diff options
| author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-12 18:29:09 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-14 09:47:08 +0100 |
| commit | b5c383074ae4e09b63f43066b25b5ccb0df00276 (patch) | |
| tree | a7450a53323b00909bc8ae9b77b23dd3f473422b | |
| parent | 053e545b9d4d7985757bd79019e53d59d5c11eea (diff) | |
| download | poky-b5c383074ae4e09b63f43066b25b5ccb0df00276.tar.gz | |
base-passwd/useradd: Various improvements to useradd with RSS
Currently there are multiple issues with useradd:
* If base-passwd rebuilds, it wipes out recipe specific user/group additions
to sysroots and causes errors
* If recipe A adds a user and recipe B depends on A, it can't see any of the
users/groups A adds.
This patch changes base-passwd so it always works as a postinst script
within the sysroot and copies in the master files, then runs any
postinst-useradd-* scripts afterwards to add additional user/groups.
The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist
they just exit, knowning they'll be executed later. We also add a dummy entry to
the dummy passwd file from pseudo so we can avoid this too.
There is a problem where if recipe A adds a user and recipe B depends on A but
doesn't care about users, it may not have a dependency on the useradd/groupadd
tools which would therefore not be available in B's sysroot. We therefore also
tweak postinst-useradd-* scripts so that if the tools aren't present we simply
don't add users. If you need the users, you add a dependency on the tools in the
recipe and they'll be added.
We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this
kind is going to need relocation help.
We also ensure that the postinst-useradd script is written into the sstate
object as the current script was only being added in a recipe local way.
Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces
of this patch.
[Yocto #11124]
(From OE-Core rev: 1b5afaf437f7a1107d4edca8eeb668b9618a5488)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/sstate.bbclass | 2 | ||||
| -rw-r--r-- | meta/classes/useradd.bbclass | 27 | ||||
| -rw-r--r-- | meta/recipes-core/base-passwd/base-passwd_3.5.29.bb | 28 | ||||
| -rw-r--r-- | meta/recipes-devtools/pseudo/files/fallback-passwd | 1 |
4 files changed, 51 insertions, 7 deletions
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 5b66c011e6..e50a38597d 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass | |||
| @@ -31,7 +31,7 @@ SSTATE_DUPWHITELIST += "${STAGING_ETCDIR_NATIVE}/sgml ${STAGING_DATADIR_NATIVE}/ | |||
| 31 | # Archive the sources for many architectures in one deploy folder | 31 | # Archive the sources for many architectures in one deploy folder |
| 32 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}" | 32 | SSTATE_DUPWHITELIST += "${DEPLOY_DIR_SRC}" |
| 33 | 33 | ||
| 34 | SSTATE_SCAN_FILES ?= "*.la *-config *_config" | 34 | SSTATE_SCAN_FILES ?= "*.la *-config *_config postinst-*" |
| 35 | SSTATE_SCAN_CMD ??= 'find ${SSTATE_BUILDDIR} \( -name "${@"\" -o -name \"".join(d.getVar("SSTATE_SCAN_FILES").split())}" \) -type f' | 35 | SSTATE_SCAN_CMD ??= 'find ${SSTATE_BUILDDIR} \( -name "${@"\" -o -name \"".join(d.getVar("SSTATE_SCAN_FILES").split())}" \) -type f' |
