* [oe-core][RFC] xuser-account: convert to standard-user-account
@ 2026-02-10 0:25 rs
2026-02-15 9:03 ` Mathieu Dubois-Briand
0 siblings, 1 reply; 4+ messages in thread
From: rs @ 2026-02-10 0:25 UTC (permalink / raw)
To: raj.khem, richard.purdie, mathieu.dubois-briand, alex, otavio,
kexin.hao
Cc: afd, detheridge, denis, reatmon, openembedded-core, vijayp
From: Randolph Sapp <rs@ti.com>
Change this single xuser account template into a generic
standard-user-account that uses distro level variables for
configuration.
This allows for seamless configuration of multiple out-of-box scripts
and tests across layers without having to implicitly hope that the
username or groups haven't been changed by a bbappend or recipe
override.
This was proposed specifically to remove some issues highlighted in:
https://lists.openembedded.org/g/openembedded-core/message/230665
Signed-off-by: Randolph Sapp <rs@ti.com>
---
I'm thinking about adding something like REQUIRED_STANDARD_USER_GROUPS and
REQUIRED_STANDARD_USER_SYSTEM_GROUPS checks to the features_check class so
recipes can indicate when they will fail due to bad distro configs. Please let
me know what you all think.
meta-selftest/files/static-group | 3 +-
meta-selftest/files/static-passwd | 3 +-
.../distro/include/default-distrovars.inc | 12 ++++++
meta/conf/distro/include/maintainers.inc | 2 +-
meta/recipes-graphics/wayland/weston-init.bb | 13 +++----
.../x11-common/xserver-nodm-init_3.0.bb | 7 ++--
.../user-creation/files/system-xuser.conf | 11 ------
.../standard-user-account_0.1.bb | 38 +++++++++++++++++++
.../user-creation/xuser-account_0.1.bb | 30 ---------------
scripts/sstate-sysroot-cruft.sh | 6 +--
10 files changed, 65 insertions(+), 60 deletions(-)
delete mode 100644 meta/recipes-support/user-creation/files/system-xuser.conf
create mode 100644 meta/recipes-support/user-creation/standard-user-account_0.1.bb
delete mode 100644 meta/recipes-support/user-creation/xuser-account_0.1.bb
diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group
index 3fca4aa5c9..8bdf362ed7 100644
--- a/meta-selftest/files/static-group
+++ b/meta-selftest/files/static-group
@@ -20,12 +20,11 @@ pulse:x:520:
bind:x:521:
builder:x:522:
weston-launch:x:524:
-weston:x:525:
+user:x:525:
wayland:x:526:
render:x:527:
sgx:x:528:
ptest:x:529:
-xuser:x:530:
seat:x:531:
audio:x:532:
nogroup:x:65534:
diff --git a/meta-selftest/files/static-passwd b/meta-selftest/files/static-passwd
index cc6c5acd5c..b309dad101 100644
--- a/meta-selftest/files/static-passwd
+++ b/meta-selftest/files/static-passwd
@@ -16,6 +16,5 @@ pulse:x:520:520::/:/bin/nologin
bind:x:521:521::/:/bin/nologin
builder:x:522:522::/:/bin/nologin
_apt:x:523:523::/:/bin/nologin
-weston:x:525:525::/:/bin/nologin
ptest:x:529:529::/:/bin/nologin
-xuser:x:530:530::/:/bin/nologin
+user:x:530:530::/:/bin/nologin
diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
index bbd936efa6..63c7a11c7e 100644
--- a/meta/conf/distro/include/default-distrovars.inc
+++ b/meta/conf/distro/include/default-distrovars.inc
@@ -64,3 +64,15 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}"
# the variable to be empty.
# Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master
CONNECTIVITY_CHECK_URIS ?= "https://www.yoctoproject.org/connectivity.html"
+
+# The STANDARD_USER_NAME is the default underprivileged user account name.
+# The STANDARD_USER_GROUPS is a space delimited list of user groups that account
+# should belong to, and STANDARD_USER_SYSTEM_GROUPS is the same but for system
+# groups.
+#
+# Please take note that not all tooling currently supports changing these
+# variables. Scripts like sstate-sysroot-cruft.sh and reproducible builds expect
+# these values to be the defaults listed below.
+STANDARD_USER_NAME ??= "user"
+STANDARD_USER_GROUPS ??= ""
+STANDARD_USER_SYSTEM_GROUPS ??= "video render tty audio input shutdown disk wayland"
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index b231daf485..6f595f6d02 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -808,6 +808,7 @@ RECIPE_MAINTAINER:pn-spirv-tools = "Jose Quaresma <quaresma.jose@gmail.com>"
RECIPE_MAINTAINER:pn-sqlite3 = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-squashfs-tools = "Robert Yang <liezhi.yang@windriver.com>"
RECIPE_MAINTAINER:pn-ssh-pregen-hostkeys = "Richard Purdie <richard.purdie@linuxfoundation.org>"
+RECIPE_MAINTAINER:pn-standard-user-account = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-startup-notification = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-strace = "Robert Yang <liezhi.yang@windriver.com>"
RECIPE_MAINTAINER:pn-stress-ng = "Unassigned <unassigned@yoctoproject.org>"
@@ -934,7 +935,6 @@ RECIPE_MAINTAINER:pn-xserver-xf86-config = "Unassigned <unassigned@yoctoproject.
RECIPE_MAINTAINER:pn-xserver-xorg = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xset = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xtrans = "Unassigned <unassigned@yoctoproject.org>"
-RECIPE_MAINTAINER:pn-xuser-account = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xvinfo = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xwayland = "Unassigned <unassigned@yoctoproject.org>"
RECIPE_MAINTAINER:pn-xwininfo = "Unassigned <unassigned@yoctoproject.org>"
diff --git a/meta/recipes-graphics/wayland/weston-init.bb b/meta/recipes-graphics/wayland/weston-init.bb
index 29cfba0833..98ce3d0d58 100644
--- a/meta/recipes-graphics/wayland/weston-init.bb
+++ b/meta/recipes-graphics/wayland/weston-init.bb
@@ -26,8 +26,8 @@ PACKAGECONFIG[use-pixman] = ",,"
DEFAULTBACKEND ??= ""
DEFAULTBACKEND:qemuall ?= "drm"
-WESTON_USER ??= "weston"
-WESTON_USER_HOME ??= "/home/${WESTON_USER}"
+WESTON_USER = "${STANDARD_USER_NAME}"
+WESTON_USER_HOME = "/home/${WESTON_USER}"
do_install() {
# Install weston-start script
@@ -83,15 +83,14 @@ do_install() {
INHIBIT_UPDATERCD_BBCLASS = "${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', '1', '', d)}"
-inherit update-rc.d systemd useradd
-
-USERADD_PACKAGES = "${PN}"
+inherit update-rc.d systemd
# rdepends on weston which depends on virtual/egl
#
require ${THISDIR}/required-distro-features.inc
-RDEPENDS:${PN} = "weston kbd ${@bb.utils.contains('PACKAGECONFIG', 'xwayland', 'weston-xwayland', '', d)}"
+DEPENDS += "standard-user-account"
+RDEPENDS:${PN} = "weston kbd standard-user-account ${@bb.utils.contains('PACKAGECONFIG', 'xwayland', 'weston-xwayland', '', d)}"
INITSCRIPT_NAME = "weston"
INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ."
@@ -109,5 +108,3 @@ FILES:${PN} += "\
CONFFILES:${PN} += "${sysconfdir}/xdg/weston/weston.ini ${sysconfdir}/default/weston"
SYSTEMD_SERVICE:${PN} = "weston.service weston.socket"
-USERADD_PARAM:${PN} = "--home ${WESTON_USER_HOME} --shell /bin/sh --user-group -G video,input,render,seat,wayland ${WESTON_USER}"
-GROUPADD_PARAM:${PN} = "-r wayland; -r render; -r seat"
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
index 169269eefb..31bd75aeda 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
@@ -38,8 +38,8 @@ do_install() {
BLANK_ARGS="${@bb.utils.contains('PACKAGECONFIG', 'blank', '', '-s 0 -dpms', d)}"
NO_CURSOR_ARG="${@bb.utils.contains('PACKAGECONFIG', 'nocursor', '-nocursor', '', d)}"
if [ "${ROOTLESS_X}" = "1" ] ; then
- XUSER_HOME="/home/xuser"
- XUSER="xuser"
+ XUSER_HOME="/home/${STANDARD_USER_NAME}"
+ XUSER="${STANDARD_USER_NAME}"
install -D capability.conf ${D}${sysconfdir}/security/capability.conf
sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf
else
@@ -62,7 +62,8 @@ do_install() {
fi
}
-RDEPENDS:${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}"
+DEPENDS += "${@oe.utils.conditional('ROOTLESS_X', '1','standard-user-account', '', d)}"
+RDEPENDS:${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'standard-user-account libcap libcap-bin', '', d)}"
INITSCRIPT_NAME = "xserver-nodm"
INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ."
