From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 4/7] useradd.bbclass: new class for managing user/group permissions
Date: Tue, 28 Jun 2011 14:04:55 +0100 [thread overview]
Message-ID: <1309266295.20015.287.camel@rex> (raw)
In-Reply-To: <9591788655a4de97cc5f6a0fd98e742e3ebcab23.1307058256.git.scott.a.garman@intel.com>
Hi Scott,
Sorry its taken me a while to get to this. Some comments below.
On Thu, 2011-06-02 at 16:50 -0700, Scott Garman wrote:
> This class is to be used by recipes that need to set up specific
> user/group accounts and set custom file/directory permissions.
>
> Signed-off-by: Scott Garman <scott.a.garman@intel.com>
> ---
> meta/classes/useradd.bbclass | 163 ++++++++++++++++++++++++++++++++++++++++++
> 1 files changed, 163 insertions(+), 0 deletions(-)
> create mode 100644 meta/classes/useradd.bbclass
>
> diff --git a/meta/classes/useradd.bbclass b/meta/classes/useradd.bbclass
> new file mode 100644
> index 0000000..3f07e5e
> --- /dev/null
> +++ b/meta/classes/useradd.bbclass
> @@ -0,0 +1,163 @@
> +USERADDPN ?= "${PN}"
> +
> +# base-passwd-cross provides the default passwd and group files in the
> +# target sysroot, and shadow-native provides the utilities needed to
> +# add and modify user and group accounts
> +DEPENDS_append = " base-passwd shadow-native"
> +RDEPENDS_${USERADDPN}_append = " base-passwd shadow"
> +
> +PSEUDO="${STAGING_DIR_NATIVE}/usr/bin/pseudo"
> +export PSEUDO
For reference this can be done with:
export PSEUDO = "${STAGING_DIR_NATIVE}/usr/bin/pseudo"
> +PSEUDO_LOCALSTATEDIR="${STAGING_DIR_TARGET}/var/pseudo"
> +export PSEUDO_LOCALSTATEDIR
I'm a little bit puzzled at this point. This is changing the default
PSEUDO state directory to be one shared by many other users rather than
the default of the one in workdir. Is that really what you intend here?
I guess the question is whether we need to preserve these users in the
sysroot or whether preserving them for the install/package/package_write
cycle is enough.
Since tasks don't share the same pseudo context by default, I suspect
we're not preserving users for the sysroot anyhow?
> +PSEUDO_PASSWD = "${STAGING_DIR_TARGET}"
> +export PSEUDO_PASSWD
Should we set this by default as part of the pseudo options in
bitbake.conf?
> +useradd_preinst () {
> +OPT=""
> +SYSROOT=""
> +
> +if test "x$D" != "x"; then
> + # Installing into a sysroot
> + SYSROOT="${STAGING_DIR_TARGET}"
> + OPT="--root ${STAGING_DIR_TARGET}"
> +
> + # Add groups and users defined for all recipe packages
> + GROUPADD_PARAM="${@get_all_cmd_params(d, 'group')}"
> + USERADD_PARAM="${@get_all_cmd_params(d, 'user')}"
> +else
> + # Installing onto a target
> + PSEUDO=""
> +
> + # Add groups and users defined only for this package
> + GROUPADD_PARAM="${GROUPADD_PARAM}"
> + USERADD_PARAM="${USERADD_PARAM}"
> +fi
> +
> +# Perform group additions first, since user additions may depend
> +# on these groups existing
> +if test "x$GROUPADD_PARAM" != "x"; then
> + echo "Running groupadd commands..."
> + # Invoke multiple instances of groupadd for parameter lists
> + # separated by ';'
> + opts=`echo "$GROUPADD_PARAM" | cut -d ';' -f 1`
> + remaining=`echo "$GROUPADD_PARAM" | cut -d ';' -f 2-`
> + while test "x$opts" != "x"; do
> + eval $PSEUDO groupadd -f $OPT $opts
If this task is already running under pseudo, do we specifically need to
run under pseudo here? Is it not already running under pseudo when
needed?
> + if test "x$opts" = "x$remaining"; then
> + break
> + fi
> + opts=`echo "$remaining" | cut -d ';' -f 1`
> + remaining=`echo "$remaining" | cut -d ';' -f 2-`
> + done
> +fi
> +
> +if test "x$USERADD_PARAM" != "x"; then
> + echo "Running useradd commands..."
> + # Invoke multiple instances of useradd for parameter lists
> + # separated by ';'
> + opts=`echo "$USERADD_PARAM" | cut -d ';' -f 1`
> + remaining=`echo "$USERADD_PARAM" | cut -d ';' -f 2-`
> + while test "x$opts" != "x"; do
> + # useradd does not have a -f option, so we have to check if the
> + # username already exists manually
> + username=`echo "$opts" | awk '{ print $NF }'`
> + user_exists=`grep "^$username:" $SYSROOT/etc/passwd || true`
> + if test "x$user_exists" = "x"; then
> + eval $PSEUDO useradd $OPT $opts
> + else
> + echo "Note: username $username already exists, not re-creating it"
> + fi
> +
> + if test "x$opts" = "x$remaining"; then
> + break
> + fi
> + opts=`echo "$remaining" | cut -d ';' -f 1`
> + remaining=`echo "$remaining" | cut -d ';' -f 2-`
> + done
> +fi
> +}
> +
> +useradd_sysroot () {
> + # Explicitly set $D since it isn't set to anything
> + # before do_install
> + D=${D}
> + useradd_preinst
> +}
> +
> +useradd_sysroot_sstate () {
> + if [ "${BB_CURRENTTASK}" = "populate_sysroot_setscene" ]
> + then
> + useradd_sysroot
> + fi
> +}
> +
> +do_install[prefuncs] += "useradd_sysroot"
> +SSTATEPOSTINSTFUNCS += "useradd_sysroot_sstate"
> +
> +# Recipe parse-time sanity checks
> +def update_useradd_after_parse(d):
> + if bb.data.getVar('USERADD_PACKAGES', d) == None:
> + if bb.data.getVar('USERADD_PARAM', d) == None and bb.data.getVar('GROUPADD_PARAM', d) == None:
> + raise bb.build.FuncFailed, "%s inherits useradd but doesn't set USERADD_PARAM or GROUPADD_PARAM" % bb.data.getVar('FILE', d)
> +
> +python __anonymous() {
> + update_useradd_after_parse(d)
> +}
> +
> +# Return a single [GROUP|USER]ADD_PARAM formatted string which includes the
> +# [group|user]add parameters for all packages in this recipe
> +def get_all_cmd_params(d, cmd_type):
> + import string
> +
> + localdata = bb.data.createCopy(d)
> + param_type = cmd_type.upper() + "ADD_PARAM_%s"
> + params = []
> +
> + pkgs = bb.data.getVar('USERADD_PACKAGES', d, 1)
Please use True, not 1. Its also simpler to use:
d.getVar('USERADD_PACKAGES', True)
> + if pkgs == None:
if not pkgs:
> + pkgs = bb.data.getVar('USERADDPN', d, 1)
> + packages = (bb.data.getVar('PACKAGES', d, 1) or "").split()
> + if not pkgs in packages and packages != []:
if packages and pkgs not in packages:
> + pkgs = packages[0]
> +
> + for pkg in pkgs.split():
> + param = bb.data.getVar(param_type % pkg, localdata, 1)
> + params.append(param)
> +
> + return string.join(params, "; ")
> +
> +# Adds the preinst script into generated packages
> +fakeroot python populate_packages_prepend () {
> + def update_useradd_package(pkg):
> + bb.debug(1, 'adding user/group calls to preinst for %s' % pkg)
> + localdata = bb.data.createCopy(d)
> + overrides = bb.data.getVar("OVERRIDES", localdata, 1)
> + bb.data.setVar("OVERRIDES", "%s:%s" % (pkg, overrides), localdata)
> + bb.data.update_data(localdata)
> +
> + """
> + useradd preinst is appended here because pkg_preinst may be
> + required to execute on the target. Not doing so may cause
> + useradd preinst to be invoked twice, causing unwanted warnings.
> + """
> + preinst = bb.data.getVar('pkg_preinst', localdata, 1)
> + if not preinst:
> + preinst = '#!/bin/sh\n'
> + preinst += bb.data.getVar('useradd_preinst', localdata, 1)
> + bb.data.setVar('pkg_preinst_%s' % pkg, preinst, d)
> +
> + # We add the user/group calls to all packages to allow any package
> + # to contain files owned by the users/groups defined in the recipe.
> + # The user/group addition code is careful not to create duplicate
> + # entries, so this is safe.
> + pkgs = bb.data.getVar('USERADD_PACKAGES', d, 1)
> + if pkgs == None:
> + pkgs = bb.data.getVar('USERADDPN', d, 1)
> + packages = (bb.data.getVar('PACKAGES', d, 1) or "").split()
> + if not pkgs in packages and packages != []:
> + pkgs = packages[0]
> + for pkg in pkgs.split():
> + update_useradd_package(pkg)
> +}
Cheers,
Richard
next prev parent reply other threads:[~2011-06-28 13:08 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-02 23:50 [PATCH 0/7] User/group creation at preinstall v2 Scott Garman
2011-06-02 23:50 ` [PATCH 1/7] shadow: recipe and patch cleanup Scott Garman
2011-06-02 23:50 ` [PATCH 2/7] shadow: add a -native recipe with customized utilities Scott Garman
2011-06-02 23:50 ` [PATCH 3/7] base-passwd: populate the target sysroot with passwd/group/login.defs Scott Garman
2011-06-09 20:50 ` Koen Kooi
2011-06-09 21:23 ` Scott Garman
2011-06-09 21:25 ` Koen Kooi
2011-06-09 21:29 ` Scott Garman
2011-06-10 22:22 ` shadow errors related to login.defs Scott Garman
2011-06-10 22:38 ` Koen Kooi
2011-06-02 23:50 ` [PATCH 4/7] useradd.bbclass: new class for managing user/group permissions Scott Garman
2011-06-28 13:04 ` Richard Purdie [this message]
2011-06-28 14:42 ` Mark Hatle
2011-06-29 14:22 ` Richard Purdie
2011-06-29 1:20 ` Scott Garman
2011-06-02 23:50 ` [PATCH 5/7] useradd-example: example recipe for using inherit useradd Scott Garman
2011-06-02 23:50 ` [PATCH 6/7] bitbake.conf: set PSEUDO_PASSWD within FAKEROOTENV Scott Garman
2011-06-02 23:50 ` [PATCH 7/7] package_rpm.bbclass: make RPM use on-disk permissions Scott Garman
-- strict thread matches above, loose matches on Subject: below --
2011-05-31 19:53 [PATCH 0/7] User/group creation at preinstall Scott Garman
2011-05-31 19:53 ` [PATCH 4/7] useradd.bbclass: new class for managing user/group permissions Scott Garman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1309266295.20015.287.camel@rex \
--to=richard.purdie@linuxfoundation.org \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox