From: Nicola Lunghi <nick83ola@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH] core: fix /sbin/nologin path
Date: Thu, 31 May 2018 18:25:04 +0100 [thread overview]
Message-ID: <20180531172504.28519-1-nick83ola@gmail.com> (raw)
In some yocto recipes the /sbin/nologin path is incorrectly set to
/bin/nologin. set it to the correct path ${base_sbindir}/nologin
Signed-off-by: Nicola Lunghi <nick83ola@gmail.com>
---
meta-selftest/files/static-passwd | 20 ++++++++++----------
meta/classes/rootfs-postcommands.bbclass | 6 +++---
meta/recipes-core/systemd/systemd_237.bb | 19 +++++++++++--------
3 files changed, 24 insertions(+), 21 deletions(-)
diff --git a/meta-selftest/files/static-passwd b/meta-selftest/files/static-passwd
index 412f85d469..fe1f3247d4 100644
--- a/meta-selftest/files/static-passwd
+++ b/meta-selftest/files/static-passwd
@@ -1,11 +1,11 @@
messagebus:x:500:500::/var/lib/dbus:/bin/false
-systemd-bus-proxy:x:501:501::/:/bin/nologin
-systemd-network:x:502:502::/:/bin/nologin
-systemd-resolve:x:503:503::/:/bin/nologin
-systemd-timesync:x:504:504::/:/bin/nologin
-polkitd:x:505:505::/:/bin/nologin
-avahi:x:509:509::/:/bin/nologin
-avahi-autoipd:x:510:510::/:/bin/nologin
-rpc:x:511:511::/:/bin/nologin
-distcc:x:512:nogroup::/:/bin/nologin
-rpcuser:x:513:513::/var/lib/nfs:/bin/nologin
+systemd-bus-proxy:x:501:501::/:/sbin/nologin
+systemd-network:x:502:502::/:/sbin/nologin
+systemd-resolve:x:503:503::/:/sbin/nologin
+systemd-timesync:x:504:504::/:/sbin/nologin
+polkitd:x:505:505::/:/sbin/nologin
+avahi:x:509:509::/:/sbin/nologin
+avahi-autoipd:x:510:510::/:/sbin/nologin
+rpc:x:511:511::/:/sbin/nologin
+distcc:x:512:nogroup::/:/sbin/nologin
+rpcuser:x:513:513::/var/lib/nfs:/sbin/nologin
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index a4e627fef8..0ee7391957 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -62,8 +62,8 @@ systemd_create_users () {
for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do
[ -e $conffile ] || continue
grep -v "^#" $conffile | sed -e '/^$/d' | while read type name id comment; do
- if [ "$type" = "u" ]; then
- useradd_params="--shell /sbin/nologin"
+ if [ "$type" = "u" ]; then:w
+ useradd_params="--shell ${base_sbindir}/nologin"
[ "$id" != "-" ] && useradd_params="$useradd_params --uid $id"
[ "$comment" != "-" ] && useradd_params="$useradd_params --comment $comment"
useradd_params="$useradd_params --system $name"
@@ -79,7 +79,7 @@ systemd_create_users () {
eval groupadd --root ${IMAGE_ROOTFS} --system $group
fi
if [ ! `grep -q "^${name}:" ${IMAGE_ROOTFS}${sysconfdir}/passwd` ]; then
- eval useradd --root ${IMAGE_ROOTFS} --shell /sbin/nologin --system $name
+ eval useradd --root ${IMAGE_ROOTFS} --shell ${base_sbindir}/nologin --system $name
fi
eval usermod --root ${IMAGE_ROOTFS} -a -G $group $name
fi
diff --git a/meta/recipes-core/systemd/systemd_237.bb b/meta/recipes-core/systemd/systemd_237.bb
index 7ef42b2eae..b55614158d 100644
--- a/meta/recipes-core/systemd/systemd_237.bb
+++ b/meta/recipes-core/systemd/systemd_237.bb
@@ -300,16 +300,19 @@ SYSTEMD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'binfmt', '${PN}-binfm
SYSTEMD_SERVICE_${PN}-binfmt = "systemd-binfmt.service"
USERADD_PACKAGES = "${PN} ${PN}-extra-utils"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '--system -d / -M --shell /bin/nologin systemd-journal-gateway;', '', d)}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '--system -d / -M --shell /bin/nologin systemd-journal-remote;', '', d)}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '--system -d / -M --shell /bin/nologin systemd-journal-upload;', '', d)}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system -d / -M --shell /bin/nologin systemd-timesync;', '', d)}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /bin/nologin systemd-network;', '', d)}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}"
+
+base_useradd_params = "--system -d / -M --shell ${base_sbindir}/nologin"
+
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${base_useradd_params} systemd-journal-gateway;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${base_useradd_params} systemd-journal-remote;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${base_useradd_params} systemd-journal-upload;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '${base_useradd_params} systemd-timesync;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '${base_useradd_params} systemd-network;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '${base_useradd_params} systemd-coredump;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '${base_useradd_params} systemd-resolve;', '', d)}"
USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}"
GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
-USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;"
+USERADD_PARAM_${PN}-extra-utils += "${base_useradd_params} systemd-bus-proxy;"
FILES_${PN}-analyze = "${bindir}/systemd-analyze"
--
2.17.0
next reply other threads:[~2018-05-31 17:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-31 17:25 Nicola Lunghi [this message]
2018-05-31 18:26 ` [PATCH] core: fix /sbin/nologin path Christopher Larson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180531172504.28519-1-nick83ola@gmail.com \
--to=nick83ola@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox