[PATCH 0/3] prevent pseudo host passwd/group contamination

[PATCH 0/3] prevent pseudo host passwd/group contamination

[Peter A. Bigot]

I don't have my -contrib accounts yet so can't do pull requests, but
these are simple.

These patches build on the following unmerged fixes for pseudo's support
for --without-passwd-fallback:

  http://patches.openembedded.org/patch/81591/
  http://patches.openembedded.org/patch/81593/
  http://patches.openembedded.org/patch/81595/

The new patches use --without-passwd-fallback, preventing contamination
from the host files during the early build stages when the target
versions from base-passwd aren't yet available.

Experimentation with adding an explicit DEPENDS="base-passwd" showed
that approach would touch a large number of recipes.  For some of those
recipes, the dependency became circular because base-passwd includes a
target utility program that can't be built without glibc and other files
that can't be installed without the ability to look up user and group
names.

The solution chosen is to use the capability in the previous patches to
install last-resort passwd and group in ${STAGING_DIR_NATIVE}, and use
those only when the files are not present in ${STAGING_DIR_TARGET}.  The
last-resort files must contain the usernames (root) and groups (root,
mail) that are specified in meta/files/fs-perms.txt so that packaging
succeeds.  Only names required for a successful build have been provided
in these fall-back files, and the id values match those in the
base-passwd files.

I've done a clean (no sstate) core-image-sato build in poky for
beaglebone+systemd with no issues.  Further, with this patch the true
host uid/username/gid/groupname contamination noted in my email last
night has been eliminated.  Unfortunately there are still cases where
the build system gid ends up as the gid of installed files.

I believe that any issues that do arise will represent a true dependency
on base-passwd that should be added to the failing recipe.

Peter A. Bigot (3):
  pseudo: default --without-passwd-fallback
  pseudo: provide fallback passwd and group files
  bitbake.conf: pseudo fall back to last-resort passwd files

 meta/conf/bitbake.conf                             |  2 +-
 meta/recipes-devtools/pseudo/files/fallback-group  |  2 ++
 meta/recipes-devtools/pseudo/files/fallback-passwd |  1 +
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 10 +++++++++-
 4 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd

-- 
1.8.5.5

[PATCH 1/3] pseudo: default --without-passwd-fallback

[Peter A. Bigot]

No good reason exists to fall back to the build host /etc files when
attempting to resolve user and group information.  Recipe dependencies
should be updated so the correct target files are available.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
index 78eeedf..fb85f89 100644
--- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
@@ -10,4 +10,4 @@ SRC_URI = " \
 SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
 SRC_URI[sha256sum] = "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
 
-PSEUDO_EXTRA_OPTS ?= "--enable-force-async"
+PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
-- 
1.8.5.5

Re: [PATCH 1/3] pseudo: default --without-passwd-fallback

[Burton, Ross]

[-- Attachment #1: Type: text/plain, Size: 591 bytes --]

Hi Peter,

Something in this series isn't working nicely with multilib enabled.

http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=ross/pseudo is the
branch I was testing it in, hopefully I pulled in all the right pieces.

https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/102
is current master building for multilib and succeeding.

https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/105
is ross/pseudo which fails at rootfs time.

Will you be able to investigate this? (or tell me I merged the wrong
patches).

Ross

[-- Attachment #2: Type: text/html, Size: 1025 bytes --]

Re: [PATCH 1/3] pseudo: default --without-passwd-fallback

[Peter A. Bigot]

On 11/14/2014 10:16 AM, Burton, Ross wrote:
> Hi Peter,
>
> Something in this series isn't working nicely with multilib enabled.
>
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=ross/pseudo 
> is the branch I was testing it in, hopefully I pulled in all the right 
> pieces.
>
> https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/102 
> is current master building for multilib and succeeding.
>
> https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/105 
> is ross/pseudo which fails at rootfs time.
>
> Will you be able to investigate this? (or tell me I merged the wrong 
> patches).

Interesting.  I have several theories.

Can you tell me where to find the exact configurations and scripts 
necessary to replicate what the autobuilder is doing?

