From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 21 May 2026 18:45:04 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f62.google.com (mail-qv1-f62.google.com [209.85.219.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 64LGj3YA000682 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 21 May 2026 18:45:03 +0200 Received: by mail-qv1-f62.google.com with SMTP id 6a1803df08f44-8badccc9194sf121432366d6.1 for ; Thu, 21 May 2026 09:45:03 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1779381898; cv=pass; d=google.com; s=arc-20240605; b=LO623namuuGBMycSJ7Wb4CvsHt8c+Tmt+cqRJCdb9GBo3An28s9pa7mMjvxAL4ioKs r189LtQsFRteVYrLVMLBFmBHmAE/igrhb49Q0dgc73jCGC6AOgh1z9DBwtSu8BUWVdMM lT90AjMRrzkPbPm8aFWC9ZE7pP3IPCcp1Dub9A00r4XQFddRf8VASSMbbKLsWtdf+9/x iqH3jssoiEy+Cjb67l1nMcGKc3cZ2q4dcj2NFwJRPqSbE5IgeKuCeiE4MQ5TCkvrmT8D pyBt3H7Gam4xzoBJ0Hh1kSsR5JJ78LQW/JBjXs7+tpeuZ32UUxoYQWoFuMM3cccnmJcp wAMg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:in-reply-to :autocrypt:cc:content-language:from:references:to:subject:user-agent :date:message-id:dkim-signature; bh=wQO+Ro2d5ZhvWejoJtVKsI490e+fnHkVI+5AR7EqGRU=; fh=zWmlmvgbGFQn3shYfuinj0RnhSr4RbM4J9vFr1GYP0g=; b=DOk1xLbpVWr6OwfC0C7hCTHdM0zdSIOiSKMDuvZIMMcyGZUFmRqU/L9Ke7hUUHlpy3 cdU4u5hppoopMig1JjzrH874cerpmhd6qwJd4TsPX3Lh25eN4lA/c6akV/X/kSORwC1T FOZHqUtfYe6zvxyxyxPEg+RgJhELZDY5H2TKRefoh6BRU7zkuev3/cyWUIRbPiNaW+sB a8LcFQ1o86vnJ0MJlSX+D8hCLCT5y0LrhRWbmSEohN/cv/Jyd0L8AWmTZ0BEDuZm1+/O wooSpWBPvJxNWhF6bA+e48sJ5nTeMlriXe6wYXbvhwvTJdUEiYFSnlpxMeuzbN59FC+E WUeQ==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=uFClEvBf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1779381898; x=1779986698; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:cc:content-language:from:references:to :subject:user-agent:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=wQO+Ro2d5ZhvWejoJtVKsI490e+fnHkVI+5AR7EqGRU=; b=AFBoCfHMMRZ6FFKZscj0irdf/JCGW0zRXOZ3Z43C2bbDRMktTPMAjun7InDERXS2rQ H5u6UKoGu60ANILLOTAjLwZVlhc4Z/7irnmU6tUUUIDikhy3y/V+cH5euCDdtzrB/zwP f3Eylmp8FexP/CQ6C3Yw0VacG6DRFGdE8d5l5BaEO2QvF+0kWuQzXh0yovfS8QgMPjPb 8c3HCfj7h/q+BKDXqhKQhnMvOdCUKE1qolgrcZu65mvNSm+87htLTkOKDNytURokUNtn dyoxLsMl0TFL82og9d6cG4qYb3TeVtVj2plNVdi9PLDVjCtek1vUomYiuPp0sdlo5aGU Svgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779381898; x=1779986698; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:cc:content-language:from:references:to :subject:user-agent:date:message-id:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=wQO+Ro2d5ZhvWejoJtVKsI490e+fnHkVI+5AR7EqGRU=; b=I15bbgXNvXvz44lLe6PS20S1TzkX9DfQMw7BZEUtsw2DPLS1VwzWDzjRxHHYDcY1bC cfBXVL+18G5Qz1Rfuhx2wKpDvXsAqtZ2ENj+gfuOZmrfQxN0VXWt+XWdTJvd7M/A48sN QPgNrLG7RSzFTauk7px/ce27Y8OqcWEMK+Th2EmuoWNgqb6p/3h9di4oEa7l2oK4pT4s YM7iOszQcTzIGrK0DnHYGxhir9Wbo5Z2UxKkk1tTsWZpISMmWsB8lPEOoBwFzDn3yQ1F pbyWI/iGktphM4ZPHtC+5ZSpPDhfGiIVkDVn76u23GkfC6beyaarUoZGEWiWlkvdlbs/ PJzA== X-Forwarded-Encrypted: i=3; AFNElJ8wjNMsGd+5BfcYaTa940IcBMdmTmjl5xUmcWSMfokTd8qA7+H9yoNQtZqxKOs7qaKXSBpy@ilbers.de X-Gm-Message-State: AOJu0YzOIW8PgOa+uswuvD0aTFm2SKnf/J09APNqvesQRMrCvrohjbSi gd+hXbXiymT4rwDhfPH991oVYbk89cDpFy66BimzPNezP9MQxYtICRDO X-Received: by 2002:a05:6214:5d88:b0:89c:5b90:3d80 with SMTP id 6a1803df08f44-8cc7b60e0bamr1009206d6.34.1779381897684; Thu, 21 May 2026 09:44:57 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="AUV6zMNA9607fP+ioznXLCeEVSixQKpCaZgHjmfsT3TDbXixrA==" Received: by 2002:ad4:5ecc:0:b0:8ac:a471:c7d8 with SMTP id 6a1803df08f44-8c9416a4271ls239679126d6.0.