[PATCH v2] base-passwd: Add kvm group

[PATCH v2] base-passwd: Add kvm group

[Jacob Kroon]

Although base-passwd in OE is somewhat outdated, upgrading
to a newer version is not going to solve eudev warnings about
missing groups during boot; input/shutdown/kvm are still not
listed in groups.master. The reason for this is that
Debian uses systemd, which will automatically create
missing groups(systemd-sysusers). In a sysvinit+eudev
configuration you instead get a warning printed to
the console:

  udevd[<pid>]: specified group 'kvm' unknown

Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
---

v2: Add reasoning in commit message trying to justify the added patch

 .../base-passwd/base-passwd/kvm.patch         | 23 +++++++++++++++++++
 .../base-passwd/base-passwd_3.5.29.bb         |  3 ++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-core/base-passwd/base-passwd/kvm.patch

diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
new file mode 100644
index 0000000000..113d5151e7
--- /dev/null
+++ b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
@@ -0,0 +1,23 @@
+From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
+From: Jacob Kroon <jacob.kroon@gmail.com>
+Date: Wed, 30 Jan 2019 04:53:48 +0000
+Subject: [PATCH] Add kvm group
+
+Upstream-Status: Pending
+Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
+---
+ group.master | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/group.master b/group.master
+index cea9d60..5b62284 100644
+--- a/group.master
++++ b/group.master
+@@ -34,6 +34,7 @@ utmp:*:43:
+ video:*:44:
+ sasl:*:45:
+ plugdev:*:46:
++kvm:*:47:
+ staff:*:50:
+ games:*:60:
+ shutdown:*:70:
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
index c6be1c1d08..d1aab09181 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
@@ -12,7 +12,8 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
            file://noshadow.patch \
            file://input.patch \
            file://disable-docs.patch \
-          "
+           file://kvm.patch \
+           "
 
 SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
 SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
-- 
2.20.1

Re: [PATCH v2] base-passwd: Add kvm group

[Jacob Kroon]

On Mon, Feb 4, 2019 at 4:13 AM Jacob Kroon <jacob.kroon@gmail.com> wrote:
>
> Although base-passwd in OE is somewhat outdated, upgrading
> to a newer version is not going to solve eudev warnings about
> missing groups during boot; input/shutdown/kvm are still not
> listed in groups.master. The reason for this is that
> Debian uses systemd, which will automatically create
> missing groups(systemd-sysusers). In a sysvinit+eudev
> configuration you instead get a warning printed to
> the console:
>
>   udevd[<pid>]: specified group 'kvm' unknown
>
> Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
> ---
>
> v2: Add reasoning in commit message trying to justify the added patch
>
>  .../base-passwd/base-passwd/kvm.patch         | 23 +++++++++++++++++++
>  .../base-passwd/base-passwd_3.5.29.bb         |  3 ++-
>  2 files changed, 25 insertions(+), 1 deletion(-)
>  create mode 100644 meta/recipes-core/base-passwd/base-passwd/kvm.patch
>
> diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
> new file mode 100644
> index 0000000000..113d5151e7
> --- /dev/null
> +++ b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
> @@ -0,0 +1,23 @@
> +From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
> +From: Jacob Kroon <jacob.kroon@gmail.com>
> +Date: Wed, 30 Jan 2019 04:53:48 +0000
> +Subject: [PATCH] Add kvm group
> +
> +Upstream-Status: Pending
> +Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
> +---
> + group.master | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/group.master b/group.master
> +index cea9d60..5b62284 100644
> +--- a/group.master
> ++++ b/group.master
> +@@ -34,6 +34,7 @@ utmp:*:43:
> + video:*:44:
> + sasl:*:45:
> + plugdev:*:46:
> ++kvm:*:47:
> + staff:*:50:
> + games:*:60:
> + shutdown:*:70:
> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> index c6be1c1d08..d1aab09181 100644
> --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> @@ -12,7 +12,8 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
>             file://noshadow.patch \
>             file://input.patch \
>             file://disable-docs.patch \
> -          "
> +           file://kvm.patch \
> +           "
>
>  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
>  SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> --
> 2.20.1
>

This patch hasn't made it into master yet, I guess frowned upon for
adding yet another patch(?).
I can merge the 3 patches that add missing groups into one patch if that helps ?