diff --git a/meta/recipes-support/user-creation/files/system-xuser.conf b/meta/recipes-support/user-creation/files/system-xuser.conf
deleted file mode 100644
index d42e3d1f50..0000000000
--- a/meta/recipes-support/user-creation/files/system-xuser.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
- <policy user="xuser">
- <allow send_destination="net.connman"/>
- <allow send_destination="net.connman.vpn"/>
- <allow send_destination="org.ofono"/>
- <allow send_destination="org.bluez"/>
- </policy>
-</busconfig>
-
diff --git a/meta/recipes-support/user-creation/standard-user-account_0.1.bb b/meta/recipes-support/user-creation/standard-user-account_0.1.bb
new file mode 100644
index 0000000000..1aa1e71bc3
--- /dev/null
+++ b/meta/recipes-support/user-creation/standard-user-account_0.1.bb
@@ -0,0 +1,38 @@
+SUMMARY = "Creates a standard user account"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit allarch useradd
+
+do_compile[noexec] = "1"
+do_compile[noexec] = "1"
+do_install[noexec] = "1"
+
+COMMON_ARGS = "--create-home --user-group"
+
+python __anonymous() {
+ common_args = d.getVar("COMMON_ARGS") or ""
+ user = d.getVar("STANDARD_USER_NAME") or ""
+ pn = d.getVar("PN") or ""
+
+ unique_groups = sorted(set((d.getVar("STANDARD_USER_GROUPS") or "").split()))
+ unique_system_groups = sorted(set((d.getVar("STANDARD_USER_SYSTEM_GROUPS") or "").split()))
+
+ if unique_groups or unique_system_groups:
+ joined_groups = ','.join(unique_groups + unique_system_groups)
+ d.setVar(f"USERADD_PARAM:{pn}", f"{common_args} --groups {joined_groups} {user}")
+
+ # make sure all the groups exist
+ groupadd_str = ""
+ for group in unique_groups:
+ groupadd_str += f" {group} ;"
+ for group in unique_system_groups:
+ groupadd_str += f" --system {group} ;"
+ d.setVar(f"GROUPADD_PARAM:{pn}", f"{groupadd_str}")
+}
+
+# default case, and a requirement to satisfy the parser check
+USERADD_PARAM:${PN} = "${COMMON_ARGS} ${STANDARD_USER_NAME}"
+USERADD_PACKAGES = "${PN}"
+
+ALLOW_EMPTY:${PN} = "1"
diff --git a/meta/recipes-support/user-creation/xuser-account_0.1.bb b/meta/recipes-support/user-creation/xuser-account_0.1.bb
deleted file mode 100644
index 04f506e7a3..0000000000
--- a/meta/recipes-support/user-creation/xuser-account_0.1.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "Creates an 'xuser' account used for running X11"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-
-SRC_URI = "file://system-xuser.conf"
-
-inherit allarch useradd
-
-S = "${UNPACKDIR}"
-
-do_configure() {
- :
-}
-
-do_compile() {
- :
-}
-
-do_install() {
- install -D -m 0644 ${UNPACKDIR}/system-xuser.conf ${D}${sysconfdir}/dbus-1/system.d/system-xuser.conf
-}
-
-FILES:${PN} = "${sysconfdir}/dbus-1/system.d/system-xuser.conf"
-
-USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "--create-home \
- --groups video,tty,audio,input,shutdown,disk \
- --user-group xuser"
-
-ALLOW_EMPTY:${PN} = "1"
diff --git a/scripts/sstate-sysroot-cruft.sh b/scripts/sstate-sysroot-cruft.sh
index b2002badfb..5e1ae9c535 100755
--- a/scripts/sstate-sysroot-cruft.sh
+++ b/scripts/sstate-sysroot-cruft.sh
@@ -127,9 +127,9 @@ WHITELIST="${WHITELIST} \
# generated by useradd.bbclass
WHITELIST="${WHITELIST} \
[^/]*/home \
- [^/]*/home/xuser \
- [^/]*/home/xuser/.bashrc \
- [^/]*/home/xuser/.profile \
+ [^/]*/home/user \
+ [^/]*/home/user/.bashrc \
+ [^/]*/home/user/.profile \
[^/]*/home/builder \
[^/]*/home/builder/.bashrc \
[^/]*/home/builder/.profile \
--
2.52.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [oe-core][RFC] xuser-account: convert to standard-user-account
[not found] <1892BAF78F1F4DD5.591740@lists.openembedded.org>
@ 2026-02-11 0:05 ` Randolph Sapp
0 siblings, 0 replies; 4+ messages in thread
From: Randolph Sapp @ 2026-02-11 0:05 UTC (permalink / raw)
To: rs, raj.khem, richard.purdie, mathieu.dubois-briand, alex, otavio,
kexin.hao, pn
Cc: afd, detheridge, denis, reatmon, openembedded-core, vijayp
On Mon Feb 9, 2026 at 6:25 PM CST, Randolph Sapp via lists.openembedded.org wrote:
> From: Randolph Sapp <rs@ti.com>
>
> Change this single xuser account template into a generic
> standard-user-account that uses distro level variables for
> configuration.
