AW: Fixed user ids

["Schultschik, Sven" <sven.schultschik@siemens.com>]

[-- Attachment #1: Type: text/plain, Size: 2960 bytes --]

Hi Henning,

true, but the problem is different.
A little bit OT to understand the reason.
We have a A/B firmware update with a third partition which contains the /etc as overlay.

Now the passwd is saved in third partition with the UIds of the V1.0
With the V1.1 two services and accounts are added. Now the build add those new accounts and shift a lot of userids around.
If you do then a update from 1.0 to 1.1 the passwd from overlay overlays with different Uids.

A big migration script is not a good way too, so some sort of fixing some of the ids would keep the compatibility.

Regards
Sven

-----Ursprüngliche Nachricht-----
Von: Henning Schild <henning.schild@siemens.com> 
Gesendet: Mittwoch, 1. September 2021 17:55
An: Schultschik, Sven (DI PA DCP R&D 2) <sven.schultschik@siemens.com>
Cc: isar-users@googlegroups.com
Betreff: Re: Fixed user ids

Hey,

pre-fixed user ids would be an anti-pattern and would only work if
debian would do it.

If you need files to be owned by a specific user you chown and possibly
chmod them in postinst. Using the name and not an id. You create that
user in case it is not already there.


https://github.com/ilbers/isar/blob/master/doc/user_manual.md#home-directory-contents-prefilling

and here the example postinst

https://github.com/ilbers/isar/blob/master/meta-isar/recipes-app/example-raw/files/postinst

This is also how debian does things. i.e. when a webserver needs the
user "www", all web-server packages would create that user if not
there, and chown/chmod based on the name.

I think every file in a debian package will always belong to root:root,
and deviations need to be chowned in postinst.

Henning

Am Wed, 1 Sep 2021 12:04:57 +0000
schrieb "Schultschik, Sven" <sven.schultschik@siemens.com>:

> Hi ISAR users,
> 
>  
> 
> I’m currently thinking about to freeze the users and group ids.
> 
>  
> 
> I have different ideas in mind, but I wanted to ask which would be
> the best way with ISAR to generate fixed user and group ids.
> 
>  
> 
> Or do you just pre create all needed user accounts before installing
> the packages within the build process?
> 
>  
> 
> Mit freundlichen Grüßen
> Sven Angelo Schultschik
> 
> Siemens AG
> Digital Industries
> Process Automation
> Software House Khe
> DI PA DCP R&D 2
> Östliche Rheinbrückenstr. 50
> 76187 Karlsruhe, Deutschland
> Tel.: +49 721 6672-0128
> Mobil: +49 162 4975705
>  <mailto:sven.schultschik@siemens.com>
> mailto:sven.schultschik@siemens.com <https://siemens.com>
> www.siemens.com
> 
> Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim
> Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Cedrik Neike,
> Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der
> Gesellschaft: Berlin und München, Deutschland; Registergericht:
> Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE
> 23691322
> 


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 14944 bytes --]