-pod-prod-06-us; Thu, 21 May 2026 09:44:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AFNElJ9IPxUZ10wPfVATjTvz+WDopKd440DZ1nFeUBqdFUUl/ZjQ6swePSzN2tW7Js5NcIjmhvWr7v6W/LKZ@googlegroups.com X-Received: by 2002:a05:6102:158b:b0:650:94b2:b202 with SMTP id ada2fe7eead31-6739b126486mr2460928137.22.1779381896687; Thu, 21 May 2026 09:44:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1779381896; cv=pass; d=google.com; s=arc-20240605; b=CF2Rx3aErATkakG8C1PDzKV+UN9fNk4Z5qMSpkK1P8X22xvFDiNRVolc1XmIRW5Mu6 CCtMgg85aSnIQUXi3ZTEwOKxy4l4UuHNB8KUbXFEjtNIszhWua8gboYKLfOym2hnRkiK uHue7Qu4Dk3BuEiicvpa6MgbXq84ObER9dkMn2MYaCmz9o1nDNf8D04G5/MdL1L59rgW eU4fQ3GNF/n+ACj3pvdXSX8zDJdntAH+rAmvnF5LjGsKi5kD66k/SNfKRdUAHK0jytWF xszYBPs23ro56M2MjdUExTu+k0ZF4KL+/jEgfdORsrAPEatfgVtTpOqwgAo5eGalIfno KdsQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:in-reply-to:autocrypt:cc :content-language:from:references:to:subject:user-agent:date :message-id:dkim-signature; bh=+Z9pyY8A6B2snwBdvFQlDQBpkVYAL5vWme3ZH10SYvA=; fh=rNDd2o9z3zCg/gUGgCkqi7yQuLHpPcuTyTonF0jH3yo=; b=MRKW/6SyIKBq10pESHFw9DvJa7lSlTt29CmIieNip6SVFu5QZUYGw+yDV2YdSDwW18 WU4hO4sizIEPGOOqvxXytxhCJU5klE600jS3GH2GlWGnQHqXwSuQugebd5L0+09pyJD1 g0EkUUt+uNObsRt/YVqkR2D5KQqlz9attWRzX6/aK511Ywh+zL/Q/bJ/vLhEfXliDYvX FMMsWGS5BID7e1U6KUQIorpwlNJR6GvpB2hxgRuRwh3F+j5SF4K1/9j+YZZuSkvw031h gjKP+R0FpP6Ngcwb0aGJnMKvgoXhO20TGQqcvZgdGsq3aHKDCEQDCDp28206Wr/t5G7U KmlQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=uFClEvBf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from OSPPR02CU001.outbound.protection.outlook.com (mail-norwayeastazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c20f::7]) by gmr-mx.google.com with ESMTPS id ada2fe7eead31-679eb27116bsi37657137.1.2026.05.21.09.44.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 May 2026 09:44:56 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) client-ip=2a01:111:f403:c20f::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LWEsV8yjqg/onAIQWA2nkyS9RY4jzf5W36xikxk6o8ws5kfCtMBQYhYuhL3gHcU4kOBNwmSaH63pzvL4yGppR1ciXaFKgo+XagQXJZsmWPED/sLU0IgIfEkc7i8aLmr6B1EXH8R9v5bAIpwKgS1Cx9XFE2g4DM0Um4R/EBj74HFNSohPpPa0DPUuJoOibrcyws2I5S+fvikd33XTyyalaszbiyX6Q5DnG9EmrVcpqoVkHDh+nak3YKvjj6M9d+unT4y0hRrdlvoPoeB6ZVslSNRYh8dqCI2z3D6GAvbKppwEFwdvhFUNqq+2p006skHJUfIjUPCe3dHkUzlBYmar7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+Z9pyY8A6B2snwBdvFQlDQBpkVYAL5vWme3ZH10SYvA=; b=mx/gUlhnSnlz5Urtn7LQHHwj90dYSrcTfa7rkhZPWeUvPunz0zxoSg4gKPxYt+R1nyStfaE7r7BqiFHx4o9BdT+g2szvHk3+67cVRQ6WfIg4vLtdLR9Q9wB9N7RzVNTCGr7ZArHOLAv8GvMTuU1MWbItCKpJWbP5kCWeHmEMADFkt1b62zHyfA77sVDL5B5hvRZFKZbrtIioX11IXoa9Qc8YK1s0R9dSApW8yhH2l9G9vTVsJ+cLNaeuej/MKooznNjLHkS1+GHznvNYfqjL+gKHkz98mg/1yUpqp3bJmIOn0i+Ci87Bd0qGv9zEiUO07C1F5yYDqSwOpcfFAihpDQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by AM8PR10MB4003.