[v3,0/2] Implement deterministic uid/gid

Submitted by Mark Hatle on Feb. 6, 2014, 11:37 p.m. | Patch ID: 66471


Message ID cover.1391729077.git.mark.hatle@windriver.com
State New
Headers show


git://git.yoctoproject.org/poky-contrib mhatle/uidgid

Commit Message

Mark Hatle Feb. 6, 2014, 11:37 p.m.

Refactor the code into a new class specific with rewriting the adduser
functions.  Otherwise the code is the same as before.


Rebase to latest master...

Rework the code a bit based on comments from a few people.  Specifically
add a mode where passwd/group file entries are NOT overridden (blank info).

Clearly comment that the 'password' field is ignored, as is the group's
member fields.

Ensure that the 'enforcing' mode, doesn't trigger build failures, but simply
excludes the recipe from the build list.  If the package is needed an error
indicating the problem will be generated.  Makes for a cleaner build, and a
more targeted passwd/group file.

This was tested by doing the following:

(not enabling any of the code), build core-image-sato

copy the passwd/group file from tmp-eglibc/sysroots/<machine>/etc/ to meta/files/.

Clear the build directory

Enable the code adding the following to the conf/local.conf:

Build, compare the rootfs  /etc/passwd and /etc/group to the version in meta/files.
Verify the uid, gid and other information match.  (Note xuser will have a slight
difference in the 'shell' field, but this is does to the difference between the
configuration of the sysroot and the target filesystem.)

Clear the build directory again

Enable the code adding the following to conf/local.conf:

Repeat the validation steps.

Clear the build directory again

Modify the meta/files/passwd and remove the items in the comment, home_dir and
shell fields.  i.e.:




Repeat the build, verify the fields are all correct in the final image.


The following series implements the deterministic uid/gid setting for a
distribution.  Currently when a filesystem is generated the uid/gid values
are generally set at install time, so the install order determines what
the actual uid/gid values become.  In order to create a deterministic uid/gid
set, that still dynamically constructs the passwd/group file, we add an
option to read a special passwd/group file to allow the system to determine
the values.

It uses the existing parameters, and the values from the special passwd/group
files to reconstruct the parameter set to ensure these items are fully
defined with static values.

The first patch (01/02) is generally applicable.  It fixes a real bug in
the way the user/group adds occur today within the system.

Patch 02/02 implements the new functionality.

The following changes since commit cda502815c6acf789e1a0db7a7a1a7015b4ef71d:

  build-appliance-image: Update to poky commit b37dd451a52622d5b570183a81583cc34c2ff555 (2014-02-06 15:36:47 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib mhatle/uidgid

Mark Hatle (2):
  useradd.bbclass: Fix build time install issues
  useradd.bbclass: Add ability to select a static uid/gid automatically

 meta/classes/useradd-staticids.bbclass | 259 +++++++++++++++++++++++++++++++++
 meta/classes/useradd.bbclass           |  26 +++-
 meta/conf/local.conf.sample.extended   |  24 +++
 3 files changed, 303 insertions(+), 6 deletions(-)
 create mode 100644 meta/classes/useradd-staticids.bbclass