Set the users and groups staticallyfeature_CPDX-3521

Cannot set USERADD_ERROR_DYNAMIC to error as it breaks the build. We need to be carefull when adding new users/groups, to also add them to files/{groups,passwd} Change-Id: I7ecfa9936af6319ced946e243cbe3bbcd23e8e4c Signed-off-by: Matei Valeanu <Matei.Valeanu@enea.com>
author: Matei Valeanu <Matei.Valeanu@enea.com> 2021-02-19 19:17:20 +0100
committer: Adrian Calianu <Adrian.Calianu@enea.com> 2021-02-24 12:01:55 +0100
commit: 23ed226a4b4b7c1cac2c52e6808631d9f0d6f652 (patch)
tree: f52d946fd5d8941984ee1aac8aa06853fd1a1b80
parent: 79d1957037bc893aa278c025a1c3276b206aead0 (diff)
download: meta-el-nfv-access-feature_CPDX-3521.tar.gz
6 files changed, 189 insertions, 0 deletions
diff --git a/conf/template.atom-c3000-debug/local.conf.sample b/conf/template.atom-c3000-debug/local.conf.sample
index c749b24..60e8955 100644
--- a/conf/template.atom-c3000-debug/local.conf.sample
+++ b/conf/template.atom-c3000-debug/local.conf.sample
@@ -250,3 +250,29 @@ SOTA_MACHINE ?= "${MACHINE}"
 DISTRO_FEATURES_append = " sota"
 DISTRO_FEATURES_NATIVE_append = " sota"
 INHERIT += " sota"
+# Various packages dynamically add users and groups to the system at package
+# install time.  For programs that do not care what the uid/gid is of the
+# resulting users/groups, the order of the install will determine the final
+# uid/gid.  This can lead to non-deterministic uid/gid values from one build
+# to another.  Use the following settings to specify that all user/group adds
+# should be created based on a static passwd/group file.
+#
+# Note, if you enable or disable the useradd-staticids in a configured system,
+# the TMPDIR may contain incorrect uid/gid values.  Clearing the TMPDIR
+# will correct this condition.
+#
+# By default the system looks in the BBPATH for files/passwd and files/group
+# the default can be overriden by spefying USERADD_UID/GID_TABLES.
+#
+USERADDEXTENSION = "useradd-staticids"
+USERADD_UID_TABLES = "files/passwd"
+USERADD_GID_TABLES = "files/group"
+#
+# In order to prevent generating a system where a dynamicly assigned uid/gid
+# can exist, you should enable the following setting.  This will force the
+# system to error out if the user/group name is not defined in the
+# files/passwd or files/group (or specified replacements.)
+# Unfortunately, setting the variable below breaks the build, so do not set it
+# for now
+# USERADD_ERROR_DYNAMIC = "1"
diff --git a/conf/template.atom-c3000/local.conf.sample b/conf/template.atom-c3000/local.conf.sample
index 8c24e77..b015f43 100644
--- a/conf/template.atom-c3000/local.conf.sample
+++ b/conf/template.atom-c3000/local.conf.sample
@@ -247,3 +247,29 @@ SOTA_MACHINE ?= "${MACHINE}"
 DISTRO_FEATURES_append = " sota"
 DISTRO_FEATURES_NATIVE_append = " sota"
 INHERIT += " sota"
+# Various packages dynamically add users and groups to the system at package
+# install time.  For programs that do not care what the uid/gid is of the
+# resulting users/groups, the order of the install will determine the final
+# uid/gid.  This can lead to non-deterministic uid/gid values from one build
+# to another.  Use the following settings to specify that all user/group adds
+# should be created based on a static passwd/group file.
+#
+# Note, if you enable or disable the useradd-staticids in a configured system,
+# the TMPDIR may contain incorrect uid/gid values.  Clearing the TMPDIR
+# will correct this condition.
+#
+# By default the system looks in the BBPATH for files/passwd and files/group
+# the default can be overriden by spefying USERADD_UID/GID_TABLES.
+#
+USERADDEXTENSION = "useradd-staticids"
+USERADD_UID_TABLES = "files/passwd"
+USERADD_GID_TABLES = "files/group"
+#
+# In order to prevent generating a system where a dynamicly assigned uid/gid
+# can exist, you should enable the following setting.  This will force the
+# system to error out if the user/group name is not defined in the
+# files/passwd or files/group (or specified replacements.)
+# Unfortunately, setting the variable below breaks the build, so do not set it
+# for now
+# USERADD_ERROR_DYNAMIC = "1"
diff --git a/conf/template.xeon-d-debug/local.conf.sample b/conf/template.xeon-d-debug/local.conf.sample
index e898db6..6474a37 100644
--- a/conf/template.xeon-d-debug/local.conf.sample
+++ b/conf/template.xeon-d-debug/local.conf.sample
@@ -251,3 +251,29 @@ SOTA_MACHINE ?= "${MACHINE}"
 DISTRO_FEATURES_append = " sota"
 DISTRO_FEATURES_NATIVE_append = " sota"
 INHERIT += " sota"
+# Various packages dynamically add users and groups to the system at package
+# install time.  For programs that do not care what the uid/gid is of the
+# resulting users/groups, the order of the install will determine the final
+# uid/gid.  This can lead to non-deterministic uid/gid values from one build
+# to another.  Use the following settings to specify that all user/group adds
+# should be created based on a static passwd/group file.
+#
+# Note, if you enable or disable the useradd-staticids in a configured system,
+# the TMPDIR may contain incorrect uid/gid values.  Clearing the TMPDIR
+# will correct this condition.
+#
+# By default the system looks in the BBPATH for files/passwd and files/group
+# the default can be overriden by spefying USERADD_UID/GID_TABLES.
+#
+USERADDEXTENSION = "useradd-staticids"
+USERADD_UID_TABLES = "files/passwd"
+USERADD_GID_TABLES = "files/group"
+#
+# In order to prevent generating a system where a dynamicly assigned uid/gid
+# can exist, you should enable the following setting.  This will force the
+# system to error out if the user/group name is not defined in the
+# files/passwd or files/group (or specified replacements.)
+# Unfortunately, setting the variable below breaks the build, so do not set it
+# for now
+# USERADD_ERROR_DYNAMIC = "1"
diff --git a/conf/template.xeon-d/local.conf.sample b/conf/template.xeon-d/local.conf.sample
index 3b1063e..5cfebf5 100644
--- a/conf/template.xeon-d/local.conf.sample
+++ b/conf/template.xeon-d/local.conf.sample
@@ -248,3 +248,29 @@ SOTA_MACHINE ?= "${MACHINE}"
 DISTRO_FEATURES_append = " sota"
 DISTRO_FEATURES_NATIVE_append = " sota"
 INHERIT += " sota"
+# Various packages dynamically add users and groups to the system at package
+# install time.  For programs that do not care what the uid/gid is of the
+# resulting users/groups, the order of the install will determine the final
+# uid/gid.  This can lead to non-deterministic uid/gid values from one build
+# to another.  Use the following settings to specify that all user/group adds
+# should be created based on a static passwd/group file.
+#
+# Note, if you enable or disable the useradd-staticids in a configured system,
+# the TMPDIR may contain incorrect uid/gid values.  Clearing the TMPDIR
+# will correct this condition.
+#
+# By default the system looks in the BBPATH for files/passwd and files/group
+# the default can be overriden by spefying USERADD_UID/GID_TABLES.
+#
+USERADDEXTENSION = "useradd-staticids"
+USERADD_UID_TABLES = "files/passwd"
+USERADD_GID_TABLES = "files/group"
+#
+# In order to prevent generating a system where a dynamicly assigned uid/gid
+# can exist, you should enable the following setting.  This will force the
+# system to error out if the user/group name is not defined in the
+# files/passwd or files/group (or specified replacements.)