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:1e0::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.22; Thu, 21 May 2026 16:44:54 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::be9f:e8ca:ee9:83e1%3]) with mapi id 15.21.0048.013; Thu, 21 May 2026 16:44:53 +0000 Message-ID: Date: Thu, 21 May 2026 18:44:51 +0200 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] image-account-extension: configure adduser UID/GID pools To: Cedric Hombourger , isar-users@googlegroups.com References: <20260521162215.1348898-1-cedric.hombourger@siemens.com> From: "'Jan Kiszka' via isar-users" Content-Language: en-US Cc: Quirin Gylstorff , Christian Storm Autocrypt: addr=jan.kiszka@siemens.com; keydata= xsFNBGZY+hkBEACkdtFD81AUVtTVX+UEiUFs7ZQPQsdFpzVmr6R3D059f+lzr4Mlg6KKAcNZ uNUqthIkgLGWzKugodvkcCK8Wbyw+1vxcl4Lw56WezLsOTfu7oi7Z0vp1XkrLcM0tofTbClW xMA964mgUlBT2m/J/ybZd945D0wU57k/smGzDAxkpJgHBrYE/iJWcu46jkGZaLjK4xcMoBWB I6hW9Njxx3Ek0fpLO3876bszc8KjcHOulKreK+ezyJ01Hvbx85s68XWN6N2ulLGtk7E/sXlb 79hylHy5QuU9mZdsRjjRGJb0H9Buzfuz0XrcwOTMJq7e7fbN0QakjivAXsmXim+s5dlKlZjr L3ILWte4ah7cGgqc06nFb5jOhnGnZwnKJlpuod3pc/BFaFGtVHvyoRgxJ9tmDZnjzMfu8YrA +MVv6muwbHnEAeh/f8e9O+oeouqTBzgcaWTq81IyS56/UD6U5GHet9Pz1MB15nnzVcyZXIoC roIhgCUkcl+5m2Z9G56bkiUcFq0IcACzjcRPWvwA09ZbRHXAK/ao/+vPAIMnU6OTx3ejsbHn oh6VpHD3tucIt+xA4/l3LlkZMt5FZjFdkZUuAVU6kBAwElNBCYcrrLYZBRkSGPGDGYZmXAW/ VkNUVTJkRg6MGIeqZmpeoaV2xaIGHBSTDX8+b0c0hT/Bgzjv8QARAQABzSNKYW4gS2lzemth IDxqYW4ua2lzemthQHNpZW1lbnMuY29tPsLBlAQTAQoAPhYhBABMZH11cs99cr20+2mdhQqf QXvYBQJmWPvXAhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGmdhQqfQXvY zPAP/jGiVJ2VgPcRWt2P8FbByfrJJAPCsos+SZpncRi7tl9yTEpS+t57h7myEKPdB3L+kxzg K3dt1UhYp4FeIHA3jpJYaFvD7kNZJZ1cU55QXrJI3xu/xfB6VhCs+VAUlt7XhOsOmTQqCpH7 pRcZ5juxZCOxXG2fTQTQo0gfF5+PQwQYUp0NdTbVox5PTx5RK3KfPqmAJsBKdwEaIkuY9FbM 9lGg8XBNzD2R/13cCd4hRrZDtyegrtocpBAruVqOZhsMb/h7Wd0TGoJ/zJr3w3WnDM08c+RA 5LHMbiA29MXq1KxlnsYDfWB8ts3HIJ3ROBvagA20mbOm26ddeFjLdGcBTrzbHbzCReEtN++s gZneKsYiueFDTxXjUOJgp8JDdVPM+++axSMo2js8TwVefTfCYt0oWMEqlQqSqgQwIuzpRO6I ik7HAFq8fssy2cY8Imofbj77uKz0BNZC/1nGG1OI9cU2jHrqsn1i95KaS6fPu4EN6XP/Gi/O 0DxND+HEyzVqhUJkvXUhTsOzgzWAvW9BlkKRiVizKM6PLsVm/XmeapGs4ir/U8OzKI+SM3R8 VMW8eovWgXNUQ9F2vS1dHO8eRn2UqDKBZSo+qCRWLRtsqNzmU4N0zuGqZSaDCvkMwF6kIRkD ZkDjjYQtoftPGchLBTUzeUa2gfOr1T4xSQUHhPL8zsFNBGZY+hkBEADb5quW4M0eaWPIjqY6 aC/vHCmpELmS/HMa5zlA0dWlxCPEjkchN8W4PB+NMOXFEJuKLLFs6+s5/KlNok/kGKg4fITf Vcd+BQd/YRks3qFifckU+kxoXpTc2bksTtLuiPkcyFmjBph/BGms35mvOA0OaEO6fQbauiHa QnYrgUQM+YD4uFoQOLnWTPmBjccoPuiJDafzLxwj4r+JH4fA/4zzDa5OFbfVq3ieYGqiBrtj tBFv5epVvGK1zoQ+Rc+h5+dCWPwC2i3cXTUVf0woepF8mUXFcNhY+Eh8vvh1lxfD35z2CJeY txMcA44Lp06kArpWDjGJddd+OTmUkFWeYtAdaCpj/GItuJcQZkaaTeiHqPPrbvXM361rtvaw XFUzUlvoW1Sb7/SeE/BtWoxkeZOgsqouXPTjlFLapvLu5g9MPNimjkYqukASq/+e8MMKP+EE v3BAFVFGvNE3UlNRh+ppBqBUZiqkzg4q2hfeTjnivgChzXlvfTx9M6BJmuDnYAho4BA6vRh4 Dr7LYTLIwGjguIuuQcP2ENN+l32nidy154zCEp5/Rv4K8SYdVegrQ7rWiULgDz9VQWo2zAjo TgFKg3AE3ujDy4V2VndtkMRYpwwuilCDQ+Bpb5ixfbFyZ4oVGs6F3jhtWN5Uu43FhHSCqUv8 FCzl44AyGulVYU7hTQARAQABwsF8BBgBCgAmFiEEAExkfXVyz31yvbT7aZ2FCp9Be9gFAmZY +hkCGwwFCQWjmoAACgkQaZ2FCp9Be9hN3g/8CdNqlOfBZGCFNZ8Kf4tpRpeN3TGmekGRpohU bBMvHYiWW8SvmCgEuBokS+Lx3pyPJQCYZDXLCq47gsLdnhVcQ2ZKNCrr9yhrj6kHxe1Sqv1S MhxD8dBqW6CFe/mbiK9wEMDIqys7L0Xy/lgCFxZswlBW3eU2Zacdo0fDzLiJm9I0C9iPZzkJ gITjoqsiIi/5c3eCY2s2OENL9VPXiH1GPQfHZ23ouiMf+ojVZ7kycLjz+nFr5A14w/B7uHjz uL6tnA+AtGCredDne66LSK3HD0vC7569sZ/j8kGKjlUtC+zm0j03iPI6gi8YeCn9b4F8sLpB lBdlqo9BB+uqoM6F8zMfIfDsqjB0r/q7WeJaI8NKfFwNOGPuo93N+WUyBi2yYCXMOgBUifm0 T6Hbf3SHQpbA56wcKPWJqAC2iFaxNDowcJij9LtEqOlToCMtDBekDwchRvqrWN1mDXLg+av8 qH4kDzsqKX8zzTzfAWFxrkXA/kFpR3JsMzNmvextkN2kOLCCHkym0zz5Y3vxaYtbXG2wTrqJ 8WpkWIE8STUhQa9AkezgucXN7r6uSrzW8IQXxBInZwFIyBgM0f/fzyNqzThFT15QMrYUqhhW ZffO4PeNJOUYfXdH13A6rbU0y6xE7Okuoa01EqNi9yqyLA8gPgg/DhOpGtK8KokCsdYsTbk= In-Reply-To: <20260521162215.1348898-1-cedric.hombourger@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: FR0P281CA0227.