Patchwork [2/3] useradd.bbclass: new class for managing user/group permissions

login
register
mail settings
Submitter Scott Garman
Date June 30, 2011, 10:39 p.m.
Message ID <1db24b664bf6fb292d8a84dd6398e330305f18fd.1309473383.git.scott.a.garman@intel.com>
Download mbox | patch
Permalink /patch/6765/
State New, archived
Headers show

Comments

Scott Garman - June 30, 2011, 10:39 p.m.
This class is to be used by recipes that need to set up specific
user/group accounts and set custom file/directory permissions.

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
 meta/classes/useradd.bbclass |  161 ++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 161 insertions(+), 0 deletions(-)
 create mode 100644 meta/classes/useradd.bbclass
Richard Purdie - June 30, 2011, 11:10 p.m.
Hi Scott,

This is looking good, thanks for the changes! I just have some cosmetic
things to tweak before it goes in.

On Thu, 2011-06-30 at 15:39 -0700, Scott Garman wrote:
[...]
> +# Recipe parse-time sanity checks
> +def update_useradd_after_parse(d):
> +	if bb.data.getVar('USERADD_PACKAGES', d) == None:

if not d.getVar('USERADD_PACKAGES', False):

> +		if bb.data.getVar('USERADD_PARAM', d) == None and bb.data.getVar('GROUPADD_PARAM', d) == None:

if not d.getVar('USERADD_PARAM', False) and not d.getVar('GROUPADD_PARAM', False):

> +			raise bb.build.FuncFailed, "%s inherits useradd but doesn't set USERADD_PARAM or GROUPADD_PARAM" % bb.data.getVar('FILE', d)
> +
> +python __anonymous() {
> +	update_useradd_after_parse(d)
> +}
> +
> +# Return a single [GROUP|USER]ADD_PARAM formatted string which includes the
> +# [group|user]add parameters for all packages in this recipe
> +def get_all_cmd_params(d, cmd_type):
> +	import string
> +	
> +	localdata = bb.data.createCopy(d)

No need to use createCopy here since you don't change OVERRIDES or write
to the datastore at all. Just use d directly.

> +	param_type = cmd_type.upper() + "ADD_PARAM_%s"
> +	params = []
> +
> +	pkgs = localdata.getVar('USERADD_PACKAGES', True)
> +	if not pkgs:
> +		pkgs = localdata.getVar('USERADDPN', True)
> +		packages = (localdata.getVar('PACKAGES', True) or "").split()
> +		if packages and pkgs not in packages:
> +			pkgs = packages[0]
> +
> +	for pkg in pkgs.split():
> +		param = localdata.getVar(param_type % pkg, True)
> +		if param:
> +			params.append(param)
> +
> +	return string.join(params, "; ")
> +
> +# Adds the preinst script into generated packages
> +fakeroot python populate_packages_prepend () {
> +	def update_useradd_package(pkg):
> +		bb.debug(1, 'adding user/group calls to preinst for %s' % pkg)
> +		localdata = bb.data.createCopy(d)
> +		overrides = localdata.getVar("OVERRIDES", True)
> +		bb.data.setVar("OVERRIDES", "%s:%s" % (pkg, overrides), localdata)
> +		bb.data.update_data(localdata)
> +
> +		"""
> +		useradd preinst is appended here because pkg_preinst may be
> +		required to execute on the target. Not doing so may cause
> +		useradd preinst to be invoked twice, causing unwanted warnings.
> +		"""

You can just do:

preinst = d.getVar('pkg_preinst_%s' % pkg, True) or d.getVar('pkg_preinst', True)

and ditch all the createCopy/OVERRIDES stuff.

