From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7094274201591218176
X-Received: by 2002:adf:ded2:0:b0:20c:55cc:ab3e with SMTP id i18-20020adfded2000000b0020c55ccab3emr20413805wrn.376.1651767505823;
        Thu, 05 May 2022 09:18:25 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:600c:1c9a:b0:393:e698:3558 with SMTP id
 k26-20020a05600c1c9a00b00393e6983558ls2479525wms.0.gmail; Thu, 05 May 2022
 09:18:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyyOfIv4uGHap6/iatpcwyjpAJA4yJPy4OC3ZEUDv/p5Mt8g0Dd8EDOG64HulH9EO4XgznJ
X-Received: by 2002:a05:600c:1547:b0:394:2eec:5d6e with SMTP id f7-20020a05600c154700b003942eec5d6emr5588580wmg.79.1651767504916;
        Thu, 05 May 2022 09:18:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651767504; cv=none;
        d=google.com; s=arc-20160816;
        b=hkWEL/aVK8u7fo3Y/9M+rrcEzu6ofb834tOeADRhjTO34yI+WKY8ABNuLlF/xXqO+p
         mjyGyQ9E4yK6rFDVE6xF5TGqHO0vA6Xj6ek7o/xR8eNRPKv5Tqvrv8vmuBLDQlilxxkX
         45A6y8k8tdsqvC46udTck6XQqhT5+3a7xqLYs7MI8T9OTXzGeCZcbVRblXby5qbp/Sw0
         kSO6jaJdEbEiE1StU1MoCk44mRhfOWZsXeqyBf5Y48npMJEUG6+7UDWK1Jx0UANSgBHe
         g6gL3AOF2QisYTxSyGsFgsiUpp5af/R2OV8QbVC3LI6Q1FtDwNYtGrvGBiHllrDPWxbw
         E11w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:organization:from:references
         :to:content-language:subject:user-agent:mime-version:date:message-id
         :dkim-signature;
        bh=jHhib2QF3HFFseQDbOc50ESUEu1r75xD0LoL40W3wVc=;
        b=aKLnfqgyT1NdP8kwULqKBTlI9WnOlMB3yGvenF/NF/5gxUvMKjQs0v6tx8yHmmDC8W
         sSb9CIUpP5nxhSEHl+fTs83lse/QGu+nUOSFPLpRBDzFRO8I2/vm8mh+q5OWS4zktm9Z
         /xD8G3HdNAI1ZaW7vNXHUhMpjPbCSBW/ieSFJm3vDUAmlnvFh9UhCvwgOJVWzhKXiHZs
         yVxJouhKOsUXIMjBVicZNrCxWBi0Fx/WXftrRGKO2c0rAwCsNhhckZS2puvxxawe/k/Z
         rCFAhZp9JQi5Wx5NGXX7cspML2KCnTm5XVL4UstjgAwziu6z8FRbfxTxxeIfTSveRt0C
         72sw==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@denx.de header.s=phobos-20191101 header.b=iNZR+nvK;
       spf=pass (google.com: domain of ch@denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=ch@denx.de
Return-Path: <ch@denx.de>
Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01])
        by gmr-mx.google.com with ESMTPS id z6-20020a056000110600b0020c71ce1c26si76538wrw.6.2022.05.05.09.18.24
        for <isar-users@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 05 May 2022 09:18:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of ch@denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01;
Authentication-Results: gmr-mx.google.com;
       dkim=pass header.i=@denx.de header.s=phobos-20191101 header.b=iNZR+nvK;
       spf=pass (google.com: domain of ch@denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=ch@denx.de
Received: from [10.88.0.104] (dslb-088-074-220-140.088.074.pools.vodafone-ip.de [88.74.220.140])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ch@denx.de)
	by phobos.denx.de (Postfix) with ESMTPSA id 56CC983FC3;
	Thu,  5 May 2022 18:18:24 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de;
	s=phobos-20191101; t=1651767504;
	bh=jHhib2QF3HFFseQDbOc50ESUEu1r75xD0LoL40W3wVc=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=iNZR+nvKhw578qrgJBFSv2RXXIJ7Yn0K/8CUoMkkV8OwDvImdjdo+MT072Zznk0M4
	 BMqpikuibjdifSWh2dyYQntv8RpPSfSZtebmqIqfsLG8TiGhBoUtm8CqTGnhN+Yzur
	 myaznHg1fZYPr1SZB/+d1hd+VlieVWgn44KS8kLQAAelpOlfYPaNHT/EbwEx7qKlcu
	 GTbSiK/7/jU5W2OG5D0I+NyFby7Cyu4EQH1bCxVLQXZbe0qU9aTXDTAIn9MKZXP9o8
	 Emt1qj9eOOOlMibn3rSuF3+zgp91m2cMX6eCTE4eivvHRiOk5BVhtulz4tkGgxau0z
	 +4DmYsAVOJ7kw==
Message-ID: <f4bcbf05-12ed-6c94-57d8-3808482068f6@denx.de>
Date: Thu, 5 May 2022 18:18:23 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.8.1
Subject: Re: Expired root user
Content-Language: en-US
To: Gylstorff Quirin <quirin.gylstorff@siemens.com>,
 "Kiszka, Jan (CT RDA IOT SES-DE)" <jan.kiszka@siemens.com>,
 isar-users <isar-users@googlegroups.com>
References: <6b5d5d99-a53e-9370-c893-252ffbf0b25a@siemens.com>
From: Claudius Heine <ch@denx.de>
Organization: Denx Software Engineering
In-Reply-To: <6b5d5d99-a53e-9370-c893-252ffbf0b25a@siemens.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean
X-TUID: ZLyNI3jSiQc6

Hi Quirin,

On 2022-05-05 17:27, Gylstorff Quirin wrote:
[...]
> 
> Possible solutions are:
> - moving the account creation / modification to the rootfs postprocessing
> - using the systemd first boot service[3] for changing the root password
> 
> Claudius was there are reason why the accounts are created/modified 
> before installing the rootfs? You add the functionality with
> 163f50 meta/classes: add image-account-extension class

TBH, I don't remember, so I would have to guess. It might be that some 
packages that where build by isar and installed later might rely on 
those users and groups existence, but why they can not create their own 
stuff in a pre/postinst or via sysusers.d [1], I currently don't 
remember. Maybe because certain GIDs and UIDs need to fixed to specific 
users/groups over any builds, and adding them dynamically in packages 
might change them depending on the order they are installed.

I guess just moving it to the postprocess step, build some projects and 
see if anything breaks is probably necessary at this point, if you don't 
see any reason for it.

Sorry that I am not that helpful.

kind regards,
Claudius,

[1] https://manpages.debian.org/buster/systemd/sysusers.d.5.en.html