Peter

Re: [PATCH 1/3] pseudo: default --without-passwd-fallback

[Peter A. Bigot]

On 11/14/2014 10:47 AM, Peter A. Bigot wrote:
> On 11/14/2014 10:16 AM, Burton, Ross wrote:
>> Hi Peter,
>>
>> Something in this series isn't working nicely with multilib enabled.
>>
>> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=ross/pseudo 
>> is the branch I was testing it in, hopefully I pulled in all the 
>> right pieces.
>>
>> https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/102 
>> is current master building for multilib and succeeding.
>>
>> https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/105 
>> is ross/pseudo which fails at rootfs time.
>>
>> Will you be able to investigate this? (or tell me I merged the wrong 
>> patches).
>
> Interesting.  I have several theories.
>
> Can you tell me where to find the exact configurations and scripts 
> necessary to replicate what the autobuilder is doing?

NM; found https://wiki.yoctoproject.org/wiki/Regression_Test which seems 
to be a starting point.

Peter

Re: [PATCH 1/3] pseudo: default --without-passwd-fallback

[Burton, Ross]

[-- Attachment #1: Type: text/plain, Size: 435 bytes --]

On 14 November 2014 16:47, Peter A. Bigot <pab@pabigot.com> wrote:

> Interesting.  I have several theories.
>
> Can you tell me where to find the exact configurations and scripts
> necessary to replicate what the autobuilder is doing?
>

The yocto-autobuilder git repository has the autobuilder configurations (in
buildset.controller, iirc), which should be enough to tell you want the key
variables were.

Thanks,
Ross

[-- Attachment #2: Type: text/html, Size: 863 bytes --]

Re: [PATCH 1/3] pseudo: default --without-passwd-fallback

[Peter A. Bigot]

On 11/14/2014 10:16 AM, Burton, Ross wrote:
> Hi Peter,
>
> Something in this series isn't working nicely with multilib enabled.
>
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=ross/pseudo 
> is the branch I was testing it in, hopefully I pulled in all the right 
> pieces.
>
> https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/102 
> is current master building for multilib and succeeding.
>
> https://autobuilder.yoctoproject.org/main/builders/nightly-multilib/builds/105 
> is ross/pseudo which fails at rootfs time.
>
> Will you be able to investigate this? (or tell me I merged the wrong 
> patches).

I've identified an anomaly in how opkg sets up installation for 
multilib, about which I've starting a new discussion: it's visible with 
the pseudo changes because of the way pseudo looks for existing 
users/groups.

While investigating, I did find a misunderstanding that requires a 
couple subtle changes to the patch set.  I've updated contrib 
pabigot/pseudo to incorporate the changes so far, but there's another 
issue I also want to investigate.

Until the opkg/rpm inconsistency is resolved, please hold off on this 
series.  There are a couple minor updates in contrib pabigot/pseudo that 
will become part of an eventual V2.

Peter

[PATCH 2/3] pseudo: provide fallback passwd and group files

[Peter A. Bigot]

Normally pseudo is built with --without-passwd-fallback, which requires
that somebody provide target passwd and group files.  Those come from
base-passwd in OE, but base-passwd cannot be built without first
invoking operations under pseudo that require getpw*/getgr*.

Provide the absolute minimum stub files, matching in content what will
eventually be on the target, that can be used in the cases where the
target files are not yet available.  The requirements for minimum stub
are the usernames and groups identified in meta/files/fs-perms.txt.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
 meta/recipes-devtools/pseudo/files/fallback-group  | 2 ++
 meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 8 ++++++++
 3 files changed, 11 insertions(+)
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd

diff --git a/meta/recipes-devtools/pseudo/files/fallback-group b/meta/recipes-devtools/pseudo/files/fallback-group
new file mode 100644
index 0000000..81bf732
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/fallback-group
@@ -0,0 +1,2 @@
+root:*:0:
+mail:*:8:
diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd b/meta/recipes-devtools/pseudo/files/fallback-passwd
new file mode 100644
index 0000000..c1458dc
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
@@ -0,0 +1 @@
+root::0:0:root:/home/root:/bin/sh
diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
index fb85f89..95fd2b8 100644
--- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
@@ -5,9 +5,17 @@ SRC_URI = " \
     file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
     file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
     file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch \
+    file://fallback-passwd \
+    file://fallback-group \
 "
 
 SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
 SRC_URI[sha256sum] = "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
 
 PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
+
+do_install_append_class-native () {
+	install -d ${D}${sysconfdir}
+	install -m 644 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
+	install -m 644 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
+}
-- 
1.8.5.5