> +		preinst = localdata.getVar('pkg_preinst', True)
> +		if not preinst:
> +			preinst = '#!/bin/sh\n'
> +		preinst += localdata.getVar('useradd_preinst', True)
> +		bb.data.setVar('pkg_preinst_%s' % pkg, preinst, d)
> +
> +	# We add the user/group calls to all packages to allow any package
> +	# to contain files owned by the users/groups defined in the recipe.
> +	# The user/group addition code is careful not to create duplicate
> +	# entries, so this is safe.
> +	pkgs = d.getVar('USERADD_PACKAGES', True)
> +	if pkgs == None:

if not pkgs:

> +		pkgs = d.getVar('USERADDPN', True)
> +		packages = (d.getVar('PACKAGES', True) or "").split()
> +		if not pkgs in packages and packages != []:

if packages and pkgs not in packages:

> +			pkgs = packages[0]
> +	for pkg in pkgs.split():
> +		update_useradd_package(pkg)
> +}

Cheers,

Richard
Scott Garman - July 1, 2011, 4:36 a.m.
On 06/30/2011 04:10 PM, Richard Purdie wrote:
> Hi Scott,
>
> This is looking good, thanks for the changes! I just have some cosmetic
> things to tweak before it goes in.

Ok, respinning now based on your requests.

BTW, some parts of useradd.bbclass were derived from 
update-rc.d.bbclass. So it sounds like that class could use a refresh in 
light of the preferred style you've been showing me. I'd be happy to do 
this as a background task over the next week if it would be useful.

Scott

>
> On Thu, 2011-06-30 at 15:39 -0700, Scott Garman wrote:
> [...]
>> +# Recipe parse-time sanity checks
>> +def update_useradd_after_parse(d):
>> +	if bb.data.getVar('USERADD_PACKAGES', d) == None:
>
> if not d.getVar('USERADD_PACKAGES', False):
>
>> +		if bb.data.getVar('USERADD_PARAM', d) == None and bb.data.getVar('GROUPADD_PARAM', d) == None:
>
> if not d.getVar('USERADD_PARAM', False) and not d.getVar('GROUPADD_PARAM', False):
>
>> +			raise bb.build.FuncFailed, "%s inherits useradd but doesn't set USERADD_PARAM or GROUPADD_PARAM" % bb.data.getVar('FILE', d)
>> +
>> +python __anonymous() {
>> +	update_useradd_after_parse(d)
>> +}
>> +
>> +# Return a single [GROUP|USER]ADD_PARAM formatted string which includes the
>> +# [group|user]add parameters for all packages in this recipe
>> +def get_all_cmd_params(d, cmd_type):
>> +	import string
>> +	
>> +	localdata = bb.data.createCopy(d)
>
> No need to use createCopy here since you don't change OVERRIDES or write
> to the datastore at all. Just use d directly.
>
>> +	param_type = cmd_type.upper() + "ADD_PARAM_%s"
>> +	params = []
>> +
>> +	pkgs = localdata.getVar('USERADD_PACKAGES', True)
>> +	if not pkgs:
>> +		pkgs = localdata.getVar('USERADDPN', True)
>> +		packages = (localdata.getVar('PACKAGES', True) or "").split()
>> +		if packages and pkgs not in packages:
>> +			pkgs = packages[0]
>> +
>> +	for pkg in pkgs.split():
>> +		param = localdata.getVar(param_type % pkg, True)
>> +		if param:
>> +			params.append(param)
>> +
>> +	return string.join(params, "; ")
>> +
>> +# Adds the preinst script into generated packages
>> +fakeroot python populate_packages_prepend () {
>> +	def update_useradd_package(pkg):
>> +		bb.debug(1, 'adding user/group calls to preinst for %s' % pkg)
>> +		localdata = bb.data.createCopy(d)
>> +		overrides = localdata.getVar("OVERRIDES", True)
>> +		bb.data.setVar("OVERRIDES", "%s:%s" % (pkg, overrides), localdata)
>> +		bb.data.update_data(localdata)
>> +
>> +		"""
>> +		useradd preinst is appended here because pkg_preinst may be
>> +		required to execute on the target. Not doing so may cause
>> +		useradd preinst to be invoked twice, causing unwanted warnings.
>> +		"""
>
> You can just do:
>
> preinst = d.getVar('pkg_preinst_%s' % pkg, True) or d.getVar('pkg_preinst', True)
>
> and ditch all the createCopy/OVERRIDES stuff.
>
>> +		preinst = localdata.getVar('pkg_preinst', True)
>> +		if not preinst:
>> +			preinst = '#!/bin/sh\n'
>> +		preinst += localdata.getVar('useradd_preinst', True)
>> +		bb.data.setVar('pkg_preinst_%s' % pkg, preinst, d)
>> +
>> +	# We add the user/group calls to all packages to allow any package
>> +	# to contain files owned by the users/groups defined in the recipe.
>> +	# The user/group addition code is careful not to create duplicate
>> +	# entries, so this is safe.
>> +	pkgs = d.getVar('USERADD_PACKAGES', True)
>> +	if pkgs == None:
>
> if not pkgs:
>
>> +		pkgs = d.getVar('USERADDPN', True)
>> +		packages = (d.getVar('PACKAGES', True) or "").split()
>> +		if not pkgs in packages and packages != []:
>
> if packages and pkgs not in packages:
>
>> +			pkgs = packages[0]
>> +	for pkg in pkgs.split():
>> +		update_useradd_package(pkg)
>> +}
>
> Cheers,
>
> Richard
>
Richard Purdie - July 1, 2011, 3:55 p.m.
On Thu, 2011-06-30 at 21:36 -0700, Scott Garman wrote:
> On 06/30/2011 04:10 PM, Richard Purdie wrote:
> > Hi Scott,
> >
> > This is looking good, thanks for the changes! I just have some cosmetic
> > things to tweak before it goes in.
> 
> Ok, respinning now based on your requests.
> 
> BTW, some parts of useradd.bbclass were derived from 
> update-rc.d.bbclass. So it sounds like that class could use a refresh in 
> light of the preferred style you've been showing me. I'd be happy to do 
> this as a background task over the next week if it would be useful.

It would certainly be useful to clean up things like this as and when we
notice them and have time...

Cheers,

Richard

Patch

diff --git a/meta/classes/useradd.bbclass b/meta/classes/useradd.bbclass
new file mode 100644
index 0000000..5891641
--- /dev/null
+++ b/meta/classes/useradd.bbclass
@@ -0,0 +1,161 @@ 
+USERADDPN ?= "${PN}"
+
+# base-passwd-cross provides the default passwd and group files in the
+# target sysroot, and shadow -native and -sysroot provide the utilities
+# and support files needed to add and modify user and group accounts
+DEPENDS_append = " base-passwd shadow-native shadow-sysroot"
+RDEPENDS_${USERADDPN}_append = " base-passwd shadow"
+
+# This preinstall function will be run in two contexts: once for the
+# native sysroot (as invoked by the useradd_sysroot() wrapper), and
+# also as the preinst script in the target package.
+useradd_preinst () {
+OPT=""
+SYSROOT=""
+
+if test "x$D" != "x"; then
+	# Installing into a sysroot
+	SYSROOT="${STAGING_DIR_TARGET}"
+	OPT="--root ${STAGING_DIR_TARGET}"
+
+	# Add groups and users defined for all recipe packages
+	GROUPADD_PARAM="${@get_all_cmd_params(d, 'group')}"
+	USERADD_PARAM="${@get_all_cmd_params(d, 'user')}"
+else
+	# Installing onto a target
+	# Add groups and users defined only for this package
+	GROUPADD_PARAM="${GROUPADD_PARAM}"
+	USERADD_PARAM="${USERADD_PARAM}"
+fi
+
+# Perform group additions first, since user additions may depend
+# on these groups existing
+if test "x$GROUPADD_PARAM" != "x"; then
+	echo "Running groupadd commands..."
+	# Invoke multiple instances of groupadd for parameter lists
+	# separated by ';'
+	opts=`echo "$GROUPADD_PARAM" | cut -d ';' -f 1`
+	remaining=`echo "$GROUPADD_PARAM" | cut -d ';' -f 2-`
+	while test "x$opts" != "x"; do
+		eval $PSEUDO groupadd -f $OPT $opts
+
+		if test "x$opts" = "x$remaining"; then
+			break
+		fi
+		opts=`echo "$remaining" | cut -d ';' -f 1`
+		remaining=`echo "$remaining" | cut -d ';' -f 2-`
+	done
+fi 
+
+if test "x$USERADD_PARAM" != "x"; then
+	echo "Running useradd commands..."
+	# Invoke multiple instances of useradd for parameter lists
+	# separated by ';'
+	opts=`echo "$USERADD_PARAM" | cut -d ';' -f 1`
+	remaining=`echo "$USERADD_PARAM" | cut -d ';' -f 2-`
+	while test "x$opts" != "x"; do
+		# useradd does not have a -f option, so we have to check if the
+		# username already exists manually
+		username=`echo "$opts" | awk '{ print $NF }'`
+		user_exists=`grep "^$username:" $SYSROOT/etc/passwd || true`
+		if test "x$user_exists" = "x"; then
+			eval $PSEUDO useradd $OPT $opts
+		else
+			echo "Note: username $username already exists, not re-creating it"
+		fi
+
+		if test "x$opts" = "x$remaining"; then
+			break
+		fi
+		opts=`echo "$remaining" | cut -d ';' -f 1`
+		remaining=`echo "$remaining" | cut -d ';' -f 2-`
+	done
+fi
+}
+
+useradd_sysroot () {
