| Message ID | 20230613-sysusersd-v1-3-eaddf3179773@baylibre.com |
|---|---|
| State | Accepted, archived |
| Commit | bebe52ae9576393ebb9d7405fc77fba21e84ba5b |
| Headers | show |
| Series | rootfs-postcommands: replace the sysusers.d postcommand | expand |
On 15/06/2023 13:43:55+0200, Louis Rannou wrote: > The wheel group is not declared while it can be used to access the systemd > journal and to configure printers in CUPS. It can also be used for su and sudo > permissions. > > So far it was created later in the rootfs postcommand systemd_create_users. > > Signed-off-by: Louis Rannou <lrannou@baylibre.com> > --- > .../base-passwd/0007-Add-wheel-group.patch | 20 ++++++++++++++++++++ > meta/recipes-core/base-passwd/base-passwd_3.6.1.bb | 1 + > 2 files changed, 21 insertions(+) > > diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch > new file mode 100644 > index 0000000000..00eaec38a2 > --- /dev/null > +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch > @@ -0,0 +1,20 @@ > + > +We need to have a wheel group which has some system privileges to consult the > +systemd journal or manage printers with cups. > + > +Upstream status says the group does not exist by default. This should be rephrased because it causes: Malformed Upstream-Status 'Upstream status' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch) Unknown Upstream-Status value 'says' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch) Patches missing Upstream-Status: 0 (0%) Patches with malformed Upstream-Status: 1 (0%) > + > +Upstream-Status: Inappropriate [enable feature] > + > +Signed-off-by: Louis Rannou <lrannou@baylibre.com> > +Index: base-passwd-3.5.26/group.master > +=================================================================== > +--- base-passwd-3.5.29.orig/group.master > ++++ base-passwd-3.5.29/group.master > +@@ -38,5 +38,6 @@ > + staff:*:50: > + games:*:60: > + shutdown:*:70: > ++wheel:*:80: > + users:*:100: > + nogroup:*:65534: > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb > index 853717176d..204016b3e7 100644 > --- a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb > +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb > @@ -12,6 +12,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar > file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ > file://0005-Add-kvm-group.patch \ > file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \ > + file://0007-Add-wheel-group.patch \ > " > > SRC_URI[sha256sum] = "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af" > > -- > 2.41.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#182849): https://lists.openembedded.org/g/openembedded-core/message/182849 > Mute This Topic: https://lists.openembedded.org/mt/99546759/3617179 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On 18/06/2023 11:37, Alexandre Belloni wrote: > On 15/06/2023 13:43:55+0200, Louis Rannou wrote: >> The wheel group is not declared while it can be used to access the systemd >> journal and to configure printers in CUPS. It can also be used for su and sudo >> permissions. >> >> So far it was created later in the rootfs postcommand systemd_create_users. >> >> Signed-off-by: Louis Rannou <lrannou@baylibre.com> >> --- >> .../base-passwd/0007-Add-wheel-group.patch | 20 ++++++++++++++++++++ >> meta/recipes-core/base-passwd/base-passwd_3.6.1.bb | 1 + >> 2 files changed, 21 insertions(+) >> >> diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch >> new file mode 100644 >> index 0000000000..00eaec38a2 >> --- /dev/null >> +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch >> @@ -0,0 +1,20 @@ >> + >> +We need to have a wheel group which has some system privileges to consult the >> +systemd journal or manage printers with cups. >> + >> +Upstream status says the group does not exist by default. > > This should be rephrased because it causes: > > Malformed Upstream-Status 'Upstream status' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch) > Unknown Upstream-Status value 'says' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch) > Patches missing Upstream-Status: 0 (0%) > Patches with malformed Upstream-Status: 1 (0% Sorry for that. I didn't expect it would parse any line starting with Upstream status... > > >> + >> +Upstream-Status: Inappropriate [enable feature] >> + >> +Signed-off-by: Louis Rannou <lrannou@baylibre.com> >> +Index: base-passwd-3.5.26/group.master >> +=================================================================== >> +--- base-passwd-3.5.29.orig/group.master >> ++++ base-passwd-3.5.29/group.master >> +@@ -38,5 +38,6 @@ >> + staff:*:50: >> + games:*:60: >> + shutdown:*:70: >> ++wheel:*:80: >> + users:*:100: >> + nogroup:*:65534: >> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb >> index 853717176d..204016b3e7 100644 >> --- a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb >> +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb >> @@ -12,6 +12,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar >> file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ >> file://0005-Add-kvm-group.patch \ >> file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \ >> + file://0007-Add-wheel-group.patch \ >> " >> >> SRC_URI[sha256sum] = "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af" >> >> -- >> 2.41.0 >> > >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#182849): https://lists.openembedded.org/g/openembedded-core/message/182849 >> Mute This Topic: https://lists.openembedded.org/mt/99546759/3617179 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com] >> -=-=-=-=-=-=-=-=-=-=-=- >> > > Louis
diff --git a/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch new file mode 100644 index 0000000000..00eaec38a2 --- /dev/null +++ b/meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch @@ -0,0 +1,20 @@ + +We need to have a wheel group which has some system privileges to consult the +systemd journal or manage printers with cups. + +Upstream status says the group does not exist by default. + +Upstream-Status: Inappropriate [enable feature] + +Signed-off-by: Louis Rannou <lrannou@baylibre.com> +Index: base-passwd-3.5.26/group.master +=================================================================== +--- base-passwd-3.5.29.orig/group.master ++++ base-passwd-3.5.29/group.master +@@ -38,5 +38,6 @@ + staff:*:50: + games:*:60: + shutdown:*:70: ++wheel:*:80: + users:*:100: + nogroup:*:65534: diff --git a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb index 853717176d..204016b3e7 100644 --- a/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb +++ b/meta/recipes-core/base-passwd/base-passwd_3.6.1.bb @@ -12,6 +12,7 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar file://0004-Add-an-input-group-for-the-dev-input-devices.patch \ file://0005-Add-kvm-group.patch \ file://0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch \ + file://0007-Add-wheel-group.patch \ " SRC_URI[sha256sum] = "6ff369be59d586ba63c0c5fcb00f75f9953fe49db88bc6c6428f2c92866f79af"
The wheel group is not declared while it can be used to access the systemd journal and to configure printers in CUPS. It can also be used for su and sudo permissions. So far it was created later in the rootfs postcommand systemd_create_users. Signed-off-by: Louis Rannou <lrannou@baylibre.com> --- .../base-passwd/0007-Add-wheel-group.patch | 20 ++++++++++++++++++++ meta/recipes-core/base-passwd/base-passwd_3.6.1.bb | 1 + 2 files changed, 21 insertions(+)