Jacob

Re: [PATCH v2] base-passwd: Add kvm group

[Richard Purdie]

On Sat, 2019-05-11 at 09:21 +0200, Jacob Kroon wrote:
> This patch hasn't made it into master yet, I guess frowned upon for
> adding yet another patch(?).
> I can merge the 3 patches that add missing groups into one patch if
> that helps ?

I'll queue it as you're right we should add it. Merging those three
into one patch sounds good too though.

Cheers,

Richard

Re: [PATCH v2] base-passwd: Add kvm group

[Joshua Watt]

On Sun, Feb 3, 2019 at 9:13 PM Jacob Kroon <jacob.kroon@gmail.com> wrote:
>
> Although base-passwd in OE is somewhat outdated, upgrading
> to a newer version is not going to solve eudev warnings about
> missing groups during boot; input/shutdown/kvm are still not
> listed in groups.master. The reason for this is that
> Debian uses systemd, which will automatically create
> missing groups(systemd-sysusers). In a sysvinit+eudev
> configuration you instead get a warning printed to
> the console:

There is an unfortunate problem with this patch that is causing us
build failures when using useradd-staticids. Part of this might be our
fault for not realizing the repercussions in the way we chose static
IDs, but it exposes some deeper issues with this approach to "patching
in" new users and groups that we need to be careful about.

In our case, the problem is that we added the netdev group to our
static group file at ID 47. As such, we get a warning when the netdev
group is created:
 groupadd: GID '47' already exists.

For our part, choosing to tightly pack the group IDs and fill in the
missing holes with our own static IDs when those static IDs might be
allocated by upstream in the future was probably a poor choice.
However, the same reasons that make it a poor choice for us also apply
to this patch. Upstream doesn't have this GID, and *could* (although
unlikely will) add a different group at ID 47, which would conflict
with this patch and cause a lot of havoc with anyone using
useradd-staticids.

Compounding this is the problem that the users and groups in
base-passwd don't play nice in general with useradd-staticids. The
users and groups provided by base-passwd are always assumed to exists
with the fixed IDs assigned by the recipe, and there is no mechanism
to override the assigned IDs with a static ID file as can be done with
useradd.bbclass (also, adding support doesn't appear to be trivial).

In general, I don't think we should be "patching in" users and groups
like this to base-passwd. If upstream doesn't have them, they need to
be added through the normal useradd.bbclass mechanism so that users of
useradd-staticids can choose what ID they get mapped to.

Is it possible to revert this and add the kvm group via the useradd.bbclass?

>
>   udevd[<pid>]: specified group 'kvm' unknown
>
> Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
> ---
>
> v2: Add reasoning in commit message trying to justify the added patch
>
>  .../base-passwd/base-passwd/kvm.patch         | 23 +++++++++++++++++++
>  .../base-passwd/base-passwd_3.5.29.bb         |  3 ++-
>  2 files changed, 25 insertions(+), 1 deletion(-)
>  create mode 100644 meta/recipes-core/base-passwd/base-passwd/kvm.patch
>
> diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
> new file mode 100644
> index 0000000000..113d5151e7
> --- /dev/null
> +++ b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
> @@ -0,0 +1,23 @@
> +From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
> +From: Jacob Kroon <jacob.kroon@gmail.com>
> +Date: Wed, 30 Jan 2019 04:53:48 +0000
> +Subject: [PATCH] Add kvm group
> +
> +Upstream-Status: Pending
> +Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
> +---
> + group.master | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/group.master b/group.master
> +index cea9d60..5b62284 100644
> +--- a/group.master
> ++++ b/group.master
> +@@ -34,6 +34,7 @@ utmp:*:43:
> + video:*:44:
> + sasl:*:45:
> + plugdev:*:46:
> ++kvm:*:47:
> + staff:*:50:
> + games:*:60:
> + shutdown:*:70:
> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> index c6be1c1d08..d1aab09181 100644
> --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> @@ -12,7 +12,8 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
>             file://noshadow.patch \
>             file://input.patch \
>             file://disable-docs.patch \
> -          "
> +           file://kvm.patch \
> +           "
>
>  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
>  SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> --
> 2.20.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH v2] base-passwd: Add kvm group

[Mark Hatle]

