[nanbield,22/25] systemd: fix DynamicUser issue

Message ID	5420215a3415f08c1d961fca2e3d8258f82fb7f1.1701377676.git.steve@sakoman.com
State	New, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.182, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][nanbield 22/25] systemd: fix DynamicUser issue Date: Thu, 30 Nov 2023 10:57:30 -1000 Message-Id: <5420215a3415f08c1d961fca2e3d8258f82fb7f1.1701377676.git.steve@sakoman.com> In-Reply-To: <cover.1701377676.git.steve@sakoman.com> References: <cover.1701377676.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[nanbield,01/25] avahi: backport Debian patches to fix multiple CVE's \| expand [nanbield,01/25] avahi: backport Debian patches to fix multiple CVE's [nanbield,02/25] base-passwd: upgrade 3.6.1 -> 3.6.2 [nanbield,03/25] enchant2: upgrade 2.6.1 -> 2.6.2 [nanbield,04/25] harfbuzz: upgrade 8.2.1 -> 8.2.2 [nanbield,05/25] libjpeg-turbo: upgrade 3.0.0 -> 3.0.1 [nanbield,06/25] python3-urllib3: Upgrade to 2.0.7 [nanbield,07/25] qemu: Upgrade 8.1.0 -> 8.1.2 [nanbield,08/25] xwayland: upgrade to 23.2.2 [nanbield,09/25] linux-firmware: create separate packages [nanbield,10/25] linux-firmware: add new fw file to ${PN}-rtl8821 [nanbield,11/25] linux-firmware: upgrade 20230804 -> 20231030 [nanbield,12/25] linux-firmware: add missing depenencies on license packages [nanbield,13/25] linux-firmware: add notice file to sdm845 modem firmware [nanbield,14/25] linux-firmware: add audio topology symlink to the X13's audio package [nanbield,15/25] linux-firmware: package firmware for Qualcomm Adreno a702 [nanbield,16/25] linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210 [nanbield,17/25] linux-firmware: package Qualcomm Venus 6.0 firmware [nanbield,18/25] linux-firmware: package Robotics RB5 sensors DSP firmware [nanbield,19/25] lsb-release: use https for UPSTREAM_CHECK_URI [nanbield,20/25] strace: backport fix for so_peerpidfd-test [nanbield,21/25] openssl: improve handshake test error reporting [nanbield,22/25] systemd: fix DynamicUser issue [nanbield,23/25] lib/oe/buildcfg.py: Include missing import [nanbield,24/25] lib/oe/buildcfg.py: Remove unused parameter [nanbield,25/25] lib/oe/path: Deploy files can start only with a dot

Message ID

5420215a3415f08c1d961fca2e3d8258f82fb7f1.1701377676.git.steve@sakoman.com

State

New, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][nanbield 22/25] systemd: fix DynamicUser issue
Date: Thu, 30 Nov 2023 10:57:30 -1000
Message-Id: 
 <5420215a3415f08c1d961fca2e3d8258f82fb7f1.1701377676.git.steve@sakoman.com>
In-Reply-To: <cover.1701377676.git.steve@sakoman.com>
References: <cover.1701377676.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[nanbield,01/25] avahi: backport Debian patches to fix multiple CVE's | expand

Commit Message

Steve Sakoman Nov. 30, 2023, 8:57 p.m. UTC

From: Chen Qi <Qi.Chen@windriver.com>

The DynamicUser needs libnss-systemd to be installed to function
well. The tweaks to nsswitch.conf should be conditional on PACKAGECONFIG
values.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ba3a78c08cb0ce08afde049610d3172b9e3b0695)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/systemd/systemd_254.4.bb | 30 +++++++++++++++++-----
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/meta/recipes-core/systemd/systemd_254.4.bb b/meta/recipes-core/systemd/systemd_254.4.bb
index 77724eb822..285ca92e68 100644
--- a/meta/recipes-core/systemd/systemd_254.4.bb
+++ b/meta/recipes-core/systemd/systemd_254.4.bb
@@ -178,7 +178,7 @@  PACKAGECONFIG[microhttpd] = "-Dmicrohttpd=true,-Dmicrohttpd=false,libmicrohttpd"
 PACKAGECONFIG[myhostname] = "-Dnss-myhostname=true,-Dnss-myhostname=false,,libnss-myhostname"
 PACKAGECONFIG[networkd] = "-Dnetworkd=true,-Dnetworkd=false"
 PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers="
-PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false"
+PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false,,libnss-systemd"
 PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=true,-Dnss-mymachines=false"
 PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=true,-Dnss-resolve=false"
 PACKAGECONFIG[oomd] = "-Doomd=true,-Doomd=false"
@@ -826,15 +826,31 @@  ALTERNATIVE_LINK_NAME[runlevel] = "${base_sbindir}/runlevel"
 ALTERNATIVE_PRIORITY[runlevel] ?= "300"
 
 pkg_postinst:${PN}:libc-glibc () {
-	sed -e '/^hosts:/s/\s*\<myhostname\>//' \
-		-e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \
-		-i $D${sysconfdir}/nsswitch.conf
+	if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then
+		sed -e '/^hosts:/s/\s*\<myhostname\>//' \
+			-e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 myhostname \3\4\5/' \
+			-i $D${sysconfdir}/nsswitch.conf
+	fi
+	if ${@bb.utils.contains('PACKAGECONFIG', 'nss', 'true', 'false', d)}; then
+		sed -e 's#\(^passwd:.*\)#\1 systemd#' \
+			-e 's#\(^group:.*\)#\1 systemd#' \
+			-e 's#\(^shadow:.*\)#\1 systemd#' \
+			-i $D${sysconfdir}/nsswitch.conf
+	fi
 }
 
 pkg_prerm:${PN}:libc-glibc () {
-	sed -e '/^hosts:/s/\s*\<myhostname\>//' \
-		-e '/^hosts:/s/\s*myhostname//' \
-		-i $D${sysconfdir}/nsswitch.conf
+	if ${@bb.utils.contains('PACKAGECONFIG', 'myhostname', 'true', 'false', d)}; then
+		sed -e '/^hosts:/s/\s*\<myhostname\>//' \
+			-e '/^hosts:/s/\s*myhostname//' \
+			-i $D${sysconfdir}/nsswitch.conf
+	fi
+	if ${@bb.utils.contains('PACKAGECONFIG', 'nss', 'true', 'false', d)}; then
+		sed -e '/^passwd:/s#\s*systemd##' \
+			-e '/^group:/s#\s*systemd##' \
+			-e '/^shadow:/s#\s*systemd##' \
+			-i $D${sysconfdir}/nsswitch.conf
+	fi
 }
 
 PACKAGE_WRITE_DEPS += "qemu-native"

[nanbield,22/25] systemd: fix DynamicUser issue

Commit Message

Patch