= =?utf-8?B?c000ckQ5WjdEZDBzNVJyUGpyQnF0TG8xWEhWVUNSVHkyNEp2dE1kQWNEVHdF?= =?utf-8?B?YVJPWXdTbDRUNk1ONGxFNTJDSHBaWElJZzZUUVJsN1ZSeTFEZEs0eThZNGVY?= =?utf-8?B?MHN3R0RZcXBERG9rSE5mbEZhZTNnQjIxQ282QjUxVmVLTnNXTksrZHF2WERP?= =?utf-8?B?TFhML1RjU2UxdDJJak04cUZsVE5SdDJzSjg5V3RnSXRQazUrc0dQcEpYYTlo?= =?utf-8?B?a2dRV2pMMXJYY3NGbEpVUDltZXpva2ZwV1NXSDdyd3Q0alltTXhKSmR5d0FS?= =?utf-8?B?Uk9MSm5XcC9SWHkrNnlPdThXRG8vaXlSZzdNejcwdS9RUCtHK2d6L2NXVGFG?= =?utf-8?B?OUpheElBWGtMaEh2VHdGeU8xZTVnNzE3M01zTFkwTjlieXZoTFJGUCtRWUdB?= =?utf-8?B?cXg0WEY0dmpYUGdFZmttaDA5RTZuajdSd2xnRFV0Yk5zVzlHVVNiZFpTaThT?= =?utf-8?B?OStjdHFhWDNISnRPN2pxT3dNajdPYkFqaGhIUEhnMG5lUGFxZ0l5TW9kTHlV?= =?utf-8?B?SEhSZHJSUEh6QWRlQW82OWJnOVVFQWx4dUdGNE90cUVDV2VxS2NoRnpKV0Z4?= =?utf-8?B?Z3grYzdmV2tiM3lRWU4zUjNwenpSUVoxUENSRXRnVzFOdXdVYUlJTHpRMnRF?= =?utf-8?B?Mldzd2NrWGUvRUY0bytWMkxGMjhielNObS9QRGdQVkplMjlXT2pkTFVIcFIx?= =?utf-8?B?TXREN1ZBNmxTY3FiUm4ydHVtbUpJSzlnUUtsMGRXaEpobUlLVTEzQTd3RGdu?= =?utf-8?B?aHduUGFMeTV4eE1kQXE2am54VTFraUpwK0c4bmxRUDU3bzR2VDFoK2M4K2ti?= =?utf-8?B?Y2NCVjJ4RXZ5TTN1T0ZGUHl5ZUMyMmpSdW9nd0VpQVFJd1dua1JaQnU2b3Vh?= =?utf-8?B?eDFKY3BpYml0M1VZQmxiUm5UeWFrSTJmTTl4WWVNVVk5dnBhVTBta2JXMngy?= =?utf-8?B?TnZiTDdIL21xZm40VHB0ekdyK2gxeGt0WFFScU5CeDZ2dGJQQVhxd1M3K05B?= =?utf-8?B?dDRjODZLMTVRcW1Nck9SYk9TcjZFMEtTdjlNSkRnaWJpaUVZN0NtV0tETTBO?= =?utf-8?B?cE04R1VndzNTbjk3N3h3Y1oyVUtRNjZOZkJEVC82R28yaFd4eVZFVmZjM3VG?= =?utf-8?B?OHQxdHoveHQzSUprNkF1YnlWT210U3lOUjFRaTlZcnRja3JsSWV2S2RQcjdh?= =?utf-8?B?UnNKYlFNR3RlQXl3Y3R5T0lKZ0lNb2IyUEh2SWZaT1Fyeno4THdTaFpOSVJY?= =?utf-8?B?enNXWjc1V1M4b20wUEVLTFNsd0pmTmxvSFpWclZucG1YdE5tcFBvWWllbS83?= =?utf-8?B?MFN2cnZjR29ZZnhCQjlLUGhKcm1xUWxvc1oxRkRUVW5mV1RCblZPOWgwcTRU?= =?utf-8?B?U1k2b2I1cHlVRlFmQkVNajRQN2YrRFoxZStJRTc1ZFI2RkkrcVZTSHVadG8z?= =?utf-8?B?YmtocE1BU09IOVdCbExTalBzNk5uSmdwenZLckNEa05yVDh6N1JVWFZJWmMw?= =?utf-8?B?ZmExRkpwM0s5ZDh5K1d0d05aYXB3VVJRaEhodHppTGR1YkF4eW1qUUFtZ1lY?= =?utf-8?B?YThoZ0twTFRYaUZSUzBkNXBtR1Q3UEZHZEVpdnRzRncxSWJ2WkREQm5keGRF?= =?utf-8?B?dE1PMWpYTTBIbTA2bUNhUnd5TGNaRWluVzVVV0FiVENzVkhQOU4zWlk2UU9x?= =?utf-8?B?djh5WS9ybzB3UncyVXZ0ZVdCMEt1VGhWSzZvd2JsQ3hwVkN5MmE1UT09?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 055d7559-5e4e-4412-e52f-08decdff7964 X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jun 2026 12:37:07.2345 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1CK5656qUNIuzipmt+MEZnkedNLtA5iwImSNr68TxspFuPpIkTPZqdRe9YXcdrqkOuMyBGdXS6yJlM+OsMKZ1w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB3279 X-Original-Sender: jan.kiszka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=XdPQpeN0; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Jan Kiszka Reply-To: Jan Kiszka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 0G5exdMuHYnv On 21.05.26 20:48, 'Cedric Hombourger' via isar-users wrote: > For users and groups with an explicit uid/gid set, generate adduser pool > files so that maintainer scripts calling adduser/addgroup during package > installation will reserve the expected IDs. > > Pool directories (/etc/adduser-uid.pool.d/ and /etc/adduser-gid.pool.d/) > are used, with a numbered fragment (00-image-accounts.conf) generated > from USERS/GROUPS entries. Additional .uid/.gid files from SRC_URI are > installed as numbered fragments, following the same pattern as .list > files for apt sources. Duplicates across fragments are filtered out > (USERS/GROUPS wins) with build warnings for traceability. > > A new 'reserve-only' flag allows entries to exist solely for pool > reservation without being