On 10/21/19 12:03 PM, Joshua Watt wrote:
> On Sun, Feb 3, 2019 at 9:13 PM Jacob Kroon <jacob.kroon@gmail.com> wrote:
>>
>> Although base-passwd in OE is somewhat outdated, upgrading
>> to a newer version is not going to solve eudev warnings about
>> missing groups during boot; input/shutdown/kvm are still not
>> listed in groups.master. The reason for this is that
>> Debian uses systemd, which will automatically create
>> missing groups(systemd-sysusers). In a sysvinit+eudev
>> configuration you instead get a warning printed to
>> the console:
> 
> There is an unfortunate problem with this patch that is causing us
> build failures when using useradd-staticids. Part of this might be our
> fault for not realizing the repercussions in the way we chose static
> IDs, but it exposes some deeper issues with this approach to "patching
> in" new users and groups that we need to be careful about.
> 
> In our case, the problem is that we added the netdev group to our
> static group file at ID 47. As such, we get a warning when the netdev
> group is created:
>  groupadd: GID '47' already exists.
> 
> For our part, choosing to tightly pack the group IDs and fill in the
> missing holes with our own static IDs when those static IDs might be
> allocated by upstream in the future was probably a poor choice.
> However, the same reasons that make it a poor choice for us also apply
> to this patch. Upstream doesn't have this GID, and *could* (although
> unlikely will) add a different group at ID 47, which would conflict
> with this patch and cause a lot of havoc with anyone using
> useradd-staticids.
> 
> Compounding this is the problem that the users and groups in
> base-passwd don't play nice in general with useradd-staticids. The
> users and groups provided by base-passwd are always assumed to exists
> with the fixed IDs assigned by the recipe, and there is no mechanism
> to override the assigned IDs with a static ID file as can be done with
> useradd.bbclass (also, adding support doesn't appear to be trivial).

This was part of the original design of the static ids.

When using static IDs, you should be providing your own base passwd/group files
and optionally the static mapping files as well.

This is the purpose of the USERADD_UID_TABLES, you can pass in the passwd/group
files as inputs to these...

> In general, I don't think we should be "patching in" users and groups
> like this to base-passwd. If upstream doesn't have them, they need to
> be added through the normal useradd.bbclass mechanism so that users of
> useradd-staticids can choose what ID they get mapped to.
> 
> Is it possible to revert this and add the kvm group via the useradd.bbclass?
> 
>>
>>   udevd[<pid>]: specified group 'kvm' unknown

As for this particular patch, why is adding a specific KVM group required?
Unless something is hardcoded in KVM to use group '47', a regular system type
useradd call should be done instead.  This would avoid the problem that Joshua
is experiencing.

--Mark

>> Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
>> ---
>>
>> v2: Add reasoning in commit message trying to justify the added patch
>>
>>  .../base-passwd/base-passwd/kvm.patch         | 23 +++++++++++++++++++
>>  .../base-passwd/base-passwd_3.5.29.bb         |  3 ++-
>>  2 files changed, 25 insertions(+), 1 deletion(-)
>>  create mode 100644 meta/recipes-core/base-passwd/base-passwd/kvm.patch
>>
>> diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
>> new file mode 100644
>> index 0000000000..113d5151e7
>> --- /dev/null
>> +++ b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
>> @@ -0,0 +1,23 @@
>> +From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
>> +From: Jacob Kroon <jacob.kroon@gmail.com>
>> +Date: Wed, 30 Jan 2019 04:53:48 +0000
>> +Subject: [PATCH] Add kvm group
>> +
>> +Upstream-Status: Pending
>> +Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
>> +---
>> + group.master | 1 +
>> + 1 file changed, 1 insertion(+)
>> +
>> +diff --git a/group.master b/group.master
>> +index cea9d60..5b62284 100644
>> +--- a/group.master
>> ++++ b/group.master
>> +@@ -34,6 +34,7 @@ utmp:*:43:
>> + video:*:44:
>> + sasl:*:45:
>> + plugdev:*:46:
>> ++kvm:*:47:
>> + staff:*:50:
>> + games:*:60:
>> + shutdown:*:70:
>> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>> index c6be1c1d08..d1aab09181 100644
>> --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>> +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>> @@ -12,7 +12,8 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
>>             file://noshadow.patch \
>>             file://input.patch \
>>             file://disable-docs.patch \
>> -          "
>> +           file://kvm.patch \
>> +           "
>>
>>  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
>>  SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
>> --
>> 2.20.1
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH v2] base-passwd: Add kvm group

[Joshua Watt]