>
> This allows for seamless configuration of multiple out-of-box scripts
> and tests across layers without having to implicitly hope that the
> username or groups haven't been changed by a bbappend or recipe
> override.
>
> This was proposed specifically to remove some issues highlighted in:
> https://lists.openembedded.org/g/openembedded-core/message/230665
>
> Signed-off-by: Randolph Sapp <rs@ti.com>
> ---
>
> I'm thinking about adding something like REQUIRED_STANDARD_USER_GROUPS and
> REQUIRED_STANDARD_USER_SYSTEM_GROUPS checks to the features_check class so
> recipes can indicate when they will fail due to bad distro configs. Please let
> me know what you all think.
>
> meta-selftest/files/static-group | 3 +-
> meta-selftest/files/static-passwd | 3 +-
> .../distro/include/default-distrovars.inc | 12 ++++++
> meta/conf/distro/include/maintainers.inc | 2 +-
> meta/recipes-graphics/wayland/weston-init.bb | 13 +++----
> .../x11-common/xserver-nodm-init_3.0.bb | 7 ++--
> .../user-creation/files/system-xuser.conf | 11 ------
> .../standard-user-account_0.1.bb | 38 +++++++++++++++++++
> .../user-creation/xuser-account_0.1.bb | 30 ---------------
> scripts/sstate-sysroot-cruft.sh | 6 +--
> 10 files changed, 65 insertions(+), 60 deletions(-)
> delete mode 100644 meta/recipes-support/user-creation/files/system-xuser.conf
> create mode 100644 meta/recipes-support/user-creation/standard-user-account_0.1.bb
> delete mode 100644 meta/recipes-support/user-creation/xuser-account_0.1.bb
>
> diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group
> index 3fca4aa5c9..8bdf362ed7 100644
> --- a/meta-selftest/files/static-group
> +++ b/meta-selftest/files/static-group
> @@ -20,12 +20,11 @@ pulse:x:520:
> bind:x:521:
> builder:x:522:
> weston-launch:x:524:
> -weston:x:525:
> +user:x:525:
> wayland:x:526:
> render:x:527:
> sgx:x:528:
> ptest:x:529:
> -xuser:x:530:
> seat:x:531:
> audio:x:532:
> nogroup:x:65534:
> diff --git a/meta-selftest/files/static-passwd b/meta-selftest/files/static-passwd
> index cc6c5acd5c..b309dad101 100644
> --- a/meta-selftest/files/static-passwd
> +++ b/meta-selftest/files/static-passwd
> @@ -16,6 +16,5 @@ pulse:x:520:520::/:/bin/nologin
> bind:x:521:521::/:/bin/nologin
> builder:x:522:522::/:/bin/nologin
> _apt:x:523:523::/:/bin/nologin
> -weston:x:525:525::/:/bin/nologin
> ptest:x:529:529::/:/bin/nologin
> -xuser:x:530:530::/:/bin/nologin
> +user:x:530:530::/:/bin/nologin
Ignore the discrepancy between the user group gid and user uid. Will address
that before the actual submission. I'm looking for comments about this concept
and execution.
Personally, I'm not crazy about needing both a runtime dependency and build
time dependency just so recipes can use the install command with the target
user and group. If anyone has comments about a clean way to work around that let
me know. This is kind of a weird crossover between distro and image features,
where it's difficult to assume anything.
- Randolph
> diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
> index bbd936efa6..63c7a11c7e 100644
> --- a/meta/conf/distro/include/default-distrovars.inc
> +++ b/meta/conf/distro/include/default-distrovars.inc
> @@ -64,3 +64,15 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}"
> # the variable to be empty.
> # Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master
> CONNECTIVITY_CHECK_URIS ?= "https://www.yoctoproject.org/connectivity.html"
> +
> +# The STANDARD_USER_NAME is the default underprivileged user account name.
> +# The STANDARD_USER_GROUPS is a space delimited list of user groups that account
> +# should belong to, and STANDARD_USER_SYSTEM_GROUPS is the same but for system
> +# groups.
> +#
> +# Please take note that not all tooling currently supports changing these
> +# variables. Scripts like sstate-sysroot-cruft.sh and reproducible builds expect
> +# these values to be the defaults listed below.