explicitly created during image postprocessing. > > After postprocessing, ${IMAGE_FULLNAME}.uid and ${IMAGE_FULLNAME}.gid > are deployed to DEPLOY_DIR_IMAGE with all users/groups from the final > rootfs in adduser pool format. > > Work-around: /etc/adduser.conf is pre-created with UID_POOL/GID_POOL > directives and --force-confold is passed to dpkg so that our version is > kept when the adduser package is installed. This is needed because > adduser does not support loading configuration fragments from a .d > directory or from environment variables. > > Signed-off-by: Cedric Hombourger > --- > doc/user_manual.md | 73 ++++- > .../image-account-extension.bbclass | 282 +++++++++++++++++- > 2 files changed, 343 insertions(+), 12 deletions(-) > > diff --git a/doc/user_manual.md b/doc/user_manual.md > index 69e8dfef..b5b54f64 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -737,7 +737,8 @@ The `GROUP_` variable contains the settings of a group named `groupna > > - `gid` - The numeric group id. > - `flags` - A list of additional flags of the group. Those are the currently recognized flags: > - - `system` - The group is created using the `--system` parameter. > + - `system` - The group is created using the `--system` parameter. > + - `reserve-only` - The group is not explicitly created during image postprocessing. Instead, its `gid` is reserved in the adduser GID pool so that packages creating this group via maintainer scripts will use the specified ID. > > The `USERS` and `USER:` variable works similar to the `GROUPS` and `GROUP:` variable. The difference are the accepted flags of the `USER:` variable. It accepts the following flags: > > @@ -750,13 +751,14 @@ The `USERS` and `USER:` variable works similar to the `GROUPS` and `GR > - `home` - This changes the default home directory of the user with `usermod --move-home`. Only takes effect when used together with the `create-home` flag. > - `shell` - This users login shell > - `groups` - A space separated list of groups this user is a member of. > - - `flags` - A list of additional flags of the user: > - - `no-create-home` - `useradd` will be called with `-M` to prevent creation of the users home directory. > - - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory. > - - `system` - `useradd` will be called with `--system`. > - - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. > - - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. > - - `force-passwd-change` - Force the user to change to password on first login. > + - `flags` - A list of additional flags of the user: > + - `no-create-home` - `useradd` will be called with `-M` to prevent creation of the users home directory. > + - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory. > + - `system` - `useradd` will be called with `--system`. > + - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. > + - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. > + - `force-passwd-change` - Force the user to change to password on first login. > + - `reserve-only` - The user is not explicitly created during image postprocessing. Instead, its `uid` is reserved in the adduser UID pool so that packages creating this user via maintainer scripts will use the specified ID. > > #### Example > > @@ -779,6 +781,61 @@ USER_root[flags] = "create-home system force-passwd-change" > > Some examples can be also found in `meta-isar/conf/local.conf.sample`. > > +#### UID/GID pool reservation > + > +When a user or group entry has an explicit `uid` or `gid` set, it is added to > +the adduser UID/GID pool. This ensures that packages creating users or groups > +via their maintainer scripts (e.g. `adduser` or `addgroup`) will allocate the > +specified IDs. Combined with the `reserve-only` flag, this allows reserving IDs > +without explicitly creating the accounts: > + > +``` > +USERS += "tss" > +USER_tss[uid] = "666" > +USER_tss[flags] = "reserve-only" > + > +GROUPS += "tss" > +GROUP_tss[gid] = "666" > +GROUP_tss[flags] = "reserve-only" > + > +GROUPS += "docker" > +GROUP_docker[gid] = "1234" > +GROUP_docker[flags] = "reserve-only" > +``` > + > +In this example, when `tpm2-abrmd` or `docker.io` are installed, their > +maintainer scripts will create the `tss` and `docker` accounts using the > +reserved IDs rather than dynamically allocated ones. > + > +#### UID/GID pool files from SRC_URI > + > +Pool entries can also be provided via `.uid` and `.gid` files in `SRC_URI`. > +These files use the adduser pool format (`name:id`, one per line) and are > +installed as numbered fragments in `/etc/adduser-uid.pool.d/` and > +`/etc/adduser-gid.pool.d/` respectively. > + > +``` > +SRC_URI += "file://my-accounts.uid file://my-accounts.gid" > +``` > + > +Where `my-accounts.uid` might contain: > + > +``` > +# Reserve UIDs for package-created users > +tss:666 > +sshd:800 > +``` > + > +Entries from `USERS`/`GROUPS` (placed in `00-image-accounts.conf`) take > +priority over SRC_URI pool files. Duplicates are automatically filtered > +with a build warning indicating which entries were dropped and from which > +file. > + > +After image postprocessing, `${IMAGE_FULLNAME}.uid` and > +`${IMAGE_FULLNAME}.gid` files are deployed to `DEPLOY_DIR_IMAGE` containing > +all users and groups from the final rootfs. These files can be used as pool > +inputs for other images to maintain consistent UID/GID allocation. > + > #### Home directory contents prefilling > > To cover all users simply use `/etc/skel`. Files in there will be available in every home directory under correct permissions. > diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass > index e874f3c7..52eeec1b 100644 > --- a/meta/classes-recipe/image-account-extension.bbclass > +++ b/meta/classes-recipe/image-account-extension.bbclass > @@ -14,16 +14,18 @@ python() { > for entry in (d.getVar("GROUPS") or "").split(): > group_entry = "GROUP_{}".format(entry) > d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(group_entry)) > + d.appendVarFlag("image_configure_adduser_pools", "vardeps", " {}".format(group_entry)) > d.appendVarFlag("do_rootfs_install", "vardeps", " {}".format(group_entry)) > > for entry in (d.getVar("USERS") or "").split(): > user_entry = "USER_{}".format(entry) > d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(user_entry)) > + d.appendVarFlag("image_configure_adduser_pools", "vardeps", " {}".format(user_entry)) > d.appendVarFlag("do_rootfs_install", "vardeps", " {}".format(user_entry)) > } > do_rootfs_install[vardeps] += "GROUPS USERS" > > -def image_create_groups(d: "DataSmart") -> None: > +def image_create_groups(d): > """Creates the groups defined in the ``GROUPS`` bitbake variable. > > Args: > @@ -40,6 +42,10 @@ def image_create_groups(d: "DataSmart") -> None: > args = [] > group_entry = "GROUP_{}".format(entry) > > + flags = (d.getVarFlag(group_entry, "flags") or "").split() > + if "reserve-only" in flags: > + continue > + > with open("{}/etc/group".format(rootfsdir), "r") as group_file: > exists = any(line.startswith("{}:".format(entry)) for line in group_file) > > @@ -59,7 +65,7 @@ def image_create_groups(d: "DataSmart") -> None: > bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) > > > -def image_create_users(d: "DataSmart") -> None: > +def image_create_users(d): > """Creates the users defined in the ``USERS`` bitbake variable. > > Args: > @@ -78,6 +84,10 @@ def image_create_users(d: "DataSmart") -> None: > args = [] > user_entry = "USER_{}".format(entry) > > + flags = (d.getVarFlag(user_entry, "flags") or "").split() > + if "reserve-only" in flags: > + continue > + > with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: > exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) > > @@ -99,8 +109,6 @@ def image_create_users(d: "DataSmart") -> None: > args.append("--groups") > args.append(','.join(groups)) > > - flags = (d.getVarFlag(user_entry, "flags") or "").split() > - > if exists: > add_user_option("--home", "home") > if d.getVarFlag(user_entry, "home") or "": > @@ -143,9 +151,275 @@ def image_create_users(d: "DataSmart") -> None: > bb.process.run([*chroot, "/usr/bin/passwd", "--expire", entry]) > > > +def account_pool_files(d): > + """Returns lists of .uid and .gid files found in SRC_URI.""" > + uid_files = [] > + gid_files = [] > + sources = d.getVar("SRC_URI").split() > + for s in sources: > + _, _, local, _, _, _ = bb.fetch.decodeurl(s) > + base, ext = os.path.splitext(os.path.basename(local)) > + if ext == ".uid": > + uid_files.append(local) > + elif ext == ".gid": > + gid_files.append(local) > + return uid_files, gid_files > + > + > +def configure_adduser_pools(d): > + """Configures adduser UID/GID pools for users and groups with explicit IDs. > + > + Creates pool directories (/etc/adduser-uid.pool.d/ and > + /etc/adduser-gid.pool.d/) containing: > + - A numbered fragment (00-image-accounts.conf) generated from > + USERS/GROUPS entries with explicit uid/gid. > + - Additional .uid/.gid files from SRC_URI copied as numbered fragments. > + > + A minimal /etc/adduser.conf is pre-created pointing UID_POOL and GID_POOL > + at the respective directories. > + > + Args: > + d (DataSmart): The bitbake datastore. > + > + Returns: > + None > + """ > + import os > + import tempfile > + > + rootfsdir = d.getVar("ROOTFSDIR") > + workdir = d.getVar("WORKDIR") > + adduser_conf = "{}/etc/adduser.conf".format(rootfsdir) > + uid_pool_dir = "/etc/adduser-uid.pool.d" > + gid_pool_dir = "/etc/adduser-gid.pool.d" > + > + uid_pool_entries = [] > + seen_users = set() > + for entry in (d.getVar("USERS") or "").split(): > + if entry in seen_users: > + continue > + seen_users.add(entry) > + user_entry = "USER_{}".format(entry) > + uid = d.getVarFlag(user_entry, "uid") or "" > + if uid: > + uid_pool_entries.append("{}:{}".format(entry, uid)) > + > + gid_pool_entries = [] > + seen_groups = set() > + for entry in (d.getVar("GROUPS") or "").split(): > + if entry in seen_groups: > + continue > + seen_groups.add(entry) > + group_entry = "GROUP_{}".format(entry) > + gid = d.getVarFlag(group_entry, "gid") or "" > + if gid: > + gid_pool_entries.append("{}:{}".format(entry, gid)) > + > + # Collect .uid/.gid files from SRC_URI > + src_uid_files, src_gid_files = account_pool_files(d) > + > + has_uid_pool = uid_pool_entries or src_uid_files > + has_gid_pool = gid_pool_entries or src_gid_files > + > + if not has_uid_pool and not has_gid_pool: > + return > + > + # Create pool directories > + if has_uid_pool: > + bb.process.run( > + ["sudo", "mkdir", "-p", "{}{}".format(rootfsdir, uid_pool_dir)]) > + if