diff mbox series

[kirkstone,2/4] base-passwd: Add PW_SUBDIR

Message ID 20231124141108.1397342-3-joakim.tjernlund@infinera.com
State New, archived
Delegated to: Steve Sakoman
Headers show
Series Add sub dir for passwd files | expand

Commit Message

Joakim Tjernlund Nov. 24, 2023, 2:10 p.m. UTC 
Add support for creating passwd files in a /etc subdir
Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb

Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
---
 .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

Comments

Peter Kjellerstedt Nov. 26, 2023, 9:21 p.m. UTC | #1 
> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via lists.openembedded.org
> Sent: den 24 november 2023 15:11
> To: openembedded-core@lists.openembedded.org
> Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> 
> Add support for creating passwd files in a /etc subdir
> Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb
> 
> Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> ---
>  .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++-------
>  1 file changed, 16 insertions(+), 8 deletions(-)
> 
> diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> index ef7792ae49..e453be0763 100644
> --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> @@ -20,6 +20,9 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
>  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
>  SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> 
> +#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
> +PW_SUBDIR ?= ""
> +

Rather than defining a subdirectory, I would recommend defining the full 
path, e.g.:

PW_DIR ?= "${sysconfdir}"

This avoids generating a lot of "//" in the middle of paths for the majority 
of us who do not use a subdirectory for the password files.

>  # the package is taken from launchpad; that source is static and goes stale
>  # so we check the latest upstream from a directory that does get updated
>  UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
>  #!/bin/sh
> 
>  # Install passwd.master and group.master to sysconfdir
> -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
>  for i in passwd group; do
>  	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
> -		${STAGING_DIR_TARGET}${sysconfdir}/\$i
> +		${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> +	[ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i

I generally recommended to use `[ ! ... ] || ...` instead of `[ ... ] && ...`:

	[ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i

Or, assuming my recommendation above is followed: 

	[ "${PW_DIR}" = "${sysconfdir}" ] ||
		ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i

The reason is that the return status ($?) of `[ ... ] && ...` is 1 if the 
test fails, while it is 0 for `[ ! ... ] || ...` when the test succeeds.

>  done
> 
>  # Run any useradd postinsts
> @@ -89,15 +93,19 @@ python populate_packages:prepend() {
>      f.close()
> 
>      preinst = """#!/bin/sh
> -mkdir -p $D${sysconfdir}
> -if [ ! -e $D${sysconfdir}/passwd ]; then
> -\tcat << 'EOF' > $D${sysconfdir}/passwd
> +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
>  """ + passwd + """EOF
>  fi
> -if [ ! -e $D${sysconfdir}/group ]; then
> -\tcat << 'EOF' > $D${sysconfdir}/group
> +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
>  """ + group + """EOF
>  fi
> +if [ -n "${PW_SUBDIR}" ]; then
> +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group

Use \t to indent the above two lines like the code before.

> +fi
>  """
>      d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
>  }
> @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
>  if [ -n "$D" ]; then
>  	exit 0
>  fi
> -${sbindir}/update-passwd
> +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group

Replace /etc with ${sysconfdir}.

>  }
> --
> 2.41.0

//Peter
Joakim Tjernlund Nov. 29, 2023, 11:11 a.m. UTC | #2 
Hi Peter :)

All good comments, will fix accordingly. Not sure how PW_DIR ?= "${sysconfdir}" will work though.

How do you envision one should set PW_DIR in distro .conf or layer.conf?
Just PW_DIR = "/etc/pwdb" or PW_DIR = "${sysconfdir}/pwdb" ?

 Jocke

On Sun, 2023-11-26 at 21:21 +0000, Peter Kjellerstedt wrote:
> > -----Original Message-----
> > From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via lists.openembedded.org
> > Sent: den 24 november 2023 15:11
> > To: openembedded-core@lists.openembedded.org
> > Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> >
> > Add support for creating passwd files in a /etc subdir
> > Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb
> >
> > Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > ---
> >  .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++-------
> >  1 file changed, 16 insertions(+), 8 deletions(-)
> >
> > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > index ef7792ae49..e453be0763 100644
> > --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > @@ -20,6 +20,9 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> >  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
> >  SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> >
> > +#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
> > +PW_SUBDIR ?= ""
> > +
>
> Rather than defining a subdirectory, I would recommend defining the full
> path, e.g.:
>
> PW_DIR ?= "${sysconfdir}"
>
> This avoids generating a lot of "//" in the middle of paths for the majority
> of us who do not use a subdirectory for the password files.
>
> >  # the package is taken from launchpad; that source is static and goes stale
> >  # so we check the latest upstream from a directory that does get updated
> >  UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> > @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
> >  #!/bin/sh
> >
> >  # Install passwd.master and group.master to sysconfdir
> > -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> > +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
> >  for i in passwd group; do
> >     install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
> > -           ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > +           ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> > +   [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i
>
> I generally recommended to use `[ ! ... ] || ...` instead of `[ ... ] && ...`:
>
>       [ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i
>
> Or, assuming my recommendation above is followed:
>
>       [ "${PW_DIR}" = "${sysconfdir}" ] ||
>               ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i
>
> The reason is that the return status ($?) of `[ ... ] && ...` is 1 if the
> test fails, while it is 0 for `[ ! ... ] || ...` when the test succeeds.
>
> >  done
> >
> >  # Run any useradd postinsts
> > @@ -89,15 +93,19 @@ python populate_packages:prepend() {
> >      f.close()
> >
> >      preinst = """#!/bin/sh
> > -mkdir -p $D${sysconfdir}
> > -if [ ! -e $D${sysconfdir}/passwd ]; then
> > -\tcat << 'EOF' > $D${sysconfdir}/passwd
> > +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
> >  """ + passwd + """EOF
> >  fi
> > -if [ ! -e $D${sysconfdir}/group ]; then
> > -\tcat << 'EOF' > $D${sysconfdir}/group
> > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
> >  """ + group + """EOF
> >  fi
> > +if [ -n "${PW_SUBDIR}" ]; then
> > +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> > +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
>
> Use \t to indent the above two lines like the code before.
>
> > +fi
> >  """
> >      d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
> >  }
> > @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
> >  if [ -n "$D" ]; then
> >     exit 0
> >  fi
> > -${sbindir}/update-passwd
> > +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
>
> Replace /etc with ${sysconfdir}.
>
> >  }
> > --
> > 2.41.0
>
> //Peter
>
Steve Sakoman Nov. 29, 2023, 5:17 p.m. UTC | #3 
On Wed, Nov 29, 2023 at 1:11 AM Joakim Tjernlund via
lists.openembedded.org
<Joakim.Tjernlund=infinera.com@lists.openembedded.org> wrote:
>
> Hi Peter :)
>
> All good comments, will fix accordingly. Not sure how PW_DIR ?= "${sysconfdir}" will work though.

One additional comment: a change like this should be submitted for the
master branch, it can't go into a stable branch first.

Steve

> How do you envision one should set PW_DIR in distro .conf or layer.conf?
> Just PW_DIR = "/etc/pwdb" or PW_DIR = "${sysconfdir}/pwdb" ?
>
>  Jocke
>
> On Sun, 2023-11-26 at 21:21 +0000, Peter Kjellerstedt wrote:
> > > -----Original Message-----
> > > From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via lists.openembedded.org
> > > Sent: den 24 november 2023 15:11
> > > To: openembedded-core@lists.openembedded.org
> > > Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> > >
> > > Add support for creating passwd files in a /etc subdir
> > > Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb
> > >
> > > Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > ---
> > >  .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++-------
> > >  1 file changed, 16 insertions(+), 8 deletions(-)
> > >
> > > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > index ef7792ae49..e453be0763 100644
> > > --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > @@ -20,6 +20,9 @@ SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> > >  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
> > >  SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> > >
> > > +#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
> > > +PW_SUBDIR ?= ""
> > > +
> >
> > Rather than defining a subdirectory, I would recommend defining the full
> > path, e.g.:
> >
> > PW_DIR ?= "${sysconfdir}"
> >
> > This avoids generating a lot of "//" in the middle of paths for the majority
> > of us who do not use a subdirectory for the password files.
> >
> > >  # the package is taken from launchpad; that source is static and goes stale
> > >  # so we check the latest upstream from a directory that does get updated
> > >  UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> > > @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
> > >  #!/bin/sh
> > >
> > >  # Install passwd.master and group.master to sysconfdir
> > > -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> > > +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
> > >  for i in passwd group; do
> > >     install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
> > > -           ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > +           ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> > > +   [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> >
> > I generally recommended to use `[ ! ... ] || ...` instead of `[ ... ] && ...`:
> >
> >       [ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> >
> > Or, assuming my recommendation above is followed:
> >
> >       [ "${PW_DIR}" = "${sysconfdir}" ] ||
> >               ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> >
> > The reason is that the return status ($?) of `[ ... ] && ...` is 1 if the
> > test fails, while it is 0 for `[ ! ... ] || ...` when the test succeeds.
> >
> > >  done
> > >
> > >  # Run any useradd postinsts
> > > @@ -89,15 +93,19 @@ python populate_packages:prepend() {
> > >      f.close()
> > >
> > >      preinst = """#!/bin/sh
> > > -mkdir -p $D${sysconfdir}
> > > -if [ ! -e $D${sysconfdir}/passwd ]; then
> > > -\tcat << 'EOF' > $D${sysconfdir}/passwd
> > > +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
> > >  """ + passwd + """EOF
> > >  fi
> > > -if [ ! -e $D${sysconfdir}/group ]; then
> > > -\tcat << 'EOF' > $D${sysconfdir}/group
> > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
> > >  """ + group + """EOF
> > >  fi
> > > +if [ -n "${PW_SUBDIR}" ]; then
> > > +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> > > +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
> >
> > Use \t to indent the above two lines like the code before.
> >
> > > +fi
> > >  """
> > >      d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
> > >  }
> > > @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
> > >  if [ -n "$D" ]; then
> > >     exit 0
> > >  fi
> > > -${sbindir}/update-passwd
> > > +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
> >
> > Replace /etc with ${sysconfdir}.
> >
> > >  }
> > > --
> > > 2.41.0
> >
> > //Peter
> >
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#191437): https://lists.openembedded.org/g/openembedded-core/message/191437
> Mute This Topic: https://lists.openembedded.org/mt/102780967/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Richard Purdie Nov. 29, 2023, 9:37 p.m. UTC | #4 
On Wed, 2023-11-29 at 07:17 -1000, Steve Sakoman wrote:
> On Wed, Nov 29, 2023 at 1:11 AM Joakim Tjernlund via
> lists.openembedded.org
> <Joakim.Tjernlund=infinera.com@lists.openembedded.org> wrote:
> > 
> > Hi Peter :)
> > 
> > All good comments, will fix accordingly. Not sure how PW_DIR ?= "${sysconfdir}" will work though.
> 
> One additional comment: a change like this should be submitted for the
> master branch, it can't go into a stable branch first.