Re: [PATCH 2/3] pseudo: provide fallback passwd and group files

[zhangxiao]

On 2014年11月02日 01:04, Peter A. Bigot wrote:
> Normally pseudo is built with --without-passwd-fallback, which requires
> that somebody provide target passwd and group files.  Those come from
> base-passwd in OE, but base-passwd cannot be built without first
> invoking operations under pseudo that require getpw*/getgr*.
>
> Provide the absolute minimum stub files, matching in content what will
> eventually be on the target, that can be used in the cases where the
> target files are not yet available.  The requirements for minimum stub
> are the usernames and groups identified in meta/files/fs-perms.txt.
>
> Signed-off-by: Peter A. Bigot <pab@pabigot.com>
> ---
>   meta/recipes-devtools/pseudo/files/fallback-group  | 2 ++
>   meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
>   meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 8 ++++++++
>   3 files changed, 11 insertions(+)
>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd
>
> diff --git a/meta/recipes-devtools/pseudo/files/fallback-group b/meta/recipes-devtools/pseudo/files/fallback-group
> new file mode 100644
> index 0000000..81bf732
> --- /dev/null
> +++ b/meta/recipes-devtools/pseudo/files/fallback-group
> @@ -0,0 +1,2 @@
> +root:*:0:

How about adding those two lines below?

daemon:*:1:
bin:*:2:

Thanks
Xiao

> +mail:*:8:
> diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd b/meta/recipes-devtools/pseudo/files/fallback-passwd
> new file mode 100644
> index 0000000..c1458dc
> --- /dev/null
> +++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
> @@ -0,0 +1 @@
> +root::0:0:root:/home/root:/bin/sh
> diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
> index fb85f89..95fd2b8 100644
> --- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
> +++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
> @@ -5,9 +5,17 @@ SRC_URI = " \
>       file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
>       file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
>       file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch \
> +    file://fallback-passwd \
> +    file://fallback-group \
>   "
>
>   SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
>   SRC_URI[sha256sum] = "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
>
>   PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
> +
> +do_install_append_class-native () {
> +	install -d ${D}${sysconfdir}
> +	install -m 644 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
> +	install -m 644 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
> +}
>

Re: [PATCH 2/3] pseudo: provide fallback passwd and group files

[Peter A. Bigot]

On 11/12/2014 01:36 AM, zhangxiao wrote:
> On 2014年11月02日 01:04, Peter A. Bigot wrote:
>> Normally pseudo is built with --without-passwd-fallback, which requires
>> that somebody provide target passwd and group files.  Those come from
>> base-passwd in OE, but base-passwd cannot be built without first
>> invoking operations under pseudo that require getpw*/getgr*.
>>
>> Provide the absolute minimum stub files, matching in content what will
>> eventually be on the target, that can be used in the cases where the
>> target files are not yet available.  The requirements for minimum stub
>> are the usernames and groups identified in meta/files/fs-perms.txt.
>>
>> Signed-off-by: Peter A. Bigot <pab@pabigot.com>
>> ---
>>   meta/recipes-devtools/pseudo/files/fallback-group  | 2 ++
>>   meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
>>   meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 8 ++++++++
>>   3 files changed, 11 insertions(+)
>>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
>>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd
>>
>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-group 
>> b/meta/recipes-devtools/pseudo/files/fallback-group
>> new file mode 100644
>> index 0000000..81bf732
>> --- /dev/null
>> +++ b/meta/recipes-devtools/pseudo/files/fallback-group
>> @@ -0,0 +1,2 @@
>> +root:*:0:
>
> How about adding those two lines below?
>
> daemon:*:1:
> bin:*:2:

What's the rationale for adding these?

My intent is for pseudo to provide the absolute minimum required for the 
default fs-perms.txt, not to attempt to provide everything that's in 
base-passwd.  If you override fs-perms.txt somehow and need those extra 
groups in early build stages, I think the right approach is to also 
provide your own fallback-group and fallback-passwd at the same time.

If too much gets added to these fallback specifications, we're back in 
the same position of getting target files that don't match the 
configuration used during build/packaging.  In most cases, adding 
DEPENDS += "base-passwd" is going to be the right approach to things not 
being in the fallback files.

