Patchwork Use useradd and update-rc.d classes in the OpenSSH recipe

login
register
mail settings
Submitter Julian Pidancet
Date Sept. 25, 2011, 12:55 p.m.
Message ID <1316955346-12756-1-git-send-email-julian.pidancet@gmail.com>
Download mbox | patch
Permalink /patch/12087/
State New, archived
Headers show

Comments

Julian Pidancet - Sept. 25, 2011, 12:55 p.m.
The current sshd postinst and postrm scripts in the OpenSSH make the
package dependant of the adduser/addgroup scripts which may not be
available on all systems.

This patch replaces the sshd postinst and postrm scripts with proper
usage of the useradd and update-rc.d classes.

Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com>
---
 meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   29 +++++--------------
 1 files changed, 8 insertions(+), 21 deletions(-)
Saul Wold - Sept. 26, 2011, 11:38 p.m.
On 09/25/2011 05:55 AM, Julian Pidancet wrote:
> The current sshd postinst and postrm scripts in the OpenSSH make the
> package dependant of the adduser/addgroup scripts which may not be
> available on all systems.
>
> This patch replaces the sshd postinst and postrm scripts with proper
> usage of the useradd and update-rc.d classes.
>
> Signed-off-by: Julian Pidancet<julian.pidancet@gmail.com>
> ---
>   meta/recipes-connectivity/openssh/openssh_5.8p2.bb |   29 +++++--------------
>   1 files changed, 8 insertions(+), 21 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> index 030a83b..c94ec84 100644
> --- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
> @@ -29,6 +29,14 @@ PAM_SRC_URI = "file://sshd"
>   SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
>   SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
>
> +inherit useradd update-rc.d
> +
> +USERADD_PACKAGES = "${PN}-sshd"
> +USERADD_PARAM_${PN}-sshd = "-r -M -d /var/run/sshd -s /bin/false -U sshd"
Is there a reason you did not include the group and --disable-password here?

I think it would be good to leave thelong name options in also.

Sau!

> +INITSCRIPT_PACKAGES = "${PN}-sshd"
> +INITSCRIPT_NAME_${PN}-sshd = "sshd"
> +INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
> +
>   inherit autotools
>
>   # LFS support:
> @@ -91,16 +99,6 @@ RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
>   DEPENDS_${PN}-sshd += "update-rc.d"
>   RDEPENDS_${PN}-sshd += "update-rc.d ${PN}-keygen"
>
> -pkg_postinst_${PN}-sshd () {
> -	if [ "x$D" != "x" ]; then
> -		exit 1
> -	else
> -		addgroup sshd
> -		adduser --system --home /var/run/sshd --no-create-home --disabled-password --ingroup sshd -s /bin/false sshd
> -		update-rc.d sshd defaults 9
> -	fi
> -}
> -
>   pkg_postinst_${PN}-scp () {
>   	update-alternatives --install ${bindir}/scp scp scp.${PN} 90
>   }
> @@ -117,16 +115,5 @@ pkg_postrm_${PN}-scp () {
>   	update-alternatives --remove ${bindir}/scp scp.${PN}
>   }
>
> -pkg_postrm_${PN}-sshd () {
> -	if [ "x$D" != "x" ]; then
> -		exit 1
> -	else
> -		${sysconfdir}/init.d/sshd stop
> -		deluser sshd
> -		delgroup sshd
> -		update-rc.d -f sshd remove
> -	fi
> -}
> -
>   CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
>   CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
Julian Pidancet - Sept. 26, 2011, 11:59 p.m.
On Tue, Sep 27, 2011 at 12:38 AM, Saul Wold <sgw@linux.intel.com> wrote:
>
> Is there a reason you did not include the group and --disable-password here?
>
> I think it would be good to leave thelong name options in also.
>
> Sau!
>

The -U option creates a group with the same name. The
--disable-password option only exists with adduser and is default with
useradd -r.
I'd just like to point out that adduser is originally a perl script
from debian and reimplemented in busybox. The options it takes are not
compatible with the more standard useradd from the shadow package.

