[PATCH V2 0/7] prevent pseudo host passwd/group contamination

[PATCH V2 0/7] prevent pseudo host passwd/group contamination

[Peter A. Bigot]

For background see:

 http://lists.openembedded.org/pipermail/openembedded-core/2014-November/098465.html
 http://lists.openembedded.org/pipermail/openembedded-core/2014-November/098467.html

Changes in V2:

* Correct faulty assumption that ${STAGING_DIR_TARGET} was ever a valid
  fallback source

* Correct pseudo patch header to remove reference to faulty assumption

* Install fallback files read-only and note that in no circumstance
  should they ever be modified

* Add a new patch that ensures useradd.bbclass informs pseudo of the
  directory in which it expects to find the files that it wants to
  modify

The following changes since commit edaeb8940813b620090a0797ad3b6a076897512d:

  bitbake: cooker.py: fix loginfo op being set to an invalid value (2014-11-12 17:04:50 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib pabigot/pseudo
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=pabigot/pseudo

Peter A. Bigot (7):
  pseudo: support --without-passwd-fallback configuration option
  pseudo: support multiple search directories in PSEUDO_PASSWD
  image.bbclass: search both rootfs and native staging for passwd files
  pseudo: default --without-passwd-fallback
  pseudo: provide fallback passwd and group files
  bitbake.conf: pseudo fall back to last-resort passwd files
  useradd.bbclass: set PSEUDO_PASSWD consistent with root directory

 meta/classes/image.bbclass                         |   4 +-
 meta/classes/useradd.bbclass                       |   2 +
 meta/conf/bitbake.conf                             |   2 +-
 meta/recipes-devtools/pseudo/files/fallback-group  |   2 +
 meta/recipes-devtools/pseudo/files/fallback-passwd |   1 +
 ...do_client.c-protect-pwd_lck-against-magic.patch |  56 ++++++++++
 ..._util-modify-interface-to-pseudo_etc_file.patch |  70 +++++++++++++
 ...nt.c-support-multiple-directories-in-PSEU.patch | 116 +++++++++++++++++++++
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       |  14 ++-
 9 files changed, 264 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd
 create mode 100644 meta/recipes-devtools/pseudo/pseudo-1.6.2/0001-pseudo_client.c-protect-pwd_lck-against-magic.patch
 create mode 100644 meta/recipes-devtools/pseudo/pseudo-1.6.2/0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch
 create mode 100644 meta/recipes-devtools/pseudo/pseudo-1.6.2/0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch

-- 
1.8.5.5

[PATCH V2 1/7] pseudo: support --without-passwd-fallback configuration option

[Peter A. Bigot]

A bug in pseudo 1.6.2 results in lock failures if this option is
present.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
 ...do_client.c-protect-pwd_lck-against-magic.patch | 56 ++++++++++++++++++++++
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 meta/recipes-devtools/pseudo/pseudo-1.6.2/0001-pseudo_client.c-protect-pwd_lck-against-magic.patch

diff --git a/meta/recipes-devtools/pseudo/pseudo-1.6.2/0001-pseudo_client.c-protect-pwd_lck-against-magic.patch b/meta/recipes-devtools/pseudo/pseudo-1.6.2/0001-pseudo_client.c-protect-pwd_lck-against-magic.patch
new file mode 100644
index 0000000..d0c0a27
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/pseudo-1.6.2/0001-pseudo_client.c-protect-pwd_lck-against-magic.patch
@@ -0,0 +1,56 @@
+From e11468a47369596f57c5e99bd0a3dd58b2c6d5e0 Mon Sep 17 00:00:00 2001
+From: "Peter A. Bigot" <pab@pabigot.com>
+Date: Sun, 12 Oct 2014 08:27:14 -0500
+Subject: [PATCH 1/3] pseudo_client.c: protect pwd_lck against magic
+
+While attempting to diagnose unexpected uid/gid assignment I added
+--without-passwd-fallback to the pseudo build.  This caused build
+failures due to inability to lock /etc/passwd.
+
+Instrumentation revealed that attempts to create the lock file ended up
+with pseudo_etc_file() creating the correct lock name, but the
+subsequent open had an extra PSEUDO_PASSWD directory prefix causing
+it to fail.
+
+Inspection of pseudo_client shows the only other use of PSEUDO_ETC_FILE
+to be protected against magic.  Applying the same shield to the
+unprotected calls in pseudo_pwd_lck_{open,close} fixes the issue.
+
+Upstream-Status: Pending
+Signed-off-by: Peter A. Bigot <pab@pabigot.com>
+---
+ pseudo_client.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/pseudo_client.c b/pseudo_client.c
+index 8deaa1b..442dd19 100644
+--- a/pseudo_client.c
++++ b/pseudo_client.c
+@@ -416,20 +416,24 @@ pseudo_pwd_lck_open(void) {
+ 		}
+ 	}
+ 	pseudo_pwd_lck_close();
++	pseudo_antimagic();
+ 	pseudo_pwd_lck_fd = PSEUDO_ETC_FILE(".pwd.lock",
+ 					pseudo_pwd_lck_name, O_RDWR | O_CREAT);
++	pseudo_magic();
+ 	return pseudo_pwd_lck_fd;
+ }
+ 
+ int
+ pseudo_pwd_lck_close(void) {
+ 	if (pseudo_pwd_lck_fd != -1) {
++		pseudo_antimagic();
+ 		close(pseudo_pwd_lck_fd);
+ 		if (pseudo_pwd_lck_name) {
+ 			unlink(pseudo_pwd_lck_name);
+ 			free(pseudo_pwd_lck_name);
+ 			pseudo_pwd_lck_name = 0;
+ 		}
++		pseudo_magic();
+ 		pseudo_pwd_lck_fd = -1;
+ 		return 0;
+ 	} else {
+-- 
+1.8.5.5
+
diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
index ece50bf..df8ce83 100644
--- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
@@ -2,6 +2,7 @@ require pseudo.inc
 
 SRC_URI = " \
     http://www.yoctoproject.org/downloads/${BPN}/${BPN}-${PV}.tar.bz2 \
+    file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
 "
 
 SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
-- 
1.8.5.5

[PATCH V2 2/7] pseudo: support multiple search directories in PSEUDO_PASSWD

[Peter A. Bigot]

This makes it possible to use --without-passwd-fallback when building
images where the preferred passwd files are not available until after
installation has begun.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
v2 change: correct the 0003 patch description to eliminate the implication that it's ever valid to fall back to ${STAGING_DIR_TARGET}.

 ..._util-modify-interface-to-pseudo_etc_file.patch |  70 +++++++++++++
 ...nt.c-support-multiple-directories-in-PSEU.patch | 116 +++++++++++++++++++++
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       |   2 +
 3 files changed, 188 insertions(+)
 create mode 100644 meta/recipes-devtools/pseudo/pseudo-1.6.2/0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch
 create mode 100644 meta/recipes-devtools/pseudo/pseudo-1.6.2/0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch

diff --git a/meta/recipes-devtools/pseudo/pseudo-1.6.2/0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch b/meta/recipes-devtools/pseudo/pseudo-1.6.2/0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch
new file mode 100644
index 0000000..c7006ef
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/pseudo-1.6.2/0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch
@@ -0,0 +1,70 @@
+From f05def2bbd5507084672bc9072ffe0e5101e9b47 Mon Sep 17 00:00:00 2001
+From: "Peter A. Bigot" <pab@pabigot.com>
+Date: Sun, 12 Oct 2014 11:35:57 -0500
+Subject: [PATCH 2/3] pseudo_util: modify interface to pseudo_etc_file
+
+* Make the search directory pointers const: there is no reason why this
+  function should be allowed to mutate the directories.
+
+* Change the search directory argument from an array of pointers to a
+  pointer-to-pointers to prepare for an upcoming enhancement.
+
+Upstream-Status: Pending
+Signed-off-by: Peter A. Bigot <pab@pabigot.com>
+---
+ pseudo.h        | 2 +-
+ pseudo_client.c | 2 +-
+ pseudo_util.c   | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/pseudo.h b/pseudo.h
+index 92020e4..05813c1 100644
+--- a/pseudo.h
++++ b/pseudo.h
+@@ -86,7 +86,7 @@ extern int pseudo_logfile(char *defname);
+ extern ssize_t pseudo_sys_path_max(void);
+ extern ssize_t pseudo_path_max(void);
+ #define PSEUDO_PWD_MAX 4096
+-extern int pseudo_etc_file(const char *filename, char *realname, int flags, char *path[], int dircount);
++extern int pseudo_etc_file(const char *filename, char *realname, int flags, const char **search_dirs, int dircount);
+ extern void pseudo_stat32_from64(struct stat *, const struct stat64 *);
+ extern void pseudo_stat64_from32(struct stat64 *, const struct stat *);
+ 
+diff --git a/pseudo_client.c b/pseudo_client.c
+index 442dd19..7a4d7fa 100644
+--- a/pseudo_client.c
++++ b/pseudo_client.c
+@@ -93,7 +93,7 @@ gid_t pseudo_egid;
+ gid_t pseudo_sgid;
+ gid_t pseudo_fgid;
+ 
+-#define PSEUDO_ETC_FILE(filename, realname, flags) pseudo_etc_file(filename, realname, flags, (char *[]) { pseudo_chroot, pseudo_passwd, PSEUDO_PASSWD_FALLBACK }, PSEUDO_PASSWD_FALLBACK ? 3 : 2)
++#define PSEUDO_ETC_FILE(filename, realname, flags) pseudo_etc_file(filename, realname, flags, (const char *[]) { pseudo_chroot, pseudo_passwd, PSEUDO_PASSWD_FALLBACK }, PSEUDO_PASSWD_FALLBACK ? 3 : 2)
+ 
+ /* helper function to make a directory, just like mkdir -p.
+  * Can't use system() because the child shell would end up trying
+diff --git a/pseudo_util.c b/pseudo_util.c
+index e4e1fc8..647d3ad 100644
+--- a/pseudo_util.c
++++ b/pseudo_util.c
+@@ -1264,7 +1264,7 @@ FILE *pseudo_host_etc_group_file = &pseudo_fake_group_file;
+ #endif
+ 
+ int
+-pseudo_etc_file(const char *file, char *realname, int flags, char *search_dirs[], int dircount) {
++pseudo_etc_file(const char *file, char *realname, int flags, const char **search_dirs, int dircount) {
+ 	char filename[pseudo_path_max()];
+ 	int rc = -1;
+ 
+@@ -1280,7 +1280,7 @@ pseudo_etc_file(const char *file, char *realname, int flags, char *search_dirs[]
+ 		return -1;
+ 	}
+ 	for (i = 0; i < dircount; ++i) {
+-		char *s = search_dirs[i];
++		const char *s = search_dirs[i];
+ 		if (!s)
+ 			continue;
+ #if PSEUDO_PORT_DARWIN
+-- 
+1.8.5.5
+
diff --git a/meta/recipes-devtools/pseudo/pseudo-1.6.2/0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch b/meta/recipes-devtools/pseudo/pseudo-1.6.2/0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch
new file mode 100644
index 0000000..e6c6284
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/pseudo-1.6.2/0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch
@@ -0,0 +1,116 @@
+From 09f04dc36f21c179235109b3dcddce9dda9a8ba8 Mon Sep 17 00:00:00 2001
+From: "Peter A. Bigot" <pab@pabigot.com>
+Date: Sun, 12 Oct 2014 12:17:48 -0500
+Subject: [PATCH 3/3] pseudo_client.c: support multiple directories in