has_gid_pool: > + bb.process.run( > + ["sudo", "mkdir", "-p", "{}{}".format(rootfsdir, gid_pool_dir)]) > + > + # Track seen names and IDs to detect duplicates across fragments. > + # 00-image-accounts.conf (from USERS/GROUPS) has highest priority. > + uid_seen_names = set() > + uid_seen_ids = set() > + gid_seen_names = set() > + gid_seen_ids = set() > + > + # Install fragment from USERS/GROUPS as 00-image-accounts.conf > + if uid_pool_entries: > + for e in uid_pool_entries: > + name, uid = e.split(":") > + uid_seen_names.add(name) > + uid_seen_ids.add(uid) > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.write("\n".join(uid_pool_entries) + "\n") > + tmp = f.name > + bb.process.run( > + ["sudo", "cp", tmp, > + "{}{}/00-image-accounts.conf".format(rootfsdir, uid_pool_dir)]) > + os.unlink(tmp) > + > + if gid_pool_entries: > + for e in gid_pool_entries: > + name, gid = e.split(":") > + gid_seen_names.add(name) > + gid_seen_ids.add(gid) > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.write("\n".join(gid_pool_entries) + "\n") > + tmp = f.name > + bb.process.run( > + ["sudo", "cp", tmp, > + "{}{}/00-image-accounts.conf".format(rootfsdir, gid_pool_dir)]) > + os.unlink(tmp) > + > + # Install .uid files from SRC_URI as numbered fragments, filtering > + # duplicates. Keeping original filenames provides traceability. > + for idx, uid_file in enumerate(src_uid_files, start=1): > + src = os.path.join(workdir, uid_file) > + filtered_lines = [] > + with open(src, "r") as f: > + for line in f: > + stripped = line.strip() > + if not stripped or stripped.startswith("#"): > + filtered_lines.append(line) > + continue > + parts = stripped.split(":") > + if len(parts) < 2: > + filtered_lines.append(line) > + continue > + name, uid = parts[0], parts[1] > + if name in uid_seen_names: > + bb.warn("{}: dropping '{}' (name already in pool)" > + .format(uid_file, stripped)) > + continue > + if uid in uid_seen_ids: > + bb.warn("{}: dropping '{}' (UID {} already in pool)" > + .format(uid_file, stripped, uid)) > + continue > + uid_seen_names.add(name) > + uid_seen_ids.add(uid) > + filtered_lines.append(line) > + > + dst_name = "{:02d}-{}.conf".format(idx, os.path.splitext(uid_file)[0]) > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.writelines(filtered_lines) > + tmp = f.name > + bb.process.run( > + ["sudo", "cp", tmp, "{}{}/{}".format(rootfsdir, uid_pool_dir, dst_name)]) > + os.unlink(tmp) > + > + # Install .gid files from SRC_URI as numbered fragments, filtering > + # duplicates. > + for idx, gid_file in enumerate(src_gid_files, start=1): > + src = os.path.join(workdir, gid_file) > + filtered_lines = [] > + with open(src, "r") as f: > + for line in f: > + stripped = line.strip() > + if not stripped or stripped.startswith("#"): > + filtered_lines.append(line) > + continue > + parts = stripped.split(":") > + if len(parts) < 2: > + filtered_lines.append(line) > + continue > + name, gid = parts[0], parts[1] > + if name in gid_seen_names: > + bb.warn("{}: dropping '{}' (name already in pool)" > + .format(gid_file, stripped)) > + continue > + if gid in gid_seen_ids: > + bb.warn("{}: dropping '{}' (GID {} already in pool)" > + .format(gid_file, stripped, gid)) > + continue > + gid_seen_names.add(name) > + gid_seen_ids.add(gid) > + filtered_lines.append(line) > + > + dst_name = "{:02d}-{}.conf".format(idx, os.path.splitext(gid_file)[0]) > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.writelines(filtered_lines) > + tmp = f.name > + bb.process.run( > + ["sudo", "cp", tmp, "{}{}/{}".format(rootfsdir, gid_pool_dir, dst_name)]) > + os.unlink(tmp) > + > + # Ensure pool directories are world-readable > + if has_uid_pool: > + bb.process.run( > + ["sudo", "chmod", "-R", "a+rX", "{}{}".format(rootfsdir, uid_pool_dir)]) > + if has_gid_pool: > + bb.process.run( > + ["sudo", "chmod", "-R", "a+rX", "{}{}".format(rootfsdir, gid_pool_dir)]) > + > + # Work-around: pre-create /etc/adduser.conf with pool directives and use > + # --force-confold so dpkg keeps our version when the adduser package is > + # installed. This is needed because adduser does not support loading > + # configuration from /etc/adduser.conf.d/ or from environment variables. > + conf_lines = [] > + conf_lines.append("# /etc/adduser.conf: `adduser' configuration.") > + conf_lines.append("# See adduser(8) and adduser.conf(5) for full documentation.") > + conf_lines.append("") > + if has_uid_pool: > + conf_lines.append("UID_POOL={}".format(uid_pool_dir)) > + if has_gid_pool: > + conf_lines.append("GID_POOL={}".format(gid_pool_dir)) > + > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.write("\n".join(conf_lines) + "\n") > + tmp = f.name > + bb.process.run(["sudo", "cp", tmp, adduser_conf]) > + bb.process.run(["sudo", "chmod", "644", adduser_conf]) > + os.unlink(tmp) > + > + > +# Work-around: use --force-confold so dpkg keeps our pre-created > +# /etc/adduser.conf when the adduser package is installed. > +ROOTFS_APT_ARGS += "-o DPkg::Options::=--force-confold" > + > +ROOTFS_CONFIGURE_COMMAND += "image_configure_adduser_pools" > +image_configure_adduser_pools[vardeps] += "USERS GROUPS" > +python image_configure_adduser_pools() { > + configure_adduser_pools(d) > +} > + > ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" > image_postprocess_accounts[vardeps] += "USERS GROUPS" > python image_postprocess_accounts() { > image_create_groups(d) > image_create_users(d) > + image_deploy_id_pools(d) > } > + > + > +def image_deploy_id_pools(d): > + """Deploys UID/GID pool files from the final rootfs to DEPLOY_DIR_IMAGE. > + > + Generates ${IMAGE_FULLNAME}.uid and ${IMAGE_FULLNAME}.gid files in > + adduser pool format (name:id) from /etc/passwd and /etc/group. > + > + Args: > + d (DataSmart): The bitbake datastore. > + > + Returns: > + None > + """ > + import os > + > + rootfsdir = d.getVar("ROOTFSDIR") > + deploy_dir = d.getVar("DEPLOY_DIR_IMAGE") > + image_fullname = d.getVar("IMAGE_FULLNAME") > + > + os.makedirs(deploy_dir, exist_ok=True) > + > + # Generate .uid from /etc/passwd > + uid_file = os.path.join(deploy_dir, "{}.uid".format(image_fullname)) > + with open("{}/etc/passwd".format(rootfsdir), "r") as f: > + with open(uid_file, "w") as out: > + for line in f: > + fields = line.strip().split(":") > + if len(fields) >= 3: > + out.write("{}:{}\n".format(fields[0], fields[2])) > + > + # Generate .gid from /etc/group > + gid_file = os.path.join(deploy_dir, "{}.gid".format(image_fullname)) > + with open("{}/etc/group".format(rootfsdir), "r") as f: > + with open(gid_file, "w") as out: > + for line in f: > + fields = line.strip().split(":") > + if len(fields) >= 3: > + out.write("{}:{}\n".format(fields[0], fields[2])) Felix, this is the proposal for Isar I was just referring to on cip-dev. I suppose it would benefit from another review and also some testing rounds to move forward. Jan -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/715387b2-1738-498c-9ec1-38920e1d6ff6%40siemens.com.