> +STANDARD_USER_NAME ??= "user"
> +STANDARD_USER_GROUPS ??= ""
> +STANDARD_USER_SYSTEM_GROUPS ??= "video render tty audio input shutdown disk wayland"
> diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
> index b231daf485..6f595f6d02 100644
> --- a/meta/conf/distro/include/maintainers.inc
> +++ b/meta/conf/distro/include/maintainers.inc
> @@ -808,6 +808,7 @@ RECIPE_MAINTAINER:pn-spirv-tools = "Jose Quaresma <quaresma.jose@gmail.com>"
> RECIPE_MAINTAINER:pn-sqlite3 = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-squashfs-tools = "Robert Yang <liezhi.yang@windriver.com>"
> RECIPE_MAINTAINER:pn-ssh-pregen-hostkeys = "Richard Purdie <richard.purdie@linuxfoundation.org>"
> +RECIPE_MAINTAINER:pn-standard-user-account = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-startup-notification = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-strace = "Robert Yang <liezhi.yang@windriver.com>"
> RECIPE_MAINTAINER:pn-stress-ng = "Unassigned <unassigned@yoctoproject.org>"
> @@ -934,7 +935,6 @@ RECIPE_MAINTAINER:pn-xserver-xf86-config = "Unassigned <unassigned@yoctoproject.
> RECIPE_MAINTAINER:pn-xserver-xorg = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-xset = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-xtrans = "Unassigned <unassigned@yoctoproject.org>"
> -RECIPE_MAINTAINER:pn-xuser-account = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-xvinfo = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-xwayland = "Unassigned <unassigned@yoctoproject.org>"
> RECIPE_MAINTAINER:pn-xwininfo = "Unassigned <unassigned@yoctoproject.org>"
> diff --git a/meta/recipes-graphics/wayland/weston-init.bb b/meta/recipes-graphics/wayland/weston-init.bb
> index 29cfba0833..98ce3d0d58 100644
> --- a/meta/recipes-graphics/wayland/weston-init.bb
> +++ b/meta/recipes-graphics/wayland/weston-init.bb
> @@ -26,8 +26,8 @@ PACKAGECONFIG[use-pixman] = ",,"
>
> DEFAULTBACKEND ??= ""
> DEFAULTBACKEND:qemuall ?= "drm"
> -WESTON_USER ??= "weston"
> -WESTON_USER_HOME ??= "/home/${WESTON_USER}"
> +WESTON_USER = "${STANDARD_USER_NAME}"
> +WESTON_USER_HOME = "/home/${WESTON_USER}"
>
> do_install() {
> # Install weston-start script
> @@ -83,15 +83,14 @@ do_install() {
>
> INHIBIT_UPDATERCD_BBCLASS = "${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', '1', '', d)}"
>
> -inherit update-rc.d systemd useradd
> -
> -USERADD_PACKAGES = "${PN}"
> +inherit update-rc.d systemd
>
> # rdepends on weston which depends on virtual/egl
> #
> require ${THISDIR}/required-distro-features.inc
>
> -RDEPENDS:${PN} = "weston kbd ${@bb.utils.contains('PACKAGECONFIG', 'xwayland', 'weston-xwayland', '', d)}"
> +DEPENDS += "standard-user-account"
> +RDEPENDS:${PN} = "weston kbd standard-user-account ${@bb.utils.contains('PACKAGECONFIG', 'xwayland', 'weston-xwayland', '', d)}"
>
> INITSCRIPT_NAME = "weston"
> INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ."
> @@ -109,5 +108,3 @@ FILES:${PN} += "\
> CONFFILES:${PN} += "${sysconfdir}/xdg/weston/weston.ini ${sysconfdir}/default/weston"
>
> SYSTEMD_SERVICE:${PN} = "weston.service weston.socket"
> -USERADD_PARAM:${PN} = "--home ${WESTON_USER_HOME} --shell /bin/sh --user-group -G video,input,render,seat,wayland ${WESTON_USER}"
> -GROUPADD_PARAM:${PN} = "-r wayland; -r render; -r seat"
> diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
> index 169269eefb..31bd75aeda 100644
> --- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
> +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
> @@ -38,8 +38,8 @@ do_install() {
> BLANK_ARGS="${@bb.utils.contains('PACKAGECONFIG', 'blank', '', '-s 0 -dpms', d)}"
> NO_CURSOR_ARG="${@bb.utils.contains('PACKAGECONFIG', 'nocursor', '-nocursor', '', d)}"
> if [ "${ROOTLESS_X}" = "1" ] ; then
> - XUSER_HOME="/home/xuser"
> - XUSER="xuser"
> + XUSER_HOME="/home/${STANDARD_USER_NAME}"
> + XUSER="${STANDARD_USER_NAME}"
> install -D capability.conf ${D}${sysconfdir}/security/capability.conf
> sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf
> else
> @@ -62,7 +62,8 @@ do_install() {
> fi
> }
>
> -RDEPENDS:${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}"
> +DEPENDS += "${@oe.utils.conditional('ROOTLESS_X', '1','standard-user-account', '', d)}"
> +RDEPENDS:${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'standard-user-account libcap libcap-bin', '', d)}"
>
> INITSCRIPT_NAME = "xserver-nodm"
> INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ."
> diff --git a/meta/recipes-support/user-creation/files/system-xuser.conf b/meta/recipes-support/user-creation/files/system-xuser.conf
> deleted file mode 100644
> index d42e3d1f50..0000000000
> --- a/meta/recipes-support/user-creation/files/system-xuser.conf
> +++ /dev/null
> @@ -1,11 +0,0 @@
> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
> - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> -<busconfig>
> - <policy user="xuser">
> - <allow send_destination="net.connman"/>
> - <allow send_destination="net.connman.vpn"/>
> - <allow send_destination="org.ofono"/>
> - <allow send_destination="org.bluez"/>
> - </policy>
> -</busconfig>
> -
> diff --git a/meta/recipes-support/user-creation/standard-user-account_0.1.bb b/meta/recipes-support/user-creation/standard-user-account_0.1.bb
> new file mode 100644
> index 0000000000..1aa1e71bc3
> --- /dev/null
> +++ b/meta/recipes-support/user-creation/standard-user-account_0.1.bb
> @@ -0,0 +1,38 @@
> +SUMMARY = "Creates a standard user account"
> +LICENSE = "MIT"
> +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
> +
> +inherit allarch useradd
> +
> +do_compile[noexec] = "1"
> +do_compile[noexec] = "1"
> +do_install[noexec] = "1"
> +
> +COMMON_ARGS = "--create-home --user-group"
> +
> +python __anonymous() {
> + common_args = d.getVar("COMMON_ARGS") or ""
> + user = d.getVar("STANDARD_USER_NAME") or ""
> + pn = d.getVar("PN") or ""
> +
> + unique_groups = sorted(set((d.getVar("STANDARD_USER_GROUPS") or "").split()))
> + unique_system_groups = sorted(set((d.getVar("STANDARD_USER_SYSTEM_GROUPS") or "").split()))
> +
> + if unique_groups or unique_system_groups:
> + joined_groups = ','.join(unique_groups + unique_system_groups)
> + d.setVar(f"USERADD_PARAM:{pn}", f"{common_args} --groups {joined_groups} {user}")
> +
> + # make sure all the groups exist
> + groupadd_str = ""
> + for group in unique_groups:
> + groupadd_str += f" {group} ;"
> + for group in unique_system_groups:
> + groupadd_str += f" --system {group} ;"
> + d.setVar(f"GROUPADD_PARAM:{pn}", f"{groupadd_str}")
> +}
> +
> +# default case, and a requirement to satisfy the parser check
> +USERADD_PARAM:${PN} = "${COMMON_ARGS} ${STANDARD_USER_NAME}"
> +USERADD_PACKAGES = "${PN}"
> +
> +ALLOW_EMPTY:${PN} = "1"
> diff --git a/meta/recipes-support/user-creation/xuser-account_0.1.bb b/meta/recipes-support/user-creation/xuser-account_0.1.bb
> deleted file mode 100644
> index 04f506e7a3..0000000000
> --- a/meta/recipes-support/user-creation/xuser-account_0.1.bb
> +++ /dev/null
> @@ -1,30 +0,0 @@
> -SUMMARY = "Creates an 'xuser' account used for running X11"
> -LICENSE = "MIT"
> -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
> -
> -SRC_URI = "file://system-xuser.conf"
> -
> -inherit allarch useradd
> -
> -S = "${UNPACKDIR}"
> -
> -do_configure() {
> - :
> -}
> -
> -do_compile() {
> - :
> -}
> -
> -do_install() {
> - install -D -m 0644 ${UNPACKDIR}/system-xuser.conf ${D}${sysconfdir}/dbus-1/system.d/system-xuser.conf
> -}
> -
> -FILES:${PN} = "${sysconfdir}/dbus-1/system.d/system-xuser.conf"
> -
> -USERADD_PACKAGES = "${PN}"
> -USERADD_PARAM:${PN} = "--create-home \
> - --groups video,tty,audio,input,shutdown,disk \
> - --user-group xuser"
> -
> -ALLOW_EMPTY:${PN} = "1"
> diff --git a/scripts/sstate-sysroot-cruft.sh b/scripts/sstate-sysroot-cruft.sh
> index b2002badfb..5e1ae9c535 100755
> --- a/scripts/sstate-sysroot-cruft.sh
> +++ b/scripts/sstate-sysroot-cruft.sh
> @@ -127,9 +127,9 @@ WHITELIST="${WHITELIST} \
> # generated by useradd.bbclass
> WHITELIST="${WHITELIST} \
> [^/]*/home \
> - [^/]*/home/xuser \
