From patchwork Thu Aug 25 16:30:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Gherzan X-Patchwork-Id: 11875 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44CD4ECAA27 for ; Thu, 25 Aug 2022 16:30:50 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by mx.groups.io with SMTP id smtpd.web08.26220.1661445048448322728 for ; Thu, 25 Aug 2022 09:30:48 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gherzan.com header.s=fm2 header.b=E0tQVwsA; spf=pass (domain: gherzan.com, ip: 66.111.4.28, mailfrom: andrei@gherzan.com) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id B4A015C00A2; Thu, 25 Aug 2022 12:30:47 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 25 Aug 2022 12:30:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gherzan.com; h= cc:cc:content-transfer-encoding:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=fm2; t=1661445047; x=1661531447; bh=QOwA85riQslXuedhWJywmh70H okmOtyyN1xGn3Bi0fc=; b=E0tQVwsAqnwMia/lssfazWRKfWbc6hgvI3QTJpzLz LT22zpwkhSUwx9PiBhNMvxZNWtbro0+hyN4Wp64nAQ7QGdEA06B67j+FTuR3LyTd xtSigX/2EuafwRKJvyQ1K8oDe9HAHiDAS3IsLkouHOZr8aT3RAk8ewRu7anPXRwK +TRI1bEoP2/Uxjm7G6vBVQInrosWIZcD8WR0nxuH54R4pNOvWUImcxu59I29F0t5 59m4NMoQA++dGcQ1UKqyGtkhc66NMm4ihv3MeoDATlzwLEtrE49oMU8V6hyqVw1w jgSrOxYTdE4CuKR2d1TsYxxHZllvMlXtCzyqbKeWotJSQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1661445047; x=1661531447; bh=QOwA85riQslXuedhWJywmh70HokmOtyyN1x Gn3Bi0fc=; b=2NsNgzDeQ3g4svLordDGWjbOKTuWbVk4cPdfeFyPbWUgbtHs2pt vL9JWkE4JQVGS7b73hJnKlf5tyiQt/IdsvXcoYGxHx1zfybYCopm6Yh6RlEqut2Y D2tBoD7S5btwVLTipfQGYMqRmRJST7ZLIyJm0+9c1tT9FsJLRAoMCwuaq41NPs8G aLGvzVfnn/4pBs7vRhOTZyM643XMmN3NWoEieH7xaabgfjzzcm2huiTO4Ipv8YOm g0dV7dPcs7OMxQdRw267HNUCZwg4JLINU+j00dJhTbemU4fIpBtqbcDul+0qcgBI pnJAaZGCWbYaF3S08SCSeYScyreyJEM2VKA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdejfedguddttdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofgggfestdekre dtredttdenucfhrhhomheptehnughrvghiucfihhgvrhiirghnuceorghnughrvghisehg hhgvrhiirghnrdgtohhmqeenucggtffrrghtthgvrhhnpeeijeelhfevveelffevgeefte eljeetvdegjedttdehhffhtdeihfevgeffgeegkeenucevlhhushhtvghrufhiiigvpedt necurfgrrhgrmhepmhgrihhlfhhrohhmpegrnhgurhgvihesghhhvghriigrnhdrtghomh X-ME-Proxy: Feedback-ID: i68994715:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 25 Aug 2022 12:30:46 -0400 (EDT) From: Andrei Gherzan To: openembedded-core@lists.openembedded.org Cc: andrei@gherzan.com, Andrei Gherzan Subject: [kirkstone][PATCH 1/3] shadow: Enable subid support Date: Thu, 25 Aug 2022 18:30:39 +0200 Message-Id: <20220825163041.840129-1-andrei@gherzan.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Aug 2022 16:30:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169880 From: Andrei Gherzan shadow utils are used when creating users at image creation time. The useradd/usermod tools will only try to add a default configuration for subid files if they exist. Signed-off-by: Andrei Gherzan --- meta/recipes-extended/shadow/shadow.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index f5fdf436f7..b3ae2b4874 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -149,6 +149,13 @@ do_install:append() { # Handle link properly after rename, otherwise missing files would # lead rpm failed dependencies. ln -sf newgrp.${BPN} ${D}${bindir}/sg + + # usermod requires the subuid/subgid files to be in place before being + # able to use the -v/-V flags otherwise it fails: + # usermod: /etc/subuid does not exist, you cannot use the flags -v or -V + install -d ${D}${sysconfdir} + touch ${D}${sysconfdir}/subuid + touch ${D}${sysconfdir}/subgid } PACKAGES =+ "${PN}-base" From patchwork Thu Aug 25 16:30:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Gherzan X-Patchwork-Id: 11876 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 402D0ECAA25 for ; Thu, 25 Aug 2022 16:30:50 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by mx.groups.io with SMTP id smtpd.web12.26017.1661445049656633342 for ; Thu, 25 Aug 2022 09:30:49 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gherzan.com header.s=fm2 header.b=TyAp7ebc; spf=pass (domain: gherzan.com, ip: 66.111.4.28, mailfrom: andrei@gherzan.com) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id EBC175C009A; Thu, 25 Aug 2022 12:30:48 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 25 Aug 2022 12:30:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gherzan.com; h= cc:cc:content-transfer-encoding:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1661445048; x=1661531448; bh=U1 mFO9uXr60avOZR+syTCOQw4wOoQNpu1zpSi6WMY4M=; b=TyAp7ebcDRveoP2s9U q5tHuB3OXHf55/QTNJcKW6jY+/zWI7ZGsuXFBwRPWOVesqOgBprNcDNhGV/aBwpI D01Gv0LudLITBKGebJu0vreggCerUChzF3dBRI2HNIpBUlSuhIptn+TqXDrOSux3 CbV6r7McW0V1SNU/ZUeTZHlvkd7DNlcZXWWiewlWdRw5/MmS1KLDW21/XMN0L7j9 TDjaxkcBSFJtpasbrDT7wAb9oMzrj0F23e1UqwuuQvy5OrYdq3heWoFAKM1oyRcz XkdB8QYHMA6vckoYpJhhNXXBxS7sGLg3WlpT5A7RdXMPx1836Mpj5xRNhzm387Vg zMjQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1661445048; x=1661531448; bh=U1mFO9uXr60av OZR+syTCOQw4wOoQNpu1zpSi6WMY4M=; b=uW9yJVzdpR8vqUpJFAv9kHBGy9WIh 3WKlze2UVzQgQ/a1n2olcJKTM4Ms3dbG3v4TImiyhGVAksAKIqsJlbkAq4fLfsRp zR5Efnr2Hb85Wu7j/4wJOMAJ1/79qVw+gp2j+EcgJ0nWv+rO+ROEFi9TkoRg0QaM p6MFk+H6Y4Yu4/7ANcANmuTjw9BJ2lfM1l2OSpGWpRjbjXMItmi3iJgaDnMYXqoM HYeSA2BxNncOl7d2ewwNv5fQ6x7ps1lpJxHMPPapvrETGk7nR7a9KmehQN1p34NL f4UGp38olvwqlPh9r9K1a7KBPuC3cjl7mii9vi/PffcTx09IXJZU9MOog== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdejfedgleelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfggfgsedtke ertdertddtnecuhfhrohhmpeetnhgurhgvihcuifhhvghriigrnhcuoegrnhgurhgvihes ghhhvghriigrnhdrtghomheqnecuggftrfgrthhtvghrnhepjefhvefhgefgffejgeelke ejleeiffejgffgkeeggfffgfffieeffeeghefhtdffnecuvehluhhsthgvrhfuihiivgep tdenucfrrghrrghmpehmrghilhhfrhhomheprghnughrvghisehghhgvrhiirghnrdgtoh hm X-ME-Proxy: Feedback-ID: i68994715:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 25 Aug 2022 12:30:47 -0400 (EDT) From: Andrei Gherzan To: openembedded-core@lists.openembedded.org Cc: andrei@gherzan.com, Andrei Gherzan Subject: [kirkstone][PATCH 2/3] rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils Date: Thu, 25 Aug 2022 18:30:40 +0200 Message-Id: <20220825163041.840129-2-andrei@gherzan.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825163041.840129-1-andrei@gherzan.com> References: <20220825163041.840129-1-andrei@gherzan.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Aug 2022 16:30:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169881 From: Andrei Gherzan When creating users, shadow-utils might create backup files for subordinate ID files (subid, subgid). Make sure we clean them up similarly to the other backup files shadow-utils creates. This is a backport from master that brings in only the cleanup of the subid backup files without the code restructure. Signed-off-by: Andrei Gherzan --- meta/lib/rootfspostcommands.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta/lib/rootfspostcommands.py b/meta/lib/rootfspostcommands.py index fdb9f5b850..12f66d2ce2 100644 --- a/meta/lib/rootfspostcommands.py +++ b/meta/lib/rootfspostcommands.py @@ -58,3 +58,10 @@ def sort_passwd(sysconfdir): remove_backup(filename) if os.path.exists(filename): sort_file(filename, mapping) + # Drop other known backup shadow-utils. + for filename in ( + 'subgid', + 'subuid', + ): + filepath = os.path.join(sysconfdir, filename) + remove_backup(filepath) From patchwork Thu Aug 25 16:30:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Gherzan X-Patchwork-Id: 11877 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2857FECAA24 for ; Thu, 25 Aug 2022 16:31:00 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by mx.groups.io with SMTP id smtpd.web08.26222.1661445050517636691 for ; Thu, 25 Aug 2022 09:30:50 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gherzan.com header.s=fm2 header.b=frWa+sgD; spf=pass (domain: gherzan.com, ip: 66.111.4.28, mailfrom: andrei@gherzan.com) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id D5B055C00C4; Thu, 25 Aug 2022 12:30:49 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Thu, 25 Aug 2022 12:30:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gherzan.com; h= cc:cc:content-transfer-encoding:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm2; t=1661445049; x=1661531449; bh=Hp N3IBu06Jj1lqvPunrYIV19nf5nsFFAxvQAGhALhRk=; b=frWa+sgDMXXkgBWQWi MbM934PTtggsOiFm6R7M3GAl3LJKTLZqBDZ8MO4pZnoWYl3ja7svm6rWb7oXNZcE lRSimXkSRMGzHeUpiU+1wxB3Zdt6GphPmJFqJhk/HZLFhztIUXW7SzZHf5uwXC0Q HDCWFqmH0P+Ft4SEqIUF7rXinTPSIMNNKLLI2JnyuoCSoFl62+U4H/4bdMsS91Kk FLSfpUNiGclB0XxGhSUrb7/QW+aZ3dXvY8yy/rcYnOdKNktWHo5FYoP3KcregkBY 7ZxoS5G4iiOE8XofumKZgGJuqMzOMsLvLTmoN6kTU1cfEWtVegq8F3bfLyq5Hx9l PETQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1661445049; x=1661531449; bh=HpN3IBu06Jj1l qvPunrYIV19nf5nsFFAxvQAGhALhRk=; b=uhEGo6yPuFEGj6xUJkqOyPl0yAvuk thXfCVuXS8pYksSQIzLYnfpsRvWrsVK9rk4Nhqi/vSe4ZJELgVVAebEClWtFuxmr 7A5qjagtWmM+ci+M6mHX0TkPBubITzybKAIHVdzGUsIsRnjoNnUtbUeagJH3WqHN p6d2gREjvIfU6h07vFTZuYfmaABWSPZMG2RIiHJrM3CqPqVEip60mYKZa21Lf5Su 6mWQMw+us6c/g4UbmdnmBxjdGD68kdlK2MqrRYH/bnO6Zp5fPGcxxJT9LUX+zdsa st8z8jwdCXQTkipKbx2mnqp97OgjW/rRvkMSSGv8HJlTD/y1GI50bUotA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdejfedgleelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffojghfggfgsedtke ertdertddtnecuhfhrohhmpeetnhgurhgvihcuifhhvghriigrnhcuoegrnhgurhgvihes ghhhvghriigrnhdrtghomheqnecuggftrfgrthhtvghrnhepueelheegjeehgeefgfduie ekgeegfedvledtleejtefgledvkefhffeuvdejudfgnecuffhomhgrihhnpehgihhthhhu sgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpegrnhgurhgvihesghhhvghriigrnhdrtghomh X-ME-Proxy: Feedback-ID: i68994715:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 25 Aug 2022 12:30:49 -0400 (EDT) From: Andrei Gherzan To: openembedded-core@lists.openembedded.org Cc: andrei@gherzan.com, Andrei Gherzan Subject: [kirkstone][PATCH 3/3] shadow: Avoid nss warning/error with musl Date: Thu, 25 Aug 2022 18:30:41 +0200 Message-Id: <20220825163041.840129-3-andrei@gherzan.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825163041.840129-1-andrei@gherzan.com> References: <20220825163041.840129-1-andrei@gherzan.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Aug 2022 16:31:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/169882 From: Andrei Gherzan The libnss configuration file is only installed when glibc is used. The inexistence of it on a musl-based rootfs, will make shadow complain about it: Failed opening /etc/nsswitch.conf This is because shadow will try to use nsswich when dealing with subordinate IDs and the message is just a warning as the tool will still generate them correctly in subuid/subgid files. We drop this log message for class native to avoid an error when rootfs logs are checked ('Failed' will match the regex bitbake is using to check for rootfs generation errors). Signed-off-by: Andrei Gherzan --- ...f-message-when-not-in-place-eg.-musl.patch | 27 +++++++++++++++++++ meta/recipes-extended/shadow/shadow.inc | 2 ++ 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch diff --git a/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch b/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch new file mode 100644 index 0000000000..6c04769713 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch @@ -0,0 +1,27 @@ +From aed5a184401fbbe901cb825be4004ced885b6f9a Mon Sep 17 00:00:00 2001 +From: Andrei Gherzan +Date: Wed, 24 Aug 2022 00:54:47 +0200 +Subject: [PATCH] Drop nsswitch.conf message when not in place - eg. musl + +Upstream-Status: Inappropriate [issue reported at https://github.com/shadow-maint/shadow/issues/557] +Signed-off-by: Andrei Gherzan +--- + lib/nss.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/nss.c b/lib/nss.c +index af3e95a..74e0e16 100644 +--- a/lib/nss.c ++++ b/lib/nss.c +@@ -57,7 +57,7 @@ void nss_init(char *nsswitch_path) { + // subid: files + nssfp = fopen(nsswitch_path, "r"); + if (!nssfp) { +- fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); ++ //fprintf(shadow_logfd, "Failed opening %s: %m", nsswitch_path); + atomic_store(&nss_init_completed, true); + return; + } +-- +2.25.1 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index b3ae2b4874..5106b95571 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -26,6 +26,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:class-native = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ + file://0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch \ " SRC_URI:append:class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ @@ -33,6 +34,7 @@ SRC_URI:append:class-nativesdk = " \ SRC_URI[sha256sum] = "f262089be6a1011d50ec7849e14571b7b2e788334368f3dccb718513f17935ed" + # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ file://pam.d/chpasswd \