On 10/21/19 12:23 PM, Mark Hatle wrote:
>
> On 10/21/19 12:03 PM, Joshua Watt wrote:
>> On Sun, Feb 3, 2019 at 9:13 PM Jacob Kroon <jacob.kroon@gmail.com> wrote:
>>> Although base-passwd in OE is somewhat outdated, upgrading
>>> to a newer version is not going to solve eudev warnings about
>>> missing groups during boot; input/shutdown/kvm are still not
>>> listed in groups.master. The reason for this is that
>>> Debian uses systemd, which will automatically create
>>> missing groups(systemd-sysusers). In a sysvinit+eudev
>>> configuration you instead get a warning printed to
>>> the console:
>> There is an unfortunate problem with this patch that is causing us
>> build failures when using useradd-staticids. Part of this might be our
>> fault for not realizing the repercussions in the way we chose static
>> IDs, but it exposes some deeper issues with this approach to "patching
>> in" new users and groups that we need to be careful about.
>>
>> In our case, the problem is that we added the netdev group to our
>> static group file at ID 47. As such, we get a warning when the netdev
>> group is created:
>>   groupadd: GID '47' already exists.
>>
>> For our part, choosing to tightly pack the group IDs and fill in the
>> missing holes with our own static IDs when those static IDs might be
>> allocated by upstream in the future was probably a poor choice.
>> However, the same reasons that make it a poor choice for us also apply
>> to this patch. Upstream doesn't have this GID, and *could* (although
>> unlikely will) add a different group at ID 47, which would conflict
>> with this patch and cause a lot of havoc with anyone using
>> useradd-staticids.
>>
>> Compounding this is the problem that the users and groups in
>> base-passwd don't play nice in general with useradd-staticids. The
>> users and groups provided by base-passwd are always assumed to exists
>> with the fixed IDs assigned by the recipe, and there is no mechanism
>> to override the assigned IDs with a static ID file as can be done with
>> useradd.bbclass (also, adding support doesn't appear to be trivial).
> This was part of the original design of the static ids.
>
> When using static IDs, you should be providing your own base passwd/group files
> and optionally the static mapping files as well.

Ah, I don't think that providing a custom base passwd/group file was 
clearly documented. That does make sense and will allow us to work 
around the issue. Is there an example of how that is done somewhere?

>
> This is the purpose of the USERADD_UID_TABLES, you can pass in the passwd/group
> files as inputs to these...
>
>> In general, I don't think we should be "patching in" users and groups
>> like this to base-passwd. If upstream doesn't have them, they need to
>> be added through the normal useradd.bbclass mechanism so that users of
>> useradd-staticids can choose what ID they get mapped to.
>>
>> Is it possible to revert this and add the kvm group via the useradd.bbclass?
>>
>>>    udevd[<pid>]: specified group 'kvm' unknown
> As for this particular patch, why is adding a specific KVM group required?
> Unless something is hardcoded in KVM to use group '47', a regular system type
> useradd call should be done instead.  This would avoid the problem that Joshua
> is experiencing.
>
> --Mark
>
>>> Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
>>> ---
>>>
>>> v2: Add reasoning in commit message trying to justify the added patch
>>>
>>>   .../base-passwd/base-passwd/kvm.patch         | 23 +++++++++++++++++++
>>>   .../base-passwd/base-passwd_3.5.29.bb         |  3 ++-
>>>   2 files changed, 25 insertions(+), 1 deletion(-)
>>>   create mode 100644 meta/recipes-core/base-passwd/base-passwd/kvm.patch
>>>
>>> diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
>>> new file mode 100644
>>> index 0000000000..113d5151e7
>>> --- /dev/null
>>> +++ b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
>>> @@ -0,0 +1,23 @@
>>> +From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
>>> +From: Jacob Kroon <jacob.kroon@gmail.com>
>>> +Date: Wed, 30 Jan 2019 04:53:48 +0000
>>> +Subject: [PATCH] Add kvm group
>>> +
>>> +Upstream-Status: Pending
>>> +Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
>>> +---
>>> + group.master | 1 +
>>> + 1 file changed, 1 insertion(+)
>>> +
>>> +diff --git a/group.master b/group.master
>>> +index cea9d60..5b62284 100644
>>> +--- a/group.master
>>> ++++ b/group.master
>>> +@@ -34,6 +34,7 @@ utmp:*:43:
>>> + video:*:44:
>>> + sasl:*:45:
>>> + plugdev:*:46:
>>> ++kvm:*:47:
>>> + staff:*:50:
>>> + games:*:60:
>>> + shutdown:*:70:
>>> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>>> index c6be1c1d08..d1aab09181 100644
>>> --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>>> +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>>> @@ -12,7 +12,8 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
>>>              file://noshadow.patch \
>>>              file://input.patch \
>>>              file://disable-docs.patch \
>>> -          "
>>> +           file://kvm.patch \
>>> +           "
>>>
>>>   SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
>>>   SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
>>> --
>>> 2.20.1
>>>
>>> --
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH v2] base-passwd: Add kvm group

[Mark Hatle]

Nothing special.. bbappend base-passwd and replace the SRC_URI with a custom
version of passwd.master and group.master.