+# Unfortunately, setting the variable below breaks the build, so do not set it
+# for now
+# USERADD_ERROR_DYNAMIC = "1"
diff --git a/files/group b/files/group
new file mode 100644
index 0000000..99cb628
--- /dev/null
+++ b/files/group
@@ -0,0 +1,56 @@
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+input:x:19:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+shutdown:x:70:
+users:x:100:
+systemd-bus-proxy:x:985:
+systemd-resolve:x:986:
+systemd-network:x:987:
+systemd-timesync:x:988:
+systemd-journal:x:989:
+lock:x:990:
+sshd:x:991:
+qemu:x:992:
+polkitd:x:993:
+ntp:x:994:
+docker:x:995:
+messagebus:x:996:
+netdev:x:997:
+bind:x:998:
+_apt:x:999:
+nogroup:x:65534:
diff --git a/files/passwd b/files/passwd
new file mode 100644
index 0000000..2c21e09
--- /dev/null
+++ b/files/passwd
@@ -0,0 +1,29 @@
+root:x:0:0:root:/home/root:/bin/sh
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+systemd-bus-proxy:x:989:985::/:/bin/nologin
+systemd-resolve:x:990:986::/:/bin/nologin
+systemd-network:x:991:987::/:/bin/nologin
+systemd-timesync:x:992:988::/:/bin/nologin
+sshd:x:993:991::/var/run/sshd:/bin/false
+qemu:x:994:992::/home/qemu:/bin/sh
+polkitd:x:995:993::/etc/polkit-1:/bin/sh
+ntp:x:996:994::/var/lib/ntp:/bin/false
+messagebus:x:997:996::/var/lib/dbus:/bin/false
+bind:x:998:998::/var/cache/bind:/bin/sh
+_apt:x:999:999::/nonexistent:/bin/false
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
author	Matei Valeanu <Matei.Valeanu@enea.com>	2021-02-19 19:17:20 +0100
committer	Adrian Calianu <Adrian.Calianu@enea.com>	2021-02-24 12:01:55 +0100
commit	23ed226a4b4b7c1cac2c52e6808631d9f0d6f652 (patch)
tree	f52d946fd5d8941984ee1aac8aa06853fd1a1b80
parent	79d1957037bc893aa278c025a1c3276b206aead0 (diff)
download	meta-el-nfv-access-feature_CPDX-3521.tar.gz

diff --git a/conf/template.atom-c3000-debug/local.conf.sample b/conf/template.atom-c3000-debug/local.conf.sample index c749b24..60e8955 100644 --- a/conf/template.atom-c3000-debug/local.conf.sample +++ b/conf/template.atom-c3000-debug/local.conf.sample
@@ -250,3 +250,29 @@ SOTA_MACHINE ?= "${MACHINE}"
250	DISTRO_FEATURES_append = " sota"	250	DISTRO_FEATURES_append = " sota"
251	DISTRO_FEATURES_NATIVE_append = " sota"	251	DISTRO_FEATURES_NATIVE_append = " sota"
252	INHERIT += " sota"	252	INHERIT += " sota"
		253
		254	# Various packages dynamically add users and groups to the system at package
		255	# install time. For programs that do not care what the uid/gid is of the
		256	# resulting users/groups, the order of the install will determine the final
		257	# uid/gid. This can lead to non-deterministic uid/gid values from one build
		258	# to another. Use the following settings to specify that all user/group adds
		259	# should be created based on a static passwd/group file.
		260	#
		261	# Note, if you enable or disable the useradd-staticids in a configured system,
		262	# the TMPDIR may contain incorrect uid/gid values. Clearing the TMPDIR
		263	# will correct this condition.
		264	#
		265	# By default the system looks in the BBPATH for files/passwd and files/group
		266	# the default can be overriden by spefying USERADD_UID/GID_TABLES.
		267	#
		268	USERADDEXTENSION = "useradd-staticids"
		269	USERADD_UID_TABLES = "files/passwd"
		270	USERADD_GID_TABLES = "files/group"
		271	#
		272	# In order to prevent generating a system where a dynamicly assigned uid/gid
		273	# can exist, you should enable the following setting. This will force the
		274	# system to error out if the user/group name is not defined in the
		275	# files/passwd or files/group (or specified replacements.)
		276	# Unfortunately, setting the variable below breaks the build, so do not set it
		277	# for now
		278	# USERADD_ERROR_DYNAMIC = "1"


diff --git a/conf/template.atom-c3000/local.conf.sample b/conf/template.atom-c3000/local.conf.sample index 8c24e77..b015f43 100644 --- a/conf/template.atom-c3000/local.conf.sample +++ b/conf/template.atom-c3000/local.conf.sample
@@ -247,3 +247,29 @@ SOTA_MACHINE ?= "${MACHINE}"
247	DISTRO_FEATURES_append = " sota"	247	DISTRO_FEATURES_append = " sota"
248	DISTRO_FEATURES_NATIVE_append = " sota"	248	DISTRO_FEATURES_NATIVE_append = " sota"
249	INHERIT += " sota"	249	INHERIT += " sota"
		250
		251	# Various packages dynamically add users and groups to the system at package
		252	# install time. For programs that do not care what the uid/gid is of the
		253	# resulting users/groups, the order of the install will determine the final
		254	# uid/gid. This can lead to non-deterministic uid/gid values from one build
		255	# to another. Use the following settings to specify that all user/group adds
		256	# should be created based on a static passwd/group file.
		257	#
		258	# Note, if you enable or disable the useradd-staticids in a configured system,
		259	# the TMPDIR may contain incorrect uid/gid values. Clearing the TMPDIR
		260	# will correct this condition.
		261	#
		262	# By default the system looks in the BBPATH for files/passwd and files/group
		263	# the default can be overriden by spefying USERADD_UID/GID_TABLES.
		264	#
		265	USERADDEXTENSION = "useradd-staticids"
		266	USERADD_UID_TABLES = "files/passwd"
		267	USERADD_GID_TABLES = "files/group"
		268	#
		269	# In order to prevent generating a system where a dynamicly assigned uid/gid
		270	# can exist, you should enable the following setting. This will force the
		271	# system to error out if the user/group name is not defined in the
		272	# files/passwd or files/group (or specified replacements.)
		273	# Unfortunately, setting the variable below breaks the build, so do not set it
		274	# for now
		275	# USERADD_ERROR_DYNAMIC = "1"


diff --git a/conf/template.xeon-d-debug/local.conf.sample b/conf/template.xeon-d-debug/local.conf.sample index e898db6..6474a37 100644 --- a/conf/template.xeon-d-debug/local.conf.sample +++ b/conf/template.xeon-d-debug/local.conf.sample
@@ -251,3 +251,29 @@ SOTA_MACHINE ?= "${MACHINE}"
251	DISTRO_FEATURES_append = " sota"	251	DISTRO_FEATURES_append = " sota"
252	DISTRO_FEATURES_NATIVE_append = " sota"	252	DISTRO_FEATURES_NATIVE_append = " sota"
253	INHERIT += " sota"	253	INHERIT += " sota"
		254
		255	# Various packages dynamically add users and groups to the system at package
		256	# install time. For programs that do not care what the uid/gid is of the
		257	# resulting users/groups, the order of the install will determine the final
		258	# uid/gid. This can lead to non-deterministic uid/gid values from one build
		259	# to another. Use the following settings to specify that all user/group adds
		260	# should be created based on a static passwd/group file.
		261	#
		262	# Note, if you enable or disable the useradd-staticids in a configured system,
		263	# the TMPDIR may contain incorrect uid/gid values. Clearing the TMPDIR
		264	# will correct this condition.
		265	#
		266	# By default the system looks in the BBPATH for files/passwd and files/group
		267	# the default can be overriden by spefying USERADD_UID/GID_TABLES.
		268	#
		269	USERADDEXTENSION = "useradd-staticids"
		270	USERADD_UID_TABLES = "files/passwd"
		271	USERADD_GID_TABLES = "files/group"
		272	#
		273	# In order to prevent generating a system where a dynamicly assigned uid/gid
		274	# can exist, you should enable the following setting. This will force the
		275	# system to error out if the user/group name is not defined in the
		276	# files/passwd or files/group (or specified replacements.)
		277	# Unfortunately, setting the variable below breaks the build, so do not set it
		278	# for now
		279	# USERADD_ERROR_DYNAMIC = "1"


diff --git a/conf/template.xeon-d/local.conf.sample b/conf/template.xeon-d/local.conf.sample index 3b1063e..5cfebf5 100644 --- a/conf/template.xeon-d/local.conf.sample +++ b/conf/template.xeon-d/local.conf.sample
@@ -248,3 +248,29 @@ SOTA_MACHINE ?= "${MACHINE}"
248	DISTRO_FEATURES_append = " sota"	248	DISTRO_FEATURES_append = " sota"
249	DISTRO_FEATURES_NATIVE_append = " sota"	249	DISTRO_FEATURES_NATIVE_append = " sota"
250	INHERIT += " sota"	250	INHERIT += " sota"
		251
		252	# Various packages dynamically add users and groups to the system at package
		253	# install time. For programs that do not care what the uid/gid is of the
		254	# resulting users/groups, the order of the install will determine the final
		255	# uid/gid. This can lead to non-deterministic uid/gid values from one build
		256	# to another. Use the following settings to specify that all user/group adds
		257	# should be created based on a static passwd/group file.
		258	#
		259	# Note, if you enable or disable the useradd-staticids in a configured system,
		260	# the TMPDIR may contain incorrect uid/gid values. Clearing the TMPDIR
		261	# will correct this condition.
		262	#
		263	# By default the system looks in the BBPATH for files/passwd and files/group
		264	# the default can be overriden by spefying USERADD_UID/GID_TABLES.
		265	#
		266	USERADDEXTENSION = "useradd-staticids"
		267	USERADD_UID_TABLES = "files/passwd"
		268	USERADD_GID_TABLES = "files/group"
		269	#
		270	# In order to prevent generating a system where a dynamicly assigned uid/gid
		271	# can exist, you should enable the following setting. This will force the
		272	# system to error out if the user/group name is not defined in the
		273	# files/passwd or files/group (or specified replacements.)
		274	# Unfortunately, setting the variable below breaks the build, so do not set it
		275	# for now
		276	# USERADD_ERROR_DYNAMIC = "1"


diff --git a/files/group b/files/group new file mode 100644 index 0000000..99cb628 --- /dev/null +++ b/files/group
@@ -0,0 +1,56 @@
		1	root:x:0:
		2	daemon:x:1:
		3	bin:x:2:
		4	sys:x:3:
		5	adm:x:4:
		6	tty:x:5:
		7	disk:x:6:
		8	lp:x:7:
		9	mail:x:8:
		10	news:x:9:
		11	uucp:x:10:
		12	man:x:12:
		13	proxy:x:13:
		14	kmem:x:15:
		15	input:x:19:
		16	dialout:x:20:
		17	fax:x:21:
		18	voice:x:22:
		19	cdrom:x:24:
		20	floppy:x:25:
		21	tape:x:26:
		22	sudo:x:27:
		23	audio:x:29:
		24	dip:x:30:
		25	www-data:x:33:
		26	backup:x:34:
		27	operator:x:37:
		28	list:x:38:
		29	irc:x:39:
		30	src:x:40:
		31	gnats:x:41:
		32	shadow:x:42:
		33	utmp:x:43:
		34	video:x:44:
		35	sasl:x:45:
		36	plugdev:x:46:
		37	staff:x:50:
		38	games:x:60:
		39	shutdown:x:70:
		40	users:x:100:
		41	systemd-bus-proxy:x:985:
		42	systemd-resolve:x:986:
		43	systemd-network:x:987:
		44	systemd-timesync:x:988:
		45	systemd-journal:x:989:
		46	lock:x:990:
		47	sshd:x:991:
		48	qemu:x:992:
		49	polkitd:x:993:
		50	ntp:x:994:
		51	docker:x:995:
		52	messagebus:x:996:
		53	netdev:x:997:
		54	bind:x:998:
		55	_apt:x:999:
		56	nogroup:x:65534:


diff --git a/files/passwd b/files/passwd new file mode 100644 index 0000000..2c21e09 --- /dev/null +++ b/files/passwd
@@ -0,0 +1,29 @@
		1	root:x:0:0:root:/home/root:/bin/sh
		2	daemon:x:1:1:daemon:/usr/sbin:/bin/sh
		3	bin:x:2:2:bin:/bin:/bin/sh
		4	sys:x:3:3:sys:/dev:/bin/sh
		5	sync:x:4:65534:sync:/bin:/bin/sync
		6	games:x:5:60:games:/usr/games:/bin/sh
		7	man:x:6:12:man:/var/cache/man:/bin/sh
		8	lp:x:7:7:lp:/var/spool/lpd:/bin/sh
		9	mail:x:8:8:mail:/var/mail:/bin/sh
		10	news:x:9:9:news:/var/spool/news:/bin/sh
		11	uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
		12	proxy:x:13:13:proxy:/bin:/bin/sh
		13	www-data:x:33:33:www-data:/var/www:/bin/sh
		14	backup:x:34:34:backup:/var/backups:/bin/sh
		15	list:x:38:38:Mailing List Manager:/var/list:/bin/sh
		16	irc:x:39:39:ircd:/var/run/ircd:/bin/sh
		17	gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
		18	systemd-bus-proxy:x:989:985::/:/bin/nologin
		19	systemd-resolve:x:990:986::/:/bin/nologin
		20	systemd-network:x:991:987::/:/bin/nologin
		21	systemd-timesync:x:992:988::/:/bin/nologin
		22	sshd:x:993:991::/var/run/sshd:/bin/false
		23	qemu:x:994:992::/home/qemu:/bin/sh
		24	polkitd:x:995:993::/etc/polkit-1:/bin/sh
		25	ntp:x:996:994::/var/lib/ntp:/bin/false
		26	messagebus:x:997:996::/var/lib/dbus:/bin/false
		27	bind:x:998:998::/var/cache/bind:/bin/sh
		28	_apt:x:999:999::/nonexistent:/bin/false
		29	nobody:x:65534:65534:nobody:/nonexistent:/bin/sh