From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6691586504498610176 X-Received: by 2002:a7b:c444:: with SMTP id l4mr4553959wmi.15.1559287781236; Fri, 31 May 2019 00:29:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:9d45:: with SMTP id g66ls2108283wme.1.gmail; Fri, 31 May 2019 00:29:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqxpoWaL9AKdN3HsLoZIUGU2ifInU1s1b1fr5sjcnc4PvMTkBWVtoD1oViKgJYvc/TYpgC4w X-Received: by 2002:a1c:9602:: with SMTP id y2mr4871670wmd.115.1559287780679; Fri, 31 May 2019 00:29:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559287780; cv=none; d=google.com; s=arc-20160816; b=a1OTx6Whv6EWoaFDvFk80o+W8rME9MTlsEfijSuxPDFKgLCJDZC1nJ8Nbrkwq6NUbW Fy2+tyMj+h10EQduhMuibUnpv91H8Xj/y/E09WQVIQvoJz4QmjOs0Y2Tdu/JPlCrfhji /ON9eLokqoAuADRoe03CBfShnVAj1JwLk98G4RnfBOMfuUYJHvVGi1xe4u5wflBwM4LA 4xUe1KO16wn+6IGWRfz5gcaAy1DsTHPGjanCnrjxkr//3lPpTSbNmf4j+FTPlBTj8g8m qPkxxvRYIaLszcUoea9bXrX4QBXvhtt2UNYqm0mUc1GpJsHCGp9EiL7SkIfdvB1+ajbm v0qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=yJz5F73KKdTjQezS0I1SvJxSiFaGCB9FCSPD6UuNqNk=; b=BaEBMAsYiIKrMSA/voEt2gDhXzRM53n1hrSN+mqybHsyL3k3v9+0Tu2KiSvlKEphAt MM6jnGu5iA+G9pAi1ay2pI5GJHzGZ2YSln2uI1NQa9WzwXefiEdx5DuBHL/0+AvTn+3g Kcvq99e3ywoPM2oHTm0uOzcCEF02ZTd0P/gYzmvcJsoxtE/afclbfF8yxa586u19TopH tTTvmxMBe0JCb8gstACSXp4eBzFgX1CqoWcY/KUcrrvjJJjKIE1HReszGRDy/tEQme48 +8V8ion4cXSN7hR1mKmzgfqCOMvTR+4yhxgTwyAqnL1ZzmwDw4SwIsvyvrsWc9/kYJda /qfg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id y70si529875wmd.0.2019.05.31.00.29.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 31 May 2019 00:29:40 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x4V7TdC8031286 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 31 May 2019 09:29:39 +0200 Received: from [139.22.34.37] ([139.22.34.37]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x4V7Tcg2012919; Fri, 31 May 2019 09:29:38 +0200 Subject: Re: [PATCH v4 4/8] meta/classes: add image-account-extension class To: "[ext] claudius.heine.ext@siemens.com" , isar-users@googlegroups.com Cc: Claudius Heine References: <20190523145521.23050-1-claudius.heine.ext@siemens.com> <20190523145521.23050-5-claudius.heine.ext@siemens.com> From: Jan Kiszka Message-ID: Date: Fri, 31 May 2019 09:29:38 +0200 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <20190523145521.23050-5-claudius.heine.ext@siemens.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: 7UXTAff8eByp On 23.05.19 16:55, [ext] claudius.heine.ext@siemens.com wrote: > From: Claudius Heine > > This class allows to configure user and group accounts of the image. > > Groups or users that should be configured/created are added into the > `GROUPS` or `USERS` variable. > > The configuration itself is then added to each groups or users > `GROUP_` or `USER_` flags. > > The flags available for groups are `gid` and `flags`. The `flags` > variable contains some additional options for the group. With this patch > only `system` is supported for groups, allowing to create groups with > `groupadd` with the `--system` parameter. > > The flags available for users are `password`, `expire`, `inactive`, > `uid`, `gid`, `comment`, `home`, `shell`, `groups` and `flags`. The > additional flags for users are `no-create-home`, `create-home`, `system` > and `allow-empty-password`. > > Signed-off-by: Claudius Heine > --- > meta/classes/image-account-extension.bbclass | 257 +++++++++++++++++++ > meta/classes/image.bbclass | 1 + > 2 files changed, 258 insertions(+) > create mode 100644 meta/classes/image-account-extension.bbclass > > diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass > new file mode 100644 > index 0000000..22754da > --- /dev/null > +++ b/meta/classes/image-account-extension.bbclass > @@ -0,0 +1,257 @@ > +# This software is a part of ISAR. > +# Copyright (C) Siemens AG, 2019 > +# > +# SPDX-License-Identifier: MIT > +# > +# This class extends the image.bbclass for creating user accounts and groups. > + > +USERS ??