From: "Peter A. Bigot" <pab@pabigot.com>
To: zhangxiao <xiao.zhang@windriver.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 2/3] pseudo: provide fallback passwd and group files
Date: Wed, 12 Nov 2014 05:15:07 -0600 [thread overview]
Message-ID: <5463413B.3050902@pabigot.com> (raw)
In-Reply-To: <54630E02.3070500@windriver.com>
On 11/12/2014 01:36 AM, zhangxiao wrote:
> On 2014年11月02日 01:04, Peter A. Bigot wrote:
>> Normally pseudo is built with --without-passwd-fallback, which requires
>> that somebody provide target passwd and group files. Those come from
>> base-passwd in OE, but base-passwd cannot be built without first
>> invoking operations under pseudo that require getpw*/getgr*.
>>
>> Provide the absolute minimum stub files, matching in content what will
>> eventually be on the target, that can be used in the cases where the
>> target files are not yet available. The requirements for minimum stub
>> are the usernames and groups identified in meta/files/fs-perms.txt.
>>
>> Signed-off-by: Peter A. Bigot <pab@pabigot.com>
>> ---
>> meta/recipes-devtools/pseudo/files/fallback-group | 2 ++
>> meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
>> meta/recipes-devtools/pseudo/pseudo_1.6.2.bb | 8 ++++++++
>> 3 files changed, 11 insertions(+)
>> create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
>> create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd
>>
>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-group
>> b/meta/recipes-devtools/pseudo/files/fallback-group
>> new file mode 100644
>> index 0000000..81bf732
>> --- /dev/null
>> +++ b/meta/recipes-devtools/pseudo/files/fallback-group
>> @@ -0,0 +1,2 @@
>> +root:*:0:
>
> How about adding those two lines below?
>
> daemon:*:1:
> bin:*:2:
What's the rationale for adding these?
My intent is for pseudo to provide the absolute minimum required for the
default fs-perms.txt, not to attempt to provide everything that's in
base-passwd. If you override fs-perms.txt somehow and need those extra
groups in early build stages, I think the right approach is to also
provide your own fallback-group and fallback-passwd at the same time.
If too much gets added to these fallback specifications, we're back in
the same position of getting target files that don't match the
configuration used during build/packaging. In most cases, adding
DEPENDS += "base-passwd" is going to be the right approach to things not
being in the fallback files.
Peter
>
> Thanks
> Xiao
>
>> +mail:*:8:
>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd
>> b/meta/recipes-devtools/pseudo/files/fallback-passwd
>> new file mode 100644
>> index 0000000..c1458dc
>> --- /dev/null
>> +++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
>> @@ -0,0 +1 @@
>> +root::0:0:root:/home/root:/bin/sh
>> diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>> b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>> index fb85f89..95fd2b8 100644
>> --- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>> +++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>> @@ -5,9 +5,17 @@ SRC_URI = " \
>> file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
>> file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
>> file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch \
>> + file://fallback-passwd \
>> + file://fallback-group \
>> "
>>
>> SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
>> SRC_URI[sha256sum] =
>> "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
>>
>> PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
>> +
>> +do_install_append_class-native () {
>> + install -d ${D}${sysconfdir}
>> + install -m 644 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
>> + install -m 644 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
>> +}
>>
next prev parent reply other threads:[~2014-11-12 11:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-01 17:04 [PATCH 0/3] prevent pseudo host passwd/group contamination Peter A. Bigot
2014-11-01 17:04 ` [PATCH 1/3] pseudo: default --without-passwd-fallback Peter A. Bigot
2014-11-14 16:16 ` Burton, Ross
2014-11-14 16:47 ` Peter A. Bigot
2014-11-14 17:08 ` Peter A. Bigot
2014-11-14 17:34 ` Burton, Ross
2014-11-15 16:20 ` Peter A. Bigot
2014-11-01 17:04 ` [PATCH 2/3] pseudo: provide fallback passwd and group files Peter A. Bigot
2014-11-12 7:36 ` zhangxiao
2014-11-12 11:15 ` Peter A. Bigot [this message]
2014-11-13 2:31 ` zhangxiao
2014-11-13 3:04 ` Peter A. Bigot
2014-11-13 3:28 ` zhangxiao
2014-11-01 17:04 ` [PATCH 3/3] bitbake.conf: pseudo fall back to last-resort passwd files Peter A. Bigot
2014-11-03 18:55 ` [PATCH 0/3] prevent pseudo host passwd/group contamination Peter Seebach
2014-11-03 23:16 ` Burton, Ross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5463413B.3050902@pabigot.com \
--to=pab@pabigot.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=xiao.zhang@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox