diff options
author | Mark Hatle <mark.hatle@windriver.com> | 2014-02-06 17:37:24 -0600 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-02-09 09:43:49 +0000 |
commit | 5232ba83fda1b9c0f275e51037e4a51aaf4094ea (patch) | |
tree | 71beff2c42fcb1c5c57c4375a9e1bf826f8e1825 | |
parent | edbf9ef4a37ddb63f10e8f100fcbd188c19fdff7 (diff) | |
download | poky-5232ba83fda1b9c0f275e51037e4a51aaf4094ea.tar.gz |
useradd.bbclass: Add ability to select a static uid/gid automatically
[YOCTO #5436]
Automatic selection of static uid/gid is needed for a dynamically generated
passwd and group file to have a deterministic outcome.
When a package is installed and instructs the system to add a new user or
group, unless it selects a static uid/gid value, the next available uid/gid
will be used. The order in which packages are installed is dynamically
computed, and may change from one installation to the next. This results
in a non-deterministic set of uid/gid values.
Enabling this code by adding USERADDEXTENSION = "useradd-staticids", and
adding a preconfigured passwd/group file will allow the continued dynamic
generation of the rootfs passwd/group files, but will ensure a deterministic
outcome. (Dynamic generation is desired so that users and groups that have
no corresponding functionality are not present within the final system image.)
The rewrite params function will override each of the fields in the
useradd and groupadd calls with the values specified. Note, the password
field is ignored as is the member groups field in the group file. If the
field is empty, the value will not be overridden. (Note, there is no way
to 'blank' a field, as this would only generally affect the 'comment' field
and there really is no reason to blank it.)
Enabling USERADD_ERROR_DYNAMIC will cause packages without static uid/gid
to generate an error and be skipped for the purpose of building. This is
used to prevent non-deterministic behavior.
USERADD_UID_TABLES and USERADD_GID_TABLES may be used to specify the name
of the passwd and group files. By default they are assumed to be
'files/passwd' and 'files/group'. Layers are searched in BBPATH order.
(From OE-Core rev: 18c99dac52b746b88cd084eb4c2a2ef0329a6ff3)
(From meta-yocto rev: 48580430b6d23730940474cc3d6d7fbd3ad247bf)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta-yocto/conf/local.conf.sample.extended | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/meta-yocto/conf/local.conf.sample.extended b/meta-yocto/conf/local.conf.sample.extended index c7c4f40515..5f10886e2b 100644 --- a/meta-yocto/conf/local.conf.sample.extended +++ b/meta-yocto/conf/local.conf.sample.extended | |||
@@ -253,6 +253,30 @@ | |||
253 | #usermod -s /bin/sh tester; \ | 253 | #usermod -s /bin/sh tester; \ |
254 | #" | 254 | #" |
255 | 255 | ||
256 | # Various packages dynamically add users and groups to the system at package | ||
257 | # install time. For programs that do not care what the uid/gid is of the | ||
258 | # resulting users/groups, the order of the install will determine the final | ||
259 | # uid/gid. This can lead to non-deterministic uid/gid values from one build | ||
260 | # to another. Use the following settings to specify that all user/group adds | ||
261 | # should be created based on a static passwd/group file. | ||
262 | # | ||
263 | # Note, if you enable or disable the useradd-staticids in a configured system, | ||
264 | # the TMPDIR may contain incorrect uid/gid values. Clearing the TMPDIR | ||
265 | # will correct this condition. | ||
266 | # | ||
267 | # By default the system looks in the BBPATH for files/passwd and files/group | ||
268 | # the default can be overriden by spefying USERADD_UID/GID_TABLES. | ||
269 | # | ||
270 | #USERADDEXTENSION = "useradd-staticids" | ||
271 | #USERADD_UID_TABLES = "files/passwd" | ||
272 | #USERADD_GID_TABLES = "files/group" | ||
273 | # | ||
274 | # In order to prevent generating a system where a dynamicly assigned uid/gid | ||
275 | # can exist, you should enable the following setting. This will force the | ||
276 | # system to error out if the user/group name is not defined in the | ||
277 | # files/passwd or files/group (or specified replacements.) | ||
278 | #USERADD_ERROR_DYNAMIC = "1" | ||
279 | |||
256 | # Enabling FORTRAN | 280 | # Enabling FORTRAN |
257 | # Note this is not officially supported and is just illustrated here to | 281 | # Note this is not officially supported and is just illustrated here to |
258 | # show an example of how it can be done | 282 | # show an example of how it can be done |