Peter

>
> Thanks
> Xiao
>
>> +mail:*:8:
>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd 
>> b/meta/recipes-devtools/pseudo/files/fallback-passwd
>> new file mode 100644
>> index 0000000..c1458dc
>> --- /dev/null
>> +++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
>> @@ -0,0 +1 @@
>> +root::0:0:root:/home/root:/bin/sh
>> diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb 
>> b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>> index fb85f89..95fd2b8 100644
>> --- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>> +++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>> @@ -5,9 +5,17 @@ SRC_URI = " \
>> file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
>> file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
>> file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch \
>> +    file://fallback-passwd \
>> +    file://fallback-group \
>>   "
>>
>>   SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
>>   SRC_URI[sha256sum] = 
>> "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
>>
>>   PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
>> +
>> +do_install_append_class-native () {
>> +    install -d ${D}${sysconfdir}
>> +    install -m 644 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
>> +    install -m 644 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
>> +}
>>

Re: [PATCH 2/3] pseudo: provide fallback passwd and group files

[zhangxiao]

On 2014年11月12日 19:15, Peter A. Bigot wrote:
> On 11/12/2014 01:36 AM, zhangxiao wrote:
>> On 2014年11月02日 01:04, Peter A. Bigot wrote:
>>> Normally pseudo is built with --without-passwd-fallback, which requires
>>> that somebody provide target passwd and group files.  Those come from
>>> base-passwd in OE, but base-passwd cannot be built without first
>>> invoking operations under pseudo that require getpw*/getgr*.
>>>
>>> Provide the absolute minimum stub files, matching in content what will
>>> eventually be on the target, that can be used in the cases where the
>>> target files are not yet available.  The requirements for minimum stub
>>> are the usernames and groups identified in meta/files/fs-perms.txt.
>>>
>>> Signed-off-by: Peter A. Bigot <pab@pabigot.com>
>>> ---
>>>   meta/recipes-devtools/pseudo/files/fallback-group  | 2 ++
>>>   meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
>>>   meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 8 ++++++++
>>>   3 files changed, 11 insertions(+)
>>>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
>>>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd
>>>
>>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-group
>>> b/meta/recipes-devtools/pseudo/files/fallback-group
>>> new file mode 100644
>>> index 0000000..81bf732
>>> --- /dev/null
>>> +++ b/meta/recipes-devtools/pseudo/files/fallback-group
>>> @@ -0,0 +1,2 @@
>>> +root:*:0:
>>
>> How about adding those two lines below?
>>
>> daemon:*:1:
>> bin:*:2:
>
> What's the rationale for adding these?
>
> My intent is for pseudo to provide the absolute minimum required for the
> default fs-perms.txt, not to attempt to provide everything that's in
> base-passwd.  If you override fs-perms.txt somehow and need those extra
> groups in early build stages, I think the right approach is to also
> provide your own fallback-group and fallback-passwd at the same time.
>
> If too much gets added to these fallback specifications, we're back in
> the same position of getting target files that don't match the
> configuration used during build/packaging.  In most cases, adding
> DEPENDS += "base-passwd" is going to be the right approach to things not
> being in the fallback files.
>
In fact, that is the reason I want those two lines above. I know it is not
nice. :-(

 From my point of view, base-files and base-passwd is so important and basic
that they should be installed at very beginning. Almost all packages should
R-depends on them, so can we find a method to install them at very beginning
thus avoid adding "DEPENDS" in those bb files?

Thanks
Xiao

> Peter
>
>>
>> Thanks
>> Xiao
>>
>>> +mail:*:8:
>>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd
>>> b/meta/recipes-devtools/pseudo/files/fallback-passwd
>>> new file mode 100644
>>> index 0000000..c1458dc
>>> --- /dev/null
>>> +++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
>>> @@ -0,0 +1 @@
>>> +root::0:0:root:/home/root:/bin/sh
>>> diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>> b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>> index fb85f89..95fd2b8 100644
>>> --- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>> +++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>> @@ -5,9 +5,17 @@ SRC_URI = " \
>>> file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
>>> file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
>>> file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch \
>>> +    file://fallback-passwd \
>>> +    file://fallback-group \
>>>   "
>>>
>>>   SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
>>>   SRC_URI[sha256sum] =
>>> "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
>>>
>>>   PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
>>> +
>>> +do_install_append_class-native () {
>>> +    install -d ${D}${sysconfdir}
>>> +    install -m 644 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
>>> +    install -m 644 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
>>> +}
>>>
>
>
>