For some reason, some long options like --system (which is supposed to
be supported in useradd) did not work during my first
experimentations, but I will investigate and respin a patch with long
options if possible.

Also, I discovered that the following recipes still depends on adduser:
ppp-dialin, avahi, distcc, xserver-nodm-init, pulseaudio, hal, dbus

It would be good to use the useradd class with all of them.
Julian Pidancet - Sept. 27, 2011, 12:47 a.m.
On Tue, Sep 27, 2011 at 12:59 AM, Julian Pidancet
<julian.pidancet@gmail.com> wrote:
> On Tue, Sep 27, 2011 at 12:38 AM, Saul Wold <sgw@linux.intel.com> wrote:
>>
>> Is there a reason you did not include the group and --disable-password here?
>>
>> I think it would be good to leave thelong name options in also.
>>
>> Sau!
>>
>
> The -U option creates a group with the same name. The
> --disable-password option only exists with adduser and is default with
> useradd -r.
> I'd just like to point out that adduser is originally a perl script
> from debian and reimplemented in busybox. The options it takes are not
> compatible with the more standard useradd from the shadow package.
>
> For some reason, some long options like --system (which is supposed to
> be supported in useradd) did not work during my first
> experimentations, but I will investigate and respin a patch with long
> options if possible.
>
> Also, I discovered that the following recipes still depends on adduser:
> ppp-dialin, avahi, distcc, xserver-nodm-init, pulseaudio, hal, dbus
>
> It would be good to use the useradd class with all of them.
>

In the shadow-sysroot package that we build to be able to use the
useradd class, we apply the add_root_cmd_options.patch to add the
--root option to useradd.

The --root option allows useradd to chroot somewhere so it can modify
/etc/passwd, but at the same time, it disables all the other long
options in the program.

It looks like it is impossible to use long options with the useradd
class. I don't know how straighforward it would be to modify this
patch to get the long options back. But is it worth the pain ?
Mark Hatle - Sept. 27, 2011, 12:51 a.m.
On 9/26/11 8:47 PM, Julian Pidancet wrote:
> On Tue, Sep 27, 2011 at 12:59 AM, Julian Pidancet
> <julian.pidancet@gmail.com> wrote:
>> On Tue, Sep 27, 2011 at 12:38 AM, Saul Wold <sgw@linux.intel.com> wrote:
>>>
>>> Is there a reason you did not include the group and --disable-password here?
>>>
>>> I think it would be good to leave thelong name options in also.
>>>
>>> Sau!
>>>
>>
>> The -U option creates a group with the same name. The
>> --disable-password option only exists with adduser and is default with
>> useradd -r.
>> I'd just like to point out that adduser is originally a perl script
>> from debian and reimplemented in busybox. The options it takes are not
>> compatible with the more standard useradd from the shadow package.
>>
>> For some reason, some long options like --system (which is supposed to
>> be supported in useradd) did not work during my first
>> experimentations, but I will investigate and respin a patch with long
>> options if possible.
>>
>> Also, I discovered that the following recipes still depends on adduser:
>> ppp-dialin, avahi, distcc, xserver-nodm-init, pulseaudio, hal, dbus
>>
>> It would be good to use the useradd class with all of them.
>>
> 
> In the shadow-sysroot package that we build to be able to use the
> useradd class, we apply the add_root_cmd_options.patch to add the
> --root option to useradd.
> 
> The --root option allows useradd to chroot somewhere so it can modify
> /etc/passwd, but at the same time, it disables all the other long
> options in the program.
> 
> It looks like it is impossible to use long options with the useradd
> class. I don't know how straighforward it would be to modify this
> patch to get the long options back. But is it worth the pain ?
> 

If the long options got disabled due to the path, it's a bug.

(File a bug on bugzilla.yoctoproject.org and someone will look at it.. or submit
a patch...)

--Mark
Scott Garman - Sept. 27, 2011, 8:44 p.m.
On 09/26/2011 05:47 PM, Julian Pidancet wrote:
> On Tue, Sep 27, 2011 at 12:59 AM, Julian Pidancet
> <julian.pidancet@gmail.com>  wrote:
>> On Tue, Sep 27, 2011 at 12:38 AM, Saul Wold<sgw@linux.intel.com>  wrote:
>>>
>>> Is there a reason you did not include the group and --disable-password here?
>>>
>>> I think it would be good to leave thelong name options in also.
>>>
>>> Sau!
>>>
>>
>> The -U option creates a group with the same name. The
>> --disable-password option only exists with adduser and is default with
>> useradd -r.
>> I'd just like to point out that adduser is originally a perl script
>> from debian and reimplemented in busybox. The options it takes are not
>> compatible with the more standard useradd from the shadow package.
>>
>> For some reason, some long options like --system (which is supposed to
>> be supported in useradd) did not work during my first
>> experimentations, but I will investigate and respin a patch with long
>> options if possible.
>>
>> Also, I discovered that the following recipes still depends on adduser:
>> ppp-dialin, avahi, distcc, xserver-nodm-init, pulseaudio, hal, dbus
>>
>> It would be good to use the useradd class with all of them.
>>
>
> In the shadow-sysroot package that we build to be able to use the
> useradd class, we apply the add_root_cmd_options.patch to add the
> --root option to useradd.
>
> The --root option allows useradd to chroot somewhere so it can modify
> /etc/passwd, but at the same time, it disables all the other long
> options in the program.
>
> It looks like it is impossible to use long options with the useradd
> class. I don't know how straighforward it would be to modify this
> patch to get the long options back. But is it worth the pain ?

Hi Julian,

Are you using the latest from oe-core master? I thought this patch from 
Phil addressed this issue:

http://cgit.openembedded.org/cgit.cgi/openembedded-core/commit/?id=8fce8180c802ad187c4df44c17207bfb026ce6c7

Scott

Patch

diff --git a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
index 030a83b..c94ec84 100644
--- a/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_5.8p2.bb
@@ -29,6 +29,14 @@  PAM_SRC_URI = "file://sshd"
 SRC_URI[md5sum] = "0541579adf9d55abb15ef927048d372e"
 SRC_URI[sha256sum] = "5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314"
 
+inherit useradd update-rc.d
+
+USERADD_PACKAGES = "${PN}-sshd"
+USERADD_PARAM_${PN}-sshd = "-r -M -d /var/run/sshd -s /bin/false -U sshd"
+INITSCRIPT_PACKAGES = "${PN}-sshd"
+INITSCRIPT_NAME_${PN}-sshd = "sshd"
+INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
+
 inherit autotools
 
 # LFS support:
@@ -91,16 +99,6 @@  RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
 DEPENDS_${PN}-sshd += "update-rc.d"
 RDEPENDS_${PN}-sshd += "update-rc.d ${PN}-keygen"
 
-pkg_postinst_${PN}-sshd () {
-	if [ "x$D" != "x" ]; then
-		exit 1
-	else
-		addgroup sshd
-		adduser --system --home /var/run/sshd --no-create-home --disabled-password --ingroup sshd -s /bin/false sshd
-		update-rc.d sshd defaults 9
-	fi
-}
-
 pkg_postinst_${PN}-scp () {
 	update-alternatives --install ${bindir}/scp scp scp.${PN} 90
 }
@@ -117,16 +115,5 @@  pkg_postrm_${PN}-scp () {
 	update-alternatives --remove ${bindir}/scp scp.${PN}
 }
 
-pkg_postrm_${PN}-sshd () {
-	if [ "x$D" != "x" ]; then
-		exit 1
-	else
-		${sysconfdir}/init.d/sshd stop
-		deluser sshd
-		delgroup sshd
-		update-rc.d -f sshd remove
-	fi
-}
-
 CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
 CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"