2 files changed, 66 insertions, 0 deletions
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index 8d48a2d1d9..53a4fda4b1 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -30,6 +30,23 @@ ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;'
 SSH_DISABLE_DNS_LOOKUP ?= " ssh_disable_dns_lookup ; "
 ROOTFS_POSTPROCESS_COMMAND_append_qemuall = "${SSH_DISABLE_DNS_LOOKUP}"
+# Sort the user and group entries in /etc by ID in order to make the content
+# deterministic. Package installs are not deterministic, causing the ordering
+# of entries to change between builds. In case that this isn't desired,
+# the command can be overridden.
+#
+# Note that useradd-staticids.bbclass has to be used to ensure that
+# the numeric IDs of dynamically created entries remain stable.
+#
+# We want this to run as late as possible, in particular after
+# systemd_sysusers_create and set_user_group. Using _append is not
+# enough for that, set_user_group is added that way and would end
+# up running after us.
+SORT_PASSWD_POSTPROCESS_COMMAND ??= " sort_passwd; "
+python () {
+    d.appendVar('ROOTFS_POSTPROCESS_COMMAND', '${SORT_PASSWD_POSTPROCESS_COMMAND}')
+}
 systemd_create_users () {
        for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do
                [ -e $conffile ] || continue
@@ -146,6 +163,11 @@ ssh_disable_dns_lookup () {
        fi
 }
+python sort_passwd () {
+    import rootfspostcommands
+    rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}'))
+}
 #
 # Enable postinst logging if debug-tweaks is enabled
 #
diff --git a/meta/lib/rootfspostcommands.py b/meta/lib/rootfspostcommands.py
new file mode 100644
index 0000000000..6a9b8b47b7
--- /dev/null
+++ b/meta/lib/rootfspostcommands.py
@@ -0,0 +1,44 @@
+import os
+def sort_file(filename, mapping):
+    """
+    Sorts a passwd or group file based on the numeric ID in the third column.
+    If a mapping is given, the name from the first column is mapped via that
+    dictionary instead (necessary for /etc/shadow and /etc/gshadow). If not,
+    a new mapping is created on the fly and returned.
+    """
+    new_mapping = {}
+    with open(filename, 'rb+') as f:
+        lines = f.readlines()
+        # No explicit error checking for the sake of simplicity. /etc
+        # files are assumed to be well-formed, causing exceptions if
+        # not.
+        for line in lines:
+            entries = line.split(b':')
+            name = entries[0]
+            if mapping is None:
+                id = int(entries[2])
+            else:
+                id = mapping[name]
+            new_mapping[name] = id
+        # Sort by numeric id first, with entire line as secondary key
+        # (just in case that there is more than one entry for the same id).
+        lines.sort(key=lambda line: (new_mapping[line.split(b':')[0]], line))
+        # We overwrite the entire file, i.e. no truncate() necessary.
+        f.seek(0)
+        f.write(b''.join(lines))
+    return new_mapping
+def sort_passwd(sysconfdir):
+    """
+    Sorts passwd and group files in a rootfs /etc directory by ID.
+    """
+    for suffix in '', '-':
+        for main, shadow in (('passwd', 'shadow'),
+                             ('group', 'gshadow')):
+            filename = os.path.join(sysconfdir, main + suffix)
+            if os.path.exists(filename):
+                mapping = sort_file(filename, None)
+                filename = os.path.join(sysconfdir, shadow + suffix)
+                if os.path.exists(filename):
+                    sort_file(filename, mapping)

diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass index 8d48a2d1d9..53a4fda4b1 100644 --- a/meta/classes/rootfs-postcommands.bbclass +++ b/meta/classes/rootfs-postcommands.bbclass
@@ -30,6 +30,23 @@ ROOTFS_POSTPROCESS_COMMAND += 'empty_var_volatile;'
30	SSH_DISABLE_DNS_LOOKUP ?= " ssh_disable_dns_lookup ; "	30	SSH_DISABLE_DNS_LOOKUP ?= " ssh_disable_dns_lookup ; "
31	ROOTFS_POSTPROCESS_COMMAND_append_qemuall = "${SSH_DISABLE_DNS_LOOKUP}"	31	ROOTFS_POSTPROCESS_COMMAND_append_qemuall = "${SSH_DISABLE_DNS_LOOKUP}"
32		32
		33	# Sort the user and group entries in /etc by ID in order to make the content
		34	# deterministic. Package installs are not deterministic, causing the ordering
		35	# of entries to change between builds. In case that this isn't desired,
		36	# the command can be overridden.
		37	#
		38	# Note that useradd-staticids.bbclass has to be used to ensure that
		39	# the numeric IDs of dynamically created entries remain stable.
		40	#
		41	# We want this to run as late as possible, in particular after
		42	# systemd_sysusers_create and set_user_group. Using _append is not
		43	# enough for that, set_user_group is added that way and would end
		44	# up running after us.
		45	SORT_PASSWD_POSTPROCESS_COMMAND ??= " sort_passwd; "
		46	python () {
		47	d.appendVar('ROOTFS_POSTPROCESS_COMMAND', '${SORT_PASSWD_POSTPROCESS_COMMAND}')
		48	}
		49
33	systemd_create_users () {	50	systemd_create_users () {
34	for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do	51	for conffile in ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd.conf ${IMAGE_ROOTFS}/usr/lib/sysusers.d/systemd-remote.conf; do
35	[ -e $conffile ] \|\| continue	52	[ -e $conffile ] \|\| continue
@@ -146,6 +163,11 @@ ssh_disable_dns_lookup () {
146	fi	163	fi
147	}	164	}
148		165
		166	python sort_passwd () {
		167	import rootfspostcommands
		168	rootfspostcommands.sort_passwd(d.expand('${IMAGE_ROOTFS}${sysconfdir}'))
		169	}
		170
149	#	171	#
150	# Enable postinst logging if debug-tweaks is enabled	172	# Enable postinst logging if debug-tweaks is enabled
151	#	173	#


diff --git a/meta/lib/rootfspostcommands.py b/meta/lib/rootfspostcommands.py new file mode 100644 index 0000000000..6a9b8b47b7 --- /dev/null +++ b/meta/lib/rootfspostcommands.py
@@ -0,0 +1,44 @@
		1	import os
		2
		3	def sort_file(filename, mapping):
		4	"""
		5	Sorts a passwd or group file based on the numeric ID in the third column.
		6	If a mapping is given, the name from the first column is mapped via that
		7	dictionary instead (necessary for /etc/shadow and /etc/gshadow). If not,
		8	a new mapping is created on the fly and returned.
		9	"""
		10	new_mapping = {}
		11	with open(filename, 'rb+') as f:
		12	lines = f.readlines()
		13	# No explicit error checking for the sake of simplicity. /etc
		14	# files are assumed to be well-formed, causing exceptions if
		15	# not.
		16	for line in lines:
		17	entries = line.split(b':')
		18	name = entries[0]
		19	if mapping is None:
		20	id = int(entries[2])
		21	else:
		22	id = mapping[name]
		23	new_mapping[name] = id
		24	# Sort by numeric id first, with entire line as secondary key
		25	# (just in case that there is more than one entry for the same id).
		26	lines.sort(key=lambda line: (new_mapping[line.split(b':')[0]], line))
		27	# We overwrite the entire file, i.e. no truncate() necessary.
		28	f.seek(0)
		29	f.write(b''.join(lines))
		30	return new_mapping
		31
		32	def sort_passwd(sysconfdir):
		33	"""
		34	Sorts passwd and group files in a rootfs /etc directory by ID.
		35	"""
		36	for suffix in '', '-':
		37	for main, shadow in (('passwd', 'shadow'),
		38	('group', 'gshadow')):
		39	filename = os.path.join(sysconfdir, main + suffix)
		40	if os.path.exists(filename):
		41	mapping = sort_file(filename, None)
		42	filename = os.path.join(sysconfdir, shadow + suffix)
		43	if os.path.exists(filename):
		44	sort_file(filename, mapping)