+ PSEUDO_PASSWD
+
+For OpenEmbedded it is highly unlikely that using the build host passwd
+file is the right approach.  Most packages can be built with a pseudo
+that was configured --without-passwd-fallback, since
+PSEUDO_PASSWD=${STAGING_DIR_TARGET} suffices.
+
+This fails when building images, because image.bbclass (correctly)
+overrides to PSEUDO_PASSWD=${IMAGE_ROOTFS}.  However, the rootfs
+/etc/passwd is not created until the post-install phase of base-passwd,
+which is long after a passwd file is required.  For example, the smart
+RPM interface wants to look up uid 0 right away.  The right solution
+here is to look first in ${IMAGE_ROOTFS}, then fallback to
+a location holding immutable files with the minimum user/group settings
+necessary to successfully get base-passwd onto the target.
+
+Rather than rework pseudo to change PSEUDO_PASSWD_FALLBACK to be a
+run-time rather than compile-time specification, rework the handling of
+PSEUDO_PASSWD so that it is a colon-separated list of directories that
+are processed in order.
+
+Upstream-Status: Pending
+Signed-off-by: Peter A. Bigot <pab@pabigot.com>
+---
+ pseudo_client.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 49 insertions(+), 1 deletion(-)
+
+diff --git a/pseudo_client.c b/pseudo_client.c
+index 7a4d7fa..b52b86a 100644
+--- a/pseudo_client.c
++++ b/pseudo_client.c
+@@ -75,6 +75,8 @@ int pseudo_umask = 022;
+ 
+ static char **fd_paths = NULL;
+ static int nfds = 0;
++static const char **passwd_paths = NULL;
++static int npasswd_paths = 0;
+ static int messages = 0;
+ static struct timeval message_time = { .tv_sec = 0 };
+ static int pseudo_inited = 0;
+@@ -93,7 +95,7 @@ gid_t pseudo_egid;
+ gid_t pseudo_sgid;
+ gid_t pseudo_fgid;
+ 
+-#define PSEUDO_ETC_FILE(filename, realname, flags) pseudo_etc_file(filename, realname, flags, (const char *[]) { pseudo_chroot, pseudo_passwd, PSEUDO_PASSWD_FALLBACK }, PSEUDO_PASSWD_FALLBACK ? 3 : 2)
++#define PSEUDO_ETC_FILE(filename, realname, flags) pseudo_etc_file(filename, realname, flags, passwd_paths, npasswd_paths)
+ 
+ /* helper function to make a directory, just like mkdir -p.
+  * Can't use system() because the child shell would end up trying
+@@ -117,6 +119,42 @@ mkdir_p(char *path) {
+ 	(void) mkdir(path, 0755);
+ }
+ 
++static int
++build_passwd_paths(const char **paths)
++{
++	int np = 0;
++	
++	if (pseudo_chroot) {
++		if (paths) {
++			paths[np] = pseudo_chroot;
++		}
++		++np;
++	}
++	if (pseudo_passwd) {
++		const char *cp = pseudo_passwd;
++		const char *next = strchr(cp, ':');
++		while (next) {
++			if (paths) {
++				paths[np] = strndup(cp, next-cp);
++			}
++			++np;
++			cp = next+1;
++			next = strchr(cp, ':');
++		}
++		if (paths) {
++			paths[np] = strdup(cp);
++		}
++		++np;
++	}
++	if (PSEUDO_PASSWD_FALLBACK) {
++		if (paths) {
++			paths[np] = PSEUDO_PASSWD_FALLBACK;
++		}
++		++np;
++	}
++	return np;
++}
++
+ void
+ pseudo_init_client(void) {
+ 	char *env;
+@@ -329,6 +367,16 @@ pseudo_init_client(void) {
+ 		}
+ 		free(env);
+ 
++		npasswd_paths = build_passwd_paths(NULL);
++		if (npasswd_paths) {
++			passwd_paths = malloc(npasswd_paths * sizeof(*passwd_paths));
++			if (!passwd_paths) {
++				pseudo_diag("couldn't allocate space for passwd paths.\n");
++				exit(1);
++			}
++			build_passwd_paths(passwd_paths);
++		}
++
+ 		pseudo_inited = 1;
+ 	}
+ 	if (!pseudo_disabled)
+-- 
+1.8.5.5
+
diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
index df8ce83..78eeedf 100644
--- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
@@ -3,6 +3,8 @@ require pseudo.inc
 SRC_URI = " \
     http://www.yoctoproject.org/downloads/${BPN}/${BPN}-${PV}.tar.bz2 \
     file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
+    file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
+    file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch \
 "
 
 SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
-- 
1.8.5.5

[PATCH V2 3/7] image.bbclass: search both rootfs and native staging for passwd files

[Peter A. Bigot]

When pseudo is configured to disallow fallback to the build host
/etc/hosts and /etc/group, the selection of ${IMAGE_ROOT} for
PSEUDO_PASSWD is insufficient as the necessary files will not be
available until base-passwd has been installed and its pkg_postinst
script run.  Fall back to the ${STAGING_DIR_NATIVE} version of those
files until the rootfs versions are available.  (The native copies are
never modified by the build; the ones in ${STAGING_DIR_TARGET} are
updated and may contain settings not consistent with what would be
created by post-install useradd/groupadd commands invoked in the image
rootfs.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
v2 change: fallback to ${STAGING_DIR_NATIVE} instead of ${STAGING_DIR_TARGET}.

 meta/classes/image.bbclass | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index fc08653..6bbfaf8 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -175,7 +175,9 @@ IMAGE_LINGUAS ?= "de-de fr-fr en-gb"
 
 LINGUAS_INSTALL ?= "${@" ".join(map(lambda s: "locale-base-%s" % s, d.getVar('IMAGE_LINGUAS', True).split()))}"
 
-PSEUDO_PASSWD = "${IMAGE_ROOTFS}"
+# Prefer image, but use the fallback files for lookups if the image ones
+# aren't yet available.
+PSEUDO_PASSWD = "${IMAGE_ROOTFS}:${STAGING_DIR_NATIVE}"
 
 do_rootfs[dirs] = "${TOPDIR}"
 do_rootfs[lockfiles] += "${IMAGE_ROOTFS}.lock"
-- 
1.8.5.5

[PATCH V2 4/7] pseudo: default --without-passwd-fallback

[Peter A. Bigot]

No good reason exists to fall back to the build host /etc files when
attempting to resolve user and group information.  Recipe dependencies
should be updated so the correct target files are available.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
index 78eeedf..fb85f89 100644
--- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
@@ -10,4 +10,4 @@ SRC_URI = " \
 SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
 SRC_URI[sha256sum] = "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
 
-PSEUDO_EXTRA_OPTS ?= "--enable-force-async"
+PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
-- 
1.8.5.5

[PATCH V2 5/7] pseudo: provide fallback passwd and group files

[Peter A. Bigot]

Normally pseudo is built with --without-passwd-fallback, which requires
that somebody provide target passwd and group files.  Those come from
base-passwd in OE, but base-passwd cannot be built without first
invoking operations under pseudo that require getpw*/getgr*.

Provide the absolute minimum stub files, matching in content what will
eventually be on the target, that can be used in the cases where the
target files are not yet available.  The requirements for minimum stub
are the usernames and groups identified in meta/files/fs-perms.txt.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
v2 change: install fallback files read-only

 meta/recipes-devtools/pseudo/files/fallback-group  | 2 ++
 meta/recipes-devtools/pseudo/files/fallback-passwd | 1 +
 meta/recipes-devtools/pseudo/pseudo_1.6.2.bb       | 9 +++++++++
 3 files changed, 12 insertions(+)
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-group
 create mode 100644 meta/recipes-devtools/pseudo/files/fallback-passwd

