diff options
author | Patrick Ohly <patrick.ohly@intel.com> | 2017-01-09 11:09:42 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-01-16 18:05:12 +0000 |
commit | 753471db4534f121fe03b5d495fc3ec44f7207e7 (patch) | |
tree | 5b97c25e3e5e0a72a436cf76a7a0c1701c699528 /meta/lib/rootfspostcommands.py | |
parent | 413e11ba98e5233a680e2289ece7f162f4c35efb (diff) | |
download | poky-753471db4534f121fe03b5d495fc3ec44f7207e7.tar.gz |
rootfs-postcommands.bbclass: sort passwd entries
The /etc passwd files in a rootfs consist of the default entries from
base-passwd plus anything that gets added via package installation,
EXTRA_USERS_PARAMS and/or system sysusers.
The execution order of preinst scripts is not perfectly deterministic,
or at least unrelated changes caused it to change in a
non-deterministic way, resulting in irrelevant changes in the order of
passwd entries.
useradd-staticids.bbclass ensures that the numeric IDs don't change,
but re-ordering can still occur, which is bad for reproducible builds
and file-based update mechanisms like swupd which work best if changes
are as minimal as possible.
To achieve that, the files get sorted in a post-processing command,
enabled by default. Sorting is based primarily on the numeric IDs, so
for example, the "root" user continues to be listed first. "nobody"
now is at the end, which wasn't the case before.
The order of the entries should not matter, but in obscure cases where
it does (like having multiple entries for the same numeric ID) this
behavior can be disabled by setting SORT_PASSWD_POSTPROCESS_COMMAND to
an empty string.
Fixes: YOCTO #10520
(From OE-Core rev: ba684f436908ac2300a00c174d5aa06b4f824367)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib/rootfspostcommands.py')
-rw-r--r-- | meta/lib/rootfspostcommands.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/lib/rootfspostcommands.py b/meta/lib/rootfspostcommands.py new file mode 100644 index 0000000000..6a9b8b47b7 --- /dev/null +++ b/meta/lib/rootfspostcommands.py | |||
@@ -0,0 +1,44 @@ | |||
1 | import os | ||
2 | |||
3 | def sort_file(filename, mapping): | ||
4 | """ | ||
5 | Sorts a passwd or group file based on the numeric ID in the third column. | ||
6 | If a mapping is given, the name from the first column is mapped via that | ||
7 | dictionary instead (necessary for /etc/shadow and /etc/gshadow). If not, | ||
8 | a new mapping is created on the fly and returned. | ||
9 | """ | ||
10 | new_mapping = {} | ||
11 | with open(filename, 'rb+') as f: | ||
12 | lines = f.readlines() | ||
13 | # No explicit error checking for the sake of simplicity. /etc | ||
14 | # files are assumed to be well-formed, causing exceptions if | ||
15 | # not. | ||
16 | for line in lines: | ||
17 | entries = line.split(b':') | ||
18 | name = entries[0] | ||
19 | if mapping is None: | ||
20 | id = int(entries[2]) | ||
21 | else: | ||
22 | id = mapping[name] | ||
23 | new_mapping[name] = id | ||
24 | # Sort by numeric id first, with entire line as secondary key | ||
25 | # (just in case that there is more than one entry for the same id). | ||
26 | lines.sort(key=lambda line: (new_mapping[line.split(b':')[0]], line)) | ||
27 | # We overwrite the entire file, i.e. no truncate() necessary. | ||
28 | f.seek(0) | ||
29 | f.write(b''.join(lines)) | ||
30 | return new_mapping | ||
31 | |||
32 | def sort_passwd(sysconfdir): | ||
33 | """ | ||
34 | Sorts passwd and group files in a rootfs /etc directory by ID. | ||
35 | """ | ||
36 | for suffix in '', '-': | ||
37 | for main, shadow in (('passwd', 'shadow'), | ||
38 | ('group', 'gshadow')): | ||
39 | filename = os.path.join(sysconfdir, main + suffix) | ||
40 | if os.path.exists(filename): | ||
41 | mapping = sort_file(filename, None) | ||
42 | filename = os.path.join(sysconfdir, shadow + suffix) | ||
43 | if os.path.exists(filename): | ||
44 | sort_file(filename, mapping) | ||