--Mark

On 10/21/19 12:42 PM, Joshua Watt wrote:
> 
> On 10/21/19 12:23 PM, Mark Hatle wrote:
>>
>> On 10/21/19 12:03 PM, Joshua Watt wrote:
>>> On Sun, Feb 3, 2019 at 9:13 PM Jacob Kroon <jacob.kroon@gmail.com> wrote:
>>>> Although base-passwd in OE is somewhat outdated, upgrading
>>>> to a newer version is not going to solve eudev warnings about
>>>> missing groups during boot; input/shutdown/kvm are still not
>>>> listed in groups.master. The reason for this is that
>>>> Debian uses systemd, which will automatically create
>>>> missing groups(systemd-sysusers). In a sysvinit+eudev
>>>> configuration you instead get a warning printed to
>>>> the console:
>>> There is an unfortunate problem with this patch that is causing us
>>> build failures when using useradd-staticids. Part of this might be our
>>> fault for not realizing the repercussions in the way we chose static
>>> IDs, but it exposes some deeper issues with this approach to "patching
>>> in" new users and groups that we need to be careful about.
>>>
>>> In our case, the problem is that we added the netdev group to our
>>> static group file at ID 47. As such, we get a warning when the netdev
>>> group is created:
>>>   groupadd: GID '47' already exists.
>>>
>>> For our part, choosing to tightly pack the group IDs and fill in the
>>> missing holes with our own static IDs when those static IDs might be
>>> allocated by upstream in the future was probably a poor choice.
>>> However, the same reasons that make it a poor choice for us also apply
>>> to this patch. Upstream doesn't have this GID, and *could* (although
>>> unlikely will) add a different group at ID 47, which would conflict
>>> with this patch and cause a lot of havoc with anyone using
>>> useradd-staticids.
>>>
>>> Compounding this is the problem that the users and groups in
>>> base-passwd don't play nice in general with useradd-staticids. The
>>> users and groups provided by base-passwd are always assumed to exists
>>> with the fixed IDs assigned by the recipe, and there is no mechanism
>>> to override the assigned IDs with a static ID file as can be done with
>>> useradd.bbclass (also, adding support doesn't appear to be trivial).
>> This was part of the original design of the static ids.
>>
>> When using static IDs, you should be providing your own base passwd/group files
>> and optionally the static mapping files as well.
> 
> Ah, I don't think that providing a custom base passwd/group file was 
> clearly documented. That does make sense and will allow us to work 
> around the issue. Is there an example of how that is done somewhere?
> 
>>
>> This is the purpose of the USERADD_UID_TABLES, you can pass in the passwd/group
>> files as inputs to these...
>>
>>> In general, I don't think we should be "patching in" users and groups
>>> like this to base-passwd. If upstream doesn't have them, they need to
>>> be added through the normal useradd.bbclass mechanism so that users of
>>> useradd-staticids can choose what ID they get mapped to.
>>>
>>> Is it possible to revert this and add the kvm group via the useradd.bbclass?
>>>
>>>>    udevd[<pid>]: specified group 'kvm' unknown
>> As for this particular patch, why is adding a specific KVM group required?
>> Unless something is hardcoded in KVM to use group '47', a regular system type
>> useradd call should be done instead.  This would avoid the problem that Joshua
>> is experiencing.
>>
>> --Mark
>>
>>>> Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
>>>> ---
>>>>
>>>> v2: Add reasoning in commit message trying to justify the added patch
>>>>
>>>>   .../base-passwd/base-passwd/kvm.patch         | 23 +++++++++++++++++++
>>>>   .../base-passwd/base-passwd_3.5.29.bb         |  3 ++-
>>>>   2 files changed, 25 insertions(+), 1 deletion(-)
>>>>   create mode 100644 meta/recipes-core/base-passwd/base-passwd/kvm.patch
>>>>
>>>> diff --git a/meta/recipes-core/base-passwd/base-passwd/kvm.patch b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
>>>> new file mode 100644
>>>> index 0000000000..113d5151e7
>>>> --- /dev/null
>>>> +++ b/meta/recipes-core/base-passwd/base-passwd/kvm.patch
>>>> @@ -0,0 +1,23 @@
>>>> +From 6355278b9f744291864c373a32a8da8f84aaaf37 Mon Sep 17 00:00:00 2001
>>>> +From: Jacob Kroon <jacob.kroon@gmail.com>
>>>> +Date: Wed, 30 Jan 2019 04:53:48 +0000
>>>> +Subject: [PATCH] Add kvm group
>>>> +
>>>> +Upstream-Status: Pending
>>>> +Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
>>>> +---
>>>> + group.master | 1 +
>>>> + 1 file changed, 1 insertion(+)
>>>> +
>>>> +diff --git a/group.master b/group.master
>>>> +index cea9d60..5b62284 100644
>>>> +--- a/group.master
>>>> ++++ b/group.master
>>>> +@@ -34,6 +34,7 @@ utmp:*:43:
>>>> + video:*:44:
>>>> + sasl:*:45:
>>>> + plugdev:*:46:
>>>> ++kvm:*:47:
>>>> + staff:*:50:
>>>> + games:*:60:
>>>> + shutdown:*:70:
>>>> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>>>> index c6be1c1d08..d1aab09181 100644
>>>> --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>>>> +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
>>>> @@ -12,7 +12,8 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
>>>>              file://noshadow.patch \
>>>>              file://input.patch \
>>>>              file://disable-docs.patch \
>>>> -          "
>>>> +           file://kvm.patch \
>>>> +           "
>>>>
>>>>   SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
>>>>   SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
>>>> --
>>>> 2.20.1
>>>>
>>>> --
>>>> _______________________________________________
>>>> Openembedded-core mailing list
>>>> Openembedded-core@lists.openembedded.org
>>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH v2] base-passwd: Add kvm group