Being realistic, this is a feature not a bugfix so it isn't really
appropriate for kirkstone in general.

I do agree with Ross that the approach isn't really what we'd want in
master either since we'd have to keep adding variables for each file
people wanted to change. As such I'm unlikely to accept these patches
for master as there are other ways to handle this.

Cheers,

Richard
Joakim Tjernlund Nov. 29, 2023, 10:01 p.m. UTC | #5 
On Wed, 2023-11-29 at 21:37 +0000, Richard Purdie wrote:
> On Wed, 2023-11-29 at 07:17 -1000, Steve Sakoman wrote:
> > On Wed, Nov 29, 2023 at 1:11 AM Joakim Tjernlund via
> > lists.openembedded.org
> > <Joakim.Tjernlund=infinera.com@lists.openembedded.org> wrote:
> > > 
> > > Hi Peter :)
> > > 
> > > All good comments, will fix accordingly. Not sure how PW_DIR ?= "${sysconfdir}" will work though.
> > 
> > One additional comment: a change like this should be submitted for the
> > master branch, it can't go into a stable branch first.
> 
> Being realistic, this is a feature not a bugfix so it isn't really
> appropriate for kirkstone in general.

That is OK, I can rebase against master.
> 
> I do agree with Ross that the approach isn't really what we'd want in
> master either since we'd have to keep adding variables for each file
> people wanted to change. As such I'm unlikely to accept these patches
> for master as there are other ways to handle this.

What other ways? I have explored several and this was the only thing that worked.
I don't consider overlayfs over all of /etc an alternative.

 Cheers 
          Jocke
Peter Kjellerstedt Dec. 6, 2023, 8:21 p.m. UTC | #6 
Since I've seen Richard's reply and his reluctance to merge this, 
this is mostly technical.

I would use either PW_DIR = "${sysconfdir}/pwdb" or PW_DIR:append = "/pwdb". 
Using "/etc" (and other hardcoded paths) should be avoided wherever 
possible.

//Peter

> -----Original Message-----
> From: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
> Sent: den 29 november 2023 12:11
> To: openembedded-core@lists.openembedded.org; Peter Kjellerstedt
> <peter.kjellerstedt@axis.com>
> Subject: Re: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> 
> Hi Peter :)
> 
> All good comments, will fix accordingly. Not sure how PW_DIR ?=
> "${sysconfdir}" will work though.
> 
> How do you envision one should set PW_DIR in distro .conf or layer.conf?
> Just PW_DIR = "/etc/pwdb" or PW_DIR = "${sysconfdir}/pwdb" ?
> 
>  Jocke
> 
> On Sun, 2023-11-26 at 21:21 +0000, Peter Kjellerstedt wrote:
> > > -----Original Message-----
> > > From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via
> lists.openembedded.org
> > > Sent: den 24 november 2023 15:11
> > > To: openembedded-core@lists.openembedded.org
> > > Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> > >
> > > Add support for creating passwd files in a /etc subdir
> > > Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb
> > >
> > > Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > ---
> > >  .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++------
> -
> > >  1 file changed, 16 insertions(+), 8 deletions(-)
> > >
> > > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > index ef7792ae49..e453be0763 100644
> > > --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > @@ -20,6 +20,9 @@ SRC_URI =
> "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> > >  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
> > >  SRC_URI[sha256sum] =
> "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> > >
> > > +#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
> > > +PW_SUBDIR ?= ""
> > > +
> >
> > Rather than defining a subdirectory, I would recommend defining the full
> > path, e.g.:
> >
> > PW_DIR ?= "${sysconfdir}"
> >
> > This avoids generating a lot of "//" in the middle of paths for the
> majority
> > of us who do not use a subdirectory for the password files.
> >
> > >  # the package is taken from launchpad; that source is static and goes
> stale
> > >  # so we check the latest upstream from a directory that does get
> updated
> > >  UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> > > @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
> > >  #!/bin/sh
> > >
> > >  # Install passwd.master and group.master to sysconfdir
> > > -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> > > +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
> > >  for i in passwd group; do
> > >     install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-
> passwd/\$i.master \
> > > -           ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > +           ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> > > +   [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i
> ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> >
> > I generally recommended to use `[ ! ... ] || ...` instead of `[ ... ] &&
> ...`:
> >
> >       [ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i
> ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> >
> > Or, assuming my recommendation above is followed:
> >
> >       [ "${PW_DIR}" = "${sysconfdir}" ] ||
> >               ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i
> ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> >
> > The reason is that the return status ($?) of `[ ... ] && ...` is 1 if
> the
> > test fails, while it is 0 for `[ ! ... ] || ...` when the test succeeds.
> >
> > >  done
> > >
> > >  # Run any useradd postinsts
> > > @@ -89,15 +93,19 @@ python populate_packages:prepend() {
> > >      f.close()
> > >
> > >      preinst = """#!/bin/sh
> > > -mkdir -p $D${sysconfdir}
> > > -if [ ! -e $D${sysconfdir}/passwd ]; then
> > > -\tcat << 'EOF' > $D${sysconfdir}/passwd
> > > +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
> > >  """ + passwd + """EOF
> > >  fi
> > > -if [ ! -e $D${sysconfdir}/group ]; then
> > > -\tcat << 'EOF' > $D${sysconfdir}/group
> > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
> > >  """ + group + """EOF
> > >  fi
> > > +if [ -n "${PW_SUBDIR}" ]; then
> > > +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> > > +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
> >
> > Use \t to indent the above two lines like the code before.
> >
> > > +fi
> > >  """
> > >      d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
> > >  }
> > > @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
> > >  if [ -n "$D" ]; then
> > >     exit 0
> > >  fi
> > > -${sbindir}/update-passwd
> > > +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S
> /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
> >
> > Replace /etc with ${sysconfdir}.
> >
> > >  }
> > > --
> > > 2.41.0
> >
> > //Peter
> >
Joakim Tjernlund Dec. 7, 2023, 8:47 a.m. UTC | #7 
On Wed, 2023-12-06 at 20:21 +0000, Peter Kjellerstedt wrote:
> Since I've seen Richard's reply and his reluctance to merge this,
> this is mostly technical.

I know but I don't understand what "batter ways" to do this is, I have tested symlinks/--prefix/--root and bind mounting the passwd/shadow
files and none of then work. Using overlaysfs is an inferior solution to me that makes the whole /etc writeable, may break when RFS underneath is
upgraded and I am unsure how resilient overlayfs is in case  of power failure. What else is there ?

>
> I would use either PW_DIR = "${sysconfdir}/pwdb" or PW_DIR:append = "/pwdb".
> Using "/etc" (and other hardcoded paths) should be avoided wherever
> possible.

Thanks, will tru there out.