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:b2::7) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|AM8PR10MB4003:EE_ X-MS-Office365-Filtering-Correlation-Id: a5f4a4e9-5b32-4af8-056f-08deb75848ad X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|3023799007|18002099003|56012099003|22082099003|55112099003|11063799006|6133799003|5023799004; X-Microsoft-Antispam-Message-Info: kSifjBoDqN41c+ViOfxYsjZP6ar6Ew7woHUD1wqxZXbzB8dDHUGZYVuTvSEmbIszJ2z9mukNVKGluP5oGZIqg4LtgJrsZO7OHfL15DdFAAjZGQsIBr+8FysLHqvNDAebbka1aV+uY9ClzDL/2XF1SWVSf2qwC3ng/NZC8dlFdnyfuNLUSiplABI388RpFX15pKuIqlGVb5tSltNt9SVOcN2gn+/K+MakJyqmp6qLNkYu4frVxIiru7O9gfvORYe+ZteXsq8kzbgNiyy85ObxeAPgUw9xx/zysUJN6fDARb/SULOxph2rYyqhdQrW2TUfSiUxBrK233cenHdUFsj5FrVIIkFuWEB3JSg3AuFtg6IcWSGmEApYKszJg9DkmDzKAtaZGRHxkas5xSd4jd3Qa4jc5sDRFgQja3Z8Bf8Y5brs312nhW//7ja6l6q7yP9cCZJEe9P0Vw0AUylpTdYn3DmUgdL6OgGsYrcahiI4dG4aLaiL5pYZO9gLLm94wQgi+vCFUI/lB5v+yCGv4dGyTxMpSqbyDAXow9EL27kaQ9iPLbd8lNZ0B4mjMqedYIdxlF2iZc8Oi889gvz6MFuPLrVDhOnoYqjfKV8rkZ5fN6x46/Go0zoiexyorDAzGZjOBoJBrGzJgilL1dSHkNziS6THcGQ4gJZZ32KAkD/kJytTKKHY3nb/tm9+u8b7kvyC X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(3023799007)(18002099003)(56012099003)(22082099003)(55112099003)(11063799006)(6133799003)(5023799004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZGVxdmh5ZGFVeVp0TTJya0RUNmlnaC92MUpWNnJpM3k1Q3NwMlRzTld6anlC?= =?utf-8?B?OXpoVE9EVkNtbFhRYlBBQjdnUm1UNTRWRXcybEhnR3hrV041eXRPY0xrUVFq?= =?utf-8?B?ODFQSXI3Vkl1eXp5anRjeG9QRnF2SmRVL29hUXViQi9vUC81RWdBVUk1VGNm?= =?utf-8?B?bFRGc0pqTDVBNjJiMDc0ckltbHdIMStOR3kxYVozN2lwczlxckNaaFk4Nm9O?= =?utf-8?B?RjNkL2tqN2hhTmx2NndxU2ljYktiMTFnR1NyVkhyNDZ4Q2NLRlFLbDNFUnlj?= =?utf-8?B?SndoakxIR0dBV0lsZ0s0UHNCcVVweXZoNk1qTWE1bGh1RkVxaUMyTjJzcFc5?= =?utf-8?B?ZlZhWTgrbEVXNU1DUllIeWtFNkp4eGVkc1pnWmpESTJQSHZRWVlGYmxnTktl?= =?utf-8?B?YTRHN0ZSNUR0M1hwU2d6bStNelgyaHhZb25TQ0s5QzJDQkV5Wm5rWU03SVlZ?= =?utf-8?B?M3cyKzRUek0vQ1Y1RkxZR0tTOG9salc2M1p3ZmR3QWg5dDkzay9kdmZNNXlv?= =?utf-8?B?ZjcxTjRlUkQ0NEwyUnVRUEZKblY0RFlkQWJDS05VZHk1TUpZcmlBang1VkZV?= =?utf-8?B?RFE3KzNpQXV4TFkwTmZ4cEs0ajZjRmUxK3graVJKZVVxTGFvQnl4Y3dVaVgr?= =?utf-8?B?ZXVQRm00RzM0Tyt3aS9WRmZYaFBNQWFITTR1dUdZU0VvRzNwNmpzNHUydzkx?= =?utf-8?B?RnFBNFVucWs5UUlFUU42bjVMbjlWTGdSTzJ0dlhzRkY0NWVBSlozSGMzcTZs?= =?utf-8?B?MFRSZHVTRlljWnFQNUJ0bEswU2VSNStlU29hdlo2K2JON3AwOGFYK0tReUNP?= =?utf-8?B?QWZCT3Ftbmhnd3VBaVovTlNicWl5Rmd3TVhtKy8yODEyU2lDdC9ZVEJRTGxk?= =?utf-8?B?K0lUSDJlTEZwelp4NXl1YTdxYnc5bEFqQXBKbWF4Vm0yS1lPM1JEK0hmQ3Rr?= =?utf-8?B?M3pwMEVVRzlDU2lqV2w2Mjl4UTh5RHl1c1BDdGtqTndXRVVjRHhMMVVWbjhl?= =?utf-8?B?dHRORHlaTkdydDVQVGdHSStHY0FDTEQyNlVkYjVDaDNUM2FNRnJraVpxZDE1?= =?utf-8?B?cm1NMEUvU2NVd3B2cFFFSTdKRnU1bEVGUmlxaUJOSFgzRmdha01USWdUSFcw?= =?utf-8?B?S1pDTmN1Y3lsWDhGc2FKNlUzY3hMbHRnNWJOeXdzQ21Fc3BhS3pFUUhrZ2tK?= =?utf-8?B?Y1YyRkFyQzVOZHdxMEN2MGgrcEdIM0VMc1dDVFRKLzR3NkJIMGVtTExkVDdZ?= =?utf-8?B?SGJuRnowcmlvS3N0V0crOG44UGFyaU8vSnpNMnVoVktVYTRLU2FFejFBeXps?= =?utf-8?B?MFlDZGNLSGNyRmFER0loc1UybFIzTXdIOE0vNU9XWE1aQ2FEcytuM3VKTEVn?= =?utf-8?B?eVAzbnphblFjTnd5L0EzTnZnY2kwcm5Nd25OanN5Vy9pa3ZHOGYxa2NsdjFR?= =?utf-8?B?dTJXdGVwMG9qZmsweGVDbXVVN2tLZlRMdWx2ZWp5a0dOa1hXd1BVajBsdWhp?= =?utf-8?B?MDNNaG9tOExtY0xacG5UM3NVbWJBRnRiRzFrS09ndlNrdFNBSjNVNmVtWlJx?= =?utf-8?B?WlNrRTE4SFZUYldTalZUYmIrOUUxY0FwdzRFN1YzTEkvamp6ZkZCd3g3eGtD?= =?utf-8?B?UFFsSm8xblEvelU3Nm11L0h4cFp4WHhpbnZzWkZra3J4ZDU3M2dEUUZZdlJS?= =?utf-8?B?V281UUYrRHBIRXVudjBFMkN2T2lMZEpJdVBwVjQ4Sm1EYzFIUDRmVVBUaVVQ?= =?utf-8?B?QlZQcTRjanZya2R6SnBqMU4wRmM5c0tmRVljN0xqa0oycWx3YzNFcWpTaktu?= =?utf-8?B?Z3hpVCsrN3pLSmpDRlJmUDF4UnlkbnYweGdyQlV4WXBXKzd1NzVtaFFwWXZn?= =?utf-8?B?bVpkcVdtQXFqM2ZHVUtOK2Nqb3dHUHM0QmREVWlGY1E0L3lIRnNONHdlYUN4?= =?utf-8?B?V2haQkVrM1BPNStXYjRLR2d1dVZaS0lhWVVMbUZqbDFWZ3VKNVN6eEhOOVFm?= =?utf-8?B?R3FmUGhBZm1sSERQN29YK0dzOUJIK1g1MkZ5b1M0eDNMK1dab0xJZ3UxUkFm?= =?utf-8?B?MDVXQ3pOZ0JZcklIUHpacXEzQkZZVkRFRXZKUHg3ZGpsam5qTHA1bDZVYzBJ?= =?utf-8?B?V2NHc00yUUhJUk45dVp3NzBZVnp0a0pYa3FZZVpjR3VJaDd4cmVkU3FFeFNn?= =?utf-8?B?MWZkdlZISGNUUEhWbWl1d1hoeTVRM3VLV2lKT05tVjRVUGJPYjljNzRmWW9I?= =?utf-8?B?a2drb1RQNnlDWTNCbllxUnVrTXk5YVpNRTdqemYxOVA1emNTYVpMa0QxQWFh?= =?utf-8?B?Q0dBTlNoc1pFRFdEV29UNTJrWWVWVzNXMUZ2enZ2SlY2c0MwMks2UT09?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a5f4a4e9-5b32-4af8-056f-08deb75848ad X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2026 16:44:53.8962 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Sacm210qOA154yLVN6yKQ6AZ3wRJe/SQdPCf47rxql0aKA8/fcVIdWE9O1yyT1jRMgxxz31lj/51PWfh2bYHSQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR10MB4003 X-Original-Sender: jan.kiszka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=uFClEvBf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c20f::7 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Jan Kiszka Reply-To: Jan Kiszka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: gYLmAVSrSB1l On 21.05.26 18:21, 'Cedric Hombourger' via isar-users wrote: > For users and groups with an explicit uid/gid set, generate adduser pool > files so that maintainer scripts calling adduser/addgroup during package > installation will reserve the expected IDs. > > A new 'reserve-only' flag allows entries to exist solely for pool > reservation without being explicitly created during image postprocessing. > > Work-around: /etc/adduser.conf is pre-created with UID_POOL/GID_POOL > directives and --force-confold is passed to dpkg so that our version is > kept when the adduser package is installed. This is needed because > adduser does not support loading configuration fragments from a .d > directory or from environment variables. We want to discuss this! > Do we want to create images from a template richer than bootstrap > so adduser could be pre-installed and possibly its configuration > already patched to use UID_POOL / GID_POOL? > This is a valuable starting point for (public) discussions, thanks! Internally, we already thought about this, also considering to add a way for deriving this preceeding of the UIDs/GIDs from a "version 1" run of a build so that you do not have to collect and encode all the data manually. This would also emulate a normal Debian system lifecycle: Install a blank version, then add or upgrade packages, thus, users/groups while maintaining the assignments of the initial installation. Jan > Signed-off-by: Cedric Hombourger > --- > doc/user_manual.md | 44 +++++-- > .../image-account-extension.bbclass | 113 +++++++++++++++++- > 2 files changed, 145 insertions(+), 12 deletions(-) > > diff --git a/doc/user_manual.md b/doc/user_manual.md > index 69e8dfef..3bd2e767 100644 > --- a/doc/user_manual.md > +++ b/doc/user_manual.md > @@ -737,7 +737,8 @@ The `GROUP_` variable