Re: [PATCH 2/3] pseudo: provide fallback passwd and group files

[Peter A. Bigot]

On 11/12/2014 08:31 PM, zhangxiao wrote:
> On 2014年11月12日 19:15, Peter A. Bigot wrote:
>> On 11/12/2014 01:36 AM, zhangxiao wrote:
>>> On 2014年11月02日 01:04, Peter A. Bigot wrote:
>>>> Normally pseudo is built with --without-passwd-fallback, which 
>>>> requires
>>>> that somebody provide target passwd and group files.  Those come from
>>>> base-passwd in OE, but base-passwd cannot be built without first
>>>> invoking operations under pseudo that require getpw*/getgr*.
>>>>
>>>> Provide the absolute minimum stub files, matching in content what will
>>>> eventually be on the target, that can be used in the cases where the
>>>> target files are not yet available.  The requirements for minimum stub
>>>> are the usernames and groups identified in meta/files/fs-perms.txt.
>>>>
>>>> Signed-off-by: Peter A. Bigot <pab@pabigot.com>
>>>> ---
>>>>   meta/recipes-devtools/pseudo/files/fallback-group  | 2 ++
>>>>   meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
>>>>   meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 8 ++++++++
>>>>   3 files changed, 11 insertions(+)
>>>>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
>>>>   create mode 100644 
>>>> meta/recipes-devtools/pseudo/files/fallback-passwd
>>>>
>>>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-group
>>>> b/meta/recipes-devtools/pseudo/files/fallback-group
>>>> new file mode 100644
>>>> index 0000000..81bf732
>>>> --- /dev/null
>>>> +++ b/meta/recipes-devtools/pseudo/files/fallback-group
>>>> @@ -0,0 +1,2 @@
>>>> +root:*:0:
>>>
>>> How about adding those two lines below?
>>>
>>> daemon:*:1:
>>> bin:*:2:
>>
>> What's the rationale for adding these?
>>
>> My intent is for pseudo to provide the absolute minimum required for the
>> default fs-perms.txt, not to attempt to provide everything that's in
>> base-passwd.  If you override fs-perms.txt somehow and need those extra
>> groups in early build stages, I think the right approach is to also
>> provide your own fallback-group and fallback-passwd at the same time.
>>
>> If too much gets added to these fallback specifications, we're back in
>> the same position of getting target files that don't match the
>> configuration used during build/packaging.  In most cases, adding
>> DEPENDS += "base-passwd" is going to be the right approach to things not
>> being in the fallback files.
>>
> In fact, that is the reason I want those two lines above. I know it is 
> not
> nice. :-(
>
> From my point of view, base-files and base-passwd is so important and 
> basic
> that they should be installed at very beginning. Almost all packages 
> should
> R-depends on them, so can we find a method to install them at very 
> beginning
> thus avoid adding "DEPENDS" in those bb files?

I agree in theory, but I tried pretty hard and couldn't make it work, 
for reasons (circular dependencies) described in the 0/3 that introduced 
this series.  I think the current solution is very clean.  Either an 
explicit DEPENDS in a few recipes that reference groups daemon and bin 
or an override of the fallback files in one of your layers (or by 
setting a custom PSEUDO_PASSWD in the recipes that needs them) would 
probably solve your problem,  but I don't have enough information about 
the context to be completely sure of that.

Peter

>
> Thanks
> Xiao
>
>> Peter
>>
>>>
>>> Thanks
>>> Xiao
>>>
>>>> +mail:*:8:
>>>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd
>>>> b/meta/recipes-devtools/pseudo/files/fallback-passwd
>>>> new file mode 100644
>>>> index 0000000..c1458dc
>>>> --- /dev/null
>>>> +++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
>>>> @@ -0,0 +1 @@
>>>> +root::0:0:root:/home/root:/bin/sh
>>>> diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>> b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>> index fb85f89..95fd2b8 100644
>>>> --- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>> +++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>> @@ -5,9 +5,17 @@ SRC_URI = " \
>>>> file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
>>>> file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
>>>> file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch 
>>>> \
>>>> +    file://fallback-passwd \
>>>> +    file://fallback-group \
>>>>   "
>>>>
>>>>   SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
>>>>   SRC_URI[sha256sum] =
>>>> "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
>>>>
>>>>   PSEUDO_EXTRA_OPTS ?= "--enable-force-async 
>>>> --without-passwd-fallback"
>>>> +
>>>> +do_install_append_class-native () {
>>>> +    install -d ${D}${sysconfdir}
>>>> +    install -m 644 ${WORKDIR}/fallback-passwd 
>>>> ${D}${sysconfdir}/passwd
>>>> +    install -m 644 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
>>>> +}
>>>>
>>
>>
>>