 Jocke

>
> //Peter
>
> > -----Original Message-----
> > From: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
> > Sent: den 29 november 2023 12:11
> > To: openembedded-core@lists.openembedded.org; Peter Kjellerstedt
> > <peter.kjellerstedt@axis.com>
> > Subject: Re: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> >
> > Hi Peter :)
> >
> > All good comments, will fix accordingly. Not sure how PW_DIR ?=
> > "${sysconfdir}" will work though.
> >
> > How do you envision one should set PW_DIR in distro .conf or layer.conf?
> > Just PW_DIR = "/etc/pwdb" or PW_DIR = "${sysconfdir}/pwdb" ?
> >
> >  Jocke
> >
> > On Sun, 2023-11-26 at 21:21 +0000, Peter Kjellerstedt wrote:
> > > > -----Original Message-----
> > > > From: openembedded-core@lists.openembedded.org <openembedded-
> > core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via
> > lists.openembedded.org
> > > > Sent: den 24 november 2023 15:11
> > > > To: openembedded-core@lists.openembedded.org
> > > > Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > > Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> > > >
> > > > Add support for creating passwd files in a /etc subdir
> > > > Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb
> > > >
> > > > Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > > ---
> > > >  .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++------
> > -
> > > >  1 file changed, 16 insertions(+), 8 deletions(-)
> > > >
> > > > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > index ef7792ae49..e453be0763 100644
> > > > --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > @@ -20,6 +20,9 @@ SRC_URI =
> > "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> > > >  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
> > > >  SRC_URI[sha256sum] =
> > "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> > > >
> > > > +#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
> > > > +PW_SUBDIR ?= ""
> > > > +
> > >
> > > Rather than defining a subdirectory, I would recommend defining the full
> > > path, e.g.:
> > >
> > > PW_DIR ?= "${sysconfdir}"
> > >
> > > This avoids generating a lot of "//" in the middle of paths for the
> > majority
> > > of us who do not use a subdirectory for the password files.
> > >
> > > >  # the package is taken from launchpad; that source is static and goes
> > stale
> > > >  # so we check the latest upstream from a directory that does get
> > updated
> > > >  UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> > > > @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
> > > >  #!/bin/sh
> > > >
> > > >  # Install passwd.master and group.master to sysconfdir
> > > > -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> > > > +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
> > > >  for i in passwd group; do
> > > >     install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-
> > passwd/\$i.master \
> > > > -           ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > > +           ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> > > > +   [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i
> > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > >
> > > I generally recommended to use `[ ! ... ] || ...` instead of `[ ... ] &&
> > ...`:
> > >
> > >       [ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i
> > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > >
> > > Or, assuming my recommendation above is followed:
> > >
> > >       [ "${PW_DIR}" = "${sysconfdir}" ] ||
> > >               ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i
> > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > >
> > > The reason is that the return status ($?) of `[ ... ] && ...` is 1 if
> > the
> > > test fails, while it is 0 for `[ ! ... ] || ...` when the test succeeds.
> > >
> > > >  done
> > > >
> > > >  # Run any useradd postinsts
> > > > @@ -89,15 +93,19 @@ python populate_packages:prepend() {
> > > >      f.close()
> > > >
> > > >      preinst = """#!/bin/sh
> > > > -mkdir -p $D${sysconfdir}
> > > > -if [ ! -e $D${sysconfdir}/passwd ]; then
> > > > -\tcat << 'EOF' > $D${sysconfdir}/passwd
> > > > +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> > > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> > > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
> > > >  """ + passwd + """EOF
> > > >  fi
> > > > -if [ ! -e $D${sysconfdir}/group ]; then
> > > > -\tcat << 'EOF' > $D${sysconfdir}/group
> > > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> > > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
> > > >  """ + group + """EOF
> > > >  fi
> > > > +if [ -n "${PW_SUBDIR}" ]; then
> > > > +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> > > > +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
> > >
> > > Use \t to indent the above two lines like the code before.
> > >
> > > > +fi
> > > >  """
> > > >      d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
> > > >  }
> > > > @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
> > > >  if [ -n "$D" ]; then
> > > >     exit 0
> > > >  fi
> > > > -${sbindir}/update-passwd
> > > > +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S
> > /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
> > >
> > > Replace /etc with ${sysconfdir}.
> > >
> > > >  }
> > > > --
> > > > 2.41.0
> > >
> > > //Peter
> > >
>
Peter Kjellerstedt Dec. 7, 2023, 3:05 p.m. UTC | #8 
> -----Original Message-----
> From: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
> Sent: den 7 december 2023 09:48
> To: openembedded-core@lists.openembedded.org; Peter Kjellerstedt
> <peter.kjellerstedt@axis.com>
> Subject: Re: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> 
> On Wed, 2023-12-06 at 20:21 +0000, Peter Kjellerstedt wrote:
> > Since I've seen Richard's reply and his reluctance to merge this,
> > this is mostly technical.
> 
> I know but I don't understand what "batter ways" to do this is, I have
> tested symlinks/--prefix/--root and bind mounting the passwd/shadow
> files and none of then work. Using overlaysfs is an inferior solution to
> me that makes the whole /etc writeable, may break when RFS underneath is
> upgraded and I am unsure how resilient overlayfs is in case  of power
> failure. What else is there ?

For what it is worth, we use overlayfs on /etc in all of our products, 
and AFAIK have not had any problems with it. Our product upgrade solution 
is of course aware of the fact and takes care when upgrading to migrate 
all relevant changes in a controlled way.

//Peter

> >
> > I would use either PW_DIR = "${sysconfdir}/pwdb" or PW_DIR:append = "/pwdb".
> > Using "/etc" (and other hardcoded paths) should be avoided wherever
> > possible.
> 
> Thanks, will tru there out.
> 
>  Jocke
> 
> >
> > //Peter
> >
> > > -----Original Message-----
> > > From: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
> > > Sent: den 29 november 2023 12:11
> > > To: openembedded-core@lists.openembedded.org; Peter Kjellerstedt
> > > <peter.kjellerstedt@axis.com>
> > > Subject: Re: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add
> PW_SUBDIR
> > >
> > > Hi Peter :)
> > >
> > > All good comments, will fix accordingly. Not sure how PW_DIR ?=
> > > "${sysconfdir}" will work though.
> > >
> > > How do you envision one should set PW_DIR in distro .conf or
> layer.conf?
> > > Just PW_DIR = "/etc/pwdb" or PW_DIR = "${sysconfdir}/pwdb" ?
> > >
> > >  Jocke
> > >
> > > On Sun, 2023-11-26 at 21:21 +0000, Peter Kjellerstedt wrote:
> > > > > -----Original Message-----
> > > > > From: openembedded-core@lists.openembedded.org <openembedded-
> > > core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via
> > > lists.openembedded.org
> > > > > Sent: den 24 november 2023 15:11
> > > > > To: openembedded-core@lists.openembedded.org
> > > > > Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > > > Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add
> PW_SUBDIR
> > > > >
> > > > > Add support for creating passwd files in a /etc subdir
> > > > > Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb
> > > > >
> > > > > Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > > > ---
> > > > >  .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++--
> ----
> > > -
> > > > >  1 file changed, 16 insertions(+), 8 deletions(-)
> > > > >
> > > > > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > > index ef7792ae49..e453be0763 100644
> > > > > --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > > +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > > @@ -20,6 +20,9 @@ SRC_URI =
> > > "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> > > > >  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
> > > > >  SRC_URI[sha256sum] =
> > > "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> > > > >
> > > > > +#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
> > > > > +PW_SUBDIR ?= ""
> > > > > +
> > > >
> > > > Rather than defining a subdirectory, I would recommend defining the
> full
> > > > path, e.g.:
> > > >
> > > > PW_DIR ?= "${sysconfdir}"
> > > >
> > > > This avoids generating a lot of "//" in the middle of paths for the
> > > majority
> > > > of us who do not use a subdirectory for the password files.
> > > >
> > > > >  # the package is taken from launchpad; that source is static and
> goes
> > > stale
> > > > >  # so we check the latest upstream from a directory that does get
> > > updated
> > > > >  UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> > > > > @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
> > > > >  #!/bin/sh
> > > > >
> > > > >  # Install passwd.master and group.master to sysconfdir
> > > > > -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> > > > > +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
> > > > >  for i in passwd group; do
> > > > >     install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-
> > > passwd/\$i.master \
> > > > > -           ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > > > +           ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> > > > > +   [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i
> > > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > >
> > > > I generally recommended to use `[ ! ... ] || ...` instead of `[ ...
> ] &&
> > > ...`:
> > > >
> > > >       [ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i
> > > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > >
> > > > Or, assuming my recommendation above is followed:
> > > >
> > > >       [ "${PW_DIR}" = "${sysconfdir}" ] ||
> > > >               ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i
> > > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > >
> > > > The reason is that the return status ($?) of `[ ... ] && ...` is 1
> if
> > > the
> > > > test fails, while it is 0 for `[ ! ... ] || ...` when the test
> succeeds.
> > > >
> > > > >  done
> > > > >
> > > > >  # Run any useradd postinsts
> > > > > @@ -89,15 +93,19 @@ python populate_packages:prepend() {
> > > > >      f.close()
> > > > >
> > > > >      preinst = """#!/bin/sh
> > > > > -mkdir -p $D${sysconfdir}
> > > > > -if [ ! -e $D${sysconfdir}/passwd ]; then
> > > > > -\tcat << 'EOF' > $D${sysconfdir}/passwd
> > > > > +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> > > > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> > > > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
> > > > >  """ + passwd + """EOF
> > > > >  fi
> > > > > -if [ ! -e $D${sysconfdir}/group ]; then
> > > > > -\tcat << 'EOF' > $D${sysconfdir}/group
> > > > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> > > > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
> > > > >  """ + group + """EOF
> > > > >  fi
> > > > > +if [ -n "${PW_SUBDIR}" ]; then
> > > > > +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> > > > > +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
> > > >
> > > > Use \t to indent the above two lines like the code before.
> > > >
> > > > > +fi
> > > > >  """
> > > > >      d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
> > > > >  }
> > > > > @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
> > > > >  if [ -n "$D" ]; then
> > > > >     exit 0
> > > > >  fi
> > > > > -${sbindir}/update-passwd
> > > > > +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S
> > > /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
> > > >
> > > > Replace /etc with ${sysconfdir}.
> > > >
> > > > >  }
> > > > > --
> > > > > 2.41.0
> > > >
> > > > //Peter
> > > >
> >
Joakim Tjernlund Dec. 7, 2023, 3:54 p.m. UTC | #9 
On Thu, 2023-12-07 at 15:05 +0000, Peter Kjellerstedt wrote:
> > -----Original Message-----
> > From: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
> > Sent: den 7 december 2023 09:48
> > To: openembedded-core@lists.openembedded.org; Peter Kjellerstedt
> > <peter.kjellerstedt@axis.com>
> > Subject: Re: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add PW_SUBDIR
> >
> > On Wed, 2023-12-06 at 20:21 +0000, Peter Kjellerstedt wrote:
> > > Since I've seen Richard's reply and his reluctance to merge this,
> > > this is mostly technical.
> >
> > I know but I don't understand what "batter ways" to do this is, I have
> > tested symlinks/--prefix/--root and bind mounting the passwd/shadow
> > files and none of then work. Using overlaysfs is an inferior solution to
> > me that makes the whole /etc writeable, may break when RFS underneath is
> > upgraded and I am unsure how resilient overlayfs is in case  of power
> > failure. What else is there ?
>
> For what it is worth, we use overlayfs on /etc in all of our products,
> and AFAIK have not had any problems with it. Our product upgrade solution
> is of course aware of the fact and takes care when upgrading to migrate
> all relevant changes in a controlled way.

Thanks, this indicates that overlayfs is somewhat resilient against power cuts.
My other concerns are still valid I think, exposing /etc as RW can be a security risk
and having to take special care when updating RO RFS underneath overlayfs.
Is that really better than my proposal ?

  //Jocke

>
> //Peter
>
> > >
> > > I would use either PW_DIR = "${sysconfdir}/pwdb" or PW_DIR:append = "/pwdb".
> > > Using "/etc" (and other hardcoded paths) should be avoided wherever
> > > possible.
> >
> > Thanks, will tru there out.
> >
> >  Jocke
> >
> > >
> > > //Peter
> > >
> > > > -----Original Message-----
> > > > From: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
> > > > Sent: den 29 november 2023 12:11
> > > > To: openembedded-core@lists.openembedded.org; Peter Kjellerstedt
> > > > <peter.kjellerstedt@axis.com>
> > > > Subject: Re: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add
> > PW_SUBDIR
> > > >
> > > > Hi Peter :)
> > > >
> > > > All good comments, will fix accordingly. Not sure how PW_DIR ?=
> > > > "${sysconfdir}" will work though.
> > > >
> > > > How do you envision one should set PW_DIR in distro .conf or
> > layer.conf?
> > > > Just PW_DIR = "/etc/pwdb" or PW_DIR = "${sysconfdir}/pwdb" ?
> > > >
> > > >  Jocke
> > > >
> > > > On Sun, 2023-11-26 at 21:21 +0000, Peter Kjellerstedt wrote:
> > > > > > -----Original Message-----
> > > > > > From: openembedded-core@lists.openembedded.org <openembedded-
> > > > core@lists.openembedded.org> On Behalf Of Joakim Tjernlund via
> > > > lists.openembedded.org
> > > > > > Sent: den 24 november 2023 15:11
> > > > > > To: openembedded-core@lists.openembedded.org
> > > > > > Cc: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > > > > Subject: [OE-core] [kirkstone][PATCH 2/4] base-passwd: Add
> > PW_SUBDIR
> > > > > >
> > > > > > Add support for creating passwd files in a /etc subdir
> > > > > > Set PW_SUBIR to pwdb to get passwd  files in /etc/pwdb
> > > > > >
> > > > > > Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
> > > > > > ---
> > > > > >  .../base-passwd/base-passwd_3.5.29.bb         | 24 ++++++++++++--
> > ----
> > > > -
> > > > > >  1 file changed, 16 insertions(+), 8 deletions(-)
> > > > > >
> > > > > > diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > > > index ef7792ae49..e453be0763 100644
> > > > > > --- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > > > +++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
> > > > > > @@ -20,6 +20,9 @@ SRC_URI =
> > > > "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
> > > > > >  SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
> > > > > >  SRC_URI[sha256sum] =
> > > > "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
> > > > > >
> > > > > > +#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
> > > > > > +PW_SUBDIR ?= ""
> > > > > > +
> > > > >
> > > > > Rather than defining a subdirectory, I would recommend defining the
> > full
> > > > > path, e.g.:
> > > > >
> > > > > PW_DIR ?= "${sysconfdir}"
> > > > >
> > > > > This avoids generating a lot of "//" in the middle of paths for the
> > > > majority
> > > > > of us who do not use a subdirectory for the password files.
> > > > >
> > > > > >  # the package is taken from launchpad; that source is static and
> > goes
> > > > stale
> > > > > >  # so we check the latest upstream from a directory that does get
> > > > updated
> > > > > >  UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
> > > > > > @@ -50,10 +53,11 @@ basepasswd_sysroot_postinst() {
> > > > > >  #!/bin/sh
> > > > > >
> > > > > >  # Install passwd.master and group.master to sysconfdir
> > > > > > -install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
> > > > > > +install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
> > > > > >  for i in passwd group; do
> > > > > >     install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-
> > > > passwd/\$i.master \
> > > > > > -           ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > > > > +           ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
> > > > > > +   [ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i
> > > > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > > >
> > > > > I generally recommended to use `[ ! ... ] || ...` instead of `[ ...
> > ] &&
> > > > ...`:
> > > > >
> > > > >       [ -z "${PW_SUBDIR}" ] || ln -fs ${PW_SUBDIR}/\$i
> > > > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > > >
> > > > > Or, assuming my recommendation above is followed:
> > > > >
> > > > >       [ "${PW_DIR}" = "${sysconfdir}" ] ||
> > > > >               ln -fsr ${STAGING_DIR_TARGET}${PW_DIR}/\$i
> > > > ${STAGING_DIR_TARGET}${sysconfdir}/\$i
> > > > >
> > > > > The reason is that the return status ($?) of `[ ... ] && ...` is 1
> > if
> > > > the
> > > > > test fails, while it is 0 for `[ ! ... ] || ...` when the test
> > succeeds.
> > > > >
> > > > > >  done
> > > > > >
> > > > > >  # Run any useradd postinsts
> > > > > > @@ -89,15 +93,19 @@ python populate_packages:prepend() {
> > > > > >      f.close()
> > > > > >
> > > > > >      preinst = """#!/bin/sh
> > > > > > -mkdir -p $D${sysconfdir}
> > > > > > -if [ ! -e $D${sysconfdir}/passwd ]; then
> > > > > > -\tcat << 'EOF' > $D${sysconfdir}/passwd
> > > > > > +mkdir -p $D${sysconfdir}/${PW_SUBDIR}
> > > > > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
> > > > > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
> > > > > >  """ + passwd + """EOF
> > > > > >  fi
> > > > > > -if [ ! -e $D${sysconfdir}/group ]; then
> > > > > > -\tcat << 'EOF' > $D${sysconfdir}/group
> > > > > > +if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
> > > > > > +\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
> > > > > >  """ + group + """EOF
> > > > > >  fi
> > > > > > +if [ -n "${PW_SUBDIR}" ]; then
> > > > > > +ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
> > > > > > +ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
> > > > >
> > > > > Use \t to indent the above two lines like the code before.
> > > > >
> > > > > > +fi
> > > > > >  """
> > > > > >      d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
> > > > > >  }
> > > > > > @@ -114,5 +122,5 @@ pkg_postinst:${PN}-update () {
> > > > > >  if [ -n "$D" ]; then
> > > > > >     exit 0
> > > > > >  fi
> > > > > > -${sbindir}/update-passwd
> > > > > > +${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S
> > > > /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
> > > > >
> > > > > Replace /etc with ${sysconfdir}.
> > > > >
> > > > > >  }
> > > > > > --
> > > > > > 2.41.0
> > > > >
> > > > > //Peter
> > > > >
> > >
>
diff mbox series

Patch

diff --git a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
index ef7792ae49..e453be0763 100644
--- a/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
+++ b/meta/recipes-core/base-passwd/base-passwd_3.5.29.bb
@@ -20,6 +20,9 @@  SRC_URI = "https://launchpad.net/debian/+archive/primary/+files/${BPN}_${PV}.tar
 SRC_URI[md5sum] = "6beccac48083fe8ae5048acd062e5421"
 SRC_URI[sha256sum] = "f0b66388b2c8e49c15692439d2bee63bcdd4bbbf7a782c7f64accc55986b6a36"
 
+#Set PW_SUBDIR to pwdb to get passwd  files in /etc/pwdb
+PW_SUBDIR ?= ""
+
 # the package is taken from launchpad; that source is static and goes stale
 # so we check the latest upstream from a directory that does get updated
 UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/b/base-passwd/"
@@ -50,10 +53,11 @@  basepasswd_sysroot_postinst() {
 #!/bin/sh
 
 # Install passwd.master and group.master to sysconfdir
-install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}
+install -d -m 755 ${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}
 for i in passwd group; do
 	install -p -m 644 ${STAGING_DIR_TARGET}${datadir}/base-passwd/\$i.master \
-		${STAGING_DIR_TARGET}${sysconfdir}/\$i
+		${STAGING_DIR_TARGET}${sysconfdir}/${PW_SUBDIR}/\$i
+	[ -n "${PW_SUBDIR}" ] && ln -fs ${PW_SUBDIR}/\$i ${STAGING_DIR_TARGET}${sysconfdir}/\$i
 done
 
 # Run any useradd postinsts
@@ -89,15 +93,19 @@  python populate_packages:prepend() {
     f.close()
 
     preinst = """#!/bin/sh
-mkdir -p $D${sysconfdir}
-if [ ! -e $D${sysconfdir}/passwd ]; then
-\tcat << 'EOF' > $D${sysconfdir}/passwd
+mkdir -p $D${sysconfdir}/${PW_SUBDIR}
+if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/passwd ]; then
+\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/passwd
 """ + passwd + """EOF
 fi
-if [ ! -e $D${sysconfdir}/group ]; then
-\tcat << 'EOF' > $D${sysconfdir}/group
+if [ ! -e $D${sysconfdir}/${PW_SUBDIR}/group ]; then
+\tcat << 'EOF' > $D${sysconfdir}/${PW_SUBDIR}/group
 """ + group + """EOF
 fi
+if [ -n "${PW_SUBDIR}" ]; then
+ln -fs ${PW_SUBDIR}/passwd $D${sysconfdir}/passwd
+ln -fs ${PW_SUBDIR}/group $D${sysconfdir}/group
+fi
 """
     d.setVar(d.expand('pkg_preinst:${PN}'), preinst)
 }
@@ -114,5 +122,5 @@  pkg_postinst:${PN}-update () {
 if [ -n "$D" ]; then
 	exit 0
 fi
-${sbindir}/update-passwd
+${sbindir}/update-passwd -P /etc/${PW_SUBDIR}/passwd -S /etc/${PW_SUBDIR}/shadow -G /etc/${PW_SUBDIR}/group
 }