contains the settings of a group named `groupna > > - `gid` - The numeric group id. > - `flags` - A list of additional flags of the group. Those are the currently recognized flags: > - - `system` - The group is created using the `--system` parameter. > + - `system` - The group is created using the `--system` parameter. > + - `reserve-only` - The group is not explicitly created during image postprocessing. Instead, its `gid` is reserved in the adduser GID pool so that packages creating this group via maintainer scripts will use the specified ID. > > The `USERS` and `USER:` variable works similar to the `GROUPS` and `GROUP:` variable. The difference are the accepted flags of the `USER:` variable. It accepts the following flags: > > @@ -750,13 +751,14 @@ The `USERS` and `USER:` variable works similar to the `GROUPS` and `GR > - `home` - This changes the default home directory of the user with `usermod --move-home`. Only takes effect when used together with the `create-home` flag. > - `shell` - This users login shell > - `groups` - A space separated list of groups this user is a member of. > - - `flags` - A list of additional flags of the user: > - - `no-create-home` - `useradd` will be called with `-M` to prevent creation of the users home directory. > - - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory. > - - `system` - `useradd` will be called with `--system`. > - - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. > - - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. > - - `force-passwd-change` - Force the user to change to password on first login. > + - `flags` - A list of additional flags of the user: > + - `no-create-home` - `useradd` will be called with `-M` to prevent creation of the users home directory. > + - `create-home` - `useradd` will be called with `-m` to force creation of the users home directory. > + - `system` - `useradd` will be called with `--system`. > + - `allow-empty-password` - Even if the `password` flag is empty, it will still be set. This results in a login without password. > + - `clear-text-password` - The `password` flag of the given user contains a clear-text password and not an encrypted version of it. > + - `force-passwd-change` - Force the user to change to password on first login. > + - `reserve-only` - The user is not explicitly created during image postprocessing. Instead, its `uid` is reserved in the adduser UID pool so that packages creating this user via maintainer scripts will use the specified ID. > > #### Example > > @@ -779,6 +781,32 @@ USER_root[flags] = "create-home system force-passwd-change" > > Some examples can be also found in `meta-isar/conf/local.conf.sample`. > > +#### UID/GID pool reservation > + > +When a user or group entry has an explicit `uid` or `gid` set, it is added to > +the adduser UID/GID pool. This ensures that packages creating users or groups > +via their maintainer scripts (e.g. `adduser` or `addgroup`) will allocate the > +specified IDs. Combined with the `reserve-only` flag, this allows reserving IDs > +without explicitly creating the accounts: > + > +``` > +USERS += "tss" > +USER_tss[uid] = "666" > +USER_tss[flags] = "reserve-only" > + > +GROUPS += "tss" > +GROUP_tss[gid] = "666" > +GROUP_tss[flags] = "reserve-only" > + > +GROUPS += "docker" > +GROUP_docker[gid] = "1234" > +GROUP_docker[flags] = "reserve-only" > +``` > + > +In