Re: [PATCH 2/3] pseudo: provide fallback passwd and group files

[zhangxiao]

On 2014年11月13日 11:04, Peter A. Bigot wrote:
> On 11/12/2014 08:31 PM, zhangxiao wrote:
>> On 2014年11月12日 19:15, Peter A. Bigot wrote:
>>> On 11/12/2014 01:36 AM, zhangxiao wrote:
>>>> On 2014年11月02日 01:04, Peter A. Bigot wrote:
>>>>> Normally pseudo is built with --without-passwd-fallback, which
>>>>> requires
>>>>> that somebody provide target passwd and group files.  Those come from
>>>>> base-passwd in OE, but base-passwd cannot be built without first
>>>>> invoking operations under pseudo that require getpw*/getgr*.
>>>>>
>>>>> Provide the absolute minimum stub files, matching in content what will
>>>>> eventually be on the target, that can be used in the cases where the
>>>>> target files are not yet available.  The requirements for minimum stub
>>>>> are the usernames and groups identified in meta/files/fs-perms.txt.
>>>>>
>>>>> Signed-off-by: Peter A. Bigot <pab@pabigot.com>
>>>>> ---
>>>>>   meta/recipes-devtools/pseudo/files/fallback-group  | 2 ++
>>>>>   meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
>>>>>   meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 8 ++++++++
>>>>>   3 files changed, 11 insertions(+)
>>>>>   create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
>>>>>   create mode 100644
>>>>> meta/recipes-devtools/pseudo/files/fallback-passwd
>>>>>
>>>>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-group
>>>>> b/meta/recipes-devtools/pseudo/files/fallback-group
>>>>> new file mode 100644
>>>>> index 0000000..81bf732
>>>>> --- /dev/null
>>>>> +++ b/meta/recipes-devtools/pseudo/files/fallback-group
>>>>> @@ -0,0 +1,2 @@
>>>>> +root:*:0:
>>>>
>>>> How about adding those two lines below?
>>>>
>>>> daemon:*:1:
>>>> bin:*:2:
>>>
>>> What's the rationale for adding these?
>>>
>>> My intent is for pseudo to provide the absolute minimum required for the
>>> default fs-perms.txt, not to attempt to provide everything that's in
>>> base-passwd.  If you override fs-perms.txt somehow and need those extra
>>> groups in early build stages, I think the right approach is to also
>>> provide your own fallback-group and fallback-passwd at the same time.
>>>
>>> If too much gets added to these fallback specifications, we're back in
>>> the same position of getting target files that don't match the
>>> configuration used during build/packaging.  In most cases, adding
>>> DEPENDS += "base-passwd" is going to be the right approach to things not
>>> being in the fallback files.
>>>
>> In fact, that is the reason I want those two lines above. I know it is
>> not
>> nice. :-(
>>
>> From my point of view, base-files and base-passwd is so important and
>> basic
>> that they should be installed at very beginning. Almost all packages
>> should
>> R-depends on them, so can we find a method to install them at very
>> beginning
>> thus avoid adding "DEPENDS" in those bb files?
>
> I agree in theory, but I tried pretty hard and couldn't make it work,
> for reasons (circular dependencies) described in the 0/3 that introduced
> this series.  I think the current solution is very clean.  Either an
> explicit DEPENDS in a few recipes that reference groups daemon and bin
> or an override of the fallback files in one of your layers (or by
> setting a custom PSEUDO_PASSWD in the recipes that needs them) would
> probably solve your problem,  but I don't have enough information about
> the context to be completely sure of that.
>

I believe your patches are valuable and necessary. They can avoid host
contamination on the pseudo level.

For several years, there are so many packages and recipes in OE-core, and
maybe more packages in customized layers. Detect and fix them one by
one will be very painful. :-(

Anyway, thank you!

BRs
Xiao

> Peter
>
>>
>> Thanks
>> Xiao
>>
>>> Peter
>>>
>>>>
>>>> Thanks
>>>> Xiao
>>>>
>>>>> +mail:*:8:
>>>>> diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd
>>>>> b/meta/recipes-devtools/pseudo/files/fallback-passwd
>>>>> new file mode 100644
>>>>> index 0000000..c1458dc
>>>>> --- /dev/null
>>>>> +++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
>>>>> @@ -0,0 +1 @@
>>>>> +root::0:0:root:/home/root:/bin/sh
>>>>> diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>>> b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>>> index fb85f89..95fd2b8 100644
>>>>> --- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>>> +++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
>>>>> @@ -5,9 +5,17 @@ SRC_URI = " \
>>>>> file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
>>>>> file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
>>>>> file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch
>>>>> \
>>>>> +    file://fallback-passwd \
>>>>> +    file://fallback-group \
>>>>>   "
>>>>>
>>>>>   SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
>>>>>   SRC_URI[sha256sum] =
>>>>> "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
>>>>>
>>>>>   PSEUDO_EXTRA_OPTS ?= "--enable-force-async
>>>>> --without-passwd-fallback"
>>>>> +
>>>>> +do_install_append_class-native () {
>>>>> +    install -d ${D}${sysconfdir}
>>>>> +    install -m 644 ${WORKDIR}/fallback-passwd
>>>>> ${D}${sysconfdir}/passwd
>>>>> +    install -m 644 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
>>>>> +}
>>>>>
>>>
>>>
>>>
>
>
>

[PATCH 3/3] bitbake.conf: pseudo fall back to last-resort passwd files

[Peter A. Bigot]

Recipe packaging for the target requires permissions that are consistent
with meta/files/fs-perms.txt which specifies certain user and group
names.  In the early parts of a target build base-passwd is not yet
available to provide the target /etc files used for user/group lookup.
Allow pseudo to fall-back to the last-resort files it installs if the
target ones aren't there yet.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 2a8a37f..0ccaac0 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -586,7 +586,7 @@ SRC_URI = ""
 
 # Use pseudo as the fakeroot implementation
 PSEUDO_LOCALSTATEDIR ?= "${WORKDIR}/pseudo/"
-PSEUDO_PASSWD ?= "${STAGING_DIR_TARGET}"
+PSEUDO_PASSWD ?= "${STAGING_DIR_TARGET}:${STAGING_DIR_NATIVE}"
 export PSEUDO_DISABLED = "1"
 #export PSEUDO_PREFIX = "${STAGING_DIR_NATIVE}${prefix_native}"
 #export PSEUDO_BINDIR = "${STAGING_DIR_NATIVE}${bindir_native}"
-- 
1.8.5.5

Re: [PATCH 0/3] prevent pseudo host passwd/group contamination

[Peter Seebach]

On Sat, 1 Nov 2014 12:04:36 -0500
"Peter A. Bigot" <pab@pabigot.com> wrote:

> The new patches use --without-passwd-fallback, preventing contamination
> from the host files during the early build stages when the target
> versions from base-passwd aren't yet available.

I like these, and will see whether I can free up time to work on this. If I
can't, though, I have no objections to these (and the previous set) being
added to oe-core as local patches until next time I have a free day or two to
study the password code.

-s
-- 
Listen, get this.  Nobody with a good compiler needs to be justified.

Re: [PATCH 0/3] prevent pseudo host passwd/group contamination

[Burton, Ross]

[-- Attachment #1: Type: text/plain, Size: 630 bytes --]

On 3 November 2014 18:55, Peter Seebach <peter.seebach@windriver.com> wrote:

> > The new patches use --without-passwd-fallback, preventing contamination
> > from the host files during the early build stages when the target
> > versions from base-passwd aren't yet available.
>
> I like these, and will see whether I can free up time to work on this. If I
> can't, though, I have no objections to these (and the previous set) being
> added to oe-core as local patches until next time I have a free day or two
> to
> study the password code.


Thanks Peter(s), these are now  in my staging branch for master.

Ross

[-- Attachment #2: Type: text/html, Size: 1036 bytes --]