= "" > + > +#USERS += "root" > +#USER_root[password] = "" # Encrypted password > +#USER_root[expire] = "" > +#USER_root[inactive] = "" > +#USER_root[uid] = "" > +#USER_root[gid] = "" # If first character is a number: gid, otherwise groupname > +#USER_root[comment] = "The ultimate root user" > +#USER_root[home] = "/home/root" > +#USER_root[shell] = "/bin/sh" > +#USER_root[groups] = "audio video" > +#USER_root[flags] = "no-create-home create-home system allow-empty-password" > + > +GROUPS ??= "" > + > +#GROUPS += "root" > +#GROUP_root[gid] = "" > +#GROUP_root[flags] = "system" > + > +def gen_accounts_array(d, listname, entryname, flags, verb_flags=None): > + from itertools import chain > + > + entries = (d.getVar(listname, True) or "").split() > + return " ".join( > + ":".join( > + chain( > + (entry,), > + ( > + (",".join( > + ( > + d.getVarFlag(entryname + "_" + entry, flag, True) or "" > + ).split() > + ) if flag not in (verb_flags or []) else ( > + d.getVarFlag(entryname + "_" + entry, flag, True) or "" > + )).replace(":","=") > + for flag in flags > + ), > + ) > + ) > + for entry in entries > + ) > + > +# List of space separated entries, where each entry has the format: > +# username:encryptedpassword:expiredate:inactivenumber:userid:groupid:comment:homedir:shell:group1,group2:flag1,flag2 > +IMAGE_ACCOUNTS_USERS =+ "${@gen_accounts_array(d, 'USERS', 'USER', ['password', 'expire', 'inactive', 'uid', 'gid', 'comment', 'home', 'shell', 'groups', 'flags'], ['password', 'comment', 'home', 'shell'])}" > + > +# List of space separated entries, where each entry has the format: > +# groupname:groupid:flag1,flag2 > +IMAGE_ACCOUNTS_GROUPS =+ "${@gen_accounts_array(d, 'GROUPS', 'GROUP', ['gid', 'flags'])}" > + > +ROOTFS_CONFIGURE_COMMAND += "image_configure_accounts" > +image_configure_accounts[weight] = "3" > +image_configure_accounts() { > + # Create groups > + # Add space to the end of the list: > + list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_GROUPS', True).split())} ' > + while true; do > + # Pop first group entry: > + list_rest="${list#*:*:* }" > + entry="${list%%${list_rest}}" > + list="${list_rest}" > + > + if [ -z "${entry}" ]; then > + break > + fi > + > + # Add colon to the end of the entry and remove trailing space: > + entry="${entry% }:" > + > + # Decode entries: > + name="${entry%%:*}" > + entry="${entry#${name}:}" > + > + gid="${entry%%:*}" > + entry="${entry#${gid}:}" > + > + flags="${entry%%:*}" > + entry="${entry#${flags}:}" > + > + flags=",${flags}," # Needed for searching for substrings > + > + # Check if user already exists: > + if grep -q "^${name}:" '${ROOTFSDIR}/etc/group'; then > + exists="y" > + else > + exists="n" > + fi > + > + # Create arguments: > + set -- # clear arguments > + > + if [ -n "$gid" ]; then > + set -- "$@" --gid "$gid" > + fi > + > + if [ "n" = "$exists" ]; then > + if [ "${flags}" != "${flags%*,system,*}" ]; then > + set -- "$@" --system > + fi > + fi > + > + # Create or modify groups: > + if [ "y" = "$exists" ]; then > + if [ -z "$@" ]; then > + echo "Do not execute groupmod (no changes)." > + else > + echo "Execute groupmod with \"$@\" for \"$name\"" > + sudo -E chroot '${ROOTFSDIR}' \ > + /usr/sbin/groupmod "$@" "$name" > + fi > + else > + echo "Execute groupadd with \"$@\" for \"$name\"" > + sudo -E chroot '${ROOTFSDIR}' \ > + /usr/sbin/groupadd "$@" "$name" > + fi > + done > + > + # Create users > + list='${@" ".join(d.getVar('IMAGE_ACCOUNTS_USERS', True).split())} ' > + while true; do > + # Pop first user entry: > + list_rest="${list#*:*:*:*:*:*:*:*:*:*:* }" > + entry="${list%%${list_rest}}" > + list="${list_rest}" > + > + if [ -z "${entry}" ]; then > + break > + fi > + > + # Add colon to the end of the entry and remove trailing space: > + entry="${entry% }:" > + > + # Decode entries: > + name="${entry%%:*}" > + entry="${entry#${name}:}" > + > + password="${entry%%:*}" > + entry="${entry#${password}:}" > + > + expire="${entry%%:*}" > + entry="${entry#${expire}:}" > + > + inactive="${entry%%:*}" > + entry="${entry#${inactive}:}" > + > + uid="${entry%%:*}" > + entry="${entry#${uid}:}" > + > + gid="${entry%%:*}" > + entry="${entry#${gid}:}" > + > + comment="${entry%%:*}" > + entry="${entry#${comment}:}" > + > + home="${entry%%:*}" > + entry="${entry#${home}:}" > + > + shell="${entry%%:*}" > + entry="${entry#${shell}:}" > + > + groups="${entry%%:*}" > + entry="${entry#${groups}:}" > + > + flags="${entry%%:*}" > + entry="${entry#${flags}:}" > + > + flags=",${flags}," # Needed for searching for substrings > + > + # Check if user already exists: > + if grep -q "^${name}:" '${ROOTFSDIR}/etc/passwd'; then > + exists="y" > + else > + exists="n" > + fi > + > + # Create arguments: > + set -- # clear arguments > + > + if [ -n "$expire" ]; then > + set -- "$@" --expiredate "$expire" > + fi > + > + if [ -n "$inactive" ]; then > + set -- "$@" --inactive "$inactive" > + fi > + > + if [ -n "$uid" ]; then > + set -- "$@" --uid "$uid" > + fi > + > + if [ -n "$gid" ]; then > + set -- "$@" --gid "$gid" > + fi > + > + if [ -n "$comment" ]; then > + set -- "$@" --comment "$comment" > + fi > + > + if [ -n "$home" ]; then > + if [ "y" = "$exists" ]; then > + set -- "$@" --home "$home" --move-home > + else > + set -- "$@" --home-dir "$home" > + fi > + fi > + > + if [ -n "$shell" ]; then > + set -- "$@" --shell "$shell" > + fi > + > + if [ -n "$groups" ]; then > + set -- "$@" --groups "$groups" > + fi > + > + if [ "n" = "$exists" ]; then > + if [ "${flags}" != "${flags%*,system,*}" ]; then > + set -- "$@" --system > + fi > + if [ "${flags}" != "${flags%*,no-create-home,*}" ]; then > + set -- "$@" --no-create-home > + else > + if [ "${flags}" != "${flags%*,create-home,*}" ]; then > + set -- "$@" --create-home > + fi > + fi > + fi > + > + # Create or modify users: > + if [ "y" = "$exists" ]; then > + if [ -z "$@" ]; then > + echo "Do not execute usermod (no changes)." > + else > + echo "Execute usermod with \"$@\" for \"$name\"" > + sudo -E chroot '${ROOTFSDIR}' \ > + /usr/sbin/usermod "$@" "$name" > + fi > + else > + echo "Execute useradd with \"$@\" for \"$name\"" > + sudo -E chroot '${ROOTFSDIR}' \ > + /usr/sbin/useradd "$@" "$name" > + fi > + > + # Set password: > + if [ -n "$password" -o "${flags}" != "${flags%*,allow-empty-password,*}" ]; then > + printf '%s:%s' "$name" "$password" | sudo chroot '${ROOTFSDIR}' \ > + /usr/sbin/chpasswd -e > + fi > + done > +} > diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass > index dce6638..ef7983b 100644 > --- a/meta/classes/image.bbclass > +++ b/meta/classes/image.bbclass > @@ -61,6 +61,7 @@ inherit image-cache-extension > inherit image-tools-extension > inherit image-postproc-extension > inherit image-locales-extension > +inherit image-account-extension > > # Extra space for rootfs in MB > ROOTFS_EXTRA ?= "64" > Seems like we are not rebuilding the affected recipes when variables change. That's at least true for the root password I just played with. Fixable? Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux