base-passwd/useradd: Various improvements to useradd with RSS
Currently there are multiple issues with useradd: * If base-passwd rebuilds, it wipes out recipe specific user/group additions to sysroots and causes errors * If recipe A adds a user and recipe B depends on A, it can't see any of the users/groups A adds. This patch changes base-passwd so it always works as a postinst script within the sysroot and copies in the master files, then runs any postinst-useradd-* scripts afterwards to add additional user/groups. The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist they just exit, knowning they'll be executed later. We also add a dummy entry to the dummy passwd file from pseudo so we can avoid this too. There is a problem where if recipe A adds a user and recipe B depends on A but doesn't care about users, it may not have a dependency on the useradd/groupadd tools which would therefore not be available in B's sysroot. We therefore also tweak postinst-useradd-* scripts so that if the tools aren't present we simply don't add users. If you need the users, you add a dependency on the tools in the recipe and they'll be added. We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this kind is going to need relocation help. We also ensure that the postinst-useradd script is written into the sstate object as the current script was only being added in a recipe local way. Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces of this patch. [Yocto #11124] (From OE-Core rev: 1b5afaf437f7a1107d4edca8eeb668b9618a5488) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
053e545b9d
commit
b5c383074a
|
@ -31,7 +31,7 @@ SSTATE_DUPWHITELIST += "${STAGING_ETCDIR_NATIVE}/sgml ${STAGING_DATADIR_NATIVE}/
|
||||||
# Archive the sources for many architectures in one deploy folder
|
# Archive the sources for many architectures in one deploy folder
|
||||||
SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}"
|
SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}"
|
||||||
|
|
||||||
SSTATE_SCAN_FILES ?= "*.la *-config *_config"
|
SSTATE_SCAN_FILES ?= "*.la *-config *_config postinst-*"
|
||||||
SSTATE_SCAN_CMD ??= 'find ${SSTATE_BUILDDIR} \( -name "${@"\" -o -name \"".join(d.getVar("SSTATE_SCAN_FILES").split())}" \) -type f'
|
SSTATE_SCAN_CMD ??= 'find ${SSTATE_BUILDDIR} \( -name "${@"\" -o -name \"".join(d.getVar("SSTATE_SCAN_FILES").split())}" \) -type f'
|
||||||
SSTATE_SCAN_CMD_NATIVE ??= 'grep -Irl -e ${RECIPE_SYSROOT} -e ${RECIPE_SYSROOT_NATIVE} ${SSTATE_BUILDDIR}'
|
SSTATE_SCAN_CMD_NATIVE ??= 'grep -Irl -e ${RECIPE_SYSROOT} -e ${RECIPE_SYSROOT_NATIVE} ${SSTATE_BUILDDIR}'
|
||||||
|
|
||||||
|
|
|
@ -106,6 +106,21 @@ useradd_sysroot () {
|
||||||
# before do_prepare_recipe_sysroot
|
# before do_prepare_recipe_sysroot
|
||||||
D=${STAGING_DIR_TARGET}
|
D=${STAGING_DIR_TARGET}
|
||||||
|
|
||||||
|
# base-passwd's postinst may not have run yet in which case we'll get called later, just exit.
|
||||||
|
# Beware that in some cases we might see the fake pseudo passwd here, in which case we also must
|
||||||
|
# exit.
|
||||||
|
if [ ! -f $D${sysconfdir}/passwd ] ||
|
||||||
|
grep -q this-is-the-pseudo-passwd $D${sysconfdir}/passwd; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# It is also possible we may be in a recipe which doesn't have useradd dependencies and hence the
|
||||||
|
# useradd/groupadd tools are unavailable. If there is no dependency, we assume we don't want to
|
||||||
|
# create users in the sysroot
|
||||||
|
if ! command -v useradd; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
# Add groups and users defined for all recipe packages
|
# Add groups and users defined for all recipe packages
|
||||||
GROUPADD_PARAM="${@get_all_cmd_params(d, 'groupadd')}"
|
GROUPADD_PARAM="${@get_all_cmd_params(d, 'groupadd')}"
|
||||||
USERADD_PARAM="${@get_all_cmd_params(d, 'useradd')}"
|
USERADD_PARAM="${@get_all_cmd_params(d, 'useradd')}"
|
||||||
|
@ -122,6 +137,7 @@ python useradd_sysroot_sstate () {
|
||||||
if task == "package_setscene":
|
if task == "package_setscene":
|
||||||
bb.build.exec_func("useradd_sysroot", d)
|
bb.build.exec_func("useradd_sysroot", d)
|
||||||
elif task == "prepare_recipe_sysroot":
|
elif task == "prepare_recipe_sysroot":
|
||||||
|
# Used to update this recipe's own sysroot so the user/groups are available to do_install
|
||||||
scriptfile = d.expand("${RECIPE_SYSROOT}${bindir}/postinst-useradd-${PN}")
|
scriptfile = d.expand("${RECIPE_SYSROOT}${bindir}/postinst-useradd-${PN}")
|
||||||
bb.utils.mkdirhier(os.path.dirname(scriptfile))
|
bb.utils.mkdirhier(os.path.dirname(scriptfile))
|
||||||
with open(scriptfile, 'w') as script:
|
with open(scriptfile, 'w') as script:
|
||||||
|
@ -130,12 +146,23 @@ python useradd_sysroot_sstate () {
|
||||||
script.write("useradd_sysroot\n")
|
script.write("useradd_sysroot\n")
|
||||||
os.chmod(scriptfile, 0o755)
|
os.chmod(scriptfile, 0o755)
|
||||||
bb.build.exec_func("useradd_sysroot", d)
|
bb.build.exec_func("useradd_sysroot", d)
|
||||||
|
elif task == "populate_sysroot":
|
||||||
|
# Used when installed in dependent task sysroots
|
||||||
|
scriptfile = d.expand("${SYSROOT_DESTDIR}${bindir}/postinst-useradd-${PN}")
|
||||||
|
bb.utils.mkdirhier(os.path.dirname(scriptfile))
|
||||||
|
with open(scriptfile, 'w') as script:
|
||||||
|
script.write("#!/bin/sh\n")
|
||||||
|
bb.data.emit_func("useradd_sysroot", script, d)
|
||||||
|
script.write("useradd_sysroot\n")
|
||||||
|
os.chmod(scriptfile, 0o755)
|
||||||
}
|
}
|
||||||
|
|
||||||
do_prepare_recipe_sysroot[postfuncs] += "${SYSROOTFUNC}"
|
do_prepare_recipe_sysroot[postfuncs] += "${SYSROOTFUNC}"
|
||||||
SYSROOTFUNC_class-target = "useradd_sysroot_sstate"
|
SYSROOTFUNC_class-target = "useradd_sysroot_sstate"
|
||||||
SYSROOTFUNC = ""
|
SYSROOTFUNC = ""
|
||||||
|
|
||||||
|
SYSROOT_PREPROCESS_FUNCS += "${SYSROOTFUNC}"
|
||||||
|
|
||||||
SSTATEPREINSTFUNCS_append_class-target = " useradd_sysroot_sstate"
|
SSTATEPREINSTFUNCS_append_class-target = " useradd_sysroot_sstate"
|
||||||
|
|
||||||
do_package_setscene[depends] += "${USERADDSETSCENEDEPS}"
|
do_package_setscene[depends] += "${USERADDSETSCENEDEPS}"
|
||||||
|
|
|
@ -43,16 +43,32 @@ do_install () {
|
||||||
install -p -m 644 ${S}/debian/copyright ${D}${docdir}/${BPN}/
|
install -p -m 644 ${S}/debian/copyright ${D}${docdir}/${BPN}/
|
||||||
}
|
}
|
||||||
|
|
||||||
|
basepasswd_sysroot_postinst() {
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Install passwd.master and group.master to sysconfdir
|
||||||
|
install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
|
||||||
|
for i in passwd group; do
|
||||||
|
install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
|
||||||
|
${STAGING_DIR_TARGET}${sysconfdir}/\$i
|
||||||
|
done
|
||||||
|
|
||||||
|
# Run any useradd postinsts
|
||||||
|
for script in ${STAGING_DIR_TARGET}${bindir}/postinst-useradd-*; do
|
||||||
|
if [ -f \$script ]; then
|
||||||
|
\$script
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
SYSROOT_DIRS += "${sysconfdir}"
|
SYSROOT_DIRS += "${sysconfdir}"
|
||||||
SYSROOT_PREPROCESS_FUNCS += "base_passwd_tweaksysroot"
|
SYSROOT_PREPROCESS_FUNCS += "base_passwd_tweaksysroot"
|
||||||
|
|
||||||
base_passwd_tweaksysroot () {
|
base_passwd_tweaksysroot () {
|
||||||
# Install passwd.master and group.master to sysconfdir
|
mkdir -p ${SYSROOT_DESTDIR}${bindir}
|
||||||
install -d -m 755 ${SYSROOT_DESTDIR}${sysconfdir}
|
dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN}
|
||||||
for i in passwd group; do
|
echo "${basepasswd_sysroot_postinst}" > $dest
|
||||||
install -p -m 644 ${SYSROOT_DESTDIR}${datadir}/base-passwd/$i.master \
|
chmod 0755 $dest
|
||||||
${SYSROOT_DESTDIR}${sysconfdir}/$i
|
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
python populate_packages_prepend() {
|
python populate_packages_prepend() {
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
root::0:0:root:/home/root:/bin/sh
|
root::0:0:root:/home/root:/bin/sh
|
||||||
|
pseudopasswd:*:1:1:this-is-the-pseudo-passwd:/nonexistent:/bin/sh
|
||||||
nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
|
nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
|
||||||
|
|
Loading…
Reference in New Issue