diff --git a/meta/recipes-devtools/pseudo/files/fallback-group b/meta/recipes-devtools/pseudo/files/fallback-group
new file mode 100644
index 0000000..81bf732
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/fallback-group
@@ -0,0 +1,2 @@
+root:*:0:
+mail:*:8:
diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd b/meta/recipes-devtools/pseudo/files/fallback-passwd
new file mode 100644
index 0000000..c1458dc
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/fallback-passwd
@@ -0,0 +1 @@
+root::0:0:root:/home/root:/bin/sh
diff --git a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
index fb85f89..261c8d3 100644
--- a/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
@@ -5,9 +5,18 @@ SRC_URI = " \
     file://0001-pseudo_client.c-protect-pwd_lck-against-magic.patch \
     file://0002-pseudo_util-modify-interface-to-pseudo_etc_file.patch \
     file://0003-pseudo_client.c-support-multiple-directories-in-PSEU.patch \
+    file://fallback-passwd \
+    file://fallback-group \
 "
 
 SRC_URI[md5sum] = "4d7b4f9d1b4aafa680ce94a5a9a52f1f"
 SRC_URI[sha256sum] = "c72be92689511ced7c419149c6aaa1b1a9e4dfc6409d1f16ab72cc35bc1e376a"
 
 PSEUDO_EXTRA_OPTS ?= "--enable-force-async --without-passwd-fallback"
+
+do_install_append_class-native () {
+	install -d ${D}${sysconfdir}
+	# The fallback files should never be modified
+	install -m 444 ${WORKDIR}/fallback-passwd ${D}${sysconfdir}/passwd
+	install -m 444 ${WORKDIR}/fallback-group ${D}${sysconfdir}/group
+}
-- 
1.8.5.5

[PATCH V2 6/7] bitbake.conf: pseudo fall back to last-resort passwd files

[Peter A. Bigot]

Recipe packaging for the target requires permissions that are consistent
with meta/files/fs-perms.txt which specifies certain user and group
names.  In the early parts of a target build base-passwd is not yet
available to provide the target /etc files used for user/group lookup.
Allow pseudo to fall-back to the last-resort files it installs if the
target ones aren't there yet.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
 meta/conf/bitbake.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 2a8a37f..0ccaac0 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -586,7 +586,7 @@ SRC_URI = ""
 
 # Use pseudo as the fakeroot implementation
 PSEUDO_LOCALSTATEDIR ?= "${WORKDIR}/pseudo/"
-PSEUDO_PASSWD ?= "${STAGING_DIR_TARGET}"
+PSEUDO_PASSWD ?= "${STAGING_DIR_TARGET}:${STAGING_DIR_NATIVE}"
 export PSEUDO_DISABLED = "1"
 #export PSEUDO_PREFIX = "${STAGING_DIR_NATIVE}${prefix_native}"
 #export PSEUDO_BINDIR = "${STAGING_DIR_NATIVE}${bindir_native}"
-- 
1.8.5.5

[PATCH V2 7/7] useradd.bbclass: set PSEUDO_PASSWD consistent with root directory

[Peter A. Bigot]

When installing into a sysroot this class examines $D/etc/passwd for
content, then invokes useradd to make changes.  Under pseudo useradd
attempts to look up user information in directories specified by
$PSEUDO_PASSWD.  For opkg multilib installs $D is not always the same as
$IMAGE_ROOT, and the user might already be in the IMAGE_ROOT files,
causing a failure during rootfs population.

Fix this by ensuring the files pseudo looks at when doing useradd stuff
are the same ones that useradd.bbclass will be manipulating.

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
---
 meta/classes/useradd.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/useradd.bbclass b/meta/classes/useradd.bbclass
index 3b70e80..0b9a843 100644
--- a/meta/classes/useradd.bbclass
+++ b/meta/classes/useradd.bbclass
@@ -24,6 +24,8 @@ if test "x$D" != "x"; then
 	# Installing into a sysroot
 	SYSROOT="$D"
 	OPT="--root $D"
+	# user/group lookups should match useradd/groupadd --root
+	export PSEUDO_PASSWD="$SYSROOT:${STAGING_DIR_NATIVE}"
 fi
 
 # If we're not doing a special SSTATE/SYSROOT install
-- 
1.8.5.5