| 36 | SSTATE_SCAN_CMD_NATIVE ??= 'grep -Irl -e ${RECIPE_SYSROOT} -e ${RECIPE_SYSROOT_NATIVE} ${SSTATE_BUILDDIR}' | 36 | SSTATE_SCAN_CMD_NATIVE ??= 'grep -Irl -e ${RECIPE_SYSROOT} -e ${RECIPE_SYSROOT_NATIVE} ${SSTATE_BUILDDIR}' |
| 37 | 37 | ||
diff --git a/meta/classes/useradd.bbclass b/meta/classes/useradd.bbclass index 1f7afa4f8e..4373677bd6 100644 --- a/meta/classes/useradd.bbclass +++ b/meta/classes/useradd.bbclass | |||
| @@ -106,6 +106,21 @@ useradd_sysroot () { | |||
| 106 | # before do_prepare_recipe_sysroot | 106 | # before do_prepare_recipe_sysroot |
| 107 | D=${STAGING_DIR_TARGET} | 107 | D=${STAGING_DIR_TARGET} |
| 108 | 108 | ||
| 109 | # base-passwd's postinst may not have run yet in which case we'll get called later, just exit. | ||
| 110 | # Beware that in some cases we might see the fake pseudo passwd here, in which case we also must | ||
| 111 | # exit. | ||
| 112 | if [ ! -f $D${sysconfdir}/passwd ] || | ||
| 113 | grep -q this-is-the-pseudo-passwd $D${sysconfdir}/passwd; then | ||
| 114 | exit 0 | ||
| 115 | fi | ||
| 116 | |||
| 117 | # It is also possible we may be in a recipe which doesn't have useradd dependencies and hence the | ||
| 118 | # useradd/groupadd tools are unavailable. If there is no dependency, we assume we don't want to | ||
| 119 | # create users in the sysroot | ||
| 120 | if ! command -v useradd; then | ||
| 121 | exit 0 | ||
| 122 | fi | ||
| 123 | |||
| 109 | # Add groups and users defined for all recipe packages | 124 | # Add groups and users defined for all recipe packages |
| 110 | GROUPADD_PARAM="${@get_all_cmd_params(d, 'groupadd')}" | 125 | GROUPADD_PARAM="${@get_all_cmd_params(d, 'groupadd')}" |
| 111 | USERADD_PARAM="${@get_all_cmd_params(d, 'useradd')}" | 126 | USERADD_PARAM="${@get_all_cmd_params(d, 'useradd')}" |
| @@ -122,6 +137,7 @@ python useradd_sysroot_sstate () { | |||
| 122 | if task == "package_setscene": | 137 | if task == "package_setscene": |
| 123 | bb.build.exec_func("useradd_sysroot", d) | 138 | bb.build.exec_func("useradd_sysroot", d) |
| 124 | elif task == "prepare_recipe_sysroot": | 139 | elif task == "prepare_recipe_sysroot": |
| 140 | # Used to update this recipe's own sysroot so the user/groups are available to do_install | ||
| 125 | scriptfile = d.expand("${RECIPE_SYSROOT}${bindir}/postinst-useradd-${PN}") | 141 | scriptfile = d.expand("${RECIPE_SYSROOT}${bindir}/postinst-useradd-${PN}") |
| 126 | bb.utils.mkdirhier(os.path.dirname(scriptfile)) | 142 | bb.utils.mkdirhier(os.path.dirname(scriptfile)) |
| 127 | with open(scriptfile, 'w') as script: | 143 | with open(scriptfile, 'w') as script: |
| @@ -130,12 +146,23 @@ python useradd_sysroot_sstate () { | |||
| 130 | script.write("useradd_sysroot\n") | 146 | script.write("useradd_sysroot\n") |
| 131 | os.chmod(scriptfile, 0o755) | 147 | os.chmod(scriptfile, 0o755) |
| 132 | bb.build.exec_func("useradd_sysroot", d) | 148 | bb.build.exec_func("useradd_sysroot", d) |
| 149 | elif task == "populate_sysroot": | ||
| 150 | # Used when installed in dependent task sysroots | ||
| 151 | scriptfile = d.expand("${SYSROOT_DESTDIR}${bindir}/postinst-useradd-${PN}") | ||
| 152 | bb.utils.mkdirhier(os.path.dirname(scriptfile)) | ||
| 153 | with open(scriptfile, 'w') as script: | ||
| 154 | script.write("#!/bin/sh\n") | ||
| 155 | bb.data.emit_func("useradd_sysroot", script, d) | ||