+	export PSEUDO="${STAGING_DIR_NATIVE}/usr/bin/pseudo"
+	export PSEUDO_LOCALSTATEDIR="${STAGING_DIR_TARGET}/var/pseudo"
+
+	# Explicitly set $D since it isn't set to anything
+	# before do_install
+	D=${D}
+	useradd_preinst
+}
+
+useradd_sysroot_sstate () {
+	if [ "${BB_CURRENTTASK}" = "populate_sysroot_setscene" ]
+	then
+		useradd_sysroot
+	fi
+}
+
+do_install[prefuncs] += "useradd_sysroot"
+SSTATEPOSTINSTFUNCS += "useradd_sysroot_sstate"
+
+# Recipe parse-time sanity checks
+def update_useradd_after_parse(d):
+	if bb.data.getVar('USERADD_PACKAGES', d) == None:
+		if bb.data.getVar('USERADD_PARAM', d) == None and bb.data.getVar('GROUPADD_PARAM', d) == None:
+			raise bb.build.FuncFailed, "%s inherits useradd but doesn't set USERADD_PARAM or GROUPADD_PARAM" % bb.data.getVar('FILE', d)
+
+python __anonymous() {
+	update_useradd_after_parse(d)
+}
+
+# Return a single [GROUP|USER]ADD_PARAM formatted string which includes the
+# [group|user]add parameters for all packages in this recipe
+def get_all_cmd_params(d, cmd_type):
+	import string
+	
+	localdata = bb.data.createCopy(d)
+	param_type = cmd_type.upper() + "ADD_PARAM_%s"
+	params = []
+
+	pkgs = localdata.getVar('USERADD_PACKAGES', True)
+	if not pkgs:
+		pkgs = localdata.getVar('USERADDPN', True)
+		packages = (localdata.getVar('PACKAGES', True) or "").split()
+		if packages and pkgs not in packages:
+			pkgs = packages[0]
+
+	for pkg in pkgs.split():
+		param = localdata.getVar(param_type % pkg, True)
+		if param:
+			params.append(param)
+
+	return string.join(params, "; ")
+
+# Adds the preinst script into generated packages
+fakeroot python populate_packages_prepend () {
+	def update_useradd_package(pkg):
+		bb.debug(1, 'adding user/group calls to preinst for %s' % pkg)
+		localdata = bb.data.createCopy(d)
+		overrides = localdata.getVar("OVERRIDES", True)
+		bb.data.setVar("OVERRIDES", "%s:%s" % (pkg, overrides), localdata)
+		bb.data.update_data(localdata)
+
+		"""
+		useradd preinst is appended here because pkg_preinst may be
+		required to execute on the target. Not doing so may cause
+		useradd preinst to be invoked twice, causing unwanted warnings.
+		"""
+		preinst = localdata.getVar('pkg_preinst', True)
+		if not preinst:
+			preinst = '#!/bin/sh\n'
+		preinst += localdata.getVar('useradd_preinst', True)
+		bb.data.setVar('pkg_preinst_%s' % pkg, preinst, d)
+
+	# We add the user/group calls to all packages to allow any package
+	# to contain files owned by the users/groups defined in the recipe.
+	# The user/group addition code is careful not to create duplicate
+	# entries, so this is safe.
+	pkgs = d.getVar('USERADD_PACKAGES', True)
+	if pkgs == None:
+		pkgs = d.getVar('USERADDPN', True)
+		packages = (d.getVar('PACKAGES', True) or "").split()
+		if not pkgs in packages and packages != []:
+			pkgs = packages[0]
+	for pkg in pkgs.split():
+		update_useradd_package(pkg)
+}