[Jacob Kroon]

Hi Joshua, Mark,

>> In general, I don't think we should be "patching in" users and groups
>> like this to base-passwd. If upstream doesn't have them, they need to
>> be added through the normal useradd.bbclass mechanism so that users of
>> useradd-staticids can choose what ID they get mapped to.
>>
>> Is it possible to revert this and add the kvm group via the useradd.bbclass?
>>
>>>
>>>    udevd[<pid>]: specified group 'kvm' unknown
> 
> As for this particular patch, why is adding a specific KVM group required?
> Unless something is hardcoded in KVM to use group '47', a regular system type
> useradd call should be done instead.  This would avoid the problem that Joshua
> is experiencing.
> 

The groups "shutdown" and "input" were already patched in in the same 
way, so I figured that was the way to do it. But it sounds like you're 
pointing out that we can drop those three patches, and instead use 
useradd.bbclass in base-passwd recipe ? Sounds like a nice cleanup.

Cheers,
Jacob

Re: [PATCH v2] base-passwd: Add kvm group

[Jacob Kroon]

Forgot to mention, the number chosen for the kvm group, 47, I just 
picked one of the available slots, no further reasoning behind that choice.

/Jacob

On 10/22/19 8:32 AM, Jacob Kroon wrote:
> Hi Joshua, Mark,
> 
>>> In general, I don't think we should be "patching in" users and groups
>>> like this to base-passwd. If upstream doesn't have them, they need to
>>> be added through the normal useradd.bbclass mechanism so that users of
>>> useradd-staticids can choose what ID they get mapped to.
>>>
>>> Is it possible to revert this and add the kvm group via the 
>>> useradd.bbclass?
>>>
>>>>
>>>>    udevd[<pid>]: specified group 'kvm' unknown
>>
>> As for this particular patch, why is adding a specific KVM group 
>> required?
>> Unless something is hardcoded in KVM to use group '47', a regular 
>> system type
>> useradd call should be done instead.  This would avoid the problem 
>> that Joshua
>> is experiencing.
>>
> 
> The groups "shutdown" and "input" were already patched in in the same 
> way, so I figured that was the way to do it. But it sounds like you're 
> pointing out that we can drop those three patches, and instead use 
> useradd.bbclass in base-passwd recipe ? Sounds like a nice cleanup.
> 
> Cheers,
> Jacob