| 156 | script.write("useradd_sysroot\n") | ||
| 157 | os.chmod(scriptfile, 0o755) | ||
| 133 | } | 158 | } |
| 134 | 159 | ||
| 135 | do_prepare_recipe_sysroot[postfuncs] += "${SYSROOTFUNC}" | 160 | do_prepare_recipe_sysroot[postfuncs] += "${SYSROOTFUNC}" |
| 136 | SYSROOTFUNC_class-target = "useradd_sysroot_sstate" | 161 | SYSROOTFUNC_class-target = "useradd_sysroot_sstate" |
| 137 | SYSROOTFUNC = "" | 162 | SYSROOTFUNC = "" |
| 138 | 163 | ||
| 164 | SYSROOT_PREPROCESS_FUNCS += "${SYSROOTFUNC}" | ||
| 165 | |||
| 139 | SSTATEPREINSTFUNCS_append_class-target = " useradd_sysroot_sstate" | 166 | SSTATEPREINSTFUNCS_append_class-target = " useradd_sysroot_sstate" |
| 140 | 167 | ||
| 141 | do_package_setscene[depends] += "${USERADDSETSCENEDEPS}" | 168 | do_package_setscene[depends] += "${USERADDSETSCENEDEPS}" |
diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb index e43bc0a007..c6be1c1d08 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb | |||
| @@ -43,16 +43,32 @@ do_install () { | |||
| 43 | install -p -m 644 ${S}/debian/copyright ${D}${docdir}/${BPN}/ | 43 | install -p -m 644 ${S}/debian/copyright ${D}${docdir}/${BPN}/ |
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | basepasswd_sysroot_postinst() { | ||
| 47 | #!/bin/sh | ||
| 48 | |||
| 49 | # Install passwd.master and group.master to sysconfdir | ||
| 50 | install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir} | ||
| 51 | for i in passwd group; do | ||
| 52 | install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \ | ||
| 53 | ${STAGING_DIR_TARGET}${sysconfdir}/\$i | ||
| 54 | done | ||
| 55 | |||
| 56 | # Run any useradd postinsts | ||
| 57 | for script in ${STAGING_DIR_TARGET}${bindir}/postinst-useradd-*; do | ||
| 58 | if [ -f \$script ]; then | ||
| 59 | \$script | ||
| 60 | fi | ||
| 61 | done | ||
| 62 | } | ||
| 63 | |||
| 46 | SYSROOT_DIRS += "${sysconfdir}" | 64 | SYSROOT_DIRS += "${sysconfdir}" |
| 47 | SYSROOT_PREPROCESS_FUNCS += "base_passwd_tweaksysroot" | 65 | SYSROOT_PREPROCESS_FUNCS += "base_passwd_tweaksysroot" |
| 48 | 66 | ||
| 49 | base_passwd_tweaksysroot () { | 67 | base_passwd_tweaksysroot () { |
| 50 | # Install passwd.master and group.master to sysconfdir | 68 | mkdir -p ${SYSROOT_DESTDIR}${bindir} |
| 51 | install -d -m 755 ${SYSROOT_DESTDIR}${sysconfdir} | 69 | dest=${SYSROOT_DESTDIR}${bindir}/postinst-${PN} |
| 52 | for i in passwd group; do | 70 | echo "${basepasswd_sysroot_postinst}" > $dest |
| 53 | install -p -m 644 ${SYSROOT_DESTDIR}${datadir}/base-passwd/$i.master \ | 71 | chmod 0755 $dest |
| 54 | ${SYSROOT_DESTDIR}${sysconfdir}/$i | ||
| 55 | done | ||
| 56 | } | 72 | } |
| 57 | 73 | ||
| 58 | python populate_packages_prepend() { | 74 | python populate_packages_prepend() { |
diff --git a/meta/recipes-devtools/pseudo/files/fallback-passwd b/meta/recipes-devtools/pseudo/files/fallback-passwd index 0889c5704c..08611baaf4 100644 --- a/meta/recipes-devtools/pseudo/files/fallback-passwd +++ b/meta/recipes-devtools/pseudo/files/fallback-passwd | |||
| @@ -1,2 +1,3 @@ | |||
| 1 | root::0:0:root:/home/root:/bin/sh | 1 | root::0:0:root:/home/root:/bin/sh |
| 2 | pseudopasswd:*:1:1:this-is-the-pseudo-passwd:/nonexistent:/bin/sh | ||
| 2 | nobody:*:65534:65534:nobody:/nonexistent:/bin/sh | 3 | nobody:*:65534:65534:nobody:/nonexistent:/bin/sh |