this example, when `tpm2-abrmd` or `docker.io` are installed, their > +maintainer scripts will create the `tss` and `docker` accounts using the > +reserved IDs rather than dynamically allocated ones. > + > #### Home directory contents prefilling > > To cover all users simply use `/etc/skel`. Files in there will be available in every home directory under correct permissions. > diff --git a/meta/classes-recipe/image-account-extension.bbclass b/meta/classes-recipe/image-account-extension.bbclass > index e874f3c7..7dfcd8e0 100644 > --- a/meta/classes-recipe/image-account-extension.bbclass > +++ b/meta/classes-recipe/image-account-extension.bbclass > @@ -14,16 +14,18 @@ python() { > for entry in (d.getVar("GROUPS") or "").split(): > group_entry = "GROUP_{}".format(entry) > d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(group_entry)) > + d.appendVarFlag("image_configure_adduser_pools", "vardeps", " {}".format(group_entry)) > d.appendVarFlag("do_rootfs_install", "vardeps", " {}".format(group_entry)) > > for entry in (d.getVar("USERS") or "").split(): > user_entry = "USER_{}".format(entry) > d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(user_entry)) > + d.appendVarFlag("image_configure_adduser_pools", "vardeps", " {}".format(user_entry)) > d.appendVarFlag("do_rootfs_install", "vardeps", " {}".format(user_entry)) > } > do_rootfs_install[vardeps] += "GROUPS USERS" > > -def image_create_groups(d: "DataSmart") -> None: > +def image_create_groups(d): > """Creates the groups defined in the ``GROUPS`` bitbake variable. > > Args: > @@ -40,6 +42,10 @@ def image_create_groups(d: "DataSmart") -> None: > args = [] > group_entry = "GROUP_{}".format(entry) > > + flags = (d.getVarFlag(group_entry, "flags") or "").split() > + if "reserve-only" in flags: > + continue > + > with open("{}/etc/group".format(rootfsdir), "r") as group_file: > exists = any(line.startswith("{}:".format(entry)) for line in group_file) > > @@ -59,7 +65,7 @@ def image_create_groups(d: "DataSmart") -> None: > bb.process.run([*chroot, "/usr/sbin/groupadd", *args, entry]) > > > -def image_create_users(d: "DataSmart") -> None: > +def image_create_users(d): > """Creates the users defined in the ``USERS`` bitbake variable. > > Args: > @@ -78,6 +84,10 @@ def image_create_users(d: "DataSmart") -> None: > args = [] > user_entry = "USER_{}".format(entry) > > + flags = (d.getVarFlag(user_entry, "flags") or "").split() > + if "reserve-only" in flags: > + continue > + > with open("{}/etc/passwd".format(rootfsdir), "r") as passwd_file: > exists = any(line.startswith("{}:".format(entry)) for line in passwd_file) > > @@ -99,8 +109,6 @@ def image_create_users(d: "DataSmart") -> None: > args.append("--groups") > args.append(','.join(groups)) > > - flags = (d.getVarFlag(user_entry, "flags") or "").split() > - > if exists: > add_user_option("--home", "home") > if d.getVarFlag(user_entry, "home") or "": > @@ -143,6 +151,103 @@ def image_create_users(d: "DataSmart") -> None: > bb.process.run([*chroot, "/usr/bin/passwd", "--expire", entry]) > > > +def configure_adduser_pools(d): > + """Configures adduser UID/GID pools for users and groups with explicit IDs. > + > + Creates pool files and a minimal /etc/adduser.conf with UID_POOL/GID_POOL > + directives before package installation. > + > + Args: > + d (DataSmart): The bitbake datastore. > + > + Returns: > + None > + """ > + import os > + import tempfile > + > + rootfsdir = d.getVar("ROOTFSDIR") > + adduser_conf = "{}/etc/adduser.conf".format(rootfsdir) > + uid_pool_path = "/etc/adduser-uid.pool" > + gid_pool_path = "/etc/adduser-gid.pool" > + > + uid_pool_entries = [] > + seen_users = set() > + for entry in (d.getVar("USERS") or "").split(): > + if entry in seen_users: > + continue > + seen_users.add(entry) > + user_entry = "USER_{}".format(entry) > + uid = d.getVarFlag(user_entry, "uid") or "" > + if uid: > + uid_pool_entries.append("{}:{}".format(entry, uid)) > + > + gid_pool_entries = [] > + seen_groups = set() > + for entry in (d.getVar("GROUPS") or "").split(): > + if entry in seen_groups: > + continue > + seen_groups.add(entry) > + group_entry = "GROUP_{}".format(entry) > + gid = d.getVarFlag(group_entry, "gid") or "" > + if gid: > + gid_pool_entries.append("{}:{}".format(entry, gid)) > + > + if not uid_pool_entries and not gid_pool_entries: > + return > + > + if uid_pool_entries: > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.write("\n".join(uid_pool_entries) + "\n") > + tmp = f.name > + bb.process.run( > + ["sudo", "cp", tmp, "{}{}".format(rootfsdir, uid_pool_path)]) > + bb.process.run( > + ["sudo", "chmod", "644", "{}{}".format(rootfsdir, uid_pool_path)]) > + os.unlink(tmp) > + > + if gid_pool_entries: > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.write("\n".join(gid_pool_entries) + "\n") > + tmp = f.name > + bb.process.run( > + ["sudo", "cp", tmp, "{}{}".format(rootfsdir, gid_pool_path)]) > + bb.process.run( > + ["sudo", "chmod", "644", "{}{}".format(rootfsdir, gid_pool_path)]) > + os.unlink(tmp) > + > + # Create /etc/adduser.conf with the upstream default content plus pool > + # directives. We use --force-confold during package installation so that > + # dpkg keeps this version when the adduser package is installed. > + conf_lines = [] > + conf_lines.append("# /etc/adduser.conf: `adduser' configuration.") > + conf_lines.append("# See adduser(8) and adduser.conf(5) for full documentation.") > + conf_lines.append("") > + if uid_pool_entries: > + conf_lines.append("UID_POOL={}".format(uid_pool_path)) > + if gid_pool_entries: > + conf_lines.append("GID_POOL={}".format(gid_pool_path)) > + > + with tempfile.NamedTemporaryFile(mode="w", delete=False) as f: > + f.write("\n".join(conf_lines) + "\n") > + tmp = f.name > + bb.process.run(["sudo", "cp", tmp, adduser_conf]) > + bb.process.run(["sudo", "chmod", "644", adduser_conf]) > + os.unlink(tmp) > + > + > +# Work-around: pre-create /etc/adduser.conf with pool directives and use > +# --force-confold so dpkg keeps our version when the adduser package is > +# installed. This is needed because adduser does not support loading > +# configuration from /etc/adduser.conf.d/ or from environment variables. > +ROOTFS_APT_ARGS += "-o DPkg::Options::=--force-confold" > + > +ROOTFS_CONFIGURE_COMMAND += "image_configure_adduser_pools" > +image_configure_adduser_pools[vardeps] += "USERS GROUPS" > +python image_configure_adduser_pools() { > + configure_adduser_pools(d) > +} > + > ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" > image_postprocess_accounts[vardeps] += "USERS GROUPS" > python image_postprocess_accounts() { -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/bc1f5efb-40ab-4740-b659-327709d4079b%40siemens.com.