> - [^/]*/home/xuser/.bashrc \
> - [^/]*/home/xuser/.profile \
> + [^/]*/home/user \
> + [^/]*/home/user/.bashrc \
> + [^/]*/home/user/.profile \
> [^/]*/home/builder \
> [^/]*/home/builder/.bashrc \
> [^/]*/home/builder/.profile \
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [oe-core][RFC] xuser-account: convert to standard-user-account
2026-02-10 0:25 [oe-core][RFC] xuser-account: convert to standard-user-account rs
@ 2026-02-15 9:03 ` Mathieu Dubois-Briand
2026-02-17 19:15 ` Randolph Sapp
0 siblings, 1 reply; 4+ messages in thread
From: Mathieu Dubois-Briand @ 2026-02-15 9:03 UTC (permalink / raw)
To: rs, raj.khem, richard.purdie, alex, otavio, kexin.hao
Cc: afd, detheridge, denis, reatmon, openembedded-core, vijayp
On Tue Feb 10, 2026 at 1:25 AM CET, Randolph Sapp via lists.openembedded.org wrote:
> From: Randolph Sapp <rs@ti.com>
>
> Change this single xuser account template into a generic
> standard-user-account that uses distro level variables for
> configuration.
>
> This allows for seamless configuration of multiple out-of-box scripts
> and tests across layers without having to implicitly hope that the
> username or groups haven't been changed by a bbappend or recipe
> override.
>
> This was proposed specifically to remove some issues highlighted in:
> https://lists.openembedded.org/g/openembedded-core/message/230665
>
> Signed-off-by: Randolph Sapp <rs@ti.com>
> ---
Hi Randolph,
I know this is still an RFC, but it went into by weekend batch of RFC
patches tested on the autobuilder.
A note first: this was tested without your other display manager series.
I hope there is no dependency.
So far we had the following issues:
AssertionError: ssh exited with status '255' for command '['ssh', '-l', 'root', '-o', 'ServerAliveCountMax=2', '-o', 'ServerAliveInterval=30', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-o', 'LogLevel=ERROR', '192.168.7.8', 'export PATH=/usr/sbin:/sbin:/usr/bin:/bin; export XDG_RUNTIME_DIR=/run/user/`id -u weston`; export WAYLAND_DISPLAY=wayland-1; wayland-info']': this is likely an SSH failure
id: unknown user weston
failed to create display: No such file or directory
...
RESULTS - weston.WestonTest.test_weston_running: FAILED (0.80s)
https://autobuilder.yoctoproject.org/valkyrie/#/builders/25/builds/3189
https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/3316
https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/3214
https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/3090
And a second one:
2026-02-14 17:59:08,803 - oe-selftest - INFO - ERROR: Nothing PROVIDES 'standard-user-account' (but /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/wayland/weston-init.bb DEPENDS on or otherwise requires it)
2026-02-14 17:59:08,803 - oe-selftest - INFO - standard-user-account was skipped: Recipe standard-user-account, package standard-user-account: system groupname "disk" does not have a static ID defined. Add disk to one of these files: /srv/pokybuild/yocto-worker/reproducible/build/build-st/meta-selftest/files/static-group
2026-02-14 17:59:08,803 - oe-selftest - INFO - ERROR: Nothing RPROVIDES 'weston-init' (but /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-weston.bb, /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/wayland/weston-init.bb, /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/wayland/weston_14.0.2.bb RDEPENDS on or otherwise requires it)
2026-02-14 17:59:08,803 - oe-selftest - INFO - No eligible RPROVIDERs exist for 'weston-init'
2026-02-14 17:59:08,803 - oe-selftest - INFO - NOTE: Runtime target 'weston-init' is unbuildable, removing...
2026-02-14 17:59:08,803 - oe-selftest - INFO - Missing or unbuildable dependency chain was: ['weston-init']
https://autobuilder.yoctoproject.org/valkyrie/#/builders/37/builds/3355
Thanks,
Mathieu
--
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [oe-core][RFC] xuser-account: convert to standard-user-account
2026-02-15 9:03 ` Mathieu Dubois-Briand
@ 2026-02-17 19:15 ` Randolph Sapp
0 siblings, 0 replies; 4+ messages in thread
From: Randolph Sapp @ 2026-02-17 19:15 UTC (permalink / raw)
To: Mathieu Dubois-Briand, rs, raj.khem, richard.purdie, alex, otavio,
kexin.hao
Cc: afd, detheridge, denis, reatmon, openembedded-core, vijayp
On Sun Feb 15, 2026 at 3:03 AM CST, Mathieu Dubois-Briand wrote:
> On Tue Feb 10, 2026 at 1:25 AM CET, Randolph Sapp via lists.openembedded.org wrote:
>> From: Randolph Sapp <rs@ti.com>
>>
>> Change this single xuser account template into a generic
>> standard-user-account that uses distro level variables for
>> configuration.
>>
>> This allows for seamless configuration of multiple out-of-box scripts
>> and tests across layers without having to implicitly hope that the
>> username or groups haven't been changed by a bbappend or recipe
>> override.
>>
>> This was proposed specifically to remove some issues highlighted in:
>> https://lists.openembedded.org/g/openembedded-core/message/230665
>>
>> Signed-off-by: Randolph Sapp <rs@ti.com>
>> ---
>
> Hi Randolph,
>
> I know this is still an RFC, but it went into by weekend batch of RFC
> patches tested on the autobuilder.
>
> A note first: this was tested without your other display manager series.
> I hope there is no dependency.
There isn't. In fact this conflicts with the other series at the moment.
> So far we had the following issues:
>
> AssertionError: ssh exited with status '255' for command '['ssh', '-l', 'root', '-o', 'ServerAliveCountMax=2', '-o', 'ServerAliveInterval=30', '-o', 'UserKnownHostsFile=/dev/null', '-o', 'StrictHostKeyChecking=no', '-o', 'LogLevel=ERROR', '192.168.7.8', 'export PATH=/usr/sbin:/sbin:/usr/bin:/bin; export XDG_RUNTIME_DIR=/run/user/`id -u weston`; export WAYLAND_DISPLAY=wayland-1; wayland-info']': this is likely an SSH failure
> id: unknown user weston
> failed to create display: No such file or directory
> ...
> RESULTS - weston.WestonTest.test_weston_running: FAILED (0.80s)
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/25/builds/3189
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/3316
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/3214
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/3090
I didn't adjust any of the tests for this yet so that makes sense.
> And a second one:
>
> 2026-02-14 17:59:08,803 - oe-selftest - INFO - ERROR: Nothing PROVIDES 'standard-user-account' (but /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/wayland/weston-init.bb DEPENDS on or otherwise requires it)
> 2026-02-14 17:59:08,803 - oe-selftest - INFO - standard-user-account was skipped: Recipe standard-user-account, package standard-user-account: system groupname "disk" does not have a static ID defined. Add disk to one of these files: /srv/pokybuild/yocto-worker/reproducible/build/build-st/meta-selftest/files/static-group
> 2026-02-14 17:59:08,803 - oe-selftest - INFO - ERROR: Nothing RPROVIDES 'weston-init' (but /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/packagegroups/packagegroup-core-weston.bb, /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/wayland/weston-init.bb, /srv/pokybuild/yocto-worker/reproducible/build/layers/openembedded-core/meta/recipes-graphics/wayland/weston_14.0.2.bb RDEPENDS on or otherwise requires it)
> 2026-02-14 17:59:08,803 - oe-selftest - INFO - No eligible RPROVIDERs exist for 'weston-init'
> 2026-02-14 17:59:08,803 - oe-selftest - INFO - NOTE: Runtime target 'weston-init' is unbuildable, removing...
> 2026-02-14 17:59:08,803 - oe-selftest - INFO - Missing or unbuildable dependency chain was: ['weston-init']
>
> https://autobuilder.yoctoproject.org/valkyrie/#/builders/37/builds/3355
>
> Thanks,
> Mathieu
This error should have been an issue before this RFC, as the xuser account was
already being added to the disks group, which was never actually added to the
static-group file. Suppose I'll fix it if anyone chimes in on whether or not
this is even a good idea or not.
- Randolph
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-02-17 19:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-10 0:25 [oe-core][RFC] xuser-account: convert to standard-user-account rs
2026-02-15 9:03 ` Mathieu Dubois-Briand
2026-02-17 19:15 ` Randolph Sapp
[not found] <1892BAF78F1F4DD5.591740@lists.openembedded.org>
2026-02-11 0:05 ` Randolph Sapp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox